Mailinglist Archive: opensuse-factory (807 mails)

< Previous Next >
[opensuse-factory] New Tumbleweed snapshot 20170224 released!

Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.

Please check the known defects of this snapshot before upgrading:

When you reply to report some issues, make sure to change the subject.
It is not helpful to keep the release announcement subject in a thread
while discussing a specific problem.

Packages changed:
chrome-gnome-shell (8 -> 8.1)
doxygen (1.8.12 -> 1.8.13)
ffmpeg (3.2.2 -> 3.2.4)
gcin (2.8.4 -> 2.8.5)
git (2.11.0 -> 2.11.1)
gnome-shell (3.22.2 -> 3.22.3)
gnutls (3.5.8 -> 3.5.9)
goffice (0.10.32 -> 0.10.33)
gparted (0.28.0 -> 0.28.1)
grilo-plugins (0.3.3 -> 0.3.4)
gtk4 (3.89.2 -> 3.89.4)
guile (2.0.13 -> 2.0.14)
hplip (3.16.10 -> 3.16.11)
installation-images (14.299 -> 14.302)
irssi (1.0.0 -> 1.0.1)
kernel-firmware (20170113 -> 20170217)
kernel-source (4.9.10 -> 4.9.11)
kiwi (7.04.26 -> 7.04.27)
libgudev (230 -> 231)
libpst (0.6.69 -> 0.6.70)
libqb (1.0.0+git20160407.6f2b3e8 -> 1.0.1+git20170131.afdff97)
libzip (1.1.3 -> 1.2.0)
mariadb (10.1.20 -> 10.1.21)
mozilla-nss (3.28.2 -> 3.28.3)
mtd-utils (1.5.2 -> 2.0.0)
mutter (3.22.2 -> 3.22.3)
os-prober (1.70 -> 1.74)
pcre2 (10.22 -> 10.23)
perl-Net-HTTP (6.12 -> 6.13)
perl-YAML (1.22 -> 1.23)
pidgin-sipe (1.21.1 -> 1.22.0)
poppler (0.51.0 -> 0.52.0)
poppler-qt5 (0.51.0 -> 0.52.0)
python-rpm-macros (1.0git.1483874658.ead0b0b -> 1.0.git.1486997542.e9fcc29)
python-sip (4.19 -> 4.19.1)
strace (4.15 -> 4.16)
wget (1.19 -> 1.19.1)
wwwoffle (2.9i -> 2.9j)
yast2-country (3.2.8 -> 3.2.9)

=== Details ===

==== apache2 ====
Subpackages: apache2-devel apache2-doc apache2-example-pages apache2-prefork

- fix caching of forward proxy
+ httpd-cache-forward-http-proxy.patch
- Don't require insserv if we don't need it.

==== bogofilter ====
Subpackages: bogofilter-common bogofilter-db

- Explicitly package _docdir, fix build with rpm 4.13.

==== brltty ====
Subpackages: brltty-driver-at-spi2 brltty-driver-brlapi brltty-driver-espeak
brltty-driver-speech-dispatcher brltty-driver-xwindow libbrlapi0_6
python3-brlapi xbrlapi

- Disable udev rule for generic FTDI devices to avoid taking
USB-to-serial converters (boo#1007652). Add an update
message if one of these devices is detected.
- Add brltty-polkit-fixes.patch: don't delay brltty if waiting
for polkit initialization, and fix polkit+key authentication
- Add brltty-braillenote-usb.patch: autodetect BrailleNote via
- Always enable polkit (intention of the conditional was to
disable on 13.2 and 42.1, but it was being disabled under 42.2
as well).

==== chrome-gnome-shell ====
Version update (8 -> 8.1)

- Update to version 8.1:
+ Added check to make sure that "enabled-extensions" GNOME Shell
setting does not contains duplicated values (bgo#777650).
+ Fixed error that breaks update check if there was extension
installed without "version" key in manifest.
+ Fixed error that prevents error message to be shown when update
check is failed.
+ Fixed connector segfault on browser close.
+ Fixed possible error in synchronization process that may delete
some extensions.
+ Updated translations.
- Drop chrome-gnome-shell-commit-dca4a35.patch: Fixed upstream.
- Use conditional to allow packaging for older versions of

==== circuslinux ====

- Move /usr/games to /usr/bin as done with the rest 4 years ago.

==== claws-mail ====
Subpackages: claws-mail-lang

- Use xdg-open (instead of gedit) as default mime_open_command

==== dhcp ====
Subpackages: dhcp-client dhcp-doc dhcp-relay dhcp-server

- Require insserv only if needed
- Fix requires of client subpackage

==== dmraid ====

- Remove obsolete insserv call

==== docbook-xsl-stylesheets ====

- Explicitly package %{_docdir}/%{name} to fix build with RPM 4.13.

==== doxygen ====
Version update (1.8.12 -> 1.8.13)

- Add doxygen-guard-null-variable.patch: Protected against NULL
pointer of variable al, upstream commit 0f02761.
- Update to 1.8.13
See changelog at
- dropped doxygen-fix-QCH-files.patch, it is part of the release

==== dvd+rw-tools ====

- Explicitly BuildRequire m4.

==== ekiga ====
Subpackages: ekiga-lang ekiga-plugins-evolution

- add ekiga-audiooutput-fallback-to-primary-device-if-secondary.patch
* fixes problem that ekiga uses SILENT as default for secondary
(ring) output unless explicitly configured by user
* Upstream bug report: bgo#777717

==== ffmpeg ====
Version update (3.2.2 -> 3.2.4)
Subpackages: libavcodec57 libavformat57 libavutil55 libswresample2 libswscale4

- Have libavcodec57 additionally provide libavcodec57(unrestricted)
when building unrestricted: allow third party packages to require
the unrestricted codec. The existing -full provides is not
suitable as it can be provided by multiple libavcodec* packages,
whereas we require a specific ABI version.
- Update to new upstream release 3.2.4
* lavf/mov.c: Avoid heap allocation wrap in mov_read_hdlr
* lavf/mov.c: Avoid OOB in mov_read_udta_string()
* lavf/mov.c: Avoid heap allocation wraps in mov_read_{senc,saiz}()
- Update to new upstream release 3.2.3
* Maintenance release with bugfixes
* ffplay: fix sws_scale possible out of bounds array access
- Drop version number from patch: ffmpeg-2.4.5-arm6l.patch ->

==== file-roller ====

- Add file-roller-open-dest-dialog-only-when-using-notify.patch:
Show the 'open destination' dialog only when using --notify and
only for the last extracted archive.
- Add file-roller-libarchive-dont-convert-null-strings.patch: Don't
convert null strings to utf8.
- Add file-roller-fix-crash-after-extracting.patch: Fix a crash
after extracting a file (bgo#778846, boo#1022082).

==== gcin ====
Version update (2.8.4 -> 2.8.5)
Subpackages: gcin-gtk2 gcin-gtk3 gcin-qt4 gcin-qt5 libgcin-im-client1

- Update to 2.8.5
+ Fix a typing bug with Hsu layout
+ Fix the missing pre-select phrases when using Array input
- Refresh patches:
+ gcin-improve-build-with-pkgconfig.patch
+ gcin-parallel-compiling.patch

==== gegl-unstable ====
Subpackages: gegl-0_3 libgegl-0_3-0

- Replace -devel for their pkgconfig() replacements aligning with
what configure checks for, and also version several of them:
+ Replaced -devel packages: OpenEXR-devel, babl-devel,
glib2-devel, libexiv2-devel, libjasper-devel, libpng-devel,
librsvg-devel, lua-devel.
+ Replacements: pkgconfig(OpenEXR), pkgconfig(babl),
pkgconfig(exiv2), pkgconfig(gdk-pixbuf-2.0),
pkgconfig(gio-2.0), pkgconfig(gio-unix-2.0),
pkgconfig(gmodule-2.0), pkgconfig(gobject-2.0),
pkgconfig(gthread-2.0), pkgconfig(jasper),
pkgconfig(json-glib-1.0), pkgconfig(pango),
pkgconfig(pangocairo), pkgconfig(libpng),
pkgconfig(librsvg-2.0), pkgconfig(lua).
- Run spec-cleaner, modernize spec.
- Add gobject-introspection-devel, pkgconfig, pkgconfig(lcms2):
Build support for introspection and lcms, pkgconfig comes from
- Add new subpackage typelib-1_0-Gegl-0_3: Package the new
introspection support.
- Remove asciidoc, gd, gtk-doc, gtk2-devel, liberation-fonts: No
longer build gegl website support, gd and liberation-fonts makes
no sense, gtk-doc is currently broken.
- Following removal of gtk-doc and passing --disable-doc to
configure, temporary disable gegl-0.3-docs subpackage.
- Correct Group for devel subpackage.
- Stop passing --disable-silent-rules to configure, we do debugging

==== gimp ====
Subpackages: gimp-plugin-aa gimp-plugins-python libgimp-2_0-0 libgimpui-2_0-0

- Add gimp-bgo773233-CVE-2007-3126.patch: Gimp 2.3.14 allows
context-dependent attackers to cause a denial of service (crash)
via an ICO file with an InfoHeader containing a Height of zero
(bgo#773233, CVE-2007-3126).
- Add gimp-fix-PDF-Import-filter-crash.patch: Fix a crash in PDF
Import filter when importing large image PDF or specifying high
resolution (bgo#593576).

==== git ====
Version update (2.11.0 -> 2.11.1)
Subpackages: git-core git-cvs git-daemon git-email git-gui git-svn git-web gitk

- Explicitly package %{_docdir}/%{name} to fix build with RPM 4.13.
- git 2.11.1:
* The default Travis-CI configuration specifies newer P4 and GitLFS.
* The character width table has been updated to match Unicode 9.0
* various fixes affecting multiple subcommands for correctness,
bugs, and unexpected behavior.
* documentation updates
* git-svn updates

==== gnome-online-accounts ====
Subpackages: libgoa-1_0-0 libgoa-backend-1_0-1 typelib-1_0-Goa-1_0

- Add pkgconfig(vapigen) BuildRequires: Build vala support.

==== gnome-shell ====
Version update (3.22.2 -> 3.22.3)
Subpackages: gnome-shell-browser-plugin gnome-shell-calendar

- Update to version 3.22.3:
+ Work around portal failures by using a URL without HTPPS
redirect (bgo#769940).
+ Fix replacing of GNotifications (bgo#775149).
+ Reload apps on .desktop file content changes (bgo#773636).
+ Fix subsurfaces not showing up in previews (bgo#756715).
+ Fix theme node transitions (bgo#778145).
+ Don't allow type ahead at the login screen (bgo#766139).
+ Misc. bug fixes: bgo#774643, bgo#774805, bgo#775507,
bgo#776130, bgo#759793, bgo#745626.
+ Updated translations.
- Drop gnome-shell-bgo774805-guard-against-animations-that-dont-load.patch:
Fixed upstream.

==== gnutls ====
Version update (3.5.8 -> 3.5.9)
Subpackages: libgnutls-dane0 libgnutls-devel libgnutls-openssl27 libgnutls30

- GnuTLS 3.5.9:
* libgnutls: OpenPGP references removed, functionality deprecated
* libgnutls: Improve detection of AVX support
* libgnutls: Add support for IDNA2008 with libidn2 FATE#321897
* p11tool: re-use ID from corresponding objects when writing
* API and ABI modifications:
gnutls_idna_map: Added
gnutls_idna_reverse_map: Added
- prevent pkgconfig issues due to libidn2 when building with GnuTLS
add gnutls-3.5.9-pkgconfig.patch

==== goffice ====
Version update (0.10.32 -> 0.10.33)
Subpackages: goffice-lang libgoffice-0_10-10

- Update to version 0.10.33:
+ Make box plots look like bar plots in legends (bgo#773825).
+ Fix conditional compilation for long double (bgo#774439).
+ Reimplement major grids for discrete axes (bgo#775624).
+ Fix add child menu in graph guru (bgo#777336).
+ Fix evaluation of regression curves for area plots
+ Introspection fixes.

==== gparted ====
Version update (0.28.0 -> 0.28.1)

- Update to version 0.28.1:
+ Restore ability to resize/move primary if extended exists.
+ Make the Label File System and Name Partition dialogs larger.
+ Some minor bug fixes.

==== grilo-plugins ====
Version update (0.3.3 -> 0.3.4)
Subpackages: grilo-plugin-tracker grilo-plugin-youtube

- Update to version 0.3.4:
+ General: Add support for Meson build.
+ Bugs fixed: bgo#775957, bgo#770959, bgo#777210, bgo#771446,
bgo#771445, bgo#773702, bgo#775957, bgo#778596, bgo#775561,
bgo#773310, bgo#776482, bgo#770806, bgo#774748.
+ Updated translations.
- Add gperf BuildRequires: New "optional" dependency.

==== grub2 ====
Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin
grub2-x86_64-efi grub2-x86_64-xen

- Temporary fix for openQA UEFI USB Boot failure (bsc#1026344)
* 0001-Revert-efi-properly-terminate-filepath-with-NULL-in-.patch
- grub2.spec: fix s390x file list.
- Merge changes from SLE12
- add grub2-emu-4-all.patch
* Build 'grub2-emu' wherever possible, to allow a better
implementation of that feature.
- add grub2-s390x-06-loadparm.patch,
- add grub2-commands-introduce-read_file-subcommand.patch:
* allow s390x to telecontrol grub2. (bsc#891946, bsc#892852)
- add grub2-s390x-06-loadparm.patch:
* ignore case and fix transliteration of parameter. (bsc#891946)
- add grub2-s390x-07-add-image-param-for-zipl-setup.patch
* Add --image switch to force zipl update to specific kernel
- add grub2-s390x-08-workaround-part-to-disk.patch
* Ignore partition tables on s390x. (bsc#935127)
- add grub2-efi-chainload-harder.patch:
* allow XEN to be chain-loaded despite firmware flaws. (bnc#887793)
* Do not use shim lock protocol for reading pe header, it won't be
available when secure boot disabled (bsc#943380)
* Make firmware flaw condition be more precisely detected and add
debug message for the case
* Check msdos header to find PE file header (bsc#954126)
- grub2-s390x-04-grub2-install.patch:
* streamline boot to grub menu. (bsc#898198)
* Force '/usr' to read-only before calling kexec. (bsc#932951)
- grub2-once:
* add '--enum' option to enumerate boot-entries in a way
actually understood by 'grub2'. (bsc#892852, bsc#892811)
* Examine variables from grub environment in 'grub2-once'. (fate#319632)

==== gtk4 ====
Version update (3.89.2 -> 3.89.4)
Subpackages: gtk4-branding-upstream gtk4-data gtk4-immodule-amharic
gtk4-immodule-inuktitut gtk4-immodule-thai gtk4-immodule-vietnamese gtk4-lang
gtk4-schema gtk4-tools libgtk-4-0 typelib-1_0-Gtk-4_0

- Update to version 3.89.4:
+ API changes:
- gtk_init and other init functions no longer take commandline
- Functions that are only useful with commandline arguments
have been dropped.
- Widgets, except for toplevels, are now visible by default.
- Style properties are no longer supported.
+ Vulkan rendrerer: Implement more clipping.
+ CSS: Specifying px for pixels is now required.
+ Bugs fixed: bgo#358970, bgo#770112, bgo#773299, bgo#773686,
bgo#775864, bgo#776225, bgo#777363, bgo#777547, bgo#778009.
+ Updated translations.
- Changes from version 3.89.3:
+ GtkWidget now has API to navigate child widgets:
- gtk_widget_get_{first,last}_child and
- A number of non-container widgets have been converted to use
child widgets internally: GtkSwitch, GtkSpinButton,
+ GtkAboutDialog can show a 'System' tab.
+ GTK+ CSS now supports the filter: property and a
- gtk-icon-filter function that replaces and generalizes
- gtk-icon-effect.
+ GtkInspector can now save render nodes for testing and
+ More tests for render nodes have been added.
+ GtkTreeView and cell renderers have been more completely
converted to the snapshot() api.
+ More widgets have been converted to snapshot(): GtkCalendar,
+ Vulkan renderer:
- Combine draw calls when possible.
- Handle (some) clipping on the GPU.
- Handle linear gradients.
- Handle opacity.
- Support color transformations.
- Handle borders.
+ Wayland: Support the Vulkan renderer.
+ X11: Call XInitThreads(), since this is needed with Mesa Vulkan
+ Mir:
- Implement window properties.
- Track the focus window.
- Connect to content-hub and use it for copy/paste.
- Support modal windows.
+ Bugs fixed: bgo#775732, bgo#775846, bgo#776524, bgo#776560,
bgo#776604, bgo#776627, bgo#776807, bgo#776868, bgo#777176.
+ Updated translations.

==== guile ====
Version update (2.0.13 -> 2.0.14)
Subpackages: guile-modules-2_0 libguile-2_0-22

- Update to version 2.0.14:
* Bug fixes
+ Builds of .go files and of Guile itself are now
+ 'number->locale-string' and 'monetary-amount->locale-string'
+ (system base target) now recognizes "sh3" as a
cross-compilation target
+ Fix race condition in '00-repl-server.test'
+ 'scandir' from (ice-9 ftw) no longer calls 'stat' for each
* Several documentation improvements
- Drop no longer needed patches:
* guile-fake-buildstamp.patch
* repl-server-test.patch
- Small packaging cleanup with help of spec-cleaner

==== hplip ====
Version update (3.16.10 -> 3.16.11)
Subpackages: hplip-hpijs hplip-sane

- Version upgrade to 3.16.11:
* Added Support for the Following New Printers:
- HP LaserJet M101-M106 Printer
- HP LaserJet Pro M203-M206 Printer
- HP LaserJet Pro MFP M227-M231 Printer
- HP LaserJet Pro MFP M129-M134
* Added support for the following new Distro's:
- OpenSuse 42.2
- Fedora 25

==== i4l-base ====
Subpackages: i4l-isdnlog libcapi20-3 libcapi20-3-32bit

- Remove insserv_cleanup macro since we require and use systemd

==== icedtea-web ====

- Removed patch:
* icedtea-web-1.6.1-fix-2746.patch
+ Part of 1.6.2

==== installation-images ====
Version update (14.299 -> 14.302)

- fix install script to move the correct files (fate#322275)
- enhance tftpboot-installation package to include all files needed to build
our installation iso
- 14.302
- adjust 'boot from harddisk' to also work on caasp systems (bsc#1025851)
- 14.301
- make yast selfupdate feature configurable via YAST_SELFUPDATE env variable
- 14.300
- turn off YaST selfupdates for SLE12

==== irssi ====
Version update (1.0.0 -> 1.0.1)

- irssi 1.0.1:
* Fix Perl compilation in object dir
* Fix incorrect HELP SERVER example
* Correct memory leak in /OP and /VOICE
* Fix regression that broke second level completion
* Correct missing NULL termination in perl_parse boo#1023638
* Sync broken script
* Prevent a memory leak during the processing of the SASL
response boo#1023637

==== java-1_8_0-openjdk-plugin ====

- Removed patch:
* icedtea-web-1.6.1-fix-2746.patch
+ Part of 1.6.2

==== kernel-firmware ====
Version update (20170113 -> 20170217)
Subpackages: ucode-amd

- Update to version 20170217:
* linux-firmware: liquidio: update firmware to v1.4.2
* iwlwifi: update -17 firmware for 3260, 7260 and 7265
* iwlwifi: update -22 firmware for 7265D and up
* iwlwifi: add -27 firmware for 3168, 7265D, 8000C and 8265
* linux-firmware/i915: Add HuC 1.07.1398 for SKL
* linux-firmware/i915: Add HuC 1.07.1398 for broxton
* linux-firmware/i915: HuC on 2.0.1810 for Kabylake
* linux-firmware/i915: GuC firmware for Broxton v8.7
* linux-firmware/i915: GuC firmware for Kabylake v9.14
* radeon/amdgpu: update license copyright dates
* radeon: add new firmware for SI chips
* rtlwifi: rtl8723bs: Add firmware for new driver
* qla2xxx: Update firmware version to 8.06.00
* amdgpu: add firmware for polaris12 asics
* amdgpu: update VI gfx/sdma firmware
* amdgpu: update VI smc/mc firmware
* update WHENCE for new amdgpu/polaris12_*.bin firmware
* linux-firmware: add firmware for mt76x2

==== kernel-source ====
Version update (4.9.10 -> 4.9.11)
Subpackages: kernel-default kernel-default-devel kernel-devel kernel-docs
kernel-macros kernel-syms

- Linux 4.9.11 (CVE-2017-5897 CVE-2017-5970 CVE-2017-5986
bnc#1012628 bsc#1023762 bsc#1024938 bsc#1025235).
- Delete patches.fixes/ip6_gre-fix-ip6gre_err-invalid-reads.patch.
- Delete
- Delete
- commit cf9c670

==== kiwi ====
Version update (7.04.26 -> 7.04.27)
Subpackages: kiwi-desc-isoboot kiwi-desc-netboot kiwi-desc-oemboot
kiwi-desc-vmxboot kiwi-doc kiwi-media-requires kiwi-templates

- v7.04.27 released
- Prevent quoted domain name
We're getting domain name by parsion a lease file. Unfortunately in
lease file domain name is quoted, which breaks linux resolver.
This commit gets domainname unquoted
Signed-off-by: Dinar Valeev <k0da@xxxxxxxxxxxx>

==== libbluray ====

- Rename %soname to %sover to better reflect its use.
Fix RPM groups.

==== libgudev ====
Version update (230 -> 231)
Subpackages: libgudev-1_0-0 libgudev-1_0-devel typelib-1_0-GUdev-1_0

- Update to version 231:
+ Fix a bug in the enumerator to ensure that client subsystems
are implicitly matched.
+ Require a newer GLib to simplify some code.
- Add disabled pkgconfig(umockdev-1.0) BuildRequires, new
optional dependency, that is enabled by default upstream, but
unfortunatly not yet available in openSUSE.
- Following the above: pass --disable-umockdev to configure.

==== libnettle ====
Subpackages: libhogweed4 libhogweed4-32bit libnettle-devel libnettle6

- Explicitly BuildRequire m4

==== libpst ====
Version update (0.6.69 -> 0.6.70)

- Update to version 0.6.70:
+ pst_getID2 must not recurse into children.

==== libqb ====
Version update (1.0.0+git20160407.6f2b3e8 -> 1.0.1+git20170131.afdff97)

- [ringbuffer] Return error from peek if RB is corrupted. (bsc#1026176)
- build: drop allegedly no longer intrusive syslog-tests opt-in switch
- Upstream version cs: afdff97f1af8e1be916816ad8b6d5530fa7c6637
- version: Update version for 1.0.1 release
- rb: use new qb_rb_close_helper able to resort to file truncating (bsc#1026176)
- rb: make it more robust against trivial IPC API misuses (bsc#1026176)
- log_thread: logt_wthread_lock is vital for logging thread (bsc#1026176)
- log: Don't overwrite valid tags (bsc#1026176)
- ipc_shm: fix superfluous NULL check
- log: Add missing z,j, & t types to the logger (bsc#1026176)
- log: check for appropriate space when serializing a char (bsc#1026176)
- Upstream version cs: 0a329683a76bc6aeb36f20f2bf6b43ba0440c4dc (v1.0.1)

==== libquicktime ====

- Rename %soname to %sover to better reflect its use.
Correct RPM group.

==== libvirt ====
Subpackages: libvirt-client libvirt-daemon libvirt-daemon-config-network
libvirt-daemon-config-nwfilter libvirt-daemon-driver-interface
libvirt-daemon-driver-libxl libvirt-daemon-driver-lxc
libvirt-daemon-driver-network libvirt-daemon-driver-nodedev
libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu
libvirt-daemon-driver-secret libvirt-daemon-driver-storage
libvirt-daemon-driver-uml libvirt-daemon-driver-vbox libvirt-daemon-lxc
libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs

- Don't call insserv if we use systemd and don't require it.
- libxl: more fixes for dom0 maxmem setting
4ab0c959-libxl-mem-leak.patch, 2dc1cf19-libxl-double-free.patch
- apparmor: don't fail on non-apparmor <seclabel>
apparmor-errormsg-fix.patch, apparmor-alt-seclabel.patch
- libxl: fix reporting of domain maximum memory
- libxl: set disk format to raw if not specified and fix disk
- libxl: fix timer configurations
b4386fda-xenconfig-timer-fix.patch, d3970925-timer-tests.patch
- SLE12 SP2 bugs merged via version updates of the Factory libvirt
- SLE12 SP2 FATEs merged via version updates of the Factory libvirt
FATE#316228, FATE#316628, FATE#319531, FATE#319810, FATE#320490
- Replaced libxl-dom0-balloon-fix.patch with upstream patch
- Fix dom0 ballooning with Xen >= 4.8
- SLE12 SP2 bugs merged via version updates of the Factory libvirt
bsc#996020, bsc#987002, bsc#997278, bsc#998005, bsc#998389,
bsc#1001446, bsc#1001698, bsc#1005288, bsc#1013991, bsc#1016253,
bsc#1017086, bsc#1017762, bsc#1018189
- virt-create-rootfs is a temporary SLE-only hack that was never
added to the Factory libvirt package, causing it to be dropped
when rebasing SLE on Factory. Add it now but only apply
associated patch when building for SLE.
- Update to libvirt 3.0.0
- Many incremental improvements and bug fixes, see
- Add b018ada3-shunloadtest-build-fix.patch to fix 'make check'
- Add qemu-disable-namespaces.patch to temporarily disable
qemu namespace feature until all issues are resolved
- In order to avoid issues like bsc#1017189, explicitly specify
supported VirtualBox versions
- Update to libvirt 2.5.0
- Many incremental improvements and bug fixes, see
- Import new public signing key
- spec: explicitly set qemu-bridge-helper path to /usr/lib/
- Package org.libvirt.api.policy polkit file (bsc#959297)
- Fix postun systemd services cleanup
- Mark /etc/libvirt/nwfilter/*.xml files as config files
- Update to libvirt 2.4.0
- Many incremental improvements and bug fixes, see
- Update to libvirt 2.3.0
- Many incremental improvements and bug fixes, see
- Dropped patches:
virHostdevFindUSBDevice-privsyms.patch, libxl-usb-vendor.patch,
- Update to libvirt 2.2.0
- Many incremental improvements and bug fixes, see
- Dropped patches:
- libxl: allow vendor/product addressing for USB hostdevs
virHostdevFindUSBDevice-privsyms.patch, libxl-usb-vendor.patch
- qemu: fix auth for rbd network disks
- Replace cpumodel-vendor-crash-fix.patch with upstream variant
- Update to libvirt 2.1.0
- New subpackages libvirt-libs and libvirt-admin
- Many incremental improvements and bug fixes, see
- Dropped patches:
- qemu: fix qemu.conf security_driver regression in 2.1.0 release
- cpu_x86: fix libvirtd segfault when host cpu is 'qemu64'
- bsc#988279. Move the qemu-bridge-helper apparmor profile from the
qemu abstraction to the usr.sbin.libvirtd profile.
- spec: minor improvements to logic enabling numactl and numad
support and fix nested if indentation
- Update patches providing support for driver_override sysfs
interface with latest upstream variant. Dropped
pci-simplify-stub.patch and updated
- spec: enable numactl and numad support for aarch64
FATE#319979, bsc#991377
- BuildRequires: use librbd-devel instead of ceph-devel
- Enable rbd support for aarch64
- Use driver_override sysfs interface for binding/unbinding
PCI stub drivers
pci-simplify-stub.patch, pci-use-driver-override-sysfs.patch
- systemd: fix ready notification on abstract socket
- Update to libvirt 2.0.0
- Change version scheme to match libvirt's time-driven release
schedule. <major> will be incremented on first release of
new calendar year, <minor> on each monthly release, and
<micro> on stable branch maintenance release
- Include libvirt-admin utility and API
- Many incremental improvements and bug fixes, see
- Dropped patches:
- spec: Recent simplification allows using a common spec file for
SLE and openSUSE
- Add SLE patches missing in openSUSE
libxl-dom-reset.patch, libxl-set-migration-constraints.patch,
- xenconfig: fix conversion of <driver> to backendtype
- Advertise aarch64 UEFI firmware paths
- adjust spec file to include aarch64 paths in
'--with-loader-nvram=' configure option
- adjust qemu.conf 'nvram' option to include the SUSE paths
bsc#981836, bsc#983747
- apparmor: Don't scrub environment of virtlogd process
- Update to libvirt 1.3.5
- Many incremental improvements and bug fixes, see
- Dropped patches:
538012c8-default-vram.patch, 96b21fb0-vram-tests.patch,
- spec: simplify and cleanup by removing many conditionals that
are never toogled. Also drop conditionals for suse_version <
- Avoid suppressing errors during useradd/groupadd
- libxl: add domainInterfaceAddresses API
- libxl: default to qemu driver for network disks
- spec: Remove %defattr usage
Inspired by upstream commit 90f9193c
- libxl: support Xen migration stream V2
- Fix default video RAM setting
538012c8-default-vram.patch, 96b21fb0-vram-tests.patch,
- Remove unknown locales to fix build in old dists
- Update to libvirt 1.3.4
- Add support for migration data compression in QEMU driver
- Drop libvirtd.socket
- Many incremental improvements and bug fixes, see
- Dropped patches: 216650f1-libxl-build-fix.patch,
- qemu: perf: Fix crash/memory corruption on failed VM start
- Fix setting implicit video devices as primary
- Update to libvirt 1.3.3
- perf events
- post-copy migration support
- NSS module
- Many incremental improvements and bug fixes, see
- Add rpmlintrc file to filter shlib-policy-name-error for
new libnss_libvirt plugin
- Fix build with Xen4.7
- spec: restart daemons in %posttrans after connection drivers
have been processed
bsc#854343, bsc#968483
- libxl: advertise system qemu instead of qemu-xen in caps
- Update to libvirt 1.3.2
- Many incremental improvements and bug fixes, see
- libxl: Add support for block-{dmmd,drbd,npiv} scripts
- qemu: set /usr/share/qemu/ovmf-x86_64-ms-{code,vars}.bin as
default UEFI firmwares for x86_64
- Update to libvirt 1.3.1
- CVE-2015-5313
- Many incremental improvements and bug fixes, see
- Dropped patches: 034e47c3-CVE-2015-5313.patch,
ace1ee22-qemuxml2argv-test.patch, add-with-login-shell.patch,
- spec: perform one-time enable and start of virtlogd.socket when
upgrading from libvirt < 1.3.0. Inspired by upstream libvirt.git
commit da054f35.
- CVE-2015-5313: don't allow '/' in filesystem volume names
- Fix failing qemuxml2argv test on 32-bit platforms
- Update to libvirt 1.3.0
- New virtlogd log daemon
- Many incremental improvements and bug fixes, see
- Dropped patch: 703ec1b7-qemu-bridge-helper-fix.patch
- Added patch: virtlogd-init-script.patch
- Run udevadm settle after removing NICs in lxc driver.
bsc#829033. lxc-wait-after-eth-del.patch
- Don't add apparmor deny rw rule for 9P readonly mounts.
bsc#952849. virt-aa-helper-rw-mounts.patch
- Don't package virt-login-shell anymore as shipping it as
non-setuid doesn't make sense. bsc#837609
- Detect path of qemu-bridge-helper during %configure
- add qemu-tools as BuildRequires for suse_version > 1130
- add upstream patch 703ec1b7-qemu-bridge-helper-fix.patch
- Update to libvirt 1.2.21
- Many incremental improvements and bug fixes, see
- Dropped patches:
- spec: some minor wireshark fixups. Essentially a backport of
commit 7c8250d7.
- spec: remove all dependencies on apparmor to keep it optional.
- xenconfig: set disk type to BLOCK when driver is not tap or file
- spec: the libvirt apparmor profiles #include files from the
apparmor-profiles package, thus should have a dependency on it
- Remove Wants=xencommons.service from libvirtd.service
xencommons is already enabled by a global preset, and the
absence of xen-tools.rpm causes a systemd warning
- Update to libvirt 1.2.20
- Many incremental improvements and bug fixes, see
- Dropped upstream patches:
- bsc#945962: SLES12 SP1 Beta3 - Pass-through NIC device via virsh
not available to VM.
- libxl: set driver log level to the log_level specified in
- CVE-2015-5247 - denial of service through root-squash NFS storage
- Update to libvirt 1.2.19
- Improved ppc64 support
- New virDomainRename API
- Support for PCI Express controllers in QEMU
- Many incremental improvements and bug fixes, see
- Dropped upstream patches:
- Replace local libxl patches with upstream variants
- Added another virt-aa-helper upstream patch
- Added upstream patch to fix libvirt-tck memory balloon test
failure on Xen
- Fix generated apparmor profile to allow access to ovmf and nvram.
- storage: only run safezero if allocation is > 0
- Update to libvirt 1.2.18
- libxl: support dom0
- Many incremental improvements and bug fixes, see
- Dropped upstream patches:
- Fix crash in libxl driver on receiving side
- libxl: set dom0 state to running
- libxl: support management of dom0
- libxl: libxl: fix setting state of virDomainObj
- Fixed virt-aa-helper bugs preventing virt-sandbox to work.
- Fixed crasher due to uninitialized values
qemu-nbd-cleanup-fix.patch bsc#936841
- Update to libvirt 1.2.17
- parallels driver renamed to vz (Virtuozzo)
- Many incremental improvements and bug fixes, see
- spec: re-enable tests that have received upstream fixes and
are now passing
- Remove unsupported settings in libvirtd.socket unit file when
systemd version < 214
- spec: always apply Apparmor and netcontrol patches
- spec: Add libvirtd.socket unit file to service_add_pre and
service_del_postun macros
- Update to libvirt 1.2.16
- Introduce pci-serial
- Introduce virDomainSetUserPassword API
- Introduce protected key mgmt ops
- Add domain vmport feature
- Many incremental improvements and bug fixes, see
- Drop upstream patches c0d3f608-libxl-soundhw.patch and
- Drop polkit-10-virt.rules in favor of upstream 50-libvirt.rules
- qemu: fix regression defaulting to host arch
- spec: build libxl driver for aarch64 and remove useless
'suse_version <= 1220' conditional
- libxl: support virtual sound devices in HVM domains
- Update to libvirt 1.2.15
- Implement virDomainAddIOThread and virDomainDelIOThread
- libxl: Introduce configuration file for libxl driver
- Many incremental improvements and bug fixes, see
- Drop upstream patches da33a1ac-lxc-init-statedir.patch and
- spec file fixups for building --without-driver-modules
- boo#926765: add libvirt-daemon-driver-qemu dependency on
- boo#926153: make sure /var/run/libvirt/lxc folder exists when
starting the driver. da33a1ac-lxc-init-statedir.patch
- Fix lxc-enter-namespace for 3.19+ kernels.
- Disable building wireshark dissector. Commit 37397320
requires wireshark pkgconfig, which SUSE wireshark packages
do not provide.
- Disable building the legacy Xen driver since Xen no longer
provides the xend toolstack. Remove xend-specific patches
while at it: fix-pci-attach-xen-driver.patch,
- Update to libvirt 1.2.14
- qemu: Implement memory device hotplug
- Implement public API for virDomainPinIOThread
- Implement public API for virDomainGetIOThreadsInfo
- SRIOV NIC offload feature discovery
- Many incremental improvements and bug fixes, see
- Drop disable-hugepage-test.patch in favor of upstream fix
- Fix build on older distros containing a polkit package that lacks
support for /etc/polkit-1/rules.d drop directory
- Disable interface driver if libnetcontrol cannot be initialized
Modified libvirt-suse-netcontrol.patch
- Fix crash in libnetcontrol-backed interface driver
Modified libvirt-suse-netcontrol.patch
- Instruct polkit to allow memebers of the 'libvirt' group to connect
to libvirt without providing any password (bnc#920804)
- Added polkit-10-virt.rules to fix bnc#920804
- Change default setting of security_default_confined in
/etc/libvirt/qemu.conf instead of in code. Making the change in
code changes the default behavior for all users, even those that
have a custom security setup in their /etc/libvirt/qemu.conf.
Modified suse-qemu-conf.patch
- Fixed a number of QEMU apparmor abstraction problems. bsc#921355
- Update to libvirt 1.2.13
- qemu: improved support for host and guest NUMA
- Many incremental improvements and bug fixes, see
- Update to libvirt 1.2.12
- CVE-2015-0236: qemu: Check ACLs when dumping security info
from snapshots
- CVE-2015-0236: qemu: Check ACLs when dumping security info
from save image
- Many incremental improvements and bug fixes, see
- Drop upstream patches: 30c6aecc-apparmor-lib64.patch,
apparmor-xen-fixup.patch, apparmor-allow-helpers.patch,
- Disable a hugepage test that is failing on ppc, ppc64, and
ppc64le architectures - disable-hugepage-test.patch
- Fixed patches to pass make syntax-check
- Apparmor profile regression breaks Xen domains. bsc#913799
- Replaced hard to maintain install-apparmor-profiles.patch
by upstreamed 30c6aecc-apparmor-lib64.patch.
- Reformatted libvirt.spec and libvirtd.init to pass upstream make
- fix bashisms in script
- update patches:
+ libvirt-guests-init-script.patch
- Update to libvirt 1.2.11
- Implement public API for virDomainGetFSInfo
- qemu: Add define for the new throttle options
- CVE-2014-8131: Fix possible deadlock and segfault in
- CVE-2014-7823: dumpxml: security hole with migratable flag
- Drop upstream patches: 2222123-virt-aa-helper-crash.patch,
- Get /proc/sys/net/ipv[46] read-write for wicked to work in
containers. bsc#904432. ba9b7252-sys-net-rw.patch
- Fixed allowing devices for containers.
- qemu: Fix crash in tunnelled migration
- Fix potential crasher in virt-aa-helper
- ip link add now needs the 'name' parameter.
- Fixes for virt-sandbox-service to work:
- Allow adding virt-sandbox service config to apparmor rules.
- fix symlink resolving for containers to start.
- fix unmounting file system if it contains the source to mount.
- Remove security_driver = "none" in qemu config. This completely
disabled all security drivers instead of probing them.
- Changed default value of QEMU's security_default_confined to 0 to
keep QEMU domains unconfined by default.
- CVE-2014-7823: dumpxml: security hole with migratable flag
- Fix Qemu AppArmor abstraction.
- was denied on x86_64. install-apparmor-profiles.patch
- Temporary fix access to screenshot temporary file. bsc#904426.
- Update to libvirt 1.2.10
- Many incremental improvements and bug fixes, see
- Added package wireshark-plugin-libvirt to provide the wireshark
dissector for the libvirt RPC protocol
- spec: Remove gpg-offline build dependency and use of gpg_verify
to verify tarball since this task can be performed by source
- Update to libvirt 1.2.9
- Introduce virNodeAllocPages
- event: introduce new event for tunable values
- Add support for fetching statistics of completed jobs
- CVE-2014-3657: domain_conf: fix domain deadlock
- CVE-2014-3633: qemu: blkiotune: Use correct definition when
looking up disk
- Many incremental improvements and bug fixes, see
- Drop upstream patches: 3e745e8f-CVE-2014-3633.patch,
- Verify tarball with associated .asc file
Add: libvirt.keyring, libvirt-1.2.9.tar.gz.asc
Use upstream .gz tarball instead of locally generated .bz2
- CVE-2014-3633: Use correct definition when looking up disk in
qemu blkiotune
- spec: do not require dmidecode on older code 11
- Wait for ntp service before running libvirt-guests
- Canonicalize host arch name ppc64le to ppc64
- Update to libvirt 1.2.8
- virDomainBlockCopy with XML destination, typed params
- Introduce API for retrieving bulk domain stats
- Introduce virDomainOpenGraphicsFD API
- Many incremental improvements and bug fixes, see
- bnc#893999: remove mount rules from libvirt-lxc apparmor
abstraction file as those aren't handled by our kernel.
- bnc#894232 - Update apparmor profile to allow raw packets
- remove not necessary hunks from libvirt-ppc64le-support.patch
- move new patches to section for to be upstreamed
- add patch: libvirt-power8-models.patch
add current power8 cpu models to map
- add patch: libvirt-ppc64le-support.patch
add preliminary ppc64le support to libvirt
- bnc#820399 - virsh blockcopy should refuse identical device
- Update to libvirt 1.2.7
- Introduce virConnectGetDomainCapabilities
- Many incremental improvements and bug fixes, see
- Drop upstream patches: dba3432b-virt-lxc-convert-fix.patch,
- lxc AppArmor profile now only restricting potentially dangerous
accesses. fdo#886460
- Add virt-lxc-convert to libvirt-daemon-driver-lxc package
- added patches:
* 9265f8ab-apparmor-lxc-rework.patch
* 9b1e4cd5-skip-useless-apparmor-files.patch
- virt-lxc-convert: force free to output values in bytes
- added patches:
* dba3432b-virt-lxc-convert-fix.patch
- lxc: allow setting a custom name for container NICs as LXC is
is able to do it.
- Move 'Requires' of qemu from libvirt-daemon-qemu subpackage to
- Temporarily disable virt-aa-helper-test, which fails in Factory
- Update to libvirt 1.2.6
- libxl: add migration support and fixes
- Many incremental improvements and bug fixes, see
- Drop upstream patch libxl-migration-support.patch
- Drop ia64-clone.patch since libvirt is not built for IA64
- lxc-keep-caps-feature.patch: allow to keep/drop additional
capabilities for LXC containers. bnc#881465
- lxc-keep-caps-feature-conversion.patch: convert lxc.cap.drop to
the new domain configuration.
- lxc-keep-caps-feature-doc.patch: documentation for the new feature.
- Disable failing virportallocatortest on aarch64
- Update to libvirt 1.2.5
- Introduce virDomain{Get,Set}Time APIs
- Introduce virDomainFSFreeze() and virDomainFSThaw() public API
- Many incremental improvements and bug fixes, see
- Drop upstream patches:
- Add upstream patches that fix build with libselinux 2.3
Added: 292d3f2d-libselinux-build-fix1.patch,
Dropped: libselinux-build-fix.patch
- Fix the build breakers brought by libselinux 2.3.
- spec: libvirt-daemon package owns /etc/libvirt, not libvirt-client
- libxl: Fix <interface type='hostdev'> syntax for SR-IOV devices
- Update to libvirt 1.2.4
- Primarily a bug-fix release. See
for a detailed list of bug fixes and improvements
- Drop upstream patches:
0e0c1a74-domid-fix.patch, 7a1452f5-libxl-empty-cdrom.patch
- libxl: Support ACPI shutdown event
c4fe29f8-use-shutdown-flag.patch, da744120-use-reboot-flag.patch
- libx: Support migration
- CVE-2014-0179: Don't expand entities when parsing XML
- blacklist one more unit test for qemu_linux_user builds
- libxl: Set disk format for empty cdrom device
0e0c1a74-domid-fix.patch, 7a1452f5-libxl-empty-cdrom.patch
- Fate#315125: add NOCOW flag
- Removed libxl-hvm-vnc.patch: went upstream in another form
- Update to libvirt 1.2.3
- add new virDomainCoreDumpWithFormat API
- conf: Introduce virDomainDeviceGetInfo API
- more features and fixes on bhyve driver
- lot of cleanups and improvement on the Xen driver
- Many incremental improvements and bug fixes, see
- Add /usr/sbin/rc{libvirtd,virtlockd,libvirt-guests} symlinks
to preserve backwards compatibility
- Improve lock manager comments in qemu.conf
Updated suse-qemu-conf.patch
- Create /etc/libvirt/hooks to allow using hook scripts
- Update to libvirt 1.2.2
- add LXC from native conversion tool
- vbox: add support for v4.2.20+ and v4.3.4+
- CVE-2013-6456 (bnc#857490)
- Many incremental improvements and bug fixes, see
- Drop upstream patches: 37564b47-xend-parse-response.patch,
- Add local disable-virCgroupGetPercpuStats-test.patch to disable
failing virCgroupGetPercpuStats test in 'make check'
- daemon-qemu: Require qemu instead of kvm to align with
recent changes to the qemu package structure
- spec: fix dependencies of daemon-config-network and
daemon-config-nwfilter subpackages. Influenced by upstream
commits cf76c4b3 and dca5ce4c
- Remove libvirtd, virtlockd, and libvirt-guests init scripts when
using systemd
- Fix the path to libvirtd AppArmor template profile
- Fix parsing xend http response
- Add CAP_SYS_PACCT capability to libvirtd AppArmor profile
Modified install-apparmor-profiles.patch
- Fix build on code 11
- Fix rpmlint warning
- Following the upstream pattern, introduce the
daemon-config-network subpackage to handle defining the default
- Update to libvirt 1.2.1
- CVE-2014-0028, CVE-2014-1447, CVE-2013-6458, CVE-2013-6457,
- Many incremental improvements and bug fixes, see
- Dropped upstream patches: 5e397d9c-test-fix-dbus-crash.patch,
9faf3f29-LXC-memtune.patch, f8c1cb90-CVE-2013-6436.patch,
- Ignore 'make check' on older, code 11 base
- Fixed and reenabled unit tests. bnc#854694
- Remove dependency on pm-utils from libvirt-client
- CVE-2013-6436: Fix crashes in lxc memtune code, one of which
results in DoS
f8c1cb90-CVE-2013-6436.patch, 9faf3f29-LXC-memtune.patch
- More adjustments to the spec file to fix package dependency
- Update to libvirt 1.2.0
- Add support for gluster pool
- Separation of python binding
- vbox: add support for 4.3 APIs
- Many incremental improvements and bug fixes, see
- Updated and renamed clone.patch to ia64-clone.patch
- Enabled numad support for openSUSE >= 13.1
- Link with same versions of libnl used by netcontrol to prevent
crashing libvirtd on start
- Add '/etc/sasl2' to libvirt-client file list to fix Factory build
- Fix starting of libvirtd when NetworkManager is enabled
Modified libvirt-suse-netcontrol.patch
- Allow execution of libvirt hook scripts in /etc/libvirt/hooks/
in libvirtd AppArmor profile
- Update to libvirt 1.1.4
- Add support for AArch64 architecture
- Various improvements on test code and test driver
- Don't link virt-login-shell against
- Close all non-stdio FDs in virt-login-shell
- Only allow 'stderr' log output when running setuid
- Fix perms for virConnectDomainXML{To,From}Native
- Many incremental improvements and bug fixes, see
- Drop upstream patches: e7f400a1-CVE-2013-4296.patch,
2dba0323-CVE-2013-4297.patch, db7a5688-CVE-2013-4311.patch,
e65667c0-CVE-2013-4311.patch, 922b7fda-CVE-2013-4311.patch,
e4697b92-CVE-2013-4311.patch, 8294aa0c-CVE-2013-4399.patch,
57687fd6-CVE-2013-4401.patch, ae53e5d1-CVE-2013-4400.patch,
8c3586ea-CVE-2013-4400.patch, b7fcc799a-CVE-2013-4400.patch,
3e2f27e1-CVE-2013-4400.patch, 5a0ea4b7-CVE-2013-4400.patch,
- Allow execution of Xen binaries in /usr/lib{,64}/xen/bin in
libvirtd AppArmor profile
- Require libvirt-daemon-<hypervisor> in the main libvirt package
for each supported hypervisor
- Fix initialization of libxl NIC devices
- Fix typo in libvirtd apparmor profile which prevented the profile
from loading
- libxl driver: fix initialization of VNC and SDL info for
HVM domains
- Allow libvirtd apparmor profile to access /etc/xen/scripts/*
- Fix file descriptor passing in python bindings
- Have systemd terminate the machine as a workaround of fdo#68370
- Spec file fixes to only package libvirt-login-shell when
building the LXC driver
- CVE-2013-4400: Unsantized use of env variables allows privilege
escalation via virt-login-shell
ae53e5d1-CVE-2013-4400.patch, 8c3586ea-CVE-2013-4400.patch,
b7fcc799a-CVE-2013-4400.patch, 3e2f27e1-CVE-2013-4400.patch,
5a0ea4b7-CVE-2013-4400.patch, 843bdb2f-CVE-2013-4400.patch
- CVE-2013-4401: Fix perms for virConnectDomainXML{To,From}Native
- Move hypervisor-specific files out of libvirt-daemon package
and into libvirt-daemon-<hypervisor> subpackage
- conf: Don't crash on invalid chardev source definition
bnc#845704, rhb#1012196
- Use newer libnl3 instead of libnl-1_1
- Move virt-login-shell to new subpackage libvirt-login-shell,
requiring users to opt-in for this setuid binary. Note: For now,
virt-login-shell will not have setuid permissions, pending
resolution of bnc#837609
- qemu: Fix seamless SPICE migration
- CVE-2013-4399: Fix crash in libvirtd when events are registered
and ACLs active
bnc#844052, bnc#842300
- Update the stale gettext BuildRequires and Requires dependencies
in the spec file
- virt-aa-helper apparmor profile was denying read access to
/proc/$PID/*. Give read accesss to these files.
Updated install-apparmor-profiles.patch
- libvirtd apparmor profile was denying access to
/usr/lib/xen/bin/qemu-system-i386, which is now the default
emulator used with Xen guests
Updated install-apparmor-profiles.patch
- Fix condrestart|try-restart invocation of virtlockd init script
Modifed virtlockd-init-script.patch
- CVE-2013-4311: Add support for using 3-arg pkcheck syntax for
db7a5688-CVE-2013-4311.patch, e65667c0-CVE-2013-4311.patch,
922b7fda-CVE-2013-4311.patch, e4697b92-CVE-2013-4311.patch
- CVE-2013-4296: Fix crash in remoteDispatchDomainMemoryStats
- CVE-2013-4297: Fix crash in virFileNBDDeviceAssociate
- Update to libvirt 1.1.2
- various improvements to libxl driver
- systemd integration improvements
- Add flag to BaselineCPU API to return detailed CPU features
- Introduce a virt-login-shell binary
- conf: add startupPolicy attribute for harddisk
- Many incremental improvements and bug fixes, see
- Drop upstream patches: bcef0f01-libxl-console.patch,
d7a45bf2-legacy-xen-dumpxml.patch, 0e671a16-CVE-2013-4239.patch
- Includes fixes for bnc#837530, bnc#837531, bnc#837999
- Fix memory corruption in legacy Xen driver
- Upstream patches to fix dumpxml in legacy Xen driver
- Backport upstream patch implementing domainOpenConsole in the
libxl driver. Allows 'virsh console dom-name' to work with
Xen libxl toolstack.
- Update to libvirt 1.1.1
- Adding device removal or deletion events
- Introduce new domain create APIs to pass pre-opened FDs to LXC
- Add interface versions for Xen 4.3
- Add new public API virDomainSetMemoryStatsPeriod
- Various LXC improvements
- Many incremental improvements and bug fixes, see
- Drop upstream patches: f38c8185-CVE-2013-2230.patch,
fd2e3c4c-xen-sysctl-domctl.patch, dfc69235-CVE-2013-4153.patch,
96518d43-CVE-2013-4154.patch, fe89fd3b-storage-pool-deadlock.patch
- Drop relax-qemu-usergroup-check.patch - no longer needed
after hypervisor-specific daemon package split
- Unlock the storage volume object after looking it up
- CVE-2013-4153: Fix double free of returned JSON array in
- CVE-2013-4154: Prevent crash of libvirtd without guest agent
- Fix legacy xen driver with Xen 4.3
- CVE-2013-2230: Fix crash when multiple event callbacks were
- Update to libvirt 1.1.0
- Extensible migration APIs
- Add a policy kit access control driver
- various improvements in the Xen and libxl drivers
- improve networking support on BSD
- agent based vCPU hotplug support
- Many incremental improvements and bug fixes, see
- Drop upstream patches: 244e0b8c-CVE-2013-2218.patch
- Only require lzop if suse_version > 1210
- Fix typo in spec file
- Enable support for netcontrol by default
- Only require libvirt-daemon-driver-interface when building the
interface driver
- CVE-2013-2218: Fix crash listing network interfaces with filters
- Add xencommons as 'Wanted' in the systemd libvirtd service file
- Fix build for SLE11 SP2
- Add a README to the empty packages. Provides some info about
their purpose and satisfies suse-filelist-empty check.
Drop rpmlintrc
- Fix typo in spec file: devel package requires doc package, not
- Add rpmlintrc to get around suse-filelist-empty error on
older distros.
- Refactor libvirt spec file to create subpackages for the various
libvirtd components. This allows installing a libvirtd tailored
for the underlying virtualizer. E.g. on a KVM/QEMU virtualizer
only the libvirt-daemon-qemu package needs installed.
Similarly, only libvirt-daemon-xen on a Xen virtualizer and
libvirt-daemon-lxc on LXC.
- Update to libvirt 1.0.6
- Move VirtualBox driver into libvirtd
- Support for static routes on a virtual bridge
- Various improvement for hostdev SCSI support
- Various cleanups and improvement in Xen and LXC drivers
- Many incremental improvements and bug fixes, see
- Drop upstream patches: f493d83f-cgroup-swap-control.patch,
486a86eb-cgroups-docs.patch, 0ced83dc-cgroup-escape-dot.patch,
bbe97ae9-no-cgroups.patch, c2cf5f1c-no-cgroups-fix.patch,
- Update to libvirt stable release
- qemu: Fix cgroup handling when setting VCPU BW
- daemon: fix leak after listing all volumes
- Fix iohelper usage with streams opened for read
- util: fix virFileOpenAs return value and resulting error logs
- iscsi: don't leak portal string when starting a pool
- don't mention disk controllers in generic controller errors
- conf: don't crash on a tpm device with no backends
- qemu: allocate network connections sooner during domain startup
- Make detect_scsi_host_caps a function on all architectures
- Fix release of resources with lockd plugin
- Fix potential use of undefined variable in remote dispatch code
- Fix F_DUPFD_CLOEXEC operation args
- qemu: fix stupid typos in VFIO cgroup setup/teardown
- network: fix network driver startup for qemu:///session
- Remove patches that are included in the release
0471637d-cgroups-vcpu-bw.patch, a2214c52-iohelper.patch,
- Don't mount selinux fs in LXC if selinux is disabled
- fix leak after listing all volumes - CVE-2013-1962
- Fix iohelper usage with streams opened for read
- Cope with missing swap cgroup controls
- Fix cgroup handling when setting VCPU BW
- Escape a leading '.' with '_' in the cgroup names
- Add missing documentation on new cgroup layout
- Another fix related to systems with no cgroups
- Fix botched backport of commit bbe97ae9
- Fix starting domains when kernel has no cgroups support
- Update to libvirt 1.0.5
- PPC64: Add NVRAM device
- Add XML config for resource partitions
- Add support for TPM
- NPIV storage migration support
- Many incremental improvements and bug fixes, see
- Update to libvirt 1.0.4
- qemu: support passthrough for iscsi disks
- various S390 improvements
- various LXC bugs fixes and improvements
- add API for thread cancellation
- Many incremental improvements and bug fixes, see
- Drop upstream patches: ce4557c3-apparmor-tapfd-label.patch
- add libvirt-iptables-1.4.18.diff, fix masquerading with iptables
v1.4.18 (--state match is deprectated, use conntrack instead)
- Fix PCI device attach for xen HVM domains
- Apparmor security driver: Ensure tapfd's are labled when
generating the guest profile.
Modified install-apparmor-profiles.patch, added upstream patch
- Grant permission to use datagram packets in libvirtd apparmor
Remove AF_PACKET.patch, modify install-apparmor-profiles.patch
- Add 'managed' PCI passthrough support to legacy xen driver
- Update to libvirt 1.0.3
- Introduce virDomainMigrate*CompressionCache APIs
- Introduce virDomainGetJobStats API
- Add basic support for VDI images
- Introduce API virNodeDeviceLookupSCSIHostByWWN
- Various locking improvements
- Many incremental improvements and bug fixes, see
- Drop upstream patches: a6b8bae5-python-generator-fix1.patch,
- Fix path to qemu-bridge-helper in libvirt-qemu apparmor profile
Modified install-apparmor-profiles.patch
- Fix detach of managed PCI devices from inactive domains.
Detected while running test cases for FATE #313570.
Modified xen-name-for-devid.patch
- spec: Fix installation of default network
- Fix default setting of backend field of libxl_device_disk
- Fix build on IA64
Modified clone.patch
- Fix error handling in python bindings
- Require modutils instead of module-init-tools.
- Update to libvirt 1.0.2
- LXC improvements
- S390 architecture improvements
- Power architecture improvements
- large Coverity report cleanups and associated bug fixes
- virTypedParams* APIs to help with those data structures
- libxenlight driver improvements
- Fixes CVE-2013-0170, bnc#800976
- Drop upstream patches: 68e7bc45-libxl-link-fix.patch,
462a6962-script-fixes1.patch, cb854b8f-script-fixes2.patch,
5ec4b22b-script-fixes3.patch, a1fd56cb-script-fixes4.patch,
- Unconditionally build sanlock support
- Fix interface management functions that were broken when
rebasing libvirt-suse-netcontrol.patch
bnc#799444 (SLES bug that affect Factory too)
- Update to libvirt 1.0.1
- Introduce virtlockd daemon
- parallels: add disk and network device support
- Add virDomainSendProcessSignal API
- Introduce virDomainFSTrim() public API
- add fuse support for libvirt lxc
- Add Gluster protocol as supported network disk backend
- various snapshot improvements
- Add upstream patches to fix bugs in 1.0.1
462a6962-script-fixes1.patch, cb854b8f-script-fixes2.patch,
5ec4b22b-script-fixes3.patch, a1fd56cb-script-fixes4.patch,
- Rework SUSE patches for the various init scripts
Dropped use-init-script-redhat.patch and added
libvirtd-init-script.patch, libvirt-guests-init-script.patch,
and virtlockd-init-script.patch
- Update to libvirt 1.0.0
- virNodeGetCPUMap: Define public API
- Add systemd journal support
- Add a qemu capabilities cache manager
- USB migration support
- various improvement and fixes when using QMP QEmu interface
- Support for Xen 4.2 in legacy xen driver
- Lot of localization enhancements
- Drop upstream patches: 371ddc98-xen-sysctl-9.patch,
f644361b-virCommand-env.patch, 2b32735a-virCommand-env.patch,
- Fix Xen sysctl version 9 support
- Add upstream patches to support latest libguestfs
- Fix build when using -werror
- Support Xen sysctl version 9
- Temporarily disable building libxl driver. The current
implementation does not support libxl in Xen 4.2.
- Update to libvirt 0.10.2
- network: define new API virNetworkUpdate
- add support for QEmu sandbox support
- blockjob: add virDomainBlockCommit
- node_memory: Define the APIs to get/set memory parameters
- list: Define new API virConnectListAllSecrets
- list: Define new API virConnectListAllNWFilter
- list: Define new API virConnectListAllNodeDevices
- list: Define new API virConnectListAllInterfaces
- list: Define new API virConnectListAllNetworks
- list: Define new API virStoragePoolListAllVolumes
- list: Define new API virStorageListAllStoragePools
- parallels: add support of containers to the driver
- Add PMSUSPENDED life cycle event
- Add per-guest S3/S4 state configuration
- qemu: Support for Block Device IO Limits
- Update to libvirt 0.10.1
- Bug fix release for critical bugs in 0.10.0
- Drop upstream patch f781e276-xen-driver-fix.patch
- Update to libvirt 0.10.0
- agent: add qemuAgentArbitraryCommand()
- Introduce virDomainPinEmulator and virDomainGetEmulatorPinInfo
- network: use firewalld instead of iptables, when available
- network: make network driver vlan-aware
- esx: Implement network driver
- driver for parallels hypervisor
- Various LXC improvements
- Add virDomainGetHostname
- Drop upstream patches
- Fix xen driver following changes to make it stateful
- Update to libvirt 0.9.13
- S390: support for s390(x)
- snapshot: implement new APIs for esx and vbox
- snapshot: new query APIs and many improvements
- virsh: Allow users to reedit rejected XML
- nwfilter: add DHCP snooping
- storage backend: Add RBD (RADOS Block Device) support
- sVirt support for LXC domains inprovement
- Drop upstream patches
_ Update to libvirt 0.9.12
- qemu: allow snapshotting of sheepdog and rbd disks
- blockjob: add new AP
- many bug fixes and improvements
- daemon: Fix crash in virTypedParameterArrayClear
- libvirtd.service: ensure libvirtd starts after network
- Add upstream patch to fix ref count of virNetServer object
- Fix libvirtd deadlock on shutdown
- Fix segfault in libvirt_lxc
- Fix build on i586
- Update to libvirt stable release
- VUL-1: Fix hotplug support for usb devices with same vendorID,
- Add capability 'audit_write' to libvirtd apparmor profile
update install-apparmor-profiles.patch
- Update to libvirt stable release
- Copy user in virURIParse
- yajl is availabile in all supported SUSE products, so always
use it when building libvirtd
- Update to libvirt 0.9.11
- Add support for the suspend event
- Add support for event tray moved of removable disks
- qemu: Support numad
- cpustats: API, improvements and qemu support
- qemu: support type='hostdev' network devices at domain start
- Introduce virDomainPMWakeup API
- network: support Open vSwitch
- snapshot improvements
- Remove unconditional define of 'with_netcontrol'
- Add a note in /etc/libvirt/qemu.conf describing administrator
vigilance required when enabling a lock manager such as sanlock
- Recommend dmidecode if suse_version > 1110. dmidecode is used
by virConnectGetSysinfo.
- Add upstream patches to fix issues with older PolicyKit
- Update to libvirt 0.9.10
- Add support for sVirt in the LXC driver
- Add new API virDomainBlockRebase
- Add api to set and get domain metadata
- virDomainGetDiskErrors public API
- Add rawio attribute to disk element of domain XML
- Introduce virDomainPMSuspendForDuration API
- Add virStorageVolResize() API
- Add a virt-host-validate command to sanity check HV config
- Add new virDomainShutdownFlags API
- QEMU guest agent support
- Fix libvirtd apparmor profile to work with libxenlight toolstack
Updated install-apparmor-profiles.patch
- Fix init script packaging after enabling systemd support
- Fix %files after enabling sanlock support
- Enable libvirt integration with sanlock
- During configure, libvirt checks for availability of iptables
binary and doesn't actually use anything from iptables-devel
package, hence only need 'BuildRequires: iptables'.
- Update to libvirt 0.9.9
- Add new API virDomain{S,G}etInterfaceParameters
- Add new API virDomain{G,S}etNumaParameters
- Add support for ppc64 qemu
- Support Xen domctl v8
- Fixup systemd support as per openSUSE systemd packaging
- Use %fdupes for duplicate file checking instead of hand-rolled
- CVE-2011-4600: unintended firewall port exposure after restarting
libvirtd when defining a bridged forward-mode network
- Post-0.9.8 upstream systemd patches
10404671-systemd-build-fix.patch 478a4d07-systemd-build-fix.patch
- Update to libvirt 0.9.8
- Add support for QEMU 1.0
- Add first parts of PPC cpu driver
- Add new API virDomain{Set, Get}BlockIoTune
- block_resize: Define the new API
- Add a public API to invoke suspend/resume on the host
- Various improvements for LXC containers
- Define keepalive protocol and add virConnectIsAlive API
- Add support for STP and VLANfiltering
- Numerous bug fixes and improvements
- Add support for QEMU 1.0
- Allow qemu driver (and hence libvirtd) to load when qemu
user:group does not exist. The kvm or qemu package, which may
not exist on a xen host, creates qemu user:group.
- Handle empty strings in s-expression returned by xend
- Allow libvirtd to access libvirt_{io,part}helper when confined
by apparmor
Update install-apparmor-profiles.patch
- Accommodate Xen domctl version 8
- add libtool as buildrequire to avoid implicit dependency
- Fix build when using older PolicyKit
- Update to libvirt 0.9.7
- esx: support vSphere 5.x
- vbox: support for VirtualBox 4.1
- Introduce the virDomainOpenGraphics API
- Add AHCI support to qemu driver
- snapshot: many improvements and 2 new APIs
- api: Add public api for 'reset'
- Add AHCI controller support to qemu driver
- Set security driver to 'none' in /etc/libvirt/qemu.conf. Users
must opt-in for Apparmor confinement of qemu instances.
- Revert upstream commit f84aedad, which is not needed since
affected SUSE kvm packages have the necessary qemu fix
- Update to libvirt 0.9.6
- Fix shutdown regression with buggy qemu
- Fixed typos in libvirt.spec
- Update to libvirt 0.9.5
- many snapshot improvements
- latency: Define new public API and structure
- USB2 and various USB improvements
- storage: Add fs pool formatting
- Add public API for getting migration speed
- Add basic driver for Microsoft Hyper-V
- Many bug fixes and improvements
- Enable building with libnetcontrol
- Select libnl-1_1-devel
- Set qemu migration speed unlimited when migrating to file
7e5f6a51-rpc-generator.patch b12354be-mig-speed-1.patch
1282bd80-mig-speed-2.patch 6f84e110-mig-speed-3.patch
829bce17-mig-speed-4.patch 8fc40c51-mig-speed-5.patch
ef1065cf-mig-speed-6.patch 0257ba8f-mig-speed-7.patch
- Increase max size of buffer used to receive xend response
- Don't overwrite useful error messages in legacy xen driver
- Add upstream patches to stop excessive logging
7f2498ef-no-log-invalid.patch 6ff9fc26-quiet-libxl-logging.patch
- Add 'Conflicts: kvm < 0.14.1' to ensure libvirt is using a
kvm package that creates qemu user:group. Remove user:group
creation from libvirt
- Add libvirt group at package installation
- Explicitly add 'BuildRequires: libgcrypt-devel' since it is no
longer required by libgnutls-devel
- netcf is buggy and not well maintained in SUSE. Disable it in
- polkit support was mistakenly disabled, re-enable
- Add cgconfig to Should-{Start,Stop} in libvirtd init script
- Fix apparmor profile location and content
update install-apparmor-profiles.patch
- Fix libvirtd SIGHUP handler
- add baselibs.conf to sources
- Enable apparmor security dirver, SLES bnc#705668
- Update to libvirt 0.9.4
- bandwidth QoS control
- Add new API virDomainBlockPull*
- save: new API to manipulate save file images
- CPU bandwidth limits support
- allow to send NMI and key event to guests
- new API virDomainUndefineFlags
- Implement code to attach to external QEMU instances
- various missing python binding
- bios: Add support for SGA
- Numerous improvements and documentation / bug fixes
- Add some upstream patches to fix memory leaks and some bugs
in new rpc code
c2ddd536-cert-key-order.patch 3e5d48ef-rpc-1.patch
927dfcf6-rpc-2.patch 2c85644b-rpc-3.patch afe8839f-rpc-4.patch
3cfdc57b-rpc-5.patch 7518ad75-remote-mem-leak.patch
a34e193f-statstest.patch 41828514-skip-xen-tests.patch
eb314315-pv-kernel-cmdline.patch 00d3c5a6-remove-dead-code.patch
b8adfcc6-fix-polkit0-build.patch b2534529-unused-param.patch
- Update to libvirt 0.9.3
- vcpupin: introduce the new libvirt API (virDomainGetVcpupinInfo)
- Add TXT record support for virtual DNS service
- Support reboots with the QEMU driver
- Introduce virDomainGetControlInfo API
- virNodeGetMemoryStats: Expose new API
- virNodeGetCPUTime: Implement public API
- send-key: Defining the public API
- vcpupin: introduce a new libvirt API (virDomainPinVcpuFlags)
- support multifunction PCI device
- lxc: various improvements
- Create qemu user:group if necessary at package installation.
More fallout from bnc#694883
- VUL-0: libvirt: integer overflow in VirDomainGetVcpus
- Enable building libvirt with audit support
- fate#311371 Enhance yast to configure live migration for
Xen and KVM
add firewall service file for libvirt
- Invoke qemu instances as user:group qemu:qemu by default
- Update to libvirt 0.9.2
- Framework for lock manager plugins
- API for network config change transactions (netcf required)
- flags for setting memory parameters
- virDomainGetState public API
- qemu: allow blkstat/blkinfo calls during migration
- Introduce migration v3 API
- Defining the Screenshot public API
- public API for NMI injection
- spec file: Adjust some directory attributes to support running
non-privileged qemu instances
- Remove vi_VN locale if suse_version < 11.3
- Enable cap_ng when building lxc support.
- Update to libvirt 0.9.1
- support various persistent domain updates
- improvements on memory APIs
- Add virDomainEventRebootNew
- various improvements to libxl drive
- Spice: support audio, images and stream compression
- Move libvirt-iohelper from client to base package
- fix baselibs.conf not to requires source 32bit
- Install log dir for libxl
- Update to libvirt 0.9.0 final
- Support cpu usage tuning
- Add public APIs for storage volume upload/download
- Add public API for setting migration speed on the fly
- Add libxenlight driver
- qemu: support migration to fd
- add virDomain{Get,Set}BlkioParameters
- introduce a new libvirt API (virDomainSetMemoryFlags)
- Expose event loop implementation as a public API
- Dump the debug buffer to libvirtd.log on fatal signal
- Audit support
- Numerous enhancements and bug fixes
- Update to libvirt 0.9.0 RC3
- use %first_lang before changing symlinks, find_lang removes
unsupported languages
- VUL-0: libvirt: several API calls do not honour read-only
- Add baselibs.conf file to build xxbit packages
for multilib support
- Minor fixes for libvirt-guests
- Do not add drive 'boot=on' param when a kernel is specified
- Update to libvirt 0.8.8 final
- sysinfo: expose new API
- cgroup blkio weight support
- smartcard device support
- qemu: Support per-device boot ordering
- Update to libvirt 0.8.8 RC3
- Update to libvirt 0.8.8 RC1
- Remove explicit dependency on libyajl
- Retry JSON monitor 'cont' cmd on MigrationExpected error
- Add support for specifying Hardware Assisted Paging (HAP) in
libvirt domain XML.
- Enabled yajl for suse_version >= 1140
- Fix generation of dnsmasq's --dhcp-hostsfile option
- Disable yajl support as the library does not yet exist in
SuSE distros.
- Support libvirt-guests on SuSE distros
- Update to libvirt 0.8.7
- Preliminary support for VirtualBox 4.0
- IPv6 support
- Add VMware Workstation and Player driver
- Add network disk support
- Fix VNC port reservation race in qemu driver
- Do not limit insserv_cleanup to SLES
- disable building openvz driver
- Update to libvirt 0.8.6
- new API virDomainIsUpdated
- Add support for iSCSI target auto-discovery
- QED: Basic support for QED images
- Introduce a virDomainOpenConsole API
- Support for SPICE graphics
- Add a sysinfo and SMBIOS support
- Implement virsh qemu-monitor-command
- Enabled yajl, macvtap, and virtualport for suse_version >= 1140
- Fix build when using "policy kit 0"
- Update to libvirt 0.8.5
- Enable JSON and netdev features in QEMU > 0.13
- framework for auditing integration
- framework for DTrace/SystemTap integration
- Setting the number of vcpu at boot
- Enable support for nested SVM
- Virtio plan9fs filesystem QEMU
- Memory parameter controls
- portability to OS-X
- lot of bug fixes and other improvements
- cannot restart dead libvirtd without manually removing pidfile
modified libvirtd.init
- Fix package dependencies so can be installed without
pulling excess of optional components
- Support dropping capabilities with cap-ng library in
openSUSE >= 11.3
- Fix build when virtualport support is available but macvtap is
- Fix CDROM media change for Xen PV domains
modified xen-pv-cdrom.patch
- Update to libvirt 0.8.4
- various improvements to UML driver
- documentation improvements
- lot of bug fixes and other improvements
- enable ESX driver for openSUSE
- Update to libvirt 0.8.3
- Support vSphere 4.1
- Qemu arbitrary monitor commands
- Qemu Monitor API entry point
- lots of improvements and bug fixes
- VUL-0: multiple issues in libvirt
CVE-2010-223x-000[1-0].patch, CVE-2010-223x-0010.patch,
- Use netcat-openbsd, which contains a proper 'nc' program
supporting the '-U' option. Drop socat.patch.
- Re-enable numa support now that bnc#598488 is resolved.
- Allocate buffer to hold xend content
- Add upstream fixes to bitmap code that was introduced to fix
- Fix race in VNC port reservation with qemu/KVM domains
- Don't package directories/files under /var/run
- Add upstream commit 34a7f3f6 to fix unintentional breakage of
RPC protocol.
- Disable numa support in openSUSE11.3/Factory pending resolution
of bnc#598488
- Update to libvirt 0.8.1
- Add virDomainGetBlockInfo API to query disk sizing
- Start dnsmasq from libvirtd with --dhcp-hostsfile option
- lots of improvements and bug fixes
- Update to libvirt 0.8.0
- Snapshot API framework
- Add managed save API entry points
- Timer subselection for domain clock
- Add hook utilities
- Network filtering API
- Introduce a new virDomainUpdateDeviceFlags public API
- Introduce a new public API for domain events
- Public virDomainMigrateSetMaxDowntime API
- Add public API for volume wiping
- xenapi: Initial commit of the new driver
- lots of improvements and bug fixes
- Fix 'virsh dominfo' crash when no security driver is configured
- Updated to version 0.7.7
- Introduce public API for domain async job handling
- macvtap support
- Add QEMU support for virtio channel
- Add persistence of PCI addresses to QEMU
- Functions for computing baseline CPU from a set of host CPUs
- Public API for virDomain{Attach,Detach}DeviceFlags
- lots of improvements and bug fixes
- Ensure yast-created bridges are not manipulated by libvirt
Modified suse-network.patch
- Fix ordering of xen disks to preserve 'bootable' flag
- Add support for blktap2 disks
- Fix listing of yast-created bridges
Modified suse-network.patch
- Add support for new XEN_DOMCTL_INTERFACE_VERSION version 7.
- Unconditionally add /var/log/libvirt/{qemu,lxc,uml} directories.
- Updated to version 0.7.6
- Implement support for multi IQN
- Implement CPU topology support for QEMU driver
- Use QEmu new device adressing when possible
- Implement SCSI controller hotplug/unplug for QEMU
- lots of improvements and bug fixes
- Support new XEN_SYSCTL_INTERFACE_VERSION 7 in libvirt
- Add upstream patches as prelude to fixing various device
attach/detach issues
- Fix attaching/detaching disk device from inactive Xen guest
bnc#500586 and bnc#573748
- Fix migration with Xen4.0
Add xen-migration-params.patch
Remove migrate-params.patch
- Fix freeing of uninitialized pointer when using HAL in
node device driver
- Require virt-utils package for common tools such as qemu-img
- Updated to version 0.7.5
- Add new API virDomainMemoryStats to header and drivers
- Public API and domain extension for CPU flags
- expose SR IOV physical/virtual function relationships
- Support for JSON mode monitor [deactivated]
- Support for interface model='netfront'
- vbox: Add support for version 3.1
- Support QEMU's virtual FAT block device driver
- lots of improvements and bug fixes
- Fix libvirt xen hypervisor driver to work with domctl interface
version 6
- Plumb domain description in xend backend
- Fix listing of defined but inactive Xen domains
- Updated to version 0.7.4
- Implement a node device backend using libudev
- New APIs for checking some object properties
- Fully asynchronous monitor I/O processing
- add MAC address based port filtering to qemu
- support for IPv6 / multiple addresses per interfaces
- lots of improvements and bug fixes
- Fix compilation against xen-unstable
- Modify detach-disk.patch as per upstream suggestions
- spec file: Fix polkit vs PolicyKit Requires
- Fix compilation when selinux is enabled
- Fix compilation warnings
updated snapshots.patch
- Updated to version 0.7.2
- sVirt AppArmor security driver
- Add public API definition for data stream handling
- ESX add esxDomainDefineXML()
- LXC: suspend/resume support
- Big code tree cleanup
- Lots of bug fixes and improvements
- Add ocfs2 to list of supported fs pool types
- Build phyp driver ifarch ppc64
- Fix memory leaks in libvirtd's message processing
- Fix connection ref counting in xen drivers
- Fix abort in virsh when specifying a connection URI
- Workaround for missing pkgconfig file in device-mapper-devel
- Updated to version 0.7.1
- Add support for encrypted (qcow) volume creation
- Secret manipulation public API
- Multipath storage support module
- VBox add Storage Volume support
- Support configuration of huge pages in guests
- Support new PolicyKit 1.0 API
- Compressed save image format for Qemu
- Qemu add host PCI device hotplug support
- Updated to version 0.7.0
- Interface implementation based on netcf (disabled on SuSE)
- Add new net filesystem glusterfs
- Initial VMWare ESX driver
- Add support for VBox 3 and event callbacks on vbox
- First version of the Power Hypervisor driver
- Run QEMU guests as an unprivileged user (still root on SuSE)
- Support cgroups in QEMU driver
- QEmu hotplug NIC support
- Storage cloning for LVM and Disk backends
- Updated to version 0.6.5
- create storage volumes on disk backend
- drop of capabilities based on libcap-ng when possible
- forbid autostart on transcient networks
- re-detection of transient VMs after libvirtd restart
- create and destroy NPIV support
- other bug fixes and cleanups
- Removed unnecessary call to fillup_and_insserv macro in
%post scriptlet
- Updated to version 0.6.2
- support SASL auth for VNC server
- memory ballooning in QEMU
- SCSI HBA storage pool support
- PCI passthrough in Xen driver
- new APIs for Node device detach reattach and reset
- sVirt mandatory access control support
- thread safety of the API and event handling
- allow QEmu domains to survive daemon restart
- extended logging capabilities
- support copy-on-write storage volumes
- support of storage cache control options for QEMU/KVM
- Improvements from lnussel@xxxxxxx
- add %jobs macro again
- package default qemu network and augeas config files again
- don't start libvirtd by default (bnc#496838)
- use --disable-static instead of just removing static libraries

==== libzip ====
Version update (1.1.3 -> 1.2.0)

- Update to version 1.2.0:
* Support for AES encryption (Winzip version), both encryption
and decryption.
* Support legacy zip files with >64k entries.
* Fix seeking in zip_source_file if start > 0.
* Add zip_fseek() for seeking in uncompressed data.
* Add zip_ftell() for telling position in uncompressed data.
* Add zip_register_progress_callback() for UI updates during

==== mariadb ====
Version update (10.1.20 -> 10.1.21)
Subpackages: libmysqlclient-devel libmysqlclient18 libmysqlclient_r18
libmysqld18 mariadb-client mariadb-errormessages

- update to MariaDB 10.1.21
* notable changes:
* Innodb updated to 5.6.35
* Performance Schema updated to 5.6.35
* release notes and changelog:
* fixes the following CVEs:
CVE-2017-3318 [bsc#1020896], CVE-2017-3317 [bsc#1020894],
CVE-2017-3312 [bsc#1020873], CVE-2017-3291 [bsc#1020884],
CVE-2017-3265 [bsc#1020885], CVE-2017-3258 [bsc#1020875],
CVE-2017-3257 [bsc#1020878], CVE-2017-3244 [bsc#1020877],
CVE-2017-3243 [bsc#1020891], CVE-2017-3238 [bsc#1020882],
CVE-2016-6664 [bsc#1008253]
- add mariadb.te file to the filelist
- add mysqld_safe_helper to the filelist
- refresh mariadb-10.1.4-group.patch
- add mariadb-10.1.20-incorrect_list_handling.patch to fix incorrect
linked list handling in mysql_prune_stmt_list() function that can
cause use-after-free error [bsc#1022428]

==== mjpegtools ====
Subpackages: libmjpegutils-2_0-0

- Split the package in smaller pieces, allowing as user to keep the
main/free parts from the distribution and 'enhancing' the
capability with simple addon-packages: libmpeg2encpp-2_0-0 (as a
library it is required by other code depending on it) and
mjpegtools-orig-addon, which is auto-recommended when the user
has mjpegtools installed AND has a repo enabled, containing this
package AND has recommends enabled.

==== mozilla-nss ====
Version update (3.28.2 -> 3.28.3)
Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs mozilla-nss-tools

- update to NSS 3.28.3
* This is a patch release to fix binary compatibility issues.
NSS version 3.28, 3.28.1 and 3.28.2 contained changes that were
in violation with the NSS compatibility promise.
ECParams, which is part of the public API of the freebl/softokn
parts of NSS, had been changed to include an additional attribute.
That size increase caused crashes or malfunctioning with applications
that use that data structure directly, or indirectly through
ECPublicKey, ECPrivateKey, NSSLOWKEYPublicKey, NSSLOWKEYPrivateKey,
or potentially other data structures that reference ECParams.
The change has been reverted to the original state in bug
SECKEYECPublicKey had been extended with a new attribute, named
"encoding". If an application passed type SECKEYECPublicKey to NSS
(as part of SECKEYPublicKey), the NSS library read the uninitialized
attribute. With this NSS release SECKEYECPublicKey.encoding is
deprecated. NSS no longer reads the attribute, and will always
set it to ECPoint_Undefined. See bug bmo#1340103.
- requires NSPR >= 4.13.1

==== mtd-utils ====
Version update (1.5.2 -> 2.0.0)

- Update to version 2.0.0:
* libmissing with stubs for functions not present in libraries
like musl
* unittests for libmtd and libubi
* port most kernel space mtd test modules to userspace
* mkfs.ubifs: extended attribute support
* ubinize: Move lengthy help text to a man page
* nandwrite: Add skip-all-ff-pages option
* flash_{un,}lock: support for MEMISLOCKED
* nandtest: support hex/dec/oct for --offset and --length

==== multipath-tools ====
Subpackages: kpartx

- Remove superfluous PreReq for insserv and fillup

==== mutter ====
Version update (3.22.2 -> 3.22.3)
Subpackages: libmutter0 mutter-data

- Update to version 3.22.3:
+ Fix switching between two finger- and edge scrolling on wayland
+ Fix frequent freezes in multihead setups on wayland
+ Preserve root window mask on XSelectionRequest (bgo#776128).
+ Fix window menu placement with HiDPI (bgo#776055).
+ Fix HiDPI detection on vertical monitor layouts (bgo#777687).
+ Fix erroneous key event repeats (bgo#774989).
+ Fix "ghost" cursors in multi-monitor setups (bgo#771056).
+ Use eglGetPlatformDisplay (bgo#772422).
+ Fix erratic raise_or_lower behavior (bgo#705200).
+ Extend tablet device checks (bgo#773779).
+ Set right scale for tablet tool cursors on HiDPI (bgo#778474).
+ Allow edge-scrolling without 2fg-scroll capable devices
+ Misc. bug fixes: bgo#771297, bgo#774135, bgo#775986,
bgo#777691, bgo#777470, bgo#778262, bgo#776919.
+ Updated translations.
- Drop mutter-x11-meta.patch: Fixed upstream.

==== open-vm-tools ====
Subpackages: libvmtools0 open-vm-tools-desktop

- Don't require insserv if we don't need it.

==== openldap2 ====
Subpackages: libldap-2_4-2 libldap-2_4-2-32bit libldap-data openldap2-client

- Remove superfluous insserv PreReq.

==== os-prober ====
Version update (1.70 -> 1.74)

- Version bump to 1.74:
* Add support for Mageia
* Improve logging of mounting and setting partitions to ro/rw
* Use a read-only device-mapper entry if possible rather than setting the
underlying device to read-only.
Note that this introduces a dependency on dmsetup on Linux architectures.
* Remove the "blockdev --setro" code path entirely, since the read-only
device-mapper arrangement supersedes it and should be safer
* Make the yaboot parser more tolerant about the syntax of "append" options
* Disable debugging if OS_PROBER_DISABLE_DEBUG is set
* Replace basename/dirname with shell string processing
* Fix typos in README
* Add Devuan detection
* Work harder to avoid trying to mount extended partitions
* Drop " (loader)" suffixes on Microsoft operating systems
* Add support for 4MLinux
* Use HTTPS for Vcs-* URLs, and link to cgit rather than gitweb.
- Rediff
* os-prober-1.49-grub2-mount.patch
* os-prober-EFI-openSUSEfy.patch
* os-prober-btrfs-always-detect-default.patch
* os-prober-btrfsfix.patch
* os-prober-dont-load-all-fs-module-and-dont-test-mount.patch
* os-prober-fix-btrfs-subvol-mounted-tests.patch
* os-prober-linux-distro-avoid-expensive-ld-file-test.patch
* os-prober-linux-distro-parse-os-release.patch
- Remove patches; fixed on upstream release
* os-prober-call-dmraid-once.patch
* os-prober-1.49-skip-LVM2_member.patch

==== p7zip ====

- Explicitly package %{_docdir}/%{name} to fix build with RPM 4.13.

==== pcre2 ====
Version update (10.22 -> 10.23)

- pcre2 10.23:
* major re-factoring of the pcre2_compile.c file
* Back references are now permitted in lookbehind assertions when
there are no duplicated group numbers (that is, (?| has not
been used), and, if the reference is by name, there is only one
group of that name. The referenced group must, of course be of
fixed length.
* \g{+<number>} (e.g. \g{+2} ) is now supported. It is a "forward
back reference" and can be useful in repetitions
(compare \g{-<number>} ). Perl does not recognize this syntax.
* pcre2grep now automatically expands its buffer up to a maximum
set by --max-buffer-size.
* The -t option (grand total) has been added to pcre2grep.
* A new function called pcre2_code_copy_with_tables() exists to
copy a compiled pattern along with a private copy of the
character tables that is uses.
- Explicitly package %{_docdir}/%{name} to fix build with RPM 4.13.

==== perl-Net-HTTP ====
Version update (6.12 -> 6.13)

- updated to 6.13
see /usr/share/doc/packages/perl-Net-HTTP/Changes
6.13 2017-02-19 21:40:54-05:00 America/Toronto
- use EWOULDBLOCK as well on all places where EAGAIN is used (GH PR#24)

==== perl-YAML ====
Version update (1.22 -> 1.23)

- updated to 1.23
see /usr/share/doc/packages/perl-YAML/Changes
1.23 Sun Feb 19 22:07:57 CET 2017
- Fix $YAML::Numify (empty values were converted to 0)

==== pidgin-sipe ====
Version update (1.21.1 -> 1.22.0)
Subpackages: libpurple-plugin-sipe libpurple-plugin-sipe-lang pidgin-plugin-sipe

- Conditionalise video/audio to fix build on SLE 12 SP1.
- update to 1.22.0
- Feature #93: Support for Lync Autodiscover (Stefan Becker)
- Feature #6: Application Sharing Viewer (Jakub Adam)
* requires libpurple >= 2.12.0
* needs an external RDP client - remmina and xfreerdp are supported
- Fixed #315: Crash when contact list is empty (Stefan Becker)
- Fixed #314: sipe login problems with long pw (Stefan Becker)
- separate logging and debugging output (Stefan Becker)
* logging is always shown, e.g. in the Pidgin debug window
* full message debugging now requires PURPLE_UNSAFE_DEBUG=1
- new translations: Greek (el), Lithuanian (lt)
- drop pidgin-sipe-gstreamer-1.0.patch: no longer needed
- add recommends for remmina and freerdp so the desktop sharing
stuff would work out of the box
- add BR for gstreamer-rtp-1.0 and farstream-0.2 to keep the
video/audio feature working

==== plasma5-desktop ====

- Add patch to fix regression in 5.9.2:
* 0001-Don-t-pin-during-reordering-by-DND.patch
- Add BuildRequires: plasma5-workspace to fix generation of package
metadata (needed in :LTS, apparently already pulled in by something else here)

==== poppler ====
Version update (0.51.0 -> 0.52.0)
Subpackages: libpoppler-cpp0 libpoppler-devel libpoppler-glib8 libpoppler66

- Update to version 0.52.0:
+ core:
- Fix assert on reading some OCGs (fdo#99768).
- Properly initialize some RichMedia variables in corner cases
+ qt4:
- optcontent structure was leaking the headers items
- Cleanup objects in tests to fix memory leaks (fdo#99449).
+ qt5:
- optcontent structure was leaking the headers items
- Cleanup objects in tests to fix memory leaks (fdo#99449).
+ utils: pdftocairo.1: Fix typo.

==== poppler-qt5 ====
Version update (0.51.0 -> 0.52.0)
Subpackages: libpoppler-qt5-1 libpoppler-qt5-devel

- Update to version 0.52.0:
+ core:
- Fix assert on reading some OCGs (fdo#99768).
- Properly initialize some RichMedia variables in corner cases
+ qt4:
- optcontent structure was leaking the headers items
- Cleanup objects in tests to fix memory leaks (fdo#99449).
+ qt5:
- optcontent structure was leaking the headers items
- Cleanup objects in tests to fix memory leaks (fdo#99449).
+ utils: pdftocairo.1: Fix typo.

==== postfix ====
Subpackages: postfix-doc

- Fix requires:
- shadow is needed for postfix-mysql pre-install section
- insserv is not needed if systemd is used

==== postgresql-init ====

- Fix location of insserv cleanup call

==== python-qt4 ====

- Require sip 4.19.1 for compatibility with PyQt5

==== python-rpm-macros ====
Version update (1.0git.1483874658.ead0b0b -> 1.0.git.1486997542.e9fcc29)

- update service, use repository and tarball name "python-rpm-macros"
- introduce %python_prefix
- Set RPM group
- change service version generator to use "1.0.git" instead of "1.0git"

==== python-sip ====
Version update (4.19 -> 4.19.1)
Subpackages: python-sip-devel

- Update to 4.19.1
* Added the %PreMethodCode directive.
* Added sipEnableGC() to the C API.
* Added the -D command line option so that the generated code is
aware of Python debug builds.

==== python-wxWidgets-3_0 ====
Subpackages: python-wxWidgets-3_0-lang

- Eliminate ancient bundled headers from build procedure that
caused ABI mismatches [boo#953017, boo#1022819, boo#1023841].

==== sg3_utils ====
Subpackages: libsgutils2-1_43-2

- Remove superfluous insserv PreReq.

==== shim-leap ====

- Update shim to 0.9-13.1
+ Update shim-install to support "--no-nvram" and improve
removable media and fallback mode handling (bsc#985568,
bsc#999818) (Fix from mchang@xxxxxxxx)
- New signature from Microsoft
- shim-install : fix regression of password prompt (bsc#993764)
- Add shim-bsc991885-fix-sig-length.patch to fix the signature
length passed to Authenticode (bsc#991885)
- Update shim-bsc973496-mokmanager-no-append-write.patch to try
append write first
- Add shim-update-openssl-1.0.2h.patch to update openssl to 1.0.2h
- Bump the requirement of gnu-efi due to the HTTPBoot support
- Add shim-httpboot-support.patch to support HTTPBoot
- Add shim-update-openssl-1.0.2g.patch to update openssl to 1.0.2g
and Cryptlib to 5e2318dd37a51948aaf845c7d920b11f47cdcfe6
- Drop patches since they are merged into
+ shim-update-openssl-1.0.2d.patch
+ shim-gcc5.patch
+ shim-bsc950569-fix-cryptlib-va-functions.patch
+ shim-fix-aarch64.patch
- Refresh shim-change-debug-file-path.patch
- Add shim-bsc973496-mokmanager-no-append-write.patch to work
around the firmware that doesn't support APPEND_WRITE (bsc973496)
- shim-install : remove '\n' from the help message (bsc#991188)
- shim-install : print a message if there is no valid EFI partition
- shim-install : support simple MD RAID1 target devices (FATE#314829)
- Add shim-fix-aarch64.patch to fix compilation on AArch64 (bsc#978438)
- shim-install : fix typing ESC can escape to parent config which is
in command mode and cannot return back (bsc#966701)
- shim-install : fix no which command for JeOS (bsc#968264)
- acquired updated signature from Microsoft
- Add shim-bsc950569-fix-cryptlib-va-functions.patch to fix the
definition of va functions to avoid the potential crash
- Update shim-opensuse-cert-prompt.patch to avoid setting NULL to
MokListRT (bsc#950801)
- Drop shim-fix-mokmanager-sections.patch as we are using the
newer binutils now
- Refresh shim-change-debug-file-path.patch
- acquired updated signature from Microsoft
- shim-install : set default GRUB_DISTRIBUTOR from /etc/os-release
if it is empty or not set by user (bsc#942519)
- Add shim-update-openssl-1.0.2d.patch to update openssl to 1.0.2d
- Refresh shim-gcc5.patch and add it back since we really need it
- Add shim-change-debug-file-path.patch to change the debug file
path in shim.efi
+ also add the debuginfo and debugsource subpackages
- Drop shim-fix-gnu-efi-30w.patch which is not necessary anymore
- Update to 0.9
- Refresh patches
+ shim-fix-gnu-efi-30w.patch
+ shim-fix-mokmanager-sections.patch
+ shim-opensuse-cert-prompt.patch
- Drop upstreamed patches
+ shim-bsc920515-fix-fallback-buffer-length.patch
+ shim-mokx-support.patch
+ shim-update-cryptlib.patch
- Drop shim-bsc919675-uninstall-shim-protocols.patch since
upstream fixed the bug in another way.
- Drop shim-gcc5.patch which was fixed in another way
- Fix tags in the spec file
- Add shim-update-cryptlib.patch to update Cryptlib to r16559 and
openssl to 0.9.8zf
- Add shim-bsc919675-uninstall-shim-protocols.patch to uninstall
the shim protocols at Exit (bsc#919675)
- Add shim-bsc920515-fix-fallback-buffer-length.patch to adjust
the buffer size for the boot options (bsc#920515)
- Refresh shim-opensuse-cert-prompt.patch
- shim-gcc5.patch: shim needs -std=gnu89 to build with GCC5
- shim-install : fix cryptodisk installation (boo#917427)
- Add shim-fix-mokmanager-sections.patch to fix the objcopy
parameters for the EFI files
- Update to 0.8
- Add shim-fix-gnu-efi-30w.patch to adapt the change in
- Merge shim-signed-unsigned-compares.patch,
shim-mokmanager-support-sha-family.patch and
shim-bnc863205-mokmanager-fix-hash-delete.patch into
- Refresh shim-opensuse-cert-prompt.patch
- Drop upstreamed patches: shim-update-openssl-0.9.8zb.patch,
bug-889332_shim-overflow.patch, and bug-889332_shim-mok-oob.patch
- Enable aarch64
- Fixed buffer overflow and OOB access in shim trusted code path
(bnc#889332, CVE-2014-3675, CVE-2014-3676, CVE-2014-3677)
* added bug-889332_shim-mok-oob.patch, bug-889332_shim-overflow.patch
- Added new certificate by Microsoft
- re-introduce build failure if shim_enforce_ms_signature is defined. That way
a project like openSUSE:Factory can decide whether or not shim needs a valid
MS signature.
- Add shim-update-openssl-0.9.8zb.patch to update openssl to
- updated shim to new version (OpenSSL 0.9.8za) and requested a new
certificate from Microsoft. Removed
* shim-allow-fallback-use-system-loadimage.patch
* shim-bnc872503-check-key-encoding.patch
* shim-bnc877003-fetch-from-the-same-device.patch
* shim-correct-user_insecure-usage.patch
* shim-fallback-avoid-duplicate-bootorder.patch
* shim-fallback-improve-entries-creation.patch
* shim-fix-dhcpv4-path-generation.patch
* shim-fix-uninitialized-variable.patch
* shim-fix-verify-mok.patch
* shim-get-variable-check.patch
* shim-improve-error-messages.patch
* shim-mokmanager-delete-bs-var-right.patch
* shim-mokmanager-handle-keystroke-error.patch
* shim-remove-unused-variables.patch
since they're included in upstream and rebased the remaining onces.
Added shim-signed-unsigned-compares.patch to fix some compiler
- Keep shim-devel.efi for the devel project
- don't fail the build if the UEFI signing service signature can't
be attached anymore. This way shim can still pass through staging
projects. We will verify the correct signature for release builds
using openQA instead.
- shim-install: fix GRUB shows broken letters at boot by calling
grub2-install to initialize /boot/grub2 directory with files
needed by grub.cfg (bnc#889765)
- Add shim-remove-unused-variables.patch to remove the unused
- Add shim-bnc872503-check-key-encoding.patch to check the encoding
of the keys (bnc#872503)
- Add shim-bnc877003-fetch-from-the-same-device.patch to fetch the
netboot image from the same device (bnc#877003)
- Refresh shim-opensuse-cert-prompt.patch
- Use --reinit instead of --refresh in %post to update the files
in /boot
- shim-install: fix boot partition and rollback support kluge
- Replace shim-mokmanager-support-sha1.patch with
shim-mokmanager-support-sha-family.patch to support the SHA
- Add shim-mokmanager-support-sha1.patch to support SHA1 hashes in
- snapper rollback support (fate#317062)
- refresh shim-install
- Insert the right signature (bnc#867974)
- Add shim-fix-uninitialized-variable.patch to fix the use of
uninitialzed variables in lib
- Add shim-mokmanager-delete-bs-var-right.patch to delete the BS+NV
variables the right way
- Update shim-opensuse-cert-prompt.patch to delete openSUSE_Verify
- Add shim-fallback-avoid-duplicate-bootorder.patch to fix the
duplicate entries in BootOrder
- Add shim-allow-fallback-use-system-loadimage.patch to handle the
shim protocol properly to keep only one protocol entity
- Refresh shim-opensuse-cert-prompt.patch
- shim-install: fix the $prefix to use grub2-mkrelpath for paths
on btrfs subvolume (bnc#866690).
- FATE#315002: Update shim-install to install shim.efi as the EFI
default bootloader when none exists in \EFI\boot.
- Update signature-sles.asc: shim signed by UEFI signing service,
based on code from "Thu Feb 20 11:57:01 UTC 2014"
- Add shim-opensuse-cert-prompt.patch to show the prompt to ask
whether the user trusts the openSUSE certificate or not
- allow package to carry multiple signatures
- check correct certificate is embedded
- always clean up generated files that embed certificates
(shim_cert.h shim.cer shim.crt) to make sure next build loop
rebuilds them properly
- Add shim-bnc863205-mokmanager-fix-hash-delete.patch to fix the
hash deletion operation to avoid ruining the whole list
- Update shim-mokx-support.patch to support the resetting of MOK
- Add shim-get-variable-check.patch to fix the variable checking
in get_variable_attr
- Add shim-fallback-improve-entries-creation.patch to improve the
boot entry pathes and avoid generating the boot entries that
are already there
- Update SUSE certificate
- Update,,, and to remove the
creation of the temporary nss database
- Add shim-only-os-name.patch: remove the kernel version of the
build server
- Match the the prefix of the project name properly by escaping the
percent sign.
- enable signature assertion also in SUSE: hierarchy
- Add shim-mokmanager-handle-keystroke-error.patch to handle the
error status from ReadKeyStroke to avoid unexpected keys
- Update to 0.7
- Add upstream patches:
+ shim-fix-verify-mok.patch
+ shim-improve-error-messages.patch
+ shim-correct-user_insecure-usage.patch
+ shim-fix-dhcpv4-path-generation.patch
- Add shim-mokx-support.patch to support the MOK blacklist
- Drop upstreamed patches
+ shim-fix-pointer-casting.patch
+ shim-merge-lf-loader-code.patch
+ shim-fix-simple-file-selector.patch
+ shim-mokmanager-support-crypt-hash-method.patch
+ shim-bnc804631-fix-broken-bootpath.patch
+ shim-bnc798043-no-doulbe-separators.patch
+ shim-bnc807760-change-pxe-2nd-loader-name.patch
+ shim-bnc808106-correct-certcount.patch
+ shim-mokmanager-ui-revamp.patch
+ shim-netboot-fixes.patch
+ shim-mokmanager-disable-gfx-console.patch
- Drop shim-suse-build.patch: it's not necessary anymore
- Drop shim-bnc841426-silence-shim-protocols.patch: shim is not
verbose by default
- Update microsoft.asc: shim signed by UEFI signing service, based
on code from "Tue Oct 1 04:29:29 UTC 2013".
- Add shim-netboot-fixes.patch to include upstream netboot fixes
- Add shim-mokmanager-disable-gfx-console.patch to disable the
graphics console to avoid system hang on some machines
- Add shim-bnc841426-silence-shim-protocols.patch to silence the
shim protocols (bnc#841426)
- Create boot.csv in ESP for fallback.efi to restore the boot entry
- Update microsoft.asc: shim signed by UEFI signing service, based
on code from "Fri Sep 6 13:57:36 UTC 2013".
- Improve to work on current path.
- set timestamp of PE file to time of the binary the signature was
made for.
- make sure cert.o get's rebuilt for each target
- Update microsoft.asc: shim signed by UEFI signing service, based
on code from "Wed Aug 28 15:54:38 UTC 2013"
- always build a shim that embeds the distro's certificate (e.g.
shim-opensuse.efi). If the package is built in the devel project
additionally shim-devel.efi is created. That allows us to either
load grub2/kernel signed by the distro or signed by the devel
project, depending on use case. Also shim-$distro.efi from the
devel project can be used to request additional signatures.
- also include old openSUSE 4096 bit certificate to be able to still
boot kernels signed with that key.
- add show_signatures script
- replace the 4096 bit openSUSE UEFI CA certificate with new a
standard compliant 2048 bit one.
- fix shell syntax error
- don't include binary in the sources. Instead package the raw
signature and attach it during build (bnc#813448).
- Update shim-mokmanager-ui-revamp.patch to include fixes for
+ reboot the system after clearing MOK password
+ fetch more info from X509 name
+ check the suffix of the key file
- Update to 0.4
- Rebase patches
+ shim-suse-build.patch
+ shim-mokmanager-support-crypt-hash-method.patch
+ shim-bnc804631-fix-broken-bootpath.patch
+ shim-bnc798043-no-doulbe-separators.patch
+ shim-bnc807760-change-pxe-2nd-loader-name.patch
+ shim-bnc808106-correct-certcount.patch
+ shim-mokmanager-ui-revamp.patch
- Add patches
+ shim-merge-lf-loader-code.patch: merge the Linux Foundation
loader UI code
+ shim-fix-pointer-casting.patch: fix a casting issue and the
size of an empty vendor cert
+ shim-fix-simple-file-selector.patch: fix the buffer allocation
in the simple file selector
- Remove upstreamed patches
+ shim-support-mok-delete.patch
+ shim-reboot-after-changes.patch
+ shim-clear-queued-key.patch
+ shim-local-key-sign-mokmanager.patch
+ shim-get-2nd-stage-loader.patch
+ shim-fix-loadoptions.patch
- Remove unused patch: shim-mokmanager-new-pw-hash.patch and
- Install the vendor certificate to /etc/uefi/certs
- Add shim-mokmanager-ui-revamp.patch to update the MokManager UI
- Call update-bootloader in %post to update *.efi in \efi\opensuse
- Add shim-bnc807760-change-pxe-2nd-loader-name.patch to change the
PXE 2nd stage loader name (bnc#807760)
- Add shim-bnc808106-correct-certcount.patch to correct the
certificate count of the signature list (bnc#808106)
- Add shim-bnc798043-no-doulbe-separators.patch to remove double
seperators from the bootpath (bnc#798043#c4)
- sign shim also with openSUSE certificate
- identify project, export certificate as DER file
- don't create an unused extra keypair
- Add shim-bnc804631-fix-broken-bootpath.patch to fix the broken
bootpath generated in generate_path(). (bnc#804631)
- Update with shim signed by UEFI signing service, based on code
from "Thu Feb 7 06:56:19 UTC 2013".
- prepare for having a signed shim from the UEFI signing service
- Sign shim-opensuse.efi and MokManager.efi with the openSUSE cert
- Add shim-keep-unsigned-mokmanager.patch to keep the unsigned
MokManager and sign it later.
- Add shim-install utility
- Add Recommends to grub2-efi
- Add shim-mokmanager-support-crypt-hash-method.patch to support
password hash from /etc/shadow (FATE#314506)
- Embed openSUSE-UEFI-CA-Certificate.crt in shim
- Rename shim-unsigned.efi to shim-opensuse.efi.
- Update shim-mokmanager-new-pw-hash.patch to extend the password
hash format
- Rename shim.efi as shim-unsigned.efi
- Merge patches for FATE#314506
+ Add shim-support-mok-delete.patch to add support for deleting
specific keys
+ Add shim-mokmanager-new-pw-hash.patch to support the new
password hash.
- Drop shim-correct-mok-size.patch which is included in
- Merge shim-remove-debug-code.patch and
shim-local-sign-mokmanager.patch into
- Add shim-fix-loadoptions.patch to adopt the UEFI shell style
LoadOptions (bnc#798043)
- Drop shim-check-pk-kek.patch since upstream rejected the patch
due to violation of SPEC.
- Install EFI binaries to /usr/lib64/efi
- Update shim-reboot-after-changes.patch to avoid rebooting the
system after enrolling keys/hashes from the file system
- Add shim-correct-mok-size.patch to correct the size of MOK
- Add shim-clear-queued-key.patch to clear the queued key and show
the menu properly
- Remove shim-rpmlintrc, it wasn't fixing the error, hide error
stdout to prevent post build check to get triggered by cast
warnings in openSSL code
- Add shim-remove-debug-code.patch: remove debug code
- Add shim-rpmlintrc to filter 64bit portability errors
- Add shim-local-sign-mokmanager.patch to create a local certicate
to sign MokManager
- Add shim-get-2nd-stage-loader.patch to get the second stage
loader path from the load options
- Add shim-check-pk-kek.patch to verify EFI images with PK and KEK
- Add shim-reboot-after-changes.patch to reboot the system after
enrolling or erasing keys
- Install the EFI images to /usr/lib64/shim instead of the EFI
- Update the mail address of the author
- Add new package shim 0.2 (FATE#314484)
+ It's in fact git 2fd180a92 since there is no tag for 0.2

==== spamassassin ====
Subpackages: perl-Mail-SpamAssassin

- Don't call/require insserv if we use systemd

==== sssd ====
Subpackages: libnfsidmap-sss libsss_idmap0 libsss_nss_idmap0 libsss_simpleifp0
sssd-32bit sssd-krb5-common sssd-ldap

- Remove obsolete insserv call

==== strace ====
Version update (4.15 -> 4.16)

- Update to strace 4.16
* Improvements
* Implemented syscall return value injection (-e inject=SET:retval= option).
* Implemented signal injection (-e inject=SET:signal= option).
* Implemented decoding of SUID_DUMP_* constants in PR_[GS]ET_DUMPABLE.
* Implemented decoding of all SG_* ioctl commands.
* Implemented decoding of ustat syscall.
* Implemented decoding of BPF_OBJ_PIN, BPF_OBJ_GET, BPF_PROG_ATTACH,
and BPF_PROG_DETACH commands of bpf syscall.
* Enhanced decoding of sg_io_hdr and sg_io_v4 structures.
* Enhanced decoding of get_robust_list, getrandom, io_submit, set_robust_list
* Enhanced decoding of entities of kernel long type on x32 and mips n32 ABIs.
* Updated lists of IP_*, IPV6_*, and LOOP_* constants.
* Updated lists of ioctl commands from Linux 4.10.
* Added decoding of recently added syscalls on avr32, microblaze, ppc,
and ppc64.
* Bug fixes
* Fixed pathmatch of oldselect syscall on 64-bit architectures.
* Fixed decoding of mmap2 syscall on s390 when arguments are not available.
* Fixed decoding of kexec_file_load, mprotect, pkey_mprotect, prctl, preadv*,
and pwritev* syscalls on x32.
* Fixed printing of string arguments of getxattr and setxattr syscalls
when -s option is used to limit the printed string size.
* Fixed decoding of ifconf, ifreq, and loop_info structures on non-native
* Fixed decoding of SG_* and LOOP_* ioctl commands.
* Fixed build on mips with musl libc.
* Fixed cross-building of ioctlsort.
* Applied minor formatting fixes to the manual page.

==== systemd ====
Subpackages: libsystemd0 libsystemd0-32bit libudev-devel libudev1
libudev1-32bit systemd-32bit systemd-bash-completion systemd-logger
systemd-sysvinit udev

- Don't ship systemd-resolved for now (bsc#1024897)
If resolved is enabled , systemd-tmpfiles creates a wrong symlink in
/etc/resolv.conf which confuses the network manager actually used.
- More indentation cleanup (no functional changes)
- Remove obsolete insserv requirements for udev again [bsc#999841]
- Import commit cd97d5d5fef79ab9d957bf6504d085c0faca6bfc
e587b6ce0 disable RestrictAddressFamilies on all architectures but x86_64 one
c8ae05632 journald: don't flush to /var/log/journal before we get asked to
7261eaf3e sd-event: fix sd_event_source_get_priority() (#4712)
- Move fix for permission set on /var/lib/systemd/linger/* (no functional
Move that part after the fix on timer timestamp files otherwise the
comment doesn't make sense.
- Import commit 028fd9b60580976dffb09b3576a2b652ee35137c
cc2ca55ff build-sys: do not install symlink twice
ececae77a device: Avoid calling unit_free(NULL) in device setup logic (#4748)
- Ship systemd-resolved but it's disabled by default (bsc#1018387)
The NSS plugin will also be disabled, users need to enable it

==== tigervnc ====

- U_tigervnc-fix-inetd-not-working-with-xserver-1-19.patch
* Fixes inetd mode with x server 1.19 (bnc#1025759)

==== virglrenderer ====

- Address various security issues
* Fix null pointer dereference in vrend_clear (CVE-2017-5937 bsc#1024232)
* Fix host memory leak issue in virgl_resource_attach_backing (CVE-2016-10214
* Fix memory leak in int blit context (CVE-2017-5993 bsc#1025505)
* Fix heap overflow in vertex elements state create (CVE-2017-5994
* Fix a stack overflow in set framebuffer state (CVE-2017-5957 bsc#1024993)

==== wget ====
Version update (1.19 -> 1.19.1)

- Update to wget-1.19.1, mainly bug fixes
* Add support for --retry-on-http-error
* tests/ Add --no-config to wget invocation
* Fix regression in .netrc auth in src/http.c
* Fix memory leak in src/iri.c
* Remove skipping libunistring with --disable-iri
* bootstrap.conf: Add gnulib module wcwidth
* Fix include/define clash with gnulib's unlink module

==== wwwoffle ====
Version update (2.9i -> 2.9j)

- Add missing dependency to enable https support
- Version update to 2.9j to fix bsc#1026023
* Few crypto key length tweaks
* Various small compilation warning fixes
- Refresh patch wwwoffle-2.9e-implicit.patch

==== xorg-x11-server ====
Subpackages: xorg-x11-server-extra xorg-x11-server-sdk

- U_xfree86-Take-the-input-lock-for-xf86ScreenCheckHWCursor.patch
* Add the missing input_lock() around the call into the driver's
UseHWCursor() callback (bnc #1023845).
- U_xfree86-Take-the-input-lock-for-xf86TransparentCursor.patch
* The new input lock is missing for the xf86TransparentCursor() entry
point (bnc #1023845).

==== yast2-country ====
Version update (3.2.8 -> 3.2.9)
Subpackages: yast2-country-data

- fix keyboard layout widget initialization to old value
- 3.2.9

==== ypbind ====

- Some packaging cleanup:
* Use macro for configure and make install
* Build in parallel
* Drop no longer needed buildroot
* Run spec-cleaner

To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages