Mailinglist Archive: opensuse-factory (383 mails)

< Previous Next >
[opensuse-factory] New Tumbleweed snapshot 20180828 released!

Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.

Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20180828

Please do not reply to this email to report issues, rather file a bug
on bugzilla.opensuse.org. For more information on filing bugs please
see https://en.opensuse.org/openSUSE:Submitting_bug_reports

Packages changed:
GeoIP
NetworkManager (1.10.10 -> 1.12.2)
ca-certificates-mozilla (2.24 -> 2.26)
cryptsetup (2.0.1 -> 2.0.4)
curl
device-mapper (1.02.146 -> 1.02.149)
elfutils
file
firewalld
grep
installation-images-Kubic (14.379 -> 14.380)
jemalloc
libX11 (1.6.5 -> 1.6.6)
libcacard (2.5.3 -> 2.6.0)
libgnome-keyring
linux-glibc-devel (4.17 -> 4.18)
lsscsi (0.28 -> 0.30)
lvm2 (2.02.177 -> 2.02.180)
m4
mutter
nfsidmap
ovmf (2018+git1531464032.ae08ea246fe9 -> 2018+git1534736099.43fe4c405292)
pango (1.42.3 -> 1.42.4)
patterns-base
perl-Module-Signature (0.81 -> 0.82)
permissions (20180802 -> 20180827)
polkit
python-cryptography (2.3 -> 2.3.1)
python-setuptools (40.0.0 -> 40.1.0)
python-urllib3
qpdf (8.1.0 -> 8.2.1)
rdma-core
spice
spice-gtk
sudo (1.8.23 -> 1.8.24)
upower
util-linux (2.31.1 -> 2.32.1)
util-linux-systemd (2.31.1 -> 2.32.1)
vala (0.40.8 -> 0.40.9)
yast2-dns-server (4.1.0 -> 4.1.1)

=== Details ===

==== GeoIP ====
Subpackages: GeoIP-data libGeoIP1

- can't package database in /var/lib/GeoIP anymore as it breaks with
transactional updates (boo#1093352). Ideally one would put the
static version in /usr/share with the files in /var overriding
that. Since GeoIP is considered deprecated in favor of
libmaxminddb anyways, we'll just ship GeoIP-data as empty shell to
own the files for uninstall.

==== NetworkManager ====
Version update (1.10.10 -> 1.12.2)
Subpackages: NetworkManager-lang libnm0 typelib-1_0-NM-1_0

- Add NetworkManager-fix-compile-error.patch: Fix compile error due
to NM_AVAILABLE_IN_1_12_2 macro.
- Add NetworkManager-remove-assertion.patch: cli: remove assertion
in nmc_device_state_to_color() (bgo#796834).
- Update to version 1.12.2:
+ Fix missing symbols in libnm ABI for settings.
+ Fix a regression that disallowed activations of VPN connections
with a device specified.
+ Robustness fixes to connectivity checking.
- Changes from version 1.12.0:
+ Improved support for configuration checkpoint, including
support in libnm.
+ Added capability to set IP Tunnel configuration flags.
+ The systemd-resolved DNS plugins now supports MDNS.
+ Systemd-resolved and dnsmasq DNS plugins now honor the DNS
priority setting.
+ Wi-Fi devices now support FILS for speedier roaming support.
+ Drop dependency on libnl3 library.
+ Add support for "onlink" routes.
+ More robust connectivity checking.
+ Dropped the obsolete "ifnet" settings plugin,
+ Try harder to generate reasonable human-readable names for
devices even if the hwdb contains garbage.
+ Add an "overview" option to hide default values in nmcli,
resulting in more concise output.
+ Reworked the inner workings of D-Bus interface for better
resource efficiency.
+ Add support for configuring nmcli coloring via
terminal-colors.d(5).
+ Added experimental support for Meson build system.
+ Added initial IWD Wi-Fi daemon support.
+ A non-hexadecimal DHCPv4 client-id is now properly passed to
dhclient with the first byte (type) set to zero, as stated in
the documentation. This represents a change in behavior since
previous versions where the first character of the string was
used as type. The internal client is not affected by the
change.
+ DNS setting rc-manager=file now always follows dangling
symlinks instead of replacing /etc/resolv.conf with a plain
file.
+ Added wake_on_wlan connection setting to configure
wake-on-wireless-lan (WoWLAN).
+ The libnm-glib library, deprecated in favor of libnm since
NetworkManager 1.0, is now not built by default. While it can
still be enabled, the distributions should have a good plan for
removing it if they need to keep shipping it at this point.
+ Nmcli now scans for Wi-Fi networks before displaying them, if
the last scan was too long ago.
+ Added the ipv6.dhcp-duid property to allow configuring the
DHCPv6 DUID.
+ Extended ipv6.dhcp-client-id property to support DHCP client
identifers depending on the MAC address and the stable ID.
+ Set NM_DISPATCHER_ACTION environment variable in dispatcher
scripts.
- Rebase NetworkManager-1.10.6-netconfig.patch and
systemd-network-config.patch with quilt.
- Disable networkmanager-obs-net.patch and make check, needs
rebase.
- Pass with-libnm-glib to configure, deprecated libnm-glib support
is no long built by default, and since we can not remove this yet
due to Steam, we pass this option for now.

==== ca-certificates-mozilla ====
Version update (2.24 -> 2.26)

- updated to 2.26 state of the Mozilla NSS Certificate store. (bsc#1104780)
- removed server auth
- Certplus Root CA G1
- Certplus Root CA G2
- OpenTrust Root CA G1
- OpenTrust Root CA G2
- OpenTrust Root CA G3
- remove CA
- ComSign CA
- added new CA
- GlobalSign

==== cryptsetup ====
Version update (2.0.1 -> 2.0.4)
Subpackages: libcryptsetup12 libcryptsetup12-32bit

- New version 2.0.4
Changes since version 2.0.3
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Use the libblkid (blockid) library to detect foreign signatures
on a device before LUKS format and LUKS2 auto-recovery.
This change fixes an unexpected recovery using the secondary
LUKS2 header after a device was already overwritten with
another format (filesystem or LVM physical volume).
LUKS2 will not recreate a primary header if it detects a valid
foreign signature. In this situation, a user must always
use cryptsetup repair command for the recovery.
Note that libcryptsetup and utilities are now linked to libblkid
as a new dependence.
To compile code without blockid support (strongly discouraged),
use --disable-blkid configure switch.
* Add prompt for format and repair actions in cryptsetup and
integritysetup if foreign signatures are detected on the device
through the blockid library.
After the confirmation, all known signatures are then wiped as
part of the format or repair procedure.
* Print consistent verbose message about keyslot and token numbers.
For keyslot actions: Key slot <number> unlocked/created/removed.
For token actions: Token <number> created/removed.
* Print error, if a non-existent token is tried to be removed.
* Add support for LUKS2 token definition export and import.
The token command now can export/import customized token JSON file
directly from command line. See the man page for more details.
* Add support for new dm-integrity superblock version 2.
* Add an error message when nothing was read from a key file.
* Update cryptsetup man pages, including --type option usage.
* Add a snapshot of LUKS2 format specification to documentation
and accordingly fix supported secondary header offsets.
* Add bundled optimized Argon2 SSE (X86_64 platform) code.
If the bundled Argon2 code is used and the new configure switch
- -enable-internal-sse-argon2 option is present, and compiler flags
support required optimization, the code will try to use optimized
and faster variant.
Always use the shared library (--enable-libargon2) if possible.
This option was added because an enterprise distribution
rejected to support the shared Argon2 library and native support
in generic cryptographic libraries is not ready yet.
* Fix compilation with crypto backend for LibreSSL >= 2.7.0.
LibreSSL introduced OpenSSL 1.1.x API functions, so compatibility
wrapper must be commented out.
* Fix on-disk header size calculation for LUKS2 format if a specific
data alignment is requested. Until now, the code used default size
that could be wrong for converted devices.
Changes since version 2.0.2
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Expose interface to unbound LUKS2 keyslots.
Unbound LUKS2 keyslot allows storing a key material that is independent
of master volume key (it is not bound to encrypted data segment).
* New API extensions for unbound keyslots (LUKS2 only)
crypt_keyslot_get_key_size() and crypt_volume_key_get()
These functions allow to get key and key size for unbound keyslots.
* New enum value CRYPT_SLOT_UNBOUND for keyslot status (LUKS2 only).
* Add --unbound keyslot option to the cryptsetup luksAddKey command.
* Add crypt_get_active_integrity_failures() call to get integrity
failure count for dm-integrity devices.
* Add crypt_get_pbkdf_default() function to get per-type PBKDF default
setting.
* Add new flag to crypt_keyslot_add_by_key() to force update device
volume key. This call is mainly intended for a wrapped key change.
* Allow volume key store in a file with cryptsetup.
The --dump-master-key together with --master-key-file allows cryptsetup
to store the binary volume key to a file instead of standard output.
* Add support detached header for cryptsetup-reencrypt command.
* Fix VeraCrypt PIM handling - use proper iterations count formula
for PBKDF2-SHA512 and PBKDF2-Whirlpool used in system volumes.
* Fix cryptsetup tcryptDump for VeraCrypt PIM (support --veracrypt-pim).
* Add --with-default-luks-format configure time option.
(Option to override default LUKS format version.)
* Fix LUKS version conversion for detached (and trimmed) LUKS headers.
* Add luksConvertKey cryptsetup command that converts specific keyslot
from one PBKDF to another.
* Do not allow conversion to LUKS2 if LUKSMETA (external tool metadata)
header is detected.
* More cleanup and hardening of LUKS2 keyslot specific validation options.
Add more checks for cipher validity before writing metadata on-disk.
* Do not allow LUKS1 version downconversion if the header contains tokens.
* Add "paes" family ciphers (AES wrapped key scheme for mainframes)
to allowed ciphers.
Specific wrapped ley configuration logic must be done by 3rd party tool,
LUKS2 stores only keyslot material and allow activation of the device.
* Add support for --check-at-most-once option (kernel 4.17) to veritysetup.
This flag can be dangerous; if you can control underlying device
(you can change its content after it was verified) it will no longer
prevent reading tampered data and also it does not prevent silent
data corruptions that appear after the block was once read.
* Fix return code (EPERM instead of EINVAL) and retry count for bad
passphrase on non-tty input.
* Enable support for FEC decoding in veritysetup to check dm-verity devices
with additional Reed-Solomon code in userspace (verify command).
Changes since version 2.0.1
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Fix a regression in early detection of inactive keyslot for luksKillSlot.
It tried to ask for passphrase even for already erased keyslot.
* Fix a regression in loopaesOpen processing for keyfile on standard input.
Use of "-" argument was not working properly.
* Add LUKS2 specific options for cryptsetup-reencrypt.
Tokens and persistent flags are now transferred during reencryption;
change of PBKDF keyslot parameters is now supported and allows
to set precalculated values (no benchmarks).
* Do not allow LUKS2 --persistent and --test-passphrase cryptsetup flags
combination. Persistent flags are now stored only if the device was
successfully activated with the specified flags.
* Fix integritysetup format after recent Linux kernel changes that
requires to setup key for HMAC in all cases.
Previously integritysetup allowed HMAC with zero key that behaves
like a plain hash.
* Fix VeraCrypt PIM handling that modified internal iteration counts
even for subsequent activations. The PIM count is no longer printed
in debug log as it is sensitive information.
Also, the code now skips legacy TrueCrypt algorithms if a PIM
is specified (they cannot be used with PIM anyway).
* PBKDF values cannot be set (even with force parameters) below
hardcoded minimums. For PBKDF2 is it 1000 iterations, for Argon2
it is 4 iterations and 32 KiB of memory cost.
* Introduce new crypt_token_is_assigned() API function for reporting
the binding between token and keyslots.
* Allow crypt_token_json_set() API function to create internal token types.
Do not allow unknown fields in internal token objects.
* Print message in cryptsetup that about was aborted if a user did not
answer YES in a query.

==== curl ====
Subpackages: libcurl4

- Added curl-switch-off-all-styles.patch: Fix output of wrong escape sequences,
which might mess up the terminal (bsc#1105624)

==== device-mapper ====
Version update (1.02.146 -> 1.02.149)
Subpackages: libdevmapper-event1_03 libdevmapper1_03 libdevmapper1_03-32bit

- Update to LVM2.2.02.180
Never send any discard ioctl with test mode.
Fix thin-pool alloc which needs same PV for data and metadata.
Extend list of non-memlocked areas with newly linked libs.
Enhance vgcfgrestore to check for active LVs in restored VG.
lvconvert: provide possible layouts between linear and striped/raid
Fix unmonitoring of merging snapshots.
Add missing -l description in fsadm man page.
Cache can uses metadata format 2 with cleaner policy.
Avoid showing internal error in lvs output or pvmoved LVs.
Fix check if resized PV can also fit metadata area.
Reopen devices RDWR only before writing to avoid udev issues.
Change pvresize output confusing when no resize took place.
Fix lvmetad hanging on shutdown.
Fix mem leak in clvmd and more coverity issues.
Fix that pvmove does not work (bsc#1080299)
- Drop patches that have been merged upstream
- fate-323203_lvmlockd-add-lockopt-values-for-skipping-selected-lo.patch
- lvm2-69-dm-lvm-metad.rules-explicit-pvscan-rule.patch
- lvm2-69-dm-lvm-metad.rules-set-systemd-vars-on-chang.patch
- bug-1095960_dev_io-no-discard-in-testmode.patch
- Refresh patches
+ bsc1080299-detect-clvm-properly.patch
+ bug-950089_test-fix-lvm2-testsuite-build-error.patch
- Update spec files
Fix BuildRequires package name for modprobe (bsc#1102668)
Fix cmirrord LV creation/activation failure (bsc#1091863)
- Fix building error in OBS due to the script interpreter
+ tests-specify-python3-as-the-script-interpreter.patch

==== elfutils ====
Subpackages: elfutils-lang libasm1 libdw1 libebl-plugins libelf-devel libelf1

- Don't make elfutils recommend elfutils-lang as elfutils-lang
already supplements elfutils.
- Fix typo in the recommends name bsc#1104264

==== file ====
Subpackages: file-magic libmagic1

- add upstream signing key and verify source signature

==== firewalld ====
Subpackages: firewall-macros firewalld-lang python3-firewall

- Also switch firewall backend fallback to 'iptables' (bsc#1102761)
This ensures that existing configuration files will keep working
even if FirewallBackend option is missing.
* 0001-firewall-backend-Switch-default-backend-to-iptables.patch
- Update to 0.6.1. Some of the changes are:
* Correct source/destination in rich rule masquerade
* Only modify ifcfg files for permanent configuration changes
* Fix a backtrace when calling common_reverse_rule()
* man firewalld.conf: Show nftables is the default FirewallBackend
* firewall-config: fix some untranslated strings that caused a UI
bug causing rich rules to not be modify-able (bsc#1096542)
* fw_direct: avoid log for untracked passthrough queries
* fixed many issues if iptables is actually iptables-nft
* Use preferred location for AppData files
* ipXtables: fix ICMP block inversion with set-log-denied
* fixes ICMP block inversion with set-log-denied with
IndividualCalls=yes
* nftables: fix set-log-denied if target is not ACCEPT
* fw_direct: strip _direct chain suffix if using nftables
* NetworkManager integration bugfixes.
- Switch back to 'iptables' backend as default (bsc#1102761)
- Update to 0.6.0. Some of the changes are:
* update translations
* firewall-config: Add ipv6-icmp to the protocol dropdown box (#348,
bsc#1099698)
* core: logger: Remove world-readable bit from logfile (#349, bsc#1098986)
* IPv6 rpfilter: explicitly allow neighbor solicitation
* nftables backend (default)
* Added loads of new services
* firewall-cmd: add --check-config option
* firewall-offline-cmd: add --check-config option
* firewallctl: completely remove all code and references
* dbus: expose FirewallBackend
* dbus: fix erroneous fallback for AutomaticHelpers
- Remove patches which have made it upstream
* firewalld-add-additional-services.patch
- spec-cleaner fixes
- Update to 0.5.3 (bsc#1093120)
* tests/regression: add test for ipset with timeout
* ipset: allow adding entries to ipsets with timeout
* translations: update
* helpers: load helper module explicitly if no port given
* helpers: nf_conntrack_proto-* helpers needs name cropped
* config/Makefile: correct name of proto-gre helper
* tests/regression: test helper nf_conntrack_proto_gre (#263)
* functions: get_nf_nat_helpers() should look in other directories too
* functions: Allow nf_conntrack_proto_* helpers
* services: Add GRE
* helpers: Add proto-gre
* tests/regression: add test to verify ICMP block in forward chain
* ipXtables: fix ICMP block not being present in FORWARD chain
- Translations update (bsc#1081623).
- Backport upstream patches to add additional services (bsc#1082033)
* firewalld-add-additional-services.patch
- Update to 0.5.2
* fix rule deduplication causing accidental removal of rules
* log failure to parse direct rules xml as an error
* firewall-config: Break infinite loop when firewalld is not running
* fix set-log-denied not taking effect
* po: update translations
- Remove high-availability service. SUSE HA uses the cluster service
provided by the yast2-cluster package (bsc#1078223)
- Update to 0.5.1
* ipXtables: fix iptables-restore wait option detection
* python3: use "foo in dict" not dict.has_key(foo)
* Fix potential python3 keys() incompatibility in watcher
* Fixed python3 compatibility
* ebtables: fix missing default value to set_rule()
* fw_zone: fix invalid reference to __icmp_block_inversion
* zones: Correct and defer check_name for combined zones
- Update to 0.5.0
* firewallctl: mark deprecated (gh#firewalld/firewalld##261)
* Add nmea-0183 service
* Add sycthing-gui service
* Add syncthing service
* Adding FirewallD jenkins service (gh#firewalld/firewalld#256)
* services/high-availability: Add port 9929
* Fix and improve firewalld-sysctls.conf
* firewalld: also reload dbus config interface for global options
* Add MongoDB service definition
* src: firewall: Add support for SUSE ifcfg scripts
* Add UPnP client service
* firewalld: Allow specifying log file location
* firewalld/firewall-offline-cmd: Allow setting system config directories
- Drop obsolete patch
* 0001-suse-ifcfg-files.patch
- Drop tests installation
- Introduce new python3-firewall and firewall-macros subpackages.
The first one contains the firewalld python3 bindings and the second
one contains the RPM macros for firewalld.
- Replace dbus-1-python requires with dbus-1-python3: since
firewalld was migrated to python3, we also have to require the
python3 dependencies (boo#1070310).
- Add missing python3-gobject-Gdk dependency (boo#1069952)
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
- Make sure to use python3 everywhere (boo#1068778)
- Add combined upstream patch to support SUSE ifcfg network files.
* 0001-suse-ifcfg-files.patch (gh#firewalld/firewalld#262, fate#323460)
- Update to version 0.4.4.6
* firewall.core.fw_config: Fix check for icmp builtin name
* config.services: docker-swarm: fix incorrect attribute
* xmlschema/service.xsd: Fix protocol looking for name instead of value
* Add docker swarm service (gh#firewalld/firewalld#230)
* Adding FirewallD redis service (gh#firewalld/firewalld#248)
* Adding firewalld zabbix server and agent services
(gh#firewalld/firewalld#221)
* firewall-offline-cmd: Don't require root for help output
* doc: firewall-cmd: Document --query-* options return codes
* firewall-cmd: Use colors only if output is a TTY
* core: Log unsupported ICMP types as informational only
* add bgp service to predefined services edit to config/Makefile.am
* Add git service
* Add kprop service
* minidlna definitions (gh#firewalld/firewalld#236)
* SpiderOak ONE listens on port 21327 and 21328
* autogen.sh: Allow skipping configure via NOCONFIGURE env var
* Add missing ports to RH-Satellite-6 service
* Reload nf_conntrack sysctls after the module is loaded
* Add NFSv3 service.
* config/Makefile.am: Add murmur service (a95eed1)
* add new service IRC
* firewall.core.prog: Simplify runProg output: Combine stderr and stdout
* firewall.core.fw: Fix possible dict size change in for loop
* firewall.core.fw: Use new firewalld git repo in firewalld organization
* config/firewall-config.appdata.xml.in: Use new firewalld git repo in
firewalld organization
* firewall.core.fw_zone: Rich-rule ICMP type: Error only for conflicting
family
* firewall.core.rich: Add checks for Rich_Source validation
* Handle also IPv6 with the zone masquerade flag
* Add IPv6 support for forward-ports in zones
* firewall.command: Enable parse_forward_port to work with IPv6 adresses
* firewall.core.fw_zone: Fix IPv6 address in rich rule forward ports
* add Murmur (Mumble server) service
- spec file fixes to avoid rpmlint warnings about duplicate files.
- Switch to python3
- Run spec cleaner
- Move autogen to build section
- Add systemd requirements
- Update to version 0.4.4.5
* firewall-offline-cmd: Fix --remove-service-from-zone option (rh#1438127)
* Support sctp and dccp in ports, source-ports, forward-ports, helpers and
rich rules
* firewall-cmd: Fix --{set,get}-{short,description} for zone
* firewall.core.ipXtables: Use new wait option for restore commands if
available
* Adding ovirt-vmconsole service file
* Adding oVirt storage-console service.
* Adding ctdb service file.
* Adding service file for nrpe.
* Rename extension for policy choices (server and desktop) to .policy.choice
(rh#1449754)
* D-Bus interfaces: Fix GetAll for interfaces without properties (rh#1452017)
* firewall.core.fw_config: Fix wrong variable use in repr output
* firewall.core.fw_icmptype: Add missing import for copy
* firewall.core.fw_test: Fix wrong format string in repr
* firewall.core.io.zone: Fix getattr use on super(Zone)
* firewall.functions: New function get_nf_nat_helpers
* firewall.core.fw: Get NAT helpers and store them internally.
* firewall.core.fw_zone: Load NAT helpers with conntrack helpers
* firewalld.dbus: Add missing properties nf_conntrach_helper_setting and
nf_conntrack_helpers
* firewall.server.firewalld: New property for NAT helpers supported by the
kernel
- Update to version 0.4.4.4
* Drop references to fedorahosted.org from spec file and Makefile.am
* firewall-config: Show invalid ipset type in the ipset dialog in the bad
label
* firewall.core.fw: Show icmptypes and ipsets with type errors in permanent
env
* firewall.server.firewalld: Provide information about the supported icmp
types
* firewall.core.fw_icmptype: Add ICMP type only if the type is supported
* firewall.core.fw: New attributes ip{4,6}tables_supported_icmp_types
* firewall.core.ipXtables: New method supported_icmp_types
* firewall-config: Deactivate edit buttons if there are no items
* firewall.core.io.zone: Fix permanent rich rules using icmp-type (rh#1434594)
* firewall.core.fw_ipset: get_ipset may not ckeck if set is applied by default
* firewall.core.fw_transaction: Use LastUpdatedOrderedDict for zone
transactions
- Remove upstream patch:
* 0001-firewall.core.fw_ipset-get_ipset-may-not-ckeck-if-se.patch
- Update to version 0.4.4.3
* New service freeipa-trust (rh#1411650)
* Complete icmp types for IPv4 and IPv6
* New h323 helper container
* Support helper container: h323
* firewall.server.decorators: ALREADY_ errors should be logged as warnings
* firewall.command: ALREADY_SET should also result in zero exit code
* tests/firewall-offline-cmd_test.sh: Only use firewall-offline-cmd
* Support more ipset types: hash:ip,port, hash:ip,port,ip, hash:ip,port,net,
hash:ip,mark, hash:net,net, hash:net,port, hash:net,port,net, hash:net,iface
* New checks for ipset entry validation
* Use ipset dimension for match
* firewall.core.base: New ZONE_SOURCE_IPSET_TYPES list
* New firewall.core.icmp providing names and types for icmp and icmpv6 values
* firewall.core.fw_ipset: New methods to get ipset dimension and applied state
* firewall.errors: New error NOT_APPLIED
* firewall-cmd man page: Add missing --get-ipset-types
* firewall.core.fw_nm: No trace back on failed get_connection call
(rh#1413345)
* firewall.core.prog: Fix addition of the error output in runProg
* Speed up ipset handling, (re)loading and import from file
* Support --family option for --new-ipset
* Handle FirewallError for query sequences in command line tools
* Fail to alter entries of ipsets with timeout
* Extended tests for ipset options
* Return empty list for ipsets using timeouts
* firewall.functions: Fix checks in checkIPnMask and checkIP6nMask
(gh#t-woerner/firewalld#186)
* firewalld.conf man page: New section about AutomaticHelpers
* firewall-offline-cmd man page: Added -v and -q options, fixed section ids
* firewall{-cmd, ctl}: Fix scope of final return in try_set_zone_of_interface
* firewall.core.fw_zone: Limit masquerading forward rule to new connections
* firewall-config: Update active zones on reloaded signal
* firewall-applet: Update active zones and tooltip on reloaded signal
* firewall.core.fw_zone: Fix missing chain for helper in rich rules using
service (rh#1416578)
* Support icmp-type usage in rich rules (rh#1409544)
* firewall[-offline]-cmd: Fix --{set,get}-{short,description} for ipset and
helper (rh#1416325)
* firewall.core.ipset: Solve ipset creation issues with -exist and more flag
tests
* Speed up start and restart for ipsets with lots of entries (rh#1416817)
* Speed up of ipset alteration by adding and removing entries using a file
(rh#1416817)
* Code cleanup and minor bug fixes
* firewall.core.prog: Fix addition of the error output in runProg
* New services mssql, kibana, elasticsearch, quassel, bitcoin-rpc,
bitcoin-testnet-rpc, bitcoin-testnet, bitcoin and spideroak-lansync
* Translation updates
- Add upstream patch to fix ipset overloading from /etc/firewalld/ipsets
(gh#t-woerner/firewalld#206)
* 0001-firewall.core.fw_ipset-get_ipset-may-not-ckeck-if-se.patch
- Update to version 0.4.4.2
* firewalld.spec: Added helpers and ipsets paths to firewalld-filesystem
* firewall.core.fw_nm: create NMClient lazily
* Do not use hard-coded path for modinfo, use autofoo to detect it
* firewall.core.io.ifcfg: Dropped invalid option warning with bad format
string
* firewall.core.io.ifcfg: Properly handle quoted ifcfg values
* firewall.core.fw_zone: Do not reset ZONE with ifdown
* Updated translations from zanata
* firewall-config: Extra grid at bottom to visualize firewalld settings
- Update to version 0.4.4.1
* Translation updates form zanata
* firewallctl: New support for helpers
* firewallctl: Use sys.excepthook to force exception_handler usage always
* firewall-config: Use proper source check in sourceDialog
- Update to version 0.4.4
* firewall-applet: Use PyQt5
* firewall-config: New nf_conntrack_select dialog, use nf_conntrack_helpers
D-Bus property
* New helpers Q.931 and RAS from nf_conntrack_h323
* firewall.core.fw_zone: Add zone bingings for PREROUTING in the raw table
* firewall.core.ipXtables: Add PREROUTING default rules for zones in raw
table
* New helper configuration files for amanda, ftp, irc, netbios-ns, pptp,
sane, sip, snmp and tftp
* firewall-cmd: Fixed --{get,set}-{description,short} for permanent zones
* firewall.command: Do not use error code 254 for {ALREADY,NOT}_ENABLED
sequences
* Misc bug fixes.
* For the complete list of changes please see:
https://github.com/t-woerner/firewalld/releases/tag/v0.4.4
- Relax permissions for default installation files. The files in
/usr/lib/firewalld are the default ones as shipped by the package and
there is nothing secret in them.
- Update to version 0.4.3.3
* Fixes CVE-2016-5410 (bsc#992772)
* Standard error is now used for errors and warnings
* Several fixes for use in change roots
* Systemd service file changes
* Fixed translations in firewall-config
* Command line clients
* Fixes infinite event handling loop in firewall-{config,applet} (bsc#992082)
- Update to version 0.4.3.2
* Fix regression with unavailable optional commands
* All missing backend messages should be warnings
* Individual calls for missing restore commands
* Only one authenticate call for add and remove options and also
sequences
* New service RH-Satellite-6
- Update to version 0.4.3.1
* firewall.command: Fix python3 DBusException message not interable error
* src/Makefile.am: Fix path in firewall-[offline-]cmd_test.sh while installing
* firewallctl: Do not trace back on list command without further arguments
* firewallctl (man1): Added remaining sections zone, service, ..
* firewallctl: Added runtime-to-permanent, interface and source parser,
IndividualCalls setting
* firewall.server.config: Allow to set IndividualCalls property in config
interface
* Fix missing icmp rules for some zones
* runProg: Fix issue with running programs
* firewall-offline-cmd: Fix issues with missing system-config-firewall
* firewall.core.ipXtables: Split up source and dest addresses for transaction
* firewall.server.config: Log error in case of loading malformed files in
watcher
* Install and package the firewallctl man page
* Translation updates
- Update to version 0.4.3
* New firewallctl utility (rh#1147959)
* doc.xml.seealso: Show firewalld.dbus in See Also sections
* firewall.core.fw_config: Create backup on zone, service, ipset and icmptype
removal (rh#1339251)
* {zone,service,ipset,icmptype}_writer: Do not fail on failed backup
* firewall-[offline-]cmd: Fix --new-X-from-file options for files in cwd
* firewall-cmd: Dropped duplicate setType call in --new-ipset
* radius service: Support also tcp ports (RBZ#1219717)
* xmlschemas: Support source-port, protocol, icmp-block-inversion and ipset
sources
* config.xmlschema.service.xsd: Fix service destination conflicts (rh#1296573)
* firewall-cmd, firewalld man: Information about new NetworkManager and ifcfg
* firewall.command: Only print summary and description in print_X_info with
verbose
* firewall.command: print_msg should be able to print empty lines
* firewall-config: No processing of runtime passthroughs signals in permanent
* Landspace.io fixes and pylint calm downs
* firewall.core.io.zone: Add zone_reader and zone_writer to all, pylint fixes
* firewall-config: Fixed titles of command and context dialogs, also entry
lenths
* firewall-config: pylint calm downs
* firewall.core.fw_zone: Fix use of MAC source in rich rules without ipv limit
* firewall-config: Use self.active_zoens in conf_zone_added_cb
* firewall.command: New parse_port, extended parse methods with more checks
* firewall.command: Fixed parse_port to use the separator in the split call
* firewall.command: New [de]activate_exception_handler, raise error in parse_X
* services ha: Allow corosync-qnetd port
* firewall-applet: Support for kde5-nm-connection-editor
* tests/firewall-offline-cmd_test.sh: New tests for service and icmptype
modifications
* firewall-offline-cmd: Use FirewallCommand for simplification and sequence
options
* tests/firewall-cmd_test.sh: New tests for service and icmptype modifications
* firewall-cmd: Fixed set, remove and query destination options for services
* firewall.core.io.service: Source ports have not been checked in
_check_config
* firewall.core.fw_zone: Method check_source_port is not used, removed
* firewall.core.base: Added default to ZONE_TARGETS
* firewall.client: Allow to remove ipv:address pair for service destinations
* tests/firewall-offline-cmd_test.sh: There is no timeout option in permanent
* firewall-cmd: Landscape.io fixes, pylint calm downs
* firewall-cmd: Use FirewallCommand for simplification and sequence options
* firewall.command: New FirewallCommand for command line client simplification
* New services: kshell, rsh, ganglia-master, ganglia-client
* firewalld: Cleanup of unused imports, do not translate some deamon messages
* firewalld: With fd close interation in runProg, it is not needed here
anymore
* firewall.core.prog: Add fd close iteration to runProg
* firewall.core.fw_nm: Hide NM typelib import, new nm_get_dbus_interface
function
* firewalld.spec: Require NetworkManager-libnm instead of NetworkManager-glib
* firewall-config: New add/remove ipset entries from file, remove all entries
* firewall-applet: Fix tooltip after applet start with connection to firewalld
* firewall-config: Select new zone, service or icmptype if the view was empty
* firewalld.spec: Added build requires for iptables, ebtables and ipset
* Adding nf_conntrack_sip module to the service SIP
* firewall: core: fw_ifcfg: Quickly return if ifcfg directory does not exist
* Drop unneeded python shebangs
* Translation updates
- Remove obsolete patches:
* 0001-src-firewall-core-Drop-unneeded-python-shebangs.patch
* 0002-firewall-core-fw_ifcfg-Quickly-return-if-ifcfg-direc.patch
* 0003-firewall.core.fw_nm-Hide-NM-typelib-import-new-nm_ge.patch
- Add missing %{?_smp_mflags} during install. This will speed up
the installation phase as well as expose build system's problems
due to higher level of parallelism.
- Run make during %build to ensure missing documentation is generated.
- spec file cleanups.
- Add upstream patch to prevent unconditional dependencies to the
NetworkManager typelib (gh#t-woerner/firewalld#119)
* 0003-firewall.core.fw_nm-Hide-NM-typelib-import-new-nm_ge.patch
- Update to version 0.4.2
* New module to search for and change ifcfg files for interfaces
not under control of NM
* firewall_config: Enhanced messages in status bar
* firewall-config: New message window as overlay if not connected
* firewall-config: Fix sentivity of option, view menus and main
paned if not connected
* firewall-applet: Quit on SIGINT (Ctrl-C), reduced D-Bus calls,
some cleanup
* firewall-[offline]cmd: Show target in zone information
* D-Bus: Completed masquerade methods in FirewallClientZoneSettings
* Fixed log-denied rules for icmp-blocks
* Keep sorting of interfaces, services, icmp-blocks and other
settings in zones
* Fixed runtime-to-permanent not to save interfaces under control
of NM
* New icmp-block-inversion flag in the zones
* ICMP type filtering in the zones
* New services: sip, sips, managesieve
* rich rules: Allow destination action (rh#1163428)
* firewall-offline-cmd: New option -q/--quiet
* firewall-[offline-]cmd: New --add-[zone,service,ipset,icmptype]-from-file
* firewall-[offline-]cmd: Fix option for setting the destination
address
* firewall-config: Fixed resizing behaviour
* New transaction model for speed ups in start, restart, stop and
other actions
* firewall-cmd: New options --load{zone,service,ipset,icmptype}-defaults
* Fixed memory leak in dbus_introspection_add_properties
* Landscape.io fixes, pylint calm downs
* New D-Bus getXnames methods to speed up firewall-config and firewall-cmd
* ebtables-restore: No support for COMMIT command
* Source port support in services, zones and rich rules
* firewall-offline-cmd: Added --{add,remove}-entries-from-file for ipsets
* firewall-config: New active bindings side bar for simple binding changes
* Reworked NetworkManager module
* Proper default zone handling for NM connections
* Try to set zone binding with NM if interface is under control of NM
* Code cleanup and bug fixes
* Include test suite in the release and install in /usr/share/firewalld/tests
* New Travis-CI configuration file
* Fixed more broken frensh translations
* Translation updates
- Add upstream patches
* 0001-src-firewall-core-Drop-unneeded-python-shebangs.patch: Removes
unneeded python shebangs
* 0002-firewall-core-fw_ifcfg-Quickly-return-if-ifcfg-direc.patch: Do
not try to access the network-scripts ifcfg directory.
- Drop rejected patch
* drop-standard-output-error-systemd.patch
- Minor spec file clean-up
- Avoid runtime dependency on systemd, the macros can all deal with
its absence.
- Suggest the susefirewall2-to-firewalld package which could assist
in migrating the SuSEFirewall2 iptables rules to FirewallD.
- Update to version 0.4.1.2
* Install fw_nm module
* firewalld: Do not fail if log file could not be opened
* Make ipsets visible per default in firewall-config
* Fixed translations with python3
[changes in 0.4.1.1]
* Fix for broken frensh translation
[changes in 0.4.1]
* Enhancements of ipset handling
* No cleanup of ipsets using timeouts while reloading
* Only destroy conflicting ipsets
* Only use ipset types supported by the system
* Add and remove several ipset entries in one call using a file
* Reduce time frame where builtin chains are on policy DROP while reloading
* Include descriptions in --info-X calls
* Command line interface support to get and alter descriptions of zones,
* services, ipsets and icmptypes with permanent option
* Properly watch changes in combined zones
* Fix logging in rich rule forward rules
* Transformed direct.passthrough errors into warnings
* Rework of import structures
* Reduced calls to get ids for port and protocol names (rh#1305434)
* Build and installation fixes by Markos Chandras
* Provide D-Bus properties in introspection data
* Fix for flaws found by landscape.io
* Fix for repeated SUGHUP
* New NetworkManager module to get and set zones of connections, used in
firewall-applet and firewall-config
* configure: Autodetect backend tools ({ip,ip6,eb}tables{,-restore}, ipset)
* Code cleanups
* Bug fixes
- Fix drop-standard-output-error-systemd.patch tagging
- Add libxslt-tools build dependency
- Do not recommend a specific version for the lang subpackage
- Move translations to a new subpackage
- Set DISABLE_RESTART_ON_UPDATE to 'yes' instead of '1'. The macros in
/etc/rpm/macros.systemd only check for the 'yes' value so fix it to
properly prevent the firewalld service from being restarted during
updates.
- Drop typelib(NetworkManager), NetworkManager-glib, gtk3
and libnotify dependencies (see OBS SR#360792)
- firewall-config needs typelib(NetworkManager) to run
- Initial commit. Version 0.4.0
* drop-standard-output-error-systemd.patch (gh#t-woerner/firewalld/pull/67)

==== grep ====
Subpackages: grep-lang

- remove-backref-alt-test.patch: Remove backref-alt test which fails or
not depending on glibc version

==== installation-images-Kubic ====
Version update (14.379 -> 14.380)

- Fix rpi file list
- hdimage: Use at least FAT16
- 14.380
- merge gh#openSUSE/installation-images#258
- add raspberry pi firmware files

==== jemalloc ====

- Disable profiling on armv7 until boo#1105633 get fixed

==== libX11 ====
Version update (1.6.5 -> 1.6.6)
Subpackages: libX11-6 libX11-6-32bit libX11-data libX11-devel libX11-xcb1

- Format spec with spec-cleaner
- Use %autopatch to not bother with one-by-one patch application
- Remove autoreconf as we no longer patch any of the buildsystem
- Explicitly disable silent rules during configuration
- Update to version 1.6.6:
+ Make Xkb{Get,Set}NamedIndicator spec & manpages match code
+ Clarify state parameter to XkbSetNamedDeviceIndicator
+ Improve table formatting in XkbChangeControls & XkbKeyNumGroups man pages
+ If XGetImage fails to create image, don't dereference it to bounds check
+ Use size_t for buffer sizes in SetHints.c
+ Change fall through comment in lcDB.c to match gcc's requirements
+ _XDefaultError: set XlibDisplayIOError flag before calling exit
+ Fix possible memory leak in cmsProp.c:140
+ Don't rebuild ks_tables.h if nothing changed.
+ Remove statement with no effect.
+ Use flexible array member instead of fake size.
+ Valgrind fix for XStoreColor and XStoreColors.
+ XkbOpenDisplay.3: fix typo
+ Validation of server response in XListHosts.
+ Fixed off-by-one writes (CVE-2018-14599).
+ Fixed out of boundary write (CVE-2018-14600).
+ Fixed crash on invalid reply (CVE-2018-14598).
+ fix shadow warning
+ _XIOError(dpy); will never return so remore dead
+ remove argument check for free() adjust one inden
+ fix shadow char_size
+ fix more shadow warning
+ no need to check argument for _XkbFree()
+ remove stray extern
+ no need to check args for Xfree()
+ fix memleak in error path
+ fix memleak in error path
+ no need to check XFree arguments
+ mark _XDefaultIOError as no_return
+ Fixes: warning: variable 'req' set but not,used
+ add _X_UNUSED to avoid unused variable warnings
+ remove empty line
+ silence gcc warning assignment discards 'const' qualifier from pointer
target type
- Packaging changes:
+ Remove upstreamed u_Use-flexible-array-member-instead-of-fake-size.patch
+ Remove upstreamed u_off-by-one-write-in-XListExtensions.patch
+ Remove upstreamed u_out-of-boundary-write-in-XListExtensions.patch
+ Remove upstreamed u_crash-on-invalid-reply-in-XListExtensions.patch
- u_off-by-one-write-in-XListExtensions.patch
* fixes off-by-one write in XListExtensions (bsc#1102062, CVE-2018-14599)
- u_out-of-boundary-write-in-XListExtensions.patch
* fixes out of boundary write in XListExtensions (bsc#1102068, CVE-2018-14600)
- u_crash-on-invalid-reply-in-XListExtensions.patch
* crash on invalid reply in XListExtensions (bsc#1102073, CVE-2018-14598)

==== libcacard ====
Version update (2.5.3 -> 2.6.0)

- Update to v2.6.0
* provides implementation of GSC-IS 2.1 (aka CAC version 2) to improve
interoperability with guest software using the emulated or shared
smart cards. The previously implemented CACv1 specification is no
longer supported by any other application so the old code is gone
and any application depending on this old standard will not work
anymore.
* vscclient is no longer installed, as it is not an end-user supported
solution
* various bug & leak fixes

==== libgnome-keyring ====
Subpackages: libgnome-keyring-lang libgnome-keyring0
typelib-1_0-GnomeKeyring-1_0

- Drop vala BuildRequires: No longer build vala bindings.

==== linux-glibc-devel ====
Version update (4.17 -> 4.18)

- Update to kernel headers 4.18

==== lsscsi ====
Version update (0.28 -> 0.30)

- Update to version 0.30:
* add support for NVMe devices and controllers
- to build without: ./configure --disable-nvme-supp
- deselect at runtime: lsscsi --no-nvme
- deselect SCSI devices at runtime: lsscsi N
* add --brief for tuple + device_name(s) only
* add --pdt (-D) for device type in hex
* extend --size (-s) so when given three times
the size as a logical block count is output
* add --sz-lbs (-S) that is equivalent to '-sss'
when used twice adds comma then logical block size
* '-w' now decodes 128 bit WWN without truncation
* /dev/disk/by-id/wwn- is not guaranteed to be
persistent (or stable); instead use
/dev/disk/by-id/scsi-
* '-t' on a FC host was not printing the comma
separator resulting in garbled output, fix
- Small spec file modernisation with spec-cleaner
- Restore removed parts of changelog
- Lookup WWN using /dev/disk/by-id/scsi-* (bsc#1008935)
- fixup display of 'lsscsi -t' (bsc#1047884)
- Update to new upstream release 0.29 (bsc#977572)
- '-u' now decodes locally assigned UUIDs (spc5r08)
- as last try use T10 Vendor ID for lu name
- if no lu name found, print 'none'
- change '-uuu' to output the full lu name followed
by the normal fields (which were skipped before)
- add 'U' option, same action as '-uuu'
- '-UU' prefixes lu names with 'eui.', 'naa.', etc
- if '-s' given twice, lu size is base 2 related
- if very long [h:c:t:l] then append space
- print_enclosure_device() for FCP may be useless,
comment out while checking ...
- with '-t' print 0x0000000000000000 for non-SAS
device in SAS domain
- autogen.sh: upgrade to 20091223 version
- automake: upgrade to 1.15 (ubuntu 16.04)
* Delete lsscsi-0.27.tar.xz
* Add lsscsi-0.29.tar.xz
- Update to new upstream release 0.28
- fix handling of scsi_level 0 (no compliance)
- add SRP transport identifier
- add --unit option for LU identifier (>= lk 3.15)
- add (S)ATA transport identifier (>= lk 3.15)
- make USB transport ids more consistent
- fix FC transport id missing comma
- add pdt strings for security manager and zbc
- upgrade automake to version 1.14.1
- Remove patches merged with upstream
* Delete lsscsi-fixup-fc-transport-id.patch
* Delete lsscsi-usb.diff
* Delete lsscsi-fix-classic-output

==== lvm2 ====
Version update (2.02.177 -> 2.02.180)
Subpackages: liblvm2app2_2 liblvm2cmd2_02

- Update to LVM2.2.02.180
Never send any discard ioctl with test mode.
Fix thin-pool alloc which needs same PV for data and metadata.
Extend list of non-memlocked areas with newly linked libs.
Enhance vgcfgrestore to check for active LVs in restored VG.
lvconvert: provide possible layouts between linear and striped/raid
Fix unmonitoring of merging snapshots.
Add missing -l description in fsadm man page.
Cache can uses metadata format 2 with cleaner policy.
Avoid showing internal error in lvs output or pvmoved LVs.
Fix check if resized PV can also fit metadata area.
Reopen devices RDWR only before writing to avoid udev issues.
Change pvresize output confusing when no resize took place.
Fix lvmetad hanging on shutdown.
Fix mem leak in clvmd and more coverity issues.
Fix that pvmove does not work (bsc#1080299)
- Drop patches that have been merged upstream
- fate-323203_lvmlockd-add-lockopt-values-for-skipping-selected-lo.patch
- lvm2-69-dm-lvm-metad.rules-explicit-pvscan-rule.patch
- lvm2-69-dm-lvm-metad.rules-set-systemd-vars-on-chang.patch
- bug-1095960_dev_io-no-discard-in-testmode.patch
- Refresh patches
+ bsc1080299-detect-clvm-properly.patch
+ bug-950089_test-fix-lvm2-testsuite-build-error.patch
- Update spec files
Fix BuildRequires package name for modprobe (bsc#1102668)
Fix cmirrord LV creation/activation failure (bsc#1091863)
- Fix building error in OBS due to the script interpreter
+ tests-specify-python3-as-the-script-interpreter.patch

==== m4 ====

- gnulib-libio.patch: adjust gnulib for libio.h removal
- Use %license for COPYING

==== mutter ====
Subpackages: libmutter-2-0 mutter-data mutter-lang

- Add mutter-left-right-rotation-fix.patch to fix blank screen
when rotating it left/right (boo#1105268,
glgo#gnome/mutter#216); patch taken from upstream bug report.

==== nfsidmap ====

- 0002-nss_gss_princ_to_ids-and-nss_gss_princ_to_grouplist-.patch
upstream patch to fix small bug (bsc#1098217)

==== ovmf ====
Version update (2018+git1531464032.ae08ea246fe9 ->
2018+git1534736099.43fe4c405292)
Subpackages: qemu-ovmf-x86_64

- Update to 2018+git1534736099.43fe4c405292
+ BaseTools: AutoGen refactor ModuleAutoGen caching
+ OvmfPkg: link Sha384 and Sha512 support into Tcg2Pei and Tcg2Dxe
+ MdePkg/UefiLib: introduce EfiOpenFileByDevicePath()
+ BaseTools: Update the rule to remove .lib before link it for GCC
+ BaseTools: Add Dns and BluetoothLE DevicePath
+ MdeModulePkg SmmLockBox: Return actual data length in
SmmLockBoxRestore
+ UefiCpuPkg/RegisterCpuFeaturesLib: Combine implementation
+ UefiCpuPkg/CpuS3DataDxe: Remove below 4G limitation
+ UefiCpuPkg/CpuS3DataDxe: Change Memory Type and address
limitation
+ UefiCpuPkg/AcpiCpuData.h: Remove AcpiNVS and Below 4G limitation
+ UefiCpuPkg/PiSmmCpuDxeSmm: Use GDT/IDT saved in Smram
+ SecurityPkg/TcgStorageCoreLib.h: Use ascii instead of unicode
+ BaseTool: Fixed the bug of Boolean Hii Pcd packing
+ SecurityPkg: HashLib: Update HashLib file GUID
+ SecurityPkg/Library/Tpm2DeviceLibDTpm: fix s/Constructor/CONSTRUCTOR
+ OvmfPkg/PlatformDebugLibIoPort: fix port detection for use in
the DXE Core
+ NetworkPkg/HttpDxe: Strip square brackets in IPv6 expressed
HostName
+ MdeModulePkg/BdsDxe: Move display of test key usage into BDS
module
+ ArmPkg: Add initial OpteeLib implementation
+ SecurityPkg: HashLib: Add SHA384, SHA512 HashLib
+ MdeModulePkg/BdsDxe: Call PlatformBootManagerUnableToBoot()
+ MdeModulePkg/BdsDxe: Revert "fall back to UI loop before hanging"
+ ArmVirtPkg/PlatformBDS: Implement PlatformBootManagerUnableToBoot
+ OvmfPkg/PlatformBds: Implement PlatformBootManagerUnableToBoot
+ MdeModulePkg/PciBusDxe: Fix small memory leak in FreePciDevice
+ MdeModulePkg/DxeCore: Not update RtCode in MemAttrTable after
EndOfDxe
+ UefiCpuPkg/MpInitLib: Not use disabled AP when call StartAllAPs
+ UefiCpuPkg/MpInitLib: Remove redundant CpuStateFinished State
+ MdeModulePkg/DxeLoadFunc: Add use case for new Perf macro
+ SecurityPkg/Tcg: Add use case for new Perf macro
+ ArmVirtPkg: remove wrong and superfluous ResourcePublicationLib
resolution
+ OvmfPkg: Correct ResourcePublicationLib class name in DSC/INF
file
+ MdeModulePkg CapsuleApp: Do not parse bits in CapsuleFlags of
ESRT
+ MdeModulePkg, TpmMeasureLib: Variable: Re-prioritize TCG/TCG2
protocol
+ SecurityPkg: TcgSmm: Handle invalid parameter in MOR SMI handler
+ OvmfPkg/XenPvBlkDxe: remove gEfiDevicePathProtocolGuid from
[Protocols]
+ StandaloneMmPkg/Core: Implementation of Standalone MM Core Module
+ UefiCpuPkg/CpuDxe: fix incorrect check of SMM mode
+ UefiCpuPkg/MpInitLib: Optimize get processor number performance
+ OvmfPkg/AcpiPlatformDxe: clean up libs and protos in
"AcpiPlatformDxe.inf"
+ UefiCpuPkg/MpInitLib: Fix S3 resume hang issue
+ UefiCpuPkg/MpInitLib: Use BSP uCode for APs if possible
+ UefiCpuPkg/MpInitLib: Relocate uCode to memory to save time
+ Update BaseTools for the preparation of python3 adoption
- Refresh ovmf-pie.patch and ovmf-gdb-symbols.patch

==== pango ====
Version update (1.42.3 -> 1.42.4)
Subpackages: libpango-1_0-0 libpango-1_0-0-32bit typelib-1_0-Pango-1_0

- Update to version 1.42.4:
+ Prevent an assertion with invalid Unicode sequences.
+ Fix build failure in C89 mode.
+ Fix build failure on Mac OS X 10.5 and earlier.
- Drop pango-emoji-bsc1103877.patch: Fixed upstream.
- Add pango-emoji-bsc1103877.patch: Fix denial of service
when parsing emoji (bsc#1103877, CVE-2018-15120)

==== patterns-base ====
Subpackages: patterns-base-apparmor patterns-base-apparmor_opt
patterns-base-base patterns-base-basesystem patterns-base-console
patterns-base-enhanced_base patterns-base-enhanced_base_opt
patterns-base-minimal_base patterns-base-minimal_base_conflicts
patterns-base-sw_management patterns-base-transactional_base patterns-base-x11
patterns-base-x11_opt patterns-base-x86

- Drop recode from recommends as it was droped from distro
bsc#1104264
- Drop cryptconfig from suggest as it was removed from distro

==== perl-Module-Signature ====
Version update (0.81 -> 0.82)

- updated to 0.82
see /usr/share/doc/packages/perl-Module-Signature/Changes
[Changes for 0.82 - Sun Aug 26 23:00:04 CST 2018]
* Fix CRLF handling on Win32. (@niklasholm)
* Default to SHA256 on new hashes as SHA1 is deprecated. (@niklasholm)

==== permissions ====
Version update (20180802 -> 20180827)

- Update to version 20180827:
* setuid whitelisting: add firejail binary (bsc#1059013)
- Update to version 20180810:
* setuid whitelisting: add lxc-user-nic (bsc#988348)

==== polkit ====
Subpackages: libpolkit0 typelib-1_0-Polkit-1_0

- Add polkit-fix-possible-resource-leak.patch: Fix possible
resource leak found by static analyzer.
- Add polkit-fix-leaking-zombie-child-processes.patch: polkitd: fix
zombie not reaped when js spawned process timed out (fdo#106021).

==== python-cryptography ====
Version update (2.3 -> 2.3.1)
Subpackages: python2-cryptography python3-cryptography

- Update to 2.3.1:
* updated tests for upstream wycheproof changes
* many other tiny test tweaks

==== python-setuptools ====
Version update (40.0.0 -> 40.1.0)
Subpackages: python2-setuptools python3-setuptools

- Use noun phrase in summary.
- specfile:
* removed devel for noarch package
- update to version 40.1.0:
* #1410: Deprecated upload and register commands.
* #1312: Introduced find_namespace_packages() to find PEP 420
namespace packages.
* #1420: Added find_namespace: directive to config parser.
* #1418: Solved race in when creating egg cache directories.
* #1450: Upgraded vendored PyParsing from 2.1.10 to 2.2.0.
* #1451: Upgraded vendored appdirs from 1.4.0 to 1.4.3.
* #1388: Fixed "Microsoft Visual C++ Build Tools" link in exception
when Visual C++ not found.
* #1389: Added support for scripts which have unicode content.
* #1416: Moved several Python version checks over to using six.PY2
and six.PY3.
* #1441: Removed spurious executable permissions from files that
don't need them.

==== python-urllib3 ====

- Do not use ifpython2 for BRs where it does not work
- add python-ipaddress dependency for python 2.x

==== qpdf ====
Version update (8.1.0 -> 8.2.1)

- Update to version 8.2.1
Command-line Enchancements
* Add --keep-files-open=[yn] to override default determination
of whether to keep files open when merging.
- Update to version 8.2.0
Command-line Enhancements
* Add --no-warn option to suppress issuing warning messages.
If there are any conditions that would have caused warnings
to be issued, the exit status is still 3.
Bug fixesd and Optimizations
* Performance fix: optimize page merging operation to avoid
unnecessary open/close calls on files being merged. This
solves a dramatic slow-down that was observed when merging
certain types of files.
* Optimize how memory was used for the TIFF predictor,
drastically improving performance and memory usage for files
containing high-resolution images compressed with Flate
using the TIFF predictor.
* Bug fix: end of line characters were not properly handled
inside strings in some cases.
* Bug fix: using --progress on very small files could cause
an infinite loop.
API enhancements
* Add new class QPDFSystemError, derived from std::runtime_error,
which is now thrown by QUtil::throw_system_error. This enables
the triggering errno value to be retrieved.
* Add ClosedFileInputSource::stayOpen method, enabling a
ClosedFileInputSource to stay open during manually indicated
periods of high activity, thus reducing the overhead of
frequent open/close operations.

==== rdma-core ====
Subpackages: libibverbs libibverbs1 libmlx4-1 libmlx5-1 librdmacm1

- Add two patches for rxe_cfg
* suse-Add-recommends-for-rxe_cfg-requirements.patch
adds recommends for the relevant packages
* rxe-switch-to-iproute2-for-rxe_cfg.patch
switches to iproute2 commands

==== spice ====

- Fix potential heap corruption when demarshalling (CVE-2018-10873,
bsc#1104448)
Added patch:
bb15d481-Fix-flexible-array-buffer-overflow.patch

==== spice-gtk ====
Subpackages: libspice-client-glib-2_0-8 libspice-client-glib-helper
libspice-client-gtk-3_0-5 typelib-1_0-SpiceClientGlib-2_0
typelib-1_0-SpiceClientGtk-3_0

- Fix potential heap corruption when demarshalling (CVE-2018-10873,
bsc#1104448)
Added patch:
bb15d481-Fix-flexible-array-buffer-overflow.patch

==== sudo ====
Version update (1.8.23 -> 1.8.24)

- Update to 1.8.24
* random insults are now more random
* added SUDO_CONV_PREFER_TTY flag for conversation function to
tell sudo to try writing to /dev/tty first
* cvtsudoers can now parse base64-encoded attributes in LDIF
files

==== upower ====
Subpackages: libupower-glib3 typelib-1_0-UpowerGlib-1_0 upower-lang

- Add upower-remove-privatenetwork.patch: Remove
PrivateNetwork=true from upower.service. Upower needs to receive
device uevents via AF_NETLINK socket otherwise it can't detect
plug/unplug events.
See https://gitlab.freedesktop.org/upower/upower/issues/68

==== util-linux ====
Version update (2.31.1 -> 2.32.1)
Subpackages: libblkid-devel libblkid1 libblkid1-32bit libfdisk1 libmount1
libmount1-32bit libsmartcols1 libuuid-devel libuuid1 libuuid1-32bit
util-linux-lang

- Update to version 2.32.1:
* cal(1) has been improved and extended.
* libblkid has been extended to support LUKS2, Micron mpool, VDO
and Atari partition table.
* rfkill(8) has been moved to /usr/sbin.
* dmesg(1) provides better support for multi-line messages, new
command line option --force-prefix.
* fallocate(1) --dig-holes is faster and more effect now.
* fdisk(8) provides access to Protective MBR accessible from main
menu. Sun label support has been improved.
* lscpu(1) provides more details about ARM CPUs now
(FATE#326453).
* lsmem(1) supports memory zone awareness now (FATE#324252,
drop util-linux-lsmem-memory-zone-1.patch,
util-linux-lsmem-memory-zone-2.patch,
util-linux-lsmem-memory-zone-3.patch).
* lsns(8) provides netnsid and nsfs columns now.
* rtcwake(8) waits stdin to settle down before entering a system
sleep.
* Many fixes and improvements, see
https://www.kernel.org/pub/linux/utils/util-linux/v2.32/v2.32-ReleaseNotes
https://www.kernel.org/pub/linux/utils/util-linux/v2.32/v2.32.1-ReleaseNotes
(drop util_linux_bigendian.patch, util-linux-cramfs.patch,
util-linux-fincore-count.patch,
util-linux-sysfs-nvme-devno.patch, util-linux-lscpu-loop.patch,
util-linux-libmount-umount-a-segfault.patch,
util-linux-libmount-mount-a-nfs-bind-mount.patch,
util-linux-lscpu-chcpu-new-cpu-macros.patch,
util-linux-chcpu-cpu-count.patch).
- Switch python-libmount to python3-libmount.

==== util-linux-systemd ====
Version update (2.31.1 -> 2.32.1)

- Update to version 2.32.1:
* cal(1) has been improved and extended.
* libblkid has been extended to support LUKS2, Micron mpool, VDO
and Atari partition table.
* rfkill(8) has been moved to /usr/sbin.
* dmesg(1) provides better support for multi-line messages, new
command line option --force-prefix.
* fallocate(1) --dig-holes is faster and more effect now.
* fdisk(8) provides access to Protective MBR accessible from main
menu. Sun label support has been improved.
* lscpu(1) provides more details about ARM CPUs now
(FATE#326453).
* lsmem(1) supports memory zone awareness now (FATE#324252,
drop util-linux-lsmem-memory-zone-1.patch,
util-linux-lsmem-memory-zone-2.patch,
util-linux-lsmem-memory-zone-3.patch).
* lsns(8) provides netnsid and nsfs columns now.
* rtcwake(8) waits stdin to settle down before entering a system
sleep.
* Many fixes and improvements, see
https://www.kernel.org/pub/linux/utils/util-linux/v2.32/v2.32-ReleaseNotes
https://www.kernel.org/pub/linux/utils/util-linux/v2.32/v2.32.1-ReleaseNotes
(drop util_linux_bigendian.patch, util-linux-cramfs.patch,
util-linux-fincore-count.patch,
util-linux-sysfs-nvme-devno.patch, util-linux-lscpu-loop.patch,
util-linux-libmount-umount-a-segfault.patch,
util-linux-libmount-mount-a-nfs-bind-mount.patch,
util-linux-lscpu-chcpu-new-cpu-macros.patch,
util-linux-chcpu-cpu-count.patch).
- Switch python-libmount to python3-libmount.

==== vala ====
Version update (0.40.8 -> 0.40.9)
Subpackages: libvala-0_40-0

- Update to version 0.40.9:
+ Various improvements and bug fixes:
- girparser:
. Actually resolve type-arguments to be able to box them if
needed.
. Handle unsupported aliases which could not be fully
processed.
- codegen:
. Free errors after returning them on GDBusMethodInvocation.
. Fix invocation of abstract/virtual methods with NoWrapper
in compact classes.
- vala: Allow read-only properties.
- manual: Update from wiki.gnome.org.
+ Bindings:
- glib-2.0:
. Add Array.remove*() wrapper to avoid leaking generic
elements.
. Add (u)long.parse/try_parse() and float.parse/try_parse().
. Add return-type of Queue.remove*(), add
HashTable.foreach_steal().
- gtk+-3.0: Update to 3.23.2+6b6e53fd.
- gtk+-4.0: Update to 3.94.0+4e868584.
- webkit2gtk-4.0: Update to 2.20.5.

==== yast2-dns-server ====
Version update (4.1.0 -> 4.1.1)

- Switched license in spec file from SPDX2 to SPDX3 format.
- Manage the start mode and service status directly from Ruby.
- 4.1.1 (related to fate#319428)


--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages