[opensuse-factory] Leap 15.1 Build 419.1 released!

Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&version=15.1&build=419.1&groupid=50 https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Distribution&query_format=advanced&resolution=---&version=Leap%2015.1 When you reply to discuss some issues, make sure to change the subject. Please use the test plan at https://docs.google.com/spreadsheets/d/1AGKijKpKiJCB616-bHVoNQuhWHpQLHPWCb3m... to record your testing efforts and use bugzilla to report bugs. Packages changed: MozillaThunderbird (60.5.0 -> 60.5.1) cifs-utils (6.5 -> 6.8) fftw3 gcr (3.20.0 -> 3.28.1) gnome-keyring (3.20.1 -> 3.28.2) grub2 gsl hdf5 libsecret (0.18.5 -> 0.18.7) libstorage-ng (4.1.88 -> 4.1.91) libvirt metis openblas_pthreads openssh (7.6p1 -> 7.9p1) openssh-askpass-gnome (7.6p1 -> 7.9p1) patterns-base permissions polkit-default-privs qemu sddm suse-module-tools (15.1.10 -> 15.1.11) sysconfig (0.85.1 -> 0.85.2) syslinux systemd texlive-specs-n transactional-update (2.12 -> 2.13.1) trytond (4.6.12 -> 4.6.13) trytond_account (4.6.8 -> 4.6.9) virt-manager (2.0.0 -> 2.1.0) vlc (3.0.2 -> 3.0.6) xen xkeyboard-config yast2 (4.1.54 -> 4.1.55) yast2-bootloader (4.1.16 -> 4.1.17) yast2-control-center (4.1.5 -> 4.1.6) yast2-country (4.1.7 -> 4.1.8) yast2-installation (4.1.35 -> 4.1.36) yast2-packager (4.1.26 -> 4.1.27) yast2-python-bindings (4.0.8 -> 4.0.9) yast2-samba-client (4.1.0 -> 4.1.1) yast2-storage-ng (4.1.55 -> 4.1.66) yast2-users (4.1.7 -> 4.1.8) === Details === ==== MozillaThunderbird ==== Version update (60.5.0 -> 60.5.1) Subpackages: MozillaThunderbird-translations-common MozillaThunderbird-translations-other - Mozilla Thunderbird 60.5.1 * CalDav access to some servers not working MFSA 2019-06 (bsc#1125330) * CVE-2018-18356 bmo#1525817 Use-after-free in Skia * CVE-2019-5785 bmo#1525433 Integer overflow in Skia * CVE-2018-18335 bmo#1525815 Buffer overflow in Skia with accelerated Canvas 2D * CVE-2018-18509 bmo#1507218 S/MIME signature spoofing ==== cifs-utils ==== Version update (6.5 -> 6.8) - Allow cached DNS entry to expire * add allow-dns-resolver-key-to-expire.patch - Document new SMB2.1+ defaults * be more verbose on mount errors, especially with EHOSTDOWN which is often returned on SMB version issues. * add suse-document-new-vers-default-SMB2.1.patch - Fix python dependency stalemate by requiring python3 version of samba-libs. - Update to cifs-utils 6.8. + document more mount options + man pages now generated from RST files + add python-docutils build dependency + update keyring to check tarball signature + remove 0001-manpage-correct-typos-and-spelling-mistakes.patch + remove 0002-mount.cifs-document-SMBv3.1.1-and-new-seal-option.patch - Add typo corrections, better doc and configure fixes from upstream + add 0001-docs-cleanup-rst-formating.patch + add 0002-mount.cifs.rst-document-new-no-handlecache-mount-opt.patch + add 0003-manpage-update-mount.cifs-manpage-with-info-about-rd.patch + add 0004-checkopts-add-python-script-to-cross-check-mount-opt.patch + add 0005-mount.cifs.rst-document-missing-options-correct-wron.patch + add 0006-cifs-utils-support-rst2man-3.patch + add 0007-checkopts-report-duplicated-options-in-man-page.patch + add 0008-mount.cifs.rst-more-cleanups.patch + add 0009-mount.cifs.rst-document-vers-3-mount-option.patch + add 0010-mount.cifs.rst-document-vers-3.02-mount-option.patch - Cleanup spec file * assume SUSE vendor and SLE >= 11 - Update BuildIgnore to break build cycle samba-client <-> cifs-utils - update to 6.7: * mount.cifs cleanups - includes 6.6: * cleanup/overhaul of cifs.upcall krb5 credcache handling - partial cleanup with spec-cleaner ==== fftw3 ==== - Add FFTW_BIN to environment variable with module file (bsc#1125824). ==== gcr ==== Version update (3.20.0 -> 3.28.1) Subpackages: gcr-data gcr-lang gcr-prompter gcr-viewer libgck-1-0 libgcr-3-1 typelib-1_0-Gck-1 typelib-1_0-Gcr-3 - Update to version 3.28.1: + system-prompter: Fix use of g_hash_table_lookup_extended. + Updated translations. - Update to version 3.28.0: + Fix year 2038 workaround in ASN.1 decoder (bgo#787963). + Fix test errors when ssh-keygen is not found. + Updated translations. - Supplement the new gcr-ssh-askpass for gpg2 and gnome-shell: GNOME users want to have this available to enter the ssh key passwords. - Fix SRPM group. Update package summaries. - Update to version 3.27.92: + Provide API for reliably calling ssh programs (bgo#735873). + Updated translations. - Split new subpackage gcr-ssh-askpass, recommended by the main library. - Modernize spec-file by calling spec-cleaner ==== gnome-keyring ==== Version update (3.20.1 -> 3.28.2) Subpackages: gnome-keyring-32bit gnome-keyring-lang gnome-keyring-pam gnome-keyring-pam-32bit libgck-modules-gnome-keyring - Allow pam to open keyring when using sddm - Update to version 3.28.2: + Fix glitches in ssh-agent (bgo#795699). + Updated translations. - Update gnome-keyring-bsc932232-use-libgcrypt-allocators.patch to allow using more memory than the maximum lockable amount (bsc#1085983). - Update to version 3.28.0.2: + Fix glitches in ssh-agent (bgo#794361, bgo#794368, bgo#794369, bgo#794500, bgo#794631). - Unconditionally enable translation-update-upstream: on Tumbleweed, this results in a NOP and for Leap in SLE paid translations being used (boo#1086036). - Update to version 3.28.0.1: + Fix linking with "-z defs" (bgo#794274). - Update to version 3.28.0: + Fix TAP test driver. - Update to version 3.27.92: + Wrap stock ssh-agent from OpenSSH (bgo#775981). + Stop installing p11-kit configuration file for the PKCS#11 module (bgo#791401). + Updated translations. - Add openssh BuildRequires: needed for ssh-agent wrapper. - Modernize spec-file by calling spec-cleaner - Update to version 3.27.4: + Add support for SHA2 extension for RSA signatures in ssh-agent (bgo#790910). + Build fixes (bgo#792278, bgo#787387). + Updated translations. - Rebase gnome-keyring-pam-auth-prompt-password.patch. - Adopt the use of %make_build macro rather than raw make command, following the best practices. - Drop intltool BuildRequires: after upstream porting to Gettext, this is no longer needed. - Point fdupes to the data directory instead of the build root, which is a practice that must be avoided. - Update to version 3.27.2: + Add support for ECDSA in ssh-agent (bgo#641082). + Wipe passwords stored by the PAM module (bgo#781486). + Fix: - Shared key derivation between libsecret and gnome-keyring (bgo#778357). - Erroneous handling of partial writes in write_sync_close (bgo#778269). + Set CKF_LOGIN_REQUIRED flag in ssh-module. + Build and testing fixes (bgo#774312, bgo#781785). + Updated translations. - Update Url to https://wiki.gnome.org/Projects/GnomeKeyring: current GNOME Keyring's project web page. - Add conditional use to translation-update-upstream: SLE-only requirement. - Drop gnome-keyring-secret-size.patch: fixed upstream. - Drop pristine macros for choosing number of jobs in %build section and adopting %{?_smp_mflags} instead. - Drop %glib2_gsettings_schema_*, %desktop_database_* post/postun scriptlets and %glib2_gsettings_schema_requires macro: the functionality is covered by file triggers now. - Drop %clean section since its use is deprecated now. - Separate SLE-only patches from the others. Now they start at the number 1000. - Drop unneeded part of gnome-keyring-bsc932232-use-non-fips-md5.patch, to match what we have in SLE. - Add gnome-keyring-secret-size.patch: Ensure that generated secret occupies the same number of bytes as prime. Eliminates random errors while libsecret tries to talk to gnome-keyring (bgo#778357, bsc#1043861). - Update to version 3.20.1: + Fix boolean logic error in ssh-agent. + Pass the correct argc to gkr_pam_client_run_operation (bgo#766222). + Look for both dlopen and dlsym when configuring (bgo#766221). + Fix .so link in gnome-keyring-3 man page (bgo#767095). + Die if the XDG session we were started under goes away (bgo#768943). + Shorten unlock keyring dialog title (bgo#770170). + Updated translations. - Drop gnome-keyring-896818-reduce-head-msg-length.patch: Fixed upstream. - Add gnome-keyring-bsc1039461-pam-man-page.patch (bsc#1039461, bgo#784051), which adds a man page for the PAM module. In order for a new Makefile.in to be generated from the patched Makefile.am, automake was added to BuildRequires, and autoreconf will now be run prior to configure. - Update gnome-keyring-bsc932232-use-non-fips-md5.patch to fix issue that was reintroduced (bsc#966229, bsc#966225, bsc#994988). - Merge bnc#903966-SEGV-in-gnome-keyring-daemon-caused-by-calling-free-on-static-string.patch into gnome-keyring-896818-reduce-head-msg-length.patch: bsc#903966 is just a regression caused by bsc#896818 anyway (bsc#896818, bsc#903966, bgo#770170). - Rebase gnome-keyring-bsc932232-use-non-fips-md5.patch for version 3.20.0 (bsc#932232, bsc#966229, bsc#966225). - Drop gnome-keyring-bsc961271-secmem-mismatch.patch (fixed upstream). - Update to version 3.20.0: + Updated translations. - Update gnome-keyring-bsc932232-use-non-fips-md5.patch (bsc#966229, bsc#966225). Fixes inability to decrypt private ssh keys and corruption in stored keyrings. Fix by Michal Koutny . - Update to version 3.19.90: + Accept empty passwords for --unlock (bgo#762095). + srcdir != builddir fixes. + Updated translations. - Update to version 3.19.4: + Fix up startup and initialization (bgo#756324). + Fix DBus "Type" property of org.freedesktop.Secret.Item (bgo#759399). + Build fixes (bgo#753698). + Updated translations. - boo#962480: Add mdm as valid display manager to unlock gkr. - Add gnome-keyring-bsc961271-secmem-mismatch.patch (bsc#961271). This fixes a crash caused by mixed calls to egg_secure_free() and gcry_free(). - Add gnome-keyring-bsc932232-use-libgcrypt-allocators.patch and gnome-keyring-bsc932232-use-non-fips-md5.patch (bsc#932232). - Update to version 3.18.3: + Fix regression looking up secrets in non-default keyring (bgo#756865). + Fix manpage typos (bgo#756812). + Updated translations. - Drop gnome-keyring-dbus-handle-alias-paths-in-lookup_collection.patch: Fixed upstream. - Add gnome-keyring-dbus-handle-alias-paths-in-lookup_collection.patch: Fix firefox passwordmanager coupled with non-default keyring, also silence a bit of logspam (bgo#756865). - Update to version 3.18.2: + Fix regression in ported GDBus prompting (bgo#756032). + Other minor fixes. - Update to version 3.18.1: + Fix regression initializing gnome-keyring-daemon (bgo#756059). + Fix regression racing for DBus name during startup (bgo#756006). + Build and testing fixes (bgo#755873). + Updated translations. - Update to version 3.18.0: + Fix test crash (bgo#731802). - Update to version 3.17.91: + More fixes for GDBus migration (bgo#622905). + Fix a memory leak (bgo#752919). - Remove postun handling from baselibs.conf. If one uninstalls gnome-keyring-pam-32bit it has the effect that gnome-keyring-pam gets unregistered (boo#941736). - Update to version 3.17.4: + Remove temporary files on failure (bgo#746334). + Migrate DBus code to GVariant and GDBus (bgo#622905). + Remove the GnuPG agent (bgo#750514). + Updated translations. - Remove %bcond_with gpgagent and all related macros, it has been dropped upstream. - Drop pkgconfig(dbus-1) BuildRequires: No longer needed as upstream has migrated it away. - Update to version 3.16.0: + Fix build issues highlighted by GCC 5.x. + Updated translations. - Disable gpgagent integration, as gnupg 2.1 introduced code to explicitly sabotage gnome-keyring. - Update to version 3.15.92: + pam: Make sure to never block SIGCHLD (bgo#745673). + Revert "ssh-agent: Fix leak in seach_keys_like_attributes()". + Updated translations. - Update to version 3.15.90: + Fix leaks (bgo#7385080). + Refactoring. + Build fixes (bgo#740190). + Updated translations. - Remove libgcr-3-1 and libgck-1-0 references from baselibs.conf: these libs have been split off back in 2011. - fix bashism in postun script - Add bnc#903966-SEGV-in-gnome-keyring-daemon-caused-by-calling-free-on-static-string.patch Fixed SEGV in gnome-keyring-daemon caused by calling free() on static string (bnc#903966). - Update to version 3.14.0: + Remove residual GTK+ usage. + Build fixes. + Updated translations. - Add gnome-keyring-896818-reduce-head-msg-length.patch: Make the head message shorter. The patch makes sense but no need to be upstream (bnc#896818). - Update to version 3.13.91: + Initialize correctly with empty passwords during login (bgo#736085). + Don't use geteuid() to get UID for user in PAM module (bgo#733418). + Fix for libgcrypt 1.6+. + Build fixes. - Update to version 3.12.2: + Build fixes. - Update to version 3.12.0: + Build and testing fixes. - Update to version 3.11.92: + Use $XDG_RUNTIME_DIR to create keyring socket directory (bgo#725801). + Stop exporting the $GNOME_KEYRING_CONTROL env variable (bgo#725801). + Stop exposing a GNOME_KEYRING_PID variable (bgo#725801). + Pass XDG_RUNTIME_DIR to new gnome-keyring-daemon process (bgo#726196). + Fix issue with changed password not unlocking keyring (bgo#726196). + Add new --unlock option to prompt for login password (bgo#710187). + When in foreground mode, close stdout when done initializing. + Exit gnome-keyring-daemon when the DBus connection closes (bgo#708765). + Don't initialize in an idle handler, this is racy. + Don't log debug messages to syslog (bgo#711537). + Documentation fixes (bgo#711581). + License fixes (bgo#721549). + Modernize autotools setup and other build fixes. + Parallel testing and add new tests. + Updated translations. - Drop gnome-keyring-check-session.patch: no longer required; the start of the daemon is controlled by pam (OnlyIf=). - Rebase gnome-keyring-pam-auth-prompt-password.patch. - Enhance gnome-keyring-check-session.patch: Add "gnome-classic" to the list of handled desktop session types (bnc#862775). - Update to version 3.10.1: + Build fix on OpenBSD (bgo#706405). + Add manual page. + Minor error message fixes. + Updated translations. - Add gtk-doc BuildRequires: needed to build the man page. - If libp11-kit0-XXbit and gnome-keyring are installed, also suggest gnome-keyring-XXbit ... as /etc/pkcs11/modules is for both 32bit and 64bit modules (fixes a Wine 32bit issue during gnutls init). - Update to version 3.10.0: + Minor logic fix (bgo#708483). - Add dbus(org.freedesktop.secrets) and dbus(org.gnome.keyring) provides (part of bnc#828387). - Update to version 3.9.90: + Fix running gnome-keyring-daemon under test harness. + Test fixes (bgo#702367). - Introduce %bcond_without gpgagent: allow to disable gpg agent during build to easily test issues like bnc#829844. - Provide gnome-keyring-32bit (which contains pkcs#11 modules). (bnc#819246). - Update to version 3.9.1: + Fix implementation of LockService dbus method (bgo#690466). + Build fixes. + Updated translations. - Drop pkgconfig(libtasn1) BuildRequires: no longer needed. - Update to version 3.8.1: + Updated trasnlations. - Update to version 3.8.0: + Updated translations. - Update to version 3.7.92: + Update introspection data of Collection.SearchItems() (bgo#695115). + Update the Item.Created and Item.Modified properties correctly (bgo#695052). + Build fixes. + Updated translations. - Update to version 3.7.91: + Remove the roots-store module replaced by p11-kit 0.16+ trust module. + Only return one object path list from Collection.SearchItems() (bgo#695115). + Fix order of items returned from SearchItems() (bgo#693884). + Build fixes. - No longer pass --with-ca-certificates to configure: it's been obsoleted in favor of the p11-kit trust module. - Update to version 3.7.5: + Set correct type for Collection's "Locked" property. + Don't warn if the GNOME session manager is not available. + Fix crasher in armor code. + Build fixes. + Upadted translations. - Update to version 3.7.2: + Bring over DER parsing fixes from GCR library. + Fix corner case where long DER length overflows. + Fix crash when parsing invalid DER files. + Handle empty secrets correctly. + Only print debug message if no pkcs11 socket. + Other minor fixes. + More complete test coverage. - Update to version 3.7.1: + Remove dependency on GTK+. + Build fixes. - Drop pkgconfig(gtk+-3.0) BuildRequires: no longer needed. - Update to version 3.6.3: + Don't reverse the order of items returned from SearchItems(). + Updated translations. - Update to version 3.6.2: + Accept XDG_DATA_HOME environment variable during initialization + Handle empty secrets correctly. - Update to version 3.6.1: + Fix regressions with keyring master password changing + Load schema for secret items correctly, prevents storing multiple times for items stored via libsecret + Setup translations properly when daemon starts + Fix memory leak in PKCS#11 module + Updated translations. - Drop set_permission and verify_permissions scripts: gnome-keyring-daemon is not installed with special permissions and does not need special handling (bnc#781891). - Drop permissions PreReq: we don't need to handle any special permissions on files. - Update to version 3.6.0: + Updated translations. - Update to version 3.5.92: + Updated translations. - Update to version 3.5.91: + Updated translations. - Update to version 3.5.90: + Use the XDG directories for storing keys + Better handling of the --replace argument to gnome-keyring-daemon + Fix ability to store keyring files without using hardlinks + Make the GPG agent password caching options work correctly + Updated translations. - Drop gnome-keyring-bnc775235-passphrase-cache.patch: fixed upstream. - Update to version 3.5.5: + Initialize PKCS#11 correctly in gnome-keyring tool. + Rename the p11-kit module file. + Use setsid() to become a process leader when daemonizing. + Build fixes. - Changes from version 3.5.4: + Support the xdg:schema attribute on secret items. + Update to newer glib dependency and remove redundant code. + Encode passwords correctly for gpg2 in the gpg-agent. + Fix types of the DBus Created and Modified properties. + Expose the 'session' and 'login' keyrings as aliases. + Emit Secret Service signals when collections/items change. + Fix some spurious warnings. + Testing fixes. - Update to version 3.5.3: + Return correct introspect data for Secret Service + Fix the gnome2-store for gcr importer, and test + Debug and logging fixes + Build fixes + Updated translations. - Drop xz BuildRequires as it now comes for free in the build system. - Add gnome-keyring-bnc775235-passphrase-cache.patch: + Fix gnome-keyring:Passwords cached indefinitely (bnc#775235, CVE-2012-3466). - Update to version 3.4.1: + Set 'text/plain' content type on secrets returned from daemon + Use correct XDG_RUNTIME_DIR when started from PAM + License fix + More tests + Build fixes + Updated translations. - Update to version 3.4.0: + Updated translations. - Update to version 3.3.92: + Use runtime dir instead of /tmp for sockets. + Fix copyright headers. + Build fixes. + Updated translations. - Pass --with-ca-certificates=%{_sysconfdir}/ssl/ca-bundle.pem instead of --with-root-certs=%{_sysconfdir}/ssl/certs to configure: it's better to use the single ca certificates file than the directory with all certificates, as it's what upstream prefers. - Update to version 3.3.91: + Fix regression in changing a keyring master password + Set better button labels for the prompts + Fix assertion when cancelling a unlock prompt + Use a single CA certificates file by default + Updated translations. - Update to version 3.3.5: + Fix introspection data for SearchItems() + Fix regression when an invalid password used to unlock keyring + Updated translations. - Update to version 3.3.4: + Build fixes + Updated translations. - Update to version 3.3.3.1: + No message in gnome-keyring-pkcs11.so module, when no daemon running + Build fixes + Updated translations. - Drop gnome-keyring-fix-build.patch: fixed upstream. - Update to version 3.3.3: + Distribute correct desktop autostart files + Use GcrPrompt and GcrSystemPrompt for prompting + Do not crash when reading a truncated keyring file + Add test tool for dumping the keyring format + Update for GckBuilder changes in libgck + Fix for deprecations in glib 2.31.x + Fix ReadAlias() returning null when 'login' keyring exists + Build fixes, bug fixes - Add xz BuildRequires because we can't build a package for a xz-compressed tarball without explicitly specifying that... See bnc#697467 for more details. - Add gnome-keyring-fix-build.patch: add some libraries during linkage, to fix build; taken from git. - Change libgck Requires in libgck-modules-gnome-keyring to gck: this is a new Provides in libgck to help us for this Requires, so we don't have a Requires on a shared library package, whose name can change. Note that we don't version the Requires: there's no reason for this. - Fix libgck Requires in libgck-modules-gnome-keyring: as libgck got split out, we can't assume any longer that the version will always be the same as the one of the main package. For now at least we assume that we can maintain the library name. - Update to version 3.3.2: + Do not make label selectionnable in prompt dialog + Fix deadlock in the 'unsafe storage' prompt + Better locking for the old gnome2-store + Build fixes + Updated translations. - Drop gnome-keyring-remove-xfce-lxde-autostart.patch: fixed upstream. - Update to version 3.3.1.1: + Build correctly against glib 2.31 - Changes from version 3.3.1: + Return most recent secret first when searching + Split the Gcr and Gck libraries out of gnome-keyring + Build fixes + Updated translations. - Rebase gnome-keyring-remove-xfce-lxde-autostart.patch. - Remove BuildRequires that have moved to the new gcr source package: shared-mime-info, pkgconfig(p11-kit-1). - Add pkgconfig(gck-1) and pkgconfig(gcr-3) BuildRequires: newly depend on the split out library, - Drop libgcr-3-1, libgcr-devel, libgck-1-0 and libgck-devel subpackages: upstream split the libraries out. - Rename libgck-modules to libgck-modules-gnome-keyring: since libgck is split away from gnome-keyring, we cannot use a generic package name like this anymore. Add appropriate Obsoletes, but no Provides as there could be another libgck-modules package appearing in the future. - Stop calling %mime_database_post(un) in %post/%postun and stop passing --disable-update-mime to configure: the mime definition moved to the gcr source package. - Add missing calls to %desktop_database_post(un) in %post/%postun. - Use grep -F instead of deprecated fgrep in %post of pam subpackage. - Add pam-config calls in %post/%postun for gnome-keyring-pam in baselibs.conf: when pam-32bit is installed, pam-config checks if the 32bit version of the module is installed before enabling it, and if we install from scratch, this is not necessarily true when gnome-keyring-pam is installed. Fix bnc#728586. - Fixed gnome-keyring-remove-xfce-lxde-autostart.patch which was ineffective since it modified the .in rather than the .in.in files - Update to version 3.2.1: + Fix debugging output, and erroneous warnings + Updated translations. - Add explicit shared-mime-info BuildRequires since we use the %mime_database_* macros. - Update to version 3.2.0: + Don't install setuid when filesystem capabilities not available + Updated translations. - Update summary to not talk about password manager: this is really the keyring, which is more than just a password manager. - Do not start the gnome-keyring daemon for LXDE or Xfce via XDG autostart, that only works with gnome-session. - Update to version 3.1.92: + Add back the file format "documentation". + Make .desktop file match prompt process so icon and title are shown. + Fix packaging issues installing the pkcs11 module. + Return correct error code in gpg-agent for unimplemented stuff. + Fixes for parsing/viewing various (sometimes slightly invalid) PKCS#12 files. + Allow daemon to access secrets of internal PKCS#11 modules, so that we can do things like hash NTLM and Kerberos secrets in the future. + Build and documentation fixes. + Updated translations. - Update pam module and pam module configuration for the new gdm (>= 3.1.90), which uses both gdm and gdm-password pam services: + Update gnome-keyring-check-session.patch: check if the service is called gdm-password too. + Change pam-config call in %post to add gdm-password in - -gnome_keyring-only_if option. - gnome-keyring-check-session.patch: also remove support for the smeegol session, since Smeegol is dead. - Update to version 3.1.91: + gcr-viewer will now display errors when failing to load a file. + gcr-viewer can now prompt for passwords to unlock files. + Add support for getting the current data block being parsed in GcrParser. + Add debug output to various points in the GCR and GCK libraries. + When replacing another gnome-keyring-daemon, wait a moment before initializing. + Fix GCR library initialization bugs loading PKCS#11 modules. + Fine tuning of GcrParser when parsing PKCS#12 files. + Build and packaging fixes. + Updated translations. - Update to version 3.1.90: + Install better xdg-mime files for identifying crypto related file types + New gcr-viewer for viewing certificates and keys, hooked up to file types + Display tweaks for the certificate and key widgets + Don't initialize PKCS#11 modules automatically in gcr library unless needed. + Cleanup the libgck API since we're bumping the major version. + ABI fixes for the GCR library for changes in the 3.1.x release cycle + New automatic checks for symbols that have changed in the ABI + Add async PKCS#11 initialization functions to libgck + Display Certificate otherName subject-alt-name for xmppAddr and DNS SRV + Documentation, testing, translation and build fixes. - Pass --disable-update-mime to configure and add %mime_database_post/%mime_database_postun to %post/%postun scriptlets for the new gcr-crypto-types.xml MIME file. - Rename libgcr-3-0 to libgcr-3-1 after library version change. - Remove gtk-doc BuildRequires and call to libtoolize and autoreconf: there is no patch needing that. - Add LightDM support for the pam module: + Update gnome-keyring-check-session.patch: add support for LightDM. + Change pam-config call in %post to add lightdm in - -gnome_keyring-only_if option. - Update to version 3.1.4: + New GcrListSelector class for selecting multiple keys. + Add icons for key and key pair. + Gcr now has support for loading of GnuPG keys from gpg, including photos. + New gcr dependency on p11-kit for loading PKCS#11 modules. + Remove support for GTK+ 2.x. + Implement calculation of fingerprints in gcr for keys. + Fix problems in daemon if IPC lock or FS capabilities are not available. + Bug fixes and build fixes. + Code cleanup and refactoring. - Drop gnome-keyring-keep-only-ipc_lock.patch and gnome-keyring-accept-no-ipc_lock.patch: fixed upstream. - Add pkgconfig(p11-kit-1) BuildRequires, for new dependency. - Add libselinux-devel BuildRequires, to build SELinux support. - Remove --with-gtk=3.0 from configure, as GTK+ 2.x support was removed. - Rename libgck0 to libgck-1-0, following soname change. - Rename libgcr-3-1 back to libgcr-3-0, following soversion revert. - Call %icon_theme_cache_post/%icon_theme_cache_postun in libgcr-3-0 scriptlets, since the package now comes with icons. - Update baselibs.conf with package names after 3.0 update. - Update to version 3.1.1: + Add 'Export Certificate' option to right click of certificate widget. + Use file system linux capabilities for memory locking. + Set correct daemon SELinux context when started from PAM module + Fix assertions in parser. + Add GcrCollection interface to represent collections of objects + Add GcrGnupgCollection to libgcr. + Implement functionality in renderers to populate GtkTreeModel + Add a GcrSelector widget. + Cleanup unregistering from session. + Build fixes. + Updated translations. - Drop gnome-keyring-fix-parallel-build.patch and gnome-keyring-file-capabilities.patch: fixed upstream. - Rename libgcr-3-0 subpackage to libgcr-3-1 following soversion change. - Handle specific permissions for %{_bindir}/gnome-keyring-daemon: + Add permissions PreReq. + Add %set_permissions %{_bindir}/gnome-keyring-daemon to %post. + Add a %verifyscript scriptlet calling %verify_permissions. - Do not package %{_bindir}/gnome-keyring-daemon with filesystem capabilities: the security team will add what is needed via %set_permissions after a review of the code. - Drop rpmlintrc file as we don't need it anymore, since we have no setuid binary nor capabilities. - Add gnome-keyring-keep-only-ipc_lock.patch: when filesystem capabilities are used, make sure that we do have ipc_lock and keep only this one. - Add gnome-keyring-accept-no-ipc_lock.patch: accept to run without ipc_lock capability, just print a warning instead of aborting. - This is part of bnc#682244. - Add gnome-keyring-file-capabilities.patch: Use libcap-ng for file capabilities (from git, see rh#668831). - Use libcap-ng-devel BuildRequires instead of libcap-devel - Add gtk-doc BuildRequires, only needed because of the new patch. - gnome-keyring-daemon is now using cap_ipc_lock=ep instead of setuid. - Update to version 3.0.1: + Fix clicking buttons in 'unsafe storage' dialog on GTK+3. + Build with GTK+3 by default. + More tests and test fine tuning: --enable-tests=yes/no/full. + Expand path in gnome-keyring-prompt.desktop properly. + Implement debug tracing in parts of gcr library. + Complete documentation in gcr and gck libraries. + Fix assertions in gcr library during parsing of a stream. + Build fixes. - Add gnome-keyring-fix-parallel-build.patch to fix parallel build (from git). - Remove libmock-test-module.so in %install, as this is only useful for tests. - Add the rpmlintrc that was added as workaround until bnc#682244 is fixed (security review) as a source. - Update to version 3.0.0: + Updated translations. - Update to version 2.91.93: + Use full interface.Property form for CreateCollection and CreateItem in the DBus API. + Add deprecated functions for libgcr symbols lost since 2.32.x + Don't crash when the GPG agent is asked for a passhprase without a key id. - Changes from version 2.91.92: + Don't leak login name from PAM when logging error. + Also start daemon in XFCE + Fix inability to save password for other keyrings. + Build and test fixes. + Support removal of aliases via the secret service API + Fix race condition when multiple applications create the default keyring at the same time. + Add a desktop file for gnome-keyring-prompt, so the icon shows up properly in gnome-shell. + Implement HKDF for transport encryption security. - Changes from version 2.91.91: + Fix the certificate details expander when used with GTK+3 + Calculate the minimum/natural size of the certificate widget better. + Fix gnome-keyring-prompt for GTK+3 release. + Fix problems with the URIs used for trust lookup and storage. + Pass around a content-type for secrets in the DBus Secret Service API. + If DBus couldn't be initialized when starting up the daemon, try again at a later point. + Build and testing fixes. + Remove support for the pkcs11-options file, and wait for a proper configuration file setup being worked on in p11-kit. + Add support for --version argument to gnome-keyring-daemon and gnome-keyring. + Create necessary directory when storing trust assertion objects. - Changes from version 2.91.4: + gck library loads PKCS#11 modules from /usr/lib/pkcs11 + PKCS#11 config file in /etc/xdg/pkcs11.conf[.defaults] + Many ASN.1 encoding fixes. + Refactor how tests work. + Install standalone PKCS#11 modules to a consistent location. + Memory leaks and other bug fixes. + Allow enumeration of objects in specific PKCS#11 slots as well as modules. + Add GcrCertificateChain for building certificate chains. + Implementation of the initial PKCS#11 Trust Assertions spec. + Add GcrPkcs11Certificate for looking up certificates in PKCS#11 modules by issuer. + Expose gcr functionality for setting which PKCS#11 modules to use. + Find the root certificates by default. + Move to a single header model for libgcr. + Don't load *.la files when looking for PKCS#11 modules. + Fixes for GTK+3.0 + New xdg-store PKCS#11 module with support for storing trust assertions. + Rename old user-store to gnome2-store since it stores its data in old formats in the old .gnome2 location. - Replace gnome-keyring-autostart-in-xfce.patch with desktop-file-install calls. Add desktop-file-utils BuildRequires for this. - Add support for source service checkout, with %BUILD_FROM_VCS: + Add gnome-common and gtk-doc BuildRequires. + Add call to ./autogen.sh. + Enforce gtk-doc html generation by passing --enable-gtk-doc to configure. - Update gnome-keyring-check-session.patch to add support for Xfce sessions. - Add gnome-keyring-autostart-in-xfce.patch to autostart gnome-keyring in XFCE sessions. - Update to version 2.91.3: + Shutdown module timer when holding proper mutex. + Linux capabilities to overcome limits on locked memory. + Update HACKING with coding style + Build fixes. - Changes from version 2.91.2: + Add timeout if PAM startup doesn't complete shortly. + Fix login keyring password when it doesn't match unix login. + Replace gp11-0 with gck in pkgconfig file + Fix broken dispose of GcrCertificateWidget + Remove gp11 library. - Changes from version 2.91.1: + Fix build problem in gpg-agent. + Properly distribute pkgconfig file for gck library. + Better certificate widget in gcr library. + Add extra debug guard around printing of prompt io. + Rework how the gcr parser and importer work together. + More GTK+ 3.0 fixes. - Changes from version 2.91.0: + String and punctuation fixes. + Add libgck library to soon replace libgp11 + Migrate everything in gnome-keyring to libgp11 + Fix invalid memory access in PKCS#11 rpc-layer + Fix race condition in tests - Move to pkgconfig()-style BuildRequires: + Old ones: dbus-1-devel, gtk2-devel, libtasn1-devel. + New ones: dbus-1, glib-2.0, gtk+-3.0, libtasn1. - Add libcap-devel BuildRequires. - Rename libgcr0 to libgcr-3_0 after library name change. - Remove explicit glib2-devel, gtk2-devel, libgp11-devel, libtasn1-devel Requires in libgcr-devel package: they will be automatically added the pkgconfig() way. - Add libgck0, libgck-devel and libgck-modules subpackages, and remove libgp11-0, libgp11-devel, libgp11-modules. Packaging-wise, it's mostly like a renaming. Note that we have libgck-modules with a Obsoletes tag for libgp11-modules since they share the same files. - Pass --with-gtk=3.0 instead of --with-gtk=2.0 to configure. - Stop passing --libexecdir=%{_libexecdir}/gnome-keyring-1 to configure: this is really not needed. - Own /usr/share/GConf and /usr/share/GConf/gsettings to fix build. - Change lang package Requires to Recommends since it is not mandatory at runtime. - Update to version 2.32.1: + Don't offer to save password for symmetric encryption in gpg-agent. + Don't try to cache password when symmetric encryption in gpg-agent. + Check that daemon is initialized before changing password from pam. + Fix login keyring password doesn't match login. + Link correctly to gio. + Add extra debug guard around printing of prompt io. + Fix invalid memory access in rpc-layer. - Update gnome-keyring-check-session.patch to also use the gnome-keyring PAM module for the gnome3 and smeegol sessions: we want the keyring to be unlocked on login there. - Update to version 2.32.0: + Make builds silent by default. - Update to version 2.31.92: + Require glib 2.25 or later. + Require automake 1.7 or later. + Fix assertion in secure memory code. + Don't go into endless loop when GPG Agent client disconnects. + Fix double free in gp11 library. + Fix crash during keyring unlock operation. + Expand prompt details when a non-default unlock option is chosen. + Migrate to gsettings. + Use gsettings for GPG agent unlock options. + Fix library header installation directory for libgcr. + Fix some errors parsing certificates. + Rework how unlock options are loaded and handled. + Fix saving of auto-unlock passwords. + Support building with GTK+ 3.0 + No warning message when SSH unlock prompt is cancelled. + Build fix finding PAM headers. + Build fix of PAM module for Hurd. - Drop gnome-keyring-fix-pam-module-build.patch: fixed upstream. - Pass --with-gtk=2.0 to configure to make sure we build against GTK+ 2. - Handle GSettings schemas, by using the %glib2_gsettings_schema_* macros. - Update to version 2.31.91: + Fix problem with keyring names that contain foreign charaters. + Build fixes and warning fixes. + Better GPG Agent prompt strings. + More internal documentation. + Remove gconf as part of migration to gsettings. + Add --replace option to daemon. + Fix race condition in tests. + Use new DER decoding and encoding routines. + Only try to authenticate once if PKCS#11 slot has protected auth path. + Better handling of when PKCS#11 token is write protected. - Add gnome-keyring-fix-pam-module-build.patch to fix build of PAM module. - Pass --enable-pam to configure to make the build fail early if we lose the pam module. - Pass --with-root-certs=%{_sysconfdir}/ssl/certs to configure. - Remove all of the gconf packaging: + Remove gconf2-devel BuildRequires. + Remove use of %gconf macros and corresponding %pre/%preun/%posttrans. + Do not pass --disable-schemas-install to configure. - Remove gnome-common BuildRequires and call to gnome-autogen.sh. - Call %suse_update_desktop_file on gnome-keyring-gpg.desktop. - Update to version 2.31.4: + New GPG Agent built into gnome-keyring-daemon + Start building (but not using) new DER parser and writer. + Fix building of desktop and service files. + Fix problems displaying prompts with certain characters in strings. + Fix deadlock on secure memory usage. + Refactor the way prompting works for PKCS#11 components. + Refactor the way testing works and files are named. + Implement coverage testing. + Cleanup whitespace issues and rename certain modules. + Tests can now involve prompts and responses. + Fix possible threading race condition in gp11. + Fix broken startup when used with gdm and password-less login. + Fix checking of uninitialized value in prompting code. - Drop gnome-keyring-fixes-from-git.patch: fixed upstream. - Add gnome-keyring-fixes-from-git.patch to fix various issues related to gnome-keyring not working fine (with autologin, for example). - Add gnome-common BuildRequires and call to gnome-autogen.sh needed for the patch. - Update to version 2.30.1: + Build fixes for errors and distribution problems. + Fixes for building on recent GTK versions. + Remove accidental storage of user's login password in login keyring. + Fix assertion when exiting. + Updated translations. - Update to version 2.30.0: + More robust error display and handling. + Don't assert on va_list. + Don't save session keyring to disk. + Allow unlocking even when always unlock is not available. + Hide the automatically unlock check when login not usable. + Fix various issues storing and using auto unlock passwords. + Updated translations. - Update to version 2.29.92: + Fix various problems with not storing secret value properly. + Return no results when a search includes a bad collection identifier. + Don't raise error if ssh client disconnects early. + Allow running in a test environment. + Fix error when setting default keyring to NULL. + Autostart gnome-keyring-daemon in LXDE as well. + Rework the startup again, to use a singleton crontrolled via dbus, to help when no process was started by pam. + Display password and confirm prompts when creating keyring. + Allow specifying CKA_ID when creating collection. + Give translatable label to created login keyring. + When no default keyring set, use login keyring. + Fix problem initializing socket path in rpc module. + Fix endless loop in reading data. + Potential fix or sporadic crash. + Solaris build fixes. + Updated translations. Drop upstream included gnome-keyring-LXDE-autostart.patch. - Update to version 2.29.90: + Quit daemon when the dbus session is disconnected. + Don't print out warnings on SSH v1 keys. + Remove erroneous egg-dbus dependency. + Allow saving password for encryption keys. + Fix problems storing secrets in keyrings. + Expose idle and timeout lock options for keyrings in the prompt dialog. Fix remaining issues to get this to work. + Display a different message when unlocking the login keyring. + Fix problem with phantom 'xxx_1' keyrings appearing. + Load and use the default keyring properly. + Support accessing template style pkcs11 attributes. + Fix endless loop when looking for encryption key password in login keyring. + GNU Hurd build fixes. + Solaris build fixes. + Translation fixes. - Drop eggdbus-devel BuildRequires. - Tweak gnome-keyring-check-session.patch to not start the keyring if we're in a supported display manager, but DESKTOP_SESSION is not set. - Add gnome-keyring-LXDE-autostart.patch to allow to autostart keyring on LXDE session. - Update gnome-keyring-check-session.patch to also support LXDE (and lxdm). - Update to version 2.29.5: + Implement lookup collection passwords in login keyring. + Various prompting fixes. + Store PKCS#11 objects after any attribute change. + Add 'Type' property to Secret Service API DBus item interface + Various warning, and uninitialized memory fixes. - Update to version 2.29.4: + Refactor how the daemon starts up. + Allow init with already present environment variables, using - -start. + Install autostart files for each component of the daemon. + New DBus Secret Service API for accessing passwords and secrets. + Old protocol for accessing secrets is no longer present. + libgnome-keyring is now its own module, and no longer bundled with gnome-keyring. + Use normal GtkEntry when prompting for passwords. + Requires GTK+ 2.18 + Implement new more flexible control protocol for pam and startup. + Complete more of the gp11 PKCS#11 wrapper library. + Implement AES key wrapping and unwrapping in PKCS#11 components. + Implement DH key generation and derivation in PKCS#11 components. + Integrate testing of PKCS#11 components via p11-tests. + Implement PKCS#11 component for storing 'keyring' style secrets. + Don't complain if we can't set session environment variables. + When running a debug build, warnings are fatal. + Refactor testing. + Encrypted channel for password with prompting dialog. - Pass --disable-schemas-install to configure. - Add eggdbus-devel BuildRequires. - Remove libgnome-keyring0 and gnome-keyring-devel subpackages (moved to libgnome-keyring source package). - Split the remaining of gnome-keyring-devel in libgcr-devel and libgp11-devel. - Update baselibs.conf to reflect the packages shipping libraries (libgcr0 and libgp11-0). - Add baselibs.conf as a source - Fix build on openSUSE <= 11.2. - Update to version 2.28.2: + Add license to reference documentation. + Sent output of g_printerr to syslog. + No error when can't unlock login keyring. + Fix assertion when comparing attributes. + Fix freeing of unallocated memory in test. + Don't barf on certificates with unsupported algorithm. + Fix some memory leaks. - Split the libraries in their own packages, to avoid useless dependencies for packages depending on libgnome-keyring0 but that don't want the whole gnome-keyring (which pulls gtk2). This means we now have libgnome-keyring0, libgcr0, libgp11-0 and libgp11-modules subpackages. (Thanks to Debian: summaries and descriptions are inspired by the Debian ones.) - Remove .la files. - Do not self-obsolete for gnome-keyring-doc and pam_keyring. - Move the pam-confire PreReq to the pam subpackage. - Update to version 2.28.1: + Fix support for SSH RSA1 keys. + Fix a delay when the daemon quits. + Use default D-Bus timeout when finding daemon. + Make custom pkcs11 constants unsigned longs. + Use unsigned long for module handle counter. + Fix assertion when releasing secure memory block. - Drop gnome-keyring-no-logout-delay.patch: fixed upstream. - Drop gnome-keyring-fix-ssh1-agent.patch: fixed upstream. - Update gnome-keyring-check-session.patch to apply without fuzz. - Add gnome-keyring-fix-ssh1-agent.patch to make the ssh agent support rsa1 keys again. Fix bnc#540515. - Update gnome-keyring-pam-auth-prompt-password.patch to not prompt for password if use_authtok option is used. - Add gnome-keyring-no-logout-delay.patch to fix delay during logout. - Update to version 2.28.0: + Fix build problems with -as-needed. - Remove export SUSE_ASNEEDED. - Update to version 2.27.92: + Some uses of glib memory routines to explicitly allocate memory. + Fix erroneous assertion hit by gtk-doc and tests. + Revert change which bumped libtasn1 required to 1.0. + Fix logic for only_if option in PAM module. + Handle unix signals on one thread. + Better daemon startup and forking logic. + Optional use of automake silent rules when available. + No warning when a disk doesn't have a UDI identifier. - Drop gnome-keyring-pam-fix-only_if.patch: fixed upstream. - Add SUSE_ASNEEDED=0 to fix build. - Add gnome-keyring-pam-fix-only_if.patch to fix logic in pam module when using only_if. - Update to version 2.27.90: + Build fixes on Solaris and FreeBSD. + Take length of ASN.1 elements into account, when parsing. - Drop gnome-keyring-auto-start-if-compatibility.patch now that pam-config has been updated to support only_if in the pam config. - Change pam-config call in post to use "--gnome_keyring-auto_start - -gnome_keyring-only_if=gdm" instead of "--gnome_keyring-auto_start_if=gdm"" - PreReq pam-config at least 0.72 for those changes. - Update to version 2.27.5: + Add support for lifetime constrained SSH identities. + Use GtkBuilder files where glade files were used. + Write private key files with tighter file permissions. + Use gio instead of libhal for monitoring volumes. + Updated translations. - Remove hal-devel from BuildRequires not needed anymore. - Update to version 2.27.4: + Insurance in parsing keyring format for future changes. + Add 'use_authtok' option to pam module. + Test utility fix. + Add 'only_if=' option to pam module. + Make 'Password:' prompt translatable in pam module. + Use libgcrypt to generate iv/salt where needed. + Remove old cu-test style unit tests. + Code refactoring and cleanup, removed 'common' component. + Auto generated ChangeLog. + Cleanup unit tests, and make them run with 'make check' - Changes from version 2.26.3: + Build fixes. + Fix problem with RSA key sizes that are not a multiple of 8. This affected use of SSH keys in particular. + Fix crash related to secure memory. - Drop gnome-keyring-pam-auto-start-if.patch: fixed upstream. - Drop gnome-keyring-pam-translate.patch: fixed upstream. - Remove AutoReqProv: it's default now. - Add gnome-keyring-auto-start-if-compatibility.patch since pam-config does not know yet about only_if. It will be removed once pam-config will be updated. - Update to version 2.26.1: + Fix many problems with the new secure memory allocator + DBus now automatically starts the gnome-keyring service properly + When auto activating the gnome-keyring DBus service, check for an already running daemon + Don't print critical warnings when registering with DBus fails + Bump glib dependency + Add DBus method for getting the gnome-keyring environment variables + Fix crash when prompting to unlock the keyring + Initialize daemon with LOGNAME and USERNAME environment variables + Build fixes - Merge -doc into -devel as it only contains gtk-doc - Move gtk-doc from main to -devel - Modify baselibs.conf so that if pam-32bit is installed on x86_64, gnome-keyring-pam-32bit and gnome-keyring-32bit is installed as well. - Fix an issue where Requires on libtasn1-devel and gtk2-devel was added to -pam instead of -devel - Update to version 2.26.0: + Implement support for running gnome-keyring-daemon under valgrind + Checks for asn1Parser tool when configuring + Only automatically expose PKCS#11 public key objects for private keys + Have the SSH agent only log into the token when we have a private key that we want to access + Disable input method in password - Add libtasn1-devel and gtk2-devel to Requires for devel package - Update to version 2.25.92: + Fix problems when multiple processes tried to initialize the gnome-keyring-daemon at the same time, often resulting in a user session that hung on login. + Add compatibility support for loading SSH unlock passwords from previous versions of gnome-keyring. + Fix compiler warnings on 32-bit systems. + Fix uninitialized variable usage. These resulted in crashes. + Initialize PKCS#11 tokens before importing certificates or keys to them. Remove previous auto-initialize idea. + Add basic support for PKCS#11 SO logins. + Fix focus issues in the import certificate/key dialog. + When looking for PKCS#11 objects, skip tokens that have not been initialized. + Exit properly when an error occurs on importing a certificate or key. + Hash objects when storing them in PKCS#11 user-store and validate the hashes when loading them. + Build fix on Solaris + If login keyring doesn't exist when changing a PAM password, don't create it automatically. + Close stdin/stdout when not running the daemon in foreground. This fixes a regression in scripts starting gnome-keyring-daemon. - Remove -fno-strict-aliasing from CFLAGS. - Use makeinstall (install-pam is no longer useful) - Make sure fdupes is called last (since we might changes some files before). ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi - Create compatibility sym-link of grub.xen in the old location to which old VM definition is pointing (bsc#1123942) - Add patch to fix ARM boot, when kernel become too big: * grub2-move-initrd-upper.patch (boo#1123350) ==== gsl ==== Subpackages: libgsl23 libgslcblas0 - mark examples as a noarch package - install license for examples and remove unnecessary dependencies - add an examples sub package to test in production env - Simplify package naming for HPC. - Fix dependencies for HPC. - Library directory is always available when module file is installed, do not hide it. - Properly create and tear down default version links when the HPC master packages are installed/uninstalled. - Create pkgconfig file for gslcblas as well. - Add missing env variables to modules file: MANPATH, INFOPATH, PKG_CONFIG_PATH. ==== hdf5 ==== Subpackages: libhdf5-103 libhdf5_hl100 - Consolidate use of openmpi1, openmpi2, openmpi3 for non-HPC builds. ==== libsecret ==== Version update (0.18.5 -> 0.18.7) Subpackages: libsecret-1-0 libsecret-lang typelib-1_0-Secret-1 - Update to version 0.18.7: + Migrate from intltool to gettext. + Fix uninitialized memory returned by secret_item_get_schema_name(). + secret-session: Avoid double-free in service_encode_plain_secret(). + Port tap script to Python 3. + Build and test fixes. + Updated translations. - Drop intltool BuildRequires: No longer needed following upstreams port to gettext. - Update to version 0.18.6: + Fix shared key derivation between libsecret and gnome-keyring (bgo#778357). + Avoid run-time error when gnome-keyring is not responding (bgo#787391). + Enable cross compilation (bgo#748111). + GI annotation fixes (bgo#785034). + Fix textual typos (bgo#782206). + Updated translations. - Drop libsecret-secret-size.patch: fixed upstream. - SRPM group fix. Update summaries. - Remove duplicate commands. Limit fdupes to /usr. - Modernize spec-file by calling spec-cleaner ==== libstorage-ng ==== Version update (4.1.88 -> 4.1.91) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#615 - Workaround upgrade with multiple mout points per block device (bsc#1118865) - 4.1.91 - merge gh#openSUSE/libstorage-ng#616 - added debugging code - extended unit test - 4.1.90 - merge gh#openSUSE/libstorage-ng#613 - Rename method - Add method for removing a bcache cset - Add actions to modify an existing bcache - Increase minor version - Fix error messages - Small fixes - Allow to modify Bcache devices - 4.1.89 ==== libvirt ==== Subpackages: libvirt-bash-completion libvirt-client libvirt-daemon libvirt-daemon-config-network libvirt-daemon-driver-interface libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-gluster libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-qemu libvirt-libs - qemu: don't use CAP_DAC_OVERRIDE capability if non-root 620d9dd5-qemu-no-dac-override-nonroot.patch boo#1125665 ==== metis ==== - add a examples subpackage which include graphs* file to test Metis - Set default module version correctly when installing master package, unset when deinstalling the default library package. - Fix %%post and %%postun scripts for HPC. - Fix dependencies for HPC. - Fix HPC modulefile: * Aibraries are always there when module file is installed. * Set PKG_CONFIG_PATH. - Fix package group names. ==== openblas_pthreads ==== - Add Add-a-register-to-the-clobber-list-for-the-mul-instruction.patch Backport of removed: 0001-Add-a-register-to-the-clobber-list-for-the-mul-instr.patch - Add OPENBLAS_INC and OPENBLAS_DIR to HPC environment (bsc#1125547). - Fix https://github.com/xianyi/OpenBLAS/issues/2014 Add 0001-Add-a-register-to-the-clobber-list-for-the-mul-instr.patch ==== openssh ==== Version update (7.6p1 -> 7.9p1) Subpackages: openssh-helpers - Handle brace expansion in scp when checking that filenames sent by the server side match what the client requested [bsc#1125687] * openssh-7.9p1-brace-expansion.patch - Updated security fixes: * [bsc#1121816, CVE-2019-6109] Sanitize scp filenames via snmprintf and have progressmeter force an update at the beginning and end of each transfer. Added patches: - openssh-CVE-2019-6109-sanitize-scp-filenames.patch - openssh-CVE-2019-6109-force-progressmeter-update.patch * [bsc#1121821, CVE-2019-6111] Check in scp client that filenames sent during remote->local directory copies satisfy the wildcard specified by the user. Added patch: - openssh-CVE-2019-6111-scp-client-wildcard.patch - Change the askpass wrapper to not use x11 interface: * by default we use the -gnome UI (which is gtk3 only, no gnome dep) * if desktop is KDE/LxQt we use ksshaskpass ==== openssh-askpass-gnome ==== Version update (7.6p1 -> 7.9p1) - Supplement the openssh and libx11 together to ensure this package is installed on machines where there is X stack - Version update to 7.9p1 * No actual changes for the askpass * See main package changelog for details - Update to 7.8p1: * no actual changes for the askpass - Format with spec-cleaner - Respect cflags - Use gtk3 rather than gtk2 which is being phased out - Upgrade to 7.7p1 (bsc#1094068) ==== patterns-base ==== Subpackages: patterns-base-32bit patterns-base-apparmor patterns-base-apparmor-32bit patterns-base-apparmor_opt patterns-base-base patterns-base-base-32bit patterns-base-basesystem patterns-base-console patterns-base-enhanced_base patterns-base-enhanced_base-32bit patterns-base-enhanced_base_opt patterns-base-minimal_base patterns-base-minimal_base-32bit patterns-base-sw_management patterns-base-sw_management-32bit patterns-base-transactional_base patterns-base-update_test patterns-base-x11 patterns-base-x11-32bit patterns-base-x11_enhanced patterns-base-x11_enhanced-32bit patterns-base-x11_opt - ppc64-diag is required on ppc64le (bsc#1098849). ==== permissions ==== - Added 0001-whitelisting-update-virtualbox.patch (bsc#1120650) New whitelisting for /usr/lib/virtualbox/VirtualBoxVM and removed stale entries for VirtualBox - Added 0002-consistency-between-profiles.patch Ensure consistency of entries, otherwise switching between settings becomes problematic - Added 0003-var-run-postgresql.patch (bsc#1123886) Whitelist for postgresql. Currently the checker doesn't complain because the directories aren't packaged, but that might change and/or our checkers might improve ==== polkit-default-privs ==== - 0007-whitelist-newly-introduced-network-manager-wifi-scan.patch: backport of newly introduced NetworkManager wifi-scan rule (bsc#1122262). ==== qemu ==== Subpackages: qemu-block-curl qemu-block-rbd qemu-block-ssh qemu-guest-agent qemu-ipxe qemu-ksm qemu-seabios qemu-sgabios qemu-tools qemu-ui-curses qemu-ui-gtk qemu-ui-sdl qemu-vgabios qemu-x86 - Revert upstream patch which declares x86 vmx feature a migration blocker. Given the proliferation of using vm's with host features passed through and the general knowledge that nested virtualization has many usage caveats, but still gets put in use in restricted scenarios, this patch did more harm than good, I feel. So despite this relaxation, please consider yourself warned that nested virtualization is not yet a supportable feature. (bsc#1121604) 0058-Revert-target-i386-kvm-add-VMX-migr.patch - Fix SEV VM device assignment (bsc#1123205) 0059-memory-Fix-the-memory-region-type-a.patch 0060-target-i386-sev-Do-not-pin-the-ram-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1 - Remove 71-sev.rules, which modifies the default permissions of /dev/sev by adding the kvm group as reader/writer. Upstream decided to take a different approach for libvirt to manage SEV due to security concerns which I agree overrides the convenience of providing /dev/sev access to all the kvm group (bsc#1124842 bsc#1102604) - Increase memory needed to build qemu-testsuite for ppc* arch's in _constraints file - Return specification exception for unimplemented diag 308 subcodes rather than a hardware error (bsc#1123179) - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1 * Patches added: 0057-s390x-Return-specification-exceptio.patch - Fix OOB issue in slirp (CVE-2019-6778 bsc#1123156) 0056-slirp-check-data-length-while-emula.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1 - Fix ipxe GCC 9 incompatibilities (bsc#1121464) ipxe-efi-Simplify-diagnostic-for-NULL-handle.patch ipxe-build-Disable-gcc-address-of-packed-member-warning.patch ==== sddm ==== Subpackages: sddm-branding-openSUSE - Add patch to fix reading garbage from getpwnam (boo#1125624): * 0001-Use-C-scoping-for-handling-buffer-deletion.patch ==== suse-module-tools ==== Version update (15.1.10 -> 15.1.11) - Update to version 15.1.11 (git 54df192): * spec file: use more gentle wording in blacklist files * spec file: drop jffs2 and ubifs from blacklist ==== sysconfig ==== Version update (0.85.1 -> 0.85.2) Subpackages: sysconfig-netconfig - version 0.85.2 - Fixed changes file to mention relevant github pull requests. - Removed remaining preun rpm hook from EOL openSUSE versions - Merged /var/adm/netconfig move revert from openSUSE:Factory causing to not find md5 sums from previous netconfig version due to incorrectly merged hook in spec file and trouble on transactional systems without writeable /var/lib/netconfig. Removed obsoletes revert-var-adm-lib-netconfig-move.patch. (bsc#1124152,bsc#1124340). - Merged rpm spec bash section marks (gh#openSUSE/sysconfig#23) - HOTPATCH (to be reverted): revert-var-adm-lib-netconfig-move.patch - version 0.85.1 - removed modprobe.d/50-blacklist.conf, which will be provided by the suse-module-tools package instead (boo#1107611). See also: gh#openSUSE/suse-module-tools/pull/3 gh#openSUSE/sysconfig/pull/22 - version 0.85.0 - netconfig: change to write resolv.conf,yp.conf,forwarders.conf to files in /[var/]run/netconfig/ and link in /etc (fate#325872) - netconfig: add to update ntp servers in chrony (bsc#1099272) and cleaned up to use start-ntpd addserver to update ntpd servers. - Remove code to update from openSUSE older than 12.3, which is EOL (gh#openSUSE/sysconfig#19). - Move /var/adm/netconfig to /var/lib/netconfig to become more FHS conform (gh#openSUSE/sysconfig#18). - version 0.84.3 - netconfig: change policy to permit non-NM settings (bsc#1079793) As requested and approved by NetworkManager maintainer, the 'auto' policy permits now also per interface settings provided by other services when NetworkManager is enabled. That is, the auto policy resolving has been changed from "STATIC_FALLBACK NetworkManager" to "STATIC_FALLBACK * NetworkManager". - Use %license instead of %doc [bsc#1082318] - version 0.84.2 - spec: revert change to use _fillupdir in update hook from < 0.80 - merged fixes of the the fillup templates logic and macro in configure.ac by Marcus Meissner - Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468) - Make /etc/ppp owned by root:root. The group dialout usage is no longer used. - version 0.84.1 - netconfig: cleanup tmp files (boo#1010760) When /var/run/ntp/servers-netconfig has been modified externaly, don't try to backup or keep tmp files to show what we would do. - netconfig: improve input check for duplicate keys (bsc#1009801) - Remove requires for not needed insserv (bsc#999850) - version 0.84.0 - netconfig: intoduced a batch mode (bsc#989741) It permits to preform multiple modify/remove operations and call the effective update at the end of the batch. - netconfig: use ntpq, as ntpdc is deprecated (bsc#894889), lower sleep lock wait granularity and fix NTP_KEYS parsing - Drop the omc svcinfo data as they are not used anymore - Run spec-cleaner to remove few obsolete things - Drop cvs helper files as we are in git - Rename configure.in to configure.ac - Add a blacklist entry for the ACPI power meter driver (bnc#974373) - version 0.83.9 - ppp: install refactored ip-up and related scripts (bsc#865573) - removed patches shipped inside of the source archive [- 0001-dhcp-network-variables-for-dhcp4-user-class.909307.patch] [- 0002-netconfig-use-ntpd.service-on-13.2-boo-930309.patch] - netconfig: use ntpd.service on >13.1 (boo#930309) [+ 0002-netconfig-use-ntpd.service-on-13.2-boo-930309.patch] - sysconfig-netconfig requires /bin/logger, otherwise the following happens: linux.site wickedd[31]: /etc/sysconfig/network/scripts/functions.netconfig: line 44: logger: command not found - dhcp: add variables for handling of DHCPv4 user-class (bsc#909307) [+ 0001-dhcp-network-variables-for-dhcp4-user-class.909307.patch] - version 0.83.8 - netconfig: use domain name from hostname (bnc#912891) When there is no dns domain or search list provided (by dhcp), but a hostname as FQDN, use it's domain for /etc/resolv.conf search list. - netconfig: merge NetworkManager settings on -m (bnc#900982) - rpm: kill all NetworkManager child processes on migration Before we stop (the always running) NetworkManager.service, ensure to kill all (child) processes when migrating from the NETWORKMANAGER=no variable (bnc#895447). - rpm: fixed SUSE spelling in the spec file (bnc#889002) - version 0.83.7 - netconfig: create missed /var/run/ntp directory (bnc#892877) When the directory does not exists yet, the ntp service is not yet started/running and it is even more important to write the servers so ntpd can pickup them at start. - config: changed NM_ONLINE_TIMEOUT to 30 (bnc#889175) - config: updated to list new variables in network/dhcp, cleanup of ifcfg.template and network/config variables - version 0.83.6 - netconfig: fixed manual page to not refer README (bnc#876755) - version 0.83.5 - sysconfig/network/config: new default to send gratuitous arp Enabled to send gratuitous arp by default, when duplicate IPv4 check is enabled and were successful (bnc#879911,fate#314399). - netconfig: improved troubleshooting capabilities Added NETCONFIG_VERBOSE and NETCONFIG_FORCE_REPLACE config variables allowing to run all netconfig calls in debug mode and force update of modified files as default. Show service, policy resolving info and log the commandline in debug mode. Fixed to log info/warnings that were printed to stderr only before (bnc#860644, bnc#868323). - version 0.83.4 - config: check ipv4 duplicates by default (fate#314399) - version 0.83.3 - Cleaned up comments and obsolete variables in network/dhcp and network/config config files (fate#312939,fate#314482). - netconfig: just systemctl not init scripts (bnc#864696) as all for this version supported systems are using systemd which forwards to init scripts as needed. - Remove the blacklist entry for the uas driver (bnc#862397) - version 0.83.2 - A systemctl status is quite expensive as it (by default) parses logs, etc. Use is-active where we need the code only (bnc#859360). - version 0.83.1 - Install /sbin/service link as /sbin/rcnetwork for compatibility with older sysconfig as it is quite often used absolutely. - Use an unconditional rcnetwork symlink to /sbin/service - version 0.83.0 - Recommend wicked-service instead of sysconfig-network as the default network service and drop sysconfig-network. The wicked service package provides systemd service files requesting the network.service alias at service enable time as well as the ifup compatibility scripts using wicked as network backend (fate#316768,bnc#856591). - ifcfg-bonding.5: fixed to use startmode hotplug in slave example - Use ZEROCONF_ROUTE=no as new default (fate#314482) The NOZEROCONF="yes" variable were double-negated in it's meaning and did not reflect what the variable really does (fate#314482). - rcnetwork: use service type oneshot, not forking Sometimes, network fails to start / stops itself, because the per interface services started inside it, need already started network and fail as network did not yet reached started state. This does not happen with oneshot network service type (bnc#853908). - version 0.82.1 - Changed global NOZEROCONF default to "yes" (automatic zeroconf route disabled), removed obsolete LINKLOCAL_INTERFACES variable. Use NOZEROCONF="no" per interface to enable (fate#314482). - version 0.82.0 - Dropped udevmountd, the functionalty has been included in systemd (bnc#852762). - version 0.81.7 - Skip also systemd redirection for ifdown -o ifplugd (bnc#846031). - Fixed to check restorecon existence before calling it as selinux is not installed by default (bnc#845792). - fix starting dhcpcd from ifplugd (bnc#846031) - version 0.81.6 - Merged changes from $OBS/Base:System/sysconfig - blacklist udlfb because only udl can be used with xrandr 1.4 (bnc#846218) - set SELinux label for /dev/.sysconfig after creation (bnc#845792) * sysconfig-0.81.5-restore_selinux_context_on_RUN_FILES_BASE.patch - use systemctl when possible instead of calling init scripts directly * sysconfig-0.81.5-netconfig-use_systemctl.patch - /etc/modprobe.d/50-blacklist.conf: cleaned up obsolete/dropped kernel drivers (bnc#843141,bnc#843169). Thanks to Michal Marek! sk98lin: dropped from the kernel in 2.6.26 stradis: dropped in 2.6.38 (39c3d48) eepro100: dropped in 2.6.29 (6b1abba) slamr,slusb: no smartlink-softmodem-kmp since 10.3 ich2rom: rplaced by ichxrom in 2.6.12 (304aa41) eth1394: dropped in 2.6.37 (66fa12c) uhci: dropped in 2.5.27 tsdev: removed in 2.6.24 (7009317) snd_bt87x: duplicate of snd-bt87x clgenfb: replaced by cirrusfb in 2.5.67 cyblafb: replaced by tridentfb in 2.6.30 unikey: not in mainline history, 2.4? encode-{big5,gb,gbk,jis,kscm}: not in mainline history, 2.4? fbcon-{afb,ilbm,iplan2p2,iplan2p4,iplan2p8}: removed in 2.5.51 fbcon-{cfb2,cfb4,hga,mfb,vga-planes},fbgen: removed in 2.5.51 fbcon-{mac,vga}: removed in 2.5.28 vmware: never upstream, no reference in 2.5+ - bt878 card causes udevd to complain (bnc#800897) Fixed to use 'echo' shell builtin instead /bin/echo - version 0.81.5 - Fixed to support dummyX interfaces again (bnc#694810) - Improved default netconfig dns ranking defaults and man page. - Do not set "ap any" for wlags49* wireless driver (bnc#837941) - version 0.81.4 - Added IgnoreOnIsolate=yes to network@.service (bnc#841315) The network@<ifname>.service are marked as PartOf network.service, but this one way stop/restart dependency is not propagated on a systemctl isolate ("runlevel" change) and the network@ services were stopped. Added IgnoreOnIsolate=yes to stop them on network service stop only. - version 0.81.3 - Fixed to reload syslog on hostname changes using systemctl as there is no /etc/init.d/syslog script since syslog-service-2.0 (bnc#830467). - Added a systemctl guard to rpm post script - version 0.81.2 - Added otherproviders(/sbin/ifup) conflict to sysconfig-network. - Do not stop the network interfaces, but kill the network and all network@<ifname> services to kill all dhcp clients on uninstall. - version 0.81.1 - Initial network and network@ service files to avoid, that systemd udevd kills dhcp clients, which where forked from the udev hotplug rule and for better control (bnc#821879). - version 0.81.0 - Initial sysconfig split into udevmountd, sysconfig, -netconfig and -network packages, to allow another implementation of the /etc/init.d/network and /sbin/ifup scripts. - Dropped obsolete README files. - version 0.80.7 - use mountpoint utility without absolute path While on 12.3 there were a /bin/mountpoint, 13.1 moved it to /usr/bin/mountpoint without a compatibility link. Drop path when calling it, it should work both ways. Thanks to Andrey Borzenkov for his patch. - rcnetwork: fixed to not drop state while reload - netconfig: add /etc/resolv.conf options and sortlist Added global network/config NETCONFIG_DNS_RESOLVER_OPTIONS and NETCONFIG_DNS_RESOLVER_SORTLIST variables, allowing to set /etc/resolv.conf options and sortlist (fate#316048). - version 0.80.6 - Merged changes from $OBS/Base:System/sysconfig and SLE-11-SP3. - Fixed to set link settings on bonding slaves while enslave. Before enslaving a new slave, apply link settings like the MAC address or MTU to the slave as required e.g. for fail_over_mac active, where the bonding interface is using the MAC of the currently active slave (bnc#815025). [0002-Set-link-settings-on-bonding-slaves-while-enslave.patch] - Fixed to stop dhcp clients and remove IP addresses on not yet enslaved bridge ports and bonding slaves. The bridge or bond interface has the IP addresses assigned itself instead. The port/slave may still have IP addresses, when the IP config of an active (ethernet) interface has been moved into a bridge or bond config, e.g. while "virsh iface-bridge eth0 br0". There is no full ifdown for the port interface to not break the vlans (and their bridges) which may refer to the port too (bnc#813148). [0001-Flush-IPs-on-bridge-bond-children-ifup-bnc-813148.patch] - Add forgotten patch sysconfig-0.80.5.patch - Accommodate poll.tcpip to systemd - Fixed to wait for dhcp/ipv6 under systemd again. Fixed regression caused by bnc#785240, bnc#780644 fixes to not discard the dhcp/ipv6 dupplicate address detection in progress error codes under systemd completely, but wait until dhcp/ipv6 dad finished or the WAIT_FOR_INTERFACES timeout is reached and then discard in the status returned to systemd (bnc#808718). It caused failures of other services trying to bind tentative IPv6 addresses, e.g. in mixed dhcp4 / static IPv6 setups. Thanks to Rolf Eike Beer for the report/tests/debug outputs. [0001-Fixed-to-wait-for-dhcp-ipv6-under-systemd-again.patch] - Fixed to create migration marker directory before using it, it does not exists e.g. while CD based update (bnc#806989). - version 0.80.5 - Fixed to use a guarded migration hook from openSUSE < 12.3, that disabes the (always enabled before) NetworkManager.service on NETWORKMANAGER=no and mask the network.service (provided by the /etc/init.d/network script) on NETWORKMANAGER=yes until NM has been installed and enabled as network.service (bnc#803058). - version 0.80.4 - Fixed to use a suffix in ETHTOOL_OPTIONS variable to allow to apply every setting (e.g. 'gro off lro off') separately, as the ethtool utility stops at first failure and the NIC driver may reject settings when the link is not up or they're unsupported. Further, added ETHTOOL_UP_RETRY and ETHTOOL_UP_WAIT variables to optionally wait after the link has been set up and retry to set the ETHTOOL_OPTIONS*. Updated ifcfg(5) man page (bnc#787744) [0002-Allow-ETHTOOL_OPTIONS-SUFFIX-variables-bnc-787744.patch, 0003-Documented-ETHTOOL_OPTIONS-SUFFIX-variables-bnc-787744.patch] - Applied 81-mount.rules fix by Robert Milasan to not mount file systems with the noauto flag set (bnc#798641, [SWAMPID 50702]). [0001-Do-not-mount-file-system-with-noauto-flag-bnc-798641.patch] - version 0.80.3 - rcnetwork: reworked suspend/resume hooks (bnc#781106) - version 0.80.2 - rcnetwork: handle also partial -o type|skip options - version 0.80.1 - rcnetwork: Improved redirection and option handling and cleaned up obsolete localfs/remotefs options and network manager hooks. Honor SYSTEMCTL_OPTIONS variable which can be set to systemctl options e.g. --ignore-dependencies while yast2 second stage run (bnc#798348). - Fixed to use dhclient6 in dhcp6_client state variable (bnc#798828). - version 0.80.0 - Removed the NETWORKMANAGER=yes/no variable from network/config. The NetworkManager.service (or other) installs a network.service alias link while "systemctl enable" and removes on "disable", which masks the network.service provided by /etc/init.d/network. Current service has to be stopped while "enable" or "disable". The "systemctl -p Id show network.service" is used to query the currently enabled network service. It returns either the name of the service providing the alias, i.e. NetworkManager.service or network.service - when the /etc/init.d/network provides it. The /etc/init.d/network script forwards common actions (start, stop, ...) to systemd which executes them for the currently active network.service. (bnc#764055,bnc#764336,bnc#798348). - Adopted /etc/init.d/network, netconfig, ifup to use the service Id query instead of NETWORKMANAGER variable, added forwarding. - Removed NetworkManager start/stop code from /etc/init.d/network and disabled NetworkManager dispatcher hook installation. - Added removal of the NETWORKMANAGER variable to spec post-install - Fixed to correctly apply STP constrains also to float time values with a 1/100 sec precision (bnc#753387,bnc#794720). [0002-ifup-bridge-handle-1-100-sec-precision-stp-times.patch] - Updated bridge documentation link in ifcfg-bridge.5 (bnc#791553). [0001-Updated-bridge-documentation-link-in-ifcfg-bridge.5.patch] - version 0.76.8 - Changed rcnetwork to not report dhcp in background to systemd (bnc#785240,bnc#780644). You may set DHCLIENT_MODIFY_SMB_CONF to "no" in /etc/sysconfig/network/dhcp as the samba/cifs hooks make systemctl calls to reload/restart nmb and other services which block (systemd deadlock) ifup scripts for a long time. - Reverted ifup pre/post and if-up.d/if-down.d scripts processing feature in background and removed WAIT_BACKGROUND_JOBS variable as it tends to cause unexpected behavior / side effects. - Replaced udevrulesdir patch with --with-udevdir configure option. - Removed obsolete network-remotefs init script (disabled before). - Added patch (set_new_udevrules_dir.patch) to ensure that the udevmountd and the udev rules are installed at the right place (/usr/lib/udev) - version 0.76.7 - Start ifup pre/post and if-up.d/if-down.d scripts in background. The new network/config variable WAIT_BACKGROUND_JOBS specifies the wait limit. Default is 5 secons, 0 disables backgrounding and reverts to previous blocking behavior. Attempt to solve the issues where interfaces are not come up in time, because some hook-script are blocking ifup (bnc#780644). - Execute netconfig/ntp-runtime updates in background (bnc#780644). - Man-page hint to use STARTMODE=nfsroot when using iSCSI or FCoE. - version 0.76.6 - Fixed to check and reject too long interface names or names with suspect characters, do not wait when creation of virtual interface name fails (bnc#784952). - Fixed to not report failure while setting unsupported power management option in ifup-wireless as the support and features depends on the driver (bnc#716652). - Fixed ifup-dhcp to not start dhcp clients too early or they may be unable to send packets and just increase resend time. Instead, load af_packet module early and wait for link ready (bnc#780644). - Fixed netconfig/ntp-runtime to not use try-restart as its start may block for a while, so just add servers ourself. When ntpd is not running (not yet started), the init script will pickup our servers later (bnc#780644). - version 0.76.5 - Added support for NOZEROCONF option to disable zero config route. - version 0.76.4 - Check before running a script in netcontrol_services (bnc#775281). - Applied patch blacklisting uas driver confirmed by Intel as a hopeless case (bnc#770301). - /etc/init.d/network: do not check the renamed-flag when udev daemon is not running as in LXC containers. It caused to wait until the udev rename finished with a not started network and failure result (bnc#771615). - version 0.76.3 - Fixed ifrenew-dhcp to use built-in dhcpcd --renew (bnc#763533). - Moved the X-Systemd-RemainAfterExit LSB tag before Description in /etc/init.d/network scripts as workaround for the case that a not yet fixed systemd is in use (bnc#763533). - Fixed to differentiate ib/ibchild/bond types and stop ib-bond interfaces correctly. - version 0.76.2 - ifup-bridge: apply stp contstrains when STP is on (bnc#753387) - ifup-route: fixed use of -4/6 option for ip route (bnc#745252) and do not require dummy gateway for ipv4 multicast routes. - Added tests to the 77-network.rules rule file if the /sbin/ifup and /etc/sysconfig/network/scripts/ifup-sysctl exist (bnc#724775), disabled ipw3945d.sh script run and updated 81-mount.rules file to work with more actual udev versions. Thanks to Robert Milasan, who proposed these changes. - In poll.tcpip avoid warnings messages of fetchmail by using the owner ship of the system wide configuration file /etc/fechmailrc which should be owned by the user and group mail. - version 0.76.1 - Updated GPL in doc/COPYING, address statements, spec tags. - Disabled obsolete network-remotefs as /usr is mounted in initrd when needed and we don't need to handle it any more (equivalent with a remote /-fs now). More cleanup follows. - Always enable boot-wait mode under systemd - Improved extradebug to include all args and to log pid. - Filter out labeled ipv4 addresses in get_ipv4address used to fetch the 1st address from the TUNNEL_DEVICE interface. Allows to configure a label for each address that should be skipped. Updated ifcfg-tunnel.5 man page. (bnc#741453) Thanks to Jon Nelson for his report with a fix proposal! - Explicitly disabled posix mode in all bash scripts as we are using several features not supported in posix mode (bnc#739338). - Fixed ipv6 dad / link ready wait time calculation (1/10 of the specified time) and replaced useless up flag check loop with link_ready_wait to avoid send errors from dhclient6 (bnc#697929). - Added to require vlan, bridge-utils and tunctl packages via spec, that are often required in base networking configurations and are missed otherwise in 2nd installation stage, that may be unable to install them for some reason (bnc#733118). - Fixed incorrect exists_iface_config test in ifprobe (bnc#728611#c19) - Fixed to quote config / interface variables in ifservices script and cleaned up content of the ESSID which gets appended to them by NetworkManager dispatcher hook (bnc#735394, CVE-2011-4182). Fixed also to return proper exit code 0 in NM dispatcher hooks. - version 0.76.0 - Do not suggest dhcp6c client from dropped dhcpv6 package in ifup-dhcp, marked dhcp6c as deprecated in network/dhcp and changed to use dhclient6 as first choice (bnc#734723). - Added X-Systemd-RemainAfterExit: true LSB header (bnc#727771) - Fixed iBFT support to not use any ifcfg files, added workaround for virtio iBFT references (additional path component), try to request the iBFT IP-Address in DHCP mode and apply the iBFT DNS name servers (when any) via netconfig (bnc#723796). - Changed to call ip addr flush in ifdown, but after ip link set down as it does not cause ipv6 sysctl tree side effects then at least with more recent kernels (bnc#580018,bnc#559170). - add libtool as buildrequire to avoid implicit dependency - Changed NM_ONLINE_TIMEOUT default back to 0 to avoid unneeded waiting for NM interfaces at boot (bnc#722304) - version 0.75.4 - Don't fail when wireless power setting isn't supported Thanks to Manuel Stol for the patch (bnc#716652). - Cleanup link / dad wait verify flag after status update - Fixed inverted link ready return value test - version 0.75.3 - Handle changing between ifup and NM with systemd and fixed to enable boot flags in /etc/init.d/network while booting under systemd (bnc#719214). - Wait/check until the end of ipv6 duplicate address detection to not cause failures of following services (bnc#697929). - version 0.75.2 - Added additional state for network-remotefs, so correct status is shown after remotefs has been stopped. Stopping localfs, stops remotefs when it is started as well (bnc#592270). - Use max_bonds=0 bond modprobe option to avoid automatic bond0 interface creation as we may need a different name. Do not set the bond interface link up before enslaving - this is not needed by bonding any more with current kernels. - version 0.75.1 - Warn and ask the user to report a bug when the ifcfg defines the INTERFACETYPE variable to override behaviour of ifup: There is a bug in ifup when it is required to define it (bnc#711762). Improved also variable description in ifcfg.5 manual page. - Added missed dhcp4,dhcp6,ibft,none BOOTPROTO values to ifcfg.template (bnc#701000). - Added WIRELESS_AUTH_MODE='no-encryption' option handling to ifup-wireless, because YaST sets it (bnc#648830). - Fixed get_depending_ifaces to not return bonding slaves by default as it is not required to stop the slaves before the bonding master goes down and in fact it may cause a system hang, when the slaves are infiniband child interfaces, that are deleted while ifdown (bnc#698478). - Fix incorrect systemd detection in disable-NM-under-systemd.patch - Added vpnc to the default list of preferred services for DNS ranking (NETCONFIG_DNS_RANKING=auto). - Add disable-NM-under-systemd.patch: don't handle NM startup with network initscript when running under systemd. - Fixed to apply wireless power settings and allow any setting as defined in the iwconfig(8) manual page. - Do not use -fno-strict-aliasing when not needed - remove /var/lock/subsys references - version 0.75.0 - Moved 77-network.rules and 81-mount.rules to /lib/udev/rules.d as both contain static rules. - Fixed spec to use 0600 mode for ifcfg-lo, because of bnc 670871. - Send gratuitous arp when new SEND_GRATUITOUS_ARP variable is set to yes either in global network/config or in per-interface ifcfg file. Fixed to use CHECK_DUPLICATE_IP for ipv4 only (bnc#617373). - Enslave a slaves into a bond on hotplug "up" event (bnc#669361). - fixed postinstall script to avoid, that (wireless) ifcfg files become world readable while installation because of a fillup run; changed to explicitly set 0600 permissions (bnc#670871). - version 0.74.5 - netconfig: strip trailing dots from domains dns search list as added by the dhcp 4.x dhclient(6), to skip duplicates. - Fixed gawk patch to skip oldnet2new.sh - not in dist archive. - Use gawk directly as in our dependencies instead of just awk, that is a /etc/alternatives link, that may be broken in rare cases (bnc#664726). - Fixed typo in doc/ifcfg.5, IPv4 autoip, not IPv6 - version 0.74.4 - Fix for udevmountd to allow mounting of multipath devices. With this and the corresponding multipath-tools patch, iscsi mounting works as advertised, both multipathed and non-multipathed (bnc#630434). - Fixed ifup-bonding to fail and remove bond when there are no active slaves at the end and not on enslave failure (bnc#660774). - version 0.74.3 - Use iBFT primary or PXE BOOTIF inteface as primary dhcp interface (sets the default route and hostname) and the "first up interface wins" selection used before as fallback, when there is explicit user configuration available. Updated the DHCLIENT_PRIMARY_DEVICE variable description, added it also to the global network/dhcp config file (bnc#653365). - Improved default vlan name scheme docs in ifcfg-vlan.5 man page. - Use startmode auto instead of onboot in ifcfg-lo (bnc#533818) - Dropped obsolete and confusing etc/modprobe.d/50-ipv6.conf file (bnc#632530, bnc#656916). - Fixed link_wait scriptname check and ping usage (bnc#644738); improved to allow the user to specify the steps. - add a virtual provides for network script - version 0.74.2 - Adopted to search tunctl in /sbin (bnc#650468) - Fixed check if ipv6 is enabled in ifup-dhcp (bnc#616765). - Fixed ifplugd-selectif script to use -1 as default carrier flag and initialize interface type when unset to correctly print wireless instead of cable messages (bnc#637183). - Require wpa_supplicant if a wpa_supplicant config is specified - Improved ifup-bridge port prio and cost handling. Allow to specify '-' in BRIDGE_PORTPRIORITIES or BRIDGE_PATHCOSTS lists to skip setting of the port prio or path cost for particular ports while setting it for others. - Fixed init flags to not start network in runlevel 2 (bnc#638508). - version 0.74.1 - Fixed wireless hardware to wext/nl80211 WPA driver mapping. Changed to use -Dnl80211,wext by default for untested drivers to let the wpa_supplicant fallback to wext when nl80211 is not available. Adjusted info message about untested drivers and enabled untested driver handling also in case wpa_supplicant is not required but the user prefers to use it (bnc#623340, [#623676],#624182,#625403,#631283). Thanks to all reporters, especially to Larry Finger and Vladimir Botka! - version 0.74.0 - Changed ifup-wireless to use wext wpa driver for the rt2870sta, ipw2200 and ipw2100 wlan adapter driver (bnc#623676,bnc#623340). - Fixed check whether ipv6 is enabled or not in /sbin/ifup-dhcp to avoid dhcpv6 client start in case the interface is configured to start both, dhcpv4 and dhcpv6 clients (bnc#616765). - version 0.73.7 - Added writing of name server addresses to /etc/resolv.conf in forwarder mode ("bind", "dnsmasq") as fallback for the moments, when the local forwarder process is stopped, e.g. during update (bnc#607511). Set NETCONFIG_DNS_FORWARDER_FALLBACK=no to revert. - Fixed ifup-bonding to not fail, when the bonding already exists (bnc#609809) or when bonding options are using numeric arguments instead of names (fixes also bnc#572367). - Added BONDING_SKIP_REMOVE_WORKAROUND variable allowing to skip bonding interface removal in ifdown as workaround for kernel modules not reacting correctly to UNREGISTER event (bnc#576355). - Updated USERCONTROL variable description (bnc#605853). - Removed obsolete (pre 10.3) migration hooks - Removed dbus from Required-Start in /etc/init.d/network, added earlysyslog to Should-Start - Use wext wpa driver for the broadcom wl hw driver (bnc#585802). - version 0.73.6 - Completed and enabled dhclient6 support. - version 0.73.5 - Added WIRELESS_WPA_DEBUG_OPTION option with default of -dddt used while wpa_supplicant start when DEBUG is set (yes or wireless). - Fixed ifup-wireless to use PREFER_WPA_SUPPLICANT=yes when unset as specified as default in ifcfg.template. - Switched to use the new nl80211 wpa_supplicant driver required to support WIRELESS_REGULATORY_DOMAIN by default in the ifup-wireless. Can be switched back using WIRELESS_WPA_DRIVER='wext' (bnc#585802). - Updated interface type detection checking new sysfs tun_flags for tap and the phy80211 link for mac80211 based wireless interfaces. - Use git commands when in git repository (show/create ChangeLog) - Documented xen routed network setup using sysconfig mechanizms in the README.virtualization. - added none option to WIRELESS_POWER and made it default - make the network script cleanup the netconfig scripts on stop, so that it doesn't have to be done on boot - where it's much more expensive - version 0.73.4 - Removed the haldaemon Required-Start/Stop dependency from the /etc/init.d/network-remotefs script, NetworkManager dropped it. - Added reading of a temporary startmode in ifdown to skip stopping of the interface and avoid shutdown problems when multipathed iscsi device was mounted (bnc#581259). - Do not use own ipoib mode/umcast defaults in ifup-infiniband but honor the /etc/sysconfig/infiniband:SET_IPOIB_CM=yes/no setting and apply when explicitly requested only (bnc#579555). - Fixed ifup-dhcp to check the complete state mark also for dhclient, that reports it now too (bnc#585380,bnc#518219). - Fixed dhcpcd-hook to call ifup ... -o dhcp (if-up.d/ifservice scripts) when dhcpcd reports "complete" configuration instead in "up", so also the new hostname is already set (bnc#583800). - Fixed to apply (per interface) sysctl settings also in ifup, so changes to the configuration have an effect (bnc#494958). - Added scripts/link_wait disabled by default, that can be used via if-up.d to check whether an interface is ready to use or just wait some time in cause of devices that does not report the link state correctly (bnc#570935). - Fixed ifdown to stop dhcp, flush IPs and set down interfaces marked BOOTPROTO=none (slave/ports) or the dhcp clients, ... will stay active after a rcnetwork restart when an interface configured with dhcp gets reconfigured as a bridge port or a bonding slave. Fixed ifstatus to report accurate status codes, so rcnetwork does not show red errors for virtual interfaces with STARTMODE=off (bnc#581245,bnc#562030). - Fixed ifdown-dhcp to remove pid file that can't be cleaned up when the client has been killed with -KILL (e.g. nfsroot case) and fixed ifdown to not execute ifdown-dhcp twice (bnc#524675). - Changed to use expanded option lists for netconfig actions in usage text (bnc#569609). - Improved netconfig.8 DNS forwarder/static servers documentation and yast2 meta tags in network/config file to show the currently available settings (bnc#580361,bnc#580506). - Filter out loopback addresses from forwarder configs (dnsmasq, bind) in NETCONFIG_DNS_FORWARDER!=resolver mode, so they don't cause any loop and allow them in /etc/resolv.conf to make it possible to get the system running, when the glibc feature to use the name server on the local machine gets broken again or the user wants ipv4 only (bnc#580361,bnc#549447,bnc#441947). - Fixed ifdown-dhcp to release a dhcpv6 lease correctly when requested, added a separate DHCLIENT6_RELEASE_BEFORE_QUIT variable (bnc#524675). - Consider the bind mounted files scenario instead of symlinks to a writable location in all netconfig calls to create temporary files. - Applied patch by agruen@suse.de: When no temporary files can be created next to /etc/resolv.conf (like /etc/resolv.conf.XXXXXXX), create the temporary file in /tmp instead: the root filesystem may be read-only, and /etc/resolv.conf may be bind mounted to a writable location. Likewise for /etc/yp.conf. - do not require hal, NetworkManager dropped it - Added route proto filter to ifstatus-route to evaluate only routes that may have been set by ifup-route and skip routes added e.g. by zebra to not to waste CPU for big zebra routing tables (bnc#572205). Thanks to Adrian Ban for initial patch! - Fixed ifup-802.1q script to correctly search for the interface name of a vlan id in case multiple interfaces are using same vlan id. Thanks to Adrian Ban for a correction! (bnc#572186) - version 0.73.3 - Fixed netconfig module/action exit code propagation (bnc#568398) - Applied udevmountd udev rule patch by Ludwig Nussel: don't handle crypto devices, boot.crypto does that already (bnc#569942) - Fix to allow ifup $tap when it already exists, e.g. created by kvm (bnc#557864). - Synchronized ifup-dhcp and dhcpcd configuration steps to report status after dhcpcd really finished all its steps (bnc#518219). - Improved detection if a dhcp client is running, causing ifup-dhcp and the network script to report false failures, when the client forks at the moment of the check (bnc#562030 and others). - Fixed rc option handling in ifup-sysctl, show own name in debug - Documented the if-up.d/ndp-proxy and its config file in the ifndp-proxy.5, fixed to follow the sysconfig config file name conventions (fate#304415). - Added ifup-sysctl script applying per interface sysctl settings and documented it in the ifsysctl.5 man page (bnc#494958). - enable parallel building - version 0.73.2 - Fixed to not set WIRELESS_AP at all for wl driver (bnc#555774) - Avoid error message, when pcmcia device does not provide its vendor/name info via sysfs device/prod_id files (bnc#551640). - Allow ifup lo, even NetworkManager is active or it breaks the lo setup via /etc/init.d/boot.localnet (bnc#547620,bnc#547928). - First implementation of BOOTPROTO=ibft (fate#308283,bnc#542225) causing to either start dhcp client or skip any setup -- it is already done in the initrd. Intended to use on systems with iBFT firmware together with STARTMODE=nfsroot. - Documented BOOTPROTO=ibft (fate#308283,bnc#542225), dhcp4 & 6 and CIDR/IPv6 route notation in ifcfg.6 and routes.5 man pages. - Improved network/config and network/dhcp variable documentation adding notes, that the NetworkManager and the dhclient started by the NetworkManager are not using any sysconfig settings (bnc#551690). - Documented netconfig DNS service ranking (fate#306342). - Added racoon to netconfig dns ranking defaults (bnc#550706). - Fixed spelling mistake in ifcfg.template (bnc#537428). - Fixed typo in convert_persistent_name_rules script causing to generate persistent name rules on update, not matching MAC address (bnc#546575). - Added ar9170* to wpa_supplicant wext driver mapping (bnc#546561). - version 0.73.1 - Implemented if-up.d/ndp-proxy plugin required to set proxy-ndp (ipv6) and proxy-arp (ipv4) adresses in a xen routed setup (fate#304415). - Changed to use NM_ONLINE_TIMEOUT="30" by default (fate#307610). - Improved netconfig update -m filter/usage text (fate#306274), improved netconfig usage text to show active modules and module groups and to print debug messges about disabled/skipped modules. - First implementation of netconfig DNS service ranking allowing to specify which service provide preffered, e.g. vpn, and which fallback settings, e.g. avahi (fate#306342). Cleaned up netconfig.d/nis and ntp-runtime modules, apply policy with disabled filename glob expansion. - Fixed support of eth0.VLAN interface name schema as well as custom names, documented it in the ifcfg-vlan(5) manual page (bnc#534032, fate#305947). - version 0.73.0 - Implemented netconfig update -m filter (fate#306274) - Fixed to check for 'iw' utility only when it is required to set the wireless regulatory domain (bnc#539669). - Fixed typo in ifstatus causing to return bad code (bnc#542230). - Blacklisted mISDN modules in /etc/modprobe.d/50-blacklist.conf (bnc#537052). - build with -fno-strict-aliasing - Fixed to just reload bind instead of try-restart in netconfig (bnc#541035). - version 0.72.4 - Added note to WIRELESS_REGULATORY_DOMAIN variable description in /etc/sysconfig/network/config, that it needs the new nl80211 wpa driver, that can be enabled using the WIRELESS_WPA_DRIVER ifcfg variable on a per interface basis (bnc#537708). - Fixed typo in md-on-iscsi-automount 81-mount.rules (bnc#509495). - Implemented support to set the wireless regulatory domain using WIRELESS_REGULATORY_DOMAIN network/config variable (fate#305301). - Added check for hostname changes to avoid a syslog reload in dhcpcd-hook when it didn't changed (fate#305702,bnc#466198). - Fixed waiting for successful connection in NetworkManager in the /etc/init.d/network script by removing nm-online's --exit option, that caused to exit immediately instead of waiting up to NM_ONLINE_TIMEOUT seconds, because the NetworkManager has been started just now and not ready yet (bnc#515629). - Added additional dhcp client specific start options variables DHCPCD-, DHCLIENT- and DHCP6C_USER_OPTIONS, enabling the user to set custom options in special cases (bnc#524695). - version 0.72.3 - Updated kernel driver to wpa_supplicant driver name mappings, added WIRELESS_WPA_DRIVER ifcfg variable allowing the user to specify/override the wpa driver (bnc#477833, bnc#481380). - Fixed redirection in ifdown-bonding, remove_bond function. - Improved to use faster pgrep in dhcp searching functions - version 0.72.2 - Marked tap interfaces as supported in rcnetwork localfs flow, to start a bridge with tap port in localfs flow (bnc#522225). - Fixed spec file to remove the HOTPLUG_CHECK_FILESYSTEMS and HOTPLUG_MOUNT_FSTAB variables from /etc/sysconfig/storage instead of removing of the complete file (bnc#528759). - Disabled installation of obsolete README.storage, README.s390, getcfg, hwup and modify_resolvconf manual pages. Updated and moved README.hwcfg_and_device_initialisation to package docs. - Disabled installation of the obsolete hwup script (bnc#483774, fate#306215). - version 0.72.1 - Fixed netconfig regex checks to work with some non-English (e.g. Estonian) locales and to allow spaces in lease file (bnc#488257). - Applied fix for the obsolete hwup utility to work with ccwgroup (qeth,lcs,ctc) devices on s390x (bnc#483774). - Applied patch for udev 81-mount.rules to allow md devices on iscsi to automount (bnc#509495). - Fixed dhclient6 variable typos in ifup-dhcp (bnc#524691). - Improved IFPLUGD_PRIORITY documentation in ifcfg(5) man page. - Improved the NETCONFIG_DNS_FORWARDER documentation to list the valid settings in netconfig(8) man page (bnc#507979). - Fixed scripts/extradebug to avoid huge files it created. - Changed is_iface_available() to use interface type only - Changed to use /dev/.sysconfig/network instead of the POSIX shm path /dev/shm/sysconfig, that may be a dedicated file system (bnc#335486). - Applied fastboot patch from Moblin:Factory to avoid a sleep. - drop (already unused) libsysfs from build - version 0.72.0 - Improved to use /etc/sysconfig/network/scripts/firewall hook link for all optional calls to the firewall script allowing the user to point the link to another script. SuSEfirewall2 provides the script and the link by default (bnc#485450). - Improved makefiles and configure script, added more tests. - Improved ifup -o hotplug to filter by interface type, updated 77-network.rules udev rule (fate#305947). - Changed to exit in ifup when network manager is enabled/active. - Removed obsolete nm "up" notification and NM_CONTROLLED variable. - Use usleep for more often - version 0.71.15 - Added /etc/modprobe.d/50-ipv6.conf config (noreplace install) with IPv6 enabled by default; added renaming of yast2-network created ipv6 file to 50-ipv6.conf in post-install (bnc#485947). - Fixed overlapping messages in rcnetwork output (bnc#406887). - Fixed ifup-wireless to not set nick by default that breaks several drivers (bnc#478513). - Fixed ifup-wireless to set ap to 'off' instead to 'any' for the madwifi driver that does not support 'any' (bnc#402438). - Fixed network scripts to handle dummy interfaces (bnc#436857). - Fixed ifroute script parsing of final lines without EOL in ifroute files (bnc#467165). - renamed modprobe config to /etc/modprobe.d/50-blacklist.conf (required by new module-init-tools). ==== syslinux ==== - syslinux-4.04-lzo.diff: fix lzo memory aliasing issue (bsc#1125616) - Add remove-note-gnu-section.patch: strip a newly added section in order to fulfil ELF size limits expected. - sysmacros.patch: include for major/minor ==== systemd ==== Subpackages: libsystemd0 libsystemd0-32bit libudev1 libudev1-32bit systemd-32bit systemd-bash-completion systemd-sysvinit udev - Add 0001-systemd-PID1-crash-with-specially-crafted-D-Bus-mess.patch (bsc#1125352 CVE-2019-6454) - Import commit 98de7a2368c96c3914bca239b35d5b1de6bffcc2 434d2010d0 sd-bus: if we receive an invalid dbus message, ignore and proceeed 0cbdb75339 automount: don't pass non-blocking pipe to kernel. - Import commit 7902374f4046d3515973c2292fe764967cfc2309 b808bd8f67 units: make sure initrd-cleanup.service terminates before switching to rootfs (bsc#1123333) 58a5ac4cca logind: fix bad error propagation fb118b996e login: log session state "closing" (as well as New/Removed) e0065eec98 logind: fix borked r check 4a978123cd login: don't remove all devices from PID1 when only one was removed c7af85fa55 login: we only allow opening character devices d21d3f32d1 login: correct comment in session_device_free() a5c15fde73 login: remember that fds received from PID1 need to be removed eventually 12ed3e765a login: fix FDNAME in call to sd_pid_notify_with_fds() d16ea1c77a logind: fd 0 is a valid fd 06546129b3 logind: rework sd_eviocrevoke() 5b40830fcb logind: check file is device node before using .st_rdev 5d69862a26 logind: use the new FDSTOREREMOVE=1 sd_notify() message (bsc#1124153) 6b10a71597 core: add a new sd_notify() message for removing fds from the FD store again 767e6baa0e logind: make sure we don't trip up on half-initialized session devices (bsc#1123727) 95828c00c4 fd-util: accept that kcmp might fail with EPERM/EACCES c1448fc331 core: Fix use after free case in load_from_path() (bsc#1121563) - Import commit 72e2d92e01b6e4686e6ac0b9cea391eb2ad4bc02 fc4e41ca9e core: include Found state in device dumps 8f795776b1 device: fix serialization and deserialization of DeviceFound 2af4971594 fix path in btrfs rule (#6844) f8ac04cffb assemble multidevice btrfs volumes without external tools (#6607) (bsc#1117025) c96249b50c Update systemd-system.conf.xml (bsc#1122000) 37245007a7 units: inform user that the default target is started after exiting from rescue or emergency mode ==== texlive-specs-n ==== - Extend patch latexdiff_perl.dif to fix boo#1118796 yet an other unescaped left brace with perl ==== transactional-update ==== Version update (2.12 -> 2.13.1) Subpackages: transactional-update-zypp-config - Update to version 2.13.1 - Bugfix: Clean up empty /etc snapshot directories again - Use official release files from GitHub for building - Update to version 2.13 - Fix a serious data loss problem (deleting all files in /etc overlays) in case /var/lib/overlay/etc is not part of any snapshot any more. - Avoid error message in case a system has no /etc/fstab.sys ==== trytond ==== Version update (4.6.12 -> 4.6.13) - Version 4.6.13 - Bugfix Release ==== trytond_account ==== Version update (4.6.8 -> 4.6.9) - Version 4.6.9 - Bugfix Release ==== virt-manager ==== Version update (2.0.0 -> 2.1.0) Subpackages: virt-install virt-manager-common - Upstream bug fixes (bsc#1027942) f7508d02-addhardware-Fix-setting-optimal-default-net-model.patch 1018ab44-inspection-handle-failures-in-application-listing.patch ae8a4f3d-engine-Fix-first-run-startup-error.patch - Update to virt-manager 2.1.0 (fate#326786) virt-manager-2.1.0.tar.bz2 virtman-fix-env-script-interpreter.patch * Bash autocompletion support (Lin Ma, Cole Robinson) * UI and command line ?vsock support (Slavomir Kaslev) * virt-xml: Add ?os-variant option (Andrea Bolognani) * virt-install: use libosinfo cpu, mem, disk size defaults (Fabiano Fidencio) * virt-install: Better usage of libosinfo -unknown distro IDs (Fabiano Fidencio) * virt-install: More usage of libosinfo for ISO ?location detection * virt-install: Add ?location LOCATION,kernel=X,initrd=Y for pointing to kernel/initrd in media that virt-install/libosinfo fails to detect - Drop 25b88733-urldetect-Dont-overload-suse_content-variable.patch 9308bae3-util-Fix-typo-vpcu-vcpu.patch b8aff280-virtinst-quickfix-ubuntu-net-preseed-insert-cdrom-error.patch c30b3bc6-increase-timeout-for-vm-to-start.patch virtinst-use-latest-opensuse-version-when-unknown-media.patch ==== vlc ==== Version update (3.0.2 -> 3.0.6) Subpackages: libvlc5 libvlccore9 vlc-codec-gstreamer vlc-lang vlc-noX vlc-qt - Add fix-build-with-fdk-2.0.patch to fix building vlc with libfdk-aac v2 - Add 0001-codec-vpx-Detect-libvpx-1.8.0.patch to fix building vlc with libvpx 1.8.0 - Add the libx26410b_plugin.so codec plugin when building with BUILD_ORIG - Update to version 3.0.6: + Core: * Fix potential subtitle picture allocation failures + Codec: * Add support for 12 bits decoding of AV1 * Fix HDR support in AV1 when the container provides the metadata - Add support for Chromecast discovery with Avahi. The current upstream implementation uses microdns, which is not available in openSUSE, and would also cause problems (2 mDNS implemenations running concurrently). * Add 0001-Fix-leaking-AvahiServiceResolver-in-the-error-paths.patch * Add 0002-Add-Avahi-implementation-for-chromecast-renderer-dis.patch - Spec file cleanup, remove obsolete suse_version checks - Update to version 3.0.5: + Access: * Improve RTSP playback * BluRay fixes and improvements, notably for menus and seeking * Improve the UDP/RTP truncated issue + Codec: * Add a new AVI decoder based on the davld library * Enable libaom decoder by default * Fix decoding of some HEVC streams with macOS hardware decoding + Demux: * MP4: Fix reading of some HDR metadata * Miscellaneous AV1 demuxing improvements * Fix CAF integer-underflow * Fix an MKV crash on iOS 12.0 on iPhone XS phones + Packetizer: * Add an AV1 packetizer + Audio output: * Fix corking when the playback state is paused * Improve corking on Android + Video Output: * Fix Direct3D11 tone-mapping when HDR is displayed on SDR screen * More accurate colors for SD sources in Direct3D11 * Disable hardware decoding on some old Intel GPUs * Fix zero-copy GPU acceleration on AMD RX Vega * Misc Direct3D11 fixes + Miscellaneous * Improve ChromeCast * Update numerous 3P libraries, including for minor security issues * Update YouTube support * Fix subtitles rendering with specific fonts with negative HA - Update to version 3.0.4: + Decoder: * Blacklist some intel GPU when decoding HEVC * Decode AV1 streams * Fix playback of low-fps files * Fix hardware decoding of low-latency sliced H.264 streams on macOS * Fix seeking with streams containing WebVTT subtitles * Fix decoding some CC-608 streams with roll-up * Fix crashes with LPCM streams * Fix colorspace of JPEG, PNG and screen inputs * Fix MediaCodec rotation handling + Demux: * Improve FLV fps detection * Fix some ogg/flac * Improve support for broken HEVC inside MKV * Fix some AVI regression for broken files and for DVAudio * Support files splitted in the .mts%d pattern * Fixes for MKV seeking * Fix for MP4 disabled track selection * Fix playback of incomplete RAR files (downloading) + Audio Output: * Improve iOS session management and resume-from-pause * Improve macOS audio performance * Support 44.1kHz DTS passthrough * Fix crashes on DirectSound output + Video Output: * Fix some crash in Direct3D11/Direct3D9 because of sensors * Fix some broken DVD subtitles rendering (OpenGL, notably) * Fix crashes on old mac machines, after some time * Fix memleaks on the EGL output (Android notably) * Fix misc display in Direct3D11 due to broken drivers * Fix potential green screen on Windows XP + Text renderer: * Fix rendering of arabic fonts fallback on macOS * Fix head buffer overflow on macOS with some fonts * Fix rendering of fonts with specific fonts * Fix some RTL rendering + Misc: * Fix live555, macOS-UI, screen capture crashes * Change the extension registration names on Windows * Fix VLM 'now' date * Fixes on the HTTPD server * Fix on the NTservice registration * Fix --stop-time option * Fix ChromeCast compatibility with web interface * Fix subtitles alignment * Fix infinite recursion on directory playback * Fix detection SAT>IP servers + Qt: Fix tooltip display when using Wayland + Updated translations - Drop vlc-qt-5.11.patch: fixed upstream. - fix last change for openSUSE < 1500 conditionally include libglconv_vaapi_wl_plugin.so only - Move plugins that link X-libraries from vlc-noX to vlc. - Require(post) vlc-noX for the -qt, -codecs, -jack and -vdpau sub-package: all those packages execute vlc-cache-gen (boo#1094893). - Update to version 3.0.3: + Core: Update subtitles display while paused. + Access: Enable srt support on binary builds. + Decoders: * Allow videotoolbox hardware decoding to be disabled * Disable VideoToolbox for 10bits H.264 * Fix VideoToolbox with some invalid HEVC streams * Fix subsdec wide character support * Fix 1st order Ambisonics in AAC + Demux: * Miscellaneous ogg improvements & bugfixes, including oggds * Fix forced tracks selection * Fix Topfield files * Probe AAC/ADTS inside TS * Fix tracks detection issues with DolbyVision and Bluray streams + macOS: * Fix "Open Network Stream" URL box focus * Add option to disable hardware acceleration for video decoding * Remove option to force dolby mode from simple preferences + Video Output: Fix crashes on Direct3D11 + Qt: * Fix tooltip display on some desktop environments * Fix spurious movement of the main Window * Fix playlist being displayed in fullscreen + Misc: * Fix amem output * Fix numerous issues on fonts fallback and font shaping * Fix subtitles toggle through hotkeys * Fix audioscrobbling * Fix buffer over-read in avcodec audio encoding with non-default layouts * Numerous 3rd party libraries updated, fixing security issues + Updated translations. - Drop 0001-Update-czech-translation.patch: fixed upstream. - Simplify projectM condition: available on all openSUSE versions. - Enable chromaprint only on openSUSE. - For now build without wayland on SLE15: dependencies need to be chased up. - Fix version dependency for libbluray (>= 0.6.2). - Add pkgconfig(srt) BuildRequires: Build srt plugins. - Add vlc-qt-5.11.patch: Fix build against Qt 5.11 (boo#1093732). ==== xen ==== - Update to Xen 4.12.0 RC2 release (fate#325107, fate#323901) xen-4.12.0-testing-src.tar.bz2 - bsc#1121391 - GCC 9: xen build fails gcc9-ignore-warnings.patch ==== xkeyboard-config ==== Subpackages: xkeyboard-config-lang - U_Map-evdev-keycodes-KEY_RFKILL-and-KEY_WWAN-to-XF86RF.patch * fixes missing mappings for evdev keys KEY_RFKILL and KEY_WWAN (boo#1123784) ==== yast2 ==== Version update (4.1.54 -> 4.1.55) Subpackages: yast2-logs - Fixed license file ordering issue causing a random test failure (bsc#1125722) - 4.1.55 ==== yast2-bootloader ==== Version update (4.1.16 -> 4.1.17) - Do not crash if generated grub.cfg is missing (bsc#1124064) - 4.1.17 ==== yast2-control-center ==== Version update (4.1.5 -> 4.1.6) Subpackages: yast2-control-center-qt - Fix icon display to new libyui-qt function (boo#1125424) - 4.1.6 ==== yast2-country ==== Version update (4.1.7 -> 4.1.8) Subpackages: yast2-country-data - fix timezone setting when switching utc/local time (bsc#1087228) - 4.1.8 ==== yast2-installation ==== Version update (4.1.35 -> 4.1.36) - Save the used repositories at the end of installation to not offer the driver packages again (bsc#953522) - 4.1.36 ==== yast2-packager ==== Version update (4.1.26 -> 4.1.27) - Automatically preselect the driver packages from new repositories (bsc#953522) - 4.1.27 ==== yast2-python-bindings ==== Version update (4.0.8 -> 4.0.9) - Fix python3 bindings error showning 'unexpect exception' and no trace information for errors; (bsc# 1126112). - 4.0.9 ==== yast2-samba-client ==== Version update (4.1.0 -> 4.1.1) - Perform the workgroup lookup using samba python bindings; (bsc#1124390). - 4.1.1 ==== yast2-storage-ng ==== Version update (4.1.55 -> 4.1.66) - Suggest /boot/efi as the mount point for EFI System Partitions (bsc#1088120) - 4.1.66 - filesystem label is kept when using existing partitioning (bsc#1087229) - 4.1.65 - Partitioner: add new tab in Bcache section to show all caching set devices (part of fate#325346). - 4.1.64 - Partitioner: new option "Provide Crypt Passwords" (bsc#1113515). - 4.1.63 - Partitioner: allow to edit bcache devices (part of fate#325346). - 4.1.62 - Added help texts for guided setup (bsc#1121801) - 4.1.61 - AutoYaST: handle device_order for MD RAIDs during installation (bsc#1083542) - 4.1.60 - Force mocking arch to x86_64 for unit tests that depend on bcache (part of jsc#SLE-4329) - 4.1.59 - Limit bcache support to x86_64 arch (jsc#SLE-4329) - 4.1.58 - Guided Setup: improved the disk selection user interface to properly support scenarios with many disks (bsc#1123688). - 4.1.57 - AutoYaST: save device_order for MD RAIDs (bsc#1083542) - 4.1.56 ==== yast2-users ==== Version update (4.1.7 -> 4.1.8) - Fixed console warning produced by Users.pm module. (bsc#1121070) Fixed typo CRACKLIB_DICT_PATH in security setting. - 4.1.8 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org