Packages changed: acl audit-secondary busybox (1.32.1 -> 1.33.0) busybox-links (1.32.1 -> 1.33.0) dracut (051+suse.84.gc6bd70b8 -> 051+suse.85.g04886430) elfutils filesystem gawk grub2 hostname iputils (s20200821 -> 20210202) kured (1.5.1 -> 1.6.1) libcap (2.46 -> 2.47) libgcrypt (1.8.7 -> 1.9.1) lvm2 lvm2-device-mapper lzo ncurses (6.2.20210116 -> 6.2.20210130) net-tools (2.0+git20180626.aebd88e -> 2.10) procps systemd (246.9 -> 246.10) toolbox (2.0+git20210125.50611db -> 2.1+git20210203.a669e3a) update-alternatives util-linux util-linux-systemd === Details === ==== acl ==== - Replace system-user-{bin,daemon} with user({bin,daemon}): be resilient to package name changes. ==== audit-secondary ==== Subpackages: audit python3-audit - Do not explicitly provide group(audit) in system-users-audit: this is automatically handled by rpm/providers. - Create new "audit" group for read access to logs (bsc#1178154) * add change-default-log_group.patch * update audit-secondary.spec ==== busybox ==== Version update (1.32.1 -> 1.33.0) - Update to version 1.33.0 - many bug fixes and new features - update_passwd_selinux_fix.patch upstream compile fix for SELinux ==== busybox-links ==== Version update (1.32.1 -> 1.33.0) Subpackages: busybox-coreutils busybox-gawk busybox-grep busybox-gzip busybox-sed - Add zmore and zless ==== dracut ==== Version update (051+suse.84.gc6bd70b8 -> 051+suse.85.g04886430) Subpackages: dracut-ima - Update to version 051+suse.85.g04886430: * prepare usrmerge (boo#1029961) ==== elfutils ==== Subpackages: libasm1 libdw1 libelf1 - Enable LTO (boo#1138796) for elfutils.spec. ==== filesystem ==== - add /usr/etc/skel/.cache with perm 0700 (boo#1181011) - Set correct permissions when creating /proc and /sys ==== gawk ==== - fix update-alternatives usage. Needs to be in %postun according to https://en.opensuse.org/openSUSE:Packaging_Multiple_Version_guidelines#update-alternatives_mechanism - prepare usrmerge (boo#1029961) - remove use of obsolete %install_info ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-x86_64-efi - Complete Secure Boot support on aarch64 (jsc#SLE-15020) * 0001-Add-support-for-Linux-EFI-stub-loading-on-aarch64.patch * 0002-arm64-make-sure-fdt-has-address-cells-and-size-cells.patch * 0003-Make-grub_error-more-verbose.patch * 0004-arm-arm64-loader-Better-memory-allocation-and-error-.patch * 0005-Make-linux_arm_kernel_header.hdr_offset-be-at-the-ri.patch * 0006-efi-Set-image-base-address-before-jumping-to-the-PE-.patch * 0007-linuxefi-fail-kernel-validation-without-shim-protoco.patch * 0008-squash-Add-support-for-Linux-EFI-stub-loading-on-aar.patch * 0009-squash-Add-support-for-linuxefi.patch - Fix rpmlint 2.0 error for having arch specific path in noarch package aiming for compatibility with old package (bsc#1179044) * grub2.spec - Fix non POSIX sed argument which failed in sed from busybox (bsc#1181091) * grub2-check-default.sh ==== hostname ==== - prepare usrmerge (boo#1029961) ==== iputils ==== Version update (s20200821 -> 20210202) - Update to version 20210202 https://github.com/iputils/iputils/releases/tag/20210202 - Version scheme change: dropped leading 's', update that change ==== kured ==== Version update (1.5.1 -> 1.6.1) - Update to version 1.6.1: - add additional parameters to override the drain/reboot slack messages - rename message template parameters so they are not related to slack - Improve coordinated reboot output - Add more logs into gates - Added support for time wrap in timewindow.Contains ==== libcap ==== Version update (2.46 -> 2.47) - update to 2.47: * Restructured gowns to default to uid base of getuid(). * Augment NOPRIV libcap mode with the sticky NO_NEW_PRIVS prctl bit. * Improve the usage and diagnostic message for setcap * Documentation fixes, license declarations, example updates ==== libgcrypt ==== Version update (1.8.7 -> 1.9.1) - Update to 1.9.1 * *Fix exploitable bug* in hash functions introduced with 1.9.0. [bsc#1181632, CVE-2021-3345] * Return an error if a negative MPI is used with sexp scan functions. * Check for operational FIPS in the random and KDF functions. * Fix compile error on ARMv7 with NEON disabled. * Fix self-test in KDF module. * Improve assembler checks for better LTO support. * Fix 32-bit cross build on x86. * Fix non-NEON ARM assembly implementation for SHA512. * Fix build problems with the cipher_bulk_ops_t typedef. * Fix Ed25519 private key handling for preceding ZEROs. * Fix overflow in modular inverse implementation. * Fix register access for AVX/AVX2 implementations of Blake2. * Add optimized cipher and hash functions for s390x/zSeries. * Use hardware bit counting functionx when available. * Update DSA functions to match FIPS 186-3. * New self-tests for CMACs and KDFs. * Add bulk cipher functions for OFB and GCM modes. - Update libgpg-error required version - Use the suffix variable correctly in get_hmac_path() - Rebase libgcrypt-fips_selftest_trigger_file.patch - Add the global config file /etc/gcrypt/random.conf * This file can be used to globally change parameters of the random generator with the options: only-urandom and disable-jent. - Update to 1.9.0: New stable branch of Libgcrypt with full API and ABI compatibility to the 1.8 series. Release-info: https://dev.gnupg.org/T4294 * New and extended interfaces: - New curves Ed448, X448, and SM2. - New cipher mode EAX. - New cipher algo SM4. - New hash algo SM3. - New hash algo variants SHA512/224 and SHA512/256. - New MAC algos for Blake-2 algorithms, the new SHA512 variants, SM3, SM4 and for a GOST variant. - New convenience function gcry_mpi_get_ui. - gcry_sexp_extract_param understands new format specifiers to directly store to integers and strings. - New function gcry_ecc_mul_point and curve constants for Curve448 and Curve25519. - New function gcry_ecc_get_algo_keylen. - New control code GCRYCTL_AUTO_EXPAND_SECMEM to allow growing the secure memory area. * Performance optimizations and bug fixes: See Release-info. * Other features: - Add OIDs from RFC-8410 as aliases for Ed25519 and Curve25519. - Add mitigation against ECC timing attack CVE-2019-13627. - Internal cleanup of the ECC implementation. - Support reading EC point in compressed format for some curves. - Rebase patches: * libgcrypt-1.4.1-rijndael_no_strict_aliasing.patch * libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff * libgcrypt-1.6.1-use-fipscheck.patch * drbg_test.patch * libgcrypt-fipsdrv-enable-algo-for-dsa-sign.patch * libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch * libgcrypt-1.8.4-fips-keygen.patch * libgcrypt-1.8.4-getrandom.patch * libgcrypt-fix-tests-fipsmode.patch * libgcrypt-global_init-constructor.patch * libgcrypt-ecc-ecdsa-no-blinding.patch * libgcrypt-PCT-RSA.patch * libgcrypt-PCT-ECC.patch - Remove patches: * libgcrypt-unresolved-dladdr.patch * libgcrypt-CVE-2019-12904-GCM-Prefetch.patch * libgcrypt-CVE-2019-12904-GCM.patch * libgcrypt-CVE-2019-12904-AES.patch * libgcrypt-CMAC-AES-TDES-selftest.patch * libgcrypt-1.6.1-fips-cfgrandom.patch * libgcrypt-fips_rsa_no_enforced_mode.patch ==== lvm2 ==== Subpackages: liblvm2cmd2_03 - lvm2 should use 'external_device_info_source="udev"' by default (bsc#1179691) - add SUSE special patch to void issues in non udev env + bug-1179691_config-set-external_device_info_source-none.patch ==== lvm2-device-mapper ==== Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03 - lvm2 should use 'external_device_info_source="udev"' by default (bsc#1179691) - add SUSE special patch to void issues in non udev env + bug-1179691_config-set-external_device_info_source-none.patch ==== lzo ==== - add lzo-2.08-rhbz1309225.patch to avoid aliasing issues ==== ncurses ==== Version update (6.2.20210116 -> 6.2.20210130) Subpackages: libncurses6 ncurses-utils terminfo-base - Add ncurses patch 20210130 + correct an off-by-one in comparison in waddch_literal() which caused scrolling when a double-cell character would not fit at the lower right corner of the screen (report by Benno Schulenberg). + split-out att610+cvis, vt220+cvis, vt220+cvis8 -TD + add vt220-base, for terminal emulators which generally have not supported att610's blinking cursor control -TD + use vt220+cvis in vt220, etc -TD + use att610+cvis, xterm+tmux and ansi+enq in kitty -TD + use vt220+cvis in st, terminology, termite since they ignore blinking-cursor detail in att610+cvis -TD - Port patch ncurses-6.2.dif * Skip cvvis entries where vt220+cvis is used * Skip function keys in rxvt-basic as rxvt+pcfkeys and use=vt220+keypadcw is used - Add ncurses patch 20210123 + modify package/config scripts to provide an explicit -L option for cases when the loader search path has other directories preceding the one in which ncurses is installed (report by Yuri Victorovich). + minor build-fixes in configure script and makefiles to work around quirks of pmake. ==== net-tools ==== Version update (2.0+git20180626.aebd88e -> 2.10) - update to 2.10: * man: pt_BR: ifconfig: fix procmisc option typo * netstat: exit non-zero when sctp protocols are not supported * man: route: add single route del example * ifconfig: accept "pointtopoint" as an alias to "pointopoint" * man: netstat: fill out Timers section * man: ethers: remove funky comment blocks * man: standardize SEE ALSO across all pages & translations * netstat: fix iface truncation with -i * ifconfig: fix exabyte statistic handling * man: ipmaddr/iptunnel: new stub man pages * man: route: use standard .BR for SEE ALSO * netstat: fix iface truncation with -g * po: rename et_EE to et * README/INSTALL: refresh for the modern times * THANKS: add a few more people from `git-log` * netstat: Set SCTP report compliant with -l/--listening option. * Describe "hyphen" program in man page. * man: cleanup ipfw & ipchains refs * ipv6: fix memmove usage with overlapping memory * build: drop support for backing up programs * netstat: add ROSE print support * remove ancient "register" markings * hostname: constify a few string arguments * hostname: add fallback errno decoding on failure * de.po: fix typo "Processe" -> "Prozesse" * route: Fix a missing space in the ipv6 route output * util: drop new() helper * proc: constify filename arg * nameif: add printf attributes to helper funcs * nameif: mark local vars/funcs as static * nameif: fix memory corruption and increase maximum MAC address length * inet_gr: tweak formatting to avoid confusing the compiler * ipmaddr: use safe_strncpy for ifr_name * ifconfig: fix confusing error message logic * ifconfig: add name subcommand to rename an interface * statistics: Fix ipFragOKs and ipFragFails verbiage * statistics: fix packets typo * fix minor mistakes in Czech translation - drop 0003-Add-support-for-EiB-in-interface.c.patch 0005-Add-support-for-interface-rename-in-nameif.patch: upstream - net-tools-configure.patch: refresh ==== procps ==== Subpackages: libprocps8 - Package translations in procps-lang. ==== systemd ==== Version update (246.9 -> 246.10) Subpackages: libsystemd0 libudev1 systemd-logger systemd-sysvinit udev - systemd-sysv-convert: handle the case when services are migrated from SysV scripts to systemd units and are renamed at the same time (bsc#1181788) The list of such services is hard coded and contains only the 'ntp->ntpd' translation. - Import commit 134cf1c8bc3e361a2641161aa11ac2b5b990480b (merge of v246.10) 25f220eafb sysusers: flush nscd's caches whenever /etc/{passwd,group} are modified (bsc#1181121) 4a543f0257 journal: send journald logs to kmsg again 26df96473f busctl: add a timestamp to the output of the busctl monitor command (bsc#1180225) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/520e53b6d85087b05892ee637ae93f1b269e7e52...134cf1c8bc3e361a2641161aa11ac2b5b990480b - prepare usrmerge (boo#1029961) * don't install legacy symlinks to / * use %_pamdir to install pam modules * leave nss files in /usr/lib*, glibc loads them from there just fine independent of usrmerge ==== toolbox ==== Version update (2.0+git20210125.50611db -> 2.1+git20210203.a669e3a) - Update to version 2.1+git20210203.a669e3a: * Fix formatting * Enhance alternate UI docu * Ignore podman runlabel error if no RUN label exist * Enhance documentation * Check existence of volume directories (#15) ==== update-alternatives ==== - don't remove slave links that turned into master. Happens on usrmerge (boo#1180939, update-alternatives-slavetomaster.patch) ==== util-linux ==== Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1 - Merge package with SLE15 SP3 and openSUSE Leap 15.3: Obsoletes upstreamed patches: - libblkid: Do not trigger CDROM autoclose (v2.35, bsc#1084671, util-linux-libblkid-cdrom-autoclose-1.patch, util-linux-libblkid-cdrom-autoclose-2.patch, util-linux-libblkid-cdrom-autoclose-3.patch). - lscpu: avoid segfault on PowerPC systems with valid hardware configurations (v2.36.1, bsc#1175623, bsc#1178554, bsc#1178825, lscpu-avoid-segfault-on-PowerPC-systems-with-valid-h.patch) - Fix for SG#57988, bsc#1174942 (v2.36): libmount-fix-mount-a-EBUSY-for-cifs.patch: Fix warning on mounts to CIFS with mount ?a. - blockdev: Do not fail --report on kpartx-style partitions on multipath (v2.36, bsc#1168235, util-linux-blockdev-report-dm.patch). - nologin: Add support for -c to prevent error from su -c (v2.35, bsc#1151708, util-linux-nologin-su-c.patch). - Add libmount-Avoid-triggering-autofs-in-lookup_umount_fs.patch: Avoid triggering autofs in lookup_umount_fs_by_statfs (v2.36 boo#1168389) - mount: fall back to device node name if /dev/mapper link not found (v2.34, bsc#1149911) * Add patch: util-linux-canonicalize-coverity-scan.patch - De-duplicate fstrim -A properly (v2.34, bsc#1127701, util-linux-fstrim-A-1.patch, util-linux-fstrim-A-3.patch, util-linux-fstrim-A-4.patch). - Do not trim read-only volumes (v2.34, boo#1106214, util-linux-fstrim-A-2.patch, util-linux-fstrim-A-4.patch). - libmount: To prevent incorrect behavior, recognize more pseudofs and netfs (v2.34, bsc#1122417, util-linux-libmount-pseudofs.patch). - agetty: Return previous response of agetty for special characters (v2.34, bsc#1085196, bsc#1125886, util-linux-agetty-smart-reload-13.patch, util-linux-agetty-smart-reload-14.patch). - Fix problems in reading of login.defs values (v2.34, bsc#1121197, util-linux-login_defs-priority1.patch, util-linux-login_defs-priority2.patch, util-linux-login_defs-SYS_UID.patch). - Build with libudev support to support non-root users (boo#1169006). - Move findmnt and lsblk to util-linux-systemd, as they use libudev (bsc#1169006#c10). ==== util-linux-systemd ==== - Merge package with SLE15 SP3 and openSUSE Leap 15.3: Obsoletes upstreamed patches: - libblkid: Do not trigger CDROM autoclose (v2.35, bsc#1084671, util-linux-libblkid-cdrom-autoclose-1.patch, util-linux-libblkid-cdrom-autoclose-2.patch, util-linux-libblkid-cdrom-autoclose-3.patch). - lscpu: avoid segfault on PowerPC systems with valid hardware configurations (v2.36.1, bsc#1175623, bsc#1178554, bsc#1178825, lscpu-avoid-segfault-on-PowerPC-systems-with-valid-h.patch) - Fix for SG#57988, bsc#1174942 (v2.36): libmount-fix-mount-a-EBUSY-for-cifs.patch: Fix warning on mounts to CIFS with mount ?a. - blockdev: Do not fail --report on kpartx-style partitions on multipath (v2.36, bsc#1168235, util-linux-blockdev-report-dm.patch). - nologin: Add support for -c to prevent error from su -c (v2.35, bsc#1151708, util-linux-nologin-su-c.patch). - Add libmount-Avoid-triggering-autofs-in-lookup_umount_fs.patch: Avoid triggering autofs in lookup_umount_fs_by_statfs (v2.36 boo#1168389) - mount: fall back to device node name if /dev/mapper link not found (v2.34, bsc#1149911) * Add patch: util-linux-canonicalize-coverity-scan.patch - De-duplicate fstrim -A properly (v2.34, bsc#1127701, util-linux-fstrim-A-1.patch, util-linux-fstrim-A-3.patch, util-linux-fstrim-A-4.patch). - Do not trim read-only volumes (v2.34, boo#1106214, util-linux-fstrim-A-2.patch, util-linux-fstrim-A-4.patch). - libmount: To prevent incorrect behavior, recognize more pseudofs and netfs (v2.34, bsc#1122417, util-linux-libmount-pseudofs.patch). - agetty: Return previous response of agetty for special characters (v2.34, bsc#1085196, bsc#1125886, util-linux-agetty-smart-reload-13.patch, util-linux-agetty-smart-reload-14.patch). - Fix problems in reading of login.defs values (v2.34, bsc#1121197, util-linux-login_defs-priority1.patch, util-linux-login_defs-priority2.patch, util-linux-login_defs-SYS_UID.patch). - Build with libudev support to support non-root users (boo#1169006). - Move findmnt and lsblk to util-linux-systemd, as they use libudev (bsc#1169006#c10).