Packages changed: audit (2.8.5 -> 3.0.2) audit-secondary (2.8.5 -> 3.0.2) dracut (053+suse.93.g039ac07d -> 055+suse.106.g760b0c69) haproxy (2.4.0+git0.6cbbecf09 -> 2.4.1+git0.1ce7d4925) helm (3.6.0 -> 3.6.1) less (586 -> 590) libconfig (1.7.2 -> 1.7.3) ncurses (6.2.20210515 -> 6.2.20210612) openssh patterns-base === Details === ==== audit ==== Version update (2.8.5 -> 3.0.2) Subpackages: libaudit1 libauparse0 - Adjust audit.spec and audit-secondary.spec to support new version - Include fix for libev * add libev-werror.patch - Update to version 3.0.2 - In audispd-statsd pluging, use struct sockaddr_storage (Ville Heikkinen) - Optionally interpret auid in auditctl -l - Update some syscall argument interpretations - In auditd, do not allow spaces in the hostname name format - Big documentation cleanup (MIZUTA Takeshi) - Update syscall table to the 5.12 kernel - Update the auparse normalizer for new event types - Fix compiler warnings in ids subsystem - Block a couple signals from flush & reconfigure threads - In auditd, don't wait on flush thread when exiting - Output error message if the path of input files are too long ausearch/report Included fixes from 3.0.1 - Update syscall table to the 5.11 kernel - Add new --eoe-timeout option to ausearch and aureport (Burn Alting) - Only enable periodic timers when listening on the network - Upgrade libev to 4.33 - Add auparse_new_buffer function to auparse library - Use the select libev backend unless aggregating events - Add sudoers to some base audit rules - Update the auparse normalizer for some new syscalls and event types Included fixes from 3.0 - Generate checkpoint file even when no results are returned (Burn Alting) - Fix log file creation when file logging is disabled entirely (Vlad Glagolev) - Convert auparse_test to run with python3 (Tomá? Chvátal) - Drop support for prelude - Adjust backlog_wait_time in rules to the kernel default (#1482848) - Remove ids key syntax checking of rules in auditctl - Use SIGCONT to dump auditd internal state (#1504251) - Fix parsing of virtual timestamp fields in ausearch_expression (#1515903) - Fix parsing of uid & success for ausearch - Add support for not equal operator in audit by executable (Ondrej Mosnacek) - Hide lru symbols in auparse - Add systemd process protections - Fix aureport summary time range reporting - Allow unlimited retries on startup for remote logging - Add queue_depth to remote logging stats and increase default queue_depth size - Fix segfault on shutdown - Merge auditd and audispd code - Close on execute init_pipe fd (#1587995) - Breakout audisp syslog plugin to be standalone program - Create a common internal library to reduce code - Move all audispd config files under /etc/audit/ - Move audispd.conf settings into auditd.conf - Add queue depth statistics to internal state dump report - Add network statistics to internal state dump report - SIGUSR now also restarts queue processing if its suspended - Update lookup tables for the 4.18 kernel - Add auparse_normalizer support for SOFTWARE_UPDATE event - Add 30-ospp-v42.rules to meet new Common Criteria requirements - Deprecate enable_krb and replace with transport config opt for remote logging - Mark netlabel events as simple events so that get processed quicker - When auditd is reconfiguring, only SIGHUP plugins with valid pid (#1614833) - In aureport, fix segfault in file report - Add auparse_normalizer support for labeled networking events - Fix memory leak in audisp-remote plugin when using krb5 transport. (#1622194) - In ausearch/auparse, event aging is off by a second - In ausearch/auparse, correct event ordering to process oldest first - Migrate auparse python test to python3 - auparse_reset was not clearing everything it should - Add support for AUDIT_MAC_CALIPSO_ADD, AUDIT_MAC_CALIPSO_DEL events - In ausearch/report, lightly parse selinux portion of USER_AVC events - Add bpf syscall command argument interpretation to auparse - In ausearch/report, limit record size when malformed - Port af_unix plugin to libev - In auditd, fix extract_type function for network originating events - In auditd, calculate right size and location for network originating events - Make legacy script wait for auditd to terminate (#1643567) - Treat all network originating events as VER2 so dispatcher doesn't format it - If an event has a node name make it VER2 so dispatcher doesnt format it - In audisp-remote do an initial connection attempt (#1625156) - In auditd, allow expression of space left as a percentage (#1650670) - On PPC64LE systems, only allow 64 bit rules (#1462178) - Make some parts of auditd state report optional based on config - Update to libev-4.25 - Fix ausearch when checkpointing a single file (Burn Alting) - Fix scripting in 31-privileged.rules wrt filecap (#1662516) - In ausearch, do not checkpt if stdin is input source - In libev, remove __cold__ attribute for functions to allow proper hardening - Add tests to configure.ac for openldap support - Make systemd support files use /run rather than /var/run (Christian Hesse) - Fix minor memory leak in auditd kerberos credentials code - Allow exclude and user filter by executable name (Ondrej Mosnacek) - Fix auditd regression where keep_logs is limited by rotate_logs 2 file test - In ausearch/report fix --end to use midnight time instead of now (#1671338) - Add substitue functions for strndupa & rawmemchr - Fix memleak in auparse caused by corrected event ordering - Fix legacy reload script to reload audit rules when daemon is reloaded - Support for unescaping in trusted messages (Dmitry Voronin) - In auditd, use standard template for DEAMON events (Richard Guy Briggs) - In aureport, fix segfault for malformed USER_CMD events - Add exe field to audit_log_user_command in libaudit - In auditctl support filter on socket address families (Richard Guy Briggs) - Deprecate support for Alpha & IA64 processors - If space_left_action is rotate, allow it every time (#1718444) - In auparse, drop standalone EOE events - Add milliseconds column for ausearch extra time csv format - Fix aureport first event reporting when no start given - In audisp-remote, add new config item for startup connection errors - Remove dependency on chkconfig - Install rules to /usr/share/audit/sample-rules/ - Split up ospp rules to make SCAP scanning easier (#1746018) - In audisp-syslog, support interpreting records (#1497279) - Audit USER events now sends msg as name value pair - Add support for AUDIT_BPF event - Auditd should not process AUDIT_REPLACE events - Update syscall tables to the 5.5 kernel - Improve personality interpretation by using PERS_MASK - Speedup ausearch/report parsing RAW logging format by caching uid/name lookup - Change auparse python bindings to shared object (Issue #121) - Add error messages for watch permissions - If audit rules file doesn't exist log error message instead of info message - Revise error message for unmatched options in auditctl - In audisp-remote, fixup remote endpoint disappearin in ascii format - Add backlog_wait_time_actual reporting / resetting to auditctl (Max Englander) - In auditctl, add support for sending a signal to auditd - Remove audit-fno-common.patch: fixed in upstream - Remove audit-python3.patch: fixed in upstream ==== audit-secondary ==== Version update (2.8.5 -> 3.0.2) Subpackages: audit python3-audit system-group-audit - Adjust audit.spec and audit-secondary.spec to support new version - Include fix for libev * add libev-werror.patch - Update to version 3.0.2 - In audispd-statsd pluging, use struct sockaddr_storage (Ville Heikkinen) - Optionally interpret auid in auditctl -l - Update some syscall argument interpretations - In auditd, do not allow spaces in the hostname name format - Big documentation cleanup (MIZUTA Takeshi) - Update syscall table to the 5.12 kernel - Update the auparse normalizer for new event types - Fix compiler warnings in ids subsystem - Block a couple signals from flush & reconfigure threads - In auditd, don't wait on flush thread when exiting - Output error message if the path of input files are too long ausearch/report Included fixes from 3.0.1 - Update syscall table to the 5.11 kernel - Add new --eoe-timeout option to ausearch and aureport (Burn Alting) - Only enable periodic timers when listening on the network - Upgrade libev to 4.33 - Add auparse_new_buffer function to auparse library - Use the select libev backend unless aggregating events - Add sudoers to some base audit rules - Update the auparse normalizer for some new syscalls and event types Included fixes from 3.0 - Generate checkpoint file even when no results are returned (Burn Alting) - Fix log file creation when file logging is disabled entirely (Vlad Glagolev) - Convert auparse_test to run with python3 (Tomá? Chvátal) - Drop support for prelude - Adjust backlog_wait_time in rules to the kernel default (#1482848) - Remove ids key syntax checking of rules in auditctl - Use SIGCONT to dump auditd internal state (#1504251) - Fix parsing of virtual timestamp fields in ausearch_expression (#1515903) - Fix parsing of uid & success for ausearch - Add support for not equal operator in audit by executable (Ondrej Mosnacek) - Hide lru symbols in auparse - Add systemd process protections - Fix aureport summary time range reporting - Allow unlimited retries on startup for remote logging - Add queue_depth to remote logging stats and increase default queue_depth size - Fix segfault on shutdown - Merge auditd and audispd code - Close on execute init_pipe fd (#1587995) - Breakout audisp syslog plugin to be standalone program - Create a common internal library to reduce code - Move all audispd config files under /etc/audit/ - Move audispd.conf settings into auditd.conf - Add queue depth statistics to internal state dump report - Add network statistics to internal state dump report - SIGUSR now also restarts queue processing if its suspended - Update lookup tables for the 4.18 kernel - Add auparse_normalizer support for SOFTWARE_UPDATE event - Add 30-ospp-v42.rules to meet new Common Criteria requirements - Deprecate enable_krb and replace with transport config opt for remote logging - Mark netlabel events as simple events so that get processed quicker - When auditd is reconfiguring, only SIGHUP plugins with valid pid (#1614833) - In aureport, fix segfault in file report - Add auparse_normalizer support for labeled networking events - Fix memory leak in audisp-remote plugin when using krb5 transport. (#1622194) - In ausearch/auparse, event aging is off by a second - In ausearch/auparse, correct event ordering to process oldest first - Migrate auparse python test to python3 - auparse_reset was not clearing everything it should - Add support for AUDIT_MAC_CALIPSO_ADD, AUDIT_MAC_CALIPSO_DEL events - In ausearch/report, lightly parse selinux portion of USER_AVC events - Add bpf syscall command argument interpretation to auparse - In ausearch/report, limit record size when malformed - Port af_unix plugin to libev - In auditd, fix extract_type function for network originating events - In auditd, calculate right size and location for network originating events - Make legacy script wait for auditd to terminate (#1643567) - Treat all network originating events as VER2 so dispatcher doesn't format it - If an event has a node name make it VER2 so dispatcher doesnt format it - In audisp-remote do an initial connection attempt (#1625156) - In auditd, allow expression of space left as a percentage (#1650670) - On PPC64LE systems, only allow 64 bit rules (#1462178) - Make some parts of auditd state report optional based on config - Update to libev-4.25 - Fix ausearch when checkpointing a single file (Burn Alting) - Fix scripting in 31-privileged.rules wrt filecap (#1662516) - In ausearch, do not checkpt if stdin is input source - In libev, remove __cold__ attribute for functions to allow proper hardening - Add tests to configure.ac for openldap support - Make systemd support files use /run rather than /var/run (Christian Hesse) - Fix minor memory leak in auditd kerberos credentials code - Allow exclude and user filter by executable name (Ondrej Mosnacek) - Fix auditd regression where keep_logs is limited by rotate_logs 2 file test - In ausearch/report fix --end to use midnight time instead of now (#1671338) - Add substitue functions for strndupa & rawmemchr - Fix memleak in auparse caused by corrected event ordering - Fix legacy reload script to reload audit rules when daemon is reloaded - Support for unescaping in trusted messages (Dmitry Voronin) - In auditd, use standard template for DEAMON events (Richard Guy Briggs) - In aureport, fix segfault for malformed USER_CMD events - Add exe field to audit_log_user_command in libaudit - In auditctl support filter on socket address families (Richard Guy Briggs) - Deprecate support for Alpha & IA64 processors - If space_left_action is rotate, allow it every time (#1718444) - In auparse, drop standalone EOE events - Add milliseconds column for ausearch extra time csv format - Fix aureport first event reporting when no start given - In audisp-remote, add new config item for startup connection errors - Remove dependency on chkconfig - Install rules to /usr/share/audit/sample-rules/ - Split up ospp rules to make SCAP scanning easier (#1746018) - In audisp-syslog, support interpreting records (#1497279) - Audit USER events now sends msg as name value pair - Add support for AUDIT_BPF event - Auditd should not process AUDIT_REPLACE events - Update syscall tables to the 5.5 kernel - Improve personality interpretation by using PERS_MASK - Speedup ausearch/report parsing RAW logging format by caching uid/name lookup - Change auparse python bindings to shared object (Issue #121) - Add error messages for watch permissions - If audit rules file doesn't exist log error message instead of info message - Revise error message for unmatched options in auditctl - In audisp-remote, fixup remote endpoint disappearin in ascii format - Add backlog_wait_time_actual reporting / resetting to auditctl (Max Englander) - In auditctl, add support for sending a signal to auditd - Removes audit-fno-common.patch: fixed in upstream - Removes audit-python3.patch: fixed in upstream ==== dracut ==== Version update (053+suse.93.g039ac07d -> 055+suse.106.g760b0c69) Subpackages: dracut-ima - Update to version 055+suse.106.g760b0c69: * chore(suse): add Conflicts for old suse-module-tools to specfile (bsc#1187115) - Update to version 055+suse.104.g9d45c1df: * feat(suse-initrd): add INITRD_MODULES from /etc/sysconfig/kernel, too * fix(suse-initrd): call dracut_instmods with hostonly= * fix(suse-initrd): use $kernel rather than $(uname -r) - Update to version 055+suse.100.ga2700279: * fix(suse-initrd): remove references to INITRD_MODULES (bsc#1187115) * chore(suse): erase conditional for usrmerge from specfile * chore(suse): fix specfile for usrmerge - Update to version 055+suse.97.gb98506b2: * docs: update NEWS.md and AUTHORS * fix(fs-lib): install fsck utilities * fix(integrity): require ALLOW_METADATA_WRITES to come from EVM config file * fix(install): configure logging earlier * fix(warpclock): minor cleanups * fix(dash): minor cleanups * fix(mksh): minor cleanups * feat(install): add default value for --firmwaredirs * fix(dracut-functions): get_maj_min without get_maj_min_cache_file set * fix(dracut): pipe hardlink output to `dinfo` * fix(install): sane default --kerneldir * fix(bash): minor cleanups * fix(squash): don't mount the mount points if already mounted * ci: add shfmt to Fedora containers * fix(base): add missing `str_replace` to `dracut-dev-lib.sh` * feat(dracut.sh): detect running in a container * fix(base): split out `dracut-dev-lib.sh` * fix(dracut-util): print error message with trailing newline * fix(packit): downstream has renamed the master branch to main - Update to version 054+suse.96.gb5aa64d2: * fix(suse-initrd) fix list of modprobe.d directories - Update to version 054+suse.95.gd5820102: * chore(suse) update spec Important change on mkinitrd: mkinitrd is now in its own subpackage "dracut-mkinit-deprecated", which requires dracut. If you need mkinitrd, require "mkinitrd". However note that in the long run, mkinit will go away. It is preferred to call dracut directly. - Update to version 054+suse.94.g1648453e: * chore(suse): re-add SUSE mkinitrd - Update to version 054+suse.93.gd393f006: With this release dracut has undergone a major overhaul. A lot of systemd related modules have been added. The integration test suite has finally ironed out the flaky behaviour due to the parallel device probing of the kernel, which bit sometimes in the non-kvm github CI. So, if you see any /dev/sda in a setup script with more than two hard drives, chances are, that the script works on the wrong disk. Same goes for network interfaces. This release is also fully shellcheck'ed with ShellCheck-0.7.2 and indented with shfmt and astyle. The dracut project builds test containers every day for: opensuse/tumbleweed-dnf:latest archlinux:latest fedora:rawhide fedora:latest fedora:33 These containers can easily be used to run the integration tests locally without root permissions via podman. We hope this serves as a blueprint for your distribution's CI process. More information can be found in docs/HACKING.md. Bug Fixes make testsuite pass on OpenSuse and Arch (8b2afb08) cope with distributions with /usr/etc files (3ad3b3a4) deprecate gummiboot (5c94cf41) set vimrc and emacs indention according to .editorconfig (9012f399) correctly handle kernel parameters (501d82f7) remove dracut.pc on make clean (d643156d) honor KVERSION environment in the Makefile (d8a454a5) always use mkdir -p (9cf7b1c5) dracut.sh: prevent symbolic links containing // (de0c0872) adding missing globalvars for udev (f35d479d) sysctl global variables (3ca9aa1d) add global vars for modules-load (ec4539c6) omission is an addition to other omissions in conf files (96c31333) harden dracut against GZIP environment variable (d8e47e20) add a missing tmpfilesconfdir global variable (8849dd8d) include modules.builtin.alias in the initramfs (7f633747) install all depmod relevant configuration files (50a01dd4) add modules.builtin.modinfo to the initramfs (87c4c178) search for btrfs devices from actual mount poiont (3fdc734a) dracut-functions.sh: implement a cache for get_maj_min (c3bb9d18) word splitting issue for sed in get_ucode_file (122657b2) dracut-logger.sh: double dash trigger unknown logger warnings during run (4fbccde5) dracut-install: handle $LIB in ldd output parsing (d1a36d3d) handle builtin modules (2536a9ea) base: suppress calls to getarg in build phase (6feaaabc) source hooks without exec (8059bcb2) wait_for_dev quote shell variables (b800edd6) adding crc32c for ext3 (61f45643) crypt: install all crypto modules in the generic initrd (10f9e569) include cryptsetups tmpfile (a4cc1964) crypt-gpg: cope with different scdaemon location (44fd1c13) dbus-broker: enable the service (df1e5f06) dbus-daemon: only error out in install() (ae4fbb3d) dracut-systemd: don't refuse root=tmpfs when systemd is used (a96900a8) examples: remove the examples directory and reference to it (b37c90c8) fips: add dh and ecdh ciphers (543b8014) remove old udev version requirements (be30d987) i18n: skip if data is missing (651fe01e) img-lib: ignored null byte in input (85eb9680) integrity: properly set up EVM when using an x509 cert (4bdd7eb2) iscsi: replace sed call with bash internals (66b920c6) add iscsid.service requirements (bb6770f1) only rely on socket activiation (0eb87d78) kernel-modules: optionally add /usr/lib/modules.d to initramfs (92e6a8f8) add watchdog drivers for generic initrd (3a60c036) mdraid: remove dependency statements (86b75634) memstrack: correct dependencies (c2ecc4d1) multipath: stop multipath before udev db cleanup (3c244c7c) revise multipathd-stop (7b8c78ff) nbd: assume nbd version >= 3.8 (6209edeb) remove old udev version requirements (fd15dbad) make nbd work again with systemd (77906443) network: use wicked unit instead of find_binary (57eefcf7) user variable for sdnetworkd instead of path (4982e16d) correct regression in iface_has_carrier (36af0518) network-legacy: add missing options to dhclient.conf (abfd547a) silence getargs (60a34d8b) network-manager: cope with distributions not using libexec (22d6863e) set timeout via command line option (8a51ee1f) run after dracut-cmdline (4d03404f) create /run directories (49b61496) use /run/NetworkManager/initrd/neednet in initqueue (6a37c6f6) only run NetworkManager if rd.neednet=1 (ac0e8f7d) nm-run.service: don't kill forked processes (1f21fac6) no default deps for nm-run.service (ba4bcf5f) nm-lib.sh does not require bash (3402142e) squash: post install should be the last step before stripping (8c8aecdc) systemd: include all nss libraries (b3bbf5fb) include hosts and nsswitch.conf in hostonly mode (5912f4fb) remove old systemd version requirements (fc53987b) systemd-hostnamed: extra quote (2aa65234) systemd-modules: remove dependency on systemd meta module (afef4557) systemd-modules-load: misc repairs (782ac8f1) systemd-networkd: make systemd-networkd a proper network provider (ea779750, closes #737) systemd-resolved: remove nss libraries (12bef83c) systemd-sysctl: sysctl global variables (02acedd0) systemd-sysusers: misc fixes and cleanup (7359ba8a) systemd-udev: use global vars instead of fixed path (fd883a58) systemd-udevd: add udev id program files (562cb77b) systemd-verity: incorrect reference to cryptsetup target (ba92d1fc) re-naming module to veritysetup (0267f3c3) tpm2-tss: add tpm2 requirement (8f99fada) udev-rules: remove sourcing of network link files (69f4e7cd) add btrfs udev rules by default (567c4557) url-lib: fix passing args (5f6be515) zipl: don't depend on grub2 (6b499ec1) Performance disable initrd compression when squash module is enabled (7c0bc0b2) Features support ZSTD-compressed kernel modules (ce9af251) also restore the initramfs from /lib/modules (33e27fab) extend Makefile indent target (e0a0fa61) customize .editorconfig according to shfmt (1f621aba) squash module follow --compress option (5d05ffbd) bluetooth: implement bluetooth support in initrd (64ee2a53) btrfs: add 64-btrfs-dm.rules rules (d4caa86a) mkinitrd: remove mkinitrd (43df4ee2) nbd: support ipv6 link local nbds (b12f8188) network-manager: run as daemon with D-Bus (112f03f9) qemu: include the virtio_mem kernel module (f3dcb606) skipcpio: speed up and harden skipcpio (63033495) squash: use busybox for early setup if available (90f269f6) install and depmod modules seperately (5a18b24a) systemd-ac-power: introducing the systemd-ac-power module (e7407230) systemd-hostnamed: introducing the systemd-hostnamed module (bf273e3e) systemd-initrd: add initrd-usr-fs.target (5eb73610) systemd-journald: introducing the systemd-journald module (3697891b) systemd-ldconfig: introducing the systemd-ldconfig module (563c434e) systemd-network-management: introducing systemd-network-management module (e942d86c) systemd-resolved: introducing the systemd-resolved module (b7d3caef) systemd-rfkill: introducing the systemd-rfkill module (21536544) systemd-sysext: introducing the systemd-sysext module (fc88af54) systemd-timedated: introducing the systemd-timedated module (1c41cc90) systemd-timesyncd: introducing the systemd-timesyncd module (2257d545) systemd-tmpfiles: introducing the systemd-tmpfiles module (2b61be32) systemd-udevd: introducing the systemd-udevd module (3534789c) systemd-verity: introducing the systemd-verity module (3d4dea58) tpm2-tss: introducing the tpm2-tss module (8743b073) ==== haproxy ==== Version update (2.4.0+git0.6cbbecf09 -> 2.4.1+git0.1ce7d4925) - Update to version 2.4.1+git0.1ce7d4925: * [RELEASE] Released version 2.4.1 * BUG/MINOR: mux-h2/traces: bring back the lost "sent H2 REQ/RES" traces * BUG/MINOR: mux-h2/traces: bring back the lost "rcvd H2 REQ" trace * MINOR: mux-h2: obey http-ignore-probes during the preface * BUG/MINOR: stats: make "show stat typed desc" work again * CLEANUP: mux-h2/traces: better align user messages * MINOR: mux-h2/trace: report a few connection-level info during h2_init() * MINOR: connection: add helper conn_append_debug_info() * BUG/MINOR: server: explicitly set "none" init-addr for dynamic servers * BUG/MINOR: mux-h1: do not skip the error response on bad requests * MINOR: backend: only skip LB when there are actual connections * BUG/MAJOR: queue: set SF_ASSIGNED when setting strm->target on dequeue * CLEANUP: global: remove unused definition of stopping_task[] * BUG/MINOR: mworker: fix typo in chroot error message * BUG/MINOR: ssl: use atomic ops to update global shctx stats * BUG/MEDIUM: shctx: use at least thread-based locking on USE_PRIVATE_CACHE * BUG/MEDIUM: server: do not auto insert a dynamic server in px addr_node * BUG/MINOR: server: do not keep an invalid dynamic server in px ids tree * BUG/MEDIUM: server: do not forget to generate the dynamic servers ids * BUG/MEDIUM: server: clear dynamic srv on delete from proxy id/name trees * BUG/MEDIUM: server: extend thread-isolate over much of CLI 'add server' * BUG/MINOR: stick-table: insert srv in used_name tree even with fixed id * DOC: lua: Add a warning about buffers modification in HTTP * BUG/MAJOR: resolvers: segfault using server template without SRV RECORDs * MEDIUM: resolvers: add a ref between servers and srv request or used SRV record * MEDIUM: resolvers: add a ref on server to the used A/AAAA answer item * BUG/MINOR: resolvers: answser item list was randomly purged or errors * CLEANUP: l7-retries: do not test the buffer before calling b_alloc() * BUG/MINOR: mux-fcgi: Expose SERVER_SOFTWARE parameter by default * BUG/MAJOR: htx: Fix htx_defrag() when an HTX block is expanded * CLEANUP: pools: remove now unused seq and pool_free_list * BUG/MAJOR: pools: fix possible race with free() in the lockless variant * MEDIUM: pools: use a single pool_gc() function for locked and lockless * MINOR: pools: call malloc_trim() under thread isolation * MINOR: pools: do not maintain the lock during pool_flush() * BUG/MINOR: pools: make DEBUG_UAF always write to the to-be-freed location * BUG/MINOR: pools: fix a possible memory leak in the lockless pool_flush() * BUG/MEDIUM: compression: Add a flag to know the filter is still processing data * BUG/MEDIUM: compression: Properly get the next block to iterate on payload * BUG/MEDIUM: compression: Fix loop skipping unused blocks to get the next block * BUG/MEDIUM: opentracing: initialization before establishing daemon and/or chroot mode * Revert "BUG/MINOR: opentracing: initialization after establishing daemon mode" * BUG/MINOR: ssl: OCSP stapling does not work if expire too far in the future * BUILD: make tune.ssl.keylog available again * DOC: use the req.ssl_sni in examples * MINOR: errors: allow empty va_args for diag variadic macro * BUG/MAJOR: stream-int: Release SI endpoint on server side ASAP on retry * DOC/MINOR: move uuid in the configuration to the right alphabetical order * BUG/MINOR: vars: Be sure to have a session to get checks variables * CLEANUP: http-ana: Remove useless if statement about L7 retries * BUG/MINOR: proxy: Missing calloc return value check in chash_init_server_tree * BUG/MINOR: http: Missing calloc return value check in make_arg_list * BUG/MINOR: http: Missing calloc return value check while parsing redirect rule * BUG/MINOR: worker: Missing calloc return value check in mworker_env_to_proc_list * BUG/MINOR: compression: Missing calloc return value check in comp_append_type/algo * BUG/MINOR: http: Missing calloc return value check while parsing tcp-request rule * BUG/MINOR: http: Missing calloc return value check while parsing tcp-request/tcp-response * BUG/MINOR: proxy: Missing calloc return value check in proxy_defproxy_cpy * BUG/MINOR: proxy: Missing calloc return value check in proxy_parse_declare * BUG/MINOR: http: Missing calloc return value check in parse_http_req_capture * BUG/MINOR: ssl: Missing calloc return value check in ssl_init_single_engine * BUG/MINOR: peers: Missing calloc return value check in peers_register_table * BUG/MINOR: server: Missing calloc return value check in srv_parse_source * DOC: intro: Fix typo in starter guide * MINOR: cfgparse: Fail when encountering extra arguments in macro * MINOR: http-ana: Perform L7 retries because of status codes in response analyser * BUG/MINOR: http-ana: Handle L7 retries on refused early data before K/A aborts * BUG/MINOR: http-ana: Send the right error if max retries is reached on L7 retry * Revert "MEDIUM: http-ana: Deal with L7 retries in HTTP analysers" * BUG/MINOR: http-comp: Preserve HTTP_MSGF_COMPRESSIONG flag on the response * BUG/MEDIUM: filters: Exec pre/post analysers only one time per filter * BUILD/MINOR: opentracing: fixed build when using clang * BUG/MAJOR: server: prevent deadlock when using 'set maxconn server' * BUG/MEDIUM: ebtree: Invalid read when looking for dup entry ==== helm ==== Version update (3.6.0 -> 3.6.1) - Update to version 3.6.1: * tweak basic handling ==== less ==== Version update (586 -> 590) - update to 590: * Make less able to read lesskey source files (deprecating lesskey). * If XDG_CONFIG_HOME is set, find lesskey source file in $XDG_CONFIG_HOME/lesskey rather than $HOME/.lesskey. * If XDG_DATA_HOME is set, find and store history file in $XDG_DATA_HOME/lesshst rather than $HOME/.lesshst. * Add the --lesskey-src option. * Add the --file-size option. * With -F, if screen is resized to make file fit on one screen, don't exit. - Remove --with-pic (no static libs are ever produced). ==== libconfig ==== Version update (1.7.2 -> 1.7.3) - Update to release 1.7.3 * Fixed a heap corruption bug in config_clear() * Added a Setting::isString() method * Renamed all remaining internal methods that lacked a "libconfig_" prefix. ==== ncurses ==== Version update (6.2.20210515 -> 6.2.20210612) Subpackages: libncurses6 ncurses-utils terminfo-base - Add ncurses patch 20210612 + fixes for scan-build, valgrind build/testing. + update config.guess - Add ncurses patch 20210605 + add a summary of ncurses-specific preprocessor symbols to curses.h (prompted by discussion with Peter Farley, Bill Gray). - Add ncurses patch 20210522 + regenerate configure scripts with autoconf 2.52.20210509 to eliminate an unnecessary warning in config.log (report by Miroslav Lichvar). + add a note in manual page to explain ungetch vs unget_wch (prompted by discussion with Peter Farley). + add sp-funcs for erasewchar, killwchar. + modify wgetnstr, wgetn_wstr to improve compatibility with SVr4 curses in its treatment of interrupt and quit characters (prompted by report/testcase by Bill Gray) + update config.guess, config.sub - Correct offset in patch ncurses-6.2.dif ==== openssh ==== Subpackages: openssh-clients openssh-common openssh-server - Don't move user-modified ssh_config and sshd_config files to .rpmsave on upgrade. - Use pam_motd to unify motd message output [bsc#1185897] (openssh-8.4p1-pam_motd.patch) ==== patterns-base ==== Subpackages: patterns-base-apparmor patterns-base-bootloader patterns-base-minimal_base - Favor libz1 when in doubt and asked for libz.so.1. - Make the fips pattern supersede "patterns-server-enterprise-fips", take missing pieces and obsolete it - Add pattern to install necessary packages for FIPS (bsc#1183154) - Run pre_checkin.sh - Fix build for SLE