Packages changed: autofs (5.1.7 -> 5.1.8) avahi btrfsprogs chrony dracut (055+suse.179.g3cf989c2 -> 055+suse.194.gdd41932a) fftw3 file-roller (3.40.0 -> 3.40.0+51) flatpak (1.12.3 -> 1.12.4) folks (0.15.3 -> 0.15.4) glusterfs gnome-photos gnutls (3.7.2 -> 3.7.3) gvfs inkscape kbd libblockdev libcontainers-common libjansson (2.13.1 -> 2.14) libnettle libpwquality libspf2 (1.2.10 -> 1.2.11) libvirt (7.10.0 -> 8.0.0) ncurses (6.3.20220101 -> 6.3.20220115) perl-JSON (4.04 -> 4.05) perl-Net-SSLeay (1.90 -> 1.92) python-aiobotocore (1.3.3 -> 2.1.0) python-libvirt-python (7.10.0 -> 8.0.0) python-pyftpdlib selinux-policy systemd (249.7 -> 249.9) wicked xdg-desktop-portal (1.10.1 -> 1.12.1) xdg-desktop-portal-gtk (1.10.0 -> 1.12.0) yast2-firstboot (4.4.6 -> 4.4.7) yast2-packager (4.4.19 -> 4.4.20) yast2-ruby-bindings (4.4.6 -> 4.4.7) === Details === ==== autofs ==== Version update (5.1.7 -> 5.1.8) - update to 5.1.8: * add xdr_exports(). * remove mount.x and rpcgen dependencies. * dont use realloc in host exports list processing. * use sprintf() when constructing hosts mapent. * fix mnts_remove_amdmount() uses wrong list. * Fix option for master read wait. * eliminate cache_lookup_offset() usage. * fix is mounted check on non existent path. * simplify cache_get_parent(). * set offset parent in update_offset_entry(). * remove redundant variables from mount_autofs_offset(). * remove unused parameter form do_mount_autofs_offset(). * refactor umount_multi_triggers(). * eliminate clean_stale_multi_triggers(). * simplify mount_subtree() mount check. * fix mnts_get_expire_list() expire list construction. * fix inconsistent locking in umount_subtree_mounts(). * fix return from umount_subtree_mounts() on offset list delete. * pass mapent_cache to update_offset_entry(). * fix inconsistent locking in parse_mount(). * remove unused mount offset list lock functions. * eliminate count_mounts() from expire_proc_indirect(). * eliminate some strlen calls in offset handling. * don't add offset mounts to mounted mounts table. * reduce umount EBUSY check delay. * cleanup cache_delete() a little. * rename path to m_offset in update_offset_entry(). * don't pass root to do_mount_autofs_offset(). * rename tree implementation functions. * add some multi-mount macros. * remove unused functions cache_dump_multi() and cache_dump_cache(). * add a len field to struct autofs_point. * make tree implementation data independent. * add mapent tree implementation. * add tree_mapent_add_node(). * add tree_mapent_delete_offsets(). * add tree_mapent_traverse_subtree(). * fix mount_fullpath(). * add tree_mapent_cleanup_offsets(). * add set_offset_tree_catatonic(). * add mount and umount offsets functions. * switch to use tree implementation for offsets. * remove obsolete functions. * remove redundant local var from sun_mount(). * use mount_fullpath() in one spot in parse_mount(). * pass root length to mount_fullpath(). * remove unused function master_submount_list_empty(). * move amd mounts removal into lib/mounts.c. * check for offset with no mount location. * remove mounts_mutex. * remove unused variable from get_exports(). * add missing free in handle_mounts(). * remove redundant if check. * fix possible memory leak in master_parse(). * fix possible memory leak in mnts_add_amdmount(). * fix double unlock in parse_mount(). * add length check in umount_subtree_mounts(). * fix flags check in umount_multi(). * dont try umount after stat() ENOENT fail. * remove redundant assignment in master_add_amd_mount_section_mounts(). * fix dead code in mnts_add_mount(). * fix arg not used in error print. * fix missing lock release in mount_subtree(). * fix double free in parse_mapent(). * refactor lookup_prune_one_cache() a bit. * cater for empty mounts list in mnts_get_expire_list(). * add ext_mount_hash_mutex lock helpers. * fix amd section mounts map reload. * fix dandling symlink creation if nis support is not available. * dont use AUTOFS_DEV_IOCTL_CLOSEMOUNT. * fix lookup_prune_one_cache() refactoring change. * fix amd hosts mount expire. * fix offset entries order. * use mapent tree root for tree_mapent_add_node(). * eliminate redundant cache lookup in tree_mapent_add_node(). * fix hosts map offset order. * fix direct mount deadlock. * add missing description of null map option. * fix nonstrict offset mount fail handling. * fix concat_options() error handling. * eliminate some more alloca usage. * use default stack size for threads. * fix use of possibly NULL var in lookup_program.c:match_key(). * fix incorrect print format specifiers in get_pkt(). * add mapent path length check in handle_packet_expire_direct(). * add copy length check in umount_autofs_indirect(). * add some buffer length checks to master map parser. * add buffer length check to rmdir_path(). * eliminate buffer usage from handle_mounts_cleanup(). * add buffer length checks to autofs mount_mount(). * make NFS version check flags consistent. * refactor get_nfs_info(). - drop autofs-5.1.7-Fix-option-for-master_read_wait.patch, autofs-5.1.7-use-default-stack-size-for-threads.patch: upstream ==== avahi ==== Subpackages: avahi-lang libavahi-client3 libavahi-client3-32bit libavahi-common3 libavahi-common3-32bit libavahi-core7 - Reinstate avahi-0.6.31-systemd-order.patch (boo#1194561). This can probably go away if/when gh#lathiat/avahi#118 is fixed. - Drop avahi-0.6.32-suppress-resolv-conf-warning.patch: we should no longer need this given the above patch. - Add several patches from git: 0001-man-fix-reference-to-avahi-autoipd.action-8-in-avahi.patch 0005-avahi-dnsconfd.service-Drop-Also-avahi-daemon.socket.patch 0006-man-add-missing-bshell.1-symlink.patch 0007-Ship-avahi-discover-1-bssh-1-and-bvnc-1-also-for-GTK.patch 0009-fix-bytestring-decoding-for-proper-display.patch 0010-avahi_dns_packet_consume_uint32-fix-potential-undefi.patch - Build manpages with xmltoman. Currently needed for bssh. - Minor spec file clean-up. - Require python-rpm-macros for all builds (boo#1194744 boo#1194745). ==== btrfsprogs ==== Subpackages: btrfsprogs-udev-rules libbtrfs0 - add python-rpm-macros (bsc#1194748) - spec: also provide btrfs-progs as it's common package name in other distros - spec: clean up conditionals for < 12 versions - spec: let SLE12 build again (conditional dependency of libreiserfscore) - Removed patches: sles11-defaults.h (no SLE11 compatibility anymore) - Added patches: btrfs-progs-kerncompat-add-local-definition-for-alig.patch (fix build on SLE12/SLE15) - Update to 5.16 * rescue: new subcommand clear-uuid-tree to fix failed mount due to bad uuid subvolume keys, caught by tree-checker * fi du: skip inaccessible files * prop: properly resolve to symlink targets * send, receive: fix crash after parent subvolume lookup errors * build: * fix build on 5.12+ kernels due to changes in linux/kernel.h * fix build on musl with old kernel headers * other: * error handling fixes, cleanups, refactoring * extent tree v2 preparatory work * lots of RST documentation updates (last release with asciidoc sources), https://btrfs.readthedocs.io - Update to 5.15.1 * fi usage: fix wrongly reported space of used or unallocated space * fix detection of block device discard capability * check: add more sanity checks for checksum items * build: make sphinx optional backend for documentation - Update to 5.15 * mkfs: new defaults! * no-holes * free-space-tree * DUP for metadata unconditionally * libbtrfsutil: add missing profile defines * libbtrfs: minimize its impact on the other code, refactor and separate implementation where needed, cleanup afterwards, reduced header exports * documentation: introduce sphinx build and RST versions of manual pages, will become the new format and replace asciidoc * fixes: warning regarding v1 space cache when only v2 (free space tree) is enabled - Update to 5.14.1 * fixes * zoned mode * properly detect non-zoned devices in emulation mode * properly create quota tree * raid1c3/4 also excluded from unsupported profiles * use sysfs-based detection of device discard capability, fix mkfs-time trim for non-standard devices * mkfs: fix creation of populated filesystem with free space tree * detect multipath devices (needs libudev) * replace start: add option -K/--nodiscard, similar to what mkfs or device add has * dump-tree: print complete root_item * mkfs: add option --verbose * sb-mod: better help, no checksum calculation on read-only actions * subvol show: * print more information (regarding send and receive) * print warning if read-write subvolume has received_uuid set * property set: * add parameter -f to force changes * changing ro->rw switch now needs -f if subvolume has received_uuid set, (see documentation) * build: optional libudev (on by default) * other * remove deprecated support for CREATE_ASYNC bit for subvolume ioctl * CI updates * new and updated tests - Update patch: mkfs-default-features.patch (add stub define for new defaults) - Update to 5.14.1 * fixes: * defrag: fix parsing of compression (option -c) * add workaround for old kernels when reading zone sizes * let only check and restore open the fs with transid failures, namely preventing btrfstune to do so * convert: --uuid copy does not fail on duplicate uuids - Update to 5.14 * convert: * new option --uuid to copy, generate or set a given uuid * improve output * mkfs: * allow to create degenerate raid0 (on 1 device) and raid10 (on 2 devices) * image: * improved error messages * fix some alignment of restored image * subvol delete: allow to delete by id when path is not resolvable * check: * require alignment of nodesize for 64k page systems * detect and fix invalid block groups * libbtrfs (deprecated): * remove most exported symbols, leave only a few that are used by snapper * no version change (still 0.1) * remove btrfs-list.h, btrfsck.h * fixes: * reset generation of space v1 if v2 is used * fi us: don't wrongly report missing device size when partition is not readable * other: * build: experimental features * build: better detection of 64bit timestamp support for ext4 * corrupt-block: block group items * new and updated tests * refactoring * experimental features: * new image dump format, with data - Update to 5.13.1 * build: fix build on musl libc due to missing definition of NAME_MAX * check: * batch more work into one transaction when clearing v1 free space inodes * detect directoris with wrong number of links * libbtrfsutil: fix race between subvolume iterator and deletion * mkfs: be more specific about supported profiles for zoned device * other: * documentation updates - Update to 5.13 * restore: remove loop checks for extent count and directory scan * inspect dump-tree: new options to print node (--csum-headers) and data checksums (--csum-items) * fi usage: * print stripe count for striped profiles * print zoned information: size, total unusable * mkfs: print note about sha256 accelerated module loading issue * check: ability to reset dev_item::bytes_used * fixes * detect zoned kernel support at run time too * exclusive op running check return value * fi resize: support cancel (kernel 5.14) * device remove: support cancel (kernel 5.14) * documentation about general topics * compression * zoned mode * storage model * hardware considerations * other * libbtrfsutil API overview * help text fixes and updates * hash speedtest measure time, cycles using perf and print throughput - Add --disable-zoned for leap - revert previous change, unintentionally disables zstd on tumbleweed - Fix build for leap * --disable-zstd if leap < 42.3 * --disable-zoned for leap - Update to 5.12.1 * build: fix missing symbols in libbtrfs * mkfs: check for minimal number of zones * check: fix warning about cache generation when free space tree is enabled * fix superblock write in zoned mode on 16K pages - Update to 5.12 * libbtrfsutil: relicensed to LGPL v2.1+ * mkfs: zoned mode support (kernel 5.12+) * fi df: show zone_unusable per profile type in zoned mode * fi usage: show total amount of zone_unusable * fi resize: fix message for exact size * image: fix warning and enlarge output file if necessary * core * refactor chunk allocator for more modes * implement zoned mode support: allocation and writes, sb log * crypto/hash refactoring and cleanups * refactoring and cleanups * other * test updates * CI updates * travis-ci integration disabled * docker images updated, more coverage * incomplete build support for Android removed * doc updates * chattr mode m for 'NOCOMPRESS" * swapfile used from fstab * how to add a new export to libbtrfsutil * update status of mount options since 5.9 - Update to 5.11.1 * properly format checksums when a mismatch is reported * check: fix false alert on tree block crossing 64K page boundary * convert: * refuse to convert filesystem with 'needs_recovery' * update documentation to require fsck before conversion * balance convert: fix raid56 warning when converting other profiles * fi resize: improved summary * other * build: fix checks and autoconf defines * fix symlink paths for CI support scripts * updated tests - Update to 5.11 * fix device path canonicalization for device mapper devices * receive: remove workaround for setting capabilities, all stable kernels have been patched * receive: fix duplicate mount path detection * rescue: new subcommand create-control-device * device stats: minor fix for plain text format output * build: detect if e2fsprogs support 64bit timestamps * build: drop libmount, required functionality has been reimplemented * mkfs: warn when raid56 is used * balance convert: warn when raid56 is used * other * new and updated tests * documentation updates * seeding device * raid56 status * CI updates * docker images for various distros - Update to 5.10.1 * static build works again * other: * add a way to test static binaries with the testsuite * clarify scrub docs * update dependencies, minimum version for libmount is 2.24, this may change in the future - Update to 5.10 * scrub status: * print percentage of progress * add size unit options * fi usage: also print free space from statfs * convert: copy full 64 bit timestamp from ext4 if availalble * check: * add ability to repair extent item generation * new option to remove leftovers from inode number cache (-o inode_cache) * check for already running exclusive operation (balance, device add/...) when starting one * preliminary json output support for 'device stats' * fixes: * subvolume set-default: id 0 correctly falls back to toplevel * receive: align internal buffer to allow fast CRC calculation * logical-resolve: distinguish -o subvol and bind mounts * build: new dependency libmount * other * doc fixes and updates * new tests * ci on gitlab temporarily disabled * debugging output enhancements - prepare usrmerge (boo#1029961) - Update to 5.9: * mkfs: * switch default to single profile for multi-device filesystem, up to now it was raid0 that may not be simple to convert to some other profile as raid0 needs a workspace on all device for that * new option -R for run-time options (eg. mount time enabled), now understands free-space-tree * subvolume delete: * refuse to delete the default subvolume (kernel will not allow that but the error reason is not obvious) * warn on EPERM, eg. if send is on progress on the subvolume * convert: * fix 32bit overflows on large filesystems * improved error handling and error messages * check free space taking fragmentation into account * check: * detect and repair wrong inode generation * minor improvement in error reporting on roots * libbtrfsutils: follow main package versioning (5.9) * add pkg-config file definitions * python-btrfsutil: follow main package versioning (5.9) * inspect tree-stats: print node counts for each level, fanout * other: * docs: * remove obsolete mount options (alloc_start, subvolrootid) * deleting default subvolume is not permitted * updated or fixed tests * .editorconfig updates * move files to kernel-shared/ * CI: * updated to use zstd 1.4.5 * fix reiserfs build * more builds with asan, ubsan * sb-mod updates * build: * print .so versions of libraries in configure summary - Update to 5.7: * mkfs: * new option to enable features otherwise enabled at runtime, now implemented for quotas, 'mkfs.btrfs -R quota' * fix space accounting for small image, DUP and --rootdir * option -A removed * check: detect ranges with overlapping csum items * fi usage: report correct numbers when plain RAID56 profiles are used * convert: ensure the data chunks size never exceed device size * libbtrfsutil: update documentation regarding subvolume deletion * build: support libkcapi as implementation backend for cryptographic primitives * core: global options for verbosity (-v, -q), subcommands -v or -q are aliases and will continue to work but are considered deprecated, current command output is preserved to keep scripts working * other: * build warning fixes * btrfs-debugfs ported to python 3 - Update to 5.6.1: * print warning when multiple block group profiles exist, update 'fi usage' summary, add docs to maual page explaining the situation * build: optional support for libgcrypt or libsodium, providing hash implementations * updated docs - Fix content of _dracutmodulesdir variable: this definitively does not belong to libexecdir. - Update to 5.6: * inspect logical-resolve: support LOGICAL_INO_V2 as new option '-o', helps advanced dedupe tools * inspect: user larger buffer (64K) for results * subvol delete: support deletion by id (requires kernel 5.7+) * dump-tree: new option --hide-names, replace any names (file, directory, subvolume, xattr) in the output with stubs * various fixes - Update to 5.4.1 * build: fix docbook5 build * check: do extra verification of extent items, inode items and chunks * qgroup: return ENOTCONN if quotas not running (needs updated kernel) * other: various test fixups - BuildRequire pkgconfig(udev) instead of udev: Allow OBS to shortcut through the -mini flavor. - Use pkg-config --modversion udev to identify the current udev version. This is more portable and supports the -mini flavors. - Update to 5.4 * support new hash algorithms (kernel 5.5): * mkfs.btrfs and btrfs-convert with --csum, crc32c, xxhash, sha256, blake2 * mkfs: support new raid1c3 and raid1c4 block group profiles (kernel 5.5) * check: * --repair delays start with a warning, can be skipped using --force * enhanced detetion of inode types from partial data, more options for repair * receive: fix quiet option * image: speed up chunk loading * fi usage: * sort devices by id * print ratio of used/total per block group type * rescue zero-log: reset the log pointers directly, avoid reading some other potentially damaged structures * new make target install-static to install only static binaries/libraries * other * docs updates * new tests * cleanups and refactoring - Update to 5.3.1: * libbtrfs: fix link breakage due to missing symbols - Updaet to 5.3: * mkfs: * new option to specify checksum algorithm (only crc32c) * fix xattr enumeration * dump-tree: BFS (breadth-first) traversal now default * libbtrfsutil: remove stale BTRFS_DEV_REPLACE_ITEM_STATE_x defines * ci: add support for gitlab * other: * preparatory work for more checksum algorithms * docs update * switch to docbook5 backend for asciidoc * fix build on uClibc due to missing backtrace() * lots of printf format fixups - Enable build of python-bindings for libbtrfsutil - Update to 5.2.2: * check: * fix false report of wrong byte count for orphan inodes * option -E was not handled correctly * new check and repair for root item generation * balance: check for full-balance before background fork * mkfs: check that total device size does not overflow 16EiB * dump-tree: print DEV_STATS key type * other: * new and updated tests * doc fixups and updates - update to 5.2.1 * scrub status: fix ETA calculation after resume * check: fix crash when using -Q * restore: fix symlink owner restoration * mkfs: fix regression with mixed block groups * core: fix commit to process all delayed refs * other: * minor cleanups * test updates - update to 5.2 * subvol show: print qgroup information when available * scrub: * status: show ETA, revamp the whole output * fix reading/writing of last position on resume/cancel, potentially skipping part of the filesystem on next resume * dump-tree: add new option --noscan to use only devices given on the commandline * all-in-one binary (busybox style) with mkfs.btrfs, btrfs-image, btrfs-convert, btrfstune * image: fix hang when there are more than 32 cpus online and compression is requested * convert: fix some false ENOSPC errors when --rootdir is used * build: fix gcc9 warnings * core changes * command handling cleanups * dead code removal * cmds-* files moved to cmds/ * other shared userspace files moved to common/ * utils.c split into more files * preparatory work for more output formats * libbtrfsutil: fix unaligned access * other * new and updated tests * fix tests so CI passes again * sb-mod can modify more superblock items - update to version 5.1 * repair: flush/FUA support to avoid breaking metadata COW * file extents repair no longer relies on data in extent tree * lowmem: fix false error reports about gaps between extents * add inode mode check and repair for various objects * add check for invalid combination of nocow/compressed extents * device scan option to forget scanned devices [new] * mkfs: use same chunk size as kernel for initial creation * dev-repace: better report when other exclusive operation runs * help for sntax errors on command lines, print relevant msgs * defrag: able to open files in RO mode * dump-tree: --block can be specified multiple times - update to version 4.20.2 * dump-super: minor output fixup * revert fix for prefix detection of receive path, this is temporary and unbreaks existing user setups - Use correct path for dracut-fsck-help.txt in module-setup.sh (bsc#1122539) * Remove module-setup.sh * Add module-setup.sh.in - Advise user of fs recovery options when we fail to mount (fate#320443, bsc#1122539) * Add dracut-fsck-help.txt * Add module-setup.sh - update to version 4.20.1 * libbtrfs: fix build of external tools due to missing symbols * ci: enable library test - update to version 4.20 * new feature: metadata uuid * lightweight change of UUID without rewriting all metadata (incompatible change) * done by btrfstune -m/-M, needs kernel support, 5.0+ * image: * fix block groups when restoring from multi-device image * only enlarge result image if it's a regular file * check * more device extent checks and fixes * can repair dir item with mismatched hash * mkfs: uuid tree created with proper contents * fix mount point detection due to partial prefix match * other: * new tests, build fixes, doc updates * libbtrfsutil: fix tests if kernel lacks support for new subvolume ioctls - partial cleanup with spec-cleaner - drop 0001-btrfs-progs-Add-support-for-metadata_uuid-field.patch - drop 0002-btrfs-progs-btrfstune-Add-support-for-changing-the-u.patch - drop 0003-btrfs-progs-Remove-fsid-metdata_uuid-fields-from-fs_.patch - drop 0004-btrfs-progs-Remove-btrfs_fs_info-new_fsid.patch - drop 0005-btrfs-progs-Directly-pass-root-to-change_devices_uui.patch - Use %license instead of %doc [bsc#1082318] - Implement fate#325871 * Added 0001-btrfs-progs-Add-support-for-metadata_uuid-field.patch * Added 0002-btrfs-progs-btrfstune-Add-support-for-changing-the-u.patch * Added 0003-btrfs-progs-Remove-fsid-metdata_uuid-fields-from-fs_.patch * Added 0004-btrfs-progs-Remove-btrfs_fs_info-new_fsid.patch * Added 0005-btrfs-progs-Directly-pass-root-to-change_devices_uui.patch - update to version 4.19.1 * check * many lowmem mode improvements * properly report qgroup mismatch errors * check symlinks with append/immutable flags * fi usage * correctly calculate allocated/unallocated for raid10 * minor output updates * mkfs * detect ENOSPC on thinly provisioned devices * fix spurious EEXIST during directory traversal * restore: fix relative path for restore target * dump-tree: print symbolic tree names for backrefs * send: fix regression preventing send -p with subvolumes mounted on "/" * corrupt-tree: refactoring and command line updates * build * make it work with e2fsprogs < 1.42 again * restore support for autoconf 2.63 * detect if -std=gnu90 is supported * other * new tests * cleanups - update to version 4.19 * check: support repair of fs with free-space-tree feature * core: * port delayed ref infrastructure from kernel * support write to free space tree * dump-tree: new options for BFS and DFS enumeration of b-trees * quota: rescan is now done automatically after 'assign' * btrfstune: incomplete fix to uuid change * subvol: fix 255 char limit checks * completion: complete block devices and now regular files too * docs: * ship uncompressed manual pages * btrfsck uses a manual page link instead of symlink * other * improved error handling * docs * new tests - update to version 4.17.1 * check: * add ability to fix wrong ram_bytes for compressed inline files * beautify progress output * btrfstune: allow to continue uuid change after unclean interruption * several fuzz fixes: * detect overalpping chunks * chunk loading error handling * don't crash with unexpected root refs to extents * relax option parsing again to allow mixing options and non-options arguments * fix qgroup rescan status reporting * build: * drop obsolete dir-test * new configure option to disable building of tools * add compatibility options --disable-static and --disable-shared * other: * cleanups and preparatory work * new test images - spec cleanup - update to version 4.17 * check * many lowmem mode improvements * properly report qgroup mismatch errors * check symlinks with append/immutable flags * fi usage * correctly calculate allocated/unallocated for raid10 * minor output updates * mkfs * detect ENOSPC on thinly provisioned devices * fix spurious EEXIST during directory traversal * restore: fix relative path for restore target * dump-tree: print symbolic tree names for backrefs * send: fix regression preventing send -p with subvolumes mounted on "/" * corrupt-tree: refactoring and command line updates * build * make it work with e2fsprogs < 1.42 again * restore support for autoconf 2.63 * detect if -std=gnu90 is supported - Removed patches (upstreamed): * 0001-btrfs-progs-convert-fix-support-for-e2fsprogs-1.42.patch * 0002-btrfs-progs-build-autoconf-2.63-compatibility.patch * 0003-btrfs-progs-build-detect-whether-std-gnu90-is-suppor.patch - Don't require libzstd-devel-static on builds that don't use it. - fix installation of btrfs.5.gz - Fix building on SLE11: * btrfs-progs: convert: fix support for e2fsprogs < 1.42 * btrfs-progs: build: detect whether -std=gnu90 is supported * btrfs-progs: build: autoconf 2.63 compatibility * Fixed mismerged addition of libbtrfsutil1 package description - Added patches: * 0001-btrfs-progs-convert-fix-support-for-e2fsprogs-1.42.patch * 0002-btrfs-progs-build-autoconf-2.63-compatibility.patch * 0003-btrfs-progs-build-detect-whether-std-gnu90-is-suppor.patch - update to version 4.16.1 * remove obsolete tools: btrfs-debug-tree, btrfs-zero-log, btrfs-show-super, btrfs-calc-size * sb-mod: new debugging tool to edit superblock items * mkfs: detect if thin-provisioned device does not have enough space * check: don't try to verify checksums on metadata dump images * build: fail documentation build if xmlto is not found * build: fix build of btrfs.static - Remove patch: 0001-btrfs-progs-build-fix-static-build.patch (upstream) - Update initrd script - update to version 4.16 * libbtrfsutil - new LGPL library to wrap userspace functionality * several 'btrfs' commands converted to use it: * properties * filesystem sync * subvolume set-default/get-default/delete/show/sync * python bindings, tests * build * use configured pkg-config path * CI: add python, musl/clang, built dependencies caching * convert: build fix for e2fsprogs 1.44+ * don't install library links with wrong permissions * fixes * prevent incorrect use of subvol_strip_mountpoint * dump-super: don't verify csum for unknown type * convert: fix inline extent creation condition * check: * lowmem: fix false alert for 'data extent backref lost for snapshot' * lowmem: fix false alert for orphan inode * lowmem: fix false alert for shared prealloc extents * mkfs: * add UUID and otime to root of FS_TREE - with the uuid, snapshots will be now linked to the toplevel subvol by the parent UUID * don't follow symlinks when calculating size * pre-create the UUID tree * fix --rootdir with selinux enabled * dump-tree: add option to print only children nodes of a given block * image: handle missing device for RAID1 * other * new tests * test script cleanups (quoting, helpers) * tool to edit superblocks * updated docs - Add patch: 0001-btrfs-progs-build-fix-static-build.patch - Add new library packages: libbtrfsutil - use documentation shipped by upstream tar, reduce dependencies - enable static build again, zstd now has static version - update to version 4.15 * mkfs --rootdir reworked, does not minimize the final image but can be still done using a new option --shrink * fix allocation of system chunk, don't allocate from the reserved area * other * new and updated tests * cleanups, refactoring * doc updates - spec: fix distro version condition - update to version 4.14.1 * dump-tree: print times of root items * check: fix several lowmem mode bugs * convert: fix rollback after balance * other * new and updated tests, enabled lowmem mode in CI * docs updates * fix travis CI build * build fixes * cleanups - update to version 4.14 * build: libzstd now required by default * check: more lowmem mode repair enhancements * subvol set-default: also accept path * prop set: compression accepts no/none, same as "" * filesystem usage: enable for filesystem on top of a seed device * rescue: new command fix-device-size * other * new tests * cleanups and refactoring * doc updates - Removed patches: - rollback-regression-fix.patch - upstreamed - spec: disable static build, missing libzstd-devel-static - spec: disable zstd support for non-Tumbleweed distros ==== chrony ==== Subpackages: chrony-pool-openSUSE - boo#1194206: Use /run instead of /var/run throughout. - bsc#1194229: Fix pool package dependencies, so that SLE actually prefers chrony-pool-suse over chrony-pool-empty. ==== dracut ==== Version update (055+suse.179.g3cf989c2 -> 055+suse.194.gdd41932a) Subpackages: dracut-mkinitrd-deprecated - Update to version 055+suse.194.gdd41932a: * fix(network-legacy): add wicked as an alternative to arping (bsc#1193670) * fix(network): add wicked as an alternative to arping (bsc#1193670) - Update to version 055+suse.191.g67eb4ea8: * fix(dracut-initramfs-restore.sh): add test for SUSE initrd name (bsc#1194570) * fix(dracut.spec): require util-linux-systemd (bsc#1194162) * fix(network-wicked): multiple path corrections * fix(drm): add privacy screen modules to the initrd (bsc#1193590) * fix(dracut.spec): update usrmerged mkinitrd dir * fix(url-lib): improve ca-bundle detection (bsc#1175892) ==== fftw3 ==== Subpackages: libfftw3-3 libfftw3_threads3 - Don't install half-baked cmake files (bsc#1194728): the files are incomplete and useless with the build using auto-tools ==== file-roller ==== Version update (3.40.0 -> 3.40.0+51) Subpackages: file-roller-lang - Update to version 3.40.0+51: + Updated translations. - Switch to git checkout via source service as upstream is not doing releases. We want the updated translations. - Replace p7zip-full with 7zip following packaging changes of 7zip. ==== flatpak ==== Version update (1.12.3 -> 1.12.4) Subpackages: libflatpak0 system-user-flatpak - Update to 1.12.4: + reverting non-backwards-compatible behaviour changes in the solution previously chosen for CVE-2022-21682 (boo#1194611) Fix will be in flatpak-builder 1.2.2. + Clarify documentation of --nofilesystem + Improve unit test coverage around --filesystem and - -nofilesystem + Restore compatibility with older appstream-glib versions, fixing a regression in 1.12.3 ==== folks ==== Version update (0.15.3 -> 0.15.4) Subpackages: folks-data folks-lang libfolks-eds26 libfolks26 - Update to version 0.15.4: + Bugs fixed: - Fix docs build against newer eds version. - Fix build against newer eds version. - Remove volatile keyword from tests. ==== glusterfs ==== Subpackages: libgfapi0 libgfrpc0 libgfxdr0 libglusterfs0 - add python-rpm-macros as dependency, fix build on on Leap 15.x ==== gnome-photos ==== Subpackages: gnome-photos-lang gnome-shell-search-provider-gnome-photos - Add gnome-photos-fix-vert-align.patch: Fix vertical alignment. (glgo#GNOME/gnome-photos!172). - Add upstream bug fix patches from the stable branch: + 5cafad57982fbef0d02b7ecb0b1a2c9f221de391.patch: indexing-notification: Remove unused variable. + 1d22aac8fd7433cd1319fb2ffea0a1e294609f64.patch: indexing-notification: Handle TrackerMiner proxy being NULL on start-up. - Update our Supplements to current standard. ==== gnutls ==== Version update (3.7.2 -> 3.7.3) Subpackages: libgnutls-dane0 libgnutls30 libgnutls30-32bit libgnutls30-hmac - Update to 3.7.3: [bsc#1190698, bsc#1190796] * libgnutls: The allowlisting configuration mode has been added to the system-wide settings. In this mode, all the algorithms are initially marked as insecure or disabled, while the applications can re-enable them either through the [overrides] section of the configuration file or the new API (#1172). * The build infrastructure no longer depends on GNU AutoGen for generating command-line option handling, template file parsing in certtool, and documentation generation (#773, #774). This change also removes run-time or bundled dependency on the libopts library, and requires Python 3.6 or later to regenerate the distribution tarball. Note that this brings in known backward incompatibility in command-line tools, such as long options are now case sensitive, while previously they were treated in a case insensitive manner: for example --RSA is no longer a valid option of certtool. The existing scripts using GnuTLS tools may need adjustment for this change. * libgnutls: The tpm2-tss-engine compatible private blobs can be loaded and used as a gnutls_privkey_t (#594). The code was originally written for the OpenConnect VPN project by David Woodhouse. To generate such blobs, use the tpm2tss-genkey tool from tpm2-tss-engine: https://github.com/tpm2-software/tpm2-tss-engine/#rsa-operations or the tpm2_encodeobject tool from unreleased tpm2-tools. * libgnutls: The library now transparently enables Linux KTLS (kernel TLS) when the feature is compiled in with --enable-ktls configuration option (#1113). If the KTLS initialization fails it automatically falls back to the user space implementation. * certtool: The certtool command can now read the Certificate Transparency (RFC 6962) SCT extension (#232). New API functions are also provided to access and manipulate the extension values. * certtool: The certtool command can now generate, manipulate, and evaluate x25519 and x448 public keys, private keys, and certificates. * libgnutls: Disabling a hashing algorithm through "insecure-hash" configuration directive now also disables TLS ciphersuites that use it as a PRF algorithm. * libgnutls: PKCS#12 files are now created with modern algorithms by default (!1499). Previously certtool used PKCS12-3DES-SHA1 for key derivation and HMAC-SHA1 as an integity measure in PKCS#12. Now it uses AES-128-CBC with PBKDF2 and SHA-256 for both key derivation and MAC algorithms, and the default PBKDF2 iteration count has been increased to 600000. * libgnutls: PKCS#12 keys derived using GOST algorithm now uses HMAC_GOSTR3411_2012_512 instead of HMAC_GOSTR3411_2012_256 for integrity, to conform with the latest TC-26 requirements (#1225). * libgnutls: The library now provides a means to report the status of approved cryptographic operations (!1465). To adhere to the FIPS140-3 IG 2.4.C., this complements the existing mechanism to prohibit the use of unapproved algorithms by making the library unusable state. * gnutls-cli: The gnutls-cli command now provides a --list-config option to print the library configuration (!1508). * libgnutls: Fixed possible race condition in gnutls_x509_trust_list_verify_crt2 when a single trust list object is shared among multiple threads (#1277). [GNUTLS-SA-2022-01-17, CVSS: low] * API and ABI modifications: GNUTLS_PRIVKEY_FLAG_RSA_PSS_FIXED_SALT_LENGTH: new flag in gnutls_privkey_flags_t GNUTLS_VERIFY_RSA_PSS_FIXED_SALT_LENGTH: new flag in gnutls_certificate_verify_flags gnutls_ecc_curve_set_enabled: Added. gnutls_sign_set_secure: Added. gnutls_sign_set_secure_for_certs: Added. gnutls_digest_set_secure: Added. gnutls_protocol_set_enabled: Added. gnutls_fips140_context_init: New function gnutls_fips140_context_deinit: New function gnutls_fips140_push_context: New function gnutls_fips140_pop_context: New function gnutls_fips140_get_operation_state: New function gnutls_fips140_operation_state_t: New enum gnutls_transport_is_ktls_enabled: New function gnutls_get_library_configuration: New function * Remove patches fixed in the update: - gnutls-FIPS-module-version.patch - gnutls-FIPS-service-indicator.patch - gnutls-FIPS-service-indicator-public-key.patch - gnutls-FIPS-service-indicator-symmetric-key.patch - gnutls-FIPS-RSA-PSS-flags.patch - gnutls-FIPS-RSA-mod-sizes.patch - FIPS: Fix regression tests in fips and non-fips mode [bsc#1194468] * Remove patches: - gnutls-temporarily_disable_broken_guile_reauth_test.patch - disable-psk-file-test.patch - FIPS: Provide module identifier and version [bsc#1190796] * Add configurable options to output the module name/identifier (--with-fips140-module-name) and the module version (--with-fips140-module-version). * Add the CLI option list-config that reports the configuration of the library. * Add gnutls-FIPS-module-version.patch - FIPS: Provide a service-level indicator [bsc#1190698] * Add support for a "service indicator" as required in the FIPS140-3 Implementation Guidance in section 2.4.C * Add patches: - gnutls-FIPS-service-indicator.patch - gnutls-FIPS-service-indicator-public-key.patch - gnutls-FIPS-service-indicator-symmetric-key.patch - gnutls-FIPS-RSA-PSS-flags.patch - FIPS: RSA KeyGen/SigGen fail with 4096 bit key sizes [bsc#1192008] * fips: allow more RSA modulus sizes * Add gnutls-FIPS-RSA-mod-sizes.patch * Delete gnutls-3.6.7-fips-rsa-4096.patch ==== gvfs ==== Subpackages: gvfs-backend-afc gvfs-backend-samba gvfs-backends gvfs-fuse gvfs-lang - Modernize and fix our Supplements. - Package org.gtk.vfs.file-operations.rules polkit rules file as an example in docs, previously it was just nuked. ==== inkscape ==== Subpackages: inkscape-extensions-extra inkscape-extensions-gimp inkscape-lang - Fixed export to DXF14 (boo#1189514). Added missing dxf14_*.txt files. - Removed redundant excludes ==== kbd ==== Subpackages: kbd-legacy - Add patch to fix random doubling of font sizes (bsc#1194698): * 0001-libkfont-Initialize-kfont_context-options.patch ==== libblockdev ==== Subpackages: libbd_btrfs2 libbd_crypto2 libbd_fs2 libbd_loop2 libbd_lvm2 libbd_mdraid2 libbd_part2 libbd_swap2 libbd_utils2 libblockdev2 - Remove unnecessary dependency of libbd_part2 on multipath-tools (bsc#1194771) ==== libcontainers-common ==== - Switch registries.conf to v2 format ==== libjansson ==== Version update (2.13.1 -> 2.14) Subpackages: libjansson4 libjansson4-32bit - Update to 2.14: * New Features: + Add `json_object_getn`, `json_object_setn`, `json_object_deln`, and the corresponding `nocheck` functions. * Fixes: + Handle `sprintf` corner cases. * Build: + Symbol versioning for all exported symbols (gh#akheron/jansson#523). + Fix compiler warnings. * Documentation: + Small fixes. + Sphinx 3 compatibility (gh#akheron/jansson#530). - Use GitHub as source URLs: Release hasn't been uploaded to digip.org. - Cleanup with spec-cleaner. - Add check section. ==== libnettle ==== Subpackages: libhogweed6 libhogweed6-32bit libnettle8 libnettle8-32bit - Provide s390x CPACF/SHA/AES Support for Crypto Libraries * Add libnettle-s390x-CPACF-SHA-AES-support.patch [jsc#SLE-20733] ==== libpwquality ==== Subpackages: libpwquality-lang libpwquality1 libpwquality1-32bit pam_pwquality pam_pwquality-32bit - Add python-rpm-macros to BuildRequires (boo#1194757). ==== libspf2 ==== Version update (1.2.10 -> 1.2.11) - update to 1.2.11 - no changelog available, bugfixes - Drop 0001-spf_compile.c-Correct-size-of-ds_avail.patch - Remove comment change from libspf2-1.2.10-libreplace.patch ==== libvirt ==== Version update (7.10.0 -> 8.0.0) Subpackages: libvirt-client libvirt-daemon libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-lxc libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lxc libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs - sysconfig files have not been distributed for many months. Add upstream patches that improve documentation and moves service default settings to the associated systemd service file. 3be5ba11-libvirt-guests-install.patch, 16172741-libvirt-guests-manpage.patch, 8eb44616-remove-sysconfig-files.patch - Update to libvirt 8.0.0 - CVE-2021-4147 - bsc#1191511 - jsc#SLE-11435, jsc#SLE-18354 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html#v8-0-0-2022-01-14 - Dropped patches: 23b51d7b-libxl-disable-death-event.patch, a4e6fba0-libxl-rename-threadinfo-struct.patch, e4f7589a-libxl-shutdown-thread-name.patch, b9a5faea-libxl-handle-death-thread.patch, 5c5df531-libxl-search-domid-in-thread.patch, a7a03324-libxl-protect-logger-access.patch, cbae4eaa-libxl-add-domainGetMessages.patch ==== ncurses ==== Version update (6.3.20220101 -> 6.3.20220115) Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen - Fix boo#1194805 by skipping linker optimizations from final pkgconfig files as well as ncurses-config - Add ncurses patch 20220115 + improve checks for valid mouse events when an intermediate mouse state is not part of the mousemask specified by the caller (report by Anton Vidovic, cf: 20111022). + use newer version 1.36 of gnathtml for generating Ada html files. ==== perl-JSON ==== Version update (4.04 -> 4.05) - updated to 4.05 see /usr/share/doc/packages/perl-JSON/Changes 4.05 2022-01-14 - removed VERSION section in pod (GH#52, abraxxa++) ==== perl-Net-SSLeay ==== Version update (1.90 -> 1.92) - updated to 1.92 see /usr/share/doc/packages/perl-Net-SSLeay/Changes 1.92 2022-01-12 - New stable release incorporating all changes from developer releases 1.91_01 to 1.91_03. - Summary of major changes since version 1.90: - Net::SSLeay now supports stable releases of OpenSSL 3.0. - OpenSSL 3.0.0 introduces the concept of "providers", which contain cryptographic algorithm implementations. Many outdated, deprecated and/or insecure algorithms have been moved to the "legacy" provider, which may need to be loaded explicitly in order to use them with Net::SSLeay. See "Low level API: OSSL_LIB_CTX and OSSL_PROVIDER related functions" in the Net::SSLeay module documentation for details. - Net::SSLeay's built-in PEM_get_string_PrivateKey() function depends on algorithms that have moved to the legacy provider described above; if OpenSSL has been compiled without the legacy provider, the tests t/local/33_x509_create_cert.t and t/local/63_ec_key_generate_key.t will fail when the test suite is run. - TLS 1.1 and below may only be used at security level 0 as of OpenSSL 3.0.0; if a minimum required security level is imposed (e.g. in an OpenSSL configuration file managed by the operating system), the tests t/local/44_sess.t and t/local/45_exporter.t will fail when the test suite is run. - Net::SSLeay now supports stable releases of LibreSSL from the 3.2 - 3.4 series (with the exception of 3.2.2 and 3.2.3 - see "COMPATIBILITY" in the Net::SSLeay module documentation for details). - The TLS 1.3 implementation in LibreSSL 3.1 - 3.3, parts of which are enabled by default, is not fully compatible with the libssl API and may not function as expected with Net::SSLeay; see "KNOWN BUGS AND CAVEATS" in the Net::SSLeay module documentation for details. - A number of new libcrypto/libssl constants and functions are now exposed, including SSL_CTX_set_keylog_callback() and SSL_CTX_set_msg_callback(), which are helpful when debugging TLS handshakes. See the release notes for the 1.91 developer releases below for a full list of newly-exposed constants and functions. 1.91_03 2022-01-10 - Avoid misclassifying Clang as GCC in Test::Net::SSLeay's can_thread() function. This fixes test failures in 61_threads-cb-crash.t and 62_threads-ctx_new-deadlock.t on OpenBSD and FreeBSD (and possibly other OSes too). Fixes GH-350. - Add the following constants for OpenSSL_version(): - OPENSSL_CPU_INFO - OPENSSL_FULL_VERSION_STRING - OPENSSL_MODULES_DIR - OPENSSL_VERSION_STRING These constants are new in OpenSSL 3.0.0 release. - Update test 03_use.t to print information returned by the new constants. - Add more information to 03_use.t print output, including printing OPENSSL_VERSION_NUMBER as a 32bit hex number. - Add the following constants for OPENSSL_info() added in OpenSSL 3.0.0. - OPENSSL_INFO_CONFIG_DIR - OPENSSL_INFO_CPU_SETTINGS - OPENSSL_INFO_DIR_FILENAME_SEPARATOR - OPENSSL_INFO_DSO_EXTENSION - OPENSSL_INFO_ENGINES_DIR - OPENSSL_INFO_LIST_SEPARATOR - OPENSSL_INFO_MODULES_DIR - OPENSSL_INFO_SEED_SOURCE - Expose OPENSSL_info(), OPENSSL_version_major(), OPENSSL_version_minor(), OPENSSL_version_patch(), OPENSSL_version_pre_release() and OPENSSL_version_build_metadata() added in OpenSSL 3.0.0. Update 03_use.t diagnostics and 04_basic.t tests to use these functions. - Clarify documentation of OpenSSL_version_num(), SSLeay(), SSLeay_version() and OpenSSL_version(). - Add notes to OpenSSL_version_num() and SSLeay() on how to determine if the library is OpenSSL or LibreSSL and how to interpret the version number these functions return. - Add constants OPENSSL_VERSION_MAJOR, OPENSSL_VERSION_MINOR and OPENSSL_VERSION_PATCH. Update OPENSSL_version_major/minor/patch documentation to describe how these library functions relate to Net-SSLeay compile time constants. Add tests to verify the constants and functions return equal values. 1.91_02 2021-12-29 - On OpenVMS, detect vendor SSL111 product based on OpenSSL 1.1.x. - Cast the return value of OCSP_SINGLERESP_get0_id to fix a const/non-const mismatch warning that broke the build on OpenVMS. - Create SSL_CTXs with Test::Net::SSLeay's new_ctx() function for tests that are broken with LibreSSL 3.2. Partially fixes GH-232. - In 36_verify.t, account for the presence of the X509_V_FLAG_LEGACY_VERIFY flag (signalling the use of the legacy X.509 verifier) in LibreSSL 3.2 versions from 3.2.4 onwards. Fixes the remainder of GH-232. - Note in the Net::SSLeay documentation that the TLS 1.3 implementation in LibreSSL 3.1 - 3.3, parts of which are enabled by default, is not libssl-compatible. See the "KNOWN BUGS AND CAVEATS" section of lib/Net/SSLeay.pod for details. - Add constants for, but not limited to, SSL_CTX_set_msg_callback and SSL_set_msg_callback functions: SSL3_RT_* for record content types, SSL3_MT_* for Handshake and ChangeCipherSpec message types, SSL2_VERSION to complement the list of existing SSL and TLS version constants and SSL2_MT_* for SSLv2 Handshake messages. - Expose SSL_CTX_set_keylog_callback and SSL_CTX_get_keylog_callback available with OpenSSL 1.1.1pre1 and later. - Enhance 10_rand.t RAND_file_name tests: tests are no longer affected by the runtime environment variables, HOME and RANDFILE. These variables are insted controlled by the tests with local %ENV. Problems related to RAND_file_name were discussed in Github issue GH-152, and there might still be cases when, for example, setuid is used because of OpenSSL's use of glibc secure_getenv() and related functions. Address RAND_file_name differences between OpenSSL versions. Note in SSLeay.pod that RAND_file_name() can return undef with LibreSSL and recent OpenSSL versions. - Removed the following exportable symbols from SSLeay.pm: - SESSION, clear_error and err have never been defined. - add_session, flush_sessions and remove_session were removed in Net::SSLeay 1.04 - Undocumented X509_STORE_CTX_set_flags() was removed in Net::SSLeay 1.37 when X509_VERIFY_PARAM_* functions were added. These are preferred over directly setting the flags. - Clarified Changes entry for release 1.75 to state that CTX_v2_new is not removed from Net::SSLeay. SSLv2 is completely removed in OpenSSL 1.1.0. - Beginning with OpenSSL 3.0.0-alpha17, SSL_CTX_get_options() and related functions return uint64_t instead of long. For this reason constant() in constant.c and Net::SSLeay must also be able to return 64bit constants. Add uint64_t definitions to typemap file and update constant() and options functions to use uint64_t with OpenSSL 3.0.0 and later when Perl is compiled with 64bit integers. With 32bit integers, the functions remain as they are: constant() functions return double and options functions return long. This partially fixes GH-315, 32bit integer Perls need to be handled separately. - Work around macOS Monterey build failure during 'perl Makefile.PL' that causes perl to exit with 'WARNING: .../perl is loading libcrypto in an unsafe way' or similar message. This fixes GH-329. Thanks to Daniel J. Luke for the report and John Napiorkowski for additional help. 1.91_01 2021-10-24 - Correct X509_STORE_CTX_init() return value to integer. Previous versions of Net::SSLeay return nothing. - Update tests to call close() to avoid problems seen with test 44_sess.t, and possibly other tests, running on older Windows Perl versions. Also add some missing calls in tests to shutdown and free ssl structures. - Fix multiple formatting errors in the documentation for Net::SSLeay. Thanks to John Jetmore. - Check for presence of libssl headers in Makefile.PL, and exit with an error instead of generating an invalid Makefile if they cannot be found. Fixes RT#105189. Thanks to James E Keenan for the report. - Added support for SSL_CTX_set_msg_callback/SSL_set_msg_callback Thanks to Tim Aerts. - Adjust time in ASN1_TIME_timet based on current offset to GMT to address GH-148. Thanks to Steffen Ullrich. - Multiple updates to tests to match OpenSSL 3.0 behaviour. Thanks to Michal Josef ?pa?ek. - OpenSSL 3.0 related changes in tests include: - TLSv1 and TLSv1.1 require security level 0 starting with 3.0 alpha 5. - SSL_CTX_set_ciphersuites() and SSL_set_ciphersuites() ignore unknown ciphersuites starting with 3.0 alpha 11. - Error code and error string packing and formatting changes. - PEM_get_string_PrivateKey default algorithm requires legacy provider. - See OpenSSL manual page migration_guide(7) for more information about changes in OpenSSL 3.0. - Automatically detect OpenSSL installed via Homebrew on ARM-based macOS systems. Thanks to Graham Knop for the patch. - Account for the divergence in TLSv1.3 ciphersuite names between OpenSSL and LibreSSL, which was causing failures of some TLSv1.3 tests with LibreSSL. - In 36_verify.t, account for the presence of the X509_V_FLAG_LEGACY_VERIFY flag (signalling the use of the legacy X.509 verifier) in LibreSSL 3.3.2 and above. - In 43_misc_functions.t, account for the fact that LibreSSL 3.2.0 and above implement TLSv1.3 without exposing a TLS1_3_VERSION constant. - Expose OpenSSL 3.0 functions OSSL_LIB_CTX_get0_global_default, OSSL_PROVIDER_load, OSSL_PROVIDER_try_load, OSSL_PROVIDER_unload, OSSL_PROVIDER_available, OSSL_PROVIDER_do_all OSSL_PROVIDER_get0_name and OSSL_PROVIDER_self_test. Add test files 22_provider.t, 22_provider_try_load.t and 22_provider_try_load_zero_retain.t. - With OpenSSL 3.0 and later, the legacy provider is loaded in 33_x509_create_cert.t to allow PEM_get_string_PrivateKey to continue working until its default encryption method is updated. Fixes GH-272 and closes GH-273. - Remove the test suite's optional dependency on the non-core modules Test::Exception, Test::NoWarnings and Test::Warn. Tests that verify Net::SSLeay's behaviour when errors occur are now executed regardless of the availability of these modules. - Fully automate the process of changing the list of constants exported by Net::SSLeay. Fixes GH-313. - Perform function autoloading tests in the test suite. Fixes GH-311. - In 36_verify.t, account for the fact that the X509_V_FLAG_LEGACY_VERIFY flag (signalling the use of the legacy X.509 verifier) is no longer exposed as of LibreSSL 3.4.1. Fixes GH-324. ==== python-aiobotocore ==== Version update (1.3.3 -> 2.1.0) - Remove obsolete python36 skip of tests - Update to 2.1.0 * bump to botocore 1.23.24 * fix aiohttp resolver config param #906 - Release 2.0.1 * revert accidental dupe of _register_s3_events #867 (thanks @eoghanmurray) * Support customizing the aiohttp connector resolver class #893 (thanks @orf) * fix timestream query #902 - Release 2.0.0 * bump to botocore 1.22.8 * turn off default AIOBOTOCORE_DEPRECATED_1_4_0_APIS env var to match botocore module. See notes in 1.4.0. - Release 1.4.2 * Fix missing close() method on http session (thanks @terrycain) * Fix for verify=False - Release 1.4.1 * put backwards incompatible changes behind AIOBOTOCORE_DEPRECATED_1_4_0_APIS env var. This means that #876 will not work unless this env var has been set to 0. - Release 1.4.0 * fix retries via config #877 * remove AioSession and get_session top level names to match botocore_ * change exceptions raised to match those of botocore_, see mappings - Enable tests ==== python-libvirt-python ==== Version update (7.10.0 -> 8.0.0) - Update to 8.0.0 - Add all new APIs and constants in libvirt 8.0.0 - jsc#SLE-11435, jsc#SLE-18354 ==== python-pyftpdlib ==== - Switch off the test suite, it just doesn't work reliably (gh#giampaolo/pyftpdlib#540). ==== selinux-policy ==== Subpackages: selinux-policy-targeted - Allow colord to use systemd hardenings (bsc#1194631) ==== systemd ==== Version update (249.7 -> 249.9) Subpackages: libsystemd0 libsystemd0-32bit libudev-devel libudev1 libudev1-32bit systemd-32bit systemd-container systemd-lang systemd-sysvinit udev - Move the systemd-network-generator stuff in udev package This generator can generate .link files and is mainly used in initrd where udev is mandatory. - Restore /sbin/udevadm and /bin/systemctl (obsolete) paths when split_usr is true (bsc#1194519) - Import commit 3743acbce3bd44208af453fc6dc384a1236dc83c (merge of v249.9) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/e2ca79dd775d1f7d39861d57f23c43f6cd85a872...3743acbce3bd44208af453fc6dc384a1236dc83c - Extract bits from 0008-sysv-generator-translate-Required-Start-into-a-Wants.patch which are not specific to the handling of 'Required-Start:' and move them into a new patch 0009-sysv-add-back-support-for-all-virtual-facility-and-f.patch - Import commit e2ca79dd775d1f7d39861d57f23c43f6cd85a872 (merge of v249.8) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/458220239c69b8e5fe7be480929348daeccb70d1...e2ca79dd775d1f7d39861d57f23c43f6cd85a872 - Import commit 458220239c69b8e5fe7be480929348daeccb70d1 e95df40b09 shared/rm-rf: loop over nested directories instead of instead of recursing (CVE-2021-3997 bsc#1194178) 078e04305d shared/rm_rf: refactor rm_rf() to shorten code a bit 6d560d0aca shared/rm_rf: refactor rm_rf_children_inner() to shorten code a bit 6666ff056c localectl: don't omit keymaps files that are symlinks (bsc#1191826) - Drop the following patches as they have been merged into SUSE/v249 branch: 5000-shared-rm_rf-refactor-rm_rf_children_inner-to-shorte.patch 5001-shared-rm_rf-refactor-rm_rf-to-shorten-code-a-bit.patch 5002-shared-rm-rf-loop-over-nested-directories-instead-of.patch ==== wicked ==== Subpackages: wicked-service - fsm: fix device rename via yast (bsc#1194392) Reset worker config instead to reject a NULL/empty config xml node -- introduced in wicked 0.6.67 by commit c2a0385. [+ 0001-fsm-fix-device-rename-via-yast-bsc-1194392.patch] ==== xdg-desktop-portal ==== Version update (1.10.1 -> 1.12.1) Subpackages: xdg-desktop-portal-lang - update to version 1.12.1: + Fix a crash in the device portal - includes changes from 1.12.0: + Place portals in the systemd session.slice + settings: Add color-scheme key + open-uri: Avoid a sync call to org.freedesktop.FileManager + screncast: Allow restoring previous sessions + Add a portal for requesting realtime permissions + ci: Many improvements + Publish the docs from a ci job + Translation updates ==== xdg-desktop-portal-gtk ==== Version update (1.10.0 -> 1.12.0) Subpackages: xdg-desktop-portal-gtk-lang - update to 1.12.0: + settings: Provide org.freedesktop.appearance.color-scheme key + settings: Handle org.gnome.desktop.a11y.interface schema + notification: Handle actions with targets properly + Enable settings and appchooser portals by default + Translation updates ==== yast2-firstboot ==== Version update (4.4.6 -> 4.4.7) - Add client to configure settings for WSL images (jsc#SLE-20413). - Provide a yast2-firstboot-wsl subpackage to deploy specific firstboot config for WSL. - 4.4.7 ==== yast2-packager ==== Version update (4.4.19 -> 4.4.20) - Enabled RSpec verifying doubles (bsc#1194784) - 4.4.20 ==== yast2-ruby-bindings ==== Version update (4.4.6 -> 4.4.7) - Added yast/rspec/helpers.rb (related to bsc#1194784) - 4.4.7