Packages changed: avahi btrfsprogs chrony dracut (055+suse.179.g3cf989c2 -> 055+suse.194.gdd41932a) fftw3 flatpak (1.12.3 -> 1.12.4) gnome-branding-MicroOS gnutls (3.7.2 -> 3.7.3) gvfs kbd keylime libblockdev libcontainers-common libjansson (2.13.1 -> 2.14) libnettle libpwquality ncurses (6.3.20220101 -> 6.3.20220115) runc (1.1.0~rc1 -> 1.1.0) selinux-policy systemd (249.7 -> 249.9) wicked xdg-desktop-portal (1.10.1 -> 1.12.1) xdg-desktop-portal-gtk (1.10.0 -> 1.12.0) === Details === ==== avahi ==== Subpackages: libavahi-client3 libavahi-common3 libavahi-core7 - Reinstate avahi-0.6.31-systemd-order.patch (boo#1194561). This can probably go away if/when gh#lathiat/avahi#118 is fixed. - Drop avahi-0.6.32-suppress-resolv-conf-warning.patch: we should no longer need this given the above patch. - Add several patches from git: 0001-man-fix-reference-to-avahi-autoipd.action-8-in-avahi.patch 0005-avahi-dnsconfd.service-Drop-Also-avahi-daemon.socket.patch 0006-man-add-missing-bshell.1-symlink.patch 0007-Ship-avahi-discover-1-bssh-1-and-bvnc-1-also-for-GTK.patch 0009-fix-bytestring-decoding-for-proper-display.patch 0010-avahi_dns_packet_consume_uint32-fix-potential-undefi.patch - Build manpages with xmltoman. Currently needed for bssh. - Minor spec file clean-up. - Require python-rpm-macros for all builds (boo#1194744 boo#1194745). ==== btrfsprogs ==== Subpackages: btrfsprogs-udev-rules libbtrfs0 - add python-rpm-macros (bsc#1194748) - spec: also provide btrfs-progs as it's common package name in other distros - spec: clean up conditionals for < 12 versions - spec: let SLE12 build again (conditional dependency of libreiserfscore) - Removed patches: sles11-defaults.h (no SLE11 compatibility anymore) - Added patches: btrfs-progs-kerncompat-add-local-definition-for-alig.patch (fix build on SLE12/SLE15) - Update to 5.16 * rescue: new subcommand clear-uuid-tree to fix failed mount due to bad uuid subvolume keys, caught by tree-checker * fi du: skip inaccessible files * prop: properly resolve to symlink targets * send, receive: fix crash after parent subvolume lookup errors * build: * fix build on 5.12+ kernels due to changes in linux/kernel.h * fix build on musl with old kernel headers * other: * error handling fixes, cleanups, refactoring * extent tree v2 preparatory work * lots of RST documentation updates (last release with asciidoc sources), https://btrfs.readthedocs.io - Update to 5.15.1 * fi usage: fix wrongly reported space of used or unallocated space * fix detection of block device discard capability * check: add more sanity checks for checksum items * build: make sphinx optional backend for documentation - Update to 5.15 * mkfs: new defaults! * no-holes * free-space-tree * DUP for metadata unconditionally * libbtrfsutil: add missing profile defines * libbtrfs: minimize its impact on the other code, refactor and separate implementation where needed, cleanup afterwards, reduced header exports * documentation: introduce sphinx build and RST versions of manual pages, will become the new format and replace asciidoc * fixes: warning regarding v1 space cache when only v2 (free space tree) is enabled - Update to 5.14.1 * fixes * zoned mode * properly detect non-zoned devices in emulation mode * properly create quota tree * raid1c3/4 also excluded from unsupported profiles * use sysfs-based detection of device discard capability, fix mkfs-time trim for non-standard devices * mkfs: fix creation of populated filesystem with free space tree * detect multipath devices (needs libudev) * replace start: add option -K/--nodiscard, similar to what mkfs or device add has * dump-tree: print complete root_item * mkfs: add option --verbose * sb-mod: better help, no checksum calculation on read-only actions * subvol show: * print more information (regarding send and receive) * print warning if read-write subvolume has received_uuid set * property set: * add parameter -f to force changes * changing ro->rw switch now needs -f if subvolume has received_uuid set, (see documentation) * build: optional libudev (on by default) * other * remove deprecated support for CREATE_ASYNC bit for subvolume ioctl * CI updates * new and updated tests - Update patch: mkfs-default-features.patch (add stub define for new defaults) - Update to 5.14.1 * fixes: * defrag: fix parsing of compression (option -c) * add workaround for old kernels when reading zone sizes * let only check and restore open the fs with transid failures, namely preventing btrfstune to do so * convert: --uuid copy does not fail on duplicate uuids - Update to 5.14 * convert: * new option --uuid to copy, generate or set a given uuid * improve output * mkfs: * allow to create degenerate raid0 (on 1 device) and raid10 (on 2 devices) * image: * improved error messages * fix some alignment of restored image * subvol delete: allow to delete by id when path is not resolvable * check: * require alignment of nodesize for 64k page systems * detect and fix invalid block groups * libbtrfs (deprecated): * remove most exported symbols, leave only a few that are used by snapper * no version change (still 0.1) * remove btrfs-list.h, btrfsck.h * fixes: * reset generation of space v1 if v2 is used * fi us: don't wrongly report missing device size when partition is not readable * other: * build: experimental features * build: better detection of 64bit timestamp support for ext4 * corrupt-block: block group items * new and updated tests * refactoring * experimental features: * new image dump format, with data - Update to 5.13.1 * build: fix build on musl libc due to missing definition of NAME_MAX * check: * batch more work into one transaction when clearing v1 free space inodes * detect directoris with wrong number of links * libbtrfsutil: fix race between subvolume iterator and deletion * mkfs: be more specific about supported profiles for zoned device * other: * documentation updates - Update to 5.13 * restore: remove loop checks for extent count and directory scan * inspect dump-tree: new options to print node (--csum-headers) and data checksums (--csum-items) * fi usage: * print stripe count for striped profiles * print zoned information: size, total unusable * mkfs: print note about sha256 accelerated module loading issue * check: ability to reset dev_item::bytes_used * fixes * detect zoned kernel support at run time too * exclusive op running check return value * fi resize: support cancel (kernel 5.14) * device remove: support cancel (kernel 5.14) * documentation about general topics * compression * zoned mode * storage model * hardware considerations * other * libbtrfsutil API overview * help text fixes and updates * hash speedtest measure time, cycles using perf and print throughput - Add --disable-zoned for leap - revert previous change, unintentionally disables zstd on tumbleweed - Fix build for leap * --disable-zstd if leap < 42.3 * --disable-zoned for leap - Update to 5.12.1 * build: fix missing symbols in libbtrfs * mkfs: check for minimal number of zones * check: fix warning about cache generation when free space tree is enabled * fix superblock write in zoned mode on 16K pages - Update to 5.12 * libbtrfsutil: relicensed to LGPL v2.1+ * mkfs: zoned mode support (kernel 5.12+) * fi df: show zone_unusable per profile type in zoned mode * fi usage: show total amount of zone_unusable * fi resize: fix message for exact size * image: fix warning and enlarge output file if necessary * core * refactor chunk allocator for more modes * implement zoned mode support: allocation and writes, sb log * crypto/hash refactoring and cleanups * refactoring and cleanups * other * test updates * CI updates * travis-ci integration disabled * docker images updated, more coverage * incomplete build support for Android removed * doc updates * chattr mode m for 'NOCOMPRESS" * swapfile used from fstab * how to add a new export to libbtrfsutil * update status of mount options since 5.9 - Update to 5.11.1 * properly format checksums when a mismatch is reported * check: fix false alert on tree block crossing 64K page boundary * convert: * refuse to convert filesystem with 'needs_recovery' * update documentation to require fsck before conversion * balance convert: fix raid56 warning when converting other profiles * fi resize: improved summary * other * build: fix checks and autoconf defines * fix symlink paths for CI support scripts * updated tests - Update to 5.11 * fix device path canonicalization for device mapper devices * receive: remove workaround for setting capabilities, all stable kernels have been patched * receive: fix duplicate mount path detection * rescue: new subcommand create-control-device * device stats: minor fix for plain text format output * build: detect if e2fsprogs support 64bit timestamps * build: drop libmount, required functionality has been reimplemented * mkfs: warn when raid56 is used * balance convert: warn when raid56 is used * other * new and updated tests * documentation updates * seeding device * raid56 status * CI updates * docker images for various distros - Update to 5.10.1 * static build works again * other: * add a way to test static binaries with the testsuite * clarify scrub docs * update dependencies, minimum version for libmount is 2.24, this may change in the future - Update to 5.10 * scrub status: * print percentage of progress * add size unit options * fi usage: also print free space from statfs * convert: copy full 64 bit timestamp from ext4 if availalble * check: * add ability to repair extent item generation * new option to remove leftovers from inode number cache (-o inode_cache) * check for already running exclusive operation (balance, device add/...) when starting one * preliminary json output support for 'device stats' * fixes: * subvolume set-default: id 0 correctly falls back to toplevel * receive: align internal buffer to allow fast CRC calculation * logical-resolve: distinguish -o subvol and bind mounts * build: new dependency libmount * other * doc fixes and updates * new tests * ci on gitlab temporarily disabled * debugging output enhancements - prepare usrmerge (boo#1029961) - Update to 5.9: * mkfs: * switch default to single profile for multi-device filesystem, up to now it was raid0 that may not be simple to convert to some other profile as raid0 needs a workspace on all device for that * new option -R for run-time options (eg. mount time enabled), now understands free-space-tree * subvolume delete: * refuse to delete the default subvolume (kernel will not allow that but the error reason is not obvious) * warn on EPERM, eg. if send is on progress on the subvolume * convert: * fix 32bit overflows on large filesystems * improved error handling and error messages * check free space taking fragmentation into account * check: * detect and repair wrong inode generation * minor improvement in error reporting on roots * libbtrfsutils: follow main package versioning (5.9) * add pkg-config file definitions * python-btrfsutil: follow main package versioning (5.9) * inspect tree-stats: print node counts for each level, fanout * other: * docs: * remove obsolete mount options (alloc_start, subvolrootid) * deleting default subvolume is not permitted * updated or fixed tests * .editorconfig updates * move files to kernel-shared/ * CI: * updated to use zstd 1.4.5 * fix reiserfs build * more builds with asan, ubsan * sb-mod updates * build: * print .so versions of libraries in configure summary - Update to 5.7: * mkfs: * new option to enable features otherwise enabled at runtime, now implemented for quotas, 'mkfs.btrfs -R quota' * fix space accounting for small image, DUP and --rootdir * option -A removed * check: detect ranges with overlapping csum items * fi usage: report correct numbers when plain RAID56 profiles are used * convert: ensure the data chunks size never exceed device size * libbtrfsutil: update documentation regarding subvolume deletion * build: support libkcapi as implementation backend for cryptographic primitives * core: global options for verbosity (-v, -q), subcommands -v or -q are aliases and will continue to work but are considered deprecated, current command output is preserved to keep scripts working * other: * build warning fixes * btrfs-debugfs ported to python 3 - Update to 5.6.1: * print warning when multiple block group profiles exist, update 'fi usage' summary, add docs to maual page explaining the situation * build: optional support for libgcrypt or libsodium, providing hash implementations * updated docs - Fix content of _dracutmodulesdir variable: this definitively does not belong to libexecdir. - Update to 5.6: * inspect logical-resolve: support LOGICAL_INO_V2 as new option '-o', helps advanced dedupe tools * inspect: user larger buffer (64K) for results * subvol delete: support deletion by id (requires kernel 5.7+) * dump-tree: new option --hide-names, replace any names (file, directory, subvolume, xattr) in the output with stubs * various fixes - Update to 5.4.1 * build: fix docbook5 build * check: do extra verification of extent items, inode items and chunks * qgroup: return ENOTCONN if quotas not running (needs updated kernel) * other: various test fixups - BuildRequire pkgconfig(udev) instead of udev: Allow OBS to shortcut through the -mini flavor. - Use pkg-config --modversion udev to identify the current udev version. This is more portable and supports the -mini flavors. - Update to 5.4 * support new hash algorithms (kernel 5.5): * mkfs.btrfs and btrfs-convert with --csum, crc32c, xxhash, sha256, blake2 * mkfs: support new raid1c3 and raid1c4 block group profiles (kernel 5.5) * check: * --repair delays start with a warning, can be skipped using --force * enhanced detetion of inode types from partial data, more options for repair * receive: fix quiet option * image: speed up chunk loading * fi usage: * sort devices by id * print ratio of used/total per block group type * rescue zero-log: reset the log pointers directly, avoid reading some other potentially damaged structures * new make target install-static to install only static binaries/libraries * other * docs updates * new tests * cleanups and refactoring - Update to 5.3.1: * libbtrfs: fix link breakage due to missing symbols - Updaet to 5.3: * mkfs: * new option to specify checksum algorithm (only crc32c) * fix xattr enumeration * dump-tree: BFS (breadth-first) traversal now default * libbtrfsutil: remove stale BTRFS_DEV_REPLACE_ITEM_STATE_x defines * ci: add support for gitlab * other: * preparatory work for more checksum algorithms * docs update * switch to docbook5 backend for asciidoc * fix build on uClibc due to missing backtrace() * lots of printf format fixups - Enable build of python-bindings for libbtrfsutil - Update to 5.2.2: * check: * fix false report of wrong byte count for orphan inodes * option -E was not handled correctly * new check and repair for root item generation * balance: check for full-balance before background fork * mkfs: check that total device size does not overflow 16EiB * dump-tree: print DEV_STATS key type * other: * new and updated tests * doc fixups and updates - update to 5.2.1 * scrub status: fix ETA calculation after resume * check: fix crash when using -Q * restore: fix symlink owner restoration * mkfs: fix regression with mixed block groups * core: fix commit to process all delayed refs * other: * minor cleanups * test updates - update to 5.2 * subvol show: print qgroup information when available * scrub: * status: show ETA, revamp the whole output * fix reading/writing of last position on resume/cancel, potentially skipping part of the filesystem on next resume * dump-tree: add new option --noscan to use only devices given on the commandline * all-in-one binary (busybox style) with mkfs.btrfs, btrfs-image, btrfs-convert, btrfstune * image: fix hang when there are more than 32 cpus online and compression is requested * convert: fix some false ENOSPC errors when --rootdir is used * build: fix gcc9 warnings * core changes * command handling cleanups * dead code removal * cmds-* files moved to cmds/ * other shared userspace files moved to common/ * utils.c split into more files * preparatory work for more output formats * libbtrfsutil: fix unaligned access * other * new and updated tests * fix tests so CI passes again * sb-mod can modify more superblock items - update to version 5.1 * repair: flush/FUA support to avoid breaking metadata COW * file extents repair no longer relies on data in extent tree * lowmem: fix false error reports about gaps between extents * add inode mode check and repair for various objects * add check for invalid combination of nocow/compressed extents * device scan option to forget scanned devices [new] * mkfs: use same chunk size as kernel for initial creation * dev-repace: better report when other exclusive operation runs * help for sntax errors on command lines, print relevant msgs * defrag: able to open files in RO mode * dump-tree: --block can be specified multiple times - update to version 4.20.2 * dump-super: minor output fixup * revert fix for prefix detection of receive path, this is temporary and unbreaks existing user setups - Use correct path for dracut-fsck-help.txt in module-setup.sh (bsc#1122539) * Remove module-setup.sh * Add module-setup.sh.in - Advise user of fs recovery options when we fail to mount (fate#320443, bsc#1122539) * Add dracut-fsck-help.txt * Add module-setup.sh - update to version 4.20.1 * libbtrfs: fix build of external tools due to missing symbols * ci: enable library test - update to version 4.20 * new feature: metadata uuid * lightweight change of UUID without rewriting all metadata (incompatible change) * done by btrfstune -m/-M, needs kernel support, 5.0+ * image: * fix block groups when restoring from multi-device image * only enlarge result image if it's a regular file * check * more device extent checks and fixes * can repair dir item with mismatched hash * mkfs: uuid tree created with proper contents * fix mount point detection due to partial prefix match * other: * new tests, build fixes, doc updates * libbtrfsutil: fix tests if kernel lacks support for new subvolume ioctls - partial cleanup with spec-cleaner - drop 0001-btrfs-progs-Add-support-for-metadata_uuid-field.patch - drop 0002-btrfs-progs-btrfstune-Add-support-for-changing-the-u.patch - drop 0003-btrfs-progs-Remove-fsid-metdata_uuid-fields-from-fs_.patch - drop 0004-btrfs-progs-Remove-btrfs_fs_info-new_fsid.patch - drop 0005-btrfs-progs-Directly-pass-root-to-change_devices_uui.patch - Use %license instead of %doc [bsc#1082318] - Implement fate#325871 * Added 0001-btrfs-progs-Add-support-for-metadata_uuid-field.patch * Added 0002-btrfs-progs-btrfstune-Add-support-for-changing-the-u.patch * Added 0003-btrfs-progs-Remove-fsid-metdata_uuid-fields-from-fs_.patch * Added 0004-btrfs-progs-Remove-btrfs_fs_info-new_fsid.patch * Added 0005-btrfs-progs-Directly-pass-root-to-change_devices_uui.patch - update to version 4.19.1 * check * many lowmem mode improvements * properly report qgroup mismatch errors * check symlinks with append/immutable flags * fi usage * correctly calculate allocated/unallocated for raid10 * minor output updates * mkfs * detect ENOSPC on thinly provisioned devices * fix spurious EEXIST during directory traversal * restore: fix relative path for restore target * dump-tree: print symbolic tree names for backrefs * send: fix regression preventing send -p with subvolumes mounted on "/" * corrupt-tree: refactoring and command line updates * build * make it work with e2fsprogs < 1.42 again * restore support for autoconf 2.63 * detect if -std=gnu90 is supported * other * new tests * cleanups - update to version 4.19 * check: support repair of fs with free-space-tree feature * core: * port delayed ref infrastructure from kernel * support write to free space tree * dump-tree: new options for BFS and DFS enumeration of b-trees * quota: rescan is now done automatically after 'assign' * btrfstune: incomplete fix to uuid change * subvol: fix 255 char limit checks * completion: complete block devices and now regular files too * docs: * ship uncompressed manual pages * btrfsck uses a manual page link instead of symlink * other * improved error handling * docs * new tests - update to version 4.17.1 * check: * add ability to fix wrong ram_bytes for compressed inline files * beautify progress output * btrfstune: allow to continue uuid change after unclean interruption * several fuzz fixes: * detect overalpping chunks * chunk loading error handling * don't crash with unexpected root refs to extents * relax option parsing again to allow mixing options and non-options arguments * fix qgroup rescan status reporting * build: * drop obsolete dir-test * new configure option to disable building of tools * add compatibility options --disable-static and --disable-shared * other: * cleanups and preparatory work * new test images - spec cleanup - update to version 4.17 * check * many lowmem mode improvements * properly report qgroup mismatch errors * check symlinks with append/immutable flags * fi usage * correctly calculate allocated/unallocated for raid10 * minor output updates * mkfs * detect ENOSPC on thinly provisioned devices * fix spurious EEXIST during directory traversal * restore: fix relative path for restore target * dump-tree: print symbolic tree names for backrefs * send: fix regression preventing send -p with subvolumes mounted on "/" * corrupt-tree: refactoring and command line updates * build * make it work with e2fsprogs < 1.42 again * restore support for autoconf 2.63 * detect if -std=gnu90 is supported - Removed patches (upstreamed): * 0001-btrfs-progs-convert-fix-support-for-e2fsprogs-1.42.patch * 0002-btrfs-progs-build-autoconf-2.63-compatibility.patch * 0003-btrfs-progs-build-detect-whether-std-gnu90-is-suppor.patch - Don't require libzstd-devel-static on builds that don't use it. - fix installation of btrfs.5.gz - Fix building on SLE11: * btrfs-progs: convert: fix support for e2fsprogs < 1.42 * btrfs-progs: build: detect whether -std=gnu90 is supported * btrfs-progs: build: autoconf 2.63 compatibility * Fixed mismerged addition of libbtrfsutil1 package description - Added patches: * 0001-btrfs-progs-convert-fix-support-for-e2fsprogs-1.42.patch * 0002-btrfs-progs-build-autoconf-2.63-compatibility.patch * 0003-btrfs-progs-build-detect-whether-std-gnu90-is-suppor.patch - update to version 4.16.1 * remove obsolete tools: btrfs-debug-tree, btrfs-zero-log, btrfs-show-super, btrfs-calc-size * sb-mod: new debugging tool to edit superblock items * mkfs: detect if thin-provisioned device does not have enough space * check: don't try to verify checksums on metadata dump images * build: fail documentation build if xmlto is not found * build: fix build of btrfs.static - Remove patch: 0001-btrfs-progs-build-fix-static-build.patch (upstream) - Update initrd script - update to version 4.16 * libbtrfsutil - new LGPL library to wrap userspace functionality * several 'btrfs' commands converted to use it: * properties * filesystem sync * subvolume set-default/get-default/delete/show/sync * python bindings, tests * build * use configured pkg-config path * CI: add python, musl/clang, built dependencies caching * convert: build fix for e2fsprogs 1.44+ * don't install library links with wrong permissions * fixes * prevent incorrect use of subvol_strip_mountpoint * dump-super: don't verify csum for unknown type * convert: fix inline extent creation condition * check: * lowmem: fix false alert for 'data extent backref lost for snapshot' * lowmem: fix false alert for orphan inode * lowmem: fix false alert for shared prealloc extents * mkfs: * add UUID and otime to root of FS_TREE - with the uuid, snapshots will be now linked to the toplevel subvol by the parent UUID * don't follow symlinks when calculating size * pre-create the UUID tree * fix --rootdir with selinux enabled * dump-tree: add option to print only children nodes of a given block * image: handle missing device for RAID1 * other * new tests * test script cleanups (quoting, helpers) * tool to edit superblocks * updated docs - Add patch: 0001-btrfs-progs-build-fix-static-build.patch - Add new library packages: libbtrfsutil - use documentation shipped by upstream tar, reduce dependencies - enable static build again, zstd now has static version - update to version 4.15 * mkfs --rootdir reworked, does not minimize the final image but can be still done using a new option --shrink * fix allocation of system chunk, don't allocate from the reserved area * other * new and updated tests * cleanups, refactoring * doc updates - spec: fix distro version condition - update to version 4.14.1 * dump-tree: print times of root items * check: fix several lowmem mode bugs * convert: fix rollback after balance * other * new and updated tests, enabled lowmem mode in CI * docs updates * fix travis CI build * build fixes * cleanups - update to version 4.14 * build: libzstd now required by default * check: more lowmem mode repair enhancements * subvol set-default: also accept path * prop set: compression accepts no/none, same as "" * filesystem usage: enable for filesystem on top of a seed device * rescue: new command fix-device-size * other * new tests * cleanups and refactoring * doc updates - Removed patches: - rollback-regression-fix.patch - upstreamed - spec: disable static build, missing libzstd-devel-static - spec: disable zstd support for non-Tumbleweed distros ==== chrony ==== Subpackages: chrony-pool-openSUSE - boo#1194206: Use /run instead of /var/run throughout. - bsc#1194229: Fix pool package dependencies, so that SLE actually prefers chrony-pool-suse over chrony-pool-empty. ==== dracut ==== Version update (055+suse.179.g3cf989c2 -> 055+suse.194.gdd41932a) Subpackages: dracut-ima dracut-mkinitrd-deprecated - Update to version 055+suse.194.gdd41932a: * fix(network-legacy): add wicked as an alternative to arping (bsc#1193670) * fix(network): add wicked as an alternative to arping (bsc#1193670) - Update to version 055+suse.191.g67eb4ea8: * fix(dracut-initramfs-restore.sh): add test for SUSE initrd name (bsc#1194570) * fix(dracut.spec): require util-linux-systemd (bsc#1194162) * fix(network-wicked): multiple path corrections * fix(drm): add privacy screen modules to the initrd (bsc#1193590) * fix(dracut.spec): update usrmerged mkinitrd dir * fix(url-lib): improve ca-bundle detection (bsc#1175892) ==== fftw3 ==== - Don't install half-baked cmake files (bsc#1194728): the files are incomplete and useless with the build using auto-tools ==== flatpak ==== Version update (1.12.3 -> 1.12.4) Subpackages: libflatpak0 system-user-flatpak - Update to 1.12.4: + reverting non-backwards-compatible behaviour changes in the solution previously chosen for CVE-2022-21682 (boo#1194611) Fix will be in flatpak-builder 1.2.2. + Clarify documentation of --nofilesystem + Improve unit test coverage around --filesystem and - -nofilesystem + Restore compatibility with older appstream-glib versions, fixing a regression in 1.12.3 ==== gnome-branding-MicroOS ==== - added an extra flatpak to Manage Extensions so a rpm based chromium or firefox browser is no longer necessary "com.mattjakeman.ExtensionManager" ==== gnutls ==== Version update (3.7.2 -> 3.7.3) - Update to 3.7.3: [bsc#1190698, bsc#1190796] * libgnutls: The allowlisting configuration mode has been added to the system-wide settings. In this mode, all the algorithms are initially marked as insecure or disabled, while the applications can re-enable them either through the [overrides] section of the configuration file or the new API (#1172). * The build infrastructure no longer depends on GNU AutoGen for generating command-line option handling, template file parsing in certtool, and documentation generation (#773, #774). This change also removes run-time or bundled dependency on the libopts library, and requires Python 3.6 or later to regenerate the distribution tarball. Note that this brings in known backward incompatibility in command-line tools, such as long options are now case sensitive, while previously they were treated in a case insensitive manner: for example --RSA is no longer a valid option of certtool. The existing scripts using GnuTLS tools may need adjustment for this change. * libgnutls: The tpm2-tss-engine compatible private blobs can be loaded and used as a gnutls_privkey_t (#594). The code was originally written for the OpenConnect VPN project by David Woodhouse. To generate such blobs, use the tpm2tss-genkey tool from tpm2-tss-engine: https://github.com/tpm2-software/tpm2-tss-engine/#rsa-operations or the tpm2_encodeobject tool from unreleased tpm2-tools. * libgnutls: The library now transparently enables Linux KTLS (kernel TLS) when the feature is compiled in with --enable-ktls configuration option (#1113). If the KTLS initialization fails it automatically falls back to the user space implementation. * certtool: The certtool command can now read the Certificate Transparency (RFC 6962) SCT extension (#232). New API functions are also provided to access and manipulate the extension values. * certtool: The certtool command can now generate, manipulate, and evaluate x25519 and x448 public keys, private keys, and certificates. * libgnutls: Disabling a hashing algorithm through "insecure-hash" configuration directive now also disables TLS ciphersuites that use it as a PRF algorithm. * libgnutls: PKCS#12 files are now created with modern algorithms by default (!1499). Previously certtool used PKCS12-3DES-SHA1 for key derivation and HMAC-SHA1 as an integity measure in PKCS#12. Now it uses AES-128-CBC with PBKDF2 and SHA-256 for both key derivation and MAC algorithms, and the default PBKDF2 iteration count has been increased to 600000. * libgnutls: PKCS#12 keys derived using GOST algorithm now uses HMAC_GOSTR3411_2012_512 instead of HMAC_GOSTR3411_2012_256 for integrity, to conform with the latest TC-26 requirements (#1225). * libgnutls: The library now provides a means to report the status of approved cryptographic operations (!1465). To adhere to the FIPS140-3 IG 2.4.C., this complements the existing mechanism to prohibit the use of unapproved algorithms by making the library unusable state. * gnutls-cli: The gnutls-cli command now provides a --list-config option to print the library configuration (!1508). * libgnutls: Fixed possible race condition in gnutls_x509_trust_list_verify_crt2 when a single trust list object is shared among multiple threads (#1277). [GNUTLS-SA-2022-01-17, CVSS: low] * API and ABI modifications: GNUTLS_PRIVKEY_FLAG_RSA_PSS_FIXED_SALT_LENGTH: new flag in gnutls_privkey_flags_t GNUTLS_VERIFY_RSA_PSS_FIXED_SALT_LENGTH: new flag in gnutls_certificate_verify_flags gnutls_ecc_curve_set_enabled: Added. gnutls_sign_set_secure: Added. gnutls_sign_set_secure_for_certs: Added. gnutls_digest_set_secure: Added. gnutls_protocol_set_enabled: Added. gnutls_fips140_context_init: New function gnutls_fips140_context_deinit: New function gnutls_fips140_push_context: New function gnutls_fips140_pop_context: New function gnutls_fips140_get_operation_state: New function gnutls_fips140_operation_state_t: New enum gnutls_transport_is_ktls_enabled: New function gnutls_get_library_configuration: New function * Remove patches fixed in the update: - gnutls-FIPS-module-version.patch - gnutls-FIPS-service-indicator.patch - gnutls-FIPS-service-indicator-public-key.patch - gnutls-FIPS-service-indicator-symmetric-key.patch - gnutls-FIPS-RSA-PSS-flags.patch - gnutls-FIPS-RSA-mod-sizes.patch - FIPS: Fix regression tests in fips and non-fips mode [bsc#1194468] * Remove patches: - gnutls-temporarily_disable_broken_guile_reauth_test.patch - disable-psk-file-test.patch - FIPS: Provide module identifier and version [bsc#1190796] * Add configurable options to output the module name/identifier (--with-fips140-module-name) and the module version (--with-fips140-module-version). * Add the CLI option list-config that reports the configuration of the library. * Add gnutls-FIPS-module-version.patch - FIPS: Provide a service-level indicator [bsc#1190698] * Add support for a "service indicator" as required in the FIPS140-3 Implementation Guidance in section 2.4.C * Add patches: - gnutls-FIPS-service-indicator.patch - gnutls-FIPS-service-indicator-public-key.patch - gnutls-FIPS-service-indicator-symmetric-key.patch - gnutls-FIPS-RSA-PSS-flags.patch - FIPS: RSA KeyGen/SigGen fail with 4096 bit key sizes [bsc#1192008] * fips: allow more RSA modulus sizes * Add gnutls-FIPS-RSA-mod-sizes.patch * Delete gnutls-3.6.7-fips-rsa-4096.patch ==== gvfs ==== Subpackages: gvfs-backends - Modernize and fix our Supplements. - Package org.gtk.vfs.file-operations.rules polkit rules file as an example in docs, previously it was just nuked. ==== kbd ==== Subpackages: kbd-legacy - Add patch to fix random doubling of font sizes (bsc#1194698): * 0001-libkfont-Initialize-kfont_context-options.patch ==== keylime ==== Subpackages: keylime-agent keylime-config keylime-firewalld keylime-registrar keylime-tpm_cert_store keylime-verifier python38-keylime - Add 0001-config-support-merge-multiple-config-files.patch This will allow the merge of config files in /usr/etc and /etc. - Move the configuration file to /usr/etc in new distributions - Add 0001-ca-support-back-old-cyptography-API.patch This is only required for SLE, but the API is compatible with new versions ==== libblockdev ==== Subpackages: libbd_crypto2 libbd_fs2 libbd_loop2 libbd_lvm2 libbd_mdraid2 libbd_part2 libbd_swap2 libbd_utils2 libblockdev2 - Remove unnecessary dependency of libbd_part2 on multipath-tools (bsc#1194771) ==== libcontainers-common ==== - Switch registries.conf to v2 format ==== libjansson ==== Version update (2.13.1 -> 2.14) - Update to 2.14: * New Features: + Add `json_object_getn`, `json_object_setn`, `json_object_deln`, and the corresponding `nocheck` functions. * Fixes: + Handle `sprintf` corner cases. * Build: + Symbol versioning for all exported symbols (gh#akheron/jansson#523). + Fix compiler warnings. * Documentation: + Small fixes. + Sphinx 3 compatibility (gh#akheron/jansson#530). - Use GitHub as source URLs: Release hasn't been uploaded to digip.org. - Cleanup with spec-cleaner. - Add check section. ==== libnettle ==== Subpackages: libhogweed6 libnettle8 - Provide s390x CPACF/SHA/AES Support for Crypto Libraries * Add libnettle-s390x-CPACF-SHA-AES-support.patch [jsc#SLE-20733] ==== libpwquality ==== Subpackages: libpwquality-tools libpwquality1 pam_pwquality - Add python-rpm-macros to BuildRequires (boo#1194757). ==== ncurses ==== Version update (6.3.20220101 -> 6.3.20220115) Subpackages: libncurses6 ncurses-utils terminfo-base - Fix boo#1194805 by skipping linker optimizations from final pkgconfig files as well as ncurses-config - Add ncurses patch 20220115 + improve checks for valid mouse events when an intermediate mouse state is not part of the mousemask specified by the caller (report by Anton Vidovic, cf: 20111022). + use newer version 1.36 of gnathtml for generating Ada html files. ==== runc ==== Version update (1.1.0~rc1 -> 1.1.0) - Update to runc v1.1.0. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0. - libcontainer will now refuse to build without the nsenter package being correctly compiled (specifically this requires CGO to be enabled). This should avoid folks accidentally creating broken runc binaries (and incorrectly importing our internal libraries into their projects). (#3331) ==== selinux-policy ==== Subpackages: selinux-policy-targeted - Allow colord to use systemd hardenings (bsc#1194631) ==== systemd ==== Version update (249.7 -> 249.9) Subpackages: libsystemd0 libudev1 systemd-sysvinit udev - Move the systemd-network-generator stuff in udev package This generator can generate .link files and is mainly used in initrd where udev is mandatory. - Restore /sbin/udevadm and /bin/systemctl (obsolete) paths when split_usr is true (bsc#1194519) - Import commit 3743acbce3bd44208af453fc6dc384a1236dc83c (merge of v249.9) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/e2ca79dd775d1f7d39861d57f23c43f6cd85a872...3743acbce3bd44208af453fc6dc384a1236dc83c - Extract bits from 0008-sysv-generator-translate-Required-Start-into-a-Wants.patch which are not specific to the handling of 'Required-Start:' and move them into a new patch 0009-sysv-add-back-support-for-all-virtual-facility-and-f.patch - Import commit e2ca79dd775d1f7d39861d57f23c43f6cd85a872 (merge of v249.8) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/458220239c69b8e5fe7be480929348daeccb70d1...e2ca79dd775d1f7d39861d57f23c43f6cd85a872 - Import commit 458220239c69b8e5fe7be480929348daeccb70d1 e95df40b09 shared/rm-rf: loop over nested directories instead of instead of recursing (CVE-2021-3997 bsc#1194178) 078e04305d shared/rm_rf: refactor rm_rf() to shorten code a bit 6d560d0aca shared/rm_rf: refactor rm_rf_children_inner() to shorten code a bit 6666ff056c localectl: don't omit keymaps files that are symlinks (bsc#1191826) - Drop the following patches as they have been merged into SUSE/v249 branch: 5000-shared-rm_rf-refactor-rm_rf_children_inner-to-shorte.patch 5001-shared-rm_rf-refactor-rm_rf-to-shorten-code-a-bit.patch 5002-shared-rm-rf-loop-over-nested-directories-instead-of.patch ==== wicked ==== Subpackages: wicked-service - fsm: fix device rename via yast (bsc#1194392) Reset worker config instead to reject a NULL/empty config xml node -- introduced in wicked 0.6.67 by commit c2a0385. [+ 0001-fsm-fix-device-rename-via-yast-bsc-1194392.patch] ==== xdg-desktop-portal ==== Version update (1.10.1 -> 1.12.1) - update to version 1.12.1: + Fix a crash in the device portal - includes changes from 1.12.0: + Place portals in the systemd session.slice + settings: Add color-scheme key + open-uri: Avoid a sync call to org.freedesktop.FileManager + screncast: Allow restoring previous sessions + Add a portal for requesting realtime permissions + ci: Many improvements + Publish the docs from a ci job + Translation updates ==== xdg-desktop-portal-gtk ==== Version update (1.10.0 -> 1.12.0) - update to 1.12.0: + settings: Provide org.freedesktop.appearance.color-scheme key + settings: Handle org.gnome.desktop.a11y.interface schema + notification: Handle actions with targets properly + Enable settings and appchooser portals by default + Translation updates