Packages changed: autofs (5.1.5 -> 5.1.6) ceph (15.0.0.7456+ge089cead79 -> 15.1.0.1521+gcdf35413a0) curl (7.68.0 -> 7.69.0) dracut (049.1+git124.70941b30 -> 049.1+git125.e2b2c9ef) fuse-overlayfs (0.7.6 -> 0.7.7) hwdata (0.332 -> 0.333) kail (0.14.2 -> 0.15.0) libxcrypt (4.4.12 -> 4.4.15) open-iscsi permissions (1550_20200213 -> 1550_20200228) supportutils (3.1.1 -> 3.1.8) systemd vim (8.2.0314 -> 8.2.0348) wicked (0.6.62 -> 0.6.63) === Details === ==== autofs ==== Version update (5.1.5 -> 5.1.6) - Upgrade to 5.1.6 - support strictexpire mount option. - fix hesiod string check in master_parse(). - add NULL check for get_addr_string() return. - use malloc(3) in spawn.c. - add mount_verbose configuration option. - optionally log mount requestor process info. - log mount call arguments if mount_verbose is set. - Fix NFS mount from IPv6 addresses. - make expire remaining log level debug. - allow period following macro in selector value. - fix macro expansion in selector values. - fix typing errors. - Explain /etc/auto.master.d usage. - plus map includes are only allowed in file sources. - Update README. - fix additional typing errors. - update autofs(8) offset map entry update description. - increase group buffer size geometrically. - also use strictexpire for offsets. - remove unused function has_fstab_option(). - remove unused function reverse_mnt_list(). - remove a couple of old debug messages. - fix amd entry memory leak. - fix unlink_mount_tree() not umounting mounts. - use ignore option for offset mounts as well. - add config option for "ignore" mount option - use bit flags for autofs mount types in mnt_list. - use mp instead of path in mnt_list entries. - always use PROC_MOUNTS to make mount lists. - add glibc getmntent_r(). - use local getmntent_r in table_is_mounted(). - refactor unlink_active_mounts() in direct.c. - don't use tree_is_mounted() for mounted checks. - use single unlink_umount_tree() for both direct and indirect mounts. - move unlink_mount_tree() to lib/mounts.c. - use local_getmntent_r() for unlink_mount_tree(). - use local getmntent_r() in get_mnt_list(). - use local getmntent_r() in tree_make_mnt_list(). - fix missing initialization of autofs_point flags. - NetworkManager-autofs: reload rather than restart autofs.service * If complex network setups are being brought up, autofs.service may be restarted too quickly, causing systemd to consider the service failed. "reload" avoids that, and works just fine. - Fix autofs restart when Networkmanager connection is brought up * NetworkManager-autofs: /bin/systemctl has been removed in systemd-244 ==== ceph ==== Version update (15.0.0.7456+ge089cead79 -> 15.1.0.1521+gcdf35413a0) Subpackages: ceph-common libcephfs2 librados2 libradosstriper1 librbd1 librgw2 python3-ceph-argparse python3-ceph-common python3-cephfs python3-rados python3-rbd python3-rgw - Update to 15.1.0-1521-gcdf35413a0: + rebase on tip of upstream master, SHA1 28c08615e5c27e5a0986e3191ca4427cdc32f538 - significant changes since the last Factory SR: + ceph-rpmlintrc: silence RPMLINT warnings and document ones that are in the process of being fixed ("WIP") + fix s390x build failure + fix GCC 10 build failure (boo#1161086) + spec: * drop Python 2 support * make Python 3 build work on CentOS 8 * globally change %_python_buildid macro to %_python3_pkgversion * Use pkgconfig() style BuildRequires for udev/libudev-devel * add cmake_verbose_logging bcond * rename ceph-daemon subpackage to cephadm * add scriptlets to cephadm subpackage * rename ceph-mgr-ssh subpackage to ceph-mgr-cephadm * stop calling MGR modules "plugins" * move "always-on" MGR modules into their own subpackage, ceph-mgr-modules-core * make ceph-mgr-cephadm explicitly require openssh on SUSE - Update to 15.1.0-1207-g89308cc4c6: + rebase on tip of upstream master, SHA1 0ffbe4a5ef73036309a3c6488be4dbb1b667a4c7 + drop temporary fix "cephadm: Don't call prepare-host from bootstrap" - Update to 15.1.0-951-g36f83482b6c: + cephadm: Don't call prepare-host from bootstrap (temporary fix to keep cephadm running on SUSE after upstream merged 932ac9342483141f10dbf99d1806d81a4d70a26a) - Update to 15.1.0-950-g0ba22d2e46: + rebase on tip of upstream master, SHA1 e79e42467970c1be210d674e90dab21ce73e2872 * mgr/orch: resurrect ServiceDescription, 'orch ls' - Update to 15.1.0-818-g5f8ed0e957: + rebase on tip of upstream master, SHA1 eb72aebb92f1bfce00aedaebf140789871eb943f * includes "mgr/orch: new cli, phase 2" patches (PR#33244) needed by latest ceph-bootstrap - Update to 15.1.0-636-g2280954009: + rebase on tip of upstream master, SHA1 e36d47a8c3f4181d68a4cd680bdde72064dee910 - Update to 15.1.0-168-gfda88e35c8: + rebase on tip of upstream master, SHA1 80487f4a604da94778e65f666e1177a3ed84543e + spec: Use pkgconfig() style BuildRequires for udev/libudev-devel - Update to 15.0.0-10092-gb5fd1b8250: + rebase on tip of upstream master, SHA1 3913835a8f0b9b34ceffd4dc02e1e8203227be02 - Update to 15.0.0-9544-gefdea72067: + cmake: Improve test for 16-byte atomic support on IBM Z (bsc#1161688) - Update to 15.0.0-9543-g1c7fc80ba1: + rebase on tip of upstream master, SHA1 089e97c27013612672099281fad76746f19290e3 - Update to 15.0.0-9494-g22cdfe7b96: + rebase on tip of upstream master, SHA1 26c66630bd98dfce113f66ab4e081e5a7b0216c0 - Update to 15.0.0-9092-gd050bc3f0a: + rebase on tip of upstream master, SHA1 dfd90da59c0b2eda9ca61fed1d508ddc2ab32a2b - Update to 15.0.0-8683-gb78b3635a5: + rebase on tip of upstream master, SHA1 3e1e6a6694bb133c57e2b05a6316dcebae390815 + drop libxio Provides/Obsoletes (they are no longer necessary because libxio is long gone) + drop runtime dependency on gptfdisk (it was needed for ceph-disk, which has since been removed) + spec: drop "_python_buildid" macro (it was needed to support py2 builds, which upstream is finally moving away from) - Update to 15.0.0-8588-g58b5b29433: + spec, debian: cephadm requires lvm2 (bsc#1159466) - ceph-rpmlintrc: fix syntax error introduced by change mentioned in previous changelog entry - Update to 15.0.0-8587-gf0521c1db5: + rebase on tip of upstream master, SHA1 068aafb2ea3c71b5adda79467847ee03b77bb35e * cephadm: do ceph-volume activate+deactivate as part of systemd unit - Update to 15.0.0-8442-g094a533242: + spec: * fix cephadm user/group creation * cephadm subpackage: start summary with a capital letter + ceph-rpmlintrc: silence some RPMLINT warnings - Update to 15.0.0-8370-gec9b27b5e0 + ceph-daemon is renamed to cephadm + mgr/ssh is renamed to mgr/cephadm - increase disk space needs in _constraints for some architectures - Update to 15.0.0-7866-g639502405f: + rebase on tip of upstream master, SHA1 95dd54889a9c113f77dd6c2c7e77166335a59794 - Update to 15.0.0-7686-g54042e1a06: + rebase on tip of upstream master, SHA1 2c06beb5ec38c8b9f7bd84152da3f5708de8d0c0 * Revert "Merge pull request #16715 from adamemerson/wip-I-Object!" (bsc#1157443) * spec: add explicit openssh dependency to ceph-mgr-ssh (bsc#1157527) ==== curl ==== Version update (7.68.0 -> 7.69.0) Subpackages: libcurl4 - Update to 7.69.0 * Changes: - polarssl: removed - smtp: add CURLOPT_MAIL_RCPT_ALLLOWFAILS and --mail-rcpt-allowfails - wolfSSH: new SSH backend * Bugfixes: - altsvc: improved header parser - altsvc: keep a copy of the file name to survive handle reset - altsvc: make saving the cache an atomic operation - altsvc: use h3-27 - azure: disable brotli on the macos debug-builds - build: remove all HAVE_OPENSSL_ENGINE_H defines - cleanup: fix several comment typos - cleanup: fix typos and wording in docs and comments - cmake: add support for CMAKE_LTO option - cmake: clean up and improve build procedures - cmake: Show HTTPS-proxy in the features output - cmake: use check_symbol_exists also for inet_pton - configure.ac: fix comments about --with-quiche - configure: disable metalink if mbedTLS is specified - configure: disable metalink support for incompatible SSL/TLS - conn: do not reuse connection if SOCKS proxy credentials differ - conncache: removed unused Curl_conncache_bundle_size() - connect: remove some spurious infof() calls - connection reuse: respect the max_concurrent_streams limits - cookie: check __Secure- and __Host- case sensitively - cookies: make saving atomic with a rename - create-dirs.d: mention the mode - curl: avoid using strlen for testing if a string is empty - curl: error on --alt-svc use w/o support - curl: let -D merge headers in one file again - curl: make #0 not output the full URL - curl: make the -# spaceship bar not wrap the line - curl: remove 'config' field from OutStruct - curl:progressbarinit: ignore column width from terminals < 20 - curl_escape.3: add a link to curl_free - curl_getenv.3: fix the memory handling description - curl_global_init: assume the EINTR bit by default - curl_global_init: move the IPv6 works status bool to multi handle - CURLINFO_COOKIELIST.3: Fix example - CURLOPT_ALTSVC_CTRL.3: fix the DEFAULT wording - CURLOPT_PROXY_SSL_OPTIONS.3: Sync with CURLOPT_SSL_OPTIONS.3 - CURLOPT_REDIR_PROTOCOLS.3: update the DEFAULT section - data.d: remove "Multiple files can also be specified" - digest: do not quote algorithm in HTTP authorisation - docs/HTTP3: add --enable-alt-svc to curl's configure - docs/HTTP3: update the OpenSSL branch to use for ngtcp2 - docs: fix typo on CURLINFO_RETRY_AFTER - easy: remove dead code - form.d: fix two minor typos - ftp: convert 'sock_accepted' to a plain boolean - ftp: remove superfluous checking for crlf in user or pwd - ftp: shrink temp buffers used for PORT - github: Instructions to post "uname -a" on Unix systems in issues - GnuTLS: always send client cert - gtls: fixed compilation when using GnuTLS < 3.5.0 - hostip: move code to resolve IP address literals to 'Curl_resolv' - HTTP-COOKIES: describe the cookie file format - HTTP-COOKIES: mention that a trailing newline is required - http2: make pausing/unpausing set/clear local stream window - http2: now requires nghttp2 >= 1.12.0 - http: added 417 response treatment - http: increase EXPECT_100_THRESHOLD to 1Mb - http: mark POSTs with no body as "upload done" from the start - http: move "oauth_bearer" from connectdata to Curl_easy - include: remove non-curl prefixed defines - KNOWN_BUGS: Multiple methods in a single WWW-Authenticate: header - libssh2: add support for forcing a hostkey type - libssh2: fix variable type - libssh: improve known hosts handling - llist: removed unused Curl_llist_move() - location.d: the method change is from POST to GET only - md4: fixed compilation issues when using GNU TLS gcrypt - md4: use init/update/final functions in Secure Transport - md5: added implementation for mbedTLS - mk-ca-bundle: add support for CKA_NSS_SERVER_DISTRUST_AFTER - multi: change curl_multi_wait/poll to error on negative timeout - multi: fix outdated comment - multi: if Curl_readwrite sets 'comeback' use expire, not loop - multi_done: if multiplexed, make conn->data point to another transfer - multi_wait: stop loop when sread() returns zero - ngtcp2: add error code for QUIC connection errors - ngtcp2: fixed to only use AF_INET6 when ENABLE_IPV6 - ngtcp2: update to git master and its draft-25 support - ntlm: removed the dependency on the TLS libaries when using MD5 - ntlm_wb: use Curl_socketpair() for greater portability - oauth2-bearer.d: works for HTTP too - openssl: make CURLINFO_CERTINFO not truncate x509v3 fields - openssl: remove redundant assignment - os400: fixed the build - pause: force-drain the transfer on unpause - quiche: update to draft-25 - README: mention that the docs is in docs/ - runtests: make random seed fixed for a month - runtests: restore the command log - schannel_verify: Fix alt names manual verify for UNICODE builds - sha256: use crypto implementations when available - singleuse.pl: support new API functions, fix curl_dbg_ handling - smtp: support the SMTPUTF8 extension - smtp: support UTF-8 based host names in MAIL FROM - SOCKS: make the connect phase non-blocking - strcase: turn Curl_raw_tolower into static - strerror: increase STRERROR_LEN 128 -> 256 - test1323: added missing 'unit test' feature requirement - tests: add a unit test for MD4 digest generation - tests: add a unit test for SHA256 digest generation - tests: add a unit test for the HMAC hash generation - tests: deduce the tool name from the test case for unit tests - tests: fix Python 3 compatibility of smbserver.py - tool_dirhie: allow directory traversal during creation - tool_homedir: change GetEnv() to use libcurl's curl_getenv() - url: include the failure reason when curl_win32_idn_to_ascii() fails - urlapi: guess scheme properly with credentials given - urldata: do string enums without #ifdefs for build scripts - vtls: refactor Curl_multissl_version to make the code clearer - Refresh patches: * curl-secure-getenv.patch * libcurl-ocloexec.patch ==== dracut ==== Version update (049.1+git124.70941b30 -> 049.1+git125.e2b2c9ef) Subpackages: dracut-ima - Update to version 049.1+git125.e2b2c9ef: * 01fips: handle SHA1 on machines without AVX (bsc#1160318) * Update: 90kernel-modules: Add PCI host controller modules (boo#1162669) ==== fuse-overlayfs ==== Version update (0.7.6 -> 0.7.7) - Update to v0.7.7 - make sure the destination is deleted before doing a rename(2). It prevents a left over directory to cause delete to fail with EEXIST. - honor --debug. ==== hwdata ==== Version update (0.332 -> 0.333) - Update to version 0.323: * Updated pci, usb and vendor ids. ==== kail ==== Version update (0.14.2 -> 0.15.0) - Update to version 0.15.0 - Use kcache 0.4 - Refresh vendor.tar.xz ==== libxcrypt ==== Version update (4.4.12 -> 4.4.15) - Update to version 4.4.15 * The compatibility symbols crypt_gensalt_r, xcrypt, xcrypt_r, xcrypt_gensalt, and xcrypt_gensalt_r are deprecated further * Speed up ka-sunmd5 by skipping most of the test phrases - Package README.md and TODO.md (bsc#1165389) ==== open-iscsi ==== Subpackages: iscsiuio libopeniscsiusr0_2_0 - Merged in latest upstream (2.1.1), which is mainly a bug-fix release over 2.1.0, including changing the test suite from shell-based to python3-based, replacing open-iscsi.2.1.0-suse.tar.bz2 with open-iscsi-2.1.1-suse.tar.bz2 and resetting open-iscsi-SUSE-latest-diff.bz2 ==== permissions ==== Version update (1550_20200213 -> 1550_20200228) Subpackages: chkstat permissions-config - Update to version 20200228: * chkstat: fix readline() on platforms with unsigned char - Update to version 20200227: * remove capability whitelisting for radosgw * whitelist ceph log directory (bsc#1150366) * adjust testsuite to post CVE-2020-8013 link handling * testsuite: add option to not mount /proc * do not follow symlinks that are the final path element: CVE-2020-8013 * add a test for symlinked directories * fix relative symlink handling * include cpp compat headers, not C headers * Move permissions and permissions.* except .local to /usr/share/permissions * regtest: fix the static PATH list which was missing /usr/bin * regtest: also unshare the PID namespace to support /proc mounting * regtest: bindMount(): explicitly reject read-only recursive mounts * Makefile: force remove upon clean target to prevent bogus errors * regtest: by default automatically (re)build chkstat before testing * regtest: add test for symlink targets * regtest: make capability setting tests optional * regtest: fix capability assertion helper logic * regtests: add another test case that catches set*id or caps in world-writable sub-trees * regtest: add another test that catches when privilege bits are set for special files * regtest: add test case for user owned symlinks * regtest: employ subuid and subgid feature in user namespace * regtest: add another test case that covers unknown user/group config * regtest: add another test that checks rejection of insecure mixed-owner paths * regtest: add test that checks for rejection of world-writable paths * regtest: add test for detection of unexpected parent directory ownership * regtest: add further helper functions, allow access to main instance * regtest: introduce some basic coloring support to improve readability * regtest: sort imports, another piece of rationale * regtest: add capability test case * regtest: improve error flagging of test cases and introduce warnings * regtest: support caps * regtest: add a couple of command line parameter test cases * regtest: add another test that checks whether the default profile works * regtests: add tests for correct application of local profiles * regtest: add further test cases that test correct profile application * regtest: simplify test implementation and readability * regtest: add helpers for permissions.d per package profiles * regtest: support read-only bind mounts, also bind-mount permissions repo * tests: introduce a regression test suite for chkstat * Makefile: allow to build test version programmatically * README.md: add basic readme file that explains the repository's purpose * chkstat: change and harmonize coding style * chkstat: switch to C++ compilation unit - add suse_version to end of permissions package version ==== supportutils ==== Version update (3.1.1 -> 3.1.8) - Addition to version 3.1.8 + Changes affecting getappcore - Added -u for HTTPS and -f for FTPES uploads to SUSE FTP servers - Replaced Novell with SUSE FTP servers (bsc#1165475) - Uses /etc/getappcore.conf if present + Changes affecting supportconfig - Added missed Power collection per bsc#1162539 - Added zypper patterns output to updates.txt #66 - Addition to version 3.1.7 + exclude /proc/pagetypeinfo as it can be an expensive operation on some systems (bsc#1162357) + Readded LPM/DLPAR data for Power (bsc#1162539) - Addition to version 3.1.6 + Strip trailing commas from process names #64 (bsc#1156837) + Dynamically select compression method (bsc#1145233) + Updated detailed unit information fix in systemd.txt (bsc#1023308) + Fixed supportconig.conf man page with order placement + Include IPv6 routes (bsc#1089877) - Updated to version 3.1.5 + Removed root .snapshots directory from full file list (bsc#1154482) - Updated to version 3.1.4 + Removed LPM/DLPAR data for POWER (bsc#1111029) + prevent running 'systool -vb memory' by default on systems with 16TB or more #57 (bsc#1127734) + Tumbleweed support #50 + Added zypper orphaned packages check to updates.txt + Cpuset listing #52 + Docker disunite #53 + Added sed and gawk to spec requirements (bsc#1137336) + Added nstat to network + Add collection of livepatch information #63 + Check for missing ldap.conf file - Updated to version 3.1.3 + Uses SUSE FTP servers (bsc#1132865) + btrfs quota #43 + supportconfig: open-files: add file flags #44 + Merged etc_info: Add support for .cfg files in /etc dir #46 + Silence warning in rpm backup db collection path #47 + Set files in tarball to 660 instead of 600 #48 + SUSE separation finalized (bsc#1125623) + Default compression through xz, but -z forces bzip2 + Updated man pages (bsc#1088234) + Changed VAR_OPTION_BIN_TIMEOUT_SEC from 300 to 120 + Avoids some IO delays (bsc#1100529) + Corrected supported services help info for -U + Collects iSCSI Target information (bsc#1133844) + FTPES uses --ssl-reqd instead of depricated --ftp-ssl + Defaults to https FTP server uploads (bsc#1134599) - Updated to version 3.1.2 + Fixed missing sapconf and log (bsc#1081326) + Added timed_log_cmd to hwinfo and showmount commands (bsc#1120967) ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-logger systemd-sysvinit udev - move html documentation to sparate package to save space - move networkd and resolved binaries into correct subpackage ==== vim ==== Version update (8.2.0314 -> 8.2.0348) Subpackages: vim-data-common - Updated to version 8.2.0348, fixes the following problems * Short name not set for terminal buffer. * Build failure on HP-UX system. * ex_getln.c code has insufficient test coverage. * MSVC: _CRT_SECURE_NO_DEPRECATE not defined on DEBUG build. * Vim9: types not sufficiently tested. * File missing in distribution, comments outdated. * No Haiku support. * Vim9: ":execute" does not work yet. * Vim9: error checks not tested. * Vim9: calling a function that is defined later is slow. * Text property not updated correctly when inserting/deleting. * Ex_getln.c code not covered by tests. * Compiler warning for using uninitialized variable. (Yegappan Lakshmanan) * Crash when opening and closing two popup terminal windows. * No redraw when leaving terminal-normal mode in a terminal popup window. * Popup filter converts 0x80 bytes. * Build error with popup window but without terminal. * Internal error when using test_void() and test_unknown(). (Dominique Pelle) * Some code in ex_getln.c not covered by tests. * Terminal in popup test is flaky. * Abort called when using test_void(). (Dominique Pelle) * No completion for :disassemble. * Vim9: insufficient test coverage for compiling. * Build fails on a few systems. * Build failure without the channel feature. * Vim9: function return type may depend on arguments. * Vim9: function and partial types not tested. * Using ":for" in Vim9 script gives an error. * Some code in ex_getln.c not covered by tests. * Vim9: using wrong instruction, limited test coverage. * ":def" not skipped properly. * Compiler warning when building without the float feature. * Vim9: finding common list type not tested. ==== wicked ==== Version update (0.6.62 -> 0.6.63) Subpackages: wicked-service - version 0.6.63 - spec: fix old libwicked package provides/obsoletes (bsc#1165180) - ipv6: support to apply stable secret ifsysctl (jsc#SLE-6960)