Packages changed: ca-certificates-mozilla (2.44 -> 2.46) dracut (051+suse.85.g04886430 -> 052+suse.93.g7bfaa6d9) filesystem ipset (7.10 -> 7.11) kmod libaio (0.3.112 -> 0.3.112+29.696a5e6483ba) libnettle (3.7 -> 3.7.1) pam patterns-base pcre python-py (1.9.0 -> 1.10.0) supportutils systemd tar (1.33 -> 1.34) util-linux (2.36.1 -> 2.36.2) util-linux-systemd (2.36.1 -> 2.36.2) vim xmlsec1 === Details === ==== ca-certificates-mozilla ==== Version update (2.44 -> 2.46) - Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994) - Added new root CAs: - NAVER Global Root Certification Authority - Removed old root CA: - GeoTrust Global CA - GeoTrust Primary Certification Authority - GeoTrust Primary Certification Authority - G3 - GeoTrust Universal CA - GeoTrust Universal CA 2 - thawte Primary Root CA - thawte Primary Root CA - G2 - thawte Primary Root CA - G3 - VeriSign Class 3 Public Primary Certification Authority - G4 - VeriSign Class 3 Public Primary Certification Authority - G5 ==== dracut ==== Version update (051+suse.85.g04886430 -> 052+suse.93.g7bfaa6d9) Subpackages: dracut-ima - Update to version 052+suse.93.g7bfaa6d9: * fix(dbus-daemon): make sure that dbus.socket is stopped before switch root (bsc#1181167) - Update to version 052+suse.91.gb30dce3c: * chore: update suse/dracut.spec - Update to version 052+suse.88.gc78b4ac8: * fix(i18n): get rid of `eval` calls * fix(i18n): create the keyboard symlinks again * docs: update NEWS.md and AUTHORS * chore: add `CONTRIBUTORS` target to Makefile * fix: shellcheck across multipl emodules * docs: fix dracut.cmdline.7 * fix: update dbus module directory in spec file * fix: add sdaskpw and sdsyctl to spec file * fix: cosmetic comment fixes * feat(systemd-ask-password): introducing systemd-ask-password module * Revert "nbd: use systemd-run to start nbd-client" * dmsquash-live-root: squashfs in bare device * feat(systemd-sysctl): introducing systemd-sysctl module * fix: adding missing efi paths * fix: correct the squash quirk * feat(systemd-modules-load): introducing systemd-modules-load module * fix(shutdown): add timeout to umount calls * fix: revise all module checks * fix: add missing line continuation * fix: BuildRequiring git-core is enough in dracut.spec * fix(kernel-modules): add reset controllers for arm * 35network-legacy: discard pointless RTNETLINK message * fix(plymouth): install binaries with dependencies * fix: correct the line continuation * fix(dbus-daemon): use uid/gid from sysroot is dracutsysrootdir is set * fix(network-manager): allow override network manager version * feat(dracut.sh): allow overriding the systemctl command for sysroot * fix: use find_binary * fix(dracut.sh): don't override path with foreign sysroot * fix: quote globbing in module-setup.sh for inst_multiple * fix(dracut-install): allow globbing for multiple sources * Fix bad ls parsing * fix: move ldconfig after library workaround * feat(kernel-modules): add driver memory * feat(systemd-repart): introducing systemd-repart module * feat(dbus-daemon): introducing the dbus-daemon module * feat(dbus-broker): introducing the dbus-broker module * feat(dbus): introducing a meta module for dbus * fix(network-legacy): silent check for leaseinfo * 95nfs: fix rpc.statd installation * fix: do not set cmdline for uefi images unless asked * feat(network-legacy): send dhcp in parallel on all devices * fix(mdraid): remove offroot * fix(mdraid): add grow continue service * fix(spec): add new systemd-coredump module to spec * fix(watchdog): replace return with echo * feat(systemd-coredump): introducing systemd-coredump module * prepare usrmerge (boo#1029961) * test: incr. disk size for TEST 35 ISCSI-MULTI * fix(skipcpio): edit skipcpio.c: strstr -> memmem * fix(1007): adding shared keyring mode to type unit * feat(systemd-sysusers): introducing systemd-sysuser module * feat(systemd-sysusers): introducing systemd-sysuser module * fix(1001): use efivars fs over the deprecated sysfs entries * fix(kernel-network-modules): also install modules from mdio subdirectory * fix(06dbus): do not hardcode path to dbus utils * fix(06dbus): do not hardcode path to systemd unit * fix(dracut-init.sh): make inst_libdir_file work with dracutsysrootdir set * fix(99squash): use kernel config instead of modprobe to check modules * fix(dracut-functions.sh): check kernel config from $dracutsysrootdir * fix(90kernel-modules): install generic crypto modules with hostonly unset * feat: add addional global variables * fix: add a missing efi support * chore(removal): eliminate bootchart module * feat: add addional global variables * feat(cli): add --no-uefi option * chore(github): add CODEOWNERS file * chore(cleanup): remove logrotate file * fix(35network-manager): avoid restarting NetworkManager * chore: Add configuration for vim * chore: Add editorconfig * chore: Editors * test(conventional): add Conventional Commits PR github action * docs(development): add HACKING.md ==== filesystem ==== - Add Ukrainian to the list of localized man directories. ==== ipset ==== Version update (7.10 -> 7.11) Subpackages: libipset13 - Update to release 7.11 * Argument parsing buffer overflow in ipset_parse_argv fixed ==== kmod ==== Subpackages: libkmod2 - Fix grub's requoted kernel parameters (bsc#1181111) * 0001-libkmod-config-revamp-kcmdline-parsing-into-a-state-.patch * 0002-libkmod-config-re-quote-option-from-kernel-cmdline.patch ==== libaio ==== Version update (0.3.112 -> 0.3.112+29.696a5e6483ba) - Update to version libaio0.3.112+29.696a5e6483ba: * Fix test issue with gcc-11 (bsc#1181869) * harness: Skip the test if io_pgetevents() is not implemented * harness: Print better error messages on error conditions in 22.t * harness: Fix PROT_WRITE mmap check * harness: fix read into PROT_WRITE mmap test * harness: skip 22.p if async_poll isn't supported * harness: Handle -ENOTSUP from io_submit() with RWF_NOWAIT * harness: Add fallback code for filesystems not supporting O_DIRECT * harness: add support for skipping tests * harness: Make the test exit with a code matching the pass/fail state ==== libnettle ==== Version update (3.7 -> 3.7.1) Subpackages: libhogweed6 libnettle8 - GNU Nettle 3.7.1: * Fix bug in chacha counter update logic (ppc64 and ppc64el) * Restore support for big-endian ARM platforms * Fix corner case bug in ECDSA verify, it would produce incorrect result in the unlikely case of an all-zero message hash * Support for pbkdf2_hmac_sha384 and pbkdf2_hmac_sha512 * Remove poorly performing ARM Neon code for doing single-block Salsa20 and Chacha ==== pam ==== - Add missing conflicts for pam_unix-nis - Split out pam_unix module and build without NIS support ==== patterns-base ==== Subpackages: patterns-base-apparmor patterns-base-bootloader patterns-base-minimal_base - Don't pull in update_test pattern from sw_management - Move aaa_base-malloccheck from update_test to base ==== pcre ==== - package testsuite in a separate RPM (boo#1182235) ==== python-py ==== Version update (1.9.0 -> 1.10.0) - Update to 1.10.0 * Fix a regular expression DoS vulnerability in the py.path.svnwc SVN blame functionality (CVE-2020-29651) - Devendor apipkg and iniconfig - Add pr_222.patch to activate test suite ==== supportutils ==== - Additions to version 3.1.14 + [powerpc] Collect logs for power specific components (HNV) #88 (bsc#1181911) + Updated pam.txt documentation explaining GDPR + ha.txt: Fix pacemaker.log location for SLE15 #90 + supportconfig: use readlink /proc//cwd to get cwd list instead of lsof #91 + supportconfig: sssd_info consistency #93 + Includes NVMe information with OPTION_NVME=1 in nvme.txt (bsc#1176370, SLE-15932) - No longer truncates boot log (bsc#1181610) - Require the awk, which and sed commands instead of packages to allow alternate implementations on embedded/Edge systems - Additions to version 3.1.13 + Added update-alternatives to etc.txt #82 + Collects rotated logs with different compression types (bsc#1180478) + Added GPL-2.0-only license tag to spec file - Additions to version 3.1.12 + btrfs_info: add -pce argument to qgroup show #80 + docker: add /etc/docker/daemon.json contents #81 - Additions to version 3.1.12 + Capture IBM Power bootlist (SLE-15557) + Fix spelling typos in man pages #78 + Collect multipath wwids file #77 + Removed unnecessary appname parameter from HTTP upload URL + added aa-status #74 - Additions to version 3.1.12 + [powerpc] Collect logs for power specific components #72 (bscn#1176895) + supportconfig: fs-btrfs: Add "btrfs device stats" output #73 - Additions to version 3.1.11 + Changes affecting supportconfig - disk_info: Show discard information in lsblk #70 - memory_info: Show VMware memory balloon infomation #71 - Addition to version 3.1.10 + Changes affecting analyzevmcore - Fixed typo in error message #67 + Changes affecting supportconfig - Fixed btrfs errors (bsc#1168894) - Large ntp.txt with binary data (bsc#1169122) - Check btrfs balance status #69 - Addition to version 3.1.9 + Changes affecting getappcore - Added core file validation (bsc#1166126) - Added -j to extract core from systemd journal - Capture coredumptctl info in getappcore.log + Changed filename prefixes from nts_ to scc_ (SLE-8702, SLE-6762) - The new prefix references SUSE Customer Center - Addition to version 3.1.8 + Changes affecting getappcore - Added -u for HTTPS and -f for FTPES uploads to SUSE FTP servers - Replaced Novell with SUSE FTP servers (bsc#1165475) - Uses /etc/getappcore.conf if present + Changes affecting supportconfig - Added missed Power collection per bsc#1162539 - Added zypper patterns output to updates.txt #66 - Addition to version 3.1.7 + exclude /proc/pagetypeinfo as it can be an expensive operation on some systems (bsc#1162357) + Readded LPM/DLPAR data for Power (bsc#1162539) - Addition to version 3.1.6 + Strip trailing commas from process names #64 (bsc#1156837) + Dynamically select compression method (bsc#1145233) + Updated detailed unit information fix in systemd.txt (bsc#1023308) + Fixed supportconig.conf man page with order placement + Include IPv6 routes (bsc#1089877) - Updated to version 3.1.5 + Removed root .snapshots directory from full file list (bsc#1154482) - Updated to version 3.1.4 + Removed LPM/DLPAR data for POWER (bsc#1111029) + prevent running 'systool -vb memory' by default on systems with 16TB or more #57 (bsc#1127734) + Tumbleweed support #50 + Added zypper orphaned packages check to updates.txt + Cpuset listing #52 + Docker disunite #53 + Added sed and gawk to spec requirements (bsc#1137336) + Added nstat to network + Add collection of livepatch information #63 + Check for missing ldap.conf file - Updated to version 3.1.3 + Uses SUSE FTP servers (bsc#1132865) + btrfs quota #43 + supportconfig: open-files: add file flags #44 + Merged etc_info: Add support for .cfg files in /etc dir #46 + Silence warning in rpm backup db collection path #47 + Set files in tarball to 660 instead of 600 #48 + SUSE separation finalized (bsc#1125623) + Default compression through xz, but -z forces bzip2 + Updated man pages (bsc#1088234) + Changed VAR_OPTION_BIN_TIMEOUT_SEC from 300 to 120 + Avoids some IO delays (bsc#1100529) + Corrected supported services help info for -U + Collects iSCSI Target information (bsc#1133844) + FTPES uses --ssl-reqd instead of depricated --ftp-ssl + Defaults to https FTP server uploads (bsc#1134599) - Updated to version 3.1.2 + Fixed missing sapconf and log (bsc#1081326) + Added timed_log_cmd to hwinfo and showmount commands (bsc#1120967) - Updated to version 3.1.1 + Fixed X missing /prob/fb error (bsc#1127069) + Fixed dasdview -f (bsc#1109664) + Clarified -t help description (bsc#1121043) + Fixed grep error in NTP when /etc/cron.d is empty (bsc#1127063) + Collects systemd journal with minimum install (bsc#1094225) + Supportconfig fails on bzip archives (bsc#1120049) + Get few drbd output & configuration #42 - Corrected missed SUSE separation lines - Fixed invalid exit code commands (bsc#1125666) - CVE-2018-19640: supportutils: Users can kill arbitrary processes (CVE-2018-19640 bsc#1118463) - User can overwrite arbitrary log files in support tar (CVE-2018-19638 bsc#1118460) - Code execution if run with -v (CVE-2018-19639 bsc#1118462) - Static temporary filename allows overwriting of files (CVE-2018-19637 bsc#1117776) - Included additional SUSE separation (bsc#1125609) - Merged added listing of locked packes by zypper #41 - Corrected spec file errors - Added firewall-cmd info - btrfs filesystem usage - Add ls -lA --time-style=long-iso /etc/products.d/ - Dump lsof errors - Added corosync status to ha_info - Clarified -x functionality in supportconfig(8) (bsc#1115245) - Dump find errors in ib_info - Exclude pam.txt per GDPR by default (bsc#1112461) - udev service and journal content (bsc#1051797) - supportconfig collects tuned profile settings (bsc#1071545) - sfdisk -d no disk device specified (bsc#1043311) - Added vulnerabilites check in basic-health.txt (bsc#1105849) - Added backup rpm database directory - Updated URLs in documentation - Added only sched_domain from cpu0 - Blacklist sched_domain from proc.txt (bsc#1046681) - Use %license instead of %doc [bsc#1082318] - Accounts for firewalld now (bsc#1079137) - Added dmesg taint seach - Removed mii-tool from networking - Updated HA to use chrony - Added kdumptool calibrate to crash.txt - Removed SLES_VER case for sles8,9 and 10 - Added tuned feature OPTION_TUNED tuned.txt (bsc#1071545) - Fixed udev service - Fixed no disk device with sfdisk (bsc#1078638) - Removed OPTION_SAM from man pages and resource file - Validated missing commands - Updated apparmor with systemctl service - Replaced deprecated networking commands (bsc#1078318) - Removed sam_info since suse_sam is no longer available - Assigned SLE15 to SLES_VER selections (bsc#1078168) - Includes X without display issue (bsc#1077813) - Fixes for Infiniband (bsc#1071294) - Using chrony for NTP (bsc#1077818) - Added os-release processing (bsc#1077758) - Removed invalid string tty string (bsc#1077681) - Added SLE15 taint values (bsc#1077683) - Added transactional update with OPTION_TRANSACTIONAL=1 - Updated supportconfig.conf.5 with OPTION_TRANSACTIONAL - Fixed docker package detection (bsc#1069457) - Replaced route with ip route (bsc#1070379) - Added systemd-delta to systemd.txt (bsc#1071924) - Changed repos -u to repos -d (bsc#1071926) - Added rdma-core for infiniband (bsc#1071294) ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-logger systemd-sysvinit udev - Add 0001-conf-parser-introduce-early-drop-ins.patch Introduce early configuration drop-in file. This type of drop-ins are reserved for vendor own purposes only and should never been used by users. It might be removed in the future without any notice. - Drop use of %systemd_postun in %postun This macro is supposed to operate on units but it was used without passing any parameters. This call was probably used for issuing a daemon-reload but the following calls to %systemd_postun_with_restart imply that already. So let's simply drop it. ==== tar ==== Version update (1.33 -> 1.34) - GNU tar 1.34: * Fix extraction over pipe * Fix memory leak in read_header * Fix extraction when . and .. are unreadable * Gracefully handle duplicate symlinks when extracting * Re-initialize supplementary groups when switching to user privileges ==== util-linux ==== Version update (2.36.1 -> 2.36.2) Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1 - Update to version 2.36.2: * agetty: tty eol defaults to REPRINT * fsck.cramfs: fix fsck.cramfs crashes on blocksizes > 4K * lib/caputils: add fall back for last cap using prctl. * lib/signames: change license to public domain * libfdisk: * (dos) fix last possible sector calculation * (script) ignore empty values for start and size * ignore 33553920 byte optimal I/O size * libmount: * add vboxsf, virtiofs to pseudo filesystems * do not canonicalize ZFS source dataset * don't use "symfollow" for helpers on user mounts (boo#1181750, obsoletes util-linux-libmount-dont-use-symfollow.patch) * fix /{etc,proc}/filesystems use * login: use full tty path for PAM_TTY * lsblk: read SCSI_IDENT_SERIAL also from udev * rfkill: stop execution when rfkill device cannot be opened * setpriv: allow using [-+]all for capabilities. * su: use full tty path for PAM_TTY * switch_root: check if mount point to move even exists * umount: * ignore --no-canonicalize,-c for non-root users * Show the 'r' option in the help menu * Code cleanups and documentation improvements. * Translation updates. ==== util-linux-systemd ==== Version update (2.36.1 -> 2.36.2) - Update to version 2.36.2: * agetty: tty eol defaults to REPRINT * fsck.cramfs: fix fsck.cramfs crashes on blocksizes > 4K * lib/caputils: add fall back for last cap using prctl. * lib/signames: change license to public domain * libfdisk: * (dos) fix last possible sector calculation * (script) ignore empty values for start and size * ignore 33553920 byte optimal I/O size * libmount: * add vboxsf, virtiofs to pseudo filesystems * do not canonicalize ZFS source dataset * don't use "symfollow" for helpers on user mounts (boo#1181750, obsoletes util-linux-libmount-dont-use-symfollow.patch) * fix /{etc,proc}/filesystems use * login: use full tty path for PAM_TTY * lsblk: read SCSI_IDENT_SERIAL also from udev * rfkill: stop execution when rfkill device cannot be opened * setpriv: allow using [-+]all for capabilities. * su: use full tty path for PAM_TTY * switch_root: check if mount point to move even exists * umount: * ignore --no-canonicalize,-c for non-root users * Show the 'r' option in the help menu * Code cleanups and documentation improvements. * Translation updates. ==== vim ==== Subpackages: vim-data-common vim-small - source correct suse.vimrc file (boo#1182324) ==== xmlsec1 ==== Subpackages: libxmlsec1-1 libxmlsec1-openssl1 - Relax the crypto policies for the test-suite. This allows the tests using certificates with small key lengths to pass.