Removed rpms ============ - SUSEConnect - edict - libf2fs1 - rollback-helper - wqy-zenhei-fonts - zypper-migration-plugin - zypper-search-packages-plugin Added rpms ========== - libf2fs8 Package Source Changes ====================== autofs +- Update pidfile path to /run from /var/run (bsc#1185155) + -- add autofs-debuginfo-fix.patch to fix building of debuginfo - package - -- Do not depend on insserv if the system use systemd; it's useless -- Update to version 5.1.0 - + fix mistake in assignment. - + add amd map format parser. - + check for non existent negative entries in lookup_ghost(). - + fix reset flex scan buffer on init. - + fix fix negative status being reset on map read. - + amd lookup update lookup ldap to handle amd keys. - - inadvertantly dropped from initial series. - + amd lookup update lookup hesiod to handle amd keys. - - inadvertantly dropped from initial series. - + fix wildcard key lookup. - + fix out of order amd timestamp lookup. - + fix ldap default schema config. - + fix ldap default master map name config. - + fix map format init in lookup_init(). - + fix incorrect max key length in defaults get_hash(). - + fix xfn sets incorrect lexer state. - + fix old style key lookup. - + fix expire when server not responding. - + fix ldap_uri config update. - + fix typo in conf_load_autofs_defaults(). - + fix hash on confg option add and delete. - + add plus to path match pattern. - + fix multi entry ldap option handling. - + cleanup options in amd_parse.c - + allow empty value for some map options. - + allow empty value in macro selectors. -- Adapt autofs-5.0.9-dbus-udisks-monitor.patch to upstream changes, - rename to autofs-5.1.0-dbus-udisks-monitor.patch - -- autofs.init: drop when systemd is enabled (bnc#863970) - -- update to version 5.0.9: - * fixes for samples/auto.master - * fix variable substitution description - * fix incorrect append options description in README.v5-release -- rebase, refresh and rename all patches on top of 5.0.9 -- switch to .xz compressed tarball instead of bzip2 -- autofs-5.0.8-upstream-patches-20140324.bz2: remove - -- Avoid bad timings and timeouts if a shutdown was done by a remote - user via su and with autofs based home directory - -- autofs-5.0.8-upstream-patches-20140324.bz2: update 5.0.8 upstream - patches up to 2014-03-24, fixing the following bugs: - * fix fix options compare - * use open(2) instead of access(2) to trigger dependent mounts - * fix fix map source with type lookup (bnc#869377) - -- autofs-5.0.8-upstream-patches-20140224.bz2: update 5.0.8 upstream - patches up to 2014-02-24, fixing the following bugs: - * fix ipv6 link local address handling - * fix fix ipv6 libtirpc getport - * get_nfs_info() should query portmapper if port is not given - * fix rpc_portmap_getport() proto not set - * fix protmap not trying proto v2 - * fix rpc_getport() when libtirpc is disabled - * fix rpc_getrpcbport() when libtirpc is disabled - * don't reset errno (former autofs-5.0.8-eaccess.patch) - * extend fix for crash due to thread unsafe use of libldap (bnc#853469) - * fix deadlock in init_ldap_connection (bnc#859969) - * fix options compare - * fix negative status being reset on map read - * check for existing offset mount before mounting - * fix max() declaration - * fix symlink fail message in mount_bind.c - * fix cache readlock not taken on lookup - * pass map_source as function paramter where possible - * check for bind onto self in mount_bind.c - * fix symlink expire - * dont clobber mapent for negative cache - * fix macro_addvar() and move init to main thread - * change walk_tree() to take ap - * add negative cache lookup to hesiod lookup - * fix external env configure - * make autofs(5) consistent with auto.master(5) - * fix map source with type lookup - * fix lookup_nss_mount() map lookup - * dont ignore null cache entries on multi mount umount - * fix inconsistent error returns in handle_packet_missing_direct() - * simple coverity fixes -- autofs-5.0.8-eaccess.patch: removed (merged upstream) -- autofs-5.0.8-dbus-udisks-monitor.patch: refresh - -- autofs-5.0.8-revert-fix-libtirpc-name-clash.patch: no longer - needed after libtirpc was updated to 0.2.4-rc2, remove - -- autofs-5.0.8-upstream-patches-20131124.bz2: update 5.0.8 upstream - patches up to 2013-11-24, fixing the following bugs: - * fix undefined authtype_requires_creds err if ldap enabled but - without sasl - * fix master map type check - * fix task manager not getting signaled - * allow --with-systemd to take a path arg - * fix WITH_LIBTIRPC function name - * fix ipv6 libtirpc getport -- autofs-5.0.8-dbus-udisks-monitor.patch: rebase on top of 5.0.8 - -- update to version 5.0.8: no code changes as all patches were - already present in autofs-5.0.7-upstream-patches-20131001.bz2 -- autofs-5.0.7-upstream-patches-20131001.bz2: removed - -- autofs-suse-build.patch: removed, no longer needed. - -- autofs-5.0.7-upstream-patches-20131001.bz2: update 5.0.7 upstream - patches up to 2013-10-01, fixing many bugs: - * fix add null check in parse_server_string() - * check for protocol option - * use ulimit max open files if greater than internal maximum - * don't override LDFLAGS in make rules - * fix a couple of compiler warnings - * add after sssd dependency to unit file - * dont start readmap unless ready - * fix crash due to thread unsafe use of libldap (bnc#820585) - * fix compile error with heimdal support enabled - * fix typo forced-shutdown should be force-shutdown - * fix hesiod check error and use correct $(LIBS) setting - * fix dead LDAP symbolic link when LDAP support is disabled - * add missing libtirpc lib to mount_nfs.so when TIRPC enabled - * use compiler determined by configure instead of hard-coded ones - * remove hard-coded STRIP variable - * use LIBS for link libraries - * unbundle NOTSTRIP from DEBUG so they dont depend on each other - * fix occasional build error when enable parallel compiling - * fix compilation of lookup_ldap.c without sasl - * fix dumpmaps multi output - * try and cleanup after dumpmaps - * teach dumpmaps to output simple key value pairs - * fix syncronize handle_mounts() shutdown - * fix fix wildcard multi map regression - * improve timeout option description - * only probe specific nfs version when requested - * fix bad mkdir permission on create - * setup program map env from macro table - * add short host name standard marco variable - * allow use of hosts map in maps - * fix get_nfs_info() probe - * fix portmap lookup - * add std vars to program map invocation - * samples/auto.smb: add logic to obtain credentials - -- autofs-5.0.7-upstream-patches-20130619.bz2: update 5.0.7 upstream - patches up to 2013-06-19, fixing some bugs: - * make dump maps check for duplicate indirect mounts - * document allowed map sources in auto.master - * add enable sloppy mount option to configure - * fix interface address null check - * don't probe rdma mounts - * fix master map mount options matching - * fix master map bogus keywork match - * fix fix map entry duplicate offset detection - * probe each nfs version in turn for singleton mounts - * fix probe each nfs version in turn for singleton mounts - * misc man page fixes - -- Explicitly specify cyrus-sasl-devel and openssl-devel - which were implicit before - -- autofs-5.0.7-upstream-patches-20130428.bz2: update 5.0.7 upstream - patches up to 2013-04-28, fixing some bugs: - * fix some automount(8) typos - * syncronize handle_mounts() shutdown - * fix submount tree not all expiring (bnc#801808) -- remove patches that are now upstream: - * autofs-5.0.7-fix-submount-tree-not-all-expiring.patch - -- autofs-5.0.7-fix-submount-tree-not-all-expiring.patch: expire - multiple levels of recursive mounts correctly (bnc#801808) - -- autofs-5.0.7-upstream-patches-20130311.bz2: update 5.0.7 upstream - patches to 20130311, fixing some bugs: - * dont fail on master map self include (bnc#799873) - * fix wildcard multi map regression - * fix file descriptor leak when reloading the daemon (bnc#772698) - * deprecate nosymlink pseudo option - * add symlink pseudo option - * document browse option in man page - -- autofs-5.0.6-invalid-ghost-dirs.patch: delete. the problem's - root cause was fixed in the kernel - -- rpm spec: enable sssd support if available - -- autofs-5.0.7-upstream-patches-20130121.bz2: update 5.0.7 upstream - patches to 20130121, fixing some bugs: - * fix nobind man page description - * fix submount offset delete - * fix init script status return - * fix use get_proximity() without libtirpc - * don't use dirent d_type to filter out files in scandir() - * don't schedule new alarms after readmap - * use numeric protocol ids instead of protoent structs - * lib/defaults.c: use WITH_LDAP conditional around LDAP types - * make yellow pages support optional - * modules/replicated.c: use sin6_addr.s6_addr32 - * workaround missing GNU versionsort extension -- remove patches that are now upstream: - * autofs-5.0.7-fix-scandir-filter.patch - * autofs-5.0.7-use-protocol-id-instead-of-protoent.patch - * autofs-5.0.7-dont-reschedule-alarm-after-signals.patch - -- fix build on older versions of the distribution, do not install - org.freedesktop.AutoMount.conf - -- autofs-5.0.7-fix-scandir-filter.patch: fix lookup_dir when the - included directory is on an XFS file system (bnc#798158) - -- autofs-5.0.7-upstream-patches-20121120.bz2: update 5.0.7 upstream - patches to 20121120, fixing some bugs: - * fix map entry duplicate offset detection - * allow nsswitch.conf to not contain "automount:" lines - -- revert systemd initialization type from "simple" to "forking" - and drop the patch that partially implemented "new style systemd" - daemon (bnc#798162) -- autofs-5.0.7-new-style-systemd-daemon.patch: delete - -- UDisks dbus module support: use private connection, do not refer - to a reply if already handled, install dbus AutoMount.conf in - direct way - -- autofs-5.0.7-use-protocol-id-instead-of-protoent.patch: use - protocol id directly instead of calling the non-reentrant - function getprotobyname() (bnc#787410) - -- autofs-5.0.7-dont-reschedule-alarm-after-signals.patch: don't - schedule new alarms after handling SIGHUP and SIGUSR1 (bnc#783651) - -- autofs-5.0.7-new-style-systemd-daemon.patch: add new command - line parameter --systemd, which instructs automount to skip - daemonization completely, leaving the task to systemd -- autofs.service: use new --systemd option when starting up - -- autofs.service: use service type simple with no forking - -- autofs-5.0.7-upstream-patches-20121018.bz2: update 5.0.7 upstream - patches to 20121018, fixing some bugs: - * fix recursive mount deadlock - * increase file map read buffer size - * handle new location of systemd -- remove patches that are now upstream: - * autofs-5.0.7-handle-new-location-of-systemd.patch - -- rpm spec: don't try to build with udisks support on old versions - of the distribution - -- autofs-5.0.7-upstream-patches-20121016.bz2: update 5.0.7 upstream - patches to 20121016, fixing some bugs: - * add timeout option description to man page - * fix null map entry order handling - * make description of default MOUNT_WAIT setting clear - * configure.in: allow cross compilation - * README: update mailing list subscription info - -- autofs-systemd-path.patch: handle new location of systemd - -- Make it possible to use tmpfs based parents for autofs mount points - -- autofs-5.0.7-upstream-patches-20120911.bz2: update 5.0.7 upstream - patches to 20120911, fixing some bugs: - * fix nobind sun escaped map entries - * fix use cache entry after free in lookup_prune_one_cache() - * fix ipv6 proximity calculation - * fix parse buffer initialization - * fix typo in automount(8) -- remove patches that are now upstream: - * autofs-5.0.7-fix-parse-buffer-initialization.patch - * autofs-5.0.7-fix-use-devid-after-free.patch - -- autofs-5.0.7-fix-use-devid-after-free.patch: fix use cache entry - after free in lookup_prune_one_cache() (bnc#774241) - -- autofs-5.0.7-fix-parse-buffer-initialization.patch: fix parse - buffer initialization to avoid corruption in the map file name - string (bnc#777709) - -- Udisk: Check for unknown key word `eavesdrop' for dbus matching - rules and if not supported retry without -- Udisk: Do not crash if map file is not found - -- First initial udisks support, that is listen over dbus the udisks - daemon and the events for USB and optical devices. Also ask at - startup the udisks daemon for all devices and its properties as - well as manage the removals and plugins of devices. - TODO: - + With parsing the map configuration file apply the rules - to the map entry, like special options for file systems types - and/or devices. Also make keys unique, that is compare with - existing keys and add an counter or similar. - + Also with parsing the map configuration file apply the rules - to the key of map entry, like using more than one dict entry - for the key. - + Security management: who is allowed to access the devices? - + How to trigger sync and unmount before any timeout? - + What is about UTF-8 and Latin to UTF-8? - -- adjust the NetworkManager dispatcher script to check if the - AutoFS service is enabled in SysV or systemd (bnc#773440) - -- update to version 5.0.7: - * check negative cache much earlier - * dont use pthread_rwlock_tryrdlock() - * mount_nfs.so to honor explicit NFSv4 requests - * mount_nfs.so fix port=0 option behavior v3 - * documentation fix some typos and misleading comments - -- add reload action to systemd service file (bnc#772487) - -- update 5.0.6 upstream patches to 20120716, fixing some bugs: - * fix systemd argument passing - * fix get_nfs_info() can incorrectly fail - * fix offset directory removal - -- update 5.0.6 upstream patches to 20120629, fixing some bugs: - * check if /etc/mtab is a link to /proc/self/mounts - * fix nfs4 contacts portmap - * fix sss map age not updated - * fix remount deadlock (bnc#733479) - * fix umount recovery of busy direct mount (bnc#734924) - * fix offset mount point directory removal - * remove move mount code and configure option - * fix remount of multi mount - * fix device ioctl alloc path check - * refactor hosts lookup module - * remove cache update from parse_mount() - * add function to delete offset cache entry - * allow update of multi mount offset entries - * add hup signal handling to hosts map -- remove patches that are now upstream: - * autofs-5.0.6-fix-remount-deadlock.patch - * autofs-5.0.6-fix-umount-recovery-of-busy-direct-mount.patch - -- fix umount recovery of busy direct mounts (bnc#734924) -- fix remount deadlock that can happen on a restart when there are - nested direct mounts busy (bnc#733479) - -- revert "fix libtirpc name clash": auth_put() is not yet available - in our version of tirpc - -- update 5.0.6 upstream patches to 20120525, fixing some bugs: - * fix sss wildcard match - * fix dlopen() error handling in sss module - * fix configure string length tests - * report "map not read" when debug logging - * duplicate parent options for included maps (bnc#753693) - * update ->timeout() function to not return timeout - * move timeout to map_source - * fix kernel verion check of version components - * dont retry ldap connect if not required - * fix initialization in rpc create_client() - * fix libtirpc name clash -- remove patches that are now upstream: - * autofs-5.0.6-duplicate-parent-options-for-included-maps.patch - -- duplicate parent options for included maps (bnc#753693) - -- update 5.0.6 upstream patches to 20120402, fixing some bugs: - * use strtok_r() in linux_version_code() - * improve UDP RPC timeout handling - * allow MOUNT_WAIT to override probe - * fix rework error return handling in rpc code - * fix typo in libtirpc file name - * fix function to check mount.nfs version - * fix segmentation fault in get_query_dn() (bnc#752044) -- remove patches that are now upstream: - * autofs-5.0.6-fix-libtirpc-name-typo.patch - -- update 5.0.6 upstream patches to 20120228, fixing some bugs and - implementing new features (bnc#749098): - * fix improve mount location error reporting - * fix fix wait for master source mutex - * add sss lookup module - * teach automount about sss source - * fix init script usage message - * ignore duplicate exports in auto.net - * add kernel version check function - * add function to check mount.nfs version - * reinstate singleton mount probe - * rework error return handling in rpc code - * catch EHOSTUNREACH and bail out early - * systemd support fixes - * check scandir() return value (bnc#748588) - * allow for kernel packet size change (in kernel 3.3.0+) - * fix function to check mount.nfs version -- get-upstream-patches: make it work again after kernel.org FTP - server reorganization - -- fix segfault caused by an use after free in st_queue_handler() - (bnc#727392) - -- comment out /etc/auto.master.d from the shipped auto.master file - -- configure with --disable-mount-move only when systemd is enabled - -- rpm spec: simplify some commands in the install section and - use more rpm macros (from Cristian Rodriguez) - -- enable systemd support by default on openSUSE 12.2 (bnc#741879): - * enable disable-mount-move and with-systemd configure options - * install systemd service file - -- disable "--as-needed" to make sure automount will be linked - against libtirpc (bnc#742846) - -- fix typo in libtirpc file name -- rpm spec: use the %configure macro - -- update 5.0.6 upstream patches to 20111210, fixing some bugs and - implementing new features (bnc#741878): - * add systemd unit support (not enabled yet) - * add disable move mount configure option - * implement 'dir' map type - * improve mount location error reporting - * fix rpc build error - * fix ipv6 configure check - * fix ipv6 rpc calls - * fix ipv6 name lookup check - * fix map source check in file lookup - * fix submount shutdown race - * fix wait for master source mutex - * fix not bind mounting local filesystem - * fix LDAP result leaks on error paths - * fix result null check in read_one_map() - * fix dumpmaps not reading maps - * fix paged query more results check - -- add autoconf as buildrequire to avoid implicit dependency - -- fix initialization of LDAP results (bnc#730245) - -- init script: remove SUSE-specific actions that systemd doesn't - support (force-expire and force-stop) (bnc#725199) - -- rpm spec: remove redundant tags/sections -- rpm spec: use %_smp_mflags for parallel build - -- fix LDAP result leaks on error paths -- fix result null check in read_one_map() (bnc#707715) -- fix paged query more results check - -- update 5.0.6 upstream patches to 20110703, removing one patch - that is now upstream: - * autofs-5.0.6-fix-ipv6-name-for-lookup-fix.patch - -- fix an error in the recent ipv6 name for lookup patch - -- update to version 5.0.6 (bnc#702791): - * add nobind option - * add base64 password encode - * fix ipv6 name for lookup - * fix libtirpc ipv6 check - * dont bind nfs mount if nobind is set -- remove patches that are now upstream: - * autofs-5.0.5-fix-null-cache-deadlock.patch - -- rpm spec: install the rcautofs(8) man page as a symbolic link - to autofs(8) -- rpm spec: restart the automount daemon after updates -- init script: update Free Software Foundation address - -- fix null cache deadlock (bnc#696596) - -- update 5.0.5 upstream patches to 20110613 (bnc#699767): - * remove master_mutex_unlock() leftover - * fix sanity checks for brackets in server name - * fix lsb service name in init script - * fix map source check in file lookup - * fix simple bind without SASL support - * fix sasl bind host name selection - -- build against libtirpc since glibc's rpc code is deprecated - -- modify the NetworkManager dispatcher script to prevent it from - restarting AutoFS when the network goes down (bnc#693402) - -- init script: remove references to the obsolete autofs.ko (v3) - kernel module (bnc#696708) -- init script: don't wait one second if the misc device is already - available (bnc#696708) - -- documentation: add the following (commented out) options to - the default sysconfig file (bnc#695487, bnc#691617): - * DEFAULT_NEGATIVE_TIMEOUT - * DEFAULT_MOUNT_WAIT and DEFAULT_UMOUNT_WAIT - * MOUNT_NFS_DEFAULT_PROTOCOL - * LDAP_URI, LDAP_TIMEOUT, LDAP_NETWORK_TIMEOUT and SEARCH_BASE - -- update 5.0.5 upstream patches to 20110427 (bnc#692104): - * fix paged ldap map read - * fix next task list update - * fix stale map read - * fix null cache clean - * automount(8) man page correction - * fix out of order locking in readmap - * include ip address in debug logging - * mount using address for DNS round robin host names - * reset negative status on cache prune -- remove patches that are now upstream: - * autofs-5.0.5-fix-next-task-list-update.patch - * autofs-5.0.5-fix-stale-map-read.patch - * autofs-5.0.5-fix-out-of-order-locking-in-readmap.patch - -- init script: use misc device (/dev/autofs) by default, unless it - is explicitly disabled in sysconfig (bnc#684997) - -- fix out of order locking in readmap (bnc#667967) - -- add upstream fixes for the "non-expiring mounts" problem and - put the "fix direct map not updating on reread" patch back in - (bnc#677143) - -- ship init script as a source file and not as a patch against the - upstream sample - -- update 5.0.5 upstream patches to 20110318, fixing one bug: - * replace GPLv3 code (bnc#682268) - -- revert "fix direct map not updating on reread" due to expiration - problems (bnc#677143) - -- update 5.0.5 upstream patches to 20110302 (bnc#676690): - * use weight only for server selection - * fix isspace() wild card substitution - * auto adjust ldap page size - * fix prune cache valid check - * fix mountd vers retry - * fix expire race - -- init script: remove "gssd" from Should-Start/Stop lists, there - is no service with this name (bnc#626516) - -- when ghosting is enabled, don't create mount points for cached - entries that don't have a valid mapent (bnc#658734) - -- update 5.0.5 upstream patches to 20101021 (bnc#650177): - * remove ERR_remove_state() openssl call - * always read file maps mount lookup map read fix - * fix direct map not updating on reread - * fix add simple bind auth - * fix submount shutdown wait - * add external bind method - * add dump maps option - -- add MAP_HASH_TABLE_SIZE option to sysconfig - -- update 5.0.5 upstream patches to 20100810 (bnc#630736): - * remove extra read master map call - * fix "fix cache_init() on source re-read" - * fix error handing in do_mount_indirect() - * expire thread use pending mutex - * link against krb5 library by default - * make "verbose" mode a little less verbose (bnc#630719) -- merge patches autofs-5.0.2-use_local_cflags.patch and - autofs-5.0.5-as_needed.patch into autofs-suse-build.patch -- remove autofs-5.0.4-link_kerberos.patch (now upstream) - -- update 5.0.5 upstream patches to 20100524 (bnc#608284): - * add support to LDAP simple bind authentication - * fix master map source server unavailable handling - * add autofs_ldap_auth.conf man page - * fix random selection for host on different network - * don't hold lock for simple mounts - * fix remount locking - * fix wildcard map entry match (bnc#585201) - * fix parse_sun() module init - * don't check null cache on expire - * fix null cache race - * fix cache_init() on source re-read - * mapent becomes negative during lookup - * check each dc server - * fix negative cache included map lookup - * remove state machine timed wait - -- init script: improve stop routine to avoid problems on restart - (bnc#604497) - -- update 5.0.5 upstream patches to 20100326: - * fix reconnect get base dn - * add missing sasl mutex callbacks - * fix get query dn failure - * fix ampersand escape in auto.smb - * add locality as valid ldap master map attribute - * add locality as valid ldap master map attribute fix - -- add "network-remotefs" to Should-Start: and Should-Stop: in the - init script (bnc#522224) - -- remove configure to make sure it will be recreated by autoconf. - fixes a build problem that sometimes prevented lookup_ldap.so to - be linked against krb5 (bnc#572934, bnc#578655) - -- update 5.0.5 upstream patches to 20100201: - * check for path mount location in generic module - * don't fail mount on access fail - * fix rpc fail on large export list - * fix memory leak on reload - * don't connect at ldap lookup module init - * fix random selection option - * fix disable timeout - * fix strdup() return value check -- include README file about active restart feature (bnc#565151) - -- fix build on releases that do not support ext4 - -- add new sysconfig parameter USE_MISC_DEVICE and enable it by - default (bnc#565151) -- update initscript bringing it closer to what we have upstream: - * remove the deprecated force-stop logic and handle it like a - regular stop - * remove force-reload from usage and handle it like a regular - reload - -- update to version 5.0.5. lots of bug fixes including: - * fix nested submount expire deadlock - * fix negative caching for non-existent map keys - * make hash table scale to thousands of entries - * fix uri list locking (again) - * add nfs mount protocol default configuration option - * fix bad token declaration in master map parser - * fix double free in expire_proc() - * fix file map lookup when reading included or nsswitch sources - * fix memory leak reading master map - * fix st_remove_tasks() locking - * dont umount existing direct mount on master re-read - * fix incorrect shutdown introduced by library relaod fixes - * fix not releasing resources when using submounts - * fix double free in sasl_bind() - * fix map type info parse error - * fix an RPC fd leak - * fix pthread push order in expire_proc_direct() - * fix libxml2 non-thread-safe calls - * fix direct map cache locking - * fix dont umount existing direct mount on reread. -- update 5.0.5 upstream patches to 20091124: - * add mount wait parameter - * don't use master_lex_destroy() to clear parse buffer - * fix backwards #ifndef INET6 - * fix ext4 fsck at mount - * fix included map read fail handling - * fix libxml2 workaround configure - * fix pidof init script usage - * fix stale initialization for file map instance - * fix timeout in connect_nb() - * make documentation for set-log-priority clearer - * refactor ldap sasl bind - * special case cifs escapes. - -- fixed build with --as-needed - -- Add nfsserver to should start/stop in rc script (bnc#467906) - -- make sure that submounts are not busy anymore (bnc#467906) - chrony +- boo#1162964, clknetsim-glibc-2.31.patch: + Fix build with glibc-2.31 +- bsc#1184400, chrony-pidfile.patch: + Use /run instead of /var/run for PIDFile in chronyd.service. + dracut +- Update to version 049.1+suse.188.gbf445638: + * 90kernel-modules-extra: don't resolve symlinks before instmod (bsc#1185277) + dtc +- explicitly pass -pie in CFLAGS, since the build system explicitly passes + - fPIC, which breaks our gcc-PIE profile. This makes all packaged binaries + PIE-executables (bsc#1184122). + enblend-enfuse +- Add enblend-enfuse-4.2-gcc-10.patch: Fix build with GCC 10 + (picked from Gentoo, https://bugs.gentoo.org/723306). + +- Add reproducibledate.patch to override build date (boo#1047218) +- Add reproducible.patch to override build hostname (boo#1084909) + +- Update RPM groups. + +- Switched to cmake build + * Removed patch for autotools: enblend-latex-optional.patch +- Added enblend-enfuse-4.2-add-missing-cmakelists.patch +- Enabled support for OpenMP +- Enabled support for SSE2 +- Turn on optimizations again +- Info pages are no longer available +- Added PDF documentation for enblend and enfuse + -- Update to patchlevel 3 of version 4.1: - + Bug Fixes: - [Enblend only] Fix problem of multiple, almost-identical - seamlines that produce inexplicable black areas in the output - panorama. - + LCMS 2.5 is now required to build. - -- update to patchlevel 2 of version 4.1: - [Enblend and Enfuse] Fix a bug in the highlight-recovery that caused - Enfuse to bail out with the uncaught exception - "Minimizer1D::set_bracket: minimum not bracketed". - This addresses LaunchPad Bug #1214004. - [Enfuse] Clean up seemingly random, bright-colored pixels that - sometimes show up when fusing images with high contrast and "large" - color profiles. - [Enblend only] Fix a race condition in the seam-line optimizer that - can cause wrongly placed seams. - [Enblend and Enfuse] Use a per-thread storage of all OpenMP - Vigra-functors. This avoids data races. - [Enblend and Enfuse] The Boost implementation of the `Mersenne - Twister' random number generator caused segmentation faults when - used in the OpenMP-enabled versions of Enblend and Enfuse. The new - implementation is based on the GNU Scientific Library (GSL), which - plays nicely with concurrent accesses. - [Enblend only] Correct a mistake that causes overlapping images with - multiple seams to be blended incorrectly. - [Enblend only] Require the OpenGL extension - `GL_ARB_texture_rectangle' for the `--gpu' option to work. This - does away with a pesky warning of OpenGL drivers that do support - this extension and avoids crashes with drivers that don't. - The GPU performance improvement of Enblend via `--gpu' now is only - available with drivers that feature `GL_ARB_texture_rectangle' - (among many other required OpenGL extensions). - The OpenGL warning about odd texture sizes is unaffected by this - change. - [Enblend and Enfuse] Fix a longstanding quirk, which allowed to load - masks that were unsuitable for processing. -- no more signed tar balls, droping gpg verification :/ -- modified patches: - * use-default-gcc-inlining.diff - -- Added BuildRequire help2man to fix build with new automake - -- Update to version 4.1 (bnc#800803): - * All deprecated options since version 4.0 have been removed. - * New primary seam-line generator. - * Default to perceptual model of the difference image. - * Parallelize CIECAM02 color conversion. - * Enblend and Enfuse integrate seamlessly in color-managed - workflow. - * Require LittleCMS Version 2.x Unbounded CMM feature. - * Option to assign different profiles to profile-free input images. - * New gray-scale projector called "anti-value". - * Enblend and Enfuse stop after saving all generated masks to - files, if option "--save-masks" is given, but option "--output" - is not. - * Enblend and Enfuse can write output JPEG files with arithmetic - JPEG compression and TIFF files with JPEG compression. - * Enblend and Enfuse warn on images that alternate between with - color profile and without. - * Several new Commandline options: "--primary-seam-generator", - "--image-difference", "--ciecam" (for -c) and --no-ciecam", - "--fallback-profile=PROFILE", "--exposure-cutoff", - "--load-masks", "--layer-selector", "--levels=auto". - * Deprecated: "--smooth-difference", user-(re)sizable image-cache. - * External Vigra version 1.8 or later is required. - * Enblend no longer relies on libXMI. -- Verify GPG signature. - f2fs-tools +- Remove /usr/sbin/sg_write_buffer. This file is already provided + by sg3_utils as /usr/bin/sg_write_buffer. + +- prepare usrmerge (boo#1029961) + +- Update to release 1.14 + * f2fs_io: add copy command + * fsck: Check fsync data always for zoned block devices + * fsck: Check write pointer consistency of open zones + * fsck: Check write pointer consistency of non-open zones + * fsck.f2fs: Enable user-space cache + * f2fs-tools: support data compression + * dump.f2fs: print more info of inode layout + * resize.f2fs: add option for large_nat_bitmap feature + * f2fs-tools: Casefolded Encryption support + * mkfs.f2fs: allow setting volume UUID manually + * f2fs-tools: zns zone-capacity support + * mkfs.f2fs: add -T flag + * mkfs.f2fs: add -r (fake_seed) flag + +- Update to release 1.13 + * introduce some preen mode in fsck.f2fs + * add f2fs_io tool + * add casefolding support + +- Update to new upstream release 1.12 + * resize.f2fs: fix access out-of memory boundary + * mkfs.f2fs: support fsverity feature + * fsck.f2fs: fix stack overflow when reading out nat block + * mkfs.f2fs: avoid selinux denial for unnecessary sysfs node + * fsck.f2fs: allow -p without value + * mkfs.f2fs: support multiple features with one "-O" + * f2fs-tools: add -g to give default options + +- Update to version 1.10.0 + * f2fs-tools: support inode creation time + * fsck.f2fs: add -y for generic fsck + * fsck.f2fs: support quota + * mkfs.f2fs: support quota option in mkfs + * f2fs-tools: support flexible inline xattr size + * add sparse support for f2fs + * f2fscrypt: add a tool for encryption management in f2fs + -- Replace 0001-build-provide-definitions-for-byteswapping-on-big-en.patch - with official upstream version. - -- Update to new upstream release 1.4.0 - * fsck: add the -a option (auto-fix errors) [bnc#856645] - * fsck: remove corrupted xattr blocks and corrupted orphan inodes; - remove dentry if inode block is corrupted -- Add 0001-build-provide-definitions-for-byteswapping-on-big-en.patch - -- Update to new snapshot 1.3.0.g22 - * add "f2fstat" program to print f2fs's status in sec - * mkfs: support large directories - * mkfs.f2fs, fsck.f2fs: large volume support - -- Update to new upstream release 1.2.0 - * f2fs-tools: add stat information into fibmap - * fibmap.f2fs: change fibmap to fibmap.f2fs - * fsck, lib: support inline xattr - * fsck: skip to check block addresses in device files - * fsck: fix to handle file types correctly - * fsck: fix checking orphan inodes - -- Update to new snapshot v1.1.0-40-g6e8f2d5 - * Correct endianess conversions for CRC calculations, checkpoint - flags and in f2fs_update_nat_root. - * Fix the total_zones calculation in f2fs_prepare_super_block - * Add the fsck.f2fs and dump.f2fs utilities - -- Update to new snapshot v1.1.0-24-gfef98eb - * mkfs: add option to disable trim at format - * mkfs: handle labels longer than 16 characters - gdm +- Add gdm-Remove-deprecated-StandardOutput-syslog.patch: Remove + deprecated StandardOutput=syslog in gdm.service file + (bsc#1185146, glgo#GNOME/gdm!623). + java-11-openjdk -- Update to upstream tag jdk-11.0.10-9 (January 2021 CPU, +- Update to upstream tag jdk-11.0.11+9 (April 2021, CPU) + * Security fixes + + JDK-8244473: Contextualize registration for JNDI + + JDK-8244543: Enhanced handling of abstract classes + + JDK-8249906, CVE-2021-2163, bsc#1185055: Enhance opening JARs + + JDK-8250568, CVE-2021-2161, bsc#1185056: Less ambiguous + processing + + JDK-8253799: Make lists of normal filenames + + JDK-8257001: Improve Http Client Support + * Other changes + + JDK-7107012: sun.jvm.hotspot.code.CompressedReadStream + readDouble() conversion to long mishandled + + JDK-7146776: deadlock between URLStreamHandler.getHostAddress + and file.Handler.openconnection + + JDK-8086003: Test fails on OSX with java.lang.RuntimeException + 'Narrow klass base: 0x0000000000000000, Narrow klass shift: 3' + missing + + JDK-8168869: jdeps: localized messages don't use proper line + breaks + + JDK-8180837: SunPKCS11-NSS tests failing with + CKR_ATTRIBUTE_READ_ONLY and CKR_MECHANISM_PARAM_INVALID + + JDK-8202343: Disable TLS 1.0 and 1.1 + + JDK-8205992: jhsdb cannot attach to Java processes running in + Docker containers + + JDK-8209193: Fix aarch64-linux compilation after -Wreorder + changes + + JDK-8210413: AArch64: Optimize div/rem by constant in C1 + + JDK-8210578: AArch64: Invalid encoding for fmlsvs instruction + + JDK-8211051: jdeps usage of --dot-output doesn't provide + valid output for modular jar + + JDK-8211057: Gensrc step CompileProperties generates unstable + CompilerProperties output + + JDK-8211150: G1 Full GC not purging code root memory and + hence causing memory leak + + JDK-8211825: ModuleLayer.defineModulesWithXXX does not setup + delegation when module reads automatic module + + JDK-8212043: Add floating-point Math.min/max intrinsics + + JDK-8212218: [TESTBUG] runtime/ErrorHandling/ + /TestHeapDumpOnOutOfMemoryErrorInMetaspace.java timed out + + JDK-8213116: javax/swing/JComboBox/WindowsComboBoxSize/ + /WindowsComboBoxSizeTest.java fails in Windows + + JDK-8213909: jdeps --print-module-deps should report missing + dependences + + JDK-8214180: Need better granularity for sleeping + + JDK-8214223: tools/jdeps/listdeps/ListModuleDeps.java failed + due to missing Lib2 file + + JDK-8214230: Classes generated by SystemModulesPlugin.java + are not reproducable + + JDK-8214741: docs/index.html has no title or copyright + + JDK-8215687: [Graal] unit test CheckGraalIntrinsics failed + after 8212043 + + JDK-8217848: [Graal] vmTestbase/nsk/jvmti/ResourceExhausted/ + /resexhausted003/TestDescription.java fails + + JDK-8218482: sun/security/krb5/auto/ReplayCachePrecise.java + failed - no KrbException thrown + + JDK-8218550: Add test omitted from JDK-8212043 + + JDK-8221584: SIGSEGV in os::PlatformEvent::unpark() in + JvmtiRawMonitor::raw_exit while posting method exit event + + JDK-8221995: AARCH64: problems with CAS instructions encoding + + JDK-8222518: Remove unnecessary caching of Parker object in + java.lang.Thread + + JDK-8222785: aarch64: add necessary masking for immediate + shift counts + + JDK-8223186: HotSpot compile warnings from GCC 9 + + JDK-8225773: jdeps --check produces NPE if there are missing + module dependences + + JDK-8225805: Java Access Bridge does not close the logger + + JDK-8226810: Failed to launch JVM because of + NullPointerException occured on System.props + + JDK-8229396: jdeps ignores multi-release when + generate-module-info used on command line + + JDK-8229474: Shenandoah: Cleanup CM::update_roots() + + JDK-8232225: Rework the fix for JDK-8071483 + + JDK-8232905: JFR fails with assertion: + assert(t->unflushed_size() == 0) failed: invariant + + JDK-8233164: C2 fails with assert(phase->C->get_alias_index(t) + == phase->C->get_alias_index(t_adr)) failed: correct memory + chain + + JDK-8233910: java/awt/ColorClass/AlphaColorTest.java is + failing intermittently in nightly lnux-x64 system + + JDK-8233912: aarch64: minor improvements of atomic operations + + JDK-8234508: VM_HeapWalkOperation::iterate_over_object reads + non-strong fields with an on-strong load barrier + + JDK-8234742: Improve handshake logging + + JDK-8234796: Refactor Handshake::execute to take a more + complex type than ThreadClosure + + JDK-8235324: Dying objects are published from users of + CollectedHeap::object_iterate + + JDK-8235351: Lookup::unreflect should bind with the original + caller independent of Method's accessible flag + + JDK-8237369: Shenandoah: failed vmTestbase/nsk/jvmti/ + /AttachOnDemand/attach021/TestDescription.java test + + JDK-8237392: Shenandoah: Remove unreliable assertion + + JDK-8237483: AArch64 C1 OopMap inserted twice fatal error + + JDK-8237495: Java MIDI fails with a dereferenced memory error + when asked to send a raw 0xF7 + + JDK-8239355: (dc) Initial value of SO_SNDBUF should allow + sending large datagrams (macOS) + + JDK-8240353: AArch64: missing support for + - XX:+ExtendedDTraceProbes in C1 + + JDK-8240704: CheckHandles.java failed "AssertionError: Handle + use increased by more than 10 percent." + + JDK-8240751: Shenandoah: fold ShenandoahTracer definition + + JDK-8240795: [REDO] 8238384 CTW: C2 compilation fails with + "assert(store != load->find_exact_control(load->in(0))) + failed: dependence cycle found" + + JDK-8241598: Upgrade JLine to 3.14.0 + + JDK-8241649: Optimize Character.toString + + JDK-8241770: Module xxxAnnotation() methods throw NCDFE if + module-info.class found as resource in unnamed module + + JDK-8241911: AArch64: Fix a potential register clash issue in + reduce_add2I + + JDK-8242030: Wrong package declarations in jline classes after + JDK-8241598 + + JDK-8242565: Policy initialization issues when the denyAfter + constraint is enabled + + JDK-8243618: compiler/rtm/cli tests can be run w/o WhiteBox + + JDK-8243670: Unexpected test result caused by C2 + MergeMemNode::Ideal + + JDK-8244088: [Regression] Switch of Gnome theme ends up in + deadlocked UI + + JDK-8244154: Update SunPKCS11 provider with PKCS11 v3.0 header + files + + JDK-8244340: Handshake processing thread lacks yielding + + JDK-8244573: java.lang.ArrayIndexOutOfBoundsException thrown + for malformed class file + + JDK-8244683: A TSA server used by tests + + JDK-8245005: javax/net/ssl/compatibility/BasicConnectTest.java + failed with No enum constant + + JDK-8245026: PsAdaptiveSizePolicy::_old_gen_policy_is_ready is + unused + + JDK-8245283: JFR: Can't handle constant dynamic used by Jacoco + agent + + JDK-8245512: CRC32 optimization using AVX512 instructions + + JDK-8245527: LDAP Channel Binding support for Java + GSS/Kerberos + + JDK-8246707: (sc) SocketChannel.read/write throws + AsynchronousCloseException on closed channel + + JDK-8246709: sun/security/tools/jarsigner/ + /TsacertOptionTest.java compilation failed after JDK-8244683 + + JDK-8247200: assert((unsigned)fpargs < 32) + + JDK-8247766: [aarch64] guarantee(val < (1U << nbits)) + failed: Field too big for insn. + + JDK-8248336: AArch64: C2: offset overflow in + BoxLockNode::emit + + JDK-8248865: Document JNDI/LDAP timeout properties + + JDK-8248901: Signed immediate support in + .../share/assembler.hpp is broken. + + JDK-8249543: Force DirectBufferAllocTest to run with + - ExplicitGCInvokesConcurrent + + JDK-8249588: libwindowsaccessbridge issues on 64bit Windows + + JDK-8249749: modify a primitive array through a stream and a + for cycle causes jre crash + + JDK-8249787: Make TestGCLocker more resilient with concurrent + GCs + + JDK-8249867: xml declaration is not followed by a newline + + JDK-8250911: [windows] os::pd_map_memory() error detection + broken + + JDK-8251255: [linux] Add process-memory information to hs-err + and VM.info + + JDK-8251359: Shenandoah: filter null oops before calling + enqueue/SATB barrier + + JDK-8251925: C2: RenaissanceStressTest fails with + assert(!had_error): bad dominance + + JDK-8251944: Add Shenandoah test config to + compiler/gcbarriers/UnsafeIntrinsicsTest.java + + JDK-8251992: VM crashed running TestComplexAddrExpr.java test + with -XX:UseAVX=X + + JDK-8253220: Epsilon: clean up unused code/declarations + + JDK-8253274: The CycleDMImagetest brokes the system + + JDK-8253353: Crash in C2: guarantee(n != NULL) failed: No Node + + JDK-8253368: TLS connection always receives close_notify + exception + + JDK-8253404: C2: assert(C->live_nodes() <= + C->max_node_limit()) failed: Live Node limit exceeded limit + + JDK-8253409: Double-rounding possibility in float fma + + JDK-8253476: TestUseContainerSupport.java fails on some Linux + kernels w/o swap limit capabilities + + JDK-8253524: C2: Refactor code that clones predicates during + loop unswitching + + JDK-8253644: C2: assert(skeleton_predicate_has_opaque(iff)) + failed: unexpected + + JDK-8253681: closed java/awt/dnd/MouseEventAfterStartDragTest/ + /MouseEventAfterStartDragTest.html test failed + + JDK-8253702: BigSur version number reported as 10.16, should + be 11.nn + + JDK-8253756: C2 CompilerThread0 crash in Node::add_req(Node*) + + JDK-8254104: MethodCounters must exist before nmethod is + installed + + JDK-8254734: "dead loop detected" assert failure with patch + from 8223051 + + JDK-8254748: Bad Copyright header format after JDK-8212218 + + JDK-8254799: runtime/ErrorHandling/ + /TestHeapDumpOnOutOfMemoryError.java fails with release VMs + + JDK-8255058: C1: assert(is_virtual()) failed: type check + + JDK-8255351: Add detection for Graviton 2 CPUs + + JDK-8255368: Math.exp() gives wrong result for large values on + x86 32-bit platforms + + JDK-8255387: Japanese characters were printed upside down on + AIX + + JDK-8255401: Shenandoah: Allow oldval and newval registers to + overlap in cmpxchg_oop() + + JDK-8255479: [aarch64] assert(src->section_index_of(target) == + CodeBuffer::SECT_NONE) failed: sanity + + JDK-8255544: Create a checked cast + + JDK-8255559: Leak File Descriptors Because of + ResolverLocalFilesystem#engineResolveURI() + + JDK-8255681: print callstack in error case in + runAWTLoopWithApp + + JDK-8255734: VM should ignore SIGXFSZ on ppc64, s390 too + + JDK-8255742: PrintInlining as compiler directive doesn't print + virtual calls + + JDK-8255845: Memory leak in imageFile.cpp + + JDK-8255880: UI of Swing components is not redrawn after their + internal state changed + + JDK-8255908: ExceptionInInitializerError due to + UncheckedIOException while initializing cgroupv1 subsystem + + JDK-8256025: AArch64: MachCallRuntimeNode::ret_addr_offset() + is incorrect for stub calls + + JDK-8256056: Deoptimization stub doesn't save vector registers + on x86 + + JDK-8256061: RegisterSaver::save_live_registers() omits upper + halves of ZMM0-15 registers + + JDK-8256187: [TEST_BUG] Automate bug4275046.java test + + JDK-8256220: C1: x86_32 fails with -XX:UseSSE=1 after + JDK-8210764 due to mishandled lir_neg + + JDK-8256258: some missing NULL checks or asserts after + CodeCache::find_blob_unsafe + + JDK-8256264: Printed GlyphVector outline with low DPI has bad + quality on Windows + + JDK-8256290: javac/lambda/T8031967.java fails with + StackOverflowError on x86_32 + + JDK-8256359: AArch64: runtime/ReservedStack/ + /ReservedStackTestCompiler.java fails + + JDK-8256387: Unexpected result if patching an entire + instruction on AArch64 + + JDK-8256421: Add 2 HARICA roots to cacerts truststore + + JDK-8256488: [aarch64] Use ldpq/stpq instead of ld4/st4 for + small copies in StubGenerator::copy_memory + + JDK-8256489: Make gtest for long path names on Windows more + resilient in the presence of virus scanners + + JDK-8256501: libTestMainKeyWindow fails to build with Xcode + 12.2 + + JDK-8256633: Fix product build on Windows+Arm64 + + JDK-8256682: JDK-8202343 is incomplete + + JDK-8256751: Incremental rebuild with precompiled header fails + when touching a header file + + JDK-8256757: Incorrect MachCallRuntimeNode::ret_addr_offset() + for CallLeafNoFP on x86_32 + + JDK-8256806: Shenandoah: optimize shenandoah/jni/ + /TestPinnedGarbage.java test + + JDK-8256807: C2: Not marking stores correctly as mismatched + in string opts + + JDK-8256810: Incremental rebuild broken on Macosx + + JDK-8256818: SSLSocket that is never bound or connected leaks + socket resources + + JDK-8256888: Client manual test problem list update + + JDK-8257083: Security infra test failures caused by + JDK-8202343 + + JDK-8257408: Bump update version for OpenJDK: jdk-11.0.11 + + JDK-8257423: [PPC64] Support -XX:-UseInlineCaches + + JDK-8257436: [aarch64] Regressions in ArrayCopyUnalignedDst + .testByte/testChar for 65-78 bytes when UseSIMDForMemoryOps + is on + + JDK-8257513: C2: assert((constant_addr - + _masm.code()->consts()->start()) == con.offset()) + + JDK-8257547: Handle multiple prereqs on the same line in deps + files + + JDK-8257561: Some code is not vectorized after 8251925 and + 8250607 + + JDK-8257565: epsilonBarrierSet.hpp should not include + barrierSetAssembler + + JDK-8257575: C2: "failed: only phis" assert failure in loop + strip mining verification + + JDK-8257594: C2 compiled checkcast of non-null object triggers + endless deoptimization/recompilation cycle + + JDK-8257633: Missing -mmacosx-version-min=X flag when linking + libjvm + + JDK-8257670: sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java + reports leaks + + JDK-8257707: Fix incorrect format string in Http1HeaderParser + + JDK-8257746: Regression introduced with JDK-8250984 - memory + might be null in some machines + + JDK-8257798: [PPC64] undefined reference to + Klass::vtable_start_offset() + + JDK-8257884: Re-enable sun/security/ssl/SSLSocketImpl/ + /SSLSocketLeak.java as automatic test + + JDK-8257910: [JVMCI] Set exception_seen accordingly in the + runtime. + + JDK-8257997: sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java + again reports leaks after JDK-8257884 + + JDK-8257999: Parallel GC crash in gc/parallel/ + /TestDynShrinkHeap.java: new region is not in covered_region + + JDK-8258077: Using -Xcheck:jni can lead to a double-free after + JDK-8193234 + + JDK-8258247: Couple of issues in fix for JDK-8249906 + + JDK-8258373: Update the text handling in the JPasswordField + + JDK-8258396: SIGILL in jdk.jfr.internal.PlatformRecorder + .rotateDisk() + + JDK-8258419: RSA cipher buffer cleanup + + JDK-8258471: "search codecache" clhsdb command does not work + + JDK-8258534: Epsilon: clean up unused includes + + JDK-8258805: Japanese characters not entered by mouse click + on Windows 10 + + JDK-8258833: Cancel multi-part cipher operations in SunPKCS11 + after failures + + JDK-8258836: JNI local refs exceed capacity + getDiagnosticCommandInfo + + JDK-8258884: [TEST_BUG] Convert applet-based test + open/test/jdk/javax/swing/JMenuItem/8031573/bug8031573.java + to a regular java test + + JDK-8259007: This test printed a blank page + + JDK-8259048: (tz) Upgrade time-zone data to tzdata2020f + + JDK-8259049: Uninitialized variable after JDK-8257513 + + JDK-8259231: Epsilon: improve performance under contention + during virtual space expansion + + JDK-8259271: gc/parallel/TestDynShrinkHeap.java still fails + "assert(covered_region.contains(new_memregion)) failed: new + region is not in covered_region" + + JDK-8259312: VerifyCACerts.java fails as soneraclass2ca cert + will expire in 90 days + + JDK-8259319: Illegal package access when SunPKCS11 requires + SunJCE's classes + + JDK-8259339: AllocateUninitializedArray C2 intrinsic fails + with void.class input + + JDK-8259428: AlgorithmId.getEncodedParams() should return copy + + JDK-8259446: runtime/jni/checked/ + /TestCheckedReleaseArrayElements.java fails with stderr not + empty + + JDK-8259451: Zero: skip serviceability/sa tests, set vm.hasSA + to false + + JDK-8259580: Shenandoah: uninitialized label in + VerifyThreadGCState + + JDK-8259619: C1: 3-arg StubAssembler::call_RT stack-use + condition is incorrect + + JDK-8259633: compiler/graalunit/CoreTest.java fails with NPE + after JDK-8244543 + + JDK-8259706: C2 compilation fails with assert(vtable_index == + Method::invalid_vtable_index) failed: correct sentinel value + + JDK-8259707: LDAP channel binding does not work with StartTLS + extension + + JDK-8259773: Incorrect encoding of AVX-512 kmovq instruction + + JDK-8259849: Shenandoah: Rename store-val to IU-barrier + + JDK-8259949: x86 32-bit build fails when -fcf-protection is + passed in the compiler flags + + JDK-8259954: gc/shenandoah/mxbeans tests fail with -Xcomp + + JDK-8260029: aarch64: fix typo in verify_oop_array + + JDK-8260308: Update LogCompilation junit to 4.13.1 + + JDK-8260338: Some fields in HaltNode is not cloned + + JDK-8260349: Cannot programmatically retrieve Metaspace max + set via JAVA_TOOL_OPTIONS + + JDK-8260356: (tz) Upgrade time-zone data to tzdata2021a + + JDK-8260378: [TESTBUG] DcmdMBeanTestCheckJni.java reports + false positive + + JDK-8260497: Shenandoah: Improve SATB flushing + + JDK-8260502: [s390] NativeMovRegMem::verify() fails because + it's too strict + + JDK-8260632: Build failures after JDK-8253353 + + JDK-8260704: ParallelGC: oldgen expansion needs release-store + for _end + + JDK-8261022: Fix incorrect result of Math.abs() with char type + + JDK-8261089: [TESTBUG] native library of test + TestCheckedReleaseCriticalArray.java fails to compile with + gcc 4.x + + JDK-8261183: Follow on to Make lists of normal filenames + + JDK-8261209: isStandalone property: remove dependency on + pretty-print + + JDK-8261231: Windows IME was disabled after DnD operation + + JDK-8261251: Shenandoah: Use object size for full GC + humongous compaction + + JDK-8261310: PPC64 Zero build fails with + 'VMError::controlled_crash(int)::FunctionDescriptor + functionDescriptor' has incomplete type and cannot be defined + + JDK-8261334: NMT: tuning statistic shows incorrect hash + distribution + + JDK-8261413: Shenandoah: Disable class-unloading in I-U mode + + JDK-8261522: [PPC64] AES intrinsics write beyond the + destination array + + JDK-8261534: Test sun/security/pkcs11/KeyAgreement/ + /IllegalPackageAccess.java fails on platforms where no nsslib + artifacts are defined + + JDK-8261585: Restore HandleArea used in + Deoptimization::uncommon_trap + + JDK-8261753: Test java/lang/System/OsVersionTest.java still + failing on BigSur patch versions after JDK-8253702 + + JDK-8261829: Exclude tools/jlink/JLinkReproducibleTest.java + in 11u + + JDK-8261912: Code IfNode::fold_compares_helper more + defensively + + JDK-8261920: [AIX] jshell command throws java.io.IOError on + non English locales + + JDK-8262018: Wrong format in SAP copyright header of + OsVersionTest + + JDK-8263069: Exclude some failing tests from + security/infra/java/security/cert/CertPathValidator + +- moved mozilla-nss dependency to java-11-openjdk-headless package + This is necessary to be able to do crypto with just + java-11-openjdk-headless installed. Fixes boo#1184606 + +- Added patches: + * system-crypto-policy.patch + + Let OpenJDK use system crypto policies unless explicitely told + not to + * nss-security-provider.patch + + Add the NSS security provider with configuration in generated + nss.cfg file + * keytool-default-rsa.patch + + Make keytool generate RSA keys by default, since only the + LEGACY system crypto policy allows DSA + +- Update to upstream tag jdk-11.0.10+9 (January 2021 CPU, krb5 +- Use /run instead of /var/run for daemon PID files; (bsc#1185163); + libqt5-qttools +- Modify the %requires_eq of libqt5-qttools-doc to use libclang + instead of clang now that llvm7 moved the header files to libclang + in SLE-15-SP1:Update (boo#1184920, boo#1109367, QTBUG-70687) + lvm2 +- Honor lvm.conf event_activation=0 on "pvscan --cache -aay" (bsc#1185190) + + bug-1185190_01-pvscan-support-disabled-event_activation.patch + + bug-1185190_02-config-improve-description-for-event_activation.patch + +- LVM cannot be disabled on boot (bsc#1184687) + + bug-1184687_Add-nolvm-for-kernel-cmdline.patch +- Update patch for avoiding apply warning message + + bug-1012973_simplify-special-case-for-md-in-69-dm-lvm-metadata.patch + openSUSE-build-key +- Refresh the SLE15 build@suse.de key + * Updated gpg-pubkey-39db7c82-5847eb1f.asc + -- updated keys: - - 307E3D54 build@suse.de "SuSE Package Signing Key" (2014-05-03) - - 7E2E3B05 novell-provo-build@novell.com "Novell Provo Build" - (2014-05-06) - - 9C800ACA build@suse.de "SuSE Package Signing Key" (2014-05-03) - - 56B4177A openSUSE:Factory@build.opensuse.org - "openSUSE:Factory OBS Project" (2014-05-04) - - 3DBDC284 opensuse@opensuse.org "openSUSE Project Signing Key" - (2014-05-04) - openvpn +- bsc#1185279, CVE-2020-15078, openvpn-CVE-2020-15078.patch: + Authentication bypass with deferred authentication. +- bsc#1169925, CVE-2020-11810, openvpn-CVE-2020-11810.patch: + race condition between allocating peer-id and initializing data + channel key +- bsc#1085803, CVE-2018-7544, openvpn-CVE-2018-7544.patch: + Cross-protocol scripting issue was discovered in the management + interface + -- Update to version 2.3.4 - * Add support for client-cert-not-required for PolarSSL. - * Introduce safety check for http proxy options. - -- Build with large file support in 32 bit systems. - -- use %_rundir for %ghost directory - leaving /var/run everywhere - else - -- Updated README.SUSE, documented also the rcopenvpn compatibility - wrapper script (bnc#848070). - -- openvpn-fips140-2.3.2.patch: Allow usage of SHA1 instead of MD5 in - some internal checking routines. This allows operation in FIPS 140-2 - mode. - -- Readded rcopenvpn helper script under systemd (bnc#848070) - -- Fixed invalid mode in exec bit removal call from doc files - -- Add a section about how to control all or a named configuration with the - help of systemctl to the README.SUSE file. - -- Update to 2.3.2 - +Fixes since 2.3.0 -- Remove dead code path and putenv functionality -- Remove unused function xor -- Move static prototype definition from header into c file -- Remove unused function no_tap_ifconfig -- fix build with automake 1.13(.1) -- Fix corner case in NTLM authentication (trac #172) -- Update README.IPv6 to match what is in 2.3.0 -- Repair "tcp server queue overflow" brokenness, more fallout. -- Permit pool size of /64.../112 for ifconfig-ipv6-pool -- Add MIN() compatibility macro -- Fix directly connected routes for "topology subnet" on Solaris. -- close more file descriptors on exec -- Ignore UTF-8 byte order mark -- reintroduce --no-name-remapping option -- make --tls-remote compatible with pre 2.3 configs -- add new option for X.509 name verification -- add man page patch for missing options -- Fix parameter listing in non-debug builds at verb 4 -- (updated) [PATCH] Warn when using verb levels >=7 without debug -- Enable TCP_NODELAY configuration on FreeBSD. -- Updated README -- Cleaned up and updated INSTALL -- PolarSSL-1.2 support -- Improve PolarSSL key_state_read_{cipher, plain}text messages -- Improve verify_callback messages -- Config compatibility patch. Added translate_cipher_name. -- Switch to IANA names for TLS ciphers. -- Fixed autoconf script to properly detect missing pkcs11 with polarssl. -- Use constant time memcmp when comparing HMACs in openvpn_decrypt. - -- Try to migrate openvpn.service autostart to openvpn@.service - instance enablement. - -- Fixed to enable systemd support in configure -- Fixed openvpn-tmpfile.conf to use GID root, there is no openvpn group. -- Added openvpn.target file allowing to handle all instances at once. -- Fixed to install the service template correctly as openvpn@.service. - Use "systemctl enable openvpn@foo.service" to enable instance using - /etc/openvpn/foo.conf. -- Disabled systemd variant of restart on update rpm macro, adopted other - macros to use openvpn.target to e.g. stop all instances on uninstall. - -- Remove _unitdir definition, it is provided by systemd. -- Install service file without x permissions - -Update to version 2.3.0: - * Full IPv6 support - * SSL layer modularised, enabling easier implementation for other SSL libraries - * PolarSSL support as a drop-in replacement for OpenSSL - * New plug-in API providing direct certificate access, improved logging API - and easier to extend in the future - * Added 'dev_type' environment variable to scripts and plug-ins - which is - set to 'TUN' or 'TAP' - * New feature: --management-external-key - to provide access to the encryption - keys via the management interface - * New feature: --x509-track option, more fine grained access to X.509 fields - in scripts and plug-ins - * New feature: --client-nat support - * New feature: --mark which can mark encrypted packets from the tunnel, suitable - for more advanced routing and firewalling - * New feature: --management-query-proxy - manage proxy settings via the management - interface (supercedes --http-proxy-fallback) - * New feature: --stale-routes-check, which cleans up the internal routing table - * New feature: --x509-username-field, where other X.509v3 fields can be used for - the authentication instead of Common Name - * Improved client-kill management interface command - * Improved UTF-8 support - and added --compat-names to provide backwards compatibility - with older scripts/plug-ins - * Improved auth-pam with COMMONNAME support, passing the certificate's common - name in the PAM conversation - * More options can now be used inside blocks - * Completely new build system, enabling easier cross-compilation and Windows builds - * Much of the code has been better documented - * Many documentation updates - * Plenty of bug fixes and other code clean-ups -- Add systemd native support for OpenSUSE > 12.1 -- Adapt patchs to upstream release: - * openvpn-2.1-plugin-man.dif > openvpn-2.3-plugin-man.dif - * openvpn-2.1.0-man-dot.diff > openvpn-2.3.0-man-dot.diff -- Remove obsolete patchs; fixed or merged on upstream release: - * 0001-Use-SSL_MODE_RELEASE_BUFFERS-if-available.patch - * openvpn-2.1-plugin-build.dif - * openvpn-2.1-systemd-passwd.patch -- Rebase specfile to upstream changes: - * easy-rsa is not provided anymore with main package - * remove %clean section - * autoreconf -fi is no needed -- Update openvpn.keyring file for upstream release asc key - -- Join openvpn.service systemd cgroup in start when needed, e.g. - when starting with further parameters. (bnc#781106) - -- Verify GPG signature. - -- fix ciaran's previous license entry. the license has a SUSE prefix - -- Fixed openvpn init script to not map reopen to reload so the - reopen code is without any effect (bnc#781106). -- Added requested OPENVPN_AUTOSTART variable allowing to provide - an optional list of config names started by default (bnc#692440). - -- license update: GPL-2.0-with-openssl-exception and LGPL-2.1 - openssl has an openssl exception (also, it is GPL-2.0 only) - -- Fixed SLES build readding Group tags to sub-packages in spec, - not require libselinux-devel on SLE-10 and datadir/doc cleanup. - -- Updated to openvpn-2.2.2: - - Warn once, that IPv6 in tun mode is not supported in OpenVPN 2.2 - - Pkcs11 support built into the Windows version - - Fixed a bug in the Windows TAP-driver - -- Fix source URLs. - -- add automake as buildrequire to avoid implicit dependency - -- Marked /var/run/openvpn as ghost (bnc#710270), man page and - other rpmlint warning fixes - -- BuildRequires libselinux-devel -- Use SSL_MODE_RELEASE_BUFFERS to keep memory usage low, sent - upstream as https://community.openvpn.net/openvpn/ticket/157 - -- Add openvpn-2.1-systemd-passwd.patch / modify openvpn.init to - support systemd password query (bnc#675406) - -- Updated to openvpn-2.2.1, a new version series providing several - new features. This version fixes build issues and provides - updated easy-rsa for OpenSSL 1.0.0 (fixes Trac ticket #125), -- Adopted spec file, enabled saving password in a file and to - specify an alternative username in x509 cert. -- Removed X-Interactive from init script again, as systemd isn't - able to use it correctly [any more?] (bnc#675406). We will - address it later and probably use /bin/systemd-ask-password. - -- KVPNC is unable to parse openvpn version [bnc#679153] - -- Added X-Interactive: true LSB tag to the init script. - -- Updated to openvpn 2.1.4, providing several bug fixes and - improvements, such as: - * Fix of a problem with special case route targets - * Try to ensure, that the tun/tap interface gets closed on - non-graceful aborts. - * Several AUTH_FAILED reporting fixes causing the connection - to fail without any error indication. - * Enable exponential backoff in reliability layer retransmits. - * Proxy improvements - Please review the ChangeLog file for a complete and exact list. - -- Do not include build date in binaries - -- Improved netconfig based client up and down sample scripts. - -- Added netconfig based client up and down scripts to samples. - -- Updated to openvpn 2.1.1; linux related changes since 2.1_rc20: - * Fixed a couple issues in sample plugins auth-pam.c and - down-root.c. - (1) Fail gracefully rather than segfault if calloc returns NULL. - (2) The openvpn_plugin_abort_v1 function can potentially be - called with handle == NULL. Add code to detect this case, - and if so, avoid dereferencing pointers derived from handle - (Thanks to David Sommerseth for finding this bug). - * Documented "multihome" option in the man page. - * Added a hard failure when peer provides a certificate chain - with depth > 16. Previously, a warning was issued. - * Added additional session renegotiation hardening. OpenVPN has - always required that mid-session renegotiations build up a new - SSL/TLS session from scratch. While the client certificate - common name is already locked against changes in mid-session - TLS renegotiations, we now extend this locking to the - auth-user-pass username as well as all certificate content in - the full client certificate chain. -- Improved openvpn init script adding messages giving a hint about - pid write failure and to look into the log messages (bnc#559041). -- Added -fno-strict-aliasing to compile flags in the spec file. - -- Updated to openvpn 2.1 2.1_rc20, fixing problems in route and - option handling provided by the from server (bnc#552440). - For complete list of changes, see ChangeLog file, here just - the IMO most important: - * Fixed a bug introduced in 2.1_rc17 (svn r4436) where using - the redirect-gateway option by itself, without any extra - parameters, would cause the option to be ignored. - * Optimized PUSH_REQUEST handshake sequence to shave several - seconds off of a typical client connection initiation. - * The maximum number of "route" directives (specified in the - config file or pulled from a server) can now be configured - via the new "max-routes" directive. - * Eliminated the limitation on the number of options that can - be pushed to clients, including routes. Previously, all - pushed options needed to fit within a 1024 byte options - string. - * Added --server-poll-timeout option : when polling possible - remote servers to connect to in a round-robin fashion, - spend no more than n seconds waiting for a response before - trying the next server. - * Added the ability for the server to provide a custom reason - string when an AUTH_FAILED message is returned to the client. - This string can be set by the server-side managment interface - and read by the client-side management interface. - * client-kill management interface command, when issued on server, - will now send a RESTART message to client. This feature is - intended to make UDP clients respond the same as TCP clients - in the case where the server issues a RESTART message in order - to force the client to reconnect and pull a new options/route - list. - -- Added network-remotefs to init script dependencies (bnc#522279). - -- Updated to openvpn 2.1 [2.1_rc18] series (fate#305289). -- Enabled pkcs11-helper for openSUSE > 10.3 (bnc#487558). -- Adopted spec file and patches, improved init script. -- Disabled installation of easy-rsa for Windows. - patterns-base +- Do not recommending SUSEConnect and rollback-helper for openSUSE + procps +- Add upstream patch procps-vmstat-1b9ea611.patch for bsc#1185417 + * Support up to 2048 CPU as well + python3 +- Add CVE-2021-3426-inf-disclosure-pydoc-getfile.patch to remove + getfile feature from pydoc, which is a security nightmare + (among other things, CVE-2021-3426, allows disclosure of any + file on the system; bsc#1183374, bpo#42988). + sensors +- change-pidfile-path-from-var-run-to-run.patch: Change PIDFile + path from /var/run to /run (bsc#1185183). +- var-run-deprecated.patch: /var/run is deprecated (bsc#1185183). +