Packages changed: apache2 bogofilter brltty chrome-gnome-shell (8 -> 8.1) circuslinux claws-mail dhcp dmraid docbook-xsl-stylesheets doxygen (1.8.12 -> 1.8.13) dvd+rw-tools ekiga ffmpeg (3.2.2 -> 3.2.4) file-roller gcin (2.8.4 -> 2.8.5) gegl-unstable gimp git (2.11.0 -> 2.11.1) gnome-online-accounts gnome-shell (3.22.2 -> 3.22.3) gnutls (3.5.8 -> 3.5.9) goffice (0.10.32 -> 0.10.33) gparted (0.28.0 -> 0.28.1) grilo-plugins (0.3.3 -> 0.3.4) grub2 gtk4 (3.89.2 -> 3.89.4) guile (2.0.13 -> 2.0.14) hplip (3.16.10 -> 3.16.11) i4l-base icedtea-web installation-images (14.299 -> 14.302) irssi (1.0.0 -> 1.0.1) java-1_8_0-openjdk-plugin kernel-firmware (20170113 -> 20170217) kernel-source (4.9.10 -> 4.9.11) kiwi (7.04.26 -> 7.04.27) libbluray libgudev (230 -> 231) libnettle libpst (0.6.69 -> 0.6.70) libqb (1.0.0+git20160407.6f2b3e8 -> 1.0.1+git20170131.afdff97) libquicktime libvirt libzip (1.1.3 -> 1.2.0) mariadb (10.1.20 -> 10.1.21) mjpegtools mozilla-nss (3.28.2 -> 3.28.3) mtd-utils (1.5.2 -> 2.0.0) multipath-tools mutter (3.22.2 -> 3.22.3) open-vm-tools openldap2 os-prober (1.70 -> 1.74) p7zip pcre2 (10.22 -> 10.23) perl-Net-HTTP (6.12 -> 6.13) perl-YAML (1.22 -> 1.23) pidgin-sipe (1.21.1 -> 1.22.0) plasma5-desktop poppler (0.51.0 -> 0.52.0) poppler-qt5 (0.51.0 -> 0.52.0) postfix postgresql-init python-qt4 python-rpm-macros (1.0git.1483874658.ead0b0b -> 1.0.git.1486997542.e9fcc29) python-sip (4.19 -> 4.19.1) python-wxWidgets-3_0 sg3_utils shim-leap spamassassin sssd strace (4.15 -> 4.16) systemd tigervnc virglrenderer wget (1.19 -> 1.19.1) wwwoffle (2.9i -> 2.9j) xorg-x11-server yast2-country (3.2.8 -> 3.2.9) ypbind === Details === ==== apache2 ==== Subpackages: apache2-devel apache2-doc apache2-example-pages apache2-prefork apache2-utils - fix caching of forward proxy + httpd-cache-forward-http-proxy.patch - Don't require insserv if we don't need it. ==== bogofilter ==== Subpackages: bogofilter-common bogofilter-db - Explicitly package _docdir, fix build with rpm 4.13. ==== brltty ==== Subpackages: brltty-driver-at-spi2 brltty-driver-brlapi brltty-driver-espeak brltty-driver-speech-dispatcher brltty-driver-xwindow libbrlapi0_6 python3-brlapi xbrlapi - Disable udev rule for generic FTDI devices to avoid taking USB-to-serial converters (boo#1007652). Add an update message if one of these devices is detected. - Add a README.SUSE. - Add brltty-polkit-fixes.patch: don't delay brltty if waiting for polkit initialization, and fix polkit+key authentication (bsc#930242). - Add brltty-braillenote-usb.patch: autodetect BrailleNote via USB. - Always enable polkit (intention of the conditional was to disable on 13.2 and 42.1, but it was being disabled under 42.2 as well). ==== chrome-gnome-shell ==== Version update (8 -> 8.1) - Update to version 8.1: + Added check to make sure that "enabled-extensions" GNOME Shell setting does not contains duplicated values (bgo#777650). + Fixed error that breaks update check if there was extension installed without "version" key in manifest. + Fixed error that prevents error message to be shown when update check is failed. + Fixed connector segfault on browser close. + Fixed possible error in synchronization process that may delete some extensions. + Updated translations. - Drop chrome-gnome-shell-commit-dca4a35.patch: Fixed upstream. - Use conditional to allow packaging for older versions of openSUSE. ==== circuslinux ==== - Move /usr/games to /usr/bin as done with the rest 4 years ago. ==== claws-mail ==== Subpackages: claws-mail-lang - Use xdg-open (instead of gedit) as default mime_open_command use-xdg-open-as-default-mime_open_command.patch ==== dhcp ==== Subpackages: dhcp-client dhcp-doc dhcp-relay dhcp-server - Require insserv only if needed - Fix requires of client subpackage ==== dmraid ==== - Remove obsolete insserv call ==== docbook-xsl-stylesheets ==== - Explicitly package %{_docdir}/%{name} to fix build with RPM 4.13. ==== doxygen ==== Version update (1.8.12 -> 1.8.13) - Add doxygen-guard-null-variable.patch: Protected against NULL pointer of variable al, upstream commit 0f02761. - Update to 1.8.13 See changelog at http://www.stack.nl/~dimitri/doxygen/manual/changelog.html#log_1_8_13 - dropped doxygen-fix-QCH-files.patch, it is part of the release ==== dvd+rw-tools ==== - Explicitly BuildRequire m4. ==== ekiga ==== Subpackages: ekiga-lang ekiga-plugins-evolution - add ekiga-audiooutput-fallback-to-primary-device-if-secondary.patch * fixes problem that ekiga uses SILENT as default for secondary (ring) output unless explicitly configured by user * Upstream bug report: bgo#777717 ==== ffmpeg ==== Version update (3.2.2 -> 3.2.4) Subpackages: libavcodec57 libavformat57 libavutil55 libswresample2 libswscale4 - Have libavcodec57 additionally provide libavcodec57(unrestricted) when building unrestricted: allow third party packages to require the unrestricted codec. The existing -full provides is not suitable as it can be provided by multiple libavcodec* packages, whereas we require a specific ABI version. - Update to new upstream release 3.2.4 * lavf/mov.c: Avoid heap allocation wrap in mov_read_hdlr * lavf/mov.c: Avoid OOB in mov_read_udta_string() * lavf/mov.c: Avoid heap allocation wraps in mov_read_{senc,saiz}() - Update to new upstream release 3.2.3 * Maintenance release with bugfixes * ffplay: fix sws_scale possible out of bounds array access - Drop version number from patch: ffmpeg-2.4.5-arm6l.patch -> ffmpeg-arm6l.diff ==== file-roller ==== - Add file-roller-open-dest-dialog-only-when-using-notify.patch: Show the 'open destination' dialog only when using --notify and only for the last extracted archive. - Add file-roller-libarchive-dont-convert-null-strings.patch: Don't convert null strings to utf8. - Add file-roller-fix-crash-after-extracting.patch: Fix a crash after extracting a file (bgo#778846, boo#1022082). ==== gcin ==== Version update (2.8.4 -> 2.8.5) Subpackages: gcin-gtk2 gcin-gtk3 gcin-qt4 gcin-qt5 libgcin-im-client1 - Update to 2.8.5 + Fix a typing bug with Hsu layout + Fix the missing pre-select phrases when using Array input method - Refresh patches: + gcin-improve-build-with-pkgconfig.patch + gcin-parallel-compiling.patch ==== gegl-unstable ==== Subpackages: gegl-0_3 libgegl-0_3-0 - Replace -devel for their pkgconfig() replacements aligning with what configure checks for, and also version several of them: + Replaced -devel packages: OpenEXR-devel, babl-devel, glib2-devel, libexiv2-devel, libjasper-devel, libpng-devel, librsvg-devel, lua-devel. + Replacements: pkgconfig(OpenEXR), pkgconfig(babl), pkgconfig(exiv2), pkgconfig(gdk-pixbuf-2.0), pkgconfig(gio-2.0), pkgconfig(gio-unix-2.0), pkgconfig(gmodule-2.0), pkgconfig(gobject-2.0), pkgconfig(gthread-2.0), pkgconfig(jasper), pkgconfig(json-glib-1.0), pkgconfig(pango), pkgconfig(pangocairo), pkgconfig(libpng), pkgconfig(librsvg-2.0), pkgconfig(lua). - Run spec-cleaner, modernize spec. - Add gobject-introspection-devel, pkgconfig, pkgconfig(lcms2): Build support for introspection and lcms, pkgconfig comes from spec-cleaner. - Add new subpackage typelib-1_0-Gegl-0_3: Package the new introspection support. - Remove asciidoc, gd, gtk-doc, gtk2-devel, liberation-fonts: No longer build gegl website support, gd and liberation-fonts makes no sense, gtk-doc is currently broken. - Following removal of gtk-doc and passing --disable-doc to configure, temporary disable gegl-0.3-docs subpackage. - Correct Group for devel subpackage. - Stop passing --disable-silent-rules to configure, we do debugging locally. ==== gimp ==== Subpackages: gimp-plugin-aa gimp-plugins-python libgimp-2_0-0 libgimpui-2_0-0 - Add gimp-bgo773233-CVE-2007-3126.patch: Gimp 2.3.14 allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero (bgo#773233, CVE-2007-3126). - Add gimp-fix-PDF-Import-filter-crash.patch: Fix a crash in PDF Import filter when importing large image PDF or specifying high resolution (bgo#593576). ==== git ==== Version update (2.11.0 -> 2.11.1) Subpackages: git-core git-cvs git-daemon git-email git-gui git-svn git-web gitk - Explicitly package %{_docdir}/%{name} to fix build with RPM 4.13. - git 2.11.1: * The default Travis-CI configuration specifies newer P4 and GitLFS. * The character width table has been updated to match Unicode 9.0 * various fixes affecting multiple subcommands for correctness, bugs, and unexpected behavior. * documentation updates * git-svn updates ==== gnome-online-accounts ==== Subpackages: libgoa-1_0-0 libgoa-backend-1_0-1 typelib-1_0-Goa-1_0 - Add pkgconfig(vapigen) BuildRequires: Build vala support. ==== gnome-shell ==== Version update (3.22.2 -> 3.22.3) Subpackages: gnome-shell-browser-plugin gnome-shell-calendar - Update to version 3.22.3: + Work around portal failures by using a URL without HTPPS redirect (bgo#769940). + Fix replacing of GNotifications (bgo#775149). + Reload apps on .desktop file content changes (bgo#773636). + Fix subsurfaces not showing up in previews (bgo#756715). + Fix theme node transitions (bgo#778145). + Don't allow type ahead at the login screen (bgo#766139). + Misc. bug fixes: bgo#774643, bgo#774805, bgo#775507, bgo#776130, bgo#759793, bgo#745626. + Updated translations. - Drop gnome-shell-bgo774805-guard-against-animations-that-dont-load.patch: Fixed upstream. ==== gnutls ==== Version update (3.5.8 -> 3.5.9) Subpackages: libgnutls-dane0 libgnutls-devel libgnutls-openssl27 libgnutls30 libgnutls30-32bit - GnuTLS 3.5.9: * libgnutls: OpenPGP references removed, functionality deprecated * libgnutls: Improve detection of AVX support * libgnutls: Add support for IDNA2008 with libidn2 FATE#321897 * p11tool: re-use ID from corresponding objects when writing certificates. * API and ABI modifications: gnutls_idna_map: Added gnutls_idna_reverse_map: Added - prevent pkgconfig issues due to libidn2 when building with GnuTLS add gnutls-3.5.9-pkgconfig.patch ==== goffice ==== Version update (0.10.32 -> 0.10.33) Subpackages: goffice-lang libgoffice-0_10-10 - Update to version 0.10.33: + Make box plots look like bar plots in legends (bgo#773825). + Fix conditional compilation for long double (bgo#774439). + Reimplement major grids for discrete axes (bgo#775624). + Fix add child menu in graph guru (bgo#777336). + Fix evaluation of regression curves for area plots (bgo#777334). + Introspection fixes. ==== gparted ==== Version update (0.28.0 -> 0.28.1) - Update to version 0.28.1: + Restore ability to resize/move primary if extended exists. + Make the Label File System and Name Partition dialogs larger. + Some minor bug fixes. ==== grilo-plugins ==== Version update (0.3.3 -> 0.3.4) Subpackages: grilo-plugin-tracker grilo-plugin-youtube - Update to version 0.3.4: + General: Add support for Meson build. + Bugs fixed: bgo#775957, bgo#770959, bgo#777210, bgo#771446, bgo#771445, bgo#773702, bgo#775957, bgo#778596, bgo#775561, bgo#773310, bgo#776482, bgo#770806, bgo#774748. + Updated translations. - Add gperf BuildRequires: New "optional" dependency. ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-xen - Temporary fix for openQA UEFI USB Boot failure (bsc#1026344) * 0001-Revert-efi-properly-terminate-filepath-with-NULL-in-.patch - grub2.spec: fix s390x file list. - Merge changes from SLE12 - add grub2-emu-4-all.patch * Build 'grub2-emu' wherever possible, to allow a better implementation of that feature. - add grub2-s390x-06-loadparm.patch, - add grub2-commands-introduce-read_file-subcommand.patch: * allow s390x to telecontrol grub2. (bsc#891946, bsc#892852) - add grub2-s390x-06-loadparm.patch: * ignore case and fix transliteration of parameter. (bsc#891946) - add grub2-s390x-07-add-image-param-for-zipl-setup.patch * Add --image switch to force zipl update to specific kernel (bsc#928131) - add grub2-s390x-08-workaround-part-to-disk.patch * Ignore partition tables on s390x. (bsc#935127) - add grub2-efi-chainload-harder.patch: * allow XEN to be chain-loaded despite firmware flaws. (bnc#887793) * Do not use shim lock protocol for reading pe header, it won't be available when secure boot disabled (bsc#943380) * Make firmware flaw condition be more precisely detected and add debug message for the case * Check msdos header to find PE file header (bsc#954126) - grub2-s390x-04-grub2-install.patch: * streamline boot to grub menu. (bsc#898198) * Force '/usr' to read-only before calling kexec. (bsc#932951) - grub2-once: * add '--enum' option to enumerate boot-entries in a way actually understood by 'grub2'. (bsc#892852, bsc#892811) * Examine variables from grub environment in 'grub2-once'. (fate#319632) ==== gtk4 ==== Version update (3.89.2 -> 3.89.4) Subpackages: gtk4-branding-upstream gtk4-data gtk4-immodule-amharic gtk4-immodule-inuktitut gtk4-immodule-thai gtk4-immodule-vietnamese gtk4-lang gtk4-schema gtk4-tools libgtk-4-0 typelib-1_0-Gtk-4_0 - Update to version 3.89.4: + API changes: - gtk_init and other init functions no longer take commandline arguments. - Functions that are only useful with commandline arguments have been dropped. - Widgets, except for toplevels, are now visible by default. - Style properties are no longer supported. + Vulkan rendrerer: Implement more clipping. + CSS: Specifying px for pixels is now required. + Bugs fixed: bgo#358970, bgo#770112, bgo#773299, bgo#773686, bgo#775864, bgo#776225, bgo#777363, bgo#777547, bgo#778009. + Updated translations. - Changes from version 3.89.3: + GtkWidget now has API to navigate child widgets: - gtk_widget_get_{first,last}_child and gtk_widget_get_{prev,next}_sibling. - A number of non-container widgets have been converted to use child widgets internally: GtkSwitch, GtkSpinButton, GtkActionBar. + GtkAboutDialog can show a 'System' tab. + GTK+ CSS now supports the filter: property and a - gtk-icon-filter function that replaces and generalizes - gtk-icon-effect. + GtkInspector can now save render nodes for testing and debugging. + More tests for render nodes have been added. + GtkTreeView and cell renderers have been more completely converted to the snapshot() api. + More widgets have been converted to snapshot(): GtkCalendar, GtkColorPlane. + Vulkan renderer: - Combine draw calls when possible. - Handle (some) clipping on the GPU. - Handle linear gradients. - Handle opacity. - Support color transformations. - Handle borders. + Wayland: Support the Vulkan renderer. + X11: Call XInitThreads(), since this is needed with Mesa Vulkan drivers. + Mir: - Implement window properties. - Track the focus window. - Connect to content-hub and use it for copy/paste. - Support modal windows. + Bugs fixed: bgo#775732, bgo#775846, bgo#776524, bgo#776560, bgo#776604, bgo#776627, bgo#776807, bgo#776868, bgo#777176. + Updated translations. ==== guile ==== Version update (2.0.13 -> 2.0.14) Subpackages: guile-modules-2_0 libguile-2_0-22 - Update to version 2.0.14: * Bug fixes + Builds of .go files and of Guile itself are now bit-reproducible + 'number->locale-string' and 'monetary-amount->locale-string' fixes + (system base target) now recognizes "sh3" as a cross-compilation target + Fix race condition in '00-repl-server.test' + 'scandir' from (ice-9 ftw) no longer calls 'stat' for each entry * Several documentation improvements - Drop no longer needed patches: * guile-fake-buildstamp.patch * repl-server-test.patch - Small packaging cleanup with help of spec-cleaner ==== hplip ==== Version update (3.16.10 -> 3.16.11) Subpackages: hplip-hpijs hplip-sane - Version upgrade to 3.16.11: * Added Support for the Following New Printers: - HP LaserJet M101-M106 Printer - HP LaserJet Pro M203-M206 Printer - HP LaserJet Pro MFP M227-M231 Printer - HP LaserJet Pro MFP M129-M134 * Added support for the following new Distro's: - OpenSuse 42.2 - Fedora 25 ==== i4l-base ==== Subpackages: i4l-isdnlog libcapi20-3 libcapi20-3-32bit - Remove insserv_cleanup macro since we require and use systemd ==== icedtea-web ==== - Removed patch: * icedtea-web-1.6.1-fix-2746.patch + Part of 1.6.2 ==== installation-images ==== Version update (14.299 -> 14.302) - fix install script to move the correct files (fate#322275) - enhance tftpboot-installation package to include all files needed to build our installation iso - 14.302 - adjust 'boot from harddisk' to also work on caasp systems (bsc#1025851) - 14.301 - make yast selfupdate feature configurable via YAST_SELFUPDATE env variable - 14.300 - turn off YaST selfupdates for SLE12 ==== irssi ==== Version update (1.0.0 -> 1.0.1) - irssi 1.0.1: * Fix Perl compilation in object dir * Fix incorrect HELP SERVER example * Correct memory leak in /OP and /VOICE * Fix regression that broke second level completion * Correct missing NULL termination in perl_parse boo#1023638 * Sync broken mail.pl script * Prevent a memory leak during the processing of the SASL response boo#1023637 ==== java-1_8_0-openjdk-plugin ==== - Removed patch: * icedtea-web-1.6.1-fix-2746.patch + Part of 1.6.2 ==== kernel-firmware ==== Version update (20170113 -> 20170217) Subpackages: ucode-amd - Update to version 20170217: * linux-firmware: liquidio: update firmware to v1.4.2 * iwlwifi: update -17 firmware for 3260, 7260 and 7265 * iwlwifi: update -22 firmware for 7265D and up * iwlwifi: add -27 firmware for 3168, 7265D, 8000C and 8265 * linux-firmware/i915: Add HuC 1.07.1398 for SKL * linux-firmware/i915: Add HuC 1.07.1398 for broxton * linux-firmware/i915: HuC on 2.0.1810 for Kabylake * linux-firmware/i915: GuC firmware for Broxton v8.7 * linux-firmware/i915: GuC firmware for Kabylake v9.14 * radeon/amdgpu: update license copyright dates * radeon: add new firmware for SI chips * rtlwifi: rtl8723bs: Add firmware for new driver * qla2xxx: Update firmware version to 8.06.00 * amdgpu: add firmware for polaris12 asics * amdgpu: update VI gfx/sdma firmware * amdgpu: update VI smc/mc firmware * update WHENCE for new amdgpu/polaris12_*.bin firmware * linux-firmware: add firmware for mt76x2 ==== kernel-source ==== Version update (4.9.10 -> 4.9.11) Subpackages: kernel-default kernel-default-devel kernel-devel kernel-docs kernel-macros kernel-syms - Linux 4.9.11 (CVE-2017-5897 CVE-2017-5970 CVE-2017-5986 bnc#1012628 bsc#1023762 bsc#1024938 bsc#1025235). - Delete patches.fixes/ip6_gre-fix-ip6gre_err-invalid-reads.patch. - Delete patches.fixes/ipv4-keep-skb-dst-around-in-presence-of-IP-options.patch. - Delete patches.fixes/sctp-avoid-BUG_ON-on-sctp_wait_for_sndbuf.patch. - commit cf9c670 ==== kiwi ==== Version update (7.04.26 -> 7.04.27) Subpackages: kiwi-desc-isoboot kiwi-desc-netboot kiwi-desc-oemboot kiwi-desc-vmxboot kiwi-doc kiwi-media-requires kiwi-templates - v7.04.27 released - Prevent quoted domain name We're getting domain name by parsion a lease file. Unfortunately in lease file domain name is quoted, which breaks linux resolver. This commit gets domainname unquoted Signed-off-by: Dinar Valeev ==== libbluray ==== - Rename %soname to %sover to better reflect its use. Fix RPM groups. ==== libgudev ==== Version update (230 -> 231) Subpackages: libgudev-1_0-0 libgudev-1_0-devel typelib-1_0-GUdev-1_0 - Update to version 231: + Fix a bug in the enumerator to ensure that client subsystems are implicitly matched. + Require a newer GLib to simplify some code. - Add disabled pkgconfig(umockdev-1.0) BuildRequires, new optional dependency, that is enabled by default upstream, but unfortunatly not yet available in openSUSE. - Following the above: pass --disable-umockdev to configure. ==== libnettle ==== Subpackages: libhogweed4 libhogweed4-32bit libnettle-devel libnettle6 libnettle6-32bit - Explicitly BuildRequire m4 ==== libpst ==== Version update (0.6.69 -> 0.6.70) - Update to version 0.6.70: + pst_getID2 must not recurse into children. ==== libqb ==== Version update (1.0.0+git20160407.6f2b3e8 -> 1.0.1+git20170131.afdff97) - [ringbuffer] Return error from peek if RB is corrupted. (bsc#1026176) - build: drop allegedly no longer intrusive syslog-tests opt-in switch - Upstream version cs: afdff97f1af8e1be916816ad8b6d5530fa7c6637 - version: Update version for 1.0.1 release - rb: use new qb_rb_close_helper able to resort to file truncating (bsc#1026176) - rb: make it more robust against trivial IPC API misuses (bsc#1026176) - log_thread: logt_wthread_lock is vital for logging thread (bsc#1026176) - log: Don't overwrite valid tags (bsc#1026176) - ipc_shm: fix superfluous NULL check - log: Add missing z,j, & t types to the logger (bsc#1026176) - log: check for appropriate space when serializing a char (bsc#1026176) - Upstream version cs: 0a329683a76bc6aeb36f20f2bf6b43ba0440c4dc (v1.0.1) ==== libquicktime ==== - Rename %soname to %sover to better reflect its use. Correct RPM group. ==== libvirt ==== Subpackages: libvirt-client libvirt-daemon libvirt-daemon-config-network libvirt-daemon-config-nwfilter libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-lxc libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-uml libvirt-daemon-driver-vbox libvirt-daemon-lxc libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs - Don't call insserv if we use systemd and don't require it. - libxl: more fixes for dom0 maxmem setting 4ab0c959-libxl-mem-leak.patch, 2dc1cf19-libxl-double-free.patch bsc#1017762 - apparmor: don't fail on non-apparmor apparmor-errormsg-fix.patch, apparmor-alt-seclabel.patch bsc#1023436 - libxl: fix reporting of domain maximum memory ff225538-libxl-autoballoon-setting.patch, c89a6e78-libxl-physinfo-cleanup.patch, d2b77608-libxl-maxmem-fix.patch, 79692c38-libxl-dom0-maxmem.patch bsc#1017762 - libxl: set disk format to raw if not specified and fix disk detach 321a28c6-libxl-default-disk-format.patch, bd116810-libxl-fix-disk-detach.patch bsc#1003379 - libxl: fix timer configurations 6e4759d0-libxl-timer-fix.patch, 87df87e0-libxl-timer-tsc-emulate.patch, b4386fda-xenconfig-timer-fix.patch, d3970925-timer-tests.patch bsc#1019969 - SLE12 SP2 bugs merged via version updates of the Factory libvirt package: bsc#986718 - SLE12 SP2 FATEs merged via version updates of the Factory libvirt package: FATE#316228, FATE#316628, FATE#319531, FATE#319810, FATE#320490 - Replaced libxl-dom0-balloon-fix.patch with upstream patch f86a7a83-libxl-dom0-balloon-fix.patch - Fix dom0 ballooning with Xen >= 4.8 libxl-dom0-balloon-fix.patch bsc#1020755 - SLE12 SP2 bugs merged via version updates of the Factory libvirt package: bsc#996020, bsc#987002, bsc#997278, bsc#998005, bsc#998389, bsc#1001446, bsc#1001698, bsc#1005288, bsc#1013991, bsc#1016253, bsc#1017086, bsc#1017762, bsc#1018189 - virt-create-rootfs is a temporary SLE-only hack that was never added to the Factory libvirt package, causing it to be dropped when rebasing SLE on Factory. Add it now but only apply associated patch when building for SLE. virt-create-rootfs.patch bsc#995981 - Update to libvirt 3.0.0 - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Add b018ada3-shunloadtest-build-fix.patch to fix 'make check' failures - Add qemu-disable-namespaces.patch to temporarily disable qemu namespace feature until all issues are resolved - In order to avoid issues like bsc#1017189, explicitly specify supported VirtualBox versions - Update to libvirt 2.5.0 - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Import new public signing key - spec: explicitly set qemu-bridge-helper path to /usr/lib/ bsc#999070 - Package org.libvirt.api.policy polkit file (bsc#959297) - Fix postun systemd services cleanup - Mark /etc/libvirt/nwfilter/*.xml files as config files - Update to libvirt 2.4.0 - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Update to libvirt 2.3.0 - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Dropped patches: pci-use-driver-override-sysfs.patch, virHostdevFindUSBDevice-privsyms.patch, libxl-usb-vendor.patch, apparmor-qemu-bridge-helper.patch - Update to libvirt 2.2.0 - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Dropped patches: 856965b3-qemu-secdriver.patch, 541e9ae6-cpu-vendor-crash-fix.patch, d53d4650-qemu-rbd-auth.patch - libxl: allow vendor/product addressing for USB hostdevs virHostdevFindUSBDevice-privsyms.patch, libxl-usb-vendor.patch bsc#989646 - qemu: fix auth for rbd network disks d53d4650-qemu-rbd-auth.patch bsc#988998 - Replace cpumodel-vendor-crash-fix.patch with upstream variant 541e9ae6-cpu-vendor-crash-fix.patch bsc#992425 - Update to libvirt 2.1.0 - New subpackages libvirt-libs and libvirt-admin - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Dropped patches: c8f08e48-systemd-notify-fix.patch - qemu: fix qemu.conf security_driver regression in 2.1.0 release 856965b3-qemu-secdriver.patch - cpu_x86: fix libvirtd segfault when host cpu is 'qemu64' cpumodel-vendor-crash-fix.patch bsc#992425 - bsc#988279. Move the qemu-bridge-helper apparmor profile from the qemu abstraction to the usr.sbin.libvirtd profile. apparmor-qemu-bridge-helper.patch - spec: minor improvements to logic enabling numactl and numad support and fix nested if indentation FATE#319979 - Update patches providing support for driver_override sysfs interface with latest upstream variant. Dropped pci-simplify-stub.patch and updated pci-use-driver-override-sysfs.patch bsc#986718 - spec: enable numactl and numad support for aarch64 FATE#319979, bsc#991377 - BuildRequires: use librbd-devel instead of ceph-devel - Enable rbd support for aarch64 bsc#979473 - Use driver_override sysfs interface for binding/unbinding PCI stub drivers pci-simplify-stub.patch, pci-use-driver-override-sysfs.patch bsc#986718 - systemd: fix ready notification on abstract socket c8f08e48-systemd-notify-fix.patch boo#987668 - Update to libvirt 2.0.0 - Change version scheme to match libvirt's time-driven release schedule. will be incremented on first release of new calendar year, on each monthly release, and on stable branch maintenance release - Include libvirt-admin utility and API - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Dropped patches: apparmor-dont-scrub-environment-of-virtlogd-process.patch, e33cd67a-xenconfig-backendtype-fix.patch - spec: Recent simplification allows using a common spec file for SLE and openSUSE - Add SLE patches missing in openSUSE libxl-dom-reset.patch, libxl-set-migration-constraints.patch, libxl-set-cach-mode.patch - xenconfig: fix conversion of to backendtype e33cd67a-xenconfig-backendtype-fix.patch bsc#984798 - Advertise aarch64 UEFI firmware paths - adjust spec file to include aarch64 paths in '--with-loader-nvram=' configure option - adjust qemu.conf 'nvram' option to include the SUSE paths bsc#981836, bsc#983747 - apparmor: Don't scrub environment of virtlogd process apparmor-dont-scrub-environment-of-virtlogd-process.patch boo#980441 - Update to libvirt 1.3.5 - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Dropped patches: e4d131b8-mv-virDomainDefPostParseInternal.patch, 3e428670-post-parse-implicit-video.patch, 538012c8-default-vram.patch, 96b21fb0-vram-tests.patch, 400e716d-libxl-noprope-emulator.patch, b90c4b5f-tests-use-qemu-xen.patch, fccf2725-libxl-API-4.4.patch, 5325123d-libxl-migv2-save-restore.patch, f9edcfa4-libxl-migv2-migration.patch, a1c9a81a-libxl-rbd-fix.patch, ba566428-libxl-dom-iface-addrs.patch - spec: simplify and cleanup by removing many conditionals that are never toogled. Also drop conditionals for suse_version < 1310 - Avoid suppressing errors during useradd/groupadd - libxl: add domainInterfaceAddresses API ba566428-libxl-dom-iface-addrs.patch bsc#979425 - libxl: default to qemu driver for network disks a1c9a81a-libxl-rbd-fix.patch boo#981094 - spec: Remove %defattr usage Inspired by upstream commit 90f9193c - libxl: support Xen migration stream V2 fccf2725-libxl-API-4.4.patch, 5325123d-libxl-migv2-save-restore.patch, f9edcfa4-libxl-migv2-migration.patch bsc#978361 - Fix default video RAM setting e4d131b8-mv-virDomainDefPostParseInternal.patch, 3e428670-post-parse-implicit-video.patch, 538012c8-default-vram.patch, 96b21fb0-vram-tests.patch, 400e716d-libxl-noprope-emulator.patch, b90c4b5f-tests-use-qemu-xen.patch bsc#979397 - Remove unknown locales to fix build in old dists - Update to libvirt 1.3.4 - Add support for migration data compression in QEMU driver - Drop libvirtd.socket - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Dropped patches: 216650f1-libxl-build-fix.patch, 6d8b6d28-mark-implicit-video-primary.patch, 03e8d5fb-qemu-perf-memory-corruption.patch, libvirtd-systemd-socket.patch - qemu: perf: Fix crash/memory corruption on failed VM start 03e8d5fb-qemu-perf-memory-corruption.patch bsc#977131 - Fix setting implicit video devices as primary 6d8b6d28-mark-implicit-video-primary.patch bsc#977150 - Update to libvirt 1.3.3 - perf events - post-copy migration support - NSS module - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Add rpmlintrc file to filter shlib-policy-name-error for new libnss_libvirt plugin - Fix build with Xen4.7 216650f1-libxl-build-fix.patch - spec: restart daemons in %posttrans after connection drivers have been processed bsc#854343, bsc#968483 - libxl: advertise system qemu instead of qemu-xen in caps libxl-qemu-emulator-caps.patch FATE#320638 - Update to libvirt 1.3.2 - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - libxl: Add support for block-{dmmd,drbd,npiv} scripts libxl-support-block-script.patch bsc#954872 - qemu: set /usr/share/qemu/ovmf-x86_64-ms-{code,vars}.bin as default UEFI firmwares for x86_64 bsc#961853 - Update to libvirt 1.3.1 - CVE-2015-5313 - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Dropped patches: 034e47c3-CVE-2015-5313.patch, ace1ee22-qemuxml2argv-test.patch, add-with-login-shell.patch, virt-aa-helper-rw-mounts.patch - spec: perform one-time enable and start of virtlogd.socket when upgrading from libvirt < 1.3.0. Inspired by upstream libvirt.git commit da054f35. - CVE-2015-5313: don't allow '/' in filesystem volume names 034e47c3-CVE-2015-5313.patch bsc#953110 - Fix failing qemuxml2argv test on 32-bit platforms ace1ee22-qemuxml2argv-test.patch - Update to libvirt 1.3.0 - New virtlogd log daemon - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Dropped patch: 703ec1b7-qemu-bridge-helper-fix.patch - Added patch: virtlogd-init-script.patch - Run udevadm settle after removing NICs in lxc driver. bsc#829033. lxc-wait-after-eth-del.patch - Don't add apparmor deny rw rule for 9P readonly mounts. bsc#952849. virt-aa-helper-rw-mounts.patch - Don't package virt-login-shell anymore as shipping it as non-setuid doesn't make sense. bsc#837609 add-with-login-shell.patch - Detect path of qemu-bridge-helper during %configure - add qemu-tools as BuildRequires for suse_version > 1130 - add upstream patch 703ec1b7-qemu-bridge-helper-fix.patch - Update to libvirt 1.2.21 - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Dropped patches: disable-virCgroupGetPercpuStats-test.patch - spec: some minor wireshark fixups. Essentially a backport of commit 7c8250d7. - spec: remove all dependencies on apparmor to keep it optional. bsc#949793 - xenconfig: set disk type to BLOCK when driver is not tap or file xen-sxpr-disk-type.patch bsc#938228 - spec: the libvirt apparmor profiles #include files from the apparmor-profiles package, thus should have a dependency on it bsc#949793 - Remove Wants=xencommons.service from libvirtd.service xencommons is already enabled by a global preset, and the absence of xen-tools.rpm causes a systemd warning - Update to libvirt 1.2.20 - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Dropped upstream patches: 3468542f-virFileUnlink.patch, 8b1d84e6-refreshVol-failure.patch, e0025d29-storage-mode-check.patch, ba25c214-libxl-log-level.patch, 56945e13-libxl-AttachDeviceConfig-hostdev.patch - bsc#945962: SLES12 SP1 Beta3 - Pass-through NIC device via virsh not available to VM. 56945e13-libxl-AttachDeviceConfig-hostdev.patch - libxl: set driver log level to the log_level specified in libvirtd.conf ba25c214-libxl-log-level.patch bsc#945796 - CVE-2015-5247 - denial of service through root-squash NFS storage bsc#945645 3468542f-virFileUnlink.patch 8b1d84e6-refreshVol-failure.patch e0025d29-storage-mode-check.patch - Update to libvirt 1.2.19 - Improved ppc64 support - New virDomainRename API - Support for PCI Express controllers in QEMU - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Dropped upstream patches: 269d39af-storage-allocation-fix.patch, 26c5fa3a-virt-aa-helper-missing-doc.patch, d25a5e08-virt-aa-helper-simplify-restriction-logic.patch, 2f01cfdf-virt-aa-helper-allow-ovmf.patch, 91fdcefa-virt-aa-helper-allow-nvram.patch, 52970dec-virt-aa-helper-improve-valid-path.patch, 44a54eb0-libxl-fix-refcnt-MigrationDstArgs.patch, 15120b8c-libxl-no-resume-on-suspend-fail.patch, e80b84a7-libxl-acquire-job-on-migrate.patch, 60acb38-revert-curmem-inactive-dom.patch - Replace local libxl patches with upstream variants Dropped: 0003-libxl-fix-ref-counting-of-libxlMigrationDstArgs.patch 0004-libxl-don-t-attempt-to-resume-domain-when-suspend-fa.patch 0005-libxl-acquire-a-job-when-receiving-a-migrating-domai.patch Added: 44a54eb0-libxl-fix-refcnt-MigrationDstArgs.patch 15120b8c-libxl-no-resume-on-suspend-fail.patch e80b84a7-libxl-acquire-job-on-migrate.patch bsc#936185 - Added another virt-aa-helper upstream patch 52970dec-virt-aa-helper-improve-valid-path.patch lp#1483071 - Added upstream patch to fix libvirt-tck memory balloon test failure on Xen 60acb38-revert-curmem-inactive-dom.patch - Fix generated apparmor profile to allow access to ovmf and nvram. 26c5fa3a-virt-aa-helper-missing-doc.patch 2f01cfdf-virt-aa-helper-allow-ovmf.patch 91fdcefa-virt-aa-helper-allow-nvram.patch d25a5e08-virt-aa-helper-simplify-restriction-logic.patch lp#1483071 - storage: only run safezero if allocation is > 0 269d39af-storage-allocation-fix.patch bsc#942085 - Update to libvirt 1.2.18 - libxl: support dom0 - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Dropped upstream patches: e44bcae-virt-aa-helper-trailing-slash.patch, a55a5e7-virt-aa-helper-log.patch, 61dab0f-virt-aa-helper-renaming.patch, 24f3c2f-virt-aa-helper-fix-caps.patch, 45697fe5-libxl-support-dom0.patch, e9c27344-libxl-fix-virDomainObj-state.patch, 4ffb21c8-libxl-dom0-state-fix.patch, qemu-nbd-cleanup-fix.patch - Fix crash in libxl driver on receiving side 0003-libxl-fix-ref-counting-of-libxlMigrationDstArgs.patch 0004-libxl-don-t-attempt-to-resume-domain-when-suspend-fa.patch 0005-libxl-acquire-a-job-when-receiving-a-migrating-domai.patch bsc#936185 - libxl: set dom0 state to running 4ffb21c8-libxl-dom0-state-fix.patch bsc#937316 - libxl: support management of dom0 45697fe5-libxl-support-dom0.patch bsc#937316 - libxl: libxl: fix setting state of virDomainObj e9c27344-libxl-fix-virDomainObj-state.patch bsc#934937 - Fixed virt-aa-helper bugs preventing virt-sandbox to work. 24f3c2f-virt-aa-helper-fix-caps.patch 61dab0f-virt-aa-helper-renaming.patch a55a5e7-virt-aa-helper-log.patch e44bcae-virt-aa-helper-trailing-slash.patch bsc#936841 - Fixed crasher due to uninitialized values qemu-nbd-cleanup-fix.patch bsc#936841 - Update to libvirt 1.2.17 - parallels driver renamed to vz (Virtuozzo) - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - spec: re-enable tests that have received upstream fixes and are now passing - Remove unsupported settings in libvirtd.socket unit file when systemd version < 214 libvirtd-systemd-socket.patch bsc#933043 - spec: always apply Apparmor and netcontrol patches - spec: Add libvirtd.socket unit file to service_add_pre and service_del_postun macros - Update to libvirt 1.2.16 - Introduce pci-serial - Introduce virDomainSetUserPassword API - Introduce protected key mgmt ops - Add domain vmport feature - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Drop upstream patches c0d3f608-libxl-soundhw.patch and 8910e063-arch-caps.patch - Drop polkit-10-virt.rules in favor of upstream 50-libvirt.rules - qemu: fix regression defaulting to host arch 8910e063-arch-caps.patch rhb#1219191 - spec: build libxl driver for aarch64 and remove useless 'suse_version <= 1220' conditional - libxl: support virtual sound devices in HVM domains c0d3f608-libxl-soundhw.patch bsc#875216 - Update to libvirt 1.2.15 - Implement virDomainAddIOThread and virDomainDelIOThread - libxl: Introduce configuration file for libxl driver - Add VIR_DOMAIN_EVENT_ID_DEVICE_ADDED event - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Drop upstream patches da33a1ac-lxc-init-statedir.patch and open-ns-files-readonly.patch - spec file fixups for building --without-driver-modules - boo#926765: add libvirt-daemon-driver-qemu dependency on libvirt-daemon-driver-storage. - boo#926153: make sure /var/run/libvirt/lxc folder exists when starting the driver. da33a1ac-lxc-init-statedir.patch - Fix lxc-enter-namespace for 3.19+ kernels. open-ns-files-readonly.patch - Disable building wireshark dissector. Commit 37397320 requires wireshark pkgconfig, which SUSE wireshark packages do not provide. - Disable building the legacy Xen driver since Xen no longer provides the xend toolstack. Remove xend-specific patches while at it: fix-pci-attach-xen-driver.patch, xen-name-for-devid.patch - Update to libvirt 1.2.14 - qemu: Implement memory device hotplug - Implement public API for virDomainPinIOThread - Implement public API for virDomainGetIOThreadsInfo - SRIOV NIC offload feature discovery - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Drop disable-hugepage-test.patch in favor of upstream fix - Fix build on older distros containing a polkit package that lacks support for /etc/polkit-1/rules.d drop directory - Disable interface driver if libnetcontrol cannot be initialized Modified libvirt-suse-netcontrol.patch boo#920551 - Fix crash in libnetcontrol-backed interface driver Modified libvirt-suse-netcontrol.patch boo#920551 - Instruct polkit to allow memebers of the 'libvirt' group to connect to libvirt without providing any password (bnc#920804) - Added polkit-10-virt.rules to fix bnc#920804 - Change default setting of security_default_confined in /etc/libvirt/qemu.conf instead of in code. Making the change in code changes the default behavior for all users, even those that have a custom security setup in their /etc/libvirt/qemu.conf. Modified suse-qemu-conf.patch bsc#921586 - Fixed a number of QEMU apparmor abstraction problems. bsc#921355 apparmor-fixes.patch - Update to libvirt 1.2.13 - qemu: improved support for host and guest NUMA - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Update to libvirt 1.2.12 - CVE-2015-0236: qemu: Check ACLs when dumping security info from snapshots - CVE-2015-0236: qemu: Check ACLs when dumping security info from save image - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Drop upstream patches: 30c6aecc-apparmor-lib64.patch, apparmor-xen-fixup.patch, apparmor-allow-helpers.patch, apparmor-tck-raw-packets.patch - Disable a hugepage test that is failing on ppc, ppc64, and ppc64le architectures - disable-hugepage-test.patch - Fixed patches to pass make syntax-check - Apparmor profile regression breaks Xen domains. bsc#913799 apparmor-xen-fixup.patch apparmor-allow-helpers.patch apparmor-tck-raw-packets.patch - Replaced hard to maintain install-apparmor-profiles.patch by upstreamed 30c6aecc-apparmor-lib64.patch. - Reformatted libvirt.spec and libvirtd.init to pass upstream make syntax-check - fix bashisms in libvirt-guests.sh script - update patches: + libvirt-guests-init-script.patch - Update to libvirt 1.2.11 - Implement public API for virDomainGetFSInfo - qemu: Add define for the new throttle options - CVE-2014-8131: Fix possible deadlock and segfault in qemuConnectGetAllDomainStats() - CVE-2014-7823: dumpxml: security hole with migratable flag - Drop upstream patches: 2222123-virt-aa-helper-crash.patch, 433b427-iplink-name.patch, 52691f99-qemu-mig-crash.patch, 72fecf1-lxc-resolve-symlinks.patch, b1674ad5-CVE-2014-7823.patch, ba9b7252-sys-net-rw.patch, c264eea-virt-aa-helper-sandbox.patch, e50457d-lxc-unmount-check.patch, cgroup-all-devices.patch, libvirt-ppc64le-support.patch - Get /proc/sys/net/ipv[46] read-write for wicked to work in containers. bsc#904432. ba9b7252-sys-net-rw.patch - Fixed allowing devices for containers. cgroup-all-devices.patch - qemu: Fix crash in tunnelled migration 52691f99-qemu-mig-crash.patch boo#908008 - Fix potential crasher in virt-aa-helper 2222123-virt-aa-helper-crash.patch - ip link add now needs the 'name' parameter. 433b427-iplink-name.patch - Fixes for virt-sandbox-service to work: - Allow adding virt-sandbox service config to apparmor rules. c264eea-virt-aa-helper-sandbox.patch - fix symlink resolving for containers to start. 72fecf1-lxc-resolve-symlinks.patch - fix unmounting file system if it contains the source to mount. e50457d-lxc-unmount-check.patch - Remove security_driver = "none" in qemu config. This completely disabled all security drivers instead of probing them. - Changed default value of QEMU's security_default_confined to 0 to keep QEMU domains unconfined by default. - CVE-2014-7823: dumpxml: security hole with migratable flag b1674ad5-CVE-2014-7823.patch bsc#904176 - Fix Qemu AppArmor abstraction. - qemu-block.so was denied on x86_64. install-apparmor-profiles.patch - Temporary fix access to screenshot temporary file. bsc#904426. qemu-apparmor-screenshot.patch - Update to libvirt 1.2.10 - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Added package wireshark-plugin-libvirt to provide the wireshark dissector for the libvirt RPC protocol - spec: Remove gpg-offline build dependency and use of gpg_verify to verify tarball since this task can be performed by source services - Update to libvirt 1.2.9 - Introduce virNodeAllocPages - event: introduce new event for tunable values - Add support for fetching statistics of completed jobs - CVE-2014-3657: domain_conf: fix domain deadlock - CVE-2014-3633: qemu: blkiotune: Use correct definition when looking up disk - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Drop upstream patches: 3e745e8f-CVE-2014-3633.patch, libvirt-guests-wait-for-ntp.patch - Verify tarball with associated .asc file Add: libvirt.keyring, libvirt-1.2.9.tar.gz.asc Use upstream .gz tarball instead of locally generated .bz2 - CVE-2014-3633: Use correct definition when looking up disk in qemu blkiotune 3e745e8f-CVE-2014-3633.patch bnc#897783 - spec: do not require dmidecode on older code 11 - Wait for ntp service before running libvirt-guests libvirt-guests-wait-for-ntp.patch bnc#895194 - Canonicalize host arch name ppc64le to ppc64 ppc64le-canonical-name.patch bnc#894956 - Update to libvirt 1.2.8 - virDomainBlockCopy with XML destination, typed params - Introduce API for retrieving bulk domain stats - Introduce virDomainOpenGraphicsFD API - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - bnc#893999: remove mount rules from libvirt-lxc apparmor abstraction file as those aren't handled by our kernel. apparmor-no-mount.patch - bnc#894232 - Update apparmor profile to allow raw packets install-apparmor-profiles.patch - remove not necessary hunks from libvirt-ppc64le-support.patch - move new patches to section for to be upstreamed - add patch: libvirt-power8-models.patch add current power8 cpu models to map - add patch: libvirt-ppc64le-support.patch add preliminary ppc64le support to libvirt - bnc#820399 - virsh blockcopy should refuse identical device blockcopy-check-dst-identical-device.patch - Update to libvirt 1.2.7 - Introduce virConnectGetDomainCapabilities - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Drop upstream patches: dba3432b-virt-lxc-convert-fix.patch, 9b1e4cd5-skip-useless-apparmor-files.patch, 9265f8ab-apparmor-lxc-rework.patch, add-nocow-to-vol-xml.patch, lxc-keep-caps-feature.patch, lxc-keep-caps-feature-conversion.patch, lxc-keep-caps-feature-doc.patch, lxc-net-target-name.patch, lxc-net-target-name-conversion.patch, lxc-net-target-name-doc.patch - lxc AppArmor profile now only restricting potentially dangerous accesses. fdo#886460 - Add virt-lxc-convert to libvirt-daemon-driver-lxc package - added patches: * 9265f8ab-apparmor-lxc-rework.patch * 9b1e4cd5-skip-useless-apparmor-files.patch - virt-lxc-convert: force free to output values in bytes - added patches: * dba3432b-virt-lxc-convert-fix.patch - lxc: allow setting a custom name for container NICs as LXC is is able to do it. lxc-net-target-name.patch, lxc-net-target-name-conversion.patch, lxc-net-target-name-doc.patch - Move 'Requires' of qemu from libvirt-daemon-qemu subpackage to libvirt-daemon-driver-qemu bnc#885267 - Temporarily disable virt-aa-helper-test, which fails in Factory - Update to libvirt 1.2.6 - libxl: add migration support and fixes - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Drop upstream patch libxl-migration-support.patch - Drop ia64-clone.patch since libvirt is not built for IA64 - lxc-keep-caps-feature.patch: allow to keep/drop additional capabilities for LXC containers. bnc#881465 - lxc-keep-caps-feature-conversion.patch: convert lxc.cap.drop to the new domain configuration. - lxc-keep-caps-feature-doc.patch: documentation for the new feature. - Disable failing virportallocatortest on aarch64 - Update to libvirt 1.2.5 - Introduce virDomain{Get,Set}Time APIs - Introduce virDomainFSFreeze() and virDomainFSThaw() public API - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Drop upstream patches: b98bf811-add-paravirt-shutdown-flag.patch, c4fe29f8-use-shutdown-flag.patch, da744120-use-reboot-flag.patch, d6b27d3e-CVE-2014-0179.patch, fd43d1f8-libxl-iface-hostdev.patch, 99f50208-managed-hostdev-iface.patch, 292d3f2d-libselinux-build-fix1.patch, b109c097-libselinux-build-fix2.patch - Add upstream patches that fix build with libselinux 2.3 Added: 292d3f2d-libselinux-build-fix1.patch, b109c097-libselinux-build-fix2.patch Dropped: libselinux-build-fix.patch - Fix the build breakers brought by libselinux 2.3. libselinux-build-fix.patch - spec: libvirt-daemon package owns /etc/libvirt, not libvirt-client bnc#878056 - libxl: Fix syntax for SR-IOV devices fd43d1f8-libxl-iface-hostdev.patch, 99f50208-managed-hostdev-iface.patch - Update to libvirt 1.2.4 - Primarily a bug-fix release. See http://libvirt.org/news.html for a detailed list of bug fixes and improvements - Drop upstream patches: 0e0c1a74-domid-fix.patch, 7a1452f5-libxl-empty-cdrom.patch - libxl: Support ACPI shutdown event b98bf811-add-paravirt-shutdown-flag.patch, c4fe29f8-use-shutdown-flag.patch, da744120-use-reboot-flag.patch bnc#872777 - libx: Support migration libxl-migration-support.patch bnc#875193 - CVE-2014-0179: Don't expand entities when parsing XML d6b27d3e-CVE-2014-0179.patch bnc#873705 - blacklist one more unit test for qemu_linux_user builds - libxl: Set disk format for empty cdrom device 0e0c1a74-domid-fix.patch, 7a1452f5-libxl-empty-cdrom.patch bnc#872517 - Fate#315125: add NOCOW flag add-nocow-to-vol-xml.patch - Removed libxl-hvm-vnc.patch: went upstream in another form - Update to libvirt 1.2.3 - add new virDomainCoreDumpWithFormat API - conf: Introduce virDomainDeviceGetInfo API - more features and fixes on bhyve driver - lot of cleanups and improvement on the Xen driver - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Add /usr/sbin/rc{libvirtd,virtlockd,libvirt-guests} symlinks to preserve backwards compatibility bnc#868190 - Improve lock manager comments in qemu.conf Updated suse-qemu-conf.patch - Create /etc/libvirt/hooks to allow using hook scripts - Update to libvirt 1.2.2 - add LXC from native conversion tool - vbox: add support for v4.2.20+ and v4.3.4+ - CVE-2013-6456 (bnc#857490) - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Drop upstream patches: 37564b47-xend-parse-response.patch, 4f20084-fix-apparmor-install-patch.patch - Add local disable-virCgroupGetPercpuStats-test.patch to disable failing virCgroupGetPercpuStats test in 'make check' - daemon-qemu: Require qemu instead of kvm to align with recent changes to the qemu package structure - spec: fix dependencies of daemon-config-network and daemon-config-nwfilter subpackages. Influenced by upstream commits cf76c4b3 and dca5ce4c - Remove libvirtd, virtlockd, and libvirt-guests init scripts when using systemd bnc#863540 - Fix the path to libvirtd AppArmor template profile - Fix parsing xend http response 37564b47-xend-parse-response.patch rhb#1055165 - Add CAP_SYS_PACCT capability to libvirtd AppArmor profile Modified install-apparmor-profiles.patch bnc#817407 - Fix build on code 11 - Fix rpmlint warning - Following the upstream pattern, introduce the daemon-config-network subpackage to handle defining the default network bnc#859041 - Update to libvirt 1.2.1 - CVE-2014-0028, CVE-2014-1447, CVE-2013-6458, CVE-2013-6457, CVE-2013-6436 - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Dropped upstream patches: 5e397d9c-test-fix-dbus-crash.patch, 78af457e-fix-virnettlscontexttest.patch, 9faf3f29-LXC-memtune.patch, f8c1cb90-CVE-2013-6436.patch, libxl-hvm-nic.patch - Ignore 'make check' on older, code 11 base - Fixed and reenabled unit tests. bnc#854694 - Remove dependency on pm-utils from libvirt-client bnc#856381 - CVE-2013-6436: Fix crashes in lxc memtune code, one of which results in DoS f8c1cb90-CVE-2013-6436.patch, 9faf3f29-LXC-memtune.patch bnc#854486 - More adjustments to the spec file to fix package dependency issues bnc#848918 - Update to libvirt 1.2.0 - Add support for gluster pool - Separation of python binding - vbox: add support for 4.3 APIs - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Updated and renamed clone.patch to ia64-clone.patch - Enabled numad support for openSUSE >= 13.1 - Link with same versions of libnl used by netcontrol to prevent crashing libvirtd on start - Add '/etc/sasl2' to libvirt-client file list to fix Factory build - Fix starting of libvirtd when NetworkManager is enabled Modified libvirt-suse-netcontrol.patch - Allow execution of libvirt hook scripts in /etc/libvirt/hooks/ in libvirtd AppArmor profile - Update to libvirt 1.1.4 - Add support for AArch64 architecture - Various improvements on test code and test driver - Don't link virt-login-shell against libvirt.so - Close all non-stdio FDs in virt-login-shell - Only allow 'stderr' log output when running setuid - Fix perms for virConnectDomainXML{To,From}Native - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Drop upstream patches: e7f400a1-CVE-2013-4296.patch, 2dba0323-CVE-2013-4297.patch, db7a5688-CVE-2013-4311.patch, e65667c0-CVE-2013-4311.patch, 922b7fda-CVE-2013-4311.patch, e4697b92-CVE-2013-4311.patch, 8294aa0c-CVE-2013-4399.patch, 484cc321-fix-spice-migration.patch, 79552754-libvirtd-chardev-crash.patch, 57687fd6-CVE-2013-4401.patch, ae53e5d1-CVE-2013-4400.patch, 8c3586ea-CVE-2013-4400.patch, b7fcc799a-CVE-2013-4400.patch, 3e2f27e1-CVE-2013-4400.patch, 5a0ea4b7-CVE-2013-4400.patch, 843bdb2f-CVE-2013-4400.patch, bd773e74-lxc-terminate-machine.patch, e350826c-python-fix-fd-passing.patch - Allow execution of Xen binaries in /usr/lib{,64}/xen/bin in libvirtd AppArmor profile bnc#849524 - Require libvirt-daemon- in the main libvirt package for each supported hypervisor bnc#850882 - Fix initialization of libxl NIC devices libxl-hvm-nic.patch bnc#848918 - Fix typo in libvirtd apparmor profile which prevented the profile from loading bnc#848216 - libxl driver: fix initialization of VNC and SDL info for HVM domains libxl-hvm-vnc.patch bnc#847566 - Allow libvirtd apparmor profile to access /etc/xen/scripts/* - Fix file descriptor passing in python bindings e350826c-python-fix-fd-passing.patch rhb#1021434 - Have systemd terminate the machine as a workaround of fdo#68370 bd773e74-lxc-terminate-machine.patch bnc#842834 - Spec file fixes to only package libvirt-login-shell when building the LXC driver - CVE-2013-4400: Unsantized use of env variables allows privilege escalation via virt-login-shell ae53e5d1-CVE-2013-4400.patch, 8c3586ea-CVE-2013-4400.patch, b7fcc799a-CVE-2013-4400.patch, 3e2f27e1-CVE-2013-4400.patch, 5a0ea4b7-CVE-2013-4400.patch, 843bdb2f-CVE-2013-4400.patch bnc#837609 - CVE-2013-4401: Fix perms for virConnectDomainXML{To,From}Native 57687fd6-CVE-2013-4401.patch bnc#845704 - Move hypervisor-specific files out of libvirt-daemon package and into libvirt-daemon- subpackage bnc#845851 - conf: Don't crash on invalid chardev source definition 79552754-libvirtd-chardev-crash.patch bnc#845704, rhb#1012196 - Use newer libnl3 instead of libnl-1_1 bnc#845540 - Move virt-login-shell to new subpackage libvirt-login-shell, requiring users to opt-in for this setuid binary. Note: For now, virt-login-shell will not have setuid permissions, pending resolution of bnc#837609 - qemu: Fix seamless SPICE migration 484cc321-fix-spice-migration.patch bnc#842301 - CVE-2013-4399: Fix crash in libvirtd when events are registered and ACLs active 8294aa0c-CVE-2013-4399.patch bnc#844052, bnc#842300 - Update the stale gettext BuildRequires and Requires dependencies in the spec file bnc#841325 - virt-aa-helper apparmor profile was denying read access to /proc/$PID/*. Give read accesss to these files. Updated install-apparmor-profiles.patch bnc#841720 - libvirtd apparmor profile was denying access to /usr/lib/xen/bin/qemu-system-i386, which is now the default emulator used with Xen guests Updated install-apparmor-profiles.patch bnc#845648 - Fix condrestart|try-restart invocation of virtlockd init script Modifed virtlockd-init-script.patch - CVE-2013-4311: Add support for using 3-arg pkcheck syntax for process db7a5688-CVE-2013-4311.patch, e65667c0-CVE-2013-4311.patch, 922b7fda-CVE-2013-4311.patch, e4697b92-CVE-2013-4311.patch bnc#836931 - CVE-2013-4296: Fix crash in remoteDispatchDomainMemoryStats e7f400a1-CVE-2013-4296.patch bnc#838638 - CVE-2013-4297: Fix crash in virFileNBDDeviceAssociate 2dba0323-CVE-2013-4297.patch bnc#838642 - Update to libvirt 1.1.2 - various improvements to libxl driver - systemd integration improvements - Add flag to BaselineCPU API to return detailed CPU features - Introduce a virt-login-shell binary - conf: add startupPolicy attribute for harddisk - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Drop upstream patches: bcef0f01-libxl-console.patch, 9d0557b9-legacy-xen-double-free.patch, d7a45bf2-legacy-xen-dumpxml.patch, 0e671a16-CVE-2013-4239.patch - Includes fixes for bnc#837530, bnc#837531, bnc#837999 - Fix memory corruption in legacy Xen driver 0e671a16-CVE-2013-4239.patch bnc#834598 - Upstream patches to fix dumpxml in legacy Xen driver 9d0557b9-legacy-xen-double-free.patch, d7a45bf2-legacy-xen-dumpxml.patch - Backport upstream patch implementing domainOpenConsole in the libxl driver. Allows 'virsh console dom-name' to work with Xen libxl toolstack. bcef0f01-libxl-console.patch - Update to libvirt 1.1.1 - Adding device removal or deletion events - Introduce new domain create APIs to pass pre-opened FDs to LXC - Add interface versions for Xen 4.3 - Add new public API virDomainSetMemoryStatsPeriod - Various LXC improvements - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Drop upstream patches: f38c8185-CVE-2013-2230.patch, fd2e3c4c-xen-sysctl-domctl.patch, dfc69235-CVE-2013-4153.patch, 96518d43-CVE-2013-4154.patch, fe89fd3b-storage-pool-deadlock.patch - Drop relax-qemu-usergroup-check.patch - no longer needed after hypervisor-specific daemon package split - Unlock the storage volume object after looking it up fe89fd3b-storage-pool-deadlock.patch rhb#980676 - CVE-2013-4153: Fix double free of returned JSON array in qemuAgentGetVCPUs() dfc69235-CVE-2013-4153.patch - CVE-2013-4154: Prevent crash of libvirtd without guest agent configuration 96518d43-CVE-2013-4154.patch bnc#830498 - Fix legacy xen driver with Xen 4.3 fd2e3c4c-xen-sysctl-domctl.patch - CVE-2013-2230: Fix crash when multiple event callbacks were registered f38c8185-CVE-2013-2230.patch bnc#827801 - Update to libvirt 1.1.0 - Extensible migration APIs - Add a policy kit access control driver - various improvements in the Xen and libxl drivers - improve networking support on BSD - agent based vCPU hotplug support - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Drop upstream patches: 244e0b8c-CVE-2013-2218.patch - Only require lzop if suse_version > 1210 - Fix typo in spec file - Enable support for netcontrol by default - Only require libvirt-daemon-driver-interface when building the interface driver - CVE-2013-2218: Fix crash listing network interfaces with filters 244e0b8c-CVE-2013-2218.patch - Add xencommons as 'Wanted' in the systemd libvirtd service file systemd-service-xen.patch bnc#820888 - Fix build for SLE11 SP2 - Add a README to the empty packages. Provides some info about their purpose and satisfies suse-filelist-empty check. Drop rpmlintrc - Fix typo in spec file: devel package requires doc package, not docs - Add rpmlintrc to get around suse-filelist-empty error on older distros. - Refactor libvirt spec file to create subpackages for the various libvirtd components. This allows installing a libvirtd tailored for the underlying virtualizer. E.g. on a KVM/QEMU virtualizer only the libvirt-daemon-qemu package needs installed. Similarly, only libvirt-daemon-xen on a Xen virtualizer and libvirt-daemon-lxc on LXC. - Update to libvirt 1.0.6 - Move VirtualBox driver into libvirtd - Support for static routes on a virtual bridge - Various improvement for hostdev SCSI support - Switch to VIR_STRDUP and VIR_STRNDUP - Various cleanups and improvement in Xen and LXC drivers - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Drop upstream patches: f493d83f-cgroup-swap-control.patch, 486a86eb-cgroups-docs.patch, 0ced83dc-cgroup-escape-dot.patch, bbe97ae9-no-cgroups.patch, c2cf5f1c-no-cgroups-fix.patch, 95c6cc34-selinux.patch - Update to libvirt 1.0.5.1 stable release - qemu: Fix cgroup handling when setting VCPU BW - daemon: fix leak after listing all volumes - Fix iohelper usage with streams opened for read - util: fix virFileOpenAs return value and resulting error logs - iscsi: don't leak portal string when starting a pool - don't mention disk controllers in generic controller errors - conf: don't crash on a tpm device with no backends - qemu: allocate network connections sooner during domain startup - Make detect_scsi_host_caps a function on all architectures - Fix release of resources with lockd plugin - Fix potential use of undefined variable in remote dispatch code - Fix F_DUPFD_CLOEXEC operation args - qemu: fix stupid typos in VFIO cgroup setup/teardown - network: fix network driver startup for qemu:///session - Remove patches that are included in the 1.0.5.1 release 0471637d-cgroups-vcpu-bw.patch, a2214c52-iohelper.patch, ca697e90-CVE-2013-1962.patch - Don't mount selinux fs in LXC if selinux is disabled 95c6cc34-selinux.patch bnc#814680 - fix leak after listing all volumes - CVE-2013-1962 ca697e90-CVE-2013-1962.patch bnc#820397 - Fix iohelper usage with streams opened for read a2214c52-iohelper.patch - Cope with missing swap cgroup controls f493d83f-cgroup-swap-control.patch bnc#819976 - Fix cgroup handling when setting VCPU BW 0471637d-cgroups-vcpu-bw.patch rhb#963592 - Escape a leading '.' with '_' in the cgroup names 0ced83dc-cgroup-escape-dot.patch - Add missing documentation on new cgroup layout 486a86eb-cgroups-docs.patch - Another fix related to systems with no cgroups c2cf5f1c-no-cgroups-fix.patch bnc#819963 - Fix botched backport of commit bbe97ae9 - Fix starting domains when kernel has no cgroups support bbe97ae9-no-cgroups.patch - Update to libvirt 1.0.5 - PPC64: Add NVRAM device - Add XML config for resource partitions - Add support for TPM - NPIV storage migration support - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Update to libvirt 1.0.4 - qemu: support passthrough for iscsi disks - various S390 improvements - various LXC bugs fixes and improvements - add API for thread cancellation - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Drop upstream patches: ce4557c3-apparmor-tapfd-label.patch libvirt-iptables-1.4.18.diff - add libvirt-iptables-1.4.18.diff, fix masquerading with iptables v1.4.18 (--state match is deprectated, use conntrack instead) - Fix PCI device attach for xen HVM domains fix-pci-attach-xen-driver.patch FATE#313570 - Apparmor security driver: Ensure tapfd's are labled when generating the guest profile. Modified install-apparmor-profiles.patch, added upstream patch ce4557c3-apparmor-tapfd-label.patch bnc#807940 - Grant permission to use datagram packets in libvirtd apparmor profile. Remove AF_PACKET.patch, modify install-apparmor-profiles.patch bnc#801145 - Add 'managed' PCI passthrough support to legacy xen driver support-managed-pci-xen-driver.patch FATE#313570 - Update to libvirt 1.0.3 - Introduce virDomainMigrate*CompressionCache APIs - Introduce virDomainGetJobStats API - Add basic support for VDI images - Introduce API virNodeDeviceLookupSCSIHostByWWN - Various locking improvements - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Drop upstream patches: a6b8bae5-python-generator-fix1.patch, 25ea8e47-python-generator-fix2.patch, 567779e5-libxl-default-disk-backend.patch - Fix path to qemu-bridge-helper in libvirt-qemu apparmor profile Modified install-apparmor-profiles.patch - Fix detach of managed PCI devices from inactive domains. Detected while running test cases for FATE #313570. Modified xen-name-for-devid.patch - spec: Fix installation of default network - Fix default setting of backend field of libxl_device_disk 567779e5-libxl-default-disk-backend.patch rhb#912488 - Fix build on IA64 Modified clone.patch - Fix error handling in python bindings a6b8bae5-python-generator-fix1.patch 25ea8e47-python-generator-fix2.patch bnc#802619 - Require modutils instead of module-init-tools. - Update to libvirt 1.0.2 - LXC improvements - S390 architecture improvements - Power architecture improvements - large Coverity report cleanups and associated bug fixes - virTypedParams* APIs to help with those data structures - libxenlight driver improvements - Fixes CVE-2013-0170, bnc#800976 - Drop upstream patches: 68e7bc45-libxl-link-fix.patch, 462a6962-script-fixes1.patch, cb854b8f-script-fixes2.patch, 5ec4b22b-script-fixes3.patch, a1fd56cb-script-fixes4.patch, 66ff2ddc-virtlockd-systemd-file-perms.patch - Unconditionally build sanlock support bnc#799262 - Fix interface management functions that were broken when rebasing libvirt-suse-netcontrol.patch bnc#799444 (SLES bug that affect Factory too) - Update to libvirt 1.0.1 - Introduce virtlockd daemon - parallels: add disk and network device support - Add virDomainSendProcessSignal API - Introduce virDomainFSTrim() public API - add fuse support for libvirt lxc - Add Gluster protocol as supported network disk backend - various snapshot improvements - Add upstream patches to fix bugs in 1.0.1 66ff2ddc-virtlockd-systemd-file-perms.patch, 462a6962-script-fixes1.patch, cb854b8f-script-fixes2.patch, 5ec4b22b-script-fixes3.patch, a1fd56cb-script-fixes4.patch, 68e7bc45-libxl-link-fix.patch - Rework SUSE patches for the various init scripts Dropped use-init-script-redhat.patch and added libvirtd-init-script.patch, libvirt-guests-init-script.patch, and virtlockd-init-script.patch - Update to libvirt 1.0.0 - virNodeGetCPUMap: Define public API - Add systemd journal support - Add a qemu capabilities cache manager - USB migration support - various improvement and fixes when using QMP QEmu interface - Support for Xen 4.2 in legacy xen driver - Lot of localization enhancements - Drop upstream patches: 371ddc98-xen-sysctl-9.patch, 416eca18-xenstore-header-fix.patch, f644361b-virCommand-env.patch, 2b32735a-virCommand-env.patch, 9785f2b6-fix-xen-sysctl9.patch - Fix Xen sysctl version 9 support 9785f2b6-fix-xen-sysctl9.patch - Add upstream patches to support latest libguestfs f644361b-virCommand-env.patch 2b32735a-virCommand-env.patch - Fix build when using -werror 416eca18-xenstore-header-fix.patch - Support Xen sysctl version 9 371ddc98-xen-sysctl-9.patch bnc#781425 - Temporarily disable building libxl driver. The current implementation does not support libxl in Xen 4.2. - Update to libvirt 0.10.2 - network: define new API virNetworkUpdate - add support for QEmu sandbox support - blockjob: add virDomainBlockCommit - node_memory: Define the APIs to get/set memory parameters - list: Define new API virConnectListAllSecrets - list: Define new API virConnectListAllNWFilter - list: Define new API virConnectListAllNodeDevices - list: Define new API virConnectListAllInterfaces - list: Define new API virConnectListAllNetworks - list: Define new API virStoragePoolListAllVolumes - list: Define new API virStorageListAllStoragePools - parallels: add support of containers to the driver - Add PMSUSPENDED life cycle event - Add per-guest S3/S4 state configuration - qemu: Support for Block Device IO Limits - Update to libvirt 0.10.1 - Bug fix release for critical bugs in 0.10.0 - Drop upstream patch f781e276-xen-driver-fix.patch - Update to libvirt 0.10.0 - agent: add qemuAgentArbitraryCommand() - Introduce virDomainPinEmulator and virDomainGetEmulatorPinInfo - network: use firewalld instead of iptables, when available - network: make network driver vlan-aware - esx: Implement network driver - driver for parallels hypervisor - Various LXC improvements - Add virDomainGetHostname - Drop upstream patches 4036aa91-systemd.patch 6039a2cb-CVE-2012-3445.patch - Fix xen driver following changes to make it stateful f781e276-xen-driver-fix.patch bnc#778006 - Update to libvirt 0.9.13 - S390: support for s390(x) - snapshot: implement new APIs for esx and vbox - snapshot: new query APIs and many improvements - virsh: Allow users to reedit rejected XML - nwfilter: add DHCP snooping - storage backend: Add RBD (RADOS Block Device) support - sVirt support for LXC domains inprovement - Drop upstream patches 0dda594d-libvirtd-shutdown-deadlock.patch 9c77bf04-fix-virnetserver-refcnt.patch 57349ffc-lxc-ctrl.patch revert-d8978c90.patch _ Update to libvirt 0.9.12 - qemu: allow snapshotting of sheepdog and rbd disks - blockjob: add new AP - many bug fixes and improvements - daemon: Fix crash in virTypedParameterArrayClear CVE-2012-3445 6039a2cb-CVE-2012-3445.patch bnc#773955 - libvirtd.service: ensure libvirtd starts after network 4036aa91-systemd.patch bnc#767932 - Add upstream patch to fix ref count of virNetServer object 9c77bf04-fix-virnetserver-refcnt.patch - Fix libvirtd deadlock on shutdown 0dda594d-libvirtd-shutdown-deadlock.patch bnc#767797 - Fix segfault in libvirt_lxc 57349ffc-lxc-ctrl.patch bnc#767448 - Fix build on i586 revert-d8978c90.patch - Update to libvirt 0.9.11.4 stable release - VUL-1: Fix hotplug support for usb devices with same vendorID, productID 9914477e-usb-search-funcs.patch 05abd150-usb-improve-hotplug.patch bnc#766559 - Add capability 'audit_write' to libvirtd apparmor profile update install-apparmor-profiles.patch bnc#764388 - Update to libvirt 0.9.11.3 stable release - Copy user in virURIParse 4eb1c256-viruri-user.patch bnc#757766 - yajl is availabile in all supported SUSE products, so always use it when building libvirtd - Update to libvirt 0.9.11 - Add support for the suspend event - Add support for event tray moved of removable disks - qemu: Support numad - cpustats: API, improvements and qemu support - qemu: support type='hostdev' network devices at domain start - Introduce virDomainPMWakeup API - network: support Open vSwitch - snapshot improvements - Remove unconditional define of 'with_netcontrol' - Add a note in /etc/libvirt/qemu.conf describing administrator vigilance required when enabling a lock manager such as sanlock - Recommend dmidecode if suse_version > 1110. dmidecode is used by virConnectGetSysinfo. - Add upstream patches to fix issues with older PolicyKit c05ec920-polkit0-build.patch fcdfa31f-polkit0-auth.patch - Update to libvirt 0.9.10 - Add support for sVirt in the LXC driver - Add new API virDomainBlockRebase - Add api to set and get domain metadata - virDomainGetDiskErrors public API - Add rawio attribute to disk element of domain XML - Introduce virDomainPMSuspendForDuration API - Add virStorageVolResize() API - Add a virt-host-validate command to sanity check HV config - Add new virDomainShutdownFlags API - QEMU guest agent support - Fix libvirtd apparmor profile to work with libxenlight toolstack Updated install-apparmor-profiles.patch bnc#745890 - Fix init script packaging after enabling systemd support - Fix %files after enabling sanlock support - Enable libvirt integration with sanlock - During configure, libvirt checks for availability of iptables binary and doesn't actually use anything from iptables-devel package, hence only need 'BuildRequires: iptables'. - Update to libvirt 0.9.9 - Add new API virDomain{S,G}etInterfaceParameters - Add new API virDomain{G,S}etNumaParameters - Add support for ppc64 qemu - Support Xen domctl v8 - Fixup systemd support as per openSUSE systemd packaging guidelines. - Use %fdupes for duplicate file checking instead of hand-rolled function - CVE-2011-4600: unintended firewall port exposure after restarting libvirtd when defining a bridged forward-mode network ae1232b2-CVE-2011-4600.patch bnc#736082 - Post-0.9.8 upstream systemd patches 10404671-systemd-build-fix.patch 478a4d07-systemd-build-fix.patch - Update to libvirt 0.9.8 - Add support for QEMU 1.0 - Add first parts of PPC cpu driver - Add new API virDomain{Set, Get}BlockIoTune - block_resize: Define the new API - Add a public API to invoke suspend/resume on the host - Various improvements for LXC containers - Define keepalive protocol and add virConnectIsAlive API - Add support for STP and VLANfiltering - Numerous bug fixes and improvements - Add support for QEMU 1.0 dd8e8956-qemu-1.0.patch bnc#736569 - Allow qemu driver (and hence libvirtd) to load when qemu user:group does not exist. The kvm or qemu package, which may not exist on a xen host, creates qemu user:group. relax-qemu-usergroup-check.patch - Handle empty strings in s-expression returned by xend a495365d-sexpr-empty-str.patch bnc#731344 - Allow libvirtd to access libvirt_{io,part}helper when confined by apparmor Update install-apparmor-profiles.patch bnc#730435 - Accommodate Xen domctl version 8 xen-domctl-ver8.patch - add libtool as buildrequire to avoid implicit dependency - Fix build when using older PolicyKit d47ab3fe-polkit0.patch - Update to libvirt 0.9.7 - esx: support vSphere 5.x - vbox: support for VirtualBox 4.1 - Introduce the virDomainOpenGraphics API - Add AHCI support to qemu driver - snapshot: many improvements and 2 new APIs - api: Add public api for 'reset' - Add AHCI controller support to qemu driver c1bc3d89-qemu-add-ahci.patch - Set security driver to 'none' in /etc/libvirt/qemu.conf. Users must opt-in for Apparmor confinement of qemu instances. suse-qemu-conf.patch - Revert upstream commit f84aedad, which is not needed since affected SUSE kvm packages have the necessary qemu fix f84aedad-revert.patch - Update to libvirt 0.9.6 - Fix shutdown regression with buggy qemu - Fixed typos in libvirt.spec - Update to libvirt 0.9.5 - many snapshot improvements - latency: Define new public API and structure - USB2 and various USB improvements - storage: Add fs pool formatting - Add public API for getting migration speed - Add basic driver for Microsoft Hyper-V - Many bug fixes and improvements - Enable building with libnetcontrol - Select libnl-1_1-devel - Set qemu migration speed unlimited when migrating to file 7e5f6a51-rpc-generator.patch b12354be-mig-speed-1.patch 1282bd80-mig-speed-2.patch 6f84e110-mig-speed-3.patch 829bce17-mig-speed-4.patch 8fc40c51-mig-speed-5.patch ef1065cf-mig-speed-6.patch 0257ba8f-mig-speed-7.patch bnc#706436 - Increase max size of buffer used to receive xend response 57c95175-xend-buff-size.patch - Don't overwrite useful error messages in legacy xen driver 32620dab-fix-xen-err-msg.patch bnc#711096 - Add upstream patches to stop excessive logging 7f2498ef-no-log-invalid.patch 6ff9fc26-quiet-libxl-logging.patch - Add 'Conflicts: kvm < 0.14.1' to ensure libvirt is using a kvm package that creates qemu user:group. Remove user:group creation from libvirt bnc#694883 - Add libvirt group at package installation bnc#694885 - Explicitly add 'BuildRequires: libgcrypt-devel' since it is no longer required by libgnutls-devel - netcf is buggy and not well maintained in SUSE. Disable it in libvirt - polkit support was mistakenly disabled, re-enable - Add cgconfig to Should-{Start,Stop} in libvirtd init script bnc#712245 - Fix apparmor profile location and content update install-apparmor-profiles.patch bnc#705668 - Fix libvirtd SIGHUP handler 9e093f0b-libvirtd-sighup.patch - add baselibs.conf to sources - Enable apparmor security dirver, SLES bnc#705668 install-apparmor-profiles.patch - Update to libvirt 0.9.4 - bandwidth QoS control - Add new API virDomainBlockPull* - save: new API to manipulate save file images - CPU bandwidth limits support - allow to send NMI and key event to guests - new API virDomainUndefineFlags - Implement code to attach to external QEMU instances - various missing python binding - bios: Add support for SGA - Numerous improvements and documentation / bug fixes - Add some upstream patches to fix memory leaks and some bugs in new rpc code c2ddd536-cert-key-order.patch 3e5d48ef-rpc-1.patch 927dfcf6-rpc-2.patch 2c85644b-rpc-3.patch afe8839f-rpc-4.patch 3cfdc57b-rpc-5.patch 7518ad75-remote-mem-leak.patch a34e193f-statstest.patch 41828514-skip-xen-tests.patch eb314315-pv-kernel-cmdline.patch 00d3c5a6-remove-dead-code.patch b8adfcc6-fix-polkit0-build.patch b2534529-unused-param.patch - Update to libvirt 0.9.3 - vcpupin: introduce the new libvirt API (virDomainGetVcpupinInfo) - Add TXT record support for virtual DNS service - Support reboots with the QEMU driver - Introduce virDomainGetControlInfo API - virNodeGetMemoryStats: Expose new API - virNodeGetCPUTime: Implement public API - send-key: Defining the public API - vcpupin: introduce a new libvirt API (virDomainPinVcpuFlags) - support multifunction PCI device - lxc: various improvements - Create qemu user:group if necessary at package installation. More fallout from bnc#694883 - VUL-0: libvirt: integer overflow in VirDomainGetVcpus 774b21c1-CVE-2011-2511.patch bnc#703084 - Enable building libvirt with audit support bnc#694891 - fate#311371 Enhance yast to configure live migration for Xen and KVM add firewall service file for libvirt - Invoke qemu instances as user:group qemu:qemu by default bnc#694883 - Update to libvirt 0.9.2 - Framework for lock manager plugins - API for network config change transactions (netcf required) - flags for setting memory parameters - virDomainGetState public API - qemu: allow blkstat/blkinfo calls during migration - Introduce migration v3 API - Defining the Screenshot public API - public API for NMI injection - spec file: Adjust some directory attributes to support running non-privileged qemu instances - Remove vi_VN locale if suse_version < 11.3 - Enable cap_ng when building lxc support. - Update to libvirt 0.9.1 - support various persistent domain updates - improvements on memory APIs - Add virDomainEventRebootNew - various improvements to libxl drive - Spice: support audio, images and stream compression - Move libvirt-iohelper from client to base package - fix baselibs.conf not to requires source 32bit - Install log dir for libxl f7e9b448-libxl-build.patch - Update to libvirt 0.9.0 final - Support cpu usage tuning - Add public APIs for storage volume upload/download - Add public API for setting migration speed on the fly - Add libxenlight driver - qemu: support migration to fd - add virDomain{Get,Set}BlkioParameters - introduce a new libvirt API (virDomainSetMemoryFlags) - Expose event loop implementation as a public API - Dump the debug buffer to libvirtd.log on fatal signal - Audit support - Numerous enhancements and bug fixes - Update to libvirt 0.9.0 RC3 - use %first_lang before changing symlinks, find_lang removes unsupported languages - VUL-0: libvirt: several API calls do not honour read-only connection 71753cb7-CVE-2011-1146.patch bnc#678406 - Add baselibs.conf file to build xxbit packages for multilib support bnc#676921 - Minor fixes for libvirt-guests bnc#653398 - Do not add drive 'boot=on' param when a kernel is specified efc2594b-boot-param.patch - Update to libvirt 0.8.8 final - sysinfo: expose new API - cgroup blkio weight support - smartcard device support - qemu: Support per-device boot ordering - Update to libvirt 0.8.8 RC3 - Update to libvirt 0.8.8 RC1 - Remove explicit dependency on libyajl libvirt.spec bnc#668225 - Retry JSON monitor 'cont' cmd on MigrationExpected error 4301b95a-json-cont-cmd.patch - Add support for specifying Hardware Assisted Paging (HAP) in libvirt domain XML. 48a5dccd-hap1.patch 04197350-hap2.patch af521a01-hap3.patch 79f56c66-hap4.patch 094c6f4a-hap-fix.patch bnc#659665 - Enabled yajl for suse_version >= 1140 - Fix generation of dnsmasq's --dhcp-hostsfile option a43c7338-dnsmasq-hostfile-fix.patch - Disable yajl support as the library does not yet exist in SuSE distros. - Support libvirt-guests on SuSE distros use-libvirt-guests-on-suse.patch bnc#653398 - Update to libvirt 0.8.7 - Preliminary support for VirtualBox 4.0 - IPv6 support - Add VMware Workstation and Player driver - Add network disk support - Fix VNC port reservation race in qemu driver c58b1056-init-bitmap-size.patch bnc#659431 - Do not limit insserv_cleanup to SLES - disable building openvz driver - Update to libvirt 0.8.6 - new API virDomainIsUpdated - Add support for iSCSI target auto-discovery - QED: Basic support for QED images - Introduce a virDomainOpenConsole API - Support for SPICE graphics - Add a sysinfo and SMBIOS support - Implement virsh qemu-monitor-command - Enabled yajl, macvtap, and virtualport for suse_version >= 1140 - Fix build when using "policy kit 0" polkit0.patch - Update to libvirt 0.8.5 - Enable JSON and netdev features in QEMU > 0.13 - framework for auditing integration - framework for DTrace/SystemTap integration - Setting the number of vcpu at boot - Enable support for nested SVM - Virtio plan9fs filesystem QEMU - Memory parameter controls - portability to OS-X - lot of bug fixes and other improvements - cannot restart dead libvirtd without manually removing pidfile modified libvirtd.init bnc#645755 - Fix package dependencies so can be installed without pulling excess of optional components - Support dropping capabilities with cap-ng library in openSUSE >= 11.3 - Fix build when virtualport support is available but macvtap is disabled. vport-configure.patch - Fix CDROM media change for Xen PV domains modified xen-pv-cdrom.patch bnc#636231 - Update to libvirt 0.8.4 - various improvements to UML driver - documentation improvements - lot of bug fixes and other improvements - enable ESX driver for openSUSE - Update to libvirt 0.8.3 - Support vSphere 4.1 - Qemu arbitrary monitor commands - Qemu Monitor API entry point - lots of improvements and bug fixes - VUL-0: multiple issues in libvirt CVE-2010-223x-000[1-0].patch, CVE-2010-223x-0010.patch, CVE-2010-2242-nat.patch bnc#618155 - Use netcat-openbsd, which contains a proper 'nc' program supporting the '-U' option. Drop socat.patch. bnc#611023 - Re-enable numa support now that bnc#598488 is resolved. - Allocate buffer to hold xend content bnc#609738 xend-buff-size.patch - Add upstream fixes to bitmap code that was introduced to fix bnc#594024 bitmap-alloc.patch bitmap-fixes.patch - Fix race in VNC port reservation with qemu/KVM domains bnc#594024 vnc-race-{1,2,3}.patch - Don't package directories/files under /var/run - Add upstream commit 34a7f3f6 to fix unintentional breakage of RPC protocol. - Disable numa support in openSUSE11.3/Factory pending resolution of bnc#598488 - Update to libvirt 0.8.1 - Add virDomainGetBlockInfo API to query disk sizing - Start dnsmasq from libvirtd with --dhcp-hostsfile option - lots of improvements and bug fixes - Update to libvirt 0.8.0 - Snapshot API framework - Add managed save API entry points - Timer subselection for domain clock - Add hook utilities - Network filtering API - Introduce a new virDomainUpdateDeviceFlags public API - Introduce a new public API for domain events - Public virDomainMigrateSetMaxDowntime API - Add public API for volume wiping - xenapi: Initial commit of the new driver - lots of improvements and bug fixes - Fix 'virsh dominfo' crash when no security driver is configured fix-no-secdriver.patch - Updated to version 0.7.7 - Introduce public API for domain async job handling - macvtap support - Add QEMU support for virtio channel - Add persistence of PCI addresses to QEMU - Functions for computing baseline CPU from a set of host CPUs - Public API for virDomain{Attach,Detach}DeviceFlags - lots of improvements and bug fixes - Ensure yast-created bridges are not manipulated by libvirt bnc#584757 Modified suse-network.patch - Fix ordering of xen disks to preserve 'bootable' flag bnc#474738 xend-disk-order.patch - Add support for blktap2 disks xen-tap2-support.patch - Fix listing of yast-created bridges bnc#583754 Modified suse-network.patch - Add support for new XEN_DOMCTL_INTERFACE_VERSION version 7. xen-domctl-ver7.patch - Unconditionally add /var/log/libvirt/{qemu,lxc,uml} directories. bnc#579522 - Updated to version 0.7.6 - Implement support for multi IQN - Implement CPU topology support for QEMU driver - Use QEmu new device adressing when possible - Implement SCSI controller hotplug/unplug for QEMU - lots of improvements and bug fixes - Support new XEN_SYSCTL_INTERFACE_VERSION 7 in libvirt bnc#574124 xen-sysctl-v7.patch - Add upstream patches as prelude to fixing various device attach/detach issues devflag-0[1-9].patch - Fix attaching/detaching disk device from inactive Xen guest bnc#500586 and bnc#573748 - Fix migration with Xen4.0 bnc#569598 Add xen-migration-params.patch Remove migrate-params.patch - Fix freeing of uninitialized pointer when using HAL in node device driver node-dev-free.patch - Require virt-utils package for common tools such as qemu-img - Updated to version 0.7.5 - Add new API virDomainMemoryStats to header and drivers - Public API and domain extension for CPU flags - expose SR IOV physical/virtual function relationships - Support for JSON mode monitor [deactivated] - Support for interface model='netfront' - vbox: Add support for version 3.1 - Support QEMU's virtual FAT block device driver - lots of improvements and bug fixes - Fix libvirt xen hypervisor driver to work with domctl interface version 6 xen-shr-pages.patch - Plumb domain description in xend backend xend-description-tag.patch - Fix listing of defined but inactive Xen domains xen-list-defined.patch - Updated to version 0.7.4 - Implement a node device backend using libudev - New APIs for checking some object properties - Fully asynchronous monitor I/O processing - add MAC address based port filtering to qemu - support for IPv6 / multiple addresses per interfaces - lots of improvements and bug fixes - Fix compilation against xen-unstable xen-max-vcpus.patch - Modify detach-disk.patch as per upstream suggestions - spec file: Fix polkit vs PolicyKit Requires - Fix compilation when selinux is enabled selinux-ldflags.patch - Fix compilation warnings updated snapshots.patch virsh-warning.patch - Updated to version 0.7.2 - sVirt AppArmor security driver - Add public API definition for data stream handling - ESX add esxDomainDefineXML() - LXC: suspend/resume support - Big code tree cleanup - Lots of bug fixes and improvements - Add ocfs2 to list of supported fs pool types fate#307387 - Build phyp driver ifarch ppc64 fate#307096 - Fix memory leaks in libvirtd's message processing msg-proc-memleak.patch - Fix connection ref counting in xen drivers xen-refcnt.patch - Fix abort in virsh when specifying a connection URI vshdeinit-recurse.patch - Workaround for missing pkgconfig file in device-mapper-devel devmap-no-pkgconfig.patch bnc#540942 - Updated to version 0.7.1 - Add support for encrypted (qcow) volume creation - Secret manipulation public API - Multipath storage support module - VBox add Storage Volume support - Support configuration of huge pages in guests - Support new PolicyKit 1.0 API - Compressed save image format for Qemu - Qemu add host PCI device hotplug support - Updated to version 0.7.0 - Interface implementation based on netcf (disabled on SuSE) - Add new net filesystem glusterfs - Initial VMWare ESX driver - Add support for VBox 3 and event callbacks on vbox - First version of the Power Hypervisor driver - Run QEMU guests as an unprivileged user (still root on SuSE) - Support cgroups in QEMU driver - QEmu hotplug NIC support - Storage cloning for LVM and Disk backends - Updated to version 0.6.5 - create storage volumes on disk backend - drop of capabilities based on libcap-ng when possible - forbid autostart on transcient networks - re-detection of transient VMs after libvirtd restart - create and destroy NPIV support - other bug fixes and cleanups - Removed unnecessary call to fillup_and_insserv macro in %post scriptlet - Updated to version 0.6.2 - support SASL auth for VNC server - memory ballooning in QEMU - SCSI HBA storage pool support - PCI passthrough in Xen driver - new APIs for Node device detach reattach and reset - sVirt mandatory access control support - thread safety of the API and event handling - allow QEmu domains to survive daemon restart - extended logging capabilities - support copy-on-write storage volumes - support of storage cache control options for QEMU/KVM - Improvements from lnussel@suse.de - add %jobs macro again - package default qemu network and augeas config files again - don't start libvirtd by default (bnc#496838) - use --disable-static instead of just removing static libraries ==== libzip ==== Version update (1.1.3 -> 1.2.0) - Update to version 1.2.0: * Support for AES encryption (Winzip version), both encryption and decryption. * Support legacy zip files with >64k entries. * Fix seeking in zip_source_file if start > 0. * Add zip_fseek() for seeking in uncompressed data. * Add zip_ftell() for telling position in uncompressed data. * Add zip_register_progress_callback() for UI updates during zip_close() ==== mariadb ==== Version update (10.1.20 -> 10.1.21) Subpackages: libmysqlclient-devel libmysqlclient18 libmysqlclient_r18 libmysqld18 mariadb-client mariadb-errormessages - update to MariaDB 10.1.21 * notable changes: * Innodb updated to 5.6.35 * Performance Schema updated to 5.6.35 * release notes and changelog: * https://mariadb.com/kb/en/mariadb/mariadb-10121-release-notes/ * https://mariadb.com/kb/en/mariadb/mariadb-10121-changelog/ * fixes the following CVEs: CVE-2017-3318 [bsc#1020896], CVE-2017-3317 [bsc#1020894], CVE-2017-3312 [bsc#1020873], CVE-2017-3291 [bsc#1020884], CVE-2017-3265 [bsc#1020885], CVE-2017-3258 [bsc#1020875], CVE-2017-3257 [bsc#1020878], CVE-2017-3244 [bsc#1020877], CVE-2017-3243 [bsc#1020891], CVE-2017-3238 [bsc#1020882], CVE-2016-6664 [bsc#1008253] - add mariadb.te file to the filelist - add mysqld_safe_helper to the filelist - refresh mariadb-10.1.4-group.patch - add mariadb-10.1.20-incorrect_list_handling.patch to fix incorrect linked list handling in mysql_prune_stmt_list() function that can cause use-after-free error [bsc#1022428] ==== mjpegtools ==== Subpackages: libmjpegutils-2_0-0 - Split the package in smaller pieces, allowing as user to keep the main/free parts from the distribution and 'enhancing' the capability with simple addon-packages: libmpeg2encpp-2_0-0 (as a library it is required by other code depending on it) and mjpegtools-orig-addon, which is auto-recommended when the user has mjpegtools installed AND has a repo enabled, containing this package AND has recommends enabled. ==== mozilla-nss ==== Version update (3.28.2 -> 3.28.3) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs mozilla-nss-tools - update to NSS 3.28.3 * This is a patch release to fix binary compatibility issues. NSS version 3.28, 3.28.1 and 3.28.2 contained changes that were in violation with the NSS compatibility promise. ECParams, which is part of the public API of the freebl/softokn parts of NSS, had been changed to include an additional attribute. That size increase caused crashes or malfunctioning with applications that use that data structure directly, or indirectly through ECPublicKey, ECPrivateKey, NSSLOWKEYPublicKey, NSSLOWKEYPrivateKey, or potentially other data structures that reference ECParams. The change has been reverted to the original state in bug bmo#1334108. SECKEYECPublicKey had been extended with a new attribute, named "encoding". If an application passed type SECKEYECPublicKey to NSS (as part of SECKEYPublicKey), the NSS library read the uninitialized attribute. With this NSS release SECKEYECPublicKey.encoding is deprecated. NSS no longer reads the attribute, and will always set it to ECPoint_Undefined. See bug bmo#1340103. - requires NSPR >= 4.13.1 ==== mtd-utils ==== Version update (1.5.2 -> 2.0.0) - Update to version 2.0.0: * libmissing with stubs for functions not present in libraries like musl * unittests for libmtd and libubi * port most kernel space mtd test modules to userspace * mkfs.ubifs: extended attribute support * ubinize: Move lengthy help text to a man page * nandwrite: Add skip-all-ff-pages option * flash_{un,}lock: support for MEMISLOCKED * nandtest: support hex/dec/oct for --offset and --length ==== multipath-tools ==== Subpackages: kpartx - Remove superfluous PreReq for insserv and fillup ==== mutter ==== Version update (3.22.2 -> 3.22.3) Subpackages: libmutter0 mutter-data - Update to version 3.22.3: + Fix switching between two finger- and edge scrolling on wayland (bgo#771744). + Fix frequent freezes in multihead setups on wayland (bgo#774557). + Preserve root window mask on XSelectionRequest (bgo#776128). + Fix window menu placement with HiDPI (bgo#776055). + Fix HiDPI detection on vertical monitor layouts (bgo#777687). + Fix erroneous key event repeats (bgo#774989). + Fix "ghost" cursors in multi-monitor setups (bgo#771056). + Use eglGetPlatformDisplay (bgo#772422). + Fix erratic raise_or_lower behavior (bgo#705200). + Extend tablet device checks (bgo#773779). + Set right scale for tablet tool cursors on HiDPI (bgo#778474). + Allow edge-scrolling without 2fg-scroll capable devices (bgo#778554). + Misc. bug fixes: bgo#771297, bgo#774135, bgo#775986, bgo#777691, bgo#777470, bgo#778262, bgo#776919. + Updated translations. - Drop mutter-x11-meta.patch: Fixed upstream. ==== open-vm-tools ==== Subpackages: libvmtools0 open-vm-tools-desktop - Don't require insserv if we don't need it. ==== openldap2 ==== Subpackages: libldap-2_4-2 libldap-2_4-2-32bit libldap-data openldap2-client openldap2-devel - Remove superfluous insserv PreReq. ==== os-prober ==== Version update (1.70 -> 1.74) - Version bump to 1.74: * Add support for Mageia * Improve logging of mounting and setting partitions to ro/rw * Use a read-only device-mapper entry if possible rather than setting the underlying device to read-only. Note that this introduces a dependency on dmsetup on Linux architectures. * Remove the "blockdev --setro" code path entirely, since the read-only device-mapper arrangement supersedes it and should be safer * Make the yaboot parser more tolerant about the syntax of "append" options * Disable debugging if OS_PROBER_DISABLE_DEBUG is set * Replace basename/dirname with shell string processing * Fix typos in README * Add Devuan detection * Work harder to avoid trying to mount extended partitions * Drop " (loader)" suffixes on Microsoft operating systems * Add support for 4MLinux * Use HTTPS for Vcs-* URLs, and link to cgit rather than gitweb. - Rediff * os-prober-1.49-grub2-mount.patch * os-prober-EFI-openSUSEfy.patch * os-prober-btrfs-always-detect-default.patch * os-prober-btrfsfix.patch * os-prober-dont-load-all-fs-module-and-dont-test-mount.patch * os-prober-fix-btrfs-subvol-mounted-tests.patch * os-prober-linux-distro-avoid-expensive-ld-file-test.patch * os-prober-linux-distro-parse-os-release.patch - Remove patches; fixed on upstream release * os-prober-call-dmraid-once.patch * os-prober-1.49-skip-LVM2_member.patch ==== p7zip ==== - Explicitly package %{_docdir}/%{name} to fix build with RPM 4.13. ==== pcre2 ==== Version update (10.22 -> 10.23) - pcre2 10.23: * major re-factoring of the pcre2_compile.c file * Back references are now permitted in lookbehind assertions when there are no duplicated group numbers (that is, (?| has not been used), and, if the reference is by name, there is only one group of that name. The referenced group must, of course be of fixed length. * \g{+} (e.g. \g{+2} ) is now supported. It is a "forward back reference" and can be useful in repetitions (compare \g{-} ). Perl does not recognize this syntax. * pcre2grep now automatically expands its buffer up to a maximum set by --max-buffer-size. * The -t option (grand total) has been added to pcre2grep. * A new function called pcre2_code_copy_with_tables() exists to copy a compiled pattern along with a private copy of the character tables that is uses. - Explicitly package %{_docdir}/%{name} to fix build with RPM 4.13. ==== perl-Net-HTTP ==== Version update (6.12 -> 6.13) - updated to 6.13 see /usr/share/doc/packages/perl-Net-HTTP/Changes 6.13 2017-02-19 21:40:54-05:00 America/Toronto - use EWOULDBLOCK as well on all places where EAGAIN is used (GH PR#24) ==== perl-YAML ==== Version update (1.22 -> 1.23) - updated to 1.23 see /usr/share/doc/packages/perl-YAML/Changes 1.23 Sun Feb 19 22:07:57 CET 2017 - Fix $YAML::Numify (empty values were converted to 0) ==== pidgin-sipe ==== Version update (1.21.1 -> 1.22.0) Subpackages: libpurple-plugin-sipe libpurple-plugin-sipe-lang pidgin-plugin-sipe - Conditionalise video/audio to fix build on SLE 12 SP1. - update to 1.22.0 - Feature #93: Support for Lync Autodiscover (Stefan Becker) - Feature #6: Application Sharing Viewer (Jakub Adam) * requires libpurple >= 2.12.0 * needs an external RDP client - remmina and xfreerdp are supported - Fixed #315: Crash when contact list is empty (Stefan Becker) - Fixed #314: sipe login problems with long pw (Stefan Becker) - separate logging and debugging output (Stefan Becker) * logging is always shown, e.g. in the Pidgin debug window * full message debugging now requires PURPLE_UNSAFE_DEBUG=1 - new translations: Greek (el), Lithuanian (lt) - drop pidgin-sipe-gstreamer-1.0.patch: no longer needed - add recommends for remmina and freerdp so the desktop sharing stuff would work out of the box - add BR for gstreamer-rtp-1.0 and farstream-0.2 to keep the video/audio feature working ==== plasma5-desktop ==== - Add patch to fix regression in 5.9.2: * 0001-Don-t-pin-during-reordering-by-DND.patch - Add BuildRequires: plasma5-workspace to fix generation of package metadata (needed in :LTS, apparently already pulled in by something else here) ==== poppler ==== Version update (0.51.0 -> 0.52.0) Subpackages: libpoppler-cpp0 libpoppler-devel libpoppler-glib8 libpoppler66 poppler-tools - Update to version 0.52.0: + core: - Fix assert on reading some OCGs (fdo#99768). - Properly initialize some RichMedia variables in corner cases (fdo#99767). + qt4: - optcontent structure was leaking the headers items (fdo#99449). - Cleanup objects in tests to fix memory leaks (fdo#99449). + qt5: - optcontent structure was leaking the headers items (fdo#99449). - Cleanup objects in tests to fix memory leaks (fdo#99449). + utils: pdftocairo.1: Fix typo. ==== poppler-qt5 ==== Version update (0.51.0 -> 0.52.0) Subpackages: libpoppler-qt5-1 libpoppler-qt5-devel - Update to version 0.52.0: + core: - Fix assert on reading some OCGs (fdo#99768). - Properly initialize some RichMedia variables in corner cases (fdo#99767). + qt4: - optcontent structure was leaking the headers items (fdo#99449). - Cleanup objects in tests to fix memory leaks (fdo#99449). + qt5: - optcontent structure was leaking the headers items (fdo#99449). - Cleanup objects in tests to fix memory leaks (fdo#99449). + utils: pdftocairo.1: Fix typo. ==== postfix ==== Subpackages: postfix-doc - Fix requires: - shadow is needed for postfix-mysql pre-install section - insserv is not needed if systemd is used ==== postgresql-init ==== - Fix location of insserv cleanup call ==== python-qt4 ==== - Require sip 4.19.1 for compatibility with PyQt5 ==== python-rpm-macros ==== Version update (1.0git.1483874658.ead0b0b -> 1.0.git.1486997542.e9fcc29) - update service, use repository and tarball name "python-rpm-macros" - introduce %python_prefix - Set RPM group - change service version generator to use "1.0.git" instead of "1.0git" ==== python-sip ==== Version update (4.19 -> 4.19.1) Subpackages: python-sip-devel - Update to 4.19.1 * Added the %PreMethodCode directive. * Added sipEnableGC() to the C API. * Added the -D command line option so that the generated code is aware of Python debug builds. ==== python-wxWidgets-3_0 ==== Subpackages: python-wxWidgets-3_0-lang - Eliminate ancient bundled headers from build procedure that caused ABI mismatches [boo#953017, boo#1022819, boo#1023841]. ==== sg3_utils ==== Subpackages: libsgutils2-1_43-2 - Remove superfluous insserv PreReq. ==== shim-leap ==== - Update shim to 0.9-13.1 + Update shim-install to support "--no-nvram" and improve removable media and fallback mode handling (bsc#985568, bsc#999818) (Fix from mchang@suse.com) - New signature from Microsoft - shim-install : fix regression of password prompt (bsc#993764) - Add shim-bsc991885-fix-sig-length.patch to fix the signature length passed to Authenticode (bsc#991885) - Update shim-bsc973496-mokmanager-no-append-write.patch to try append write first - Add shim-update-openssl-1.0.2h.patch to update openssl to 1.0.2h - Bump the requirement of gnu-efi due to the HTTPBoot support - Add shim-httpboot-support.patch to support HTTPBoot - Add shim-update-openssl-1.0.2g.patch to update openssl to 1.0.2g and Cryptlib to 5e2318dd37a51948aaf845c7d920b11f47cdcfe6 - Drop patches since they are merged into shim-update-openssl-1.0.2g.patch + shim-update-openssl-1.0.2d.patch + shim-gcc5.patch + shim-bsc950569-fix-cryptlib-va-functions.patch + shim-fix-aarch64.patch - Refresh shim-change-debug-file-path.patch - Add shim-bsc973496-mokmanager-no-append-write.patch to work around the firmware that doesn't support APPEND_WRITE (bsc973496) - shim-install : remove '\n' from the help message (bsc#991188) - shim-install : print a message if there is no valid EFI partition (bsc#991187) - shim-install : support simple MD RAID1 target devices (FATE#314829) - Add shim-fix-aarch64.patch to fix compilation on AArch64 (bsc#978438) - shim-install : fix typing ESC can escape to parent config which is in command mode and cannot return back (bsc#966701) - shim-install : fix no which command for JeOS (bsc#968264) - acquired updated signature from Microsoft - Add shim-bsc950569-fix-cryptlib-va-functions.patch to fix the definition of va functions to avoid the potential crash (bsc#950569) - Update shim-opensuse-cert-prompt.patch to avoid setting NULL to MokListRT (bsc#950801) - Drop shim-fix-mokmanager-sections.patch as we are using the newer binutils now - Refresh shim-change-debug-file-path.patch - acquired updated signature from Microsoft - shim-install : set default GRUB_DISTRIBUTOR from /etc/os-release if it is empty or not set by user (bsc#942519) - Add shim-update-openssl-1.0.2d.patch to update openssl to 1.0.2d - Refresh shim-gcc5.patch and add it back since we really need it - Add shim-change-debug-file-path.patch to change the debug file path in shim.efi + also add the debuginfo and debugsource subpackages - Drop shim-fix-gnu-efi-30w.patch which is not necessary anymore - Update to 0.9 - Refresh patches + shim-fix-gnu-efi-30w.patch + shim-fix-mokmanager-sections.patch + shim-opensuse-cert-prompt.patch - Drop upstreamed patches + shim-bsc920515-fix-fallback-buffer-length.patch + shim-mokx-support.patch + shim-update-cryptlib.patch - Drop shim-bsc919675-uninstall-shim-protocols.patch since upstream fixed the bug in another way. - Drop shim-gcc5.patch which was fixed in another way - Fix tags in the spec file - Add shim-update-cryptlib.patch to update Cryptlib to r16559 and openssl to 0.9.8zf - Add shim-bsc919675-uninstall-shim-protocols.patch to uninstall the shim protocols at Exit (bsc#919675) - Add shim-bsc920515-fix-fallback-buffer-length.patch to adjust the buffer size for the boot options (bsc#920515) - Refresh shim-opensuse-cert-prompt.patch - shim-gcc5.patch: shim needs -std=gnu89 to build with GCC5 - shim-install : fix cryptodisk installation (boo#917427) - Add shim-fix-mokmanager-sections.patch to fix the objcopy parameters for the EFI files - Update to 0.8 - Add shim-fix-gnu-efi-30w.patch to adapt the change in gnu-efi-3.0w - Merge shim-signed-unsigned-compares.patch, shim-mokmanager-support-sha-family.patch and shim-bnc863205-mokmanager-fix-hash-delete.patch into shim-mokx-support.patch - Refresh shim-opensuse-cert-prompt.patch - Drop upstreamed patches: shim-update-openssl-0.9.8zb.patch, bug-889332_shim-overflow.patch, and bug-889332_shim-mok-oob.patch - Enable aarch64 - Fixed buffer overflow and OOB access in shim trusted code path (bnc#889332, CVE-2014-3675, CVE-2014-3676, CVE-2014-3677) * added bug-889332_shim-mok-oob.patch, bug-889332_shim-overflow.patch - Added new certificate by Microsoft - re-introduce build failure if shim_enforce_ms_signature is defined. That way a project like openSUSE:Factory can decide whether or not shim needs a valid MS signature. - Add shim-update-openssl-0.9.8zb.patch to update openssl to 0.9.8zb - updated shim to new version (OpenSSL 0.9.8za) and requested a new certificate from Microsoft. Removed * shim-allow-fallback-use-system-loadimage.patch * shim-bnc872503-check-key-encoding.patch * shim-bnc877003-fetch-from-the-same-device.patch * shim-correct-user_insecure-usage.patch * shim-fallback-avoid-duplicate-bootorder.patch * shim-fallback-improve-entries-creation.patch * shim-fix-dhcpv4-path-generation.patch * shim-fix-uninitialized-variable.patch * shim-fix-verify-mok.patch * shim-get-variable-check.patch * shim-improve-error-messages.patch * shim-mokmanager-delete-bs-var-right.patch * shim-mokmanager-handle-keystroke-error.patch * shim-remove-unused-variables.patch since they're included in upstream and rebased the remaining onces. Added shim-signed-unsigned-compares.patch to fix some compiler warnings - Keep shim-devel.efi for the devel project - don't fail the build if the UEFI signing service signature can't be attached anymore. This way shim can still pass through staging projects. We will verify the correct signature for release builds using openQA instead. - shim-install: fix GRUB shows broken letters at boot by calling grub2-install to initialize /boot/grub2 directory with files needed by grub.cfg (bnc#889765) - Add shim-remove-unused-variables.patch to remove the unused variables - Add shim-bnc872503-check-key-encoding.patch to check the encoding of the keys (bnc#872503) - Add shim-bnc877003-fetch-from-the-same-device.patch to fetch the netboot image from the same device (bnc#877003) - Refresh shim-opensuse-cert-prompt.patch - Use --reinit instead of --refresh in %post to update the files in /boot - shim-install: fix boot partition and rollback support kluge (bnc#875385) - Replace shim-mokmanager-support-sha1.patch with shim-mokmanager-support-sha-family.patch to support the SHA family - Add shim-mokmanager-support-sha1.patch to support SHA1 hashes in MOK - snapper rollback support (fate#317062) - refresh shim-install - Insert the right signature (bnc#867974) - Add shim-fix-uninitialized-variable.patch to fix the use of uninitialzed variables in lib - Add shim-mokmanager-delete-bs-var-right.patch to delete the BS+NV variables the right way - Update shim-opensuse-cert-prompt.patch to delete openSUSE_Verify correctly - Add shim-fallback-avoid-duplicate-bootorder.patch to fix the duplicate entries in BootOrder - Add shim-allow-fallback-use-system-loadimage.patch to handle the shim protocol properly to keep only one protocol entity - Refresh shim-opensuse-cert-prompt.patch - shim-install: fix the $prefix to use grub2-mkrelpath for paths on btrfs subvolume (bnc#866690). - FATE#315002: Update shim-install to install shim.efi as the EFI default bootloader when none exists in \EFI\boot. - Update signature-sles.asc: shim signed by UEFI signing service, based on code from "Thu Feb 20 11:57:01 UTC 2014" - Add shim-opensuse-cert-prompt.patch to show the prompt to ask whether the user trusts the openSUSE certificate or not - allow package to carry multiple signatures - check correct certificate is embedded - always clean up generated files that embed certificates (shim_cert.h shim.cer shim.crt) to make sure next build loop rebuilds them properly - Add shim-bnc863205-mokmanager-fix-hash-delete.patch to fix the hash deletion operation to avoid ruining the whole list (bnc#863205) - Update shim-mokx-support.patch to support the resetting of MOK blacklist - Add shim-get-variable-check.patch to fix the variable checking in get_variable_attr - Add shim-fallback-improve-entries-creation.patch to improve the boot entry pathes and avoid generating the boot entries that are already there - Update SUSE certificate - Update attach_signature.sh, show_hash.sh, strip_signature.sh, extract_signature.sh and show_signatures.sh to remove the creation of the temporary nss database - Add shim-only-os-name.patch: remove the kernel version of the build server - Match the the prefix of the project name properly by escaping the percent sign. - enable signature assertion also in SUSE: hierarchy - Add shim-mokmanager-handle-keystroke-error.patch to handle the error status from ReadKeyStroke to avoid unexpected keys - Update to 0.7 - Add upstream patches: + shim-fix-verify-mok.patch + shim-improve-error-messages.patch + shim-correct-user_insecure-usage.patch + shim-fix-dhcpv4-path-generation.patch - Add shim-mokx-support.patch to support the MOK blacklist (Fate#316531) - Drop upstreamed patches + shim-fix-pointer-casting.patch + shim-merge-lf-loader-code.patch + shim-fix-simple-file-selector.patch + shim-mokmanager-support-crypt-hash-method.patch + shim-bnc804631-fix-broken-bootpath.patch + shim-bnc798043-no-doulbe-separators.patch + shim-bnc807760-change-pxe-2nd-loader-name.patch + shim-bnc808106-correct-certcount.patch + shim-mokmanager-ui-revamp.patch + shim-netboot-fixes.patch + shim-mokmanager-disable-gfx-console.patch - Drop shim-suse-build.patch: it's not necessary anymore - Drop shim-bnc841426-silence-shim-protocols.patch: shim is not verbose by default - Update microsoft.asc: shim signed by UEFI signing service, based on code from "Tue Oct 1 04:29:29 UTC 2013". - Add shim-netboot-fixes.patch to include upstream netboot fixes - Add shim-mokmanager-disable-gfx-console.patch to disable the graphics console to avoid system hang on some machines - Add shim-bnc841426-silence-shim-protocols.patch to silence the shim protocols (bnc#841426) - Create boot.csv in ESP for fallback.efi to restore the boot entry - Update microsoft.asc: shim signed by UEFI signing service, based on code from "Fri Sep 6 13:57:36 UTC 2013". - Improve extract_signature.sh to work on current path. - set timestamp of PE file to time of the binary the signature was made for. - make sure cert.o get's rebuilt for each target - Update microsoft.asc: shim signed by UEFI signing service, based on code from "Wed Aug 28 15:54:38 UTC 2013" - always build a shim that embeds the distro's certificate (e.g. shim-opensuse.efi). If the package is built in the devel project additionally shim-devel.efi is created. That allows us to either load grub2/kernel signed by the distro or signed by the devel project, depending on use case. Also shim-$distro.efi from the devel project can be used to request additional signatures. - also include old openSUSE 4096 bit certificate to be able to still boot kernels signed with that key. - add show_signatures script - replace the 4096 bit openSUSE UEFI CA certificate with new a standard compliant 2048 bit one. - fix shell syntax error - don't include binary in the sources. Instead package the raw signature and attach it during build (bnc#813448). - Update shim-mokmanager-ui-revamp.patch to include fixes for MokManager + reboot the system after clearing MOK password + fetch more info from X509 name + check the suffix of the key file - Update to 0.4 - Rebase patches + shim-suse-build.patch + shim-mokmanager-support-crypt-hash-method.patch + shim-bnc804631-fix-broken-bootpath.patch + shim-bnc798043-no-doulbe-separators.patch + shim-bnc807760-change-pxe-2nd-loader-name.patch + shim-bnc808106-correct-certcount.patch + shim-mokmanager-ui-revamp.patch - Add patches + shim-merge-lf-loader-code.patch: merge the Linux Foundation loader UI code + shim-fix-pointer-casting.patch: fix a casting issue and the size of an empty vendor cert + shim-fix-simple-file-selector.patch: fix the buffer allocation in the simple file selector - Remove upstreamed patches + shim-support-mok-delete.patch + shim-reboot-after-changes.patch + shim-clear-queued-key.patch + shim-local-key-sign-mokmanager.patch + shim-get-2nd-stage-loader.patch + shim-fix-loadoptions.patch - Remove unused patch: shim-mokmanager-new-pw-hash.patch and shim-keep-unsigned-mokmanager.patch - Install the vendor certificate to /etc/uefi/certs - Add shim-mokmanager-ui-revamp.patch to update the MokManager UI - Call update-bootloader in %post to update *.efi in \efi\opensuse (bnc#813079) - Add shim-bnc807760-change-pxe-2nd-loader-name.patch to change the PXE 2nd stage loader name (bnc#807760) - Add shim-bnc808106-correct-certcount.patch to correct the certificate count of the signature list (bnc#808106) - Add shim-bnc798043-no-doulbe-separators.patch to remove double seperators from the bootpath (bnc#798043#c4) - sign shim also with openSUSE certificate - identify project, export certificate as DER file - don't create an unused extra keypair - Add shim-bnc804631-fix-broken-bootpath.patch to fix the broken bootpath generated in generate_path(). (bnc#804631) - Update with shim signed by UEFI signing service, based on code from "Thu Feb 7 06:56:19 UTC 2013". - prepare for having a signed shim from the UEFI signing service - Sign shim-opensuse.efi and MokManager.efi with the openSUSE cert - Add shim-keep-unsigned-mokmanager.patch to keep the unsigned MokManager and sign it later. - Add shim-install utility - Add Recommends to grub2-efi - Add shim-mokmanager-support-crypt-hash-method.patch to support password hash from /etc/shadow (FATE#314506) - Embed openSUSE-UEFI-CA-Certificate.crt in shim - Rename shim-unsigned.efi to shim-opensuse.efi. - Update shim-mokmanager-new-pw-hash.patch to extend the password hash format - Rename shim.efi as shim-unsigned.efi - Merge patches for FATE#314506 + Add shim-support-mok-delete.patch to add support for deleting specific keys + Add shim-mokmanager-new-pw-hash.patch to support the new password hash. - Drop shim-correct-mok-size.patch which is included in shim-support-mok-delete.patch - Merge shim-remove-debug-code.patch and shim-local-sign-mokmanager.patch into shim-local-key-sign-mokmanager.patch - Install COPYRIGHT - Add shim-fix-loadoptions.patch to adopt the UEFI shell style LoadOptions (bnc#798043) - Drop shim-check-pk-kek.patch since upstream rejected the patch due to violation of SPEC. - Install EFI binaries to /usr/lib64/efi - Update shim-reboot-after-changes.patch to avoid rebooting the system after enrolling keys/hashes from the file system - Add shim-correct-mok-size.patch to correct the size of MOK - Add shim-clear-queued-key.patch to clear the queued key and show the menu properly - Remove shim-rpmlintrc, it wasn't fixing the error, hide error stdout to prevent post build check to get triggered by cast warnings in openSSL code - Add shim-remove-debug-code.patch: remove debug code - Add shim-rpmlintrc to filter 64bit portability errors - Add shim-local-sign-mokmanager.patch to create a local certicate to sign MokManager - Add shim-get-2nd-stage-loader.patch to get the second stage loader path from the load options - Add shim-check-pk-kek.patch to verify EFI images with PK and KEK - Add shim-reboot-after-changes.patch to reboot the system after enrolling or erasing keys - Install the EFI images to /usr/lib64/shim instead of the EFI partition - Update the mail address of the author - Add new package shim 0.2 (FATE#314484) + It's in fact git 2fd180a92 since there is no tag for 0.2 ==== spamassassin ==== Subpackages: perl-Mail-SpamAssassin - Don't call/require insserv if we use systemd ==== sssd ==== Subpackages: libnfsidmap-sss libsss_idmap0 libsss_nss_idmap0 libsss_simpleifp0 sssd-32bit sssd-krb5-common sssd-ldap - Remove obsolete insserv call ==== strace ==== Version update (4.15 -> 4.16) - Update to strace 4.16 * Improvements * Implemented syscall return value injection (-e inject=SET:retval= option). * Implemented signal injection (-e inject=SET:signal= option). * Implemented decoding of SUID_DUMP_* constants in PR_[GS]ET_DUMPABLE. * Implemented decoding of all SG_* ioctl commands. * Implemented decoding of ustat syscall. * Implemented decoding of BPF_OBJ_PIN, BPF_OBJ_GET, BPF_PROG_ATTACH, and BPF_PROG_DETACH commands of bpf syscall. * Enhanced decoding of sg_io_hdr and sg_io_v4 structures. * Enhanced decoding of get_robust_list, getrandom, io_submit, set_robust_list syscalls. * Enhanced decoding of entities of kernel long type on x32 and mips n32 ABIs. * Updated lists of IP_*, IPV6_*, and LOOP_* constants. * Updated lists of ioctl commands from Linux 4.10. * Added decoding of recently added syscalls on avr32, microblaze, ppc, and ppc64. * Bug fixes * Fixed pathmatch of oldselect syscall on 64-bit architectures. * Fixed decoding of mmap2 syscall on s390 when arguments are not available. * Fixed decoding of kexec_file_load, mprotect, pkey_mprotect, prctl, preadv*, and pwritev* syscalls on x32. * Fixed printing of string arguments of getxattr and setxattr syscalls when -s option is used to limit the printed string size. * Fixed decoding of ifconf, ifreq, and loop_info structures on non-native personalities. * Fixed decoding of SG_* and LOOP_* ioctl commands. * Fixed build on mips with musl libc. * Fixed cross-building of ioctlsort. * Applied minor formatting fixes to the manual page. ==== systemd ==== Subpackages: libsystemd0 libsystemd0-32bit libudev-devel libudev1 libudev1-32bit systemd-32bit systemd-bash-completion systemd-logger systemd-sysvinit udev - Don't ship systemd-resolved for now (bsc#1024897) If resolved is enabled , systemd-tmpfiles creates a wrong symlink in /etc/resolv.conf which confuses the network manager actually used. - More indentation cleanup (no functional changes) - Remove obsolete insserv requirements for udev again [bsc#999841] - Import commit cd97d5d5fef79ab9d957bf6504d085c0faca6bfc e587b6ce0 disable RestrictAddressFamilies on all architectures but x86_64 one (bsc#1023460) c8ae05632 journald: don't flush to /var/log/journal before we get asked to (bsc#1004094) 7261eaf3e sd-event: fix sd_event_source_get_priority() (#4712) - Move fix for permission set on /var/lib/systemd/linger/* (no functional changes) Move that part after the fix on timer timestamp files otherwise the comment doesn't make sense. - Import commit 028fd9b60580976dffb09b3576a2b652ee35137c cc2ca55ff build-sys: do not install ctrl-alt-del.target symlink twice ececae77a device: Avoid calling unit_free(NULL) in device setup logic (#4748) - Ship systemd-resolved but it's disabled by default (bsc#1018387) The NSS plugin will also be disabled, users need to enable it manually. ==== tigervnc ==== - U_tigervnc-fix-inetd-not-working-with-xserver-1-19.patch * Fixes inetd mode with x server 1.19 (bnc#1025759) ==== virglrenderer ==== - Address various security issues * Fix null pointer dereference in vrend_clear (CVE-2017-5937 bsc#1024232) 0001-48f67f60-renderer-fix-NULL-pointer-deref-in-vrend_clear.patch * Fix host memory leak issue in virgl_resource_attach_backing (CVE-2016-10214 bsc#1024244) 0002-40b0e781-renderer-fix-a-leak-in-resource-attach.patch * Fix memory leak in int blit context (CVE-2017-5993 bsc#1025505) 0003-6eb13f7a-vrend-fix-memory-leak-in-int-blit-context.patch * Fix heap overflow in vertex elements state create (CVE-2017-5994 bsc#1025507) 0004-114688c5-renderer-fix-heap-overflow-in-vertex-elements-state-.patch * Fix a stack overflow in set framebuffer state (CVE-2017-5957 bsc#1024993) 0005-926b9b34-vrend-fix-a-stack-overflow-in-set-framebuffer-state.patch ==== wget ==== Version update (1.19 -> 1.19.1) - Update to wget-1.19.1, mainly bug fixes * Add support for --retry-on-http-error * tests/WgetTests.pm: Add --no-config to wget invocation * Fix regression in .netrc auth in src/http.c * Fix memory leak in src/iri.c * Remove skipping libunistring with --disable-iri * bootstrap.conf: Add gnulib module wcwidth * Fix include/define clash with gnulib's unlink module ==== wwwoffle ==== Version update (2.9i -> 2.9j) - Add missing dependency to enable https support - Version update to 2.9j to fix bsc#1026023 * Few crypto key length tweaks * Various small compilation warning fixes - Refresh patch wwwoffle-2.9e-implicit.patch ==== xorg-x11-server ==== Subpackages: xorg-x11-server-extra xorg-x11-server-sdk - U_xfree86-Take-the-input-lock-for-xf86ScreenCheckHWCursor.patch * Add the missing input_lock() around the call into the driver's UseHWCursor() callback (bnc #1023845). - U_xfree86-Take-the-input-lock-for-xf86TransparentCursor.patch * The new input lock is missing for the xf86TransparentCursor() entry point (bnc #1023845). ==== yast2-country ==== Version update (3.2.8 -> 3.2.9) Subpackages: yast2-country-data - fix keyboard layout widget initialization to old value (bsc#1022546) - 3.2.9 ==== ypbind ==== - Some packaging cleanup: * Use macro for configure and make install * Build in parallel * Drop no longer needed buildroot * Run spec-cleaner