o Updated 389-ds (security/bugfix/feature) - Resolve boo#1194068 by adding required schema - Add missing support utils plugin - Update to version 2.0.11~git13.e14935725: * Issue 5080 - BUG - multiple index types not handled in openldap migration (#5094) * Issue 5079 - BUG - multiple ways to specific primary (#5087) * Issue 4992 - BUG - slapd.socket container fix (#4993) * Issue 5037 - in OpenQA changelog trimming can crashes (#5070) * Issue 4299 - UI LDAP editor - add "edit" and "rename" functionality * Issue 4962 - Fix various UI bugs - Database and Backups (#5044) * Issue 5046 - BUG - update concread (#5047) * Issue 5043 - BUG - Result must be used compiler warning (#5045) * Issue 4165 - Don't apply RootDN access control restrictions to UNIX connections * Issue 4931 - RFE: dsidm - add creation of service accounts * Issue 5024 - BUG - windows ro replica sigsegv (#5027) * Issue 5020 - BUG - improve clarity of posix win sync logging (#5021) * Issue 5008 - If a non critical plugin can not be loaded/initialized, bootstrap should succeeds (#5009) * Issue 4962 - Fix various UI bugs - Settings and Monitor (#5016) * Issue 5014 - UI - Add group creation to LDAP editor * Issue 5006 - UI - LDAP editor tree not being properly updated * Issue 5001 - Update CI test for new availableSASLMechs attribute * Issue 4959 - Invalid /etc/hosts setup can cause isLocalHost to fail. * Issue 5001 - Fix next round of UI bugs: * Issue 4962 - Fix various UI bugs - dsctl and ciphers (#5000) * Issue 4978 - use more portable python command for checking containers * Issue 4678 - RFE automatique disable of virtual attribute checking (#4918) * Issue 4972 - gecos with IA5 introduces a compatibility issue with previous (#4981) * Issue 4978 - make installer robust * Issue 4976 - Failure in suites/import/import_test.py::test_fast_slow_import * Issue 4973 - update snmp to use /run/dirsrv for PID file * Issue 4962 - Fix various UI bugs - Plugins (#4969) * Issue 4973 - installer changes permissions on /run * Issue 4092 - systemd-tmpfiles warnings * Issue 4956 - Automember allows invalid regex, and does not log proper error * Issue 4731 - Promoting/demoting a replica can crash the server * Issue 4962 - Fix various UI bugs part 1 * Issue 3584 - Fix PBKDF2_SHA256 hashing in FIPS mode (#4949) * Issue 4943 - Fix csn generator to limit time skew drift (#4946) * Issue 2790 - Set db home directory by default * Bump github contianer shm size to 4 gigs * Issue 4299 - Merge LDAP editor code into Cockpit UI * Issue 4938 - max_failure_count can be reached in dscontainer on slow machine with missing debug exception trace * Issue 4921 - logconv.pl -j: Use of uninitialized value (#4922) * Issue 4847 - BUG - potential deadlock in replica (#4936) * Issue 4513 - fix ACI CI tests involving ip/hostname rules * Issue 4925 - Performance ACI: targetfilter evaluation result can be reused (#4926) * Issue 4916 - Memory leak in ldap-agent - jsc#SLE-22962 - submit 2.x version in preparation for BDB to LMDB transition - Add missing dependency on iproute2 for lib389 - Update to version 2.0.10~git0.21dd2802c: * Bump version to 2.0.10 * Issue 4908 - Updated several dsconf --help entries (typos, wrong descriptions, etc.) * Issue 4912 - Account Policy plugin does not set the config entry DN * Issue 4863 - typoes in logconv.pl * Issue 4796 - Add support for nsslapd-state to CLI & UI * Issue 4894 - IPA failure in ipa user-del --preserve (#4907) * Issue 4912 - dsidm command crashing when account policy plugin is enabled * Issue 4910 - db reindex corrupts RUV tombstone nsuiqueid index * Issue 4869 - Fix retro cl trimming misuse of monotonic/realtime clocks * Issue 4887 - UI - fix minor regression from camelCase fixup * Bump version to 2.0.9 * Issue 4887 - UI - Update webpack.config.js and package.json * Issue 4149 - UI - Migrate the remaining components to PF4 * Issue 4875 - CLI - Add some verbosity to installer * Issue 4884 - server crashes when dnaInterval attribute is set to zero - Update to version 2.0.8~git0.553f26c87: * Bump version to 2.0.8 * Issue 4877 - RFE - EntryUUID to validate UUIDs on fixup (#4878) * Issue 4872 - BUG - entryuuid enabled by default causes replication issues (#4876) * Issue 4851 - Typos in "dsconf pwpolicy set --help" (#4867) * Issue 4763 - Attribute Uniqueness Plugin uses wrong subtree on ModRDN (#4871) * Issue 4736 - lib389 - fix regression in certutil error checking * Issue 4861 - Improve instructions in custom.conf for memory leak detection * Issue 4859 - Don't version libns-dshttpd * Issue 4169 - Migrate Replication & Schema tabs to PF4 * Issue 4623 - RFE - Monitor the current DB locks ( nsslapd-db-current-locks ) * Issue 4736 - CLI - Errors from certutil are not propagated * Issue 4460 - Fix isLocal and TLS paths discovery (#4850) * Issue 4848 - Force to require nss version greater or equal as the version available at the build time * Issue - 4696 - Password hash upgrade on bind (#4840) * Bump version to 2.0.7 * Issue 4443 - Internal unindexed searches in syncrepl/retro changelog * Issue 4603 - Reindexing a single backend (#4831) * Issue 4169 - UI - migrate Server Tab forms to PF4 * Issue 4817 - BUG - locked crypt accounts on import may allow all passwords (#4819) * Issue 4820 - RFE - control flow integrity (#4821) * Issue 4706 - negative wtime for compare operations (#4780) * Issue 4414 - SIGFPE crash in rhds disk monitoring routine (#4829) * Issue 4262 - Fix Index out of bound in fractional test (#4828) * Issue 4826 - Filter argparse-manpage from autogenerated requires * Issue 4822 - Fix CI temporary password: fixture leftover breaks them (#4823) * Issue 2820 - Fix CI test suite issues * Bump version to 2.0.6 - Remove unneeded shadow dependency, no longer required due to systemd-sysusers - Update to version 2.0.6~git0.d81dc6c90: * Bump version to 2.0.6 * Issue 4803 - Improve DB Locks Monitoring Feature Descriptions * Issue 4803 - Improve DB Locks Monitoring Feature Descriptions (#4810) * Issue 4169 - UI - Migrate Typeaheads to PF4 (#4808) * Issue 4414 - disk monitoring - prevent division by zero crash * Issue 4788 - CLI should support Temporary Password Rules attributes (#4793) * Issue 4656 - Fix replication plugin rename dependency issues * Issue 4656 - replication name change upgrade code causes crash with dynamic plugins * Issue 4506 - Improve SASL logging * Issue 4709 - Fix double free in dbscan * Issue 4093 - Fix MEP test case * Issue 4747 - Remove unstable/unstatus tests (followup) (#4809) * Issue 4791 - Missing dependency for RetroCL RFE (#4792) * Issue 4794 - BUG - don't capture container output (#4798) * Issue 4593 - Log an additional message if the server certificate nickname doesn't match nsSSLPersonalitySSL value * Issue 4797 - ACL IP ADDRESS evaluation may corrupt c_isreplication_session connection flags (#4799) * Issue 4169 - UI Migrate checkbox to PF4 (#4769) * Issue 4447 - Crash when the Referential Integrity log is manually edited * Issue 4773 - Add CI test for DNA interval assignment * Issue 4789 - Temporary password rules are not enforce with local password policy (#4790) * Issue 4379 - fixing regression in test_info_disclosure * Issue 4379 - Allow more than 1 empty AttributeDescription for ldapsearch, without the risk of denial of service * Issue 4379 - Allow more than 1 empty AttributeDescription for ldapsearch, without the risk of denial of service * Issue 4575 Update test docstrings metadata * Issue 4753 - Adjust our tests to 389-ds-base-snmp missing in RHEL 9 Appstream * removed the snmp_present() from utils.py as we have get_rpm_version() in conftest.py * Issue 4753 - Adjust our tests to 389-ds-base-snmp missing in RHEL 9 Appstream - Fix requires as openssl cli is required by 389-ds now. - Add now working CONFIG parameter to sysusers generator - Update to version 2.0.5~git0.607bfbf16: * Bump version to 2.0.5 * Issue 4778 - RFE - Allow setting TOD for db compaction and add task * Issue 4169 - UI - Port plugin tables to PF4 * Issue 4656 - Allow backward compatilbity for replication plugin name change * Issue 4764 - replicated operation sometime checks ACI (#4783) * Issue 2820 - Fix CI test suite issues * Issue 4781 - There are some typos in man-pages * Issue 4773 - Enable interval feature of DNA plugin * Issue 4623 - RFE - Monitor the current DB locks (#4762) * Issue 3555 - Fix UI audit issue * Issue 4725 - Fix compiler warnings * Issue 4770 - Lower FIPS logging severity * Issue 4765 - database suffix unexpectdly changed from .db to .db4 (#4766) * Issue 4725 - [RFE] DS - Update the password policy to support a Temporary Password Rules (#4727) * Issue 4747 - Remove unstable/unstatus tests from PRCI (#4748) * Issue 4759 - Fix coverity issue (#4760) * Issue 4169 - UI - Migrate Buttons to PF4 (#4745) * Issue 4714 - dscontainer fails with rootless podman * Issue 4750 - Fix compiler warning in retrocl (#4751) * Issue 4742 - UI - should always use LDAPI path when calling CLI * Issue 4169 - UI - Migrate Server, Security, and Schema tables to PF4 * Issue 4667 - incorrect accounting of readers in vattr rwlock (#4732) * Issue 4701 - RFE - Exclude attributes from retro changelog (#4723) * Issue 4740 - Fix CI lib389 userPwdPolicy and subtreePwdPolicy (#4741) * Issue 4711 - SIGSEV with sync_repl (#4738) * Issue 4734 - import of entry with no parent warning (#4735) * Issue 4729 - GitHub Actions fails to run pytest tests * Issue 4656 - Remove problematic language from source code * Issue 4632 - dscontainer: SyntaxWarning: "is" with a literal. * Issue 4169 - UI - migrate replication tables to PF4 * Issue 4637 - ndn cache leak (#4724) * Issue 4577 - Fix ASAN flags in specfile * Issue 4169 - UI - PF4 migration - database tables * issue 4653: refactor ldbm backend to allow replacement of BDB - phase 3e - dbscan (#4709) - Recommend openssl(cli) by lib389: admin tools like dscreate can call out to /usr/bin/openssl to manage certificates. As the admin could decide to manage the certificates differently, we only recommend openssl here. - Update to version 389-ds-base-2.0.4~git0.7f6ba5a37: * Bump version to 2.0.4 * Issue 4680 - 389ds coredump (@389ds/389-ds-base-nightly) in replica install with CA (#4715) * Issue 3965 - RFE - Implement the Password Policy attribute "pwdReset" (#4713) * Issue 4700 - Regression in winsync replication agreement (#4712) * Issue 3965 - RFE - Implement the Password Policy attribute "pwdReset" (#4710) * Issue 4169 - UI - migrate monitor tables to PF4 * issue 4585 - backend redesign phase 3c - dbregion test removal (#4665) * Issue 2736 - remove remaining perl references * Issue 2736 - https://github.com/389ds/389-ds-base/issues/2736 * Issue 4706 - negative wtime in access log for CMP operations * Issue 3585 - LDAP server returning controltype in different sequence * Issue 4127 - With Accounts/Account module delete fuction is not working (#4697) * Issue 4666 - BUG - cb_ping_farm can fail with anonymous binds disabled (#4669) * Issue 4671 - UI - Fix browser crashes * Issue 4169 - UI - Add PF4 charts for server stats * Issue 4648 - Fix some issues and improvement around CI tests (#4651) * Issue 4654 Updates to tickets/ticket48234_test.py (#4654) * Issue 4229 - Fix Rust linking * Issue 4673 - Update Rust crates * Issue 4658 - monitor - connection start date is incorrect * Issue 4169 - UI - migrate modals to PF4 * Issue 4656 - remove problematic language from ds-replcheck * Issue 4459 - lib389 - Default paths should use dse.ldif if the server is down * Issue 4656 - Remove problematic language from UI/CLI/lib389 * Issue 4661 - RFE - allow importing openldap schemas (#4662) * Issue 4659 - restart after openldap migration to enable plugins (#4660) * Merge pull request #4664 from mreynolds389/issue4663 * issue 4552 - Backup Redesign phase 3b - use dbimpl in replicatin plugin (#4622) * Issue 4643 - Add a tool that generates Rust dependencies for a specfile (#4645) * Issue 4646 - CLI/UI - revise DNA plugin management * Issue 4644 - Large updates can reset the CLcache to the beginning of the changelog (#4647) * Issue 4649 - crash in sync_repl when a MODRDN create a cenotaph (#4652) * Issue 4169 - UI - Migrate alerts to PF4 * Issue 4169 - UI - Migrate Accordians to PF4 ExpandableSection * Issue 4595 - Paged search lookthroughlimit bug (#4602) * Issue 4169 - UI - port charts to PF4 * Issue 2820 - Fix CI test suite issues * Issue 4513 - CI - make acl ip address tests more robust * Bump version to 2.0.3 * Issue 4619 - remove pytest requirement from lib389 * Issue 4615 - log message when psearch first exceeds max threads per conn * Issue 4469 - Backend redesing phase 3a - implement dbimpl API and use it in back-ldbm (#4618) * Issue 4324 - Some architectures the cache line size file does not exist * Issue 4593 - RFE - Print help when nsSSLPersonalitySSL is not found (#4614) * Issue 4469 - Backend redesign phase 3a - bdb dependency removal from back-ldbm * Update dscontainer (#4564) * Issue 4149 - UI - port TreeView and opther components to PF4 * Issue 4577 - Add GitHub actions * Issue 4591 - RFE - improve openldap_to_ds help and features (#4607) * issue 4612 - Fix pytest fourwaymmr_test for non root user (#4613) * Issue 4609 - CVE - info disclosure when authenticating * Issue 4348 - Add tests for dsidm * Issue 4571 - Stale libdb-utils dependency * Issue 4600 - performance modify rate: reduce lock contention on the object extension factory (#4601) * Issue 4577 - Add GitHub actions * Issue 4588 - BUG - unable to compile without xcrypt (#4589) * Issue 4579 - libasan detects heap-use-after-free in URP test (#4584) * Issue 4581 - A failed re-indexing leaves the database in broken state (#4582) * Issue 4348 - Add tests for dsidm * Issue 4577 - Add GitHub actions * Issue 4563 - Failure on s390x: 'Fails to split RDN "o=pki-tomcat-CA" into components' (#4573) * Issue 4093 - fix compiler warnings and update doxygen * Issue 4575 - Update test docstrings metadata * Issue 4526 - sync_repl: when completing an operation in the pending list, it can select the wrong operation (#4553) * Issue 4324 - Performance search rate: change entry cache monitor to recursive pthread mutex (#4569) * Issue 4513 - Add DS version check to SSL version test (#4570) * Issue 5442 - Search results are different between RHDS10 and RHDS11 * Issue 4396 - Minor memory leak in backend (#4558) * Revert "Update metadata for customerscenario in test docstring" * Update metadata for customerscenario in test docstring * Issue 4513 - Fix replication CI test failures (#4557) * Issue 4513 - Fix replication CI test failures (#4557) * Issue 4153 - Added a CI test (#4556) * Issue 4506 - BUG - fix oob alloc for fds (#4555) * Issue 4548 - CLI - dsconf needs better root DN access control plugin validation * Issue 4506 - Temporary fix for io issues (#4516) * Issue 4535 - lib389 - Fix log function in backends.py * Issue 4534 - libasan read buffer overflow in filtercmp (#4541) * Issue 4544 - Compiler warnings on krb5 functions (#4545) * Update rpm.mk for RUST tarballs - small spec cleanup - As there is no python-* package, the direct use of singlespec seems unapplicable. So do not build for all python3.x flavors, but only for the main one: + Use releavant %python3_ macros. + Do not use %python_module, as this pulls in all python versions. - Update to version 2.0.2~git0.6d17ca7df: * Bump version to 2.0.2 * Issue 4539 - BUG - no such file if no overlays in openldap during migration (#4540) * Issue 4528 - Fix cn=monitor SCOPE_ONE search (#4529) * Issue 4535 - lib389 - healthcheck throws exception if backend is not replicated * Issue 4537 - Use KRB5_CLIENT_KTNAME for client keytabs (#4523) * Issue 4513 - CI Tests - fix test failures * Issue 4504 - insure that repl_monitor_test use ldapi (for RHEL) - fix merge issue (#4533) * Issue 4315 - performance search rate: nagle triggers high rate of setsocketopt * Issue 4504 - Insure ldapi is enabled in repl_monitor_test.py (Needed on RHEL) (#4527) * Issue 4506 - BUG - Fix bounds on fd table population (#4520) * Issue 4521 - DS crash in deref plugin if dereferenced entry exists but is not returned by internal search (#4525) * Issue 4219 - Log internal unindexed searches (notes=A) * Issue 4384 - Separate eventq into REALTIME and MONOTONIC * Issue 4381 - RFE - LDAPI authentication DN rewritter * Issue 4513 - Fix schema test and lib389 task module (#4514) * Issue 4414 - disk monitoring - prevent division by zero crash * Issue 4517 - BUG: Multiple systemd pin warnings (#4518) * Issue 4507 - Improve csngen testing task (#4508) * Issue 4498 - BUG - entryuuid replication may not work (#4503) * Issue 4480 - Unexpected info returned to ldap request (#4491) * Issue #4504 - Fix pytest test_dsconf_replication_monitor (#4505) * Issue 4373 - BUG - one line cleanup, free results in mt if ent 0 (#4502) * Merge pull request #4501 from mreynolds389/issue4500 * Issue 4272 RFE - add support for gost-yescrypt for hashing passwords (#4497) * Issue 1795 - RFE - Enable logging for libldap and libber in error log (#4481) * Issue 3522 - Remove DES to AES conversion code * Issue 4492 - Changelog cache can upload updates from a wrong starting point (CSN) (#4493) * Issue 4373 - BUG - calloc of size 0 in MT build (#4496) * Issue 4483 - heap-use-after-free in slapi_be_getsuffix * Issue 4486 - Remove random ldif file generation from import test (#4487) * Issue 4224 - cleanup specfile after libsds removal * Issue 4421 - Unable to build with Rust enabled in closed environment * Issue 4489 - Remove return statement from a void function (#4490) * Issue 4229 - RFE - Improve rust linking and build performance (#4474) * Ticket 4224 - openldap can become confused with entryuuid * Ticket 4313 - improve tests and improve readme re refdel * Ticket 4313 - fix potential syncrepl data corruption * Issue 4419 - Warn users of skipped entries during ldif2db online import (#4476) * Issue 4243 - Fix test (4th): SyncRepl plugin provides a wrong (#4475) * Issue 4315: performance search rate: nagle triggers high rate of setsocketopt (#4437) * Issue 4460 - BUG - add machine name to subject alt names in SSCA (#4472) * Issue 4446 RFE - openldap password hashers * Issue 4284 - dsidm fails to delete an organizationalUnit entry * Issue 4243 - Fix test: SyncRepl plugin provides a wrong cookie (#4466) (#4466) * Issue 4464 - RFE - clang with ds+asan+rust * Issue 4105 - Remove python.six (fix regression) * Issue 4384 - Use MONOTONIC clock for all timing events and conditions * Issue 4418 - ldif2db - offline. Warn the user of skipped entries * Issue 4243 - Fix test: SyncRepl plugin provides a wrong cookie (#4467) * Issue 4460 - BUG - lib389 should use system tls policy * Issue 3657 - Add options to dsctl for dsrc file * Issue 4454 - RFE - fix version numbers to allow object caching * Issue 3986 - UI - Handle objectclasses that do not have X-ORIGIN set * Issue 4297 - 2nd fix for on ADD replication URP issue internal searches with filter containing unescaped chars (#4439) * Issue 4112 - Added a CI test (#4441) * Issue 4449 - dsconf replication monitor fails to retrieve database RUV - consumer (Unavailable) (#4451) * Issue 4105 - Remove python.six from lib389 (#4456) * Fix pytest test collection * Issue 4440 - BUG - ldifgen with --start-idx option fails with unsupported operand (#4444) * Issue 4410 RFE - ndn cache with arc in rust * Issue 4373 - BUG - Mapping Tree nodes can be created that are invalid * Issue 4428 - BUG Paged Results with critical false causes sigsegv in chaining * Issue 4428 - Paged Results with Chaining Test Case * do not add referrals for masters with different data generation #2054 (#4427) * Issue 4383 - Do not normalize escaped spaces in a DN * Issue 4432 - After a failed online import the next imports are very slow * Issue 4316 - performance search rate: useless poll on network send callback (#4424) * Issue 4281 - dsidm user status fails with Error: 'nsUserAccount' object has no attribute 'is_locked' * Issue 4429 - NULL dereference in revert_cache() * Issue 4412 - Fix CLI repl-agmt requirement for parameters (#4422) * Issue 4407 RFE - remove http client and presence plugin (#4409) * build problems at alpine linux * Issue 4415 - unable to query schema if there are extra parenthesis - Rust is a hard-requirement of 2.0.0 series, so enable-rust flags removed - Perl has been completly removed in 2.0.0, enable-perl removed and lib389 is the default. Perl tools have not been included in SUSE since 1.4.1.x - Update to version 2.0.1~git0.b557f5daa: * Bump version to 2.0.1 * Issue 4420 - change NVR to use X.X.X instead of X.X.X.X * Issue 4391 - DSE config modify does not call be_postop (#4394) * Issue 4218 - Verify the new wtime and optime access log keywords (#4397) * Issue 4176 - CL trimming causes high CPU * ticket 2058: Add keep alive entry after on-line initialization - second version (#4399) * Issue 4403 RFE - OpenLDAP pw hash migration tests (#4408) * Bump version to 2.0.0 - Update to version 1.4.4.17~git0.5e1e392ae: * Bump version to 1.4.4.17 * Issue 4927 - rebase lib389 and cockpit in 1.4.4 * Issue 4908 - Updated several dsconf --help entries (typos, wrong descriptions, etc.) * Issue 4912 - Account Policy plugin does not set the config entry DN * Issue 4796 - Add support for nsslapd-state to CLI & UI * Issue 4894 - IPA failure in ipa user-del --preserve (#4907) * Issue 4169 - backport lib389 cert list fix * Issue 4912 - dsidm command crashing when account policy plugin is enabled * Issue 4910 - db reindex corrupts RUV tombstone nsuiqueid index * Issue 4869 - Fix retro cl trimming misuse of monotonic/realtime clocks - bsc#1188151 - Update to 1.4.4.16 patch release - bsc#1188455 - CVE-2021-3652 - fix crypt handling of locked accounts - Update to version 389dsbase1.4.4.16~git16.c1926dfc6: * Issue 4817 - BUG - locked crypt accounts on import may allow all passwords (#4819) * Issue 4656 - (2nd) Remove problematic language from UI/CLI/lib389 * Issue 4262 - Fix Index out of bound in fractional test (#4828) * Issue 4822 - Fix CI temporary password: fixture leftover breaks them (#4823) * Issue 4656 - remove problematic language from ds-replcheck * Issue 4803 - Improve DB Locks Monitoring Feature Descriptions * Issue 4803 - Improve DB Locks Monitoring Feature Descriptions (#4810) * Issue 4788 - CLI should support Temporary Password Rules attributes (#4793) * Issue 4506 - Improve SASL logging * Issue 4093 - Fix MEP test case * Issue 4747 - Remove unstable/unstatus tests (followup) (#4809) * Issue 4789 - Temporary password rules are not enforce with local password policy (#4790) * Issue 4797 - ACL IP ADDRESS evaluation may corrupt c_isreplication_session connection flags (#4799) * Issue 4447 - Crash when the Referential Integrity log is manually edited * Issue 4773 - Add CI test for DNA interval assignment * Issue 4750 - Fix compiler warning in retrocl (#4751) - Update to version 1.4.4.16~git0.3d31c6c71: * Bump version to 1.4.4.16 * Update npm packages * Issue 4719 - lib389 - fix dsconf passthrough auth bugs * Issue 4778 - RFE - Allow setting TOD for db compaction and add task * Issue 4764 - replicated operation sometime checks ACI (#4783) * Issue 4623 - RFE - Monitor the current DB locks (#4762) * Issue 4781 - There are some typos in man-pages * Issue 4773 - Enable interval feature of DNA plugin * Issue 3555 - Fix UI audit issue * Issue 4747 - Remove unstable/unstatus tests from PRCI (#4748) ----------------------------------------------------------------------------- o Updated aaa_base (security/bugfix/feature) - use autopatch - update first two patches from git originals to have the same apply depth as the rest: - git-01-61c106aac03930e03935172eaf94d92c02a343bd.patch - git-02-4e5fe2a6ec5690b51a369d2134a1119962438fd1.patch - fix get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563) - git-37-dfc5b8af96bec249e44a83d573af1f95a661a85c.patch - support xz compressed kernel (bsc#1162581) - git-38-4c0060639f6fa854830a708a823976772afe7764.patch - Fixing possible resource leak - git-39-df622b89bc92fd882a6715c5743095528a643546.patch - excluding new kernel string in version search - Add git-36-16d1cb895c2742e96a56af98111f8281bedd3188.patch: * Add $HOME/.local/bin to PATH, if it exists (bsc#1192248) - Add patch git-34-9a1bc15517d6da56d75182338c0f1bc4518b2b75.patch * sysctl.d/50-default.conf: allow everybody to create IPPROTO_ICMP sockets (bsc#1174504) - Add patch git-35-91f496b1f65af29832192bad949685a7bc25da0a.patch * sysctl.d/50-default.conf: fix ping_group_range syntax error ----------------------------------------------------------------------------- o Updated accel-config (security/bugfix/feature) [x86_64] - Update to version 3.4.2 * Add feature to skip tests based on feature availability * Skip tests requiring shared memory if feature not available * Add API to retrieve wq occupancy attribute - Update to version 3.4.1 * Bug fixes related to traffic-class * Add per-wq ATS disable support * Add extended error status reporting * Created local copy of UAPI header file idxd.h from /usr/include * Update driver name changes * Rewrite unit test removing hardcoding and other enhancements * Bug fixes - Run spec-cleaner - Update to version 3.2 * Add support for new device bind paths retaining compatibility with older kernels * Add support for UACCE interface to access char devices * Fixed several issues in filtering, config and listing code * Support all 256 bits of op_cap * Fix incorrect return values * Made removing all mdevs more intuitive - Update to version 3.1 * Improved error messages and return values * Fix incorrect error return value from tool * Allow -1 special value for wq->groupid and fix related error messages * Fix incorrect manpage text for config-wq * Remove reference to non-interface header in interface header * Remove non-interface header from packaging * Use portable data types and fix build issues in 32 bit targets - Dropped upstream merged v3.0.1-use-portable-data-types.patch ----------------------------------------------------------------------------- o Updated accountsservice (security/bugfix/feature) - Stop passing the no longer used nor recognized option user-heuristics=true to meson. - Update harden_accounts-daemon.service.patch: Do not proect home directories: the accounts daemon is used to create home directories upon user creation (boo#1189853). - Spec layout cleaning up for harden_accounts-daemon.service.patch. - Added hardening to systemd service(s). Added patch(es): * harden_accounts-daemon.service.patch - Add accountsservice-fix-gdm-crash.patch: Prevent crash of gdm upon service restart when automatic login is enabled (glfo#accountsservice/accountsservice#55). ----------------------------------------------------------------------------- o Updated acct (security/bugfix/feature) - Migrate pacct log file to new location when upgrading from SLE12, fixes bsc#1188159 ----------------------------------------------------------------------------- o Updated adcli (security/bugfix/feature) - Add --dont-expire-password option; (jsc#sle-21225); * 0036-Add-dont-expire-password-option.patch * 0037-Fix-for-dont-expire-password-option-and-join.patch ----------------------------------------------------------------------------- o Removed adios_1_13_1-gnu-mpich-hpc (XXX) ----------------------------------------------------------------------------- o Removed adios_1_13_1-gnu-mvapich2-hpc (XXX) ----------------------------------------------------------------------------- o Removed adios_1_13_1-gnu-openmpi3-hpc (XXX) ----------------------------------------------------------------------------- o Removed adios_1_13_1-gnu-openmpi4-hpc (XXX) ----------------------------------------------------------------------------- o Updated adwaita-icon-theme (security/bugfix/feature) - Update to version 41.0: + fullcolor network server and workgroup. + symbolic: larger symbolics for headerbar. + symbolic: larger notification. + updated guidelines. + symbolic: ascend/descending sort. + symbolic: edit-clear-all new metaphor. + fullcolor: application-x-addon and application-x-firmware. - Update to version 40.1.1: + symblic: night-light bbox fix. - Update to version 40.1: + 5G cellular status. + night light legibility. + hicolor inheritance. - Update to version 40.0: + No changes compared to 40.rc. - Update to version 40.rc: + Fullcolor emblem contrast. + Cursor naming. + symbolic: bluetooth-disconneted, power profile icons, night light and display brightnessn, and contact-new. - Update to version 3.38.0: + No changes. - Update to version 3.37.92: + inkscape 1.0 based rendering. + build system fixes. + fullcolor: removable media. + remove legacy fullcolor weather icons. - Changes from version 3.37.2: + symbolic: night light metaphor. + symbolic: larger expanders. + scripts -- rendrable with inkscape 1.0. - Update to version 3.36.1: + Symbolic: - User-not-tracked bugfix. - Color coding of battery states. - Hw disabled states. - Microphone state icons. + Fullcolor: video-x-generic metaphor. - Switch back to tarball release. Following this, drop libtool BuildRequires and autogen call, no longer needed. - Update to version 3.36.0: + Symbolic: - Media rtl cleanup. - Night light more identifiable. - Update to version 3.35.92: + Fullcolor mimetype icons - firmware, addons for they are prominently exposed in Software. + Drop rtl variant for playback. - Use explicit commitid as upstream borked the tag and tarball. - Update to version 3.35.91: + Updated icon set. ----------------------------------------------------------------------------- o Updated aide (security/bugfix/feature) - aide-0.16-cve-2021-45417.patch: Fix a bufferoverflow in base64 functions (bsc#1194735 CVE-2021-45417) - aide-disable-gcrypt-MD5-in-fips-mode.patch: gcrypt aborts if MD5 is used in fips mode, so disable it also in aide (bsc#1191422). ----------------------------------------------------------------------------- o Updated alacarte (security/bugfix/feature) - Add python-rpm-macros BuildRequires in case some build environment does not pull it automatically. This is needed by macros like %{python3_sitelib}. - Update to version 3.42.0: + Fix icon size in launcher properties window + Resize input field with launcher dialog + Support Python 3.10+ + Updated translations. - Drop alacarte-trans.patch: No longer needed as we do not use translation-update-upstream any more. - Modernize spec, fixup fdupes call, build as noarch. - Remove obsolete translation-update-upstream support (jsc#SLE-21105). - Fixed broken upstream URL in SPEC file - Update to version 3.36.0: + Require Python 3.2+. - Update to version 3.35.91: + Fix bad command validation. + Require Python 3.0+. + Support Python 3.8+. - Drop fix-bad-command-validation.patch and alacarte-python3.patch: fixed upstream. - Drop autoconf and automake BuildRequires, and no longer call autoreconf: no patch touches the build system. - Rebase alacarte-trans.patch. - Drop deprecated use of %desktop_database_post/postun and - %icon_theme_cache_post/postun macros. - No longer recommend -lang: supplements are in use - Update alacarte-python3.patch: Add support for python 3.7. - Modernize spec-file by calling spec-cleaner ----------------------------------------------------------------------------- o Updated alsa-plugins (security/bugfix/feature) - Update to version 1.2.6: Fixes for a52 plugin, jack, rate-lav. For details, see URL: https://alsa-project.org/wiki/Changes_v1.2.5.1_v1.2.6#alsa-plugins - Add *.sig file for the source tarball - Update to 1.2.5 * Support alsa 1.2.5 * Fixed A52 Output plugin * upmix: complete generalizing format * jack: add option to allow non-jack-aligned period size * oss: fix the config (port -> device) * pulse: pcm - handle reading pulse stream hole * usb_stream: use snd_config_get_card() to decode the card number ----------------------------------------------------------------------------- o Updated alsa (security/bugfix/feature) - Update to version 1.2.6.1: a minor fix release: * conf: fix the device parsing when arguments has no defaults * conf: accept '_' character in the variable name - Update to version 1.2.6: lots of changes, including UCM and config updates and rawmidi framing mode support: for details, see below https://www.alsa-project.org/wiki/Changes_v1.2.5.1_v1.2.6#alsa-lib - Add *.sig file for the source tarball - Update to version 1.2.5.1: a bug fix release, including previous patches: https://www.alsa-project.org/wiki/Changes_v1.2.5_v1.2.5.1 - Drop obsoleted patches: 0001-conf-fix-load_for_all_cards.patch 0002-ucm-add-_alibpref-to-get-the-private-device-prefix.patch 0003-ucm-fix-_alibpref-string-add-.-delimiter-to-the-end.patch - Fix regression in config read and UCM handling on pipewire and pulseaudio (boo#1187079, boo#1187033): 0001-conf-fix-load_for_all_cards.patch 0002-ucm-add-_alibpref-to-get-the-private-device-prefix.patch 0003-ucm-fix-_alibpref-string-add-.-delimiter-to-the-end.patch - Update to version 1.2.5 * https://www.alsa-project.org/wiki/Changes_v1.2.4_v1.2.5#alsa-lib - Drop upstream fixed patches * 0001-dlmisc-the-snd_plugin_dir_set-snd_plugin_dir-must-be.patch * 0002-dlmisc-fix-snd_plugin_dir-locking-for-not-DL_ORIGIN_.patch * 0003-pcm-snd_pcm_mmap_readi-fix-typo-in-comment.patch * 0004-topology-use-inclusive-language-for-bclk.patch * 0005-topology-use-inclusive-language-for-fsync.patch * 0006-topology-use-inclusive-language-in-documentation.patch * 0007-pcm-set-the-snd_pcm_ioplug_status-tstamp-field.patch * 0009-pcm-Add-snd_pcm_audio_tstamp_type_t-constants.patch * 0045-pcm-direct-Fix-the-missing-appl_ptr-update.patch * 0019-pcm-fix-__snd_pcm_state-return-value.patch * 0025-pcm-plugin-optimize-sync-in-snd_pcm_plugin_status.patch * 0026-Revert-pcm_plugin-fix-delay.patch * 0014-rawmidi-fix-memory-leak-in-snd_rawmidi_virtual_open.patch * 0037-topology-tplg_decode_pcm-add-missing-log-argument-co.patch * 0040-topology-sort_config-cleanups-use-goto-for-the-error.patch * 0028-pcm-rate-tidy-up-snd_pcm_rate_avail_update.patch * 0046-pcm-ioplug-Pass-appl_ptr-and-hw_ptr-in-snd_pcm_statu.patch * 0030-pcm-rate-use-pcm_frame_diff-in-snd_pcm_rate_playback.patch * 0047-pcm-null-Pass-appl_ptr-and-hw_ptr-in-snd_pcm_status.patch * 0043-pcm-dmix-dshare-delay-calculation-fixes-and-cleanups.patch * 0042-pcm_plugin-set-the-initial-hw_ptr-appl_ptr-from-the-.patch * 0011-pcm-Fix-a-typo-in-SND_PCM_AUDIO_TSTAMP_TYPE_LAST-def.patch * 0017-pcm_multi-remove-dead-assignment-from-_snd_pcm_multi.patch * 0027-pcm-ioplug-fix-the-delay-calculation-in-the-status-c.patch * 0041-conf-USB-add-Xonar-U7-MKII-to-USB-Audio.pcm.iec958_d.patch * 0016-pcm-remove-dead-assignments-from-snd_pcm_rate_-commi.patch * 0035-topology-tplg_pprint_integer-fix-coverity-uninitaliz.patch * 0034-ucm-fix-possible-memory-leak-in-parse_verb_file.patch * 0021-conf-fix-return-code-in-_snd_config_load_with_includ.patch * 0023-pcm-plugin-status-revert-the-recent-changes.patch * 0020-confmisc-fix-memory-leak-in-snd_func_concat.patch * 0029-pcm-ioplug-fix-the-delay-calculation-for-old-plugins.patch * 0039-ucm-uc_mgr_substitute_tree-fix-use-after-free.patch * 0024-pcm-plugin-tidy-snd_pcm_plugin_avail_update.patch * 0010-test-audio_time-Make-use-of-SND_PCM_AUDIO_TSTAMP_TYP.patch * 0033-pcm-rate-fix-the-capture-delay-values.patch * 0015-timer-fix-sizeof-operator-mismatch-in-snd_timer_quer.patch * 0036-topology-tplg_add_widget_object-do-not-use-invalid-e.patch * 0044-topology-fix-parse_tuple_set-remove-dead-condition-c.patch * 0038-topology-parse_tuple_set-remove-dead-condition-code.patch * 0018-conf-fix-get_hexachar-return-value.patch * 0013-ucm-fix-bad-frees-in-get_list0-and-get_list20.patch * 0012-conf-fix-use-after-free-in-_snd_config_load_with_inc.patch * 0031-pcm-plugin-fix-status-code-for-capture.patch * 0048-pcm-share-Pass-appl_ptr-and-hw_ptr-in-snd_pcm_status.patch * 0032-pcm-rate-use-pcm_frame_diff-on-related-places.patch * 0022-pcm-plugin-status-fix-the-return-value-regression.patch ----------------------------------------------------------------------------- o Updated alsa-ucm-conf (security/bugfix/feature) - Fix regression for AMD ACP LED control: 0002-HDA-acp-avoid-to-create-Mic-ACP-LED-control-for-the-.patch - Fix a regression in HDA-DualCodecs: 0001-HDA-DualCodecs-fix-typo-in-Speaker-condition.patch - Update to version 1.2.6.3: * ucm2/Qualcomm/apq8096: Change plughw to hw to access card * ucm2/Qualcomm/apq8016-sbc: Change plughw to hw to access card * ucm2: Add support for RT5650 on MediaTek SoCs * sof-soundwire: use absolute path in SectionUseCase - Update to version 1.2.6.2: a minor fix release, just includnig ther previous fixes - Drop obsoleted patches 0001-sof-hda-dsp-fix-path-to-Hdmi.conf.patch 0002-bytcht-es8316-fix-Include-paths-in-HiFi.conf.patch - Update to version 1.2.6.1: a minor fix release: * acp: fix linked configuration * ucm2: Add support for SC7180 Trogdor Lazor Chromebooks * USB-Audio: fix the wrong condition type for If.realtek-alc1220-vb - More a couple of upstream fixes for forgotten conversions: 0001-sof-hda-dsp-fix-path-to-Hdmi.conf.patch 0002-bytcht-es8316-fix-Include-paths-in-HiFi.conf.patch - Update to version 1.2.6: various profile updates. See URL below for details: https://alsa-project.org/wiki/Changes_v1.2.5.1_v1.2.6#alsa-ucm-conf - Add *.sig file for the tarball - Explicit Requires for the libasound2 with the same or newer version - Update to version 1.2.5.1: a small bugfix release, including the previous patch https://www.alsa-project.org/wiki/Changes_v1.2.5_v1.2.5.1 - Drop the obsoleted patch: 0001-HDA-Intel-the-lookups-are-supported-from-syntax-4.patch - Fix for HDA config lookup (boo#1187079): 0001-HDA-Intel-the-lookups-are-supported-from-syntax-4.patch - Update to version 1.2.5 * tegra: Add UCM for more devices * codecs/rt5640: Make headset optional * rt715: add mic led support * bytcr-rt5640: Add support for controlling a speaker-mute LED * cht-bsw-rt5672: Add support for controlling speaker- and mic-mute LEDs, Add support for the components string * ucm2: add support to for Qualcomm RB5 Platform * codecs/rt5672: Add hardware volume-control support * codecs/rt5640: Add hardware volume-control support * bytcr-wm5102: Add new UCM profile for BYT boards with a WM5102 codec * bytcr-rt5640: Add support for devices without speakers and/or an internal mic * chtrt5645: Enable Internal MIC of ECS EF20EA * chtnau8824: Add support for laptops using stereo DMICs and fix mono speaker config not working * Full changes: https://www.alsa-project.org/wiki/Changes_v1.2.4_v1.2.5#alsa-ucm-conf - Drop upstream fixes * 0001-fix-the-ucm2-codecs-hda-hdmi.conf-use.patch * 0002-codecs-hda-hdmi.conf-add-DisplayPort-to-the-device-d.patch * 0003-sof-soundwire-use-the-codecs-hda-hdmi.conf-macro.patch * 0004-Revert-ucm2-HDA-acp-add-Capture-simple-mixer-element.patch * 0005-chtnau8824-Fix-mono-speaker-config-not-working.patch * 0006-chtnau8824-Add-support-for-laptops-using-stereo-DMIC.patch * 0007-chtnau8824-Boost-analog-mic-volumes-a-bit.patch * 0008-rt715-init-setup-ADC07-to-a-proper-volume.patch * 0009-sof-hda-dsp-Set-Master-Playback-Switch-on-in-the-Boo.patch * 0010-HDA-Intel-HiFi-dual-Add-EnableSequence-and-DisableSe.patch * 0011-HDA-Intel-HiFi-dual-Add-BootSequence-and-disable-pla.patch * 0012-chtrt5645-Enable-Internal-MIC-of-ECS-EF20EA.patch * 0013-bytcr-rt5640-Add-support-for-devices-without-speaker.patch * 0014-rt5640-Move-standard-DAC-setup-to-EnableSeq.conf.patch * 0015-bytcr-rt5640-fix-the-execution-order.patch * 0016-ucm2-add-initial-configuration-for-TRX40-Gigabyte-Ao.patch * 0017-USB-Audio-ALC1220-Bump-analog-Speaker-priority-over-.patch * 0018-USB-Audio-ALC1220-fix-indentation-for-Speaker-device.patch * 0019-USB-Audio-fix-indentation-in-Gigabyte-Aorus-Master-M.patch * 0020-chtnau8824-Add-a-SST-define-variable.patch * 0021-kblrt5660-Fix-file-permissions.patch ----------------------------------------------------------------------------- o Updated alsa-utils (security/bugfix/feature) - Fix alsamixer color config regression: 0001-alsamixer-Fix-regression-in-color-setup.patch - Update to alsa-utils 1.2.6: various updates / fixes for alsactl, amidi, alsaloop, alsamixer, alsatplg, amixer, aplay and aseqnet. Details are found in https://alsa-project.org/wiki/Changes_v1.2.5.1_v1.2.6#alsa-utils - Update the download URL - Add *.sig file for the tarball - Drop ProtectClock hardening, can cause issues if other device acceess is needed - Added hardening to systemd service(s). Modified: * sound-extra.service - Update to alsa-utils 1.2.5: a major version up, including previous patches https://www.alsa-project.org/wiki/Changes_v1.2.4_v1.2.5 - Update to alsa-utils 1.2.5.1: a small bugfix release https://www.alsa-project.org/wiki/Changes_v1.2.5_v1.2.5.1 - Drop the obsoleted patches: 0001-aplay-try-to-use-16-bit-format-to-increase-capture-q.patch 0002-alsamixer-Fix-the-mixer-views-description-in-man-pag.patch 0003-Add-Slovak-translation.patch 0004-Add-Basque-translation.patch 0006-aplay-cosmetic-code-fix-in-xrun.patch 0007-aplay-fix-the-CPU-busy-loop-in-the-pause-handler.patch 0008-alsa-info-Add-lsusb-and-stream-outputs.patch 0010-alsactl-Fix-double-decrease-of-lock-timeout.patch 0011-alsactl-Fix-race-at-creating-a-lock-file.patch 0012-alsactl-Remove-asound.state-file-check-from-alsa-res.patch 0013-aplay-add-test-code-for-snd_pcm_status-to-test-posit.patch 0014-ucm-fix-typo-in-docs.patch 0015-aplay-add-avail-delay-checks-to-test-position.patch 0016-alsactl-daemon-read_pid_file-fix-the-returned-code-o.patch 0017-alsactl-init-set_ctl_value-fix-bytes-parsing.patch 0018-alsactl-init-parse-fix-possible-double-free.patch 0019-alsaloop-fix-possible-memory-leak-in-create_loopback.patch 0020-alsaloop-get_queued_playback_samples-simplify-code.patch 0021-topology-fix-possible-double-free-in-load.patch 0022-alsamixer-remove-dead-fcn-widget_handle_key-in-widge.patch 0023-alsamixer-remove-unused-variable-y-in-display_scroll.patch 0024-alsamixer-fix-shift-in-parse_words.patch 0025-aplay-fix-the-test-position-test-for-playback-avail-.patch - Suppress automatic update of alsa-info.sh (bsc#1185280): alsa-info-no-update-for-distro-script.patch - Backport upstream fixes: various fixes in aplay, alsamixer, alsactl and alsaloop, updated translations, etc: 0001-aplay-try-to-use-16-bit-format-to-increase-capture-q.patch 0002-alsamixer-Fix-the-mixer-views-description-in-man-pag.patch 0003-Add-Slovak-translation.patch 0004-Add-Basque-translation.patch 0006-aplay-cosmetic-code-fix-in-xrun.patch 0007-aplay-fix-the-CPU-busy-loop-in-the-pause-handler.patch 0008-alsa-info-Add-lsusb-and-stream-outputs.patch 0013-aplay-add-test-code-for-snd_pcm_status-to-test-posit.patch 0014-ucm-fix-typo-in-docs.patch 0015-aplay-add-avail-delay-checks-to-test-position.patch 0016-alsactl-daemon-read_pid_file-fix-the-returned-code-o.patch 0017-alsactl-init-set_ctl_value-fix-bytes-parsing.patch 0018-alsactl-init-parse-fix-possible-double-free.patch 0019-alsaloop-fix-possible-memory-leak-in-create_loopback.patch 0020-alsaloop-get_queued_playback_samples-simplify-code.patch 0021-topology-fix-possible-double-free-in-load.patch 0022-alsamixer-remove-dead-fcn-widget_handle_key-in-widge.patch 0023-alsamixer-remove-unused-variable-y-in-display_scroll.patch 0024-alsamixer-fix-shift-in-parse_words.patch 0025-aplay-fix-the-test-position-test-for-playback-avail-.patch ----------------------------------------------------------------------------- o Updated amazon-ecs-init (security/bugfix/feature) [x86_64] - Update to version 1.53.0-1 (bsc#1187661, bsc#1187662) * Cache Agent version 1.53.0 - from version 1.52.2-2 * Cache Agent version 1.52.2 * ecs-anywhere-install: fix incorrect download url when running in cn region - from version 1.52.2-1 * Cache Agent version 1.52.2 * ecs-anywhere-install: remove dependency on gpg key server * ecs-anywhere-install: allow sandboxed apt installations - Add use-agent-container-built-in-certs.patch to use the built in certs from the downloaded agent container - Update amazon-ecs.service to consider the proper environment files - Set the cache state to ensure the latest agent container gets pulled - Update to version 1.52.1 (bsc#1186239, bsc#1186262) + Cache Agent version 1.52.1 + Add support for ECS EXTERNAL launch type (ECS Anywhere) - Add info about bundled dependencies in spec - Fix required go version - Handle go 1.16 or later by switching GO111MODULE to previous default - Only build for x86_64 and aarch64 - Update to version 1.50.1 (bsc#1182343, bsc#1182344) + Cache Agent version 1.50.1 + Does not restart ECS Agent when it exits with exit code 5 - For detailed changes between the previous version and this version see the included Changelog.md file - BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to shortcut through the -mini flavors. ----------------------------------------------------------------------------- o Updated amazon-ssm-agent (security/bugfix/feature) - Update to version 3.0.1209.0 (bsc#1186239, bsc#1186262) + For detailed changes see RELEASENOTES.md + Drop fix-version.patch replaced by sed expression in spec file + Drop remove-unused-import.patch no longer included from upstream + Drop fix-config.patch all SUSE distros use systemd + Remove amazon-ssm-agent.service included in upstream source, use it + Move all binaries into sbin and fix the hard coded config path via sed - Update to 2.3.1205.0: * Updated the SSM Agent Snap to core18 * Bug fix for expired in-progress documents being resumed * Bug fix for update specific files not being deleted after agent update is finished * Bug fix for cached manifest files not being deleted in the configurepackage plugin - Update to 2.3.978.0 (2020-04-08) (bsc#1170744) - Add patch to remove unused import + remove-unused-import.patch - Refresh patches for new version + fix-version.patch - BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to shortcut through the -mini flavors. - Update version patch. - Update to 2.3.415.0 (2019-03-05) - Update to 2.3.372.0 (2019-03-05) - Update to 2.3.344.0 (2019-03-05) - Update to 2.3.274.0 (2019-03-05) - Update to 2.3.235.0 (2019-03-05) - Update to 2.3.193.0 (2019-03-05) - Update to 2.3.169.0 (2019-03-05) - Update to 2.3.136.0 (2019-03-05) - Update to 2.3.117.0 (2019-03-05) - Update to 2.3.101.0 (2019-03-05) - Update to 2.3.68.0 (2019-03-05) - Update to 2.3.13.0 (2019-03-05) - Update to 2.2.916.0 (2019-03-05) - Update to 2.2.902.0 (2019-03-05) - Update to 2.2.800.0 (2019-03-05) + Streaming AWS Systems Manager Run Command output to CloudWatch Logs - Update to 2.2.619.0 (2019-03-05) - Update to 2.2.607.0 (2019-03-05) - Update to 2.2.546.0 (2019-03-05) + Bug fix to retry sending document results if they couldn't reach the service - Update to 2.2.493.0 (2019-03-05) + Bug fix so that aws:downloadContent does not change permissions of directories + Bug fix to Cloudwatch plugin where StartType has duplicated Enabled value - Update to 2.2.392.0 (2019-03-05) + Added support for agent hibernation so that Agent backs off or enters hibernation mode if it does not have access to the service - Update to 2.2.355.0 (2019-03-05) ----------------------------------------------------------------------------- o Updated amtk (security/bugfix/feature) - Update to version 5.3.1: + Build: port to Meson, remove Autotools. + Updated translations. - Switch to meson buildsystem: + Add meson BuildRequires. + Replace configure/make/make_install with respective meson/meson_build/meson_install macros. - Enable test suite: add %check session and call %meson_test. - Update to version 5.2.0: + Updated translations. - Update to version 5.1.2: + Build system: better support for Visual Studio. + Updated translations. - Changes from version 5.1.1: + Support detailed GAction names in factory functions. + Mark public API with _AMTK_EXTERN. + Microsoft Windows: better support. + Small maintenance stuff. + Updated translations. ----------------------------------------------------------------------------- o Updated anthy (security/bugfix/feature) - Drop --with-pic (no effect with --disable-static) - Switch to %autosetup (rediff bugzilla-1175274-emacs-27.1.patch as p1) ----------------------------------------------------------------------------- o Added apache2-mod_auth_mellon (feature) ## WARNING - the following diff is a head -20 proposal * Mon Aug 02 2021 danilo.spinella@suse.com - Fix CVE-2021-3639 Open Redirect vulnerability in logout URLs (CVE-2021-3639, bsc#1188926) * fix-CVE-2021-3639.patch * Thu Sep 10 2020 kstreitova@suse.com - Update to 0.17.0 * New option MellonSendExpectHeader (default On) which allows to disable sending the Expect header in the HTTP-Artifact binding to improve performance when the remote party does not support this header. * Set SameSite attribute to None on on the cookietest cookie. * Bump default generated keysize to 3072 bits in mellon_create_metadata * Validate if the assertion ID has not been used earlier before creating a new session. * Release session cache after calling invalidate endpoint. ----------------------------------------------------------------------------- o Updated apache2-mod_auth_openidc (security/bugfix/feature) - Fix CVE-2021-32791 Hardcoded static IV and AAD with a reused key in AES GCM encryption (CVE-2021-32791, bsc#1188849) * fix-CVE-2021-32791.patch - Fix CVE-2021-32792 XSS when using OIDCPreservePost On (CVE-2021-32792, bsc#1188848) * fix-CVE-2021-32792-1.patch * fix-CVE-2021-32792-2.patch - Fix CVE-2021-32785 format string bug via hiredis (CVE-2021-32785, bsc#1188638) * fix-CVE-2021-32785.patch - Fix CVE-2021-32786 open redirect in logout functionality (CVE-2021-32786, bsc#1188639) * fix-CVE-2021-32786.patch - Refresh apache2-mod_auth_openidc-2.3.8-CVE-2019-20479.patch - require hiredis only for newer distros than SLE-15 [jsc#SLE-11726] ----------------------------------------------------------------------------- o Added apache2-mod_php7 (feature) ## WARNING - the following diff is a head -20 proposal * Fri Oct 22 2021 suse+build@de-korte.org - updated to 7.4.25: This is a security release (CVE-2021-21703) which also contains several bug fixes. See https://www.php.net/ChangeLog-7.php#7.4.25 * Mon Sep 27 2021 pgajdos@suse.com - previous version updates fixes also: CVE-2020-7068,CVE-2020-7069,CVE-2020-7070,CVE-2020-7071, CVE-2021-21702,CVE-2021-21704,CVE-2021-21705 bsc#1175223,bsc#1177351,bsc#1177352,bsc#1180706, bsc#1182049,bsc#1188035,bsc#1188037 * Thu Sep 23 2021 suse+build@de-korte.org - updated to 7.4.24: This is a security release (CVE-2021-21706) which also contains several bug fixes. See https://www.php.net/ChangeLog-7.php#7.4.24 ----------------------------------------------------------------------------- o Added apache2-mod_php8 (feature) ## WARNING - the following diff is a head -20 proposal * Thu Aug 26 2021 suse+build@de-korte.org - updated to 8.0.10: This is a security release which also contains several bug fixes. See https://www.php.net/ChangeLog-8.php#8.0.10 - deleted patch - php-systzdata-v19.patch - added patch + php-systzdata-v20.patch * Wed Aug 04 2021 mrueckert@suse.de - fix apparmor support: seems it requires a configure flag now. * Thu Jul 29 2021 suse+build@de-korte.org - updated to 8.0.9: This is a bug fix release. See https://www.php.net/ChangeLog-8.php#8.0.9 * Thu Jul 01 2021 suse+build@de-korte.org - updated to 8.0.8: This is a security release which also contains ----------------------------------------------------------------------------- o Updated apache2-mod_security2 (security/bugfix/feature) - Update to 2.9.4: * Add microsec timestamp resolution to the formatted log timestamp * Added missing Geo Countries * Store temporaries in the request pool for regexes compiled per-request. * Fix other usage of the global pool for request temporaries in re_operators.c * Adds a sanity check before use ctl:ruleRemoveTargetById and ctl:ruleRemoveTargetByMsg. * Fix the order of error_msg validation * When the input filter finishes, check whether we returned data * fix: care non-null terminated chunk data * Fix for apr_global_mutex_create() crashes with mod_security * Fix inet addr handling on 64 bit big endian systems - Run spec-cleaner - Remove if/else for older version of SUSE distribution - version update to 2.9.3 * Enable optimization for large stream input by default on IIS [Issue #1299 - @victorhora, @zimmerle] * Allow 0 length JSON requests. [Issue #1822 - @allanbomsft, @zimmerle, @victorhora, @marcstern] * Include unanmed JSON values in unnamed ARGS [Issue #1577, #1576 - @marcstern, @victorhora, @zimmerle] * Fix buffer size for utf8toUnicode transformation [Issue #1208 - @katef, @victorhora] * Fix sanitizing JSON request bodies in native audit log format [p0pr0ck5, @victorhora] * IIS: Update Wix installer to bundle a supported CRS version (3.0) [@victorhora, @zimmerle] * IIS: Update dependencies for Windows build [Issue #1848 - @victorhora, @hsluoyz] * IIS: Set SecStreamInBodyInspection by default on IIS builds (#1299) [Issue #1299 - @victorhora] * IIS: Update modsecurity.conf [Issue #788 - @victorhora, @brianclark] * Add sanity check for a couple malloc() and make code more resilient [Issue #979 - @dogbert2, @victorhora, @zimmerl] * Fix NetBSD build by renaming the hmac function to avoid conflicts [Issue #1241 - @victorhora, @joerg, @sevan] * IIS: Windows build, fix duplicate YAJL dir in script [Issue #1612 - @allanbomsft, @victorhora] * IIS: Remove body prebuffering due to no locking in modsecProcessRequest [Issue #1917 - @allanbomsft, @victorhora] * Fix mpm-itk / mod_ruid2 compatibility [Issue #712 - @ju5t , @derhansen, @meatlayer, @victorhora] * Code cosmetics: checks if actionset is not null before use it [Issue #1556 - @marcstern, @zimmerle, @victorhora] * Only generate SecHashKey when SecHashEngine is On [Issue #1671 - @dmuey, @monkburger, @zimmerle] * Docs: Reformat README to Markdown and update dependencies [Issue #1857 - @hsluoyz, @victorhora] * IIS: no lock on ProcessRequest. No reload of config. [Issue #1826 - @allanbomsft] * IIS: buffer request body before taking lock [Issue #1651 - @allanbomsft] * good practices: Initialize variables before use it [Issue #1889 - Marc Stern] * Let body parsers observe SecRequestBodyNoFilesLimit [Issue #1613 - @allanbomsft] * potential off by one in parse_arguments [Issue #1799 - @tinselcity, @zimmerle] * Fix utf-8 character encoding conversion [Issue #1794 - @tinselcity, @zimmerle] * Fix ip tree lookup on netmask content [Issue #1793 - @tinselcity, @zimmerle] * IIS: set overrideModeDefault to Allow so that individual websites can add to their web.config file [Issue #1781 - @default-kramer] * modsecurity.conf-recommended: Fix spelling [Issue #1721 - @padraigdoran] * build: fix when multiple lines for curl version [Issue #1771 - @Artistan] * Fix arabic charset in unicode_mapping file [Issue #1619 - @alaa-ahmed-a] * Optionally preallocates memory when SecStreamInBodyInspection is on [Issue #1366 - @allanbomsft, @zimmerle] * Fixed typo in build_yajl.bat [Issue #1366 - @allanbomsft] * Fixes SecConnWriteStateLimit [Issue #1545 - @nicjansma] * Added "empy chunk" check [Issue #1347, #1446 - @gravagli, @bostrt, @zimmerle] * Add capture action to @detectXSS operator [Issue #1488, #1482 - @victorhora] * Fix for wildcard operator when loading conf files on Nginx / IIS [Issue #1486, #1285 - @victorhora and @thierry-f-78] * Set of fixies to make windows build workable with the buildbots [Commit 94fe3 - @zimmerle] * Uses LOG_NO_STOPWATCH instead of DLOG_NO_STOPWATCH [Issue #1510 - @marcstern] * Adds missing headers [Issue #1454 - @devnexen] - modified patches [bsc#1180830] [bsc#1180830] - removing %apache_test_* macros, do not test module just by loading the module ----------------------------------------------------------------------------- o Updated apache2-mod_wsgi-python3 (security/bugfix/feature) - Enable installation of Python sitelib wrapper This enabled Python Projects to require mod_wsgi in the install_requires without receiving a "DistributionNotFound" error on entrypoint script generated by setuptools - Backport of https://build.opensuse.org/request/show/794038 - Fixes bsc#1189467 ----------------------------------------------------------------------------- o Updated apache2-mod_wsgi (security/bugfix/feature) - use /usr/sbin/apxs for build, not -prefork - Update to version 4.7.1: + Use Python 3 style print. + Mostly changes around distribtion from PyPi, where mod_wsgi is completented by a mod_wsgi-standalone with an own apache instance. - Drop the python2 based package (py2 is EOL): Move the content of the former apache2-mod_wsgi-python3 package into apache-mod_wsgi. Provide/Obsolete the old -python3 package for ease of upgrade. - Add Python-native build so Python metadata and wrapper is present - add %apache_rex_deps - version update to 4.6.8 * If no system mime types file can be found, fall back to ``/dev/null`` so that Apache can still at least start up. * Fix compilation failures when using Python 3.8. * The Apache request ID is accessible in request events as ``request_id``. * The per request data dictionary accessible using ``mod_wsgi.request_data()`` is now also accessible in events as ``request_data``. * When the queue timeout was triggered for requests sent to daemon mode processes, the error response wasn't being flushed out correctly resulting in the connection still being held up to the time of the socket timeout. - test with %apache_rex_check - update to 4.6.5: * When running mod_wsgi-express and serving up static files from the document root, and the WSGI application was mounted at a sub URL using --mount-point, the static files in the document root outside of the mount point for the WSGI application would no longer be accessible. * If no system mime types file can be found, fall back to /dev/null so that Apache can still at least start up. * Now possible to use mod_wsgi-express in an a zipapp created using shiv. This entailed a special workaround to detect when shiv was used, so that the unpacked site-packages directory could be added to the Python module search path for mod_wsgi-express. - update to 4.6.4: * see http://modwsgi.readthedocs.io/en/develop/release-notes/version-4.5.19.html * see http://modwsgi.readthedocs.io/en/develop/release-notes/version-4.5.20.html * see http://modwsgi.readthedocs.io/en/develop/release-notes/version-4.5.21.html * see http://modwsgi.readthedocs.io/en/develop/release-notes/version-4.5.22.html * see http://modwsgi.readthedocs.io/en/develop/release-notes/version-4.5.23.html * see http://modwsgi.readthedocs.io/en/develop/release-notes/version-4.5.24.html * see http://modwsgi.readthedocs.io/en/develop/release-notes/version-4.6.0.html * see http://modwsgi.readthedocs.io/en/develop/release-notes/version-4.6.1.html * see http://modwsgi.readthedocs.io/en/develop/release-notes/version-4.6.2.html * see http://modwsgi.readthedocs.io/en/develop/release-notes/version-4.6.3.html * see http://modwsgi.readthedocs.io/en/develop/release-notes/version-4.6.4.html ----------------------------------------------------------------------------- o Updated apache2 (security/bugfix/feature) - ssl-global.conf: set SSLCipherSuite to PROFILE=SYSTEM instead of DEFAULT_SUSE [jsc#SLE-22561] - set also SSLProxyCipherSuite to PROFILE=SYSTEM - modified sources % apache2-ssl-global.conf - version update to 2.4.51 * ) core: Add ap_unescape_url_ex() for better decoding control, and deprecate unused AP_NORMALIZE_DROP_PARAMETERS flag. [Yann Ylavic, Ruediger Pluem, Stefan Eissing, Joe Orton] - version update to 2.4.50 * fixes CVE-2020-11984, CVE-2020-13950, CVE-2020-35452, CVE-2021-26690, CVE-2021-26691, CVE-2021-30641, CVE-2021-31618, CVE-2021-33193, CVE-2021-34798, CVE-2021-36160, CVE-2021-39275, CVE-2021-40438 * see CHANGES for more details - deleted patches - apache2-CVE-2020-11984.patch (upstreamed) - apache2-CVE-2020-13950.patch (upstreamed) - apache2-CVE-2020-35452.patch (upstreamed) - apache2-CVE-2021-26690.patch (upstreamed) - apache2-CVE-2021-26691.patch (upstreamed) - apache2-CVE-2021-30641.patch (upstreamed) - apache2-CVE-2021-31618.patch (upstreamed) - apache2-CVE-2021-33193.patch (upstreamed) - apache2-mod_proxy_uwsgi-fix-crash.patch (upstreamed) - apache2-mod_http2-1.15.14.patch (upstreamed) - security update - added patches fix CVE-2021-33193 [bsc#1189387], Request splitting via HTTP/2 method injection and mod_proxy + apache2-CVE-2021-33193.patch - security update - added patches fix CVE-2021-30641 [bsc#1187174], MergeSlashes regression + apache2-CVE-2021-30641.patch - security update - added patches fix CVE-2021-31618 [bsc#1186924], NULL pointer dereference on specially crafted HTTP/2 request + apache2-CVE-2021-31618.patch - security update - added patches fix CVE-2020-13950 [bsc#1187040], mod_proxy NULL pointer dereference + apache2-CVE-2020-13950.patch - security update - added patches fix CVE-2020-35452 [bsc#1186922], Single zero byte stack overflow in mod_auth_digest + apache2-CVE-2020-35452.patch fix CVE-2021-26690 [bsc#1186923], mod_session NULL pointer dereference in parser + apache2-CVE-2021-26690.patch fix CVE-2021-26691 [bsc#1187017], Heap overflow in mod_session + apache2-CVE-2021-26691.patch ----------------------------------------------------------------------------- o Updated apache-commons-compress (security/bugfix/feature) - Updated to 1.21 * When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package. (CVE-2021-35515, bsc#1188463) * When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package. (CVE-2021-35516, bsc#1188464) * When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package. (CVE-2021-35517, bsc#1188465) * When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package. (CVE-2021-36090, bsc#1188466) - New dependency on asm3 for Pack200 compressor - Rebased patch fix_java_8_compatibility.patch to a new context and added some new ocurrences ----------------------------------------------------------------------------- o Updated apache-rex (security/bugfix/feature) - require apache2-utils - version update to 20210108 * count php8 in - version update to 20201125 * curl changed --help behavior - version update to 20200901 * added mod_proxy_express-basic-gdbm * amended mod_proxy_express-basic to use sdbm, which should be always available - Replace incorrect usage of %_libexecdir/rpm with %_rpmconfigdir - version update to 20200407 * added mod_ssl-SSLProxyEngine - version update to 20200403 * added mod_proxy_http2-basic - version update to 20200402 * minor fixes - version update to 20200228 * refactor mod_authn_dbd-mysql, create lib/mysql * new mod_php-mysql - version update to 20200210 * add debug-wku - version update to 20191219 * modify: mod_authn_dbd-pgsql: control ipc * new: mod_authz_unixgroup - version update to 20191203 * add uwsgi support * new . mod_proxy_uwsgi-basic . mod_wsgi-basic ----------------------------------------------------------------------------- o Updated apparmor (security/bugfix/feature) - update to AppArmor 3.0.4 - various fixes in profiles, abstractions, apparmor_parser and utils (some of them were already included as patches) - add support for mctp address family - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.4 for the full upstream changelog - remove upstream(ed) patches: - aa-notify-more-arch-mr809.diff - ruby-3.1-build-fix.diff - add-samba-bgqd.diff - openssl-engdef-mr818.diff - profiles-python-3.10-mr783.diff - update-samba-abstractions-ldb2.diff - refresh patches: - apparmor-samba-include-permissions-for-shares.diff - ruby-2_0-mkmf-destdir.patch - add ruby-3.1-build-fix.diff: fix build with ruby 3.1 (boo#1194221, MR 827) - add update-samba-abstractions-ldb2.diff: Cater for changes to ldb packaging to allow parallel installation with libldb (bsc#1192684). - Modify add-samba-bgqd.diff: Add new rule to fix new "DENIED operation="file_mmap" violation in SLE15-SP4; (bsc#1192336). - add openssl-engdef-mr818.diff: Allow reading /etc/ssl/engdef.d/ and /etc/ssl/engines.d/ in abstractions/openssl which were introduced with the latest openssl update - add aa-notify-more-arch-mr809.diff: Add support for reading s390x and aarch64 wtmp files (boo#1181155) - add add-samba-bgqd.diff: add profile for samba-bgqd (boo#1191532) - lessopen.sh profile: allow reading files that live on NFS over UDP (added to apparmor-lessopen-nfs-workaround.diff) (boo#1190552) - add profiles-python-3.10-mr783.diff: update abstractions/python and profiles for python 3.10 - update to AppArmor 3.0.3 - fix a failure in the parser tests - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.3 - update to AppArmor 3.0.2 - add missing permissions to several profiles and abstractions (including boo#1188296) - bugfixes in utils and parser (including boo#1180766 and boo#1184779) - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.2 for the detailed upstream changelog - remove upstreamed patches: - apparmor-dovecot-stats-metrics.diff - abstractions-php8.diff - crypto-policies-mr720.diff - added apparmor-dovecot-stats-metrics.diff to allow Prometheus metrics end-point - move Requires: python3 back to the python3-apparmor subpackage - readline usage is in the python modules, not in apparmor-utils - Remove python symbols (python means currently python2), work only with python3 ones (fallout from bsc#1185588). - add abstractions-php8.diff to support PHP8 in abstractions/php (boo#1186267) - add crypto-policies-mr720.diff to allow reading crypto policies in abstractions/ssl_certs (boo#1183597) - replace %{?systemd_requires} with %{?systemd_ordering} to avoid dragging in systemd into containers just because apparmor-parser ships a *.service file - merge libapparmor.changes into apparmor.changes - avoid file listed twice error - define %_pamdir for <= 15.x to fix the build on those releases - add apache-extra-profile-include-if-exists.diff: make include in apache extra profile optional to avoid problems with empty profile directory (boo#1178527) - prepare usrmerge (boo#1029961) * use %_pamdir - update to AppArmor 3.0.1 - minor additions to profiles and abstractions - some bugfixes in libapparmor, apparmor_parser and the aa-* utils - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.1 for the detailed upstream changelog - removed upstream(ed) patches: - changes-since-3.0.0.diff - extra-profiles-fix-Pux.diff - utils-fix-hotkey-conflict.diff - Use apache provided variables for the module_directry: + Use %apache_libexecdir + Add apache-rpm-macros BuildRequires - add utils-fix-hotkey-conflict.diff to fix a hotkey conflict in de, id and sv translations (and fix the test) (MR 675) - add extra-profiles-fix-Pux.diff to fix an inactive profile - prevents a crash in aa-logprof and aa-genprof when creating a new profile (MR 676) - update to AppArmor 3.0.0 - introduce feature abi declaration in profiles to enable use of new rule types (for openSUSE: dbus and unix rules) - support xattr attachment conditionals - experimental support for kill and unconfined profile modes - rewritten aa-status (in C), including support for new profile modes - rewritten aa-notify (in python), finally dropping the perl requirement at runtime - new tool aa-features-abi for extracting feature abis from the kernel - update profiles to have profile names and to use 3.0 feature abi - introduce @{etc_ro} and @{etc_rw} profile variables - new profile for php-fpm - several updates to profiles and abstractions (including boo#1166007) - fully support 'include if exists' in the aa-* tools - rewrite handling of alias, include, link and variable rules in the aa-* tools - rewrite and simplify log handling in the aa-logprof and aa-genprof - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0 for the detailed upstream changelog - patches: - add changes-since-3.0.0.diff with upstream fixes since the 3.0.0 release up to 3e18c0785abc03ee42a022a67a27a085516a7921 - drop upstreamed usr-etc-abstractions-base-nameservice.diff - drop 2.13-only libapparmor-so-number.diff - refresh apparmor-enable-profile-cache.diff - partially upstreamed - update apparmor-samba-include-permissions-for-shares.diff and apparmor-lessopen-profile.patch - switch to "include if exists" - apparmor-lessopen-profile.patch: add abi rule to lessopen profile - refresh apparmor-lessopen-nfs-workaround.diff - move away very loose apache profile that doesn't even match the apache2 binary path in openSUSE to avoid confusion (boo#872984) - move rewritten aa-status from utils to parser subpackage - add aa-features-abi to parser subpackage - replace perl and libnotify-tools requires with requiring python3-notify2 and python3-psutil (needed by the rewritten aa-notify) - drop ancient cleanup for /etc/init.d/subdomain from parser %pre - drop (never enabled) conditionals to build with python2 and to build the python-apparmor subpackage (upstream dropped python2 support) - drop setting PYTHON and PYTHON_VERSIONS env variable, no longer needed - set PYFLAKES path for utils check - add precompiled_cache build conditional to allow faster local builds without using kvm - remove duplicated BuildRequires: swig - fix two potential build failures in libapparmor - fix log parsing for logs with an embedded newline - some fixes in cache handling - preserve errno across aa_*_unref() functions - no longer package static libapparmor.a - Fix RPM groups - libapparmor.spec is based on the AppArmor 2.11 apparmor.spec, but with minimum BuildRequires ----------------------------------------------------------------------------- o Updated appstream-glib (security/bugfix/feature) - Update to version 0.7.18+30: * libappstream-builder: Fix file paths in icon tarball - Update to version 0.7.18+29: * Updated translations. - Improve _service file to handle to drop +0 in versions for when we are exactly on a tag. - Update to version 0.7.18+28: * as-app: Also unwrap description in metainfo files * Fix validation of translated captions when LANG is not C * Revert "Don't emit legacy component type values" * Don't emit legacy component type values * its: Sync with appstream * Consider AppStream version as a string * meson: Check --version-script linker option before using. * Update current newest version in AsStore * Support em/code tags Some appstream-data packages add and or and to the files. Not all package manager can handle that. An example would be pamac from Manjaro * Update asb-self-test to match current behavior * Add validation for duplicate license xml elements * builder: make directories as 0755 && umask * Do not show a critical warning on * libappstream-builder: Fix paths for cached icons * as-util: Fix Markdown underlining in appdata-to-news * Replace links http://standards.freedesktop.org/... by https in README.md * Replace a link http://www.freedesktop.org/wiki/... by https in README.md * as-app: Parse launchables from DEP-11 * as-app: Parse custom tags from DEP-11 * as-content-rating: Align the OARS/CSM mappings of sex-* * Updated translations. - Switch to current git head, upstream is not making releases. - Drop 0001-as-app-Also-unwrap-description-in-metainfo-files.patch: Fixed upstream. - Add patch to fix descriptions in .metainfo.xml files (boo#1192243, gh#hughsie/appstream-glib#381): * 0001-as-app-Also-unwrap-description-in-metainfo-files.patch - Update to version 0.7.18: * Don't ignore localized strings that are the same as original * Croatian translation 2nd attempt (#373) * Test launchable tags in validation * Add missing dependency to the readme * as-app: Don't initialize mutex twice * as-content-rating: Expand translator comments to link to OARS website * as-content-rating: Lower the OARS/CSM mapping of sex-homosexuality/intense * po: Import gs-content-rating.c translations from gnome-software * po: Update po files * as-content-rating: Add content rating system APIs from gnome-software * Allow timestamp in the future in validate-relax * Fix crash with invalid children of