commit 10fc9dbfd5257e8476d8dc5e5566f5c9bcbc7af6 Author: Neil Hanlon Date: Thu May 9 23:52:07 2024 -0400 Rocky Linux Container Image - Rocky-9.4.20240509-Minimal-s390x diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..efc5c05 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,4 @@ +FROM scratch +ADD layer.tar.xz / + +CMD ["/bin/bash"] diff --git a/Rocky.s390x-9.changes b/Rocky.s390x-9.changes new file mode 100644 index 0000000..65fc151 --- /dev/null +++ b/Rocky.s390x-9.changes @@ -0,0 +1,9074 @@ +gpg-pubkey| +libgcc| +* Mon Dec 18 2023 Marek Polacek 11.4.1-3 +- update from releases/gcc-11-branch (RHEL-17638) + - PRs c++/106310, c++/106890, c++/109666, c++/109761, c++/111357, + c++/111512, c++/112795, d/108842, d/110359, d/110511, d/110516, + debug/110295, fortran/95947, fortran/103506, fortran/107397, + fortran/110288, fortran/110585, fortran/110658, fortran/111837, + fortran/111880, libstdc++/95048, libstdc++/99327, libstdc++/104161, + libstdc++/104242, libstdc++/108178, libstdc++/111050, + libstdc++/111511, libstdc++/112314, libstdc++/112491, + middle-end/110200, middle-end/111699, middle-end/111818, + middle-end/112733, rtl-optimization/110237, sanitizer/112727, + target/96762, target/101177, target/101469, target/105325, + target/109800, target/109932, target/110011, target/110044, + target/110170, target/110309, target/110741, target/111001, + target/111340, target/111367, target/111408, target/111815, + target/112672, target/112816, target/112837, target/112845, + target/112891, testsuite/66005, tree-optimization/110298, + tree-optimization/110731, tree-optimization/110914, + tree-optimization/111015, tree-optimization/111614, + tree-optimization/111764, tree-optimization/111917 +- use -fno-stack-protector in some aarch64 tests + +* Tue Oct 03 2023 Marek Polacek 11.4.1-2.3 +- fix member vs global template (RHEL-2607) + +* Mon Oct 02 2023 Marek Polacek 11.4.1-2.2 +- guard the bit test merging code in if-combine (RHEL-6068) + +* Fri Jun 09 2023 Marek Polacek 11.4.1-2.1 +- fix ICE on pr96024.f90 on big-endian hosts (PR fortran/96024, #2213211) +- use -fno-stack-protector to fix bit-field aarch64 tests (#2213221) + +* Mon Jun 05 2023 Marek Polacek 11.4.1-2 +- update from releases/gcc-11-branch (#2193180) + - GCC 11.4 release + - PRs bootstrap/90543, c++/53932, c++/69410, c++/92752, c++/98056, + c++/98821, c++/100295, c++/100474, c++/101118, c++/101869, + c++/102780, c++/103871, c++/104527, c++/105406, c++/105996, + c++/106188, c++/106675, c++/106713, c++/106740, c++/107065, + c++/107163, c++/107179, c++/107558, c++/107579, c++/107864, + c++/108138, c++/108180, c++/108365, c++/108468, c++/108474, + c++/108607, c++/108975, c++/108998, c++/109096, c++/109164, c/107127, + c/107465, c/109151, d/107592, d/108050, d/108877, d/109108, + debug/106719, debug/108573, debug/108716, debug/108967, driver/106624, + fortran/85877, fortran/95107, fortran/96024, fortran/96025, + fortran/99036, fortran/103259, fortran/104332, fortran/106209, + fortran/106945, fortran/107576, fortran/107872, fortran/108131, + fortran/108349, fortran/108420, fortran/108421, fortran/108451, + fortran/108453, fortran/108501, fortran/108502, fortran/108527, + fortran/108529, fortran/108609, fortran/108937, fortran/109186, + fortran/109511, fortran/109846, ipa/105685, ipa/106124, ipa/107944, + libquadmath/87204, libquadmath/94756, libstdc++/91456, + libstdc++/103934, libstdc++/104866, libstdc++/104875, + libstdc++/105844, libstdc++/106183, libstdc++/107801, + libstdc++/107814, libstdc++/108030, libstdc++/108118, + libstdc++/108265, libstdc++/108636, libstdc++/108856, + libstdc++/108952, libstdc++/109064, libstdc++/109261, + libstdc++/109949, lto/109263, middle-end/104450, middle-end/104464, + middle-end/106190, middle-end/107317, middle-end/108237, + middle-end/108264, middle-end/108435, middle-end/108459, + middle-end/108546, middle-end/108625, middle-end/108685, + middle-end/108854, other/108560, other/109306, + rtl-optimization/106751, rtl-optimization/107482, + rtl-optimization/108193, rtl-optimization/108596, + rtl-optimization/109585, target/70243, target/90458, target/96373, + target/98776, target/100758, target/104871, target/104921, + target/105554, target/105599, target/106736, target/106875, + target/107568, target/107714, target/107863, target/108272, + target/108348, target/108589, target/108699, target/108807, + target/108812, target/108881, target/109067, target/109140, + target/109276, testsuite/47334, testsuite/103823, testsuite/108151, + testsuite/108973, testsuite/108985, tree-optimization/105484, + tree-optimization/106809, tree-optimization/107107, + tree-optimization/107212, tree-optimization/107254, + tree-optimization/107323, tree-optimization/107451, + tree-optimization/107554, tree-optimization/107898, + tree-optimization/107997, tree-optimization/108068, + tree-optimization/108076, tree-optimization/108095, + tree-optimization/108199, tree-optimization/108498, + tree-optimization/108688, tree-optimization/108692, + tree-optimization/108821, tree-optimization/108950, + tree-optimization/109176, tree-optimization/109410, + tree-optimization/109473, tree-optimization/109491, + tree-optimization/109502, tree-optimization/109573, + tree-optimization/109724, tree-optimization/109778 + - PRs fortran/100607, libstdc++/109822, target/109954, + tree-optimization/109505 + +* Wed Mar 29 2023 Marek Polacek 11.3.1-4.4 +- s390x: add support for register arguments preserving (#2168204) + +* Wed Dec 21 2022 Marek Polacek 11.3.1-4.3 +- compile the cross binaries as PIE/-z now (#2155452) + +* Mon Dec 19 2022 Marek Polacek 11.3.1-4.2 +- ship libitm.spec in cross-gcc (#2154462) + +* Tue Dec 13 2022 Marek Polacek 11.3.1-4.1 +- add cross compiler functionality for non-production uses (#2149650) + +* Tue Nov 22 2022 Marek Polacek 11.3.1-4 +- update from releases/gcc-11-branch (#2117632) + - PRs analyzer/105252, analyzer/105365, analyzer/105366, c++/65211, + c++/82980, c++/86193, c++/90107, c++/97296, c++/101442, c++/101698, + c++/102071, c++/102177, c++/102300, c++/102307, c++/102479, + c++/102629, c++/104066, c++/104142, c++/104646, c++/104669, + c++/105245, c++/105265, c++/105289, c++/105304, c++/105321, + c++/105386, c++/105398, c++/105725, c++/105761, c++/105774, + c++/105795, c++/105852, c++/105925, c++/106024, c++/106361, + c++/107358, c/41041, c/106016, c/106981, c/107001, d/106139, + d/106638, debug/106261, fortran/82868, fortran/100029, fortran/100040, + fortran/100097, fortran/100098, fortran/100132, fortran/100136, + fortran/100245, fortran/103413, fortran/103504, fortran/103693, + fortran/103694, fortran/104313, fortran/104849, fortran/105012, + fortran/105230, fortran/105243, fortran/105310, fortran/105633, + fortran/105691, fortran/105813, fortran/105954, fortran/106121, + fortran/106817, fortran/106857, fortran/106985, fortran/106986, + fortran/107054, ipa/100413, ipa/105600, ipa/105739, libgomp/106045, + libstdc++/65018, libstdc++/84110, libstdc++/93602, libstdc++/96592, + libstdc++/99290, libstdc++/100823, libstdc++/101709, libstdc++/102447, + libstdc++/103664, libstdc++/103848, libstdc++/103853, + libstdc++/103911, libstdc++/103992, libstdc++/104217, + libstdc++/104443, libstdc++/104602, libstdc++/104731, + libstdc++/105128, libstdc++/105284, libstdc++/105375, + libstdc++/105502, libstdc++/105671, libstdc++/105915, + libstdc++/106162, libstdc++/106248, libstdc++/106320, + libstdc++/106607, libstdc++/106695, lto/106334, lto/106540, + middle-end/103193, middle-end/104869, middle-end/104966, + middle-end/105140, middle-end/105998, middle-end/106027, + middle-end/106030, middle-end/106144, middle-end/106331, + middle-end/106492, preprocessor/97498, preprocessor/105732, + rtl-optimization/104637, rtl-optimization/105041, + rtl-optimization/105333, rtl-optimization/105559, + rtl-optimization/106032, rtl-optimization/106187, sanitizer/105396, + sanitizer/105729, target/96072, target/99184, target/99685, + target/101322, target/101891, target/102059, target/102146, + target/103197, target/103353, target/104257, target/104829, + target/105147, target/105162, target/105209, target/105292, + target/105339, target/105349, target/105463, target/105472, + target/105854, target/105879, target/105970, target/105981, + target/106017, target/106091, target/106355, target/106491, + target/106721, target/107061, target/107064, target/107183, + target/107248, target/107304, target/107364, target/107748, + testsuite/105095, testsuite/105266, testsuite/105433, + testsuite/106345, tree-optimization/103116, tree-optimization/105148, + tree-optimization/105163, tree-optimization/105173, + tree-optimization/105250, tree-optimization/105263, + tree-optimization/105312, tree-optimization/105368, + tree-optimization/105431, tree-optimization/105437, + tree-optimization/105528, tree-optimization/105618, + tree-optimization/105726, tree-optimization/105860, + tree-optimization/106112, tree-optimization/106131, + tree-optimization/106189, tree-optimization/106513, + tree-optimization/106892, tree-optimization/106934 +- fix the detection of Sapphire Rapids in host_detect_local_cpu +- fix -Wmismatched-dealloc documentation (#2116635) + +* Tue Jul 12 2022 Marek Polacek 11.3.1-2.1 +- fix handling of invalid ranges in std::regex (#2106262) + +* Thu Apr 21 2022 Jakub Jelinek 11.3.1-2 +- update from releases/gcc-11-branch (#2077536) + - GCC 11.3 release + - PRs c++/98249, c++/99893, c++/100608, c++/101051, c++/101532, c++/101677, + c++/101717, c++/101894, c++/102869, c++/103105, c++/103328, + c++/103341, c++/103455, c++/103706, c++/103885, c++/103943, + c++/104008, c++/104079, c++/104225, c++/104507, c++/104565, + c++/105003, c++/105064, c++/105143, c++/105186, c++/105256, c/101585, + debug/105203, fortran/102992, fortran/104210, fortran/104228, + fortran/104570, fortran/105138, gcov-profile/105282, ipa/103083, + ipa/103432, jit/100613, libstdc++/90943, libstdc++/100516, + libstdc++/103630, libstdc++/103638, libstdc++/103650, + libstdc++/103955, libstdc++/104098, libstdc++/104301, + libstdc++/104542, libstdc++/104859, libstdc++/105021, + libstdc++/105027, middle-end/104497, middle-end/105165, + rtl-optimization/104985, rtl-optimization/105028, + rtl-optimization/105211, target/80556, target/100106, target/104117, + target/104474, target/104853, target/104894, target/105214, + target/105257, tree-optimization/99121, tree-optimization/104880, + tree-optimization/105053, tree-optimization/105070, + tree-optimization/105189, tree-optimization/105198, + tree-optimization/105226, tree-optimization/105232, + tree-optimization/105235 +- fix bogus -Wuninitialized warning on va_arg with complex types on x86_64 + (PR target/105331) +- remove bogus assertion in std::from_chars (PR libstdc++/105324) + +* Mon Apr 04 2022 David Malcolm - 11.2.1-10 +- update from releases/gcc-11-branch (#2063255) + - PRs ada/98724, ada/104258, ada/104767, ada/104861, c++/58646, c++/59950, + c++/61611, c++/95036, c++/100468, c++/101030, c++/101095, c++/101371, + c++/101515, c++/101767, c++/102045, c++/102123, c++/102538, + c++/102740, c++/102990, c++/103057, c++/103186, c++/103291, + c++/103299, c++/103337, c++/103711, c++/103769, c++/103968, + c++/104107, c++/104108, c++/104284, c++/104410, c++/104472, + c++/104513, c++/104568, c++/104667, c++/104806, c++/104847, + c++/104944, c++/104994, c++/105035, c++/105061, c/82283, c/84685, + c/104510, c/104711, d/104659, d/105004, debug/104337, debug/104517, + debug/104557, fortran/66193, fortran/99585, fortran/100337, + fortran/103790, fortran/104211, fortran/104311, fortran/104331, + fortran/104430, fortran/104619, fortran/104811, go/100537, + libgomp/104385, libstdc++/101231, libstdc++/102358, libstdc++/103904, + libstdc++/104442, lto/104237, lto/104333, lto/104617, + middle-end/95115, middle-end/99578, middle-end/100464, + middle-end/100680, middle-end/100775, middle-end/100786, + middle-end/104307, middle-end/104402, middle-end/104446, + middle-end/104786, middle-end/104971, middle-end/105032, + preprocessor/104147, rtl-optimization/104544, rtl-optimization/104589, + rtl-optimization/104777, rtl-optimization/104814, sanitizer/102656, + sanitizer/104449, sanitizer/105093, target/79754, target/87496, + target/99708, target/99754, target/100784, target/101324, + target/102140, target/102952, target/102957, target/103307, + target/103627, target/103925, target/104090, target/104208, + target/104219, target/104253, target/104362, target/104448, + target/104451, target/104453, target/104458, target/104462, + target/104469, target/104502, target/104674, target/104681, + target/104688, target/104775, target/104890, target/104910, + target/104923, target/104963, target/104998, target/105000, + target/105052, target/105058, target/105068, testsuite/103556, + testsuite/103586, testsuite/104730, testsuite/104759, + testsuite/105055, tree-optimization/45178, tree-optimization/100834, + tree-optimization/101636, tree-optimization/102819, + tree-optimization/102893, tree-optimization/103169, + tree-optimization/103361, tree-optimization/103489, + tree-optimization/103544, tree-optimization/103596, + tree-optimization/103641, tree-optimization/103864, + tree-optimization/104263, tree-optimization/104288, + tree-optimization/104511, tree-optimization/104601, + tree-optimization/104675, tree-optimization/104782, + tree-optimization/104931, tree-optimization/105094 +- fix x86 vector initialization expansion fallback (PR target/105123) +- drop patch 22 (gcc11-libsanitizer-pthread.patch; + upstreamed as r11-9607-ga8dd74bfb921ed) + +* Thu Feb 10 2022 Marek Polacek 11.2.1-9.4 +- add --enable-host-bind-now, use it (#2044917) + +* Tue Feb 08 2022 Marek Polacek 11.2.1-9.3 +- use _thread_db_sizeof_pthread to obtain struct pthread size (#2034494) +- add --enable-host-pie, build the compilers as PIE (#2044917) + +* Mon Feb 07 2022 Marek Polacek 11.2.1-9.2 +- add support for relocation of the PCH data (pch/71934, #2044917) +- remove 30_threads/future/members/poll.cc (#2050090) +- avoid overly-greedy match in dejagnu regexp (#2050089) + +* Mon Jan 31 2022 Marek Polacek 11.2.1-9.1 +- don't set -Wl,-rpath when building annobin (#2047356) + +* Fri Jan 28 2022 Marek Polacek 11.2.1-9 +- update from releases/gcc-11-branch (#2047296) + - PRs fortran/104127, fortran/104212, fortran/104227, target/101529 +- fix up va-opt-6.c testcase + +* Fri Jan 28 2022 Marek Polacek 11.2.1-8 +- update from releases/gcc-11-branch (#2047296) + - PRs ada/103538, analyzer/101962, bootstrap/103688, c++/85846, c++/95009, + c++/98394, c++/99911, c++/100493, c++/101715, c++/102229, c++/102933, + c++/103012, c++/103198, c++/103480, c++/103703, c++/103714, + c++/103758, c++/103783, c++/103831, c++/103912, c++/104055, c/97548, + c/101289, c/101537, c/103587, c/103881, d/103604, debug/103838, + debug/103874, fortran/67804, fortran/83079, fortran/101329, + fortran/101762, fortran/102332, fortran/102717, fortran/102787, + fortran/103411, fortran/103412, fortran/103418, fortran/103473, + fortran/103505, fortran/103588, fortran/103591, fortran/103606, + fortran/103607, fortran/103609, fortran/103610, fortran/103692, + fortran/103717, fortran/103718, fortran/103719, fortran/103776, + fortran/103777, fortran/103778, fortran/103782, fortran/103789, + ipa/101354, jit/103562, libfortran/103634, libstdc++/100017, + libstdc++/102994, libstdc++/103453, libstdc++/103501, + libstdc++/103549, libstdc++/103877, libstdc++/103919, + middle-end/101751, middle-end/102860, middle-end/103813, objc/103639, + preprocessor/89971, preprocessor/102432, rtl-optimization/102478, + rtl-optimization/103837, rtl-optimization/103860, + rtl-optimization/103908, sanitizer/102911, target/102347, + target/103465, target/103661, target/104172, target/104188, + tree-optimization/101615, tree-optimization/103523, + tree-optimization/103603, tree-optimization/103995 + +* Tue Jan 25 2022 Marek Polacek 11.2.1-7.7 +- do not undefine _hardened_build (#2044917) + +* Mon Jan 24 2022 Marek Polacek 11.2.1-7.6 +- update annobin plugin patch (#2030667) + +* Thu Jan 13 2022 Marek Polacek 11.2.1-7.5 +- update annobin plugin patch (#2030667) + +* Fri Jan 07 2022 Marek Polacek 11.2.1-7.4 +- update annobin plugin patch (#2030667) + +* Tue Jan 04 2022 Marek Polacek 11.2.1-7.3 +- fix dg-ice tests (#1996047) + +* Tue Jan 04 2022 Marek Polacek 11.2.1-7.2 +- update annobin plugin patch (#2030667) + +crypto-policies| +* Fri Feb 02 2024 Alexander Sosedkin - 20240202-1.git283706d +- fips-finish-install: make sure ostree is detected in chroot +- fips-mode-setup: make sure ostree is detected in chroot +- fips-finish-install: Create/remove /etc/system-fips on ostree systems +- java: disable ChaCha20-Poly1305 where applicable + +* Mon Nov 13 2023 Clemens Lang - 20231113-1.gite9247c2 +- fips-mode-setup: Fix test for empty /boot (RHEL-11350) +- fips-mode-setup: Avoid 'boot=UUID=' if /boot == / (RHEL-11350) + +* Thu Nov 09 2023 Clemens Lang - 20231109-1.git0ceff7f +- Restore support for scoped ssh_etm directives (RHEL-15925) +- Print matches in syntax deprecation warnings (RHEL-15925) + +* Wed Nov 08 2023 Clemens Lang - 20231108-1.git994ae09 +- turn ssh_etm into an etm@SSH tri-state (RHEL-15925) +- fips-mode-setup: increase chroot-friendliness (RHEL-11350) +- fips-mode-setup: Fix usage with --no-bootcfg (RHEL-11350) + +* Mon Oct 16 2023 Alexander Sosedkin - 20231016-1.git77ceb0b +- openssl: fix SHA1 and NO-ENFORCE-EMS interaction +- bind: fix a typo that led to duplication of ECDSAPxxxSHAxxx + +* Wed Sep 20 2023 Alexander Sosedkin - 20230920-1.git8dcf74d +- OSPP subpolicy: tighten beyond reason for OSPP 4.3 +- fips-mode-setup: more thorough --disable, still unsupported + +* Mon Jul 31 2023 Alexander Sosedkin - 20230731-1.git94f0e2c +- krb5: sort enctypes mac-first, cipher-second, prioritize SHA-2 ones +- FIPS: enforce EMS in FIPS mode +- NO-ENFORCE-EMS: add subpolicy to undo the EMS enforcement in FIPS mode +- nss: implement EMS enforcement in FIPS mode (disabled in ELN) +- openssl: implement EMS enforcement in FIPS mode +- gnutls: implement EMS enforcement in FIPS mode (disabled in ELN) +- docs: replace `FIPS 140-2` with just `FIPS 140` + +* Wed Jun 14 2023 Alexander Sosedkin - 20230614-1.git027799d +- policies: restore group order to old OpenSSL default order + +* Fri May 05 2023 Alexander Sosedkin - 20230505-1.gitf69bbc2 +- openssl: set Groups explicitly +- openssl: add support for Brainpool curves + +* Thu Dec 15 2022 Alexander Sosedkin - 20221215-1.git9a18988 +- bind: expand the list of disableable algorithms + +* Mon Oct 03 2022 Alexander Sosedkin - 20221003-1.git04dee29 +- openssh: rename RSAMinSize option to RequiredRSASize + +* Mon Aug 15 2022 Alexander Sosedkin - 20220815-1.git0fbe86f +- openssh: add RSAMinSize option following min_rsa_size + +* Wed Apr 27 2022 Alexander Sosedkin - 20220427-1.gitb2323a1 +- bind: control ED25519/ED448 + +* Mon Apr 04 2022 Alexander Sosedkin - 20220404-1.git845c0c1 +- DEFAULT: drop DNSSEC SHA-1 exception +- openssh: add support for sntrup761x25519-sha512@openssh.com + +* Wed Feb 23 2022 Alexander Sosedkin - 20220223-1.git5203b41 +- openssl: allow SHA-1 signatures with rh-allow-sha1-signatures in LEGACY +- update AD-SUPPORT, move RC4 enctype enabling to AD-SUPPORT-LEGACY +- fips-mode-setup: catch more inconsistencies, clarify --check + +* Thu Feb 03 2022 Alexander Sosedkin - 20220203-1.gitf03e75e +- gnutls: enable SHAKE, needed for Ed448 +- fips-mode-setup: improve handling FIPS plus subpolicies +- FIPS: disable SHA-1 HMAC +- FIPS: disable CBC ciphers except in Kerberos + +rocky-gpg-keys| +* Tue Apr 30 2024 Louis Abel - 9.4-1.5 +- Add nvidia SB certificates + +* Sun Apr 07 2024 Louis Abel - 9.4-1.3 +- Add additional provides for rocky-sb-certs + +* Wed Apr 03 2024 Louis Abel - 9.4-1.2 +- Update SB certs + +* Wed Mar 27 2024 Louis Abel - 9.4-1.1 +- Preparation for 9.4 + +* Mon Mar 04 2024 Louis Abel - 9.4-0.3 +- Add kernel-bootcfg-boot-successful.service + +* Fri Jan 12 2024 Louis Abel - 9.4-0.2 +- Improve presets for virtualization + +* Fri Oct 20 2023 Louis Abel - 9.4-0.1 +- Bump to 9.4 + +* Fri Oct 20 2023 Louis Abel - 9.3-0.6 +- Add in true UKI-VIRT certificate +- Add aarch64 signing certificates +- Fix date in changelog + +* Tue Sep 05 2023 Louis Abel - 9.3-0.5 +- Add placeholder certs for UKI-VIRT + +* Sat Jun 10 2023 Louis Abel - 9.3-0.4 +- Define the distro macro + +* Mon May 15 2023 Louis Abel - 9.3-0.3 +- Use DER format for ppc64le certificates for now + +* Tue Apr 25 2023 Louis Abel - 9.3-0.2 +- Update secure boot certificates + +* Thu Apr 06 2023 Louis Abel - 9.3-0.1 +- Bump main version to 9.3 +- Enable obex + +* Sun Jan 01 2023 Louis Abel - 9.2-1.2 +- Move macros.dist to a proper location + +* Thu Dec 22 2022 Louis Abel - 9.2-1.1 +- Update devel repos (RLBT#0001354) +- Add SUPPORT_END with absolute EOL (See sig_core/#3) + +* Wed Oct 19 2022 Louis Abel - 9.1-1.10 +- Change secure boot certificates + +* Tue Oct 18 2022 Louis Abel - 9.1-1.9 +- Bump release version to match upstream + +* Wed Sep 07 2022 Louis Abel - 9.1-1.1 +- Bump main version and prepare for upcoming beta + +* Tue Aug 30 2022 Louis Abel - 9.0-3.2 +- Add stream dnf var + +* Thu Jul 28 2022 Louis Abel - 9.0-3.1 +- Ensure distsuffix is part of disttag + +* Wed Jul 20 2022 Louis Abel - 9.0-2.2 +- Fix mirrorlist URL for plus repository + +* Thu Jun 30 2022 Louis Abel - 9.0-2.1 +- Prepare for release +- Ensure rltype is blank for stable releases + +* Wed Jun 22 2022 Louis Abel - 9.0-1.22 +- Change to using mirrorlist + +* Sun Jun 12 2022 Louis Abel - 9.0-1.21 +- Backport current SB certs for now +- Add logrotate timer and switcheroo +- Add missing macros +- Fix CPE values +- Remove /etc/centos-release file +- Add redhat and fix rocky tags in os-release +- Fix GPG key names to be consistent with SIG requirements +- Reduce number of repo files +- Change testing key to "testing" key from build system +- Add official "stable" key from build system +- List both GPG keys in repo files +- Fix rlpkg macro for gpg keys +- Add sig content dir +- Remove nplb as devel is technically it + +rocky-release| +* Tue Apr 30 2024 Louis Abel - 9.4-1.5 +- Add nvidia SB certificates + +* Sun Apr 07 2024 Louis Abel - 9.4-1.3 +- Add additional provides for rocky-sb-certs + +* Wed Apr 03 2024 Louis Abel - 9.4-1.2 +- Update SB certs + +* Wed Mar 27 2024 Louis Abel - 9.4-1.1 +- Preparation for 9.4 + +* Mon Mar 04 2024 Louis Abel - 9.4-0.3 +- Add kernel-bootcfg-boot-successful.service + +* Fri Jan 12 2024 Louis Abel - 9.4-0.2 +- Improve presets for virtualization + +* Fri Oct 20 2023 Louis Abel - 9.4-0.1 +- Bump to 9.4 + +* Fri Oct 20 2023 Louis Abel - 9.3-0.6 +- Add in true UKI-VIRT certificate +- Add aarch64 signing certificates +- Fix date in changelog + +* Tue Sep 05 2023 Louis Abel - 9.3-0.5 +- Add placeholder certs for UKI-VIRT + +* Sat Jun 10 2023 Louis Abel - 9.3-0.4 +- Define the distro macro + +* Mon May 15 2023 Louis Abel - 9.3-0.3 +- Use DER format for ppc64le certificates for now + +* Tue Apr 25 2023 Louis Abel - 9.3-0.2 +- Update secure boot certificates + +* Thu Apr 06 2023 Louis Abel - 9.3-0.1 +- Bump main version to 9.3 +- Enable obex + +* Sun Jan 01 2023 Louis Abel - 9.2-1.2 +- Move macros.dist to a proper location + +* Thu Dec 22 2022 Louis Abel - 9.2-1.1 +- Update devel repos (RLBT#0001354) +- Add SUPPORT_END with absolute EOL (See sig_core/#3) + +* Wed Oct 19 2022 Louis Abel - 9.1-1.10 +- Change secure boot certificates + +* Tue Oct 18 2022 Louis Abel - 9.1-1.9 +- Bump release version to match upstream + +* Wed Sep 07 2022 Louis Abel - 9.1-1.1 +- Bump main version and prepare for upcoming beta + +* Tue Aug 30 2022 Louis Abel - 9.0-3.2 +- Add stream dnf var + +* Thu Jul 28 2022 Louis Abel - 9.0-3.1 +- Ensure distsuffix is part of disttag + +* Wed Jul 20 2022 Louis Abel - 9.0-2.2 +- Fix mirrorlist URL for plus repository + +* Thu Jun 30 2022 Louis Abel - 9.0-2.1 +- Prepare for release +- Ensure rltype is blank for stable releases + +* Wed Jun 22 2022 Louis Abel - 9.0-1.22 +- Change to using mirrorlist + +* Sun Jun 12 2022 Louis Abel - 9.0-1.21 +- Backport current SB certs for now +- Add logrotate timer and switcheroo +- Add missing macros +- Fix CPE values +- Remove /etc/centos-release file +- Add redhat and fix rocky tags in os-release +- Fix GPG key names to be consistent with SIG requirements +- Reduce number of repo files +- Change testing key to "testing" key from build system +- Add official "stable" key from build system +- List both GPG keys in repo files +- Fix rlpkg macro for gpg keys +- Add sig content dir +- Remove nplb as devel is technically it + +rocky-repos| +* Tue Apr 30 2024 Louis Abel - 9.4-1.5 +- Add nvidia SB certificates + +* Sun Apr 07 2024 Louis Abel - 9.4-1.3 +- Add additional provides for rocky-sb-certs + +* Wed Apr 03 2024 Louis Abel - 9.4-1.2 +- Update SB certs + +* Wed Mar 27 2024 Louis Abel - 9.4-1.1 +- Preparation for 9.4 + +* Mon Mar 04 2024 Louis Abel - 9.4-0.3 +- Add kernel-bootcfg-boot-successful.service + +* Fri Jan 12 2024 Louis Abel - 9.4-0.2 +- Improve presets for virtualization + +* Fri Oct 20 2023 Louis Abel - 9.4-0.1 +- Bump to 9.4 + +* Fri Oct 20 2023 Louis Abel - 9.3-0.6 +- Add in true UKI-VIRT certificate +- Add aarch64 signing certificates +- Fix date in changelog + +* Tue Sep 05 2023 Louis Abel - 9.3-0.5 +- Add placeholder certs for UKI-VIRT + +* Sat Jun 10 2023 Louis Abel - 9.3-0.4 +- Define the distro macro + +* Mon May 15 2023 Louis Abel - 9.3-0.3 +- Use DER format for ppc64le certificates for now + +* Tue Apr 25 2023 Louis Abel - 9.3-0.2 +- Update secure boot certificates + +* Thu Apr 06 2023 Louis Abel - 9.3-0.1 +- Bump main version to 9.3 +- Enable obex + +* Sun Jan 01 2023 Louis Abel - 9.2-1.2 +- Move macros.dist to a proper location + +* Thu Dec 22 2022 Louis Abel - 9.2-1.1 +- Update devel repos (RLBT#0001354) +- Add SUPPORT_END with absolute EOL (See sig_core/#3) + +* Wed Oct 19 2022 Louis Abel - 9.1-1.10 +- Change secure boot certificates + +* Tue Oct 18 2022 Louis Abel - 9.1-1.9 +- Bump release version to match upstream + +* Wed Sep 07 2022 Louis Abel - 9.1-1.1 +- Bump main version and prepare for upcoming beta + +* Tue Aug 30 2022 Louis Abel - 9.0-3.2 +- Add stream dnf var + +* Thu Jul 28 2022 Louis Abel - 9.0-3.1 +- Ensure distsuffix is part of disttag + +* Wed Jul 20 2022 Louis Abel - 9.0-2.2 +- Fix mirrorlist URL for plus repository + +* Thu Jun 30 2022 Louis Abel - 9.0-2.1 +- Prepare for release +- Ensure rltype is blank for stable releases + +* Wed Jun 22 2022 Louis Abel - 9.0-1.22 +- Change to using mirrorlist + +* Sun Jun 12 2022 Louis Abel - 9.0-1.21 +- Backport current SB certs for now +- Add logrotate timer and switcheroo +- Add missing macros +- Fix CPE values +- Remove /etc/centos-release file +- Add redhat and fix rocky tags in os-release +- Fix GPG key names to be consistent with SIG requirements +- Reduce number of repo files +- Change testing key to "testing" key from build system +- Add official "stable" key from build system +- List both GPG keys in repo files +- Fix rlpkg macro for gpg keys +- Add sig content dir +- Remove nplb as devel is technically it + +setup| +* Wed Feb 07 2024 Martin Osvald - 2.13.7-10 +- csh.login: Add csh.local into foreach loop (RHEL-17226) + +* Wed Dec 21 2022 Martin Osvald - 2.13.7-9 +- make setup protected package (#2155529) + +* Thu Nov 24 2022 Martin Osvald - 2.13.7-8 +- Set default umask for non-login shell only if it is set to 0 (#2062601) + +* Mon May 09 2022 Martin Osvald - 2.13.7-7 +- Move /var/log/lastlog ownership to systemd (#2066753) +- tcsh sets variable p to /usr/sbin from /etc/csh.login (#2066767) +- bashrc: Don't set up VTE-specific PROMPT_COMMAND (#2026892) + +filesystem| +* Mon Aug 09 2021 Mohan Boddu - 3.16-2 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Tue Aug 03 2021 Pavel Zhukov - 3.15-1 +- Move /afs into main package + +* Fri Aug 07 2020 Pavel Raiskup - 3.14-4 +- /proc and /sys made %ghost to allow filesystem package updates in rootless + container environments (rhbz#1548403) + +* Mon Jan 27 2020 Ondrej Vasik - 3.14-1 +- do not restore context of /proc (#1722766) + +* Wed Dec 18 2019 Ondrej Vasik - 3.13-1 +- add ownership for eBPF bytecode files directories (#1781646) + +basesystem| +* Thu Feb 29 2024 Louis Abel - 11-13.0.1 +- Rebuild to address build system issue + +libssh-config| +* Mon Feb 19 2024 Sahana Prasad - 0.10.4-13 +- Bump up the version so that the version in 9.3 is lower. +- Resolves: RHEL-19310, RHEL-19691, RHEL-17245 + +* Tue Jan 09 2024 Sahana Prasad - 0.10.4-12 +- Fix CVE-2023-48795 Prefix truncation attack on Binary Packet Protocol (BPP) +- Fix CVE-2023-6918 Missing checks for return values for digests +- Fix CVE-2023-6004 ProxyCommand/ProxyJump features allow injection + of malicious code through hostname +- Resolves: RHEL-19310, RHEL-19691, RHEL-17245 + +* Wed Jun 21 2023 Norbert Pocs - 0.10.4-11 +- Fix loglevel regression +- Related: rhbz#2182252, rhbz#2189740 + +* Mon May 22 2023 Norbert Pocs - 0.10.4.10 +- Fix null dereference issues found by covscan +- Related: rhbz#2182252, rhbz#2189740 + +* Wed May 10 2023 Norbert Pocs - 0.10.4-9 +- Fix CVE-2023-1667 and CVE-2023-2283 +- Fix issues found by cosvcan +- Resolves: rhbz#2182252, rhbz#2189740 + +* Mon Jan 23 2023 Stanislav Zidek - 0.10.4-8 ++ libssh-0.10.4-8 +- Extended CI to run internal tests in RHEL +- Related: rhbz#2160080 + +* Wed Jan 04 2023 Norbert Pocs - 0.10.4-7 +- Add sk-keys to configuration parsing allowing to turn on-off by config +- Related: rhbz#2026449 + +* Thu Dec 01 2022 Norbert Pocs - 0.10.4-6 +- Fix covscan error +- Remove unwanted test with yet unimplemented feature +- Related: rhbz#2137839, rhbz#2136824 + +* Thu Dec 01 2022 Stanislav Zidek - 0.10.4-5 ++ libssh-0.10.4-5 +- Fixed CI configuration due to TMT changes + +* Wed Nov 30 2022 Norbert Pocs - 0.10.4-4 +- Move loglevel closer to openssh loglevel +- Add openssh config feature of +,-,^ for algorithm lists +- Fix memory leaks of bignum +- Prevent multiple expansion of escape characters +- Resolves: rhbz#2132407, rhbz#2137839, rhbz#2144795, rhbz#2136824 + +* Tue Oct 04 2022 Norbert Pocs - 0.10.4-3 +- Enable pkcs11 support +- Fix broken libsofthsm path on i686 +- Add missing bugzilla references from the rebase commit +- Related: rhbz#2026449 +- Resolves: rhbz#1977913, rhbz#1975500 + +* Tue Sep 27 2022 Norbert Pocs - 0.10.4-2 +- Fix coverity scan issues +- Resolves: rhbz#2130126 + +* Mon Sep 19 2022 Norbert pocs - 0.10.4-1 +- Rebase to version 0.10.4 +- Add pkcs11 support +- Disallow ssh-rsa key in FIPS mode +- Fix openssl KDF check at build +- ChangeLog was renamed to CHANGELOG +- Resolves: rhbz#2068475, rhbz#2026449, rhbz#2004021, + rhbz#1977913, rhbz#1975500 + +libreport-filesystem| +* Mon Jun 06 2022 Release Engineering - 2.15.2-6.rocky.0.2 +- Add rocky workflow for mantis +- Remove RHEL and Fedora packages + +* Mon Jan 17 2022 Michal Srb - 2.15.2-6 +- [reporter-bugzilla] Retry XML-RPC calls +- Resolves: rhbz#2037399 + +* Mon Jan 17 2022 Michal Srb - 2.15.2-5 +- [reporter-bugzilla] Fix subcomponent handling +- Resolves: rhbz#2037399 + +* Mon Jan 17 2022 Michal Srb - 2.15.2-4 +- Change the default Bugzilla group +- Resolves: rhbz#2037399 + +* Thu Dec 09 2021 Michal Fabik - 2.15.2-3 +- Rebuild against json-c-0.14-11 + Related: rhbz#2023322 + +* Mon Aug 09 2021 Mohan Boddu - 2.15.2-2 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Tue Jun 22 2021 Michal Fabik - 2.15.2-1 +- New upstream version 2.15.2 + +* Tue Jun 22 2021 Mohan Boddu - 2.14.0-19 +- Rebuilt for RHEL 9 BETA for openssl 3.0 + Related: rhbz#1971065 + +* Fri Apr 16 2021 Mohan Boddu - 2.14.0-18 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Fri Jan 29 2021 Michal Srb - 2.14.0-17 +- Drop AnacondaRHEL workflow reference + +* Tue Jan 26 2021 Fedora Release Engineering - 2.14.0-16 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Mon Jan 18 2021 Peter Robinson - 2.14.0-15 +- Bump rev for upgrades + +* Fri Dec 11 2020 Matěj Grabovský - 2.14.0-13 +- Add fix for https://bugzilla.redhat.com/show_bug.cgi?id=1906405 + +* Tue Nov 03 2020 Matěj Grabovský - 2.14.0-12 +- Add fix for https://bugzilla.redhat.com/show_bug.cgi?id=1893595 + +* Fri Oct 09 2020 Matěj Grabovský - 2.14.0-11 +- Add fix for https://bugzilla.redhat.com/show_bug.cgi?id=1882328 + +* Tue Sep 29 2020 Matěj Grabovský - 2.14.0-10 +- Add fix for https://bugzilla.redhat.com/show_bug.cgi?id=1883337 +- Add fix for https://bugzilla.redhat.com/show_bug.cgi?id=1883410 + +* Sun Sep 27 2020 Matěj Grabovský - 2.14.0-9 +- Add upstream fixes for memory management + +* Sun Sep 27 2020 Matěj Grabovský - 2.14.0-8 +- Add fix for https://bugzilla.redhat.com/show_bug.cgi?id=1882950 + +* Fri Sep 25 2020 Matěj Grabovský - 2.14.0-7 +- Add fix for https://bugzilla.redhat.com/show_bug.cgi?id=1882319 + +* Wed Aug 19 2020 Merlin Mathesius - 2.14.0-6 +- Updates so ELN builds in a Fedora-like reporting configuration, even though + the %{rhel} macro is set. + +* Thu Aug 13 2020 Michal Fabik 2.14.0-3 +- forbidden_words: Add potentially sensitive env vars +- lib: Add version script for libreport +- lib: compress: Use libarchive +- Replace various utility functions with stock GLib ones +- gtk,lib: Update symbol list +- dd: Update dd_get_owner to handle error return values +- dirsize: Don't pick .lock'd dirs for deletion +- setgid instead of setuid the abrt-action-install-debuginfo-to-abrt-cache +- Various coding style improvements +- Various memory management fixes +- lib: Check for errors when opening files +- gtk-helpers: Check return value +- doc: Exclude more files with --without-bugzilla +- lib: Don’t use external executables for decompression +- lib: Decommission libreport_list_free_with_free +- Drop Red Hat Customer Portal reporter +- ureport: Drop Strata integration +- lib: Remove creates-items tag parsing in event definitions + +* Fri Aug 07 2020 Peter Robinson - 2.13.1-4 +- Bump to fix upgrade path + +* Tue Jul 28 2020 Fedora Release Engineering - 2.13.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +dnf-data| +* Sun Apr 14 2024 Release Engineering - 4.14.0-9 +- Add Rocky bugtracker + +* Wed Oct 25 2023 Jaroslav Rohel - 4.14.0-9 +- Fix japanese translations (RHEL-11345) +- Fix substitution in kay-value-pair list in add_new_repo (RHEL-6396) +- base: Add obsoleters of only latest versions (RHEL-6304) + +* Wed Jun 28 2023 Jaroslav Rohel - 4.14.0-8 +- Return an error when transaction fails (RhBug:2170093,2212262) +- Document symbols in `dnf history list` output (RhBug:2172067,2218113) + +* Tue May 30 2023 Kyle Walker - 4.14.0-7 +- Explicitly use the python3.9 runtime (RhBug:2211019) + +* Thu May 11 2023 Jaroslav Rohel - 4.14.0-6 +- Add reboot option to DNF Automatic (RhBug:2124793) +- Omit src RPMs from check-update (RhBug:2151910,2203069) +- automatic: Fix online detection with proxy (RhBug:2022440,2189851) + +* Wed Mar 15 2023 Marek Blaha - 4.14.0-5 +- Update translations + +* Thu Jan 05 2023 Nicola Sella - 4.14.0-4 +- Ignore processing variable files with unsupported encoding (RhBug:2148871) + +* Wed Dec 07 2022 Nicola Sella - 4.14.0-3 +- Move system-upgrade plugin to core (RhBug:2131288) +- offline-upgrade: add support for security filters (RhBug:1939975,2139326) +- Fix plugins unit tests + unload plugins upon their deletion + +* Mon Oct 31 2022 Nicola Sella - 4.14.0-2 +- Pass whole URL in relativeUrl to PackageTarget for RPM URL download + +* Thu Sep 22 2022 Lukas Hrazky - 4.14.0-1 +- Update to 4.14.0 +- Add doc related to --destdir and --downloadonly options (RhBug:2100811) +- Fix broken dependencies error reporting (RhBug:2088422) +- Add support for group upgrade rollback (RhBug:2016070) +- Expose plugin unload method to API (RhBug:2047251) +- Fix upgrade from file to noarch pkg (RhBug:2006018) +- Allow passing plugin parameters with dashes in names (RhBug:1980712) +- Don't include resolved advisories for obsoletes with sec. filters (RhBug:2101421) +- Add only relevant pkgs to upgrade transaction (RhBug:2097757) +- doc: Describe how gpg keys are stored for `repo_ggpcheck` (RhBug:2020678) +- bash-completion: use sqlite cache when available + +* Thu Sep 15 2022 Marek Blaha - 4.12.0-4 +- Update translations + +* Tue Jul 19 2022 Lukas Hrazky - 4.12.0-3 +- Add only relevant pkgs to upgrade transaction (RhBug:2097757) + +* Thu Apr 28 2022 Richard W.M. Jones - 4.12.0-2 +- Backport fix for leak of libsolv's page file descriptors + +* Thu Apr 28 2022 Pavla Kratochvilova - 4.12.0-1 +- Allow destdir option with modulesync command +- Add documentation for query api flags (RhBug:2035577) +- Fix swap command to work with local rpm files correctly (RhBug:2036434) +- Fix regression in verifying signatures using rpmkeys +- Fix decompression of groups.xml (RhBug:2030255) +- Fix history undo on a Reason Change (RhBug:2010259,2053014) +- Remove /usr/bin from sys.path to avoid accidentally importing garbage +- Fix python3.11 build: remove deprecated, update traceback regex +- fix dnf mark error when history sqlite missing +- [doc] clarify effect of --enablerepo and --disablerepo options (RhBug:2031414) +- [doc] default values for module_obsoletes and module_stream_switch (RhBug: 2051846) +- dnf.conf: hint users where to find more info about defaults and other options +- Fix unittests that relied on checksum being at the end of solvfiles +- completion: remove unnecessary echo +- Fix remove when no repos are enabled (RhBug:2064341) +- Add loongarch support for dnf +- Add spaces between words to fix typos (RhBug:2077296) +- [doc] Improve "proxy" configuration option documentation (RhBug:2072332) +- Fix download errors handling in non-english locales (RhBug:2024527) + +ncurses-base| +* Mon Aug 21 2023 Miroslav Lichvar 6.2-10.20210508 +- ignore TERMINFO and HOME only if setuid/setgid/capability (#2211666) + +* Mon Aug 14 2023 Miroslav Lichvar 6.2-9.20210508 +- fix buffer overflow on terminfo with too many capabilities (CVE-2023-29491) +- ignore TERMINFO and HOME environment variables if running as root (#2211666) + +tzdata| +* Thu Feb 01 2024 Patsy Griffin - 2024a-1 +- Rebase to tzdata-2024a + - Kazakhstan will transition from UTC+6 to UTC+5 on 2024-03-01. + - Palestine will spring forward a week later than previously + predicted. + +* Mon Jan 01 2024 Patsy Griffin - 2023d-1 +- Rebase to tzdata-2023d + - Include time zone changes for Ittoqqortoormiit, Greenland + and Vostok, Antarctica. + - Update the expiration date for the leap-seconds.list file. + No new leap seconds were added. + +* Thu Aug 17 2023 Patsy Griffin - 2023c-2 +- Bump release to test recent process changes. (RHEL-1323) + +* Tue Mar 28 2023 Patsy Griffin - 2023c-1 +- Rebase to tzdata-2023c + - Lebanon reversed the change added in tzdata-2023b. + +* Fri Mar 24 2023 Patsy Griffin - 2023b-1 +- Rebase to tzdata-2023b + - Lebanon will transition to DST on April 20/21, not March 25/26. + +* Wed Mar 22 2023 Patsy Griffin - 2023a-1 +- Rebase to tzdata-2023a + - Egypt reintroduced DST, from April through October. + - Morocco springs forward April 23, not April 30. + - Palestine delayed the start of DST this year. + +* Fri Jan 06 2023 Patsy Griffin - 2022g-2 +- Include leap-seconds.list in tzdata install. (#2157982) + +* Tue Nov 29 2022 Patsy Griffin - 2022g-1 +- Rebase to tzdata-2022g + - The northern edge of the Mexican state of Chihuahua will + change time zone to agree with nearby US locations on + 2022-11-30. + - Added a new Zone America/Ciudad_Juarez that splits from + America/Ojinaga. + +* Wed Nov 02 2022 Patsy Griffin - 2022f-1 +- Rebase to tzdata-2022f + - Mexico will stop observing DST except near the US border. + - Chihuahua moved to -06 year round starting on 2022-10-30. + - Fiji no longer observes DST. + +* Wed Oct 12 2022 Patsy Griffin - 2022e-1 +- Rebase to tzdata-2022e + - Jordan and Syria cancelled the DST transition planned + for 2022-10-28, remaining at +03 permanently. + +* Mon Sep 26 2022 Patsy Griffin - 2022d-1 +- Rebase to tzdata-2022d + - Palestine's DST transition will be on October 29, 2022, + not October 28, 2022. + - Europe/Uzhgorod and Europe/Zaporozhye are moved to 'backzone'. + +* Wed Aug 17 2022 Patsy Griffin - 2022c-1 +- Rebase to tzdata-2022c - supersedes tzdata-2022b + - Add a work-around for an awk bug in FreeBSD, macOS, etc. + - Improve tzselect with respect to intercontinental Zones. + +* Mon Aug 15 2022 Patsy Griffin - 2022b-1 +- Rebase to tzdata-2022b + - Chile transitions to DST on 2022-09-11, not 2022-09-04 + - 'make install' now defaults LOCALTIME to Factory rather than GMT + - More zones that are the same since 1970 have been moved to backzone. + - Include patch for awk workaround. + +* Thu Apr 14 2022 Patsy Griffin - 2022a-1 +- Rebase to tzdata-2022a + - Palestine springs forward on 2022-03-27, not -03-26. + - zdump -v now outputs better failure information + - fixes for code that reads corrupted TZif data + +bash| +* Tue Feb 13 2024 Siteshwar Vashisht - 5.1.8-9 +- Fix a performance regression while using large number of environment variables + Resolves: RHEL-20020 + +* Mon Feb 12 2024 Siteshwar Vashisht - 5.1.8-8 +- Fix an issue with adding newline in bracketed paste mode + Resolves: #2168963 + +* Wed Jan 24 2024 Siteshwar Vashisht - 5.1.8-7 +- Restore audit logs in bash-4.3 or newer versions + Resolves: RHEL-22619 + +* Tue Nov 22 2022 Siteshwar Vashisht - 5.1.8-6 +- Add a null check in parameter_brace_transform() function + Resolves: CVE-2022-3715 + +* Mon Aug 08 2022 Siteshwar Vashisht - 5.1.8-5 +- Fix an off by one error while calling mbrtowc() + Resolves: #2115206 + +ncurses-libs| +* Mon Aug 21 2023 Miroslav Lichvar 6.2-10.20210508 +- ignore TERMINFO and HOME only if setuid/setgid/capability (#2211666) + +* Mon Aug 14 2023 Miroslav Lichvar 6.2-9.20210508 +- fix buffer overflow on terminfo with too many capabilities (CVE-2023-29491) +- ignore TERMINFO and HOME environment variables if running as root (#2211666) + +glibc-minimal-langpack| +* Wed Jan 24 2024 Patsy Griffin - 2.34-100 +- manual: fix order of arguments of memalign and aligned_alloc (RHEL-21556) + +* Tue Jan 09 2024 Arjun Shankar - 2.34-99 +- getaddrinfo: Return correct error EAI_MEMORY when out-of-memory (RHEL-19444) + +* Mon Jan 08 2024 Arjun Shankar - 2.34-98 +- getaddrinfo: Fix occasionally empty result due to nscd cache order (RHEL-16643) + +* Tue Jan 02 2024 Florian Weimer - 2.34-97 +- Re-enable output buffering for wide stdio streams (RHEL-19862) + +* Thu Dec 21 2023 Carlos O'Donell - 2.34-96 +- Fix TLS corruption during dlopen()/dlclose() sequences (RHEL-17465) + +* Fri Dec 08 2023 Florian Weimer - 2.34-95 +- Improve compatibility between underlinking and IFUNC resolvers (RHEL-17319) + +* Thu Dec 07 2023 Patsy Griffin - 2.34-94 +- Update syscall-names.list for Linux 6.6. (RHEL-16016) + +* Wed Dec 06 2023 Patsy Griffin - 2.34-93 +- malloc: Use __get_nprocs on arena_get2. (RHEL-17157) + +* Fri Dec 01 2023 Patsy Griffin - 2.34-92 +- Improve test coverage for wcsdup, strdup and strndup. (RHEL-15343) + +* Fri Nov 24 2023 Florian Weimer - 2.34-91 +- fstat performance enhancement (RHEL-2338) + +* Tue Nov 21 2023 Florian Weimer - 2.34-90 +- ldconfig should skip temporary files created by RPM (RHEL-14383) + +* Mon Nov 20 2023 Florian Weimer - 2.34-89 +- Fix force-first handling in dlclose (RHEL-2491) + +* Wed Nov 15 2023 Arjun Shankar - 2.34-88 +- nscd: Refer to /run instead of /var/run in systemd socket file + (RHEL-16275) + +* Fri Nov 10 2023 Florian Weimer - 2.34-87 +- Fix slow tls access after dlopen (RHEL-2123) + +* Tue Oct 24 2023 Arjun Shankar - 2.34-86 +- Add /usr/share/doc/glibc/gai.conf to glibc-doc (RHEL-14545) + +* Fri Oct 20 2023 Florian Weimer - 2.34-85 +- nscd: Skip unusable entries in first pass in prune_cache (RHEL-3397) + +* Mon Oct 09 2023 Florian Weimer - 2.34-84 +- x86-64: Report non-zero cache sizes under TDX hypervisors (RHEL-1191) + +* Mon Sep 25 2023 Florian Weimer - 2.34-83.7 +- Fix memory leak regression in getaddrinfo (RHEL-2426) + +* Tue Sep 19 2023 Carlos O'Donell - 2.34-83.6 +- CVE-2023-4911 glibc: buffer overflow in ld.so leading to privilege escalation (RHEL-3000) + +* Tue Sep 19 2023 Florian Weimer - 2.34-83.5 +- Revert: Always call destructors in reverse constructor order (RHEL-2491) + +* Mon Sep 18 2023 Siddhesh Poyarekar - 2.34-83.4 +- CVE-2023-4806 glibc: potential use-after-free in getaddrinfo (RHEL-2426) + +* Fri Sep 15 2023 Siddhesh Poyarekar - 2.34-83.3 +- CVE-2023-4813: potential use-after-free in gaih_inet (RHEL-2438) + +* Fri Sep 15 2023 Carlos O'Donell - 2.34-83.2 +- CVE-2023-4527: Stack read overflow in getaddrinfo in no-aaaa mode (#2234716) + +* Thu Sep 14 2023 Carlos O'Donell - 2.34-83.1 +- Always call destructors in reverse constructor order (RHEL-2491) + +* Wed Sep 13 2023 DJ Delorie - 2.34-83 +- Add support for ppc64le hwcaps tunables (RHEL-1017) + +* Tue Aug 15 2023 Carlos O'Donell - 2.34-82 +- Fix string and memory function tuning on small systems (#2213907) + +* Mon Aug 14 2023 Florian Weimer - 2.34-81 +- Fix additional GCC 13 build issue (#2222188) + +* Fri Aug 11 2023 Florian Weimer - 2.34-80 +- Fix AMD cache size computation for hypervisors, old CPUs (#2166710) + +* Tue Aug 08 2023 DJ Delorie - 2.34-79 +- Fix temporal threshold calculations (#2213907) + +* Fri Aug 04 2023 Florian Weimer - 2.34-78 +- Ignore symbolic link change on /etc/nsswitch.conf (#2229156) + +* Fri Jul 28 2023 Florian Weimer - 2.34-77 +- Fix regression with IPv4 mapped addresses in /etc/hosts (#2224504) + +* Tue Jul 25 2023 Florian Weimer - 2.34-76 +- Fix accidentally disabled rseq test (#2224289) + +* Fri Jul 21 2023 Florian Weimer - 2.34-75 +- Make libSegFault.so NODELETE (#2224349) + +* Fri Jul 21 2023 Florian Weimer - 2.34-74 +- rseq_area should always be 32 bytes large (#2224289) + +* Thu Jul 20 2023 Florian Weimer - 2.34-73 +- GCC Toolset 13 C++ compatibility for iseqsig (#2222188) + +* Fri Jul 07 2023 Carlos O'Donell - 2.34-72 +- Update ESTALE error message translations (RHEL-729) + +* Fri Jul 07 2023 Carlos O'Donell - 2.34-71 +- Avoid lazy binding failures during dlclose (#2189923) + +* Mon Jun 26 2023 Arjun Shankar - 2.34-70 +- resolv_conf: release lock on allocation failure (#2213908) + +* Mon Jun 26 2023 Arjun Shankar - 2.34-69 +- strerror must not return NULL (#2215368) + +* Mon May 08 2023 DJ Delorie - 2.34-68 +- Switch to sysusers_ctl instead of useradd (#2095417) + +* Fri Apr 28 2023 Florian Weimer - 2.34-67 +- Sync with upstream branch release/2.34/master, + commit 0ea8174d62263c2679c95c0d215d2627e560f7aa: +- gmon: fix memory corruption issues [BZ# 30101] +- gmon: improve mcount overflow handling [BZ# 27576] +- gmon: Fix allocated buffer overflow (bug 29444) +- posix: Fix system blocks SIGCHLD erroneously [BZ #30163] +- x86_64: Fix asm constraints in feraiseexcept (bug 30305) +- gshadow: Matching sgetsgent, sgetsgent_r ERANGE handling (bug 30151) +- x86: Check minimum/maximum of non_temporal_threshold [BZ #29953] + +* Thu Apr 20 2023 Patsy Griffin - 2.34-66 +- x86: Cache computation for AMD architecture. (#2166710) + +* Fri Apr 14 2023 Florian Weimer - 2.34-65 +- Do not add = to linker scripts in sysroot (#2153855) + +* Thu Apr 06 2023 DJ Delorie - 2.34-64 +- x86: Use CHECK_FEATURE_PRESENT on PCONFIG (#2149615) + +* Thu Mar 30 2023 Arjun Shankar - 2.34-63 +- s390x: Influence hwcaps/stfle via glibc.cpu.hwcaps tunable (#2169978) + +* Wed Mar 29 2023 DJ Delorie - 2.34-62 +- x86: Don't check PREFETCHWT1 in tst-cpu-features-cpuinfo.c (#2149615) + +* Mon Mar 06 2023 Carlos O'Donell - 2.34-61 +- Fix nested atexit calls from atexit handlers (#2172953) + +* Wed Feb 08 2023 Florian Weimer - 2.34-60 +- Upstream test for ldconfig -p (#2167811) + +* Wed Feb 08 2023 Florian Weimer - 2.34-59 +- Fix ldconfig -p on i686 (#2167811) + +* Wed Jan 25 2023 Florian Weimer - 2.34-58 +- Enhance internal tunables ABI stability (awk iteration order) (#2162962) + +* Tue Jan 17 2023 Florian Weimer - 2.34-57 +- Sync with upstream branch release/2.34/master, + commit 6484ae5b8c4d4314f748e4d3c9a9baa5385e57c5 +- malloc: Fix -Wuse-after-free warning in tst-mallocalign1 [BZ #26779] +- s_sincosf.h: Change pio4 type to float [BZ #28713] +- math: Properly cast X_TLOSS to float [BZ #28713] +- Regenerate ulps on x86_64 with GCC 12 +- Avoid -Wuse-after-free in tests [BZ #26779]. +- Fix build of nptl/tst-thread_local1.cc with GCC 12 +- Fix stdio-common tests for GCC 12 -Waddress +- Fix stdlib/tst-setcontext.c for GCC 12 -Warray-compare +- resolv: Avoid GCC 12 false positive warning [BZ #28439]. +- intl: Avoid -Wuse-after-free [BZ #26779] +- elf: Drop elf/tls-macros.h in favor of __thread and tls_model attributes [BZ #28152] [BZ #28205] +- time: Set daylight to 1 for matching DST/offset change (RHBZ#2155352) +- elf/tst-tlsopt-powerpc fails when compiled with -mcpu=power10 (BZ# 29776) +- time: Use 64 bit time on tzfile +- nscd: Use 64 bit time_t on libc nscd routines (BZ# 29402) +- nis: Build libnsl with 64 bit time_t +- Use LFS and 64 bit time for installed programs (BZ #15333) + +* Mon Dec 12 2022 Tulio Magno Quites Machado Filho - 2.34-56 +- Earlier removal of alternative multilibs (#2149994) + +* Mon Dec 12 2022 Tulio Magno Quites Machado Filho - 2.34-55 +- Earlier removal of alternative multilibs (#2149994) + +* Mon Dec 12 2022 Florian Weimer - 2.34-54 +- Install kernel header files into the sysroot subpackage (#2149644) + +* Wed Dec 07 2022 Arjun Shankar - 2.34-53 +- Sync with upstream branch release/2.34/master, + commit a4217408a3d6050a7f42ac23adb6ac7218dca85f: +- Apply asm redirections in syslog.h before first use [BZ #27087] +- _Static_assert needs two arguments for compatibility with GCC before 9 + +* Wed Nov 30 2022 Florian Weimer - 2.34-52 +- Add noarch sysroot subpackages (#2149644) + +* Tue Nov 29 2022 Florian Weimer - 2.34-51 +- Prepare for integration of GCC 8 compatible _Static_assert (#2149102) + +* Fri Nov 25 2022 Arjun Shankar - 2.34-50 +- Sync with upstream branch release/2.34/master, + commit 405b8ae13540e9fd614df614e3361ebf9abd14cf: +- elf: Fix wrong fscanf usage on tst-pldd +- Allow for unpriviledged nested containers +- elf: Fix wrong fscanf usage on tst-pldd +- x86: Fix wcsnlen-avx2 page cross length comparison [BZ #29591] +- elf: Fix rtld-audit trampoline for aarch64 + +* Mon Nov 14 2022 Arjun Shankar - 2.34-49 +- Sync with upstream branch release/2.34/master, + commit: 75b0edb7ef338084e53925139ae81fb0dfc07dd4: +- Update NEWS file in the right place +- Linux: Support __IPC_64 in sysvctl *ctl command arguments (bug 29771) +- io: Fix use-after-free in ftw [BZ #26779] +- io: Fix ftw internal realloc buffer (BZ #28126) +- regex: fix buffer read overrun in search [BZ#28470] +- regex: copy back from Gnulib +- Allow #pragma GCC in headers in conformtest +- Fix memmove call in vfprintf-internal.c:group_number +- mktime: improve heuristic for ca-1986 Indiana DST +- Makerules: fix MAKEFLAGS assignment for upcoming make-4.4 [BZ# 29564] +- linux: Fix generic struct_stat for 64 bit time (BZ# 29657) +- elf: Do not completely clear reused namespace in dlmopen (bug 29600) +- nss: Use shared prefix in IPv4 address in tst-reload1 +- nss: Fix tst-nss-files-hosts-long on single-stack hosts (bug 24816) +- nss: Implement --no-addrconfig option for getent + +* Thu Oct 13 2022 Arjun Shankar - 2.34-48 +- Handle non-hostname CNAME aliases during name resolution (#2129005) +- Sync with upstream branch release/2.34/master, + commit e3976287b22422787f3cc6fc9adda58304b55bd9: +- nscd: Drop local address tuple variable [BZ #29607] +- x86-64: Require BMI1/BMI2 for AVX2 strrchr and wcsrchr implementations +- x86-64: Require BMI2 and LZCNT for AVX2 memrchr implementation +- x86-64: Require BMI2 for AVX2 (raw|w)memchr implementations +- x86-64: Require BMI2 for AVX2 wcs(n)cmp implementations +- x86-64: Require BMI2 for AVX2 strncmp implementation +- x86-64: Require BMI2 for AVX2 strcmp implementation +- x86-64: Require BMI2 for AVX2 str(n)casecmp implementations +- x86: include BMI1 and BMI2 in x86-64-v3 level +- nptl: Add backoff mechanism to spinlock loop +- sysdeps: Add 'get_fast_jitter' interace in fast-jitter.h +- nptl: Effectively skip CAS in spinlock loop +- Move assignment out of the CAS condition +- Add LLL_MUTEX_READ_LOCK [BZ #28537] +- Avoid extra load with CAS in __pthread_mutex_clocklock_common [BZ #28537] +- Avoid extra load with CAS in __pthread_mutex_lock_full [BZ #28537] +- resolv: Fix building tst-resolv-invalid-cname for earlier C standards +- nss_dns: Rewrite _nss_dns_gethostbyname4_r using current interfaces +- resolv: Add new tst-resolv-invalid-cname +- nss_dns: In gaih_getanswer_slice, skip strange aliases (bug 12154) + (#2129005) +- nss_dns: Rewrite getanswer_r to match getanswer_ptr (bug 12154, bug 29305) +- nss_dns: Remove remnants of IPv6 address mapping +- nss_dns: Rewrite _nss_dns_gethostbyaddr2_r and getanswer_ptr +- nss_dns: Split getanswer_ptr from getanswer_r +- resolv: Add DNS packet parsing helpers geared towards wire format +- resolv: Add internal __ns_name_length_uncompressed function +- resolv: Add the __ns_samebinaryname function +- resolv: Add internal __res_binary_hnok function +- resolv: Add tst-resolv-aliases +- resolv: Add tst-resolv-byaddr for testing reverse lookup +- gconv: Use 64-bit interfaces in gconv_parseconfdir (bug 29583) +- elf: Fix hwcaps string size overestimation +- nscd: Fix netlink cache invalidation if epoll is used [BZ #29415] +- Apply asm redirections in wchar.h before first use +- Apply asm redirections in stdio.h before first use [BZ #27087] +- elf: Call __libc_early_init for reused namespaces (bug 29528) + +* Tue Oct 11 2022 Florian Weimer - 2.34-47 +- Simplify the glibc system call profile (#2117712) + +* Tue Oct 11 2022 Florian Weimer - 2.34-46 +- DSO dependency sort must put new map first even if in cycle (#2128615) + +* Tue Oct 11 2022 Florian Weimer - 2.34-45 +- Run tst-audit-tlsdesc{,-dlopen} on all architectures (#2118666) + +* Thu Oct 06 2022 Arjun Shankar - 2.34-44 +- wrap-find-debuginfo.sh: Use nm --format=posix instead of --format=just-symbols + +* Mon Oct 03 2022 Arjun Shankar - 2.34-43 +- Remove .annobin* symbols from ld.so (#2126477) + +* Tue Sep 06 2022 Arjun Shankar - 2.34-42 +- Co-Authored-By: Benjamin Herrenschmidt +- Retain .gnu_debuglink section in libc.so.6 (#2090744) +- Remove redundant ld.so debuginfo file (#2090744) + +* Tue Aug 23 2022 Arjun Shankar - 2.34-41 +- Sync with upstream branch release/2.34/master, + commit 68507377f249d165f1f35502d96e9365edb07d9a: +- socket: Check lengths before advancing pointer in CMSG_NXTHDR +- alpha: Fix generic brk system call emulation in __brk_call (bug 29490) +- stdlib: Fixup mbstowcs NULL __dst handling. [BZ #29279] +- stdlib: Remove attr_write from mbstows if dst is NULL [BZ: 29265] +- Update syscall lists for Linux 5.19 +- dlfcn: Pass caller pointer to static dlopen implementation (bug 29446) + +* Fri Jul 22 2022 Arjun Shankar - 2.34-40 +- Sync with upstream branch release/2.34/master, + commit b2f32e746492615a6eb3e66fac1e766e32e8deb1: +- malloc: Simplify implementation of __malloc_assert +- Update syscall-names.list for Linux 5.18 +- x86: Add missing IS_IN (libc) check to strncmp-sse4_2.S +- x86: Move mem{p}{mov|cpy}_{chk_}erms to its own file +- x86: Move and slightly improve memset_erms +- x86: Add definition for __wmemset_chk AVX2 RTM in ifunc impl list +- x86: Put wcs{n}len-sse4.1 in the sse4.1 text section +- x86: Align entry for memrchr to 64-bytes. +- x86: Add BMI1/BMI2 checks for ISA_V3 check +- x86: Cleanup bounds checking in large memcpy case +- x86: Add bounds `x86_non_temporal_threshold` +- x86: Add sse42 implementation to strcmp's ifunc +- x86: Fix misordered logic for setting `rep_movsb_stop_threshold` +- x86: Align varshift table to 32-bytes +- x86: ZERO_UPPER_VEC_REGISTERS_RETURN_XTEST expect no transactions +- x86: Shrink code size of memchr-evex.S +- x86: Shrink code size of memchr-avx2.S +- x86: Optimize memrchr-avx2.S +- x86: Optimize memrchr-evex.S +- x86: Optimize memrchr-sse2.S +- x86: Add COND_VZEROUPPER that can replace vzeroupper if no `ret` +- x86: Create header for VEC classes in x86 strings library +- x86_64: Add strstr function with 512-bit EVEX +- x86-64: Ignore r_addend for R_X86_64_GLOB_DAT/R_X86_64_JUMP_SLOT +- x86_64: Implement evex512 version of strlen, strnlen, wcslen and wcsnlen +- x86_64: Remove bzero optimization +- x86_64: Remove end of line trailing spaces +- nptl: Fix ___pthread_unregister_cancel_restore asynchronous restore +- linux: Fix mq_timereceive check for 32 bit fallback code (BZ 29304) + +* Fri Jun 24 2022 Florian Weimer - 2.34-39 +- Add the no-aaaa DNS stub resolver option (#2096191) + +* Tue Jun 14 2022 Arjun Shankar - 2.34-38 +- Sync with upstream branch release/2.34/master, + commit 94ab2088c37d8e4285354af120b7ed6b887b9e53: +- nss: handle stat failure in check_reload_and_get (BZ #28752) +- nss: add assert to DB_LOOKUP_FCT (BZ #28752) +- nios2: Remove _dl_skip_args usage (BZ# 29187) +- hppa: Remove _dl_skip_args usage (BZ# 29165) +- nptl: Fix __libc_cleanup_pop_restore asynchronous restore (BZ#29214) + +* Wed Jun 08 2022 Florian Weimer - 2.34-37 +- Enable rseq by default and add GLIBC_2.35 rseq symbols (#2085529) + +* Wed Jun 08 2022 Florian Weimer - 2.34-36 +- Sync with upstream branch release/2.34/master, + commit 4c92a1041257c0155c6aa7a182fe5f78e477b0e6: +- powerpc: Fix VSX register number on __strncpy_power9 [BZ #29197] +- socket: Fix mistyped define statement in socket/sys/socket.h (BZ #29225) +- iconv: Use 64 bit stat for gconv_parseconfdir (BZ# 29213) +- catgets: Use 64 bit stat for __open_catalog (BZ# 29211) +- inet: Use 64 bit stat for ruserpass (BZ# 29210) +- socket: Use 64 bit stat for isfdtype (BZ# 29209) +- posix: Use 64 bit stat for fpathconf (_PC_ASYNC_IO) (BZ# 29208) +- posix: Use 64 bit stat for posix_fallocate fallback (BZ# 29207) +- misc: Use 64 bit stat for getusershell (BZ# 29204) +- misc: Use 64 bit stat for daemon (BZ# 29203) + +* Tue May 31 2022 Arjun Shankar - 2.34-35 +- Sync with upstream branch release/2.34/master, + commit ff450cdbdee0b8cb6b9d653d6d2fa892de29be31: +- Fix deadlock when pthread_atfork handler calls pthread_atfork or dlclose +- x86: Fallback {str|wcs}cmp RTM in the ncmp overflow case [BZ #29127] +- string.h: fix __fortified_attr_access macro call [BZ #29162] +- linux: Add a getauxval test [BZ #23293] +- rtld: Use generic argv adjustment in ld.so [BZ #23293] +- S390: Enable static PIE + +* Thu May 19 2022 Florian Weimer - 2.34-34 +- Sync with upstream branch release/2.34/master, + commit ede8d94d154157d269b18f3601440ac576c1f96a: +- csu: Implement and use _dl_early_allocate during static startup +- Linux: Introduce __brk_call for invoking the brk system call +- Linux: Implement a useful version of _startup_fatal +- ia64: Always define IA64_USE_NEW_STUB as a flag macro +- Linux: Define MMAP_CALL_INTERNAL +- i386: Honor I386_USE_SYSENTER for 6-argument Linux system calls +- i386: Remove OPTIMIZE_FOR_GCC_5 from Linux libc-do-syscall.S +- elf: Remove __libc_init_secure +- Linux: Consolidate auxiliary vector parsing (redo) +- Linux: Include in dl-sysdep.c only for SHARED +- Revert "Linux: Consolidate auxiliary vector parsing" +- Linux: Consolidate auxiliary vector parsing +- Linux: Assume that NEED_DL_SYSINFO_DSO is always defined +- Linux: Remove DL_FIND_ARG_COMPONENTS +- Linux: Remove HAVE_AUX_SECURE, HAVE_AUX_XID, HAVE_AUX_PAGESIZE +- elf: Merge dl-sysdep.c into the Linux version +- elf: Remove unused NEED_DL_BASE_ADDR and _dl_base_addr +- x86: Optimize {str|wcs}rchr-evex +- x86: Optimize {str|wcs}rchr-avx2 +- x86: Optimize {str|wcs}rchr-sse2 +- x86: Cleanup page cross code in memcmp-avx2-movbe.S +- x86: Remove memcmp-sse4.S +- x86: Small improvements for wcslen +- x86: Remove AVX str{n}casecmp +- x86: Add EVEX optimized str{n}casecmp +- x86: Add AVX2 optimized str{n}casecmp +- x86: Optimize str{n}casecmp TOLOWER logic in strcmp-sse42.S +- x86: Optimize str{n}casecmp TOLOWER logic in strcmp.S +- x86: Remove strspn-sse2.S and use the generic implementation +- x86: Remove strpbrk-sse2.S and use the generic implementation +- x86: Remove strcspn-sse2.S and use the generic implementation +- x86: Optimize strspn in strspn-c.c +- x86: Optimize strcspn and strpbrk in strcspn-c.c +- x86: Code cleanup in strchr-evex and comment justifying branch +- x86: Code cleanup in strchr-avx2 and comment justifying branch +- x86_64: Remove bcopy optimizations +- x86-64: Remove bzero weak alias in SS2 memset +- x86_64/multiarch: Sort sysdep_routines and put one entry per line +- x86: Improve L to support L(XXX_SYMBOL (YYY, ZZZ)) +- fortify: Ensure that __glibc_fortify condition is a constant [BZ #29141] + +* Thu May 12 2022 Florian Weimer - 2.34-33 +- Sync with upstream branch release/2.34/master, + commit 91c2e6c3db44297bf4cb3a2e3c40236c5b6a0b23: +- dlfcn: Implement the RTLD_DI_PHDR request type for dlinfo +- manual: Document the dlinfo function +- x86: Fix fallback for wcsncmp_avx2 in strcmp-avx2.S [BZ #28896] +- x86: Fix bug in strncmp-evex and strncmp-avx2 [BZ #28895] +- x86: Set .text section in memset-vec-unaligned-erms +- x86-64: Optimize bzero +- x86: Remove SSSE3 instruction for broadcast in memset.S (SSE2 Only) +- x86: Improve vec generation in memset-vec-unaligned-erms.S +- x86-64: Fix strcmp-evex.S +- x86-64: Fix strcmp-avx2.S +- x86: Optimize strcmp-evex.S +- x86: Optimize strcmp-avx2.S +- manual: Clarify that abbreviations of long options are allowed +- Add HWCAP2_AFP, HWCAP2_RPRES from Linux 5.17 to AArch64 bits/hwcap.h +- aarch64: Add HWCAP2_ECV from Linux 5.16 +- Add SOL_MPTCP, SOL_MCTP from Linux 5.16 to bits/socket.h +- Update kernel version to 5.17 in tst-mman-consts.py +- Update kernel version to 5.16 in tst-mman-consts.py +- Update syscall lists for Linux 5.17 +- Add ARPHRD_CAN, ARPHRD_MCTP to net/if_arp.h +- Update kernel version to 5.15 in tst-mman-consts.py +- Add PF_MCTP, AF_MCTP from Linux 5.15 to bits/socket.h + +* Thu Apr 28 2022 Carlos O'Donell - 2.34-32 +- Sync with upstream branch release/2.34/master, + commit c66c92181ddbd82306537a608e8c0282587131de: +- posix/glob.c: update from gnulib (BZ#25659) +- linux: Fix fchmodat with AT_SYMLINK_NOFOLLOW for 64 bit time_t (BZ#29097) + +* Wed Apr 27 2022 Carlos O'Donell - 2.34-31 +- Sync with upstream branch release/2.34/master, + commit 55640ed3fde48360a8e8083be4843bd2dc7cecfe: +- i386: Regenerate ulps +- linux: Fix missing internal 64 bit time_t stat usage +- x86: Optimize L(less_vec) case in memcmp-evex-movbe.S +- x86: Don't set Prefer_No_AVX512 for processors with AVX512 and AVX-VNNI +- x86-64: Use notl in EVEX strcmp [BZ #28646] +- x86: Shrink memcmp-sse4.S code size +- x86: Double size of ERMS rep_movsb_threshold in dl-cacheinfo.h +- x86: Optimize memmove-vec-unaligned-erms.S +- x86-64: Replace movzx with movzbl +- x86-64: Remove Prefer_AVX2_STRCMP +- x86-64: Improve EVEX strcmp with masked load +- x86: Replace sse2 instructions with avx in memcmp-evex-movbe.S +- x86: Optimize memset-vec-unaligned-erms.S +- x86: Optimize memcmp-evex-movbe.S for frontend behavior and size +- x86: Modify ENTRY in sysdep.h so that p2align can be specified +- x86-64: Optimize load of all bits set into ZMM register [BZ #28252] +- scripts/glibcelf.py: Mark as UNSUPPORTED on Python 3.5 and earlier +- dlfcn: Do not use rtld_active () to determine ld.so state (bug 29078) +- INSTALL: Rephrase -with-default-link documentation +- misc: Fix rare fortify crash on wchar funcs. [BZ 29030] +- Default to --with-default-link=no (bug 25812) +- scripts: Add glibcelf.py module + +* Thu Apr 21 2022 Carlos O'Donell - 2.34-30 +- Sync with upstream branch release/2.34/master, + commit 71326f1f2fd09dafb9c34404765fb88129e94237: +- nptl: Fix pthread_cancel cancelhandling atomic operations +- mips: Fix mips64n32 64 bit time_t stat support (BZ#29069) +- hurd: Fix arbitrary error code +- nptl: Handle spurious EINTR when thread cancellation is disabled (BZ#29029) +- S390: Add new s390 platform z16. +- NEWS: Update fixed bug list for LD_AUDIT backports. +- hppa: Fix bind-now audit (BZ #28857) +- elf: Replace tst-audit24bmod2.so with tst-audit24bmod2 +- Fix elf/tst-audit25a with default bind now toolchains +- elf: Fix runtime linker auditing on aarch64 (BZ #26643) +- elf: Issue la_symbind for bind-now (BZ #23734) +- elf: Fix initial-exec TLS access on audit modules (BZ #28096) +- elf: Add la_activity during application exit +- elf: Do not fail for failed dlmopen on audit modules (BZ #28061) +- elf: Issue audit la_objopen for vDSO +- elf: Add audit tests for modules with TLSDESC +- elf: Avoid unnecessary slowdown from profiling with audit (BZ#15533) +- elf: Add _dl_audit_pltexit +- elf: Add _dl_audit_pltenter +- elf: Add _dl_audit_preinit +- elf: Add _dl_audit_symbind_alt and _dl_audit_symbind +- elf: Add _dl_audit_objclose +- elf: Add _dl_audit_objsearch +- elf: Add _dl_audit_activity_map and _dl_audit_activity_nsid +- elf: Add _dl_audit_objopen +- elf: Move la_activity (LA_ACT_ADD) after _dl_add_to_namespace_list() (BZ #28062) +- elf: Move LAV_CURRENT to link_lavcurrent.h +- elf: Fix elf_get_dynamic_info() for bootstrap +- elf: Fix dynamic-link.h usage on rtld.c +- elf: Fix elf_get_dynamic_info definition +- elf: Avoid nested functions in the loader [BZ #27220] +- powerpc: Delete unneeded ELF_MACHINE_BEFORE_RTLD_RELOC +- hppa: Use END instead of PSEUDO_END in swapcontext.S +- hppa: Implement swapcontext in assembler (bug 28960) + +* Tue Mar 15 2022 Florian Weimer - 2.34-29 +- Sync with upstream branch release/2.34/master, + commit 224d8c1890b6c57c7e4e8ddbb792dd9552086704: +- debug: Synchronize feature guards in fortified functions [BZ #28746] +- debug: Autogenerate _FORTIFY_SOURCE tests +- Enable _FORTIFY_SOURCE=3 for gcc 12 and above +- fortify: Fix spurious warning with realpath +- __glibc_unsafe_len: Fix comment +- debug: Add tests for _FORTIFY_SOURCE=3 +- Make sure that the fortified function conditionals are constant +- Don't add access size hints to fortifiable functions +- nss: Protect against errno changes in function lookup (bug 28953) +- nss: Do not mention NSS test modules in +- io: Add fsync call in tst-stat +- hppa: Fix warnings from _dl_lookup_address +- nptl: Fix cleanups for stack grows up [BZ# 28899] +- hppa: Revise gettext trampoline design +- hppa: Fix swapcontext +- Fix elf/tst-audit2 on hppa +- localedef: Handle symbolic links when generating locale-archive +- NEWS: Add a bug fix entry for BZ #28896 +- x86: Fix TEST_NAME to make it a string in tst-strncmp-rtm.c +- x86: Test wcscmp RTM in the wcsncmp overflow case [BZ #28896] +- x86: Fallback {str|wcs}cmp RTM in the ncmp overflow case [BZ #28896] +- string: Add a testcase for wcsncmp with SIZE_MAX [BZ #28755] +- linux: fix accuracy of get_nprocs and get_nprocs_conf [BZ #28865] +- Add reference to BZ#28860 on NEWS +- linux: Fix missing __convert_scm_timestamps (BZ #28860) + +* Tue Mar 08 2022 Arjun Shankar - 2.34-28 +- Reduce installed size of some langpacks by de-duplicating LC_CTYPE (#2054789) +- Fix localedef so it can handle symbolic links when generating locale-archive. +- Drop glibc-fedora-localedef.patch and adjust locale installation + accordingly so that installed content remains unchanged. + +* Mon Feb 28 2022 Florian Weimer - 2.34-27 +- Fix regression (ldd crash) during dependency sorting in ld.so (#2058230) + +* Mon Feb 28 2022 Florian Weimer - 2.34-26 +- Fix localedef compilation of C.UTF-8 (empty LC_MONETARY keywords) (#2058224) + +* Thu Feb 03 2022 Florian Weimer - 2.34-25 +- Sync with upstream branch release/2.34/master, + commit 6eaf10cbb78d22eae7999d9de55f6b93999e0860: +- socket: Do not use AF_NETLINK in __opensock +- hurd if_index: Explicitly use AF_INET for if index discovery +- Linux: Simplify __opensock and fix race condition [BZ #28353] +- linux: __get_nprocs_sched: do not feed CPU_COUNT_S with garbage [BZ #28850] + +* Tue Feb 01 2022 Florian Weimer - 2.34-24 +- Sync with upstream branch release/2.34/master, + commit 008003dc6e83439c5e04a744b7fd8197df19096e: +- tst-socket-timestamp-compat.c: Check __TIMESIZE [BZ #28837] +- Linux: Only generate 64 bit timestamps for 64 bit time_t recvmsg/recvmmsg +- linux: Fix ancillary 64-bit time timestamp conversion (BZ #28349, BZ#28350) +- support: Add support_socket_so_timestamp_time64 + +* Tue Feb 01 2022 Florian Weimer - 2.34-23 +- Align with glibc 2.35 version of C.UTF-8 + +* Tue Feb 01 2022 Florian Weimer - 2.34-22 +- Sync with upstream branch release/2.34/master, + commit aa601d024424c40ae9a69b0c4e394a70ea0570c8: +- x86: Use CHECK_FEATURE_PRESENT to check HLE [BZ #27398] +- x86: Filter out more Intel CPUs for TSX [BZ #27398] +- Fix glibc 2.34 ABI omission (missing GLIBC_2.34 in dynamic loader) +- x86: Fix __wcsncmp_evex in strcmp-evex.S [BZ# 28755] +- x86: Fix __wcsncmp_avx2 in strcmp-avx2.S [BZ# 28755] + +* Mon Jan 24 2022 Florian Weimer - 2.34-21 +- Sync with upstream branch release/2.34/master, + commit 3438bbca90895d32825a52e31a77dc44d273c1c1: +- Linux: Detect user namespace support in io/tst-getcwd-smallbuff +- realpath: Avoid overwriting preexisting error +- CVE-2021-3999: getcwd: Set errno to ERANGE for size == 1 +- tst-realpath-toolong: Fix hurd build +- CVE-2021-3998: realpath: ENAMETOOLONG for result larger than PATH_MAX +- stdlib: Fix formatting of tests list in Makefile +- stdlib: Sort tests in Makefile +- support: Add helpers to create paths longer than PATH_MAX +- powerpc: Fix unrecognized instruction errors with recent binutils +- x86: use default cache size if it cannot be determined [BZ #28784] +- CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bug 28768) +- sunrpc: Test case for clnt_create "unix" buffer overflow (bug 22542) +- CVE-2022-23219: Buffer overflow in sunrpc clnt_create for "unix" (bug 22542) +- socket: Add the __sockaddr_un_set function +- Disable debuginfod in printer tests [BZ #28757] +- Update syscall lists for Linux 5.16 + +glibc-common| +* Wed Jan 24 2024 Patsy Griffin - 2.34-100 +- manual: fix order of arguments of memalign and aligned_alloc (RHEL-21556) + +* Tue Jan 09 2024 Arjun Shankar - 2.34-99 +- getaddrinfo: Return correct error EAI_MEMORY when out-of-memory (RHEL-19444) + +* Mon Jan 08 2024 Arjun Shankar - 2.34-98 +- getaddrinfo: Fix occasionally empty result due to nscd cache order (RHEL-16643) + +* Tue Jan 02 2024 Florian Weimer - 2.34-97 +- Re-enable output buffering for wide stdio streams (RHEL-19862) + +* Thu Dec 21 2023 Carlos O'Donell - 2.34-96 +- Fix TLS corruption during dlopen()/dlclose() sequences (RHEL-17465) + +* Fri Dec 08 2023 Florian Weimer - 2.34-95 +- Improve compatibility between underlinking and IFUNC resolvers (RHEL-17319) + +* Thu Dec 07 2023 Patsy Griffin - 2.34-94 +- Update syscall-names.list for Linux 6.6. (RHEL-16016) + +* Wed Dec 06 2023 Patsy Griffin - 2.34-93 +- malloc: Use __get_nprocs on arena_get2. (RHEL-17157) + +* Fri Dec 01 2023 Patsy Griffin - 2.34-92 +- Improve test coverage for wcsdup, strdup and strndup. (RHEL-15343) + +* Fri Nov 24 2023 Florian Weimer - 2.34-91 +- fstat performance enhancement (RHEL-2338) + +* Tue Nov 21 2023 Florian Weimer - 2.34-90 +- ldconfig should skip temporary files created by RPM (RHEL-14383) + +* Mon Nov 20 2023 Florian Weimer - 2.34-89 +- Fix force-first handling in dlclose (RHEL-2491) + +* Wed Nov 15 2023 Arjun Shankar - 2.34-88 +- nscd: Refer to /run instead of /var/run in systemd socket file + (RHEL-16275) + +* Fri Nov 10 2023 Florian Weimer - 2.34-87 +- Fix slow tls access after dlopen (RHEL-2123) + +* Tue Oct 24 2023 Arjun Shankar - 2.34-86 +- Add /usr/share/doc/glibc/gai.conf to glibc-doc (RHEL-14545) + +* Fri Oct 20 2023 Florian Weimer - 2.34-85 +- nscd: Skip unusable entries in first pass in prune_cache (RHEL-3397) + +* Mon Oct 09 2023 Florian Weimer - 2.34-84 +- x86-64: Report non-zero cache sizes under TDX hypervisors (RHEL-1191) + +* Mon Sep 25 2023 Florian Weimer - 2.34-83.7 +- Fix memory leak regression in getaddrinfo (RHEL-2426) + +* Tue Sep 19 2023 Carlos O'Donell - 2.34-83.6 +- CVE-2023-4911 glibc: buffer overflow in ld.so leading to privilege escalation (RHEL-3000) + +* Tue Sep 19 2023 Florian Weimer - 2.34-83.5 +- Revert: Always call destructors in reverse constructor order (RHEL-2491) + +* Mon Sep 18 2023 Siddhesh Poyarekar - 2.34-83.4 +- CVE-2023-4806 glibc: potential use-after-free in getaddrinfo (RHEL-2426) + +* Fri Sep 15 2023 Siddhesh Poyarekar - 2.34-83.3 +- CVE-2023-4813: potential use-after-free in gaih_inet (RHEL-2438) + +* Fri Sep 15 2023 Carlos O'Donell - 2.34-83.2 +- CVE-2023-4527: Stack read overflow in getaddrinfo in no-aaaa mode (#2234716) + +* Thu Sep 14 2023 Carlos O'Donell - 2.34-83.1 +- Always call destructors in reverse constructor order (RHEL-2491) + +* Wed Sep 13 2023 DJ Delorie - 2.34-83 +- Add support for ppc64le hwcaps tunables (RHEL-1017) + +* Tue Aug 15 2023 Carlos O'Donell - 2.34-82 +- Fix string and memory function tuning on small systems (#2213907) + +* Mon Aug 14 2023 Florian Weimer - 2.34-81 +- Fix additional GCC 13 build issue (#2222188) + +* Fri Aug 11 2023 Florian Weimer - 2.34-80 +- Fix AMD cache size computation for hypervisors, old CPUs (#2166710) + +* Tue Aug 08 2023 DJ Delorie - 2.34-79 +- Fix temporal threshold calculations (#2213907) + +* Fri Aug 04 2023 Florian Weimer - 2.34-78 +- Ignore symbolic link change on /etc/nsswitch.conf (#2229156) + +* Fri Jul 28 2023 Florian Weimer - 2.34-77 +- Fix regression with IPv4 mapped addresses in /etc/hosts (#2224504) + +* Tue Jul 25 2023 Florian Weimer - 2.34-76 +- Fix accidentally disabled rseq test (#2224289) + +* Fri Jul 21 2023 Florian Weimer - 2.34-75 +- Make libSegFault.so NODELETE (#2224349) + +* Fri Jul 21 2023 Florian Weimer - 2.34-74 +- rseq_area should always be 32 bytes large (#2224289) + +* Thu Jul 20 2023 Florian Weimer - 2.34-73 +- GCC Toolset 13 C++ compatibility for iseqsig (#2222188) + +* Fri Jul 07 2023 Carlos O'Donell - 2.34-72 +- Update ESTALE error message translations (RHEL-729) + +* Fri Jul 07 2023 Carlos O'Donell - 2.34-71 +- Avoid lazy binding failures during dlclose (#2189923) + +* Mon Jun 26 2023 Arjun Shankar - 2.34-70 +- resolv_conf: release lock on allocation failure (#2213908) + +* Mon Jun 26 2023 Arjun Shankar - 2.34-69 +- strerror must not return NULL (#2215368) + +* Mon May 08 2023 DJ Delorie - 2.34-68 +- Switch to sysusers_ctl instead of useradd (#2095417) + +* Fri Apr 28 2023 Florian Weimer - 2.34-67 +- Sync with upstream branch release/2.34/master, + commit 0ea8174d62263c2679c95c0d215d2627e560f7aa: +- gmon: fix memory corruption issues [BZ# 30101] +- gmon: improve mcount overflow handling [BZ# 27576] +- gmon: Fix allocated buffer overflow (bug 29444) +- posix: Fix system blocks SIGCHLD erroneously [BZ #30163] +- x86_64: Fix asm constraints in feraiseexcept (bug 30305) +- gshadow: Matching sgetsgent, sgetsgent_r ERANGE handling (bug 30151) +- x86: Check minimum/maximum of non_temporal_threshold [BZ #29953] + +* Thu Apr 20 2023 Patsy Griffin - 2.34-66 +- x86: Cache computation for AMD architecture. (#2166710) + +* Fri Apr 14 2023 Florian Weimer - 2.34-65 +- Do not add = to linker scripts in sysroot (#2153855) + +* Thu Apr 06 2023 DJ Delorie - 2.34-64 +- x86: Use CHECK_FEATURE_PRESENT on PCONFIG (#2149615) + +* Thu Mar 30 2023 Arjun Shankar - 2.34-63 +- s390x: Influence hwcaps/stfle via glibc.cpu.hwcaps tunable (#2169978) + +* Wed Mar 29 2023 DJ Delorie - 2.34-62 +- x86: Don't check PREFETCHWT1 in tst-cpu-features-cpuinfo.c (#2149615) + +* Mon Mar 06 2023 Carlos O'Donell - 2.34-61 +- Fix nested atexit calls from atexit handlers (#2172953) + +* Wed Feb 08 2023 Florian Weimer - 2.34-60 +- Upstream test for ldconfig -p (#2167811) + +* Wed Feb 08 2023 Florian Weimer - 2.34-59 +- Fix ldconfig -p on i686 (#2167811) + +* Wed Jan 25 2023 Florian Weimer - 2.34-58 +- Enhance internal tunables ABI stability (awk iteration order) (#2162962) + +* Tue Jan 17 2023 Florian Weimer - 2.34-57 +- Sync with upstream branch release/2.34/master, + commit 6484ae5b8c4d4314f748e4d3c9a9baa5385e57c5 +- malloc: Fix -Wuse-after-free warning in tst-mallocalign1 [BZ #26779] +- s_sincosf.h: Change pio4 type to float [BZ #28713] +- math: Properly cast X_TLOSS to float [BZ #28713] +- Regenerate ulps on x86_64 with GCC 12 +- Avoid -Wuse-after-free in tests [BZ #26779]. +- Fix build of nptl/tst-thread_local1.cc with GCC 12 +- Fix stdio-common tests for GCC 12 -Waddress +- Fix stdlib/tst-setcontext.c for GCC 12 -Warray-compare +- resolv: Avoid GCC 12 false positive warning [BZ #28439]. +- intl: Avoid -Wuse-after-free [BZ #26779] +- elf: Drop elf/tls-macros.h in favor of __thread and tls_model attributes [BZ #28152] [BZ #28205] +- time: Set daylight to 1 for matching DST/offset change (RHBZ#2155352) +- elf/tst-tlsopt-powerpc fails when compiled with -mcpu=power10 (BZ# 29776) +- time: Use 64 bit time on tzfile +- nscd: Use 64 bit time_t on libc nscd routines (BZ# 29402) +- nis: Build libnsl with 64 bit time_t +- Use LFS and 64 bit time for installed programs (BZ #15333) + +* Mon Dec 12 2022 Tulio Magno Quites Machado Filho - 2.34-56 +- Earlier removal of alternative multilibs (#2149994) + +* Mon Dec 12 2022 Tulio Magno Quites Machado Filho - 2.34-55 +- Earlier removal of alternative multilibs (#2149994) + +* Mon Dec 12 2022 Florian Weimer - 2.34-54 +- Install kernel header files into the sysroot subpackage (#2149644) + +* Wed Dec 07 2022 Arjun Shankar - 2.34-53 +- Sync with upstream branch release/2.34/master, + commit a4217408a3d6050a7f42ac23adb6ac7218dca85f: +- Apply asm redirections in syslog.h before first use [BZ #27087] +- _Static_assert needs two arguments for compatibility with GCC before 9 + +* Wed Nov 30 2022 Florian Weimer - 2.34-52 +- Add noarch sysroot subpackages (#2149644) + +* Tue Nov 29 2022 Florian Weimer - 2.34-51 +- Prepare for integration of GCC 8 compatible _Static_assert (#2149102) + +* Fri Nov 25 2022 Arjun Shankar - 2.34-50 +- Sync with upstream branch release/2.34/master, + commit 405b8ae13540e9fd614df614e3361ebf9abd14cf: +- elf: Fix wrong fscanf usage on tst-pldd +- Allow for unpriviledged nested containers +- elf: Fix wrong fscanf usage on tst-pldd +- x86: Fix wcsnlen-avx2 page cross length comparison [BZ #29591] +- elf: Fix rtld-audit trampoline for aarch64 + +* Mon Nov 14 2022 Arjun Shankar - 2.34-49 +- Sync with upstream branch release/2.34/master, + commit: 75b0edb7ef338084e53925139ae81fb0dfc07dd4: +- Update NEWS file in the right place +- Linux: Support __IPC_64 in sysvctl *ctl command arguments (bug 29771) +- io: Fix use-after-free in ftw [BZ #26779] +- io: Fix ftw internal realloc buffer (BZ #28126) +- regex: fix buffer read overrun in search [BZ#28470] +- regex: copy back from Gnulib +- Allow #pragma GCC in headers in conformtest +- Fix memmove call in vfprintf-internal.c:group_number +- mktime: improve heuristic for ca-1986 Indiana DST +- Makerules: fix MAKEFLAGS assignment for upcoming make-4.4 [BZ# 29564] +- linux: Fix generic struct_stat for 64 bit time (BZ# 29657) +- elf: Do not completely clear reused namespace in dlmopen (bug 29600) +- nss: Use shared prefix in IPv4 address in tst-reload1 +- nss: Fix tst-nss-files-hosts-long on single-stack hosts (bug 24816) +- nss: Implement --no-addrconfig option for getent + +* Thu Oct 13 2022 Arjun Shankar - 2.34-48 +- Handle non-hostname CNAME aliases during name resolution (#2129005) +- Sync with upstream branch release/2.34/master, + commit e3976287b22422787f3cc6fc9adda58304b55bd9: +- nscd: Drop local address tuple variable [BZ #29607] +- x86-64: Require BMI1/BMI2 for AVX2 strrchr and wcsrchr implementations +- x86-64: Require BMI2 and LZCNT for AVX2 memrchr implementation +- x86-64: Require BMI2 for AVX2 (raw|w)memchr implementations +- x86-64: Require BMI2 for AVX2 wcs(n)cmp implementations +- x86-64: Require BMI2 for AVX2 strncmp implementation +- x86-64: Require BMI2 for AVX2 strcmp implementation +- x86-64: Require BMI2 for AVX2 str(n)casecmp implementations +- x86: include BMI1 and BMI2 in x86-64-v3 level +- nptl: Add backoff mechanism to spinlock loop +- sysdeps: Add 'get_fast_jitter' interace in fast-jitter.h +- nptl: Effectively skip CAS in spinlock loop +- Move assignment out of the CAS condition +- Add LLL_MUTEX_READ_LOCK [BZ #28537] +- Avoid extra load with CAS in __pthread_mutex_clocklock_common [BZ #28537] +- Avoid extra load with CAS in __pthread_mutex_lock_full [BZ #28537] +- resolv: Fix building tst-resolv-invalid-cname for earlier C standards +- nss_dns: Rewrite _nss_dns_gethostbyname4_r using current interfaces +- resolv: Add new tst-resolv-invalid-cname +- nss_dns: In gaih_getanswer_slice, skip strange aliases (bug 12154) + (#2129005) +- nss_dns: Rewrite getanswer_r to match getanswer_ptr (bug 12154, bug 29305) +- nss_dns: Remove remnants of IPv6 address mapping +- nss_dns: Rewrite _nss_dns_gethostbyaddr2_r and getanswer_ptr +- nss_dns: Split getanswer_ptr from getanswer_r +- resolv: Add DNS packet parsing helpers geared towards wire format +- resolv: Add internal __ns_name_length_uncompressed function +- resolv: Add the __ns_samebinaryname function +- resolv: Add internal __res_binary_hnok function +- resolv: Add tst-resolv-aliases +- resolv: Add tst-resolv-byaddr for testing reverse lookup +- gconv: Use 64-bit interfaces in gconv_parseconfdir (bug 29583) +- elf: Fix hwcaps string size overestimation +- nscd: Fix netlink cache invalidation if epoll is used [BZ #29415] +- Apply asm redirections in wchar.h before first use +- Apply asm redirections in stdio.h before first use [BZ #27087] +- elf: Call __libc_early_init for reused namespaces (bug 29528) + +* Tue Oct 11 2022 Florian Weimer - 2.34-47 +- Simplify the glibc system call profile (#2117712) + +* Tue Oct 11 2022 Florian Weimer - 2.34-46 +- DSO dependency sort must put new map first even if in cycle (#2128615) + +* Tue Oct 11 2022 Florian Weimer - 2.34-45 +- Run tst-audit-tlsdesc{,-dlopen} on all architectures (#2118666) + +* Thu Oct 06 2022 Arjun Shankar - 2.34-44 +- wrap-find-debuginfo.sh: Use nm --format=posix instead of --format=just-symbols + +* Mon Oct 03 2022 Arjun Shankar - 2.34-43 +- Remove .annobin* symbols from ld.so (#2126477) + +* Tue Sep 06 2022 Arjun Shankar - 2.34-42 +- Co-Authored-By: Benjamin Herrenschmidt +- Retain .gnu_debuglink section in libc.so.6 (#2090744) +- Remove redundant ld.so debuginfo file (#2090744) + +* Tue Aug 23 2022 Arjun Shankar - 2.34-41 +- Sync with upstream branch release/2.34/master, + commit 68507377f249d165f1f35502d96e9365edb07d9a: +- socket: Check lengths before advancing pointer in CMSG_NXTHDR +- alpha: Fix generic brk system call emulation in __brk_call (bug 29490) +- stdlib: Fixup mbstowcs NULL __dst handling. [BZ #29279] +- stdlib: Remove attr_write from mbstows if dst is NULL [BZ: 29265] +- Update syscall lists for Linux 5.19 +- dlfcn: Pass caller pointer to static dlopen implementation (bug 29446) + +* Fri Jul 22 2022 Arjun Shankar - 2.34-40 +- Sync with upstream branch release/2.34/master, + commit b2f32e746492615a6eb3e66fac1e766e32e8deb1: +- malloc: Simplify implementation of __malloc_assert +- Update syscall-names.list for Linux 5.18 +- x86: Add missing IS_IN (libc) check to strncmp-sse4_2.S +- x86: Move mem{p}{mov|cpy}_{chk_}erms to its own file +- x86: Move and slightly improve memset_erms +- x86: Add definition for __wmemset_chk AVX2 RTM in ifunc impl list +- x86: Put wcs{n}len-sse4.1 in the sse4.1 text section +- x86: Align entry for memrchr to 64-bytes. +- x86: Add BMI1/BMI2 checks for ISA_V3 check +- x86: Cleanup bounds checking in large memcpy case +- x86: Add bounds `x86_non_temporal_threshold` +- x86: Add sse42 implementation to strcmp's ifunc +- x86: Fix misordered logic for setting `rep_movsb_stop_threshold` +- x86: Align varshift table to 32-bytes +- x86: ZERO_UPPER_VEC_REGISTERS_RETURN_XTEST expect no transactions +- x86: Shrink code size of memchr-evex.S +- x86: Shrink code size of memchr-avx2.S +- x86: Optimize memrchr-avx2.S +- x86: Optimize memrchr-evex.S +- x86: Optimize memrchr-sse2.S +- x86: Add COND_VZEROUPPER that can replace vzeroupper if no `ret` +- x86: Create header for VEC classes in x86 strings library +- x86_64: Add strstr function with 512-bit EVEX +- x86-64: Ignore r_addend for R_X86_64_GLOB_DAT/R_X86_64_JUMP_SLOT +- x86_64: Implement evex512 version of strlen, strnlen, wcslen and wcsnlen +- x86_64: Remove bzero optimization +- x86_64: Remove end of line trailing spaces +- nptl: Fix ___pthread_unregister_cancel_restore asynchronous restore +- linux: Fix mq_timereceive check for 32 bit fallback code (BZ 29304) + +* Fri Jun 24 2022 Florian Weimer - 2.34-39 +- Add the no-aaaa DNS stub resolver option (#2096191) + +* Tue Jun 14 2022 Arjun Shankar - 2.34-38 +- Sync with upstream branch release/2.34/master, + commit 94ab2088c37d8e4285354af120b7ed6b887b9e53: +- nss: handle stat failure in check_reload_and_get (BZ #28752) +- nss: add assert to DB_LOOKUP_FCT (BZ #28752) +- nios2: Remove _dl_skip_args usage (BZ# 29187) +- hppa: Remove _dl_skip_args usage (BZ# 29165) +- nptl: Fix __libc_cleanup_pop_restore asynchronous restore (BZ#29214) + +* Wed Jun 08 2022 Florian Weimer - 2.34-37 +- Enable rseq by default and add GLIBC_2.35 rseq symbols (#2085529) + +* Wed Jun 08 2022 Florian Weimer - 2.34-36 +- Sync with upstream branch release/2.34/master, + commit 4c92a1041257c0155c6aa7a182fe5f78e477b0e6: +- powerpc: Fix VSX register number on __strncpy_power9 [BZ #29197] +- socket: Fix mistyped define statement in socket/sys/socket.h (BZ #29225) +- iconv: Use 64 bit stat for gconv_parseconfdir (BZ# 29213) +- catgets: Use 64 bit stat for __open_catalog (BZ# 29211) +- inet: Use 64 bit stat for ruserpass (BZ# 29210) +- socket: Use 64 bit stat for isfdtype (BZ# 29209) +- posix: Use 64 bit stat for fpathconf (_PC_ASYNC_IO) (BZ# 29208) +- posix: Use 64 bit stat for posix_fallocate fallback (BZ# 29207) +- misc: Use 64 bit stat for getusershell (BZ# 29204) +- misc: Use 64 bit stat for daemon (BZ# 29203) + +* Tue May 31 2022 Arjun Shankar - 2.34-35 +- Sync with upstream branch release/2.34/master, + commit ff450cdbdee0b8cb6b9d653d6d2fa892de29be31: +- Fix deadlock when pthread_atfork handler calls pthread_atfork or dlclose +- x86: Fallback {str|wcs}cmp RTM in the ncmp overflow case [BZ #29127] +- string.h: fix __fortified_attr_access macro call [BZ #29162] +- linux: Add a getauxval test [BZ #23293] +- rtld: Use generic argv adjustment in ld.so [BZ #23293] +- S390: Enable static PIE + +* Thu May 19 2022 Florian Weimer - 2.34-34 +- Sync with upstream branch release/2.34/master, + commit ede8d94d154157d269b18f3601440ac576c1f96a: +- csu: Implement and use _dl_early_allocate during static startup +- Linux: Introduce __brk_call for invoking the brk system call +- Linux: Implement a useful version of _startup_fatal +- ia64: Always define IA64_USE_NEW_STUB as a flag macro +- Linux: Define MMAP_CALL_INTERNAL +- i386: Honor I386_USE_SYSENTER for 6-argument Linux system calls +- i386: Remove OPTIMIZE_FOR_GCC_5 from Linux libc-do-syscall.S +- elf: Remove __libc_init_secure +- Linux: Consolidate auxiliary vector parsing (redo) +- Linux: Include in dl-sysdep.c only for SHARED +- Revert "Linux: Consolidate auxiliary vector parsing" +- Linux: Consolidate auxiliary vector parsing +- Linux: Assume that NEED_DL_SYSINFO_DSO is always defined +- Linux: Remove DL_FIND_ARG_COMPONENTS +- Linux: Remove HAVE_AUX_SECURE, HAVE_AUX_XID, HAVE_AUX_PAGESIZE +- elf: Merge dl-sysdep.c into the Linux version +- elf: Remove unused NEED_DL_BASE_ADDR and _dl_base_addr +- x86: Optimize {str|wcs}rchr-evex +- x86: Optimize {str|wcs}rchr-avx2 +- x86: Optimize {str|wcs}rchr-sse2 +- x86: Cleanup page cross code in memcmp-avx2-movbe.S +- x86: Remove memcmp-sse4.S +- x86: Small improvements for wcslen +- x86: Remove AVX str{n}casecmp +- x86: Add EVEX optimized str{n}casecmp +- x86: Add AVX2 optimized str{n}casecmp +- x86: Optimize str{n}casecmp TOLOWER logic in strcmp-sse42.S +- x86: Optimize str{n}casecmp TOLOWER logic in strcmp.S +- x86: Remove strspn-sse2.S and use the generic implementation +- x86: Remove strpbrk-sse2.S and use the generic implementation +- x86: Remove strcspn-sse2.S and use the generic implementation +- x86: Optimize strspn in strspn-c.c +- x86: Optimize strcspn and strpbrk in strcspn-c.c +- x86: Code cleanup in strchr-evex and comment justifying branch +- x86: Code cleanup in strchr-avx2 and comment justifying branch +- x86_64: Remove bcopy optimizations +- x86-64: Remove bzero weak alias in SS2 memset +- x86_64/multiarch: Sort sysdep_routines and put one entry per line +- x86: Improve L to support L(XXX_SYMBOL (YYY, ZZZ)) +- fortify: Ensure that __glibc_fortify condition is a constant [BZ #29141] + +* Thu May 12 2022 Florian Weimer - 2.34-33 +- Sync with upstream branch release/2.34/master, + commit 91c2e6c3db44297bf4cb3a2e3c40236c5b6a0b23: +- dlfcn: Implement the RTLD_DI_PHDR request type for dlinfo +- manual: Document the dlinfo function +- x86: Fix fallback for wcsncmp_avx2 in strcmp-avx2.S [BZ #28896] +- x86: Fix bug in strncmp-evex and strncmp-avx2 [BZ #28895] +- x86: Set .text section in memset-vec-unaligned-erms +- x86-64: Optimize bzero +- x86: Remove SSSE3 instruction for broadcast in memset.S (SSE2 Only) +- x86: Improve vec generation in memset-vec-unaligned-erms.S +- x86-64: Fix strcmp-evex.S +- x86-64: Fix strcmp-avx2.S +- x86: Optimize strcmp-evex.S +- x86: Optimize strcmp-avx2.S +- manual: Clarify that abbreviations of long options are allowed +- Add HWCAP2_AFP, HWCAP2_RPRES from Linux 5.17 to AArch64 bits/hwcap.h +- aarch64: Add HWCAP2_ECV from Linux 5.16 +- Add SOL_MPTCP, SOL_MCTP from Linux 5.16 to bits/socket.h +- Update kernel version to 5.17 in tst-mman-consts.py +- Update kernel version to 5.16 in tst-mman-consts.py +- Update syscall lists for Linux 5.17 +- Add ARPHRD_CAN, ARPHRD_MCTP to net/if_arp.h +- Update kernel version to 5.15 in tst-mman-consts.py +- Add PF_MCTP, AF_MCTP from Linux 5.15 to bits/socket.h + +* Thu Apr 28 2022 Carlos O'Donell - 2.34-32 +- Sync with upstream branch release/2.34/master, + commit c66c92181ddbd82306537a608e8c0282587131de: +- posix/glob.c: update from gnulib (BZ#25659) +- linux: Fix fchmodat with AT_SYMLINK_NOFOLLOW for 64 bit time_t (BZ#29097) + +* Wed Apr 27 2022 Carlos O'Donell - 2.34-31 +- Sync with upstream branch release/2.34/master, + commit 55640ed3fde48360a8e8083be4843bd2dc7cecfe: +- i386: Regenerate ulps +- linux: Fix missing internal 64 bit time_t stat usage +- x86: Optimize L(less_vec) case in memcmp-evex-movbe.S +- x86: Don't set Prefer_No_AVX512 for processors with AVX512 and AVX-VNNI +- x86-64: Use notl in EVEX strcmp [BZ #28646] +- x86: Shrink memcmp-sse4.S code size +- x86: Double size of ERMS rep_movsb_threshold in dl-cacheinfo.h +- x86: Optimize memmove-vec-unaligned-erms.S +- x86-64: Replace movzx with movzbl +- x86-64: Remove Prefer_AVX2_STRCMP +- x86-64: Improve EVEX strcmp with masked load +- x86: Replace sse2 instructions with avx in memcmp-evex-movbe.S +- x86: Optimize memset-vec-unaligned-erms.S +- x86: Optimize memcmp-evex-movbe.S for frontend behavior and size +- x86: Modify ENTRY in sysdep.h so that p2align can be specified +- x86-64: Optimize load of all bits set into ZMM register [BZ #28252] +- scripts/glibcelf.py: Mark as UNSUPPORTED on Python 3.5 and earlier +- dlfcn: Do not use rtld_active () to determine ld.so state (bug 29078) +- INSTALL: Rephrase -with-default-link documentation +- misc: Fix rare fortify crash on wchar funcs. [BZ 29030] +- Default to --with-default-link=no (bug 25812) +- scripts: Add glibcelf.py module + +* Thu Apr 21 2022 Carlos O'Donell - 2.34-30 +- Sync with upstream branch release/2.34/master, + commit 71326f1f2fd09dafb9c34404765fb88129e94237: +- nptl: Fix pthread_cancel cancelhandling atomic operations +- mips: Fix mips64n32 64 bit time_t stat support (BZ#29069) +- hurd: Fix arbitrary error code +- nptl: Handle spurious EINTR when thread cancellation is disabled (BZ#29029) +- S390: Add new s390 platform z16. +- NEWS: Update fixed bug list for LD_AUDIT backports. +- hppa: Fix bind-now audit (BZ #28857) +- elf: Replace tst-audit24bmod2.so with tst-audit24bmod2 +- Fix elf/tst-audit25a with default bind now toolchains +- elf: Fix runtime linker auditing on aarch64 (BZ #26643) +- elf: Issue la_symbind for bind-now (BZ #23734) +- elf: Fix initial-exec TLS access on audit modules (BZ #28096) +- elf: Add la_activity during application exit +- elf: Do not fail for failed dlmopen on audit modules (BZ #28061) +- elf: Issue audit la_objopen for vDSO +- elf: Add audit tests for modules with TLSDESC +- elf: Avoid unnecessary slowdown from profiling with audit (BZ#15533) +- elf: Add _dl_audit_pltexit +- elf: Add _dl_audit_pltenter +- elf: Add _dl_audit_preinit +- elf: Add _dl_audit_symbind_alt and _dl_audit_symbind +- elf: Add _dl_audit_objclose +- elf: Add _dl_audit_objsearch +- elf: Add _dl_audit_activity_map and _dl_audit_activity_nsid +- elf: Add _dl_audit_objopen +- elf: Move la_activity (LA_ACT_ADD) after _dl_add_to_namespace_list() (BZ #28062) +- elf: Move LAV_CURRENT to link_lavcurrent.h +- elf: Fix elf_get_dynamic_info() for bootstrap +- elf: Fix dynamic-link.h usage on rtld.c +- elf: Fix elf_get_dynamic_info definition +- elf: Avoid nested functions in the loader [BZ #27220] +- powerpc: Delete unneeded ELF_MACHINE_BEFORE_RTLD_RELOC +- hppa: Use END instead of PSEUDO_END in swapcontext.S +- hppa: Implement swapcontext in assembler (bug 28960) + +* Tue Mar 15 2022 Florian Weimer - 2.34-29 +- Sync with upstream branch release/2.34/master, + commit 224d8c1890b6c57c7e4e8ddbb792dd9552086704: +- debug: Synchronize feature guards in fortified functions [BZ #28746] +- debug: Autogenerate _FORTIFY_SOURCE tests +- Enable _FORTIFY_SOURCE=3 for gcc 12 and above +- fortify: Fix spurious warning with realpath +- __glibc_unsafe_len: Fix comment +- debug: Add tests for _FORTIFY_SOURCE=3 +- Make sure that the fortified function conditionals are constant +- Don't add access size hints to fortifiable functions +- nss: Protect against errno changes in function lookup (bug 28953) +- nss: Do not mention NSS test modules in +- io: Add fsync call in tst-stat +- hppa: Fix warnings from _dl_lookup_address +- nptl: Fix cleanups for stack grows up [BZ# 28899] +- hppa: Revise gettext trampoline design +- hppa: Fix swapcontext +- Fix elf/tst-audit2 on hppa +- localedef: Handle symbolic links when generating locale-archive +- NEWS: Add a bug fix entry for BZ #28896 +- x86: Fix TEST_NAME to make it a string in tst-strncmp-rtm.c +- x86: Test wcscmp RTM in the wcsncmp overflow case [BZ #28896] +- x86: Fallback {str|wcs}cmp RTM in the ncmp overflow case [BZ #28896] +- string: Add a testcase for wcsncmp with SIZE_MAX [BZ #28755] +- linux: fix accuracy of get_nprocs and get_nprocs_conf [BZ #28865] +- Add reference to BZ#28860 on NEWS +- linux: Fix missing __convert_scm_timestamps (BZ #28860) + +* Tue Mar 08 2022 Arjun Shankar - 2.34-28 +- Reduce installed size of some langpacks by de-duplicating LC_CTYPE (#2054789) +- Fix localedef so it can handle symbolic links when generating locale-archive. +- Drop glibc-fedora-localedef.patch and adjust locale installation + accordingly so that installed content remains unchanged. + +* Mon Feb 28 2022 Florian Weimer - 2.34-27 +- Fix regression (ldd crash) during dependency sorting in ld.so (#2058230) + +* Mon Feb 28 2022 Florian Weimer - 2.34-26 +- Fix localedef compilation of C.UTF-8 (empty LC_MONETARY keywords) (#2058224) + +* Thu Feb 03 2022 Florian Weimer - 2.34-25 +- Sync with upstream branch release/2.34/master, + commit 6eaf10cbb78d22eae7999d9de55f6b93999e0860: +- socket: Do not use AF_NETLINK in __opensock +- hurd if_index: Explicitly use AF_INET for if index discovery +- Linux: Simplify __opensock and fix race condition [BZ #28353] +- linux: __get_nprocs_sched: do not feed CPU_COUNT_S with garbage [BZ #28850] + +* Tue Feb 01 2022 Florian Weimer - 2.34-24 +- Sync with upstream branch release/2.34/master, + commit 008003dc6e83439c5e04a744b7fd8197df19096e: +- tst-socket-timestamp-compat.c: Check __TIMESIZE [BZ #28837] +- Linux: Only generate 64 bit timestamps for 64 bit time_t recvmsg/recvmmsg +- linux: Fix ancillary 64-bit time timestamp conversion (BZ #28349, BZ#28350) +- support: Add support_socket_so_timestamp_time64 + +* Tue Feb 01 2022 Florian Weimer - 2.34-23 +- Align with glibc 2.35 version of C.UTF-8 + +* Tue Feb 01 2022 Florian Weimer - 2.34-22 +- Sync with upstream branch release/2.34/master, + commit aa601d024424c40ae9a69b0c4e394a70ea0570c8: +- x86: Use CHECK_FEATURE_PRESENT to check HLE [BZ #27398] +- x86: Filter out more Intel CPUs for TSX [BZ #27398] +- Fix glibc 2.34 ABI omission (missing GLIBC_2.34 in dynamic loader) +- x86: Fix __wcsncmp_evex in strcmp-evex.S [BZ# 28755] +- x86: Fix __wcsncmp_avx2 in strcmp-avx2.S [BZ# 28755] + +* Mon Jan 24 2022 Florian Weimer - 2.34-21 +- Sync with upstream branch release/2.34/master, + commit 3438bbca90895d32825a52e31a77dc44d273c1c1: +- Linux: Detect user namespace support in io/tst-getcwd-smallbuff +- realpath: Avoid overwriting preexisting error +- CVE-2021-3999: getcwd: Set errno to ERANGE for size == 1 +- tst-realpath-toolong: Fix hurd build +- CVE-2021-3998: realpath: ENAMETOOLONG for result larger than PATH_MAX +- stdlib: Fix formatting of tests list in Makefile +- stdlib: Sort tests in Makefile +- support: Add helpers to create paths longer than PATH_MAX +- powerpc: Fix unrecognized instruction errors with recent binutils +- x86: use default cache size if it cannot be determined [BZ #28784] +- CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bug 28768) +- sunrpc: Test case for clnt_create "unix" buffer overflow (bug 22542) +- CVE-2022-23219: Buffer overflow in sunrpc clnt_create for "unix" (bug 22542) +- socket: Add the __sockaddr_un_set function +- Disable debuginfod in printer tests [BZ #28757] +- Update syscall lists for Linux 5.16 + +glibc| +* Wed Jan 24 2024 Patsy Griffin - 2.34-100 +- manual: fix order of arguments of memalign and aligned_alloc (RHEL-21556) + +* Tue Jan 09 2024 Arjun Shankar - 2.34-99 +- getaddrinfo: Return correct error EAI_MEMORY when out-of-memory (RHEL-19444) + +* Mon Jan 08 2024 Arjun Shankar - 2.34-98 +- getaddrinfo: Fix occasionally empty result due to nscd cache order (RHEL-16643) + +* Tue Jan 02 2024 Florian Weimer - 2.34-97 +- Re-enable output buffering for wide stdio streams (RHEL-19862) + +* Thu Dec 21 2023 Carlos O'Donell - 2.34-96 +- Fix TLS corruption during dlopen()/dlclose() sequences (RHEL-17465) + +* Fri Dec 08 2023 Florian Weimer - 2.34-95 +- Improve compatibility between underlinking and IFUNC resolvers (RHEL-17319) + +* Thu Dec 07 2023 Patsy Griffin - 2.34-94 +- Update syscall-names.list for Linux 6.6. (RHEL-16016) + +* Wed Dec 06 2023 Patsy Griffin - 2.34-93 +- malloc: Use __get_nprocs on arena_get2. (RHEL-17157) + +* Fri Dec 01 2023 Patsy Griffin - 2.34-92 +- Improve test coverage for wcsdup, strdup and strndup. (RHEL-15343) + +* Fri Nov 24 2023 Florian Weimer - 2.34-91 +- fstat performance enhancement (RHEL-2338) + +* Tue Nov 21 2023 Florian Weimer - 2.34-90 +- ldconfig should skip temporary files created by RPM (RHEL-14383) + +* Mon Nov 20 2023 Florian Weimer - 2.34-89 +- Fix force-first handling in dlclose (RHEL-2491) + +* Wed Nov 15 2023 Arjun Shankar - 2.34-88 +- nscd: Refer to /run instead of /var/run in systemd socket file + (RHEL-16275) + +* Fri Nov 10 2023 Florian Weimer - 2.34-87 +- Fix slow tls access after dlopen (RHEL-2123) + +* Tue Oct 24 2023 Arjun Shankar - 2.34-86 +- Add /usr/share/doc/glibc/gai.conf to glibc-doc (RHEL-14545) + +* Fri Oct 20 2023 Florian Weimer - 2.34-85 +- nscd: Skip unusable entries in first pass in prune_cache (RHEL-3397) + +* Mon Oct 09 2023 Florian Weimer - 2.34-84 +- x86-64: Report non-zero cache sizes under TDX hypervisors (RHEL-1191) + +* Mon Sep 25 2023 Florian Weimer - 2.34-83.7 +- Fix memory leak regression in getaddrinfo (RHEL-2426) + +* Tue Sep 19 2023 Carlos O'Donell - 2.34-83.6 +- CVE-2023-4911 glibc: buffer overflow in ld.so leading to privilege escalation (RHEL-3000) + +* Tue Sep 19 2023 Florian Weimer - 2.34-83.5 +- Revert: Always call destructors in reverse constructor order (RHEL-2491) + +* Mon Sep 18 2023 Siddhesh Poyarekar - 2.34-83.4 +- CVE-2023-4806 glibc: potential use-after-free in getaddrinfo (RHEL-2426) + +* Fri Sep 15 2023 Siddhesh Poyarekar - 2.34-83.3 +- CVE-2023-4813: potential use-after-free in gaih_inet (RHEL-2438) + +* Fri Sep 15 2023 Carlos O'Donell - 2.34-83.2 +- CVE-2023-4527: Stack read overflow in getaddrinfo in no-aaaa mode (#2234716) + +* Thu Sep 14 2023 Carlos O'Donell - 2.34-83.1 +- Always call destructors in reverse constructor order (RHEL-2491) + +* Wed Sep 13 2023 DJ Delorie - 2.34-83 +- Add support for ppc64le hwcaps tunables (RHEL-1017) + +* Tue Aug 15 2023 Carlos O'Donell - 2.34-82 +- Fix string and memory function tuning on small systems (#2213907) + +* Mon Aug 14 2023 Florian Weimer - 2.34-81 +- Fix additional GCC 13 build issue (#2222188) + +* Fri Aug 11 2023 Florian Weimer - 2.34-80 +- Fix AMD cache size computation for hypervisors, old CPUs (#2166710) + +* Tue Aug 08 2023 DJ Delorie - 2.34-79 +- Fix temporal threshold calculations (#2213907) + +* Fri Aug 04 2023 Florian Weimer - 2.34-78 +- Ignore symbolic link change on /etc/nsswitch.conf (#2229156) + +* Fri Jul 28 2023 Florian Weimer - 2.34-77 +- Fix regression with IPv4 mapped addresses in /etc/hosts (#2224504) + +* Tue Jul 25 2023 Florian Weimer - 2.34-76 +- Fix accidentally disabled rseq test (#2224289) + +* Fri Jul 21 2023 Florian Weimer - 2.34-75 +- Make libSegFault.so NODELETE (#2224349) + +* Fri Jul 21 2023 Florian Weimer - 2.34-74 +- rseq_area should always be 32 bytes large (#2224289) + +* Thu Jul 20 2023 Florian Weimer - 2.34-73 +- GCC Toolset 13 C++ compatibility for iseqsig (#2222188) + +* Fri Jul 07 2023 Carlos O'Donell - 2.34-72 +- Update ESTALE error message translations (RHEL-729) + +* Fri Jul 07 2023 Carlos O'Donell - 2.34-71 +- Avoid lazy binding failures during dlclose (#2189923) + +* Mon Jun 26 2023 Arjun Shankar - 2.34-70 +- resolv_conf: release lock on allocation failure (#2213908) + +* Mon Jun 26 2023 Arjun Shankar - 2.34-69 +- strerror must not return NULL (#2215368) + +* Mon May 08 2023 DJ Delorie - 2.34-68 +- Switch to sysusers_ctl instead of useradd (#2095417) + +* Fri Apr 28 2023 Florian Weimer - 2.34-67 +- Sync with upstream branch release/2.34/master, + commit 0ea8174d62263c2679c95c0d215d2627e560f7aa: +- gmon: fix memory corruption issues [BZ# 30101] +- gmon: improve mcount overflow handling [BZ# 27576] +- gmon: Fix allocated buffer overflow (bug 29444) +- posix: Fix system blocks SIGCHLD erroneously [BZ #30163] +- x86_64: Fix asm constraints in feraiseexcept (bug 30305) +- gshadow: Matching sgetsgent, sgetsgent_r ERANGE handling (bug 30151) +- x86: Check minimum/maximum of non_temporal_threshold [BZ #29953] + +* Thu Apr 20 2023 Patsy Griffin - 2.34-66 +- x86: Cache computation for AMD architecture. (#2166710) + +* Fri Apr 14 2023 Florian Weimer - 2.34-65 +- Do not add = to linker scripts in sysroot (#2153855) + +* Thu Apr 06 2023 DJ Delorie - 2.34-64 +- x86: Use CHECK_FEATURE_PRESENT on PCONFIG (#2149615) + +* Thu Mar 30 2023 Arjun Shankar - 2.34-63 +- s390x: Influence hwcaps/stfle via glibc.cpu.hwcaps tunable (#2169978) + +* Wed Mar 29 2023 DJ Delorie - 2.34-62 +- x86: Don't check PREFETCHWT1 in tst-cpu-features-cpuinfo.c (#2149615) + +* Mon Mar 06 2023 Carlos O'Donell - 2.34-61 +- Fix nested atexit calls from atexit handlers (#2172953) + +* Wed Feb 08 2023 Florian Weimer - 2.34-60 +- Upstream test for ldconfig -p (#2167811) + +* Wed Feb 08 2023 Florian Weimer - 2.34-59 +- Fix ldconfig -p on i686 (#2167811) + +* Wed Jan 25 2023 Florian Weimer - 2.34-58 +- Enhance internal tunables ABI stability (awk iteration order) (#2162962) + +* Tue Jan 17 2023 Florian Weimer - 2.34-57 +- Sync with upstream branch release/2.34/master, + commit 6484ae5b8c4d4314f748e4d3c9a9baa5385e57c5 +- malloc: Fix -Wuse-after-free warning in tst-mallocalign1 [BZ #26779] +- s_sincosf.h: Change pio4 type to float [BZ #28713] +- math: Properly cast X_TLOSS to float [BZ #28713] +- Regenerate ulps on x86_64 with GCC 12 +- Avoid -Wuse-after-free in tests [BZ #26779]. +- Fix build of nptl/tst-thread_local1.cc with GCC 12 +- Fix stdio-common tests for GCC 12 -Waddress +- Fix stdlib/tst-setcontext.c for GCC 12 -Warray-compare +- resolv: Avoid GCC 12 false positive warning [BZ #28439]. +- intl: Avoid -Wuse-after-free [BZ #26779] +- elf: Drop elf/tls-macros.h in favor of __thread and tls_model attributes [BZ #28152] [BZ #28205] +- time: Set daylight to 1 for matching DST/offset change (RHBZ#2155352) +- elf/tst-tlsopt-powerpc fails when compiled with -mcpu=power10 (BZ# 29776) +- time: Use 64 bit time on tzfile +- nscd: Use 64 bit time_t on libc nscd routines (BZ# 29402) +- nis: Build libnsl with 64 bit time_t +- Use LFS and 64 bit time for installed programs (BZ #15333) + +* Mon Dec 12 2022 Tulio Magno Quites Machado Filho - 2.34-56 +- Earlier removal of alternative multilibs (#2149994) + +* Mon Dec 12 2022 Tulio Magno Quites Machado Filho - 2.34-55 +- Earlier removal of alternative multilibs (#2149994) + +* Mon Dec 12 2022 Florian Weimer - 2.34-54 +- Install kernel header files into the sysroot subpackage (#2149644) + +* Wed Dec 07 2022 Arjun Shankar - 2.34-53 +- Sync with upstream branch release/2.34/master, + commit a4217408a3d6050a7f42ac23adb6ac7218dca85f: +- Apply asm redirections in syslog.h before first use [BZ #27087] +- _Static_assert needs two arguments for compatibility with GCC before 9 + +* Wed Nov 30 2022 Florian Weimer - 2.34-52 +- Add noarch sysroot subpackages (#2149644) + +* Tue Nov 29 2022 Florian Weimer - 2.34-51 +- Prepare for integration of GCC 8 compatible _Static_assert (#2149102) + +* Fri Nov 25 2022 Arjun Shankar - 2.34-50 +- Sync with upstream branch release/2.34/master, + commit 405b8ae13540e9fd614df614e3361ebf9abd14cf: +- elf: Fix wrong fscanf usage on tst-pldd +- Allow for unpriviledged nested containers +- elf: Fix wrong fscanf usage on tst-pldd +- x86: Fix wcsnlen-avx2 page cross length comparison [BZ #29591] +- elf: Fix rtld-audit trampoline for aarch64 + +* Mon Nov 14 2022 Arjun Shankar - 2.34-49 +- Sync with upstream branch release/2.34/master, + commit: 75b0edb7ef338084e53925139ae81fb0dfc07dd4: +- Update NEWS file in the right place +- Linux: Support __IPC_64 in sysvctl *ctl command arguments (bug 29771) +- io: Fix use-after-free in ftw [BZ #26779] +- io: Fix ftw internal realloc buffer (BZ #28126) +- regex: fix buffer read overrun in search [BZ#28470] +- regex: copy back from Gnulib +- Allow #pragma GCC in headers in conformtest +- Fix memmove call in vfprintf-internal.c:group_number +- mktime: improve heuristic for ca-1986 Indiana DST +- Makerules: fix MAKEFLAGS assignment for upcoming make-4.4 [BZ# 29564] +- linux: Fix generic struct_stat for 64 bit time (BZ# 29657) +- elf: Do not completely clear reused namespace in dlmopen (bug 29600) +- nss: Use shared prefix in IPv4 address in tst-reload1 +- nss: Fix tst-nss-files-hosts-long on single-stack hosts (bug 24816) +- nss: Implement --no-addrconfig option for getent + +* Thu Oct 13 2022 Arjun Shankar - 2.34-48 +- Handle non-hostname CNAME aliases during name resolution (#2129005) +- Sync with upstream branch release/2.34/master, + commit e3976287b22422787f3cc6fc9adda58304b55bd9: +- nscd: Drop local address tuple variable [BZ #29607] +- x86-64: Require BMI1/BMI2 for AVX2 strrchr and wcsrchr implementations +- x86-64: Require BMI2 and LZCNT for AVX2 memrchr implementation +- x86-64: Require BMI2 for AVX2 (raw|w)memchr implementations +- x86-64: Require BMI2 for AVX2 wcs(n)cmp implementations +- x86-64: Require BMI2 for AVX2 strncmp implementation +- x86-64: Require BMI2 for AVX2 strcmp implementation +- x86-64: Require BMI2 for AVX2 str(n)casecmp implementations +- x86: include BMI1 and BMI2 in x86-64-v3 level +- nptl: Add backoff mechanism to spinlock loop +- sysdeps: Add 'get_fast_jitter' interace in fast-jitter.h +- nptl: Effectively skip CAS in spinlock loop +- Move assignment out of the CAS condition +- Add LLL_MUTEX_READ_LOCK [BZ #28537] +- Avoid extra load with CAS in __pthread_mutex_clocklock_common [BZ #28537] +- Avoid extra load with CAS in __pthread_mutex_lock_full [BZ #28537] +- resolv: Fix building tst-resolv-invalid-cname for earlier C standards +- nss_dns: Rewrite _nss_dns_gethostbyname4_r using current interfaces +- resolv: Add new tst-resolv-invalid-cname +- nss_dns: In gaih_getanswer_slice, skip strange aliases (bug 12154) + (#2129005) +- nss_dns: Rewrite getanswer_r to match getanswer_ptr (bug 12154, bug 29305) +- nss_dns: Remove remnants of IPv6 address mapping +- nss_dns: Rewrite _nss_dns_gethostbyaddr2_r and getanswer_ptr +- nss_dns: Split getanswer_ptr from getanswer_r +- resolv: Add DNS packet parsing helpers geared towards wire format +- resolv: Add internal __ns_name_length_uncompressed function +- resolv: Add the __ns_samebinaryname function +- resolv: Add internal __res_binary_hnok function +- resolv: Add tst-resolv-aliases +- resolv: Add tst-resolv-byaddr for testing reverse lookup +- gconv: Use 64-bit interfaces in gconv_parseconfdir (bug 29583) +- elf: Fix hwcaps string size overestimation +- nscd: Fix netlink cache invalidation if epoll is used [BZ #29415] +- Apply asm redirections in wchar.h before first use +- Apply asm redirections in stdio.h before first use [BZ #27087] +- elf: Call __libc_early_init for reused namespaces (bug 29528) + +* Tue Oct 11 2022 Florian Weimer - 2.34-47 +- Simplify the glibc system call profile (#2117712) + +* Tue Oct 11 2022 Florian Weimer - 2.34-46 +- DSO dependency sort must put new map first even if in cycle (#2128615) + +* Tue Oct 11 2022 Florian Weimer - 2.34-45 +- Run tst-audit-tlsdesc{,-dlopen} on all architectures (#2118666) + +* Thu Oct 06 2022 Arjun Shankar - 2.34-44 +- wrap-find-debuginfo.sh: Use nm --format=posix instead of --format=just-symbols + +* Mon Oct 03 2022 Arjun Shankar - 2.34-43 +- Remove .annobin* symbols from ld.so (#2126477) + +* Tue Sep 06 2022 Arjun Shankar - 2.34-42 +- Co-Authored-By: Benjamin Herrenschmidt +- Retain .gnu_debuglink section in libc.so.6 (#2090744) +- Remove redundant ld.so debuginfo file (#2090744) + +* Tue Aug 23 2022 Arjun Shankar - 2.34-41 +- Sync with upstream branch release/2.34/master, + commit 68507377f249d165f1f35502d96e9365edb07d9a: +- socket: Check lengths before advancing pointer in CMSG_NXTHDR +- alpha: Fix generic brk system call emulation in __brk_call (bug 29490) +- stdlib: Fixup mbstowcs NULL __dst handling. [BZ #29279] +- stdlib: Remove attr_write from mbstows if dst is NULL [BZ: 29265] +- Update syscall lists for Linux 5.19 +- dlfcn: Pass caller pointer to static dlopen implementation (bug 29446) + +* Fri Jul 22 2022 Arjun Shankar - 2.34-40 +- Sync with upstream branch release/2.34/master, + commit b2f32e746492615a6eb3e66fac1e766e32e8deb1: +- malloc: Simplify implementation of __malloc_assert +- Update syscall-names.list for Linux 5.18 +- x86: Add missing IS_IN (libc) check to strncmp-sse4_2.S +- x86: Move mem{p}{mov|cpy}_{chk_}erms to its own file +- x86: Move and slightly improve memset_erms +- x86: Add definition for __wmemset_chk AVX2 RTM in ifunc impl list +- x86: Put wcs{n}len-sse4.1 in the sse4.1 text section +- x86: Align entry for memrchr to 64-bytes. +- x86: Add BMI1/BMI2 checks for ISA_V3 check +- x86: Cleanup bounds checking in large memcpy case +- x86: Add bounds `x86_non_temporal_threshold` +- x86: Add sse42 implementation to strcmp's ifunc +- x86: Fix misordered logic for setting `rep_movsb_stop_threshold` +- x86: Align varshift table to 32-bytes +- x86: ZERO_UPPER_VEC_REGISTERS_RETURN_XTEST expect no transactions +- x86: Shrink code size of memchr-evex.S +- x86: Shrink code size of memchr-avx2.S +- x86: Optimize memrchr-avx2.S +- x86: Optimize memrchr-evex.S +- x86: Optimize memrchr-sse2.S +- x86: Add COND_VZEROUPPER that can replace vzeroupper if no `ret` +- x86: Create header for VEC classes in x86 strings library +- x86_64: Add strstr function with 512-bit EVEX +- x86-64: Ignore r_addend for R_X86_64_GLOB_DAT/R_X86_64_JUMP_SLOT +- x86_64: Implement evex512 version of strlen, strnlen, wcslen and wcsnlen +- x86_64: Remove bzero optimization +- x86_64: Remove end of line trailing spaces +- nptl: Fix ___pthread_unregister_cancel_restore asynchronous restore +- linux: Fix mq_timereceive check for 32 bit fallback code (BZ 29304) + +* Fri Jun 24 2022 Florian Weimer - 2.34-39 +- Add the no-aaaa DNS stub resolver option (#2096191) + +* Tue Jun 14 2022 Arjun Shankar - 2.34-38 +- Sync with upstream branch release/2.34/master, + commit 94ab2088c37d8e4285354af120b7ed6b887b9e53: +- nss: handle stat failure in check_reload_and_get (BZ #28752) +- nss: add assert to DB_LOOKUP_FCT (BZ #28752) +- nios2: Remove _dl_skip_args usage (BZ# 29187) +- hppa: Remove _dl_skip_args usage (BZ# 29165) +- nptl: Fix __libc_cleanup_pop_restore asynchronous restore (BZ#29214) + +* Wed Jun 08 2022 Florian Weimer - 2.34-37 +- Enable rseq by default and add GLIBC_2.35 rseq symbols (#2085529) + +* Wed Jun 08 2022 Florian Weimer - 2.34-36 +- Sync with upstream branch release/2.34/master, + commit 4c92a1041257c0155c6aa7a182fe5f78e477b0e6: +- powerpc: Fix VSX register number on __strncpy_power9 [BZ #29197] +- socket: Fix mistyped define statement in socket/sys/socket.h (BZ #29225) +- iconv: Use 64 bit stat for gconv_parseconfdir (BZ# 29213) +- catgets: Use 64 bit stat for __open_catalog (BZ# 29211) +- inet: Use 64 bit stat for ruserpass (BZ# 29210) +- socket: Use 64 bit stat for isfdtype (BZ# 29209) +- posix: Use 64 bit stat for fpathconf (_PC_ASYNC_IO) (BZ# 29208) +- posix: Use 64 bit stat for posix_fallocate fallback (BZ# 29207) +- misc: Use 64 bit stat for getusershell (BZ# 29204) +- misc: Use 64 bit stat for daemon (BZ# 29203) + +* Tue May 31 2022 Arjun Shankar - 2.34-35 +- Sync with upstream branch release/2.34/master, + commit ff450cdbdee0b8cb6b9d653d6d2fa892de29be31: +- Fix deadlock when pthread_atfork handler calls pthread_atfork or dlclose +- x86: Fallback {str|wcs}cmp RTM in the ncmp overflow case [BZ #29127] +- string.h: fix __fortified_attr_access macro call [BZ #29162] +- linux: Add a getauxval test [BZ #23293] +- rtld: Use generic argv adjustment in ld.so [BZ #23293] +- S390: Enable static PIE + +* Thu May 19 2022 Florian Weimer - 2.34-34 +- Sync with upstream branch release/2.34/master, + commit ede8d94d154157d269b18f3601440ac576c1f96a: +- csu: Implement and use _dl_early_allocate during static startup +- Linux: Introduce __brk_call for invoking the brk system call +- Linux: Implement a useful version of _startup_fatal +- ia64: Always define IA64_USE_NEW_STUB as a flag macro +- Linux: Define MMAP_CALL_INTERNAL +- i386: Honor I386_USE_SYSENTER for 6-argument Linux system calls +- i386: Remove OPTIMIZE_FOR_GCC_5 from Linux libc-do-syscall.S +- elf: Remove __libc_init_secure +- Linux: Consolidate auxiliary vector parsing (redo) +- Linux: Include in dl-sysdep.c only for SHARED +- Revert "Linux: Consolidate auxiliary vector parsing" +- Linux: Consolidate auxiliary vector parsing +- Linux: Assume that NEED_DL_SYSINFO_DSO is always defined +- Linux: Remove DL_FIND_ARG_COMPONENTS +- Linux: Remove HAVE_AUX_SECURE, HAVE_AUX_XID, HAVE_AUX_PAGESIZE +- elf: Merge dl-sysdep.c into the Linux version +- elf: Remove unused NEED_DL_BASE_ADDR and _dl_base_addr +- x86: Optimize {str|wcs}rchr-evex +- x86: Optimize {str|wcs}rchr-avx2 +- x86: Optimize {str|wcs}rchr-sse2 +- x86: Cleanup page cross code in memcmp-avx2-movbe.S +- x86: Remove memcmp-sse4.S +- x86: Small improvements for wcslen +- x86: Remove AVX str{n}casecmp +- x86: Add EVEX optimized str{n}casecmp +- x86: Add AVX2 optimized str{n}casecmp +- x86: Optimize str{n}casecmp TOLOWER logic in strcmp-sse42.S +- x86: Optimize str{n}casecmp TOLOWER logic in strcmp.S +- x86: Remove strspn-sse2.S and use the generic implementation +- x86: Remove strpbrk-sse2.S and use the generic implementation +- x86: Remove strcspn-sse2.S and use the generic implementation +- x86: Optimize strspn in strspn-c.c +- x86: Optimize strcspn and strpbrk in strcspn-c.c +- x86: Code cleanup in strchr-evex and comment justifying branch +- x86: Code cleanup in strchr-avx2 and comment justifying branch +- x86_64: Remove bcopy optimizations +- x86-64: Remove bzero weak alias in SS2 memset +- x86_64/multiarch: Sort sysdep_routines and put one entry per line +- x86: Improve L to support L(XXX_SYMBOL (YYY, ZZZ)) +- fortify: Ensure that __glibc_fortify condition is a constant [BZ #29141] + +* Thu May 12 2022 Florian Weimer - 2.34-33 +- Sync with upstream branch release/2.34/master, + commit 91c2e6c3db44297bf4cb3a2e3c40236c5b6a0b23: +- dlfcn: Implement the RTLD_DI_PHDR request type for dlinfo +- manual: Document the dlinfo function +- x86: Fix fallback for wcsncmp_avx2 in strcmp-avx2.S [BZ #28896] +- x86: Fix bug in strncmp-evex and strncmp-avx2 [BZ #28895] +- x86: Set .text section in memset-vec-unaligned-erms +- x86-64: Optimize bzero +- x86: Remove SSSE3 instruction for broadcast in memset.S (SSE2 Only) +- x86: Improve vec generation in memset-vec-unaligned-erms.S +- x86-64: Fix strcmp-evex.S +- x86-64: Fix strcmp-avx2.S +- x86: Optimize strcmp-evex.S +- x86: Optimize strcmp-avx2.S +- manual: Clarify that abbreviations of long options are allowed +- Add HWCAP2_AFP, HWCAP2_RPRES from Linux 5.17 to AArch64 bits/hwcap.h +- aarch64: Add HWCAP2_ECV from Linux 5.16 +- Add SOL_MPTCP, SOL_MCTP from Linux 5.16 to bits/socket.h +- Update kernel version to 5.17 in tst-mman-consts.py +- Update kernel version to 5.16 in tst-mman-consts.py +- Update syscall lists for Linux 5.17 +- Add ARPHRD_CAN, ARPHRD_MCTP to net/if_arp.h +- Update kernel version to 5.15 in tst-mman-consts.py +- Add PF_MCTP, AF_MCTP from Linux 5.15 to bits/socket.h + +* Thu Apr 28 2022 Carlos O'Donell - 2.34-32 +- Sync with upstream branch release/2.34/master, + commit c66c92181ddbd82306537a608e8c0282587131de: +- posix/glob.c: update from gnulib (BZ#25659) +- linux: Fix fchmodat with AT_SYMLINK_NOFOLLOW for 64 bit time_t (BZ#29097) + +* Wed Apr 27 2022 Carlos O'Donell - 2.34-31 +- Sync with upstream branch release/2.34/master, + commit 55640ed3fde48360a8e8083be4843bd2dc7cecfe: +- i386: Regenerate ulps +- linux: Fix missing internal 64 bit time_t stat usage +- x86: Optimize L(less_vec) case in memcmp-evex-movbe.S +- x86: Don't set Prefer_No_AVX512 for processors with AVX512 and AVX-VNNI +- x86-64: Use notl in EVEX strcmp [BZ #28646] +- x86: Shrink memcmp-sse4.S code size +- x86: Double size of ERMS rep_movsb_threshold in dl-cacheinfo.h +- x86: Optimize memmove-vec-unaligned-erms.S +- x86-64: Replace movzx with movzbl +- x86-64: Remove Prefer_AVX2_STRCMP +- x86-64: Improve EVEX strcmp with masked load +- x86: Replace sse2 instructions with avx in memcmp-evex-movbe.S +- x86: Optimize memset-vec-unaligned-erms.S +- x86: Optimize memcmp-evex-movbe.S for frontend behavior and size +- x86: Modify ENTRY in sysdep.h so that p2align can be specified +- x86-64: Optimize load of all bits set into ZMM register [BZ #28252] +- scripts/glibcelf.py: Mark as UNSUPPORTED on Python 3.5 and earlier +- dlfcn: Do not use rtld_active () to determine ld.so state (bug 29078) +- INSTALL: Rephrase -with-default-link documentation +- misc: Fix rare fortify crash on wchar funcs. [BZ 29030] +- Default to --with-default-link=no (bug 25812) +- scripts: Add glibcelf.py module + +* Thu Apr 21 2022 Carlos O'Donell - 2.34-30 +- Sync with upstream branch release/2.34/master, + commit 71326f1f2fd09dafb9c34404765fb88129e94237: +- nptl: Fix pthread_cancel cancelhandling atomic operations +- mips: Fix mips64n32 64 bit time_t stat support (BZ#29069) +- hurd: Fix arbitrary error code +- nptl: Handle spurious EINTR when thread cancellation is disabled (BZ#29029) +- S390: Add new s390 platform z16. +- NEWS: Update fixed bug list for LD_AUDIT backports. +- hppa: Fix bind-now audit (BZ #28857) +- elf: Replace tst-audit24bmod2.so with tst-audit24bmod2 +- Fix elf/tst-audit25a with default bind now toolchains +- elf: Fix runtime linker auditing on aarch64 (BZ #26643) +- elf: Issue la_symbind for bind-now (BZ #23734) +- elf: Fix initial-exec TLS access on audit modules (BZ #28096) +- elf: Add la_activity during application exit +- elf: Do not fail for failed dlmopen on audit modules (BZ #28061) +- elf: Issue audit la_objopen for vDSO +- elf: Add audit tests for modules with TLSDESC +- elf: Avoid unnecessary slowdown from profiling with audit (BZ#15533) +- elf: Add _dl_audit_pltexit +- elf: Add _dl_audit_pltenter +- elf: Add _dl_audit_preinit +- elf: Add _dl_audit_symbind_alt and _dl_audit_symbind +- elf: Add _dl_audit_objclose +- elf: Add _dl_audit_objsearch +- elf: Add _dl_audit_activity_map and _dl_audit_activity_nsid +- elf: Add _dl_audit_objopen +- elf: Move la_activity (LA_ACT_ADD) after _dl_add_to_namespace_list() (BZ #28062) +- elf: Move LAV_CURRENT to link_lavcurrent.h +- elf: Fix elf_get_dynamic_info() for bootstrap +- elf: Fix dynamic-link.h usage on rtld.c +- elf: Fix elf_get_dynamic_info definition +- elf: Avoid nested functions in the loader [BZ #27220] +- powerpc: Delete unneeded ELF_MACHINE_BEFORE_RTLD_RELOC +- hppa: Use END instead of PSEUDO_END in swapcontext.S +- hppa: Implement swapcontext in assembler (bug 28960) + +* Tue Mar 15 2022 Florian Weimer - 2.34-29 +- Sync with upstream branch release/2.34/master, + commit 224d8c1890b6c57c7e4e8ddbb792dd9552086704: +- debug: Synchronize feature guards in fortified functions [BZ #28746] +- debug: Autogenerate _FORTIFY_SOURCE tests +- Enable _FORTIFY_SOURCE=3 for gcc 12 and above +- fortify: Fix spurious warning with realpath +- __glibc_unsafe_len: Fix comment +- debug: Add tests for _FORTIFY_SOURCE=3 +- Make sure that the fortified function conditionals are constant +- Don't add access size hints to fortifiable functions +- nss: Protect against errno changes in function lookup (bug 28953) +- nss: Do not mention NSS test modules in +- io: Add fsync call in tst-stat +- hppa: Fix warnings from _dl_lookup_address +- nptl: Fix cleanups for stack grows up [BZ# 28899] +- hppa: Revise gettext trampoline design +- hppa: Fix swapcontext +- Fix elf/tst-audit2 on hppa +- localedef: Handle symbolic links when generating locale-archive +- NEWS: Add a bug fix entry for BZ #28896 +- x86: Fix TEST_NAME to make it a string in tst-strncmp-rtm.c +- x86: Test wcscmp RTM in the wcsncmp overflow case [BZ #28896] +- x86: Fallback {str|wcs}cmp RTM in the ncmp overflow case [BZ #28896] +- string: Add a testcase for wcsncmp with SIZE_MAX [BZ #28755] +- linux: fix accuracy of get_nprocs and get_nprocs_conf [BZ #28865] +- Add reference to BZ#28860 on NEWS +- linux: Fix missing __convert_scm_timestamps (BZ #28860) + +* Tue Mar 08 2022 Arjun Shankar - 2.34-28 +- Reduce installed size of some langpacks by de-duplicating LC_CTYPE (#2054789) +- Fix localedef so it can handle symbolic links when generating locale-archive. +- Drop glibc-fedora-localedef.patch and adjust locale installation + accordingly so that installed content remains unchanged. + +* Mon Feb 28 2022 Florian Weimer - 2.34-27 +- Fix regression (ldd crash) during dependency sorting in ld.so (#2058230) + +* Mon Feb 28 2022 Florian Weimer - 2.34-26 +- Fix localedef compilation of C.UTF-8 (empty LC_MONETARY keywords) (#2058224) + +* Thu Feb 03 2022 Florian Weimer - 2.34-25 +- Sync with upstream branch release/2.34/master, + commit 6eaf10cbb78d22eae7999d9de55f6b93999e0860: +- socket: Do not use AF_NETLINK in __opensock +- hurd if_index: Explicitly use AF_INET for if index discovery +- Linux: Simplify __opensock and fix race condition [BZ #28353] +- linux: __get_nprocs_sched: do not feed CPU_COUNT_S with garbage [BZ #28850] + +* Tue Feb 01 2022 Florian Weimer - 2.34-24 +- Sync with upstream branch release/2.34/master, + commit 008003dc6e83439c5e04a744b7fd8197df19096e: +- tst-socket-timestamp-compat.c: Check __TIMESIZE [BZ #28837] +- Linux: Only generate 64 bit timestamps for 64 bit time_t recvmsg/recvmmsg +- linux: Fix ancillary 64-bit time timestamp conversion (BZ #28349, BZ#28350) +- support: Add support_socket_so_timestamp_time64 + +* Tue Feb 01 2022 Florian Weimer - 2.34-23 +- Align with glibc 2.35 version of C.UTF-8 + +* Tue Feb 01 2022 Florian Weimer - 2.34-22 +- Sync with upstream branch release/2.34/master, + commit aa601d024424c40ae9a69b0c4e394a70ea0570c8: +- x86: Use CHECK_FEATURE_PRESENT to check HLE [BZ #27398] +- x86: Filter out more Intel CPUs for TSX [BZ #27398] +- Fix glibc 2.34 ABI omission (missing GLIBC_2.34 in dynamic loader) +- x86: Fix __wcsncmp_evex in strcmp-evex.S [BZ# 28755] +- x86: Fix __wcsncmp_avx2 in strcmp-avx2.S [BZ# 28755] + +* Mon Jan 24 2022 Florian Weimer - 2.34-21 +- Sync with upstream branch release/2.34/master, + commit 3438bbca90895d32825a52e31a77dc44d273c1c1: +- Linux: Detect user namespace support in io/tst-getcwd-smallbuff +- realpath: Avoid overwriting preexisting error +- CVE-2021-3999: getcwd: Set errno to ERANGE for size == 1 +- tst-realpath-toolong: Fix hurd build +- CVE-2021-3998: realpath: ENAMETOOLONG for result larger than PATH_MAX +- stdlib: Fix formatting of tests list in Makefile +- stdlib: Sort tests in Makefile +- support: Add helpers to create paths longer than PATH_MAX +- powerpc: Fix unrecognized instruction errors with recent binutils +- x86: use default cache size if it cannot be determined [BZ #28784] +- CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bug 28768) +- sunrpc: Test case for clnt_create "unix" buffer overflow (bug 22542) +- CVE-2022-23219: Buffer overflow in sunrpc clnt_create for "unix" (bug 22542) +- socket: Add the __sockaddr_un_set function +- Disable debuginfod in printer tests [BZ #28757] +- Update syscall lists for Linux 5.16 + +zlib| +* Thu May 04 2023 Lukas Javorsky - 1.2.11-40 +- Fix the Crash in zlib deflateBound() function on s390x +- Resolves: BZ#2193044 + +* Thu Feb 09 2023 Lukas Javorsky - 1.2.11-39 +- Fix covscan issue CWE-681 + +* Tue Feb 07 2023 Lukas Javorsky - 1.2.11-38 +- Resolve fuzzing issue for unknown memory access + +* Tue Feb 07 2023 Lukas Javorsky - 1.2.11-37 +- Rebased Power 8 optimization patches +- Fix for Unnecessary IFUNC resolver for crc32_z +- Fix for python3.11 broken libxml2 and lxml on s390x + +* Mon Dec 19 2022 Ilya Leoshkevich - 1.2.11-36 +- Inflate small window optimization for IBM z15 rhbz#2154775 + +* Wed Oct 12 2022 Ilya Leoshkevich - 1.2.11-35 +- Fix for IBM strm.adler rhbz#2134074 + +* Wed Aug 10 2022 Matej Mužila - 1.2.11-34 +- Fix heap-based buffer over-read or buffer overflow in inflate in inflate.c +- Resolves: CVE-2022-37434 + +* Mon Apr 25 2022 Matej Mužila - 1.2.11-33 +- Fix CVE-2018-25032 + Resolves: CVE-2018-25032 + +* Tue Mar 01 2022 Ilya Leoshkevich - 1.2.11-32 +- Fix for IBM compressBound() rhbz#2056899 + +* Tue Aug 10 2021 Mohan Boddu - 1.2.11-31 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Tue Jul 20 2021 Ondrej Dubaj - 1.2.11-30 +- Fix for IBM CRC32 optimalization rhbz#1959423 + +* Thu Jul 15 2021 Ondrej Dubaj - 1.2.11-29 +- Missing RPM_OPT_FLAGS in CFLAGS (#1972057) + +* Thu Jun 03 2021 Patrik Novotný - 1.2.11-28 +- IBM CRC32 optimalization rhbz#1959423 +- Enabled Z hardware-accelerated deflate for compression levels 1 through 6 (#1972057) + +bzip2-libs| +* Mon Aug 09 2021 Mohan Boddu - 1.0.8-8 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Thu Apr 15 2021 Mohan Boddu - 1.0.8-7 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Fri Jan 29 2021 Jakub Martisko - 1.0.8-6 +- Minor man pgae update (gzip/bzip2 differnces) + resolves: #1897104 + +* Tue Jan 26 2021 Fedora Release Engineering - 1.0.8-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Tue Jul 28 2020 Jakub Martisko - 1.0.8-4 +- Use make macros + +* Mon Jul 27 2020 Fedora Release Engineering - 1.0.8-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue Jan 28 2020 Fedora Release Engineering - 1.0.8-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +xz-libs| +* Tue May 31 2022 Matej Mužila - 5.2.5-8 +- Fix arbitrary file write vulnerability + Resolves: CVE-2022-1271 + +* Tue Aug 10 2021 Mohan Boddu - 5.2.5-7 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Fri Apr 16 2021 Mohan Boddu - 5.2.5-6 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Thu Jan 28 2021 Fedora Release Engineering - 5.2.5-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Mon Jan 04 2021 Ondrej Dubaj - 5.2.5-4 +- Enabled CET for i686 (#1910368) + +* Wed Jul 29 2020 Fedora Release Engineering - 5.2.5-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Mon Jun 08 2020 Richard W.M. Jones - 5.2.5-2 +- Fix location of German man pages (RHBZ#1844813). + +libgpg-error| +* Mon Dec 06 2021 Jakub Jelen - 1.42-5 +- Avoid using bad function inet_addr + +* Mon Aug 09 2021 Mohan Boddu - 1.42-4 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Fri Apr 16 2021 Mohan Boddu - 1.42-3 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Mon Apr 12 2021 Jakub Jelen - 1.42-2 +- Address coverity reported issues + +* Mon Mar 22 2021 Jakub Jelen - 1.42-1 +- New upstream release (#1941582) + +* Tue Jan 26 2021 Fedora Release Engineering - 1.41-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Mon Jan 04 2021 Jakub Jelen - 1.41-1 +- New upstream release (#1909749) + +* Tue Dec 01 2020 Jakub Jelen - 1.39-1 +- New upstream release (#1800640) + +* Tue Jul 28 2020 Fedora Release Engineering - 1.37-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Fri Feb 28 2020 Tomáš Mráz 1.37-1 +- new upstream release 1.37 + +* Wed Jan 29 2020 Fedora Release Engineering - 1.36-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +libxcrypt| +* Mon Aug 09 2021 Mohan Boddu - 4.4.18-3 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Fri Apr 16 2021 Mohan Boddu - 4.4.18-2 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Sat Feb 20 2021 Björn Esser - 4.4.18-1 +- New upstream release +- Add explicit BR: perl-core + +* Tue Jan 26 2021 Fedora Release Engineering - 4.4.17-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Sun Aug 23 2020 Björn Esser - 4.4.17-1 +- New upstream release + +* Sat Aug 15 2020 Björn Esser - 4.4.16-7 +- Add a patch to add support for LTO builds +- Enable LTO +- Add a patch to fix Wformat-overflow + +* Tue Jul 28 2020 Fedora Release Engineering - 4.4.16-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue Jun 30 2020 Jeff Law - 4.4.16-5 +- Disable LTO + +* Fri Jun 19 2020 Björn Esser - 4.4.16-4 +- Trim %changelog starting with v4.4.0 +- Remove memcheck conditional + +* Sat Apr 25 2020 Björn Esser - 4.4.16-3 +- Explicitly force linking with '-Wl,-z,defs' + +* Fri Apr 24 2020 Björn Esser - 4.4.16-2 +- Move fipscheck hmac checksums to %{_libdir}/fipscheck + +* Sat Apr 04 2020 Björn Esser - 4.4.16-1 +- New upstream release + +* Thu Apr 02 2020 Björn Esser - 4.4.15-2 +- Move library from %_lib to %_libdir + +* Wed Feb 26 2020 Björn Esser - 4.4.15-1 +- New upstream release + +* Mon Feb 17 2020 Björn Esser - 4.4.14-1 +- New upstream release + +* Sun Feb 16 2020 Björn Esser - 4.4.13-1 +- New upstream release + +* Tue Feb 11 2020 Björn Esser - 4.4.12-3 +- Add an upstream patch to fix a typo in the documentation + +* Wed Feb 05 2020 Björn Esser - 4.4.12-2 +- Add two upstream patches to resolve minor bugs + +* Thu Jan 30 2020 Björn Esser - 4.4.12-1 +- New upstream release + +* Wed Jan 29 2020 Fedora Release Engineering - 4.4.11-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Sat Jan 18 2020 Björn Esser - 4.4.11-1 +- New upstream release + +* Sun Dec 15 2019 Björn Esser - 4.4.10-2 +- Add two upstream patches to fix build with upcoming GCC-10 + +* Wed Sep 18 2019 Björn Esser - 4.4.10-1 +- New upstream release + +* Sat Sep 07 2019 Björn Esser - 4.4.9-1 +- New upstream release (#1750010) + +* Sun Sep 01 2019 Björn Esser - 4.4.8-1 +- New upstream release + +* Sat Aug 24 2019 Björn Esser - 4.4.7-1 +- New upstream release + +libuuid| +* Thu Feb 08 2024 Karel Zak 2.37.4-18 +- lscpu: another tests update (RHEL-12783) + +* Thu Feb 08 2024 Karel Zak 2.37.4-17 +- lscpu: update tests, follow max freq for scaling (RHEL-12783) + +* Wed Feb 07 2024 Karel Zak 2.37.4-16 +- fix RHEL-16048 - uninitialized memory in SCM_CREDENTIALS in logger(1) +- fix RHEL-21257 - logger sending process start time not current time with log messages +- fix RHEL-16071 - issues in libblkid +- fix RHEL-12783 - lscpu -e doesn't show the current real frequency value +- fix RHEL-14612 - Userspace mount options are not preserved for NFS + +* Thu Aug 24 2023 Karel Zak 2.37.4-15 +- fix typo in patch for #2133396 + +* Wed Aug 23 2023 Karel Zak 2.37.4-14 +- improve fix #2133396 - Internal testsuite for cramfs fails on s390x + +* Thu Aug 10 2023 Karel Zak 2.37.4-13 +- improve fix #2180414 - Backport hint about systemd daemon-reload + +* Wed Aug 09 2023 Karel Zak 2.37.4-12 +- fix #2133396 - Internal testsuite for cramfs fails on s390x +- fix #2174748 - enable uuidd cont-clock by default +- fix #2182169 - lscpu: backport ARM human-readable names from upstream +- fix #2189947 - libuuid - downport cache related patch +- fix #2203324 - zram module does not have algorithms mentioned in zramctl command +- fix #2209267 - Add additional documentation on devices being auto-mounted if a device exists within fstab. +- fix #2215082 - For the 'sfdisk' man page to further clarify the expected behavior and intended use of the -d option + +* Tue Mar 28 2023 Karel Zak 2.37.4-11 +- fix #2180414 - Backport hint about systemd daemon-reload + +* Tue Feb 07 2023 Karel Zak 2.37.4-10 +- fix #2165981 - fstrim -av fails to trim root filesystem on Red Hat Coreos +- fix #2141970 - add --cont-clock feature for libuuid and uuidd +- fix #2133385 - uuidd returns time-based UUIDs when asked for random UUIDs. +- fix #2156946 - agetty does not handle the \l sequence in /etc/issue correctly +- fix #2166653 - last(1) should be more robust with work with strings +- fix #2120246 - use {_tmpfilesdir} also in install section +- fix #2134143 - publish libsmartcols-devel subpackages to C9S yum repos + +* Wed Aug 24 2022 Karel Zak 2.37.4-9 +- improve lslogins pasword validator (related #2094216) + +* Mon Aug 15 2022 Karel Zak 2.37.4-8 +- remove unnecessary patches (#2117203) + +* Fri Aug 12 2022 Karel Zak 2.37.4-7 +- improve loop overlay test (#2117203) + +* Wed Aug 10 2022 Karel Zak 2.37.4-6 +- fix #2094216 - lslogins reports incorrect "Password is locked" status +- fix #2117203 - loop-overlay test failed + +* Fri Jul 22 2022 Karel Zak 2.37.4-5 +- cleanup spec file build requiremnts + +* Thu Jul 21 2022 Karel Zak 2.37.4-4 +- fix #2079652 - remove uclampset, unsupported by RHEL kernel +- fix #2094216 - lslogins reports incorrect "Password is locked" status +- fix #2092943 - uuidd time based UUIDs are without MAC address +- fix #2074486 - wipefs to erase all available signatures against read only rom +- fix #2064810 - RFE: complete libblkid FSSIZE implementation +- fix #2078787 - Activity "lsirq -s column" produces wrong result i.e. not sorting properly. +- fix #2076829 - dmesg new option "--since" is not working if timestamp format is not provided +- fix #2109459 - fix compiler warnings/errors + +* Thu Feb 24 2022 Karel Zak 2.37.4-3 +- fix #2057046 - wdctl not picking up reboot reason flag + +* Thu Feb 17 2022 Karel Zak 2.37.4-2 +- improve bugfix for #2047952, fix warnings from rpminspect + +* Wed Feb 16 2022 Karel Zak 2.37.4-1 +- upgrade to v2.37.4 (fix CVE-2022-0563) + +libzstd| +* Mon Feb 07 2022 Jakub Martisko - 1.5.1-2 +- Add some basic gating tests + Resolves: rhbz#2050272 + +* Wed Jan 12 2022 Michel Alexandre Salim - 1.5.1-1 +- Rebase to the latest upstream version +- Enable optional gz, xz/lzma, and lz4 support in the zstd tool +- Disable amd64 assembly on non-x86_64 architectures (rhbz#2035802) + this should avoid the issue where an executable stack is created +- Re-enable CET protections (rhbz#2039353) + Resolves: rhbz#2039488 + +* Tue Aug 10 2021 Mohan Boddu - 1.5.0-2 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Mon Jul 12 2021 Jakub Martisko - 1.5.0-1 +* Rebase to the latest upstream version +Resolves: rhbz#1928094 + +* Thu Jul 01 2021 Jakub Martisko - 1.4.9-3 +- Drop gtest-devel dependency +Resolves: rhbz#1977606 + +* Fri Apr 16 2021 Mohan Boddu - 1.4.9-2 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Fri Mar 05 2021 Pádraig Brady - 1.4.9-1 +- Latest upstream + +* Thu Jan 28 2021 Fedora Release Engineering - 1.4.7-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Thu Dec 17 2020 Pádraig Brady - 1.4.7-1 +- Latest upstream + +* Wed Aug 26 2020 Jeff Law - 1.4.5-6 +- Do not force C++11 mode + +* Wed Jul 29 2020 Fedora Release Engineering - 1.4.5-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Sat Jul 11 2020 Igor Raits - 1.4.5-4 +- Build libzstd with multi-threading support + +* Mon May 25 2020 Pádraig Brady - 1.4.5-3 +- Build shared library with correct compiler flags + +* Fri May 22 2020 Pádraig Brady - 1.4.5-1 +- Latest upstream + +* Fri May 22 2020 Avi Kivity - 1.4.4-3 +- Added static library subpackage + +libsmartcols| +* Thu Feb 08 2024 Karel Zak 2.37.4-18 +- lscpu: another tests update (RHEL-12783) + +* Thu Feb 08 2024 Karel Zak 2.37.4-17 +- lscpu: update tests, follow max freq for scaling (RHEL-12783) + +* Wed Feb 07 2024 Karel Zak 2.37.4-16 +- fix RHEL-16048 - uninitialized memory in SCM_CREDENTIALS in logger(1) +- fix RHEL-21257 - logger sending process start time not current time with log messages +- fix RHEL-16071 - issues in libblkid +- fix RHEL-12783 - lscpu -e doesn't show the current real frequency value +- fix RHEL-14612 - Userspace mount options are not preserved for NFS + +* Thu Aug 24 2023 Karel Zak 2.37.4-15 +- fix typo in patch for #2133396 + +* Wed Aug 23 2023 Karel Zak 2.37.4-14 +- improve fix #2133396 - Internal testsuite for cramfs fails on s390x + +* Thu Aug 10 2023 Karel Zak 2.37.4-13 +- improve fix #2180414 - Backport hint about systemd daemon-reload + +* Wed Aug 09 2023 Karel Zak 2.37.4-12 +- fix #2133396 - Internal testsuite for cramfs fails on s390x +- fix #2174748 - enable uuidd cont-clock by default +- fix #2182169 - lscpu: backport ARM human-readable names from upstream +- fix #2189947 - libuuid - downport cache related patch +- fix #2203324 - zram module does not have algorithms mentioned in zramctl command +- fix #2209267 - Add additional documentation on devices being auto-mounted if a device exists within fstab. +- fix #2215082 - For the 'sfdisk' man page to further clarify the expected behavior and intended use of the -d option + +* Tue Mar 28 2023 Karel Zak 2.37.4-11 +- fix #2180414 - Backport hint about systemd daemon-reload + +* Tue Feb 07 2023 Karel Zak 2.37.4-10 +- fix #2165981 - fstrim -av fails to trim root filesystem on Red Hat Coreos +- fix #2141970 - add --cont-clock feature for libuuid and uuidd +- fix #2133385 - uuidd returns time-based UUIDs when asked for random UUIDs. +- fix #2156946 - agetty does not handle the \l sequence in /etc/issue correctly +- fix #2166653 - last(1) should be more robust with work with strings +- fix #2120246 - use {_tmpfilesdir} also in install section +- fix #2134143 - publish libsmartcols-devel subpackages to C9S yum repos + +* Wed Aug 24 2022 Karel Zak 2.37.4-9 +- improve lslogins pasword validator (related #2094216) + +* Mon Aug 15 2022 Karel Zak 2.37.4-8 +- remove unnecessary patches (#2117203) + +* Fri Aug 12 2022 Karel Zak 2.37.4-7 +- improve loop overlay test (#2117203) + +* Wed Aug 10 2022 Karel Zak 2.37.4-6 +- fix #2094216 - lslogins reports incorrect "Password is locked" status +- fix #2117203 - loop-overlay test failed + +* Fri Jul 22 2022 Karel Zak 2.37.4-5 +- cleanup spec file build requiremnts + +* Thu Jul 21 2022 Karel Zak 2.37.4-4 +- fix #2079652 - remove uclampset, unsupported by RHEL kernel +- fix #2094216 - lslogins reports incorrect "Password is locked" status +- fix #2092943 - uuidd time based UUIDs are without MAC address +- fix #2074486 - wipefs to erase all available signatures against read only rom +- fix #2064810 - RFE: complete libblkid FSSIZE implementation +- fix #2078787 - Activity "lsirq -s column" produces wrong result i.e. not sorting properly. +- fix #2076829 - dmesg new option "--since" is not working if timestamp format is not provided +- fix #2109459 - fix compiler warnings/errors + +* Thu Feb 24 2022 Karel Zak 2.37.4-3 +- fix #2057046 - wdctl not picking up reboot reason flag + +* Thu Feb 17 2022 Karel Zak 2.37.4-2 +- improve bugfix for #2047952, fix warnings from rpminspect + +* Wed Feb 16 2022 Karel Zak 2.37.4-1 +- upgrade to v2.37.4 (fix CVE-2022-0563) + +libxml2| +* Mon Apr 29 2024 David King - 2.9.13-6 +- Fix CVE-2024-25062 (RHEL-29196) + +* Thu Sep 14 2023 David King - 2.9.13-5 +- Fix CVE-2023-39615 (RHEL-5180) + +* Fri Apr 14 2023 David King - 2.9.13-4 +- Fix CVE-2023-28484 (#2186694) +- Fix CVE-2023-29469 (#2186694) + +* Tue Nov 01 2022 David King - 2.9.13-3 +- Fix CVE-2022-40303 (#2136564) +- Fix CVE-2022-40304 (#2136569) + +* Tue May 10 2022 David King - 2.9.13-2 +- Fix CVE-2022-29824 (#2082300) + +sqlite-libs| +* Wed Jan 03 2024 Zuzana Miklankova - 3.34.1-7 +- Fixes CVE-2023-7104 + +* Fri Nov 18 2022 Zuzana Miklankova - 3.34.1-6 +- Fixes CVE-2022-35737 + +libunistring| +* Mon Aug 09 2021 Mohan Boddu - 0.9.10-15 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Mon Jun 21 2021 Mike FABIAN - 0.9.10-14 +- Related rhbz#1938800: Fix CI tests and convert them to tmt + +* Mon Jun 14 2021 Mike FABIAN - 0.9.10-13 +- Related rhbz#1938800: Fix spelling in license GPLV2+ -> GPLv2+ + +* Mon Jun 14 2021 Mike FABIAN - 0.9.10-12 +- Fix memory leak in vasnprint. Resolves: rhbz#1938800 + (Backported from upstream: https://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=4d288a80bf7ebe29334b9805cdcc70eacb6059c1) + +* Fri Apr 16 2021 Mohan Boddu - 0.9.10-11 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Jan 26 2021 Fedora Release Engineering - 0.9.10-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Tue Jul 28 2020 Fedora Release Engineering - 0.9.10-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Mon Jul 13 2020 Tom Stellard - 0.9.10-8 +- Use make macros +- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro + +* Wed Jan 29 2020 Fedora Release Engineering - 0.9.10-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +libidn2| +* Mon Aug 09 2021 Mohan Boddu - 2.3.0-7 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Fri Apr 16 2021 Mohan Boddu - 2.3.0-6 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Jan 26 2021 Fedora Release Engineering - 2.3.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Tue Jul 28 2020 Fedora Release Engineering - 2.3.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue May 26 2020 Jeff Law - 2.3.0-3 +- Touch a couple autoconf related files to prevent undesired rebuilding + if %configure changes one or more configure files. + +* Wed Jan 29 2020 Fedora Release Engineering - 2.3.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Sat Nov 16 2019 Robert Scheck 2.3.0-1 +- Upgrade to 2.3.0 (#1764345, #1772703) + +libattr| +* Mon Aug 09 2021 Mohan Boddu - 2.5.1-3 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Thu Apr 15 2021 Mohan Boddu - 2.5.1-2 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Mar 16 2021 Kamil Dudka - 2.5.1-1 +- new upstream release + +* Fri Mar 12 2021 Kamil Dudka - 2.5.0-1 +- new upstream release + +* Tue Jan 26 2021 Fedora Release Engineering - 2.4.48-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Mon Jul 27 2020 Fedora Release Engineering - 2.4.48-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Mon Jun 22 2020 Kamil Dudka - 2.4.48-9 +- add BR for perl(FileHandle) needed by %check + +* Tue Jan 28 2020 Fedora Release Engineering - 2.4.48-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +libacl| +* Fri Oct 06 2023 Lukáš Zaoral - 2.3.1-4 +- preserve failed setfacl return code (RHEL-11833) + +libffi| +* Fri Apr 07 2023 DJ Delorie - 3.4.2-8 +- Use /etc/sysconfig/libffi-force-shared-memory-check-first to + override selinux permissions check for shared memory access (#2152228) + +* Thu Aug 26 2021 Carlos O'Donell - 3.4.2-7 +- Remove compat-libffi3.1 subpackage to complete SONAME transition. + Related: rhbz#1891914 + +* Wed Aug 18 2021 Carlos O'Donell - 3.4.2-6 +- Rebuilt for libffi 3.4.2 SONAME transition. Related: rhbz#1891914 + +* Mon Aug 09 2021 Mohan Boddu - 3.4.2-5 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Thu Jul 29 2021 Carlos O'Donell - 3.4.2-4 +- Drop pkgconf support for compat-libffi3.1. + +* Tue Jul 27 2021 Carlos O'Donell - 3.4.2-3 +- Add temporary compat-libffi3.1 for library transition. + +* Thu Jul 22 2021 Fedora Release Engineering - 3.4.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Mon Jun 28 2021 Carlos O'Donell - 3.4.2-1 +- Rebase to libffi 3.4.2. + +* Fri Apr 16 2021 Mohan Boddu - 3.1-29 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +libcap| +* Wed Jul 12 2023 Anderson Toshiyuki Sasaki - 2.48-9 +- Fix integer overflow in _libcap_strdup() (CVE-2023-2603) + Resolves: rhbz#2210638 +- Correctly check pthread_create() return value to avoid memory leak (CVE-2023-2602) + Resolves: rhbz#2222198 + +* Fri Jan 28 2022 Zoltan Fridrich - 2.48-8 +- Fix ambient capabilities for non-root users + Related: rhbz#2037215 + +* Fri Aug 27 2021 Zoltan Fridrich - 2.48-7 +- Fix issues detected by static analyzers + Related: rhbz#1985346 + +* Mon Aug 09 2021 Mohan Boddu - 2.48-6 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +libcom_err| +* Wed Dec 13 2023 Carlos Maiolino - 1.46.5-5 +- rebuild to incorporate libss-devel package +- Related: RHEL-19059 + +* Tue Oct 17 2023 Carlos Maiolino - 1.46.5-4 +- Change the xattr entry hash to use an unsighed char by default +- Related: RHEL-10467 + +* Fri May 13 2022 Lukas Czerner 1.46.5-3 +- Add sanity check to extent manipulation (#2073549) + +* Thu Jan 20 2022 Lukas Czerner - 1.46.5-2 +- Rebuild, no changes + +* Thu Jan 20 2022 Lukas Czerner - 1.46.5-1 +- New upstream release + +libtasn1| +* Wed Nov 30 2022 Simo Sorce - 4.16.0-9 +- Resolves: rhbz#2140602 + +* Mon Aug 09 2021 Mohan Boddu - 4.16.0-7 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Fri Apr 16 2021 Mohan Boddu - 4.16.0-6 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Mon Apr 12 2021 Dmitry Belyavskiy - 4.16.0-5 +- Coverity-related fixes (#1938797) + +* Tue Jan 26 2021 Fedora Release Engineering - 4.16.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +p11-kit| +* Thu Nov 23 2023 Zoltan Fridrich - 0.25.3-2 +- Fix issues found by static analysis + Related: RHEL-14834 + +* Wed Nov 15 2023 Zoltan Fridrich - 0.25.3-1 +- Update to new upstream release 0.25.3 + Resolves: RHEL-14834 + +* Wed Nov 08 2023 Zoltan Fridrich - 0.25.2-1 +- Update to new upstream release 0.25.2 + Resolves: RHEL-14834 +- Add IBM specific mechanisms and attributes + Resolves: RHEL-10570 + +* Tue Feb 01 2022 Daiki Ueno - 0.24.1-2 +- Replace "black list" with "blocklist" in -trust subpackage description (#2026457) + +* Mon Jan 17 2022 Packit Service - 0.24.1-1 +- Release 0.24.1 (Daiki Ueno) +- common: Support copying attribute array recursively (Daiki Ueno) +- common: Add assert_ptr_cmp (Daiki Ueno) +- gtkdoc: remove dependencies on custom target files (Eli Schwartz) +- doc: Replace occurrence of black list with blocklist (Daiki Ueno) +- build: Suppress cppcheck false-positive on array bounds (Daiki Ueno) +- ci: Use Docker image from the same repository (Daiki Ueno) +- ci: Integrate Docker image building to GitHub workflow (Daiki Ueno) +- rpc: Fallback to version 0 if server does not support negotiation (Daiki Ueno) +- build: Port e850e03be65ed573d0b69ee0408e776c08fad8a3 to meson (Daiki Ueno) +- Link libp11-kit so that it cannot unload (Emmanuel Dreyfus) +- trust: Use dngettext for plurals (Daiki Ueno) +- rpc: Support protocol version negotiation (Daiki Ueno) +- rpc: Separate authentication step from transaction (Daiki Ueno) +- Meson: p11_system_config_modules instead of p11_package_config_modules (Issam E. Maghni) +- shell: test -a|o is not POSIX (Issam E. Maghni) +- Meson: Add libtasn1 to trust programs (Issam E. Maghni) +- meson: optionalise glib's development files for gtk_doc (Đoàn Trần Công Danh) + +readline| +* Tue Aug 10 2021 Mohan Boddu - 8.1-4 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Fri Apr 16 2021 Mohan Boddu - 8.1-3 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Wed Jan 27 2021 Fedora Release Engineering - 8.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Wed Jan 06 2021 Siteshwar Vashisht - 8.1-1 +- Rebase to readline-8.1 + Resolves: #1904867 + +* Wed Jul 29 2020 Fedora Release Engineering - 8.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Thu Jan 30 2020 Fedora Release Engineering - 8.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +libassuan| +* Mon Aug 09 2021 Mohan Boddu - 2.5.5-3 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Fri Apr 16 2021 Mohan Boddu - 2.5.5-2 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Mon Mar 22 2021 Jakub Jelen - 2.5.5-1 +- New upstream release (#1941663) + +* Tue Jan 26 2021 Fedora Release Engineering - 2.5.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Tue Dec 01 2020 Jakub Jelen - 2.5.4-1 +- New upstream release (#1891067) + +* Tue Jul 28 2020 Fedora Release Engineering - 2.5.3-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Wed Jan 29 2020 Fedora Release Engineering - 2.5.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Mon Aug 19 2019 Tomáš Mráz 2.5.3-2 +- add includedir to pkg-config --cflags (#1742986) + +libgcrypt| +* Mon Mar 20 2023 Jakub Jelen - 1.10.0-10 +- Provide FIPS indicators for MD and HMACs +- Improve PCT tests for ECDSA and always run them after key is generated +- Add missing guards for FIPS status in md_sign/verify function +- Provider FIPS indicators for public key operation flags + +* Tue Jan 24 2023 Jakub Jelen - 1.10.0-9 +- Avoid usage of invalid arguments sizes for PBKDF2 in FIPS mode +- Do not allow large salt lengths with RSA-PSS padding +- Disable X9.31 key generation in FIPS mode +- Update the FIPS integrity checking code to upstream version +- Update cipher modes FIPS indicators for AES WRAP and GCM +- Disable jitter entropy generator + +* Thu Oct 20 2022 Jakub Jelen - 1.10.0-8 +- Fix unneeded PBKDF2 passphrase length limitation in FIPS mode +- Enforce HMAC key lengths in MD API in FIPS mode + +* Thu Oct 06 2022 Jakub Jelen - 1.10.0-7 +- Properly enforce KDF limits in FIPS mode (#2130275) +- Fix memory leak in large digest test (#2129150) +- Fix function name FIPS service indicator by disabling PK encryption and decryption (#2130275) +- Skip RSA encryption/decryption selftest in FIPS mode (#2130275) + +* Tue Sep 27 2022 Jakub Jelen - 1.10.0-6 +- Fix SHA3 digests with large inputs (#2129150) +- Fix FIPS RSA PCT (#2128455) +- Fix RSA FIPS Keygen that non-deterministically fails (#2130275) +- Get max 32B from getrandom in FIPS mode (#2130275) + +* Wed Aug 17 2022 Jakub Jelen - 1.10.0-5 +- Allow signature verification with smaller RSA keys (#2083846) +- Allow short salt for KDF (#2114870) +- Reseed the kernel DRBG by using GRND_RANDOM (#2118695) +- Address FIPS review comments around selftests (#2118695) +- Disable RSA-OAEP in FIPS mode (#2118695) + +* Fri May 06 2022 Jakub Jelen - 1.10.0-4 +- Backport ppc hardware flags detection (#2051307) +- Disable PKCS#1.5 encryption in FIPS mode (#2061328) + +* Thu Mar 31 2022 Jakub Jelen - 1.10.0-3 +- Use correct FIPS module name (#2067123) + +* Thu Feb 17 2022 Jakub Jelen - 1.10.0-2 +- Systematic FIPS module name with other FIPS modules + +* Wed Feb 02 2022 Jakub Jelen - 1.10.0-1 +- Final release (#2026636) + +* Thu Jan 27 2022 Jakub Jelen - 1.10.0-0.3 +- Fix broken soname in the previous beta + +* Thu Jan 27 2022 Jakub Jelen - 1.10.0-0.2 +- Provide compat soname symlink as the new release is backward compatible + +* Wed Jan 26 2022 Jakub Jelen - 1.10.0-0.1 +- New upstream pre-release (#2026636) +- Upstream all patches +- Implement FIPS 140-3 support + +* Tue Oct 12 2021 Jakub Jelen - 1.9.3-5 +- Allow HW optimizations in FIPS mode (#1990059) + +* Mon Aug 09 2021 Mohan Boddu - 1.9.3-4 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Tue Jun 15 2021 Jakub Jelen - 1.9.3-3 +- Fix for CVE-2021-33560 (#1970098) + +* Wed Apr 28 2021 Jakub Jelen - 1.9.3-2 +- Restore the CET protection (#1954049) + +* Tue Apr 20 2021 Jakub Jelen - 1.9.3-1 +- New upstream release (#1951325) + +* Fri Apr 16 2021 Mohan Boddu - 1.9.2-4 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Thu Apr 15 2021 Jakub Jelen - 1.9.2-3 +- Fix issues reported by coverity + +* Mon Mar 29 2021 Jakub Jelen - 1.9.2-2 +- Fix OCB tag creation on s390x (failing gnupg2 tests) + +lz4-libs| +* Mon Aug 09 2021 Mohan Boddu - 1.9.3-5 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Thu May 27 2021 Jakub Martisko - 1.9.3-4 +- Fix cve-2021-3520 +resolves: cve-2021-3520 + +* Fri Apr 16 2021 Mohan Boddu - 1.9.3-3 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Jan 26 2021 Fedora Release Engineering - 1.9.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Wed Jan 06 2021 Timothée Ravier - 1.9.3-1 +- Update to 1.9.3 and switch to Meson + +* Tue Jul 28 2020 Fedora Release Engineering - 1.9.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Wed Jan 29 2020 Fedora Release Engineering - 1.9.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Wed Aug 14 2019 Igor Gnatenko - 1.9.1-1 +- Update to 1.9.1 + +libcap-ng| +* Tue Feb 15 2022 - 0.8.2-7 +- Update apply-disable patch (#2045857) + Resolves: rhbz#2045857 + +* Mon Aug 09 2021 Mohan Boddu - 0.8.2-6 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Fri Apr 16 2021 Mohan Boddu - 0.8.2-5 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Feb 02 2021 Steve Grubb 0.8.2-4 +- Adjust syslog warning for bad use of capng_apply + +* Sat Jan 30 2021 Steve Grubb 0.8.2-3 +- Add syslog warning for bad use of capng_apply + +* Tue Jan 26 2021 Fedora Release Engineering - 0.8.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Wed Dec 09 2020 Steve Grubb 0.8.2-1 +- New upstream bugfix release + +* Fri Nov 20 2020 Steve Grubb 0.8.1-2 +- Add temporary patch disabling bounding set error codes + +* Wed Nov 18 2020 Steve Grubb 0.8.1-1 +- New upstream bugfix release + +* Tue Sep 08 2020 Steve Grubb 0.8-1 +- New upstream feature release + +* Sun Aug 23 2020 Steve Grubb 0.7.11-1 +- New upstream release + +* Tue Jul 28 2020 Fedora Release Engineering - 0.7.10-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue May 26 2020 Miro Hrončok - 0.7.10-3 +- Rebuilt for Python 3.9 + +audit-libs| +* Wed Nov 08 2023 Sergio Correia - 3.1.2-2 +- Remove + +if [ $1 -eq 0 ] && [ -x "/usr/lib/systemd/systemd-update-helper" ]; then + /usr/lib/systemd/systemd-update-helper remove-system-units from %preun scriptlet, as it was causing troubles when removing audit || : +fi + + Related: RHEL-14896 + +* Fri Oct 27 2023 Sergio Correia - 3.1.2-1 +- New upstream release, 3.1.2 + Resolves: RHEL-14896 + +* Thu Jun 22 2023 Radovan Sroka - 3.0.7-104 +- Introduce new fanotify record fields + Resolves: rhbz#2216666 + +* Mon May 02 2022 Sergio Correia - 3.0.7-103 +- Drop ProtectHome from auditd.service as it interferes with rules + Resolves: rhbz#2071725 - Default systemd service config blocks audit watch rules in some directories [rhel-9.1.0] + +* Sun Mar 13 2022 Sergio Correia - 3.0.7-102 +- Fix path normalization in auparse + Resolves: rhbz#2062824 - auparse missing information when used with --format-text + +* Tue Feb 22 2022 Sergio Correia - 3.0.7-101 +- Adjust sample-rules dir permissions + Resolves: rhbz#2054432 - /usr/share/audit/sample-rules is no longer readable by non-root users + +* Tue Jan 25 2022 Sergio Correia - 3.0.7-100 +- New upstream release, 3.0.7 + Resolves: rhbz#2019929 - capability=unknown-capability(39) in audit messages + +popt| +* Tue Aug 10 2021 Mohan Boddu - 1.18-8 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Tue Jul 20 2021 Michal Domonkos - 1.18-7 +- Add gating.yaml + +* Mon Jul 19 2021 Michal Domonkos - 1.18-6 +- Address important covscan issues (#1938846) + +* Fri Apr 16 2021 Mohan Boddu - 1.18-5 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Sat Mar 06 2021 Robert Scheck 1.18-4 +- Conditionalize static subpackage during build-time + +* Wed Jan 27 2021 Fedora Release Engineering - 1.18-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Tue Jul 28 2020 Fedora Release Engineering - 1.18-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Wed Jun 24 2020 Panu Matilainen - 1.18-1 +- Update to popt 1.18 final (no changes from rc1) + +* Fri May 29 2020 Panu Matilainen - 1.18~rc1-1 +- Rebase to popt 1.18-rc1 +- Update URLs to the new upstream + +* Thu Jan 30 2020 Fedora Release Engineering - 1.16-19 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +libsigsegv| +* Mon Aug 09 2021 Mohan Boddu - 2.13-4 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Fri Apr 16 2021 Mohan Boddu - 2.13-3 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Jan 26 2021 Fedora Release Engineering - 2.13-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Sun Jan 17 2021 Peter Robinson - 2.13-1 +- Update to 2.13 +- spec file cleanup + +* Tue Jul 28 2020 Fedora Release Engineering - 2.11-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Wed Jan 29 2020 Fedora Release Engineering - 2.11-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Fri Jan 17 2020 Jeff Law - 2.11-9 +- Fix configure tests compromised by LTO + +gmp| +* Thu Aug 03 2023 Jakub Martisko - 1:6.2.0-13 +- Fix: previous commit removed one function from the library and thus broke the ABI +- function gmpn_preinv_divrem_1 should now not be removed +Related: rhbz#2044216 + +* Tue Jul 18 2023 Jakub Martisko - 1:6.2.0-12 +- Add SIMD optimization patches for s390x (provided by the IBM) +Resolves: rhbz#2044216 + +* Tue Jun 06 2023 Jakub Martisko - 1:6.2.0-11 +Fix: Integer overflow and resultant buffer overflow via crafted input +Resolves: CVE-2021-43618 + +* Fri Aug 27 2021 Jakub Martisko - 1:6.2.0-10 +- Add the support for intel CET +Resolves: rhbz#1977890 + +* Wed Aug 18 2021 Jakub Martisko - 1:6.2.0-9 +- Move the .hmac files to the fipscheck subfolder +- Make symlinks from their original location (Fedora contains the .hmac files there) pointing to their new location +Resolves: rhbz#1980758 + +* Mon Aug 09 2021 Mohan Boddu - 1:6.2.0-8 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +libsepol| +* Wed Dec 13 2023 Petr Lautrbach - 3.6-1 +- SELinux userspace 3.6 release + +* Mon Nov 13 2023 Petr Lautrbach - 3.6-0.rc1.1 +- SELinux userspace 3.6-rc1 release + +* Thu Feb 23 2023 Petr Lautrbach - 3.5-1 +- SELinux userspace 3.5 release + +* Tue Feb 14 2023 Petr Lautrbach - 3.5-0.rc3.1 +- SELinux userspace 3.5-rc3 release + +* Mon Jan 02 2023 Petr Lautrbach - 3.5-0.rc1.2 +- SELinux userspace 3.5-rc1 release + +* Fri Oct 21 2022 Petr Lautrbach - 3.4-3 +- Fix validation of user declarations in modules (#2136212) + +* Wed Oct 12 2022 Petr Lautrbach - 3.4-2 +- Restore error on context rule conflicts (#2127399) + +* Mon May 23 2022 Petr Lautrbach - 3.4-1.1 +- SELinux userspace 3.4 release + +pcre| +* Mon Aug 09 2021 Mohan Boddu - 8.44-3.3 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Fri Apr 16 2021 Mohan Boddu - 8.44-3.2 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Jan 26 2021 Fedora Release Engineering - 8.44-3.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Mon Jan 11 2021 Petr Pisar - 8.44-3 +- Implement CET (bug #1909554) + +* Mon Oct 19 2020 Petr Pisar - 8.44-2 +- Fix reading an uninitialized memory when populating a name table + (upstream bug #2661) + +* Tue Jul 28 2020 Fedora Release Engineering - 8.44-1.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Fri Feb 14 2020 Petr Pisar - 8.44-1 +- 8.44 bump + +* Wed Feb 12 2020 Petr Pisar - 8.43-3 +- Make erroroffset initializion in a POSIX wrapper thread-safe + (upstream bug #2447) +- Fix an integer overflow when parsing numbers after "(?C" (upstream bug #2463) +- Fix shifting integer bits and a NULL pointer dereferce in pcretest tool + (upstream bug #2380) + +* Wed Jan 29 2020 Fedora Release Engineering - 8.43-2.2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +grep| +* Mon Aug 09 2021 Mohan Boddu - 3.6-5 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Mon Jun 28 2021 Jaroslav Škarvada - 3.6-4 +- Fixed stack overflow detection + Resolves: rhbz#1975156 + +* Thu Apr 15 2021 Mohan Boddu - 3.6-3 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Jan 26 2021 Fedora Release Engineering - 3.6-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Mon Nov 09 2020 Jaroslav Škarvada - 3.6-1 +- New version + Resolves: rhbz#1895797 + +* Wed Sep 30 2020 Jaroslav Škarvada - 3.5-1 +- New version + Resolves: rhbz#1883086 + +* Wed Aug 26 2020 Adam Williamson - 3.4-5 +- Backport fix for upstream #28105 to fix zgrep + Resolves: rhbz#1872913 +- Remove some non-portable tests that fail on armv7hl (Paul Eggert) + Resolves: rhbz#1863830 + +* Sat Aug 01 2020 Fedora Release Engineering - 3.4-4 +- Second attempt - Rebuilt for + https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue Jul 28 2020 Fedora Release Engineering - 3.4-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Mon Jul 13 2020 Tom Stellard - 3.4-2 +- Use make macros +- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro + +* Wed Apr 01 2020 Jaroslav Škarvada - 3.4-1 +- New version + Resolves: rhbz#1818417 +- Added all glibc langpacks to allow more locale sensitive tests to run +- Added perl-FileHandle requirement for the filename-lineno.pl test + +* Wed Jan 29 2020 Fedora Release Engineering - 3.3-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +mpfr| +* Mon Aug 09 2021 Mohan Boddu - 4.1.0-7 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Fri Apr 16 2021 Mohan Boddu - 4.1.0-6 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Mar 09 2021 Jerry James - 4.1.0-5 +- Add upstream patches 8-9 + +* Wed Feb 17 2021 Jerry James - 4.1.0-4 +- Add upstream patches 1-7 + +* Tue Jan 26 2021 Fedora Release Engineering - 4.1.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Tue Jul 28 2020 Fedora Release Engineering - 4.1.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Sat Jul 11 2020 Jerry James - 4.1.0-1 +- Update to MPFR version 4.1.0 +- Drop all patches + +* Mon Jun 29 2020 Jerry James - 4.0.2-5 +- Add upstream patches 8 and 9 + +* Thu Apr 16 2020 Jerry James - 4.0.2-4 +- Add upstream patches 2 through 7 + +* Wed Jan 29 2020 Fedora Release Engineering - 4.0.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Fri Oct 11 2019 Jerry James - 4.0.2-2 +- Drop the mpfr3 and mpfr3-devel subpackages + +* Tue Oct 08 2019 Jerry James - 4.0.2-1 +- Update to MPFR version 4.0.2 plus patch01 +- Make mpfr3 and mpfr3-devel subpackages for version 3.1.6 +- Add a -doc subpackage to hold the GFDL-licensed content +- The main package license is LGPLv3+; the GPLv3+ content is not packaged +- Drop unnecessary autoconf and libtool BRs +- Drop explicit R on gmp; it is autogenerated +- Drop info scriptlets; this version can never appear in Fedora < 32 or RHEL < 9 +- Drop ldconfig_scriptlets for the same reason +- Make sure there are no rpaths and that -Wl,--as-needed takes effect +- Do not use the %doc macro; the files have already been copied + +gawk| +* Wed Feb 16 2022 Jakub Martisko - 5.1.0-6 +Fix the issue with incorect handling of return values of some processes +Resolves: rhbz#2055107 + +* Mon Aug 09 2021 Mohan Boddu - 5.1.0-5 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Thu Apr 15 2021 Mohan Boddu - 5.1.0-4 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Jan 26 2021 Fedora Release Engineering - 5.1.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Mon Jul 27 2020 Fedora Release Engineering - 5.1.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue Jul 21 2020 Jakub Martisko - 5.1.0-1 +- New upstream release + +* Tue Feb 18 2020 Jakub Martisko - 5.0.1-8 +- Split the package into the main package and locales subpackage + +libksba| +* Wed Jan 25 2023 Jakub Jelen - 1.5.1-6 +- Fix for CVE-2022-47629 (#2161571) + +* Wed Oct 19 2022 Jakub Jelen - 1.5.1-5 +- Fix for CVE-2022-3515 (#2135703) + +* Mon Aug 09 2021 Mohan Boddu - 1.5.1-4 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Fri Apr 16 2021 Mohan Boddu - 1.5.1-3 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Thu Apr 15 2021 Jakub Jelen - 1.5.1-2 +- Address issues reported by coverity + +* Wed Apr 07 2021 Jakub Jelen - 1.5.1-1 +- New upstream release (#1946544) + +* Tue Jan 26 2021 Fedora Release Engineering - 1.5.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +file-libs| +* Thu Nov 23 2023 Vincent Mihalkovic - 5.39-16 +- Fix stack-based buffer over-read in file_copystr() (CVE-2022-48554) + +* Thu Oct 12 2023 Vincent Mihalkovic - 5.39-15 +- Fix segfault in python3-file-magic concurrent method calls + +* Tue Jul 11 2023 Ville-Pekka Vainio - 5.39-14 +- fix detection of deflate encoded PDFs + Resolves: #2213761 + +* Mon Jul 03 2023 Vincent Mihalkovic - 5.39-13 +- fix recognition of wasm files + Resolves: #2219392 + +* Wed Feb 01 2023 Vincent Mihalkovic - 5.39-12 +- fix detection of static-pie binaries + Resolves: #2164834 + +* Tue Jan 31 2023 Vincent Mihalkovic - 5.39-11 +- fix issue with libmagic and floating point exceptions + Resolves: #2061557 + +* Wed Aug 24 2022 Vincent Mihalkovic - 5.39-10 +- speedup magic matching + Resolves: #2120692 + +* Wed Aug 17 2022 Vincent Mihalkovic - 5.39-9 +- fix recognition (src/compress.c) of compressed empty files + Resolves: #2121694 + +alternatives| +* Thu May 04 2023 Jan Macku - 1.24-1 +- ci: fix `NEXT_VERSION` in Makefile +- revert: releng: Enable Packit to handle Fedora updates +- revert: releng: Convert to rpmautospec + +* Thu May 04 2023 Jan Macku - 1.23-1 +- Translated using Weblate (Korean) +- Translated using Weblate (English (United Kingdom)) +- alternatives: --keep-foreign incorrectly handles non-existent files +- alternatives: isLink should return 0 in case of lstat error +- Translated using Weblate (Swedish) +- Translated using Weblate (Korean) +- Translated using Weblate (Georgian) +- Translated using Weblate (Finnish) +- Translated using Weblate (Ukrainian) +- Translated using Weblate (Polish) +- Update translation files +- Translated using Weblate (German) +- doc: update translations +- spec: remote changelog + +* Thu Mar 23 2023 Jan Macku - 1.22-1 +- migrate to SPDX license +- Translated using Weblate (English (United Kingdom)) +- Translated using Weblate (Japanese) +- ci: Add locale linter +- ci: update workflows +- test: fix ShellCheck error[SC2070] +- Bump redhat-plumbers-in-action/differential-shellcheck from 3 to 4 (#94) +- releng: Packit remove extra job trigger +- releng: Enable Packit to handle Fedora updates +- releng: Convert to rpmautospec + +* Wed Oct 05 2022 Jan Macku - 1.21-1 +- ci: Add CodeQL to replace LGTM +- alternatives: replace master/slave with leader/follower +- chkconfig: use correct cmp function +- Bump redhat-plumbers-in-action/differential-shellcheck from 2 to 3 +- ci: Add Shell linter - Differential ShellCheck +- ci: Use more inclusive terminology in workflows +- ci: Update workflows, packit and dependabot +- Translated using Weblate (Friulian) +- Translated using Weblate (Swedish) +- Translated using Weblate (Estonian) +- Translated using Weblate (Georgian) +- Translated using Weblate (Polish) +- Translated using Weblate (Korean) +- Translated using Weblate (Czech) +- Translations update from Fedora Weblate (#77) +- Translations update from Fedora Weblate (#75) +- Translations update from Fedora Weblate (#74) +- Translations update from Fedora Weblate (#73) +- Translated using Weblate (Ukrainian) +- Update translation files +- Family mentioned for --set in both man and help +- Translated using Weblate (French) +- build-sys: Ensure `systemd-sysv-install` symlink does not have `//` +- Translated using Weblate (German) +- Add LGTM badges to README +- Merge remote-tracking branch 'weblate/master' +- Translated using Weblate (Indonesian) +- Translated using Weblate (Finnish) +- Translated using Weblate (Korean) +- Translated using Weblate (Ukrainian) +- Translated using Weblate (Turkish) +- Translated using Weblate (Polish) +- Translated using Weblate (Norwegian Nynorsk) +- Update translation files +- Translated using Weblate (Finnish) +- Translated using Weblate (Czech) +- Translated using Weblate (Swedish) +- Translated using Weblate (Italian) +- Translated using Weblate (Spanish) +- Translated using Weblate (Chinese (Simplified)) + +* Wed Jul 28 2021 Jan Macku - 1.20-1 +- spec: Replace not working awk command with sed (#62) + +* Fri Jul 23 2021 Jan Macku - 1.19-1 +- spec: Add Provides /sbin/chkconfig in order to stay backwards compatible (#60) + +* Fri Jul 23 2021 Jan Macku - 1.18-1 +- spec: /sbin/chkconfig -> /usr/sbin/chkconfig (#59) + +* Thu Jul 22 2021 Jan Macku - 1.17-1 +- alternatives: tweak manpage to match the real 'remove' behavior (#58) + +* Thu Jul 15 2021 Jan Macku - 1.16-1 +- alternatives: add --keep-foreign (#57) +- Translations update from Weblate +- ci: Onboard chkconfig to Packit +- zanata: remove zanata related stuff +- Use make macros +- alternatives: use one function for path cleaning +- CI: specify more closely when to run CI +- Add basic CI and README +- spec: sync specfile with Fedora + +p11-kit-trust| +* Thu Nov 23 2023 Zoltan Fridrich - 0.25.3-2 +- Fix issues found by static analysis + Related: RHEL-14834 + +* Wed Nov 15 2023 Zoltan Fridrich - 0.25.3-1 +- Update to new upstream release 0.25.3 + Resolves: RHEL-14834 + +* Wed Nov 08 2023 Zoltan Fridrich - 0.25.2-1 +- Update to new upstream release 0.25.2 + Resolves: RHEL-14834 +- Add IBM specific mechanisms and attributes + Resolves: RHEL-10570 + +* Tue Feb 01 2022 Daiki Ueno - 0.24.1-2 +- Replace "black list" with "blocklist" in -trust subpackage description (#2026457) + +* Mon Jan 17 2022 Packit Service - 0.24.1-1 +- Release 0.24.1 (Daiki Ueno) +- common: Support copying attribute array recursively (Daiki Ueno) +- common: Add assert_ptr_cmp (Daiki Ueno) +- gtkdoc: remove dependencies on custom target files (Eli Schwartz) +- doc: Replace occurrence of black list with blocklist (Daiki Ueno) +- build: Suppress cppcheck false-positive on array bounds (Daiki Ueno) +- ci: Use Docker image from the same repository (Daiki Ueno) +- ci: Integrate Docker image building to GitHub workflow (Daiki Ueno) +- rpc: Fallback to version 0 if server does not support negotiation (Daiki Ueno) +- build: Port e850e03be65ed573d0b69ee0408e776c08fad8a3 to meson (Daiki Ueno) +- Link libp11-kit so that it cannot unload (Emmanuel Dreyfus) +- trust: Use dngettext for plurals (Daiki Ueno) +- rpc: Support protocol version negotiation (Daiki Ueno) +- rpc: Separate authentication step from transaction (Daiki Ueno) +- Meson: p11_system_config_modules instead of p11_package_config_modules (Issam E. Maghni) +- shell: test -a|o is not POSIX (Issam E. Maghni) +- Meson: Add libtasn1 to trust programs (Issam E. Maghni) +- meson: optionalise glib's development files for gtk_doc (Đoàn Trần Công Danh) + +libverto| +* Mon Aug 09 2021 Mohan Boddu - 0.3.2-3 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Fri Apr 16 2021 Mohan Boddu - 0.3.2-2 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Mon Mar 15 2021 Robbie Harwood - 0.3.2-1 +- New upstream version (0.3.2) + +* Tue Jan 26 2021 Fedora Release Engineering - 0.3.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Fri Jan 22 2021 Robbie Harwood - 0.3.1-2 +- New upstream version (0.3.1) +- Drop tevent goo and RHEL conditionals + +* Tue Sep 15 2020 Robbie Harwood - 0.3.0-11 +- Rebuild for libevent soname bump + +* Tue Jul 28 2020 Fedora Release Engineering - 0.3.0-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Wed Jan 29 2020 Fedora Release Engineering - 0.3.0-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +libnghttp2| +* Fri Oct 13 2023 Jan Macku - 1.43.0-5.1 +- fix HTTP/2 Rapid Reset (CVE-2023-44487) + +nettle| +* Wed Nov 01 2023 Daiki Ueno - 3.9.1-1 +- Update to nettle 3.9.1 (RHEL-14890) + +* Thu Aug 25 2022 Daiki Ueno - 3.8-3 +- Rebuild in new side-tag + +* Thu Aug 18 2022 Daiki Ueno - 3.8-2 +- Bundle GMP to privatize memory functions +- Zeroize stack allocated intermediate data + +* Tue Jun 28 2022 Daiki Ueno - 3.8-1 +- Update to nettle 3.8 (#1992457) + +gnutls| +* Fri Apr 05 2024 Daiki Ueno - 3.8.3-4 +- Bump release to ensure el9 package is greater than el9_* packages + +* Fri Mar 22 2024 Daiki Ueno - 3.8.3-3 +- Bump release to ensure el9 package is greater than el9_* packages + +* Thu Mar 21 2024 Daiki Ueno - 3.8.3-2 +- Fix timing side-channel in deterministic ECDSA (RHEL-28959) +- Fix potential crash during chain building/verification (RHEL-28954) + +* Tue Jan 23 2024 Daiki Ueno - 3.8.3-1 +- Update to gnutls 3.8.3 (RHEL-14891) + +* Mon Jan 22 2024 Daiki Ueno - 3.8.2-3 +- Skip KTLS test exercising ChaCha20-Poly1305 in TLS 1.3 as well (RHEL-18498) + +* Fri Dec 08 2023 Daiki Ueno - 3.8.2-2 +- Bump nettle dependency to 3.9.1 +- Skip KTLS test exercising ChaCha20-Poly1305 in TLS 1.2 (RHEL-18498) + +* Thu Nov 16 2023 Daiki Ueno - 3.8.2-1 +- Update to gnutls 3.8.2 (RHEL-14891) + +* Sat Jul 29 2023 Daiki Ueno - 3.7.6-23 +- Mark SHA-1 signature verification non-approved in FIPS (#2102751) + +* Tue Jul 18 2023 Daiki Ueno - 3.7.6-22 +- Skip KTLS test on old kernel if host and target arches are different + +* Thu Jul 13 2023 Daiki Ueno - 3.7.6-21 +- Require use of extended master secret in FIPS mode by default (#2157953) + +* Tue Mar 14 2023 Daiki Ueno - 3.7.6-20 +- Fix the previous change (#2175214) + +* Fri Mar 10 2023 Daiki Ueno - 3.7.6-19 +- Bump release to ensure el9 package is greater than el9_* packages (#2175214) + +* Tue Feb 28 2023 Daiki Ueno - 3.7.6-18 +- Update gnutls-3.7.8-fips-pct-dh.patch to the upstream version (#2168143) + +* Fri Feb 10 2023 Daiki Ueno - 3.7.6-17 +- Fix timing side-channel in TLS RSA key exchange (#2162601) + +* Fri Feb 10 2023 Daiki Ueno - 3.7.6-16 +- fips: extend PCT to DH key generation (#2168143) + +* Thu Dec 15 2022 Zoltan Fridrich - 3.7.6-15 +- fips: rename hmac file to its previous name (#2148269) + +* Tue Nov 22 2022 Daiki Ueno - 3.7.6-14 +- cipher: add restriction on CCM tag length under FIPS mode (#2137807) +- nettle: mark non-compliant RSA-PSS salt length to be not-approved (#2143266) + +* Tue Nov 15 2022 Zoltan Fridrich - 3.7.6-13 +- fips: make XTS key check failure not fatal (#2130971) +- enable source archive verification again (#2127094) +- clear server's session ticket indication at rehandshake (#2136072) +- crypto-api: add block cipher API with automatic padding (#2084161) +- fips: remove library path checking from FIPS integrity check (#2140908) + +* Tue Sep 27 2022 Daiki Ueno - 3.7.6-12 +- fips: mark PBKDF2 with short key and output sizes non-approved +- fips: only mark HMAC as approved in PBKDF2 +- fips: mark gnutls_key_generate with short key sizes non-approved +- fips: fix checking on hash algorithm used in ECDSA +- fips: preserve operation context around FIPS selftests API + +* Fri Aug 26 2022 Daiki Ueno - 3.7.6-11 +- Supply --with{,out}-{zlib,brotli,zstd} explicitly + +* Thu Aug 25 2022 Daiki Ueno - 3.7.6-10 +- Revert nettle version pinning as it doesn't work well in side-tag + +* Thu Aug 25 2022 Daiki Ueno - 3.7.6-9 +- Pin nettle version in Requires when compiled with FIPS + +* Tue Aug 23 2022 Daiki Ueno - 3.7.6-8 +- Bundle GMP to privatize memory functions +- Disable certificate compression support by default + +* Tue Aug 23 2022 Daiki Ueno - 3.7.6-7 +- Update gnutls-3.7.6-cpuid-fixes.patch + +* Sat Aug 20 2022 Daiki Ueno - 3.7.6-6 +- Mark RSA SigVer operation approved for known modulus sizes (#2091903) +- accelerated: clear AVX bits if it cannot be queried through XSAVE + +* Thu Aug 04 2022 Daiki Ueno - 3.7.6-5 +- Block DES-CBC usage in decrypting PKCS#12 bag under FIPS (#2115244) +- sysrng: reseed source DRBG for prediction resistance + +* Fri Jul 29 2022 Daiki Ueno - 3.7.6-4 +- Make gnutls-cli work with KTLS for testing +- Fix double-free in gnutls_pkcs7_verify (#2109790) + +* Mon Jul 25 2022 Daiki Ueno - 3.7.6-3 +- Limit input size for AES-GCM according to SP800-38D (#2095251) +- Do not treat GPG verification errors as fatal +- Remove gnutls-3.7.6-libgnutlsxx-const.patch + +* Tue Jul 19 2022 Daiki Ueno - 3.7.6-2 +- Allow enabling KTLS with config file (#2042009) + +* Fri Jul 01 2022 Daiki Ueno - 3.7.6-1 +- Update to gnutls 3.7.6 (#2097327) + +json-c| +* Tue Sep 14 2021 Tomas Korbar - 0.14-11 +- Start providing versioned symbols +- Resolves: rhbz#2001067 + +* Mon Aug 09 2021 Mohan Boddu - 0.14-10 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Fri Apr 16 2021 Mohan Boddu - 0.14-9 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Jan 26 2021 Fedora Release Engineering - 0.14-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Mon Jul 27 2020 Björn Esser - 0.14-7 +- Use new cmake macros + +* Tue May 26 2020 Björn Esser - 0.14-6 +- Build using Ninja instead of Make +- Add a patch to move Doxyfile into doc subdir +- Remove pre-built html documentation +- Update Doxyfile during %prep +- Add a patch to apply some optimizations to arraylist +- Hardlink the files in %_pkgdocdir + +* Mon May 25 2020 Björn Esser - 0.14-5 +- Run the testssuite with valgrind on %valgrind_arches + +* Mon May 18 2020 Björn Esser - 0.14-4 +- Add a patch to fix a test +- Add a patch to fix generation of user-documentation + +* Mon May 11 2020 Björn Esser - 0.14-3 +- Add upstream patch fixing usage of errno in json_parse_uint64() + +* Sun May 10 2020 Björn Esser - 0.14-2 +- Add a patch to backport fixes applied on upstream master branch +- Re-enable RDRAND as json-c can detect broken implementations in CPUs now +- Disable -Werror during build + +* Tue Apr 21 2020 Björn Esser - 0.14-1 +- Update to 0.14 + +* Mon Apr 20 2020 Björn Esser - 0.13.99-0.4.20200416gita911439 +- Remove config.h file from installation +- Drop hardlinking of the documentation files + +* Thu Apr 16 2020 Björn Esser - 0.13.99-0.3.20200416gita911439 +- Update to recent git snapshot + +* Tue Apr 14 2020 Björn Esser - 0.13.99-0.2.20200414git7fb8d56 +- Update to recent git snapshot + +* Tue Apr 14 2020 Björn Esser - 0.13.99-0.1.20200414gitab5425a +- Update to recent git snapshot using forge macros + +* Sun Apr 12 2020 Björn Esser - 0.13.1-11 +- Drop bootstrap logic, as the package is no dependency of @build anymore +- Add some explicit BuildRequires, which were implicit +- Small spec file cleanups + +* Sat Apr 11 2020 Björn Esser - 0.13.1-10 +- Add explicit configure switch to disable rdrand +- Add explicit configure switch to enable linking with Bsymbolic +- Do not use macros to invoke executables +- Drop obsolete %pretrans scriptlet + +* Wed Jan 29 2020 Fedora Release Engineering - 0.13.1-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Thu Nov 28 2019 Petr Menšík - 0.13.1-8 +- Remove empty doc dir from library package + +* Wed Nov 06 2019 Miroslav Lichvar 0.13.1-7 +- Disable rdrand support (#1745333) + +npth| +* Mon Aug 09 2021 Mohan Boddu - 1.6-8 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Fri Apr 16 2021 Mohan Boddu - 1.6-7 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Jan 26 2021 Fedora Release Engineering - 1.6-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Tue Jul 28 2020 Fedora Release Engineering - 1.6-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Wed Jan 29 2020 Fedora Release Engineering - 1.6-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +libyaml| +* Mon Aug 09 2021 Mohan Boddu - 0.2.5-7 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Fri Apr 16 2021 Mohan Boddu - 0.2.5-6 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Jan 26 2021 Fedora Release Engineering - 0.2.5-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Tue Dec 01 2020 John Eckersberg - 0.2.5-4 +- Add BuildRequires for make + (re: https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot) + +* Tue Jul 28 2020 Fedora Release Engineering - 0.2.5-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Mon Jul 13 2020 Tom Stellard - 0.2.5-2 +- Use make macros +- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro + +* Tue Jun 02 2020 John Eckersberg - 0.2.5-1 +- New upstream release (rhbz#1842769) + +* Sun Apr 19 2020 John Eckersberg - 0.2.4-1 +- New upstream release (rhbz#1825622) +- Fixes document end before directive (rhbz#1824226) + +* Mon Apr 13 2020 John Eckersberg - 0.2.3-1 +- New upstream release (rhbz#1823108) + +* Wed Jan 29 2020 Fedora Release Engineering - 0.2.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +libdb| +* Wed Nov 24 2021 Filip Januš - 5.3.28-53 +- Add missing RPM_LD_FLAGS for db_dump185 +- Resolves: #2026417 + +* Mon Sep 13 2021 Filip Januš - 5.3.28-52 +- Bad order of sys calls cause high CPU usage +- Related: #2002186 +- Patch no. 42 was added + +* Mon Aug 09 2021 Mohan Boddu - 5.3.28-51 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Thu Aug 05 2021 Filip Januš - 5.3.28-50 +- fix static analyzer issues CWE-686-398 +- Resolves: #1938760 + +* Mon Jul 12 2021 Filip Januš - 5.3.28-49 +- Rebuild due to glibc +- Resolves: #1980975 + +* Fri Jun 25 2021 Filip Januš - 5.3.28-48 +- Disable crypto support +- Resolves: #1974657 + +* Fri Apr 16 2021 Mohan Boddu - 5.3.28-47 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Jan 26 2021 Fedora Release Engineering - 5.3.28-46 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Wed Dec 02 2020 Matej Mužila 5.3.28-45 +- Resolves: CVE-2019-2708 (#1853243) + +* Tue Jul 28 2020 Fedora Release Engineering - 5.3.28-44 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue Jul 21 2020 Tom Stellard - 5.3.28-43 +- Use make macros +- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro + +* Tue Jul 14 2020 Ondrej Dubaj - 5.3.28-42 +- Remove java subpackage due to jdk-11 (#1846398) + +* Sat Jul 11 2020 Jiri Vanek - 5.3.28-41 +- Rebuilt for JDK-11, see https://fedoraproject.org/wiki/Changes/Java11 + +* Wed Jan 29 2020 Fedora Release Engineering - 5.3.28-40 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +lua-libs| +* Mon Apr 17 2023 Florian Festi - 5.4.4-4 +- Disable bootstrap mode forgotten on 5.4 rebase (#2135419) + +* Fri Feb 03 2023 Florian Festi - 5.4.4-3 +- Apply upstream patch for CVE-2022-28805 + +* Fri Feb 03 2023 Florian Festi - 5.4.4-2 +- Resolves CVE-2021-43519 + +* Tue Jan 24 2023 Florian Festi - 5.4.4-1 +- Rebase to lua 5.4.4 +- Resolves CVE-2021-44964 + +* Tue Oct 25 2022 Michal Domonkos - 5.4.2-7 +- Fix up CVE-2022-33099 patch + +* Mon Oct 17 2022 Michal Domonkos - 5.4.2-6 +- Enable gating + +* Mon Oct 17 2022 Michal Domonkos - 5.4.2-5 +- apply upstream fix for CVE-2022-33099 + +* Mon Aug 09 2021 Mohan Boddu - 5.4.2-4 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +gdbm-libs| +* Mon Aug 09 2021 Mohan Boddu - 1:1.19-4 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Thu Apr 15 2021 Mohan Boddu - 1:1.19-3 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Jan 26 2021 Fedora Release Engineering - 1:1.19-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Tue Jan 05 2021 Filip Januš - 1.19-1 +- Rebase to latest release 1.19 +- Remove gdbm_gcc_10.patch no more necessary + +* Mon Jul 27 2020 Fedora Release Engineering - 1:1.18.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Mon Jul 13 2020 Tom Stellard - 1:1.18.1-4 +- Use make macros +- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro + +* Fri Feb 07 2020 Filip Januš - 1.18.1-3 +- Resolves: #1799391 +- After upgrade GCC to version gcc version 10.0.1 build fails +- Patch gdbm_gcc_10.patch was added + +* Tue Jan 28 2020 Fedora Release Engineering - 1:1.18.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Sun Oct 13 2019 Christian Stadelmann +- Remove outdated comments from spec file + +* Mon Sep 23 2019 Filip Janus - 1.18.1-1 +- Upstream released 1.18.1 bug(#1706639) +- Remove old patches + +keyutils-libs| +* Fri Oct 14 2022 Pavel Reichl - 1.6.3-1 +- Update to upstream version 1.6.3 + Related: rhbz#2119105 + +* Mon Aug 09 2021 Mohan Boddu - 1.6.1-4 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Fri Apr 16 2021 Mohan Boddu - 1.6.1-3 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Jan 26 2021 Fedora Release Engineering - 1.6.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Tue Jan 05 2021 Peter Robinson - 1.6.1-1 +- Update to 1.6.1 +- Spec cleanups + +libbrotli| +* Mon Aug 09 2021 Mohan Boddu - 1.0.9-6 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Thu Apr 15 2021 Mohan Boddu - 1.0.9-5 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Jan 26 2021 Fedora Release Engineering - 1.0.9-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Thu Oct 01 2020 Travis Kendrick - 1.0.9-3 +- Apparently %autosetup calls %patch on its own + +* Thu Oct 01 2020 Travis Kendrick - 1.0.9-2 +- Fix pc file (#1884364) + +* Wed Sep 30 2020 Travis Kendrick - 1.0.9-1 +- Update to 1.0.9 (#1872932) + +* Wed Aug 12 2020 Carl George - 1.0.7-14 +- Update cmake invocation rhbz#1863298 + +* Sat Aug 01 2020 Fedora Release Engineering - 1.0.7-13 +- Second attempt - Rebuilt for + https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Mon Jul 27 2020 Fedora Release Engineering - 1.0.7-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Sat May 23 2020 Miro Hrončok - 1.0.7-11 +- Rebuilt for Python 3.9 + +* Tue Jan 28 2020 Fedora Release Engineering - 1.0.7-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Sat Dec 07 2019 Peter Robinson 1.0.7-9 +- Splil out the libs to a separate package + +* Thu Oct 03 2019 Miro Hrončok - 1.0.7-8 +- Rebuilt for Python 3.8.0rc1 (#1748018) + +* Sat Aug 17 2019 Miro Hrončok - 1.0.7-7 +- Rebuilt for Python 3.8 + +libstdc++| +* Mon Dec 18 2023 Marek Polacek 11.4.1-3 +- update from releases/gcc-11-branch (RHEL-17638) + - PRs c++/106310, c++/106890, c++/109666, c++/109761, c++/111357, + c++/111512, c++/112795, d/108842, d/110359, d/110511, d/110516, + debug/110295, fortran/95947, fortran/103506, fortran/107397, + fortran/110288, fortran/110585, fortran/110658, fortran/111837, + fortran/111880, libstdc++/95048, libstdc++/99327, libstdc++/104161, + libstdc++/104242, libstdc++/108178, libstdc++/111050, + libstdc++/111511, libstdc++/112314, libstdc++/112491, + middle-end/110200, middle-end/111699, middle-end/111818, + middle-end/112733, rtl-optimization/110237, sanitizer/112727, + target/96762, target/101177, target/101469, target/105325, + target/109800, target/109932, target/110011, target/110044, + target/110170, target/110309, target/110741, target/111001, + target/111340, target/111367, target/111408, target/111815, + target/112672, target/112816, target/112837, target/112845, + target/112891, testsuite/66005, tree-optimization/110298, + tree-optimization/110731, tree-optimization/110914, + tree-optimization/111015, tree-optimization/111614, + tree-optimization/111764, tree-optimization/111917 +- use -fno-stack-protector in some aarch64 tests + +* Tue Oct 03 2023 Marek Polacek 11.4.1-2.3 +- fix member vs global template (RHEL-2607) + +* Mon Oct 02 2023 Marek Polacek 11.4.1-2.2 +- guard the bit test merging code in if-combine (RHEL-6068) + +* Fri Jun 09 2023 Marek Polacek 11.4.1-2.1 +- fix ICE on pr96024.f90 on big-endian hosts (PR fortran/96024, #2213211) +- use -fno-stack-protector to fix bit-field aarch64 tests (#2213221) + +* Mon Jun 05 2023 Marek Polacek 11.4.1-2 +- update from releases/gcc-11-branch (#2193180) + - GCC 11.4 release + - PRs bootstrap/90543, c++/53932, c++/69410, c++/92752, c++/98056, + c++/98821, c++/100295, c++/100474, c++/101118, c++/101869, + c++/102780, c++/103871, c++/104527, c++/105406, c++/105996, + c++/106188, c++/106675, c++/106713, c++/106740, c++/107065, + c++/107163, c++/107179, c++/107558, c++/107579, c++/107864, + c++/108138, c++/108180, c++/108365, c++/108468, c++/108474, + c++/108607, c++/108975, c++/108998, c++/109096, c++/109164, c/107127, + c/107465, c/109151, d/107592, d/108050, d/108877, d/109108, + debug/106719, debug/108573, debug/108716, debug/108967, driver/106624, + fortran/85877, fortran/95107, fortran/96024, fortran/96025, + fortran/99036, fortran/103259, fortran/104332, fortran/106209, + fortran/106945, fortran/107576, fortran/107872, fortran/108131, + fortran/108349, fortran/108420, fortran/108421, fortran/108451, + fortran/108453, fortran/108501, fortran/108502, fortran/108527, + fortran/108529, fortran/108609, fortran/108937, fortran/109186, + fortran/109511, fortran/109846, ipa/105685, ipa/106124, ipa/107944, + libquadmath/87204, libquadmath/94756, libstdc++/91456, + libstdc++/103934, libstdc++/104866, libstdc++/104875, + libstdc++/105844, libstdc++/106183, libstdc++/107801, + libstdc++/107814, libstdc++/108030, libstdc++/108118, + libstdc++/108265, libstdc++/108636, libstdc++/108856, + libstdc++/108952, libstdc++/109064, libstdc++/109261, + libstdc++/109949, lto/109263, middle-end/104450, middle-end/104464, + middle-end/106190, middle-end/107317, middle-end/108237, + middle-end/108264, middle-end/108435, middle-end/108459, + middle-end/108546, middle-end/108625, middle-end/108685, + middle-end/108854, other/108560, other/109306, + rtl-optimization/106751, rtl-optimization/107482, + rtl-optimization/108193, rtl-optimization/108596, + rtl-optimization/109585, target/70243, target/90458, target/96373, + target/98776, target/100758, target/104871, target/104921, + target/105554, target/105599, target/106736, target/106875, + target/107568, target/107714, target/107863, target/108272, + target/108348, target/108589, target/108699, target/108807, + target/108812, target/108881, target/109067, target/109140, + target/109276, testsuite/47334, testsuite/103823, testsuite/108151, + testsuite/108973, testsuite/108985, tree-optimization/105484, + tree-optimization/106809, tree-optimization/107107, + tree-optimization/107212, tree-optimization/107254, + tree-optimization/107323, tree-optimization/107451, + tree-optimization/107554, tree-optimization/107898, + tree-optimization/107997, tree-optimization/108068, + tree-optimization/108076, tree-optimization/108095, + tree-optimization/108199, tree-optimization/108498, + tree-optimization/108688, tree-optimization/108692, + tree-optimization/108821, tree-optimization/108950, + tree-optimization/109176, tree-optimization/109410, + tree-optimization/109473, tree-optimization/109491, + tree-optimization/109502, tree-optimization/109573, + tree-optimization/109724, tree-optimization/109778 + - PRs fortran/100607, libstdc++/109822, target/109954, + tree-optimization/109505 + +* Wed Mar 29 2023 Marek Polacek 11.3.1-4.4 +- s390x: add support for register arguments preserving (#2168204) + +* Wed Dec 21 2022 Marek Polacek 11.3.1-4.3 +- compile the cross binaries as PIE/-z now (#2155452) + +* Mon Dec 19 2022 Marek Polacek 11.3.1-4.2 +- ship libitm.spec in cross-gcc (#2154462) + +* Tue Dec 13 2022 Marek Polacek 11.3.1-4.1 +- add cross compiler functionality for non-production uses (#2149650) + +* Tue Nov 22 2022 Marek Polacek 11.3.1-4 +- update from releases/gcc-11-branch (#2117632) + - PRs analyzer/105252, analyzer/105365, analyzer/105366, c++/65211, + c++/82980, c++/86193, c++/90107, c++/97296, c++/101442, c++/101698, + c++/102071, c++/102177, c++/102300, c++/102307, c++/102479, + c++/102629, c++/104066, c++/104142, c++/104646, c++/104669, + c++/105245, c++/105265, c++/105289, c++/105304, c++/105321, + c++/105386, c++/105398, c++/105725, c++/105761, c++/105774, + c++/105795, c++/105852, c++/105925, c++/106024, c++/106361, + c++/107358, c/41041, c/106016, c/106981, c/107001, d/106139, + d/106638, debug/106261, fortran/82868, fortran/100029, fortran/100040, + fortran/100097, fortran/100098, fortran/100132, fortran/100136, + fortran/100245, fortran/103413, fortran/103504, fortran/103693, + fortran/103694, fortran/104313, fortran/104849, fortran/105012, + fortran/105230, fortran/105243, fortran/105310, fortran/105633, + fortran/105691, fortran/105813, fortran/105954, fortran/106121, + fortran/106817, fortran/106857, fortran/106985, fortran/106986, + fortran/107054, ipa/100413, ipa/105600, ipa/105739, libgomp/106045, + libstdc++/65018, libstdc++/84110, libstdc++/93602, libstdc++/96592, + libstdc++/99290, libstdc++/100823, libstdc++/101709, libstdc++/102447, + libstdc++/103664, libstdc++/103848, libstdc++/103853, + libstdc++/103911, libstdc++/103992, libstdc++/104217, + libstdc++/104443, libstdc++/104602, libstdc++/104731, + libstdc++/105128, libstdc++/105284, libstdc++/105375, + libstdc++/105502, libstdc++/105671, libstdc++/105915, + libstdc++/106162, libstdc++/106248, libstdc++/106320, + libstdc++/106607, libstdc++/106695, lto/106334, lto/106540, + middle-end/103193, middle-end/104869, middle-end/104966, + middle-end/105140, middle-end/105998, middle-end/106027, + middle-end/106030, middle-end/106144, middle-end/106331, + middle-end/106492, preprocessor/97498, preprocessor/105732, + rtl-optimization/104637, rtl-optimization/105041, + rtl-optimization/105333, rtl-optimization/105559, + rtl-optimization/106032, rtl-optimization/106187, sanitizer/105396, + sanitizer/105729, target/96072, target/99184, target/99685, + target/101322, target/101891, target/102059, target/102146, + target/103197, target/103353, target/104257, target/104829, + target/105147, target/105162, target/105209, target/105292, + target/105339, target/105349, target/105463, target/105472, + target/105854, target/105879, target/105970, target/105981, + target/106017, target/106091, target/106355, target/106491, + target/106721, target/107061, target/107064, target/107183, + target/107248, target/107304, target/107364, target/107748, + testsuite/105095, testsuite/105266, testsuite/105433, + testsuite/106345, tree-optimization/103116, tree-optimization/105148, + tree-optimization/105163, tree-optimization/105173, + tree-optimization/105250, tree-optimization/105263, + tree-optimization/105312, tree-optimization/105368, + tree-optimization/105431, tree-optimization/105437, + tree-optimization/105528, tree-optimization/105618, + tree-optimization/105726, tree-optimization/105860, + tree-optimization/106112, tree-optimization/106131, + tree-optimization/106189, tree-optimization/106513, + tree-optimization/106892, tree-optimization/106934 +- fix the detection of Sapphire Rapids in host_detect_local_cpu +- fix -Wmismatched-dealloc documentation (#2116635) + +* Tue Jul 12 2022 Marek Polacek 11.3.1-2.1 +- fix handling of invalid ranges in std::regex (#2106262) + +* Thu Apr 21 2022 Jakub Jelinek 11.3.1-2 +- update from releases/gcc-11-branch (#2077536) + - GCC 11.3 release + - PRs c++/98249, c++/99893, c++/100608, c++/101051, c++/101532, c++/101677, + c++/101717, c++/101894, c++/102869, c++/103105, c++/103328, + c++/103341, c++/103455, c++/103706, c++/103885, c++/103943, + c++/104008, c++/104079, c++/104225, c++/104507, c++/104565, + c++/105003, c++/105064, c++/105143, c++/105186, c++/105256, c/101585, + debug/105203, fortran/102992, fortran/104210, fortran/104228, + fortran/104570, fortran/105138, gcov-profile/105282, ipa/103083, + ipa/103432, jit/100613, libstdc++/90943, libstdc++/100516, + libstdc++/103630, libstdc++/103638, libstdc++/103650, + libstdc++/103955, libstdc++/104098, libstdc++/104301, + libstdc++/104542, libstdc++/104859, libstdc++/105021, + libstdc++/105027, middle-end/104497, middle-end/105165, + rtl-optimization/104985, rtl-optimization/105028, + rtl-optimization/105211, target/80556, target/100106, target/104117, + target/104474, target/104853, target/104894, target/105214, + target/105257, tree-optimization/99121, tree-optimization/104880, + tree-optimization/105053, tree-optimization/105070, + tree-optimization/105189, tree-optimization/105198, + tree-optimization/105226, tree-optimization/105232, + tree-optimization/105235 +- fix bogus -Wuninitialized warning on va_arg with complex types on x86_64 + (PR target/105331) +- remove bogus assertion in std::from_chars (PR libstdc++/105324) + +* Mon Apr 04 2022 David Malcolm - 11.2.1-10 +- update from releases/gcc-11-branch (#2063255) + - PRs ada/98724, ada/104258, ada/104767, ada/104861, c++/58646, c++/59950, + c++/61611, c++/95036, c++/100468, c++/101030, c++/101095, c++/101371, + c++/101515, c++/101767, c++/102045, c++/102123, c++/102538, + c++/102740, c++/102990, c++/103057, c++/103186, c++/103291, + c++/103299, c++/103337, c++/103711, c++/103769, c++/103968, + c++/104107, c++/104108, c++/104284, c++/104410, c++/104472, + c++/104513, c++/104568, c++/104667, c++/104806, c++/104847, + c++/104944, c++/104994, c++/105035, c++/105061, c/82283, c/84685, + c/104510, c/104711, d/104659, d/105004, debug/104337, debug/104517, + debug/104557, fortran/66193, fortran/99585, fortran/100337, + fortran/103790, fortran/104211, fortran/104311, fortran/104331, + fortran/104430, fortran/104619, fortran/104811, go/100537, + libgomp/104385, libstdc++/101231, libstdc++/102358, libstdc++/103904, + libstdc++/104442, lto/104237, lto/104333, lto/104617, + middle-end/95115, middle-end/99578, middle-end/100464, + middle-end/100680, middle-end/100775, middle-end/100786, + middle-end/104307, middle-end/104402, middle-end/104446, + middle-end/104786, middle-end/104971, middle-end/105032, + preprocessor/104147, rtl-optimization/104544, rtl-optimization/104589, + rtl-optimization/104777, rtl-optimization/104814, sanitizer/102656, + sanitizer/104449, sanitizer/105093, target/79754, target/87496, + target/99708, target/99754, target/100784, target/101324, + target/102140, target/102952, target/102957, target/103307, + target/103627, target/103925, target/104090, target/104208, + target/104219, target/104253, target/104362, target/104448, + target/104451, target/104453, target/104458, target/104462, + target/104469, target/104502, target/104674, target/104681, + target/104688, target/104775, target/104890, target/104910, + target/104923, target/104963, target/104998, target/105000, + target/105052, target/105058, target/105068, testsuite/103556, + testsuite/103586, testsuite/104730, testsuite/104759, + testsuite/105055, tree-optimization/45178, tree-optimization/100834, + tree-optimization/101636, tree-optimization/102819, + tree-optimization/102893, tree-optimization/103169, + tree-optimization/103361, tree-optimization/103489, + tree-optimization/103544, tree-optimization/103596, + tree-optimization/103641, tree-optimization/103864, + tree-optimization/104263, tree-optimization/104288, + tree-optimization/104511, tree-optimization/104601, + tree-optimization/104675, tree-optimization/104782, + tree-optimization/104931, tree-optimization/105094 +- fix x86 vector initialization expansion fallback (PR target/105123) +- drop patch 22 (gcc11-libsanitizer-pthread.patch; + upstreamed as r11-9607-ga8dd74bfb921ed) + +* Thu Feb 10 2022 Marek Polacek 11.2.1-9.4 +- add --enable-host-bind-now, use it (#2044917) + +* Tue Feb 08 2022 Marek Polacek 11.2.1-9.3 +- use _thread_db_sizeof_pthread to obtain struct pthread size (#2034494) +- add --enable-host-pie, build the compilers as PIE (#2044917) + +* Mon Feb 07 2022 Marek Polacek 11.2.1-9.2 +- add support for relocation of the PCH data (pch/71934, #2044917) +- remove 30_threads/future/members/poll.cc (#2050090) +- avoid overly-greedy match in dejagnu regexp (#2050089) + +* Mon Jan 31 2022 Marek Polacek 11.2.1-9.1 +- don't set -Wl,-rpath when building annobin (#2047356) + +* Fri Jan 28 2022 Marek Polacek 11.2.1-9 +- update from releases/gcc-11-branch (#2047296) + - PRs fortran/104127, fortran/104212, fortran/104227, target/101529 +- fix up va-opt-6.c testcase + +* Fri Jan 28 2022 Marek Polacek 11.2.1-8 +- update from releases/gcc-11-branch (#2047296) + - PRs ada/103538, analyzer/101962, bootstrap/103688, c++/85846, c++/95009, + c++/98394, c++/99911, c++/100493, c++/101715, c++/102229, c++/102933, + c++/103012, c++/103198, c++/103480, c++/103703, c++/103714, + c++/103758, c++/103783, c++/103831, c++/103912, c++/104055, c/97548, + c/101289, c/101537, c/103587, c/103881, d/103604, debug/103838, + debug/103874, fortran/67804, fortran/83079, fortran/101329, + fortran/101762, fortran/102332, fortran/102717, fortran/102787, + fortran/103411, fortran/103412, fortran/103418, fortran/103473, + fortran/103505, fortran/103588, fortran/103591, fortran/103606, + fortran/103607, fortran/103609, fortran/103610, fortran/103692, + fortran/103717, fortran/103718, fortran/103719, fortran/103776, + fortran/103777, fortran/103778, fortran/103782, fortran/103789, + ipa/101354, jit/103562, libfortran/103634, libstdc++/100017, + libstdc++/102994, libstdc++/103453, libstdc++/103501, + libstdc++/103549, libstdc++/103877, libstdc++/103919, + middle-end/101751, middle-end/102860, middle-end/103813, objc/103639, + preprocessor/89971, preprocessor/102432, rtl-optimization/102478, + rtl-optimization/103837, rtl-optimization/103860, + rtl-optimization/103908, sanitizer/102911, target/102347, + target/103465, target/103661, target/104172, target/104188, + tree-optimization/101615, tree-optimization/103523, + tree-optimization/103603, tree-optimization/103995 + +* Tue Jan 25 2022 Marek Polacek 11.2.1-7.7 +- do not undefine _hardened_build (#2044917) + +* Mon Jan 24 2022 Marek Polacek 11.2.1-7.6 +- update annobin plugin patch (#2030667) + +* Thu Jan 13 2022 Marek Polacek 11.2.1-7.5 +- update annobin plugin patch (#2030667) + +* Fri Jan 07 2022 Marek Polacek 11.2.1-7.4 +- update annobin plugin patch (#2030667) + +* Tue Jan 04 2022 Marek Polacek 11.2.1-7.3 +- fix dg-ice tests (#1996047) + +* Tue Jan 04 2022 Marek Polacek 11.2.1-7.2 +- update annobin plugin patch (#2030667) + +libeconf| +* Wed Jun 07 2023 Iker Pedrosa - 0.4.1-3 +- Fix stack-based buffer overflow in read_file(). Resolves: #2212467 (CVE-2023-22652) + +* Mon Aug 09 2021 Mohan Boddu - 0.4.1-2 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Tue Jul 13 2021 Iker Pedrosa - 0.4.1-1 +- Rebase to 0.4.1. Resolves: #1938762 + +pcre2-syntax| +* Fri Feb 16 2024 Lukas Javorsky - 10.40-5 +- Rebuilt for added pcre2-tools into CRB + +* Mon Nov 13 2023 Lukas Javorsky - 10.40-4 +- Fix an issue with restoring originally unset entries in recursion +- Resolves: BZ#2248133 + +* Tue Oct 17 2023 Lukas Javorsky - 10.40-3 +- Fix issue in the backtracking optimization of character in JIT + +* Wed May 18 2022 Lukas Javorsky - 10.40-2 +- Explicitly require uft subpackages in tools subpackage + +* Fri May 13 2022 Lukas Javorsky - 10.40-1 +- Rebase to the 10.40 +- Resolves multiple Out-of-bounds read errors + +* Fri May 13 2022 Lukas Javorsky - 10.39-1 +- Rebase to the 10.39 + +* Fri May 13 2022 Lukas Javorsky - 10.38-1 +- Rebase to the 10.38 +- Patch 1 upstreamed + +pcre2| +* Fri Feb 16 2024 Lukas Javorsky - 10.40-5 +- Rebuilt for added pcre2-tools into CRB + +* Mon Nov 13 2023 Lukas Javorsky - 10.40-4 +- Fix an issue with restoring originally unset entries in recursion +- Resolves: BZ#2248133 + +* Tue Oct 17 2023 Lukas Javorsky - 10.40-3 +- Fix issue in the backtracking optimization of character in JIT + +* Wed May 18 2022 Lukas Javorsky - 10.40-2 +- Explicitly require uft subpackages in tools subpackage + +* Fri May 13 2022 Lukas Javorsky - 10.40-1 +- Rebase to the 10.40 +- Resolves multiple Out-of-bounds read errors + +* Fri May 13 2022 Lukas Javorsky - 10.39-1 +- Rebase to the 10.39 + +* Fri May 13 2022 Lukas Javorsky - 10.38-1 +- Rebase to the 10.38 +- Patch 1 upstreamed + +libselinux| +* Wed Dec 13 2023 Petr Lautrbach - 3.6-1 +- SELinux userspace 3.6 release + +* Mon Nov 13 2023 Petr Lautrbach - 3.6-0.rc1.1 +- SELinux userspace 3.6-rc1 release + +* Thu Feb 23 2023 Petr Lautrbach - 3.5-1 +- SELinux userspace 3.5 release + +* Tue Feb 14 2023 Petr Lautrbach - 3.5-0.rc3.1 +- SELinux userspace 3.5-rc3 release + +* Mon Jan 16 2023 Petr Lautrbach - 3.5-0.rc2.1 +- SELinux userspace 3.5-rc2 release + +* Mon Jan 02 2023 Petr Lautrbach - 3.5-0.rc1.1 +- SELinux userspace 3.5-rc1 release + +* Mon Jul 18 2022 Petr Lautrbach - 3.4-3 +- Drop SHA-1 from selinux_restorecon.3 + +* Tue May 31 2022 Petr Lautrbach - 3.4-2 +- Revert "libselinux: restorecon: pin file to avoid TOCTOU issues" + +* Thu May 19 2022 Petr Lautrbach - 3.4-1 +- SELinux userspace 3.4 release + +coreutils-single| +* Mon Jan 29 2024 Lukáš Zaoral +- fix tail on kernels with 64k page sizes (RHEL-22866) + +* Mon Jan 02 2023 Kamil Dudka - 8.32-34 +- basic support for checking NFSv4 ACLs (#2137866) + +* Mon Aug 01 2022 Kamil Dudka - 8.32-33 +- prevent unexpand from failing on control characters (#2112870) + +* Tue Mar 01 2022 Kamil Dudka - 8.32-32 +- ls, stat: avoid triggering automounts (#2044981) +- make `df --direct` work again (#2058686) + +libblkid| +* Thu Feb 08 2024 Karel Zak 2.37.4-18 +- lscpu: another tests update (RHEL-12783) + +* Thu Feb 08 2024 Karel Zak 2.37.4-17 +- lscpu: update tests, follow max freq for scaling (RHEL-12783) + +* Wed Feb 07 2024 Karel Zak 2.37.4-16 +- fix RHEL-16048 - uninitialized memory in SCM_CREDENTIALS in logger(1) +- fix RHEL-21257 - logger sending process start time not current time with log messages +- fix RHEL-16071 - issues in libblkid +- fix RHEL-12783 - lscpu -e doesn't show the current real frequency value +- fix RHEL-14612 - Userspace mount options are not preserved for NFS + +* Thu Aug 24 2023 Karel Zak 2.37.4-15 +- fix typo in patch for #2133396 + +* Wed Aug 23 2023 Karel Zak 2.37.4-14 +- improve fix #2133396 - Internal testsuite for cramfs fails on s390x + +* Thu Aug 10 2023 Karel Zak 2.37.4-13 +- improve fix #2180414 - Backport hint about systemd daemon-reload + +* Wed Aug 09 2023 Karel Zak 2.37.4-12 +- fix #2133396 - Internal testsuite for cramfs fails on s390x +- fix #2174748 - enable uuidd cont-clock by default +- fix #2182169 - lscpu: backport ARM human-readable names from upstream +- fix #2189947 - libuuid - downport cache related patch +- fix #2203324 - zram module does not have algorithms mentioned in zramctl command +- fix #2209267 - Add additional documentation on devices being auto-mounted if a device exists within fstab. +- fix #2215082 - For the 'sfdisk' man page to further clarify the expected behavior and intended use of the -d option + +* Tue Mar 28 2023 Karel Zak 2.37.4-11 +- fix #2180414 - Backport hint about systemd daemon-reload + +* Tue Feb 07 2023 Karel Zak 2.37.4-10 +- fix #2165981 - fstrim -av fails to trim root filesystem on Red Hat Coreos +- fix #2141970 - add --cont-clock feature for libuuid and uuidd +- fix #2133385 - uuidd returns time-based UUIDs when asked for random UUIDs. +- fix #2156946 - agetty does not handle the \l sequence in /etc/issue correctly +- fix #2166653 - last(1) should be more robust with work with strings +- fix #2120246 - use {_tmpfilesdir} also in install section +- fix #2134143 - publish libsmartcols-devel subpackages to C9S yum repos + +* Wed Aug 24 2022 Karel Zak 2.37.4-9 +- improve lslogins pasword validator (related #2094216) + +* Mon Aug 15 2022 Karel Zak 2.37.4-8 +- remove unnecessary patches (#2117203) + +* Fri Aug 12 2022 Karel Zak 2.37.4-7 +- improve loop overlay test (#2117203) + +* Wed Aug 10 2022 Karel Zak 2.37.4-6 +- fix #2094216 - lslogins reports incorrect "Password is locked" status +- fix #2117203 - loop-overlay test failed + +* Fri Jul 22 2022 Karel Zak 2.37.4-5 +- cleanup spec file build requiremnts + +* Thu Jul 21 2022 Karel Zak 2.37.4-4 +- fix #2079652 - remove uclampset, unsupported by RHEL kernel +- fix #2094216 - lslogins reports incorrect "Password is locked" status +- fix #2092943 - uuidd time based UUIDs are without MAC address +- fix #2074486 - wipefs to erase all available signatures against read only rom +- fix #2064810 - RFE: complete libblkid FSSIZE implementation +- fix #2078787 - Activity "lsirq -s column" produces wrong result i.e. not sorting properly. +- fix #2076829 - dmesg new option "--since" is not working if timestamp format is not provided +- fix #2109459 - fix compiler warnings/errors + +* Thu Feb 24 2022 Karel Zak 2.37.4-3 +- fix #2057046 - wdctl not picking up reboot reason flag + +* Thu Feb 17 2022 Karel Zak 2.37.4-2 +- improve bugfix for #2047952, fix warnings from rpminspect + +* Wed Feb 16 2022 Karel Zak 2.37.4-1 +- upgrade to v2.37.4 (fix CVE-2022-0563) + +libmount| +* Thu Feb 08 2024 Karel Zak 2.37.4-18 +- lscpu: another tests update (RHEL-12783) + +* Thu Feb 08 2024 Karel Zak 2.37.4-17 +- lscpu: update tests, follow max freq for scaling (RHEL-12783) + +* Wed Feb 07 2024 Karel Zak 2.37.4-16 +- fix RHEL-16048 - uninitialized memory in SCM_CREDENTIALS in logger(1) +- fix RHEL-21257 - logger sending process start time not current time with log messages +- fix RHEL-16071 - issues in libblkid +- fix RHEL-12783 - lscpu -e doesn't show the current real frequency value +- fix RHEL-14612 - Userspace mount options are not preserved for NFS + +* Thu Aug 24 2023 Karel Zak 2.37.4-15 +- fix typo in patch for #2133396 + +* Wed Aug 23 2023 Karel Zak 2.37.4-14 +- improve fix #2133396 - Internal testsuite for cramfs fails on s390x + +* Thu Aug 10 2023 Karel Zak 2.37.4-13 +- improve fix #2180414 - Backport hint about systemd daemon-reload + +* Wed Aug 09 2023 Karel Zak 2.37.4-12 +- fix #2133396 - Internal testsuite for cramfs fails on s390x +- fix #2174748 - enable uuidd cont-clock by default +- fix #2182169 - lscpu: backport ARM human-readable names from upstream +- fix #2189947 - libuuid - downport cache related patch +- fix #2203324 - zram module does not have algorithms mentioned in zramctl command +- fix #2209267 - Add additional documentation on devices being auto-mounted if a device exists within fstab. +- fix #2215082 - For the 'sfdisk' man page to further clarify the expected behavior and intended use of the -d option + +* Tue Mar 28 2023 Karel Zak 2.37.4-11 +- fix #2180414 - Backport hint about systemd daemon-reload + +* Tue Feb 07 2023 Karel Zak 2.37.4-10 +- fix #2165981 - fstrim -av fails to trim root filesystem on Red Hat Coreos +- fix #2141970 - add --cont-clock feature for libuuid and uuidd +- fix #2133385 - uuidd returns time-based UUIDs when asked for random UUIDs. +- fix #2156946 - agetty does not handle the \l sequence in /etc/issue correctly +- fix #2166653 - last(1) should be more robust with work with strings +- fix #2120246 - use {_tmpfilesdir} also in install section +- fix #2134143 - publish libsmartcols-devel subpackages to C9S yum repos + +* Wed Aug 24 2022 Karel Zak 2.37.4-9 +- improve lslogins pasword validator (related #2094216) + +* Mon Aug 15 2022 Karel Zak 2.37.4-8 +- remove unnecessary patches (#2117203) + +* Fri Aug 12 2022 Karel Zak 2.37.4-7 +- improve loop overlay test (#2117203) + +* Wed Aug 10 2022 Karel Zak 2.37.4-6 +- fix #2094216 - lslogins reports incorrect "Password is locked" status +- fix #2117203 - loop-overlay test failed + +* Fri Jul 22 2022 Karel Zak 2.37.4-5 +- cleanup spec file build requiremnts + +* Thu Jul 21 2022 Karel Zak 2.37.4-4 +- fix #2079652 - remove uclampset, unsupported by RHEL kernel +- fix #2094216 - lslogins reports incorrect "Password is locked" status +- fix #2092943 - uuidd time based UUIDs are without MAC address +- fix #2074486 - wipefs to erase all available signatures against read only rom +- fix #2064810 - RFE: complete libblkid FSSIZE implementation +- fix #2078787 - Activity "lsirq -s column" produces wrong result i.e. not sorting properly. +- fix #2076829 - dmesg new option "--since" is not working if timestamp format is not provided +- fix #2109459 - fix compiler warnings/errors + +* Thu Feb 24 2022 Karel Zak 2.37.4-3 +- fix #2057046 - wdctl not picking up reboot reason flag + +* Thu Feb 17 2022 Karel Zak 2.37.4-2 +- improve bugfix for #2047952, fix warnings from rpminspect + +* Wed Feb 16 2022 Karel Zak 2.37.4-1 +- upgrade to v2.37.4 (fix CVE-2022-0563) + +glib2| +* Wed Feb 21 2024 Michael Catanzaro - 2.68.4-14 +- Rebuild against newer util-linux for libmnt changes +- Resolves: RHEL-23637 + +* Thu Feb 01 2024 Michael Catanzaro - 2.68.4-13 +- Backport GUnixMountMonitor port to libmnt_monitor +- Resolves: RHEL-23637 + +* Fri Nov 03 2023 Michael Catanzaro - 2.68.4-12 +- Fix race with waitpid() and child watcher sources +- Resolves: RHEL-14761 + +* Wed Jul 19 2023 Michael Catanzaro - 2.68.4-11 +- Really fix authentication failures when sd-bus clients connect to GDBus servers +- Resolves: #2217771 + +* Thu Jul 06 2023 Michael Catanzaro - 2.68.4-10 +- Fix authentication failures when sd-bus clients connect to GDBus servers +- Resolves: #2217771 + +* Thu May 25 2023 Michael Catanzaro - 2.68.4-9 +- Resolve s390x crashes introduced by fixes for CVE-2023-24593/CVE-2023-25180 +- Related: #2181196 +- Related: #2181200 + +* Wed May 17 2023 Michael Catanzaro - 2.68.4-8 +- Resolve use after free introduced by fixes for CVE-2023-24593/CVE-2023-25180 +- Related: #2181196 +- Related: #2181200 + +* Fri Mar 24 2023 Michael Catanzaro - 2.68.4-7 +- Fix CVE-2023-24593 and CVE-2023-25180 +- Resolves: #2181196 +- Resolves: #2181200 + +* Fri Dec 02 2022 Michael Catanzaro - 2.68.4-6 +- Drop gdesktopappinfo patchset +- Resolves: #2150307 + +sed| +* Tue Aug 10 2021 Mohan Boddu - 4.8-9 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Fri Apr 16 2021 Mohan Boddu - 4.8-8 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Wed Jan 27 2021 Fedora Release Engineering - 4.8-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Mon Aug 17 2020 Jakub Martisko - 4.8-6 +- Minor spec cleanup + +* Mon Aug 03 2020 Jakub Martisko - 4.8-5 +- Use make macros + +* Mon Aug 03 2020 Jakub Martisko - 4.8-4 +- Replace some hardcoded constants in the gnulib-testsuite + ... that caused build failures on arm7 + +* Sat Aug 01 2020 Fedora Release Engineering - 4.8-3 +- Second attempt - Rebuilt for + https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Wed Jul 29 2020 Fedora Release Engineering - 4.8-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue Feb 11 2020 Jakub Martisko - 4.8-1 +- Rebase to 4.8 +- Refresh the downstream patch and split it into two + +* Thu Jan 30 2020 Fedora Release Engineering - 4.5-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +ca-certificates| +* Tue Aug 29 2023 Robert Relyea - 2023.2.60_v7.0.306-90.1 +- Bump release number to make CI happy + +* Tue Aug 01 2023 Robert Relyea - 2023.2.60_v7.0.306-90.0 +- Update to CKBI 2.60_v7.0.306 from NSS 3.91 +- Removing: +- # Certificate "Camerfirma Global Chambersign Root" +- # Certificate "Staat der Nederlanden EV Root CA" +- # Certificate "OpenTrust Root CA G1" +- # Certificate "Swedish Government Root Authority v1" +- # Certificate "DigiNotar Root CA G2" +- # Certificate "Federal Common Policy CA" +- # Certificate "TC TrustCenter Universal CA III" +- # Certificate "CCA India 2007" +- # Certificate "ipsCA Global CA Root" +- # Certificate "ipsCA Main CA Root" +- # Certificate "Macao Post eSignTrust Root Certification Authority" +- # Certificate "InfoNotary CSP Root" +- # Certificate "DigiNotar Root CA" +- # Certificate "Root CA" +- # Certificate "GPKIRootCA" +- # Certificate "D-TRUST Qualified Root CA 1 2007:PN" +- # Certificate "TC TrustCenter Universal CA I" +- # Certificate "TC TrustCenter Universal CA II" +- # Certificate "TC TrustCenter Class 2 CA II" +- # Certificate "TC TrustCenter Class 4 CA II" +- # Certificate "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı" +- # Certificate "CertRSA01" +- # Certificate "KISA RootCA 3" +- # Certificate "A-CERT ADVANCED" +- # Certificate "A-Trust-Qual-01" +- # Certificate "A-Trust-nQual-01" +- # Certificate "Serasa Certificate Authority II" +- # Certificate "TDC Internet" +- # Certificate "America Online Root Certification Authority 2" +- # Certificate "RSA Security Inc" +- # Certificate "Public Notary Root" +- # Certificate "Autoridade Certificadora Raiz Brasileira" +- # Certificate "Post.Trust Root CA" +- # Certificate "Entrust.net Secure Server Certification Authority" +- # Certificate "ePKI EV SSL Certification Authority - G1" +- Adding: +- # Certificate "DigiCert TLS ECC P384 Root G5" +- # Certificate "DigiCert TLS RSA4096 Root G5" +- # Certificate "DigiCert SMIME ECC P384 Root G5" +- # Certificate "DigiCert SMIME RSA4096 Root G5" +- # Certificate "Certainly Root R1" +- # Certificate "Certainly Root E1" +- # Certificate "E-Tugra Global Root CA RSA v3" +- # Certificate "E-Tugra Global Root CA ECC v3" +- # Certificate "DIGITALSIGN GLOBAL ROOT RSA CA" +- # Certificate "DIGITALSIGN GLOBAL ROOT ECDSA CA" +- # Certificate "BJCA Global Root CA1" +- # Certificate "BJCA Global Root CA2" +- # Certificate "Symantec Enterprise Mobile Root for Microsoft" +- # Certificate "A-Trust-Root-05" +- # Certificate "ADOCA02" +- # Certificate "StartCom Certification Authority G2" +- # Certificate "ATHEX Root CA" +- # Certificate "EBG Elektronik Sertifika Hizmet Sağlayıcısı" +- # Certificate "GeoTrust Primary Certification Authority" +- # Certificate "thawte Primary Root CA" +- # Certificate "VeriSign Class 3 Public Primary Certification Authority - G5" +- # Certificate "America Online Root Certification Authority 1" +- # Certificate "Juur-SK" +- # Certificate "ComSign CA" +- # Certificate "ComSign Secured CA" +- # Certificate "ComSign Advanced Security CA" +- # Certificate "Global Chambersign Root" +- # Certificate "Sonera Class2 CA" +- # Certificate "VeriSign Class 3 Public Primary Certification Authority - G3" +- # Certificate "VeriSign, Inc." +- # Certificate "GTE CyberTrust Global Root" +- # Certificate "Equifax Secure Global eBusiness CA-1" +- # Certificate "Equifax" +- # Certificate "Class 1 Primary CA" +- # Certificate "Swiss Government Root CA III" +- # Certificate "Application CA G4 Root" +- # Certificate "SSC GDL CA Root A" +- # Certificate "GlobalSign Code Signing Root E45" +- # Certificate "GlobalSign Code Signing Root R45" +- # Certificate "Entrust Code Signing Root Certification Authority - CSBR1" + +* Thu Jul 28 2022 Bob Relyea - 2022.2.54-90.2 +- Update to CKBI 2.54 from NSS 3.79 +- Removing: +- # Certificate "TrustCor ECA-1" +- # Certificate "TrustCor RootCert CA-2" +- # Certificate "TrustCor RootCert CA-1" +- # Certificate "Network Solutions Certificate Authority" +- # Certificate "COMODO Certification Authority" +- # Certificate "Autoridad de Certificacion Raiz del Estado Venezolano" +- # Certificate "Microsec e-Szigno Root CA 2009" +- # Certificate "TWCA Root Certification Authority" +- # Certificate "Izenpe.com" +- # Certificate "state-institutions" +- # Certificate "GlobalSign" +- # Certificate "Common Policy" +- # Certificate "A-Trust-nQual-03" +- # Certificate "A-Trust-Qual-02" +- # Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" +- # Certificate "Government Root Certification Authority" +- # Certificate "AC Raíz Certicámara S.A." + +* Wed Jul 27 2022 Bob Relyea - 2022.2.54-90.1 +- Update to CKBI 2.54 from NSS 3.79 + +* Fri Jul 15 2022 Bob Relyea - 2022.2.54-90.0 +- Update to CKBI 2.54 from NSS 3.79 +- Removing: +- # Certificate "GlobalSign Root CA - R2" +- # Certificate "DST Root CA X3" +- # Certificate "Explicitly Distrusted DigiNotar PKIoverheid G2" +- Adding: +- # Certificate "TunTrust Root CA" +- # Certificate "HARICA TLS RSA Root CA 2021" +- # Certificate "HARICA TLS ECC Root CA 2021" +- # Certificate "HARICA Client RSA Root CA 2021" +- # Certificate "HARICA Client ECC Root CA 2021" +- # Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" +- # Certificate "vTrus ECC Root CA" +- # Certificate "vTrus Root CA" +- # Certificate "ISRG Root X2" +- # Certificate "HiPKI Root CA - G1" +- # Certificate "Telia Root CA v2" +- # Certificate "D-TRUST BR Root CA 1 2020" +- # Certificate "D-TRUST EV Root CA 1 2020" +- # Certificate "CAEDICOM Root" +- # Certificate "I.CA Root CA/RSA" +- # Certificate "MULTICERT Root Certification Authority 01" +- # Certificate "Certification Authority of WoSign G2" +- # Certificate "CA WoSign ECC Root" +- # Certificate "CCA India 2015 SPL" +- # Certificate "Swedish Government Root Authority v3" +- # Certificate "Swedish Government Root Authority v2" +- # Certificate "Tunisian Root Certificate Authority - TunRootCA2" +- # Certificate "OpenTrust Root CA G1" +- # Certificate "OpenTrust Root CA G2" +- # Certificate "OpenTrust Root CA G3" +- # Certificate "Certplus Root CA G1" +- # Certificate "Certplus Root CA G2" +- # Certificate "Government Root Certification Authority" +- # Certificate "A-Trust-Qual-02" +- # Certificate "Thailand National Root Certification Authority - G1" +- # Certificate "TrustCor ECA-1" +- # Certificate "TrustCor RootCert CA-2" +- # Certificate "TrustCor RootCert CA-1" +- # Certificate "Certification Authority of WoSign" +- # Certificate "CA 沃通根证书" +- # Certificate "SSC GDL CA Root B" +- # Certificate "SAPO Class 2 Root CA" +- # Certificate "SAPO Class 3 Root CA" +- # Certificate "SAPO Class 4 Root CA" +- # Certificate "CA Disig Root R1" +- # Certificate "Autoridad Certificadora Raíz Nacional de Uruguay" +- # Certificate "ApplicationCA2 Root" +- # Certificate "GlobalSign" +- # Certificate "Symantec Class 3 Public Primary Certification Authority - G6" +- # Certificate "Symantec Class 3 Public Primary Certification Authority - G4" +- # Certificate "Halcom Root CA" +- # Certificate "Swisscom Root EV CA 2" +- # Certificate "CFCA GT CA" +- # Certificate "Digidentity L3 Root CA - G2" +- # Certificate "SITHS Root CA v1" +- # Certificate "Macao Post eSignTrust Root Certification Authority (G02)" +- # Certificate "Autoridade Certificadora Raiz Brasileira v2" +- # Certificate "Swisscom Root CA 2" +- # Certificate "IGC/A AC racine Etat francais" +- # Certificate "PersonalID Trustworthy RootCA 2011" +- # Certificate "Swedish Government Root Authority v1" +- # Certificate "Swiss Government Root CA II" +- # Certificate "Swiss Government Root CA I" +- # Certificate "Network Solutions Certificate Authority" +- # Certificate "COMODO Certification Authority" +- # Certificate "LuxTrust Global Root" +- # Certificate "AC1 RAIZ MTIN" +- # Certificate "Microsoft Root Certificate Authority 2011" +- # Certificate "CCA India 2011" +- # Certificate "ANCERT Certificados Notariales V2" +- # Certificate "ANCERT Certificados CGN V2" +- # Certificate "EE Certification Centre Root CA" +- # Certificate "DigiNotar Root CA G2" +- # Certificate "Federal Common Policy CA" +- # Certificate "Autoridad de Certificacion Raiz del Estado Venezolano" +- # Certificate "Autoridad de Certificacion Raiz del Estado Venezolano" +- # Certificate "China Internet Network Information Center EV Certificates Root" +- # Certificate "Verizon Global Root CA" +- # Certificate "SwissSign Silver Root CA - G3" +- # Certificate "SwissSign Platinum Root CA - G3" +- # Certificate "SwissSign Gold Root CA - G3" +- # Certificate "Microsec e-Szigno Root CA 2009" +- # Certificate "SITHS CA v3" +- # Certificate "Certinomis - Autorité Racine" +- # Certificate "ANF Server CA" +- # Certificate "Thawte Premium Server CA" +- # Certificate "Thawte Server CA" +- # Certificate "TC TrustCenter Universal CA III" +- # Certificate "KEYNECTIS ROOT CA" +- # Certificate "I.CA - Standard Certification Authority, 09/2009" +- # Certificate "I.CA - Qualified Certification Authority, 09/2009" +- # Certificate "VI Registru Centras RCSC (RootCA)" +- # Certificate "CCA India 2007" +- # Certificate "Autoridade Certificadora Raiz Brasileira v1" +- # Certificate "ipsCA Global CA Root" +- # Certificate "ipsCA Main CA Root" +- # Certificate "Actalis Authentication CA G1" +- # Certificate "A-Trust-Qual-03" +- # Certificate "AddTrust External CA Root" +- # Certificate "ECRaizEstado" +- # Certificate "Configuration" +- # Certificate "FNMT-RCM" +- # Certificate "StartCom Certification Authority" +- # Certificate "TWCA Root Certification Authority" +- # Certificate "VeriSign Class 3 Public Primary Certification Authority - G4" +- # Certificate "thawte Primary Root CA - G2" +- # Certificate "GeoTrust Primary Certification Authority - G2" +- # Certificate "VeriSign Universal Root Certification Authority" +- # Certificate "thawte Primary Root CA - G3" +- # Certificate "GeoTrust Primary Certification Authority - G3" +- # Certificate "E-ME SSI (RCA)" +- # Certificate "ACEDICOM Root" +- # Certificate "Autoridad Certificadora Raiz de la Secretaria de Economia" +- # Certificate "Correo Uruguayo - Root CA" +- # Certificate "CNNIC ROOT" +- # Certificate "Common Policy" +- # Certificate "Macao Post eSignTrust Root Certification Authority" +- # Certificate "Staat der Nederlanden Root CA - G2" +- # Certificate "NetLock Platina (Class Platinum) Főtanúsítvány" +- # Certificate "AC Raíz Certicámara S.A." +- # Certificate "Cisco Root CA 2048" +- # Certificate "CA Disig" +- # Certificate "InfoNotary CSP Root" +- # Certificate "UCA Global Root" +- # Certificate "UCA Root" +- # Certificate "DigiNotar Root CA" +- # Certificate "Starfield Services Root Certificate Authority" +- # Certificate "I.CA - Qualified root certificate" +- # Certificate "I.CA - Standard root certificate" +- # Certificate "e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi" +- # Certificate "Japanese Government" +- # Certificate "AdminCA-CD-T01" +- # Certificate "Admin-Root-CA" +- # Certificate "Izenpe.com" +- # Certificate "TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3" +- # Certificate "Halcom CA FO" +- # Certificate "Halcom CA PO 2" +- # Certificate "Root CA" +- # Certificate "GPKIRootCA" +- # Certificate "ACNLB" +- # Certificate "state-institutions" +- # Certificate "state-institutions" +- # Certificate "SECOM Trust Systems CO.,LTD." +- # Certificate "D-TRUST Qualified Root CA 1 2007:PN" +- # Certificate "D-TRUST Root Class 2 CA 2007" +- # Certificate "D-TRUST Root Class 3 CA 2007" +- # Certificate "SSC Root CA A" +- # Certificate "SSC Root CA B" +- # Certificate "SSC Root CA C" +- # Certificate "Autoridad de Certificacion de la Abogacia" +- # Certificate "Root CA Generalitat Valenciana" +- # Certificate "VAS Latvijas Pasts SSI(RCA)" +- # Certificate "ANCERT Certificados CGN" +- # Certificate "ANCERT Certificados Notariales" +- # Certificate "ANCERT Corporaciones de Derecho Publico" +- # Certificate "GLOBALTRUST" +- # Certificate "Certipost E-Trust TOP Root CA" +- # Certificate "Certipost E-Trust Primary Qualified CA" +- # Certificate "Certipost E-Trust Primary Normalised CA" +- # Certificate "GlobalSign" +- # Certificate "IGC/A" +- # Certificate "S-TRUST Authentication and Encryption Root CA 2005:PN" +- # Certificate "TC TrustCenter Universal CA I" +- # Certificate "TC TrustCenter Universal CA II" +- # Certificate "TC TrustCenter Class 2 CA II" +- # Certificate "TC TrustCenter Class 4 CA II" +- # Certificate "Swisscom Root CA 1" +- # Certificate "Microsec e-Szigno Root CA" +- # Certificate "LGPKI" +- # Certificate "AC RAIZ DNIE" +- # Certificate "Common Policy" +- # Certificate "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı" +- # Certificate "A-Trust-nQual-03" +- # Certificate "A-Trust-nQual-03" +- # Certificate "CertRSA01" +- # Certificate "KISA RootCA 1" +- # Certificate "KISA RootCA 3" +- # Certificate "NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado" +- # Certificate "A-CERT ADVANCED" +- # Certificate "A-Trust-Qual-01" +- # Certificate "A-Trust-nQual-01" +- # Certificate "A-Trust-Qual-02" +- # Certificate "Staat der Nederlanden Root CA" +- # Certificate "Serasa Certificate Authority II" +- # Certificate "TDC Internet" +- # Certificate "America Online Root Certification Authority 2" +- # Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" +- # Certificate "Government Root Certification Authority" +- # Certificate "RSA Security Inc" +- # Certificate "Public Notary Root" +- # Certificate "GeoTrust Global CA" +- # Certificate "GeoTrust Global CA 2" +- # Certificate "GeoTrust Universal CA" +- # Certificate "GeoTrust Universal CA 2" +- # Certificate "QuoVadis Root Certification Authority" +- # Certificate "Autoridade Certificadora Raiz Brasileira" +- # Certificate "Post.Trust Root CA" +- # Certificate "Microsoft Root Authority" +- # Certificate "Microsoft Root Certificate Authority" +- # Certificate "Microsoft Root Certificate Authority 2010" +- # Certificate "Entrust.net Secure Server Certification Authority" +- # Certificate "UTN-USERFirst-Object" +- # Certificate "BYTE Root Certification Authority 001" +- # Certificate "CISRCA1" +- # Certificate "ePKI Root Certification Authority - G2" +- # Certificate "ePKI EV SSL Certification Authority - G1" +- # Certificate "AC Raíz Certicámara S.A." +- # Certificate "SSL.com EV Root Certification Authority RSA" +- # Certificate "LuxTrust Global Root 2" +- # Certificate "ACA ROOT" +- # Certificate "Security Communication ECC RootCA1" +- # Certificate "Security Communication RootCA3" +- # Certificate "CHAMBERS OF COMMERCE ROOT - 2016" +- # Certificate "Network Solutions RSA Certificate Authority" +- # Certificate "Network Solutions ECC Certificate Authority" +- # Certificate "Australian Defence Public Root CA" +- # Certificate "SI-TRUST Root" +- # Certificate "Halcom Root Certificate Authority" +- # Certificate "Application CA G3 Root" +- # Certificate "GLOBALTRUST 2015" +- # Certificate "Microsoft ECC Product Root Certificate Authority 2018" +- # Certificate "emSign Root CA - G2" +- # Certificate "emSign Root CA - C2" +- # Certificate "Microsoft ECC TS Root Certificate Authority 2018" +- # Certificate "DigiCert CS ECC P384 Root G5" +- # Certificate "DigiCert CS RSA4096 Root G5" +- # Certificate "DigiCert RSA4096 Root G5" +- # Certificate "DigiCert ECC P384 Root G5" +- # Certificate "HARICA Code Signing RSA Root CA 2021" +- # Certificate "HARICA Code Signing ECC Root CA 2021" +- # Certificate "Microsoft Identity Verification Root Certificate Authority 2020" + +* Mon Nov 01 2021 Bob Relyea - 2020.2.50-94 +- remove blacklist directory and references now that p11-kit has been updated. + +openssl-libs| +* Wed Feb 21 2024 Dmitry Belyavskiy - 1:3.0.7-27 +- Use certified FIPS module instead of freshly built one in Red Hat distribution + Related: RHEL-23474 + +* Tue Nov 21 2023 Dmitry Belyavskiy - 1:3.0.7-26 +- Avoid implicit function declaration when building openssl + Related: RHEL-1780 +- In FIPS mode, prevent any other operations when rsa_keygen_pairwise_test fails + Resolves: RHEL-17104 +- Add a directory for OpenSSL providers configuration + Resolves: RHEL-17193 +- Eliminate memory leak in OpenSSL when setting elliptic curves on SSL context + Resolves: RHEL-19515 +- POLY1305 MAC implementation corrupts vector registers on PowerPC (CVE-2023-6129) + Resolves: RHEL-21151 +- Excessive time spent checking invalid RSA public keys (CVE-2023-6237) + Resolves: RHEL-21654 +- SSL ECDHE Kex fails when pkcs11 engine is set in config file + Resolves: RHEL-20249 +- Denial of service via null dereference in PKCS#12 + Resolves: RHEL-22486 +- Use certified FIPS module instead of freshly built one in Red Hat distribution + Resolves: RHEL-23474 + +* Mon Oct 16 2023 Dmitry Belyavskiy - 1:3.0.7-25 +- Provide relevant diagnostics when FIPS checksum is corrupted + Resolves: RHEL-5317 +- Don't limit using SHA1 in KDFs in non-FIPS mode. + Resolves: RHEL-5295 +- Provide empty evp_properties section in main OpenSSL configuration file + Resolves: RHEL-11439 +- Avoid implicit function declaration when building openssl + Resolves: RHEL-1780 +- Forbid explicit curves when created via EVP_PKEY_fromdata + Resolves: RHEL-5304 +- AES-SIV cipher implementation contains a bug that causes it to ignore empty + associated data entries (CVE-2023-2975) + Resolves: RHEL-5302 +- Excessive time spent checking DH keys and parameters (CVE-2023-3446) + Resolves: RHEL-5306 +- Excessive time spent checking DH q parameter value (CVE-2023-3817) + Resolves: RHEL-5308 +- Fix incorrect cipher key and IV length processing (CVE-2023-5363) + Resolves: RHEL-13251 +- Switch explicit FIPS indicator for RSA-OAEP to approved following + clarification with CMVP + Resolves: RHEL-14083 +- Backport the check required by SP800-56Br2 6.4.1.2.1 (3.c) + Resolves: RHEL-14083 +- Add missing ECDH Public Key Check in FIPS mode + Resolves: RHEL-15990 +- Excessive time spent in DH check/generation with large Q parameter value (CVE-2023-5678) + Resolves: RHEL-15954 + +* Wed Jul 12 2023 Dmitry Belyavskiy - 1:3.0.7-24 +- Make FIPS module configuration more crypto-policies friendly + Related: rhbz#2216256 + +* Tue Jul 11 2023 Dmitry Belyavskiy - 1:3.0.7-23 +- Add a workaround for lack of EMS in FIPS mode + Resolves: rhbz#2216256 + +* Thu Jul 06 2023 Sahana Prasad - 1:3.0.7-22 +- Remove unsupported curves from nist_curves. + Resolves: rhbz#2069336 + +* Mon Jun 26 2023 Sahana Prasad - 1:3.0.7-21 +- Remove the listing of brainpool curves in FIPS mode. + Related: rhbz#2188180 + +* Tue May 30 2023 Dmitry Belyavskiy - 1:3.0.7-20 +- Fix possible DoS translating ASN.1 object identifiers + Resolves: CVE-2023-2650 +- Release the DRBG in global default libctx early + Resolves: rhbz#2211340 + +* Mon May 22 2023 Clemens Lang - 1:3.0.7-19 +- Re-enable DHX keys in FIPS mode, disable FIPS 186-4 parameter validation and generation in FIPS mode + Resolves: rhbz#2169757 + +* Thu May 18 2023 Dmitry Belyavskiy - 1:3.0.7-18 +- Use OAEP padding and aes-128-cbc by default in cms command in FIPS mode + Resolves: rhbz#2160797 + +* Tue May 09 2023 Dmitry Belyavskiy - 1:3.0.7-17 +- Enforce using EMS in FIPS mode - better alerts + Related: rhbz#2157951 + +* Tue May 02 2023 Sahana Prasad - 1:3.0.7-16 +- Upload new upstream sources without manually hobbling them. +- Remove the hobbling script as it is redundant. It is now allowed to ship + the sources of patented EC curves, however it is still made unavailable to use + by compiling with the 'no-ec2m' Configure option. The additional forbidden + curves such as P-160, P-192, wap-tls curves are manually removed by updating + 0011-Remove-EC-curves.patch. +- Enable Brainpool curves. +- Apply the changes to ec_curve.c and ectest.c as a new patch + 0010-Add-changes-to-ectest-and-eccurve.patch instead of replacing them. +- Modify 0011-Remove-EC-curves.patch to allow Brainpool curves. +- Modify 0011-Remove-EC-curves.patch to allow code under macro OPENSSL_NO_EC2M. + Resolves: rhbz#2130618, rhbz#2188180 + +* Fri Apr 28 2023 Dmitry Belyavskiy - 1:3.0.7-15 +- Backport implicit rejection for RSA PKCS#1 v1.5 encryption + Resolves: rhbz#2153471 + +* Fri Apr 21 2023 Dmitry Belyavskiy - 1:3.0.7-14 +- Input buffer over-read in AES-XTS implementation on 64 bit ARM + Resolves: rhbz#2188554 + +* Tue Apr 18 2023 Dmitry Belyavskiy - 1:3.0.7-13 +- Enforce using EMS in FIPS mode + Resolves: rhbz#2157951 +- Fix excessive resource usage in verifying X509 policy constraints + Resolves: rhbz#2186661 +- Fix invalid certificate policies in leaf certificates check + Resolves: rhbz#2187429 +- Certificate policy check not enabled + Resolves: rhbz#2187431 +- OpenSSL rsa_verify_recover key length checks in FIPS mode + Resolves: rhbz#2186819 + +* Fri Mar 24 2023 Clemens Lang - 1:3.0.7-12 +- Change explicit FIPS indicator for RSA decryption to unapproved + Resolves: rhbz#2179379 + +* Mon Mar 20 2023 Clemens Lang - 1:3.0.7-11 +- Add missing reference to patchfile to add explicit FIPS indicator to RSA + encryption and RSASVE and fix the gettable parameter list for the RSA + asymmetric cipher implementation. + Resolves: rhbz#2179379 + +* Fri Mar 17 2023 Clemens Lang - 1:3.0.7-10 +- Add explicit FIPS indicator to RSA encryption and RSASVE + Resolves: rhbz#2179379 + +* Thu Mar 16 2023 Clemens Lang - 1:3.0.7-9 +- Fix explicit FIPS indicator for X9.42 KDF when used with output lengths < 14 bytes + Resolves: rhbz#2175864 + +* Thu Mar 16 2023 Clemens Lang - 1:3.0.7-8 +- Fix Wpointer-sign compiler warning + Resolves: rhbz#2178034 + +* Tue Mar 14 2023 Clemens Lang - 1:3.0.7-7 +- Add explicit FIPS indicators to key derivation functions + Resolves: rhbz#2175860 rhbz#2175864 +- Zeroize FIPS module integrity check MAC after check + Resolves: rhbz#2175873 +- Add explicit FIPS indicator for IV generation in AES-GCM + Resolves: rhbz#2175868 +- Add explicit FIPS indicator for PBKDF2, use test vector with FIPS-compliant + salt in PBKDF2 FIPS self-test + Resolves: rhbz#2178137 +- Limit RSA_NO_PADDING for encryption and signature in FIPS mode + Resolves: rhbz#2178029 +- Pairwise consistency tests should use Digest+Sign/Verify + Resolves: rhbz#2178034 +- Forbid DHX keys import in FIPS mode + Resolves: rhbz#2178030 +- DH PCT should abort on failure + Resolves: rhbz#2178039 +- Increase RNG seeding buffer size to 32 + Related: rhbz#2168224 + +* Wed Mar 08 2023 Dmitry Belyavskiy - 1:3.0.7-6 +- Fixes RNG slowdown in FIPS mode + Resolves: rhbz#2168224 + +* Wed Feb 08 2023 Dmitry Belyavskiy - 1:3.0.7-5 +- Fixed X.509 Name Constraints Read Buffer Overflow + Resolves: CVE-2022-4203 +- Fixed Timing Oracle in RSA Decryption + Resolves: CVE-2022-4304 +- Fixed Double free after calling PEM_read_bio_ex + Resolves: CVE-2022-4450 +- Fixed Use-after-free following BIO_new_NDEF + Resolves: CVE-2023-0215 +- Fixed Invalid pointer dereference in d2i_PKCS7 functions + Resolves: CVE-2023-0216 +- Fixed NULL dereference validating DSA public key + Resolves: CVE-2023-0217 +- Fixed X.400 address type confusion in X.509 GeneralName + Resolves: CVE-2023-0286 +- Fixed NULL dereference during PKCS7 data verification + Resolves: CVE-2023-0401 + +* Wed Jan 11 2023 Clemens Lang - 1:3.0.7-4 +- Disallow SHAKE in RSA-OAEP decryption in FIPS mode + Resolves: rhbz#2142121 + +* Thu Jan 05 2023 Dmitry Belyavskiy - 1:3.0.7-3 +- Refactor OpenSSL fips module MAC verification + Resolves: rhbz#2157965 + +* Thu Nov 24 2022 Dmitry Belyavskiy - 1:3.0.7-2 +- Various provider-related imrovements necessary for PKCS#11 provider correct operations + Resolves: rhbz#2142517 +- We should export 2 versions of OPENSSL_str[n]casecmp to be compatible with upstream + Resolves: rhbz#2133809 +- Removed recommended package for openssl-libs + Resolves: rhbz#2093804 +- Adjusting include for the FIPS_mode macro + Resolves: rhbz#2083879 +- Backport of ppc64le Montgomery multiply enhancement + Resolves: rhbz#2130708 +- Fix explicit indicator for PSS salt length in FIPS mode when used with + negative magic values + Resolves: rhbz#2142087 +- Update change to default PSS salt length with patch state from upstream + Related: rhbz#2142087 + +* Tue Nov 22 2022 Dmitry Belyavskiy - 1:3.0.7-1 +- Rebasing to OpenSSL 3.0.7 + Resolves: rhbz#2129063 + +* Mon Nov 14 2022 Dmitry Belyavskiy - 1:3.0.1-44 +- SHAKE-128/256 are not allowed with RSA in FIPS mode + Resolves: rhbz#2144010 +- Avoid memory leaks in TLS + Resolves: rhbz#2144008 +- FIPS RSA CRT tests must use correct parameters + Resolves: rhbz#2144006 +- FIPS-140-3 permits only SHA1, SHA256, and SHA512 for DRBG-HASH/DRBG-HMAC + Resolves: rhbz#2144017 +- Remove support for X9.31 signature padding in FIPS mode + Resolves: rhbz#2144015 +- Add explicit indicator for SP 800-108 KDFs with short key lengths + Resolves: rhbz#2144019 +- Add explicit indicator for HMAC with short key lengths + Resolves: rhbz#2144000 +- Set minimum password length for PBKDF2 in FIPS mode + Resolves: rhbz#2144003 +- Add explicit indicator for PSS salt length in FIPS mode + Resolves: rhbz#2144012 +- Clamp default PSS salt length to digest size for FIPS 186-4 compliance + Related: rhbz#2144012 +- Forbid short RSA keys for key encapsulation/decapsulation in FIPS mode + Resolves: rhbz#2145170 + +* Tue Nov 01 2022 Dmitry Belyavskiy - 1:3.0.1-43 +- CVE-2022-3602: X.509 Email Address Buffer Overflow +- CVE-2022-3786: X.509 Email Address Buffer Overflow + Resolves: CVE-2022-3602 + +* Wed Oct 26 2022 Dmitry Belyavskiy - 1:3.0.1-42 +- CVE-2022-3602: X.509 Email Address Buffer Overflow + Resolves: CVE-2022-3602 (rhbz#2137723) + +* Thu Aug 11 2022 Clemens Lang - 1:3.0.1-41 +- Zeroize public keys as required by FIPS 140-3 + Related: rhbz#2102542 +- Add FIPS indicator for HKDF + Related: rhbz#2114772 + +* Fri Aug 05 2022 Dmitry Belyavskiy - 1:3.0.1-40 +- Deal with DH keys in FIPS mode according FIPS-140-3 requirements + Related: rhbz#2102536 +- Deal with ECDH keys in FIPS mode according FIPS-140-3 requirements + Related: rhbz#2102537 +- Use signature for RSA pairwise test according FIPS-140-3 requirements + Related: rhbz#2102540 +- Reseed all the parent DRBGs in chain on reseeding a DRBG + Related: rhbz#2102541 + +* Mon Aug 01 2022 Clemens Lang - 1:3.0.1-39 +- Use RSA-OAEP in FIPS RSA encryption/decryption FIPS self-test +- Use Use digest_sign & digest_verify in FIPS signature self test +- Use FFDHE2048 in Diffie-Hellman FIPS self-test + Resolves: rhbz#2102535 + +* Thu Jul 14 2022 Clemens Lang - 1:3.0.1-38 +- Fix segfault in EVP_PKEY_Q_keygen() when OpenSSL was not previously + initialized. + Resolves: rhbz#2103289 +- Improve AES-GCM performance on Power9 and Power10 ppc64le + Resolves: rhbz#2051312 +- Improve ChaCha20 performance on Power10 ppc64le + Resolves: rhbz#2051312 + +* Tue Jul 05 2022 Clemens Lang - 1:3.0.1-37 +- CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86 + Resolves: CVE-2022-2097 + +* Thu Jun 16 2022 Dmitry Belyavskiy - 1:3.0.1-36 +- Ciphersuites with RSAPSK KX should be filterd in FIPS mode +- Related: rhbz#2085088 +- FIPS provider should block RSA encryption for key transport. +- Other RSA encryption options should still be available if key length is enough +- Related: rhbz#2053289 +- Improve diagnostics when passing unsupported groups in TLS +- Related: rhbz#2070197 +- Fix PPC64 Montgomery multiplication bug +- Related: rhbz#2098199 +- Strict certificates validation shouldn't allow explicit EC parameters +- Related: rhbz#2058663 +- CVE-2022-2068: the c_rehash script allows command injection +- Related: rhbz#2098277 + +* Wed Jun 08 2022 Clemens Lang - 1:3.0.1-35 +- Add explicit indicators for signatures in FIPS mode and mark signature + primitives as unapproved. + Resolves: rhbz#2087147 + +* Fri Jun 03 2022 Dmitry Belyavskiy - 1:3.0.1-34 +- Some OpenSSL test certificates are expired, updating +- Resolves: rhbz#2092456 + +* Thu May 26 2022 Dmitry Belyavskiy - 1:3.0.1-33 +- CVE-2022-1473 openssl: OPENSSL_LH_flush() breaks reuse of memory +- Resolves: rhbz#2089444 +- CVE-2022-1343 openssl: Signer certificate verification returned + inaccurate response when using OCSP_NOCHECKS +- Resolves: rhbz#2087911 +- CVE-2022-1292 openssl: c_rehash script allows command injection +- Resolves: rhbz#2090362 +- Revert "Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode" + Related: rhbz#2087147 +- Use KAT for ECDSA signature tests, s390 arch +- Resolves: rhbz#2069235 + +* Thu May 19 2022 Dmitry Belyavskiy - 1:3.0.1-32 +- `openssl ecparam -list_curves` lists only FIPS-approved curves in FIPS mode +- Resolves: rhbz#2083240 +- Ciphersuites with RSA KX should be filterd in FIPS mode +- Related: rhbz#2085088 +- In FIPS mode, signature verification works with keys of arbitrary size + above 2048 bit, and only with 1024, 1280, 1536, 1792 bits for keys + below 2048 bits +- Resolves: rhbz#2077884 + +* Wed May 18 2022 Clemens Lang - 1:3.0.1-31 +- Disable SHA-1 signature verification in FIPS mode +- Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode + Resolves: rhbz#2087147 + +* Mon May 16 2022 Dmitry Belyavskiy - 1:3.0.1-30 +- Use KAT for ECDSA signature tests +- Resolves: rhbz#2069235 + +* Thu May 12 2022 Dmitry Belyavskiy - 1:3.0.1-29 +- `-config` argument of openssl app should work properly in FIPS mode +- Resolves: rhbz#2083274 +- openssl req defaults on PKCS#8 encryption changed to AES-256-CBC +- Resolves: rhbz#2063947 + +* Fri May 06 2022 Dmitry Belyavskiy - 1:3.0.1-28 +- OpenSSL should not accept custom elliptic curve parameters +- Resolves rhbz#2066412 +- OpenSSL should not accept explicit curve parameters in FIPS mode +- Resolves rhbz#2058663 + +* Fri May 06 2022 Clemens Lang - 1:3.0.1-27 +- Change FIPS module version to include hash of specfile, patches and sources + Resolves: rhbz#2070550 + +* Thu May 05 2022 Dmitry Belyavskiy - 1:3.0.1-26 +- OpenSSL FIPS module should not build in non-approved algorithms +- Resolves: rhbz#2081378 + +* Mon May 02 2022 Dmitry Belyavskiy - 1:3.0.1-25 +- FIPS provider should block RSA encryption for key transport. +- Other RSA encryption options should still be available +- Resolves: rhbz#2053289 + +* Thu Apr 28 2022 Clemens Lang - 1:3.0.1-24 +- Fix regression in evp_pkey_name2type caused by tr_TR locale fix + Resolves: rhbz#2071631 + +* Wed Apr 20 2022 Dmitry Belyavskiy - 1:3.0.1-23 +- Fix openssl curl error with LANG=tr_TR.utf8 +- Resolves: rhbz#2071631 + +* Mon Mar 28 2022 Dmitry Belyavskiy - 1:3.0.1-22 +- FIPS provider should block RSA encryption for key transport +- Resolves: rhbz#2053289 + +* Tue Mar 22 2022 Clemens Lang - 1:3.0.1-21 +- Fix occasional internal error in TLS when DHE is used +- Resolves: rhbz#2004915 + +* Fri Mar 18 2022 Clemens Lang - 1:3.0.1-20 +- Fix acceptance of SHA-1 certificates with rh-allow-sha1-signatures = yes when + no OpenSSL library context is set +- Resolves: rhbz#2065400 + +* Fri Mar 18 2022 Clemens Lang - 1:3.0.1-19 +- Fix TLS connections with SHA1 signatures if rh-allow-sha1-signatures = yes +- Resolves: rhbz#2065400 + +* Wed Mar 16 2022 Dmitry Belyavskiy - 1:3.0.1-18 +- CVE-2022-0778 fix +- Resolves: rhbz#2062315 + +* Thu Mar 10 2022 Clemens Lang - 1:3.0.1-17 +- Fix invocation of EVP_PKEY_CTX_set_rsa_padding(RSA_PKCS1_PSS_PADDING) before + setting an allowed digest with EVP_PKEY_CTX_set_signature_md() +- Skipping 3.0.1-16 due to version numbering confusion with the RHEL-9.0 branch +- Resolves: rhbz#2062640 + +* Tue Mar 01 2022 Clemens Lang - 1:3.0.1-15 +- Allow SHA1 in SECLEVEL 2 if rh-allow-sha1-signatures = yes +- Resolves: rhbz#2060510 + +* Fri Feb 25 2022 Clemens Lang - 1:3.0.1-14 +- Prevent use of SHA1 with ECDSA +- Resolves: rhbz#2031742 + +* Fri Feb 25 2022 Dmitry Belyavskiy - 1:3.0.1-13 +- OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters +- Resolves: rhbz#1977867 + +* Thu Feb 24 2022 Peter Robinson - 1:3.0.1-12 +- Support KBKDF (NIST SP800-108) with an R value of 8bits +- Resolves: rhbz#2027261 + +* Wed Feb 23 2022 Clemens Lang - 1:3.0.1-11 +- Allow SHA1 usage in MGF1 for RSASSA-PSS signatures +- Resolves: rhbz#2031742 + +* Wed Feb 23 2022 Dmitry Belyavskiy - 1:3.0.1-10 +- rebuilt + +* Tue Feb 22 2022 Clemens Lang - 1:3.0.1-9 +- Allow SHA1 usage in HMAC in TLS +- Resolves: rhbz#2031742 + +* Tue Feb 22 2022 Dmitry Belyavskiy - 1:3.0.1-8 +- OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters +- Resolves: rhbz#1977867 +- pkcs12 export broken in FIPS mode +- Resolves: rhbz#2049265 + +* Tue Feb 22 2022 Clemens Lang - 1:3.0.1-8 +- Disable SHA1 signature creation and verification by default +- Set rh-allow-sha1-signatures = yes to re-enable +- Resolves: rhbz#2031742 + +krb5-libs| +* Tue Aug 08 2023 Julien Rische - 1.21.1-1 +- New upstream version (1.21.1) +- Fix double-free in KDC TGS processing (CVE-2023-39975) +- Add support for "pac_privsvr_enctype" KDB string attribute + Resolves: rhbz#2060421 + +* Thu Jun 08 2023 Julien Rische - 1.20.1-9 +- Do not disable PKINIT if some of the well-known DH groups are unavailable + Resolves: rhbz#2187722 +- Make PKINIT CMS SHA-1 signature verification available in FIPS mode + Resolves: rhbz#2155607 +- Allow to set PAC ticket signature as optional + Resolves: rhbz#2178298 + +* Wed Feb 22 2023 Julien Rische - 1.20.1-8 +- Fix datetime parsing in kadmin on s390x + Resolves: rhbz#2169985 + +* Tue Feb 14 2023 Julien Rische - 1.20.1-7 +- Fix double free on kdb5_util key creation failure + Resolves: rhbz#2166603 + +* Tue Jan 31 2023 Julien Rische - 1.20.1-6 +- Add support for MS-PAC extended KDC signature (CVE-2022-37967) + Resolves: rhbz#2165827 + +* Thu Jan 19 2023 Julien Rische - 1.20.1-5 +- Bypass FIPS restrictions to use KRB5KDF in case AES SHA-1 HMAC is enabled +- Lazily load MD4/5 from OpenSSL if using RADIUS or RC4 enctype in FIPS mode + Resolves: rhbz#2162461 + +* Thu Jan 12 2023 Julien Rische - 1.20.1-4 +- Set aes256-cts-hmac-sha384-192 as EXAMLE.COM master key in kdc.conf +- Add AES SHA-2 HMAC family as EXAMPLE.COM supported etypes in kdc.conf + Resolves: rhbz#2068535 + +* Tue Jan 10 2023 Julien Rische - 1.20.1-2 +- Strip debugging data from ksu executable file + Resolves: rhbz#2159643 + +* Wed Dec 07 2022 Julien Rische - 1.20.1-1 +- Make tests compatible with sssd-client + Resolves: rhbz#2151513 +- Remove invalid password expiry warning + Resolves: rhbz#2121099 +- Update error checking for OpenSSL CMS_verify + Resolves: rhbz#2063838 +- New upstream version (1.20.1) + Resolves: rhbz#2016312 +- Fix integer overflows in PAC parsing (CVE-2022-42898) + Resolves: rhbz#2140971 + +* Tue Oct 18 2022 Julien Rische - 1.19.1-23 +- Fix kprop for propagating dump files larger than 4GB + Resolves: rhbz#2133014 + +* Fri Jul 08 2022 Julien Rische - 1.19.1-22 +- Restore "supportedCMSTypes" attribute in PKINIT preauth requests +- Set SHA-512 or SHA-256 with RSA as preferred CMS signature algorithms + Resolves: rhbz#2068935 + +* Thu Jun 23 2022 Julien Rische - 1.19.1-21 +- Fix libkrad client cleanup +- Allow use of larger RADIUS attributes in krad library + Resolves: rhbz#2100351 + +* Thu May 12 2022 Julien Rische - 1.19.1-20 +- Fix OpenSSL 3 MD5 encyption in FIPS mode +- Allow libkrad UDP/TCP connection to localhost in FIPS mode + Resolves: rhbz#2068458 + +* Mon May 02 2022 Julien Rische - 1.19.1-19 +- Use p11-kit as default PKCS11 module + Resolves: rhbz#2030981 + +* Tue Apr 26 2022 Julien Rische - 1.19.1-18 +- Try harder to avoid password change replay errors + Resolves: rhbz#2075186 + +* Mon Mar 14 2022 Julien Rische - 1.19.1-15 +- Use SHA-256 instead of SHA-1 for PKINIT CMS digest + +* Thu Feb 24 2022 Julien Rische - 1.19.1-14 +- Bypass FIPS restrictions to use KRB5KDF in case AES SHA-1 HMAC is enabled +- Lazily load MD4/5 from OpenSSL if using RADIUS or RC4 enctype in FIPS mode + +* Fri Dec 17 2021 Antonio Torres - 1.19.1-13 +- Remove -specs= from krb5-config output +- Resolves rhbz#1997021 + +* Wed Oct 20 2021 Antonio Torres - 1.19.1-12 +- Fix KDC null deref on TGS inner body null server (CVE-2021-37750) + Resolves: rhbz#1997602 + +* Mon Aug 09 2021 Mohan Boddu - 1.19.1-11.1 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +systemd-libs| +* Sun Apr 07 2024 Release Engineering - 252-32 +- Set support URL to the wiki +- Set sbat mail to security@rockylinux.org + +* Mon Mar 18 2024 Jan Macku - 252-32 +- rebase rhel-net-naming-sysattrs to v0.5 + +* Fri Mar 15 2024 systemd maintenance team - 252-31 +- bootctl: rework random seed logic to use open_mkdir_at() and openat() (RHEL-16952) +- bootctl: properly sync fs before/after moving random seed file into place (RHEL-16952) +- bootctl: when updating EFI random seed file, hash old seed with new one (RHEL-16952) +- sha256: add helper than hashes a buffer *and* its size (RHEL-16952) +- random-seed: don't refresh EFI random seed from random-seed.c anymore (RHEL-16952) +- bootctl: downgrade graceful messages to LOG_NOTICE (RHEL-16952) +- units: rename/rework systemd-boot-system-token.service → systemd-boot-random-seed.service (RHEL-16952) +- bootctl: split out setting of system token into function of its own (RHEL-16952) + +* Mon Mar 11 2024 systemd maintenance team - 252-30 +- resolved: limit the number of signature validations in a transaction (RHEL-26643) +- resolved: reduce the maximum nsec3 iterations to 100 (RHEL-26643) +- efi: alignment of the PE file has to be at least 512 bytes (RHEL-26133) +- units: change assert to condition to skip running in initrd/os (RHEL-16182) +- ci: add configuration for regression sniffer GA (RHEL-1086) + +* Mon Feb 26 2024 systemd maintenance team - 252-29 +- units: fix typo in Condition in systemd-boot-system-token (RHEL-16952) + +* Tue Feb 20 2024 systemd maintenance team - 252-28 +- random-seed: shorten a bit may_credit() (RHEL-16952) +- random-seed: make one more use of random_write_entropy() (RHEL-16952) +- random-seed: use getopt() (RHEL-16952) +- random-seed: make the logic to calculate the number of bytes read from the random seed file clearer (RHEL-16952) +- random-seed: no need to pass 'mode' argument when opening /dev/urandom (RHEL-16952) +- random-seed: split out run() (RHEL-16952) +- random_seed: minor improvement in run() (RHEL-16952) +- random-seed: downgrade some messages (RHEL-16952) +- random-seed: clarify one comment (RHEL-16952) +- random-seed: make sure to load machine id even if the seed file is missing (RHEL-16952) +- chase-symlinks: add new flag for prohibiting any following of symlinks (RHEL-16952) +- bootctl,bootspec: make use of CHASE_PROHIBIT_SYMLINKS whenever we access the ESP/XBOOTLDR (RHEL-16952) +- boot: implement kernel EFI RNG seed protocol with proper hashing (RHEL-16952) +- random-seed: refresh EFI boot seed when writing a new seed (RHEL-16952) +- random-seed: handle post-merge review nits (RHEL-16952) +- boot: do not truncate random seed file (RHEL-16952) +- bootctl: install system token on virtualized systems (RHEL-16952) +- boot: remove random-seed-mode (RHEL-16952) +- stub: handle random seed like sd-boot does (RHEL-16952) +- efi: add efi_guid_equal() helper (RHEL-16952) +- efi: add common implementation for loop finding EFI configuration tables (RHEL-16952) +- boot: Detect hypervisors using SMBIOS info (RHEL-16952) +- boot: Skip soft-brick warning when in a VM (RHEL-16952) +- boot: Replace UINTN with size_t (RHEL-16952) +- boot: Use unsigned for beep counting (RHEL-16952) +- boot: Use unicode literals (RHEL-16952) +- macro: add generic IS_ALIGNED32() anf friends (RHEL-16952) +- meson: use 0|1 for SD_BOOT (RHEL-16952) +- boot: Add printf functions (RHEL-16952) +- boot: Use printf for error logging (RHEL-16952) +- boot: Introduce log_wait (RHEL-16952) +- boot: Add log_trace debugging helper (RHEL-16952) +- tree-wide: Use __func__ in asserts (RHEL-16952) +- boot: Drop use of xpool_print/SPrint (RHEL-16952) +- boot: Drop use of Print (RHEL-16952) +- boot: Rework GUID handling (RHEL-16952) +- efi-string: Fix strchr() null byte handling (RHEL-16952) +- efi-string: Add startswith8() (RHEL-16952) +- efi-string: Add efi_memchr() (RHEL-16952) +- vmm: Add more const (RHEL-16952) +- vmm: Add smbios_find_oem_string() (RHEL-16952) +- stub: Read extra kernel command line items from SMBIOS (RHEL-16952) +- vmm: Modernize get_smbios_table() (RHEL-16952) +- stub: measure SMBIOS kernel-cmdline-extra in PCR12 (RHEL-16952) +- efi: support passing empty cmdline to mangle_stub_cmdline() (RHEL-16952) +- efi: set EFIVAR to stop Shim from uninstalling its protocol (RHEL-16952) +- ukify: use empty stub for addons (RHEL-16952) +- stub: allow loading and verifying cmdline addons (RHEL-16952) +- TODO: remove fixed item (RHEL-16952) +- fix: do not check/verify slice units if recursive errors are to be ignored (RHEL-1086) + +* Thu Feb 15 2024 systemd maintenance team - 252-27 +- test: merge TEST-20-MAINPIDGAMES into TEST-07-PID1 (fixup) (RHEL-1086) +- test: use the default nsec3-iterations value (RHEL-1086) +- test: explicitly set nsec3-iterations to 0 (RHEL-1086) +- core: mount namespaces: Remove auxiliary bind mounts directory after unit termination (RHEL-19483) +- ci: deploy systemd man to GitHub Pages (RHEL-1086) +- doc: add missing `` to `systemd.net-naming-scheme.xml` (RHEL-7026) +- man: reorder the list of supported naming schemes (RHEL-7026) +- tree-wide: fix return value handling of base64mem() (RHEL-16182) +- Consolidate various TAKE_* into TAKE_GENERIC(), add TAKE_STRUCT() (RHEL-16182) +- pcrphase: add $SYSTEMD_PCRPHASE_STUB_VERIFY env var for overriding stub check (RHEL-16182) +- pcrphase: gracefully exit if TPM2 support is incomplete (RHEL-16182) +- tpm2-util: split out code that derives "good" TPM2 banks into an strv from pcrphase and generalize it in tpm2-util.c (RHEL-16182) +- tpm2-util: split out code that extends a PCR from pcrphase (RHEL-16182) +- tpm2-util: optionally do HMAC in tpm2_extend_bytes() in case we process sensitive data (RHEL-16182) +- cryptsetup: add tpm2-measure-pcr= and tpm2-measure-bank= crypttab options (RHEL-16182) +- man: document the new crypttab measurement options (RHEL-16182) +- gpt-auto-generator: automatically measure root/var volume keys into PCR 15 (RHEL-16182) +- blkid-util: define enum for blkid_do_safeprobe() return values (RHEL-16182) +- pcrphase: make tool more generic, reuse for measuring machine id/fs uuids (RHEL-16182) +- units: measure /etc/machine-id into PCR 15 during early boot (RHEL-16182) +- generators: optionally, measure file systems at boot (RHEL-16182) +- tpm2: add common helper for checking if we are running on UKI with TPM measurements (RHEL-16182) +- man: document new machine-id/fs measurement options (RHEL-16182) +- test: add simple integration test for checking PCR extension works as it should (RHEL-16182) +- update TODO (RHEL-16182) +- cryptsetup: retry TPM2 unseal operation if it fails with TPM2_RC_PCR_CHANGED (RHEL-16182) +- boot: Simplify object erasure (RHEL-16182) +- tree-wide: use CLEANUP_ERASE() at various places (RHEL-16182) +- dlfcn: add new safe_dclose() helper (RHEL-16182) +- tpm2: rename tpm2 alg id<->string functions (RHEL-16182) +- tpm2: rename struct tpm2_context to Tpm2Context (RHEL-16182) +- tpm2: use ref counter for Tpm2Context (RHEL-16182) +- tpm2: use Tpm2Context* instead of ESYS_CONTEXT* (RHEL-16182) +- tpm2: add Tpm2Handle with automatic cleanup (RHEL-16182) +- tpm2: simplify tpm2_seal() blob creation (RHEL-16182) +- tpm2: add salt to pin (RHEL-16182) +- basic/macro: add macro to iterate variadic args (RHEL-16182) +- test/test-macro: add tests for FOREACH_VA_ARGS() (RHEL-16182) +- basic/bitfield: add bitfield operations (RHEL-16182) +- test/test-bitfield: add tests for bitfield macros (RHEL-16182) +- tpm2: add tpm2_get_policy_digest() (RHEL-16182) +- tpm2: add TPM2_PCR_VALID() (RHEL-16182) +- tpm2: add/rename functions to manage pcr selections (RHEL-16182) +- test/test-tpm2: add tests for pcr selection functions (RHEL-16182) +- tpm2: add tpm2_pcr_read() (RHEL-16182) +- tpm2: move openssl-required ifdef code out of policy-building function (RHEL-16182) +- tpm2: add tpm2_is_encryption_session() (RHEL-16182) +- tpm2: move policy building out of policy session creation (RHEL-16182) +- tpm2: add support for a trusted SRK (RHEL-16182) +- tpm2: fix nits from PR #26185 (RHEL-16182) +- tpm2: replace magic number (RHEL-16182) +- tpm2: add tpm2_digest_*() functions (RHEL-16182) +- tpm2: replace hash_pin() with tpm2_digest_*() functions (RHEL-16182) +- tpm2: add tpm2_set_auth() (RHEL-16182) +- tpm2: add tpm2_get_name() (RHEL-16182) +- tpm2: rename pcr_values_size vars to n_pcr_values (RHEL-16182) +- tpm2: add tpm2_policy_pcr() (RHEL-16182) +- tpm2: add tpm2_policy_auth_value() (RHEL-16182) +- tpm2: add tpm2_policy_authorize() (RHEL-16182) +- tpm2: use tpm2_policy_authorize() (RHEL-16182) +- tpm2: add tpm2_calculate_sealing_policy() (RHEL-16182) +- tpm: remove external calls to dlopen_tpm2() (RHEL-16182) +- tpm2: remove all extern tpm2-tss symbols (RHEL-16182) +- tpm2: add tpm2_get_capability(), tpm2_cache_capabilities(), tpm2_capability_pcrs() (RHEL-16182) +- tpm2: verify symmetric parms in tpm2_context_new() (RHEL-16182) +- tpm2: replace _cleanup_tpm2_* macros with _cleanup_() (RHEL-16182) +- tpm2-util: use compound initialization when allocating tpm2 objects (RHEL-16182) +- tpm2: add tpm2_get_capability_handle(), tpm2_esys_handle_from_tpm_handle() (RHEL-16182) +- tpm2: add tpm2_read_public() (RHEL-16182) +- tpm2: add tpm2_get_legacy_template() and tpm2_get_srk_template() (RHEL-16182) +- tpm2: add tpm2_load() (RHEL-16182) +- tpm2: add tpm2_load_external() (RHEL-16182) +- tpm2: move local vars in tpm2_seal() to point of use (RHEL-16182) +- tpm2: replace magic number in hmac_sensitive initialization (RHEL-16182) +- tpm2: add tpm2_create() (RHEL-16182) +- tpm2: replace tpm2_capability_pcrs() macro with direct c->capaiblity_pcrs use (RHEL-16182) +- basic/alloc-util: add greedy_realloc_append() (RHEL-16182) +- tpm2: cache the TPM supported commands, add tpm2_supports_command() (RHEL-16182) +- tpm2: cache TPM algorithms (RHEL-16182) +- tpm2: add tpm2_persist_handle() (RHEL-16182) +- tpm2: add tpm2_get_or_create_srk() (RHEL-16182) +- tpm2: move local vars in tpm2_unseal() to point of use (RHEL-16182) +- tpm2: remove tpm2_make_primary() (RHEL-16182) +- tpm2: use CreatePrimary() to create primary keys instead of Create() (RHEL-16182) +- cryptsetup: downgrade a bunch of log messages that to LOG_WARNING (RHEL-16182) +- boot/measure: replace TPM PolicyPCR session with calculation (RHEL-16182) +- core: imply DeviceAllow=/dev/tpmrm0 with LoadCredentialEncrypted (RHEL-16182) +- added more test cases (RHEL-16182) +- test: fixed negative checks in TEST-70-TPM2. Use in-line error handling rather than redirections. Follow up on #27020 (RHEL-16182) +- systemd-cryptenroll: add string aliases for tpm2 PCRs Fixes #26697. RFE. (RHEL-16182) +- cryptenroll: fix an assertion with weak passwords (RHEL-16182) +- man/systemd-cryptenroll: update list of PCRs, link to uapi docs (RHEL-16182) +- tpm2: add debug logging to functions converting hash or asym algs to/from strings or ids (RHEL-16182) +- tpm2: add tpm2_hash_alg_to_size() (RHEL-16182) +- tpm2: change tpm2_tpm*_pcr_selection_to_mask() to return mask (RHEL-16182) +- tpm2: add more helper functions for managing TPML_PCR_SELECTION and TPMS_PCR_SELECTION (RHEL-16182) +- tpm2: add Tpm2PCRValue struct and associated functions (RHEL-16182) +- tpm2: move declared functions in header lower down (RHEL-16182) +- tpm2: declare tpm2_log_debug_*() functions in tpm2_util.h (RHEL-16182) +- tpm2: change tpm2_calculate_policy_pcr(), tpm2_calculate_sealing_policy() to use Tpm2PCRValue array (RHEL-16182) +- tpm2: change tpm2_parse_pcr_argument() parameters to parse to Tpm2PCRValue array (RHEL-16182) +- tpm2: add TPM2B_*_MAKE(), TPM2B_*_CHECK_SIZE() macros (RHEL-16182) +- tpm2: add tpm2_pcr_read_missing_values() (RHEL-16182) +- openssl: add openssl_pkey_from_pem() (RHEL-16182) +- openssl: add rsa_pkey_new(), rsa_pkey_from_n_e(), rsa_pkey_to_n_e() (RHEL-16182) +- openssl: add ecc_pkey_new(), ecc_pkey_from_curve_x_y(), ecc_pkey_to_curve_x_y() (RHEL-16182) +- test: add DEFINE_HEX_PTR() helper function (RHEL-16182) +- openssl: add test-openssl (RHEL-16182) +- tpm2: add functions to convert TPM2B_PUBLIC to/from openssl pkey or PEM (RHEL-16182) +- tpm2: move policy calculation out of tpm2_seal() (RHEL-16182) +- man: update systemd-cryptenroll man page with details on --tpm2-pcrs format change (RHEL-16182) +- tpm2: update TEST-70-TPM2 to test passing PCR value to systemd-cryptenroll (RHEL-16182) +- tpm2: change *alg_to_* functions to use switch() (RHEL-16182) +- tpm2: lowercase TPM2_PCR_VALUE[S]_VALID functions (RHEL-16182) +- tpm2: move cast from lhs to rhs in uint16_t/int comparison (RHEL-16182) +- tpm2: in validator functions, return false instead of assert failure (RHEL-16182) +- tpm2: in tpm2_pcr_values_valid() use FOREACH_ARRAY() (RHEL-16182) +- tpm2: use SIZE_MAX instead of strlen() for unhexmem() (RHEL-16182) +- tpm2: put !isempty() check inside previous !isempty() check (RHEL-16182) +- tpm2: simplify call to asprintf() (RHEL-16182) +- tpm2: check pcr value hash != 0 before looking up hash algorithm name (RHEL-16182) +- tpm2: use strempty() (RHEL-16182) +- tpm2: split TPM2_PCR_VALUE_MAKE() over multiple lines (RHEL-16182) +- tpm2: remove ret_ prefix from input/output params (RHEL-16182) +- tpm2: use memcpy_safe() instead of memcpy() (RHEL-16182) +- openssl: use new(char, size) instead of malloc(size) (RHEL-16182) +- tpm2: use table for openssl<->tpm2 ecc curve id mappings (RHEL-16182) +- tpm2: use switch() instead of if-else (RHEL-16182) +- tpm2: make logging level consistent at debug for some functions (RHEL-16182) +- tpm2: remove unnecessary void* cast (RHEL-16182) +- tpm2: add tpm2_pcr_values_has_(any|all)_values() functions (RHEL-16182) +- tpm2: wrap (7) in UINT32_C() (RHEL-16182) +- cryptenroll: change man page example to remove leading 0x and lowercase hex (RHEL-16182) +- openssl: add log_openssl_errors() (RHEL-16182) +- openssl: add openssl_digest_size() (RHEL-16182) +- openssl: add openssl_digest_many() (RHEL-16182) +- openssl: replace openssl_hash() with openssl_digest() (RHEL-16182) +- openssl: add openssl_hmac_many() (RHEL-16182) +- openssl: add rsa_oaep_encrypt_bytes() (RHEL-16182) +- openssl: add kdf_kb_hmac_derive() (RHEL-16182) +- openssl: add openssl_cipher_many() (RHEL-16182) +- openssl: add ecc_edch() (RHEL-16182) +- openssl: add kdf_ss_derive() (RHEL-16182) +- dlfcn-util: add static asserts ensuring our sym_xyz() func ptrs match the types from the official headers (RHEL-16182) +- tpm2: add tpm2_marshal_blob() and tpm2_unmarshal_blob() (RHEL-16182) +- tpm2: add tpm2_serialize() and tpm2_deserialize() (RHEL-16182) +- tpm2: add tpm2_index_to_handle() and tpm2_index_from_handle() (RHEL-16182) +- tpm2: fix build failure without openssl (RHEL-16182) +- tpm2-util: look for tpm2-pcr-signature.json directly in /.extra/ (RHEL-16182) +- tpm2: downgrade most log functions from error to debug (RHEL-16182) +- tpm2: handle older tpm enrollments without a saved pcr bank (RHEL-16182) +- tpm2: allow tpm2_make_encryption_session() without bind key (RHEL-16182) +- tpm2: update tpm2 test for supported commands (RHEL-16182) +- tpm2: use GREEDY_REALLOC_APPEND() in tpm2_get_capability_handles(), cap max value (RHEL-16182) +- tpm2: change tpm2_unseal() to accept Tpm2Context instead of device string (RHEL-16182) +- tpm2: cache TPM's supported ECC curves (RHEL-16182) +- tpm2-util: make tpm2_marshal_blob()/tpm2_unmarshal_blob() static (RHEL-16182) +- tpm2-util: make tpm2_read_public() static, as we use it only internally in tpm2-util.c (RHEL-16182) +- cryptenroll: allow specifying handle index of key to use for sealing (RHEL-16182) +- test: add tests for systemd-cryptenroll --tpm2-seal-key-handle (RHEL-16182) +- tpm2: do not call Esys_TR_Close() (RHEL-16182) +- tpm2: don't use GetCapability() to check transient handles (RHEL-16182) +- tpm2-util: pick up a few new symbols from tpm2-tss (RHEL-16182) +- tpm2: add tpm2_get_pin_auth() (RHEL-16182) +- tpm2: instead of adjusting authValue trailing 0(s), trim them as required by tpm spec (RHEL-16182) +- tpm2-util: rename tpm2_calculate_name() → tpm2_calculate_pubkey_name() (RHEL-16182) +- cryptenroll: do not implicitly verify with default tpm policy signature (RHEL-16182) +- cryptenroll: drop deadcode (RHEL-16182) +- tpm2: allow using tpm2_get_srk_template() without tpm (RHEL-16182) +- tpm2: add test to verify srk templates (RHEL-16182) +- tpm2: add tpm2_sym_alg_*_string() and tpm2_sym_mode_*_string() (RHEL-16182) +- tpm2: add tpm2_calculate_seal() and helper functions (RHEL-16182) +- tpm2: update test-tpm2 for tpm2_calculate_seal() (RHEL-16182) +- cryptenroll: add support for calculated TPM2 enrollment (RHEL-16182) +- test: update TEST-70 with systemd-cryptenroll calculated TPM2 enrollment (RHEL-16182) +- openssl-util: avoid freeing invalid pointer (RHEL-16182) +- creds-util: check for CAP_DAC_READ_SEARCH (RHEL-16182) +- creds-util: do not try TPM2 if there is not support (RHEL-16182) +- creds-util: merge the TPM2 detection for initrd (RHEL-16182) +- cryptenroll: fix a memory leak (RHEL-16182) +- sd-journal: introduce sd_journal_step_one() (RHEL-11591) +- test: modernize test-journal-flush (RHEL-11591) +- journal-file-util: do not fail when journal_file_set_offline() called more than once (RHEL-11591) +- journal-file-util: Prefer punching holes instead of truncating (RHEL-11591) +- test: add reproducer for SIGBUS issue caused by journal truncation (RHEL-11591) + +* Wed Jan 31 2024 systemd maintenance team - 252-26 +- spec: update rhel-net-naming-sysattrs to v0.4 (RHEL-22278) + +* Tue Jan 30 2024 systemd maintenance team - 252-25 +- spec: add new package with RHEL-specific network naming sysattrs (RHEL-22278) + +* Wed Jan 24 2024 systemd maintenance team - 252-24 +- ci: use source-git-automation composite Action (RHEL-1086) +- ci: increase the cron interval to 45 minutes (RHEL-1086) +- ci: add all Z-Stream versions to array of allowed versions (RHEL-1086) +- udev/net_id: introduce naming scheme for RHEL-9.4 (RHEL-22427) +- basic/errno-util: add wrappers which only accept negative errno (RHEL-22443) +- errno-util: allow ERRNO_IS_* to accept types wider than int (RHEL-22443) +- udev: add new builtin net_driver (RHEL-22443) +- udev/net_id: introduce naming scheme for RHEL-8.10 (RHEL-22427) + +* Fri Jan 12 2024 systemd maintenance team - 252-23 +- logind: don't setup idle session watch for lock-screen and greeter (RHEL-20757) +- logind: don't make idle action timer accuracy more coarse than timeout (RHEL-20757) +- logind: do TTY idle logic only for sessions marked as "tty" (RHEL-20757) +- meson: Properly install 90-uki-copy.install (RHEL-16354) + +* Mon Jan 08 2024 systemd maintenance team - 252-22 +- Revert "man: mention System Administrator's Guide in systemctl manpage" (RHEL-19436) +- man: mention RHEL documentation in systemctl's man page (RHEL-19436) +- resolved: actually check authenticated flag of SOA transaction (RHEL-6216) +- udev: allow/denylist for reading sysfs attributes when composing a NIC name (RHEL-1317) +- man: environment value -> udev property (RHEL-1317) + +* Mon Dec 11 2023 systemd maintenance team - 252-21 +- meson: fix installation of ukify (RHEL-13199) +- sd-id128: introduce id128_hash_ops_free (RHEL-5988) +- udevadm-trigger: allow to fallback without synthetic UUID only first time (RHEL-5988) +- udevadm-trigger: settle with synthetic UUID if the kernel support it (RHEL-5988) +- udevadm-trigger: also check with the original syspath if device is renamed (RHEL-5988) +- test: use 'udevadm trigger --settle' even if device is renamed (RHEL-5988) +- sd-event: don't mistake USEC_INFINITY passed in for overflow (RHEL-6090) +- pid1: rework service_arm_timer() to optionally take a relative time value (RHEL-6090) +- manager: add one more assert() (RHEL-6090) +- pid1: add new Type=notify-reload service type (RHEL-6090) +- man: document Type=notify-reload (RHEL-6090) +- pid1: make sure we send our calling service manager RELOADING=1 when reloading (RHEL-6090) +- networkd: implement Type=notify-reload protocol (RHEL-6090) +- udevd: implement the full Type=notify-reload protocol (RHEL-6090) +- logind: implement Type=notify-reload protocol properly (RHEL-6090) +- notify: add --stopping + --reloading switches (RHEL-6090) +- test: add Type=notify-reload testcase (RHEL-6090) +- update TODO (RHEL-6090) +- core: check for SERVICE_RELOAD_NOTIFY in manager_dbus_is_running (RHEL-6090) + +* Fri Dec 08 2023 systemd maintenance team - 252-20 +- udev/net: allow new link name as an altname before renaming happens (RHEL-5988) +- sd-netlink: do not swap old name and alternative name (RHEL-5988) +- sd-netlink: restore altname on error in rtnl_set_link_name (RHEL-5988) +- udev: attempt device rename even if interface is up (RHEL-5988) +- sd-netlink: add a test for rtnl_set_link_name() (RHEL-5988) +- test-network: add a test for renaming device to current altname (RHEL-5988) +- udev: align table (RHEL-5988) +- sd-device: make device_set_syspath() clear sysname and sysnum (RHEL-5988) +- sd-device: do not directly access entry in sd-device object (RHEL-5988) +- udev: move device_rename() from device-private.c (RHEL-5988) +- udev: restore syspath and properties on failure (RHEL-5988) +- sd-device: introduce device_get_property_int() (RHEL-5988) +- core/device: downgrade log level for ignored errors (RHEL-5988) +- core/device: ignore failed uevents (RHEL-5988) +- test: add tests for failure in renaming network interface (RHEL-5988) +- test: modernize test-netlink.c (RHEL-5988) +- test-netlink: use dummy interface to test assigning new interface name (RHEL-5988) +- udev: use SYNTHETIC_ERRNO() at one more place (RHEL-5988) +- udev: make udev_builtin_run() take UdevEvent* (RHEL-5988) +- udev/net: verify ID_NET_XYZ before trying to assign it as an alternative name (RHEL-5988) +- udev/net: generate new network interface name only on add uevent (RHEL-5988) +- sd-netlink: make rtnl_set_link_name() optionally append alternative names (RHEL-5988) +- udev/net: assign alternative names only on add uevent (RHEL-5988) +- test: add tests for renaming network interface (RHEL-5988) +- Backport ukify from upstream (RHEL-13199) +- bootctl: make --json output normal json (RHEL-13199) +- test: replace readfp() with read_file() (RHEL-13199) +- stub/measure: document and measure .uname UKI section (RHEL-13199) +- boot: measure .sbat section (RHEL-13199) +- Revert "test_ukify: no stinky root needed for signing" (RHEL-13199) +- ukify: move to /usr/bin and mark as non non-experimental (RHEL-13199) +- kernel-install: Add uki layout (RHEL-16354) +- kernel-install: remove math slang from man page (RHEL-16354) +- kernel-install: handle uki installs automatically (RHEL-16354) +- 90-uki-copy.install: create $BOOT/EFI/Linux directory if needed (RHEL-16354) +- kernel-install: Log location that uki is installed in (RHEL-16354) +- bootctl: fix errno logging (RHEL-16354) +- bootctl: add kernel-identity command (RHEL-16354) +- bootctl: add kernel-inspect command (RHEL-16354) +- bootctl: add kernel-inspect to --help text (RHEL-16354) +- bootctl: drop full stop at end of --help texts (RHEL-16354) +- bootctl: change section title for kernel image commands (RHEL-16354) +- bootctl: remove space that should not be there (RHEL-16354) +- bootctl: kernel-inspect: print os info (RHEL-16354) +- bootctl-uki: several coding style fixlets (RHEL-16354) +- tree-wide: unify how we pick OS pretty name to display (RHEL-16354) +- bootctl-uki: several follow-ups for inspect_osrel() (RHEL-16354) +- bootctl: Add missing %m (RHEL-16354) +- bootctl: tweak DOS header magic check (RHEL-16354) + +* Mon Nov 13 2023 systemd maintenance team - 252-19 +- ci: Extend source-git-automation (RHEL-1086) +- netif-naming-scheme: let's also include rhel8 schemes (RHEL-7026) +- systemd-analyze: Add table and JSON output implementation to plot (RHEL-5070) +- systemd-analyze: Update man/systemd-analyze.xml with Plot JSON and table (RHEL-5070) +- systemd-analyze: Add tab complete logic for plot (RHEL-5070) +- systemd-analyze: Add --json=, --table and -no-legend tests for plot (RHEL-5070) +- ci: enable source-git automation to validate reviews and ci results (RHEL-1086) +- ci: remove Mergify config - replaced by Pull Request Validator (RHEL-1086) +- ci: enable auto-merge GH Action (RHEL-1086) +- ci: add missing permissions (RHEL-1086) +- ci: `permissions: write-all` (RHEL-1086) +- ci(lint): exclude `.in` files from ShellCheck lint (RHEL-1086) +- udev: raise RLIMIT_NOFILE as high as we can (RHEL-11040) + +* Tue Aug 22 2023 systemd maintenance team - 252-18 +- doc: add downstream CONTRIBUTING document (#2170883) +- doc: improve CONTRIBUTING document (#2170883) +- doc: use link with prefilled Jira issue (#2170883) +- docs: link downstream CONTRIBUTING in README (#2170883) +- bpf: fix restrict_fs on s390x (#2230364) +- udev/net_id: use naming scheme for RHEL-9.3 (#2231845) +- core/timer: Always use inactive_exit_timestamp if it is set (#2211065) +- timer: Use dual_timestamp_is_set() in one more place (#2211065) +- loginctl: list-users: also show state (#2209912) +- loginctl: list-sessions: minor modernization (#2209912) +- loginctl: list-sessions: also show state (#2209912) +- test: add test for state in loginctl list-{users,sessions} (#2209912) +- test: add a missing session activation (#2209912) +- test: extend test for loginctl list-* (#2209912) +- loginctl: shorten variable name (#2209912) +- loginctl: use bus_map_all_properties (#2209912) +- loginctl: show session idle status in list-sessions (#2209912) +- loginctl: some modernizations (#2209912) +- loginctl: list-sessions: fix timestamp for idle hint (#2209912) +- loginctl: list-users: use bus_map_all_properties (#2209912) +- loginctl: also show idle hint in session-status (#2209912) +- memory-util: make ArrayCleanup passed to array_cleanup() const (#2190226) +- static-destruct: several cleanups (#2190226) +- static-destruct: introduce STATIC_ARRAY_DESTRUCTOR_REGISTER() (#2190226) +- macro: support the case that the number of elements has const qualifier (#2190226) +- shared/generator: apply similar config reordering of generated units (#2190226) +- nulstr-util: make ret_size in strv_make_nulstr() optional (#2190226) +- generator: teach generator_add_symlink() to instantiate specified unit (#2190226) +- units: rework growfs units to be just a regular unit that is instantiated (#2190226) +- fstab-generator: use correct targets when /sysroot is specificied in fstab only (#2190226) +- fstab-generator: add SYSTEMD_SYSFS_CHECK env var (#2190226) +- test: add fstab file support for fstab-generator tests (#2190226) +- test-fstab-generator: also check file contents (#2190226) +- test-fstab-generator: add tests for mount options (#2190226) +- fstab-generator: split out several functions from parse_fstab() (#2190226) +- fstab-generator: call add_swap() earlier (#2190226) +- fstab-generator: refuse to add swap earlier if disabled (#2190226) +- fstab-generator: refuse invalid mount point path in fstab earlier (#2190226) +- fstab-generator: fix error code propagation in run_generator() (#2190226) +- fstab-generator: support defining mount units through kernel command line (#2190226) +- test: add test cases for defining mount and swap units from kernel cmdline (#2190226) +- generators: change TimeoutSec=0 to TimeoutSec=infinity (#2190226) +- units: change TimeoutSec=0 to TimeoutSec=infinity (#2190226) +- fstab-generator: use correct swap name var (#2190226) +- fstab-generator: add more parameter name comments (#2190226) +- fstab-generator: unify initrd-root-device.target dependency handling code (#2190226) +- fstab-util: add fstab_is_bind (#2190226) +- fstab-generator: resolve bind mount source when in initrd (#2190226) +- fstab-generator: rename 'initrd' flag to 'prefix_sysroot' (#2190226) +- fstab-generator: fix target of /sysroot/usr (#2190226) +- fstab-generator: add rd.systemd.mount-extra= and friends (#2190226) +- fstab-generator: add a flag to accept entry for "/" in initrd (#2190226) +- test-fstab-generator: extract core part as a function (#2190226) +- test-fstab-generator: also test with SYSTEMD_IN_INITRD=no (#2190226) +- test-fstab-generator: add more tests for systemd.mount-extra= and friends (#2190226) +- fstab-generator: enable fsck for block device mounts specified in systemd.mount-extra= (#2190226) +- core: use correct scope of looking up units (#2226980) +- test: merge unit file related tests into TEST-23-UNIT-FILE (#2213521) +- test: rename TEST-07-ISSUE-1981 to TEST-07-PID1 (#2213521) +- test: merge TEST-08-ISSUE-2730 into TEST-07-PID1 (#2213521) +- test: merge TEST-09-ISSUE-2691 into TEST-07-PID1 (#2213521) +- test: merge TEST-10-ISSUE-2467 with TEST-07-PID1 (#2213521) +- test: merge TEST-11-ISSUE-3166 into TEST-07-PID1 (#2213521) +- test: merge TEST-12-ISSUE-3171 into TEST-07-PID1 (#2213521) +- test: move TEST-23's units into a dedicated subfolder (#2213521) +- test: merge TEST-47-ISSUE-14566 into TEST-07-PID1 (#2213521) +- test: merge TEST-51-ISSUE-16115 into TEST-07-PID1 (#2213521) +- test: merge TEST-20-MAINPIDGAMES into TEST-07-PID1 (#2213521) +- test: abstract the common test parts into a utility script (#2213521) +- test: add tests for JoinsNamespaceOf= (#2213521) +- core/unit: drop doubled empty line (#2213521) +- core/unit: make JoinsNamespaceOf= implies the inverse dependency (#2213521) +- core/unit: search shared namespace in transitive relation of JoinsNamespaceOf= (#2213521) +- core/unit: update bidirectional dependency simultaneously (#2213521) +- resolvectl: fix type of ifindex D-Bus field, and make sure to initialize to zero in all code paths (#2161260) +- resolved: add some line-breaks/comments (#2161260) +- resolvectl: don't filter loopback DNS server from global DNS server list (#2161260) +- blockdev-util: add simple wrapper around BLKSSZGET (#2170883) +- loop-util: insist on setting the sector size correctly (#2170883) +- dissect-image: add probe_sector_size() helper for detecting sector size of a GPT disk image (#2170883) +- loop-util: always tell kernel explicitly about loopback sector size (#2170883) +- Revert "Treat EPERM as "not available" too" (#2178222) +- Revert "test: accept EPERM for unavailable idmapped mounts as well" (#2178222) + +* Fri Aug 04 2023 systemd maintenance team - 252-17 +- Revert "core/service: when resetting PID also reset known flag" (#2225667 +- ci: explicitly install python3-lldb-$COMPILER_VERSION (#2225667) + +* Mon Jul 17 2023 systemd maintenance team - 252-16 +- ci: update permissions for source-git automation workflows (#2170883) +- pstore: fixes for dmesg.txt reconstruction (#2170883) +- pstore: explicitly set the base when converting record ID (#2170883) +- pstore: avoid opening the dmesg.txt file if not requested (#2170883) +- test: add a couple of tests for systemd-pstore (#2170883) +- test: match all messages with the FILE field (#2170883) +- test: build the SELinux test module on the host (#2170883) +- test: make the stress test slightly less stressful on slower machines (#2170883) +- coredump: use unaligned_read_ne{32,64}() to parse auxv (#2170883) +- core/transaction: make merge_unit_ids() always return NUL-terminated string (#2170883) +- core/transaction: make merge_unit_ids() return non-NULL on success (#2170883) +- core/transaction: do not log "(null)" (#2170883) +- ci: allow `RHEL-only` labels to mark downstream-only commits (#2170883) +- elf-util: discard PT_LOAD segment early based on the start address. (#2215412) +- elf-util: check for overflow when computing end of core's PT_LOAD segments (#2215412) +- sulogin: use DEFINE_MAIN_FUNCTION() (#2169959) +- sulogin: fix control lost of the current terminal when default.target is rescue.target (#2169959) +- journal-vacuum: count size of all journal files (#2182632) +- memory-util: add a concept for gcc cleanup attribute based array destruction (#2182632) +- macro: introduce FOREACH_ARRAY() macro (#2182632) +- journal-vacuum: rename function to match struct name (#2182632) +- journal-vacuum: use CLEANUP_ARRAY (#2182632) +- pam: add call to pam_umask (#2210145) +- udev-builtin-net_id: align VF representor names with VF names (#2218886) +- pam: add a call to pam_namespace (#2218184) +- rules: online CPU automatically on IBM s390x platforms when configured (#2212612) +- core/mount: escape invalid UTF8 char in dbus reply (#2208240) +- Revert "user: delegate cpu controller, assign weights to user slices" (#2176899) +- udev-rules: fix nvme symlink creation on namespace changes (#2172509) +- rules: add whitespace after comma before the line continuation (#2172509) +- udev: restore compat symlink for nvme devices (#2172509) +- rules: drop doubled space (#2172509) +- manager: don't taint the host if cgroups v1 is used (#2193456) +- core/service: when resetting PID also reset known flag (#2210237) +- ci: drop systemd-stable from advanced-commit-linter config (#2170883) + +* Thu May 18 2023 systemd maintenance team - 252-15 +- ci: trigger `differential-shellcheck` workflow on push (#2100440) +- ci: workflow for gathering metadata for source-git automation (#2100440) +- ci: first part of the source-git automation - commit linter (#2100440) +- ci(Mergify): check CodeQL and build workflows based on changed files (#2100440) +- ci: add NOTICE to also update regexp in `.mergify.yml` when updating `paths` property (#2100440) +- Support /etc/system-update for OSTree systems (#2203133) +- journal-def: fix type of signature to match the actual field in the Header structure (#2183546) +- journal: use compound initialization for journal file Header structure (#2183546) +- journald: fix log message (#2183546) +- sd-journal: cache results of parsing environment variables (#2183546) +- compress: introduce compression_supported() helper function (#2183546) +- sd-journal: always use the compression algorithm specified in the header (#2183546) +- sd-journal: allow to specify compression algorithm through env (#2183546) +- test: add test case that journal file is created with the requested compression algorithm (#2183546) +- rules: do not online CPU automatically on IBM platforms (#2143107) + +* Tue Mar 21 2023 systemd maintenance team - 252-14 +- systemd: Support OOMPolicy in scope units (#2176918) +- systemd: Default to OOMPolicy=continue for login session scopes (#2176918) +- man: rework description of OOMPolicy= a bit (#2176918) +- core,man: add missing integration of OOMPolicy= in scopes (#2176918) +- meson: Store fuzz tests in structured way (#2176918) +- meson: Generate fuzzer inputs with directives (#2176918) +- oss-fuzz: include generated corpora in the final zip file (#2176918) +- unit: In cgroupv1, gracefully terminate delegated scopes again (#2180120) + +* Mon Feb 27 2023 systemd maintenance team - 252-8 +- journal-file: Fix return value in bump_entry_array() (#2173682) + +* Mon Feb 27 2023 systemd maintenance team - 252-7 +- test: add coverage for #24177 (#1985288) +- logind-session: make stopping of idle session visible to admins (#2172401) + +* Wed Feb 22 2023 systemd maintenance team - 252-6 +- journalctl: actually run the static destructors (#2122500) +- efi: drop executable-stack bit from .elf file (#2140646) +- install: fail early if specifier expansion failed (#2138081) +- test: add coverage for #26467 (#2138081) + +* Fri Feb 17 2023 systemd maintenance team - 252-5 +- nss-myhostname: fix inverted condition in (#2167468) +- nss-myhostname: do not return empty result with NSS_STATUS_SUCCESS (#2167468) +- sleep: rename hibernate_delay_sec -> _usec (#2151612) +- sleep: fetch_batteries_capacity_by_name() does not return -ENOENT (#2151612) +- sleep: drop unnecessary temporal vaiable and initialization (#2151612) +- sleep: introduce SuspendEstimationSec= (#2151612) +- sleep: coding style fixlets (#2151612) +- sleep: simplify code a bit (#2151612) +- sleep: fix indentation (#2151612) +- sleep: enumerate only existing and non-device batteries (#2151612) +- core: when isolating to a unit, also keep units running that are triggered by units we keep running (#1952378) +- udev/net_id: introduce naming scheme for RHEL-9.2 (#2170500) + +* Mon Feb 06 2023 systemd maintenance team - 252-4 +- udev: make get_virtfn_info() provide physical PCI device (#2159448) +- test: make helper_check_device_units() log unit name (#2138081) +- test: add a testcase for lvextend (#2138081) +- pid1: fix segv triggered by status query (#26279) (#2138081) +- test: create config under /run (#2138081) +- test: add tests for mDNS and LLMNR settings (#2138081) +- resolved: introduce the _localdnsstub and _localdnsproxy special hostnames for 127.0.0.54 + 127.0.0.53 (#2138081) +- test: wait for the monitoring service to become active (#2138081) +- test: suppress echo in monitor_check_rr() (#2138081) +- Revert "test: wait for the monitoring service to become active" (#2138081) +- test: show and check almost all journal entries since the relevant command being invoked (#2138081) +- test: cover IPv6 in the resolved test suite (#2138081) +- test: add a couple of SRV records to check service resolution (#2138081) +- test: add a test for the OPENPGPKEY RR (#2138081) +- test: don't hang indefinitely on no match (#2138081) +- test-ndisc: fix memleak and fd leak (#2138081) +- test-unit-name: fix fd leak (#2138081) +- test: bump D-Bus service start timeout if we run without accel (#2138081) +- test: bump the client-side timeout in sd-bus as well (#2138081) +- test: bump the container spawn timeout to 60s (#2138081) +- network: fix memleak (#2138081) +- busctl: fix introspecting DBus properties (#2138081) +- busctl: simplify peeking the type (#2138081) +- resolve: drop redundant call of socket_ipv6_is_supported() (#2138081) +- resolve: introduce link_get_llmnr_support() and link_get_mdns_support() (#2138081) +- resolve: provide effective supporting levels of mDNS and LLMNR (#2138081) +- resolvectl: warn if the global mDNS or LLMNR support level is lower than the requested one (#2138081) +- resolve: enable per-link mDNS setting by default (#2138081) + +* Mon Jan 16 2023 systemd maintenance team - 252-3 +- swap: tell swapon to reinitialize swap if needed (#2151993) +- coredump: adjust whitespace (#2155517) +- coredump: do not allow user to access coredumps with changed uid/gid/capabilities (#2155517) +- Revert "basic: add fallback in chase_symlinks_and_opendir() for cases when /proc is not mounted" (#2138081) +- glyph-util: add warning sign special glyph (#2138081) +- chase-symlink: when converting directory O_PATH fd to real fd, don't bother with /proc/ (#2138081) +- systemctl: print a clear warning if people invoke systemctl without /proc/ (#2138081) +- TEST-65: check cat-config operation in chroot (#2138081) +- TEST-65: use [[ -v ]] more (#2138081) +- systemctl: warn if trying to disable a unit with no install info (#2141979) +- systemctl: allow suppress the warning of no install info using --no-warn (#2141979) +- rpm/systemd-update-helper: use --no-warn when disabling units (#2141979) +- systemctl: suppress warning about missing /proc/ when --no-warn (#2141979) +- shell-completion: systemctl: add --no-warn (#2141979) +- core/unit: drop doubled empty line (#2160477) +- core/unit: drop dependency to the unit being merged (#2160477) +- core/unit: fix logic of dropping self-referencing dependencies (#2160477) +- core/unit: merge two loops into one (#2160477) +- test: add test case for sysv-generator and invalid dependency (#2160477) +- core/unit: merge unit names after merging deps (#2160477) +- core/unit: fix log message (#2160477) +- test: explicitly create the /etc/init.d directory (#2160477) +- test: support a non-default SysV directory (#2160477) + +* Fri Dec 09 2022 systemd maintenance team - 252-2 +- test: check if we can use SHA1 MD for signing before using it (#2141979) +- boot: cleanups for efivar_get() and friends (#2141979) +- boot: fix false maybe-uninitialized warning (#2141979) +- tree-wide: modernizations with RET_NERRNO() (#2137584) +- sd-bus: handle -EINTR return from bus_poll() (#2137584) +- stdio-bridge: don't be bothered with EINTR (#2137584) +- varlink: also handle EINTR gracefully when waiting for EIO via ppoll() (#2137584) +- sd-netlink: handle EINTR from poll() gracefully, as success (#2137584) +- resolved: handle -EINTR returned from fd_wait_for_event() better (#2137584) +- homed: handle EINTR gracefully when waiting for device node (#2137584) +- utmp-wtmp: fix error in case isatty() fails (#2137584) +- utmp-wtmp: handle EINTR gracefully when waiting to write to tty (#2137584) +- io-util: document EINTR situation a bit (#2137584) +- terminal-util: Set OPOST when setting ONLCR (#2138081) +- cgtop: Do not rewrite -P or -k options (#2138081) +- test: Add tests for systemd-cgtop args parsing (#2138081) +- resolved: remove inappropriate assert() (#2138081) +- boot: Add xstrn8_to_16 (#2138081) +- boot: Use xstr8_to_16 (#2138081) +- boot: Use xstr8_to_16 for path conversion (#2138081) +- stub: Fix cmdline handling (#2138081) +- stub: Detect empty LoadOptions when run from EFI shell (#2138081) +- boot: Use EFI_BOOT_MANAGER_POLICY_PROTOCOL to connect console devices (#2138081) +- boot: Make sure all partitions drivers are connected (#2138081) +- boot: improve support for qemu (#2138081) +- systemd-boot man page: add section for virtual machines (#2138081) +- boot: Only do full driver initialization in VMs (#2138081) +- dissect: rework DISSECT_IMAGE_ADD_PARTITION_DEVICES + DISSECT_IMAGE_OPEN_PARTITION_DEVICES (#2138081) +- ci(Mergify): v252 configuration update (#2138081) +- ci: Run GitHub workflows on rhel branches (#2138081) +- ci: Drop scorecards workflow, not relevant (#2138081) + +* Fri Dec 02 2022 systemd maintenance team - 252-1 +- Rebase to systemd v252 + systemd-stable v252.2 (#2138081) + +* Fri Dec 02 2022 systemd maintenance team - 250-13 +- build systemd-boot EFI tools (#2140646) + +* Thu Aug 25 2022 systemd maintenance team - 250-11 +- scope: allow unprivileged delegation on scopes (#2120604) +- udev/net_id: add "rhel-9.1" naming scheme (#2121144) + +* Mon Aug 22 2022 systemd maintenance team - 250-10 +- shared/install: fix crash when reenable is called without --root (#2120222) + +* Thu Aug 18 2022 systemd maintenance team - 250-9 +- Revert "shared/install: create relative symlinks for enablement and aliasing" (#2118668) +- glyph-util: add new glyphs for up/down arrows (#2118297) +- tree-wide: allow ASCII fallback for → in logs (#2118297) +- tree-wide: allow ASCII fallback for … in logs (#2118297) +- core: allow to set default timeout for devices (#2116681) +- man: document DefaultDeviceTimeoutSec= (#2116681) +- man: update dbus docs (#2116681) +- hwdb: 60-keyboard: Fix volume-button mapping on Asus TF103C (#2087778) +- hwdb: CH Pro Pedals not classified correctly due to no buttons (#2087778) +- hwdb: Add accel orientation quirk for the GPD Pocket 3 (#2087778) +- hostname: Allow overriding the chassis type from hwdb (#2087778) +- hwdb: Add Microsoft Surface Pro 1 chassis quirk (#2087778) +- hwdb: treat logitech craft keyboard as a keyboard (#2087778) +- test: frequency in mouse DPI is optional (#2087778) +- hwdb: add two Elecom trackballs (#2087778) +- hwdb: add new database file for PDA devices (#2087778) +- hwdb: add support for Surface Laptop 2 & 3 (#22303) (#2087778) +- hwdb: add HP calculators (#2087778) +- hwbd: 60-sensor.hwdb: Add Pipo W2Pro (#2087778) +- hwdb: 60-keyboard: Support the buttons on CZC P10T tablet (#2087778) +- hwdb: add CST Laser Trackball (#22583) (#2087778) +- hwdb: Force release calculator key on all HP OMEN laptops (#2087778) +- Add support for NEC VersaPro VG-S (#2087778) +- Fix mic mute on Acer TravelMate B311-31 (#22677) (#2087778) +- Add AV production controllers to hwdb and add uaccess (#2087778) +- hwdb: Add AV production access to Elgado Stream Deck devices (#2087778) +- Add HP Elitebook 2760p support (#22766) (#2087778) +- hwdb: Add mic mute key mapping for HP Elite x360 (#2087778) +- hwdb: fix parser to work with newer pyparsing (#2087778) +- hwdb: update for v251 (#2087778) +- hwdb: update autosuspend entries (#2087778) +- hwdb: drop boilerplate about match patterns being unstable (#2087778) +- hwdb: Update 60-keyboard.hwdb (#23074) (#2087778) +- hwdb: 60-keyboard: Add Acer Aspire One AO532h keymappings (#2087778) +- hwdb 60-keyboard Add HP/Compaq KBR0133 (#2087778) +- hwdb: add resolutions for the Vaio FE14 touchpad (#23136) (#2087778) +- hwdb: Remap micmute to f20 for ASUS WMI hotkeys (#2087778) +- hwdb: Fix rotation for HP Pro Tablet 408 G1 (#2087778) +- hwdb: add keyboard mapping for HP ProBook 11G2 (#2087778) +- hwdb: make sure "ninja update-hwdb" works on f35 (#2087778) +- hwbd: run "update-hwdb" for v251-rc2 (#2087778) +- hwdb: run "ninja update-hwdb-autosuspend" for v251-rc2 (#2087778) +- Fix orientation detection for Asus Transformer T100TAF, copied T100TA rule (#2087778) +- Fix orientation detection for HP Pavilion X2 10-k010nr (#2087778) +- fix typo (#2087778) +- Adding a description of the keyboard shortcut Fn+F12 for the HP EliteBook 845 G7 device. (#23253) (#2087778) +- hwdb: run "update-hwdb" (#2087778) +- hwdb: add rammus accelerometer support (#2087778) +- Add support to set autosuspend delay via hwdb (#2087778) +- Set autosuspend delay for Fibocom LG850-GL (#2087778) +- Add HUION Inspiroy H420X to hwdb (#2087778) +- hwdb: run 'update-hwdb' for v251-rc3 (#2087778) +- hwdb: add touchpad parameters for Lenovo T15g Gen1 (#23373) (#2087778) +- hwdb: Add accel orientation for the I15-TG (#2087778) +- hwdb: fix accelerometer mount matrix for Aquarius NS483 (#2087778) +- hwdb: Add Google Hangouts Meet speakermic (#2087778) +- hwdb: update via ninja -C build update-hwdb (#2087778) +- hwdb: Add Google Meet speakermic (#2087778) +- hwdb: Add accel orientation quirk for the Aya Neo Next (#2087778) +- hwdb: Add HP Dev One (#2087778) +- hwdb: analyzers: remove generic "STM Device in DFU Mode" (#2087778) +- hwdb: Add Lenovo ThinkPad C13 Yoga (#2087778) +- Fix automatic screen rotation for Asus Transformer T100TAM (#2087778) +- hwdb: Add Acer Aspire A317-33 (#24050) (#2087778) +- Add ACCEL_MOUNT_MATRIX for OXP Mini (#2087778) +- Added DERE DBook D10 (#24173) (#2087778) +- hwdb: analyzers: Clarify the type of devices we want listed (#2087778) +- hwdb: Add Greaseweazle "drives" to the list of analyzers (#2087778) +- hwdb: Apply existing accel orientation quirk to all Chromebooks (#2087778) + +* Wed Jul 20 2022 systemd maintenance team - 250-8 +- core: shorten long unit names that are based on paths and append path hash at the end (#2083493) +- tests: add test case for long unit names (#2083493) +- tests: reflect that we can now handle devices with very long sysfs paths (#2083493) +- test: extend the "hashed" unit names coverage a bit (#2083493) +- Revert "kernel-install: also remove modules.builtin.alias.bin" (#2065061) +- Revert "kernel-install: prefer /boot over /boot/efi for $BOOT_ROOT" (#2065061) +- kernel-install: 50-depmod: port to /bin/sh (#2065061) +- kernel-install: 90-loaderentry: port to /bin/sh (#2065061) +- kernel-install: fix shellcheck (#2065061) +- kernel-install: port to /bin/sh (#2065061) +- kernel-install: 90-loaderentry: error out on nonexistent initrds instead of swallowing them quietly (#2065061) +- kernel-install: don't pull out KERNEL_IMAGE (#2065061) +- kernel-install: prefer /boot over /boot/efi for $BOOT_ROOT (#2065061) +- kernel-install: also remove modules.builtin.alias.bin (#2065061) +- kernel-install: add new variable $KERNEL_INSTALL_INITRD_GENERATOR (#2065061) +- kernel-install: k-i already creates $ENTRY_DIR_ABS, no need to do it again (#2065061) +- kernel-install: prefix errors with "Error:", exit immediately (#2065061) +- kernel-install: add "$KERNEL_INSTALL_STAGING_AREA" directory (#2065061) +- kernel-install: add missing log line (#2065061) +- kernel-install: don't try to persist used machine ID locally (#2065061) +- kernel-install: add a new $ENTRY_TOKEN variable for naming boot entries (#2065061) +- kernel-install: only generate systemd.boot_id= in kernel command line if used for naming the boot loader spec files/dirs (#2065061) +- kernel-install: search harder for kernel image/initrd drop-in dir (#2065061) +- kernel-install: add new "inspect" verb, showing paths and parameters we discovered (#2065061) +- ci(Mergify): configuration update (#2087652) +- ci(Mergify): fix copy&paste bug (#2087652) +- shared: Fix memory leak in bus_append_execute_property() (#2087652) +- fuzz: no longer skip empty files (#2087652) +- networkctl: open the bus just once (#2087652) +- json: align table (#2087652) +- fuzz-json: optionally allow logging and output (#2087652) +- shared/json: reduce scope of variables (#2087652) +- fuzz-json: also do sorting and normalizing and other easy calls (#2087652) +- shared/json: wrap long comments (#2087652) +- shared/json: fix memory leak on failed normalization (#2087652) +- shared/json: add helper to ref first, unref second (#2087652) +- basic/alloc-util: remove unnecessary parens (#2087652) +- fuzz-json: also try self-merge operations (#2087652) +- shared/json: fix another memleak in normalization (#2087652) +- shared/json: fix memleak in sort (#2087652) +- execute: fix resource leak (#2087652) +- tests: ignore dbus-broker-launcher (#2087652) +- core/timer: fix memleak (#2087652) +- timedatectl: fix a memory leak (#2087652) +- test: fix file descriptor leak in test-psi-util (#2087652) +- test: fix file descriptor leak in test-tmpfiles.c (#2087652) +- test: fix file descriptor leak in test-fs-util (#2087652) +- test: fix file descriptor leak in test-oomd-util (#2087652) +- test: fix file descriptor leak in test-catalog (#2087652) +- test: make masking of supplementary services configurable (#2087652) +- test: fuzz our dbus interfaces with dfuzzer (#2087652) +- test: skip TEST-21-DFUZZER without ASan (#2087652) +- core: annotate Reexecute() as NoReply (#2087652) +- test: always force a new image for dfuzzer (#2087652) +- test: make dfuzzer less verbose (#2087652) +- test: drop the at_exit() coredump check (#2087652) +- test: make the shutdown routine a bit more "robust" (#2087652) +- tree-wide: drop manually-crafted message for missing variables (#2087652) +- test: allow overriding $QEMU_MEM when running w/ ASan (#2087652) +- test: don't test buses we don't ship (#2087652) +- shutdown: get only active md arrays. (#2047682) +- bus: Use OrderedSet for introspection (#2068131) +- logind-session-dbus: allow to set display name via dbus (#2100340) +- ci: limit which env variables we pass through `sudo` (#2087652) +- ci(Mergify): Add `ci-waived` logic (#2087652) +- json: use unsigned for refernce counter (#2087652) +- macro: check over flow in reference counter (#2087652) +- sd-bus: fix reference counter to be incremented (#2087652) +- sd-bus: introduce ref/unref function for track_item (#2087652) +- sd-bus: do not read unused value (#2087652) +- sd-bus: do not return negative errno when unknown name is specified (#2087652) +- sd-bus: use hashmap_contains() and drop unnecessary cast (#2087652) +- test: shorten code a bit (#2087652) +- test: add several tests for track item (#2087652) +- core/slice: make slice_freezer_action() return 0 if freezing state is unchanged (#2087652) +- core/unit: fix use-after-free (#2087652) +- core/timer: fix potential use-after-free (#2087652) +- core: command argument can be longer than PATH_MAX (#2073994) +- shared/install: consistently use 'lp' as the name for the LookupPaths instance (#2082131) +- shared/specifier: treat NULL the same as "" (#2082131) +- shared/install: do not print aliases longer than UNIT_NAME_MAX (#2082131) +- shared/install-printf: drop now-unused install_path_printf() (#2082131) +- strv: declare iterator of FOREACH_STRING() in the loop (#2082131) +- basic/unit-file: split out the subroutine for symlink verification (#2082131) +- basic/stat-util: add null_or_empty_path_with_root() (#2082131) +- shared/install: reuse the standard symlink verification subroutine (#2082131) +- shared/install: add a bit more quoting (#2082131) +- test: add test for systemctl link & enable (#2082131) +- tests: add helper for creating tempfiles with content (#2082131) +- man: clarify the descriptions of aliases and linked unit files (#2082131) +- basic: add new variable $SYSTEMD_OS_RELEASE to override location of os-release (#2082131) +- test-os-util: add basic tests for os-release parsing (#2082131) +- basic/env-file: make load-env-file deduplicate entries with the same key (#2082131) +- man/os-release: add a note about repeating entries (#2082131) +- shared/specifier: clarify and add test for missing data (#2082131) +- shared/specifier: provide proper error messages when specifiers fail to read files (#2082131) +- shared/install: provide proper error messages when invalid specifiers are used (#2082131) +- shared/install: move scope into InstallContext (#2082131) +- shared/specifier: fix %u/%U/%g/%G when called as unprivileged user (#2082131) +- shared/install: simplify unit_file_dump_changes() (#2082131) +- shared/install: propagate errors about invalid aliases and such too (#2082131) +- shared/install: return failure when enablement fails, but process as much as possible (#2082131) +- systemctl: fix silent failure when --root is not found (#2082131) +- shared/install: also check for self-aliases during installation and ignore them (#2082131) +- docs: Correct WantedBy= regarding template units (#2082131) +- man: fix invalid description of template handling in WantedBy= (#2082131) +- shared/install: drop unnecessary casts (#2082131) +- strv: make iterator in STRV_FOREACH() declaread in the loop (#2082131) +- core: ExecContext::restrict_filesystems is set of string (#2082131) +- install: when linking a file, create the link first or abort (#2082131) +- shared/install: split unit_file_{disable,enable}() so _reenable doesn't do setup twice (#2082131) +- shared/install: fix reenable on linked unit files (#2082131) +- test-systemctl-enable: extend the test for repeated WantedBy/RequiredBy (#2082131) +- shared/install: when we fail to chase a symlink, show some logs (#2082131) +- shared/install: do not try to resolve symlinks outside of root directory (#2082131) +- test-systemctl-enable: enhance the test for unit file linking (#2082131) +- shared/install: skip unnecessary chasing of symlinks in disable (#2082131) +- shared/install: also remove symlinks like .wants/foo@one.service → ../foo@one.service (#2082131) +- shared/install: create relative symlinks for enablement and aliasing (#2082131) +- shared/install: when looking for symlinks in .wants/.requires, ignore symlink target (#2082131) +- shared/install: stop passing duplicate root argument to install_name_printf() (#2082131) +- basic/unit-file: reverse negative conditional (#2082131) +- shared/install: split UNIT_FILE_SYMLINK into two states (#2082131) +- shared/install: fix handling of a linked unit file (#2082131) +- test-systemctl-enable: make shellcheck happy (#2082131) +- shared/install: when creating symlinks, accept different but equivalent symlinks (#2082131) +- test-systemctl-enable: use magic syntax to allow inverted tests (#2082131) +- test-systemctl-enable: also use freshly-built systemd-id128 (#2082131) +- test-systemctl-enable: disable the test for %a for now (#2082131) +- Rename UnitFileScope to LookupScope (#2082131) +- core: handle lookup paths being symlinks (#2082131) +- shared/install: use correct cleanup function (#2082131) +- udev/net_id: avoid slot based names only for single function devices (#2073003) +- test: import logind test from debian/ubuntu test suite (#2087652) +- test: drop redundant IMAGE_NAME= (#2087652) +- test: import timedated test from debian/ubuntu test suite (#2087652) +- test: introduce assert_not_in() helper function (#2087652) +- test: drop unnecessary --no-pager option (#2087652) +- test: support debian/ubuntu specific timezone config file (#2087652) +- test: import hostnamed tests from debian/ubuntu test suite (#2087652) +- locale-util: fix memleak on failure (#2087652) +- locale-util: check if enumerated locales are valid (#2087652) +- locale-util: align locale entries (#2087652) +- core: inline an iterator variable (#2087652) +- locale-setup: merge locale handling in PID1 and localed (#2087652) +- locale: rename keymap-util.[ch] -> localed-util.[ch] (#2087652) +- test: add one more path to search keymaps (#2087652) +- test: introduce inst_recursive() helper function (#2087652) +- hmac/sha256: move size define to sha256.h (#2087652) +- tpm2: support policies with PIN (#2087652) +- cryptenroll: add support for TPM2 pin (#2087652) +- cryptsetup: add support for TPM2 pin (#2087652) +- cryptsetup: add libcryptsetup TPM2 PIN support (#2087652) +- cryptenroll: add TPM2 PIN documentation (#2087652) +- cryptsetup: add manual TPM2 PIN configuration (#2087652) +- cryptenroll: add tests for TPM2 unlocking (#2087652) +- env-util: replace unsetenv_erase() by new getenv_steal_erase() helper (#2087652) +- test: install libxkbcommon and x11 keymaps (#2087652) +- test: install C.UTF-8 and English locales (#2087652) +- test: import localed tests from debian/ubuntu test suite (#2087652) +- unit: check for mount rate limiting before checking active state (#2087652) +- tests: make sure we delay running mount start jobs when /p/s/mountinfo is rate limited (#2087652) +- test: insert space in for loop (#2087652) +- test: move "do" at the end of line (#2087652) +- test: use trap RETURN (#2087652) +- test: ignore the error about our own libraries missing during image creation (#2087652) +- test: wrap binaries using systemd DSOs when running w/ ASan (#2087652) +- test: set $ASAN_RT_PATH along with $LD_PRELOAD to the ASan runtime DSO (#2087652) +- test: drop all LD_PRELOAD-related ASan workarounds (#2087652) +- test: don't wrap binaries built with ASan (#2087652) +- test: send stdout/stderr of testsuite units to journal & console (#2087652) +- test: make the busy loop in TEST-02 less verbose (#2087652) +- test: always wrap useradd/userdel when running w/ ASan (#2087652) +- test: don't flush debug logs to the console (#2087652) +- test: fix a couple of issues found by shellcheck (#2087652) +- test: pass the initdir to check_result_{qemu,nspawn} hooks (#2087652) +- test: run the custom check hooks before common checks (#2087652) +- test: check journal directly instead of capturing console output (#2087652) +- test: use saved process PID instead of % (#2087652) +- test: account for ADDR_NO_RANDOMIZE if it's set (#2087652) +- fuzz-bcd: silence warning about always-true comparison (#2087652) +- test: disable test_ntp on RHEL (#2087652) +- core: do not filter out systemd.unit= and run-level specifier from kernel command line (#2087652) +- test: add a simple test for daemon-reexec (#2087652) +- test: install /usr/libexec/vi as well (#2087652) +- test: resize the terminal automagically with INTERACTIVE_DEBUG=yes (#2087652) +- test: create an ASan wrapper for `getent` and `su` (#2087652) +- test: mark partition bootable (#2087652) +- test: bump the data partition size if we don't strip binaries (#2087652) +- test: use PBKDF2 with capped iterations instead of Argon2 (#2087652) +- locale: drop unnecessary allocation (#2087652) + +* Wed Apr 20 2022 systemd maintenance team - 250-7 +- test: check systemd RPM macros (#2017035) +- test: do not assume x86-64 arch in TEST-58-REPART (#2017035) +- tests: add repart tests for block devices with 1024, 2048, 4096 byte sector sizes (#2017035) +- test: accept both unpadded and padded partition sizes (#2017035) +- test: lvm 2.03.15 dropped the static autoactivation (#2017035) +- test: accept GC'ed units in newer LVM (#2017035) +- shared: Add more dlopen() tests (#2017035) +- systemctl: Show how long a service ran for after it exited in status output (#2017035) +- time-util: introduce TIMESTAMP_UNIX (#2017035) +- systemctl,man: update docs for `--timestamp=` (#2017035) +- systemctl: make `--timestamp=` affect the `show` verb as well (#2017035) +- tests: allow running all the services with SYSTEMD_LOG_LEVEL (#2017035) +- coredump: raise the coredump save size on 64bit systems to 32G (and lower it to 1G on 32bit systems) (#2017035) +- repart: fix sector size handling (#2017035) +- mkdir: allow to create directory whose path contains symlink (#2017035) +- mkdir: CHASE_NONEXISTENT cannot used in chase_symlinks_and_stat() (#2017035) +- meson: move efi file lists closer to where they are used (#2017035) +- meson: move efi summary() section to src/boot/efi (#2017035) +- meson: report SBAT settings (#2017035) +- boot: Build BCD parser only on arches supported by Windows (#2017035) +- meson: Remove efi-cc option (#2017035) +- meson: Get objcopy location from compiler (#2017035) +- meson: Use files() for source lists for boot and fundamental (#2017035) +- meson: Use files() for tests (#2017035) +- tests: add fuzz-bcd (#2017035) +- meson: Use files() for fuzzers (#2017035) +- meson: Add check argument to remaining run_command() calls (#2017035) +- meson: Use echo to list files (#2017035) +- test: add a test for mkdir_p() (#2017035) +- util: another set of CVE-2021-4034 assert()s (#2017035) +- basic: update CIFS magic (#2017035) +- shared: be extra paranoid and check if argc > 0 (#2017035) +- core: check if argc > 0 and argv[0] is set (#2017035) +- core: check argc/argv uncoditionally (#2017035) +- test: temporary workaround for #21819 (#2017035) +- test: don't leak local variable to outer scopes (#2017035) +- tree-wide: don't use strjoina() on getenv() values (#2017035) +- man: clarify Environmentfile format (#2017035) +- test-load-fragment: add a basic test for config_parse_unit_env_file() (#2017035) +- core/execute: use _cleanup_ in exec_context_load_environment() (#2017035) +- test-env-file: add tests for quoting in env files (#2017035) + +util-linux-core| +* Thu Feb 08 2024 Karel Zak 2.37.4-18 +- lscpu: another tests update (RHEL-12783) + +* Thu Feb 08 2024 Karel Zak 2.37.4-17 +- lscpu: update tests, follow max freq for scaling (RHEL-12783) + +* Wed Feb 07 2024 Karel Zak 2.37.4-16 +- fix RHEL-16048 - uninitialized memory in SCM_CREDENTIALS in logger(1) +- fix RHEL-21257 - logger sending process start time not current time with log messages +- fix RHEL-16071 - issues in libblkid +- fix RHEL-12783 - lscpu -e doesn't show the current real frequency value +- fix RHEL-14612 - Userspace mount options are not preserved for NFS + +* Thu Aug 24 2023 Karel Zak 2.37.4-15 +- fix typo in patch for #2133396 + +* Wed Aug 23 2023 Karel Zak 2.37.4-14 +- improve fix #2133396 - Internal testsuite for cramfs fails on s390x + +* Thu Aug 10 2023 Karel Zak 2.37.4-13 +- improve fix #2180414 - Backport hint about systemd daemon-reload + +* Wed Aug 09 2023 Karel Zak 2.37.4-12 +- fix #2133396 - Internal testsuite for cramfs fails on s390x +- fix #2174748 - enable uuidd cont-clock by default +- fix #2182169 - lscpu: backport ARM human-readable names from upstream +- fix #2189947 - libuuid - downport cache related patch +- fix #2203324 - zram module does not have algorithms mentioned in zramctl command +- fix #2209267 - Add additional documentation on devices being auto-mounted if a device exists within fstab. +- fix #2215082 - For the 'sfdisk' man page to further clarify the expected behavior and intended use of the -d option + +* Tue Mar 28 2023 Karel Zak 2.37.4-11 +- fix #2180414 - Backport hint about systemd daemon-reload + +* Tue Feb 07 2023 Karel Zak 2.37.4-10 +- fix #2165981 - fstrim -av fails to trim root filesystem on Red Hat Coreos +- fix #2141970 - add --cont-clock feature for libuuid and uuidd +- fix #2133385 - uuidd returns time-based UUIDs when asked for random UUIDs. +- fix #2156946 - agetty does not handle the \l sequence in /etc/issue correctly +- fix #2166653 - last(1) should be more robust with work with strings +- fix #2120246 - use {_tmpfilesdir} also in install section +- fix #2134143 - publish libsmartcols-devel subpackages to C9S yum repos + +* Wed Aug 24 2022 Karel Zak 2.37.4-9 +- improve lslogins pasword validator (related #2094216) + +* Mon Aug 15 2022 Karel Zak 2.37.4-8 +- remove unnecessary patches (#2117203) + +* Fri Aug 12 2022 Karel Zak 2.37.4-7 +- improve loop overlay test (#2117203) + +* Wed Aug 10 2022 Karel Zak 2.37.4-6 +- fix #2094216 - lslogins reports incorrect "Password is locked" status +- fix #2117203 - loop-overlay test failed + +* Fri Jul 22 2022 Karel Zak 2.37.4-5 +- cleanup spec file build requiremnts + +* Thu Jul 21 2022 Karel Zak 2.37.4-4 +- fix #2079652 - remove uclampset, unsupported by RHEL kernel +- fix #2094216 - lslogins reports incorrect "Password is locked" status +- fix #2092943 - uuidd time based UUIDs are without MAC address +- fix #2074486 - wipefs to erase all available signatures against read only rom +- fix #2064810 - RFE: complete libblkid FSSIZE implementation +- fix #2078787 - Activity "lsirq -s column" produces wrong result i.e. not sorting properly. +- fix #2076829 - dmesg new option "--since" is not working if timestamp format is not provided +- fix #2109459 - fix compiler warnings/errors + +* Thu Feb 24 2022 Karel Zak 2.37.4-3 +- fix #2057046 - wdctl not picking up reboot reason flag + +* Thu Feb 17 2022 Karel Zak 2.37.4-2 +- improve bugfix for #2047952, fix warnings from rpminspect + +* Wed Feb 16 2022 Karel Zak 2.37.4-1 +- upgrade to v2.37.4 (fix CVE-2022-0563) + +libssh| +* Mon Feb 19 2024 Sahana Prasad - 0.10.4-13 +- Bump up the version so that the version in 9.3 is lower. +- Resolves: RHEL-19310, RHEL-19691, RHEL-17245 + +* Tue Jan 09 2024 Sahana Prasad - 0.10.4-12 +- Fix CVE-2023-48795 Prefix truncation attack on Binary Packet Protocol (BPP) +- Fix CVE-2023-6918 Missing checks for return values for digests +- Fix CVE-2023-6004 ProxyCommand/ProxyJump features allow injection + of malicious code through hostname +- Resolves: RHEL-19310, RHEL-19691, RHEL-17245 + +* Wed Jun 21 2023 Norbert Pocs - 0.10.4-11 +- Fix loglevel regression +- Related: rhbz#2182252, rhbz#2189740 + +* Mon May 22 2023 Norbert Pocs - 0.10.4.10 +- Fix null dereference issues found by covscan +- Related: rhbz#2182252, rhbz#2189740 + +* Wed May 10 2023 Norbert Pocs - 0.10.4-9 +- Fix CVE-2023-1667 and CVE-2023-2283 +- Fix issues found by cosvcan +- Resolves: rhbz#2182252, rhbz#2189740 + +* Mon Jan 23 2023 Stanislav Zidek - 0.10.4-8 ++ libssh-0.10.4-8 +- Extended CI to run internal tests in RHEL +- Related: rhbz#2160080 + +* Wed Jan 04 2023 Norbert Pocs - 0.10.4-7 +- Add sk-keys to configuration parsing allowing to turn on-off by config +- Related: rhbz#2026449 + +* Thu Dec 01 2022 Norbert Pocs - 0.10.4-6 +- Fix covscan error +- Remove unwanted test with yet unimplemented feature +- Related: rhbz#2137839, rhbz#2136824 + +* Thu Dec 01 2022 Stanislav Zidek - 0.10.4-5 ++ libssh-0.10.4-5 +- Fixed CI configuration due to TMT changes + +* Wed Nov 30 2022 Norbert Pocs - 0.10.4-4 +- Move loglevel closer to openssh loglevel +- Add openssh config feature of +,-,^ for algorithm lists +- Fix memory leaks of bignum +- Prevent multiple expansion of escape characters +- Resolves: rhbz#2132407, rhbz#2137839, rhbz#2144795, rhbz#2136824 + +* Tue Oct 04 2022 Norbert Pocs - 0.10.4-3 +- Enable pkcs11 support +- Fix broken libsofthsm path on i686 +- Add missing bugzilla references from the rebase commit +- Related: rhbz#2026449 +- Resolves: rhbz#1977913, rhbz#1975500 + +* Tue Sep 27 2022 Norbert Pocs - 0.10.4-2 +- Fix coverity scan issues +- Resolves: rhbz#2130126 + +* Mon Sep 19 2022 Norbert pocs - 0.10.4-1 +- Rebase to version 0.10.4 +- Add pkcs11 support +- Disallow ssh-rsa key in FIPS mode +- Fix openssl KDF check at build +- ChangeLog was renamed to CHANGELOG +- Resolves: rhbz#2068475, rhbz#2026449, rhbz#2004021, + rhbz#1977913, rhbz#1975500 + +cyrus-sasl-lib| +* Mon Aug 01 2022 Simo Sorce - 2.1.27-21 +- Fix memleak + +* Wed Feb 23 2022 Simo Sorce - 2.1.27-20 +- Fix for CVE-2022-24407 +- Resolves: rhbz#2055848 + +* Wed Feb 09 2022 Simo Sorce - 2.1.27-19 +- Fix a memleak in one of the OpenSSL 3 compat patches + found by covscan + +* Mon Feb 07 2022 Simo Sorce - 2.1.27-18 +- Update OpenSSL 3 related compatibility patch backports + +* Mon Aug 09 2021 Mohan Boddu - 2.1.27-17 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Wed Jul 28 2021 Simo Sorce - 2.1.27-16 +- Rebuild to pass gating after fixing rhbz#1983928 + +* Wed Jul 28 2021 Florian Weimer - 2.1.27-15 +- Rebuild to pick up OpenSSL 3.0 Beta ABI (#1984097) + +* Mon Jul 19 2021 Simo Sorce - 2.1.27-14 +- Fix crashs on missing legacy algorithms + Resolves: rhbz#1974354 + +* Wed Jun 16 2021 Mohan Boddu - 2.1.27-13 +- Rebuilt for RHEL 9 BETA for openssl 3.0 + Related: rhbz#1971065 + +* Fri Jun 04 2021 Dmitry Belyavskiy - 2.1.27-12 +- Incorporate the upstream gdbm specific patch from + https://github.com/cyrusimap/cyrus-sasl/pull/554 +- Resolves rhbz#1947971 + +* Wed Apr 28 2021 Dmitry Belyavskiy - 2.1.27-11 +- Set default sasldb database to GDBM instead of BerkeleyDB +- Add the migration tool from BerkeleyDB +- Add some PLAIN auth tests +- Resolves rhbz#1947971 + +* Thu Apr 15 2021 Mohan Boddu - 2.1.27-10 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Mon Apr 12 2021 Dmitry Belyavskiy - 2.1.27-9 +- Coverity-related fixes (#1938700) + +* Mon Feb 08 2021 Pavel Raiskup - 2.1.27-8 +- rebuild for libpq ABI fix rhbz#1908268 + +* Tue Jan 26 2021 Fedora Release Engineering - 2.1.27-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +libarchive| +* Sat May 04 2024 Release Engineering - 3.5.3-4.0.1 +- Rebuild package to address build system issue + +* Wed Nov 23 2022 Lukas Javorsky - 3.5.3-4 +- Resolves: CVE-2022-36227 + +* Tue Jul 12 2022 Lukas Javorsky - 3.5.3-3 +- Resolves: #2106651 + +* Wed May 18 2022 Lukas Javorsky - 3.5.3-2 +- Resolves: CVE-2022-26280 + +openssl| +* Wed Feb 21 2024 Dmitry Belyavskiy - 1:3.0.7-27 +- Use certified FIPS module instead of freshly built one in Red Hat distribution + Related: RHEL-23474 + +* Tue Nov 21 2023 Dmitry Belyavskiy - 1:3.0.7-26 +- Avoid implicit function declaration when building openssl + Related: RHEL-1780 +- In FIPS mode, prevent any other operations when rsa_keygen_pairwise_test fails + Resolves: RHEL-17104 +- Add a directory for OpenSSL providers configuration + Resolves: RHEL-17193 +- Eliminate memory leak in OpenSSL when setting elliptic curves on SSL context + Resolves: RHEL-19515 +- POLY1305 MAC implementation corrupts vector registers on PowerPC (CVE-2023-6129) + Resolves: RHEL-21151 +- Excessive time spent checking invalid RSA public keys (CVE-2023-6237) + Resolves: RHEL-21654 +- SSL ECDHE Kex fails when pkcs11 engine is set in config file + Resolves: RHEL-20249 +- Denial of service via null dereference in PKCS#12 + Resolves: RHEL-22486 +- Use certified FIPS module instead of freshly built one in Red Hat distribution + Resolves: RHEL-23474 + +* Mon Oct 16 2023 Dmitry Belyavskiy - 1:3.0.7-25 +- Provide relevant diagnostics when FIPS checksum is corrupted + Resolves: RHEL-5317 +- Don't limit using SHA1 in KDFs in non-FIPS mode. + Resolves: RHEL-5295 +- Provide empty evp_properties section in main OpenSSL configuration file + Resolves: RHEL-11439 +- Avoid implicit function declaration when building openssl + Resolves: RHEL-1780 +- Forbid explicit curves when created via EVP_PKEY_fromdata + Resolves: RHEL-5304 +- AES-SIV cipher implementation contains a bug that causes it to ignore empty + associated data entries (CVE-2023-2975) + Resolves: RHEL-5302 +- Excessive time spent checking DH keys and parameters (CVE-2023-3446) + Resolves: RHEL-5306 +- Excessive time spent checking DH q parameter value (CVE-2023-3817) + Resolves: RHEL-5308 +- Fix incorrect cipher key and IV length processing (CVE-2023-5363) + Resolves: RHEL-13251 +- Switch explicit FIPS indicator for RSA-OAEP to approved following + clarification with CMVP + Resolves: RHEL-14083 +- Backport the check required by SP800-56Br2 6.4.1.2.1 (3.c) + Resolves: RHEL-14083 +- Add missing ECDH Public Key Check in FIPS mode + Resolves: RHEL-15990 +- Excessive time spent in DH check/generation with large Q parameter value (CVE-2023-5678) + Resolves: RHEL-15954 + +* Wed Jul 12 2023 Dmitry Belyavskiy - 1:3.0.7-24 +- Make FIPS module configuration more crypto-policies friendly + Related: rhbz#2216256 + +* Tue Jul 11 2023 Dmitry Belyavskiy - 1:3.0.7-23 +- Add a workaround for lack of EMS in FIPS mode + Resolves: rhbz#2216256 + +* Thu Jul 06 2023 Sahana Prasad - 1:3.0.7-22 +- Remove unsupported curves from nist_curves. + Resolves: rhbz#2069336 + +* Mon Jun 26 2023 Sahana Prasad - 1:3.0.7-21 +- Remove the listing of brainpool curves in FIPS mode. + Related: rhbz#2188180 + +* Tue May 30 2023 Dmitry Belyavskiy - 1:3.0.7-20 +- Fix possible DoS translating ASN.1 object identifiers + Resolves: CVE-2023-2650 +- Release the DRBG in global default libctx early + Resolves: rhbz#2211340 + +* Mon May 22 2023 Clemens Lang - 1:3.0.7-19 +- Re-enable DHX keys in FIPS mode, disable FIPS 186-4 parameter validation and generation in FIPS mode + Resolves: rhbz#2169757 + +* Thu May 18 2023 Dmitry Belyavskiy - 1:3.0.7-18 +- Use OAEP padding and aes-128-cbc by default in cms command in FIPS mode + Resolves: rhbz#2160797 + +* Tue May 09 2023 Dmitry Belyavskiy - 1:3.0.7-17 +- Enforce using EMS in FIPS mode - better alerts + Related: rhbz#2157951 + +* Tue May 02 2023 Sahana Prasad - 1:3.0.7-16 +- Upload new upstream sources without manually hobbling them. +- Remove the hobbling script as it is redundant. It is now allowed to ship + the sources of patented EC curves, however it is still made unavailable to use + by compiling with the 'no-ec2m' Configure option. The additional forbidden + curves such as P-160, P-192, wap-tls curves are manually removed by updating + 0011-Remove-EC-curves.patch. +- Enable Brainpool curves. +- Apply the changes to ec_curve.c and ectest.c as a new patch + 0010-Add-changes-to-ectest-and-eccurve.patch instead of replacing them. +- Modify 0011-Remove-EC-curves.patch to allow Brainpool curves. +- Modify 0011-Remove-EC-curves.patch to allow code under macro OPENSSL_NO_EC2M. + Resolves: rhbz#2130618, rhbz#2188180 + +* Fri Apr 28 2023 Dmitry Belyavskiy - 1:3.0.7-15 +- Backport implicit rejection for RSA PKCS#1 v1.5 encryption + Resolves: rhbz#2153471 + +* Fri Apr 21 2023 Dmitry Belyavskiy - 1:3.0.7-14 +- Input buffer over-read in AES-XTS implementation on 64 bit ARM + Resolves: rhbz#2188554 + +* Tue Apr 18 2023 Dmitry Belyavskiy - 1:3.0.7-13 +- Enforce using EMS in FIPS mode + Resolves: rhbz#2157951 +- Fix excessive resource usage in verifying X509 policy constraints + Resolves: rhbz#2186661 +- Fix invalid certificate policies in leaf certificates check + Resolves: rhbz#2187429 +- Certificate policy check not enabled + Resolves: rhbz#2187431 +- OpenSSL rsa_verify_recover key length checks in FIPS mode + Resolves: rhbz#2186819 + +* Fri Mar 24 2023 Clemens Lang - 1:3.0.7-12 +- Change explicit FIPS indicator for RSA decryption to unapproved + Resolves: rhbz#2179379 + +* Mon Mar 20 2023 Clemens Lang - 1:3.0.7-11 +- Add missing reference to patchfile to add explicit FIPS indicator to RSA + encryption and RSASVE and fix the gettable parameter list for the RSA + asymmetric cipher implementation. + Resolves: rhbz#2179379 + +* Fri Mar 17 2023 Clemens Lang - 1:3.0.7-10 +- Add explicit FIPS indicator to RSA encryption and RSASVE + Resolves: rhbz#2179379 + +* Thu Mar 16 2023 Clemens Lang - 1:3.0.7-9 +- Fix explicit FIPS indicator for X9.42 KDF when used with output lengths < 14 bytes + Resolves: rhbz#2175864 + +* Thu Mar 16 2023 Clemens Lang - 1:3.0.7-8 +- Fix Wpointer-sign compiler warning + Resolves: rhbz#2178034 + +* Tue Mar 14 2023 Clemens Lang - 1:3.0.7-7 +- Add explicit FIPS indicators to key derivation functions + Resolves: rhbz#2175860 rhbz#2175864 +- Zeroize FIPS module integrity check MAC after check + Resolves: rhbz#2175873 +- Add explicit FIPS indicator for IV generation in AES-GCM + Resolves: rhbz#2175868 +- Add explicit FIPS indicator for PBKDF2, use test vector with FIPS-compliant + salt in PBKDF2 FIPS self-test + Resolves: rhbz#2178137 +- Limit RSA_NO_PADDING for encryption and signature in FIPS mode + Resolves: rhbz#2178029 +- Pairwise consistency tests should use Digest+Sign/Verify + Resolves: rhbz#2178034 +- Forbid DHX keys import in FIPS mode + Resolves: rhbz#2178030 +- DH PCT should abort on failure + Resolves: rhbz#2178039 +- Increase RNG seeding buffer size to 32 + Related: rhbz#2168224 + +* Wed Mar 08 2023 Dmitry Belyavskiy - 1:3.0.7-6 +- Fixes RNG slowdown in FIPS mode + Resolves: rhbz#2168224 + +* Wed Feb 08 2023 Dmitry Belyavskiy - 1:3.0.7-5 +- Fixed X.509 Name Constraints Read Buffer Overflow + Resolves: CVE-2022-4203 +- Fixed Timing Oracle in RSA Decryption + Resolves: CVE-2022-4304 +- Fixed Double free after calling PEM_read_bio_ex + Resolves: CVE-2022-4450 +- Fixed Use-after-free following BIO_new_NDEF + Resolves: CVE-2023-0215 +- Fixed Invalid pointer dereference in d2i_PKCS7 functions + Resolves: CVE-2023-0216 +- Fixed NULL dereference validating DSA public key + Resolves: CVE-2023-0217 +- Fixed X.400 address type confusion in X.509 GeneralName + Resolves: CVE-2023-0286 +- Fixed NULL dereference during PKCS7 data verification + Resolves: CVE-2023-0401 + +* Wed Jan 11 2023 Clemens Lang - 1:3.0.7-4 +- Disallow SHAKE in RSA-OAEP decryption in FIPS mode + Resolves: rhbz#2142121 + +* Thu Jan 05 2023 Dmitry Belyavskiy - 1:3.0.7-3 +- Refactor OpenSSL fips module MAC verification + Resolves: rhbz#2157965 + +* Thu Nov 24 2022 Dmitry Belyavskiy - 1:3.0.7-2 +- Various provider-related imrovements necessary for PKCS#11 provider correct operations + Resolves: rhbz#2142517 +- We should export 2 versions of OPENSSL_str[n]casecmp to be compatible with upstream + Resolves: rhbz#2133809 +- Removed recommended package for openssl-libs + Resolves: rhbz#2093804 +- Adjusting include for the FIPS_mode macro + Resolves: rhbz#2083879 +- Backport of ppc64le Montgomery multiply enhancement + Resolves: rhbz#2130708 +- Fix explicit indicator for PSS salt length in FIPS mode when used with + negative magic values + Resolves: rhbz#2142087 +- Update change to default PSS salt length with patch state from upstream + Related: rhbz#2142087 + +* Tue Nov 22 2022 Dmitry Belyavskiy - 1:3.0.7-1 +- Rebasing to OpenSSL 3.0.7 + Resolves: rhbz#2129063 + +* Mon Nov 14 2022 Dmitry Belyavskiy - 1:3.0.1-44 +- SHAKE-128/256 are not allowed with RSA in FIPS mode + Resolves: rhbz#2144010 +- Avoid memory leaks in TLS + Resolves: rhbz#2144008 +- FIPS RSA CRT tests must use correct parameters + Resolves: rhbz#2144006 +- FIPS-140-3 permits only SHA1, SHA256, and SHA512 for DRBG-HASH/DRBG-HMAC + Resolves: rhbz#2144017 +- Remove support for X9.31 signature padding in FIPS mode + Resolves: rhbz#2144015 +- Add explicit indicator for SP 800-108 KDFs with short key lengths + Resolves: rhbz#2144019 +- Add explicit indicator for HMAC with short key lengths + Resolves: rhbz#2144000 +- Set minimum password length for PBKDF2 in FIPS mode + Resolves: rhbz#2144003 +- Add explicit indicator for PSS salt length in FIPS mode + Resolves: rhbz#2144012 +- Clamp default PSS salt length to digest size for FIPS 186-4 compliance + Related: rhbz#2144012 +- Forbid short RSA keys for key encapsulation/decapsulation in FIPS mode + Resolves: rhbz#2145170 + +* Tue Nov 01 2022 Dmitry Belyavskiy - 1:3.0.1-43 +- CVE-2022-3602: X.509 Email Address Buffer Overflow +- CVE-2022-3786: X.509 Email Address Buffer Overflow + Resolves: CVE-2022-3602 + +* Wed Oct 26 2022 Dmitry Belyavskiy - 1:3.0.1-42 +- CVE-2022-3602: X.509 Email Address Buffer Overflow + Resolves: CVE-2022-3602 (rhbz#2137723) + +* Thu Aug 11 2022 Clemens Lang - 1:3.0.1-41 +- Zeroize public keys as required by FIPS 140-3 + Related: rhbz#2102542 +- Add FIPS indicator for HKDF + Related: rhbz#2114772 + +* Fri Aug 05 2022 Dmitry Belyavskiy - 1:3.0.1-40 +- Deal with DH keys in FIPS mode according FIPS-140-3 requirements + Related: rhbz#2102536 +- Deal with ECDH keys in FIPS mode according FIPS-140-3 requirements + Related: rhbz#2102537 +- Use signature for RSA pairwise test according FIPS-140-3 requirements + Related: rhbz#2102540 +- Reseed all the parent DRBGs in chain on reseeding a DRBG + Related: rhbz#2102541 + +* Mon Aug 01 2022 Clemens Lang - 1:3.0.1-39 +- Use RSA-OAEP in FIPS RSA encryption/decryption FIPS self-test +- Use Use digest_sign & digest_verify in FIPS signature self test +- Use FFDHE2048 in Diffie-Hellman FIPS self-test + Resolves: rhbz#2102535 + +* Thu Jul 14 2022 Clemens Lang - 1:3.0.1-38 +- Fix segfault in EVP_PKEY_Q_keygen() when OpenSSL was not previously + initialized. + Resolves: rhbz#2103289 +- Improve AES-GCM performance on Power9 and Power10 ppc64le + Resolves: rhbz#2051312 +- Improve ChaCha20 performance on Power10 ppc64le + Resolves: rhbz#2051312 + +* Tue Jul 05 2022 Clemens Lang - 1:3.0.1-37 +- CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86 + Resolves: CVE-2022-2097 + +* Thu Jun 16 2022 Dmitry Belyavskiy - 1:3.0.1-36 +- Ciphersuites with RSAPSK KX should be filterd in FIPS mode +- Related: rhbz#2085088 +- FIPS provider should block RSA encryption for key transport. +- Other RSA encryption options should still be available if key length is enough +- Related: rhbz#2053289 +- Improve diagnostics when passing unsupported groups in TLS +- Related: rhbz#2070197 +- Fix PPC64 Montgomery multiplication bug +- Related: rhbz#2098199 +- Strict certificates validation shouldn't allow explicit EC parameters +- Related: rhbz#2058663 +- CVE-2022-2068: the c_rehash script allows command injection +- Related: rhbz#2098277 + +* Wed Jun 08 2022 Clemens Lang - 1:3.0.1-35 +- Add explicit indicators for signatures in FIPS mode and mark signature + primitives as unapproved. + Resolves: rhbz#2087147 + +* Fri Jun 03 2022 Dmitry Belyavskiy - 1:3.0.1-34 +- Some OpenSSL test certificates are expired, updating +- Resolves: rhbz#2092456 + +* Thu May 26 2022 Dmitry Belyavskiy - 1:3.0.1-33 +- CVE-2022-1473 openssl: OPENSSL_LH_flush() breaks reuse of memory +- Resolves: rhbz#2089444 +- CVE-2022-1343 openssl: Signer certificate verification returned + inaccurate response when using OCSP_NOCHECKS +- Resolves: rhbz#2087911 +- CVE-2022-1292 openssl: c_rehash script allows command injection +- Resolves: rhbz#2090362 +- Revert "Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode" + Related: rhbz#2087147 +- Use KAT for ECDSA signature tests, s390 arch +- Resolves: rhbz#2069235 + +* Thu May 19 2022 Dmitry Belyavskiy - 1:3.0.1-32 +- `openssl ecparam -list_curves` lists only FIPS-approved curves in FIPS mode +- Resolves: rhbz#2083240 +- Ciphersuites with RSA KX should be filterd in FIPS mode +- Related: rhbz#2085088 +- In FIPS mode, signature verification works with keys of arbitrary size + above 2048 bit, and only with 1024, 1280, 1536, 1792 bits for keys + below 2048 bits +- Resolves: rhbz#2077884 + +* Wed May 18 2022 Clemens Lang - 1:3.0.1-31 +- Disable SHA-1 signature verification in FIPS mode +- Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode + Resolves: rhbz#2087147 + +* Mon May 16 2022 Dmitry Belyavskiy - 1:3.0.1-30 +- Use KAT for ECDSA signature tests +- Resolves: rhbz#2069235 + +* Thu May 12 2022 Dmitry Belyavskiy - 1:3.0.1-29 +- `-config` argument of openssl app should work properly in FIPS mode +- Resolves: rhbz#2083274 +- openssl req defaults on PKCS#8 encryption changed to AES-256-CBC +- Resolves: rhbz#2063947 + +* Fri May 06 2022 Dmitry Belyavskiy - 1:3.0.1-28 +- OpenSSL should not accept custom elliptic curve parameters +- Resolves rhbz#2066412 +- OpenSSL should not accept explicit curve parameters in FIPS mode +- Resolves rhbz#2058663 + +* Fri May 06 2022 Clemens Lang - 1:3.0.1-27 +- Change FIPS module version to include hash of specfile, patches and sources + Resolves: rhbz#2070550 + +* Thu May 05 2022 Dmitry Belyavskiy - 1:3.0.1-26 +- OpenSSL FIPS module should not build in non-approved algorithms +- Resolves: rhbz#2081378 + +* Mon May 02 2022 Dmitry Belyavskiy - 1:3.0.1-25 +- FIPS provider should block RSA encryption for key transport. +- Other RSA encryption options should still be available +- Resolves: rhbz#2053289 + +* Thu Apr 28 2022 Clemens Lang - 1:3.0.1-24 +- Fix regression in evp_pkey_name2type caused by tr_TR locale fix + Resolves: rhbz#2071631 + +* Wed Apr 20 2022 Dmitry Belyavskiy - 1:3.0.1-23 +- Fix openssl curl error with LANG=tr_TR.utf8 +- Resolves: rhbz#2071631 + +* Mon Mar 28 2022 Dmitry Belyavskiy - 1:3.0.1-22 +- FIPS provider should block RSA encryption for key transport +- Resolves: rhbz#2053289 + +* Tue Mar 22 2022 Clemens Lang - 1:3.0.1-21 +- Fix occasional internal error in TLS when DHE is used +- Resolves: rhbz#2004915 + +* Fri Mar 18 2022 Clemens Lang - 1:3.0.1-20 +- Fix acceptance of SHA-1 certificates with rh-allow-sha1-signatures = yes when + no OpenSSL library context is set +- Resolves: rhbz#2065400 + +* Fri Mar 18 2022 Clemens Lang - 1:3.0.1-19 +- Fix TLS connections with SHA1 signatures if rh-allow-sha1-signatures = yes +- Resolves: rhbz#2065400 + +* Wed Mar 16 2022 Dmitry Belyavskiy - 1:3.0.1-18 +- CVE-2022-0778 fix +- Resolves: rhbz#2062315 + +* Thu Mar 10 2022 Clemens Lang - 1:3.0.1-17 +- Fix invocation of EVP_PKEY_CTX_set_rsa_padding(RSA_PKCS1_PSS_PADDING) before + setting an allowed digest with EVP_PKEY_CTX_set_signature_md() +- Skipping 3.0.1-16 due to version numbering confusion with the RHEL-9.0 branch +- Resolves: rhbz#2062640 + +* Tue Mar 01 2022 Clemens Lang - 1:3.0.1-15 +- Allow SHA1 in SECLEVEL 2 if rh-allow-sha1-signatures = yes +- Resolves: rhbz#2060510 + +* Fri Feb 25 2022 Clemens Lang - 1:3.0.1-14 +- Prevent use of SHA1 with ECDSA +- Resolves: rhbz#2031742 + +* Fri Feb 25 2022 Dmitry Belyavskiy - 1:3.0.1-13 +- OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters +- Resolves: rhbz#1977867 + +* Thu Feb 24 2022 Peter Robinson - 1:3.0.1-12 +- Support KBKDF (NIST SP800-108) with an R value of 8bits +- Resolves: rhbz#2027261 + +* Wed Feb 23 2022 Clemens Lang - 1:3.0.1-11 +- Allow SHA1 usage in MGF1 for RSASSA-PSS signatures +- Resolves: rhbz#2031742 + +* Wed Feb 23 2022 Dmitry Belyavskiy - 1:3.0.1-10 +- rebuilt + +* Tue Feb 22 2022 Clemens Lang - 1:3.0.1-9 +- Allow SHA1 usage in HMAC in TLS +- Resolves: rhbz#2031742 + +* Tue Feb 22 2022 Dmitry Belyavskiy - 1:3.0.1-8 +- OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters +- Resolves: rhbz#1977867 +- pkcs12 export broken in FIPS mode +- Resolves: rhbz#2049265 + +* Tue Feb 22 2022 Clemens Lang - 1:3.0.1-8 +- Disable SHA1 signature creation and verification by default +- Set rh-allow-sha1-signatures = yes to re-enable +- Resolves: rhbz#2031742 + +libevent| +* Mon Aug 09 2021 Mohan Boddu - 2.1.12-6 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Wed Jun 16 2021 Mohan Boddu - 2.1.12-5 +- Rebuilt for RHEL 9 BETA for openssl 3.0 + Related: rhbz#1971065 + +* Fri Apr 16 2021 Mohan Boddu - 2.1.12-4 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Jan 26 2021 Fedora Release Engineering - 2.1.12-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Tue Sep 29 2020 Ondřej Lysoněk - 2.1.12-2 +- Temporarily revert a problematic upstream change + +* Mon Sep 14 2020 Ondřej Lysoněk - 2.1.12-1 +- new version +- Resolves: rhbz#1713942 + +* Tue Jul 28 2020 Fedora Release Engineering - 2.1.8-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Mon Jul 13 2020 Tom Stellard - 2.1.8-9 +- Use make macros +- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro + +* Wed Jan 29 2020 Fedora Release Engineering - 2.1.8-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Thu Aug 15 2019 Ondřej Lysoněk - 2.1.8-7 +- Port python scripts to Python 3 +- Resolves: rhbz#1738022 +- Resolves: rhbz#1655232 + +gobject-introspection| +* Fri Nov 04 2022 Tomas Popela - 1.68.0-11 +- Fix FTBFS for a possible Meson rebase +- Resolves: rhbz#2140108 + +* Thu Oct 14 2021 David King - 1.68.0-10 +- Change Conflicts syntax (#1915339) + +* Fri Oct 08 2021 David King - 1.68.0-9 +- Add Conflicts for i686/x86_64 devel subpackage (#1915339) + +* Wed Aug 18 2021 Carlos O'Donell - 1.68.0-8 +- Rebuilt for libffi 3.4.2 SONAME transition. Related: rhbz#1891914 + +* Mon Aug 09 2021 Mohan Boddu +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Sat Jul 10 2021 David King - 1.68.0-6 +- Add Requires on python-markdown for g-ir-doc-tool (#1979144) +- Add license texts and documentation files (#1979144) + +libpeas| +* Mon Aug 09 2021 Mohan Boddu - 1.30.0-4 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Fri Jun 11 2021 Bastien Nocera - 1.30.0-3 ++ libpeas-1.30.0-3 +- Correct license for some of the icons +- Resolves: rhbz#1971434 + +* Fri Apr 16 2021 Mohan Boddu - 1.30.0-2 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Mon Mar 22 2021 Kalev Lember - 1.30.0-1 +- Update to 1.30.0 + +* Tue Jan 26 2021 Fedora Release Engineering - 1.28.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Sat Sep 12 2020 Kalev Lember - 1.28.0-1 +- Update to 1.28.0 + +* Tue Aug 04 2020 Bastien Nocera - 1.26.0-5 ++ libpeas-1.26.0-5 +- Remove unused Python macro that caused errors on install (#1863667) + +* Sat Aug 01 2020 Fedora Release Engineering - 1.26.0-4 +- Second attempt - Rebuilt for + https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue Jul 28 2020 Fedora Release Engineering - 1.26.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue May 26 2020 Miro Hrončok - 1.26.0-2 +- Rebuilt for Python 3.9 + +* Fri Mar 06 2020 Kalev Lember - 1.26.0-1 +- Update to 1.26.0 + +* Wed Jan 29 2020 Fedora Release Engineering - 1.25.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Thu Jan 16 2020 Kalev Lember - 1.25.3-1 +- Update to 1.25.3 + +* Thu Oct 31 2019 Kalev Lember - 1.24.1-1 +- Update to 1.24.1 + +* Tue Sep 10 2019 Kalev Lember - 1.24.0-1 +- Update to 1.24.0 + +* Thu Sep 05 2019 Kalev Lember - 1.23.92-1 +- Update to 1.23.92 + +* Tue Aug 20 2019 Kalev Lember - 1.23.90.1-2 +- Revert inadvertent soname bump +- Tighten spec file globs to avoid accidental soname bumps in the future + +* Tue Aug 20 2019 Kalev Lember - 1.23.90.1-1 +- Update to 1.23.90.1 +- Switch to the meson build system + +* Mon Aug 19 2019 Miro Hrončok - 1.22.0-14 +- Rebuilt for Python 3.8 + +libfdisk| +* Thu Feb 08 2024 Karel Zak 2.37.4-18 +- lscpu: another tests update (RHEL-12783) + +* Thu Feb 08 2024 Karel Zak 2.37.4-17 +- lscpu: update tests, follow max freq for scaling (RHEL-12783) + +* Wed Feb 07 2024 Karel Zak 2.37.4-16 +- fix RHEL-16048 - uninitialized memory in SCM_CREDENTIALS in logger(1) +- fix RHEL-21257 - logger sending process start time not current time with log messages +- fix RHEL-16071 - issues in libblkid +- fix RHEL-12783 - lscpu -e doesn't show the current real frequency value +- fix RHEL-14612 - Userspace mount options are not preserved for NFS + +* Thu Aug 24 2023 Karel Zak 2.37.4-15 +- fix typo in patch for #2133396 + +* Wed Aug 23 2023 Karel Zak 2.37.4-14 +- improve fix #2133396 - Internal testsuite for cramfs fails on s390x + +* Thu Aug 10 2023 Karel Zak 2.37.4-13 +- improve fix #2180414 - Backport hint about systemd daemon-reload + +* Wed Aug 09 2023 Karel Zak 2.37.4-12 +- fix #2133396 - Internal testsuite for cramfs fails on s390x +- fix #2174748 - enable uuidd cont-clock by default +- fix #2182169 - lscpu: backport ARM human-readable names from upstream +- fix #2189947 - libuuid - downport cache related patch +- fix #2203324 - zram module does not have algorithms mentioned in zramctl command +- fix #2209267 - Add additional documentation on devices being auto-mounted if a device exists within fstab. +- fix #2215082 - For the 'sfdisk' man page to further clarify the expected behavior and intended use of the -d option + +* Tue Mar 28 2023 Karel Zak 2.37.4-11 +- fix #2180414 - Backport hint about systemd daemon-reload + +* Tue Feb 07 2023 Karel Zak 2.37.4-10 +- fix #2165981 - fstrim -av fails to trim root filesystem on Red Hat Coreos +- fix #2141970 - add --cont-clock feature for libuuid and uuidd +- fix #2133385 - uuidd returns time-based UUIDs when asked for random UUIDs. +- fix #2156946 - agetty does not handle the \l sequence in /etc/issue correctly +- fix #2166653 - last(1) should be more robust with work with strings +- fix #2120246 - use {_tmpfilesdir} also in install section +- fix #2134143 - publish libsmartcols-devel subpackages to C9S yum repos + +* Wed Aug 24 2022 Karel Zak 2.37.4-9 +- improve lslogins pasword validator (related #2094216) + +* Mon Aug 15 2022 Karel Zak 2.37.4-8 +- remove unnecessary patches (#2117203) + +* Fri Aug 12 2022 Karel Zak 2.37.4-7 +- improve loop overlay test (#2117203) + +* Wed Aug 10 2022 Karel Zak 2.37.4-6 +- fix #2094216 - lslogins reports incorrect "Password is locked" status +- fix #2117203 - loop-overlay test failed + +* Fri Jul 22 2022 Karel Zak 2.37.4-5 +- cleanup spec file build requiremnts + +* Thu Jul 21 2022 Karel Zak 2.37.4-4 +- fix #2079652 - remove uclampset, unsupported by RHEL kernel +- fix #2094216 - lslogins reports incorrect "Password is locked" status +- fix #2092943 - uuidd time based UUIDs are without MAC address +- fix #2074486 - wipefs to erase all available signatures against read only rom +- fix #2064810 - RFE: complete libblkid FSSIZE implementation +- fix #2078787 - Activity "lsirq -s column" produces wrong result i.e. not sorting properly. +- fix #2076829 - dmesg new option "--since" is not working if timestamp format is not provided +- fix #2109459 - fix compiler warnings/errors + +* Thu Feb 24 2022 Karel Zak 2.37.4-3 +- fix #2057046 - wdctl not picking up reboot reason flag + +* Thu Feb 17 2022 Karel Zak 2.37.4-2 +- improve bugfix for #2047952, fix warnings from rpminspect + +* Wed Feb 16 2022 Karel Zak 2.37.4-1 +- upgrade to v2.37.4 (fix CVE-2022-0563) + +gzip| +* Fri Apr 22 2022 Jakub Martisko - 1.12-1 +- Rebase to gzip 1.12 +- Resolves an arbitrary-file-write vulnerability in zgrep + Resolves: rhbz#2073343 + Resolves: rhbz#1870675 + +* Mon Aug 09 2021 Mohan Boddu - 1.10-8 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Fri Jul 30 2021 Jakub Martisko - 1.10-7 +- Add the ibm patches dealing with s390x optimizations +Resolves: rhbz#1986357 + +* Fri Jul 30 2021 Jakub Martisko - 1.10-6 +- Add gating tests +Resolves: rhbz#1986357 + +* Fri Apr 16 2021 Mohan Boddu - 1.10-5 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Jan 26 2021 Fedora Release Engineering - 1.10-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Tue Jul 28 2020 Fedora Release Engineering - 1.10-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +cracklib| +* Mon Aug 09 2021 Mohan Boddu - 2.9.6-27 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Thu Apr 15 2021 Mohan Boddu - 2.9.6-26 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Jan 26 2021 Fedora Release Engineering - 2.9.6-25 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Mon Jul 27 2020 Fedora Release Engineering - 2.9.6-24 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Mon Jul 13 2020 Tom Stellard - 2.9.6-23 +- Use make macros +- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro + +* Tue Jan 28 2020 Fedora Release Engineering - 2.9.6-22 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +cracklib-dicts| +* Mon Aug 09 2021 Mohan Boddu - 2.9.6-27 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Thu Apr 15 2021 Mohan Boddu - 2.9.6-26 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Jan 26 2021 Fedora Release Engineering - 2.9.6-25 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Mon Jul 27 2020 Fedora Release Engineering - 2.9.6-24 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Mon Jul 13 2020 Tom Stellard - 2.9.6-23 +- Use make macros +- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro + +* Tue Jan 28 2020 Fedora Release Engineering - 2.9.6-22 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +libpwquality| +* Mon Aug 09 2021 Mohan Boddu - 1.4.4-8 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Wed Aug 04 2021 Dmitry Belyavskiy - 1.4.4-7 +- Explicitly rebuild the localization +- Resolves: rhbz#1938621 + +* Mon Jul 26 2021 Dmitry Belyavskiy - 1.4.4-6 +- rebuilt + +* Mon Jul 26 2021 Dmitry Belyavskiy - 1.4.4-5 +- added i18n updates for de, fr, ja, ko, zh_CN +- Resolves: rhbz#1963858 +- Resolves: rhbz#1938621 + +* Thu Apr 29 2021 Dmitry Belyavskiy - 1.4.4-4 +- cracklib-dicts is a hard requirement, not a recomendation. +- Resolves rhbz#1947882 + +* Fri Apr 16 2021 Mohan Boddu - 1.4.4-3 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Jan 26 2021 Paul Wouters - 1.4.4-2 +- Resolves rhbz#1919026 libpwquaily rpm requires cracklib-dict to function but RPM missing requirement + +* Tue Oct 13 2020 Tomáš Mráz 1.4.4-1 +- Translation updates +- Fix regression with enabling the cracklib check during build + +* Mon Oct 12 2020 Tomáš Mráz 1.4.3-1 +- Multiple translation updates +- Add usersubstr check for substrings of N characters from the username + patch by Danny Sauer + +* Mon Jul 13 2020 Tom Stellard - 1.4.2-4 +- Use make macros +- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro + +* Thu Oct 31 2019 Tomáš Mráz 1.4.2-1 +- Fix previous release regression in handling retry, enforce_for_root, + and local_users_only options + +* Tue Sep 17 2019 Tomáš Mráz 1.4.1-1 +- Disable python2 bindings in Fedora 31 and above +- Add conditionals for Python2 and Python3 +- pam_pwquality: Abort the retry loop if user requests it +- Allow setting retry, enforce_for_root, and local_users_only options + in the pwquality.conf config file + +pam| +* Mon Feb 12 2024 Iker Pedrosa - 1.3.1-19 +- pam_namespace: protect_dir(): use O_DIRECTORY to prevent local DoS + situations. CVE-2024-22365. Resolves: RHEL-21244 + +* Fri Jan 26 2024 Iker Pedrosa - 1.3.1-18 +- libpam: use getlogin() from libc and not utmp. Resolves: RHEL-16727 +- pam_access: handle hostnames in access.conf. Resolves: RHEL-22300 + +* Mon Jan 08 2024 Iker Pedrosa - 1.5.1-17 +- pam_faillock: create tallydir before creating tallyfile. Resolves: RHEL-20943 + +* Fri Nov 10 2023 Iker Pedrosa - 1.5.1-16 +- libpam: use close_range() to close file descriptors. Resolves: RHEL-5099 +- fix formatting of audit messages. Resolves: RHEL-5100 + +* Mon Jun 26 2023 Iker Pedrosa - 1.5.1-15 +- pam_misc: make length of misc_conv() configurable and set to 4096. Resolves: #2215007 + +* Tue Nov 29 2022 Iker Pedrosa - 1.5.1-14 +- pam_lastlog: check localtime_r() return value. Resolves: #2130124 +- pam_faillock: clarify missing user faillock files after reboot. Resolves: #2126632 +- pam_faillock: avoid logging an erroneous consecutive login failure message. Resolves: #2126648 + +* Wed Sep 28 2022 Iker Pedrosa - 1.5.1-13 +- pam_pwhistory: load configuration from file. Resolves: #2126640 + +* Thu Jun 23 2022 Iker Pedrosa - 1.5.1-12 +- pam_usertype: only use SYS_UID_MAX for system users. Resolves: #2078421 + +* Wed May 25 2022 Iker Pedrosa - 1.5.1-11 +- faillock: load configuration from file. Resolves: #2061698 + +* Tue May 17 2022 Iker Pedrosa - 1.5.1-10 +- pam_keyinit: thread-safe implementation. Resolves: #2061696 + +libsemanage| +* Wed Dec 13 2023 Petr Lautrbach - 3.6-1 +- SELinux userspace 3.6 release + +* Mon Nov 13 2023 Petr Lautrbach - 3.6-0.rc1.1 +- SELinux userspace 3.6-rc1 release + +* Wed Mar 22 2023 Petr Lautrbach - 3.5-2 +- Include more parameters in the module checksum (#2173959) + +* Thu Feb 23 2023 Petr Lautrbach - 3.5-1 +- SELinux userspace 3.5 release + +* Tue Feb 14 2023 Petr Lautrbach - 3.5-0.rc3.1 +- SELinux userspace 3.5-rc3 release + +* Tue Jan 17 2023 Petr Lautrbach - 3.5-0.rc2.1 +- SELinux userspace 3.5-rc2 release + +* Mon Jan 02 2023 Petr Lautrbach - 3.5-0.rc1.1 +- SELinux userspace 3.5-rc1 release + +* Mon Jul 18 2022 Petr Lautrbach - 3.4-2 +- Always write kernel policy when check_ext_changes is specified (#2104935) + +* Thu May 19 2022 Petr Lautrbach - 3.4-1 +- SELinux userspace 3.4 release + +* Wed Apr 27 2022 Petr Lautrbach - 3.3-3 +- allow spaces in user/group names (#2049665) +- Fall back to semanage_copy_dir when rename() fails (#2068085) + +* Tue Feb 15 2022 Petr Lautrbach - 3.3-2 +- optionally rebuild policy when modules are changed externally + +shadow-utils| +* Wed Jul 12 2023 Iker Pedrosa - 2:4.9-8 +- gpasswd: fix password leak. Resolves: #2215948 + +* Tue May 16 2023 Iker Pedrosa - 2:4.9-7 +- useradd: check if subid range exists for user. Resolves: #2179987 +- find_new_[gu]id: Skip over IDs that are reserved for legacy reasons. Resolves: #2179988 + +* Wed Sep 28 2022 Iker Pedrosa - 2:4.9-6 +- Change "badnames" to "badname" as this is the accepted option name. Resolves: #2076819 + +* Thu Jul 21 2022 Iker Pedrosa - 2:4.9-5 +- subordinateio: also compare the owner ID. Resolves: #2109410 + +* Fri Apr 22 2022 Iker Pedrosa - 2:4.9-4 +- useradd: modify check ID range for system users. Resolves: #2004911 +- Fix release sources +- Add subid requirement for subid-devel + +* Thu Dec 02 2021 Iker Pedrosa - 2:4.9-3 +- getsubids: provide system binary and man page. Resolves: #2013015 +- useradd: generate home and mail directories with selinux user attribute. Resolves: #1993081 +- useradd: revert fix memleak of grp. Resolves: #2020238 +- groupdel: fix SIGSEGV when passwd does not exist. Resolves: #2024834 +- pwck: fix segfault when calling fprintf() +- newgrp: fix segmentation fault +- Clean spec file: organize dependencies and move License location + +* Tue Aug 17 2021 Iker Pedrosa - 2:4.9-2 +- libmisc: fix default value in SHA_get_salt_rounds(). Resolves: #1993919 + +* Thu Aug 12 2021 Iker Pedrosa - 2:4.9-1 +- Rebase to version 4.9. Resolves: #1989556 +- usermod: allow all group types with -G option. Resolves: #1975329 +- useradd: avoid generating an empty subid range +- Clean spec file + +* Tue Aug 10 2021 Mohan Boddu - 2:4.8.1-12 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Wed Jul 14 2021 Iker Pedrosa - 2:4.8.1-11 +- Fix regression issues detected in rhbz#667593 and rhbz#672510. Resolves: #1938871 + +* Tue Jul 13 2021 Iker Pedrosa - 2:4.8.1-10 +- Covscan fixes. Resolves: #1938871 + +openldap| +* Fri Feb 09 2024 Simon Pichugin - 2.6.6-3 +- Use systemd-sysusers for ldap user and group + Replace License with SPDX identifier + Resolves: RHEL-5140 + +* Thu Dec 14 2023 Simon Pichugin - 2.6.6-2 +- The client tools parameters '-h' and '-p' are still deprecated, + but this release brings back the client tools options that + were removed during the previous rebase. + Resolves: RHEL-19384 + +* Wed Oct 11 2023 Simon Pichugin - 2.6.6-1 +- Rebase OpenLDAP in RHEL 9.4 + Resolves: RHEL-11306 + +* Wed Jun 14 2023 Simon Pichugin - 2.6.3-1 +- Rebase OpenLDAP to 2.6.3 + Related: rhbz#2212983 + +* Fri Aug 05 2022 Simon Pichugin - 2.6.2-3 +- Add export symbols related to LDAP_CONNECTIONLESS + Related: rhbz#2115465 + +* Mon Jun 27 2022 Simon Pichugin - 2.6.2-2 +- Change STRIP to STRIP_OPTS + Related: rhbz#2094159 + +* Wed Jun 01 2022 Simon Pichugin - 2.6.2-1 +- Update to new major release OpenLDAP 2.6.2 +- The client tools parameters '-h' and '-p' are officially deprecated, + please, use '-H' parameter instead. + Related: rhbz#2094159 + +* Fri Apr 22 2022 Igor Raits - 2.4.59-5 +- Pull systemd only from server subpackage + +gnupg2| +* Wed Apr 19 2023 Jakub Jelen - 2.3.3-4 +- Revert marking the SHA-1 digest as weak (#2184640) + +* Thu Mar 30 2023 Jakub Jelen - 2.3.3-3 +- Mark SHA-1 digest as weak to follow SHA-1 disablement in RHEL9 (#2070722) +- Fix interaction with SSH by not requiring the MD5 digest (#2073567) +- Fix creation of AEAD packets (#2128058) + +* Wed Aug 03 2022 Jakub Jelen - 2.3.3-2 +- Fix CVE-2022-34903 (#2108449) + +* Fri Nov 19 2021 Jakub Jelen - 2.3.3-1 +- Rebase to 2.3.1 to address random tests failures (#1984842) + +* Thu Nov 18 2021 Jakub Jelen - 2.3.1-4 +- Fix --file-is-digest patch (#2024710) + +* Wed Sep 08 2021 Jakub Jelen - 2.3.1-3 +- Revernt default key type back to RSA for FIPS compatibility (#2001937) + +* Mon Aug 09 2021 Mohan Boddu - 2.3.1-2 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Wed Apr 21 2021 Jakub Jelen - 2.3.1-1 +- New upstream release (#1947159) + +gpgme| +* Thu Feb 17 2022 Jiri Kucera - 1.15.1-6 +- Rebuild + Resolves: #2035319 + +* Mon Aug 09 2021 Mohan Boddu - 1.15.1-5 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Fri Jul 16 2021 Jiri Kucera - 1.15.1-4 +- Fix license and covscan issues + Resolves: #1938732 + +* Thu Apr 15 2021 Mohan Boddu - 1.15.1-3 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +libutempter| +* Mon Aug 09 2021 Mohan Boddu - 1.2.1-6 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Fri Apr 16 2021 Mohan Boddu - 1.2.1-5 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Jan 26 2021 Fedora Release Engineering - 1.2.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Thu Aug 13 2020 Tomas Korbar - 1.2.1-3 +- Use make macros +- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro + +* Tue Jul 28 2020 Fedora Release Engineering - 1.2.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue Jul 07 2020 Tomas Korbar - 1.2.1-1 +- Update to 1.2.1 (#1854129) + +* Mon May 25 2020 Tomas Korbar - 1.2.0-1 +- Update to 1.2.0 (#1831940) + +* Wed Jan 29 2020 Fedora Release Engineering - 1.1.6-18 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +publicsuffix-list-dafsa| +* Thu Feb 10 2022 Kamil Dudka - 20210518-3 +- unset writable-by-group permission bit on the license file + +* Tue Aug 10 2021 Mohan Boddu - 20210518-2 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Tue May 18 2021 Kamil Dudka - 20210518-1 +- Recent revision - 20210518 + +* Fri Apr 16 2021 Mohan Boddu - 20190417-6 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Wed Jan 27 2021 Fedora Release Engineering - 20190417-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Tue Jul 28 2020 Fedora Release Engineering - 20190417-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +libpsl| +* Mon Aug 09 2021 Mohan Boddu - 0.21.1-5 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Fri Apr 16 2021 Mohan Boddu - 0.21.1-4 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Jan 26 2021 Fedora Release Engineering - 0.21.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Tue Jul 28 2020 Fedora Release Engineering - 0.21.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Mon Jul 20 2020 Kamil Dudka - 0.21.1-1 +- update to 0.21.1 (#1858489) + +* Thu Jan 30 2020 Kamil Dudka - 0.21.0-4 +- fix unnecessary build failure due to missing tree_index.sgml in gtk-doc output + +* Wed Jan 29 2020 Fedora Release Engineering - 0.21.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +libcurl| +* Wed Mar 06 2024 Jacek Migacz - 7.76.1-29 +- rebuild for 9.4 GA + +* Tue Oct 10 2023 Jacek Migacz - 7.76.1-28 +- return error if hostname too long for remote resolve (CVE-2023-38545) +- fix cookie injection with none file (CVE-2023-38546) +- cap SFTP packet size sent (RHEL-14697) +- lowercase the domain names before PSL checks (CVE-2023-46218) + +* Tue Sep 12 2023 Jacek Migacz - 7.76.1-27 +- when keyboard-interactive auth fails, try password (#2229800) + +* Mon Jun 12 2023 Jacek Migacz - 7.76.1-26 +- unify the upload/method handling (CVE-2023-28322) +- fix host name wildcard checking (CVE-2023-28321) + +* Wed Apr 12 2023 Kamil Dudka - 7.76.1-25 +- adapt the fix of CVE-2023-27535 for RHEL 9 curl + +* Fri Mar 24 2023 Kamil Dudka - 7.76.1-24 +- fix SSH connection too eager reuse still (CVE-2023-27538) +- fix GSS delegation too eager connection re-use (CVE-2023-27536) +- fix FTP too eager connection reuse (CVE-2023-27535) +- fix SFTP path ~ resolving discrepancy (CVE-2023-27534) +- fix TELNET option IAC injection (CVE-2023-27533) + +* Wed Feb 15 2023 Kamil Dudka - 7.76.1-23 +- fix HTTP multi-header compression denial of service (CVE-2023-23916) + +* Wed Dec 21 2022 Kamil Dudka - 7.76.1-22 +- smb/telnet: fix use-after-free when HTTP proxy denies tunnel (CVE-2022-43552) + +* Wed Oct 26 2022 Kamil Dudka - 7.76.1-21 +- fix POST following PUT confusion (CVE-2022-32221) + +* Fri Sep 02 2022 Kamil Dudka - 7.76.1-20 +- control code in cookie denial of service (CVE-2022-35252) + +* Wed Jun 29 2022 Kamil Dudka - 7.76.1-19 +- fix unpreserved file permissions (CVE-2022-32207) +- fix HTTP compression denial of service (CVE-2022-32206) +- fix FTP-KRB bad message verification (CVE-2022-32208) + +* Wed May 11 2022 Kamil Dudka - 7.76.1-18 +- fix too eager reuse of TLS and SSH connections (CVE-2022-27782) + +* Mon May 02 2022 Kamil Dudka - 7.76.1-17 +- fix leak of SRP credentials in redirects (CVE-2022-27774) + +* Fri Apr 29 2022 Kamil Dudka - 7.76.1-16 +- add missing tests to Makefile + +* Thu Apr 28 2022 Kamil Dudka - 7.76.1-15 +- fix credential leak on redirect (CVE-2022-27774) +- fix auth/cookie leak on redirect (CVE-2022-27776) +- fix bad local IPv6 connection reuse (CVE-2022-27775) +- fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576) + +librepo| +* Thu Oct 12 2023 Petr Pisar - 1.14.5-2 +- Set default SELinux labels on GnuPG directories (RHEL-11240) + +* Mon Jul 25 2022 Lukas Hrazky - 1.14.5-1 +- Update to 1.14.5 +- Detailed error message when using non-existing TMPDIR (RhBug:2019993) +- Make error messages about repodata and rpm mismatch more user friendly + +* Mon Jul 25 2022 Lukas Hrazky - 1.14.2-3 +- Fix covscan issues + +* Tue Jul 12 2022 Lukas Hrazky - 1.14.2-2 +- Use nanosec precision for timestamp of checksum cache + +* Mon Oct 25 2021 Pavla Kratochvilova - 1.14.2-1 +- Update to 1.14.2 +- Reduce time to load metadata +- Fix resource leaks and memory leaks + +curl| +* Wed Mar 06 2024 Jacek Migacz - 7.76.1-29 +- rebuild for 9.4 GA + +* Tue Oct 10 2023 Jacek Migacz - 7.76.1-28 +- return error if hostname too long for remote resolve (CVE-2023-38545) +- fix cookie injection with none file (CVE-2023-38546) +- cap SFTP packet size sent (RHEL-14697) +- lowercase the domain names before PSL checks (CVE-2023-46218) + +* Tue Sep 12 2023 Jacek Migacz - 7.76.1-27 +- when keyboard-interactive auth fails, try password (#2229800) + +* Mon Jun 12 2023 Jacek Migacz - 7.76.1-26 +- unify the upload/method handling (CVE-2023-28322) +- fix host name wildcard checking (CVE-2023-28321) + +* Wed Apr 12 2023 Kamil Dudka - 7.76.1-25 +- adapt the fix of CVE-2023-27535 for RHEL 9 curl + +* Fri Mar 24 2023 Kamil Dudka - 7.76.1-24 +- fix SSH connection too eager reuse still (CVE-2023-27538) +- fix GSS delegation too eager connection re-use (CVE-2023-27536) +- fix FTP too eager connection reuse (CVE-2023-27535) +- fix SFTP path ~ resolving discrepancy (CVE-2023-27534) +- fix TELNET option IAC injection (CVE-2023-27533) + +* Wed Feb 15 2023 Kamil Dudka - 7.76.1-23 +- fix HTTP multi-header compression denial of service (CVE-2023-23916) + +* Wed Dec 21 2022 Kamil Dudka - 7.76.1-22 +- smb/telnet: fix use-after-free when HTTP proxy denies tunnel (CVE-2022-43552) + +* Wed Oct 26 2022 Kamil Dudka - 7.76.1-21 +- fix POST following PUT confusion (CVE-2022-32221) + +* Fri Sep 02 2022 Kamil Dudka - 7.76.1-20 +- control code in cookie denial of service (CVE-2022-35252) + +* Wed Jun 29 2022 Kamil Dudka - 7.76.1-19 +- fix unpreserved file permissions (CVE-2022-32207) +- fix HTTP compression denial of service (CVE-2022-32206) +- fix FTP-KRB bad message verification (CVE-2022-32208) + +* Wed May 11 2022 Kamil Dudka - 7.76.1-18 +- fix too eager reuse of TLS and SSH connections (CVE-2022-27782) + +* Mon May 02 2022 Kamil Dudka - 7.76.1-17 +- fix leak of SRP credentials in redirects (CVE-2022-27774) + +* Fri Apr 29 2022 Kamil Dudka - 7.76.1-16 +- add missing tests to Makefile + +* Thu Apr 28 2022 Kamil Dudka - 7.76.1-15 +- fix credential leak on redirect (CVE-2022-27774) +- fix auth/cookie leak on redirect (CVE-2022-27776) +- fix bad local IPv6 connection reuse (CVE-2022-27775) +- fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576) + +rpm| +* Wed Dec 13 2023 Florian Festi - 4.16.1.3-29 +- Actually add --verifydb to the man page (RHEL-14591) +- Don't warn about missing user/group on skipped files (RHEL-18037) + +* Mon Dec 11 2023 Florian Festi - 4.16.1.3-28 +- Fix warning if file removal fails + +* Mon Nov 27 2023 Florian Festi - 4.16.1.3-27 +- Fix short circuiting of version strings in expressions (RHEL-15688) +- Fix description of whatconflicts in the man page (RHEL-6303) +- Expose and document rpmdb --verifydb operation (RHEL-14591) +- Fixes to the file handling backport + +* Fri Nov 10 2023 Florian Festi - 4.16.1.3-26 +- Backport file handling code from rpm-4.19 to fix CVE-2021-35937, + CVE-2021-35938 and CVE-2021-35939 + +* Fri Jun 30 2023 Florian Festi - 4.16.1.3-25 +- Followup on #2166383 +- Add compat scripts calling external find-debug, sepdebugcrcfix and debugedit +- Add %__find_debuginfo macro + +* Thu May 04 2023 Florian Festi - 4.16.1.3-24 +- Use external find-debug and debugedit (#2166383) + +* Wed May 03 2023 Florian Festi - 4.16.1.3-23 +- Don't error out on IMA signatures on files not supporting them + (#2157835, #2157836) + +* Mon Dec 19 2022 Florian Festi - 4.16.1.3-22 +- Fix option handling in rpm2archive for #2150804 + +* Fri Nov 18 2022 Yaakov Selkowitz - 4.16.1.3-21 +- Support long language names for QT (#2144005) + +* Mon Nov 07 2022 Florian Festi - 4.16.1.3-20 +- Add bcond macros (#2129060) +- Fix db queries with carets (#2129468) +- Remove spurious Python rpm module (#2135731) +- Handle SELinux log messages (#2123719) +- Add --nocompression to rpm2archive (#2150804) + +* Fri Oct 21 2022 Michal Domonkos - 4.16.1.3-19 +- Bump release for rebuild + +* Fri Sep 23 2022 Michal Domonkos - 4.16.1.3-18 +- Make write() nonblocking in fapolicyd plugin (#2111251) + +* Wed Aug 03 2022 Florian Festi - 4.16.1.3-17 +- Make rpm2cpio.sh more robust (#1983015) + +* Thu Jun 30 2022 Nick Clifton - 4.16.1.3-15 +- Pass _find_debuginfo_vendor_opts to the find-debuginfo script. (#2099617) + +* Tue Jun 28 2022 Florian Festi - 4.16.1.3-14 +- Warning for failed key import (#2069877) + +* Tue Apr 05 2022 Michal Domonkos - 4.16.1.3-12 +- Fix minor ABI regression in rpmcli.h (#2037352) + +* Mon Feb 14 2022 Michal Domonkos - 4.16.1.3-11 +- Fix IMA signature lengths assumed constant, take III (#2018937) +- Fix regression reading rpm v3 and other rare packages (#2037186) +- Fix spurious %transfiletriggerpostun execution (#2023692) + +* Mon Jan 31 2022 Michal Domonkos - 4.16.1.3-10 +- Address covscan issues in binding sigs validation patch (#1943724) +- Bump hash for rpmdb cookie to SHA256 for FIPS (#2048455) +- Add --path query option (#2037352) +- Skip recorded symlinks in --setperms (#2025906) + +* Mon Dec 13 2021 Michal Domonkos - 4.16.1.3-9 +- Fix IMA signature lengths assumed constant, take II (#2018937) + +rpm-libs| +* Wed Dec 13 2023 Florian Festi - 4.16.1.3-29 +- Actually add --verifydb to the man page (RHEL-14591) +- Don't warn about missing user/group on skipped files (RHEL-18037) + +* Mon Dec 11 2023 Florian Festi - 4.16.1.3-28 +- Fix warning if file removal fails + +* Mon Nov 27 2023 Florian Festi - 4.16.1.3-27 +- Fix short circuiting of version strings in expressions (RHEL-15688) +- Fix description of whatconflicts in the man page (RHEL-6303) +- Expose and document rpmdb --verifydb operation (RHEL-14591) +- Fixes to the file handling backport + +* Fri Nov 10 2023 Florian Festi - 4.16.1.3-26 +- Backport file handling code from rpm-4.19 to fix CVE-2021-35937, + CVE-2021-35938 and CVE-2021-35939 + +* Fri Jun 30 2023 Florian Festi - 4.16.1.3-25 +- Followup on #2166383 +- Add compat scripts calling external find-debug, sepdebugcrcfix and debugedit +- Add %__find_debuginfo macro + +* Thu May 04 2023 Florian Festi - 4.16.1.3-24 +- Use external find-debug and debugedit (#2166383) + +* Wed May 03 2023 Florian Festi - 4.16.1.3-23 +- Don't error out on IMA signatures on files not supporting them + (#2157835, #2157836) + +* Mon Dec 19 2022 Florian Festi - 4.16.1.3-22 +- Fix option handling in rpm2archive for #2150804 + +* Fri Nov 18 2022 Yaakov Selkowitz - 4.16.1.3-21 +- Support long language names for QT (#2144005) + +* Mon Nov 07 2022 Florian Festi - 4.16.1.3-20 +- Add bcond macros (#2129060) +- Fix db queries with carets (#2129468) +- Remove spurious Python rpm module (#2135731) +- Handle SELinux log messages (#2123719) +- Add --nocompression to rpm2archive (#2150804) + +* Fri Oct 21 2022 Michal Domonkos - 4.16.1.3-19 +- Bump release for rebuild + +* Fri Sep 23 2022 Michal Domonkos - 4.16.1.3-18 +- Make write() nonblocking in fapolicyd plugin (#2111251) + +* Wed Aug 03 2022 Florian Festi - 4.16.1.3-17 +- Make rpm2cpio.sh more robust (#1983015) + +* Thu Jun 30 2022 Nick Clifton - 4.16.1.3-15 +- Pass _find_debuginfo_vendor_opts to the find-debuginfo script. (#2099617) + +* Tue Jun 28 2022 Florian Festi - 4.16.1.3-14 +- Warning for failed key import (#2069877) + +* Tue Apr 05 2022 Michal Domonkos - 4.16.1.3-12 +- Fix minor ABI regression in rpmcli.h (#2037352) + +* Mon Feb 14 2022 Michal Domonkos - 4.16.1.3-11 +- Fix IMA signature lengths assumed constant, take III (#2018937) +- Fix regression reading rpm v3 and other rare packages (#2037186) +- Fix spurious %transfiletriggerpostun execution (#2023692) + +* Mon Jan 31 2022 Michal Domonkos - 4.16.1.3-10 +- Address covscan issues in binding sigs validation patch (#1943724) +- Bump hash for rpmdb cookie to SHA256 for FIPS (#2048455) +- Add --path query option (#2037352) +- Skip recorded symlinks in --setperms (#2025906) + +* Mon Dec 13 2021 Michal Domonkos - 4.16.1.3-9 +- Fix IMA signature lengths assumed constant, take II (#2018937) + +libmodulemd| +* Thu Aug 12 2021 Petr Pisar - 2.13.0-2 +- Enable accept_overflowed_buildorder in tier0 tests (bug #1984403) + +* Tue Aug 10 2021 Petr Pisar - 2.13.0-1 +- 2.13.0 bump (bug #1984403) + +* Mon Aug 09 2021 Mohan Boddu - 2.12.1-2 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Mon May 03 2021 Petr Pisar - 2.12.1-1 +- 2.12.1 bump (bug #1956346) + +* Fri Apr 16 2021 Mohan Boddu - 2.12.0-3 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Jan 26 2021 Fedora Release Engineering - 2.12.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Thu Jan 14 2021 Stephen Gallagher - 2.12.0-1 +- Add support for 'buildorder' to Packager documents + +* Tue Jan 12 2021 Stephen Gallagher - 2.11.2-2 +- Fix issue with ModuleIndex when input contains only Obsoletes documents +- Fix import issue when built with Python 2 support + +* Thu Jan 07 2021 Stephen Gallagher - 2.11.2-1 +- Release 2.11.2 +- Extend read_packager_[file|string]() to support overriding the module name + and stream. + +* Thu Dec 17 2020 Stephen Gallagher - 2.11.1-1 +- Release 2.11.1 +- Ignore Packager documents when running ModuleIndex.update_from_*() +- Add python overrides for XMD in PackagerV3 +- Add python override to ignore the GType return when reading packager files +- Add PackagerV3.get_mdversion() + +* Thu Dec 10 2020 Stephen Gallagher - 2.11.0-1 +- Release 2.11.0 + +* Fri Nov 20 2020 Stephen Gallagher - 2.10.0-2 +- Fix integer size issue on 32-bit platforms + +* Fri Nov 20 2020 Stephen Gallagher - 2.10.0-1 +- Release 2.10.0 +- https://github.com/fedora-modularity/libmodulemd/releases/tag/libmodulemd-2.10.0 + +* Tue Jul 28 2020 Fedora Release Engineering - 2.9.4-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Mon May 25 2020 Miro Hrončok - 2.9.4-2 +- Rebuilt for Python 3.9 + +* Wed May 20 2020 Stephen Gallagher - 2.9.4-1 +- new upstream release: 2.9.4 + +* Wed May 20 2020 Stephen Gallagher - 2.9.4-2.9.300520.1gitgc19757c +- new upstream release: 2.9.4 + +* Wed Apr 08 2020 Stephen Gallagher - 2.9.3-1 +- new upstream release: 2.9.3 + +* Wed Apr 01 2020 Stephen Gallagher - 2.9.2-4 +- Skip rpmdeplint from gating due to https://github.com/fedora-infra/bodhi/issues/3944 + +* Wed Apr 01 2020 Stephen Gallagher - 2.9.2-3 +- Fix build against Python 3.9 +- Resolves: rhbz#1817665 + +* Wed Mar 11 2020 Stephen Gallagher - 2.9.2-2 +- new upstream release: 2.9.2 + +* Wed Mar 11 2020 Stephen Gallagher - 2.9.2-0.20200311.1gitg31bbd4e +- new upstream release: 2.9.2 + +* Wed Mar 11 2020 Stephen Gallagher - 2.9.2-0.20200311.1gitg31bbd4e +- new upstream release: 2.9.2 + +* Fri Feb 14 2020 Stephen Gallagher - 2.9.1-1 +- new upstream release: 2.9.1 + +* Wed Feb 12 2020 Stephen Gallagher - 2.9.0-1 +- new upstream release: 2.9.0 + +* Wed Jan 29 2020 Fedora Release Engineering - 2.8.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Thu Jan 09 2020 Stephen Gallagher - 2.8.3-1 +- Update to 2.8.3 +- Fix compilation issue with glib >= 2.63.3 +- Improved modulemd document validation +- Numerous test enhancements + +* Thu Oct 24 2019 Stephen Gallagher - 2.8.2-1 +- Update to 2.8.2 +- Use safer version of dup() +- Fix loading of YAML module stream with no module or stream name + +* Tue Oct 15 2019 Stephen Gallagher - 2.8.1-1 +- Improve the merge logic to handle third-party repos more sanely + +* Wed Sep 18 2019 Stephen Gallagher - 2.8.0-2 +- Improvements to ModuleIndex.update_from_defaults_directory() + * Import each file in the directory as a merge rather than an overwrite so + we can detect conflicts. + * Modify the meaning of the 'strict' argument to fail if the merge would + result in a conflict in the default stream setting of a module. + +* Wed Sep 04 2019 Stephen Gallagher - 2.8.0-1 +- Update to 2.8.0 +- API Changes + * Add Modulemd.Module.get_translation() - Retrieve the translations + associated with a Modulemd.Module + * Add ModuleIndex.update_from_defaults_directory() - Import defaults from a + directory of yaml documents, such as fedora-module-defaults, optionally + providing a second path containing overrides. +- Enhancements + * Modulemd.ModuleIndex.update_from_file() now supports reading files + compressed with gzip, bzip2 or xz. (Issue: #208) + * Documentation updates +- Bugfixes + * Assorted minor issues discovered by static analysis tools. + +* Mon Aug 19 2019 Miro Hrončok - 2.7.0-2 +- Rebuilt for Python 3.8 + +* Thu Aug 15 2019 Stephen Gallagher - 2.7.0-1 +- Update to 2.7.0 +- Drop libmodulemd1 subpackage which is now packaged separately +- Add support for 'buildroot' and 'srpm-buildroot' arguments to components + +libsolv| +* Wed Jun 21 2023 Jaroslav Rohel - 0.7.24-2 +- Backport Allow to break arch lock-step on erase operations (RhBug:2172288,2172292) + +* Tue May 16 2023 Jaroslav Rohel - 0.7.24-1 +- Update to 0.7.24 +- Backport Treat condition both as positive and negative literal in pool_add_pos_literals_complex_dep + (RhBug:2185061,2190136) + +* Thu Dec 15 2022 Nicola Sella - 0.7.22-4 +- Delete patch "Move OpenSSL functions" to fix ABI change + +* Wed Dec 07 2022 Nicola Sella - 0.7.22-3 +- Revert choice rule generation to fix pick of old build (RhBug:2150300,RhBug:2151551) + +* Mon Oct 31 2022 Nicola Sella - 0.7.22-2 +- Move OpenSSL functions to use 3.0 compatible API + +* Thu Apr 28 2022 Pavla Kratochvilova - 0.7.22-1 +- Update to 0.7.22 +- support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY +- support zstd compressed control files in debian packages +- add an ifdef allowing to rename Solvable dependency members ("requires" is a keyword in C++20) +- support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata +- support queying of the custom vendor check function new function: pool_get_custom_vendorcheck +- support solv files with an idarray block +- allow accessing the toolversion at runtime +- support parsing of Debian's Multi-Arch indicator +- fix segfault on conflict resolution when using bindings +- fix split provides not working if the update includes a forbidden vendor change +- reworked choice rule generation to cover more usecases +- support SOLVABLE_PREREQ_IGNOREINST in the ordering code + +* Wed Nov 10 2021 Pavla Kratochvilova - 0.7.20-2 +- Build without support of zchunk (RhBug:2021084) + +* Mon Oct 25 2021 Pavla Kratochvilova - 0.7.20-1 +- Update to 0.7.20 +- new SOLVER_EXCLUDEFROMWEAK job to ignore pkgs for weak dependencies +- support for environments in comps parser +- fix misparsing of '&' in attributes with libxml2 +- choice rules: treat orphaned packages as newest +- fix compatibility with Python 3.10 + +* Thu Aug 12 2021 Pavla Kratochvilova - 0.7.19-3 +- Use OpenSSL for computing hashes (RhBug:1993126) + +* Mon Aug 09 2021 Mohan Boddu - 0.7.19-2 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Tue Jul 27 2021 Pavla Kratochvilova - 0.7.19-1 +- Update to 0.7.19 +- repo_add_conda: add flag to skip v2 packages +- fix rare segfault in resolve_jobrules() that could happen if new rules are learnt +- fix memory leaks + +* Tue Jul 27 2021 Pavla Kratochvilova - 0.7.17-6 +- Fix issues detected by static analyzers + +* Tue Jun 22 2021 Mohan Boddu - 0.7.17-5 +- Rebuilt for RHEL 9 BETA for openssl 3.0 + Related: rhbz#1971065 + +libdnf| +* Wed Apr 17 2024 Release Engineering - 0.69.0-8 +- Add Rocky bugtracker + +* Wed Oct 25 2023 Petr Pisar - 0.69.0-8 +- Set default SELinux labels on GnuPG directories (RHEL-11238) + +* Wed Oct 25 2023 Jaroslav Rohel - 0.69.0-7 +- filterAdvisory: match installed_solvables sort with lower_bound (RhBug:2212838, RHEL-12123) +- hawkey.subject: get_best_selectors only obsoleters of latest (RhBug:2183279, RHEL-6304) +- Avoid reinstalling installonly packages marked for ERASE (RhBug:2163474, RHEL-12124) + +* Fri Sep 08 2023 Marek Blaha - 0.69.0-6 +- Update translations + +* Mon May 22 2023 Nicola Sella - 0.69.0-5 +- Fix specfile and bump release + +* Mon May 22 2023 Nicola Sella - 0.69.0-4 +- Update translations + +* Sun May 14 2023 Jaroslav Rohel - 0.69.0-3 +- Add repoid to solver error messages (RhBug:2179409,2179413) + +* Mon Oct 31 2022 Nicola Sella - 0.69.0-2 +- Allow change of arch during security updates with noarch + +* Thu Sep 22 2022 Lukas Hrazky - 0.69.0-1 +- Update to 0.69.0 +- Expose librepo max_downloads_per_mirror configuration +- Fix listing a repository without cpeid (RhBug:2066334) +- Gracefully handle failure to open repo primary file +- context: Fix doc dnf_context_install/remove/update/distrosync +- context: dnf_context_remove accepts `` as dnf, unify code +- dnf-context: Disconnect signal handler before dropping file monitor ref + +* Thu Sep 15 2022 Marek Blaha - 0.67.0-3 +- Update translations + +* Thu Jul 21 2022 Lukas Hrazky - 0.67.0-2 +- Add obsoletes to filtering for advisory candidates +- advisory upgrade: filter out advPkgs with different arch + +* Thu Apr 28 2022 Pavla Kratochvilova - 0.67.0-1 +- Fix handling transaction id in resolveTransactionItemReason (RhBug:2010259,2053014) +- Remove deprecated assertions (RhBug:2027383) +- Skip rich deps for autodetection of unmet dependencies (RhBug:2033130, 2048394) +- Increase required rpm version since we use `rpmdbCookie()` +- Add 'loongarch' support +- Use dnf solv userdata to check versions and checksum (RhBug:2027445) +- context: Substitute all repository config options (RhBug:2076853) + +microdnf| +* Fri Jan 06 2023 Nicola Sella - 3.9.1-3 +- Bump release (needed to rebuild) + +* Mon Oct 31 2022 Nicola Sella - 3.9.1-2 +- Revert: leaves: Treat recommends as dependencies when install_weak_deps=True +- Revert: Add leaves command + +* Thu Sep 22 2022 Lukas Hrazky - 3.9.1-1 +- Update to 3.9.1 +- leaves: Treat recommends as dependencies when install_weak_deps=True +- Add leaves command +- Remove non-breaking space from "Size" column (RhBug:2010676) + +* Mon Aug 09 2021 Mohan Boddu - 3.8.0-3 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Tue Jun 22 2021 Mohan Boddu - 3.8.0-2 +- Rebuilt for RHEL 9 BETA for openssl 3.0 + Related: rhbz#1971065 + +* Wed Jun 02 2021 Pavla Kratochvilova - 3.8.0-1 +- Update to 3.8.0 +- distrosync: Fix style issues and plugin build with Meson +- Add distro-sync subcommand +- Add "makecache" command + +* Fri Apr 16 2021 Mohan Boddu - 3.7.1-2 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Mon Mar 01 2021 Nicola Sella - 3.7.1-1 +- Update to 3.7.1 +- [download] fix: unwanted dependency on newer glib +- [download] Support for "--resolve" and "--alldeps" arguments +- [download] New get_packages_query function +- Support "--setopt=keepcache=0/1" +- [download] Support "--archlist=" argument +- [download] Move package download code to "download_packages" function +- [download] several optimizations +- Don't set default value of "assumeyes" to TRUE +- Support for user confirmation and assumeyes, assumeno, defaultyes +- Extend "--setopt" to support repository options +- Added alias "update" to "upgrade" command +- Command "update" renamed to "upgrade" +- Add support for command aliases +- dnf-data requirement only for Fedora and future RHEL +- Relicense to GPLv2+ [errata corrige: not in 3.5.1-1] +- Sync summary and description from openSUSE [errata corrige: not in 3.6.0-1] + +* Thu Jan 28 2021 Nicola Sella - 3.6.0-1 +- Update to 3.6.0 +- spec: Sync summary and description from openSUSE +- Add support for setting a platform module ID +- Add dependency for DNF configurations skeleton +- Add support for setting allow_vendor_change + +* Tue Jan 26 2021 Fedora Release Engineering - 3.5.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +util-linux| +* Thu Feb 08 2024 Karel Zak 2.37.4-18 +- lscpu: another tests update (RHEL-12783) + +* Thu Feb 08 2024 Karel Zak 2.37.4-17 +- lscpu: update tests, follow max freq for scaling (RHEL-12783) + +* Wed Feb 07 2024 Karel Zak 2.37.4-16 +- fix RHEL-16048 - uninitialized memory in SCM_CREDENTIALS in logger(1) +- fix RHEL-21257 - logger sending process start time not current time with log messages +- fix RHEL-16071 - issues in libblkid +- fix RHEL-12783 - lscpu -e doesn't show the current real frequency value +- fix RHEL-14612 - Userspace mount options are not preserved for NFS + +* Thu Aug 24 2023 Karel Zak 2.37.4-15 +- fix typo in patch for #2133396 + +* Wed Aug 23 2023 Karel Zak 2.37.4-14 +- improve fix #2133396 - Internal testsuite for cramfs fails on s390x + +* Thu Aug 10 2023 Karel Zak 2.37.4-13 +- improve fix #2180414 - Backport hint about systemd daemon-reload + +* Wed Aug 09 2023 Karel Zak 2.37.4-12 +- fix #2133396 - Internal testsuite for cramfs fails on s390x +- fix #2174748 - enable uuidd cont-clock by default +- fix #2182169 - lscpu: backport ARM human-readable names from upstream +- fix #2189947 - libuuid - downport cache related patch +- fix #2203324 - zram module does not have algorithms mentioned in zramctl command +- fix #2209267 - Add additional documentation on devices being auto-mounted if a device exists within fstab. +- fix #2215082 - For the 'sfdisk' man page to further clarify the expected behavior and intended use of the -d option + +* Tue Mar 28 2023 Karel Zak 2.37.4-11 +- fix #2180414 - Backport hint about systemd daemon-reload + +* Tue Feb 07 2023 Karel Zak 2.37.4-10 +- fix #2165981 - fstrim -av fails to trim root filesystem on Red Hat Coreos +- fix #2141970 - add --cont-clock feature for libuuid and uuidd +- fix #2133385 - uuidd returns time-based UUIDs when asked for random UUIDs. +- fix #2156946 - agetty does not handle the \l sequence in /etc/issue correctly +- fix #2166653 - last(1) should be more robust with work with strings +- fix #2120246 - use {_tmpfilesdir} also in install section +- fix #2134143 - publish libsmartcols-devel subpackages to C9S yum repos + +* Wed Aug 24 2022 Karel Zak 2.37.4-9 +- improve lslogins pasword validator (related #2094216) + +* Mon Aug 15 2022 Karel Zak 2.37.4-8 +- remove unnecessary patches (#2117203) + +* Fri Aug 12 2022 Karel Zak 2.37.4-7 +- improve loop overlay test (#2117203) + +* Wed Aug 10 2022 Karel Zak 2.37.4-6 +- fix #2094216 - lslogins reports incorrect "Password is locked" status +- fix #2117203 - loop-overlay test failed + +* Fri Jul 22 2022 Karel Zak 2.37.4-5 +- cleanup spec file build requiremnts + +* Thu Jul 21 2022 Karel Zak 2.37.4-4 +- fix #2079652 - remove uclampset, unsupported by RHEL kernel +- fix #2094216 - lslogins reports incorrect "Password is locked" status +- fix #2092943 - uuidd time based UUIDs are without MAC address +- fix #2074486 - wipefs to erase all available signatures against read only rom +- fix #2064810 - RFE: complete libblkid FSSIZE implementation +- fix #2078787 - Activity "lsirq -s column" produces wrong result i.e. not sorting properly. +- fix #2076829 - dmesg new option "--since" is not working if timestamp format is not provided +- fix #2109459 - fix compiler warnings/errors + +* Thu Feb 24 2022 Karel Zak 2.37.4-3 +- fix #2057046 - wdctl not picking up reboot reason flag + +* Thu Feb 17 2022 Karel Zak 2.37.4-2 +- improve bugfix for #2047952, fix warnings from rpminspect + +* Wed Feb 16 2022 Karel Zak 2.37.4-1 +- upgrade to v2.37.4 (fix CVE-2022-0563) + diff --git a/Rocky.s390x-9.packages b/Rocky.s390x-9.packages new file mode 100644 index 0000000..b0b19c2 --- /dev/null +++ b/Rocky.s390x-9.packages @@ -0,0 +1,114 @@ +alternatives|(none)|1.24|1.el9|s390x|(none)|GPL-2.0-only +audit-libs|(none)|3.1.2|2.el9|s390x|(none)|LGPLv2+ +basesystem|(none)|11|13.el9.0.1|noarch|(none)|Public Domain +bash|(none)|5.1.8|9.el9|s390x|(none)|GPLv3+ +bzip2-libs|(none)|1.0.8|8.el9|s390x|(none)|BSD +ca-certificates|(none)|2023.2.60_v7.0.306|90.1.el9_2|noarch|(none)|Public Domain +coreutils-single|(none)|8.32|35.el9|s390x|(none)|GPLv3+ +cracklib-dicts|(none)|2.9.6|27.el9|s390x|(none)|LGPLv2+ +cracklib|(none)|2.9.6|27.el9|s390x|(none)|LGPLv2+ +crypto-policies|(none)|20240202|1.git283706d.el9|noarch|(none)|LGPL-2.1-or-later +curl|(none)|7.76.1|29.el9_4|s390x|(none)|MIT +cyrus-sasl-lib|(none)|2.1.27|21.el9|s390x|(none)|BSD with advertising +dnf-data|(none)|4.14.0|9.el9|noarch|(none)|GPLv2+ +file-libs|(none)|5.39|16.el9|s390x|(none)|BSD +filesystem|(none)|3.16|2.el9|s390x|(none)|Public Domain +gawk|(none)|5.1.0|6.el9|s390x|(none)|GPLv3+ and GPLv2+ and LGPLv2+ and BSD +gdbm-libs|1|1.19|4.el9|s390x|(none)|GPLv3+ +glib2|(none)|2.68.4|14.el9|s390x|(none)|LGPLv2+ +glibc-common|(none)|2.34|100.el9|s390x|(none)|LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL +glibc-minimal-langpack|(none)|2.34|100.el9|s390x|(none)|LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL +glibc|(none)|2.34|100.el9|s390x|(none)|LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL +gmp|1|6.2.0|13.el9|s390x|(none)|LGPLv3+ or GPLv2+ +gnupg2|(none)|2.3.3|4.el9|s390x|(none)|GPLv3+ +gnutls|(none)|3.8.3|4.el9_4|s390x|(none)|GPLv3+ and LGPLv2+ +gobject-introspection|(none)|1.68.0|11.el9|s390x|(none)|GPLv2+ and LGPLv2+ and MIT +gpg-pubkey|(none)|350d275d|6279464b|(none)|(none)|pubkey +gpgme|(none)|1.15.1|6.el9|s390x|(none)|LGPLv2+ and GPLv3+ +grep|(none)|3.6|5.el9|s390x|(none)|GPLv3+ +gzip|(none)|1.12|1.el9|s390x|(none)|GPLv3+ and GFDL +json-c|(none)|0.14|11.el9|s390x|(none)|MIT +keyutils-libs|(none)|1.6.3|1.el9|s390x|(none)|GPLv2+ and LGPLv2+ +krb5-libs|(none)|1.21.1|1.el9|s390x|(none)|MIT +libacl|(none)|2.3.1|4.el9|s390x|(none)|LGPLv2+ +libarchive|(none)|3.5.3|4.el9.0.1|s390x|(none)|BSD +libassuan|(none)|2.5.5|3.el9|s390x|(none)|LGPLv2+ and GPLv3+ +libattr|(none)|2.5.1|3.el9|s390x|(none)|LGPLv2+ +libblkid|(none)|2.37.4|18.el9|s390x|(none)|LGPLv2+ +libbrotli|(none)|1.0.9|6.el9|s390x|(none)|MIT +libcap-ng|(none)|0.8.2|7.el9|s390x|(none)|LGPLv2+ +libcap|(none)|2.48|9.el9_2|s390x|(none)|BSD or GPLv2 +libcom_err|(none)|1.46.5|5.el9|s390x|(none)|MIT +libcurl|(none)|7.76.1|29.el9_4|s390x|(none)|MIT +libdb|(none)|5.3.28|53.el9|s390x|(none)|BSD and LGPLv2 and Sleepycat +libdnf|(none)|0.69.0|8.el9|s390x|(none)|LGPLv2+ +libeconf|(none)|0.4.1|3.el9_2|s390x|(none)|MIT +libevent|(none)|2.1.12|6.el9|s390x|(none)|BSD and ISC +libfdisk|(none)|2.37.4|18.el9|s390x|(none)|LGPLv2+ +libffi|(none)|3.4.2|8.el9|s390x|(none)|MIT +libgcc|(none)|11.4.1|3.el9|s390x|(none)|GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD +libgcrypt|(none)|1.10.0|10.el9_2|s390x|(none)|LGPLv2+ +libgpg-error|(none)|1.42|5.el9|s390x|(none)|LGPLv2+ +libidn2|(none)|2.3.0|7.el9|s390x|(none)|(GPLv2+ or LGPLv3+) and GPLv3+ +libksba|(none)|1.5.1|6.el9_1|s390x|(none)|(LGPLv3+ or GPLv2+) and GPLv3+ +libmodulemd|(none)|2.13.0|2.el9|s390x|(none)|MIT +libmount|(none)|2.37.4|18.el9|s390x|(none)|LGPLv2+ +libnghttp2|(none)|1.43.0|5.el9_3.1|s390x|(none)|MIT +libpeas|(none)|1.30.0|4.el9|s390x|(none)|LGPLv2+ +libpsl|(none)|0.21.1|5.el9|s390x|(none)|MIT +libpwquality|(none)|1.4.4|8.el9|s390x|(none)|BSD or GPLv2+ +libreport-filesystem|(none)|2.15.2|6.el9.rocky.0.2|noarch|(none)|GPLv2+ +librepo|(none)|1.14.5|2.el9|s390x|(none)|LGPLv2+ +libselinux|(none)|3.6|1.el9|s390x|(none)|Public Domain +libsemanage|(none)|3.6|1.el9|s390x|(none)|LGPLv2+ +libsepol|(none)|3.6|1.el9|s390x|(none)|LGPLv2+ +libsigsegv|(none)|2.13|4.el9|s390x|(none)|GPLv2+ +libsmartcols|(none)|2.37.4|18.el9|s390x|(none)|LGPLv2+ +libsolv|(none)|0.7.24|2.el9|s390x|(none)|BSD +libssh-config|(none)|0.10.4|13.el9|noarch|(none)|LGPLv2+ +libssh|(none)|0.10.4|13.el9|s390x|(none)|LGPLv2+ +libstdc++|(none)|11.4.1|3.el9|s390x|(none)|GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD +libtasn1|(none)|4.16.0|8.el9_1|s390x|(none)|GPLv3+ and LGPLv2+ +libunistring|(none)|0.9.10|15.el9|s390x|(none)|GPLv2+ or LGPLv3+ +libutempter|(none)|1.2.1|6.el9|s390x|(none)|LGPLv2+ +libuuid|(none)|2.37.4|18.el9|s390x|(none)|BSD +libverto|(none)|0.3.2|3.el9|s390x|(none)|MIT +libxcrypt|(none)|4.4.18|3.el9|s390x|(none)|LGPLv2+ and BSD and Public Domain +libxml2|(none)|2.9.13|6.el9_4|s390x|(none)|MIT +libyaml|(none)|0.2.5|7.el9|s390x|(none)|MIT +libzstd|(none)|1.5.1|2.el9|s390x|(none)|BSD and GPLv2 +lua-libs|(none)|5.4.4|4.el9|s390x|(none)|MIT +lz4-libs|(none)|1.9.3|5.el9|s390x|(none)|GPLv2+ and BSD +microdnf|(none)|3.9.1|3.el9|s390x|(none)|GPLv2+ +mpfr|(none)|4.1.0|7.el9|s390x|(none)|LGPLv3+ +ncurses-base|(none)|6.2|10.20210508.el9|noarch|(none)|MIT +ncurses-libs|(none)|6.2|10.20210508.el9|s390x|(none)|MIT +nettle|(none)|3.9.1|1.el9|s390x|(none)|LGPLv3+ or GPLv2+ +npth|(none)|1.6|8.el9|s390x|(none)|LGPLv2+ +openldap|(none)|2.6.6|3.el9|s390x|(none)|OLDAP-2.8 +openssl-libs|1|3.0.7|27.el9|s390x|(none)|ASL 2.0 +openssl|1|3.0.7|27.el9|s390x|(none)|ASL 2.0 +p11-kit-trust|(none)|0.25.3|2.el9|s390x|(none)|BSD-3-Clause +p11-kit|(none)|0.25.3|2.el9|s390x|(none)|BSD-3-Clause +pam|(none)|1.5.1|19.el9|s390x|(none)|BSD and GPLv2+ +pcre2-syntax|(none)|10.40|5.el9|noarch|(none)|BSD +pcre2|(none)|10.40|5.el9|s390x|(none)|BSD +pcre|(none)|8.44|3.el9.3|s390x|(none)|BSD +popt|(none)|1.18|8.el9|s390x|(none)|MIT +publicsuffix-list-dafsa|(none)|20210518|3.el9|noarch|(none)|MPLv2.0 +readline|(none)|8.1|4.el9|s390x|(none)|GPLv3+ +rocky-gpg-keys|(none)|9.4|1.5.el9|noarch|(none)|BSD-3-Clause +rocky-release|(none)|9.4|1.5.el9|noarch|(none)|BSD-3-Clause +rocky-repos|(none)|9.4|1.5.el9|noarch|(none)|BSD-3-Clause +rpm-libs|(none)|4.16.1.3|29.el9|s390x|(none)|GPLv2+ and LGPLv2+ with exceptions +rpm|(none)|4.16.1.3|29.el9|s390x|(none)|GPLv2+ +sed|(none)|4.8|9.el9|s390x|(none)|GPLv3+ +setup|(none)|2.13.7|10.el9|noarch|(none)|Public Domain +shadow-utils|2|4.9|8.el9|s390x|(none)|BSD and GPLv2+ +sqlite-libs|(none)|3.34.1|7.el9_3|s390x|(none)|Public Domain +systemd-libs|(none)|252|32.el9_4|s390x|(none)|LGPLv2+ and MIT +tzdata|(none)|2024a|1.el9|noarch|(none)|Public Domain +util-linux-core|(none)|2.37.4|18.el9|s390x|(none)|GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain +util-linux|(none)|2.37.4|18.el9|s390x|(none)|GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain +xz-libs|(none)|5.2.5|8.el9_0|s390x|(none)|Public Domain +zlib|(none)|1.2.11|40.el9|s390x|(none)|zlib and Boost diff --git a/Rocky.s390x-9.verified b/Rocky.s390x-9.verified new file mode 100644 index 0000000..39aff87 --- /dev/null +++ b/Rocky.s390x-9.verified @@ -0,0 +1,53 @@ +missing /usr/lib/systemd/system-preset/85-display-manager.preset +missing /usr/lib/systemd/system-preset/90-default.preset +missing /usr/lib/systemd/system-preset/99-default-disable.preset +missing /usr/lib/systemd/user-preset/90-default-user.preset +missing /usr/lib/systemd/user-preset/99-default-disable.preset +.M....... g /proc +.M....... g /sys +S.5....T. c /etc/dnf/dnf.conf +missing /usr/bin/pinky +missing /usr/share/icons/hicolor/16x16/actions/libpeas-plugin.png +missing /usr/share/icons/hicolor/22x22/actions/libpeas-plugin.png +missing /usr/share/icons/hicolor/32x32/actions/libpeas-plugin.png +missing /usr/share/icons/hicolor/scalable/actions/libpeas-plugin.svg +missing /usr/lib/systemd/system/pam_namespace.service +missing /usr/lib/systemd/user/dirmngr.service +missing /usr/lib/systemd/user/dirmngr.socket +missing /usr/lib/systemd/user/gpg-agent-browser.socket +missing /usr/lib/systemd/user/gpg-agent-extra.socket +missing /usr/lib/systemd/user/gpg-agent-ssh.socket +missing /usr/lib/systemd/user/gpg-agent.service +missing /usr/lib/systemd/user/gpg-agent.socket +missing /usr/share/gnupg/help.be.txt +missing /usr/share/gnupg/help.ca.txt +missing /usr/share/gnupg/help.cs.txt +missing /usr/share/gnupg/help.da.txt +missing /usr/share/gnupg/help.de.txt +missing /usr/share/gnupg/help.el.txt +missing /usr/share/gnupg/help.eo.txt +missing /usr/share/gnupg/help.es.txt +missing /usr/share/gnupg/help.et.txt +missing /usr/share/gnupg/help.fi.txt +missing /usr/share/gnupg/help.fr.txt +missing /usr/share/gnupg/help.gl.txt +missing /usr/share/gnupg/help.hu.txt +missing /usr/share/gnupg/help.id.txt +missing /usr/share/gnupg/help.it.txt +missing /usr/share/gnupg/help.ja.txt +missing /usr/share/gnupg/help.nb.txt +missing /usr/share/gnupg/help.pl.txt +missing /usr/share/gnupg/help.pt.txt +missing /usr/share/gnupg/help.pt_BR.txt +missing /usr/share/gnupg/help.ro.txt +missing /usr/share/gnupg/help.ru.txt +missing /usr/share/gnupg/help.sk.txt +missing /usr/share/gnupg/help.sv.txt +missing /usr/share/gnupg/help.tr.txt +missing /usr/share/gnupg/help.txt +missing /usr/share/gnupg/help.zh_CN.txt +missing /usr/share/gnupg/help.zh_TW.txt +missing /usr/lib/rpm/rpm.daily +missing /usr/lib/systemd/system/rpmdb-rebuild.service +missing /usr/lib/systemd/system/fstrim.service +missing /usr/lib/systemd/system/fstrim.timer diff --git a/kiwi.result b/kiwi.result new file mode 100644 index 0000000..907926a Binary files /dev/null and b/kiwi.result differ diff --git a/kiwi.result.json b/kiwi.result.json new file mode 100644 index 0000000..efc8cf9 --- /dev/null +++ b/kiwi.result.json @@ -0,0 +1,26 @@ +{ + "container": { + "compress": false, + "filename": "/builddir/tmp/Rocky-9-Container-Minimal-9.4-20240509.0/Rocky.s390x-9.oci.tar.xz", + "shasum": true, + "use_for_bundle": true + }, + "image_changes": { + "compress": true, + "filename": "/builddir/tmp/Rocky-9-Container-Minimal-9.4-20240509.0/Rocky.s390x-9.changes", + "shasum": false, + "use_for_bundle": true + }, + "image_packages": { + "compress": false, + "filename": "/builddir/tmp/Rocky-9-Container-Minimal-9.4-20240509.0/Rocky.s390x-9.packages", + "shasum": false, + "use_for_bundle": true + }, + "image_verified": { + "compress": false, + "filename": "/builddir/tmp/Rocky-9-Container-Minimal-9.4-20240509.0/Rocky.s390x-9.verified", + "shasum": false, + "use_for_bundle": true + } +} diff --git a/layer.tar.xz b/layer.tar.xz new file mode 100644 index 0000000..e5b7bfa Binary files /dev/null and b/layer.tar.xz differ