gpg-pubkey| libgcc| * Mon Dec 18 2023 Marek Polacek <polacek@redhat.com> 11.4.1-3 - update from releases/gcc-11-branch (RHEL-17638) - PRs c++/106310, c++/106890, c++/109666, c++/109761, c++/111357, c++/111512, c++/112795, d/108842, d/110359, d/110511, d/110516, debug/110295, fortran/95947, fortran/103506, fortran/107397, fortran/110288, fortran/110585, fortran/110658, fortran/111837, fortran/111880, libstdc++/95048, libstdc++/99327, libstdc++/104161, libstdc++/104242, libstdc++/108178, libstdc++/111050, libstdc++/111511, libstdc++/112314, libstdc++/112491, middle-end/110200, middle-end/111699, middle-end/111818, middle-end/112733, rtl-optimization/110237, sanitizer/112727, target/96762, target/101177, target/101469, target/105325, target/109800, target/109932, target/110011, target/110044, target/110170, target/110309, target/110741, target/111001, target/111340, target/111367, target/111408, target/111815, target/112672, target/112816, target/112837, target/112845, target/112891, testsuite/66005, tree-optimization/110298, tree-optimization/110731, tree-optimization/110914, tree-optimization/111015, tree-optimization/111614, tree-optimization/111764, tree-optimization/111917 - use -fno-stack-protector in some aarch64 tests * Tue Oct 03 2023 Marek Polacek <polacek@redhat.com> 11.4.1-2.3 - fix member vs global template (RHEL-2607) * Mon Oct 02 2023 Marek Polacek <polacek@redhat.com> 11.4.1-2.2 - guard the bit test merging code in if-combine (RHEL-6068) * Fri Jun 09 2023 Marek Polacek <polacek@redhat.com> 11.4.1-2.1 - fix ICE on pr96024.f90 on big-endian hosts (PR fortran/96024, #2213211) - use -fno-stack-protector to fix bit-field aarch64 tests (#2213221) * Mon Jun 05 2023 Marek Polacek <polacek@redhat.com> 11.4.1-2 - update from releases/gcc-11-branch (#2193180) - GCC 11.4 release - PRs bootstrap/90543, c++/53932, c++/69410, c++/92752, c++/98056, c++/98821, c++/100295, c++/100474, c++/101118, c++/101869, c++/102780, c++/103871, c++/104527, c++/105406, c++/105996, c++/106188, c++/106675, c++/106713, c++/106740, c++/107065, c++/107163, c++/107179, c++/107558, c++/107579, c++/107864, c++/108138, c++/108180, c++/108365, c++/108468, c++/108474, c++/108607, c++/108975, c++/108998, c++/109096, c++/109164, c/107127, c/107465, c/109151, d/107592, d/108050, d/108877, d/109108, debug/106719, debug/108573, debug/108716, debug/108967, driver/106624, fortran/85877, fortran/95107, fortran/96024, fortran/96025, fortran/99036, fortran/103259, fortran/104332, fortran/106209, fortran/106945, fortran/107576, fortran/107872, fortran/108131, fortran/108349, fortran/108420, fortran/108421, fortran/108451, fortran/108453, fortran/108501, fortran/108502, fortran/108527, fortran/108529, fortran/108609, fortran/108937, fortran/109186, fortran/109511, fortran/109846, ipa/105685, ipa/106124, ipa/107944, libquadmath/87204, libquadmath/94756, libstdc++/91456, libstdc++/103934, libstdc++/104866, libstdc++/104875, libstdc++/105844, libstdc++/106183, libstdc++/107801, libstdc++/107814, libstdc++/108030, libstdc++/108118, libstdc++/108265, libstdc++/108636, libstdc++/108856, libstdc++/108952, libstdc++/109064, libstdc++/109261, libstdc++/109949, lto/109263, middle-end/104450, middle-end/104464, middle-end/106190, middle-end/107317, middle-end/108237, middle-end/108264, middle-end/108435, middle-end/108459, middle-end/108546, middle-end/108625, middle-end/108685, middle-end/108854, other/108560, other/109306, rtl-optimization/106751, rtl-optimization/107482, rtl-optimization/108193, rtl-optimization/108596, rtl-optimization/109585, target/70243, target/90458, target/96373, target/98776, target/100758, target/104871, target/104921, target/105554, target/105599, target/106736, target/106875, target/107568, target/107714, target/107863, target/108272, target/108348, target/108589, target/108699, target/108807, target/108812, target/108881, target/109067, target/109140, target/109276, testsuite/47334, testsuite/103823, testsuite/108151, testsuite/108973, testsuite/108985, tree-optimization/105484, tree-optimization/106809, tree-optimization/107107, tree-optimization/107212, tree-optimization/107254, tree-optimization/107323, tree-optimization/107451, tree-optimization/107554, tree-optimization/107898, tree-optimization/107997, tree-optimization/108068, tree-optimization/108076, tree-optimization/108095, tree-optimization/108199, tree-optimization/108498, tree-optimization/108688, tree-optimization/108692, tree-optimization/108821, tree-optimization/108950, tree-optimization/109176, tree-optimization/109410, tree-optimization/109473, tree-optimization/109491, tree-optimization/109502, tree-optimization/109573, tree-optimization/109724, tree-optimization/109778 - PRs fortran/100607, libstdc++/109822, target/109954, tree-optimization/109505 * Wed Mar 29 2023 Marek Polacek <polacek@redhat.com> 11.3.1-4.4 - s390x: add support for register arguments preserving (#2168204) * Wed Dec 21 2022 Marek Polacek <polacek@redhat.com> 11.3.1-4.3 - compile the cross binaries as PIE/-z now (#2155452) * Mon Dec 19 2022 Marek Polacek <polacek@redhat.com> 11.3.1-4.2 - ship libitm.spec in cross-gcc (#2154462) * Tue Dec 13 2022 Marek Polacek <polacek@redhat.com> 11.3.1-4.1 - add cross compiler functionality for non-production uses (#2149650) * Tue Nov 22 2022 Marek Polacek <polacek@redhat.com> 11.3.1-4 - update from releases/gcc-11-branch (#2117632) - PRs analyzer/105252, analyzer/105365, analyzer/105366, c++/65211, c++/82980, c++/86193, c++/90107, c++/97296, c++/101442, c++/101698, c++/102071, c++/102177, c++/102300, c++/102307, c++/102479, c++/102629, c++/104066, c++/104142, c++/104646, c++/104669, c++/105245, c++/105265, c++/105289, c++/105304, c++/105321, c++/105386, c++/105398, c++/105725, c++/105761, c++/105774, c++/105795, c++/105852, c++/105925, c++/106024, c++/106361, c++/107358, c/41041, c/106016, c/106981, c/107001, d/106139, d/106638, debug/106261, fortran/82868, fortran/100029, fortran/100040, fortran/100097, fortran/100098, fortran/100132, fortran/100136, fortran/100245, fortran/103413, fortran/103504, fortran/103693, fortran/103694, fortran/104313, fortran/104849, fortran/105012, fortran/105230, fortran/105243, fortran/105310, fortran/105633, fortran/105691, fortran/105813, fortran/105954, fortran/106121, fortran/106817, fortran/106857, fortran/106985, fortran/106986, fortran/107054, ipa/100413, ipa/105600, ipa/105739, libgomp/106045, libstdc++/65018, libstdc++/84110, libstdc++/93602, libstdc++/96592, libstdc++/99290, libstdc++/100823, libstdc++/101709, libstdc++/102447, libstdc++/103664, libstdc++/103848, libstdc++/103853, libstdc++/103911, libstdc++/103992, libstdc++/104217, libstdc++/104443, libstdc++/104602, libstdc++/104731, libstdc++/105128, libstdc++/105284, libstdc++/105375, libstdc++/105502, libstdc++/105671, libstdc++/105915, libstdc++/106162, libstdc++/106248, libstdc++/106320, libstdc++/106607, libstdc++/106695, lto/106334, lto/106540, middle-end/103193, middle-end/104869, middle-end/104966, middle-end/105140, middle-end/105998, middle-end/106027, middle-end/106030, middle-end/106144, middle-end/106331, middle-end/106492, preprocessor/97498, preprocessor/105732, rtl-optimization/104637, rtl-optimization/105041, rtl-optimization/105333, rtl-optimization/105559, rtl-optimization/106032, rtl-optimization/106187, sanitizer/105396, sanitizer/105729, target/96072, target/99184, target/99685, target/101322, target/101891, target/102059, target/102146, target/103197, target/103353, target/104257, target/104829, target/105147, target/105162, target/105209, target/105292, target/105339, target/105349, target/105463, target/105472, target/105854, target/105879, target/105970, target/105981, target/106017, target/106091, target/106355, target/106491, target/106721, target/107061, target/107064, target/107183, target/107248, target/107304, target/107364, target/107748, testsuite/105095, testsuite/105266, testsuite/105433, testsuite/106345, tree-optimization/103116, tree-optimization/105148, tree-optimization/105163, tree-optimization/105173, tree-optimization/105250, tree-optimization/105263, tree-optimization/105312, tree-optimization/105368, tree-optimization/105431, tree-optimization/105437, tree-optimization/105528, tree-optimization/105618, tree-optimization/105726, tree-optimization/105860, tree-optimization/106112, tree-optimization/106131, tree-optimization/106189, tree-optimization/106513, tree-optimization/106892, tree-optimization/106934 - fix the detection of Sapphire Rapids in host_detect_local_cpu - fix -Wmismatched-dealloc documentation (#2116635) * Tue Jul 12 2022 Marek Polacek <polacek@redhat.com> 11.3.1-2.1 - fix handling of invalid ranges in std::regex (#2106262) * Thu Apr 21 2022 Jakub Jelinek <jakub@redhat.com> 11.3.1-2 - update from releases/gcc-11-branch (#2077536) - GCC 11.3 release - PRs c++/98249, c++/99893, c++/100608, c++/101051, c++/101532, c++/101677, c++/101717, c++/101894, c++/102869, c++/103105, c++/103328, c++/103341, c++/103455, c++/103706, c++/103885, c++/103943, c++/104008, c++/104079, c++/104225, c++/104507, c++/104565, c++/105003, c++/105064, c++/105143, c++/105186, c++/105256, c/101585, debug/105203, fortran/102992, fortran/104210, fortran/104228, fortran/104570, fortran/105138, gcov-profile/105282, ipa/103083, ipa/103432, jit/100613, libstdc++/90943, libstdc++/100516, libstdc++/103630, libstdc++/103638, libstdc++/103650, libstdc++/103955, libstdc++/104098, libstdc++/104301, libstdc++/104542, libstdc++/104859, libstdc++/105021, libstdc++/105027, middle-end/104497, middle-end/105165, rtl-optimization/104985, rtl-optimization/105028, rtl-optimization/105211, target/80556, target/100106, target/104117, target/104474, target/104853, target/104894, target/105214, target/105257, tree-optimization/99121, tree-optimization/104880, tree-optimization/105053, tree-optimization/105070, tree-optimization/105189, tree-optimization/105198, tree-optimization/105226, tree-optimization/105232, tree-optimization/105235 - fix bogus -Wuninitialized warning on va_arg with complex types on x86_64 (PR target/105331) - remove bogus assertion in std::from_chars (PR libstdc++/105324) * Mon Apr 04 2022 David Malcolm <dmalcolm@redhat.com> - 11.2.1-10 - update from releases/gcc-11-branch (#2063255) - PRs ada/98724, ada/104258, ada/104767, ada/104861, c++/58646, c++/59950, c++/61611, c++/95036, c++/100468, c++/101030, c++/101095, c++/101371, c++/101515, c++/101767, c++/102045, c++/102123, c++/102538, c++/102740, c++/102990, c++/103057, c++/103186, c++/103291, c++/103299, c++/103337, c++/103711, c++/103769, c++/103968, c++/104107, c++/104108, c++/104284, c++/104410, c++/104472, c++/104513, c++/104568, c++/104667, c++/104806, c++/104847, c++/104944, c++/104994, c++/105035, c++/105061, c/82283, c/84685, c/104510, c/104711, d/104659, d/105004, debug/104337, debug/104517, debug/104557, fortran/66193, fortran/99585, fortran/100337, fortran/103790, fortran/104211, fortran/104311, fortran/104331, fortran/104430, fortran/104619, fortran/104811, go/100537, libgomp/104385, libstdc++/101231, libstdc++/102358, libstdc++/103904, libstdc++/104442, lto/104237, lto/104333, lto/104617, middle-end/95115, middle-end/99578, middle-end/100464, middle-end/100680, middle-end/100775, middle-end/100786, middle-end/104307, middle-end/104402, middle-end/104446, middle-end/104786, middle-end/104971, middle-end/105032, preprocessor/104147, rtl-optimization/104544, rtl-optimization/104589, rtl-optimization/104777, rtl-optimization/104814, sanitizer/102656, sanitizer/104449, sanitizer/105093, target/79754, target/87496, target/99708, target/99754, target/100784, target/101324, target/102140, target/102952, target/102957, target/103307, target/103627, target/103925, target/104090, target/104208, target/104219, target/104253, target/104362, target/104448, target/104451, target/104453, target/104458, target/104462, target/104469, target/104502, target/104674, target/104681, target/104688, target/104775, target/104890, target/104910, target/104923, target/104963, target/104998, target/105000, target/105052, target/105058, target/105068, testsuite/103556, testsuite/103586, testsuite/104730, testsuite/104759, testsuite/105055, tree-optimization/45178, tree-optimization/100834, tree-optimization/101636, tree-optimization/102819, tree-optimization/102893, tree-optimization/103169, tree-optimization/103361, tree-optimization/103489, tree-optimization/103544, tree-optimization/103596, tree-optimization/103641, tree-optimization/103864, tree-optimization/104263, tree-optimization/104288, tree-optimization/104511, tree-optimization/104601, tree-optimization/104675, tree-optimization/104782, tree-optimization/104931, tree-optimization/105094 - fix x86 vector initialization expansion fallback (PR target/105123) - drop patch 22 (gcc11-libsanitizer-pthread.patch; upstreamed as r11-9607-ga8dd74bfb921ed) * Thu Feb 10 2022 Marek Polacek <polacek@redhat.com> 11.2.1-9.4 - add --enable-host-bind-now, use it (#2044917) * Tue Feb 08 2022 Marek Polacek <polacek@redhat.com> 11.2.1-9.3 - use _thread_db_sizeof_pthread to obtain struct pthread size (#2034494) - add --enable-host-pie, build the compilers as PIE (#2044917) * Mon Feb 07 2022 Marek Polacek <polacek@redhat.com> 11.2.1-9.2 - add support for relocation of the PCH data (pch/71934, #2044917) - remove 30_threads/future/members/poll.cc (#2050090) - avoid overly-greedy match in dejagnu regexp (#2050089) * Mon Jan 31 2022 Marek Polacek <polacek@redhat.com> 11.2.1-9.1 - don't set -Wl,-rpath when building annobin (#2047356) * Fri Jan 28 2022 Marek Polacek <polacek@redhat.com> 11.2.1-9 - update from releases/gcc-11-branch (#2047296) - PRs fortran/104127, fortran/104212, fortran/104227, target/101529 - fix up va-opt-6.c testcase * Fri Jan 28 2022 Marek Polacek <polacek@redhat.com> 11.2.1-8 - update from releases/gcc-11-branch (#2047296) - PRs ada/103538, analyzer/101962, bootstrap/103688, c++/85846, c++/95009, c++/98394, c++/99911, c++/100493, c++/101715, c++/102229, c++/102933, c++/103012, c++/103198, c++/103480, c++/103703, c++/103714, c++/103758, c++/103783, c++/103831, c++/103912, c++/104055, c/97548, c/101289, c/101537, c/103587, c/103881, d/103604, debug/103838, debug/103874, fortran/67804, fortran/83079, fortran/101329, fortran/101762, fortran/102332, fortran/102717, fortran/102787, fortran/103411, fortran/103412, fortran/103418, fortran/103473, fortran/103505, fortran/103588, fortran/103591, fortran/103606, fortran/103607, fortran/103609, fortran/103610, fortran/103692, fortran/103717, fortran/103718, fortran/103719, fortran/103776, fortran/103777, fortran/103778, fortran/103782, fortran/103789, ipa/101354, jit/103562, libfortran/103634, libstdc++/100017, libstdc++/102994, libstdc++/103453, libstdc++/103501, libstdc++/103549, libstdc++/103877, libstdc++/103919, middle-end/101751, middle-end/102860, middle-end/103813, objc/103639, preprocessor/89971, preprocessor/102432, rtl-optimization/102478, rtl-optimization/103837, rtl-optimization/103860, rtl-optimization/103908, sanitizer/102911, target/102347, target/103465, target/103661, target/104172, target/104188, tree-optimization/101615, tree-optimization/103523, tree-optimization/103603, tree-optimization/103995 * Tue Jan 25 2022 Marek Polacek <polacek@redhat.com> 11.2.1-7.7 - do not undefine _hardened_build (#2044917) * Mon Jan 24 2022 Marek Polacek <polacek@redhat.com> 11.2.1-7.6 - update annobin plugin patch (#2030667) * Thu Jan 13 2022 Marek Polacek <polacek@redhat.com> 11.2.1-7.5 - update annobin plugin patch (#2030667) * Fri Jan 07 2022 Marek Polacek <polacek@redhat.com> 11.2.1-7.4 - update annobin plugin patch (#2030667) * Tue Jan 04 2022 Marek Polacek <polacek@redhat.com> 11.2.1-7.3 - fix dg-ice tests (#1996047) * Tue Jan 04 2022 Marek Polacek <polacek@redhat.com> 11.2.1-7.2 - update annobin plugin patch (#2030667) crypto-policies| * Fri Feb 02 2024 Alexander Sosedkin <asosedkin@redhat.com> - 20240202-1.git283706d - fips-finish-install: make sure ostree is detected in chroot - fips-mode-setup: make sure ostree is detected in chroot - fips-finish-install: Create/remove /etc/system-fips on ostree systems - java: disable ChaCha20-Poly1305 where applicable * Mon Nov 13 2023 Clemens Lang <cllang@redhat.com> - 20231113-1.gite9247c2 - fips-mode-setup: Fix test for empty /boot (RHEL-11350) - fips-mode-setup: Avoid 'boot=UUID=' if /boot == / (RHEL-11350) * Thu Nov 09 2023 Clemens Lang <cllang@redhat.com> - 20231109-1.git0ceff7f - Restore support for scoped ssh_etm directives (RHEL-15925) - Print matches in syntax deprecation warnings (RHEL-15925) * Wed Nov 08 2023 Clemens Lang <cllang@redhat.com> - 20231108-1.git994ae09 - turn ssh_etm into an etm@SSH tri-state (RHEL-15925) - fips-mode-setup: increase chroot-friendliness (RHEL-11350) - fips-mode-setup: Fix usage with --no-bootcfg (RHEL-11350) * Mon Oct 16 2023 Alexander Sosedkin <asosedkin@redhat.com> - 20231016-1.git77ceb0b - openssl: fix SHA1 and NO-ENFORCE-EMS interaction - bind: fix a typo that led to duplication of ECDSAPxxxSHAxxx * Wed Sep 20 2023 Alexander Sosedkin <asosedkin@redhat.com> - 20230920-1.git8dcf74d - OSPP subpolicy: tighten beyond reason for OSPP 4.3 - fips-mode-setup: more thorough --disable, still unsupported * Mon Jul 31 2023 Alexander Sosedkin <asosedkin@redhat.com> - 20230731-1.git94f0e2c - krb5: sort enctypes mac-first, cipher-second, prioritize SHA-2 ones - FIPS: enforce EMS in FIPS mode - NO-ENFORCE-EMS: add subpolicy to undo the EMS enforcement in FIPS mode - nss: implement EMS enforcement in FIPS mode (disabled in ELN) - openssl: implement EMS enforcement in FIPS mode - gnutls: implement EMS enforcement in FIPS mode (disabled in ELN) - docs: replace `FIPS 140-2` with just `FIPS 140` * Wed Jun 14 2023 Alexander Sosedkin <asosedkin@redhat.com> - 20230614-1.git027799d - policies: restore group order to old OpenSSL default order * Fri May 05 2023 Alexander Sosedkin <asosedkin@redhat.com> - 20230505-1.gitf69bbc2 - openssl: set Groups explicitly - openssl: add support for Brainpool curves * Thu Dec 15 2022 Alexander Sosedkin <asosedkin@redhat.com> - 20221215-1.git9a18988 - bind: expand the list of disableable algorithms * Mon Oct 03 2022 Alexander Sosedkin <asosedkin@redhat.com> - 20221003-1.git04dee29 - openssh: rename RSAMinSize option to RequiredRSASize * Mon Aug 15 2022 Alexander Sosedkin <asosedkin@redhat.com> - 20220815-1.git0fbe86f - openssh: add RSAMinSize option following min_rsa_size * Wed Apr 27 2022 Alexander Sosedkin <asosedkin@redhat.com> - 20220427-1.gitb2323a1 - bind: control ED25519/ED448 * Mon Apr 04 2022 Alexander Sosedkin <asosedkin@redhat.com> - 20220404-1.git845c0c1 - DEFAULT: drop DNSSEC SHA-1 exception - openssh: add support for sntrup761x25519-sha512@openssh.com * Wed Feb 23 2022 Alexander Sosedkin <asosedkin@redhat.com> - 20220223-1.git5203b41 - openssl: allow SHA-1 signatures with rh-allow-sha1-signatures in LEGACY - update AD-SUPPORT, move RC4 enctype enabling to AD-SUPPORT-LEGACY - fips-mode-setup: catch more inconsistencies, clarify --check * Thu Feb 03 2022 Alexander Sosedkin <asosedkin@redhat.com> - 20220203-1.gitf03e75e - gnutls: enable SHAKE, needed for Ed448 - fips-mode-setup: improve handling FIPS plus subpolicies - FIPS: disable SHA-1 HMAC - FIPS: disable CBC ciphers except in Kerberos rocky-gpg-keys| * Tue Apr 30 2024 Louis Abel <label@rockylinux.org> - 9.4-1.5 - Add nvidia SB certificates * Sun Apr 07 2024 Louis Abel <label@rockylinux.org> - 9.4-1.3 - Add additional provides for rocky-sb-certs * Wed Apr 03 2024 Louis Abel <label@rockylinux.org> - 9.4-1.2 - Update SB certs * Wed Mar 27 2024 Louis Abel <label@rockylinux.org> - 9.4-1.1 - Preparation for 9.4 * Mon Mar 04 2024 Louis Abel <label@rockylinux.org> - 9.4-0.3 - Add kernel-bootcfg-boot-successful.service * Fri Jan 12 2024 Louis Abel <label@rockylinux.org> - 9.4-0.2 - Improve presets for virtualization * Fri Oct 20 2023 Louis Abel <label@rockylinux.org> - 9.4-0.1 - Bump to 9.4 * Fri Oct 20 2023 Louis Abel <label@rockylinux.org> - 9.3-0.6 - Add in true UKI-VIRT certificate - Add aarch64 signing certificates - Fix date in changelog * Tue Sep 05 2023 Louis Abel <label@rockylinux.org> - 9.3-0.5 - Add placeholder certs for UKI-VIRT * Sat Jun 10 2023 Louis Abel <label@rockylinux.org> - 9.3-0.4 - Define the distro macro * Mon May 15 2023 Louis Abel <label@rockylinux.org> - 9.3-0.3 - Use DER format for ppc64le certificates for now * Tue Apr 25 2023 Louis Abel <label@rockylinux.org> - 9.3-0.2 - Update secure boot certificates * Thu Apr 06 2023 Louis Abel <label@rockylinux.org> - 9.3-0.1 - Bump main version to 9.3 - Enable obex * Sun Jan 01 2023 Louis Abel <label@rockylinux.org> - 9.2-1.2 - Move macros.dist to a proper location * Thu Dec 22 2022 Louis Abel <label@rockylinux.org> - 9.2-1.1 - Update devel repos (RLBT#0001354) - Add SUPPORT_END with absolute EOL (See sig_core/#3) * Wed Oct 19 2022 Louis Abel <label@rockylinux.org> - 9.1-1.10 - Change secure boot certificates * Tue Oct 18 2022 Louis Abel <label@rockylinux.org> - 9.1-1.9 - Bump release version to match upstream * Wed Sep 07 2022 Louis Abel <label@rockylinux.org> - 9.1-1.1 - Bump main version and prepare for upcoming beta * Tue Aug 30 2022 Louis Abel <label@rockylinux.org> - 9.0-3.2 - Add stream dnf var * Thu Jul 28 2022 Louis Abel <label@rockylinux.org> - 9.0-3.1 - Ensure distsuffix is part of disttag * Wed Jul 20 2022 Louis Abel <label@rockylinux.org> - 9.0-2.2 - Fix mirrorlist URL for plus repository * Thu Jun 30 2022 Louis Abel <label@rockylinux.org> - 9.0-2.1 - Prepare for release - Ensure rltype is blank for stable releases * Wed Jun 22 2022 Louis Abel <label@rockylinux.org> - 9.0-1.22 - Change to using mirrorlist * Sun Jun 12 2022 Louis Abel <label@rockylinux.org> - 9.0-1.21 - Backport current SB certs for now - Add logrotate timer and switcheroo - Add missing macros - Fix CPE values - Remove /etc/centos-release file - Add redhat and fix rocky tags in os-release - Fix GPG key names to be consistent with SIG requirements - Reduce number of repo files - Change testing key to "testing" key from build system - Add official "stable" key from build system - List both GPG keys in repo files - Fix rlpkg macro for gpg keys - Add sig content dir - Remove nplb as devel is technically it rocky-release| * Tue Apr 30 2024 Louis Abel <label@rockylinux.org> - 9.4-1.5 - Add nvidia SB certificates * Sun Apr 07 2024 Louis Abel <label@rockylinux.org> - 9.4-1.3 - Add additional provides for rocky-sb-certs * Wed Apr 03 2024 Louis Abel <label@rockylinux.org> - 9.4-1.2 - Update SB certs * Wed Mar 27 2024 Louis Abel <label@rockylinux.org> - 9.4-1.1 - Preparation for 9.4 * Mon Mar 04 2024 Louis Abel <label@rockylinux.org> - 9.4-0.3 - Add kernel-bootcfg-boot-successful.service * Fri Jan 12 2024 Louis Abel <label@rockylinux.org> - 9.4-0.2 - Improve presets for virtualization * Fri Oct 20 2023 Louis Abel <label@rockylinux.org> - 9.4-0.1 - Bump to 9.4 * Fri Oct 20 2023 Louis Abel <label@rockylinux.org> - 9.3-0.6 - Add in true UKI-VIRT certificate - Add aarch64 signing certificates - Fix date in changelog * Tue Sep 05 2023 Louis Abel <label@rockylinux.org> - 9.3-0.5 - Add placeholder certs for UKI-VIRT * Sat Jun 10 2023 Louis Abel <label@rockylinux.org> - 9.3-0.4 - Define the distro macro * Mon May 15 2023 Louis Abel <label@rockylinux.org> - 9.3-0.3 - Use DER format for ppc64le certificates for now * Tue Apr 25 2023 Louis Abel <label@rockylinux.org> - 9.3-0.2 - Update secure boot certificates * Thu Apr 06 2023 Louis Abel <label@rockylinux.org> - 9.3-0.1 - Bump main version to 9.3 - Enable obex * Sun Jan 01 2023 Louis Abel <label@rockylinux.org> - 9.2-1.2 - Move macros.dist to a proper location * Thu Dec 22 2022 Louis Abel <label@rockylinux.org> - 9.2-1.1 - Update devel repos (RLBT#0001354) - Add SUPPORT_END with absolute EOL (See sig_core/#3) * Wed Oct 19 2022 Louis Abel <label@rockylinux.org> - 9.1-1.10 - Change secure boot certificates * Tue Oct 18 2022 Louis Abel <label@rockylinux.org> - 9.1-1.9 - Bump release version to match upstream * Wed Sep 07 2022 Louis Abel <label@rockylinux.org> - 9.1-1.1 - Bump main version and prepare for upcoming beta * Tue Aug 30 2022 Louis Abel <label@rockylinux.org> - 9.0-3.2 - Add stream dnf var * Thu Jul 28 2022 Louis Abel <label@rockylinux.org> - 9.0-3.1 - Ensure distsuffix is part of disttag * Wed Jul 20 2022 Louis Abel <label@rockylinux.org> - 9.0-2.2 - Fix mirrorlist URL for plus repository * Thu Jun 30 2022 Louis Abel <label@rockylinux.org> - 9.0-2.1 - Prepare for release - Ensure rltype is blank for stable releases * Wed Jun 22 2022 Louis Abel <label@rockylinux.org> - 9.0-1.22 - Change to using mirrorlist * Sun Jun 12 2022 Louis Abel <label@rockylinux.org> - 9.0-1.21 - Backport current SB certs for now - Add logrotate timer and switcheroo - Add missing macros - Fix CPE values - Remove /etc/centos-release file - Add redhat and fix rocky tags in os-release - Fix GPG key names to be consistent with SIG requirements - Reduce number of repo files - Change testing key to "testing" key from build system - Add official "stable" key from build system - List both GPG keys in repo files - Fix rlpkg macro for gpg keys - Add sig content dir - Remove nplb as devel is technically it rocky-repos| * Tue Apr 30 2024 Louis Abel <label@rockylinux.org> - 9.4-1.5 - Add nvidia SB certificates * Sun Apr 07 2024 Louis Abel <label@rockylinux.org> - 9.4-1.3 - Add additional provides for rocky-sb-certs * Wed Apr 03 2024 Louis Abel <label@rockylinux.org> - 9.4-1.2 - Update SB certs * Wed Mar 27 2024 Louis Abel <label@rockylinux.org> - 9.4-1.1 - Preparation for 9.4 * Mon Mar 04 2024 Louis Abel <label@rockylinux.org> - 9.4-0.3 - Add kernel-bootcfg-boot-successful.service * Fri Jan 12 2024 Louis Abel <label@rockylinux.org> - 9.4-0.2 - Improve presets for virtualization * Fri Oct 20 2023 Louis Abel <label@rockylinux.org> - 9.4-0.1 - Bump to 9.4 * Fri Oct 20 2023 Louis Abel <label@rockylinux.org> - 9.3-0.6 - Add in true UKI-VIRT certificate - Add aarch64 signing certificates - Fix date in changelog * Tue Sep 05 2023 Louis Abel <label@rockylinux.org> - 9.3-0.5 - Add placeholder certs for UKI-VIRT * Sat Jun 10 2023 Louis Abel <label@rockylinux.org> - 9.3-0.4 - Define the distro macro * Mon May 15 2023 Louis Abel <label@rockylinux.org> - 9.3-0.3 - Use DER format for ppc64le certificates for now * Tue Apr 25 2023 Louis Abel <label@rockylinux.org> - 9.3-0.2 - Update secure boot certificates * Thu Apr 06 2023 Louis Abel <label@rockylinux.org> - 9.3-0.1 - Bump main version to 9.3 - Enable obex * Sun Jan 01 2023 Louis Abel <label@rockylinux.org> - 9.2-1.2 - Move macros.dist to a proper location * Thu Dec 22 2022 Louis Abel <label@rockylinux.org> - 9.2-1.1 - Update devel repos (RLBT#0001354) - Add SUPPORT_END with absolute EOL (See sig_core/#3) * Wed Oct 19 2022 Louis Abel <label@rockylinux.org> - 9.1-1.10 - Change secure boot certificates * Tue Oct 18 2022 Louis Abel <label@rockylinux.org> - 9.1-1.9 - Bump release version to match upstream * Wed Sep 07 2022 Louis Abel <label@rockylinux.org> - 9.1-1.1 - Bump main version and prepare for upcoming beta * Tue Aug 30 2022 Louis Abel <label@rockylinux.org> - 9.0-3.2 - Add stream dnf var * Thu Jul 28 2022 Louis Abel <label@rockylinux.org> - 9.0-3.1 - Ensure distsuffix is part of disttag * Wed Jul 20 2022 Louis Abel <label@rockylinux.org> - 9.0-2.2 - Fix mirrorlist URL for plus repository * Thu Jun 30 2022 Louis Abel <label@rockylinux.org> - 9.0-2.1 - Prepare for release - Ensure rltype is blank for stable releases * Wed Jun 22 2022 Louis Abel <label@rockylinux.org> - 9.0-1.22 - Change to using mirrorlist * Sun Jun 12 2022 Louis Abel <label@rockylinux.org> - 9.0-1.21 - Backport current SB certs for now - Add logrotate timer and switcheroo - Add missing macros - Fix CPE values - Remove /etc/centos-release file - Add redhat and fix rocky tags in os-release - Fix GPG key names to be consistent with SIG requirements - Reduce number of repo files - Change testing key to "testing" key from build system - Add official "stable" key from build system - List both GPG keys in repo files - Fix rlpkg macro for gpg keys - Add sig content dir - Remove nplb as devel is technically it setup| * Wed Feb 07 2024 Martin Osvald <mosvald@redhat.com> - 2.13.7-10 - csh.login: Add csh.local into foreach loop (RHEL-17226) * Wed Dec 21 2022 Martin Osvald <mosvald@redhat.com> - 2.13.7-9 - make setup protected package (#2155529) * Thu Nov 24 2022 Martin Osvald <mosvald@redhat.com> - 2.13.7-8 - Set default umask for non-login shell only if it is set to 0 (#2062601) * Mon May 09 2022 Martin Osvald <mosvald@redhat.com> - 2.13.7-7 - Move /var/log/lastlog ownership to systemd (#2066753) - tcsh sets variable p to /usr/sbin from /etc/csh.login (#2066767) - bashrc: Don't set up VTE-specific PROMPT_COMMAND (#2026892) filesystem| * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.16-2 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Tue Aug 03 2021 Pavel Zhukov <pzhukov@redhat.com> - 3.15-1 - Move /afs into main package * Fri Aug 07 2020 Pavel Raiskup <praiskup@redhat.com> - 3.14-4 - /proc and /sys made %ghost to allow filesystem package updates in rootless container environments (rhbz#1548403) * Mon Jan 27 2020 Ondrej Vasik <ovasik@redhat.com> - 3.14-1 - do not restore context of /proc (#1722766) * Wed Dec 18 2019 Ondrej Vasik <ovasik@redhat.com> - 3.13-1 - add ownership for eBPF bytecode files directories (#1781646) basesystem| * Thu Feb 29 2024 Louis Abel <label@resf.org> - 11-13.0.1 - Rebuild to address build system issue libssh-config| * Mon Feb 19 2024 Sahana Prasad <sahana@redhat.com> - 0.10.4-13 - Bump up the version so that the version in 9.3 is lower. - Resolves: RHEL-19310, RHEL-19691, RHEL-17245 * Tue Jan 09 2024 Sahana Prasad <sahana@redhat.com> - 0.10.4-12 - Fix CVE-2023-48795 Prefix truncation attack on Binary Packet Protocol (BPP) - Fix CVE-2023-6918 Missing checks for return values for digests - Fix CVE-2023-6004 ProxyCommand/ProxyJump features allow injection of malicious code through hostname - Resolves: RHEL-19310, RHEL-19691, RHEL-17245 * Wed Jun 21 2023 Norbert Pocs <npocs@redhat.com> - 0.10.4-11 - Fix loglevel regression - Related: rhbz#2182252, rhbz#2189740 * Mon May 22 2023 Norbert Pocs <npocs@redhat.com> - 0.10.4.10 - Fix null dereference issues found by covscan - Related: rhbz#2182252, rhbz#2189740 * Wed May 10 2023 Norbert Pocs <npocs@redhat.com> - 0.10.4-9 - Fix CVE-2023-1667 and CVE-2023-2283 - Fix issues found by cosvcan - Resolves: rhbz#2182252, rhbz#2189740 * Mon Jan 23 2023 Stanislav Zidek <szidek@redhat.com> - 0.10.4-8 + libssh-0.10.4-8 - Extended CI to run internal tests in RHEL - Related: rhbz#2160080 * Wed Jan 04 2023 Norbert Pocs <npocs@redhat.com> - 0.10.4-7 - Add sk-keys to configuration parsing allowing to turn on-off by config - Related: rhbz#2026449 * Thu Dec 01 2022 Norbert Pocs <npocs@redhat.com> - 0.10.4-6 - Fix covscan error - Remove unwanted test with yet unimplemented feature - Related: rhbz#2137839, rhbz#2136824 * Thu Dec 01 2022 Stanislav Zidek <szidek@redhat.com> - 0.10.4-5 + libssh-0.10.4-5 - Fixed CI configuration due to TMT changes * Wed Nov 30 2022 Norbert Pocs <npocs@redhat.com> - 0.10.4-4 - Move loglevel closer to openssh loglevel - Add openssh config feature of +,-,^ for algorithm lists - Fix memory leaks of bignum - Prevent multiple expansion of escape characters - Resolves: rhbz#2132407, rhbz#2137839, rhbz#2144795, rhbz#2136824 * Tue Oct 04 2022 Norbert Pocs <npocs@redhat.com> - 0.10.4-3 - Enable pkcs11 support - Fix broken libsofthsm path on i686 - Add missing bugzilla references from the rebase commit - Related: rhbz#2026449 - Resolves: rhbz#1977913, rhbz#1975500 * Tue Sep 27 2022 Norbert Pocs <npocs@redhat.com> - 0.10.4-2 - Fix coverity scan issues - Resolves: rhbz#2130126 * Mon Sep 19 2022 Norbert pocs <npocs@redhat.com> - 0.10.4-1 - Rebase to version 0.10.4 - Add pkcs11 support - Disallow ssh-rsa key in FIPS mode - Fix openssl KDF check at build - ChangeLog was renamed to CHANGELOG - Resolves: rhbz#2068475, rhbz#2026449, rhbz#2004021, rhbz#1977913, rhbz#1975500 libreport-filesystem| * Mon Jun 06 2022 Release Engineering <releng@rockylinux.org> - 2.15.2-6.rocky.0.2 - Add rocky workflow for mantis - Remove RHEL and Fedora packages * Mon Jan 17 2022 Michal Srb <michal@redhat.com> - 2.15.2-6 - [reporter-bugzilla] Retry XML-RPC calls - Resolves: rhbz#2037399 * Mon Jan 17 2022 Michal Srb <michal@redhat.com> - 2.15.2-5 - [reporter-bugzilla] Fix subcomponent handling - Resolves: rhbz#2037399 * Mon Jan 17 2022 Michal Srb <michal@redhat.com> - 2.15.2-4 - Change the default Bugzilla group - Resolves: rhbz#2037399 * Thu Dec 09 2021 Michal Fabik <mfabik@redhat.com> - 2.15.2-3 - Rebuild against json-c-0.14-11 Related: rhbz#2023322 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.15.2-2 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Tue Jun 22 2021 Michal Fabik <mfabik@redhat.com> - 2.15.2-1 - New upstream version 2.15.2 * Tue Jun 22 2021 Mohan Boddu <mboddu@redhat.com> - 2.14.0-19 - Rebuilt for RHEL 9 BETA for openssl 3.0 Related: rhbz#1971065 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.14.0-18 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Fri Jan 29 2021 Michal Srb <michal@redhat.com> - 2.14.0-17 - Drop AnacondaRHEL workflow reference * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.14.0-16 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Mon Jan 18 2021 Peter Robinson <pbrobinson@fedoraproject.org> - 2.14.0-15 - Bump rev for upgrades * Fri Dec 11 2020 Matěj Grabovský <mgrabovs@redhat.com> - 2.14.0-13 - Add fix for https://bugzilla.redhat.com/show_bug.cgi?id=1906405 * Tue Nov 03 2020 Matěj Grabovský <mgrabovs@redhat.com> - 2.14.0-12 - Add fix for https://bugzilla.redhat.com/show_bug.cgi?id=1893595 * Fri Oct 09 2020 Matěj Grabovský <mgrabovs@redhat.com> - 2.14.0-11 - Add fix for https://bugzilla.redhat.com/show_bug.cgi?id=1882328 * Tue Sep 29 2020 Matěj Grabovský <mgrabovs@redhat.com> - 2.14.0-10 - Add fix for https://bugzilla.redhat.com/show_bug.cgi?id=1883337 - Add fix for https://bugzilla.redhat.com/show_bug.cgi?id=1883410 * Sun Sep 27 2020 Matěj Grabovský <mgrabovs@redhat.com> - 2.14.0-9 - Add upstream fixes for memory management * Sun Sep 27 2020 Matěj Grabovský <mgrabovs@redhat.com> - 2.14.0-8 - Add fix for https://bugzilla.redhat.com/show_bug.cgi?id=1882950 * Fri Sep 25 2020 Matěj Grabovský <mgrabovs@redhat.com> - 2.14.0-7 - Add fix for https://bugzilla.redhat.com/show_bug.cgi?id=1882319 * Wed Aug 19 2020 Merlin Mathesius <mmathesi@redhat.com> - 2.14.0-6 - Updates so ELN builds in a Fedora-like reporting configuration, even though the %{rhel} macro is set. * Thu Aug 13 2020 Michal Fabik <mfabik@redhat.com> 2.14.0-3 - forbidden_words: Add potentially sensitive env vars - lib: Add version script for libreport - lib: compress: Use libarchive - Replace various utility functions with stock GLib ones - gtk,lib: Update symbol list - dd: Update dd_get_owner to handle error return values - dirsize: Don't pick .lock'd dirs for deletion - setgid instead of setuid the abrt-action-install-debuginfo-to-abrt-cache - Various coding style improvements - Various memory management fixes - lib: Check for errors when opening files - gtk-helpers: Check return value - doc: Exclude more files with --without-bugzilla - lib: Don’t use external executables for decompression - lib: Decommission libreport_list_free_with_free - Drop Red Hat Customer Portal reporter - ureport: Drop Strata integration - lib: Remove creates-items tag parsing in event definitions * Fri Aug 07 2020 Peter Robinson <pbrobinson@fedoraproject.org> - 2.13.1-4 - Bump to fix upgrade path * Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.13.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild dnf-data| * Sun Apr 14 2024 Release Engineering <releng@rockylinux.org> - 4.14.0-9 - Add Rocky bugtracker * Wed Oct 25 2023 Jaroslav Rohel <jrohel@redhat.com> - 4.14.0-9 - Fix japanese translations (RHEL-11345) - Fix substitution in kay-value-pair list in add_new_repo (RHEL-6396) - base: Add obsoleters of only latest versions (RHEL-6304) * Wed Jun 28 2023 Jaroslav Rohel <jrohel@redhat.com> - 4.14.0-8 - Return an error when transaction fails (RhBug:2170093,2212262) - Document symbols in `dnf history list` output (RhBug:2172067,2218113) * Tue May 30 2023 Kyle Walker <kwalker@redhat.com> - 4.14.0-7 - Explicitly use the python3.9 runtime (RhBug:2211019) * Thu May 11 2023 Jaroslav Rohel <jrohel@redhat.com> - 4.14.0-6 - Add reboot option to DNF Automatic (RhBug:2124793) - Omit src RPMs from check-update (RhBug:2151910,2203069) - automatic: Fix online detection with proxy (RhBug:2022440,2189851) * Wed Mar 15 2023 Marek Blaha <mblaha@redhat.com> - 4.14.0-5 - Update translations * Thu Jan 05 2023 Nicola Sella <nsella@redhat.com> - 4.14.0-4 - Ignore processing variable files with unsupported encoding (RhBug:2148871) * Wed Dec 07 2022 Nicola Sella <nsella@redhat.com> - 4.14.0-3 - Move system-upgrade plugin to core (RhBug:2131288) - offline-upgrade: add support for security filters (RhBug:1939975,2139326) - Fix plugins unit tests + unload plugins upon their deletion * Mon Oct 31 2022 Nicola Sella <nsella@redhat.com> - 4.14.0-2 - Pass whole URL in relativeUrl to PackageTarget for RPM URL download * Thu Sep 22 2022 Lukas Hrazky <lhrazky@redhat.com> - 4.14.0-1 - Update to 4.14.0 - Add doc related to --destdir and --downloadonly options (RhBug:2100811) - Fix broken dependencies error reporting (RhBug:2088422) - Add support for group upgrade rollback (RhBug:2016070) - Expose plugin unload method to API (RhBug:2047251) - Fix upgrade from file to noarch pkg (RhBug:2006018) - Allow passing plugin parameters with dashes in names (RhBug:1980712) - Don't include resolved advisories for obsoletes with sec. filters (RhBug:2101421) - Add only relevant pkgs to upgrade transaction (RhBug:2097757) - doc: Describe how gpg keys are stored for `repo_ggpcheck` (RhBug:2020678) - bash-completion: use sqlite cache when available * Thu Sep 15 2022 Marek Blaha <mblaha@redhat.com> - 4.12.0-4 - Update translations * Tue Jul 19 2022 Lukas Hrazky <lhrazky@redhat.com> - 4.12.0-3 - Add only relevant pkgs to upgrade transaction (RhBug:2097757) * Thu Apr 28 2022 Richard W.M. Jones <rjones@redhat.com> - 4.12.0-2 - Backport fix for leak of libsolv's page file descriptors * Thu Apr 28 2022 Pavla Kratochvilova <pkratoch@redhat.com> - 4.12.0-1 - Allow destdir option with modulesync command - Add documentation for query api flags (RhBug:2035577) - Fix swap command to work with local rpm files correctly (RhBug:2036434) - Fix regression in verifying signatures using rpmkeys - Fix decompression of groups.xml (RhBug:2030255) - Fix history undo on a Reason Change (RhBug:2010259,2053014) - Remove /usr/bin from sys.path to avoid accidentally importing garbage - Fix python3.11 build: remove deprecated, update traceback regex - fix dnf mark error when history sqlite missing - [doc] clarify effect of --enablerepo and --disablerepo options (RhBug:2031414) - [doc] default values for module_obsoletes and module_stream_switch (RhBug: 2051846) - dnf.conf: hint users where to find more info about defaults and other options - Fix unittests that relied on checksum being at the end of solvfiles - completion: remove unnecessary echo - Fix remove when no repos are enabled (RhBug:2064341) - Add loongarch support for dnf - Add spaces between words to fix typos (RhBug:2077296) - [doc] Improve "proxy" configuration option documentation (RhBug:2072332) - Fix download errors handling in non-english locales (RhBug:2024527) ncurses-base| * Mon Aug 21 2023 Miroslav Lichvar <mlichvar@redhat.com> 6.2-10.20210508 - ignore TERMINFO and HOME only if setuid/setgid/capability (#2211666) * Mon Aug 14 2023 Miroslav Lichvar <mlichvar@redhat.com> 6.2-9.20210508 - fix buffer overflow on terminfo with too many capabilities (CVE-2023-29491) - ignore TERMINFO and HOME environment variables if running as root (#2211666) tzdata| * Thu Feb 01 2024 Patsy Griffin <patsy@redhat.com> - 2024a-1 - Rebase to tzdata-2024a - Kazakhstan will transition from UTC+6 to UTC+5 on 2024-03-01. - Palestine will spring forward a week later than previously predicted. * Mon Jan 01 2024 Patsy Griffin <patsy@redhat.com> - 2023d-1 - Rebase to tzdata-2023d - Include time zone changes for Ittoqqortoormiit, Greenland and Vostok, Antarctica. - Update the expiration date for the leap-seconds.list file. No new leap seconds were added. * Thu Aug 17 2023 Patsy Griffin <patsy@redhat.com> - 2023c-2 - Bump release to test recent process changes. (RHEL-1323) * Tue Mar 28 2023 Patsy Griffin <patsy@redhat.com> - 2023c-1 - Rebase to tzdata-2023c - Lebanon reversed the change added in tzdata-2023b. * Fri Mar 24 2023 Patsy Griffin <patsy@redhat.com> - 2023b-1 - Rebase to tzdata-2023b - Lebanon will transition to DST on April 20/21, not March 25/26. * Wed Mar 22 2023 Patsy Griffin <patsy@redhat.com> - 2023a-1 - Rebase to tzdata-2023a - Egypt reintroduced DST, from April through October. - Morocco springs forward April 23, not April 30. - Palestine delayed the start of DST this year. * Fri Jan 06 2023 Patsy Griffin <patsy@redhat.com> - 2022g-2 - Include leap-seconds.list in tzdata install. (#2157982) * Tue Nov 29 2022 Patsy Griffin <patsy@redhat.com> - 2022g-1 - Rebase to tzdata-2022g - The northern edge of the Mexican state of Chihuahua will change time zone to agree with nearby US locations on 2022-11-30. - Added a new Zone America/Ciudad_Juarez that splits from America/Ojinaga. * Wed Nov 02 2022 Patsy Griffin <patsy@redhat.com> - 2022f-1 - Rebase to tzdata-2022f - Mexico will stop observing DST except near the US border. - Chihuahua moved to -06 year round starting on 2022-10-30. - Fiji no longer observes DST. * Wed Oct 12 2022 Patsy Griffin <patsy@redhat.com> - 2022e-1 - Rebase to tzdata-2022e - Jordan and Syria cancelled the DST transition planned for 2022-10-28, remaining at +03 permanently. * Mon Sep 26 2022 Patsy Griffin <patsy@redhat.com> - 2022d-1 - Rebase to tzdata-2022d - Palestine's DST transition will be on October 29, 2022, not October 28, 2022. - Europe/Uzhgorod and Europe/Zaporozhye are moved to 'backzone'. * Wed Aug 17 2022 Patsy Griffin <patsy@redhat.com> - 2022c-1 - Rebase to tzdata-2022c - supersedes tzdata-2022b - Add a work-around for an awk bug in FreeBSD, macOS, etc. - Improve tzselect with respect to intercontinental Zones. * Mon Aug 15 2022 Patsy Griffin <patsy@redhat.com> - 2022b-1 - Rebase to tzdata-2022b - Chile transitions to DST on 2022-09-11, not 2022-09-04 - 'make install' now defaults LOCALTIME to Factory rather than GMT - More zones that are the same since 1970 have been moved to backzone. - Include patch for awk workaround. * Thu Apr 14 2022 Patsy Griffin <patsy@redhat.com> - 2022a-1 - Rebase to tzdata-2022a - Palestine springs forward on 2022-03-27, not -03-26. - zdump -v now outputs better failure information - fixes for code that reads corrupted TZif data bash| * Tue Feb 13 2024 Siteshwar Vashisht <svashisht@redhat.com> - 5.1.8-9 - Fix a performance regression while using large number of environment variables Resolves: RHEL-20020 * Mon Feb 12 2024 Siteshwar Vashisht <svashisht@redhat.com> - 5.1.8-8 - Fix an issue with adding newline in bracketed paste mode Resolves: #2168963 * Wed Jan 24 2024 Siteshwar Vashisht <svashisht@redhat.com> - 5.1.8-7 - Restore audit logs in bash-4.3 or newer versions Resolves: RHEL-22619 * Tue Nov 22 2022 Siteshwar Vashisht <svashisht@redhat.com> - 5.1.8-6 - Add a null check in parameter_brace_transform() function Resolves: CVE-2022-3715 * Mon Aug 08 2022 Siteshwar Vashisht <svashisht@redhat.com> - 5.1.8-5 - Fix an off by one error while calling mbrtowc() Resolves: #2115206 ncurses-libs| * Mon Aug 21 2023 Miroslav Lichvar <mlichvar@redhat.com> 6.2-10.20210508 - ignore TERMINFO and HOME only if setuid/setgid/capability (#2211666) * Mon Aug 14 2023 Miroslav Lichvar <mlichvar@redhat.com> 6.2-9.20210508 - fix buffer overflow on terminfo with too many capabilities (CVE-2023-29491) - ignore TERMINFO and HOME environment variables if running as root (#2211666) glibc-minimal-langpack| * Wed Jan 24 2024 Patsy Griffin <patsy@redhat.com> - 2.34-100 - manual: fix order of arguments of memalign and aligned_alloc (RHEL-21556) * Tue Jan 09 2024 Arjun Shankar <arjun@redhat.com> - 2.34-99 - getaddrinfo: Return correct error EAI_MEMORY when out-of-memory (RHEL-19444) * Mon Jan 08 2024 Arjun Shankar <arjun@redhat.com> - 2.34-98 - getaddrinfo: Fix occasionally empty result due to nscd cache order (RHEL-16643) * Tue Jan 02 2024 Florian Weimer <fweimer@redhat.com> - 2.34-97 - Re-enable output buffering for wide stdio streams (RHEL-19862) * Thu Dec 21 2023 Carlos O'Donell <carlos@redhat.com> - 2.34-96 - Fix TLS corruption during dlopen()/dlclose() sequences (RHEL-17465) * Fri Dec 08 2023 Florian Weimer <fweimer@redhat.com> - 2.34-95 - Improve compatibility between underlinking and IFUNC resolvers (RHEL-17319) * Thu Dec 07 2023 Patsy Griffin <patsy@redhat.com> - 2.34-94 - Update syscall-names.list for Linux 6.6. (RHEL-16016) * Wed Dec 06 2023 Patsy Griffin <patsy@redhat.com> - 2.34-93 - malloc: Use __get_nprocs on arena_get2. (RHEL-17157) * Fri Dec 01 2023 Patsy Griffin <patsy@redhat.com> - 2.34-92 - Improve test coverage for wcsdup, strdup and strndup. (RHEL-15343) * Fri Nov 24 2023 Florian Weimer <fweimer@redhat.com> - 2.34-91 - fstat performance enhancement (RHEL-2338) * Tue Nov 21 2023 Florian Weimer <fweimer@redhat.com> - 2.34-90 - ldconfig should skip temporary files created by RPM (RHEL-14383) * Mon Nov 20 2023 Florian Weimer <fweimer@redhat.com> - 2.34-89 - Fix force-first handling in dlclose (RHEL-2491) * Wed Nov 15 2023 Arjun Shankar <arjun@redhat.com> - 2.34-88 - nscd: Refer to /run instead of /var/run in systemd socket file (RHEL-16275) * Fri Nov 10 2023 Florian Weimer <fweimer@redhat.com> - 2.34-87 - Fix slow tls access after dlopen (RHEL-2123) * Tue Oct 24 2023 Arjun Shankar <arjun@redhat.com> - 2.34-86 - Add /usr/share/doc/glibc/gai.conf to glibc-doc (RHEL-14545) * Fri Oct 20 2023 Florian Weimer <fweimer@redhat.com> - 2.34-85 - nscd: Skip unusable entries in first pass in prune_cache (RHEL-3397) * Mon Oct 09 2023 Florian Weimer <fweimer@redhat.com> - 2.34-84 - x86-64: Report non-zero cache sizes under TDX hypervisors (RHEL-1191) * Mon Sep 25 2023 Florian Weimer <fweimer@redhat.com> - 2.34-83.7 - Fix memory leak regression in getaddrinfo (RHEL-2426) * Tue Sep 19 2023 Carlos O'Donell <carlos@redhat.com> - 2.34-83.6 - CVE-2023-4911 glibc: buffer overflow in ld.so leading to privilege escalation (RHEL-3000) * Tue Sep 19 2023 Florian Weimer <fweimer@redhat.com> - 2.34-83.5 - Revert: Always call destructors in reverse constructor order (RHEL-2491) * Mon Sep 18 2023 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.34-83.4 - CVE-2023-4806 glibc: potential use-after-free in getaddrinfo (RHEL-2426) * Fri Sep 15 2023 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.34-83.3 - CVE-2023-4813: potential use-after-free in gaih_inet (RHEL-2438) * Fri Sep 15 2023 Carlos O'Donell <carlos@redhat.com> - 2.34-83.2 - CVE-2023-4527: Stack read overflow in getaddrinfo in no-aaaa mode (#2234716) * Thu Sep 14 2023 Carlos O'Donell <carlos@redhat.com> - 2.34-83.1 - Always call destructors in reverse constructor order (RHEL-2491) * Wed Sep 13 2023 DJ Delorie <dj@redhat.com> - 2.34-83 - Add support for ppc64le hwcaps tunables (RHEL-1017) * Tue Aug 15 2023 Carlos O'Donell <carlos@redhat.com> - 2.34-82 - Fix string and memory function tuning on small systems (#2213907) * Mon Aug 14 2023 Florian Weimer <fweimer@redhat.com> - 2.34-81 - Fix additional GCC 13 build issue (#2222188) * Fri Aug 11 2023 Florian Weimer <fweimer@redhat.com> - 2.34-80 - Fix AMD cache size computation for hypervisors, old CPUs (#2166710) * Tue Aug 08 2023 DJ Delorie <dj@redhat.com> - 2.34-79 - Fix temporal threshold calculations (#2213907) * Fri Aug 04 2023 Florian Weimer <fweimer@redhat.com> - 2.34-78 - Ignore symbolic link change on /etc/nsswitch.conf (#2229156) * Fri Jul 28 2023 Florian Weimer <fweimer@redhat.com> - 2.34-77 - Fix regression with IPv4 mapped addresses in /etc/hosts (#2224504) * Tue Jul 25 2023 Florian Weimer <fweimer@redhat.com> - 2.34-76 - Fix accidentally disabled rseq test (#2224289) * Fri Jul 21 2023 Florian Weimer <fweimer@redhat.com> - 2.34-75 - Make libSegFault.so NODELETE (#2224349) * Fri Jul 21 2023 Florian Weimer <fweimer@redhat.com> - 2.34-74 - rseq_area should always be 32 bytes large (#2224289) * Thu Jul 20 2023 Florian Weimer <fweimer@redhat.com> - 2.34-73 - GCC Toolset 13 C++ compatibility for <math.h> iseqsig (#2222188) * Fri Jul 07 2023 Carlos O'Donell <carlos@redhat.com> - 2.34-72 - Update ESTALE error message translations (RHEL-729) * Fri Jul 07 2023 Carlos O'Donell <carlos@redhat.com> - 2.34-71 - Avoid lazy binding failures during dlclose (#2189923) * Mon Jun 26 2023 Arjun Shankar <arjun@redhat.com> - 2.34-70 - resolv_conf: release lock on allocation failure (#2213908) * Mon Jun 26 2023 Arjun Shankar <arjun@redhat.com> - 2.34-69 - strerror must not return NULL (#2215368) * Mon May 08 2023 DJ Delorie <dj@redhat.com> - 2.34-68 - Switch to sysusers_ctl instead of useradd (#2095417) * Fri Apr 28 2023 Florian Weimer <fweimer@redhat.com> - 2.34-67 - Sync with upstream branch release/2.34/master, commit 0ea8174d62263c2679c95c0d215d2627e560f7aa: - gmon: fix memory corruption issues [BZ# 30101] - gmon: improve mcount overflow handling [BZ# 27576] - gmon: Fix allocated buffer overflow (bug 29444) - posix: Fix system blocks SIGCHLD erroneously [BZ #30163] - x86_64: Fix asm constraints in feraiseexcept (bug 30305) - gshadow: Matching sgetsgent, sgetsgent_r ERANGE handling (bug 30151) - x86: Check minimum/maximum of non_temporal_threshold [BZ #29953] * Thu Apr 20 2023 Patsy Griffin <patsy@redhat.com> - 2.34-66 - x86: Cache computation for AMD architecture. (#2166710) * Fri Apr 14 2023 Florian Weimer <fweimer@redhat.com> - 2.34-65 - Do not add = to linker scripts in sysroot (#2153855) * Thu Apr 06 2023 DJ Delorie <dj@redhat.com> - 2.34-64 - x86: Use CHECK_FEATURE_PRESENT on PCONFIG (#2149615) * Thu Mar 30 2023 Arjun Shankar <arjun@redhat.com> - 2.34-63 - s390x: Influence hwcaps/stfle via glibc.cpu.hwcaps tunable (#2169978) * Wed Mar 29 2023 DJ Delorie <dj@redhat.com> - 2.34-62 - x86: Don't check PREFETCHWT1 in tst-cpu-features-cpuinfo.c (#2149615) * Mon Mar 06 2023 Carlos O'Donell <carlos@redhat.com> - 2.34-61 - Fix nested atexit calls from atexit handlers (#2172953) * Wed Feb 08 2023 Florian Weimer <fweimer@redhat.com> - 2.34-60 - Upstream test for ldconfig -p (#2167811) * Wed Feb 08 2023 Florian Weimer <fweimer@redhat.com> - 2.34-59 - Fix ldconfig -p on i686 (#2167811) * Wed Jan 25 2023 Florian Weimer <fweimer@redhat.com> - 2.34-58 - Enhance internal tunables ABI stability (awk iteration order) (#2162962) * Tue Jan 17 2023 Florian Weimer <fweimer@redhat.com> - 2.34-57 - Sync with upstream branch release/2.34/master, commit 6484ae5b8c4d4314f748e4d3c9a9baa5385e57c5 - malloc: Fix -Wuse-after-free warning in tst-mallocalign1 [BZ #26779] - s_sincosf.h: Change pio4 type to float [BZ #28713] - math: Properly cast X_TLOSS to float [BZ #28713] - Regenerate ulps on x86_64 with GCC 12 - Avoid -Wuse-after-free in tests [BZ #26779]. - Fix build of nptl/tst-thread_local1.cc with GCC 12 - Fix stdio-common tests for GCC 12 -Waddress - Fix stdlib/tst-setcontext.c for GCC 12 -Warray-compare - resolv: Avoid GCC 12 false positive warning [BZ #28439]. - intl: Avoid -Wuse-after-free [BZ #26779] - elf: Drop elf/tls-macros.h in favor of __thread and tls_model attributes [BZ #28152] [BZ #28205] - time: Set daylight to 1 for matching DST/offset change (RHBZ#2155352) - elf/tst-tlsopt-powerpc fails when compiled with -mcpu=power10 (BZ# 29776) - time: Use 64 bit time on tzfile - nscd: Use 64 bit time_t on libc nscd routines (BZ# 29402) - nis: Build libnsl with 64 bit time_t - Use LFS and 64 bit time for installed programs (BZ #15333) * Mon Dec 12 2022 Tulio Magno Quites Machado Filho <tuliom@redhat.com> - 2.34-56 - Earlier removal of alternative multilibs (#2149994) * Mon Dec 12 2022 Tulio Magno Quites Machado Filho <tuliom@redhat.com> - 2.34-55 - Earlier removal of alternative multilibs (#2149994) * Mon Dec 12 2022 Florian Weimer <fweimer@redhat.com> - 2.34-54 - Install kernel header files into the sysroot subpackage (#2149644) * Wed Dec 07 2022 Arjun Shankar <arjun@redhat.com> - 2.34-53 - Sync with upstream branch release/2.34/master, commit a4217408a3d6050a7f42ac23adb6ac7218dca85f: - Apply asm redirections in syslog.h before first use [BZ #27087] - _Static_assert needs two arguments for compatibility with GCC before 9 * Wed Nov 30 2022 Florian Weimer <fweimer@redhat.com> - 2.34-52 - Add noarch sysroot subpackages (#2149644) * Tue Nov 29 2022 Florian Weimer <fweimer@redhat.com> - 2.34-51 - Prepare for integration of GCC 8 compatible _Static_assert (#2149102) * Fri Nov 25 2022 Arjun Shankar <arjun@redhat.com> - 2.34-50 - Sync with upstream branch release/2.34/master, commit 405b8ae13540e9fd614df614e3361ebf9abd14cf: - elf: Fix wrong fscanf usage on tst-pldd - Allow for unpriviledged nested containers - elf: Fix wrong fscanf usage on tst-pldd - x86: Fix wcsnlen-avx2 page cross length comparison [BZ #29591] - elf: Fix rtld-audit trampoline for aarch64 * Mon Nov 14 2022 Arjun Shankar <arjun@redhat.com> - 2.34-49 - Sync with upstream branch release/2.34/master, commit: 75b0edb7ef338084e53925139ae81fb0dfc07dd4: - Update NEWS file in the right place - Linux: Support __IPC_64 in sysvctl *ctl command arguments (bug 29771) - io: Fix use-after-free in ftw [BZ #26779] - io: Fix ftw internal realloc buffer (BZ #28126) - regex: fix buffer read overrun in search [BZ#28470] - regex: copy back from Gnulib - Allow #pragma GCC in headers in conformtest - Fix memmove call in vfprintf-internal.c:group_number - mktime: improve heuristic for ca-1986 Indiana DST - Makerules: fix MAKEFLAGS assignment for upcoming make-4.4 [BZ# 29564] - linux: Fix generic struct_stat for 64 bit time (BZ# 29657) - elf: Do not completely clear reused namespace in dlmopen (bug 29600) - nss: Use shared prefix in IPv4 address in tst-reload1 - nss: Fix tst-nss-files-hosts-long on single-stack hosts (bug 24816) - nss: Implement --no-addrconfig option for getent * Thu Oct 13 2022 Arjun Shankar <arjun@redhat.com> - 2.34-48 - Handle non-hostname CNAME aliases during name resolution (#2129005) - Sync with upstream branch release/2.34/master, commit e3976287b22422787f3cc6fc9adda58304b55bd9: - nscd: Drop local address tuple variable [BZ #29607] - x86-64: Require BMI1/BMI2 for AVX2 strrchr and wcsrchr implementations - x86-64: Require BMI2 and LZCNT for AVX2 memrchr implementation - x86-64: Require BMI2 for AVX2 (raw|w)memchr implementations - x86-64: Require BMI2 for AVX2 wcs(n)cmp implementations - x86-64: Require BMI2 for AVX2 strncmp implementation - x86-64: Require BMI2 for AVX2 strcmp implementation - x86-64: Require BMI2 for AVX2 str(n)casecmp implementations - x86: include BMI1 and BMI2 in x86-64-v3 level - nptl: Add backoff mechanism to spinlock loop - sysdeps: Add 'get_fast_jitter' interace in fast-jitter.h - nptl: Effectively skip CAS in spinlock loop - Move assignment out of the CAS condition - Add LLL_MUTEX_READ_LOCK [BZ #28537] - Avoid extra load with CAS in __pthread_mutex_clocklock_common [BZ #28537] - Avoid extra load with CAS in __pthread_mutex_lock_full [BZ #28537] - resolv: Fix building tst-resolv-invalid-cname for earlier C standards - nss_dns: Rewrite _nss_dns_gethostbyname4_r using current interfaces - resolv: Add new tst-resolv-invalid-cname - nss_dns: In gaih_getanswer_slice, skip strange aliases (bug 12154) (#2129005) - nss_dns: Rewrite getanswer_r to match getanswer_ptr (bug 12154, bug 29305) - nss_dns: Remove remnants of IPv6 address mapping - nss_dns: Rewrite _nss_dns_gethostbyaddr2_r and getanswer_ptr - nss_dns: Split getanswer_ptr from getanswer_r - resolv: Add DNS packet parsing helpers geared towards wire format - resolv: Add internal __ns_name_length_uncompressed function - resolv: Add the __ns_samebinaryname function - resolv: Add internal __res_binary_hnok function - resolv: Add tst-resolv-aliases - resolv: Add tst-resolv-byaddr for testing reverse lookup - gconv: Use 64-bit interfaces in gconv_parseconfdir (bug 29583) - elf: Fix hwcaps string size overestimation - nscd: Fix netlink cache invalidation if epoll is used [BZ #29415] - Apply asm redirections in wchar.h before first use - Apply asm redirections in stdio.h before first use [BZ #27087] - elf: Call __libc_early_init for reused namespaces (bug 29528) * Tue Oct 11 2022 Florian Weimer <fweimer@redhat.com> - 2.34-47 - Simplify the glibc system call profile (#2117712) * Tue Oct 11 2022 Florian Weimer <fweimer@redhat.com> - 2.34-46 - DSO dependency sort must put new map first even if in cycle (#2128615) * Tue Oct 11 2022 Florian Weimer <fweimer@redhat.com> - 2.34-45 - Run tst-audit-tlsdesc{,-dlopen} on all architectures (#2118666) * Thu Oct 06 2022 Arjun Shankar <arjun@redhat.com> - 2.34-44 - wrap-find-debuginfo.sh: Use nm --format=posix instead of --format=just-symbols * Mon Oct 03 2022 Arjun Shankar <arjun@redhat.com> - 2.34-43 - Remove .annobin* symbols from ld.so (#2126477) * Tue Sep 06 2022 Arjun Shankar <arjun@redhat.com> - 2.34-42 - Co-Authored-By: Benjamin Herrenschmidt <benh@amazon.com> - Retain .gnu_debuglink section in libc.so.6 (#2090744) - Remove redundant ld.so debuginfo file (#2090744) * Tue Aug 23 2022 Arjun Shankar <arjun@redhat.com> - 2.34-41 - Sync with upstream branch release/2.34/master, commit 68507377f249d165f1f35502d96e9365edb07d9a: - socket: Check lengths before advancing pointer in CMSG_NXTHDR - alpha: Fix generic brk system call emulation in __brk_call (bug 29490) - stdlib: Fixup mbstowcs NULL __dst handling. [BZ #29279] - stdlib: Remove attr_write from mbstows if dst is NULL [BZ: 29265] - Update syscall lists for Linux 5.19 - dlfcn: Pass caller pointer to static dlopen implementation (bug 29446) * Fri Jul 22 2022 Arjun Shankar <arjun@redhat.com> - 2.34-40 - Sync with upstream branch release/2.34/master, commit b2f32e746492615a6eb3e66fac1e766e32e8deb1: - malloc: Simplify implementation of __malloc_assert - Update syscall-names.list for Linux 5.18 - x86: Add missing IS_IN (libc) check to strncmp-sse4_2.S - x86: Move mem{p}{mov|cpy}_{chk_}erms to its own file - x86: Move and slightly improve memset_erms - x86: Add definition for __wmemset_chk AVX2 RTM in ifunc impl list - x86: Put wcs{n}len-sse4.1 in the sse4.1 text section - x86: Align entry for memrchr to 64-bytes. - x86: Add BMI1/BMI2 checks for ISA_V3 check - x86: Cleanup bounds checking in large memcpy case - x86: Add bounds `x86_non_temporal_threshold` - x86: Add sse42 implementation to strcmp's ifunc - x86: Fix misordered logic for setting `rep_movsb_stop_threshold` - x86: Align varshift table to 32-bytes - x86: ZERO_UPPER_VEC_REGISTERS_RETURN_XTEST expect no transactions - x86: Shrink code size of memchr-evex.S - x86: Shrink code size of memchr-avx2.S - x86: Optimize memrchr-avx2.S - x86: Optimize memrchr-evex.S - x86: Optimize memrchr-sse2.S - x86: Add COND_VZEROUPPER that can replace vzeroupper if no `ret` - x86: Create header for VEC classes in x86 strings library - x86_64: Add strstr function with 512-bit EVEX - x86-64: Ignore r_addend for R_X86_64_GLOB_DAT/R_X86_64_JUMP_SLOT - x86_64: Implement evex512 version of strlen, strnlen, wcslen and wcsnlen - x86_64: Remove bzero optimization - x86_64: Remove end of line trailing spaces - nptl: Fix ___pthread_unregister_cancel_restore asynchronous restore - linux: Fix mq_timereceive check for 32 bit fallback code (BZ 29304) * Fri Jun 24 2022 Florian Weimer <fweimer@redhat.com> - 2.34-39 - Add the no-aaaa DNS stub resolver option (#2096191) * Tue Jun 14 2022 Arjun Shankar <arjun@redhat.com> - 2.34-38 - Sync with upstream branch release/2.34/master, commit 94ab2088c37d8e4285354af120b7ed6b887b9e53: - nss: handle stat failure in check_reload_and_get (BZ #28752) - nss: add assert to DB_LOOKUP_FCT (BZ #28752) - nios2: Remove _dl_skip_args usage (BZ# 29187) - hppa: Remove _dl_skip_args usage (BZ# 29165) - nptl: Fix __libc_cleanup_pop_restore asynchronous restore (BZ#29214) * Wed Jun 08 2022 Florian Weimer <fweimer@redhat.com> - 2.34-37 - Enable rseq by default and add GLIBC_2.35 rseq symbols (#2085529) * Wed Jun 08 2022 Florian Weimer <fweimer@redhat.com> - 2.34-36 - Sync with upstream branch release/2.34/master, commit 4c92a1041257c0155c6aa7a182fe5f78e477b0e6: - powerpc: Fix VSX register number on __strncpy_power9 [BZ #29197] - socket: Fix mistyped define statement in socket/sys/socket.h (BZ #29225) - iconv: Use 64 bit stat for gconv_parseconfdir (BZ# 29213) - catgets: Use 64 bit stat for __open_catalog (BZ# 29211) - inet: Use 64 bit stat for ruserpass (BZ# 29210) - socket: Use 64 bit stat for isfdtype (BZ# 29209) - posix: Use 64 bit stat for fpathconf (_PC_ASYNC_IO) (BZ# 29208) - posix: Use 64 bit stat for posix_fallocate fallback (BZ# 29207) - misc: Use 64 bit stat for getusershell (BZ# 29204) - misc: Use 64 bit stat for daemon (BZ# 29203) * Tue May 31 2022 Arjun Shankar <arjun@redhat.com> - 2.34-35 - Sync with upstream branch release/2.34/master, commit ff450cdbdee0b8cb6b9d653d6d2fa892de29be31: - Fix deadlock when pthread_atfork handler calls pthread_atfork or dlclose - x86: Fallback {str|wcs}cmp RTM in the ncmp overflow case [BZ #29127] - string.h: fix __fortified_attr_access macro call [BZ #29162] - linux: Add a getauxval test [BZ #23293] - rtld: Use generic argv adjustment in ld.so [BZ #23293] - S390: Enable static PIE * Thu May 19 2022 Florian Weimer <fweimer@redhat.com> - 2.34-34 - Sync with upstream branch release/2.34/master, commit ede8d94d154157d269b18f3601440ac576c1f96a: - csu: Implement and use _dl_early_allocate during static startup - Linux: Introduce __brk_call for invoking the brk system call - Linux: Implement a useful version of _startup_fatal - ia64: Always define IA64_USE_NEW_STUB as a flag macro - Linux: Define MMAP_CALL_INTERNAL - i386: Honor I386_USE_SYSENTER for 6-argument Linux system calls - i386: Remove OPTIMIZE_FOR_GCC_5 from Linux libc-do-syscall.S - elf: Remove __libc_init_secure - Linux: Consolidate auxiliary vector parsing (redo) - Linux: Include <dl-auxv.h> in dl-sysdep.c only for SHARED - Revert "Linux: Consolidate auxiliary vector parsing" - Linux: Consolidate auxiliary vector parsing - Linux: Assume that NEED_DL_SYSINFO_DSO is always defined - Linux: Remove DL_FIND_ARG_COMPONENTS - Linux: Remove HAVE_AUX_SECURE, HAVE_AUX_XID, HAVE_AUX_PAGESIZE - elf: Merge dl-sysdep.c into the Linux version - elf: Remove unused NEED_DL_BASE_ADDR and _dl_base_addr - x86: Optimize {str|wcs}rchr-evex - x86: Optimize {str|wcs}rchr-avx2 - x86: Optimize {str|wcs}rchr-sse2 - x86: Cleanup page cross code in memcmp-avx2-movbe.S - x86: Remove memcmp-sse4.S - x86: Small improvements for wcslen - x86: Remove AVX str{n}casecmp - x86: Add EVEX optimized str{n}casecmp - x86: Add AVX2 optimized str{n}casecmp - x86: Optimize str{n}casecmp TOLOWER logic in strcmp-sse42.S - x86: Optimize str{n}casecmp TOLOWER logic in strcmp.S - x86: Remove strspn-sse2.S and use the generic implementation - x86: Remove strpbrk-sse2.S and use the generic implementation - x86: Remove strcspn-sse2.S and use the generic implementation - x86: Optimize strspn in strspn-c.c - x86: Optimize strcspn and strpbrk in strcspn-c.c - x86: Code cleanup in strchr-evex and comment justifying branch - x86: Code cleanup in strchr-avx2 and comment justifying branch - x86_64: Remove bcopy optimizations - x86-64: Remove bzero weak alias in SS2 memset - x86_64/multiarch: Sort sysdep_routines and put one entry per line - x86: Improve L to support L(XXX_SYMBOL (YYY, ZZZ)) - fortify: Ensure that __glibc_fortify condition is a constant [BZ #29141] * Thu May 12 2022 Florian Weimer <fweimer@redhat.com> - 2.34-33 - Sync with upstream branch release/2.34/master, commit 91c2e6c3db44297bf4cb3a2e3c40236c5b6a0b23: - dlfcn: Implement the RTLD_DI_PHDR request type for dlinfo - manual: Document the dlinfo function - x86: Fix fallback for wcsncmp_avx2 in strcmp-avx2.S [BZ #28896] - x86: Fix bug in strncmp-evex and strncmp-avx2 [BZ #28895] - x86: Set .text section in memset-vec-unaligned-erms - x86-64: Optimize bzero - x86: Remove SSSE3 instruction for broadcast in memset.S (SSE2 Only) - x86: Improve vec generation in memset-vec-unaligned-erms.S - x86-64: Fix strcmp-evex.S - x86-64: Fix strcmp-avx2.S - x86: Optimize strcmp-evex.S - x86: Optimize strcmp-avx2.S - manual: Clarify that abbreviations of long options are allowed - Add HWCAP2_AFP, HWCAP2_RPRES from Linux 5.17 to AArch64 bits/hwcap.h - aarch64: Add HWCAP2_ECV from Linux 5.16 - Add SOL_MPTCP, SOL_MCTP from Linux 5.16 to bits/socket.h - Update kernel version to 5.17 in tst-mman-consts.py - Update kernel version to 5.16 in tst-mman-consts.py - Update syscall lists for Linux 5.17 - Add ARPHRD_CAN, ARPHRD_MCTP to net/if_arp.h - Update kernel version to 5.15 in tst-mman-consts.py - Add PF_MCTP, AF_MCTP from Linux 5.15 to bits/socket.h * Thu Apr 28 2022 Carlos O'Donell <carlos@redhat.com> - 2.34-32 - Sync with upstream branch release/2.34/master, commit c66c92181ddbd82306537a608e8c0282587131de: - posix/glob.c: update from gnulib (BZ#25659) - linux: Fix fchmodat with AT_SYMLINK_NOFOLLOW for 64 bit time_t (BZ#29097) * Wed Apr 27 2022 Carlos O'Donell <carlos@redhat.com> - 2.34-31 - Sync with upstream branch release/2.34/master, commit 55640ed3fde48360a8e8083be4843bd2dc7cecfe: - i386: Regenerate ulps - linux: Fix missing internal 64 bit time_t stat usage - x86: Optimize L(less_vec) case in memcmp-evex-movbe.S - x86: Don't set Prefer_No_AVX512 for processors with AVX512 and AVX-VNNI - x86-64: Use notl in EVEX strcmp [BZ #28646] - x86: Shrink memcmp-sse4.S code size - x86: Double size of ERMS rep_movsb_threshold in dl-cacheinfo.h - x86: Optimize memmove-vec-unaligned-erms.S - x86-64: Replace movzx with movzbl - x86-64: Remove Prefer_AVX2_STRCMP - x86-64: Improve EVEX strcmp with masked load - x86: Replace sse2 instructions with avx in memcmp-evex-movbe.S - x86: Optimize memset-vec-unaligned-erms.S - x86: Optimize memcmp-evex-movbe.S for frontend behavior and size - x86: Modify ENTRY in sysdep.h so that p2align can be specified - x86-64: Optimize load of all bits set into ZMM register [BZ #28252] - scripts/glibcelf.py: Mark as UNSUPPORTED on Python 3.5 and earlier - dlfcn: Do not use rtld_active () to determine ld.so state (bug 29078) - INSTALL: Rephrase -with-default-link documentation - misc: Fix rare fortify crash on wchar funcs. [BZ 29030] - Default to --with-default-link=no (bug 25812) - scripts: Add glibcelf.py module * Thu Apr 21 2022 Carlos O'Donell <carlos@redhat.com> - 2.34-30 - Sync with upstream branch release/2.34/master, commit 71326f1f2fd09dafb9c34404765fb88129e94237: - nptl: Fix pthread_cancel cancelhandling atomic operations - mips: Fix mips64n32 64 bit time_t stat support (BZ#29069) - hurd: Fix arbitrary error code - nptl: Handle spurious EINTR when thread cancellation is disabled (BZ#29029) - S390: Add new s390 platform z16. - NEWS: Update fixed bug list for LD_AUDIT backports. - hppa: Fix bind-now audit (BZ #28857) - elf: Replace tst-audit24bmod2.so with tst-audit24bmod2 - Fix elf/tst-audit25a with default bind now toolchains - elf: Fix runtime linker auditing on aarch64 (BZ #26643) - elf: Issue la_symbind for bind-now (BZ #23734) - elf: Fix initial-exec TLS access on audit modules (BZ #28096) - elf: Add la_activity during application exit - elf: Do not fail for failed dlmopen on audit modules (BZ #28061) - elf: Issue audit la_objopen for vDSO - elf: Add audit tests for modules with TLSDESC - elf: Avoid unnecessary slowdown from profiling with audit (BZ#15533) - elf: Add _dl_audit_pltexit - elf: Add _dl_audit_pltenter - elf: Add _dl_audit_preinit - elf: Add _dl_audit_symbind_alt and _dl_audit_symbind - elf: Add _dl_audit_objclose - elf: Add _dl_audit_objsearch - elf: Add _dl_audit_activity_map and _dl_audit_activity_nsid - elf: Add _dl_audit_objopen - elf: Move la_activity (LA_ACT_ADD) after _dl_add_to_namespace_list() (BZ #28062) - elf: Move LAV_CURRENT to link_lavcurrent.h - elf: Fix elf_get_dynamic_info() for bootstrap - elf: Fix dynamic-link.h usage on rtld.c - elf: Fix elf_get_dynamic_info definition - elf: Avoid nested functions in the loader [BZ #27220] - powerpc: Delete unneeded ELF_MACHINE_BEFORE_RTLD_RELOC - hppa: Use END instead of PSEUDO_END in swapcontext.S - hppa: Implement swapcontext in assembler (bug 28960) * Tue Mar 15 2022 Florian Weimer <fweimer@redhat.com> - 2.34-29 - Sync with upstream branch release/2.34/master, commit 224d8c1890b6c57c7e4e8ddbb792dd9552086704: - debug: Synchronize feature guards in fortified functions [BZ #28746] - debug: Autogenerate _FORTIFY_SOURCE tests - Enable _FORTIFY_SOURCE=3 for gcc 12 and above - fortify: Fix spurious warning with realpath - __glibc_unsafe_len: Fix comment - debug: Add tests for _FORTIFY_SOURCE=3 - Make sure that the fortified function conditionals are constant - Don't add access size hints to fortifiable functions - nss: Protect against errno changes in function lookup (bug 28953) - nss: Do not mention NSS test modules in <gnu/lib-names.h> - io: Add fsync call in tst-stat - hppa: Fix warnings from _dl_lookup_address - nptl: Fix cleanups for stack grows up [BZ# 28899] - hppa: Revise gettext trampoline design - hppa: Fix swapcontext - Fix elf/tst-audit2 on hppa - localedef: Handle symbolic links when generating locale-archive - NEWS: Add a bug fix entry for BZ #28896 - x86: Fix TEST_NAME to make it a string in tst-strncmp-rtm.c - x86: Test wcscmp RTM in the wcsncmp overflow case [BZ #28896] - x86: Fallback {str|wcs}cmp RTM in the ncmp overflow case [BZ #28896] - string: Add a testcase for wcsncmp with SIZE_MAX [BZ #28755] - linux: fix accuracy of get_nprocs and get_nprocs_conf [BZ #28865] - Add reference to BZ#28860 on NEWS - linux: Fix missing __convert_scm_timestamps (BZ #28860) * Tue Mar 08 2022 Arjun Shankar <arjun@redhat.com> - 2.34-28 - Reduce installed size of some langpacks by de-duplicating LC_CTYPE (#2054789) - Fix localedef so it can handle symbolic links when generating locale-archive. - Drop glibc-fedora-localedef.patch and adjust locale installation accordingly so that installed content remains unchanged. * Mon Feb 28 2022 Florian Weimer <fweimer@redhat.com> - 2.34-27 - Fix regression (ldd crash) during dependency sorting in ld.so (#2058230) * Mon Feb 28 2022 Florian Weimer <fweimer@redhat.com> - 2.34-26 - Fix localedef compilation of C.UTF-8 (empty LC_MONETARY keywords) (#2058224) * Thu Feb 03 2022 Florian Weimer <fweimer@redhat.com> - 2.34-25 - Sync with upstream branch release/2.34/master, commit 6eaf10cbb78d22eae7999d9de55f6b93999e0860: - socket: Do not use AF_NETLINK in __opensock - hurd if_index: Explicitly use AF_INET for if index discovery - Linux: Simplify __opensock and fix race condition [BZ #28353] - linux: __get_nprocs_sched: do not feed CPU_COUNT_S with garbage [BZ #28850] * Tue Feb 01 2022 Florian Weimer <fweimer@redhat.com> - 2.34-24 - Sync with upstream branch release/2.34/master, commit 008003dc6e83439c5e04a744b7fd8197df19096e: - tst-socket-timestamp-compat.c: Check __TIMESIZE [BZ #28837] - Linux: Only generate 64 bit timestamps for 64 bit time_t recvmsg/recvmmsg - linux: Fix ancillary 64-bit time timestamp conversion (BZ #28349, BZ#28350) - support: Add support_socket_so_timestamp_time64 * Tue Feb 01 2022 Florian Weimer <fweimer@redhat.com> - 2.34-23 - Align with glibc 2.35 version of C.UTF-8 * Tue Feb 01 2022 Florian Weimer <fweimer@redhat.com> - 2.34-22 - Sync with upstream branch release/2.34/master, commit aa601d024424c40ae9a69b0c4e394a70ea0570c8: - x86: Use CHECK_FEATURE_PRESENT to check HLE [BZ #27398] - x86: Filter out more Intel CPUs for TSX [BZ #27398] - Fix glibc 2.34 ABI omission (missing GLIBC_2.34 in dynamic loader) - x86: Fix __wcsncmp_evex in strcmp-evex.S [BZ# 28755] - x86: Fix __wcsncmp_avx2 in strcmp-avx2.S [BZ# 28755] * Mon Jan 24 2022 Florian Weimer <fweimer@redhat.com> - 2.34-21 - Sync with upstream branch release/2.34/master, commit 3438bbca90895d32825a52e31a77dc44d273c1c1: - Linux: Detect user namespace support in io/tst-getcwd-smallbuff - realpath: Avoid overwriting preexisting error - CVE-2021-3999: getcwd: Set errno to ERANGE for size == 1 - tst-realpath-toolong: Fix hurd build - CVE-2021-3998: realpath: ENAMETOOLONG for result larger than PATH_MAX - stdlib: Fix formatting of tests list in Makefile - stdlib: Sort tests in Makefile - support: Add helpers to create paths longer than PATH_MAX - powerpc: Fix unrecognized instruction errors with recent binutils - x86: use default cache size if it cannot be determined [BZ #28784] - CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bug 28768) - sunrpc: Test case for clnt_create "unix" buffer overflow (bug 22542) - CVE-2022-23219: Buffer overflow in sunrpc clnt_create for "unix" (bug 22542) - socket: Add the __sockaddr_un_set function - Disable debuginfod in printer tests [BZ #28757] - Update syscall lists for Linux 5.16 glibc-common| * Wed Jan 24 2024 Patsy Griffin <patsy@redhat.com> - 2.34-100 - manual: fix order of arguments of memalign and aligned_alloc (RHEL-21556) * Tue Jan 09 2024 Arjun Shankar <arjun@redhat.com> - 2.34-99 - getaddrinfo: Return correct error EAI_MEMORY when out-of-memory (RHEL-19444) * Mon Jan 08 2024 Arjun Shankar <arjun@redhat.com> - 2.34-98 - getaddrinfo: Fix occasionally empty result due to nscd cache order (RHEL-16643) * Tue Jan 02 2024 Florian Weimer <fweimer@redhat.com> - 2.34-97 - Re-enable output buffering for wide stdio streams (RHEL-19862) * Thu Dec 21 2023 Carlos O'Donell <carlos@redhat.com> - 2.34-96 - Fix TLS corruption during dlopen()/dlclose() sequences (RHEL-17465) * Fri Dec 08 2023 Florian Weimer <fweimer@redhat.com> - 2.34-95 - Improve compatibility between underlinking and IFUNC resolvers (RHEL-17319) * Thu Dec 07 2023 Patsy Griffin <patsy@redhat.com> - 2.34-94 - Update syscall-names.list for Linux 6.6. (RHEL-16016) * Wed Dec 06 2023 Patsy Griffin <patsy@redhat.com> - 2.34-93 - malloc: Use __get_nprocs on arena_get2. (RHEL-17157) * Fri Dec 01 2023 Patsy Griffin <patsy@redhat.com> - 2.34-92 - Improve test coverage for wcsdup, strdup and strndup. (RHEL-15343) * Fri Nov 24 2023 Florian Weimer <fweimer@redhat.com> - 2.34-91 - fstat performance enhancement (RHEL-2338) * Tue Nov 21 2023 Florian Weimer <fweimer@redhat.com> - 2.34-90 - ldconfig should skip temporary files created by RPM (RHEL-14383) * Mon Nov 20 2023 Florian Weimer <fweimer@redhat.com> - 2.34-89 - Fix force-first handling in dlclose (RHEL-2491) * Wed Nov 15 2023 Arjun Shankar <arjun@redhat.com> - 2.34-88 - nscd: Refer to /run instead of /var/run in systemd socket file (RHEL-16275) * Fri Nov 10 2023 Florian Weimer <fweimer@redhat.com> - 2.34-87 - Fix slow tls access after dlopen (RHEL-2123) * Tue Oct 24 2023 Arjun Shankar <arjun@redhat.com> - 2.34-86 - Add /usr/share/doc/glibc/gai.conf to glibc-doc (RHEL-14545) * Fri Oct 20 2023 Florian Weimer <fweimer@redhat.com> - 2.34-85 - nscd: Skip unusable entries in first pass in prune_cache (RHEL-3397) * Mon Oct 09 2023 Florian Weimer <fweimer@redhat.com> - 2.34-84 - x86-64: Report non-zero cache sizes under TDX hypervisors (RHEL-1191) * Mon Sep 25 2023 Florian Weimer <fweimer@redhat.com> - 2.34-83.7 - Fix memory leak regression in getaddrinfo (RHEL-2426) * Tue Sep 19 2023 Carlos O'Donell <carlos@redhat.com> - 2.34-83.6 - CVE-2023-4911 glibc: buffer overflow in ld.so leading to privilege escalation (RHEL-3000) * Tue Sep 19 2023 Florian Weimer <fweimer@redhat.com> - 2.34-83.5 - Revert: Always call destructors in reverse constructor order (RHEL-2491) * Mon Sep 18 2023 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.34-83.4 - CVE-2023-4806 glibc: potential use-after-free in getaddrinfo (RHEL-2426) * Fri Sep 15 2023 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.34-83.3 - CVE-2023-4813: potential use-after-free in gaih_inet (RHEL-2438) * Fri Sep 15 2023 Carlos O'Donell <carlos@redhat.com> - 2.34-83.2 - CVE-2023-4527: Stack read overflow in getaddrinfo in no-aaaa mode (#2234716) * Thu Sep 14 2023 Carlos O'Donell <carlos@redhat.com> - 2.34-83.1 - Always call destructors in reverse constructor order (RHEL-2491) * Wed Sep 13 2023 DJ Delorie <dj@redhat.com> - 2.34-83 - Add support for ppc64le hwcaps tunables (RHEL-1017) * Tue Aug 15 2023 Carlos O'Donell <carlos@redhat.com> - 2.34-82 - Fix string and memory function tuning on small systems (#2213907) * Mon Aug 14 2023 Florian Weimer <fweimer@redhat.com> - 2.34-81 - Fix additional GCC 13 build issue (#2222188) * Fri Aug 11 2023 Florian Weimer <fweimer@redhat.com> - 2.34-80 - Fix AMD cache size computation for hypervisors, old CPUs (#2166710) * Tue Aug 08 2023 DJ Delorie <dj@redhat.com> - 2.34-79 - Fix temporal threshold calculations (#2213907) * Fri Aug 04 2023 Florian Weimer <fweimer@redhat.com> - 2.34-78 - Ignore symbolic link change on /etc/nsswitch.conf (#2229156) * Fri Jul 28 2023 Florian Weimer <fweimer@redhat.com> - 2.34-77 - Fix regression with IPv4 mapped addresses in /etc/hosts (#2224504) * Tue Jul 25 2023 Florian Weimer <fweimer@redhat.com> - 2.34-76 - Fix accidentally disabled rseq test (#2224289) * Fri Jul 21 2023 Florian Weimer <fweimer@redhat.com> - 2.34-75 - Make libSegFault.so NODELETE (#2224349) * Fri Jul 21 2023 Florian Weimer <fweimer@redhat.com> - 2.34-74 - rseq_area should always be 32 bytes large (#2224289) * Thu Jul 20 2023 Florian Weimer <fweimer@redhat.com> - 2.34-73 - GCC Toolset 13 C++ compatibility for <math.h> iseqsig (#2222188) * Fri Jul 07 2023 Carlos O'Donell <carlos@redhat.com> - 2.34-72 - Update ESTALE error message translations (RHEL-729) * Fri Jul 07 2023 Carlos O'Donell <carlos@redhat.com> - 2.34-71 - Avoid lazy binding failures during dlclose (#2189923) * Mon Jun 26 2023 Arjun Shankar <arjun@redhat.com> - 2.34-70 - resolv_conf: release lock on allocation failure (#2213908) * Mon Jun 26 2023 Arjun Shankar <arjun@redhat.com> - 2.34-69 - strerror must not return NULL (#2215368) * Mon May 08 2023 DJ Delorie <dj@redhat.com> - 2.34-68 - Switch to sysusers_ctl instead of useradd (#2095417) * Fri Apr 28 2023 Florian Weimer <fweimer@redhat.com> - 2.34-67 - Sync with upstream branch release/2.34/master, commit 0ea8174d62263c2679c95c0d215d2627e560f7aa: - gmon: fix memory corruption issues [BZ# 30101] - gmon: improve mcount overflow handling [BZ# 27576] - gmon: Fix allocated buffer overflow (bug 29444) - posix: Fix system blocks SIGCHLD erroneously [BZ #30163] - x86_64: Fix asm constraints in feraiseexcept (bug 30305) - gshadow: Matching sgetsgent, sgetsgent_r ERANGE handling (bug 30151) - x86: Check minimum/maximum of non_temporal_threshold [BZ #29953] * Thu Apr 20 2023 Patsy Griffin <patsy@redhat.com> - 2.34-66 - x86: Cache computation for AMD architecture. (#2166710) * Fri Apr 14 2023 Florian Weimer <fweimer@redhat.com> - 2.34-65 - Do not add = to linker scripts in sysroot (#2153855) * Thu Apr 06 2023 DJ Delorie <dj@redhat.com> - 2.34-64 - x86: Use CHECK_FEATURE_PRESENT on PCONFIG (#2149615) * Thu Mar 30 2023 Arjun Shankar <arjun@redhat.com> - 2.34-63 - s390x: Influence hwcaps/stfle via glibc.cpu.hwcaps tunable (#2169978) * Wed Mar 29 2023 DJ Delorie <dj@redhat.com> - 2.34-62 - x86: Don't check PREFETCHWT1 in tst-cpu-features-cpuinfo.c (#2149615) * Mon Mar 06 2023 Carlos O'Donell <carlos@redhat.com> - 2.34-61 - Fix nested atexit calls from atexit handlers (#2172953) * Wed Feb 08 2023 Florian Weimer <fweimer@redhat.com> - 2.34-60 - Upstream test for ldconfig -p (#2167811) * Wed Feb 08 2023 Florian Weimer <fweimer@redhat.com> - 2.34-59 - Fix ldconfig -p on i686 (#2167811) * Wed Jan 25 2023 Florian Weimer <fweimer@redhat.com> - 2.34-58 - Enhance internal tunables ABI stability (awk iteration order) (#2162962) * Tue Jan 17 2023 Florian Weimer <fweimer@redhat.com> - 2.34-57 - Sync with upstream branch release/2.34/master, commit 6484ae5b8c4d4314f748e4d3c9a9baa5385e57c5 - malloc: Fix -Wuse-after-free warning in tst-mallocalign1 [BZ #26779] - s_sincosf.h: Change pio4 type to float [BZ #28713] - math: Properly cast X_TLOSS to float [BZ #28713] - Regenerate ulps on x86_64 with GCC 12 - Avoid -Wuse-after-free in tests [BZ #26779]. - Fix build of nptl/tst-thread_local1.cc with GCC 12 - Fix stdio-common tests for GCC 12 -Waddress - Fix stdlib/tst-setcontext.c for GCC 12 -Warray-compare - resolv: Avoid GCC 12 false positive warning [BZ #28439]. - intl: Avoid -Wuse-after-free [BZ #26779] - elf: Drop elf/tls-macros.h in favor of __thread and tls_model attributes [BZ #28152] [BZ #28205] - time: Set daylight to 1 for matching DST/offset change (RHBZ#2155352) - elf/tst-tlsopt-powerpc fails when compiled with -mcpu=power10 (BZ# 29776) - time: Use 64 bit time on tzfile - nscd: Use 64 bit time_t on libc nscd routines (BZ# 29402) - nis: Build libnsl with 64 bit time_t - Use LFS and 64 bit time for installed programs (BZ #15333) * Mon Dec 12 2022 Tulio Magno Quites Machado Filho <tuliom@redhat.com> - 2.34-56 - Earlier removal of alternative multilibs (#2149994) * Mon Dec 12 2022 Tulio Magno Quites Machado Filho <tuliom@redhat.com> - 2.34-55 - Earlier removal of alternative multilibs (#2149994) * Mon Dec 12 2022 Florian Weimer <fweimer@redhat.com> - 2.34-54 - Install kernel header files into the sysroot subpackage (#2149644) * Wed Dec 07 2022 Arjun Shankar <arjun@redhat.com> - 2.34-53 - Sync with upstream branch release/2.34/master, commit a4217408a3d6050a7f42ac23adb6ac7218dca85f: - Apply asm redirections in syslog.h before first use [BZ #27087] - _Static_assert needs two arguments for compatibility with GCC before 9 * Wed Nov 30 2022 Florian Weimer <fweimer@redhat.com> - 2.34-52 - Add noarch sysroot subpackages (#2149644) * Tue Nov 29 2022 Florian Weimer <fweimer@redhat.com> - 2.34-51 - Prepare for integration of GCC 8 compatible _Static_assert (#2149102) * Fri Nov 25 2022 Arjun Shankar <arjun@redhat.com> - 2.34-50 - Sync with upstream branch release/2.34/master, commit 405b8ae13540e9fd614df614e3361ebf9abd14cf: - elf: Fix wrong fscanf usage on tst-pldd - Allow for unpriviledged nested containers - elf: Fix wrong fscanf usage on tst-pldd - x86: Fix wcsnlen-avx2 page cross length comparison [BZ #29591] - elf: Fix rtld-audit trampoline for aarch64 * Mon Nov 14 2022 Arjun Shankar <arjun@redhat.com> - 2.34-49 - Sync with upstream branch release/2.34/master, commit: 75b0edb7ef338084e53925139ae81fb0dfc07dd4: - Update NEWS file in the right place - Linux: Support __IPC_64 in sysvctl *ctl command arguments (bug 29771) - io: Fix use-after-free in ftw [BZ #26779] - io: Fix ftw internal realloc buffer (BZ #28126) - regex: fix buffer read overrun in search [BZ#28470] - regex: copy back from Gnulib - Allow #pragma GCC in headers in conformtest - Fix memmove call in vfprintf-internal.c:group_number - mktime: improve heuristic for ca-1986 Indiana DST - Makerules: fix MAKEFLAGS assignment for upcoming make-4.4 [BZ# 29564] - linux: Fix generic struct_stat for 64 bit time (BZ# 29657) - elf: Do not completely clear reused namespace in dlmopen (bug 29600) - nss: Use shared prefix in IPv4 address in tst-reload1 - nss: Fix tst-nss-files-hosts-long on single-stack hosts (bug 24816) - nss: Implement --no-addrconfig option for getent * Thu Oct 13 2022 Arjun Shankar <arjun@redhat.com> - 2.34-48 - Handle non-hostname CNAME aliases during name resolution (#2129005) - Sync with upstream branch release/2.34/master, commit e3976287b22422787f3cc6fc9adda58304b55bd9: - nscd: Drop local address tuple variable [BZ #29607] - x86-64: Require BMI1/BMI2 for AVX2 strrchr and wcsrchr implementations - x86-64: Require BMI2 and LZCNT for AVX2 memrchr implementation - x86-64: Require BMI2 for AVX2 (raw|w)memchr implementations - x86-64: Require BMI2 for AVX2 wcs(n)cmp implementations - x86-64: Require BMI2 for AVX2 strncmp implementation - x86-64: Require BMI2 for AVX2 strcmp implementation - x86-64: Require BMI2 for AVX2 str(n)casecmp implementations - x86: include BMI1 and BMI2 in x86-64-v3 level - nptl: Add backoff mechanism to spinlock loop - sysdeps: Add 'get_fast_jitter' interace in fast-jitter.h - nptl: Effectively skip CAS in spinlock loop - Move assignment out of the CAS condition - Add LLL_MUTEX_READ_LOCK [BZ #28537] - Avoid extra load with CAS in __pthread_mutex_clocklock_common [BZ #28537] - Avoid extra load with CAS in __pthread_mutex_lock_full [BZ #28537] - resolv: Fix building tst-resolv-invalid-cname for earlier C standards - nss_dns: Rewrite _nss_dns_gethostbyname4_r using current interfaces - resolv: Add new tst-resolv-invalid-cname - nss_dns: In gaih_getanswer_slice, skip strange aliases (bug 12154) (#2129005) - nss_dns: Rewrite getanswer_r to match getanswer_ptr (bug 12154, bug 29305) - nss_dns: Remove remnants of IPv6 address mapping - nss_dns: Rewrite _nss_dns_gethostbyaddr2_r and getanswer_ptr - nss_dns: Split getanswer_ptr from getanswer_r - resolv: Add DNS packet parsing helpers geared towards wire format - resolv: Add internal __ns_name_length_uncompressed function - resolv: Add the __ns_samebinaryname function - resolv: Add internal __res_binary_hnok function - resolv: Add tst-resolv-aliases - resolv: Add tst-resolv-byaddr for testing reverse lookup - gconv: Use 64-bit interfaces in gconv_parseconfdir (bug 29583) - elf: Fix hwcaps string size overestimation - nscd: Fix netlink cache invalidation if epoll is used [BZ #29415] - Apply asm redirections in wchar.h before first use - Apply asm redirections in stdio.h before first use [BZ #27087] - elf: Call __libc_early_init for reused namespaces (bug 29528) * Tue Oct 11 2022 Florian Weimer <fweimer@redhat.com> - 2.34-47 - Simplify the glibc system call profile (#2117712) * Tue Oct 11 2022 Florian Weimer <fweimer@redhat.com> - 2.34-46 - DSO dependency sort must put new map first even if in cycle (#2128615) * Tue Oct 11 2022 Florian Weimer <fweimer@redhat.com> - 2.34-45 - Run tst-audit-tlsdesc{,-dlopen} on all architectures (#2118666) * Thu Oct 06 2022 Arjun Shankar <arjun@redhat.com> - 2.34-44 - wrap-find-debuginfo.sh: Use nm --format=posix instead of --format=just-symbols * Mon Oct 03 2022 Arjun Shankar <arjun@redhat.com> - 2.34-43 - Remove .annobin* symbols from ld.so (#2126477) * Tue Sep 06 2022 Arjun Shankar <arjun@redhat.com> - 2.34-42 - Co-Authored-By: Benjamin Herrenschmidt <benh@amazon.com> - Retain .gnu_debuglink section in libc.so.6 (#2090744) - Remove redundant ld.so debuginfo file (#2090744) * Tue Aug 23 2022 Arjun Shankar <arjun@redhat.com> - 2.34-41 - Sync with upstream branch release/2.34/master, commit 68507377f249d165f1f35502d96e9365edb07d9a: - socket: Check lengths before advancing pointer in CMSG_NXTHDR - alpha: Fix generic brk system call emulation in __brk_call (bug 29490) - stdlib: Fixup mbstowcs NULL __dst handling. [BZ #29279] - stdlib: Remove attr_write from mbstows if dst is NULL [BZ: 29265] - Update syscall lists for Linux 5.19 - dlfcn: Pass caller pointer to static dlopen implementation (bug 29446) * Fri Jul 22 2022 Arjun Shankar <arjun@redhat.com> - 2.34-40 - Sync with upstream branch release/2.34/master, commit b2f32e746492615a6eb3e66fac1e766e32e8deb1: - malloc: Simplify implementation of __malloc_assert - Update syscall-names.list for Linux 5.18 - x86: Add missing IS_IN (libc) check to strncmp-sse4_2.S - x86: Move mem{p}{mov|cpy}_{chk_}erms to its own file - x86: Move and slightly improve memset_erms - x86: Add definition for __wmemset_chk AVX2 RTM in ifunc impl list - x86: Put wcs{n}len-sse4.1 in the sse4.1 text section - x86: Align entry for memrchr to 64-bytes. - x86: Add BMI1/BMI2 checks for ISA_V3 check - x86: Cleanup bounds checking in large memcpy case - x86: Add bounds `x86_non_temporal_threshold` - x86: Add sse42 implementation to strcmp's ifunc - x86: Fix misordered logic for setting `rep_movsb_stop_threshold` - x86: Align varshift table to 32-bytes - x86: ZERO_UPPER_VEC_REGISTERS_RETURN_XTEST expect no transactions - x86: Shrink code size of memchr-evex.S - x86: Shrink code size of memchr-avx2.S - x86: Optimize memrchr-avx2.S - x86: Optimize memrchr-evex.S - x86: Optimize memrchr-sse2.S - x86: Add COND_VZEROUPPER that can replace vzeroupper if no `ret` - x86: Create header for VEC classes in x86 strings library - x86_64: Add strstr function with 512-bit EVEX - x86-64: Ignore r_addend for R_X86_64_GLOB_DAT/R_X86_64_JUMP_SLOT - x86_64: Implement evex512 version of strlen, strnlen, wcslen and wcsnlen - x86_64: Remove bzero optimization - x86_64: Remove end of line trailing spaces - nptl: Fix ___pthread_unregister_cancel_restore asynchronous restore - linux: Fix mq_timereceive check for 32 bit fallback code (BZ 29304) * Fri Jun 24 2022 Florian Weimer <fweimer@redhat.com> - 2.34-39 - Add the no-aaaa DNS stub resolver option (#2096191) * Tue Jun 14 2022 Arjun Shankar <arjun@redhat.com> - 2.34-38 - Sync with upstream branch release/2.34/master, commit 94ab2088c37d8e4285354af120b7ed6b887b9e53: - nss: handle stat failure in check_reload_and_get (BZ #28752) - nss: add assert to DB_LOOKUP_FCT (BZ #28752) - nios2: Remove _dl_skip_args usage (BZ# 29187) - hppa: Remove _dl_skip_args usage (BZ# 29165) - nptl: Fix __libc_cleanup_pop_restore asynchronous restore (BZ#29214) * Wed Jun 08 2022 Florian Weimer <fweimer@redhat.com> - 2.34-37 - Enable rseq by default and add GLIBC_2.35 rseq symbols (#2085529) * Wed Jun 08 2022 Florian Weimer <fweimer@redhat.com> - 2.34-36 - Sync with upstream branch release/2.34/master, commit 4c92a1041257c0155c6aa7a182fe5f78e477b0e6: - powerpc: Fix VSX register number on __strncpy_power9 [BZ #29197] - socket: Fix mistyped define statement in socket/sys/socket.h (BZ #29225) - iconv: Use 64 bit stat for gconv_parseconfdir (BZ# 29213) - catgets: Use 64 bit stat for __open_catalog (BZ# 29211) - inet: Use 64 bit stat for ruserpass (BZ# 29210) - socket: Use 64 bit stat for isfdtype (BZ# 29209) - posix: Use 64 bit stat for fpathconf (_PC_ASYNC_IO) (BZ# 29208) - posix: Use 64 bit stat for posix_fallocate fallback (BZ# 29207) - misc: Use 64 bit stat for getusershell (BZ# 29204) - misc: Use 64 bit stat for daemon (BZ# 29203) * Tue May 31 2022 Arjun Shankar <arjun@redhat.com> - 2.34-35 - Sync with upstream branch release/2.34/master, commit ff450cdbdee0b8cb6b9d653d6d2fa892de29be31: - Fix deadlock when pthread_atfork handler calls pthread_atfork or dlclose - x86: Fallback {str|wcs}cmp RTM in the ncmp overflow case [BZ #29127] - string.h: fix __fortified_attr_access macro call [BZ #29162] - linux: Add a getauxval test [BZ #23293] - rtld: Use generic argv adjustment in ld.so [BZ #23293] - S390: Enable static PIE * Thu May 19 2022 Florian Weimer <fweimer@redhat.com> - 2.34-34 - Sync with upstream branch release/2.34/master, commit ede8d94d154157d269b18f3601440ac576c1f96a: - csu: Implement and use _dl_early_allocate during static startup - Linux: Introduce __brk_call for invoking the brk system call - Linux: Implement a useful version of _startup_fatal - ia64: Always define IA64_USE_NEW_STUB as a flag macro - Linux: Define MMAP_CALL_INTERNAL - i386: Honor I386_USE_SYSENTER for 6-argument Linux system calls - i386: Remove OPTIMIZE_FOR_GCC_5 from Linux libc-do-syscall.S - elf: Remove __libc_init_secure - Linux: Consolidate auxiliary vector parsing (redo) - Linux: Include <dl-auxv.h> in dl-sysdep.c only for SHARED - Revert "Linux: Consolidate auxiliary vector parsing" - Linux: Consolidate auxiliary vector parsing - Linux: Assume that NEED_DL_SYSINFO_DSO is always defined - Linux: Remove DL_FIND_ARG_COMPONENTS - Linux: Remove HAVE_AUX_SECURE, HAVE_AUX_XID, HAVE_AUX_PAGESIZE - elf: Merge dl-sysdep.c into the Linux version - elf: Remove unused NEED_DL_BASE_ADDR and _dl_base_addr - x86: Optimize {str|wcs}rchr-evex - x86: Optimize {str|wcs}rchr-avx2 - x86: Optimize {str|wcs}rchr-sse2 - x86: Cleanup page cross code in memcmp-avx2-movbe.S - x86: Remove memcmp-sse4.S - x86: Small improvements for wcslen - x86: Remove AVX str{n}casecmp - x86: Add EVEX optimized str{n}casecmp - x86: Add AVX2 optimized str{n}casecmp - x86: Optimize str{n}casecmp TOLOWER logic in strcmp-sse42.S - x86: Optimize str{n}casecmp TOLOWER logic in strcmp.S - x86: Remove strspn-sse2.S and use the generic implementation - x86: Remove strpbrk-sse2.S and use the generic implementation - x86: Remove strcspn-sse2.S and use the generic implementation - x86: Optimize strspn in strspn-c.c - x86: Optimize strcspn and strpbrk in strcspn-c.c - x86: Code cleanup in strchr-evex and comment justifying branch - x86: Code cleanup in strchr-avx2 and comment justifying branch - x86_64: Remove bcopy optimizations - x86-64: Remove bzero weak alias in SS2 memset - x86_64/multiarch: Sort sysdep_routines and put one entry per line - x86: Improve L to support L(XXX_SYMBOL (YYY, ZZZ)) - fortify: Ensure that __glibc_fortify condition is a constant [BZ #29141] * Thu May 12 2022 Florian Weimer <fweimer@redhat.com> - 2.34-33 - Sync with upstream branch release/2.34/master, commit 91c2e6c3db44297bf4cb3a2e3c40236c5b6a0b23: - dlfcn: Implement the RTLD_DI_PHDR request type for dlinfo - manual: Document the dlinfo function - x86: Fix fallback for wcsncmp_avx2 in strcmp-avx2.S [BZ #28896] - x86: Fix bug in strncmp-evex and strncmp-avx2 [BZ #28895] - x86: Set .text section in memset-vec-unaligned-erms - x86-64: Optimize bzero - x86: Remove SSSE3 instruction for broadcast in memset.S (SSE2 Only) - x86: Improve vec generation in memset-vec-unaligned-erms.S - x86-64: Fix strcmp-evex.S - x86-64: Fix strcmp-avx2.S - x86: Optimize strcmp-evex.S - x86: Optimize strcmp-avx2.S - manual: Clarify that abbreviations of long options are allowed - Add HWCAP2_AFP, HWCAP2_RPRES from Linux 5.17 to AArch64 bits/hwcap.h - aarch64: Add HWCAP2_ECV from Linux 5.16 - Add SOL_MPTCP, SOL_MCTP from Linux 5.16 to bits/socket.h - Update kernel version to 5.17 in tst-mman-consts.py - Update kernel version to 5.16 in tst-mman-consts.py - Update syscall lists for Linux 5.17 - Add ARPHRD_CAN, ARPHRD_MCTP to net/if_arp.h - Update kernel version to 5.15 in tst-mman-consts.py - Add PF_MCTP, AF_MCTP from Linux 5.15 to bits/socket.h * Thu Apr 28 2022 Carlos O'Donell <carlos@redhat.com> - 2.34-32 - Sync with upstream branch release/2.34/master, commit c66c92181ddbd82306537a608e8c0282587131de: - posix/glob.c: update from gnulib (BZ#25659) - linux: Fix fchmodat with AT_SYMLINK_NOFOLLOW for 64 bit time_t (BZ#29097) * Wed Apr 27 2022 Carlos O'Donell <carlos@redhat.com> - 2.34-31 - Sync with upstream branch release/2.34/master, commit 55640ed3fde48360a8e8083be4843bd2dc7cecfe: - i386: Regenerate ulps - linux: Fix missing internal 64 bit time_t stat usage - x86: Optimize L(less_vec) case in memcmp-evex-movbe.S - x86: Don't set Prefer_No_AVX512 for processors with AVX512 and AVX-VNNI - x86-64: Use notl in EVEX strcmp [BZ #28646] - x86: Shrink memcmp-sse4.S code size - x86: Double size of ERMS rep_movsb_threshold in dl-cacheinfo.h - x86: Optimize memmove-vec-unaligned-erms.S - x86-64: Replace movzx with movzbl - x86-64: Remove Prefer_AVX2_STRCMP - x86-64: Improve EVEX strcmp with masked load - x86: Replace sse2 instructions with avx in memcmp-evex-movbe.S - x86: Optimize memset-vec-unaligned-erms.S - x86: Optimize memcmp-evex-movbe.S for frontend behavior and size - x86: Modify ENTRY in sysdep.h so that p2align can be specified - x86-64: Optimize load of all bits set into ZMM register [BZ #28252] - scripts/glibcelf.py: Mark as UNSUPPORTED on Python 3.5 and earlier - dlfcn: Do not use rtld_active () to determine ld.so state (bug 29078) - INSTALL: Rephrase -with-default-link documentation - misc: Fix rare fortify crash on wchar funcs. [BZ 29030] - Default to --with-default-link=no (bug 25812) - scripts: Add glibcelf.py module * Thu Apr 21 2022 Carlos O'Donell <carlos@redhat.com> - 2.34-30 - Sync with upstream branch release/2.34/master, commit 71326f1f2fd09dafb9c34404765fb88129e94237: - nptl: Fix pthread_cancel cancelhandling atomic operations - mips: Fix mips64n32 64 bit time_t stat support (BZ#29069) - hurd: Fix arbitrary error code - nptl: Handle spurious EINTR when thread cancellation is disabled (BZ#29029) - S390: Add new s390 platform z16. - NEWS: Update fixed bug list for LD_AUDIT backports. - hppa: Fix bind-now audit (BZ #28857) - elf: Replace tst-audit24bmod2.so with tst-audit24bmod2 - Fix elf/tst-audit25a with default bind now toolchains - elf: Fix runtime linker auditing on aarch64 (BZ #26643) - elf: Issue la_symbind for bind-now (BZ #23734) - elf: Fix initial-exec TLS access on audit modules (BZ #28096) - elf: Add la_activity during application exit - elf: Do not fail for failed dlmopen on audit modules (BZ #28061) - elf: Issue audit la_objopen for vDSO - elf: Add audit tests for modules with TLSDESC - elf: Avoid unnecessary slowdown from profiling with audit (BZ#15533) - elf: Add _dl_audit_pltexit - elf: Add _dl_audit_pltenter - elf: Add _dl_audit_preinit - elf: Add _dl_audit_symbind_alt and _dl_audit_symbind - elf: Add _dl_audit_objclose - elf: Add _dl_audit_objsearch - elf: Add _dl_audit_activity_map and _dl_audit_activity_nsid - elf: Add _dl_audit_objopen - elf: Move la_activity (LA_ACT_ADD) after _dl_add_to_namespace_list() (BZ #28062) - elf: Move LAV_CURRENT to link_lavcurrent.h - elf: Fix elf_get_dynamic_info() for bootstrap - elf: Fix dynamic-link.h usage on rtld.c - elf: Fix elf_get_dynamic_info definition - elf: Avoid nested functions in the loader [BZ #27220] - powerpc: Delete unneeded ELF_MACHINE_BEFORE_RTLD_RELOC - hppa: Use END instead of PSEUDO_END in swapcontext.S - hppa: Implement swapcontext in assembler (bug 28960) * Tue Mar 15 2022 Florian Weimer <fweimer@redhat.com> - 2.34-29 - Sync with upstream branch release/2.34/master, commit 224d8c1890b6c57c7e4e8ddbb792dd9552086704: - debug: Synchronize feature guards in fortified functions [BZ #28746] - debug: Autogenerate _FORTIFY_SOURCE tests - Enable _FORTIFY_SOURCE=3 for gcc 12 and above - fortify: Fix spurious warning with realpath - __glibc_unsafe_len: Fix comment - debug: Add tests for _FORTIFY_SOURCE=3 - Make sure that the fortified function conditionals are constant - Don't add access size hints to fortifiable functions - nss: Protect against errno changes in function lookup (bug 28953) - nss: Do not mention NSS test modules in <gnu/lib-names.h> - io: Add fsync call in tst-stat - hppa: Fix warnings from _dl_lookup_address - nptl: Fix cleanups for stack grows up [BZ# 28899] - hppa: Revise gettext trampoline design - hppa: Fix swapcontext - Fix elf/tst-audit2 on hppa - localedef: Handle symbolic links when generating locale-archive - NEWS: Add a bug fix entry for BZ #28896 - x86: Fix TEST_NAME to make it a string in tst-strncmp-rtm.c - x86: Test wcscmp RTM in the wcsncmp overflow case [BZ #28896] - x86: Fallback {str|wcs}cmp RTM in the ncmp overflow case [BZ #28896] - string: Add a testcase for wcsncmp with SIZE_MAX [BZ #28755] - linux: fix accuracy of get_nprocs and get_nprocs_conf [BZ #28865] - Add reference to BZ#28860 on NEWS - linux: Fix missing __convert_scm_timestamps (BZ #28860) * Tue Mar 08 2022 Arjun Shankar <arjun@redhat.com> - 2.34-28 - Reduce installed size of some langpacks by de-duplicating LC_CTYPE (#2054789) - Fix localedef so it can handle symbolic links when generating locale-archive. - Drop glibc-fedora-localedef.patch and adjust locale installation accordingly so that installed content remains unchanged. * Mon Feb 28 2022 Florian Weimer <fweimer@redhat.com> - 2.34-27 - Fix regression (ldd crash) during dependency sorting in ld.so (#2058230) * Mon Feb 28 2022 Florian Weimer <fweimer@redhat.com> - 2.34-26 - Fix localedef compilation of C.UTF-8 (empty LC_MONETARY keywords) (#2058224) * Thu Feb 03 2022 Florian Weimer <fweimer@redhat.com> - 2.34-25 - Sync with upstream branch release/2.34/master, commit 6eaf10cbb78d22eae7999d9de55f6b93999e0860: - socket: Do not use AF_NETLINK in __opensock - hurd if_index: Explicitly use AF_INET for if index discovery - Linux: Simplify __opensock and fix race condition [BZ #28353] - linux: __get_nprocs_sched: do not feed CPU_COUNT_S with garbage [BZ #28850] * Tue Feb 01 2022 Florian Weimer <fweimer@redhat.com> - 2.34-24 - Sync with upstream branch release/2.34/master, commit 008003dc6e83439c5e04a744b7fd8197df19096e: - tst-socket-timestamp-compat.c: Check __TIMESIZE [BZ #28837] - Linux: Only generate 64 bit timestamps for 64 bit time_t recvmsg/recvmmsg - linux: Fix ancillary 64-bit time timestamp conversion (BZ #28349, BZ#28350) - support: Add support_socket_so_timestamp_time64 * Tue Feb 01 2022 Florian Weimer <fweimer@redhat.com> - 2.34-23 - Align with glibc 2.35 version of C.UTF-8 * Tue Feb 01 2022 Florian Weimer <fweimer@redhat.com> - 2.34-22 - Sync with upstream branch release/2.34/master, commit aa601d024424c40ae9a69b0c4e394a70ea0570c8: - x86: Use CHECK_FEATURE_PRESENT to check HLE [BZ #27398] - x86: Filter out more Intel CPUs for TSX [BZ #27398] - Fix glibc 2.34 ABI omission (missing GLIBC_2.34 in dynamic loader) - x86: Fix __wcsncmp_evex in strcmp-evex.S [BZ# 28755] - x86: Fix __wcsncmp_avx2 in strcmp-avx2.S [BZ# 28755] * Mon Jan 24 2022 Florian Weimer <fweimer@redhat.com> - 2.34-21 - Sync with upstream branch release/2.34/master, commit 3438bbca90895d32825a52e31a77dc44d273c1c1: - Linux: Detect user namespace support in io/tst-getcwd-smallbuff - realpath: Avoid overwriting preexisting error - CVE-2021-3999: getcwd: Set errno to ERANGE for size == 1 - tst-realpath-toolong: Fix hurd build - CVE-2021-3998: realpath: ENAMETOOLONG for result larger than PATH_MAX - stdlib: Fix formatting of tests list in Makefile - stdlib: Sort tests in Makefile - support: Add helpers to create paths longer than PATH_MAX - powerpc: Fix unrecognized instruction errors with recent binutils - x86: use default cache size if it cannot be determined [BZ #28784] - CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bug 28768) - sunrpc: Test case for clnt_create "unix" buffer overflow (bug 22542) - CVE-2022-23219: Buffer overflow in sunrpc clnt_create for "unix" (bug 22542) - socket: Add the __sockaddr_un_set function - Disable debuginfod in printer tests [BZ #28757] - Update syscall lists for Linux 5.16 glibc| * Wed Jan 24 2024 Patsy Griffin <patsy@redhat.com> - 2.34-100 - manual: fix order of arguments of memalign and aligned_alloc (RHEL-21556) * Tue Jan 09 2024 Arjun Shankar <arjun@redhat.com> - 2.34-99 - getaddrinfo: Return correct error EAI_MEMORY when out-of-memory (RHEL-19444) * Mon Jan 08 2024 Arjun Shankar <arjun@redhat.com> - 2.34-98 - getaddrinfo: Fix occasionally empty result due to nscd cache order (RHEL-16643) * Tue Jan 02 2024 Florian Weimer <fweimer@redhat.com> - 2.34-97 - Re-enable output buffering for wide stdio streams (RHEL-19862) * Thu Dec 21 2023 Carlos O'Donell <carlos@redhat.com> - 2.34-96 - Fix TLS corruption during dlopen()/dlclose() sequences (RHEL-17465) * Fri Dec 08 2023 Florian Weimer <fweimer@redhat.com> - 2.34-95 - Improve compatibility between underlinking and IFUNC resolvers (RHEL-17319) * Thu Dec 07 2023 Patsy Griffin <patsy@redhat.com> - 2.34-94 - Update syscall-names.list for Linux 6.6. (RHEL-16016) * Wed Dec 06 2023 Patsy Griffin <patsy@redhat.com> - 2.34-93 - malloc: Use __get_nprocs on arena_get2. (RHEL-17157) * Fri Dec 01 2023 Patsy Griffin <patsy@redhat.com> - 2.34-92 - Improve test coverage for wcsdup, strdup and strndup. (RHEL-15343) * Fri Nov 24 2023 Florian Weimer <fweimer@redhat.com> - 2.34-91 - fstat performance enhancement (RHEL-2338) * Tue Nov 21 2023 Florian Weimer <fweimer@redhat.com> - 2.34-90 - ldconfig should skip temporary files created by RPM (RHEL-14383) * Mon Nov 20 2023 Florian Weimer <fweimer@redhat.com> - 2.34-89 - Fix force-first handling in dlclose (RHEL-2491) * Wed Nov 15 2023 Arjun Shankar <arjun@redhat.com> - 2.34-88 - nscd: Refer to /run instead of /var/run in systemd socket file (RHEL-16275) * Fri Nov 10 2023 Florian Weimer <fweimer@redhat.com> - 2.34-87 - Fix slow tls access after dlopen (RHEL-2123) * Tue Oct 24 2023 Arjun Shankar <arjun@redhat.com> - 2.34-86 - Add /usr/share/doc/glibc/gai.conf to glibc-doc (RHEL-14545) * Fri Oct 20 2023 Florian Weimer <fweimer@redhat.com> - 2.34-85 - nscd: Skip unusable entries in first pass in prune_cache (RHEL-3397) * Mon Oct 09 2023 Florian Weimer <fweimer@redhat.com> - 2.34-84 - x86-64: Report non-zero cache sizes under TDX hypervisors (RHEL-1191) * Mon Sep 25 2023 Florian Weimer <fweimer@redhat.com> - 2.34-83.7 - Fix memory leak regression in getaddrinfo (RHEL-2426) * Tue Sep 19 2023 Carlos O'Donell <carlos@redhat.com> - 2.34-83.6 - CVE-2023-4911 glibc: buffer overflow in ld.so leading to privilege escalation (RHEL-3000) * Tue Sep 19 2023 Florian Weimer <fweimer@redhat.com> - 2.34-83.5 - Revert: Always call destructors in reverse constructor order (RHEL-2491) * Mon Sep 18 2023 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.34-83.4 - CVE-2023-4806 glibc: potential use-after-free in getaddrinfo (RHEL-2426) * Fri Sep 15 2023 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.34-83.3 - CVE-2023-4813: potential use-after-free in gaih_inet (RHEL-2438) * Fri Sep 15 2023 Carlos O'Donell <carlos@redhat.com> - 2.34-83.2 - CVE-2023-4527: Stack read overflow in getaddrinfo in no-aaaa mode (#2234716) * Thu Sep 14 2023 Carlos O'Donell <carlos@redhat.com> - 2.34-83.1 - Always call destructors in reverse constructor order (RHEL-2491) * Wed Sep 13 2023 DJ Delorie <dj@redhat.com> - 2.34-83 - Add support for ppc64le hwcaps tunables (RHEL-1017) * Tue Aug 15 2023 Carlos O'Donell <carlos@redhat.com> - 2.34-82 - Fix string and memory function tuning on small systems (#2213907) * Mon Aug 14 2023 Florian Weimer <fweimer@redhat.com> - 2.34-81 - Fix additional GCC 13 build issue (#2222188) * Fri Aug 11 2023 Florian Weimer <fweimer@redhat.com> - 2.34-80 - Fix AMD cache size computation for hypervisors, old CPUs (#2166710) * Tue Aug 08 2023 DJ Delorie <dj@redhat.com> - 2.34-79 - Fix temporal threshold calculations (#2213907) * Fri Aug 04 2023 Florian Weimer <fweimer@redhat.com> - 2.34-78 - Ignore symbolic link change on /etc/nsswitch.conf (#2229156) * Fri Jul 28 2023 Florian Weimer <fweimer@redhat.com> - 2.34-77 - Fix regression with IPv4 mapped addresses in /etc/hosts (#2224504) * Tue Jul 25 2023 Florian Weimer <fweimer@redhat.com> - 2.34-76 - Fix accidentally disabled rseq test (#2224289) * Fri Jul 21 2023 Florian Weimer <fweimer@redhat.com> - 2.34-75 - Make libSegFault.so NODELETE (#2224349) * Fri Jul 21 2023 Florian Weimer <fweimer@redhat.com> - 2.34-74 - rseq_area should always be 32 bytes large (#2224289) * Thu Jul 20 2023 Florian Weimer <fweimer@redhat.com> - 2.34-73 - GCC Toolset 13 C++ compatibility for <math.h> iseqsig (#2222188) * Fri Jul 07 2023 Carlos O'Donell <carlos@redhat.com> - 2.34-72 - Update ESTALE error message translations (RHEL-729) * Fri Jul 07 2023 Carlos O'Donell <carlos@redhat.com> - 2.34-71 - Avoid lazy binding failures during dlclose (#2189923) * Mon Jun 26 2023 Arjun Shankar <arjun@redhat.com> - 2.34-70 - resolv_conf: release lock on allocation failure (#2213908) * Mon Jun 26 2023 Arjun Shankar <arjun@redhat.com> - 2.34-69 - strerror must not return NULL (#2215368) * Mon May 08 2023 DJ Delorie <dj@redhat.com> - 2.34-68 - Switch to sysusers_ctl instead of useradd (#2095417) * Fri Apr 28 2023 Florian Weimer <fweimer@redhat.com> - 2.34-67 - Sync with upstream branch release/2.34/master, commit 0ea8174d62263c2679c95c0d215d2627e560f7aa: - gmon: fix memory corruption issues [BZ# 30101] - gmon: improve mcount overflow handling [BZ# 27576] - gmon: Fix allocated buffer overflow (bug 29444) - posix: Fix system blocks SIGCHLD erroneously [BZ #30163] - x86_64: Fix asm constraints in feraiseexcept (bug 30305) - gshadow: Matching sgetsgent, sgetsgent_r ERANGE handling (bug 30151) - x86: Check minimum/maximum of non_temporal_threshold [BZ #29953] * Thu Apr 20 2023 Patsy Griffin <patsy@redhat.com> - 2.34-66 - x86: Cache computation for AMD architecture. (#2166710) * Fri Apr 14 2023 Florian Weimer <fweimer@redhat.com> - 2.34-65 - Do not add = to linker scripts in sysroot (#2153855) * Thu Apr 06 2023 DJ Delorie <dj@redhat.com> - 2.34-64 - x86: Use CHECK_FEATURE_PRESENT on PCONFIG (#2149615) * Thu Mar 30 2023 Arjun Shankar <arjun@redhat.com> - 2.34-63 - s390x: Influence hwcaps/stfle via glibc.cpu.hwcaps tunable (#2169978) * Wed Mar 29 2023 DJ Delorie <dj@redhat.com> - 2.34-62 - x86: Don't check PREFETCHWT1 in tst-cpu-features-cpuinfo.c (#2149615) * Mon Mar 06 2023 Carlos O'Donell <carlos@redhat.com> - 2.34-61 - Fix nested atexit calls from atexit handlers (#2172953) * Wed Feb 08 2023 Florian Weimer <fweimer@redhat.com> - 2.34-60 - Upstream test for ldconfig -p (#2167811) * Wed Feb 08 2023 Florian Weimer <fweimer@redhat.com> - 2.34-59 - Fix ldconfig -p on i686 (#2167811) * Wed Jan 25 2023 Florian Weimer <fweimer@redhat.com> - 2.34-58 - Enhance internal tunables ABI stability (awk iteration order) (#2162962) * Tue Jan 17 2023 Florian Weimer <fweimer@redhat.com> - 2.34-57 - Sync with upstream branch release/2.34/master, commit 6484ae5b8c4d4314f748e4d3c9a9baa5385e57c5 - malloc: Fix -Wuse-after-free warning in tst-mallocalign1 [BZ #26779] - s_sincosf.h: Change pio4 type to float [BZ #28713] - math: Properly cast X_TLOSS to float [BZ #28713] - Regenerate ulps on x86_64 with GCC 12 - Avoid -Wuse-after-free in tests [BZ #26779]. - Fix build of nptl/tst-thread_local1.cc with GCC 12 - Fix stdio-common tests for GCC 12 -Waddress - Fix stdlib/tst-setcontext.c for GCC 12 -Warray-compare - resolv: Avoid GCC 12 false positive warning [BZ #28439]. - intl: Avoid -Wuse-after-free [BZ #26779] - elf: Drop elf/tls-macros.h in favor of __thread and tls_model attributes [BZ #28152] [BZ #28205] - time: Set daylight to 1 for matching DST/offset change (RHBZ#2155352) - elf/tst-tlsopt-powerpc fails when compiled with -mcpu=power10 (BZ# 29776) - time: Use 64 bit time on tzfile - nscd: Use 64 bit time_t on libc nscd routines (BZ# 29402) - nis: Build libnsl with 64 bit time_t - Use LFS and 64 bit time for installed programs (BZ #15333) * Mon Dec 12 2022 Tulio Magno Quites Machado Filho <tuliom@redhat.com> - 2.34-56 - Earlier removal of alternative multilibs (#2149994) * Mon Dec 12 2022 Tulio Magno Quites Machado Filho <tuliom@redhat.com> - 2.34-55 - Earlier removal of alternative multilibs (#2149994) * Mon Dec 12 2022 Florian Weimer <fweimer@redhat.com> - 2.34-54 - Install kernel header files into the sysroot subpackage (#2149644) * Wed Dec 07 2022 Arjun Shankar <arjun@redhat.com> - 2.34-53 - Sync with upstream branch release/2.34/master, commit a4217408a3d6050a7f42ac23adb6ac7218dca85f: - Apply asm redirections in syslog.h before first use [BZ #27087] - _Static_assert needs two arguments for compatibility with GCC before 9 * Wed Nov 30 2022 Florian Weimer <fweimer@redhat.com> - 2.34-52 - Add noarch sysroot subpackages (#2149644) * Tue Nov 29 2022 Florian Weimer <fweimer@redhat.com> - 2.34-51 - Prepare for integration of GCC 8 compatible _Static_assert (#2149102) * Fri Nov 25 2022 Arjun Shankar <arjun@redhat.com> - 2.34-50 - Sync with upstream branch release/2.34/master, commit 405b8ae13540e9fd614df614e3361ebf9abd14cf: - elf: Fix wrong fscanf usage on tst-pldd - Allow for unpriviledged nested containers - elf: Fix wrong fscanf usage on tst-pldd - x86: Fix wcsnlen-avx2 page cross length comparison [BZ #29591] - elf: Fix rtld-audit trampoline for aarch64 * Mon Nov 14 2022 Arjun Shankar <arjun@redhat.com> - 2.34-49 - Sync with upstream branch release/2.34/master, commit: 75b0edb7ef338084e53925139ae81fb0dfc07dd4: - Update NEWS file in the right place - Linux: Support __IPC_64 in sysvctl *ctl command arguments (bug 29771) - io: Fix use-after-free in ftw [BZ #26779] - io: Fix ftw internal realloc buffer (BZ #28126) - regex: fix buffer read overrun in search [BZ#28470] - regex: copy back from Gnulib - Allow #pragma GCC in headers in conformtest - Fix memmove call in vfprintf-internal.c:group_number - mktime: improve heuristic for ca-1986 Indiana DST - Makerules: fix MAKEFLAGS assignment for upcoming make-4.4 [BZ# 29564] - linux: Fix generic struct_stat for 64 bit time (BZ# 29657) - elf: Do not completely clear reused namespace in dlmopen (bug 29600) - nss: Use shared prefix in IPv4 address in tst-reload1 - nss: Fix tst-nss-files-hosts-long on single-stack hosts (bug 24816) - nss: Implement --no-addrconfig option for getent * Thu Oct 13 2022 Arjun Shankar <arjun@redhat.com> - 2.34-48 - Handle non-hostname CNAME aliases during name resolution (#2129005) - Sync with upstream branch release/2.34/master, commit e3976287b22422787f3cc6fc9adda58304b55bd9: - nscd: Drop local address tuple variable [BZ #29607] - x86-64: Require BMI1/BMI2 for AVX2 strrchr and wcsrchr implementations - x86-64: Require BMI2 and LZCNT for AVX2 memrchr implementation - x86-64: Require BMI2 for AVX2 (raw|w)memchr implementations - x86-64: Require BMI2 for AVX2 wcs(n)cmp implementations - x86-64: Require BMI2 for AVX2 strncmp implementation - x86-64: Require BMI2 for AVX2 strcmp implementation - x86-64: Require BMI2 for AVX2 str(n)casecmp implementations - x86: include BMI1 and BMI2 in x86-64-v3 level - nptl: Add backoff mechanism to spinlock loop - sysdeps: Add 'get_fast_jitter' interace in fast-jitter.h - nptl: Effectively skip CAS in spinlock loop - Move assignment out of the CAS condition - Add LLL_MUTEX_READ_LOCK [BZ #28537] - Avoid extra load with CAS in __pthread_mutex_clocklock_common [BZ #28537] - Avoid extra load with CAS in __pthread_mutex_lock_full [BZ #28537] - resolv: Fix building tst-resolv-invalid-cname for earlier C standards - nss_dns: Rewrite _nss_dns_gethostbyname4_r using current interfaces - resolv: Add new tst-resolv-invalid-cname - nss_dns: In gaih_getanswer_slice, skip strange aliases (bug 12154) (#2129005) - nss_dns: Rewrite getanswer_r to match getanswer_ptr (bug 12154, bug 29305) - nss_dns: Remove remnants of IPv6 address mapping - nss_dns: Rewrite _nss_dns_gethostbyaddr2_r and getanswer_ptr - nss_dns: Split getanswer_ptr from getanswer_r - resolv: Add DNS packet parsing helpers geared towards wire format - resolv: Add internal __ns_name_length_uncompressed function - resolv: Add the __ns_samebinaryname function - resolv: Add internal __res_binary_hnok function - resolv: Add tst-resolv-aliases - resolv: Add tst-resolv-byaddr for testing reverse lookup - gconv: Use 64-bit interfaces in gconv_parseconfdir (bug 29583) - elf: Fix hwcaps string size overestimation - nscd: Fix netlink cache invalidation if epoll is used [BZ #29415] - Apply asm redirections in wchar.h before first use - Apply asm redirections in stdio.h before first use [BZ #27087] - elf: Call __libc_early_init for reused namespaces (bug 29528) * Tue Oct 11 2022 Florian Weimer <fweimer@redhat.com> - 2.34-47 - Simplify the glibc system call profile (#2117712) * Tue Oct 11 2022 Florian Weimer <fweimer@redhat.com> - 2.34-46 - DSO dependency sort must put new map first even if in cycle (#2128615) * Tue Oct 11 2022 Florian Weimer <fweimer@redhat.com> - 2.34-45 - Run tst-audit-tlsdesc{,-dlopen} on all architectures (#2118666) * Thu Oct 06 2022 Arjun Shankar <arjun@redhat.com> - 2.34-44 - wrap-find-debuginfo.sh: Use nm --format=posix instead of --format=just-symbols * Mon Oct 03 2022 Arjun Shankar <arjun@redhat.com> - 2.34-43 - Remove .annobin* symbols from ld.so (#2126477) * Tue Sep 06 2022 Arjun Shankar <arjun@redhat.com> - 2.34-42 - Co-Authored-By: Benjamin Herrenschmidt <benh@amazon.com> - Retain .gnu_debuglink section in libc.so.6 (#2090744) - Remove redundant ld.so debuginfo file (#2090744) * Tue Aug 23 2022 Arjun Shankar <arjun@redhat.com> - 2.34-41 - Sync with upstream branch release/2.34/master, commit 68507377f249d165f1f35502d96e9365edb07d9a: - socket: Check lengths before advancing pointer in CMSG_NXTHDR - alpha: Fix generic brk system call emulation in __brk_call (bug 29490) - stdlib: Fixup mbstowcs NULL __dst handling. [BZ #29279] - stdlib: Remove attr_write from mbstows if dst is NULL [BZ: 29265] - Update syscall lists for Linux 5.19 - dlfcn: Pass caller pointer to static dlopen implementation (bug 29446) * Fri Jul 22 2022 Arjun Shankar <arjun@redhat.com> - 2.34-40 - Sync with upstream branch release/2.34/master, commit b2f32e746492615a6eb3e66fac1e766e32e8deb1: - malloc: Simplify implementation of __malloc_assert - Update syscall-names.list for Linux 5.18 - x86: Add missing IS_IN (libc) check to strncmp-sse4_2.S - x86: Move mem{p}{mov|cpy}_{chk_}erms to its own file - x86: Move and slightly improve memset_erms - x86: Add definition for __wmemset_chk AVX2 RTM in ifunc impl list - x86: Put wcs{n}len-sse4.1 in the sse4.1 text section - x86: Align entry for memrchr to 64-bytes. - x86: Add BMI1/BMI2 checks for ISA_V3 check - x86: Cleanup bounds checking in large memcpy case - x86: Add bounds `x86_non_temporal_threshold` - x86: Add sse42 implementation to strcmp's ifunc - x86: Fix misordered logic for setting `rep_movsb_stop_threshold` - x86: Align varshift table to 32-bytes - x86: ZERO_UPPER_VEC_REGISTERS_RETURN_XTEST expect no transactions - x86: Shrink code size of memchr-evex.S - x86: Shrink code size of memchr-avx2.S - x86: Optimize memrchr-avx2.S - x86: Optimize memrchr-evex.S - x86: Optimize memrchr-sse2.S - x86: Add COND_VZEROUPPER that can replace vzeroupper if no `ret` - x86: Create header for VEC classes in x86 strings library - x86_64: Add strstr function with 512-bit EVEX - x86-64: Ignore r_addend for R_X86_64_GLOB_DAT/R_X86_64_JUMP_SLOT - x86_64: Implement evex512 version of strlen, strnlen, wcslen and wcsnlen - x86_64: Remove bzero optimization - x86_64: Remove end of line trailing spaces - nptl: Fix ___pthread_unregister_cancel_restore asynchronous restore - linux: Fix mq_timereceive check for 32 bit fallback code (BZ 29304) * Fri Jun 24 2022 Florian Weimer <fweimer@redhat.com> - 2.34-39 - Add the no-aaaa DNS stub resolver option (#2096191) * Tue Jun 14 2022 Arjun Shankar <arjun@redhat.com> - 2.34-38 - Sync with upstream branch release/2.34/master, commit 94ab2088c37d8e4285354af120b7ed6b887b9e53: - nss: handle stat failure in check_reload_and_get (BZ #28752) - nss: add assert to DB_LOOKUP_FCT (BZ #28752) - nios2: Remove _dl_skip_args usage (BZ# 29187) - hppa: Remove _dl_skip_args usage (BZ# 29165) - nptl: Fix __libc_cleanup_pop_restore asynchronous restore (BZ#29214) * Wed Jun 08 2022 Florian Weimer <fweimer@redhat.com> - 2.34-37 - Enable rseq by default and add GLIBC_2.35 rseq symbols (#2085529) * Wed Jun 08 2022 Florian Weimer <fweimer@redhat.com> - 2.34-36 - Sync with upstream branch release/2.34/master, commit 4c92a1041257c0155c6aa7a182fe5f78e477b0e6: - powerpc: Fix VSX register number on __strncpy_power9 [BZ #29197] - socket: Fix mistyped define statement in socket/sys/socket.h (BZ #29225) - iconv: Use 64 bit stat for gconv_parseconfdir (BZ# 29213) - catgets: Use 64 bit stat for __open_catalog (BZ# 29211) - inet: Use 64 bit stat for ruserpass (BZ# 29210) - socket: Use 64 bit stat for isfdtype (BZ# 29209) - posix: Use 64 bit stat for fpathconf (_PC_ASYNC_IO) (BZ# 29208) - posix: Use 64 bit stat for posix_fallocate fallback (BZ# 29207) - misc: Use 64 bit stat for getusershell (BZ# 29204) - misc: Use 64 bit stat for daemon (BZ# 29203) * Tue May 31 2022 Arjun Shankar <arjun@redhat.com> - 2.34-35 - Sync with upstream branch release/2.34/master, commit ff450cdbdee0b8cb6b9d653d6d2fa892de29be31: - Fix deadlock when pthread_atfork handler calls pthread_atfork or dlclose - x86: Fallback {str|wcs}cmp RTM in the ncmp overflow case [BZ #29127] - string.h: fix __fortified_attr_access macro call [BZ #29162] - linux: Add a getauxval test [BZ #23293] - rtld: Use generic argv adjustment in ld.so [BZ #23293] - S390: Enable static PIE * Thu May 19 2022 Florian Weimer <fweimer@redhat.com> - 2.34-34 - Sync with upstream branch release/2.34/master, commit ede8d94d154157d269b18f3601440ac576c1f96a: - csu: Implement and use _dl_early_allocate during static startup - Linux: Introduce __brk_call for invoking the brk system call - Linux: Implement a useful version of _startup_fatal - ia64: Always define IA64_USE_NEW_STUB as a flag macro - Linux: Define MMAP_CALL_INTERNAL - i386: Honor I386_USE_SYSENTER for 6-argument Linux system calls - i386: Remove OPTIMIZE_FOR_GCC_5 from Linux libc-do-syscall.S - elf: Remove __libc_init_secure - Linux: Consolidate auxiliary vector parsing (redo) - Linux: Include <dl-auxv.h> in dl-sysdep.c only for SHARED - Revert "Linux: Consolidate auxiliary vector parsing" - Linux: Consolidate auxiliary vector parsing - Linux: Assume that NEED_DL_SYSINFO_DSO is always defined - Linux: Remove DL_FIND_ARG_COMPONENTS - Linux: Remove HAVE_AUX_SECURE, HAVE_AUX_XID, HAVE_AUX_PAGESIZE - elf: Merge dl-sysdep.c into the Linux version - elf: Remove unused NEED_DL_BASE_ADDR and _dl_base_addr - x86: Optimize {str|wcs}rchr-evex - x86: Optimize {str|wcs}rchr-avx2 - x86: Optimize {str|wcs}rchr-sse2 - x86: Cleanup page cross code in memcmp-avx2-movbe.S - x86: Remove memcmp-sse4.S - x86: Small improvements for wcslen - x86: Remove AVX str{n}casecmp - x86: Add EVEX optimized str{n}casecmp - x86: Add AVX2 optimized str{n}casecmp - x86: Optimize str{n}casecmp TOLOWER logic in strcmp-sse42.S - x86: Optimize str{n}casecmp TOLOWER logic in strcmp.S - x86: Remove strspn-sse2.S and use the generic implementation - x86: Remove strpbrk-sse2.S and use the generic implementation - x86: Remove strcspn-sse2.S and use the generic implementation - x86: Optimize strspn in strspn-c.c - x86: Optimize strcspn and strpbrk in strcspn-c.c - x86: Code cleanup in strchr-evex and comment justifying branch - x86: Code cleanup in strchr-avx2 and comment justifying branch - x86_64: Remove bcopy optimizations - x86-64: Remove bzero weak alias in SS2 memset - x86_64/multiarch: Sort sysdep_routines and put one entry per line - x86: Improve L to support L(XXX_SYMBOL (YYY, ZZZ)) - fortify: Ensure that __glibc_fortify condition is a constant [BZ #29141] * Thu May 12 2022 Florian Weimer <fweimer@redhat.com> - 2.34-33 - Sync with upstream branch release/2.34/master, commit 91c2e6c3db44297bf4cb3a2e3c40236c5b6a0b23: - dlfcn: Implement the RTLD_DI_PHDR request type for dlinfo - manual: Document the dlinfo function - x86: Fix fallback for wcsncmp_avx2 in strcmp-avx2.S [BZ #28896] - x86: Fix bug in strncmp-evex and strncmp-avx2 [BZ #28895] - x86: Set .text section in memset-vec-unaligned-erms - x86-64: Optimize bzero - x86: Remove SSSE3 instruction for broadcast in memset.S (SSE2 Only) - x86: Improve vec generation in memset-vec-unaligned-erms.S - x86-64: Fix strcmp-evex.S - x86-64: Fix strcmp-avx2.S - x86: Optimize strcmp-evex.S - x86: Optimize strcmp-avx2.S - manual: Clarify that abbreviations of long options are allowed - Add HWCAP2_AFP, HWCAP2_RPRES from Linux 5.17 to AArch64 bits/hwcap.h - aarch64: Add HWCAP2_ECV from Linux 5.16 - Add SOL_MPTCP, SOL_MCTP from Linux 5.16 to bits/socket.h - Update kernel version to 5.17 in tst-mman-consts.py - Update kernel version to 5.16 in tst-mman-consts.py - Update syscall lists for Linux 5.17 - Add ARPHRD_CAN, ARPHRD_MCTP to net/if_arp.h - Update kernel version to 5.15 in tst-mman-consts.py - Add PF_MCTP, AF_MCTP from Linux 5.15 to bits/socket.h * Thu Apr 28 2022 Carlos O'Donell <carlos@redhat.com> - 2.34-32 - Sync with upstream branch release/2.34/master, commit c66c92181ddbd82306537a608e8c0282587131de: - posix/glob.c: update from gnulib (BZ#25659) - linux: Fix fchmodat with AT_SYMLINK_NOFOLLOW for 64 bit time_t (BZ#29097) * Wed Apr 27 2022 Carlos O'Donell <carlos@redhat.com> - 2.34-31 - Sync with upstream branch release/2.34/master, commit 55640ed3fde48360a8e8083be4843bd2dc7cecfe: - i386: Regenerate ulps - linux: Fix missing internal 64 bit time_t stat usage - x86: Optimize L(less_vec) case in memcmp-evex-movbe.S - x86: Don't set Prefer_No_AVX512 for processors with AVX512 and AVX-VNNI - x86-64: Use notl in EVEX strcmp [BZ #28646] - x86: Shrink memcmp-sse4.S code size - x86: Double size of ERMS rep_movsb_threshold in dl-cacheinfo.h - x86: Optimize memmove-vec-unaligned-erms.S - x86-64: Replace movzx with movzbl - x86-64: Remove Prefer_AVX2_STRCMP - x86-64: Improve EVEX strcmp with masked load - x86: Replace sse2 instructions with avx in memcmp-evex-movbe.S - x86: Optimize memset-vec-unaligned-erms.S - x86: Optimize memcmp-evex-movbe.S for frontend behavior and size - x86: Modify ENTRY in sysdep.h so that p2align can be specified - x86-64: Optimize load of all bits set into ZMM register [BZ #28252] - scripts/glibcelf.py: Mark as UNSUPPORTED on Python 3.5 and earlier - dlfcn: Do not use rtld_active () to determine ld.so state (bug 29078) - INSTALL: Rephrase -with-default-link documentation - misc: Fix rare fortify crash on wchar funcs. [BZ 29030] - Default to --with-default-link=no (bug 25812) - scripts: Add glibcelf.py module * Thu Apr 21 2022 Carlos O'Donell <carlos@redhat.com> - 2.34-30 - Sync with upstream branch release/2.34/master, commit 71326f1f2fd09dafb9c34404765fb88129e94237: - nptl: Fix pthread_cancel cancelhandling atomic operations - mips: Fix mips64n32 64 bit time_t stat support (BZ#29069) - hurd: Fix arbitrary error code - nptl: Handle spurious EINTR when thread cancellation is disabled (BZ#29029) - S390: Add new s390 platform z16. - NEWS: Update fixed bug list for LD_AUDIT backports. - hppa: Fix bind-now audit (BZ #28857) - elf: Replace tst-audit24bmod2.so with tst-audit24bmod2 - Fix elf/tst-audit25a with default bind now toolchains - elf: Fix runtime linker auditing on aarch64 (BZ #26643) - elf: Issue la_symbind for bind-now (BZ #23734) - elf: Fix initial-exec TLS access on audit modules (BZ #28096) - elf: Add la_activity during application exit - elf: Do not fail for failed dlmopen on audit modules (BZ #28061) - elf: Issue audit la_objopen for vDSO - elf: Add audit tests for modules with TLSDESC - elf: Avoid unnecessary slowdown from profiling with audit (BZ#15533) - elf: Add _dl_audit_pltexit - elf: Add _dl_audit_pltenter - elf: Add _dl_audit_preinit - elf: Add _dl_audit_symbind_alt and _dl_audit_symbind - elf: Add _dl_audit_objclose - elf: Add _dl_audit_objsearch - elf: Add _dl_audit_activity_map and _dl_audit_activity_nsid - elf: Add _dl_audit_objopen - elf: Move la_activity (LA_ACT_ADD) after _dl_add_to_namespace_list() (BZ #28062) - elf: Move LAV_CURRENT to link_lavcurrent.h - elf: Fix elf_get_dynamic_info() for bootstrap - elf: Fix dynamic-link.h usage on rtld.c - elf: Fix elf_get_dynamic_info definition - elf: Avoid nested functions in the loader [BZ #27220] - powerpc: Delete unneeded ELF_MACHINE_BEFORE_RTLD_RELOC - hppa: Use END instead of PSEUDO_END in swapcontext.S - hppa: Implement swapcontext in assembler (bug 28960) * Tue Mar 15 2022 Florian Weimer <fweimer@redhat.com> - 2.34-29 - Sync with upstream branch release/2.34/master, commit 224d8c1890b6c57c7e4e8ddbb792dd9552086704: - debug: Synchronize feature guards in fortified functions [BZ #28746] - debug: Autogenerate _FORTIFY_SOURCE tests - Enable _FORTIFY_SOURCE=3 for gcc 12 and above - fortify: Fix spurious warning with realpath - __glibc_unsafe_len: Fix comment - debug: Add tests for _FORTIFY_SOURCE=3 - Make sure that the fortified function conditionals are constant - Don't add access size hints to fortifiable functions - nss: Protect against errno changes in function lookup (bug 28953) - nss: Do not mention NSS test modules in <gnu/lib-names.h> - io: Add fsync call in tst-stat - hppa: Fix warnings from _dl_lookup_address - nptl: Fix cleanups for stack grows up [BZ# 28899] - hppa: Revise gettext trampoline design - hppa: Fix swapcontext - Fix elf/tst-audit2 on hppa - localedef: Handle symbolic links when generating locale-archive - NEWS: Add a bug fix entry for BZ #28896 - x86: Fix TEST_NAME to make it a string in tst-strncmp-rtm.c - x86: Test wcscmp RTM in the wcsncmp overflow case [BZ #28896] - x86: Fallback {str|wcs}cmp RTM in the ncmp overflow case [BZ #28896] - string: Add a testcase for wcsncmp with SIZE_MAX [BZ #28755] - linux: fix accuracy of get_nprocs and get_nprocs_conf [BZ #28865] - Add reference to BZ#28860 on NEWS - linux: Fix missing __convert_scm_timestamps (BZ #28860) * Tue Mar 08 2022 Arjun Shankar <arjun@redhat.com> - 2.34-28 - Reduce installed size of some langpacks by de-duplicating LC_CTYPE (#2054789) - Fix localedef so it can handle symbolic links when generating locale-archive. - Drop glibc-fedora-localedef.patch and adjust locale installation accordingly so that installed content remains unchanged. * Mon Feb 28 2022 Florian Weimer <fweimer@redhat.com> - 2.34-27 - Fix regression (ldd crash) during dependency sorting in ld.so (#2058230) * Mon Feb 28 2022 Florian Weimer <fweimer@redhat.com> - 2.34-26 - Fix localedef compilation of C.UTF-8 (empty LC_MONETARY keywords) (#2058224) * Thu Feb 03 2022 Florian Weimer <fweimer@redhat.com> - 2.34-25 - Sync with upstream branch release/2.34/master, commit 6eaf10cbb78d22eae7999d9de55f6b93999e0860: - socket: Do not use AF_NETLINK in __opensock - hurd if_index: Explicitly use AF_INET for if index discovery - Linux: Simplify __opensock and fix race condition [BZ #28353] - linux: __get_nprocs_sched: do not feed CPU_COUNT_S with garbage [BZ #28850] * Tue Feb 01 2022 Florian Weimer <fweimer@redhat.com> - 2.34-24 - Sync with upstream branch release/2.34/master, commit 008003dc6e83439c5e04a744b7fd8197df19096e: - tst-socket-timestamp-compat.c: Check __TIMESIZE [BZ #28837] - Linux: Only generate 64 bit timestamps for 64 bit time_t recvmsg/recvmmsg - linux: Fix ancillary 64-bit time timestamp conversion (BZ #28349, BZ#28350) - support: Add support_socket_so_timestamp_time64 * Tue Feb 01 2022 Florian Weimer <fweimer@redhat.com> - 2.34-23 - Align with glibc 2.35 version of C.UTF-8 * Tue Feb 01 2022 Florian Weimer <fweimer@redhat.com> - 2.34-22 - Sync with upstream branch release/2.34/master, commit aa601d024424c40ae9a69b0c4e394a70ea0570c8: - x86: Use CHECK_FEATURE_PRESENT to check HLE [BZ #27398] - x86: Filter out more Intel CPUs for TSX [BZ #27398] - Fix glibc 2.34 ABI omission (missing GLIBC_2.34 in dynamic loader) - x86: Fix __wcsncmp_evex in strcmp-evex.S [BZ# 28755] - x86: Fix __wcsncmp_avx2 in strcmp-avx2.S [BZ# 28755] * Mon Jan 24 2022 Florian Weimer <fweimer@redhat.com> - 2.34-21 - Sync with upstream branch release/2.34/master, commit 3438bbca90895d32825a52e31a77dc44d273c1c1: - Linux: Detect user namespace support in io/tst-getcwd-smallbuff - realpath: Avoid overwriting preexisting error - CVE-2021-3999: getcwd: Set errno to ERANGE for size == 1 - tst-realpath-toolong: Fix hurd build - CVE-2021-3998: realpath: ENAMETOOLONG for result larger than PATH_MAX - stdlib: Fix formatting of tests list in Makefile - stdlib: Sort tests in Makefile - support: Add helpers to create paths longer than PATH_MAX - powerpc: Fix unrecognized instruction errors with recent binutils - x86: use default cache size if it cannot be determined [BZ #28784] - CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bug 28768) - sunrpc: Test case for clnt_create "unix" buffer overflow (bug 22542) - CVE-2022-23219: Buffer overflow in sunrpc clnt_create for "unix" (bug 22542) - socket: Add the __sockaddr_un_set function - Disable debuginfod in printer tests [BZ #28757] - Update syscall lists for Linux 5.16 zlib| * Thu May 04 2023 Lukas Javorsky <ljavorsk@redhat.com> - 1.2.11-40 - Fix the Crash in zlib deflateBound() function on s390x - Resolves: BZ#2193044 * Thu Feb 09 2023 Lukas Javorsky <ljavorsk@redhat.com> - 1.2.11-39 - Fix covscan issue CWE-681 * Tue Feb 07 2023 Lukas Javorsky <ljavorsk@redhat.com> - 1.2.11-38 - Resolve fuzzing issue for unknown memory access * Tue Feb 07 2023 Lukas Javorsky <ljavorsk@redhat.com> - 1.2.11-37 - Rebased Power 8 optimization patches - Fix for Unnecessary IFUNC resolver for crc32_z - Fix for python3.11 broken libxml2 and lxml on s390x * Mon Dec 19 2022 Ilya Leoshkevich <iii@linux.ibm.com> - 1.2.11-36 - Inflate small window optimization for IBM z15 rhbz#2154775 * Wed Oct 12 2022 Ilya Leoshkevich <iii@linux.ibm.com> - 1.2.11-35 - Fix for IBM strm.adler rhbz#2134074 * Wed Aug 10 2022 Matej Mužila <mmuzila@redhat.com> - 1.2.11-34 - Fix heap-based buffer over-read or buffer overflow in inflate in inflate.c - Resolves: CVE-2022-37434 * Mon Apr 25 2022 Matej Mužila <mmuzila@redhat.com> - 1.2.11-33 - Fix CVE-2018-25032 Resolves: CVE-2018-25032 * Tue Mar 01 2022 Ilya Leoshkevich <iii@linux.ibm.com> - 1.2.11-32 - Fix for IBM compressBound() rhbz#2056899 * Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1.2.11-31 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Tue Jul 20 2021 Ondrej Dubaj <odubaj@redhat.com> - 1.2.11-30 - Fix for IBM CRC32 optimalization rhbz#1959423 * Thu Jul 15 2021 Ondrej Dubaj <odubaj@redhat.com> - 1.2.11-29 - Missing RPM_OPT_FLAGS in CFLAGS (#1972057) * Thu Jun 03 2021 Patrik Novotný <panovotn@redhat.com> - 1.2.11-28 - IBM CRC32 optimalization rhbz#1959423 - Enabled Z hardware-accelerated deflate for compression levels 1 through 6 (#1972057) bzip2-libs| * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.0.8-8 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 1.0.8-7 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Fri Jan 29 2021 Jakub Martisko <jamartis@redhat.com> - 1.0.8-6 - Minor man pgae update (gzip/bzip2 differnces) resolves: #1897104 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.8-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Tue Jul 28 2020 Jakub Martisko <jamartis@redhat.com> - 1.0.8-4 - Use make macros * Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.8-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.8-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild xz-libs| * Tue May 31 2022 Matej Mužila <mmuzila@redhat.com> - 5.2.5-8 - Fix arbitrary file write vulnerability Resolves: CVE-2022-1271 * Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 5.2.5-7 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 5.2.5-6 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Thu Jan 28 2021 Fedora Release Engineering <releng@fedoraproject.org> - 5.2.5-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Mon Jan 04 2021 Ondrej Dubaj <odubaj@redhat.com> - 5.2.5-4 - Enabled CET for i686 (#1910368) * Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.2.5-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Mon Jun 08 2020 Richard W.M. Jones <rjones@redhat.com> - 5.2.5-2 - Fix location of German man pages (RHBZ#1844813). libgpg-error| * Mon Dec 06 2021 Jakub Jelen <jjelen@redhat.com> - 1.42-5 - Avoid using bad function inet_addr * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.42-4 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.42-3 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Mon Apr 12 2021 Jakub Jelen <jjelen@redhat.com> - 1.42-2 - Address coverity reported issues * Mon Mar 22 2021 Jakub Jelen <jjelen@redhat.com> - 1.42-1 - New upstream release (#1941582) * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.41-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Mon Jan 04 2021 Jakub Jelen <jjelen@redhat.com> - 1.41-1 - New upstream release (#1909749) * Tue Dec 01 2020 Jakub Jelen <jjelen@redhat.com> - 1.39-1 - New upstream release (#1800640) * Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.37-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Fri Feb 28 2020 Tomáš Mráz <tmraz@redhat.com> 1.37-1 - new upstream release 1.37 * Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.36-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild libxcrypt| * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 4.4.18-3 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 4.4.18-2 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Sat Feb 20 2021 Björn Esser <besser82@fedoraproject.org> - 4.4.18-1 - New upstream release - Add explicit BR: perl-core * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 4.4.17-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Sun Aug 23 2020 Björn Esser <besser82@fedoraproject.org> - 4.4.17-1 - New upstream release * Sat Aug 15 2020 Björn Esser <besser82@fedoraproject.org> - 4.4.16-7 - Add a patch to add support for LTO builds - Enable LTO - Add a patch to fix Wformat-overflow * Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.4.16-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Tue Jun 30 2020 Jeff Law <law@redhat.com> - 4.4.16-5 - Disable LTO * Fri Jun 19 2020 Björn Esser <besser82@fedoraproject.org> - 4.4.16-4 - Trim %changelog starting with v4.4.0 - Remove memcheck conditional * Sat Apr 25 2020 Björn Esser <besser82@fedoraproject.org> - 4.4.16-3 - Explicitly force linking with '-Wl,-z,defs' * Fri Apr 24 2020 Björn Esser <besser82@fedoraproject.org> - 4.4.16-2 - Move fipscheck hmac checksums to %{_libdir}/fipscheck * Sat Apr 04 2020 Björn Esser <besser82@fedoraproject.org> - 4.4.16-1 - New upstream release * Thu Apr 02 2020 Björn Esser <besser82@fedoraproject.org> - 4.4.15-2 - Move library from %_lib to %_libdir * Wed Feb 26 2020 Björn Esser <besser82@fedoraproject.org> - 4.4.15-1 - New upstream release * Mon Feb 17 2020 Björn Esser <besser82@fedoraproject.org> - 4.4.14-1 - New upstream release * Sun Feb 16 2020 Björn Esser <besser82@fedoraproject.org> - 4.4.13-1 - New upstream release * Tue Feb 11 2020 Björn Esser <besser82@fedoraproject.org> - 4.4.12-3 - Add an upstream patch to fix a typo in the documentation * Wed Feb 05 2020 Björn Esser <besser82@fedoraproject.org> - 4.4.12-2 - Add two upstream patches to resolve minor bugs * Thu Jan 30 2020 Björn Esser <besser82@fedoraproject.org> - 4.4.12-1 - New upstream release * Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.4.11-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Sat Jan 18 2020 Björn Esser <besser82@fedoraproject.org> - 4.4.11-1 - New upstream release * Sun Dec 15 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.10-2 - Add two upstream patches to fix build with upcoming GCC-10 * Wed Sep 18 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.10-1 - New upstream release * Sat Sep 07 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.9-1 - New upstream release (#1750010) * Sun Sep 01 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.8-1 - New upstream release * Sat Aug 24 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.7-1 - New upstream release libuuid| * Thu Feb 08 2024 Karel Zak <kzak@redhat.com> 2.37.4-18 - lscpu: another tests update (RHEL-12783) * Thu Feb 08 2024 Karel Zak <kzak@redhat.com> 2.37.4-17 - lscpu: update tests, follow max freq for scaling (RHEL-12783) * Wed Feb 07 2024 Karel Zak <kzak@redhat.com> 2.37.4-16 - fix RHEL-16048 - uninitialized memory in SCM_CREDENTIALS in logger(1) - fix RHEL-21257 - logger sending process start time not current time with log messages - fix RHEL-16071 - issues in libblkid - fix RHEL-12783 - lscpu -e doesn't show the current real frequency value - fix RHEL-14612 - Userspace mount options are not preserved for NFS * Thu Aug 24 2023 Karel Zak <kzak@redhat.com> 2.37.4-15 - fix typo in patch for #2133396 * Wed Aug 23 2023 Karel Zak <kzak@redhat.com> 2.37.4-14 - improve fix #2133396 - Internal testsuite for cramfs fails on s390x * Thu Aug 10 2023 Karel Zak <kzak@redhat.com> 2.37.4-13 - improve fix #2180414 - Backport hint about systemd daemon-reload * Wed Aug 09 2023 Karel Zak <kzak@redhat.com> 2.37.4-12 - fix #2133396 - Internal testsuite for cramfs fails on s390x - fix #2174748 - enable uuidd cont-clock by default - fix #2182169 - lscpu: backport ARM human-readable names from upstream - fix #2189947 - libuuid - downport cache related patch - fix #2203324 - zram module does not have algorithms mentioned in zramctl command - fix #2209267 - Add additional documentation on devices being auto-mounted if a device exists within fstab. - fix #2215082 - For the 'sfdisk' man page to further clarify the expected behavior and intended use of the -d option * Tue Mar 28 2023 Karel Zak <kzak@redhat.com> 2.37.4-11 - fix #2180414 - Backport hint about systemd daemon-reload * Tue Feb 07 2023 Karel Zak <kzak@redhat.com> 2.37.4-10 - fix #2165981 - fstrim -av fails to trim root filesystem on Red Hat Coreos - fix #2141970 - add --cont-clock feature for libuuid and uuidd - fix #2133385 - uuidd returns time-based UUIDs when asked for random UUIDs. - fix #2156946 - agetty does not handle the \l sequence in /etc/issue correctly - fix #2166653 - last(1) should be more robust with work with strings - fix #2120246 - use {_tmpfilesdir} also in install section - fix #2134143 - publish libsmartcols-devel subpackages to C9S yum repos * Wed Aug 24 2022 Karel Zak <kzak@redhat.com> 2.37.4-9 - improve lslogins pasword validator (related #2094216) * Mon Aug 15 2022 Karel Zak <kzak@redhat.com> 2.37.4-8 - remove unnecessary patches (#2117203) * Fri Aug 12 2022 Karel Zak <kzak@redhat.com> 2.37.4-7 - improve loop overlay test (#2117203) * Wed Aug 10 2022 Karel Zak <kzak@redhat.com> 2.37.4-6 - fix #2094216 - lslogins reports incorrect "Password is locked" status - fix #2117203 - loop-overlay test failed * Fri Jul 22 2022 Karel Zak <kzak@redhat.com> 2.37.4-5 - cleanup spec file build requiremnts * Thu Jul 21 2022 Karel Zak <kzak@redhat.com> 2.37.4-4 - fix #2079652 - remove uclampset, unsupported by RHEL kernel - fix #2094216 - lslogins reports incorrect "Password is locked" status - fix #2092943 - uuidd time based UUIDs are without MAC address - fix #2074486 - wipefs to erase all available signatures against read only rom - fix #2064810 - RFE: complete libblkid FSSIZE implementation - fix #2078787 - Activity "lsirq -s column" produces wrong result i.e. not sorting properly. - fix #2076829 - dmesg new option "--since" is not working if timestamp format is not provided - fix #2109459 - fix compiler warnings/errors * Thu Feb 24 2022 Karel Zak <kzak@redhat.com> 2.37.4-3 - fix #2057046 - wdctl not picking up reboot reason flag * Thu Feb 17 2022 Karel Zak <kzak@redhat.com> 2.37.4-2 - improve bugfix for #2047952, fix warnings from rpminspect * Wed Feb 16 2022 Karel Zak <kzak@redhat.com> 2.37.4-1 - upgrade to v2.37.4 (fix CVE-2022-0563) libzstd| * Mon Feb 07 2022 Jakub Martisko <jamartis@redhat.com> - 1.5.1-2 - Add some basic gating tests Resolves: rhbz#2050272 * Wed Jan 12 2022 Michel Alexandre Salim <salimma@centosproject.org> - 1.5.1-1 - Rebase to the latest upstream version - Enable optional gz, xz/lzma, and lz4 support in the zstd tool - Disable amd64 assembly on non-x86_64 architectures (rhbz#2035802) this should avoid the issue where an executable stack is created - Re-enable CET protections (rhbz#2039353) Resolves: rhbz#2039488 * Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1.5.0-2 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Mon Jul 12 2021 Jakub Martisko <jamartis@redhat.com> - 1.5.0-1 * Rebase to the latest upstream version Resolves: rhbz#1928094 * Thu Jul 01 2021 Jakub Martisko <jamartis@redhat.com> - 1.4.9-3 - Drop gtest-devel dependency Resolves: rhbz#1977606 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.4.9-2 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Fri Mar 05 2021 Pádraig Brady <P@draigBrady.com> - 1.4.9-1 - Latest upstream * Thu Jan 28 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.7-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Thu Dec 17 2020 Pádraig Brady <P@draigBrady.com> - 1.4.7-1 - Latest upstream * Wed Aug 26 2020 Jeff Law <law@redhat.com> - 1.4.5-6 - Do not force C++11 mode * Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.5-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Sat Jul 11 2020 Igor Raits <ignatenkobrain@fedoraproject.org> - 1.4.5-4 - Build libzstd with multi-threading support * Mon May 25 2020 Pádraig Brady <P@draigBrady.com> - 1.4.5-3 - Build shared library with correct compiler flags * Fri May 22 2020 Pádraig Brady <P@draigBrady.com> - 1.4.5-1 - Latest upstream * Fri May 22 2020 Avi Kivity <avi@scylladb.com> - 1.4.4-3 - Added static library subpackage libsmartcols| * Thu Feb 08 2024 Karel Zak <kzak@redhat.com> 2.37.4-18 - lscpu: another tests update (RHEL-12783) * Thu Feb 08 2024 Karel Zak <kzak@redhat.com> 2.37.4-17 - lscpu: update tests, follow max freq for scaling (RHEL-12783) * Wed Feb 07 2024 Karel Zak <kzak@redhat.com> 2.37.4-16 - fix RHEL-16048 - uninitialized memory in SCM_CREDENTIALS in logger(1) - fix RHEL-21257 - logger sending process start time not current time with log messages - fix RHEL-16071 - issues in libblkid - fix RHEL-12783 - lscpu -e doesn't show the current real frequency value - fix RHEL-14612 - Userspace mount options are not preserved for NFS * Thu Aug 24 2023 Karel Zak <kzak@redhat.com> 2.37.4-15 - fix typo in patch for #2133396 * Wed Aug 23 2023 Karel Zak <kzak@redhat.com> 2.37.4-14 - improve fix #2133396 - Internal testsuite for cramfs fails on s390x * Thu Aug 10 2023 Karel Zak <kzak@redhat.com> 2.37.4-13 - improve fix #2180414 - Backport hint about systemd daemon-reload * Wed Aug 09 2023 Karel Zak <kzak@redhat.com> 2.37.4-12 - fix #2133396 - Internal testsuite for cramfs fails on s390x - fix #2174748 - enable uuidd cont-clock by default - fix #2182169 - lscpu: backport ARM human-readable names from upstream - fix #2189947 - libuuid - downport cache related patch - fix #2203324 - zram module does not have algorithms mentioned in zramctl command - fix #2209267 - Add additional documentation on devices being auto-mounted if a device exists within fstab. - fix #2215082 - For the 'sfdisk' man page to further clarify the expected behavior and intended use of the -d option * Tue Mar 28 2023 Karel Zak <kzak@redhat.com> 2.37.4-11 - fix #2180414 - Backport hint about systemd daemon-reload * Tue Feb 07 2023 Karel Zak <kzak@redhat.com> 2.37.4-10 - fix #2165981 - fstrim -av fails to trim root filesystem on Red Hat Coreos - fix #2141970 - add --cont-clock feature for libuuid and uuidd - fix #2133385 - uuidd returns time-based UUIDs when asked for random UUIDs. - fix #2156946 - agetty does not handle the \l sequence in /etc/issue correctly - fix #2166653 - last(1) should be more robust with work with strings - fix #2120246 - use {_tmpfilesdir} also in install section - fix #2134143 - publish libsmartcols-devel subpackages to C9S yum repos * Wed Aug 24 2022 Karel Zak <kzak@redhat.com> 2.37.4-9 - improve lslogins pasword validator (related #2094216) * Mon Aug 15 2022 Karel Zak <kzak@redhat.com> 2.37.4-8 - remove unnecessary patches (#2117203) * Fri Aug 12 2022 Karel Zak <kzak@redhat.com> 2.37.4-7 - improve loop overlay test (#2117203) * Wed Aug 10 2022 Karel Zak <kzak@redhat.com> 2.37.4-6 - fix #2094216 - lslogins reports incorrect "Password is locked" status - fix #2117203 - loop-overlay test failed * Fri Jul 22 2022 Karel Zak <kzak@redhat.com> 2.37.4-5 - cleanup spec file build requiremnts * Thu Jul 21 2022 Karel Zak <kzak@redhat.com> 2.37.4-4 - fix #2079652 - remove uclampset, unsupported by RHEL kernel - fix #2094216 - lslogins reports incorrect "Password is locked" status - fix #2092943 - uuidd time based UUIDs are without MAC address - fix #2074486 - wipefs to erase all available signatures against read only rom - fix #2064810 - RFE: complete libblkid FSSIZE implementation - fix #2078787 - Activity "lsirq -s column" produces wrong result i.e. not sorting properly. - fix #2076829 - dmesg new option "--since" is not working if timestamp format is not provided - fix #2109459 - fix compiler warnings/errors * Thu Feb 24 2022 Karel Zak <kzak@redhat.com> 2.37.4-3 - fix #2057046 - wdctl not picking up reboot reason flag * Thu Feb 17 2022 Karel Zak <kzak@redhat.com> 2.37.4-2 - improve bugfix for #2047952, fix warnings from rpminspect * Wed Feb 16 2022 Karel Zak <kzak@redhat.com> 2.37.4-1 - upgrade to v2.37.4 (fix CVE-2022-0563) libxml2| * Mon Apr 29 2024 David King <amigadave@amigadave.com> - 2.9.13-6 - Fix CVE-2024-25062 (RHEL-29196) * Thu Sep 14 2023 David King <amigadave@amigadave.com> - 2.9.13-5 - Fix CVE-2023-39615 (RHEL-5180) * Fri Apr 14 2023 David King <amigadave@amigadave.com> - 2.9.13-4 - Fix CVE-2023-28484 (#2186694) - Fix CVE-2023-29469 (#2186694) * Tue Nov 01 2022 David King <amigadave@amigadave.com> - 2.9.13-3 - Fix CVE-2022-40303 (#2136564) - Fix CVE-2022-40304 (#2136569) * Tue May 10 2022 David King <amigadave@amigadave.com> - 2.9.13-2 - Fix CVE-2022-29824 (#2082300) sqlite-libs| * Wed Jan 03 2024 Zuzana Miklankova <zmiklank@redhat.com> - 3.34.1-7 - Fixes CVE-2023-7104 * Fri Nov 18 2022 Zuzana Miklankova <zmiklank@redhat.com> - 3.34.1-6 - Fixes CVE-2022-35737 libunistring| * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.9.10-15 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Mon Jun 21 2021 Mike FABIAN <mfabian@redhat.com> - 0.9.10-14 - Related rhbz#1938800: Fix CI tests and convert them to tmt * Mon Jun 14 2021 Mike FABIAN <mfabian@redhat.com> - 0.9.10-13 - Related rhbz#1938800: Fix spelling in license GPLV2+ -> GPLv2+ * Mon Jun 14 2021 Mike FABIAN <mfabian@redhat.com> - 0.9.10-12 - Fix memory leak in vasnprint. Resolves: rhbz#1938800 (Backported from upstream: https://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=4d288a80bf7ebe29334b9805cdcc70eacb6059c1) * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.9.10-11 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.10-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.10-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Mon Jul 13 2020 Tom Stellard <tstellar@redhat.com> - 0.9.10-8 - Use make macros - https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro * Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.10-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild libidn2| * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.3.0-7 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.3.0-6 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Tue May 26 2020 Jeff Law <law@redhat.com> - 2.3.0-3 - Touch a couple autoconf related files to prevent undesired rebuilding if %configure changes one or more configure files. * Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Sat Nov 16 2019 Robert Scheck <robert@fedoraproject.org> 2.3.0-1 - Upgrade to 2.3.0 (#1764345, #1772703) libattr| * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.5.1-3 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 2.5.1-2 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Tue Mar 16 2021 Kamil Dudka <kdudka@redhat.com> - 2.5.1-1 - new upstream release * Fri Mar 12 2021 Kamil Dudka <kdudka@redhat.com> - 2.5.0-1 - new upstream release * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.48-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.48-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Mon Jun 22 2020 Kamil Dudka <kdudka@redhat.com> - 2.4.48-9 - add BR for perl(FileHandle) needed by %check * Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.48-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild libacl| * Fri Oct 06 2023 Lukáš Zaoral <lzaoral@redhat.com> - 2.3.1-4 - preserve failed setfacl return code (RHEL-11833) libffi| * Fri Apr 07 2023 DJ Delorie <dj@redhat.com> - 3.4.2-8 - Use /etc/sysconfig/libffi-force-shared-memory-check-first to override selinux permissions check for shared memory access (#2152228) * Thu Aug 26 2021 Carlos O'Donell <codonell@redhat.com> - 3.4.2-7 - Remove compat-libffi3.1 subpackage to complete SONAME transition. Related: rhbz#1891914 * Wed Aug 18 2021 Carlos O'Donell <carlos@redhat.com> - 3.4.2-6 - Rebuilt for libffi 3.4.2 SONAME transition. Related: rhbz#1891914 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.4.2-5 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Thu Jul 29 2021 Carlos O'Donell <carlos@redhat.com> - 3.4.2-4 - Drop pkgconf support for compat-libffi3.1. * Tue Jul 27 2021 Carlos O'Donell <carlos@redhat.com> - 3.4.2-3 - Add temporary compat-libffi3.1 for library transition. * Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.4.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Mon Jun 28 2021 Carlos O'Donell <carlos@redhat.com> - 3.4.2-1 - Rebase to libffi 3.4.2. * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 3.1-29 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 libcap| * Wed Jul 12 2023 Anderson Toshiyuki Sasaki <ansasaki@redhat.com> - 2.48-9 - Fix integer overflow in _libcap_strdup() (CVE-2023-2603) Resolves: rhbz#2210638 - Correctly check pthread_create() return value to avoid memory leak (CVE-2023-2602) Resolves: rhbz#2222198 * Fri Jan 28 2022 Zoltan Fridrich <zfridric@redhat.com> - 2.48-8 - Fix ambient capabilities for non-root users Related: rhbz#2037215 * Fri Aug 27 2021 Zoltan Fridrich <zfridric@redhat.com> - 2.48-7 - Fix issues detected by static analyzers Related: rhbz#1985346 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.48-6 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 libcom_err| * Wed Dec 13 2023 Carlos Maiolino <cmaiolino@redhat.com> - 1.46.5-5 - rebuild to incorporate libss-devel package - Related: RHEL-19059 * Tue Oct 17 2023 Carlos Maiolino <cmaiolino@redhat.com> - 1.46.5-4 - Change the xattr entry hash to use an unsighed char by default - Related: RHEL-10467 * Fri May 13 2022 Lukas Czerner <lczerner@redhat.com> 1.46.5-3 - Add sanity check to extent manipulation (#2073549) * Thu Jan 20 2022 Lukas Czerner <lczerner@redhat.com> - 1.46.5-2 - Rebuild, no changes * Thu Jan 20 2022 Lukas Czerner <lczerner@redhat.com> - 1.46.5-1 - New upstream release libtasn1| * Wed Nov 30 2022 Simo Sorce <simo@redhat.com> - 4.16.0-9 - Resolves: rhbz#2140602 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 4.16.0-7 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 4.16.0-6 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Mon Apr 12 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 4.16.0-5 - Coverity-related fixes (#1938797) * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 4.16.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild p11-kit| * Thu Nov 23 2023 Zoltan Fridrich <zfridric@redhat.com> - 0.25.3-2 - Fix issues found by static analysis Related: RHEL-14834 * Wed Nov 15 2023 Zoltan Fridrich <zfridric@redhat.com> - 0.25.3-1 - Update to new upstream release 0.25.3 Resolves: RHEL-14834 * Wed Nov 08 2023 Zoltan Fridrich <zfridric@redhat.com> - 0.25.2-1 - Update to new upstream release 0.25.2 Resolves: RHEL-14834 - Add IBM specific mechanisms and attributes Resolves: RHEL-10570 * Tue Feb 01 2022 Daiki Ueno <dueno@redhat.com> - 0.24.1-2 - Replace "black list" with "blocklist" in -trust subpackage description (#2026457) * Mon Jan 17 2022 Packit Service <user-cont-team+packit-service@redhat.com> - 0.24.1-1 - Release 0.24.1 (Daiki Ueno) - common: Support copying attribute array recursively (Daiki Ueno) - common: Add assert_ptr_cmp (Daiki Ueno) - gtkdoc: remove dependencies on custom target files (Eli Schwartz) - doc: Replace occurrence of black list with blocklist (Daiki Ueno) - build: Suppress cppcheck false-positive on array bounds (Daiki Ueno) - ci: Use Docker image from the same repository (Daiki Ueno) - ci: Integrate Docker image building to GitHub workflow (Daiki Ueno) - rpc: Fallback to version 0 if server does not support negotiation (Daiki Ueno) - build: Port e850e03be65ed573d0b69ee0408e776c08fad8a3 to meson (Daiki Ueno) - Link libp11-kit so that it cannot unload (Emmanuel Dreyfus) - trust: Use dngettext for plurals (Daiki Ueno) - rpc: Support protocol version negotiation (Daiki Ueno) - rpc: Separate authentication step from transaction (Daiki Ueno) - Meson: p11_system_config_modules instead of p11_package_config_modules (Issam E. Maghni) - shell: test -a|o is not POSIX (Issam E. Maghni) - Meson: Add libtasn1 to trust programs (Issam E. Maghni) - meson: optionalise glib's development files for gtk_doc (Đoàn Trần Công Danh) readline| * Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 8.1-4 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 8.1-3 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 8.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Wed Jan 06 2021 Siteshwar Vashisht <svashisht@redhat.com> - 8.1-1 - Rebase to readline-8.1 Resolves: #1904867 * Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 8.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 8.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild libassuan| * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.5.5-3 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.5.5-2 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Mon Mar 22 2021 Jakub Jelen <jjelen@redhat.com> - 2.5.5-1 - New upstream release (#1941663) * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Tue Dec 01 2020 Jakub Jelen <jjelen@redhat.com> - 2.5.4-1 - New upstream release (#1891067) * Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.3-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.3-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Mon Aug 19 2019 Tomáš Mráz <tmraz@redhat.com> 2.5.3-2 - add includedir to pkg-config --cflags (#1742986) libgcrypt| * Mon Mar 20 2023 Jakub Jelen <jjelen@redhat.com> - 1.10.0-10 - Provide FIPS indicators for MD and HMACs - Improve PCT tests for ECDSA and always run them after key is generated - Add missing guards for FIPS status in md_sign/verify function - Provider FIPS indicators for public key operation flags * Tue Jan 24 2023 Jakub Jelen <jjelen@redhat.com> - 1.10.0-9 - Avoid usage of invalid arguments sizes for PBKDF2 in FIPS mode - Do not allow large salt lengths with RSA-PSS padding - Disable X9.31 key generation in FIPS mode - Update the FIPS integrity checking code to upstream version - Update cipher modes FIPS indicators for AES WRAP and GCM - Disable jitter entropy generator * Thu Oct 20 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-8 - Fix unneeded PBKDF2 passphrase length limitation in FIPS mode - Enforce HMAC key lengths in MD API in FIPS mode * Thu Oct 06 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-7 - Properly enforce KDF limits in FIPS mode (#2130275) - Fix memory leak in large digest test (#2129150) - Fix function name FIPS service indicator by disabling PK encryption and decryption (#2130275) - Skip RSA encryption/decryption selftest in FIPS mode (#2130275) * Tue Sep 27 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-6 - Fix SHA3 digests with large inputs (#2129150) - Fix FIPS RSA PCT (#2128455) - Fix RSA FIPS Keygen that non-deterministically fails (#2130275) - Get max 32B from getrandom in FIPS mode (#2130275) * Wed Aug 17 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-5 - Allow signature verification with smaller RSA keys (#2083846) - Allow short salt for KDF (#2114870) - Reseed the kernel DRBG by using GRND_RANDOM (#2118695) - Address FIPS review comments around selftests (#2118695) - Disable RSA-OAEP in FIPS mode (#2118695) * Fri May 06 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-4 - Backport ppc hardware flags detection (#2051307) - Disable PKCS#1.5 encryption in FIPS mode (#2061328) * Thu Mar 31 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-3 - Use correct FIPS module name (#2067123) * Thu Feb 17 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-2 - Systematic FIPS module name with other FIPS modules * Wed Feb 02 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-1 - Final release (#2026636) * Thu Jan 27 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-0.3 - Fix broken soname in the previous beta * Thu Jan 27 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-0.2 - Provide compat soname symlink as the new release is backward compatible * Wed Jan 26 2022 Jakub Jelen <jjelen@redhat.com> - 1.10.0-0.1 - New upstream pre-release (#2026636) - Upstream all patches - Implement FIPS 140-3 support * Tue Oct 12 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.3-5 - Allow HW optimizations in FIPS mode (#1990059) * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.9.3-4 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Tue Jun 15 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.3-3 - Fix for CVE-2021-33560 (#1970098) * Wed Apr 28 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.3-2 - Restore the CET protection (#1954049) * Tue Apr 20 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.3-1 - New upstream release (#1951325) * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.9.2-4 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Thu Apr 15 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.2-3 - Fix issues reported by coverity * Mon Mar 29 2021 Jakub Jelen <jjelen@redhat.com> - 1.9.2-2 - Fix OCB tag creation on s390x (failing gnupg2 tests) lz4-libs| * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.9.3-5 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Thu May 27 2021 Jakub Martisko <jamartis@redhat.com> - 1.9.3-4 - Fix cve-2021-3520 resolves: cve-2021-3520 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.9.3-3 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Wed Jan 06 2021 Timothée Ravier <travier@redhat.com> - 1.9.3-1 - Update to 1.9.3 and switch to Meson * Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Wed Aug 14 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.9.1-1 - Update to 1.9.1 libcap-ng| * Tue Feb 15 2022 <ansasaki@redhat.com> - 0.8.2-7 - Update apply-disable patch (#2045857) Resolves: rhbz#2045857 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.8.2-6 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.8.2-5 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Tue Feb 02 2021 Steve Grubb <sgrubb@redhat.com> 0.8.2-4 - Adjust syslog warning for bad use of capng_apply * Sat Jan 30 2021 Steve Grubb <sgrubb@redhat.com> 0.8.2-3 - Add syslog warning for bad use of capng_apply * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Wed Dec 09 2020 Steve Grubb <sgrubb@redhat.com> 0.8.2-1 - New upstream bugfix release * Fri Nov 20 2020 Steve Grubb <sgrubb@redhat.com> 0.8.1-2 - Add temporary patch disabling bounding set error codes * Wed Nov 18 2020 Steve Grubb <sgrubb@redhat.com> 0.8.1-1 - New upstream bugfix release * Tue Sep 08 2020 Steve Grubb <sgrubb@redhat.com> 0.8-1 - New upstream feature release * Sun Aug 23 2020 Steve Grubb <sgrubb@redhat.com> 0.7.11-1 - New upstream release * Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.10-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 0.7.10-3 - Rebuilt for Python 3.9 audit-libs| * Wed Nov 08 2023 Sergio Correia <scorreia@redhat.com> - 3.1.2-2 - Remove if [ $1 -eq 0 ] && [ -x "/usr/lib/systemd/systemd-update-helper" ]; then /usr/lib/systemd/systemd-update-helper remove-system-units from %preun scriptlet, as it was causing troubles when removing audit || : fi Related: RHEL-14896 * Fri Oct 27 2023 Sergio Correia <scorreia@redhat.com> - 3.1.2-1 - New upstream release, 3.1.2 Resolves: RHEL-14896 * Thu Jun 22 2023 Radovan Sroka <rsroka@redhat.com> - 3.0.7-104 - Introduce new fanotify record fields Resolves: rhbz#2216666 * Mon May 02 2022 Sergio Correia <scorreia@redhat.com> - 3.0.7-103 - Drop ProtectHome from auditd.service as it interferes with rules Resolves: rhbz#2071725 - Default systemd service config blocks audit watch rules in some directories [rhel-9.1.0] * Sun Mar 13 2022 Sergio Correia <scorreia@redhat.com> - 3.0.7-102 - Fix path normalization in auparse Resolves: rhbz#2062824 - auparse missing information when used with --format-text * Tue Feb 22 2022 Sergio Correia <scorreia@redhat.com> - 3.0.7-101 - Adjust sample-rules dir permissions Resolves: rhbz#2054432 - /usr/share/audit/sample-rules is no longer readable by non-root users * Tue Jan 25 2022 Sergio Correia <scorreia@redhat.com> - 3.0.7-100 - New upstream release, 3.0.7 Resolves: rhbz#2019929 - capability=unknown-capability(39) in audit messages popt| * Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1.18-8 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Tue Jul 20 2021 Michal Domonkos <mdomonko@redhat.com> - 1.18-7 - Add gating.yaml * Mon Jul 19 2021 Michal Domonkos <mdomonko@redhat.com> - 1.18-6 - Address important covscan issues (#1938846) * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.18-5 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Sat Mar 06 2021 Robert Scheck <robert@fedoraproject.org> 1.18-4 - Conditionalize static subpackage during build-time * Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.18-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.18-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Wed Jun 24 2020 Panu Matilainen <pmatilai@redhat.com> - 1.18-1 - Update to popt 1.18 final (no changes from rc1) * Fri May 29 2020 Panu Matilainen <pmatilai@redhat.com> - 1.18~rc1-1 - Rebase to popt 1.18-rc1 - Update URLs to the new upstream * Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.16-19 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild libsigsegv| * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.13-4 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.13-3 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.13-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Sun Jan 17 2021 Peter Robinson <pbrobinson@fedoraproject.org> - 2.13-1 - Update to 2.13 - spec file cleanup * Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.11-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.11-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Fri Jan 17 2020 Jeff Law <law@redhat.com> - 2.11-9 - Fix configure tests compromised by LTO gmp| * Thu Aug 03 2023 Jakub Martisko <jamartis@redhat.com> - 1:6.2.0-13 - Fix: previous commit removed one function from the library and thus broke the ABI - function gmpn_preinv_divrem_1 should now not be removed Related: rhbz#2044216 * Tue Jul 18 2023 Jakub Martisko <jamartis@redhat.com> - 1:6.2.0-12 - Add SIMD optimization patches for s390x (provided by the IBM) Resolves: rhbz#2044216 * Tue Jun 06 2023 Jakub Martisko <jamartis@redhat.com> - 1:6.2.0-11 Fix: Integer overflow and resultant buffer overflow via crafted input Resolves: CVE-2021-43618 * Fri Aug 27 2021 Jakub Martisko <jamartis@redhat.com> - 1:6.2.0-10 - Add the support for intel CET Resolves: rhbz#1977890 * Wed Aug 18 2021 Jakub Martisko <jamartis@redhat.com> - 1:6.2.0-9 - Move the .hmac files to the fipscheck subfolder - Make symlinks from their original location (Fedora contains the .hmac files there) pointing to their new location Resolves: rhbz#1980758 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1:6.2.0-8 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 libsepol| * Wed Dec 13 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.6-1 - SELinux userspace 3.6 release * Mon Nov 13 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.6-0.rc1.1 - SELinux userspace 3.6-rc1 release * Thu Feb 23 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-1 - SELinux userspace 3.5 release * Tue Feb 14 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-0.rc3.1 - SELinux userspace 3.5-rc3 release * Mon Jan 02 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-0.rc1.2 - SELinux userspace 3.5-rc1 release * Fri Oct 21 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-3 - Fix validation of user declarations in modules (#2136212) * Wed Oct 12 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-2 - Restore error on context rule conflicts (#2127399) * Mon May 23 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-1.1 - SELinux userspace 3.4 release pcre| * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 8.44-3.3 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 8.44-3.2 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 8.44-3.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Mon Jan 11 2021 Petr Pisar <ppisar@redhat.com> - 8.44-3 - Implement CET (bug #1909554) * Mon Oct 19 2020 Petr Pisar <ppisar@redhat.com> - 8.44-2 - Fix reading an uninitialized memory when populating a name table (upstream bug #2661) * Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 8.44-1.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Fri Feb 14 2020 Petr Pisar <ppisar@redhat.com> - 8.44-1 - 8.44 bump * Wed Feb 12 2020 Petr Pisar <ppisar@redhat.com> - 8.43-3 - Make erroroffset initializion in a POSIX wrapper thread-safe (upstream bug #2447) - Fix an integer overflow when parsing numbers after "(?C" (upstream bug #2463) - Fix shifting integer bits and a NULL pointer dereferce in pcretest tool (upstream bug #2380) * Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 8.43-2.2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild grep| * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.6-5 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Mon Jun 28 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 3.6-4 - Fixed stack overflow detection Resolves: rhbz#1975156 * Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 3.6-3 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.6-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Mon Nov 09 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 3.6-1 - New version Resolves: rhbz#1895797 * Wed Sep 30 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 3.5-1 - New version Resolves: rhbz#1883086 * Wed Aug 26 2020 Adam Williamson <awilliam@redhat.com> - 3.4-5 - Backport fix for upstream #28105 to fix zgrep Resolves: rhbz#1872913 - Remove some non-portable tests that fail on armv7hl (Paul Eggert) Resolves: rhbz#1863830 * Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.4-4 - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.4-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Mon Jul 13 2020 Tom Stellard <tstellar@redhat.com> - 3.4-2 - Use make macros - https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro * Wed Apr 01 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 3.4-1 - New version Resolves: rhbz#1818417 - Added all glibc langpacks to allow more locale sensitive tests to run - Added perl-FileHandle requirement for the filename-lineno.pl test * Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.3-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild mpfr| * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 4.1.0-7 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 4.1.0-6 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Tue Mar 09 2021 Jerry James <loganjerry@gmail.com> - 4.1.0-5 - Add upstream patches 8-9 * Wed Feb 17 2021 Jerry James <loganjerry@gmail.com> - 4.1.0-4 - Add upstream patches 1-7 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 4.1.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.1.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Sat Jul 11 2020 Jerry James <loganjerry@gmail.com> - 4.1.0-1 - Update to MPFR version 4.1.0 - Drop all patches * Mon Jun 29 2020 Jerry James <loganjerry@gmail.com> - 4.0.2-5 - Add upstream patches 8 and 9 * Thu Apr 16 2020 Jerry James <loganjerry@gmail.com> - 4.0.2-4 - Add upstream patches 2 through 7 * Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.0.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Fri Oct 11 2019 Jerry James <loganjerry@gmail.com> - 4.0.2-2 - Drop the mpfr3 and mpfr3-devel subpackages * Tue Oct 08 2019 Jerry James <loganjerry@gmail.com> - 4.0.2-1 - Update to MPFR version 4.0.2 plus patch01 - Make mpfr3 and mpfr3-devel subpackages for version 3.1.6 - Add a -doc subpackage to hold the GFDL-licensed content - The main package license is LGPLv3+; the GPLv3+ content is not packaged - Drop unnecessary autoconf and libtool BRs - Drop explicit R on gmp; it is autogenerated - Drop info scriptlets; this version can never appear in Fedora < 32 or RHEL < 9 - Drop ldconfig_scriptlets for the same reason - Make sure there are no rpaths and that -Wl,--as-needed takes effect - Do not use the %doc macro; the files have already been copied gawk| * Wed Feb 16 2022 Jakub Martisko <jamartis@redhat.com> - 5.1.0-6 Fix the issue with incorect handling of return values of some processes Resolves: rhbz#2055107 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 5.1.0-5 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 5.1.0-4 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 5.1.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.1.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Tue Jul 21 2020 Jakub Martisko <jamartis@redhat.com> - 5.1.0-1 - New upstream release * Tue Feb 18 2020 Jakub Martisko <jamartis@redhat.com> - 5.0.1-8 - Split the package into the main package and locales subpackage libksba| * Wed Jan 25 2023 Jakub Jelen <jjelen@redhat.com> - 1.5.1-6 - Fix for CVE-2022-47629 (#2161571) * Wed Oct 19 2022 Jakub Jelen <jjelen@redhat.com> - 1.5.1-5 - Fix for CVE-2022-3515 (#2135703) * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.5.1-4 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.5.1-3 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Thu Apr 15 2021 Jakub Jelen <jjelen@redhat.com> - 1.5.1-2 - Address issues reported by coverity * Wed Apr 07 2021 Jakub Jelen <jjelen@redhat.com> - 1.5.1-1 - New upstream release (#1946544) * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild file-libs| * Thu Nov 23 2023 Vincent Mihalkovic <vmihalko@redhat.com> - 5.39-16 - Fix stack-based buffer over-read in file_copystr() (CVE-2022-48554) * Thu Oct 12 2023 Vincent Mihalkovic <vmihalko@redhat.com> - 5.39-15 - Fix segfault in python3-file-magic concurrent method calls * Tue Jul 11 2023 Ville-Pekka Vainio <vpvainio@iki.fi> - 5.39-14 - fix detection of deflate encoded PDFs Resolves: #2213761 * Mon Jul 03 2023 Vincent Mihalkovic <vmihalko@redhat.com> - 5.39-13 - fix recognition of wasm files Resolves: #2219392 * Wed Feb 01 2023 Vincent Mihalkovic <vmihalko@redhat.com> - 5.39-12 - fix detection of static-pie binaries Resolves: #2164834 * Tue Jan 31 2023 Vincent Mihalkovic <vmihalko@redhat.com> - 5.39-11 - fix issue with libmagic and floating point exceptions Resolves: #2061557 * Wed Aug 24 2022 Vincent Mihalkovic <vmihalko@redhat.com> - 5.39-10 - speedup magic matching Resolves: #2120692 * Wed Aug 17 2022 Vincent Mihalkovic <vmihalko@redhat.com> - 5.39-9 - fix recognition (src/compress.c) of compressed empty files Resolves: #2121694 alternatives| * Thu May 04 2023 Jan Macku <jamacku@redhat.com> - 1.24-1 - ci: fix `NEXT_VERSION` in Makefile - revert: releng: Enable Packit to handle Fedora updates - revert: releng: Convert to rpmautospec * Thu May 04 2023 Jan Macku <jamacku@redhat.com> - 1.23-1 - Translated using Weblate (Korean) - Translated using Weblate (English (United Kingdom)) - alternatives: --keep-foreign incorrectly handles non-existent files - alternatives: isLink should return 0 in case of lstat error - Translated using Weblate (Swedish) - Translated using Weblate (Korean) - Translated using Weblate (Georgian) - Translated using Weblate (Finnish) - Translated using Weblate (Ukrainian) - Translated using Weblate (Polish) - Update translation files - Translated using Weblate (German) - doc: update translations - spec: remote changelog * Thu Mar 23 2023 Jan Macku <jamacku@redhat.com> - 1.22-1 - migrate to SPDX license - Translated using Weblate (English (United Kingdom)) - Translated using Weblate (Japanese) - ci: Add locale linter - ci: update workflows - test: fix ShellCheck error[SC2070] - Bump redhat-plumbers-in-action/differential-shellcheck from 3 to 4 (#94) - releng: Packit remove extra job trigger - releng: Enable Packit to handle Fedora updates - releng: Convert to rpmautospec * Wed Oct 05 2022 Jan Macku <jamacku@redhat.com> - 1.21-1 - ci: Add CodeQL to replace LGTM - alternatives: replace master/slave with leader/follower - chkconfig: use correct cmp function - Bump redhat-plumbers-in-action/differential-shellcheck from 2 to 3 - ci: Add Shell linter - Differential ShellCheck - ci: Use more inclusive terminology in workflows - ci: Update workflows, packit and dependabot - Translated using Weblate (Friulian) - Translated using Weblate (Swedish) - Translated using Weblate (Estonian) - Translated using Weblate (Georgian) - Translated using Weblate (Polish) - Translated using Weblate (Korean) - Translated using Weblate (Czech) - Translations update from Fedora Weblate (#77) - Translations update from Fedora Weblate (#75) - Translations update from Fedora Weblate (#74) - Translations update from Fedora Weblate (#73) - Translated using Weblate (Ukrainian) - Update translation files - Family mentioned for --set in both man and help - Translated using Weblate (French) - build-sys: Ensure `systemd-sysv-install` symlink does not have `//` - Translated using Weblate (German) - Add LGTM badges to README - Merge remote-tracking branch 'weblate/master' - Translated using Weblate (Indonesian) - Translated using Weblate (Finnish) - Translated using Weblate (Korean) - Translated using Weblate (Ukrainian) - Translated using Weblate (Turkish) - Translated using Weblate (Polish) - Translated using Weblate (Norwegian Nynorsk) - Update translation files - Translated using Weblate (Finnish) - Translated using Weblate (Czech) - Translated using Weblate (Swedish) - Translated using Weblate (Italian) - Translated using Weblate (Spanish) - Translated using Weblate (Chinese (Simplified)) * Wed Jul 28 2021 Jan Macku <jamacku@redhat.com> - 1.20-1 - spec: Replace not working awk command with sed (#62) * Fri Jul 23 2021 Jan Macku <jamacku@redhat.com> - 1.19-1 - spec: Add Provides /sbin/chkconfig in order to stay backwards compatible (#60) * Fri Jul 23 2021 Jan Macku <jamacku@redhat.com> - 1.18-1 - spec: /sbin/chkconfig -> /usr/sbin/chkconfig (#59) * Thu Jul 22 2021 Jan Macku <jamacku@redhat.com> - 1.17-1 - alternatives: tweak manpage to match the real 'remove' behavior (#58) * Thu Jul 15 2021 Jan Macku <jamacku@redhat.com> - 1.16-1 - alternatives: add --keep-foreign (#57) - Translations update from Weblate - ci: Onboard chkconfig to Packit - zanata: remove zanata related stuff - Use make macros - alternatives: use one function for path cleaning - CI: specify more closely when to run CI - Add basic CI and README - spec: sync specfile with Fedora p11-kit-trust| * Thu Nov 23 2023 Zoltan Fridrich <zfridric@redhat.com> - 0.25.3-2 - Fix issues found by static analysis Related: RHEL-14834 * Wed Nov 15 2023 Zoltan Fridrich <zfridric@redhat.com> - 0.25.3-1 - Update to new upstream release 0.25.3 Resolves: RHEL-14834 * Wed Nov 08 2023 Zoltan Fridrich <zfridric@redhat.com> - 0.25.2-1 - Update to new upstream release 0.25.2 Resolves: RHEL-14834 - Add IBM specific mechanisms and attributes Resolves: RHEL-10570 * Tue Feb 01 2022 Daiki Ueno <dueno@redhat.com> - 0.24.1-2 - Replace "black list" with "blocklist" in -trust subpackage description (#2026457) * Mon Jan 17 2022 Packit Service <user-cont-team+packit-service@redhat.com> - 0.24.1-1 - Release 0.24.1 (Daiki Ueno) - common: Support copying attribute array recursively (Daiki Ueno) - common: Add assert_ptr_cmp (Daiki Ueno) - gtkdoc: remove dependencies on custom target files (Eli Schwartz) - doc: Replace occurrence of black list with blocklist (Daiki Ueno) - build: Suppress cppcheck false-positive on array bounds (Daiki Ueno) - ci: Use Docker image from the same repository (Daiki Ueno) - ci: Integrate Docker image building to GitHub workflow (Daiki Ueno) - rpc: Fallback to version 0 if server does not support negotiation (Daiki Ueno) - build: Port e850e03be65ed573d0b69ee0408e776c08fad8a3 to meson (Daiki Ueno) - Link libp11-kit so that it cannot unload (Emmanuel Dreyfus) - trust: Use dngettext for plurals (Daiki Ueno) - rpc: Support protocol version negotiation (Daiki Ueno) - rpc: Separate authentication step from transaction (Daiki Ueno) - Meson: p11_system_config_modules instead of p11_package_config_modules (Issam E. Maghni) - shell: test -a|o is not POSIX (Issam E. Maghni) - Meson: Add libtasn1 to trust programs (Issam E. Maghni) - meson: optionalise glib's development files for gtk_doc (Đoàn Trần Công Danh) libverto| * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.3.2-3 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.3.2-2 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Mon Mar 15 2021 Robbie Harwood <rharwood@redhat.com> - 0.3.2-1 - New upstream version (0.3.2) * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Fri Jan 22 2021 Robbie Harwood <rharwood@redhat.com> - 0.3.1-2 - New upstream version (0.3.1) - Drop tevent goo and RHEL conditionals * Tue Sep 15 2020 Robbie Harwood <rharwood@redhat.com> - 0.3.0-11 - Rebuild for libevent soname bump * Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.0-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.0-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild libnghttp2| * Fri Oct 13 2023 Jan Macku <jamacku@redhat.com> - 1.43.0-5.1 - fix HTTP/2 Rapid Reset (CVE-2023-44487) librtas| * Wed Feb 09 2022 Than Ngo <than@redhat.com> - 2.0.2-14 - Resolves: #2039517, add librtas-devel to compose * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.0.2-13 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Mon May 10 2021 Than Ngo <than@redhat.com> - 2.0.2-12 - Resolves: #1958942, fix license tag * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.0.2-11 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Fri Mar 26 2021 Than Ngo <than@redhat.com> - 2.0.2-10 - clean up librtas by using rtas_copy * Thu Mar 25 2021 Than Ngo <than@redhat.com> - 2.0.2-9 - Undo ExclusiveArch * Thu Mar 25 2021 Than Ngo <than@redhat.com> - 2.0.2-8 - Resolves: #1938786, coverity issues * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.2-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.2-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild nettle| * Wed Nov 01 2023 Daiki Ueno <dueno@redhat.com> - 3.9.1-1 - Update to nettle 3.9.1 (RHEL-14890) * Thu Aug 25 2022 Daiki Ueno <dueno@redhat.com> - 3.8-3 - Rebuild in new side-tag * Thu Aug 18 2022 Daiki Ueno <dueno@redhat.com> - 3.8-2 - Bundle GMP to privatize memory functions - Zeroize stack allocated intermediate data * Tue Jun 28 2022 Daiki Ueno <dueno@redhat.com> - 3.8-1 - Update to nettle 3.8 (#1992457) gnutls| * Fri Apr 05 2024 Daiki Ueno <dueno@redhat.com> - 3.8.3-4 - Bump release to ensure el9 package is greater than el9_* packages * Fri Mar 22 2024 Daiki Ueno <dueno@redhat.com> - 3.8.3-3 - Bump release to ensure el9 package is greater than el9_* packages * Thu Mar 21 2024 Daiki Ueno <dueno@redhat.com> - 3.8.3-2 - Fix timing side-channel in deterministic ECDSA (RHEL-28959) - Fix potential crash during chain building/verification (RHEL-28954) * Tue Jan 23 2024 Daiki Ueno <dueno@redhat.com> - 3.8.3-1 - Update to gnutls 3.8.3 (RHEL-14891) * Mon Jan 22 2024 Daiki Ueno <dueno@redhat.com> - 3.8.2-3 - Skip KTLS test exercising ChaCha20-Poly1305 in TLS 1.3 as well (RHEL-18498) * Fri Dec 08 2023 Daiki Ueno <dueno@redhat.com> - 3.8.2-2 - Bump nettle dependency to 3.9.1 - Skip KTLS test exercising ChaCha20-Poly1305 in TLS 1.2 (RHEL-18498) * Thu Nov 16 2023 Daiki Ueno <dueno@redhat.com> - 3.8.2-1 - Update to gnutls 3.8.2 (RHEL-14891) * Sat Jul 29 2023 Daiki Ueno <dueno@redhat.com> - 3.7.6-23 - Mark SHA-1 signature verification non-approved in FIPS (#2102751) * Tue Jul 18 2023 Daiki Ueno <dueno@redhat.com> - 3.7.6-22 - Skip KTLS test on old kernel if host and target arches are different * Thu Jul 13 2023 Daiki Ueno <dueno@redhat.com> - 3.7.6-21 - Require use of extended master secret in FIPS mode by default (#2157953) * Tue Mar 14 2023 Daiki Ueno <dueno@redhat.com> - 3.7.6-20 - Fix the previous change (#2175214) * Fri Mar 10 2023 Daiki Ueno <dueno@redhat.com> - 3.7.6-19 - Bump release to ensure el9 package is greater than el9_* packages (#2175214) * Tue Feb 28 2023 Daiki Ueno <dueno@redhat.com> - 3.7.6-18 - Update gnutls-3.7.8-fips-pct-dh.patch to the upstream version (#2168143) * Fri Feb 10 2023 Daiki Ueno <dueno@redhat.com> - 3.7.6-17 - Fix timing side-channel in TLS RSA key exchange (#2162601) * Fri Feb 10 2023 Daiki Ueno <dueno@redhat.com> - 3.7.6-16 - fips: extend PCT to DH key generation (#2168143) * Thu Dec 15 2022 Zoltan Fridrich <zfridric@redhat.com> - 3.7.6-15 - fips: rename hmac file to its previous name (#2148269) * Tue Nov 22 2022 Daiki Ueno <dueno@redhat.com> - 3.7.6-14 - cipher: add restriction on CCM tag length under FIPS mode (#2137807) - nettle: mark non-compliant RSA-PSS salt length to be not-approved (#2143266) * Tue Nov 15 2022 Zoltan Fridrich <zfridric@redhat.com> - 3.7.6-13 - fips: make XTS key check failure not fatal (#2130971) - enable source archive verification again (#2127094) - clear server's session ticket indication at rehandshake (#2136072) - crypto-api: add block cipher API with automatic padding (#2084161) - fips: remove library path checking from FIPS integrity check (#2140908) * Tue Sep 27 2022 Daiki Ueno <dueno@redhat.com> - 3.7.6-12 - fips: mark PBKDF2 with short key and output sizes non-approved - fips: only mark HMAC as approved in PBKDF2 - fips: mark gnutls_key_generate with short key sizes non-approved - fips: fix checking on hash algorithm used in ECDSA - fips: preserve operation context around FIPS selftests API * Fri Aug 26 2022 Daiki Ueno <dueno@redhat.com> - 3.7.6-11 - Supply --with{,out}-{zlib,brotli,zstd} explicitly * Thu Aug 25 2022 Daiki Ueno <dueno@redhat.com> - 3.7.6-10 - Revert nettle version pinning as it doesn't work well in side-tag * Thu Aug 25 2022 Daiki Ueno <dueno@redhat.com> - 3.7.6-9 - Pin nettle version in Requires when compiled with FIPS * Tue Aug 23 2022 Daiki Ueno <dueno@redhat.com> - 3.7.6-8 - Bundle GMP to privatize memory functions - Disable certificate compression support by default * Tue Aug 23 2022 Daiki Ueno <dueno@redhat.com> - 3.7.6-7 - Update gnutls-3.7.6-cpuid-fixes.patch * Sat Aug 20 2022 Daiki Ueno <dueno@redhat.com> - 3.7.6-6 - Mark RSA SigVer operation approved for known modulus sizes (#2091903) - accelerated: clear AVX bits if it cannot be queried through XSAVE * Thu Aug 04 2022 Daiki Ueno <dueno@redhat.com> - 3.7.6-5 - Block DES-CBC usage in decrypting PKCS#12 bag under FIPS (#2115244) - sysrng: reseed source DRBG for prediction resistance * Fri Jul 29 2022 Daiki Ueno <dueno@redhat.com> - 3.7.6-4 - Make gnutls-cli work with KTLS for testing - Fix double-free in gnutls_pkcs7_verify (#2109790) * Mon Jul 25 2022 Daiki Ueno <dueno@redhat.com> - 3.7.6-3 - Limit input size for AES-GCM according to SP800-38D (#2095251) - Do not treat GPG verification errors as fatal - Remove gnutls-3.7.6-libgnutlsxx-const.patch * Tue Jul 19 2022 Daiki Ueno <dueno@redhat.com> - 3.7.6-2 - Allow enabling KTLS with config file (#2042009) * Fri Jul 01 2022 Daiki Ueno <dueno@redhat.com> - 3.7.6-1 - Update to gnutls 3.7.6 (#2097327) json-c| * Tue Sep 14 2021 Tomas Korbar <tkorbar@redhat.com> - 0.14-11 - Start providing versioned symbols - Resolves: rhbz#2001067 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.14-10 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.14-9 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.14-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Mon Jul 27 2020 Björn Esser <besser82@fedoraproject.org> - 0.14-7 - Use new cmake macros * Tue May 26 2020 Björn Esser <besser82@fedoraproject.org> - 0.14-6 - Build using Ninja instead of Make - Add a patch to move Doxyfile into doc subdir - Remove pre-built html documentation - Update Doxyfile during %prep - Add a patch to apply some optimizations to arraylist - Hardlink the files in %_pkgdocdir * Mon May 25 2020 Björn Esser <besser82@fedoraproject.org> - 0.14-5 - Run the testssuite with valgrind on %valgrind_arches * Mon May 18 2020 Björn Esser <besser82@fedoraproject.org> - 0.14-4 - Add a patch to fix a test - Add a patch to fix generation of user-documentation * Mon May 11 2020 Björn Esser <besser82@fedoraproject.org> - 0.14-3 - Add upstream patch fixing usage of errno in json_parse_uint64() * Sun May 10 2020 Björn Esser <besser82@fedoraproject.org> - 0.14-2 - Add a patch to backport fixes applied on upstream master branch - Re-enable RDRAND as json-c can detect broken implementations in CPUs now - Disable -Werror during build * Tue Apr 21 2020 Björn Esser <besser82@fedoraproject.org> - 0.14-1 - Update to 0.14 * Mon Apr 20 2020 Björn Esser <besser82@fedoraproject.org> - 0.13.99-0.4.20200416gita911439 - Remove config.h file from installation - Drop hardlinking of the documentation files * Thu Apr 16 2020 Björn Esser <besser82@fedoraproject.org> - 0.13.99-0.3.20200416gita911439 - Update to recent git snapshot * Tue Apr 14 2020 Björn Esser <besser82@fedoraproject.org> - 0.13.99-0.2.20200414git7fb8d56 - Update to recent git snapshot * Tue Apr 14 2020 Björn Esser <besser82@fedoraproject.org> - 0.13.99-0.1.20200414gitab5425a - Update to recent git snapshot using forge macros * Sun Apr 12 2020 Björn Esser <besser82@fedoraproject.org> - 0.13.1-11 - Drop bootstrap logic, as the package is no dependency of @build anymore - Add some explicit BuildRequires, which were implicit - Small spec file cleanups * Sat Apr 11 2020 Björn Esser <besser82@fedoraproject.org> - 0.13.1-10 - Add explicit configure switch to disable rdrand - Add explicit configure switch to enable linking with Bsymbolic - Do not use macros to invoke executables - Drop obsolete %pretrans scriptlet * Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.13.1-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Thu Nov 28 2019 Petr Menšík <pemensik@redhat.com> - 0.13.1-8 - Remove empty doc dir from library package * Wed Nov 06 2019 Miroslav Lichvar <mlichvar@redhat.com> 0.13.1-7 - Disable rdrand support (#1745333) npth| * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.6-8 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.6-7 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.6-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.6-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.6-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild libyaml| * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.2.5-7 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.2.5-6 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.5-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Tue Dec 01 2020 John Eckersberg <jeckersb@redhat.com> - 0.2.5-4 - Add BuildRequires for make (re: https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot) * Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.5-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Mon Jul 13 2020 Tom Stellard <tstellar@redhat.com> - 0.2.5-2 - Use make macros - https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro * Tue Jun 02 2020 John Eckersberg <eck@redhat.com> - 0.2.5-1 - New upstream release (rhbz#1842769) * Sun Apr 19 2020 John Eckersberg <eck@redhat.com> - 0.2.4-1 - New upstream release (rhbz#1825622) - Fixes document end before directive (rhbz#1824226) * Mon Apr 13 2020 John Eckersberg <eck@redhat.com> - 0.2.3-1 - New upstream release (rhbz#1823108) * Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild libstdc++| * Mon Dec 18 2023 Marek Polacek <polacek@redhat.com> 11.4.1-3 - update from releases/gcc-11-branch (RHEL-17638) - PRs c++/106310, c++/106890, c++/109666, c++/109761, c++/111357, c++/111512, c++/112795, d/108842, d/110359, d/110511, d/110516, debug/110295, fortran/95947, fortran/103506, fortran/107397, fortran/110288, fortran/110585, fortran/110658, fortran/111837, fortran/111880, libstdc++/95048, libstdc++/99327, libstdc++/104161, libstdc++/104242, libstdc++/108178, libstdc++/111050, libstdc++/111511, libstdc++/112314, libstdc++/112491, middle-end/110200, middle-end/111699, middle-end/111818, middle-end/112733, rtl-optimization/110237, sanitizer/112727, target/96762, target/101177, target/101469, target/105325, target/109800, target/109932, target/110011, target/110044, target/110170, target/110309, target/110741, target/111001, target/111340, target/111367, target/111408, target/111815, target/112672, target/112816, target/112837, target/112845, target/112891, testsuite/66005, tree-optimization/110298, tree-optimization/110731, tree-optimization/110914, tree-optimization/111015, tree-optimization/111614, tree-optimization/111764, tree-optimization/111917 - use -fno-stack-protector in some aarch64 tests * Tue Oct 03 2023 Marek Polacek <polacek@redhat.com> 11.4.1-2.3 - fix member vs global template (RHEL-2607) * Mon Oct 02 2023 Marek Polacek <polacek@redhat.com> 11.4.1-2.2 - guard the bit test merging code in if-combine (RHEL-6068) * Fri Jun 09 2023 Marek Polacek <polacek@redhat.com> 11.4.1-2.1 - fix ICE on pr96024.f90 on big-endian hosts (PR fortran/96024, #2213211) - use -fno-stack-protector to fix bit-field aarch64 tests (#2213221) * Mon Jun 05 2023 Marek Polacek <polacek@redhat.com> 11.4.1-2 - update from releases/gcc-11-branch (#2193180) - GCC 11.4 release - PRs bootstrap/90543, c++/53932, c++/69410, c++/92752, c++/98056, c++/98821, c++/100295, c++/100474, c++/101118, c++/101869, c++/102780, c++/103871, c++/104527, c++/105406, c++/105996, c++/106188, c++/106675, c++/106713, c++/106740, c++/107065, c++/107163, c++/107179, c++/107558, c++/107579, c++/107864, c++/108138, c++/108180, c++/108365, c++/108468, c++/108474, c++/108607, c++/108975, c++/108998, c++/109096, c++/109164, c/107127, c/107465, c/109151, d/107592, d/108050, d/108877, d/109108, debug/106719, debug/108573, debug/108716, debug/108967, driver/106624, fortran/85877, fortran/95107, fortran/96024, fortran/96025, fortran/99036, fortran/103259, fortran/104332, fortran/106209, fortran/106945, fortran/107576, fortran/107872, fortran/108131, fortran/108349, fortran/108420, fortran/108421, fortran/108451, fortran/108453, fortran/108501, fortran/108502, fortran/108527, fortran/108529, fortran/108609, fortran/108937, fortran/109186, fortran/109511, fortran/109846, ipa/105685, ipa/106124, ipa/107944, libquadmath/87204, libquadmath/94756, libstdc++/91456, libstdc++/103934, libstdc++/104866, libstdc++/104875, libstdc++/105844, libstdc++/106183, libstdc++/107801, libstdc++/107814, libstdc++/108030, libstdc++/108118, libstdc++/108265, libstdc++/108636, libstdc++/108856, libstdc++/108952, libstdc++/109064, libstdc++/109261, libstdc++/109949, lto/109263, middle-end/104450, middle-end/104464, middle-end/106190, middle-end/107317, middle-end/108237, middle-end/108264, middle-end/108435, middle-end/108459, middle-end/108546, middle-end/108625, middle-end/108685, middle-end/108854, other/108560, other/109306, rtl-optimization/106751, rtl-optimization/107482, rtl-optimization/108193, rtl-optimization/108596, rtl-optimization/109585, target/70243, target/90458, target/96373, target/98776, target/100758, target/104871, target/104921, target/105554, target/105599, target/106736, target/106875, target/107568, target/107714, target/107863, target/108272, target/108348, target/108589, target/108699, target/108807, target/108812, target/108881, target/109067, target/109140, target/109276, testsuite/47334, testsuite/103823, testsuite/108151, testsuite/108973, testsuite/108985, tree-optimization/105484, tree-optimization/106809, tree-optimization/107107, tree-optimization/107212, tree-optimization/107254, tree-optimization/107323, tree-optimization/107451, tree-optimization/107554, tree-optimization/107898, tree-optimization/107997, tree-optimization/108068, tree-optimization/108076, tree-optimization/108095, tree-optimization/108199, tree-optimization/108498, tree-optimization/108688, tree-optimization/108692, tree-optimization/108821, tree-optimization/108950, tree-optimization/109176, tree-optimization/109410, tree-optimization/109473, tree-optimization/109491, tree-optimization/109502, tree-optimization/109573, tree-optimization/109724, tree-optimization/109778 - PRs fortran/100607, libstdc++/109822, target/109954, tree-optimization/109505 * Wed Mar 29 2023 Marek Polacek <polacek@redhat.com> 11.3.1-4.4 - s390x: add support for register arguments preserving (#2168204) * Wed Dec 21 2022 Marek Polacek <polacek@redhat.com> 11.3.1-4.3 - compile the cross binaries as PIE/-z now (#2155452) * Mon Dec 19 2022 Marek Polacek <polacek@redhat.com> 11.3.1-4.2 - ship libitm.spec in cross-gcc (#2154462) * Tue Dec 13 2022 Marek Polacek <polacek@redhat.com> 11.3.1-4.1 - add cross compiler functionality for non-production uses (#2149650) * Tue Nov 22 2022 Marek Polacek <polacek@redhat.com> 11.3.1-4 - update from releases/gcc-11-branch (#2117632) - PRs analyzer/105252, analyzer/105365, analyzer/105366, c++/65211, c++/82980, c++/86193, c++/90107, c++/97296, c++/101442, c++/101698, c++/102071, c++/102177, c++/102300, c++/102307, c++/102479, c++/102629, c++/104066, c++/104142, c++/104646, c++/104669, c++/105245, c++/105265, c++/105289, c++/105304, c++/105321, c++/105386, c++/105398, c++/105725, c++/105761, c++/105774, c++/105795, c++/105852, c++/105925, c++/106024, c++/106361, c++/107358, c/41041, c/106016, c/106981, c/107001, d/106139, d/106638, debug/106261, fortran/82868, fortran/100029, fortran/100040, fortran/100097, fortran/100098, fortran/100132, fortran/100136, fortran/100245, fortran/103413, fortran/103504, fortran/103693, fortran/103694, fortran/104313, fortran/104849, fortran/105012, fortran/105230, fortran/105243, fortran/105310, fortran/105633, fortran/105691, fortran/105813, fortran/105954, fortran/106121, fortran/106817, fortran/106857, fortran/106985, fortran/106986, fortran/107054, ipa/100413, ipa/105600, ipa/105739, libgomp/106045, libstdc++/65018, libstdc++/84110, libstdc++/93602, libstdc++/96592, libstdc++/99290, libstdc++/100823, libstdc++/101709, libstdc++/102447, libstdc++/103664, libstdc++/103848, libstdc++/103853, libstdc++/103911, libstdc++/103992, libstdc++/104217, libstdc++/104443, libstdc++/104602, libstdc++/104731, libstdc++/105128, libstdc++/105284, libstdc++/105375, libstdc++/105502, libstdc++/105671, libstdc++/105915, libstdc++/106162, libstdc++/106248, libstdc++/106320, libstdc++/106607, libstdc++/106695, lto/106334, lto/106540, middle-end/103193, middle-end/104869, middle-end/104966, middle-end/105140, middle-end/105998, middle-end/106027, middle-end/106030, middle-end/106144, middle-end/106331, middle-end/106492, preprocessor/97498, preprocessor/105732, rtl-optimization/104637, rtl-optimization/105041, rtl-optimization/105333, rtl-optimization/105559, rtl-optimization/106032, rtl-optimization/106187, sanitizer/105396, sanitizer/105729, target/96072, target/99184, target/99685, target/101322, target/101891, target/102059, target/102146, target/103197, target/103353, target/104257, target/104829, target/105147, target/105162, target/105209, target/105292, target/105339, target/105349, target/105463, target/105472, target/105854, target/105879, target/105970, target/105981, target/106017, target/106091, target/106355, target/106491, target/106721, target/107061, target/107064, target/107183, target/107248, target/107304, target/107364, target/107748, testsuite/105095, testsuite/105266, testsuite/105433, testsuite/106345, tree-optimization/103116, tree-optimization/105148, tree-optimization/105163, tree-optimization/105173, tree-optimization/105250, tree-optimization/105263, tree-optimization/105312, tree-optimization/105368, tree-optimization/105431, tree-optimization/105437, tree-optimization/105528, tree-optimization/105618, tree-optimization/105726, tree-optimization/105860, tree-optimization/106112, tree-optimization/106131, tree-optimization/106189, tree-optimization/106513, tree-optimization/106892, tree-optimization/106934 - fix the detection of Sapphire Rapids in host_detect_local_cpu - fix -Wmismatched-dealloc documentation (#2116635) * Tue Jul 12 2022 Marek Polacek <polacek@redhat.com> 11.3.1-2.1 - fix handling of invalid ranges in std::regex (#2106262) * Thu Apr 21 2022 Jakub Jelinek <jakub@redhat.com> 11.3.1-2 - update from releases/gcc-11-branch (#2077536) - GCC 11.3 release - PRs c++/98249, c++/99893, c++/100608, c++/101051, c++/101532, c++/101677, c++/101717, c++/101894, c++/102869, c++/103105, c++/103328, c++/103341, c++/103455, c++/103706, c++/103885, c++/103943, c++/104008, c++/104079, c++/104225, c++/104507, c++/104565, c++/105003, c++/105064, c++/105143, c++/105186, c++/105256, c/101585, debug/105203, fortran/102992, fortran/104210, fortran/104228, fortran/104570, fortran/105138, gcov-profile/105282, ipa/103083, ipa/103432, jit/100613, libstdc++/90943, libstdc++/100516, libstdc++/103630, libstdc++/103638, libstdc++/103650, libstdc++/103955, libstdc++/104098, libstdc++/104301, libstdc++/104542, libstdc++/104859, libstdc++/105021, libstdc++/105027, middle-end/104497, middle-end/105165, rtl-optimization/104985, rtl-optimization/105028, rtl-optimization/105211, target/80556, target/100106, target/104117, target/104474, target/104853, target/104894, target/105214, target/105257, tree-optimization/99121, tree-optimization/104880, tree-optimization/105053, tree-optimization/105070, tree-optimization/105189, tree-optimization/105198, tree-optimization/105226, tree-optimization/105232, tree-optimization/105235 - fix bogus -Wuninitialized warning on va_arg with complex types on x86_64 (PR target/105331) - remove bogus assertion in std::from_chars (PR libstdc++/105324) * Mon Apr 04 2022 David Malcolm <dmalcolm@redhat.com> - 11.2.1-10 - update from releases/gcc-11-branch (#2063255) - PRs ada/98724, ada/104258, ada/104767, ada/104861, c++/58646, c++/59950, c++/61611, c++/95036, c++/100468, c++/101030, c++/101095, c++/101371, c++/101515, c++/101767, c++/102045, c++/102123, c++/102538, c++/102740, c++/102990, c++/103057, c++/103186, c++/103291, c++/103299, c++/103337, c++/103711, c++/103769, c++/103968, c++/104107, c++/104108, c++/104284, c++/104410, c++/104472, c++/104513, c++/104568, c++/104667, c++/104806, c++/104847, c++/104944, c++/104994, c++/105035, c++/105061, c/82283, c/84685, c/104510, c/104711, d/104659, d/105004, debug/104337, debug/104517, debug/104557, fortran/66193, fortran/99585, fortran/100337, fortran/103790, fortran/104211, fortran/104311, fortran/104331, fortran/104430, fortran/104619, fortran/104811, go/100537, libgomp/104385, libstdc++/101231, libstdc++/102358, libstdc++/103904, libstdc++/104442, lto/104237, lto/104333, lto/104617, middle-end/95115, middle-end/99578, middle-end/100464, middle-end/100680, middle-end/100775, middle-end/100786, middle-end/104307, middle-end/104402, middle-end/104446, middle-end/104786, middle-end/104971, middle-end/105032, preprocessor/104147, rtl-optimization/104544, rtl-optimization/104589, rtl-optimization/104777, rtl-optimization/104814, sanitizer/102656, sanitizer/104449, sanitizer/105093, target/79754, target/87496, target/99708, target/99754, target/100784, target/101324, target/102140, target/102952, target/102957, target/103307, target/103627, target/103925, target/104090, target/104208, target/104219, target/104253, target/104362, target/104448, target/104451, target/104453, target/104458, target/104462, target/104469, target/104502, target/104674, target/104681, target/104688, target/104775, target/104890, target/104910, target/104923, target/104963, target/104998, target/105000, target/105052, target/105058, target/105068, testsuite/103556, testsuite/103586, testsuite/104730, testsuite/104759, testsuite/105055, tree-optimization/45178, tree-optimization/100834, tree-optimization/101636, tree-optimization/102819, tree-optimization/102893, tree-optimization/103169, tree-optimization/103361, tree-optimization/103489, tree-optimization/103544, tree-optimization/103596, tree-optimization/103641, tree-optimization/103864, tree-optimization/104263, tree-optimization/104288, tree-optimization/104511, tree-optimization/104601, tree-optimization/104675, tree-optimization/104782, tree-optimization/104931, tree-optimization/105094 - fix x86 vector initialization expansion fallback (PR target/105123) - drop patch 22 (gcc11-libsanitizer-pthread.patch; upstreamed as r11-9607-ga8dd74bfb921ed) * Thu Feb 10 2022 Marek Polacek <polacek@redhat.com> 11.2.1-9.4 - add --enable-host-bind-now, use it (#2044917) * Tue Feb 08 2022 Marek Polacek <polacek@redhat.com> 11.2.1-9.3 - use _thread_db_sizeof_pthread to obtain struct pthread size (#2034494) - add --enable-host-pie, build the compilers as PIE (#2044917) * Mon Feb 07 2022 Marek Polacek <polacek@redhat.com> 11.2.1-9.2 - add support for relocation of the PCH data (pch/71934, #2044917) - remove 30_threads/future/members/poll.cc (#2050090) - avoid overly-greedy match in dejagnu regexp (#2050089) * Mon Jan 31 2022 Marek Polacek <polacek@redhat.com> 11.2.1-9.1 - don't set -Wl,-rpath when building annobin (#2047356) * Fri Jan 28 2022 Marek Polacek <polacek@redhat.com> 11.2.1-9 - update from releases/gcc-11-branch (#2047296) - PRs fortran/104127, fortran/104212, fortran/104227, target/101529 - fix up va-opt-6.c testcase * Fri Jan 28 2022 Marek Polacek <polacek@redhat.com> 11.2.1-8 - update from releases/gcc-11-branch (#2047296) - PRs ada/103538, analyzer/101962, bootstrap/103688, c++/85846, c++/95009, c++/98394, c++/99911, c++/100493, c++/101715, c++/102229, c++/102933, c++/103012, c++/103198, c++/103480, c++/103703, c++/103714, c++/103758, c++/103783, c++/103831, c++/103912, c++/104055, c/97548, c/101289, c/101537, c/103587, c/103881, d/103604, debug/103838, debug/103874, fortran/67804, fortran/83079, fortran/101329, fortran/101762, fortran/102332, fortran/102717, fortran/102787, fortran/103411, fortran/103412, fortran/103418, fortran/103473, fortran/103505, fortran/103588, fortran/103591, fortran/103606, fortran/103607, fortran/103609, fortran/103610, fortran/103692, fortran/103717, fortran/103718, fortran/103719, fortran/103776, fortran/103777, fortran/103778, fortran/103782, fortran/103789, ipa/101354, jit/103562, libfortran/103634, libstdc++/100017, libstdc++/102994, libstdc++/103453, libstdc++/103501, libstdc++/103549, libstdc++/103877, libstdc++/103919, middle-end/101751, middle-end/102860, middle-end/103813, objc/103639, preprocessor/89971, preprocessor/102432, rtl-optimization/102478, rtl-optimization/103837, rtl-optimization/103860, rtl-optimization/103908, sanitizer/102911, target/102347, target/103465, target/103661, target/104172, target/104188, tree-optimization/101615, tree-optimization/103523, tree-optimization/103603, tree-optimization/103995 * Tue Jan 25 2022 Marek Polacek <polacek@redhat.com> 11.2.1-7.7 - do not undefine _hardened_build (#2044917) * Mon Jan 24 2022 Marek Polacek <polacek@redhat.com> 11.2.1-7.6 - update annobin plugin patch (#2030667) * Thu Jan 13 2022 Marek Polacek <polacek@redhat.com> 11.2.1-7.5 - update annobin plugin patch (#2030667) * Fri Jan 07 2022 Marek Polacek <polacek@redhat.com> 11.2.1-7.4 - update annobin plugin patch (#2030667) * Tue Jan 04 2022 Marek Polacek <polacek@redhat.com> 11.2.1-7.3 - fix dg-ice tests (#1996047) * Tue Jan 04 2022 Marek Polacek <polacek@redhat.com> 11.2.1-7.2 - update annobin plugin patch (#2030667) libdb| * Wed Nov 24 2021 Filip Januš <fjanus@redhat.com> - 5.3.28-53 - Add missing RPM_LD_FLAGS for db_dump185 - Resolves: #2026417 * Mon Sep 13 2021 Filip Januš <fjanus@redhat.com> - 5.3.28-52 - Bad order of sys calls cause high CPU usage - Related: #2002186 - Patch no. 42 was added * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 5.3.28-51 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Thu Aug 05 2021 Filip Januš <fjanus@redhat.com> - 5.3.28-50 - fix static analyzer issues CWE-686-398 - Resolves: #1938760 * Mon Jul 12 2021 Filip Januš <fjanus@redhat.com> - 5.3.28-49 - Rebuild due to glibc - Resolves: #1980975 * Fri Jun 25 2021 Filip Januš <fjanus@redhat.com> - 5.3.28-48 - Disable crypto support - Resolves: #1974657 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 5.3.28-47 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 5.3.28-46 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Wed Dec 02 2020 Matej Mužila <mmuzila@redhat.com> 5.3.28-45 - Resolves: CVE-2019-2708 (#1853243) * Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.3.28-44 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Tue Jul 21 2020 Tom Stellard <tstellar@redhat.com> - 5.3.28-43 - Use make macros - https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro * Tue Jul 14 2020 Ondrej Dubaj <odubaj@redhat.com> - 5.3.28-42 - Remove java subpackage due to jdk-11 (#1846398) * Sat Jul 11 2020 Jiri Vanek <jvanek@redhat.com> - 5.3.28-41 - Rebuilt for JDK-11, see https://fedoraproject.org/wiki/Changes/Java11 * Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.3.28-40 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild lua-libs| * Mon Apr 17 2023 Florian Festi <ffesti@redhat.com> - 5.4.4-4 - Disable bootstrap mode forgotten on 5.4 rebase (#2135419) * Fri Feb 03 2023 Florian Festi <ffesti@redhat.com> - 5.4.4-3 - Apply upstream patch for CVE-2022-28805 * Fri Feb 03 2023 Florian Festi <ffesti@redhat.com> - 5.4.4-2 - Resolves CVE-2021-43519 * Tue Jan 24 2023 Florian Festi <ffesti@redhat.com> - 5.4.4-1 - Rebase to lua 5.4.4 - Resolves CVE-2021-44964 * Tue Oct 25 2022 Michal Domonkos <mdomonko@redhat.com> - 5.4.2-7 - Fix up CVE-2022-33099 patch * Mon Oct 17 2022 Michal Domonkos <mdomonko@redhat.com> - 5.4.2-6 - Enable gating * Mon Oct 17 2022 Michal Domonkos <mdomonko@redhat.com> - 5.4.2-5 - apply upstream fix for CVE-2022-33099 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 5.4.2-4 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 gdbm-libs| * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1:1.19-4 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 1:1.19-3 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.19-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Tue Jan 05 2021 Filip Januš <fjanus@redhat.com> - 1.19-1 - Rebase to latest release 1.19 - Remove gdbm_gcc_10.patch no more necessary * Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.18.1-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Mon Jul 13 2020 Tom Stellard <tstellar@redhat.com> - 1:1.18.1-4 - Use make macros - https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro * Fri Feb 07 2020 Filip Januš <fjanus@redhat.com> - 1.18.1-3 - Resolves: #1799391 - After upgrade GCC to version gcc version 10.0.1 build fails - Patch gdbm_gcc_10.patch was added * Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.18.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Sun Oct 13 2019 Christian Stadelmann <genodeftest@fedoraproject.org> - Remove outdated comments from spec file * Mon Sep 23 2019 Filip Janus <fjanus@redhat.com> - 1.18.1-1 - Upstream released 1.18.1 bug(#1706639) - Remove old patches libbrotli| * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.0.9-6 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 1.0.9-5 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.9-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Thu Oct 01 2020 Travis Kendrick <pouar@pouar.net> - 1.0.9-3 - Apparently %autosetup calls %patch on its own * Thu Oct 01 2020 Travis Kendrick <pouar@pouar.net> - 1.0.9-2 - Fix pc file (#1884364) * Wed Sep 30 2020 Travis Kendrick <pouar@pouar.net> - 1.0.9-1 - Update to 1.0.9 (#1872932) * Wed Aug 12 2020 Carl George <carl@george.computer> - 1.0.7-14 - Update cmake invocation rhbz#1863298 * Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.7-13 - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.7-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Sat May 23 2020 Miro Hrončok <mhroncok@redhat.com> - 1.0.7-11 - Rebuilt for Python 3.9 * Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.7-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Sat Dec 07 2019 Peter Robinson <pbrobinson@fedoraproject.org> 1.0.7-9 - Splil out the libs to a separate package * Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 1.0.7-8 - Rebuilt for Python 3.8.0rc1 (#1748018) * Sat Aug 17 2019 Miro Hrončok <mhroncok@redhat.com> - 1.0.7-7 - Rebuilt for Python 3.8 keyutils-libs| * Fri Oct 14 2022 Pavel Reichl <preichl@redhat.com> - 1.6.3-1 - Update to upstream version 1.6.3 Related: rhbz#2119105 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.6.1-4 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.6.1-3 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Tue Jan 05 2021 Peter Robinson <pbrobinson@fedoraproject.org> - 1.6.1-1 - Update to 1.6.1 - Spec cleanups libeconf| * Wed Jun 07 2023 Iker Pedrosa <ipedrosa@redhat.com> - 0.4.1-3 - Fix stack-based buffer overflow in read_file(). Resolves: #2212467 (CVE-2023-22652) * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.4.1-2 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Tue Jul 13 2021 Iker Pedrosa <ipedrosa@redhat.com> - 0.4.1-1 - Rebase to 0.4.1. Resolves: #1938762 pcre2-syntax| * Fri Feb 16 2024 Lukas Javorsky <ljavorsk@redhat.com> - 10.40-5 - Rebuilt for added pcre2-tools into CRB * Mon Nov 13 2023 Lukas Javorsky <ljavorsk@redhat.com> - 10.40-4 - Fix an issue with restoring originally unset entries in recursion - Resolves: BZ#2248133 * Tue Oct 17 2023 Lukas Javorsky <ljavorsk@redhat.com> - 10.40-3 - Fix issue in the backtracking optimization of character in JIT * Wed May 18 2022 Lukas Javorsky <ljavorsk@redhat.com> - 10.40-2 - Explicitly require uft subpackages in tools subpackage * Fri May 13 2022 Lukas Javorsky <ljavorsk@redhat.com> - 10.40-1 - Rebase to the 10.40 - Resolves multiple Out-of-bounds read errors * Fri May 13 2022 Lukas Javorsky <ljavorsk@redhat.com> - 10.39-1 - Rebase to the 10.39 * Fri May 13 2022 Lukas Javorsky <ljavorsk@redhat.com> - 10.38-1 - Rebase to the 10.38 - Patch 1 upstreamed pcre2| * Fri Feb 16 2024 Lukas Javorsky <ljavorsk@redhat.com> - 10.40-5 - Rebuilt for added pcre2-tools into CRB * Mon Nov 13 2023 Lukas Javorsky <ljavorsk@redhat.com> - 10.40-4 - Fix an issue with restoring originally unset entries in recursion - Resolves: BZ#2248133 * Tue Oct 17 2023 Lukas Javorsky <ljavorsk@redhat.com> - 10.40-3 - Fix issue in the backtracking optimization of character in JIT * Wed May 18 2022 Lukas Javorsky <ljavorsk@redhat.com> - 10.40-2 - Explicitly require uft subpackages in tools subpackage * Fri May 13 2022 Lukas Javorsky <ljavorsk@redhat.com> - 10.40-1 - Rebase to the 10.40 - Resolves multiple Out-of-bounds read errors * Fri May 13 2022 Lukas Javorsky <ljavorsk@redhat.com> - 10.39-1 - Rebase to the 10.39 * Fri May 13 2022 Lukas Javorsky <ljavorsk@redhat.com> - 10.38-1 - Rebase to the 10.38 - Patch 1 upstreamed libselinux| * Wed Dec 13 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.6-1 - SELinux userspace 3.6 release * Mon Nov 13 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.6-0.rc1.1 - SELinux userspace 3.6-rc1 release * Thu Feb 23 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-1 - SELinux userspace 3.5 release * Tue Feb 14 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-0.rc3.1 - SELinux userspace 3.5-rc3 release * Mon Jan 16 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-0.rc2.1 - SELinux userspace 3.5-rc2 release * Mon Jan 02 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-0.rc1.1 - SELinux userspace 3.5-rc1 release * Mon Jul 18 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-3 - Drop SHA-1 from selinux_restorecon.3 * Tue May 31 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-2 - Revert "libselinux: restorecon: pin file to avoid TOCTOU issues" * Thu May 19 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-1 - SELinux userspace 3.4 release coreutils-single| * Mon Jan 29 2024 Lukáš Zaoral <lzaoral@redhat.com> - fix tail on kernels with 64k page sizes (RHEL-22866) * Mon Jan 02 2023 Kamil Dudka <kdudka@redhat.com> - 8.32-34 - basic support for checking NFSv4 ACLs (#2137866) * Mon Aug 01 2022 Kamil Dudka <kdudka@redhat.com> - 8.32-33 - prevent unexpand from failing on control characters (#2112870) * Tue Mar 01 2022 Kamil Dudka <kdudka@redhat.com> - 8.32-32 - ls, stat: avoid triggering automounts (#2044981) - make `df --direct` work again (#2058686) libblkid| * Thu Feb 08 2024 Karel Zak <kzak@redhat.com> 2.37.4-18 - lscpu: another tests update (RHEL-12783) * Thu Feb 08 2024 Karel Zak <kzak@redhat.com> 2.37.4-17 - lscpu: update tests, follow max freq for scaling (RHEL-12783) * Wed Feb 07 2024 Karel Zak <kzak@redhat.com> 2.37.4-16 - fix RHEL-16048 - uninitialized memory in SCM_CREDENTIALS in logger(1) - fix RHEL-21257 - logger sending process start time not current time with log messages - fix RHEL-16071 - issues in libblkid - fix RHEL-12783 - lscpu -e doesn't show the current real frequency value - fix RHEL-14612 - Userspace mount options are not preserved for NFS * Thu Aug 24 2023 Karel Zak <kzak@redhat.com> 2.37.4-15 - fix typo in patch for #2133396 * Wed Aug 23 2023 Karel Zak <kzak@redhat.com> 2.37.4-14 - improve fix #2133396 - Internal testsuite for cramfs fails on s390x * Thu Aug 10 2023 Karel Zak <kzak@redhat.com> 2.37.4-13 - improve fix #2180414 - Backport hint about systemd daemon-reload * Wed Aug 09 2023 Karel Zak <kzak@redhat.com> 2.37.4-12 - fix #2133396 - Internal testsuite for cramfs fails on s390x - fix #2174748 - enable uuidd cont-clock by default - fix #2182169 - lscpu: backport ARM human-readable names from upstream - fix #2189947 - libuuid - downport cache related patch - fix #2203324 - zram module does not have algorithms mentioned in zramctl command - fix #2209267 - Add additional documentation on devices being auto-mounted if a device exists within fstab. - fix #2215082 - For the 'sfdisk' man page to further clarify the expected behavior and intended use of the -d option * Tue Mar 28 2023 Karel Zak <kzak@redhat.com> 2.37.4-11 - fix #2180414 - Backport hint about systemd daemon-reload * Tue Feb 07 2023 Karel Zak <kzak@redhat.com> 2.37.4-10 - fix #2165981 - fstrim -av fails to trim root filesystem on Red Hat Coreos - fix #2141970 - add --cont-clock feature for libuuid and uuidd - fix #2133385 - uuidd returns time-based UUIDs when asked for random UUIDs. - fix #2156946 - agetty does not handle the \l sequence in /etc/issue correctly - fix #2166653 - last(1) should be more robust with work with strings - fix #2120246 - use {_tmpfilesdir} also in install section - fix #2134143 - publish libsmartcols-devel subpackages to C9S yum repos * Wed Aug 24 2022 Karel Zak <kzak@redhat.com> 2.37.4-9 - improve lslogins pasword validator (related #2094216) * Mon Aug 15 2022 Karel Zak <kzak@redhat.com> 2.37.4-8 - remove unnecessary patches (#2117203) * Fri Aug 12 2022 Karel Zak <kzak@redhat.com> 2.37.4-7 - improve loop overlay test (#2117203) * Wed Aug 10 2022 Karel Zak <kzak@redhat.com> 2.37.4-6 - fix #2094216 - lslogins reports incorrect "Password is locked" status - fix #2117203 - loop-overlay test failed * Fri Jul 22 2022 Karel Zak <kzak@redhat.com> 2.37.4-5 - cleanup spec file build requiremnts * Thu Jul 21 2022 Karel Zak <kzak@redhat.com> 2.37.4-4 - fix #2079652 - remove uclampset, unsupported by RHEL kernel - fix #2094216 - lslogins reports incorrect "Password is locked" status - fix #2092943 - uuidd time based UUIDs are without MAC address - fix #2074486 - wipefs to erase all available signatures against read only rom - fix #2064810 - RFE: complete libblkid FSSIZE implementation - fix #2078787 - Activity "lsirq -s column" produces wrong result i.e. not sorting properly. - fix #2076829 - dmesg new option "--since" is not working if timestamp format is not provided - fix #2109459 - fix compiler warnings/errors * Thu Feb 24 2022 Karel Zak <kzak@redhat.com> 2.37.4-3 - fix #2057046 - wdctl not picking up reboot reason flag * Thu Feb 17 2022 Karel Zak <kzak@redhat.com> 2.37.4-2 - improve bugfix for #2047952, fix warnings from rpminspect * Wed Feb 16 2022 Karel Zak <kzak@redhat.com> 2.37.4-1 - upgrade to v2.37.4 (fix CVE-2022-0563) libmount| * Thu Feb 08 2024 Karel Zak <kzak@redhat.com> 2.37.4-18 - lscpu: another tests update (RHEL-12783) * Thu Feb 08 2024 Karel Zak <kzak@redhat.com> 2.37.4-17 - lscpu: update tests, follow max freq for scaling (RHEL-12783) * Wed Feb 07 2024 Karel Zak <kzak@redhat.com> 2.37.4-16 - fix RHEL-16048 - uninitialized memory in SCM_CREDENTIALS in logger(1) - fix RHEL-21257 - logger sending process start time not current time with log messages - fix RHEL-16071 - issues in libblkid - fix RHEL-12783 - lscpu -e doesn't show the current real frequency value - fix RHEL-14612 - Userspace mount options are not preserved for NFS * Thu Aug 24 2023 Karel Zak <kzak@redhat.com> 2.37.4-15 - fix typo in patch for #2133396 * Wed Aug 23 2023 Karel Zak <kzak@redhat.com> 2.37.4-14 - improve fix #2133396 - Internal testsuite for cramfs fails on s390x * Thu Aug 10 2023 Karel Zak <kzak@redhat.com> 2.37.4-13 - improve fix #2180414 - Backport hint about systemd daemon-reload * Wed Aug 09 2023 Karel Zak <kzak@redhat.com> 2.37.4-12 - fix #2133396 - Internal testsuite for cramfs fails on s390x - fix #2174748 - enable uuidd cont-clock by default - fix #2182169 - lscpu: backport ARM human-readable names from upstream - fix #2189947 - libuuid - downport cache related patch - fix #2203324 - zram module does not have algorithms mentioned in zramctl command - fix #2209267 - Add additional documentation on devices being auto-mounted if a device exists within fstab. - fix #2215082 - For the 'sfdisk' man page to further clarify the expected behavior and intended use of the -d option * Tue Mar 28 2023 Karel Zak <kzak@redhat.com> 2.37.4-11 - fix #2180414 - Backport hint about systemd daemon-reload * Tue Feb 07 2023 Karel Zak <kzak@redhat.com> 2.37.4-10 - fix #2165981 - fstrim -av fails to trim root filesystem on Red Hat Coreos - fix #2141970 - add --cont-clock feature for libuuid and uuidd - fix #2133385 - uuidd returns time-based UUIDs when asked for random UUIDs. - fix #2156946 - agetty does not handle the \l sequence in /etc/issue correctly - fix #2166653 - last(1) should be more robust with work with strings - fix #2120246 - use {_tmpfilesdir} also in install section - fix #2134143 - publish libsmartcols-devel subpackages to C9S yum repos * Wed Aug 24 2022 Karel Zak <kzak@redhat.com> 2.37.4-9 - improve lslogins pasword validator (related #2094216) * Mon Aug 15 2022 Karel Zak <kzak@redhat.com> 2.37.4-8 - remove unnecessary patches (#2117203) * Fri Aug 12 2022 Karel Zak <kzak@redhat.com> 2.37.4-7 - improve loop overlay test (#2117203) * Wed Aug 10 2022 Karel Zak <kzak@redhat.com> 2.37.4-6 - fix #2094216 - lslogins reports incorrect "Password is locked" status - fix #2117203 - loop-overlay test failed * Fri Jul 22 2022 Karel Zak <kzak@redhat.com> 2.37.4-5 - cleanup spec file build requiremnts * Thu Jul 21 2022 Karel Zak <kzak@redhat.com> 2.37.4-4 - fix #2079652 - remove uclampset, unsupported by RHEL kernel - fix #2094216 - lslogins reports incorrect "Password is locked" status - fix #2092943 - uuidd time based UUIDs are without MAC address - fix #2074486 - wipefs to erase all available signatures against read only rom - fix #2064810 - RFE: complete libblkid FSSIZE implementation - fix #2078787 - Activity "lsirq -s column" produces wrong result i.e. not sorting properly. - fix #2076829 - dmesg new option "--since" is not working if timestamp format is not provided - fix #2109459 - fix compiler warnings/errors * Thu Feb 24 2022 Karel Zak <kzak@redhat.com> 2.37.4-3 - fix #2057046 - wdctl not picking up reboot reason flag * Thu Feb 17 2022 Karel Zak <kzak@redhat.com> 2.37.4-2 - improve bugfix for #2047952, fix warnings from rpminspect * Wed Feb 16 2022 Karel Zak <kzak@redhat.com> 2.37.4-1 - upgrade to v2.37.4 (fix CVE-2022-0563) glib2| * Wed Feb 21 2024 Michael Catanzaro <mcatanzaro@redhat.com> - 2.68.4-14 - Rebuild against newer util-linux for libmnt changes - Resolves: RHEL-23637 * Thu Feb 01 2024 Michael Catanzaro <mcatanzaro@redhat.com> - 2.68.4-13 - Backport GUnixMountMonitor port to libmnt_monitor - Resolves: RHEL-23637 * Fri Nov 03 2023 Michael Catanzaro <mcatanzaro@redhat.com> - 2.68.4-12 - Fix race with waitpid() and child watcher sources - Resolves: RHEL-14761 * Wed Jul 19 2023 Michael Catanzaro <mcatanzaro@redhat.com> - 2.68.4-11 - Really fix authentication failures when sd-bus clients connect to GDBus servers - Resolves: #2217771 * Thu Jul 06 2023 Michael Catanzaro <mcatanzaro@redhat.com> - 2.68.4-10 - Fix authentication failures when sd-bus clients connect to GDBus servers - Resolves: #2217771 * Thu May 25 2023 Michael Catanzaro <mcatanzaro@redhat.com> - 2.68.4-9 - Resolve s390x crashes introduced by fixes for CVE-2023-24593/CVE-2023-25180 - Related: #2181196 - Related: #2181200 * Wed May 17 2023 Michael Catanzaro <mcatanzaro@redhat.com> - 2.68.4-8 - Resolve use after free introduced by fixes for CVE-2023-24593/CVE-2023-25180 - Related: #2181196 - Related: #2181200 * Fri Mar 24 2023 Michael Catanzaro <mcatanzaro@redhat.com> - 2.68.4-7 - Fix CVE-2023-24593 and CVE-2023-25180 - Resolves: #2181196 - Resolves: #2181200 * Fri Dec 02 2022 Michael Catanzaro <mcatanzaro@redhat.com> - 2.68.4-6 - Drop gdesktopappinfo patchset - Resolves: #2150307 sed| * Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 4.8-9 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 4.8-8 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 4.8-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Mon Aug 17 2020 Jakub Martisko <jamartis@redhat.com> - 4.8-6 - Minor spec cleanup * Mon Aug 03 2020 Jakub Martisko <jamartis@redhat.com> - 4.8-5 - Use make macros * Mon Aug 03 2020 Jakub Martisko <jamartis@redhat.com> - 4.8-4 - Replace some hardcoded constants in the gnulib-testsuite ... that caused build failures on arm7 * Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.8-3 - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.8-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Tue Feb 11 2020 Jakub Martisko <jamartis@redhat.com> - 4.8-1 - Rebase to 4.8 - Refresh the downstream patch and split it into two * Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.5-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild ca-certificates| * Tue Aug 29 2023 Robert Relyea <rrelyea@redhat.com> - 2023.2.60_v7.0.306-90.1 - Bump release number to make CI happy * Tue Aug 01 2023 Robert Relyea <rrelyea@redhat.com> - 2023.2.60_v7.0.306-90.0 - Update to CKBI 2.60_v7.0.306 from NSS 3.91 - Removing: - # Certificate "Camerfirma Global Chambersign Root" - # Certificate "Staat der Nederlanden EV Root CA" - # Certificate "OpenTrust Root CA G1" - # Certificate "Swedish Government Root Authority v1" - # Certificate "DigiNotar Root CA G2" - # Certificate "Federal Common Policy CA" - # Certificate "TC TrustCenter Universal CA III" - # Certificate "CCA India 2007" - # Certificate "ipsCA Global CA Root" - # Certificate "ipsCA Main CA Root" - # Certificate "Macao Post eSignTrust Root Certification Authority" - # Certificate "InfoNotary CSP Root" - # Certificate "DigiNotar Root CA" - # Certificate "Root CA" - # Certificate "GPKIRootCA" - # Certificate "D-TRUST Qualified Root CA 1 2007:PN" - # Certificate "TC TrustCenter Universal CA I" - # Certificate "TC TrustCenter Universal CA II" - # Certificate "TC TrustCenter Class 2 CA II" - # Certificate "TC TrustCenter Class 4 CA II" - # Certificate "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı" - # Certificate "CertRSA01" - # Certificate "KISA RootCA 3" - # Certificate "A-CERT ADVANCED" - # Certificate "A-Trust-Qual-01" - # Certificate "A-Trust-nQual-01" - # Certificate "Serasa Certificate Authority II" - # Certificate "TDC Internet" - # Certificate "America Online Root Certification Authority 2" - # Certificate "RSA Security Inc" - # Certificate "Public Notary Root" - # Certificate "Autoridade Certificadora Raiz Brasileira" - # Certificate "Post.Trust Root CA" - # Certificate "Entrust.net Secure Server Certification Authority" - # Certificate "ePKI EV SSL Certification Authority - G1" - Adding: - # Certificate "DigiCert TLS ECC P384 Root G5" - # Certificate "DigiCert TLS RSA4096 Root G5" - # Certificate "DigiCert SMIME ECC P384 Root G5" - # Certificate "DigiCert SMIME RSA4096 Root G5" - # Certificate "Certainly Root R1" - # Certificate "Certainly Root E1" - # Certificate "E-Tugra Global Root CA RSA v3" - # Certificate "E-Tugra Global Root CA ECC v3" - # Certificate "DIGITALSIGN GLOBAL ROOT RSA CA" - # Certificate "DIGITALSIGN GLOBAL ROOT ECDSA CA" - # Certificate "BJCA Global Root CA1" - # Certificate "BJCA Global Root CA2" - # Certificate "Symantec Enterprise Mobile Root for Microsoft" - # Certificate "A-Trust-Root-05" - # Certificate "ADOCA02" - # Certificate "StartCom Certification Authority G2" - # Certificate "ATHEX Root CA" - # Certificate "EBG Elektronik Sertifika Hizmet Sağlayıcısı" - # Certificate "GeoTrust Primary Certification Authority" - # Certificate "thawte Primary Root CA" - # Certificate "VeriSign Class 3 Public Primary Certification Authority - G5" - # Certificate "America Online Root Certification Authority 1" - # Certificate "Juur-SK" - # Certificate "ComSign CA" - # Certificate "ComSign Secured CA" - # Certificate "ComSign Advanced Security CA" - # Certificate "Global Chambersign Root" - # Certificate "Sonera Class2 CA" - # Certificate "VeriSign Class 3 Public Primary Certification Authority - G3" - # Certificate "VeriSign, Inc." - # Certificate "GTE CyberTrust Global Root" - # Certificate "Equifax Secure Global eBusiness CA-1" - # Certificate "Equifax" - # Certificate "Class 1 Primary CA" - # Certificate "Swiss Government Root CA III" - # Certificate "Application CA G4 Root" - # Certificate "SSC GDL CA Root A" - # Certificate "GlobalSign Code Signing Root E45" - # Certificate "GlobalSign Code Signing Root R45" - # Certificate "Entrust Code Signing Root Certification Authority - CSBR1" * Thu Jul 28 2022 Bob Relyea <rrelyea@redhat.com> - 2022.2.54-90.2 - Update to CKBI 2.54 from NSS 3.79 - Removing: - # Certificate "TrustCor ECA-1" - # Certificate "TrustCor RootCert CA-2" - # Certificate "TrustCor RootCert CA-1" - # Certificate "Network Solutions Certificate Authority" - # Certificate "COMODO Certification Authority" - # Certificate "Autoridad de Certificacion Raiz del Estado Venezolano" - # Certificate "Microsec e-Szigno Root CA 2009" - # Certificate "TWCA Root Certification Authority" - # Certificate "Izenpe.com" - # Certificate "state-institutions" - # Certificate "GlobalSign" - # Certificate "Common Policy" - # Certificate "A-Trust-nQual-03" - # Certificate "A-Trust-Qual-02" - # Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" - # Certificate "Government Root Certification Authority" - # Certificate "AC Raíz Certicámara S.A." * Wed Jul 27 2022 Bob Relyea <rrelyea@redhat.com> - 2022.2.54-90.1 - Update to CKBI 2.54 from NSS 3.79 * Fri Jul 15 2022 Bob Relyea <rrelyea@redhat.com> - 2022.2.54-90.0 - Update to CKBI 2.54 from NSS 3.79 - Removing: - # Certificate "GlobalSign Root CA - R2" - # Certificate "DST Root CA X3" - # Certificate "Explicitly Distrusted DigiNotar PKIoverheid G2" - Adding: - # Certificate "TunTrust Root CA" - # Certificate "HARICA TLS RSA Root CA 2021" - # Certificate "HARICA TLS ECC Root CA 2021" - # Certificate "HARICA Client RSA Root CA 2021" - # Certificate "HARICA Client ECC Root CA 2021" - # Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" - # Certificate "vTrus ECC Root CA" - # Certificate "vTrus Root CA" - # Certificate "ISRG Root X2" - # Certificate "HiPKI Root CA - G1" - # Certificate "Telia Root CA v2" - # Certificate "D-TRUST BR Root CA 1 2020" - # Certificate "D-TRUST EV Root CA 1 2020" - # Certificate "CAEDICOM Root" - # Certificate "I.CA Root CA/RSA" - # Certificate "MULTICERT Root Certification Authority 01" - # Certificate "Certification Authority of WoSign G2" - # Certificate "CA WoSign ECC Root" - # Certificate "CCA India 2015 SPL" - # Certificate "Swedish Government Root Authority v3" - # Certificate "Swedish Government Root Authority v2" - # Certificate "Tunisian Root Certificate Authority - TunRootCA2" - # Certificate "OpenTrust Root CA G1" - # Certificate "OpenTrust Root CA G2" - # Certificate "OpenTrust Root CA G3" - # Certificate "Certplus Root CA G1" - # Certificate "Certplus Root CA G2" - # Certificate "Government Root Certification Authority" - # Certificate "A-Trust-Qual-02" - # Certificate "Thailand National Root Certification Authority - G1" - # Certificate "TrustCor ECA-1" - # Certificate "TrustCor RootCert CA-2" - # Certificate "TrustCor RootCert CA-1" - # Certificate "Certification Authority of WoSign" - # Certificate "CA 沃通根证书" - # Certificate "SSC GDL CA Root B" - # Certificate "SAPO Class 2 Root CA" - # Certificate "SAPO Class 3 Root CA" - # Certificate "SAPO Class 4 Root CA" - # Certificate "CA Disig Root R1" - # Certificate "Autoridad Certificadora Raíz Nacional de Uruguay" - # Certificate "ApplicationCA2 Root" - # Certificate "GlobalSign" - # Certificate "Symantec Class 3 Public Primary Certification Authority - G6" - # Certificate "Symantec Class 3 Public Primary Certification Authority - G4" - # Certificate "Halcom Root CA" - # Certificate "Swisscom Root EV CA 2" - # Certificate "CFCA GT CA" - # Certificate "Digidentity L3 Root CA - G2" - # Certificate "SITHS Root CA v1" - # Certificate "Macao Post eSignTrust Root Certification Authority (G02)" - # Certificate "Autoridade Certificadora Raiz Brasileira v2" - # Certificate "Swisscom Root CA 2" - # Certificate "IGC/A AC racine Etat francais" - # Certificate "PersonalID Trustworthy RootCA 2011" - # Certificate "Swedish Government Root Authority v1" - # Certificate "Swiss Government Root CA II" - # Certificate "Swiss Government Root CA I" - # Certificate "Network Solutions Certificate Authority" - # Certificate "COMODO Certification Authority" - # Certificate "LuxTrust Global Root" - # Certificate "AC1 RAIZ MTIN" - # Certificate "Microsoft Root Certificate Authority 2011" - # Certificate "CCA India 2011" - # Certificate "ANCERT Certificados Notariales V2" - # Certificate "ANCERT Certificados CGN V2" - # Certificate "EE Certification Centre Root CA" - # Certificate "DigiNotar Root CA G2" - # Certificate "Federal Common Policy CA" - # Certificate "Autoridad de Certificacion Raiz del Estado Venezolano" - # Certificate "Autoridad de Certificacion Raiz del Estado Venezolano" - # Certificate "China Internet Network Information Center EV Certificates Root" - # Certificate "Verizon Global Root CA" - # Certificate "SwissSign Silver Root CA - G3" - # Certificate "SwissSign Platinum Root CA - G3" - # Certificate "SwissSign Gold Root CA - G3" - # Certificate "Microsec e-Szigno Root CA 2009" - # Certificate "SITHS CA v3" - # Certificate "Certinomis - Autorité Racine" - # Certificate "ANF Server CA" - # Certificate "Thawte Premium Server CA" - # Certificate "Thawte Server CA" - # Certificate "TC TrustCenter Universal CA III" - # Certificate "KEYNECTIS ROOT CA" - # Certificate "I.CA - Standard Certification Authority, 09/2009" - # Certificate "I.CA - Qualified Certification Authority, 09/2009" - # Certificate "VI Registru Centras RCSC (RootCA)" - # Certificate "CCA India 2007" - # Certificate "Autoridade Certificadora Raiz Brasileira v1" - # Certificate "ipsCA Global CA Root" - # Certificate "ipsCA Main CA Root" - # Certificate "Actalis Authentication CA G1" - # Certificate "A-Trust-Qual-03" - # Certificate "AddTrust External CA Root" - # Certificate "ECRaizEstado" - # Certificate "Configuration" - # Certificate "FNMT-RCM" - # Certificate "StartCom Certification Authority" - # Certificate "TWCA Root Certification Authority" - # Certificate "VeriSign Class 3 Public Primary Certification Authority - G4" - # Certificate "thawte Primary Root CA - G2" - # Certificate "GeoTrust Primary Certification Authority - G2" - # Certificate "VeriSign Universal Root Certification Authority" - # Certificate "thawte Primary Root CA - G3" - # Certificate "GeoTrust Primary Certification Authority - G3" - # Certificate "E-ME SSI (RCA)" - # Certificate "ACEDICOM Root" - # Certificate "Autoridad Certificadora Raiz de la Secretaria de Economia" - # Certificate "Correo Uruguayo - Root CA" - # Certificate "CNNIC ROOT" - # Certificate "Common Policy" - # Certificate "Macao Post eSignTrust Root Certification Authority" - # Certificate "Staat der Nederlanden Root CA - G2" - # Certificate "NetLock Platina (Class Platinum) Főtanúsítvány" - # Certificate "AC Raíz Certicámara S.A." - # Certificate "Cisco Root CA 2048" - # Certificate "CA Disig" - # Certificate "InfoNotary CSP Root" - # Certificate "UCA Global Root" - # Certificate "UCA Root" - # Certificate "DigiNotar Root CA" - # Certificate "Starfield Services Root Certificate Authority" - # Certificate "I.CA - Qualified root certificate" - # Certificate "I.CA - Standard root certificate" - # Certificate "e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi" - # Certificate "Japanese Government" - # Certificate "AdminCA-CD-T01" - # Certificate "Admin-Root-CA" - # Certificate "Izenpe.com" - # Certificate "TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3" - # Certificate "Halcom CA FO" - # Certificate "Halcom CA PO 2" - # Certificate "Root CA" - # Certificate "GPKIRootCA" - # Certificate "ACNLB" - # Certificate "state-institutions" - # Certificate "state-institutions" - # Certificate "SECOM Trust Systems CO.,LTD." - # Certificate "D-TRUST Qualified Root CA 1 2007:PN" - # Certificate "D-TRUST Root Class 2 CA 2007" - # Certificate "D-TRUST Root Class 3 CA 2007" - # Certificate "SSC Root CA A" - # Certificate "SSC Root CA B" - # Certificate "SSC Root CA C" - # Certificate "Autoridad de Certificacion de la Abogacia" - # Certificate "Root CA Generalitat Valenciana" - # Certificate "VAS Latvijas Pasts SSI(RCA)" - # Certificate "ANCERT Certificados CGN" - # Certificate "ANCERT Certificados Notariales" - # Certificate "ANCERT Corporaciones de Derecho Publico" - # Certificate "GLOBALTRUST" - # Certificate "Certipost E-Trust TOP Root CA" - # Certificate "Certipost E-Trust Primary Qualified CA" - # Certificate "Certipost E-Trust Primary Normalised CA" - # Certificate "GlobalSign" - # Certificate "IGC/A" - # Certificate "S-TRUST Authentication and Encryption Root CA 2005:PN" - # Certificate "TC TrustCenter Universal CA I" - # Certificate "TC TrustCenter Universal CA II" - # Certificate "TC TrustCenter Class 2 CA II" - # Certificate "TC TrustCenter Class 4 CA II" - # Certificate "Swisscom Root CA 1" - # Certificate "Microsec e-Szigno Root CA" - # Certificate "LGPKI" - # Certificate "AC RAIZ DNIE" - # Certificate "Common Policy" - # Certificate "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı" - # Certificate "A-Trust-nQual-03" - # Certificate "A-Trust-nQual-03" - # Certificate "CertRSA01" - # Certificate "KISA RootCA 1" - # Certificate "KISA RootCA 3" - # Certificate "NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado" - # Certificate "A-CERT ADVANCED" - # Certificate "A-Trust-Qual-01" - # Certificate "A-Trust-nQual-01" - # Certificate "A-Trust-Qual-02" - # Certificate "Staat der Nederlanden Root CA" - # Certificate "Serasa Certificate Authority II" - # Certificate "TDC Internet" - # Certificate "America Online Root Certification Authority 2" - # Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" - # Certificate "Government Root Certification Authority" - # Certificate "RSA Security Inc" - # Certificate "Public Notary Root" - # Certificate "GeoTrust Global CA" - # Certificate "GeoTrust Global CA 2" - # Certificate "GeoTrust Universal CA" - # Certificate "GeoTrust Universal CA 2" - # Certificate "QuoVadis Root Certification Authority" - # Certificate "Autoridade Certificadora Raiz Brasileira" - # Certificate "Post.Trust Root CA" - # Certificate "Microsoft Root Authority" - # Certificate "Microsoft Root Certificate Authority" - # Certificate "Microsoft Root Certificate Authority 2010" - # Certificate "Entrust.net Secure Server Certification Authority" - # Certificate "UTN-USERFirst-Object" - # Certificate "BYTE Root Certification Authority 001" - # Certificate "CISRCA1" - # Certificate "ePKI Root Certification Authority - G2" - # Certificate "ePKI EV SSL Certification Authority - G1" - # Certificate "AC Raíz Certicámara S.A." - # Certificate "SSL.com EV Root Certification Authority RSA" - # Certificate "LuxTrust Global Root 2" - # Certificate "ACA ROOT" - # Certificate "Security Communication ECC RootCA1" - # Certificate "Security Communication RootCA3" - # Certificate "CHAMBERS OF COMMERCE ROOT - 2016" - # Certificate "Network Solutions RSA Certificate Authority" - # Certificate "Network Solutions ECC Certificate Authority" - # Certificate "Australian Defence Public Root CA" - # Certificate "SI-TRUST Root" - # Certificate "Halcom Root Certificate Authority" - # Certificate "Application CA G3 Root" - # Certificate "GLOBALTRUST 2015" - # Certificate "Microsoft ECC Product Root Certificate Authority 2018" - # Certificate "emSign Root CA - G2" - # Certificate "emSign Root CA - C2" - # Certificate "Microsoft ECC TS Root Certificate Authority 2018" - # Certificate "DigiCert CS ECC P384 Root G5" - # Certificate "DigiCert CS RSA4096 Root G5" - # Certificate "DigiCert RSA4096 Root G5" - # Certificate "DigiCert ECC P384 Root G5" - # Certificate "HARICA Code Signing RSA Root CA 2021" - # Certificate "HARICA Code Signing ECC Root CA 2021" - # Certificate "Microsoft Identity Verification Root Certificate Authority 2020" * Mon Nov 01 2021 Bob Relyea <rrelyea@redhat.com> - 2020.2.50-94 - remove blacklist directory and references now that p11-kit has been updated. openssl-libs| * Wed Feb 21 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-27 - Use certified FIPS module instead of freshly built one in Red Hat distribution Related: RHEL-23474 * Tue Nov 21 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-26 - Avoid implicit function declaration when building openssl Related: RHEL-1780 - In FIPS mode, prevent any other operations when rsa_keygen_pairwise_test fails Resolves: RHEL-17104 - Add a directory for OpenSSL providers configuration Resolves: RHEL-17193 - Eliminate memory leak in OpenSSL when setting elliptic curves on SSL context Resolves: RHEL-19515 - POLY1305 MAC implementation corrupts vector registers on PowerPC (CVE-2023-6129) Resolves: RHEL-21151 - Excessive time spent checking invalid RSA public keys (CVE-2023-6237) Resolves: RHEL-21654 - SSL ECDHE Kex fails when pkcs11 engine is set in config file Resolves: RHEL-20249 - Denial of service via null dereference in PKCS#12 Resolves: RHEL-22486 - Use certified FIPS module instead of freshly built one in Red Hat distribution Resolves: RHEL-23474 * Mon Oct 16 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-25 - Provide relevant diagnostics when FIPS checksum is corrupted Resolves: RHEL-5317 - Don't limit using SHA1 in KDFs in non-FIPS mode. Resolves: RHEL-5295 - Provide empty evp_properties section in main OpenSSL configuration file Resolves: RHEL-11439 - Avoid implicit function declaration when building openssl Resolves: RHEL-1780 - Forbid explicit curves when created via EVP_PKEY_fromdata Resolves: RHEL-5304 - AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries (CVE-2023-2975) Resolves: RHEL-5302 - Excessive time spent checking DH keys and parameters (CVE-2023-3446) Resolves: RHEL-5306 - Excessive time spent checking DH q parameter value (CVE-2023-3817) Resolves: RHEL-5308 - Fix incorrect cipher key and IV length processing (CVE-2023-5363) Resolves: RHEL-13251 - Switch explicit FIPS indicator for RSA-OAEP to approved following clarification with CMVP Resolves: RHEL-14083 - Backport the check required by SP800-56Br2 6.4.1.2.1 (3.c) Resolves: RHEL-14083 - Add missing ECDH Public Key Check in FIPS mode Resolves: RHEL-15990 - Excessive time spent in DH check/generation with large Q parameter value (CVE-2023-5678) Resolves: RHEL-15954 * Wed Jul 12 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-24 - Make FIPS module configuration more crypto-policies friendly Related: rhbz#2216256 * Tue Jul 11 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-23 - Add a workaround for lack of EMS in FIPS mode Resolves: rhbz#2216256 * Thu Jul 06 2023 Sahana Prasad <sahana@redhat.com> - 1:3.0.7-22 - Remove unsupported curves from nist_curves. Resolves: rhbz#2069336 * Mon Jun 26 2023 Sahana Prasad <sahana@redhat.com> - 1:3.0.7-21 - Remove the listing of brainpool curves in FIPS mode. Related: rhbz#2188180 * Tue May 30 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-20 - Fix possible DoS translating ASN.1 object identifiers Resolves: CVE-2023-2650 - Release the DRBG in global default libctx early Resolves: rhbz#2211340 * Mon May 22 2023 Clemens Lang <cllang@redhat.com> - 1:3.0.7-19 - Re-enable DHX keys in FIPS mode, disable FIPS 186-4 parameter validation and generation in FIPS mode Resolves: rhbz#2169757 * Thu May 18 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-18 - Use OAEP padding and aes-128-cbc by default in cms command in FIPS mode Resolves: rhbz#2160797 * Tue May 09 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-17 - Enforce using EMS in FIPS mode - better alerts Related: rhbz#2157951 * Tue May 02 2023 Sahana Prasad <sahana@redhat.com> - 1:3.0.7-16 - Upload new upstream sources without manually hobbling them. - Remove the hobbling script as it is redundant. It is now allowed to ship the sources of patented EC curves, however it is still made unavailable to use by compiling with the 'no-ec2m' Configure option. The additional forbidden curves such as P-160, P-192, wap-tls curves are manually removed by updating 0011-Remove-EC-curves.patch. - Enable Brainpool curves. - Apply the changes to ec_curve.c and ectest.c as a new patch 0010-Add-changes-to-ectest-and-eccurve.patch instead of replacing them. - Modify 0011-Remove-EC-curves.patch to allow Brainpool curves. - Modify 0011-Remove-EC-curves.patch to allow code under macro OPENSSL_NO_EC2M. Resolves: rhbz#2130618, rhbz#2188180 * Fri Apr 28 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-15 - Backport implicit rejection for RSA PKCS#1 v1.5 encryption Resolves: rhbz#2153471 * Fri Apr 21 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-14 - Input buffer over-read in AES-XTS implementation on 64 bit ARM Resolves: rhbz#2188554 * Tue Apr 18 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-13 - Enforce using EMS in FIPS mode Resolves: rhbz#2157951 - Fix excessive resource usage in verifying X509 policy constraints Resolves: rhbz#2186661 - Fix invalid certificate policies in leaf certificates check Resolves: rhbz#2187429 - Certificate policy check not enabled Resolves: rhbz#2187431 - OpenSSL rsa_verify_recover key length checks in FIPS mode Resolves: rhbz#2186819 * Fri Mar 24 2023 Clemens Lang <cllang@redhat.com> - 1:3.0.7-12 - Change explicit FIPS indicator for RSA decryption to unapproved Resolves: rhbz#2179379 * Mon Mar 20 2023 Clemens Lang <cllang@redhat.com> - 1:3.0.7-11 - Add missing reference to patchfile to add explicit FIPS indicator to RSA encryption and RSASVE and fix the gettable parameter list for the RSA asymmetric cipher implementation. Resolves: rhbz#2179379 * Fri Mar 17 2023 Clemens Lang <cllang@redhat.com> - 1:3.0.7-10 - Add explicit FIPS indicator to RSA encryption and RSASVE Resolves: rhbz#2179379 * Thu Mar 16 2023 Clemens Lang <cllang@redhat.com> - 1:3.0.7-9 - Fix explicit FIPS indicator for X9.42 KDF when used with output lengths < 14 bytes Resolves: rhbz#2175864 * Thu Mar 16 2023 Clemens Lang <cllang@redhat.com> - 1:3.0.7-8 - Fix Wpointer-sign compiler warning Resolves: rhbz#2178034 * Tue Mar 14 2023 Clemens Lang <cllang@redhat.com> - 1:3.0.7-7 - Add explicit FIPS indicators to key derivation functions Resolves: rhbz#2175860 rhbz#2175864 - Zeroize FIPS module integrity check MAC after check Resolves: rhbz#2175873 - Add explicit FIPS indicator for IV generation in AES-GCM Resolves: rhbz#2175868 - Add explicit FIPS indicator for PBKDF2, use test vector with FIPS-compliant salt in PBKDF2 FIPS self-test Resolves: rhbz#2178137 - Limit RSA_NO_PADDING for encryption and signature in FIPS mode Resolves: rhbz#2178029 - Pairwise consistency tests should use Digest+Sign/Verify Resolves: rhbz#2178034 - Forbid DHX keys import in FIPS mode Resolves: rhbz#2178030 - DH PCT should abort on failure Resolves: rhbz#2178039 - Increase RNG seeding buffer size to 32 Related: rhbz#2168224 * Wed Mar 08 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-6 - Fixes RNG slowdown in FIPS mode Resolves: rhbz#2168224 * Wed Feb 08 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-5 - Fixed X.509 Name Constraints Read Buffer Overflow Resolves: CVE-2022-4203 - Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 - Fixed Double free after calling PEM_read_bio_ex Resolves: CVE-2022-4450 - Fixed Use-after-free following BIO_new_NDEF Resolves: CVE-2023-0215 - Fixed Invalid pointer dereference in d2i_PKCS7 functions Resolves: CVE-2023-0216 - Fixed NULL dereference validating DSA public key Resolves: CVE-2023-0217 - Fixed X.400 address type confusion in X.509 GeneralName Resolves: CVE-2023-0286 - Fixed NULL dereference during PKCS7 data verification Resolves: CVE-2023-0401 * Wed Jan 11 2023 Clemens Lang <cllang@redhat.com> - 1:3.0.7-4 - Disallow SHAKE in RSA-OAEP decryption in FIPS mode Resolves: rhbz#2142121 * Thu Jan 05 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-3 - Refactor OpenSSL fips module MAC verification Resolves: rhbz#2157965 * Thu Nov 24 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-2 - Various provider-related imrovements necessary for PKCS#11 provider correct operations Resolves: rhbz#2142517 - We should export 2 versions of OPENSSL_str[n]casecmp to be compatible with upstream Resolves: rhbz#2133809 - Removed recommended package for openssl-libs Resolves: rhbz#2093804 - Adjusting include for the FIPS_mode macro Resolves: rhbz#2083879 - Backport of ppc64le Montgomery multiply enhancement Resolves: rhbz#2130708 - Fix explicit indicator for PSS salt length in FIPS mode when used with negative magic values Resolves: rhbz#2142087 - Update change to default PSS salt length with patch state from upstream Related: rhbz#2142087 * Tue Nov 22 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-1 - Rebasing to OpenSSL 3.0.7 Resolves: rhbz#2129063 * Mon Nov 14 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-44 - SHAKE-128/256 are not allowed with RSA in FIPS mode Resolves: rhbz#2144010 - Avoid memory leaks in TLS Resolves: rhbz#2144008 - FIPS RSA CRT tests must use correct parameters Resolves: rhbz#2144006 - FIPS-140-3 permits only SHA1, SHA256, and SHA512 for DRBG-HASH/DRBG-HMAC Resolves: rhbz#2144017 - Remove support for X9.31 signature padding in FIPS mode Resolves: rhbz#2144015 - Add explicit indicator for SP 800-108 KDFs with short key lengths Resolves: rhbz#2144019 - Add explicit indicator for HMAC with short key lengths Resolves: rhbz#2144000 - Set minimum password length for PBKDF2 in FIPS mode Resolves: rhbz#2144003 - Add explicit indicator for PSS salt length in FIPS mode Resolves: rhbz#2144012 - Clamp default PSS salt length to digest size for FIPS 186-4 compliance Related: rhbz#2144012 - Forbid short RSA keys for key encapsulation/decapsulation in FIPS mode Resolves: rhbz#2145170 * Tue Nov 01 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-43 - CVE-2022-3602: X.509 Email Address Buffer Overflow - CVE-2022-3786: X.509 Email Address Buffer Overflow Resolves: CVE-2022-3602 * Wed Oct 26 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-42 - CVE-2022-3602: X.509 Email Address Buffer Overflow Resolves: CVE-2022-3602 (rhbz#2137723) * Thu Aug 11 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-41 - Zeroize public keys as required by FIPS 140-3 Related: rhbz#2102542 - Add FIPS indicator for HKDF Related: rhbz#2114772 * Fri Aug 05 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-40 - Deal with DH keys in FIPS mode according FIPS-140-3 requirements Related: rhbz#2102536 - Deal with ECDH keys in FIPS mode according FIPS-140-3 requirements Related: rhbz#2102537 - Use signature for RSA pairwise test according FIPS-140-3 requirements Related: rhbz#2102540 - Reseed all the parent DRBGs in chain on reseeding a DRBG Related: rhbz#2102541 * Mon Aug 01 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-39 - Use RSA-OAEP in FIPS RSA encryption/decryption FIPS self-test - Use Use digest_sign & digest_verify in FIPS signature self test - Use FFDHE2048 in Diffie-Hellman FIPS self-test Resolves: rhbz#2102535 * Thu Jul 14 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-38 - Fix segfault in EVP_PKEY_Q_keygen() when OpenSSL was not previously initialized. Resolves: rhbz#2103289 - Improve AES-GCM performance on Power9 and Power10 ppc64le Resolves: rhbz#2051312 - Improve ChaCha20 performance on Power10 ppc64le Resolves: rhbz#2051312 * Tue Jul 05 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-37 - CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86 Resolves: CVE-2022-2097 * Thu Jun 16 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-36 - Ciphersuites with RSAPSK KX should be filterd in FIPS mode - Related: rhbz#2085088 - FIPS provider should block RSA encryption for key transport. - Other RSA encryption options should still be available if key length is enough - Related: rhbz#2053289 - Improve diagnostics when passing unsupported groups in TLS - Related: rhbz#2070197 - Fix PPC64 Montgomery multiplication bug - Related: rhbz#2098199 - Strict certificates validation shouldn't allow explicit EC parameters - Related: rhbz#2058663 - CVE-2022-2068: the c_rehash script allows command injection - Related: rhbz#2098277 * Wed Jun 08 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-35 - Add explicit indicators for signatures in FIPS mode and mark signature primitives as unapproved. Resolves: rhbz#2087147 * Fri Jun 03 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-34 - Some OpenSSL test certificates are expired, updating - Resolves: rhbz#2092456 * Thu May 26 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-33 - CVE-2022-1473 openssl: OPENSSL_LH_flush() breaks reuse of memory - Resolves: rhbz#2089444 - CVE-2022-1343 openssl: Signer certificate verification returned inaccurate response when using OCSP_NOCHECKS - Resolves: rhbz#2087911 - CVE-2022-1292 openssl: c_rehash script allows command injection - Resolves: rhbz#2090362 - Revert "Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode" Related: rhbz#2087147 - Use KAT for ECDSA signature tests, s390 arch - Resolves: rhbz#2069235 * Thu May 19 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-32 - `openssl ecparam -list_curves` lists only FIPS-approved curves in FIPS mode - Resolves: rhbz#2083240 - Ciphersuites with RSA KX should be filterd in FIPS mode - Related: rhbz#2085088 - In FIPS mode, signature verification works with keys of arbitrary size above 2048 bit, and only with 1024, 1280, 1536, 1792 bits for keys below 2048 bits - Resolves: rhbz#2077884 * Wed May 18 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-31 - Disable SHA-1 signature verification in FIPS mode - Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode Resolves: rhbz#2087147 * Mon May 16 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-30 - Use KAT for ECDSA signature tests - Resolves: rhbz#2069235 * Thu May 12 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-29 - `-config` argument of openssl app should work properly in FIPS mode - Resolves: rhbz#2083274 - openssl req defaults on PKCS#8 encryption changed to AES-256-CBC - Resolves: rhbz#2063947 * Fri May 06 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-28 - OpenSSL should not accept custom elliptic curve parameters - Resolves rhbz#2066412 - OpenSSL should not accept explicit curve parameters in FIPS mode - Resolves rhbz#2058663 * Fri May 06 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-27 - Change FIPS module version to include hash of specfile, patches and sources Resolves: rhbz#2070550 * Thu May 05 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-26 - OpenSSL FIPS module should not build in non-approved algorithms - Resolves: rhbz#2081378 * Mon May 02 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-25 - FIPS provider should block RSA encryption for key transport. - Other RSA encryption options should still be available - Resolves: rhbz#2053289 * Thu Apr 28 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-24 - Fix regression in evp_pkey_name2type caused by tr_TR locale fix Resolves: rhbz#2071631 * Wed Apr 20 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-23 - Fix openssl curl error with LANG=tr_TR.utf8 - Resolves: rhbz#2071631 * Mon Mar 28 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-22 - FIPS provider should block RSA encryption for key transport - Resolves: rhbz#2053289 * Tue Mar 22 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-21 - Fix occasional internal error in TLS when DHE is used - Resolves: rhbz#2004915 * Fri Mar 18 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-20 - Fix acceptance of SHA-1 certificates with rh-allow-sha1-signatures = yes when no OpenSSL library context is set - Resolves: rhbz#2065400 * Fri Mar 18 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-19 - Fix TLS connections with SHA1 signatures if rh-allow-sha1-signatures = yes - Resolves: rhbz#2065400 * Wed Mar 16 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-18 - CVE-2022-0778 fix - Resolves: rhbz#2062315 * Thu Mar 10 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-17 - Fix invocation of EVP_PKEY_CTX_set_rsa_padding(RSA_PKCS1_PSS_PADDING) before setting an allowed digest with EVP_PKEY_CTX_set_signature_md() - Skipping 3.0.1-16 due to version numbering confusion with the RHEL-9.0 branch - Resolves: rhbz#2062640 * Tue Mar 01 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-15 - Allow SHA1 in SECLEVEL 2 if rh-allow-sha1-signatures = yes - Resolves: rhbz#2060510 * Fri Feb 25 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-14 - Prevent use of SHA1 with ECDSA - Resolves: rhbz#2031742 * Fri Feb 25 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-13 - OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters - Resolves: rhbz#1977867 * Thu Feb 24 2022 Peter Robinson <pbrobinson@fedoraproject.org> - 1:3.0.1-12 - Support KBKDF (NIST SP800-108) with an R value of 8bits - Resolves: rhbz#2027261 * Wed Feb 23 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-11 - Allow SHA1 usage in MGF1 for RSASSA-PSS signatures - Resolves: rhbz#2031742 * Wed Feb 23 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-10 - rebuilt * Tue Feb 22 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-9 - Allow SHA1 usage in HMAC in TLS - Resolves: rhbz#2031742 * Tue Feb 22 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-8 - OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters - Resolves: rhbz#1977867 - pkcs12 export broken in FIPS mode - Resolves: rhbz#2049265 * Tue Feb 22 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-8 - Disable SHA1 signature creation and verification by default - Set rh-allow-sha1-signatures = yes to re-enable - Resolves: rhbz#2031742 krb5-libs| * Tue Aug 08 2023 Julien Rische <jrische@redhat.com> - 1.21.1-1 - New upstream version (1.21.1) - Fix double-free in KDC TGS processing (CVE-2023-39975) - Add support for "pac_privsvr_enctype" KDB string attribute Resolves: rhbz#2060421 * Thu Jun 08 2023 Julien Rische <jrische@redhat.com> - 1.20.1-9 - Do not disable PKINIT if some of the well-known DH groups are unavailable Resolves: rhbz#2187722 - Make PKINIT CMS SHA-1 signature verification available in FIPS mode Resolves: rhbz#2155607 - Allow to set PAC ticket signature as optional Resolves: rhbz#2178298 * Wed Feb 22 2023 Julien Rische <jrische@redhat.com> - 1.20.1-8 - Fix datetime parsing in kadmin on s390x Resolves: rhbz#2169985 * Tue Feb 14 2023 Julien Rische <jrische@redhat.com> - 1.20.1-7 - Fix double free on kdb5_util key creation failure Resolves: rhbz#2166603 * Tue Jan 31 2023 Julien Rische <jrische@redhat.com> - 1.20.1-6 - Add support for MS-PAC extended KDC signature (CVE-2022-37967) Resolves: rhbz#2165827 * Thu Jan 19 2023 Julien Rische <jrische@redhat.com> - 1.20.1-5 - Bypass FIPS restrictions to use KRB5KDF in case AES SHA-1 HMAC is enabled - Lazily load MD4/5 from OpenSSL if using RADIUS or RC4 enctype in FIPS mode Resolves: rhbz#2162461 * Thu Jan 12 2023 Julien Rische <jrische@redhat.com> - 1.20.1-4 - Set aes256-cts-hmac-sha384-192 as EXAMLE.COM master key in kdc.conf - Add AES SHA-2 HMAC family as EXAMPLE.COM supported etypes in kdc.conf Resolves: rhbz#2068535 * Tue Jan 10 2023 Julien Rische <jrische@redhat.com> - 1.20.1-2 - Strip debugging data from ksu executable file Resolves: rhbz#2159643 * Wed Dec 07 2022 Julien Rische <jrische@redhat.com> - 1.20.1-1 - Make tests compatible with sssd-client Resolves: rhbz#2151513 - Remove invalid password expiry warning Resolves: rhbz#2121099 - Update error checking for OpenSSL CMS_verify Resolves: rhbz#2063838 - New upstream version (1.20.1) Resolves: rhbz#2016312 - Fix integer overflows in PAC parsing (CVE-2022-42898) Resolves: rhbz#2140971 * Tue Oct 18 2022 Julien Rische <jrische@redhat.com> - 1.19.1-23 - Fix kprop for propagating dump files larger than 4GB Resolves: rhbz#2133014 * Fri Jul 08 2022 Julien Rische <jrische@redhat.com> - 1.19.1-22 - Restore "supportedCMSTypes" attribute in PKINIT preauth requests - Set SHA-512 or SHA-256 with RSA as preferred CMS signature algorithms Resolves: rhbz#2068935 * Thu Jun 23 2022 Julien Rische <jrische@redhat.com> - 1.19.1-21 - Fix libkrad client cleanup - Allow use of larger RADIUS attributes in krad library Resolves: rhbz#2100351 * Thu May 12 2022 Julien Rische <jrische@redhat.com> - 1.19.1-20 - Fix OpenSSL 3 MD5 encyption in FIPS mode - Allow libkrad UDP/TCP connection to localhost in FIPS mode Resolves: rhbz#2068458 * Mon May 02 2022 Julien Rische <jrische@redhat.com> - 1.19.1-19 - Use p11-kit as default PKCS11 module Resolves: rhbz#2030981 * Tue Apr 26 2022 Julien Rische <jrische@redhat.com> - 1.19.1-18 - Try harder to avoid password change replay errors Resolves: rhbz#2075186 * Mon Mar 14 2022 Julien Rische <jrische@redhat.com> - 1.19.1-15 - Use SHA-256 instead of SHA-1 for PKINIT CMS digest * Thu Feb 24 2022 Julien Rische <jrische@redhat.com> - 1.19.1-14 - Bypass FIPS restrictions to use KRB5KDF in case AES SHA-1 HMAC is enabled - Lazily load MD4/5 from OpenSSL if using RADIUS or RC4 enctype in FIPS mode * Fri Dec 17 2021 Antonio Torres <antorres@redhat.com> - 1.19.1-13 - Remove -specs= from krb5-config output - Resolves rhbz#1997021 * Wed Oct 20 2021 Antonio Torres <antorres@redhat.com> - 1.19.1-12 - Fix KDC null deref on TGS inner body null server (CVE-2021-37750) Resolves: rhbz#1997602 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.19.1-11.1 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 systemd-libs| * Sun Apr 07 2024 Release Engineering <releng@rockylinux.org> - 252-32 - Set support URL to the wiki - Set sbat mail to security@rockylinux.org * Mon Mar 18 2024 Jan Macku <jamacku@redhat.com> - 252-32 - rebase rhel-net-naming-sysattrs to v0.5 * Fri Mar 15 2024 systemd maintenance team <systemd-maint@redhat.com> - 252-31 - bootctl: rework random seed logic to use open_mkdir_at() and openat() (RHEL-16952) - bootctl: properly sync fs before/after moving random seed file into place (RHEL-16952) - bootctl: when updating EFI random seed file, hash old seed with new one (RHEL-16952) - sha256: add helper than hashes a buffer *and* its size (RHEL-16952) - random-seed: don't refresh EFI random seed from random-seed.c anymore (RHEL-16952) - bootctl: downgrade graceful messages to LOG_NOTICE (RHEL-16952) - units: rename/rework systemd-boot-system-token.service → systemd-boot-random-seed.service (RHEL-16952) - bootctl: split out setting of system token into function of its own (RHEL-16952) * Mon Mar 11 2024 systemd maintenance team <systemd-maint@redhat.com> - 252-30 - resolved: limit the number of signature validations in a transaction (RHEL-26643) - resolved: reduce the maximum nsec3 iterations to 100 (RHEL-26643) - efi: alignment of the PE file has to be at least 512 bytes (RHEL-26133) - units: change assert to condition to skip running in initrd/os (RHEL-16182) - ci: add configuration for regression sniffer GA (RHEL-1086) * Mon Feb 26 2024 systemd maintenance team <systemd-maint@redhat.com> - 252-29 - units: fix typo in Condition in systemd-boot-system-token (RHEL-16952) * Tue Feb 20 2024 systemd maintenance team <systemd-maint@redhat.com> - 252-28 - random-seed: shorten a bit may_credit() (RHEL-16952) - random-seed: make one more use of random_write_entropy() (RHEL-16952) - random-seed: use getopt() (RHEL-16952) - random-seed: make the logic to calculate the number of bytes read from the random seed file clearer (RHEL-16952) - random-seed: no need to pass 'mode' argument when opening /dev/urandom (RHEL-16952) - random-seed: split out run() (RHEL-16952) - random_seed: minor improvement in run() (RHEL-16952) - random-seed: downgrade some messages (RHEL-16952) - random-seed: clarify one comment (RHEL-16952) - random-seed: make sure to load machine id even if the seed file is missing (RHEL-16952) - chase-symlinks: add new flag for prohibiting any following of symlinks (RHEL-16952) - bootctl,bootspec: make use of CHASE_PROHIBIT_SYMLINKS whenever we access the ESP/XBOOTLDR (RHEL-16952) - boot: implement kernel EFI RNG seed protocol with proper hashing (RHEL-16952) - random-seed: refresh EFI boot seed when writing a new seed (RHEL-16952) - random-seed: handle post-merge review nits (RHEL-16952) - boot: do not truncate random seed file (RHEL-16952) - bootctl: install system token on virtualized systems (RHEL-16952) - boot: remove random-seed-mode (RHEL-16952) - stub: handle random seed like sd-boot does (RHEL-16952) - efi: add efi_guid_equal() helper (RHEL-16952) - efi: add common implementation for loop finding EFI configuration tables (RHEL-16952) - boot: Detect hypervisors using SMBIOS info (RHEL-16952) - boot: Skip soft-brick warning when in a VM (RHEL-16952) - boot: Replace UINTN with size_t (RHEL-16952) - boot: Use unsigned for beep counting (RHEL-16952) - boot: Use unicode literals (RHEL-16952) - macro: add generic IS_ALIGNED32() anf friends (RHEL-16952) - meson: use 0|1 for SD_BOOT (RHEL-16952) - boot: Add printf functions (RHEL-16952) - boot: Use printf for error logging (RHEL-16952) - boot: Introduce log_wait (RHEL-16952) - boot: Add log_trace debugging helper (RHEL-16952) - tree-wide: Use __func__ in asserts (RHEL-16952) - boot: Drop use of xpool_print/SPrint (RHEL-16952) - boot: Drop use of Print (RHEL-16952) - boot: Rework GUID handling (RHEL-16952) - efi-string: Fix strchr() null byte handling (RHEL-16952) - efi-string: Add startswith8() (RHEL-16952) - efi-string: Add efi_memchr() (RHEL-16952) - vmm: Add more const (RHEL-16952) - vmm: Add smbios_find_oem_string() (RHEL-16952) - stub: Read extra kernel command line items from SMBIOS (RHEL-16952) - vmm: Modernize get_smbios_table() (RHEL-16952) - stub: measure SMBIOS kernel-cmdline-extra in PCR12 (RHEL-16952) - efi: support passing empty cmdline to mangle_stub_cmdline() (RHEL-16952) - efi: set EFIVAR to stop Shim from uninstalling its protocol (RHEL-16952) - ukify: use empty stub for addons (RHEL-16952) - stub: allow loading and verifying cmdline addons (RHEL-16952) - TODO: remove fixed item (RHEL-16952) - fix: do not check/verify slice units if recursive errors are to be ignored (RHEL-1086) * Thu Feb 15 2024 systemd maintenance team <systemd-maint@redhat.com> - 252-27 - test: merge TEST-20-MAINPIDGAMES into TEST-07-PID1 (fixup) (RHEL-1086) - test: use the default nsec3-iterations value (RHEL-1086) - test: explicitly set nsec3-iterations to 0 (RHEL-1086) - core: mount namespaces: Remove auxiliary bind mounts directory after unit termination (RHEL-19483) - ci: deploy systemd man to GitHub Pages (RHEL-1086) - doc: add missing `<listitem>` to `systemd.net-naming-scheme.xml` (RHEL-7026) - man: reorder the list of supported naming schemes (RHEL-7026) - tree-wide: fix return value handling of base64mem() (RHEL-16182) - Consolidate various TAKE_* into TAKE_GENERIC(), add TAKE_STRUCT() (RHEL-16182) - pcrphase: add $SYSTEMD_PCRPHASE_STUB_VERIFY env var for overriding stub check (RHEL-16182) - pcrphase: gracefully exit if TPM2 support is incomplete (RHEL-16182) - tpm2-util: split out code that derives "good" TPM2 banks into an strv from pcrphase and generalize it in tpm2-util.c (RHEL-16182) - tpm2-util: split out code that extends a PCR from pcrphase (RHEL-16182) - tpm2-util: optionally do HMAC in tpm2_extend_bytes() in case we process sensitive data (RHEL-16182) - cryptsetup: add tpm2-measure-pcr= and tpm2-measure-bank= crypttab options (RHEL-16182) - man: document the new crypttab measurement options (RHEL-16182) - gpt-auto-generator: automatically measure root/var volume keys into PCR 15 (RHEL-16182) - blkid-util: define enum for blkid_do_safeprobe() return values (RHEL-16182) - pcrphase: make tool more generic, reuse for measuring machine id/fs uuids (RHEL-16182) - units: measure /etc/machine-id into PCR 15 during early boot (RHEL-16182) - generators: optionally, measure file systems at boot (RHEL-16182) - tpm2: add common helper for checking if we are running on UKI with TPM measurements (RHEL-16182) - man: document new machine-id/fs measurement options (RHEL-16182) - test: add simple integration test for checking PCR extension works as it should (RHEL-16182) - update TODO (RHEL-16182) - cryptsetup: retry TPM2 unseal operation if it fails with TPM2_RC_PCR_CHANGED (RHEL-16182) - boot: Simplify object erasure (RHEL-16182) - tree-wide: use CLEANUP_ERASE() at various places (RHEL-16182) - dlfcn: add new safe_dclose() helper (RHEL-16182) - tpm2: rename tpm2 alg id<->string functions (RHEL-16182) - tpm2: rename struct tpm2_context to Tpm2Context (RHEL-16182) - tpm2: use ref counter for Tpm2Context (RHEL-16182) - tpm2: use Tpm2Context* instead of ESYS_CONTEXT* (RHEL-16182) - tpm2: add Tpm2Handle with automatic cleanup (RHEL-16182) - tpm2: simplify tpm2_seal() blob creation (RHEL-16182) - tpm2: add salt to pin (RHEL-16182) - basic/macro: add macro to iterate variadic args (RHEL-16182) - test/test-macro: add tests for FOREACH_VA_ARGS() (RHEL-16182) - basic/bitfield: add bitfield operations (RHEL-16182) - test/test-bitfield: add tests for bitfield macros (RHEL-16182) - tpm2: add tpm2_get_policy_digest() (RHEL-16182) - tpm2: add TPM2_PCR_VALID() (RHEL-16182) - tpm2: add/rename functions to manage pcr selections (RHEL-16182) - test/test-tpm2: add tests for pcr selection functions (RHEL-16182) - tpm2: add tpm2_pcr_read() (RHEL-16182) - tpm2: move openssl-required ifdef code out of policy-building function (RHEL-16182) - tpm2: add tpm2_is_encryption_session() (RHEL-16182) - tpm2: move policy building out of policy session creation (RHEL-16182) - tpm2: add support for a trusted SRK (RHEL-16182) - tpm2: fix nits from PR #26185 (RHEL-16182) - tpm2: replace magic number (RHEL-16182) - tpm2: add tpm2_digest_*() functions (RHEL-16182) - tpm2: replace hash_pin() with tpm2_digest_*() functions (RHEL-16182) - tpm2: add tpm2_set_auth() (RHEL-16182) - tpm2: add tpm2_get_name() (RHEL-16182) - tpm2: rename pcr_values_size vars to n_pcr_values (RHEL-16182) - tpm2: add tpm2_policy_pcr() (RHEL-16182) - tpm2: add tpm2_policy_auth_value() (RHEL-16182) - tpm2: add tpm2_policy_authorize() (RHEL-16182) - tpm2: use tpm2_policy_authorize() (RHEL-16182) - tpm2: add tpm2_calculate_sealing_policy() (RHEL-16182) - tpm: remove external calls to dlopen_tpm2() (RHEL-16182) - tpm2: remove all extern tpm2-tss symbols (RHEL-16182) - tpm2: add tpm2_get_capability(), tpm2_cache_capabilities(), tpm2_capability_pcrs() (RHEL-16182) - tpm2: verify symmetric parms in tpm2_context_new() (RHEL-16182) - tpm2: replace _cleanup_tpm2_* macros with _cleanup_() (RHEL-16182) - tpm2-util: use compound initialization when allocating tpm2 objects (RHEL-16182) - tpm2: add tpm2_get_capability_handle(), tpm2_esys_handle_from_tpm_handle() (RHEL-16182) - tpm2: add tpm2_read_public() (RHEL-16182) - tpm2: add tpm2_get_legacy_template() and tpm2_get_srk_template() (RHEL-16182) - tpm2: add tpm2_load() (RHEL-16182) - tpm2: add tpm2_load_external() (RHEL-16182) - tpm2: move local vars in tpm2_seal() to point of use (RHEL-16182) - tpm2: replace magic number in hmac_sensitive initialization (RHEL-16182) - tpm2: add tpm2_create() (RHEL-16182) - tpm2: replace tpm2_capability_pcrs() macro with direct c->capaiblity_pcrs use (RHEL-16182) - basic/alloc-util: add greedy_realloc_append() (RHEL-16182) - tpm2: cache the TPM supported commands, add tpm2_supports_command() (RHEL-16182) - tpm2: cache TPM algorithms (RHEL-16182) - tpm2: add tpm2_persist_handle() (RHEL-16182) - tpm2: add tpm2_get_or_create_srk() (RHEL-16182) - tpm2: move local vars in tpm2_unseal() to point of use (RHEL-16182) - tpm2: remove tpm2_make_primary() (RHEL-16182) - tpm2: use CreatePrimary() to create primary keys instead of Create() (RHEL-16182) - cryptsetup: downgrade a bunch of log messages that to LOG_WARNING (RHEL-16182) - boot/measure: replace TPM PolicyPCR session with calculation (RHEL-16182) - core: imply DeviceAllow=/dev/tpmrm0 with LoadCredentialEncrypted (RHEL-16182) - added more test cases (RHEL-16182) - test: fixed negative checks in TEST-70-TPM2. Use in-line error handling rather than redirections. Follow up on #27020 (RHEL-16182) - systemd-cryptenroll: add string aliases for tpm2 PCRs Fixes #26697. RFE. (RHEL-16182) - cryptenroll: fix an assertion with weak passwords (RHEL-16182) - man/systemd-cryptenroll: update list of PCRs, link to uapi docs (RHEL-16182) - tpm2: add debug logging to functions converting hash or asym algs to/from strings or ids (RHEL-16182) - tpm2: add tpm2_hash_alg_to_size() (RHEL-16182) - tpm2: change tpm2_tpm*_pcr_selection_to_mask() to return mask (RHEL-16182) - tpm2: add more helper functions for managing TPML_PCR_SELECTION and TPMS_PCR_SELECTION (RHEL-16182) - tpm2: add Tpm2PCRValue struct and associated functions (RHEL-16182) - tpm2: move declared functions in header lower down (RHEL-16182) - tpm2: declare tpm2_log_debug_*() functions in tpm2_util.h (RHEL-16182) - tpm2: change tpm2_calculate_policy_pcr(), tpm2_calculate_sealing_policy() to use Tpm2PCRValue array (RHEL-16182) - tpm2: change tpm2_parse_pcr_argument() parameters to parse to Tpm2PCRValue array (RHEL-16182) - tpm2: add TPM2B_*_MAKE(), TPM2B_*_CHECK_SIZE() macros (RHEL-16182) - tpm2: add tpm2_pcr_read_missing_values() (RHEL-16182) - openssl: add openssl_pkey_from_pem() (RHEL-16182) - openssl: add rsa_pkey_new(), rsa_pkey_from_n_e(), rsa_pkey_to_n_e() (RHEL-16182) - openssl: add ecc_pkey_new(), ecc_pkey_from_curve_x_y(), ecc_pkey_to_curve_x_y() (RHEL-16182) - test: add DEFINE_HEX_PTR() helper function (RHEL-16182) - openssl: add test-openssl (RHEL-16182) - tpm2: add functions to convert TPM2B_PUBLIC to/from openssl pkey or PEM (RHEL-16182) - tpm2: move policy calculation out of tpm2_seal() (RHEL-16182) - man: update systemd-cryptenroll man page with details on --tpm2-pcrs format change (RHEL-16182) - tpm2: update TEST-70-TPM2 to test passing PCR value to systemd-cryptenroll (RHEL-16182) - tpm2: change *alg_to_* functions to use switch() (RHEL-16182) - tpm2: lowercase TPM2_PCR_VALUE[S]_VALID functions (RHEL-16182) - tpm2: move cast from lhs to rhs in uint16_t/int comparison (RHEL-16182) - tpm2: in validator functions, return false instead of assert failure (RHEL-16182) - tpm2: in tpm2_pcr_values_valid() use FOREACH_ARRAY() (RHEL-16182) - tpm2: use SIZE_MAX instead of strlen() for unhexmem() (RHEL-16182) - tpm2: put !isempty() check inside previous !isempty() check (RHEL-16182) - tpm2: simplify call to asprintf() (RHEL-16182) - tpm2: check pcr value hash != 0 before looking up hash algorithm name (RHEL-16182) - tpm2: use strempty() (RHEL-16182) - tpm2: split TPM2_PCR_VALUE_MAKE() over multiple lines (RHEL-16182) - tpm2: remove ret_ prefix from input/output params (RHEL-16182) - tpm2: use memcpy_safe() instead of memcpy() (RHEL-16182) - openssl: use new(char, size) instead of malloc(size) (RHEL-16182) - tpm2: use table for openssl<->tpm2 ecc curve id mappings (RHEL-16182) - tpm2: use switch() instead of if-else (RHEL-16182) - tpm2: make logging level consistent at debug for some functions (RHEL-16182) - tpm2: remove unnecessary void* cast (RHEL-16182) - tpm2: add tpm2_pcr_values_has_(any|all)_values() functions (RHEL-16182) - tpm2: wrap (7) in UINT32_C() (RHEL-16182) - cryptenroll: change man page example to remove leading 0x and lowercase hex (RHEL-16182) - openssl: add log_openssl_errors() (RHEL-16182) - openssl: add openssl_digest_size() (RHEL-16182) - openssl: add openssl_digest_many() (RHEL-16182) - openssl: replace openssl_hash() with openssl_digest() (RHEL-16182) - openssl: add openssl_hmac_many() (RHEL-16182) - openssl: add rsa_oaep_encrypt_bytes() (RHEL-16182) - openssl: add kdf_kb_hmac_derive() (RHEL-16182) - openssl: add openssl_cipher_many() (RHEL-16182) - openssl: add ecc_edch() (RHEL-16182) - openssl: add kdf_ss_derive() (RHEL-16182) - dlfcn-util: add static asserts ensuring our sym_xyz() func ptrs match the types from the official headers (RHEL-16182) - tpm2: add tpm2_marshal_blob() and tpm2_unmarshal_blob() (RHEL-16182) - tpm2: add tpm2_serialize() and tpm2_deserialize() (RHEL-16182) - tpm2: add tpm2_index_to_handle() and tpm2_index_from_handle() (RHEL-16182) - tpm2: fix build failure without openssl (RHEL-16182) - tpm2-util: look for tpm2-pcr-signature.json directly in /.extra/ (RHEL-16182) - tpm2: downgrade most log functions from error to debug (RHEL-16182) - tpm2: handle older tpm enrollments without a saved pcr bank (RHEL-16182) - tpm2: allow tpm2_make_encryption_session() without bind key (RHEL-16182) - tpm2: update tpm2 test for supported commands (RHEL-16182) - tpm2: use GREEDY_REALLOC_APPEND() in tpm2_get_capability_handles(), cap max value (RHEL-16182) - tpm2: change tpm2_unseal() to accept Tpm2Context instead of device string (RHEL-16182) - tpm2: cache TPM's supported ECC curves (RHEL-16182) - tpm2-util: make tpm2_marshal_blob()/tpm2_unmarshal_blob() static (RHEL-16182) - tpm2-util: make tpm2_read_public() static, as we use it only internally in tpm2-util.c (RHEL-16182) - cryptenroll: allow specifying handle index of key to use for sealing (RHEL-16182) - test: add tests for systemd-cryptenroll --tpm2-seal-key-handle (RHEL-16182) - tpm2: do not call Esys_TR_Close() (RHEL-16182) - tpm2: don't use GetCapability() to check transient handles (RHEL-16182) - tpm2-util: pick up a few new symbols from tpm2-tss (RHEL-16182) - tpm2: add tpm2_get_pin_auth() (RHEL-16182) - tpm2: instead of adjusting authValue trailing 0(s), trim them as required by tpm spec (RHEL-16182) - tpm2-util: rename tpm2_calculate_name() → tpm2_calculate_pubkey_name() (RHEL-16182) - cryptenroll: do not implicitly verify with default tpm policy signature (RHEL-16182) - cryptenroll: drop deadcode (RHEL-16182) - tpm2: allow using tpm2_get_srk_template() without tpm (RHEL-16182) - tpm2: add test to verify srk templates (RHEL-16182) - tpm2: add tpm2_sym_alg_*_string() and tpm2_sym_mode_*_string() (RHEL-16182) - tpm2: add tpm2_calculate_seal() and helper functions (RHEL-16182) - tpm2: update test-tpm2 for tpm2_calculate_seal() (RHEL-16182) - cryptenroll: add support for calculated TPM2 enrollment (RHEL-16182) - test: update TEST-70 with systemd-cryptenroll calculated TPM2 enrollment (RHEL-16182) - openssl-util: avoid freeing invalid pointer (RHEL-16182) - creds-util: check for CAP_DAC_READ_SEARCH (RHEL-16182) - creds-util: do not try TPM2 if there is not support (RHEL-16182) - creds-util: merge the TPM2 detection for initrd (RHEL-16182) - cryptenroll: fix a memory leak (RHEL-16182) - sd-journal: introduce sd_journal_step_one() (RHEL-11591) - test: modernize test-journal-flush (RHEL-11591) - journal-file-util: do not fail when journal_file_set_offline() called more than once (RHEL-11591) - journal-file-util: Prefer punching holes instead of truncating (RHEL-11591) - test: add reproducer for SIGBUS issue caused by journal truncation (RHEL-11591) * Wed Jan 31 2024 systemd maintenance team <systemd-maint@redhat.com> - 252-26 - spec: update rhel-net-naming-sysattrs to v0.4 (RHEL-22278) * Tue Jan 30 2024 systemd maintenance team <systemd-maint@redhat.com> - 252-25 - spec: add new package with RHEL-specific network naming sysattrs (RHEL-22278) * Wed Jan 24 2024 systemd maintenance team <systemd-maint@redhat.com> - 252-24 - ci: use source-git-automation composite Action (RHEL-1086) - ci: increase the cron interval to 45 minutes (RHEL-1086) - ci: add all Z-Stream versions to array of allowed versions (RHEL-1086) - udev/net_id: introduce naming scheme for RHEL-9.4 (RHEL-22427) - basic/errno-util: add wrappers which only accept negative errno (RHEL-22443) - errno-util: allow ERRNO_IS_* to accept types wider than int (RHEL-22443) - udev: add new builtin net_driver (RHEL-22443) - udev/net_id: introduce naming scheme for RHEL-8.10 (RHEL-22427) * Fri Jan 12 2024 systemd maintenance team <systemd-maint@redhat.com> - 252-23 - logind: don't setup idle session watch for lock-screen and greeter (RHEL-20757) - logind: don't make idle action timer accuracy more coarse than timeout (RHEL-20757) - logind: do TTY idle logic only for sessions marked as "tty" (RHEL-20757) - meson: Properly install 90-uki-copy.install (RHEL-16354) * Mon Jan 08 2024 systemd maintenance team <systemd-maint@redhat.com> - 252-22 - Revert "man: mention System Administrator's Guide in systemctl manpage" (RHEL-19436) - man: mention RHEL documentation in systemctl's man page (RHEL-19436) - resolved: actually check authenticated flag of SOA transaction (RHEL-6216) - udev: allow/denylist for reading sysfs attributes when composing a NIC name (RHEL-1317) - man: environment value -> udev property (RHEL-1317) * Mon Dec 11 2023 systemd maintenance team <systemd-maint@redhat.com> - 252-21 - meson: fix installation of ukify (RHEL-13199) - sd-id128: introduce id128_hash_ops_free (RHEL-5988) - udevadm-trigger: allow to fallback without synthetic UUID only first time (RHEL-5988) - udevadm-trigger: settle with synthetic UUID if the kernel support it (RHEL-5988) - udevadm-trigger: also check with the original syspath if device is renamed (RHEL-5988) - test: use 'udevadm trigger --settle' even if device is renamed (RHEL-5988) - sd-event: don't mistake USEC_INFINITY passed in for overflow (RHEL-6090) - pid1: rework service_arm_timer() to optionally take a relative time value (RHEL-6090) - manager: add one more assert() (RHEL-6090) - pid1: add new Type=notify-reload service type (RHEL-6090) - man: document Type=notify-reload (RHEL-6090) - pid1: make sure we send our calling service manager RELOADING=1 when reloading (RHEL-6090) - networkd: implement Type=notify-reload protocol (RHEL-6090) - udevd: implement the full Type=notify-reload protocol (RHEL-6090) - logind: implement Type=notify-reload protocol properly (RHEL-6090) - notify: add --stopping + --reloading switches (RHEL-6090) - test: add Type=notify-reload testcase (RHEL-6090) - update TODO (RHEL-6090) - core: check for SERVICE_RELOAD_NOTIFY in manager_dbus_is_running (RHEL-6090) * Fri Dec 08 2023 systemd maintenance team <systemd-maint@redhat.com> - 252-20 - udev/net: allow new link name as an altname before renaming happens (RHEL-5988) - sd-netlink: do not swap old name and alternative name (RHEL-5988) - sd-netlink: restore altname on error in rtnl_set_link_name (RHEL-5988) - udev: attempt device rename even if interface is up (RHEL-5988) - sd-netlink: add a test for rtnl_set_link_name() (RHEL-5988) - test-network: add a test for renaming device to current altname (RHEL-5988) - udev: align table (RHEL-5988) - sd-device: make device_set_syspath() clear sysname and sysnum (RHEL-5988) - sd-device: do not directly access entry in sd-device object (RHEL-5988) - udev: move device_rename() from device-private.c (RHEL-5988) - udev: restore syspath and properties on failure (RHEL-5988) - sd-device: introduce device_get_property_int() (RHEL-5988) - core/device: downgrade log level for ignored errors (RHEL-5988) - core/device: ignore failed uevents (RHEL-5988) - test: add tests for failure in renaming network interface (RHEL-5988) - test: modernize test-netlink.c (RHEL-5988) - test-netlink: use dummy interface to test assigning new interface name (RHEL-5988) - udev: use SYNTHETIC_ERRNO() at one more place (RHEL-5988) - udev: make udev_builtin_run() take UdevEvent* (RHEL-5988) - udev/net: verify ID_NET_XYZ before trying to assign it as an alternative name (RHEL-5988) - udev/net: generate new network interface name only on add uevent (RHEL-5988) - sd-netlink: make rtnl_set_link_name() optionally append alternative names (RHEL-5988) - udev/net: assign alternative names only on add uevent (RHEL-5988) - test: add tests for renaming network interface (RHEL-5988) - Backport ukify from upstream (RHEL-13199) - bootctl: make --json output normal json (RHEL-13199) - test: replace readfp() with read_file() (RHEL-13199) - stub/measure: document and measure .uname UKI section (RHEL-13199) - boot: measure .sbat section (RHEL-13199) - Revert "test_ukify: no stinky root needed for signing" (RHEL-13199) - ukify: move to /usr/bin and mark as non non-experimental (RHEL-13199) - kernel-install: Add uki layout (RHEL-16354) - kernel-install: remove math slang from man page (RHEL-16354) - kernel-install: handle uki installs automatically (RHEL-16354) - 90-uki-copy.install: create $BOOT/EFI/Linux directory if needed (RHEL-16354) - kernel-install: Log location that uki is installed in (RHEL-16354) - bootctl: fix errno logging (RHEL-16354) - bootctl: add kernel-identity command (RHEL-16354) - bootctl: add kernel-inspect command (RHEL-16354) - bootctl: add kernel-inspect to --help text (RHEL-16354) - bootctl: drop full stop at end of --help texts (RHEL-16354) - bootctl: change section title for kernel image commands (RHEL-16354) - bootctl: remove space that should not be there (RHEL-16354) - bootctl: kernel-inspect: print os info (RHEL-16354) - bootctl-uki: several coding style fixlets (RHEL-16354) - tree-wide: unify how we pick OS pretty name to display (RHEL-16354) - bootctl-uki: several follow-ups for inspect_osrel() (RHEL-16354) - bootctl: Add missing %m (RHEL-16354) - bootctl: tweak DOS header magic check (RHEL-16354) * Mon Nov 13 2023 systemd maintenance team <systemd-maint@redhat.com> - 252-19 - ci: Extend source-git-automation (RHEL-1086) - netif-naming-scheme: let's also include rhel8 schemes (RHEL-7026) - systemd-analyze: Add table and JSON output implementation to plot (RHEL-5070) - systemd-analyze: Update man/systemd-analyze.xml with Plot JSON and table (RHEL-5070) - systemd-analyze: Add tab complete logic for plot (RHEL-5070) - systemd-analyze: Add --json=, --table and -no-legend tests for plot (RHEL-5070) - ci: enable source-git automation to validate reviews and ci results (RHEL-1086) - ci: remove Mergify config - replaced by Pull Request Validator (RHEL-1086) - ci: enable auto-merge GH Action (RHEL-1086) - ci: add missing permissions (RHEL-1086) - ci: `permissions: write-all` (RHEL-1086) - ci(lint): exclude `.in` files from ShellCheck lint (RHEL-1086) - udev: raise RLIMIT_NOFILE as high as we can (RHEL-11040) * Tue Aug 22 2023 systemd maintenance team <systemd-maint@redhat.com> - 252-18 - doc: add downstream CONTRIBUTING document (#2170883) - doc: improve CONTRIBUTING document (#2170883) - doc: use link with prefilled Jira issue (#2170883) - docs: link downstream CONTRIBUTING in README (#2170883) - bpf: fix restrict_fs on s390x (#2230364) - udev/net_id: use naming scheme for RHEL-9.3 (#2231845) - core/timer: Always use inactive_exit_timestamp if it is set (#2211065) - timer: Use dual_timestamp_is_set() in one more place (#2211065) - loginctl: list-users: also show state (#2209912) - loginctl: list-sessions: minor modernization (#2209912) - loginctl: list-sessions: also show state (#2209912) - test: add test for state in loginctl list-{users,sessions} (#2209912) - test: add a missing session activation (#2209912) - test: extend test for loginctl list-* (#2209912) - loginctl: shorten variable name (#2209912) - loginctl: use bus_map_all_properties (#2209912) - loginctl: show session idle status in list-sessions (#2209912) - loginctl: some modernizations (#2209912) - loginctl: list-sessions: fix timestamp for idle hint (#2209912) - loginctl: list-users: use bus_map_all_properties (#2209912) - loginctl: also show idle hint in session-status (#2209912) - memory-util: make ArrayCleanup passed to array_cleanup() const (#2190226) - static-destruct: several cleanups (#2190226) - static-destruct: introduce STATIC_ARRAY_DESTRUCTOR_REGISTER() (#2190226) - macro: support the case that the number of elements has const qualifier (#2190226) - shared/generator: apply similar config reordering of generated units (#2190226) - nulstr-util: make ret_size in strv_make_nulstr() optional (#2190226) - generator: teach generator_add_symlink() to instantiate specified unit (#2190226) - units: rework growfs units to be just a regular unit that is instantiated (#2190226) - fstab-generator: use correct targets when /sysroot is specificied in fstab only (#2190226) - fstab-generator: add SYSTEMD_SYSFS_CHECK env var (#2190226) - test: add fstab file support for fstab-generator tests (#2190226) - test-fstab-generator: also check file contents (#2190226) - test-fstab-generator: add tests for mount options (#2190226) - fstab-generator: split out several functions from parse_fstab() (#2190226) - fstab-generator: call add_swap() earlier (#2190226) - fstab-generator: refuse to add swap earlier if disabled (#2190226) - fstab-generator: refuse invalid mount point path in fstab earlier (#2190226) - fstab-generator: fix error code propagation in run_generator() (#2190226) - fstab-generator: support defining mount units through kernel command line (#2190226) - test: add test cases for defining mount and swap units from kernel cmdline (#2190226) - generators: change TimeoutSec=0 to TimeoutSec=infinity (#2190226) - units: change TimeoutSec=0 to TimeoutSec=infinity (#2190226) - fstab-generator: use correct swap name var (#2190226) - fstab-generator: add more parameter name comments (#2190226) - fstab-generator: unify initrd-root-device.target dependency handling code (#2190226) - fstab-util: add fstab_is_bind (#2190226) - fstab-generator: resolve bind mount source when in initrd (#2190226) - fstab-generator: rename 'initrd' flag to 'prefix_sysroot' (#2190226) - fstab-generator: fix target of /sysroot/usr (#2190226) - fstab-generator: add rd.systemd.mount-extra= and friends (#2190226) - fstab-generator: add a flag to accept entry for "/" in initrd (#2190226) - test-fstab-generator: extract core part as a function (#2190226) - test-fstab-generator: also test with SYSTEMD_IN_INITRD=no (#2190226) - test-fstab-generator: add more tests for systemd.mount-extra= and friends (#2190226) - fstab-generator: enable fsck for block device mounts specified in systemd.mount-extra= (#2190226) - core: use correct scope of looking up units (#2226980) - test: merge unit file related tests into TEST-23-UNIT-FILE (#2213521) - test: rename TEST-07-ISSUE-1981 to TEST-07-PID1 (#2213521) - test: merge TEST-08-ISSUE-2730 into TEST-07-PID1 (#2213521) - test: merge TEST-09-ISSUE-2691 into TEST-07-PID1 (#2213521) - test: merge TEST-10-ISSUE-2467 with TEST-07-PID1 (#2213521) - test: merge TEST-11-ISSUE-3166 into TEST-07-PID1 (#2213521) - test: merge TEST-12-ISSUE-3171 into TEST-07-PID1 (#2213521) - test: move TEST-23's units into a dedicated subfolder (#2213521) - test: merge TEST-47-ISSUE-14566 into TEST-07-PID1 (#2213521) - test: merge TEST-51-ISSUE-16115 into TEST-07-PID1 (#2213521) - test: merge TEST-20-MAINPIDGAMES into TEST-07-PID1 (#2213521) - test: abstract the common test parts into a utility script (#2213521) - test: add tests for JoinsNamespaceOf= (#2213521) - core/unit: drop doubled empty line (#2213521) - core/unit: make JoinsNamespaceOf= implies the inverse dependency (#2213521) - core/unit: search shared namespace in transitive relation of JoinsNamespaceOf= (#2213521) - core/unit: update bidirectional dependency simultaneously (#2213521) - resolvectl: fix type of ifindex D-Bus field, and make sure to initialize to zero in all code paths (#2161260) - resolved: add some line-breaks/comments (#2161260) - resolvectl: don't filter loopback DNS server from global DNS server list (#2161260) - blockdev-util: add simple wrapper around BLKSSZGET (#2170883) - loop-util: insist on setting the sector size correctly (#2170883) - dissect-image: add probe_sector_size() helper for detecting sector size of a GPT disk image (#2170883) - loop-util: always tell kernel explicitly about loopback sector size (#2170883) - Revert "Treat EPERM as "not available" too" (#2178222) - Revert "test: accept EPERM for unavailable idmapped mounts as well" (#2178222) * Fri Aug 04 2023 systemd maintenance team <systemd-maint@redhat.com> - 252-17 - Revert "core/service: when resetting PID also reset known flag" (#2225667 - ci: explicitly install python3-lldb-$COMPILER_VERSION (#2225667) * Mon Jul 17 2023 systemd maintenance team <systemd-maint@redhat.com> - 252-16 - ci: update permissions for source-git automation workflows (#2170883) - pstore: fixes for dmesg.txt reconstruction (#2170883) - pstore: explicitly set the base when converting record ID (#2170883) - pstore: avoid opening the dmesg.txt file if not requested (#2170883) - test: add a couple of tests for systemd-pstore (#2170883) - test: match all messages with the FILE field (#2170883) - test: build the SELinux test module on the host (#2170883) - test: make the stress test slightly less stressful on slower machines (#2170883) - coredump: use unaligned_read_ne{32,64}() to parse auxv (#2170883) - core/transaction: make merge_unit_ids() always return NUL-terminated string (#2170883) - core/transaction: make merge_unit_ids() return non-NULL on success (#2170883) - core/transaction: do not log "(null)" (#2170883) - ci: allow `RHEL-only` labels to mark downstream-only commits (#2170883) - elf-util: discard PT_LOAD segment early based on the start address. (#2215412) - elf-util: check for overflow when computing end of core's PT_LOAD segments (#2215412) - sulogin: use DEFINE_MAIN_FUNCTION() (#2169959) - sulogin: fix control lost of the current terminal when default.target is rescue.target (#2169959) - journal-vacuum: count size of all journal files (#2182632) - memory-util: add a concept for gcc cleanup attribute based array destruction (#2182632) - macro: introduce FOREACH_ARRAY() macro (#2182632) - journal-vacuum: rename function to match struct name (#2182632) - journal-vacuum: use CLEANUP_ARRAY (#2182632) - pam: add call to pam_umask (#2210145) - udev-builtin-net_id: align VF representor names with VF names (#2218886) - pam: add a call to pam_namespace (#2218184) - rules: online CPU automatically on IBM s390x platforms when configured (#2212612) - core/mount: escape invalid UTF8 char in dbus reply (#2208240) - Revert "user: delegate cpu controller, assign weights to user slices" (#2176899) - udev-rules: fix nvme symlink creation on namespace changes (#2172509) - rules: add whitespace after comma before the line continuation (#2172509) - udev: restore compat symlink for nvme devices (#2172509) - rules: drop doubled space (#2172509) - manager: don't taint the host if cgroups v1 is used (#2193456) - core/service: when resetting PID also reset known flag (#2210237) - ci: drop systemd-stable from advanced-commit-linter config (#2170883) * Thu May 18 2023 systemd maintenance team <systemd-maint@redhat.com> - 252-15 - ci: trigger `differential-shellcheck` workflow on push (#2100440) - ci: workflow for gathering metadata for source-git automation (#2100440) - ci: first part of the source-git automation - commit linter (#2100440) - ci(Mergify): check CodeQL and build workflows based on changed files (#2100440) - ci: add NOTICE to also update regexp in `.mergify.yml` when updating `paths` property (#2100440) - Support /etc/system-update for OSTree systems (#2203133) - journal-def: fix type of signature to match the actual field in the Header structure (#2183546) - journal: use compound initialization for journal file Header structure (#2183546) - journald: fix log message (#2183546) - sd-journal: cache results of parsing environment variables (#2183546) - compress: introduce compression_supported() helper function (#2183546) - sd-journal: always use the compression algorithm specified in the header (#2183546) - sd-journal: allow to specify compression algorithm through env (#2183546) - test: add test case that journal file is created with the requested compression algorithm (#2183546) - rules: do not online CPU automatically on IBM platforms (#2143107) * Tue Mar 21 2023 systemd maintenance team <systemd-maint@redhat.com> - 252-14 - systemd: Support OOMPolicy in scope units (#2176918) - systemd: Default to OOMPolicy=continue for login session scopes (#2176918) - man: rework description of OOMPolicy= a bit (#2176918) - core,man: add missing integration of OOMPolicy= in scopes (#2176918) - meson: Store fuzz tests in structured way (#2176918) - meson: Generate fuzzer inputs with directives (#2176918) - oss-fuzz: include generated corpora in the final zip file (#2176918) - unit: In cgroupv1, gracefully terminate delegated scopes again (#2180120) * Mon Feb 27 2023 systemd maintenance team <systemd-maint@redhat.com> - 252-8 - journal-file: Fix return value in bump_entry_array() (#2173682) * Mon Feb 27 2023 systemd maintenance team <systemd-maint@redhat.com> - 252-7 - test: add coverage for #24177 (#1985288) - logind-session: make stopping of idle session visible to admins (#2172401) * Wed Feb 22 2023 systemd maintenance team <systemd-maint@redhat.com> - 252-6 - journalctl: actually run the static destructors (#2122500) - efi: drop executable-stack bit from .elf file (#2140646) - install: fail early if specifier expansion failed (#2138081) - test: add coverage for #26467 (#2138081) * Fri Feb 17 2023 systemd maintenance team <systemd-maint@redhat.com> - 252-5 - nss-myhostname: fix inverted condition in (#2167468) - nss-myhostname: do not return empty result with NSS_STATUS_SUCCESS (#2167468) - sleep: rename hibernate_delay_sec -> _usec (#2151612) - sleep: fetch_batteries_capacity_by_name() does not return -ENOENT (#2151612) - sleep: drop unnecessary temporal vaiable and initialization (#2151612) - sleep: introduce SuspendEstimationSec= (#2151612) - sleep: coding style fixlets (#2151612) - sleep: simplify code a bit (#2151612) - sleep: fix indentation (#2151612) - sleep: enumerate only existing and non-device batteries (#2151612) - core: when isolating to a unit, also keep units running that are triggered by units we keep running (#1952378) - udev/net_id: introduce naming scheme for RHEL-9.2 (#2170500) * Mon Feb 06 2023 systemd maintenance team <systemd-maint@redhat.com> - 252-4 - udev: make get_virtfn_info() provide physical PCI device (#2159448) - test: make helper_check_device_units() log unit name (#2138081) - test: add a testcase for lvextend (#2138081) - pid1: fix segv triggered by status query (#26279) (#2138081) - test: create config under /run (#2138081) - test: add tests for mDNS and LLMNR settings (#2138081) - resolved: introduce the _localdnsstub and _localdnsproxy special hostnames for 127.0.0.54 + 127.0.0.53 (#2138081) - test: wait for the monitoring service to become active (#2138081) - test: suppress echo in monitor_check_rr() (#2138081) - Revert "test: wait for the monitoring service to become active" (#2138081) - test: show and check almost all journal entries since the relevant command being invoked (#2138081) - test: cover IPv6 in the resolved test suite (#2138081) - test: add a couple of SRV records to check service resolution (#2138081) - test: add a test for the OPENPGPKEY RR (#2138081) - test: don't hang indefinitely on no match (#2138081) - test-ndisc: fix memleak and fd leak (#2138081) - test-unit-name: fix fd leak (#2138081) - test: bump D-Bus service start timeout if we run without accel (#2138081) - test: bump the client-side timeout in sd-bus as well (#2138081) - test: bump the container spawn timeout to 60s (#2138081) - network: fix memleak (#2138081) - busctl: fix introspecting DBus properties (#2138081) - busctl: simplify peeking the type (#2138081) - resolve: drop redundant call of socket_ipv6_is_supported() (#2138081) - resolve: introduce link_get_llmnr_support() and link_get_mdns_support() (#2138081) - resolve: provide effective supporting levels of mDNS and LLMNR (#2138081) - resolvectl: warn if the global mDNS or LLMNR support level is lower than the requested one (#2138081) - resolve: enable per-link mDNS setting by default (#2138081) * Mon Jan 16 2023 systemd maintenance team <systemd-maint@redhat.com> - 252-3 - swap: tell swapon to reinitialize swap if needed (#2151993) - coredump: adjust whitespace (#2155517) - coredump: do not allow user to access coredumps with changed uid/gid/capabilities (#2155517) - Revert "basic: add fallback in chase_symlinks_and_opendir() for cases when /proc is not mounted" (#2138081) - glyph-util: add warning sign special glyph (#2138081) - chase-symlink: when converting directory O_PATH fd to real fd, don't bother with /proc/ (#2138081) - systemctl: print a clear warning if people invoke systemctl without /proc/ (#2138081) - TEST-65: check cat-config operation in chroot (#2138081) - TEST-65: use [[ -v ]] more (#2138081) - systemctl: warn if trying to disable a unit with no install info (#2141979) - systemctl: allow suppress the warning of no install info using --no-warn (#2141979) - rpm/systemd-update-helper: use --no-warn when disabling units (#2141979) - systemctl: suppress warning about missing /proc/ when --no-warn (#2141979) - shell-completion: systemctl: add --no-warn (#2141979) - core/unit: drop doubled empty line (#2160477) - core/unit: drop dependency to the unit being merged (#2160477) - core/unit: fix logic of dropping self-referencing dependencies (#2160477) - core/unit: merge two loops into one (#2160477) - test: add test case for sysv-generator and invalid dependency (#2160477) - core/unit: merge unit names after merging deps (#2160477) - core/unit: fix log message (#2160477) - test: explicitly create the /etc/init.d directory (#2160477) - test: support a non-default SysV directory (#2160477) * Fri Dec 09 2022 systemd maintenance team <systemd-maint@redhat.com> - 252-2 - test: check if we can use SHA1 MD for signing before using it (#2141979) - boot: cleanups for efivar_get() and friends (#2141979) - boot: fix false maybe-uninitialized warning (#2141979) - tree-wide: modernizations with RET_NERRNO() (#2137584) - sd-bus: handle -EINTR return from bus_poll() (#2137584) - stdio-bridge: don't be bothered with EINTR (#2137584) - varlink: also handle EINTR gracefully when waiting for EIO via ppoll() (#2137584) - sd-netlink: handle EINTR from poll() gracefully, as success (#2137584) - resolved: handle -EINTR returned from fd_wait_for_event() better (#2137584) - homed: handle EINTR gracefully when waiting for device node (#2137584) - utmp-wtmp: fix error in case isatty() fails (#2137584) - utmp-wtmp: handle EINTR gracefully when waiting to write to tty (#2137584) - io-util: document EINTR situation a bit (#2137584) - terminal-util: Set OPOST when setting ONLCR (#2138081) - cgtop: Do not rewrite -P or -k options (#2138081) - test: Add tests for systemd-cgtop args parsing (#2138081) - resolved: remove inappropriate assert() (#2138081) - boot: Add xstrn8_to_16 (#2138081) - boot: Use xstr8_to_16 (#2138081) - boot: Use xstr8_to_16 for path conversion (#2138081) - stub: Fix cmdline handling (#2138081) - stub: Detect empty LoadOptions when run from EFI shell (#2138081) - boot: Use EFI_BOOT_MANAGER_POLICY_PROTOCOL to connect console devices (#2138081) - boot: Make sure all partitions drivers are connected (#2138081) - boot: improve support for qemu (#2138081) - systemd-boot man page: add section for virtual machines (#2138081) - boot: Only do full driver initialization in VMs (#2138081) - dissect: rework DISSECT_IMAGE_ADD_PARTITION_DEVICES + DISSECT_IMAGE_OPEN_PARTITION_DEVICES (#2138081) - ci(Mergify): v252 configuration update (#2138081) - ci: Run GitHub workflows on rhel branches (#2138081) - ci: Drop scorecards workflow, not relevant (#2138081) * Fri Dec 02 2022 systemd maintenance team <systemd-maint@redhat.com> - 252-1 - Rebase to systemd v252 + systemd-stable v252.2 (#2138081) * Fri Dec 02 2022 systemd maintenance team <systemd-maint@redhat.com> - 250-13 - build systemd-boot EFI tools (#2140646) * Thu Aug 25 2022 systemd maintenance team <systemd-maint@redhat.com> - 250-11 - scope: allow unprivileged delegation on scopes (#2120604) - udev/net_id: add "rhel-9.1" naming scheme (#2121144) * Mon Aug 22 2022 systemd maintenance team <systemd-maint@redhat.com> - 250-10 - shared/install: fix crash when reenable is called without --root (#2120222) * Thu Aug 18 2022 systemd maintenance team <systemd-maint@redhat.com> - 250-9 - Revert "shared/install: create relative symlinks for enablement and aliasing" (#2118668) - glyph-util: add new glyphs for up/down arrows (#2118297) - tree-wide: allow ASCII fallback for → in logs (#2118297) - tree-wide: allow ASCII fallback for … in logs (#2118297) - core: allow to set default timeout for devices (#2116681) - man: document DefaultDeviceTimeoutSec= (#2116681) - man: update dbus docs (#2116681) - hwdb: 60-keyboard: Fix volume-button mapping on Asus TF103C (#2087778) - hwdb: CH Pro Pedals not classified correctly due to no buttons (#2087778) - hwdb: Add accel orientation quirk for the GPD Pocket 3 (#2087778) - hostname: Allow overriding the chassis type from hwdb (#2087778) - hwdb: Add Microsoft Surface Pro 1 chassis quirk (#2087778) - hwdb: treat logitech craft keyboard as a keyboard (#2087778) - test: frequency in mouse DPI is optional (#2087778) - hwdb: add two Elecom trackballs (#2087778) - hwdb: add new database file for PDA devices (#2087778) - hwdb: add support for Surface Laptop 2 & 3 (#22303) (#2087778) - hwdb: add HP calculators (#2087778) - hwbd: 60-sensor.hwdb: Add Pipo W2Pro (#2087778) - hwdb: 60-keyboard: Support the buttons on CZC P10T tablet (#2087778) - hwdb: add CST Laser Trackball (#22583) (#2087778) - hwdb: Force release calculator key on all HP OMEN laptops (#2087778) - Add support for NEC VersaPro VG-S (#2087778) - Fix mic mute on Acer TravelMate B311-31 (#22677) (#2087778) - Add AV production controllers to hwdb and add uaccess (#2087778) - hwdb: Add AV production access to Elgado Stream Deck devices (#2087778) - Add HP Elitebook 2760p support (#22766) (#2087778) - hwdb: Add mic mute key mapping for HP Elite x360 (#2087778) - hwdb: fix parser to work with newer pyparsing (#2087778) - hwdb: update for v251 (#2087778) - hwdb: update autosuspend entries (#2087778) - hwdb: drop boilerplate about match patterns being unstable (#2087778) - hwdb: Update 60-keyboard.hwdb (#23074) (#2087778) - hwdb: 60-keyboard: Add Acer Aspire One AO532h keymappings (#2087778) - hwdb 60-keyboard Add HP/Compaq KBR0133 (#2087778) - hwdb: add resolutions for the Vaio FE14 touchpad (#23136) (#2087778) - hwdb: Remap micmute to f20 for ASUS WMI hotkeys (#2087778) - hwdb: Fix rotation for HP Pro Tablet 408 G1 (#2087778) - hwdb: add keyboard mapping for HP ProBook 11G2 (#2087778) - hwdb: make sure "ninja update-hwdb" works on f35 (#2087778) - hwbd: run "update-hwdb" for v251-rc2 (#2087778) - hwdb: run "ninja update-hwdb-autosuspend" for v251-rc2 (#2087778) - Fix orientation detection for Asus Transformer T100TAF, copied T100TA rule (#2087778) - Fix orientation detection for HP Pavilion X2 10-k010nr (#2087778) - fix typo (#2087778) - Adding a description of the keyboard shortcut Fn+F12 for the HP EliteBook 845 G7 device. (#23253) (#2087778) - hwdb: run "update-hwdb" (#2087778) - hwdb: add rammus accelerometer support (#2087778) - Add support to set autosuspend delay via hwdb (#2087778) - Set autosuspend delay for Fibocom LG850-GL (#2087778) - Add HUION Inspiroy H420X to hwdb (#2087778) - hwdb: run 'update-hwdb' for v251-rc3 (#2087778) - hwdb: add touchpad parameters for Lenovo T15g Gen1 (#23373) (#2087778) - hwdb: Add accel orientation for the I15-TG (#2087778) - hwdb: fix accelerometer mount matrix for Aquarius NS483 (#2087778) - hwdb: Add Google Hangouts Meet speakermic (#2087778) - hwdb: update via ninja -C build update-hwdb (#2087778) - hwdb: Add Google Meet speakermic (#2087778) - hwdb: Add accel orientation quirk for the Aya Neo Next (#2087778) - hwdb: Add HP Dev One (#2087778) - hwdb: analyzers: remove generic "STM Device in DFU Mode" (#2087778) - hwdb: Add Lenovo ThinkPad C13 Yoga (#2087778) - Fix automatic screen rotation for Asus Transformer T100TAM (#2087778) - hwdb: Add Acer Aspire A317-33 (#24050) (#2087778) - Add ACCEL_MOUNT_MATRIX for OXP Mini (#2087778) - Added DERE DBook D10 (#24173) (#2087778) - hwdb: analyzers: Clarify the type of devices we want listed (#2087778) - hwdb: Add Greaseweazle "drives" to the list of analyzers (#2087778) - hwdb: Apply existing accel orientation quirk to all Chromebooks (#2087778) * Wed Jul 20 2022 systemd maintenance team <systemd-maint@redhat.com> - 250-8 - core: shorten long unit names that are based on paths and append path hash at the end (#2083493) - tests: add test case for long unit names (#2083493) - tests: reflect that we can now handle devices with very long sysfs paths (#2083493) - test: extend the "hashed" unit names coverage a bit (#2083493) - Revert "kernel-install: also remove modules.builtin.alias.bin" (#2065061) - Revert "kernel-install: prefer /boot over /boot/efi for $BOOT_ROOT" (#2065061) - kernel-install: 50-depmod: port to /bin/sh (#2065061) - kernel-install: 90-loaderentry: port to /bin/sh (#2065061) - kernel-install: fix shellcheck (#2065061) - kernel-install: port to /bin/sh (#2065061) - kernel-install: 90-loaderentry: error out on nonexistent initrds instead of swallowing them quietly (#2065061) - kernel-install: don't pull out KERNEL_IMAGE (#2065061) - kernel-install: prefer /boot over /boot/efi for $BOOT_ROOT (#2065061) - kernel-install: also remove modules.builtin.alias.bin (#2065061) - kernel-install: add new variable $KERNEL_INSTALL_INITRD_GENERATOR (#2065061) - kernel-install: k-i already creates $ENTRY_DIR_ABS, no need to do it again (#2065061) - kernel-install: prefix errors with "Error:", exit immediately (#2065061) - kernel-install: add "$KERNEL_INSTALL_STAGING_AREA" directory (#2065061) - kernel-install: add missing log line (#2065061) - kernel-install: don't try to persist used machine ID locally (#2065061) - kernel-install: add a new $ENTRY_TOKEN variable for naming boot entries (#2065061) - kernel-install: only generate systemd.boot_id= in kernel command line if used for naming the boot loader spec files/dirs (#2065061) - kernel-install: search harder for kernel image/initrd drop-in dir (#2065061) - kernel-install: add new "inspect" verb, showing paths and parameters we discovered (#2065061) - ci(Mergify): configuration update (#2087652) - ci(Mergify): fix copy&paste bug (#2087652) - shared: Fix memory leak in bus_append_execute_property() (#2087652) - fuzz: no longer skip empty files (#2087652) - networkctl: open the bus just once (#2087652) - json: align table (#2087652) - fuzz-json: optionally allow logging and output (#2087652) - shared/json: reduce scope of variables (#2087652) - fuzz-json: also do sorting and normalizing and other easy calls (#2087652) - shared/json: wrap long comments (#2087652) - shared/json: fix memory leak on failed normalization (#2087652) - shared/json: add helper to ref first, unref second (#2087652) - basic/alloc-util: remove unnecessary parens (#2087652) - fuzz-json: also try self-merge operations (#2087652) - shared/json: fix another memleak in normalization (#2087652) - shared/json: fix memleak in sort (#2087652) - execute: fix resource leak (#2087652) - tests: ignore dbus-broker-launcher (#2087652) - core/timer: fix memleak (#2087652) - timedatectl: fix a memory leak (#2087652) - test: fix file descriptor leak in test-psi-util (#2087652) - test: fix file descriptor leak in test-tmpfiles.c (#2087652) - test: fix file descriptor leak in test-fs-util (#2087652) - test: fix file descriptor leak in test-oomd-util (#2087652) - test: fix file descriptor leak in test-catalog (#2087652) - test: make masking of supplementary services configurable (#2087652) - test: fuzz our dbus interfaces with dfuzzer (#2087652) - test: skip TEST-21-DFUZZER without ASan (#2087652) - core: annotate Reexecute() as NoReply (#2087652) - test: always force a new image for dfuzzer (#2087652) - test: make dfuzzer less verbose (#2087652) - test: drop the at_exit() coredump check (#2087652) - test: make the shutdown routine a bit more "robust" (#2087652) - tree-wide: drop manually-crafted message for missing variables (#2087652) - test: allow overriding $QEMU_MEM when running w/ ASan (#2087652) - test: don't test buses we don't ship (#2087652) - shutdown: get only active md arrays. (#2047682) - bus: Use OrderedSet for introspection (#2068131) - logind-session-dbus: allow to set display name via dbus (#2100340) - ci: limit which env variables we pass through `sudo` (#2087652) - ci(Mergify): Add `ci-waived` logic (#2087652) - json: use unsigned for refernce counter (#2087652) - macro: check over flow in reference counter (#2087652) - sd-bus: fix reference counter to be incremented (#2087652) - sd-bus: introduce ref/unref function for track_item (#2087652) - sd-bus: do not read unused value (#2087652) - sd-bus: do not return negative errno when unknown name is specified (#2087652) - sd-bus: use hashmap_contains() and drop unnecessary cast (#2087652) - test: shorten code a bit (#2087652) - test: add several tests for track item (#2087652) - core/slice: make slice_freezer_action() return 0 if freezing state is unchanged (#2087652) - core/unit: fix use-after-free (#2087652) - core/timer: fix potential use-after-free (#2087652) - core: command argument can be longer than PATH_MAX (#2073994) - shared/install: consistently use 'lp' as the name for the LookupPaths instance (#2082131) - shared/specifier: treat NULL the same as "" (#2082131) - shared/install: do not print aliases longer than UNIT_NAME_MAX (#2082131) - shared/install-printf: drop now-unused install_path_printf() (#2082131) - strv: declare iterator of FOREACH_STRING() in the loop (#2082131) - basic/unit-file: split out the subroutine for symlink verification (#2082131) - basic/stat-util: add null_or_empty_path_with_root() (#2082131) - shared/install: reuse the standard symlink verification subroutine (#2082131) - shared/install: add a bit more quoting (#2082131) - test: add test for systemctl link & enable (#2082131) - tests: add helper for creating tempfiles with content (#2082131) - man: clarify the descriptions of aliases and linked unit files (#2082131) - basic: add new variable $SYSTEMD_OS_RELEASE to override location of os-release (#2082131) - test-os-util: add basic tests for os-release parsing (#2082131) - basic/env-file: make load-env-file deduplicate entries with the same key (#2082131) - man/os-release: add a note about repeating entries (#2082131) - shared/specifier: clarify and add test for missing data (#2082131) - shared/specifier: provide proper error messages when specifiers fail to read files (#2082131) - shared/install: provide proper error messages when invalid specifiers are used (#2082131) - shared/install: move scope into InstallContext (#2082131) - shared/specifier: fix %u/%U/%g/%G when called as unprivileged user (#2082131) - shared/install: simplify unit_file_dump_changes() (#2082131) - shared/install: propagate errors about invalid aliases and such too (#2082131) - shared/install: return failure when enablement fails, but process as much as possible (#2082131) - systemctl: fix silent failure when --root is not found (#2082131) - shared/install: also check for self-aliases during installation and ignore them (#2082131) - docs: Correct WantedBy= regarding template units (#2082131) - man: fix invalid description of template handling in WantedBy= (#2082131) - shared/install: drop unnecessary casts (#2082131) - strv: make iterator in STRV_FOREACH() declaread in the loop (#2082131) - core: ExecContext::restrict_filesystems is set of string (#2082131) - install: when linking a file, create the link first or abort (#2082131) - shared/install: split unit_file_{disable,enable}() so _reenable doesn't do setup twice (#2082131) - shared/install: fix reenable on linked unit files (#2082131) - test-systemctl-enable: extend the test for repeated WantedBy/RequiredBy (#2082131) - shared/install: when we fail to chase a symlink, show some logs (#2082131) - shared/install: do not try to resolve symlinks outside of root directory (#2082131) - test-systemctl-enable: enhance the test for unit file linking (#2082131) - shared/install: skip unnecessary chasing of symlinks in disable (#2082131) - shared/install: also remove symlinks like .wants/foo@one.service → ../foo@one.service (#2082131) - shared/install: create relative symlinks for enablement and aliasing (#2082131) - shared/install: when looking for symlinks in .wants/.requires, ignore symlink target (#2082131) - shared/install: stop passing duplicate root argument to install_name_printf() (#2082131) - basic/unit-file: reverse negative conditional (#2082131) - shared/install: split UNIT_FILE_SYMLINK into two states (#2082131) - shared/install: fix handling of a linked unit file (#2082131) - test-systemctl-enable: make shellcheck happy (#2082131) - shared/install: when creating symlinks, accept different but equivalent symlinks (#2082131) - test-systemctl-enable: use magic syntax to allow inverted tests (#2082131) - test-systemctl-enable: also use freshly-built systemd-id128 (#2082131) - test-systemctl-enable: disable the test for %a for now (#2082131) - Rename UnitFileScope to LookupScope (#2082131) - core: handle lookup paths being symlinks (#2082131) - shared/install: use correct cleanup function (#2082131) - udev/net_id: avoid slot based names only for single function devices (#2073003) - test: import logind test from debian/ubuntu test suite (#2087652) - test: drop redundant IMAGE_NAME= (#2087652) - test: import timedated test from debian/ubuntu test suite (#2087652) - test: introduce assert_not_in() helper function (#2087652) - test: drop unnecessary --no-pager option (#2087652) - test: support debian/ubuntu specific timezone config file (#2087652) - test: import hostnamed tests from debian/ubuntu test suite (#2087652) - locale-util: fix memleak on failure (#2087652) - locale-util: check if enumerated locales are valid (#2087652) - locale-util: align locale entries (#2087652) - core: inline an iterator variable (#2087652) - locale-setup: merge locale handling in PID1 and localed (#2087652) - locale: rename keymap-util.[ch] -> localed-util.[ch] (#2087652) - test: add one more path to search keymaps (#2087652) - test: introduce inst_recursive() helper function (#2087652) - hmac/sha256: move size define to sha256.h (#2087652) - tpm2: support policies with PIN (#2087652) - cryptenroll: add support for TPM2 pin (#2087652) - cryptsetup: add support for TPM2 pin (#2087652) - cryptsetup: add libcryptsetup TPM2 PIN support (#2087652) - cryptenroll: add TPM2 PIN documentation (#2087652) - cryptsetup: add manual TPM2 PIN configuration (#2087652) - cryptenroll: add tests for TPM2 unlocking (#2087652) - env-util: replace unsetenv_erase() by new getenv_steal_erase() helper (#2087652) - test: install libxkbcommon and x11 keymaps (#2087652) - test: install C.UTF-8 and English locales (#2087652) - test: import localed tests from debian/ubuntu test suite (#2087652) - unit: check for mount rate limiting before checking active state (#2087652) - tests: make sure we delay running mount start jobs when /p/s/mountinfo is rate limited (#2087652) - test: insert space in for loop (#2087652) - test: move "do" at the end of line (#2087652) - test: use trap RETURN (#2087652) - test: ignore the error about our own libraries missing during image creation (#2087652) - test: wrap binaries using systemd DSOs when running w/ ASan (#2087652) - test: set $ASAN_RT_PATH along with $LD_PRELOAD to the ASan runtime DSO (#2087652) - test: drop all LD_PRELOAD-related ASan workarounds (#2087652) - test: don't wrap binaries built with ASan (#2087652) - test: send stdout/stderr of testsuite units to journal & console (#2087652) - test: make the busy loop in TEST-02 less verbose (#2087652) - test: always wrap useradd/userdel when running w/ ASan (#2087652) - test: don't flush debug logs to the console (#2087652) - test: fix a couple of issues found by shellcheck (#2087652) - test: pass the initdir to check_result_{qemu,nspawn} hooks (#2087652) - test: run the custom check hooks before common checks (#2087652) - test: check journal directly instead of capturing console output (#2087652) - test: use saved process PID instead of % (#2087652) - test: account for ADDR_NO_RANDOMIZE if it's set (#2087652) - fuzz-bcd: silence warning about always-true comparison (#2087652) - test: disable test_ntp on RHEL (#2087652) - core: do not filter out systemd.unit= and run-level specifier from kernel command line (#2087652) - test: add a simple test for daemon-reexec (#2087652) - test: install /usr/libexec/vi as well (#2087652) - test: resize the terminal automagically with INTERACTIVE_DEBUG=yes (#2087652) - test: create an ASan wrapper for `getent` and `su` (#2087652) - test: mark partition bootable (#2087652) - test: bump the data partition size if we don't strip binaries (#2087652) - test: use PBKDF2 with capped iterations instead of Argon2 (#2087652) - locale: drop unnecessary allocation (#2087652) * Wed Apr 20 2022 systemd maintenance team <systemd-maint@redhat.com> - 250-7 - test: check systemd RPM macros (#2017035) - test: do not assume x86-64 arch in TEST-58-REPART (#2017035) - tests: add repart tests for block devices with 1024, 2048, 4096 byte sector sizes (#2017035) - test: accept both unpadded and padded partition sizes (#2017035) - test: lvm 2.03.15 dropped the static autoactivation (#2017035) - test: accept GC'ed units in newer LVM (#2017035) - shared: Add more dlopen() tests (#2017035) - systemctl: Show how long a service ran for after it exited in status output (#2017035) - time-util: introduce TIMESTAMP_UNIX (#2017035) - systemctl,man: update docs for `--timestamp=` (#2017035) - systemctl: make `--timestamp=` affect the `show` verb as well (#2017035) - tests: allow running all the services with SYSTEMD_LOG_LEVEL (#2017035) - coredump: raise the coredump save size on 64bit systems to 32G (and lower it to 1G on 32bit systems) (#2017035) - repart: fix sector size handling (#2017035) - mkdir: allow to create directory whose path contains symlink (#2017035) - mkdir: CHASE_NONEXISTENT cannot used in chase_symlinks_and_stat() (#2017035) - meson: move efi file lists closer to where they are used (#2017035) - meson: move efi summary() section to src/boot/efi (#2017035) - meson: report SBAT settings (#2017035) - boot: Build BCD parser only on arches supported by Windows (#2017035) - meson: Remove efi-cc option (#2017035) - meson: Get objcopy location from compiler (#2017035) - meson: Use files() for source lists for boot and fundamental (#2017035) - meson: Use files() for tests (#2017035) - tests: add fuzz-bcd (#2017035) - meson: Use files() for fuzzers (#2017035) - meson: Add check argument to remaining run_command() calls (#2017035) - meson: Use echo to list files (#2017035) - test: add a test for mkdir_p() (#2017035) - util: another set of CVE-2021-4034 assert()s (#2017035) - basic: update CIFS magic (#2017035) - shared: be extra paranoid and check if argc > 0 (#2017035) - core: check if argc > 0 and argv[0] is set (#2017035) - core: check argc/argv uncoditionally (#2017035) - test: temporary workaround for #21819 (#2017035) - test: don't leak local variable to outer scopes (#2017035) - tree-wide: don't use strjoina() on getenv() values (#2017035) - man: clarify Environmentfile format (#2017035) - test-load-fragment: add a basic test for config_parse_unit_env_file() (#2017035) - core/execute: use _cleanup_ in exec_context_load_environment() (#2017035) - test-env-file: add tests for quoting in env files (#2017035) util-linux-core| * Thu Feb 08 2024 Karel Zak <kzak@redhat.com> 2.37.4-18 - lscpu: another tests update (RHEL-12783) * Thu Feb 08 2024 Karel Zak <kzak@redhat.com> 2.37.4-17 - lscpu: update tests, follow max freq for scaling (RHEL-12783) * Wed Feb 07 2024 Karel Zak <kzak@redhat.com> 2.37.4-16 - fix RHEL-16048 - uninitialized memory in SCM_CREDENTIALS in logger(1) - fix RHEL-21257 - logger sending process start time not current time with log messages - fix RHEL-16071 - issues in libblkid - fix RHEL-12783 - lscpu -e doesn't show the current real frequency value - fix RHEL-14612 - Userspace mount options are not preserved for NFS * Thu Aug 24 2023 Karel Zak <kzak@redhat.com> 2.37.4-15 - fix typo in patch for #2133396 * Wed Aug 23 2023 Karel Zak <kzak@redhat.com> 2.37.4-14 - improve fix #2133396 - Internal testsuite for cramfs fails on s390x * Thu Aug 10 2023 Karel Zak <kzak@redhat.com> 2.37.4-13 - improve fix #2180414 - Backport hint about systemd daemon-reload * Wed Aug 09 2023 Karel Zak <kzak@redhat.com> 2.37.4-12 - fix #2133396 - Internal testsuite for cramfs fails on s390x - fix #2174748 - enable uuidd cont-clock by default - fix #2182169 - lscpu: backport ARM human-readable names from upstream - fix #2189947 - libuuid - downport cache related patch - fix #2203324 - zram module does not have algorithms mentioned in zramctl command - fix #2209267 - Add additional documentation on devices being auto-mounted if a device exists within fstab. - fix #2215082 - For the 'sfdisk' man page to further clarify the expected behavior and intended use of the -d option * Tue Mar 28 2023 Karel Zak <kzak@redhat.com> 2.37.4-11 - fix #2180414 - Backport hint about systemd daemon-reload * Tue Feb 07 2023 Karel Zak <kzak@redhat.com> 2.37.4-10 - fix #2165981 - fstrim -av fails to trim root filesystem on Red Hat Coreos - fix #2141970 - add --cont-clock feature for libuuid and uuidd - fix #2133385 - uuidd returns time-based UUIDs when asked for random UUIDs. - fix #2156946 - agetty does not handle the \l sequence in /etc/issue correctly - fix #2166653 - last(1) should be more robust with work with strings - fix #2120246 - use {_tmpfilesdir} also in install section - fix #2134143 - publish libsmartcols-devel subpackages to C9S yum repos * Wed Aug 24 2022 Karel Zak <kzak@redhat.com> 2.37.4-9 - improve lslogins pasword validator (related #2094216) * Mon Aug 15 2022 Karel Zak <kzak@redhat.com> 2.37.4-8 - remove unnecessary patches (#2117203) * Fri Aug 12 2022 Karel Zak <kzak@redhat.com> 2.37.4-7 - improve loop overlay test (#2117203) * Wed Aug 10 2022 Karel Zak <kzak@redhat.com> 2.37.4-6 - fix #2094216 - lslogins reports incorrect "Password is locked" status - fix #2117203 - loop-overlay test failed * Fri Jul 22 2022 Karel Zak <kzak@redhat.com> 2.37.4-5 - cleanup spec file build requiremnts * Thu Jul 21 2022 Karel Zak <kzak@redhat.com> 2.37.4-4 - fix #2079652 - remove uclampset, unsupported by RHEL kernel - fix #2094216 - lslogins reports incorrect "Password is locked" status - fix #2092943 - uuidd time based UUIDs are without MAC address - fix #2074486 - wipefs to erase all available signatures against read only rom - fix #2064810 - RFE: complete libblkid FSSIZE implementation - fix #2078787 - Activity "lsirq -s column" produces wrong result i.e. not sorting properly. - fix #2076829 - dmesg new option "--since" is not working if timestamp format is not provided - fix #2109459 - fix compiler warnings/errors * Thu Feb 24 2022 Karel Zak <kzak@redhat.com> 2.37.4-3 - fix #2057046 - wdctl not picking up reboot reason flag * Thu Feb 17 2022 Karel Zak <kzak@redhat.com> 2.37.4-2 - improve bugfix for #2047952, fix warnings from rpminspect * Wed Feb 16 2022 Karel Zak <kzak@redhat.com> 2.37.4-1 - upgrade to v2.37.4 (fix CVE-2022-0563) libssh| * Mon Feb 19 2024 Sahana Prasad <sahana@redhat.com> - 0.10.4-13 - Bump up the version so that the version in 9.3 is lower. - Resolves: RHEL-19310, RHEL-19691, RHEL-17245 * Tue Jan 09 2024 Sahana Prasad <sahana@redhat.com> - 0.10.4-12 - Fix CVE-2023-48795 Prefix truncation attack on Binary Packet Protocol (BPP) - Fix CVE-2023-6918 Missing checks for return values for digests - Fix CVE-2023-6004 ProxyCommand/ProxyJump features allow injection of malicious code through hostname - Resolves: RHEL-19310, RHEL-19691, RHEL-17245 * Wed Jun 21 2023 Norbert Pocs <npocs@redhat.com> - 0.10.4-11 - Fix loglevel regression - Related: rhbz#2182252, rhbz#2189740 * Mon May 22 2023 Norbert Pocs <npocs@redhat.com> - 0.10.4.10 - Fix null dereference issues found by covscan - Related: rhbz#2182252, rhbz#2189740 * Wed May 10 2023 Norbert Pocs <npocs@redhat.com> - 0.10.4-9 - Fix CVE-2023-1667 and CVE-2023-2283 - Fix issues found by cosvcan - Resolves: rhbz#2182252, rhbz#2189740 * Mon Jan 23 2023 Stanislav Zidek <szidek@redhat.com> - 0.10.4-8 + libssh-0.10.4-8 - Extended CI to run internal tests in RHEL - Related: rhbz#2160080 * Wed Jan 04 2023 Norbert Pocs <npocs@redhat.com> - 0.10.4-7 - Add sk-keys to configuration parsing allowing to turn on-off by config - Related: rhbz#2026449 * Thu Dec 01 2022 Norbert Pocs <npocs@redhat.com> - 0.10.4-6 - Fix covscan error - Remove unwanted test with yet unimplemented feature - Related: rhbz#2137839, rhbz#2136824 * Thu Dec 01 2022 Stanislav Zidek <szidek@redhat.com> - 0.10.4-5 + libssh-0.10.4-5 - Fixed CI configuration due to TMT changes * Wed Nov 30 2022 Norbert Pocs <npocs@redhat.com> - 0.10.4-4 - Move loglevel closer to openssh loglevel - Add openssh config feature of +,-,^ for algorithm lists - Fix memory leaks of bignum - Prevent multiple expansion of escape characters - Resolves: rhbz#2132407, rhbz#2137839, rhbz#2144795, rhbz#2136824 * Tue Oct 04 2022 Norbert Pocs <npocs@redhat.com> - 0.10.4-3 - Enable pkcs11 support - Fix broken libsofthsm path on i686 - Add missing bugzilla references from the rebase commit - Related: rhbz#2026449 - Resolves: rhbz#1977913, rhbz#1975500 * Tue Sep 27 2022 Norbert Pocs <npocs@redhat.com> - 0.10.4-2 - Fix coverity scan issues - Resolves: rhbz#2130126 * Mon Sep 19 2022 Norbert pocs <npocs@redhat.com> - 0.10.4-1 - Rebase to version 0.10.4 - Add pkcs11 support - Disallow ssh-rsa key in FIPS mode - Fix openssl KDF check at build - ChangeLog was renamed to CHANGELOG - Resolves: rhbz#2068475, rhbz#2026449, rhbz#2004021, rhbz#1977913, rhbz#1975500 cyrus-sasl-lib| * Mon Aug 01 2022 Simo Sorce <simo@redhat.com> - 2.1.27-21 - Fix memleak * Wed Feb 23 2022 Simo Sorce <simo@redhat.com> - 2.1.27-20 - Fix for CVE-2022-24407 - Resolves: rhbz#2055848 * Wed Feb 09 2022 Simo Sorce <simo@redhat.com> - 2.1.27-19 - Fix a memleak in one of the OpenSSL 3 compat patches found by covscan * Mon Feb 07 2022 Simo Sorce <simo@redhat.com> - 2.1.27-18 - Update OpenSSL 3 related compatibility patch backports * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.1.27-17 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Wed Jul 28 2021 Simo Sorce <simo@redhat.com> - 2.1.27-16 - Rebuild to pass gating after fixing rhbz#1983928 * Wed Jul 28 2021 Florian Weimer <fweimer@redhat.com> - 2.1.27-15 - Rebuild to pick up OpenSSL 3.0 Beta ABI (#1984097) * Mon Jul 19 2021 Simo Sorce <simo@redhat.com> - 2.1.27-14 - Fix crashs on missing legacy algorithms Resolves: rhbz#1974354 * Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.1.27-13 - Rebuilt for RHEL 9 BETA for openssl 3.0 Related: rhbz#1971065 * Fri Jun 04 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 2.1.27-12 - Incorporate the upstream gdbm specific patch from https://github.com/cyrusimap/cyrus-sasl/pull/554 - Resolves rhbz#1947971 * Wed Apr 28 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 2.1.27-11 - Set default sasldb database to GDBM instead of BerkeleyDB - Add the migration tool from BerkeleyDB - Add some PLAIN auth tests - Resolves rhbz#1947971 * Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 2.1.27-10 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Mon Apr 12 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 2.1.27-9 - Coverity-related fixes (#1938700) * Mon Feb 08 2021 Pavel Raiskup <praiskup@redhat.com> - 2.1.27-8 - rebuild for libpq ABI fix rhbz#1908268 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.27-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild libarchive| * Sat May 04 2024 Release Engineering <releng@rockylinux.org> - 3.5.3-4.0.1 - Rebuild package to address build system issue * Wed Nov 23 2022 Lukas Javorsky <ljavorsk@redhat.com> - 3.5.3-4 - Resolves: CVE-2022-36227 * Tue Jul 12 2022 Lukas Javorsky <ljavorsk@redhat.com> - 3.5.3-3 - Resolves: #2106651 * Wed May 18 2022 Lukas Javorsky <ljavorsk@redhat.com> - 3.5.3-2 - Resolves: CVE-2022-26280 openssl| * Wed Feb 21 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-27 - Use certified FIPS module instead of freshly built one in Red Hat distribution Related: RHEL-23474 * Tue Nov 21 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-26 - Avoid implicit function declaration when building openssl Related: RHEL-1780 - In FIPS mode, prevent any other operations when rsa_keygen_pairwise_test fails Resolves: RHEL-17104 - Add a directory for OpenSSL providers configuration Resolves: RHEL-17193 - Eliminate memory leak in OpenSSL when setting elliptic curves on SSL context Resolves: RHEL-19515 - POLY1305 MAC implementation corrupts vector registers on PowerPC (CVE-2023-6129) Resolves: RHEL-21151 - Excessive time spent checking invalid RSA public keys (CVE-2023-6237) Resolves: RHEL-21654 - SSL ECDHE Kex fails when pkcs11 engine is set in config file Resolves: RHEL-20249 - Denial of service via null dereference in PKCS#12 Resolves: RHEL-22486 - Use certified FIPS module instead of freshly built one in Red Hat distribution Resolves: RHEL-23474 * Mon Oct 16 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-25 - Provide relevant diagnostics when FIPS checksum is corrupted Resolves: RHEL-5317 - Don't limit using SHA1 in KDFs in non-FIPS mode. Resolves: RHEL-5295 - Provide empty evp_properties section in main OpenSSL configuration file Resolves: RHEL-11439 - Avoid implicit function declaration when building openssl Resolves: RHEL-1780 - Forbid explicit curves when created via EVP_PKEY_fromdata Resolves: RHEL-5304 - AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries (CVE-2023-2975) Resolves: RHEL-5302 - Excessive time spent checking DH keys and parameters (CVE-2023-3446) Resolves: RHEL-5306 - Excessive time spent checking DH q parameter value (CVE-2023-3817) Resolves: RHEL-5308 - Fix incorrect cipher key and IV length processing (CVE-2023-5363) Resolves: RHEL-13251 - Switch explicit FIPS indicator for RSA-OAEP to approved following clarification with CMVP Resolves: RHEL-14083 - Backport the check required by SP800-56Br2 6.4.1.2.1 (3.c) Resolves: RHEL-14083 - Add missing ECDH Public Key Check in FIPS mode Resolves: RHEL-15990 - Excessive time spent in DH check/generation with large Q parameter value (CVE-2023-5678) Resolves: RHEL-15954 * Wed Jul 12 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-24 - Make FIPS module configuration more crypto-policies friendly Related: rhbz#2216256 * Tue Jul 11 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-23 - Add a workaround for lack of EMS in FIPS mode Resolves: rhbz#2216256 * Thu Jul 06 2023 Sahana Prasad <sahana@redhat.com> - 1:3.0.7-22 - Remove unsupported curves from nist_curves. Resolves: rhbz#2069336 * Mon Jun 26 2023 Sahana Prasad <sahana@redhat.com> - 1:3.0.7-21 - Remove the listing of brainpool curves in FIPS mode. Related: rhbz#2188180 * Tue May 30 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-20 - Fix possible DoS translating ASN.1 object identifiers Resolves: CVE-2023-2650 - Release the DRBG in global default libctx early Resolves: rhbz#2211340 * Mon May 22 2023 Clemens Lang <cllang@redhat.com> - 1:3.0.7-19 - Re-enable DHX keys in FIPS mode, disable FIPS 186-4 parameter validation and generation in FIPS mode Resolves: rhbz#2169757 * Thu May 18 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-18 - Use OAEP padding and aes-128-cbc by default in cms command in FIPS mode Resolves: rhbz#2160797 * Tue May 09 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-17 - Enforce using EMS in FIPS mode - better alerts Related: rhbz#2157951 * Tue May 02 2023 Sahana Prasad <sahana@redhat.com> - 1:3.0.7-16 - Upload new upstream sources without manually hobbling them. - Remove the hobbling script as it is redundant. It is now allowed to ship the sources of patented EC curves, however it is still made unavailable to use by compiling with the 'no-ec2m' Configure option. The additional forbidden curves such as P-160, P-192, wap-tls curves are manually removed by updating 0011-Remove-EC-curves.patch. - Enable Brainpool curves. - Apply the changes to ec_curve.c and ectest.c as a new patch 0010-Add-changes-to-ectest-and-eccurve.patch instead of replacing them. - Modify 0011-Remove-EC-curves.patch to allow Brainpool curves. - Modify 0011-Remove-EC-curves.patch to allow code under macro OPENSSL_NO_EC2M. Resolves: rhbz#2130618, rhbz#2188180 * Fri Apr 28 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-15 - Backport implicit rejection for RSA PKCS#1 v1.5 encryption Resolves: rhbz#2153471 * Fri Apr 21 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-14 - Input buffer over-read in AES-XTS implementation on 64 bit ARM Resolves: rhbz#2188554 * Tue Apr 18 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-13 - Enforce using EMS in FIPS mode Resolves: rhbz#2157951 - Fix excessive resource usage in verifying X509 policy constraints Resolves: rhbz#2186661 - Fix invalid certificate policies in leaf certificates check Resolves: rhbz#2187429 - Certificate policy check not enabled Resolves: rhbz#2187431 - OpenSSL rsa_verify_recover key length checks in FIPS mode Resolves: rhbz#2186819 * Fri Mar 24 2023 Clemens Lang <cllang@redhat.com> - 1:3.0.7-12 - Change explicit FIPS indicator for RSA decryption to unapproved Resolves: rhbz#2179379 * Mon Mar 20 2023 Clemens Lang <cllang@redhat.com> - 1:3.0.7-11 - Add missing reference to patchfile to add explicit FIPS indicator to RSA encryption and RSASVE and fix the gettable parameter list for the RSA asymmetric cipher implementation. Resolves: rhbz#2179379 * Fri Mar 17 2023 Clemens Lang <cllang@redhat.com> - 1:3.0.7-10 - Add explicit FIPS indicator to RSA encryption and RSASVE Resolves: rhbz#2179379 * Thu Mar 16 2023 Clemens Lang <cllang@redhat.com> - 1:3.0.7-9 - Fix explicit FIPS indicator for X9.42 KDF when used with output lengths < 14 bytes Resolves: rhbz#2175864 * Thu Mar 16 2023 Clemens Lang <cllang@redhat.com> - 1:3.0.7-8 - Fix Wpointer-sign compiler warning Resolves: rhbz#2178034 * Tue Mar 14 2023 Clemens Lang <cllang@redhat.com> - 1:3.0.7-7 - Add explicit FIPS indicators to key derivation functions Resolves: rhbz#2175860 rhbz#2175864 - Zeroize FIPS module integrity check MAC after check Resolves: rhbz#2175873 - Add explicit FIPS indicator for IV generation in AES-GCM Resolves: rhbz#2175868 - Add explicit FIPS indicator for PBKDF2, use test vector with FIPS-compliant salt in PBKDF2 FIPS self-test Resolves: rhbz#2178137 - Limit RSA_NO_PADDING for encryption and signature in FIPS mode Resolves: rhbz#2178029 - Pairwise consistency tests should use Digest+Sign/Verify Resolves: rhbz#2178034 - Forbid DHX keys import in FIPS mode Resolves: rhbz#2178030 - DH PCT should abort on failure Resolves: rhbz#2178039 - Increase RNG seeding buffer size to 32 Related: rhbz#2168224 * Wed Mar 08 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-6 - Fixes RNG slowdown in FIPS mode Resolves: rhbz#2168224 * Wed Feb 08 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-5 - Fixed X.509 Name Constraints Read Buffer Overflow Resolves: CVE-2022-4203 - Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 - Fixed Double free after calling PEM_read_bio_ex Resolves: CVE-2022-4450 - Fixed Use-after-free following BIO_new_NDEF Resolves: CVE-2023-0215 - Fixed Invalid pointer dereference in d2i_PKCS7 functions Resolves: CVE-2023-0216 - Fixed NULL dereference validating DSA public key Resolves: CVE-2023-0217 - Fixed X.400 address type confusion in X.509 GeneralName Resolves: CVE-2023-0286 - Fixed NULL dereference during PKCS7 data verification Resolves: CVE-2023-0401 * Wed Jan 11 2023 Clemens Lang <cllang@redhat.com> - 1:3.0.7-4 - Disallow SHAKE in RSA-OAEP decryption in FIPS mode Resolves: rhbz#2142121 * Thu Jan 05 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-3 - Refactor OpenSSL fips module MAC verification Resolves: rhbz#2157965 * Thu Nov 24 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-2 - Various provider-related imrovements necessary for PKCS#11 provider correct operations Resolves: rhbz#2142517 - We should export 2 versions of OPENSSL_str[n]casecmp to be compatible with upstream Resolves: rhbz#2133809 - Removed recommended package for openssl-libs Resolves: rhbz#2093804 - Adjusting include for the FIPS_mode macro Resolves: rhbz#2083879 - Backport of ppc64le Montgomery multiply enhancement Resolves: rhbz#2130708 - Fix explicit indicator for PSS salt length in FIPS mode when used with negative magic values Resolves: rhbz#2142087 - Update change to default PSS salt length with patch state from upstream Related: rhbz#2142087 * Tue Nov 22 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-1 - Rebasing to OpenSSL 3.0.7 Resolves: rhbz#2129063 * Mon Nov 14 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-44 - SHAKE-128/256 are not allowed with RSA in FIPS mode Resolves: rhbz#2144010 - Avoid memory leaks in TLS Resolves: rhbz#2144008 - FIPS RSA CRT tests must use correct parameters Resolves: rhbz#2144006 - FIPS-140-3 permits only SHA1, SHA256, and SHA512 for DRBG-HASH/DRBG-HMAC Resolves: rhbz#2144017 - Remove support for X9.31 signature padding in FIPS mode Resolves: rhbz#2144015 - Add explicit indicator for SP 800-108 KDFs with short key lengths Resolves: rhbz#2144019 - Add explicit indicator for HMAC with short key lengths Resolves: rhbz#2144000 - Set minimum password length for PBKDF2 in FIPS mode Resolves: rhbz#2144003 - Add explicit indicator for PSS salt length in FIPS mode Resolves: rhbz#2144012 - Clamp default PSS salt length to digest size for FIPS 186-4 compliance Related: rhbz#2144012 - Forbid short RSA keys for key encapsulation/decapsulation in FIPS mode Resolves: rhbz#2145170 * Tue Nov 01 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-43 - CVE-2022-3602: X.509 Email Address Buffer Overflow - CVE-2022-3786: X.509 Email Address Buffer Overflow Resolves: CVE-2022-3602 * Wed Oct 26 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-42 - CVE-2022-3602: X.509 Email Address Buffer Overflow Resolves: CVE-2022-3602 (rhbz#2137723) * Thu Aug 11 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-41 - Zeroize public keys as required by FIPS 140-3 Related: rhbz#2102542 - Add FIPS indicator for HKDF Related: rhbz#2114772 * Fri Aug 05 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-40 - Deal with DH keys in FIPS mode according FIPS-140-3 requirements Related: rhbz#2102536 - Deal with ECDH keys in FIPS mode according FIPS-140-3 requirements Related: rhbz#2102537 - Use signature for RSA pairwise test according FIPS-140-3 requirements Related: rhbz#2102540 - Reseed all the parent DRBGs in chain on reseeding a DRBG Related: rhbz#2102541 * Mon Aug 01 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-39 - Use RSA-OAEP in FIPS RSA encryption/decryption FIPS self-test - Use Use digest_sign & digest_verify in FIPS signature self test - Use FFDHE2048 in Diffie-Hellman FIPS self-test Resolves: rhbz#2102535 * Thu Jul 14 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-38 - Fix segfault in EVP_PKEY_Q_keygen() when OpenSSL was not previously initialized. Resolves: rhbz#2103289 - Improve AES-GCM performance on Power9 and Power10 ppc64le Resolves: rhbz#2051312 - Improve ChaCha20 performance on Power10 ppc64le Resolves: rhbz#2051312 * Tue Jul 05 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-37 - CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86 Resolves: CVE-2022-2097 * Thu Jun 16 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-36 - Ciphersuites with RSAPSK KX should be filterd in FIPS mode - Related: rhbz#2085088 - FIPS provider should block RSA encryption for key transport. - Other RSA encryption options should still be available if key length is enough - Related: rhbz#2053289 - Improve diagnostics when passing unsupported groups in TLS - Related: rhbz#2070197 - Fix PPC64 Montgomery multiplication bug - Related: rhbz#2098199 - Strict certificates validation shouldn't allow explicit EC parameters - Related: rhbz#2058663 - CVE-2022-2068: the c_rehash script allows command injection - Related: rhbz#2098277 * Wed Jun 08 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-35 - Add explicit indicators for signatures in FIPS mode and mark signature primitives as unapproved. Resolves: rhbz#2087147 * Fri Jun 03 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-34 - Some OpenSSL test certificates are expired, updating - Resolves: rhbz#2092456 * Thu May 26 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-33 - CVE-2022-1473 openssl: OPENSSL_LH_flush() breaks reuse of memory - Resolves: rhbz#2089444 - CVE-2022-1343 openssl: Signer certificate verification returned inaccurate response when using OCSP_NOCHECKS - Resolves: rhbz#2087911 - CVE-2022-1292 openssl: c_rehash script allows command injection - Resolves: rhbz#2090362 - Revert "Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode" Related: rhbz#2087147 - Use KAT for ECDSA signature tests, s390 arch - Resolves: rhbz#2069235 * Thu May 19 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-32 - `openssl ecparam -list_curves` lists only FIPS-approved curves in FIPS mode - Resolves: rhbz#2083240 - Ciphersuites with RSA KX should be filterd in FIPS mode - Related: rhbz#2085088 - In FIPS mode, signature verification works with keys of arbitrary size above 2048 bit, and only with 1024, 1280, 1536, 1792 bits for keys below 2048 bits - Resolves: rhbz#2077884 * Wed May 18 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-31 - Disable SHA-1 signature verification in FIPS mode - Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode Resolves: rhbz#2087147 * Mon May 16 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-30 - Use KAT for ECDSA signature tests - Resolves: rhbz#2069235 * Thu May 12 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-29 - `-config` argument of openssl app should work properly in FIPS mode - Resolves: rhbz#2083274 - openssl req defaults on PKCS#8 encryption changed to AES-256-CBC - Resolves: rhbz#2063947 * Fri May 06 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-28 - OpenSSL should not accept custom elliptic curve parameters - Resolves rhbz#2066412 - OpenSSL should not accept explicit curve parameters in FIPS mode - Resolves rhbz#2058663 * Fri May 06 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-27 - Change FIPS module version to include hash of specfile, patches and sources Resolves: rhbz#2070550 * Thu May 05 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-26 - OpenSSL FIPS module should not build in non-approved algorithms - Resolves: rhbz#2081378 * Mon May 02 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-25 - FIPS provider should block RSA encryption for key transport. - Other RSA encryption options should still be available - Resolves: rhbz#2053289 * Thu Apr 28 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-24 - Fix regression in evp_pkey_name2type caused by tr_TR locale fix Resolves: rhbz#2071631 * Wed Apr 20 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-23 - Fix openssl curl error with LANG=tr_TR.utf8 - Resolves: rhbz#2071631 * Mon Mar 28 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-22 - FIPS provider should block RSA encryption for key transport - Resolves: rhbz#2053289 * Tue Mar 22 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-21 - Fix occasional internal error in TLS when DHE is used - Resolves: rhbz#2004915 * Fri Mar 18 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-20 - Fix acceptance of SHA-1 certificates with rh-allow-sha1-signatures = yes when no OpenSSL library context is set - Resolves: rhbz#2065400 * Fri Mar 18 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-19 - Fix TLS connections with SHA1 signatures if rh-allow-sha1-signatures = yes - Resolves: rhbz#2065400 * Wed Mar 16 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-18 - CVE-2022-0778 fix - Resolves: rhbz#2062315 * Thu Mar 10 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-17 - Fix invocation of EVP_PKEY_CTX_set_rsa_padding(RSA_PKCS1_PSS_PADDING) before setting an allowed digest with EVP_PKEY_CTX_set_signature_md() - Skipping 3.0.1-16 due to version numbering confusion with the RHEL-9.0 branch - Resolves: rhbz#2062640 * Tue Mar 01 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-15 - Allow SHA1 in SECLEVEL 2 if rh-allow-sha1-signatures = yes - Resolves: rhbz#2060510 * Fri Feb 25 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-14 - Prevent use of SHA1 with ECDSA - Resolves: rhbz#2031742 * Fri Feb 25 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-13 - OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters - Resolves: rhbz#1977867 * Thu Feb 24 2022 Peter Robinson <pbrobinson@fedoraproject.org> - 1:3.0.1-12 - Support KBKDF (NIST SP800-108) with an R value of 8bits - Resolves: rhbz#2027261 * Wed Feb 23 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-11 - Allow SHA1 usage in MGF1 for RSASSA-PSS signatures - Resolves: rhbz#2031742 * Wed Feb 23 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-10 - rebuilt * Tue Feb 22 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-9 - Allow SHA1 usage in HMAC in TLS - Resolves: rhbz#2031742 * Tue Feb 22 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-8 - OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters - Resolves: rhbz#1977867 - pkcs12 export broken in FIPS mode - Resolves: rhbz#2049265 * Tue Feb 22 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-8 - Disable SHA1 signature creation and verification by default - Set rh-allow-sha1-signatures = yes to re-enable - Resolves: rhbz#2031742 libevent| * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.1.12-6 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.1.12-5 - Rebuilt for RHEL 9 BETA for openssl 3.0 Related: rhbz#1971065 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.1.12-4 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.12-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Tue Sep 29 2020 Ondřej Lysoněk <olysonek@redhat.com> - 2.1.12-2 - Temporarily revert a problematic upstream change * Mon Sep 14 2020 Ondřej Lysoněk <olysonek@redhat.com> - 2.1.12-1 - new version - Resolves: rhbz#1713942 * Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.8-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Mon Jul 13 2020 Tom Stellard <tstellar@redhat.com> - 2.1.8-9 - Use make macros - https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro * Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.8-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Thu Aug 15 2019 Ondřej Lysoněk <olysonek@redhat.com> - 2.1.8-7 - Port python scripts to Python 3 - Resolves: rhbz#1738022 - Resolves: rhbz#1655232 gobject-introspection| * Fri Nov 04 2022 Tomas Popela <tpopela@redhat.com> - 1.68.0-11 - Fix FTBFS for a possible Meson rebase - Resolves: rhbz#2140108 * Thu Oct 14 2021 David King <amigadave@amigadave.com> - 1.68.0-10 - Change Conflicts syntax (#1915339) * Fri Oct 08 2021 David King <amigadave@amigadave.com> - 1.68.0-9 - Add Conflicts for i686/x86_64 devel subpackage (#1915339) * Wed Aug 18 2021 Carlos O'Donell <codonell@redhat.com> - 1.68.0-8 - Rebuilt for libffi 3.4.2 SONAME transition. Related: rhbz#1891914 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Sat Jul 10 2021 David King <amigadave@amigadave.com> - 1.68.0-6 - Add Requires on python-markdown for g-ir-doc-tool (#1979144) - Add license texts and documentation files (#1979144) libpeas| * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.30.0-4 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Fri Jun 11 2021 Bastien Nocera <bnocera@redhat.com> - 1.30.0-3 + libpeas-1.30.0-3 - Correct license for some of the icons - Resolves: rhbz#1971434 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.30.0-2 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Mon Mar 22 2021 Kalev Lember <klember@redhat.com> - 1.30.0-1 - Update to 1.30.0 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.28.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Sat Sep 12 2020 Kalev Lember <klember@redhat.com> - 1.28.0-1 - Update to 1.28.0 * Tue Aug 04 2020 Bastien Nocera <bnocera@redhat.com> - 1.26.0-5 + libpeas-1.26.0-5 - Remove unused Python macro that caused errors on install (#1863667) * Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.26.0-4 - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.26.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 1.26.0-2 - Rebuilt for Python 3.9 * Fri Mar 06 2020 Kalev Lember <klember@redhat.com> - 1.26.0-1 - Update to 1.26.0 * Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.25.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Thu Jan 16 2020 Kalev Lember <klember@redhat.com> - 1.25.3-1 - Update to 1.25.3 * Thu Oct 31 2019 Kalev Lember <klember@redhat.com> - 1.24.1-1 - Update to 1.24.1 * Tue Sep 10 2019 Kalev Lember <klember@redhat.com> - 1.24.0-1 - Update to 1.24.0 * Thu Sep 05 2019 Kalev Lember <klember@redhat.com> - 1.23.92-1 - Update to 1.23.92 * Tue Aug 20 2019 Kalev Lember <klember@redhat.com> - 1.23.90.1-2 - Revert inadvertent soname bump - Tighten spec file globs to avoid accidental soname bumps in the future * Tue Aug 20 2019 Kalev Lember <klember@redhat.com> - 1.23.90.1-1 - Update to 1.23.90.1 - Switch to the meson build system * Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 1.22.0-14 - Rebuilt for Python 3.8 libfdisk| * Thu Feb 08 2024 Karel Zak <kzak@redhat.com> 2.37.4-18 - lscpu: another tests update (RHEL-12783) * Thu Feb 08 2024 Karel Zak <kzak@redhat.com> 2.37.4-17 - lscpu: update tests, follow max freq for scaling (RHEL-12783) * Wed Feb 07 2024 Karel Zak <kzak@redhat.com> 2.37.4-16 - fix RHEL-16048 - uninitialized memory in SCM_CREDENTIALS in logger(1) - fix RHEL-21257 - logger sending process start time not current time with log messages - fix RHEL-16071 - issues in libblkid - fix RHEL-12783 - lscpu -e doesn't show the current real frequency value - fix RHEL-14612 - Userspace mount options are not preserved for NFS * Thu Aug 24 2023 Karel Zak <kzak@redhat.com> 2.37.4-15 - fix typo in patch for #2133396 * Wed Aug 23 2023 Karel Zak <kzak@redhat.com> 2.37.4-14 - improve fix #2133396 - Internal testsuite for cramfs fails on s390x * Thu Aug 10 2023 Karel Zak <kzak@redhat.com> 2.37.4-13 - improve fix #2180414 - Backport hint about systemd daemon-reload * Wed Aug 09 2023 Karel Zak <kzak@redhat.com> 2.37.4-12 - fix #2133396 - Internal testsuite for cramfs fails on s390x - fix #2174748 - enable uuidd cont-clock by default - fix #2182169 - lscpu: backport ARM human-readable names from upstream - fix #2189947 - libuuid - downport cache related patch - fix #2203324 - zram module does not have algorithms mentioned in zramctl command - fix #2209267 - Add additional documentation on devices being auto-mounted if a device exists within fstab. - fix #2215082 - For the 'sfdisk' man page to further clarify the expected behavior and intended use of the -d option * Tue Mar 28 2023 Karel Zak <kzak@redhat.com> 2.37.4-11 - fix #2180414 - Backport hint about systemd daemon-reload * Tue Feb 07 2023 Karel Zak <kzak@redhat.com> 2.37.4-10 - fix #2165981 - fstrim -av fails to trim root filesystem on Red Hat Coreos - fix #2141970 - add --cont-clock feature for libuuid and uuidd - fix #2133385 - uuidd returns time-based UUIDs when asked for random UUIDs. - fix #2156946 - agetty does not handle the \l sequence in /etc/issue correctly - fix #2166653 - last(1) should be more robust with work with strings - fix #2120246 - use {_tmpfilesdir} also in install section - fix #2134143 - publish libsmartcols-devel subpackages to C9S yum repos * Wed Aug 24 2022 Karel Zak <kzak@redhat.com> 2.37.4-9 - improve lslogins pasword validator (related #2094216) * Mon Aug 15 2022 Karel Zak <kzak@redhat.com> 2.37.4-8 - remove unnecessary patches (#2117203) * Fri Aug 12 2022 Karel Zak <kzak@redhat.com> 2.37.4-7 - improve loop overlay test (#2117203) * Wed Aug 10 2022 Karel Zak <kzak@redhat.com> 2.37.4-6 - fix #2094216 - lslogins reports incorrect "Password is locked" status - fix #2117203 - loop-overlay test failed * Fri Jul 22 2022 Karel Zak <kzak@redhat.com> 2.37.4-5 - cleanup spec file build requiremnts * Thu Jul 21 2022 Karel Zak <kzak@redhat.com> 2.37.4-4 - fix #2079652 - remove uclampset, unsupported by RHEL kernel - fix #2094216 - lslogins reports incorrect "Password is locked" status - fix #2092943 - uuidd time based UUIDs are without MAC address - fix #2074486 - wipefs to erase all available signatures against read only rom - fix #2064810 - RFE: complete libblkid FSSIZE implementation - fix #2078787 - Activity "lsirq -s column" produces wrong result i.e. not sorting properly. - fix #2076829 - dmesg new option "--since" is not working if timestamp format is not provided - fix #2109459 - fix compiler warnings/errors * Thu Feb 24 2022 Karel Zak <kzak@redhat.com> 2.37.4-3 - fix #2057046 - wdctl not picking up reboot reason flag * Thu Feb 17 2022 Karel Zak <kzak@redhat.com> 2.37.4-2 - improve bugfix for #2047952, fix warnings from rpminspect * Wed Feb 16 2022 Karel Zak <kzak@redhat.com> 2.37.4-1 - upgrade to v2.37.4 (fix CVE-2022-0563) gzip| * Fri Apr 22 2022 Jakub Martisko <jamartis@redhat.com> - 1.12-1 - Rebase to gzip 1.12 - Resolves an arbitrary-file-write vulnerability in zgrep Resolves: rhbz#2073343 Resolves: rhbz#1870675 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.10-8 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Fri Jul 30 2021 Jakub Martisko <jamartis@redhat.com> - 1.10-7 - Add the ibm patches dealing with s390x optimizations Resolves: rhbz#1986357 * Fri Jul 30 2021 Jakub Martisko <jamartis@redhat.com> - 1.10-6 - Add gating tests Resolves: rhbz#1986357 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.10-5 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.10-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.10-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild cracklib| * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.9.6-27 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 2.9.6-26 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.6-25 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.6-24 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Mon Jul 13 2020 Tom Stellard <tstellar@redhat.com> - 2.9.6-23 - Use make macros - https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro * Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.6-22 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild cracklib-dicts| * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.9.6-27 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 2.9.6-26 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.6-25 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.6-24 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Mon Jul 13 2020 Tom Stellard <tstellar@redhat.com> - 2.9.6-23 - Use make macros - https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro * Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.6-22 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild libpwquality| * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.4.4-8 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Wed Aug 04 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1.4.4-7 - Explicitly rebuild the localization - Resolves: rhbz#1938621 * Mon Jul 26 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1.4.4-6 - rebuilt * Mon Jul 26 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1.4.4-5 - added i18n updates for de, fr, ja, ko, zh_CN - Resolves: rhbz#1963858 - Resolves: rhbz#1938621 * Thu Apr 29 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1.4.4-4 - cracklib-dicts is a hard requirement, not a recomendation. - Resolves rhbz#1947882 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.4.4-3 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Tue Jan 26 2021 Paul Wouters <pwouters@redhat.com> - 1.4.4-2 - Resolves rhbz#1919026 libpwquaily rpm requires cracklib-dict to function but RPM missing requirement * Tue Oct 13 2020 Tomáš Mráz <tmraz@redhat.com> 1.4.4-1 - Translation updates - Fix regression with enabling the cracklib check during build * Mon Oct 12 2020 Tomáš Mráz <tmraz@redhat.com> 1.4.3-1 - Multiple translation updates - Add usersubstr check for substrings of N characters from the username patch by Danny Sauer * Mon Jul 13 2020 Tom Stellard <tstellar@redhat.com> - 1.4.2-4 - Use make macros - https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro * Thu Oct 31 2019 Tomáš Mráz <tmraz@redhat.com> 1.4.2-1 - Fix previous release regression in handling retry, enforce_for_root, and local_users_only options * Tue Sep 17 2019 Tomáš Mráz <tmraz@redhat.com> 1.4.1-1 - Disable python2 bindings in Fedora 31 and above - Add conditionals for Python2 and Python3 - pam_pwquality: Abort the retry loop if user requests it - Allow setting retry, enforce_for_root, and local_users_only options in the pwquality.conf config file pam| * Mon Feb 12 2024 Iker Pedrosa <ipedrosa@redhat.com> - 1.3.1-19 - pam_namespace: protect_dir(): use O_DIRECTORY to prevent local DoS situations. CVE-2024-22365. Resolves: RHEL-21244 * Fri Jan 26 2024 Iker Pedrosa <ipedrosa@redhat.com> - 1.3.1-18 - libpam: use getlogin() from libc and not utmp. Resolves: RHEL-16727 - pam_access: handle hostnames in access.conf. Resolves: RHEL-22300 * Mon Jan 08 2024 Iker Pedrosa <ipedrosa@redhat.com> - 1.5.1-17 - pam_faillock: create tallydir before creating tallyfile. Resolves: RHEL-20943 * Fri Nov 10 2023 Iker Pedrosa <ipedrosa@redhat.com> - 1.5.1-16 - libpam: use close_range() to close file descriptors. Resolves: RHEL-5099 - fix formatting of audit messages. Resolves: RHEL-5100 * Mon Jun 26 2023 Iker Pedrosa <ipedrosa@redhat.com> - 1.5.1-15 - pam_misc: make length of misc_conv() configurable and set to 4096. Resolves: #2215007 * Tue Nov 29 2022 Iker Pedrosa <ipedrosa@redhat.com> - 1.5.1-14 - pam_lastlog: check localtime_r() return value. Resolves: #2130124 - pam_faillock: clarify missing user faillock files after reboot. Resolves: #2126632 - pam_faillock: avoid logging an erroneous consecutive login failure message. Resolves: #2126648 * Wed Sep 28 2022 Iker Pedrosa <ipedrosa@redhat.com> - 1.5.1-13 - pam_pwhistory: load configuration from file. Resolves: #2126640 * Thu Jun 23 2022 Iker Pedrosa <ipedrosa@redhat.com> - 1.5.1-12 - pam_usertype: only use SYS_UID_MAX for system users. Resolves: #2078421 * Wed May 25 2022 Iker Pedrosa <ipedrosa@redhat.com> - 1.5.1-11 - faillock: load configuration from file. Resolves: #2061698 * Tue May 17 2022 Iker Pedrosa <ipedrosa@redhat.com> - 1.5.1-10 - pam_keyinit: thread-safe implementation. Resolves: #2061696 libsemanage| * Wed Dec 13 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.6-1 - SELinux userspace 3.6 release * Mon Nov 13 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.6-0.rc1.1 - SELinux userspace 3.6-rc1 release * Wed Mar 22 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-2 - Include more parameters in the module checksum (#2173959) * Thu Feb 23 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-1 - SELinux userspace 3.5 release * Tue Feb 14 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-0.rc3.1 - SELinux userspace 3.5-rc3 release * Tue Jan 17 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-0.rc2.1 - SELinux userspace 3.5-rc2 release * Mon Jan 02 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.5-0.rc1.1 - SELinux userspace 3.5-rc1 release * Mon Jul 18 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-2 - Always write kernel policy when check_ext_changes is specified (#2104935) * Thu May 19 2022 Petr Lautrbach <plautrba@redhat.com> - 3.4-1 - SELinux userspace 3.4 release * Wed Apr 27 2022 Petr Lautrbach <plautrba@redhat.com> - 3.3-3 - allow spaces in user/group names (#2049665) - Fall back to semanage_copy_dir when rename() fails (#2068085) * Tue Feb 15 2022 Petr Lautrbach <plautrba@redhat.com> - 3.3-2 - optionally rebuild policy when modules are changed externally shadow-utils| * Wed Jul 12 2023 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.9-8 - gpasswd: fix password leak. Resolves: #2215948 * Tue May 16 2023 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.9-7 - useradd: check if subid range exists for user. Resolves: #2179987 - find_new_[gu]id: Skip over IDs that are reserved for legacy reasons. Resolves: #2179988 * Wed Sep 28 2022 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.9-6 - Change "badnames" to "badname" as this is the accepted option name. Resolves: #2076819 * Thu Jul 21 2022 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.9-5 - subordinateio: also compare the owner ID. Resolves: #2109410 * Fri Apr 22 2022 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.9-4 - useradd: modify check ID range for system users. Resolves: #2004911 - Fix release sources - Add subid requirement for subid-devel * Thu Dec 02 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.9-3 - getsubids: provide system binary and man page. Resolves: #2013015 - useradd: generate home and mail directories with selinux user attribute. Resolves: #1993081 - useradd: revert fix memleak of grp. Resolves: #2020238 - groupdel: fix SIGSEGV when passwd does not exist. Resolves: #2024834 - pwck: fix segfault when calling fprintf() - newgrp: fix segmentation fault - Clean spec file: organize dependencies and move License location * Tue Aug 17 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.9-2 - libmisc: fix default value in SHA_get_salt_rounds(). Resolves: #1993919 * Thu Aug 12 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.9-1 - Rebase to version 4.9. Resolves: #1989556 - usermod: allow all group types with -G option. Resolves: #1975329 - useradd: avoid generating an empty subid range - Clean spec file * Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 2:4.8.1-12 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Wed Jul 14 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.8.1-11 - Fix regression issues detected in rhbz#667593 and rhbz#672510. Resolves: #1938871 * Tue Jul 13 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.8.1-10 - Covscan fixes. Resolves: #1938871 openldap| * Fri Feb 09 2024 Simon Pichugin <spichugi@redhat.com> - 2.6.6-3 - Use systemd-sysusers for ldap user and group Replace License with SPDX identifier Resolves: RHEL-5140 * Thu Dec 14 2023 Simon Pichugin <spichugi@redhat.com> - 2.6.6-2 - The client tools parameters '-h' and '-p' are still deprecated, but this release brings back the client tools options that were removed during the previous rebase. Resolves: RHEL-19384 * Wed Oct 11 2023 Simon Pichugin <spichugi@redhat.com> - 2.6.6-1 - Rebase OpenLDAP in RHEL 9.4 Resolves: RHEL-11306 * Wed Jun 14 2023 Simon Pichugin <spichugi@redhat.com> - 2.6.3-1 - Rebase OpenLDAP to 2.6.3 Related: rhbz#2212983 * Fri Aug 05 2022 Simon Pichugin <spichugi@redhat.com> - 2.6.2-3 - Add export symbols related to LDAP_CONNECTIONLESS Related: rhbz#2115465 * Mon Jun 27 2022 Simon Pichugin <spichugi@redhat.com> - 2.6.2-2 - Change STRIP to STRIP_OPTS Related: rhbz#2094159 * Wed Jun 01 2022 Simon Pichugin <spichugi@redhat.com> - 2.6.2-1 - Update to new major release OpenLDAP 2.6.2 - The client tools parameters '-h' and '-p' are officially deprecated, please, use '-H' parameter instead. Related: rhbz#2094159 * Fri Apr 22 2022 Igor Raits <igor.raits@gmail.com> - 2.4.59-5 - Pull systemd only from server subpackage gnupg2| * Wed Apr 19 2023 Jakub Jelen <jjelen@redhat.com> - 2.3.3-4 - Revert marking the SHA-1 digest as weak (#2184640) * Thu Mar 30 2023 Jakub Jelen <jjelen@redhat.com> - 2.3.3-3 - Mark SHA-1 digest as weak to follow SHA-1 disablement in RHEL9 (#2070722) - Fix interaction with SSH by not requiring the MD5 digest (#2073567) - Fix creation of AEAD packets (#2128058) * Wed Aug 03 2022 Jakub Jelen <jjelen@redhat.com> - 2.3.3-2 - Fix CVE-2022-34903 (#2108449) * Fri Nov 19 2021 Jakub Jelen <jjelen@redhat.com> - 2.3.3-1 - Rebase to 2.3.1 to address random tests failures (#1984842) * Thu Nov 18 2021 Jakub Jelen <jjelen@redhat.com> - 2.3.1-4 - Fix --file-is-digest patch (#2024710) * Wed Sep 08 2021 Jakub Jelen <jjelen@redhat.com> - 2.3.1-3 - Revernt default key type back to RSA for FIPS compatibility (#2001937) * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.3.1-2 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Wed Apr 21 2021 Jakub Jelen <jjelen@redhat.com> - 2.3.1-1 - New upstream release (#1947159) gpgme| * Thu Feb 17 2022 Jiri Kucera <jkucera@redhat.com> - 1.15.1-6 - Rebuild Resolves: #2035319 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.15.1-5 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Fri Jul 16 2021 Jiri Kucera <jkucera@redhat.com> - 1.15.1-4 - Fix license and covscan issues Resolves: #1938732 * Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 1.15.1-3 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 libutempter| * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.2.1-6 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.2.1-5 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Thu Aug 13 2020 Tomas Korbar <tkorbar@redhat.com> - 1.2.1-3 - Use make macros - https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro * Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Tue Jul 07 2020 Tomas Korbar <tkorbar@redhat.com> - 1.2.1-1 - Update to 1.2.1 (#1854129) * Mon May 25 2020 Tomas Korbar <tkorbar@redhat.com> - 1.2.0-1 - Update to 1.2.0 (#1831940) * Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.6-18 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild publicsuffix-list-dafsa| * Thu Feb 10 2022 Kamil Dudka <kdudka@redhat.com> - 20210518-3 - unset writable-by-group permission bit on the license file * Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 20210518-2 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Tue May 18 2021 Kamil Dudka <kdudka@redhat.com> - 20210518-1 - Recent revision - 20210518 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 20190417-6 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 20190417-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 20190417-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild libpsl| * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.21.1-5 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.21.1-4 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.21.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.21.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Mon Jul 20 2020 Kamil Dudka <kdudka@redhat.com> - 0.21.1-1 - update to 0.21.1 (#1858489) * Thu Jan 30 2020 Kamil Dudka <kdudka@redhat.com> - 0.21.0-4 - fix unnecessary build failure due to missing tree_index.sgml in gtk-doc output * Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.21.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild libcurl| * Wed Mar 06 2024 Jacek Migacz <jmigacz@redhat.com> - 7.76.1-29 - rebuild for 9.4 GA * Tue Oct 10 2023 Jacek Migacz <jmigacz@redhat.com> - 7.76.1-28 - return error if hostname too long for remote resolve (CVE-2023-38545) - fix cookie injection with none file (CVE-2023-38546) - cap SFTP packet size sent (RHEL-14697) - lowercase the domain names before PSL checks (CVE-2023-46218) * Tue Sep 12 2023 Jacek Migacz <jmigacz@redhat.com> - 7.76.1-27 - when keyboard-interactive auth fails, try password (#2229800) * Mon Jun 12 2023 Jacek Migacz <jmigacz@redhat.com> - 7.76.1-26 - unify the upload/method handling (CVE-2023-28322) - fix host name wildcard checking (CVE-2023-28321) * Wed Apr 12 2023 Kamil Dudka <kdudka@redhat.com> - 7.76.1-25 - adapt the fix of CVE-2023-27535 for RHEL 9 curl * Fri Mar 24 2023 Kamil Dudka <kdudka@redhat.com> - 7.76.1-24 - fix SSH connection too eager reuse still (CVE-2023-27538) - fix GSS delegation too eager connection re-use (CVE-2023-27536) - fix FTP too eager connection reuse (CVE-2023-27535) - fix SFTP path ~ resolving discrepancy (CVE-2023-27534) - fix TELNET option IAC injection (CVE-2023-27533) * Wed Feb 15 2023 Kamil Dudka <kdudka@redhat.com> - 7.76.1-23 - fix HTTP multi-header compression denial of service (CVE-2023-23916) * Wed Dec 21 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-22 - smb/telnet: fix use-after-free when HTTP proxy denies tunnel (CVE-2022-43552) * Wed Oct 26 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-21 - fix POST following PUT confusion (CVE-2022-32221) * Fri Sep 02 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-20 - control code in cookie denial of service (CVE-2022-35252) * Wed Jun 29 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-19 - fix unpreserved file permissions (CVE-2022-32207) - fix HTTP compression denial of service (CVE-2022-32206) - fix FTP-KRB bad message verification (CVE-2022-32208) * Wed May 11 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-18 - fix too eager reuse of TLS and SSH connections (CVE-2022-27782) * Mon May 02 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-17 - fix leak of SRP credentials in redirects (CVE-2022-27774) * Fri Apr 29 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-16 - add missing tests to Makefile * Thu Apr 28 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-15 - fix credential leak on redirect (CVE-2022-27774) - fix auth/cookie leak on redirect (CVE-2022-27776) - fix bad local IPv6 connection reuse (CVE-2022-27775) - fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576) librepo| * Thu Oct 12 2023 Petr Pisar <ppisar@redhat.com> - 1.14.5-2 - Set default SELinux labels on GnuPG directories (RHEL-11240) * Mon Jul 25 2022 Lukas Hrazky <lhrazky@redhat.com> - 1.14.5-1 - Update to 1.14.5 - Detailed error message when using non-existing TMPDIR (RhBug:2019993) - Make error messages about repodata and rpm mismatch more user friendly * Mon Jul 25 2022 Lukas Hrazky <lhrazky@redhat.com> - 1.14.2-3 - Fix covscan issues * Tue Jul 12 2022 Lukas Hrazky <lhrazky@redhat.com> - 1.14.2-2 - Use nanosec precision for timestamp of checksum cache * Mon Oct 25 2021 Pavla Kratochvilova <pkratoch@redhat.com> - 1.14.2-1 - Update to 1.14.2 - Reduce time to load metadata - Fix resource leaks and memory leaks curl| * Wed Mar 06 2024 Jacek Migacz <jmigacz@redhat.com> - 7.76.1-29 - rebuild for 9.4 GA * Tue Oct 10 2023 Jacek Migacz <jmigacz@redhat.com> - 7.76.1-28 - return error if hostname too long for remote resolve (CVE-2023-38545) - fix cookie injection with none file (CVE-2023-38546) - cap SFTP packet size sent (RHEL-14697) - lowercase the domain names before PSL checks (CVE-2023-46218) * Tue Sep 12 2023 Jacek Migacz <jmigacz@redhat.com> - 7.76.1-27 - when keyboard-interactive auth fails, try password (#2229800) * Mon Jun 12 2023 Jacek Migacz <jmigacz@redhat.com> - 7.76.1-26 - unify the upload/method handling (CVE-2023-28322) - fix host name wildcard checking (CVE-2023-28321) * Wed Apr 12 2023 Kamil Dudka <kdudka@redhat.com> - 7.76.1-25 - adapt the fix of CVE-2023-27535 for RHEL 9 curl * Fri Mar 24 2023 Kamil Dudka <kdudka@redhat.com> - 7.76.1-24 - fix SSH connection too eager reuse still (CVE-2023-27538) - fix GSS delegation too eager connection re-use (CVE-2023-27536) - fix FTP too eager connection reuse (CVE-2023-27535) - fix SFTP path ~ resolving discrepancy (CVE-2023-27534) - fix TELNET option IAC injection (CVE-2023-27533) * Wed Feb 15 2023 Kamil Dudka <kdudka@redhat.com> - 7.76.1-23 - fix HTTP multi-header compression denial of service (CVE-2023-23916) * Wed Dec 21 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-22 - smb/telnet: fix use-after-free when HTTP proxy denies tunnel (CVE-2022-43552) * Wed Oct 26 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-21 - fix POST following PUT confusion (CVE-2022-32221) * Fri Sep 02 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-20 - control code in cookie denial of service (CVE-2022-35252) * Wed Jun 29 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-19 - fix unpreserved file permissions (CVE-2022-32207) - fix HTTP compression denial of service (CVE-2022-32206) - fix FTP-KRB bad message verification (CVE-2022-32208) * Wed May 11 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-18 - fix too eager reuse of TLS and SSH connections (CVE-2022-27782) * Mon May 02 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-17 - fix leak of SRP credentials in redirects (CVE-2022-27774) * Fri Apr 29 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-16 - add missing tests to Makefile * Thu Apr 28 2022 Kamil Dudka <kdudka@redhat.com> - 7.76.1-15 - fix credential leak on redirect (CVE-2022-27774) - fix auth/cookie leak on redirect (CVE-2022-27776) - fix bad local IPv6 connection reuse (CVE-2022-27775) - fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576) rpm-libs| * Wed Dec 13 2023 Florian Festi <ffesti@redhat.com> - 4.16.1.3-29 - Actually add --verifydb to the man page (RHEL-14591) - Don't warn about missing user/group on skipped files (RHEL-18037) * Mon Dec 11 2023 Florian Festi <ffesti@redhat.com> - 4.16.1.3-28 - Fix warning if file removal fails * Mon Nov 27 2023 Florian Festi <ffesti@redhat.com> - 4.16.1.3-27 - Fix short circuiting of version strings in expressions (RHEL-15688) - Fix description of whatconflicts in the man page (RHEL-6303) - Expose and document rpmdb --verifydb operation (RHEL-14591) - Fixes to the file handling backport * Fri Nov 10 2023 Florian Festi <ffesti@redhat.com> - 4.16.1.3-26 - Backport file handling code from rpm-4.19 to fix CVE-2021-35937, CVE-2021-35938 and CVE-2021-35939 * Fri Jun 30 2023 Florian Festi <ffesti@redhat.com> - 4.16.1.3-25 - Followup on #2166383 - Add compat scripts calling external find-debug, sepdebugcrcfix and debugedit - Add %__find_debuginfo macro * Thu May 04 2023 Florian Festi <ffesti@redhat.com> - 4.16.1.3-24 - Use external find-debug and debugedit (#2166383) * Wed May 03 2023 Florian Festi <ffesti@redhat.com> - 4.16.1.3-23 - Don't error out on IMA signatures on files not supporting them (#2157835, #2157836) * Mon Dec 19 2022 Florian Festi <ffesti@redhat.com> - 4.16.1.3-22 - Fix option handling in rpm2archive for #2150804 * Fri Nov 18 2022 Yaakov Selkowitz <yselkowi@redhat.com> - 4.16.1.3-21 - Support long language names for QT (#2144005) * Mon Nov 07 2022 Florian Festi <ffesti@redhat.com> - 4.16.1.3-20 - Add bcond macros (#2129060) - Fix db queries with carets (#2129468) - Remove spurious Python rpm module (#2135731) - Handle SELinux log messages (#2123719) - Add --nocompression to rpm2archive (#2150804) * Fri Oct 21 2022 Michal Domonkos <mdomonko@redhat.com> - 4.16.1.3-19 - Bump release for rebuild * Fri Sep 23 2022 Michal Domonkos <mdomonko@redhat.com> - 4.16.1.3-18 - Make write() nonblocking in fapolicyd plugin (#2111251) * Wed Aug 03 2022 Florian Festi <ffesti@redhat.com> - 4.16.1.3-17 - Make rpm2cpio.sh more robust (#1983015) * Thu Jun 30 2022 Nick Clifton <nickc@redhat.com> - 4.16.1.3-15 - Pass _find_debuginfo_vendor_opts to the find-debuginfo script. (#2099617) * Tue Jun 28 2022 Florian Festi <ffesti@redhat.com> - 4.16.1.3-14 - Warning for failed key import (#2069877) * Tue Apr 05 2022 Michal Domonkos <mdomonko@redhat.com> - 4.16.1.3-12 - Fix minor ABI regression in rpmcli.h (#2037352) * Mon Feb 14 2022 Michal Domonkos <mdomonko@redhat.com> - 4.16.1.3-11 - Fix IMA signature lengths assumed constant, take III (#2018937) - Fix regression reading rpm v3 and other rare packages (#2037186) - Fix spurious %transfiletriggerpostun execution (#2023692) * Mon Jan 31 2022 Michal Domonkos <mdomonko@redhat.com> - 4.16.1.3-10 - Address covscan issues in binding sigs validation patch (#1943724) - Bump hash for rpmdb cookie to SHA256 for FIPS (#2048455) - Add --path query option (#2037352) - Skip recorded symlinks in --setperms (#2025906) * Mon Dec 13 2021 Michal Domonkos <mdomonko@redhat.com> - 4.16.1.3-9 - Fix IMA signature lengths assumed constant, take II (#2018937) rpm| * Wed Dec 13 2023 Florian Festi <ffesti@redhat.com> - 4.16.1.3-29 - Actually add --verifydb to the man page (RHEL-14591) - Don't warn about missing user/group on skipped files (RHEL-18037) * Mon Dec 11 2023 Florian Festi <ffesti@redhat.com> - 4.16.1.3-28 - Fix warning if file removal fails * Mon Nov 27 2023 Florian Festi <ffesti@redhat.com> - 4.16.1.3-27 - Fix short circuiting of version strings in expressions (RHEL-15688) - Fix description of whatconflicts in the man page (RHEL-6303) - Expose and document rpmdb --verifydb operation (RHEL-14591) - Fixes to the file handling backport * Fri Nov 10 2023 Florian Festi <ffesti@redhat.com> - 4.16.1.3-26 - Backport file handling code from rpm-4.19 to fix CVE-2021-35937, CVE-2021-35938 and CVE-2021-35939 * Fri Jun 30 2023 Florian Festi <ffesti@redhat.com> - 4.16.1.3-25 - Followup on #2166383 - Add compat scripts calling external find-debug, sepdebugcrcfix and debugedit - Add %__find_debuginfo macro * Thu May 04 2023 Florian Festi <ffesti@redhat.com> - 4.16.1.3-24 - Use external find-debug and debugedit (#2166383) * Wed May 03 2023 Florian Festi <ffesti@redhat.com> - 4.16.1.3-23 - Don't error out on IMA signatures on files not supporting them (#2157835, #2157836) * Mon Dec 19 2022 Florian Festi <ffesti@redhat.com> - 4.16.1.3-22 - Fix option handling in rpm2archive for #2150804 * Fri Nov 18 2022 Yaakov Selkowitz <yselkowi@redhat.com> - 4.16.1.3-21 - Support long language names for QT (#2144005) * Mon Nov 07 2022 Florian Festi <ffesti@redhat.com> - 4.16.1.3-20 - Add bcond macros (#2129060) - Fix db queries with carets (#2129468) - Remove spurious Python rpm module (#2135731) - Handle SELinux log messages (#2123719) - Add --nocompression to rpm2archive (#2150804) * Fri Oct 21 2022 Michal Domonkos <mdomonko@redhat.com> - 4.16.1.3-19 - Bump release for rebuild * Fri Sep 23 2022 Michal Domonkos <mdomonko@redhat.com> - 4.16.1.3-18 - Make write() nonblocking in fapolicyd plugin (#2111251) * Wed Aug 03 2022 Florian Festi <ffesti@redhat.com> - 4.16.1.3-17 - Make rpm2cpio.sh more robust (#1983015) * Thu Jun 30 2022 Nick Clifton <nickc@redhat.com> - 4.16.1.3-15 - Pass _find_debuginfo_vendor_opts to the find-debuginfo script. (#2099617) * Tue Jun 28 2022 Florian Festi <ffesti@redhat.com> - 4.16.1.3-14 - Warning for failed key import (#2069877) * Tue Apr 05 2022 Michal Domonkos <mdomonko@redhat.com> - 4.16.1.3-12 - Fix minor ABI regression in rpmcli.h (#2037352) * Mon Feb 14 2022 Michal Domonkos <mdomonko@redhat.com> - 4.16.1.3-11 - Fix IMA signature lengths assumed constant, take III (#2018937) - Fix regression reading rpm v3 and other rare packages (#2037186) - Fix spurious %transfiletriggerpostun execution (#2023692) * Mon Jan 31 2022 Michal Domonkos <mdomonko@redhat.com> - 4.16.1.3-10 - Address covscan issues in binding sigs validation patch (#1943724) - Bump hash for rpmdb cookie to SHA256 for FIPS (#2048455) - Add --path query option (#2037352) - Skip recorded symlinks in --setperms (#2025906) * Mon Dec 13 2021 Michal Domonkos <mdomonko@redhat.com> - 4.16.1.3-9 - Fix IMA signature lengths assumed constant, take II (#2018937) libmodulemd| * Thu Aug 12 2021 Petr Pisar <ppisar@redhat.com> - 2.13.0-2 - Enable accept_overflowed_buildorder in tier0 tests (bug #1984403) * Tue Aug 10 2021 Petr Pisar <ppisar@redhat.com> - 2.13.0-1 - 2.13.0 bump (bug #1984403) * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.12.1-2 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Mon May 03 2021 Petr Pisar <ppisar@redhat.com> - 2.12.1-1 - 2.12.1 bump (bug #1956346) * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.12.0-3 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.12.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Thu Jan 14 2021 Stephen Gallagher <sgallagh@redhat.com> - 2.12.0-1 - Add support for 'buildorder' to Packager documents * Tue Jan 12 2021 Stephen Gallagher <sgallagh@redhat.com> - 2.11.2-2 - Fix issue with ModuleIndex when input contains only Obsoletes documents - Fix import issue when built with Python 2 support * Thu Jan 07 2021 Stephen Gallagher <sgallagh@redhat.com> - 2.11.2-1 - Release 2.11.2 - Extend read_packager_[file|string]() to support overriding the module name and stream. * Thu Dec 17 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.11.1-1 - Release 2.11.1 - Ignore Packager documents when running ModuleIndex.update_from_*() - Add python overrides for XMD in PackagerV3 - Add python override to ignore the GType return when reading packager files - Add PackagerV3.get_mdversion() * Thu Dec 10 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.11.0-1 - Release 2.11.0 * Fri Nov 20 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.10.0-2 - Fix integer size issue on 32-bit platforms * Fri Nov 20 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.10.0-1 - Release 2.10.0 - https://github.com/fedora-modularity/libmodulemd/releases/tag/libmodulemd-2.10.0 * Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.4-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Mon May 25 2020 Miro Hrončok <mhroncok@redhat.com> - 2.9.4-2 - Rebuilt for Python 3.9 * Wed May 20 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.9.4-1 - new upstream release: 2.9.4 * Wed May 20 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.9.4-2.9.300520.1gitgc19757c - new upstream release: 2.9.4 * Wed Apr 08 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.9.3-1 - new upstream release: 2.9.3 * Wed Apr 01 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.9.2-4 - Skip rpmdeplint from gating due to https://github.com/fedora-infra/bodhi/issues/3944 * Wed Apr 01 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.9.2-3 - Fix build against Python 3.9 - Resolves: rhbz#1817665 * Wed Mar 11 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.9.2-2 - new upstream release: 2.9.2 * Wed Mar 11 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.9.2-0.20200311.1gitg31bbd4e - new upstream release: 2.9.2 * Wed Mar 11 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.9.2-0.20200311.1gitg31bbd4e - new upstream release: 2.9.2 * Fri Feb 14 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.9.1-1 - new upstream release: 2.9.1 * Wed Feb 12 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.9.0-1 - new upstream release: 2.9.0 * Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.8.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Thu Jan 09 2020 Stephen Gallagher <sgallagh@redhat.com> - 2.8.3-1 - Update to 2.8.3 - Fix compilation issue with glib >= 2.63.3 - Improved modulemd document validation - Numerous test enhancements * Thu Oct 24 2019 Stephen Gallagher <sgallagh@redhat.com> - 2.8.2-1 - Update to 2.8.2 - Use safer version of dup() - Fix loading of YAML module stream with no module or stream name * Tue Oct 15 2019 Stephen Gallagher <sgallagh@redhat.com> - 2.8.1-1 - Improve the merge logic to handle third-party repos more sanely * Wed Sep 18 2019 Stephen Gallagher <sgallagh@redhat.com> - 2.8.0-2 - Improvements to ModuleIndex.update_from_defaults_directory() * Import each file in the directory as a merge rather than an overwrite so we can detect conflicts. * Modify the meaning of the 'strict' argument to fail if the merge would result in a conflict in the default stream setting of a module. * Wed Sep 04 2019 Stephen Gallagher <sgallagh@redhat.com> - 2.8.0-1 - Update to 2.8.0 - API Changes * Add Modulemd.Module.get_translation() - Retrieve the translations associated with a Modulemd.Module * Add ModuleIndex.update_from_defaults_directory() - Import defaults from a directory of yaml documents, such as fedora-module-defaults, optionally providing a second path containing overrides. - Enhancements * Modulemd.ModuleIndex.update_from_file() now supports reading files compressed with gzip, bzip2 or xz. (Issue: #208) * Documentation updates - Bugfixes * Assorted minor issues discovered by static analysis tools. * Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 2.7.0-2 - Rebuilt for Python 3.8 * Thu Aug 15 2019 Stephen Gallagher <sgallagh@redhat.com> - 2.7.0-1 - Update to 2.7.0 - Drop libmodulemd1 subpackage which is now packaged separately - Add support for 'buildroot' and 'srpm-buildroot' arguments to components libsolv| * Wed Jun 21 2023 Jaroslav Rohel <jrohel@redhat.com> - 0.7.24-2 - Backport Allow to break arch lock-step on erase operations (RhBug:2172288,2172292) * Tue May 16 2023 Jaroslav Rohel <jrohel@redhat.com> - 0.7.24-1 - Update to 0.7.24 - Backport Treat condition both as positive and negative literal in pool_add_pos_literals_complex_dep (RhBug:2185061,2190136) * Thu Dec 15 2022 Nicola Sella <nsella@redhat.com> - 0.7.22-4 - Delete patch "Move OpenSSL functions" to fix ABI change * Wed Dec 07 2022 Nicola Sella <nsella@redhat.com> - 0.7.22-3 - Revert choice rule generation to fix pick of old build (RhBug:2150300,RhBug:2151551) * Mon Oct 31 2022 Nicola Sella <nsella@redhat.com> - 0.7.22-2 - Move OpenSSL functions to use 3.0 compatible API * Thu Apr 28 2022 Pavla Kratochvilova <pkratoch@redhat.com> - 0.7.22-1 - Update to 0.7.22 - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ("requires" is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code * Wed Nov 10 2021 Pavla Kratochvilova <pkratoch@redhat.com> - 0.7.20-2 - Build without support of zchunk (RhBug:2021084) * Mon Oct 25 2021 Pavla Kratochvilova <pkratoch@redhat.com> - 0.7.20-1 - Update to 0.7.20 - new SOLVER_EXCLUDEFROMWEAK job to ignore pkgs for weak dependencies - support for environments in comps parser - fix misparsing of '&' in attributes with libxml2 - choice rules: treat orphaned packages as newest - fix compatibility with Python 3.10 * Thu Aug 12 2021 Pavla Kratochvilova <pkratoch@redhat.com> - 0.7.19-3 - Use OpenSSL for computing hashes (RhBug:1993126) * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.7.19-2 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Tue Jul 27 2021 Pavla Kratochvilova <pkratoch@redhat.com> - 0.7.19-1 - Update to 0.7.19 - repo_add_conda: add flag to skip v2 packages - fix rare segfault in resolve_jobrules() that could happen if new rules are learnt - fix memory leaks * Tue Jul 27 2021 Pavla Kratochvilova <pkratoch@redhat.com> - 0.7.17-6 - Fix issues detected by static analyzers * Tue Jun 22 2021 Mohan Boddu <mboddu@redhat.com> - 0.7.17-5 - Rebuilt for RHEL 9 BETA for openssl 3.0 Related: rhbz#1971065 libdnf| * Wed Apr 17 2024 Release Engineering <releng@rockylinux.org> - 0.69.0-8 - Add Rocky bugtracker * Wed Oct 25 2023 Petr Pisar <ppisar@redhat.com> - 0.69.0-8 - Set default SELinux labels on GnuPG directories (RHEL-11238) * Wed Oct 25 2023 Jaroslav Rohel <jrohel@redhat.com> - 0.69.0-7 - filterAdvisory: match installed_solvables sort with lower_bound (RhBug:2212838, RHEL-12123) - hawkey.subject: get_best_selectors only obsoleters of latest (RhBug:2183279, RHEL-6304) - Avoid reinstalling installonly packages marked for ERASE (RhBug:2163474, RHEL-12124) * Fri Sep 08 2023 Marek Blaha <mblaha@redhat.com> - 0.69.0-6 - Update translations * Mon May 22 2023 Nicola Sella <nsella@redhat.com> - 0.69.0-5 - Fix specfile and bump release * Mon May 22 2023 Nicola Sella <nsella@redhat.com> - 0.69.0-4 - Update translations * Sun May 14 2023 Jaroslav Rohel <jrohel@redhat.com> - 0.69.0-3 - Add repoid to solver error messages (RhBug:2179409,2179413) * Mon Oct 31 2022 Nicola Sella <nsella@redhat.com> - 0.69.0-2 - Allow change of arch during security updates with noarch * Thu Sep 22 2022 Lukas Hrazky <lhrazky@redhat.com> - 0.69.0-1 - Update to 0.69.0 - Expose librepo max_downloads_per_mirror configuration - Fix listing a repository without cpeid (RhBug:2066334) - Gracefully handle failure to open repo primary file - context: Fix doc dnf_context_install/remove/update/distrosync - context: dnf_context_remove accepts `<package-spec>` as dnf, unify code - dnf-context: Disconnect signal handler before dropping file monitor ref * Thu Sep 15 2022 Marek Blaha <mblaha@redhat.com> - 0.67.0-3 - Update translations * Thu Jul 21 2022 Lukas Hrazky <lhrazky@redhat.com> - 0.67.0-2 - Add obsoletes to filtering for advisory candidates - advisory upgrade: filter out advPkgs with different arch * Thu Apr 28 2022 Pavla Kratochvilova <pkratoch@redhat.com> - 0.67.0-1 - Fix handling transaction id in resolveTransactionItemReason (RhBug:2010259,2053014) - Remove deprecated assertions (RhBug:2027383) - Skip rich deps for autodetection of unmet dependencies (RhBug:2033130, 2048394) - Increase required rpm version since we use `rpmdbCookie()` - Add 'loongarch' support - Use dnf solv userdata to check versions and checksum (RhBug:2027445) - context: Substitute all repository config options (RhBug:2076853) fonts-filesystem| * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.0.5-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:2.0.5-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Sat May 23 2020 Igor Raits <ignatenkobrain@fedoraproject.org> - 1:2.0.5-3 - Insert Epoch in Requires/Provides/Obsoletes * Sat May 23 2020 Igor Raits <ignatenkobrain@fedoraproject.org> - 1:2.0.5-2 - Revert to 2.0.5 * Tue Apr 28 2020 Nicolas Mailhot <nim@fedoraproject.org> - 3.0.3-1 🐞 Fix bugs in the 3.0.2 refactoring - 3.0.2-1 🐞 Workaround Fedora problems created by rpm commit 93604e2 harder * Mon Apr 27 2020 Nicolas Mailhot <nim@fedoraproject.org> - 3.0.1-1 🐞 Workaround Fedora problems created by rpm commit 93604e2 * Fri Apr 03 2020 Nicolas Mailhot <nim@fedoraproject.org> - 2.0.5-1 ✅ do not add empty urls to appstream files * Thu Apr 02 2020 Nicolas Mailhot <nim@fedoraproject.org> - 2.0.4-2 ✅ validate fontconfig files by default * Sat Feb 29 2020 Nicolas Mailhot <nim@fedoraproject.org> - 2.0.3-1 ✅ minor rpmlint-oriented fixlets * Sat Feb 22 2020 Nicolas Mailhot <nim@fedoraproject.org> - 2.0.2-1 ✅ improve experimental fontconfig configuration generator * Thu Feb 20 2020 Nicolas Mailhot <nim@fedoraproject.org> - 2.0.1-3 ✅ limit descriptions to 80 columns * Fri Feb 14 2020 Nicolas Mailhot <nim@fedoraproject.org> - 2.0.1-2 ✅ use fonts packaging guidelines as URL - 2.0.1-1 ✅ first 2.x version proposed to Fedora, after FPC approval https://meetbot-raw.fedoraproject.org/fedora-meeting-1/2020-02-13/fpc.2020-02-13-17.00.txt * Mon Nov 11 2019 Nicolas Mailhot <nim@fedoraproject.org> - 2.0.0-1 ✅ transform into fonts-rpm-macros ✅ major rpm macro and rpm spec template rework dejavu-sans-fonts| * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.37-18.gitversion_2_37 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 2.37-17.gitversion_2_37 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.37-16 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Fri Sep 04 2020 Parag Nemade <pnemade AT redhat DOT com> - 2.37-15 - Fix this spec file to build for F33+ * Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Mon Apr 27 2020 Nicolas Mailhot <nim@fedoraproject.org> - 2.37-13 🐞 Workaround Fedora problems created by rpm commit 93604e2 * Thu Apr 02 2020 Nicolas Mailhot <nim@fedoraproject.org> - 2.37-12 👻 Rebuild with fonts-rpm-macros 2.0.4 to make sure fontconfig files are valid * Mon Mar 09 2020 Nicolas Mailhot <nim@fedoraproject.org> - 2.37-7 ✅ Remove F32 compatibility packages * Mon Mar 02 2020 Nicolas Mailhot <nim@fedoraproject.org> - 2.37-6 ✅ Lint, lint, lint and lint again * Sat Feb 22 2020 Nicolas Mailhot <nim@fedoraproject.org> - 2.37-5 ✅ Rebuild with fonts-rpm-macros 2.0.2 * Sat Feb 15 2020 Nicolas Mailhot <nim@fedoraproject.org> - 2.27-4 ✅ Convert to fonts-rpm-macros use ✅ Merge math extension into serif langpacks-core-font-en| * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.0-16 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 3.0-15 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Wed Mar 10 2021 Jens Petersen <petersen@redhat.com> - 3.0-14 - ja: use ibus-anthy - zh_HK: use ibus-table-chinese-cangjie * Mon Mar 08 2021 Jens Petersen <petersen@redhat.com> - 3.0-13 - add subpackages for Hong Kong (zh_HK) * Tue Feb 23 2021 Parag Nemade <pnemade AT redhat DOT com> - 3.0-12 - Revert previous ibus-unikey change for RHEL * Mon Feb 22 2021 Parag Nemade <pnemade AT redhat DOT com> - 3.0-11 - Move Vietnamese to use ibus-unikey as default IME (#1913431) * Sat Feb 20 2021 Parag Nemade <pnemade AT redhat DOT com> - 3.0-10 - Add more entries to previous commit * Thu Feb 18 2021 Parag Nemade <pnemade AT redhat DOT com> - 3.0-9 - Don't Recommends: packages in RHEL which are not available * Mon Feb 15 2021 Parag Nemade <pnemade AT redhat DOT com> - 3.0-8 - Change default for Sinhala and Vietnamese to use ibus-m17n keymaps for Fedora * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Thu Dec 17 2020 Parag Nemade <pnemade AT redhat DOT com> - 3.0-6 - Change default for Sinhala and Vietnamese to use ibus-m17n keymaps * Wed Sep 16 2020 Parag Nemade <pnemade AT redhat DOT com> - 3.0-5 - Resolves: Fix broken dependency for langpacks-core-font-km (#1879141) * Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Wed Mar 11 2020 Akira TAGOH <tagoh@redhat.com> - 3.0-3 - Stop shipping core-font sub-packages in lowercase and keep same naming as others. * Tue Feb 04 2020 Akira TAGOH <tagoh@redhat.com> - 3.0-2 - Revert font(familyname) dependency to fix some regressions. * Wed Jan 22 2020 Parag Nemade <pnemade AT redhat DOT com> - 3.0-1 - Added AppStream metainfo files for -core and -core-font subpackages - Use fontconfig API to normalize the langcode and sub-package core-font based on ortho (By Akira Tagoh) - Use dependencies as font(familyname) instead of actual package names - Added Provides: in langcore_pkg macro (#1792463) - Added -core-font-xx subpackages * Wed Sep 11 2019 Parag Nemade <pnemade AT redhat DOT com> - 2.0-7 - Fix typo (#1751242) * Thu Aug 29 2019 Parag Nemade <pnemade AT redhat DOT com> - 2.0-6 - Fix the issue detected in rpmdeplint report * Mon Aug 12 2019 Akira TAGOH <tagoh@redhat.com> - 2.0-5 - Replace non variable fonts to variable fonts. (#1739976) langpacks-core-en| * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.0-16 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 3.0-15 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Wed Mar 10 2021 Jens Petersen <petersen@redhat.com> - 3.0-14 - ja: use ibus-anthy - zh_HK: use ibus-table-chinese-cangjie * Mon Mar 08 2021 Jens Petersen <petersen@redhat.com> - 3.0-13 - add subpackages for Hong Kong (zh_HK) * Tue Feb 23 2021 Parag Nemade <pnemade AT redhat DOT com> - 3.0-12 - Revert previous ibus-unikey change for RHEL * Mon Feb 22 2021 Parag Nemade <pnemade AT redhat DOT com> - 3.0-11 - Move Vietnamese to use ibus-unikey as default IME (#1913431) * Sat Feb 20 2021 Parag Nemade <pnemade AT redhat DOT com> - 3.0-10 - Add more entries to previous commit * Thu Feb 18 2021 Parag Nemade <pnemade AT redhat DOT com> - 3.0-9 - Don't Recommends: packages in RHEL which are not available * Mon Feb 15 2021 Parag Nemade <pnemade AT redhat DOT com> - 3.0-8 - Change default for Sinhala and Vietnamese to use ibus-m17n keymaps for Fedora * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Thu Dec 17 2020 Parag Nemade <pnemade AT redhat DOT com> - 3.0-6 - Change default for Sinhala and Vietnamese to use ibus-m17n keymaps * Wed Sep 16 2020 Parag Nemade <pnemade AT redhat DOT com> - 3.0-5 - Resolves: Fix broken dependency for langpacks-core-font-km (#1879141) * Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Wed Mar 11 2020 Akira TAGOH <tagoh@redhat.com> - 3.0-3 - Stop shipping core-font sub-packages in lowercase and keep same naming as others. * Tue Feb 04 2020 Akira TAGOH <tagoh@redhat.com> - 3.0-2 - Revert font(familyname) dependency to fix some regressions. * Wed Jan 22 2020 Parag Nemade <pnemade AT redhat DOT com> - 3.0-1 - Added AppStream metainfo files for -core and -core-font subpackages - Use fontconfig API to normalize the langcode and sub-package core-font based on ortho (By Akira Tagoh) - Use dependencies as font(familyname) instead of actual package names - Added Provides: in langcore_pkg macro (#1792463) - Added -core-font-xx subpackages * Wed Sep 11 2019 Parag Nemade <pnemade AT redhat DOT com> - 2.0-7 - Fix typo (#1751242) * Thu Aug 29 2019 Parag Nemade <pnemade AT redhat DOT com> - 2.0-6 - Fix the issue detected in rpmdeplint report * Mon Aug 12 2019 Akira TAGOH <tagoh@redhat.com> - 2.0-5 - Replace non variable fonts to variable fonts. (#1739976) microdnf| * Fri Jan 06 2023 Nicola Sella <nsella@redhat.com> - 3.9.1-3 - Bump release (needed to rebuild) * Mon Oct 31 2022 Nicola Sella <nsella@redhat.com> - 3.9.1-2 - Revert: leaves: Treat recommends as dependencies when install_weak_deps=True - Revert: Add leaves command * Thu Sep 22 2022 Lukas Hrazky <lhrazky@redhat.com> - 3.9.1-1 - Update to 3.9.1 - leaves: Treat recommends as dependencies when install_weak_deps=True - Add leaves command - Remove non-breaking space from "Size" column (RhBug:2010676) * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.8.0-3 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Tue Jun 22 2021 Mohan Boddu <mboddu@redhat.com> - 3.8.0-2 - Rebuilt for RHEL 9 BETA for openssl 3.0 Related: rhbz#1971065 * Wed Jun 02 2021 Pavla Kratochvilova <pkratoch@redhat.com> - 3.8.0-1 - Update to 3.8.0 - distrosync: Fix style issues and plugin build with Meson - Add distro-sync subcommand - Add "makecache" command * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 3.7.1-2 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Mon Mar 01 2021 Nicola Sella <nsella@redhat.com> - 3.7.1-1 - Update to 3.7.1 - [download] fix: unwanted dependency on newer glib - [download] Support for "--resolve" and "--alldeps" arguments - [download] New get_packages_query function - Support "--setopt=keepcache=0/1" - [download] Support "--archlist=" argument - [download] Move package download code to "download_packages" function - [download] several optimizations - Don't set default value of "assumeyes" to TRUE - Support for user confirmation and assumeyes, assumeno, defaultyes - Extend "--setopt" to support repository options - Added alias "update" to "upgrade" command - Command "update" renamed to "upgrade" - Add support for command aliases - dnf-data requirement only for Fedora and future RHEL - Relicense to GPLv2+ [errata corrige: not in 3.5.1-1] - Sync summary and description from openSUSE [errata corrige: not in 3.6.0-1] * Thu Jan 28 2021 Nicola Sella <nsella@redhat.com> - 3.6.0-1 - Update to 3.6.0 - spec: Sync summary and description from openSUSE - Add support for setting a platform module ID - Add dependency for DNF configurations skeleton - Add support for setting allow_vendor_change * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.5.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild util-linux| * Thu Feb 08 2024 Karel Zak <kzak@redhat.com> 2.37.4-18 - lscpu: another tests update (RHEL-12783) * Thu Feb 08 2024 Karel Zak <kzak@redhat.com> 2.37.4-17 - lscpu: update tests, follow max freq for scaling (RHEL-12783) * Wed Feb 07 2024 Karel Zak <kzak@redhat.com> 2.37.4-16 - fix RHEL-16048 - uninitialized memory in SCM_CREDENTIALS in logger(1) - fix RHEL-21257 - logger sending process start time not current time with log messages - fix RHEL-16071 - issues in libblkid - fix RHEL-12783 - lscpu -e doesn't show the current real frequency value - fix RHEL-14612 - Userspace mount options are not preserved for NFS * Thu Aug 24 2023 Karel Zak <kzak@redhat.com> 2.37.4-15 - fix typo in patch for #2133396 * Wed Aug 23 2023 Karel Zak <kzak@redhat.com> 2.37.4-14 - improve fix #2133396 - Internal testsuite for cramfs fails on s390x * Thu Aug 10 2023 Karel Zak <kzak@redhat.com> 2.37.4-13 - improve fix #2180414 - Backport hint about systemd daemon-reload * Wed Aug 09 2023 Karel Zak <kzak@redhat.com> 2.37.4-12 - fix #2133396 - Internal testsuite for cramfs fails on s390x - fix #2174748 - enable uuidd cont-clock by default - fix #2182169 - lscpu: backport ARM human-readable names from upstream - fix #2189947 - libuuid - downport cache related patch - fix #2203324 - zram module does not have algorithms mentioned in zramctl command - fix #2209267 - Add additional documentation on devices being auto-mounted if a device exists within fstab. - fix #2215082 - For the 'sfdisk' man page to further clarify the expected behavior and intended use of the -d option * Tue Mar 28 2023 Karel Zak <kzak@redhat.com> 2.37.4-11 - fix #2180414 - Backport hint about systemd daemon-reload * Tue Feb 07 2023 Karel Zak <kzak@redhat.com> 2.37.4-10 - fix #2165981 - fstrim -av fails to trim root filesystem on Red Hat Coreos - fix #2141970 - add --cont-clock feature for libuuid and uuidd - fix #2133385 - uuidd returns time-based UUIDs when asked for random UUIDs. - fix #2156946 - agetty does not handle the \l sequence in /etc/issue correctly - fix #2166653 - last(1) should be more robust with work with strings - fix #2120246 - use {_tmpfilesdir} also in install section - fix #2134143 - publish libsmartcols-devel subpackages to C9S yum repos * Wed Aug 24 2022 Karel Zak <kzak@redhat.com> 2.37.4-9 - improve lslogins pasword validator (related #2094216) * Mon Aug 15 2022 Karel Zak <kzak@redhat.com> 2.37.4-8 - remove unnecessary patches (#2117203) * Fri Aug 12 2022 Karel Zak <kzak@redhat.com> 2.37.4-7 - improve loop overlay test (#2117203) * Wed Aug 10 2022 Karel Zak <kzak@redhat.com> 2.37.4-6 - fix #2094216 - lslogins reports incorrect "Password is locked" status - fix #2117203 - loop-overlay test failed * Fri Jul 22 2022 Karel Zak <kzak@redhat.com> 2.37.4-5 - cleanup spec file build requiremnts * Thu Jul 21 2022 Karel Zak <kzak@redhat.com> 2.37.4-4 - fix #2079652 - remove uclampset, unsupported by RHEL kernel - fix #2094216 - lslogins reports incorrect "Password is locked" status - fix #2092943 - uuidd time based UUIDs are without MAC address - fix #2074486 - wipefs to erase all available signatures against read only rom - fix #2064810 - RFE: complete libblkid FSSIZE implementation - fix #2078787 - Activity "lsirq -s column" produces wrong result i.e. not sorting properly. - fix #2076829 - dmesg new option "--since" is not working if timestamp format is not provided - fix #2109459 - fix compiler warnings/errors * Thu Feb 24 2022 Karel Zak <kzak@redhat.com> 2.37.4-3 - fix #2057046 - wdctl not picking up reboot reason flag * Thu Feb 17 2022 Karel Zak <kzak@redhat.com> 2.37.4-2 - improve bugfix for #2047952, fix warnings from rpminspect * Wed Feb 16 2022 Karel Zak <kzak@redhat.com> 2.37.4-1 - upgrade to v2.37.4 (fix CVE-2022-0563)