------------------------------------------------------------------
--- Changelog.all ----------- Fri Dec 16 08:42:29 UTC 2022 ------
------------------------------------------------------------------
------------------------------------------------------------------
------------------ 2022-12-14 - Dec 14 2022 -------------------
------------------------------------------------------------------
++++ fde-tools:
- Fix several bugs in firstboot
* The approach for reading the initial FDE pass phrase
from /etc/default/grub is not supported in kiwi yet,
so work around that
* The kiwi KVM images have a strange EFI boot path that
does not contain a File component. Try to work
around that.
* shim-install behaves differently between kiwi image build time
and the installed system. Work around.
------------------------------------------------------------------
------------------ 2022-12-13 - Dec 13 2022 -------------------
------------------------------------------------------------------
++++ fde-tools:
- Fix source URL
- Fix the fde-tpm-enroll.service file
++++ selinux-policy:
- Updated fix_networkmanager.patch to fixe labeling of nm-dispatcher and
nm-priv-helper until the packaging is adjusted (bsc#1206355)
- Update fix_chronyd.patch to allow sendto towards
NetworkManager_dispatcher_custom_t. Added new interface
networkmanager_dispatcher_custom_dgram_send for this (bsc#1206357)
- Update fix_dbus.patch to allow dbus to watch lib directories (bsc#1205895)
------------------------------------------------------------------
------------------ 2022-12-12 - Dec 12 2022 -------------------
------------------------------------------------------------------
++++ fde-tools:
- Updated to version 0.6.1
- Fix tpm-enable subcommand
- Add new add-secondary-key subcommand
- Add a systemd unit file that triggers on the presence of the
key file written by d-installer
------------------------------------------------------------------
------------------ 2022-12-7 - Dec 7 2022 -------------------
------------------------------------------------------------------
++++ fde-tools:
- Updated to version 0.6
- pcr-oracle is now a standalone project and package
- Split off the jeos-firstboot stuff into a binary package of its own,
because bare metal installations do not need it
- Refactoring the scripts
- Folded Gary's patches into git.
------------------------------------------------------------------
------------------ 2022-12-6 - Dec 6 2022 -------------------
------------------------------------------------------------------
++++ selinux-policy:
- Updated fix_networkmanager.patch to allow NetworkManager to watch
net_conf_t (bsc#1206109)
------------------------------------------------------------------
------------------ 2022-11-30 - Nov 30 2022 -------------------
------------------------------------------------------------------
++++ selinux-policy:
- Add fix_irqbalance.patch: support netlink socket operations (bsc#1205434)
- Drop fix_irqbalance.patch: superseded by upstream
------------------------------------------------------------------
------------------ 2022-11-25 - Nov 25 2022 -------------------
------------------------------------------------------------------
++++ libtpms:
- fix build for ppc64le: use -Wl,--no-as-needed in check-local
[bsc#1204556]
------------------------------------------------------------------
------------------ 2022-11-24 - Nov 24 2022 -------------------
------------------------------------------------------------------
++++ selinux-policy:
- fix_sysnetwork.patch: firewalld uses /etc/sysconfig/network/ for
network interface definition instead of /etc/sysconfig/network-scripts/,
modified sysnetwork.fc to reflect that (bsc#1205580).
------------------------------------------------------------------
------------------ 2022-11-22 - Nov 22 2022 -------------------
------------------------------------------------------------------
++++ systemd:
- Import commit 3bd3e4e6c1efe0d6df776107efde47e15e58fe96
d28e81d65c test: fix the default timeout values described in README.testsuite
d921c83f53 meson: install test-kernel-install only when -Dkernel-install=true
c3b6c4b584 tests: update install_suse_systemd()
3c77335b19 tests: install dmi-sysfs module on openSUSE
df632130cd tests: install systemd-resolved on openSUSE
- Add 6000-Revert-tmpfiles-whenever-creating-an-inode-immediate.patch until
upstream issue #25468 is fixed.
- Drop 6000-meson-install-test-kernel-install-only-when-Dkernel-.patch, the
patch has been merged in the SUSE git repo.
++++ shim:
- Enhance cryptodisk code to recognize new variables in /etc/default/grub:
* GRUB_CRYPTODISK_PASSWORD
* GRUB_TPM2_SEALED_KEY
* GRUB_TPM2_PCR_BANK and GRUB_TPM2_PCR_LIST
- Introduce --no-grub-install option
------------------------------------------------------------------
------------------ 2022-11-21 - Nov 21 2022 -------------------
------------------------------------------------------------------
++++ raspberrypi-firmware:
- Update to b8a7365 (2022-11-18):
* firmware: arm_loader: Improvements to Compute Module audio
See: https://forums.raspberrypi.com/viewtopic.php?p=2052680
* firmware: arm_loader: Fix GPIO bank 1 support
See: #1756
++++ raspberrypi-firmware-config:
- Update to b8a7365 (2022-11-18):
* firmware: arm_loader: Improvements to Compute Module audio
See: https://forums.raspberrypi.com/viewtopic.php?p=2052680
* firmware: arm_loader: Fix GPIO bank 1 support
See: #1756
++++ raspberrypi-firmware-config-camera:
- Update to b8a7365 (2022-11-18):
* firmware: arm_loader: Improvements to Compute Module audio
See: https://forums.raspberrypi.com/viewtopic.php?p=2052680
* firmware: arm_loader: Fix GPIO bank 1 support
See: #1756
------------------------------------------------------------------
------------------ 2022-11-18 - Nov 18 2022 -------------------
------------------------------------------------------------------
++++ systemd:
- Reenable build of sd_boot, it was mistakenly disabled during the integration
of v252.
------------------------------------------------------------------
------------------ 2022-11-17 - Nov 17 2022 -------------------
------------------------------------------------------------------
++++ python-certifi:
- Update to 2022.9.24:
* (no changes)
- from version 2022.09.24:
* (no changes)
- from version 2022.09.14:
* (no changes)
- from version 2022.06.15.2:
* Only use importlib.resources's new files() /
Traversable API on Python ≥3.11 (#204)
- from version 2022.06.15.1:
* Fix deprecation warning on Python 3.11 (#199)
* fixes #198 -- update link in license
- from version 2022.06.15:
* Add py.typed to MANIFEST.in to package in sdist (#196)
- from version 2022.05.18.1:
* Add support for Python 3.10 and drop EOL 3.5 (#167)
- from version 2022.05.18:
* Automatically lock github issues after
they've been closed for 90 days (#189)
* Remove universal wheel, python 2 is unsupported (#187)
* Add type annotations to package
* Added Required Python Version (#152)
* Fix homepage link (#145)
- Refresh patches for new version
* python-certifi-shipped-requests-cabundle.patch
------------------------------------------------------------------
------------------ 2022-11-16 - Nov 16 2022 -------------------
------------------------------------------------------------------
++++ ansible:
- remove lowlydba.sqlserver collection as rpmlint throws errors due to powershell:
"E: wrong-script-interpreter (Badness: 490) [...]/ansible_collections/lowlydba/sqlserver/plugins/modules/restore.ps1 powershell"
++++ curl:
- Add 1.50.0 as the minimum libnghttp2 build requirement version as
a bandaid. Curl's 7.86.0 release introduces the use of
nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation,
introduced by nghttp2 1.50.0 release, without introducing a check
for the function/right version in their build scripts. This will
make Zypper/cURL unusable in some corner cases where users
installing something that requires libcurl4 before doing full
system upgrade, thus updating the cURL stack, but not
libnghttp2's. Background: boo#1204983, Factory mailing list
threadd:
"? broken dependency in curl and/or *zyp* ?", and forums thread:
Curl-is-broken-after-an-update-which-subsequently-breaks-zypper.
++++ grub2:
- Security fixes and hardenings
* 0001-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch
* 0002-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch
- Fix CVE-2022-2601 (bsc#1205178)
* 0003-font-Fix-several-integer-overflows-in-grub_font_cons.patch
* 0004-font-Remove-grub_font_dup_glyph.patch
* 0005-font-Fix-integer-overflow-in-ensure_comb_space.patch
* 0006-font-Fix-integer-overflow-in-BMP-index.patch
* 0007-font-Fix-integer-underflow-in-binary-search-of-char-.patch
* 0008-fbutil-Fix-integer-overflow.patch
- Fix CVE-2022-3775 (bsc#1205182)
* 0009-font-Fix-an-integer-underflow-in-blit_comb.patch
* 0010-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch
* 0011-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch
* 0012-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch
- Bump upstream SBAT generation to 3
++++ krb5:
- Update to 1.20.1; (bsc#1205126); (CVE-2022-42898);
* Fix integer overflows in PAC parsing [CVE-2022-42898].
* Fix null deref in KDC when decoding invalid NDR.
* Fix memory leak in OTP kdcpreauth module.
* Fix PKCS11 module path search.
++++ llvm15:
- Update to version 15.0.5.
* This release contains bug-fixes for the LLVM 15.0.0 release.
This release is API and ABI compatible with 15.0.0.
- Remove obsolete lldb-swig-4.1.0-build-fix.patch.
- Rebase llvm-do-not-install-static-libraries.patch.
++++ libXft:
- Update to version 2.3.7
* libxft issue #15
https://gitlab.freedesktop.org/xorg/lib/libxft/-/issues/15
XftFontLoadGlyphs for mono font returns wrong info in extents from
XftTextExtentsUtf8 for variable chars
Patch by Scott Mcdermott, based on
https://github.com/googlefonts/Inconsolata/issues/42
* fix compiler warning
* libxft issue #16
https://gitlab.freedesktop.org/xorg/lib/libxft/-/issues/16
Stack gets smashed in fonts with colors when calling XftGlyphRender
BGRA changes made incorrect comparison for local vs allocated
buffer in XftGlyphSpecRender
* stdint.h header is needed for SIZE_MAX
++++ lcms2:
- Removed reverse-0001-fix-memory-leaks-on-testbed.patch and added
0001-fix-memory-corruption-when-unregistering-plugins.patch as
final fix for https://github.com/hughsie/colord/issues/145
++++ open-iscsi:
- Updated to latest upstream. Changes:
* scsid/iscsiuio: fix OOM adjustment (github issue #377)
++++ qemu:
- Raise the maximum number of vCPUs a VM can have to 1024 (jsc#PED-2592)
* Patches added:
pc-q35-Bump-max_cpus-to-1024.patch
------------------------------------------------------------------
------------------ 2022-11-15 - Nov 15 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- try to fix build on ppc64le due to running OOM (boo#1205441)
* let's request 20G of physical memory via _constraints file
++++ Mesa-drivers:
- try to fix build on ppc64le due to running OOM (boo#1205441)
* let's request 20G of physical memory via _constraints file
++++ ansible:
- update to 6.6.0:
Ansible 6.6.0 will include ansible-core 2.13.6 as well as a curated set of
Ansible collections to provide a vast number of modules and plugins.
* The changelog for ansible-core 2.13 installed by this release of
ansible is available here:
https://github.com/ansible/ansible/blob/stable-2.13/changelogs/CHANGELOG-v2.13.rst
* Collections which have opted into being a part of the Ansible-6
unified changelog will have an entry on this page:
https://github.com/ansible-community/ansible-build-data/blob/main/6/CHANGELOG-v6.rst
++++ ansible-core:
- update to 2.13.6:
Changelog https://github.com/ansible/ansible/blob/v2.13.6/changelogs/CHANGELOG-v2.13.rst
* Minor Changes
- ansible-test - Improve consistency of version specific documentation links.
* Bugfixes
- BSD network facts - Do not assume column indexes, look for netmask and broadcast for determining the correct columns when parsing inet line (#79117)
- ansible-galaxy - make initial call to Galaxy server on-demand only when installing, getting info about, and listing roles.
- ansible-test - Add wheel < 0.38.0 constraint for Python 3.6 and earlier.
- ansible-test - Fix broken documentation link for aws test plugin error messages.
- copy module will no longer move 'non files' set as src when remote_src=true.
- file lookup now handles missing files more gracefully.
- service_facts - Use python re to parse service output instead of grep (#78541)
- updated error messages to include 'acl' and not just mode changes when failing to set required permissions on remote.
++++ dracut:
- Update to version 057+suse.344.g021aead9:
* fix(dracut-systemd): run systemctl daemon-reload after remove_hostonly_files
* fix(dracut.sh): improve detection of installed kernel versions (bsc#1205175)
* fix(network-manager): always install the library plugins directory (bsc#1202014)
* feat(dracut-init.sh): add inst_libdir_dir() helper (bsc#1202014)
++++ hwdata:
- update to 0.364:
+ Updated pci, usb and vendor ids.
++++ texinfo:
- Update to version 7.0 (7 November 2022)
* texi2any
* LaTeX added as an output format, selected with --latex
* EPUB 3 added as an output format, selected with --epub3
* reform throughout the code in general
* thorough review of character encoding issues
* new customization variables involved with character encoding:
INPUT_FILE_NAME_ENCODING, OUTPUT_FILE_NAME_ENCODING,
DOC_ENCODING_FOR_INPUT_FILE_NAME, DOC_ENCODING_FOR_OUTPUT_FILE_NAME,
MESSAGE_ENCODING and COMMAND_LINE_ENCODING
* warn if full-text commands (@ref, @footnote, @anchor) appear in @w
* new variable NO_TOP_NODE_OUTPUT
* IGNORE_BEFORE_SETFILENAME variable removed. former effect
is now always on.
* HTML output:
* use manual_name_html as output directory for split HTML instead of
manual_name or manual_name.html
* default DOCTYPE declaration changed to plain HTML5 style rather than
HTML4 DTD reference
* output only the CSS rules that are needed in an output file
. remove CSS_LINES variable and add SHOW_BUILTIN_CSS_RULES
* (custom CSS can still be output using EXTRA_HEAD)
* use <code> tag for the output of @t and @verb instead of <tt>
* use <abbr> for @acronym instead of <acronym>
* link to table of contents from short table of contents only if a
table of contents is actually output
* prefix classes from @example arguments with `user-'
* percent encode URL in @url/@uref, @email, @image and external
manual file
* new USE_XML_SYNTAX, HTML_ROOT_ELEMENT_ATTRIBUTES and
NO_CUSTOM_HTML_ATTRIBUTE variables can be used to output
valid XHTML
* systematic addition of classes attribute in HTML elements based on the
Texinfo @-command names. renaming of class attributes to avoid
confusion with @-commands formatting and describe the role in the
document rather than the formatting style.
* COPIABLE_ANCHORS renamed to COPIABLE_LINKS
* do not add a title by default; SHOW_TITLE or NO_TOP_NODE_OUTPUT has
to be set
* USE_TITLEPAGE_FOR_TITLE is now true by default
* L2H variable removed, replaced by HTML_MATH set to `l2h'
* rename OVERVIEW_LINK_TO_TOC to SHORT_TOC_LINK_TO_TOC
* rename BEFORE_OVERVIEW to BEFORE_SHORT_TOC_LINE
* rename AFTER_OVERVIEW to AFTER_SHORT_TOC_LINES
* remove PRE_ABOUT, AFTER_ABOUT, and add PROGRAM_NAME_IN_ABOUT
* remove KEEP_TOP_EXTERNAL_REF
* new variables IGNORE_REF_TO_TOP_NODE_UP, CONVERT_TO_LATEX_IN_MATH,
HTMLXREF_MODE and HTMLXREF_FILE
* DocBook output:
* do not output Top node or text before the first @node or sectioning
@-command. NO_TOP_NODE_OUTPUT can be set to false to output Top node
for now.
* replace @definfocenlose defined @-commands by the argument as-is
to be more consistent with printed output
* HTML/DocBook output:
* USE_NUMERIC_ENTITY changed to mean to use numeric entities instead
of named entities. former effect is now always on.
* ENABLE_ENCODING_USE_ENTITY variable removed. former effect is now
always off.
* Info output
* quote problematic node names (with :, comma...) by default
* new customization variable ASCII_PUNCTUATION to use plain ASCII
characters for quotation marks and a few other symbols
* texinfo.tex
* `@microtype on' uses microtypography in formatting for pdfTeX and LuaTeX
* do not ignore @part page immediately following Top node
* do `@set txicodevaristt' to get slanted typewriter for @var in code,
`@clear txicodevaristt' to use slanted, variable-width roman font for
@var everywhere. flag is @set by default, but we may turn this off
in the future.
* new file doc/texinfo-zh.tex for Texinfo documents in Chinese.
new support file doc/txi-zh.tex for Chinese. doc/short-sample-zh.texi is
a sample document.
* info
* better support for index entries containing parentheses
* better support for getting bold text etc. when displaying manpages
* bug fixed where the first index entry in a file could be ignored
* M-C-f closes as well as opens footnotes window
* do not crash if run in Brazilian Portuguese locale
* Language
* @deftype* commands use typewriter font in argument list
* new commands @latex, @iflatex, @ifnotlatex for new LaTeX output format
* do `@set txidefnamenospace' to omit space after a definition name
* Other
* build fixed for glibc 2.34
- Delete patch 13a8894fe2.patch as now part of upstream tar ball
++++ shim:
- Add shim-jscPED-127-upgrade-shim-in-SLE15-SP5.patch for backporting the following
patches between 15.6 with aa1b289a1a (jsc#PED-127):
aa1b289a1a16774afc3143b8948d97261f0872d0 mok: remove MokListTrusted from PCR 7
0cf43ac6d78c6f47f8b91210639ac1aa63665f0b Add -malign-double to IA32 compiler flags
ea4911c2f3ce8f8f703a1476febac86bb16b00fd load_cert_file: Use EFI RT memory function
2d4ebb5a798aafd3b06d2c3cb9c9840c1caa41ef load_cert_file: Fix stack issue
5c537b3d0cf8c393dad2e61d49aade68f3af1401 shim: Flush the memory region from i-cache before execution
14d63398298c8de23036a4cf61594108b7345863 Discard load-options that start with a NUL
092c2b2bbed950727e41cf450b61c794881c33e7 Reference MokListRT instead of MokList
0eb07e11b20680200d3ce9c5bc59299121a75388 Make SBAT variable payload introspectable
- Add shim-Enable-TDX-measurement-to-RTMR-register.patch to support
enhance shim measurement to TD RTMR. (jsc#PED-1273)
- For pushing openSUSE:Factory/shim to SLE15-SP5, sync the shim.spec
and shim.changes: (jsc#PED-127)
- Add some change log from SLE shim.changes to Factory shim.changes
Those messages are added "(sync shim.changes from SLE)" tag.
- Add the following changes to shim.spec
- only apply Patch100, the shim-bsc1198101-opensuse-cert-prompt.patch
on openSUSE.
- Enable the AArch64 signature check for SLE:
[#] AArch64 signature
signature=%{SOURCE13}
++++ virt-manager:
- bsc#1203252 - virt-manager regression - cannot add second
virtio-scsi controller
virtman-fix-uninitialized-controller-index.patch
------------------------------------------------------------------
------------------ 2022-11-14 - Nov 14 2022 -------------------
------------------------------------------------------------------
++++ libalternatives:
- switch to a manual service rather than a buildtime tar service
which introduces a bootstrap cycle between python and tar_scm
++++ grub2:
- Removed 0001-linux-fix-efi_relocate_kernel-failure.patch as reported
regression in some hardware being stuck in initrd loading (bsc#1205380)
- Fix password asked twice if third field in crypttab not present (bsc#1205312)
* 0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch
++++ kernel-firmware:
- Update to version 20221109 (git commit 60310c2deb8c):
* linux-firmware: Update firmware file for Intel Bluetooth 9462
* linux-firmware: Update firmware file for Intel Bluetooth 9462
* linux-firmware: Update firmware file for Intel Bluetooth 9560
* linux-firmware: Update firmware file for Intel Bluetooth 9560
* linux-firmware: Update firmware file for Intel Bluetooth AX201
* linux-firmware: Update firmware file for Intel Bluetooth AX201
* linux-firmware: Update firmware file for Intel Bluetooth AX211
* linux-firmware: Update firmware file for Intel Bluetooth AX211
* linux-firmware: Update firmware file for Intel Bluetooth AX210
* linux-firmware: Update firmware file for Intel Bluetooth AX200
* linux-firmware: Update firmware file for Intel Bluetooth AX201
* amdgpu: update DMCUB firmware for DCN 3.1.6
* rtl_bt: Update RTL8822C BT UART firmware to 0xFFB8_ABD6
* rtl_bt: Update RTL8822C BT USB firmware to 0xFFB8_ABD3
* WHENCE: mrvl: prestera: Add WHENCE entries for newly updated 4.1 FW images
* mrvl: prestera: Update Marvell Prestera Switchdev FW to v4.1
* iwlwifi: add new FWs from core74_pv-60 release
* qcom: drop split a530_zap firmware file
* qcom/vpu-1.0: drop split firmware in favour of the mbn file
* qcom/venus-4.2: drop split firmware in favour of the mbn file
* qcom/venus-4.2: replace split firmware with the mbn file
* qcom/venus-1.8: replace split firmware with the mbn file
++++ libeconf:
- Update to version 0.4.8+git20221114.7ff7704:
* Parsing files which are containing keys only (#170)
All delimiters are allowed now : "", " =", " ", "=". But the
user should use "" in order to be distinct.
* /usr/etc/shells.d/<file_name> will not be parsed if
/etc/shells.d/<file_name> is defined too.
* Lto build fixed (#168)
* New calls: econf_comment_tag, econf_delimiter_tag, econf_set_comment_tag,
econf_set_delimiter_tag
* Checking UID,GroupID, permissions,... of the parsed files (#165)
New calls: econf_requireOwner, econf_requireGroup, econf_requirePermissions,
econf_followSymlinks
* Ignoring Group without brackets; Do not hold brackets in the internal data structure. (#164)
* Error handling improved for nums and booleans (#163)
++++ systemd:
- Upgrade to v252.1 (commit 64dc546913525e33e734500055a62ed0e963c227)
See https://github.com/openSUSE/systemd/blob/SUSE/v252/NEWS for details.
This includes the following bug fixes:
- upstream commit 67c3e1f63a5221b47a8fea85ae421671f29f3b7e (bsc#1200723)
* Rebased 0001-conf-parser-introduce-early-drop-ins.patch
1000-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch
* The new tools systemd-measure and systemd-pcrphase have been added to the
experimental sub-package for now.
* Add temporarly
6000-meson-install-test-kernel-install-only-when-Dkernel-.patch until this
patch is mainstreamed.
++++ tiff:
- security update:
* CVE-2022-3970 [bsc#1205392]
+ tiff-CVE-2022-3970.patch
++++ python-setuptools:
- Delete remove_mock.patch, that's not needed anymore, it's upstreamed
- Update to 65.5.1:
* #3638: Drop a test dependency on the mock package, always use
:external+python:py:mod:`unittest.mock` -- by :user:`hroncok`
* #3659: Fixed REDoS vector in package_index.
------------------------------------------------------------------
------------------ 2022-11-13 - Nov 13 2022 -------------------
------------------------------------------------------------------
++++ tiff:
- security update:
* CVE-2022-3597 [bsc#1204641]
* CVE-2022-3626 [bsc#1204644]
* CVE-2022-3627 [bsc#1204645]
+ tiff-CVE-2022-3597,CVE-2022-3626,CVE-2022-3627.patch
* CVE-2022-3599 [bsc#1204643]
+ tiff-CVE-2022-3599.patch
* CVE-2022-3598 [bsc#1204642]
+ tiff-CVE-2022-3598.patch
------------------------------------------------------------------
------------------ 2022-11-12 - Nov 12 2022 -------------------
------------------------------------------------------------------
++++ libappindicator:
- Let the rpm provide libappindicator-gtk3 for EL8 compat
++++ nerdctl:
- Update to version 1.0.0:
* nerdctl run
* Add --log-driver=syslog
* Add --log-opt=log-path=<LOGPATH> option for json-file logging drivers
* Add --mac-address flag
* Support --pid=container:<CONTAINER>
* nerdctl build:
* Support --build-arg args without explicit value
* Support --output=DIR as an alias of --output type=local,dest=<DIR>
* nerdctl compose:
* Add nerdctl compose version command
* nerdctl-full:
* Update imgcrypt (1.1.7), BuildKit (0.10.5), stargz-snapshotter (0.12.1), Kubo (0.16.0)
++++ ovmf:
- Change the size of ovmf-x86_64 back to 2MB, and remove EFI shell to
reduce the fv image size.
- Originally the reason of changing the size of ovmf-x86_64 to 4MB is for
preventing OBS exposes the following error:
[ 266s] GenFv: ERROR 3000: Invalid
[ 266s] the required fv image size 0x1afed8 exceeds the set fv image size 0x1ac000
The fv image size is too big. But we found that change ovmf-x86_64 to 4MB causes
live migration problem on qemu. (bsc#1204220)
- So let's change the size of ovmf_x86_64 back to 2MB and remove EFI shell
to reduce the fv image size. If user wants to use EFI shell, they should move to
ovmf-x86_64-4m image. So we add the "-D EXCLUDE_SHELL" build option to ovmf-x86_64
flavor in ovmf.spec. (bsc#1204220)
------------------------------------------------------------------
------------------ 2022-11-11 - Nov 11 2022 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Linux 6.0.8 (bsc#1012628).
- usb: dwc3: gadget: Force sending delayed status during soft
disconnect (bsc#1012628).
- usb: dwc3: gadget: Don't delay End Transfer on delayed_status
(bsc#1012628).
- RDMA/cma: Use output interface for net_dev check (bsc#1012628).
- IB/hfi1: Correctly move list in sc_disable() (bsc#1012628).
- RDMA/hns: Disable local invalidate operation (bsc#1012628).
- RDMA/hns: Fix NULL pointer problem in free_mr_init()
(bsc#1012628).
- docs/process/howto: Replace C89 with C11 (bsc#1012628).
- RDMA/rxe: Fix mr leak in RESPST_ERR_RNR (bsc#1012628).
- NFSv4: Fix a potential state reclaim deadlock (bsc#1012628).
- NFSv4.1: Handle RECLAIM_COMPLETE trunking errors (bsc#1012628).
- NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot
(bsc#1012628).
- SUNRPC: Fix null-ptr-deref when xps sysfs alloc failed
(bsc#1012628).
- NFSv4.2: Fixup CLONE dest file size for zero-length count
(bsc#1012628).
- nfs4: Fix kmemleak when allocate slot failed (bsc#1012628).
- net: dsa: Fix possible memory leaks in dsa_loop_init()
(bsc#1012628).
- RDMA/core: Fix null-ptr-deref in ib_core_cleanup()
(bsc#1012628).
- RDMA/qedr: clean up work queue on failure in
qedr_alloc_resources() (bsc#1012628).
- tools/nolibc: Fix missing strlen() definition and infinite
loop with gcc-12 (bsc#1012628).
- net: dsa: fall back to default tagger if we can't load the
one from DT (bsc#1012628).
- nfc: fdp: Fix potential memory leak in fdp_nci_send()
(bsc#1012628).
- nfc: nxp-nci: Fix potential memory leak in nxp_nci_send()
(bsc#1012628).
- nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send()
(bsc#1012628).
- nfc: nfcmrvl: Fix potential memory leak in
nfcmrvl_i2c_nci_send() (bsc#1012628).
- net: fec: fix improper use of NETDEV_TX_BUSY (bsc#1012628).
- ata: pata_legacy: fix pdc20230_set_piomode() (bsc#1012628).
- ata: palmld: fix return value check in palmld_pata_probe()
(bsc#1012628).
- net: sched: Fix use after free in red_enqueue() (bsc#1012628).
- net: tun: fix bugs for oversize packet when napi frags enabled
(bsc#1012628).
- netfilter: nf_tables: netlink notifier might race to release
objects (bsc#1012628).
- netfilter: nf_tables: release flow rule object from commit path
(bsc#1012628).
- sfc: Fix an error handling path in efx_pci_probe()
(bsc#1012628).
- nfsd: fix nfsd_file_unhash_and_dispose (bsc#1012628).
- nfsd: fix net-namespace logic in __nfsd_file_cache_purge
(bsc#1012628).
- net: lan966x: Fix the MTU calculation (bsc#1012628).
- net: lan966x: Adjust maximum frame size when vlan is
enabled/disabled (bsc#1012628).
- net: lan966x: Fix FDMA when MTU is changed (bsc#1012628).
- net: lan966x: Fix unmapping of received frames using FDMA
(bsc#1012628).
- ipvs: use explicitly signed chars (bsc#1012628).
- ipvs: fix WARNING in __ip_vs_cleanup_batch() (bsc#1012628).
- ipvs: fix WARNING in ip_vs_app_net_cleanup() (bsc#1012628).
- rose: Fix NULL pointer dereference in rose_send_frame()
(bsc#1012628).
- mISDN: fix possible memory leak in mISDN_register_device()
(bsc#1012628).
- isdn: mISDN: netjet: fix wrong check of device registration
(bsc#1012628).
- btrfs: fix inode list leak during backref walking at
resolve_indirect_refs() (bsc#1012628).
- btrfs: fix inode list leak during backref walking at
find_parent_nodes() (bsc#1012628).
- btrfs: fix ulist leaks in error paths of qgroup self tests
(bsc#1012628).
- netfilter: ipset: enforce documented limit to prevent allocating
huge memory (bsc#1012628).
- Bluetooth: L2CAP: Fix use-after-free caused by
l2cap_reassemble_sdu (bsc#1012628).
- Bluetooth: hci_conn: Fix CIS connection dst_type handling
(bsc#1012628).
- Bluetooth: virtio_bt: Use skb_put to set length (bsc#1012628).
- Bluetooth: L2CAP: Fix memory leak in vhci_write (bsc#1012628).
- Bluetooth: hci_conn: Fix not restoring ISO buffer count on
disconnect (bsc#1012628).
- net: mdio: fix undefined behavior in bit shift for
__mdiobus_register (bsc#1012628).
- ibmvnic: Free rwi on reset success (bsc#1012628).
- stmmac: dwmac-loongson: fix invalid mdio_node (bsc#1012628).
- net/smc: Fix possible leaked pernet namespace in smc_init()
(bsc#1012628).
- net, neigh: Fix null-ptr-deref in neigh_table_clear()
(bsc#1012628).
- bridge: Fix flushing of dynamic FDB entries (bsc#1012628).
- ipv6: fix WARNING in ip6_route_net_exit_late() (bsc#1012628).
- vsock: fix possible infinite sleep in
vsock_connectible_wait_data() (bsc#1012628).
- iio: adc: stm32-adc: fix channel sampling time init
(bsc#1012628).
- media: rkisp1: Fix source pad format configuration
(bsc#1012628).
- media: rkisp1: Don't pass the quantization to
rkisp1_csm_config() (bsc#1012628).
- media: rkisp1: Initialize color space on resizer sink and
source pads (bsc#1012628).
- media: rkisp1: Use correct macro for gradient registers
(bsc#1012628).
- media: rkisp1: Zero v4l2_subdev_format fields in when validating
links (bsc#1012628).
- media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE (bsc#1012628).
- media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE
(bsc#1012628).
- media: dvb-frontends/drxk: initialize err to 0 (bsc#1012628).
- media: platform: cros-ec: Add Kuldax to the match table
(bsc#1012628).
- media: meson: vdec: fix possible refcount leak in vdec_probe()
(bsc#1012628).
- media: hantro: Store HEVC bit depth in context (bsc#1012628).
- media: hantro: HEVC: Fix auxilary buffer size calculation
(bsc#1012628).
- media: hantro: HEVC: Fix chroma offset computation
(bsc#1012628).
- media: v4l: subdev: Fail graciously when getting try data for
NULL state (bsc#1012628).
- drm/vc4: hdmi: Check the HSM rate at runtime_resume
(bsc#1012628).
- ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init()
(bsc#1012628).
- hwrng: bcm2835 - use hwrng_msleep() instead of cpu_relax()
(bsc#1012628).
- io_uring: don't iopoll from io_ring_ctx_wait_and_kill()
(bsc#1012628).
- scsi: core: Restrict legal sdev_state transitions via sysfs
(bsc#1012628).
- HID: saitek: add madcatz variant of MMO7 mouse device ID
(bsc#1012628).
- drm/amdgpu: set vm_update_mode=0 as default for Sienna Cichlid
in SRIOV case (bsc#1012628).
- drm/amd/pm: skip loading pptable from driver on secure board
for smu_v13_0_10 (bsc#1012628).
- drm/amdkfd: Fix type of reset_type parameter in hqd_destroy()
callback (bsc#1012628).
- drm/amdgpu: Program GC registers through RLCG interface in
gfx_v11/gmc_v11 (bsc#1012628).
- drm/amdgpu: dequeue mes scheduler during fini (bsc#1012628).
- nvme-pci: disable write zeroes on various Kingston SSD
(bsc#1012628).
- i2c: xiic: Add platform module alias (bsc#1012628).
- bio: safeguard REQ_ALLOC_CACHE bio put (bsc#1012628).
- clk: rs9: Fix I2C accessors (bsc#1012628).
- arm64: dts: imx8mm: Enable CPLD_Dn pull down resistor on
MX8Menlo (bsc#1012628).
- efi/tpm: Pass correct address to memblock_reserve (bsc#1012628).
- clk: renesas: r8a779g0: Fix HSCIF parent clocks (bsc#1012628).
- clk: qcom: Update the force mem core bit for GPU clocks
(bsc#1012628).
- arm64: dts: verdin-imx8mp: fix ctrl_sleep_moci (bsc#1012628).
- arm64: dts: imx8mm: remove otg1/2 power domain dependency on
hsio (bsc#1012628).
- arm64: dts: imx8mm: correct usb power domains (bsc#1012628).
- arm64: dts: imx8mn: remove otg1 power domain dependency on hsio
(bsc#1012628).
- arm64: dts: imx8mn: Correct the usb power domain (bsc#1012628).
- ARM: dts: imx6qdl-gw59{10,13}: fix user pushbutton GPIO offset
(bsc#1012628).
- arm64: dts: imx8: correct clock order (bsc#1012628).
- arm64: dts: imx93: add gpio clk (bsc#1012628).
- arm64: dts: imx93: correct gpio-ranges (bsc#1012628).
- arm64: dts: lx2160a: specify clock frequencies for the MDIO
controllers (bsc#1012628).
- arm64: dts: ls1088a: specify clock frequencies for the MDIO
controllers (bsc#1012628).
- arm64: dts: ls208xa: specify clock frequencies for the MDIO
controllers (bsc#1012628).
- drm/rockchip: dw_hdmi: filter regulator -EPROBE_DEFER error
messages (bsc#1012628).
- drm/rockchip: fix fbdev on non-IOMMU devices (bsc#1012628).
- drm/i915: stop abusing swiotlb_max_segment (bsc#1012628).
- ublk_drv: return flag of UBLK_F_URING_CMD_COMP_IN_TASK in case
of module (bsc#1012628).
- block: Fix possible memory leak for rq_wb on add_disk failure
(bsc#1012628).
- blk-mq: Fix kmemleak in blk_mq_init_allocated_queue
(bsc#1012628).
- ARM: dts: ux500: Add trips to battery thermal zones
(bsc#1012628).
- firmware: arm_scmi: Suppress the driver's bind attributes
(bsc#1012628).
- firmware: arm_scmi: Make Rx chan_setup fail on memory errors
(bsc#1012628).
- firmware: arm_scmi: Fix devres allocation device in virtio
transport (bsc#1012628).
- firmware: arm_scmi: Fix deferred_tx_wq release on error paths
(bsc#1012628).
- arm64: dts: juno: Add thermal critical trip points
(bsc#1012628).
- i2c: piix4: Fix adapter not be removed in piix4_remove()
(bsc#1012628).
- Bluetooth: L2CAP: Fix accepting connection request for invalid
SPSM (bsc#1012628).
- Bluetooth: L2CAP: Fix attempting to access uninitialized memory
(bsc#1012628).
- fscrypt: stop using keyrings subsystem for fscrypt_master_key
(bsc#1012628).
- fscrypt: fix keyring memory leak on mount failure (bsc#1012628).
- clk: renesas: r8a779g0: Add SASYNCPER clocks (bsc#1012628).
- btrfs: fix lost file sync on direct IO write with nowait and
dsync iocb (bsc#1012628).
- btrfs: fix tree mod log mishandling of reallocated nodes
(bsc#1012628).
- btrfs: fix type of parameter generation in btrfs_get_dentry
(bsc#1012628).
- btrfs: don't use btrfs_chunk::sub_stripes from disk
(bsc#1012628).
- btrfs: fix a memory allocation failure test in
btrfs_submit_direct (bsc#1012628).
- ACPI: NUMA: Add CXL CFMWS 'nodes' to the possible nodes set
(bsc#1012628).
- cxl/pmem: Fix cxl_pmem_region and cxl_memdev leak (bsc#1012628).
- cxl/region: Fix decoder allocation crash (bsc#1012628).
- cxl/region: Fix region HPA ordering validation (bsc#1012628).
- cxl/region: Fix cxl_region leak, cleanup targets at region
delete (bsc#1012628).
- cxl/region: Fix 'distance' calculation with passthrough ports
(bsc#1012628).
- ftrace: Fix use-after-free for dynamic ftrace_ops (bsc#1012628).
- tracing/fprobe: Fix to check whether fprobe is registered
correctly (bsc#1012628).
- fprobe: Check rethook_alloc() return in rethook initialization
(bsc#1012628).
- tracing: kprobe: Fix memory leak in
test_gen_kprobe/kretprobe_cmd() (bsc#1012628).
- kprobe: reverse kp->flags when arm_kprobe failed (bsc#1012628).
- tools/nolibc/string: Fix memcmp() implementation (bsc#1012628).
- tracing/histogram: Update document for KEYS_MAX size
(bsc#1012628).
- capabilities: fix potential memleak on error path from
vfs_getxattr_alloc() (bsc#1012628).
- fuse: add file_modified() to fallocate (bsc#1012628).
- fuse: fix readdir cache race (bsc#1012628).
- selftests/landlock: Build without static libraries
(bsc#1012628).
- efi: random: reduce seed size to 32 bytes (bsc#1012628).
- efi: random: Use 'ACPI reclaim' memory for random seed
(bsc#1012628).
- efi: efivars: Fix variable writes with unsupported
query_variable_store() (bsc#1012628).
- net/ulp: remove SOCK_SUPPORT_ZC from tls sockets (bsc#1012628).
- arm64: entry: avoid kprobe recursion (bsc#1012628).
- ARM: dts: imx6dl-yapp4: Do not allow PM to switch PU regulator
off on Q/QP (bsc#1012628).
- perf/x86/intel: Fix pebs event constraints for ICL
(bsc#1012628).
- perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes[]
(bsc#1012628).
- perf/x86/intel: Fix pebs event constraints for SPR
(bsc#1012628).
- net: remove SOCK_SUPPORT_ZC from sockmap (bsc#1012628).
- net: also flag accepted sockets supporting msghdr originated
zerocopy (bsc#1012628).
- parisc: Make 8250_gsc driver dependend on CONFIG_PARISC
(bsc#1012628).
- parisc: Export iosapic_serial_irq() symbol for serial port
driver (bsc#1012628).
- parisc: Avoid printing the hardware path twice (bsc#1012628).
- ext4: fix warning in 'ext4_da_release_space' (bsc#1012628).
- ext4: fix BUG_ON() when directory entry has invalid rec_len
(bsc#1012628).
- ext4: update the backup superblock's at the end of the online
resize (bsc#1012628).
- x86/tdx: Prepare for using "INFO" call for a second purpose
(bsc#1012628).
- x86/tdx: Panic on bad configs that #VE on "private" memory
access (bsc#1012628).
- x86/syscall: Include asm/ptrace.h in syscall_wrapper header
(bsc#1012628).
- KVM: x86: Mask off reserved bits in CPUID.80000006H
(bsc#1012628).
- KVM: x86: Mask off reserved bits in CPUID.8000001AH
(bsc#1012628).
- KVM: x86: Mask off reserved bits in CPUID.80000008H
(bsc#1012628).
- KVM: x86: Mask off reserved bits in CPUID.80000001H
(bsc#1012628).
- KVM: x86: Mask off reserved bits in CPUID.8000001FH
(bsc#1012628).
- KVM: VMX: Advertise PMU LBRs if and only if perf supports LBRs
(bsc#1012628).
- KVM: VMX: Fold vmx_supported_debugctl() into
vcpu_supported_debugctl() (bsc#1012628).
- KVM: VMX: Ignore guest CPUID for host userspace writes to
DEBUGCTL (bsc#1012628).
- KVM: VMX: fully disable SGX if SECONDARY_EXEC_ENCLS_EXITING
unavailable (bsc#1012628).
- KVM: Initialize gfn_to_pfn_cache locks in dedicated helper
(bsc#1012628).
- KVM: Reject attempts to consume or refresh inactive
gfn_to_pfn_cache (bsc#1012628).
- KVM: arm64: Fix bad dereference on MTE-enabled systems
(bsc#1012628).
- KVM: arm64: Fix SMPRI_EL1/TPIDR2_EL0 trapping on VHE
(bsc#1012628).
- KVM: x86: smm: number of GPRs in the SMRAM image depends on
the image format (bsc#1012628).
- KVM: x86: emulator: em_sysexit should update ctxt->mode
(bsc#1012628).
- KVM: x86: emulator: update the emulation mode after CR0 write
(bsc#1012628).
- ext4,f2fs: fix readahead of verity data (bsc#1012628).
- cifs: fix regression in very old smb1 mounts (bsc#1012628).
- drm/rockchip: dsi: Clean up 'usage_mode' when failing to attach
(bsc#1012628).
- drm/rockchip: dsi: Force synchronous probe (bsc#1012628).
- drm/amdgpu: disable GFXOFF during compute for GFX11
(bsc#1012628).
- drm/amd/display: Update latencies on DCN321 (bsc#1012628).
- drm/amd/display: Update DSC capabilitie for DCN314
(bsc#1012628).
- drm/i915/sdvo: Filter out invalid outputs more sensibly
(bsc#1012628).
- drm/i915/sdvo: Setup DDC fully before output init (bsc#1012628).
- commit 1579d93
++++ libX11:
- Update to version 1.8.2
* This is primarily a bug fix release, including further work on
improving the thread-safety-constructor and making it work with
software which had incorrectly called libX11 functions from
inside X*IfEvent() calls.
- supersedes U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch
++++ mozilla-nss:
- update to NSS 3.84
* bmo#1791699 - Bump minimum NSPR version to 4.35
* bmo#1792103 - Add a flag to disable building libnssckbi.
++++ lcms2:
- Added reverse-0001-fix-memory-leaks-on-testbed.patch to fix
colord's i586 build failure
++++ libslirp:
- added patches
fix https://gitlab.freedesktop.org/slirp/libslirp/-/issues/64
+ libslirp-semicolon.patch
++++ libvirt:
- tests: Fix libxlxml2domconfigtest
f81ee7b5-tests-Fix-libxlxml2domconfigtest.patch
bsc#1205204
++++ python-testtools:
- silent rpmlint
- python-six is not required
------------------------------------------------------------------
------------------ 2022-11-10 - Nov 10 2022 -------------------
------------------------------------------------------------------
++++ cni:
- Update to version 1.1.2:
* spec: fix format
* libcni: handle empty version when parsing version
* [exec-plugins]: support plugin lists
This is a minor update to the CNI libraries and tooling.
This does not bump the protocol / spec version, which remains at v1.0.0
++++ libnftnl:
- Update to release 1.2.4
* rule, set_elem: remove trailing \n in userdata snprintf
* libnftnl: Fix res_id byte order
++++ openssh:
- Update openssh-8.1p1-audit.patch: Merge fix for race condition
(bsc#1115550, bsc#1174162).
- Add openssh-do-not-send-empty-message.patch, which prevents
superfluous newlines with empty MOTD files (bsc#1192439).
------------------------------------------------------------------
------------------ 2022-11-9 - Nov 9 2022 -------------------
------------------------------------------------------------------
++++ bash:
- Add upstream patches
* bash52-003
Command substitutions need to preserve newlines instead of replacing them
with semicolons, especially in the presence of multiple here-documents.
* bash52-004
Bash needs to keep better track of nested brace expansions to avoid problems
with quoting and POSIX semantics.
* bash52-005
Null pattern substitution replacement strings can cause a crash.
* bash52-006
In interactive shells, interrupting the shell while entering a command
substitution can inhibit alias expansion.
* bash52-007
This patch fixes several problems with alias expansion inside command
substitutions when in POSIX mode.
* bash52-008
Array subscript expansion can inappropriately quote brackets if the expression
contains < or >.
* bash52-009
Bash arithmetic expansion should allow `@' and `*' to be used as associative
array keys in expressions.
++++ elfutils:
- align patches section
- remove date/time handling weirdness, elfutils does no longer
use __DATE__ or __TIME__ (as proven by the newly added -Werror=date-time)
++++ kernel-default:
- Refresh
patches.suse/Bluetooth-L2CAP-fix-use-after-free-in-l2cap_conn_del.patch.
Update upstream status.
- commit 9a7c768
- Delete synaptics touchpad workaround patch (bsc#1194086)
This was confirmed to be superfluous now
- commit 4ff425d
- Update config files for enabling CONFIG_SECONDARY_TRUSTED_KEYRING
In some architectures, e.g. ppc64, riscv64, x86_64, we have enabled the
CONFIG_SECONDARY_TRUSTED_KEYRING and children kernel config. But we didn't
enable it in other architectures.
In the future, the CONFIG_SECONDARY_TRUSTED_KEYRING will be used with
IMA in different architectures. So let's enable it in Tumbleweed in
all architectures to align with SLE/Leap. Then user can use it for
preparing IMA functions with secondary trusted keyring. (bsc#1203739)
- commit c0a1875
++++ polkit:
- read actions also from /etc/polkit-1/actions (jsc#PED-1405)
added polkit-actions-in-etc.patch
++++ python310-core:
- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
extremely long domain names.
++++ python310:
- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
extremely long domain names.
++++ python-pyzmq:
- Fix build with OpenSSL 3.0 [bsc#1205042]
* Temporarily disable test_on_recv_basic
------------------------------------------------------------------
------------------ 2022-11-8 - Nov 8 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- third bugfix release
* some regressions in CI worked out
* a bit of everything, and nothing too crazy
- supersedes u_0001-gallivm-Fix-LLVM-optimization-with-the-new-pass-mana.patch
- supersedes u_nouveau-corrupted-colors-boo1203949.patch
- get rid of Mesa-libVulkan-devel(-32bit) package, which is no
longer needed at all by providing/obsoleting it by
libvulkan_intel
++++ Mesa-drivers:
- third bugfix release
* some regressions in CI worked out
* a bit of everything, and nothing too crazy
- supersedes u_0001-gallivm-Fix-LLVM-optimization-with-the-new-pass-mana.patch
- supersedes u_nouveau-corrupted-colors-boo1203949.patch
- get rid of Mesa-libVulkan-devel(-32bit) package, which is no
longer needed at all by providing/obsoleting it by
libvulkan_intel
++++ fontconfig:
- update to 2.14.1:
* Bump the cache version to 8 in doc/fontconfig-user.sgm
* Enable 10-sub-pixel-rgb.conf by default
* build fixes and translation updates
* Avoid misuse of ctype
++++ gnutls:
- Verify only the libgnutls library HMAC [bsc#1199881]
* Do not use the brp-50-generate-fips-hmac script as this
is now calculated with the internal fipshmac tool.
* Add gnutls-verify-library-HMAC.patch
++++ kernel-default:
- Move upstreamed tracing patch into sorted section
- commit de51707
- ALSA: usb-audio: Remove redundant workaround for Roland quirk
(bsc#1205111).
- ALSA: usb-audio: Yet more regression for for the delayed card
registration (bsc#1205111).
- commit 0d318d5
++++ libbpf:
- Fix out-of-bound heap write (boo#1194248 boo#1194249 CVE-2021-45940 CVE-2021-45941)
+ libbpf-Use-elf_getshdrnum-instead-of-e_shnum.patch
- Fix use-after-free in btf_dump_name_dups (boo#1204391 CVE-2022-3534)
+ libbpf-Fix-use-after-free-in-btf_dump_name_dups.patch
- Fix memory leak in parse_usdt_arg() (boo#1204393 CVE-2022-3533)
+ libbpf-Fix-memory-leak-in-parse_usdt_arg.patch
- Fix null pointer dereference in find_prog_by_sec_insn() (boo#1204502 CVE-2022-3606)
+ libbpf-Fix-null-pointer-dereference-in-find_prog_by_.patch
++++ gpgme:
- Add gpgme-suse-nobetasuffix.patch
* remove "-unknown" suffix from version string
* boo#1205197
++++ lcms2:
- Update to 2.14:
* lcms2 now implements ICC specification 4.4
* New multi-threaded plug-in
* Several fixes to keep fuzzers happy
* Removed check on DLL when CMS_NO_REGISTER_KEYWORD is used
* Added more validation against broken profiles
* Added more help to several tools
* Revised documentation
++++ shadow:
- Update to 4.13:
* useradd.8: fix default group ID
* Revert drop of subid_init()
* Georgian translation
* useradd: Avoid taking unneeded space: do not reset non-existent data
in lastlog
* relax username restrictions
* selinux: check MLS enabled before setting serange
* copy_tree: use fchmodat instead of chmod
* copy_tree: don't block on FIFOs
* add shell linter
* copy_tree: carefully treat permissions
* lib/commonio: make lock failures more detailed
* lib: use strzero and memzero where applicable
* Update Dutch translation
* Don't test for NULL before calling free
* Use libc MAX() and MIN()
* chage: Fix regression in print_date
* usermod: report error if homedir does not exist
* libmisc: minimum id check for system accounts
* fix usermod -rG x y wrongly adding a group
* man: add missing space in useradd.8.xml
* lastlog: check for localtime() return value
* Raise limit for passwd and shadow entry length
* Remove adduser-old.c
* useradd: Fix buffer overflow when using a prefix
* Don't warn when failed to open /etc/nsswitch.conf
- Remove patches we took from upstream pre-release:
* shadow-copytree-usermod-fifo.patch
* shadow-chage-format.patch
* shadow-prefix-overflow.patch
- Remove chkname-regex.patch:
Upstream now also relaxed the usernames requirements.
They don't use regex for this but the result is similar.
Plus they also check that the name is less than 32 characters long.
- Rebase useradd-userkeleton.patch
++++ systemd:
- Import commit 9cdd78585069b133bebcd479f3a204057ad25d76 (merge of v251.8)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/c212388f7de8d22a3f7c22b19553548ccc0cdd15...9cdd78585069b133bebcd479f3a204057ad25d76
++++ pcr-oracle:
- Establish pcr-oracle as standalone package, apart from fde-tools
------------------------------------------------------------------
------------------ 2022-11-7 - Nov 7 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- Release 22.2.2 covers bugfixes for bsc#1197045,bsc#1197046,bsc#1200965,bsc#1202850
++++ Mesa-drivers:
- Release 22.2.2 covers bugfixes for bsc#1197045,bsc#1197046,bsc#1200965,bsc#1202850
++++ NetworkManager:
- Keep netconfig support. The rc-manager auto detection will select
appropriate manager during runtime.
++++ elfutils:
- Update to version 0.188:
* readelf: Add -D, --use-dynamic option.
* debuginfod-client: Add $DEBUGINFOD_HEADERS_FILE setting to supply
outgoing debuginfod_find_section.
* debuginfod: Add --disable-source-scan option.
* libdwfl: Add new function dwfl_get_debuginfod_client.
Add new function dwfl_frame_reg.
Add new function dwfl_report_offline_memory.
- Remove upstreamed patches:
* 0001-libelf-Sync-elf.h-from-glibc.patch
* 0002-backends-Handle-new-RISC-V-specific-definitions.patch
* 0003-elflint-Allow-zero-p_memsz-for-PT_RISCV_ATTRIBUTES.patch
* 0004-readelf-Handle-SHT_RISCV_ATTRIBUTES-like-SHT_GNU_ATT.patch
* PR29474-debuginfod.patch
* config-Move-the-2-dev-null-inside-the-sh-c-quotes-fo.patch
* support-nullglob-in-profile.-.in-files.patch
++++ libepoxy:
- needed by jira#PED-1174 (Mesa needs sync with Xserver, which
then needs updated libepoxy)
++++ ncurses:
- Add ncurses patch 20221105
+ regenerate configure scripts with autoconf 2.52.20221009
+ modify "--with-manpage-format" to support bzip2 and xz compression
(prompted by discussion with Sam James).
+ modify make-tar.sh scripts to make timestamps more predictable.
++++ shadow:
- Add shadow-copytree-usermod-fifo.patch:
Fix regression that prevented `usermod -m` to work when their
home directory contained at least one fifo
See https://github.com/shadow-maint/shadow/pull/565
++++ libzypp:
- Create '.no_auto_prune' in the package cache dir to prevent auto
cleanup of orphaned repositories (bsc#1204956)
- properly reset range requests (bsc#1204548)
- version 17.31.5 (22)
++++ python-M2Crypto:
- add openssl-stop-parsing-header.patch (bsc#1205042)
- add m2crypto-0.38-ossl3-tests.patch
++++ python-psutil:
- update to version 5.9.4:
* Enhancements
- 2102: use Limited API when building wheels with CPython 3.6+ on Linux,
macOS and Windows. This allows to use pre-built wheels in all future
versions of cPython 3. (patch by Matthieu Darbois)
* Bug fixes
- 2077, [Windows]: Use system-level values for virtual_memory().
(patch by Daniel Widdis)
- 2156, [Linux]: compilation may fail on very old gcc compilers due to
missing SPEED_UNKNOWN definition. (patch by Amir Rossert)
- 2010, [macOS]: on MacOS, arm64 IFM_1000_TX and IFM_1000_T are
the same value, causing a build failure. (patch by Lawrence D'Anna)
++++ sed:
- GNU sed 4.9:
* 'sed --follow-symlinks -i' no longer loops forever when its
operand is a symbolic link cycle.
* a program with an execution line longer than 2GB can no longer
trigger an out-of-bounds memory write.
* using the R command to read an input line of length longer than
2GB can no longer trigger an out-of-bounds memory read.
* In locales using UTF-8 encoding, the regular expression '.' no
longer sometimes fails to match Unicode characters U+D400
through U+D7FF (some Hangul Syllables, and Hangul Jamo
Extended-B) and Unicode characters U+108000 through U+10FFFF
(half of Supplemental Private Use Area plane B).
* I/O errors involving temp files no longer confuse sed into
using a FILE * pointer after fclosing it, which has undefined
behavior in C.
* New: The 'r' command now accepts address 0, allowing inserting
a file before the first line.
* Sed now prints the less-surprising variant in a corner case of
POSIX-unspecified behavior. Before, this would print "n".
Now, it prints "X":
printf n | sed 'sn\nnXn'; echo
- drop patches now upstream:
* gnulib-test-avoid-FP-perror-strerror.patch
* sed-dont_close_twice.patch
- disable profile guided optimization in build due to what seems to
be a bug in gnulib
++++ virt-manager:
- Refresh test skips
- Drop the very old "Obsoletes: python-virtinst <= 0.600.4"
virt-manager.spec
++++ zypper:
- Update man page and explain '.no_auto_prune' (bsc#1204956)
- Allow to (re)add a service with the same URL (bsc#1203715)
- Explain outdatedness of repos (fixes #463)
- BuildRequires: libzypp-devel >= 17.31.5
- version 1.14.58
------------------------------------------------------------------
------------------ 2022-11-6 - Nov 6 2022 -------------------
------------------------------------------------------------------
++++ llvm15:
- Update to version 15.0.4.
* This release contains bug-fixes for the LLVM 15.0.0 release.
This release is API and ABI compatible with 15.0.0.
- Rebase llvm-do-not-install-static-libraries.patch.
------------------------------------------------------------------
------------------ 2022-11-4 - Nov 4 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- build against llvm15/clang15 on sle15-sp5/Leap 15.5
++++ Mesa-drivers:
- build against llvm15/clang15 on sle15-sp5/Leap 15.5
++++ conmon:
- Add patch to fix build with make >= 4.4:
* 0001-Fix-tools-Makefile-with-GNU-make-4.4.patch
++++ kernel-default:
- Update config files.
- commit bd8c959
- Linux 6.0.7 (bsc#1012628).
- platform/x86/amd: pmc: remove CONFIG_DEBUG_FS checks
(bsc#1012628).
- can: j1939: transport: j1939_session_skb_drop_old():
spin_unlock_irqrestore() before kfree_skb() (bsc#1012628).
- can: kvaser_usb: Fix possible completions during init_completion
(bsc#1012628).
- can: rcar_canfd: rcar_canfd_handle_global_receive(): fix IRQ
storm on global FIFO receive (bsc#1012628).
- can: rcar_canfd: fix channel specific IRQ handling for RZ/G2L
(bsc#1012628).
- ALSA: Use del_timer_sync() before freeing timer (bsc#1012628).
- ALSA: usb-audio: Add quirks for M-Audio Fast Track C400/600
(bsc#1012628).
- ALSA: control: add snd_ctl_rename() (bsc#1012628).
- ALSA: hda/realtek: Use snd_ctl_rename() to rename a control
(bsc#1012628).
- ALSA: emu10k1: Use snd_ctl_rename() to rename a control
(bsc#1012628).
- ALSA: ac97: Use snd_ctl_rename() to rename a control
(bsc#1012628).
- ALSA: usb-audio: Use snd_ctl_rename() to rename a control
(bsc#1012628).
- ALSA: ca0106: Use snd_ctl_rename() to rename a control
(bsc#1012628).
- ALSA: au88x0: use explicitly signed char (bsc#1012628).
- ALSA: rme9652: use explicitly signed char (bsc#1012628).
- USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM
(bsc#1012628).
- usb: gadget: uvc: limit isoc_sg to super speed gadgets
(bsc#1012628).
- Revert "usb: gadget: uvc: limit isoc_sg to super speed gadgets"
(bsc#1012628).
- usb: gadget: uvc: fix dropped frame after missed isoc
(bsc#1012628).
- usb: gadget: uvc: fix sg handling in error case (bsc#1012628).
- usb: gadget: uvc: fix sg handling during video encode
(bsc#1012628).
- usb: gadget: aspeed: Fix probe regression (bsc#1012628).
- usb: dwc3: gadget: Stop processing more requests on IMI
(bsc#1012628).
- usb: dwc3: gadget: Don't set IMI for no_interrupt (bsc#1012628).
- usb: dwc3: gadget: Force sending delayed status during soft
disconnect (bsc#1012628).
- usb: dwc3: gadget: Don't delay End Transfer on delayed_status
(bsc#1012628).
- usb: typec: ucsi: Check the connection on resume (bsc#1012628).
- usb: typec: ucsi: acpi: Implement resume callback (bsc#1012628).
- usb: dwc3: st: Rely on child's compatible instead of name
(bsc#1012628).
- usb: dwc3: Don't switch OTG -> peripheral if extcon is present
(bsc#1012628).
- usb: bdc: change state when port disconnected (bsc#1012628).
- usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being
a V0.96 controller (bsc#1012628).
- mtd: rawnand: tegra: Fix PM disable depth imbalance in probe
(bsc#1012628).
- mtd: spi-nor: core: Ignore -ENOTSUPP in spi_nor_init()
(bsc#1012628).
- mtd: parsers: bcm47xxpart: Fix halfblock reads (bsc#1012628).
- mtd: rawnand: marvell: Use correct logic for nand-keep-config
(bsc#1012628).
- squashfs: fix read regression introduced in readahead code
(bsc#1012628).
- squashfs: fix extending readahead beyond end of file
(bsc#1012628).
- squashfs: fix buffer release race condition in readahead code
(bsc#1012628).
- xhci: Add quirk to reset host back to default state at shutdown
(bsc#1012628).
- xhci-pci: Set runtime PM as default policy on all xHC 1.2 or
later devices (bsc#1012628).
- xhci: Remove device endpoints from bandwidth list when freeing
the device (bsc#1012628).
- tools: iio: iio_utils: fix digit calculation (bsc#1012628).
- iio: light: tsl2583: Fix module unloading (bsc#1012628).
- iio: temperature: ltc2983: allocate iio channels once
(bsc#1012628).
- iio: adxl372: Fix unsafe buffer attributes (bsc#1012628).
- iio: adxl367: Fix unsafe buffer attributes (bsc#1012628).
- fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards
(bsc#1012628).
- fbdev: smscufx: Fix several use-after-free bugs (bsc#1012628).
- cpufreq: intel_pstate: Read all MSRs on the target CPU
(bsc#1012628).
- cpufreq: intel_pstate: hybrid: Use known scaling factor for
P-cores (bsc#1012628).
- fs/binfmt_elf: Fix memory leak in load_elf_binary()
(bsc#1012628).
- exec: Copy oldsighand->action under spin-lock (bsc#1012628).
- mac802154: Fix LQI recording (bsc#1012628).
- scsi: qla2xxx: Use transport-defined speed mask for
supported_speeds (bsc#1012628).
- drm/i915: Extend Wa_1607297627 to Alderlake-P (bsc#1012628).
- drm/amdgpu: Remove ATC L2 access for MMHUB 2.1.x (bsc#1012628).
- drm/amdgpu: disallow gfxoff until GC IP blocks complete s2idle
resume (bsc#1012628).
- drm/amdgpu: fix pstate setting issue (bsc#1012628).
- drm/amd/display: Revert logic for plane modifiers (bsc#1012628).
- drm/amdkfd: update gfx1037 Lx cache setting (bsc#1012628).
- drm/amdkfd: correct the cache info for gfx1036 (bsc#1012628).
- drm/msm: fix use-after-free on probe deferral (bsc#1012628).
- drm/msm/dsi: fix memory corruption with too many bridges
(bsc#1012628).
- drm/msm/hdmi: fix memory corruption with too many bridges
(bsc#1012628).
- drm/msm/hdmi: fix IRQ lifetime (bsc#1012628).
- drm/msm/dp: fix memory corruption with too many bridges
(bsc#1012628).
- drm/msm/dp: fix aux-bus EP lifetime (bsc#1012628).
- drm/msm/dp: fix IRQ lifetime (bsc#1012628).
- drm/msm/dp: fix bridge lifetime (bsc#1012628).
- crypto: x86/polyval - Fix crashes when keys are not 16-byte
aligned (bsc#1012628).
- random: use arch_get_random*_early() in random_init()
(bsc#1012628).
- coresight: cti: Fix hang in cti_disable_hw() (bsc#1012628).
- mmc: sdhci_am654: 'select', not 'depends' REGMAP_MMIO
(bsc#1012628).
- mmc: block: Remove error check of hw_reset on reset
(bsc#1012628).
- mmc: queue: Cancel recovery work on cleanup (bsc#1012628).
- mmc: core: Fix kernel panic when remove non-standard SDIO card
(bsc#1012628).
- mmc: core: Fix WRITE_ZEROES CQE handling (bsc#1012628).
- mmc: sdhci-pci-core: Disable ES for ASUS BIOS on Jasper Lake
(bsc#1012628).
- mmc: sdhci-esdhc-imx: Propagate ESDHC_FLAG_HS400* only on 8bit
bus (bsc#1012628).
- counter: microchip-tcb-capture: Handle Signal1 read and Synapse
(bsc#1012628).
- counter: 104-quad-8: Fix race getting function mode and
direction (bsc#1012628).
- mm/uffd: fix vma check on userfault for wp (bsc#1012628).
- mm: migrate: fix return value if all subpages of THPs are
migrated successfully (bsc#1012628).
- mm,madvise,hugetlb: fix unexpected data loss with MADV_DONTNEED
on hugetlbfs (bsc#1012628).
- mm/kmemleak: prevent soft lockup in kmemleak_scan()'s object
iteration loops (bsc#1012628).
- mm/huge_memory: do not clobber swp_entry_t during THP split
(bsc#1012628).
- mm: prep_compound_tail() clear page->private (bsc#1012628).
- kernfs: fix use-after-free in __kernfs_remove (bsc#1012628).
- Revert "dt-bindings: pinctrl-zynqmp: Add output-enable
configuration" (bsc#1012628).
- pinctrl: Ingenic: JZ4755 bug fixes (bsc#1012628).
- Revert "pinctrl: pinctrl-zynqmp: Add support for output-enable
and bias-high-impedance" (bsc#1012628).
- ARC: mm: fix leakage of memory allocated for PTE (bsc#1012628).
- perf auxtrace: Fix address filter symbol name match for modules
(bsc#1012628).
- s390/boot: add secure boot trailer (bsc#1012628).
- s390/cio: fix out-of-bounds access on cio_ignore free
(bsc#1012628).
- s390/uaccess: add missing EX_TABLE entries to __clear_user()
(bsc#1012628).
- s390/futex: add missing EX_TABLE entry to __futex_atomic_op()
(bsc#1012628).
- s390/pci: add missing EX_TABLE entries to
__pcistg_mio_inuser()/__pcilg_mio_inuser() (bsc#1012628).
- ethtool: eeprom: fix null-deref on genl_info in dump
(bsc#1012628).
- fbdev/core: Avoid uninitialized read in
aperture_remove_conflicting_pci_device() (bsc#1012628).
- ACPI: PCC: Fix unintentional integer overflow (bsc#1012628).
- powerpc/64s/interrupt: Fix clear of PACA_IRQS_HARD_DIS when
returning to soft-masked context (bsc#1012628).
- net: ieee802154: fix error return code in dgram_bind()
(bsc#1012628).
- media: amphion: release m2m ctx when releasing vpu instance
(bsc#1012628).
- media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation
(bsc#1012628).
- media: ar0521: fix error return code in ar0521_power_on()
(bsc#1012628).
- media: ar0521: Fix return value check in writing initial
registers (bsc#1012628).
- media: ov8865: Fix an error handling path in ov8865_probe()
(bsc#1012628).
- media: sun6i-mipi-csi2: Depend on PHY_SUN6I_MIPI_DPHY
(bsc#1012628).
- media: atomisp: prevent integer overflow in
sh_css_set_black_frame() (bsc#1012628).
- media: sunxi: Fix some error handling path of
sun8i_a83t_mipi_csi2_probe() (bsc#1012628).
- media: sunxi: Fix some error handling path of
sun6i_mipi_csi2_probe() (bsc#1012628).
- media: sun6i-mipi-csi2: Add a Kconfig dependency on
RESET_CONTROLLER (bsc#1012628).
- media: sun8i-a83t-mipi-csi2: Add a Kconfig dependency on
RESET_CONTROLLER (bsc#1012628).
- media: sun6i-csi: Add a Kconfig dependency on RESET_CONTROLLER
(bsc#1012628).
- media: sun4i-csi: Add a Kconfig dependency on RESET_CONTROLLER
(bsc#1012628).
- media: sun8i-di: Add a Kconfig dependency on RESET_CONTROLLER
(bsc#1012628).
- media: sun8i-rotate: Add a Kconfig dependency on
RESET_CONTROLLER (bsc#1012628).
- media: cedrus: Add a Kconfig dependency on RESET_CONTROLLER
(bsc#1012628).
- drm/msm/a6xx: Replace kcalloc() with kvzalloc() (bsc#1012628).
- drm/msm/dp: add atomic_check to bridge ops (bsc#1012628).
- drm/msm: Fix return type of mdp4_lvds_connector_mode_valid
(bsc#1012628).
- drm/msm/dp: cleared DP_DOWNSPREAD_CTRL register before start
link training (bsc#1012628).
- ASoC: codec: tlv320adc3xxx: add GPIOLIB dependency
(bsc#1012628).
- KVM: selftests: Fix number of pages for memory slot in
memslot_modification_stress_test (bsc#1012628).
- ASoC: qcom: lpass-cpu: mark HDMI TX registers as volatile
(bsc#1012628).
- drm/msm/a6xx: Fix kvzalloc vs state_kcalloc usage (bsc#1012628).
- erofs: fix illegal unmapped accesses in
z_erofs_fill_inode_lazy() (bsc#1012628).
- erofs: fix up inplace decompression success rate (bsc#1012628).
- pinctrl: qcom: Avoid glitching lines when we first mux to output
(bsc#1012628).
- spi: qup: support using GPIO as chip select line (bsc#1012628).
- x86/fpu: Configure init_fpstate attributes orderly
(bsc#1012628).
- x86/fpu: Fix the init_fpstate size check with the actual size
(bsc#1012628).
- x86/fpu: Exclude dynamic states from init_fpstate (bsc#1012628).
- perf: Fix missing SIGTRAPs (bsc#1012628).
- sched/core: Fix comparison in sched_group_cookie_match()
(bsc#1012628).
- bpf: prevent decl_tag from being referenced in func_proto
(bsc#1012628).
- arc: iounmap() arg is volatile (bsc#1012628).
- mtd: core: add missing of_node_get() in dynamic partitions code
(bsc#1012628).
- mtd: rawnand: intel: Remove unused nand_pa member from
ebu_nand_cs (bsc#1012628).
- mtd: rawnand: intel: Use devm_platform_ioremap_resource_byname()
(bsc#1012628).
- mtd: rawnand: intel: Add missing of_node_put() in
ebu_nand_probe() (bsc#1012628).
- pinctrl: ocelot: Fix incorrect trigger of the interrupt
(bsc#1012628).
- ASoC: codecs: tlv320adc3xxx: Wrap adc3xxx_i2c_remove() in
__exit_p() (bsc#1012628).
- ASoC: SOF: Intel: pci-mtl: fix firmware name (bsc#1012628).
- selftests/ftrace: fix dynamic_events dependency check
(bsc#1012628).
- spi: aspeed: Fix window offset of CE1 (bsc#1012628).
- ASoC: qcom: lpass-cpu: Mark HDMI TX parity register as volatile
(bsc#1012628).
- ASoC: Intel: common: add ACPI matching tables for Raptor Lake
(bsc#1012628).
- ASoC: SOF: Intel: pci-tgl: use RPL specific firmware definitions
(bsc#1012628).
- ASoC: SOF: Intel: pci-tgl: fix ADL-N descriptor (bsc#1012628).
- ALSA: ac97: fix possible memory leak in snd_ac97_dev_register()
(bsc#1012628).
- perf/x86/intel/lbr: Use setup_clear_cpu_cap() instead of
clear_cpu_cap() (bsc#1012628).
- rcu: Keep synchronize_rcu() from enabling irqs in early boot
(bsc#1012628).
- tipc: fix a null-ptr-deref in tipc_topsrv_accept (bsc#1012628).
- net: netsec: fix error handling in netsec_register_mdio()
(bsc#1012628).
- net: lan966x: Fix the rx drop counter (bsc#1012628).
- selftests: net: Fix cross-tree inclusion of scripts
(bsc#1012628).
- selftests: net: Fix netdev name mismatch in cleanup
(bsc#1012628).
- net: hinic: fix incorrect assignment issue in
hinic_set_interrupt_cfg() (bsc#1012628).
- net: hinic: fix memory leak when reading function table
(bsc#1012628).
- net: hinic: fix the issue of CMDQ memory leaks (bsc#1012628).
- net: hinic: fix the issue of double release MBOX callback of VF
(bsc#1012628).
- net: macb: Specify PHY PM management done by MAC (bsc#1012628).
- nfc: virtual_ncidev: Fix memory leak in virtual_nci_send()
(bsc#1012628).
- RISC-V: KVM: Provide UAPI for Zicbom block size (bsc#1012628).
- RISC-V: Fix compilation without RISCV_ISA_ZICBOM (bsc#1012628).
- RISC-V: KVM: Fix kvm_riscv_vcpu_timer_pending() for Sstc
(bsc#1012628).
- x86/unwind/orc: Fix unreliable stack dump with gcov
(bsc#1012628).
- drm/bridge: ps8640: Add back the 50 ms mystery delay after HPD
(bsc#1012628).
- x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly
(bsc#1012628).
- amd-xgbe: Yellow carp devices do not need rrc (bsc#1012628).
- amd-xgbe: fix the SFP compliance codes check for DAC cables
(bsc#1012628).
- amd-xgbe: add the bit rate quirk for Molex cables (bsc#1012628).
- drm/i915/dgfx: Keep PCI autosuspend control 'on' by default
on all dGPU (bsc#1012628).
- drm/i915/dp: Reset frl trained flag before restarting FRL
training (bsc#1012628).
- atlantic: fix deadlock at aq_nic_stop (bsc#1012628).
- kcm: annotate data-races around kcm->rx_psock (bsc#1012628).
- kcm: annotate data-races around kcm->rx_wait (bsc#1012628).
- net: fix UAF issue in nfqnl_nf_hook_drop() when ops_init()
failed (bsc#1012628).
- net: lantiq_etop: don't free skb when returning NETDEV_TX_BUSY
(bsc#1012628).
- tcp: fix a signed-integer-overflow bug in tcp_add_backlog()
(bsc#1012628).
- tcp: fix indefinite deferral of RTO with SACK reneging
(bsc#1012628).
- net-memcg: avoid stalls when under memory pressure
(bsc#1012628).
- drm/amdkfd: Fix memory leak in kfd_mem_dmamap_userptr()
(bsc#1012628).
- net: lan966x: Stop replacing tx dcbs and dcbs_buf when changing
MTU (bsc#1012628).
- mptcp: set msk local address earlier (bsc#1012628).
- can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing
put_clock() in error path (bsc#1012628).
- can: mcp251x: mcp251x_can_probe(): add missing
unregister_candev() in error path (bsc#1012628).
- PM: hibernate: Allow hybrid sleep to work with s2idle
(bsc#1012628).
- media: vivid: s_fbuf: add more sanity checks (bsc#1012628).
- media: vivid: dev->bitmap_cap wasn't freed in all cases
(bsc#1012628).
- media: v4l2-dv-timings: add sanity checks for blanking values
(bsc#1012628).
- media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check
'interlaced' (bsc#1012628).
- media: vivid: set num_in/outputs to 0 if not supported
(bsc#1012628).
- perf vendor events power10: Fix hv-24x7 metric events
(bsc#1012628).
- perf list: Fix PMU name pai_crypto in perf list on s390
(bsc#1012628).
- ipv6: ensure sane device mtu in tunnels (bsc#1012628).
- i40e: Fix ethtool rx-flow-hash setting for X722 (bsc#1012628).
- i40e: Fix VF hang when reset is triggered on another VF
(bsc#1012628).
- i40e: Fix flow-type by setting GL_HASH_INSET registers
(bsc#1012628).
- net: ksz884x: fix missing pci_disable_device() on error in
pcidev_init() (bsc#1012628).
- riscv: jump_label: mark arguments as const to satisfy asm
constraints (bsc#1012628).
- PM: domains: Fix handling of unavailable/disabled idle states
(bsc#1012628).
- perf vendor events arm64: Fix incorrect Hisi hip08 L3 metrics
(bsc#1012628).
- net: fec: limit register access on i.MX6UL (bsc#1012628).
- net: ethernet: ave: Fix MAC to be in charge of PHY PM
(bsc#1012628).
- ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev()
(bsc#1012628).
- ALSA: aoa: Fix I2S device accounting (bsc#1012628).
- openvswitch: switch from WARN to pr_warn (bsc#1012628).
- net: ehea: fix possible memory leak in ehea_register_port()
(bsc#1012628).
- net: bcmsysport: Indicate MAC is in charge of PHY PM
(bsc#1012628).
- nh: fix scope used to find saddr when adding non gw nh
(bsc#1012628).
- net: broadcom: bcm4908_enet: update TX stats after actual
transmission (bsc#1012628).
- netdevsim: fix memory leak in nsim_bus_dev_new() (bsc#1012628).
- netdevsim: fix memory leak in nsim_drv_probe() when
nsim_dev_resources_register() failed (bsc#1012628).
- netdevsim: remove dir in nsim_dev_debugfs_init() when creating
ports dir failed (bsc#1012628).
- net/mlx5e: Do not increment ESN when updating IPsec ESN state
(bsc#1012628).
- net/mlx5: Wait for firmware to enable CRS before
pci_restore_state (bsc#1012628).
- net/mlx5: DR, Fix matcher disconnect error flow (bsc#1012628).
- net/mlx5e: Extend SKB room check to include PTP-SQ
(bsc#1012628).
- net/mlx5e: Update restore chain id for slow path packets
(bsc#1012628).
- net/mlx5: ASO, Create the ASO SQ with the correct timestamp
format (bsc#1012628).
- net/mlx5: Fix possible use-after-free in async command interface
(bsc#1012628).
- net/mlx5e: TC, Reject forwarding from internal port to internal
port (bsc#1012628).
- net/mlx5: Update fw fatal reporter state on PCI handlers
successful recover (bsc#1012628).
- net/mlx5: Fix crash during sync firmware reset (bsc#1012628).
- net: do not sense pfmemalloc status in skb_append_pagefrags()
(bsc#1012628).
- kcm: do not sense pfmemalloc status in kcm_sendpage()
(bsc#1012628).
- net: enetc: survive memory pressure without crashing
(bsc#1012628).
- riscv: mm: add missing memcpy in kasan_init (bsc#1012628).
- riscv: fix detection of toolchain Zicbom support (bsc#1012628).
- riscv: fix detection of toolchain Zihintpause support
(bsc#1012628).
- arm64: Add AMPERE1 to the Spectre-BHB affected list
(bsc#1012628).
- tcp/udp: Fix memory leak in ipv6_renew_options() (bsc#1012628).
- commit 94ab6c8
++++ kernel-firmware:
- Update to version 20221031 (git commit 8bb75626e9dd):
* linux-firmware: Add firmware for Cirrus CS35L41 on new ASUS Laptop
* iwlwifi: add new PNVM binaries from core74-44 release
* iwlwifi: add new FWs from core69-81 release
* qcom: update venus firmware files for VPU-2.0
* qcom: remove split SC7280 venus firmware images
* qcom: update venus firmware file for v5.4
* qcom: replace split SC7180 venus firmware images with symlink
* rtw89: 8852b: update fw to v0.27.32.1
* rtlwifi: update firmware for rtl8192eu to v35.7
* rtlwifi: Add firmware v4.0 for RTL8188FU
* i915: Add HuC 7.10.3 for DG2
* linux-firmware: Add firmware for Cirrus CS35L41 on ASUS Laptops
* linux-firmware: Add firmware for Cirrus CS35L41 on Lenovo Laptops
* linux-firmware: Add firmware for Cirrus CS35L41 on HP Laptops
- Drop the CS35L41 firmware tarball that has been merged
- Drop obsoleted cirrus-WHENCE-update.patch
++++ augeas:
- Update to 1.13.0
* Fixes bsc#1204554
* Added augeas-1.13.0-replace_security_context_t-patch to fix a
syntax error.
* Rebased gcc9-disable-broken-test.patch
* Dropped the following patches since they are now upstreamed:
- augeas-new_options_for_chrony.patch
- augeas-allow_printable_ASCII.patch
- remove-unportable-tests.patch
* General changes/additions
- Add Dockerfile (Nicolas Gif) (Issue #650)
- augtool: Improved readline integration to handle quoting
issues (Pino Toscano)
- typechecker: Allow including '/' in keys and labels. Thanks
to felixdoerre for pointing out that this restriction was
unnecessary. See issue #668 for the discussion.
- Add function modified() to select nodes which are marked as
dirty (George Hansper) (Issue #691)
- Add CLI command 'preview' and API 'aug_preview' to preview
file contents (George Hansper) (#690)
- Add "else" operator to augeas path-filter expressions
(priority selector) (George Hansper) (#692)
- Add new axis 'seq' to allow /path/seq::*[expr] to match and
create numeric nodes, as idempotent alternative to
/path/*[expr] (George Hansper) (#706)
* Lens changes/additions
- Authinfo2: new lens to parse Authinfo2 format (Nicolas Gif)
(Issue #649)
- Chrony: add new options (Miroslav Lichvar) (Issue #698)
- Cmdline: New lens to parse /proc/cmdline (Thomas Weißschuh)
- Crypttab: support UUID in device and / in opt (Raphaël
Pinson) (#713)
- Fail2ban: new lens to parse Fail2ban format (Nicolas Gif)
(Issue #651)
- Grub: support '+' in kernel command line option names (Pino
Toscano) (Issue #647)
- Krb5: handle [plugins] subsection (Pino Toscano) (Issue #663)
- Limits: support colons in the domain pattern of the limits
lens (Xavier Mol) (Issue #645)
- Logrotate: add hourly schedule (Jason A. Smith) (Issue #655)
- Mke2fs: parse more common entries between [defaults] and the
tags in [fs_types], fix the type of few entries, handle the
[options] stanza (Pino Toscano) (Issue #642)
- support quoted values (Pino Toscano) (Issue #661)
- NetworkManager: allow # in values (mfilka) (#723)
- Opendkim: update to match current conffile format (Issue #644)
- Postfix_Master: Allow unix-dgram as type (Issue #635)
- Postfix_transport: Allow underscore (Anton Baranov) (Issue #678)
- Postgresql: Allow hyphen '-' in values that don't require quotes
(Marcin Barczyński) (Issues #700 #701)
- Properties: Allow "/" in property names (felixdoerre) (Issue #680)
- Redis: add incl path /etc/redis.conf (Raphaël Pinson) (#726)
- support "replicaof" (Raphaël Pinson) (#727)
- fix support for "sentinel" (Raphaël Pinson) (#728)
- Resolv: Support new options (Trevor Vaughan) (Issues #707 #708)
- Rsyslog: support multiple actions in filters and selectors (Issue
[#653])
- Shellvars: exclude more tcsh profile scripts (Pino Toscano) (Issue
[#627])
- Simplevars: add ocsinventory-agent.cfg (Pat Riehecky) (Issue #637)
- Sudoers: support new @include/@includedir directives (Pino
Toscano) (Issue #693)
- Sudoers: Allow AD groups (luchihoratiu) (Issue #696)
- Support negative integers (Ando David Roots) (#724)
- Ssh: add Match keyword support (granquet) (Issue #695)
- Sshd: support quotes in Match conditions (Issue #739)
- Systemd: fix parsing of envvars with spaces (Pino Toscano) (#659)
- Add incl paths according to 'systemd.network(5)' (chruetli) (#683)
- Tinc: new lens for Tinc VPN configuration files (Thomas Weißschuh)
(#718)
- Toml: support arrays (norec) in inline tables (Raphaël Pinson)
(#703)
- Tmpfiles: improvements to the types specification (Pino Toscano)
(Issue #694)
++++ pixman:
- Update to version 0.42.2 (boo#1205033 CVE-2022-44638):
+ This version contains a fix for a heap overflow.
- Update URL, and tweak source URI.
++++ suse-module-tools:
* Revert "Split kernel scriptlets into separate sub-package"
(that change broke some package builds on OBS)
- Update to version 16.0.25:
* 80-hotplug-cpu-mem.rules: restrict cpu rule to x86_64 (bsc#1204423)
++++ virt-manager:
- Upstream bug fixes (bsc#1027942)
11a887ec-cli-disk-Add-driver.metadata_cache-options.patch
7295ebfb-tests-cli-Fix-test-output-after-previous-commit.patch
58f5e36d-fsdetails-Fix-an-error-with-source.socket-of-virtiofs.patch
c22a876e-tests-Add-a-compat-check-for-linux2020-in-amd-sev-test-case.patch
fbdf0516-cli-cpu-Add-maxphysaddr.mode-bits-options.patch
b0d05167-cloner-Sync-uuid-and-sysinfo-system-uuid.patch
999ccb85-virt-install-unattended-and-cloud-init-conflict.patch
------------------------------------------------------------------
------------------ 2022-11-3 - Nov 3 2022 -------------------
------------------------------------------------------------------
++++ lvm2-device-mapper:
- killed lvmlockd doesn't clear/adopt locks leading to inability to start volume group (bsc#1203216)
- bug-1203216_lvmlockd-purge-the-lock-resources-left-in-previous-l.patch
++++ libdrm:
- Update to 2.4.114
* amdgpu.ids: use consistent formatting for RID
* amdgpu.ids: sort the file
* amdgpu.ids: update to the latest marketing name
* amdgpu_ids: add MI marketing names
* amdgpu: Add a default marketing name if none is found
* meson: fast-fail on unsupported OSes
* include/drm/drm_fourcc.h: Update from Linux v6.0-rc7
* include/drm/i915_drm.h: Update from Linux v6.0-rc7
* tests/util: add imx-lcdif driver
* intel: move declarations to top in drm_intel_gem_bo_unreference()
* build: automatically disable Intel if pciaccess is not found
* xf86drm: handle DRM_FORMAT_BIG_ENDIAN in drmGetFormatName()
* amdgpu: silence uninitialized variable warning
* xf86drmMode: add helpers for dumb buffers
* modetest: drop unused offset field in struct bo
* modetest: use sized integers in struct bo
* modetest: use dumb buffer helpers
++++ lvm2:
- killed lvmlockd doesn't clear/adopt locks leading to inability to start volume group (bsc#1203216)
- bug-1203216_lvmlockd-purge-the-lock-resources-left-in-previous-l.patch
++++ python310-core:
- Add CVE-2022-42919-loc-priv-mulitproc-forksrv.patch to avoid
CVE-2022-42919 (bsc#1204886) avoiding Linux specific local
privilege escalation via the multiprocessing forkserver start
method.
++++ libsoup:
- Update to version 3.2.2:
+ Various HTTP/2 Fixes:
- Fix `content-sniffed` not being emitted for resources without
content.
- Fix leak of SoupServerConnection when stolen.
- Enable tests on 32-bit again, fixed upstream.
++++ python310:
- Add CVE-2022-42919-loc-priv-mulitproc-forksrv.patch to avoid
CVE-2022-42919 (bsc#1204886) avoiding Linux specific local
privilege escalation via the multiprocessing forkserver start
method.
++++ python-cryptography:
- update to 38.0.3:
- Updated Windows, macOS, and Linux wheels to be compiled
with OpenSSL 3.0.7, which resolves CVE-2022-3602 and
CVE-2022-3786.
++++ qemu:
- Enable KVM support on riscv64
++++ sudo:
- Added sudo-CVE-2022-43995.patch
* CVE-2022-43995
* bsc#1204986
* Fixed a potential heap-based buffer over-read when entering a password
of seven characters or fewer and using the crypt() password backend.
------------------------------------------------------------------
------------------ 2022-11-2 - Nov 2 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- u_nouveau-corrupted-colors-boo1203949.patch
* fixes corrupted colors in videos on nouveau with Kepler in
Firefox (boo#1203949, issue#7416)
- moved drirc.d config snippets from Mesa to Mea-dri package;
radv driver specific conf was missing completely (boo#1204866)
++++ Mesa-drivers:
- u_nouveau-corrupted-colors-boo1203949.patch
* fixes corrupted colors in videos on nouveau with Kepler in
Firefox (boo#1203949, issue#7416)
- moved drirc.d config snippets from Mesa to Mea-dri package;
radv driver specific conf was missing completely (boo#1204866)
++++ NetworkManager:
- Use a with_netconfig define instead of relying on bcond: bcond is
meant to have extrenally controllable build conditions (build -D,
or OBS prjconf).
++++ bash:
- Set DEFAULT_LOADABLE_BUILTINS_PATH to get BASH_LOADABLES_PATH
correct (boo#1204567)
++++ btrfsprogs:
- update to 6.0
* fi usage: in tabular output, print total size and slack size
* mkfs:
* option -O now accepts values from -R to unify the interface (-R will
continue to work)
* zone reset and discard is done in parallel on all devices
* removed option --leafsize, deprecated long time ago
* corrupt-block: recalculate checksum when changing generation
* fixes:
* convert: fix reserved range detection and overlaps
* mkfs: fix creating files with reserved inode numbers with --rootdir
* receive: escape filenames in command attributes
* fix extent buffer leaks after transaction abort
* experimental:
* mkfs: support for block-group-tree (kernel 6.1)
* fsverity in send (protocol v3, WIP)
* btrfstune -b converts to block-group-tree
* other:
* cleanups, refactoring
* new and updated tests
* update documentation
++++ gnutls:
- Temporarily revert the jitterentropy patches in s390 and s390x
architectures until a fix is provided [bsc#1204937]
- Disable flaky test that fails in s390x architecture:
* Add gnutls-disable-flaky-test-dtls-resume.patch
++++ kernel-default:
- wifi: brcmfmac: Fix potential buffer overflow in
brcmf_fweh_event_worker() (CVE-2022-3628 bsc#1204868).
- commit a020866
- Drop the previous sound fix for Dell Dock (bsc#1204719)
The patch turned out to be superfluous, the fix should be on pipewire
instead.
- commit a7f641a
- ALSA: usb-audio: Fix regression with Dell Dock jack detection
(bsc#1204719).
- commit 286383c
- KVM: x86: emulator: update the emulation mode after rsm
(bsc#1200616).
- KVM: x86: emulator: introduce emulator_recalc_and_set_mode
(bsc#1200616).
- commit 28a19ee
- char: pcmcia: cm4040_cs: Fix use-after-free in reader_fops
(bsc#1204922 CVE-2022-44033).
- commit aaed0f2
- ring-buffer: Check for NULL cpu_buffer in
ring_buffer_wake_waiters() (bsc#1204705).
- commit 57f1f7d
++++ ncurses:
- Add ncurses patch 20221029
+ improve curs_slk.3x discussion of extensions and portability (report
by Bill Gray).
++++ openssl-1_1:
- Updated openssl.keyring with key A21FAB74B0088AA361152586B8EF1A6BA9DA2D5C
- Update to 1.1.1s:
* Fixed a regression introduced in 1.1.1r version not refreshing the
certificate data to be signed before signing the certificate.
- Update to 1.1.1r:
* Fixed the linux-mips64 Configure target which was missing the
SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that
platform.
* Fixed a strict aliasing problem in bn_nist. Clang-14 optimisation was
causing incorrect results in some cases as a result.
* Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to
report correct results in some cases
* Fixed a regression introduced in 1.1.1o for re-signing certificates with
different key sizes
* Added the loongarch64 target
* Fixed a DRBG seed propagation thread safety issue
* Fixed a memory leak in tls13_generate_secret
* Fixed reported performance degradation on aarch64. Restored the
implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid
32-bit lane assignment in CTR mode") for 64bit targets only, since it is
reportedly 2-17% slower and the silicon errata only affects 32bit targets.
The new algorithm is still used for 32 bit targets.
* Added a missing header for memcmp that caused compilation failure on some
platforms
++++ sqlite3:
- update to 3.39.4:
* Fix a long-standing problem in the btree balancer that might,
in rare cases, cause database corruption if the application
uses an application-defined page cache
* Enhance SQLITE_DBCONFIG_DEFENSIVE so that it disallows
CREATE TRIGGER statements if one or more of the statements in
the body of the trigger write into shadow tables
* Fix a possible integer overflow in the size computation for a
memory allocation in FTS3.
* Fix a misuse of the sqlite3_set_auxdata() interface in the ICU
Extension
++++ shadow:
- bsc#1204811: Fix chage date format string regression
* Add shadow-chage-format.patch
++++ openssl:
- updated to 1.1.s release
++++ python-libvirt-python:
- Update to 8.9.0
- Add all new APIs and constants in libvirt 8.9.0
- jsc#PED-620, jsc#PED-1540
------------------------------------------------------------------
------------------ 2022-11-1 - Nov 1 2022 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Refresh patches.suse/drm-amdgpu-Fix-for-BO-move-issue.patch.
Update upstream status.
- commit 30b9c27
- char: pcmcia: scr24x_cs: Fix use-after-free in scr24x_fops
(bsc#1204901 CVE-2022-44034).
- char: pcmcia: cm4000_cs: Fix use-after-free in cm4000_fops
(bsc#1204894 CVE-2022-44032).
- commit 7d0ff8d
- Refresh
patches.suse/ACPI-resource-do-IRQ-override-on-LENOVO-IdeaPad.patch.
- Refresh
patches.suse/ALSA-hda-realtek-Add-another-HP-ZBook-G9-model-quirk.patch.
- Refresh
patches.suse/ALSA-hda-realtek-Add-quirk-for-ASUS-Zenbook-using-CS.patch.
Update upstream status.
- commit eaa1897
++++ openssl-3:
- Temporary disable tests test_ssl_new and test_sslapi because they are
failing in openSUSE_Tumbleweed
- Update to 3.0.7: [bsc#1204714, CVE-2022-3602,CVE-2022-3786]
* Fixed two buffer overflows in punycode decoding functions.
A buffer overrun can be triggered in X.509 certificate verification,
specifically in name constraint checking. Note that this occurs after
certificate chain signature verification and requires either a CA to
have signed the malicious certificate or for the application to continue
certificate verification despite failure to construct a path to a trusted
issuer.
In a TLS client, this can be triggered by connecting to a malicious
server. In a TLS server, this can be triggered if the server requests
client authentication and a malicious client connects.
An attacker can craft a malicious email address to overflow
an arbitrary number of bytes containing the `.` character (decimal 46)
on the stack. This buffer overflow could result in a crash (causing a
denial of service).
([CVE-2022-3786])
An attacker can craft a malicious email address to overflow four
attacker-controlled bytes on the stack. This buffer overflow could
result in a crash (causing a denial of service) or potentially remote code
execution depending on stack layout for any given platform/compiler.
([CVE-2022-3602])
* Removed all references to invalid OSSL_PKEY_PARAM_RSA names for CRT
parameters in OpenSSL code.
Applications should not use the names OSSL_PKEY_PARAM_RSA_FACTOR,
OSSL_PKEY_PARAM_RSA_EXPONENT and OSSL_PKEY_PARAM_RSA_COEFFICIENT.
Use the numbered names such as OSSL_PKEY_PARAM_RSA_FACTOR1 instead.
Using these invalid names may cause algorithms to use slower methods
that ignore the CRT parameters.
* Fixed a regression introduced in 3.0.6 version raising errors on some stack
operations.
* Fixed a regression introduced in 3.0.6 version not refreshing the certificate
data to be signed before signing the certificate.
* Added RIPEMD160 to the default provider.
* Ensured that the key share group sent or accepted for the key exchange
is allowed for the protocol version.
- Update to 3.0.6: [bsc#1204226, CVE-2022-3358]
* OpenSSL supports creating a custom cipher via the legacy
EVP_CIPHER_meth_new() function and associated function calls. This function
was deprecated in OpenSSL 3.0 and application authors are instead encouraged
to use the new provider mechanism in order to implement custom ciphers.
* OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy custom ciphers
passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and
EVP_CipherInit_ex2() functions (as well as other similarly named encryption
and decryption initialisation functions). Instead of using the custom cipher
directly it incorrectly tries to fetch an equivalent cipher from the
available providers. An equivalent cipher is found based on the NID passed
to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID
for a given cipher. However it is possible for an application to incorrectly
pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When
NID_undef is used in this way the OpenSSL encryption/decryption
initialisation function will match the NULL cipher as being equivalent and
will fetch this from the available providers. This will succeed if the
default provider has been loaded (or if a third party provider has been
loaded that offers this cipher). Using the NULL cipher means that the
plaintext is emitted as the ciphertext.
* Applications are only affected by this issue if they call
EVP_CIPHER_meth_new() using NID_undef and subsequently use it in a call to
an encryption/decryption initialisation function. Applications that only use
SSL/TLS are not impacted by this issue. ([CVE-2022-3358])
* Fix LLVM vs Apple LLVM version numbering confusion that caused build
failures on MacOS 10.11
* Fixed the linux-mips64 Configure target which was missing the SIXTY_FOUR_BIT
bn_ops flag. This was causing heap corruption on that platform.
* Fix handling of a ticket key callback that returns 0 in TLSv1.3 to not send
a ticket
* Correctly handle a retransmitted ClientHello in DTLS
* Fixed detection of ktls support in cross-compile environment on Linux
* Fixed some regressions and test failures when running the 3.0.0 FIPS
provider against 3.0.x
* Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to
report correct results in some cases
* Fix UWP builds by defining VirtualLock
* For known safe primes use the minimum key length according to RFC 7919.
Longer private key sizes unnecessarily raise the cycles needed to compute
the shared secret without any increase of the real security. This fixes a
regression from 1.1.1 where these shorter keys were generated for the known
safe primes.
* Added the loongarch64 target
* Fixed EC ASM flag passing. Flags for ASM implementations of EC curves were
only passed to the FIPS provider and not to the default or legacy provider.
* Fixed reported performance degradation on aarch64. Restored the
implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid 32-bit
lane assignment in CTR mode") for 64bit targets only, since it is reportedly
2-17% slower and the silicon errata only affects 32bit targets. The new
algorithm is still used for 32 bit targets.
* Added a missing header for memcmp that caused compilation failure on some
platforms
++++ libvirt:
- Update to libvirt 8.9.0
- jsc#PED-620, jsc#PED-1540
- Add support for modular daemons to the supportconfig plugin
- New subpackage libvirt-client-qemu providing client utilities
to interact with QEMU-specific features of libvirt
- Many incremental improvements and bug fixes, see
https://libvirt.org/news.html#v8-9-0-2022-11-01
------------------------------------------------------------------
------------------ 2022-10-31 - Oct 31 2022 -------------------
------------------------------------------------------------------
++++ lvm2-device-mapper:
- dracut-initqueue timeouts with 5.3.18-150300.59.63 kernel on ppc64le (bsc#1199074)
- in lvm2.spec, change device_mapper_version from 1.02.185 to %{lvm2_version}_1.02.185
++++ glib2:
- Add a1151bc1.patch: gio/gdesktopappinfo: Free the wrapped argv
array on launch failure.
- Add ca905744.patch: Revert "Handling collision between standard
i/o file descriptors and newly created ones". The user-visible
problem this solves is gnome-keyring-daemon eating 100% CPU.
++++ lvm2:
- dracut-initqueue timeouts with 5.3.18-150300.59.63 kernel on ppc64le (bsc#1199074)
- in lvm2.spec, change device_mapper_version from 1.02.185 to %{lvm2_version}_1.02.185
++++ libxml2:
- Add W3C conformance tests to the testsuite (bsc#1204585):
* Added file xmlts20080827.tar.gz
++++ libxml2-python:
- Add W3C conformance tests to the testsuite (bsc#1204585):
* Added file xmlts20080827.tar.gz
++++ python-requests:
- allow using newest version of charset-normalizer (3.0+)
* requests-allow-charset-normalizer-3.patch
------------------------------------------------------------------
------------------ 2022-10-30 - Oct 30 2022 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Linux 6.0.6 (bsc#1012628).
- mm: /proc/pid/smaps_rollup: fix no vma's null-deref
(bsc#1012628).
- ACPI: video: Force backlight native for more TongFang devices
(bsc#1012628).
- ext4: fix potential out of bound read in ext4_fc_replay_scan()
(bsc#1012628).
- ext4: factor out ext4_fc_get_tl() (bsc#1012628).
- ext4: introduce EXT4_FC_TAG_BASE_LEN helper (bsc#1012628).
- io_uring: don't gate task_work run on TIF_NOTIFY_SIGNAL
(bsc#1012628).
- wifi: mt76: mt7921e: fix random fw download fail (bsc#1012628).
- iommu/vt-d: Clean up si_domain in the init_dmars() error path
(bsc#1012628).
- iommu/vt-d: Allow NVS regions in arch_rmrr_sanity_check()
(bsc#1012628).
- rv/dot2c: Make automaton definition static (bsc#1012628).
- drbd: only clone bio if we have a backing device (bsc#1012628).
- net: phy: dp83822: disable MDI crossover status change interrupt
(bsc#1012628).
- net: sched: fix race condition in qdisc_graft() (bsc#1012628).
- net: hns: fix possible memory leak in hnae_ae_register()
(bsc#1012628).
- wwan_hwsim: fix possible memory leak in wwan_hwsim_dev_new()
(bsc#1012628).
- sfc: include vport_id in filter spec hash and equal()
(bsc#1012628).
- io_uring/msg_ring: Fix NULL pointer dereference in
io_msg_send_fd() (bsc#1012628).
- net: Fix return value of qdisc ingress handling on success
(bsc#1012628).
- net: sched: sfb: fix null pointer access issue when sfb_init()
fails (bsc#1012628).
- net: sched: delete duplicate cleanup of backlog and qlen
(bsc#1012628).
- net: sched: cake: fix null pointer access issue when cake_init()
fails (bsc#1012628).
- nvmet: fix workqueue MEM_RECLAIM flushing dependency
(bsc#1012628).
- nvme-hwmon: kmalloc the NVME SMART log buffer (bsc#1012628).
- nvme-hwmon: consistently ignore errors from nvme_hwmon_init
(bsc#1012628).
- netfilter: nf_tables: relax NFTA_SET_ELEM_KEY_END set flags
requirements (bsc#1012628).
- netfilter: rpfilter/fib: Set ->flowic_uid correctly for user
namespaces (bsc#1012628).
- netfilter: rpfilter/fib: Populate flowic_l3mdev field
(bsc#1012628).
- ionic: catch NULL pointer issue on reconfig (bsc#1012628).
- net: hsr: avoid possible NULL deref in skb_clone()
(bsc#1012628).
- bnxt_en: fix memory leak in bnxt_nvm_test() (bsc#1012628).
- drm/amd/display: Increase frame size limit for
display_mode_vba_util_32.o (bsc#1012628).
- dm: remove unnecessary assignment statement in alloc_dev()
(bsc#1012628).
- cifs: Fix memory leak when build ntlmssp negotiate blob failed
(bsc#1012628).
- cifs: Fix xid leak in cifs_ses_add_channel() (bsc#1012628).
- cifs: Fix xid leak in cifs_flock() (bsc#1012628).
- cifs: Fix xid leak in cifs_copy_file_range() (bsc#1012628).
- cifs: Fix xid leak in cifs_create() (bsc#1012628).
- ip6mr: fix UAF issue in ip6mr_sk_done() when addrconf_init_net()
failed (bsc#1012628).
- udp: Update reuse->has_conns under reuseport_lock (bsc#1012628).
- scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1012628).
- net: ethernet: mtk_eth_wed: add missing of_node_put()
(bsc#1012628).
- net: ethernet: mtk_eth_wed: add missing put_device() in
mtk_wed_add_hw() (bsc#1012628).
- net: ethernet: mtk_eth_soc: fix possible memory leak in
mtk_probe() (bsc#1012628).
- io_uring/rw: remove leftover debug statement (bsc#1012628).
- blk-mq: fix null pointer dereference in
blk_mq_clear_rq_mapping() (bsc#1012628).
- erofs: shouldn't churn the mapping page for duplicated copies
(bsc#1012628).
- skmsg: pass gfp argument to alloc_sk_msg() (bsc#1012628).
- net: stmmac: Enable mac_managed_pm phylink config (bsc#1012628).
- net: phylink: add mac_managed_pm in phylink_config structure
(bsc#1012628).
- net/smc: Fix an error code in smc_lgr_create() (bsc#1012628).
- net: phy: dp83867: Extend RX strap quirk for SGMII mode
(bsc#1012628).
- net/atm: fix proc_mpc_write incorrect return value
(bsc#1012628).
- sfc: Change VF mac via PF as first preference if available
(bsc#1012628).
- HID: magicmouse: Do not set BTN_MOUSE on double report
(bsc#1012628).
- tls: strp: make sure the TCP skbs do not have overlapping data
(bsc#1012628).
- i40e: Fix DMA mappings leak (bsc#1012628).
- net: dsa: qca8k: fix ethtool autocast mib for big-endian systems
(bsc#1012628).
- net: dsa: qca8k: fix inband mgmt for big-endian systems
(bsc#1012628).
- tipc: fix an information leak in tipc_topsrv_kern_subscr
(bsc#1012628).
- tipc: Fix recognition of trial period (bsc#1012628).
- ACPI: extlog: Handle multiple records (bsc#1012628).
- drm/vc4: hdmi: Enforce the minimum rate at runtime_resume
(bsc#1012628).
- drm/vc4: Add module dependency on hdmi-codec (bsc#1012628).
- btrfs: fix processing of delayed tree block refs during backref
walking (bsc#1012628).
- btrfs: fix processing of delayed data refs during backref
walking (bsc#1012628).
- dm bufio: use the acquire memory barrier when testing for
B_READING (bsc#1012628).
- platform/x86/amd: pmc: Read SMU version during suspend on
Cezanne systems (bsc#1012628).
- x86/topology: Fix duplicated core ID within a package
(bsc#1012628).
- x86/topology: Fix multiple packages shown on a single-package
system (bsc#1012628).
- x86/Kconfig: Drop check for -mabi=ms for CONFIG_EFI_STUB
(bsc#1012628).
- media: venus: Fix NV12 decoder buffer discovery on
HFI_VERSION_1XX (bsc#1012628).
- media: venus: dec: Handle the case where find_format fails
(bsc#1012628).
- media: mceusb: set timeout to at least timeout provided
(bsc#1012628).
- media: ipu3-imgu: Fix NULL pointer dereference in active
selection access (bsc#1012628).
- KVM: arm64: vgic: Fix exit condition in scan_its_table()
(bsc#1012628).
- KVM: x86: Add compat handler for KVM_X86_SET_MSR_FILTER
(bsc#1012628).
- KVM: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter()
(bsc#1012628).
- kvm: Add support for arch compat vm ioctls (bsc#1012628).
- mm,hugetlb: take hugetlb_lock before decrementing
h->resv_huge_pages (bsc#1012628).
- drm/amdgpu: fix sdma doorbell init ordering on APUs
(bsc#1012628).
- cpufreq: qcom: fix memory leak in error path (bsc#1012628).
- x86/resctrl: Fix min_cbm_bits for AMD (bsc#1012628).
- ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS
(bsc#1012628).
- ata: ahci-imx: Fix MODULE_ALIAS (bsc#1012628).
- hwmon/coretemp: Handle large core ID value (bsc#1012628).
- x86/microcode/AMD: Apply the patch early on every logical thread
(bsc#1012628).
- cpufreq: tegra194: Fix module loading (bsc#1012628).
- i2c: qcom-cci: Fix ordering of pm_runtime_xx and i2c_add_adapter
(bsc#1012628).
- cpufreq: qcom: fix writes in read-only memory region
(bsc#1012628).
- selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in
convert_context() (bsc#1012628).
- smb3: interface count displayed incorrectly (bsc#1012628).
- ocfs2: fix BUG when iput after ocfs2_mknod fails (bsc#1012628).
- ocfs2: clear dinode links count in case of error (bsc#1012628).
- video/aperture: Call sysfb_disable() before removing PCI devices
(bsc#1012628).
- commit ba5b066
++++ lsof:
- update to 4.96.4
* fix hash functions used for finding local tcp/udp IPCs
* Show copyright notice in --version output.
* Avoid some easy collissions for udp/udp6 sockets when hashing
* Changing the number of ipcbuckets to 4096
* obtain correct information of memory-mapped file.
- drop remove-hostname.patch now upstream
------------------------------------------------------------------
------------------ 2022-10-29 - Oct 29 2022 -------------------
------------------------------------------------------------------
++++ libXext:
- Update to version 1.3.5
* Fix spelling/wording issues
* gitlab CI: add a basic build test
* Xge.c, Xge.h: convert from ISO-8859-1 to UTF-8
* Add extutilP.h header for xgeExtRegister() prototype
* Remove unnecessary casts of malloc/calloc results
* Remove unnecessary (char *) casts from Xfree() arguments
* Use calloc instead of malloc if we may not initialize all the bytes
* Import reallocarray() from libX11
* Convert calls to Xmalloc arrays to use Xmallocarray instead
* configure: Use AC_USE_SYSTEM_EXTENSIONS to set GNU_SOURCE & other defines
* Remove "All rights reserved" from Oracle copyright notices.
* COPYING: Add info for Xge.* and reallocarray.* files
* add ACLOCAL_AMFLAGS = -I m4 to make aclocal pick ax_gcc_builtin.m4
++++ libXinerama:
- Update to version 1.1.6
* Update README for gitlab migration
* Update configure.ac bug URL for gitlab migration
* Fix spelling/wording issues
* gitlab CI: add a basic build test
* XineramaQueryScreens: fix -Wsign-compare warning
* Remove "register" type qualifier from variable declarations
++++ protobuf:
- update to 21.9:
* Ruby
* Replace libc strdup usage with internal impl to restore musl compat (#10818)
* Auto capitalize enums name in Ruby (#10454) (#10763)
* Other
* Fix for grpc.tools #17995 & protobuf #7474 (handle UTF-8 paths in argumentfile) (#10721)
* C++
* 21.x No longer define no_threadlocal on OpenBSD (#10743)
* Java
* Mark default instance as immutable first to avoid race during static initialization of default instances (#10771)
* Refactoring java full runtime to reuse sub-message builders and prepare to
migrate parsing logic from parse constructor to builder.
* Move proto wireformat parsing functionality from the private "parsing
constructor" to the Builder class.
* Change the Lite runtime to prefer merging from the wireformat into mutable
messages rather than building up a new immutable object before merging. This
way results in fewer allocations and copy operations.
* Make message-type extensions merge from wire-format instead of building up
instances and merging afterwards. This has much better performance.
* Fix TextFormat parser to build up recurring (but supposedly not repeated)
sub-messages directly from text rather than building a new sub-message and
merging the fully formed message into the existing field.
++++ timezone:
- timezone update 2022f:
* Mexico will no longer observe DST except near the US border
* Chihuahua moves to year-round -06 on 2022-10-30
* Fiji no longer observes DST
* Move links to 'backward'
* In vanguard form, GMT is now a Zone and Etc/GMT a link
* zic now supports links to links, and vanguard form uses this
* Simplify four Ontario zones
* Fix a Y2438 bug when reading TZif data
* Enable 64-bit time_t on 32-bit glibc platforms
* Omit large-file support when no longer needed
* In C code, use some C23 features if available
* Remove no-longer-needed workaround for Qt bug 53071
------------------------------------------------------------------
------------------ 2022-10-28 - Oct 28 2022 -------------------
------------------------------------------------------------------
++++ grub2:
- NVMeoFC support on grub (jsc#PED-996)
* 0001-ieee1275-add-support-for-NVMeoFC.patch
* 0002-ieee1275-ofpath-enable-NVMeoF-logical-device-transla.patch
* 0003-ieee1275-change-the-logic-of-ieee1275_get_devargs.patch
* 0004-ofpath-controller-name-update.patch
- TDX: Enhance grub2 measurement to TD RTMR (jsc#PED-1265)
* 0001-commands-efi-tpm-Refine-the-status-of-log-event.patch
* 0002-commands-efi-tpm-Use-grub_strcpy-instead-of-grub_mem.patch
* 0003-efi-tpm-Add-EFI_CC_MEASUREMENT_PROTOCOL-support.patch
- Measure the kernel on POWER10 and extend TPM PCRs (PED-1990)
* 0001-ibmvtpm-Add-support-for-trusted-boot-using-a-vTPM-2..patch
* 0002-ieee1275-implement-vec5-for-cas-negotiation.patch
- Fix efi pcr snapshot related funtion is defined but not used on powerpc
platform.
* safe_tpm_pcr_snapshot.patch
++++ at-spi2-core:
- Ensure xprop is required when xwayland is installed.
++++ python-pbr:
- Update to 5.11.0
* Fix symbol identification in multiline message
* Replace deprecated readfp method with read_file
------------------------------------------------------------------
------------------ 2022-10-27 - Oct 27 2022 -------------------
------------------------------------------------------------------
++++ llvm15:
- Update to version 15.0.3.
* This release contains bug-fixes for the LLVM 15.0.0 release.
This release is API and ABI compatible with 15.0.0.
- Add llvm-armv7-fix-vector-compare-with-zero-lowering.patch: Fix
lowering of non-canonical vector comparison with zero on armv7,
preventing a crash (boo#1204267, gh#llvm/llvm-project#58514).
- Add lldb-swig-4.1.0-build-fix.patch: Fix build with Swig 4.1.0.
- Rebase llvm-do-not-install-static-libraries.patch.
++++ osinfo-db:
- Update to database version 20221018
osinfo-db-20221018.tar.xz
++++ python-charset-normalizer:
- Update to 3.0.0
Added
* Extend the capability of explain=True when cp_isolation contains at most two entries (min one), will log in details of the Mess-detector results
Support for alternative language frequency set in charset_normalizer.assets.FREQUENCIES
Add parameter language_threshold in from_bytes, from_path and from_fp to adjust the minimum expected coherence ratio
normalizer --version now specify if current version provide extra speedup (meaning mypyc compilation whl)
* Changed
Build with static metadata using 'build' frontend
Make the language detection stricter
Optional: Module md.py can be compiled using Mypyc to provide an extra speedup up to 4x faster than v2.1
* Fixed
CLI with opt --normalize fail when using full path for files
TooManyAccentuatedPlugin induce false positive on the mess detection when too few alpha character have been fed to it
Sphinx warnings when generating the documentation
* Removed
Coherence detector no longer return 'Simple English' instead return 'English'
Coherence detector no longer return 'Classical Chinese' instead return 'Chinese'
Breaking: Method first() and best() from CharsetMatch
UTF-7 will no longer appear as "detected" without a recognized SIG/mark (is unreliable/conflict with ASCII)
Breaking: Class aliases CharsetDetector, CharsetDoctor, CharsetNormalizerMatch and CharsetNormalizerMatches
Breaking: Top-level function normalize
Breaking: Properties chaos_secondary_pass, coherence_non_latin and w_counter from CharsetMatch
Support for the backport unicodedata2
++++ raspberrypi-firmware:
- Update to 13691cee9 (2022-10-26):
* firmware: arm_loader: Add vcmailbox support for 256bit OTP
customer device key
See: raspberrypi/usbboot#163
* firmware: il: video_encode: MJPEG is not conditional on
being RASPBERRYPI_FULL
++++ raspberrypi-firmware-config:
- Update to 13691cee9 (2022-10-26):
* firmware: arm_loader: Add vcmailbox support for 256bit OTP
customer device key
See: raspberrypi/usbboot#163
* firmware: il: video_encode: MJPEG is not conditional on
being RASPBERRYPI_FULL
++++ raspberrypi-firmware-config-camera:
- Update to 13691cee9 (2022-10-26):
* firmware: arm_loader: Add vcmailbox support for 256bit OTP
customer device key
See: raspberrypi/usbboot#163
* firmware: il: video_encode: MJPEG is not conditional on
being RASPBERRYPI_FULL
++++ raspberrypi-firmware-dt:
- Update to 692039799e78 (2022-10-26)
++++ tar:
- Fix unexpected inconsistency when making directory, bsc#1203600
* tar-avoid-overflow-in-symlinks-tests.patch
* tar-fix-extract-unlink.patch
- Update race condition fix, bsc#1200657
* tar-fix-race-condition.patch
- Refresh bsc1200657.patch
------------------------------------------------------------------
------------------ 2022-10-26 - Oct 26 2022 -------------------
------------------------------------------------------------------
++++ curl:
- Update to 7.86.0:
* Security fixes:
- POST following PUT confusion [bsc#1204383, CVE-2022-32221]
- .netrc parser out-of-bounds access [bsc#1204384, CVE-2022-35260]
- HTTP proxy double-free [bsc#1204385, CVE-2022-42915]
- HSTS bypass via IDN [bsc#1204386, CVE-2022-42916]
* Changes:
- NPN: remove support for and use of
- Websockets: initial support
* Bugfixes:
- altsvc: reject bad port numbers
- autotools: reduce brute-force when detecting recv/send arg list
- aws_sigv4: fix header computation
- cli tool: do not use disabled protocols
- connect: change verbose IPv6 address:port to [address]:port
- connect: fix builds without AF_INET6
- connect: fix Curl_updateconninfo for TRNSPRT_UNIX
- connect: fix the wrong error message on connect failures
- content_encoding: use writer struct subclasses for different encodings
- cookie: reject cookie names or content with TAB characters
- curl/add_file_name_to_url: use the libcurl URL parser
- curl/get_url_file_name: use libcurl URL parser
- curl: warn for --ssl use, considered insecure
- docs/libcurl/symbols-in-versions: add several missing symbols
- ftp: ignore a 550 response to MDTM
- functypes: provide the recv and send arg and return types
- getparameter: return PARAM_MANUAL_REQUESTED for -M even when disabled
- header: define public API functions as extern c
- headers: reset the requests counter at transfer start
- hostip: guard PF_INET6 use
- hostip: lazily wait to figure out if IPv6 works until needed
- http, vauth: always provide Curl_allow_auth_to_host() functionality
- http2: make nghttp2 less picky about field whitespace
- http: try parsing Retry-After: as a number first
- http_proxy: restore the protocol pointer on error
- lib: add missing limits.h includes
- lib: prepare the incoming of additional protocols
- lib: sanitize conditional exclusion around MIME
- libssh: if sftp_init fails, don't get the sftp error code
- mprintf: reject two kinds of precision for the same argument
- mqtt: return error for too long topic
- netrc: compare user name case sensitively
- netrc: replace fgets with Curl_get_line
- netrc: use the URL-decoded user
- ngtcp2: fix build errors due to changes in ngtcp2 library
- noproxy: support proxies specified using cidr notation
- openssl: make certinfo available for QUIC
- resolve: make forced IPv4 resolve only use A queries
- schannel: ban server ALPN change during recv renegotiation
- schannel: don't reset recv/send function pointers on renegotiation
- schannel: when importing PFX, disable key persistence
- setopt: use the handler table for protocol name to number conversions
- setopt: when POST is set, reset the 'upload' field
- single_transfer: use the libcurl URL parser when appending query parts
- smb: replace CURL_WIN32 with WIN32
- tool: avoid generating ambiguous escaped characters in --libcurl
- tool_main: exit at once if out of file descriptors
- tool_operate: more transfer cleanup after parallel transfer fail
- tool_operate: prevent over-queuing in parallel mode
- tool_paramhelp: asserts verify maximum sizes for string loading
- tool_xattr: save the original URL, not the final redirected one
- url: a zero-length userinfo part in the URL is still a (blank) user
- url: allow non-HTTPS HSTS-matching for debug builds
- url: rename function due to name-clash in Watt-32
- url: use IDN decoded names for HSTS checks
- urlapi: detect scheme better when not guessing
- urlapi: fix parsing URL without slash with CURLU_URLENCODE
- urlapi: reject more bad characters from the host name field
* Remove patch upstream:
- connect-fix-Curl_updateconninfo-for-TRNSPRT_UNIX.patch
++++ dbus-1:
- update to 1.14.4 (bsc#1204111, CVE-2022-42010,
bsc#1204112, CVE-2022-42011,
bsc#1204113, CVE-2022-42012):
This is a security update for the dbus 1.14.x stable branch, fixing
denial-of-service issues (CVE-2022-42010, -42011, -42012) and applying
security hardening (dbus#416).
Behaviour changes:
* On Linux, dbus-daemon and other uses of DBusServer now create a
path-based Unix socket, unix:path=..., when asked to listen on a
unix:tmpdir=... address. This makes unix:tmpdir=... equivalent to
unix:dir=... on all platforms.
Previous versions would have created an abstract socket, unix:abstract=...,
in this situation.
This change primarily affects the well-known session bus when run via
dbus-launch(1) or dbus-run-session(1). The user bus, enabled by configuring
dbus with --enable-user-session and running it on a systemd system,
already used path-based Unix sockets and is unaffected by this change.
This behaviour change prevents a sandbox escape via the session bus socket
in sandboxing frameworks that can share the network namespace with the host
system, such as Flatpak.
This change might cause a regression in situations where the abstract socket
is intentionally shared between the host system and a chroot or container,
such as some use-cases of schroot(1). That regression can be resolved by
using a bind-mount to share either the D-Bus socket, or the whole /tmp
directory, with the chroot or container.
(dbus#416, Simon McVittie)
* Denial of service fixes:
- Evgeny Vereshchagin discovered several ways in which an authenticated
local attacker could cause a crash (denial of service) in
dbus-daemon --system or a custom DBusServer. In uncommon configurations
these could potentially be carried out by an authenticated remote attacker.
- An invalid array of fixed-length elements where the length of the array
is not a multiple of the length of the element would cause an assertion
failure in debug builds or an out-of-bounds read in production builds.
This was a regression in version 1.3.0.
(dbus#413, CVE-2022-42011; Simon McVittie)
- A syntactically invalid type signature with incorrectly nested parentheses
and curly brackets would cause an assertion failure in debug builds.
Similar messages could potentially result in a crash or incorrect message
processing in a production build, although we are not aware of a practical
example. (dbus#418, CVE-2022-42010; Simon McVittie)
- A message in non-native endianness with out-of-band Unix file descriptors
would cause a use-after-free and possible memory corruption in production
builds, or an assertion failure in debug builds. This was a regression in
version 1.3.0. (dbus#417, CVE-2022-42012; Simon McVittie)
- Preserve errno on failure to open /proc/self/oom_score_adj
(dbus!285, Gentoo#834725; Mike Gilbert)
- On Linux, don't log warnings if oom_score_adj is read-only but does not
need to be changed (dbus!291, Simon McVittie)
- Slightly improve error-handling for inotify
(dbus!235, Simon McVittie)
- Don't crash if dbus-daemon is asked to watch more than 128 directories
for changes (dbus!302, Jan Tojnar)
++++ dnsmasq:
- update to 2.87 (bsc#1197872, CVE-2022-0934):
* Allow arbitrary prefix lengths in --rev-server and
- -domain=....,local
* Replace --address=/#/..... functionality which got
missed in the 2.86 domain search rewrite.
* Add --nftset option, like --ipset but for the newer nftables.
* Add --filter-A and --filter-AAAA options, to remove IPv4 or IPv6
addresses from DNS answers.
* Fix crash doing netbooting when --port is set to zero
to disable the DNS server. Thanks to Drexl Johannes
for the bug report.
* Generalise --dhcp-relay. Sending via broadcast/multicast is
now supported for both IPv4 and IPv6 and the configuration
syntax made easier (but backwards compatible).
* Add snooping of IPv6 prefix-delegations to the DHCP-relay system.
* Finesse parsing of --dhcp-remoteid and --dhcp-subscrid. To be treated
as hex, the pattern must consist of only hex digits AND contain
at least one ':'. Thanks to Bengt-Erik Sandstrom who tripped
over a pattern consisting of a decimal number which was interpreted
surprisingly.
* Include client address in TFTP file-not-found error reports.
Thanks to Stefan Rink for the initial patch, which has been
re-worked by me (srk). All bugs mine.
* Note in manpage the change in behaviour of -address. This behaviour
actually changed in v2.86, but was undocumented there. From 2.86 on,
(eg) --address=/example.com/1.2.3.4 ONLY applies to A queries. All other
types of query will be sent upstream. Pre 2.86, that would catch the
whole example.com domain and queries for other types would get
a local NODATA answer. The pre-2.86 behaviour is still available,
by configuring --address=/example.com/1.2.3.4 --local=/example.com/
* Fix problem with binding DHCP sockets to an individual interface.
Despite the fact that the system call tales the interface _name_ as
a parameter, it actually, binds the socket to interface _index_.
Deleting the interface and creating a new one with the same name
leaves the socket bound to the old index. (Creating new sockets
always allocates a fresh index, they are not reused). We now
take this behaviour into account and keep up with changing indexes.
* Add --conf-script configuration option.
* Enhance --domain to accept, for instance,
- -domain=net2.thekelleys.org.uk,eth2 so that hosts get a domain
which relects the interface they are attached to in a way which
doesn't require hard-coding addresses. Thanks to Sten Spans for
the idea.
* Fix write-after-free error in DHCPv6 server code.
CVE-2022-0934 refers.
* Add the ability to specify destination port in
DHCP-relay mode. This change also removes a previous bug
where --dhcp-alternate-port would affect the port used
to relay _to_ as well as the port being listened on.
The new feature allows configuration to provide bug-for-bug
compatibility, if required. Thanks to Damian Kaczkowski
for the feature suggestion.
* Bound the value of UDP packet size in the EDNS0 header of
forwarded queries to the configured or default value of
edns-packet-max. There's no point letting a client set a larger
value if we're unable to return the answer. Thanks to Bertie
Taylor for pointing out the problem and supplying the patch.
- drop dnsmasq-CVE-2022-0934.patch, dnsmasq-resolv-conf.patch (upstream)
++++ gdk-pixbuf:
- Update to version 2.42.10:
+ Search for rst2man.py.
+ Update the memory size limit for JPEG images.
+ Updated translations.
- Drop patch fixed upstream (with different limit):
+ 0001-jpeg-Increase-memory-limit-for-loading-image-data.patch
++++ glib-networking:
- Fix build with gnutls 3.7.8:
* tests: skip tls-exporter test for TLS 1.2
* https://gitlab.gnome.org/GNOME/glib-networking/-/issues/201
* Add glib-networking-gnutls-tls-exporter-tls12.patch
++++ glib2:
- Update to version 2.74.1:
+ Update Unicode data to version 15
+ Fix various build failures in different situations
+ Fix over-eager deprecated property warnings for construct
properties
+ Fix a crash calling `g_param_value_is_valid()` on a
`GParamSpecParam`
+ Fix floating `GVariant` leaks with GObject properties
+ Add inline optimised version of `g_str_equal()`
+ Fix `GVariant` type depths checks on text format variants
+ Fix regression with int64 and double hashing functions on
big-endian architectures
+ Build the API documentation only when building GLib as a shared
library
+ Ignore weird `/etc/localtime` configurations generated by
toolbx
+ Avoid `EINTR` races when closing FDs in `g_spawn_*()`
+ Bugs fixed: glgo#GNOME/GLib#16, glgo#GNOME/GLib#333,
glgo#GNOME/GLib#2735, glgo#GNOME/GLib#2740,
glgo#GNOME/GLib#2742, glgo#GNOME/GLib#2748,
glgo#GNOME/GLib#2758, glgo#GNOME/GLib#2759,
glgo#GNOME/GLib#2766, glgo#GNOME/GLib#2767,
glgo#GNOME/GLib#2770, glgo#GNOME/GLib#2774,
glgo#GNOME/GLib#2775, glgo#GNOME/GLib#2782,
glgo#GNOME/GLib#2787, glgo#GNOME/GLib#2788,
glgo#GNOME/GLib!2852, glgo#GNOME/GLib!2857,
glgo#GNOME/GLib!2864, glgo#GNOME/GLib!2866,
glgo#GNOME/GLib!2880, glgo#GNOME/GLib!2885,
glgo#GNOME/GLib!2892, glgo#GNOME/GLib!2896,
glgo#GNOME/GLib!2899, glgo#GNOME/GLib!2901,
glgo#GNOME/GLib!2903, glgo#GNOME/GLib!2904,
glgo#GNOME/GLib!2905, glgo#GNOME/GLib!2907,
glgo#GNOME/GLib!2911, glgo#GNOME/GLib!2913,
glgo#GNOME/GLib!2915, glgo#GNOME/GLib!2916,
glgo#GNOME/GLib!2920, glgo#GNOME/GLib!2922,
glgo#GNOME/GLib!2924, glgo#GNOME/GLib!2928,
glgo#GNOME/GLib!2931, glgo#GNOME/GLib!2933,
glgo#GNOME/GLib!2938, glgo#GNOME/GLib!2939,
glgo#GNOME/GLib!2946, glgo#GNOME/GLib!2948,
glgo#GNOME/GLib!2949, glgo#GNOME/GLib!2958,
glgo#GNOME/GLib!2960, glgo#GNOME/GLib!2973,
glgo#GNOME/GLib!2975, glgo#GNOME/GLib!2982,
glgo#GNOME/GLib!2983, glgo#GNOME/GLib!2988,
glgo#GNOME/GLib!2989, glgo#GNOME/GLib!2995,
glgo#GNOME/GLib!2996, glgo#GNOME/GLib!2998,
glgo#GNOME/GLib!3010.
+ Updated translations.
- Rebase patches with quilt.
- Drop f0dd96c28751f15d0703b384bfc7c314af01caa8.diff: Fixed
upstream.
++++ glibc:
- dl-debug-bindings.patch: elf: Reinstate on DL_DEBUG_BINDINGS
_dl_lookup_symbol_x (bsc#1204710)
++++ kernel-default:
- Linux 6.0.5 (bsc#1012628).
- Revert "btrfs: call __btrfs_remove_free_space_cache_locked on
cache load failure" (bsc#1012628).
- clk: tegra: Fix Tegra PWM parent clock (bsc#1012628).
- commit 7359656
- Linux 6.0.4 (bsc#1012628).
- Revert "ALSA: hda: Fix page fault in snd_hda_codec_shutdown()"
(bsc#1012628).
- fbdev/core: Remove remove_conflicting_pci_framebuffers()
(bsc#1012628).
- io-wq: Fix memory leak in worker creation (bsc#1012628).
- gcov: support GCC 12.1 and newer compilers (bsc#1012628).
- efi: ssdt: Don't free memory if ACPI table was loaded
successfully (bsc#1012628).
- efi: efivars: Fix variable writes without query_variable_store()
(bsc#1012628).
- dm clone: Fix typo in block_device format specifier
(bsc#1012628).
- drm/amd/pm: update SMU IP v13.0.4 driver interface version
(bsc#1012628).
- drm/amd/pm: fulfill SMU13.0.0 cstate control interface
(bsc#1012628).
- drm/amd/pm: disable cstate feature for gpu reset scenario
(bsc#1012628).
- drm/amd/pm: add SMU IP v13.0.4 IF version define to V7
(bsc#1012628).
- drm/amd/pm: fulfill SMU13.0.7 cstate control interface
(bsc#1012628).
- net: flag sockets supporting msghdr originated zerocopy
(bsc#1012628).
- HID: playstation: add initial DualSense Edge controller support
(bsc#1012628).
- HID: playstation: stop DualSense output work on remove
(bsc#1012628).
- io_uring/net: fail zc send when unsupported by socket
(bsc#1012628).
- thermal: intel_powerclamp: Use first online CPU as control_cpu
(bsc#1012628).
- pinctrl: amd: change dev_warn to dev_dbg for additional feature
support (bsc#1012628).
- drm/i915/bios: Use hardcoded fp_timing size for generating
LFP data pointers (bsc#1012628).
- drm/i915/bios: Validate fp_timing terminator presence
(bsc#1012628).
- commit 12375d5
- arm64: Update config files. (bsc#1203558)
Enable Renesas serial console and earlycon.
- commit e782884
++++ expat:
- Update to 2.5.0: (bsc#1204708)
* Security fixes:
- CVE-2022-43680 -- Fix heap use-after-free after overeager
destruction of a shared DTD in function
XML_ExternalEntityParserCreate in out-of-memory situations.
Expected impact is denial of service or potentially arbitrary
code execution.
* Bug fixes:
- Fix curruption from undefined entities
- Fix case when parsing was suspended while processing nested
entities
- Stop leaking opening tag bindings after a closing tag mismatch
error where a parser is reset through XML_ParserReset and then
reused to parse
- CMake: Fix generation of pkg-config file
- MinGW|CMake: Fix static library name
* Other changes:
- Protect header expat_config.h from multiple inclusion
- examples: Make use of XML_GetBuffer and be more consistent
across examples
- Address compiler warnings
- Version info bumped from 9:9:8 to 9:10:8; see
https://verbump.de/ for what these numbers do
++++ multipath-tools:
- Update to version 0.9.2+59+suse.ac8942d:
* Fix segfault in "multipath -t" command (boo#1204731)
++++ qemu:
- qtests test are not realiable when run inside OBS builders, so
let's disable that part of the testsuite for now. There is work
ongoing to run it somewhere else (on dedicated hosts) to avoid
loosing coverage. (bsc#1204566)
++++ rebootmgr:
- Update to version 2.0
- Remove outdated etcd code
- Fix issue#10:
Reboots happen at the first moment of the maintenance window
------------------------------------------------------------------
------------------ 2022-10-25 - Oct 25 2022 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Revert "ALSA: hda: Fix page fault in snd_hda_codec_shutdown()"
(bsc#1204679).
- commit df34d12
++++ alsa:
- Update to version 1.2.8:
add FreeBSD/NetBD/OpenBSD build support, fixes in control namehint,
various PCM plugins and UCM. For details, see:
https://www.alsa-project.org/wiki/Changes_v1.2.7.2_v1.2.8
- Add keyring
++++ libcontainers-common:
- set detached sigstore attachments for the SUSE controlled registries
++++ libidn2:
- update to 2.3.4:
* Support for Unicode 15.0.0
* Uses IDNA2008 from tables from unicode.org rather than IANA
for consistency with other implementation and support for
Unicode versions 12 through 15. This breaks backwards-
compatibility regarding U+19DA and recent releases
++++ rpm:
- Add selinux_transactional_update.patch to ignore errors when setting
file labels during transactional updates. They will be set upon
reboot once the new policy is loaded (bsc#1204605)
++++ systemd:
- Import commit c212388f7de8d22a3f7c22b19553548ccc0cdd15 (merge of v251.7)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/f78bba8d037cc26c09bbdd167625b2d7fe1f5a30...c212388f7de8d22a3f7c22b19553548ccc0cdd15
- specfile: reindent comments
++++ libunistring:
- Update to 1.1:
* The data tables and algorithms have been updated to Unicode
version 15.0.0.
++++ openSUSE-build-key:
- add the SUSE Container key in PEM format too to new
/usr/share/pki/containers/ directory. (bsc#1204706)
++++ sudo:
- Update to 1.9.12:
* Dropped sudo-1.9.10-update_sudouser_to_utf8.patch
* Changes in Sudo 1.9.12:
* Fixed a bug when logging the command’s exit status in intercept mode.
The wrong command could be logged with the exit status.
* For ptrace-based intercept mode, sudo will now attempt to verify that
the command path name, arguments and environment have not changed from
the time when they were authorized by the security policy. The new
intercept_verify sudoers setting can be used to control this behavior.
* Fixed running commands with a relative path (e.g. ./foo) in intercept
mode. Previously, this would fail if sudo’s current working directory
was different from that of the command.
* Sudo now supports passing the execve(2) system call the NULL pointer
for the argv and/or envp arguments when in intercept mode. Linux treats
a NULL pointer like an empty array.
* The sudoers LDAP schema now allows sudoUser, sudoRunasUser and
sudoRunasGroup to include UTF-8 characters, not just 7-bit ASCII.
* Fixed a problem with sudo -i on SELinux when the target user’s home
directory is not searchable by sudo. GitHub issue #160.
* Neovim has been added to the list of visudo editors that support passing
the line number on the command line.
* Fixed a bug in sudo’s SHA384 and SHA512 message digest padding.
* Added a new -N (no-update) command line option to sudo which can be used
to prevent sudo from updating the user’s cached credentials. It is now
possible to determine whether or not a user’s cached credentials are
currently valid by running:
$ sudo -Nnv
and checking the exit value. One use case for this is to indicate in a
shell prompt that sudo is “active†for the user.
* PAM approval modules are no longer invoked when running sub-commands in
intercept mode unless the intercept_authenticate option is set. There is
a substantial performance penalty for calling into PAM for each command
run. PAM approval modules are still called for the initial command.
* Intercept mode on Linux now uses process_vm_readv(2) and process_vm_writev(2)
if available.
* The XDG_CURRENT_DESKTOP environment variable is now preserved by default.
This makes it possible for graphical applications to choose the correct
theme when run via sudo.
* On 64-bit systems, if sudo fails to load a sudoers group plugin, it will
use system-specific heuristics to try to locate a 64-bit version of the plugin.
* The cvtsudoers manual now documents the JSON and CSV output formats.
GitHub issue #172.
* Fixed a bug where sub-commands were not being logged to a remote log server
when log_subcmds was enabled. GitHub issue #174.
* The new log_stdin, log_stdout, log_stderr, log_ttyin, and log_ttyout
sudoers settings can be used to support more fine-grained I/O logging.
The sudo front-end no longer allocates a pseudo-terminal when running a
command if the I/O logging plugin requests logging of stdin, stdout, or
stderr but not terminal input/output.
* Quieted a libgcrypt run-time initialization warning. This fixes Debian
bug #1019428 and Ubuntu bug #1397663.
* Fixed a bug in visudo that caused literal backslashes to be removed from
the EDITOR environment variable. GitHub issue #179.
* The sudo Python plugin now implements the find_spec method instead of the
the deprecated find_module. This fixes a test failure when a newer version
of setuptools that doesn’t include find_module is found on the system.
* Fixed a bug introduced in sudo 1.9.9 where sudo_logsrvd created the process
ID file, usually /var/run/sudo/sudo_logsrvd.pid, as a directory instead of a
plain file. The same bug could result in I/O log directories that end in six
or more X’s being created literally in addition to the name being used as a
template for the mkdtemp(3) function.
* Fixed a long-standing bug where a sudoers rule with a command line argument
of “â€, which indicates the command may be run with no arguments, would also
match a literal "" on the command line. GitHub issue #182.
* Added the -I option to visudo which only edits the main sudoers file. Include
files are not edited unless a syntax error is found.
* Fixed sudo -l -U otheruser output when the runas list is empty. Previously,
sudo would list the invoking user instead of the list user. GitHub issue #183.
* Fixed the display of command tags and options in sudo -l output when the RunAs
user or group changes. A new line is started for RunAs changes which means we
need to display the command tags and options again. GitHub issue #184.
* The sesh helper program now uses getopt_long(3) to parse the command line options.
* The embedded copy of zlib has been updated to version 1.2.13.
* Fixed a bug that prevented event log data from being sent to the log server when
I/O logging was not enabled. This only affected systems without PAM or
configurations where the pam_session and pam_setcred options were disabled in
the sudoers file.
* Fixed a bug where sudo -l output included a carriage return after the newline.
This is only needed when displaying to a terminal in raw mode. Bug #1042.
------------------------------------------------------------------
------------------ 2022-10-24 - Oct 24 2022 -------------------
------------------------------------------------------------------
++++ docker:
- Fix wrong After: in docker.service, fixes bsc#1188447
++++ gettext-runtime:
- update keyring for the last version update
++++ grub2:
- Include loopback into signed grub2 image (jsc#PED-2150)
++++ kernel-default:
- Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del()
(CVE-2022-3640 bsc#1204619).
- commit c41533c
++++ libffi:
- Update to libffi 3.4.4
* Important aarch64 fixes, including support for linux builds
with Link Time Optimization (-flto).
* Fix x86 stdcall stack alignment.
* Fix x86 Windows msvc assembler compatibility.
* Fix moxie and or1k small structure args.
- drop riscv64-handle-big-structures.patch
- reenable LTO
++++ multipath-tools:
- Update to version 0.9.2+57+suse.cf3c1e9:
* Fix multipathd authorization bypass and symlink attack
(bsc#1202739 CVE-2022-41973 CVE-2022-41974)
* add multipath-dracut.conf: dracut config file to install
tmpfiles.d/multipath.conf in initramfs
* Use "queue_mode bio" for NVMeoF/TCP devices
* Upstream bug fixes and hwtable updates
- Drop recompress.service, it just slows down build
++++ ncurses:
- Add ncurses patch 20221023
+ change man_db.renames to template, to handle ncurses*-config script
with the extra-suffix configure option.
++++ shadow:
- Add shadow-prefix-overflow.patch:
Fix buffer overflow when calling useradd with --prefix
See https://github.com/shadow-maint/shadow/pull/588
++++ zchunk:
- update to 1.2.3:
* Remove meson deprecation warning
* Add license scan report and status
* test/zck_cmp_uncomp: fix printf format types
* meson: add option to build without docs
* zck: declare write_data as static
++++ pam-config:
- Update to Version 1.8
- Move systemd_home after all optional modules (#13)
- Add pam_u2f support [bsc#1115512]
++++ qemu:
- Improve dependency handling (e.g., what's recommended vs. what's
required.
- Add a subpackage (qemu-headless) that brings in all the packages
that are needed for creating VMs with tools like virt-install
or VirtManager, run either locally or from a remote host.
(bsc#1202166)
++++ vim:
- Updated to version 9.0.0814, fixes the following problems
* Kitty terminal is not recognized.
* GUI mouse scrollwheel mappings don't work.
* Error if :echowin is preceded by a command modifier
* readblob() returns empty when trying to read too much
* Test for job writing to buffer fails
* sonnet filetype detection has a typo
* With 'smoothscroll' typing "0" may not go to the first column
* 'langmap' works differently when there are modifiers
* Filetype autocmd may cause freed memory access
* Crash when trying to divice the largest negative number by -1
* readblob() cannot read from character device.
* The modifyOtherKeys flag is set when it should not.
* In compiled function ->() on next line not recognized
* Clang format configuration files are not recognized.
* Order of assert function arguments is reverted.
* readblob() always reads the whole file.
* At the hit-Enter prompt the End and Home keys may not work.
* Dummy buffer ends up in a window
* User command does not get number from :tab modifier
* Memory leak with empty shell command
* ":!" doesn't do anything but does update the previous command.
* OpenVPN files are not recognized.
* 'scroll' value computed in unexpected location
* The libvterm code is outdated.
* Quickfix commands may keep memory allocated.
* With a Visual block a put command column may go negative.
* Indent and option tests fail.
* Cannot use 'indentexpr' for Lisp indenting.
* Display test for 'listchars' "precedes" fails
* Line number not visisble with smoothscroll'', 'nu' and 'rnu'
* No autocmd event for changing text in a terminal window
* 'scrolloff' does not work well with 'smoothscroll'.
* Crash when popup closed in callback
* Alloc/free of buffer for each quickfix entry is inefficient
* Wrong cursor position when using "gj" and "gk" in a long line.
* In script in autoload dir exported variable is not found.
------------------------------------------------------------------
------------------ 2022-10-23 - Oct 23 2022 -------------------
------------------------------------------------------------------
++++ python-urllib3:
- Fix pycache when undbundling six
------------------------------------------------------------------
------------------ 2022-10-22 - Oct 22 2022 -------------------
------------------------------------------------------------------
++++ kernel-default:
- ALSA: hda/realtek: Add another HP ZBook G9 model quirks
(bsc#1203699).
- commit a4522e2
- Linux 6.0.3 (bsc#1012628).
- arm64: dts: qcom: sc8280xp-pmics: Remove reg entry & use
correct node name for pmc8280c_lpg node (bsc#1012628).
- Kconfig.debug: add toolchain checks for
DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT (bsc#1012628).
- Kconfig.debug: simplify the dependency of DEBUG_INFO_DWARF4/5
(bsc#1012628).
- io_uring/rw: ensure kiocb_end_write() is always called
(bsc#1012628).
- io_uring: fix fdinfo sqe offsets calculation (bsc#1012628).
- drm/amd/display: Fix build breakage with CONFIG_DEBUG_FS=n
(bsc#1012628).
- powerpc/64s/interrupt: Fix lost interrupts when returning to
soft-masked context (bsc#1012628).
- net/ieee802154: don't warn zero-sized raw_sendmsg()
(bsc#1012628).
- Revert "net/ieee802154: reject zero-sized raw_sendmsg()"
(bsc#1012628).
- Revert "drm/amd/display: correct hostvm flag" (bsc#1012628).
- net: ethernet: ti: davinci_mdio: fix build for mdio bitbang uses
(bsc#1012628).
- blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init()
(bsc#1012628).
- ALSA: usb-audio: Fix last interface check for registration
(bsc#1012628).
- net: ieee802154: return -EINVAL for unknown addr type
(bsc#1012628).
- mm: hugetlb: fix UAF in hugetlb_handle_userfault (bsc#1012628).
- io_uring/net: fix notif cqe reordering (bsc#1012628).
- io_uring/net: don't skip notifs for failed requests
(bsc#1012628).
- io_uring/net: rename io_sendzc() (bsc#1012628).
- io_uring/net: don't lose partial send_zc on fail (bsc#1012628).
- io_uring/net: use io_sr_msg for sendzc (bsc#1012628).
- io_uring/net: refactor io_sr_msg types (bsc#1012628).
- perf intel-pt: Fix system_wide dummy event for hybrid
(bsc#1012628).
- perf intel-pt: Fix segfault in intel_pt_print_info() with uClibc
(bsc#1012628).
- perf: Skip and warn on unknown format 'configN' attrs
(bsc#1012628).
- clk: bcm2835: Round UART input clock up (bsc#1012628).
- usb: typec: ucsi: Don't warn on probe deferral (bsc#1012628).
- dmaengine: dw-edma: Remove runtime PM support (bsc#1012628).
- fsi: master-ast-cf: Fix missing of_node_put in
fsi_master_acf_probe (bsc#1012628).
- fsi: occ: Prevent use after free (bsc#1012628).
- hwmon (occ): Retry for checksum failure (bsc#1012628).
- blk-mq: use quiesced elevator switch when reinitializing queues
(bsc#1012628).
- usb: idmouse: fix an uninit-value in idmouse_open (bsc#1012628).
- nvmet-tcp: add bounds check on Transfer Tag (bsc#1012628).
- nvme: copy firmware_rev on each init (bsc#1012628).
- nvme: handle effects after freeing the request (bsc#1012628).
- ext2: Use kvmalloc() for group descriptor array (bsc#1012628).
- scsi: tracing: Fix compile error in trace_array calls when
TRACING is disabled (bsc#1012628).
- staging: rtl8723bs: fix a potential memory leak in
rtw_init_cmd_priv() (bsc#1012628).
- staging: rtl8723bs: fix potential memory leak in
rtw_init_drv_sw() (bsc#1012628).
- io_uring: fix CQE reordering (bsc#1012628).
- Revert "usb: storage: Add quirk for Samsung Fit flash"
(bsc#1012628).
- usb: dwc3: core: Enable GUCTL1 bit 10 for fixing termination
error after resume bug (bsc#1012628).
- arm64: dts: imx8mp: Add snps,gfladj-refclk-lpm-sel quirk to
USB nodes (bsc#1012628).
- usb: dwc3: core: add gfladj_refclk_lpm_sel quirk (bsc#1012628).
- usb: musb: Fix musb_gadget.c rxstate overflow bug (bsc#1012628).
- usb: host: xhci: Fix potential memory leak in
xhci_alloc_stream_info() (bsc#1012628).
- md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (bsc#1012628).
- HID: nintendo: check analog user calibration for plausibility
(bsc#1012628).
- HSI: ssi_protocol: fix potential resource leak in ssip_pn_open()
(bsc#1012628).
- HID: roccat: Fix use-after-free in roccat_read() (bsc#1012628).
- soundwire: intel: fix error handling on dai registration issues
(bsc#1012628).
- soundwire: cadence: Don't overwrite msg->buf during write
commands (bsc#1012628).
- bcache: fix set_at_max_writeback_rate() for multiple attached
devices (bsc#1012628).
- ata: libahci_platform: Sanity check the DT child nodes number
(bsc#1012628).
- blk-throttle: prevent overflow while calculating wait time
(bsc#1012628).
- staging: vt6655: fix potential memory leak (bsc#1012628).
- power: supply: adp5061: fix out-of-bounds read in
adp5061_get_chg_type() (bsc#1012628).
- usb: gadget: uvc: increase worker prio to WQ_HIGHPRI
(bsc#1012628).
- iommu/arm-smmu-v3: Make default domain type of HiSilicon PTT
device to identity (bsc#1012628).
- nbd: Fix hung when signal interrupts nbd_start_device_ioctl()
(bsc#1012628).
- scsi: 3w-9xxx: Avoid disabling device if failing to enable it
(bsc#1012628).
- dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to
prevent overflow (bsc#1012628).
- scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit
path for GFT_ID (bsc#1012628).
- usb: host: xhci-plat: suspend/resume clks for brcm
(bsc#1012628).
- usb: host: xhci-plat: suspend and resume clocks (bsc#1012628).
- RDMA/rxe: Delete error messages triggered by incoming Read
requests (bsc#1012628).
- clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate
(bsc#1012628).
- media: platform: fix some double free in meson-ge2d and mtk-jpeg
and s5p-mfc (bsc#1012628).
- media: cx88: Fix a null-ptr-deref bug in buffer_prepare()
(bsc#1012628).
- clk: zynqmp: Fix stack-out-of-bounds in strncpy` (bsc#1012628).
- ARM: 9242/1: kasan: Only map modules if CONFIG_KASAN_VMALLOC=n
(bsc#1012628).
- ARM: 9234/1: stacktrace: Avoid duplicate saving of exception
PC value (bsc#1012628).
- ARM: 9233/1: stacktrace: Skip frame pointer boundary check
for call_with_stack() (bsc#1012628).
- btrfs: call __btrfs_remove_free_space_cache_locked on cache
load failure (bsc#1012628).
- btrfs: don't print information about space cache or tree every
remount (bsc#1012628).
- btrfs: scrub: try to fix super block errors (bsc#1012628).
- btrfs: scrub: properly report super block errors in system log
(bsc#1012628).
- btrfs: dump extra info if one free space cache has more bitmaps
than it should (bsc#1012628).
- ARM: orion: fix include path (bsc#1012628).
- arm64: dts: imx8mq-librem5: Add bq25895 as max17055's power
supply (bsc#1012628).
- arm64: dts: imx8mm-kontron: Use the VSELECT signal to switch
SD card IO voltage (bsc#1012628).
- kselftest/arm64: Fix validatation termination record after
EXTRA_CONTEXT (bsc#1012628).
- ARM: dts: imx6sx-udoo-neo: don't use multiple blank lines
(bsc#1012628).
- ARM: dts: imx6sl: use tabs for code indent (bsc#1012628).
- ARM: dts: imx6sx: add missing properties for sram (bsc#1012628).
- ARM: dts: imx6sll: add missing properties for sram
(bsc#1012628).
- ARM: dts: imx6sl: add missing properties for sram (bsc#1012628).
- ARM: dts: imx6qp: add missing properties for sram (bsc#1012628).
- ARM: dts: imx6dl: add missing properties for sram (bsc#1012628).
- ARM: dts: imx6q: add missing properties for sram (bsc#1012628).
- arm64: dts: qcom: sc7280-idp: correct ADC channel node name
and unit address (bsc#1012628).
- ARM: dts: imx7d-sdb: config the max pressure for tsc2046
(bsc#1012628).
- ARM: dts: imx6: delete interrupts property if
interrupts-extended is set (bsc#1012628).
- drm/amdkfd: Fix UBSAN shift-out-of-bounds warning (bsc#1012628).
- drm/amd/display: polling vid stream status in hpo dp blank
(bsc#1012628).
- drm/amd/display: Remove interface for periodic interrupt 1
(bsc#1012628).
- drm/dp: Don't rewrite link config when setting phy test pattern
(bsc#1012628).
- mmc: sdhci-msm: add compatible string check for sdm670
(bsc#1012628).
- drm/meson: remove drm bridges at aggregate driver unbind time
(bsc#1012628).
- drm/meson: explicitly remove aggregate driver at module unload
time (bsc#1012628).
- drm/meson: reorder driver deinit sequence to fix use-after-free
bug (bsc#1012628).
- ASoC: amd: yc: Add Lenovo Yoga Slim 7 Pro X to quirks table
(bsc#1012628).
- ASoC: amd: yc: Add ASUS UM5302TA into DMI table (bsc#1012628).
- drm/amdgpu: fix initial connector audio value (bsc#1012628).
- drm/amd/display: correct hostvm flag (bsc#1012628).
- drm/amd/display: Fix urgent latency override for DCN32/DCN321
(bsc#1012628).
- drm/amdgpu: SDMA update use unlocked iterator (bsc#1012628).
- ASoC: SOF: add quirk to override topology mclk_id (bsc#1012628).
- ASoC: sunxi: sun4i-codec: set debugfs_prefix for CPU DAI
component (bsc#1012628).
- ASoC: SOF: pci: Change DMI match info to support all Chrome
platforms (bsc#1012628).
- ALSA: intel-dspconfig: add ES8336 support for AlderLake-PS
(bsc#1012628).
- platform/x86: msi-laptop: Change DMI match / alias strings to
fix module autoloading (bsc#1012628).
- platform/x86: hp-wmi: Setting thermal profile fails with 0x06
(bsc#1012628).
- platform/chrome: cros_ec: Notify the PM of wake events during
resume (bsc#1012628).
- drm: panel-orientation-quirks: Add quirk for Aya Neo Air
(bsc#1012628).
- drm: panel-orientation-quirks: Add quirk for Anbernic Win600
(bsc#1012628).
- drm/vc4: vec: Fix timings for VEC modes (bsc#1012628).
- ALSA: usb-audio: Register card at the last interface
(bsc#1012628).
- drm/admgpu: Skip CG/PG on SOC21 under SRIOV VF (bsc#1012628).
- drm/amdgpu: Skip the program of MMMC_VM_AGP_* in SRIOV on
MMHUB v3_0_0 (bsc#1012628).
- drm/amd/display: Fix variable dereferenced before check
(bsc#1012628).
- drm: bridge: dw_hdmi: only trigger hotplug event on link change
(bsc#1012628).
- drm/amd: fix potential memory leak (bsc#1012628).
- platform/x86: pmc_atom: Improve quirk message to be less cryptic
(bsc#1012628).
- udmabuf: Set ubuf->sg = NULL if the creation of sg table fails
(bsc#1012628).
- ALSA: usb-audio: Add quirk to enable Avid Mbox 3 support
(bsc#1012628).
- ALSA: hda: Fix page fault in snd_hda_codec_shutdown()
(bsc#1012628).
- drm/amd/display: fix overflow on MIN_I64 definition
(bsc#1012628).
- gpu: lontium-lt9611: Fix NULL pointer dereference in
lt9611_connector_init() (bsc#1012628).
- drm/komeda: Fix handling of atomic commits in the
atomic_commit_tail hook (bsc#1012628).
- drm: Prevent drm_copy_field() to attempt copying a NULL pointer
(bsc#1012628).
- drm: Use size_t type for len variable in drm_copy_field()
(bsc#1012628).
- drm/nouveau/nouveau_bo: fix potential memory leak in
nouveau_bo_alloc() (bsc#1012628).
- r8152: Rate limit overflow messages (bsc#1012628).
- i2c: designware-pci: Group AMD NAVI quirk parts together
(bsc#1012628).
- libbpf: Fix overrun in netlink attribute iteration
(bsc#1012628).
- net: sched: cls_u32: Avoid memcpy() false-positive warning
(bsc#1012628).
- Bluetooth: L2CAP: Fix user-after-free (bsc#1012628).
- bpf: use bpf_prog_pack for bpf_dispatcher (bsc#1012628).
- bpf: Adjust kprobe_multi entry_ip for CONFIG_X86_KERNEL_IBT
(bsc#1012628).
- net: If sock is dead don't access sock's sk_wq in
sk_stream_wait_memory (bsc#1012628).
- hwmon: (sht4x) do not overflow clamping operation on 32-bit
platforms (bsc#1012628).
- wifi: rt2x00: correctly set BBP register 86 for MT7620
(bsc#1012628).
- wifi: rt2x00: set SoC wmac clock register (bsc#1012628).
- wifi: rt2x00: set VGC gain for both chains of MT7620
(bsc#1012628).
- wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620
(bsc#1012628).
- wifi: rt2x00: don't run Rt5592 IQ calibration on MT7620
(bsc#1012628).
- can: bcm: check the result of can_send() in bcm_can_tx()
(bsc#1012628).
- selftests/bpf: Free the allocated resources after test case
succeeds (bsc#1012628).
- bnxt_en: replace reset with config timestamps (bsc#1012628).
- Bluetooth: hci_event: Make sure ISO events don't affect non-ISO
connections (bsc#1012628).
- Bluetooth: hci_sysfs: Fix attempting to call device_add multiple
times (bsc#1012628).
- Bluetooth: L2CAP: initialize delayed works at
l2cap_chan_create() (bsc#1012628).
- wifi: rtw89: fix rx filter after scan (bsc#1012628).
- wifi: rtw89: free unused skb to prevent memory leak
(bsc#1012628).
- wifi: mt76: mt7921: reset msta->airtime_ac while clearing up
hw value (bsc#1012628).
- wifi: ath11k: mhi: fix potential memory leak in
ath11k_mhi_register() (bsc#1012628).
- regulator: core: Prevent integer underflow (bsc#1012628).
- Bluetooth: btintel: Mark Intel controller to support LE_STATES
quirk (bsc#1012628).
- wifi: brcmfmac: fix use-after-free bug in
brcmf_netdev_start_xmit() (bsc#1012628).
- iavf: Fix race between iavf_close and iavf_reset_task
(bsc#1012628).
- net: ftmac100: fix endianness-related issues from 'sparse'
(bsc#1012628).
- rtw89: ser: leave lps with mutex (bsc#1012628).
- wifi: ath11k: Register shutdown handler for WCN6750
(bsc#1012628).
- xfrm: Update ipcomp_scratches with NULL when freed
(bsc#1012628).
- net-next: Fix IP_UNICAST_IF option behavior for connected
sockets (bsc#1012628).
- net: axienet: Switch to 64-bit RX/TX statistics (bsc#1012628).
- x86/apic: Don't disable x2APIC if locked (bsc#1012628).
- thunderbolt: Add back Intel Falcon Ridge end-to-end flow
control workaround (bsc#1012628).
- wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg()
(bsc#1012628).
- x86/mce: Retrieve poison range from hardware (bsc#1012628).
- wifi: mac80211: accept STA changes without link changes
(bsc#1012628).
- micrel: ksz8851: fixes struct pointer issue (bsc#1012628).
- tcp: annotate data-race around tcp_md5sig_pool_populated
(bsc#1012628).
- openvswitch: Fix overreporting of drops in dropwatch
(bsc#1012628).
- openvswitch: Fix double reporting of drops in dropwatch
(bsc#1012628).
- net: ethernet: ti: davinci_mdio: Add workaround for errata i2329
(bsc#1012628).
- bpftool: Clear errno after libcap's checks (bsc#1012628).
- wifi: brcmfmac: fix invalid address access when enabling SCAN
log level (bsc#1012628).
- libbpf: Do not require executable permission for shared
libraries (bsc#1012628).
- libbpf: Ensure functions with always_inline attribute are inline
(bsc#1012628).
- NFSD: fix use-after-free on source server when doing
inter-server copy (bsc#1012628).
- NFSD: Return nfserr_serverfault if splice_ok but buf->pages
have data (bsc#1012628).
- x86/entry: Work around Clang __bdos() bug (bsc#1012628).
- ACPI: x86: Add a quirk for Dell Inspiron 14 2-in-1 for
StorageD3Enable (bsc#1012628).
- ARM: decompressor: Include .data.rel.ro.local (bsc#1012628).
- thermal: intel_powerclamp: Use get_cpu() instead of
smp_processor_id() to avoid crash (bsc#1012628).
- powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue
(bsc#1012628).
- MIPS: BCM47XX: Cast memcmp() of function to (void *)
(bsc#1012628).
- cpufreq: intel_pstate: Add Tigerlake support in no-HWP mode
(bsc#1012628).
- ACPI: tables: FPDT: Don't call acpi_os_map_memory() on invalid
phys address (bsc#1012628).
- fortify: Fix __compiletime_strlen() under UBSAN_BOUNDS_LOCAL
(bsc#1012628).
- ACPI: video: Add Toshiba Satellite/Portege Z830 quirk
(bsc#1012628).
- cpufreq: amd_pstate: fix wrong lowest perf fetch (bsc#1012628).
- rcu-tasks: Ensure RCU Tasks Trace loops have quiescent states
(bsc#1012628).
- rcu-tasks: Convert RCU_LOCKDEP_WARN() to WARN_ONCE()
(bsc#1012628).
- rcu: Back off upon fill_page_cache_func() allocation failure
(bsc#1012628).
- rcu: Avoid triggering strict-GP irq-work when RCU is idle
(bsc#1012628).
- fs: dlm: fix race in lowcomms (bsc#1012628).
- module: tracking: Keep a record of tainted unloaded modules only
(bsc#1012628).
- ARM/dma-mapping: don't override ->dma_coherent when set from
a bus notifier (bsc#1012628).
- selftest: tpm2: Add Client.__del__() to close /dev/tpm* handle
(bsc#1012628).
- tools/power turbostat: Use standard Energy Unit for SPR Dram
RAPL domain (bsc#1012628).
- f2fs: fix to account FS_CP_DATA_IO correctly (bsc#1012628).
- f2fs: fix race condition on setting FI_NO_EXTENT flag
(bsc#1012628).
- ACPI: APEI: do not add task_work to kernel thread to avoid
memory leak (bsc#1012628).
- thermal/drivers/qcom/tsens-v0_1: Fix MSM8939 fourth sensor hw_id
(bsc#1012628).
- random: schedule jitter credit for next jiffy, not in two
jiffies (bsc#1012628).
- crypto: cavium - prevent integer overflow loading firmware
(bsc#1012628).
- crypto: marvell/octeontx - prevent integer overflows
(bsc#1012628).
- kbuild: rpm-pkg: fix breakage when V=1 is used (bsc#1012628).
- linux/export: use inline assembler to populate symbol CRCs
(bsc#1012628).
- kbuild: remove the target in signal traps when interrupted
(bsc#1012628).
- ftrace: Fix recursive locking direct_mutex in
ftrace_modify_direct_caller (bsc#1012628).
- tracing/osnoise: Fix possible recursive locking in
stop_per_cpu_kthreads (bsc#1012628).
- tracing: kprobe: Make gen test module work in arm and riscv
(bsc#1012628).
- tracing: kprobe: Fix kprobe event gen test module on exit
(bsc#1012628).
- iommu/iova: Fix module config properly (bsc#1012628).
- cifs: return correct error in ->calc_signature() (bsc#1012628).
- clocksource/drivers/timer-gxp: Add missing error handling in
gxp_timer_probe (bsc#1012628).
- clocksource/drivers/arm_arch_timer: Fix handling of ARM erratum
858921 (bsc#1012628).
- crypto: qat - fix DMA transfer direction (bsc#1012628).
- crypto: inside-secure - Change swab to swab32 (bsc#1012628).
- crypto: ccp - Release dma channels before dmaengine unrgister
(bsc#1012628).
- crypto: akcipher - default implementation for setting a private
key (bsc#1012628).
- iommu/omap: Fix buffer overflow in debugfs (bsc#1012628).
- cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset
(bsc#1012628).
- crypto: hisilicon/qm - fix missing put dfx access (bsc#1012628).
- crypto: qat - fix default value of WDT timer (bsc#1012628).
- hwrng: imx-rngc - Moving IRQ handler registering after
imx_rngc_irq_mask_clear() (bsc#1012628).
- hwrng: imx-rngc - use devm_clk_get_enabled (bsc#1012628).
- cgroup: Honor caller's cgroup NS when resolving path
(bsc#1012628).
- crypto: ccp - Fail the PSP initialization when writing psp
data file failed (bsc#1012628).
- hwrng: arm-smccc-trng - fix NO_ENTROPY handling (bsc#1012628).
- crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr
(bsc#1012628).
- crypto: sahara - don't sleep when in softirq (bsc#1012628).
- powerpc/pseries/vas: Pass hw_cpu_id to node associativity HCALL
(bsc#1012628).
- powerpc/kprobes: Fix null pointer reference in
arch_prepare_kprobe() (bsc#1012628).
- powerpc: Fix SPE Power ISA properties for e500v1 platforms
(bsc#1012628).
- powerpc/64/interrupt: Fix return to masked context after
hard-mask irq becomes pending (bsc#1012628).
- powerpc/64: mark irqs hard disabled in boot paca (bsc#1012628).
- powerpc/64/interrupt: Fix false warning in context tracking
due to idle state (bsc#1012628).
- powerpc/64s: Fix GENERIC_CPU build flags for PPC970 / G5
(bsc#1012628).
- x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition
(bsc#1012628).
- powerpc: Fix fallocate and fadvise64_64 compat parameter
combination (bsc#1012628).
- powerpc: dts: turris1x.dts: Fix labels in DSA cpu port nodes
(bsc#1012628).
- powerpc: dts: turris1x.dts: Fix NOR partitions labels
(bsc#1012628).
- cpuidle: riscv-sbi: Fix CPU_PM_CPU_IDLE_ENTER_xyz() macro usage
(bsc#1012628).
- powerpc/powernv: add missing of_node_put() in
opal_export_attrs() (bsc#1012628).
- powerpc/pci_dn: Add missing of_node_put() (bsc#1012628).
- powerpc/sysdev/fsl_msi: Add missing of_node_put() (bsc#1012628).
- powerpc/math_emu/efp: Include module.h (bsc#1012628).
- powerpc/configs: Properly enable PAPR_SCM in pseries_defconfig
(bsc#1012628).
- ipc: mqueue: fix possible memory leak in init_mqueue_fs()
(bsc#1012628).
- mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg
(bsc#1012628).
- mailbox: mpfs: account for mbox offsets while sending
(bsc#1012628).
- mailbox: mpfs: fix handling of the reg property (bsc#1012628).
- mailbox: imx: fix RST channel support (bsc#1012628).
- clk: ast2600: BCLK comes from EPLL (bsc#1012628).
- clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe
(bsc#1012628).
- clk: ti: Balance of_node_get() calls for of_find_node_by_name()
(bsc#1012628).
- clk: imx: scu: fix memleak on platform_device_add() fails
(bsc#1012628).
- clk: imx8mp: tune the order of enet_qos_root_clk (bsc#1012628).
- clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration
(bsc#1012628).
- clk: bcm2835: Make peripheral PLLC critical (bsc#1012628).
- clk: baikal-t1: Add SATA internal ref clock buffer
(bsc#1012628).
- clk: baikal-t1: Add shared xGMAC ref/ptp clocks internal parent
(bsc#1012628).
- clk: baikal-t1: Fix invalid xGMAC PTP clock divider
(bsc#1012628).
- clk: vc5: Fix 5P49V6901 outputs disabling when enabling FOD
(bsc#1012628).
- spmi: pmic-arb: correct duplicate APID to PPID mapping logic
(bsc#1012628).
- usb: mtu3: fix failed runtime suspend in host only mode
(bsc#1012628).
- HID: amd_sfh: Handle condition of "no sensors" for SFH1.1
(bsc#1012628).
- dmaengine: ioat: stop mod_timer from resurrecting deleted
timer in __cleanup() (bsc#1012628).
- io_uring/rw: defer fsnotify calls to task context (bsc#1012628).
- clk: mediatek: Migrate remaining clk_unregister_*() to
clk_hw_unregister_*() (bsc#1012628).
- clk: mediatek: fix unregister function in
mtk_clk_register_dividers cleanup (bsc#1012628).
- clk: mediatek: clk-mt8195-mfg: Reparent mfg_bg3d and propagate
rate changes (bsc#1012628).
- clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent
(bsc#1012628).
- mfd: da9061: Fix Failed to set Two-Wire Bus Mode (bsc#1012628).
- mfd: sm501: Add check for platform_driver_register()
(bsc#1012628).
- mfd: fsl-imx25: Fix check for platform_get_irq() errors
(bsc#1012628).
- mfd: lp8788: Fix an error handling path in lp8788_irq_init()
and lp8788_irq_init() (bsc#1012628).
- mfd: lp8788: Fix an error handling path in lp8788_probe()
(bsc#1012628).
- mfd: fsl-imx25: Fix an error handling path in
mx25_tsadc_setup_irq() (bsc#1012628).
- mfd: intel_soc_pmic: Fix an error handling path in
intel_soc_pmic_i2c_probe() (bsc#1012628).
- fsi: core: Check error number after calling ida_simple_get
(bsc#1012628).
- RDMA/rxe: Fix resize_finish() in rxe_queue.c (bsc#1012628).
- RDMA/rxe: Set pd early in mr alloc routines (bsc#1012628).
- nvmet-auth: don't try to cancel a non-initialized work_struct
(bsc#1012628).
- clk: qcom: gcc-sm6115: Override default Alpha PLL regs
(bsc#1012628).
- clk: qcom: apss-ipq6018: mark apcs_alias0_core_clk as critical
(bsc#1012628).
- scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling
getpeername() (bsc#1012628).
- scsi: pm8001: Fix running_req for internal abort commands
(bsc#1012628).
- scsi: libsas: Fix use-after-free bug in smp_execute_task_sg()
(bsc#1012628).
- serial: 8250: Fix restoring termios speed after suspend
(bsc#1012628).
- firmware: google: Test spinlock on panic path to avoid lockups
(bsc#1012628).
- slimbus: qcom-ngd: Add error handling in
of_qcom_slim_ngd_register (bsc#1012628).
- staging: vt6655: fix some erroneous memory clean-up loops
(bsc#1012628).
- phy: qualcomm: call clk_disable_unprepare in the error handling
(bsc#1012628).
- tty: serial: fsl_lpuart: disable dma rx/tx use flags in
lpuart_dma_shutdown (bsc#1012628).
- serial: 8250: Toggle IER bits on only after irq has been set up
(bsc#1012628).
- drivers: serial: jsm: fix some leaks in probe (bsc#1012628).
- usb: dwc3: core: fix some leaks in probe (bsc#1012628).
- usb: typec: anx7411: Use of_get_child_by_name() instead of
of_find_node_by_name() (bsc#1012628).
- usb: gadget: function: fix dangling pnp_string in f_printer.c
(bsc#1012628).
- xhci: Don't show warning for reinit on known broken suspend
(bsc#1012628).
- IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers
(bsc#1012628).
- RDMA/cm: Use SLID in the work completion as the DLID in
responder side (bsc#1012628).
- md: Remove extra mddev_get() in md_seq_start() (bsc#1012628).
- md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk()
(bsc#1012628).
- md/raid5: Ensure stripe_fill happens on non-read IO with journal
(bsc#1012628).
- md: Replace snprintf with scnprintf (bsc#1012628).
- io_uring/fdinfo: fix sqe dumping for IORING_SETUP_SQE128
(bsc#1012628).
- eventfd: guard wake_up in eventfd fs calls as well
(bsc#1012628).
- block: Fix the enum blk_eh_timer_return documentation
(bsc#1012628).
- mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct()
(bsc#1012628).
- ata: fix ata_id_has_dipm() (bsc#1012628).
- ata: fix ata_id_has_ncq_autosense() (bsc#1012628).
- ata: fix ata_id_has_devslp() (bsc#1012628).
- ata: fix ata_id_sense_reporting_enabled() and
ata_id_has_sense_reporting() (bsc#1012628).
- RDMA/siw: Fix QP destroy to wait for all references dropped
(bsc#1012628).
- RDMA/siw: Always consume all skbuf data in sk_data_ready()
upcall (bsc#1012628).
- RDMA/srp: Fix srp_abort() (bsc#1012628).
- RDMA/irdma: Validate udata inlen and outlen (bsc#1012628).
- RDMA/irdma: Align AE id codes to correct flush code and event
(bsc#1012628).
- mtd: rawnand: fsl_elbc: Fix none ECC mode (bsc#1012628).
- mtd: rawnand: intel: Remove undocumented compatible string
(bsc#1012628).
- mtd: rawnand: intel: Read the chip-select line from the correct
OF node (bsc#1012628).
- phy: phy-mtk-tphy: fix the phy type setting issue (bsc#1012628).
- phy: amlogic: phy-meson-axg-mipi-pcie-analog: Hold reference
returned by of_get_parent() (bsc#1012628).
- phy: qcom-qmp-usb: disable runtime PM on unbind (bsc#1012628).
- remoteproc: Harden rproc_handle_vdev() against integer overflow
(bsc#1012628).
- mtd: devices: docg3: check the return value of devm_ioremap()
in the probe (bsc#1012628).
- scsi: lpfc: Fix various issues reported by tools (bsc#1012628).
- clk: qcom: sm6115: Select QCOM_GDSC (bsc#1012628).
- dyndbg: drop EXPORTed dynamic_debug_exec_queries (bsc#1012628).
- dyndbg: let query-modname override actual module name
(bsc#1012628).
- dyndbg: fix module.dyndbg handling (bsc#1012628).
- dyndbg: fix static_branch manipulation (bsc#1012628).
- usb: gadget: f_fs: stricter integer overflow checks
(bsc#1012628).
- iio: Use per-device lockdep class for mlock (bsc#1012628).
- dmaengine: hisilicon: Add multi-thread support for a DMA channel
(bsc#1012628).
- dmaengine: hisilicon: Fix CQ head update (bsc#1012628).
- dmaengine: hisilicon: Disable channels when unregister hisi_dma
(bsc#1012628).
- dmaengine: idxd: avoid deadlock in process_misc_interrupts()
(bsc#1012628).
- phy: rockchip-inno-usb2: Return zero after otg sync
(bsc#1012628).
- fpga: prevent integer overflow in dfl_feature_ioctl_set_irq()
(bsc#1012628).
- fpga: dfl-pci: Add IDs for Intel N6000, N6001 and C6100 cards
(bsc#1012628).
- misc: ocxl: fix possible refcount leak in afu_ioctl()
(bsc#1012628).
- clk: mediatek: mt8195-infra_ao: Set pwrmcu clocks as critical
(bsc#1012628).
- clk: mediatek: clk-mt8195-vdo1: Reparent and set rate on
vdo1_dpintf's parent (bsc#1012628).
- clk: mediatek: clk-mt8195-vdo0: Set rate on
vdo0_dp_intf0_dp_intf's parent (bsc#1012628).
- RDMA/rxe: Fix the error caused by qp->sk (bsc#1012628).
- RDMA/rxe: Fix "kernel NULL pointer dereference" error
(bsc#1012628).
- media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init
(bsc#1012628).
- media: uvcvideo: Use entity get_cur in uvc_ctrl_set
(bsc#1012628).
- media: uvcvideo: Fix memory leak in uvc_gpio_parse
(bsc#1012628).
- media: meson: vdec: add missing clk_disable_unprepare on error
in vdec_hevc_start() (bsc#1012628).
- media: amphion: fix a bug that vpu core may not resume after
suspend (bsc#1012628).
- media: amphion: don't change the colorspace reported by decoder
(bsc#1012628).
- media: amphion: adjust the encoder's value range of gop size
(bsc#1012628).
- media: amphion: insert picture startcode after seek for vc1g
format (bsc#1012628).
- media: mediatek: vcodec: Skip non CBR bitrate mode
(bsc#1012628).
- tty: xilinx_uartps: Fix the ignore_status (bsc#1012628).
- tty: xilinx_uartps: Check clk_enable return value (bsc#1012628).
- media: airspy: fix memory leak in airspy probe (bsc#1012628).
- media: exynos4-is: fimc-is: Add of_node_put() when breaking
out of loop (bsc#1012628).
- clk: qcom: gcc-sdm660: Use floor ops for SDCC1 clock
(bsc#1012628).
- HSI: omap_ssi_port: Fix dma_map_sg error check (bsc#1012628).
- HSI: omap_ssi: Fix refcount leak in ssi_probe (bsc#1012628).
- HID: uclogic: Fix warning in uclogic_rdesc_template_apply
(bsc#1012628).
- HID: uclogic: Add missing suffix for digitalizers (bsc#1012628).
- clk: samsung: exynosautov9: correct register offsets of
peric0/c1 (bsc#1012628).
- clk: tegra20: Fix refcount leak in tegra20_clock_init
(bsc#1012628).
- clk: tegra: Fix refcount leak in tegra114_clock_init
(bsc#1012628).
- clk: tegra: Fix refcount leak in tegra210_clock_init
(bsc#1012628).
- coresight: docs: Fix a broken reference (bsc#1012628).
- clk: sprd: Hold reference returned by of_get_parent()
(bsc#1012628).
- clk: berlin: Add of_node_put() for of_get_parent()
(bsc#1012628).
- clk: qoriq: Hold reference returned by of_get_parent()
(bsc#1012628).
- clk: oxnas: Hold reference returned by of_get_parent()
(bsc#1012628).
- clk: st: Hold reference returned by of_get_parent()
(bsc#1012628).
- clk: meson: Hold reference returned by of_get_parent()
(bsc#1012628).
- usb: common: debug: Check non-standard control requests
(bsc#1012628).
- usb: common: usb-conn-gpio: Simplify some error message
(bsc#1012628).
- RDMA/mlx5: Don't compare mkey tags in DEVX indirect mkey
(bsc#1012628).
- iio: magnetometer: yas530: Change data type of hard_offsets
to signed (bsc#1012628).
- iio: ABI: Fix wrong format of differential capacitance channel
ABI (bsc#1012628).
- iio: inkern: fix return value in
devm_of_iio_channel_get_by_name() (bsc#1012628).
- iio: inkern: only release the device node when done with it
(bsc#1012628).
- iio: adc: at91-sama5d2_adc: disable/prepare buffer on
suspend/resume (bsc#1012628).
- iio: adc: at91-sama5d2_adc: lock around oversampling and sample
freq (bsc#1012628).
- iio: adc: at91-sama5d2_adc: check return status for pressure
and touch (bsc#1012628).
- iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX
(bsc#1012628).
- selftests/cpu-hotplug: Reserve one cpu online at least
(bsc#1012628).
- selftests/cpu-hotplug: Delete fault injection related code
(bsc#1012628).
- selftests/cpu-hotplug: Use return instead of exit (bsc#1012628).
- iomap: iomap: fix memory corruption when recording errors
during writeback (bsc#1012628).
- ARM: dts: exynos: fix polarity of VBUS GPIO of Origen
(bsc#1012628).
- arm64: dts: exynos: fix polarity of "enable" line of NFC chip
in TM2 (bsc#1012628).
- arm64: ftrace: fix module PLTs with mcount (bsc#1012628).
- ext4: don't run ext4lazyinit for read-only filesystems
(bsc#1012628).
- ext4: continue to expand file system when the target size
doesn't reach (bsc#1012628).
- ARM: Drop CMDLINE_* dependency on ATAGS (bsc#1012628).
- ARM: dts: exynos: correct s5k6a3 reset polarity on Midas family
(bsc#1012628).
- arm64: dts: ti: k3-j7200: fix main pinmux range (bsc#1012628).
- arm64: dts: qcom: sm8450: fix UFS PHY serdes size (bsc#1012628).
- arm64: dts: qcom: ipq8074: fix PCIe PHY serdes size
(bsc#1012628).
- soc/tegra: fuse: Drop Kconfig dependency on TEGRA20_APB_DMA
(bsc#1012628).
- soc/tegra: fuse: Add missing of_node_put() in tegra_init_fuse()
(bsc#1012628).
- arm64: dts: qcom: sm8350-sagami: correct TS pin property
(bsc#1012628).
- ia64: export memory_add_physaddr_to_nid to fix cxl build error
(bsc#1012628).
- arm64: dts: marvell: 98dx25xx: use correct property for i2c
gpios (bsc#1012628).
- ARM: dts: kirkwood: lsxl: remove first ethernet port
(bsc#1012628).
- ARM: dts: kirkwood: lsxl: fix serial line (bsc#1012628).
- ARM: dts: turris-omnia: Fix mpp26 pin name and comment
(bsc#1012628).
- arm64: dts: qcom: sc7180-trogdor: Keep pm6150_adc enabled for TZ
(bsc#1012628).
- arm64: dts: qcom: pm8350c: Drop PWM reg declaration
(bsc#1012628).
- arm64: dts: qcom: sa8295p-adp: disallow regulator mode switches
(bsc#1012628).
- arm64: dts: qcom: sc8280xp-lenovo-thinkpad-x13s: disallow
regulator mode switches (bsc#1012628).
- arm64: dts: qcom: sc8280xp-crd: disallow regulator mode switches
(bsc#1012628).
- arm64: dts: qcom: sc7280: Update lpasscore node (bsc#1012628).
- arm64: dts: qcom: sc7280: Cleanup the lpasscc node
(bsc#1012628).
- arm64: dts: qcom: sdm845-xiaomi-polaris: Fix sde_dsi_active
pinctrl (bsc#1012628).
- dt-bindings: clock: exynosautov9: correct clock numbering of
peric0/c1 (bsc#1012628).
- arm64: dts: renesas: r9a07g043: Fix SCI{Rx,Tx} interrupt types
(bsc#1012628).
- arm64: dts: renesas: r9a07g054: Fix SCI{Rx,Tx} interrupt types
(bsc#1012628).
- arm64: dts: renesas: r9a07g044: Fix SCI{Rx,Tx} interrupt types
(bsc#1012628).
- ARM: dts: imx6qdl-kontron-samx6i: hook up DDC i2c bus
(bsc#1012628).
- soc: qcom: smem_state: Add refcounting for the 'state->of_node'
(bsc#1012628).
- soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe()
(bsc#1012628).
- locks: fix TOCTOU race when granting write lease (bsc#1012628).
- memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings()
(bsc#1012628).
- memory: of: Fix refcount leak bug in of_get_ddr_timings()
(bsc#1012628).
- memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe()
(bsc#1012628).
- ALSA: hda/hdmi: Don't skip notification handling during PM
operation (bsc#1012628).
- ASoC: rockchip: i2s: use regmap_read_poll_timeout_atomic to
poll I2S_CLR (bsc#1012628).
- ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe
(bsc#1012628).
- ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe
(bsc#1012628).
- ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe
(bsc#1012628).
- ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe
(bsc#1012628).
- ASoC: wcd-mbhc-v2: Revert "ASoC: wcd-mbhc-v2: use
pm_runtime_resume_and_get()" (bsc#1012628).
- ASoC: stm: Fix PM disable depth imbalance in stm32_i2s_probe
(bsc#1012628).
- ASoC: stm32: spdifrx: Fix PM disable depth imbalance in
stm32_spdifrx_probe (bsc#1012628).
- ASoC: stm32: dfsdm: Fix PM disable depth imbalance in
stm32_adfsdm_probe (bsc#1012628).
- mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe()
(bsc#1012628).
- ALSA: dmaengine: increment buffer pointer atomically
(bsc#1012628).
- ASoC: da7219: Fix an error handling path in
da7219_register_dai_clks() (bsc#1012628).
- ASoC: codecs: tx-macro: fix kcontrol put (bsc#1012628).
- virtio-gpu: fix shift wrapping bug in
virtio_gpu_fence_event_create() (bsc#1012628).
- drm/vmwgfx: Fix memory leak in vmw_mksstat_add_ioctl()
(bsc#1012628).
- ASoC: SOF: ipc4-topology: Free the ida when IPC fails in
sof_ipc4_widget_setup() (bsc#1012628).
- ALSA: usb-audio: Properly refcounting clock rate (bsc#1012628).
- ALSA: hda/hdmi: Fix the converter allocation for the silent
stream (bsc#1012628).
- ALSA: hda/hdmi: change type for the 'assigned' variable
(bsc#1012628).
- drm/msm/dp: correct 1.62G link rate at
dp_catalog_ctrl_config_msa() (bsc#1012628).
- drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx
(bsc#1012628).
- drm/msm: lookup the ICC paths in both mdp5/dpu and mdss devices
(bsc#1012628).
- ASoC: eureka-tlv320: Hold reference returned from of_find_xxx
API (bsc#1012628).
- mmc: au1xmmc: Fix an error handling path in au1xmmc_probe()
(bsc#1012628).
- ASoC: rockchip: i2s: use regmap_read_poll_timeout to poll
I2S_CLR (bsc#1012628).
- drm/amdgpu: Fix memory leak in hpd_rx_irq_create_workqueue()
(bsc#1012628).
- drm/omap: dss: Fix refcount leak bugs (bsc#1012628).
- ASoC: SOF: mediatek: mt8195: Import namespace
SND_SOC_SOF_MTK_COMMON (bsc#1012628).
- ASoC: mediatek: mt8195-mt6359: Properly register sound card
for SOF (bsc#1012628).
- drm/bochs: fix blanking (bsc#1012628).
- drm/virtio: set fb_modifiers_not_supported (bsc#1012628).
- ALSA: hda: beep: Simplify keep-power-at-enable behavior
(bsc#1012628).
- ASoC: wm_adsp: Handle optional legacy support (bsc#1012628).
- ASoC: rsnd: Add check for rsnd_mod_power_on (bsc#1012628).
- drm/bridge: it6505: Fix the order of DP_SET_POWER commands
(bsc#1012628).
- drm/bridge: megachips: Fix a null pointer dereference bug
(bsc#1012628).
- drm/amdgpu: add missing pci_disable_device() in
amdgpu_pmops_runtime_resume() (bsc#1012628).
- platform/chrome: cros_ec_typec: Correct alt mode index
(bsc#1012628).
- platform/chrome: cros_ec_typec: Add bit offset for DP VDO
(bsc#1012628).
- drm: fix drm_mipi_dbi build errors (bsc#1012628).
- drm/panel: use 'select' for Ili9341 panel driver helpers
(bsc#1012628).
- platform/x86: msi-laptop: Fix resource cleanup (bsc#1012628).
- platform/x86: msi-laptop: Fix old-ec check for backlight
registering (bsc#1012628).
- ASoC: tas2764: Fix mute/unmute (bsc#1012628).
- ASoC: tas2764: Drop conflicting set_bias_level power setting
(bsc#1012628).
- ASoC: tas2764: Allow mono streams (bsc#1012628).
- ASoC: soc-pcm.c: call __soc_pcm_close() in soc_pcm_close()
(bsc#1012628).
- drm/virtio: Fix same-context optimization (bsc#1012628).
- drm/i915/dg2: Bump up CDCLK for DG2 (bsc#1012628).
- platform/chrome: fix memory corruption in ioctl (bsc#1012628).
- platform/chrome: fix double-free in chromeos_laptop_prepare()
(bsc#1012628).
- drm/msm: Make .remove and .shutdown HW shutdown consistent
(bsc#1012628).
- ASoC: amd: acp: add missing platform_device_unregister()
in acp_pci_probe() (bsc#1012628).
- ASoC: mt6359: fix tests for platform_get_irq() failure
(bsc#1012628).
- drm:pl111: Add of_node_put() when breaking out of
for_each_available_child_of_node() (bsc#1012628).
- drm/dp_mst: fix drm_dp_dpcd_read return value checks
(bsc#1012628).
- drm/format-helper: Fix test on big endian architectures
(bsc#1012628).
- drm/bridge: parade-ps8640: Fix regulator supply order
(bsc#1012628).
- drm/bridge: tc358767: Add of_node_put() when breaking out of
loop (bsc#1012628).
- drm/bridge: anx7625: Fix refcount bug in anx7625_parse_dt()
(bsc#1012628).
- drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling
(bsc#1012628).
- video/aperture: Disable and unregister sysfb devices via
aperture helpers (bsc#1012628).
- drm/bridge: it6505: Power on downstream device in .atomic_enable
(bsc#1012628).
- drm/vc4: drv: Call component_unbind_all() (bsc#1012628).
- drm/mipi-dsi: Detach devices when removing the host
(bsc#1012628).
- drm/bridge: Avoid uninitialized variable warning (bsc#1012628).
- drm: bridge: adv7511: unregister cec i2c device after cec
adapter (bsc#1012628).
- drm: bridge: adv7511: fix CEC power down control register offset
(bsc#1012628).
- net: mvpp2: fix mvpp2 debugfs leak (bsc#1012628).
- once: add DO_ONCE_SLOW() for sleepable contexts (bsc#1012628).
- net/ieee802154: reject zero-sized raw_sendmsg() (bsc#1012628).
- net: wwan: iosm: Call mutex_init before locking it
(bsc#1012628).
- eth: sp7021: fix use after free bug in
spl2sw_nvmem_get_mac_address (bsc#1012628).
- bnx2x: fix potential memory leak in bnx2x_tpa_stop()
(bsc#1012628).
- eth: lan743x: reject extts for non-pci11x1x devices
(bsc#1012628).
- net: prestera: acl: Add check for kmemdup (bsc#1012628).
- af_unix: Fix memory leaks of the whole sk due to OOB skb
(bsc#1012628).
- net: rds: don't hold sock lock when cancelling work from
rds_tcp_reset_callbacks() (bsc#1012628).
- hwmon: (pmbus/mp2888) Fix sensors readouts for MPS Multi-phase
mp2888 controller (bsc#1012628).
- Bluetooth: hci_sync: Fix not indicating power state
(bsc#1012628).
- spi: Ensure that sg_table won't be used after being freed
(bsc#1012628).
- tcp: fix tcp_cwnd_validate() to not forget is_cwnd_limited
(bsc#1012628).
- sctp: handle the error returned from
sctp_auth_asoc_init_active_key (bsc#1012628).
- mISDN: fix use-after-free bugs in l1oip timer handlers
(bsc#1012628).
- eth: alx: take rtnl_lock on resume (bsc#1012628).
- vhost/vsock: Use kvmalloc/kvfree for larger packets
(bsc#1012628).
- wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM
(bsc#1012628).
- wifi: rtl8xxxu: gen2: Enable 40 MHz channel width (bsc#1012628).
- Bluetooth: Prevent double register of suspend (bsc#1012628).
- spi: s3c64xx: Fix large transfers with DMA (bsc#1012628).
- netfilter: nft_fib: Fix for rpath check with VRF devices
(bsc#1012628).
- xfrm: Reinject transport-mode packets through workqueue
(bsc#1012628).
- Bluetooth: hci_core: Fix not handling link timeouts propertly
(bsc#1012628).
- i2c: mlxbf: support lock mechanism (bsc#1012628).
- libbpf: Don't require full struct enum64 in UAPI headers
(bsc#1012628).
- cw1200: fix incorrect check to determine if no element is
found in list (bsc#1012628).
- skmsg: Schedule psock work if the cached skb exists on the psock
(bsc#1012628).
- spi/omap100k:Fix PM disable depth imbalance in
omap1_spi100k_probe (bsc#1012628).
- spi: dw: Fix PM disable depth imbalance in dw_spi_bt1_probe
(bsc#1012628).
- spi: cadence-quadspi: Fix PM disable depth imbalance in
cqspi_probe (bsc#1012628).
- x86/cpu: Include the header of init_ia32_feat_ctl()'s prototype
(bsc#1012628).
- wifi: ath11k: fix peer addition/deletion error on sta band
migration (bsc#1012628).
- libbpf: restore memory layout of bpf_object_open_opts
(bsc#1012628).
- x86/microcode/AMD: Track patch allocation size explicitly
(bsc#1012628).
- mips: dts: ralink: mt7621: fix external phy on GB-PC2
(bsc#1012628).
- wifi: ath11k: fix number of VHT beamformee spatial streams
(bsc#1012628).
- wifi: ath11k: fix failed to find the peer with peer_id 0 when
disconnected (bsc#1012628).
- mwifiex: fix sleep in atomic context bugs caused by
dev_coredumpv (bsc#1012628).
- flow_dissector: Do not count vlan tags inside tunnel payload
(bsc#1012628).
- selftests/bpf: Adapt cgroup effective query uapi change
(bsc#1012628).
- bpftool: Fix wrong cgroup attach flags being assigned to
effective progs (bsc#1012628).
- bpf, cgroup: Reject prog_attach_flags array when effective query
(bsc#1012628).
- netfilter: conntrack: revisit the gc initial rescheduling bias
(bsc#1012628).
- netfilter: conntrack: fix the gc rescheduling delay
(bsc#1012628).
- libbpf: Fix NULL pointer exception in API
btf_dump__dump_type_data (bsc#1012628).
- Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem()
failure (bsc#1012628).
- wifi: ath11k: Include STA_KEEPALIVE_ARP_RESPONSE TLV header
by default (bsc#1012628).
- libbpf: Fix crash if SEC("freplace") programs don't have
attach_prog_fd set (bsc#1012628).
- bpf: Ensure correct locking around vulnerable function
find_vpid() (bsc#1012628).
- net: fs_enet: Fix wrong check in do_pd_setup (bsc#1012628).
- Bluetooth: RFCOMM: Fix possible deadlock on socket
shutdown/release (bsc#1012628).
- wifi: mt76: mt7921e: fix rmmod crash in driver reload test
(bsc#1012628).
- wifi: mt76: mt7915: do not check state before configuring
implicit beamform (bsc#1012628).
- wifi: mt76: fix uninitialized pointer in mt7921_mac_fill_rx
(bsc#1012628).
- wifi: mt76: mt7915: fix mcs value in ht mode (bsc#1012628).
- wifi: mt76: mt7921: fix the firmware version report
(bsc#1012628).
- wifi: mt76: mt7921: add mt7921_mutex_acquire at
mt7921_sta_set_decap_offload (bsc#1012628).
- wifi: mt76: mt7921: add mt7921_mutex_acquire at mt7921_[start,
stop]_ap (bsc#1012628).
- wifi: mt76: connac: fix possible unaligned access in
mt76_connac_mcu_add_nested_tlv (bsc#1012628).
- wifi: mt76: mt7915: fix possible unaligned access in
mt7915_mac_add_twt_setup (bsc#1012628).
- wifi: mt76: mt7615: add mt7615_mutex_acquire/release in
mt7615_sta_set_decap_offload (bsc#1012628).
- wifi: mt76: sdio: fix transmitting packet hangs (bsc#1012628).
- wifi: mt76: mt7921: fix use after free in mt7921_acpi_read()
(bsc#1012628).
- wifi: mt76: mt7915: fix an uninitialized variable bug
(bsc#1012628).
- wifi: mt76: sdio: poll sta stat when device transmits data
(bsc#1012628).
- wifi: mt76: sdio: fix the deadlock caused by sdio->stat_work
(bsc#1012628).
- wifi: mt76: mt7921u: fix race issue between reset and
suspend/resume (bsc#1012628).
- wifi: mt76: mt7921s: fix race issue between reset and
suspend/resume (bsc#1012628).
- wifi: mt76: mt7921e: fix race issue between reset and
suspend/resume (bsc#1012628).
- Bluetooth: avoid hci_dev_test_and_set_flag() in mgmt_init_hdev()
(bsc#1012628).
- wifi: rtl8xxxu: Remove copy-paste leftover in
gen2_update_rate_mask (bsc#1012628).
- wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration
(bsc#1012628).
- bpf: btf: fix truncated last_member_type_id in
btf_struct_resolve (bsc#1012628).
- spi: meson-spicc: do not rely on busy flag in pow2 clk ops
(bsc#1012628).
- wifi: rtl8xxxu: Fix skb misuse in TX queue selection
(bsc#1012628).
- spi: qup: add missing clk_disable_unprepare on error in
spi_qup_pm_resume_runtime() (bsc#1012628).
- spi: qup: add missing clk_disable_unprepare on error in
spi_qup_resume() (bsc#1012628).
- wifi: mac80211: mlme: assign link address correctly
(bsc#1012628).
- selftests/xsk: Avoid use-after-free on ctx (bsc#1012628).
- wifi: rtw88: add missing destroy_workqueue() on error path in
rtw_core_init() (bsc#1012628).
- wifi: wfx: prevent underflow in wfx_send_pds() (bsc#1012628).
- wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse()
(bsc#1012628).
- wifi: rtw89: pci: correct TX resource checking in low power mode
(bsc#1012628).
- wifi: rtw89: pci: fix interrupt stuck after leaving low power
mode (bsc#1012628).
- bpf: Only add BTF IDs for socket security hooks when
CONFIG_SECURITY_NETWORK is on (bsc#1012628).
- Bluetooth: btusb: mediatek: fix WMT failure during runtime
suspend (bsc#1012628).
- bpf: Use this_cpu_{inc_return|dec} for prog->active
(bsc#1012628).
- bpf: Use this_cpu_{inc|dec|inc_return} for bpf_task_storage_busy
(bsc#1012628).
- wifi: ath11k: Fix incorrect QMI message ID mappings
(bsc#1012628).
- bpf: Propagate error from htab_lock_bucket() to userspace
(bsc#1012628).
- bpf: Disable preemption when increasing per-cpu map_locked
(bsc#1012628).
- selftests/xsk: Add missing close() on netns fd (bsc#1012628).
- xsk: Fix backpressure mechanism on Tx (bsc#1012628).
- x86/resctrl: Fix to restore to original value when re-enabling
hardware prefetch register (bsc#1012628).
- spi: mt7621: Fix an error message in mt7621_spi_probe()
(bsc#1012628).
- esp: choose the correct inner protocol for GSO on inter address
family tunnels (bsc#1012628).
- audit: free audit_proctitle only on task exit (bsc#1012628).
- audit: explicitly check audit_context->context enum value
(bsc#1012628).
- ice: set tx_tstamps when creating new Tx rings via ethtool
(bsc#1012628).
- bpftool: Fix a wrong type cast in btf_dumper_int (bsc#1012628).
- wifi: mac80211: allow bw change during channel switch in mesh
(bsc#1012628).
- wifi: mac80211_hwsim: fix link change handling (bsc#1012628).
- wifi: mac80211: mlme: don't add empty EML capabilities
(bsc#1012628).
- wifi: mac80211: fix use-after-free (bsc#1012628).
- wifi: cfg80211: get correct AP link chandef (bsc#1012628).
- wifi: mac80211: properly set old_links when removing a link
(bsc#1012628).
- bpf: Fix reference state management for synchronous callbacks
(bsc#1012628).
- net: prestera: cache port state for non-phylink ports too
(bsc#1012628).
- tsnep: Fix TSNEP_INFO_TX_TIME register define (bsc#1012628).
- leds: lm3601x: Don't use mutex after it was destroyed
(bsc#1012628).
- bpf: Fix ref_obj_id for dynptr data slices in verifier
(bsc#1012628).
- bpf: Cleanup check_refcount_ok (bsc#1012628).
- wifi: ath10k: add peer map clean up for peer delete in
ath10k_sta_state() (bsc#1012628).
- wifi: ath10k: Set tx credit to one for WCN3990 snoc based
devices (bsc#1012628).
- wifi: rtlwifi: 8192de: correct checking of IQK reload
(bsc#1012628).
- libbpf: Initialize err in probe_map_create (bsc#1012628).
- m68k: Process bootinfo records before saving them (bsc#1012628).
- x86/paravirt: add extra clobbers with ZERO_CALL_USED_REGS
enabled (bsc#1012628).
- NFSD: Fix handling of oversized NFSv4 COMPOUND requests
(bsc#1012628).
- NFSD: Protect against send buffer overflow in NFSv2 READDIR
(bsc#1012628).
- SUNRPC: Fix svcxdr_init_encode's buflen calculation
(bsc#1012628).
- SUNRPC: Fix svcxdr_init_decode's end-of-buffer calculation
(bsc#1012628).
- nfsd: Fix a memory leak in an error handling path (bsc#1012628).
- objtool: Preserve special st_shndx indexes in elf_update_symbol
(bsc#1012628).
- ACPI: PCC: Fix Tx acknowledge in the PCC address space handler
(bsc#1012628).
- ACPI: PCC: replace wait_for_completion() (bsc#1012628).
- ACPI: PCC: Release resources on address space setup failure path
(bsc#1012628).
- ARM: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE
(bsc#1012628).
- ARM: 9244/1: dump: Fix wrong pg_level in walk_pmd()
(bsc#1012628).
- ARM: 9243/1: riscpc: Unbreak the build (bsc#1012628).
- erofs: use kill_anon_super() to kill super in fscache mode
(bsc#1012628).
- erofs: fix order >= MAX_ORDER warning due to crafted negative
i_size (bsc#1012628).
- MIPS: SGI-IP27: Fix platform-device leak in
bridge_platform_create() (bsc#1012628).
- MIPS: SGI-IP30: Fix platform-device leak in
bridge_platform_create() (bsc#1012628).
- sh: machvec: Use char[] for section boundaries (bsc#1012628).
- cpufreq: amd-pstate: Fix initial highest_perf value
(bsc#1012628).
- thermal: cpufreq_cooling: Check the policy first in
cpufreq_cooling_register() (bsc#1012628).
- acl: return EOPNOTSUPP in posix_acl_fix_xattr_common()
(bsc#1012628).
- ntfs3: rework xattr handlers and switch to POSIX ACL VFS helpers
(bsc#1012628).
- userfaultfd: open userfaultfds with O_RDONLY (bsc#1012628).
- ima: fix blocking of security.ima xattrs of unsupported
algorithms (bsc#1012628).
- selinux: use "grep -E" instead of "egrep" (bsc#1012628).
- smb3: must initialize two ACL struct fields to zero
(bsc#1012628).
- drm/amdgpu: Enable F32_WPTR_POLL_ENABLE in mqd (bsc#1012628).
- drm/amdgpu: Enable VCN PG on GC11_0_1 (bsc#1012628).
- drm/amd/display: explicitly disable psr_feature_enable
appropriately (bsc#1012628).
- drm/amd/display: Add HUBP surface flip interrupt handler
(bsc#1012628).
- drm/amd/display: Fix vblank refcount in vrr transition
(bsc#1012628).
- drm/amd/display: Enable 2 to 1 ODM policy if supported
(bsc#1012628).
- drm/amd/display: Enable dpia support for dcn314 (bsc#1012628).
- drm/amd/display: Validate DSC After Enable All New CRTCs
(bsc#1012628).
- drm/amd/display: zeromem mypipe heap struct before using it
(bsc#1012628).
- drm/amd/display: Update PMFW z-state interface for DCN314
(bsc#1012628).
- drm/amd/display: Fix watermark calculation (bsc#1012628).
- drm/i915: Fix display problems after resume (bsc#1012628).
- drm/i915: Fix watermark calculations for DG2 CCS+CC modifier
(bsc#1012628).
- drm/i915: Fix watermark calculations for DG2 CCS modifiers
(bsc#1012628).
- drm/i915: Fix watermark calculations for gen12+ CCS+CC modifier
(bsc#1012628).
- drm/i915: Fix watermark calculations for gen12+ MC CCS modifier
(bsc#1012628).
- drm/i915: Fix watermark calculations for gen12+ RC CCS modifier
(bsc#1012628).
- drm/i915/guc: Fix revocation of non-persistent contexts
(bsc#1012628).
- drm/i915/gt: Use i915_vm_put on ppgtt_create error paths
(bsc#1012628).
- drm/nouveau: fix a use-after-free in
nouveau_gem_prime_import_sg_table() (bsc#1012628).
- drm/nouveau/kms/nv140-: Disable interlacing (bsc#1012628).
- staging: greybus: audio_helper: remove unused and wrong debugfs
usage (bsc#1012628).
- KVM: VMX: Drop bits 31:16 when shoving exception error code
into VMCS (bsc#1012628).
- KVM: x86: Treat #DBs from the emulator as fault-like (code
and DR7.GD=1) (bsc#1012628).
- KVM: nVMX: Don't propagate vmcs12's PERF_GLOBAL_CTRL settings
to vmcs02 (bsc#1012628).
- KVM: nVMX: Unconditionally purge queued/injected events on
nested "exit" (bsc#1012628).
- KVM: x86/emulator: Fix handing of POP SS to correctly set
interruptibility (bsc#1012628).
- blk-wbt: call rq_qos_add() after wb_normal is initialized
(bsc#1012628).
- blk-throttle: fix that io throttle can only work for single bio
(bsc#1012628).
- media: cedrus: Fix endless loop in cedrus_h265_skip_bits()
(bsc#1012628).
- media: cedrus: Set the platform driver data earlier
(bsc#1012628).
- media: cedrus: Fix watchdog race condition (bsc#1012628).
- efi: libstub: drop pointless get_memory_map() call
(bsc#1012628).
- thunderbolt: Explicitly enable lane adapter hotplug events at
startup (bsc#1012628).
- rpmsg: char: Avoid double destroy of default endpoint
(bsc#1012628).
- tracing: Fix reading strings from synthetic events
(bsc#1012628).
- tracing: Add "(fault)" name injection to kernel probes
(bsc#1012628).
- tracing: Move duplicate code of trace_kprobe/eprobe.c into
header (bsc#1012628).
- tracing: Do not free snapshot if tracer is on cmdline
(bsc#1012628).
- tracing: Add ioctl() to force ring buffer waiters to wake up
(bsc#1012628).
- tracing: Wake up waiters when tracing is disabled (bsc#1012628).
- tracing: Wake up ring buffer waiters on closing of the file
(bsc#1012628).
- tracing: Disable interrupt or preemption before acquiring
arch_spinlock_t (bsc#1012628).
- tracing/eprobe: Fix alloc event dir failed when event name no
set (bsc#1012628).
- ring-buffer: Fix race between reset page and reading page
(bsc#1012628).
- ring-buffer: Add ring_buffer_wake_waiters() (bsc#1012628).
- ring-buffer: Check pending waiters when doing wake ups as well
(bsc#1012628).
- ring-buffer: Have the shortest_full queue be the shortest not
longest (bsc#1012628).
- ring-buffer: Allow splice to read previous partially read pages
(bsc#1012628).
- ftrace: Still disable enabled records marked as disabled
(bsc#1012628).
- ftrace: Properly unset FTRACE_HASH_FL_MOD (bsc#1012628).
- livepatch: fix race between fork and KLP transition
(bsc#1012628).
- ext4: update 'state->fc_regions_size' after successful memory
allocation (bsc#1012628).
- ext4: fix potential memory leak in ext4_fc_record_regions()
(bsc#1012628).
- ext4: fix potential memory leak in
ext4_fc_record_modified_inode() (bsc#1012628).
- ext4: fix miss release buffer head in ext4_fc_write_inode
(bsc#1012628).
- ext4: fix dir corruption when ext4_dx_add_entry() fails
(bsc#1012628).
- ext4: fix i_version handling in ext4 (bsc#1012628).
- ext4: place buffer head allocation before handle start
(bsc#1012628).
- ext4: ext4_read_bh_lock() should submit IO if the buffer isn't
uptodate (bsc#1012628).
- ext4: unconditionally enable the i_version counter
(bsc#1012628).
- ext4: don't increase iversion counter for ea_inodes
(bsc#1012628).
- ext4: fix check for block being out of directory size
(bsc#1012628).
- ext4: make ext4_lazyinit_thread freezable (bsc#1012628).
- ext4: fix null-ptr-deref in ext4_write_info (bsc#1012628).
- ext4: avoid crash when inline data creation follows DIO write
(bsc#1012628).
- ext2: Add sanity checks for group and filesystem size
(bsc#1012628).
- jbd2: add miss release buffer head in fc_do_one_pass()
(bsc#1012628).
- jbd2: fix potential use-after-free in jbd2_fc_wait_bufs
(bsc#1012628).
- jbd2: fix potential buffer head reference count leak
(bsc#1012628).
- jbd2: wake up journal waiters in FIFO order, not LIFO
(bsc#1012628).
- f2fs: allow direct read for zoned device (bsc#1012628).
- f2fs: fix to do sanity check on summary info (bsc#1012628).
- f2fs: fix to do sanity check on destination blkaddr during
recovery (bsc#1012628).
- f2fs: increase the limit for reserve_root (bsc#1012628).
- f2fs: flush pending checkpoints when freezing super
(bsc#1012628).
- f2fs: complete checkpoints during remount (bsc#1012628).
- f2fs: fix wrong continue condition in GC (bsc#1012628).
- btrfs: set generation before calling btrfs_clean_tree_block
in btrfs_init_new_buffer (bsc#1012628).
- btrfs: fix missed extent on fsync after dropping extent maps
(bsc#1012628).
- btrfs: fix race between quota enable and quota rescan ioctl
(bsc#1012628).
- btrfs: enhance unsupported compat RO flags handling
(bsc#1012628).
- btrfs: fix alignment of VMA for memory mapped files on THP
(bsc#1012628).
- fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE
(bsc#1012628).
- ksmbd: Fix user namespace mapping (bsc#1012628).
- ksmbd: Fix wrong return value and message length check in
smb2_ioctl() (bsc#1012628).
- ksmbd: fix endless loop when encryption for response fails
(bsc#1012628).
- ksmbd: fix incorrect handling of iterate_dir (bsc#1012628).
- smb3: do not log confusing message when server returns no
network interfaces (bsc#1012628).
- hwrng: core - let sleep be interrupted when unregistering hwrng
(bsc#1012628).
- fbdev: smscufx: Fix use-after-free in ufx_ops_open()
(bsc#1012628).
- pinctrl: rockchip: add pinmux_ops.gpio_set_direction callback
(bsc#1012628).
- gpio: rockchip: request GPIO mux to pinctrl when setting
direction (bsc#1012628).
- scsi: qedf: Populate sysfs attributes for vport (bsc#1012628).
- scsi: lpfc: Rework MIB Rx Monitor debug info logic
(bsc#1012628).
- slimbus: qcom-ngd: cleanup in probe error path (bsc#1012628).
- slimbus: qcom-ngd: use correct error in message of
pdr_add_lookup() failure (bsc#1012628).
- powerpc/boot: Explicitly disable usage of SPE instructions
(bsc#1012628).
- powerpc/Kconfig: Fix non existing CONFIG_PPC_FSL_BOOKE
(bsc#1012628).
- powercap: intel_rapl: Use standard Energy Unit for SPR Dram
RAPL domain (bsc#1012628).
- LoadPin: Fix Kconfig doc about format of file with verity
digests (bsc#1012628).
- cpufreq: qcom-cpufreq-hw: Fix uninitialized throttled_freq
warning (bsc#1012628).
- NFSD: Protect against send buffer overflow in NFSv3 READ
(bsc#1012628).
- NFSD: Protect against send buffer overflow in NFSv2 READ
(bsc#1012628).
- NFSD: Protect against send buffer overflow in NFSv3 READDIR
(bsc#1012628).
- serial: 8250: Request full 16550A feature probing for OxSemi
PCIe devices (bsc#1012628).
- serial: 8250: Let drivers request full 16550A feature probing
(bsc#1012628).
- serial: ar933x: Deassert Transmit Enable on ->rs485_config()
(bsc#1012628).
- serial: Deassert Transmit Enable on probe in driver-specific
way (bsc#1012628).
- serial: stm32: Deassert Transmit Enable on ->rs485_config()
(bsc#1012628).
- serial: cpm_uart: Don't request IRQ too early for console port
(bsc#1012628).
- PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge
(bsc#1012628).
- xen/gntdev: Accommodate VMA splitting (bsc#1012628).
- xen/gntdev: Prevent leaking grants (bsc#1012628).
- mm/mmap: undo ->mmap() when arch_validate_flags() fails
(bsc#1012628).
- mm/uffd: fix warning without PTE_MARKER_UFFD_WP compiled in
(bsc#1012628).
- mm/damon: validate if the pmd entry is present before accessing
(bsc#1012628).
- mm/hugetlb: fix races when looking up a CONT-PTE/PMD size
hugetlb page (bsc#1012628).
- clocksource/drivers/arm_arch_timer: Fix CNTPCT_LO and CNTVCT_LO
value (bsc#1012628).
- arm64: mte: Avoid setting PG_mte_tagged if no tags cleared or
restored (bsc#1012628).
- arm64: mte: move register initialization to C (bsc#1012628).
- drm/udl: Restore display mode on resume (bsc#1012628).
- drm/virtio: Use appropriate atomic state in
virtio_gpu_plane_cleanup_fb() (bsc#1012628).
- drm/virtio: Unlock reservations on dma_resv_reserve_fences()
error (bsc#1012628).
- drm/virtio: Unlock reservations on
virtio_gpu_object_shmem_init() error (bsc#1012628).
- drm/virtio: Check whether transferred 2D BO is shmem
(bsc#1012628).
- dmaengine: qcom-adm: fix wrong calling convention for
prep_slave_sg (bsc#1012628).
- dmaengine: qcom-adm: fix wrong sizeof config in slave_config
(bsc#1012628).
- dmaengine: mxs: use platform_driver_register (bsc#1012628).
- dm: verity-loadpin: Only trust verity targets with enforcement
(bsc#1012628).
- Revert "drm/amdgpu: use dirty framebuffer helper" (bsc#1012628).
- nvme-multipath: fix possible hang in live ns resize with ANA
access (bsc#1012628).
- nvmem: core: Fix memleak in nvmem_register() (bsc#1012628).
- UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
(bsc#1012628).
- riscv: Pass -mno-relax only on lld < 15.0.0 (bsc#1012628).
- riscv: always honor the CONFIG_CMDLINE_FORCE when parsing dtb
(bsc#1012628).
- riscv: Make VM_WRITE imply VM_READ (bsc#1012628).
- riscv: Allow PROT_WRITE-only mmap() (bsc#1012628).
- riscv: vdso: fix NULL deference in vdso_join_timens() when vfork
(bsc#1012628).
- parisc: Fix userspace graphics card breakage due to pgtable
special bit (bsc#1012628).
- parisc: fbdev/stifb: Align graphics memory size to 4MB
(bsc#1012628).
- RISC-V: Make port I/O string accessors actually work
(bsc#1012628).
- RISC-V: Re-enable counter access from userspace (bsc#1012628).
- riscv: topology: fix default topology reporting (bsc#1012628).
- arm64: topology: move store_cpu_topology() to shared code
(bsc#1012628).
- regulator: qcom_rpm: Fix circular deferral regression
(bsc#1012628).
- net: thunderbolt: Enable DMA paths only after rings are enabled
(bsc#1012628).
- hwmon: (gsc-hwmon) Call of_node_get() before of_find_xxx API
(bsc#1012628).
- ASoC: wcd934x: fix order of Slimbus unprepare/disable
(bsc#1012628).
- ASoC: wcd9335: fix order of Slimbus unprepare/disable
(bsc#1012628).
- arm64: dts: qcom: sdm845-mtp: correct ADC settle time
(bsc#1012628).
- platform/chrome: cros_ec_proto: Update version on GET_NEXT_EVENT
failure (bsc#1012628).
- quota: Check next/prev free block number after reading from
quota file (bsc#1012628).
- HID: multitouch: Add memory barriers (bsc#1012628).
- mbcache: Avoid nesting of cache->c_list_lock under bit locks
(bsc#1012628).
- btf: Export bpf_dynptr definition (bsc#1012628).
- fs: dlm: fix invalid derefence of sb_lvbptr (bsc#1012628).
- fs: dlm: handle -EBUSY first in lock arg validation
(bsc#1012628).
- fs: dlm: fix race between test_bit() and queue_work()
(bsc#1012628).
- i2c: designware: Fix handling of real but unexpected device
interrupts (bsc#1012628).
- mmc: sdhci-sprd: Fix minimum clock limit (bsc#1012628).
- mmc: sdhci-tegra: Use actual clock rate for SW tuning correction
(bsc#1012628).
- mmc: renesas_sdhi: Fix rounding errors (bsc#1012628).
- can: kvaser_usb_leaf: Fix CAN state after restart (bsc#1012628).
- can: kvaser_usb_leaf: Fix TX queue out of sync after restart
(bsc#1012628).
- can: kvaser_usb_leaf: Fix overread with an invalid command
(bsc#1012628).
- can: kvaser_usb: Fix use of uninitialized completion
(bsc#1012628).
- mmc: core: Add SD card quirk for broken discard (bsc#1012628).
- usb: add quirks for Lenovo OneLink+ Dock (bsc#1012628).
- usb: gadget: uvc: Fix argument to sizeof() in
uvc_register_video() (bsc#1012628).
- xhci: dbc: Fix memory leak in xhci_alloc_dbc() (bsc#1012628).
- iio: pressure: dps310: Reset chip after timeout (bsc#1012628).
- iio: pressure: dps310: Refactor startup procedure (bsc#1012628).
- iio: adc: ad7923: fix channel readings for some variants
(bsc#1012628).
- iio: ltc2497: Fix reading conversion results (bsc#1012628).
- iio: dac: ad5593r: Fix i2c read protocol requirements
(bsc#1012628).
- cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message
(bsc#1012628).
- cifs: destage dirty pages before re-reading them for cache=none
(bsc#1012628).
- hv_netvsc: Fix race between VF offering and VF association
message from host (bsc#1012628).
- io_uring: correct pinned_vm accounting (bsc#1012628).
- io_uring/af_unix: defer registered files gc to io_uring release
(bsc#1012628).
- io_uring/net: handle -EINPROGRESS correct for IORING_OP_CONNECT
(bsc#1012628).
- io_uring: limit registration w/ SINGLE_ISSUER (bsc#1012628).
- io_uring/net: don't update msg_name if not provided
(bsc#1012628).
- io_uring/net: fix fast_iov assignment in io_setup_async_msg()
(bsc#1012628).
- io_uring/rw: don't lose short results on io_setup_async_rw()
(bsc#1012628).
- io_uring/rw: fix unexpected link breakage (bsc#1012628).
- io_uring/net: don't lose partial send/recv on fail
(bsc#1012628).
- io_uring/rw: don't lose partial IO result on fail (bsc#1012628).
- io_uring: add custom opcode hooks on fail (bsc#1012628).
- mtd: rawnand: atmel: Unmap streaming DMA mappings (bsc#1012628).
- ALSA: hda/realtek: Add Intel Reference SSID to support headset
keys (bsc#1012628).
- ALSA: hda/realtek: Add quirk for ASUS GV601R laptop
(bsc#1012628).
- ALSA: hda/realtek: Correct pin configs for ASUS G533Z
(bsc#1012628).
- ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530
(bsc#1012628).
- ALSA: usb-audio: Fix NULL dererence at error path (bsc#1012628).
- ALSA: usb-audio: Fix potential memory leaks (bsc#1012628).
- ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free()
(bsc#1012628).
- ALSA: oss: Fix potential deadlock at unregistration
(bsc#1012628).
- commit beade21
++++ kernel-firmware:
- Update to version 20221017 (git commit 48407ffd7adb):
* cnm: update chips&media wave521c firmware.
* brcm: add symlink for Pi Zero 2 W NVRAM file
* rtw89: 8852b: add initial fw v0.27.32.0
* iwlwifi: add new FWs from core72-129 release
* iwlwifi: update 9000-family firmwares to core72-129
* rtl_bt: Update RTL8852C BT USB firmware to 0xD5B8_A40A
* amdgpu: update GC 10.3.6 RLC firmware
* amdgpu: update GC 10.3.7 RLC firmware
* amdgpu: update Yellow Carp RLC firmware
* amdgpu: update Beige Goby RLC firmware
* amdgpu: update Dimgrey Cavefish RLC firmware
* amdgpu: update Navy Flounder RLC firmware
* amdgpu: update Sienna Cichlid RLC firmware
* mediatek: Update mt8195 SOF firmware to v0.4.1
* qcom: add squashed version of a530 zap shader
* rtw89: 8852c: update fw to v0.27.56.1
* rtw89: 8852c: update fw to v0.27.56.0
* mediatek: Update mt8186 SCP firmware
- Update Cirrus CS35L41 firmware (bsc#1203699)
cirrus-WHENCE-update.patch
- Update aliases from 6.1-rc1 kernel
++++ libXrender:
- Update to version 0.9.11
* Update README for gitlab migration
* Update configure.ac bug URL for gitlab migration
* Fix spelling/wording issues
* gitlab CI: add a basic build test
* Remove unnecessary casts from malloc & free calls
* Reduce variable scopes as recommended by cppcheck
* Resolve -Wsign-compare warnings
* Rename xDepth to xPDepth to quiet -Wshadow warnings
* fix coredumps in XRenderComputeTrapezoids (issue #1)
* autogen.sh: use quoted string variables
* autogen: add default patch prefix
* WIP: Documentation
* autogen.sh: use exec instead of waiting for configure to finish
* Add missing HAVE_CONFIG_H guard to Xrenderint.h
* amend cppcheck-scope change, fixing c89 build
* additional cppcheck-scope warning
* cppcheck (removing unused assignment lets variable scope reduction)
* use casts to reduce compiler warnings (no object change)
* use _Xconst with DataInt32/DataInt16/memcpy to reduce strict compiler warnings
* use _X_UNUSED for compiler-warnings
* whitespace fix
* fix regression
* fix coredumps in XRenderComputeTrapezoids (issue #1)
* autogen.sh: use quoted string variables
* autogen: add default patch prefix
* WIP: Documentation
* autogen.sh: use exec instead of waiting for configure to finish
* Add missing HAVE_CONFIG_H guard to Xrenderint.h
* amend cppcheck-scope change, fixing c89 build
* additional cppcheck-scope warning
* cppcheck (removing unused assignment lets variable scope reduction)
* use casts to reduce compiler warnings (no object change)
* use _Xconst with DataInt32/DataInt16/memcpy to reduce strict compiler warnings
* use _X_UNUSED for compiler-warnings
* whitespace fix
* fix regression
++++ python-psutil:
- update to version 5.9.3:
* Enhancements
+ 2040, [macOS]: provide wheels for arm64 architecture. (patch by
Matthieu Darbois)
* Bug fixes
+ 2116, [macOS], [critical]: `psutil.net_connections`_ fails with
RuntimeError.
+ 2135, [macOS]: Process.environ() may contain garbage data. Fix
out-of-bounds read around sysctl_procargs. (patch by Bernhard
Urban-Forster)
+ 2138, [Linux], [critical]: can't compile psutil on Android due
to undefined ethtool_cmd_speed symbol.
+ 2142, [POSIX]: net_if_stats() 's flags on Python 2 returned
unicode instead of str. (patch by Matthieu Darbois)
+ 2147, [macOS] Fix disk usage report on macOS 12+. (patch by
Matthieu Darbois)
+ 2150, [Linux] Process.threads() may raise NoSuchProcess. Fix
race condition. (patch by Daniel Li)
+ 2153, [macOS] Fix race condition in
test_posix.TestProcess.test_cmdline. (patch by Matthieu Darbois)
------------------------------------------------------------------
------------------ 2022-10-21 - Oct 21 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- Add patch to fix LLVM optimization to avoid failure on armv7
(https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/19217,
boo#1204267):
* u_0001-gallivm-Fix-LLVM-optimization-with-the-new-pass-mana.patch
++++ Mesa-drivers:
- Add patch to fix LLVM optimization to avoid failure on armv7
(https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/19217,
boo#1204267):
* u_0001-gallivm-Fix-LLVM-optimization-with-the-new-pass-mana.patch
++++ gstreamer:
- Update to version 1.20.4:
+ Highlighted bugfixes in 1.20.4:
- avaudiodec: fix playback issue with WMA files, would throw an
error at EOS with FFmpeg 5.x
- Fix deadlock when loading gst-editing-services plugin
- Fix input buffering capacity in live mode for aggregator,
video/audio aggregator subclasses, muxers
- glimagesink: fix crash on Android
- subtitle handling and subtitle overlay fixes
- matroska-mux: allow width + height changes for
avc3|hev1|vp8|vp9
- rtspsrc: fix control url handling for spec compliant servers
and add fallback for incompliant servers
- WebRTC fixes
- RTP retransmission fixes
- video: fixes for formats with 4x subsampling and horizontal
co-sited chroma (Y41B, YUV9, YVU9 and IYU9)
- Fix consuming of the macOS package as a framework in XCode
- Performance improvements
- Miscellaneous bug fixes, memory leak fixes, and other
stability and reliability improvements
+ gstreamer:
- buffer: drop parent meta in deep copy/foreach_metadata
- devicemonitor: Use a sync bus handler for the provider to
avoid accumulating all messages until the provider is stopped
- element: Fix requesting of pads with string templates
- gst:
. Protect initialization state with a recursive mutex
. Add missing define guard for build without gstreamer debug
logging support
- gst_init: Initialize static plugins just before dynamic plugins
- info: Parse "NONE" as a valid level name
- meta: Set the parent refcount of the GstStructure correctly
- pluginloader: Don't hang on short reads/writes
- tracers: leaks:
. Fix potentially invalid memory access when trying to detect
object type
. Fix object-refings.class flags
- uri: When setting the same string again do nothing
- value: Don't loop forever when serializing invalid flag
+ Base Libraries:
- aggregator:
. Fix input buffering in live mode (was too low before in
many cases)
. Fix reversed active/flushing arguments in debug log output
. Reset EOS flag after receiving a stream-start event
+ Core Elements: queue2:
- Hold the lock when modifying sinkresult
- Fix deadlock when deactivate is called in pull mode
++++ gstreamer-plugins-base:
- Update to version 1.20.4:
+ decodebin3:
- Fix mutex leaks
- Fix memory issues with active selection list
- uridecodebin3, urisourcebin: Event handling fixes
- Fix EOS event sequence
+ parsebin:
- Avoid crash with unknown streams
- SIGSEGV during HLS stream using souphttpsrc
+ glimagesink:
- Only allow setting the GL display/context if it is a valid
value
- Segfault on android devices
+ gstgl: Fix several memory leaks in macOS
+ opusenc: improve inband-fec property documentation
+ playsink: Hold a reference to the soft volume element
+ pbutils: descriptions: fix
gst_pb_utils_get_caps_description_flags()
+ rtspurl: Use gst_uri_join_strings() in
gst_rtsp_url_get_request_uri_with_control() instead of a
hand-crafted, wrong version
+ rtspconnection: protect cancellable by a mutex
+ sdpmessage: Don't set SDP medias from caps without
media/payload/clock-rate fields
+ samiparse: fix handling of self-closing tags
+ ssaparse: include required system headers for isspace() and
sscanf() functions
+ subparse: fix crash when parsing invalid timestamps in mpl2
+ subparse fixes
+ textoverlay: Don't miscalculate text running times
+ videoaggregator: always convert when user provides
converter-config
+ video: Fix scaling in 4x horizontal co-sited chroma (Y41B,
YUV9, YVU9 and IYU9)
+ xmptag: register musicbrainz tags during init to fix critical
in jpegparse
+ xvimagesink: fix image leaks in error code path
+ tests: skip unit tests for dependency-less elements that have
been disabled
++++ kernel-default:
- ALSA: hda/realtek: Add quirk for ASUS Zenbook using CS35L41
(bsc#1203922).
- commit fc9be74
- Refresh patches.suse/drm-amdgpu-Fix-for-BO-move-issue.patch.
Update upstream status.
- commit 48205db
++++ harfbuzz:
- Update to version 5.3.1:
+ Subsetter repacker fixes
+ Adjust Grapheme clusters for Katakana voiced sound marks
+ New hb-subset option --preprocess-face
- Add harfbuzz-5.3.1-Fix_check-symbols_failure.patch: Fix failing
tests.
++++ python310-core:
- Add 98437-sphinx.locale._-as-gettext-in-pyspecific.patch to
allow building of documentation with the latest Sphinx 5.3.0
(gh#python/cpython#98366).
++++ readline:
- Extend version linker map file to detect usage of new symbols (boo#1204336)
++++ systemd:
- Import commit f78bba8d037cc26c09bbdd167625b2d7fe1f5a30 (merge of v251.6)
Beside the merge of v251.6, it also includes the following backport:
- 07aaa898bd pstore: do not try to load all known pstore modules
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/07aa29e3942fb46b0aed5405c88e8d3179ca958f...f78bba8d037cc26c09bbdd167625b2d7fe1f5a30
++++ python310:
- Add 98437-sphinx.locale._-as-gettext-in-pyspecific.patch to
allow building of documentation with the latest Sphinx 5.3.0
(gh#python/cpython#98366).
++++ python-pyOpenSSL:
- Upstream post-release doc fix (gh#pyca/pyopenssl#1150)
* The minimum cryptography version is now 38.0.x (and we now pin
releases against cryptography major versions to prevent future
breakage)
- Add pyOpenSSL-pr1158-conditional-__all__.patch
gh#pyca/pyopenssl#1158
++++ rsync:
- New version fixes bug (boo#1203727): implicit containing directory
sometimes rejected as unrequested
- update to 3.2.7
* BUG FIXES:
- Fixed the client-side validating of the remote sender's filtering behavior.
- More fixes for the "unrequested file-list name" name, including a copy of
"/" with `--relative` enabled and a copy with a lot of related paths with
`--relative` enabled (often derived from a `--files-from` list).
- When rsync gets an unpack error on an ACL, mention the filename.
- Avoid over-setting sanitize_paths when a daemon is serving "/" (even if
"use chroot" is false).
* ENHANCEMENTS:
- Added negotiated daemon-auth support that allows a stronger checksum digest
to be used to validate a user's login to the daemon. Added SHA512, SHA256,
and SHA1 digests to MD5 & MD4. These new digests are at the highest priority
in the new daemon-auth negotiation list.
- Added support for the SHA1 digest in file checksums. While this tends to be
overkill, it is available if someone really needs it. This overly-long
checksum is at the lowest priority in the normal checksum negotiation list.
See [`--checksum-choice`](rsync.1#opt) (`--cc`) and the `RSYNC_CHECKSUM_LIST`
environment var for how to customize this.
- Improved the xattr hash table to use a 64-bit key without slowing down the
key's computation. This should make extra sure that a hash collision doesn't
happen.
- If the `--version` option is repeated (e.g. `-VV`) then the information is
output in a (still readable) JSON format. Client side only.
- The script `support/json-rsync-version` is available to get the JSON style
version output from any rsync. The script accepts either text on stdin
* *or** an arg that specifies an rsync executable to run with a doubled
`--version` option. If the text we get isn't already in JSON format, it is
converted. Newer rsync versions will provide more complete json info than
older rsync versions. Various tweaks are made to keep the flag names
consistent across versions.
- The [`use chroot`](rsyncd.conf.5#) daemon parameter now defaults to "unset"
so that rsync can use chroot when it works and a sanitized copy when chroot
is not supported (e.g., for a non-root daemon). Explicitly setting the
parameter to true or false (on or off) behaves the same way as before.
- The `--fuzzy` option was optimized a bit to try to cut down on the amount of
computations when considering a big pool of files. The simple heuristic from
Kenneth Finnegan resuled in about a 2x speedup.
- If rsync is forced to use protocol 29 or before (perhaps due to talking to an
rsync before 3.0.0), the modify time of a file is limited to 4-bytes. Rsync
now interprets this value as an unsigned integer so that a current year past
2038 can continue to be represented. This does mean that years prior to 1970
cannot be represented in an older protocol, but this trade-off seems like the
right choice given that (1) 2038 is very rapidly approaching, and (2) newer
protocols support a much wider range of old and new dates.
- The rsync client now treats an empty destination arg as an error, just like
it does for an empty source arg. This doesn't affect a `host:` arg (which is
treated the same as `host:.`) since the arg is not completely empty. The use
of [`--old-args`](rsync.1#opt) (including via `RSYNC_OLD_ARGS`) allows the
prior behavior of treating an empty destination arg as a ".".
* PACKAGING RELATED:
- The checksum code now uses openssl's EVP methods, which gets rid of various
deprecation warnings and makes it easy to support more digest methods. On
newer systems, the MD4 digest is marked as legacy in the openssl code, which
makes openssl refuse to support it via EVP. You can choose to ignore this
and allow rsync's MD4 code to be used for older rsync connections (when
talking to an rsync prior to 3.0.0) or you can choose to configure rsync to
tell openssl to enable legacy algorithms (see below).
- A simple openssl config file is supplied that can be installed for rsync to
use. If you install packaging/openssl-rsync.cnf to a public spot (such as
`/etc/ssl/openssl-rsync.cnf`) and then run configure with the option
`--with-openssl-conf=/path/name.cnf`, this will cause rsync to export the
configured path in the OPENSSL_CONF environment variable (when the variable
is not already set). This will enable openssl's MD4 code for rsync to use.
- The packager may wish to include an explicit "use chroot = true" in the top
section of their supplied /etc/rsyncd.conf file if the daemon is being
installed to run as the root user (though rsync should behave the same even
with the value unset, a little extra paranoia doesn't hurt).
- I've noticed that some packagers haven't installed support/nameconvert for
users to use in their chrooted rsync configs. Even if it is not installed
as an executable script (to avoid a python3 dependency) it would be good to
install it with the other rsync-related support scripts.
- It would be good to add support/json-rsync-version to the list of installed
support scripts.
------------------------------------------------------------------
------------------ 2022-10-20 - Oct 20 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- update to 22.2.2
* This is the second bug fix release, back on the regular
schedule. There's a lot here: nir, panfrost, gallium video,
freedreno, nouveau, turnip, r300, gallium core, r600, virgl,
core vulkan, anv, clover, d3d12, utils, radv, and plenty of
zink.
++++ Mesa-drivers:
- update to 22.2.2
* This is the second bug fix release, back on the regular
schedule. There's a lot here: nir, panfrost, gallium video,
freedreno, nouveau, turnip, r300, gallium core, r600, virgl,
core vulkan, anv, clover, d3d12, utils, radv, and plenty of
zink.
++++ bash:
- Explicit require versioned libreadline8 as we face new ABI
functions used by the bash (boo#1204336)
++++ kernel-default:
- drm/amdgpu: Fix for BO move issue (bsc#1204160).
- commit b9e3808
- drm/amdgpu: Fix VRAM BO swap issue (bsc#1204160).
- commit 51f20d5
++++ gcc12:
- Update to gcc-12 branch head, 0aaef83351473e8f4eb774f8f99, git537
------------------------------------------------------------------
------------------ 2022-10-19 - Oct 19 2022 -------------------
------------------------------------------------------------------
++++ kernel-default:
- lib/Kconfig.debug: Add check for non-constant .{s,u}leb128
support to DWARF5 (bsc#1012628).
- Update config files.
- hid: topre: Add driver fixing report descriptor (bsc#1012628).
- Update config files.
- arm64: errata: Add Cortex-A55 to the repeat tlbi list
(bsc#1012628).
- Update config files.
- commit f78cd12
++++ libX11:
- U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch
* security update for CVE-2022-3554 (bsc#1204422)
++++ python310-core:
- Update to 3.10.8:
- Fix multiplying a list by an integer (list *= int): detect
the integer overflow when the new allocated length is close
to the maximum size.
- Fix a shell code injection vulnerability in the
get-remote-certificate.py example script. The script no
longer uses a shell to run openssl commands. (originally
filed as CVE-2022-37460, later withdrawn)
- Fix command line parsing: reject -X int_max_str_digits option
with no value (invalid) when the PYTHONINTMAXSTRDIGITS
environment variable is set to a valid limit.
- When ValueError is raised if an integer is larger than the
limit, mention the sys.set_int_max_str_digits() function in
the error message.
- The deprecated mailcap module now refuses to inject unsafe
text (filenames, MIME types, parameters) into shell
commands. Instead of using such text, it will warn and act
as if a match was not found (or for test commands, as if the
test failed).
- os.sched_yield() now release the GIL while calling
sched_yield(2).
- Bugfix: PyFunction_GetAnnotations() should return a borrowed
reference. It was returning a new reference.
- Fixed a missing incref/decref pair in
Exception.__setstate__().
- Fix overly-broad source position information for chained
comparisons used as branching conditions.
- Fix undefined behaviour in _testcapimodule.c.
- At Python exit, sometimes a thread holding the GIL can
wait forever for a thread (usually a daemon thread) which
requested to drop the GIL, whereas the thread already
exited. To fix the race condition, the thread which requested
the GIL drop now resets its request before exiting.
- Fix a possible assertion failure, fatal error, or SystemError
if a line tracing event raises an exception while opcode
tracing is enabled.
- Fix undefined behaviour in C code of null pointer arithmetic.
- Do not expose KeyWrapper in _functools.
- When loading a file with invalid UTF-8 inside a multi-line
string, a correct SyntaxError is emitted.
- Disable incorrect pickling of the C implemented classmethod
descriptors.
- Fix AttributeError missing name and obj attributes in .
object.__getattribute__() bpo-42316: Document some places .
where an assignment expression needs parentheses .
- Wrap network errors consistently in urllib FTP support, so
the test suite doesn’t fail when a network is available but
the public internet is not reachable.
- Fixes AttributeError when subprocess.check_output() is used
with argument input=None and either of the arguments encoding
or errors are used.
- Avoid spurious tracebacks from asyncio when default executor
cleanup is delayed until after the event loop is closed (e.g.
as the result of a keyboard interrupt).
- Avoid a crash in the C version of
asyncio.Future.remove_done_callback() when an evil argument
is passed.
- Remove tokenize.NL check from tabnanny.
- Make Semaphore run faster.
- Fix generation of the default name of
tkinter.Checkbutton. Previously, checkbuttons in different
parent widgets could have the same short name and share
the same state if arguments “name†and “variable†are not
specified. Now they are globally unique.
- Update bundled libexpat to 2.4.9
- Fix race condition in asyncio where process_exited() called
before the pipe_data_received() leading to inconsistent
output.
- Fixed check in multiprocessing.resource_tracker that
guarantees that the length of a write to a pipe is not
greater than PIPE_BUF.
- Corrected type annotation for dataclass attribute
pstats.FunctionProfile.ncalls to be str.
- Fix the faulthandler implementation of
faulthandler.register(signal, chain=True) if the sigaction()
function is not available: don’t call the previous signal
handler if it’s NULL.
- In inspect, fix overeager replacement of “typing.†in
formatting annotations.
- Fix asyncio.streams.StreamReaderProtocol to keep a strong
reference to the created task, so that it’s not garbage
collected
- Fix handling compiler warnings (SyntaxWarning and
DeprecationWarning) in codeop.compile_command() when checking
for incomplete input. Previously it emitted warnings and
raised a SyntaxError. Now it always returns None for
incomplete input without emitting any warnings.
- Fixed flickering of the turtle window when the tracer is
turned off.
- Allow asyncio.StreamWriter.drain() to be awaited concurrently
by multiple tasks.
- Fix broken asyncio.Semaphore when acquire is cancelled.
- Fix ast.unparse() when ImportFrom.level is None
- Improve performance of urllib.request.getproxies_environment
when there are many environment variables
- Fix ! in c domain ref target syntax via a conf.py patch, so
it works as intended to disable ref target resolution.
- Clarified the conflicting advice given in the ast
documentation about ast.literal_eval() being “safe†for use
on untrusted input while at the same time warning that it
can crash the process. The latter statement is true and is
deemed unfixable without a large amount of work unsuitable
for a bugfix. So we keep the warning and no longer claim that
literal_eval is safe.
- Update tutorial introduction output to use 3.10+ SyntaxError
invalid range.
- Remove upstreamed test-int-timing.patch.
++++ systemd:
- Don't create /var/lib/systemd/random-seed in %post (bsc#1181458)
To make sure that the same seed is not replicated when installing from a
'golden' image.
For regular installations the random seed file is initialized by the installer
itself (bsc#1174964). Even if it didn't, the random seed file would be created
on first boot anyway.
++++ python310:
- Update to 3.10.8:
- Fix multiplying a list by an integer (list *= int): detect
the integer overflow when the new allocated length is close
to the maximum size.
- Fix a shell code injection vulnerability in the
get-remote-certificate.py example script. The script no
longer uses a shell to run openssl commands. (originally
filed as CVE-2022-37460, later withdrawn)
- Fix command line parsing: reject -X int_max_str_digits option
with no value (invalid) when the PYTHONINTMAXSTRDIGITS
environment variable is set to a valid limit.
- When ValueError is raised if an integer is larger than the
limit, mention the sys.set_int_max_str_digits() function in
the error message.
- The deprecated mailcap module now refuses to inject unsafe
text (filenames, MIME types, parameters) into shell
commands. Instead of using such text, it will warn and act
as if a match was not found (or for test commands, as if the
test failed).
- os.sched_yield() now release the GIL while calling
sched_yield(2).
- Bugfix: PyFunction_GetAnnotations() should return a borrowed
reference. It was returning a new reference.
- Fixed a missing incref/decref pair in
Exception.__setstate__().
- Fix overly-broad source position information for chained
comparisons used as branching conditions.
- Fix undefined behaviour in _testcapimodule.c.
- At Python exit, sometimes a thread holding the GIL can
wait forever for a thread (usually a daemon thread) which
requested to drop the GIL, whereas the thread already
exited. To fix the race condition, the thread which requested
the GIL drop now resets its request before exiting.
- Fix a possible assertion failure, fatal error, or SystemError
if a line tracing event raises an exception while opcode
tracing is enabled.
- Fix undefined behaviour in C code of null pointer arithmetic.
- Do not expose KeyWrapper in _functools.
- When loading a file with invalid UTF-8 inside a multi-line
string, a correct SyntaxError is emitted.
- Disable incorrect pickling of the C implemented classmethod
descriptors.
- Fix AttributeError missing name and obj attributes in .
object.__getattribute__() bpo-42316: Document some places .
where an assignment expression needs parentheses .
- Wrap network errors consistently in urllib FTP support, so
the test suite doesn’t fail when a network is available but
the public internet is not reachable.
- Fixes AttributeError when subprocess.check_output() is used
with argument input=None and either of the arguments encoding
or errors are used.
- Avoid spurious tracebacks from asyncio when default executor
cleanup is delayed until after the event loop is closed (e.g.
as the result of a keyboard interrupt).
- Avoid a crash in the C version of
asyncio.Future.remove_done_callback() when an evil argument
is passed.
- Remove tokenize.NL check from tabnanny.
- Make Semaphore run faster.
- Fix generation of the default name of
tkinter.Checkbutton. Previously, checkbuttons in different
parent widgets could have the same short name and share
the same state if arguments “name†and “variable†are not
specified. Now they are globally unique.
- Update bundled libexpat to 2.4.9
- Fix race condition in asyncio where process_exited() called
before the pipe_data_received() leading to inconsistent
output.
- Fixed check in multiprocessing.resource_tracker that
guarantees that the length of a write to a pipe is not
greater than PIPE_BUF.
- Corrected type annotation for dataclass attribute
pstats.FunctionProfile.ncalls to be str.
- Fix the faulthandler implementation of
faulthandler.register(signal, chain=True) if the sigaction()
function is not available: don’t call the previous signal
handler if it’s NULL.
- In inspect, fix overeager replacement of “typing.†in
formatting annotations.
- Fix asyncio.streams.StreamReaderProtocol to keep a strong
reference to the created task, so that it’s not garbage
collected
- Fix handling compiler warnings (SyntaxWarning and
DeprecationWarning) in codeop.compile_command() when checking
for incomplete input. Previously it emitted warnings and
raised a SyntaxError. Now it always returns None for
incomplete input without emitting any warnings.
- Fixed flickering of the turtle window when the tracer is
turned off.
- Allow asyncio.StreamWriter.drain() to be awaited concurrently
by multiple tasks.
- Fix broken asyncio.Semaphore when acquire is cancelled.
- Fix ast.unparse() when ImportFrom.level is None
- Improve performance of urllib.request.getproxies_environment
when there are many environment variables
- Fix ! in c domain ref target syntax via a conf.py patch, so
it works as intended to disable ref target resolution.
- Clarified the conflicting advice given in the ast
documentation about ast.literal_eval() being “safe†for use
on untrusted input while at the same time warning that it
can crash the process. The latter statement is true and is
deemed unfixable without a large amount of work unsuitable
for a bugfix. So we keep the warning and no longer claim that
literal_eval is safe.
- Update tutorial introduction output to use 3.10+ SyntaxError
invalid range.
- Remove upstreamed test-int-timing.patch.
++++ python-setuptools:
- Skip test_pbr_integration because it tries to install pbr using pip from
network
- Add fix-get-python-lib-python38.patch to fix get_python_lib() method in
python3.8 bsc#1204395
- Update to version 65.5.0:
* #3624: Fixed editable install for multi-module/no-package src-layout
projects.
* #3626: Minor refactorings to support distutils using stdlib logging module.
* #3419: Updated the example version numbers to be compliant with PEP-440 on
the "Specifying Your Project’s Version" page of the user guide.
* #3569: Improved information about conflicting entries in the current
working directory and editable install (in documentation and as an
informational warning).
* #3576: Updated version of validate_pyproject.
- v65.4.1
* #3613: Fixed encoding errors in expand.StaticModule when system default
encoding doesn't match expectations for source files.
* #3617: Merge with pypa/distutils@6852b20 including fix for
pypa/distutils#181.
- v65.4.0
* #3609: Merge with pypa/distutils@d82d926 including support for
DIST_EXTRA_CONFIG in pypa/distutils#177.
- v65.3.0
* #3547: Stop ConfigDiscovery.analyse_name from splatting the
Distribution.name attribute -- by :user:`jeamland`
* #3554: Changed requires to requests in the pyproject.toml example in the
:doc:`Dependency management section of the Quickstart guide
<userguide/quickstart>` -- by :user:`mfbutner`
* #3561: Fixed accidental name matching in editable hooks.
- v65.2.0
* #3553: Sync with pypa/distutils@22b9bcf, including fixed cross-compiling
support and removing deprecation warning per pypa/distutils#169.
- v65.1.1
* #3551: Avoided circular imports in meta path finder for editable installs
when a missing module has the same name as its parent.
- v65.1.0
* #3536: Remove monkeypatching of msvc9compiler.
* #3538: Corrected documentation on how to use the legacy-editable mode.
- v65.0.2
* #3505: Restored distutils msvccompiler and msvc9compiler modules and marked
as deprecated (pypa/distutils@c802880).
- v65.0.1
* #3529: Added clarification to :doc:`/userguide/quickstart` about support to
setup.py.
* #3526: Fixed backward compatibility of editable installs and custom
build_ext commands inheriting directly from distutils.
* #3528: Fixed buid_meta.prepare_metadata_for_build_wheel when given
metadata_directory is ".".
- v65.0.0
* #3505: Removed 'msvccompiler' and 'msvc9compiler' modules from distutils.
* #3521: Remove bdist_msi and bdist_wininst commands, which have been
deprecated since Python 3.9. Use older Setuptools for these behaviors if
needed.
* #3519: Changed the note in keywords documentation regarding editable
installations to specify which setuptools version require a minimal
setup.py file or not.
- v64.0.3
* #3515: Fixed "inline" file copying for editable installations and optional
extensions.
* #3517: Fixed editable_wheel to ensure other commands are finalized before
using them. This should prevent errors with plugins trying to use different
commands or reinitializing them.
* #3517: Augmented filter to prevent transient/temporary source files from
being considered package_data or data_files.
- v64.0.2
* #3506: Suppress errors in custom build_py implementations when running
editable installs in favor of a warning indicating what is the most
appropriate migration path. This is a transitional measure. Errors might be
raised in future versions of setuptools.
* #3512: Added capability of handling namespace packages created
accidentally/purposefully via discovery configuration during editable
installs. This should emulate the behaviour of a non-editable installation.
- v64.0.1
* #3497: Fixed editable_wheel for legacy namespaces.
* #3502: Fixed issue with editable install and single module distributions.
* #3503: Added filter to ignore external .egg-info files in manifest.
* Some plugins might rely on the fact that the .egg-info directory is
produced inside the project dir, which may not be the case in editable
installs (the .egg-info directory is produced inside the metadata directory
given by the build frontend via PEP 660 hooks).
- v64.0.0
* #3380: Passing some types of parameters via --global-option to setuptools
PEP 517/PEP 660 backend is now considered deprecated. The user can pass the
same arbitrary parameter via --build-option (--global-option is now
reserved for flags like --verbose or --quiet).
* Both --build-option and --global-option are supported as a transitional
effort (a.k.a. "escape hatch"). In the future a proper list of allowed
config_settings may be created.
* #3265: Added implementation for editable install hooks (PEP 660).
* #3380: Improved the handling of the config_settings parameter in both PEP
517 and PEP 660 interfaces:
* #3392: Exposed get_output_mapping() from build_py and build_ext
subcommands. This interface is reserved for the use of setuptools
Extensions and third part packages are explicitly disallowed to calling it.
However, any implementation overwriting build_py or build_ext are required
to honour this interface.
* #3412: Added ability of collecting source files from custom build
sub-commands to sdist. This allows plugins and customization scripts to
automatically add required source files in the source distribution.
* #3414: Users can temporarily specify an environment variable
SETUPTOOLS_ENABLE_FEATURES=legacy-editable as a escape hatch for the PEP
660 behavior. This setting is transitional and may be removed in the
future.
* #3484: Added transient compat mode to editable installs. This more will be
temporarily available (to facilitate the transition period) for those that
want to emulate the behavior of the develop command (in terms of what is
added to sys.path). This mode is provided "as is", with limited support,
and will be removed in future versions of setuptools.
* #3414: Updated :doc:`Development Mode </userguide/development_mode>` to
reflect on the implementation of PEP 660.
- v63.4.3
* #3496: Update to pypa/distutils@b65aa40 including more robust support for
library/include dir handling in msvccompiler (pypa/distutils#153) and test
suite improvements.
- v63.4.2
* #3453: Bump vendored version of :pypi:`pyparsing` to 3.0.9.
* #3481: Add warning for potential install_requires and extras_require
misconfiguration in setup.cfg
* #3487: Modified pyproject.toml validation exception handling to make
relevant debugging information easier to spot.
- v63.4.1
* #3482: Sync with pypa/distutils@274758f1c02048d295efdbc13d2f88d9923547f8,
restoring compatibility shim in bdist.format_commands.
- v63.4.0
* #2971: upload_docs command is deprecated once again.
* #3443: Installed sphinx-hoverxref extension to show tooltips on internal an
external references. -- by :user:`humitos`
* #3444: Installed sphinx-notfound-page extension to generate nice 404 pages.
- - by :user:`humitos`
* #3480: Merge with pypa/distutils@c397f4c
- v63.3.0
* #3475: Merge with pypa/distutils@129480b, including substantial delinting
and cleanup, some refactoring around compiler logic, better messaging in
cygwincompiler (pypa/distutils#161).
++++ raspberrypi-firmware:
- Update to ab37ef59f (2022-10-18):
* firmware: ldconfig: Add all, none, tryboot section support
to autoboot.txt for start.elf
* firmware: arm-dt: bootloader: Pass the original partition
number when booting a ramdisk
* firmware: arm_loader: HAT EEPROM support for GPIO bank 1
See: #1756
++++ raspberrypi-firmware-config:
- Update to ab37ef59f (2022-10-18):
* firmware: ldconfig: Add all, none, tryboot section support
to autoboot.txt for start.elf
* firmware: arm-dt: bootloader: Pass the original partition
number when booting a ramdisk
* firmware: arm_loader: HAT EEPROM support for GPIO bank 1
See: #1756
++++ raspberrypi-firmware-config-camera:
- Update to ab37ef59f (2022-10-18):
* firmware: ldconfig: Add all, none, tryboot section support
to autoboot.txt for start.elf
* firmware: arm-dt: bootloader: Pass the original partition
number when booting a ramdisk
* firmware: arm_loader: HAT EEPROM support for GPIO bank 1
See: #1756
++++ selinux-policy:
- Update to version 20221019. Refreshed:
* distro_suse_to_distro_redhat.patch
* fix_apache.patch
* fix_chronyd.patch
* fix_cron.patch
* fix_init.patch
* fix_kernel_sysctl.patch
* fix_networkmanager.patch
* fix_rpm.patch
* fix_sysnetwork.patch
* fix_systemd.patch
* fix_systemd_watch.patch
* fix_unconfined.patch
* fix_unconfineduser.patch
* fix_unprivuser.patch
* fix_xserver.patch
- Dropped fix_cockpit.patch as this is now packaged with cockpit itself
- Remove the ipa module, freeip ships their own module
- Added fix_alsa.patch to allow reading of config files in home directories
- Extended fix_networkmanager.patch and fix_postfix.patch to account
for SUSE systems
- Added dontaudit_interface_kmod_tmpfs.patch to prevent AVCs when startproc
queries the running processes
- Updated fix_snapper.patch to allow snapper to talk to rpm via dbus
------------------------------------------------------------------
------------------ 2022-10-18 - Oct 18 2022 -------------------
------------------------------------------------------------------
++++ NetworkManager:
- Update to version 1.40.2:
+ Ensure that resolv.conf gets updated when the configuration
changes.
+ Fix setting as bond primary an interface that doesn't exist yet
when the bond is activated.
+ The number of autoconnect retries is now accounted
independently for each device when there are profiles with
multi-connect=multiple.
+ Don't print duplicate entries in the output of "NetworkManager
- -print-config".
+ Fix the ifcfg-rh plugin to properly read infiniband P-Key
connection profiles without an explicit interface name.
+ Allow the removal of a bond port connection profile from the
bond via nmcli.
+ Fix race condition during the activation of veth profiles when
the peer already exists.
+ Decline the DHCPv6 lease if all addresses fail IPv6 duplicate
address detection (DAD).
+ Wait that devices get carrier before trying to resolve the
system hostname on them via DNS.
+ Fix race condition during the initial activation of OVS
interfaces.
+ Profiles generated by nm-initrd-generator now have lower than
default priority.
+ Fix error when adding many SR-IOV virtual functions (VFs).
++++ libXmu:
- Update to version 1.1.4
This release includes two notable changes to XmuConvertStandardSelection():
1) It no longer supports XA_IP_ADDRESS, which only supported IPv4 addresses
and simply provided the output of gethostbyname() on the local hostname.
2) XA_OWNER_OS no longer reports "BSD" for any Unix-like OS (including Linux)
that it hadn't been coded to handle, instead relying on uname() where
available to provide the OS name.
The lack of bug reports about the previously misleading output for these
suggests they're not widely used, with codesearch.debian.net only finding
matches in libXmu and the rust bindings to libXmu, and not any consumers
of these interfaces.
++++ libpciaccess:
- Update to version 0.17
* Fix spelling/wording issues
* meson: install man page in mandir/man1/, not mandir/1/
* gitlab CI: add a basic build test for both autotools and meson
* gitlab CI: stop requiring Signed-off-by in commits
* configure.ac: Use pkg-config to find zlib dependency info
* Obtain correct value of is_64 and is_prefetchable PCI device fields
* hurd_pci: Use __pci_conf_ variants of pci_conf_
* x86: Use gnumach device instead of /dev/mem on GNU systems && factorise ifdefs
* x86: Remove mapping of regions during probe - otherwise remapping later fails
* x86: Remove probe during create, other backends don't do this
* hurd: device_open(pci), /servers/bus/pci fallback
* x86: Sort devices by B/D/F due to recursive scan
* hurd: Don't necessarily look up _SERVERS_BUS_PCI
* Add a meson build system
* autoconf: Add meson files to dist tarball
* pciaccess.pc.in: add Libs.Private
* Hurd: avoid using the deprecated RPC pci_get_ndevs()
* hurd: Implement device memory mapping
* Hurd: Fix initialization order
* Add pci_device_disable() function
* missed library installation in meson
* hurd: Add missing round up size in map_dev_mem
* hurd: Fix letting map_dev_mem map anywhere
* hurd: Fix map_dev_mem from non-zero address
* hurd: Restore initialization order
* hurd: Fix pci_device_hurd_map_legacy
* Add support for building on macOS w/o X11, using endian code from "portable_endian.h"...
* Add parentheses to the macro definition
* pci_sys set NULL after free
* Add header protection macro in linux_devmem.h
* Delete redundant symbols ';'
- switched to meson build system
++++ libxshmfence:
- Update to version 1.3.1
* Update README for gitlab migration
* Update configure.ac bug URL for gitlab migration
* Fix spelling/wording issues
* gitlab CI: add a basic build test
* alloc: prefer atomic close-on-exec without O_TMPFILE as well
* alloc: prefer SHM_ANON on FreeBSD a la memfd_create
++++ raspberrypi-firmware:
- Update to bfbd42ef2 (2022-10-14):
* firmware: isp: Run ISP without hi-res output buffer
* firmware: arm_dt: Export the bootloader EEPROM RSA public
key via device-tree
* firmware: Add tryboot A_B mode
* firmware: il: isp: Correct order buffers were returned in
* firmware: board_info: Fix Pi 400 PHY addresses
See: #1754
++++ raspberrypi-firmware-config:
- Update to bfbd42ef2 (2022-10-14):
* firmware: isp: Run ISP without hi-res output buffer
* firmware: arm_dt: Export the bootloader EEPROM RSA public
key via device-tree
* firmware: Add tryboot A_B mode
* firmware: il: isp: Correct order buffers were returned in
* firmware: board_info: Fix Pi 400 PHY addresses
See: #1754
++++ raspberrypi-firmware-config-camera:
- Update to bfbd42ef2 (2022-10-14):
* firmware: isp: Run ISP without hi-res output buffer
* firmware: arm_dt: Export the bootloader EEPROM RSA public
key via device-tree
* firmware: Add tryboot A_B mode
* firmware: il: isp: Correct order buffers were returned in
* firmware: board_info: Fix Pi 400 PHY addresses
See: #1754
------------------------------------------------------------------
------------------ 2022-10-17 - Oct 17 2022 -------------------
------------------------------------------------------------------
++++ glib2-branding-openSUSE:
- Fix default openSUSE wallpaper is not present in dark mode (boo#1204138).
++++ gpg2:
- GnuPG 2.3.8:
* gpg: Do not consider unknown public keys as non-compliant while
decrypting.
* gpg: Avoid to emit a compliance mode line if Libgcrypt is
non-compliant.
* gpg: Improve --edit-key setpref command to ease c+p.
* gpg: Emit an ERROR status if --quick-set-primary-uid fails and
allow to pass the user ID by hash.
* gpg: Actually show symmetric+pubkey encrypted data as de-vs
compliant. Add extra compliance checks for symkey_enc packets.
* gpg: In de-vs mode use SHA-256 instead of SHA-1 as implicit
preference.
* gpgsm: Fix reporting of bad passphrase error during PKCS#11
import.
* agent: Fix a regression in "READKEY --format=ssh".
* agent: New option --need-attr for KEYINFO.
* agent: New attribute "Remote-list" for use by KEYINFO.
* scd: Fix problem with Yubikey 5.4 firmware.
* dirmngr: Fix CRL Distribution Point fallback to other schemes.
* dirmngr: New LDAP server flag "areconly" (A-record-only).
* dirmngr: Fix upload of multiple keys for an LDAP server specified
using the colon format.
* dirmngr: Use LDAP schema v2 when a Base DN is specified.
* dirmngr: Avoid caching expired certificates.
* wkd: Fix path traversal attack in gpg-wks-server. Add the mail
address to the pending request data.
* wkd: New command --mirror for gpg-wks-client.
* gpg-auth: New tool for authentication.
* New common.conf option no-autostart.
* Silence warnings from AllowSetForegroundWindow unless
GNUPG_EXEC_DEBUG_FLAGS is used.
* Rebase gnupg-detect_FIPS_mode.patch
* Remove patch upstream:
- gnupg-2.3.7-scd-openpgp-Fix-workaround-for-Yubikey-heuristics.patch
++++ kernel-default:
- rpm/check-for-config-changes: loosen pattern for AS_HAS_*
This is needed to handle CONFIG_AS_HAS_NON_CONST_LEB128.
- commit bdc0bf7
- Update
patches.kernel.org/6.0.2-022-wifi-cfg80211-mac80211-reject-bad-MBSSID-elemen.patch
(bsc#1012628 bsc#1203770 CVE-2022-41674).
- Update
patches.kernel.org/6.0.2-023-wifi-mac80211-fix-MBSSID-parsing-use-after-free.patch
(bsc#1012628 bsc#1204051 CVE-2022-42719).
- Update
patches.kernel.org/6.0.2-025-wifi-cfg80211-fix-BSS-refcounting-bugs.patch
(bsc#1012628 bsc#1204059 CVE-2022-42720).
- Update
patches.kernel.org/6.0.2-026-wifi-cfg80211-avoid-nontransmitted-BSS-list-cor.patch
(bsc#1012628 bsc#1204060 CVE-2022-42721).
- Update
patches.kernel.org/6.0.2-028-wifi-mac80211-fix-crash-in-beacon-protection-fo.patch
(bsc#1012628 bsc#1204125 CVE-2022-42722).
Add CVE references.
- commit af756fb
++++ libgpg-error:
- Update to 1.46:
* Support for bidirectional pipes under Windows.
* REG_DWORD types are now support in the Windows Registry.
* Added ES_SYSHD_SOCK support for gpgrt_sysopen under Windows.
* Fixed gpgrt_log_get_fd for the file case.
* Avoids header problem with C11 and "noreturn".
* The gpg-error-config command is not installed by default, because
it is now replaced by use of pkg-config/gpgrt-config with
gpg-error.pc. Supply --enable-install-gpg-error-config configure
option, if it's really needed.
* Fixed support of posix-lock for FreeBSD.
* Build fixes for some Mingw tool chain versions.
* Removed remaining support for WindowsCE.
* Updated config.guess, config.sub, and config.rpath.
* gpg-error-config is now only installed when enabled.
* System paths are now stripped from --cflags --and --libs.
++++ libksba:
- libksba 1.6.2: [bsc#1204357, CVE-2022-3515]
* Fix integer overflow in the CRL parser.
++++ ncurses:
- Add ncurses patch 20221015
+ fix another memory-leak in tic.
+ update install-sh script from autoconf, to fix install problem for
Ada95 with Arch; as noted in
https://lists.gnu.org/archive/html/automake/2018-09/msg00005.html
there are unaddressed issues.
+ update CF_XOPEN_SOURCE, adding GNU libc suffixes for abi64, abin32,
x32 (report by Sven Joachim):
+ correct ifdef's for _nc_set_read_thread() (patch by Mikhail Korolev,
cf: 20220813).
++++ tiff:
- security update:
* CVE-2022-2519 [bsc#1202968]
* CVE-2022-2520 [bsc#1202973]
* CVE-2022-2521 [bsc#1202971]
+ tiff-CVE-2022-2519,CVE-2022-2520,CVE-2022-2521.patch
++++ libzypp:
- Do not clean up MediaSetAccess before using the geoip file
(fixes #424)
- version 17.31.4 (22)
------------------------------------------------------------------
------------------ 2022-10-16 - Oct 16 2022 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Linux 6.0.2 (bsc#1012628).
- nilfs2: fix NULL pointer dereference at
nilfs_bmap_lookup_at_level() (bsc#1012628).
- nilfs2: fix use-after-free bug of struct nilfs_root
(bsc#1012628).
- nilfs2: fix leak of nilfs_root in case of writer thread creation
failure (bsc#1012628).
- nilfs2: replace WARN_ONs by nilfs_error for checkpoint
acquisition failure (bsc#1012628).
- nvme-pci: set min_align_mask before calculating max_hw_sectors
(bsc#1012628).
- random: restore O_NONBLOCK support (bsc#1012628).
- random: clamp credited irq bits to maximum mixed (bsc#1012628).
- ALSA: hda: Fix position reporting on Poulsbo (bsc#1012628).
- efi: Correct Macmini DMI match in uefi cert quirk (bsc#1012628).
- scsi: qla2xxx: Revert "scsi: qla2xxx: Fix response queue
handler reading stale packets" (bsc#1012628).
- scsi: qla2xxx: Fix response queue handler reading stale packets
(bsc#1012628).
- scsi: stex: Properly zero out the passthrough command structure
(bsc#1012628).
- USB: serial: qcserial: add new usb-id for Dell branded EM7455
(bsc#1012628).
- Revert "USB: fixup for merge issue with "usb: dwc3: Don't
switch OTG -> peripheral if extcon is present"" (bsc#1012628).
- Revert "usb: dwc3: Don't switch OTG -> peripheral if extcon
is present" (bsc#1012628).
- Revert "powerpc/rtas: Implement reentrant rtas call"
(bsc#1012628).
- Revert "crypto: qat - reduce size of mapped region"
(bsc#1012628).
- random: avoid reading two cache lines on irq randomness
(bsc#1012628).
- random: use expired timer rather than wq for mixing fast pool
(bsc#1012628).
- wifi: cfg80211: fix u8 overflow in
cfg80211_update_notlisted_nontrans() (bsc#1012628).
- wifi: cfg80211/mac80211: reject bad MBSSID elements
(bsc#1012628).
- wifi: mac80211: fix MBSSID parsing use-after-free (bsc#1012628).
- wifi: cfg80211: ensure length byte is present before access
(bsc#1012628).
- wifi: cfg80211: fix BSS refcounting bugs (bsc#1012628).
- wifi: cfg80211: avoid nontransmitted BSS list corruption
(bsc#1012628).
- wifi: mac80211_hwsim: avoid mac80211 warning on bad rate
(bsc#1012628).
- wifi: mac80211: fix crash in beacon protection for P2P-device
(bsc#1012628).
- wifi: cfg80211: update hidden BSSes to avoid WARN_ON
(bsc#1012628).
- mctp: prevent double key removal and unref (bsc#1012628).
- Input: xpad - add supported devices as contributed on github
(bsc#1012628).
- Input: xpad - fix wireless 360 controller breaking after suspend
(bsc#1012628).
- misc: pci_endpoint_test: Aggregate params checking for xfer
(bsc#1012628).
- misc: pci_endpoint_test: Fix
pci_endpoint_test_{copy,write,read}() panic (bsc#1012628).
- commit 7fb6561
++++ mozilla-nss:
- update to NSS 3.83
* bmo#1788875 - Remove set-but-unused variables from
SEC_PKCS12DecoderValidateBags
* bmo#1563221 - remove older oses that are unused part3/ BeOS
* bmo#1563221 - remove older unix support in NSS part 3 Irix
* bmo#1563221 - remove support for older unix in NSS part 2 DGUX
* bmo#1563221 - remove support for older unix in NSS part 1 OSF
* bmo#1778413 - Set nssckbi version number to 2.58
* bmp#1785297 - Add two SECOM root certificates to NSS
* bmo#1787075 - Add two DigitalSign root certificates to NSS
* bmo#1778412 - Remove Camerfirma Global Chambersign Root from NSS
* bmo#1771100 - Added bug reference and description to disabled
UnsolicitedServerNameAck bogo ECH test
* bmo#1779361 - Removed skipping of ECH on equality of private and
public server name
* bmo#1779357 - Added comment and bug reference to
ECHRandomHRRExtension bogo test
* bmo#1779370 - Added Bogo shim client HRR test support. Fixed
overwriting of CHInner.random on HRR
* bmo#1779234 - Added check for server only sending ECH extension
with retry configs in EncryptedExtensions and if not
accepting ECH. Changed config setting behavior to
skip configs with unsupported mandatory extensions
instead of failing
* bmo# 1771100 - Added ECH client support to BoGo shim. Changed
CHInner creation to skip TLS 1.2 only extensions to
comply with BoGo
* bmo#1771100 - Added ECH server support to BoGo shim. Fixed NSS ECH
server accept_confirmation bugs
* bmo#1771100 - Update BoGo tests to recent BoringSSL version
* bmo#1785846 - Bump minimum NSPR version to 4.34.1
++++ mozilla-nspr:
- update to version 4.35
* fixes for building with clang
* use the number of online processors for the
PR_GetNumberOfProcessors() API on some platforms
* fix build on mips+musl libc
* Add support for the LoongArch 64-bit architecture
------------------------------------------------------------------
------------------ 2022-10-15 - Oct 15 2022 -------------------
------------------------------------------------------------------
++++ gettext-runtime:
- Update to Version 0.21.1
* Runtime behaviour:
- On AIX, locale names with a script or with an uppercase language are now
supported.
For example, sr_Cyrl_RS.UTF-8 is treated like sr_RS.UTF-8@cyrillic, and
EN_US.UTF-8 is treated like en_US.UTF-8.
* The base Unicode standard is now updated to 14.0.0.
* Portability:
- Building on macOS 11/arm64 is now supported.
- Building on Linux/powerpc64le with glibc ≥ 2.35 is now supported.
------------------------------------------------------------------
------------------ 2022-10-14 - Oct 14 2022 -------------------
------------------------------------------------------------------
++++ elfutils:
- Add RISC-V specific patches:
* 0001-libelf-Sync-elf.h-from-glibc.patch
* 0002-backends-Handle-new-RISC-V-specific-definitions.patch
* 0003-elflint-Allow-zero-p_memsz-for-PT_RISCV_ATTRIBUTES.patch
* 0004-readelf-Handle-SHT_RISCV_ATTRIBUTES-like-SHT_GNU_ATT.patch
* 0005-backends-Add-RISC-V-object-attribute-printing.patch
++++ fde-tools:
- Add bsc1204037-mokutil-check-sb-state.patch to check the
SecureBoot state with mokutil (bsc#1204037)
++++ gnutls:
- Consolidate the FIPS hmac files [bsc#1203245]
* Use the gnutls fipshmac tool instead of the brp-check-suse
and rename it to reflect on the library version.
* Remove not needed gnutls-FIPS-Run-CFB8-without-offset.patch
- Add a gnutls.rpmlintrc file to remove a hidden-file-or-dir false
positive for the FIPS hmac calculation.
++++ kernel-default:
- series.conf: cleanup
- update upstream reference and move into sorted section:
- patches.suse/watchdog-wdat_wdt-fix-min-max-timer-value.patch
- commit 64a2b58
- Refresh
patches.suse/ACPI-resource-Add-ASUS-model-S5402ZA-to-quirks.patch.
- Refresh
patches.suse/ACPI-resource-Skip-IRQ-override-on-Asus-Vivobook-K34.patch.
Update upstream status. They were merged already.
- commit 098c340
- ACPI: resource: do IRQ override on LENOVO IdeaPad (bsc#1203794).
- ACPI: resource: Add ASUS model S5402ZA to quirks (bsc#1203794).
- ACPI: resource: Skip IRQ override on Asus Vivobook
K3402ZA/K3502ZA (bsc#1203794).
- commit c7a2f55
++++ libxml2:
- Update to version 2.10.3 (bsc#1204366, CVE-2022-40303, bsc#1204367, CVE-2022-40304):
+ Security:
- [CVE-2022-40304] Fix dict corruption caused by entity
reference cycles
- [CVE-2022-40303] Fix integer overflows with XML_PARSE_HUGE
- Fix overflow check in SAX2.c
+ Build system: cmake: Set SOVERSION
- Rebase patches with quilt.
++++ libzypp:
- Improve download of optional files (fixes #416)
- Do not use geoip rewrites if the repo has explicit country
settings.
- Implement geoIP feature for zypp.
This patch adds a feature to rewrite request URLs to the repo
servers by querying a geoIP file from download.opensuse.org. This
file can return a redirection target depending on the clients IP
adress, this way we can directly contact a local mirror of d.o.o
instead. The redir target stays valid for 24hrs.
This feature can be disabled in zypp.conf by setting
'download.use_geoip_mirror = false'.
- Use a dynamic fallback for BLKSIZE in downloads.
When not receiving a blocklist via metalink file from the server
MediaMultiCurl used to fallback to a fixed, relatively small
BLKSIZE. This patch changes the fallback into a dynamic value
based on the filesize using a similar metric as the MirrorCache
implementation on the server side.
- Skip media.1/media download for http repo status calc.
This patch allows zypp to skip a extra media.1/media download to
calculate if a repository needs to be refreshed. This
optimisation only takes place if the repo does specify only
downloading base urls.
- version 17.31.3 (22)
++++ libxml2-python:
- Update to version 2.10.3 (bsc#1204366, CVE-2022-40303, bsc#1204367, CVE-2022-40304):
+ Security:
- [CVE-2022-40304] Fix dict corruption caused by entity
reference cycles
- [CVE-2022-40303] Fix integer overflows with XML_PARSE_HUGE
- Fix overflow check in SAX2.c
+ Build system: cmake: Set SOVERSION
- Rebase patches with quilt.
------------------------------------------------------------------
------------------ 2022-10-13 - Oct 13 2022 -------------------
------------------------------------------------------------------
++++ ansible:
- update to 6.5.0:
Ansible 6.5.0 will include ansible-core 2.13.5 as well as a curated set of
Ansible collections to provide a vast number of modules and plugins.
* The changelog for ansible-core 2.13 installed by this release of
ansible is available here:
https://github.com/ansible/ansible/blob/stable-2.13/changelogs/CHANGELOG-v2.13.rst
* Collections which have opted into being a part of the Ansible-6
unified changelog will have an entry on this page:
https://github.com/ansible-community/ansible-build-data/blob/main/6/CHANGELOG-v6.rst
++++ dbus-1:
- Disable asserts (bsc#1087072)
++++ dracut:
- Update to version 057+suse.337.g4162a70e:
* fix(network-legacy): misleading duplicate address detection using wicked (bsc#1201235)
A series of fixes for NVMeoF boot (bsc#1203368):
* fix(man): dracut.cmdline.7: clarify "rd.nvmf.discover=fc,auto"
* fix(network): avoid double brackets around IPv6 address
* feat(nvmf): set rd.neednet=1 if tcp records encountered
* fix(man): dracut.cmdline(7): correct syntax for rd.nonvmf
* fix(network): don't use same ifname multiple times
* fix(nvmf): run cmdline hook before parse-ip-opts.sh
* fix(nvmf): avoid calling "exit" in a cmdline hook
* fix(nvmf): make sure "rd.nvmf.discover=fc,auto" takes precedence
* fix(nvmf): don't use "finished" queue for autoconnect
* fix(nvmf): don't create did-setup file
* fix(nvmf): no need to load the nvme module
* fix(nvmf): don't try to validate network connections in cmdline hook
* fix(nvmf): nvme list-subsys prints the address using commas as separator
* fix(systemd): add missing modprobe@.service (bsc#1203749)
* fix(i18n): do not fail if FONT in /etc/vconsole.conf has the file extension (bsc#1203267)
++++ fde-tools:
- Add bsc1204037-update-grub.cfg-for-pw-only.patch to update
grub.cfg when the user only chooses the pass phrase to encrypt
the disk. (bsc#1204037)
++++ hwdata:
- update to 0.363:
+ Updated pci, usb and vendor ids.
++++ rdma-core:
- Add rdma-ndd-disable-systemd-ProtectHostName-feature.patch to fix issue
where rdma-ndd would not be aware of dynamic hostnames retrived through DHCP
++++ gcc12:
- Update embedded newlib to version 4.2.0
* includes newlib-4.1.0-aligned_alloc.patch
++++ unbound:
- update to 1.17.0
* Features
- Merge #753: ACL per interface. (New interface-* configuration
options).
- Merge #760: PROXYv2 downstream support. (New proxy-protocol-port
configuration option).
* Bug Fixes
- Fix #728: alloc_reg_obtain() core dump. Stop double
alloc_reg_release when serviced_create fails.
- Fix edns subnet so that scope 0 answers only match sourcemask 0
queries for answers from cache if from a query with sourcemask 0.
- Fix unittest for edns subnet change.
- Merge #730 from luisdallos: Fix startup failure on Windows 8.1 due
to unsupported IPV6_USER_MTU socket option being set.
- Fix ratelimit inconsistency, for ip-ratelimits the value is the
amount allowed, like for ratelimits.
- Fix #734 [FR] enable unbound-checkconf to detect more (basic)
errors.
- Fix to log accept error ENFILE and EMFILE errno, but slowly, once
per 10 seconds. Also log accept failures when no slow down is used.
- Fix to avoid process wide fcntl calls mixed with nonblocking
operations after a blocked write.
- Patch from Vadim Fedorenko that adds MSG_DONTWAIT to receive
operations, so that instruction reordering does not cause mistakenly
blocking socket operations.
- Fix to wait for blocked write on UDP sockets, with a timeout if it
takes too long the packet is dropped.
- Fix for wait for udp send to stop when packet is successfully sent.
- Fix #741: systemd socket activation fails on IPv6.
- Fix to update config tests to fix checking if nonblocking sockets
work on OpenBSD.
- Slow down log frequency of write wait failures.
- Fix to set out of file descriptor warning to operational verbosity.
- Fix to log a verbose message at operational notice level if a
thread is not responding, to stats requests. It is logged with
thread identifiers.
- Remove include that was there for debug purposes.
- Fix to check pthread_t size after pthread has been detected.
- Convert tdir tests to use the new skip_test functionality.
- Remove unused testcode/mini_tpkg.sh file.
- Better output for skipped tdir tests.
- Fix doxygen warning in respip.h.
- Fix to remove erroneous TC flag from TCP upstream.
- Fix test tdir skip report printout.
- Fix windows compile, the identifier interface is defined in headers.
- Fix to close errno block in comm_point_tcp_handle_read outside of
ifdef.
- Fix static analysis report to remove dead code from the
rpz_callback_from_iterator_module function.
- Fix to clean up after the acl_interface unit test.
- Merge #764: Leniency for target discovery when under load (for
NRDelegation changes).
- Use DEBUG_TDIR from environment in mini_tdir.sh for debugging.
- Fix string comparison in mini_tdir.sh.
- Make ede.tdir test more predictable by using static data.
- Fix checkconf test for dnscrypt and proxy port.
- Fix dnscrypt compile for proxy protocol code changes.
- Fix to stop responses with TC flag from resulting in partial
responses. It retries to fetch the data elsewhere, or fails the
query and in depth fix removes the TC flag from the cached item.
- Fix proxy length debug output printout typecasts.
- Fix to stop possible loops in the tcp reuse code (write_wait list
and tcp_wait list). Based on analysis and patch from Prad Seniappan
and Karthik Umashankar.
- Fix PROXYv2 header read for TCP connections when no proxied addresses
are provided.
++++ python-contextvars:
- use https for urls
++++ ovmf:
- Update to edk2-stable202208 (jsc#PED-1410)
- Features (https://github.com/tianocore/edk2/releases):
Add CRC16 and CRC32C to MdePkg
IntelFsp2Pkg/ConfigEditor: Support FSP 2.3 header
Extend SecureBootVariableLib interfaces
UEFI HTTPS Boot Support for HTTP Client Authentication (Basic or Digest)
Support 64bit FspResetType for X64 build
IntelFsp2Pkg/FspSecCore: Add FSP-I entry for SMM support
Add PCI_DEVICE_PPI definition to EDK2
Support to assign the subject name to sign the capsule file
- Patches (git log --oneline --reverse edk2-stable202205..edk2-stable202208):
7f0890776e MdeModulePkg/UniversalPayload: Align Identifier value with UPL spec
b4be5f05dd UefiPayloadPkg: Align Identifier value with UPL spec
dac2fc8146 UefiPayloadPkg: Align SpecRevision value with UPL spec
3ca7326b37 OvmfPkg/VirtioGpuDxe: replace struct copy with CopyMem call
fa2b212d61 IntelFsp2Pkg: Add FSP 2.3 header support
11d8abcba2 IntelFsp2Pkg: FSP_TEMP_RAM_INIT call must follow X64 Calling Convention
df1c7e91b4 IntelFsp2WrapperPkg: FSP_TEMP_RAM_INIT call for X64 Calling Convention
62044aa99b OvmfPkg/ResetVector: Removing SEV-ES CPUID bit check
54cd0d9b2f OvmfPkg: Fix TDVMCALL error in ApRunLoop.nasm
64706ef761 OvmfPkg: Search EFI_RESOURCE_MEMORY_UNACCEPTED for Fw hoblist
81ab97b7b9 OvmfPkg/AmdSev: remove unused SMM bits from .dsc and .fdf files
0223898f3e OvmfPkg/Microvm: drop CODE and VARS files
b57911c84c OvmfPkg/FdtPciHostBridgeLib: io range is not mandatory
47f44097eb OvmfPkg/Platform: unfix PcdPciExpressBaseAddress
ad3bafa7d5 OvmfPkg/Microvm/pcie: no vbeshim please
bd10d4e201 OvmfPkg/Microvm/pcie: mPhysMemAddressWidth tweak
632574ced1 OvmfPkg/Microvm/pcie: add pcie support
5c9f151e0c OvmfPkg: CloudHv: Fix FW_BASE_ADDRESS
43f3cfce19 OvmfPkg: Check for QemuFwCfg availability before accessing it
3129ed374c OvmfPkg: CloudHv: Rely on QemuFwCfgLibNull implementation
bf25f27e00 OvmfPkg: Don't access A20 gate register on Cloud Hypervisor
72c5afd0b4 Security: Add HashLibTdx
b1567b2e15 CryptoPkg: Add SecCryptLib
dc443e4437 SecurityPkg: Add definition of EFI_CC_EVENT_HOB_GUID
a708536dce OvmfPkg: Introduce SecMeasurementLib
4b0a622635 OvmfPkg/IntelTdx: Measure Td HobList and Configuration FV
ac03c339de OvmfPkg: Add PCDs for LAML/LASA field in CC EVENTLOG ACPI table
f8264e1303 MdePkg: Define CC Measure EventLog ACPI Table
57a6ee3461 OvmfPkg/IntelTdx: Add TdTcg2Dxe
0a4019ec9d OvmfPkg/IntelTdx: Enable RTMR based measurement and measure boot
0b36dea3f8 BaseTools: Fix dependency issue in PcdValueInit
4f89e4b3e8 .pytool: UncrustifyCheck: Set IgnoreFiles path relative to package path
2818fda9bc Security: Add SecTpmMeasurementLibTdx
ff0ffe5999 OvmfPkg: Implement MeasureHobList/MeasureFvImage
a81a650da1 OvmfPkg: Delete SecMeasurementLibTdx
ff36b2550f OvmfPkg/Sec: fix stack switch
21a9b605b8 CpuException: Avoid allocating code pages for DXE instance
34d505123e CpuException: Init global variables in-place
2fbc5ff0a5 CpuException: Avoid allocating page but using global variables
2a09527ebc CpuException: Remove InitializeCpuInterruptHandlers
e7abb94d1f CpuException: Add InitializeSeparateExceptionStacks
54aeed7e00 MpInitLib: Allocate code buffer for PEI phase
76323c3145 MpInitLib: remove unneeded global ASM_PFX
b4d7b9d2b5 MpInitLib: Put SEV logic in separate file
283ab9437a MpInitLib: Only allocate below 1MB memory for 16bit code
ccc269756f MpInitLib: Move the Above1Mb vector allocation to MpInitLibInitialize
f0b97e165e Revert "OvmfPkg/Sec: fix stack switch"
b09ada6edc MdePkg: Remove "assert" from SmmCpuRendevousLibNull.c
92288f4334 MdePkg/BaseLib: Add CRC16-ANSI and CRC32c implementations
e2ae0bed29 ArmPkg/ArmExceptionLib: Follow new CpuExceptionHandlerLib APIs
6676162f64 DxeMain: Fix the bug that StackGuard is not enabled
16d97fa601 OvmfPkg: Use PcdOvmfWorkAreaBase instead of PcdSevEsWorkAreaBase
05e57cc9ce SecurityPkg/HashLibTdx: Return EFI_UNSUPPORTED if it is not Tdx guest
92ab049719 BaseTools: output the intermediate library instance when error occurs
cc2db6ebfb UefiPayloadPkg: Increase the PcdMaximumUnicodeStringLength
e8034b534a UefiPayloadPkg: Always split page table entry to 4K if it covers stack.
cfe165140a UefiPayloadPkg: UniversalPayloadBuild.py to support --pcd feature
b97243dea3 MdeModulePkg/XhciDxe: Check return value of XHC_PAGESIZE register
3930d1791a ArmPlatformPkg: Remove overly verbose DEBUG lines in LcdGraphicsBlt
aa1bce0e5e OvmfPkg: reduce the number of dsc include files for tpm libs
6c9f218bc0 OvmfPkg/Library: Create base HardwareInfoLib for PCI Host Bridges
2b1a5b8c61 Ovmf/HardwareInfoLib: Create Pei lib to parse directly from fw-cfg
a1bd79c514 Ovmf/HardwareInfoLib: Add Dxe lib to dynamically parse heterogenous data
3497fd5c26 Ovmf/PlatformPei: Use host-provided GPA end if available
3f5b1b9132 OvmfPkg/PciHostBridgeUtilityLib: Initialize RootBridges apertures with spec
f304308e1c ArmPlatformPkg: Add PCD for serial debug port interrupt
4bfd668e5e UefiCpuPkg: CpuDxe: Set RW and P Attributes on Split Pages
2aee08c0b6 UefiPayloadPkg: Backward support with python 3.6
8f0722434b ArmVirtPkg: Include DxeHardwareInfoLib library class in dsc
15b25045e6 Ovmf: Include HardwareInfoLib library classes for IntelTdx
b600f253b3 BaseTools/Ecc: Fix grammar in Ecc error message
7f4eca4cc2 MdeModulePkg/XhciDxe: Add access xHCI Extended Capabilities Pointer
5914128871 BaseTools: Fix the GenMake bug for .cpp source file
c13377153f MdePkg/Acpi62: Add type 7 NFIT Platform Capabilities Structure support
21e6ef7522 UefiPayloadPkg: Align Attribute value with UPL spec
8d0564deaf pip-requirements.txt: Update basetools version to 0.1.24
f966093f5b OvmfPkg/PlatformCI: add IntelTdxBuild.py
70586d4e3a MdePkg/Acpi62: Add bit definitions to NFIT Platform Capabilities Structure
7861b24dc9 ArmPkg/Drivers: ArmGicIsInterruptEnabled returns incorrect value
e1eef3a8b0 NetworkPkg: Add Wi-Fi Wpa3 support in WifiConnectManager
134fbd552c SecurityPkg: UefiSecureBoot: Definitions of cert and payload structures
d6bee54c45 SecurityPkg: PlatformPKProtectionLib: Added PK protection interface
56c717aafa SecurityPkg: SecureBootVariableLib: Updated time based payload creator
6de7c084db SecurityPkg: SecureBootVariableLib: Updated signature list creator
6eb4079475 SecurityPkg: SecureBootVariableLib: Added newly supported interfaces
fe73e9cd89 SecurityPkg: SecureBootVariableProvisionLib: Updated implementation
d2a0f379d5 SecurityPkg: Secure Boot Drivers: Added common header files
5678ebb42b SecurityPkg: SecureBootConfigDxe: Updated invocation pattern
dbc4e3675f SecurityPkg: SecureBootVariableLib: Added unit tests
152e37cc5a OvmfPkg: Pipeline: Resolve SecureBootVariableLib dependency
f193b945ea EmulatorPkg: Pipeline: Resolve SecureBootVariableLib dependency
9ab18fec82 StandaloneMmPkg: Fix issue about SpPcpuSharedBufSize field
31d3eeb103 StandaloneMmPkg: Replace DEBUG_INFO with DEBUG_ERROR
5496c763aa StandaloneMmPkg: Fix check buffer address failed issue from TF-A
e93bc6309b UefiCpuPkg/SecCore: Add debug messages to illuminate data flow
86a0f84470 ArmVirtPkg: Pipeline: Resolving newly introduced dependency
c8e30482fd .gitignore: Ignore build tools build logs
f6f3cc7ead UefiPayloadPkg: Add CryptoDxe driver to UefiPayload
12dd064a18 MdePkg/include: Update DMAR definitions to Intel VT-d spec ver4.0
9ab389c01b UefiCpuPkg: Update SEC_IDT_TABLE struct
470206ba7f IntelFsp2Pkg: Update SEC_IDT_TABLE struct
0d23c447d6 DynamicTablesPkg: Add support to specify FADT minor revision
07c8e5e59b UefiPayloadPkg/PlatformBootManagerLib: Evenly space boot prompt
176016387f BaseTools: add '-p' for Linux 'cp' command.
039bdb4d3e BaseTools: Fix DSC LibraryClass precedence rule
fc4a132c0e DynamicTables: Fix DT PCI interrupt flags parsing
792ebb6374 DynamicTablesPkg: Fix generated _HID value for SBSA
c966204049 IntelFsp2Pkg: Add Definition of EDKII_PEI_VARIABLE_PPI
586b4a104b Maintainers.txt: Add IntelFsp2*Pkg Maintainer
e18a5f813c Maintainers.txt: Update Maintainers/reviewers for UefiPayloadPkg
e21b203911 UefiPayloadPkg: Add macro to support selective driver in UPL
f0064ac3af Maintainers.txt: Update email address
6cda306da1 DynamicTablesPkg: AcpiSsdtPcieLibArm: Correct translation value
9ac155bf0b DynamicTablesPkg: AcpiSsdtPcieLibArm: Support UID > 0xF
19a8768365 DynamicTablesPkg: AcpiSsdtPcieLibArm: Create support library
671b0cea51 NetworkPkg/HttpBootDxe: Add Support for HTTP Boot Basic Authentication
140446cd59 IntelFsp2Pkg: Support 64bit FspResetType for X64 build.
24eac4caf3 IntelFsp2WrapperPkg: Support 64bit FspResetType for X64 build.
4824924377 IntelFsp2Pkg/FspSecCore: Add FSP-I API for SMM support.
3b8cee1781 Maintainers.txt: update Gary's email address
7ef91af84c EmulatorPkg/PosixFileSystem: Add NULL check on memory allocation
494f333aba MdeModulePkg/CoreDxe: Allow DXE Drivers to use untested memory
343f37b5c0 MdeModulePkg/SetupBrowserDxe:Follow spec'd way to reconnect driver
c8af26627a ArmPkg/CpuDxe: drop ARM_PROCESSOR_TABLE pseudo-ACPI table
5a3641bfcd IntelFsp2Pkg: Add FSPI_ARCH_UPD.
bf1ff540d9 MdePkg/UefiDevicePathLib: Add support for PEIMs
6964b5c48c MdeModulePkg/Include: Long debug string is truncated to 104 char
d32a84b5ad BaseTools: INF should use latest Pcd value instead of default value
8ee26529d1 BaseTools/VolInfo: Correct alignment attributes display
c0b7679aac BaseTools/VolInfo: Increase define for highest section value
fca5de51e1 BaseTools/VolInfo: Correct EFI_SECTION_VERSION display
8a5782d704 UefiCpuPkg: Fix nasm warning "signed byte value exceeds"
a47241f133 UefiPayloadPkg: Add macro to support selection of CryptoDxe driver
69f76d0f72 Maintainers.txt: Remove OvmfPkg/XenTimerDxe reference
a8c4fe23c4 Maintainers.txt: Add missing github ids
7f1c89f167 Maintainers.txt: Remove reviewer Harry Han
b68d566439 BaseTools/Capsule: Support signtool input subject name to sign capsule file
e3d468acb9 BaseTools/VolInfo: Show encapsulation sections
2677286307 UefiPayloadPkg: Fix RelaAddress type always mismatch in if condition
f26b70cb9f UefiPayloadPkg: Add support for logging to CBMEM console
57783adfb5 OvmfPkg: Change default to disable MptScsi and PvScsi
1774a44ad9 Maintainers.txt: Remove MptScsi and PvScsi reviewers
0e7add1d75 OvmfPkg/XenHypercallLib: Fix naming of AArch64
3eca64f157 IntelFsp2Pkg: FSPI_UPD is not mandatory.
0d0bfcb457 IntelFsp2Pkg: Fix GenCfgOpt bug for FSPI_UPD support.
8a210b9ac0 ShellPkg: Acpiview: Abbreviate field names to preserve alignment
65c4f3f2be DynamicTablesPkg: Handle error when IdMappingToken is NULL
f5cea604a6 DynamicTablesPkg: IORT set reference to Id array only if present
238f903e8d DynamicTablesPkg: IORT set reference to interrupt array if present
4c55f6394f MdePkg: IORT header update for IORT Rev E.d spec
cd67efa1b2 ShellPkg: Acpiview: IORT parser update for IORT Rev E.d spec
de200b7e2c DynamicTablesPkg: Update ArmNameSpaceObjects for IORT Rev E.d
e9150618ec DynamicTablesPkg: IORT generator updates for Rev E.d spec
6f4e10d6db SecurityPkg: Add retry mechanism for tpm command
19cbfaa431 OvmfPkg/QemuVideoDxe: Zero out PixelInformation in QueryMode
a551de0d93 ArmVirtPkg: Fix KVM Guest Firmware
0dc9b78a46 Maintainers.txt: Add missing Github IDs for OvmfPkg TPM/TGC modules
d219119721 UefiPayloadPkg/PlatformBootManagerLib: Correct spacing in boot prompt
79aab22fca UefiPayloadPkg: Add a Macro to enable Boot Logo
444260d45e UefiPayloadPkg: Load Boot Logo into ACPI table
86757f0b47 MdeModulePkg: Add EDKII_PCI_DEVICE_PPI definition
a8f59e2eb4 MdeModulePkg/AhciPei: Use PCI_DEVICE_PPI to manage AHCI device
3e599bbc10 DynamicTablesPkg: Fix using RmrNodeCount unitlitialised
a0a03b5154 BaseTools/GenSec: Fix typo
f5f8c08db9 BaseTools/VolInfo: Show FV section boundaries
d241a09afb BaseTools/VolInfo: Parse EFI_SECTION_FREEFORM_SUBTYPE_GUID header
cf02322c98 BaseTools/GenSec: Support EFI_SECTION_FREEFORM_SUBTYPE_GUID sections
1ee1622817 Basetools/GenFw: Allow AARCH64 builds to use the --prm flag
9f197e44b1 PrmPkg: Enable external visibility on PRM symbols
21200d9fe6 PrmPkg: Build Prm Samples with GCC for AARCH64
57faeb782a PrmPkg: Support AArch64 builds using GCC
1da2012d93 PrmPkg: Add details on AArch64 build to the Readme.
0f7bccf584 UefiCpuPkg: Simplify InitializeSeparateExceptionStacks
9a24c3546e MdeModulePkg: Move CPU_EXCEPTION_INIT_DATA to UefiCpuPkg
f1688ec9da UefiCpuPkg: Simplify the struct definition of CPU_EXCEPTION_INIT_DATA
75e3c2435c UefiCpuPkg: Create CpuPageTableLib for manipulating X86 paging structs
f336e30ba1 UefiCpuPkg/CpuPageTableLib: Return error on invalid parameters
bf334513b3 CpuPageTableLib: Fix a bug when a bit is 1 in Attribute, 0 in Mask
13a0471bfd CpuPageTableLib: Refactor the logic
9cb8974f06 CpuPageTableLib: Split the page entry when LA is aligned but PA is not
c16f02f776 CpuPageTableLib: Avoid treating non-leaf entry as leaf one
f4c845e46b CpuPageTableLib: Fix parent attributes are not inherited properly
9f53fd4ba7 CpuPageTableLib: Fix a bug to avoid unnecessary changing to page table
927113c83b CpuPageTableLib: Fix bug that wrongly requires extra size for mapping
e9e2ecab2d CpuPageTableLib: define IA32_PAGE_LEVEL enum type internally
e76496530c MdePkg/Library/UefiDevicePathLib: Add back StandaloneMm INF file
bd06717863 MdeModulePkg: Enhance bus scan for all root bridge instances
74f44d920a ShellPkg/SmbiosView: Display extended memory info in smbiosview -t 17
83d5871184 UefiCpuPkg/PiSmmCpuDxeSmm: Add a new mIsShadowStack flag
7b4754904e UefiCpuPkg/PiSmmCpuDxeSmm: Remove mInternalCr3 in PiSmmCpuDxeSmm
62391b4ce9 MdeModulePkg/DxeIpl: Remove clearing CR0.WP when protecting pagetable
803ed060ee UefiPayloadPkg: Remove clearing CR0.WP when protecting pagetable
a2b61de2f6 IntelFsp2Pkg: FSPM_ARCH2_UPD mismatching bug.
809b5a3d2a MdeModulePkg: Update the SMBIOS version by UPL
2812668bfc UefiCpuPkg/CpuPageTableLib/UnitTest: Add host based unit test
30d62f5e31 OvmfPkg/PlatformDxe: Check ExtractConfig and RouteConfig arguments
b94836b224 OvmfPkg/VirtioGpuDxe: Check QueryMode arguments
3f282f4510 OvmfPkg/VirtioFsDxe: Check GetDriverName arguments
64a20bea97 MdeModulePkg/DumpDynPcd: Remove unsupported format specifiers
9102518d29 MdePkg: Improved Smbios Type9 table and Smbios spec v3.5.0 Changes
35d167ef3c ShellPkg: Improved Smbios Type 9 table changes in PrintInfo.c
68bf712d4f MdePkg: Added support for SMBIOS spec v3.6.0 to Smbios.h
e2ac68a23b BaseTools/Source/C/GenSec: Fix EFI_SECTION_FREEFORM_SUBTYPE_GUID header
d5fd86f256 ShellPkg: Adds Local APIC parser to AcpiView
2bb0020675 UefiPayloadPkg: Return PciRootBridges instead of NULL
c15c9fa420 UefiPayloadPkg: Add macro to control NvmExpressDxe
938430741f RedfishPkg/RedfishDiscoverDxe: USB Redfish host interface is not supported
eebef1b3b7 RedfishPkg: Redfish modules may need to use the functions which are private
f2bf043aaa RedfishPkg: Redfish functions for REST requests are not fully spec complied
dfdba857a6 UefiPayloadPkg: Fix Coverity report defect
4d83ee04f4 ShellPkg: Add revision check for DSDT Header on Arm
0ede7cad73 Maintainers.txt: Update maintainers list
722e03bc2e Revert "UefiCpuPkg/CpuPageTableLib/UnitTest: Add host based unit test"
166c49c212 Revert "ShellPkg: Adds Local APIC parser to AcpiView"
39ff9769ca Revert "BaseTools: Fix DSC LibraryClass precedence rule"
ba0e0e4c6a BaseTools: Fix DevicePath GNUmakefile for macOS
- Respin the following patches:
ovmf-Revert-UefiCpuPkg-Replace-Opcode-with-the-correspond.patch
++++ vim:
- Updated to version 9.0.0743, fixes the following problems
* Virtual text "after" not correct with 'nowrap'.
* Quitting/unloading/hiding a terminal buffer does not always work properly.
* SubStation Alpha files are not recognized.
* Wrong column when calling setcursorcharpos() with zero lnum.
* <amatch> of MenuPopup event is expanded like a file name.
* With 'nowrap' two virtual text below not displayed correctly.
* Wrong argument for append() gives two error messages.
* With 'nowrap' virtual text "after" does not scroll left.
* Compiler warning for unused variable in tiny build.
* Extra empty line between two virtual text "below" when 'wrap' and 'number'
are set.
* Too many delete() calls in tests.
* Virtual text "above" with padding not displayed correctly.
* Virtual text "after" does not show with 'list' set.
* Extra empty line below virtual text when 'list' is set.
* Closure in compiled function gets same variable in block.
* Virtual text "after" wraps to next line even when 'wrap' is off and
'list' is set.
* Looping over list of lists and changing the list contents works in Vim9
script, not in a compiled function.
* Help in the repository differs from patched version too much.
* extend() test fails.
* The rightleft and arabic features are disabled.
* Startup test fails with right-left feature.
* clang-tidy configuration files are not recognized.
* No check for white space before and after "=<<". (Doug Kearns)
* Use of strftime() is not safe.
* Cursor position invalid when scrolling with 'smoothscroll' set. (Ernie
Rael)
* Breakindent and scrolloff tests fail.
* Quickfix listing does not handle very long messages.
* Lisp word only recognized when a space follows.
* Cannot suppress completion "scanning" messages.
* Mouse column not correctly used for popup_setpos.
* prop_add_list() gives multiple errors for invalid argument.
* Cannot specify an ID for each item with prop_add_list(). (Sergey Vlasov)
* Starting cscope on Unix does not quote the arguments correctly. (Gary
Johnson)
------------------------------------------------------------------
------------------ 2022-10-12 - Oct 12 2022 -------------------
------------------------------------------------------------------
++++ ansible-core:
- update to 2.13.5:
Changelog https://github.com/ansible/ansible/blob/v2.13.5/changelogs/CHANGELOG-v2.13.rst
* Bugfixes
- ansible-galaxy - remove extra server api call during dependency resolution for requirements and dependencies that are already satisfied (#77443).
- ansible-test - Allow disabled, unsupported, unstable and destructive integration test targets to be selected using their respective prefixes.
- ansible-test - Allow unstable tests to run when targeted changes are made and the --allow-unstable-changed option is specified (resolves #74213).
- apt - Fix module failure when a package is not installed and only_upgrade=True. Skip that package and check the remaining requested packages for upgrades. (#78762)
- apt module should not traceback on invalid type given as package. issue 78663.
- known_hosts - do not return changed status when a non-existing key is removed (#78598)
- paramiko - Add back support for ssh_args, ssh_common_args, and ssh_extra_args for parsing the ProxyCommand (#78750)
- plugin loader, fix detection for existing configuration before initializing for a plugin
- Remove unneeded BuildRequires on python3-mock
++++ bash:
- Don't strip binaries
- Work around a signal mask issue with qemu linux-user emulation
- Remove backup of patched tests
++++ lvm2-device-mapper:
- lvm.conf should re-enable commented out option use_lvmlockd (bsc#1204219)
- re-enable "use_lvmlockd = 0" in lvm.conf
++++ kernel-default:
- Linux 6.0.1 (bsc#1012628).
- xsk: Inherit need_wakeup flag for shared sockets (bsc#1012628).
- fs: fix UAF/GPF bug in nilfs_mdt_destroy (bsc#1012628).
- sparc: Unbreak the build (bsc#1012628).
- Makefile.extrawarn: Move -Wcast-function-type-strict to W=1
(bsc#1012628).
- hardening: Remove Clang's enable flag for
- ftrivial-auto-var-init=zero (bsc#1012628).
- docs: update mediator information in CoC docs (bsc#1012628).
- hwmon: (aquacomputer_d5next) Fix Quadro fan speed offsets
(bsc#1012628).
- usb: mon: make mmapped memory read only (bsc#1012628).
- USB: serial: ftdi_sio: fix 300 bps rate for SIO (bsc#1012628).
- gpiolib: acpi: Add support to ignore programming an interrupt
(bsc#1012628).
- gpiolib: acpi: Add a quirk for Asus UM325UAZ (bsc#1012628).
- RISC-V: Print SSTC in canonical order (bsc#1012628).
- bpf: Gate dynptr API behind CAP_BPF (bsc#1012628).
- net: ethernet: mtk_eth_soc: fix state in __mtk_foe_entry_clear
(bsc#1012628).
- bpf: Fix resetting logic for unreferenced kptrs (bsc#1012628).
- Bluetooth: use hdev->workqueue when queuing
hdev->{cmd,ncmd}_timer works (bsc#1012628).
- Update config files.
- commit 0c45fd2
++++ lvm2:
- lvm.conf should re-enable commented out option use_lvmlockd (bsc#1204219)
- re-enable "use_lvmlockd = 0" in lvm.conf
++++ libsoup:
- Update to version 3.2.1:
+ When built against nghttp2 1.50.0+ be relaxed about header
whitespace.
+ Fix possible crash when cancelling an HTTP/2 message.
+ Fix regresion where soup_server_message_get_socket() could
return NULL.
+ Fix minor memory leak.
- Disable tests on 32-bit while waiting for
https://gitlab.gnome.org/GNOME/libsoup/-/issues/309
++++ systemd:
- Avoid expanding of macro in comment which leads to an error on installation
(workaround for bsc#1203847)
++++ python-immutables:
- Update to version 0.19
* Support for Python 3.11
++++ raspberrypi-firmware-dt:
- Update to 896b8da17ad1 (2022-10-03):
* switch to 6.0 branch
------------------------------------------------------------------
------------------ 2022-10-11 - Oct 11 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- update to 22.2.1
* lots of stuff here: llvmpipe, lavapipe, freedreno, aco, mesa,
turnip, virgl, r600, zink, radv, core gallium, and nir. All in
all, lots of good fixes all over the tree.
++++ Mesa-drivers:
- update to 22.2.1
* lots of stuff here: llvmpipe, lavapipe, freedreno, aco, mesa,
turnip, virgl, r600, zink, radv, core gallium, and nir. All in
all, lots of good fixes all over the tree.
++++ tcpd:
- Add hosts.allow and hosts.deny config files from the netcfg package,
as they are tcpd specific, bsc#1099755
++++ netcfg:
- Remove hosts.allow and hosts.deny config files as they are only
used by tcpd, which is not installed by default, bsc#1099755
++++ pam:
- pam_env: Using libeconf for reading configuration and environment
files. (Patch: pam_env_econf.patch; Testcase: tst-pam_env-retval.c)
++++ patterns-alp:
- skip kdump on non-supported architectures (bsc#1204214)
++++ timezone:
- timezone update 2022e:
* Jordan and Syria switch from +02/+03 with DST to year-round +03
------------------------------------------------------------------
------------------ 2022-10-10 - Oct 10 2022 -------------------
------------------------------------------------------------------
++++ NetworkManager:
- Disabling netconfig compiling option for openSUSE Tumbleweed.
++++ kernel-default:
- misc: sgi-gru: fix use-after-free error in
gru_set_context_option, gru_fault and gru_handle_user_call_os
(CVE-2022-3424 bsc#1204166).
- commit cf55d04
++++ kernel-firmware:
- Apply the same workaround to uncompressed flat package, too
(bsc#1204103)
++++ libffi:
- add riscv64-handle-big-structures.patch
++++ ncurses:
- Add ncurses patch 20221008
+ correct a switch-statement case in configure script to allow for test
builds with ABI=7.
+ modify misc/gen-pkgconfig.in to allow for the case where the library
directory does not yet exist, since this is processed before doing an
install (report by Michal Liszcz).
++++ zlib:
- Add Power8 optimizations:
* zlib-1.2.12-add-optimized-slide_hash-for-power.patch
* zlib-1.2.12-add-vectorized-longest_match-for-power.patch
* zlib-1.2.12-adler32-vector-optimizations-for-power.patch
* zlib-1.2.12-fix-invalid-memory-access-on-ppc-and-ppc64.patch
- Update zlib-1.2.12-IBM-Z-hw-accelerated-deflate-s390x.patch
++++ qemu:
- Build fails due to exceeding 10 GB disk limit (10430 MB):
raise disk space contraint to 12 GB
------------------------------------------------------------------
------------------ 2022-10-9 - Oct 9 2022 -------------------
------------------------------------------------------------------
++++ gnutls:
- Update to 3.7.8:
* libgnutls: In FIPS140 mode, RSA signature verification is an
approved operation if the key has modulus with known sizes
(1024, 1280, 1536, and 1792 bits), in addition to any modulus
sizes larger than 2048 bits, according to SP800-131A rev2.
* libgnutls: gnutls_session_channel_binding performs additional
checks when GNUTLS_CB_TLS_EXPORTER is requested. According to
RFC9622 4.2, the "tls-exporter" channel binding is only usable
when the handshake is bound to a unique master secret (i.e.,
either TLS 1.3 or extended master secret extension is
negotiated). Otherwise the function now returns error.
* libgnutls: usage of the following functions, which are designed
to loosen restrictions imposed by allowlisting mode of
configuration, has been additionally restricted. Invoking
them is now only allowed if system-wide TLS priority string
has not been initialized yet:
- gnutls_digest_set_secure
- gnutls_sign_set_secure
- gnutls_sign_set_secure_for_certs
- gnutls_protocol_set_enabled
* Delete gnutls-3.6.6-set_guile_site_dir.patch and use the
- -with-guile-extension-dir configure option to properly
handle the guile extension directory.
* Rebase gnutls-Make-XTS-key-check-failure-not-fatal.patch
* Update gnutls.keyring
* Add a build depencency on gtk-doc required by autoreconf
++++ harfbuzz:
- Update to version 5.3.0:
+ Don’t add glyphs from dropped MATH or COLR tables to the subset
glyphs
+ Map rlig to appropriate AAT feature selectors
+ Update USE data files to latest version
+ Check CBDT extents first before outline tables, to help with
fonts that also include an empty glyf table
+ More work towards variable font instancing in the subsetter
+ Subsetter repacker improvements
++++ vim:
- Updated to version 9.0.0709, fixes the following problems
* Too many delete() calls in tests.
* "const" and "final" both make the type a constant. (Daniel Steinberg)
* Coverity warns for not checking return value.
* Get an error for using const only when executing.
* In Vim9 script a numbered function cannot be called.
* Too many delete() calls in tests.
* Calling a function from an "expr" option has too much overhead.
* FEAT_TITLE was removed but is still used.
* Evaluating "expr" options has more overhead than needed.
* Build error and compiler warnings.
* Underline color does not work in terminals that don't send a termresponse.
* Syntax of commands in Vim9 script depends on +eval feature.
* Popup menu highlight wrong on top of preview popup. (Yegappan Lakshmanan)
* Checking for popup in screen_char() is too late, the attribute has
already been changed.
* Cannot scroll by screen line if a line wraps.
* Missing part of the new option code.
* Breakindent test fails.
* Smoothscroll test fails.
* 'smoothscroll' is not copied to a new window on :split.
* CTRL-Y does not stop at line 1. (John Marriott)
* with 'smoothscroll' set CTRL-E does not work properly when 'foldmethod'
is set to "indent". (Yee Cheng Chin)
* The 'splitscroll' option is not a good name.
* When using powershell input redirection does not work.
* No indication when the first line is broken for 'smoothscroll'.
* Some tests are failing.
* Build fails without the +conceal feature.
* 'smoothscroll' not tested with 'number' and "n" in 'cpo'.
* BS and DEL do not work properly in an interacive shell. (Gary Johnson)
* Breakindent test fails.
* passing modifier codes to a shell running in the GUI. (Gary Johnson)
* Cannot specify another character to use instead of '@' at the end of
the window.
* Too many #ifdefs.
* Wrong type of comment in SetSyn() function.
* Mapping with CTRL keys does not work in the GUI.
* Multi-byte "lastline" item in 'fillchars' does not work properly when
the window is two columns wide.
* Concealed characters do not work correctly.
* Tests check for +cmdwin feature which is always present.
* Bad redrawing with spell checking, using "C" and "$" in 'cpo'.
* Setting 'cmdheight' has no effect if last window was resized.
* Spacing-combining characters handled as composing, causing text to take
more space than expected.
* ml_get error when 'splitkeep' is "screen". (Marius Gedminas)
* Too many delete() calls in tests.
* No space for command line when there is a tabline.
* Negative topline using CTRL-Y with 'smoothscroll' and 'diff'. (Ernie Rael)
* Cursor line only partly shows with 'smoothscroll' and 'scrolloff' zero.
* First line not scrolled properly with 'smoothscroll' and 'scrolloff'
zero and using "k".
* Search test screendump is outdated.
* Breakindent test accepts wrong result.
* Using exclamation marks on :function.
* Tests failing with 'smoothscroll', 'number' and "n" in 'cpo'.
* Tests failing with 'breakindent', 'number' and "n" in 'cpo'.
* "<<<" shows for 'smoothscroll' even when 'showbreak is set.
* Crash when popup with deleted timer is closed. (Igbanam Ogbuluijah)
* Cannot specify a time for :echowindow.
* FORTIFY_SOURCE causes a crash in Vim9 script.
* "export def" does not work in a nested block.
* Debugger does not display the whole command.
* Compiler warning for unused function.
* Buffer size for expanding tab not correctly computed.
* lalloc(0) error in listchars test.
* PoE filter files are not recognized.
* browse() first argument cannot be a bool.
* No native sound support on Mac OS.
* Failing check for dictionary type for const any.
* It is unclear if the +rightleft and +arabic features are actively
being used.
* Cursor in wrong position with Visual substitute.
* VisVim is outdated, does not work with current Visual Studio.
* Tiny build fails.
* There is no real need for a "big" build.
* With 'smoothscroll' the cursor position s not adjusted in a long line.
* Incomplete testing cursor position after change with 'linebreak' set.
* Failing check for argument type for const any.
* CI runs "tiny" and "small" builds, which are the same.
* Virtual text truncation does not take padding into account.
* :help in a narrow window always opens at the top.
* With 'smoothscroll' and 'scrolloff' non-zero the cursor position is not
properly adjusted in a long line.
* :confirm does not work properly for a terminal buffer.
* Virtual text "after" not correct with 'nowrap'.
------------------------------------------------------------------
------------------ 2022-10-8 - Oct 8 2022 -------------------
------------------------------------------------------------------
++++ curl:
- Update connection info when using UNIX socket as endpoint
connect-fix-Curl_updateconninfo-for-TRNSPRT_UNIX.patch
++++ iproute2:
- update to 6.0:
* ipstats: Add param.h for musl
* Update kernel headers
* libbpf: add xdp program name support
* iplink: bond_slave: add per port prio support
* seg6: add support for SRv6 Headend Reduced Encapsulation
* lib: Introduce ppp protocols
* f_flower: Introduce PPPoE support
++++ kernel-firmware:
- Workaround for update failure of kernel-firmware-qcom package
due to the change from a directory to a symlink (bsc#1204103)
------------------------------------------------------------------
------------------ 2022-10-7 - Oct 7 2022 -------------------
------------------------------------------------------------------
++++ glib2:
- Add upstream patch to solve GIMP crashes:
+ f0dd96c28751f15d0703b384bfc7c314af01caa8.diff:
glgo#GNOME/GLib!2770 Empty values are not valid GParamSpec.
++++ gnutls:
- FIPS: Set error state when jent init failed in FIPS mode [bsc#1202146]
* Add patch gnutls-FIPS-Set-error-state-when-jent-init-failed.patch
++++ kernel-default:
- series.conf: cleanup
- move upstreamed patches to sorted section:
- patches.suse/ALSA-hda-realtek-Add-quirk-for-HP-Zbook-Firefly-14-G.patch
- patches.suse/ALSA-hda-realtek-More-robust-component-matching-for-.patch
- commit e926c4b
++++ kernel-default-base:
- Add _diag modules for included socket types (boo#1204042)
++++ qemu:
- Fixes bsc#1204082
* Patches added:
block-io_uring-revert-Use-io_uring_regis.patch
------------------------------------------------------------------
------------------ 2022-10-6 - Oct 6 2022 -------------------
------------------------------------------------------------------
++++ ansible-core:
- add Conflict with ansible-test
++++ bash:
- Add upstream patches
* bash52-001
Expanding unset arrays in an arithmetic context can cause a
segmentation fault.
* bash52-002
Starting bash with an invalid locale specification for
LC_ALL/LANG/LC_CTYPE can cause the shell to crash.
- Do not run checks in parallel as it eats memory, a lot of memory
- Disable alternate array implementation as it eats a lot of memory
++++ grub2:
- Fix firmware oops after disk decrypting failure (bsc#1204037)
* 0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch
++++ kernel-default:
- fix coredump breakage (coredump fix).
- commit 97b0626
++++ ceph:
- Update to 16.2.9-539-gea74dd900cd:
+ (bsc#1202292) ceph.spec.in: Add -DFMT_DEPRECATED_OSTREAM to CXXFLAGS
++++ readline:
- Add patch readline82-001 and its signing readline82-001
* Starting a readline application with an invalid locale
specification for LC_ALL/LANG/LC_CTYPE can cause it crash on
the first call to readline.
++++ pam-config:
- Update to Version 1.7
- Correctly handle --service option with /usr/lib/pam.d and
/usr/etc/pam.d [bsc#1196613]
++++ salt:
- Make pass renderer configurable and fix detected issues
- Workaround fopen line buffering for binary mode (bsc#1203834)
- Handle non-UTF-8 bytes in core grains generation (bsc#1202165)
- Fix Syndic authentication errors (bsc#1199562)
- Added:
* make-pass-renderer-configurable-other-fixes-532.patch
* ignore-non-utf8-characters-while-reading-files-with-.patch
* fopen-workaround-bad-buffering-for-binary-mode-563.patch
* backport-syndic-auth-fixes.patch
------------------------------------------------------------------
------------------ 2022-10-5 - Oct 5 2022 -------------------
------------------------------------------------------------------
++++ glibc:
- get-nscd-addresses.patch: get_nscd_addresses: Fix subscript typos (BZ
[#29605])
- x86-64-avx2-string-functions.patch: check for required cpu features in
AVX2 string functions (BZ #29611)
- nscd-aicache.patch: nscd: Drop local address tuple variable (BZ #29607)
++++ kernel-default:
- Revert "constraints: increase disk space for all architectures"
(bsc#1203693).
This reverts commit 43a9011f904bc7328d38dc340f5e71aecb6b19ca.
- commit 3d33373
++++ libfido2:
- Version 1.12.0 (2022-09-22)
* Support for COSE_ES384.
* Support for hidraw(4) on FreeBSD; gh#597.
* Improved support for FIDO 2.1 authenticators.
* New API calls:
+ es384_pk_free;
+ es384_pk_from_EC_KEY;
+ es384_pk_from_EVP_PKEY;
+ es384_pk_from_ptr;
+ es384_pk_new;
+ es384_pk_to_EVP_PKEY;
+ fido_cbor_info_certs_len;
+ fido_cbor_info_certs_name_ptr;
+ fido_cbor_info_certs_value_ptr;
+ fido_cbor_info_maxrpid_minpinlen;
+ fido_cbor_info_minpinlen;
+ fido_cbor_info_new_pin_required;
+ fido_cbor_info_rk_remaining;
+ fido_cbor_info_uv_attempts;
+ fido_cbor_info_uv_modality.
* Documentation and reliability fixes.
- Version 1.11.0 (2022-05-03)
* Experimental PCSC support; enable with -DUSE_PCSC.
* Improved OpenSSL 3.0 compatibility.
* Use RFC1951 raw deflate to compress CTAP 2.1 largeBlobs.
* winhello: advertise "uv" instead of "clientPin".
* winhello: support hmac-secret in fido_dev_get_assert().
* New API calls:
+ fido_cbor_info_maxlargeblob.
* Documentation and reliability fixes.
* Separate build and regress targets.
++++ libvirt:
- Update to libvirt 8.8.0
- jsc#PED-620, jsc#PED-1540
- Many incremental improvements and bug fixes, see
https://libvirt.org/news.html#v8-8-0-2022-10-03
- spec: Switch from monolithic to modular daemons for Factory
++++ libzypp:
- Resolver: Fix missing --[no]-recommends initialization in
update (fixes #openSUSE/zypper#459, bsc#1201972)
- Log ONLY_NAMESPACE_RECOMMENDED because this is what corresponds
to --[no]-recommends.
- version 17.31.2 (22)
++++ python-libvirt-python:
- Update to 8.8.0
- Add all new APIs and constants in libvirt 8.8.0
- jsc#PED-620, jsc#PED-1540
++++ qemu:
- Due to change in where some documentation files are, if
qemu-guest-agent is installed, we need to make sure we update it
to our version (bsc#1203995)
- The links in the forsplit dirs, in each subpackage, born to deal with
package & subpackage splitting, are not really used. In fact, they're
"Provides:"-ed by a bunch of subpackages, but there's no "Requires:"
for any of them. Let's just get rid of them.
++++ raspberrypi-firmware-dt:
- Update to a26d9d4da299 (2022-09-27):
* switch to 5.19 branch
++++ zypper:
- BuildRequires: libzypp-devel >= 17.31.2.
- Fix --[no]-allow-vendor-change feedback in install command
(bsc#1201972)
- version 1.14.57
------------------------------------------------------------------
------------------ 2022-10-4 - Oct 4 2022 -------------------
------------------------------------------------------------------
++++ gnutls:
- FIPS: Make XTS key check failure not fatal [bsc#1203779]
* Add gnutls-Make-XTS-key-check-failure-not-fatal.patch
++++ kernel-default:
- ALSA: hda/realtek: More robust component matching for CS35L41
(bsc#1203699).
- ALSA: hda/realtek: Add quirk for HP Zbook Firefly 14 G9 model
(bsc#1203699).
- commit 25aa080
++++ kexec-tools:
- add kexec-tools-riscv64.patch
++++ llvm15:
- Update to version 15.0.2.
* This release contains bug-fixes for the LLVM 15.0.0 release.
This release is API and ABI compatible with 15.0.0.
- Rebase llvm-do-not-install-static-libraries.patch.
++++ libbpf:
- update to 1.0.1:
* fix inadvertently changed struct bpf_object_open_opts memory layout;
* fix btf.h header relying on struct enum64 type defined in kernel UAPI headers;
* fix NULL pointer exception in API btf_dump__dump_type_data;
* remove struct btf_map_def accidentally left in bpf_helpers.h header.
* All deprecated APIs and features removed!
* support for syscall-specific kprobe/kretprobe
(SEC("ksyscall/<syscall_name>") and SEC("kretsyscall/<syscall_name>"));
* support for sleepable uprobe BPF programs (SEC("uprobe.s"));
* support for per-cgroup LSM BPF programs (SEC("lsm_cgroup"));
* support for new BPF CO-RE relocation TYPE_MATCHES;
* bpf_prog_load() and bpf_map_create() are now smarter about handling program
and map name on old kernels (it will be ignored if kernel doesn't support
names);
* BTF_KIND_ENUM64 support;
* increase tracing attachment (kprobe/uprobe/tracepoint) robustness by using
tracefs or debugfs, whichever is mounted;
* new APIs for converting BPF enums to their string representation:
* libbpf_bpf_prog_type_str();
* libbpf_bpf_map_type_str();
* libbpf_bpf_link_type_str();
* libbpf_bpf_attach_type_str();
* bpf_program__set_autoattach() and bpf_program__autoattach() to allow opting
out from auto-attaching of BPF program by BPF skeleton;
* perf_buffer__buffer() API to give access to underlying per-CPU buffer for BPF ringbuf;
* bpf_obj_get_opts() API for more flexible fetching of BPF kernel objects' information.
- see https://github.com/libbpf/libbpf/releases/tag/v1.0.0 for detailed changelog
++++ xz:
- Move localised man pages to lang subpackage
++++ ncurses:
- Add ncurses patch 20221001
+ modify configure/scripts to work around interference by GNU grep 3.8
(report by Sam James).
+ update CF_XOPEN_SOURCE, adding variants "gnueabi" and "gnueabihf" to
get _DEFAULT_SOURCE special case (report by Adam Sampson)
- Port patch ncurses-6.3.dif
++++ libosinfo:
- jsc#PED-2113 [Virt Tools] Refresh Virtualization Tools for Xen
and KVM Management
++++ pango:
- Update to version 1.50.11:
+ Don't crash for lack of fonts.
+ Avoid a crash in shaping.
- Drop 639.patch: Fixed upstream.
++++ systemd:
- Import commit 07aa29e3942fb46b0aed5405c88e8d3179ca958f (merge of v251.5)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/532faa39ebaa6f56e493cc938a91a40df082b74f...07aa29e3942fb46b0aed5405c88e8d3179ca958f
++++ osinfo-db:
- jsc#PED-2113 [Virt Tools] Refresh Virtualization Tools for Xen
and KVM Management
++++ qemu:
- The old qemu-binfmt weappers around the various qemu-$ARCH Linux
user emulation binaries (see, e.g., bsc#1186256) are not necessary
any longer, and bsc#1143725 can now be considered fixed.
* Patches dropped:
linux-user-add-binfmt-wrapper-for-argv-0.patch
linux-user-binfmt-support-host-binaries.patch
- Fix bsc#1204001. Patches are not upstream, and have been picked up
and backported from the ML. This is something we usually prefer to
avoid, but this is urgent, and the patches looks fine, with high
chances for them to be included as they are (and if they're not, we
will revisit this, i.e., drop them and re-include the ones that are
actually committed)
* Patches added:
linux-user-add-more-compat-ioctl-definit.patch
linux-user-drop-conditionals-for-obsolet.patch
linux-user-remove-conditionals-for-many-.patch
meson-enforce-a-minimum-Linux-kernel-hea.patch
- Improve the output of update_git.sh, by including the list of
repos to which we have downstream patches.
++++ raspberrypi-firmware:
- Update to 2b3cef2f4 (2022-09-30):
* firmware: isp: Workaround for very unpleasant artifacts in the
sharpening block
* firmware: arm_loader: Raise maximum gzipped kernel size
* firmware: arm-loader: Indicate tryboot status via /proc/device-tree/chosen/bootloader/tryboot
* firmware: arm_loader: Increase TFTP block size to 1468 bytes
See: raspberrypi/rpi-eeprom#375
* firmware: Add kernel= logging
* firmware: camera_auto_detect changes
See: #1750
* firmware: Fix USB boot
See: #1744
* firmware: video decode/MJPEG fixes
See: http://git/vc4/vc4/-/merge_requests/1548
* firmware: power: Restore VEC and PIXEL clocks after HDMI domain power cycle
See: raspberrypi/linux#4962
* firmware: arm_loader: Never set warranty bit
See: #1741
* firmware: vcfw: camera_subsystem: Fix loop counter for powering up devices
See: https://forums.raspberrypi.com/viewtopic.php?t=338917
* firmware: ldconfig: Add [cm4s] conditional
* firmware: platform: Set min_frequency for HDMI SM clock on Pi0-3
* firmware: power: Fix failover to secondary PMIC interface functions
See: https://forums.raspberrypi.com/viewtopic.php?t=338429
* firmware: arm_loader: Correct GPIO expander initial state via SET_GPIO_CONFIG
See: raspberrypi/linux#5107
* firmware: Disable BT flow control pins for Pi3 rev1.3
* firmware: arm_loader: initramfs over NVME fix
See: #1731
* firmware: arm-dt: Export log buffer addresses to /proc/chosen/log
* firmware: arm_loader: Fix GET_CLOCKS to not overwrite client buffer
See: #1688
* firmware: arm_loader: Declare program_sdhost_use_dma
++++ raspberrypi-firmware-config:
- Update to 2b3cef2f4 (2022-09-30):
* firmware: isp: Workaround for very unpleasant artifacts in the
sharpening block
* firmware: arm_loader: Raise maximum gzipped kernel size
* firmware: arm-loader: Indicate tryboot status via /proc/device-tree/chosen/bootloader/tryboot
* firmware: arm_loader: Increase TFTP block size to 1468 bytes
See: raspberrypi/rpi-eeprom#375
* firmware: Add kernel= logging
* firmware: camera_auto_detect changes
See: #1750
* firmware: Fix USB boot
See: #1744
* firmware: video decode/MJPEG fixes
See: http://git/vc4/vc4/-/merge_requests/1548
* firmware: power: Restore VEC and PIXEL clocks after HDMI domain power cycle
See: raspberrypi/linux#4962
* firmware: arm_loader: Never set warranty bit
See: #1741
* firmware: vcfw: camera_subsystem: Fix loop counter for powering up devices
See: https://forums.raspberrypi.com/viewtopic.php?t=338917
* firmware: ldconfig: Add [cm4s] conditional
* firmware: platform: Set min_frequency for HDMI SM clock on Pi0-3
* firmware: power: Fix failover to secondary PMIC interface functions
See: https://forums.raspberrypi.com/viewtopic.php?t=338429
* firmware: arm_loader: Correct GPIO expander initial state via SET_GPIO_CONFIG
See: raspberrypi/linux#5107
* firmware: Disable BT flow control pins for Pi3 rev1.3
* firmware: arm_loader: initramfs over NVME fix
See: #1731
* firmware: arm-dt: Export log buffer addresses to /proc/chosen/log
* firmware: arm_loader: Fix GET_CLOCKS to not overwrite client buffer
See: #1688
* firmware: arm_loader: Declare program_sdhost_use_dma
++++ raspberrypi-firmware-config-camera:
- Update to 2b3cef2f4 (2022-09-30):
* firmware: isp: Workaround for very unpleasant artifacts in the
sharpening block
* firmware: arm_loader: Raise maximum gzipped kernel size
* firmware: arm-loader: Indicate tryboot status via /proc/device-tree/chosen/bootloader/tryboot
* firmware: arm_loader: Increase TFTP block size to 1468 bytes
See: raspberrypi/rpi-eeprom#375
* firmware: Add kernel= logging
* firmware: camera_auto_detect changes
See: #1750
* firmware: Fix USB boot
See: #1744
* firmware: video decode/MJPEG fixes
See: http://git/vc4/vc4/-/merge_requests/1548
* firmware: power: Restore VEC and PIXEL clocks after HDMI domain power cycle
See: raspberrypi/linux#4962
* firmware: arm_loader: Never set warranty bit
See: #1741
* firmware: vcfw: camera_subsystem: Fix loop counter for powering up devices
See: https://forums.raspberrypi.com/viewtopic.php?t=338917
* firmware: ldconfig: Add [cm4s] conditional
* firmware: platform: Set min_frequency for HDMI SM clock on Pi0-3
* firmware: power: Fix failover to secondary PMIC interface functions
See: https://forums.raspberrypi.com/viewtopic.php?t=338429
* firmware: arm_loader: Correct GPIO expander initial state via SET_GPIO_CONFIG
See: raspberrypi/linux#5107
* firmware: Disable BT flow control pins for Pi3 rev1.3
* firmware: arm_loader: initramfs over NVME fix
See: #1731
* firmware: arm-dt: Export log buffer addresses to /proc/chosen/log
* firmware: arm_loader: Fix GET_CLOCKS to not overwrite client buffer
See: #1688
* firmware: arm_loader: Declare program_sdhost_use_dma
++++ u-boot-rpiarm64:
- Update to 2022.10
++++ virt-manager:
- jsc#PED-2113 [Virt Tools] Refresh Virtualization Tools for Xen
and KVM Management
++++ xkeyboard-config:
- Update to version 2.37
* bugfixes
- supersedes U_Fixes-regression-from-c3c5d02-were-mistakenly-replac.patch
------------------------------------------------------------------
------------------ 2022-10-3 - Oct 3 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- Add build_orig conditional switch for video codecs define.
++++ Mesa-drivers:
- Add build_orig conditional switch for video codecs define.
++++ NetworkManager:
- Drop dependency on sysconfig-netconfig: the collection of shell
scripts is not required for regular operation.
++++ iputils:
- Backport 2 fixes for bsc#1203957:
0001-ping-Add-SA_RESTART-to-sa_flags.patch
0002-ping-Make-ping_rts-struct-static.patch
++++ kernel-default:
- Refresh
patches.suse/vduse-prevent-uninitialized-memory-accesses.patch.
Update upstream status.
- commit 39efccd
++++ kernel-firmware:
- Update to version 20220930 (git commit fdf1a6525852):
* linux-firmware: Update AMD cpu microcode
* mediatek: mt8195: Update scp.img to v2.0.11956
* mediatek: Add new mt8195 SOF firmware
* mediatek: Update mt8186 SOF firmware to v0.2.1
* linux-firmware: update firmware for mediatek bluetooth chip (MT7922)
* rtl_bt: Update RTL8852A BT USB firmware to 0xD9B8_8207
* linux-firmware: update firmware for mediatek bluetooth chip (MT7921)
* linux-firmware: update firmware for MT7922 WiFi device
* linux-firmware: update firmware for MT7921 WiFi device
* cxgb4: Update firmware to revision 1.27.0.0 (jsc#PED-1501)
* i915: Add versionless HuC files for current platforms
* i915: Add GuC v70.5.1 for DG1, DG2, TGL and ADL-P
* qca: Update firmware files for BT chip WCN3991.
* Removing crnv32
* amdgpu: update yellow carp DMCUB firmware
* amdgpu: add firmware for VCN 3.1.2 IP block
* amdgpu: add firmware for SDMA 5.2.6 IP block
* amdgpu: add firmware for PSP 13.0.5 IP block
* amdgpu: add firmware for GC 10.3.6 IP block
* amdgpu: add firmware for DCN 3.1.5 IP block
* qcom: rename Lenovo ThinkPad X13s firmware paths
* rtw89: 8852c: update fw to v0.27.42.0
* rtw89: 8852c: update fw to v0.27.36.0
- Fix install-split.sh for dealing with a symlink of directory
++++ systemd-rpm-macros:
- Bump to version 17
- Fix syntax error in %tmpfiles_create_package() (bsc#1203945)
++++ u-boot-rpiarm64:
- Enable pcm051_rev3 config for Phytec Wega board
++++ xkeyboard-config:
- Reduce python3 to python3-base
------------------------------------------------------------------
------------------ 2022-10-2 - Oct 2 2022 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Update to 6.0 final
- eliminate 1 patch
- patches.suse/vduse-prevent-uninitialized-memory-accesses.patch
- refresh configs (headers only)
- commit a7dafe3
++++ lttng-ust:
- Update to version 2.13.5:
* Fix: bytecode validator: reject specialised load field/context
ref instructions.
* Fix: bytecode validator: reject specialised load instructions.
* Fix: event notification capture: validate buffer length.
* Fix: event notification capture error handling.
* Fix: lttng-ust-comm: wait on wrong child process.
* fix: 'make dist' without javah.
------------------------------------------------------------------
------------------ 2022-10-1 - Oct 1 2022 -------------------
------------------------------------------------------------------
++++ libglvnd:
- update to 1.5.0:
* Add BTI landing pads for aarch64
* Set current thread state to NULL in teardown
* Moving setspecific to before DestroyThreadState
* Fix a memory leak in libGLdispatch
* Use assembly stubs on armv6
- drop libglvnd-add-bti.patch (upstream)
------------------------------------------------------------------
------------------ 2022-9-30 - Sep 30 2022 -------------------
------------------------------------------------------------------
++++ curl:
- Change the deprecated configure option --enable-hidden-symbols
to the new --enable-symbol-hiding.
++++ transactional-update:
- Version 4.1.0
- t-u: Add a "setup-kdump" command; implements [jsc#PED-1441]
- Export TRANSACTIONAL_UPDATE_ROOT (the path to the snapshot) in
the update environment; implements [jsc#PED-1078]
- Add support for "notify" reboot method for desktop use
[gh#openSUSE/transactional-update#93]
- Fix kdump initrd recreation detection; the check was performed in the
active snapshot instead of the target snapshot
- Document register command [bsc#1202900]
- Avoid unnecessary snapshots for register command [bsc#1202901]
- Various optimizations for register command
- Remove bogus error message when triggering reboot
- Rework /etc overlay documentation in "The Transactional Update Guide"
- Fix incorrect manpage formatting
- Remove leftover "salt" reboot method in configuration example file
- Replace deprecated std::mem_fn with lambdas
++++ fde-tools:
- add build support for other architectures
- spec file clean ups
++++ xz:
- update to 5.2.7:
* liblzma:
- Add API doc note about the .xz decoder LZMA_MEMLIMIT_ERROR bug.
- Add dest and src NULL checks to lzma_index_cat.
The documentation states LZMA_PROG_ERROR can be returned from
lzma_index_cat. Previously, lzma_index_cat could not return
LZMA_PROG_ERROR. Now, the validation is similar to
lzma_index_append, which does a NULL check on the index
parameter.
- Fix copying of check type statistics in lzma_index_cat().
The check type of the last Stream in dest was never copied to
dest->checks (the code tried to copy it but it was done too late).
This meant that the value returned by lzma_index_checks() would
only include the check type of the last Stream when multiple
lzma_indexes had been concatenated.
In xz --list this meant that the summary would only list the
check type of the last Stream, so in this sense this was only
a visual bug. However, it's possible that some applications
use this information for purposes other than merely showing
it to the users in an informational message. I'm not aware of
such applications though and it's quite possible that such
applications don't exist.
Regular streamed decompression in xz or any other application
doesn't use lzma_index_cat() and so this bug cannot affect them.
- Stream decoder: Fix restarting after LZMA_MEMLIMIT_ERROR.
If lzma_code() returns LZMA_MEMLIMIT_ERROR it is now possible
to use lzma_memlimit_set() to increase the limit and continue
decoding. This was supposed to work from the beginning but
there was a bug. With other decoders (.lzma or threaded .xz)
this already worked correctly.
- lzma_filters_copy: Keep dest[] unmodified if an error occurs.
lzma_stream_encoder() and lzma_stream_encoder_mt() always assumed
this. Before this patch, failing lzma_filters_copy() could result
in free(invalid_pointer) or invalid memory reads in stream_encoder.c
or stream_encoder_mt.c.
To trigger this, allocating memory for a filter options structure
has to fail. These are tiny allocations so in practice they very
rarely fail.
Certain badness in the filter chain array could also make
lzma_filters_copy() fail but both stream_encoder.c and
stream_encoder_mt.c validate the filter chain before
trying to copy it, so the crash cannot occur this way.
- lzma_index_append: Add missing integer overflow check.
The documentation in src/liblzma/api/lzma/index.h suggests that
both the unpadded (compressed) size and the uncompressed size
are checked for overflow, but only the unpadded size was checked.
The uncompressed check is done first since that is more likely to
occur than the unpadded or index field size overflows.
- Vaccinate against an ill patch from RHEL/CentOS 7.
* xzgrep:
- Fix compatibility with old shells.
Turns out that some old shells don't like apostrophes (') inside
command substitutions. The problem was introduced by commits
69d1b3fc29677af8ade8dc15dba83f0589cb63d6 (2022-03-29),
bd7b290f3fe4faeceb7d3497ed9bf2e6ed5e7dc5 (2022-07-18), and
a648978b20495b7aa4a8b029c5a810b5ad9d08ff (2022-07-19).
5.2.6 is the only stable release that included
this problem.
* Translations: Add Turkish translation.
++++ patterns-alp:
- enable patterns building for riscv64
++++ qemu:
- Fix: bsc#1202665, CVE-2022-2962
* Patches added:
net-tulip-Restrict-DMA-engine-to-memorie.patch
- skip tests that don't work under qemu-linux-user emulation
++++ selinux-policy:
- Updated quilt couldn't unpack tarball. This will cause ongoing issues
so drop the sed statement in the %prep section and add
distro_suse_to_distro_redhat.patch to add the necessary changes
via a patch
++++ vim:
- Updated to version 9.0.0626, fixes the following problems
- fix boo#1203924 - CVE-2022-3352
* Error for modifying a const is not detected at compile time.
* Leaking argument type array.
* Too many delete() calls in tests.
* When quitting the cmdline window with CTRL-C it remains visible.
* Warning for using uninitialized value in mouse test.
* A closure in a nested loop in a :def function does not work.
* Build failure.
* Various problems with 'nosplitscroll'.
* Line number argument for :badd does not work.
* Command line cleared when using :redrawstatus in CmdlineChanged
autocommand event.
* When the channel test fails there is no clue why.
* Confusing error for "saveas" command with "nofile" buffer.
* Chatito files are not recognized.
* Unnecessary scrolling for message of only one line.
* Cannot redraw the status lines when editing a command.
* May not be able to use a pattern ad the debug prompt.
* Terminal test sometimes hangs.
* Virtual text highlight starts too early when 'number' is set.
* Virtual text "above" highlights gap after it.
* When at the command line :redrawstatus does not work well.
* Virtual text highlight starts too early with 'nowrap' and 'number' set.
* The win_line() function is much too long.
* Declaring a loop variable at the start of a block is clumsy.
* Compiler warns for unused argument in small version.
* Build fails on Appveyor.
* more compiler warnings for arguments in small version
* Manually deleting temp test files.
* Long sign text may overflow buffer.
* Appveyor setup contains outdated lines.
* Using freed memory when autocmd changes mark.
* The win_line() function is much too long.
* Edit test is flaky when run under valgrind.
* The win_line() function is much too long.
* Line number is displayed at virtual text "above".
* Closure gets wrong value in for loop with two loop variables.
* The do_set() function is much too long.
* Manually deleting test temp files.
* Long message test can be flaky.
* Assigning stack variable to argument confuses Coverity.
* Terminal pwd test fails with a very long path name.
* Insufficient testing for assert and test functions.
* Minor issues with setting a string option.
* When a test is slow and CI times out there is no time info.
* Supporting Ruby 1.8 makes code complicated.
* Looping over empty out_loop[] entries.
* reduce() with a compiled lambda could be faster.
* Duplicated code in calling a :def function.
* Crash when closing a tabpage and buffer is NULL.
* Mode message is delayed when :echowin was used. (Maxim Kim)
* Crash when using NUL in buffer that uses :source.
* No error for "|" after "{" in lamda.
* Using freed memory when command follows lambda.
* Scrolling with 'nosplitscroll' in callback changing curwin.
* Leaking memory with nested functions.
* Valgrind reports possibly leaked memory.
* Coverity warns for possibly using NULL pointer.
* Timer test may get stuck at hit-enter prompt.
* Elapsed time since testing started is not visible.
* When a test gets stuck it just hangs forever.
* HSL playlist files are not recognized.
* Timer_info() test fails.
* Cscope test causes problems when code for test timeout timer is included
(even when commented out).
* Nim files are not recognized.
* 'completeopt' "longest" is not used for complete().
* Autocmd code is indented more than needed.
* Cannot easily get out when using "vim file | grep word".
* Insert complete tests leave a mapping behind.
* Outdated dependencies go unnoticed.
* Timer garbage collect test hangs on Mac M1.
* The getchar() function behaves strangely with bracketed paste.
* Unused loop variables.
* Buffer underflow with unexpected :finally.
* Using freed memory when 'tagfunc' wipes out buffer that holds 'complete'.
* Adding a character for incsearch fails at end of line.
* Only recognizing .m3u8 files is inconsistent.
* Cscope test with wrong executable name fails.
* When long message test fails the error message is not visible.
* Missing change in test.
* Unicode tables are outdated.
* After exiting Insert mode spelling is not checked in the next line.
* Message window popup shows on only one tab page. (Naruhiko Nishino)
* Display not cleared when scrolling back in messages, a background color
is set and t_ut is empty.
* Makefile error message causes a shell error.
* Extra newline in messages after a verbose shell message.
* Cannot close a tab page with the middle mouse button.
* Using negative array index with negative width window.
* Latexmkrc files are not recognized.
* GYP files are not recognized.
* Too much indent.
* New TypeScript extensions are not recognized.
* With 'nosplitscroll' folds are not handled correctly.
* Luacheckrc file is not recognized.
* Dump file missing.
* system() opens a terminal window when using the GUI and "!" is in
'guioptions'.
* With spell checking, deleting a full stop at the end of a line does not
update SpellCap at the start of the next line.
* Blockedit test fails because of wrong indent.
* Global interrupt test fails when run under valgrind.
* Tests delete files with a separate delete() call.
* Blockedit test passes with wrong result.
* Running source tests leaves file behind.
* SpellFileMissing autocmd may delete buffer.
* Using reduce() on a list from range() is a bit slow.
* Spell test fails because error message changed.
* Calling function for reduce() has too much overhead.
* Too many delete() calls in tests.
* matchaddpos() can get slow when adding many matches.
* Filetype test leaves file behind.
* matchaddpos() can only add up to 8 matches.
------------------------------------------------------------------
------------------ 2022-9-29 - Sep 29 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- re-disable video codecs
https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/15258
++++ Mesa-drivers:
- re-disable video codecs
https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/15258
++++ docker:
- Add apparmor-parser as a Recommends to make sure that most users will end up
with it installed even if they are primarily running SELinux.
- Fix syntax of boolean dependency
++++ libXxf86vm:
- modernize spec file, add license
++++ libcap:
- update to 2.66:
* Fix documentation typos in cap_from_text.3
* Some getpcaps code clean up and a fix for PID argument parsing from Jakub
Wilk.
* Slightly more robust Makefiles to address an error with make -j48 test observed
* Include a simple Go program, captrace, to trace kernel capability validation
checks
* This program can be used to figure out what capabilities a program needs to
operate.
* captrace (a wrapper for bpftrace) uses BPF kprobes to monitor the kernel for
capability checks and whether or not they succeed for the system, a specific
PID or a program's direct execution.
* Trim down the default file capabilities for contrib/sucap/su to those actually
needed and set USER and HOME environment variables so bash doesn't complain
about a sourcing error.
++++ osinfo-db:
- Update to database version 20220830
osinfo-db-20220830.tar.xz
++++ python-cryptography:
- update to 38.0.1:
* Fixed parsing TLVs in ASN.1 with length greater than 65535 bytes (typically
seen in large CRLs).
* Final deprecation of OpenSSL 1.1.0. The next release of ``cryptography``
will drop support.
* We no longer ship ``manylinux2010`` wheels. Users should upgrade to the
latest ``pip`` to ensure this doesn't cause issues downloading wheels on
their platform. We now ship ``manylinux_2_28`` wheels for users on new
enough platforms.
* Updated the minimum supported Rust version (MSRV) to 1.48.0, from 1.41.0.
Users with the latest ``pip`` will typically get a wheel and not need Rust
installed, but check :doc:`/installation` for documentation on installing a
newer ``rustc`` if required.
* :meth:`~cryptography.fernet.Fernet.decrypt` and related methods now accept
both ``str`` and ``bytes`` tokens.
* Parsing ``CertificateSigningRequest`` restores the behavior of enforcing
that the ``Extension`` ``critical`` field must be correctly encoded DER. See
`the issue <https://github.com/pyca/cryptography/issues/6368>`_ for complete
details.
* Added two new OpenSSL functions to the bindings to support an upcoming
``pyOpenSSL`` release.
* When parsing :class:`~cryptography.x509.CertificateRevocationList` and
:class:`~cryptography.x509.CertificateSigningRequest` values, it is now
enforced that the ``version`` value in the input must be valid according to
the rules of :rfc:`2986` and :rfc:`5280`.
* Using MD5 or SHA1 in :class:`~cryptography.x509.CertificateBuilder` and
other X.509 builders is deprecated and support will be removed in the next
version.
* Added additional APIs to
:class:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp`, including
:attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.signature_hash_algorithm`,
:attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.signature_algorithm`,
:attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.signature`, and
:attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.extension_bytes`.
* Added :attr:`~cryptography.x509.Certificate.tbs_precertificate_bytes`, allowing
users to access the to-be-signed pre-certificate data needed for signed
certificate timestamp verification.
* :class:`~cryptography.hazmat.primitives.kdf.kbkdf.KBKDFHMAC` and
:class:`~cryptography.hazmat.primitives.kdf.kbkdf.KBKDFCMAC` now support
:attr:`~cryptography.hazmat.primitives.kdf.kbkdf.CounterLocation.MiddleFixed`
counter location.
* Fixed :rfc:`4514` name parsing to reverse the order of the RDNs according
to the section 2.1 of the RFC, affecting method
:meth:`~cryptography.x509.Name.from_rfc4514_string`.
* It is now possible to customize some aspects of encryption when serializing
private keys, using
:meth:`~cryptography.hazmat.primitives.serialization.PrivateFormat.encryption_builder`.
* Removed several legacy symbols from our OpenSSL bindings. Users of pyOpenSSL
versions older than 22.0 will need to upgrade.
* Added
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES128` and
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES256` classes.
These classes do not replace
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES` (which
allows all AES key lengths), but are intended for applications where
developers want to be explicit about key length.
++++ python-pyOpenSSL:
- update to 22.1.0:
* Remove support for SSLv2 and SSLv3.
* The minimum ``cryptography`` version is now 37.0.2.
* The ``OpenSSL.crypto.X509StoreContextError`` exception has been refactored,
changing its internal attributes.
* Add ``OpenSSL.SSL.Connection.set_verify`` and ``OpenSSL.SSL.Connection.get_verify_mode``
to override the context object's verification flags.
* Add ``OpenSSL.SSL.Connection.use_certificate`` and
``OpenSSL.SSL.Connection.use_privatekey``
to set a certificate per connection (and not just per context)
++++ python-requests:
- requires python 3.7 or newer
++++ selinux-policy:
- Update fix_networkmanager.patch to ensure NetworkManager chrony
dispatcher is properly labled and update fix_chronyd.patch to ensure
chrony helper script has proper label to be used by NetworkManager.
Also allow NetworkManager_dispatcher_custom_t to query systemd status
(bsc#1203824)
++++ shim:
- shim-install: ensure grub.cfg created is not overwritten after
installing grub related files
------------------------------------------------------------------
------------------ 2022-9-28 - Sep 28 2022 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Linux 5.19.12 (bsc#1012628).
- drm/i915: Extract intel_edp_fixup_vbt_bpp() (bsc#1012628).
- drm/i915/pps: Split pps_init_delays() into distinct parts
(bsc#1012628).
- drm/i915/bios: Split parse_driver_features() into two parts
(bsc#1012628).
- drm/i915/bios: Split VBT parsing to global vs. panel specific
parts (bsc#1012628).
- drm/i915/bios: Split VBT data into per-panel vs. global parts
(bsc#1012628).
- drm/i915/dsi: filter invalid backlight and CABC ports
(bsc#1012628).
- drm/i915/dsi: fix dual-link DSI backlight and CABC ports for
display 11+ (bsc#1012628).
- smb3: Move the flush out of smb2_copychunk_range() into its
callers (bsc#1012628).
- smb3: fix temporary data corruption in collapse range
(bsc#1012628).
- smb3: fix temporary data corruption in insert range
(bsc#1012628).
- usb: add quirks for Lenovo OneLink+ Dock (bsc#1012628).
- usb: gadget: udc-xilinx: replace memcpy with memcpy_toio
(bsc#1012628).
- smb3: use filemap_write_and_wait_range instead of
filemap_write_and_wait (bsc#1012628).
- Revert "usb: add quirks for Lenovo OneLink+ Dock" (bsc#1012628).
- Revert "usb: gadget: udc-xilinx: replace memcpy with
memcpy_toio" (bsc#1012628).
- xfrm: fix XFRMA_LASTUSED comment (bsc#1012628).
- block: remove QUEUE_FLAG_DEAD (bsc#1012628).
- block: stop setting the nomerges flags in blk_cleanup_queue
(bsc#1012628).
- block: simplify disk shutdown (bsc#1012628).
- scsi: core: Fix a use-after-free (bsc#1012628).
- drivers/base: Fix unsigned comparison to -1 in
CPUMAP_FILE_MAX_BYTES (bsc#1012628).
- USB: core: Fix RST error in hub.c (bsc#1012628).
- USB: serial: option: add Quectel BG95 0x0203 composition
(bsc#1012628).
- USB: serial: option: add Quectel RM520N (bsc#1012628).
- Revert "ALSA: usb-audio: Split endpoint setups for hw_params
and prepare" (bsc#1012628).
- ALSA: core: Fix double-free at snd_card_new() (bsc#1012628).
- ALSA: hda/tegra: set depop delay for tegra (bsc#1012628).
- ALSA: hda: Fix hang at HD-audio codec unbinding due to refcount
saturation (bsc#1012628).
- ALSA: hda: Fix Nvidia dp infoframe (bsc#1012628).
- ALSA: hda: add Intel 5 Series / 3400 PCI DID (bsc#1012628).
- ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 (bsc#1012628).
- ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5570
laptop (bsc#1012628).
- ALSA: hda/realtek: Re-arrange quirk table entries (bsc#1012628).
- ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack
(bsc#1012628).
- ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack
(bsc#1012628).
- ALSA: hda/realtek: Add quirk for ASUS GA503R laptop
(bsc#1012628).
- ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530
laptop (bsc#1012628).
- ALSA: hda/realtek: Add a quirk for HP OMEN 16 (8902) mute LED
(bsc#1012628).
- iommu/vt-d: Check correct capability for sagaw determination
(bsc#1012628).
- exfat: fix overflow for large capacity partition (bsc#1012628).
- btrfs: fix hang during unmount when stopping block group
reclaim worker (bsc#1012628).
- btrfs: fix hang during unmount when stopping a space reclaim
worker (bsc#1012628).
- btrfs: zoned: wait for extent buffer IOs before finishing a zone
(bsc#1012628).
- libperf evlist: Fix polling of system-wide events (bsc#1012628).
- media: flexcop-usb: fix endpoint type check (bsc#1012628).
- usb: dwc3: core: leave default DMA if the controller does not
support 64-bit DMA (bsc#1012628).
- thunderbolt: Add support for Intel Maple Ridge single port
controller (bsc#1012628).
- efi: x86: Wipe setup_data on pure EFI boot (bsc#1012628).
- efi: libstub: check Shim mode using MokSBStateRT (bsc#1012628).
- wifi: mt76: fix reading current per-tid starting sequence
number for aggregation (bsc#1012628).
- gpio: mockup: fix NULL pointer dereference when removing debugfs
(bsc#1012628).
- gpio: mockup: Fix potential resource leakage when register a
chip (bsc#1012628).
- gpiolib: cdev: Set lineevent_state::irq after IRQ register
successfully (bsc#1012628).
- riscv: fix a nasty sigreturn bug.. (bsc#1012628).
- riscv: fix RISCV_ISA_SVPBMT kconfig dependency warning
(bsc#1012628).
- drm/i915/gem: Flush contexts on driver release (bsc#1012628).
- drm/i915/gem: Really move i915_gem_context.link under ref
protection (bsc#1012628).
- xen/xenbus: fix xenbus_setup_ring() (bsc#1012628).
- kasan: call kasan_malloc() from __kmalloc_*track_caller()
(bsc#1012628).
- can: flexcan: flexcan_mailbox_read() fix return value for drop =
true (bsc#1012628).
- net: mana: Add rmb after checking owner bits (bsc#1012628).
- mm/slub: fix to return errno if kmalloc() fails (bsc#1012628).
- mm: slub: fix flush_cpu_slab()/__free_slab() invocations in
task context (bsc#1012628).
- KVM: x86: Reinstate kvm_vcpu_arch.guest_supported_xcr0
(bsc#1012628).
- KVM: x86: Always enable legacy FP/SSE in allowed user XFEATURES
(bsc#1012628).
- KVM: x86: Inject #UD on emulated XSETBV if XSAVES isn't enabled
(bsc#1012628).
- perf/arm-cmn: Add more bits to child node address offset field
(bsc#1012628).
- arm64: topology: fix possible overflow in amu_fie_setup()
(bsc#1012628).
- vmlinux.lds.h: CFI: Reduce alignment of jump-table to function
alignment (bsc#1012628).
- batman-adv: Fix hang up with small MTU hard-interface
(bsc#1012628).
- firmware: arm_scmi: Harden accesses to the reset domains
(bsc#1012628).
- firmware: arm_scmi: Fix the asynchronous reset requests
(bsc#1012628).
- arm64: dts: rockchip: Lower sd speed on quartz64-b
(bsc#1012628).
- arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob
(bsc#1012628).
- arm64: dts: rockchip: Fix typo in lisense text for PX30.Core
(bsc#1012628).
- drm/mediatek: dsi: Add atomic {destroy,duplicate}_state,
reset callbacks (bsc#1012628).
- arm64: dts: imx8mm: Reverse CPLD_Dn GPIO label mapping on
MX8Menlo (bsc#1012628).
- arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz
(bsc#1012628).
- arm64: dts: imx8mn: remove GPU power domain reset (bsc#1012628).
- arm64: dts: imx8ulp: add #reset-cells for pcc (bsc#1012628).
- dmaengine: ti: k3-udma-private: Fix refcount leak bug in
of_xudma_dev_get() (bsc#1012628).
- arm64: dts: rockchip: fix property for usb2 phy supply on
rock-3a (bsc#1012628).
- arm64: dts: rockchip: fix property for usb2 phy supply on
rk3568-evb1-v10 (bsc#1012628).
- arm64: dts: rockchip: Remove 'enable-active-low' from
rk3399-puma (bsc#1012628).
- arm64: dts: rockchip: Remove 'enable-active-low' from
rk3566-quartz64-a (bsc#1012628).
- arm64: dts: imx8mm-verdin: extend pmic voltages (bsc#1012628).
- netfilter: nf_conntrack_sip: fix ct_sip_walk_headers
(bsc#1012628).
- netfilter: nf_conntrack_irc: Tighten matching on DCC message
(bsc#1012628).
- netfilter: nfnetlink_osf: fix possible bogus match in
nf_osf_find() (bsc#1012628).
- ice: Don't double unplug aux on peer initiated reset
(bsc#1012628).
- ice: Fix crash by keep old cfg when update TCs more than queues
(bsc#1012628).
- iavf: Fix cached head and tail value for iavf_get_tx_pending
(bsc#1012628).
- ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header
(bsc#1012628).
- net: core: fix flow symmetric hash (bsc#1012628).
- wifi: iwlwifi: Mark IWLMEI as broken (bsc#1012628).
- arm64: dts: tqma8mqml: Include phy-imx8-pcie.h header
(bsc#1012628).
- drm/mediatek: Fix wrong dither settings (bsc#1012628).
- arm64: dts: imx8mp-venice-gw74xx: fix CAN STBY polarity
(bsc#1012628).
- arm64: dts: imx8mp-venice-gw74xx: fix ksz9477 cpu port
(bsc#1012628).
- ARM: dts: lan966x: Fix the interrupt number for internal PHYs
(bsc#1012628).
- net: phy: aquantia: wait for the suspend/resume operations to
finish (bsc#1012628).
- arm64: dts: imx8mp-venice-gw74xx: fix port/phy validation
(bsc#1012628).
- scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts()
(bsc#1012628).
- scsi: mpt3sas: Fix return value check of dma_get_required_mask()
(bsc#1012628).
- net: bonding: Share lacpdu_mcast_addr definition (bsc#1012628).
- net: bonding: Unsync device addresses on ndo_stop (bsc#1012628).
- net: team: Unsync device addresses on ndo_stop (bsc#1012628).
- drm/panel: simple: Fix innolux_g121i1_l01 bus_format
(bsc#1012628).
- mm/slab_common: fix possible double free of kmem_cache
(bsc#1012628).
- MIPS: lantiq: export clk_get_io() for lantiq_wdt.ko
(bsc#1012628).
- MIPS: Loongson32: Fix PHY-mode being left unspecified
(bsc#1012628).
- um: fix default console kernel parameter (bsc#1012628).
- iavf: Fix bad page state (bsc#1012628).
- mlxbf_gige: clear MDIO gateway lock after read (bsc#1012628).
- iavf: Fix set max MTU size with port VLAN and jumbo frames
(bsc#1012628).
- i40e: Fix VF set max MTU size (bsc#1012628).
- i40e: Fix set max_tx_rate when it is lower than 1 Mbps
(bsc#1012628).
- netdevsim: Fix hwstats debugfs file permissions (bsc#1012628).
- sfc: fix TX channel offset when using legacy interrupts
(bsc#1012628).
- sfc: fix null pointer dereference in efx_hard_start_xmit
(bsc#1012628).
- bnxt_en: fix flags to check for supported fw version
(bsc#1012628).
- gve: Fix GFP flags when allocing pages (bsc#1012628).
- drm/hisilicon: Add depends on MMU (bsc#1012628).
- of: mdio: Add of_node_put() when breaking out of for_each_xx
(bsc#1012628).
- net: ipa: properly limit modem routing table use (bsc#1012628).
- sfc/siena: fix TX channel offset when using legacy interrupts
(bsc#1012628).
- sfc/siena: fix null pointer dereference in efx_hard_start_xmit
(bsc#1012628).
- wireguard: ratelimiter: disable timings test by default
(bsc#1012628).
- wireguard: netlink: avoid variable-sized memcpy on sockaddr
(bsc#1012628).
- net: enetc: move enetc_set_psfp() out of the common
enetc_set_features() (bsc#1012628).
- net: enetc: deny offload of tc-based TSN features on VF
interfaces (bsc#1012628).
- ipv6: Fix crash when IPv6 is administratively disabled
(bsc#1012628).
- net/sched: taprio: avoid disabling offload when it was never
enabled (bsc#1012628).
- net/sched: taprio: make qdisc_leaf() see the per-netdev-queue
pfifo child qdiscs (bsc#1012628).
- ice: config netdev tc before setting queues number
(bsc#1012628).
- ice: Fix interface being down after reset with
link-down-on-close flag on (bsc#1012628).
- netfilter: nf_tables: fix nft_counters_enabled underflow at
nf_tables_addchain() (bsc#1012628).
- netfilter: nf_tables: fix percpu memory leak at
nf_tables_addchain() (bsc#1012628).
- netfilter: ebtables: fix memory leak when blob is malformed
(bsc#1012628).
- netfilter: nf_ct_ftp: fix deadlock when nat rewrite is needed
(bsc#1012628).
- net: ravb: Fix PHY state warning splat during system resume
(bsc#1012628).
- net: sh_eth: Fix PHY state warning splat during system resume
(bsc#1012628).
- gpio: tqmx86: fix uninitialized variable girq (bsc#1012628).
- can: gs_usb: gs_can_open(): fix race dev->can.state condition
(bsc#1012628).
- perf stat: Fix BPF program section name (bsc#1012628).
- perf stat: Fix cpu map index in bperf cgroup code (bsc#1012628).
- perf jit: Include program header in ELF files (bsc#1012628).
- perf kcore_copy: Do not check /proc/modules is unchanged
(bsc#1012628).
- perf tools: Honor namespace when synthesizing build-ids
(bsc#1012628).
- drm/mediatek: dsi: Move mtk_dsi_stop() call back to
mtk_dsi_poweroff() (bsc#1012628).
- ice: Fix ice_xdp_xmit() when XDP TX queue number is not
sufficient (bsc#1012628).
- net/smc: Stop the CLC flow if no link to map buffers on
(bsc#1012628).
- net: phy: micrel: fix shared interrupt on LAN8814 (bsc#1012628).
- bonding: fix NULL deref in bond_rr_gen_slave_id (bsc#1012628).
- net: sunhme: Fix packet reception for len < RX_COPY_THRESHOLD
(bsc#1012628).
- net: sched: fix possible refcount leak in tc_new_tfilter()
(bsc#1012628).
- bnxt: prevent skb UAF after handing over to PTP worker
(bsc#1012628).
- selftests: forwarding: add shebang for sch_red.sh (bsc#1012628).
- io_uring: ensure that cached task references are always put
on exit (bsc#1012628).
- serial: fsl_lpuart: Reset prior to registration (bsc#1012628).
- serial: Create uart_xmit_advance() (bsc#1012628).
- serial: tegra: Use uart_xmit_advance(), fixes icount.tx
accounting (bsc#1012628).
- serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx
accounting (bsc#1012628).
- cgroup: cgroup_get_from_id() must check the looked-up kn is
a directory (bsc#1012628).
- phy: marvell: phy-mvebu-a3700-comphy: Remove broken reset
support (bsc#1012628).
- s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing
pavgroup (bsc#1012628).
- drm/i915/display: Fix handling of enable_psr parameter
(bsc#1012628).
- blk-mq: fix error handling in __blk_mq_alloc_disk (bsc#1012628).
- block: call blk_mq_exit_queue from disk_release for never
added disks (bsc#1012628).
- block: Do not call blk_put_queue() if gendisk allocation fails
(bsc#1012628).
- Drivers: hv: Never allocate anything besides framebuffer from
framebuffer memory region (bsc#1012628).
- drm/gma500: Fix BUG: sleeping function called from invalid
context errors (bsc#1012628).
- drm/gma500: Fix WARN_ON(lock->magic != lock) error
(bsc#1012628).
- drm/gma500: Fix (vblank) IRQs not working after suspend/resume
(bsc#1012628).
- gpio: ixp4xx: Make irqchip immutable (bsc#1012628).
- drm/amd/pm: disable BACO entry/exit completely on several
sienna cichlid cards (bsc#1012628).
- drm/amdgpu: use dirty framebuffer helper (bsc#1012628).
- drm/amdgpu: change the alignment size of TMR BO to 1M
(bsc#1012628).
- drm/amdgpu: add HDP remap functionality to nbio 7.7
(bsc#1012628).
- drm/amdgpu: Skip reset error status for psp v13_0_0
(bsc#1012628).
- drm/amd/display: Limit user regamma to a valid value
(bsc#1012628).
- drm/amd/display: Reduce number of arguments of dml31's
CalculateWatermarksAndDRAMSpeedChangeSupport() (bsc#1012628).
- drm/amd/display: Reduce number of arguments of dml31's
CalculateFlipSchedule() (bsc#1012628).
- drm/amd/display: Mark dml30's UseMinimumDCFCLK() as noinline
for stack usage (bsc#1012628).
- drm/rockchip: Fix return type of cdn_dp_connector_mode_valid
(bsc#1012628).
- gpio: mt7621: Make the irqchip immutable (bsc#1012628).
- pmem: fix a name collision (bsc#1012628).
- fsdax: Fix infinite loop in dax_iomap_rw() (bsc#1012628).
- workqueue: don't skip lockdep work dependency in
cancel_work_sync() (bsc#1012628).
- i2c: imx: If pm_runtime_get_sync() returned 1 device access
is possible (bsc#1012628).
- i2c: mlxbf: incorrect base address passed during io write
(bsc#1012628).
- i2c: mlxbf: prevent stack overflow in
mlxbf_i2c_smbus_start_transaction() (bsc#1012628).
- i2c: mlxbf: Fix frequency calculation (bsc#1012628).
- i2c: mux: harden i2c_mux_alloc() against integer overflows
(bsc#1012628).
- drm/amdgpu: don't register a dirty callback for non-atomic
(bsc#1012628).
- certs: make system keyring depend on built-in x509 parser
(bsc#1012628).
- Makefile.debug: set -g unconditional on CONFIG_DEBUG_INFO_SPLIT
(bsc#1012628).
- Makefile.debug: re-enable debug info for .S files (bsc#1012628).
- devdax: Fix soft-reservation memory description (bsc#1012628).
- ext4: fix bug in extents parsing when eh_entries == 0 and
eh_depth > 0 (bsc#1012628).
- ext4: limit the number of retries after discarding
preallocations blocks (bsc#1012628).
- ext4: make mballoc try target group first even with
mb_optimize_scan (bsc#1012628).
- ext4: avoid unnecessary spreading of allocations among groups
(bsc#1012628).
- ext4: use locality group preallocation for small closed files
(bsc#1012628).
- ext4: use buckets for cr 1 block scan instead of rbtree
(bsc#1012628).
- ext4: fixup possible uninitialized variable access in
ext4_mb_choose_next_group_cr1() (bsc#1012628).
- ext4: make directory inode spreading reflect flexbg size
(bsc#1012628).
- Update config files.
- commit 95fa5b8
++++ qemu:
- Runs of the test-suite seem much more stable now, in this version
of QEMU. (bsc#1203610) We are also fine re-enabling running them
in parallel.
- Switch QEMU Linux user to emulate the same CPU as the one of the
host by default. This is a bit conrtoversial and tricky, when
thinking about system emulation/virtualization. But for linux-user,
it should be just fine. (bsc#1203684)
* Patches added:
linux-user-use-max-as-default-CPU-model-.patch
------------------------------------------------------------------
------------------ 2022-9-27 - Sep 27 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- Pass -Dvideo-codecs=h264dec,h264enc,h265dec,h265enc,vc1dec to
meson, keep support for hardware codecs inside vaapi, vdpau and
vulkan. These were previously enabled automatically.
- enabled "swrast" and "amd" Vulkan drivers on riscv64, which is
upstream default anyway ...
++++ Mesa-drivers:
- Pass -Dvideo-codecs=h264dec,h264enc,h265dec,h265enc,vc1dec to
meson, keep support for hardware codecs inside vaapi, vdpau and
vulkan. These were previously enabled automatically.
- enabled "swrast" and "amd" Vulkan drivers on riscv64, which is
upstream default anyway ...
++++ bash:
- Update to final bash 5.2
a. When replacing a history entry, make sure the existing entry has a non-NULL
timestamp before copying it; it may have been added by the application, not
the history library.
- Modernize run-tests
++++ kernel-default:
- constraints: increase disk space for all architectures
References: bsc#1203693
aarch64 is already suffering. SLE15-SP5 x86_64 stats show that it is
very close to the limit.
- commit 43a9011
- ACPI: processor idle: Practically limit "Dummy wait" workaround
to old Intel systems (bsc#1203767).
- commit 2d94a9f
- Refresh
patches.suse/Revert-block-freeze-the-queue-earlier-in-del_gendisk.patch.
Update to upstream version.
- commit b4b8524
++++ libXxf86vm:
- Update to version 1.1.5
* Update README for gitlab migration
* Update configure.ac bug URL for gitlab migration
* Fix spelling/wording issues
* gitlab CI: add a basic build test
* Fix -Wsign-compare warning
* Variable scope reductions as suggested by cppcheck
* Update GetOldReq to use _XGetRequest()
* autogen.sh: use quoted string variables
* autogen: add default patch prefix
* autogen.sh: use exec instead of waiting for configure to finish
++++ readline:
- Update to final readline-8.2
r. When replacing a history entry, make sure the existing entry has a non-NULL
timestamp before copying it; it may have been added by the application, not
the history library.
++++ libvirt:
- spec: Only drop redefinition of libexecdir on Factory and newer
bsc#1203775
++++ qemu:
- Be less verbose when packaging documentation. In fact, with just
a couple of (minor) re-arrangements, we can get rid of having to
list all the files all the time
- Package /etc/qemu/bridge.conf as '%config(noreplace). Next step
will probably be to move it to /usr/etc/qemu (bsc#1201944)
++++ selinux-policy:
- Update fix_xserver.patch to add greetd support (bsc#1198559)
------------------------------------------------------------------
------------------ 2022-9-26 - Sep 26 2022 -------------------
------------------------------------------------------------------
++++ coreutils:
- coreutils-tests-workaround-make-fdleak.patch: Add patch to work around
a GNU make bug which leaks file descriptors when using the jobserver;
this makes some tests fail.
- coreutils.spec: Reference the patch.
++++ dtc:
- makefile-bison-rule.patch: Makefile: fix infinite recursion by dropping
non-existent `%.output`
++++ gcc12:
- add gcc12-riscv-inline-atomics.patch,
gcc12-riscv-pthread.patch: handle subword size inline atomics
(needed by several openSUSE packages)
++++ openldap2:
- bsc#1202931 - CVE-2022-31253 - Openldap start script allowed the ldap user
to privilege escalate to root due to unbound chown commands.
++++ ncurses:
- Add ncurses patch 20220924
+ modify configure macro CF_BUILD_CC to check if the build-compiler
works, rather than that it is different from the cross-compiler, e.g.,
to accommodate a compiler which can be used for either purpose with
different flags (report by Mikhail Korolev).
+ fix another memory-leak in tic.
+ correct change for cppcheck in menu library (report/analysis by
"tuxway", cf: 20220903).
+ update config.guess, config.sub
- Correct offsets of patches
* ncurses-6.3.dif
++++ open-iscsi:
- Update to upstream version 2.1.8, which includes some bug fixes,
and adds the ability to build using meson. The SPEC file was
updated to use meson.
Also, some files have moved:
* the "lock" file has moved from /etc/iscsi to /var/lock/iscsi
* the "database files" have moved from /etc/iscsi to
/var/lib/iscsi
++++ rpm-config-SUSE:
- Update to version 20220926:
* Revert macros.debuginfo and prefer a direct rpm patch
* Fix kernel builds after #59
* Redefine %__debug_install_post to simplify debuginfo setup
* Fix bug not using custom name for summary and description in language packages (boo#1137381)
------------------------------------------------------------------
------------------ 2022-9-25 - Sep 25 2022 -------------------
------------------------------------------------------------------
++++ ansible:
- update to 6.4.0:
Ansible 6.4.0 will include ansible-core 2.13.4 as well as a curated set of
Ansible collections to provide a vast number of modules and plugins.
* The changelog for ansible-core 2.13 installed by this release of
ansible is available here:
https://github.com/ansible/ansible/blob/stable-2.13/changelogs/CHANGELOG-v2.13.rst
* Collections which have opted into being a part of the Ansible-6
unified changelog will have an entry on this page:
https://github.com/ansible-community/ansible-build-data/blob/main/6/CHANGELOG-v6.rst
++++ kernel-default:
- Update to 6.0-rc7
- refresh configs
- commit 74aafe0
++++ pango:
- Add 639.patch: layout: Fix crash when no font is installed.
++++ liburing:
- skip checks on qemu_linux_user builds
++++ python-pyzmq:
- update to version 24.0.1:
* Fix several possible resource warnings and deprecation warnings
when cleaning up contexts and sockets, especially in pyzmq's own
tests and when implicit teardown of objects is happening during
process teardown.
++++ timezone:
- timezone update 2022d:
* Palestine transitions are now Saturdays at 02:00
* Simplify three Ukraine zones into one
------------------------------------------------------------------
------------------ 2022-9-24 - Sep 24 2022 -------------------
------------------------------------------------------------------
++++ bash:
- add checks
++++ gawk:
- double-free.patch: Yet another fix for Node_elem_new
++++ libdbusmenu-gtk2:
- conditionalize valgrind dependency - it is optional and not
available on all architectures
++++ libdbusmenu-gtk3:
- conditionalize valgrind dependency - it is optional and not
available on all architectures
++++ nghttp2:
- update to 1.50.0:
* https://nghttp2.org/blog/2022/09/21/nghttp2-v1-50-0/
This release adds
nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation which disables
checking leading and trailing white spaces against HTTP field value.
++++ openssl-1_1:
- Added openssl-1_1-paramgen-default_to_rfc7919.patch
* bsc#1180995
* Default to RFC7919 groups when generating ECDH parameters
using 'genpkey' or 'dhparam' in FIPS mode.
++++ libverto:
- update to 0.3.2:
* Fix use-after-free in verto_reinitialize
* Fix use-after-free in verto_free()
* Remove broken tevent support
------------------------------------------------------------------
------------------ 2022-9-23 - Sep 23 2022 -------------------
------------------------------------------------------------------
++++ cockpit-machines:
- Require qemu-block-curl for installing over https (bsc#1199672)
++++ grub2:
- Add patch to fix kernel relocation error in low memory
* 0001-linux-fix-efi_relocate_kernel-failure.patch
++++ gtk3:
- Fix unstable drag-and-drop on Wayland KDE, add:
* gtk3-gdkwayland-Update-selections-offer-before-updating-dnd.patch
https://gitlab.gnome.org/GNOME/gtk/-/commit/56100ab4
++++ kernel-default:
- Linux 5.19.11 (bsc#1012628).
- of: fdt: fix off-by-one error in unflatten_dt_nodes()
(bsc#1012628).
- pinctrl: qcom: sc8180x: Fix gpio_wakeirq_map (bsc#1012628).
- pinctrl: qcom: sc8180x: Fix wrong pin numbers (bsc#1012628).
- pinctrl: rockchip: Enhance support for IRQ_TYPE_EDGE_BOTH
(bsc#1012628).
- pinctrl: sunxi: Fix name for A100 R_PIO (bsc#1012628).
- SUNRPC: Fix call completion races with call_decode()
(bsc#1012628).
- NFSv4: Turn off open-by-filehandle and NFS re-export for NFSv4.0
(bsc#1012628).
- gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type
in mpc85xx (bsc#1012628).
- NFSv4.2: Update mode bits after ALLOCATE and DEALLOCATE
(bsc#1012628).
- Revert "SUNRPC: Remove unreachable error condition"
(bsc#1012628).
- drm/panel-edp: Fix delays for Innolux N116BCA-EA1 (bsc#1012628).
- drm/meson: Correct OSD1 global alpha value (bsc#1012628).
- drm/meson: Fix OSD1 RGB to YCbCr coefficient (bsc#1012628).
- drm/rockchip: vop2: Fix eDP/HDMI sync polarities (bsc#1012628).
- drm/i915/vdsc: Set VDSC PIC_HEIGHT before using for DP DSC
(bsc#1012628).
- drm/i915/guc: Don't update engine busyness stats too frequently
(bsc#1012628).
- drm/i915/guc: Cancel GuC engine busyness worker synchronously
(bsc#1012628).
- block: blk_queue_enter() / __bio_queue_enter() must return
- EAGAIN for nowait (bsc#1012628).
- parisc: ccio-dma: Add missing iounmap in error path in
ccio_probe() (bsc#1012628).
- of/device: Fix up of_dma_configure_id() stub (bsc#1012628).
- io_uring/msg_ring: check file type before putting (bsc#1012628).
- cifs: revalidate mapping when doing direct writes (bsc#1012628).
- cifs: don't send down the destination address to sendmsg for
a SOCK_STREAM (bsc#1012628).
- cifs: always initialize struct msghdr smb_msg completely
(bsc#1012628).
- blk-lib: fix blkdev_issue_secure_erase (bsc#1012628).
- parisc: Allow CONFIG_64BIT with ARCH=parisc (bsc#1012628).
- tools/include/uapi: Fix <asm/errno.h> for parisc and xtensa
(bsc#1012628).
- drm/i915/gt: Fix perf limit reasons bit positions (bsc#1012628).
- drm/i915: Set correct domains values at _i915_vma_move_to_active
(bsc#1012628).
- drm/amdgpu: make sure to init common IP before gmc
(bsc#1012628).
- drm/amdgpu: Don't enable LTR if not supported (bsc#1012628).
- drm/amdgpu: move nbio ih_doorbell_range() into ih code for vega
(bsc#1012628).
- drm/amdgpu: move nbio sdma_doorbell_range() into sdma code
for vega (bsc#1012628).
- net: Find dst with sk's xfrm policy not ctl_sk (bsc#1012628).
- dt-bindings: apple,aic: Fix required item "apple,fiq-index"
in affinity description (bsc#1012628).
- cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()
(bsc#1012628).
- ALSA: hda/sigmatel: Keep power up while beep is enabled
(bsc#1012628).
- ALSA: hda/sigmatel: Fix unused variable warning for beep power
change (bsc#1012628).
- commit b35e71f
- config(arm*): disable CONFIG_PM_AUTOSLEEP and CONFIG_PM_WAKELOCKS (bsc#1189677)
- commit 1c0b96b
++++ libaio:
- skip testsuite on qemu_linux_user builds
++++ libffi:
- update to 3.4.3:
* All struct args are passed by value, regardless of size, as per ABIs.
* Enable static trampolines for Cygwin.
* Add support for Loongson's LoongArch64 architecture.
* Fix x32 static trampolines.
* Fix 32-bit x86 stdcall stack corruption.
* Fix ILP32 aarch64 support.
- includes fix for RISCV64
- disable LTO due to (ffi#733)
++++ nghttp2:
- disable asio by default as it is deprecated by upstream and
will be removed in the next release
++++ rpm:
- Update the macros file to simplify the debuginfo installation
We don't support parallel installation of the same debuginfo - and so
don't patch the binaries to create unique build ids (easing pressure
on reproducable builds when compiling twice)
Patching this in rpm-config-SUSE is technically not possible (as you
can't reliable undefine things defined in upstream macro). We tried in
https://github.com/openSUSE/rpm-config-SUSE/pull/59 and /60:
++++ suse-module-tools:
- Update to version 16.0.24:
* Split kernel scriptlets into separate sub-package
"suse-module-tools-scriptlets" on Tumbleweed
(gh#openSUSE/suse-module-tools#64)
------------------------------------------------------------------
------------------ 2022-9-22 - Sep 22 2022 -------------------
------------------------------------------------------------------
++++ gobject-introspection:
- Switch to pcre2grep (pcre is dead upstream)
++++ kernel-default:
- config.conf: reenable armv6hl configs
- commit cd71399
- Refresh
patches.suse/Revert-iommu-vt-d-Fix-possible-recursive-locking-in-.patch.
Update upstream status.
- commit a267615
++++ llvm15:
- Update to version 15.0.1.
* This release contains bug-fixes for the LLVM 15.0.0 release.
This release is API and ABI compatible with 15.0.0.
- Rebase llvm-do-not-install-static-libraries.patch.
------------------------------------------------------------------
------------------ 2022-9-21 - Sep 21 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- update to 22.2.0
* AMD RDNA3 Prep, Intel Arc Graphics, Many Vulkan Improvements;
more details on Phoronix:
https://www.phoronix.com/news/Mesa-22.2-Released
- supersedes llvm15.patch
- refreshed n_no-sse2-on-ix86-except-for-intel-drivers.patch
++++ Mesa-drivers:
- update to 22.2.0
* AMD RDNA3 Prep, Intel Arc Graphics, Many Vulkan Improvements;
more details on Phoronix:
https://www.phoronix.com/news/Mesa-22.2-Released
- supersedes llvm15.patch
- refreshed n_no-sse2-on-ix86-except-for-intel-drivers.patch
++++ permissions:
- skip tests on qemu user builds
++++ lvm2-device-mapper:
- lvmlockd is not supporting sanlock (bsc#1203482)
- set 1 for _supportsanlock in lvm2.spec for enabling sanlock.
++++ glibc:
- makeflags.patch: Makerules: fix MAKEFLAGS assignment for upcoming
make-4.4 (BZ# 29564)
++++ kernel-default:
- media: dvb-core: Fix UAF due to refcount races at releasing
(CVE-2022-41218 bsc#1202960).
- commit 66556c1
- arm64: enable CONFIG_ARCH_RENESAS (bsc#1203558)
Also compile everything as modules that isn't debug
or deprecated that was previously disabled by the
global RENESAS disablement.
- commit b1f13b9
- config.conf: Reenable arm64 configs
- Update config files, taken from 6.0-rc1 update from x86_64,
enabling all new erratas, enabling all new modules
- commit 9b3cde4
- Revert "iommu/vt-d: Fix possible recursive locking in
intel_iommu_init()" (iommu bug).
- commit 9392b7d
++++ llvm15:
- Always drop -gnu from triple for consistency. Patch a test that
was looking for -linux- in clang-test-xfail-gnuless-triple.patch.
++++ lvm2:
- lvmlockd is not supporting sanlock (bsc#1203482)
- set 1 for _supportsanlock in lvm2.spec for enabling sanlock.
++++ systemd:
- Drop the old band aid used during the breakage introduced by the switch of
/tmp to tmpfs
This was done to address the regression reported in boo#1175779 but shouldn't
be necessary anymore since the (few) affected users should have updated
systemd during the last 2 years.
- Move nss-systemd and nss-myhostname NSS modules into the main package
++++ unbound:
- update to 1.16.3
fixes Non-Responsive Delegation Attack (CVE-2022-3204)
++++ podman:
- Update to version 4.2.1:
* Bump to v4.2.1
* Add release notes for v4.2.1
* remove SkipIfNotFedora() from events test
* fix podman events with custom format
* Drop stale config value resulting in asymmetric config
* Fix list of default capabilities
* Add container GID to additional groups
* libpod: Ensure that generated container names are random
* Fix bind-mount-option annotation in gen/play kube
* Improved Windows compatibility for machine command
* updated apiv2 tests to reflect hash compat fix
* api: return imageID instead of imageName, for "Image" when Podman API is queried
* Inhibit SIGTERM during Conmon startup
* Fix example sections to follow the same format
* Fix template name inconsistency
* service: make move to sub-cgroup non fatal
* Remove duplicate annotations in generated service yaml
* Compat API image remove events now have 'delete' status
* [CI:DOCS] Automatically set podman version in pkginstaller
* Allow colons in windows file paths
* Fixes isRootfull check using qemu machine on Windows
* vendor containers/psgo@v1.7.3
* Allow podman to run in an environment with keys containing spaces
* Document restrictions on transport in FROM
* Improved Windows compatibility
* pass environment variables to container clone
* podman save: update --compress validation
* sort hc.Binds returned from compat api
* Cirrus: Update podman-machine comment
* podman images and friends can take one image as argument
* [CI:DOCS] Add .DS_Store to gitignore
* podman-kube@.service.in: Remove Restart=never option with typo
* Fix #15499 already connected network
* [CI:DOCS] Cirrus: Update meta-task for EC2 image
* fix CI: remove hardcodeded alpine version
* fix CI: remove hardcodeded alpine version
* Preserve all unknown PolicyRequirement fields on (podman image trust set)
* Reorganize the types in policy.go a bit
* Add support for showing keyPaths in (podman image trust show)
* Support (image trust show) for sigstoreSigned entries
* BREAKING CHANGE: Change how (podman image trust show) represents multiple requirements
* Reorganize descriptionsOfPolicyRequirements a bit
* Use the full descriptionsOfPolicyRequirements for the default scope
* Rename haveMatchRegistry to registriesDConfigurationForScope
* Rename tempTrustShowOutput to entry
* Split descriptionsOfPolicyRequirements out of getPolicyShowOutput
* Recognize the new lookaside names for simple signing sigstore
* Add a unit test for trust.PolicyDescription
* Make the output of (podman image trust show) deterministic
* Make most of pkg/trust package-private
* Move most of ImageEngine.ShowTrust into pkg/trust.PolicyDescription
* Add support for sigstoreSigned in (podman image trust set)
* Create new policy entries together with validating input
* Improve validation of data in ImageEngine.SetTrust
* Move most of imageEngine.SetTrust to pkg/trust.AddPolicyEntries
* Add a variable for scope
* Make trust.CreateTempFile private
* Reorganize pkg/trust
* Remove an unused trust.ShowOutput type
* Remove commented out code
* libpod: UpdateContainerStatus: do not wait for container
* Skip / update some tests under runc
* Bump to v4.2.1-dev
* test: update apply-podman-deltas for new tests
* build: implement --cache-to,--cache-from and --cache-ttl
* vendor: bump buildah to v1.27.0
++++ qemu:
- Switch to %autosetup for all products (this required some changes
in update_git.sh)
- Run check-qtest sequentially, as it's more reliable, when in OBS
- Build with libbpf, fdt and capstone support
- Drop the patch adding our support document, and deal with that
in the spec file directly
* Patches dropped:
doc-add-our-support-doc-to-the-main-proj.patch
++++ u-boot-rpiarm64:
- Update to 2022.10-rc5
------------------------------------------------------------------
------------------ 2022-9-20 - Sep 20 2022 -------------------
------------------------------------------------------------------
++++ bash:
- Enable parallel builds by splitting clean and all at make time
(Thanks to Christopher Yeleighton)
- Do not copy more than 1 byte for \(aq becoming a "'" in
quotes-man2html.patch
++++ cockpit:
- new version 276.1
- login: Use valid selectors when testing for :is() / :where() support.
- stability and performance improvements
- previous changes https://cockpit-project.org/blog/cockpit-275.html
- css-overrides.patch, hide-docs.patch, remove-pwscore.patch: refreshed
- kdump-close.patch, kdump-refactor.patch, kdump-suse.patch: upstreamed
and removed
++++ cockpit-podman:
- new version 53. Changes since 49.1 include,
* Use NumberInput for Image Run Dialog
* Fix events with large number of containers
* Translation updates
* Add Volumes and Env Variables to container details
* Show volume permission in container integration tab
* Allow no system users to set restart policy
* Show image history
* Stability and performance improvements
++++ gawk:
- double-free.patch: Fix Node_elem_new op, replacing upref.patch
- pma.patch: Replace with upstream solution
- nan-sign.patch: Fix negative NaN issue on RiscV, replacing
nan-tests.patch
++++ grep:
- efgrep-warning.patch: remove warning from [ef]grep
++++ kernel-default:
- Linux 5.19.10 (bsc#1012628).
- Input: goodix - add compatible string for GT1158 (bsc#1012628).
- RDMA/irdma: Use s/g array in post send only when its valid
(bsc#1012628).
- gpio: 104-idio-16: Make irq_chip immutable (bsc#1012628).
- gpio: 104-dio-48e: Make irq_chip immutable (bsc#1012628).
- LoongArch: Fix arch_remove_memory() undefined build error
(bsc#1012628).
- LoongArch: Fix section mismatch due to acpi_os_ioremap()
(bsc#1012628).
- platform/x86: asus-wmi: Increase FAN_CURVE_BUF_LEN to 32
(bsc#1012628).
- usb: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS
(bsc#1012628).
- platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell
Dot keymap fixes (bsc#1012628).
- perf/arm_pmu_platform: fix tests for platform_get_irq() failure
(bsc#1012628).
- net: dsa: hellcreek: Print warning only once (bsc#1012628).
- drm/amd/amdgpu: skip ucode loading if ucode_size == 0
(bsc#1012628).
- nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change()
(bsc#1012628).
- nvme-pci: add NVME_QUIRK_BOGUS_NID for Lexar NM610
(bsc#1012628).
- drm/amd/pm: use vbios carried pptable for all SMU13.0.7 SKUs
(bsc#1012628).
- drm/amdgpu: disable FRU access on special SIENNA CICHLID card
(bsc#1012628).
- Input: iforce - add support for Boeder Force Feedback Wheel
(bsc#1012628).
- ieee802154: cc2520: add rc code in cc2520_tx() (bsc#1012628).
- gpio: mockup: remove gpio debugfs when remove device
(bsc#1012628).
- r8152: add PID for the Lenovo OneLink+ Dock (bsc#1012628).
- tg3: Disable tg3 device on system reboot to avoid triggering
AER (bsc#1012628).
- Bluetooth: MGMT: Fix Get Device Flags (bsc#1012628).
- hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered
message (bsc#1012628).
- HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo
(bsc#1012628).
- dt-bindings: iio: gyroscope: bosch,bmg160: correct number of
pins (bsc#1012628).
- kvm: x86: mmu: Always flush TLBs when enabling dirty logging
(bsc#1012628).
- peci: cpu: Fix use-after-free in adev_release() (bsc#1012628).
- drm/msm/rd: Fix FIFO-full deadlock (bsc#1012628).
- platform/surface: aggregator_registry: Add support for Surface
Laptop Go 2 (bsc#1012628).
- Input: goodix - add support for GT1158 (bsc#1012628).
- ACPI: resource: skip IRQ override on AMD Zen platforms
(bsc#1012628).
- RDMA/mlx5: Fix UMR cleanup on error flow of driver init
(bsc#1012628).
- RDMA/mlx5: Add a umr recovery flow (bsc#1012628).
- RDMA/mlx5: Rely on RoCE fw cap instead of devlink when setting
profile (bsc#1012628).
- net/mlx5: Use software VHCA id when it's supported
(bsc#1012628).
- net/mlx5: Introduce ifc bits for using software vhca id
(bsc#1012628).
- iommu/vt-d: Fix kdump kernels boot failure with scalable mode
(bsc#1012628).
- commit 28d7d4c
++++ expat:
- update to 2.4.9: (bsc#1203438)
* Security fixes:
- CVE-2022-40674 -- Heap use-after-free vulnerability in
function doContent. Expected impact is denial of service
or potentially arbitrary code execution.
* Bug fixes:
- MinGW: Fix mis-compilation for -D__USE_MINGW_ANSI_STDIO=0
- docs: Fix documentation on effect of switch XML_DTD on
symbol visibility in doc/reference.html
* Other changes:
- MinGW: Make fix-xmltest-log.sh drop more Wine bug output
- Autotools: Sync CMake templates with CMake 3.22
- CMake: Migrate from use of CMAKE_*_POSTFIX to
dedicated variables EXPAT_*_POSTFIX to stop affecting
other projects
- Windows|CMake: Add missing -DXML_STATIC to test runners
and fuzzers
- Windows|CMake: Render .def file from a template to fix
linking with -DEXPAT_DTD=OFF and/or -DEXPAT_ATTR_INFO=ON
- MinGW|CMake: Apply MSVC .def file when linking
- MinGW|CMake: Sync library name with GNU Autotools,
i.e. produce libexpat-1.dll rather than libexpat.dll
by default. Filename libexpat.dll.a is unaffected.
- MinGW|CMake: Set missing variable CMAKE_RC_COMPILER in
toolchain file "cmake/mingw-toolchain.cmake" to avoid
error "windres: Command not found" on e.g. Ubuntu 20.04
- CMake: Unify inconsistent use of set() and option() in
context of public build time options to take need for
set(.. FORCE) in projects using Expat by means of
add_subdirectory(..) off Expat's users' shoulders
- Stop exporting API symbols when building a static library
- Resolve use of deprecated "fgrep" by "grep -F"
- CMake: Make documentation on variables a bit more consistent
- CMake: Drop leading whitespace from a #cmakedefine line in
file expat_config.h.cmake
- xmlwf: Fix harmless variable mix-up in function nsattcmp
- Address Cppcheck warnings
- Address Clang 15 compiler warnings
- Version info bumped from 9:8:8 to 9:9:8;
see https://verbump.de/ for what these numbers do
* Infrastructure:
- CI: Windows: Start covering MSVC 2022
- CI: macOS: Migrate off deprecated macOS 10.15
- CI: Linux: Make migration off deprecated Ubuntu 18.04 work
- CI: Upgrade Clang from 14 to 15
- apply-clang-format.sh: Add support for BSD find
- coverage.sh: Exclude MinGW headers
- coverage.sh: Fix name collision for -funsigned-char
++++ harfbuzz:
- Update to version 5.2.0:
+ Fix regressions in hb-ft font functions for FT_Faces with
transformation matrix.
+ The experimental hb-repacker API now supports splitting several
GPOS subtable types when needed.
+ The HarfBuzz extensions to OpenType font format are now opt-in
behind build-time flags.
+ The experimental hb-subset variable fonts instantiation API can
now instantiate more font tables and arbitrary axis locations.
+ Unicode 15 support.
+ Various documentation improvements.
+ The hb-view command line tool now detects WezTerm inline images
support.
+ Fix FreeType and ICU dependency lookup with meson.
+ New API:
- +HB_SCRIPT_KAWI
- +HB_SCRIPT_NAG_MUNDARI
- Drop patch fixed upstream:
+ harfbuzz-5.1.0-repacker-fix-signedness-of-char-in-tests.patch
++++ systemd:
- Give the instructions to create a home directory with systemd-homed in the
description of the systemd-experimental sub-package
++++ qemu:
- Updated to latest upstream version 7.1
* https://wiki.qemu.org/ChangeLog/7.1
Be sure to also check the following pages:
* https://qemu-project.gitlab.io/qemu/about/removed-features.html
* https://qemu-project.gitlab.io/qemu/about/deprecated.html
Some notable changes:
* [x86] Support for architectural LBRs on KVM virtual machines
* [x86] The libopcode-based disassembler has been removed. Use
Capstone instead
* [LoongArch] Add initial support for the LoongArch64 architecture.
* [ARM] The emulated SMMUv3 now advertises support for SMMUv3.2-BBML2
* [ARM] The xlnx-zynqmp SoC model now implements the 4 TTC timers
* [ARM] The versal machine now models the Cortex-R5s in the Real-Time
Processing Unit (RPU) subsystem
* [ARM] The virt board now supports emulation of the GICv4.0
* [ARM] New emulated CPU types: Cortex-A76, Neoverse-N1
* [HPPA] Fix serial port pass-through from host to guest
* [HPPA] Lots of general code improvements and tidy-ups
* [RISC-V] RISC-V
* [RISC-V] Add support for privileged spec version 1.12.0
* [RISC-V] Use privileged spec version 1.12.0 for virt machine by default
* [RISC-V] Allow software access to MIP SEIP
* [RISC-V] Add initial support for the Sdtrig extension
* [RISC-V] Optimisations and improvements for the vector extension
* [VFIO] Experimental support for exposing emulated PCI devices over the
new vfio-user protocol (a vfio-user client is not yet available
in QEMU, though)
* [QMP] The on-cbw-error option for copy-before-write filter, to specify
behavior on CBW (copy before write) operation failure.
* [QMP] The cbw-timeout option for copy-before-write filter, to specify
timeout for CBW operation.
* [QMP] New commands query-stats and query-stats-schema to retrieve
statistics from various QEMU subsystems (right now only from
KVM).
* [QMP] The PanicAction can now be configured to report an exit-failure
(useful for automated testing)
* [Networking] QEMU can be compiled with the system slirp library even
when using CFI. This requires libslirp 4.7.
* [Migration] Support for zero-copy-send on Linux, which reduces CPU
usage on the source host. Note that locked memory is needed
to support this
* Patches added:
Revert-tests-qtest-enable-more-vhost-use.patch
meson-remove-pkgversion-from-CONFIG_STAM.patch
* Patches dropped:
AIO-Reduce-number-of-threads-for-32bit-h.patch
Makefile-Don-t-check-pc-bios-as-pre-requ.patch
Revert-8dcb404bff6d9147765d7dd3e9c849337.patch
Revert-qht-constify-qht_statistics_init.patch
XXX-dont-dump-core-on-sigabort.patch
acpi_piix4-Fix-migration-from-SLE11-SP2.patch
configure-only-populate-roms-if-softmmu.patch
configure-remove-pkgversion-from-CONFIG_.patch
coroutine-ucontext-use-QEMU_DEFINE_STATI.patch
coroutine-use-QEMU_DEFINE_STATIC_CO_TLS.patch
coroutine-win32-use-QEMU_DEFINE_STATIC_C.patch
hostmem-default-the-amount-of-prealloc-t.patch
hw-usb-hcd-ehci-fix-writeback-order.patch
i8254-Fix-migration-from-SLE11-SP2.patch
intc-exynos4210_gic-replace-snprintf-wit.patch
modules-generates-per-target-modinfo.patch
modules-introduces-module_kconfig-direct.patch
pc-bios-s390-ccw-net-avoid-warning-about.patch
pci-fix-overflow-in-snprintf-string-form.patch
qemu-cvs-gettimeofday.patch
qemu-cvs-ioctl_debug.patch
qemu-cvs-ioctl_nodirection.patch
qht-Revert-some-constification-in-qht.c.patch
qom-handle-case-of-chardev-spice-module-.patch
scsi-lsi53c895a-fix-use-after-free-in-ls.patch
scsi-lsi53c895a-really-fix-use-after-fre.patch
softmmu-Always-initialize-xlat-in-addres.patch
sphinx-change-default-language-to-en.patch
test-add-mapping-from-arch-of-i686-to-qe.patch
tests-Fix-block-tests-to-be-compatible-w.patch
tests-qtest-Move-the-fuzz-tests-to-x86-o.patch
usb-Help-compiler-out-to-avoid-a-warning.patch
++++ shim:
- Add "tpm_record_pcrs" to EFI grub.cfg
------------------------------------------------------------------
------------------ 2022-9-19 - Sep 19 2022 -------------------
------------------------------------------------------------------
++++ bash:
- Small change in quotes-man2html.patch
* Use a simple "'" aka quote instead of "′" for "\(aq"
++++ grub2:
- Add safety measure to pcr snapshot by checking platform and tpm status
* safe_tpm_pcr_snapshot.patch
++++ ncurses:
- Add ncurses patch 20220917
+ reduce memory-leak in tic by separating allocations for struct entry
from TERMTYPE2 (cf: 20220430).
+ improve interaction between tic -v option and NCURSES_TRACE, by
processing the latter only when -v option does not set _nc_tracing.
+ modify curses_trace() to show the trace-mask as symbols, e.g.,
TRACE_ORDINARY, DEBUG_LEVEL(3).
++++ protobuf:
- update to 21.6:
C++:
* Reduce memory consumption of MessageSet parsing
++++ patterns-alp:
- cockpit pattern: explicitly require libpwquality-tools to
resolve image build dependency issue
++++ ovmf:
- Add patches to disable option ROM on sev (bsc#1199156)
ovmf-bsc1199156-OvmfPkg-IncompatiblePciDeviceSupportDxe-Ignore-Optio.patch
++++ vim:
- Updated to version 9.0.0500, fixes the following problems
- boo#1203508 - CVE-2022-3234
- boo#1203509 - CVE-2022-3235
* On an AZERTY keyboard digit keys get the shift modifier.
* Incorrect color for modeless selection with GTK.
* A few problems with 'splitscroll'.
* Function called at debug prompt is also debugged.
* Substitute prompt does not highlight an empty match.
* Splitting a line with a text prop "above" moves it to a new line below.
* Vim9: block in for loop doesn't behave like a code block.
* Loop variable can't be found.
* 'scroll' is not always updated.
* ASAN warning for integer overflow.
* Command line test leaves directory behind.
* With virtual text "above" indenting doesn't work well.
* Cursor moves when cmdwin is closed when 'splitscroll' is off.
* Virtual text wrong after adding line break after line.
* Build failure.
* Exectution stack underflow without the +eval feature. (Dominique Pellé)
* Cursor moves if cmdwin is closed when 'splitscroll' is off.
* In a :def function all closures in a loop get the same variables.
* No test for what patch 9.0.0469 fixes.
* Virtual text "below" doesn't show in list mode.
* fullcommand() only works for the current script version.
* fullcommand() test failure.
* Not using deferred delete in tests.
* Varargs does not work for replacement function of substitute().
* Missing dependency may cause crashes on incomplete build.
* Test for 'splitscroll' takes too much time.
* Valva Date Format files are not recognized.
* Cannot use a :def varargs function with substitute().
* In a :def function all closures in a loop get the same variables.
* "g0" moves to wrong location with virtual text "above".
* Illegal memory access when replacing in virtualedit mode.
* In a :def function all closures in a loop get the same variables.
* Text scrolled with 'nosplitscroll', autocmd win opened and help window
closed.
* Using freed memory with combination of closures.
* Cursor in wrong position with virtual text "above" and 'showbreak'.
* Using "end_lnum" with virtual text causes problems.
* Using freed memory with cmdwin and BufEnter autocmd.
* No good reason to build without the float feature.
* Cmdwin test fails on MS-Windows.
* Perl test fails.
* Small build misses float function declaraitons.
* Closure doesn't work properly in nested loop.
* No good reason to keep supporting Windows-XP.
* LyRiCs files are not recognized.
* Various small issues.
* In :def function list created after const is locked.
* When quitting the cmdline window with CTRL-C it remains visible.
------------------------------------------------------------------
------------------ 2022-9-18 - Sep 18 2022 -------------------
------------------------------------------------------------------
++++ gobject-introspection:
- Update to version 1.74.0:
+ Update the GIR data for GLib, GObject, GModule, and GIO.
++++ glib2:
- Update to version 2.74.0:
+ Use EPOLL_CLOEXEC by default
+ Fixed various regression on GRegex as per the PCRE2 porting
+ Fixed various memory leaks
+ Bugs fixed: glgo#GNOME/gtksourceview#278,
glgo#GNOME/gtksourceview#283, glgo#GNOME/GLib#2688,
glgo#GNOME/GLib#2713, glgo#GNOME/GLib#2719,
glgo#GNOME/GLib#2729, glgo#GNOME/GLib#2733,
glgo#GNOME/GLib#2737, glgo#GNOME/GLib#2741,
glgo#GNOME/gtk#4400, glgo#GNOME/GLib!2820,
glgo#GNOME/GLib!2855, glgo#GNOME/GLib!2861,
glgo#GNOME/GLib!2868, glgo#GNOME/GLib!2873,
glgo#GNOME/GLib!2874, glgo#GNOME/GLib!2875,
glgo#GNOME/GLib!2876, glgo#GNOME/GLib!2879,
glgo#GNOME/GLib!2881, glgo#GNOME/GLib!2882,
glgo#GNOME/GLib!2883, glgo#GNOME/GLib!2900.
+ Updated translations.
++++ gsettings-desktop-schemas:
- Update to version 43.0:
+ Updated translations.
++++ kernel-default:
- Update to 6.0-rc6
- commit 2132e28
++++ libksba:
- libksba 1.6.1:
* Allow an OCSP server not to return the sent nonce
- fix rpmlint warnings
++++ python310-core:
- test-int-timing.patch: gh-96710: Make the test timing more lenient for
the int/str DoS regression test. (#96717)
++++ python310:
- test-int-timing.patch: gh-96710: Make the test timing more lenient for
the int/str DoS regression test. (#96717)
------------------------------------------------------------------
------------------ 2022-9-17 - Sep 17 2022 -------------------
------------------------------------------------------------------
++++ btrfsprogs:
- update to 5.19.1:
* fix memory leaks (extent buffer, path)
* check: verify block device size vs item
* rescue fix-device-size: allow to shrink device item
* receive: fix crash on wrong pinter free()
* other:
* experimental: support for block-group-tree
* documentation updates
* new tests
++++ filesystem:
- Update /usr/etc/skel per XDG Directory Specification:
* Add .local/bin to eventually replace bin for user executable
files
* Use .local/share/fonts instead of .fonts for user specific fonts
* Add missing dirs: .local/share .local/state
++++ at-spi2-core:
- Update to version 2.46.0:
+ Fix GetInterfaces documentation on org.a11y.atspi.Accessible
interface.
++++ mozilla-nss:
- update to NSS 3.82
* bmo#1330271 - check for null template in sec_asn1{d,e}_push_state
* bmo#1735925 - QuickDER: Forbid NULL tags with non-zero length
* bmo#1784724 - Initialize local variables in
TlsConnectTestBase::ConnectAndCheckCipherSuite
* bmo#1784191 - Cast the result of GetProcAddress
* bmo#1681099 - pk11wrap: Tighten certificate lookup based on
PKCS #11 URI.
++++ popt:
- popt 1.19:
* various build system fixes
* various developer visible fixes
* Fix the handling of superfluous args passed with =
* Fix multiple resource and memory leaks
* Fix '=' getting shown for short options
* Improve random number handling
* translation updates and documentation improvements
- refresh spec file, run tests, package license in every package,
and treat all compiler warnings and errors
++++ python-charset-normalizer:
- update to 2.1.1:
* Function `normalize` scheduled for removal in 3.0
* Removed useless call to decode in fn is_unprintable (#206)
++++ python-pyzmq:
- update to version 24.0.0:
* Breaking changes:
+ Due to a libzmq bug causing unavoidable crashes for some users,
Windows wheels no longer bundle libzmq with AF_UNIX support. In
order to enable AF_UNIX on Windows, pyzmq must be built from
source, linking an appropriate build of libzmq
(e.g. libzmq-v142). AF_UNIX support will be re-enabled in pyzmq
wheels when libzmq published fixed releases.
+ Using a {class}zmq.Context as a context manager or deleting a
context without closing it now calls {meth}zmq.Context.destroy
at exit instead of {meth}zmq.Context.term. This will have little
effect on most users, but changes what happens when user bugs
result in a context being implicitly destroyed while sockets are
left open. In almost all cases, this will turn what used to be a
hang into a warning. However, there may be some cases where
sockets are actively used in threads, which could result in a
crash. To use sockets across threads, it is critical to properly
and explicitly close your contexts and sockets, which will
always avoid this issue.
------------------------------------------------------------------
------------------ 2022-9-16 - Sep 16 2022 -------------------
------------------------------------------------------------------
++++ fde-tools:
- Move the (shipped) keyfile into /root to avoid issues with r/o root
++++ grub2:
- Fix installation failure due to unavailable nvram device on
ppc64le (bsc#1201361)
* 0001-grub-install-set-point-of-no-return-for-powerpc-ieee1275.patch
- Add patches to dynamically allocate additional memory regions for
EFI systems (bsc#1202438)
* 0001-mm-Allow-dynamically-requesting-additional-memory-re.patch
* 0002-kern-efi-mm-Always-request-a-fixed-number-of-pages-o.patch
* 0003-kern-efi-mm-Extract-function-to-add-memory-regions.patch
* 0004-kern-efi-mm-Pass-up-errors-from-add_memory_regions.patch
* 0005-kern-efi-mm-Implement-runtime-addition-of-pages.patch
- Enlarge the default heap size and defer the disk cache
invalidation (bsc#1202438)
* 0001-kern-efi-mm-Enlarge-the-default-heap-size.patch
* 0002-mm-Defer-the-disk-cache-invalidation.patch
++++ at-spi2-core:
- Add libatk-1_0-0 and libatk-bridge-2_0-0 to baselibs.conf, build
32bit support.
++++ colord:
- Add colord-CVE-2021-42523.patch: fix a small memory leak on db
open failure (boo#1202802 CVE-2021-42523).
++++ pango:
- Update to version 1.50.10:
+ Avoid some unnecessary strdups.
+ Fix line height computations with a non-trivial CTM.
++++ libpng16:
- update to 1.6.38:
* Added configurations and scripts for continuous integration.
* Fixed various errors in the handling of tRNS, hIST and eXIf.
* Implemented many stability improvements across all platforms.
* Updated the internal documentation.
++++ microos-tools:
- Update to version 2.17:
- selinux-autorelabel-generator: Don't cross partition boundaries
for /.snapshots when relabeling [issue#11]
++++ python-idna:
- update to 3.4:
* Update to Unicode 15.0.0
* Migrate to pyproject.toml for build information (PEP 621)
* Correct another instance where generic exception was raised instead of
IDNAError for malformed input
* Source distribution uses zeroized file ownership for improved
reproducibility
------------------------------------------------------------------
------------------ 2022-9-15 - Sep 15 2022 -------------------
------------------------------------------------------------------
++++ bash:
- Add patch quotes-man2html.patch
* Fix boo#1203091 -- BASH(1) Manual Page: Unprocessed macro aq
++++ e2fsprogs:
- Refresh e2fsprogs.keyring based on currently provided keys.
++++ glib-networking:
- Update to version 2.74.0:
+ Updated translations.
++++ grub2:
- Add patches for ALP FDE support
* 0001-devmapper-getroot-Have-devmapper-recognize-LUKS2.patch
* 0002-devmapper-getroot-Set-up-cheated-LUKS2-cryptodisk-mo.patch
* 0003-disk-cryptodisk-When-cheatmounting-use-the-sector-in.patch
* 0004-normal-menu-Don-t-show-Booting-s-msg-when-auto-booti.patch
* 0005-EFI-suppress-the-Welcome-to-GRUB-message-in-EFI-buil.patch
* 0006-EFI-console-Do-not-set-colorstate-until-the-first-te.patch
* 0007-EFI-console-Do-not-set-cursor-until-the-first-text-o.patch
* 0008-linuxefi-Use-common-grub_initrd_load.patch
* 0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch
* 0010-templates-import-etc-crypttab-to-grub.cfg.patch
* grub-read-pcr.patch
* efi-set-variable-with-attrs.patch
* tpm-record-pcrs.patch
* tpm-protector-dont-measure-sealed-key.patch
* tpm-protector-export-secret-key.patch
* grub-install-record-pcrs.patch
* grub-unseal-debug.patch
++++ kernel-default:
- Linux 5.19.9 (bsc#1012628).
- efi: libstub: Disable struct randomization (bsc#1012628).
- efi: capsule-loader: Fix use-after-free in efi_capsule_write
(bsc#1012628).
- wifi: iwlegacy: 4965: corrected fix for potential off-by-one
overflow in il4965_rs_fill_link_cmd() (bsc#1012628).
- fs: only do a memory barrier for the first set_buffer_uptodate()
(bsc#1012628).
- soc: fsl: select FSL_GUTS driver for DPIO (bsc#1012628).
- Revert "mm: kmemleak: take a full lowmem check in
kmemleak_*_phys()" (bsc#1012628).
- scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port
ISP27XX (bsc#1012628).
- scsi: core: Allow the ALUA transitioning state enough time
(bsc#1012628).
- scsi: megaraid_sas: Fix double kfree() (bsc#1012628).
- drm/gem: Fix GEM handle release errors (bsc#1012628).
- drm/amdgpu: Move psp_xgmi_terminate call from
amdgpu_xgmi_remove_device to psp_hw_fini (bsc#1012628).
- drm/amdgpu: fix hive reference leak when adding xgmi device
(bsc#1012628).
- drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup
(bsc#1012628).
- drm/amdgpu: Remove the additional kfd pre reset call for sriov
(bsc#1012628).
- drm/radeon: add a force flush to delay work when radeon
(bsc#1012628).
- scsi: ufs: core: Reduce the power mode change timeout
(bsc#1012628).
- Revert "parisc: Show error if wrong 32/64-bit compiler is
being used" (bsc#1012628).
- parisc: ccio-dma: Handle kmalloc failure in
ccio_init_resources() (bsc#1012628).
- parisc: Add runtime check to prevent PA2.0 kernels on PA1.x
machines (bsc#1012628).
- arm64: errata: add detection for AMEVCNTR01 incrementing
incorrectly (bsc#1012628).
- netfilter: conntrack: work around exceeded receive window
(bsc#1012628).
- thermal/int340x_thermal: handle data_vault when the value is
ZERO_SIZE_PTR (bsc#1012628).
- cpufreq: check only freq_table in __resolve_freq()
(bsc#1012628).
- net/core/skbuff: Check the return value of skb_copy_bits()
(bsc#1012628).
- md: Flush workqueue md_rdev_misc_wq in md_alloc() (bsc#1012628).
- fbdev: omapfb: Fix tests for platform_get_irq() failure
(bsc#1012628).
- fbdev: fbcon: Destroy mutex on freeing struct fb_info
(bsc#1012628).
- fbdev: chipsfb: Add missing pci_disable_device() in
chipsfb_pci_init() (bsc#1012628).
- x86/sev: Mark snp_abort() noreturn (bsc#1012628).
- drm/amdgpu: add sdma instance check for gfx11 CGCG
(bsc#1012628).
- drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly
(bsc#1012628).
- ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (bsc#1012628).
- ALSA: emu10k1: Fix out of bounds access in
snd_emu10k1_pcm_channel_alloc() (bsc#1012628).
- ALSA: hda: Once again fix regression of page allocations with
IOMMU (bsc#1012628).
- ALSA: aloop: Fix random zeros in capture data when using
jiffies timer (bsc#1012628).
- ALSA: usb-audio: Split endpoint setups for hw_params and prepare
(bsc#1012628).
- ALSA: usb-audio: Clear fixed clock rate at closing EP
(bsc#1012628).
- ALSA: usb-audio: Fix an out-of-bounds bug in
__snd_usb_parse_audio_interface() (bsc#1012628).
- tracefs: Only clobber mode/uid/gid on remount if asked
(bsc#1012628).
- tracing: hold caller_addr to hardirq_{enable,disable}_ip
(bsc#1012628).
- tracing: Fix to check event_mutex is held while accessing
trigger list (bsc#1012628).
- btrfs: zoned: set pseudo max append zone limit in zone emulation
mode (bsc#1012628).
- btrfs: zoned: fix API misuse of zone finish waiting
(bsc#1012628).
- vfio/type1: Unpin zero pages (bsc#1012628).
- kprobes: Prohibit probes in gate area (bsc#1012628).
- perf: RISC-V: fix access beyond allocated array (bsc#1012628).
- debugfs: add debugfs_lookup_and_remove() (bsc#1012628).
- sched/debug: fix dentry leak in update_sched_domain_debugfs
(bsc#1012628).
- drm/amd/display: fix memory leak when using debugfs_lookup()
(bsc#1012628).
- driver core: fix driver_set_override() issue with empty strings
(bsc#1012628).
- nvmet: fix a use-after-free (bsc#1012628).
- drm/i915/bios: Copy the whole MIPI sequence block (bsc#1012628).
- drm/i915/slpc: Let's fix the PCODE min freq table setup for SLPC
(bsc#1012628).
- drm/i915: Implement WaEdpLinkRateDataReload (bsc#1012628).
- scsi: mpt3sas: Fix use-after-free warning (bsc#1012628).
- scsi: lpfc: Add missing destroy_workqueue() in error path
(bsc#1012628).
- cgroup: Elide write-locking threadgroup_rwsem when updating
csses on an empty subtree (bsc#1012628).
- cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock
(bsc#1012628).
- cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl()
(bsc#1012628).
- smb3: missing inode locks in zero range (bsc#1012628).
- spi: bitbang: Fix lsb-first Rx (bsc#1012628).
- ASoC: cs42l42: Only report button state if there was a button
interrupt (bsc#1012628).
- Revert "soc: imx: imx8m-blk-ctrl: set power device name"
(bsc#1012628).
- arm64: dts: imx8mm-verdin: update CAN clock to 40MHz
(bsc#1012628).
- arm64: dts: imx8mm-verdin: use level interrupt for mcp251xfd
(bsc#1012628).
- ASoC: qcom: sm8250: add missing module owner (bsc#1012628).
- regmap: spi: Reserve space for register address/padding
(bsc#1012628).
- arm64: dts: imx8mp-venice-gw74xx: fix sai2 pin settings
(bsc#1012628).
- arm64: dts: imx8mq-tqma8mq: Remove superfluous interrupt-names
(bsc#1012628).
- RDMA/rtrs-clt: Use the right sg_cnt after ib_dma_map_sg
(bsc#1012628).
- RDMA/rtrs-srv: Pass the correct number of entries for dma
mapped SGL (bsc#1012628).
- ARM: dts: imx6qdl-vicut1.dtsi: Fix node name backlight_led
(bsc#1012628).
- ARM: dts: imx6qdl-kontron-samx6i: remove duplicated node
(bsc#1012628).
- ARM: dts: imx6qdl-kontron-samx6i: fix spi-flash compatible
(bsc#1012628).
- arm64: dts: ls1028a-qds-65bb: don't use in-band autoneg for
2500base-x (bsc#1012628).
- soc: imx: gpcv2: Assert reset before ungating clock
(bsc#1012628).
- arm64: dts: verdin-imx8mm: add otg2 pd to usbphy (bsc#1012628).
- arm64: dts: imx8mm-venice-gw7901: fix port/phy validation
(bsc#1012628).
- arm64: dts: freescale: verdin-imx8mm: fix atmel_mxt_ts reset
polarity (bsc#1012628).
- arm64: dts: freescale: verdin-imx8mp: fix atmel_mxt_ts reset
polarity (bsc#1012628).
- regulator: core: Clean up on enable failure (bsc#1012628).
- ASoC: SOF: Kconfig: Make IPC_FLOOD_TEST depend on SND_SOC_SOF
(bsc#1012628).
- ASoC: SOF: Kconfig: Make IPC_MESSAGE_INJECTOR depend on
SND_SOC_SOF (bsc#1012628).
- tee: fix compiler warning in tee_shm_register() (bsc#1012628).
- RDMA/irdma: Fix drain SQ hang with no completion (bsc#1012628).
- arm64: dts: renesas: r8a779g0: Fix HSCIF0 interrupt number
(bsc#1012628).
- RDMA/cma: Fix arguments order in net device validation
(bsc#1012628).
- soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs
(bsc#1012628).
- RDMA/hns: Fix supported page size (bsc#1012628).
- RDMA/hns: Fix wrong fixed value of qp->rq.wqe_shift
(bsc#1012628).
- RDMA/hns: Remove the num_qpc_timer variable (bsc#1012628).
- wifi: wilc1000: fix DMA on stack objects (bsc#1012628).
- ARM: at91: pm: fix self-refresh for sama7g5 (bsc#1012628).
- ARM: at91: pm: fix DDR recalibration when resuming from backup
and self-refresh (bsc#1012628).
- ARM: dts: at91: sama5d27_wlsom1: specify proper regulator
output ranges (bsc#1012628).
- ARM: dts: at91: sama5d2_icp: specify proper regulator output
ranges (bsc#1012628).
- ARM: dts: at91: sama7g5ek: specify proper regulator output
ranges (bsc#1012628).
- ARM: dts: at91: sama5d27_wlsom1: don't keep ldo2 enabled all
the time (bsc#1012628).
- ARM: dts: at91: sama5d2_icp: don't keep vdd_other enabled all
the time (bsc#1012628).
- netfilter: br_netfilter: Drop dst references before setting
(bsc#1012628).
- netfilter: nf_tables: clean up hook list when offload flags
check fails (bsc#1012628).
- riscv: dts: microchip: use an mpfs specific l2 compatible
(bsc#1012628).
- netfilter: nf_conntrack_irc: Fix forged IP logic (bsc#1012628).
- RDMA/srp: Set scmnd->result only when scmnd is not NULL
(bsc#1012628).
- ALSA: usb-audio: Inform the delayed registration more properly
(bsc#1012628).
- ALSA: usb-audio: Register card again for iface over
delayed_register option (bsc#1012628).
- rxrpc: Fix ICMP/ICMP6 error handling (bsc#1012628).
- rxrpc: Fix an insufficiently large sglist in
rxkad_verify_packet_2() (bsc#1012628).
- afs: Use the operation issue time instead of the reply time
for callbacks (bsc#1012628).
- kunit: fix assert_type for comparison macros (bsc#1012628).
- Revert "net: phy: meson-gxl: improve link-up behavior"
(bsc#1012628).
- sch_sfb: Don't assume the skb is still around after enqueueing
to child (bsc#1012628).
- tipc: fix shift wrapping bug in map_get() (bsc#1012628).
- net: introduce __skb_fill_page_desc_noacc (bsc#1012628).
- tcp: TX zerocopy should not sense pfmemalloc status
(bsc#1012628).
- ice: Fix DMA mappings leak (bsc#1012628).
- ice: use bitmap_free instead of devm_kfree (bsc#1012628).
- i40e: Fix kernel crash during module removal (bsc#1012628).
- iavf: Detach device during reset task (bsc#1012628).
- xen-netback: only remove 'hotplug-status' when the vif is
actually destroyed (bsc#1012628).
- block: don't add partitions if GD_SUPPRESS_PART_SCAN is set
(bsc#1012628).
- RDMA/siw: Pass a pointer to virt_to_page() (bsc#1012628).
- bonding: use unspecified address if no available link local
address (bsc#1012628).
- bonding: add all node mcast address when slave up (bsc#1012628).
- ipv6: sr: fix out-of-bounds read when setting HMAC data
(bsc#1012628).
- IB/core: Fix a nested dead lock as part of ODP flow
(bsc#1012628).
- RDMA/mlx5: Set local port to one when accessing counters
(bsc#1012628).
- btrfs: zoned: fix mounting with conventional zones
(bsc#1012628).
- erofs: fix error return code in erofs_fscache_{meta_,}read_folio
(bsc#1012628).
- erofs: fix pcluster use-after-free on UP platforms
(bsc#1012628).
- nvme-tcp: fix UAF when detecting digest errors (bsc#1012628).
- nvme-tcp: fix regression that causes sporadic requests to time
out (bsc#1012628).
- tcp: fix early ETIMEDOUT after spurious non-SACK RTO
(bsc#1012628).
- btrfs: fix the max chunk size and stripe length calculation
(bsc#1012628).
- nvmet: fix mar and mor off-by-one errors (bsc#1012628).
- RDMA/irdma: Report the correct max cqes from query device
(bsc#1012628).
- RDMA/irdma: Return error on MR deregister CQP failure
(bsc#1012628).
- RDMA/irdma: Return correct WC error for bind operation failure
(bsc#1012628).
- RDMA/irdma: Report RNR NAK generation in device caps
(bsc#1012628).
- net: dsa: felix: disable cut-through forwarding for frames
oversized for tc-taprio (bsc#1012628).
- net: dsa: felix: access QSYS_TAG_CONFIG under tas_lock in
vsc9959_sched_speed_set (bsc#1012628).
- net: ethernet: mtk_eth_soc: fix typo in __mtk_foe_entry_clear
(bsc#1012628).
- net: ethernet: mtk_eth_soc: check max allowed hash in
mtk_ppe_check_skb (bsc#1012628).
- net/smc: Fix possible access to freed memory in link clear
(bsc#1012628).
- io_uring: recycle kbuf recycle on tw requeue (bsc#1012628).
- net: phy: lan87xx: change interrupt src of link_up to comm_ready
(bsc#1012628).
- sch_sfb: Also store skb len before calling child enqueue
(bsc#1012628).
- libperf evlist: Fix per-thread mmaps for multi-threaded targets
(bsc#1012628).
- perf dlfilter dlfilter-show-cycles: Fix types for print format
(bsc#1012628).
- perf script: Fix Cannot print 'iregs' field for hybrid systems
(bsc#1012628).
- perf record: Fix synthesis failure warnings (bsc#1012628).
- hwmon: (tps23861) fix byte order in resistance register
(bsc#1012628).
- ASoC: mchp-spdiftx: remove references to mchp_i2s_caps
(bsc#1012628).
- ASoC: mchp-spdiftx: Fix clang -Wbitfield-constant-conversion
(bsc#1012628).
- lsm,io_uring: add LSM hooks for the new uring_cmd file op
(bsc#1012628).
- selinux: implement the security_uring_cmd() LSM hook
(bsc#1012628).
- Smack: Provide read control for io_uring_cmd (bsc#1012628).
- MIPS: loongson32: ls1c: Fix hang during startup (bsc#1012628).
- kbuild: disable header exports for UML in a straightforward way
(bsc#1012628).
- i40e: Refactor tc mqprio checks (bsc#1012628).
- i40e: Fix ADQ rate limiting for PF (bsc#1012628).
- net: bonding: replace dev_trans_start() with the jiffies of
the last ARP/NS (bsc#1012628).
- bonding: accept unsolicited NA message (bsc#1012628).
- swiotlb: avoid potential left shift overflow (bsc#1012628).
- iommu/amd: use full 64-bit value in build_completion_wait()
(bsc#1012628).
- s390/boot: fix absolute zero lowcore corruption on boot
(bsc#1012628).
- time64.h: consolidate uses of PSEC_PER_NSEC (bsc#1012628).
- net: dsa: felix: tc-taprio intervals smaller than MTU should
send at least one packet (bsc#1012628).
- hwmon: (mr75203) fix VM sensor allocation when "intel,vm-map"
not defined (bsc#1012628).
- hwmon: (mr75203) update pvt->v_num and vm_num to the actual
number of used sensors (bsc#1012628).
- hwmon: (mr75203) fix voltage equation for negative source input
(bsc#1012628).
- hwmon: (mr75203) fix multi-channel voltage reading
(bsc#1012628).
- hwmon: (mr75203) enable polling for all VM channels
(bsc#1012628).
- iommu/vt-d: Fix possible recursive locking in intel_iommu_init()
(bsc#1012628).
- perf evlist: Always use arch_evlist__add_default_attrs()
(bsc#1012628).
- perf stat: Fix L2 Topdown metrics disappear for raw events
(bsc#1012628).
- Revert "arm64: kasan: Revert "arm64: mte: reset the page tag
in page->flags"" (bsc#1012628).
- hwmon: (asus-ec-sensors) add support for Strix Z690-a D4
(bsc#1012628).
- hwmon: (asus-ec-sensors) add support for Maximus XI Hero
(bsc#1012628).
- hwmon: (asus-ec-sensors) add missing sensors for X570-I GAMING
(bsc#1012628).
- hwmon: (asus-ec-sensors) add definitions for ROG ZENITH II
EXTREME (bsc#1012628).
- hwmon: (asus-ec-sensors) autoload module via DMI data
(bsc#1012628).
- arm64/bti: Disable in kernel BTI when cross section thunks
are broken (bsc#1012628).
- iommu/vt-d: Correctly calculate sagaw value of IOMMU
(bsc#1012628).
- iommu/virtio: Fix interaction with VFIO (bsc#1012628).
- Update config files.
- commit 0312ea1
++++ polkit:
- obsolete libpolkit0 also from baselibs.
++++ libsoup:
- Update to version 3.2.0:
+ No changes, stable bump only.
++++ libvirt:
- Migration to /usr/etc: Saving user changed configuration files
in /etc and restoring them while an RPM update.
++++ python310-pyparsing:
- Fix incorrect usage of non-bundled pip revealed by
python-rpm-macros update.
++++ qemu:
- pcre-devel-static is only needed when building against
glib2 < 2.73. After that, glib2 was migrated to pcre2.
------------------------------------------------------------------
------------------ 2022-9-14 - Sep 14 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- llvm15.patch: backport of commits 2037c34f245, 301bcbac0e5, 6983c8580a2
to support LLVM 15
++++ Mesa-drivers:
- llvm15.patch: backport of commits 2037c34f245, 301bcbac0e5, 6983c8580a2
to support LLVM 15
++++ ansible-core:
- update to 2.13.4:
Changelog https://github.com/ansible/ansible/blob/v2.13.4/changelogs/CHANGELOG-v2.13.rst
* Bugfixes
- Fix for network_cli not getting all relevant connection options
- ansible-galaxy - Fix detection of --role-file in arguments for implicit role invocation (#78204)
- ansible-galaxy - Fix exit codes for role search and delete (#78516)
- ansible-test - Fix change detection for ansible-test's own integration tests.
- ansible-test - ansible-doc sanity test - Correctly determine the fully-qualified collection name for plugins in subdirectories, resolving #78490.
- apt - don't actually update the cache in check mode with update_cache=true.
- apt - don't mark existing packages as manually installed in check mode (#66413).
- apt - fix package selection to include /etc/apt/preferences(.d) (#77969)
- urls - Guard imports of urllib3 by catching Exception instead of ImportError to prevent exceptions in the import process of optional dependencies from preventing use of urls.py (#78648)
- wait_for - Read file and perform comparisons using bytes to avoid decode errors (#78214)
++++ diffutils:
- Skip gnulib test test-free under qemu emulation (bsc#1202260)
++++ dracut:
- Update to version 057+suse.315.gd210fc38:
* chore(suse): update spec
Fix "directories not owned by a package" caused by bash-completion directories not owned by dracut.
Do not install modules incompatible with the system architecture.
* chore(suse): change default persistent policy
* ci(suse.conf.example): update SUSE-specific config
* chore(suse): fix 99-debug.conf
++++ e2fsprogs:
- Spec file cleanup:
+ Drop remainders regarding -mini packages, which was not a thing
since Jan 2014.
+ Split build of fuse2fs out into a sep build (_multibuild
enabled).
++++ file:
- Add patch file-zstd.patch from upstream mailing list
* Add zstd decompression support
- Run also upstream standard checks
++++ gnutls:
- FIPS: Run the CFB8 cipher selftest without offset [bsc#1203245]
* CFB8 list of ciphers: GNUTLS_CIPHER_AES_{128,192,256}_CFB8
* Add gnutls-FIPS-Run-CFB8-without-offset.patch
++++ hwdata:
- update to 0.362:
+ Updated pci, usb and vendor ids.
++++ less:
- Update to 608:
* Add the --header option (github #43).
* Add the --no-number-headers option (github #178).
* Add the --status-line option.
* Add the --redraw-on-quit option (github #36).
* Add the --search-options option (github #213).
* Add the --exit-follow-on-close option (github #244).
* Add 'H' color type to set color of header lines.
* Add #version conditional to lesskey.
* Add += syntax to variable section in lesskey files.
* Allow option name in -- command to end with '=' in addition to '\n'.
* Add $HOME/.config to possible locations of lesskey file (github #153).
* Add $XDG_STATE_HOME and $HOME/.local/state to possible locations
of history file (github #223).
* Don't read or write history file in secure mode (github #201).
* Fix display of multibyte and double-width chars in prompt.
* Fix ESC-BACKSPACE command when BACKSPACE key does not send 0x08
(github #188).
* Add more \k codes to lesskey format.
* Fix bug when empty file is modified while viewing it.
* Fix bug when parsing a malformed lesskey file (githb #234).
* Fix bug scrolling history when --incsearch is set (github #214).
* Fix buffer overflow when invoking lessecho with more than 63 -m/-n
options (github #198).
* Fix buffer overflow in bin_file (github #271).
* Fix bug restoring color at end of highlighted text.
* Fix bug in parsing lesskey file.
* Defer moving cursor to lower left in some more cases.
* Suppress TAB filename expansion in some cases where it doesn't make sense.
* Fix termlib detection when compiler doesn't accept
calls to undeclared functions.
* Escape filenames when invoking LESSCLOSE.
* Fix bug using multibyte UTF-8 char in search string
with --incsearch (github #273).
++++ openssl-3:
- Do not make libopenssl3-32bit obsolete libopenssl1_1-32bit.
They are independent libraries and can be installed simultaneously.
++++ logrotate:
- Ignoring vendor logs settings in /usr/etc/logrotate.d if they
have already been defined by the the admin in the /etc/logrotate.d
directory (bsc#1173319).
- Removed logrotate-3.20.0-man_logrotate.patch.
- Added logrotate-vendor-dir.patch
++++ rsync:
- Use bundled SLP patch now that upstream fixed it:
* Remove rsync-3.2.5-slp.patch
------------------------------------------------------------------
------------------ 2022-9-13 - Sep 13 2022 -------------------
------------------------------------------------------------------
++++ bash:
- Update to bash 5.2 rc4
Pos. aa is now enabled by default.
m. Readline now checks for changes to locale settings (LC_ALL/LC_CTYPE/LANG)
each time it is called, and modifies the appropriate locale-specific display
- Port patches
* bash-2.03-manual.patch
* bash-5.2.dif
++++ permissions:
- Update to version 20220912:
* chkstat: also consider group controlled paths (bsc#1203018,
CVE-2022-31252)
++++ cockpit:
- Fix cockpit-storage dependencies
- Merge SUSE branding into cockpit package
++++ cryptsetup:
- Add virtual provides for 'integritysetup' and 'veritysetup' to match
package names provided by Fedora/RHEL, to allow the same set of
dependencies to be used across all RPM distributions.
++++ e2fsprogs:
- enabled fuse2fs build which enable to mount ext2/3/4 via FUSE
++++ fde-tools:
- Introduce a specific unit script that takes care of mounting root
early (to avoid conflicts with ignition).
++++ file:
- update to 5.43:
* Add octal indirect magic
* avoid infinite loop in non-wide code
* Obey MAGIC_CONTINUE with multiple magic files
* Fix bug with large flist
* PR/364: Detect non-nul-terminated core filenames from QEMU
* PR/359: Add support for http://ndjson.org/
* PR/362: Fix wide printing
* PR/358: Fix width for -f -
- drop file-boo1201350.patch (upstream)
++++ gawk:
- upref.patch: Add missing UPREF
++++ gnutls:
- provide a libgnutls30-hmac-32bit to avoid uninstallable wine
when pattern-base-fips is installed [boo#1203353]
++++ libdrm:
- disabled intel driver on s390x
++++ rdma-core:
- Update to v42.0
- Fixes for all providers
- Dropped patches merged upstream:
- util-Add-barriers-support-for-RISC-V.patch
- cmake-Make-modprobe.d-path-configurable.patch
- Update gen-pandoc.sh to support python3
++++ readline:
- Update to readline-8.2-rc4
m. Readline now checks for changes to locale settings (LC_ALL/LC_CTYPE/LANG)
each time it is called, and modifies the appropriate locale-specific display
and key binding variables when the locale changes.
- Port patch readline-8.2.dif
++++ python-pycairo:
- Update to version 1.21.0:
* Require Python 3.7+
* Require meson 0.53+
* Using setup.py directly to build/install pycairo is deprecated.
Use meson instead.
* setup.py now requires setuptools. Previously it was optional.
* The complete API reference is now included in the typing stubs,
so it can be consumed/shown by IDEs.
- Add f5a795ea.patch: Some test improvements for cairo 1.17.6
++++ vim:
- Updated to version 9.0.0453, fixes the following problems
- boo#1203272 - CVE-2022-3153
- boo#1203194 - CVE-2022-3134
- boo#1203110 - CVE-2022-3099
* Writefile test leaves files behind.
* Freeing the wrong string on failure.
* Coverity complains about unused value.
* Covertity still complains about using return value of getc().
* GUI: when CTRL-D is mapped in Insert mode it gets inserted. (Yasuhiro
Matsumoto)
* Some code blocks are nested too deep.
* repeating a <ScriptCmd> mapping does not use the right script context.
* The do_arg_all() function is too long.
* Crash when 'tagfunc' closes the window.
* Cannot use a partial with :defer.
* Using separate delete() call instead of writefile() 'D' flag.
* Inverted condition is a bit confusing.
* Signals test often fails on FreeBSD.
* Cygwin: multibyte characters may be broken in terminal window.
* Clang warnings for function prototypes.
* :findrepl does not escape '&' and '~' properly.
* :defer not tested with exceptions and ":qa!".
* Members of funccall_T are inconsistently named.
* Using :defer in expression funcref not tested.
* GUI test sometimes hangs on CI.
* CI uses older clang version.
* Javascript module files are not recoginzed.
* 'equalalways' may be off when 'laststatus' is zero.
* Crash when passing invalid arguments to assert_fails().
* Arguments in a partial not used by a :def function.
* Deferred functions not invoked when partial func exits.
* matchstr() does match column offset. (Yasuhiro Matsumoto)
* GUI test sometimes fails on MS-Windows.
* #{g:x} was seen as a curly-braces expression.
* Struct member cts_lnum is unused.
* Only created files can be cleaned up with one call.
* Compiler warning for unused argument.
* ASAN reports a memory leak.
* matchstr() still does not match column offset when done after a text
search.
* ml_get error when appending lines in popup window.
* Jsonnet files are not recognized.
* Manually deleting temp test files.
* The :defer command does not check the function argument count and types.
* Function went missing.
* Not enough testing of the :all command.
* "for" and "while" not recognized after :vim9cmd and :legacy. (Emanuele
Torre)
* gitattributes files are not recognized.
* Autocmd test is a bit flaky on MS-Windows.
* Failed flaky tests report only start time.
* Drupal theme files are not recognized.
* Autocmd test uses common file name.
* Not all keys are tested for the MS-Windows GUI.
* Cannot use repeat() with a blob.
* Current mode shows in message window.
* Crash when using for loop variable in closure.
* Coverity warns for not checking allocation failure.
* gitignore files are not recognized.
* Compiler warning for uninitialized variable.
* CI: running tests in parallel causes flakiness.
* No error when a custom completion function returns something else than
the expected list.
* Cannot put virtual text above a line.
* Cursor wrong if inserting before line with virtual text above.
* Crash when using mkdir() with "R" flag in compiled function.
* Closure in for loop test fails on some systems.
* Virtual text "above" doesn't handel line numbers.
* Blueprint files are not recognized.
* Trying to declare g:variable gives confusing error.
* When opening/closing window text moves up/down.
* Message window may be positioned too low.
* Using :echowin while at the hit-enter prompt causes problems.
* SubRip files are not recognized.
* There is no easy way to translate a string with a key code into a
readable string.
* Return value of argument check functions is inconsistent.
* Virtual text "above" does not work with 'nowrap'.
* Visual highlighting extends into virtual text prop.
* On an AZERTY keyboard digit keys get the shift modifier.
------------------------------------------------------------------
------------------ 2022-9-12 - Sep 12 2022 -------------------
------------------------------------------------------------------
++++ kernel-default:
- watchdog: wdat_wdt: Set the min and max timeout values properly
(bsc#1194023).
- commit a5f18a6
- iommu: Fix false ownership failure on AMD systems with PASID
activated (bsc#1202492).
- commit c4990ab
- Drop temporary workaround patch for HD-audio IOMMU bug (bsc#1202492)
The proper upstream fix will be merged instead
- commit 23d9d61
++++ llvm15:
- Use correct LLVM_HOST_TRIPLE for riscv64
++++ libdrm:
- update to 2.4.113:
* amdgpu: update marketing names
* sync i915_pciids with kernel
* atomic: fix atomic_add_unless() fallback's return value
* intel: Avoid aliasing violation
* intel: Hook up new platforms IDs
* meson: auto-enable etnaviv on arm, arc, mips and loongarch architectures
* modetest: use drmGetFormatName()
* lots of testsuite and CI improvements
- enable intel support everywhere as there are now discrete intel GPUs
- enable vc4 support on armv7/aarch64
- simplify valgrind support ifdefery
++++ jitterentropy:
- updated to 3.4.1
* add FIPS 140 hints to man page
* simplify the test tool to search for optimal configurations
* fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0
* enhancement: add ARM64 assembler code to read high-res timer
++++ ncurses:
- Add ncurses patch 20220910
+ amend verbose-option change to make this affect level 3, e.g., using
"tic -cv3 terminfo".
+ work around musl's nonstandard use of feature test macros by adding
a definition for NCURSES_WIDECHAR to the generated ".pc" and *-config
files (report by Sam James).
- Add ncurses patch 20220903
+ modify verbose-option of infocmp, tic, toe to enable debug-tracing
if that is configured.
- Add ncurses patch 20220827
+ modify configure scripts to use overlooked cases for LD and
PKG_CONFIG variables (report by Alan Webb, Gentoo #866398).
+ modify nsterm to use xterm+alt1049 (report by Paul Handly) -TD
+ modify putty to use xterm+alt1049 -TD
- Correct offsets of patches
* ncurses-5.9-ibm327x.dif
* ncurses-6.3.dif
++++ rpm:
- update to rpm-4.17.1.1
* Fix upstream branch setting in "%autosetup -S git"
* Revert "Strip the target triplet GNU suffix more precisely."
++++ ovmf:
- Modified ovmf.changes log, using PED-1410 instead of PED-1359 for
pushing to SLE15-SP5.
++++ rsync:
- update to 3.2.6:
* More path-cleaning improvements in the file-list validation code to avoid
rejecting of valid args.
* A file-list validation fix for a --files-from file that ends without a
line-terminating character.
* Added a safety check that prevents the sender from removing destination
files when a local copy using --remove-source-files has some files that are
shared between the sending & receiving hierarchies, including the case
where the source dir & destination dir are identical.
* Fixed a bug in the internal MD4 checksum code that could cause the digest
to be sporadically incorrect (the openssl version was/is fine).
* A minor tweak to rrsync added "copy-devices" to the list of known args, but
left it disabled by default.
++++ selinux-policy:
- Revamped rtorrent module
++++ shim:
- Add logic to shim.spec to only set sbat policy when efivarfs is writeable.
(bsc#1201066)
++++ suse-module-tools:
- Update to version 16.0.23:
* cert-script: skip cert handling if efivarfs is not writable
(bsc#1201066)
* driver-check.sh, unblacklist: convert egrep to grep -E (bsc#1203092)
------------------------------------------------------------------
------------------ 2022-9-11 - Sep 11 2022 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Update to 6.0-rc5
- eliminate 5 patches:
- patches.suse/ASoC-nau8540-Implement-hw-constraint-for-rates.patch
- patches.suse/ASoC-nau8821-Implement-hw-constraint-for-rates.patch
- patches.suse/ASoC-nau8824-Fix-semaphore-unbalance-at-error-paths.patch
- patches.suse/ASoC-nau8824-Implement-hw-constraint-for-rates.patch
- patches.suse/ASoC-nau8825-Implement-hw-constraint-for-rates.patch
- refresh configs
- commit f7dcc92
++++ python310-core:
- Update to 3.10.7:
- Fix for CVE-2020-10735 (bsc#1203125) Converting between int
and str in bases other than 2 (binary), 4, 8 (octal), 16
(hexadecimal), or 32 such as base 10 (decimal) now raises
a ValueError if the number of digits in string form is above
a limit to avoid potential denial of service attacks due to
the algorithmic complexity.
- Other bug fixes:
- Fixed a bug that caused _PyCode_GetExtra to return garbage
for negative indexes.
- Fix format string in _PyPegen_raise_error_known_location
that can lead to memory corruption on some 64bit systems.
The function was building a tuple with i (int) instead of
n (Py_ssize_t) for Py_ssize_t arguments.
- Fix misleading contents of error message when converting an
all-whitespace string to float.
- coroutine.throw() now properly initializes the frame.f_back
when resuming a stack of coroutines. This allows e.g.
traceback.print_stack() to work correctly when an exception
(such as CancelledError) is thrown into a coroutine.
- ast.parse() will no longer parse function definitions with
positional-only params when passed feature_version less
than (3, 8).
- Correct conversion of numbers.Rational’s to float.
- Fix a performance regression in logging
TimedRotatingFileHandler. Only check for special files when
the rollover time has passed.
- Fix unused localName parameter in the Attr class in
xml.dom.minidom.
- Update bundled pip to 22.2.2.
- Fail gracefully if EPERM or ENOSYS is raised when loading
crypt methods. This may happen when trying to load MD5 on
a Linux kernel with FIPS enabled.
- Improve discoverability of the higher level
concurrent.futures module by providing clearer links from
the lower level threading and multiprocessing modules.
- Update the default RFC base URL from deprecated
tools.ietf.org to datatracker.ietf.org
- Fix stylesheet not working in Windows CHM htmlhelp docs.
- The documentation now lists which members of C structs are
part of the Limited API/Stable ABI.
- Mitigate the inherent race condition from using
find_unused_port() in testSockName() by trying to find an
unused port a few times before failing.
- Build and test with OpenSSL 1.1.1q
- Document handling of extensions in Save As dialogs.
- Include prompts when saving Shell (interactive input and
output).
++++ python310:
- Update to 3.10.7:
- Fix for CVE-2020-10735 (bsc#1203125) Converting between int
and str in bases other than 2 (binary), 4, 8 (octal), 16
(hexadecimal), or 32 such as base 10 (decimal) now raises
a ValueError if the number of digits in string form is above
a limit to avoid potential denial of service attacks due to
the algorithmic complexity.
- Other bug fixes:
- Fixed a bug that caused _PyCode_GetExtra to return garbage
for negative indexes.
- Fix format string in _PyPegen_raise_error_known_location
that can lead to memory corruption on some 64bit systems.
The function was building a tuple with i (int) instead of
n (Py_ssize_t) for Py_ssize_t arguments.
- Fix misleading contents of error message when converting an
all-whitespace string to float.
- coroutine.throw() now properly initializes the frame.f_back
when resuming a stack of coroutines. This allows e.g.
traceback.print_stack() to work correctly when an exception
(such as CancelledError) is thrown into a coroutine.
- ast.parse() will no longer parse function definitions with
positional-only params when passed feature_version less
than (3, 8).
- Correct conversion of numbers.Rational’s to float.
- Fix a performance regression in logging
TimedRotatingFileHandler. Only check for special files when
the rollover time has passed.
- Fix unused localName parameter in the Attr class in
xml.dom.minidom.
- Update bundled pip to 22.2.2.
- Fail gracefully if EPERM or ENOSYS is raised when loading
crypt methods. This may happen when trying to load MD5 on
a Linux kernel with FIPS enabled.
- Improve discoverability of the higher level
concurrent.futures module by providing clearer links from
the lower level threading and multiprocessing modules.
- Update the default RFC base URL from deprecated
tools.ietf.org to datatracker.ietf.org
- Fix stylesheet not working in Windows CHM htmlhelp docs.
- The documentation now lists which members of C structs are
part of the Limited API/Stable ABI.
- Mitigate the inherent race condition from using
find_unused_port() in testSockName() by trying to find an
unused port a few times before failing.
- Build and test with OpenSSL 1.1.1q
- Document handling of extensions in Save As dialogs.
- Include prompts when saving Shell (interactive input and
output).
------------------------------------------------------------------
------------------ 2022-9-10 - Sep 10 2022 -------------------
------------------------------------------------------------------
++++ libXft:
- Update to version 2.3.6
* Fixes a regression in 2.3.5 for XftTextExtents* length-checks.
++++ python-psutil:
- update to version 5.9.2:
* Bug fixes
+ 2093_, [FreeBSD], **[critical]**: `pids()`_ may fail with
ENOMEM. Dynamically increase the "malloc()" buffer size until
it's big enough.
+ 2095_, [Linux]: `net_if_stats()`_ returns incorrect interface
speed for 100GbE network cards.
+ 2113_, [FreeBSD], **[critical]**: `virtual_memory()`_ may raise
ENOMEM due to missing "#include <sys/param.h>" directive.
(patch by Peter Jeremy)
+ 2128_, [NetBSD]: `swap_memory()`_ was miscalculated. (patch by
Thomas Klausner)
++++ sudo:
- Modified sudo-sudoers.patch
* bsc#1177578
* Removed redundant and confusing 'secure_path' settings in
sudo-sudoers file.
------------------------------------------------------------------
------------------ 2022-9-9 - Sep 9 2022 -------------------
------------------------------------------------------------------
++++ dmidecode:
2 recommended fixes from upstream:
- news-fix-typo.patch: We ship the NEWS file so avoid including a
typo in it.
- dmioem-fix-segmentation-fault-in-dmi_hp_240_attr.patch: Passing
NULL to a %s printf conversion specifier is illegal, and can
result in a segmentation fault. Current version of glibc doesn't
mind, but alternative, past or future libc implementations could
crash, so let's fix it.
++++ dnsmasq:
- Ensure the dnsmasq user's group is used
- Remove nogroup requirement
++++ multipath-tools:
- Update to version 0.9.1+52+suse.be8809e:
* Code-identical to 0.9.1+48+suse.9c6c435 (merge in git repo
to preserve history; fix revision in _service file).
++++ numactl:
- Update to version 2.0.15.0.g01a39cb:
* Create codeql.yml
* Create makefile.yml
* Fix crash when memhog uses local policy
* Fix memhog uses the wrong policy but still works properly
* Fix the example usage in the man manual.
* fix memory and file handle leaks
* Do not reuse variable names in subscopes and delete useless blank lines
* Delete unused header files
* Limit the scope of function
* avoid declaring a global variable
* Fix build error on riscv64 by linking libatomic
++++ patterns-base:
- drop recommends for ucode-intel and ucode-amd, these packages
have supplements to be pulled in on the respective cpus and
there is no point having both installed (doubling the number
of reboot-needed updates)
++++ rsync:
- Build SLE version with g++-11
to work around nondeterministic g++-7 (boo#1193895)
------------------------------------------------------------------
------------------ 2022-9-8 - Sep 8 2022 -------------------
------------------------------------------------------------------
++++ glib2:
- Replace pkgconfig(libpcre) with pkgconfig(libpcre2-8)
BuildRequires. No longer used by glib (replaced by pcre2
in 2.73.2).
++++ glibc:
- errlist-edeadlock.patch: errlist: add missing entry for EDEADLOCK (BZ
[#29545])
++++ kernel-default:
- Linux 5.19.8 (bsc#1012628).
- drm/msm/dp: make eDP panel as the first connected connector
(bsc#1012628).
- drm/msm/dsi: fix the inconsistent indenting (bsc#1012628).
- drm/msm/dpu: populate wb or intf before reset_intf_cfg
(bsc#1012628).
- drm/msm/dp: delete DP_RECOVERED_CLOCK_OUT_EN to fix tps4
(bsc#1012628).
- drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg
(bsc#1012628).
- drm/msm/dsi: Fix number of regulators for SDM660 (bsc#1012628).
- platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask
(bsc#1012628).
- platform/x86: x86-android-tablets: Fix broken touchscreen on
Chuwi Hi8 with Windows BIOS (bsc#1012628).
- xsk: Fix corrupted packets for XDP_SHARED_UMEM (bsc#1012628).
- drm/msm/gpu: Drop qos request if devm_devfreq_add_device()
fails (bsc#1012628).
- peci: aspeed: fix error check return value of platform_get_irq()
(bsc#1012628).
- iio: adc: mcp3911: make use of the sign bit (bsc#1012628).
- skmsg: Fix wrong last sg check in sk_msg_recvmsg()
(bsc#1012628).
- bpf: Restrict bpf_sys_bpf to CAP_PERFMON (bsc#1012628).
- ip_tunnel: Respect tunnel key's "flow_flags" in IP tunnels
(bsc#1012628).
- bpf, cgroup: Fix kernel BUG in purge_effective_progs
(bsc#1012628).
- drm/i915/gvt: Fix Comet Lake (bsc#1012628).
- ieee802154/adf7242: defer destroy_workqueue call (bsc#1012628).
- bpf: Fix a data-race around bpf_jit_limit (bsc#1012628).
- drm/i915/ttm: fix CCS handling (bsc#1012628).
- drm/i915/display: avoid warnings when registering dual panel
backlight (bsc#1012628).
- ALSA: hda: intel-nhlt: Correct the handling of fmt_config
flexible array (bsc#1012628).
- wifi: cfg80211: debugfs: fix return type in ht40allow_map_read()
(bsc#1012628).
- xhci: Fix null pointer dereference in remove if xHC has only
one roothub (bsc#1012628).
- Revert "xhci: turn off port power in shutdown" (bsc#1012628).
- bpf: Allow helpers to accept pointers with a fixed size
(bsc#1012628).
- bpf: Tidy up verifier check_func_arg() (bsc#1012628).
- bpf: Do mark_chain_precision for ARG_CONST_ALLOC_SIZE_OR_ZERO
(bsc#1012628).
- Bluetooth: hci_event: Fix vendor (unknown) opcode status
handling (bsc#1012628).
- Bluetooth: hci_sync: Fix suspend performance regression
(bsc#1012628).
- Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt
(bsc#1012628).
- Bluetooth: hci_sync: hold hdev->lock when cleanup hci_conn
(bsc#1012628).
- net: sparx5: fix handling uneven length packets in manual
extraction (bsc#1012628).
- net: smsc911x: Stop and start PHY during suspend and resume
(bsc#1012628).
- openvswitch: fix memory leak at failed datapath creation
(bsc#1012628).
- nfp: flower: fix ingress police using matchall filter
(bsc#1012628).
- net: dsa: xrs700x: Use irqsave variant for u64 stats update
(bsc#1012628).
- drm/i915: fix null pointer dereference (bsc#1012628).
- net: sched: tbf: don't call qdisc_put() while holding tree lock
(bsc#1012628).
- net/sched: fix netdevice reference leaks in
attach_default_qdiscs() (bsc#1012628).
- net: phy: micrel: Make the GPIO to be non-exclusive
(bsc#1012628).
- net: lan966x: improve error handle in
lan966x_fdma_rx_get_frame() (bsc#1012628).
- ethernet: rocker: fix sleep in atomic context bug in
neigh_timer_handler (bsc#1012628).
- cachefiles: fix error return code in cachefiles_ondemand_copen()
(bsc#1012628).
- cachefiles: make on-demand request distribution fairer
(bsc#1012628).
- mlxbf_gige: compute MDIO period based on i1clk (bsc#1012628).
- kcm: fix strp_init() order and cleanup (bsc#1012628).
- sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb
(bsc#1012628).
- tcp: annotate data-race around challenge_timestamp
(bsc#1012628).
- Revert "sch_cake: Return __NET_XMIT_STOLEN when consuming
enqueued skb" (bsc#1012628).
- net/smc: Remove redundant refcount increase (bsc#1012628).
- soundwire: qcom: fix device status array range (bsc#1012628).
- mm/slab_common: Deleting kobject in kmem_cache_destroy()
without holding slab_mutex/cpu_hotplug_lock (bsc#1012628).
- platform/mellanox: mlxreg-lc: Fix coverity warning
(bsc#1012628).
- platform/mellanox: mlxreg-lc: Fix locking issue (bsc#1012628).
- serial: fsl_lpuart: RS485 RTS polariy is inverse (bsc#1012628).
- tty: serial: atmel: Preserve previous USART mode if RS485
disabled (bsc#1012628).
- staging: rtl8712: fix use after free bugs (bsc#1012628).
- staging: r8188eu: Add Rosewill USB-N150 Nano to device tables
(bsc#1012628).
- staging: r8188eu: add firmware dependency (bsc#1012628).
- Revert "powerpc: Remove unused FW_FEATURE_NATIVE references"
(bsc#1012628).
- powerpc: align syscall table for ppc32 (bsc#1012628).
- powerpc/rtas: Fix RTAS MSR[HV] handling for Cell (bsc#1012628).
- vt: Clear selection before changing the font (bsc#1012628).
- musb: fix USB_MUSB_TUSB6010 dependency (bsc#1012628).
- tty: serial: lpuart: disable flow control while waiting for
the transmit engine to complete (bsc#1012628).
- Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag
(bsc#1012628).
- iio: light: cm3605: Fix an error handling path in cm3605_probe()
(bsc#1012628).
- iio: ad7292: Prevent regulator double disable (bsc#1012628).
- iio: adc: mcp3911: correct "microchip,device-addr" property
(bsc#1012628).
- iio: adc: mcp3911: use correct formula for AD conversion
(bsc#1012628).
- misc: fastrpc: fix memory corruption on probe (bsc#1012628).
- misc: fastrpc: fix memory corruption on open (bsc#1012628).
- firmware_loader: Fix use-after-free during unregister
(bsc#1012628).
- firmware_loader: Fix memory leak in firmware upload
(bsc#1012628).
- USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id
(bsc#1012628).
- landlock: Fix file reparenting without explicit
LANDLOCK_ACCESS_FS_REFER (bsc#1012628).
- mmc: core: Fix UHS-I SD 1.8V workaround branch (bsc#1012628).
- mmc: core: Fix inconsistent sd3_bus_mode at UHS-I SD voltage
switch failure (bsc#1012628).
- binder: fix UAF of ref->proc caused by race condition
(bsc#1012628).
- binder: fix alloc->vma_vm_mm null-ptr dereference (bsc#1012628).
- cifs: fix small mempool leak in SMB2_negotiate() (bsc#1012628).
- KVM: VMX: Heed the 'msr' argument in msr_write_intercepted()
(bsc#1012628).
- riscv: kvm: move extern sbi_ext declarations to a header
(bsc#1012628).
- clk: ti: Fix missing of_node_get() ti_find_clock_provider()
(bsc#1012628).
- drm/i915/reg: Fix spelling mistake "Unsupport" -> "Unsupported"
(bsc#1012628).
- clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops
(bsc#1012628).
- Revert "clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops"
(bsc#1012628).
- clk: core: Fix runtime PM sequence in clk_core_unprepare()
(bsc#1012628).
- Input: rk805-pwrkey - fix module autoloading (bsc#1012628).
- powerpc/papr_scm: Fix nvdimm event mappings (bsc#1012628).
- clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate
(bsc#1012628).
- clk: bcm: rpi: Prevent out-of-bounds access (bsc#1012628).
- clk: bcm: rpi: Add missing newline (bsc#1012628).
- hwmon: (gpio-fan) Fix array out of bounds access (bsc#1012628).
- gpio: pca953x: Add mutex_lock for regcache sync in PM
(bsc#1012628).
- gpio: realtek-otto: switch to 32-bit I/O (bsc#1012628).
- KVM: x86: Mask off unsupported and unknown bits of
IA32_ARCH_CAPABILITIES (bsc#1012628).
- powerpc/papr_scm: Ensure rc is always initialized in
papr_scm_pmu_register() (bsc#1012628).
- xen/grants: prevent integer overflow in gnttab_dma_alloc_pages()
(bsc#1012628).
- mm: pagewalk: Fix race between unmap and page walker
(bsc#1012628).
- xen-blkback: Advertise feature-persistent as user requested
(bsc#1012628).
- xen-blkfront: Advertise feature-persistent as user requested
(bsc#1012628).
- xen-blkfront: Cache feature_persistent value before
advertisement (bsc#1012628).
- thunderbolt: Use the actual buffer in tb_async_error()
(bsc#1012628).
- thunderbolt: Check router generation before connecting xHCI
(bsc#1012628).
- usb: dwc3: pci: Add support for Intel Raptor Lake (bsc#1012628).
- media: mceusb: Use new usb_control_msg_*() routines
(bsc#1012628).
- xhci: Add grace period after xHC start to prevent premature
runtime suspend (bsc#1012628).
- usb: dwc3: disable USB core PHY management (bsc#1012628).
- usb: dwc3: gadget: Avoid duplicate requests to enable Run/Stop
(bsc#1012628).
- usb: dwc3: fix PHY disable sequence (bsc#1012628).
- USB: serial: ch341: fix lost character on LCR updates
(bsc#1012628).
- USB: serial: ch341: fix disabled rx timer on older devices
(bsc#1012628).
- USB: serial: cp210x: add Decagon UCA device id (bsc#1012628).
- USB: serial: option: add support for OPPO R11 diag port
(bsc#1012628).
- USB: serial: option: add Quectel EM060K modem (bsc#1012628).
- USB: serial: option: add support for Cinterion MV32-WA/WB
RmNet mode (bsc#1012628).
- usb: typec: altmodes/displayport: correct pin assignment for
UFP receptacles (bsc#1012628).
- usb: typec: intel_pmc_mux: Add new ACPI ID for Meteor Lake
IOM device (bsc#1012628).
- usb: typec: tcpm: Return ENOTSUPP for power supply prop writes
(bsc#1012628).
- usb: dwc2: fix wrong order of phy_power_on and phy_init
(bsc#1012628).
- usb: cdns3: fix issue with rearming ISO OUT endpoint
(bsc#1012628).
- usb: cdns3: fix incorrect handling TRB_SMM flag for ISOC
transfer (bsc#1012628).
- USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020)
(bsc#1012628).
- usb-storage: Add ignore-residue quirk for NXP PN7462AU
(bsc#1012628).
- s390/hugetlb: fix prepare_hugepage_range() check for 2 GB
hugepages (bsc#1012628).
- s390: fix nospec table alignments (bsc#1012628).
- USB: core: Prevent nested device-reset calls (bsc#1012628).
- usb: xhci-mtk: relax TT periodic bandwidth allocation
(bsc#1012628).
- usb: xhci-mtk: fix bandwidth release issue (bsc#1012628).
- usb: gadget: f_uac2: fix superspeed transfer (bsc#1012628).
- usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS
(bsc#1012628).
- USB: gadget: Fix obscure lockdep violation for udc_mutex
(bsc#1012628).
- dma-buf/dma-resv: check if the new fence is really later
(bsc#1012628).
- arm64/kexec: Fix missing extra range for crashkres_low
(bsc#1012628).
- driver core: Don't probe devices after bus_type.match() probe
deferral (bsc#1012628).
- wifi: mac80211: Don't finalize CSA in IBSS mode if state is
disconnected (bsc#1012628).
- wifi: mac80211: Fix UAF in ieee80211_scan_rx() (bsc#1012628).
- ip: fix triggering of 'icmp redirect' (bsc#1012628).
- net: Use u64_stats_fetch_begin_irq() for stats fetch
(bsc#1012628).
- net: mac802154: Fix a condition in the receive path
(bsc#1012628).
- ALSA: memalloc: Revive x86-specific WC page allocations again
(bsc#1012628).
- ALSA: hda/realtek: Add speaker AMP init for Samsung laptops
with ALC298 (bsc#1012628).
- ALSA: seq: oss: Fix data-race for max_midi_devs access
(bsc#1012628).
- ALSA: seq: Fix data-race at module auto-loading (bsc#1012628).
- drm/i915/backlight: Disable pps power hook for aux based
backlight (bsc#1012628).
- drm/i915/guc: clear stalled request after a reset (bsc#1012628).
- drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk
(bsc#1012628).
- drm/i915: Skip wm/ddb readout for disabled pipes (bsc#1012628).
- tty: n_gsm: add sanity check for gsm->receive in
gsm_receive_buf() (bsc#1012628).
- tty: n_gsm: initialize more members at gsm_alloc_mux()
(bsc#1012628).
- tty: n_gsm: replace kicktimer with delayed_work (bsc#1012628).
- tty: n_gsm: avoid call of sleeping functions from atomic context
(bsc#1012628).
- commit 0330383
- Refresh
patches.suse/Revert-usb-typec-ucsi-add-a-common-function-ucsi_unr.patch.
Update upstream info.
- commit 9b6c180
++++ fuse3:
- Update to release 3.12.0
* The max_idle_threads parameter has been deprecated in favor
of the new max_threads* parameter
* struct fuse_loop_config is now private and has to be
constructed using fuse_loop_cfg_create()
* fuse_session_loop_mt() now accepts struct fuse_loop_config *
as NULL pointer.
* fuse_parse_cmdline() now accepts a max_threads option.
++++ libgcrypt:
- FIPS: Get most of the entropy from rndjent_poll [bsc#1202117]
* Add libgcrypt-FIPS-rndjent_poll.patch
* Rebase libgcrypt-jitterentropy-3.4.0.patch
++++ open-isns:
- Update to version 0.102:
* Preparing for version v0.102
* meson: just specify subdir for header-file install.
* build: only specify version in one place
* Fix two compiler warnings in slp.c
* meson: update README
* meson: small option usage cleanup
* meson: several updates based on review
* meson: fix error building shared lib with version
* meson: convert some args to 'features'
* meson: update README with meson info
* Add a decprecation warning to configure script.
* meson: Add ability to disable static library build
* meson builds now working
* git: ignore all shared library files
* build: Remove these two files, no longer used
* Add a package config file for libisns.a
* isnsd: socket: Make sure to create IPv6 socket default
* isnsadm: Fix unparse command line options "-V" and "-r"
* Typo: s/overried/override/
* Removed bash-specific function definitions.
Also, added patch to quiet compiler (soon upstream):
* Quiet-a-commpiler-warning.patch
This changes the SPEC file to use the new meson build system,
supported in open-isns starting with version 0.102, instead of
autoconf/make.
Changes in the code:
* no longer deliver isnsetup script or man page (development only)
* now deliver a package config file for the library
* now deliver both the static library and a shared library
------------------------------------------------------------------
------------------ 2022-9-7 - Sep 7 2022 -------------------
------------------------------------------------------------------
++++ ansible:
- update to 6.3.0:
* Ansible 6.3.0 will include ansible-core 2.13.3 as well as a curated set of
Ansible collections to provide a vast number of modules and plugins.
* The changelog for ansible-core 2.13 installed by this release of
ansible is available here:
https://github.com/ansible/ansible/blob/stable-2.13/changelogs/CHANGELOG-v2.13.rst
* Collections which have opted into being a part of the Ansible-6
unified changelog will have an entry on this page:
https://github.com/ansible-community/ansible-build-data/blob/main/6/CHANGELOG-v6.rst
- update to 6.2.0:
* Ansible 6.2.0 will include ansible-core 2.13.2 as well as a curated set of
Ansible collections to provide a vast number of modules and plugins.
* The changelog for ansible-core 2.13 installed by this release of
ansible is available here:
https://github.com/ansible/ansible/blob/stable-2.13/changelogs/CHANGELOG-v2.13.rst
* Collections which have opted into being a part of the Ansible-6
unified changelog will have an entry on this page:
https://github.com/ansible-community/ansible-build-data/blob/main/6/CHANGELOG-v6.rst
++++ ansible-core:
- update to 2.13.3:
Changelog https://github.com/ansible/ansible/blob/v2.13.3/changelogs/CHANGELOG-v2.13.rst
* Bugfixes
- Avoid 'unreachable' error when chmod on AIX has 255 as return code.
- Fix PluginLoader to mimic Python import machinery by adding module to sys.modules before exec
- Fix dnf module documentation to indicate that comparison operators for package version require spaces around them (#78295)
- ansible-connection - decrypt vaulted parameters before sending over the socket, as vault secrets are not available on the other side.
- ansible-galaxy - Fix reinitializing the whole collection directory with ansible-galaxy collection init ns.coll --force. Now directories and files that are not included in the collection skeleton will be removed.
- ansible-galaxy - do not require mandatory keys in the galaxy.yml of source collections when listing them (#70180).
- ansible-galaxy - fix listing collections that contains metadata but the namespace or name are not strings.
- ansible-galaxy - fix setting the cache for paginated responses from Galaxy NG/AH (#77911).
- ansible-test - Delegation for commands which generate output for programmatic consumption no longer redirect all output to stdout. The affected commands and options are shell, sanity --lint, sanity --list-tests, integration --list-targets, coverage analyze
- ansible-test - Delegation now properly handles arguments given after -- on the command line.
- ansible-test - Test configuration for collections is now parsed only once, prior to delegation. Fixes issue: #78334
- ansible-test - The shell command no longer redirects all output to stdout when running a provided command. Any command output written to stderr will be mixed with the stderr output from ansible-test.
- ansible-test - The shell command no longer requests a TTY when using delegation unless an interactive shell is being used. An interactive shell is the default behavior when no command is given to pass to the shell.
- dnf - fix output parsing on systems with LANGUAGE set to a language other than English (#78193)
- if a config setting prevents running ansible it should at least show it's "origin".
- prevent type annotation shim failures from causing runtime failures (#77860)
- template module/lookup - fix convert_data option that was effectively always set to True for Jinja macros (#78141)
- uri - properly use uri parameter use_proxy (#58632)
- yum - fix traceback when releasever is specified with latest (#78058)
++++ filesystem:
- Add /usr/lib/environment.d: new base directory for
XDG_CONFIG_DIRS (boo#1201802).
++++ k3s-selinux:
- Update to version 1.2.stable.2:
* Bump pip/setuptools version; switch to https for git clone
* Use SHA256 to sign packages instead of default SHA1
++++ kernel-default:
- Revert "Revert "btrfs: check if root is readonly while setting security" (bsc#1203114)
This reverts commit 2b3da4915c03713f32e48582d3a1130238586489.
iWe can revert it as microos-tools are fixed now:
https://build.opensuse.org/request/show/1001364
- commit 9291084
++++ libgcrypt:
- FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700]
* Consider approved keylength greater or equal to 112 bits.
* Add libgcrypt-FIPS-kdf-leylength.patch
- FIPS: Zeroize buffer and digest in check_binary_integrity()
* Add libgcrypt-FIPS-Zeroize-hmac.patch [bsc#1191020]
++++ multipath-tools:
- Update to version 0.9.1+48+suse.9c6c435:
* Upstream version update
* kpartx_id: remove bashism
* Doc: add multipathc.8 manual page
++++ libssh:
- Update to version 0.10.4
* https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.10.4
------------------------------------------------------------------
------------------ 2022-9-6 - Sep 6 2022 -------------------
------------------------------------------------------------------
++++ aaa_base:
- Update to version 84.87+git20220822.6b9f7a3:
* Simplify XDG_CONFIG_DIRS (boo#1201802)
++++ librsvg:
- Update to version 2.55.1:
+ As an experiment, I'll move librsvg from even-odd versioning
(odd minor version is unstable, even minor version is stable),
to the versioning scheme that GNOME uses these days. So, 2.55.x
is the new stable series.
+ There is a new development guide for librsvg, for people who
want to help in its development. I hope this will be especially
useful to Outreachy and Summer of Code interns:
https://gnome.pages.gitlab.gnome.org/librsvg/devel-docs/index.html
+ Define missing crate metadata for Cargo.toml.
+ Add some tests that were missing for the C API.
+ Fix the basic test suite in Windows.
+ Miscellaneous fixes for the build and CI.
++++ glibc:
- syslog-large-messages.patch: syslog: Fix large messages (CVE-2022-39046,
bsc#1203011, BZ #29536)
- dlmopen-libc-early-init.patch: elf: Call __libc_early_init for reused
namespaces (BZ #29528)
- ldd-vdso-dependency.patch: elf: Restore how vDSO dependency is printed
with LD_TRACE_LOADED_OBJECTS (BZ #29539)
- syslog-extra-whitespace.patch: syslog: Remove extra whitespace between
timestamp and message (BZ #29544)
++++ gnutls:
- FIPS: Additional modifications to the SLI. [bsc#1190698]
* Mark CMAC and GMAC and non-approved in gnutls_pbkfd2().
* Mark HMAC keylength less than 112 bits as non-approved in
gnutls_pbkfd2().
* Adapt the pbkdf2 selftest and the regression tests accordingly.
* Add gnutls-FIPS-SLI-pbkdf2-verify-keylengths-only-SHA.patch
++++ gsettings-desktop-schemas:
- Update to version 43.rc.1:
+ Update default background file extension to webp
+ Updated translations.
++++ health-checker:
- Update to version 1.7
* Before rollback make sure /.snapshots is mounted rw
* Fix typos and spelling errors. Note: in case an application is
parsing the output it will need to adopt to the new strings.
++++ kernel-default:
- vduse: prevent uninitialized memory accesses (CVE-2022-2308
bsc#1202573).
- commit 70d9c50
++++ kernel-firmware:
- Update to version 20220902 (git commit 2f2f0181581d):
* Mellanox: Add new mlxsw_spectrum firmware xx.2010.3146
* amdgpu: update beige goby VCN firmware
* amdgpu: update dimgrey cavefish VCN firmware
* amdgpu: update navy flounder VCN firmware
* amdgpu: update sienna cichlid VCN firmware (bsc#1202707)
* rtl_bt: Update RTL8852C BT USB firmware to 0xDFB8_5A33
* mediatek: reference the LICENCE file for MediaTek firmwares
* mediatek: Add new mt8186 SOF firmware
* ice: Update package to 1.3.30.0
* QCA: Update Bluetooth WCN685x 2.1 firmware to 2.1.0-00438
* brcm: Add nvram for Lenovo Yoga Tablet 2 830F/L and 1050F/L tablets
* brcm: Add nvram for the Xiaomi Mi Pad 2 tablet
* brcm: Add nvram for the Asus TF103C tablet
* Add amd-ucode README file
* qca: Update firmware files for BT chip WCN6750. This commit will update required firmware files for WCN6750.
* amdgpu: Update Yellow Carp VCN firmware
* qcom: Add firmware for Lenovo ThinkPad X13s
- Update aliases from 6.0-rc
- Update topics list for mtk-sof
++++ llvm15:
- Update to version 15.0.0.
* For details, see the release notes:
- https://releases.llvm.org/15.0.0/docs/ReleaseNotes.html
- https://releases.llvm.org/15.0.0/tools/clang/docs/ReleaseNotes.html
- https://releases.llvm.org/15.0.0/tools/clang/tools/extra/docs/ReleaseNotes.html
- https://releases.llvm.org/15.0.0/projects/libcxx/docs/ReleaseNotes.html
- https://releases.llvm.org/15.0.0/tools/lld/docs/ReleaseNotes.html
* New LLVM tools:
- llvm-debuginfod: Provides debug info to remote hosts.
- llvm-dwarfutil: Can copy and manipulate debug info.
- llvm-remark-size-diff: Compute diff between remark files.
* New Clang tools:
- clang-offload-packager: Bundle multiple objects into single
fat binaries including offload code.
- clang-pseudo: Approximate heuristic parser for C++.
- Rebase patches:
* check-no-llvm-exegesis.patch
* link-clang-tools-extra-shared.patch
* lld-default-sha1.patch
* llvm-do-not-install-static-libraries.patch
* lto-disable-cache.patch
- Drop patches that have landed upstream:
* clang-repl-private-deps.patch
* llvm-glibc-2-36.patch
* llvm-scev-fix-isImpliedViaMerge.patch
- Drop llvm-lifetime-for-rust.patch: this is now solved via
attributes and LLVM doesn't need a hardcoded list of allocation
functions anymore.
- Add llvm-link-atomic.patch to fix build on ppc.
- Add libcxx-test-library-path.patch to fix libc++ tests failing
without RUNPATH on libc++.so.
- Add libcxxabi-fix-armv7-test.patch to fix tests on armv7l.
- Thanks to Andreas Schwab for most of the rebasing!
++++ libXft:
- Update to version 2.3.5
* bugfix release
++++ libyaml:
- Add baselibs.conf: produce libyaml-0-2-32bit, required by
libcamera -> pipewire.
++++ ovmf:
- Because 5 revert patches in edk2-stable202205 for nasm-2.14 is against
15-SP4/Leap 15.4 and earlier version. So add suse_version and sle_version
checking logic in ovmf.spec when applying revert patches. (jsc#PED-1410)
++++ sysuser-tools:
- Use append so if a pre file already exists it isn't overridden
------------------------------------------------------------------
------------------ 2022-9-5 - Sep 5 2022 -------------------
------------------------------------------------------------------
++++ cockpit:
- Update kdump-suse.patch to match upstream.
++++ gawk:
- Update to gawk 5.2.0
* Numeric scalars now compare in the same way as C for the relational
operators. Comparison order for sorting has not changed
* If the AWK_HASH environment variable is set to "fnv1a" gawk will
use the FNV1-A hash function for associative arrays
* There is now a new function, mkbool(), that creates Boolean-typed
values
* As BWK awk has supported interval expressions since 2019, they are
now enabled even if --traditional is supplied
* The rwarray extension has two new functions, writeall() and readall()
* The new `gawkbug' script should be used for reporting bugs
* The manual page (doc/gawk.1) has been considerably reduced in size
* Gawk now supports Terence Kelly's "persistent malloc" (pma),
allowing gawk to preserve its variables, arrays and user-defined
functions between runs
* Some subtle issues with untyped array elements being passed to
functions have been fixed
* Syntax errors are now immediately fatal
- gawk-5.1.1-Disable-racy-test-in-test-iolint.awk.patch: removed
- pma.patch: Handle hole bigger than half the address space
- nan-tests.patch: fix non-portable NaN tests
++++ gsettings-desktop-schemas:
- Update to version 43.rc:
+ Add setting for touchpad acceleration profiles
+ Add specific schema for trackpoint pointer devices
+ Updated translations.
++++ kernel-default:
- Refresh
patches.kernel.org/5.19.5-001-kbuild-dummy-tools-avoid-tmpdir-leak-in-dummy-.patch.
Make it really create the file. Sometimes, quilt is confused.
- commit 11a0be1
- Revert "btrfs: check if root is readonly while setting security
xattr" (bsc#1203114).
- commit 2b3da49
- Linux 5.19.7 (bsc#1012628).
- arm64: cacheinfo: Fix incorrect assignment of signed error
value to unsigned fw_level (bsc#1012628).
- net: neigh: don't call kfree_skb() under spin_lock_irqsave()
(bsc#1012628).
- net/af_packet: check len when min_header_len equals to 0
(bsc#1012628).
- android: binder: fix lockdep check on clearing vma
(bsc#1012628).
- btrfs: tree-checker: check for overlapping extent items
(bsc#1012628).
- btrfs: fix lockdep splat with reloc root extent buffers
(bsc#1012628).
- btrfs: move lockdep class helpers to locking.c (bsc#1012628).
- ALSA: hda/cs8409: Support new Dolphin Variants (bsc#1012628).
- platform/x86: serial-multi-instantiate: Add CLSA0101 Laptop
(bsc#1012628).
- testing: selftests: nft_flowtable.sh: use random netns names
(bsc#1012628).
- netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer
default to y (bsc#1012628).
- drm/amdgpu: Fix interrupt handling on ih_soft ring
(bsc#1012628).
- drm/amdgpu: Add secure display TA load for Renoir (bsc#1012628).
- drm/amdgpu: Add decode_iv_ts helper for ih_v6 block
(bsc#1012628).
- drm/amd/display: avoid doing vm_init multiple time
(bsc#1012628).
- drm/amd/display: Fix plug/unplug external monitor will hang
while playback MPO video (bsc#1012628).
- drm/amdgpu: Increase tlb flush timeout for sriov (bsc#1012628).
- drm/amd/display: Fix pixel clock programming (bsc#1012628).
- drm/amd/pm: add missing ->fini_xxxx interfaces for some SMU13
asics (bsc#1012628).
- drm/amd/pm: add missing ->fini_microcode interface for Sienna
Cichlid (bsc#1012628).
- drm/amdgpu: disable 3DCGCG/CGLS temporarily due to stability
issue (bsc#1012628).
- ksmbd: don't remove dos attribute xattr on O_TRUNC open
(bsc#1012628).
- s390/hypfs: avoid error message under KVM (bsc#1012628).
- ALSA: hda/realtek: Add quirks for ASUS Zenbooks using CS35L41
(bsc#1012628).
- neigh: fix possible DoS due to net iface start/stop loop
(bsc#1012628).
- net: lan966x: fix checking for return value of
platform_get_irq_byname() (bsc#1012628).
- ksmbd: return STATUS_BAD_NETWORK_NAME error status if share
is not configured (bsc#1012628).
- drm/amd/pm: Fix a potential gpu_metrics_table memory leak
(bsc#1012628).
- drm/amdkfd: Handle restart of kfd_ioctl_wait_events
(bsc#1012628).
- drm/amd/pm: skip pptable override for smu_v13_0_7 (bsc#1012628).
- drm/amd/display: Fix TDR eDP and USB4 display light up issue
(bsc#1012628).
- drm/amd/display: clear optc underflow before turn off odm clock
(bsc#1012628).
- drm/amd/display: For stereo keep "FLIP_ANY_FRAME" (bsc#1012628).
- drm/amd/display: Fix HDMI VSIF V3 incorrect issue (bsc#1012628).
- drm/amd/display: Avoid MPC infinite loop (bsc#1012628).
- drm/amd/display: Device flash garbage before get in OS
(bsc#1012628).
- drm/amd/display: Add a missing register field for HPO DP stream
encoder (bsc#1012628).
- rtla: Fix tracer name (bsc#1012628).
- ASoC: rt5640: Fix the JD voltage dropping issue (bsc#1012628).
- ASoC: sh: rz-ssi: Improve error handling in rz_ssi_probe()
error path (bsc#1012628).
- fs/ntfs3: Fix work with fragmented xattr (bsc#1012628).
- mmc: sdhci-of-dwcmshc: Re-enable support for the BlueField-3
SoC (bsc#1012628).
- mmc: sdhci-of-dwcmshc: rename rk3568 to rk35xx (bsc#1012628).
- mmc: sdhci-of-dwcmshc: add reset call back for rockchip Socs
(bsc#1012628).
- mmc: mtk-sd: Clear interrupts when cqe off/disable
(bsc#1012628).
- HID: intel-ish-hid: ipc: Add Meteor Lake PCI device ID
(bsc#1012628).
- HID: thrustmaster: Add sparco wheel and fix array length
(bsc#1012628).
- HID: nintendo: fix rumble worker null pointer deref
(bsc#1012628).
- HID: asus: ROG NKey: Ignore portion of 0x5a report
(bsc#1012628).
- HID: Add Apple Touchbar on T2 Macs in hid_have_special_driver
list (bsc#1012628).
- HID: AMD_SFH: Add a DMI quirk entry for Chromebooks
(bsc#1012628).
- HID: add Lenovo Yoga C630 battery quirk (bsc#1012628).
- HID: input: fix uclogic tablets (bsc#1012628).
- ALSA: usb-audio: Add quirk for LH Labs Geek Out HD Audio 1V5
(bsc#1012628).
- mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse
(bsc#1012628).
- bpf: Don't redirect packets with invalid pkt_len (bsc#1012628).
- ftrace: Fix NULL pointer dereference in is_ftrace_trampoline
when ftrace is dead (bsc#1012628).
- fbdev: fb_pm2fb: Avoid potential divide by zero error
(bsc#1012628).
- net: fix refcount bug in sk_psock_get (2) (bsc#1012628).
- HID: hidraw: fix memory leak in hidraw_release() (bsc#1012628).
- USB: gadget: Fix use-after-free Read in usb_udc_uevent()
(bsc#1012628).
- media: pvrusb2: fix memory leak in pvr_probe (bsc#1012628).
- udmabuf: Set the DMA mask for the udmabuf device (v2)
(bsc#1012628).
- HID: steam: Prevent NULL pointer dereference in
steam_{recv,send}_report (bsc#1012628).
- Revert "PCI/portdrv: Don't disable AER reporting in
get_port_device_capability()" (bsc#1012628).
- Bluetooth: L2CAP: Fix build errors in some archs (bsc#1012628).
- arm64: errata: Add Cortex-A510 to the repeat tlbi list
(bsc#1012628).
- Update config files.
Set CONFIG_ARM64_ERRATUM_2441009=y as per default.
- docs: kerneldoc-preamble: Test xeCJK.sty before loading
(bsc#1012628).
- crypto: lib - remove unneeded selection of XOR_BLOCKS
(bsc#1012628).
- firmware: tegra: bpmp: Do only aligned access to IPC memory area
(bsc#1012628).
- drm/vc4: hdmi: Depends on CONFIG_PM (bsc#1012628).
- drm/vc4: hdmi: Rework power up (bsc#1012628).
- commit 6d5067d
++++ libsoup:
- Update to version 3.1.4:
+ Numerous improvements to HTTP/2 reliablity.
+ Fix `http` proxy authentication with default proxy resolver.
+ Fix undefined ``ssize_t`` with MSVC.
++++ sqlite3:
- update to 3.39.3:
* Use a statement journal on DML statement affecting two or more
database rows if the statement makes use of a SQL functions
that might abort.
* Use a mutex to protect the PRAGMA temp_store_directory and
PRAGMA data_store_directory statements, even though they are
decremented and documented as not being threadsafe.
++++ libssh:
- Update to version 0.10.3
* https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.10.3
++++ systemd:
- rc-local.service.8 belongs to the systemd-sysvcompat sub-package (bsc#1203053)
++++ tcpd:
- use _libdir (boo#1191098)
++++ microos-tools:
- Update to version 2.16:
- 98selinux-microos: Make the btrfs subvolume writable temporarily [boo#1202395]
++++ patterns-base:
- Add microos-tools to transactional_base (boo#1199520)
++++ vim:
- Updated to version 9.0.0381, fixes the following problems
- boo#1202962 - CVE-2022-3037
* Using common name in tests leads to flaky tests.
* VDM files are not recognized.
* Shell command is displayed in message window.
* Screen flickers when 'cmdheight' is zero.
* When updating the whole screen a popup may not be redrawn.
* Clearing screen causes flicker.
* Godot shader files are not recognized.
* Command line type of CmdlineChange differs from getcmdtype().
* Cannot use the message popup window directly.
* Crash when no errors and 'quickfixtextfunc' is set.
* Using common name in tests leads to flaky tests.
* Some changes for cmdheight=0 are not needed.
* items() does not work on a list. (Sergey Vlasov)
* OLD_DIGRAPHS is unused.
* ":highlight" hangs when 'cmdheight' is zero.
* Method tests fail.
* Cannot use items() on a string.
* Overwrite check may block BufWriteCmd.
* Method test fails.
* Test does not properly clean up.
* Checks for Dictionary argument often give a vague error message.
* Tests are flaky because of using a common file name.
* Flicker when resetting cmdline_row after updating the screen.
* Return value of list_append_list() not always checked.
* No check if the return value of XChangeGC() is NULL.
* The 'cmdheight' zero support causes too much trouble.
* mapset() does not restore <Nop> mapping properly.
* ":wincmd =" equalizes in two directions.
* ColorScheme autocommand triggered when colorscheme is not found. (Romain
Lafourcade)
* Error message for list argument could be clearer.
* :horizontal modifier not fully supported.
* Filetype of *.sil files not well detected.
* :echowindow does not work in a compiled function.
* Message window may obscure the command line.
* using :echowindow in a timer clears part of message
* Missing entry in switch.
* Check for uppercase char in autoload name is wrong, it checks the name
of the script.
* :echowindow sets the in_echowindow flag too early.
* 'linebreak' interferes with text property highlight if there is syntax
highlighting.
* 'breakindent' does not indent non-lists with "breakindentopt=list:-1".
* Error message for wrong argument type is not specific.
* Crash when invalid line number on :for is ignored.
* Removing a listener may result in a memory leak and remove subsequent
listerns.
* Expanding ":e %" does not work for remote files.
* Common names in test files causes tests to be flaky.
* Clang static analyzer gives warnings.
* File name used in test is unusual.
* Cannot use import->Func() in lambda. (Israel Chauca Fuentes)
* Coverity complains about dropping sign of character.
* Old Coverity warning for using NULL pointer.
* A failing flaky test doesn't mention the time.
* Cleaning up afterwards can make a function messy.
* Compiler warning for uninitialized variable.
* Coverity warns for NULL check and unused return value.
* Coverity still complains about dropping sign of character.
* The footer feature is unused.
* Clang warns for dead assignments.
* Argument assignment does not work.
* Compiler warning for uninitialized variable. (Tony Mechelynck)
* Cleaning up after writefile() is a hassle.
* Deleting files in tests is a hassle.
* Writefile test leaves files behind.
------------------------------------------------------------------
------------------ 2022-9-4 - Sep 4 2022 -------------------
------------------------------------------------------------------
++++ apparmor:
- aa-decode: use grep -E instead of deprecated egrep (boo#1203092)
add apparmor-3.0.7-egrep.patch
++++ grep:
- GNU grep 3.8:
* The -P option is now based on PCRE2 instead of the older PCRE
(boo#1201803)
* egrep and fgrep commands, deprecated since release 2.5.3 (2007), now
warn that they are obsolescent and should be replaced by grep -E and
grep -F
* The confusing GREP_COLOR environment variable is now obsolescent
* Regular expressions with stray backslashes now cause warnings
* Regular expressions like [:space:] are now errors even if
POSIXLY_CORRECT is set, since POSIX now allows the GNU behavior
* In locales using UTF-8 encoding, the regular expression '.' no
longer sometimes fails to match Unicode characters
* The -s option no longer suppresses "binary file matches"
messages.
- doc: fix man page syntax errors (bsc#1201001)
++++ kernel-default:
- Update to 6.0-rc4
- refresh configs
- commit c26d0f0
++++ libapparmor:
- aa-decode: use grep -E instead of deprecated egrep (boo#1203092)
add apparmor-3.0.7-egrep.patch
++++ avahi:
- avahi-daemon-check-dns.sh: convert obsolete egrep call to grep -E
(boo#1203092)
++++ rpm:
- remove-translations.diff: convert deprecated egrep to grep -E
(boo#1203092)
++++ libsoup:
- Update to version 3.1.3:
+ Fix compile error when `SOUP_VERSION_MAX_ALLOWED` is defined.
- Changes from version 3.1.2:
+ Replace HTTP/2 tests using Quart with internal HTTP/2 server
tests.
+ Improve version macros including adding ability to define
`SOUP_DISABLE_DEPRECATION_WARNINGS`.
- Drop -D http2_tests=disabled meson paramter: no longer supported.
- Drop 299.patch: merged upstream.
++++ patterns-base:
- Remove joe text editor. nano is already recommended and it's more
well known and updated more frequently
------------------------------------------------------------------
------------------ 2022-9-3 - Sep 3 2022 -------------------
------------------------------------------------------------------
++++ gobject-introspection:
- Update to version 1.73.1:
+ Update the GIR data for GLib, GObject, GModule, and GIO
+ Disable rpath on Windows
+ Add llvm/mingw support on Windows
+ Fix annotations in libgirepository
+ Support C99 designated initializers when parsing C declarations
+ Add some more types to win32 GIR
+ Let doctool prepend emitting objects in GJS signals
+ Require a C99 toolchain like GLib
++++ llvm15:
- Make sure we keep -DNDEBUG. At some point %{optflags} must have
lost it, perhaps because CMake usually adds it on top. So when
overriding CMAKE_{C,CXX}_FLAGS_RELWITHDEBINFO, we make sure to
take over the other flags. We drop LLVM_ENABLE_ASSERTIONS=OFF,
because that's the default anyway and hasn't helped here.
- Add llvm-scev-fix-isImpliedViaMerge.patch: fixes a miscompilation
caused by mixing up values of the current and previous iteration.
(See gh#llvm/llvm-project#56242.)
++++ multipath-tools:
- Update to version 0.9.0+134+suse.dbf2e2d:
* Add multipathc command under GPL3.0, and split off libmpathutil
(bsc#1202616)
* Fix command completion in interactive mode (bsc#1201483)
* multipathd: fix use-after-free in handle_path_wwid_change()
(bsc#1201483)
* Improve startup time for very large multipath.conf (bsc#1200523)
* Avoid checker blocking event handling for huge number of devices
(boo#1203085)
* Cleanup sysfs accessors in libmultipath
* Minor upstream bug fixes
* Spelling fixes
* Documentation: add ALUA info to README.md, delete README.alua
++++ libsoup:
- Update to version 3.1.1:
+ Reintroduce some thread-safety to SoupSession (see
https://libsoup.org/libsoup-3.0/client-thread-safety.html)
+ Add SoupServerMessage:tls-peer-certificate and
SoupServerMessage:tls-peer-certificate-errors
+ Port docs to gi-docgen
+ Update documentation.
- Replace pkgconfig(gtk-doc) with pkgconfig(gi-docgen)
BuildRequires (and update options passed to meson) following
upstreams port.
- Add 299.patch: multithread-test: show error information in case
of request failure. multithread-test: skip proxy tests if apache
is not available.
- Use ldconfig_scriptlets for post(un) handling.
------------------------------------------------------------------
------------------ 2022-9-2 - Sep 2 2022 -------------------
------------------------------------------------------------------
++++ libsoup:
- Update to version 3.0.8:
+ Fix `http` proxy authentication with default proxy resolver.
+ Numerous improvments to HTTP/2 reliability.
++++ libssh:
- Update to version 0.10.2
* https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.10.2
- Removed libssh-weak-attribute.patch
++++ systemd:
- Enable building and include libcryptsetup-plugins provided by systemd
Now that dracut 057 has been released we can enable building libcryptsetup
plugins. These can be used by cryptsetup to extend functionality including
fido2, pkcs11 and tpm2 support.
++++ libzypp:
- UsrEtc: Store logrotate files in %{_distconfdir} if defined
(fixes #402)
- Log backtrace on SIGABRT too.
- Need to explicitly enable building experimental code. Otherwise
an old Notcurses++ package which happens to be present in the
buildenv breaks the build (fixes #412).
- Work around libyui/libyui#78 on code 15.4 and older.
- Stop using std::*ary_function; deprecated and removed in c++17.
- Don't expose header files which use types not available in
c++11. In 15.3 and older, YAST and PK compile with -std=c++11.
- Remove no longer needed %post code (bsc#1203649)
- Enable zck support for SLE15-SP4 and newer. On Leap it is enabled
since 15.1 (bsc#1189282)
- version 17.31.1 (22)
++++ osinfo-db:
- bsc#1202827 - Fail to deploy sle15sp5 guest via virt-install with
osinfo
add-sle15sp5-support.patch
++++ setools:
- Added README.SUSE and drop recommend for python3-networkx altogether
(bsc#1202676)
++++ zypper:
- UsrEtc: Store logrotate files in %{_distconfdir} if defined
(fixes #441, fixes #444)
- Remove unneeded code to compute the PPP status.
Since libzypp 17.23.0 the PPP status is auto established. No
extra solver run is needed.
- Make sure 'up' respects solver related CLI options (bsc#1201972)
- Fix tests to use locale "C.UTF-8" rather than "en_US".
- Fix man page (fixes #451)
- version 1.14.56
------------------------------------------------------------------
------------------ 2022-9-1 - Sep 1 2022 -------------------
------------------------------------------------------------------
++++ chrony:
- Update to 4.3:
* Add local option to refclock directive to stabilise system
clock with more stable free-running clock (e.g. TCXO, OCXO).
* Add maxdelayquant option to server/pool/peer directive to
replace maxdelaydevratio filter with long-term quantile-based
filtering.
* Add selection option to log directive.
* Allow external PPS in PHC refclock without configurable pin.
* Don't accept first interleaved response to minimise error in
delay.
* Don't use arc4random on Linux to avoid server performance loss.
* Improve filter option to better handle missing NTP samples.
* Improve stability with hardware timestamping and PHC refclock.
* Update seccomp filter
- Update clknetsim to snapshot f00531b.
- Use a more specific conditional for the /usr/etc stuff.
++++ lvm2-device-mapper:
- Update lvm2 from LVM2.2.03.15 to LVM2.2.03.16
* ** WHATS_NEW for 2.03.16 ***
Version 2.03.16 - 18th May 2022
===============================
Fix segfault when handling selection with historical LVs.
Add support --vdosettings with lvcreate, lvconvert, lvchange.
Filtering multipath devices respects blacklist setting from multipath configuration.
lvmdevices support for removing by device id using --deviceidtype and --deldev.
Display writecache block size with lvs -o writecache_block_size.
Improve cachesettings description in man lvmcache.
Fix lossing of delete message on thin-pool extension.
- Drop patches that have been merged into upstream
- 0001-post-release.patch
- 0002-asan-fix-some-reports-from-libasan.patch
- 0003-make-generate.patch
- 0004-tests-udev-pvscan-vgchange-fix-service-wait.patch
- 0005-devices-file-do-not-clear-PVID-of-unread-devices.patch
- 0006-tests-skip-vgchange-pvs-online.sh-on-rhel5.patch
- 0007-dev_manager-fix-dm_task_get_device_list.patch
- 0008-dev_manager-failing-status-is-not-internal-error.patch
- 0009-clang-add-extra-check.patch
- 0010-clang-possible-better-compilation-with-musl-c.patch
- 0011-dev_manager-do-not-query-for-open_count.patch
- 0012-dev_manager-use-list-info-for-preset-devs.patch
- 0013-man-lvmcache-add-more-writecache-cachesettings-info.patch
- 0014-man-update-cachesettings-option-description.patch
- 0015-man-lvmcache-mention-writecache-memory-usage.patch
- 0016-writecache-display-block-size-from-lvs.patch
- 0017-devices-simplify-dev_cache_get_by_devt.patch
- 0018-devices-drop-incorrect-paths-from-aliases-list.patch
- 0019-devices-initial-use-of-existing-option.patch
- 0020-devices-fix-dev_name-assumptions.patch
- 0021-devices-use-dev-cache-aliases-handling-from-label-sc.patch
- 0022-devices-only-close-PVs-on-LVs-when-scan_lvs-is-enabl.patch
- 0023-writecache-check-memory-usage.patch
- 0024-pvscan-don-t-use-udev-for-external-device-info.patch
- 0025-vgchange-monitor-don-t-use-udev-info.patch
- Add upstream patch
- 0001-devices-file-move-clean-up-after-command-is-run.patch
- 0002-devices-file-fail-if-devicesfile-filename-doesn-t-ex.patch
- 0003-filter-mpath-handle-other-wwid-types-in-blacklist.patch
- 0004-filter-mpath-get-wwids-from-sysfs-vpd_pg83.patch
- 0005-pvdisplay-restore-reportformat-option.patch
- 0006-exit-with-error-when-devicesfile-name-doesn-t-exist.patch
- 0007-report-fix-pe_start-column-type-from-NUM-to-SIZ.patch
- 0008-_vg_read_raw_area-fix-segfault-caused-by-using-null-.patch
- 0009-mm-remove-libaio-from-being-skipped.patch
- 0010-dmsetup-check-also-for-ouf-of-range-value.patch
- 0011-devices-drop-double-from-sysfs-path.patch
- 0012-devices-file-fix-pvcreate-uuid-matching-pvid-entry-w.patch
- 0013-vgimportdevices-change-result-when-devices-are-not-a.patch
- 0014-vgimportdevices-fix-locking-when-creating-devices-fi.patch
- Update patch
- bug-1184687_Add-nolvm-for-kernel-cmdline.patch
- update lvm2.spec
- indent some lines for easy read
- add new man: lvm_import_vdo.8 dmfilemapd.8
- remove config item '--enable-cmirrord', which was obsoleted.
- remove config item '--enable-realtime', which became default setting.
- add config item "--enable-dmfilemapd" for new daemon dmfilemapd
- lvm.conf
- align upstream style, comment out default values
++++ transactional-update:
- Migration of logrotate configuration to /usr/etc: Saving user
changed configuration files in /etc and restoring them while
an RPM update.
++++ gobject-introspection:
- gi-find-deps.sh: extend js script parser to detect imports in the
form import 'gi://GeocodeGlib?version=2.0'.
++++ glib-networking:
- Update to version 2.74.rc:
+ Support PKCS #12 encrypted certificates.
+ Various improvements to Meson build system.
+ Multiple fixes for proxy tests.
++++ gtk3:
- Drop pkgconfig(rest-0.7) BuildRequires: it seems to serve no
purpose, nor can I find anything to suggest that gtk depends on
it.
++++ kernel-default:
- rpm/kernel-source.spec.in: simplify finding of broken symlinks
"find -xtype l" will report them, so use that to make the search a bit
faster (without using shell).
- commit 13bbc51
- Linux 5.19.6 (bsc#1012628).
- NFS: Fix another fsync() issue after a server reboot
(bsc#1012628).
- audit: fix potential double free on error path from
fsnotify_add_inode_mark (bsc#1012628).
- cgroup: Fix race condition at rebind_subsystems() (bsc#1012628).
- parisc: Make CONFIG_64BIT available for ARCH=parisc64 only
(bsc#1012628).
- parisc: Fix exception handler for fldw and fstw instructions
(bsc#1012628).
- kernel/sys_ni: add compat entry for fadvise64_64 (bsc#1012628).
- kprobes: don't call disarm_kprobe() for disabled kprobes
(bsc#1012628).
- mm/uffd: reset write protection when unregister with wp-mode
(bsc#1012628).
- mm/hugetlb: support write-faults in shared mappings
(bsc#1012628).
- mt76: mt7921: fix command timeout in AP stop period
(bsc#1012628).
- xfrm: fix refcount leak in __xfrm_policy_check() (bsc#1012628).
- Revert "xfrm: update SA curlft.use_time" (bsc#1012628).
- xfrm: clone missing x->lastused in xfrm_do_migrate
(bsc#1012628).
- af_key: Do not call xfrm_probe_algs in parallel (bsc#1012628).
- xfrm: policy: fix metadata dst->dev xmit null pointer
dereference (bsc#1012628).
- fs: require CAP_SYS_ADMIN in target namespace for idmapped
mounts (bsc#1012628).
- Revert "net: macsec: update SCI upon MAC address
change." (bsc#1012628).
- NFSv4.2 fix problems with __nfs42_ssc_open (bsc#1012628).
- SUNRPC: RPC level errors should set task->tk_rpc_status
(bsc#1012628).
- mm/smaps: don't access young/dirty bit if pte unpresent
(bsc#1012628).
- ntfs: fix acl handling (bsc#1012628).
- rose: check NULL rose_loopback_neigh->loopback (bsc#1012628).
- r8152: fix the units of some registers for RTL8156A
(bsc#1012628).
- r8152: fix the RX FIFO settings when suspending (bsc#1012628).
- nfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout
(bsc#1012628).
- ice: xsk: prohibit usage of non-balanced queue id (bsc#1012628).
- ice: xsk: use Rx ring's XDP ring when picking NAPI context
(bsc#1012628).
- net/mlx5e: Properly disable vlan strip on non-UL reps
(bsc#1012628).
- net/mlx5: LAG, fix logic over MLX5_LAG_FLAG_NDEVS_READY
(bsc#1012628).
- net/mlx5: Eswitch, Fix forwarding decision to uplink
(bsc#1012628).
- net/mlx5: Disable irq when locking lag_lock (bsc#1012628).
- net/mlx5: Fix cmd error logging for manage pages cmd
(bsc#1012628).
- net/mlx5: Avoid false positive lockdep warning by adding
lock_class_key (bsc#1012628).
- net/mlx5e: Fix wrong application of the LRO state (bsc#1012628).
- net/mlx5e: Fix wrong tc flag used when set hw-tc-offload off
(bsc#1012628).
- net: dsa: microchip: ksz9477: cleanup the ksz9477_switch_detect
(bsc#1012628).
- net: dsa: microchip: move switch chip_id detection to ksz_common
(bsc#1012628).
- net: dsa: microchip: move tag_protocol to ksz_common
(bsc#1012628).
- net: dsa: microchip: move vlan functionality to ksz_common
(bsc#1012628).
- net: dsa: microchip: move the port mirror to ksz_common
(bsc#1012628).
- net: dsa: microchip: update the ksz_phylink_get_caps
(bsc#1012628).
- net: dsa: microchip: keep compatibility with device tree blobs
with no phy-mode (bsc#1012628).
- net: ipa: don't assume SMEM is page-aligned (bsc#1012628).
- net: phy: Don't WARN for PHY_READY state in
mdio_bus_phy_resume() (bsc#1012628).
- net: moxa: get rid of asymmetry in DMA mapping/unmapping
(bsc#1012628).
- bonding: 802.3ad: fix no transmission of LACPDUs (bsc#1012628).
- net: ipvtap - add __init/__exit annotations to module init/exit
funcs (bsc#1012628).
- netfilter: ebtables: reject blobs that don't provide all entry
points (bsc#1012628).
- netfilter: nft_tproxy: restrict to prerouting hook
(bsc#1012628).
- bnxt_en: Use PAGE_SIZE to init buffer when multi buffer XDP
is not in use (bsc#1012628).
- bnxt_en: set missing reload flag in devlink features
(bsc#1012628).
- bnxt_en: fix NQ resource accounting during vf creation on
57500 chips (bsc#1012628).
- bnxt_en: fix LRO/GRO_HW features in ndo_fix_features callback
(bsc#1012628).
- netfilter: nf_tables: disallow updates of implicit chain
(bsc#1012628).
- netfilter: nf_tables: make table handle allocation per-netns
friendly (bsc#1012628).
- netfilter: nft_payload: report ERANGE for too long offset and
length (bsc#1012628).
- netfilter: nft_payload: do not truncate csum_offset and
csum_type (bsc#1012628).
- netfilter: nf_tables: do not leave chain stats enabled on error
(bsc#1012628).
- netfilter: nft_osf: restrict osf to ipv4, ipv6 and inet families
(bsc#1012628).
- netfilter: nft_tunnel: restrict it to netdev family
(bsc#1012628).
- netfilter: nf_tables: disallow binding to already bound chain
(bsc#1012628).
- netfilter: flowtable: add function to invoke garbage collection
immediately (bsc#1012628).
- netfilter: flowtable: fix stuck flows on cleanup due to pending
work (bsc#1012628).
- net: Fix data-races around sysctl_[rw]mem_(max|default)
(bsc#1012628).
- net: Fix data-races around weight_p and dev_weight_[rt]x_bias
(bsc#1012628).
- net: Fix data-races around netdev_max_backlog (bsc#1012628).
- net: Fix data-races around netdev_tstamp_prequeue (bsc#1012628).
- ratelimit: Fix data-races in ___ratelimit() (bsc#1012628).
- net: Fix data-races around sysctl_optmem_max (bsc#1012628).
- net: Fix a data-race around sysctl_tstamp_allow_data
(bsc#1012628).
- net: Fix a data-race around sysctl_net_busy_poll (bsc#1012628).
- net: Fix a data-race around sysctl_net_busy_read (bsc#1012628).
- net: Fix a data-race around netdev_budget (bsc#1012628).
- net: Fix data-races around sysctl_max_skb_frags (bsc#1012628).
- net: Fix a data-race around netdev_budget_usecs (bsc#1012628).
- net: Fix data-races around sysctl_fb_tunnels_only_for_init_net
(bsc#1012628).
- net: Fix data-races around sysctl_devconf_inherit_init_net
(bsc#1012628).
- net: Fix a data-race around gro_normal_batch (bsc#1012628).
- net: Fix a data-race around netdev_unregister_timeout_secs
(bsc#1012628).
- net: Fix a data-race around sysctl_somaxconn (bsc#1012628).
- ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter
(bsc#1012628).
- i40e: Fix incorrect address type for IPv6 flow rules
(bsc#1012628).
- net: ethernet: mtk_eth_soc: enable rx cksum offload for
MTK_NETSYS_V2 (bsc#1012628).
- net: ethernet: mtk_eth_soc: fix hw hash reporting for
MTK_NETSYS_V2 (bsc#1012628).
- rxrpc: Fix locking in rxrpc's sendmsg (bsc#1012628).
- ionic: clear broken state on generation change (bsc#1012628).
- ionic: fix up issues with handling EAGAIN on FW cmds
(bsc#1012628).
- ionic: VF initial random MAC address if no assigned mac
(bsc#1012628).
- net: stmmac: work around sporadic tx issue on link-up
(bsc#1012628).
- net: lantiq_xrx200: confirm skb is allocated before using
(bsc#1012628).
- net: lantiq_xrx200: fix lock under memory pressure
(bsc#1012628).
- net: lantiq_xrx200: restore buffer if memory allocation failed
(bsc#1012628).
- btrfs: fix silent failure when deleting root reference
(bsc#1012628).
- btrfs: replace: drop assert for suspended replace (bsc#1012628).
- btrfs: add info when mount fails due to stale replace target
(bsc#1012628).
- btrfs: fix space cache corruption and potential double
allocations (bsc#1012628).
- btrfs: check if root is readonly while setting security xattr
(bsc#1012628).
- btrfs: fix possible memory leak in
btrfs_get_dev_args_from_path() (bsc#1012628).
- btrfs: update generation of hole file extent item when merging
holes (bsc#1012628).
- x86/boot: Don't propagate uninitialized
boot_params->cc_blob_address (bsc#1012628).
- perf/x86/intel: Fix pebs event constraints for ADL
(bsc#1012628).
- perf/x86/lbr: Enable the branch type for the Arch LBR by default
(bsc#1012628).
- x86/entry: Fix entry_INT80_compat for Xen PV guests
(bsc#1012628).
- x86/unwind/orc: Unwind ftrace trampolines with correct ORC entry
(bsc#1012628).
- x86/sev: Don't use cc_platform_has() for early SEV-SNP calls
(bsc#1012628).
- x86/bugs: Add "unknown" reporting for MMIO Stale Data
(bsc#1012628).
- x86/nospec: Unwreck the RSB stuffing (bsc#1012628).
- x86/PAT: Have pat_enabled() properly reflect state when running
on Xen (bsc#1012628).
- loop: Check for overflow while configuring loop (bsc#1012628).
- writeback: avoid use-after-free after removing device
(bsc#1012628).
- audit: move audit_return_fixup before the filters (bsc#1012628).
- asm-generic: sections: refactor memory_intersects (bsc#1012628).
- mm/damon/dbgfs: avoid duplicate context directory creation
(bsc#1012628).
- s390/mm: do not trigger write fault when vma does not allow
VM_WRITE (bsc#1012628).
- bootmem: remove the vmemmap pages from kmemleak in
put_page_bootmem (bsc#1012628).
- mm/hugetlb: avoid corrupting page->mapping in
hugetlb_mcopy_atomic_pte (bsc#1012628).
- mm/mprotect: only reference swap pfn page if type match
(bsc#1012628).
- cifs: skip extra NULL byte in filenames (bsc#1012628).
- s390: fix double free of GS and RI CBs on fork() failure
(bsc#1012628).
- fbdev: fbcon: Properly revert changes when vc_resize() failed
(bsc#1012628).
- Revert "memcg: cleanup racy sum avoidance code" (bsc#1012628).
- shmem: update folio if shmem_replace_page() updates the page
(bsc#1012628).
- ACPI: processor: Remove freq Qos request for all CPUs
(bsc#1012628).
- nouveau: explicitly wait on the fence in nouveau_bo_move_m2mf
(bsc#1012628).
- smb3: missing inode locks in punch hole (bsc#1012628).
- ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown
(bsc#1012628).
- xen/privcmd: fix error exit of privcmd_ioctl_dm_op()
(bsc#1012628).
- riscv: signal: fix missing prototype warning (bsc#1012628).
- riscv: traps: add missing prototype (bsc#1012628).
- riscv: dts: microchip: correct L2 cache interrupts
(bsc#1012628).
- io_uring: fix issue with io_write() not always undoing
sb_start_write() (bsc#1012628).
- mm/hugetlb: fix hugetlb not supporting softdirty tracking
(bsc#1012628).
- Revert "md-raid: destroy the bitmap after destroying the thread"
(bsc#1012628).
- md: call __md_stop_writes in md_stop (bsc#1012628).
- arm64: Fix match_list for erratum 1286807 on Arm Cortex-A76
(bsc#1012628).
- binder_alloc: add missing mmap_lock calls when using the VMA
(bsc#1012628).
- x86/nospec: Fix i386 RSB stuffing (bsc#1012628).
- drm/amdkfd: Fix isa version for the GC 10.3.7 (bsc#1012628).
- Documentation/ABI: Mention retbleed vulnerability info file
for sysfs (bsc#1012628).
- blk-mq: fix io hung due to missing commit_rqs (bsc#1012628).
- perf python: Fix build when PYTHON_CONFIG is user supplied
(bsc#1012628).
- perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC
PMU (bsc#1012628).
- perf/x86/intel/ds: Fix precise store latency handling
(bsc#1012628).
- perf stat: Clear evsel->reset_group for each stat run
(bsc#1012628).
- arm64: fix rodata=full (bsc#1012628).
- arm64/signal: Flush FPSIMD register state when disabling
streaming mode (bsc#1012628).
- arm64/sme: Don't flush SVE register state when allocating SME
storage (bsc#1012628).
- arm64/sme: Don't flush SVE register state when handling SME
traps (bsc#1012628).
- scsi: ufs: core: Enable link lost interrupt (bsc#1012628).
- scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq
(bsc#1012628).
- scsi: core: Fix passthrough retry counter handling
(bsc#1012628).
- riscv: dts: microchip: mpfs: fix incorrect pcie child node name
(bsc#1012628).
- riscv: dts: microchip: mpfs: remove ti,fifo-depth property
(bsc#1012628).
- riscv: dts: microchip: mpfs: remove bogus card-detect-delay
(bsc#1012628).
- riscv: dts: microchip: mpfs: remove pci axi address translation
property (bsc#1012628).
- bpf: Don't use tnum_range on array range checking for poke
descriptors (bsc#1012628).
- Delete
patches.suse/mm-mprotect-fix-soft-dirty-check-in-can_change_pte_w.patch.
- commit 9e364bb
++++ lvm2:
- Update lvm2 from LVM2.2.03.15 to LVM2.2.03.16
* ** WHATS_NEW for 2.03.16 ***
Version 2.03.16 - 18th May 2022
===============================
Fix segfault when handling selection with historical LVs.
Add support --vdosettings with lvcreate, lvconvert, lvchange.
Filtering multipath devices respects blacklist setting from multipath configuration.
lvmdevices support for removing by device id using --deviceidtype and --deldev.
Display writecache block size with lvs -o writecache_block_size.
Improve cachesettings description in man lvmcache.
Fix lossing of delete message on thin-pool extension.
- Drop patches that have been merged into upstream
- 0001-post-release.patch
- 0002-asan-fix-some-reports-from-libasan.patch
- 0003-make-generate.patch
- 0004-tests-udev-pvscan-vgchange-fix-service-wait.patch
- 0005-devices-file-do-not-clear-PVID-of-unread-devices.patch
- 0006-tests-skip-vgchange-pvs-online.sh-on-rhel5.patch
- 0007-dev_manager-fix-dm_task_get_device_list.patch
- 0008-dev_manager-failing-status-is-not-internal-error.patch
- 0009-clang-add-extra-check.patch
- 0010-clang-possible-better-compilation-with-musl-c.patch
- 0011-dev_manager-do-not-query-for-open_count.patch
- 0012-dev_manager-use-list-info-for-preset-devs.patch
- 0013-man-lvmcache-add-more-writecache-cachesettings-info.patch
- 0014-man-update-cachesettings-option-description.patch
- 0015-man-lvmcache-mention-writecache-memory-usage.patch
- 0016-writecache-display-block-size-from-lvs.patch
- 0017-devices-simplify-dev_cache_get_by_devt.patch
- 0018-devices-drop-incorrect-paths-from-aliases-list.patch
- 0019-devices-initial-use-of-existing-option.patch
- 0020-devices-fix-dev_name-assumptions.patch
- 0021-devices-use-dev-cache-aliases-handling-from-label-sc.patch
- 0022-devices-only-close-PVs-on-LVs-when-scan_lvs-is-enabl.patch
- 0023-writecache-check-memory-usage.patch
- 0024-pvscan-don-t-use-udev-for-external-device-info.patch
- 0025-vgchange-monitor-don-t-use-udev-info.patch
- Add upstream patch
- 0001-devices-file-move-clean-up-after-command-is-run.patch
- 0002-devices-file-fail-if-devicesfile-filename-doesn-t-ex.patch
- 0003-filter-mpath-handle-other-wwid-types-in-blacklist.patch
- 0004-filter-mpath-get-wwids-from-sysfs-vpd_pg83.patch
- 0005-pvdisplay-restore-reportformat-option.patch
- 0006-exit-with-error-when-devicesfile-name-doesn-t-exist.patch
- 0007-report-fix-pe_start-column-type-from-NUM-to-SIZ.patch
- 0008-_vg_read_raw_area-fix-segfault-caused-by-using-null-.patch
- 0009-mm-remove-libaio-from-being-skipped.patch
- 0010-dmsetup-check-also-for-ouf-of-range-value.patch
- 0011-devices-drop-double-from-sysfs-path.patch
- 0012-devices-file-fix-pvcreate-uuid-matching-pvid-entry-w.patch
- 0013-vgimportdevices-change-result-when-devices-are-not-a.patch
- 0014-vgimportdevices-fix-locking-when-creating-devices-fi.patch
- Update patch
- bug-1184687_Add-nolvm-for-kernel-cmdline.patch
- update lvm2.spec
- indent some lines for easy read
- add new man: lvm_import_vdo.8 dmfilemapd.8
- remove config item '--enable-cmirrord', which was obsoleted.
- remove config item '--enable-realtime', which became default setting.
- add config item "--enable-dmfilemapd" for new daemon dmfilemapd
- lvm.conf
- align upstream style, comment out default values
++++ libvirt:
- Update to libvirt 8.7.0
- jsc#PED-620, jsc#PED-1540
- Many incremental improvements and bug fixes, see
https://libvirt.org/news.html#v8-7-0-2022-09-01
- Dropped patches:
9493c9b7-lxc-containter-fix-build-with-glibc-2.36.patch,
c0d9adf2-virfile-Fix-build-with-glibc-2.36.patch
++++ libxml2:
- Build for now with --with-legacy to enable APIs that have been
deprecated recently. (bsc#1202965)
++++ patterns-alp:
- rename MicroOS to ALP
++++ salt:
- Add Amazon EC2 detection for virtual grains (bsc#1195624)
- Fix the regression in schedule module releasded in 3004 (bsc#1202631)
- Fix state.apply in test mode with file state module
on user/group checking (bsc#1202167)
- Change the delimeters to prevent possible tracebacks
on some packages with dpkg_lowpkg
- Make zypperpkg to retry if RPM lock is temporarily unavailable (bsc#1200596)
- Added:
* fix-the-regression-in-schedule-module-releasded-in-3.patch
* retry-if-rpm-lock-is-temporarily-unavailable-547.patch
* change-the-delimeters-to-prevent-possible-tracebacks.patch
* add-amazon-ec2-detection-for-virtual-grains-bsc-1195.patch
* fix-state.apply-in-test-mode-with-file-state-module-.patch
++++ python-libvirt-python:
- Update to 8.7.0
- Add all new APIs and constants in libvirt 8.7.0
- jsc#PED-620, jsc#PED-1540
++++ libxml2-python:
- Build for now with --with-legacy to enable APIs that have been
deprecated recently. (bsc#1202965)
++++ rsync:
- Migration to /usr/etc: Saving user changed configuration files
in /etc and restoring them while an RPM update.
++++ wpa_supplicant:
- Migration to /usr/etc: Saving user changed configuration files
in /etc and restoring them while an RPM update.
------------------------------------------------------------------
------------------ 2022-8-31 - Aug 31 2022 -------------------
------------------------------------------------------------------
++++ btrfsprogs:
- update to 5.19:
* send: support protocol version 2
* fi show: print all missing devices
* device stats: add tabular output
* replace: add alias to device group (device replace)
* check: validate free space tree items
* fixes:
* convert: support large filesystems (block count > 32bit)
* recognize filesystems with verity enabled
* mkfs and DUP could write out of order, fix it for zoned mode
* build:
* optional support for LZO and ZSTD in receive
* compatibility with glibc 2.36 (mount.h)
* add fallbacks for new GCC builtins
* other:
* corrupt-block: target specific items, offsets
* documentation updates, new pages from wiki
* new tests
++++ curl:
- Update to 7.85.0:
* Security fixes: [bsc#1202593, CVE-2022-35252]
- control code in cookie denial of service
* Changes:
- quic: add support via wolfSSL
- schannel: Add TLS 1.3 support
- setopt: add CURLOPT_PROTOCOLS_STR and CURLOPT_REDIR_PROTOCOLS_STR
* Bugfixes:
- asyn-thread: fix socket leak on OOM
- asyn-thread: make getaddrinfo_complete return CURLcode
- base64: base64url encoding has no padding
- configure: fix broken m4 syntax in TLS options
- configure: if asked to use TLS, fail if no TLS lib was detected
- connect: add quic connection information
- connect: set socktype/protocol correctly
- cookie: reject cookies with "control bytes"
- cookie: treat a blank domain in Set-Cookie: as non-existing
- curl: output warning when a cookie is dropped due to size
- Curl_close: call Curl_resolver_cancel to avoid memory-leak
- digest: fix memory leak, fix not quoted 'opaque'
- digest: fix missing increment of 'nc' value for auth-int
- digest: pass over leading spaces in qop values
- digest: reject broken header with session protocol but without qop
- doh: use https protocol by default
- easy_lock.h: include sched.h if available to fix build
- easy_lock.h: use __asm__ instead of asm to fix build
- easy_lock: switch to using atomic_int instead of bool
- ftp: use a correct expire ID for timer expiry
- h2h3: fix overriding the 'TE: Trailers' header
- hostip: resolve *.localhost to 127.0.0.1/::1
- HTTP3.md: update to msh3 v0.4.0
- hyper: use wakers for curl pause/resume
- lib3026: reduce the number of threads to 100
- libssh2: make atime/mtime date overflow return error
- libssh2: provide symlink name in SFTP dir listing
- multi: have curl_multi_remove_handle close CONNECT_ONLY transfer
- multi: use larger dns hash table for multi interface
- multi_wait: fix skipping to populate revents for extra_fds
- netrc: Use the password from lines without login
- ngtcp2: Fix build error due to change in nghttp3 prototypes
- ngtcp2: fix stall or busy loop on STOP_SENDING with upload data
- ngtcp2: implement cb_h3_stop_sending and cb_h3_reset_stream callbacks
- openssl: add 'CURL_BORINGSSL_VERSION' to identify BoringSSL
- openssl: add cert path in error message
- openssl: add details to "unable to set client certificate" error
- openssl: fix BoringSSL symbol conflicts with LDAP and Schannel
- select: do not return fatal error on EINTR from poll()
- sendf: fix paused header writes since after the header API
- sendf: skip storing HTTP headers if HTTP disabled
- url: really use the user provided in the url when netrc entry exists
- url: reject URLs with hostnames longer than 65535 bytes
- url: treat missing usernames in netrc as empty
- urldata: reduce size of several struct fields
- vtls: make Curl_ssl_backend() return the enum type curl_sslbackend
* Remove tests-for-32bit.patch fixed in the update
* Rebase libcurl-ocloexec.patch
++++ kdump:
- mkdumprd: replace mkinitrd with native dracut (bsc#1202443)
++++ kernel-default:
- mkspec: eliminate @NOSOURCE@ macro
This should be alsways used with @SOURCES@, just include the content
there.
- commit 403d89f
- kernel-source: include the kernel signature file
We assume that the upstream tarball is used for released kernels.
Then we can also include the signature file and keyring in the
kernel-source src.rpm.
Because of mkspec code limitation exclude the signature and keyring from
binary packages always - mkspec does not parse spec conditionals.
- commit e76c4ca
- kernel-binary: move @NOSOURCE@ to @SOURCES@ as in other packages
- commit 4b42fb2
- dtb: Do not include sources in src.rpm - refer to kernel-source
Same as other kernel binary packages there is no need to carry duplicate
sources in dtb packages.
- commit 1bd288c
++++ cairo:
- Update to version 1.17.6:
+ This snapshot sees the removal of the following backends and
platform support: Qt4, BeOS, OS/2, DirectFB, DRM, Cogl, OpenVG.
+ Thanks to all past contributors for their work on them. If you
were using any of these backends then you will need to stick to
Cairo 1.16.
+ This snapshot is going to be the **last** release of Cairo with
the Autotools build system. The Meson build has seen many
improvements and it is considerably easier to maintain and
faster to build.
- Changes from version 1.17.4:
+ A particularly noteworthy improvement in this release is the
addition of the meson build system as an alternative to
autotools.
+ The cogl Cairo backend underwent significant development this
cycle.
+ Subpixel positioning support allows improved glyph outlines
with the Freetype font backend.
+ For a complete log of changes, please see
https://cairographics.org/releases/ChangeLog.1.17.4
- Changes from version 1.17.2:
+ This snapshot provides the new support for writing floating
point formats as 16 bpc PNGs, with support for RGBA128F and
RGB96F formats. This new feature increases Cairo's pixman
version requirement to 0.36.0.
+ Beyond this are a range of bugfixes.
For a complete log of changes, please see
https://cairographics.org/releases/ChangeLog.1.17.2
- Drop patches fixed upstream:
+ cairo-Use-FT_Done_MM_Var-instead-of-free-when-available.patch
+ cairo-composite_color_glyphs.patch
+ cairo-pdf-add-missing-flush.patch
+ cairo-do-not-override-explicitly-requested-grayscale-aa.patch
- Rebase remaining patches with quilt.
- Add 0001-Set-default-LCD-filter-to-FreeType-s-default.patch: Set
default LCD filter to FreeType's default (patch merged upstream).
- Use ldconfig_scriptlets macro for post(un) handling.
++++ schily:
- pbosh.1: replace broken ".so sh.1" refernce with a symlink to bosh.1
++++ gcc12:
- Prune invalid-license rpmlint warnings, the SLE12 codestream
doesn't get fixed but FF applies there, too. [bsc#1185337]
++++ libosinfo:
- Add 3a0fef72.patch: build: Add option to select libsoup ABI.
Following this, add conditional pkgconfig(libsoup-3.0)
BuildRequires.
- Modernize spec, use ldconfig_scriptlets macro for post(un)
handling, package COPYING with license macro.
++++ openslp:
- Migration to /usr/etc: Saving user changed configuration files
in /etc and restoring them while an RPM update.
++++ microos-tools:
- Update to version 2.15
- 98selinux-microos: Add grep as dependency
++++ runc:
- Update to runc v1.1.4. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.1.4.
bsc#1202021
* Fix mounting via wrong proc fd. When the user and mount namespaces are
used, and the bind mount is followed by the cgroup mount in the spec,
the cgroup was mounted using the bind mount's mount fd.
* Switch kill() in libcontainer/nsenter to sane_kill().
* Fix "permission denied" error from runc run on noexec fs.
* Fix failed exec after systemctl daemon-reload. Due to a regression
in v1.1.3, the DeviceAllow=char-pts rwm rule was no longer added and
was causing an error open /dev/pts/0: operation not permitted: unknown when systemd was reloaded.
(boo#1202821)
------------------------------------------------------------------
------------------ 2022-8-30 - Aug 30 2022 -------------------
------------------------------------------------------------------
++++ gdk-pixbuf:
- Add 0001-jpeg-Increase-memory-limit-for-loading-image-data.patch:
fix loading of larger images (glgo#GNOME/gdk-pixbuf#216).
++++ kernel-default:
- Refresh
patches.rpmify/kbuild-dummy-tools-pretend-we-understand-__LONG_DOUB.patch.
- Refresh
patches.suse/Revert-zram-remove-double-compression-logic.patch.
- Refresh
patches.suse/mm-gup-fix-FOLL_FORCE-COW-security-issue-and-remove-.patch.
- wifi: mt76: mt7921e: fix crash in chip reset fail (bsc#1201845).
Update to upstream versions and shuffle in series.
- commit b7da698
- Update
patches.kernel.org/5.19.2-1109-dm-fix-dm-raid-crash-if-md_handle_request-spl.patch
(bsc#1012628 bsc#1202369).
Add a bsc#.
- commit 86a8641
++++ gcc12:
- Update to gcc-12 branch head, e927d1cf141f221c5a32574bde0, git416
* includes GCC 12.2 release
* includes recent fixes backported from trunk
++++ lua54:
- Add more upstream patches:
* luabugs6.patch
* luabugs7.patch
++++ snapper:
- Moved logrotate files from user specific directory /etc/logrotate.d
to vendor specific directory /usr/etc/logrotate.d.
- version 0.10.3
++++ libssh:
- Update to version 0.10.1
* https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.10.1
- Enable client and server testing
* Added libssh-weak-attribute.patch
++++ libxml2:
- Update to version 2.10.2:
* Improvements:
+ Remove set-but-unused variable in xmlXPathScanName
+ Silence -Warray-bounds warning
* Build system
+ build: require automake-1.16.3 or later
+ Remove generated files from distribution
* Test suite: Don't create missing.xml when running testapi
- Add configure --with-python=%{__python3} inbefore python build,
as upstream no longer ships pre-grenerated files.
- Use sed to fix env-script-interpreter in documentation example.
- Pass with-ftp to configure, build ftp support.
++++ libxslt:
- Update to version 1.1.37:
* Improvements:
+ Don't use deprecated libxml2 macros
+ Don't mess with xmlDefaultSAXHandler
* Build system:
+ Require automake-1.16.3 or later
+ Remove generated files from distribution
+ Add missing compile definition for static builds to Autotools
++++ microos-tools:
- Update to version 2.14
- Fix Makefile to install sysext-add-debug
- Update to version 2.13
- 98selinux-microos: Don't rely on selinux=1 [bsc#1202449]
- Add sysext-add-debug
- Make sure /var/lib/overlay exists before relabeling
++++ libxml2-python:
- Update to version 2.10.2:
* Improvements:
+ Remove set-but-unused variable in xmlXPathScanName
+ Silence -Warray-bounds warning
* Build system
+ build: require automake-1.16.3 or later
+ Remove generated files from distribution
* Test suite: Don't create missing.xml when running testapi
- Add configure --with-python=%{__python3} inbefore python build,
as upstream no longer ships pre-grenerated files.
- Use sed to fix env-script-interpreter in documentation example.
- Pass with-ftp to configure, build ftp support.
++++ vim:
- ignore-flaky-test-failure.patch: Ignore failure of flaky tests
- disable-unreliable-tests-arch.patch: Removed
------------------------------------------------------------------
------------------ 2022-8-29 - Aug 29 2022 -------------------
------------------------------------------------------------------
++++ ca-certificates-mozilla:
- Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868)
Added:
- Certainly Root E1
- Certainly Root R1
- DigiCert SMIME ECC P384 Root G5
- DigiCert SMIME RSA4096 Root G5
- DigiCert TLS ECC P384 Root G5
- DigiCert TLS RSA4096 Root G5
- E-Tugra Global Root CA ECC v3
- E-Tugra Global Root CA RSA v3
Removed:
- Hellenic Academic and Research Institutions RootCA 2011
++++ fde-tools:
- Make the firstboot workflow smarter (offer different key protectors)
++++ librsvg:
- Update of vendored dependencies.
++++ glib2:
- Drop 99783e0408f8ae9628d2c7a30eb99806087da711.patch for 2.73.x
branch, fixed upstream already.
++++ grub2:
- Fix out of memory error cannot be prevented via disabling tpm (bsc#1202438)
* 0001-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch
++++ kernel-default:
- Revert "block: freeze the queue earlier in del_gendisk"
(bsc#1202534 bsc#1202589).
- commit 157e5ea
- Delete
patches.suse/Revert-Revert-tcp-change-pingpong-threshold-to-3.patch.
The test was disabled in python-eventlet. The code is correct, unlike
the test.
- commit 22072b3
- kbuild: dummy-tools: avoid tmpdir leak in dummy gcc
(bsc#1012628).
- Linux 5.19.5 (bsc#1012628).
- Refresh
patches.kernel.org/5.19.4-144-kbuild-dummy-tools-avoid-tmpdir-leak-in-dummy-.patch.
- commit 8b6f0a1
- Refresh
patches.kernel.org/5.19.4-144-kbuild-dummy-tools-avoid-tmpdir-leak-in-dummy-.patch.
Reenable the patch after fixing it (missing plugin-version.h in the
patch).
- commit 2ea108c
- Update to 6.0-rc3
- eliminate 2 patches
- patches.suse/0001-scsi-sd-Revert-Rework-asynchronous-resume-support.patch
- patches.suse/Revert-zram-remove-double-compression-logic.patch
- commit 824e6f8
++++ gcc12:
- Add gcc12-fifo-jobserver-support.patch that adds support
for FIFO jobserver for make.
++++ lttng-ust:
- Update to release 2.13.4
* Added missing closedir in _get_max_cpuid_from_sysfs()
* File descriptor was leaked in get_possible_cpu_mask_from_sysfs
* sessiond wait futex: handle spurious futex wakeups
++++ systemd:
- Let systemd trust the RTC for 30 years after the last update instead of 15 (bsc#1202356)
To allow for our systems to be used in edge locations without systemd updates
for a long time.
++++ vim:
- Updated to version 9.0.0313, fixes the following problems
- boo#1202862 - CVE-2022-3016
- boo#1203155 - CVE-2022-2980
- boo#1203152 - CVE-2022-2982
- boo#1202689 - CVE-2022-2946
- boo#1202687 - CVE-2022-2923
- boo#1202599 - CVE-2022-2889
* Using NULL pointer when skipping compiled code.
* Using freed memory with multiple line breaks in expression.
* job_start() test may fail under valgrind.
* Cannot read error message when abort() is called.
* Crash when pattern looks below the last line.
* Vim9: error message for missing type is not clear.
* No error for comma missing in list in :def function.
* Expanding "**" may loop forever with directory links.
* Test with BufNewFile autocmd is flaky.
* Removing multiple text properties takes many calls.
* Cannot make difference between the end of :normal and a character in
its argument.
* 'autoshelldir' does not work with chunked respose.
* Popup menu not removed when 'wildmenu' reset while it is visible.
* Mac: cannot build if dispatch.h is not available.
* Shift-Tab shows matches on cmdline when 'wildmenu' is off.
* Build failure without the +wildmenu feature.
* Crash when using ":mkspell" with an empty .dic file.
* "make install" does not install shared syntax file. (James McCoy)
* "make install" still fails. (Wilhelm Payne)
* Text properties "below" sort differently on MS-Windows.
* Cannot easily get the list of sourced scripts.
* Mechanism to prevent recursive screen updating is incomplete.
* Using freed memory when 'tagfunc' deletes the buffer.
* Cannot add padding to virtual text without highlight.
* Duplicate code in finding a script in the execution stack.
* No test for what 9.0.0234 fixes.
* Slightly inconsistent error messages.
* Test output shows up in git.
* Cursor in wrong place after virtual text.
* A symlink to an autoload script results in two entries in the list of
scripts, items expected in one are actually in the other.
* Typo in function name.
* Build failure without the eval feature.
* Compiler warning for uninitialized variables.
* "->" in ":scriptnames" output not tested yet.
* Crash with mouse click when not initialized.
* Using freed memory when using 'quickfixtextfunc' recursively.
* bufload() reads a file even if the name is not a file name. (Cyker Way)
* Build failure without the +quickfix feature.
* Too many #ifdefs.
* No good reason why the "gf" command is not in the tiny version.
* Compiler warning for unused argument.
* Build error without the +eval feature.
* getscriptinfo() does not include the version. Cannot select entries by
script name.
* Some values of 'path' and 'tags' do not work in the tiny version.
* Using INIT() in non-header files.
* BufReadCmd not triggered when loading a "nofile" buffer. (Maxim Kim)
* Konsole termresponse not recognized.
* Netrw plugin does not show remote files.
* BufEnter not triggered when using ":edit" in "nofile" buffer.
* 'buftype' values not sufficiently tested.
* Coverity CI: update-alternatives not needed with Ubuntu 20.04.
* The +wildignore feature is nearly always available.
* The tiny version has the popup menu but not 'wildmenu'.
* The builtin termcap list depends on the version.
* Build failure without the +eval feature.
* A nested timout stops the previous timeout.
* Cannot complete "syn list @cluster".
* Using static buffer for multiple completion functions.
* It is not easy to change the command line from a plugin.
* Using freed memory when location list changed in autocmd.
* Irix systems no longer exist.
* When 'cmdheight' is zero some messages are not displayed.
* Invalid memory write.
* Compiler warning for variable set but not used.
* Test failing.
* Test causes another test to fail.
* Messages window not hidden when starting a command line.
* Crash when 'cmdheight' is 0 and popup_clear() used.
* GUI drop files test sometimes fails.
* Message in popup is shortened unnecessary.
* Cursor position wrong after right aligned virtual text. (Iizuka Masashi)
* Compiler warning for size_t to int conversion.
* Error messages for setcmdline() could be better.
* 'cpoptions' tests are flaky.
* The message window popup is delayed after an error message.
* CI for Coverity is bothered by deprecation warnings.
* It is not easy to get information about a script.
* WinScrolled is not triggered when only skipcol changes.
* CI lists useless deprecation warnings.
* Buffer write message is two lines in message popup window.
* :echomsg doesn't work properly with cmdheight=0.
* When cmdheight is zero the attention prompt doesn't show.
* Invalid memory access when cmdheight is zero.
* Output of :messages dissappears when cmdheight is zero.
* Test for hit-Enter prompt fails.
* Test for cmdheight zero fails.
* Using common name in tests leads to flaky tests.
------------------------------------------------------------------
------------------ 2022-8-28 - Aug 28 2022 -------------------
------------------------------------------------------------------
++++ apparmor:
- update to AppArmor 3.0.7
- fix setuptools version detection in buildpath.py
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.7
for the detailed upstream changelog
- add dnsmasq-cpu-possible.diff: allow reading /sys/devices/system/cpu/possible
in dnsmasc//libvirt-leaseshelper profile (boo#1202849)
++++ libapparmor:
- update to AppArmor 3.0.7
- fix setuptools version detection in buildpath.py
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.7
for the detailed upstream changelog
- add dnsmasq-cpu-possible.diff: allow reading /sys/devices/system/cpu/possible
in dnsmasc//libvirt-leaseshelper profile (boo#1202849)
++++ fmt:
- Update to release 9.1
* fmt::formatted_size now works at compile time
* Fixed handling of invalid UTF-8 (#3038)
* Improved Unicode support in ostream overloads of print
* Added support for wide streams to fmt::streamed
* Added the n specifier that disables the output of delimiters
when formatting ranges (#2981)
- Delete 0001-Fix-large-shift-in-uint128_fallback.patch
0002-Use-FMT_USE_FLOAT128-instead-of-__SIZEOF_FLOAT128__.patch
0001-Make-sure-the-correct-fmod-overload-is-called.patch (merged)
------------------------------------------------------------------
------------------ 2022-8-27 - Aug 27 2022 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Disable aac289653fa5adf9e9985e4912c1d24a3e8cbab2.
It breaks with dummy tools.
- commit 15b473a
- Update config files.
CONFIG_VIRTIO_HARDEN_NOTIFICATION was marked as BROKEN.
- Linux 5.19.4 (bsc#1012628).
- Revert "ALSA: hda: Fix page fault in snd_hda_codec_shutdown()"
(bsc#1012628).
- scsi: ufs: ufs-mediatek: Fix build error and type mismatch
(bsc#1012628).
- f2fs: fix null-ptr-deref in f2fs_get_dnode_of_data
(bsc#1012628).
- f2fs: revive F2FS_IOC_ABORT_VOLATILE_WRITE (bsc#1012628).
- MIPS: tlbex: Explicitly compare _PAGE_NO_EXEC against 0
(bsc#1012628).
- video: fbdev: i740fb: Check the argument of i740_calc_vclk()
(bsc#1012628).
- venus: pm_helpers: Fix warning in OPP during probe
(bsc#1012628).
- powerpc/64: Init jump labels before parse_early_param()
(bsc#1012628).
- smb3: check xattr value length earlier (bsc#1012628).
- f2fs: fix to do sanity check on segment type in
build_sit_entries() (bsc#1012628).
- f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page()
(bsc#1012628).
- ALSA: control: Use deferred fasync helper (bsc#1012628).
- ALSA: pcm: Use deferred fasync helper (bsc#1012628).
- ALSA: timer: Use deferred fasync helper (bsc#1012628).
- ALSA: core: Add async signal helpers (bsc#1012628).
- powerpc/ioda/iommu/debugfs: Generate unique debugfs entries
(bsc#1012628).
- ovl: warn if trusted xattr creation fails (bsc#1012628).
- ASoC: codecs: va-macro: use fsgen as clock (bsc#1012628).
- powerpc/32: Don't always pass -mcpu=powerpc to the compiler
(bsc#1012628).
- powerpc/32: Set an IBAT covering up to _einittext during init
(bsc#1012628).
- powerpc/pseries/mobility: set NMI watchdog factor during an LPM
(bsc#1012628).
- powerpc/watchdog: introduce a NMI watchdog's factor
(bsc#1012628).
- watchdog: export lockup_detector_reconfigure (bsc#1012628).
- ASoC: Intel: sof_nau8825: Move quirk check to the front in
late probe (bsc#1012628).
- ASoC: Intel: sof_es8336: ignore GpioInt when looking for
speaker/headset GPIO lines (bsc#1012628).
- ASoC: Intel: sof_es8336: Fix GPIO quirks set via module option
(bsc#1012628).
- ASoC: SOF: Intel: hda: add sanity check on SSP index reported
by NHLT (bsc#1012628).
- ALSA: hda/realtek: Enable speaker and mute LEDs for HP laptops
(bsc#1012628).
- RISC-V: Add fast call path of crash_kexec() (bsc#1012628).
- riscv: mmap with PROT_WRITE but no PROT_READ is invalid
(bsc#1012628).
- ASoC: nau8821: Don't unconditionally free interrupt
(bsc#1012628).
- riscv: dts: canaan: Add k210 topology information (bsc#1012628).
- riscv: dts: sifive: Add fu740 topology information
(bsc#1012628).
- ASoC: rsnd: care default case on rsnd_ssiu_busif_err_irq_ctrl()
(bsc#1012628).
- ASoC: SOF: sof-client-probes: Only load the driver if IPC3 is
used (bsc#1012628).
- ASoC: SOF: Intel: hda-ipc: Do not process IPC reply before
firmware boot (bsc#1012628).
- ASoC: SOF: Intel: cnl: Do not process IPC reply before firmware
boot (bsc#1012628).
- modules: Ensure natural alignment for .altinstructions and
__bug_table sections (bsc#1012628).
- ALSA: hda: Fix page fault in snd_hda_codec_shutdown()
(bsc#1012628).
- ASoC: Intel: avs: Set max DMA segment size (bsc#1012628).
- iommu/io-pgtable-arm-v7s: Add a quirk to allow pgtable PA up
to 35bit (bsc#1012628).
- mips: cavium-octeon: Fix missing of_node_put() in
octeon2_usb_clocks_start (bsc#1012628).
- vfio: Clear the caps->buf to NULL after free (bsc#1012628).
- KVM: PPC: Book3S HV: Fix "rm_exit" entry in debugfs timings
(bsc#1012628).
- tty: serial: Fix refcount leak bug in ucc_uart.c (bsc#1012628).
- lib/list_debug.c: Detect uninitialized lists (bsc#1012628).
- ext4: avoid resizing to a partial cluster size (bsc#1012628).
- ext4: block range must be validated before use in
ext4_mb_clear_bb() (bsc#1012628).
- ext4: avoid remove directory when directory is corrupted
(bsc#1012628).
- drivers:md:fix a potential use-after-free bug (bsc#1012628).
- nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during
queue teardown (bsc#1012628).
- md/raid5: Make logic blocking check consistent with logic that
blocks (bsc#1012628).
- md: Notify sysfs sync_completed in md_reap_sync_thread()
(bsc#1012628).
- phy: samsung: phy-exynos-pcie: sanitize init/power_on callbacks
(bsc#1012628).
- openrisc: io: Define iounmap argument as volatile (bsc#1012628).
- Revert "RDMA/rxe: Create duplicate mapping tables for FMRs"
(bsc#1012628).
- dmaengine: sprd: Cleanup in .remove() after
pm_runtime_get_sync() failed (bsc#1012628).
- dmaengine: tegra: Add terminate() for Tegra234 (bsc#1012628).
- selftests/kprobe: Do not test for GRP/ without event failures
(bsc#1012628).
- csky/kprobe: reclaim insn_slot on kprobe unregistration
(bsc#1012628).
- RDMA/rxe: Limit the number of calls to each tasklet
(bsc#1012628).
- ACPI: PPTT: Leave the table mapped for the runtime usage
(bsc#1012628).
- mmc: renesas_sdhi: newer SoCs don't need manual tap correction
(bsc#1012628).
- dmaengine: dw-axi-dmac: ignore interrupt if no descriptor
(bsc#1012628).
- dmaengine: dw-axi-dmac: do not print NULL LLI during error
(bsc#1012628).
- of: overlay: Move devicetree_corrupt() check up (bsc#1012628).
- um: add "noreboot" command line option for PANIC_TIMEOUT=-1
setups (bsc#1012628).
- PCI/ACPI: Guard ARM64-specific mcfg_quirks (bsc#1012628).
- cxl: Fix a memory leak in an error handling path (bsc#1012628).
- pinctrl: intel: Check against matching data instead of ACPI
companion (bsc#1012628).
- scsi: ufs: ufs-exynos: Change ufs phy control sequence
(bsc#1012628).
- mmc: tmio: avoid glitches when resetting (bsc#1012628).
- habanalabs/gaudi: mask constant value before cast (bsc#1012628).
- habanalabs/gaudi: fix shift out of bounds (bsc#1012628).
- habanalabs/gaudi: invoke device reset from one code block
(bsc#1012628).
- habanalabs: add terminating NULL to attrs arrays (bsc#1012628).
- coresight: etm4x: avoid build failure with unrolled loops
(bsc#1012628).
- gadgetfs: ep_io - wait until IRQ finishes (bsc#1012628).
- scsi: lpfc: Fix possible memory leak when failing to issue
CMF WQE (bsc#1012628).
- scsi: lpfc: Prevent buffer overflow crashes in debugfs with
malformed user input (bsc#1012628).
- clk: qcom: clk-alpha-pll: fix clk_trion_pll_configure
description (bsc#1012628).
- zram: do not lookup algorithm in backends table (bsc#1012628).
- uacce: Handle parent device removal or parent driver module
rmmod (bsc#1012628).
- clk: qcom: ipq8074: dont disable gcc_sleep_clk_src
(bsc#1012628).
- vboxguest: Do not use devm for irq (bsc#1012628).
- usb: dwc2: gadget: remove D+ pull-up while no vbus with
usb-role-switch (bsc#1012628).
- scsi: iscsi: Fix HW conn removal use after free (bsc#1012628).
- usb: renesas: Fix refcount leak bug (bsc#1012628).
- usb: host: ohci-ppc-of: Fix refcount leak bug (bsc#1012628).
- usb: typec: mux: Add CONFIG guards for functions (bsc#1012628).
- scsi: ufs: ufs-mediatek: Fix the timing of configuring device
regulators (bsc#1012628).
- clk: ti: Stop using legacy clkctrl names for omap4 and 5
(bsc#1012628).
- drm/meson: Fix overflow implicit truncation warnings
(bsc#1012628).
- irqchip/tegra: Fix overflow implicit truncation warnings
(bsc#1012628).
- scsi: ufs: core: Add UFSHCD_QUIRK_HIBERN_FASTAUTO (bsc#1012628).
- scsi: ufs: core: Add UFSHCD_QUIRK_BROKEN_64BIT_ADDRESS
(bsc#1012628).
- PCI: aardvark: Fix reporting Slot capabilities on emulated
bridge (bsc#1012628).
- usb: gadget: uvc: call uvc uvcg_warn on completed status
instead of uvcg_info (bsc#1012628).
- usb: gadget: uvc: calculate the number of request depending
on framesize (bsc#1012628).
- usb: cdns3 fix use-after-free at workaround 2 (bsc#1012628).
- staging: r8188eu: add error handling of rtw_read32
(bsc#1012628).
- staging: r8188eu: add error handling of rtw_read16
(bsc#1012628).
- staging: r8188eu: add error handling of rtw_read8 (bsc#1012628).
- platform/chrome: cros_ec_proto: don't show MKBP version if
unsupported (bsc#1012628).
- PCI: Add ACS quirk for Broadcom BCM5750x NICs (bsc#1012628).
- HID: multitouch: new device class fix Lenovo X12 trackpad sticky
(bsc#1012628).
- thunderbolt: Change downstream router's TMU rate in both TMU
uni/bidir mode (bsc#1012628).
- x86/kvm: Fix "missing ENDBR" BUG for fastop functions
(bsc#1012628).
- x86/ibt, objtool: Add IBT_NOSEAL() (bsc#1012628).
- net: mscc: ocelot: report ndo_get_stats64 from the
wraparound-resistant ocelot->stats (bsc#1012628).
- net: mscc: ocelot: make struct ocelot_stat_layout array
indexable (bsc#1012628).
- net: mscc: ocelot: fix race between ndo_get_stats64 and
ocelot_check_stats_work (bsc#1012628).
- net: mscc: ocelot: turn stats_lock into a spinlock
(bsc#1012628).
- KVM: arm64: Reject 32bit user PSTATE on asymmetric systems
(bsc#1012628).
- KVM: arm64: Treat PMCR_EL1.LC as RES1 on asymmetric systems
(bsc#1012628).
- drm/amdgpu: Fix use-after-free on amdgpu_bo_list mutex
(bsc#1012628).
- drm/sun4i: dsi: Prevent underflow when computing packet sizes
(bsc#1012628).
- drm/bridge: lvds-codec: Fix error checking of
drm_of_lvds_get_data_mapping() (bsc#1012628).
- drm/amdgpu: Avoid another list of reset devices (bsc#1012628).
- drm/i915/ttm: don't leak the ccs state (bsc#1012628).
- drm/meson: Fix refcount bugs in
meson_vpu_has_available_connectors() (bsc#1012628).
- drm/imx/dcss: get rid of HPD warning message (bsc#1012628).
- can: j1939: j1939_sk_queue_activate_next_locked(): replace
WARN_ON_ONCE with netdev_warn_once() (bsc#1012628).
- gcc-plugins: Undefine LATENT_ENTROPY_PLUGIN when plugin disabled
for a file (bsc#1012628).
- kbuild: fix the modules order between drivers and libs
(bsc#1012628).
- igb: Add lock to avoid data race (bsc#1012628).
- stmmac: intel: Add a missing clk_disable_unprepare() call in
intel_eth_pci_remove() (bsc#1012628).
- dt-bindings: display: sun4i: Add D1 TCONs to conditionals
(bsc#1012628).
- fec: Fix timer capture timing in `fec_ptp_enable_pps()`
(bsc#1012628).
- tools/rtla: Fix command symlinks (bsc#1012628).
- blk-mq: run queue no matter whether the request is the last
request (bsc#1012628).
- i40e: Fix to stop tx_timeout recovery if GLOBR fails
(bsc#1012628).
- regulator: pca9450: Remove restrictions for regulator-name
(bsc#1012628).
- i40e: Fix tunnel checksum offload with fragmented traffic
(bsc#1012628).
- i2c: imx: Make sure to unregister adapter on remove()
(bsc#1012628).
- modpost: fix module versioning when a symbol lacks valid CRC
(bsc#1012628).
- ice: Ignore error message when setting same promiscuous mode
(bsc#1012628).
- ice: Fix clearing of promisc mode with bridge over bond
(bsc#1012628).
- ice: Ignore EEXIST when setting promisc mode (bsc#1012628).
- ice: Fix double VLAN error when entering promisc mode
(bsc#1012628).
- ice: Fix VF not able to send tagged traffic with no VLAN filters
(bsc#1012628).
- ice: Fix call trace with null VSI during VF reset (bsc#1012628).
- ice: Fix VSI rebuild WARN_ON check for VF (bsc#1012628).
- net: dsa: sja1105: fix buffer overflow in
sja1105_setup_devlink_regions() (bsc#1012628).
- net: dsa: don't warn in dsa_port_set_state_now() when driver
doesn't support it (bsc#1012628).
- net: genl: fix error path memory leak in policy dumping
(bsc#1012628).
- net: mscc: ocelot: fix address of SYS_COUNT_TX_AGING counter
(bsc#1012628).
- net: mscc: ocelot: fix incorrect ndo_get_stats64 packet counters
(bsc#1012628).
- net: dsa: felix: fix ethtool 256-511 and 512-1023 TX packet
counters (bsc#1012628).
- net: dsa: microchip: ksz9477: fix fdb_dump last invalid entry
(bsc#1012628).
- net: sched: fix misuse of qcpu->backlog in
gnet_stats_add_queue_cpu (bsc#1012628).
- net: rtnetlink: fix module reference count leak issue in
rtnetlink_rcv_msg (bsc#1012628).
- net: fix potential refcount leak in ndisc_router_discovery()
(bsc#1012628).
- net: moxa: pass pdev instead of ndev to DMA functions
(bsc#1012628).
- mlxsw: spectrum: Clear PTP configuration after unregistering
the netdevice (bsc#1012628).
- virtio_net: fix endian-ness for RSS (bsc#1012628).
- net: qrtr: start MHI channel after endpoit creation
(bsc#1012628).
- net: dsa: mv88e6060: prevent crash on an unused port
(bsc#1012628).
- net/sunrpc: fix potential memory leaks in
rpc_sysfs_xprt_state_change() (bsc#1012628).
- spi: meson-spicc: add local pow2 clock ops to preserve rate
between messages (bsc#1012628).
- powerpc/pci: Fix get_phb_number() locking (bsc#1012628).
- netfilter: nf_tables: check NFT_SET_CONCAT flag if field_count
is specified (bsc#1012628).
- netfilter: nf_tables: disallow NFT_SET_ELEM_CATCHALL and
NFT_SET_ELEM_INTERVAL_END (bsc#1012628).
- netfilter: nf_tables: NFTA_SET_ELEM_KEY_END requires concat
and interval flags (bsc#1012628).
- netfilter: nf_tables: validate NFTA_SET_ELEM_OBJREF based on
NFT_SET_OBJECT flag (bsc#1012628).
- netfilter: nf_tables: fix scheduling-while-atomic splat
(bsc#1012628).
- netfilter: nf_tables: really skip inactive sets when allocating
name (bsc#1012628).
- netfilter: nf_tables: possible module reference underflow in
error path (bsc#1012628).
- netfilter: nf_ct_irc: cap packet search space to 4k
(bsc#1012628).
- netfilter: nf_ct_ftp: prefer skb_linearize (bsc#1012628).
- netfilter: nf_ct_h323: cap packet size at 64k (bsc#1012628).
- netfilter: nf_ct_sane: remove pseudo skb linearization
(bsc#1012628).
- netfilter: nf_tables: disallow NFTA_SET_ELEM_KEY_END with
NFT_SET_ELEM_INTERVAL_END flag (bsc#1012628).
- fs/ntfs3: uninitialized variable in ntfs_set_acl_ex()
(bsc#1012628).
- netfilter: nf_tables: use READ_ONCE and WRITE_ONCE for shared
generation id access (bsc#1012628).
- netfilter: nfnetlink: re-enable conntrack expectation events
(bsc#1012628).
- RDMA/cxgb4: fix accept failure due to increased
cpl_t5_pass_accept_rpl size (bsc#1012628).
- RDMA/mlx5: Use the proper number of ports (bsc#1012628).
- IB/iser: Fix login with authentication (bsc#1012628).
- ASoC: codec: tlv320aic32x4: fix mono playback via I2S
(bsc#1012628).
- ASoC: tas2770: Fix handling of mute/unmute (bsc#1012628).
- ASoC: tas2770: Drop conflicting set_bias_level power setting
(bsc#1012628).
- ASoC: tas2770: Allow mono streams (bsc#1012628).
- ASoC: tas2770: Set correct FSYNC polarity (bsc#1012628).
- ASoC: DPCM: Don't pick up BE without substream (bsc#1012628).
- ASoC: SOF: Intel: hda: Fix potential buffer overflow by
snprintf() (bsc#1012628).
- ASoC: SOF: debug: Fix potential buffer overflow by snprintf()
(bsc#1012628).
- ASoC: Intel: avs: Fix potential buffer overflow by snprintf()
(bsc#1012628).
- iavf: Fix deadlock in initialization (bsc#1012628).
- iavf: Fix reset error handling (bsc#1012628).
- iavf: Fix NULL pointer dereference in iavf_get_link_ksettings
(bsc#1012628).
- iavf: Fix adminq error handling (bsc#1012628).
- nios2: add force_successful_syscall_return() (bsc#1012628).
- nios2: restarts apply only to the first sigframe we
build.. (bsc#1012628).
- nios2: fix syscall restart checks (bsc#1012628).
- nios2: traced syscall does need to check the syscall number
(bsc#1012628).
- nios2: don't leave NULLs in sys_call_table[] (bsc#1012628).
- nios2: page fault et.al. are *not* restartable
syscalls.. (bsc#1012628).
- fs/ntfs3: Fix missing i_op in ntfs_read_mft (bsc#1012628).
- fs/ntfs3: Do not change mode if ntfs_set_ea failed
(bsc#1012628).
- fs/ntfs3: Fix double free on remount (bsc#1012628).
- fs/ntfs3: Don't clear upper bits accidentally in log_replay()
(bsc#1012628).
- fs/ntfs3: Fix NULL deref in ntfs_update_mftmirr (bsc#1012628).
- fs/ntfs3: Fix using uninitialized value n when calling indx_read
(bsc#1012628).
- dpaa2-eth: trace the allocated address instead of page struct
(bsc#1012628).
- perf tests: Fix Track with sched_switch test for hybrid case
(bsc#1012628).
- perf parse-events: Fix segfault when event parser gets an error
(bsc#1012628).
- i2c: qcom-geni: Fix GPI DMA buffer sync-back (bsc#1012628).
- perf probe: Fix an error handling path in
'parse_perf_probe_command()' (bsc#1012628).
- nvme-fc: fix the fc_appid_store return value (bsc#1012628).
- geneve: fix TOS inheriting for ipv4 (bsc#1012628).
- fscache: don't leak cookie access refs if invalidation is in
progress or failed (bsc#1012628).
- atm: idt77252: fix use-after-free bugs caused by tst_timer
(bsc#1012628).
- tsnep: Fix tsnep_tx_unmap() error path usage (bsc#1012628).
- xen/xenbus: fix return type in xenbus_file_read() (bsc#1012628).
- nfp: ethtool: fix the display error of `ethtool -m DEVNAME`
(bsc#1012628).
- NTB: ntb_tool: uninitialized heap data in tool_fn_write()
(bsc#1012628).
- tools build: Switch to new openssl API for test-libcrypto
(bsc#1012628).
- kbuild: dummy-tools: avoid tmpdir leak in dummy gcc
(bsc#1012628).
- tools/testing/cxl: Fix cxl_hdm_decode_init() calling convention
(bsc#1012628).
- vdpa_sim_blk: set number of address spaces and virtqueue groups
(bsc#1012628).
- vdpa_sim: use max_iotlb_entries as a limit in vhost_iotlb_init
(bsc#1012628).
- clk: imx93: Correct the edma1's parent clock (bsc#1012628).
- ceph: don't leak snap_rwsem in handle_cap_grant (bsc#1012628).
- tools/vm/slabinfo: use alphabetic order when two values are
equal (bsc#1012628).
- tools/testing/cxl: Fix decoder default state (bsc#1012628).
- ceph: use correct index when encoding client supported features
(bsc#1012628).
- spi: dt-bindings: qcom,spi-geni-qcom: allow three interconnects
(bsc#1012628).
- dt-bindings: opp: opp-v2-kryo-cpu: Fix example binding checks
(bsc#1012628).
- spi: dt-bindings: zynqmp-qspi: add missing 'required'
(bsc#1012628).
- spi: dt-bindings: cadence: add missing 'required' (bsc#1012628).
- dt-bindings: PCI: qcom: Fix reset conditional (bsc#1012628).
- dt-bindings: clock: qcom,gcc-msm8996: add more GCC clock sources
(bsc#1012628).
- dt-bindings: arm: qcom: fix MSM8994 boards compatibles
(bsc#1012628).
- dt-bindings: arm: qcom: fix MSM8916 MTP compatibles
(bsc#1012628).
- dt-bindings: arm: qcom: fix Longcheer L8150 compatibles
(bsc#1012628).
- dt-bindings: gpio: zynq: Add missing compatible strings
(bsc#1012628).
- vsock: Set socket state back to SS_UNCONNECTED in
vsock_connect_timeout() (bsc#1012628).
- vsock: Fix memory leak in vsock_connect() (bsc#1012628).
- plip: avoid rcu debug splat (bsc#1012628).
- ipv6: do not use RT_TOS for IPv6 flowlabel (bsc#1012628).
- mlx5: do not use RT_TOS for IPv6 flowlabel (bsc#1012628).
- vxlan: do not use RT_TOS for IPv6 flowlabel (bsc#1012628).
- geneve: do not use RT_TOS for IPv6 flowlabel (bsc#1012628).
- ACPI: property: Return type of acpi_add_nondev_subnodes()
should be bool (bsc#1012628).
- octeontx2-af: Fix key checking for source mac (bsc#1012628).
- octeontx2-af: Fix mcam entry resource leak (bsc#1012628).
- octeontx2-af: suppress external profile loading warning
(bsc#1012628).
- octeontx2-af: Apply tx nibble fixup always (bsc#1012628).
- octeontx2-pf: Fix NIX_AF_TL3_TL2X_LINKX_CFG register
configuration (bsc#1012628).
- dt-bindings: input: iqs7222: Extend slider-mapped GPIO to
IQS7222C (bsc#1012628).
- dt-bindings: input: iqs7222: Correct bottom speed step size
(bsc#1012628).
- dt-bindings: input: iqs7222: Remove support for RF filter
(bsc#1012628).
- Input: iqs7222 - remove support for RF filter (bsc#1012628).
- Input: iqs7222 - handle reset during ATI (bsc#1012628).
- Input: iqs7222 - acknowledge reset before writing registers
(bsc#1012628).
- Input: iqs7222 - protect volatile registers (bsc#1012628).
- Input: iqs7222 - fortify slider event reporting (bsc#1012628).
- Input: iqs7222 - correct slider event disable logic
(bsc#1012628).
- Input: mt6779-keypad - match hardware matrix organization
(bsc#1012628).
- Input: exc3000 - fix return value check of
wait_for_completion_timeout (bsc#1012628).
- rtc: spear: set range max (bsc#1012628).
- pinctrl: qcom: sm8250: Fix PDC map (bsc#1012628).
- dt-bindings: pinctrl: mt8186: Add and use
drive-strength-microamp (bsc#1012628).
- pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (bsc#1012628).
- dt-bindings: pinctrl: mt8195: Add and use
drive-strength-microamp (bsc#1012628).
- dt-bindings: pinctrl: mt8195: Fix name for
mediatek,rsel-resistance-in-si-unit (bsc#1012628).
- pinctrl: amd: Don't save/restore interrupt status and wake
status bits (bsc#1012628).
- pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed
(bsc#1012628).
- pinctrl: nomadik: Fix refcount leak in
nmk_pinctrl_dt_subnode_to_map (bsc#1012628).
- dt-bindings: pinctrl: mt8192: Use generic bias instead of
pull-*-adv (bsc#1012628).
- dt-bindings: pinctrl: mt8192: Add drive-strength-microamp
(bsc#1012628).
- pinctrl: renesas: rzg2l: Return -EINVAL for pins which have
input disabled (bsc#1012628).
- dt-bindings: arm: qcom: fix Alcatel OneTouch Idol 3 compatibles
(bsc#1012628).
- selftests: forwarding: Fix failing tests with old libnet
(bsc#1012628).
- net: atm: bring back zatm uAPI (bsc#1012628).
- net: bgmac: Fix a BUG triggered by wrong bytes_compl
(bsc#1012628).
- net: dsa: felix: suppress non-changes to the tagging protocol
(bsc#1012628).
- net: phy: c45 baset1: do not skip aneg configuration if clock
role is not specified (bsc#1012628).
- net: bcmgenet: Indicate MAC is in charge of PHY PM
(bsc#1012628).
- net: phy: Warn about incorrect mdio_bus_phy_resume() state
(bsc#1012628).
- devlink: Fix use-after-free after a failed reload (bsc#1012628).
- virtio-blk: Avoid use-after-free on suspend/resume
(bsc#1012628).
- virtio_net: fix memory leak inside XPD_TX with mergeable
(bsc#1012628).
- virtio: VIRTIO_HARDEN_NOTIFICATION is broken (bsc#1012628).
- ASoC: qdsp6: q6apm-dai: unprepare stream if its already prepared
(bsc#1012628).
- SUNRPC: Don't reuse bvec on retransmission of the request
(bsc#1012628).
- SUNRPC: Reinitialise the backchannel request buffers before
reuse (bsc#1012628).
- SUNRPC: Fix xdr_encode_bool() (bsc#1012628).
- sunrpc: fix expiry of auth creds (bsc#1012628).
- m68k: coldfire/device.c: protect FLEXCAN blocks (bsc#1012628).
- net: atlantic: fix aq_vec index out of range error
(bsc#1012628).
- can: j1939: j1939_session_destroy(): fix memory leak of skbs
(bsc#1012628).
- can: mcp251x: Fix race condition on receive interrupt
(bsc#1012628).
- bpf: Check the validity of max_rdwr_access for sock local
storage map iterator (bsc#1012628).
- bpf: Acquire map uref in .init_seq_private for sock{map,hash}
iterator (bsc#1012628).
- bpf: Acquire map uref in .init_seq_private for sock local
storage map iterator (bsc#1012628).
- bpf: Acquire map uref in .init_seq_private for hash map iterator
(bsc#1012628).
- bpf: Acquire map uref in .init_seq_private for array map
iterator (bsc#1012628).
- bpf: Don't reinit map value in prealloc_lru_pop (bsc#1012628).
- bpf: Disallow bpf programs call prog_run command (bsc#1012628).
- BPF: Fix potential bad pointer dereference in bpf_sys_bpf()
(bsc#1012628).
- selftests: mptcp: make sendfile selftest work (bsc#1012628).
- mptcp: do not queue data on closed subflows (bsc#1012628).
- mptcp: move subflow cleanup in mptcp_destroy_common()
(bsc#1012628).
- mptcp, btf: Add struct mptcp_sock definition when CONFIG_MPTCP
is disabled (bsc#1012628).
- NFSv4/pnfs: Fix a use-after-free bug in open (bsc#1012628).
- NFSv4.1: RECLAIM_COMPLETE must handle EACCES (bsc#1012628).
- NFSv4: Fix races in the legacy idmapper upcall (bsc#1012628).
- NFSv4.1: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly
(bsc#1012628).
- NFSv4.1: Don't decrease the value of seq_nr_highest_sent
(bsc#1012628).
- net: tap: NULL pointer derefence in dev_parse_header_protocol
when skb->dev is null (bsc#1012628).
- netfilter: nf_tables: fix crash when nf_trace is enabled
(bsc#1012628).
- Documentation: ACPI: EINJ: Fix obsolete example (bsc#1012628).
- apparmor: Fix memleak in aa_simple_write_to_buffer()
(bsc#1012628).
- apparmor: fix reference count leak in aa_pivotroot()
(bsc#1012628).
- apparmor: fix overlapping attachment computation (bsc#1012628).
- apparmor: fix setting unconfined mode on a loaded profile
(bsc#1012628).
- apparmor: fix aa_label_asxprint return check (bsc#1012628).
- apparmor: Fix failed mount permission check error message
(bsc#1012628).
- apparmor: fix absroot causing audited secids to begin with =
(bsc#1012628).
- apparmor: fix quiet_denied for file rules (bsc#1012628).
- can: ems_usb: fix clang's -Wunaligned-access warning
(bsc#1012628).
- dt-bindings: usb: mtk-xhci: Allow wakeup interrupt-names to
be optional (bsc#1012628).
- ALSA: hda: Fix crash due to jack poll in suspend (bsc#1012628).
- ALSA: usb-audio: More comprehensive mixer map for ASUS ROG
Zenith II (bsc#1012628).
- tracing: Have filter accept "common_cpu" to be consistent
(bsc#1012628).
- tracing/probes: Have kprobes and uprobes use $COMM too
(bsc#1012628).
- tracing/eprobes: Have event probes be consistent with kprobes
and uprobes (bsc#1012628).
- tracing/eprobes: Fix reading of string fields (bsc#1012628).
- tracing/eprobes: Do not hardcode $comm as a string
(bsc#1012628).
- tracing/eprobes: Do not allow eprobes to use $stack, or %
for regs (bsc#1012628).
- tracing/perf: Fix double put of trace event when init fails
(bsc#1012628).
- x86/kprobes: Fix JNG/JNLE emulation (bsc#1012628).
- cifs: Fix memory leak on the deferred close (bsc#1012628).
- drm/i915: pass a pointer for tlb seqno at vma_invalidate_tlb()
(bsc#1012628).
- drm/i915/gt: Batch TLB invalidations (bsc#1012628).
- drm/i915/gt: Skip TLB invalidations once wedged (bsc#1012628).
- drm/i915/gt: Invalidate TLB of the OA unit at TLB invalidations
(bsc#1012628).
- drm/i915/gt: Ignore TLB invalidations on idle engines
(bsc#1012628).
- drm/amdgpu: change vram width algorithm for vram_info v3_0
(bsc#1012628).
- btrfs: fix warning during log replay when bumping inode link
count (bsc#1012628).
- btrfs: fix lost error handling when looking up extended ref
on log replay (bsc#1012628).
- btrfs: reset RO counter on block group if we fail to relocate
(bsc#1012628).
- btrfs: unset reloc control if transaction commit fails in
prepare_to_relocate() (bsc#1012628).
- mmc: meson-gx: Fix an error handling path in meson_mmc_probe()
(bsc#1012628).
- mmc: pxamci: Fix an error handling path in pxamci_probe()
(bsc#1012628).
- mmc: pxamci: Fix another error handling path in pxamci_probe()
(bsc#1012628).
- ata: libata-eh: Add missing command name (bsc#1012628).
- s390/ap: fix crash on older machines based on QCI info missing
(bsc#1012628).
- drm/amd/display: Check correct bounds for stream encoder
instances for DCN303 (bsc#1012628).
- drm/amdgpu: Only disable prefer_shadow on hawaii (bsc#1012628).
- drm/ttm: Fix dummy res NULL ptr deref bug (bsc#1012628).
- drm/nouveau: recognise GA103 (bsc#1012628).
- locking/atomic: Make test_and_*_bit() ordered on failure
(bsc#1012628).
- drm/i915/gem: Remove shared locking on freeing objects
(bsc#1012628).
- rds: add missing barrier to release_refill (bsc#1012628).
- x86/mm: Use proper mask when setting PUD mapping (bsc#1012628).
- KVM: Unconditionally get a ref to /dev/kvm module when creating
a VM (bsc#1012628).
- RDMA: Handle the return code from dma_resv_wait_timeout()
properly (bsc#1012628).
- ALSA: hda/realtek: Add quirk for Clevo NS50PU, NS70PU
(bsc#1012628).
- ALSA: info: Fix llseek return value when using callback
(bsc#1012628).
- commit 631b6cd
++++ libXau:
- Update to version 1.0.10
* gitlab CI: add a basic build test
* Fix spelling/wording issues
* Autest.c: Fix -Wdiscarded-qualifiers warnings
* Remove unnnecessary casts from malloc() and free() calls
* XauReadAuth: move failure handling code to a common code block
++++ at-spi2-core:
- Update to version 2.45.91:
+ Send device event controller events using the same signature as
other events.
+ Document the Accessible, Action, and Cache dbus interfaces.
+ Fix license of atspi-gmain.c.
- Add fdupes BuildRequires and macro, remove duplicate files.
- Provide and Obsolete atk from libatk sub-package.
++++ schily:
- Fix update-alternatives for rmt.1
------------------------------------------------------------------
------------------ 2022-8-26 - Aug 26 2022 -------------------
------------------------------------------------------------------
++++ NetworkManager:
- Update to version 1.40.0:
+ During the build, stop relying on intltool for i18n and use
gettext only.
+ Undeprecate nm_remote_connection_get_secrets() in libnm.
+ NetworkManager now will restart DHCP if the MAC changes on a
device.
- Drop intltool BuildRequires following upstream changes.
- Refresh patches with quilt.
- Stop passing dnssec_trigger=%{_libexecdir}/dnssec-trigger-script
to meson, support dropped upstream.
++++ apparmor:
- add profiles-permit-php-fpm-pid-files-directly-under-run.patch
https://gitlab.com/apparmor/apparmor/-/merge_requests/914 (bsc#1202344)
++++ librsvg:
- Update to version 2.55.0:
+ The Minimum Supported Rust Version (MSRV) is now Rust 1.58.
+ The release tarball no longer contains vendored Rust
dependencies. Most distributions now have infrastructure to
pull these themselves, so let's make the tarball smaller.
+ Accept patterns with userSpaceOnUse units for the stroke of
axis-aligned lines.
+ Small reductions in memory consumption of the DOM tree.
+ Updates for the gtk-rs API.
- Update to version 2.54.5:
+ Accept patterns with userSpaceOnUse units for the stroke of
axis-aligned lines.
++++ llvm15:
- Add llvm-lifetime-for-rust.patch to have Rust memory management
functions considered as lifetime markers. This should aid dead
store elimination to dynamically allocated memory in Rust code.
++++ libapparmor:
- add profiles-permit-php-fpm-pid-files-directly-under-run.patch
https://gitlab.com/apparmor/apparmor/-/merge_requests/914 (bsc#1202344)
++++ libcbor:
- Install manual page in the correct man section
++++ nfs-utils:
- sysconfig.nfs, nfs.conf: allow NFSv4 grace time to be set
via sysconfig.
SLE12 allowed this, SLE15 lost the ability. Add it back
with the name NFSV4GRACETIME. Also improve description
for NFSV4LEASETIME.
(bsc#1202592)
++++ libssh:
- Update to version 0.10.0
* https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.10.0
- Removed 0001-Soften-behaviour-of-the-Compression-no-yes-option.patch
++++ selinux-policy:
- Move SUSE directory from manual page section to html docu
------------------------------------------------------------------
------------------ 2022-8-25 - Aug 25 2022 -------------------
------------------------------------------------------------------
++++ file:
- Move magic files to /usr/share/file from /usr/share/misc, and
then create symlinks from /usr/share/misc back to /usr/share/file
as per FHS 3.0
++++ glib2:
- Add 99783e0408f8ae9628d2c7a30eb99806087da711.patch:
gsocketclient: Fix passing NULL to g_task_get_cancellable().
Fix a regression from commit abddb42d14, where it could pass
`NULL` to `g_task_get_cancellable()`, triggering a critical
warning. This could happen because the lifetime of `data->task`
is not as long as the lifetime of the `ConnectionAttempt`, but
the code assumed it was.
Fix the problem by keeping a strong ref to that `GCancellable`
around until the `ConnectionAttempt` is finished being destroyed.
++++ kernel-default:
- series.conf: cleanup
- move recently added patches to "almost mainline" section
- patches.suse/Revert-zram-remove-double-compression-logic.patch
- patches.suse/ASoC-nau8821-Implement-hw-constraint-for-rates.patch
- patches.suse/ASoC-nau8824-Fix-semaphore-unbalance-at-error-paths.patch
- patches.suse/ASoC-nau8824-Implement-hw-constraint-for-rates.patch
- patches.suse/ASoC-nau8825-Implement-hw-constraint-for-rates.patch
- patches.suse/ASoC-nau8540-Implement-hw-constraint-for-rates.patch
- commit 18ca0fb
- Refresh USB type-C workaround patch (bsc#1202386)
It landed in the upstream subsystem repo; also correct the bug reference
- commit bf02544
- ASoC: nau8540: Implement hw constraint for rates (bsc#1201418).
- ASoC: nau8825: Implement hw constraint for rates (bsc#1201418).
- ASoC: nau8824: Implement hw constraint for rates (bsc#1201418).
- ASoC: nau8824: Fix semaphore unbalance at error paths
(bsc#1201418).
- ASoC: nau8821: Implement hw constraint for rates (bsc#1201418).
- commit ef72ecc
++++ libxml2:
- Update to version 2.10.1:
* Regressions: Fix xmlCtxtReadDoc with encoding
* Bug fixes: Fix HTML parser with threads and --without-legacy
* Build system:
+ Fix build with Python 3.10
+ cmake: Disable version script on macOS
+ Remove Makefile rule to build testapi.c
* Documentation:
+ Switch back to HTML output for API documentation
+ Port doc/examples/index.py to Python 3
+ Fix order of exports in libxml2-api.xml
+ Remove libxml2-refs.xml
++++ osinfo-db:
- Add support for openSUSE Leap 15.5, SLES 15.5, and SLE Micro 5.3
add-opensuse-leap-15.5-support.patch
add-sle15sp5-support.patch
add-slem5.3-support.patch
++++ pinentry:
- update to 1.2.1:
* qt: Support building with Qt 5.9. [T5592]
* curses: Handle an error at curses initialization. [T5623]
* curses: Specify fg/bg when an extention of Ncurses is not available.
* qt: Fix translation of context menu entries. [T5786]
* qt: Further improve the accessibility. [T5863]
* qt: Fix moving focus to second input field when pressing Enter in
first input field. [T5866]
* qt: Update the cursor position when reformatting the text. [T5972]
* qt: Use foreground raising code also with the confirm prompt.
* Make the legacy qt4 version build again. [T5569]
* Make sure an entered PIN is always cleared from memory. [T5977]
* Build fixes for Windows. [T5893]
++++ libxml2-python:
- Update to version 2.10.1:
* Regressions: Fix xmlCtxtReadDoc with encoding
* Bug fixes: Fix HTML parser with threads and --without-legacy
* Build system:
+ Fix build with Python 3.10
+ cmake: Disable version script on macOS
+ Remove Makefile rule to build testapi.c
* Documentation:
+ Switch back to HTML output for API documentation
+ Port doc/examples/index.py to Python 3
+ Fix order of exports in libxml2-api.xml
+ Remove libxml2-refs.xml
------------------------------------------------------------------
------------------ 2022-8-24 - Aug 24 2022 -------------------
------------------------------------------------------------------
++++ cockpit:
- Add kdump-close.patch required by patches below.
- Add kdump-refactor.patch and kdump-suse.patch to support SUSE
kdump config management in cockpit.
- Use a list of available brandings to include in cockpit-ws
package instead of resolving by symlinks.
++++ fillup:
- Makefile is not parallel-safe
++++ glibc:
- nscd-netlink-cache-invalidation.patch: nscd: Fix netlink cache
invalidation if epoll is used (boo#1199964, BZ #29415)
++++ kernel-default:
- Update
patches.kernel.org/5.19.2-1136-net_sched-cls_route-remove-from-list-when-han.patch
references (add CVE-2022-2588 bsc#1202096).
- Update
patches.kernel.org/5.19.3-003-net_sched-cls_route-disallow-handle-of-0.patch
references (add bsc#1202393).
- commit cc8e6d6
++++ jbigkit:
- Makefile is not parallel-safe
++++ multipath-tools:
- Update to version 0.9.0+55+suse.33d8854:
* Avoid linking to libreadline to avoid licensing issue
(bsc#1202616)
++++ libtasn1:
- libtasn1 4.19.0:
* Clarify libtasn1.map license
* Fix ETYPE_OK out of bounds read
* Update gnulib files and various maintenance fixes
++++ libvirt:
- spec: Suppress error messages about nonexistent or unreadable
files from grep
++++ tcpd:
- Makefile is not parallel-safe
------------------------------------------------------------------
------------------ 2022-8-23 - Aug 23 2022 -------------------
------------------------------------------------------------------
++++ llvm15:
- Don't declare python3-clang as noarch: Python packages are
installed into %{_libdir}.
++++ libgcrypt:
- FIPS: gpg/gpg2 gets out of core handler in FIPS mode while
typing Tab key to Auto-Completion. [bsc#1182983]
* Add libgcrypt-out-of-core-handler.patch
++++ zlib:
- Update to 1.2.12:
* A lot of bug fixes
* Improve speed of crc32 functions
* Use ARM crc32 instructions if the ARM architecture has them
For the complete changes, see ChangeLog
- Fixes CVE-2022-37434, heap-based buffer over-read or buffer overflow in
inflate.c via a large gzip header extra field
(CVE-2022-37434, bsc#1202175)
- Added patches:
* zlib-1.2.11-covscan-issues-rhel9.patch
* zlib-1.2.11-covscan-issues.patch
* zlib-1.2.12-s390-vectorize-crc32.patch
* zlib-1.2.12-optimized-crc32-power8.patch
* zlib-1.2.12-IBM-Z-hw-accelerated-deflate-s390x.patch
* zlib-1.2.12-fix-configure.patch
* zlib-1.2.12-correct-inputs-provided-to-crc-func.patch
* zlib-1.2.12-fix-CVE-2022-37434.patch
* zlib-1.2.5-minizip-fixuncrypt.patch
- Removed patches:
* bsc1197459.patch (upstreamed)
* zlib-power8-fate325307.patch
(replaced by zlib-1.2.12-optimized-crc32-power8.patch)
* bsc1174736-DFLTCC_LEVEL_MASK-set-to-0x1ff.patch
(replaced by zlib-1.2.12-IBM-Z-hw-accelrated-deflate-s390x.patch)
* 410.patch
(replaced by zlib-1.2.12-IBM-Z-hw-accelrated-deflate-s390x.patch)
- Refreshed patches:
* zlib-format.patch
* zlib-no-version-check.patch
- Disable profiling since it breaks tests
- Update zlib-rpmlintrc
++++ ovmf:
- Removed patches in ovmf-bsc1196879-sev-fix.patch which are merged to
edk2-stable202205:
- OvmfPkg/AmdSev: reserve snp pages
- de463163d9 edk2-stable202205-rc1~292
- OvmfPkg/ResetVector: cache the SEV status MSR value
- 63c50d3ff2 edk2-stable202205-rc1~291
- OvmfPkg/BaseMemEncryptLib: use the SEV_STATUS MSR
- f1d1c337e7 edk2-stable202205-rc1~290
------------------------------------------------------------------
------------------ 2022-8-22 - Aug 22 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- update to 22.1.7:
* fixes and cleanups all over the tree
* most of the fixes are for zink
* nice batch of fixes for the gallium dx9 frontend
* some other fixes across the board
++++ Mesa-drivers:
- update to 22.1.7:
* fixes and cleanups all over the tree
* most of the fixes are for zink
* nice batch of fixes for the gallium dx9 frontend
* some other fixes across the board
++++ boost-base:
- ppc64le: added some new math libraries (bsc#1202594)
++++ cryptsetup:
- cryptsetup 2.5.0:
* Split manual pages into per-action pages and use AsciiDoc format.
* Remove cryptsetup-reencrypt tool from the project and move reencryption
to already existing "cryptsetup reencrypt" command.
If you need to emulate the old cryptsetup-reencrypt binary, use simple
wrappers script running "exec cryptsetup reencrypt $@".
* LUKS2: implement --decryption option that allows LUKS removal.
* Fix decryption operation with --active-name option and restrict
it to be used only with LUKS2.
* Do not refresh reencryption digest when not needed.
This should speed up the reencryption resume process.
* Store proper resilience data in LUKS2 reencrypt initialization.
Resuming reencryption now does not require specification of resilience
type parameters if these are the same as during initialization.
* Properly wipe the unused area after reencryption with datashift in
the forward direction.
* Check datashift value against larger sector size.
For example, it could cause an issue if misaligned 4K sector appears
during decryption.
* Do not allow sector size increase reencryption in offline mode.
* Do not allow dangerous sector size change during reencryption.
* Ask the user for confirmation before resuming reencryption.
* Do not resume reencryption with conflicting parameters.
* Add --force-offline-reencrypt option.
* Do not allow nested encryption in LUKS reencrypt.
* Support all options allowed with luksFormat with encrypt action.
* Add resize action to integritysetup.
* Remove obsolete dracut plugin reencryption example.
* Fix possible keyslot area size overflow during conversion to LUKS2.
* Allow use of --header option for cryptsetup close.
* Fix activation of LUKS2 device with integrity and detached header.
* Add ZEROOUT IOCTL support for crypt_wipe API call.
* VERITY: set loopback sector size according to dm-verity block sizes.
* veritysetup: dump device sizes.
* LUKS2 token: prefer token PIN query before passphrase in some cases.
When a user provides --token-type or specific --token-id, a token PIN
query is preferred to a passphrase query.
* LUKS2 token: allow tokens to be replaced with --token-replace option
for cryptsetup token command.
* LUKS2 token: do not continue operation when interrupted in PIN prompt.
* Add --progress-json parameter to utilities.
* Add support for --key-slot option in luksResume action.
- move man pages to separate subpackage
- drop backports handling
++++ transactional-update:
- Version 4.0.1
- create_dirs_from_rpmdb: Just warn if no default SELinux context found
[gh#openSUSE/transactional-update#88], [bsc#1188215]
- create_dirs_from_rpmdb: Don't update the rpmdb cookie on failure
[gh#openSUSE/transactional-update#88]
- Handle directories owned by multiple packages
[gh#openSUSE/transactional-update#90], [bsc#1188215]
++++ filesystem:
- Revert last change, fr should be used like we do for all languages
in all packages, no excpetion for xz with fr_FR.
++++ kernel-default:
- scsi: sd: Revert "Rework asynchronous resume support"
(rc1 testing).
- commit 4aad010
- Update to 6.0-rc2
- drop upstreamed patch
- patches.rpmify/kbuild-dummy-tools-pretend-we-understand-__LONG_DOUB.patch
- refresh configs
- commit 712f762
++++ ncurses:
- Add ncurses patch 20220820
+ fix some cppcheck warnings, mostly style, in ncurses and c++
libraries and progs directory.
+ add curses_trace to ifdef's for START_TRACE in test/test.priv.h
+ update config.guess
++++ nghttp2:
- update to 1.49.0:
* https://nghttp2.org/blog/2022/08/22/nghttp2-v1-49-0/
++++ shadow:
- Update to 4.12.3:
Revert removal of subid_init, which should have bumped soname.
So note that 4.12 through 4.12.2 were broken for subid users.
++++ python-immutables:
- Don't do mypy static type checking of the sources in order to
avoid mypy in Ring1. The functionality of the binary rpm package
is not affected by properly typed python sources.
- Remove obsolete setup.py sed fix
- Don't catchall sitearch files in %files section
++++ python-urllib3:
- update to 1.26.12:
* Deprecated the `urllib3[secure]` extra and the `urllib3.contrib.pyopenssl` module.
Both will be removed in v2.x. See this `GitHub issue <https://github.com/urllib3/urllib3/issues/2680>`_
for justification and info on how to migrate.
++++ trousers:
- BuildRequire pkkconfig(udev) instead of udev: allow OBS to
shortcut through the -mini flavors.
------------------------------------------------------------------
------------------ 2022-8-21 - Aug 21 2022 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Linux 5.19.3 (bsc#1012628).
- arm64: kexec_file: use more system keyrings to verify kernel
image signature (bsc#1012628).
- kexec, KEYS: make the code in bzImage64_verify_sig generic
(bsc#1012628).
- btrfs: raid56: don't trust any cached sector in
__raid56_parity_recover() (bsc#1012628).
- btrfs: only write the sectors in the vertical stripe which
has data stripes (bsc#1012628).
- net_sched: cls_route: disallow handle of 0 (bsc#1012628).
- tee: add overflow check in register_shm_helper() (bsc#1012628).
- Revert "mm: kfence: apply kmemleak_ignore_phys on early
allocated pool" (bsc#1012628).
- commit 0140109
++++ gcc12:
- Allow cross-pru-gcc12-bootstrap for armv7l architecture.
PRU architecture is used for real-time MCUs embedded into TI
armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for
armv7l in order to build both host applications and PRU firmware
during the same build.
------------------------------------------------------------------
------------------ 2022-8-20 - Aug 20 2022 -------------------
------------------------------------------------------------------
++++ sudo:
- Update to 1.9.11p3:
* Changes in Sudo 1.9.11
* Fixed a crash in the Python module with Python 3.9.10 on some systems.
Additionally, make check now passes for Python 3.9.10.
* Error messages sent via email now include more details, including the file
name and the line number and column of the error. Multiple errors are sent in
a single message. Previously, only the first error was included.
* Fixed logging of parse errors in JSON format. Previously, the JSON logger would
not write entries unless the command and runuser were set. These may not be
known at the time a parse error is encountered.
* Fixed a potential crash parsing sudoers lines larger than twice the value of
LINE_MAX on systems that lack the getdelim() function.
* The tests run by make check now unset the LANGUAGE environment variable.
Otherwise, localization strings will not match if LANGUAGE is set to a
non-English locale. Bug #1025.
* The “starttime†test now passed when run under Debian faketime. Bug #1026.
* The Kerberos authentication module now honors the custom password prompt if one
has been specified.
* The embedded copy of zlib has been updated to version 1.2.12.
* Updated the version of libtool used by sudo to version 2.4.7.
* Sudo now defines _TIME_BITS to 64 on systems that define __TIMESIZE in the
header files (currently only GNU libc). This is required to allow the use of
64-bit time values on some 32-bit systems.
* Sudo’s intercept and log_subcmds options no longer force the command to run in
its own pseudo-terminal. It is now also possible to intercept the system(3) function.
* Fixed a bug in sudo_logsrvd when run in store-first relay mode where the commit
point messages sent by the server were incorrect if the command was suspended
or received a window size change event.
* Fixed a potential crash in sudo_logsrvd when the tls_dhparams configuration
setting was used.
* The intercept and log_subcmds functionality can now use ptrace(2) on Linux
systems that support seccomp(2) filtering. This has the advantage of working
for both static and dynamic binaries and can work with sudo’s SELinux RBAC mode.
The following architectures are currently supported: i386, x86_64, aarch64, arm,
mips (log_subcmds only), powerpc, riscv, and s390x. The default is to use
ptrace(2) where possible; the new intercept_type sudoers setting can be used
to explicitly set the type.
* New Georgian translation from translationproject.org.
* Fixed creating packages on CentOS Stream.
* Fixed a bug in the intercept and log_subcmds support where the execve(2)
wrapper was using the current environment instead of the passed environment
pointer. Bug #1030.
* Added AppArmor integration for Linux. A sudoers rule can now specify an
APPARMOR_PROFILE option to run a command confined by the named AppArmor profile.
* Fixed parsing of the server_log setting in sudo_logsrvd.conf. Non-paths were
being treated as paths and an actual path was treated as an error.
* Changes in Sudo 1.9.11p1:
* Correctly handle EAGAIN in the I/O read/right events. This fixes a hang seen on
some systems when piping a large amount of data through sudo, such as via rsync.
Bug #963.
* Changes to avoid implementation or unspecified behavior when bit shifting signed
values in the protobuf library.
* Fixed a compilation error on Linux/aarch64.
* Fixed the configure check for seccomp(2) support on Linux.
* Corrected the EBNF specification for tags in the sudoers manual page.
GitHub issue #153.
* Changes in Sudo 1.9.11p2:
* Fixed a compilation error on Linux/x86_64 with the x32 ABI.
* Fixed a regression introduced in 1.9.11p1 that caused a warning when logging to
sudo_logsrvd if the command returned no output.
* Changes in Sudo 1.9.11p3:
* Fixed “connection reset†errors on AIX when running shell scripts with the intercept
or log_subcmds sudoers options enabled. Bug #1034.
* Fixed very slow execution of shell scripts when the intercept or log_subcmds sudoers
options are set on systems that enable Nagle’s algorithm on the loopback device,
such as AIX. Bug #1034.
* Modified sudo-sudoers.patch
- Added sudo-1.9.10-update_sudouser_to_utf8.patch
* [bsc#1197998]
* Enable sudouser LDAP schema to use UTF-8 encodings.
* Sourced from https://github.com/sudo-project/sudo/pull/163
* Credit to William Brown, william.brown@suse.com
++++ tar:
- drop tar-recursive--files-from.patch (causes bsc#918487)
------------------------------------------------------------------
------------------ 2022-8-19 - Aug 19 2022 -------------------
------------------------------------------------------------------
++++ apparmor:
- skip code linting for packaging
* removes pyflakes from the build requirements and thus Ring1
* see also https://gitlab.com/apparmor/apparmor/-/issues/121
++++ kernel-default:
- Revert "usb: typec: ucsi: add a common function
ucsi_unregister_connectors()" (bsc#120238).
- commit 46d0607
++++ libapparmor:
- skip code linting for packaging
* removes pyflakes from the build requirements and thus Ring1
* see also https://gitlab.com/apparmor/apparmor/-/issues/121
++++ lttng-ust:
- Update to version 2.13.3:
* Document ust lock async-signal-safety.
* Fix: don't use strerror() from ust lock nocheck.
* Fix: remove non-async-signal-safe fflush from ERR().
* Fix: Pointers are rejected by integer element compile time
assertion for array and sequence.
* Fix: statedump: invalid read during iter_end.
* Fix: bytecode interpreter context_get_index() leaves byte order
uninitialised.
++++ shadow:
- Update to 4.12.2:
* Address CVE-2013-4235 (TOCTTOU when copying directories) [bsc#916845]
- Refresh useradd-userkeleton.patch:
LSTAT() was removed with https://github.com/shadow-maint/shadow/pull/545
Let's use fstatat() now.
++++ libtirpc:
- update to 1.3.3 (bsc#1201680, CVE-2021-46828):
* Fix DoS vulnerability in libtirpc
* _rpc_dtablesize: use portable system call
* libtirpc: Fix use-after-free accessing the error number
* Fix potential memory leak of parms.r_addr
* rpcb_clnt.c add mechanism to try v2 protocol first
* Eliminate deadlocks in connects with an MT environment
* clnt_dg_freeres() uncleared set active state may deadlock
* thread safe clnt destruction
* SUNRPC: mutexed access blacklist_read state variable
* SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c
- drop 0001-Fix-DoS-vulnerability-in-libtirpc.patch (upstream)
++++ userspace-rcu:
- Update to version 0.13.2:
* Revert "Fix: remove type constness in URCU_FORCE_CAST's C++
version".
* Fix: futex.h: include headers outside extern C.
* Fix: add missing unused attribute to _rcu_dereference.
* Fix: change method used by _rcu_dereference to strip type constness.
* Fix: remove type constness in URCU_FORCE_CAST's C++ version.
* Move extern "C" down in include/urcu/urcu-bp.h.
* Fix: ifdef linux specific cpu count compat.
* Set git-review branch to stable-0.13.
* Fix: sysconf(_SC_NPROCESSORS_CONF) can be less than max cpu id.
* Fix: revise obsolete command in README.md.
* Fix: workqueue: remove unused variable "ret".
* Fix: futex wait: handle spurious futex wakeups.
* Fix: Use %lu rather than %ld to print count.
++++ libvirt:
- spec: Place 'Requires:' on compression binaries instead of their
associated packages
boo#1202569
++++ python-pbr:
- update to 5.10.0:
* Specify Changelog procedure
* Allow leading spaces when determining symbols
* Adding python classifiers py38 & py39
------------------------------------------------------------------
------------------ 2022-8-18 - Aug 18 2022 -------------------
------------------------------------------------------------------
++++ dracut:
- Update to version 057+suse.309.gb71946f6:
* fix(dracut-initramfs-restore.sh): hide unpack errors (bsc#1199341)
* chore(suse): remove suse-module-tools build requirement
* fix(suse-initrd): always check that MACHINE_ID is not empty (bsc#1201780)
++++ grub2:
- Fix tpm error stop tumbleweed from booting (bsc#1202374)
* 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch
- Patch Removed
* 0001-tpm-Log-EFI_VOLUME_FULL-and-continue.patch
++++ kernel-default:
- Update config files (bsc#1201361 bsc#1192968 https://github.com/rear/rear/issues/2554).
ppc64: NVRAM=y
- commit e3d4124
- Update config files: CONFIG_SPI_AMD=m on x86 (bsc#1201418)
- commit 017ef8a
- Workaround for missing HD-audio on AMD platforms (bsc#1202492).
- commit 60e6173
- Linux 5.19.2 (bsc#1012628).
- Revert "pNFS: nfs3_set_ds_client should set NFS_CS_NOPING"
(bsc#1012628).
- scsi: Revert "scsi: qla2xxx: Fix disk failure to rediscover"
(bsc#1012628).
- pNFS/flexfiles: Report RDMA connection errors to the server
(bsc#1012628).
- nfsd: eliminate the NFSD_FILE_BREAK_* flags (bsc#1012628).
- ALSA: usb-audio: Add quirk for Behringer UMC202HD (bsc#1012628).
- ALSA: bcd2000: Fix a UAF bug on the error path of probing
(bsc#1012628).
- ALSA: hda/realtek: Add quirk for Clevo NV45PZ (bsc#1012628).
- ALSA: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx
(bsc#1012628).
- ALSA: hda/realtek: Add quirk for Lenovo Yoga9 14IAP7
(bsc#1012628).
- ASoC: amd: yc: Update DMI table entries (bsc#1012628).
- hwmon: (nct6775) Fix platform driver suspend regression
(bsc#1012628).
- wifi: mac80211_hwsim: fix race condition in pending packet
(bsc#1012628).
- wifi: mac80211_hwsim: add back erroneously removed cast
(bsc#1012628).
- wifi: mac80211_hwsim: use 32-bit skb cookie (bsc#1012628).
- add barriers to buffer_uptodate and set_buffer_uptodate
(bsc#1012628).
- lockd: detect and reject lock arguments that overflow
(bsc#1012628).
- HID: hid-input: add Surface Go battery quirk (bsc#1012628).
- HID: nintendo: Add missing array termination (bsc#1012628).
- HID: wacom: Only report rotation for art pen (bsc#1012628).
- HID: wacom: Don't register pad_input for touch switch
(bsc#1012628).
- KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending
case (bsc#1012628).
- KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for
!nested_run_pending case (bsc#1012628).
- KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0
(bsc#1012628).
- KVM: s390: pv: don't present the ecall interrupt twice
(bsc#1012628).
- KVM: Drop unused @gpa param from gfn=>pfn cache's
__release_gpc() helper (bsc#1012628).
- KVM: Put the extra pfn reference when reusing a pfn in the
gpc cache (bsc#1012628).
- KVM: Fully serialize gfn=>pfn cache refresh via mutex
(bsc#1012628).
- KVM: Fix multiple races in gfn=>pfn cache refresh (bsc#1012628).
- KVM: Do not incorporate page offset into gfn=>pfn cache user
address (bsc#1012628).
- KVM: x86: Split kvm_is_valid_cr4() and export only the
non-vendor bits (bsc#1012628).
- KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported
value (bsc#1012628).
- KVM: nVMX: Account for KVM reserved CR4 bits in consistency
checks (bsc#1012628).
- KVM: nVMX: Inject #UD if VMXON is attempted with incompatible
CR0/CR4 (bsc#1012628).
- KVM: x86: Mark TSS busy during LTR emulation _after_ all fault
checks (bsc#1012628).
- KVM: x86: Set error code to segment selector on LLDT/LTR
non-canonical #GP (bsc#1012628).
- KVM: x86/mmu: Treat NX as a valid SPTE bit for NPT
(bsc#1012628).
- KVM: SVM: Disable SEV-ES support if MMIO caching is disable
(bsc#1012628).
- KVM: x86: Tag kvm_mmu_x86_module_init() with __init
(bsc#1012628).
- KVM: x86/mmu: Fully re-evaluate MMIO caching when SPTE masks
change (bsc#1012628).
- KVM: x86: do not report preemption if the steal time cache is
stale (bsc#1012628).
- KVM: x86: revalidate steal time cache if MSR value changes
(bsc#1012628).
- KVM: x86/xen: Initialize Xen timer only once (bsc#1012628).
- KVM: x86/xen: Stop Xen timer before changing IRQ (bsc#1012628).
- ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model
(bsc#1012628).
- ALSA: hda/cirrus - support for iMac 12,1 model (bsc#1012628).
- ALSA: hda/realtek: Add quirk for another Asus K42JZ model
(bsc#1012628).
- ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED
(bsc#1012628).
- LoongArch: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
(bsc#1012628).
- tty: 8250: Add support for Brainboxes PX cards (bsc#1012628).
- tty: vt: initialize unicode screen buffer (bsc#1012628).
- vfs: Check the truncate maximum size in inode_newsize_ok()
(bsc#1012628).
- fs: Add missing umask strip in vfs_tmpfile (bsc#1012628).
- thermal: sysfs: Fix cooling_device_stats_setup() error code path
(bsc#1012628).
- fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters
(bsc#1012628).
- fbcon: Fix accelerated fbdev scrolling while logo is still shown
(bsc#1012628).
- usbnet: Fix linkwatch use-after-free on disconnect
(bsc#1012628).
- usbnet: smsc95xx: Fix deadlock on runtime resume (bsc#1012628).
- fix short copy handling in copy_mc_pipe_to_iter() (bsc#1012628).
- crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent
kernel memory leak (bsc#1012628).
- ovl: drop WARN_ON() dentry is NULL in ovl_encode_fh()
(bsc#1012628).
- parisc: Fix device names in /proc/iomem (bsc#1012628).
- parisc: Drop pa_swapper_pg_lock spinlock (bsc#1012628).
- parisc: Check the return value of ioremap() in
lba_driver_probe() (bsc#1012628).
- parisc: io_pgetevents_time64() needs compat syscall in 32-bit
compat mode (bsc#1012628).
- riscv:uprobe fix SR_SPIE set/clear handling (bsc#1012628).
- riscv: lib: uaccess: fix CSR_STATUS SR_SUM bit (bsc#1012628).
- dt-bindings: riscv: fix SiFive l2-cache's cache-sets
(bsc#1012628).
- riscv: dts: starfive: correct number of external interrupts
(bsc#1012628).
- RISC-V: cpu_ops_spinwait.c should include head.h (bsc#1012628).
- RISC-V: Declare cpu_ops_spinwait in <asm/cpu_ops.h>
(bsc#1012628).
- RISC-V: kexec: Fixup use of smp_processor_id() in preemptible
context (bsc#1012628).
- RISC-V: Fixup get incorrect user mode PC for kernel mode regs
(bsc#1012628).
- RISC-V: Fixup schedule out issue in machine_crash_shutdown()
(bsc#1012628).
- RISC-V: Add modules to virtual kernel memory layout dump
(bsc#1012628).
- RISC-V: Fix counter restart during overflow for RV32
(bsc#1012628).
- RISC-V: Fix SBI PMU calls for RV32 (bsc#1012628).
- RISC-V: Update user page mapping only once during start
(bsc#1012628).
- wireguard: selftests: set CONFIG_NONPORTABLE on riscv32
(bsc#1012628).
- rtc: rx8025: fix 12/24 hour mode detection on RX-8035
(bsc#1012628).
- drm/gem: Properly annotate WW context on
drm_gem_lock_reservations() error (bsc#1012628).
- drm/shmem-helper: Add missing vunmap on error (bsc#1012628).
- drm/vc4: hdmi: Disable audio if dmas property is present but
empty (bsc#1012628).
- drm/ingenic: Use the highest possible DMA burst size
(bsc#1012628).
- drm/fb-helper: Fix out-of-bounds access (bsc#1012628).
- drm/hyperv-drm: Include framebuffer and EDID headers
(bsc#1012628).
- drm/dp/mst: Read the extended DPCD capabilities during system
resume (bsc#1012628).
- drm/nouveau: fix another off-by-one in nvbios_addr
(bsc#1012628).
- drm/nouveau: Don't pm_runtime_put_sync(), only
pm_runtime_put_autosuspend() (bsc#1012628).
- drm/nouveau/acpi: Don't print error when we get -EINPROGRESS
from pm_runtime (bsc#1012628).
- drm/nouveau/kms: Fix failure path for creating DP connectors
(bsc#1012628).
- drm/tegra: Fix vmapping of prime buffers (bsc#1012628).
- drm/amdgpu: Check BO's requested pinning domains against its
preferred_domains (bsc#1012628).
- bpf: Fix KASAN use-after-free Read in compute_effective_progs
(bsc#1012628).
- btrfs: reject log replay if there is unsupported RO compat flag
(bsc#1012628).
- mtd: rawnand: arasan: Fix clock rate in NV-DDR (bsc#1012628).
- mtd: rawnand: arasan: Update NAND bus clock instead of system
clock (bsc#1012628).
- um: Remove straying parenthesis (bsc#1012628).
- um: seed rng using host OS rng (bsc#1012628).
- iio: fix iio_format_avail_range() printing for none IIO_VAL_INT
(bsc#1012628).
- iio: light: isl29028: Fix the warning in isl29028_remove()
(bsc#1012628).
- scsi: lpfc: Remove extra atomic_inc on cmd_pending in
queuecommand after VMID (bsc#1012628).
- scsi: sg: Allow waiting for commands to complete on removed
device (bsc#1012628).
- scsi: qla2xxx: Fix incorrect display of max frame size
(bsc#1012628).
- scsi: qla2xxx: Zero undefined mailbox IN registers
(bsc#1012628).
- soundwire: qcom: Check device status before reading devid
(bsc#1012628).
- ksmbd: fix memory leak in smb2_handle_negotiate (bsc#1012628).
- ksmbd: prevent out of bound read for SMB2_TREE_CONNNECT
(bsc#1012628).
- ksmbd: prevent out of bound read for SMB2_WRITE (bsc#1012628).
- ksmbd: fix use-after-free bug in smb2_tree_disconect
(bsc#1012628).
- ksmbd: fix heap-based overflow in set_ntacl_dacl()
(bsc#1012628).
- fuse: limit nsec (bsc#1012628).
- fuse: ioctl: translate ENOSYS (bsc#1012628).
- fuse: write inode in fuse_release() (bsc#1012628).
- fuse: fix deadlock between atomic O_TRUNC and page invalidation
(bsc#1012628).
- serial: mvebu-uart: uart2 error bits clearing (bsc#1012628).
- md-raid: destroy the bitmap after destroying the thread
(bsc#1012628).
- md-raid10: fix KASAN warning (bsc#1012628).
- mbcache: don't reclaim used entries (bsc#1012628).
- mbcache: add functions to delete entry if unused (bsc#1012628).
- media: isl7998x: select V4L2_FWNODE to fix build error
(bsc#1012628).
- media: [PATCH] pci: atomisp_cmd: fix three missing checks on
list iterator (bsc#1012628).
- ia64, processor: fix -Wincompatible-pointer-types in
ia64_get_irr() (bsc#1012628).
- powerpc: Restore CONFIG_DEBUG_INFO in defconfigs (bsc#1012628).
- powerpc/64e: Fix early TLB miss with KUAP (bsc#1012628).
- powerpc/fsl-pci: Fix Class Code of PCIe Root Port (bsc#1012628).
- powerpc/ptdump: Fix display of RW pages on FSL_BOOK3E
(bsc#1012628).
- powerpc/powernv: Avoid crashing if rng is NULL (bsc#1012628).
- MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
(bsc#1012628).
- coresight: Clear the connection field properly (bsc#1012628).
- usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command
completion (bsc#1012628).
- USB: HCD: Fix URB giveback issue in tasklet function
(bsc#1012628).
- Revert "net: usb: ax88179_178a needs FLAG_SEND_ZLP"
(bsc#1012628).
- ARM: dts: uniphier: Fix USB interrupts for PXs2 SoC
(bsc#1012628).
- arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC
(bsc#1012628).
- usb: dwc3: gadget: refactor dwc3_repare_one_trb (bsc#1012628).
- usb: dwc3: gadget: fix high speed multiplier setting
(bsc#1012628).
- netfilter: nf_tables: do not allow SET_ID to refer to another
table (bsc#1012628).
- netfilter: nf_tables: do not allow CHAIN_ID to refer to another
table (bsc#1012628).
- netfilter: nf_tables: do not allow RULE_ID to refer to another
chain (bsc#1012628).
- netfilter: nf_tables: upfront validation of data via
nft_data_init() (bsc#1012628).
- netfilter: nf_tables: disallow jump to implicit chain from
set element (bsc#1012628).
- netfilter: nf_tables: fix null deref due to zeroed list head
(bsc#1012628).
- epoll: autoremove wakers even more aggressively (bsc#1012628).
- x86: Handle idle=nomwait cmdline properly for x86_idle
(bsc#1012628).
- arch: make TRACE_IRQFLAGS_NMI_SUPPORT generic (bsc#1012628).
- arm64: kasan: do not instrument stacktrace.c (bsc#1012628).
- arm64: stacktrace: use non-atomic __set_bit (bsc#1012628).
- arm64: Do not forget syscall when starting a new thread
(bsc#1012628).
- arm64: fix oops in concurrently setting insn_emulation sysctls
(bsc#1012628).
- arm64: kasan: Revert "arm64: mte: reset the page tag in
page->flags" (bsc#1012628).
- arm64: errata: Remove AES hwcap for COMPAT tasks (bsc#1012628).
- ext2: Add more validity checks for inode counts (bsc#1012628).
- sched/fair: Introduce SIS_UTIL to search idle CPU based on
sum of util_avg (bsc#1012628).
- genirq: Don't return error on missing optional
irq_request_resources() (bsc#1012628).
- irqchip/mips-gic: Only register IPI domain when SMP is enabled
(bsc#1012628).
- genirq: GENERIC_IRQ_IPI depends on SMP (bsc#1012628).
- sched/fair: fix case with reduced capacity CPU (bsc#1012628).
- sched/core: Always flush pending blk_plug (bsc#1012628).
- irqchip/mips-gic: Check the return value of ioremap() in
gic_of_init() (bsc#1012628).
- ARM: dts: imx6ul: add missing properties for sram (bsc#1012628).
- ARM: dts: imx6ul: change operating-points to uint32-matrix
(bsc#1012628).
- ARM: dts: imx6ul: fix keypad compatible (bsc#1012628).
- ARM: dts: imx6ul: fix csi node compatible (bsc#1012628).
- ARM: dts: imx6ul: fix lcdif node compatible (bsc#1012628).
- ARM: dts: imx6ul: fix qspi node compatible (bsc#1012628).
- ARM: dts: BCM5301X: Add DT for Meraki MR26 (bsc#1012628).
- ARM: dts: ux500: Fix Janice accelerometer mounting matrix
(bsc#1012628).
- ARM: dts: ux500: Fix Codina accelerometer mounting matrix
(bsc#1012628).
- ARM: dts: ux500: Fix Gavini accelerometer mounting matrix
(bsc#1012628).
- arm64: dts: qcom: timer should use only 32-bit size
(bsc#1012628).
- spi: synquacer: Add missing clk_disable_unprepare()
(bsc#1012628).
- ARM: OMAP2+: display: Fix refcount leak bug (bsc#1012628).
- ARM: OMAP2+: pdata-quirks: Fix refcount leak bug (bsc#1012628).
- ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from
DMI quirks (bsc#1012628).
- ACPI: EC: Drop the EC_FLAGS_IGNORE_DSDT_GPE quirk (bsc#1012628).
- ACPI: PM: save NVS memory for Lenovo G40-45 (bsc#1012628).
- ACPI: LPSS: Fix missing check in register_device_clock()
(bsc#1012628).
- ARM: dts: qcom: sdx55: Fix the IRQ trigger type for UART
(bsc#1012628).
- arm64: dts: qcom: sc7280: Rename sar sensor labels
(bsc#1012628).
- arm64: dts: qcom: add missing AOSS QMP compatible fallback
(bsc#1012628).
- arm64: dts: qcom: ipq8074: fix NAND node name (bsc#1012628).
- arm64: dts: allwinner: a64: orangepi-win: Fix LED node name
(bsc#1012628).
- ARM: shmobile: rcar-gen2: Increase refcount for new reference
(bsc#1012628).
- firmware: tegra: Fix error check return value of
debugfs_create_file() (bsc#1012628).
- hwmon: (dell-smm) Add Dell XPS 13 7390 to fan control whitelist
(bsc#1012628).
- PM: EM: convert power field to micro-Watts precision and align
drivers (bsc#1012628).
- ACPI: video: Use native backlight on Dell Inspiron N4010
(bsc#1012628).
- hwmon: (sht15) Fix wrong assumptions in device remove callback
(bsc#1012628).
- PM: hibernate: defer device probing when resuming from
hibernation (bsc#1012628).
- selinux: fix memleak in security_read_state_kernel()
(bsc#1012628).
- selinux: Add boundary check in put_entry() (bsc#1012628).
- io_uring: fix io_uring_cqe_overflow trace format (bsc#1012628).
- kasan: test: Silence GCC 12 warnings (bsc#1012628).
- wait: Fix __wait_event_hrtimeout for RT/DL tasks (bsc#1012628).
- meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init
(bsc#1012628).
- arm64: dts: renesas: beacon: Fix regulator node names
(bsc#1012628).
- spi: spi-altera-dfl: Fix an error handling path (bsc#1012628).
- ARM: bcm: Fix refcount leak in bcm_kona_smc_init (bsc#1012628).
- ACPI: processor/idle: Annotate more functions to live in
cpuidle section (bsc#1012628).
- ARM: dts: imx7d-colibri-emmc: add cpu1 supply (bsc#1012628).
- ARM: dts: imx7-colibri: overhaul display/touch functionality
(bsc#1012628).
- ARM: dts: imx7-colibri: add usb dual-role switching using extcon
(bsc#1012628).
- ARM: dts: imx7-colibri: improve wake-up with gpio key
(bsc#1012628).
- ARM: dts: imx7-colibri: move aliases, chosen, extcon and
gpio-keys (bsc#1012628).
- ARM: dts: imx7-colibri-eval-v3: correct can controller comment
(bsc#1012628).
- soc: renesas: r8a779a0-sysc: Fix A2DP1 and A2CV[2357] PDR values
(bsc#1012628).
- soc: amlogic: Fix refcount leak in meson-secure-pwrc.c
(bsc#1012628).
- arm64: dts: renesas: Fix thermal-sensors on single-zone sensors
(bsc#1012628).
- Revert "ARM: dts: imx6qdl-apalis: Avoid underscore in node name"
(bsc#1012628).
- x86/pmem: Fix platform-device leak in error path (bsc#1012628).
- ARM: dts: ast2500-evb: fix board compatible (bsc#1012628).
- ARM: dts: ast2600-evb: fix board compatible (bsc#1012628).
- ARM: dts: ast2600-evb-a1: fix board compatible (bsc#1012628).
- arm64: dts: mt8192: Fix idle-states nodes naming scheme
(bsc#1012628).
- arm64: dts: mt8192: Fix idle-states entry-method (bsc#1012628).
- arm64: select TRACE_IRQFLAGS_NMI_SUPPORT (bsc#1012628).
- arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1
(bsc#1012628).
- locking/lockdep: Fix lockdep_init_map_*() confusion
(bsc#1012628).
- arm64: dts: qcom: sc7180: Remove ipa_fw_mem node on trogdor
(bsc#1012628).
- soc: fsl: guts: machine variable might be unset (bsc#1012628).
- spi: s3c64xx: constify fsd_spi_port_config (bsc#1012628).
- block: fix infinite loop for invalid zone append (bsc#1012628).
- arm64: dts: qcom: sdm845-akatsuki: Round down l22a regulator
voltage (bsc#1012628).
- ARM: dts: qcom: mdm9615: add missing PMIC GPIO reg
(bsc#1012628).
- ARM: OMAP2+: Fix refcount leak in omapdss_init_of (bsc#1012628).
- ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init
(bsc#1012628).
- arm64: dts: qcom: sdm630: disable GPU by default (bsc#1012628).
- arm64: dts: qcom: sdm630: fix the qusb2phy ref clock
(bsc#1012628).
- arm64: dts: qcom: sdm630: fix gpu's interconnect path
(bsc#1012628).
- arm64: dts: qcom: sdm636-sony-xperia-ganges-mermaid: correct
sdc2 pinconf (bsc#1012628).
- cpufreq: zynq: Fix refcount leak in zynq_get_revision
(bsc#1012628).
- arm64: dts: renesas: r8a779m8: Drop operating points above
1.5 GHz (bsc#1012628).
- arm64: dts: renesas: r9a07g054l2-smarc: Correct SoC name in
comment (bsc#1012628).
- regulator: qcom_smd: Fix pm8916_pldo range (bsc#1012628).
- ACPI: APEI: Fix _EINJ vs EFI_MEMORY_SP (bsc#1012628).
- ARM: dts: qcom: replace gcc PXO with pxo_board fixed clock
(bsc#1012628).
- ARM: dts: qcom-msm8974: fix irq type on blsp2_uart1
(bsc#1012628).
- soc: qcom: ocmem: Fix refcount leak in of_get_ocmem
(bsc#1012628).
- soc: qcom: aoss: Fix refcount leak in
qmp_cooling_devices_register (bsc#1012628).
- ARM: dts: qcom: msm8974: add required ranges to OCMEM
(bsc#1012628).
- ARM: dts: qcom: pm8841: add required thermal-sensor-cells
(bsc#1012628).
- bus: hisi_lpc: fix missing platform_device_put() in
hisi_lpc_acpi_probe() (bsc#1012628).
- lib: overflow: Do not define 64-bit tests on 32-bit
(bsc#1012628).
- stack: Declare {randomize_,}kstack_offset to fix Sparse warnings
(bsc#1012628).
- arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node
(bsc#1012628).
- arm64: dts: qcom: msm8994: add required ranges to OCMEM
(bsc#1012628).
- perf/x86/intel: Fix PEBS memory access info encoding for ADL
(bsc#1012628).
- perf/x86/intel: Fix PEBS data source encoding for ADL
(bsc#1012628).
- arm64: dts: exynosautov9: correct spi11 pin names (bsc#1012628).
- ACPI: VIOT: Fix ACS setup (bsc#1012628).
- m68k: virt: Fix missing platform_device_unregister() on error
in virt_platform_init() (bsc#1012628).
- arm64: dts: qcom: sm6125: Move sdc2 pinctrl from seine-pdx201
to sm6125 (bsc#1012628).
- arm64: dts: qcom: sm6125: Append -state suffix to pinctrl nodes
(bsc#1012628).
- arm64: dts: qcom: msm8996: correct #clock-cells for QMP PHY
nodes (bsc#1012628).
- arm64: dts: qcom: sc7280: drop PCIe PHY clock index
(bsc#1012628).
- arm64: dts: qcom: sm8250: add missing PCIe PHY clock-cells
(bsc#1012628).
- arm64: dts: mt7622: fix BPI-R64 WPS button (bsc#1012628).
- arm64: tegra: Mark BPMP channels as no-memory-wc (bsc#1012628).
- arm64: tegra: Fix SDMMC1 CD on P2888 (bsc#1012628).
- arm64: dts: qcom: sc7280: fix PCIe clock reference
(bsc#1012628).
- erofs: wake up all waiters after z_erofs_lzma_head ready
(bsc#1012628).
- erofs: avoid consecutive detection for Highmem memory
(bsc#1012628).
- spi: Return deferred probe error when controller isn't yet
available (bsc#1012628).
- blk-mq: don't create hctx debugfs dir until q->debugfs_dir is
created (bsc#1012628).
- spi: dw: Fix IP-core versions macro (bsc#1012628).
- spi: Fix simplification of devm_spi_register_controller
(bsc#1012628).
- spi: tegra20-slink: fix UAF in tegra_slink_remove()
(bsc#1012628).
- hwmon: (sch56xx-common) Add DMI override table (bsc#1012628).
- hwmon: (drivetemp) Add module alias (bsc#1012628).
- blktrace: Trace remapped requests correctly (bsc#1012628).
- PM: domains: Ensure genpd_debugfs_dir exists before remove
(bsc#1012628).
- dm writecache: return void from functions (bsc#1012628).
- dm writecache: count number of blocks read, not number of read
bios (bsc#1012628).
- dm writecache: count number of blocks written, not number of
write bios (bsc#1012628).
- dm writecache: count number of blocks discarded, not number
of discard bios (bsc#1012628).
- regulator: of: Fix refcount leak bug in
of_get_regulation_constraints() (bsc#1012628).
- soc: qcom: Make QCOM_RPMPD depend on PM (bsc#1012628).
- soc: qcom: socinfo: Fix the id of SA8540P SoC (bsc#1012628).
- arm64: dts: qcom: msm8998: Make regulator voltages multiple
of step-size (bsc#1012628).
- arm64: dts: qcom: qcs404: Fix incorrect USB2 PHYs assignment
(bsc#1012628).
- ARM: dts: qcom: msm8974: Disable remoteprocs by default
(bsc#1012628).
- irqdomain: Report irq number for NOMAP domains (bsc#1012628).
- perf: RISC-V: Add of_node_put() when breaking out of
for_each_of_cpu_node() (bsc#1012628).
- drivers/perf: arm_spe: Fix consistency of SYS_PMSCR_EL1.CX
(bsc#1012628).
- nohz/full, sched/rt: Fix missed tick-reenabling bug in
dequeue_task_rt() (bsc#1012628).
- sched: only perform capability check on privileged operation
(bsc#1012628).
- sched/numa: Initialise numa_migrate_retry (bsc#1012628).
- x86/extable: Fix ex_handler_msr() print condition (bsc#1012628).
- io_uring: move to separate directory (bsc#1012628).
- io_uring: define a 'prep' and 'issue' handler for each opcode
(bsc#1012628).
- io_uring: Don't require reinitable percpu_ref (bsc#1012628).
- selftests/seccomp: Fix compile warning when CC=clang
(bsc#1012628).
- thermal/tools/tmon: Include pthread and time headers in tmon.h
(bsc#1012628).
- tools/power turbostat: Fix file pointer leak (bsc#1012628).
- dm: return early from dm_pr_call() if DM device is suspended
(bsc#1012628).
- pwm: sifive: Simplify offset calculation for PWMCMP registers
(bsc#1012628).
- pwm: sifive: Ensure the clk is enabled exactly once per running
PWM (bsc#1012628).
- pwm: sifive: Shut down hardware only after pwmchip_remove()
completed (bsc#1012628).
- pwm: lpc18xx: Fix period handling (bsc#1012628).
- erofs: update ctx->pos for every emitted dirent (bsc#1012628).
- dt-bindings: display: bridge: ldb: Fill in reg property
(bsc#1012628).
- drm/i915: remove unused GEM_DEBUG_DECL() and GEM_DEBUG_BUG_ON()
(bsc#1012628).
- drm/rockchip: vop2: unlock on error path in
vop2_crtc_atomic_enable() (bsc#1012628).
- drm: bridge: DRM_FSL_LDB should depend on ARCH_MXC
(bsc#1012628).
- drm/bridge: anx7625: Use DPI bus type (bsc#1012628).
- drm/mgag200: Acquire I/O lock while reading EDID (bsc#1012628).
- drm/meson: Fix refcount leak in meson_encoder_hdmi_init
(bsc#1012628).
- drm/dp: Export symbol / kerneldoc fixes for DP AUX bus
(bsc#1012628).
- drm/bridge: tc358767: Handle dsi_lanes == 0 as invalid
(bsc#1012628).
- drm/bridge: tc358767: Make sure Refclk clock are enabled
(bsc#1012628).
- ath10k: do not enforce interrupt trigger type (bsc#1012628).
- ath11k: Fix warning on variable 'sar' dereference before check
(bsc#1012628).
- ath11k: Init hw_params before setting up AHB resources
(bsc#1012628).
- drm/edid: reset display info in drm_add_edid_modes() for NULL
edid (bsc#1012628).
- drm/bridge: lt9611: Use both bits for HDMI sensing
(bsc#1012628).
- drm/st7735r: Fix module autoloading for Okaya RH128128T
(bsc#1012628).
- drm/panel: Fix build error when
CONFIG_DRM_PANEL_SAMSUNG_ATNA33XC20=y &&
CONFIG_DRM_DISPLAY_HELPER=m (bsc#1012628).
- drm: bridge: adv7511: Move CEC definitions to adv7511_cec.c
(bsc#1012628).
- wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c()
(bsc#1012628).
- wifi: wilc1000: use correct sequence of RESET for chip
Power-UP/Down (bsc#1012628).
- ath11k: fix netdev open race (bsc#1012628).
- ath11k: fix IRQ affinity warning on shutdown (bsc#1012628).
- drm/mipi-dbi: align max_chunk to 2 in spi_transfer
(bsc#1012628).
- drm/ssd130x: Only define a SPI device ID table when built as
a module (bsc#1012628).
- selftests/bpf: Fix test_run logic in fexit_stress.c
(bsc#1012628).
- sample: bpf: xdp_router_ipv4: Allow the kernel to send arp
requests (bsc#1012628).
- selftests/bpf: Fix tc_redirect_dtime (bsc#1012628).
- libbpf: Fix is_pow_of_2 (bsc#1012628).
- ath11k: fix missing skb drop on htc_tx_completion error
(bsc#1012628).
- ath11k: Fix incorrect debug_mask mappings (bsc#1012628).
- ath11k: Avoid REO CMD failed prints during firmware recovery
(bsc#1012628).
- drm/radeon: fix potential buffer overflow in
ni_set_mc_special_registers() (bsc#1012628).
- drm/mediatek: Modify dsi funcs to atomic operations
(bsc#1012628).
- drm/mediatek: Separate poweron/poweroff from enable/disable
and define new funcs (bsc#1012628).
- drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff
function (bsc#1012628).
- drm/meson: encoder_cvbs: Fix refcount leak in
meson_encoder_cvbs_init (bsc#1012628).
- drm/meson: encoder_hdmi: Fix refcount leak in
meson_encoder_hdmi_init (bsc#1012628).
- drm/bridge: lt9611uxc: Cancel only driver's work (bsc#1012628).
- drm/amdgpu: fix scratch register access method in SRIOV
(bsc#1012628).
- drm/amdgpu/display: Prepare for new interfaces (bsc#1012628).
- i2c: npcm: Remove own slave addresses 2:10 (bsc#1012628).
- i2c: npcm: Correct slave role behavior (bsc#1012628).
- i2c: mxs: Silence a clang warning (bsc#1012628).
- virtio-gpu: fix a missing check to avoid NULL dereference
(bsc#1012628).
- drm/virtio: Fix NULL vs IS_ERR checking in
virtio_gpu_object_shmem_init (bsc#1012628).
- libbpf: Fix uprobe symbol file offset calculation logic
(bsc#1012628).
- drm: adv7511: override i2c address of cec before accessing it
(bsc#1012628).
- crypto: sun8i-ss - fix error codes in allocate_flows()
(bsc#1012628).
- crypto: sun8i-ss - Fix error codes for dma_mapping_error()
(bsc#1012628).
- crypto: sun8i-ss - fix a NULL vs IS_ERR() check in
sun8i_ss_hashkey (bsc#1012628).
- net: fix sk_wmem_schedule() and sk_rmem_schedule() errors
(bsc#1012628).
- can: netlink: allow configuring of fixed bit rates without
need for do_set_bittiming callback (bsc#1012628).
- drm/vkms: check plane_composer->map[0] before using it
(bsc#1012628).
- can: netlink: allow configuring of fixed data bit rates without
need for do_set_data_bittiming callback (bsc#1012628).
- drm/bridge: anx7625: Zero error variable when panel bridge
not present (bsc#1012628).
- drm/bridge: it6505: Add missing CRYPTO_HASH dependency
(bsc#1012628).
- i2c: Fix a potential use after free (bsc#1012628).
- libbpf: Fix internal USDT address translation logic for shared
libraries (bsc#1012628).
- selftests/bpf: Don't force lld on non-x86 architectures
(bsc#1012628).
- tcp: fix possible freeze in tx path under memory pressure
(bsc#1012628).
- crypto: sun8i-ss - fix infinite loop in sun8i_ss_setup_ivs()
(bsc#1012628).
- net: ag71xx: fix discards 'const' qualifier warning
(bsc#1012628).
- ping: convert to RCU lookups, get rid of rwlock (bsc#1012628).
- raw: use more conventional iterators (bsc#1012628).
- raw: convert raw sockets to RCU (bsc#1012628).
- raw: Fix mixed declarations error in raw_icmp_error()
(bsc#1012628).
- media: atmel: atmel-sama7g5-isc: fix warning in configs without
OF (bsc#1012628).
- media: camss: csid: fix wrong size passed to
devm_kmalloc_array() (bsc#1012628).
- media: tw686x: Register the irq at the end of probe
(bsc#1012628).
- media: amphion: return error if format is unsupported by vpu
(bsc#1012628).
- media: Hantro: Correct G2 init qp field (bsc#1012628).
- media: imx-jpeg: Correct some definition according specification
(bsc#1012628).
- media: imx-jpeg: Leave a blank space before the configuration
data (bsc#1012628).
- media: imx-jpeg: Align upwards buffer size (bsc#1012628).
- media: imx-jpeg: Implement drain using v4l2-mem2mem helpers
(bsc#1012628).
- media: rcar-vin: Fix channel routing for Ebisu (bsc#1012628).
- wifi: mac80211: set STA deflink addresses (bsc#1012628).
- wifi: iwlegacy: 4965: fix potential off-by-one overflow in
il4965_rs_fill_link_cmd() (bsc#1012628).
- wifi: rtw89: 8852a: rfk: fix div 0 exception (bsc#1012628).
- drm/radeon: fix incorrrect SPDX-License-Identifiers
(bsc#1012628).
- drm/amd: Don't show warning on reading vbios values for SMU13
3.1 (bsc#1012628).
- drm/amdkfd: correct sdma queue number of sdma 6.0.1
(bsc#1012628).
- torture: Adjust to again produce debugging information
(bsc#1012628).
- rcutorture: Fix ksoftirqd boosting timing and iteration
(bsc#1012628).
- test_bpf: fix incorrect netdev features (bsc#1012628).
- drm/display: Fix build error without CONFIG_OF (bsc#1012628).
- selftests/bpf: Fix rare segfault in sock_fields prog test
(bsc#1012628).
- crypto: ccp - During shutdown, check SEV data pointer before
using (bsc#1012628).
- drm: bridge: adv7511: Add check for mipi_dsi_driver_register
(bsc#1012628).
- media: imx-jpeg: Disable slot interrupt when frame done
(bsc#1012628).
- media: amphion: output firmware error message (bsc#1012628).
- drm/mcde: Fix refcount leak in mcde_dsi_bind (bsc#1012628).
- media: hdpvr: fix error value returns in hdpvr_read
(bsc#1012628).
- media: v4l2-mem2mem: prevent pollerr when last_buffer_dequeued
is set (bsc#1012628).
- media: sta2x11: remove VIRT_TO_BUS dependency (bsc#1012628).
- media: mediatek: vcodec: Initialize decoder parameters after
getting dec_capability (bsc#1012628).
- media: mediatek: vcodec: Skip SOURCE_CHANGE & EOS events for
stateless (bsc#1012628).
- media: driver/nxp/imx-jpeg: fix a unexpected return value
problem (bsc#1012628).
- media: tw686x: Fix memory leak in tw686x_video_init
(bsc#1012628).
- media: mediatek: vcodec: Fix non subdev architecture open
power fail (bsc#1012628).
- drm/vc4: kms: Use maximum FIFO load for the HVS clock rate
(bsc#1012628).
- drm/vc4: plane: Remove subpixel positioning check (bsc#1012628).
- drm/vc4: plane: Fix margin calculations for the right/bottom
edges (bsc#1012628).
- drm/vc4: dsi: Release workaround buffer and DMA (bsc#1012628).
- drm/vc4: dsi: Correct DSI divider calculations (bsc#1012628).
- drm/vc4: dsi: Correct pixel order for DSI0 (bsc#1012628).
- drm/vc4: dsi: Register dsi0 as the correct vc4 encoder type
(bsc#1012628).
- drm/vc4: dsi: Fix dsi0 interrupt support (bsc#1012628).
- drm/vc4: dsi: Add correct stop condition to
vc4_dsi_encoder_disable iteration (bsc#1012628).
- drm/vc4: hdmi: Add all the vc5 HDMI registers into the debugfs
dumps (bsc#1012628).
- drm/vc4: hdmi: Clear unused infoframe packet RAM registers
(bsc#1012628).
- drm/vc4: hdmi: Avoid full hdmi audio fifo writes (bsc#1012628).
- drm/vc4: hdmi: Reset HDMI MISC_CONTROL register (bsc#1012628).
- drm/vc4: hdmi: Switch to pm_runtime_status_suspended
(bsc#1012628).
- drm/vc4: hdmi: Move HDMI reset to pm_resume (bsc#1012628).
- drm/vc4: hdmi: Fix timings for interlaced modes (bsc#1012628).
- drm/vc4: hdmi: Force modeset when bpc or format changes
(bsc#1012628).
- drm/vc4: hdmi: Correct HDMI timing registers for interlaced
modes (bsc#1012628).
- drm/vc4: hdmi: Move pixel doubling from Pixelvalve to HDMI block
(bsc#1012628).
- mm: Account dirty folios properly during splits (bsc#1012628).
- crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE
(bsc#1012628).
- selftests/xsk: Destroy BPF resources only when ctx refcount
drops to 0 (bsc#1012628).
- net: dsa: felix: update base time of time-aware shaper when
adjusting PTP time (bsc#1012628).
- net: dsa: felix: keep reference on entire tc-taprio config
(bsc#1012628).
- net: dsa: felix: drop oversized frames with tc-taprio instead
of hanging the port (bsc#1012628).
- selftests: net: fib_rule_tests: fix support for running
individual tests (bsc#1012628).
- drm/rockchip: vop: Don't crash for invalid duplicate_state()
(bsc#1012628).
- drm/rockchip: Fix an error handling path rockchip_dp_probe()
(bsc#1012628).
- drm/mediatek: dpi: Remove output format of YUV (bsc#1012628).
- drm/mediatek: dpi: Only enable dpi after the bridge is enabled
(bsc#1012628).
- drm/msm/dpu: move intf and wb assignment to
dpu_encoder_setup_display() (bsc#1012628).
- drm/msm/dpu: fix maxlinewidth for writeback block (bsc#1012628).
- drm/msm/dpu: remove hard-coded linewidth limit for writeback
(bsc#1012628).
- drm/msm/hdmi: fill the pwr_regs bulk regulators (bsc#1012628).
- drm: bridge: sii8620: fix possible off-by-one (bsc#1012628).
- drm/msm: Fix fence rollover issue (bsc#1012628).
- net: sched: provide shim definitions for
taprio_offload_{get,free} (bsc#1012628).
- net: dsa: felix: build as module when tc-taprio is module
(bsc#1012628).
- hinic: Use the bitmap API when applicable (bsc#1012628).
- net: hinic: fix bug that ethtool get wrong stats (bsc#1012628).
- net: hinic: avoid kernel hung in hinic_get_stats64()
(bsc#1012628).
- drm/bridge: anx7625: Fix NULL pointer crash when using edp-panel
(bsc#1012628).
- drm/msm: Avoid unclocked GMU register access in 6xx gpu_busy
(bsc#1012628).
- libbpf, riscv: Use a0 for RC register (bsc#1012628).
- drm/msm/mdp5: Fix global state lock backoff (bsc#1012628).
- drm/radeon: avoid bogus "vram limit (0) must be a power of 2"
warning (bsc#1012628).
- crypto: hisilicon/sec - don't sleep when in softirq
(bsc#1012628).
- crypto: hisilicon - Kunpeng916 crypto driver don't sleep when
in softirq (bsc#1012628).
- media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment
(bsc#1012628).
- media: amphion: release core lock before reset vpu core
(bsc#1012628).
- drm/msm/dpu: Fix for non-visible planes (bsc#1012628).
- media: atomisp: revert "don't pass a pointer to a local
variable" (bsc#1012628).
- media: mediatek: vcodec: decoder: Fix 4K frame size enumeration
(bsc#1012628).
- media: mediatek: vcodec: decoder: Fix resolution clamping in
TRY_FMT (bsc#1012628).
- media: mediatek: vcodec: decoder: Skip alignment for default
resolution (bsc#1012628).
- media: mediatek: vcodec: decoder: Drop max_{width,height}
from mtk_vcodec_ctx (bsc#1012628).
- media: mediatek: vcodec: Initialize decoder parameters for
each instance (bsc#1012628).
- media: amphion: defer setting last_buffer_dequeued until
resolution changes are processed (bsc#1012628).
- media: hantro: Be more accurate on pixel formats step_width
constraints (bsc#1012628).
- media: hantro: Fix RK3399 H.264 format advertising
(bsc#1012628).
- media: amphion: sync buffer status with firmware during abort
(bsc#1012628).
- media: amphion: only insert the first sequence startcode for
vc1l format (bsc#1012628).
- mt76: mt7915: fix endianness in mt7915_rf_regval_get
(bsc#1012628).
- mt76: mt76x02u: fix possible memory leak in
__mt76x02u_mcu_send_msg (bsc#1012628).
- mt76: mt7915: fix endian bug in mt7915_rf_regval_set()
(bsc#1012628).
- mt76: mt7921s: fix firmware download random fail (bsc#1012628).
- mt76: mt7921: not support beacon offload disable command
(bsc#1012628).
- wifi: mac80211: reject WEP or pairwise keys with key ID > 3
(bsc#1012628).
- wifi: cfg80211: do some rework towards MLO link APIs
(bsc#1012628).
- wifi: mac80211: move some future per-link data to bss_conf
(bsc#1012628).
- mt76: mt7615: do not update pm stats in case of error
(bsc#1012628).
- mt76: mt7921: do not update pm states in case of error
(bsc#1012628).
- mt76: mt7921s: fix possible sdio deadlock in command fail
(bsc#1012628).
- mt76: mt7921: fix aggregation subframes setting to HE max
(bsc#1012628).
- mt76: mt7921: enlarge maximum VHT MPDU length to 11454
(bsc#1012628).
- mt76: mt7921: rely on mt76_dev in mt7921_mac_write_txwi
signature (bsc#1012628).
- mt76: mt7915: rely on mt76_dev in mt7915_mac_write_txwi
signature (bsc#1012628).
- mt76: connac: move mac connac2 defs in mt76_connac2_mac.h
(bsc#1012628).
- mt76: connac: move connac2_mac_write_txwi in mt76_connac module
(bsc#1012628).
- mt76: mt7915: fix incorrect testmode ipg on band 1 caused by
wmm_idx (bsc#1012628).
- mt76: mt7615: fix throughput regression on DFS channels
(bsc#1012628).
- mediatek: mt76: mac80211: Fix missing of_node_put() in
mt76_led_init() (bsc#1012628).
- mediatek: mt76: eeprom: fix missing of_node_put() in
mt76_find_power_limits_node() (bsc#1012628).
- skmsg: Fix invalid last sg check in sk_msg_recvmsg()
(bsc#1012628).
- drm/exynos/exynos7_drm_decon: free resources when
clk_set_parent() failed (bsc#1012628).
- bpf, x64: Add predicate for bpf2bpf with tailcalls support in
JIT (bsc#1012628).
- bpf, x86: fix freeing of not-finalized bpf_prog_pack
(bsc#1012628).
- tcp: make retransmitted SKB fit into the send window
(bsc#1012628).
- libbpf: Fix the name of a reused map (bsc#1012628).
- kunit: executor: Fix a memory leak on failure in
kunit_filter_tests (bsc#1012628).
- selftests: timers: valid-adjtimex: build fix for newer
toolchains (bsc#1012628).
- selftests: timers: clocksource-switch: fix passing errors from
child (bsc#1012628).
- bpf: Fix subprog names in stack traces (bsc#1012628).
- wifi: nl80211: acquire wdev mutex for dump_survey (bsc#1012628).
- media: v4l: async: Also match secondary fwnode endpoints
(bsc#1012628).
- media: ov7251: add missing disable functions on error in
ov7251_set_power_on() (bsc#1012628).
- fs: check FMODE_LSEEK to control internal pipe splicing
(bsc#1012628).
- media: cedrus: h265: Fix flag name (bsc#1012628).
- media: uapi: HEVC: Change pic_order_cnt definition in
v4l2_hevc_dpb_entry (bsc#1012628).
- media: cedrus: h265: Fix logic for not low delay flag
(bsc#1012628).
- wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi()
(bsc#1012628).
- wifi: p54: Fix an error handling path in p54spi_probe()
(bsc#1012628).
- wifi: p54: add missing parentheses in p54_flush() (bsc#1012628).
- drm/amdgpu: use the same HDP flush registers for all nbio 7.4.x
(bsc#1012628).
- drm/amdgpu: use the same HDP flush registers for all nbio 2.3.x
(bsc#1012628).
- drm/amdgpu: restore original stable pstate on ctx fini
(bsc#1012628).
- bpf: fix potential 32-bit overflow when accessing ARRAY map
element (bsc#1012628).
- libbpf: make RINGBUF map size adjustments more eagerly
(bsc#1012628).
- selftests/bpf: fix a test for snprintf() overflow (bsc#1012628).
- libbpf: fix an snprintf() overflow check (bsc#1012628).
- can: pch_can: do not report txerr and rxerr during bus-off
(bsc#1012628).
- can: rcar_can: do not report txerr and rxerr during bus-off
(bsc#1012628).
- can: sja1000: do not report txerr and rxerr during bus-off
(bsc#1012628).
- can: hi311x: do not report txerr and rxerr during bus-off
(bsc#1012628).
- can: sun4i_can: do not report txerr and rxerr during bus-off
(bsc#1012628).
- can: kvaser_usb_hydra: do not report txerr and rxerr during
bus-off (bsc#1012628).
- can: kvaser_usb_leaf: do not report txerr and rxerr during
bus-off (bsc#1012628).
- can: usb_8dev: do not report txerr and rxerr during bus-off
(bsc#1012628).
- can: error: specify the values of data[5..7] of CAN error frames
(bsc#1012628).
- libbpf: Fix str_has_sfx()'s return value (bsc#1012628).
- can: pch_can: pch_can_error(): initialize errc before using it
(bsc#1012628).
- Bluetooth: hci_intel: Add check for platform_driver_register
(bsc#1012628).
- Bluetooth: When HCI work queue is drained, only queue chained
work (bsc#1012628).
- Bluetooth: mgmt: Fix refresh cached connection info
(bsc#1012628).
- Bluetooth: hci_sync: Fix resuming scan after suspend resume
(bsc#1012628).
- Bluetooth: hci_sync: Fix not updating privacy_mode
(bsc#1012628).
- Bluetooth: Add default wakeup callback for HCI UART driver
(bsc#1012628).
- i2c: cadence: Support PEC for SMBus block read (bsc#1012628).
- i2c: qcom-geni: Use the correct return value (bsc#1012628).
- btrfs: update stripe_sectors::uptodate in steal_rbio
(bsc#1012628).
- ip_tunnels: Add new flow flags field to ip_tunnel_key
(bsc#1012628).
- bpf: Set flow flag to allow any source IP in bpf_tunnel_key
(bsc#1012628).
- bpf: Fix bpf_xdp_pointer return pointer (bsc#1012628).
- i2c: mux-gpmux: Add of_node_put() when breaking out of loop
(bsc#1012628).
- wifi: ath11k: Fix register write failure on QCN9074
(bsc#1012628).
- wifi: wil6210: debugfs: fix uninitialized variable use in
`wil_write_file_wmi()` (bsc#1012628).
- wifi: iwlwifi: mvm: fix double list_add at
iwl_mvm_mac_wake_tx_queue (bsc#1012628).
- wifi: libertas: Fix possible refcount leak in if_usb_probe()
(bsc#1012628).
- media: cedrus: hevc: Add check for invalid timestamp
(bsc#1012628).
- hantro: Remove incorrect HEVC SPS validation (bsc#1012628).
- drm/amd/display: fix signedness bug in
execute_synaptics_rc_command() (bsc#1012628).
- net/mlx5e: Remove WARN_ON when trying to offload an unsupported
TLS cipher/version (bsc#1012628).
- net/mlx5e: TC, Fix post_act to not match on in_port metadata
(bsc#1012628).
- net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS (bsc#1012628).
- net/mlx5e: xsk: Account for XSK RQ UMRs when calculating ICOSQ
size (bsc#1012628).
- net/mlx5e: Fix calculations related to max MPWQE size
(bsc#1012628).
- net/mlx5e: Modify slow path rules to go to slow fdb
(bsc#1012628).
- net/mlx5: Adjust log_max_qp to be 18 at most (bsc#1012628).
- net/mlx5: DR, Fix SMFS steering info dump format (bsc#1012628).
- net/mlx5: Fix driver use of uninitialized timeout (bsc#1012628).
- ax25: fix incorrect dev_tracker usage (bsc#1012628).
- crypto: hisilicon/hpre - don't use GFP_KERNEL to alloc mem
during softirq (bsc#1012628).
- crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of
(bsc#1012628).
- crypto: hisilicon/sec - fix auth key size error (bsc#1012628).
- net: allow unbound socket for packets in VRF when
tcp_l3mdev_accept set (bsc#1012628).
- netdevsim: fib: Fix reference count leak on route deletion
failure (bsc#1012628).
- wifi: rtw88: check the return value of alloc_workqueue()
(bsc#1012628).
- iavf: Fix max_rate limiting (bsc#1012628).
- iavf: Fix 'tc qdisc show' listing too many queues (bsc#1012628).
- netdevsim: Avoid allocation warnings triggered from user space
(bsc#1012628).
- net: rose: fix netdev reference changes (bsc#1012628).
- net: ice: fix error NETIF_F_HW_VLAN_CTAG_FILTER check in
ice_vsi_sync_fltr() (bsc#1012628).
- net: ionic: fix error check for vlan flags in
ionic_set_nic_features() (bsc#1012628).
- dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the
same lock (bsc#1012628).
- net: usb: make USB_RTL8153_ECM non user configurable
(bsc#1012628).
- net/mlx5e: xsk: Discard unaligned XSK frames on striding RQ
(bsc#1012628).
- wireguard: ratelimiter: use hrtimer in selftest (bsc#1012628).
- wireguard: allowedips: don't corrupt stack when detecting
overflow (bsc#1012628).
- HID: amd_sfh: Don't show client init failed as error when
discovery fails (bsc#1012628).
- clk: renesas: r9a06g032: Fix UART clkgrp bitsel (bsc#1012628).
- mtd: maps: Fix refcount leak in of_flash_probe_versatile
(bsc#1012628).
- mtd: maps: Fix refcount leak in ap_flash_init (bsc#1012628).
- mtd: rawnand: meson: Fix a potential double free issue
(bsc#1012628).
- clk: renesas: rzg2l: Fix reset status function (bsc#1012628).
- of: check previous kernel's ima-kexec-buffer against memory
bounds (bsc#1012628).
- scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing
(bsc#1012628).
- scsi: qla2xxx: edif: bsg refactor (bsc#1012628).
- scsi: qla2xxx: edif: Wait for app to ack on sess down
(bsc#1012628).
- scsi: qla2xxx: edif: Add bsg interface to read doorbell events
(bsc#1012628).
- scsi: qla2xxx: edif: Fix potential stuck session in sa update
(bsc#1012628).
- scsi: qla2xxx: edif: Synchronize NPIV deletion with
authentication application (bsc#1012628).
- scsi: qla2xxx: edif: Add retry for ELS passthrough
(bsc#1012628).
- scsi: qla2xxx: edif: Fix n2n discovery issue with secure target
(bsc#1012628).
- scsi: qla2xxx: edif: Fix n2n login retry for secure device
(bsc#1012628).
- KVM: SVM: Unwind "speculative" RIP advancement if INTn injection
"fails" (bsc#1012628).
- KVM: SVM: Stuff next_rip on emulated INT3 injection if NRIPS
is supported (bsc#1012628).
- KVM: x86/mmu: Drop RWX=0 SPTEs during ept_sync_page()
(bsc#1012628).
- phy: samsung: exynosautov9-ufs: correct TSRV register
configurations (bsc#1012628).
- PCI: microchip: Fix refcount leak in mc_pcie_init_irq_domains()
(bsc#1012628).
- PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep()
(bsc#1012628).
- HID: cp2112: prevent a buffer overflow in cp2112_xfer()
(bsc#1012628).
- mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in
sm_release (bsc#1012628).
- mtd: partitions: Fix refcount leak in parse_redboot_of
(bsc#1012628).
- mtd: parsers: ofpart: Fix refcount leak in
bcm4908_partitions_fw_offset (bsc#1012628).
- mtd: spear_smi: Don't skip cleanup after mtd_device_unregister()
failed (bsc#1012628).
- mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s
error path (bsc#1012628).
- mtd: spear_smi: Drop if with an always false condition
(bsc#1012628).
- mtd: st_spi_fsm: Warn about failure to unregister mtd device
(bsc#1012628).
- mtd: st_spi_fsm: Disable clock only after device was
unregistered (bsc#1012628).
- PCI: mediatek-gen3: Fix refcount leak in
mtk_pcie_init_irq_domains() (bsc#1012628).
- fpga: altera-pr-ip: fix unsigned comparison with less than zero
(bsc#1012628).
- usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe
(bsc#1012628).
- usb: cdns3: fix random warning message when driver load
(bsc#1012628).
- usb: gadget: uvc: Fix comment blocks style (bsc#1012628).
- usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe
(bsc#1012628).
- usb: gadget: tegra-xudc: Fix error check in
tegra_xudc_powerdomain_init() (bsc#1012628).
- usbip: vudc: Don't enable IRQs prematurely (bsc#1012628).
- usb: host: ohci-at91: add support to enter suspend using SMC
(bsc#1012628).
- usb: xhci: tegra: Fix error check (bsc#1012628).
- dmaengine: dw: dmamux: Export the module device table
(bsc#1012628).
- dmaengine: dw: dmamux: Fix build without CONFIG_OF
(bsc#1012628).
- netfilter: xtables: Bring SPDX identifier back (bsc#1012628).
- scsi: qla2xxx: edif: Send LOGO for unexpected IKE message
(bsc#1012628).
- scsi: qla2xxx: edif: Reduce disruption due to multiple app start
(bsc#1012628).
- scsi: qla2xxx: edif: Fix no login after app start (bsc#1012628).
- scsi: qla2xxx: edif: Tear down session if keys have been removed
(bsc#1012628).
- scsi: qla2xxx: edif: Fix session thrash (bsc#1012628).
- scsi: qla2xxx: edif: Fix no logout on delete for N2N
(bsc#1012628).
- scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time
(bsc#1012628).
- iio: accel: bma400: Fix the scale min and max macro values
(bsc#1012628).
- platform/chrome: cros_ec: Always expose last resume result
(bsc#1012628).
- iio: sx9324: Fix register field spelling (bsc#1012628).
- iio: accel: bma400: Reordering of header files (bsc#1012628).
- iio: accel: bma400: conversion to device-managed function
(bsc#1012628).
- iio: accel: bma400: Add triggered buffer support (bsc#1012628).
- iio: core: Fix IIO_ALIGN and rename as it was not sufficiently
large (bsc#1012628).
- iio: accel: adxl313: Fix alignment for DMA safety (bsc#1012628).
- iio: accel: adxl355: Fix alignment for DMA safety (bsc#1012628).
- iio: accel: adxl367: Fix alignment for DMA safety (bsc#1012628).
- iio: accel: bma220: Fix alignment for DMA safety (bsc#1012628).
- iio: accel: sca3000: Fix alignment for DMA safety (bsc#1012628).
- iio: accel: sca3300: Fix alignment for DMA safety (bsc#1012628).
- iio: adc: ad7266: Fix alignment for DMA safety (bsc#1012628).
- iio: adc: ad7280a: Fix alignment for DMA safety (bsc#1012628).
- iio: adc: ad7292: Fix alignment for DMA safety (bsc#1012628).
- iio: adc: ad7298: Fix alignment for DMA safety (bsc#1012628).
- iio: adc: ad7476: Fix alignment for DMA safety (bsc#1012628).
- iio: adc: ad7606: Fix alignment for DMA safety (bsc#1012628).
- iio: adc: ad7766: Fix alignment for DMA safety (bsc#1012628).
- iio: adc: ad7768-1: Fix alignment for DMA safety (bsc#1012628).
- iio: adc: ad7887: Fix alignment for DMA safety (bsc#1012628).
- iio: adc: ad7923: Fix alignment for DMA safety (bsc#1012628).
- iio: adc: ad7949: Fix alignment for DMA safety (bsc#1012628).
- iio: adc: hi8435: Fix alignment for DMA safety (bsc#1012628).
- iio: adc: ltc2496: Fix alignment for DMA safety (bsc#1012628).
- iio: adc: ltc2497: Fix alignment for DMA safety (bsc#1012628).
- iio: adc: max1027: Fix alignment for DMA safety (bsc#1012628).
- iio: adc: max11100: Fix alignment for DMA safety (bsc#1012628).
- iio: adc: max1118: Fix alignment for DMA safety (bsc#1012628).
- iio: adc: max1241: Fix alignment for DMA safety (bsc#1012628).
- iio: adc: mcp320x: Fix alignment for DMA safety (bsc#1012628).
- iio: adc: ti-adc0832: Fix alignment for DMA safety
(bsc#1012628).
- iio: adc: ti-adc084s021: Fix alignment for DMA safety
(bsc#1012628).
- iio: adc: ti-adc108s102: Fix alignment for DMA safety
(bsc#1012628).
- iio: adc: ti-adc12138: Fix alignment for DMA safety
(bsc#1012628).
- iio: adc: ti-adc128s052: Fix alignment for DMA safety
(bsc#1012628).
- iio: adc: ti-adc161s626: Fix alignment for DMA safety
(bsc#1012628).
- iio: adc: ti-ads124s08: Fix alignment for DMA safety
(bsc#1012628).
- iio: adc: ti-ads131e08: Fix alignment for DMA safety
(bsc#1012628).
- iio: adc: ti-ads7950: Fix alignment for DMA safety
(bsc#1012628).
- iio: adc: ti-ads8344: Fix alignment for DMA safety
(bsc#1012628).
- iio: adc: ti-ads8688: Fix alignment for DMA safety
(bsc#1012628).
- iio: adc: ti-tlc4541: Fix alignment for DMA safety
(bsc#1012628).
- iio: addac: ad74413r: Fix alignment for DMA safety
(bsc#1012628).
- iio: amplifiers: ad8366: Fix alignment for DMA safety
(bsc#1012628).
- iio: common: ssp: Fix alignment for DMA safety (bsc#1012628).
- iio: dac: ad5064: Fix alignment for DMA safety (bsc#1012628).
- iio: dac: ad5360: Fix alignment for DMA safety (bsc#1012628).
- iio: dac: ad5421: Fix alignment for DMA safety (bsc#1012628).
- iio: dac: ad5449: Fix alignment for DMA safety (bsc#1012628).
- iio: dac: ad5504: Fix alignment for DMA safety (bsc#1012628).
- iio: dac: ad5592r: Fix alignment for DMA safety (bsc#1012628).
- iio: dac: ad5686: Fix alignment for DMA safety (bsc#1012628).
- iio: dac: ad5755: Fix alignment for DMA safety (bsc#1012628).
- iio: dac: ad5761: Fix alignment for DMA safety (bsc#1012628).
- iio: dac: ad5764: Fix alignment for DMA safety (bsc#1012628).
- iio: dac: ad5766: Fix alignment for DMA safety (bsc#1012628).
- iio: dac: ad5770r: Fix alignment for DMA safety (bsc#1012628).
- iio: dac: ad5791: Fix alignment for DMA saftey (bsc#1012628).
- iio: dac: ad7293: Fix alignment for DMA safety (bsc#1012628).
- iio: dac: ad7303: Fix alignment for DMA safety (bsc#1012628).
- iio: dac: ad8801: Fix alignment for DMA safety (bsc#1012628).
- iio: dac: ltc2688: Fix alignment for DMA safety (bsc#1012628).
- iio: dac: mcp4922: Fix alignment for DMA safety (bsc#1012628).
- iio: dac: ti-dac082s085: Fix alignment for DMA safety
(bsc#1012628).
- iio: dac: ti-dac5571: Fix alignment for DMA safety
(bsc#1012628).
- iio: dac: ti-dac7311: Fix alignment for DMA safety
(bsc#1012628).
- iio: dac: ti-dac7612: Fix alignment for DMA safety
(bsc#1012628).
- iio: frequency: ad9523: Fix alignment for DMA safety
(bsc#1012628).
- iio: frequency: adf4350: Fix alignment for DMA safety
(bsc#1012628).
- iio: frequency: adf4371: Fix alignment for DMA safety
(bsc#1012628).
- iio: frequency: admv1013: Fix alignment for DMA safety
(bsc#1012628).
- iio: frequency: admv1014: Fix alignment for DMA safety
(bsc#1012628).
- iio: frequency: admv4420: Fix alignment for DMA safety
(bsc#1012628).
- iio: frequency: adrf6780: Fix alignment for DMA safety
(bsc#1012628).
- iio: gyro: adis16080: Fix alignment for DMA safety
(bsc#1012628).
- iio: gyro: adis16130: Fix alignment for DMA safety
(bsc#1012628).
- iio: gyro: adxrs450: Fix alignment for DMA safety (bsc#1012628).
- iio: gyro: fxas210002c: Fix alignment for DMA safety
(bsc#1012628).
- iio: imu: fxos8700: Fix alignment for DMA safety (bsc#1012628).
- iio: imu: inv_icm42600: Fix alignment for DMA safety
(bsc#1012628).
- iio: imu: inv_icm42600: Fix alignment for DMA safety in buffer
code (bsc#1012628).
- iio: imu: mpu6050: Fix alignment for DMA safety (bsc#1012628).
- iio: potentiometer: ad5110: Fix alignment for DMA safety
(bsc#1012628).
- iio: potentiometer: ad5272: Fix alignment for DMA safety
(bsc#1012628).
- iio: potentiometer: max5481: Fix alignment for DMA safety
(bsc#1012628).
- iio: potentiometer: mcp41010: Fix alignment for DMA safety
(bsc#1012628).
- iio: potentiometer: mcp4131: Fix alignment for DMA safety
(bsc#1012628).
- iio: proximity: as3935: Fix alignment for DMA safety
(bsc#1012628).
- iio: resolver: ad2s1200: Fix alignment for DMA safety
(bsc#1012628).
- iio: resolver: ad2s90: Fix alignment for DMA safety
(bsc#1012628).
- iio: temp: ltc2983: Fix alignment for DMA safety (bsc#1012628).
- iio: temp: max31865: Fix alignment for DMA safety (bsc#1012628).
- iio: temp: maxim_thermocouple: Fix alignment for DMA safety
(bsc#1012628).
- clk: mediatek: reset: Fix written reset bit offset
(bsc#1012628).
- clk: imx93: use adc_root as the parent clock of adc1
(bsc#1012628).
- clk: imx93: correct nic_media parent (bsc#1012628).
- clk: imx: clk-fracn-gppll: fix mfd value (bsc#1012628).
- clk: imx: clk-fracn-gppll: Return rate in rate table properly
in ->recalc_rate() (bsc#1012628).
- clk: imx: clk-fracn-gppll: correct rdiv (bsc#1012628).
- RDMA/rxe: fix xa_alloc_cycle() error return value check again
(bsc#1012628).
- lib/test_hmm: avoid accessing uninitialized pages (bsc#1012628).
- mm/memremap: fix memunmap_pages() race with get_dev_pagemap()
(bsc#1012628).
- KVM: Don't set Accessed/Dirty bits for ZERO_PAGE (bsc#1012628).
- KVM: selftests: Convert s390x/diag318_test_handler away from
VCPU_ID (bsc#1012628).
- KVM: selftests: Use vm_create_with_vcpus() in
max_guest_memory_test (bsc#1012628).
- devcoredump: remove the useless gfp_t parameter in dev_coredumpv
and dev_coredumpm (bsc#1012628).
- mwifiex: fix sleep in atomic context bugs caused by
dev_coredumpv (bsc#1012628).
- scsi: iscsi: Allow iscsi_if_stop_conn() to be called from kernel
(bsc#1012628).
- scsi: iscsi: Add helper to remove a session from the kernel
(bsc#1012628).
- scsi: iscsi: Fix session removal on shutdown (bsc#1012628).
- dmaengine: dw-edma: Fix eDMA Rd/Wr-channels and DMA-direction
semantics (bsc#1012628).
- KVM: x86: Fix errant brace in KVM capability handling
(bsc#1012628).
- mtd: hyperbus: rpc-if: Fix RPM imbalance in probe error path
(bsc#1012628).
- mtd: dataflash: Add SPI ID table (bsc#1012628).
- clk: qcom: camcc-sm8250: Fix halt on boot by reducing driver's
init level (bsc#1012628).
- misc: rtsx: Fix an error handling path in rtsx_pci_probe()
(bsc#1012628).
- driver core: fix potential deadlock in __driver_attach
(bsc#1012628).
- clk: qcom: clk-krait: unlock spin after mux completion
(bsc#1012628).
- coresight: configfs: Fix unload of configurations on module exit
(bsc#1012628).
- coresight: syscfg: Update load and unload operations
(bsc#1012628).
- usb: gadget: f_mass_storage: Make CD-ROM emulation works with
Windows OS (bsc#1012628).
- clk: qcom: gcc-msm8939: Add missing SYSTEM_MM_NOC_BFDCD_CLK_SRC
(bsc#1012628).
- clk: qcom: gcc-msm8939: Fix bimc_ddr_clk_src rcgr base address
(bsc#1012628).
- clk: qcom: gcc-msm8939: Add missing system_mm_noc_bfdcd_clk_src
(bsc#1012628).
- clk: qcom: gcc-msm8939: Point MM peripherals to system_mm_noc
clock (bsc#1012628).
- usb: host: xhci: use snprintf() in xhci_decode_trb()
(bsc#1012628).
- RDMA/rxe: Add a responder state for atomic reply (bsc#1012628).
- RDMA/rxe: Fix deadlock in rxe_do_local_ops() (bsc#1012628).
- clk: qcom: ipq8074: fix NSS core PLL-s (bsc#1012628).
- clk: qcom: ipq8074: SW workaround for UBI32 PLL lock
(bsc#1012628).
- clk: qcom: ipq8074: fix NSS port frequency tables (bsc#1012628).
- clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks
(bsc#1012628).
- clk: qcom: camcc-sdm845: Fix topology around titan_top power
domain (bsc#1012628).
- clk: qcom: camcc-sm8250: Fix topology around titan_top power
domain (bsc#1012628).
- clk: qcom: clk-rcg2: Fail Duty-Cycle configuration if MND
divider is not enabled (bsc#1012628).
- clk: qcom: clk-rcg2: Make sure to not write d=0 to the NMD
register (bsc#1012628).
- kernfs: fix potential NULL dereference in __kernfs_remove
(bsc#1012628).
- mm: rmap: use the correct parameter name for
DEFINE_PAGE_VMA_WALK (bsc#1012628).
- mm/migration: return errno when isolate_huge_page failed
(bsc#1012628).
- mm/migration: fix potential pte_unmap on an not mapped pte
(bsc#1012628).
- mm: introduce clear_highpage_kasan_tagged (bsc#1012628).
- kasan: fix zeroing vmalloc memory with HW_TAGS (bsc#1012628).
- mm/mempolicy: fix get_nodes out of bound access (bsc#1012628).
- phy: ti: tusb1210: Don't check for write errors when powering on
(bsc#1012628).
- phy: rockchip-inno-usb2: Sync initial otg state (bsc#1012628).
- PCI: dwc: Stop link on host_init errors and de-initialization
(bsc#1012628).
- PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu()
(bsc#1012628).
- PCI: dwc: Disable outbound windows only for controllers using
iATU (bsc#1012628).
- PCI: dwc: Set INCREASE_REGION_SIZE flag based on limit address
(bsc#1012628).
- PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors
(bsc#1012628).
- PCI: dwc: Always enable CDM check if "snps,enable-cdm-check"
exists (bsc#1012628).
- soundwire: bus_type: fix remove and shutdown support
(bsc#1012628).
- soundwire: revisit driver bind/unbind and callbacks
(bsc#1012628).
- KVM: arm64: Don't return from void function (bsc#1012628).
- dmaengine: sf-pdma: Add multithread support for a DMA channel
(bsc#1012628).
- PCI: endpoint: Don't stop controller when unbinding endpoint
function (bsc#1012628).
- phy: qcom-qmp: fix the QSERDES_V5_COM_CMN_MODE register
(bsc#1012628).
- scsi: qla2xxx: Check correct variable in qla24xx_async_gffid()
(bsc#1012628).
- scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved
configuration (bsc#1012628).
- intel_th: Fix a resource leak in an error handling path
(bsc#1012628).
- intel_th: msu-sink: Potential dereference of null pointer
(bsc#1012628).
- intel_th: msu: Fix vmalloced buffers (bsc#1012628).
- binder: fix redefinition of seq_file attributes (bsc#1012628).
- staging: rtl8192u: Fix sleep in atomic context bug in
dm_fsync_timer_callback (bsc#1012628).
- rtla/utils: Use calloc and check the potential memory allocation
failure (bsc#1012628).
- habanalabs: fix double unlock on error in map_device_va()
(bsc#1012628).
- dt-bindings: mmc: sdhci-msm: Fix issues in yaml bindings
(bsc#1012628).
- mmc: sdhci-of-esdhc: Fix refcount leak in
esdhc_signal_voltage_switch (bsc#1012628).
- mmc: mxcmmc: Silence a clang warning (bsc#1012628).
- mmc: renesas_sdhi: Get the reset handle early in the probe
(bsc#1012628).
- memstick/ms_block: Fix some incorrect memory allocation
(bsc#1012628).
- memstick/ms_block: Fix a memory leak (bsc#1012628).
- mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R
(bsc#1012628).
- of: device: Fix missing of_node_put() in
of_dma_set_restricted_buffer (bsc#1012628).
- mmc: block: Add single read for 4k sector cards (bsc#1012628).
- KVM: s390: pv: leak the topmost page table when destroy fails
(bsc#1012628).
- PCI/portdrv: Don't disable AER reporting in
get_port_device_capability() (bsc#1012628).
- PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks
(bsc#1012628).
- scsi: smartpqi: Fix DMA direction for RAID requests
(bsc#1012628).
- xtensa: iss/network: provide release() callback (bsc#1012628).
- xtensa: iss: fix handling error cases in iss_net_configure()
(bsc#1012628).
- usb: gadget: udc: amd5536 depends on HAS_DMA (bsc#1012628).
- usb: aspeed-vhub: Fix refcount leak bug in ast_vhub_init_desc()
(bsc#1012628).
- usb: dwc3: core: Deprecate GCTL.CORESOFTRESET (bsc#1012628).
- usb: dwc3: core: Do not perform GCTL_CORE_SOFTRESET during
bootup (bsc#1012628).
- usb: dwc3: qcom: fix missing optional irq warnings
(bsc#1012628).
- eeprom: idt_89hpesx: uninitialized data in idt_dbgfs_csr_write()
(bsc#1012628).
- phy: stm32: fix error return in stm32_usbphyc_phy_init
(bsc#1012628).
- phy: rockchip-inno-usb2: Ignore OTG IRQs in host mode
(bsc#1012628).
- interconnect: imx: fix max_node_id (bsc#1012628).
- KVM: arm64: Fix hypervisor address symbolization (bsc#1012628).
- um: random: Don't initialise hwrng struct with zero
(bsc#1012628).
- mm: percpu: use kmemleak_ignore_phys() instead of
kmemleak_free() (bsc#1012628).
- RDMA/irdma: Fix a window for use-after-free (bsc#1012628).
- RDMA/irdma: Fix VLAN connection with wildcard address
(bsc#1012628).
- RDMA/irdma: Fix setting of QP context err_rq_idx_valid field
(bsc#1012628).
- RDMA/rtrs-srv: Fix modinfo output for stringify (bsc#1012628).
- RDMA/rtrs-clt: Replace list_next_or_null_rr_rcu with an inline
function (bsc#1012628).
- RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr()
(bsc#1012628).
- RDMA/hns: Fix incorrect clearing of interrupt status register
(bsc#1012628).
- RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY
event (bsc#1012628).
- RDMA/rxe: Fix BUG: KASAN: null-ptr-deref in rxe_qp_do_cleanup
(bsc#1012628).
- iio: cros: Register FIFO callback after sensor is registered
(bsc#1012628).
- clk: qcom: Drop mmcx gdsc supply for dispcc and videocc
(bsc#1012628).
- clk: qcom: gdsc: Bump parent usage count when GDSC is found
enabled (bsc#1012628).
- clk: qcom: gcc-msm8939: Fix weird field spacing in
ftbl_gcc_camss_cci_clk (bsc#1012628).
- RDMA/hfi1: fix potential memory leak in setup_base_ctxt()
(bsc#1012628).
- gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data()
(bsc#1012628).
- iio: adc: max1027: unlock on error path in
max1027_read_single_value() (bsc#1012628).
- HID: mcp2221: prevent a buffer overflow in mcp_smbus_write()
(bsc#1012628).
- HID: amd_sfh: Add NULL check for hid device (bsc#1012628).
- dmaengine: imx-dma: Cast of_device_get_match_data() with
(uintptr_t) (bsc#1012628).
- scripts/gdb: fix 'lx-dmesg' on 32 bits arch (bsc#1012628).
- RDMA/rxe: Fix mw bind to allow any consumer key portion
(bsc#1012628).
- mmc: core: quirks: Add of_node_put() when breaking out of loop
(bsc#1012628).
- mmc: cavium-octeon: Add of_node_put() when breaking out of loop
(bsc#1012628).
- mmc: cavium-thunderx: Add of_node_put() when breaking out of
loop (bsc#1012628).
- HID: alps: Declare U1_UNICORN_LEGACY support (bsc#1012628).
- RDMA/rxe: For invalidate compare according to set keys in mr
(bsc#1012628).
- RDMA/rxe: Fix rnr retry behavior (bsc#1012628).
- PCI: tegra194: Fix Root Port interrupt handling (bsc#1012628).
- PCI: tegra194: Fix link up retry sequence (bsc#1012628).
- HID: amd_sfh: Handle condition of "no sensors" (bsc#1012628).
- USB: serial: fix tty-port initialized comments (bsc#1012628).
- usb: xhci_plat_remove: avoid NULL dereference (bsc#1012628).
- usb: cdns3: change place of 'priv_ep' assignment in
cdns3_gadget_ep_dequeue(), cdns3_gadget_ep_enable()
(bsc#1012628).
- mtd: spi-nor: fix spi_nor_spimem_setup_op() call in
spi_nor_erase_{sector,chip}() (bsc#1012628).
- staging: fbtft: core: set smem_len before fb_deferred_io_init
call (bsc#1012628).
- KVM: nVMX: Set UMIP bit CR4_FIXED1 MSR when emulating UMIP
(bsc#1012628).
- tools/power/x86/intel-speed-select: Fix off by one check
(bsc#1012628).
- platform/x86: pmc_atom: Match all Lex BayTrail boards with
critclk_systems DMI table (bsc#1012628).
- platform/mellanox: mlxreg-lc: Fix error flow and extend
verbosity (bsc#1012628).
- platform/olpc: Fix uninitialized data in debugfs write
(bsc#1012628).
- RDMA/srpt: Duplicate port name members (bsc#1012628).
- RDMA/srpt: Introduce a reference count in struct srpt_device
(bsc#1012628).
- RDMA/srpt: Fix a use-after-free (bsc#1012628).
- android: binder: stop saving a pointer to the VMA (bsc#1012628).
- mm/mmap.c: fix missing call to vm_unacct_memory in mmap_region
(bsc#1012628).
- selftests/vm: fix errno handling in mrelease_test (bsc#1012628).
- tools/testing/selftests/vm/hugetlb-madvise.c: silence
uninitialized variable warning (bsc#1012628).
- selftest/vm: uninitialized variable in main() (bsc#1012628).
- rtla: Fix Makefile when called from -C tools/ (bsc#1012628).
- rtla: Fix double free (bsc#1012628).
- virtio: replace restricted mem access flag with callback
(bsc#1012628).
- xen: don't require virtio with grants for non-PV guests
(bsc#1012628).
- selftests: kvm: set rax before vmcall (bsc#1012628).
- of/fdt: declared return type does not match actual return type
(bsc#1012628).
- RDMA/mlx5: Add missing check for return value in get namespace
flow (bsc#1012628).
- RDMA/rxe: Fix error unwind in rxe_create_qp() (bsc#1012628).
- block/rnbd-srv: Set keep_id to true after mutex_trylock
(bsc#1012628).
- null_blk: fix ida error handling in null_add_dev()
(bsc#1012628).
- nbd: add missing definition of pr_fmt (bsc#1012628).
- mtip32xx: fix device removal (bsc#1012628).
- nvme: use command_id instead of req->tag in
trace_nvme_complete_rq() (bsc#1012628).
- nvme: define compat_ioctl again to unbreak 32-bit userspace
(bsc#1012628).
- nvme: catch -ENODEV from nvme_revalidate_zones again
(bsc#1012628).
- block/bio: remove duplicate append pages code (bsc#1012628).
- block: ensure iov_iter advances for added pages (bsc#1012628).
- jbd2: fix outstanding credits assert in
jbd2_journal_commit_transaction() (bsc#1012628).
- ext4: recover csum seed of tmp_inode after migrating to extents
(bsc#1012628).
- jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when
journal aborted (bsc#1012628).
- usb: cdns3: Don't use priv_dev uninitialized in
cdns3_gadget_ep_enable() (bsc#1012628).
- opp: Fix error check in dev_pm_opp_attach_genpd() (bsc#1012628).
- ASoC: cros_ec_codec: Fix refcount leak in
cros_ec_codec_platform_probe (bsc#1012628).
- ASoC: samsung: Fix error handling in aries_audio_probe
(bsc#1012628).
- ASoC: imx-audmux: Silence a clang warning (bsc#1012628).
- ASoC: mediatek: mt8173: Fix refcount leak in
mt8173_rt5650_rt5676_dev_probe (bsc#1012628).
- ASoC: max98390: use linux/gpio/consumer.h to fix build
(bsc#1012628).
- ASoC: mt6797-mt6351: Fix refcount leak in
mt6797_mt6351_dev_probe (bsc#1012628).
- ASoC: codecs: da7210: add check for i2c_add_driver
(bsc#1012628).
- ASoC: mediatek: mt8173-rt5650: Fix refcount leak in
mt8173_rt5650_dev_probe (bsc#1012628).
- serial: pic32: fix missing clk_disable_unprepare() on error
in pic32_uart_startup() (bsc#1012628).
- serial: 8250: Create serial_lsr_in() (bsc#1012628).
- serial: 8250: Get preserved flags using serial_lsr_in()
(bsc#1012628).
- serial: 8250_dw: Use serial_lsr_in() in dw8250_handle_irq()
(bsc#1012628).
- serial: 8250_dw: Store LSR into lsr_saved_flags in
dw8250_tx_wait_empty() (bsc#1012628).
- ASoC: SOF: make ctx_store and ctx_restore as optional
(bsc#1012628).
- ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to
S8_TLV (bsc#1012628).
- ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV
(bsc#1012628).
- ASoC: cs35l45: Add endianness flag in snd_soc_component_driver
(bsc#1012628).
- rpmsg: char: Add mutex protection for rpmsg_eptdev_open()
(bsc#1012628).
- rpmsg: mtk_rpmsg: Fix circular locking dependency (bsc#1012628).
- remoteproc: k3-r5: Fix refcount leak in k3_r5_cluster_of_init
(bsc#1012628).
- selftests/livepatch: better synchronize test_klp_callbacks_busy
(bsc#1012628).
- profiling: fix shift too large makes kernel panic (bsc#1012628).
- remoteproc: imx_rproc: Fix refcount leak in imx_rproc_addr_init
(bsc#1012628).
- KVM: PPC: Book3s: Fix warning about xics_rm_h_xirr_x
(bsc#1012628).
- rpmsg: Fix possible refcount leak in
rpmsg_register_device_override() (bsc#1012628).
- selftests/powerpc: Skip energy_scale_info test on older firmware
(bsc#1012628).
- ASoC: samsung: h1940_uda1380: include proepr GPIO consumer
header (bsc#1012628).
- powerpc/perf: Optimize clearing the pending PMI and remove
WARN_ON for PMI check in power_pmu_disable (bsc#1012628).
- ASoC: soc-core.c: fixup snd_soc_of_get_dai_link_cpus()
(bsc#1012628).
- ASoC: samsung: change gpiod_speaker_power and rx1950_audio
from global to static variables (bsc#1012628).
- serial: 8250_dw: Take port lock while accessing LSR
(bsc#1012628).
- ASoC: codecs: wsa881x: handle timeouts in resume path
(bsc#1012628).
- vfio/mlx5: Protect mlx5vf_disable_fds() upon close device
(bsc#1012628).
- vfio: Split migration ops from main device ops (bsc#1012628).
- net/ice: fix initializing the bitmap in the switch code
(bsc#1012628).
- tty: n_gsm: fix user open not possible at responder until
initiator open (bsc#1012628).
- tty: n_gsm: fix tty registration before control channel open
(bsc#1012628).
- tty: n_gsm: fix wrong queuing behavior in gsm_dlci_data_output()
(bsc#1012628).
- tty: n_gsm: fix missing timer to handle stalled links
(bsc#1012628).
- tty: n_gsm: fix non flow control frames during mux flow off
(bsc#1012628).
- tty: n_gsm: fix packet re-transmission without open control
channel (bsc#1012628).
- tty: n_gsm: fix race condition in gsmld_write() (bsc#1012628).
- tty: n_gsm: fix deadlock and link starvation in outgoing data
path (bsc#1012628).
- tty: n_gsm: fix resource allocation order in gsm_activate_mux()
(bsc#1012628).
- ASoC: qcom: Fix missing of_node_put() in
asoc_qcom_lpass_cpu_platform_probe() (bsc#1012628).
- MIPS: Loongson64: Fix section mismatch warning (bsc#1012628).
- ASoC: imx-card: Fix DSD/PDM mclk frequency (bsc#1012628).
- remoteproc: qcom: wcnss: Fix handling of IRQs (bsc#1012628).
- vfio/ccw: Remove UUID from s390 debug log (bsc#1012628).
- vfio/ccw: Fix FSM state if mdev probe fails (bsc#1012628).
- vfio/ccw: Do not change FSM state in subchannel event
(bsc#1012628).
- ASoC: audio-graph-card2.c: use of_property_read_u32() for rate
(bsc#1012628).
- serial: 8250_fsl: Don't report FE, PE and OE twice
(bsc#1012628).
- tty: n_gsm: fix wrong T1 retry count handling (bsc#1012628).
- tty: n_gsm: fix DM command (bsc#1012628).
- tty: n_gsm: fix flow control handling in tx path (bsc#1012628).
- tty: n_gsm: fix missing corner cases in gsmld_poll()
(bsc#1012628).
- MIPS: vdso: Utilize __pa() for gic_pfn (bsc#1012628).
- ASoC: SOF: mediatek: fix mt8195 StatvectorSel wrong setting
(bsc#1012628).
- swiotlb: fail map correctly with failed io_tlb_default_mem
(bsc#1012628).
- lib/bitmap: fix off-by-one in bitmap_to_arr64() (bsc#1012628).
- ASoC: SOF: ipc3-topology: Prevent double freeing of
ipc_control_data via load_bytes (bsc#1012628).
- cpufreq: mediatek: fix error return code in
mtk_cpu_dvfs_info_init() (bsc#1012628).
- ASoc: audio-graph-card2: Fix refcount leak bug in
__graph_get_type() (bsc#1012628).
- ASoC: mt6359: Fix refcount leak bug (bsc#1012628).
- ASoC: SOF: ipc-msg-injector: fix copy in
sof_msg_inject_ipc4_dfs_write() (bsc#1012628).
- serial: 8250_bcm7271: Save/restore RTS in suspend/resume
(bsc#1012628).
- iommu/exynos: Handle failed IOMMU device registration properly
(bsc#1012628).
- 9p: Drop kref usage (bsc#1012628).
- 9p: Add client parameter to p9_req_put() (bsc#1012628).
- net: 9p: fix refcount leak in p9_read_work() error handling
(bsc#1012628).
- MIPS: Fixed __debug_virt_addr_valid() (bsc#1012628).
- rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge
(bsc#1012628).
- leds: pwm-multicolor: Don't show -EPROBE_DEFER as errors
(bsc#1012628).
- kfifo: fix kfifo_to_user() return type (bsc#1012628).
- lib/smp_processor_id: fix imbalanced instrumentation_end()
call (bsc#1012628).
- proc: fix a dentry lock race between release_task and lookup
(bsc#1012628).
- remoteproc: qcom: pas: Check if coredump is enabled
(bsc#1012628).
- remoteproc: sysmon: Wait for SSCTL service to come up
(bsc#1012628).
- mfd: t7l66xb: Drop platform disable callback (bsc#1012628).
- mfd: max77620: Fix refcount leak in max77620_initialise_fps
(bsc#1012628).
- ASoC: amd: yc: Decrease level of error message (bsc#1012628).
- iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking
out of loop (bsc#1012628).
- perf tools: Fix dso_id inode generation comparison
(bsc#1012628).
- riscv: spinwait: Fix hartid variable type (bsc#1012628).
- s390/crash: fix incorrect number of bytes to copy to user space
(bsc#1012628).
- s390/zcore: fix race when reading from hardware system area
(bsc#1012628).
- perf test: Fix test case 83 ('perf stat CSV output linter')
on s390 (bsc#1012628).
- ASoC: fsl_asrc: force cast the asrc_format type (bsc#1012628).
- ASoC: fsl-asoc-card: force cast the asrc_format type
(bsc#1012628).
- ASoC: fsl_easrc: use snd_pcm_format_t type for sample_format
(bsc#1012628).
- ASoC: imx-card: use snd_pcm_format_t type for asrc_format
(bsc#1012628).
- ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp()
(bsc#1012628).
- fuse: Remove the control interface for virtio-fs (bsc#1012628).
- ASoC: audio-graph-card: Add of_node_put() in fail path
(bsc#1012628).
- ASoC: audio-graph-card2: Add of_node_put() in fail path
(bsc#1012628).
- watchdog: f71808e_wdt: Add check for platform_driver_register
(bsc#1012628).
- watchdog: sp5100_tco: Fix a memory leak of EFCH MMIO resource
(bsc#1012628).
- watchdog: armada_37xx_wdt: check the return value of
devm_ioremap() in armada_37xx_wdt_probe() (bsc#1012628).
- ASoC: Intel: sof_rt5682: Perform quirk check first in card
late probe (bsc#1012628).
- video: fbdev: amba-clcd: Fix refcount leak bugs (bsc#1012628).
- video: fbdev: sis: fix typos in SiS_GetModeID() (bsc#1012628).
- ASoC: mchp-spdifrx: disable end of block interrupt on failures
(bsc#1012628).
- powerpc/32: Call mmu_mark_initmem_nx() regardless of data
block mapping (bsc#1012628).
- powerpc/32s: Fix boot failure with KASAN + SMP +
JUMP_LABEL_FEATURE_CHECK_DEBUG (bsc#1012628).
- powerpc/32: Do not allow selection of e5500 or e6500 CPUs on
PPC32 (bsc#1012628).
- video: fbdev: offb: Include missing linux/platform_device.h
(bsc#1012628).
- pseries/iommu/ddw: Fix kdump to work in absence of
ibm,dma-window (bsc#1012628).
- powerpc/iommu: Fix iommu_table_in_use for a small default DMA
window case (bsc#1012628).
- powerpc/pci: Prefer PCI domain assignment via DT
'linux,pci-domain' and alias (bsc#1012628).
- selftests/powerpc: Fix matrix multiply assist test
(bsc#1012628).
- serial: 8250_bcm2835aux: Add missing clk_disable_unprepare()
(bsc#1012628).
- tty: serial: qcom-geni-serial: Fix get_clk_div_rate() which
otherwise could return a sub-optimal clock rate (bsc#1012628).
- tty: serial: fsl_lpuart: correct the count of break characters
(bsc#1012628).
- s390/smp: enforce lowcore protection on CPU restart
(bsc#1012628).
- perf stat: Revert "perf stat: Add default hybrid events"
(bsc#1012628).
- f2fs: fix to invalidate META_MAPPING before DIO write
(bsc#1012628).
- f2fs: fix to check inline_data during compressed inode
conversion (bsc#1012628).
- f2fs: fix to remove F2FS_COMPR_FL and tag F2FS_NOCOMP_FL at
the same time (bsc#1012628).
- cifs: Fix memory leak when using fscache (bsc#1012628).
- powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader
(bsc#1012628).
- powerpc/xive: Fix refcount leak in xive_get_max_prio
(bsc#1012628).
- powerpc/cell/axon_msi: Fix refcount leak in
setup_msi_msg_address (bsc#1012628).
- perf symbol: Fail to read phdr workaround (bsc#1012628).
- kprobes: Forbid probing on trampoline and BPF code areas
(bsc#1012628).
- x86/bus_lock: Don't assume the init value of
DEBUGCTLMSR.BUS_LOCK_DETECT to be zero (bsc#1012628).
- powerpc/pci: Fix PHB numbering when using opal-phbid
(bsc#1012628).
- genelf: Use HAVE_LIBCRYPTO_SUPPORT, not the never defined
HAVE_LIBCRYPTO (bsc#1012628).
- scripts/faddr2line: Fix vmlinux detection on arm64
(bsc#1012628).
- tty: serial: qcom-geni-serial: Fix %lu -> %u in print statements
(bsc#1012628).
- powerpc/64e: Fix kexec build error (bsc#1012628).
- sched, cpuset: Fix dl_cpu_busy() panic due to empty
cs->cpus_allowed (bsc#1012628).
- x86/numa: Use cpumask_available instead of hardcoded NULL check
(bsc#1012628).
- video: fbdev: arkfb: Fix a divide-by-zero bug in
ark_set_pixclock() (bsc#1012628).
- tools/thermal: Fix possible path truncations (bsc#1012628).
- sched: Fix the check of nr_running at queue wakelist
(bsc#1012628).
- sched: Remove the limitation of WF_ON_CPU on wakelist if wakee
cpu is idle (bsc#1012628).
- sched/core: Do not requeue task on CPU excluded from cpus_mask
(bsc#1012628).
- x86/entry: Build thunk_$(BITS) only if CONFIG_PREEMPTION=y
(bsc#1012628).
- f2fs: do not allow to decompress files have FI_COMPRESS_RELEASED
(bsc#1012628).
- video: fbdev: vt8623fb: Check the size of screen before
memset_io() (bsc#1012628).
- video: fbdev: arkfb: Check the size of screen before memset_io()
(bsc#1012628).
- video: fbdev: s3fb: Check the size of screen before memset_io()
(bsc#1012628).
- scsi: ufs: core: Correct ufshcd_shutdown() flow (bsc#1012628).
- scsi: zfcp: Fix missing auto port scan and thus missing target
ports (bsc#1012628).
- scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1012628).
- scsi: qla2xxx: Fix discovery issues in FC-AL topology
(bsc#1012628).
- scsi: qla2xxx: Turn off multi-queue for 8G adapters
(bsc#1012628).
- scsi: qla2xxx: Fix crash due to stale SRB access around I/O
timeouts (bsc#1012628).
- scsi: qla2xxx: Fix excessive I/O error messages by default
(bsc#1012628).
- scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error
injection (bsc#1012628).
- scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1012628).
- scsi: qla2xxx: Fix losing FCP-2 targets on long port disable
with I/Os (bsc#1012628).
- scsi: qla2xxx: Fix losing target when it reappears during delete
(bsc#1012628).
- scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation
tests (bsc#1012628).
- cifs: fix lock length calculation (bsc#1012628).
- x86/bugs: Enable STIBP for IBPB mitigated RETBleed
(bsc#1012628).
- ftrace/x86: Add back ftrace_expected assignment (bsc#1012628).
- x86/kprobes: Update kcb status flag after singlestepping
(bsc#1012628).
- x86/olpc: fix 'logical not is only applied to the left hand
side' (bsc#1012628).
- SMB3: fix lease break timeout when multiple deferred close
handles for the same file (bsc#1012628).
- posix-cpu-timers: Cleanup CPU timers before freeing them during
exec (bsc#1012628).
- Input: gscps2 - check return value of ioremap() in
gscps2_probe() (bsc#1012628).
- __follow_mount_rcu(): verify that mount_lock remains unchanged
(bsc#1012628).
- spmi: trace: fix stack-out-of-bound access in SPMI tracing
functions (bsc#1012628).
- csky: abiv1: Fixup compile error (bsc#1012628).
- drivers/base: fix userspace break from using bin_attributes
for cpumap and cpulist (bsc#1012628).
- drm/mediatek: Keep dsi as LP00 before dcs cmds transfer
(bsc#1012628).
- crypto: blake2s - remove shash module (bsc#1012628).
- firmware: arm_scpi: Ensure scpi_info is not assigned if the
probe fails (bsc#1012628).
- intel_th: pci: Add Meteor Lake-P support (bsc#1012628).
- intel_th: pci: Add Raptor Lake-S PCH support (bsc#1012628).
- intel_th: pci: Add Raptor Lake-S CPU support (bsc#1012628).
- KVM: set_msr_mce: Permit guests to ignore single-bit ECC errors
(bsc#1012628).
- KVM: x86: Signal #GP, not -EPERM, on bad WRMSR(MCi_CTL/STATUS)
(bsc#1012628).
- iommu/vt-d: avoid invalid memory access via
node_online(NUMA_NO_NODE) (bsc#1012628).
- PCI/AER: Iterate over error counters instead of error strings
(bsc#1012628).
- PCI: qcom: Power on PHY before IPQ8074 DBI register accesses
(bsc#1012628).
- dm writecache: set a default MAX_WRITEBACK_JOBS (bsc#1012628).
- kexec_file: drop weak attribute from functions (bsc#1012628).
- kexec: clean up arch_kexec_kernel_verify_sig (bsc#1012628).
- kexec, KEYS, s390: Make use of built-in and secondary keyring
for signature verification (bsc#1012628).
- tracing/events: Add __vstring() and __assign_vstr() helper
macros (bsc#1012628).
- dm thin: fix use-after-free crash in
dm_sm_register_threshold_callback (bsc#1012628).
- net/9p: Initialize the iounit field during fid creation
(bsc#1012628).
- ARM: Marvell: Update PCIe fixup (bsc#1012628).
- timekeeping: contribute wall clock to rng on time change
(bsc#1012628).
- locking/csd_lock: Change csdlock_debug from early_param to
__setup (bsc#1012628).
- block: don't allow the same type rq_qos add more than once
(bsc#1012628).
- btrfs: tree-log: make the return value for log syncing
consistent (bsc#1012628).
- btrfs: ensure pages are unlocked on cow_file_range() failure
(bsc#1012628).
- btrfs: fix error handling of fallback uncompress write
(bsc#1012628).
- btrfs: reset block group chunk force if we have to wait
(bsc#1012628).
- btrfs: properly flag filesystem with
BTRFS_FEATURE_INCOMPAT_BIG_METADATA (bsc#1012628).
- block: add bdev_max_segments() helper (bsc#1012628).
- btrfs: zoned: revive max_zone_append_bytes (bsc#1012628).
- btrfs: replace BTRFS_MAX_EXTENT_SIZE with
fs_info->max_extent_size (bsc#1012628).
- btrfs: convert count_max_extents() to use
fs_info->max_extent_size (bsc#1012628).
- btrfs: let can_allocate_chunk return error (bsc#1012628).
- btrfs: zoned: finish least available block group on data bg
allocation (bsc#1012628).
- btrfs: zoned: disable metadata overcommit for zoned
(bsc#1012628).
- btrfs: store chunk size in space-info struct (bsc#1012628).
- btrfs: zoned: introduce space_info->active_total_bytes
(bsc#1012628).
- btrfs: zoned: activate metadata block group on flush_space
(bsc#1012628).
- btrfs: zoned: activate necessary block group (bsc#1012628).
- btrfs: zoned: write out partially allocated region
(bsc#1012628).
- btrfs: zoned: wait until zone is finished when allocation
didn't progress (bsc#1012628).
- btrfs: join running log transaction when logging new name
(bsc#1012628).
- intel_idle: make SPR C1 and C1E be independent (bsc#1012628).
- ACPI: CPPC: Do not prevent CPPC from working in the future
(bsc#1012628).
- powerpc/powernv/kvm: Use darn for H_RANDOM on Power9
(bsc#1012628).
- s390/unwind: fix fgraph return address recovery (bsc#1012628).
- KVM: x86/pmu: Introduce the ctrl_mask value for fixed counter
(bsc#1012628).
- KVM: VMX: Mark all PERF_GLOBAL_(OVF)_CTRL bits reserved if
there's no vPMU (bsc#1012628).
- KVM: x86/pmu: Ignore pmu->global_ctrl check if vPMU doesn't
support global_ctrl (bsc#1012628).
- KVM: x86/pmu: Accept 0 for absent PMU MSRs when host-initiated
if !enable_pmu (bsc#1012628).
- Revert "KVM: x86/pmu: Accept 0 for absent PMU MSRs when
host-initiated if !enable_pmu" (bsc#1012628).
- KVM: VMX: Add helper to check if the guest PMU has
PERF_GLOBAL_CTRL (bsc#1012628).
- KVM: nVMX: Attempt to load PERF_GLOBAL_CTRL on nVMX xfer iff
it exists (bsc#1012628).
- dm raid: fix address sanitizer warning in raid_status
(bsc#1012628).
- dm raid: fix address sanitizer warning in raid_resume
(bsc#1012628).
- dm: fix dm-raid crash if md_handle_request() splits bio
(bsc#1012628).
- mm/damon/reclaim: fix potential memory leak in
damon_reclaim_init() (bsc#1012628).
- hugetlb_cgroup: fix wrong hugetlb cgroup numa stat
(bsc#1012628).
- batman-adv: tracing: Use the new __vstring() helper
(bsc#1012628).
- tracing: Use a struct alignof to determine trace event field
alignment (bsc#1012628).
- ext4: fix reading leftover inlined symlinks (bsc#1012628).
- ext4: update s_overhead_clusters in the superblock during an
on-line resize (bsc#1012628).
- ext4: fix extent status tree race in writeback error recovery
path (bsc#1012628).
- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h
(bsc#1012628).
- ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1012628).
- ext4: correct max_inline_xattr_value_size computing
(bsc#1012628).
- ext4: correct the misjudgment in ext4_iget_extra_inode
(bsc#1012628).
- ext4: fix warning in ext4_iomap_begin as race between bmap
and write (bsc#1012628).
- Documentation: ext4: fix cell spacing of table heading on
blockmap table (bsc#1012628).
- ext4: check if directory block is within i_size (bsc#1012628).
- ext4: make sure ext4_append() always allocates new block
(bsc#1012628).
- ext4: remove EA inode entry from mbcache on inode eviction
(bsc#1012628).
- ext4: unindent codeblock in ext4_xattr_block_set()
(bsc#1012628).
- ext4: fix race when reusing xattr blocks (bsc#1012628).
- KEYS: asymmetric: enforce SM2 signature use pkey algo
(bsc#1012628).
- tpm: eventlog: Fix section mismatch for DEBUG_SECTION_MISMATCH
(bsc#1012628).
- tpm: Add check for Failure mode for TPM2 modules (bsc#1012628).
- xen-blkback: fix persistent grants negotiation (bsc#1012628).
- xen-blkback: Apply 'feature_persistent' parameter when connect
(bsc#1012628).
- xen-blkfront: Apply 'feature_persistent' parameter when connect
(bsc#1012628).
- powerpc: Fix eh field when calling lwarx on PPC32 (bsc#1012628).
- powerpc64/ftrace: Fix ftrace for clang builds (bsc#1012628).
- net_sched: cls_route: remove from list when handle is 0
(bsc#1012628).
- Revert "drm/bridge: anx7625: Use DPI bus type" (bsc#1012628).
- tcp: fix over estimation in sk_forced_mem_schedule()
(bsc#1012628).
- crypto: lib/blake2s - reduce stack frame usage in self test
(bsc#1012628).
- raw: remove unused variables from raw6_icmp_error()
(bsc#1012628).
- raw: fix a typo in raw_icmp_error() (bsc#1012628).
- Revert "mwifiex: fix sleep in atomic context bugs caused by
dev_coredumpv" (bsc#1012628).
- Revert "devcoredump: remove the useless gfp_t parameter in
dev_coredumpv and dev_coredumpm" (bsc#1012628).
- mptcp: refine memory scheduling (bsc#1012628).
- wifi: cfg80211: handle IBSS in channel switch (bsc#1012628).
- wifi: nl80211: hold wdev mutex for tid config (bsc#1012628).
- wifi: nl80211: relax wdev mutex check in wdev_chandef()
(bsc#1012628).
- wifi: nl80211: acquire wdev mutex earlier in start_ap
(bsc#1012628).
- wifi: cfg80211: remove chandef check in cfg80211_cac_event()
(bsc#1012628).
- tracing: Use a copy of the va_list for __assign_vstr()
(bsc#1012628).
- net: dsa: felix: fix min gate len calculation for tc when its
first gate is closed (bsc#1012628).
- Revert "s390/smp: enforce lowcore protection on CPU restart"
(bsc#1012628).
- powerpc/kexec: Fix build failure from uninitialised variable
(bsc#1012628).
- io_uring: mem-account pbuf buckets (bsc#1012628).
- Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression
(bsc#1012628).
- ASoC: Intel: avs: Use lookup table to create modules
(bsc#1012628).
- geneve: Use ip_tunnel_key flow flags in route lookups
(bsc#1012628).
- vxlan: Use ip_tunnel_key flow flags in route lookups
(bsc#1012628).
- Update config files.
- commit 6c252ef
++++ gpgme:
- gpgme 1.18.0
* New keylist mode to force refresh via external methods
* The keylist operations now create an import result to report the
result of the locate keylist modes
* core: Return BAD_PASSPHRASE error code on symmetric decryption
failure
* cpp, qt: Do not export internal symbols anymore
* cpp, qt: Support revocation of own OpenPGP keys
* qt: The file name of (signed and) encrypted data can now be set
* cpp, qt: Support setting the primary user ID
* python: Fix segv(NULL) when inspecting contect after exeception
- includes changes from version 1.17.1:
* qt: Fix a bug in the ABI compatibility of 1.17.0
- includes changes from 1.17.0:
* New context flag "key-origin"
* New context flag "import-filter"
* New export mode to export secret subkeys
* Detect errors during the export of secret keys
* New function gpgme_op_receive_keys to import keys from a keyserver
without first running a key listing
* Detect bad passphrase error in certificate import
* Allow setting --key-origin when importing keys
* Support components "keyboxd", "gpg-agent", "scdaemon", "dirmngr",
"pinentry", and "socketdir" in gpgme_get_dirinfo
* Under Unix use poll(2) instead of select(2), when available.
* Fix results returned by gpgme_data_* functions
* Support closefrom also for glibc
(drop upstream gpgme-use-glibc-closefrom.patch
* cpp,qt: Add support for export of secret keys and secret subkeys.
* cpp,qt: Support for adding existing subkeys to other keys
* qt: Extend ChangeExpiryJob to change expiration of primary key
and of subkeys at the same time
* qt: Support WKD lookup without implicit import
* qt: Allow specifying an import filter when importing keys
* qt: Allow retrieving the default value of a config entry
- drop patches included upstream
* gpgme-1.16.0-Use-after-free-in-t-edit-sign-test.patch
* gpgme-1.16.0-t-various-testSignKeyWithExpiration-32-bit.patch
- add patches to fix tests:
* gpgme-1.18.0-T6137-qt_test.patch
++++ libxml2:
- Update to 2.10.0:
* Security
+ [CVE-2022-2309] Reset nsNr in xmlCtxtReset
+ Reserve byte for NUL terminator and report errors consistently in xmlBuf and
xmlBuffer
+ Fix missing NUL terminators in xmlBuf and xmlBuffer functions
+ Fix integer overflow in xmlBufferDump()
+ xmlBufAvail() should return length without including a byte for NUL
terminator
+ Fix ownership of xmlNodePtr & xmlAttrPtr fields in xmlSetTreeDoc()
+ Use xmlNewDocText in xmlXIncludeCopyRange
+ Fix use-after-free bugs when calling xmlTextReaderClose() before
xmlFreeTextReader() on post-validating parser
+ Use UPDATE_COMPAT() consistently in buf.c
+ fix: xmlXPathParserContext could be double-delete in OOM case.
* Removals and deprecations
+ Disable XPointer location support by default
+ Remove outdated xml2Conf.sh
+ Deprecate module init and cleanup functions
+ Remove obsolete XML Software Autoupdate (XSA) file
+ Remove DOCBparser
+ Remove obsolete Python test framework
+ Remove broken VxWorks support
+ Remove broken Mac OS 9 support
+ Remove broken bakefile support
+ Remove broken Visual Studio 2010 support
+ Remove broken Windows CE support
+ Deprecate IDREF-related functions in valid.h
+ Deprecate legacy functions
+ Disable legacy support by default
+ Deprecate all functions in nanoftp.h
+ Disable FTP support by default
+ Add XML_DEPRECATED macro
+ Remove elfgcchack.h
* Regressions
+ Skip incorrectly opened HTML comments
+ Restore behavior of htmlDocContentDumpFormatOutput()
* Bug fixes
+ Fix memory leak with invalid XSD
+ Make XPath depth check work with recursive invocations
+ Fix memory leak in xmlLoadEntityContent error path
+ Avoid double-free if malloc fails in inputPush
+ Properly fold whitespace around the QName value when validating an XSD
schema.
+ Add whitespace folding for some atomic data types that it's missing on.
+ Don't add IDs containing unexpanded entity references
* Improvements
+ Avoid calling xmlSetTreeDoc
+ Simplify xmlFreeNode
+ Don't reset nsDef when changing node content
+ Fix unintended fall-through in xmlNodeAddContentLen
+ Remove unused xmlBuf functions
+ Implement xpath1() XPointer scheme
+ Add configuration flag for XPointer locations support
+ Fix compiler warnings in Python code
+ Mark more static data as `const`
+ Make xmlStaticCopyNode non-recursive
+ Clean up encoding switching code
+ Simplify recursive pthread mutex
+ Use non-recursive mutex in dict.c
+ Fix parser progress checks
+ Avoid arithmetic on freed pointers
+ Improve buffer allocation scheme
+ Remove unneeded #includes
+ Add support for some non-standard escapes in regular expressions.
+ htmlParseComment: handle abruptly-closed comments
+ Add let variable tag support
+ Add value-of tag support
+ Remove useless call to xmlRelaxNGCleanupTypes
+ Don't include ICU headers in public headers
+ Update `xmlStrlen()` to use POSIX / ISO C `strlen()`
+ Fix unused variable warnings with disabled features
+ Only warn on invalid redeclarations of predefined entities
+ Remove unneeded code in xmlreader.c
+ Rework validation context flags
* Portability
+ Use NAN/INFINITY if available to init XPath NaN/Inf
+ Fix Python tests on macOS
+ Fix xmlCleanupThreads on Windows
+ Fix reinitialization of library on Windows
+ Don't mix declarations and code in runtest.c
+ Use portable python shebangs
+ Use critical sections as mutex on Windows
+ Don't set HAVE_WIN32_THREADS in win32config.h
+ Use stdint.h with newer MSVC
+ Remove cruft from win32config.h
+ Remove isinf/isnan emulation in win32config.h
+ Always fopen files with "rb"
+ Remove __DJGPP__ checks
+ Remove useless __CYGWIN__ checks
* Build system
+ Don't autogenerate doc/examples/Makefile.am
+ cmake: Install libxml.m4 on UNIX-like platforms
+ cmake: Use symbol versioning on UNIX-like platforms
+ Port genUnicode.py to Python 3
+ Port gentest.py to Python 3
+ cmake: Fix build without thread support
+ cmake: Install documentation in CMAKE_INSTALL_DOCDIR
+ cmake: Remove non needed files in docs dir
+ configure: move XML_PRIVATE_LIBS after WIN32_EXTRA_LIBADD is set
+ Move local Autoconf macros into m4 directory
+ Use XML_PRIVATE_LIBS in libxml2_la_LIBADD
+ Update libxml-2.0-uninstalled.pc.in
+ Remove LIBS from XML_PRIVATE_LIBS
+ Add WIN32_EXTRA_LIBADD to XML_PRIVATE_LIBS
+ Don't overlink executables
+ cmake: Adjust paths for UNIX or UNIX-like target systems
+ build: Make use of variables in libxml's pkg-config file
+ Avoid obsolescent `test -a` constructs
+ Move AM_MAINTAINER_MODE to AM section
+ configure.ac: make AM_SILENT_RULES([yes]) unconditional
+ Streamline documentation installation
+ Don't try to recreate COPYING symlink
+ Detect libm using libtool's macros
+ configure.ac: disable static libraries by default
+ python/Makefile.am: nest python docs in $(docdir)
+ python/Makefile.am: rely on global AM_INIT_AUTOMAKE
+ Makefile.am: install examples more idiomatically
+ configure.ac: remove useless AC_SUBST
+ Respect `--sysconfdir` in source files
+ Ignore configure backup file created by recent autoreconf too
+ Only install *.html and *.c example files
+ Remove --with-html-dir option
+ Rework documentation build system
+ Remove old website
+ Use AM_PATH_PYTHON/PKG_CHECK_MODULES for python bindings
+ Update genChRanges.py
+ Update build_glob.py
+ Remove ICONV_CONST test
+ Remove obsolete AC_HEADER checks
+ Don't check for standard C89 library functions
+ Don't check for standard C89 headers
+ Remove special configuration for certain maintainers
* Test suite, CI
+ Disable network in API tests
+ testapi: remove leading slash from "/missing.xml"
+ Build Autotools CI tests out of source tree (VPATH)
+ Add --with-minimum build to CI tests
+ Fix warnings when testing --with-minimum build
+ cmake: Run all tests when threads are disabled
+ Also build CI tests with -Werror
+ Move doc/examples tests to new test suite
+ Simplify 'make check' targets
+ Fix schemas and relaxng tests
+ Remove unused result files
+ Allow missing result files in runtest
+ Move regexp tests to runtest
+ Move SVG tests to runtest.c
+ Move testModule to new test suite
+ Move testThreads to new test suite
+ Remove major parts of old test suite
+ Make testchar return an error on failure
+ Add CI job for static build
+ python/tests: open() relative to test scripts
+ Port some test scripts to Python 3
* Documentation
+ Improve documentation of tree manipulation API
+ Update xml2-config man page
+ Consolidate man pages
+ Rename xmlcatalog_man.xml
+ Make examples a standalone HTML page
+ Fix documentation in entities.c
+ Add note about optimization flags
++++ libxslt:
- Update to 1.1.36:
* Removals and deprecations
+ Remove SVN keyword anchors
+ Remove CVS and SVN-related code
+ Remove README.cvs-commits
+ Remove ChangeLog
+ Remove xsltwin32config.h
* Improvements
+ Simplify xsltexports.h and exsltexports.h
+ Don't overlink executables with gcrypt
+ Fix quadratic behavior with variables and parameters
+ Remove case labels with XPointer location types
+ Add configure~ to .gitignore
+ Stop calling deprecated libxml2 functions
* Portability
+ Use portable python shebangs (David Seifert)
+ Remove useless __CYGWIN__ checks
+ Remove cruft from win32config.h
+ crypto.c: Silence a compiler warning on Windows (Chun-wei Fan)
* Build system
+ Add missing compile definition for static builds to CMake
+ Avoid obsolescent `test -a` constructs (David Seifert)
+ Only link libxml2 statically in purely static build
+ Set AC_CONFIG_MACRO_DIR
+ Allow AM_MAINTAINER_MODE to be disabled
+ Streamline and fix documentation installation
+ Don't try to recreate COPYING symlink
+ Remove special configuration for certain maintainers
+ configure.ac: produce tar.xz only (GNOME policy) (David Seifert)
+ Detect libm using libtool's macros (David Seifert)
+ configure.ac: disable static libraries by default (David Seifert)
+ python/Makefile.am: nest python docs in $(docdir) (David Seifert)
+ python/Makefile.am: rely on global AM_INIT_AUTOMAKE (David Seifert)
+ configure.ac: remove useless AC_SUBST (David Seifert)
+ Use AM_PATH_PYTHON/PKG_CHECK_MODULES for python bindings (David Seifert)
+ Change libxml2 Python config
+ Don't check for standard C89 library functions
+ Don't check for standard C89 headers
+ Remove --with-html-dir option
+ Also check for glibtoolize in autogen.sh
+ Rework documentation build system
+ Remove old website
+ CMake: Relax check for enabling crypto support on Windows (Chun-wei Fan)
+ Remove obsolete AC_HEADER_STDC autoconf macro (Vadim Zeitlin)
+ Remove special configuration for old maintainers
* Test suite, CI
+ Remove test involving XPointer range-to function
+ Test recursion in EXSLT dynamic functions
+ Add CI job for static build
* Documentation
+ Move tutorial images
++++ python-charset-normalizer:
- Clean requirements: We don't need anything
++++ libxml2-python:
- Update to 2.10.0:
* Security
+ [CVE-2022-2309] Reset nsNr in xmlCtxtReset
+ Reserve byte for NUL terminator and report errors consistently in xmlBuf and
xmlBuffer
+ Fix missing NUL terminators in xmlBuf and xmlBuffer functions
+ Fix integer overflow in xmlBufferDump()
+ xmlBufAvail() should return length without including a byte for NUL
terminator
+ Fix ownership of xmlNodePtr & xmlAttrPtr fields in xmlSetTreeDoc()
+ Use xmlNewDocText in xmlXIncludeCopyRange
+ Fix use-after-free bugs when calling xmlTextReaderClose() before
xmlFreeTextReader() on post-validating parser
+ Use UPDATE_COMPAT() consistently in buf.c
+ fix: xmlXPathParserContext could be double-delete in OOM case.
* Removals and deprecations
+ Disable XPointer location support by default
+ Remove outdated xml2Conf.sh
+ Deprecate module init and cleanup functions
+ Remove obsolete XML Software Autoupdate (XSA) file
+ Remove DOCBparser
+ Remove obsolete Python test framework
+ Remove broken VxWorks support
+ Remove broken Mac OS 9 support
+ Remove broken bakefile support
+ Remove broken Visual Studio 2010 support
+ Remove broken Windows CE support
+ Deprecate IDREF-related functions in valid.h
+ Deprecate legacy functions
+ Disable legacy support by default
+ Deprecate all functions in nanoftp.h
+ Disable FTP support by default
+ Add XML_DEPRECATED macro
+ Remove elfgcchack.h
* Regressions
+ Skip incorrectly opened HTML comments
+ Restore behavior of htmlDocContentDumpFormatOutput()
* Bug fixes
+ Fix memory leak with invalid XSD
+ Make XPath depth check work with recursive invocations
+ Fix memory leak in xmlLoadEntityContent error path
+ Avoid double-free if malloc fails in inputPush
+ Properly fold whitespace around the QName value when validating an XSD
schema.
+ Add whitespace folding for some atomic data types that it's missing on.
+ Don't add IDs containing unexpanded entity references
* Improvements
+ Avoid calling xmlSetTreeDoc
+ Simplify xmlFreeNode
+ Don't reset nsDef when changing node content
+ Fix unintended fall-through in xmlNodeAddContentLen
+ Remove unused xmlBuf functions
+ Implement xpath1() XPointer scheme
+ Add configuration flag for XPointer locations support
+ Fix compiler warnings in Python code
+ Mark more static data as `const`
+ Make xmlStaticCopyNode non-recursive
+ Clean up encoding switching code
+ Simplify recursive pthread mutex
+ Use non-recursive mutex in dict.c
+ Fix parser progress checks
+ Avoid arithmetic on freed pointers
+ Improve buffer allocation scheme
+ Remove unneeded #includes
+ Add support for some non-standard escapes in regular expressions.
+ htmlParseComment: handle abruptly-closed comments
+ Add let variable tag support
+ Add value-of tag support
+ Remove useless call to xmlRelaxNGCleanupTypes
+ Don't include ICU headers in public headers
+ Update `xmlStrlen()` to use POSIX / ISO C `strlen()`
+ Fix unused variable warnings with disabled features
+ Only warn on invalid redeclarations of predefined entities
+ Remove unneeded code in xmlreader.c
+ Rework validation context flags
* Portability
+ Use NAN/INFINITY if available to init XPath NaN/Inf
+ Fix Python tests on macOS
+ Fix xmlCleanupThreads on Windows
+ Fix reinitialization of library on Windows
+ Don't mix declarations and code in runtest.c
+ Use portable python shebangs
+ Use critical sections as mutex on Windows
+ Don't set HAVE_WIN32_THREADS in win32config.h
+ Use stdint.h with newer MSVC
+ Remove cruft from win32config.h
+ Remove isinf/isnan emulation in win32config.h
+ Always fopen files with "rb"
+ Remove __DJGPP__ checks
+ Remove useless __CYGWIN__ checks
* Build system
+ Don't autogenerate doc/examples/Makefile.am
+ cmake: Install libxml.m4 on UNIX-like platforms
+ cmake: Use symbol versioning on UNIX-like platforms
+ Port genUnicode.py to Python 3
+ Port gentest.py to Python 3
+ cmake: Fix build without thread support
+ cmake: Install documentation in CMAKE_INSTALL_DOCDIR
+ cmake: Remove non needed files in docs dir
+ configure: move XML_PRIVATE_LIBS after WIN32_EXTRA_LIBADD is set
+ Move local Autoconf macros into m4 directory
+ Use XML_PRIVATE_LIBS in libxml2_la_LIBADD
+ Update libxml-2.0-uninstalled.pc.in
+ Remove LIBS from XML_PRIVATE_LIBS
+ Add WIN32_EXTRA_LIBADD to XML_PRIVATE_LIBS
+ Don't overlink executables
+ cmake: Adjust paths for UNIX or UNIX-like target systems
+ build: Make use of variables in libxml's pkg-config file
+ Avoid obsolescent `test -a` constructs
+ Move AM_MAINTAINER_MODE to AM section
+ configure.ac: make AM_SILENT_RULES([yes]) unconditional
+ Streamline documentation installation
+ Don't try to recreate COPYING symlink
+ Detect libm using libtool's macros
+ configure.ac: disable static libraries by default
+ python/Makefile.am: nest python docs in $(docdir)
+ python/Makefile.am: rely on global AM_INIT_AUTOMAKE
+ Makefile.am: install examples more idiomatically
+ configure.ac: remove useless AC_SUBST
+ Respect `--sysconfdir` in source files
+ Ignore configure backup file created by recent autoreconf too
+ Only install *.html and *.c example files
+ Remove --with-html-dir option
+ Rework documentation build system
+ Remove old website
+ Use AM_PATH_PYTHON/PKG_CHECK_MODULES for python bindings
+ Update genChRanges.py
+ Update build_glob.py
+ Remove ICONV_CONST test
+ Remove obsolete AC_HEADER checks
+ Don't check for standard C89 library functions
+ Don't check for standard C89 headers
+ Remove special configuration for certain maintainers
* Test suite, CI
+ Disable network in API tests
+ testapi: remove leading slash from "/missing.xml"
+ Build Autotools CI tests out of source tree (VPATH)
+ Add --with-minimum build to CI tests
+ Fix warnings when testing --with-minimum build
+ cmake: Run all tests when threads are disabled
+ Also build CI tests with -Werror
+ Move doc/examples tests to new test suite
+ Simplify 'make check' targets
+ Fix schemas and relaxng tests
+ Remove unused result files
+ Allow missing result files in runtest
+ Move regexp tests to runtest
+ Move SVG tests to runtest.c
+ Move testModule to new test suite
+ Move testThreads to new test suite
+ Remove major parts of old test suite
+ Make testchar return an error on failure
+ Add CI job for static build
+ python/tests: open() relative to test scripts
+ Port some test scripts to Python 3
* Documentation
+ Improve documentation of tree manipulation API
+ Update xml2-config man page
+ Consolidate man pages
+ Rename xmlcatalog_man.xml
+ Make examples a standalone HTML page
+ Fix documentation in entities.c
+ Add note about optimization flags
++++ vim:
- Updated to version 9.0.0224, fixes the following problems
- boo#1202552 - CVE-2022-2874
- boo#1202512 - CVE-2022-2849
- boo#1202511 - CVE-2022-2862
- boo#1202515 - CVE-2022-2845
- boo#1202421 - CVE-2022-2816
- boo#1202420 - CVE-2022-2817
- boo#1202414 - CVE-2022-2819
* indexof() may leak memory.
* Cursor in wrong position when inserting after virtual text. (Ben Jackson)
* Redraw flags are not named specifically.
* Stacktrace not shown when debugging.
* The override flag has no effect for virtual text. (Ben Jackson)
* Build error with small features.
* 'list' mode does not work properly with virtual text.
* Invalid memory access when compiling :lockvar.
* Invalid memory access when compiling :unlet.
* Using freed memory with error in assert argument.
* Splitting a line may duplicate virtual text. (Ben Jackson)
* Not passing APC_INDENT flag.
* Undo earlier test sometimes fails on MS-Windows.
* 'shellslash' works differently when sourcing a script again.
* Reading before the start of the line.
* Cannot make a funcref with "s:func" in a def function in legacy script.
* Invalid memory access with for loop over NULL string.
* Accessing freed memory if compiling nested function fails.
* No good reason why text objects are only in larger builds.
* Typo in diffmode test.
------------------------------------------------------------------
------------------ 2022-8-17 - Aug 17 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- update to 22.1.6:
* llvmpipe: make last_fence a screen/rast object not a context one. llvmpipe:
keep context list and use to track resource usage.
* Revert "pan/bi: Require ATEST coverage mask input in R60"
* intel/dev: drop warning for unhandled hwconfig keys
* anv: Use sampleLocationsEnable for sample locations
++++ Mesa-drivers:
- update to 22.1.6:
* llvmpipe: make last_fence a screen/rast object not a context one. llvmpipe:
keep context list and use to track resource usage.
* Revert "pan/bi: Require ATEST coverage mask input in R60"
* intel/dev: drop warning for unhandled hwconfig keys
* anv: Use sampleLocationsEnable for sample locations
++++ boost-base:
- update to 1.80.0:
* no new libraries
* for details on all the long list of changes, see
https://www.boost.org/users/history/version_1_80_0.html
- drop 0001-json-array-erase-relocate.patch
boost-mp-locale-fix.patch: upstream
++++ conmon:
- update to 2.1.3:
* Port conmon to FreeBSD
* Stop using g_unix_signal_add() to avoid threads
* Rename CLI optionlog-size-global-max to log-global-size-max
++++ kexec-tools:
- update to 2.0.25:
* kexec-tools: Remove duplicate ultoa() definitions and redefine it
* i386: pass rng seed via setup_data
* kexec-tools: mips: Pass initrd parameter via cmdline
* arm64/crashdump-arm64: increase CRASH_MAX_MEMORY_RANGES to 32k
++++ mozilla-nss:
- update to NSS 3.81
* bmo#1762831 - Enable aarch64 hardware crypto support on OpenBSD
* bmo#1775359 - make NSS_SecureMemcmp 0/1 valued
* bmo#1779285 - Add no_application_protocol alert handler and
test client error code is set
* bmo#1777672 - Gracefully handle null nickname in
CERT_GetCertNicknameWithValidity
* required for Firefox 104
- raised NSPR requirement to 4.34.1
- changing some Requires from (pre) to generic as (pre) is not
sufficient (boo#1202118)
++++ protobuf:
- update to 21.5:
PHP
* Added getContainingOneof and getRealContainingOneof to descriptor.
* fix PHP readonly legacy files for nested messages
Python
* Fixed comparison of maps in Python.
++++ python310-core:
- fix import_failed.map to refer to the python 3.10 package versions
++++ mozilla-nspr:
- update to version 4.34.1
* add file descriptor sanity checks in the NSPR poll function
++++ python310:
- fix import_failed.map to refer to the python 3.10 package versions
++++ python-pyzmq:
- update to version 23.2.1:
* Improvements:
+ First release with wheels for Python 3.11 (thanks
cibuildwheel!).
+ linux aarch64 wheels now bundle the same libzmq (4.3.4) as all
other builds, thanks to switching to native arm builds on
CircleCI.
* Fixes:
+ Some type annotation fixes in devices.
++++ tar:
- bsc1200657.patch was previously incomplete leading to deadlocks
* bsc#1202436
* bsc1200657.patch updated
------------------------------------------------------------------
------------------ 2022-8-16 - Aug 16 2022 -------------------
------------------------------------------------------------------
++++ filesystem:
- Add French(France) (fr_FR) man pages directory - seen in xz
++++ kernel-default:
- rpm/kernel-binary.spec.in: move vdso to a separate package (bsc#1202385)
We do the move only on 15.5+.
- commit 9c7ade3
- rpm/kernel-binary.spec.in: simplify find for usrmerged
The type test and print line are the same for both cases. The usrmerged
case only ignores more, so refactor it to make it more obvious.
- commit 583c9be
- x86: link vdso and boot with -z noexecstack
- -no-warn-rwx-segments (binutils 2.39).
- commit 4fdb301
- Makefile: link with -z noexecstack --no-warn-rwx-segments
(binutils-2.39).
- commit 7c9d0cf
++++ less:
- Which need one /usr/bin/which, not the package which
++++ lz4:
- Update to release 1.9.4
* Decompression speed on high-end ARM64 platform is improved,
by ~+20%.
* For the specific scenario of data compressed with -BD4
setting (small blocks, <= 64 KB, linked) decompressed
block-by-block into a flush buffer (like lz4 CLI does),
decompression speed is improved ~+70%.
* For compressed data employing the lz4frame format (native
format of lz4 CLI), it's possible to ignore checksum
validation during decompression, resulting in speed
improvements of ~+40% . This capability is exposed at both
CLI (see --no-crc) and library levels.
++++ systemd:
- Import commit 532faa39ebaa6f56e493cc938a91a40df082b74f (merge of v251.4)
It includes the following fixes:
- 739d7130cb home: drop conflicted headers (bsc#1202221)
- 8fe0c12178 glibc: Remove #include <linux/fs.h> to resolve fsconfig_command/mount_attr conflict with glibc 2.36 (bsc#1202221)
- 0c5b7ee318 udev: allow to execute longer command line (bsc#1201766)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/8cd784e9250b38d20d8e14fccbfb211010283c79...532faa39ebaa6f56e493cc938a91a40df082b74f
- Drop 1001-statx.patch, it's no more needed.
++++ liburing:
- add test-xattr-don-t-rely-on-NUL-termination.patch (bsc#1202413)
++++ ovmf:
- Update to edk2-stable202205
- Features (https://github.com/tianocore/edk2/releases):
Support PEI 64bit in IntelFsp2Pkg and IntelFsp2WrapperPkg
IntelFsp2Pkg: BaseFspCommonLib Support for X64 Build
Add PrmPkg
BaseTools Enhance GenFw to support PRM GCC build
Enable Intel TDX in OvmfPkg
Generate CloudHv target as PVH ELF binary
Add parallel hash feature into BaseCryptLib
Configure/Enable elliptic curve ciphers in OpenSSL
Add FMMT tool into edk2 BaseTools
Dynamic variable flash information cannot be passed in Standalone MM
- Patches (git log --oneline --reverse edk2-stable202202~..edk2-stable202205):
b24306f15d NetworkPkg: Fix incorrect unicode string of the AKM/Cipher Suite
2dbed52506 ArmVirtPkg/ArmVirtMemoryInitPeiLib: avoid redundant cache invalidation
54cddc3ad4 ArmVirtPkg/ArmVirtKvmTool: wire up configurable timeout
de463163d9 OvmfPkg/AmdSev: reserve snp pages
63c50d3ff2 OvmfPkg/ResetVector: cache the SEV status MSR value in workarea
f1d1c337e7 OvmfPkg/BaseMemEncryptLib: use the SEV_STATUS MSR value from workarea
b1b89f9009 MdeModulePkg: Correct high-memory use in NvmExpressDxe
84338c0d49 MdeModulePkg: Replace Opcode with the corresponding instructions.
d3febfd9ad MdePkg: Replace Opcode with the corresponding instructions.
7bc8b1d9f4 SourceLevelDebugPkg: Replace Opcode with the corresponding instructions.
2aa107c0aa UefiCpuPkg: Replace Opcode with the corresponding instructions.
bbaa00dd01 MdePkg: Remove the macro definitions regarding Opcode.
6a890db161 BaseTools: Upgrade the version of NASM tool
497ac7b6d7 UefiPayloadPkg/PayloadLoaderPeim: Use INT64 as input parameter
dc39554d58 edk2/MdeModulePkg/Debuglib: Add Standalone MM support
906242343f MdeModulePkg/GraphicsConsoleDxe: Check status to make sure no error
b422b0fcf9 EmulatorPkg/EmuGopDxe: Set ModeInfo after Open successfully
589d51df26 MdeModulePkg/Usb/Keyboard.c: Don't request protocol before setting
b909b4ad09 OvmfPkg: Make the Xen ELF header generator more flexible
0a707eb258 OvmfPkg: Xen: Use a new fdf include for the PVH ELF header
0015a4e0a8 OvmfPkg: Xen: Generate fdf include file from ELF header generator
9ac8c85d50 OvmfPkg: CloudHv: Remove VARS and CODE sections
e1c7f9b4e5 OvmfPkg: Generate CloudHv as a PVH ELF binary
d50d9e5549 OvmfPkg: CloudHv: Retrieve RSDP address from PVH
82bfd2e86d OvmfPkg: CloudHv: Rely on PVH memmap instead of CMOS
b83d0a6438 OvmfPkg: CloudHv: Add README
4a68176cb5 UefiCpuPkg: Extend SMM CPU Service with rendezvous support.
949b8a3d97 Maintainers.txt: Add new reviewer for UefiPayloadPkg
091b6a1197 UefiPayloadPkg: Add build option for Above 4G Memory
4adc364c75 UefiPayloadPkg: Fix case of protocol
79f2734e5a MdeModulePkg: Add a check for metadata size in NvmExpress Driver
af74efe494 UefiPayloadPkg: Make Boot Manager Key configurable
62fa37fe7b BlSupportSmm: fix definition of SetSmrr()
56530dec11 .pytool/Plugin/UncrustifyCheck: Output file diffs by default
2aac8bb7ef .pytool: Update to newest pytools
c63ef58698 .azurepipelines: Updated python version
f06941cc46 MdeModulePkg: Add bRefClkFreq card attribute programming support
2b175eeb6a RedfishPkg: fix memory leak issue
10b4c8f3b7 Maintainers: Update Maintainers.txt for edk2 Redfish modules
0fdd466c75 UefiCpuPkg/MpInitLib:remove optional in declaration
52e09dcd7a UefiCpuPkg: Support FFS3 GUID in SearchForBfvBase.asm
a13dfc769b MdeModulePkg/DxeIpl: Create 5-level page table for long mode
c8ea48bdf9 DynamicTablesPkg: Fix serial port namespace path in DBG2
414cd2a4d5 BaseTools/GenFw: Enhance GenFw to support PRM GCC build
33438f7354 EmulatorPkg/RedfishPlatformCredentialLib: Check EFI_SECURE_BOOT_MODE_NAME
5b56c52b5c EmulatorPkg/RedfishPlatformCredentialLib: Don't stop Redfish service
0531f61376 IntelFsp2Pkg: BaseFspDebugLibSerialPort Support for X64
411b3ff6dd IntelFsp2Pkg: BaseFspSwitchStackLib Support for X64
b429959bb6 MdeModulePkg/SdMmcPciHcDxe: Make timeout for SD card configurable
79a705fbaf UefiPayloadPkg: Hookup SD/MMC timeout
28eeb08d86 MdePkg/Include: Smbios Specification 3.5.0 changes
c1e662101a CryptoPkg: Add new hash algorithm ParallelHash256HashAll in BaseCryptLib.
267a92fef3 MdePkg/AcpiXX.h: Update Error Severity type for Generic Error Status Block
ec0b54849b IntelFsp2Pkg: BaseFspCommonLib Support for X64
5d8d8b5148 MdeModulePkg/NvmExpressDxe: fix check for Cap.Css
69218d5d28 MdeModulePkg/NvmExpressPei: fix check for NVM command set
bf9230a9f3 BaseTools: Add the FeatureFlagExpression usage to the Source Section
3115377bf0 BaseTools: Remove the redundant __FLEXIBLE_SIZE from PcdValueInit.c
4a2e1000a1 CryptoPkg: update openssl submodule to 1.1.1n
355515a06a CryptoPkg? Redefinition bug in CrtLibSupport.h.
7b005f344e BaseTools: fix gcc12 warning
85021f8cf2 BaseTools: fix gcc12 warning
22130dcd98 Basetools: turn off gcc12 warning
ec30a4a0c3 BaseTools:Support decimal version number in ECC check
3ef2071927 UefiCpuPkg: Update BFV searching algorithm in VTF0
691b178667 ShellPkg/AcpiView: Adds ACPI_PARSER bitfield parser
40004ff9d5 ShellPkg/AcpiView: PrintFormatter for FADT Flags field
7456990e8e MdeModulePkg/Ufs: bRefClkFreq attribute be programmed after fDeviceInit
237c966396 UefiPayloadPkg/UefiPayloadPkg.ci.yaml: Remove duplicated entry
76191052fd UefiPayloadPkg: Fix build error
449eb01a8d UefiPayloadPkg: Fix architecture in the build instruction
c248802e40 UefiPayloadPkg: Fix PciHostBridgeLib
2b4b8013fe UefiPayloadPkg/Library/PlatformBootManagerLib: Remove broken VGA detection
55637a2894 UefiPayloadPkg: Make Boot Timeout configurable
2268920afc .azurepipelines: Use Python 3.8
c3ca70669e .azurepipelines: Use windows-2019 VM image
3b0de44759 EmulatorPkg: Use windows-2019 VM image
75628d27c0 OvmfPkg: Use windows-2019 VM image
b328bb54c6 BaseTools/Bin: Update GCC ARM compiler version
3f0c788a5f MdePkg: Add Tdx.h
77228269e7 MdePkg: Update Cpuid.h for Tdx
818bc9596d MdePkg: Introduce basic Tdx functions in BaseLib
c3001cb744 MdePkg: Add TdxLib to wrap Tdx operations
eddcba40b5 UefiCpuPkg: Extend VmgExitLibNull to handle #VE exception
daf8f642f3 OvmfPkg: Extend VmgExitLib to handle #VE exception
de327f7d8a UefiCpuPkg/CpuExceptionHandler: Add base support for the #VE exception
ab9d790901 MdePkg: Add helper functions for Tdx guest in BaseIoLibIntrinsic
b6b2de8848 MdePkg: Support mmio for Tdx guest in BaseIoLibIntrinsic
d74e932681 MdePkg: Support IoFifo for Tdx guest in BaseIoLibIntrinsic
3571fc906f MdePkg: Support IoRead/IoWrite for Tdx guest in BaseIoLibIntrinsic
7bed7ae6c5 UefiCpuPkg: Support TDX in BaseXApicX2ApicLib
d983b102b3 MdePkg: Add macro to check SEV / TDX guest
88da06ca76 UefiCpuPkg: Enable Tdx support in MpInitLib
352eabdcd5 OvmfPkg: Add IntelTdx.h in OvmfPkg/Include/IndustryStandard
6a608255bb OvmfPkg: Add TdxMailboxLib
57bcfc3b06 OvmfPkg: Create initial version of PlatformInitLib
102cafedad OvmfPkg/PlatformInitLib: Add hob functions
9a9b33b3d6 OvmfPkg/PlatformPei: Move global variables to PlatformInfoHob
5a2574a82e OvmfPkg/PlatformPei: Refactor MiscInitialization
6d2ce5fd5c OvmfPkg/PlatformPei: Refactor MiscInitialization for CloudHV
3dd47f9544 OvmfPkg/PlatformPei: Refactor AddressWidthInitialization
432e4acd87 OvmfPkg/PlatformPei: Refactor MaxCpuCountInitialization
f3801cf26c OvmfPkg/PlatformPei: Refactor QemuUc32BaseInitialization
e510326245 OvmfPkg/PlatformPei: Refactor InitializeRamRegions
12e860a1e8 OvmfPkg/PlatformPei: Refactor MemMapInitialization
cec82a64cf OvmfPkg/PlatformPei: Refactor NoexecDxeInitialization
f53f449f15 OvmfPkg/PlatformPei: Refactor MiscInitialization
10460942ff OvmfPkg/PlatformInitLib: Create MemDetect.c
96047b6663 OvmfPkg/PlatformInitLib: Move functions to Platform.c
b22ac35b75 OvmfPkg: Update PlatformInitLib to process Tdx hoblist
ccca1c2d5d OvmfPkg/Sec: Declare local variable as volatile in SecCoreStartupWithStack
2b80269d98 OvmfPkg: Update Sec to support Tdx
6b27c11690 OvmfPkg: Check Tdx in QemuFwCfgPei to avoid DMA operation
bec9104201 MdeModulePkg: Skip setting IA32_ERER.NXE if it has already been set
fd306d1dbc MdeModulePkg: Add PcdTdxSharedBitMask
cc3620f304 UefiCpuPkg: Update AddressEncMask in CpuPageTable
e23f8f52fd OvmfPkg: Update PlatformInitLib for Tdx guest
cf17156d7d OvmfPkg: Update PlatformPei to support Tdx guest
9fdc70af6b OvmfPkg: Update AcpiPlatformDxe to alter MADT table
5aa8018639 OvmfPkg/BaseMemEncryptTdxLib: Add TDX helper library
fae5c1464d OvmfPkg: Add TdxDxe driver
07c721fea7 OvmfPkg/QemuFwCfgLib: Support Tdx in QemuFwCfgDxe
2520182122 OvmfPkg: Update IoMmuDxe to support TDX
c2e7be4055 OvmfPkg: Rename XenTimerDxe to LocalApicTimerDxe
299c44cd4f UefiCpuPkg: Setting initial-count register as the last step
c37cbc030d OvmfPkg: Switch timer in build time for OvmfPkg
580a6b616b OvmfPkg: Add TdxWorkArea definition
75942a52ae OvmfPkg: Add PrePiHobListPointerLibTdx
4fe2678411 OvmfPkg: Add PeilessStartupLib
1f29de4d20 OvmfPkg/IntelTdx: Add Sec to bring up both Legacy and Tdx guest
55fda68a80 OvmfPkg: Update TdxDxe to set TDX PCDs
f674fa9cde OvmfPkg: Update DxeAcpiTimerLib to read HostBridgeDevId in PlatformInfoHob
149ed8e421 OvmfPkg/IncompatiblePciDeviceSupportDxe: Refine the configuration
c477b2783f OvmfPkg/IncompatiblePciDeviceSupportDxe: Ignore OptionRom in Td guest
cb8349f01a MdeModulePkg: Update PciEnumeratorSupport to ignore OptionRom if needed
44a53a3bdd OvmfPkg: Introduce IntelTdxX64 for TDVF Config-B
7fda517c3d OvmfPkg: Add dependency of VariableSmm driver to make it work normally.
b953265a27 UefiPayloadPkg: Add a new DebugPrintErrorLevelLib instance
0023e35cf4 UefiPayloadPkg: Change some configuration of the payload
3e130e40fc UefiPayloadPkg: Consume the new added DebugPrintErrorLevelLib instance
f16b05a13b .pytool/Plugin/UncrustifyCheck: Update func to return absolute paths
dbfbaedb21 .pytool/Plugin/UncrustifyCheck: Add ignore file support
d932199d39 OvmfPkg: Revert Uncrustify formatting in VbeShim.h files
ad6816c319 OvmfPkg: Do not check VbeShim.h formatting with Uncrustify
d2998af211 PrmPkg: Add package and include headers
5f76c3e471 PrmPkg: Add PrmConfig protocol interface
e189e01af2 PrmPkg/PrmContextBufferLib: Add initial library instance
3f7af17c6b PrmPkg/PrmConfigDxe: Add initial driver
9276e0d2b9 PrmPkg: Add initial PrmSamplePrintModule
c63905aba7 PrmPkg: Add initial PrmSampleMemoryAllocationModule
27b1a840e4 PrmPkg: Add initial PrmSampleHardwareAccessModule
7c41ec47ca PrmPkg: Add initial PrmSampleContextBufferModule
97ab54c1b1 PrmPkg: Add initial package DSC file
d2cb6e67a4 Readme.md: Add initial content
e846797662 PrmPkg: Add ALLOCATE_CONTEXT_BUFFER_IN_FW build option
a6f8946bc9 PrmPkg: Enable variable growth for the PRM_MODULE_EXPORT macro
ef05955996 PrmPkg: Publish PRM operation region to support PRM ACPI _DSM invocation
f96517f4d0 PrmPkg: Export major/minor version in PRM module PE COFF header
50e1432a40 PrmPkg: Add initial PrmSsdtInstallDxe module
a409f4b67d PrmPkg: Remove PRM Module Update Lock
0797989c5d PrmPkg: Remove ALLOCATE_CONTEXT_BUFFER_IN_FW build flag
0b469caff6 PrmPkg/PrmContextBuffer.h: Add ACPI parameter support structures
be2c927d7c PrmPkg/PrmLoaderDxe: Add ACPI parameter buffer support
c1a7a50f67 PrmPkg/PrmSampleContextBufferModule: Remove OS debug print requirement
4c8486fd72 PrmPkg/PrmSampleHardwareAccessModule: Add non-print PRM handlers
7217263514 PrmPkg/SampleAcpiParameterBufferModule: Add initial module
fec018624c PrmPkg/HardwareAccessModuleConfigLib: Add initial library
d10b8dc5d8 PrmPkg/Samples/Readme.md: Add initial file
6b7dde7cdd PrmPkg: Refactor some PrmLoaderDxe functionality into libraries
4348c72ad0 PrmPkg/Application/PrmInfo: Add initial application
e10c776487 PrmPkg: Enforce stricter types
2e55b0cd9e PrmPkg/Test/PrmPkgHostTest.dsc: Add initial file
3599f5479d PrmPkg/Test/UnitTest/Library: Add initial UEFI Boot Services test lib
82d15dc6c1 PrmPkg/Library/DxePrmContextBufferLib: Add host-based unit tests
68ee42c991 PrmPkg/DxePrmModuleDiscoveryLib: Add initial host-based unit tests
c040831cf9 PrmPkg: Add PlatformGuid
a9302b89a9 PrmPkg: Update PRM OpRegion
f8e68587e2 Readme.md: Add iASL note and QEMU sample link
4a4aeaa446 PrmPkg: Replace PcdPrmPlatformGuid with EDKII_DSC_PLATFORM_GUID
17b2d64ced PrmPkg/Samples: Remove PrmSampleMemoryAllocationModule
050b2ba27d PrmPkg/Samples: Remove PrmSamplePrintModule
88f3d734f5 PrmPkg: Remove the concept of OS services
deea4e58b0 Readme.md: Add a link to PRM Specification
f3c11224b5 PrmPkg: Changes for edk2 repo transition
a298a84478 PrmPkg: Apply uncrustify changes
94f905b3bf MdeModulePkg/HiiDatabase: Fix Setup numeric default value incorrect issue
b8c5ba2337 BaseTools: efi_debugging.py: Add debugger agnostic dbg Python Classes
0d7fec9f79 BaseTools: Scripts/efi_gdb.py: Add gdb EFI commands and pretty Print
4f4afcd288 BaseTools: Scripts/efi_lldb.py: Add lldb EFI commands and pretty Print
bfefdc2c49 UefiPayloadPkg: Fix PciHostBridgeLib
676084303d UefiPayloadPkg: Support IA32 Build
63e155f24d UefiPayloadPkg: Add dependency of VariableSmm driver.
dab96cf02e UefiPayloadPkg: Add --quiet argument to Universal Payload build script
35a4b63247 NetworkPkg: Add PCDs for HTTP DNS RetryCount and RetryInterval
38a9afd0fb NetworkPkg/HttpDxe: Decofigure Tcp4 before reconfiguring
3974aa539e NetworkPkg/HttpDxe: Decofigure Tcp6 before reconfiguring
c43ff5188d NetworkPkg/HttpDxe: Add ConnectionClose flag fo HTTP_PROTOCOL
753fd319e2 NetworkPkg/HttpDxe: Detect 'Connection: close' header
12a50c9ce1 NetworkPkg/HttpDxe: Detect HTTP/1.0 servers
5576b17363 BaseTools: Fix DevicePath tool build failure issue
4352d115c4 CryptoPkg/CrtLibSupport: add fcntl.h
3b4b49cf00 CryptoPkg/CrtLibSupport: add strstr()
58771f4b2d CryptoPkg/CrtLibSupport: add INT_MIN
2759e42fbc CryptoPkg/CrtLibSupport: add UINT_MAX
fd5f347c84 CryptoPkg/CrtLibSupport: add MODULESDIR
03951e5645 CryptoPkg/CrtLibSupport: add off_t
fab6285a73 CryptoPkg/CrtLibSupport: fix strcpy
f5508a91e3 CryptoPkg/UnitTest: fix DH testcase
c411566fad pip-requirements.txt: Update basetools version to 0.1.17
8a5727c7a8 Maintainers.txt: Add Michael Kubacki as UnitTestFrameworkPkg maintainer
1a49e2aa3c CryptoPkg: Add instrinsics to support building ECC on IA32 windows
efc39e65e5 CryptoPkg: Reconfigure OpensslLib to add EC algorithms
0c901fcc20 CryptoPkg: Make EC source file config-able
f3da13461c CryptoPkg/TlsLibNull: Remove MU_CHANGE comment markers
4cfb28f12a UefiPayloadPkg: Fix the build failure
9bf7291d63 ShellPkg: Update smbiosview type 41 with SMBIOS 3.5 fields
630df8c86e IntelFsp2Pkg: X64 compatible changes to support PEI in 64bit
6f219bef55 IntelFsp2Pkg: Add FSPx_ARCH2_UPD support for X64
d40965b987 IntelFsp2Pkg: Update FSP_GLOBAL_DATA and FSP_PLAT_DATA for X64
00aa71ce20 IntelFsp2Pkg: FspSecCore support for X64
6bec5a66ea IntelFsp2Pkg: SecFspSecPlatformLibNull support for X64
4a6ed7e46a IntelFsp2WrapperPkg: Adopt FSPM_UPD_COMMON_FSP24 for X64
86a2f3c439 IntelFsp2WrapperPkg: BaseFspWrapperApiLib support for X64
91a03f78ba IntelFsp2WrapperPkg: SecFspWrapperPlatformSecLibSample support for X64
3d97733f44 MdePkg: Add CC_GUEST_TYPE in ConfidentialComputingGuestAttr.h
d020ac55b6 OvmfPkg: Replace GUEST_TYPE with CC_GUEST_TYPE
74a3eb975d MdePkg: Add CcProbeLibNull
2f44d77c68 OvmfPkg: Add CcProbeLib
2a7e1e890d OvmfPkg: Add CcProbeLib in *.dsc
7012cb73c4 MdePkg: Probe Cc guest in BaseIoLibIntrinsicSev
76fda1def3 OvmfPkg: Call CcProbe in SecMain.c instead of TsIsEnabled
532bd4ec38 CryptoPkg/Crt: fix strcpy build on older VS compilers
6d2baf9dfb PrmPkg/DxePrmContextBufferLib: Fix unit test GCC compilation errors
892787fed5 OvmfPkg/OvmfPkgX64: Adjust load sequence of TdxDxe and AmdSevDxe driver
b06a007b64 CryptoPkg: Declare PcdEcEnabled in Library consuming OpensslLib
fdfbf1fdab MdePkg: Update smbiosview type 9 with SMBIOS 3.5 fields
a85ae8d964 ShellPkg: Update smbiosview type 9 with SMBIOS 3.5 fields
2306555bf9 UefiPayloadPkg: Fix IA32 entry build failure
f4dfec6ca1 BaseTools: Move gPlatformFinalPcd to Datapipe and optimize size
ee582858c4 .azurepipelines: Add NOOPT to all package builds
2d9d605714 .pytool/Plugin/UncrustifyCheck: Add Azure DevOps UI debug instructions
b807174fec MdeModulePkg/GraphicsConsoleDxe: add modes
5a17629902 OvmfPkg: clear PcdConOut{Row,Column}
96e1d337e0 ArmVirtPkg: clear PcdConOut{Row,Column}
483d3bb716 ShellPkg: Update smbiosview type 0 with SMBIOS 3.5 fields
ecc79b092e OvmfPkg/VirtioGpuDxe: add VirtioGpuSendCommandWithReply
182122914c OvmfPkg/VirtioGpuDxe: add GetDisplayInfo to virtio-gpu spec header.
82c07f2cc7 OvmfPkg/VirtioGpuDxe: add VirtioGpuGetDisplayInfo
5f6ecaa398 OvmfPkg/VirtioGpuDxe: use GopQueryMode in GopSetMode
86de090b99 OvmfPkg/VirtioGpuDxe: move code to GopInitialize
916f90baa5 OvmfPkg/VirtioGpuDxe: query native display resolution from host
d372ab585a BaseTools/Conf: Fix Dynamic-Library-File template
cabd96ad03 OvmfPkg: restore CompatImageLoaderDxe chunk
4092f1d397 OvmfPkg/Bhyve: add support for QemuFwCfg
daa6cd8763 ArmPlatformPkg: Fix error message in Scripts/Ds5/edk2_debugger.py
5299568ce6 ArmPlatformPkg: Fix target initialisation in cmd_load_symbols.py
101f4c7892 ArmPlatformPkg: Fix EDK2_DSC check in Scripts/Makefile
a64b944942 BaseTools: Add FMMT Python Tool
826527c9db UefiPayloadPkg: Add definition for PayloadCommandLine HOB
d4eef3fe7c MdePkg: Add CpuLib to module INFs that depend on UefiCpuLib.
a63b086e69 IntelFsp2Pkg: Add CpuLib to module INFs that depend on UefiCpuLib
3afa0a2096 IntelFsp2WrapperPkg: Add CpuLib to module INFs that depend on UefiCpuLib.
1783b099d3 OvmfPkg: Add CpuLib to module INFs that depend on UefiCpuLib.
86d41c077e UefiCpuPkg: Add CpuLib to module INFs that depend on UefiCpuLib.
2434f6f206 UefiPayloadPkg: Add CpuLib to module INFs that depend on UefiCpuLib.
247a0fc65e OvmfPkg: Add README for TDVF
8079d4dc4f MdePkg: add SmmCpuRendezvousLib.h and SmmCpuRendezvousLibNull implement.
1a6c837638 UefiPayloadPkg: Fix the UPL build failure
29ae55a0b8 PcAtChipsetPkg: Change the flow of PcRtcInit()
a658ed30e5 MdeModulePkg/PCD: Pcd initialize DXE have assert
0e31124877 .pytool: Fix python command error in self introduction doc
43613b2fe8 CryptoPkg: Rename PCD about openssl EC configuration
f753c36209 CryptoPkg: Separate auto-generated openssl config and edk2 openssl config
499b0d5fa5 CryptoPkg: Update process_files.pl to automatically add PCD config option
a332ffb6ef CryptoPkg/openssl: update generated files
9dd964f5e5 CryptoPkg/openssl: disable codestyle checks for generated files
b5cd30a79b UefiCpuPkg: Revert "UefiCpuPkg: Enable Tdx support in MpInitLib"
ad629b5c5a OvmfPkg: Add MpInitLibDepLib related PPI/Protocol definitions
2f06e5af47 OvmfPkg: Add MpInitLibDepLib
b63a49e056 OvmfPkg/Sec: Install MpInitLibDepLib PPIs in SecMain.c
73d6d41de0 OvmfPkg/TdxDxe: Install MpInitLibDepLib protocols
deee7a100b OvmfPkg: Enable 2 different CpuMpPei and CpuDxe drivers
17702186b5 MdeModulePkg: PiSmmCore: Inspect memory guarded with pool headers
d0efa681b6 UefiPayloadPkg: Simplify code logic
57ebb2994d UefiPayloadPkg: Add Serial IO device path according to related protocol
ef01d63ef3 UefiPayloadPkg: Connect all root bridge in PlatformBootManagerBeforeConsole
35d9b7ea2d ArmPkg: Remove RVCT support
b55b6d33e4 ArmPlatformPkg: Remove RVCT support
e9eeb0ad2b CryptoPkg: Remove RVCT support
48b919cb14 MdePkg: Remove RVCT support
5621d81edf FatPkg: Remove RVCT support
cc070e9e0c NetworkPkg: Remove RVCT support
a744199470 ArmVirtPkg: Remove RVCT support
b7a446f224 EmbeddedPkg: Remove RVCT support
57c84113a1 OvmfPkg: Remove RVCT support
708620d29d BaseTools: Remove RVCT support
2d1138a1a8 .azurepipelines: Fix cspell version to v5.20.0
7b126978e1 .pytool/plugin/SpellCheck: Allow compound words
2189c71026 .pytool/plugin/SpellCheck: Add more common words
0903042b66 MdeModulePkg: Add Variable Flash Info HOB
60b519456c MdeModulePkg/VariableFlashInfoLib: Add initial library
4dbebc2d10 MdeModulePkg/Variable: Consume Variable Flash Info
8db39c60cd MdeModulePkg/FaultTolerantWrite: Consume Variable Flash Info
524a15c1fa ArmVirtPkg/ArmVirt.dsc.inc: Add VariableFlashInfoLib
a69eac7578 EmulatorPkg: Add VariableFlashInfoLib
a7d3d4e7c4 OvmfPkg: Add VariableFlashInfoLib
1f026ababf UefiPayloadPkg: Add VariableFlashInfoLib
a72d552f19 OvmfPkg/OvmfPkgX64: Use different CcProbeLib when SMM is on or off
a21a3438f7 OvmfPkg: Make an Ia32/X64 hybrid build work with SEV
9c733f0b90 OvmfPkg: TdxDxe: Fix AsmRelocateApMailBoxLoop
07c0c2eb0a OvmfPkg: fix PcdFSBClock
16779ede2d Removed prefix to match AsmRelocateApMailBoxLoopStart
- Removed patches in ovmf-bsc1196879-sev-fix.patch which are merged to mainline:
- OvmfPkg/AmdSev: reserve snp pages
- de463163d9 edk2-stable202205-rc1~292
- OvmfPkg/ResetVector: cache the SEV status MSR value
- 63c50d3ff2 edk2-stable202205-rc1~291
- OvmfPkg/BaseMemEncryptLib: use the SEV_STATUS MSR
- f1d1c337e7 edk2-stable202205-rc1~290
- Add the following patches for building edk2-stable202205 with nasm-2.14 on
SLE15-SP3/SP4 and Leap 15.3/15.4. Those patches add marco back because
nasm-2.14 doesn't support corresponding instructions. (jsc#PED-1410)
- ovmf-Revert-MdePkg-Remove-the-macro-definitions-regarding.patch
ovmf-Revert-UefiCpuPkg-Replace-Opcode-with-the-correspond.patch
ovmf-Revert-SourceLevelDebugPkg-Replace-Opcode-with-the-c.patch
ovmf-Revert-MdePkg-Replace-Opcode-with-the-corresponding-.patch
ovmf-Revert-MdeModulePkg-Replace-Opcode-with-the-correspo.patch
- Then reverted 5 patches in 84338c0d49~..bbaa00dd01
MdeModulePkg: Replace Opcode with the corresponding
MdePkg: Replace Opcode with the corresponding
SourceLevelDebugPkg: Replace Opcode with the
UefiCpuPkg: Replace Opcode with the corresponding
MdePkg: Remove the macro definitions regarding Opcode.
- Change the size of ovmf-x86_64 to 4MB, otherwise OBS exposes the following error:
[ 266s] GenFv: ERROR 3000: Invalid
[ 266s] the required fv image size 0x1afed8 exceeds the set fv image size 0x1ac000
- [ovmf-x86_64]="-p OvmfPkg/OvmfPkgX64.dsc -D FD_SIZE_4MB"
++++ rsync:
- Add upstream patch rsync-3.2.5-slp.patch, as the one included in
the released tarball doesn't fully apply.
- Drop patch rsync-CVE-2022-29154.patch, already included upstream.
- Update to 3.2.5
* SECURITY FIXES:
- Added some file-list safety checking that helps to ensure that a rogue
sending rsync can't add unrequested top-level names and/or include recursive
names that should have been excluded by the sender. These extra safety
checks only require the receiver rsync to be updated. When dealing with an
untrusted sending host, it is safest to copy into a dedicated destination
directory for the remote content (i.e. don't copy into a destination
directory that contains files that aren't from the remote host unless you
trust the remote host). Fixes CVE-2022-29154.
- A fix for CVE-2022-37434 in the bundled zlib (buffer overflow issue).
* BUG FIXES:
- Fixed the handling of filenames specified with backslash-quoted wildcards
when the default remote-arg-escaping is enabled.
- Fixed the configure check for signed char that was causing a host that
defaults to unsigned characters to generate bogus rolling checksums. This
made rsync send mostly literal data for a copy instead of finding matching
data in the receiver's basis file (for a file that contains high-bit
characters).
- Lots of manpage improvements, including an attempt to better describe how
include/exclude filters work.
- If rsync is compiled with an xxhash 0.8 library and then moved to a system
with a dynamically linked xxhash 0.7 library, we now detect this and disable
the XX3 hashes (since these routines didn't stabilize until 0.8).
* ENHANCEMENTS:
- The [`--trust-sender`](rsync.1#opt) option was added as a way to bypass the
extra file-list safety checking (should that be required).
* PACKAGING RELATED:
- A note to those wanting to patch older rsync versions: the changes in this
release requires the quoted argument change from 3.2.4. Then, you'll want
every single code change from 3.2.5 since there is no fluff in this release.
- The build date that goes into the manpages is now based on the developer's
release date, not on the build's local-timezone interpretation of the date.
* DEVELOPER RELATED:
- Configure now defaults GETGROUPS_T to gid_t when cross compiling.
- Configure now looks for the bsd/string.h include file in order to fix the
build on a host that has strlcpy() in the main libc but not defined in the
main string.h file.
++++ timezone:
- timezone update 2022c:
* Work around awk bug
* Improve tzselect on intercontinental Zones
------------------------------------------------------------------
------------------ 2022-8-15 - Aug 15 2022 -------------------
------------------------------------------------------------------
++++ fde-tools:
- Fixed typo of tpm2_key_protector_clear
- Renamed to fde-tools-0.1
- included firstboot stuff
++++ gdk-pixbuf:
- avoid bashism in baselibs postscript (bsc#1195391)
++++ glibc:
- glibcextract-compile-c-snippet.patch: glibcextract.py: Add
compile_c_snippet
- sys-mount-kernel-definition.patch: linux: Mimic kernel definition for
BLOCK_SIZE
- sys-mount-usage.patch: linux: Fix sys/mount.h usage with kernel headers
++++ gtk3:
- avoid bashism in baselibs postscript (bsc#1195391)
++++ kernel-default:
- config.conf: reenable armv7hl configs
- Update config files for armv7hl (following x86_64 settings,
compiling as module unless DEBUG or DEPRECATED)
- commit 0329b6a
- Refresh
patches.rpmify/kbuild-dummy-tools-pretend-we-understand-__LONG_DOUB.patch.
Update upstream status.
- commit 8711731
- armv7hl: rebuilt as an overlay over default config
generated automatically with scripts/config-diff
- commit 1d75725
- armv6/v7: enable BT_VIRTIO
- commit ba8dcca
- Refresh and re-apply i8042 quirk patch for ASUS ZenBook (bsc#1190256)
- commit aeed1e4
- Update to 6.0-rc1
- eliminate 4 patches (all mainline)
- patches.suse/0001-drm-Always-warn-if-user-defined-modes-are-not-suppor.patch
- patches.suse/0001-drm-client-Don-t-add-new-command-line-mode.patch
- patches.suse/0001-drm-client-Look-for-command-line-modes-first.patch
- patches.suse/ath9k-fix-use-after-free-in-ath9k_hif_usb_rx_cb.patch
- disable
- patches.suse/Input-i8042-Apply-probe-defer-to-more-ASUS-ZenBook-m.patch
- refresh
- patches.suse/add-suse-supported-flag.patch
- patches.suse/add-product-identifying-information-to-vmcoreinfo.patch
- patches.suse/vfs-add-super_operations-get_inode_dev
- patches.suse/Revert-zram-remove-double-compression-logic.patch
- disable ARM architectures (need config update)
- new config options
- General setup
- CONTEXT_TRACKING_USER_FORCE=n
- RCU_NOCB_CPU_DEFAULT_ALL=n
- CGROUP_FAVOR_DYNMODS=n
- Power management and ACPI options
- PM_USERSPACE_AUTOSLEEP=n
- Networking support
- NF_FLOW_TABLE_PROCFS=y
- NET_DSA_TAG_RZN1_A5PSW=m
- File systems
- DLM_DEPRECATED_API=n
- Security options
- SECURITY_APPARMOR_INTROSPECT_POLICY=y
- SECURITY_APPARMOR_EXPORT_BINARY=y
- SECURITY_APPARMOR_PARANOID_LOAD=y
- IMA_KEXEC=n
- Cryptographic API
- CRYPTO_FIPS_NAME="Linux Kernel Cryptographic API"
- CRYPTO_FIPS_CUSTOM_VERSION=n
- CRYPTO_HCTR2=m
- CRYPTO_POLYVAL_CLMUL_NI=m
- CRYPTO_ARIA=m
- Kernel hacking
- SHRINKER_DEBUG=n
- RV=n
- PCI support
- PCI_EPF_VNTB=m
- Block devices
- BLK_DEV_UBLK=m
- NVME Support
- NVME_AUTH=n
- NVME_TARGET_AUTH=n
- Network device support
- NET_DSA_MICROCHIP_KSZ_SPI=m
- NET_VENDOR_WANGXUN=y
- TXGBE=m
- CAN_NETLINK=y
- CAN_CAN327=m
- CAN_ESD_USB=m
- Sound card support
- SND_CTL_FAST_LOOKUP=y
- SND_CTL_INPUT_VALIDATION=n
- SND_CTL_DEBUG=n
- SND_SOC_AMD_ST_ES8336_MACH=m
- SND_AMD_ASOC_REMBRANDT=m
- SND_SOC_AMD_RPL_ACP6x=m
- SND_SOC_INTEL_AVS_MACH_DA7219=m
- SND_SOC_INTEL_AVS_MACH_DMIC=m
- SND_SOC_INTEL_AVS_MACH_HDAUDIO=m
- SND_SOC_INTEL_AVS_MACH_I2S_TEST=m
- SND_SOC_INTEL_AVS_MACH_MAX98357A=m
- SND_SOC_INTEL_AVS_MACH_MAX98373=m
- SND_SOC_INTEL_AVS_MACH_NAU8825=m
- SND_SOC_INTEL_AVS_MACH_RT274=m
- SND_SOC_INTEL_AVS_MACH_RT286=m
- SND_SOC_INTEL_AVS_MACH_RT298=m
- SND_SOC_INTEL_AVS_MACH_RT5682=m
- SND_SOC_INTEL_AVS_MACH_SSM4567=m
- SND_SOC_SOF_METEORLAKE=m
- SND_SOC_TAS2780=n
- SND_SOC_WSA883X=n
- USB support
- UCSI_STM32G0=m
- TYPEC_ANX7411=m
- Microsoft Surface Platform-Specific Device Drivers
- SURFACE_AGGREGATOR_HUB=m
- SURFACE_AGGREGATOR_TABLET_SWITCH=m
- Industrial I/O support
- ENVELOPE_DETECTOR=n
- SD_ADC_MODULATOR=n
- VF610_ADC=n
- Misc devices
- TCG_TIS_I2C=m
- SPI_MICROCHIP_CORE=m
- PINCTRL_METEORLAKE=m
- SENSORS_LT7182S=m
- VIDEO_AR0521=m
- LEDS_IS31FL319X=m
- INFINIBAND_ERDMA=m
- XEN_VIRTIO_FORCE_GRANT=n
- VIDEO_STKWEBCAM=n
- PWM_CLK=m
- RESET_TI_TPS380X=n
- ANDROID_BINDER_IPC=n
- FPGA_MGR_MICROCHIP_SPI=m
- OF dependent (i386, ppc64/ppc64le, riscv64)
- VCPU_STALL_DETECTOR=m
- DRM_PANEL_EBBG_FT8719=n
- DRM_TI_DLPC3433=n
- DRM_LOGICVC=n
- DRM_IMX_LCDIF=n
- I2C_HID_OF_ELAN=m
- USB_ONBOARD_HUB=m
- RTC_DRV_NCT3018Y=m
- ppc64(le), s390x and riscv64
- SCSI_BUSLOGIC=m
- SCSI_FLASHPOINT=n
- ppc64le and riscv64
- CRYPTO_DEV_QAT_DH895xCC=m
- CRYPTO_DEV_QAT_C3XXX=m
- CRYPTO_DEV_QAT_C62X=m
- CRYPTO_DEV_QAT_4XXX=m
- CRYPTO_DEV_QAT_DH895xCCVF=m
- CRYPTO_DEV_QAT_C3XXXVF=m
- CRYPTO_DEV_QAT_C62XVF=m
- ppc64 / ppc64le
- PSERIES_PLPKS=y
- KVM_BOOK3S_HV_P9_TIMING=n
- KVM_BOOK3S_HV_P8_TIMING=n
- RANDOMIZE_KSTACK_OFFSET=y
- RANDOMIZE_KSTACK_OFFSET_DEFAULT=y
- PSERIES_WDT=m
- s390x
- VFIO_PCI_ZDEV_KVM=y
- riscv64
- ERRATA_THEAD_CMO=y
- NONPORTABLE=n
- RISCV_ISA_ZICBOM=y
- RANDOM_TRUST_CPU=y
- I2C_MICROCHIP_CORE=m
- SND_SOC_HDA=m
- USB_MUSB_POLARFIRE_SOC=m
- RTC_DRV_POLARFIRE_SOC=m
- commit c35dc38
++++ libjpeg-turbo:
- update to 2.1.4:
* Fixed a regression introduced in 2.1.3 that caused build failures with
Visual Studio 2010.
* The tjDecompressHeader3() function in the TurboJPEG C API and the
TJDecompressor.setSourceImage() method in the TurboJPEG Java API now
accept "abbreviated table specification" (AKA "tables-only") datastreams,
which can be used to prime the decompressor with quantization and Huffman
tables that can be used when decompressing subsequent "abbreviated image"
datastreams.
* libjpeg-turbo now performs run-time detection of AltiVec instructions on
OS X/PowerPC systems if AltiVec instructions are not enabled at compile
time. This allows both AltiVec-equipped (PowerPC G4 and G5) and
non-AltiVec-equipped (PowerPC G3) CPUs to be supported using the same
build of libjpeg-turbo.
* Fixed an error ("Bogus virtual array access") that occurred when
attempting to decompress a progressive JPEG image with a height less than
or equal to one iMCU (8 * the vertical sampling factor) using
buffered-image mode with interblock smoothing enabled. This was a
regression introduced by 2.1 beta1[6(b)].
* Fixed two issues that prevented partial image decompression from working
properly with buffered-image mode:
* Attempting to call jpeg_crop_scanline() after jpeg_start_decompress()
but before jpeg_start_output() resulted in an error ("Improper call to
JPEG library in state 207".)
* Attempting to use jpeg_skip_scanlines() resulted in an error ("Bogus
virtual array access") under certain circumstances.
++++ ncurses:
- Add ncurses patch 20220813
+ modify delscreen to more effectively delete all windows on the given
screen.
+ amend portability note for delwin in manual page.
+ adapt test/test_delwin.c from example by Bill Gray.
+ account for prescreen data if freeing leaks in pthread-configuration
+ split-out _nc_set_read_thread(), to reduce compiler warnings about
pthread_self(), which may/may not be a weak symbol.
+ improve pthread-configuration for test/worm.c
++++ shadow:
- Update to 4.12.1:
* Fix uk manpages
- Remove shadow-4.12-remove-uk.patch: fixed upstream
++++ systemd:
- Add patch 1001-statx.patch based on commit 3657d3a0
* to resolve conflicts with glibc 2.36 with <linux/fs.h>
* add dirty hack to get in src/basic/chattr-util.h,
src/home/homework.h, src/home/homework-fscrypt.c,
src/home/homed-manager.c, and src/home/homework-mount.c as well
to avoid that <linux/fs.h> does include <linux/mount.h>
++++ libvirt:
- Fix build with glibc 2.36
9493c9b7-lxc-containter-fix-build-with-glibc-2.36.patch,
c0d9adf2-virfile-Fix-build-with-glibc-2.36.patch
boo#1202321
++++ zeromq:
- drop xmlto and asciidoc buildrequires, these are only needed
for non-release builds which do not ship with prebuilt docs
------------------------------------------------------------------
------------------ 2022-8-14 - Aug 14 2022 -------------------
------------------------------------------------------------------
++++ vim:
- Updated to version 9.0.0203, fixes the following problems
* Textprop test with line2byte() fails on MS-Windows.
* Quarto files are not recognized.
* Extra space after virtual text when 'linebreak' is set.
* Virtual text prop highlight continues after truncation.
* Virtual text does not show if tehre is a text prop at same position. (Ben
Jackson)
* Virtual text without highlighting does not show. (Ben Jackson)
* Command line height changes when maximizing window height.
* Strange effects when using virtual text with "text_align" and non-zero
column. (Martin Tournoij)
* Invalid memory access for text prop without highlight.
* The way 'cmdheight' can be made zero is inconsistent.
* Messages test fails; window size incorrect when 'cmdheight' is made
smaller.
* Possible invalid memory access when 'cmdheight' is zero. (Martin Tournoij)
* Search and match highlgith interfere with virtual text highlight. (Ben
Jackson)
* Cursor displayed in wrong position after removing text prop. (Ben Jackson)
* Metafun files are not recogized.
* Finding value in list may require a for loop.
* Astro files are not detected.
* ml_get error when switching buffer in Visual mode.
* Cursor position wrong with two right-aligned virtual texts.
* cursor in a wrong positoin if 'wrap' is off and using two right aligned
text props in one line.
* CursorLine highlight overrules virtual text highlight.
* Code and help for indexof() is not ideal.
* Confusing variable name.
------------------------------------------------------------------
------------------ 2022-8-13 - Aug 13 2022 -------------------
------------------------------------------------------------------
++++ llvm15:
- Use black RPM macro magic to deduplicate binary lists. This
should have no effect on the generated RPM but shaves ~400 lines
off the specfile and hopefully makes future maintenance easier.
------------------------------------------------------------------
------------------ 2022-8-12 - Aug 12 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- Enable zink driver build on x86_64
++++ Mesa-drivers:
- Enable zink driver build on x86_64
++++ NetworkManager-branding-openSUSE:
- Expliciltly BuildRequire NetworkManager-branding-upstream:
branding-upstream is produced by NetworkManager and is guaranteed
to be the same version. Breaks a self-cycle.
++++ kernel-default:
- drm/amd/display: Removing assert statements for Linux
(bsc#1202366).
- drm/amd/display: Add SMU logging code (bsc#1202366).
- commit 9b717b4
- Refresh patches.suse/iwlwifi-module-firmware-ucode-fix.patch.
Now iwlwifi queries *-72.ucode, but again, this is non-existing version.
Correct to the existing *-71.ucode
- commit 58a95c5
++++ freetype2:
- spec-cleaner
- Move ftpdump from ft2demos to freetype - it's required by other
packages and doesn't require any of the toolkits, so move its
build early
++++ gcc12:
- Update to gcc-12 branch head, 6b7d570a5001bb79e34c0d1626a, git372
* includes release candidate for GCC 12.2
++++ xz:
- update to 5.2.6 (CVE-2022-1271, bsc#1198062):
* xz:
- The --keep option now accepts symlinks, hardlinks, and
setuid, setgid, and sticky files.
- When copying metadata from the source file to the destination
file, don't try to set the group (GID) if it is already set
correctly. This avoids a failure on OpenBSD (and possibly on
a few other OSes) where files may get created so that their
group doesn't belong to the user, and fchown(2) can fail even
if it needs to do nothing.
- Cap --memlimit-compress to 2000 MiB instead of 4020 MiB on
MIPS32 because on MIPS32 userspace processes are limited
to 2 GiB of address space.
* liblzma:
- Fixed a missing error-check in the threaded encoder. If a
small memory allocation fails, a .xz file with an invalid
Index field would be created. Decompressing such a file would
produce the correct output but result in an error at the end.
Thus this is a "mild" data corruption bug. Note that while
a failed memory allocation can trigger the bug, it cannot
cause invalid memory access.
- The decoder for .lzma files now supports files that have
uncompressed size stored in the header and still use the
end of payload marker (end of stream marker) at the end
of the LZMA stream. Such files are rare but, according to
the documentation in LZMA SDK, they are valid.
doc/lzma-file-format.txt was updated too.
- Improved 32-bit x86 assembly files:
* Support Intel Control-flow Enforcement Technology (CET)
* Use non-executable stack on FreeBSD.
* xzgrep:
- Fixed arbitrary command injection via a malicious filename
(CVE-2022-1271, ZDI-CAN-16587). A standalone patch for
this was released to the public on 2022-04-07. A slight
robustness improvement has been made since then and, if
using GNU or *BSD grep, a new faster method is now used
that doesn't use the old sed-based construct at all. This
also fixes bad output with GNU grep >= 3.5 (2020-09-27)
when xzgrepping binary files.
- Fixed detection of corrupt .bz2 files.
- Improved error handling to fix exit status in some situations
and to fix handling of signals: in some situations a signal
didn't make xzgrep exit when it clearly should have. It's
possible that the signal handling still isn't quite perfect
but hopefully it's good enough.
- Documented exit statuses on the man page.
- xzegrep and xzfgrep now use "grep -E" and "grep -F" instead
of the deprecated egrep and fgrep commands.
- Fixed parsing of the options -E, -F, -G, -P, and -X. The
problem occurred when multiple options were specied in
a single argument, for example,
echo foo | xzgrep -Fe foo
treated foo as a filename because -Fe wasn't correctly
split into -F -e.
- Added zstd support.
* xzdiff/xzcmp:
- Fixed wrong exit status. Exit status could be 2 when the
correct value is 1.
- Documented on the man page that exit status of 2 is used
for decompression errors.
- Added zstd support.
* xzless:
- Fix less(1) version detection. It failed if the version number
from "less -V" contained a dot.
++++ nfs-utils:
- Update to version 2.6.2
- https://kernel.org/pub/linux/utils/nfs-utils/2.6.2/2.6.2-Changelog
- Remove patches from this release:
- gcc12-fix.patch
- 0001-systemd-Apply-all-sysctl-settings-when-NFS-related-m.patch
- 0002-Update-autoconfig-files-to-work-with-v2.71.patch
- 0003-autoconf-change-tirpc-to-check-for-a-file-not-for-an.patch
- 0004-modprobe-protect-against-sysctl-errors.patch
- Refresh nfs-utils-1.0.7-bind-syntax.patch
- Added files:
- /usr/lib/udev/rules.d/99-nfs.rules
- /usr/libexec/nfsrahead
- /usr/sbin/rpcctl
- /usr/share/man/man5/nfsrahead.5.gz
- /usr/share/man/man8/rpcctl.8.gz
- Sort man page entries in %files section
++++ shadow:
- Update to 4.12:
* Add absolute path hint to --root
* Various cleanups
* Fix Ubuntu release used in CI tests
* add -F options to userad
* useradd manpage updates
* Check for ownerid (not just username) in subid ranges
* Declare file local functions static
* Use strict prototypes
* Do not drop const qualifier for Basename
* Constify various pointers
* Don't return uninitialized memory
* Don't let compiler optimize away memory cleaning
* Remove many obsolete compatibility checks and defines
* Modify ID range check in useradd
* Use "extern "C"" to make libsubid easier to use from C++
* French translation updates
* Fix s/with-pam/with-libpam/
* Spanish translation updates
* French translation fixes
* Default max group name length to 32
* Fix PAM service files without-selinux
* Improve manpages
- groupadd, useradd, usermod
- groups and id
- pwck
* Add fedora to CI builds
* Fix condition under which pw_dir check happens
* logoutd: switch to strncat
* AUTHORS: improve markdown output
* Handle ERANGE errors correctly
* Check for fopen NULL return
* Split get_salt() into its own fn juyin)
* Get salt before chroot to ensure /dev/urandom.
* Chpasswd code cleanup
* Work around git safe.directory enforcement
* Alphabetize order in usermod help
* Erase password copy on error branches
* Suggest using --badname if needed
* Update translation files
* Correct badnames option to badname
* configure: replace obsolete autoconf macros
* tests: replace egrep with grep -E
* Update Ukrainian translations
* Cleanups
- Remove redeclared variable
- Remove commented out code and FIXMEs
- Add header guards
- Initialize local variables
* CI updates
- Create github workflow to install dependencies
- Enable CodeQL
- Update actions version
* libmisc: use /dev/urandom as fallback if other methods fail
- Add shadow-4.12-remove-uk.patch:
Disable non working Ukranian translation for now
https://github.com/shadow-maint/shadow/issues/547
------------------------------------------------------------------
------------------ 2022-8-11 - Aug 11 2022 -------------------
------------------------------------------------------------------
++++ ALP-build-key:
- Update key for new SUSE:ALP location
++++ NetworkManager:
- Update to version 1.38.4:
+ Fix DAD for DHCPv6 addresses.
+ Wi-Fi: improvements for OWE networks.
+ Support EC private keys.
+ Various bugfixes.
++++ kernel-default:
- Linux 5.19.1 (bsc#1012628).
- x86/speculation: Add LFENCE to RSB fill sequence (bsc#1012628).
- x86/speculation: Add RSB VM Exit protections (bsc#1012628).
- macintosh/adb: fix oob read in do_adb_query() function
(bsc#1012628).
- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3586
(bsc#1012628).
- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3587
(bsc#1012628).
- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0CB8:0xC558
(bsc#1012628).
- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04C5:0x1675
(bsc#1012628).
- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04CA:0x4007
(bsc#1012628).
- Bluetooth: btusb: Add support of IMC Networks PID 0x3568
(bsc#1012628).
- dt-bindings: bluetooth: broadcom: Add BCM4349B1 DT binding
(bsc#1012628).
- Bluetooth: hci_bcm: Add DT compatible for CYW55572
(bsc#1012628).
- Bluetooth: hci_bcm: Add BCM4349B1 variant (bsc#1012628).
- Bluetooth: hci_qca: Return wakeup for qca_wakeup (bsc#1012628).
- arm64: set UXN on swapper page tables (bsc#1012628).
- ata: sata_mv: Fixes expected number of resources now IRQs are
gone (bsc#1012628).
- crypto: arm64/poly1305 - fix a read out-of-bound (bsc#1012628).
- ACPI: APEI: Better fix to avoid spamming the console with old
error logs (bsc#1012628).
- ACPI: video: Shortening quirk list by identifying Clevo by
board_name only (bsc#1012628).
- ACPI: video: Force backlight native for some TongFang devices
(bsc#1012628).
- tools/vm/slabinfo: Handle files in debugfs (bsc#1012628).
- block: fix default IO priority handling again (bsc#1012628).
- commit a5bf6c0
- mm/mprotect: fix soft-dirty check in can_change_pte_writable()
(bsc#1202013 CVE-2022-2590).
- commit 46cb433
- Refresh
patches.suse/Revert-zram-remove-double-compression-logic.patch.
Update upstream status.
- commit e707d80
- mm/gup: fix FOLL_FORCE COW security issue and remove FOLL_COW
(bsc#1202013 CVE-2022-2590).
- commit cbcf3e8
++++ podman:
- Update to version 4.2.0:
* Features
- Podman now supports the Gitlab Runner (using the Docker executor), allowing its use in Gitlab CI/CD pipelines.
- A new command has been added, podman pod clone, to create a copy of an existing pod. It supports several options, including --start to start the new pod, --destroy to remove the original pod, and --name to change the name of the new pod (#12843).
- A new command has been added, podman volume reload, to sync changes in state between Podman's database and any configured volume plugins (#14207).
- A new command has been added, podman machine info, which displays information about the host and the versions of various machine components.
- Pods created by podman play kube can now be managed by systemd unit files. This can be done via a new systemd service, podman-kube@.service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the Kubernetes pod or deployment contained in my.yaml under systemd.
- The podman play kube command now honors the RunAsUser, RunAsGroup, and SupplementalGroups setting from the Kubernetes pod's security context.
- The podman play kube command now supports volumes with the BlockDevice and CharDevice types (#13951).
- The podman play kube command now features a new flag, --userns, to set the user namespace of created pods. Two values are allowed at present: host and auto (#7504).
- The podman play kube command now supports setting the type of created init containers via the io.podman.annotations.init.container.type annotation.
- Pods now have include an exit policy (configurable via the --exit-policy option to podman pod create), which determines what will happen to the pod's infra container when the entire pod stops. The default, continue, acts as Podman currently does, while a new option, stop, stops the infra container after the last container in the pod stops, and is used by default for pods from podman play kube (#13464).
- The podman pod create command now allows the pod's name to be specified as an argument, instead of using the --name option - for example, podman pod create mypod instead of the prior podman pod create --name mypod. Please note that the --name option is not deprecated and will continue to work.
- The podman pod create command's --share option now supports adding namespaces to the set by prefacing them with + (as opposed to specifying all namespaces that should be shared) (#13422).
- The podman pod create command has a new option, --shm-size, to specify the size of the /dev/shm mount that will be shared if the pod shares its UTS namespace (#14609).
- The podman pod create command has a new option, --uts, to configure the UTS namespace that will be shared by containers in the pod.
- The podman pod create command now supports setting pod-level resource limits via the --cpus, --cpuset-cpus, and --memory options. These will set a limit for all containers in the pod, while individual containers within the pod are allowed to set further limits. Look forward to more options for resource limits in our next release!
- The podman create and podman run commands now include the -c short option for the --cpu-shares option.
- The podman create and podman run commands can now create containers from a manifest list (and not an image) as long as the --platform option is specified (#14773).
- The podman build command now supports a new option, --cpp-flag, to specify options for the C preprocessor when using Containerfile.in files that require preprocessing.
- The podman build command now supports a new option, --build-context, allowing the user to specify an additional build context.
- The podman machine inspect command now prints the location of the VM's Podman API socket on the host (#14231).
- The podman machine init command on Windows now fetches an image with packages pre-installed (#14698).
- Unused, cached Podman machine VM images are now cleaned up automatically. Note that because Podman now caches in a different directory, this will not clean up old images pulled before this change (#14697).
- The default for the --image-volume option to podman run and podman create can now have its default set through the image_volume_mode setting in containers.conf (#14230).
- Overlay volumes now support two new options, workdir and upperdir, to allow multiple overlay volumes from different containers to reuse the same workdir or upperdir (#14427).
- The podman volume create command now supports two new options, copy and nocopy, to control whether contents from the overmounted folder in a container will be copied into the newly-created named volume (copy-up).
- Volumes created using a volume plugin can now specify a timeout for all operations that contact the volume plugin (replacing the standard 5 second timeout) via the --opt o=timeout= option to podman volume create (BZ 2080458).
- The podman volume ls command's --filter name= option now supports regular expression matching for volume names (#14583).
- When used with a podman machine VM, volumes now support specification of the 9p security model using the security_model option to podman create -v and podman run -v.
- The remote Podman client's podman push command now supports the --remove-signatures option (#14558).
- The remote Podman client now supports the podman image scp command.
- The podman image scp command now supports tagging the transferred image with a new name.
- The podman network ls command supports a new filter, --filter dangling=, to list networks not presently used by any containers (#14595).
- The --condition option to podman wait can now be specified multiple times to wait on any one of multiple conditions.
- The podman events command now includes the -f short option for the --filter option.
- The podman pull command now includes the -a short option for the --all-tags option.
- The podman stop command now includes a new flag, --filter, to filter which containers will be stopped (e.g. podman stop --all --filter label=COM.MY.APP).
- The Podman global option --url now has two aliases: -H and --host.
- The podman network create command now supports a new option with the default bridge driver, --opt isolate=, which isolates the network by blocking any traffic from it to any other network with the isolate option enabled. This option is enabled by default for networks created using the Docker-compatible API.
- Added the ability to create sigstore signatures in podman push and podman manifest push.
- Added an option to read image signing passphrase from a file.
* Changes
- Paused containers can now be killed with the podman kill command.
- The podman system prune command now removes unused networks.
- The --userns=keep-id and --userns=nomap options to the podman run and podman create commands are no longer allowed (instead of simply being ignored) with root Podman.
- If the /run directory for a container is part of a volume, Podman will not create the /run/.containerenv file (#14577).
- The podman machine stop command on macOS now waits for the machine to be completely stopped to exit (#14148).
- All podman machine commands now only support being run as rootless, given that VMs only functioned when run rootless.
- The podman unpause --all command will now only attempt to unpause containers that are paused, not all containers.
- Init containers created with podman play kube now default to the once type (#14877).
- Pods created with no shared namespaces will no longer create an infra container unless one is explicitly requested (#15048).
- The podman create, podman run, and podman cp commands can now autocomplete paths in the image or container via the shell completion.
- The libpod/common package has been removed as it's not used anywhere.
- The --userns option to podman create and podman run is no longer accepted when an explicit UID or GID mapping is specified (#15233).
* Bugfixes
- Fixed a bug where bind-mounting /dev into a container which used the --init flag would cause the container to fail to start (#14251).
- Fixed a bug where the podman image mount command would not pretty-print its output when multiple images were mounted.
- Fixed a bug where the podman volume import command would print an unrelated error when attempting to import into a nonexistent volume (#14411).
- Fixed a bug where the podman system reset command could race against other Podman commands (#9075).
- Fixed a bug where privileged containers were not able to restart if the layout of host devices changed (#13899).
- Fixed a bug where the podman cp command would overwrite directories with non-directories and vice versa. A new --overwrite flag to podman cp allows for retaining the old behavior if needed (#14420).
- Fixed a bug where the podman machine ssh command would not preserve the exit code from the command run via ssh (#14401).
- Fixed a bug where VMs created by podman machine would fail to start when created with more than 3072MB of RAM on Macs with M1 CPUs (#14303).
- Fixed a bug where the podman machine init command would fail when run from C:\Windows\System32 on Windows systems (#14416).
- Fixed a bug where the podman machine init --now did not respect proxy environment variables (#14640).
- Fixed a bug where the podman machine init command would fail if there is no $HOME/.ssh dir (#14572).
- Fixed a bug where the podman machine init command would add a connection even if creating the VM failed (#15154).
- Fixed a bug where interrupting the podman machine start command could render the VM unable to start.
- Fixed a bug where the podman machine list --format command would still print a heading.
- Fixed a bug where the podman machine list command did not properly set the Starting field (#14738).
- Fixed a bug where the podman machine start command could fail to start QEMU VMs when the machine name started with a number.
- Fixed a bug where Podman Machine VMs with proxy variables could not be started more than once (#14636 and #14837).
- Fixed a bug where containers created using the Podman API would, when the Podman API service was managed by systemd, be killed when the API service was stopped (BZ 2052697).
- Fixed a bug where the podman -h command did not show help output.
- Fixed a bug where the podman wait command (and the associated REST API endpoint) could return before a container had fully exited, breaking some tools like the Gitlab Runner.
- Fixed a bug where healthchecks generated exec events, instead of health_status events (#13493).
- Fixed a bug where the podman pod ps command could return an error when run at the same time as podman pod rm (#14736).
- Fixed a bug where the podman systemd df command incorrectly calculated reclaimable storage for volumes (#13516).
- Fixed a bug where an exported container checkpoint using a non-default OCI runtime could not be restored.
- Fixed a bug where Podman, when used with a recent runc version, could not remove paused containers.
- Fixed a bug where the remote Podman client's podman manifest rm command would remove images, not manifests (#14763).
- Fixed a bug where Podman did not correctly parse wildcards for device major number in the podman run and podman create commands' --device-cgroup-rule option.
- Fixed a bug where the podman play kube command on 32 bit systems where the total memory was calculated incorrectly (#14819).
- Fixed a bug where the podman generate kube command could set ports and hostname incorrectly in generated YAML (#13030).
- Fixed a bug where the podman system df --format "{{ json . }}" command would not output the Size and Reclaimable fields (#14769).
- Fixed a bug where the remote Podman client's podman pull command would display duplicate progress output.
- Fixed a bug where the podman system service command could leak memory when a client unexpectedly closed a connection when reading events or logs (#14879).
- Fixed a bug where Podman containers could fail to run if the image did not contain an /etc/passwd file (#14966).
- Fixed a bug where the remote Podman client's podman push command did not display progress information (#14971).
- Fixed a bug where a lock ordering issue could cause podman pod rm to deadlock if it was run at the same time as a command that attempted to lock multiple containers at once (#14929).
- Fixed a bug where the podman rm --force command would exit with a non-0 code if the container in question did not exist (#14612).
- Fixed a bug where the podman container restore command would fail when attempting to restore a checkpoint for a container with the same name as an image (#15055).
- Fixed a bug where the podman manifest push --rm command could remove image, instead of manifest lists (#15033).
- Fixed a bug where the podman run --rm command could fail to remove the container if it failed to start (#15049).
- Fixed a bug where the podman generate systemd --new command would create incorrect unit files when the container was created with the --sdnotify parameter (#15052).
- Fixed a bug where the podman generate systemd --new command would fail when -h <hostname> was used to create the container (#15124).
* API
- The Docker-compatible API now supports API version v1.41 (#14204).
- Fixed a bug where containers created via the Libpod API had an incorrect umask set (#15036).
- Fixed a bug where the remote parameter to the Libpod API's Build endpoint for Images was nonfunctional (#13831).
- Fixed a bug where the Libpod List endpoint for Containers did not return the application/json content type header when there were no containers present (#14647).
- Fixed a bug where the Compat Stats endpoint for Containers could return incorrect memory limits (#14676).
- Fixed a bug where the Compat List and Inspect endpoints for Containers could return incorrect strings for container status.
- Fixed a bug where the Compat Create endpoint for Containers did not properly handle disabling healthchecks (#14493).
- Fixed a bug where the Compat Create endpoint for Networks did not support the mtu, name, mode, and parent options (#14482).
- Fixed a bug where the Compat Create endpoint for Networks did not allow the creation of networks name bridge (#14983).
- Fixed a bug where the Compat Inspect endpoint for Networks did not properly set netmasks in the SecondaryIPAddresses and SecondaryIPv6Addresses fields (#14674).
- The Libpod Stats endpoint for Pods now supports streaming output via two new parameters, stream and delay (#14674).
* Misc
- Podman will now check for nameservers in /run/NetworkManager/no-stub-resolv.conf if the /etc/resolv.conf file only contains a localhost server.
- The podman build command now supports caching with builds that specify --squash-all by allowing the --layers flag to be used at the same time.
- Podman Machine support for QEMU installations at non-default paths has been improved.
- The podman machine ssh command no longer prints spurious warnings every time it is run.
- When accessing the WSL prompt on Windows, the rootless user will be preferred.
- The podman info command now includes a field for information on supported authentication plugins for improved Docker compatibility. Authentication plugins are not presently supported by Podman, so this field is always empty.
- The podman system prune command now no longer prints the Deleted Images header if no images were pruned.
- The podman system service command now automatically creates and moves to a sub-cgroup when running in the root cgroup (#14573).
- Updated Buildah to v1.27.0 (fixes CVE-2022-21698 / bsc#1196338)
- Updated the containers/image library to v5.22.0
- Updated the containers/storage library to v1.42.0 (fixes bsc#1196751)
- Updated the containers/common library to v0.49.1
- Podman will automatically create a sub-cgroup and move itself into it when it detects that it is running inside a container (#14884).
- Fixed an incorrect release note about regexp.
- A new MacOS installer (via pkginstaller) is now supported.
++++ timezone:
- timezone update 2022b:
* Chile's DST is delayed by a week in September 2022 boo#1202324
* Iran no longer observes DST after 2022
* Rename Europe/Kiev to Europe/Kyiv
* New zic -R option
* Vanguard form now uses %z
* Finish moving duplicate-since-1970 zones to 'backzone'
------------------------------------------------------------------
------------------ 2022-8-10 - Aug 10 2022 -------------------
------------------------------------------------------------------
++++ cockpit-machines:
- Require qemu USB drivers needed by virt-install (bsc#1202166)
++++ iproute2:
- update to 5.19:
* ip/iplink_virt_wifi: add support for virt_wifi
* Update kernel headers
* libnetlink: Add filtering to rtnl_statsdump_req_filter()
* ipstats: Add a "set" command
* ipstats: Add a group "link"
* libbpf: Use bpf_object__load instead of bpf_object__load_xattr
* uapi: change name for zerocopy sendfile in tls
* bridge: vxlan device vnifilter support
* f_flower: Add num of vlans parameter
++++ kernel-default:
- config: Disable reiserfs kernel module (bsc#1202309).
Future access of reiserfs file systems can be done by using the FUSE
implementation of reiserfs that ships with GRUB.
$ grub2-mount <dev> /path/to/mountpoint
- commit db8891f
- kbuild: dummy-tools: pretend we understand __LONG_DOUBLE_128__
(ppc config fix).
- Update config files.
This sets PPC_LONG_DOUBLE_128 automatically and allows us to set
DRM_AMD_SECURE_DISPLAY too. I set it to y to copy other architectures.
- commit 48dfdff
++++ llvm15:
- Add WebAssembly support for all architectures.
++++ at-spi2-core:
- Update to version 2.45.90:
+ xml:
- Add some documentation.
- Fix event arguments.
- Add some missing DeviceEventController methods.
+ Bind the AT-SPI bus to the graphical session.
+ Mark bus service as belonging to the session slice.
+ Add ATSPI_ROLE_PUSH_BUTTON_MENU.
+ Add an "announcement" event/signal to allow objects to send
notifications.
+ Various code clean-ups and test improvements.
- Add pkgconfig(libxml-2.0) BuildRequires: New dependency.
- Add new sub-packages from the now included atk and at-spi2-atk
packages: libatk-1_0-0, libatk-bridge-2_0-0 and
typelib-1_0-Atk-1_0.
- Provide/Obsolete at-spi2-atk-gtk2 by the main package.
++++ efivar:
- Add efivar-bsc1202209-fix-glibc-2.36-build.patch to fix the build
error against glibc 2.36 (bsc#1202209)
++++ pango:
- Update to version 1.50.9:
+ Apply show flags to line separators.
+ Fix a thread-safety problem.
++++ openSUSE-build-key:
- add gpg-pubkey-29b700a4-62b07e22.asc (bsc#1199184)
++++ python-pbr:
- update to 5.9.0:
* Future-proofing pyproject.toml
* Use importlib-metadata for runtime package version lookups
* Drop wheel from pyproject.toml examples
* Changed minversion in tox to 3.18.0
++++ vim:
- Updated to version 9.0.0181, fixes the following problems
* Comment about tabpage line above the wrong code.
* After CTRL-Left-mouse click a mouse scroll also has CTRL.
* Debugger test may fail when $CWD is very long.
* Not enough characters accepted for 'spellfile'.
* Truncating virtual text after a line not implemented. Cursor positioning
wrong with Newline in the text.
* execute() does not use the "legacy" command modifier.
* "delmenu" does not remove autocmmands. Running menu test function
alone fails.
* Crash when adding and removing virtual text. (Ben Jackson)
* Cursor positioned after virtual text in empty line.
* Text property cannot override 'cursorline' highlight.
* Substitute that joins lines drops text properties.
* Missing part of change for "override" flag.
* Cursor positioned wrong after two text properties with virtual text and
"below" alignment. (Tim Pope)
* A "below" aligned text property gets 'showbreak' displayed.
* Test for fuzzy completion fails sometimes.
* Error for using #{ in an expression is a bit confusing.
* A "below" aligned text property does not work with 'nowrap'.
* Warning for unused argument in small build.
* No fold and sign column for virtual text with "below" align and 'nowrap'.
* Text properties wrong after splitting a line.
* Text properties with "right" and "after" alignment displayed wrong with
'nowrap'.
* Giving E1170 only in an expression is confusing.
* 'showbreak' displayed below truncated "after" text prop.
* With 'nowrap' "below" property not displayed correctly.
* Cannot build with small features.
* Some diff mode tests fail.
* Warning for uninitialized variable. (Tony Mechelynck)
* Text property "below" gets indent if 'breakindent' is set. (Tim Pope)
* Text property not adjusted for text inserted with "p".
* Using freed memory with put command.
* Looking up a text property type by ID is slow.
* When using text properties the line text length is computed twice.
* Checking for text properties could be a bit more efficient.
* Cursor positioned wrong with two virtual text properties close
together. (Ben Jackson)
* Insufficient testing for line2byte() with text properties.
* Various minor code formatting issues.
* Quickfix line highlight is overruled by 'cursorline'.
* Trying to allocate zero bytes.
* Assert fails only on MS-Windows.
* No error for using "#{ comment" in a compiled function.
* Spell checking for capital not working with trailing space.
* Checking character options is duplicated and incomplete.
* Cursor position wrong with 'virtualedit' and mouse click after end of
the line. (Hermann Mayer)
* Cursor position wrong with virtual text before Tab.
* Cursor position wrong with wrapping virtual text in empty line.
* Stray logfile appears when running tests.
------------------------------------------------------------------
------------------ 2022-8-9 - Aug 9 2022 -------------------
------------------------------------------------------------------
++++ coreutils:
- refresh coreutils-i18n.patch from Fedora to make expand and unexpand
more similar
++++ gdk-pixbuf:
- Update to version 2.42.9:
+ Fix the check for maximum value of LZW initial code size
(boo#1194633 CVE-2021-44648).
+ Use CMake for dependencies on Windows/MSVC.
+ Add option for building tests.
+ Move man pages to reStructuredText.
+ Disable relocation when built as a static libary on Windows.
+ Update wrap file for libjpeg-turbo.
+ Limit the memory size when loading image data.
- Add docutils and pkgconfig(gi-docgen) BuildRequires: New
dependencies.
++++ glib-networking:
- Update to version 2.74.beta:
+ Drop environment proxy resolver to lowest priority.
++++ kernel-default:
- Update config files -- set SECURITY_SELINUX_CHECKREQPROT_VALUE=0 (bsc#1202280)
- commit 6a791bc
- Revert "zram: remove double compression logic" (bsc#1202203).
- commit 9739fe2
- mt76: mt7921e: fix crash in chip reset fail (bsc#1201845).
- commit 6263241
- tools bpftool: Don't display disassembler-four-args feature test
(bsc#1202195).
- tools bpftool: Fix compilation error with new binutils
(bsc#1202195).
- tools bpf_jit_disasm: Don't display disassembler-four-args
feature test (bsc#1202195).
- tools bpf_jit_disasm: Fix compilation error with new binutils
(bsc#1202195).
- tools perf: Fix compilation error with new binutils
(bsc#1202195).
- tools include: add dis-asm-compat.h to handle version
differences (bsc#1202195).
- tools build: Don't display disassembler-four-args feature test
(bsc#1202195).
- tools build: Add feature test for init_disassemble_info API
changes (bsc#1202195).
- commit fa8853d
- series.conf: remove blank line from sorted section
It causes troubles when adding multiple patches -- the current ones are
duplicated then.
- commit 309e362
++++ llvm15:
- Add llvm-glibc-2-36.patch in order to address boo#1202215.
++++ util-linux:
- Use %_pam_vendordir
++++ libcontainers-common:
- Fix obvious typo in containers.conf
++++ ncurses:
- Add ncurses patch 20220806
+ amend end_of_stream() to allow for input files without a final
newline.
+ check for non-textfiles to tic.
++++ libnftnl:
- Update to release 1.2.3
* This release includes a compile time bugfix with clang and
- D_FORTIFY_SOURCE=2.
++++ polkit:
- Update to version 121:
+ Addition of duktape as a JS engine backend.
+ Other small fixes and improvements. For more details, visit:
gitlab.freedesktop.org/polkit/polkit/-/blob/121/NEWS.md
+ Updated translations.
- Drop merged-upstream patches:
+ CVE-2021-4034-pkexec-fix.patch;
+ 0001-CVE-2021-4115-GHSL-2021-077-fix.patch;
+ duktape-support.patch;
+ pkexec.patch.
- Replace Intltool with Gettext as a build requirement following
the migration from last release (0.120).
- Add Meson as a build requirement while dropping Libtool and
replace all Autotools macros with Meson ones. And pass the
following options to Meson: session_tracking=libsystemd-login;
systemdsystemunitdir=%{_unitdir}; os_type=suse;
pam_module_dir=%{_pam_moduledir}; pam_prefix=%{_pam_vendordir};
examples=true; tests=true; gtk_doc=true; man=true and
js_engine=duktape.
- Drop no longer needed Libtool as a build requirement, following
Autotools replacement.
- Add explicit pkgconfig module build requirements for glib-2.0 and
gobject-2.0 that are searched by the build scripts. They were
already being pulled by their siblings [pkgconfig(gio-2.0) and
pkgconfig(gio-unix-2.0)].
- Drop conditional macro, which was wrapping "BuildArch: noarch"
for the doc subpackage, based on long gone EOLed (open)SUSE
release (11.2).
- Add missing 'Requires(post): permissions' for the pkexec
subpackage.
- Add python3-dbus-python and python3-python-dbusmock as build
requirements in order to run test in the check section.
- Add polkit-fix-pam-prefix.patch to use the value of pam_prefix
Meson option, like it was designed to, rather than hard-coded
path for pam configuration files.
- Remove unneeded executable bit from 50-default.rules file.
++++ shadow:
- Remove duplicate pam.d/useradd entry
- Provide /etc/login.defs.d on SLE15 since we support and use it
++++ usbredir:
- Update to version 0.13.0:
+ Fix regression on unserialize data
+ Removes usbredirserver
+ Improved header length checks when unserialising data
+ Fix usage of command line argument in usbredirect
+ Fix small memory leak on usbredirect
- Drop 9426fdb1.patch and dffc41c3.patch: fixed upstream.
- Drop
0001-Use-D_FORTIFY_SOURCE-instead-of-Wp-D_FORTIFY_SOURCE.patch:
fixed upstream.
- Add keyring to validate source signature.
------------------------------------------------------------------
------------------ 2022-8-8 - Aug 8 2022 -------------------
------------------------------------------------------------------
++++ apparmor:
- add dnsmasq.diff: missing r permissions for dnsmasq//libvirt-leaseshelper
(boo#1202161)
++++ permissions:
- Fix dependency from permissions-zypp-plugin to permissions.
++++ coreutils:
- Remove python2 from buildrequires - appears to be a left over
++++ glib-networking:
- Update to version 2.74.alpha:
+ Add build option for toggling debug logging.
+ Move gettext() usage out of hot paths.
+ Fix tests build when using openssl.
+ Properly free libproxy lookup results and require libproxy
0.4.16.
+ Add additional validation for proxy lookup results.
+ Allow using static libraries via meson subprojects.
+ Updated translations.
- Update to version 2.72.2:
+ Drop environment proxy resolver to lowest priority.
++++ gnutls:
- FIPS: Port GnuTLS to use jitterentropy [bsc#1202146, jsc#SLE-24941]
* Add new dependency on jitterentropy
* Add gnutls-FIPS-jitterentropy.patch
++++ gpg2:
- Fix YubiKey 5 Nano support (boo#1202201), add
gnupg-2.3.7-scd-openpgp-Fix-workaround-for-Yubikey-heuristics.patch
++++ kbd:
- Use %_pam_vendordir
++++ libapparmor:
- add dnsmasq.diff: missing r permissions for dnsmasq//libvirt-leaseshelper
(boo#1202161)
++++ rdma-core:
- skip valgrind on riscv64
++++ gcc12:
- Remove workaround for obs-service-format_spec_file.
++++ libgcrypt:
- FIPS: Port libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941]
* Enable the jitter based entropy generator by default in random.conf
- Add libgcrypt-jitterentropy-3.3.0.patch
* Update the internal jitterentropy to version 3.4.0
- Add libgcrypt-jitterentropy-3.4.0.patch
++++ p11-kit:
- skip testsuite on qemu arches, it fails
++++ polkit:
- Use %_pam_vendordir
++++ shadow:
- Use %_pam_vendordir macro
++++ openssh:
- Use %_pam_vendordir
++++ read-only-root-fs:
- Update to version 1.0+git20220808.cd59f4f:
* Fix writableagain.conf
++++ sudo:
- Use %_pam_vendordir macro
- Fix errors around LICENSE.md (fixes building on SLE12 SP5 again)
------------------------------------------------------------------
------------------ 2022-8-7 - Aug 7 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- update to 22.1.5:
* radv: dynamic vertex input failure
* anv: KHR-GL46.tessellation_shader.single.xfb_captures_data_from_correct_stage fails on TGL
* anv: GTF-GL46.gtf32.GL3Tests.packed_pixels.packed_pixels_pbo failure
* anv: ICL hiz issue
* Error compiling gallium-nine on i686 using musl libc
* dEQP-VK.memory.mapping.dedicated_alloc failing on bsw and gen9atom
++++ Mesa-drivers:
- update to 22.1.5:
* radv: dynamic vertex input failure
* anv: KHR-GL46.tessellation_shader.single.xfb_captures_data_from_correct_stage fails on TGL
* anv: GTF-GL46.gtf32.GL3Tests.packed_pixels.packed_pixels_pbo failure
* anv: ICL hiz issue
* Error compiling gallium-nine on i686 using musl libc
* dEQP-VK.memory.mapping.dedicated_alloc failing on bsw and gen9atom
------------------------------------------------------------------
------------------ 2022-8-6 - Aug 6 2022 -------------------
------------------------------------------------------------------
++++ glib2:
- Update to version 2.73.3:
+ Revitalize G_REGEX_OPTIMIZE flag and use it to enable PCRE JIT
compiler.
+ Fix some regressions due to the PCRE2 port.
+ Fix a pidfd leak that was introduced in the previous release.
+ Support compilation without a C++ toolchain.
+ GDBus: Use namespace-friendly protocol for Linux message buses,
and optionally other connections.
+ Fix potential races in multi-threaded signal connections
handling.
+ Add back gio-launch-desktop to redirect stdout/stderr of
launched GDesktopAppInfo's to the journal with proper parent
+ Executables that are invoked when installing other software,
typically from packaging system triggers, can now be installed
into architecture-dependent locations. Unix OS distributors who
install GLib for more than one architecture in parallel
(multiarch or multilib installations) should consider building
with -Dmultiarch=true, installing the bin/glib-compile-schemas
and bin/gio-querymodules symbolic links in packages for the
primary architecture, and omitting those symlinks from packages
for secondary architectures.
+ Some enumerators introduced in previous releases have been
changed, for better introspection results:
- G_MARKUP_PARSE_FLAGS_NONE renamed to G_MARKUP_DEFAULT_FLAGS
- G_TLS_CERTIFICATE_FLAGS_NONE renamed to
G_TLS_CERTIFICATE_NO_FLAGS
- G_APPLICATION_FLAGS_NONE was deprecated, use
G_APPLICATION_DEFAULT_FLAGS now.
+ gfileinfo: Implement xattr attribute removal.
+ Add support to --delete option to gio set, to unset a file
attribute.
+ Improve default value of glib_debug option: G_ENABLE_DEBUG will
be defined only if using `--buildtype=debug` or enabled via
`-Dglib_debug`, but it won't ever be set if an optimized build
is requested (specifically if the optimization level is not `0`
or `g`) as it may be the case when using
`--buildtype=debugoptimized`.
+ Probably the first revision of any GNOME module ever released
from Cuba :)
+ Bugs fixed: glgo#GNOME/Glib#566, glgo#GNOME/Glib#1187,
glgo#GNOME/Glib#2509, glgo#GNOME/Glib#2542,
glgo#GNOME/Glib#2588, glgo#GNOME/Glib#2682,
glgo#GNOME/Glib#2692, glgo#GNOME/Glib#2694,
glgo#GNOME/Glib#2699, glgo#GNOME/Glib#2700,
glgo#GNOME/Glib#2703, glgo#GNOME/Glib#2705,
glgo#GNOME/Glib#2708, glgo#GNOME/Glib!2299,
glgo#GNOME/Glib!2759, glgo#GNOME/Glib!2812,
glgo#GNOME/Glib!2813, glgo#GNOME/Glib!2814,
glgo#GNOME/Glib!2815, glgo#GNOME/Glib!2818,
glgo#GNOME/Glib!2822, glgo#GNOME/Glib!2823,
glgo#GNOME/Glib!2825, glgo#GNOME/Glib!2826,
glgo#GNOME/Glib!2827, glgo#GNOME/Glib!2829,
glgo#GNOME/Glib!2830, glgo#GNOME/Glib!2832,
glgo#GNOME/Glib!2833, glgo#GNOME/Glib!2835,
glgo#GNOME/Glib!2836, glgo#GNOME/Glib!2851,
glgo#GNOME/Glib!2853, glgo#GNOME/Glib!2854.
+ Updated translations.
++++ kernel-default:
- Update
patches.suse/Revert-Revert-tcp-change-pingpong-threshold-to-3.patch
(bsc#1202188).
Add a reference and refresh.
- commit 5ea3c65
- Revert "Revert "tcp: change pingpong threshold to 3"" (eventlet
tests fix).
- commit 8268096
------------------------------------------------------------------
------------------ 2022-8-5 - Aug 5 2022 -------------------
------------------------------------------------------------------
++++ aaa_base:
- Update to version 84.87+git20220727.43b9e53:
* Use HOSTTYPE in MACHTYPE
* Move suse to VENDOR
* Use /var/mail for MAIL
++++ btrfsprogs:
- Remove reiserfs conversion from releases after SLE/Leap 15.X in
preparation to remove the reiserfs package.
++++ cockpit-tukit:
- Update to version 0.0.3~git28.b446f50:
* Add missing plurals
* Added translation using Weblate (Portuguese)
* Translated using Weblate (Polish)
* Add Swedish Translation
* added/corrected de.po for german
* initial version of czech translation
* Add support for dict-format snapshots List
* Fix URIError: malformed URI sequence
* Reformat spec to match Factory
++++ kernel-default:
- series.conf: cleanup
- update upstream references and resort:
- patches.suse/0001-drm-Always-warn-if-user-defined-modes-are-not-suppor.patch
- patches.suse/0001-drm-client-Don-t-add-new-command-line-mode.patch
- patches.suse/0001-drm-client-Look-for-command-line-modes-first.patch
- update upstream references and move into sorted section:
- patches.suse/ath9k-fix-use-after-free-in-ath9k_hif_usb_rx_cb.patch
- commit 35466a9
++++ kernel-firmware:
- Update to version 20220804 (git commit e6185d5197fd):
* linux-firmware: Update firmware file for Intel Bluetooth 9462
* linux-firmware: Update firmware file for Intel Bluetooth 9462
* linux-firmware: Update firmware file for Intel Bluetooth 9560
* linux-firmware: Update firmware file for Intel Bluetooth 9560
* linux-firmware: Update firmware file for Intel Bluetooth AX201
* linux-firmware: Update firmware file for Intel Bluetooth AX201
* linux-firmware: Update firmware file for Intel Bluetooth AX211
* linux-firmware: Update firmware file for Intel Bluetooth AX211
* linux-firmware: Update firmware file for Intel Bluetooth AX210
* linux-firmware: Update firmware file for Intel Bluetooth AX200
* linux-firmware: Update firmware file for Intel Bluetooth AX201
* Mellanox: Add new mlxsw_spectrum firmware xx.2010.3020
* linux-firmware: Add firmware for Cirrus CS35L41
* i915: Add GuC v70.4.1 for DG2
* i915: Add DMC v2.07 for DG2
* amdgpu partially revert "amdgpu: update beige goby to release 22.20"
* mediatek: Update mt8183/mt8192/mt8195 SCP firmware
* amdgpu: update renoir to release 22.20
* amdgpu: update beige goby to release 22.20
* amdgpu: update yellow carp to release 22.20
* amdgpu: update dimgrey cavefish to release 22.20
* amdgpu: update vega20 to release 22.20
* amdgpu: update vega12 to release 22.20
* amdgpu: update raven to release 22.20
* amdgpu: update navy flounder to release 22.20
* amdgpu: update vega10 to release 22.20
* amdgpu: update sienna cichlid to release 22.20
* amdgpu: update navi14 to release 22.20
* amdgpu: update green sardine to release 22.20
* amdgpu: update vangogh to release 22.20
* amdgpu: update navi12 to release 22.20
* amdgpu: update navi10 to release 22.20
* amdgpu: update picasso to release 22.20
* amdgpu: update aldebaran to release 22.20
* amdgpu: update psp 13.0.8 TA firmware
* WHENCE: Fix the dangling symlinks fix
- Revert the previous rtw88/rtw8822c_fw.bin change due to regression
on HP Pavilion 15 (bsc#1202152)
- Update alias from 5.19
++++ read-only-root-fs:
- Update to version 1.0+git20220805.4a3d850:
* Work around read-only state of subvolumes in a different way
++++ shim:
- Add logic to shim.spec for detecting --set-sbat-policy option before
using mokutil to set sbat policy. (bsc#1202120)
++++ virt-manager:
- Update to 4.1.0
* Fix build with setuptools-61 (Peter Alfredsen, Miro HronÄok)
* add UI and cli support for qemu-vdagent channel (Jonathon Jongsma)
* cli: More --iothreads suboptions (Lin Ma)
* launch_security: Use SEV-ES policy=0x07 if host supports it (Charles
* Arnold)
* cli: Add support for URL query with disks (Martin Kletzander)
- Drop patches merged upstream:
* c6107419-tests-Drop-usage-of-sgio-unfiltered.patch
* 90e13549-Fix-build-with-setuptools-61+.patch
* 46dc0616-setup-add-bits-for-setuptools-61.patch
* 9ac94ef7-tests-Fix-another-sgio-filtered-case.patch
* 34662fec-tests-Fix-with-latest-argcomplete.patch
* d51541e1-Fix-UI-rename-with-firmware-efi.patch
* b8a77805-domain-cpu-Clear-migratable-when-changing-to-custom-cpu.patch
* 0d84bcfb-cli-Add-iothreadids-attributes-thread_pool_min-and-thread_pool_max.patch
* 424283ad-launch_security-Use-SEV-ES-policy-0x07-if-host-supports-it.patch
- Refresh patches
* virtman-add-tooltip-to-firmware.patch
- - changed surrounding imports
* virtinst-set-cache-mode-unsafe-for-install.patch
- - the patch changes the expected output in tests
- Refresh test skips
------------------------------------------------------------------
------------------ 2022-8-4 - Aug 4 2022 -------------------
------------------------------------------------------------------
++++ protobuf:
- add 10355.patch to fix soversioning
------------------------------------------------------------------
------------------ 2022-8-3 - Aug 3 2022 -------------------
------------------------------------------------------------------
++++ glib2:
- Update to version 2.73.2:
+ Replace PCRE1 with PCRE2.
+ Preserve destruction order in gdataset, fixing various crashes
during objects disposal.
+ Require C99 __VA_ARGS__.
+ Add NONE or DEFAULT members to most flags types.
+ GFile: Add some missing async APIs.
+ Improve internal and process documentation.
+ Add atomic compare-and-exchange APIs returning previous value.
+ Add G_DEFINE_ENUM_TYPE and G_DEFINE_ENUM_VALUE macros.
+ Add platform-independent G_ALWAYS_INLINE and G_NO_INLINE.
+ Use waitid() on pidfds rather than a global SIGCHLD handler.
++++ grep:
- Skip more gnulib tests in qemu build
++++ texinfo:
- In case of an update of package info: do never remove existing
info page from dir file (boo#1201852)
++++ kernel-default:
- Update config files (bsc#1184924).
+RANDOM_TRUST_BOOTLOADER on arm
This is set on all other platforms in Tumbleweed, and only on ARM in
Leap. The ARM platform is unique in that it can have random source
defined in EFI firmware as well as device tree, and we don't test this
configuration in Factory because of the inverted config situation
betwween Tumbleweed and Leap.
- commit 1275841
++++ libbpf:
- Update to release 0.8.1:
* make shared xsk creation network namespace aware
++++ libcontainers-common:
- Resync containers.conf / storage.conf with Fedora
- Create /etc/containers/registries.conf.d and
add 000-shortnames.conf to it.
++++ harfbuzz:
- harfbuzz 5.1.0:
+ More extensive buffer tracing messages
+ Fix hb-ft regression in bitmap fonts rendering
+ Support extension promotion of lookups in hb-subset-repacker
+ A new HB_GLYPH_FLAG_SAFE_TO_INSERT_TATWEEL for scripts that use
elongation (e.g. Arabic) to signify where it is safe to insert
tatweel glyph without interrupting shaping
+ Add --safe-to-insert-tatweel to hb-shape tool
- add harfbuzz-5.1.0-repacker-fix-signedness-of-char-in-tests.patch
from upstream to fix ARM and PPC builds
++++ jitterentropy:
- updated to 3.4.0
* enhancement: add API call jent_set_fips_failure_callback as requested by Daniel Ojalvo
* fix: Change the SHA-3 integration: The entropy pool is now a SHA-3 state.
It is filled with the time delta containing entropy and auxiliary data that does not contain entropy using a SHA update operation. The auxiliary data is calculated by a SHA-3 hashing of some varying state data. The time delta that contains entropy is measured about the SHA-3 hasing of the auxiliary data. This satisfies FIPS 140-3 IG D.K resolutions 4, 6, and 8.
* enhancement: add CMake support by Andrew Hopkins
- updated to 3.3.1
* fix: bug fix in initialization logic by Vladis Dronov <vdronov@redhat.com>
* fix: use __asm__ instead of asm to suit the C11 standard
- added a -devel-static package to be able to link it static.
++++ polkit:
- add split-provides for polkit:/usr/bin/pkexec. (bsc#1202070)
++++ python-M2Crypto:
- update CVE-2020-25657-Bleichenbacher-attack.patch to actually
contain the fix rather than just being empty (CVE-2020-25657,
bsc#1178829)
++++ vim:
- Updated to version 9.0.0135, fixes the following problems
- boo#1202046 - CVE-2022-2571
- boo#1202049 - CVE-2022-2580
- boo#1202050 - CVE-2022-2581
- boo#1202051 - CVE-2022-2598
* Coverity warns for double free.
* Some compilers warn for using an uninitialized variable. (Tony Mechelynck)
* No test for what patch 8.1.1424 fixes.
* When switching window in autocmd the restored cursor position may be wrong.
* Star register is changed when deleting and both "unnamed" and "unnamedplus"
are in 'clipboard'.
* Error in autoload script not reported for 'foldexpr'.
* Compiler warning for size_t to int conversion.
* Command line completion of user command may have duplicates. (Dani
Dickstein)
* Cannot interrupt global command from command line.
* ModeChanged event not triggered when leaving the cmdline window.
* Using "terraform" filetype for .tfvars file is bad.
* ":write" fails after ":file name" and then ":edit".
* Tabline is not redrawn when entering command line.
* MS-Windows: CTRL-[ on Belgian keyboard does not work like Esc.
* Pattern for detecting bitbake files is not sufficient.
* Fuzzy argument completion doesn't work for shell commands.
* No error when assigning bool to a string option with setwinvar().
* Duplicate error number.
* Plugins cannot change v:completed_item.
* Sway config files are recognized as i3config.
* Cursor restored unexpected with nested autocommand.
* Conditions are always true.
* Flag "new_value_alloced" is always true.
* Long quickfix line is truncated for :clist.
* missing include file in timer_create configure check.
* Scrollback can be wrong after redrawing the command line.
* Get hit-enter prompt for system() when '!' is in 'guioptions'.
* Invalid memory access in diff mode with "dp" and undo.
* Reading past end of line with insert mode completion.
* If running configure with cached results -lrt may be missing.
* Illegal memory access when pattern starts with illegal byte.
* Illegal byte regexp test doesn't fail when fix is reversed.
* Condition always has the same value.
* Configure check for timer_create may give wrong error.
* Writing over the end of a buffer on stack when making list of spell
suggestions.
* Help tag generation picks up words in code examples.
* "nocombine" is missing from synIDattr().
* has() is not strict about parsing the patch version.
* The command line takes up space even when not used.
* When 'cmdheight' is zero pressing ':' may scroll a window.
* Virtual text not displayed if 'signcolumn' is "yes".
* Text of removed textprop with text is not freed.
* No test for what patch 9.0.0155 fixes.
* Tiny chance that creating a backup file fails.
* Cannot put virtual text after or below a line.
* Breakindent test fails.
* Cannot build with small features.
* Code has more indent than needed.
* Cursor positioned wrong with virtual text after the line.
* Expanding file names fails in directory with more than 255 entries.
* Unused variable.
* Coverity complains about possible double free.
* Compiler warning for int/size_t usage.
* Cursor position wrong when inserting around virtual text.
* Virtual text with Tab is not displayed correctly.
* Multi-byte characters in virtual text not handled correctly.
* Virtual text after line moves to joined line. (Yegappan Lakshmanan)
* No test for text property with column zero.
++++ virt-manager:
- Upstream bug fixes (bsc#1027942)
c6107419-tests-Drop-usage-of-sgio-unfiltered.patch
9ac94ef7-tests-Fix-another-sgio-filtered-case.patch
b8a77805-domain-cpu-Clear-migratable-when-changing-to-custom-cpu.patch
0d84bcfb-cli-Add-iothreadids-attributes-thread_pool_min-and-thread_pool_max.patch
90e13549-Fix-build-with-setuptools-61+.patch
424283ad-launch_security-Use-SEV-ES-policy-0x07-if-host-supports-it.patch
- Modified virtman-add-sev-memory-support.patch
- Renamed upstream patches
virtman-pr381-setuptools-61.patch to
46dc0616-setup-add-bits-for-setuptools-61.patch
virtman-34662fe-argcomplete.patch to
34662fec-tests-Fix-with-latest-argcomplete.patch
------------------------------------------------------------------
------------------ 2022-8-2 - Aug 2 2022 -------------------
------------------------------------------------------------------
++++ coreutils:
- add missing hostname buildrequires
++++ transactional-update:
- Version 4.0.0
- Last minute interface change: Changed "List" method of Snapshot D-Bus
interface to return a map of properties instead of a comma separated
list of strings; this will allow retrieving the snapshot properties
even if they contain a comma in their value [boo#1202147]
- Remove "Snapshot.hpp" as a public API for now - all public
functionality is part of SnapshotManager.hpp
- Add header file documentation for SnapshotManager.hpp
- Add method to delete snapshot
[gh#openSUSE/transactional-update#52]
- Allow setting description of snapshot
[gh#openSUSE/transactional-update#55]
- create_dirs_from_rpmdb: set SELinux file context of missing directories
[gh#openSUSE/transactional-update#84], [bsc#1197242]
- Fix broken logrotate due to typo in config file
[gh#openSUSE/transactional-update#87]
- create_dirs_from_rpmdb: Fix handling return code of create_dirs()
[gh#openSUSE/transactional-update#86]
- Fix broken "shell" prompt after selfupdate
- Add documented D-Bus interface definition files
- Add tukit_sm_get_current and tukit_sm_get_default to C interface
- Fixed typos
++++ glibc:
- Update to glibc 2.36
Major new features:
* Support for DT_RELR relative relocation format has been added to
glibc
* On Linux, the pidfd_open, pidfd_getfd, and pidfd_send_signal functions
have been added
* On Linux, the process_madvise function has been added
* On Linux, the process_mrelease function has been added
* The “no-aaaa†DNS stub resolver option has been added
* On Linux, the fsopen, fsmount, move_mount, fsconfig, fspick, open_tree,
and mount_setattr have been added
* localedef now accepts locale definition files encoded in UTF-8
* Support for the mbrtoc8 and c8rtomb multibyte/UTF-8 character conversion
functions has been added per the ISO C2X N2653 and C++20 P0482R6 proposals
* The functions arc4random, arc4random_buf, and arc4random_uniform have been
added
Deprecated and removed features, and other changes affecting compatibility:
* Support for prelink will be removed in the next release
* The Linux kernel version check has been removed along with the
LD_ASSUME_KERNEL environment variable
* On Linux, The LD_LIBRARY_VERSION environment variable has been removed
- get-nprocs-sched-uninit-read.patch, get-nprocs-inaccurate.patch,
strcmp-rtm-fallback.path, pt-load-invalid-hole.patch,
localedef-ld-monetary.patch, nptl-spurious-eintr.patch,
strncpy-power9-vsx.patch, nptl-cleanup-async-restore.patch,
read-chk-cancel.patch, wcrtomb-fortify.patch,
nptl-cleanup-async-restore-2.patch: Removed
++++ kernel-default:
- Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).
- commit 9816878
++++ python310-core:
- Update to 3.10.6:
- gh-87389: http.server: Fix an open redirection vulnerability
in the HTTP server when an URI path starts with //.
Vulnerability discovered, and initial fix proposed, by Hamza
Avvan. (bsc#1202624, CVE-2021-28861)
- gh-92888: Fix memoryview use after free when accessing the
backing buffer in certain cases.
- gh-95355: _PyPegen_Parser_New now properly detects token
memory allocation errors. Patch by Honglin Zhu.
- gh-94938: Fix error detection in some builtin functions when
keyword argument name is an instance of a str subclass with
overloaded __eq__ and __hash__. Previously it could cause
SystemError or other undesired behavior.
- gh-94949: ast.parse() will no longer parse parenthesized
context managers when passed feature_version less than
(3, 9). Patch by Shantanu Jain.
- gh-94947: ast.parse() will no longer parse assignment
expressions when passed feature_version less than
(3, 8). Patch by Shantanu Jain.
- gh-94869: Fix the column offsets for some expressions in
multi-line f-strings ast nodes. Patch by Pablo Galindo.
- gh-91153: Fix an issue where a bytearray item assignment
could crash if it’s resized by the new value’s __index__()
method.
- gh-94329: Compile and run code with unpacking of extremely
large sequences (1000s of elements). Such code failed to
compile. It now compiles and runs correctly.
- gh-94360: Fixed a tokenizer crash when reading encoded
files with syntax errors from stdin with non utf-8 encoded
text. Patch by Pablo Galindo
- gh-94192: Fix error for dictionary literals with invalid
expression as value.
- gh-93964: Strengthened compiler overflow checks to prevent
crashes when compiling very large source files.
- gh-93671: Fix some exponential backtrace case happening with
deeply nested sequence patterns in match statements. Patch by
Pablo Galindo
- gh-93021: Fix the __text_signature__ for __get__() methods
implemented in C. Patch by Jelle Zijlstra.
- gh-92930: Fixed a crash in _pickle.c from mutating
collections during __reduce__ or persistent_id.
- gh-92914: Always round the allocated size for lists up to the
nearest even number.
- gh-92858: Improve error message for some suites with syntax
error before ‘:’
- gh-95339: Update bundled pip to 22.2.1.
- gh-95045: Fix GC crash when deallocating _lsprof.Profiler by
untracking it before calling any callbacks. Patch by Kumar
Aditya.
- gh-95087: Fix IndexError in parsing invalid date in the email
module.
- gh-95199: Upgrade bundled setuptools to 63.2.0.
- gh-95194: Upgrade bundled pip to 22.2.
- gh-93899: Fix check for existence of os.EFD_CLOEXEC,
os.EFD_NONBLOCK and os.EFD_SEMAPHORE flags on older kernel
versions where these flags are not present. Patch by Kumar
Aditya.
- gh-95166: Fix concurrent.futures.Executor.map() to cancel the
currently waiting on future on an error - e.g. TimeoutError
or KeyboardInterrupt.
- gh-93157: Fix fileinput module didn’t support errors option
when inplace is true.
- gh-94821: Fix binding of unix socket to empty address
on Linux to use an available address from the abstract
namespace, instead of “0â€.
- gh-94736: Fix crash when deallocating an instance of a
subclass of _multiprocessing.SemLock. Patch by Kumar Aditya.
- gh-94637: SSLContext.set_default_verify_paths() now releases
the GIL around SSL_CTX_set_default_verify_paths call. The
function call performs I/O and CPU intensive work.
- gh-94510: Re-entrant calls to sys.setprofile() and
sys.settrace() now raise RuntimeError. Patch by Pablo
Galindo.
- gh-92336: Fix bug where linecache.getline() fails on bad
files with UnicodeDecodeError or SyntaxError. It now returns
an empty string as per the documentation.
- gh-89988: Fix memory leak in pickle.Pickler when looking up
dispatch_table. Patch by Kumar Aditya.
- gh-94254: Fixed types of struct module to be immutable. Patch
by Kumar Aditya.
- gh-94245: Fix pickling and copying of typing.Tuple[()].
- gh-94207: Made _struct.Struct GC-tracked in order to fix a
reference leak in the _struct module.
- gh-94101: Manual instantiation of ssl.SSLSession objects is
no longer allowed as it lead to misconfigured instances that
crashed the interpreter when attributes where accessed on
them.
- gh-84753: inspect.iscoroutinefunction(),
inspect.isgeneratorfunction(), and
inspect.isasyncgenfunction() now properly return True
for duck-typed function-like objects like instances of
unittest.mock.AsyncMock.
- This makes inspect.iscoroutinefunction() consistent with the
behavior of asyncio.iscoroutinefunction(). Patch by Mehdi
ABAAKOUK.
- gh-83499: Fix double closing of file description in tempfile.
- gh-79512: Fixed names and __module__ value of weakref classes
ReferenceType, ProxyType, CallableProxyType. It makes them
pickleable.
- gh-90494: copy.copy() and copy.deepcopy() now always raise
a TypeError if __reduce__() returns a tuple with length 6
instead of silently ignore the 6th item or produce incorrect
result.
- gh-90549: Fix a multiprocessing bug where a global named
resource (such as a semaphore) could leak when a child
process is spawned (as opposed to forked).
- gh-79579: sqlite3 now correctly detects DML queries with
leading comments. Patch by Erlend E. Aasland.
- gh-93421: Update sqlite3.Cursor.rowcount when a DML
statement has run to completion. This fixes the row count
for SQL queries like UPDATE ... RETURNING. Patch by Erlend
E. Aasland.
- gh-91810: Suppress writing an XML declaration in open
files in ElementTree.write() with encoding='unicode' and
xml_declaration=None.
- gh-93353: Fix the importlib.resources.as_file() context
manager to remove the temporary file if destroyed late
during Python finalization: keep a local reference to the
os.remove() function. Patch by Victor Stinner.
- gh-83658: Make multiprocessing.Pool raise an exception if
maxtasksperchild is not None or a positive int.
- gh-74696: shutil.make_archive() no longer temporarily changes
the current working directory during creation of standard
.zip or tar archives.
- gh-91577: Move imports in SharedMemory methods to module
level so that they can be executed late in python
finalization.
- bpo-47231: Fixed an issue with inconsistent trailing slashes
in tarfile longname directories.
- bpo-46755: In QueueHandler, clear stack_info from LogRecord
to prevent stack trace from being written twice.
- bpo-46053: Fix OSS audio support on NetBSD.
- bpo-46197: Fix ensurepip environment isolation for subprocess
running pip.
- bpo-45924: Fix asyncio incorrect traceback when future’s
exception is raised multiple times. Patch by Kumar Aditya.
- bpo-34828: sqlite3.Connection.iterdump() now handles
databases that use AUTOINCREMENT in one or more tables.
- gh-94321: Document the PEP 246 style protocol type
sqlite3.PrepareProtocol.
- gh-86128: Document a limitation in ThreadPoolExecutor where
its exit handler is executed before any handlers in atexit.
- gh-61162: Clarify sqlite3 behavior when Using the connection
as a context manager.
- gh-87260: Align sqlite3 argument specs with the actual
implementation.
- gh-86986: The minimum Sphinx version required to build the
documentation is now 3.2.
- gh-88831: Augmented documentation of
asyncio.create_task(). Clarified the need to keep strong
references to tasks and added a code snippet detailing how to
to this.
- bpo-47161: Document that pathlib.PurePath does not collapse
initial double slashes because they denote UNC paths.
- gh-95280: Fix problem with test_ssl test_get_ciphers on
systems that require perfect forward secrecy (PFS) ciphers.
- gh-95212: Make multiprocessing test case
test_shared_memory_recreate parallel-safe.
- gh-91330: Added more tests for dataclasses to cover behavior
with data descriptor-based fields.
- gh-94208: test_ssl is now checking for supported TLS version
and protocols in more tests.
- gh-93951: In test_bdb.StateTestCase.test_skip, avoid
including auxiliary importers.
- gh-93957: Provide nicer error reporting from subprocesses in
test_venv.EnsurePipTest.test_with_pip.
- gh-57539: Increase calendar test coverage for
calendar.LocaleTextCalendar.formatweekday().
- gh-92886: Fixing tests that fail when running with
optimizations (-O) in test_zipimport.py
- bpo-47016: Create a GitHub Actions workflow for verifying
bundled pip and setuptools. Patch by Illia Volochii and Adam
Turner.
- gh-94841: Fix the possible performance regression of
PyObject_Free() compiled with MSVC version 1932.
- gh-95511: Fix the Shell context menu copy-with-prompts bug of
copying an extra line when one selects whole lines.
- gh-95471: In the Edit menu, move Select All and add a new
separator.
- gh-95411: Enable using IDLE’s module browser with .pyw files.
- gh-89610: Add .pyi as a recognized extension for IDLE on
macOS. This allows opening stub files by double clicking on
them in the Finder.
- gh-94538: Fix Argument Clinic output to custom file
destinations. Patch by Erlend E. Aasland.
- gh-94430: Allow parameters named module and self with custom
C names in Argument Clinic. Patch by Erlend E. Aasland
- gh-94930: Fix SystemError raised when
PyArg_ParseTupleAndKeywords() is used with # in (...) but
without PY_SSIZE_T_CLEAN defined.
- gh-94864: Fix PyArg_Parse* with deprecated format units “uâ€
and “Zâ€. It returned 1 (success) when warnings are turned
into exceptions.
- Reapply patches
- bpo-31046_ensurepip_honours_prefix.patch
- fix_configure_rst.patch
- no-skipif-doctests.patch
- skip-test_pyobject_freed_is_freed.patch
++++ libvirt:
- Update to libvirt 8.6.0
- Many incremental improvements and bug fixes, see
https://libvirt.org/news.html#v8-6-0-2022-08-01
++++ perl-Bootloader:
- move binaries from /sbin to /usr/sbin (boo#1191088)
- remove /boot/boot.readme while at it so we stay out of there
++++ python310:
- Update to 3.10.6:
- gh-87389: http.server: Fix an open redirection vulnerability
in the HTTP server when an URI path starts with //.
Vulnerability discovered, and initial fix proposed, by Hamza
Avvan. (bsc#1202624, CVE-2021-28861)
- gh-92888: Fix memoryview use after free when accessing the
backing buffer in certain cases.
- gh-95355: _PyPegen_Parser_New now properly detects token
memory allocation errors. Patch by Honglin Zhu.
- gh-94938: Fix error detection in some builtin functions when
keyword argument name is an instance of a str subclass with
overloaded __eq__ and __hash__. Previously it could cause
SystemError or other undesired behavior.
- gh-94949: ast.parse() will no longer parse parenthesized
context managers when passed feature_version less than
(3, 9). Patch by Shantanu Jain.
- gh-94947: ast.parse() will no longer parse assignment
expressions when passed feature_version less than
(3, 8). Patch by Shantanu Jain.
- gh-94869: Fix the column offsets for some expressions in
multi-line f-strings ast nodes. Patch by Pablo Galindo.
- gh-91153: Fix an issue where a bytearray item assignment
could crash if it’s resized by the new value’s __index__()
method.
- gh-94329: Compile and run code with unpacking of extremely
large sequences (1000s of elements). Such code failed to
compile. It now compiles and runs correctly.
- gh-94360: Fixed a tokenizer crash when reading encoded
files with syntax errors from stdin with non utf-8 encoded
text. Patch by Pablo Galindo
- gh-94192: Fix error for dictionary literals with invalid
expression as value.
- gh-93964: Strengthened compiler overflow checks to prevent
crashes when compiling very large source files.
- gh-93671: Fix some exponential backtrace case happening with
deeply nested sequence patterns in match statements. Patch by
Pablo Galindo
- gh-93021: Fix the __text_signature__ for __get__() methods
implemented in C. Patch by Jelle Zijlstra.
- gh-92930: Fixed a crash in _pickle.c from mutating
collections during __reduce__ or persistent_id.
- gh-92914: Always round the allocated size for lists up to the
nearest even number.
- gh-92858: Improve error message for some suites with syntax
error before ‘:’
- gh-95339: Update bundled pip to 22.2.1.
- gh-95045: Fix GC crash when deallocating _lsprof.Profiler by
untracking it before calling any callbacks. Patch by Kumar
Aditya.
- gh-95087: Fix IndexError in parsing invalid date in the email
module.
- gh-95199: Upgrade bundled setuptools to 63.2.0.
- gh-95194: Upgrade bundled pip to 22.2.
- gh-93899: Fix check for existence of os.EFD_CLOEXEC,
os.EFD_NONBLOCK and os.EFD_SEMAPHORE flags on older kernel
versions where these flags are not present. Patch by Kumar
Aditya.
- gh-95166: Fix concurrent.futures.Executor.map() to cancel the
currently waiting on future on an error - e.g. TimeoutError
or KeyboardInterrupt.
- gh-93157: Fix fileinput module didn’t support errors option
when inplace is true.
- gh-94821: Fix binding of unix socket to empty address
on Linux to use an available address from the abstract
namespace, instead of “0â€.
- gh-94736: Fix crash when deallocating an instance of a
subclass of _multiprocessing.SemLock. Patch by Kumar Aditya.
- gh-94637: SSLContext.set_default_verify_paths() now releases
the GIL around SSL_CTX_set_default_verify_paths call. The
function call performs I/O and CPU intensive work.
- gh-94510: Re-entrant calls to sys.setprofile() and
sys.settrace() now raise RuntimeError. Patch by Pablo
Galindo.
- gh-92336: Fix bug where linecache.getline() fails on bad
files with UnicodeDecodeError or SyntaxError. It now returns
an empty string as per the documentation.
- gh-89988: Fix memory leak in pickle.Pickler when looking up
dispatch_table. Patch by Kumar Aditya.
- gh-94254: Fixed types of struct module to be immutable. Patch
by Kumar Aditya.
- gh-94245: Fix pickling and copying of typing.Tuple[()].
- gh-94207: Made _struct.Struct GC-tracked in order to fix a
reference leak in the _struct module.
- gh-94101: Manual instantiation of ssl.SSLSession objects is
no longer allowed as it lead to misconfigured instances that
crashed the interpreter when attributes where accessed on
them.
- gh-84753: inspect.iscoroutinefunction(),
inspect.isgeneratorfunction(), and
inspect.isasyncgenfunction() now properly return True
for duck-typed function-like objects like instances of
unittest.mock.AsyncMock.
- This makes inspect.iscoroutinefunction() consistent with the
behavior of asyncio.iscoroutinefunction(). Patch by Mehdi
ABAAKOUK.
- gh-83499: Fix double closing of file description in tempfile.
- gh-79512: Fixed names and __module__ value of weakref classes
ReferenceType, ProxyType, CallableProxyType. It makes them
pickleable.
- gh-90494: copy.copy() and copy.deepcopy() now always raise
a TypeError if __reduce__() returns a tuple with length 6
instead of silently ignore the 6th item or produce incorrect
result.
- gh-90549: Fix a multiprocessing bug where a global named
resource (such as a semaphore) could leak when a child
process is spawned (as opposed to forked).
- gh-79579: sqlite3 now correctly detects DML queries with
leading comments. Patch by Erlend E. Aasland.
- gh-93421: Update sqlite3.Cursor.rowcount when a DML
statement has run to completion. This fixes the row count
for SQL queries like UPDATE ... RETURNING. Patch by Erlend
E. Aasland.
- gh-91810: Suppress writing an XML declaration in open
files in ElementTree.write() with encoding='unicode' and
xml_declaration=None.
- gh-93353: Fix the importlib.resources.as_file() context
manager to remove the temporary file if destroyed late
during Python finalization: keep a local reference to the
os.remove() function. Patch by Victor Stinner.
- gh-83658: Make multiprocessing.Pool raise an exception if
maxtasksperchild is not None or a positive int.
- gh-74696: shutil.make_archive() no longer temporarily changes
the current working directory during creation of standard
.zip or tar archives.
- gh-91577: Move imports in SharedMemory methods to module
level so that they can be executed late in python
finalization.
- bpo-47231: Fixed an issue with inconsistent trailing slashes
in tarfile longname directories.
- bpo-46755: In QueueHandler, clear stack_info from LogRecord
to prevent stack trace from being written twice.
- bpo-46053: Fix OSS audio support on NetBSD.
- bpo-46197: Fix ensurepip environment isolation for subprocess
running pip.
- bpo-45924: Fix asyncio incorrect traceback when future’s
exception is raised multiple times. Patch by Kumar Aditya.
- bpo-34828: sqlite3.Connection.iterdump() now handles
databases that use AUTOINCREMENT in one or more tables.
- gh-94321: Document the PEP 246 style protocol type
sqlite3.PrepareProtocol.
- gh-86128: Document a limitation in ThreadPoolExecutor where
its exit handler is executed before any handlers in atexit.
- gh-61162: Clarify sqlite3 behavior when Using the connection
as a context manager.
- gh-87260: Align sqlite3 argument specs with the actual
implementation.
- gh-86986: The minimum Sphinx version required to build the
documentation is now 3.2.
- gh-88831: Augmented documentation of
asyncio.create_task(). Clarified the need to keep strong
references to tasks and added a code snippet detailing how to
to this.
- bpo-47161: Document that pathlib.PurePath does not collapse
initial double slashes because they denote UNC paths.
- gh-95280: Fix problem with test_ssl test_get_ciphers on
systems that require perfect forward secrecy (PFS) ciphers.
- gh-95212: Make multiprocessing test case
test_shared_memory_recreate parallel-safe.
- gh-91330: Added more tests for dataclasses to cover behavior
with data descriptor-based fields.
- gh-94208: test_ssl is now checking for supported TLS version
and protocols in more tests.
- gh-93951: In test_bdb.StateTestCase.test_skip, avoid
including auxiliary importers.
- gh-93957: Provide nicer error reporting from subprocesses in
test_venv.EnsurePipTest.test_with_pip.
- gh-57539: Increase calendar test coverage for
calendar.LocaleTextCalendar.formatweekday().
- gh-92886: Fixing tests that fail when running with
optimizations (-O) in test_zipimport.py
- bpo-47016: Create a GitHub Actions workflow for verifying
bundled pip and setuptools. Patch by Illia Volochii and Adam
Turner.
- gh-94841: Fix the possible performance regression of
PyObject_Free() compiled with MSVC version 1932.
- gh-95511: Fix the Shell context menu copy-with-prompts bug of
copying an extra line when one selects whole lines.
- gh-95471: In the Edit menu, move Select All and add a new
separator.
- gh-95411: Enable using IDLE’s module browser with .pyw files.
- gh-89610: Add .pyi as a recognized extension for IDLE on
macOS. This allows opening stub files by double clicking on
them in the Finder.
- gh-94538: Fix Argument Clinic output to custom file
destinations. Patch by Erlend E. Aasland.
- gh-94430: Allow parameters named module and self with custom
C names in Argument Clinic. Patch by Erlend E. Aasland
- gh-94930: Fix SystemError raised when
PyArg_ParseTupleAndKeywords() is used with # in (...) but
without PY_SSIZE_T_CLEAN defined.
- gh-94864: Fix PyArg_Parse* with deprecated format units “uâ€
and “Zâ€. It returned 1 (success) when warnings are turned
into exceptions.
- Reapply patches
- bpo-31046_ensurepip_honours_prefix.patch
- fix_configure_rst.patch
- no-skipif-doctests.patch
- skip-test_pyobject_freed_is_freed.patch
++++ python-libvirt-python:
- Update to 8.6.0
- Add all new APIs and constants in libvirt 8.6.0
++++ python-urllib3:
- update to 1.26.11
* Fix OverflowError when TLS is used on some Python versions
------------------------------------------------------------------
------------------ 2022-8-1 - Aug 1 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- update to 22.1.4:
* anv: disable non uniform indexing of UBOs
* anv: use the right helper to invalidate memory
* intel/fs: ray query fix for global address
* isl: add new helper for format component compatibility
* radeonsi: fix random PS wave size
* r300: Keep rc_rename_regs() from overflowing
* aco/ra: update register file when updating phi definition
* radv: Fix vkCmdCopyQueryResults -> vkCmdResetPool hazard
++++ Mesa-drivers:
- update to 22.1.4:
* anv: disable non uniform indexing of UBOs
* anv: use the right helper to invalidate memory
* intel/fs: ray query fix for global address
* isl: add new helper for format component compatibility
* radeonsi: fix random PS wave size
* r300: Keep rc_rename_regs() from overflowing
* aco/ra: update register file when updating phi definition
* radv: Fix vkCmdCopyQueryResults -> vkCmdResetPool hazard
++++ apparmor:
- update to AppArmor 3.0.6
- fix LTO build in the parser
- remove dbus deny rule in abstractions/exo-open
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.6
for the detailed upstream changelog
- drop upstream patch dirtest-sort-mr900.diff
++++ coreutils:
- refresh coreutils-i18n.patch to prevent unexpand from failing on control
characters (brc#2112870) (bsc#1202029)
- extend psuffix handling to be quilt(1) compatible
++++ libapparmor:
- update to AppArmor 3.0.6
- fix LTO build in the parser
- remove dbus deny rule in abstractions/exo-open
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.6
for the detailed upstream changelog
- drop upstream patch dirtest-sort-mr900.diff
++++ libgcrypt:
- Fix reproducible build problems:
- Do not use %release in binaries (but use SOURCE_DATE_EPOCH)
- Fix date call messed up by spec-cleaner
++++ ncurses:
- Add ncurses patch 20220729
+ fixes to build with dietlibc:
+ add configure check for fpathconf (report by Georg Lehner).
+ add configure check for math sine/cosine, needed in test/tclock,
and eliminate pow() from test/hanoi (report by Georg Lehner).
+ use wcsnlen as an alternative to wmemchr if it is not found
(adapted from patch by Georg Lehner).
+ trim out some unwanted linker options from ncurses*config and .pc
files seen in Fedora 36+.
- Port patch ncurses-6.3.dif
++++ tiff:
- security update:
* CVE-2022-34526 [bsc#1202026]
+ tiff-CVE-2022-34526.patch
++++ unbound:
- update to 1.16.2 (boo#1202031 boo#1202033)
* Features
- Merge #718: Introduce infra-cache-max-rtt option to config max
retransmit timeout.
* Bug Fixes
- Fix the novel ghost domain issues CVE-2022-30698 and CVE-2022-30699.
- Fix bug introduced in 'improve val_sigcrypt.c::algo_needs_missing for
one loop pass'.
- Merge PR #668 from Cristian RodrÃguez: Set IP_BIND_ADDRESS_NO_PORT on
outbound tcp sockets.
- Fix verbose EDE error printout.
- Fix dname count in sldns parse type descriptor for SVCB and HTTPS.
- For windows crosscompile, fix setting the IPV6_MTU socket option
equivalent (IPV6_USER_MTU); allows cross compiling with latest
cross-compiler versions.
- Merge PR 714: Avoid treat normal hosts as unresponsive servers.
And fixup the lock code.
- iana portlist update.
- Update documentation for 'outbound-msg-retry:'.
- Tests for ghost domain fixes.
++++ osinfo-db:
- update to 20220727
- drop: add-opensuse-leap-15.4-support.patch
add-sle15sp4-support.patch
add-slem5.1-support.patch
add-slem5.2-support.patch
opensuse-autoyast-desktop.patch: all upstream
++++ python310-packaging:
- BuildIgnore python3-packaging for primary bootstrap.
++++ read-only-root-fs:
- Update to version 1.0+git20220801.cbb90bc:
* Add another workaround for read-only subvolumes (boo#1202000)
* Correctly declare mount-overlay.sh as Bash file
- Update source service URL
++++ rsync:
- Security fix: [bsc#1201840, CVE-2022-29154]
* arbitrary file write vulnerability via do_server_recv function
* Added patch rsync-CVE-2022-29154.patch
------------------------------------------------------------------
------------------ 2022-7-31 - Jul 31 2022 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Update to 5.19 final
- refresh configs
- commit e9f89c9
++++ pcre2:
- Fix the profiling call to be non-parallel again (fighting spec cleaner)
++++ python310-core:
- Extend distutils-reproducible-compile.patch with a workaround
for non reproducible pyc files issue 93317
++++ python310:
- Extend distutils-reproducible-compile.patch with a workaround
for non reproducible pyc files issue 93317
------------------------------------------------------------------
------------------ 2022-7-30 - Jul 30 2022 -------------------
------------------------------------------------------------------
++++ permissions:
- Avoid different Versions for subpackages to fix build-compare
seeing the src rpm as equal. It replaces VERSION-RELEASE but
that will fail if subpackages use a different Version
++++ kernel-default:
- Linux 5.18.15 (bsc#1012628).
- watch-queue: remove spurious double semicolon (bsc#1012628).
- ASoC: SOF: Intel: disable IMR boot when resuming from ACPI S4
and S5 states (bsc#1012628).
- ASoC: SOF: pm: add definitions for S4 and S5 states
(bsc#1012628).
- ASoC: SOF: pm: add explicit behavior for ACPI S1 and S2
(bsc#1012628).
- watchqueue: make sure to serialize 'wqueue->defunct' properly
(bsc#1012628).
- x86/alternative: Report missing return thunk details
(bsc#1012628).
- x86/amd: Use IBPB for firmware calls (bsc#1012628).
- exfat: use updated exfat_chain directly during renaming
(bsc#1012628).
- exfat: fix referencing wrong parent directory information
after renaming (bsc#1012628).
- crypto: qat - re-enable registration of algorithms
(bsc#1012628).
- crypto: qat - add param check for DH (bsc#1012628).
- crypto: qat - add param check for RSA (bsc#1012628).
- crypto: qat - remove dma_free_coherent() for DH (bsc#1012628).
- crypto: qat - remove dma_free_coherent() for RSA (bsc#1012628).
- crypto: qat - fix memory leak in RSA (bsc#1012628).
- crypto: qat - add backlog mechanism (bsc#1012628).
- crypto: qat - refactor submission logic (bsc#1012628).
- crypto: qat - use pre-allocated buffers in datapath
(bsc#1012628).
- crypto: qat - set to zero DH parameters before free
(bsc#1012628).
- dlm: fix pending remove if msg allocation fails (bsc#1012628).
- clk: lan966x: Fix the lan966x clock gate register address
(bsc#1012628).
- x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced
IBRS parts (bsc#1012628).
- perf/x86/intel/lbr: Fix unchecked MSR access error on HSW
(bsc#1012628).
- sched/deadline: Fix BUG_ON condition for deboosted tasks
(bsc#1012628).
- bpf: Make sure mac_header was set before using it (bsc#1012628).
- mm/mempolicy: fix uninit-value in mpol_rebind_policy()
(bsc#1012628).
- KVM: Don't null dereference ops->destroy (bsc#1012628).
- spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref
for non DMA transfers (bsc#1012628).
- KVM: selftests: Fix target thread to be migrated in rseq_test
(bsc#1012628).
- gpio: gpio-xilinx: Fix integer overflow (bsc#1012628).
- selftests: gpio: fix include path to kernel headers for out
of tree builds (bsc#1012628).
- net/sched: cls_api: Fix flow action initialization
(bsc#1012628).
- tcp: Fix data-races around sysctl_tcp_max_reordering
(bsc#1012628).
- tcp: Fix a data-race around sysctl_tcp_abort_on_overflow
(bsc#1012628).
- tcp: Fix a data-race around sysctl_tcp_rfc1337 (bsc#1012628).
- tcp: Fix a data-race around sysctl_tcp_stdurg (bsc#1012628).
- tcp: Fix a data-race around sysctl_tcp_retrans_collapse
(bsc#1012628).
- tcp: Fix data-races around sysctl_tcp_slow_start_after_idle
(bsc#1012628).
- tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts
(bsc#1012628).
- tcp: Fix data-races around sysctl_tcp_recovery (bsc#1012628).
- tcp: Fix a data-race around sysctl_tcp_early_retrans
(bsc#1012628).
- tcp: Fix data-races around sysctl knobs related to SYN option
(bsc#1012628).
- udp: Fix a data-race around sysctl_udp_l3mdev_accept
(bsc#1012628).
- ip: Fix data-races around sysctl_ip_prot_sock (bsc#1012628).
- ipv4: Fix data-races around sysctl_fib_multipath_hash_fields
(bsc#1012628).
- ipv4: Fix data-races around sysctl_fib_multipath_hash_policy
(bsc#1012628).
- ipv4: Fix a data-race around sysctl_fib_multipath_use_neigh
(bsc#1012628).
- can: rcar_canfd: Add missing of_node_put() in rcar_canfd_probe()
(bsc#1012628).
- drm/imx/dcss: Add missing of_node_put() in fail path
(bsc#1012628).
- drm/panel-edp: Fix variable typo when saving hpd absent delay
from DT (bsc#1012628).
- amt: do not use amt->nr_tunnels outside of lock (bsc#1012628).
- amt: drop unexpected multicast data (bsc#1012628).
- amt: drop unexpected query message (bsc#1012628).
- amt: drop unexpected advertisement message (bsc#1012628).
- amt: add missing regeneration nonce logic in request logic
(bsc#1012628).
- amt: use READ_ONCE() in amt module (bsc#1012628).
- amt: remove unnecessary locks (bsc#1012628).
- amt: use workqueue for gateway side message handling
(bsc#1012628).
- net: dsa: vitesse-vsc73xx: silent spi_device_id warnings
(bsc#1012628).
- net: dsa: sja1105: silent spi_device_id warnings (bsc#1012628).
- be2net: Fix buffer overflow in be_get_module_eeprom
(bsc#1012628).
- gpio: pca953x: use the correct register address when regcache
sync during init (bsc#1012628).
- gpio: pca953x: use the correct range when do regmap sync
(bsc#1012628).
- gpio: pca953x: only use single read/write for No AI mode
(bsc#1012628).
- net: stmmac: remove redunctant disable xPCS EEE call
(bsc#1012628).
- net: dsa: fix NULL pointer dereference in
dsa_port_reset_vlan_filtering (bsc#1012628).
- net: dsa: move reset of VLAN filtering to
dsa_port_switchdev_unsync_attrs (bsc#1012628).
- net: dsa: fix dsa_port_vlan_filtering when global (bsc#1012628).
- ixgbe: Add locking to prevent panic when setting sriov_numvfs
to zero (bsc#1012628).
- i40e: Fix erroneous adapter reinitialization during recovery
process (bsc#1012628).
- net: lan966x: Fix usage of lan966x->mac_lock when used by FDB
(bsc#1012628).
- net: lan966x: Fix usage of lan966x->mac_lock inside
lan966x_mac_irq_handler (bsc#1012628).
- net: lan966x: Fix usage of lan966x->mac_lock when entry is
removed (bsc#1012628).
- net: lan966x: Fix usage of lan966x->mac_lock when entry is added
(bsc#1012628).
- net: lan966x: Fix taking rtnl_lock while holding spin_lock
(bsc#1012628).
- pinctrl: armada-37xx: make irq_lock a raw spinlock to avoid
invalid wait context (bsc#1012628).
- pinctrl: armada-37xx: Reuse GPIO fwnode in
armada_37xx_irqchip_register() (bsc#1012628).
- ACPI: CPPC: Don't require flexible address space if
X86_FEATURE_CPPC is supported (bsc#1012628).
- iavf: Fix missing state logs (bsc#1012628).
- iavf: Fix handling of dummy receive descriptors (bsc#1012628).
- iavf: Disallow changing rx/tx-frames and rx/tx-frames-irq
(bsc#1012628).
- iavf: Fix VLAN_V2 addition/rejection (bsc#1012628).
- tcp: Fix data-races around sysctl_tcp_fastopen_blackhole_timeout
(bsc#1012628).
- tcp: Fix data-races around sysctl_tcp_fastopen (bsc#1012628).
- tcp: Fix data-races around sysctl_max_syn_backlog (bsc#1012628).
- tcp: Fix a data-race around sysctl_tcp_tw_reuse (bsc#1012628).
- tcp: Fix a data-race around sysctl_tcp_notsent_lowat
(bsc#1012628).
- tcp: Fix data-races around some timeout sysctl knobs
(bsc#1012628).
- tcp: Fix data-races around sysctl_tcp_reordering (bsc#1012628).
- tcp: Fix data-races around sysctl_tcp_migrate_req (bsc#1012628).
- tcp: Fix data-races around sysctl_tcp_syncookies (bsc#1012628).
- tcp: Fix data-races around sysctl_tcp_syn(ack)?_retries
(bsc#1012628).
- tcp: Fix data-races around keepalive sysctl knobs (bsc#1012628).
- igmp: Fix data-races around sysctl_igmp_qrv (bsc#1012628).
- igmp: Fix data-races around sysctl_igmp_max_msf (bsc#1012628).
- igmp: Fix a data-race around sysctl_igmp_max_memberships
(bsc#1012628).
- igmp: Fix data-races around sysctl_igmp_llm_reports
(bsc#1012628).
- net: prestera: acl: use proper mask for port selector
(bsc#1012628).
- net/tls: Fix race in TLS device down flow (bsc#1012628).
- net: stmmac: fix dma queue left shift overflow issue
(bsc#1012628).
- pinctrl: ocelot: Fix pincfg (bsc#1012628).
- pinctrl: ocelot: Fix pincfg for lan966x (bsc#1012628).
- perf tests: Fix Convert perf time to TSC test for hybrid
(bsc#1012628).
- perf tests: Stop Convert perf time to TSC test opening events
twice (bsc#1012628).
- i2c: cadence: Change large transfer count reset logic to be
unconditional (bsc#1012628).
- i2c: mlxcpld: Fix register setting for 400KHz frequency
(bsc#1012628).
- tcp/udp: Make early_demux back namespacified (bsc#1012628).
- net: dsa: microchip: ksz_common: Fix refcount leak bug
(bsc#1012628).
- net: stmmac: fix unbalanced ptp clock issue in suspend/resume
flow (bsc#1012628).
- net: stmmac: fix pm runtime issue in stmmac_dvr_remove()
(bsc#1012628).
- stmmac: dwmac-mediatek: fix clock issue (bsc#1012628).
- tcp: Fix a data-race around sysctl_tcp_probe_interval
(bsc#1012628).
- tcp: Fix a data-race around sysctl_tcp_probe_threshold
(bsc#1012628).
- tcp: Fix a data-race around sysctl_tcp_mtu_probe_floor
(bsc#1012628).
- tcp: Fix data-races around sysctl_tcp_min_snd_mss (bsc#1012628).
- tcp: Fix data-races around sysctl_tcp_base_mss (bsc#1012628).
- tcp: Fix data-races around sysctl_tcp_mtu_probing (bsc#1012628).
- tcp: Fix data-races around sysctl_tcp_l3mdev_accept
(bsc#1012628).
- tcp: sk->sk_bound_dev_if once in inet_request_bound_dev_if()
(bsc#1012628).
- tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept
(bsc#1012628).
- ip: Fix a data-race around sysctl_fwmark_reflect (bsc#1012628).
- ip: Fix a data-race around sysctl_ip_autobind_reuse
(bsc#1012628).
- ip: Fix data-races around sysctl_ip_nonlocal_bind (bsc#1012628).
- ip: Fix data-races around sysctl_ip_fwd_update_priority
(bsc#1012628).
- ip: Fix data-races around sysctl_ip_fwd_use_pmtu (bsc#1012628).
- ip: Fix data-races around sysctl_ip_no_pmtu_disc (bsc#1012628).
- igc: Reinstate IGC_REMOVED logic and implement it properly
(bsc#1012628).
- Revert "e1000e: Fix possible HW unit hang after an s0ix exit"
(bsc#1012628).
- e1000e: Enable GPT clock before sending message to CSME
(bsc#1012628).
- perf/core: Fix data race between perf_event_set_output()
and perf_mmap_close() (bsc#1012628).
- pinctrl: sunplus: Add check for kcalloc (bsc#1012628).
- pinctrl: ralink: Check for null return of devm_kcalloc
(bsc#1012628).
- pinctrl: ralink: rename pinctrl-rt2880 to pinctrl-ralink
(bsc#1012628).
- pinctrl: ralink: rename MT7628(an) functions to MT76X8
(bsc#1012628).
- RDMA/irdma: Fix sleep from invalid context BUG (bsc#1012628).
- RDMA/irdma: Do not advertise 1GB page size for x722
(bsc#1012628).
- power/reset: arm-versatile: Fix refcount leak in
versatile_reboot_probe (bsc#1012628).
- power: supply: ab8500_fg: add missing destroy_workqueue in
ab8500_fg_probe (bsc#1012628).
- xfrm: xfrm_policy: fix a possible double xfrm_pols_put()
in xfrm_bundle_lookup() (bsc#1012628).
- ip: Fix data-races around sysctl_ip_default_ttl (bsc#1012628).
- r8152: fix a WOL issue (bsc#1012628).
- PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1012628).
- PCI: hv: Reuse existing IRTE allocation in compose_msi_msg()
(bsc#1012628).
- PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1012628).
- PCI: hv: Fix multi-MSI to allow more than one MSI vector
(bsc#1012628).
- bus: mhi: host: pci_generic: add Telit FN990 (bsc#1012628).
- bus: mhi: host: pci_generic: add Telit FN980 v1 hardware
revision (bsc#1012628).
- net: usb: ax88179_178a needs FLAG_SEND_ZLP (bsc#1012628).
- drm/scheduler: Don't kill jobs in interrupt context
(bsc#1012628).
- drm/amd/display: Fix new dmub notification enabling in DM
(bsc#1012628).
- drm/ttm: fix locking in vmap/vunmap TTM GEM helpers
(bsc#1012628).
- mtd: rawnand: gpmi: Set WAIT_FOR_READY timeout based on
program/erase times (bsc#1012628).
- mmc: sdhci-omap: Fix a lockdep warning for PM runtime init
(bsc#1012628).
- lockdown: Fix kexec lockdown bypass with ima policy
(bsc#1012628).
- mlxsw: spectrum_router: Fix IPv4 nexthop gateway indication
(bsc#1012628).
- riscv: add as-options for modules with assembly compontents
(bsc#1012628).
- pinctrl: stm32: fix optional IRQ support to gpios (bsc#1012628).
- pinctrl: armada-37xx: use raw spinlocks for regmap to avoid
invalid wait context (bsc#1012628).
- commit 0b7935a
------------------------------------------------------------------
------------------ 2022-7-29 - Jul 29 2022 -------------------
------------------------------------------------------------------
++++ gnutls:
- Update to 3.7.7: [bsc#1202020, CVE-2022-2509]
* libgnutls: Fixed double free during verification of pkcs7
signatures. CVE-2022-2509
* libgnutls: gnutls_hkdf_expand now only accepts LENGTH argument
less than or equal to 255 times hash digest size, to comply with
RFC 5869 2.3.
* libgnutls: Length limit for TLS PSK usernames has been increased
from 128 to 65535 characters
* libgnutls: AES-GCM encryption function now limits plaintext
length to 2^39-256 bits, according to SP800-38D 5.2.1.1.
* libgnutls: New block cipher functions have been added to
transparently handle padding. gnutls_cipher_encrypt3 and
gnutls_cipher_decrypt3 can be used in combination of
GNUTLS_CIPHER_PADDING_PKCS7 flag to automatically add/remove
padding if the length of the original plaintext is not a multiple
of the block size.
* libgnutls: New function for manual FIPS self-testing.
* API and ABI modifications:
- gnutls_fips140_run_self_tests: New function
- gnutls_cipher_encrypt3: New function
- gnutls_cipher_decrypt3: New function
- gnutls_cipher_padding_flags_t: New enum
* guile: Guile 1.8 is no longer supported
* guile: Session record port treats premature termination as EOF Previously,
a 'gnutls-error' exception with the 'error/premature-termination' value
would be thrown while reading from a session record port when the
underlying session was terminated prematurely. This was inconvenient
since users of the port may not be prepared to handle such an exception.
Reading from the session record port now returns the end-of-file object
instead of throwing an exception, just like it would for a proper
session termination.
* guile: Session record ports can have a 'close' procedure. The
'session-record-port' procedure now takes an optional second parameter,
and a new 'set-session-record-port-close!' procedure is provided to
specify a 'close' procedure for a session record port. This 'close'
procedure lets users specify cleanup operations for when the port is
closed, such as closing the file descriptor or port that backs the
underlying session.
* Rebase patches:
- gnutls-3.6.6-set_guile_site_dir.patch
- gnutls-FIPS-TLS_KDF_selftest.patch
- gnutls-FIPS-disable-failing-tests.patch
* Remove patch merged upstream:
- gnutls-FIPS-PBKDF2-KAT-requirements.patch
- https://gitlab.com/gnutls/gnutls/merge_requests/1561
++++ texinfo:
- Do lua scripting only once for execute() function
++++ shim:
- Change the URL in SBAT section to mail:security@suse.de. (bsc#1193282)
------------------------------------------------------------------
------------------ 2022-7-28 - Jul 28 2022 -------------------
------------------------------------------------------------------
++++ NetworkManager:
- Create /etc/NetworkManager/conf.d by default, allowing easy
override for NetworkManager.conf file with drop-in.
- Move default config file to
/usr/lib/NetworkManager/NetworkManager.conf, as part of main
package.
- Branding upstream package is now just a config drop-in to
disable conncheck.
- Ensure /usr/lib/NetworkManager/conf.d is part of the package.
++++ NetworkManager-branding-openSUSE:
- Move conncheck config file out of /etc. No longer
import main config file.
++++ cockpit:
- Update suse-microos-branding.patch for new /etc/os-release ID.
- Add storage-btrfs.patch to enable BTRFS use in cockpit-storage.
++++ docker:
- Allow to install container-selinux instead of apparmor-parser.
++++ k3s-install:
- Update to version 1.24.3+k3s1:
* Update to v1.24.3 (#5870)
* Address issues with etcd snapshots
* Fix deletion of svclb DaemonSet when Service is deleted
* Remove legacy bidirectional datastore sync code
* Fix fatal error when reconciling bootstrap data
* Promote v1.23.8+k3s2 to stable
* Replace dapper testing with regular docker (#5805)
* Fix issue with containerd stats missing from cadvisor metrics
* Bump runc version to v1.1.3
* Bump remotedialer
* Bump kine to v0.9.3
* Don't crash when service IPFamiliyPolicy is not set
* Fix egress selector proxy/bind-address support
* Add tests for down-level etcd join
* Handle egress-selector-mode change during upgrade
* Remove go-powershell dead dependency (#5777)
* add 1.24 release channel (#5742)
* Mark v1.23.8+k3s1 to stable
* Update to v1.24.2
* Bump helm-controller
* containerd: Enable enable_unprivileged_ports and enable_unprivileged_icmp by default
* Enable compact tests for k3s s390x
* Only listen on loopback when resetting
* Ensure that CONTAINERD_ variables are not shadowed by later entries
* Sanitize filenames for use in configmap keys
* Disable urfave markdown/man docs generation
* Delay service readiness until after startuphooks have finished (#5649)
* add arm tests and upgrade tests (#5526)
* Add alternate scripts location (#5692)
* Introduce servicelb-namespace parameter
* Move all klipper-lb daemonset to common namespace for PodSecurity
* E2E: Dualstack test (#5617)
* add support for pprof server (#5527)
* Update security email contact (#5607)
* E2E Improvements and groundwork for test-pad tool (#5593)
* Integration Test: Startup (#5630)
* Add FlannelConfCNI flag
* Add ability to pass configuration options to flannel backend
* Bump flannel to v0.18.1
* Remove kube-ipvs0 interface when cleaning up
++++ libnettle:
- update to 3.8.1:
* Avoid non-posix m4 argument references in the chacha
implementation for arm64, powerpc64 and s390x. Reported by
Christian Weisgerber, fix contributed by Mamone Tarsha.
* Use explicit .machine pseudo-ops where needed in s390x
assembly files. Bug report by Andreas K. Huettel, fix
contributed by Mamone Tarsha.
++++ protobuf:
- update to 21.4:
* Reduce the required alignment of ArenaString from 8 to 4
------------------------------------------------------------------
------------------ 2022-7-27 - Jul 27 2022 -------------------
------------------------------------------------------------------
++++ bash:
- Update to bash 5.2 rc2
gg. Since there is no `declare -' equivalent of `local -', make sure to use
`local -' in the output of `local -p'.
++++ texinfo:
- Check for filetrigger lua scriplets if rpm.execute() as function
call is given and used this
++++ util-linux:
- exclude bash-completion stuff for programs that are in
util-linux-systemd from util-linux for real.
++++ readline:
- Update to readline-8.2-rc2
++++ selinux-policy:
- fix_networkmanager.patch: Allow NetworkManager_dispatcher_tlp_t
and NetworkManager_dispatcher_custom_t to access nscd socket
(bsc#1201741)
++++ util-linux-systemd:
- exclude bash-completion stuff for programs that are in
util-linux-systemd from util-linux for real.
------------------------------------------------------------------
------------------ 2022-7-26 - Jul 26 2022 -------------------
------------------------------------------------------------------
++++ bash-completion:
- Add patch fix-curl-help-completion-bsc1200791.patch (bsc#1200791)
* List all options for `curl --<TAB>`
++++ fde-tools:
- Initial build as package pcr-oracle
++++ kernel-default:
- armv7hl: Update config files. (bsc#1201857)
Unify IWLWIFI debug options with other archs.
- armv7hl: Update config files. (bsc#1201857)
Enable PCI wifi chips
- commit 0cc672e
++++ augeas:
- Unset MALLOC_PERTURB_ to speed up %check significantly
(boo#1201884, gh#hercules-team#768)
++++ mozilla-nss:
- update to NSS 3.80
* bmo#1774720 - Fix SEC_ERROR_ALGORITHM_MISMATCH entry in SECerrs.h.
* bmo#1617956 - Add support for asynchronous client auth hooks.
* bmo#1497537 - nss-policy-check: make unknown keyword check optional.
* bmo#1765383 - GatherBuffer: Reduced plaintext buffer allocations
by allocating it on initialization. Replaced
redundant code with assert. Debug builds: Added
buffer freeing/allocation for each record.
* bmo#1773022 - Mark 3.79 as an ESR release.
* bmo#1764206 - Bump nssckbi version number for June.
* bmo#1759815 - Remove Hellenic Academic 2011 Root.
* bmo#1770267 - Add E-Tugra Roots.
* bmo#1768970 - Add Certainly Roots.
* bmo#1764392 - Add DigitCert Roots.
* bmo#1759794 - Protect SFTKSlot needLogin with slotLock.
* bmo#1366464 - Compare signature and signatureAlgorithm fields in
legacy certificate verifier.
* bmo#1771497 - Uninitialized value in cert_VerifyCertChainOld.
* bmo#1771495 - Unchecked return code in sec_DecodeSigAlg.
* bmo#1771498 - Uninitialized value in cert_ComputeCertType.
* bmo#1760998 - Avoid data race on primary password change.
* bmo#1769063 - Replace ppc64 dcbzl intrinisic.
* bmo#1771036 - Allow LDFLAGS override in makefile builds.
++++ gcc12:
- Add Provides of libstdc++6-pp-gccN to libstdc++6-pp. [bsc#1201848]
++++ ceph:
- Update to 16.2.9-538-g9de83fa4064:
+ (bsc#1201604) cephfs-shell: move source to separate subdirectory
++++ selinux-policy:
- Add fix_cloudform.patch to fix cloud-init runcmd issue with snapper
(bnc#1201015)
++++ vim:
- Updated to version 9.0.0073, fixes the following problems
- CVE-2022-2522 - boo#1201863
- CVE-2022-2345 - boo#1201363
- CVE-2022-2343 - boo#1201356
- CVE-2022-2344 - boo#1201359
* In the quickfix window 'cursorline' overrules QuickFixLine highlighting.
* On a Belgian keyboard CTRL-[ does not work.
* Spell tests do not always clear the word list.
* Spell dump may go beyond end of an array.
* 'fillchars' cannot have window-local values.
* 'listchars' test fails.
* Not all systems have GDK_KEY_dead_circumflex. (Hisashi T Fujinaka)
* Use of set_chars_option() is confusing.
* A couple of filetype patterns do not have "*" before "/etc".
* Missing change for filetype detection.
* Insufficient testing for bracket commands.
* Typos in comments, wrapping lines.
* Reading past end of completion with a long line and 'infercase' set.
* Reading past end of completion with duplicate match.
* Using freed memory with recursive substitute.
* Cursor in wrong column with mouse click after concealed text.
* Csv and tsv files are not recognized.
* Split else-if is confusing.
* Using CTRL-C wih :append may hang Vim.
* "zG" may throw an error if invalid character follows.
* E1281 not tested with the old regexp engine.
* Compiler warning for size_t to int conversion.
* Bitbake files are not detected.
* Wrong line number reported when :cexpr fails in :def function.
* has('patch-xxx') returns true.
* Test file has wrong name.
* Accessing uninitialized memory when completing long line.
* ml_get error with nested autocommand.
* Compiler warnings for signed/unsigned char.
* Too many type casts for dict_get functions.
* Confusing error when using "q:" in command line window.
* Cross-compiling doesn't work because of timer_create check.
* Switching window uneccarily when getting buffer options.
* Cannot show virtual text.
* Build fails with tiny features.
* Leaking memory when using text prop with inserted text.
* Using utfc_ptr2char_len() when length is negative.
* Command overlaps with printed text in scrollback.
* Compiler warning for uninitialized variable.
* Too many files recognized as bsdl.
------------------------------------------------------------------
------------------ 2022-7-25 - Jul 25 2022 -------------------
------------------------------------------------------------------
++++ apparmor:
- update to AppArmor 3.0.5
- several additions to profiles and abstractions
- bugfixes in parser and utils
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.5
for the detailed upstream changelog
- remove upstream(ed) patchs:
- apparmor-setuptools61-mr897.patch
- dovecot-profiles-boo1199535-mr881.diff
- php8-fpm-mr876.patch
- python310-help-mr848.patch
- samba-new-dcerpcd.patch
- samba_deny_net_admin.patch
- update-samba-bgqd.diff
- update-usr-sbin-smbd.diff
- apparmor-samba-include-permissions-for-shares.diff: remove
upstreamed part
- add dirtest-sort-mr900.diff to fix random test failures
- change apache-extra-profile-include-if-exists.diff to the post-mv
path (new quilt executes mv)
- stop disabling lto (fixed upstream) (boo#1133091)
- package profile-load script in -parser
++++ kernel-default:
- config: riscv64: Enable DRM stack for early-boot graphics (boo#1201833)
Replace fbdev's generic drivers with DRM-based simpledrm. Enables the
DRM graphics stack for early-boot graphics, recovery and unsupported
chipsets.
- commit b8947d7
- config: armv7hl: Enable DRM stack for early-boot graphics (boo#1193475)
Replace fbdev's generic drivers with DRM-based simpledrm. Enables the
DRM graphics stack for early-boot graphics, recovery and unsupported
chipsets.
- commit 374bc62
- config: armv6hl: Enable DRM stack for early-boot graphics (boo#1193475)
Replace fbdev's generic drivers with DRM-based simpledrm. Enables the
DRM graphics stack for early-boot graphics, recovery and unsupported
chipsets.
- commit 07f549a
- config: arm64: Enable DRM stack for early-boot graphics (boo#1193475)
Replace fbdev's generic drivers with DRM-based simpledrm. Enables the
DRM graphics stack for early-boot graphics, recovery and unsupported
chipsets.
- commit 146fbca
- Update to 5.19-rc8
- update configs
- PINCTRL_AMD=y (arm64 only, no longer allowed to be a module)
- commit 96ba878
++++ libapparmor:
- update to AppArmor 3.0.5
- several additions to profiles and abstractions
- bugfixes in parser and utils
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.5
for the detailed upstream changelog
- remove upstream(ed) patchs:
- apparmor-setuptools61-mr897.patch
- dovecot-profiles-boo1199535-mr881.diff
- php8-fpm-mr876.patch
- python310-help-mr848.patch
- samba-new-dcerpcd.patch
- samba_deny_net_admin.patch
- update-samba-bgqd.diff
- update-usr-sbin-smbd.diff
- apparmor-samba-include-permissions-for-shares.diff: remove
upstreamed part
- add dirtest-sort-mr900.diff to fix random test failures
- change apache-extra-profile-include-if-exists.diff to the post-mv
path (new quilt executes mv)
- stop disabling lto (fixed upstream) (boo#1133091)
- package profile-load script in -parser
++++ protobuf:
- update to 21.3:
* C++
* Add header search paths to Protobuf-C++.podspec (#10024)
* Fixed Visual Studio constinit errors (#10232)
* Fix #9947: make the ABI compatible between debug and non-debug builds (#10271)
* UPB
* Allow empty package names (fixes behavior regression in 4.21.0)
* Fix a SEGV bug when comparing a non-materialized sub-message (#10208)
* Fix several bugs in descriptor mapping containers (eg. descriptor.services_by_name)
* for x in mapping now yields keys rather than values, to match Python
conventions and the behavior of the old library.
* Lookup operations now correctly reject unhashable types as map keys.
* We implement repr() to use the same format as dict.
* Fix maps to use the ScalarMapContainer class when appropriate
* Fix bug when parsing an unknown value in a proto2 enum extension (protocolbuffers/upb#717)
* PHP
* Add "readonly" as a keyword for PHP and add previous classnames to descriptor pool (#10041)
* Python
* Make //:protobuf_python and //:well_known_types_py_pb2 public (#10118)
* Bazel
* Add back a filegroup for :well_known_protos (#10061)
++++ perl:
- fix build on ppc
* updated patch: perl_skip_flaky_tests_powerpc.patch
++++ policycoreutils:
- Add recommends for ausearch binary (bsc#1201043)
++++ shim:
- Revoked the change in shim.spec for "use common SBAT values (boo#1193282)"
- we need to build openSUSE Tumbleweed's shim on Leap 15.4 because Factory
is unstable for building out a stable shim binary for signing. (bsc#1198458)
- But the rpm-config-suse package in Leap 15.4 is direct copied from SLE 15.4
because closing-the-leap-gap. So sbat_distro_* variables are SLE version,
not for openSUSE. (bsc#1198458)
------------------------------------------------------------------
------------------ 2022-7-24 - Jul 24 2022 -------------------
------------------------------------------------------------------
++++ curl:
- add tests-for-32bit.patch to fix testsuite on 32bit platforms
++++ kernel-default:
- config: update and enable armv6hl
Config option values were taken from global 5.19 updates while armv6hl
configs were disabled, arm64 updates in commit 14beb34d0af9 ("config:
update and enable arm64") and armv7hl config updates in commit 36833cf30926
("config: update and enable armv7hl").
- commit de516ba
- config: update and enable armv7hl
The list below omits config options update globally while armv7hl configs
were disabled and config options updated on arm64 for 5.19 in commit
14beb34d0af9 ("config: update and enable arm64").
- new config options
- ARCH_BCMBCA=y
- ARCH_HPE=y
- ARCH_HPE_GXP=y
- CPU_LITTLE_ENDIAN=y
- ARM_ERRATA_764319=y
- GVE=m
- PINCTRL_IMXRT1170=y
- GXP_WATCHDOG=m
- MEDIA_CEC_RC=y
- COMMON_CLK_EN7523=y
- new config options in armv7hl/lpae
- EDAC_SYNOPSYS=m
- XILINX_INTC=y
- commit 36833cf
- config: update and enable arm64
The list below omits config options updated globally while arm64 configs
were disabled.
- new config options
- ARM64_SME=y
- CRYPTO_SM4_ARM64_CE_BLK=m
- CRYPTO_SM4_ARM64_NEON_BLK=m
- CAN_CTUCANFD_PLATFORM=m
- QCOM_SSC_BLOCK_BUS=y
- MTK_ADSP_IPC=m
- MTD_NAND_ECC_MEDIATEK=m
- NVME_APPLE=m
- VMWARE_VMCI=m
- SPI_MTK_SNFI=m
- PINCTRL_IMXRT1170=m
- PINCTRL_MT6795=y
- PINCTRL_SC7280_LPASS_LPI=m
- PINCTRL_SM8250_LPASS_LPI=m
- ROCKCHIP_VOP=y
- ROCKCHIP_VOP2=y
- DRM_MSM_MDP4=y
- DRM_MSM_MDP5=y
- DRM_MSM_DPU=y
- DRM_MSM_HDMI=y
- DRM_PANEL_NEWVISION_NV3052C=m
- DRM_FSL_LDB=m
- DRM_LONTIUM_LT9211=m
- DRM_DW_HDMI_GP_AUDIO=m
- DRM_SSD130X_SPI=m
- SND_SERIAL_GENERIC=m
- SND_SOC_MT8195_MT6359=m
- SND_SOC_SOF_MT8186=m
- SND_SOC_TEGRA186_ASRC=m
- LEDS_QCOM_LPG=m
- TEGRA186_GPC_DMA=m
- COMMON_CLK_MT8186=y
- SC_GCC_8280XP=m
- SC_LPASS_CORECC_7280=m
- APPLE_RTKIT=m
- APPLE_SART=m
- PWM_XILINX=m
- NVMEM_APPLE_EFUSES=m
- INTERCONNECT_QCOM_SC8280XP=m
- INTERCONNECT_QCOM_SDX65=m
- HTE_TEGRA194=m
- HTE_TEGRA194_TEST=n
- TRUSTED_KEYS_CAAM=y
- CRYPTO_DEV_FSL_CAAM_PRNG_API=y
- FIPS_SIGNATURE_SELFTEST=n
- PAGE_TABLE_CHECK=y
- PAGE_TABLE_CHECK_ENFORCED=n
- VMWARE_VMCI_VSOCKETS=m
- commit 14beb34
++++ harfbuzz:
- harfbuzz 5.0.1, including changes from 5.0.0:
+ Improve for fonts with more than 65535 glyphs
+ Support version 2 of “avar†table
+ Improve support for some Arabic, Hebrew fonts
+ Support for specific script tags to be retained in the
subsetter, and add “--layout-scripts†option to “hb-subsetâ€
tool
+ Improved handling of command line options
+ Improve support for multiple tables and font features,
and font feature specific bug fixes
++++ python-urllib3:
- update to 1.26.10:
* Removed support for Python 3.5
* Fixed an issue where a ``ProxyError`` recommending configuring the proxy as HTTP
instead of HTTPS could appear even when an HTTPS proxy wasn't configured.
- refresh remove_mock.patch with extra mock usages
------------------------------------------------------------------
------------------ 2022-7-23 - Jul 23 2022 -------------------
------------------------------------------------------------------
++++ kernel-default:
- riscv: enable CONFIG_STRICT_DEVMEM
- new config options
- CONFIG_EXCLUSIVE_SYSTEM_RAM=y
- CONFIG_IO_STRICT_DEVMEM=y
- commit 2477a0c
- riscv: enable CONFIG_FTRACE
- new config options
- CONFIG_BPF_LSM=y
- CONFIG_TASKS_RUDE_RCU=y
- CONFIG_TRACEPOINTS=y
- CONFIG_KPROBES_ON_FTRACE=y
- CONFIG_UPROBES=y
- CONFIG_BATMAN_ADV_TRACING=n
- CONFIG_NET_DROP_MONITOR=m
- CONFIG_ATH5K_TRACER=n
- CONFIG_ATH6KL_TRACING=n
- CONFIG_WIL6210_TRACING=y
- CONFIG_ATH10K_TRACING=n
- CONFIG_ATH11K_TRACING=n
- CONFIG_IWLWIFI_DEVICE_TRACING=n
- CONFIG_STM_SOURCE_FTRACE=m
- CONFIG_PSTORE_FTRACE=n
- CONFIG_DEBUG_PAGE_REF=n
- CONFIG_NOP_TRACER=y
- CONFIG_TRACER_MAX_TRACE=y
- CONFIG_TRACE_CLOCK=y
- CONFIG_RING_BUFFER=y
- CONFIG_EVENT_TRACING=y
- CONFIG_CONTEXT_SWITCH_TRACER=y
- CONFIG_RING_BUFFER_ALLOW_SWAP=y
- CONFIG_TRACING=y
- CONFIG_GENERIC_TRACER=y
- CONFIG_BOOTTIME_TRACING=y
- CONFIG_FUNCTION_TRACER=y
- CONFIG_FUNCTION_GRAPH_TRACER=y
- CONFIG_DYNAMIC_FTRACE=y
- CONFIG_DYNAMIC_FTRACE_WITH_REGS=y
- CONFIG_FUNCTION_PROFILER=y
- CONFIG_STACK_TRACER=y
- CONFIG_IRQSOFF_TRACER=n
- CONFIG_SCHED_TRACER=y
- CONFIG_HWLAT_TRACER=n
- CONFIG_OSNOISE_TRACER=y
- CONFIG_TIMERLAT_TRACER=y
- CONFIG_FTRACE_SYSCALLS=y
- CONFIG_TRACER_SNAPSHOT=y
- CONFIG_TRACER_SNAPSHOT_PER_CPU_SWAP=y
- CONFIG_BRANCH_PROFILE_NONE=y
- CONFIG_PROFILE_ANNOTATED_BRANCHES=n
- CONFIG_BLK_DEV_IO_TRACE=y
- CONFIG_KPROBE_EVENTS=y
- CONFIG_KPROBE_EVENTS_ON_NOTRACE=n
- CONFIG_UPROBE_EVENTS=y
- CONFIG_BPF_EVENTS=y
- CONFIG_DYNAMIC_EVENTS=y
- CONFIG_PROBE_EVENTS=y
- CONFIG_BPF_KPROBE_OVERRIDE=n
- CONFIG_FTRACE_MCOUNT_RECORD=y
- CONFIG_FTRACE_MCOUNT_USE_CC=y
- CONFIG_SYNTH_EVENTS=y
- CONFIG_TRACE_EVENT_INJECT=n
- CONFIG_TRACEPOINT_BENCHMARK=n
- CONFIG_RING_BUFFER_BENCHMARK=m
- CONFIG_TRACE_EVAL_MAP_FILE=n
- CONFIG_FTRACE_RECORD_RECURSION=n
- CONFIG_FTRACE_STARTUP_TEST=n
- CONFIG_RING_BUFFER_STARTUP_TEST=n
- CONFIG_RING_BUFFER_VALIDATE_TIME_DELTAS=n
- CONFIG_PREEMPTIRQ_DELAY_TEST=m
- CONFIG_SYNTH_EVENT_GEN_TEST=n
- CONFIG_KPROBE_EVENT_GEN_TEST=n
- commit 9875d6f
- Linux 5.18.14 (bsc#1012628).
- objtool: skip non-text sections when adding return-thunk sites
(bsc#1012628).
- x86/speculation: Use DECLARE_PER_CPU for x86_spec_ctrl_current
(bsc#1012628).
- efi/x86: use naked RET on mixed mode call wrapper (bsc#1012628).
- KVM: emulate: do not adjust size of fastop and setcc subroutines
(bsc#1012628).
- tools arch x86: Sync the msr-index.h copy with the kernel
sources (bsc#1012628).
- tools headers cpufeatures: Sync with the kernel sources
(bsc#1012628).
- um: Add missing apply_returns() (bsc#1012628).
- commit 847b26a
- Linux 5.18.13 (bsc#1012628).
- USB: serial: ftdi_sio: add Belimo device ids (bsc#1012628).
- usb: typec: add missing uevent when partner support PD
(bsc#1012628).
- usb: dwc3: gadget: Fix event pending check (bsc#1012628).
- gpio: sim: fix the chip_name configfs item (bsc#1012628).
- tty: serial: samsung_tty: set dma burst_size to 1 (bsc#1012628).
- x86/xen: Use clear_bss() for Xen PV guests (bsc#1012628).
- ALSA: hda - Add fixup for Dell Latitidue E5430 (bsc#1012628).
- ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3
model (bsc#1012628).
- ALSA: hda/realtek: Fix headset mic for Acer SF313-51
(bsc#1012628).
- ALSA: hda/realtek - Fix headset mic problem for a HP machine
with alc671 (bsc#1012628).
- ALSA: hda/realtek: fix mute/micmute LEDs for HP machines
(bsc#1012628).
- ALSA: hda/realtek - Fix headset mic problem for a HP machine
with alc221 (bsc#1012628).
- ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop
(bsc#1012628).
- xen/netback: avoid entering xenvif_rx_next_skb() with an empty
rx queue (bsc#1012628).
- fix race between exit_itimers() and /proc/pid/timers
(bsc#1012628).
- mm: userfaultfd: fix UFFDIO_CONTINUE on fallocated shmem pages
(bsc#1012628).
- mm: sparsemem: fix missing higher order allocation splitting
(bsc#1012628).
- mm: split huge PUD on wp_huge_pud fallback (bsc#1012628).
- mm/damon: use set_huge_pte_at() to make huge pte old
(bsc#1012628).
- tracing/histograms: Fix memory leak problem (bsc#1012628).
- net: sock: tracing: Fix sock_exceed_buf_limit not to dereference
stale pointer (bsc#1012628).
- ip: fix dflt addr selection for connected nexthop (bsc#1012628).
- ARM: 9213/1: Print message about disabled Spectre workarounds
only once (bsc#1012628).
- ARM: 9214/1: alignment: advance IT state after emulating Thumb
instruction (bsc#1012628).
- wifi: mac80211: fix queue selection for mesh/OCB interfaces
(bsc#1012628).
- cgroup: Use separate src/dst nodes when preloading css_sets
for migration (bsc#1012628).
- btrfs: return -EAGAIN for NOWAIT dio reads/writes on compressed
and inline extents (bsc#1012628).
- btrfs: zoned: fix a leaked bioc in read_zone_info (bsc#1012628).
- drm/panfrost: Put mapping instead of shmem obj on
panfrost_mmu_map_fault_addr() error (bsc#1012628).
- drm/panfrost: Fix shrinker list corruption by madvise IOCTL
(bsc#1012628).
- fs/remap: constrain dedupe of EOF blocks (bsc#1012628).
- nilfs2: fix incorrect masking of permission flags for symlinks
(bsc#1012628).
- sh: convert nommu io{re,un}map() to static inline functions
(bsc#1012628).
- Revert "evm: Fix memleak in init_desc" (bsc#1012628).
- reset: Fix devm bulk optional exclusive control getter
(bsc#1012628).
- arm64: dts: ls1028a: Update SFP node to include clock
(bsc#1012628).
- ARM: dts: imx6qdl-ts7970: Fix ngpio typo and count
(bsc#1012628).
- riscv: dts: microchip: hook up the mpfs' l2cache (bsc#1012628).
- spi: amd: Limit max transfer and message size (bsc#1012628).
- ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU
comes out of idle (bsc#1012628).
- ARM: 9210/1: Mark the FDT_FIXED sections as shareable
(bsc#1012628).
- net/mlx5e: kTLS, Fix build time constant test in TX
(bsc#1012628).
- net/mlx5e: kTLS, Fix build time constant test in RX
(bsc#1012628).
- net/mlx5e: Fix enabling sriov while tc nic rules are offloaded
(bsc#1012628).
- net/mlx5e: CT: Use own workqueue instead of mlx5e priv
(bsc#1012628).
- net/mlx5e: Fix capability check for updating vnic env counters
(bsc#1012628).
- net/mlx5e: Ring the TX doorbell on DMA errors (bsc#1012628).
- drm/amdgpu: keep fbdev buffers pinned during suspend
(bsc#1012628).
- drm/amdgpu/display: disable prefer_shadow for generic fb helpers
(bsc#1012628).
- drm/i915: fix a possible refcount leak in
intel_dp_add_mst_connector() (bsc#1012628).
- drm/i915/guc: ADL-N should use the same GuC FW as ADL-S
(bsc#1012628).
- ima: Fix a potential integer overflow in
ima_appraise_measurement (bsc#1012628).
- ASoC: sgtl5000: Fix noise on shutdown/remove (bsc#1012628).
- ASoC: tas2764: Add post reset delays (bsc#1012628).
- ASoC: tas2764: Fix and extend FSYNC polarity handling
(bsc#1012628).
- ASoC: tas2764: Correct playback volume range (bsc#1012628).
- ASoC: tas2764: Fix amp gain register offset & default
(bsc#1012628).
- ASoC: Intel: Skylake: Correct the ssp rate discovery in
skl_get_ssp_clks() (bsc#1012628).
- ASoC: Intel: Skylake: Correct the handling of fmt_config
flexible array (bsc#1012628).
- netfilter: ecache: move to separate structure (bsc#1012628).
- netfilter: conntrack: split inner loop of list dumping to own
function (bsc#1012628).
- netfilter: ecache: use dedicated list for event redelivery
(bsc#1012628).
- netfilter: conntrack: include ecache dying list in dumps
(bsc#1012628).
- netfilter: conntrack: remove the percpu dying list
(bsc#1012628).
- netfilter: conntrack: fix crash due to confirmed bit load
reordering (bsc#1012628).
- net: stmmac: dwc-qos: Disable split header for Tegra194
(bsc#1012628).
- net: ethernet: ti: am65-cpsw: Fix devlink port register sequence
(bsc#1012628).
- net: ocelot: fix wrong time_after usage (bsc#1012628).
- sysctl: Fix data races in proc_dointvec() (bsc#1012628).
- sysctl: Fix data races in proc_douintvec() (bsc#1012628).
- sysctl: Fix data races in proc_dointvec_minmax() (bsc#1012628).
- sysctl: Fix data races in proc_douintvec_minmax() (bsc#1012628).
- sysctl: Fix data races in proc_doulongvec_minmax()
(bsc#1012628).
- sysctl: Fix data races in proc_dointvec_jiffies() (bsc#1012628).
- tcp: Fix a data-race around sysctl_tcp_max_orphans
(bsc#1012628).
- inetpeer: Fix data-races around sysctl (bsc#1012628).
- net: Fix data-races around sysctl_mem (bsc#1012628).
- cipso: Fix data-races around sysctl (bsc#1012628).
- icmp: Fix data-races around sysctl (bsc#1012628).
- ipv4: Fix a data-race around sysctl_fib_sync_mem (bsc#1012628).
- ARM: dts: at91: sama5d2: Fix typo in i2s1 node (bsc#1012628).
- ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero
(bsc#1012628).
- arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC
(bsc#1012628).
- arm64: dts: broadcom: bcm4908: Fix cpu node for smp boot
(bsc#1012628).
- netfilter: nf_log: incorrect offset to network header
(bsc#1012628).
- nfp: fix issue of skb segments exceeds descriptor limitation
(bsc#1012628).
- vlan: fix memory leak in vlan_newlink() (bsc#1012628).
- netfilter: nf_tables: replace BUG_ON by element length check
(bsc#1012628).
- RISC-V: KVM: Fix SRCU deadlock caused by
kvm_riscv_check_vcpu_requests() (bsc#1012628).
- drm/i915/gvt: IS_ERR() vs NULL bug in
intel_gvt_update_reg_whitelist() (bsc#1012628).
- xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE
(bsc#1012628).
- mptcp: fix subflow traversal at disconnect time (bsc#1012628).
- NFSD: Decode NFSv4 birth time attribute (bsc#1012628).
- lockd: set fl_owner when unlocking files (bsc#1012628).
- lockd: fix nlm_close_files (bsc#1012628).
- net: marvell: prestera: fix missed deinit sequence
(bsc#1012628).
- ice: handle E822 generic device ID in PLDM header (bsc#1012628).
- ice: change devlink code to read NVM in blocks (bsc#1012628).
- tracing: Fix sleeping while atomic in kdb ftdump (bsc#1012628).
- drm/i915/selftests: fix a couple IS_ERR() vs NULL tests
(bsc#1012628).
- drm/i915/ttm: fix sg_table construction (bsc#1012628).
- drm/i915/gt: Serialize GRDOM access between multiple engine
resets (bsc#1012628).
- drm/i915/gt: Serialize TLB invalidates with GT resets
(bsc#1012628).
- drm/i915/selftests: fix subtraction overflow bug (bsc#1012628).
- bnxt_en: reclaim max resources if sriov enable fails
(bsc#1012628).
- bnxt_en: Fix bnxt_reinit_after_abort() code path (bsc#1012628).
- bnxt_en: fix livepatch query (bsc#1012628).
- bnxt_en: Fix bnxt_refclk_read() (bsc#1012628).
- sysctl: Fix data-races in proc_dou8vec_minmax() (bsc#1012628).
- sysctl: Fix data-races in proc_dointvec_ms_jiffies()
(bsc#1012628).
- tcp: Fix a data-race around sysctl_max_tw_buckets (bsc#1012628).
- icmp: Fix a data-race around sysctl_icmp_echo_ignore_all
(bsc#1012628).
- icmp: Fix data-races around sysctl_icmp_echo_enable_probe
(bsc#1012628).
- icmp: Fix a data-race around sysctl_icmp_echo_ignore_broadcasts
(bsc#1012628).
- icmp: Fix a data-race around
sysctl_icmp_ignore_bogus_error_responses (bsc#1012628).
- icmp: Fix a data-race around
sysctl_icmp_errors_use_inbound_ifaddr (bsc#1012628).
- icmp: Fix a data-race around sysctl_icmp_ratelimit
(bsc#1012628).
- icmp: Fix a data-race around sysctl_icmp_ratemask (bsc#1012628).
- raw: Fix a data-race around sysctl_raw_l3mdev_accept
(bsc#1012628).
- tcp: Fix data-races around sysctl_tcp_ecn (bsc#1012628).
- tcp: Fix a data-race around sysctl_tcp_ecn_fallback
(bsc#1012628).
- ipv4: Fix data-races around sysctl_ip_dynaddr (bsc#1012628).
- nexthop: Fix data-races around nexthop_compat_mode
(bsc#1012628).
- net: ftgmac100: Hold reference returned by
of_get_child_by_name() (bsc#1012628).
- net: stmmac: fix leaks in probe (bsc#1012628).
- ima: force signature verification when CONFIG_KEXEC_SIG is
configured (bsc#1012628).
- ima: Fix potential memory leak in ima_init_crypto()
(bsc#1012628).
- drm/amd/display: Ignore First MST Sideband Message Return Error
(bsc#1012628).
- drm/amdkfd: correct the MEC atomic support firmware checking
for GC 10.3.7 (bsc#1012628).
- drm/amd/display: Only use depth 36 bpp linebuffers on DCN
display engines (bsc#1012628).
- drm/amd/pm: Prevent divide by zero (bsc#1012628).
- drm/amd/display: Ensure valid event timestamp for cursor-only
commits (bsc#1012628).
- smb3: workaround negprot bug in some Samba servers
(bsc#1012628).
- sfc: fix use after free when disabling sriov (bsc#1012628).
- netfs: do not unlock and put the folio twice (bsc#1012628).
- seg6: fix skb checksum evaluation in SRH encapsulation/insertion
(bsc#1012628).
- seg6: fix skb checksum in SRv6 End.B6 and End.B6.Encaps
behaviors (bsc#1012628).
- seg6: bpf: fix skb checksum in bpf_push_seg6_encap()
(bsc#1012628).
- sfc: fix kernel panic when creating VF (bsc#1012628).
- net: atlantic: remove deep parameter on suspend/resume functions
(bsc#1012628).
- net: atlantic: remove aq_nic_deinit() when resume (bsc#1012628).
- KVM: x86: Fully initialize 'struct kvm_lapic_irq' in
kvm_pv_kick_cpu_op() (bsc#1012628).
- net/tls: Check for errors in tls_device_init (bsc#1012628).
- mm: sysctl: fix missing numa_stat when !CONFIG_HUGETLB_PAGE
(bsc#1012628).
- ARM: 9211/1: domain: drop modify_domain() (bsc#1012628).
- ARM: 9212/1: domain: Modify Kconfig help text (bsc#1012628).
- ASoC: dt-bindings: Fix description for msm8916 (bsc#1012628).
- tee: tee_get_drvdata(): fix description of return value
(bsc#1012628).
- s390/nospec: build expoline.o for modules_prepare target
(bsc#1012628).
- scsi: megaraid: Clear READ queue map's nr_queues (bsc#1012628).
- scsi: ufs: core: Drop loglevel of WriteBoost message
(bsc#1012628).
- nvme: fix block device naming collision (bsc#1012628).
- ksmbd: use SOCK_NONBLOCK type for kernel_accept() (bsc#1012628).
- powerpc/xive/spapr: correct bitmap allocation size
(bsc#1012628).
- vdpa/mlx5: Initialize CVQ vringh only once (bsc#1012628).
- vduse: Tie vduse mgmtdev and its device (bsc#1012628).
- platform/x86: intel/pmc: Add Alder Lake N support to PMC core
driver (bsc#1012628).
- virtio_mmio: Add missing PM calls to freeze/restore
(bsc#1012628).
- virtio_mmio: Restore guest page size on resume (bsc#1012628).
- netfilter: nf_tables: avoid skb access on nf_stolen
(bsc#1012628).
- netfilter: br_netfilter: do not skip all hooks with 0 priority
(bsc#1012628).
- scsi: hisi_sas: Limit max hw sectors for v3 HW (bsc#1012628).
- cpufreq: pmac32-cpufreq: Fix refcount leak bug (bsc#1012628).
- platform/x86: thinkpad-acpi: profile capabilities as integer
(bsc#1012628).
- platform/x86: thinkpad_acpi: do not use PSC mode on Intel
platforms (bsc#1012628).
- platform/x86: hp-wmi: Ignore Sanitization Mode event
(bsc#1012628).
- net: tipc: fix possible refcount leak in tipc_sk_create()
(bsc#1012628).
- NFC: nxp-nci: don't print header length mismatch on i2c error
(bsc#1012628).
- nvme-tcp: always fail a request when sending it failed
(bsc#1012628).
- nvme: fix regression when disconnect a recovering ctrl
(bsc#1012628).
- net: sfp: fix memory leak in sfp_probe() (bsc#1012628).
- ASoC: ops: Fix off by one in range control validation
(bsc#1012628).
- pinctrl: aspeed: Fix potential NULL dereference in
aspeed_pinmux_set_mux() (bsc#1012628).
- ASoC: Realtek/Maxim SoundWire codecs: disable pm_runtime on
remove (bsc#1012628).
- ASoC: rt711-sdca-sdw: fix calibrate mutex initialization
(bsc#1012628).
- ASoC: Intel: sof_sdw: handle errors on card registration
(bsc#1012628).
- ASoC: rt711: fix calibrate mutex initialization (bsc#1012628).
- ASoC: rt7*-sdw: harden jack_detect_handler (bsc#1012628).
- ASoC: codecs: rt700/rt711/rt711-sdca: initialize workqueues
in probe (bsc#1012628).
- ASoC: SOF: Intel: hda-dsp: Expose hda_dsp_core_power_up()
(bsc#1012628).
- ASoC: SOF: Intel: hda-loader: Make sure that the fw load
sequence is followed (bsc#1012628).
- ASoC: SOF: Intel: hda-loader: Clarify the cl_dsp_init() flow
(bsc#1012628).
- ASoC: wcd9335: Remove RX channel from old list before adding
it to a new one (bsc#1012628).
- ASoC: wcd9335: Fix spurious event generation (bsc#1012628).
- ASoC: wcd938x: Fix event generation for some controls
(bsc#1012628).
- ASoC: Intel: bytcr_wm5102: Fix GPIO related probe-ordering
problem (bsc#1012628).
- ASoC: wm_adsp: Fix event for preloader (bsc#1012628).
- ASoC: wm5110: Fix DRE control (bsc#1012628).
- ASoC: cs35l41: Correct some control names (bsc#1012628).
- ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO
error (bsc#1012628).
- ASoC: dapm: Initialise kcontrol data for mux/demux controls
(bsc#1012628).
- ASoC: cs35l41: Add ASP TX3/4 source to register patch
(bsc#1012628).
- ASoC: cs47l15: Fix event generation for low power mux control
(bsc#1012628).
- ASoC: madera: Fix event generation for OUT1 demux (bsc#1012628).
- ASoC: madera: Fix event generation for rate controls
(bsc#1012628).
- irqchip: or1k-pic: Undefine mask_ack for level triggered
hardware (bsc#1012628).
- pinctrl: imx: Add the zero base flag for imx93 (bsc#1012628).
- x86: Clear .brk area at early boot (bsc#1012628).
- soc: ixp4xx/npe: Fix unused match warning (bsc#1012628).
- ARM: dts: stm32: use the correct clock source for CEC on
stm32mp151 (bsc#1012628).
- Revert "can: xilinx_can: Limit CANFD brp to 2" (bsc#1012628).
- ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106
devices (bsc#1012628).
- ALSA: usb-audio: Add quirk for Fiero SC-01 (bsc#1012628).
- ALSA: usb-audio: Add quirk for Fiero SC-01 (fw v1.0.0)
(bsc#1012628).
- nvme-pci: phison e16 has bogus namespace ids (bsc#1012628).
- nvme: use struct group for generic command dwords (bsc#1012628).
- wireguard: selftests: set fake real time in init (bsc#1012628).
- wireguard: selftests: always call kernel makefile (bsc#1012628).
- signal handling: don't use BUG_ON() for debugging (bsc#1012628).
- ACPI: video: Fix acpi_video_handles_brightness_key_presses()
(bsc#1012628).
- vt: fix memory overlapping when deleting chars in the buffer
(bsc#1012628).
- s390/ap: fix error handling in __verify_queue_reservations()
(bsc#1012628).
- ACPI: CPPC: Fix enabling CPPC on AMD systems with shared memory
(bsc#1012628).
- serial: 8250: fix return error code in
serial8250_request_std_resource() (bsc#1012628).
- power: supply: core: Fix boundary conditions in interpolation
(bsc#1012628).
- serial: stm32: Clear prev values before setting RTS delays
(bsc#1012628).
- serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle
(bsc#1012628).
- serial: 8250: Fix PM usage_count for console handover
(bsc#1012628).
- serial: mvebu-uart: correctly report configured baudrate value
(bsc#1012628).
- x86/pat: Fix x86_has_pat_wp() (bsc#1012628).
- drm/i915/ttm: fix 32b build (bsc#1012628).
- Refresh patches.suse/x86-mm-Simplify-RESERVE_BRK.patch.
- commit b66ab1b
------------------------------------------------------------------
------------------ 2022-7-22 - Jul 22 2022 -------------------
------------------------------------------------------------------
++++ libcap:
- update to 2.65:
* Fix syntax error in DEBUG build of protected code in setcap.c.
* Prevent bash from reading the wrong startup files when the capsh --user=xxx
argument is used to invoke a shell as the user xxx. This is done by capsh now
changing the USER and HOME environment variables when --user is specified.
The argument --noenv can be used to suppress this behavior to what used to be
the problematic default. (Bug: 215926)
* Improved documentation
++++ libdrm:
- update to 2.4.112:
* xf86drmMode: introduce drmModeConnectorGetPossibleCrtcs
* xf86drmMode: introduce drmModeGetConnectorTypeName
* xf86drmMode: constify drmModeAtomicReq functions
* gen_table_fourcc: strip _MODIFIER suffix for INVALID
* testsuite fixes
++++ python-gobject:
- Update to version 3.42.2:
+ Error out instead of crashing when marshaling unsupported
fundamental types in some cases.
+ Add a workaround for a PyPy 3.9+ bug when threads are used.
+ Fix crashes when marshaling zero terminated arrays for certain
item types.
+ Fix a crash/refcounting error in case marshaling a hash table
fails.
+ Make the test suite pass again with PyPy.
+ tests: support running tests with (MSVC) CPython 3.8+ on
Windows.
+ interface: Fix leak when overriding GInterfaceInfo.
+ setup.py: look up pycairo headers without importing the module
(helps with building on Windows and MSVC CPython 3.8+).
------------------------------------------------------------------
------------------ 2022-7-21 - Jul 21 2022 -------------------
------------------------------------------------------------------
++++ gobject-introspection:
- Update to version 1.73.0:
+ Update the GIR data for GLib, GObject, GModule, and GIO.
+ scanner:
- Support pre-processor macros with zero arguments.
- Support ISO C varargs in macros.
+ Fix subproject build.
++++ iptables:
- add baselibs.conf for libip4tc2, will be needed by
libsystemd-shared-251.so
++++ kernel-default:
- arm64: Update config files. (bsc#1198737)
Enable RTC_DRV_RX8025 to support RX-8035 on Traveres Ten64 board.
- commit 74f2920
++++ util-linux:
- linux-fs.patch: Fix conflict between <linux/fs.h> and <sys/mount.h>
++++ gcc12:
- Update to gcc-12 branch head, 4f15d2234608e82159d030dadb1, git287
* includes build fixes when building against glibc 2.33.
++++ openssl-3:
- Update to 3.0.5:
* The OpenSSL 3.0.4 release introduced a serious bug in the RSA
implementation for X86_64 CPUs supporting the AVX512IFMA instructions.
This issue makes the RSA implementation with 2048 bit private keys
incorrect on such machines and memory corruption will happen during
the computation. As a consequence of the memory corruption an attacker
may be able to trigger a remote code execution on the machine performing
the computation.
SSL/TLS servers or other servers using 2048 bit RSA private keys running
on machines supporting AVX512IFMA instructions of the X86_64 architecture
are affected by this issue. [bsc#1201148, CVE-2022-2274]
* AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised
implementation would not encrypt the entirety of the data under some
circumstances. This could reveal sixteen bytes of data that was
preexisting in the memory that wasn't written. In the special case of
"in place" encryption, sixteen bytes of the plaintext would be revealed.
Since OpenSSL does not support OCB based cipher suites for TLS and DTLS,
they are both unaffected. [bsc#1201099, CVE-2022-2097]
- Rebase patches:
* openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
++++ python310-core:
- Switch from %primary_interpreter to prjconf-defined
%primary_python (gh#openSUSE/python-rpm-macros#127).
++++ rpm:
- update to rpm-4.17.1
* new bcond macro for a nicer way to define build conditionals
* openPGP parser and IMA security fixes (CVE-2021-3521)
* buildroot policy fixes
- refreshed patches:
* brp.diff
- removed patches:
* verbosearg.diff
* ocaml-cmxs.diff
* 0001-fix-minimize_writes.patch
++++ sqlite3:
- update to 3.39.2:
* Fix a performance regression in the query planner associated
with rearranging the order of FROM clause terms in the
presences of a LEFT JOIN.
* Apply fixes for CVE-2022-35737, Chromium bugs 1343348 and
1345947, forum post 3607259d3c, and other minor problems
discovered by internal testing. [boo#1201783]
++++ python310:
- Switch from %primary_interpreter to prjconf-defined
%primary_python (gh#openSUSE/python-rpm-macros#127).
++++ python310-packaging:
- Refine build and runtime requirements for primary and non-primary
builds
++++ python-rpm:
- update to rpm-4.17.1
++++ qemu:
- Substantial rework of the spec file:
* the 'make check' testsuite now runs in the %check section of
the main package, not in a subpackage
* switched from %setup to %autosetup
* rearranged the content in order to minimize the use of %if,
%ifarch, etc
- Properly fix bsc#1198038, CVE-2022-0216
* Patches added:
scsi-lsi53c895a-really-fix-use-after-fre.patch
tests-qtest-Move-the-fuzz-tests-to-x86-o.patch
- Make temp dir (for update_git.sh) configurable
- Added new subpackages (audio-dbus, ui-dbus)
- bsc#1199018 was never fixed in Factory's QEMU 6.2. It is
now (since the patches are already in SeaBIOS 1.16.0)
- Some tests are having issues when run in OBS. They seem to be
due to race conditions, triggered by resource constraints of
OBS workers. Let's disable them for now, while looking for a fix
- Update to v7.0.0 (bsc#1201307). For full release notes, see:
* https://wiki.qemu.org/ChangeLog/7.0
Be sure to also check the following pages:
* https://qemu-project.gitlab.io/qemu/about/removed-features.html
* https://qemu-project.gitlab.io/qemu/about/deprecated.html
Some notable changes:
* [ARM] The virt board has gained a new control knob to disable passing a RNG seed in the DTB (dtb-kaslr-seed)
* [ARM] The AST2600 SoC now supports a dummy version of the i3c device
* [ARM] The virt board can now run guests with KVM on hosts with restricted IPA ranges
* [ARM] The virt board now supports virtio-mem-pci
* [ARM] The virt board now supports specifying the guest CPU topology
* [ARM] On the virt board, we now enable PAuth when using KVM or hvf and the host CPU supports it
* [RISC-V] Add support for ratified 1.0 Vector extension
* [RISC-V] Support for the Zve64f and Zve32f extensions
* [RISC-V] Drop support for draft 0.7.1 Vector extension
* [RISC-V] Support Zfhmin and Zfh extensions
* [RISC-V] RISC-V KVM support
* [RISC-V] Mark Hypervisor extension as non experimental
* [RISC-V] Enable Hypervisor extension by default
* [x86] Support for Intel AMX.
* [PCI/PCIe] Q35: fix PCIe device becoming disabled after migration when ACPI based PCI hotplug is used (6b0969f1ec)
* [PCI/PCIe] initial bits of SR/IOV support (250346169)
* [PCI/PCIe] arm/virt: fixed PXB interrupt routing (e609301b45)
* [PCI/PCIe] arm/virt: support for virtio-mem-pci (b1b87327a9)
* [virtiofs] Fix for CVE-2022-0358 - behaviour with supplementary groups and SGID directories
* [virtiofs] Improved security label support
* [virtiofs] The virtiofsd in qemu is now starting to be deprecated; please start using and contributing to Rust virtiofsd
* Patches dropped:
acpi-validate-hotplug-selector-on-access.patch
block-backend-Retain-permissions-after-m.patch
block-qdict-Fix-Werror-maybe-uninitializ.patch
brotli-fix-actual-variable-array-paramet.patch
display-qxl-render-fix-race-condition-in.patch
doc-Add-the-SGX-numa-description.patch
hw-i386-amd_iommu-Fix-maybe-uninitialize.patch
hw-intc-exynos4210_gic-provide-more-room.patch
hw-nvme-fix-CVE-2021-3929.patch
hw-nvram-at24-return-0xff-if-1-byte-addr.patch
iotest-065-explicit-compression-type.patch
iotest-214-explicit-compression-type.patch
iotest-302-use-img_info_log-helper.patch
iotest-303-explicit-compression-type.patch
iotest-39-use-_qcow2_dump_header.patch
iotests-60-more-accurate-set-dirty-bit-i.patch
iotests-bash-tests-filter-compression-ty.patch
iotests-common.rc-introduce-_qcow2_dump_.patch
iotests-declare-lack-of-support-for-comp.patch
iotests-drop-qemu_img_verbose-helper.patch
iotests-massive-use-_qcow2_dump_header.patch
iotests-MRCE-Write-data-to-source.patch
iotests.py-filter-out-successful-output-.patch
iotests.py-img_info_log-rename-imgopts-a.patch
iotests.py-implement-unsupported_imgopts.patch
iotests.py-qemu_img-create-support-IMGOP.patch
iotests.py-rewrite-default-luks-support-.patch
iotests-specify-some-unsupported_imgopts.patch
meson-build-all-modules-by-default.patch
numa-Enable-numa-for-SGX-EPC-sections.patch
numa-Support-SGX-numa-in-the-monitor-and.patch
python-aqmp-add-__del__-method-to-legacy.patch
python-aqmp-add-_session_guard.patch
python-aqmp-add-SocketAddrT-to-package-r.patch
python-aqmp-add-socket-bind-step-to-lega.patch
python-aqmp-add-start_server-and-accept-.patch
python-aqmp-copy-type-definitions-from-q.patch
python-aqmp-drop-_bind_hack.patch
python-aqmp-fix-docstring-typo.patch
python-aqmp-Fix-negotiation-with-pre-oob.patch
python-aqmp-fix-race-condition-in-legacy.patch
Python-aqmp-fix-type-definitions-for-myp.patch
python-aqmp-handle-asyncio.TimeoutError-.patch
python-aqmp-refactor-_do_accept-into-two.patch
python-aqmp-remove-_new_session-and-_est.patch
python-aqmp-rename-accept-to-start_serve.patch
python-aqmp-rename-AQMPError-to-QMPError.patch
python-aqmp-split-_client_connected_cb-o.patch
python-aqmp-squelch-pylint-warning-for-t.patch
python-aqmp-stop-the-server-during-disco.patch
python-introduce-qmp-shell-wrap-convenie.patch
python-machine-raise-VMLaunchFailure-exc.patch
python-move-qmp-shell-under-the-AQMP-pac.patch
python-move-qmp-utilities-to-python-qemu.patch
python-qmp-switch-qmp-shell-to-AQMP.patch
python-support-recording-QMP-session-to-.patch
python-upgrade-mypy-to-0.780.patch
qcow2-simple-case-support-for-downgradin.patch
qemu-binfmt-conf.sh-should-use-F-as-shor.patch
tests-qemu-iotests-040-Skip-TestCommitWi.patch
tests-qemu-iotests-Fix-051-for-binaries-.patch
tests-qemu-iotests-testrunner-Quote-case.patch
tools-virtiofsd-Add-rseq-syscall-to-the-.patch
ui-cursor-fix-integer-overflow-in-cursor.patch
vhost-vsock-detach-the-virqueue-element-.patch
virtiofsd-Drop-membership-of-all-supplem.patch
virtio-net-fix-map-leaking-on-error-duri.patch
Disable-some-tests-that-have-problems-in.patch
* Patches added:
intc-exynos4210_gic-replace-snprintf-wit.patch
Revert-8dcb404bff6d9147765d7dd3e9c849337.patch
++++ util-linux-systemd:
- linux-fs.patch: Fix conflict between <linux/fs.h> and <sys/mount.h>
------------------------------------------------------------------
------------------ 2022-7-20 - Jul 20 2022 -------------------
------------------------------------------------------------------
++++ ansible:
- BREAKING CHANGE:
use this package for the ansible release made by the ansible
community. This requires ansible-core, which will contain the
actual ansible binar
- rework ansible-rpmlintrc file to only use the filters we need
- most of the errors are handled inside the %build section
++++ ansible-core:
- package conflicts with ansible < 3, i.e. the old packaging scheme
- update to 2.13.2:
* Minor Changes
- ansible-test - An improved error message is shown when the download of a pip bootstrap script fails. The download now uses urllib2 instead of urllib on Python 2.
* Bugfixes
- Move undefined check from concat to finalize (#78156)
- ansible-doc - no longer list module and plugin aliases that are created with symlinks (#78137).
- ansible-doc - when listing modules in collections, proceed recursively. This fixes module listing for community.general 5.x.y and community.network 4.x.y (#78137).
- ansible-doc will not add 'website for' in ":ref:" substitutions as it made them confusing.
- file backed cache plugins now handle concurrent access by making atomic updates to the files.
- password lookup does not ignore k=v arguments anymore.
- user - Fix error "Permission denied" in user module while generating SSH keys (#78017).
- update to 2.13.1:
* Minor Changes
- Add an 'action_plugin' field for modules in runtime.yml plugin_routing.
This fixes module_defaults by supporting modules-as-redirected-actions without redirecting module_defaults entries to the common action.
With the runtime.yml above for ns.coll, a task such as
will end up with defaults for eos_facts and eos_command since both modules redirect to the same action.
To select an action plugin for a module without merging module_defaults, define an action_plugin field for the resolved module in the runtime.yml.
The action_plugin field can be a redirected action plugin, as it is resolved normally.
Using the modified runtime.yml, the example task will only use the ns.coll.eos_facts defaults.
- ansible-galaxy - Support resolvelib versions 0.6.x, 0.7.x, and 0.8.x. The full range of supported versions is now >= 0.5.3, < 0.9.0.
- ansible-test - Add RHEL 9.0 remote support.
- ansible-test - Add support for Ubuntu VMs using the --remote option.
- ansible-test - Add support for exporting inventory with ansible-test shell --export {path}.
- ansible-test - Add support for multi-arch remotes.
- ansible-test - Add support for running non-interactive commands with ansible-test shell.
- ansible-test - Avoid using the mock_use_standalone_module setting for unit tests running on Python 3.8 or later.
- ansible-test - Blocking mode is now enforced for stdin, stdout and stderr. If any of these are non-blocking then ansible-test will exit during startup with an error.
- ansible-test - Improve consistency of output messages by using stdout or stderr for most output, but not both.
- ansible-test - The shell command can be used outside a collection if no controller delegation is required.
* Bugfixes
- Add PyYAML >= 5.1 as a dependency of ansible-core to be compatible with Python 3.8+.
- ansible-config dump - Only display plugin type headers when plugin options are changed if --only-changed is specified.
- ansible-galaxy - handle unsupported versions of resolvelib gracefully.
- ansible-test - Fix internal validation of remote completion configuration.
- ansible-test - Prevent --target- prefixed options for the shell command from being combined with legacy environment options.
- ansible-test - Sanity test output with the --lint option is no longer mixed in with bootstrapping output.
- ansible-test - Subprocesses are now isolated from the stdin, stdout and stderr of ansible-test. This avoids issues with subprocesses tampering with the file descriptors, such as SSH making them non-blocking. As a result of this change, subprocess output from unit and integration tests on stderr now go to stdout.
- ansible-test - Subprocesses no longer have access to the TTY ansible-test is connected to, if any. This maintains consistent behavior between local testing and CI systems, which typically do not provide a TTY. Tests which require a TTY should use pexpect or another mechanism to create a PTY.
- apt module now correctly handles virtual packages.
- lookup plugin - catch KeyError when lookup returns dictionary (#77789).
- pip - fix cases where resolution of pip Python module fails when importlib.util has not already been imported
- plugin loader - Sort results when fuzzy matching plugin names (#77966).
- plugin loader will now load config data for plugin by name instead of by file to avoid issues with the same file being loaded under different names (fqcn + short name).
- psrp connection now handles default to inventory_hostname correctly.
- winrm connection now handles default to inventory_hostname correctly.
- update to 2.13.0:
Full changelog see
https://github.com/ansible/ansible/blob/stable-2.13/changelogs/CHANGELOG-v2.13.rst#v2130
- update to 2.12.7:
* Minor Changes
- Add an 'action_plugin' field for modules in runtime.yml plugin_routing.
This fixes module_defaults by supporting modules-as-redirected-actions without redirecting module_defaults entries to the common action.
With the runtime.yml above for ns.coll, a task such as
will end up with defaults for eos_facts and eos_command since both modules redirect to the same action.
To select an action plugin for a module without merging module_defaults, define an action_plugin field for the resolved module in the runtime.yml.
The action_plugin field can be a redirected action plugin, as it is resolved normally.
Using the modified runtime.yml, the example task will only use the ns.coll.eos_facts defaults.
- ansible-test - Avoid using the mock_use_standalone_module setting for unit tests running on Python 3.8 or later.
* Bugfixes
- pip - fix cases where resolution of pip Python module fails when importlib.util has not already been imported
- plugin loader - Sort results when fuzzy matching plugin names (#77966).
- update to 2.12.6:
* Bugfixes
- Prevent losing unsafe on results returned from lookups (#77535)
- arg_spec - Fix incorrect no_log warning when a parameter alias is used (#77576)
- plugin loader will now load config data for plugin by name instead of by file to avoid issues with the same file being loaded under different names (fqcn + short name).
- variablemanager, more efficient read of vars files
- update to 2.12.5:
* Bugfixes
- Ansible.ModuleUtils.SID - Use user principal name as is for lookup in the Convert-ToSID function - #77316
- Fix traceback when installing a collection from a git repository and git is not installed (#77479).
- ansible-test - Correctly detect when running as the root user (UID 0) on the origin host. The result of the detection was incorrectly being inverted.
- ansible-test - Fix skipping of tests marked needs/python on the origin host.
- ansible-test - Fix skipping of tests marked needs/root on the origin host.
- ansible-test compile sanity test - do not crash if a column could not be determined for an error (#77465).
- hostname - use file_get_content() to read the file containing the host name in the FileStrategy.get_permanent_hostname() method. This prevents a TypeError from being raised when the strategy is used (#77025).
- script - skip in check mode since the plugin cannot determine if a change will occur.
- shell/command - only skip in check mode if the options creates and removes are both None.
- winrm - Ensure kinit is run with the same PATH env var as the Ansible process
++++ dracut:
- Update to version 057+suse.303.gc4ea1bea:
* fix(network-legacy): add auto timeout to wicked DHCP test (bsc#1198709)
* fix(network-legacy): check if dhclient has --timeout option
* fix(man): correct typo
* fix(network-legacy): properly install dhclient
* fix(fips): add missing bash dependency
++++ kernel-default:
- kernel-obs-build: include qemu_fw_cfg (boo#1201705)
- commit e2263d4
- Refresh
patches.suse/0001-fbdev-Disable-sysfb-device-registration-when-removin.patch.
- Refresh
patches.suse/0001-firmware-sysfb-Add-sysfb_disable-helper-function.patch.
- Refresh
patches.suse/0001-firmware-sysfb-Make-sysfb_create_simplefb-return-a-p.patch.
Update upstream status.
- commit 6a770c6
- Delete
patches.kernel.org/5.18.12-013-objtool-skip-non-text-sections-when-adding-re.patch.
No traces of the objtool patch in upstream whatsoever, so drop that.
The rest: move out of patches.kernel.org as it hasn't landed there yet.
Place the patches into sorted section instead where they belong.
- commit 3415e51
++++ python-iniconfig:
- BuildRequire itself when building test flavour.
++++ qemu:
- Fix bsc#1197084
* Patches added:
hostmem-default-the-amount-of-prealloc-t.patch
++++ u-boot-rpiarm64:
- Add board and usage documentation to the package (bsc#1201077)
++++ zypper:
- lr: Allow shortening the Name column if table is wider than the
terminal (bsc#1201638)
- Don't accepts install/remove modifier without argument
(bsc#1201576)
- zypper-download: Set correct ExitInfoCode when failing to
resolve argument.
- zypper-download: Handle unresolvable arguments as error.
This commit changes zypper-download such that it behaves more
consistent to zypper-install when an argument can't be resolved.
- version 1.14.55
------------------------------------------------------------------
------------------ 2022-7-19 - Jul 19 2022 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Input: i8042 - Apply probe defer to more ASUS ZenBook models
(bsc#1190256).
- commit 6307fb1
++++ systemd:
- Enable oomd (bsc#1200456)
It's part of the experimental sub-package for now.
- Import commit 8cd784e9250b38d20d8e14fccbfb211010283c79 (merge of v251.3)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/32912879062bb1595d8498b6f9c77d5acd1dc66a...8cd784e9250b38d20d8e14fccbfb211010283c79
- Import commit 32912879062bb1595d8498b6f9c77d5acd1dc66a
111b96ca86 logind: don't delay login for root even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- Enable bpf framework
++++ libvirt:
- spec: Don't redefine libexecdir
boo#1201565
++++ libzypp:
- Add PoolItem::statusReinit to reset the status it's initial
state in the ResPool (might help bsc#1199895)
This may either be 'KEEP_STATE bySOLVER' or 'LOCKED byUSER' if
the PoolItem matched a hard lock defined in /etc/zypp/locks.
- Fix building with GCC 13 on i586 (fixes #407, fixes #396)
- Be prepared to receive exceptions from curl_easy_cleanup
(bsc#1201092)
- Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993)
- Remove Medianetwork and dependend code.
This commit removes the MediaNetwork tech preview and all related
code. First reason for this is that MediaNetwork was just meant
as a way to test the new CURL based downloader and second: since
the Provide API is going to completely replace the current media
backend it would be extra work to ensure that changes on the
Downloader do not break MediaNetwork.
- version 17.31.0 (22)
++++ python-cffi:
- update to 1.15.1:
* If you call ffi.embedding_api() but don’t write any extern “Python†function
there, then the resulting C code would fail an assert. Fixed.
* Updated Windows/arm64 embedded libffi static lib to v3.4.2, and scripted to
ease future updates (thanks Niyas Sait!)
++++ python-charset-normalizer:
- update to 2.1.0:
* Output the Unicode table version when running the CLI with `--version`
* Re-use decoded buffer for single byte character sets
* Fixing some performance bottlenecks
* Workaround potential bug in cpython with Zero Width No-Break Space located
* in Arabic Presentation Forms-B, Unicode 1.1 not acknowledged as space
* CLI default threshold aligned with the API threshold from
* Support for Python 3.5 (PR #192)
* Use of backport unicodedata from `unicodedata2` as Python is quickly
catching up, scheduled for removal in 3.0
++++ python-cryptography:
- update to 37.0.4:
* updated wheels to b ecompiled against openssl 3.0.5
++++ python-immutables:
- update to 0.18:
* Fix iteration when tree is 7 levels deep and has collissions
* Test on python 3.10
* consolidate mypy and pytest config into pyproject.toml
++++ virt-manager:
- Add Source URL
- Add upstream patch virtman-pr381-setuptools-61.patch
gh#virt-manager/virt-manager#381
- Enable tests
* No python package should go untested
* Use multibuild so that all runtime requirements are checked
* Add virtman-34662fe-argcomplete.patch
------------------------------------------------------------------
------------------ 2022-7-18 - Jul 18 2022 -------------------
------------------------------------------------------------------
++++ gsettings-desktop-schemas:
- Update to version 43.alpha:
+ Fix description of use-same-proxy setting.
+ Updated translations.
++++ kernel-default:
- config: i386: Enable DRM stack for early-boot graphics (boo#1193474)
Replace fbdev's generic drivers with DRM-based simpledrm. Enables the
DRM graphics stack for early-boot graphics, recovery and unsupported
chipsets.
- commit 3305623
- x86/bugs: Remove apostrophe typo (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- commit 34930df
- Refresh
patches.rpmify/x86-asm-32-fix-ANNOTATE_UNRET_SAFE-use-on-32bit.patch.
- Refresh
patches.suse/tty-extract-tty_flip_buffer_commit-from-tty_flip_buf.patch.
- Refresh
patches.suse/tty-use-new-tty_insert_flip_string_and_push_buffer-i.patch.
- Refresh
patches.suse/x86-entry-Remove-UNTRAIN_RET-from-native_irq_return_.patch.
- Refresh
patches.suse/x86-kvm-fix-FASTOP_SIZE-when-return-thunks-are-enabl.patch.
Update upstream status.
- commit fcd7336
++++ kernel-firmware:
- Update to version 20220714 (git commit 84661a3ba62f):
* amdgpu: update DMCUB firmware for DCN 3.1.6
* WHENCE: Correct dangling symlinks
* Correct WHENCE entry for wfx firmware
* bnx2: Drop unsupported Broadcom NetXtremeII firmware
* bnx2: drop unsupported firmwares
* bnx2: sort firmware names in filesystem order
* Remove old Broadcom Everest (bnx2x) v4/5 firmware
* drop Token Ring network firmwares
* Drop TDA7706 radio firmware
* Drop Intel WiMax firmware
* Drop Computone IntelliPort Plus serial firmware
* Drop ATM Ambassador devices firmware
* brocade: drop old unsupported firmware revs
* amdgpu: update yellow carp DMCUB firmware
* linux-firmware: update firmware for MT7622 WiFi device
* linux-firmware: update firmware for MT7922 WiFi device
* linux-firmware: update firmware for mediatek bluetooth chip (MT7922)
* linux-firmware: Update firmware file for Intel Bluetooth 9462
* linux-firmware: Update firmware file for Intel Bluetooth 9462
* linux-firmware: Update firmware file for Intel Bluetooth 9560
* linux-firmware: Update firmware file for Intel Bluetooth 9560
* linux-firmware: Update firmware file for Intel Bluetooth AX201
* linux-firmware: Update firmware file for Intel Bluetooth AX201
* linux-firmware: Update firmware file for Intel Bluetooth AX211
* linux-firmware: Update firmware file for Intel Bluetooth AX211
* linux-firmware: Update firmware file for Intel Bluetooth AX210
* linux-firmware: Update firmware file for Intel Bluetooth AX200
* linux-firmware: Update firmware file for Intel Bluetooth AX201
* mediatek: Add SCP firmware for MT8186
* rtw88: 8822c: Update normal firmware to v9.9.13
* rtw88: 8822c: Update normal firmware to v9.9.12
- Drop obsoleted temporary patches:
wfx-WHENCE-fix.diff
brcm-symlink-fixes.diff
- Minor update of README.build
- Fix missing aliases for qlogic (bsc#1200889)
++++ alsa:
- Update to version 1.2.7.2: minor updates, including fixes for PCM
share plugin, rawmidi and UCM
++++ ncurses:
- Add ncurses patch 20220716
+ build-fix for test_mouse.c, for non-standard cfmakeraw.
+ improve shell-scripts with shellcheck
+ fix typo in run_tic.in (report/patch by Jan Starke).
++++ openssl-3:
- Update to 3.0.4: [bsc#1199166, CVE-2022-1292]
* In addition to the c_rehash shell command injection identified in
CVE-2022-1292, further bugs where the c_rehash script does not
properly sanitise shell metacharacters to prevent command injection
have been fixed.
When the CVE-2022-1292 was fixed it was not discovered that there
are other places in the script where the file names of certificates
being hashed were possibly passed to a command executed through the shell.
This script is distributed by some operating systems in a manner where
it is automatically executed. On such operating systems, an attacker
could execute arbitrary commands with the privileges of the script.
Use of the c_rehash script is considered obsolete and should be replaced
by the OpenSSL rehash command line tool.
* Case insensitive string comparison no longer uses locales.
It has instead been directly implemented.
- Update to 3.0.3:
* Case insensitive string comparison is reimplemented via new locale-agnostic
comparison functions OPENSSL_str[n]casecmp always using the POSIX locale for
comparison. The previous implementation had problems when the Turkish locale
was used.
* Fixed a bug in the c_rehash script which was not properly sanitising shell
metacharacters to prevent command injection. This script is distributed by
some operating systems in a manner where it is automatically executed. On
such operating systems, an attacker could execute arbitrary commands with the
privileges of the script.
Use of the c_rehash script is considered obsolete and should be replaced
by the OpenSSL rehash command line tool. [bsc#1199166, CVE-2022-1292]
* Fixed a bug in the function 'OCSP_basic_verify' that verifies the signer
certificate on an OCSP response. The bug caused the function in the case
where the (non-default) flag OCSP_NOCHECKS is used to return a postivie
response (meaning a successful verification) even in the case where the
response signing certificate fails to verify.
It is anticipated that most users of 'OCSP_basic_verify' will not use the
OCSP_NOCHECKS flag. In this case the 'OCSP_basic_verify' function will return
a negative value (indicating a fatal error) in the case of a certificate
verification failure. The normal expected return value in this case would be 0.
This issue also impacts the command line OpenSSL "ocsp" application. When
verifying an ocsp response with the "-no_cert_checks" option the command line
application will report that the verification is successful even though it
has in fact failed. In this case the incorrect successful response will also
be accompanied by error messages showing the failure and contradicting the
apparently successful result. [bsc#1199167, CVE-2022-1343]
* Fixed a bug where the RC4-MD5 ciphersuite incorrectly used the
AAD data as the MAC key. This made the MAC key trivially predictable.
An attacker could exploit this issue by performing a man-in-the-middle attack
to modify data being sent from one endpoint to an OpenSSL 3.0 recipient such
that the modified data would still pass the MAC integrity check.
Note that data sent from an OpenSSL 3.0 endpoint to a non-OpenSSL 3.0
endpoint will always be rejected by the recipient and the connection will
fail at that point. Many application protocols require data to be sent from
the client to the server first. Therefore, in such a case, only an OpenSSL
3.0 server would be impacted when talking to a non-OpenSSL 3.0 client.
[bsc#1199168, CVE-2022-1434]
* Fix a bug in the OPENSSL_LH_flush() function that breaks reuse of the memory
occuppied by the removed hash table entries.
This function is used when decoding certificates or keys. If a long lived
process periodically decodes certificates or keys its memory usage will
expand without bounds and the process might be terminated by the operating
system causing a denial of service. Also traversing the empty hash table
entries will take increasingly more time. Typically such long lived processes
might be TLS clients or TLS servers configured to accept client certificate
authentication. [bsc#1199169, CVE-2022-1473]
* The functions 'OPENSSL_LH_stats' and 'OPENSSL_LH_stats_bio' now only report
the 'num_items', 'num_nodes' and 'num_alloc_nodes' statistics. All other
statistics are no longer supported. For compatibility, these statistics are
still listed in the output but are now always reported as zero.
++++ polkit:
- split out pkexec into seperate package to make system hardening
easier (to avoid installing it jsc#PED-132 jsc#PED-148).
++++ libslirp:
- Update to version 4.7.0+44 (current git master):
* Fix vmstate regression
* msvc: use char* for pointer arithmetic
* Align outgoing packets
* Bump incoming packet alignment to 8 bytes
* msvc: fix some gcc-specific pragma warnings
* msvc: enable vmstate code on !gnuc
* vmstate: only enable when building under GNU C
* ncsitest: Fix build with msvc
* Avoid running git-version-gen when building with MS VC
* windows: export symbols
* win32: replace strcasecmp with g_ascii_strcasecmp
* Drop spurious inline
* Avoid returning void
* Fix arithmetic on void *
* Avoid using ##__VA_ARGS__ gcc extension
* Fix bitfields order for MSVC
* Separate out SLIRP_PACKED to SLIRP_PACKED_BEGIN/END
* Do not use ssize_t on Windows
* Do not include unistd.h on windows, it does not have it
* Accept build-aux/git-version-gen failing to run
* container_of: avoid using __extension__
* ncsi: Add Mellanox Get Mac Address handler
* slirp: Add out-of-band ethernet address
* ncsi: Add OEM command handler
* ncsi: Add basic test for Get Version ID response
* ncsi: Use response header for payload length
* ncsi: Pass command header to response handlers
* src/slirp.h: Bump the minimum Windows version to Windows 7
* ncsi: Add Get Version ID command
* ncsi: Pass Slirp structure to response handlers
* slirp: Add manufacturer's ID
* Add support for Haiku to meson.build
* meson: add extra warnings
* win32: declare some local functions as static
* Include <sys/socket.h> and <arpa/inet.h> for AF_INET6 and inet_pton
* Release v4.7.0
* bump ABI version and age
* slirp: invoke client callback before creating timers
* pingtest: port to timer_new_opaque
* introduce timer_new_opaque callback
* introduce slirp_timer_new wrapper
* icmp6: make ndp_send_ra static
* Add sanitizers CI runs
* socket: Handle ECONNABORTED from recv
* bootp: fix g_str_has_prefix warning/critical
* slirp: Don't duplicate packet in tcp_reass
* Rename insque/remque -> slirp_[ins|rem]que
* mbuf: Use SLIRP_DEBUG to enable mbuf debugging instead of DEBUG
* Replace inet_ntoa() with safer inet_ntop()
* Add VMS_END marker
* bootp: add support for UEFI HTTP boot
* IPv6 DNS proxying support
* Add missing scope_id in caching
* Drop fixed TODO
* socket: Move closesocket(so->s_aux) to sofree
* socket: Check so_type instead of so_tcpcb for Unix-to-inet translation
* socket: Add s_aux field to struct socket for storing auxilliary socket
* socket: Initialize so_type in socreate
* socket: Allocate Unix-to-TCP hostfwd port from OS by binding to port 0
* Allow to disable internal DHCP server
* slirp_pollfds_fill: Explain why dividing so_snd.sb_datalen by two
* CI: run integration tests with slirp4netns
* socket: Check address family for Unix-to-inet accept translation
* socket: Add debug args for tcpx_listen (inet and Unix sockets)
* socket: Restore original definition of fhost
* socket: Move <sys/un.h> include to socket.h
* Support Unix sockets in hostfwd
* resolv: fix IPv6 resolution on Darwin
* Use the exact sockaddr size in getnameinfo call
* Initialize sin6_scope_id to zero
* slirp_socketpair_with_oob: Connect pair through 127.0.0.1
* resolv: fix memory leak when using libresolv
* pingtest: Add a trivial ping test
* icmp: Support falling back on trying a SOCK_RAW socket
++++ systemd:
- When systemd-container is installed install tar/gpg too
So `machinectl import-tar` always works flawlessly. systemd-container already
is an optional package and both tar and gpg are rather basic anyway so no harm
should be done by requiring them.
- Move the systemd sysupdate stuff from the main package to the experimental
sub-package while it's still time. The method used (currently) for updating
openSUSE distro is rpm, not systemd-sysupdate.
------------------------------------------------------------------
------------------ 2022-7-17 - Jul 17 2022 -------------------
------------------------------------------------------------------
++++ docker:
- Change to using systemd-sysusers
++++ kernel-default:
- Update to 5.19-rc7
- drop obsolete patches
- patches.suse/tty-extract-tty_flip_buffer_commit-from-tty_flip_buf.patch
- patches.suse/tty-use-new-tty_insert_flip_string_and_push_buffer-i.patch
- update configs (x86 only)
- SPECULATION_MITIGATIONS=y
- RETHUNK=y
- CPU_UNRET_ENTRY=y
- CPU_IBPB_ENTRY=y
- CPU_IBRS_ENTRY=y
- commit 900302b
++++ python-resolvelib:
- update to 0.8.1:
* A new reporter hook ``resolving_conflicts`` is added. The resolver triggers
* this hook when it detects conflicts in the dependency tree, and before it
* attempts to fix them. The hook accepts one single argument ``causes``, which
* is a list of ``(requirement, parent)`` 2-tuples that represents all the
* edges that lead to the detected conflicts.
++++ qemu:
- Get rid of downstream patches breaking s390 modules. Replace
them with the upstream proposed and Acked (but never committed)
solution (bsc#1199015)
* Patches added:
modules-generates-per-target-modinfo.patch
modules-introduces-module_kconfig-direct.patch
* Patches dropped:
Fix-the-module-building-problem-for-s390.patch
modules-quick-fix-a-fundamental-error-in.patch
------------------------------------------------------------------
------------------ 2022-7-16 - Jul 16 2022 -------------------
------------------------------------------------------------------
++++ python-gobject:
- Work around vendored distutils in setuptools >= 60 incorrectly
installing pkgconfig files into the wrong libdir
++++ python-pycairo:
- Work around vendored distutils in setuptools >= 60 incorrectly
installing pkgconfig files into the wrong libdir
- Deduplicate files in python_sitearch
++++ python-setuptools:
- update to version 63.2.0:
* Changes
+ #3395: Included a performance optimization:
setuptools.build_meta no longer tries to :func:`compile` the
setup script code before :func:`exec`-ing it.
* Misc
+ #3435: Corrected issue in macOS framework builds on Python 3.9
not installed by homebrew (pypa/distutils#158).
++++ qemu:
- backport patches for having coroutine work well when LTO is used
* Patches added:
coroutine-ucontext-use-QEMU_DEFINE_STATI.patch
coroutine-use-QEMU_DEFINE_STATIC_CO_TLS.patch
coroutine-win32-use-QEMU_DEFINE_STATIC_C.patch
- seabios: drop patch that changes python in python2.
Just go to python3 directly.
* Patches dropped:
seabios-use-python2-explicitly-as-needed.patch
------------------------------------------------------------------
------------------ 2022-7-15 - Jul 15 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- let Mesa ignore Mesa-dri as dep to resolve a build cycle
(related to boo#1201474
++++ Mesa-drivers:
- let Mesa ignore Mesa-dri as dep to resolve a build cycle
(related to boo#1201474
++++ apparmor:
- Add apparmor-setuptools61-mr897.patch
https://gitlab.com/apparmor/apparmor/-/merge_requests/897
- Add buildtime dependencies on python-rpm-macros and setuptools
++++ kernel-default:
- Linux 5.18.12 (bsc#1012628).
- Revert "mtd: rawnand: gpmi: Fix setting busy timeout setting"
(bsc#1012628).
- commit 3198c22
- Refresh
patches.suse/0001-drm-aperture-Run-fbdev-removal-before-internal-helpe.patch.
Update upstream status.
- commit 4fcb983
- x86/mm: Simplify RESERVE_BRK() (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- commit da1381f
- x86/entry: Remove UNTRAIN_RET from native_irq_return_ldt
(bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit ce3ce6a
- Refresh
patches.suse/x86-kvm-fix-FASTOP_SIZE-when-return-thunks-are-enabl.patch.
Update to upstream version.
- commit 3f7e318
++++ libapparmor:
- Add apparmor-setuptools61-mr897.patch
https://gitlab.com/apparmor/apparmor/-/merge_requests/897
- Add buildtime dependencies on python-rpm-macros and setuptools
++++ sqlite3:
- update to 3.39.1:
* Fix an incorrect result from a query that uses a view that
contains a compound SELECT in which only one arm contains a
RIGHT JOIN and where the view is not the first FROM clause term
of the query that contains the view
* Fix a long-standing problem with ALTER TABLE RENAME that can
only arise if the sqlite3_limit(SQLITE_LIMIT_SQL_LENGTH) is set
to a very small value.
* Fix a long-standing problem in FTS3 that can only arise when
compiled with the SQLITE_ENABLE_FTS3_PARENTHESIS compile-time
option.
* Fix the initial-prefix optimization for the REGEXP extension so
that it works correctly even if the prefix contains characters
that require a 3-byte UTF8 encoding.
* Enhance the sqlite_stmt virtual table so that it buffers all of
its output.
++++ perl:
- move builtin.pm to perl-base as File::Copy relies on it since last
update.
This fixes execution of builtime source services in OBS.
++++ python310-packaging:
- Split primary flavor in multibuild for possible inclusion into
Ring0
++++ python-psutil:
- Fix tests: setuptools changed the builddir library path and does
not find the module from it. Use the installed platlib instead
and exclude psutil.tests only later.
- Refresh skip-obs.patch
++++ python310-pyparsing:
- Split primary flavor in multibuild for possible inclusion into
Ring0
- Remove hardcoded primary_python variable.
++++ qemu:
- Fix the following bugs:
- bsc#1198037, CVE-2021-4207
- bsc#1198038, CVE-2022-0216
- bsc#1201367, CVE-2022-35414
- bsc#1198035, CVE-2021-4206
- bsc#1198712, CVE-2022-26354
- bsc#1198711, CVE-2022-26353
* Patches added:
display-qxl-render-fix-race-condition-in.patch
scsi-lsi53c895a-fix-use-after-free-in-ls.patch
softmmu-Always-initialize-xlat-in-addres.patch
ui-cursor-fix-integer-overflow-in-cursor.patch
vhost-vsock-detach-the-virqueue-element-.patch
virtio-net-fix-map-leaking-on-error-duri.patch
------------------------------------------------------------------
------------------ 2022-7-14 - Jul 14 2022 -------------------
------------------------------------------------------------------
++++ container-selinux:
- Update to version 2.188.0:
* Allow confined containers to mount overlay filesystems
Fixed bsc#1201348
++++ glibc:
- nptl-cleanup-async-restore-2.patch: nptl: Fix
___pthread_unregister_cancel_restore asynchronous restore (bsc#1200093,
BZ #29214)
++++ kernel-default:
- rpm/kernel-binary.spec.in: Require dwarves >= 1.22 on SLE15-SP3 or newer
Dwarves 1.22 or newer is required to build kernels with BTF information
embedded in modules.
- commit ee19e9d
- x86/asm/32: Fix ANNOTATE_UNRET_SAFE use on 32-bit (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
Update upstream status.
- commit eae54b1
- tty: use new tty_insert_flip_string_and_push_buffer() in
pty_write() (bsc#1198829 CVE-2022-1462).
- tty: extract tty_flip_buffer_commit() from
tty_flip_buffer_push() (bsc#1198829 CVE-2022-1462).
- tty: use new tty_insert_flip_string_and_push_buffer() in
pty_write() (bsc#1198829 CVE-2022-1462).
- tty: extract tty_flip_buffer_commit() from
tty_flip_buffer_push() (bsc#1198829 CVE-2022-1462).
- commit cec52d3
- x86/kvm: fix FASTOP_SIZE when return thunks are enabled
(bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit 86ef7b4
++++ libglvnd:
- let libglvnd require Mesa-dri so GL drivers are available on
Wayland-only desktop installations (boo#1201474)
++++ openldap2:
- removed obsolete 0017-Resolve-error-handling-in-new-ctx-when-global.patch
- update to 2.6.3
* Fixed librewrite declaration of calloc (ITS#9841)
* Fixed libldap to check for NULL ld (ITS#9157)
* Fixed libldap memory leaks (ITS#9876)
* Fixed lloadd to correctly tag Notice of Disconnection (ITS#9856)
* Fixed slapd delta-sync DN leak on ADD ops (ITS#9866)
* Fixed slapd replication with back-glue (ITS#9868)
* Fixed slapd lastbind replication with chaining (ITS#9863)
* Fixed slapd-ldap to correctly set authzid (ITS#9863)
* Fixed slapd-mdb to check for stale readers on
MDB_READERS_FULL (ITS#7165)
* Fixed slapd-mdb indexer task with replicated config (ITS#9858)
* Fixed slapo-accesslog onetime memory leak (ITS#9864)
* Fixed slapo-ppolicy interaction with slapo-rwm (ITS#9871)
* Fixed slapo-rwm to handle escaping special characters (ITS#9817)
* Fixed slapo-syncprov memory leaks (ITS#9867)
* Fixed slapo-syncprov fallback in delta-sync mode (ITS#9823)
* Fixed slapo-unique to not release NULL entry (ITS#8245)
* doc: Fixed ldap_get_option(3) to clarify ldap_get/set_option
restrictions (ITS#9824)
++++ patterns-base:
- Have the base pattern recommend service(network)
++++ python310-packaging:
- Setuptools itself does not depend on packaging anymore, only for
pythondistdeps.py, That dependency will move to
python-rpm-packaging soon. -- boo#1178257
- Use "setuptools" for building again.
* Python 3.12 will drop the distutils fallback
* Use the python-base vendored pip in a venv
* Drop no-legacyversion-warning.patch
- Remove nonsensical python362 flavor check.
++++ python310-pyparsing:
- Update to version 3.0.9
* Added Unicode set BasicMultilingualPlane (may also be
referenced as BMP) representing the Basic Multilingual Plane
(Unicode characters up to code point 65535). Can be used to
parse most language characters, but omits emojis, wingdings,
etc. Raised in discussion with Dave Tapley (issue #392).
* To address mypy confusion of pyparsing.Optional and
typing.Optional resulting in error: "_SpecialForm" not callable
message reported in issue #365, fixed the import in
exceptions.py. Nice sleuthing by Iwan Aucamp and Dominic
Davis-Foster, thank you! (Removed definitions of OptionalType,
DictType, and IterableType and replaced them with
typing.Optional, typing.Dict, and typing.Iterable throughout.)
* Fixed typo in jinja2 template for railroad diagrams, thanks for
the catch Nioub (issue #388).
* Removed use of deprecated pkg_resources package in railroad
diagramming code (issue #391).
* Updated bigquery_view_parser.py example to parse examples at
https://cloud.google.com/bigquery/docs/reference/legacy-sql
- Release 3.0.8
* API CHANGE: modified pyproject.toml to require Python version
3.6.8 or later for pyparsing 3.x. Earlier minor versions of 3.6
fail in evaluating the version_info class (implemented using
typing.NamedTuple). If you are using an earlier version of
Python 3.6, you will need to use pyparsing 2.4.7.
* Improved pyparsing import time by deferring regex pattern
compiles. PR submitted by Anthony Sottile to fix issue #362,
thanks!
* Updated build to use flit, PR by Michał Górny, added
BUILDING.md doc and removed old Windows build scripts - nice
cleanup work!
* More type-hinting added for all arithmetic and logical operator
methods in ParserElement. PR from Kazantcev Andrey, thank you.
* Fixed infix_notation's definitions of lpar and rpar, to accept
parse expressions such that they do not get suppressed in the
parsed results. PR submitted by Philippe Prados, nice work.
* Fixed bug in railroad diagramming with expressions containing
Combine elements. Reported by Jeremy White, thanks!
* Added show_groups argument to create_diagram to highlight
grouped elements with an unlabeled bounding box.
* Added unicode_denormalizer.py to the examples as a
demonstration of how Python's interpreter will accept Unicode
characters in identifiers, but normalizes them back to ASCII so
that identifiers print and ð•¡ð“»áµ¢ð“ƒð˜ and ð–•ð’“ð—‚ð‘›áµ— are all
equivalent.
* Removed imports of deprecated sre_constants module for catching
exceptions when compiling regular expressions. PR submitted by
Serhiy Storchaka, thank you.
- Use python-base bundled pip as frontend for flit-core
++++ python-setuptools:
- Remove dependency on packaging -- boo#1178257
- Enable ini2toml[lite] tests
++++ selinux-policy:
- Update to version 20220714. Refreshed:
* fix_init.patch
* fix_systemd_watch.patch
++++ suse-module-tools:
- Update to version 16.0.22:
* weak-modules2: only use kernel version under /run/regenerate-initrd
(boo#1201387)
++++ tpm2.0-tools:
- Disable tests in some architectures (ppc, ppc64, s390x)
------------------------------------------------------------------
------------------ 2022-7-13 - Jul 13 2022 -------------------
------------------------------------------------------------------
++++ permissions:
- Update to version 20220713:
* postfix: add postlog setgid for maildrop binary (bsc#1201385)
* libexec migration: KDE utilities now properly place their helpers
* pccardctl: installation path has finally changed to /usr/sbin
++++ file:
- Add upstream patch to fix boo#1201350
* file-boo1201350.patch which combines the commits
c80065fe6900be5e794941e29b32440e9969b1c3
7e59d34206d7c962e093d4239e5367a2cd8b7623
f042050f59bfc037677871c4d1037c33273f5213
d471022b2772071877895759f209f2c346757a4c
441ac2b15508909e82ad467960df4ac0adf9644c
++++ kernel-default:
- x86/asm/32: fix ANNOTATE_UNRET_SAFE use on 32bit (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- x86/static_call: Serialize __static_call_fixup() properly
(bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- x86/speculation: Disable RRSBA behavior (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- x86/kexec: Disable RET on kexec (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported
(bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- x86/entry: Move PUSH_AND_CLEAR_REGS() back into error_entry
(bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- x86/bugs: Add Cannon lake to RETBleed affected CPU list
(bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit 834606b
- x86/retbleed: Add fine grained Kconfig knobs (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- Update config files.
- commit 9dbc2f6
- x86/cpu/amd: Enumerate BTC_NO (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- x86/common: Stamp out the stepping madness (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- KVM: VMX: Prevent RSB underflow before vmenter (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- x86/speculation: Fill RSB on vmexit for IBRS (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- KVM: VMX: Fix IBRS handling after vmexit (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
(bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- KVM: VMX: Convert launched argument to flags (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- KVM: VMX: Flatten __vmx_vcpu_run() (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- objtool: Re-add UNWIND_HINT_{SAVE_RESTORE} (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- x86/speculation: Remove x86_spec_ctrl_mask (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- x86/speculation: Use cached host SPEC_CTRL value for guest
entry/exit (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- x86/speculation: Fix SPEC_CTRL write on SMT state change
(bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- x86/speculation: Fix firmware entry SPEC_CTRL handling
(bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n
(bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- x86/cpu/amd: Add Spectral Chicken (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- objtool: Add entry UNRET validation (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- x86/bugs: Do IBPB fallback check only once (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- x86/bugs: Add retbleed=ibpb (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- x86/xen: Add UNTRAIN_RET (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- x86/xen: Rename SYS* entry points (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- objtool: Update Retpoline validation (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- intel_idle: Disable IBRS during long idle (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- x86/bugs: Report Intel retbleed vulnerability (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- x86/bugs: Split spectre_v2_select_mitigation() and
spectre_v2_user_select_mitigation() (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- x86/speculation: Add spectre_v2=ibrs option to support Kernel
IBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- x86/bugs: Optimize SPEC_CTRL MSR writes (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- x86/entry: Add kernel IBRS implementation (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- x86/bugs: Enable STIBP for JMP2RET (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- commit 023a0b9
- x86/bugs: Add AMD retbleed= boot parameter (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- Update config files.
- commit a4a04c4
- x86/bugs: Report AMD retbleed vulnerability (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- x86: Add magic AMD return-thunk (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- objtool: Treat .text.__x86.* as noinstr (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- x86/entry: Avoid very early RET (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- x86: Use return-thunk in asm code (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- x86/sev: Avoid using __x86_return_thunk (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation
(bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- x86/kvm: Fix SETcc emulation for return thunks (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- x86/bpf: Use alternative RET encoding (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- x86/ftrace: Use alternative RET encoding (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- x86,static_call: Use alternative RET encoding (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- objtool: skip non-text sections when adding return-thunk sites
(bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- x86,objtool: Create .return_sites (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- x86: Undo return-thunk damage (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- x86/retpoline: Use -mfunction-return (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- x86/retpoline: Swizzle retpoline thunk (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- x86/retpoline: Cleanup some #ifdefery (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- x86/cpufeatures: Move RETPOLINE flags to word 11 (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- x86/kvm/vmx: Make noinstr clean (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- x86/entry: Remove skip_r11rcx (bsc#1199657 CVE-2022-29900
CVE-2022-29901).
- x86/entry: Don't call error_entry() for XENPV (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry()
(bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- x86/entry: Switch the stack after error_entry() returns
(bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- x86/traps: Use pt_regs directly in fixup_bad_iret() (bsc#1199657
CVE-2022-29900 CVE-2022-29901).
- commit bc4fd7c
- config: riscv: disable RISCV_BOOT_SPINWAIT
We now rely on the SBI HSM extension which is provided by openSBI 0.7 or
later.
- commit 8752291
- config: riscv: disable RISCV_SBI_V01
The SBI v0.1 API is obsolete.
- commit 44178e7
++++ multipath-tools:
- Update to version 0.9.0+39+suse.51a2ab1:
Upstream bug fixes:
* libmultipath: fix find_multipaths_timeout for unknown hardware
(boo#1201483)
* multipath-tools: fix "multipath -ll" for Native NVME Multipath devices
(boo#1201483)
- Update to version 0.9.0+33+suse.fdc6686
* multipath.conf: add support for "protocol" subsection in
"overrides" section to set certain config options by protocol.
* Removed the previously deprecated options getuid_callout,
config_dir, multipath_dir, pg_timeout
* hwable fixes and additions
* multipath.conf(5): add disclaimer about vendor support
* libmultipath, kpartx: fix callers of dm_get_next_target()
* Change built-in defaults for NVMe: group by prio, and immediate
failback
* Allow compilation with -D_FORTIFY_SOURCE=3
++++ ceph:
- Update to 16.2.9-536-g41a9f9a5573:
+ (bsc#1195359, bsc#1200553) rgw: check bucket shard init status in RGWRadosBILogTrimCR
+ (bsc#1194131) ceph-volume: honour osd_dmcrypt_key_size option (CVE-2021-3979)
++++ python-setuptools:
- Update to version 63.1.0
* #3430: Merge with pypa/distutils@152c13d including
pypa/distutils#155 (improved compatibility for editable
installs on homebrew Python 3.9), pypa/distutils#150 (better
handling of runtime_library_dirs on cygwin), and
pypa/distutils#151 (remove warnings for namespace packages).
- v63.0.0
* #3421: Drop setuptools' support for installing an entrypoint
extra requirements at load time:
- the functionality has been broken since v60.8.0.
- the mechanism to do so is deprecated (fetch_build_eggs).
- that use case (e.g. a custom command class entrypoint) is
covered by making sure the necessary build requirements are
declared. Documentation changes
* #3397: Fix reference for keywords to point to the Core Metadata
Specification instead of PEP 314 (the live standard is kept
always up-to-date and consolidates several PEPs together in a
single document).
- v62.6.0
* #3253: Enabled using file: for requirements in setup.cfg -- by
:user:`akx` (this feature is currently considered to be in beta
stage).
* #3255: Enabled using file: for dependencies and
optional-dependencies in pyproject.toml -- by :user:`akx` (this
feature is currently considered to be in beta stage).
* #3391: Updated attr: to also extract simple constants with type
annotations -- by :user:`karlotness`
- v62.5.0
* #3347: Changed warnings and documentation notes about
experimental aspect of pyproject.toml configuration: now
[project] is a fully supported configuration interface, but the
[tool.setuptools] table and sub-tables are still considered to
be in beta stage.
* #3383: In _distutils_hack, suppress/undo the use of local
distutils when select tests are imported in CPython.
* #3385: Modules used to parse and evaluate configuration from
pyproject.toml files are intended for internal use only and
that not part of the public API.
- v62.4.0
* #3256: Added setuptools.command.build command to match
distutils.command.build -- by :user:`isuruf`
* #3366: Merge with pypa/distutils@75ed79d including reformat
using black, fix for Cygwin support (pypa/distutils#139), and
improved support for cross compiling (pypa/distutils#144 and
pypa/distutils#145).
- v62.3.4
* #3354: Improve clarity in warning about unlisted namespace
packages.
- v62.3.3
* #3336: Modified test_setup_install_includes_dependencies to
work with custom PYTHONPATH –- by :user:`hroncok`
- v62.3.2
* #3328: Include a first line summary to some of the existing
multi-line warnings.
- v62.3.1
* #3320: Fixed typo which causes namespace_packages to raise an
error instead of warning.
- v62.3.0
* #3262: Formally added deprecation messages for
namespace_packages. The methodology that uses pkg_resources and
namespace_packages for creating namespaces was already
discouraged by the :doc:`setuptools docs
</userguide/package_discovery>` and the :doc:`Python Packaging
User Guide <PyPUG:guides/packaging-namespace-packages>`,
therefore this change just make the deprecation more official.
Users can consider migrating to native/implicit namespaces (as
introduced in PEP 420).
* #3308: Relying on include_package_data to ensure sub-packages
are automatically added to the build wheel distribution (as
"data") is now considered a deprecated practice. This behaviour
was controversial and caused inconsistencies (#3260). Instead,
projects are encouraged to properly configure packages or use
discovery tools. General information can be found in
:doc:`userguide/package_discovery`.
* #1806: Allowed recursive globs (**) in package_data. -- by
:user:`nullableVoidPtr`
* #3206: Fixed behaviour when both install_requires (in setup.py)
and dependencies (in pyproject.toml) are specified. The
configuration in pyproject.toml will take precedence over
setup.py (in accordance with PEP 621). A warning was added to
inform users.
* #3274: Updated version of vendored pyparsing to 3.0.8 to avoid
problems with upcoming deprecation in Python 3.11.
* #3292: Added warning about incompatibility with old versions of
importlib-metadata.
- v62.2.0
* #3299: Optional metadata fields are now truly optional.
Includes merge with pypa/distutils@a7cfb56 per
pypa/distutils#138.
* #3282: Added CI cache for setup.cfg examples used when testing
setuptools.config.
- v62.1.0
* #3249: Simplified package_dir obtained via auto-discovery.
- v62.0.0
* #3151: Made setup.py develop --user install to the user site
packages directory even if it is disabled in the current
interpreter.
* #3153: When resolving requirements use both canonical and
normalized names -- by :user:`ldaniluk`
* #3167: Honor unix file mode in ZipFile when installing wheel
via install_as_egg -- by :user:`delijati`
* #3088: Fixed duplicated tag with the dist-info command.
* #3247: Fixed problem preventing readme specified as dynamic in
pyproject.toml from being dynamically specified in setup.py.
- v61.3.1
* #3233: Included missing test file setupcfg_examples.txt in
sdist.
* #3233: Added script that allows developers to download
setupcfg_examples.txt prior to running tests. By caching these
files it should be possible to run the test suite offline.
- v61.3.0
* #3229: Disabled automatic download of trove-classifiers to
facilitate reproducibility.
* #3229: Updated pyproject.toml validation via validate-pyproject
v0.7.1.
* #3229: New internal tool made available for updating the code
responsible for the validation of pyproject.toml. This tool can
be executed via tox -e generate-validation-code.
- v61.2.0
* #3215: Ignored a subgroup of invalid pyproject.toml files that
use the [project] table to specify only requires-python
(transitional).
* Warning: Please note that future releases of setuptools will
halt the build process if a pyproject.toml file that does not
match the PyPA Specification
<PyPUG:specifications/declaring-project-metadata> is given.
* #3215: Updated pyproject.toml validation, as generated by
validate-pyproject==0.6.1.
* #3218: Prevented builds from erroring if the project specifies
metadata via pyproject.toml, but uses other files (e.g.
setup.py) to complement it, without setting dynamic properly.
* Important: This is a transitional behaviour. Future releases of
setuptools may simply ignore externally set metadata not backed
by dynamic or even halt the build with an error.
* #3224: Merge changes from pypa/distutils@e1d5c9b1f6
+ #3223: Fixed missing requirements with environment markers when
optional-dependencies is set in pyproject.toml.
- v61.1.1
* #3212: Fixed missing dependencies when running setup.py
install. Note that calling setup.py install directly is still
deprecated and will be removed in future versions of
setuptools. Please check the release notes for
:ref:`setup_install_deprecation_note`.
- v61.1.0
* #3206: Changed setuptools.convert_path to an internal function
that is not exposed as part of setuptools API. Future releases
of setuptools are likely to remove this function.
* #3202: Changed behaviour of auto-discovery to not explicitly
expand package_dir for flat-layouts and to not use relative
paths starting with ./.
* #3203: Prevented pyproject.toml parsing from overwriting
dist.include_package_data explicitly set in setup.py with
default value.
* #3208: Added a warning for non existing files listed with the
file directive in setup.cfg and pyproject.toml.
* #3208: Added a default value for dynamic classifiers in
pyproject.toml when files are missing and errors being ignored.
* #3211: Disabled auto-discovery when distribution class has a
configuration attribute (e.g. when the setup.py script contains
setup(..., configuration=...)). This is done to ensure
extension-only packages created with
numpy.distutils.misc_util.Configuration are not broken by the
safe guard behaviour to avoid accidental multiple top-level
packages in a flat-layout.
* Note Users that don't set packages, py_modules, or
configuration are still likely to observe the auto-discovery
behavior, which may halt the build if the project contains
multiple directories and/or multiple Python files directly
under the project root. To disable auto-discovery please
explicitly set either packages or py_modules. Alternatively you
can also configure :ref:`custom-discovery`.
- v61.0.0
* #3068: Deprecated setuptools.config.read_configuration,
setuptools.config.parse_configuration and other functions or
classes from setuptools.config.
* Users that still need to parse and process configuration from
setup.cfg can import a direct replacement from
setuptools.config.setupcfg, however this module is transitional
and might be removed in the future (the setup.cfg configuration
format itself is likely to be deprecated in the future).
* #2894: If you purposefully want to create an "empty
distribution", please be aware that some Python files (or
general folders) might be automatically detected and included.
* Projects that currently don't specify both packages and
py_modules in their configuration and contain extra folders or
Python files (not meant for distribution), might see these
files being included in the wheel archive or even experience
the build to fail.
* You can check details about the automatic discovery (and how to
configure a different behaviour) in
:doc:`/userguide/package_discovery`.
* #3067: If the file pyproject.toml exists and it includes
project metadata/config (via [project] table or
[tool.setuptools]), a series of new behaviors that are not
backward compatible may take place:
- The default value of include_package_data will be considered
to be True.
- Setuptools will attempt to validate the pyproject.toml file
according to PEP 621 specification.
- The values specified in pyproject.toml will take precedence
over those specified in setup.cfg or setup.py.
* #2887: [EXPERIMENTAL] Added automatic discovery for py_modules
and packages -- by :user:`abravalheri`.
- Setuptools will try to find these values assuming that the
package uses either the src-layout (a src directory
containing all the packages or modules), the flat-layout
(package directories directly under the project root), or the
single-module approach (an isolated Python file, directly
under the project root).
- The automatic discovery will also respect layouts that are
explicitly configured using the package_dir option.
- For backward-compatibility, this behavior will be observed
only if both py_modules and packages are not set. (Note:
specifying ext_modules might also prevent auto-discover from
taking place)
- If setuptools detects modules or packages that are not
supposed to be in the distribution, please manually set
py_modules and packages in your setup.cfg or setup.py file.
If you are using a flat-layout, you can also consider
switching to src-layout.
* #2887: [EXPERIMENTAL] Added automatic configuration for the
name metadata -- by :user:`abravalheri`.
- Setuptools will adopt the name of the top-level package (or
module in the case of single-module distributions), only when
name is not explicitly provided.
- Please note that it is not possible to automatically derive a
single name when the distribution consists of multiple
top-level packages or modules.
* #3066: Added vendored dependencies for :pypi:`tomli`,
:pypi:`validate-pyproject`.
- These dependencies are used to read pyproject.toml files and
validate them.
* #3067: [EXPERIMENTAL] When using pyproject.toml metadata, the
default value of include_package_data is changed to True.
* #3068: [EXPERIMENTAL] Add support for pyproject.toml
configuration (as introduced by PEP 621). Configuration
parameters not covered by standards are handled in the
[tool.setuptools] sub-table.
- In the future, existing setup.cfg configuration may be
automatically converted into the pyproject.toml equivalent
before taking effect (as proposed in #1688). Meanwhile users
can use automated tools like :pypi:`ini2toml` to help in the
transition.
- Please note that the legacy backend is not guaranteed to work
with pyproject.toml configuration.
* #3125: Implicit namespaces (as introduced in PEP 420) are now
considered by default during :doc:`package discovery
</userguide/package_discovery>`, when setuptools configuration
and project metadata are added to the pyproject.toml file.
- To disable this behaviour, use namespaces = False when
explicitly setting the [tool.setuptools.packages.find]
section in pyproject.toml.
- This change is backwards compatible and does not affect the
behaviour of configuration done in setup.cfg or setup.py.
* #3152: [EXPERIMENTAL] Added support for attr: and cmdclass
configurations in setup.cfg and pyproject.toml when package_dir
is implicitly found via auto-discovery.
* #3178: Postponed importing ctypes when hiding files on Windows.
This helps to prevent errors in systems that might not have
libffi installed.
* #3179: Merge with pypa/distutils@267dbd25ac
- v60.10.0
* #2971: Deprecated upload_docs command, to be removed in the
future.
* #3137: Use samefile from stdlib, supported on Windows since
Python 3.2.
* #3170: Adopt nspektr (vendored) to implement
Distribution._install_dependencies.
* #3120: Added workaround for intermittent failures of backend
tests on PyPy. These tests now are marked with XFAIL, instead
of erroring out directly.
* #3124: Improved configuration for :pypi:`rst-linker` (extension
used to build the changelog).
* #3133: Enhanced isolation of tests using virtual environments -
PYTHONPATH is not leaking to spawned subprocesses -- by
:user:`befeleme`
* #3147: Added options to provide a pre-built setuptools wheel or
sdist for being used during tests with virtual environments.
Paths for these pre-built distribution files can now be set via
the environment variables: PRE_BUILT_SETUPTOOLS_SDIST and
PRE_BUILT_SETUPTOOLS_WHEEL.
- v60.9.2
* #3035: When loading distutils from the vendored copy, rewrite
__name__ to ensure consistent importing from inside and out.
- v60.9.1
* #3102: Prevent vendored importlib_metadata from loading
distributions from older importlib_metadata.
* #3103: Fixed issue where string-based entry points would be
omitted.
* #3107: Bump importlib_metadata to 4.11.1 addressing issue with
parsing requirements in egg-info as found in PyPy.
- v60.9.0
* #2876: In the build backend, allow single config settings to be
supplied.
* #2993: Removed workaround in distutils hack for get-pip now
that pypa/get-pip#137 is closed.
* #3085: Setuptools no longer relies on pkg_resources for entry
point handling.
* #3098: Bump vendored packaging to 21.3.
* Removed bootstrap script.
* Warning: Users trying to install the unmaintained
:pypi:`pathlib` backport from PyPI/sdist/source code may find
problems when using setuptools >= 60.9.0. This happens because
during the installation, the unmaintained implementation of
pathlib is loaded and may cause compatibility problems (it does
not expose the same public API defined in the Python standard
library). Whenever possible users should avoid declaring
pathlib as a dependency. An alternative is to pre-build a wheel
for pathlib using a separated virtual environment with an older
version of setuptools and install the library directly from the
pre-built wheel.
- v60.8.2
* #3091: Make concurrent.futures import lazy in vendored
more_itertools package to a avoid importing threading as a side
effect (which caused gevent/gevent#1865). -- by
:user:`maciejp-ro`
- v60.8.1
* #3084: When vendoring jaraco packages, ensure the namespace
package is converted to a simple package to support zip
importer.
- v60.8.0
* #3085: Setuptools now vendors importlib_resources and
importlib_metadata and jaraco.text. Setuptools no longer relies
on pkg_resources for ensure_directory nor parse_requirements.
- v60.7.1
* #3072: Remove lorem_ipsum from jaraco.text when vendored.
- v60.7.0
* #3061: Vendored jaraco.text and use line processing from that
library in pkg_resources.
* #3070: Avoid AttributeError in easy_install.create_home_path
when sysconfig.get_config_vars values are not strings.
- v60.6.0
* #3043: Merge with pypa/distutils@bb018f1ac3 including
consolidated behavior in sysconfig.get_platform
(pypa/distutils#104).
* #3057: Don't include optional Home-page in metadata if no url
is specified. -- by :user:`cdce8p`
* #3062: Merge with pypa/distutils@b53a824ec3 including improved
support for lib directories on non-x64 Windows builds.
* #3054: Used Py3 syntax super().__init__() -- by
:user:`imba-tjd`
- v60.5.4
* #3009: Remove filtering of distutils warnings.
* #3031: Suppress distutils replacement when building or testing
CPython.
- v60.5.3
* #3026: Honor sysconfig variables in easy_install.
- v60.5.2
* #2993: In _distutils_hack, for get-pip, simulate existence of
setuptools.
- v60.5.1
* #2918: Correct support for Python 3 native loaders.
- v60.5.0
* #2990: Set the .origin attribute of the distutils module to the
module's __file__.
- v60.4.0
* #2839: Removed requires sorting when installing wheels as an
egg dir.
* #2953: Fixed a bug that easy install incorrectly parsed Python
3.10 version string.
* #3006: Fixed startup performance issue of Python interpreter
due to imports of costly modules in _distutils_hack -- by
:user:`tiran`
* #2862: Added integration tests that focus on building and
installing some packages in the Python ecosystem via pip -- by
:user:`abravalheri`
* #2952: Modified "vendoring" logic to keep license files.
* #2968: Improved isolation for some tests that where
inadvertently using the project root for builds, and therefore
creating directories (e.g. build, dist, *.egg-info) that could
interfere with the outcome of other tests -- by
:user:`abravalheri`.
* #2968: Introduced new test fixtures venv,
venv_without_setuptools, bare_venv that rely on the jaraco.envs
package. These new test fixtures were also used to remove the
(currently problematic) dependency on the pytest_virtualenv
plugin.
* #2968: Removed tmp_src test fixture. Previously this fixture
was copying all the files and folders under the project root,
including the .git directory, which is error prone and
increases testing time. Since tmp_src was used to populate
virtual environments (installing the version of setuptools
under test via the source tree), it was replaced by the new
setuptools_sdist and setuptools_wheel fixtures (that are build
only once per session testing and can be shared between all the
workers for read-only usage).
- v60.3.1
* #3002: Suppress AttributeError when detecting get-pip.
- v60.3.0
* #2993: In _distutils_hack, bypass the distutils exception for
pip when get-pip is being invoked, because it imports
setuptools.
* #2989: Merge with pypa/distutils@788cc159. Includes fix for
config vars missing from sysconfig.
- v60.2.0
* #2974: Setuptools now relies on the Python logging
infrastructure to log messages. Instead of using
distutils.log.*, use logging.getLogger(name).*.
* #2987: Sync with
pypa/distutils@2def21c5d74fdd2fe7996ee4030ac145a9d751bd,
including fix for missing get_versions attribute (#2969), more
reliance on sysconfig from stdlib.
* #2962: Avoid attempting to use local distutils when the
presiding version of Setuptools on the path doesn't have one.
* #2983: Restore 'add_shim' as the way to invoke the hook. Avoids
compatibility issues between different versions of Setuptools
with the distutils local implementation.
- v60.1.1
* #2980: Bypass distutils loader when setuptools module is no
longer available on sys.path.
- v60.1.0
* #2958: In distutils_hack, only add the metadata finder once. In
ensure_local_distutils, rely on a context manager for reliable
manipulation.
* #2963: Merge with pypa/distutils@a5af364910. Includes revisited
fix for pypa/distutils#15 and improved MinGW/Cygwin support
from pypa/distutils#77.
- v60.0.5
* #2960: Install schemes fall back to default scheme for headers.
- v60.0.4
* #2954: Merge with pypa/distutils@eba2bcd310. Adds platsubdir to
config vars available for substitution.
- v60.0.3
* #2940: Avoid KeyError in distutils hack when pip is imported
during ensurepip.
- v60.0.2
* #2938: Select 'posix_user' for the scheme unless falling back
to stdlib, then use 'unix_user'.
- v60.0.1
* #2944: Add support for extended install schemes in
easy_install.
- v60.0.0
* #2896: Setuptools once again makes its local copy of distutils
the default. To override, set SETUPTOOLS_USE_DISTUTILS=stdlib.
- v59.8.0
* #2935: Merge
pypa/distutils@460b59f0e68dba17e2465e8dd421bbc14b994d1f.
- v59.7.0
* #2930: Require Python 3.7
- v59.6.0
* #2925: Merge with pypa/distutils@92082ee42c including
introduction of deprecation warning on Version classes.
- v59.4.0
* #2893: Restore deprecated support for newlines in the Summary
field.
- v59.3.0
* #2906: In ensure_local_distutils, re-use DistutilsMetaFinder to
load the module. Avoids race conditions when
_distutils_system_mod is employed.
- v59.2.0
* #2875: Introduce changes from pypa/distutils@514e9d0, including
support for overrides from Debian and pkgsrc, unlocking the
possibility of making SETUPTOOLS_USE_DISTUTILS=local the
default again.
- v59.1.1
+ #2885: Fixed errors when encountering LegacyVersions.
- v59.1.0
* #2497: Update packaging to 21.2.
* #2877: Back out deprecation of setup_requires and replace
instead by a deprecation of setuptools.installer and
fetch_build_egg. Now setup_requires is still supported when
installed as part of a PEP 517 build, but is deprecated when an
unsatisfied requirement is encountered.
- v59.0.1
* #2880: Removed URL requirement for pytest-virtualenv in
setup.cfg. PyPI rejects packages with dependencies external to
itself. Instead the test dependency was overwritten via tox.ini
- v59.0.0
* #2856: Support for custom commands that inherit directly from
distutils is deprecated. Users should extend classes provided
by setuptools instead.
* #2870: Started failing on invalid inline description with line
breaks :class:`ValueError` -- by :user:`webknjaz`
* #2698: Exposed exception classes from distutils.errors via
setuptools.errors.
* #2866: Incorporate changes from pypa/distutils@f1b0a2b.
- v58.5.3
* #2849: Add fallback for custom build_py commands inheriting
directly from :mod:`distutils`, while still handling
include_package_data=True for sdist.
- v58.5.2
* #2847: Suppress 'setup.py install' warning under bdist_wheel.
- v58.5.1
* #2846: Move PkgResourcesDeprecationWarning above
implicitly-called function so that it's in the namespace when
version warnings are generated in an environment that contains
them.
- v58.5.0
* #1461: Fix inconsistency with include_package_data and
packages_data in sdist by replacing the loop breaking mechanism
between the sdist and egg_info commands -- by
:user:`abravalheri`
- v58.4.0
* #2497: Officially deprecated PEP 440 non-compliant versions.
- Refresh patches
* sort-for-reproducibility.patch
* remove_mock.patch
- Do not replace the vendored imports from .extern anymore
* Upstream vendors more packages than before and we need to avoid
buildcycles, too.
* The vendored stuff was packaged all the time.
* Update License tag for vendored stuff.
* Drop remove-more-itertools-dependency-cycle.patch
++++ selinux-policy:
- Update fix_systemd.patch to add cap sys_admin and kernel_dgram_send for
systemd_gpt_generator_t (bsc#1200911)
++++ tpm2.0-tools:
- Add patch to fix leakage of TPM simulator process
add_missing_shut_down_call_on_cleanup.patch
- Add patch to fix fapi-quote-verify[_ecc].sh test
fix_check_of_qualifying_data.patch
- Enable test execution by default
------------------------------------------------------------------
------------------ 2022-7-12 - Jul 12 2022 -------------------
------------------------------------------------------------------
++++ gpg2:
- GnuPG 2.3.7:
* CVE-2022-34903: garbled status messages could trick gpgme and
other parsers to accept faked status lines [boo#1201225]
* A number of bug fixes to the gpg command line interface
* gpgsm gained a number of new options and got some rework on
the PKCS#12 parser to support DFN issues keys
* The gpg agent got some added options and UI tweaks
* smart card support got a number of bug fixes, and improved
support for Technology Nexus cards and Yubikey
* The Telesec ESIGN application is now supported
++++ kernel-default:
- Linux 5.18.11 (bsc#1012628).
- io_uring: fix provided buffer import (bsc#1012628).
- ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD
(bsc#1012628).
- ALSA: hda/realtek: Add quirk for Clevo L140PU (bsc#1012628).
- ALSA: cs46xx: Fix missing snd_card_free() call at probe error
(bsc#1012628).
- can: bcm: use call_rcu() instead of costly synchronize_rcu()
(bsc#1012628).
- can: grcan: grcan_probe(): remove extra of_node_get()
(bsc#1012628).
- can: gs_usb: gs_usb_open/close(): fix memory leak (bsc#1012628).
- can: m_can: m_can_chip_config(): actually enable internal
timestamping (bsc#1012628).
- can: m_can: m_can_{read_fifo,echo_tx_event}(): shift timestamp
to full 32 bits (bsc#1012628).
- can: kvaser_usb: replace run-time checks with struct
kvaser_usb_driver_info (bsc#1012628).
- can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency
regression (bsc#1012628).
- can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits
(bsc#1012628).
- can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround
handling for mcp2517fd (bsc#1012628).
- can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround
broken CRC on TBC register (bsc#1012628).
- can: mcp251xfd: mcp251xfd_stop(): add missing hrtimer_cancel()
(bsc#1012628).
- bpf: Fix incorrect verifier simulation around jmp32's jeq/jne
(bsc#1012628).
- bpf: Fix insufficient bounds propagation from
adjust_scalar_min_max_vals (bsc#1012628).
- usbnet: fix memory leak in error case (bsc#1012628).
- net: rose: fix UAF bug caused by rose_t0timer_expiry
(bsc#1012628).
- net: lan966x: hardcode the number of external ports
(bsc#1012628).
- netfilter: nft_set_pipapo: release elements in clone from
abort path (bsc#1012628).
- selftests/net: fix section name when using xdp_dummy.o
(bsc#1012628).
- can: mcp251xfd: mcp251xfd_register_get_dev_id(): use correct
length to read dev_id (bsc#1012628).
- can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix endianness
conversion (bsc#1012628).
- can: rcar_canfd: Fix data transmission failed on R-Car V3U
(bsc#1012628).
- ASoC: qdsp6: q6apm-dai: unprepare stream if its already prepared
(bsc#1012628).
- MAINTAINERS: Remove iommu@lists.linux-foundation.org
(bsc#1012628).
- iommu/vt-d: Fix PCI bus rescan device hot add (bsc#1012628).
- iommu/vt-d: Fix RID2PASID setup/teardown failure (bsc#1012628).
- cxl/mbox: Use __le32 in get,set_lsa mailbox structures
(bsc#1012628).
- cxl: Fix cleanup of port devices on failure to probe driver
(bsc#1012628).
- fbdev: fbmem: Fix logo center image dx issue (bsc#1012628).
- fbmem: Check virtual screen sizes in fb_set_var() (bsc#1012628).
- fbcon: Disallow setting font bigger than screen size
(bsc#1012628).
- fbcon: Prevent that screen size is smaller than font size
(bsc#1012628).
- PM: runtime: Redefine pm_runtime_release_supplier()
(bsc#1012628).
- PM: runtime: Fix supplier device management during consumer
probe (bsc#1012628).
- memregion: Fix memregion_free() fallback definition
(bsc#1012628).
- video: of_display_timing.h: include errno.h (bsc#1012628).
- fscache: Fix invalidation/lookup race (bsc#1012628).
- fscache: Fix if condition in fscache_wait_on_volume_collision()
(bsc#1012628).
- powerpc/powernv: delay rng platform device creation until
later in boot (bsc#1012628).
- net: dsa: qca8k: reset cpu port on MTU change (bsc#1012628).
- ARM: meson: Fix refcount leak in meson_smp_prepare_cpus
(bsc#1012628).
- pinctrl: sunxi: a83t: Fix NAND function name for some pins
(bsc#1012628).
- srcu: Tighten cleanup_srcu_struct() GP checks (bsc#1012628).
- ASoC: rt711: Add endianness flag in snd_soc_component_driver
(bsc#1012628).
- ASoC: rt711-sdca: Add endianness flag in
snd_soc_component_driver (bsc#1012628).
- ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in
.set_jack_detect (bsc#1012628).
- ASoC: SOF: ipc3-topology: Move and correct size checks in
sof_ipc3_control_load_bytes() (bsc#1012628).
- ASoC: SOF: Intel: hda: Fix compressed stream position tracking
(bsc#1012628).
- arm64: dts: qcom: sm8450: fix interconnects property of UFS node
(bsc#1012628).
- arm64: dts: qcom: msm8994: Fix CPU6/7 reg values (bsc#1012628).
- arm64: dts: qcom: sdm845: use dispcc AHB clock for mdss node
(bsc#1012628).
- ARM: mxs_defconfig: Enable the framebuffer (bsc#1012628).
- arm64: dts: imx8mp-evk: correct mmc pad settings (bsc#1012628).
- arm64: dts: imx8mp-evk: correct the uart2 pinctl value
(bsc#1012628).
- arm64: dts: imx8mp-evk: correct gpio-led pad settings
(bsc#1012628).
- arm64: dts: imx8mp-evk: correct vbus pad settings (bsc#1012628).
- arm64: dts: imx8mp-evk: correct eqos pad settings (bsc#1012628).
- arm64: dts: imx8mp-evk: correct I2C5 pad settings (bsc#1012628).
- arm64: dts: imx8mp-evk: correct I2C1 pad settings (bsc#1012628).
- arm64: dts: imx8mp-evk: correct I2C3 pad settings (bsc#1012628).
- arm64: dts: imx8mp-phyboard-pollux-rdk: correct uart pad
settings (bsc#1012628).
- arm64: dts: imx8mp-phyboard-pollux-rdk: correct eqos pad
settings (bsc#1012628).
- arm64: dts: imx8mp-phyboard-pollux-rdk: correct i2c2 & mmc
settings (bsc#1012628).
- pinctrl: sunxi: sunxi_pconf_set: use correct offset
(bsc#1012628).
- arm64: dts: qcom: msm8992-*: Fix vdd_lvs1_2-supply typo
(bsc#1012628).
- ARM: at91: pm: use proper compatible for sama5d2's rtc
(bsc#1012628).
- ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt
(bsc#1012628).
- ARM: at91: pm: use proper compatibles for sama7g5's rtc and rtt
(bsc#1012628).
- ARM: dts: at91: sam9x60ek: fix eeprom compatible and size
(bsc#1012628).
- ARM: dts: at91: sama5d2_icp: fix eeprom compatibles
(bsc#1012628).
- ARM: at91: fix soc detection for SAM9X60 SiPs (bsc#1012628).
- xsk: Clear page contiguity bit when unmapping pool
(bsc#1012628).
- i2c: piix4: Fix a memory leak in the EFCH MMIO support
(bsc#1012628).
- i40e: Fix dropped jumbo frames statistics (bsc#1012628).
- i40e: Fix VF's MAC Address change on VM (bsc#1012628).
- ARM: dts: stm32: add missing usbh clock and fix clk order on
stm32mp15 (bsc#1012628).
- ibmvnic: Properly dispose of all skbs during a failover
(bsc#1012628).
- selftests: forwarding: fix flood_unicast_test when h2 supports
IFF_UNICAST_FLT (bsc#1012628).
- selftests: forwarding: fix learning_test when h1 supports
IFF_UNICAST_FLT (bsc#1012628).
- selftests: forwarding: fix error message in learning_test
(bsc#1012628).
- ACPI: CPPC: Check _OSC for flexible address space (bsc#1012628).
- ACPI: bus: Set CPPC _OSC bits for all and when CPPC_LIB is
supported (bsc#1012628).
- ACPI: CPPC: Only probe for _CPC if CPPC v2 is acked
(bsc#1012628).
- ACPI: CPPC: Don't require _OSC if X86_FEATURE_CPPC is supported
(bsc#1012628).
- net/mlx5e: Fix matchall police parameters validation
(bsc#1012628).
- mptcp: Avoid acquiring PM lock for subflow priority changes
(bsc#1012628).
- mptcp: Acquire the subflow socket lock before modifying MP_PRIO
flags (bsc#1012628).
- mptcp: fix local endpoint accounting (bsc#1012628).
- r8169: fix accessing unset transport header (bsc#1012628).
- i2c: cadence: Unregister the clk notifier in error path
(bsc#1012628).
- net/sched: act_api: Add extack to offload_act_setup() callback
(bsc#1012628).
- net/sched: act_police: Add extack messages for offload failure
(bsc#1012628).
- net/sched: act_police: allow 'continue' action offload
(bsc#1012628).
- dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (bsc#1012628).
- dmaengine: imx-sdma: only restart cyclic channel when enabled
(bsc#1012628).
- misc: rtsx_usb: fix use of dma mapped buffer for usb bulk
transfer (bsc#1012628).
- misc: rtsx_usb: use separate command and response buffers
(bsc#1012628).
- misc: rtsx_usb: set return value in rsp_buf alloc err path
(bsc#1012628).
- dmaengine: dw-axi-dmac: Fix RMW on channel suspend register
(bsc#1012628).
- dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo
(bsc#1012628).
- ida: don't use BUG_ON() for debugging (bsc#1012628).
- dmaengine: pl330: Fix lockdep warning about non-static key
(bsc#1012628).
- dmaengine: lgm: Fix an error handling path in intel_ldma_probe()
(bsc#1012628).
- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc()
correctly (bsc#1012628).
- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
(bsc#1012628).
- dmaengine: qcom: bam_dma: fix runtime PM underflow
(bsc#1012628).
- dmaengine: ti: Add missing put_device in
ti_dra7_xbar_route_allocate (bsc#1012628).
- dmaengine: idxd: force wq context cleanup on device disable path
(bsc#1012628).
- commit 0e7e901
++++ libaio:
- add fix-splice-signature.patch to fix build on 32bit
++++ libidn2:
- update to 2.3.3:
* Upgrade IDNA Tables from Unicode 11 to 12
* Upgrade TR46 Tables from Unicode 13 to 14
* Updated gnulib files and various build fixes
* Add self-check for the idn2 command line tool
++++ systemd:
- systemd.spec: add files.experimental
++++ salt:
- Fix test_ipc unit test
- Added:
* fix-test_ipc-unit-tests.patch
++++ python-M2Crypto:
- Add CVE-2020-25657-Bleichenbacher-attack.patch (CVE-2020-25657,
bsc#1178829), which mitigates the Bleichenbacher timing attacks
in the RSA decryption API.
- Add python-M2Crypto.keyring to verify GPG signature of tarball.
++++ virt-manager:
- Upstream bug fix (bsc#1027942)
d51541e1-Fix-UI-rename-with-firmware-efi.patch
- Use autosetup in spec file
------------------------------------------------------------------
------------------ 2022-7-11 - Jul 11 2022 -------------------
------------------------------------------------------------------
++++ hwdata:
- update to 0.361:
+ Updated pci, usb and vendor ids.
++++ hidapi:
- update to 0.12.0:
* libusb: improved CMake dependency on Iconv (#405) - as a result, better support for NetBSD;
* general: documentation improvements;
* general: small code cleanups/improvements;
* many windows specific fixes
- spec-cleaner cleanups
++++ libnettle:
- update to 3.8:
This release includes a couple of new features, and many
performance improvements. It adds assembly code for two more
architectures: ARM64 and S390x.
The new version is intended to be fully source and binary
compatible with Nettle-3.6. The shared library names are
libnettle.so.8.5 and libhogweed.so.6.5, with sonames
libnettle.so.8 and libhogweed.so.6.
New features:
* AES keywrap (RFC 3394), contributed by Nicolas Mora.
* SM3 hash function, contributed by Tianjia Zhang.
* New functions cbc_aes128_encrypt, cbc_aes192_encrypt,
cbc_aes256_encrypt.
On processors where AES is fast enough, e.g., x86_64 with
aesni instructions, the overhead of using Nettle's general
cbc_encrypt can be significant. The new functions can be
implemented in assembly, to do multiple blocks with reduced
per-block overhead.
Note that there's no corresponding new decrypt functions,
since the general cbc_decrypt doesn't suffer from the same
performance problem.
Bug fixes:
* Fix fat builds for x86_64 windows, these appear to never
have worked.
Optimizations:
* New ARM64 implementation of AES, GCM, Chacha, SHA1 and
SHA256, for processors supporting crypto extensions. Great
speedups, and fat builds are supported. Contributed by
Mamone Tarsha.
* New s390x implementation of AES, GCM, Chacha, memxor, SHA1,
SHA256, SHA512 and SHA3. Great speedups, and fat builds are
supported. Contributed by Mamone Tarsha.
* New PPC64 assembly for ecc modulo/redc operations,
contributed by Amitay Isaacs, Martin Schwenke and Alastair
D´Silva.
* The x86_64 AES implementation using aesni instructions has
been reorganized with one separate function per key size,
each interleaving the processing of two blocks at a time
(when the caller processes multiple blocks with each call).
This gives a modest performance improvement on some
processors.
* Rewritten and faster x86_64 poly1305 assembly.
- drop libnettle-s390x-CPACF-SHA-AES-support.patch (included in 3.8)
++++ ncurses:
- Add ncurses patch 20220709
+ lock the prescreen data consistently in newterm, etc., for the
pthreads configuration (report by Tom de Vries).
++++ nfs-utils:
- 0004-modprobe-protect-against-sysctl-errors.patch
0005-modprobe-avoid-error-messages-if-sbin-sysctl-fail.patch
Suppress any errors from /sbin/sysctl, if for example, it isn't
installed
(bsc#1200710)
++++ nghttp2:
- update to 1.48.0:
* lib: Allow server to override RFC 9218 stream priority
* lib: Add a server option to fallback to RFC 7540 priorities
* lib: Add PRIORITY_UPDATE frame support
* lib: Implement RFC 9218 extensible prioritization scheme
* lib: Do not verify host field specific characters for response field
* lib: No rfc7540 priorities
* lib: Fix stream stall when initial window size is decreased
* doc: Document how to change stream prioritization scheme
* build: Compile with libressl 3.5
* build: EXTRA_DIST: List mruby files explicitly
* build: Bump ngtcp2 and nghttp3
* build: Do not check application libraries if --enable-lib-only is given
* src: Update default TLS cipher suites
* nghttpx, h2load: Better pack UDP packets in one GSO write
* nghttpx, h2load: Quic error handling
* nghttpx, h2load: Fix QUIC performance regression
* nghttp, nghttpd, nghttpx: Add ktls support
* h2load: Send more packets without GSO per event loop
* h2load: Add ktls support
* nghttpd: Fix TLS read stall
* nghttpx: Disable RFC 7540 priorities
* nghttpx: Client always uses simpler TLS handshake
* nghttpx: Add affinity-cookie-stickiness backend parameter
* nghttpx: Fix broken session affinity
* nghttpx: Limit CONNECTION_CLOSE and Retry under server amplification limit
* integration: Go update
* integration: Add go.mod
* third-party: Bump llhttp to 75b45129db961e1fb3c56044e1b8f7721bfaee5d
* third-party: Bump libbpf to v0.8.0
* third-party: Bump mruby to 3.1.0
* third-party: Bump neverbleed based on the latest head (GH-1708)
++++ protobuf-c:
- Update to release 1.4.1
* Fixed unsigned integer overflow (GH#499)
* Avoid shifting signed values (GH#508)
- Remove 508.patch (merged)
++++ tpm2-0-tss:
- Revert "Add version the configuration file tpm2-tss-fapi.conf"
This generate whitelist problems in rpmlint.
++++ unbound:
- update to 1.16.1
* Features
- Fix #704: [FR] Statistics counter for number of outgoing UDP queries
sent; introduces 'num.query.udpout' to the 'unbound-control stats'
command.
* Bug Fixes
- makedist.sh picks up 32bit libssp-0.dll when 32bit compile.
- Fix for edns client subnet to respect not looking in its cache when
instructed to do so (e.g., prefetch).
- Merge PR #688: Rpz url notify issue.
- Note in the unbound.conf text that NOTIFY is allowed from the url:
addresses for auth and rpz zones.
- Remove unused LDNS function check for GOST Engine unloading.
- Fix for loading locally stored zones that have lines with blanks or
blanks and comments.
- Fix #663: use after free issue with edns options.
- Clarify -v flag manpage entry (#705)
- Fix test program dohclient close to use portability routine.
- Show the output of the exact .rpl run that failed with 'make test'.
- Fix for cached 0 TTL records to not trigger prefetching when
serve-expired-client-timeout is set.
- Add debug option to the mini_tdir.sh test code.
- Fix to not count cached NXDOMAIN for MAX_TARGET_NX.
- Allow fallback to the parent side when MAX_TARGET_NX is reached.
This will also allow MAX_TARGET_NX more NXDOMAINs.
- iana portlist update.
- Fix detection of libz on windows compile with static option.
- Fix compile warning for windows compile.
- Merge PR #706: NXNS fallback.
- From #706: Cached NXDOMAIN does not increase the target nx
responses.
- From #706: Don't generate parent side queries if we already
have the lame records in cache.
- From #706: When a lame address is the best choice, don't try to
generate target queries when the missing targets are all lame.
- Merge PR #671 from Petr MenÅ¡Ãk: Disable ED25519 and ED448 in FIPS
mode on openssl3.
- Merge PR #660 from Petr MenÅ¡Ãk: Sha1 runtime insecure.
- For #660: formatting, less verbose logging, add EDE information.
- Fix for correct openssl error when adding windows CA certificates to
the openssl trust store.
- Improve val_sigcrypt.c::algo_needs_missing for one loop pass.
- Reintroduce documentation and more EDE support for
val_sigcrypt.c::dnskeyset_verify_rrset_sig.
- Fix bug introduced in 'improve val_sigcrypt.c::algo_needs_missing for
one loop pass'.
- Merge PR #668 from Cristian RodrÃguez: Set IP_BIND_ADDRESS_NO_PORT on
outbound tcp sockets.
++++ selinux-policy:
- postfix: Label PID files and some helpers correctly (bsc#1197242)
++++ u-boot-rpiarm64:
- Update to 2022.07
------------------------------------------------------------------
------------------ 2022-7-10 - Jul 10 2022 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Update to 5.19-rc6
- update configs
- s390x/zfcpdump
- CRC32_S390=n
- SHA512_S390=n
- SHA1_S390=n
- SHA256_S390=n
- SHA3_256_S390=n
- SHA3_512_S390=n
- GHASH_S390=n
- AES_S390=n
- DES_S390=n
- CHACHA_S390=n
- KEXEC_FILE=n
- commit 5477bdd
------------------------------------------------------------------
------------------ 2022-7-9 - Jul 9 2022 -------------------
------------------------------------------------------------------
++++ cups:
- Move the dbus-1 system.d file to /usr (bsc#1201346)
++++ avahi:
- Move the dbus-1 system.d file to /usr (bsc#1201345)
------------------------------------------------------------------
------------------ 2022-7-8 - Jul 8 2022 -------------------
------------------------------------------------------------------
++++ librsvg:
- Replace dependency on unmaintained rust-packaging with
cargo-packaging.
++++ kdump:
- fix network-related dracut options handling for fadump case
- drop the elevator=deadline kernel option (bsc#1193211)
- fix broken URL in manpage (bsc#1187312)
++++ kernel-default:
- Linux 5.18.10 (bsc#1012628).
- xen/arm: Fix race in RB-tree based P2M accounting (bsc#1012628).
- xen-netfront: restore __skb_queue_tail() positioning in
xennet_get_responses() (bsc#1012628).
- xen/blkfront: force data bouncing when backend is untrusted
(bsc#1012628).
- xen/netfront: force data bouncing when backend is untrusted
(bsc#1012628).
- xen/netfront: fix leaking data in shared pages (bsc#1012628).
- xen/blkfront: fix leaking data in shared pages (bsc#1012628).
- hwmon: (ibmaem) don't call platform_device_del() if
platform_device_add() fails (bsc#1012628).
- net: sparx5: mdb add/del handle non-sparx5 devices
(bsc#1012628).
- net: sparx5: Add handling of host MDB entries (bsc#1012628).
- drm/fourcc: fix integer type usage in uapi header (bsc#1012628).
- platform/x86: panasonic-laptop: filter out duplicate volume
up/down/mute keypresses (bsc#1012628).
- platform/x86: panasonic-laptop: don't report duplicate
brightness key-presses (bsc#1012628).
- platform/x86: panasonic-laptop: revert "Resolve hotkey double
trigger bug" (bsc#1012628).
- platform/x86: panasonic-laptop: sort includes alphabetically
(bsc#1012628).
- platform/x86: panasonic-laptop: de-obfuscate button codes
(bsc#1012628).
- drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c
(bsc#1012628).
- drm/msm/gem: Fix error return on fence id alloc fail
(bsc#1012628).
- drm/i915/dgfx: Disable d3cold at gfx root port (bsc#1012628).
- drm/i915/gem: add missing else (bsc#1012628).
- platform/x86: ideapad-laptop: Add allow_v4_dytc module parameter
(bsc#1012628).
- drm/msm/dpu: Increment vsync_cnt before waking up userspace
(bsc#1012628).
- cifs: fix minor compile warning (bsc#1012628).
- net: tun: avoid disabling NAPI twice (bsc#1012628).
- mlxsw: spectrum_router: Fix rollback in tunnel next hop init
(bsc#1012628).
- ipv6: fix lockdep splat in in6_dump_addrs() (bsc#1012628).
- ipv6/sit: fix ipip6_tunnel_get_prl return value (bsc#1012628).
- nvmet: add a clear_ids attribute for passthru targets
(bsc#1012628).
- fanotify: refine the validation checks on non-dir inode mask
(bsc#1012628).
- tunnels: do not assume mac header is set in
skb_tunnel_check_pmtu() (bsc#1012628).
- ACPI: video: Change how we determine if brightness key-presses
are handled (bsc#1012628).
- nvmet-tcp: fix regression in data_digest calculation
(bsc#1012628).
- tcp: add a missing nf_reset_ct() in 3WHS handling (bsc#1012628).
- cpufreq: qcom-hw: Don't do lmh things without a throttle
interrupt (bsc#1012628).
- epic100: fix use after free on rmmod (bsc#1012628).
- tipc: move bc link creation back to tipc_node_create
(bsc#1012628).
- NFC: nxp-nci: Don't issue a zero length i2c_master_read()
(bsc#1012628).
- nfc: nfcmrvl: Fix irq_of_parse_and_map() return value
(bsc#1012628).
- platform/x86: ideapad-laptop: Add Ideapad 5 15ITL05 to
ideapad_dytc_v4_allow_table[] (bsc#1012628).
- platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO
resource (bsc#1012628).
- powerpc/memhotplug: Add add_pages override for PPC
(bsc#1012628).
- Update config files.
- net: dsa: felix: fix race between reading PSFP stats and port
stats (bsc#1012628).
- net: bonding: fix use-after-free after 802.3ad slave unbind
(bsc#1012628).
- selftests net: fix kselftest net fatal error (bsc#1012628).
- net: phy: ax88772a: fix lost pause advertisement configuration
(bsc#1012628).
- net: bonding: fix possible NULL deref in rlb code (bsc#1012628).
- net: asix: fix "can't send until first packet is send" issue
(bsc#1012628).
- net/sched: act_api: Notify user space if any actions were
flushed before error (bsc#1012628).
- net/dsa/hirschmann: Add missing of_node_get() in
hellcreek_led_setup() (bsc#1012628).
- netfilter: nft_dynset: restore set element counter when failing
to update (bsc#1012628).
- s390: remove unneeded 'select BUILD_BIN2C' (bsc#1012628).
- vdpa/mlx5: Update Control VQ callback information (bsc#1012628).
- lib/sbitmap: Fix invalid loop in __sbitmap_queue_get_batch()
(bsc#1012628).
- PM / devfreq: exynos-ppmu: Fix refcount leak in
of_get_devfreq_events (bsc#1012628).
- io_uring: ensure that send/sendmsg and recv/recvmsg check
sqe->ioprio (bsc#1012628).
- caif_virtio: fix race between virtio_device_ready() and
ndo_open() (bsc#1012628).
- vfs: fix copy_file_range() regression in cross-fs copies
(bsc#1012628).
- NFSv4: Add an fattr allocation to _nfs4_discover_trunking()
(bsc#1012628).
- NFSD: restore EINVAL error translation in nfsd_commit()
(bsc#1012628).
- NFS: restore module put when manager exits (bsc#1012628).
- net: ipv6: unexport __init-annotated seg6_hmac_net_init()
(bsc#1012628).
- hwmon: (occ) Prevent power cap command overwriting poll response
(bsc#1012628).
- selftests: mptcp: Initialize variables to quiet gcc 12 warnings
(bsc#1012628).
- mptcp: fix conflict with <netinet/in.h> (bsc#1012628).
- selftests: mptcp: more stable diag tests (bsc#1012628).
- mptcp: fix race on unaccepted mptcp sockets (bsc#1012628).
- usbnet: fix memory allocation in helpers (bsc#1012628).
- net: usb: asix: do not force pause frames support (bsc#1012628).
- linux/dim: Fix divide by 0 in RDMA DIM (bsc#1012628).
- RDMA/cm: Fix memory leak in ib_cm_insert_listen (bsc#1012628).
- RDMA/qedr: Fix reporting QP timeout attribute (bsc#1012628).
- net: dp83822: disable rx error interrupt (bsc#1012628).
- net: dp83822: disable false carrier interrupt (bsc#1012628).
- net: fix IFF_TX_SKB_NO_LINEAR definition (bsc#1012628).
- net: tun: stop NAPI when detaching queues (bsc#1012628).
- net: tun: unlink NAPI from device on destruction (bsc#1012628).
- net: dsa: bcm_sf2: force pause link settings (bsc#1012628).
- selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test
(bsc#1012628).
- virtio-net: fix race between ndo_open() and
virtio_device_ready() (bsc#1012628).
- net: usb: ax88179_178a: Fix packet receiving (bsc#1012628).
- net: rose: fix UAF bugs caused by timer handler (bsc#1012628).
- SUNRPC: Fix READ_PLUS crasher (bsc#1012628).
- dm raid: fix KASAN warning in raid5_add_disks (bsc#1012628).
- dm raid: fix accesses beyond end of raid member array
(bsc#1012628).
- cpufreq: amd-pstate: Add resume and suspend callbacks
(bsc#1012628).
- powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1012628).
- powerpc/book3e: Fix PUD allocation size in map_kernel_page()
(bsc#1012628).
- powerpc/prom_init: Fix kernel config grep (bsc#1012628).
- parisc/unaligned: Fix emulate_ldw() breakage (bsc#1012628).
- parisc: Fix vDSO signal breakage on 32-bit kernel (bsc#1012628).
- ceph: wait on async create before checking caps for syncfs
(bsc#1012628).
- nvdimm: Fix badblocks clear off-by-one error (bsc#1012628).
- nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA IM2P33F8ABR1
(bsc#1012628).
- nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA XPG SX6000LNP
(AKA SPECTRIX S40G) (bsc#1012628).
- s390/archrandom: simplify back to earlier design and initialize
earlier (bsc#1012628).
- net: phy: Don't trigger state machine while in suspend
(bsc#1012628).
- ipv6: take care of disable_policy when restoring routes
(bsc#1012628).
- ksmbd: use vfs_llseek instead of dereferencing NULL
(bsc#1012628).
- ksmbd: check invalid FileOffset and BeyondFinalZero in
FSCTL_ZERO_DATA (bsc#1012628).
- ksmbd: set the range of bytes to zero without extending file
size in FSCTL_ZERO_DATA (bsc#1012628).
- drm/amdgpu: To flush tlb for MMHUB of RAVEN series
(bsc#1012628).
- Revert "drm/amdgpu/display: set vblank_disable_immediate for DC"
(bsc#1012628).
- drm/amdgpu: fix adev variable used in
amdgpu_device_gpu_recover() (bsc#1012628).
- commit 97c4fd2
++++ systemd:
- Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network (bsc#1201276)
This configuration files put in these directories are read by both udevd and
systemd-networkd.
++++ tpm2-0-tss:
- Update to 3.2.0
+ Fixed
* FAPI: fix curl_url_set call
* FAPI: Fix usage of curl url (Should fix Ubuntu 22.04)
* Fix buffer upcast leading to misalignment
* Fix check whether SM3 is available
* Update git.mk to support R/O src-dir
* Fixed file descriptor leak when tcti initialization failed.
* 32 Bit builds of the integration tests.
* Primary key creation, in some cases the unique field was not
cleared before calling create primary.
* Primary keys was used for signing the object were cleared after
loading. So access e.g. to the certificate did not work.
* Primary keys created with Fapi_Create with an auth value, the
auth_value was not used in inSensitive to recreate the primary
key. Now the auth value callback is used to initialize
inSensitive.
* The not possible usage of policies for primary keys generated
with Fapi_CreatePrimary has been fixed.
* An infinite loop when parsing erroneous JSON was fixed in FAPI.
* A buffer overflow in ESAPI xor parameter obfuscation was fixed.
* Certificates could be read only once in one application The
setting the init state of the state automaton for getting
certificates was fixed.
* A double free when executing policy action was fixed.
* A leak in Fapi_Quote was fixed.
* The wrong file locking in FAPI IO was fixed.
* Enable creation of tss group and user on systems with busybox
for fapi.
* One fapi integration test did change the auth value of the
storage hierarchy.
* A leak in fapi crypto with ossl3 was fixed.
* Add initial camelia support to FAPI
* Fix tests of fapi PCR
* Fix tests of ACT functionality if not supported by pTPM
* Fix compiler (unused) warning when building without debug
logging
* Fix leaks in error cases of integration tests
* Fix memory leak after ifapi_init_primary_finish failed
* Fix double-close of stream in FAPI
* Fix segfault when ESYS_TR_NONE is passed to Esys_TR_GetName
* Fix the authorization of hierarchy objects used in policy
secret.
* Fix check of qualifying data in Fapi_VerifyQuote.
* Fix some leaks in FAPI error cases.
* Make scripts compatible with non-posix shells where test does
not know -a and -o.
* Fix usage of variable not initialized when fapi keystore is
empty.
+ Added
* Add additional IFX root CAs
* Added support for SM2, SM3 and SM4.
* Added support for OpenSSL 3.0.0.
* Added authPolicy field to the TPMU_CAPABILITIES union.
* Added actData field to the TPMU_CAPABILITIES union.
* Added TPM2_CAP_AUTH_POLICIES
* Added TPM2_CAP_ACT constants.
* Added updates to the marshalling and unmarshalling of the
TPMU_CAPABILITIES union.
* Added updated to the FAPI serializations and deserializations of
the TPMU_CAPABILITIES union and associated types.
* Add CODE_OF_CONDUCT
* tcti-mssim and tcti-swtpm gained support for UDX communication
* Missing constant for TPM2_RH_PW
+ Removed
* Removed support for OpenSSL < 1.1.0.
* Marked TPMS_ALGORITHM_DESCRIPTION and corresponding MU routines
as deprecated.
* Those were errorous typedefs that are not use and not useful. So
we will remove this with 3.3
* Marked TPM2_RS_PW as deprecated. Use TPM2_RH_PW instead.
- Update to 3.1.1
+ Fixed
* Fixed file descriptor leak when tcti initialization failed.
* Primary key creation, in some cases the unique field was not
cleared before calling create primary.
* Primary keys was used for signing the object were cleared after
loading. So access e.g. to the certificate did not work.
* Primary keys created with Fapi_Create with an auth value, the
auth_value was not used in inSensitive to recreate the primary
key. Now the auth value callback is used to initialize
inSensitive.
* The not possible usage of policies for primary keys generated
with Fapi_CreatePrimary has been fixed.
* An infinite loop when parsing erroneous JSON was fixed in FAPI.
* A buffer overflow in ESAPI xor parameter obfuscation was fixed.
* Certificates could be read only once in one application The
setting the init state of the state automaton for getting
certificates was fixed.
* A double free when executing policy action was fixed.
* A leak in Fapi_Quote was fixed.
* The wrong file locking in FAPI IO was fixed.
* One fapi integration test did change the auth value of the
storage hierarchy.
* Fix test of FAPI PCR
* Fix leaks in error cases of integration tests
* Fix segfault when ESYS_TR_NONE is passed to Esys_TR_GetName
* Fix the authorization of hierarchy objects used in policy
secret.
* Fix check of qualifying data in Fapi_VerifyQuote.
* Fix some leaks in FAPI error cases.
* Fix usage of variable not initialized when fapi keystore is
empty.
+ Added
* Add additional IFX root CAs
++++ liburing:
- add handle-eintr.patch, enable tests everywhere
++++ salt:
- Add support for gpgautoimport in zypperpkg module
- Update Salt to work with Jinja >= and <= 3.1.0 (bsc#1198744)
- Fix salt.states.file.managed() for follow_symlinks=True and test=True (bsc#1199372)
- Make Salt 3004 compatible with pyzmq >= 23.0.0 (bsc#1201082)
- Added:
* fix-jinja2-contextfuntion-base-on-version-bsc-119874.patch
* add-support-for-gpgautoimport-539.patch
* fix-62092-catch-zmq.error.zmqerror-to-set-hwm-for-zm.patch
* fix-salt.states.file.managed-for-follow_symlinks-tru.patch
++++ raspberrypi-firmware:
- Update to df569e0 (2022-07-04):
* firmware: video_decode: Stop decode on a colourspace change
See: raspberrypi/linux#5059
* firmware: video_encode: Fix subsample image alignment assert
* firmware: tc358762_DSI: Don't start the PV and DSI before the HVS
* firmware: hello_pi: Fix some build issues
See: #1728
* firmware: arm_dt: camera_auto_detect cam0 flag needs to
look at Unicam instance, not port
* firmware: platform: over-voltage Zero 2 W by two pips
See: #1723
* firmware: arm_loader_dvfs: Only add clocks to boostable list
when they have been boosted
See: #1726
* firmware: arm_dt: Try upstream DTB files if downstream absent
* firmware: arm_loader: Delay the USB controller switchover
* firmware: Fix for vc_image YUYV family to YUV422 planar conversion function
* firmware: vcgencmd display_power and camera_auto_detect fixes
* firmware: variants: Add mjpg_encode to the standard firmware image
* firmware: arm_loader_dvfs: Support CLOCK_HDMI as boostable clock
See: raspberrypi/linux#5016
* firmware: dtblob: Use a cached alias to reduce boot time
* firmware: hdmi: Reduce the number of EDID retries if hotplug is not detected
* firmware: arm_loader: Support longer file paths
See: #1720
* firmware: arm_loader_dvfs: Make arm only see its own boosts,
fixed and min clocks
* firmware: dtoverlay: Fix path rebasing and exports
* firmware: dtoverlay: Fix clang warnings
* firmware: dtoverlay: Add support for string escape sequences
See: https://forums.raspberrypi.com/viewtopic.php?t=330792
* firmware: isp: R and B order must be swapped when reading
VC_IMAGE_RGBA32 into the ISP
See: http://git/vc4/vc4/-/merge_requests/1430
++++ raspberrypi-firmware-config:
- Update to df569e0 (2022-07-04):
* firmware: video_decode: Stop decode on a colourspace change
See: raspberrypi/linux#5059
* firmware: video_encode: Fix subsample image alignment assert
* firmware: tc358762_DSI: Don't start the PV and DSI before the HVS
* firmware: hello_pi: Fix some build issues
See: #1728
* firmware: arm_dt: camera_auto_detect cam0 flag needs to
look at Unicam instance, not port
* firmware: platform: over-voltage Zero 2 W by two pips
See: #1723
* firmware: arm_loader_dvfs: Only add clocks to boostable list
when they have been boosted
See: #1726
* firmware: arm_dt: Try upstream DTB files if downstream absent
* firmware: arm_loader: Delay the USB controller switchover
* firmware: Fix for vc_image YUYV family to YUV422 planar conversion function
* firmware: vcgencmd display_power and camera_auto_detect fixes
* firmware: variants: Add mjpg_encode to the standard firmware image
* firmware: arm_loader_dvfs: Support CLOCK_HDMI as boostable clock
See: raspberrypi/linux#5016
* firmware: dtblob: Use a cached alias to reduce boot time
* firmware: hdmi: Reduce the number of EDID retries if hotplug is not detected
* firmware: arm_loader: Support longer file paths
See: #1720
* firmware: arm_loader_dvfs: Make arm only see its own boosts,
fixed and min clocks
* firmware: dtoverlay: Fix path rebasing and exports
* firmware: dtoverlay: Fix clang warnings
* firmware: dtoverlay: Add support for string escape sequences
See: https://forums.raspberrypi.com/viewtopic.php?t=330792
* firmware: isp: R and B order must be swapped when reading
VC_IMAGE_RGBA32 into the ISP
See: http://git/vc4/vc4/-/merge_requests/1430
++++ raspberrypi-firmware-config-camera:
- Update to df569e0 (2022-07-04):
* firmware: video_decode: Stop decode on a colourspace change
See: raspberrypi/linux#5059
* firmware: video_encode: Fix subsample image alignment assert
* firmware: tc358762_DSI: Don't start the PV and DSI before the HVS
* firmware: hello_pi: Fix some build issues
See: #1728
* firmware: arm_dt: camera_auto_detect cam0 flag needs to
look at Unicam instance, not port
* firmware: platform: over-voltage Zero 2 W by two pips
See: #1723
* firmware: arm_loader_dvfs: Only add clocks to boostable list
when they have been boosted
See: #1726
* firmware: arm_dt: Try upstream DTB files if downstream absent
* firmware: arm_loader: Delay the USB controller switchover
* firmware: Fix for vc_image YUYV family to YUV422 planar conversion function
* firmware: vcgencmd display_power and camera_auto_detect fixes
* firmware: variants: Add mjpg_encode to the standard firmware image
* firmware: arm_loader_dvfs: Support CLOCK_HDMI as boostable clock
See: raspberrypi/linux#5016
* firmware: dtblob: Use a cached alias to reduce boot time
* firmware: hdmi: Reduce the number of EDID retries if hotplug is not detected
* firmware: arm_loader: Support longer file paths
See: #1720
* firmware: arm_loader_dvfs: Make arm only see its own boosts,
fixed and min clocks
* firmware: dtoverlay: Fix path rebasing and exports
* firmware: dtoverlay: Fix clang warnings
* firmware: dtoverlay: Add support for string escape sequences
See: https://forums.raspberrypi.com/viewtopic.php?t=330792
* firmware: isp: R and B order must be swapped when reading
VC_IMAGE_RGBA32 into the ISP
See: http://git/vc4/vc4/-/merge_requests/1430
++++ raspberrypi-firmware-dt:
- Update to 82c39f3914 (2022-07-06):
* switch to 5.18 branch
++++ tpm2.0-tools:
- Add missing dependencies for testing.
- Add patch to properly skip getekcertificate if curl is missing
0001-tests-getekcertificate.sh-Skip-the-test-if-curl-is-n.patch
------------------------------------------------------------------
------------------ 2022-7-7 - Jul 7 2022 -------------------
------------------------------------------------------------------
++++ glib2:
- Update to version 2.73.1:
+ Remove the `-Diconv` configure option, as GLib now uses Meson’s
built-in logic for finding which iconv implementation to use.
+ Move gvdb to a Meson subproject and git submodule to avoid
duplicating its source.
+ Add `add_test_setup()` in Meson to allow GLib tests to be run
under valgrind with correct settings easily, using
`meson test --setup=valgrind`.
+ Fix deadlocks when disposing non-cancelled inotify
`GFileMonitor`s.
+ Fix `file://` requests in webkit2gtk due to incorrect xdgmime
update.
+ Fix build errors on macOS ≤10.7 for `LOCAL_PEERPID`.
+ Add new `g_atomic_int_exchange()` and
`g_atomic_pointer_exchange()` APIs.
+ Add new `GListStore:n-items` property to allow easy binding in
UIs.
+ Performance improvements for GObject construction and
destruction.
+ Use a numeric space (U+2007) for padding with some
`g_date_time_format()` placeholders.
+ Fix a slow memory leak in `GSocketClient` when using long-lived
`GCancellable`s.
++++ openssl-1_1:
- update to 1.1.1q:
* [CVE-2022-2097, bsc#1201099]
* Addresses situations where AES OCB fails to encrypt some bytes
++++ libselinux:
- Fixed initrd check in selinux-ready (bnc#1186127)
++++ libzio:
- switch to https download url
++++ openssl:
- updated to 1.1.q release
++++ patterns-base:
- Downgrade mailx to Suggests, most users don't even know what it is
and this avoids pulling in smtp_daemon.
++++ salt:
- Add support for name, pkgs and diff_attr parameters to upgrade
function for zypper and yum (bsc#1198489)
- Added:
* add-support-for-name-pkgs-and-diff_attr-parameters-t.patch
++++ suse-module-tools:
- Update to version 16.0.21:
* kernel-scriptlets: don't pass flags to weak-modules2 (bsc#1195391)
++++ tpm2.0-tools:
- Disable LTO for 5.2, to fix tpm2_makecredential with "-T none"
(bsc#1201291)
------------------------------------------------------------------
------------------ 2022-7-6 - Jul 6 2022 -------------------
------------------------------------------------------------------
++++ libnl3:
- Update to release 3.7
* route/mdb: fix buffer overflow in mdb_msg_parser()
* route/act: add NAT action
++++ open-iscsi:
- Modify SPEC file so systemd unit files are mode 644 (not 755)
(bsc#1200570)
++++ libsoup:
- Update to version 3.0.7:
+ Fix leak in SoupAuthNTLM.
+ Fix constructing SoupAuthNTLM objects.
+ Disable mutual negotiation in SoupAuthNegotiate.
+ http2:
- Do not advertise the `h2` protocool for proxy connections.
- Remove left-over headers when HTTP/1 redirects to HTTP/2.
- Handle HTTP_1_1_REQUIRED error.
- Read request bodies synchronously for sync requests.
- Properly handle server sending shut down GOAWAY.
+ tests:
- Remove dependency on Apache's PHP module.
- Depend upon Apache's http2 module.
++++ tiff:
- security update
* CVE-2022-2056 [bsc#1201176]
* CVE-2022-2057 [bsc#1201175]
* CVE-2022-2058 [bsc#1201174]
+ tiff-CVE-2022-2056,CVE-2022-2057,CVE-2022-2058.patch
++++ openssh:
- openssh-8.4p1-ssh_config_d.patch: admin overrides should take
priority (listed first) over package defaults
------------------------------------------------------------------
------------------ 2022-7-5 - Jul 5 2022 -------------------
------------------------------------------------------------------
++++ kernel-default:
- drm/aperture: Run fbdev removal before internal helpers (boo#1193472)
- commit aff8e8a
- netfilter: nf_tables: stricter validation of element data
(CVE-2022-34918 bsc#1201171).
- commit a1fda0d
++++ fmt:
- Update to release 9
* Switched to the internal floating point formatter for all
decimal presentation formats. In particular this results in
consistent rounding on all platforms and removing the
s[n]printf fallback for decimal FP formatting.
* Compile-time floating point formatting no longer requires the
header-only mode.
* Disabled automatic std::ostream insertion operator
(operator<<) discovery when fmt/ostream.h is included to
prevent ODR violations. You can get the old behavior by
defining FMT_DEPRECATED_OSTREAM.
* Added fmt::ostream_formatter that can be used to write
formatter specializations that perform formatting via
std::ostream.
* Added the fmt::streamed function that takes an object and
formats it via std::ostream.
* Added experimental std::variant formatting support.
* Added experimental std::filesystem::path formatting support.
* Added a std::thread::id formatter to fmt/std.h.
* Added support for nested specifiers to range formatting.
- Add 0001-Fix-large-shift-in-uint128_fallback.patch
0002-Use-FMT_USE_FLOAT128-instead-of-__SIZEOF_FLOAT128__.patch
0001-Make-sure-the-correct-fmod-overload-is-called.patch
++++ libjpeg-turbo:
- Add requires between baselibs
++++ protobuf-c:
- Do not build static libraries
- Run unit tests
- Explicit files and directories for includedir, so we can detect
what we actually install there
- 508.patch: fixes invalid arithmetic shift (bsc#1200908, CVE-2022-33070)
++++ libvirt:
- Update to libvirt 8.5.0
- Many incremental improvements and bug fixes, see
https://libvirt.org/news.html#v8-5-0-2022-07-01
- Drop downstream-only lxc patches. They received little interest
upstream, are difficult to maintain, and are no longer required
by the requester (SLE):
0001-Extract-stats-functions-from-the-qemu-driver.patch,
0002-lxc-implement-connectGetAllDomainStats.patch
++++ libzypp:
- Fix building with GCC 12.x release (#396)
- version 17.30.3 (22)
++++ patterns-base:
- Use pipewire as default audio server in TW.
++++ python-libvirt-python:
- Update to 8.5.0
- Add all new APIs and constants in libvirt 8.5.0
++++ wpa_supplicant:
- Add dbus-Fix-property-DebugShowKeys-and-DebugTimestamp.patch
(bsc#1201219)
++++ zypper:
- Fix building with GCC 13 (fixes #448)
- Put signing key supplying repository name in quotes.
- version 1.14.54
------------------------------------------------------------------
------------------ 2022-7-4 - Jul 4 2022 -------------------
------------------------------------------------------------------
++++ dracut:
- Update to version 057+suse.294.gaa9ea2d2:
* fix(i18n): add required includes for keymaps (bsc#1200950)
++++ glib-networking:
- Update to version 2.72.1
+ Discard empty proxy environment variables.
++++ gtk3:
- Add compatible dependency "python3-gobject-Gdk if python3-gobject"
to the typelib package for SLE and Leap (boo#1200614).
++++ kernel-default:
- fbdev: Disable sysfb device registration when removing conflicting (boo#1193472)
- commit c76a69f
- firmware: sysfb: Add sysfb_disable() helper function (boo#1193472)
- commit 6072450
- firmware: sysfb: Make sysfb_create_simplefb() return a pdev pointer (boo#1193472)
- commit 326d1c1
- Update to 5.19-rc5
- update contigs
- VIRTIO_HARDEN_NOTIFICATION=n
- commit 59940d4
++++ kernel-firmware:
- Update to version 20220622 (git commit 9ed4d42c51ac):
* amdgpu: update Yellow Carp VCN firmware
* linux-firmware: update firmware for MT7921 WiFi device
* linux-firmware: update firmware for mediatek bluetooth chip (MT7921)
* qed: update 8.59.1.0 firmware
* Link some devices that ship with the AW-CM256SM
* Add initial AzureWave AW-CM256SM NVRAM file
* Remove the Pine64 Quartz copy of the RPi NVRAM
* qca: Update firmware files for BT chip WCN6750.
* QCA: Update Bluetooth WCN685x 2.1 firmware to 2.1.0-00409
* WHENCE: add symlinks for StarFive based boards
* linux-firmware: wilc1000: update WILC1000 firmware to v15.6
* brcm: Add NVRAM file 43455 based Wifi/BT module as used on the Quartz64 Model B from Pine64. This file is based on the existing "brcm/brcmfmac43455-sdio.raspberrypi,4-model-b.txt" NVRAM file.
* iwlwifi: add new FWs from core70-87 release
* iwlwifi: update 9000-family firmwares to core70-87
- Temporary fix for incorrect symlinks for brcm in WHENCE:
brcm-symlink-fixes.diff
- Minor updates of scripts, sorting alphabetically and add version
to Provides/Obsoletes
- Update alias
++++ llvm15:
- Update to version 14.0.6.
* This release contains bug-fixes for the LLVM 14.0.0 release.
This release is API and ABI compatible with 14.0.0.
- Rebase llvm-do-not-install-static-libraries.patch.
++++ ncurses:
- Add ncurses patch 20220703
+ add consistency check in tic for u6/u7/u8/u9 and NQ capabilities.
+ use NQ to flag entries where the terminal does not support query and
response -TD
+ use ansi+enq and decid+cpr in cases where the terminal probably
supported the u6-u9 extension -TD
+ add/use apollo+vt132, xterm+alt47 -TD
- Correct offsets of patches
* ncurses-5.9-ibm327x.dif
* ncurses-6.3.dif
++++ lsof:
- Update remove-hostname.patch with the upstream version
++++ vim:
- Updated to version 9.0.0032, fixes the following problems
- fix CVE-2022-2285 - boo#1201134
- fix CVE-2022-2257 - boo#1201154
* Map functionality outside of map.c.
* Functions are global while they could be local.
* Plural messages not translated properly.
* Hare files are not recognized.
* Not all Visual Basic files are recognized.
* No support for double, dotted and dashed underlines.
* Cannot specify the variable name for "xxd -i".
* Going past the end of a menu item with only modifier.
* Returning 0 for has('patch-9.0.0') is inconsistent.
* Reading beyond the end of the line with put command.
* Signature files not detected properly.
* Reproducing memory access errors can be difficult.
* Missing part of the test override change.
* With EXITFREE defined terminal menus are not cleared.
* Comparing line pointer for 'breakindent' is not reliable.
* Accessing memory beyond the end of the line.
* Going over the end of the typahead.
* Timers test not run where possible.
* With some completion reading past end of string.
* Invalid memory access when adding word with a control character to the
internal spell word list.
* Spell test fails.
* On Solaris timer_create() exists but does not work.
* May access part of typeahead buf that isn't filled.
* Accessing beyond allocated memory when using the cmdline window in Ex mode.
* Accessing freed memory with diff put.
* The command line test is getting quite big.
* The bitmaps/vim.ico file is not in the distribution.
* Matchfuzzy test depends on path of current directory.
* <cmod> of user command does not have correct verbose value.
* In the quickfix window 'cursorline' overrules QuickFixLine highlighting.
------------------------------------------------------------------
------------------ 2022-7-3 - Jul 3 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- Update to 22.1.3
* a lot of zink fixes
* There's a bit of everything else here, including some
performance fixes for wsi/x11.
++++ Mesa-drivers:
- Update to 22.1.3
* a lot of zink fixes
* There's a bit of everything else here, including some
performance fixes for wsi/x11.
++++ glib2:
- Update to version 2.72.3
+ Bugs fixed: glgo#GNOME/Glib!1941, glgo#GNOME/Glib!2597,
glgo#GNOME/Glib!2639, glgo#GNOME/Glib!2670,
glgo#GNOME/Glib!2703, glgo#GNOME/Glib!2709,
glgo#GNOME/Glib!2720, glgo#GNOME/Glib!2750,
glgo#GNOME/Glib!2687.
++++ kernel-default:
- Linux 5.18.9 (bsc#1012628).
- clocksource/drivers/ixp4xx: Drop boardfile probe path
(bsc#1012628).
- bcache: memset on stack variables in bch_btree_check() and
bch_sectors_dirty_init() (bsc#1012628).
- hinic: Replace memcpy() with direct assignment (bsc#1012628).
- powerpc/ftrace: Remove ftrace init tramp once kernel init is
complete (bsc#1012628).
- io_uring: fix not locked access to fixed buf table
(bsc#1012628).
- commit 0e67dc1
++++ harfbuzz:
- harfbuzz 4.4.1:
+ Fix test failure with some compilers
+ Fix Telugu and Kannada kerning regression
- includes changes from 4.4.0:
+ Caching of variable fonts shaping
+ Caching of format 2 “Contextual Substitution†and “Chained
Contexts Substitution†lookups
+ Improved ANSI output from hb-view
+ Support for shaping legacy, pre-OpenType, Windows 3.1-era,
Arabic fonts that relied on a fixed PUA encoding
+ Sinhala script is now shaped by the USE shaper instead of
“indic†one
+ Thai shaper improvements
+ hb-ot-name API supports approximate BCP-47 language matching,
for example asking for “en_US†in a font that has only “enâ€
names will return them
+ Optimized TrueType glyph shape loading
+ Fix subsetting of HarfBuzz faces created via
hb_face_create_for_tables()
+ Add 32 bit var store support to the subsetter
+ CVE-2022-33068: overflow in hb-ot-shape-fallback boo#1200900
++++ pango:
- Update to version 1.50.8:
+ Add some properties to fontmap and family.
+ Fix handling of ligature carets in mixed directions.
++++ protobuf:
- Update to 21.2:
- C++
- cmake: Call get_filename_component() with DIRECTORY mode instead of PATH mode (#9614)
- Escape GetObject macro inside protoc-generated code (#9739)
- Update CMake configuration to add a dependency on Abseil (#9793)
- Fix cmake install targets (#9822)
- Use __constinit only in GCC 12.2 and up (#9936)
- Java
- Update protobuf_version.bzl to separate protoc and per-language java … (#9900)
- Python
- Increment python major version to 4 in version.json for python upb (#9926)
- The C extension module for Python has been rewritten to use the upb library.
- This is expected to deliver significant performance benefits, especially when
parsing large payloads. There are some minor breaking changes, but these
should not impact most users. For more information see:
https://developers.google.com/protocol-buffers/docs/news/2022-05-06#python-updates
- PHP
- [PHP] fix PHP build system (#9571)
- Fix building packaged PHP extension (#9727)
- fix: reserve "ReadOnly" keyword for PHP 8.1 and add compatibility (#9633)
- fix: phpdoc syntax for repeatedfield parameters (#9784)
- fix: phpdoc for repeatedfield (#9783)
- Change enum string name for reserved words (#9780)
- chore: [PHP] fix phpdoc for MapField keys (#9536)
- Fixed PHP SEGV by not writing to shared memory for zend_class_entry. (#9996)
- Ruby
- Allow pre-compiled binaries for ruby 3.1.0 (#9566)
- Implement respond_to? in RubyMessage (#9677)
- [Ruby] Fix RepeatedField#last, #first inconsistencies (#9722)
- Do not use range based UTF-8 validation in truffleruby (#9769)
- Improve range handling logic of RepeatedField (#9799)
- Other
- Fix invalid dependency manifest when using descriptor_set_out (#9647)
- Remove duplicate java generated code (#9909)
++++ u-boot-rpiarm64:
- Update to 2022.07-rc6
- Drop obsolete 0015-mx6qsabrelite-Enable-DM_ETH-to-re-e.patch
- Add rbrom command to enter mask rom on Rockchip devices
+ 0015-cmd-boot-add-brom-cmd-to-reboot-to-.patch
- Add rbrom command to enter mask rom on Allwinner devices
+ 0016-cmd-boot-add-brom-cmd-to-reboot-to-.patch
- ATF is required to boot rk3399. Do not build without it (boo#1201120).
------------------------------------------------------------------
------------------ 2022-7-2 - Jul 2 2022 -------------------
------------------------------------------------------------------
++++ zlib:
- switch to https urls
------------------------------------------------------------------
------------------ 2022-7-1 - Jul 1 2022 -------------------
------------------------------------------------------------------
++++ kernel-default:
- tick/nohz: unexport __init-annotated tick_nohz_full_setup()
(tick_nohz_full_setup fix).
- commit 296483f
++++ libseccomp:
- fix build of python3 bindings so that the debug* package names do
not overlay with the main package
++++ sqlite3:
- update to 3.39.0:
* Add (long overdue) support for RIGHT and FULL OUTER JOIN
* Add new binary comparison operators IS NOT DISTINCT FROM and
IS DISTINCT FROM that are equivalent to IS and IS NOT,
respective, for compatibility with PostgreSQL and SQL standards
* Add a new return code (value "3") from the sqlite3_vtab_distinct()
interface that indicates a query that has both DISTINCT and
ORDER BY clauses
* Added the sqlite3_db_name() interface
* The unix os interface resolves all symbolic links in database
filenames to create a canonical name for the database before
the file is opened
* Defer materializing views until the materialization is actually
needed, thus avoiding unnecessary work if the materialization
turns out to never be used
* The HAVING clause of a SELECT statement is now allowed on any
aggregate query, even queries that do not have a GROUP BY
clause
* Many microoptimizations collectively reduce CPU cycles by about
2.3%.
- drop sqlite-src-3380100-atof1.patch, included upstream
- add sqlite-src-3390000-func7-pg-181.patch to skip float precision
related test failures on 32 bit
++++ podman:
- Fix build on Leap
Use libexec macro to set correct, per-distribution specific, directory.
++++ qemu:
- Fix usb ehci boot failure (bsc#1192115)
* Patches added:
hw-usb-hcd-ehci-fix-writeback-order.patch
------------------------------------------------------------------
------------------ 2022-6-30 - Jun 30 2022 -------------------
------------------------------------------------------------------
++++ kmod:
- Update to release 30
* libkmod: support for the SM3 hash algorithm
* modprobe: added the --wait option
- Drop libkmod-Provide-info-even-for-modules-built-into-the.patch
(merged)
- Add 0001-testsuite-repair-read-of-uninitialized-memory.patch
++++ wayland:
- Update to release 1.21
* This new release adds a new wl_pointer high-resolution scroll
event, adds a few new convenience functions, and contains a
collection of bug fixes.
- Drop wayland-shm-Close-file-descriptors-not-needed.patch
++++ python-idna:
- add version constraint for python-rpm-macros >= 20220106.80d3756,
otherwise this fails to build on 15.3 at '%pyunittest discover -v'
------------------------------------------------------------------
------------------ 2022-6-29 - Jun 29 2022 -------------------
------------------------------------------------------------------
++++ conmon:
- Update to version 2.1.2:
* add log-global-size-max option to limit the total output conmon processes (CVE-2022-1708 boo#1200285)
* journald: print tag and name if both are specified
* drop some logs to debug level
++++ docker:
- Backport <https://github.com/containerd/fifo/pull/32> to fix a crash-on-start
issue with dockerd. bsc#1200022
+ 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch
++++ gnutls:
- FIPS:
* Add gnutls_ECDSA_signing.patch [bsc#1190698]
- Check minimum keylength for symmetric key generation
- Only allows ECDSA signature with valid set of hashes
(SHA2 and SHA3)
++++ kernel-default:
- Linux 5.18.8 (bsc#1012628).
- random: schedule mix_interrupt_randomness() less often
(bsc#1012628).
- random: quiet urandom warning ratelimit suppression message
(bsc#1012628).
- ALSA: memalloc: Drop x86-specific hack for WC allocations
(bsc#1012628).
- ALSA: hda/via: Fix missing beep setup (bsc#1012628).
- ALSA: hda/conexant: Fix missing beep setup (bsc#1012628).
- ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop
(bsc#1012628).
- ALSA: hda/realtek - ALC897 headset MIC no sound (bsc#1012628).
- ALSA: hda/realtek: Apply fixup for Lenovo Yoga Duet 7 properly
(bsc#1012628).
- ALSA: hda/realtek: Add quirk for Clevo PD70PNT (bsc#1012628).
- ALSA: hda/realtek: Add quirk for Clevo NS50PU (bsc#1012628).
- net: openvswitch: fix parsing of nw_proto for IPv6 fragments
(bsc#1012628).
- ipv4: ping: fix bind address validity check (bsc#1012628).
- 9p: Fix refcounting during full path walks for fid lookups
(bsc#1012628).
- 9p: fix fid refcount leak in v9fs_vfs_atomic_open_dotl
(bsc#1012628).
- 9p: fix fid refcount leak in v9fs_vfs_get_link (bsc#1012628).
- 9p: fix EBADF errors in cached mode (bsc#1012628).
- btrfs: fix hang during unmount when block group reclaim task
is running (bsc#1012628).
- btrfs: prevent remounting to v1 space cache for subpage mount
(bsc#1012628).
- btrfs: add error messages to all unrecognized mount options
(bsc#1012628).
- scsi: ibmvfc: Store vhost pointer during subcrq allocation
(bsc#1012628).
- scsi: ibmvfc: Allocate/free queue resource only during
probe/remove (bsc#1012628).
- mmc: sdhci-pci-o2micro: Fix card detect by dealing with
debouncing (bsc#1012628).
- mmc: mediatek: wait dma stop bit reset to 0 (bsc#1012628).
- xen/gntdev: Avoid blocking in unmap_grant_pages() (bsc#1012628).
- MAINTAINERS: Add new IOMMU development mailing list
(bsc#1012628).
- mtd: rawnand: gpmi: Fix setting busy timeout setting
(bsc#1012628).
- ata: libata: add qc->flags in ata_qc_complete_template
tracepoint (bsc#1012628).
- dm era: commit metadata in postsuspend after worker stops
(bsc#1012628).
- dm: do not return early from dm_io_complete if BLK_STS_AGAIN
without polling (bsc#1012628).
- dm mirror log: clear log bits up to BITS_PER_LONG boundary
(bsc#1012628).
- tracing/kprobes: Check whether get_kretprobe() returns NULL
in kretprobe_dispatcher() (bsc#1012628).
- filemap: Handle sibling entries in filemap_get_read_batch()
(bsc#1012628).
- mm/slub: add missing TID updates on slab deactivation
(bsc#1012628).
- drm/i915: Implement w/a 22010492432 for adl-s (bsc#1012628).
- amd/display/dc: Fix COLOR_ENCODING and COLOR_RANGE doing
nothing for DCN20+ (bsc#1012628).
- drm/amd/display: Fix typo in override_lane_settings
(bsc#1012628).
- USB: serial: pl2303: add support for more HXN (G) types
(bsc#1012628).
- USB: serial: option: add Telit LE910Cx 0x1250 composition
(bsc#1012628).
- USB: serial: option: add Quectel EM05-G modem (bsc#1012628).
- USB: serial: option: add Quectel RM500K module support
(bsc#1012628).
- drm/msm: Ensure mmap offset is initialized (bsc#1012628).
- drm/msm: Fix double pm_runtime_disable() call (bsc#1012628).
- netfilter: use get_random_u32 instead of prandom (bsc#1012628).
- scsi: scsi_debug: Fix zone transition to full condition
(bsc#1012628).
- drm/msm: Switch ordering of runpm put vs devfreq_idle
(bsc#1012628).
- scsi: iscsi: Exclude zero from the endpoint ID range
(bsc#1012628).
- xsk: Fix generic transmit when completion queue reservation
fails (bsc#1012628).
- drm/msm: use for_each_sgtable_sg to iterate over scatterlist
(bsc#1012628).
- bpf: Fix request_sock leak in sk lookup helpers (bsc#1012628).
- drm/sun4i: Fix crash during suspend after component bind failure
(bsc#1012628).
- bpf, x86: Fix tail call count offset calculation on bpf2bpf call
(bsc#1012628).
- selftests dma: fix compile error for dma_map_benchmark
(bsc#1012628).
- scsi: storvsc: Correct reporting of Hyper-V I/O size limits
(bsc#1012628).
- phy: aquantia: Fix AN when higher speeds than 1G are not
advertised (bsc#1012628).
- KVM: arm64: Prevent kmemleak from accessing pKVM memory
(bsc#1012628).
- net: fix data-race in dev_isalive() (bsc#1012628).
- veth: Add updating of trans_start (bsc#1012628).
- tipc: fix use-after-free Read in tipc_named_reinit
(bsc#1012628).
- block: disable the elevator int del_gendisk (bsc#1012628).
- rethook: Reject getting a rethook if RCU is not watching
(bsc#1012628).
- igb: fix a use-after-free issue in igb_clean_tx_ring
(bsc#1012628).
- bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers
(bsc#1012628).
- ethtool: Fix get module eeprom fallback (bsc#1012628).
- net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit
platforms (bsc#1012628).
- drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf
(bsc#1012628).
- drm/msm/dp: check core_initialized before disable interrupts
at dp_display_unbind() (bsc#1012628).
- drm/msm/dp: force link training for display resolution change
(bsc#1012628).
- net: phy: at803x: fix NULL pointer dereference on AR9331 PHY
(bsc#1012628).
- perf test: Record only user callchains on the "Check Arm64
callgraphs are complete in fp mode" test (bsc#1012628).
- perf test topology: Use !strncmp(right platform) to fix guest
PPC comparision check (bsc#1012628).
- perf arm-spe: Don't set data source if it's not a memory
operation (bsc#1012628).
- ipv4: fix bind address validity regression tests (bsc#1012628).
- erspan: do not assume transport header is always set
(bsc#1012628).
- net/tls: fix tls_sk_proto_close executed repeatedly
(bsc#1012628).
- udmabuf: add back sanity check (bsc#1012628).
- selftests: netfilter: correct PKTGEN_SCRIPT_PATHS in
nft_concat_range.sh (bsc#1012628).
- netfilter: nf_dup_netdev: do not push mac header a second time
(bsc#1012628).
- netfilter: nf_dup_netdev: add and use recursion counter
(bsc#1012628).
- xen-blkfront: Handle NULL gendisk (bsc#1012628).
- x86/xen: Remove undefined behavior in setup_features()
(bsc#1012628).
- MIPS: Remove repetitive increase irq_err_count (bsc#1012628).
- afs: Fix dynamic root getattr (bsc#1012628).
- block: pop cached rq before potentially blocking
rq_qos_throttle() (bsc#1012628).
- ice: ignore protocol field in GTP offload (bsc#1012628).
- ice: Fix switchdev rules book keeping (bsc#1012628).
- ice: ethtool: advertise 1000M speeds properly (bsc#1012628).
- ice: ethtool: Prohibit improper channel config for DCB
(bsc#1012628).
- io_uring: fail links when poll fails (bsc#1012628).
- regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask
chips (bsc#1012628).
- regmap-irq: Fix offset/index mismatch in read_sub_irq_data()
(bsc#1012628).
- iommu/ipmmu-vmsa: Fix compatible for rcar-gen4 (bsc#1012628).
- drm/amd: Revert "drm/amd/display: keep eDP Vdd on when eDP
stream is already enabled" (bsc#1012628).
- net: dsa: qca8k: reduce mgmt ethernet timeout (bsc#1012628).
- igb: Make DMA faster when CPU is active on the PCIe link
(bsc#1012628).
- virtio_net: fix xdp_rxq_info bug after suspend/resume
(bsc#1012628).
- Revert "net/tls: fix tls_sk_proto_close executed repeatedly"
(bsc#1012628).
- sock: redo the psock vs ULP protection check (bsc#1012628).
- nvme: move the Samsung X5 quirk entry to the core quirks
(bsc#1012628).
- gpio: winbond: Fix error code in winbond_gpio_get()
(bsc#1012628).
- s390/cpumf: Handle events cycles and instructions identical
(bsc#1012628).
- filemap: Fix serialization adding transparent huge pages to
page cache (bsc#1012628).
- KVM: SEV: Init target VMCBs in sev_migrate_from (bsc#1012628).
- iio: mma8452: fix probe fail when device tree compatible is used
(bsc#1012628).
- iio: magnetometer: yas530: Fix memchr_inv() misuse
(bsc#1012628).
- iio: adc: xilinx-ams: fix return error variable (bsc#1012628).
- iio: adc: vf610: fix conversion mode sysfs node name
(bsc#1012628).
- io_uring: make apoll_events a __poll_t (bsc#1012628).
- io_uring: fix req->apoll_events (bsc#1012628).
- usb: typec: wcove: Drop wrong dependency to INTEL_SOC_PMIC
(bsc#1012628).
- io_uring: fix wrong arm_poll error handling (bsc#1012628).
- vmcore: convert copy_oldmem_page() to take an iov_iter
(bsc#1012628).
- s390/crash: add missing iterator advance in copy_oldmem_page()
(bsc#1012628).
- s390/crash: make copy_oldmem_page() return number of bytes
copied (bsc#1012628).
- xhci: turn off port power in shutdown (bsc#1012628).
- xhci-pci: Allow host runtime PM as default for Intel Raptor
Lake xHCI (bsc#1012628).
- xhci-pci: Allow host runtime PM as default for Intel Meteor
Lake xHCI (bsc#1012628).
- usb: gadget: uvc: fix list double add in uvcg_video_pump
(bsc#1012628).
- usb: gadget: Fix non-unique driver names in raw-gadget driver
(bsc#1012628).
- USB: gadget: Fix double-free bug in raw_gadget driver
(bsc#1012628).
- usb: chipidea: udc: check request status before setting device
address (bsc#1012628).
- dt-bindings: usb: ohci: Increase the number of PHYs
(bsc#1012628).
- dt-bindings: usb: ehci: Increase the number of PHYs
(bsc#1012628).
- btrfs: fix race between reflinking and ordered extent completion
(bsc#1012628).
- btrfs: don't set lock_owner when locking extent buffer for
reading (bsc#1012628).
- btrfs: fix deadlock with fsync+fiemap+transaction commit
(bsc#1012628).
- f2fs: attach inline_data after setting compression
(bsc#1012628).
- f2fs: fix iostat related lock protection (bsc#1012628).
- f2fs: do not count ENOENT for error case (bsc#1012628).
- iio:humidity:hts221: rearrange iio trigger get and register
(bsc#1012628).
- iio:proximity:sx9324: Check ret value of
device_property_read_u32_array() (bsc#1012628).
- iio:chemical:ccs811: rearrange iio trigger get and register
(bsc#1012628).
- iio:accel:kxcjk-1013: rearrange iio trigger get and register
(bsc#1012628).
- iio:accel:bma180: rearrange iio trigger get and register
(bsc#1012628).
- iio:accel:mxc4005: rearrange iio trigger get and register
(bsc#1012628).
- iio: accel: mma8452: ignore the return value of reset operation
(bsc#1012628).
- iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up()
(bsc#1012628).
- iio: trigger: sysfs: fix use-after-free on remove (bsc#1012628).
- iio: adc: stm32: fix maximum clock rate for stm32mp15x
(bsc#1012628).
- iio: imu: inv_icm42600: Fix broken icm42600 (chip id 0 value)
(bsc#1012628).
- iio: afe: rescale: Fix boolean logic bug (bsc#1012628).
- iio: test: fix missing MODULE_LICENSE for IIO_RESCALE=m
(bsc#1012628).
- iio: adc: aspeed: Fix refcount leak in aspeed_adc_set_trim_data
(bsc#1012628).
- iio: adc: stm32: Fix ADCs iteration in irq handler
(bsc#1012628).
- iio: adc: stm32: Fix IRQs on STM32F4 by removing custom spurious
IRQs message (bsc#1012628).
- iio: adc: stm32: fix vrefint wrong calibration value handling
(bsc#1012628).
- iio: adc: axp288: Override TS pin bias current for some models
(bsc#1012628).
- iio: adc: rzg2l_adc: add missing fwnode_handle_put() in
rzg2l_adc_parse_properties() (bsc#1012628).
- iio: adc: adi-axi-adc: Fix refcount leak in
adi_axi_adc_attach_client (bsc#1012628).
- iio: adc: ti-ads131e08: add missing fwnode_handle_put() in
ads131e08_alloc_channels() (bsc#1012628).
- xtensa: xtfpga: Fix refcount leak bug in setup (bsc#1012628).
- xtensa: Fix refcount leak bug in time.c (bsc#1012628).
- parisc/stifb: Fix fb_is_primary_device() only available with
CONFIG_FB_STI (bsc#1012628).
- parisc: Fix flush_anon_page on PA8800/PA8900 (bsc#1012628).
- parisc: Enable ARCH_HAS_STRICT_MODULE_RWX (bsc#1012628).
- arm64: dts: ti: k3-j721s2: Fix overlapping GICD memory region
(bsc#1012628).
- powerpc/microwatt: wire up rng during setup_arch()
(bsc#1012628).
- powerpc: Enable execve syscall exit tracepoint (bsc#1012628).
- powerpc/rtas: Allow ibm,platform-dump RTAS call with null
buffer address (bsc#1012628).
- powerpc/powernv: wire up rng during setup_arch (bsc#1012628).
- mm/memory-failure: disable unpoison once hw error happens
(bsc#1012628).
- mm: lru_cache_disable: use synchronize_rcu_expedited
(bsc#1012628).
- ARM: dts: imx7: Move hsic_phy power domain to HSIC PHY node
(bsc#1012628).
- ARM: dts: imx6qdl: correct PU regulator ramp delay
(bsc#1012628).
- arm64: dts: ti: k3-am64-main: Remove support for HS400 speed
mode (bsc#1012628).
- ARM: exynos: Fix refcount leak in exynos_map_pmu (bsc#1012628).
- arm64: dts: exynos: Correct UART clocks on Exynos7885
(bsc#1012628).
- soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in
brcmstb_pm_probe (bsc#1012628).
- ARM: Fix refcount leak in axxia_boot_secondary (bsc#1012628).
- memory: mtk-smi: add missing put_device() call in
mtk_smi_device_link_common (bsc#1012628).
- memory: samsung: exynos5422-dmc: Fix refcount leak in
of_get_dram_timings (bsc#1012628).
- ARM: cns3xxx: Fix refcount leak in cns3xxx_init (bsc#1012628).
- modpost: fix section mismatch check for exported init/exit
sections (bsc#1012628).
- ARM: dts: bcm2711-rpi-400: Fix GPIO line names (bsc#1012628).
- smb3: fix empty netname context on secondary channels
(bsc#1012628).
- random: update comment from copy_to_user() -> copy_to_iter()
(bsc#1012628).
- perf build-id: Fix caching files with a wrong build ID
(bsc#1012628).
- smb3: use netname when available on secondary channels
(bsc#1012628).
- dma-direct: use the correct size for dma_set_encrypted()
(bsc#1012628).
- kbuild: link vmlinux only once for CONFIG_TRIM_UNUSED_KSYMS
(2nd attempt) (bsc#1012628).
- powerpc/pseries: wire up rng during setup_arch() (bsc#1012628).
- commit 4e30480
++++ gcc12:
- Update to gcc-12 branch head, 7811663964aa7e31c3939b859bb, git215
* includes libgomp mold linker detection fix
* includes nvptx offload compiler build fix
* includes s390x tsan executable stack fix
++++ libseccomp:
- Use multibuild to get python3 support back
++++ liburing:
- enable tests for != ppc64le
++++ python-requests:
- rebased requests-no-hardcoded-version.patch
- update to 2.28.1
* 2.28.1 (2022-06-29)
- Improvements
+ Speed optimization in iter_content with transition to yield from. (#6170)
- Dependencies
+ Added support for chardet 5.0.0 (#6179)
+ Added support for charset-normalizer 2.1.0 (#6169)
* 2.28.0 (2022-06-09)
- Deprecations
+ warning Requests has officially dropped support for Python 2.7. warning (#6091)
+ Requests has officially dropped support for Python 3.6 (including pypy3.6). (#6091)
- Improvements
+ Wrap JSON parsing issues in Request's JSONDecodeError for payloads
without an encoding to make json() API consistent. (#6097)
+ Parse header components consistently, raising an InvalidHeader error in all invalid cases. (#6154)
+ Added provisional 3.11 support with current beta build. (#6155)
+ Requests got a makeover and we decided to paint it black. (#6095)
- Bugfixes
+ Fixed bug where setting CURL_CA_BUNDLE to an empty string would disable
cert verification. All Requests 2.x versions before 2.28.0 are affected. (#6074)
+ Fixed urllib3 exception leak, wrapping urllib3.exceptions.SSLError with
requests.exceptions.SSLError for content and iter_content. (#6057)
+ Fixed issue where invalid Windows registry entires caused proxy resolution
to raise an exception rather than ignoring the entry. (#6149)
+ Fixed issue where entire payload could be included in the error
message for JSONDecodeError. (#6036)
------------------------------------------------------------------
------------------ 2022-6-28 - Jun 28 2022 -------------------
------------------------------------------------------------------
++++ apparmor:
- update zgrep-profile-mr870.diff: allow zgrep to execute egrep and fgrep
(poo#113108)
++++ libapparmor:
- update zgrep-profile-mr870.diff: allow zgrep to execute egrep and fgrep
(poo#113108)
++++ openssl-1_1:
- openssl-riscv64-config.patch: backport of riscv64 config support
++++ liburing:
- update to 2.2:
* Support non-libc builds.
* Optimized syscall handling for x86-64/x86/aarch64.
* Enable non-lib function calls for fast path functions.
* Add support for multishot accept.
* io_uring_register_files() will set RLIMIT_NOFILE if necessary.
* Add support for registered ring fds, io_uring_register_ring_fd(),
reducingthe overhead of an io_uring_enter() system call.
* Add support for the message ring opcode.
* Add support for newer request cancelation features.
* Add support for IORING_SETUP_COOP_TASKRUN, which can help reduce the
overhead of io_uring in general. Most applications should set this flag,
see the io_uring_setup.2 man page for details.
* Add support for registering a sparse buffer and file set.
* Add support for a new buffer provide scheme, see
io_uring_register_buf_ring.3 for details.
* Add io_uring_submit_and_wait_timeout() for submitting IO and waiting
for completions with a timeout.
* Add io_uring_prep_{read,write}v2 prep helpers.
* Add io_uring_prep_close_direct() helper.
* Add support for SQE128 and CQE32, which are doubly sized SQE and CQE
rings. This is needed for some cases of the new IORING_OP_URING_CMD,
notably for NVMe passthrough.
* ~5500 lines of man page additions, including adding ~90 new man pages.
* Synced with the 5.19 kernel release, supporting all the features of
5.19 and earlier.
* 24 new regression test cases, and ~7000 lines of new tests in general.
* General optimizations and fixes.
++++ salt:
- Fix ownership of salt thin directory when using the Salt Bundle
- Set default target for pip from VENV_PIP_TARGET environment variable
- Normalize package names once with pkg.installed/removed using yum (bsc#1195895)
- Save log to logfile with docker.build
- Use Salt Bundle in dockermod
- Ignore erros on reading license files with dpkg_lowpkg (bsc#1197288)
- Added:
* normalize-package-names-once-with-pkg.installed-remo.patch
* use-salt-bundle-in-dockermod.patch
* fix-ownership-of-salt-thin-directory-when-using-the-.patch
* ignore-erros-on-reading-license-files-with-dpkg_lowp.patch
* set-default-target-for-pip-from-venv_pip_target-envi.patch
* save-log-to-logfile-with-docker.build.patch
++++ python-pyzmq:
- Update to 23.2.0
* Use zmq.Event enums in parse_monitor_message for nicer reprs
* Fix building bundled libzmq with ZMQ_DRAFT_API=1
* Fix subclassing zmq.Context with additional arguments in the
constructor. Subclasses may now have full control over the
signature, rather than purely adding keyword-only arguments
* Typos and other small fixes
- Release 23.1.0
* Fix global name of zmq.EVENT_HANDSHAKE_* constants
* Fix constants missing when using import zmq.green as zmq
* {func}zmq.utils.monitor.recv_monitor_msg now supports async
Sockets.
- Release 23.0.0
* all zmq constants are now available as Python enums (e.g.
zmq.SocketType.PULL, zmq.SocketOption.IDENTITY), generated
statically from zmq.h instead of at compile-time. This means
that checks for the presence of a constant (hasattr(zmq,
'RADIO')) is not a valid check for the presence of a feature.
This practice has never been robust, but it may have worked
sometimes. Use direct checks via e.g. {func}zmq.has or
{func}zmq.zmq_version_info.
* A bit more type coverage of Context.term and Context.socket
* Remove all use of deprecated stdlib distutils
* Update to Cython 0.29.30 (required for Python 3.11
compatibility)
* Compatibility with Python 3.11.0b1
* Switch to myst for docs
* Deprecate zmq.utils.strtypes, now unused
* Updates to autoformatting, linting
- Drop less-flaky.patch: pytest-rerunfailures without the flaky
package can handle it.
- Fix rpmlint errors
* no-dependency-on python-base 3.X: depend on python(abi) = 3.X
* unused-rpmlintrc-filter: Was unflavored, not required with the
above -- drop rpmlintc
* spurious-executable-perm: fix by chmod -x
* obsolete-suse-version-check 1000. This package is not branched
into any project for the maintenance of other distributions
++++ shim:
- Update to 15.6 (bsc#1198458)
- shim-15.6.tar.bz2 is downloaded from bsc#1198458#c76
which is from upstream grub2.cve_2021_3695.ms keybase channel.
- For building 15.6~rc1 aarch64 image (d6eb9c6 Modernize aarch64), objcopy needs to
support efi-app-aarch64 target. So we need the following patches in bintuils:
- binutils-AArch64-Add-support-for-AArch64-EFI-efi-aarch64.patch
b69c9d41e8 AArch64: Add support for AArch64 EFI (efi-*-aarch64).
- binutils-Re-AArch64-Add-support-for-AArch64-EFI-efi-aarch64.patch
32384aa396 Re: AArch64: Add support for AArch64 EFI (efi-*-aarch64)
- binutils-Re-Add-support-for-AArch64-EFI-efi-aarch64.patch
d91c67e873 Re: Add support for AArch64 EFI (efi-*-aarch64)
- Patches (git log --oneline --reverse 15.5~..77144e5a4)
448f096 MokManager: removed Locate graphic output protocol fail error message (bsc#1193315, bsc#1198458)
a2da05f shim: implement SBAT verification for the shim_lock protocol
bda03b8 post-process-pe: Fix a missing return code check
af18810 CI: don't cancel testing when one fails
ba580f9 CI: remove EOL Fedoras from github actions
bfeb4b3 Remove aarch64 build tests before f35
38cc646 CI: Add f36 and centos9 CI build tests.
b5185cb post-process-pe: Fix format string warnings on 32-bit platforms
31094e5 tests: also look for system headers in multi-arch directories
4df989a mock-variables.c: fix gcc warning
6aac595 test-str.c: fix gcc warnings with FORTIFY_SOURCE enabled
2670c6a Allow MokListTrusted to be enabled by default
5c44aaf Add code of conduct
d6eb9c6 Modernize aarch64
9af50c1 Use ASCII as fallback if Unicode Box Drawing characters fail
de87985 make: don't treat cert.S specially
803dc5c shim: use SHIM_DEVEL_VERBOSE when built in devel mode
6402f1f SBAT matching: Break out of the inner sbat loop if we find the entry.
bb4b60e Add verify_image
acfd48f Abstract out image reading
35d7378 Load additional certs from a signed binary
8ce2832 post-process-pe: there is no 's' argument.
465663e Add some missing PE image flag definitions
226fee2 PE Loader: support and require NX
df96f48 Add MokPolicy variable and MOK_POLICY_REQUIRE_NX
b104fc4 post-process-pe: set EFI_IMAGE_DLLCHARACTERISTICS_NX_COMPAT
f81a7cc SBAT revocation management
abe41ab make: unbreak scan-build again for gnu-efi
610a1ac sbat.h: minor reformatting for legibility
f28833f peimage.h: make our signature macros force the type
5d789ca Always initialize data/datasize before calling read_image()
a50d364 sbat policy: make our policy change actions symbolic
5868789 load_certs: trust dir->Read() slightly less.
a78673b mok.c: fix a trivial dead assignment
759f061 Fix preserve_sbat_uefi_variable() logic
aa61fdf Give the Coverity scanner some more GCC blinders...
0214cd9 load_cert_file(): don't defererence NULL
1eca363 mok import: handle OOM case
75449bc sbat: Make nth_sbat_field() honor the size limit
c0bcd04 shim-15.6~rc1
77144e5 SBAT Policy latest should be a one-shot
- 15.5 release note https://github.com/rhboot/shim/releases
Broken ia32 relocs and an unimportant submodule change. by @vathpela in #357
mok: allocate MOK config table as BootServicesData by @lcp in #361
Don't call QueryVariableInfo() on EFI 1.10 machines by @vathpela in #364
Relax the check for import_mok_state() by @lcp in #372
SBAT.md: trivial changes by @hallyn in #389
shim: another attempt to fix load options handling by @chrisccoulson in #379
Add tests for our load options parsing. by @vathpela in #390
arm/aa64: fix the size of .rela* sections by @lcp in #383
mok: fix potential buffer overrun in import_mok_state by @jyong2 in #365
mok: relax the maximum variable size check by @lcp in #369
Don't unhook ExitBootServices when EBS protection is disabled by @sforshee in #378
fallback: find_boot_option() needs to return the index for the boot entry in optnum by @jsetje in #396
httpboot: Ignore case when checking HTTP headers by @frozencemetery in #403
Fallback allocation errors by @vathpela in #402
shim: avoid BOOTx64.EFI in message on other architectures by @xypron in #406
str: remove duplicate parameter check by @xypron in #408
fallback: add compile option FALLBACK_NONINTERACTIVE by @xnox in #359
Test mok mirror by @vathpela in #394
Modify sbat.md to help with readability. by @eshiman in #398
csv: detect end of csv file correctly by @xypron in #404
Specify that the .sbat section is ASCII not UTF-8 by @daxtens in #413
tests: add "include-fixed" GCC directory to include directories by @diabonas in #415
pe: simplify generate_hash() by @xypron in #411
Don't make shim abort when TPM log event fails (RHBZ #2002265) by @rmetrich in #414
Fallback to default loader if parsed one does not exist by @julian-klode in #393
fallback: Fix for BootOrder crash when index returned by find_boot_option() is not in current BootOrder list by @rmetrich in #422
Better console checks by @vathpela in #416
docs: update SBAT UEFI variable name by @nicholasbishop in #421
Don't parse load options if invoked from removable media path by @julian-klode in #399
fallback: fix fallback not passing arguments of the first boot option by @martinezjavier in #433
shim: Don't stop forever at "Secure Boot not enabled" notification by @rmetrich in #438
Shim 15.5 coverity by @vathpela in #439
Allocate mokvar table in runtime memory. by @vathpela in #447
Remove post-process-pe on 'make clean' by @vathpela in #448
pe: missing perror argument by @xypron in #443
- Drop upstreamed patch:
- shim-bsc1184454-allocate-mok-config-table-BS.patch
- Allocate MOK config table as BootServicesData to avoid the error message
from linux kernel
- 4068fd42c8 15.5-rc1~70
- shim-bsc1185441-fix-handling-of-ignore_db-and-user_insecure_mode.patch
- Handle ignore_db and user_insecure_mode correctly
- 822d07ad4f07 15.5-rc1~73
- shim-bsc1185621-relax-max-var-sz-check.patch
- Relax the maximum variable size check for u-boot
- 3f327f546c219634b2 15.5-rc1~49
- shim-bsc1185261-relax-import_mok_state-check.patch
- Relax the check for import_mok_state() when Secure Boot is off
- 9f973e4e95b113 15.5-rc1~67
- shim-bsc1185232-relax-loadoptions-length-check.patch
- Relax the check for the LoadOptions length
- ada7ff69bd8a95 15.5-rc1~52
- shim-fix-aa64-relsz.patch
- Fix the size of rela* sections for AArch64
- 34e3ef205c5d65 15.5-rc1~51
- shim-bsc1187260-fix-efi-1.10-machines.patch
- Don't call QueryVariableInfo() on EFI 1.10 machines
- 493bd940e5 15.5-rc1~69
- shim-bsc1185232-fix-config-table-copying.patch
- Avoid buffer overflow when copying the MOK config table
- 7501b6bb44 15.5-rc1~50
- shim-bsc1187696-avoid-deleting-rt-variables.patch
- Avoid deleting the mirrored RT variables
- b1fead0f7c9 15.5-rc1~37
- Add "rm -f *.o" after building MokManager/fallback in shim.spec
to make sure all object files gets rebuilt
- reference: https://github.com/rhboot/shim/pull/461
- The following fix-CVE-2022-28737-v6 patches against bsc#1198458 are included
in shim-15.6.tar.bz2
- shim-bsc1198458-pe-Fix-a-buffer-overflow-when-SizeOfRawData-VirtualS.patch
pe: Fix a buffer overflow when SizeOfRawData VirtualSize
- shim-bsc1198458-pe-Perform-image-verification-earlier-when-loading-g.patch
pe: Perform image verification earlier when loading grub
- shim-bsc1198458-Update-advertised-sbat-generation-number-for-shim.patch
Update advertised sbat generation number for shim
- shim-bsc1198458-Update-SBAT-generation-requirements-for-05-24-22.patch
Update SBAT generation requirements for 05/24/22
- shim-bsc1198458-Also-avoid-CVE-2022-28737-in-verify_image.patch
Also avoid CVE-2022-28737 in verify_image()
- 0006-shim-15.6-rc2.patch
- 0007-sbat-add-the-parsed-SBAT-variable-entries-to-the-deb.patch
sbat: add the parsed SBAT variable entries to the debug log
- 0008-bump-version-to-shim-15.6.patch
- Add mokutil command to post script for setting sbat policy to latest mode
when the SbatPolicy-605dab50-e046-4300-abb6-3dd810dd8b23 is not created.
(bsc#1198458)
- Add shim-bsc1198101-opensuse-cert-prompt.patch back to openSUSE shim to
show the prompt to ask whether the user trusts openSUSE certificate or not
(bsc#1198101)
- Updated vendor dbx binary and script (bsc#1198458)
- Updated dbx-cert.tar.xz and vendor-dbx-sles.bin for adding
SLES-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list.
- Updated dbx-cert.tar.xz and vendor-dbx-opensuse.bin for adding
openSUSE-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list.
- Updated vendor-dbx.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt
and openSUSE-UEFI-SIGN-Certificate-2021-05.crt for testing environment.
- Updated generate-vendor-dbx.sh script for generating a vendor-dbx.bin
file which includes all .der for testing environment.
++++ toolbox:
- Prefer podman as container runtime
(unrelated part of [bnc#1200976])
++++ vim:
- Updated to version 9.0.0000, fixes the following problems
- CVE-2022-2304 - boo#1201249
- CVE-2022-2289 - boo#1201139
- CVE-2022-2288 - boo#1201137
- CVE-2022-2287 - boo#1201136
- CVE-2022-2286 - boo#1201135
- CVE-2022-2284 - boo#1201133
- CVE-2022-2264 - boo#1201132
- CVE-2022-2231 - boo#1201150
- CVE-2022-2210 - boo#1201151
- CVE-2022-2207 - boo#1201153
- CVE-2022-2208 - boo#1201152
- CVE-2022-2206 - boo#1201155
* Reading beyond the end of the line with lisp indenting.
* search() gets stuck with "c" and skip evaluates to true.
* "make uninstall" does not remove colors/lists.
* Still mentioning version8, some cosmetic issues.
* In diff mode windows may get out of sync. (Gary Johnson)
* TSTP and INT signal tests are not run with valgrind.
* Fix for CTRL-key combinations causes more problems than it solves.
* Accessing invalid memory after changing terminal size.
* Might still access invalid memory.
* Reading before the start of the line with BS in Replace mode.
* Crash when deleting buffers in diff mode.
* Invalid memory access after diff buffer manipulations.
* Import test fails because 'diffexpr' isn't reset.
* Test for DiffUpdated fails.
* get(Fn, 'name') on funcref returns special byte code.
* Cannot build with Python 3.11.
* Nested :source may use NULL pointer.
* Dependencies and proto files are outdated.
* "make menu" still uses legacy script.
------------------------------------------------------------------
------------------ 2022-6-27 - Jun 27 2022 -------------------
------------------------------------------------------------------
++++ curl:
- Update to 7.84.0:
* Security fixes:
- (bsc#1200737, CVE-2022-32208): FTP-KRB bad message verification
- (bsc#1200736, CVE-2022-32207): Unpreserved file permissions
- (bsc#1200735, CVE-2022-32206): HTTP compression denial of service
- (bsc#1200734, CVE-2022-32205): Set-Cookie denial of service
* Changes:
- curl: add --rate to set max request rate per time unit
- curl: deprecate --random-file and --egd-file
- curl_version_info: add CURL_VERSION_THREADSAFE
- CURLINFO_CAPATH/CAINFO: get the default CA paths from libcurl
- lib: make curl_global_init() threadsafe when possible
- libssh2: add CURLOPT_SSH_HOSTKEYFUNCTION
- opts: deprecate RANDOM_FILE and EGDSOCKET
- socks: support unix sockets for socks proxy
* Bugfixes:
- aws-sigv4: fix potentional NULL pointer arithmetic
- bindlocal: don't use a random port if port number would wrap
- c-hyper: mark status line as status for Curl_client_write()
- ci: avoid `cmake -Hpath`
- CI: bump FreeBSD 13.0 to 13.1
- ci: update github actions
- cmake: add libpsl support
- cmake: do not add libcurl.rc to the static libcurl library
- cmake: enable curl.rc for all Windows targets
- cmake: fix detecting libidn2
- cmake: support adding a suffix to the OS value
- configure: skip libidn2 detection when winidn is used
- configure: use the SED value to invoke sed
- configure: warn about rustls being experimental
- content_encoding: return error on too many compression steps
- cookie: address secure domain overlay
- cookie: apply limits
- copyright.pl: parse and use .reuse/dep5 for skips
- copyright: make repository REUSE compliant
- curl.1: add a few see also --tls-max
- curl.1: mention exit code zero too
- curl: re-enable --no-remote-name
- curl_easy_pause.3: remove explanation of progress function
- curl_getdate.3: document that some illegal dates pass through
- Curl_parsenetrc: don't access local pwbuf outside of scope
- curl_url_set.3: clarify by default using known schemes only
- CURLOPT_ALTSVC.3: document the file format
- CURLOPT_FILETIME.3: fix the protocols this works with
- CURLOPT_HTTPHEADER.3: improve comment in example
- CURLOPT_NETRC.3: document the .netrc file format
- CURLOPT_PORT.3: We discourage using this option
- CURLOPT_RANGE.3: remove ranged upload advice
- digest: added detection of more syntax error in server headers
- digest: tolerate missing "realm"
- digest: unquote realm and nonce before processing
- DISABLED: disable 1021 for hyper again
- docs/cmdline-opts: add copyright and license identifier to each file
- docs/CONTRIBUTE.md: document the 'needs-votes' concept
- docs: clarify data replacement policy for MIME API
- doh: remove UNITTEST macro definition
- examples/crawler.c: use the curl license
- examples: remove fopen.c and rtsp.c
- FAQ: Clarify Windows double quote usage
- fopen: add Curl_fopen() for better overwriting of files
- ftp: restore protocol state after http proxy CONNECT
- ftp: when failing to do a secure GSSAPI login, fail hard
- GHA/hyper: enable debug in the build
- gssapi: improve handling of errors from gss_display_status
- gssapi: initialize gss_buffer_desc strings
- headers api: remove EXPERIMENTAL tag
- http2: always debug print stream id in decimal with %u
- http2: reject overly many push-promise headers
- http: restore header folding behavior
- hyper: use 'alt-used'
- krb5: return error properly on decode errors
- lib: make more protocol specific struct fields #ifdefed
- libcurl-security.3: add "Secrets in memory"
- libcurl-security.3: document CRLF header injection
- libssh: skip the fake-close when libssh does the right thing
- links: update dead links to the curl-wiki
- log2changes: do not indent empty lines [ci skip]
- macos9: remove partial support
- Makefile.am: fix portability issues
- Makefile.m32: delete obsolete options, improve -On [ci skip]
- Makefile.m32: delete two obsolete OpenSSL options [ci skip]
- Makefile.m32: stop forcing XP target with ipv6 enabled [ci skip]
- max-time.d: clarify max-time sets max transfer time
- mprintf: ignore clang non-literal format string
- netrc: check %USERPROFILE% as well on Windows
- netrc: support quoted strings
- ngtcp2: allow curl to send larger UDP datagrams
- ngtcp2: correct use of ngtcp2 and nghttp3 signed integer types
- ngtcp2: enable Linux GSO
- ngtcp2: extend QUIC transport parameters buffer
- ngtcp2: fix alert_read_func return value
- ngtcp2: fix typo in preprocessor condition
- ngtcp2: handle error from ngtcp2_conn_submit_crypto_data
- ngtcp2: send appropriate connection close error code
- ngtcp2: support boringssl crypto backend
- ngtcp2: use helper funcs to simplify TLS handshake integration
- ntlm: provide a fixed fake host name
- projects: fix third-party SSL library build paths for Visual Studio
- quic: add Curl_quic_idle
- quiche: support ca-fallback
- rand: stop detecting /dev/urandom in cross-builds
- remote-name.d: mention --output-dir
- runtests.pl: add the --repeat parameter to the --help output
- runtests: fix skipping tests not done event-based
- runtests: skip starting the ssh server if user name is lacking
- scripts/copyright.pl: fix the exclusion to not ignore man pages
- sectransp: check for a function defined when __BLOCKS__ is undefined
- select: return error from "lethal" poll/select errors
- server/sws: support spaces in the HTTP request path
- speed-limit/time.d: mention these affect transfers in either direction
- strcase: some optimisations
- test 2081: add a valid reply for the second request
- test 675: add missing CR so the test passes when run through Privoxy
- test414: add the '--resolve' keyword
- test681: verify --no-remote-name
- tests 266, 116 and 1540: add a small write delay
- tests/data/test1501: kill ftp server after slow LIST response
- tests/getpart: fix getpartattr to work with "data" and "data2"
- tests/server/sws.c: change the HTTP writedelay unit to milliseconds
- test{440,441,493,977}: add "HTTP proxy" keywords
- tool_getparam: fix --parallel-max maximum value constraint
- tool_operate: make sure --fail-with-body works with --retry
- transfer: fix potential NULL pointer dereference
- transfer: maintain --path-as-is after redirects
- transfer: upload performance; avoid tiny send
- url: free old conn better on reuse
- url: remove redundant #ifdefs in allocate_conn()
- url: URL encode the path when extracted, if spaces were set
- urlapi: make curl_url_set(url, CURLUPART_URL, NULL, 0) clear all parts
- urlapi: support CURLU_URLENCODE for curl_url_get()
- urldata: reduce size of a few struct fields
- urldata: remove three unused booleans from struct UserDefined
- urldata: store tcp_keepidle and tcp_keepintvl as ints
- version: allow stricmp() for sorting the feature list
- vtls: make curl_global_sslset thread-safe
- wolfssh.h: removed
- wolfssl: correct the failf() message when a handle can't be made
- wolfSSL: explicitly use compatibility layer
- x509asn1: mark msnprintf return as unchecked
++++ dmidecode:
- Update to upstream version 3.4:
* Support for SMBIOS 3.4.0. This includes new memory device types, new
processor upgrades, new slot types and characteristics, decoding of memory
module extended speed, new system slot types, new processor characteristics
and new format of Processor ID.
* Support for SMBIOS 3.5.0. This includes new processor upgrades, BIOS
characteristics, new slot characteristics, new on-board device types, new
pointing device interface types, and a new record type (type 45 -
Firmware Inventory Information).
* Decode HPE OEM records 194, 199, 203, 236, 237, 238 ans 240.
* Bug fixes:
Fix OEM vendor name matching
* Minor improvements:
Skip details of uninstalled memory modules
Don't display the raw CPU ID in quiet mode
Improve the formatting of the manual pages
* Obsoletes dmidecode-fix-crash-with-u-option.patch and
dmidecode-fix-the-condition-error-in-ascii_filter.patch.
++++ kernel-default:
- Update to 5.19-rc4
- update configs
- FIPS_SIGNATURE_SELFTEST=n
- commit c256fc8
++++ ncurses:
- Add ncurses patch 20220625
+ improve man/curs_bkgd.3x, explaining that bkgdset can affect results
for bkgd (report by Anton Vidovic).
+ correct dsl in dec+sl (report by Rajeev Pillai) -TD
+ add/use ansi+cpr, decid+cpr -TD
- Correct offsets of patches
* ncurses-5.9-ibm327x.dif
* ncurses-6.3.dif
++++ rpm:
- remove obsolete RPM-HOWTO from 1999 (removed RPM-HOWTO.tar.bz2)
- move debugedit to separate package
(Removed debuginfo-mono.patch, debuglink.diff, debugsubpkg.diff,
finddebuginfo-absolute-links.diff, finddebuginfo.diff,
singlefilemode.diff, debugedit-5.0.tar.xz)
- move python-rpm-packaging to separate package
(Removed python-rpm-packaging.diff, python-rpm-packaging.tar.bz2)
++++ mokutil:
- Update to 0.6.0
+ 6c98907 SBAT revocation update support
+ 0276891 mokutil: Add trust_mok_keys and untrust_mok_keys
+ 57bc385 mokutil: enable setting fallback verbosity and noreboot mode
+ b15e7c4 util: add the missing stdio.h
- Drop mokutil-fix-missing-header.patch (upstream)
++++ openssl:
- Update to 1.1.1p release
++++ python-PyYAML:
- Actually we DO want to build the bindings.
------------------------------------------------------------------
------------------ 2022-6-26 - Jun 26 2022 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Linux 5.18.7 (bsc#1012628).
- s390/mm: use non-quiescing sske for KVM switch to keyed guest
(bsc#1012628).
- zonefs: fix zonefs_iomap_begin() for reads (bsc#1012628).
- fsnotify: introduce mark type iterator (bsc#1012628).
- fsnotify: consistent behavior for parent not watching children
(bsc#1012628).
- bpf: Fix calling global functions from BPF_PROG_TYPE_EXT
programs (bsc#1012628).
- selftests/bpf: Add selftest for calling global functions from
freplace (bsc#1012628).
- dt-bindings: nvmem: sfp: Add clock properties (bsc#1012628).
- io_uring: use original request task for inflight tracking
(bsc#1012628).
- commit 531894c
------------------------------------------------------------------
------------------ 2022-6-25 - Jun 25 2022 -------------------
------------------------------------------------------------------
++++ mozilla-nss:
- sync with current SLE
* latest FIPS changes incl. testsuite fixes (enabled now)
nss-fips-180-3-csp-clearing.patch
nss-fips-tests-enable-fips.patch
nss-fips-tests-skip.patch
nss-fips-pbkdf-kat-compliance.patch
------------------------------------------------------------------
------------------ 2022-6-24 - Jun 24 2022 -------------------
------------------------------------------------------------------
++++ NetworkManager:
- Bring back /sbin/netconfig as build option since the netconfig
in SLE is not ready for usrmerge.
++++ kernel-default:
- config: enable MLX90614
MLX90614 is I2C (SMBus) remote temperature sensor.
The boards are available for SBCs:
https://www.waveshare.com/product/modules/sensors/temperature-humidity-barometer/infrared-temperature-sensor.htm
Enable the driver for potential users.
Link: https://lists.opensuse.org/archives/list/kernel@lists.opensuse.org/thread/VHBAZ4YTJZ6H2DTMELYWILNGMRBXBMPI/
- commit 1a61419
++++ libvirt:
- spec: Include aarch64 in the list of architectures that 'Require'
dmidecode
boo#1196087
++++ python-MarkupSafe:
- Patch PKG-INFO to avoid pip failing on Python 3.6 with
`ERROR: Package 'MarkupSafe' requires a different Python:
3.6.15 not in '>=3.7'`.
++++ selinux-policy:
- Add fix_userdomain.patch to dontaudit UDP rpc ports (bsc#1193984)
- Update to version 20220624. Refreshed:
* fix_init.patch
* fix_kernel_sysctl.patch
* fix_logging.patch
* fix_networkmanager.patch
* fix_unprivuser.patch
Dropped fix_hadoop.patch, not necessary anymore
* Updated fix_locallogin.patch to allow accesses for nss-systemd
(bsc#1199630)
++++ vim:
- Updated to version 8.2.5154, fixes the following problems
- fixed boo#1200184
- CVE-2022-2175 - boo#1200904
- CVE-2022-2182 - boo#1200903
- CVE-2022-2183 - boo#1200902
* Debugger test fails when run with valgrind.
* Cannot build without the +channel feature. (Dominique Pellé)
* Various small issues.
* TIME_WITH_SYS_TIME is no longer supported by autoconf.
* Seachpair timeout test is flaky.
* Using "volatile int" in a signal handler might be wrong.
* Startup test fails if there is a status bar at the top of the
screen. (Ernie Rael)
* Some tests fail when using valgrind. Spurious leak reports.
* With 'lazyredraw' set completion menu may be displayed wrong.
* Exit test causes spurious valgrind reports.
* Memory leak when substitute expression nests.
* Flaky test always fails on retry.
* Invalid memory access when using an expression on the command line.
* Cannot build without the +eval feature. (Tony Mechelynck)
* Read past the end of the first line with ":0;'{".
* Reading beyond the end of the line with lisp indenting.
* search() gets stuck with "c" and skip evaluates to true.
* "make uninstall" does not remove colors/lists.
* Still mentioning version8, some cosmetic issues.
------------------------------------------------------------------
------------------ 2022-6-23 - Jun 23 2022 -------------------
------------------------------------------------------------------
++++ cockpit:
- Add conflict between cockpit-networkmanager and cockpit-wicked
as they use the same URL paths.
++++ glibc:
- read-chk-cancel.patch: debug: make __read_chk a cancellation point
(bsc#1200682, BZ #29274)
- wcrtomb-fortify.patch: wcrtomb: Make behavior POSIX compliant
(bsc#1200688)
++++ kernel-default:
- Linux 5.18.6 (bsc#1012628).
- Revert "drm/amd/display: Fix DCN3 B0 DP Alt Mapping"
(bsc#1012628).
- arm64: dts: imx8mm-beacon: Enable RTS-CTS on UART3
(bsc#1012628).
- arm64: dts: imx8mn-beacon: Enable RTS-CTS on UART3
(bsc#1012628).
- io_uring: reinstate the inflight tracking (bsc#1012628).
- powerpc/kasan: Silence KASAN warnings in __get_wchan()
(bsc#1012628).
- ASoC: nau8822: Add operation for internal PLL off and on
(bsc#1012628).
- ASoC: qcom: lpass-platform: Update VMA access permissions in
mmap callback (bsc#1012628).
- drm/amd/display: Read Golden Settings Table from VBIOS
(bsc#1012628).
- drm/amdgpu: Resolve RAS GFX error count issue after cold boot
on Arcturus (bsc#1012628).
- drm/amdkfd: Use mmget_not_zero in MMU notifier (bsc#1012628).
- dma-debug: make things less spammy under memory pressure
(bsc#1012628).
- ASoC: Intel: cirrus-common: fix incorrect channel mapping
(bsc#1012628).
- ASoC: cs42l52: Fix TLV scales for mixer controls (bsc#1012628).
- ASoC: cs35l36: Update digital volume TLV (bsc#1012628).
- ASoC: cs53l30: Correct number of volume levels on SX controls
(bsc#1012628).
- ASoC: cs42l52: Correct TLV for Bypass Volume (bsc#1012628).
- ASoC: cs42l56: Correct typo in minimum level for SX volume
controls (bsc#1012628).
- ASoC: cs42l51: Correct minimum value for SX volume control
(bsc#1012628).
- drm/amdkfd: add pinned BOs to kfd_bo_list (bsc#1012628).
- ata: libata-core: fix NULL pointer deref in
ata_host_alloc_pinfo() (bsc#1012628).
- quota: Prevent memory allocation recursion while holding dq_lock
(bsc#1012628).
- ASoC: wm8962: Fix suspend while playing music (bsc#1012628).
- ASoC: es8328: Fix event generation for deemphasis control
(bsc#1012628).
- ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put()
(bsc#1012628).
- ALSA: hda: MTL: add HD Audio PCI ID and HDMI codec vendor ID
(bsc#1012628).
- Input: soc_button_array - also add Lenovo Yoga Tablet2 1051F
to dmi_use_low_level_irq (bsc#1012628).
- scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (bsc#1012628).
- scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is
aborted (bsc#1012628).
- scsi: lpfc: Fix port stuck in bypassed state after LIP in
PT2PT topology (bsc#1012628).
- scsi: lpfc: Allow reduced polling rate for
nvme_admin_async_event cmd completion (bsc#1012628).
- scsi: mpt3sas: Fix out-of-bounds compiler warning (bsc#1012628).
- scsi: ipr: Fix missing/incorrect resource cleanup in error case
(bsc#1012628).
- scsi: pmcraid: Fix missing resource cleanup in error case
(bsc#1012628).
- ALSA: hda/realtek - Add HW8326 support (bsc#1012628).
- virtio-mmio: fix missing put_device() when vm_cmdline_parent
registration failed (bsc#1012628).
- nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred
(bsc#1012628).
- ipv6: Fix signed integer overflow in __ip6_append_data
(bsc#1012628).
- ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg
(bsc#1012628).
- net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface
netdev[napi]_alloc_frag (bsc#1012628).
- mellanox: mlx5: avoid uninitialized variable warning with gcc-12
(bsc#1012628).
- MIPS: Loongson-3: fix compile mips cpu_hwmon as module build
error (bsc#1012628).
- random: credit cpu and bootloader seeds by default
(bsc#1012628).
- gpio: dwapb: Don't print error on -EPROBE_DEFER (bsc#1012628).
- platform/x86/intel: Fix pmt_crashlog array reference
(bsc#1012628).
- platform/x86/intel: pmc: Support Intel Raptorlake P
(bsc#1012628).
- platform/x86: gigabyte-wmi: Add Z690M AORUS ELITE AX DDR4
support (bsc#1012628).
- platform/x86: gigabyte-wmi: Add support for B450M DS3H-CF
(bsc#1012628).
- platform/x86/intel: hid: Add Surface Go to VGBS allow list
(bsc#1012628).
- staging: r8188eu: fix rtw_alloc_hwxmits error detection for now
(bsc#1012628).
- staging: r8188eu: Fix warning of array overflow in ioctl_linux.c
(bsc#1012628).
- pNFS: Don't keep retrying if the server replied
NFS4ERR_LAYOUTUNAVAILABLE (bsc#1012628).
- pNFS: Avoid a live lock condition in pnfs_update_layout()
(bsc#1012628).
- sunrpc: set cl_max_connect when cloning an rpc_clnt
(bsc#1012628).
- clocksource: hyper-v: unexport __init-annotated
hv_init_clocksource() (bsc#1012628).
- i40e: Fix adding ADQ filter to TC0 (bsc#1012628).
- i40e: Fix calculating the number of queue pairs (bsc#1012628).
- i40e: Fix call trace in setup_tx_descriptors (bsc#1012628).
- iavf: Fix issue with MAC address of VF shown as zero
(bsc#1012628).
- Drivers: hv: vmbus: Release cpu lock in error case
(bsc#1012628).
- tty: goldfish: Fix free_irq() on remove (bsc#1012628).
- misc: atmel-ssc: Fix IRQ check in ssc_probe (bsc#1012628).
- riscv: dts: microchip: re-add pdma to mpfs device tree
(bsc#1012628).
- io_uring: fix races with file table unregister (bsc#1012628).
- io_uring: fix races with buffer table unregister (bsc#1012628).
- drm/i915/reset: Fix error_state_read ptr + offset use
(bsc#1012628).
- net: hns3: set port base vlan tbl_sta to false before removing
old vlan (bsc#1012628).
- net: hns3: don't push link state to VF if unalive (bsc#1012628).
- net: hns3: restore tm priority/qset to default settings when
tc disabled (bsc#1012628).
- net: hns3: fix PF rss size initialization bug (bsc#1012628).
- net: hns3: fix tm port shapping of fibre port is incorrect
after driver initialization (bsc#1012628).
- nvme: add device name to warning in uuid_show() (bsc#1012628).
- mlxsw: spectrum_cnt: Reorder counter pools (bsc#1012628).
- ice: Fix PTP TX timestamp offset calculation (bsc#1012628).
- ice: Sync VLAN filtering features for DVM (bsc#1012628).
- ice: Fix queue config fail handling (bsc#1012628).
- ice: Fix memory corruption in VF driver (bsc#1012628).
- net: bgmac: Fix an erroneous kfree() in bgmac_remove()
(bsc#1012628).
- net: remove noblock parameter from skb_recv_datagram()
(bsc#1012628).
- net: ax25: Fix deadlock caused by skb_recv_datagram in
ax25_recvmsg (bsc#1012628).
- arm64: ftrace: fix branch range checks (bsc#1012628).
- arm64: ftrace: consistently handle PLTs (bsc#1012628).
- certs/blacklist_hashes.c: fix const confusion in certs blacklist
(bsc#1012628).
- init: Initialize noop_backing_dev_info early (bsc#1012628).
- block: Fix handling of offline queues in
blk_mq_alloc_request_hctx() (bsc#1012628).
- faddr2line: Fix overlapping text section failures, the sequel
(bsc#1012628).
- x86/ftrace: Remove OBJECT_FILES_NON_STANDARD usage
(bsc#1012628).
- i2c: npcm7xx: Add check for platform_driver_register
(bsc#1012628).
- irqchip/gic/realview: Fix refcount leak in realview_gic_of_init
(bsc#1012628).
- irqchip/apple-aic: Fix refcount leak in build_fiq_affinity
(bsc#1012628).
- irqchip/apple-aic: Fix refcount leak in aic_of_ic_init
(bsc#1012628).
- irqchip/gic-v3: Fix error handling in
gic_populate_ppi_partitions (bsc#1012628).
- irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions
(bsc#1012628).
- irqchip/realtek-rtl: Fix refcount leak in map_interrupts
(bsc#1012628).
- sched: Fix balance_push() vs __sched_setscheduler()
(bsc#1012628).
- i2c: designware: Use standard optional ref clock implementation
(bsc#1012628).
- i2c: mediatek: Fix an error handling path in mtk_i2c_probe()
(bsc#1012628).
- mei: hbm: drop capability response on early shutdown
(bsc#1012628).
- mei: me: add raptor lake point S DID (bsc#1012628).
- comedi: vmk80xx: fix expression for tx buffer size
(bsc#1012628).
- crypto: memneq - move into lib/ (bsc#1012628).
- USB: serial: option: add support for Cinterion MV31 with new
baseline (bsc#1012628).
- USB: serial: io_ti: add Agilent E5805A support (bsc#1012628).
- arm64: mm: Don't invalidate FROM_DEVICE buffers at start of
DMA transfer (bsc#1012628).
- usb: dwc2: Fix memory leak in dwc2_hcd_init (bsc#1012628).
- usb: cdnsp: Fixed setting last_trb incorrectly (bsc#1012628).
- usb: dwc3: gadget: Fix IN endpoint max packet size allocation
(bsc#1012628).
- usb: dwc3: pci: Restore line lost in merge conflict resolution
(bsc#1012628).
- usb: gadget: u_ether: fix regression in setting fixed MAC
address (bsc#1012628).
- usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe
(bsc#1012628).
- usb: gadget: f_fs: change ep->status safe in ffs_epfile_io()
(bsc#1012628).
- usb: gadget: f_fs: change ep->ep safe in ffs_epfile_io()
(bsc#1012628).
- tty: n_gsm: Debug output allocation must use GFP_ATOMIC
(bsc#1012628).
- serial: 8250: Store to lsr_save_flags after lsr read
(bsc#1012628).
- bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove()
(bsc#1012628).
- md/raid5-ppl: Fix argument order in bio_alloc_bioset()
(bsc#1012628).
- dm: fix race in dm_start_io_acct (bsc#1012628).
- dm mirror log: round up region bitmap size to BITS_PER_LONG
(bsc#1012628).
- drm/amdgpu: Fix GTT size reporting in amdgpu_ioctl
(bsc#1012628).
- drm/amd/display: Cap OLED brightness per max frame-average
luminance (bsc#1012628).
- audit: free module name (bsc#1012628).
- cfi: Fix __cfi_slowpath_diag RCU usage with cpuidle
(bsc#1012628).
- fs: account for group membership (bsc#1012628).
- selinux: free contexts previously transferred in
selinux_add_opt() (bsc#1012628).
- ext4: fix super block checksum incorrect after mount
(bsc#1012628).
- ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1012628).
- ext4: make variable "count" signed (bsc#1012628).
- ext4: add reserved GDT blocks check (bsc#1012628).
- KVM: arm64: Always start with clearing SVE flag on load
(bsc#1012628).
- KVM: arm64: Don't read a HW interrupt pending state in user
context (bsc#1012628).
- virtio-pci: Remove wrong address verification in vp_del_vqs()
(bsc#1012628).
- drm/i915/uc: remove accidental static from a local variable
(bsc#1012628).
- bpf: Use safer kvmalloc_array() where possible (bsc#1012628).
- powerpc/book3e: get rid of #include <generated/compile.h>
(bsc#1012628).
- dt-bindings: mfd: bd9571mwv: update rohm,bd9571mwv.yaml
reference (bsc#1012628).
- dt-bindings: interrupt-controller: update brcm,l2-intc.yaml
reference (bsc#1012628).
- dm: fix bio_set allocation (bsc#1012628).
- clk: imx8mp: fix usb_root_clk parent (bsc#1012628).
- Delete
patches.suse/netfs-Eliminate-Clang-randstruct-warning.patch.
- Update config files.
- commit 5aa0763
++++ openssl-1_1:
- Update to 1.1.1p:
* bsc#1185637 - updated certificates required for testing that failed
when date is later than 1 June 2022
- removed openssl-update_expired_certificates.patch
* [bsc#1200550, CVE-2022-2068] - more shell code injection issues in c_rehash
++++ parted:
- drop type flag (SUSE specific) to fix bsc#1190847
refreshed patches:
- parted-mac.patch
- tests-adapt-to-SUSE.patch
drop patches:
- parted-type.patch
- parted-type-accept-hex.patch
- parted-json-no-type-flag.patch
++++ procps:
- Some older products do not know about /usr/share/man/uk
++++ patterns-alp:
- Ensure cockpit-networkmanager is installed if NM is installed.
- Drop tallow (sync with MicroOS).
++++ perl:
- Update to 5.36.0
* the signatures and isa features are no longer experimental and
part of the v5.36 feature bundle
* the v5.36 bundle also enables warnings
* new '-g' command line flag (alias for -0777)
* support for unicode 14.0
* regex sets are no longer considered experimental
* experimental iterating over multiple values at a time
* experimental new builtin module
* experimental defer blocks
* try/catch can now have a finally block
* experimental non-ASCII delimiters for quote-like operators
* a physically empty sort is now a compile-time error
- Rebase perl-5.34.0.dif to perl-5.36.0.diff
- Refresh perl-5.18.2-overflow.diff
++++ python-psutil:
- Add patch mem-used-bsc1181475.patch (bsc#1181475)
* Adopt change of used memory calculation from upstream of procps
------------------------------------------------------------------
------------------ 2022-6-22 - Jun 22 2022 -------------------
------------------------------------------------------------------
++++ bash:
- Update to bash 5.2 rc1
dd. In posix mode, the `printf' builtin checks for the `L' length modifier and
uses long double for floating point conversion specifiers if it's present,
double otherwise.
ee. The `globbing' completion code now takes the `globstar' option into account.
ff. `suspend -f' now forces the shell to suspend even if job control is not
currently enabled.
- Port patches
* bash-2.03-manual.patch
* bash-3.2-printf.patch
* bash-4.1-bash.bashrc.dif
* bash-5.2.dif
++++ container-selinux:
- Update to version 2.187.0:
* Allow container domains to use /dev/zero
- Changes from 2.186.0:
* Create policy for a container_device_t
* Allow containers to shutdown & setopt userdomain:sockets
- Changes from 2.183.0:
* Allow containers to inherit all socket classes from container runtimes.
- Changes from 2.182.0:
* Allow containers to inherit all socket classes
- Changes from 2.181.0:
* Allow socket activated domains for tcp sockets from init_t and userdomains.
++++ gstreamer:
- Update to version 1.20.3
+ Highlighted bugfixes:
- Security fixes in Matroska, MP4 and AVI demuxers
- Fix scrambled video playback with hardware-accelerated
VA-API decoders on certain Intel hardware
- playbin3/decodebin3 regression fix for unhandled streams
- Fragmented MP4 playback fixes
- Android H.265 encoder mapping
- Playback of MXF files produced by FFmpeg before March 2022
- Fix rtmp2sink crashes on 32-bit platforms
- WebRTC improvements
- D3D11 video decoder and screen recorder fixes
- Performance improvements
- Support for building against OpenCV 4.6 and other build fixes
- Miscellaneous bug fixes, memory leak fixes, and other
stability and reliability improvements
+ gstreamer:
- clock: Avoid creating a weakref with every entry
(performance improvement)
- plugin: add Apache 2 license to list of known licenses to avoid
warning
- gst_plugin_load_file: force plugin reload if filename differs
Add support for LoongArch
++++ gstreamer-plugins-base:
- Update to version 1.20.3:
+ typefindfunctions: Fix WebVTT format detection for very short
files
+ gldisplay: Reorder GST_GL_WINDOW check for egl-device
+ rtpbasepayload: Copy all buffer metadata instead of just
GstMetas for the input meta buffer
+ codec-utils: Avoid out-of-bounds error
+ navigation: Fix Since markers for mouse scroll events
+ videoaggregator: Fix for unhandled negative rate
+ videoaggregator: Use floor() to calculate current position
+ video-color: Fix for missing clipping in PQ EOTF function
+ gst-play-1.0: Fix trick-mode handling in keyboard shortcut
+ audiovisualizer: shader: Fix out of bound write
++++ kernel-default:
- Update config files.
Run oldconfig which unsets CC_NO_ARRAY_BOUNDS as dummy tools emulate gcc
20. We are ignoring it thanks to update in packaging, so that real
compilation sets this right later.
- commit e4ff964
- rpm/check-for-config-changes: ignore GCC12/CC_NO_ARRAY_BOUNDS
Upstream commit f0be87c42cbd (gcc-12: disable '-Warray-bounds'
universally for now) added two new compiler-dependent configs:
* CC_NO_ARRAY_BOUNDS
* GCC12_NO_ARRAY_BOUNDS
Ignore them -- they are unset by dummy tools (they depend on gcc version
== 12), but set as needed during real compilation.
- commit a14607c
++++ procps:
- Add the patches
* procps-3.3.17-library-bsc1181475.patch
* procps-3.3.17-top-bsc1181475.patch
which are backports of current newlib tree to solve bug bsc#1181475
* 'free' command reports misleading "used" value
++++ readline:
- use https:// for source urls
- Update to readline-8.2-rc1
++++ podman:
- Update to version 4.1.1:
* The output of the podman load command now mirrors that of docker load.
* Podman now supports Docker Compose v2.2 and higher. Please note that it may be necessary to disable the use of Buildkit by setting the environment variable DOCKER_BUILDKIT=0.
* A new container command has been added, podman container clone. This command makes a copy of an existing container, with the ability to change some settings (e.g. resource limits) while doing so.
* Podman now supports sending JSON events related to machines to a Unix socket named machine_events.*\.sock in XDG_RUNTIME_DIR/podman or to a socket whose path is set in the PODMAN_MACHINE_EVENTS_SOCK environment variable.
* Two new volume commands have been added, podman volume mount and podman volume unmount. These allow for Podman-managed named volumes to be mounted and accessed from outside containers.
* The podman container checkpoint and podman container restore options now support checkpointing to and restoring from OCI images. This allows checkpoints to be distributed via standard image registries.
* The podman play kube command now supports environment variables that are specified using the fieldRef and resourceFieldRef sources.
* The podman play kube command will now set default resource limits when the provided YAML does not include them.
* The podman play kube command now supports a new option, --annotation, to add annotations to created containers.
* The podman play kube --build command now supports a new option, --context-dir, which allows the user to specify the context directory to use when building the Containerfile.
* The podman container commit command now supports a new option, --squash, which squashes the generated image into a single layer.
* The podman pod logs command now supports two new options, --names, which identifies which container generated a log message by name, instead of ID and --color, which colors messages based on what container generated them.
* The podman rmi command now supports a new option, --ignore, which will ignore errors caused by missing images.
* The podman network create command now features a new option, --ipam-driver, to specify details about how IP addresses are assigned to containers in the network.
* The podman machine list command now features a new option, --quiet, to print only the names of configured VMs and no other information.
* The --ipc option to the podman create, podman run, and podman pod create commands now supports three new modes: none, private, and shareable. The default IPC mode is now shareable, indicating the the IPC namespace can be shared with other containers.
* The --mount option to the podman create and podman run commands can now set options for created named volumes via the volume-opt parameter.
* The --mount option to the podman create and podman run commands now allows parameters to be passed in CSV format.
* The --userns option to the podman create and podman run commands now supports a new option, nomap, that (only for rootless containers) does not map the UID of the user that started the container into the container, increasing security.
* The podman import command now supports three new options, --arch, --os, and --variant, to specify what system the imported image was built for.
* The podman inspect command now includes information on the network configuration of containers that joined a pre-configured network namespace with the --net ns: option to podman run, podman create, and podman pod create.
* The podman run and podman create commands now support a new option, --chrootdirs, which specifies additional locations where container-specific files managed by Podman (e.g. /etc/hosts, `/etc/resolv.conf, etc) will be mounted inside the container (#12961).
* The podman run and podman create commands now support a new option, --passwd-entry, allowing entries to be added to the container's /etc/passwd file.
* The podman images --format command now accepts two new format directives: {{.CreatedAt}} and {{.CreatedSince}}.
* The podman volume create command's -o option now accepts a new argument, o=noquota, to disable XFS quotas entirely and avoid potential issues when Podman is run on an XFS filesystem with existing quotas defined.
* The podman info command now includes additional information on the machine Podman is running on, including disk utilization on the drive Podman is storing containers and images on, and CPU utilization.
* Fix CVE-2022-27191 / bsc#1197284
- Drop obsolete patches:
* 0001-Adjust-buildah-to-opencontainers-selinux-v1.10.1.patch
* 0001-Relabel-relabel-links-instead-of-their-targets.patch
* 0002-specgen-do-not-set-OOMScoreAdj-by-default.patch
* 0004-fix-Container.cGroupPath-skip-empty-line-to-avoid-fa.patch
++++ policycoreutils:
- Handle missing translations properly in chcat. Added
chcat_handle_missing_translations.patch (bsc#1200752)
++++ toolbox:
- Update to version 2.3+git20220622.32785f7:
* Only set --userns=keep-id when running rootless
++++ virt-manager:
- bsc#1200691 - SLES 15 SP4 GMC --os-variant tag shouldn't be
mandatory on s390x (see also bsc#1200422)
revert-363fca41-virt-install-Require-osinfo-for-non-x86-HVM-case-too.patch
------------------------------------------------------------------
------------------ 2022-6-21 - Jun 21 2022 -------------------
------------------------------------------------------------------
++++ dracut:
- Update to version 057+suse.292.g508db4cd:
See https://github.com/dracutdevs/dracut/releases/tag/057 for details.
Additional changes:
* fix(integrity): do not enable EVM if there is no key (bsc#1200718)
* fix(dracut.sh): temporary workaround for kiwi (bsc#1199051)
* chore(suse): update spec
++++ transactional-update:
- Moved logrotate files from user specific directory /etc/logrotate.d
to vendor specific directory /usr/etc/logrotate.d.
++++ kernel-default:
- ath9k: fix use-after-free in ath9k_hif_usb_rx_cb (CVE-2022-1679
bsc#1199487).
- commit f4c43ea
- ALSA: hda: Fix discovery of i915 graphics PCI device
(bsc#1200611).
- commit ef301cb
- netfs: Fix gcc-12 warning by embedding vfs inode in
netfs_i_context (gcc 12 warnings).
- netfs: gcc-12: temporarily disable '-Wattribute-warning'
for now (gcc 12 warnings).
- gcc-12: disable '-Warray-bounds' universally for now (gcc
12 warnings).
- Update config files.
CC_NO_ARRAY_BOUNDS=y is manually selected, see commit b2fb712ddc6e.
- gcc-12: disable '-Wdangling-pointer' warning for now (gcc
12 warnings).
- wifi: rtlwifi: remove always-true condition pointed out by
GCC 12 (gcc 12 warnings).
- net: wwan: iosm: remove pointless null check (gcc 12 warnings).
- eth: sun: cassini: remove dead code (gcc 12 warnings).
- netfs: Eliminate Clang randstruct warning (gcc 12 warnings).
- x86/boot: Wrap literal addresses in absolute_pointer() (gcc
12 warnings).
- commit 983c97f
- series.conf: remove empty line in sorted section
It causes troubles to scripts.
- commit b01fcd9
++++ keyutils:
- Add /etc/keys/evn and /usr/etc/keys/evm together with the IMA ones
++++ libproxy:
- Add libproxy-perl-cflags.patch: perl: Use ccflags from %Config
for libproxy module compilation; fixes perl test suite on i586.
++++ openslp:
- Moved logrotate files from user specific directory /etc/logrotate.d
to vendor specific directory /usr/etc/logrotate.d.
++++ systemd:
- Import commit 69abca7794ed06d823bc0a9bb55daf822adcc632
f29b146685 pstore: Run after modules are loaded
- pstore is no more considered as an experimental feature: move it to udev
package (bsc#1197802)
- Adjust rpmlintrc for shlib-policy-name-error/multibuild case so that it's not
only for x86_64.
- spec: %suse_version rpm macro is already reserved and has a special meaning in
openSUSE distros so rename it to %archive_version instead.
++++ libvirt:
- spec: Move logrotate config files from /etc/logrotate.d to
/usr/etc/logrotate.d
++++ policycoreutils:
- Build and package translations for python-utils (boo#1200752).
++++ qemu:
- Fix bugs boo#1200557 and boo#1199924
- Now that boo#1199924 is fixed, re-enable FORTIFY_SOURCE=3
* Patches added:
pci-fix-overflow-in-snprintf-string-form.patch
sphinx-change-default-language-to-en.patch
++++ ovmf:
- add ovmf-tools_def-add-fno-omit-frame-pointer-to-GCC48_-IA32-.patch.
It fixes crashes when linked using gcc 12 (bsc#1199597).
++++ rsync:
- Removed %config flag for files in /usr directory.
++++ wpa_supplicant:
- Removed %config flag for files in /usr directory.
- Moved logrotate files from user specific directory /etc/logrotate.d
to vendor specific directory /usr/etc/logrotate.d.
------------------------------------------------------------------
------------------ 2022-6-20 - Jun 20 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- Update to 22.1.2
" There's a lot of zink here, thanks to Mike for help with manually
backporting parts of it! We've als got a bunch of fixes for panfrost,
and some for intel, radeon, llvmpip, dzn, broadcom, nir, core gallium,
the va state tracker, and freedren."
++++ Mesa-drivers:
- Update to 22.1.2
" There's a lot of zink here, thanks to Mike for help with manually
backporting parts of it! We've als got a bunch of fixes for panfrost,
and some for intel, radeon, llvmpip, dzn, broadcom, nir, core gallium,
the va state tracker, and freedren."
++++ cockpit:
- Re-arrange patches and apply them manually again.
Some were accidentally added and should be sle only
++++ cockpit-tukit:
- Update to version 0.0.3~git10.d8579a3:
* Update to cockpit 271
* Add translation template
* Update translations
* Add load-css-overrides.patch to start loading a custom CSS file
++++ librsvg:
- Automatic update of vendored dependencies
++++ alsa:
- Update to version 1.2.7.1: minor bug fixes, including the previous
patches. For details, see
https://www.alsa-project.org/wiki/Changes_v1.2.7_v1.2.7.1#alsa-lib
- Drop obsoleted patches:
0001-conf-Use-ino64_t-to-save-and-compare-inode-numbers.patch
0002-control-eld-fix-the-decoding-for-older-hw.patch
++++ ncurses:
- Add ncurses patch 20220618
+ add a null-pointer check for term_names field in copy_termtype(),
needed for MinGW port (report by Peiyuan Song, cf: 20220521).
+ revise kon/kon2/jfbterm to undo "linux2.6" change to
smacs/rmacs/enacs (Debian #1012800) -TD
+ amended note for att610+cvis0, as per documentation for att610,
att620, att730 -TD
++++ libproxy:
- Update to version 0.4.18:
+ build: Allow configuration of sysconfig module.
+ config_envvar: Add environment variable for pacrunner
debugging.
+ build: disable mozjs by default.
+ python: Support Python 3.10 and above.
+ Add Duktape pacrunner module.
+ config_kde: Compute list of config file locations ourselves.
+ cpmfog_gnome3: Add gnome-wayland to permitted DESKTOP_SESSION.
- Drop libproxy-python-310.patch: fixed upstream.
- Build duktape pacrunner module:
+ Add pkgconfig(duktape): new dependency.
+ Split new subpackage libproxy1-pacrunner-duktape.
+ Suggest duktape pacrunner for config modules recommending a
pacrunner.
++++ logrotate:
- Removed %{_distconfdir}/logrotate.d directory from spec file.
It will be handled by package filesystem.
++++ perl-Bootloader:
- Moved logrotate files from user specific directory /etc/logrotate.d
to vendor specific directory /usr/etc/logrotate.d.
++++ rsync:
- Moved logrotate files from user specific directory /etc/logrotate.d
to vendor specific directory /usr/etc/logrotate.d.
++++ tar:
- Fix race condition while creating intermediate subdirectories,
bsc#1200657
* bsc1200657.patch
++++ vim:
- Updated to version 8.2.5136, fixes the following problems
- CVE-2022-2129 - boo#1200701
- CVE-2022-2124 - boo#1200697
- CVE-2022-2125 - boo#1200698
- CVE-2022-2126 - boo#1200700
* Autocmd test still fails on MS-Windows.
* When the GUI shows a dialog tests get stuck.
* Gcc gives warning for signed/unsigned difference.
* CI runs on Windows 2019.
* Cannot build with clang on MS-Windows.
* Value of cmod_verbose is a bit complicated to use.
* Some functions return a different value on failure.
* Terminal test fails with some shell commands.
* Using "'<,'>" in Ex mode may compare unrelated pointers.
* Error message for unknown command may mention the command twice. (Malcolm
Rowe)
* Terminal test still fails with some shell commands.
* Using uninitialized memory when using 'listchars'.
* Spelldump test sometimes hangs.
* Some terminal tests are not retried.
* Memory usage tests are not retried.
* MS-Windows with MinGW: $CC may be "cc" instead of "gcc".
* Interrupt not caught in test.
* Build fails with small features.
* Default cmdwin mappings are re-mappable.
* Some callers of rettv_list_alloc() check for not OK. (Christ van Willegen)
* Retab test disabled because it hangs on MS-Windows.
* Mode not updated after CTRL-O CTRL-C in Insert mode.
* Icon filetype not recognized from the first line.
* No test for --gui-dialog-file.
* Timer becomes invalid after fork/exec, :gui gives errors. (Gabriel Dupras)
* Time limit on searchpair() does not work properly.
* Search timeout is overrun with some patterns.
* "limit" option of matchfuzzy() not always respected.
* Crash when calling a Lua callback from a :def function. (Bohdan Makohin)
* Searching for quotes may go over the end of the line.
* Interrupt test sometimes fails.
* Lisp indenting my run over the end of the line.
* Using invalid index when looking for spell suggestions.
* When syntax timeout test fails it does not show the time.
* Substitute may overrun destination buffer.
* Using assert_true() does not show value on failure.
* Syntax highlighting disabled when using synID() in searchpair() skip
expression and it times out. (Jaehwang Jung)
* Timeout handling is not optimal.
* Edit test for mode message fails when using valgrind.
* Timeout implementation is not optimal.
* :mkview test doesn't test much.
* Function has confusing name.
* Running configure gives warnings for main() return type.
++++ wpa_supplicant:
- Remove Revert-DBus-Add-sae-to-interface-key_mgmt-capabilities.patch
Fixed in NetworkManager (glfo#NetworkManager/NetworkManager#a0988868).
Wifi cards, wich do not support PMF/BIP ciphers, should not use
SAE as key management. (bsc#1195312)
------------------------------------------------------------------
------------------ 2022-6-19 - Jun 19 2022 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Update to 5.19-rc3
- update configs
- XILINX_INTC=y (OF architectures - i386, ppc64/ppc64le, riscv64)
- commit e8495ca
++++ python-msgpack:
- update to 1.0.4:
* Support Python 3.11 (beta)
* refresh ci settings.
* Don't define _*ENDIAN macro on Unix.
* Update setuptools and black
* Use PyFloat_Pack8() on Python 3.11a7
* Upgrade black to fix CI
* Fix Unpacker max_buffer_length handling
* ci: Update action versions.
------------------------------------------------------------------
------------------ 2022-6-17 - Jun 17 2022 -------------------
------------------------------------------------------------------
++++ NetworkManager:
- Update to version 1.38.2:
+ Fix race condition with pppd that caused failures when
activating PPPoE connections.
+ Unbreak DHCPv6 over PPP.
+ Don't ignore IPv6 DNS servers received from PPP.
+ Fix crash while checking WEP capability of Wi-Fi interfaces.
+ Ensure DHCP is restarted every time the link goes up.
+ Fix struct alignment issues seen on some architectures.
+ Various other bugfixes and improvements.
++++ cockpit:
- css-overrides.patch: css overrides for better theming support
++++ cockpit-machines:
- load-css-overrides.patch: css overrides for better theming support
++++ cockpit-podman:
- load-css-overrides.patch: css overrides for better theming support
++++ librsvg:
- Update to version 2.54.4:
+ Support CSS Color 4 syntax for <alpha-value>. Opacities can be
specified as numbers or percentages now, e.g. 0.5 or 50%.
+ Roll back minimum required version of Pango to 1.46.0.
+ Fix Windows NMake install when documentation is not built.
++++ gtk3:
- Add dependency "python3x-gobject-Gdk if python3x-gobject" to the
typelib package (boo#1200614).
++++ open-iscsi:
- For Tumbleweed, moved logrotate files from user-specific
directory /etc/logrotate.d to vendor-specific
/usr/etc/logrotate.d
(for Stefan Schubert <schubi@suse.com>)
++++ pam:
- Keep old directory in filelist for migration
------------------------------------------------------------------
------------------ 2022-6-16 - Jun 16 2022 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Linux 5.18.5 (bsc#1012628).
- x86/speculation/mmio: Print SMT warning (bsc#1012628).
- KVM: x86/speculation: Disable Fill buffer clear within guests
(bsc#1012628).
- x86/speculation/mmio: Reuse SRBDS mitigation for SBDS
(bsc#1012628).
- x86/speculation/srbds: Update SRBDS mitigation selection
(bsc#1012628).
- x86/speculation/mmio: Add sysfs reporting for Processor MMIO
Stale Data (bsc#1012628).
- x86/speculation/mmio: Enable CPU Fill buffer clearing on idle
(bsc#1012628).
- x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations
(bsc#1012628).
- x86/speculation/mmio: Add mitigation for Processor MMIO Stale
Data (bsc#1012628).
- x86/speculation: Add a common function for MD_CLEAR mitigation
update (bsc#1012628).
- x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug
(bsc#1012628).
- Documentation: Add documentation for Processor MMIO Stale Data
(bsc#1012628).
- commit 0ac72f9
++++ llvm15:
- Update to version 14.0.5.
* This release contains bug-fixes for the LLVM 14.0.0 release.
This release is API and ABI compatible with 14.0.0.
- Rebase llvm-do-not-install-static-libraries.patch.
++++ salt:
- Fix PAM auth issue due missing check for PAM_ACCT_MGM return value (CVE-2022-22967) (bsc#1200566)
- Added:
* fix-for-cve-2022-22967-bsc-1200566.patch
------------------------------------------------------------------
------------------ 2022-6-15 - Jun 15 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- let Mesa-libGL-devel require libX11-devel via pkgconfig(x11)
(boo#1200559)
++++ Mesa-drivers:
- let Mesa-libGL-devel require libX11-devel via pkgconfig(x11)
(boo#1200559)
++++ chrony:
- Moved logrotate files from user specific directory /etc/logrotate.d
to vendor specific directory /usr/etc/logrotate.d.
++++ kernel-default:
- Linux 5.18.4 (bsc#1012628).
- pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (bsc#1012628).
- staging: greybus: codecs: fix type confusion of list iterator
variable (bsc#1012628).
- iio: adc: ad7124: Remove shift from scan_type (bsc#1012628).
- soundwire: qcom: fix an error message in
swrm_wait_for_frame_gen_enabled() (bsc#1012628).
- remoteproc: mediatek: Fix side effect of mt8195 sram power on
(bsc#1012628).
- remoteproc: mtk_scp: Fix a potential double free (bsc#1012628).
- lkdtm/bugs: Check for the NULL pointer after calling kmalloc
(bsc#1012628).
- lkdtm/bugs: Don't expect thread termination without
CONFIG_UBSAN_TRAP (bsc#1012628).
- tty: goldfish: Use tty_port_destroy() to destroy port
(bsc#1012628).
- tty: serial: owl: Fix missing clk_disable_unprepare() in
owl_uart_probe (bsc#1012628).
- tty: n_tty: Restore EOF push handling behavior (bsc#1012628).
- serial: 8250_aspeed_vuart: Fix potential NULL dereference in
aspeed_vuart_probe (bsc#1012628).
- tty: serial: fsl_lpuart: fix potential bug when using both
of_alias_get_id and ida_simple_get (bsc#1012628).
- remoteproc: imx_rproc: Ignore create mem entry for resource
table (bsc#1012628).
- phy: rockchip-inno-usb2: Fix muxed interrupt support
(bsc#1012628).
- staging: r8188eu: fix struct rt_firmware_hdr (bsc#1012628).
- usb: usbip: fix a refcount leak in stub_probe() (bsc#1012628).
- usb: usbip: add missing device lock on tweak configuration cmd
(bsc#1012628).
- USB: storage: karma: fix rio_karma_init return (bsc#1012628).
- usb: musb: Fix missing of_node_put() in omap2430_probe
(bsc#1012628).
- staging: fieldbus: Fix the error handling path in
anybuss_host_common_probe() (bsc#1012628).
- pwm: lp3943: Fix duty calculation in case period was clamped
(bsc#1012628).
- pwm: raspberrypi-poe: Fix endianness in firmware struct
(bsc#1012628).
- rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value
(bsc#1012628).
- usb: dwc3: gadget: Replace list_for_each_entry_safe() if using
giveback (bsc#1012628).
- usb: dwc3: pci: Fix pm_runtime_get_sync() error checking
(bsc#1012628).
- scripts/get_abi: Fix wrong script file name in the help message
(bsc#1012628).
- misc: fastrpc: fix an incorrect NULL check on list iterator
(bsc#1012628).
- firmware: stratix10-svc: fix a missing check on list iterator
(bsc#1012628).
- usb: typec: mux: Check dev_set_name() return value
(bsc#1012628).
- rpmsg: virtio: Fix possible double free in rpmsg_probe()
(bsc#1012628).
- rpmsg: virtio: Fix possible double free in
rpmsg_virtio_add_ctrl_dev() (bsc#1012628).
- rpmsg: virtio: Fix the unregistration of the device rpmsg_ctrl
(bsc#1012628).
- iio: adc: stmpe-adc: Fix wait_for_completion_timeout return
value check (bsc#1012628).
- iio: proximity: vl53l0x: Fix return value check of
wait_for_completion_timeout (bsc#1012628).
- iio: adc: sc27xx: fix read big scale voltage not right
(bsc#1012628).
- iio: adc: sc27xx: Fine tune the scale calibration values
(bsc#1012628).
- rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map()
fails (bsc#1012628).
- misc/pvpanic: Convert regular spinlock into trylock on panic
path (bsc#1012628).
- phy: qcom-qmp: fix pipe-clock imbalance on power-on failure
(bsc#1012628).
- power: supply: core: Initialize struct to zero (bsc#1012628).
- power: supply: axp288_fuel_gauge: Fix battery reporting on
the One Mix 1 (bsc#1012628).
- power: supply: axp288_fuel_gauge: Drop BIOS version check from
"T3 MRD" DMI quirk (bsc#1012628).
- power: supply: ab8500_fg: Allocate wq in probe (bsc#1012628).
- serial: sifive: Report actual baud base rather than fixed 115200
(bsc#1012628).
- export: fix string handling of namespace in EXPORT_SYMBOL_NS
(bsc#1012628).
- watchdog: rzg2l_wdt: Fix 32bit overflow issue (bsc#1012628).
- watchdog: rzg2l_wdt: Fix Runtime PM usage (bsc#1012628).
- watchdog: rzg2l_wdt: Fix 'BUG: Invalid wait context'
(bsc#1012628).
- watchdog: rzg2l_wdt: Fix reset control imbalance (bsc#1012628).
- soundwire: intel: prevent pm_runtime resume prior to system
suspend (bsc#1012628).
- soundwire: qcom: return error when pm_runtime_get_sync fails
(bsc#1012628).
- coresight: cpu-debug: Replace mutex with mutex_trylock on
panic notifier (bsc#1012628).
- ksmbd: fix reference count leak in smb_check_perm_dacl()
(bsc#1012628).
- extcon: ptn5150: Add queue work sync before driver release
(bsc#1012628).
- dt-bindings: remoteproc: mediatek: Make l1tcm reg exclusive
to mt819x (bsc#1012628).
- soc: rockchip: Fix refcount leak in rockchip_grf_init
(bsc#1012628).
- clocksource/drivers/riscv: Events are stopped during CPU suspend
(bsc#1012628).
- ARM: dts: aspeed: ast2600-evb: Enable RX delay for MAC0/MAC1
(bsc#1012628).
- rtc: mt6397: check return value after calling
platform_get_resource() (bsc#1012628).
- rtc: ftrtc010: Fix error handling in ftrtc010_rtc_probe
(bsc#1012628).
- staging: r8188eu: add check for kzalloc (bsc#1012628).
- serial: meson: acquire port->lock in startup() (bsc#1012628).
- Revert "serial: 8250_mtk: Make sure to select the right
FEATURE_SEL" (bsc#1012628).
- serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485
(bsc#1012628).
- serial: cpm_uart: Fix build error without
CONFIG_SERIAL_CPM_CONSOLE (bsc#1012628).
- serial: uartlite: Fix BRKINT clearing (bsc#1012628).
- serial: digicolor-usart: Don't allow CS5-6 (bsc#1012628).
- serial: rda-uart: Don't allow CS5-6 (bsc#1012628).
- serial: txx9: Don't allow CS5-6 (bsc#1012628).
- serial: sh-sci: Don't allow CS5-6 (bsc#1012628).
- serial: sifive: Sanitize CSIZE and c_iflag (bsc#1012628).
- serial: st-asc: Sanitize CSIZE and correct PARENB for CS7
(bsc#1012628).
- serial: stm32-usart: Correct CSIZE, bits, and parity
(bsc#1012628).
- firmware: dmi-sysfs: Fix memory leak in
dmi_sysfs_register_handle (bsc#1012628).
- bus: ti-sysc: Fix warnings for unbind for serial (bsc#1012628).
- driver: base: fix UAF when driver_attach failed (bsc#1012628).
- driver core: fix deadlock in __device_attach (bsc#1012628).
- watchdog: rti-wdt: Fix pm_runtime_get_sync() error checking
(bsc#1012628).
- watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe
(bsc#1012628).
- blk-mq: don't touch ->tagset in blk_mq_get_sq_hctx
(bsc#1012628).
- ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (bsc#1012628).
- scsi: sd: Don't call blk_cleanup_disk() in sd_probe()
(bsc#1012628).
- clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map()
return value (bsc#1012628).
- s390/crypto: fix scatterwalk_unmap() callers in AES-GCM
(bsc#1012628).
- amt: fix return value of amt_update_handler() (bsc#1012628).
- amt: fix possible memory leak in amt_rcv() (bsc#1012628).
- net: ethernet: ti: am65-cpsw: Fix fwnode passed to
phylink_create() (bsc#1012628).
- net/smc: set ini->smcrv2.ib_dev_v2 to NULL if SMC-Rv2 is
unavailable (bsc#1012628).
- spi: fsi: Fix spurious timeout (bsc#1012628).
- drm/amdgpu: Off by one in dm_dmub_outbox1_low_irq()
(bsc#1012628).
- net: lan966x: check devm_of_phy_get() for -EDEFER_PROBE
(bsc#1012628).
- net: sched: fixed barrier to prevent skbuff sticking in qdisc
backlog (bsc#1012628).
- net: ethernet: mtk_eth_soc: out of bounds read in
mtk_hwlro_get_fdir_entry() (bsc#1012628).
- net: ethernet: ti: am65-cpsw-nuss: Fix some refcount leaks
(bsc#1012628).
- net: dsa: mv88e6xxx: Fix refcount leak in
mv88e6xxx_mdios_register (bsc#1012628).
- modpost: fix removing numeric suffixes (bsc#1012628).
- block, loop: support partitions without scanning (bsc#1012628).
- ep93xx: clock: Do not return the address of the freed memory
(bsc#1012628).
- jffs2: fix memory leak in jffs2_do_fill_super (bsc#1012628).
- ubi: fastmap: Fix high cpu usage of ubi_bgt by making sure
wl_pool not empty (bsc#1012628).
- ubi: ubi_create_volume: Fix use-after-free when volume creation
failed (bsc#1012628).
- selftests/bpf: fix stacktrace_build_id with missing
kprobe/urandom_read (bsc#1012628).
- bpf: Fix probe read error in ___bpf_prog_run() (bsc#1012628).
- block: take destination bvec offsets into account in
bio_copy_data_iter (bsc#1012628).
- nbd: don't clear 'NBD_CMD_INFLIGHT' flag if request is not
completed (bsc#1012628).
- nbd: fix possible overflow on 'first_minor' in nbd_dev_add()
(bsc#1012628).
- riscv: read-only pages should not be writable (bsc#1012628).
- net/smc: fixes for converting from "struct smc_cdc_tx_pend **"
to "struct smc_wr_tx_pend_priv *" (bsc#1012628).
- tcp: add accessors to read/set tp->snd_cwnd (bsc#1012628).
- nfp: only report pause frame configuration for physical device
(bsc#1012628).
- block: use bio_queue_enter instead of blk_queue_enter in
bio_poll (bsc#1012628).
- bonding: NS target should accept link local address
(bsc#1012628).
- sfc: fix considering that all channels have TX queues
(bsc#1012628).
- sfc: fix wrong tx channel offset with efx_separate_tx_channels
(bsc#1012628).
- block: make bioset_exit() fully resilient against being called
twice (bsc#1012628).
- sched/autogroup: Fix sysctl move (bsc#1012628).
- blk-mq: do not update io_ticks with passthrough requests
(bsc#1012628).
- net: phy: at803x: disable WOL at probe (bsc#1012628).
- bonding: show NS IPv6 targets in proc master info (bsc#1012628).
- erofs: fix 'backmost' member of z_erofs_decompress_frontend
(bsc#1012628).
- vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit (bsc#1012628).
- virtio: pci: Fix an error handling path in vp_modern_probe()
(bsc#1012628).
- net/mlx5: Don't use already freed action pointer (bsc#1012628).
- net/mlx5e: TC NIC mode, fix tc chains miss table (bsc#1012628).
- net/mlx5: CT: Fix header-rewrite re-use for tupels
(bsc#1012628).
- net/mlx5e: Disable softirq in mlx5e_activate_rq to avoid race
condition (bsc#1012628).
- net/mlx5: correct ECE offset in query qp output (bsc#1012628).
- net/mlx5e: Update netdev features after changing XDP state
(bsc#1012628).
- net: sched: add barrier to fix packet stuck problem for lockless
qdisc (bsc#1012628).
- tcp: tcp_rtx_synack() can be called from process context
(bsc#1012628).
- vdpa: ifcvf: set pci driver data in probe (bsc#1012628).
- bonding: guard ns_targets by CONFIG_IPV6 (bsc#1012628).
- octeontx2-af: fix error code in is_valid_offset() (bsc#1012628).
- s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST
flag (bsc#1012628).
- regulator: mt6315-regulator: fix invalid allowed mode
(bsc#1012628).
- net: ping6: Fix ping -6 with interface name (bsc#1012628).
- net/sched: act_api: fix error code in
tcf_ct_flow_table_fill_tuple_ipv6() (bsc#1012628).
- gpio: pca953x: use the correct register address to do regcache
sync (bsc#1012628).
- afs: Fix infinite loop found by xfstest generic/676
(bsc#1012628).
- drm/msm/dp: Always clear mask bits to disable interrupts at
dp_ctrl_reset_irq_ctrl() (bsc#1012628).
- scsi: sd: Fix potential NULL pointer dereference (bsc#1012628).
- ax25: Fix ax25 session cleanup problems (bsc#1012628).
- nfp: remove padding in nfp_nfdk_tx_desc (bsc#1012628).
- tipc: check attribute length for bearer name (bsc#1012628).
- driver core: Fix wait_for_device_probe() &
deferred_probe_timeout interaction (bsc#1012628).
- perf evsel: Fixes topdown events in a weak group for the hybrid
platform (bsc#1012628).
- perf parse-events: Move slots event for the hybrid platform too
(bsc#1012628).
- perf record: Support sample-read topdown metric group for
hybrid platforms (bsc#1012628).
- perf c2c: Fix sorting in percent_rmt_hitm_cmp() (bsc#1012628).
- Bluetooth: MGMT: Add conditions for setting
HCI_CONN_FLAG_REMOTE_WAKEUP (bsc#1012628).
- Bluetooth: hci_sync: Fix attempting to suspend with unfiltered
passive scan (bsc#1012628).
- bluetooth: don't use bitmaps for random flag accesses
(bsc#1012628).
- dmaengine: idxd: set DMA_INTERRUPT cap bit (bsc#1012628).
- mips: cpc: Fix refcount leak in mips_cpc_default_phys_base
(bsc#1012628).
- bootconfig: Make the bootconfig.o as a normal object file
(bsc#1012628).
- tracing: Make tp_printk work on syscall tracepoints
(bsc#1012628).
- tracing: Fix sleeping function called from invalid context on
RT kernel (bsc#1012628).
- tracing: Avoid adding tracer option before update_tracer_options
(bsc#1012628).
- i2c: mediatek: Optimize master_xfer() and avoid circular locking
(bsc#1012628).
- iommu/arm-smmu: fix possible null-ptr-deref in
arm_smmu_device_probe() (bsc#1012628).
- iommu/arm-smmu-v3: check return value after calling
platform_get_resource() (bsc#1012628).
- f2fs: remove WARN_ON in f2fs_is_valid_blkaddr (bsc#1012628).
- f2fs: avoid infinite loop to flush node pages (bsc#1012628).
- i2c: cadence: Increase timeout per message if necessary
(bsc#1012628).
- m68knommu: set ZERO_PAGE() to the allocated zeroed page
(bsc#1012628).
- m68knommu: fix undefined reference to `_init_sp' (bsc#1012628).
- dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size
data type (bsc#1012628).
- NFSv4: Don't hold the layoutget locks across multiple RPC calls
(bsc#1012628).
- video: fbdev: hyperv_fb: Allow resolutions with size > 64 MB
for Gen1 (bsc#1012628).
- video: fbdev: pxa3xx-gcu: release the resources correctly in
pxa3xx_gcu_probe/remove() (bsc#1012628).
- RISC-V: use memcpy for kexec_file mode (bsc#1012628).
- m68knommu: fix undefined reference to `mach_get_rtc_pll'
(bsc#1012628).
- rtla/Makefile: Properly handle dependencies (bsc#1012628).
- f2fs: fix to tag gcing flag on page during file defragment
(bsc#1012628).
- xprtrdma: treat all calls not a bcall when bc_serv is NULL
(bsc#1012628).
- drm/bridge: ti-sn65dsi83: Handle dsi_lanes == 0 as invalid
(bsc#1012628).
- drm/panfrost: Job should reference MMU not file_priv
(bsc#1012628).
- powerpc/papr_scm: don't requests stats with '0' sized stats
buffer (bsc#1012628).
- netfilter: nat: really support inet nat without l3 address
(bsc#1012628).
- netfilter: nf_tables: use kfree_rcu(ptr, rcu) to release hooks
in clean_net path (bsc#1012628).
- netfilter: nf_tables: delete flowtable hooks via transaction
list (bsc#1012628).
- powerpc/kasan: Force thread size increase with KASAN
(bsc#1012628).
- NFSD: Fix potential use-after-free in nfsd_file_put()
(bsc#1012628).
- SUNRPC: Trap RDMA segment overflows (bsc#1012628).
- netfilter: nf_tables: always initialize flowtable hook list
in transaction (bsc#1012628).
- ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe
(bsc#1012628).
- netfilter: nf_tables: release new hooks on unsupported flowtable
flags (bsc#1012628).
- netfilter: nf_tables: memleak flow rule from commit path
(bsc#1012628).
- netfilter: nf_tables: bail out early if hardware offload is
not supported (bsc#1012628).
- amt: fix wrong usage of pskb_may_pull() (bsc#1012628).
- amt: fix possible null-ptr-deref in amt_rcv() (bsc#1012628).
- amt: fix wrong type string definition (bsc#1012628).
- net: ethernet: bgmac: Fix refcount leak in
bcma_mdio_mii_register (bsc#1012628).
- xen: unexport __init-annotated xen_xlate_map_ballooned_pages()
(bsc#1012628).
- stmmac: intel: Fix an error handling path in
intel_eth_pci_probe() (bsc#1012628).
- af_unix: Fix a data-race in unix_dgram_peer_wake_me()
(bsc#1012628).
- selftests net: fix bpf build error (bsc#1012628).
- x86: drop bogus "cc" clobber from __try_cmpxchg_user_asm()
(bsc#1012628).
- bpf, arm64: Clear prog->jited_len along prog->jited
(bsc#1012628).
- net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list
(bsc#1012628).
- net/mlx4_en: Fix wrong return value on ioctl EEPROM query
failure (bsc#1012628).
- xsk: Fix handling of invalid descriptors in XSK TX batching API
(bsc#1012628).
- drm/amdgpu: fix limiting AV1 to the first instance on VCN3
(bsc#1012628).
- SUNRPC: Fix the calculation of xdr->end in
xdr_get_next_encode_buffer() (bsc#1012628).
- net: mdio: unexport __init-annotated mdio_bus_init()
(bsc#1012628).
- net: xfrm: unexport __init-annotated xfrm4_protocol_init()
(bsc#1012628).
- net: ipv6: unexport __init-annotated seg6_hmac_init()
(bsc#1012628).
- net/mlx5e: CT: Fix cleanup of CT before cleanup of TC ct rules
(bsc#1012628).
- net/mlx5: Lag, filter non compatible devices (bsc#1012628).
- net/mlx5: Fix mlx5_get_next_dev() peer device matching
(bsc#1012628).
- net/mlx5: Rearm the FW tracer after each tracer event
(bsc#1012628).
- net/mlx5: fs, fail conflicting actions (bsc#1012628).
- ip_gre: test csum_start instead of transport header
(bsc#1012628).
- net: altera: Fix refcount leak in altera_tse_mdio_create
(bsc#1012628).
- net: dsa: mv88e6xxx: use BMSR_ANEGCOMPLETE bit for filling
an_complete (bsc#1012628).
- net: dsa: realtek: rtl8365mb: fix GMII caps for ports with
internal PHY (bsc#1012628).
- tcp: use alloc_large_system_hash() to allocate table_perturb
(bsc#1012628).
- drm: imx: fix compiler warning with gcc-12 (bsc#1012628).
- nfp: flower: restructure flow-key for gre+vlan combination
(bsc#1012628).
- net: seg6: fix seg6_lookup_any_nexthop() to handle VRFs using
flowi_l3mdev (bsc#1012628).
- iov_iter: Fix iter_xarray_get_pages{,_alloc}() (bsc#1012628).
- iio: dummy: iio_simple_dummy: check the return value of
kstrdup() (bsc#1012628).
- staging: rtl8712: fix a potential memory leak in
r871xu_drv_init() (bsc#1012628).
- iio: st_sensors: Add a local lock for protecting odr
(bsc#1012628).
- lkdtm/usercopy: Expand size of "out of frame" object
(bsc#1012628).
- drivers: staging: rtl8723bs: Fix deadlock in
rtw_surveydone_event_callback() (bsc#1012628).
- drivers: staging: rtl8192bs: Fix deadlock in
rtw_joinbss_event_prehandle() (bsc#1012628).
- drivers: staging: rtl8192eu: Fix deadlock in
rtw_joinbss_event_prehandle (bsc#1012628).
- tty: synclink_gt: Fix null-pointer-dereference in slgt_clean()
(bsc#1012628).
- tty: Fix a possible resource leak in icom_probe (bsc#1012628).
- thunderbolt: Use different lane for second DisplayPort tunnel
(bsc#1012628).
- drivers: staging: rtl8192u: Fix deadlock in
ieee80211_beacons_stop() (bsc#1012628).
- drivers: staging: rtl8192e: Fix deadlock in
rtllib_beacons_stop() (bsc#1012628).
- USB: host: isp116x: check return value after calling
platform_get_resource() (bsc#1012628).
- drivers: tty: serial: Fix deadlock in sa1100_set_termios()
(bsc#1012628).
- drivers: usb: host: Fix deadlock in oxu_bus_suspend()
(bsc#1012628).
- USB: hcd-pci: Fully suspend across freeze/thaw cycle
(bsc#1012628).
- char: xillybus: fix a refcount leak in cleanup_dev()
(bsc#1012628).
- sysrq: do not omit current cpu when showing backtrace of all
active CPUs (bsc#1012628).
- usb: dwc2: gadget: don't reset gadget's driver->bus
(bsc#1012628).
- usb: dwc3: host: Stop setting the ACPI companion (bsc#1012628).
- usb: dwc3: gadget: Only End Transfer for ep0 data phase
(bsc#1012628).
- soundwire: qcom: adjust autoenumeration timeout (bsc#1012628).
- misc: rtsx: set NULL intfdata when probe fails (bsc#1012628).
- extcon: Fix extcon_get_extcon_dev() error handling
(bsc#1012628).
- extcon: Modify extcon device to be created after driver data
is set (bsc#1012628).
- clocksource/drivers/sp804: Avoid error on multiple instances
(bsc#1012628).
- staging: rtl8712: fix uninit-value in usb_read8() and friends
(bsc#1012628).
- staging: rtl8712: fix uninit-value in r871xu_drv_init()
(bsc#1012628).
- serial: msm_serial: disable interrupts in __msm_console_write()
(bsc#1012628).
- kernfs: Separate kernfs_pr_cont_buf and rename_lock
(bsc#1012628).
- watchdog: wdat_wdt: Stop watchdog when rebooting the system
(bsc#1012628).
- ksmbd: smbd: fix connection dropped issue (bsc#1012628).
- md: protect md_unregister_thread from reentrancy (bsc#1012628).
- ASoC: SOF: amd: Fixed Build error (bsc#1012628).
- scsi: myrb: Fix up null pointer access on myrb_cleanup()
(bsc#1012628).
- ASoC: rt5640: Do not manipulate pin "Platform Clock" if the
"Platform Clock" is not in the DAPM (bsc#1012628).
- ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1012628).
- ceph: flush the mdlog for filesystem sync (bsc#1012628).
- ceph: fix possible deadlock when holding Fwb to get inline_data
(bsc#1012628).
- net, neigh: Set lower cap for neigh_managed_work rearming
(bsc#1012628).
- drm/amd/display: Check if modulo is 0 before dividing
(bsc#1012628).
- drm/amd/display: Check zero planes for OTG disable W/A on
clock change (bsc#1012628).
- drm/radeon: fix a possible null pointer dereference
(bsc#1012628).
- drm/amd/pm: fix a potential gpu_metrics_table memory leak
(bsc#1012628).
- drm/amd/pm: Fix missing thermal throttler status (bsc#1012628).
- drm/amd/pm: correct the metrics version for SMU 11.0.11/12/13
(bsc#1012628).
- um: line: Use separate IRQs per line (bsc#1012628).
- modpost: fix undefined behavior of is_arm_mapping_symbol()
(bsc#1012628).
- objtool: Mark __ubsan_handle_builtin_unreachable() as noreturn
(bsc#1012628).
- x86/cpu: Elide KCSAN for cpu_has() and friends (bsc#1012628).
- jump_label,noinstr: Avoid instrumentation for JUMP_LABEL=n
builds (bsc#1012628).
- nbd: call genl_unregister_family() first in nbd_cleanup()
(bsc#1012628).
- nbd: fix race between nbd_alloc_config() and module removal
(bsc#1012628).
- nbd: fix io hung while disconnecting device (bsc#1012628).
- Revert "PCI: brcmstb: Do not turn off WOL regulators on suspend"
(bsc#1012628).
- Revert "PCI: brcmstb: Add control of subdevice voltage
regulators" (bsc#1012628).
- Revert "PCI: brcmstb: Add mechanism to turn on subdev
regulators" (bsc#1012628).
- Revert "PCI: brcmstb: Split brcm_pcie_setup() into two funcs"
(bsc#1012628).
- cifs: fix potential deadlock in direct reclaim (bsc#1012628).
- s390/gmap: voluntarily schedule during key setting
(bsc#1012628).
- cifs: version operations for smb20 unneeded when legacy support
disabled (bsc#1012628).
- drm/amd/pm: use bitmap_{from,to}_arr32 where appropriate
(bsc#1012628).
- nodemask: Fix return values to be unsigned (bsc#1012628).
- scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in
lpfc_ct_reject_event() (bsc#1012628).
- vringh: Fix loop descriptors check in the indirect cases
(bsc#1012628).
- platform/x86: barco-p50-gpio: Add check for
platform_driver_register (bsc#1012628).
- scripts/gdb: change kernel config dumping method (bsc#1012628).
- platform/x86: hp-wmi: Resolve WMI query failures on some devices
(bsc#1012628).
- platform/x86: hp-wmi: Use zero insize parameter only when
supported (bsc#1012628).
- ALSA: usb-audio: Skip generic sync EP parse for secondary EP
(bsc#1012628).
- ALSA: usb-audio: Set up (implicit) sync for Saffire 6
(bsc#1012628).
- ALSA: hda/conexant - Fix loopback issue with CX20632
(bsc#1012628).
- ALSA: hda/realtek: Fix for quirk to enable speaker output on
the Lenovo Yoga DuetITL 2021 (bsc#1012628).
- ALSA: hda/realtek: Add quirk for HP Dev One (bsc#1012628).
- cifs: return errors during session setup during reconnects
(bsc#1012628).
- cifs: fix reconnect on smb3 mount types (bsc#1012628).
- cifs: populate empty hostnames for extra channels (bsc#1012628).
- scsi: sd: Fix interpretation of VPD B9h length (bsc#1012628).
- scsi: lpfc: Resolve some cleanup issues following abort path
refactoring (bsc#1012628).
- scsi: lpfc: Resolve some cleanup issues following SLI path
refactoring (bsc#1012628).
- scsi: lpfc: Address NULL pointer dereference after
starget_to_rport() (bsc#1012628).
- KVM: x86/mmu: Check every prev_roots in
__kvm_mmu_free_obsolete_roots() (bsc#1012628).
- KVM: SVM: fix tsc scaling cache logic (bsc#1012628).
- filemap: Cache the value of vm_flags (bsc#1012628).
- KEYS: trusted: tpm2: Fix migratable logic (bsc#1012628).
- libata: fix reading concurrent positioning ranges log
(bsc#1012628).
- libata: fix translation of concurrent positioning ranges
(bsc#1012628).
- ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files
(bsc#1012628).
- mmc: sdhci-pci-gli: Fix GL9763E runtime PM when the system
resumes from suspend (bsc#1012628).
- mmc: block: Fix CQE recovery reset success (bsc#1012628).
- net: phy: dp83867: retrigger SGMII AN when link change
(bsc#1012628).
- net: openvswitch: fix misuse of the cached connection on tuple
changes (bsc#1012628).
- writeback: Fix inode->i_io_list not be protected by
inode->i_lock error (bsc#1012628).
- nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION
(bsc#1012628).
- nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling
(bsc#1012628).
- nfc: st21nfca: fix incorrect sizing calculations in
EVT_TRANSACTION (bsc#1012628).
- ixgbe: fix bcast packets Rx on VF after promisc removal
(bsc#1012628).
- ixgbe: fix unexpected VLAN Rx in promisc mode on VF
(bsc#1012628).
- Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag
(bsc#1012628).
- vduse: Fix NULL pointer dereference on sysfs access
(bsc#1012628).
- cpuidle,intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE (bsc#1012628).
- mm/huge_memory: Fix xarray node memory leak (bsc#1012628).
- powerpc: Don't select HAVE_IRQ_EXIT_ON_IRQ_STACK (bsc#1012628).
- drm/amdkfd:Fix fw version for 10.3.6 (bsc#1012628).
- drm/bridge: analogix_dp: Support PSR-exit to disable transition
(bsc#1012628).
- drm/atomic: Force bridge self-refresh-exit on CRTC switch
(bsc#1012628).
- drm/amdgpu/jpeg2: Add jpeg vmid update under IB submit
(bsc#1012628).
- drm/amd/display: remove stale config guards (bsc#1012628).
- drm/amdgpu: update VCN codec support for Yellow Carp
(bsc#1012628).
- virtio-rng: make device ready before making request
(bsc#1012628).
- powerpc/32: Fix overread/overwrite of thread_struct via ptrace
(bsc#1012628).
- random: avoid checking crng_ready() twice in random_init()
(bsc#1012628).
- random: mark bootloader randomness code as __init (bsc#1012628).
- random: account for arch randomness in bits (bsc#1012628).
- md/raid0: Ignore RAID0 layout if the second zone has only one
device (bsc#1012628).
- zonefs: fix handling of explicit_open option on mount
(bsc#1012628).
- iov_iter: fix build issue due to possible type mis-match
(bsc#1012628).
- dmaengine: idxd: add missing callback function to support
DMA_INTERRUPT (bsc#1012628).
- tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (bsc#1012628).
- net/mlx5: E-Switch, pair only capable devices (bsc#1012628).
- Update config files.
- commit c6d8e6e
++++ libcontainers-common:
- Use $() again in %post, but with a space for POSIX compliance
++++ libnettle:
- Make shared libraries executable
++++ libvorbis:
- Remove bad %defattr - not needed and causes SHLIB non-executable
rpmlint error
++++ libzypp:
- appdata plugin: Pass path to the repodata/ directory inside the
cache (bsc#1197684)
- zypp-rpm: flush rpm script output buffer before sending
endOfScriptTag.
- version 17.30.2 (22)
++++ python-PyYAML:
- Clean up the SPEC file.
++++ zypper:
- Basic JobReport for "cmdout/monitor".
- versioncmp: if verbose, also print the edition 'parts' which are
compared.
- Make sure MediaAccess is closed on exception (bsc#1194550)
- Display plus-content hint conditionally (fixes #433)
- Honor the NO_COLOR environment variable when auto-detecting
whether to use color (fixes #432)
- Define table columns which should be sorted natural [case
insensitive] (fixes #391, closes #396, fixes #424)
- lr/ls: Use highlight color on name and alias as well.
- version 1.14.53
------------------------------------------------------------------
------------------ 2022-6-14 - Jun 14 2022 -------------------
------------------------------------------------------------------
++++ filesystem:
- Add Serbian (sr) man pages directory
- Add /usr/etc/logrotate.d
++++ kernel-default:
- kernel-binary.spec: check s390x vmlinux location
As a side effect of mainline commit edd4a8667355 ("s390/boot: get rid of
startup archive"), vmlinux on s390x moved from "compressed" subdirectory
directly into arch/s390/boot. As the specfile is shared among branches,
check both locations and let objcopy use one that exists.
- commit cd15543
- Add missing recommends of kernel-install-tools to kernel-source-vanilla (bsc#1200442)
- commit 93b1375
++++ libcontainers-common:
- Add missing Requires(post): sed, fixes boo#1200524
- Make %post compatible with dash
++++ libvirt:
- spec: Closer alignment with upstream spec file, including
enabling more unit tests
++++ systemd-presets-common-SUSE:
- Modify branding-preset-states to fix systemd-presets-common-SUSE
not enabling new user systemd service preset configuration just
as it handles system service presets. By passing an (optional)
second parameter "user", the save/apply-changes commands now
work with user services instead of system ones (boo#1200485)
------------------------------------------------------------------
------------------ 2022-6-13 - Jun 13 2022 -------------------
------------------------------------------------------------------
++++ btrfsprogs:
- update to 5.18.1:
* fixes:
* convert: fix self reference of toplevel directory
* build: make kernel lib headers compatible with C++
* zoned mode: verify minimum zone size 4MiB
* libbtrfs: cleanups, merge headers and remove declarations of unexported
symbols
* other: documentation updates
++++ cockpit-machines:
- Update to 271.2:
* Fix test/reference setup in release tarball for tests
++++ file:
- Update to 5.42:
* PR/348: add missing cases to prevent file from aborting on
random magic files.
* PR/351: octalify filenames when not raw before printing.
* fix regex cacheing bug (Dirk Mueller)
* merge file_regcomp and file_regerror() to simplify the code
and reduce memory requirements for storing regexes (Dirk Mueller)
* cache regex (Dirk Mueller)
* detect filesystem full by flushing output (Dirk Mueller)
* implement running decompressor programs using
posix_spawnp(2) instead of vfork(2)
* Add support for msdos dates and times
* use the system byte swapping functions if available (Werner Fink)
- Port patches
* file-5.17-option.dif
* file-5.19-biorad.dif
* file-5.19-printf.dif
* file-5.19-zip2.0.dif
* file-5.28-btrfs-image.dif
* file-secure_getenv.patch
- Remove patches now upstream
* file-5.23-endian.patch
* file-5.41-cache-regexps-locale-restore.patch
* file-5.41-cache-regexps.patch
- Port and rename patch file-5.41.dif which is now file-5.42.dif
++++ k3s-install:
- Update to version 1.24.1+k3s1:
* Set default egress-selector-mode to agent
* Remove control-plane egress context and fix agent mode.
* Refactor egress-selector pods mode to watch pods
* Bump containerd and runc
* Update flaky tests for v1.24 (#5625)
* Revert "Give kubelet the node-ip value (#5579)"
* Re-add --cloud-provider=external kubelet arg
* Update to v1.24.1 (#5616)
* Bump dynamiclistener to v0.3.3
* remove dweomer from maintainers (#5582)
* Add support for configuring the EgressSelector mode
* Give kubelet the node-ip value (#5579)
* Remove errant unversioned etcd go.mod entry
* Remove objects when removed from manifests (#5560)
* Add apparmor-parser to OpenSUSE/SLE Micro test VMs
* Bump sonobuoy version and fix deprecated arg
* Build standalone containerd 1.6
* Remove --docker/dockershim support
* Always set pod-infra-container-image to protect it from image GC
* Remove deprecated flags from cloud-controller-manager
* Remove deprecated flags from kube-apiserver
* Remove deprecated flags from kubelet
* Update Kubernetes to v1.24
* Bump golang to 1.18.1
* Update CNI version in config file
* Fix typo in image scan script
* Mark v1.23.6+k3s1 stable
* Add "ipFamilyPolicy: PreferDualStack" to have dual-stack ingress support
* Move auto-generated resolv.conf out of /tmp to prevent accidental cleanup
* Check if user has a correct cluster-cidr and service-cidr config
* Replace DefaultProxyDialerFn dialer injection with EgressSelector support
* Ensure that WaitForAPIServerReady always re-dials through the loadbalancer
* Don't start embedded kubelet until after apiserver is up
* Add new `k3s completion` command for shell completion (#5461)
* Use ListWatch helpers instead of bare List/Watch
* server: Allow to enable network policies with IPv6-only
* agent(netpol): Explicitly enable IPv4 when necessary
* Bump kine to v0.9.1 for nats.io support
* Make supervisor errors parsable by Kubernetes client libs
* Drop unnecessary intermediate variable
* Add systemd cgroup controller support
* Add CNI Plugins and Flannel version to build scripts
++++ kernel-default:
- drm/format-helper: Add RGB565-to-XRGB8888 conversion (boo#1193472)
- commit b55db46
- drm/format-helper: Add RGB888-to-XRGB8888 conversion (boo#1193472)
- commit 24daa98
- drm/format-helper: Print warning on missing format conversion (boo#1193472)
- commit 4895b27
- config: add CC_NO_ARRAY_BOUNDS=y
Mainline commit f0be87c42cbd ("gcc-12: disable '-Warray-bounds' universally
for now") adds new config option CONFIG_CC_NO_ARRAY_BOUNDS which is only
present for gcc12 (and not future gcc >= 13). Therefore it is not added
with dummy gcc which pretends to be gcc20 but it is with Factory gcc12,
resulting in failed "missing config option" check.
As a quick hack, add CONFIG_CC_NO_ARRAY_BOUNDS=y to all full configs until
we have a more robust solution (manually added config option won't survive
a config update with run_oldconfig.sh).
- commit b2fb712
- config: refresh
- commit dbcb5bd
- Update to 5.19-rc2
- drop obsolete patch
- patches.suse/drm-amdgpu-always-flush-the-TLB-on-gfx8.patch
- update configs
- XEN_VIRTIO=y (x86 only)
- commit 02193c9
++++ ncurses:
- Add ncurses patch 20220612
+ modify waddch_literal() to allow for double-width base character when
merging a combining character (report by Gavin Troy).
+ improve _tracecchar_t2() formatting of base+combining character.
++++ vim:
- Updated to version 8.2.5083, fixes the following problems
- CVE-2022-2042 - boo#1200471
- CVE-2022-2000 - boo#1200405
- CVE-2022-1968 - boo#1200270
- CVE-2022-1942 - boo#1200125
* A finished terminal in a popup window does not show a scrollbar.
* Confusing error if first argument of popup_create() is wrong.
* Scrollbar thumb in scrolled popup not visible.
* Cannot close a terminal popup with "NONE" job.
* Scrollbar thumb in tall scrolled popup not visible.
* Can open a cmdline window from a substitute expression.
* Command line test fails.
* Can escape a terminal popup window when the job is finished.
* vim_regsub() can overwrite the destination.
* CurSearch highlight is often wrong.
* When using XIM the gui test may fail.
* Insufficient tests for autocommands.
* Using freed memory when searching for pattern in path.
* Check for autocmd_add() event argument is confusing.
* CI checkout step title is a bit cryptic.
* Cannot have a comment halfway an expression in an autocmd command block.
* No good filetype for conf files similar to dosini.
* Statusline is not updated when terminal title changes.
* The channel log only contains some of the raw terminal output.
* Using gettimeofday() for timeout is very inefficient.
* input() does not handle composing characters properly.
* Autoconf 2.71 produces many obsolete warnings.
* Running configure fails.
* C89 requires signal handlers to return void.
* Coverity warns for dead code.
* Error for a command may go over the end of IObuff.
* No test for what 8.1.0052 fixes.
* Wrong return type for main() in tee.c.
* Can specify multispace listchars only for whole line.
* Timer_create is not available on every Mac system. (Hisashi T Fujinaka)
* Gcc 12.1 warning when building tee.
* Unnecessary code.
* With some Mac OS version clockid_t is redefined.
* Using uninitialized value and freed memory in spell command.
* Clang on MS-Windows produces warnings.
* Spell test fails on MS-Windows.
* Clang gives an out of bounds warning.
* Unnecessary code.
* Various warnings from clang on MS-Windows.
* Substitute test has a one second delay.
* DirChanged autocommand may use freed memory. (Shane-XB Qian)
* When indenting gets out of hand it is hard to stop.
* Retab test fails.
------------------------------------------------------------------
------------------ 2022-6-12 - Jun 12 2022 -------------------
------------------------------------------------------------------
++++ mozilla-nss:
- update to NSS 3.79
* bmo#205717 - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls.
* bmo#1766907 - Update mercurial in clang-format docker image.
* bmo#1454072 - Use of uninitialized pointer in lg_init after alloc fail.
* bmo#1769295 - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo.
* bmo#1753315 - Add SECMOD_LockedModuleHasRemovableSlots.
* bmo#1387919 - Fix secasn1d parsing of indefinite SEQUENCE inside
indefinite GROUP.
* bmo#1765753 - Added RFC8422 compliant TLS <= 1.2 undefined/compressed
ECPointFormat extension alerts.
* bmo#1765753 - TLS 1.3 Server: Send protocol_version alert on
unsupported ClientHello.legacy_version.
* bmo#1764788 - Correct invalid record inner and outer content type alerts.
* bmo#1757075 - NSS does not properly import or export pkcs12 files
with large passwords and pkcs5v2 encoding.
* bmo#1766978 - improve error handling after nssCKFWInstance_CreateObjectHandle.
* bmo#1767590 - Initialize pointers passed to
NSS_CMSDigestContext_FinishMultiple.
* bmo#1769302 - NSS 3.79 should depend on NSPR 4.34
------------------------------------------------------------------
------------------ 2022-6-10 - Jun 10 2022 -------------------
------------------------------------------------------------------
++++ cockpit:
- new version 271
https://cockpit-project.org/blog/cockpit-271.html
- cockpit-redhatfont.diff: not needed, dropped
- 0001-selinux-allow-login-to-read-motd-file.patch, hide-docs.patch,
hide-pcp.patch remove-pwscore.patch: refreshed
++++ cockpit-machines:
- Update to 271.1:
https://github.com/cockpit-project/cockpit-machines/releases/tag/270.1
++++ cockpit-podman:
- new version 49.1
https://github.com/cockpit-project/cockpit-podman/releases/tag/49.1
++++ kernel-default:
- Add parameter to disable simple-framebuffer devices (boo#1193472)
Temporary workaround for simpledrm bugs.
- commit 1d1dbce
- drivers/firmware: skip simpledrm if nvidia-drm.modeset=1 is set (boo#1193472)
Temporary workaround for nvidia.ko with simpledrm.
- commit c35bbe0
- drm/client: Don't add new command-line mode (boo#1193472)
Backported for simpledrm support.
- commit 141a4fc
- drm/client: Look for command-line modes first (boo#1193472)
Backported for simpledrm support.
- commit 1bf947f
- drm: Always warn if user-defined modes are not supported (boo#1193472)
Backported for simpledrm support.
- commit 95c4112
------------------------------------------------------------------
------------------ 2022-6-9 - Jun 9 2022 -------------------
------------------------------------------------------------------
++++ glibc:
- Set SUSE_ZNOW=0
++++ kernel-default:
- Linux 5.18.3 (bsc#1012628).
- binfmt_flat: do not stop relocating GOT entries prematurely
on riscv (bsc#1012628).
- parisc: fix a crash with multicore scheduler (bsc#1012628).
- parisc/stifb: Implement fb_is_primary_device() (bsc#1012628).
- parisc/stifb: Keep track of hardware path of graphics card
(bsc#1012628).
- RISC-V: Mark IORESOURCE_EXCLUSIVE for reserved mem instead of
IORESOURCE_BUSY (bsc#1012628).
- riscv: Initialize thread pointer before calling C functions
(bsc#1012628).
- riscv: Fix irq_work when SMP is disabled (bsc#1012628).
- riscv: Wire up memfd_secret in UAPI header (bsc#1012628).
- riscv: Move alternative length validation into subsection
(bsc#1012628).
- ALSA: hda/realtek - Add new type for ALC245 (bsc#1012628).
- ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15
9520 laptop (bsc#1012628).
- ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS
(bsc#1012628).
- ALSA: usb-audio: Cancel pending work at closing a MIDI substream
(bsc#1012628).
- USB: serial: pl2303: fix type detection for odd device
(bsc#1012628).
- USB: serial: option: add Quectel BG95 modem (bsc#1012628).
- USB: new quirk for Dell Gen 2 devices (bsc#1012628).
- usb: isp1760: Fix out-of-bounds array access (bsc#1012628).
- usb: dwc3: gadget: Move null pinter check to proper place
(bsc#1012628).
- usb: core: hcd: Add support for deferring roothub registration
(bsc#1012628).
- fs/ntfs3: provide block_invalidate_folio to fix memory leak
(bsc#1012628).
- fs/ntfs3: Update valid size if -EIOCBQUEUED (bsc#1012628).
- fs/ntfs3: Fix fiemap + fix shrink file size (to remove
preallocated space) (bsc#1012628).
- fs/ntfs3: Keep preallocated only if option prealloc enabled
(bsc#1012628).
- fs/ntfs3: Check new size for limits (bsc#1012628).
- fs/ntfs3: In function ntfs_set_acl_ex do not change
inode->i_mode if called from function ntfs_init_acl
(bsc#1012628).
- fs/ntfs3: Fix some memory leaks in an error handling path of
'log_replay()' (bsc#1012628).
- fs/ntfs3: Update i_ctime when xattr is added (bsc#1012628).
- fs/ntfs3: Restore ntfs_xattr_get_acl and ntfs_xattr_set_acl
functions (bsc#1012628).
- cifs: don't call cifs_dfs_query_info_nonascii_quirk() if nodfs
was set (bsc#1012628).
- cifs: fix ntlmssp on old servers (bsc#1012628).
- cifs: fix potential double free during failed mount
(bsc#1012628).
- cifs: when extending a file with falloc we should make files
not-sparse (bsc#1012628).
- xhci: Set HCD flag to defer primary roothub registration
(bsc#1012628).
- xhci: Allow host runtime PM as default for Intel Alder Lake
N xHCI (bsc#1012628).
- platform/x86: intel-hid: fix _DSM function index handling
(bsc#1012628).
- x86/MCE/AMD: Fix memory leak when threshold_create_bank()
fails (bsc#1012628).
- perf/x86/intel: Fix event constraints for ICL (bsc#1012628).
- x86/kexec: fix memory leak of elf header buffer (bsc#1012628).
- x86/sgx: Set active memcg prior to shmem allocation
(bsc#1012628).
- kthread: Don't allocate kthread_struct for init and umh
(bsc#1012628).
- ptrace/um: Replace PT_DTRACE with TIF_SINGLESTEP (bsc#1012628).
- ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP
(bsc#1012628).
- ptrace: Reimplement PTRACE_KILL by always sending SIGKILL
(bsc#1012628).
- btrfs: add "0x" prefix for unsupported optional features
(bsc#1012628).
- btrfs: return correct error number for __extent_writepage_io()
(bsc#1012628).
- btrfs: repair super block num_devices automatically
(bsc#1012628).
- btrfs: fix the error handling for submit_extent_page() for
btrfs_do_readpage() (bsc#1012628).
- btrfs: fix deadlock between concurrent dio writes when low on
free data space (bsc#1012628).
- btrfs: zoned: properly finish block group on metadata write
(bsc#1012628).
- btrfs: zoned: zone finish unused block group (bsc#1012628).
- btrfs: zoned: finish block group when there are no more
allocatable bytes left (bsc#1012628).
- btrfs: zoned: fix comparison of alloc_offset vs
meta_write_pointer (bsc#1012628).
- iommu/vt-d: Add RPLS to quirk list to skip TE disabling
(bsc#1012628).
- drm/selftests: fix a shift-out-of-bounds bug (bsc#1012628).
- drm/vmwgfx: validate the screen formats (bsc#1012628).
- ath11k: fix the warning of dev_wake in
mhi_pm_disable_transition() (bsc#1012628).
- drm/virtio: fix NULL pointer dereference in
virtio_gpu_conn_get_modes (bsc#1012628).
- selftests/bpf: Fix vfs_link kprobe definition (bsc#1012628).
- selftests/bpf: Fix parsing of prog types in UAPI hdr for
bpftool sync (bsc#1012628).
- ath11k: Change max no of active probe SSID and BSSID to fw
capability (bsc#1012628).
- selftests/bpf: Fix file descriptor leak in load_kallsyms()
(bsc#1012628).
- rtw89: ser: fix CAM leaks occurring in L2 reset (bsc#1012628).
- rtw89: fix misconfiguration on hw_scan channel time
(bsc#1012628).
- mwifiex: add mutex lock for call in
mwifiex_dfs_chan_sw_work_queue (bsc#1012628).
- b43legacy: Fix assigning negative value to unsigned variable
(bsc#1012628).
- b43: Fix assigning negative value to unsigned variable
(bsc#1012628).
- ipw2x00: Fix potential NULL dereference in libipw_xmit()
(bsc#1012628).
- ipv6: fix locking issues with loops over idev->addr_list
(bsc#1012628).
- fbcon: Consistently protect deferred_takeover with
console_lock() (bsc#1012628).
- x86/platform/uv: Update TSC sync state for UV5 (bsc#1012628).
- ACPICA: Avoid cache flush inside virtual machines (bsc#1012628).
- libbpf: Fix a bug with checking bpf_probe_read_kernel()
support in old kernels (bsc#1012628).
- mac80211: minstrel_ht: fix where rate stats are stored (fixes
debugfs output) (bsc#1012628).
- drm/komeda: return early if drm_universal_plane_init() fails
(bsc#1012628).
- drm/amd/display: Disabling Z10 on DCN31 (bsc#1012628).
- rcu-tasks: Fix race in schedule and flush work (bsc#1012628).
- rcu-tasks: Handle sparse cpu_possible_mask in
rcu_tasks_invoke_cbs() (bsc#1012628).
- rcu: Make TASKS_RUDE_RCU select IRQ_WORK (bsc#1012628).
- sfc: ef10: Fix assigning negative value to unsigned variable
(bsc#1012628).
- ALSA: jack: Access input_dev under mutex (bsc#1012628).
- rtw88: fix incorrect frequency reported (bsc#1012628).
- rtw88: 8821c: fix debugfs rssi value (bsc#1012628).
- spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width}
based on DMA direction (bsc#1012628).
- tools/power turbostat: fix ICX DRAM power numbers (bsc#1012628).
- tcp: consume incoming skb leading to a reset (bsc#1012628).
- loop: implement ->free_disk (bsc#1012628).
- scsi: lpfc: Move cfg_log_verbose check before calling
lpfc_dmp_dbg() (bsc#1012628).
- scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock
(bsc#1012628).
- scsi: lpfc: Fix null pointer dereference after failing to
issue FLOGI and PLOGI (bsc#1012628).
- scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT
(bsc#1012628).
- scsi: lpfc: Fix call trace observed during I/O with CMF enabled
(bsc#1012628).
- cpuidle: PSCI: Improve support for suspend-to-RAM for PSCI
OSI mode (bsc#1012628).
- drm/amdgpu/pm: fix the null pointer while the smu is disabled
(bsc#1012628).
- drm/amd/pm: fix double free in si_parse_power_table()
(bsc#1012628).
- ASoC: rsnd: care default case on
rsnd_ssiu_busif_err_status_clear() (bsc#1012628).
- ASoC: rsnd: care return value from rsnd_node_fixed_index()
(bsc#1012628).
- net: macb: In ZynqMP initialization make SGMII phy configuration
optional (bsc#1012628).
- ath9k: fix QCA9561 PA bias level (bsc#1012628).
- media: Revert "media: dw9768: activate runtime PM and turn
off device" (bsc#1012628).
- media: i2c: dw9714: Disable the regulator when the driver
fails to probe (bsc#1012628).
- media: venus: hfi: avoid null dereference in deinit
(bsc#1012628).
- media: venus: do not queue internal buffers from previous
sequence (bsc#1012628).
- media: pci: cx23885: Fix the error handling in cx23885_initdev()
(bsc#1012628).
- media: cx25821: Fix the warning when removing the module
(bsc#1012628).
- md/bitmap: don't set sb values if can't pass sanity check
(bsc#1012628).
- mmc: jz4740: Apply DMA engine limits to maximum segment size
(bsc#1012628).
- drivers: mmc: sdhci_am654: Add the quirk to set TESTCD bit
(bsc#1012628).
- scsi: megaraid: Fix error check return value of
register_chrdev() (bsc#1012628).
- drm/amdgpu/sdma: Fix incorrect calculations of the wptr of
the doorbells (bsc#1012628).
- scsi: ufs: Use pm_runtime_resume_and_get() instead of
pm_runtime_get_sync() (bsc#1012628).
- scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp()
(bsc#1012628).
- ath11k: disable spectral scan during spectral deinit
(bsc#1012628).
- ASoC: Intel: bytcr_rt5640: Add quirk for the HP Pro Tablet 408
(bsc#1012628).
- drm/plane: Move range check for format_count earlier
(bsc#1012628).
- drm/amdkfd: Fix circular lock dependency warning (bsc#1012628).
- drm/amd/pm: fix the compile warning (bsc#1012628).
- ath10k: skip ath10k_halt during suspend for driver state
RESTARTING (bsc#1012628).
- arm64: compat: Do not treat syscall number as ESR_ELx for a
bad syscall (bsc#1012628).
- drm: msm: fix error check return value of irq_of_parse_and_map()
(bsc#1012628).
- drm/msm/dpu: Clean up CRC debug logs (bsc#1012628).
- xtensa: move trace_hardirqs_off call back to entry.S
(bsc#1012628).
- ath11k: fix warning of not found station for bssid in message
(bsc#1012628).
- scsi: target: tcmu: Fix possible data corruption (bsc#1012628).
- ipv6: Don't send rs packets to the interface of ARPHRD_TUNNEL
(bsc#1012628).
- net/mlx5: use kvfree() for kvzalloc() in
mlx5_ct_fs_smfs_matcher_create (bsc#1012628).
- net/mlx5: fs, delete the FTE when there are no rules attached
to it (bsc#1012628).
- ASoC: dapm: Don't fold register value changes into notifications
(bsc#1012628).
- ASoC: SOF: ipc3-topology: Correct get_control_data for non
bytes payload (bsc#1012628).
- mlxsw: spectrum_dcb: Do not warn about priority changes
(bsc#1012628).
- mlxsw: Treat LLDP packets as control (bsc#1012628).
- drm/amdgpu/psp: move PSP memory alloc from hw_init to sw_init
(bsc#1012628).
- drm/amdgpu/ucode: Remove firmware load type check in
amdgpu_ucode_free_bo (bsc#1012628).
- regulator: mt6315: Enforce regulator-compatible, not name
(bsc#1012628).
- ice: always check VF VSI pointer values (bsc#1012628).
- HID: bigben: fix slab-out-of-bounds Write in bigben_probe
(bsc#1012628).
- drm/tegra: gem: Do not try to dereference ERR_PTR()
(bsc#1012628).
- of: Support more than one crash kernel regions for kexec -s
(bsc#1012628).
- ASoC: tscs454: Add endianness flag in snd_soc_component_driver
(bsc#1012628).
- net/mlx5: Increase FW pre-init timeout for health recovery
(bsc#1012628).
- ASoC: Intel: sof_ssp_amp: fix no DMIC BE Link on Chromebooks
(bsc#1012628).
- scsi: hisi_sas: Undo RPM resume for failed notify phy event
for v3 HW (bsc#1012628).
- scsi: lpfc: Inhibit aborts if external loopback plug is inserted
(bsc#1012628).
- scsi: lpfc: Alter FPIN stat accounting logic (bsc#1012628).
- net: remove two BUG() from skb_checksum_help() (bsc#1012628).
- s390/preempt: disable __preempt_count_add() optimization for
PROFILE_ALL_BRANCHES (bsc#1012628).
- perf/amd/ibs: Cascade pmu init functions' return value
(bsc#1012628).
- sched/core: Avoid obvious double update_rq_clock warning
(bsc#1012628).
- spi: stm32-qspi: Fix wait_cmd timeout in APM mode (bsc#1012628).
- dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC
(bsc#1012628).
- fs: hold writers when changing mount's idmapping (bsc#1012628).
- ASoC: SOF: amd: add missing platform_device_unregister in
acp_pci_rn_probe (bsc#1012628).
- ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default
(bsc#1012628).
- ipmi:ssif: Check for NULL msg when handling events and messages
(bsc#1012628).
- ipmi: Add an intializer for ipmi_smi_msg struct (bsc#1012628).
- ipmi: Fix pr_fmt to avoid compilation issues (bsc#1012628).
- kunit: bail out of test filtering logic quicker if OOM
(bsc#1012628).
- rtlwifi: Use pr_warn instead of WARN_ONCE (bsc#1012628).
- mt76: mt7915: accept rx frames with non-standard VHT MCS10-11
(bsc#1012628).
- mt76: mt7921: accept rx frames with non-standard VHT MCS10-11
(bsc#1012628).
- mt76: fix encap offload ethernet type check (bsc#1012628).
- media: rga: fix possible memory leak in rga_probe (bsc#1012628).
- media: coda: limit frame interval enumeration to supported
encoder frame sizes (bsc#1012628).
- media: hantro: HEVC: unconditionnaly set pps_{cb/cr}_qp_offset
values (bsc#1012628).
- media: ccs-core.c: fix failure to call clk_disable_unprepare
(bsc#1012628).
- media: imon: reorganize serialization (bsc#1012628).
- media: cec-adap.c: fix is_configuring state (bsc#1012628).
- usbnet: Run unregister_netdev() before unbind() again
(bsc#1012628).
- Bluetooth: HCI: Add HCI_QUIRK_BROKEN_ENHANCED_SETUP_SYNC_CONN
quirk (bsc#1012628).
- Bluetooth: btusb: Set HCI_QUIRK_BROKEN_ENHANCED_SETUP_SYNC_CONN
for QCA (bsc#1012628).
- Bluetooth: btusb: Set HCI_QUIRK_BROKEN_ERR_DATA_REPORTING for
QCA (bsc#1012628).
- bnxt_en: Configure ptp filters during bnxt open (bsc#1012628).
- media: mediatek: vcodec: prevent kernel crash when rmmod
mtk-vcodec-dec.ko (bsc#1012628).
- openrisc: start CPU timer early in boot (bsc#1012628).
- nvme-pci: fix a NULL pointer dereference in
nvme_alloc_admin_tags (bsc#1012628).
- ASoC: rt5645: Fix errorenous cleanup order (bsc#1012628).
- nbd: Fix hung on disconnect request if socket is closed before
(bsc#1012628).
- drm/amd/pm: update smartshift powerboost calc for smu12
(bsc#1012628).
- drm/amd/pm: update smartshift powerboost calc for smu13
(bsc#1012628).
- drm/amdgpu: Move mutex_init(&smu->message_lock) to
smu_early_init() (bsc#1012628).
- btrfs: fix anon_dev leak in create_subvol() (bsc#1012628).
- kunit: tool: make parser stop overwriting status of suites w/
no_tests (bsc#1012628).
- net: phy: micrel: Allow probing without .driver_data
(bsc#1012628).
- media: exynos4-is: Fix compile warning (bsc#1012628).
- media: hantro: Stop using H.264 parameter pic_num (bsc#1012628).
- rtw89: cfo: check mac_id to avoid out-of-bounds (bsc#1012628).
- of/fdt: Ignore disabled memory nodes (bsc#1012628).
- blk-throttle: Set BIO_THROTTLED when bio has been throttled
(bsc#1012628).
- ASoC: max98357a: remove dependency on GPIOLIB (bsc#1012628).
- ASoC: rt1015p: remove dependency on GPIOLIB (bsc#1012628).
- ACPI: CPPC: Assume no transition latency if no PCCT
(bsc#1012628).
- nvme: set non-mdts limits in nvme_scan_work (bsc#1012628).
- can: mcp251xfd: silence clang's -Wunaligned-access warning
(bsc#1012628).
- x86/microcode: Add explicit CPU vendor dependency (bsc#1012628).
- net: ipa: ignore endianness if there is no header (bsc#1012628).
- selftests/bpf: Add missing trampoline program type to
trampoline_count test (bsc#1012628).
- m68k: atari: Make Atari ROM port I/O write macros return void
(bsc#1012628).
- hwmon: (pmbus) Add get_voltage/set_voltage ops (bsc#1012628).
- rxrpc: Return an error to sendmsg if call failed (bsc#1012628).
- rxrpc, afs: Fix selection of abort codes (bsc#1012628).
- afs: Adjust ACK interpretation to try and cope with NAT
(bsc#1012628).
- eth: tg3: silence the GCC 12 array-bounds warning (bsc#1012628).
- char: tpm: cr50_i2c: Suppress duplicated error message in
.remove() (bsc#1012628).
- selftests/bpf: fix btf_dump/btf_dump due to recent clang change
(bsc#1012628).
- gfs2: use i_lock spin_lock for inode qadata (bsc#1012628).
- linux/types.h: reinstate "__bitwise__" macro for user space use
(bsc#1012628).
- scsi: target: tcmu: Avoid holding XArray lock when calling
lock_page (bsc#1012628).
- kunit: fix executor OOM error handling logic on non-UML
(bsc#1012628).
- IB/rdmavt: add missing locks in rvt_ruc_loopback (bsc#1012628).
- PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited
(bsc#1012628).
- ARM: dts: ox820: align interrupt controller node name with
dtschema (bsc#1012628).
- ARM: dts: socfpga: align interrupt controller node name with
dtschema (bsc#1012628).
- ARM: dts: s5pv210: align DMA channels with dtschema
(bsc#1012628).
- ASoC: amd: Add driver data to acp6x machine driver
(bsc#1012628).
- arm64: dts: qcom: msm8994: Fix the cont_splash_mem address
(bsc#1012628).
- arm64: dts: qcom: msm8994: Fix BLSP[12]_DMA channels count
(bsc#1012628).
- PM / devfreq: rk3399_dmc: Disable edev on remove()
(bsc#1012628).
- crypto: ccree - use fine grained DMA mapping dir (bsc#1012628).
- crypto: qat - fix off-by-one error in PFVF debug print
(bsc#1012628).
- soc: ti: ti_sci_pm_domains: Check for null return of
devm_kcalloc (bsc#1012628).
- fs: jfs: fix possible NULL pointer dereference in dbFree()
(bsc#1012628).
- arm64: dts: qcom: sdm845-xiaomi-beryllium: fix typo in panel's
vddio-supply property (bsc#1012628).
- ALSA: usb-audio: Add quirk bits for enabling/disabling generic
implicit fb (bsc#1012628).
- ALSA: usb-audio: Move generic implicit fb quirk entries into
quirks.c (bsc#1012628).
- ARM: OMAP1: clock: Fix UART rate reporting algorithm
(bsc#1012628).
- powerpc/fadump: Fix fadump to work with a different endian
capture kernel (bsc#1012628).
- fat: add ratelimit to fat*_ent_bread() (bsc#1012628).
- pinctrl: renesas: rzn1: Fix possible null-ptr-deref in
sh_pfc_map_resources() (bsc#1012628).
- ARM: versatile: Add missing of_node_put in dcscb_init
(bsc#1012628).
- ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM
(bsc#1012628).
- arm64: dts: qcom: sc7280-idp: Configure CTS pin to bias-bus-hold
for bluetooth (bsc#1012628).
- arm64: dts: qcom: sc7280-qcard: Configure CTS pin to
bias-bus-hold for bluetooth (bsc#1012628).
- ARM: hisi: Add missing of_node_put after of_find_compatible_node
(bsc#1012628).
- cpufreq: Avoid unnecessary frequency updates due to mismatch
(bsc#1012628).
- PCI: microchip: Add missing chained_irq_enter()/exit() calls
(bsc#1012628).
- powerpc/rtas: Keep MSR[RI] set when calling RTAS (bsc#1012628).
- PCI: Avoid pci_dev_lock() AB/BA deadlock with
sriov_numvfs_store() (bsc#1012628).
- PCI: cadence: Clear FLR in device capabilities register
(bsc#1012628).
- KVM: PPC: Book3S HV Nested: L2 LPCR should inherit L1 LPES
setting (bsc#1012628).
- alpha: fix alloc_zeroed_user_highpage_movable() (bsc#1012628).
- tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate
(bsc#1012628).
- cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1012628).
- powerpc/powernv/vas: Assign real address to rx_fifo in
vas_rx_win_attr (bsc#1012628).
- powerpc/xics: fix refcount leak in icp_opal_init()
(bsc#1012628).
- powerpc/powernv: fix missing of_node_put in uv_init()
(bsc#1012628).
- macintosh/via-pmu: Fix build failure when CONFIG_INPUT is
disabled (bsc#1012628).
- powerpc/iommu: Add missing of_node_put in iommu_init_early_dart
(bsc#1012628).
- fanotify: fix incorrect fmode_t casts (bsc#1012628).
- smb3: check for null tcon (bsc#1012628).
- RDMA/hfi1: Prevent panic when SDMA is disabled (bsc#1012628).
- cifs: do not use tcpStatus after negotiate completes
(bsc#1012628).
- Input: gpio-keys - cancel delayed work only in case of GPIO
(bsc#1012628).
- drm: fix EDID struct for old ARM OABI format (bsc#1012628).
- drm/bridge_connector: enable HPD by default if supported
(bsc#1012628).
- drm/selftests: missing error code in igt_buddy_alloc_smoke()
(bsc#1012628).
- drm/omap: fix NULL but dereferenced coccicheck error
(bsc#1012628).
- dt-bindings: display: sitronix, st7735r: Fix backlight in
example (bsc#1012628).
- drm/bridge: anx7625: check the return on anx7625_aux_trans
(bsc#1012628).
- drm: ssd130x: Fix COM scan direction register mask
(bsc#1012628).
- drm: ssd130x: Always apply segment remap setting (bsc#1012628).
- drm/solomon: Make DRM_SSD130X depends on MMU (bsc#1012628).
- drm/format-helper: Rename drm_fb_xrgb8888_to_mono_reversed()
(bsc#1012628).
- drm/format-helper: Fix XRGB888 to monochrome conversion
(bsc#1012628).
- drm/ssd130x: Fix rectangle updates (bsc#1012628).
- drm/ssd130x: Reduce temporary buffer sizes (bsc#1012628).
- fbdev: defio: fix the pagelist corruption (bsc#1012628).
- drm/vmwgfx: Fix an invalid read (bsc#1012628).
- ath11k: acquire ab->base_lock in unassign when finding the
peer by addr (bsc#1012628).
- drm: bridge: it66121: Fix the register page length
(bsc#1012628).
- drm/bridge: it6505: Fix build error (bsc#1012628).
- ath9k: fix ar9003_get_eepmisc (bsc#1012628).
- drm/edid: fix invalid EDID extension block filtering
(bsc#1012628).
- drm/bridge: anx7625: add missing destroy_workqueue() in
anx7625_i2c_probe() (bsc#1012628).
- drm/bridge: adv7511: clean up CEC adapter when probe fails
(bsc#1012628).
- drm: bridge: icn6211: Fix register layout (bsc#1012628).
- drm: bridge: icn6211: Fix HFP_HSW_HBP_HI and HFP_MIN handling
(bsc#1012628).
- mtd: spinand: gigadevice: fix Quad IO for GD5F1GQ5UExxG
(bsc#1012628).
- spi: qcom-qspi: Add minItems to interconnect-names
(bsc#1012628).
- ASoC: codecs: Fix error handling in power domain init and exit
handlers (bsc#1012628).
- ASoC: cs35l41: Fix an out-of-bounds access in
otp_packed_element_t (bsc#1012628).
- ASoC: SOF: ipc3-topology: Set scontrol->priv to NULL after
freeing it (bsc#1012628).
- ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe
(bsc#1012628).
- ASoC: mediatek: Fix missing of_node_put in
mt2701_wm8960_machine_probe (bsc#1012628).
- docs: driver-api/thermal/intel_dptf: Use copyright symbol
(bsc#1012628).
- x86/delay: Fix the wrong asm constraint in delay_loop()
(bsc#1012628).
- drm/mediatek: Add vblank register/unregister callback functions
(bsc#1012628).
- drm/mediatek: Fix DPI component detection for MT8192
(bsc#1012628).
- drm/vc4: kms: Take old state core clock rate into account
(bsc#1012628).
- drm/vc4: hvs: Fix frame count register readout (bsc#1012628).
- drm/mediatek: Fix mtk_cec_mask() (bsc#1012628).
- drm/amd/amdgpu: Only reserve vram for firmware with vega9
MS_HYPERV host (bsc#1012628).
- drm/vc4: hvs: Reset muxes at probe time (bsc#1012628).
- drm/vc4: txp: Don't set TXP_VSTART_AT_EOF (bsc#1012628).
- drm/vc4: txp: Force alpha to be 0xff if it's disabled
(bsc#1012628).
- libbpf: Don't error out on CO-RE relos for overriden weak
subprogs (bsc#1012628).
- x86/PCI: Fix ALi M1487 (IBC) PIRQ router link value
interpretation (bsc#1012628).
- mptcp: optimize release_cb for the common case (bsc#1012628).
- mptcp: reset the packet scheduler on incoming MP_PRIO
(bsc#1012628).
- mptcp: reset the packet scheduler on PRIO change (bsc#1012628).
- nl80211: show SSID for P2P_GO interfaces (bsc#1012628).
- drm/komeda: Fix an undefined behavior bug in komeda_plane_add()
(bsc#1012628).
- drm: mali-dp: potential dereference of null pointer
(bsc#1012628).
- drm/amd/amdgpu: Fix asm/hypervisor.h build error (bsc#1012628).
- spi: spi-ti-qspi: Fix return value handling of
wait_for_completion_timeout (bsc#1012628).
- scftorture: Fix distribution of short handler delays
(bsc#1012628).
- net: ethernet: ti: am65-cpsw: Fix build error without PHYLINK
(bsc#1012628).
- net: dsa: mt7530: 1G can also support 1000BASE-X link mode
(bsc#1012628).
- ixp4xx_eth: fix error check return value of platform_get_irq()
(bsc#1012628).
- NFC: NULL out the dev->rfkill to prevent UAF (bsc#1012628).
- cpufreq: governor: Use kobject release() method to free dbs_data
(bsc#1012628).
- efi: Allow to enable EFI runtime services by default on RT
(bsc#1012628).
- efi: Add missing prototype for efi_capsule_setup_info
(bsc#1012628).
- device property: Allow error pointer to be passed to fwnode APIs
(bsc#1012628).
- drm/amd/amdgpu: Remove static from variable in RLCG Reg RW
(bsc#1012628).
- net: dsa: qca8k: correctly handle mdio read error (bsc#1012628).
- target: remove an incorrect unmap zeroes data deduction
(bsc#1012628).
- drbd: remove assign_p_sizes_qlim (bsc#1012628).
- drbd: use bdev based limit helpers in drbd_send_sizes
(bsc#1012628).
- drbd: use bdev_alignment_offset instead of
queue_alignment_offset (bsc#1012628).
- drbd: fix duplicate array initializer (bsc#1012628).
- EDAC/dmc520: Don't print an error for each unconfigured
interrupt line (bsc#1012628).
- bpf: Move rcu lock management out of BPF_PROG_RUN routines
(bsc#1012628).
- drm/bridge: anx7625: Use uint8 for lane-swing arrays
(bsc#1012628).
- mtd: rawnand: denali: Use managed device resources
(bsc#1012628).
- HID: hid-led: fix maximum brightness for Dream Cheeky
(bsc#1012628).
- HID: elan: Fix potential double free in elan_input_configured
(bsc#1012628).
- drm/bridge: Fix error handling in analogix_dp_probe
(bsc#1012628).
- regulator: da9121: Fix uninit-value in
da9121_assign_chip_model() (bsc#1012628).
- drm/mediatek: dpi: Use mt8183 output formats for mt8192
(bsc#1012628).
- signal: Deliver SIGTRAP on perf event asynchronously if blocked
(bsc#1012628).
- sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq
(bsc#1012628).
- sched/psi: report zeroes for CPU full at the system level
(bsc#1012628).
- spi: img-spfi: Fix pm_runtime_get_sync() error checking
(bsc#1012628).
- drm/bridge: Fix it6505 Kconfig DRM_DP_AUX_BUS dependency
(bsc#1012628).
- cpufreq: Fix possible race in cpufreq online error path
(bsc#1012628).
- printk: add missing memory barrier to wake_up_klogd()
(bsc#1012628).
- printk: wake waiters for safe and NMI contexts (bsc#1012628).
- ath9k_htc: fix potential out of bounds access with invalid
rxstatus->rs_keyix (bsc#1012628).
- media: i2c: max9286: fix kernel oops when removing module
(bsc#1012628).
- media: amphion: fix decoder's interlaced field (bsc#1012628).
- media: hantro: Implement support for encoder commands
(bsc#1012628).
- media: hantro: Empty encoder capture buffers by default
(bsc#1012628).
- media: imx: imx-mipi-csis: Rename csi_state to mipi_csis_device
(bsc#1012628).
- media: imx: imx-mipi-csis: Fix active format initialization
on source pad (bsc#1012628).
- drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01
(bsc#1012628).
- ALSA: pcm: Check for null pointer of pointer substream before
dereferencing it (bsc#1012628).
- mtdblock: warn if opened on NAND (bsc#1012628).
- inotify: show inotify mask flags in proc fdinfo (bsc#1012628).
- fsnotify: fix wrong lockdep annotations (bsc#1012628).
- spi: rockchip: fix missing error on unsupported SPI_CS_HIGH
(bsc#1012628).
- of: overlay: do not break notify on NOTIFY_{OK|STOP}
(bsc#1012628).
- selftests/damon: add damon to selftests root Makefile
(bsc#1012628).
- drm/msm: properly add and remove internal bridges (bsc#1012628).
- drm/msm/dpu: adjust display_v_end for eDP and DP (bsc#1012628).
- scsi: iscsi: Fix harmless double shift bug (bsc#1012628).
- scsi: ufs: qcom: Fix ufs_qcom_resume() (bsc#1012628).
- scsi: ufs: core: Exclude UECxx from SFR dump list (bsc#1012628).
- drm/v3d: Fix null pointer dereference of pointer perfmon
(bsc#1012628).
- selftests/resctrl: Fix null pointer dereference on open failed
(bsc#1012628).
- libbpf: Fix logic for finding matching program for CO-RE
relocation (bsc#1012628).
- mtd: spi-nor: core: Check written SR value in
spi_nor_write_16bit_sr_and_check() (bsc#1012628).
- x86/pm: Fix false positive kmemleak report in
msr_build_context() (bsc#1012628).
- mtd: rawnand: cadence: fix possible null-ptr-deref in
cadence_nand_dt_probe() (bsc#1012628).
- mtd: rawnand: intel: fix possible null-ptr-deref in
ebu_nand_probe() (bsc#1012628).
- x86/speculation: Add missing prototype for unpriv_ebpf_notify()
(bsc#1012628).
- ASoC: rk3328: fix disabling mclk on pclk probe failure
(bsc#1012628).
- perf tools: Add missing headers needed by util/data.h
(bsc#1012628).
- drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use
after memory free during pm runtime resume (bsc#1012628).
- drm/msm/dp: stop event kernel thread when DP unbind
(bsc#1012628).
- drm/msm/dp: fix error check return value of
irq_of_parse_and_map() (bsc#1012628).
- drm/msm/dp: reset DP controller before transmit phy test pattern
(bsc#1012628).
- drm/msm/dp: do not stop transmitting phy test pattern during
DP phy compliance test (bsc#1012628).
- drm/msm/dsi: fix error checks and return values for DSI xmit
functions (bsc#1012628).
- drm/msm/hdmi: check return value after calling
platform_get_resource_byname() (bsc#1012628).
- drm/msm/hdmi: fix error check return value of
irq_of_parse_and_map() (bsc#1012628).
- drm/msm: add missing include to msm_drv.c (bsc#1012628).
- drm/panel: panel-simple: Fix proper bpc for
AM-1280800N3TZQW-T00H (bsc#1012628).
- drm/bridge: it6505: Send DPCD SET_POWER to downstream
(bsc#1012628).
- drm/msm: Fix null pointer dereferences without iommu
(bsc#1012628).
- kunit: fix debugfs code to use enum kunit_status, not bool
(bsc#1012628).
- drm/rockchip: vop: fix possible null-ptr-deref in vop_bind()
(bsc#1012628).
- spi: cadence-quadspi: fix Direct Access Mode disable for SoCFPGA
(bsc#1012628).
- perf tools: Use Python devtools for version autodetection
rather than runtime (bsc#1012628).
- virtio_blk: fix the discard_granularity and discard_alignment
queue limits (bsc#1012628).
- nl80211: don't hold RTNL in color change request (bsc#1012628).
- x86: Fix return value of __setup handlers (bsc#1012628).
- irqchip/exiu: Fix acknowledgment of edge triggered interrupts
(bsc#1012628).
- irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value
(bsc#1012628).
- irqchip/aspeed-scu-ic: Fix irq_of_parse_and_map() return value
(bsc#1012628).
- x86/mm: Cleanup the control_va_addr_alignment() __setup handler
(bsc#1012628).
- arm64: fix types in copy_highpage() (bsc#1012628).
- regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET
(bsc#1012628).
- wl1251: dynamically allocate memory used for DMA (bsc#1012628).
- linkage: Fix issue with missing symbol size (bsc#1012628).
- ACPI: AGDI: Fix missing prototype warning for acpi_agdi_init()
(bsc#1012628).
- drm/msm/disp/dpu1: avoid clearing hw interrupts if hw_intr is
null during drm uninit (bsc#1012628).
- drm/msm/dsi: fix address for second DSI PHY on SDM660
(bsc#1012628).
- drm/msm/dp: fix event thread stuck in wait_event after
kthread_stop() (bsc#1012628).
- drm/msm/mdp5: Return error code in mdp5_pipe_release when
deadlock is detected (bsc#1012628).
- drm/msm/mdp5: Return error code in mdp5_mixer_release when
deadlock is detected (bsc#1012628).
- drm/msm: return an error pointer in msm_gem_prime_get_sg_table()
(bsc#1012628).
- media: uvcvideo: Fix missing check to determine if element is
found in list (bsc#1012628).
- arm64: stackleak: fix current_top_of_stack() (bsc#1012628).
- iomap: iomap_write_failed fix (bsc#1012628).
- spi: spi-fsl-qspi: check return value after calling
platform_get_resource_byname() (bsc#1012628).
- selftests/bpf: Prevent skeleton generation race (bsc#1012628).
- Revert "cpufreq: Fix possible race in cpufreq online error path"
(bsc#1012628).
- regulator: qcom_smd: Fix up PM8950 regulator configuration
(bsc#1012628).
- samples: bpf: Don't fail for a missing VMLINUX_BTF when
VMLINUX_H is provided (bsc#1012628).
- perf/amd/ibs: Use interrupt regs ip for stack unwinding
(bsc#1012628).
- ath11k: Don't check arvif->is_started before sending management
frames (bsc#1012628).
- scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4()
(bsc#1012628).
- scsi: lpfc: Fix dmabuf ptr assignment in lpfc_ct_reject_event()
(bsc#1012628).
- wilc1000: fix crash observed in AP mode with
cfg80211_register_netdevice() (bsc#1012628).
- HID: amd_sfh: Modify the bus name (bsc#1012628).
- HID: amd_sfh: Modify the hid name (bsc#1012628).
- ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe
(bsc#1012628).
- ASoC: imx-hdmi: Fix refcount leak in imx_hdmi_probe
(bsc#1012628).
- ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe
(bsc#1012628).
- regulator: pfuze100: Fix refcount leak in
pfuze_parse_regulators_dt (bsc#1012628).
- PM: EM: Decrement policy counter (bsc#1012628).
- dma-direct: don't fail on highmem CMA pages in
dma_direct_alloc_pages (bsc#1012628).
- ASoC: samsung: Fix refcount leak in aries_audio_probe
(bsc#1012628).
- block: Fix the bio.bi_opf comment (bsc#1012628).
- kselftest/cgroup: fix test_stress.sh to use OUTPUT dir
(bsc#1012628).
- scripts/faddr2line: Fix overlapping text section failures
(bsc#1012628).
- media: aspeed: Fix an error handling path in
aspeed_video_probe() (bsc#1012628).
- media: exynos4-is: Fix PM disable depth imbalance in
fimc_is_probe (bsc#1012628).
- mt76: mt7915: fix DBDC default band selection on MT7915D
(bsc#1012628).
- mt76: mt7921: honor pm user configuration in
mt7921_sniffer_interface_iter (bsc#1012628).
- mt76: mt7915: fix unbounded shift in mt7915_mcu_beacon_mbss
(bsc#1012628).
- mt76: mt7921: Fix the error handling path of mt7921_pci_probe()
(bsc#1012628).
- mt76: mt7915: fix possible uninitialized pointer dereference
in mt7986_wmac_gpio_setup (bsc#1012628).
- mt76: mt7915: fix possible NULL pointer dereference in
mt7915_mac_fill_rx_vector (bsc#1012628).
- mt76: mt7915: do not pass data pointer to
mt7915_mcu_muru_debug_set (bsc#1012628).
- mt76: mt7915: report rx mode value in mt7915_mac_fill_rx_rate
(bsc#1012628).
- mt76: fix antenna config missing in 6G cap (bsc#1012628).
- mt76: mt7921: fix kernel crash at mt7921_pci_remove
(bsc#1012628).
- mt76: do not attempt to reorder received 802.3 packets without
agg session (bsc#1012628).
- mt76: fix tx status related use-after-free race on station
removal (bsc#1012628).
- mt76: mt7915: fix twt table_mask to u16 in mt7915_dev
(bsc#1012628).
- media: st-delta: Fix PM disable depth imbalance in delta_probe
(bsc#1012628).
- media: atmel: atmel-isc: Fix PM disable depth imbalance in
atmel_isc_probe (bsc#1012628).
- media: i2c: rdacm2x: properly set subdev entity function
(bsc#1012628).
- media: exynos4-is: Change clk_disable to clk_disable_unprepare
(bsc#1012628).
- media: pvrusb2: fix array-index-out-of-bounds in
pvr2_i2c_core_init (bsc#1012628).
- media: make RADIO_ADAPTERS tristate (bsc#1012628).
- media: vsp1: Fix offset calculation for plane cropping
(bsc#1012628).
- media: atmel: atmel-sama5d2-isc: fix wrong mask in YUYV format
check (bsc#1012628).
- media: hantro: HEVC: Fix tile info buffer value computation
(bsc#1012628).
- Bluetooth: mt7921s: Fix the incorrect pointer check
(bsc#1012628).
- Bluetooth: fix dangling sco_conn and use-after-free in
sco_sock_timeout (bsc#1012628).
- Bluetooth: use hdev lock in activate_scan for
hci_is_adv_monitoring (bsc#1012628).
- Bluetooth: use hdev lock for accept_list and reject_list in
conn req (bsc#1012628).
- Bluetooth: protect le accept and resolv lists with hdev->lock
(bsc#1012628).
- Bluetooth: btmtksdio: fix use-after-free at btmtksdio_recv_event
(bsc#1012628).
- Bluetooth: btmtksdio: fix possible FW initialization failure
(bsc#1012628).
- Bluetooth: btmtksdio: fix the reset takes too long
(bsc#1012628).
- media: mediatek: vcodec: Fix v4l2 compliance decoder cmd test
fail (bsc#1012628).
- io_uring: avoid io-wq -EAGAIN looping for !IOPOLL (bsc#1012628).
- io_uring: only wake when the correct events are set
(bsc#1012628).
- irqchip/gic-v3: Ensure pseudo-NMIs have an ISB between ack
and handling (bsc#1012628).
- irqchip/gic-v3: Refactor ISB + EOIR at ack time (bsc#1012628).
- irqchip/gic-v3: Fix priority mask handling (bsc#1012628).
- nvme: set dma alignment to dword (bsc#1012628).
- m68k: math-emu: Fix dependencies of math emulation support
(bsc#1012628).
- net: annotate races around sk->sk_bound_dev_if (bsc#1012628).
- sctp: read sk->sk_bound_dev_if once in sctp_rcv() (bsc#1012628).
- net: hinic: add missing destroy_workqueue in
hinic_pf_to_mgmt_init (bsc#1012628).
- ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_*
(bsc#1012628).
- kselftest/arm64: bti: force static linking (bsc#1012628).
- media: ov7670: remove ov7670_power_off from ov7670_remove
(bsc#1012628).
- media: i2c: ov2640: Depend on V4L2_ASYNC (bsc#1012628).
- media: i2c: ov5648: fix wrong pointer passed to IS_ERR()
and PTR_ERR() (bsc#1012628).
- media: rkvdec: h264: Fix dpb_valid implementation (bsc#1012628).
- media: rkvdec: h264: Fix bit depth wrap in pps packet
(bsc#1012628).
- regulator: scmi: Fix refcount leak in scmi_regulator_probe
(bsc#1012628).
- blk-cgroup: always terminate io.stat lines (bsc#1012628).
- erofs: fix buffer copy overflow of ztailpacking feature
(bsc#1012628).
- net/mlx5e: Correct the calculation of max channels for rep
(bsc#1012628).
- ext4: reject the 'commit' option on ext2 filesystems
(bsc#1012628).
- drm/msm/dsi: don't powerup at modeset time for parade-ps8640
(bsc#1012628).
- drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (bsc#1012628).
- drm: msm: fix possible memory leak in mdp5_crtc_cursor_set()
(bsc#1012628).
- x86/sev: Annotate stack change in the #VC handler (bsc#1012628).
- drm/msm: don't free the IRQ if it was not requested
(bsc#1012628).
- selftests/bpf: Add missed ima_setup.sh in Makefile
(bsc#1012628).
- drm/msm/dpu: handle pm_runtime_get_sync() errors in bind path
(bsc#1012628).
- drm/i915: Fix CFI violation with show_dynamic_id()
(bsc#1012628).
- thermal/drivers/bcm2711: Don't clamp temperature at zero
(bsc#1012628).
- thermal/drivers/broadcom: Fix potential NULL dereference in
sr_thermal_probe (bsc#1012628).
- thermal/core: Fix memory leak in
__thermal_cooling_device_register() (bsc#1012628).
- thermal/drivers/imx_sc_thermal: Fix refcount leak in
imx_sc_thermal_probe (bsc#1012628).
- bfq: Relax waker detection for shared queues (bsc#1012628).
- bfq: Allow current waker to defend against a tentative one
(bsc#1012628).
- ASoC: codecs: lpass: Fix passing zero to 'PTR_ERR'
(bsc#1012628).
- ASoC: wm2000: fix missing clk_disable_unprepare() on error in
wm2000_anc_transition() (bsc#1012628).
- cpuidle: psci: Fix regression leading to no genpd governor
(bsc#1012628).
- cpuidle: riscv-sbi: Fix code to allow a genpd governor to be
used (bsc#1012628).
- platform/x86: intel_cht_int33fe: Set driver data (bsc#1012628).
- PM: domains: Fix initialization of genpd's next_wakeup
(bsc#1012628).
- net: macb: Fix PTP one step sync support (bsc#1012628).
- scsi: hisi_sas: Fix rescan after deleting a disk (bsc#1012628).
- scsi: hisi_sas: Fix memory ordering in hisi_sas_task_deliver()
(bsc#1012628).
- NFC: hci: fix sleep in atomic context bugs in
nfc_hci_hcp_message_tx (bsc#1012628).
- bonding: fix missed rcu protection (bsc#1012628).
- ASoC: max98090: Move check for invalid values before casting
in max98090_put_enab_tlv() (bsc#1012628).
- perf parse-events: Support different format of the topdown
event name (bsc#1012628).
- net: stmmac: fix out-of-bounds access in a selftest
(bsc#1012628).
- amt: fix gateway mode stuck (bsc#1012628).
- amt: fix memory leak for advertisement message (bsc#1012628).
- hv_netvsc: Fix potential dereference of NULL pointer
(bsc#1012628).
- hwmon: (dimmtemp) Fix bitmap handling (bsc#1012628).
- hwmon: (pmbus) Check PEC support before reading other registers
(bsc#1012628).
- rxrpc: Fix locking issue (bsc#1012628).
- rxrpc: Fix listen() setting the bar too high for the prealloc
rings (bsc#1012628).
- rxrpc: Don't try to resend the request if we're receiving the
reply (bsc#1012628).
- rxrpc: Fix overlapping ACK accounting (bsc#1012628).
- rxrpc: Don't let ack.previousPacket regress (bsc#1012628).
- rxrpc: Fix decision on when to generate an IDLE ACK
(bsc#1012628).
- hinic: Avoid some over memory allocation (bsc#1012628).
- dpaa2-eth: retrieve the virtual address before dma_unmap
(bsc#1012628).
- dpaa2-eth: use the correct software annotation field
(bsc#1012628).
- dpaa2-eth: unmap the SGT buffer before accessing its contents
(bsc#1012628).
- net: dsa: restrict SMSC_LAN9303_I2C kconfig (bsc#1012628).
- net/smc: postpone sk_refcnt increment in connect()
(bsc#1012628).
- net/smc: fix listen processing for SMC-Rv2 (bsc#1012628).
- dma-direct: don't over-decrypt memory (bsc#1012628).
- Bluetooth: hci_conn: Fix hci_connect_le_sync (bsc#1012628).
- Revert "net/smc: fix listen processing for SMC-Rv2"
(bsc#1012628).
- media: lirc: revert removal of unused feature flags
(bsc#1012628).
- arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on
rk3399 (bsc#1012628).
- arm64: dts: mt8192: Fix nor_flash status disable typo
(bsc#1012628).
- PCI/ACPI: Allow D3 only if Root Port can signal and wake from D3
(bsc#1012628).
- memory: samsung: exynos5422-dmc: Avoid some over memory
allocation (bsc#1012628).
- ARM: dts: BCM5301X: Update pin controller node name
(bsc#1012628).
- ARM: dts: suniv: F1C100: fix watchdog compatible (bsc#1012628).
- soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc
(bsc#1012628).
- soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc
(bsc#1012628).
- arm64: defconfig: reenable SM_DISPCC_8250 (bsc#1012628).
- PCI: cadence: Fix find_first_zero_bit() limit (bsc#1012628).
- PCI: rockchip: Fix find_first_zero_bit() limit (bsc#1012628).
- PCI: mediatek: Fix refcount leak in mtk_pcie_subsys_powerup()
(bsc#1012628).
- PCI: dwc: Fix setting error return on MSI DMA mapping failure
(bsc#1012628).
- ARM: dts: ci4x10: Adapt to changes in imx6qdl.dtsi regarding
fec clocks (bsc#1012628).
- arm64: dts: qcom: sc7280: Fix sar1_irq_odl node name
(bsc#1012628).
- arm64: dts: qcom: sc7280-herobrine: Drop outputs on fpmcu pins
(bsc#1012628).
- soc: qcom: llcc: Add MODULE_DEVICE_TABLE() (bsc#1012628).
- cxl/pci: Add debug for DVSEC range init failures (bsc#1012628).
- cxl/pci: Make cxl_dvsec_ranges() failure not fatal to cxl_pci
(bsc#1012628).
- KVM: nVMX: Leave most VM-Exit info fields unmodified on failed
VM-Entry (bsc#1012628).
- KVM: nVMX: Clear IDT vectoring on nested VM-Exit for
double/triple fault (bsc#1012628).
- arm64: dts: juno: Fix SCMI power domain IDs for ETF and CS
funnel (bsc#1012628).
- crypto: qat - set CIPHER capability for DH895XCC (bsc#1012628).
- crypto: qat - set COMPRESSION capability for DH895XCC
(bsc#1012628).
- platform/chrome: cros_ec: fix error handling in
cros_ec_register() (bsc#1012628).
- ARM: dts: imx6dl-colibri: Fix I2C pinmuxing (bsc#1012628).
- platform/chrome: Re-introduce cros_ec_cmd_xfer and use it for
ioctls (bsc#1012628).
- can: xilinx_can: mark bit timing constants as const
(bsc#1012628).
- ARM: dts: stm32: Fix PHY post-reset delay on Avenger96
(bsc#1012628).
- dt-bindings: soc: qcom: smd-rpm: Fix missing MSM8936 compatible
(bsc#1012628).
- ARM: dts: qcom: sdx55: remove wrong unit address from RPMH
RSC clocks (bsc#1012628).
- arm64: dts: qcom: sm8450: Fix missing iommus for qup
(bsc#1012628).
- arm64: dts: qcom: sm8450: Fix missing iommus for qup1
(bsc#1012628).
- ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT
(bsc#1012628).
- ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C
(bsc#1012628).
- ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED
(bsc#1012628).
- ARM: dts: bcm2835-rpi-b: Fix GPIO line names (bsc#1012628).
- misc: ocxl: fix possible double free in ocxl_file_register_afu
(bsc#1012628).
- hwrng: cn10k - Optimize cn10k_rng_read() (bsc#1012628).
- hwrng: cn10k - Make check_rng_health() return an error code
(bsc#1012628).
- crypto: marvell/cesa - ECB does not IV (bsc#1012628).
- gpiolib: of: Introduce hook for missing gpio-ranges
(bsc#1012628).
- pinctrl: bcm2835: implement hook for missing gpio-ranges
(bsc#1012628).
- drm/msm: simplify gpu_busy callback (bsc#1012628).
- drm/msm: return the average load over the polling period
(bsc#1012628).
- arm: mediatek: select arch timer for mt7629 (bsc#1012628).
- pinctrl/rockchip: support deferring other gpio params
(bsc#1012628).
- pinctrl: mediatek: mt8195: enable driver on mtk platforms
(bsc#1012628).
- arm64: dts: qcom: qrb5165-rb5: Fix can-clock node name
(bsc#1012628).
- Drivers: hv: vmbus: Fix handling of messages with transaction
ID of zero (bsc#1012628).
- powerpc/fadump: fix PT_LOAD segment for boot memory area
(bsc#1012628).
- mfd: ipaq-micro: Fix error check return value of
platform_get_irq() (bsc#1012628).
- scsi: fcoe: Fix Wstringop-overflow warnings in
fcoe_wwn_from_mac() (bsc#1012628).
- soc: bcm: Check for NULL return of devm_kzalloc() (bsc#1012628).
- arm64: dts: ti: k3-am64-mcu: remove incorrect UART base clock
rates (bsc#1012628).
- ASoC: sh: rz-ssi: Propagate error codes returned from
platform_get_irq_byname() (bsc#1012628).
- ASoC: sh: rz-ssi: Release the DMA channels in rz_ssi_probe()
error path (bsc#1012628).
- firmware: arm_scmi: Fix list protocols enumeration in the base
protocol (bsc#1012628).
- nvdimm: Fix firmware activation deadlock scenarios
(bsc#1012628).
- nvdimm: Allow overwrite in the presence of disabled dimms
(bsc#1012628).
- pinctrl: mvebu: Fix irq_of_parse_and_map() return value
(bsc#1012628).
- crypto: ccp - Fix the INIT_EX data file open failure
(bsc#1012628).
- drivers/base/node.c: fix compaction sysfs file leak
(bsc#1012628).
- dax: fix cache flush on PMD-mapped pages (bsc#1012628).
- drivers/base/memory: fix an unlikely reference counting issue
in __add_memory_block() (bsc#1012628).
- firmware: arm_ffa: Fix uuid parameter to ffa_partition_probe
(bsc#1012628).
- firmware: arm_ffa: Remove incorrect assignment of driver_data
(bsc#1012628).
- ocfs2: fix mounting crash if journal is not alloced
(bsc#1012628).
- list: fix a data-race around ep->rdllist (bsc#1012628).
- drm/msm/dpu: fix error check return value of
irq_of_parse_and_map() (bsc#1012628).
- powerpc/8xx: export 'cpm_setbrg' for modules (bsc#1012628).
- pinctrl: renesas: r8a779a0: Fix GPIO function on I2C-capable
pins (bsc#1012628).
- pinctrl: renesas: r8a779f0: Fix GPIO function on I2C-capable
pins (bsc#1012628).
- pinctrl: renesas: core: Fix possible null-ptr-deref in
sh_pfc_map_resources() (bsc#1012628).
- powerpc/idle: Fix return value of __setup() handler
(bsc#1012628).
- powerpc/4xx/cpm: Fix return value of __setup() handler
(bsc#1012628).
- RDMA/hns: Add the detection for CMDQ status in the device
initialization process (bsc#1012628).
- arm64: dts: marvell: espressobin-ultra: fix SPI-NOR config
(bsc#1012628).
- arm64: dts: marvell: espressobin-ultra: enable front USB3 port
(bsc#1012628).
- ASoC: atmel-pdmic: Remove endianness flag on pdmic component
(bsc#1012628).
- ASoC: atmel-classd: Remove endianness flag on class d component
(bsc#1012628).
- proc: fix dentry/inode overinstantiating under /proc/${pid}/net
(bsc#1012628).
- ipc/mqueue: use get_tree_nodev() in mqueue_get_tree()
(bsc#1012628).
- PCI: imx6: Fix PERST# start-up sequence (bsc#1012628).
- PCI: mediatek-gen3: Assert resets to ensure expected init state
(bsc#1012628).
- module.h: simplify MODULE_IMPORT_NS (bsc#1012628).
- module: fix [e_shstrndx].sh_size=0 OOB access (bsc#1012628).
- tty: fix deadlock caused by calling printk() under
tty_port->lock (bsc#1012628).
- crypto: sun8i-ss - rework handling of IV (bsc#1012628).
- crypto: sun8i-ss - handle zero sized sg (bsc#1012628).
- crypto: cryptd - Protect per-CPU resource by disabling BH
(bsc#1012628).
- ARM: dts: at91: sama7g5: remove interrupt-parent from gic node
(bsc#1012628).
- ARM: dts: lan966x: swap dma channels for crypto node
(bsc#1012628).
- hugetlbfs: fix hugetlbfs_statfs() locking (bsc#1012628).
- x86/mce: relocate set{clear}_mce_nospec() functions
(bsc#1012628).
- mce: fix set_mce_nospec to always unmap the whole page
(bsc#1012628).
- Input: sparcspkr - fix refcount leak in bbc_beep_probe
(bsc#1012628).
- PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (bsc#1012628).
- KVM: PPC: Book3S HV: Fix vcore_blocked tracepoint (bsc#1012628).
- PCI: microchip: Fix potential race in interrupt handling
(bsc#1012628).
- cxl/mem: Drop mem_enabled check from wait_for_media()
(bsc#1012628).
- hwrng: omap3-rom - fix using wrong clk_disable() in
omap_rom_rng_runtime_resume() (bsc#1012628).
- perf evlist: Keep topdown counters in weak group (bsc#1012628).
- perf stat: Always keep perf metrics topdown events in a group
(bsc#1012628).
- mailbox: pcc: Fix an invalid-load caught by the address
sanitizer (bsc#1012628).
- powerpc/64: Only WARN if __pa()/__va() called with bad addresses
(bsc#1012628).
- powerpc/powernv: Get L1D flush requirements from device-tree
(bsc#1012628).
- powerpc/powernv: Get STF barrier requirements from device-tree
(bsc#1012628).
- powerpc/perf: Fix the threshold compare group constraint for
power10 (bsc#1012628).
- powerpc/perf: Fix the threshold compare group constraint for
power9 (bsc#1012628).
- macintosh: via-pmu and via-cuda need RTC_LIB (bsc#1012628).
- powerpc/xive: Fix refcount leak in xive_spapr_init
(bsc#1012628).
- powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup
(bsc#1012628).
- powerpc/papr_scm: Fix leaking nvdimm_events_map elements
(bsc#1012628).
- powerpc/fsl_book3e: Don't set rodata RO too early (bsc#1012628).
- gpio: sim: Use correct order for the parameters of
devm_kcalloc() (bsc#1012628).
- mfd: davinci_voicecodec: Fix possible null-ptr-deref
davinci_vc_probe() (bsc#1012628).
- nfsd: destroy percpu stats counters after reply cache shutdown
(bsc#1012628).
- mailbox: forward the hrtimer if not queued and under a lock
(bsc#1012628).
- RDMA/rxe: Fix an error handling path in rxe_get_mcg()
(bsc#1012628).
- RDMA/hfi1: Prevent use of lock before it is initialized
(bsc#1012628).
- pinctrl: apple: Use a raw spinlock for the regmap (bsc#1012628).
- KVM: LAPIC: Drop pending LAPIC timer injection when canceling
the timer (bsc#1012628).
- Input: stmfts - do not leave device disabled in
stmfts_input_open (bsc#1012628).
- OPP: call of_node_put() on error path in _bandwidth_supported()
(bsc#1012628).
- dmaengine: ti: k3-psil-am62: Update PSIL thread for saul
(bsc#1012628).
- f2fs: fix to do sanity check on inline_dots inode (bsc#1012628).
- f2fs: fix dereference of stale list iterator after loop body
(bsc#1012628).
- riscv: Fixup difference with defconfig (bsc#1012628).
- iommu/amd: Enable swiotlb in all cases (bsc#1012628).
- iommu/amd: Do not call sleep while holding spinlock
(bsc#1012628).
- iommu/mediatek: Fix 2 HW sharing pgtable issue (bsc#1012628).
- iommu/mediatek: Add list_del in mtk_iommu_remove (bsc#1012628).
- iommu/mediatek: Remove clk_disable in mtk_iommu_remove
(bsc#1012628).
- iommu/mediatek: Add mutex for m4u_group and m4u_dom in data
(bsc#1012628).
- i2c: at91: use dma safe buffers (bsc#1012628).
- cpufreq: mediatek: Use module_init and add module_exit
(bsc#1012628).
- cpufreq: mediatek: Unregister platform device on exit
(bsc#1012628).
- iommu/arm-smmu-v3-sva: Fix mm use-after-free (bsc#1012628).
- MIPS: Loongson: Use hwmon_device_register_with_groups() to
register hwmon (bsc#1012628).
- iommu/mediatek: Fix NULL pointer dereference when printing
dev_name (bsc#1012628).
- i2c: at91: Initialize dma_buf in at91_twi_xfer() (bsc#1012628).
- dmaengine: idxd: Fix the error handling path in
idxd_cdev_register() (bsc#1012628).
- NFS: Do not report EINTR/ERESTARTSYS as mapping errors
(bsc#1012628).
- NFS: fsync() should report filesystem errors over
EINTR/ERESTARTSYS (bsc#1012628).
- NFS: Don't report ENOSPC write errors twice (bsc#1012628).
- NFS: Do not report flush errors in nfs_write_end()
(bsc#1012628).
- NFS: Don't report errors from nfs_pageio_complete() more than
once (bsc#1012628).
- NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS
layout (bsc#1012628).
- NFS: Further fixes to the writeback error handling
(bsc#1012628).
- NFS: Pass i_size to fscache_unuse_cookie() when a file is
released (bsc#1012628).
- video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup
(bsc#1012628).
- dmaengine: stm32-mdma: remove GISR1 register (bsc#1012628).
- dmaengine: stm32-mdma: fix chan initialization in
stm32_mdma_irq_handler() (bsc#1012628).
- i2c: npcm: Fix timeout calculation (bsc#1012628).
- i2c: npcm: Correct register access width (bsc#1012628).
- i2c: npcm: Handle spurious interrupts (bsc#1012628).
- i2c: rcar: fix PM ref counts in probe error paths (bsc#1012628).
- tracing: Reset the function filter after completing
trampoline/graph selftest (bsc#1012628).
- RISC-V: Split out the XIP fixups into their own file
(bsc#1012628).
- RISC-V: Fix the XIP build (bsc#1012628).
- MIPS: RALINK: Define pci_remap_iospace under
CONFIG_PCI_DRIVERS_GENERIC (bsc#1012628).
- perf build: Fix btf__load_from_kernel_by_id() feature check
(bsc#1012628).
- perf c2c: Use stdio interface if slang is not supported
(bsc#1012628).
- rtla: Avoid record NULL pointer dereference (bsc#1012628).
- rtla: Don't overwrite existing directory mode (bsc#1012628).
- rtla: Minor grammar fix for rtla README (bsc#1012628).
- rtla: Fix __set_sched_attr error message (bsc#1012628).
- rtla: Remove procps-ng dependency (bsc#1012628).
- tracing/timerlat: Notify IRQ new max latency only if stop
tracing is set (bsc#1012628).
- perf jevents: Fix event syntax error caused by ExtSel
(bsc#1012628).
- video: fbdev: vesafb: Fix a use-after-free due early fb_info
cleanup (bsc#1012628).
- NFSv4: Fix free of uninitialized nfs4_label on referral lookup
(bsc#1012628).
- NFSv4.1 mark qualified async operations as MOVEABLE tasks
(bsc#1012628).
- f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count()
(bsc#1012628).
- f2fs: fix to do sanity check on block address in
f2fs_do_zero_range() (bsc#1012628).
- f2fs: fix to clear dirty inode in f2fs_evict_inode()
(bsc#1012628).
- f2fs: fix deadloop in foreground GC (bsc#1012628).
- f2fs: don't need inode lock for system hidden quota
(bsc#1012628).
- f2fs: fix to do sanity check on total_data_blocks (bsc#1012628).
- f2fs: don't use casefolded comparison for "." and
".." (bsc#1012628).
- f2fs: fix fallocate to use file_modified to update permissions
consistently (bsc#1012628).
- f2fs: fix to do sanity check for inline inode (bsc#1012628).
- objtool: Fix objtool regression on x32 systems (bsc#1012628).
- objtool: Fix symbol creation (bsc#1012628).
- wifi: mac80211: fix use-after-free in chanctx code
(bsc#1012628).
- iwlwifi: fw: init SAR GEO table only if data is present
(bsc#1012628).
- iwlwifi: mvm: fix assert 1F04 upon reconfig (bsc#1012628).
- iwlwifi: mei: clear the sap data header before sending
(bsc#1012628).
- iwlwifi: mei: fix potential NULL-ptr deref (bsc#1012628).
- ipmi:ipmb: Fix refcount leak in ipmi_ipmb_probe (bsc#1012628).
- =?UTF-8?q?fs-writeback:=20writeback=5Fsb=5Finodes?=
=?UTF-8?q?=EF=BC=9ARecalculate=20'wrote'=20according=20skipped=20pages?=
(bsc#1012628).
- efi: Do not import certificates from UEFI Secure Boot for T2
Macs (bsc#1012628).
- bfq: Avoid false marking of bic as stably merged (bsc#1012628).
- bfq: Avoid merging queues with different parents (bsc#1012628).
- bfq: Split shared queues on move between cgroups (bsc#1012628).
- bfq: Update cgroup information before merging bio (bsc#1012628).
- bfq: Drop pointless unlock-lock pair (bsc#1012628).
- bfq: Remove pointless bfq_init_rq() calls (bsc#1012628).
- bfq: Track whether bfq_group is still online (bsc#1012628).
- bfq: Get rid of __bio_blkcg() usage (bsc#1012628).
- bfq: Make sure bfqg for which we are queueing requests is online
(bsc#1012628).
- ext4: mark group as trimmed only if it was fully scanned
(bsc#1012628).
- ext4: fix use-after-free in ext4_rename_dir_prepare
(bsc#1012628).
- ext4: fix journal_ioprio mount option handling (bsc#1012628).
- ext4: fix race condition between ext4_write and
ext4_convert_inline_data (bsc#1012628).
- ext4: fix warning in ext4_handle_inode_extension (bsc#1012628).
- ext4: fix memory leak in parse_apply_sb_mount_options()
(bsc#1012628).
- ext4: fix bug_on in ext4_writepages (bsc#1012628).
- ext4: filter out EXT4_FC_REPLAY from on-disk superblock field
s_state (bsc#1012628).
- ext4: fix bug_on in __es_tree_search (bsc#1012628).
- ext4: verify dir block before splitting it (bsc#1012628).
- ext4: avoid cycles in directory h-tree (bsc#1012628).
- ACPI: property: Release subnode properties with data nodes
(bsc#1012628).
- tty: goldfish: Introduce gf_ioread32()/gf_iowrite32()
(bsc#1012628).
- tracing: Have event format check not flag %p* on
__get_dynamic_array() (bsc#1012628).
- tracing: Fix potential double free in create_var_ref()
(bsc#1012628).
- tracing: Fix return value of trace_pid_write() (bsc#1012628).
- tracing: Initialize integer variable to prevent garbage return
value (bsc#1012628).
- drm/amdgpu: add beige goby PCI ID (bsc#1012628).
- PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte
X299 (bsc#1012628).
- PCI: qcom: Fix pipe clock imbalance (bsc#1012628).
- PCI: qcom: Fix runtime PM imbalance on probe errors
(bsc#1012628).
- PCI: qcom: Fix unbalanced PHY init on probe errors
(bsc#1012628).
- staging: r8188eu: prevent ->Ssid overflow in rtw_wx_set_scan()
(bsc#1012628).
- block: Fix potential deadlock in blk_ia_range_sysfs_show()
(bsc#1012628).
- mm, compaction: fast_find_migrateblock() should return pfn in
the target zone (bsc#1012628).
- s390/perf: obtain sie_block from the right address
(bsc#1012628).
- s390/stp: clock_delta should be signed (bsc#1012628).
- dlm: fix plock invalid read (bsc#1012628).
- dlm: uninitialized variable on error in dlm_listen_for_all()
(bsc#1012628).
- dlm: fix wake_up() calls for pending remove (bsc#1012628).
- dlm: fix missing lkb refcount handling (bsc#1012628).
- ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock
(bsc#1012628).
- scsi: dc395x: Fix a missing check on list iterator
(bsc#1012628).
- scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled
(bsc#1012628).
- landlock: Add clang-format exceptions (bsc#1012628).
- landlock: Format with clang-format (bsc#1012628).
- selftests/landlock: Add clang-format exceptions (bsc#1012628).
- selftests/landlock: Normalize array assignment (bsc#1012628).
- selftests/landlock: Format with clang-format (bsc#1012628).
- samples/landlock: Add clang-format exceptions (bsc#1012628).
- samples/landlock: Format with clang-format (bsc#1012628).
- landlock: Fix landlock_add_rule(2) documentation (bsc#1012628).
- selftests/landlock: Make tests build with old libc
(bsc#1012628).
- selftests/landlock: Extend tests for minimal valid attribute
size (bsc#1012628).
- selftests/landlock: Add tests for unknown access rights
(bsc#1012628).
- selftests/landlock: Extend access right tests to directories
(bsc#1012628).
- selftests/landlock: Fully test file rename with "remove" access
(bsc#1012628).
- selftests/landlock: Add tests for O_PATH (bsc#1012628).
- landlock: Change landlock_add_rule(2) argument check ordering
(bsc#1012628).
- landlock: Change landlock_restrict_self(2) check ordering
(bsc#1012628).
- selftests/landlock: Test landlock_create_ruleset(2) argument
check ordering (bsc#1012628).
- landlock: Define access_mask_t to enforce a consistent access
mask size (bsc#1012628).
- landlock: Reduce the maximum number of layers to 16
(bsc#1012628).
- landlock: Create find_rule() from unmask_layers() (bsc#1012628).
- landlock: Fix same-layer rule unions (bsc#1012628).
- drm/amdgpu/cs: make commands with 0 chunks illegal behaviour
(bsc#1012628).
- drm/nouveau/subdev/bus: Ratelimit logging for fault errors
(bsc#1012628).
- drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem
(bsc#1012628).
- drm/nouveau/clk: Fix an incorrect NULL check on list iterator
(bsc#1012628).
- drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on
list iterator (bsc#1012628).
- drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX
(bsc#1012628).
- drm/i915/dsi: fix VBT send packet port selection for ICL+
(bsc#1012628).
- md: fix an incorrect NULL check in does_sb_need_changing
(bsc#1012628).
- md: fix an incorrect NULL check in md_reload_sb (bsc#1012628).
- mtd: cfi_cmdset_0002: Move and rename
chip_check/chip_ready/chip_good_for_write (bsc#1012628).
- mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N
(bsc#1012628).
- media: coda: Fix reported H264 profile (bsc#1012628).
- media: coda: Add more H264 levels for CODA960 (bsc#1012628).
- ima: remove the IMA_TEMPLATE Kconfig option (bsc#1012628).
- Kconfig: Add option for asm goto w/ tied outputs to workaround
clang-13 bug (bsc#1012628).
- lib/string_helpers: fix not adding strarray to device's resource
list (bsc#1012628).
- RDMA/hfi1: Fix potential integer multiplication overflow errors
(bsc#1012628).
- mmc: core: Allows to override the timeout value for ioctl()
path (bsc#1012628).
- csky: patch_text: Fixup last cpu should be master (bsc#1012628).
- irqchip/armada-370-xp: Do not touch Performance Counter Overflow
on A375, A38x, A39x (bsc#1012628).
- irqchip: irq-xtensa-mx: fix initial IRQ affinity (bsc#1012628).
- thermal: devfreq_cooling: use local ops instead of global ops
(bsc#1012628).
- mt76: fix use-after-free by removing a non-RCU wcid pointer
(bsc#1012628).
- cfg80211: declare MODULE_FIRMWARE for regulatory.db
(bsc#1012628).
- mac80211: upgrade passive scan to active scan on DFS channels
after beacon rx (bsc#1012628).
- um: virtio_uml: Fix broken device handling in time-travel
(bsc#1012628).
- um: Use asm-generic/dma-mapping.h (bsc#1012628).
- um: chan_user: Fix winch_tramp() return value (bsc#1012628).
- um: Fix out-of-bounds read in LDT setup (bsc#1012628).
- MIPS: IP27: Remove incorrect `cpu_has_fpu' override
(bsc#1012628).
- MIPS: IP30: Remove incorrect `cpu_has_fpu' override
(bsc#1012628).
- kexec_file: drop weak attribute from
arch_kexec_apply_relocations[_add] (bsc#1012628).
- ftrace: Clean up hash direct_functions on register failures
(bsc#1012628).
- ksmbd: fix outstanding credits related bugs (bsc#1012628).
- iommu/msm: Fix an incorrect NULL check on list iterator
(bsc#1012628).
- iommu/dma: Fix iova map result check bug (bsc#1012628).
- kprobes: Fix build errors with CONFIG_KRETPROBES=n
(bsc#1012628).
- Revert "mm/cma.c: remove redundant cma_mutex lock"
(bsc#1012628).
- mm/page_owner: use strscpy() instead of strlcpy() (bsc#1012628).
- mm/page_alloc: always attempt to allocate at least one page
during bulk allocation (bsc#1012628).
- nodemask.h: fix compilation error with GCC12 (bsc#1012628).
- hugetlb: fix huge_pmd_unshare address update (bsc#1012628).
- mm/memremap: fix missing call to untrack_pfn() in
pagemap_range() (bsc#1012628).
- xtensa/simdisk: fix proc_read_simdisk() (bsc#1012628).
- rtl818x: Prevent using not initialized queues (bsc#1012628).
- ASoC: rt5514: Fix event generation for "DSP Voice Wake Up"
control (bsc#1012628).
- carl9170: tx: fix an incorrect use of list iterator
(bsc#1012628).
- stm: ltdc: fix two incorrect NULL checks on list iterator
(bsc#1012628).
- bcache: improve multithreaded bch_btree_check() (bsc#1012628).
- bcache: improve multithreaded bch_sectors_dirty_init()
(bsc#1012628).
- bcache: remove incremental dirty sector counting for
bch_sectors_dirty_init() (bsc#1012628).
- bcache: avoid journal no-space deadlock by reserving 1 journal
bucket (bsc#1012628).
- serial: pch: don't overwrite xmit->buf[0] by x_char
(bsc#1012628).
- tilcdc: tilcdc_external: fix an incorrect NULL check on list
iterator (bsc#1012628).
- gma500: fix an incorrect NULL check on list iterator
(bsc#1012628).
- arm64: dts: qcom: ipq8074: fix the sleep clock frequency
(bsc#1012628).
- arm64: tegra: Add missing DFLL reset on Tegra210 (bsc#1012628).
- clk: tegra: Add missing reset deassertion (bsc#1012628).
- phy: qcom-qmp: fix struct clk leak on probe errors
(bsc#1012628).
- ARM: dts: s5pv210: Remove spi-cs-high on panel in Aries
(bsc#1012628).
- ARM: pxa: maybe fix gpio lookup tables (bsc#1012628).
- ceph: fix decoding of client session messages flags
(bsc#1012628).
- misc: fastrpc: fix list iterator in fastrpc_req_mem_unmap_impl
(bsc#1012628).
- SMB3: EBADF/EIO errors in rename/open caused by race condition
in smb2_compound_op (bsc#1012628).
- docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0
(bsc#1012628).
- dt-bindings: gpio: altera: correct interrupt-cells
(bsc#1012628).
- vdpasim: allow to enable a vq repeatedly (bsc#1012628).
- blk-iolatency: Fix inflight count imbalances and IO hangs on
offline (bsc#1012628).
- coresight: core: Fix coresight device probe failure issue
(bsc#1012628).
- phy: qcom-qmp: fix reset-controller leak on probe errors
(bsc#1012628).
- net: ipa: fix page free in ipa_endpoint_trans_release()
(bsc#1012628).
- net: ipa: fix page free in ipa_endpoint_replenish_one()
(bsc#1012628).
- media: lirc: add missing exceptions for lirc uapi header file
(bsc#1012628).
- kseltest/cgroup: Make test_stress.sh work if run interactively
(bsc#1012628).
- perf evlist: Extend arch_evsel__must_be_in_group to support
hybrid systems (bsc#1012628).
- Revert "random: use static branch for crng_ready()"
(bsc#1012628).
- staging: r8188eu: delete rtw_wx_read/write32() (bsc#1012628).
- binder: fix sender_euid type in uapi header (bsc#1012628).
- RDMA/hns: Remove the num_cqc_timer variable (bsc#1012628).
- RDMA/rxe: Generate a completion for unsupported/invalid opcode
(bsc#1012628).
- ext4: only allow test_dummy_encryption when supported
(bsc#1012628).
- fs: add two trivial lookup helpers (bsc#1012628).
- exportfs: support idmapped mounts (bsc#1012628).
- md: Don't set mddev private to NULL in raid0 pers->free
(bsc#1012628).
- md: fix double free of io_acct_set bioset (bsc#1012628).
- md: bcache: check the return value of kzalloc() in
detached_dev_do_request() (bsc#1012628).
- macsec: fix UAF bug for real_dev (bsc#1012628).
- tty: n_gsm: Fix packet data hex dump output (bsc#1012628).
- pinctrl/rockchip: support setting input-enable param
(bsc#1012628).
- block: fix bio_clone_blkg_association() to associate with
proper blkcg_gq (bsc#1012628).
- Update config files.
* EFI_DISABLE_RUNTIME=n -- the default.
* the rest is non-configurable.
- Refresh patches.suse/vfs-add-super_operations-get_inode_dev.
- commit b06f595
++++ libX11:
- Update to version 1.8.1
This release fixes the --enable-thread-safety-constructor option to the
configure script to work as intended. In the previous release, the changes
for this option may not have been enabled when the option was not specified
or when the --enable option was specified.
While we have enabled it by default, believing that doing so will reduce
the number of bugs users encounter running libX11 clients, in some cases
it may expose bugs in which clients had previously gotten away with calling
libX11 functions while a libX11 lock is already held, and thus now deadlock,
as discussed in https://gitlab.freedesktop.org/xorg/lib/libx11/-/issues/157 .
++++ nfs-utils:
- 0001-systemd-Apply-all-sysctl-settings-when-NFS-related-m.patch
Ensure sysctl setting work (bsc#1199856)
- 0002-Update-autoconfig-files-to-work-with-v2.71.patch
- 0003-autoconf-change-tirpc-to-check-for-a-file-not-for-an.patch
Update for latest autoconf
++++ python310-core:
- Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid
CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the
command injection in the mailcap module.
- Fix building of documentation and the universal configuration of the
%primary_interpreter.
++++ ceph:
- Update to 16.2.9-158-gd93952c7eea:
+ cmake: check for python(\d)\.(\d+) when building boost
+ make-dist: patch boost source to support python 3.10
++++ patterns-alp:
- Ensure toolbox is installed by default.
++++ python310:
- Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid
CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the
command injection in the mailcap module.
- Fix building of documentation and the universal configuration of the
%primary_interpreter.
++++ python-MarkupSafe:
- Require python 3.6. There is no need to require a newer version and
this way it builds on openSUSE Leap >= 15.3
++++ python-cryptography:
- Remove Python 3.6 deprecation warning on openSUSE Leap.
* Added remove_python_3_6_deprecation_warning.patch
++++ python-gobject:
- Add dependency on python-cairo to python-gobject-cairo: The
introspection wrapper needs the actual pycairo underneath
(boo#1179584).
++++ runc:
- Update to runc v1.1.3. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.1.3.
(Includes a fix for bsc#1200088.)
* Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on
s390 and s390x. This solves the issue where syscalls the host kernel did not
support would return `-EPERM` despite the existence of the `-ENOSYS` stub
code (this was due to how s390x does syscall multiplexing).
* Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as
intended; this fix does not affect runc binary itself but is important for
libcontainer users such as Kubernetes.
* Inability to compile with recent clang due to an issue with duplicate
constants in libseccomp-golang.
* When using systemd cgroup driver, skip adding device paths that don't exist,
to stop systemd from emitting warnings about those paths.
* Socket activation was failing when more than 3 sockets were used.
* Various CI fixes.
* Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container.
* runc static binaries are now linked against libseccomp v2.5.4.
- Remove upstreamed patches:
- bsc1192051-0001-seccomp-enosys-always-return-ENOSYS-for-setup-2-on-s390x.patch
------------------------------------------------------------------
------------------ 2022-6-8 - Jun 8 2022 -------------------
------------------------------------------------------------------
++++ dbus-1:
- version provides
- add split provides
- remove unused/obsolete pre_checkin.sh
++++ dnsmasq:
- Move the dbus-1 system.d file to /usr (bsc#1200344)
++++ glibc:
- strncpy-power9-vsx.patch: powerpc: Fix VSX register number on
__strncpy_power9 (BZ #29197)
- nptl-cleanup-async-restore.patch: nptl: Fix __libc_cleanup_pop_restore
asynchronous restore (bsc#1200093, BZ #29214)
++++ grub2:
- Add tpm, tpm2, luks2 and gcry_sha512 to default grub.efi (bsc#1197625)
- Make grub-tpm.efi a symlink to grub.efi
* grub2.spec
- Log error when tpm event log is full and continue
* 0001-tpm-Log-EFI_VOLUME_FULL-and-continue.patch
- Patch superseded
* 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch
- Add patches for automatic TPM disk unlock (jsc#SLE-24018) (bsc#1196668)
* 0001-luks2-Add-debug-message-to-align-with-luks-and-geli-.patch
* 0002-cryptodisk-Refactor-to-discard-have_it-global.patch
* 0003-cryptodisk-Return-failure-in-cryptomount-when-no-cry.patch
* 0004-cryptodisk-Improve-error-messaging-in-cryptomount-in.patch
* 0005-cryptodisk-Improve-cryptomount-u-error-message.patch
* 0006-cryptodisk-Add-infrastructure-to-pass-data-from-cryp.patch
* 0007-cryptodisk-Refactor-password-input-out-of-crypto-dev.patch
* 0008-cryptodisk-Move-global-variables-into-grub_cryptomou.patch
* 0009-cryptodisk-Improve-handling-of-partition-name-in-cry.patch
* 0010-protectors-Add-key-protectors-framework.patch
* 0011-tpm2-Add-TPM-Software-Stack-TSS.patch
* 0012-protectors-Add-TPM2-Key-Protector.patch
* 0013-cryptodisk-Support-key-protectors.patch
* 0014-util-grub-protect-Add-new-tool.patch
- Fix no disk unlocking happen (bsc#1196668)
* 0001-crytodisk-fix-cryptodisk-module-looking-up.patch
- Fix build error
* fix-tpm2-build.patch
++++ kernel-default:
- Update config files: disable CONFIG_NET_DSA_REALTEK_* on x86_64 (bsc#1200254)
- commit 262234b
- fs/ntfs3: Fix invalid free in log_replay (CVE-2022-1973
bsc#1200023).
- commit 3433bd9
++++ kernel-firmware:
- Update to version 20220607 (git commit 02c69863c885):
* rtl_bt: Update RTL8852A BT USB firmware to 0xDFB8_0634
* Makefile: replace mkdir by install
* iwlwifi: remove old unsupported 3160/7260/7265/8000/8265 firmware
* ath11k: WCN6855 hw2.0: update to WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.9
* WHENCE: ath11k: move regdb.bin before board-2.bin
* ath10k: QCA9984 hw1.0: update firmware-5.bin to 10.4-3.9.0.2-00157
* ath10k: QCA9888 hw2.0: update board-2.bin
* ath10k: QCA9888 hw2.0: update firmware-5.bin to 10.4-3.9.0.2-00157
* ath10k: QCA4019 hw1.0: update board-2.bin
* ath10k: WCN3990 hw1.0: add board-2.bin
- Update aliases from 5.19-rc1
- Minor adjustment of spec template and makespec.sh to align with
the latest TW format
++++ libcontainers-common:
- Add missing comma to previous change
++++ systemd:
- Import commit e9fc337d97539fcab23078ab3e06f6b2ce3a3c8d
ca0b29521f sha256: fix compilation on efi-ia32
1bbbac6a7e test: enable virtio-rng device for QEMU guests
++++ usbredir:
- Add upstream backported patches (boo#1199354):
+ 9426fdb1.patch: Check header length unserialising data.
+ dffc41c3.patch: usbredirect: fix leak on bad input.
++++ patterns-alp:
- Remove k3s-linux requirement, it is now pulled by k3s-install.
++++ timezone:
- switch to _multibuild
- refresh keyring, enable keyring validation
++++ wpa_supplicant:
- Move the dbus-1 system.d file to /usr (bsc#1200342)
------------------------------------------------------------------
------------------ 2022-6-7 - Jun 7 2022 -------------------
------------------------------------------------------------------
++++ containerd:
- Update to containerd v1.6.6 to fix CVE-2022-31030 and meet the requirements
of Docker v20.10.17-ce. bsc#1200145
- Remove upstreamed patches:
- bsc1200145-Limit-the-response-size-of-ExecSync.patch
++++ docker:
- Update to Docker 20.10.17-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/#201017>. bsc#1200145
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
* 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
++++ kernel-default:
- Update config files: restore CONFIG_I8K=y (bsc#1199958)
- commit 04cadbf
- update CVE and bugzilla references
- patches.kernel.org/5.18.2-001-netfilter-nf_tables-disallow-non-stateful-expr.patch
- add CVE-2022-1966 bsc#1200015
- patches.kernel.org/5.18.2-010-netfilter-nf_tables-sanitize-nft_set_desc_conc.patch
- add CVE-2022-1972 bsc#1200019
- commit 6d13af9
- Update config files (only run_oldconfig.sh).
- commit 695cfee
++++ ncurses:
- Add ncurses patch 20220604
+ add note on portable memory-leak checking in man/curs_memleaks.3x
+ remove u6-u9 from teken-2018 -TD
+ set "xterm-new" to "xterm-p370", add "xterm-p371" -TD
++++ libnftnl:
- Update to release 1.2.2
* exthdr: tcp option reset support
++++ popt:
- Create lang subpackage
++++ openssl:
- Update to 1.1.1o release
------------------------------------------------------------------
------------------ 2022-6-6 - Jun 6 2022 -------------------
------------------------------------------------------------------
++++ containerd:
[ This patch was only released in SLES and Leap. ]
- Backport patch to fix GHSA-5ffw-gxpp-mxpf CVE-2022-31030. bsc#1200145
+ bsc1200145-Limit-the-response-size-of-ExecSync.patch
- Update to containerd v1.5.12. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.5.12>
++++ kernel-default:
- Update to 5.19-rc1
- eliminate 54 patches (48 stable, 5 mainline, 1 other)
- patches.kernel.org/*
- patches.rpmify/scripts-dummy-tools-add-pahole.patch
- patches.suse/KVM-x86-avoid-calling-x86-emulator-without-a-decoded-instruction
- patches.suse/Revert-net-af_key-add-check-for-pfkey_broadcast-in-f.patch
- patches.suse/iommu-amd-Increase-timeout-waiting-for-GA-log-enablement
- patches.suse/simplefb-Enable-boot-time-VESA-graphic-mode-selectio.patch
- patches.rpmify/powerpc-64-BE-option-to-use-ELFv2-ABI-for-big-endian.patch
- refresh
- patches.suse/add-suse-supported-flag.patch
- patches.suse/genksyms-add-override-flag.diff
- patches.suse/kernel-add-product-identifying-information-to-kernel-build.patch
- patches.suse/vfs-add-super_operations-get_inode_dev
- 5.19-rc1 regression fix
- patches.suse/drm-amdgpu-always-flush-the-TLB-on-gfx8.patch
- disable ARM architectures (need config update)
- new config options
- General setup
- CONFIG_BOOT_CONFIG_EMBED=n
- CONFIG_INITRAMFS_PRESERVE_MTIME=y
- Processor type and features
- CONFIG_INTEL_TDX_GUEST=y
- CONFIG_PERF_EVENTS_AMD_BRS=y
- CONFIG_MICROCODE_LATE_LOADING=n
- Enable loadable module support
- CONFIG_MODULE_UNLOAD_TAINT_TRACKING=y
- Memory Management options
- CONFIG_PTE_MARKER_UFFD_WP=y
- Networking support
- CONFIG_CAN_CTUCANFD_PCI=m
- File systems
- CONFIG_CACHEFILES_ONDEMAND=n
- CONFIG_HUGETLB_PAGE_OPTIMIZE_VMEMMAP_DEFAULT_ON=n
- Security options
- CONFIG_TRUSTED_KEYS_TPM=y
- CONFIG_TRUSTED_KEYS_TEE=y
- CONFIG_RANDSTRUCT_NONE=y
- Cryptographic API
- CONFIG_CRYPTO_SM3_GENERIC=m
- CONFIG_CRYPTO_SM4_GENERIC=m
- CONFIG_SYSTEM_BLACKLIST_AUTH_UPDATE=y
- Kernel hacking
- CONFIG_DEBUG_NET=n
- CONFIG_RCU_EXP_CPU_STALL_TIMEOUT=0
- Generic Driver Options
- CONFIG_FW_LOADER_COMPRESS_XZ=y
- CONFIG_FW_LOADER_COMPRESS_ZSTD=y
- CONFIG_FW_UPLOAD=y
- Firmware Drivers
- CONFIG_EFI_DXE_MEM_ATTRIBUTES=y
- CONFIG_EFI_DISABLE_RUNTIME=n
- CONFIG_EFI_COCO_SECRET=y
- Network device support
- CONFIG_OCTEON_EP=m
- CONFIG_SFC_SIENA=m
- CONFIG_SFC_SIENA_MTD=y
- CONFIG_SFC_SIENA_MCDI_MON=y
- CONFIG_SFC_SIENA_SRIOV=y
- CONFIG_SFC_SIENA_MCDI_LOGGING=y
- CONFIG_ADIN1100_PHY=m
- CONFIG_DP83TD510_PHY=m
- CONFIG_WLAN_VENDOR_PURELIFI=y
- CONFIG_PLFXLC=m
- CONFIG_RTW89_8852CE=m
- CONFIG_WLAN_VENDOR_SILABS=y
- CONFIG_MTK_T7XX=m
- Input device support
- CONFIG_JOYSTICK_SENSEHAT=m
- CONFIG_INPUT_IQS7222=m
- Hardware Monitoring support
- CONFIG_SENSORS_NCT6775_I2C=m
- CONFIG_SENSORS_XDPE152=m
- Sound card support
- CONFIG_SND_SOC_CS35L45_SPI=m
- CONFIG_SND_SOC_CS35L45_I2C=m
- CONFIG_SND_SOC_MAX98396=m
- CONFIG_SND_SOC_WM8731_I2C=n
- CONFIG_SND_SOC_WM8731_SPI=n
- CONFIG_SND_SOC_WM8940=n
- Virtualization drivers
- CONFIG_EFI_SECRET=m
- CONFIG_SEV_GUEST=m
- X86 Platform Specific Device Drivers
- CONFIG_INTEL_IFS=m
- CONFIG_WINMATE_FM07_KEYS=m
- Industrial I/O support
- CONFIG_DMARD06=n
- CONFIG_IIO_RESCALE=m
- CONFIG_DPOT_DAC=n
- CONFIG_VF610_DAC=n
- CONFIG_CM3605=n
- CONFIG_AK8974=n
- CONFIG_IIO_MUX=m
- CONFIG_HTE=y
- CONFIG_HTE=y
- Misc devices
- CONFIG_INTEL_MEI_GSC=m
- CONFIG_MHI_BUS_EP=m
- CONFIG_REGULATOR_RT5759=m
- CONFIG_HID_MEGAWORLD_FF=m
- CONFIG_TYPEC_MUX_FSA4480=m
- CONFIG_LEDS_PWM_MULTICOLOR=m
- CONFIG_CHROMEOS_ACPI=m
- CONFIG_NVSW_SN2201=m
- OF dependent (i386, ppc64/ppc64le, riscv64)
- DRM_PANEL_NEWVISION_NV3052C=n
- DRM_FSL_LDB=n
- DRM_LONTIUM_LT9211=n
- SND_SERIAL_GENERIC=m
- LEDS_QCOM_LPG=m
- OMAP_GPMC=m
- OMAP_GPMC_DEBUG=n
- PWM_XILINX=m
- i386
- CAN_CTUCANFD_PLATFORM=m
- ppc64/ppc64le
- KASAN=n
- s390x
- S390_UV_UAPI=m
- MUX_ADG792A=n
- riscv64
- ERRATA_THEAD=y
- ERRATA_THEAD_PBMT=y
- RISCV_ISA_SVPBMT=y
- KEXEC_FILE=y
- COMPAT=y
- ARCH_MMAP_RND_COMPAT_BITS=8 (default)
- NETFILTER_XTABLES_COMPAT=y
- CAN_CTUCANFD_PLATFORM=m
- HW_RANDOM_POLARFIRE_SOC=m
- DRM_DW_HDMI_GP_AUDIO=n
- IMA_KEXEC=y
- STACK_HASH_ORDER=20 (default)
- PAGE_TABLE_CHECK=y
- PAGE_TABLE_CHECK_ENFORCED=n
- */debug
- DEBUG_NET=y
- commit 515f42c
- Linux 5.18.2 (bsc#1012628).
- netfilter: nf_tables: disallow non-stateful expression in sets
earlier (bsc#1012628).
- i2c: ismt: prevent memory corruption in ismt_access()
(bsc#1012628).
- assoc_array: Fix BUG_ON during garbage collect (bsc#1012628).
- pipe: make poll_usage boolean and annotate its access
(bsc#1012628).
- pipe: Fix missing lock in pipe_resize_ring() (bsc#1012628).
- net: ipa: compute proper aggregation limit (bsc#1012628).
- drm/i915: Fix -Wstringop-overflow warning in call to
intel_read_wm_latency() (bsc#1012628).
- exfat: check if cluster num is valid (bsc#1012628).
- netfilter: nft_limit: Clone packet limits' cost value
(bsc#1012628).
- netfilter: nf_tables: sanitize nft_set_desc_concat_parse()
(bsc#1012628).
- netfilter: nf_tables: hold mutex on netns pre_exit path
(bsc#1012628).
- netfilter: nf_tables: double hook unregistration in netns path
(bsc#1012628).
- netfilter: conntrack: re-fetch conntrack after insertion
(bsc#1012628).
- KVM: PPC: Book3S HV: fix incorrect NULL check on list iterator
(bsc#1012628).
- x86/fpu: KVM: Set the base guest FPU uABI size to sizeof(struct
kvm_xsave) (bsc#1012628).
- x86/kvm: Alloc dummy async #PF token outside of raw spinlock
(bsc#1012628).
- x86, kvm: use correct GFP flags for preemption disabled
(bsc#1012628).
- x86/uaccess: Implement macros for CMPXCHG on user addresses
(bsc#1012628).
- KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits
(bsc#1012628).
- KVM: x86: Use __try_cmpxchg_user() to emulate atomic accesses
(bsc#1012628).
- KVM: x86: fix typo in __try_cmpxchg_user causing non-atomicness
(bsc#1012628).
- KVM: x86: avoid loading a vCPU after .vm_destroy was called
(bsc#1012628).
- KVM: x86: Fix the intel_pt PMI handling wrongly considered
from guest (bsc#1012628).
- KVM: x86: Drop WARNs that assert a triple fault never "escapes"
from L2 (bsc#1012628).
- KVM: x86/mmu: Don't rebuild page when the page is synced and
no tlb flushing is required (bsc#1012628).
- KVM: SVM: Use kzalloc for sev ioctl interfaces to prevent
kernel data leak (bsc#1012628).
- crypto: caam - fix i.MX6SX entropy delay value (bsc#1012628).
- crypto: ecrdsa - Fix incorrect use of vli_cmp (bsc#1012628).
- crypto: qat - rework the VF2PF interrupt handling logic
(bsc#1012628).
- zsmalloc: fix races between asynchronous zspage free and page
migration (bsc#1012628).
- tools/memory-model/README: Update klitmus7 compat table
(bsc#1012628).
- ALSA: usb-audio: Workaround for clock setup on TEAC devices
(bsc#1012628).
- ALSA: usb-audio: Add missing ep_idx in fixed EP quirks
(bsc#1012628).
- ALSA: usb-audio: Configure sync endpoints before data
(bsc#1012628).
- Bluetooth: hci_qca: Use del_timer_sync() before freeing
(bsc#1012628).
- ARM: dts: s5pv210: Correct interrupt name for bluetooth in Aries
(bsc#1012628).
- dm integrity: fix error code in dm_integrity_ctr()
(bsc#1012628).
- dm crypt: make printing of the key constant-time (bsc#1012628).
- dm stats: add cond_resched when looping over entries
(bsc#1012628).
- dm verity: set DM_TARGET_IMMUTABLE feature flag (bsc#1012628).
- raid5: introduce MD_BROKEN (bsc#1012628).
- fs/ntfs3: validate BOOT sectors_per_clusters (bsc#1012628).
- HID: multitouch: Add support for Google Whiskers Touchpad
(bsc#1012628).
- HID: multitouch: add quirks to enable Lenovo X12 trackpoint
(bsc#1012628).
- x86/sgx: Disconnect backing page references from dirty status
(bsc#1012628).
- x86/sgx: Mark PCMD page as dirty when modifying contents
(bsc#1012628).
- x86/sgx: Obtain backing storage page with enclave mutex held
(bsc#1012628).
- x86/sgx: Fix race between reclaimer and page fault handler
(bsc#1012628).
- x86/sgx: Ensure no data in PCMD page after truncate
(bsc#1012628).
- media: i2c: imx412: Fix reset GPIO polarity (bsc#1012628).
- media: i2c: imx412: Fix power_off ordering (bsc#1012628).
- tpm: Fix buffer access in tpm2_get_tpm_pt() (bsc#1012628).
- tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe()
(bsc#1012628).
- docs: submitting-patches: Fix crossref to 'The canonical patch
format' (bsc#1012628).
- NFS: Memory allocation failures are not server fatal errors
(bsc#1012628).
- NFSD: Fix possible sleep during nfsd4_release_lockowner()
(bsc#1012628).
- bpf: Fill new bpf_prog_pack with illegal instructions
(bsc#1012628).
- bpf: Fix potential array overflow in bpf_trampoline_get_progs()
(bsc#1012628).
- bpf: Fix combination of jit blinding and pointers to bpf
subprogs (bsc#1012628).
- bpf: Enlarge offset check value to INT_MAX in
bpf_skb_{load,store}_bytes (bsc#1012628).
- bpf: Fix usage of trace RCU in local storage (bsc#1012628).
- bpf: Fix excessive memory allocation in stack_map_alloc()
(bsc#1012628).
- bpf: Reject writes for PTR_TO_MAP_KEY in check_helper_mem_access
(bsc#1012628).
- bpf: Check PTR_TO_MEM | MEM_RDONLY in check_helper_mem_access
(bsc#1012628).
- bpf: Do write access check for kfunc and global func
(bsc#1012628).
- ALSA: usb-audio: Optimize TEAC clock quirk (bsc#1012628).
- commit b7b9d3b
++++ alsa:
- Backport upstream fixes for 32bit inode and ELD parsing:
0001-conf-Use-ino64_t-to-save-and-compare-inode-numbers.patch
0002-control-eld-fix-the-decoding-for-older-hw.patch
++++ libcontainers-common:
- Add registry.suse.com as agreed on oSC22
Let's advertise usage of BCI images in general
++++ python310-core:
- Update to 3.10.5:
- Core and Builtins
- gh-93418: Fixed an assert where an f-string has an equal
sign ‘=’ following an expression, but there’s no trailing
brace. For example, fâ€{i=â€.
- gh-91924: Fix __ltrace__ debug feature if the stdout
encoding is not UTF-8. Patch by Victor Stinner.
- gh-93061: Backward jumps after async for loops are no
longer given dubious line numbers.
- gh-93065: Fix contextvars HAMT implementation to handle
iteration over deep trees.
- The bug was discovered and fixed by Eli Libman. See
MagicStack/immutables#84 for more details.
- gh-92311: Fixed a bug where setting frame.f_lineno to jump
over a list comprehension could misbehave or crash.
- gh-92112: Fix crash triggered by an evil custom mro() on
a metaclass.
- gh-92036: Fix a crash in subinterpreters related to the
garbage collector. When a subinterpreter is deleted,
untrack all objects tracked by its GC. To prevent a crash
in deallocator functions expecting objects to be tracked by
the GC, leak a strong reference to these objects on
purpose, so they are never deleted and their deallocator
functions are not called. Patch by Victor Stinner.
- gh-91421: Fix a potential integer overflow in
_Py_DecodeUTF8Ex.
- bpo-47212: Raise IndentationError instead of SyntaxError
for a bare except with no following indent. Improve
SyntaxError locations for an un-parenthesized generator
used as arguments. Patch by Matthieu Dartiailh.
- bpo-47182: Fix a crash when using a named unicode character
like "\N{digit nine}" after the main interpreter has been
initialized a second time.
- bpo-47117: Fix a crash if we fail to decode characters in
interactive mode if the tokenizer buffers are
uninitialized. Patch by Pablo Galindo.
- bpo-39829: Removed the __len__() call when initializing
a list and moved initializing to list_extend. Patch by
Jeremiah Pascual.
- bpo-46962: Classes and functions that unconditionally
declared their docstrings ignoring the
- -without-doc-strings compilation flag no longer do so.
- The classes affected are ctypes.UnionType,
pickle.PickleBuffer, testcapi.RecursingInfinitelyError, and
types.GenericAlias.
- The functions affected are 24 methods in ctypes.
- Patch by Oleg Iarygin.
- bpo-36819: Fix crashes in built-in encoders with error
handlers that return position less or equal than the
starting position of non-encodable characters.
- Library
- gh-93156: Accessing the pathlib.PurePath.parents sequence
of an absolute path using negative index values produced
incorrect results.
- gh-89973: Fix re.error raised in fnmatch if the pattern
contains a character range with upper bound lower than
lower bound (e.g. [c-a]). Now such ranges are interpreted
as empty ranges.
- gh-93010: In a very special case, the email package tried
to append the nonexistent InvalidHeaderError to the defect
list. It should have been InvalidHeaderDefect.
- gh-92839: Fixed crash resulting from calling
bisect.insort() or bisect.insort_left() with the key
argument not equal to None.
- gh-91581: utcfromtimestamp() no longer attempts to resolve
fold in the pure Python implementation, since the fold is
never 1 in UTC. In addition to being slightly faster in the
common case, this also prevents some errors when the
timestamp is close to datetime.min. Patch by Paul Ganssle.
- gh-92530: Fix an issue that occurred after interrupting
threading.Condition.notify().
- gh-92049: Forbid pickling constants re._constants.SUCCESS
etc. Previously, pickling did not fail, but the result
could not be unpickled.
- bpo-47029: Always close the read end of the pipe used by
multiprocessing.Queue after the last write of buffered data
to the write end of the pipe to avoid BrokenPipeError at
garbage collection and at multiprocessing.Queue.close()
calls. Patch by Géry Ogam.
- gh-91401: Provide a fail-safe way to disable subprocess use
of vfork() via a private subprocess._USE_VFORK attribute.
While there is currently no known need for this, if you
find a need please only set it to False. File a CPython
issue as to why you needed it and link to that from
a comment in your code. This attribute is documented as
a footnote in 3.11.
- gh-91910: Add missing f prefix to f-strings in error
messages from the multiprocessing and asyncio modules.
- gh-91810: ElementTree method write() and function
tostring() now use the text file’s encoding (“UTF-8†if not
available) instead of locale encoding in XML declaration
when encoding="unicode" is specified.
- gh-91832: Add required attribute to argparse.Action repr
output.
- gh-91700: Compilation of regular expression containing
a conditional expression (?(group)...) now raises an
appropriate re.error if the group number refers to not
defined group. Previously an internal RuntimeError was
raised.
- gh-91676: Fix unittest.IsolatedAsyncioTestCase to shutdown
the per test event loop executor before returning from its
run method so that a not yet stopped or garbage collected
executor state does not persist beyond the test.
- gh-90568: Parsing \N escapes of Unicode Named Character
Sequences in a regular expression raises now re.error
instead of TypeError.
- gh-91595: Fix the comparison of character and integer
inside Tools.gdb.libpython.write_repr(). Patch by Yu Liu.
- gh-90622: Worker processes for
concurrent.futures.ProcessPoolExecutor are no longer
spawned on demand (a feature added in 3.9) when the
multiprocessing context start method is "fork" as that can
lead to deadlocks in the child processes due to a fork
happening while threads are running.
- gh-91575: Update case-insensitive matching in the re module
to the latest Unicode version.
- gh-91581: Remove an unhandled error case in the
C implementation of calls to datetime.fromtimestamp with no
time zone (i.e. getting a local time from an epoch
timestamp). This should have no user-facing effect other
than giving a possibly more accurate error message when
called with timestamps that fall on 10000-01-01 in the
local time. Patch by Paul Ganssle.
- bpo-47260: Fix os.closerange() potentially being a no-op in
a Linux seccomp sandbox.
- bpo-39064: zipfile.ZipFile now raises zipfile.BadZipFile
instead of ValueError when reading a corrupt zip file in
which the central directory offset is negative.
- bpo-47151: When subprocess tries to use vfork, it now falls
back to fork if vfork returns an error. This allows use in
situations where vfork isn’t allowed by the OS kernel.
- bpo-27929: Fix asyncio.loop.sock_connect() to only resolve
names for socket.AF_INET or socket.AF_INET6 families.
Resolution may not make sense for other families, like
socket.AF_BLUETOOTH and socket.AF_UNIX.
- bpo-43323: Fix errors in the email module if the charset
itself contains undecodable/unencodable characters.
- bpo-47101: hashlib.algorithms_available now lists only
algorithms that are provided by activated crypto providers
on OpenSSL 3.0. Legacy algorithms are not listed unless the
legacy provider has been loaded into the default OSSL
context.
- bpo-46787: Fix concurrent.futures.ProcessPoolExecutor
exception memory leak
- bpo-45393: Fix the formatting for await x and not x in the
operator precedence table when using the help() system.
- bpo-46415: Fix ipaddress.ip_{address,interface,network}
raising TypeError instead of ValueError if given invalid
tuple as address parameter.
- bpo-28249: Set doctest.DocTest.lineno to None when object
does not have __doc__.
- bpo-45138: Fix a regression in the sqlite3 trace callback
where bound parameters were not expanded in the passed
statement string. The regression was introduced in Python
3.10 by bpo-40318. Patch by Erlend E. Aasland.
- bpo-44493: Add missing terminated NUL in sockaddr_un’s
length
- This was potentially observable when using non-abstract
AF_UNIX datagram sockets to processes written in another
programming language.
- bpo-42627: Fix incorrect parsing of Windows registry proxy
settings
- bpo-36073: Raise ProgrammingError instead of segfaulting on
recursive usage of cursors in sqlite3 converters. Patch by
Sergey Fedoseev.
- Documentation
- gh-86438: Clarify that -W and PYTHONWARNINGS are matched
literally and case-insensitively, rather than as regular
expressions, in warnings.
- gh-92240: Added release dates for “What’s New in Python
3.X†for 3.0, 3.1, 3.2, 3.8 and 3.10
- gh-91888: Add a new gh role to the documentation to link to
GitHub issues.
- gh-91783: Document security issues concerning the use of
the function shutil.unpack_archive()
- gh-91547: Remove “Undocumented modules†page.
- bpo-44347: Clarify the meaning of dirs_exist_ok, a kwarg of
shutil.copytree().
- bpo-38668: Update the introduction to documentation for
os.path to remove warnings that became irrelevant after the
implementations of PEP 383 and PEP 529.
- bpo-47138: Pin Jinja to a version compatible with Sphinx
version 3.2.1.
- bpo-46962: All docstrings in code snippets are now wrapped
into PyDoc_STR() to follow the guideline of PEP 7’s
Documentation Strings paragraph. Patch by Oleg Iarygin.
- bpo-26792: Improve the docstrings of runpy.run_module() and
runpy.run_path(). Original patch by Andrew Brezovsky.
- bpo-40838: Document that inspect.getdoc(),
inspect.getmodule(), and inspect.getsourcefile() might
return None.
- bpo-45790: Adjust inaccurate phrasing in Defining Extension
Types: Tutorial about the ob_base field and the macros used
to access its contents.
- bpo-42340: Document that in some circumstances
KeyboardInterrupt may cause the code to enter an
inconsistent state. Provided a sample workaround to avoid
it if needed.
- bpo-41233: Link the errnos referenced in
Doc/library/exceptions.rst to their respective section in
Doc/library/errno.rst, and vice versa. Previously this was
only done for EINTR and InterruptedError. Patch by Yan
“yyyyyyyan†Orestes.
- bpo-38056: Overhaul the Error Handlers documentation in
codecs.
- bpo-13553: Document tkinter.Tk args.
- Tests
- gh-92886: Fixing tests that fail when running with
optimizations (-O) in test_imaplib.py.
- gh-92670: Skip
test_shutil.TestCopy.test_copyfile_nonexistent_dir test on
AIX as the test uses a trailing slash to force the OS
consider the path as a directory, but on AIX the trailing
slash has no effect and is considered as a file.
- gh-91904: Fix initialization of
PYTHONREGRTEST_UNICODE_GUARD which prevented running
regression tests on non-UTF-8 locale.
- gh-91607: Fix test_concurrent_futures to test the correct
multiprocessing start method context in several cases where
the test logic mixed this up.
- bpo-47205: Skip test for sched_getaffinity() and
sched_setaffinity() error case on FreeBSD.
- bpo-47104: Rewrite asyncio.to_thread() tests to use
unittest.IsolatedAsyncioTestCase.
- bpo-29890: Add tests for ipaddress.IPv4Interface and
ipaddress.IPv6Interface construction with tuple arguments.
Original patch and tests by louisom.
- Tools/Demos
- gh-91583: Fix regression in the code generated by Argument
Clinic for functions with the defining_class parameter.
++++ python310:
- Update to 3.10.5:
- Core and Builtins
- gh-93418: Fixed an assert where an f-string has an equal
sign ‘=’ following an expression, but there’s no trailing
brace. For example, fâ€{i=â€.
- gh-91924: Fix __ltrace__ debug feature if the stdout
encoding is not UTF-8. Patch by Victor Stinner.
- gh-93061: Backward jumps after async for loops are no
longer given dubious line numbers.
- gh-93065: Fix contextvars HAMT implementation to handle
iteration over deep trees.
- The bug was discovered and fixed by Eli Libman. See
MagicStack/immutables#84 for more details.
- gh-92311: Fixed a bug where setting frame.f_lineno to jump
over a list comprehension could misbehave or crash.
- gh-92112: Fix crash triggered by an evil custom mro() on
a metaclass.
- gh-92036: Fix a crash in subinterpreters related to the
garbage collector. When a subinterpreter is deleted,
untrack all objects tracked by its GC. To prevent a crash
in deallocator functions expecting objects to be tracked by
the GC, leak a strong reference to these objects on
purpose, so they are never deleted and their deallocator
functions are not called. Patch by Victor Stinner.
- gh-91421: Fix a potential integer overflow in
_Py_DecodeUTF8Ex.
- bpo-47212: Raise IndentationError instead of SyntaxError
for a bare except with no following indent. Improve
SyntaxError locations for an un-parenthesized generator
used as arguments. Patch by Matthieu Dartiailh.
- bpo-47182: Fix a crash when using a named unicode character
like "\N{digit nine}" after the main interpreter has been
initialized a second time.
- bpo-47117: Fix a crash if we fail to decode characters in
interactive mode if the tokenizer buffers are
uninitialized. Patch by Pablo Galindo.
- bpo-39829: Removed the __len__() call when initializing
a list and moved initializing to list_extend. Patch by
Jeremiah Pascual.
- bpo-46962: Classes and functions that unconditionally
declared their docstrings ignoring the
- -without-doc-strings compilation flag no longer do so.
- The classes affected are ctypes.UnionType,
pickle.PickleBuffer, testcapi.RecursingInfinitelyError, and
types.GenericAlias.
- The functions affected are 24 methods in ctypes.
- Patch by Oleg Iarygin.
- bpo-36819: Fix crashes in built-in encoders with error
handlers that return position less or equal than the
starting position of non-encodable characters.
- Library
- gh-93156: Accessing the pathlib.PurePath.parents sequence
of an absolute path using negative index values produced
incorrect results.
- gh-89973: Fix re.error raised in fnmatch if the pattern
contains a character range with upper bound lower than
lower bound (e.g. [c-a]). Now such ranges are interpreted
as empty ranges.
- gh-93010: In a very special case, the email package tried
to append the nonexistent InvalidHeaderError to the defect
list. It should have been InvalidHeaderDefect.
- gh-92839: Fixed crash resulting from calling
bisect.insort() or bisect.insort_left() with the key
argument not equal to None.
- gh-91581: utcfromtimestamp() no longer attempts to resolve
fold in the pure Python implementation, since the fold is
never 1 in UTC. In addition to being slightly faster in the
common case, this also prevents some errors when the
timestamp is close to datetime.min. Patch by Paul Ganssle.
- gh-92530: Fix an issue that occurred after interrupting
threading.Condition.notify().
- gh-92049: Forbid pickling constants re._constants.SUCCESS
etc. Previously, pickling did not fail, but the result
could not be unpickled.
- bpo-47029: Always close the read end of the pipe used by
multiprocessing.Queue after the last write of buffered data
to the write end of the pipe to avoid BrokenPipeError at
garbage collection and at multiprocessing.Queue.close()
calls. Patch by Géry Ogam.
- gh-91401: Provide a fail-safe way to disable subprocess use
of vfork() via a private subprocess._USE_VFORK attribute.
While there is currently no known need for this, if you
find a need please only set it to False. File a CPython
issue as to why you needed it and link to that from
a comment in your code. This attribute is documented as
a footnote in 3.11.
- gh-91910: Add missing f prefix to f-strings in error
messages from the multiprocessing and asyncio modules.
- gh-91810: ElementTree method write() and function
tostring() now use the text file’s encoding (“UTF-8†if not
available) instead of locale encoding in XML declaration
when encoding="unicode" is specified.
- gh-91832: Add required attribute to argparse.Action repr
output.
- gh-91700: Compilation of regular expression containing
a conditional expression (?(group)...) now raises an
appropriate re.error if the group number refers to not
defined group. Previously an internal RuntimeError was
raised.
- gh-91676: Fix unittest.IsolatedAsyncioTestCase to shutdown
the per test event loop executor before returning from its
run method so that a not yet stopped or garbage collected
executor state does not persist beyond the test.
- gh-90568: Parsing \N escapes of Unicode Named Character
Sequences in a regular expression raises now re.error
instead of TypeError.
- gh-91595: Fix the comparison of character and integer
inside Tools.gdb.libpython.write_repr(). Patch by Yu Liu.
- gh-90622: Worker processes for
concurrent.futures.ProcessPoolExecutor are no longer
spawned on demand (a feature added in 3.9) when the
multiprocessing context start method is "fork" as that can
lead to deadlocks in the child processes due to a fork
happening while threads are running.
- gh-91575: Update case-insensitive matching in the re module
to the latest Unicode version.
- gh-91581: Remove an unhandled error case in the
C implementation of calls to datetime.fromtimestamp with no
time zone (i.e. getting a local time from an epoch
timestamp). This should have no user-facing effect other
than giving a possibly more accurate error message when
called with timestamps that fall on 10000-01-01 in the
local time. Patch by Paul Ganssle.
- bpo-47260: Fix os.closerange() potentially being a no-op in
a Linux seccomp sandbox.
- bpo-39064: zipfile.ZipFile now raises zipfile.BadZipFile
instead of ValueError when reading a corrupt zip file in
which the central directory offset is negative.
- bpo-47151: When subprocess tries to use vfork, it now falls
back to fork if vfork returns an error. This allows use in
situations where vfork isn’t allowed by the OS kernel.
- bpo-27929: Fix asyncio.loop.sock_connect() to only resolve
names for socket.AF_INET or socket.AF_INET6 families.
Resolution may not make sense for other families, like
socket.AF_BLUETOOTH and socket.AF_UNIX.
- bpo-43323: Fix errors in the email module if the charset
itself contains undecodable/unencodable characters.
- bpo-47101: hashlib.algorithms_available now lists only
algorithms that are provided by activated crypto providers
on OpenSSL 3.0. Legacy algorithms are not listed unless the
legacy provider has been loaded into the default OSSL
context.
- bpo-46787: Fix concurrent.futures.ProcessPoolExecutor
exception memory leak
- bpo-45393: Fix the formatting for await x and not x in the
operator precedence table when using the help() system.
- bpo-46415: Fix ipaddress.ip_{address,interface,network}
raising TypeError instead of ValueError if given invalid
tuple as address parameter.
- bpo-28249: Set doctest.DocTest.lineno to None when object
does not have __doc__.
- bpo-45138: Fix a regression in the sqlite3 trace callback
where bound parameters were not expanded in the passed
statement string. The regression was introduced in Python
3.10 by bpo-40318. Patch by Erlend E. Aasland.
- bpo-44493: Add missing terminated NUL in sockaddr_un’s
length
- This was potentially observable when using non-abstract
AF_UNIX datagram sockets to processes written in another
programming language.
- bpo-42627: Fix incorrect parsing of Windows registry proxy
settings
- bpo-36073: Raise ProgrammingError instead of segfaulting on
recursive usage of cursors in sqlite3 converters. Patch by
Sergey Fedoseev.
- Documentation
- gh-86438: Clarify that -W and PYTHONWARNINGS are matched
literally and case-insensitively, rather than as regular
expressions, in warnings.
- gh-92240: Added release dates for “What’s New in Python
3.X†for 3.0, 3.1, 3.2, 3.8 and 3.10
- gh-91888: Add a new gh role to the documentation to link to
GitHub issues.
- gh-91783: Document security issues concerning the use of
the function shutil.unpack_archive()
- gh-91547: Remove “Undocumented modules†page.
- bpo-44347: Clarify the meaning of dirs_exist_ok, a kwarg of
shutil.copytree().
- bpo-38668: Update the introduction to documentation for
os.path to remove warnings that became irrelevant after the
implementations of PEP 383 and PEP 529.
- bpo-47138: Pin Jinja to a version compatible with Sphinx
version 3.2.1.
- bpo-46962: All docstrings in code snippets are now wrapped
into PyDoc_STR() to follow the guideline of PEP 7’s
Documentation Strings paragraph. Patch by Oleg Iarygin.
- bpo-26792: Improve the docstrings of runpy.run_module() and
runpy.run_path(). Original patch by Andrew Brezovsky.
- bpo-40838: Document that inspect.getdoc(),
inspect.getmodule(), and inspect.getsourcefile() might
return None.
- bpo-45790: Adjust inaccurate phrasing in Defining Extension
Types: Tutorial about the ob_base field and the macros used
to access its contents.
- bpo-42340: Document that in some circumstances
KeyboardInterrupt may cause the code to enter an
inconsistent state. Provided a sample workaround to avoid
it if needed.
- bpo-41233: Link the errnos referenced in
Doc/library/exceptions.rst to their respective section in
Doc/library/errno.rst, and vice versa. Previously this was
only done for EINTR and InterruptedError. Patch by Yan
“yyyyyyyan†Orestes.
- bpo-38056: Overhaul the Error Handlers documentation in
codecs.
- bpo-13553: Document tkinter.Tk args.
- Tests
- gh-92886: Fixing tests that fail when running with
optimizations (-O) in test_imaplib.py.
- gh-92670: Skip
test_shutil.TestCopy.test_copyfile_nonexistent_dir test on
AIX as the test uses a trailing slash to force the OS
consider the path as a directory, but on AIX the trailing
slash has no effect and is considered as a file.
- gh-91904: Fix initialization of
PYTHONREGRTEST_UNICODE_GUARD which prevented running
regression tests on non-UTF-8 locale.
- gh-91607: Fix test_concurrent_futures to test the correct
multiprocessing start method context in several cases where
the test logic mixed this up.
- bpo-47205: Skip test for sched_getaffinity() and
sched_setaffinity() error case on FreeBSD.
- bpo-47104: Rewrite asyncio.to_thread() tests to use
unittest.IsolatedAsyncioTestCase.
- bpo-29890: Add tests for ipaddress.IPv4Interface and
ipaddress.IPv6Interface construction with tuple arguments.
Original patch and tests by louisom.
- Tools/Demos
- gh-91583: Fix regression in the code generated by Argument
Clinic for functions with the defining_class parameter.
------------------------------------------------------------------
------------------ 2022-6-5 - Jun 5 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- removed libkms BuildRequires, since it has been dropped from
libdrm
++++ Mesa-drivers:
- removed libkms BuildRequires, since it has been dropped from
libdrm
++++ iproute2:
- update to 5.18:
This is the release of iproute2 corresponding to the 5.18 kernel.
There are not many new features in this release.
* The build issues with libbpf should be fixed now.
* Building with clang is now supported.
* There are still some warnings with gcc-12 that will need to be
fixed in the upstream kernel headers.
------------------------------------------------------------------
------------------ 2022-6-4 - Jun 4 2022 -------------------
------------------------------------------------------------------
++++ lua54:
- Added more numbered patches from upstream:
* luabugs3.patch
* luabugs4.patch (bsc#1201146, CVE-2022-33099)
* luabugs5.patch
++++ python-Jinja2:
- update to 3.1.2:
* Add parameters to ``Environment.overlay`` to match ``__init__``.
* Handle race condition in ``FileSystemBytecodeCache``. :issue:`1654`
------------------------------------------------------------------
------------------ 2022-6-3 - Jun 3 2022 -------------------
------------------------------------------------------------------
++++ k3s-install:
- Ensure k3s-selinux is required, instead of container-selinux.
++++ kernel-default:
- Remove mistakenly enabled CONFIG_JBD2_DEBUG.
- commit 7534680
++++ libdrm:
- update to 2.4.111
* bugfixes
* drops libkms
- added tegra-* tools on aarch64 to spefile
++++ patterns-alp:
- Add k3s-selinux until fixed k3s-install pulls it.
- Preinstall k3s-install.
- No long requires haveged (boo#1190024): The mainline Linux
Kernel has now HAVEGED algorithm build in internally (since
version 5.6).
++++ toolbox:
- Update to version 2.3+git20220603.bbeda2e:
* Allow to choose runtime and try to retain the user's groups
* (Try to) Avoid problems when packages touching bind mounts are upgraded
* Try to make sure that (some) foreign distro images (kind of) work as toolboxes
* Do not stop a toolbox with something running inside
* Exit if neither podman or docker are usable
* Support passing just the name of the container to create and enter command
* Fix cleanup logic and make toolbox start a little less verbose
* Always pull when creating a new toolbox
* Add a "more sandboxing" mode
------------------------------------------------------------------
------------------ 2022-6-2 - Jun 2 2022 -------------------
------------------------------------------------------------------
++++ ALP-build-key:
- Initial key package for ALP
++++ Mesa:
- Update to 22.1.1
* first bugfix release
- supersedes U_llvmpipe-flush-resources-for-kms-swrast-path.patch
++++ Mesa-drivers:
- Update to 22.1.1
* first bugfix release
- supersedes U_llvmpipe-flush-resources-for-kms-swrast-path.patch
++++ openssl-1_1:
- Update to 1.1.1o: [CVE-2022-1292, bsc#1199166]
* Fixed a bug in the c_rehash script which was not properly sanitising
shell metacharacters to prevent command injection.
* Rebased openssl-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch
* Rebased openssl-s390x-assembly-pack-add-support-for-pcc-and-kma-inst.patch
- Added openssl-update_expired_certificates.patch
* Openssl failed tests because of expired certificates.
* bsc#1185637
* Sourced from https://github.com/openssl/openssl/pull/18446/commits
++++ ceph:
- Update to ceph-16.2.9-58-ge2e5cb80063:
+ (bsc#1200064, pr#480) Remove last vestiges of docker.io image paths
++++ snapper:
- added generic plugin support (gh#openSUSE/snapper#727)
++++ unbound:
- update to 1.16.0
* Features
- Merge PR #604: Add basic support for EDE (RFC8914).
* Bug Fixes
- Fix #412: cache invalidation issue with CNAME+A.
- Fix that TCP interface does not use TLS when TLS is also configured.
- Fix #624: Unable to stop Unbound in Windows console (does not
respond to CTRL+C command).
- Fix #618: enabling interface-automatic disables DNS-over-TLS.
Adds the option to list interface-automatic-ports.
- Remove debug info from #618 fix.
- Fix #628: A rpz-passthru action is not ending RPZ zone processing.
- Fix for #628: fix rpz-passthru for qname trigger by localzone type.
- Fix that address not available is squelched from the logs for
udp connect failures. It is visible on verbosity 4 and more.
- Merge #631 from mollyim: Replace OpenSSL's ERR_PACK with
ERR_GET_REASON.
- Fix to detect that no IPv6 support means that IPv6 addresses are
useless for delegation point lookups.
- update Makefile dependencies.
- Fix check interface existence for support detection in remote lookup.
- Fix #633: Document unix domain socket support for unbound-control.
- Fix for #633: updated fix with new text.
- Fix edns client subnet to add the option based on the option list,
so that it is not state dependent, after the state fix of #605 for
double EDNS options.
- Fix for edns client subnet option add fix in removal code, from review.
- Fix #630: Unify the RPZ log messages.
- Merge #623 from rex4539: Fix typos.
- Fix pythonmod for change in iter_dp_is_useless function prototype.
- Fix compile warnings for printf ll format on mingw compile.
- Merge PR #632 from scottrw93: Match cnames in ipset.
- Various fixes for #632: variable initialisation, convert the qinfo
to str once, accept trailing dot in the local-zone ipset option.
- Fix #637: Integer Overflow in sldns_str2period function.
- Fix for #637: fix integer overflow checks in sldns_str2period.
- Fix configure for python to use sysutils, because distutils is
deprecated. It uses sysutils when available, distutils otherwise.
- Merge #644: Make `install-lib` make target install the pkg-config
file.
- Fix to ensure uniform handling of spaces and tabs when parsing RRs.
- Fix to describe auth-zone and other configuration at the local-zone
configuration option, to allow for more broadly view of the options.
- Merge PR #648 from eaglegai: fix -q doesn't work when use with
'unbound-control stats_shm'.
- Fix #651: [FR] Better logging for refused queries.
- Fix spelling error in comment in sldns_str2wire_svcparam_key_lookup.
- Fix zonemd check to allow unsupported algorithms to load.
If there are only unsupported algorithms, or unsupported schemes,
and no failed or successful other ZONEMD records, or malformed
or bad ZONEMD records, the unsupported records allow the zone load.
- Fix zonemd unsupported algo check.
- Fix zonemd unsupported algo check reason to not copy to next record,
and check for success for debug printout.
- Fix zonemd unsupported algo check to print unsupported reason before
zeroing it.
- Fix zonemd unsupported algo check to set reason to NULL before the
check routine, but after malformed checks, to get the correct NULL
output when the digest matches.
- Fix #670: SERVFAIL problems with unbound 1.15.0 running on
OpenBSD 7.1.
- Fix Python build in non-source directory; based on patch by
Michael Tokarev.
- Fix #673: DNS over TLS: error: SSL_handshake syscall: No route to
host.
- Merge #677: Allow using system certificates not only on Windows,
from pemensik.
- For #677: Added tls-system-cert to config parser and documentation.
- Fix #417: prefetch and ECS causing cache corruption when used
together.
- Fix #678: [FR] modify behaviour of unbound-control rpz_enable zone,
by updating unbound-control's documentation.
- Fix typos in config_set_option for the 'num-threads' and
'ede-serve-expired' options.
- Fix to silence test for ede error output to the console from the
test setup script.
- Fix ede test to not use default pidfile, and use local interface.
- Fix some lint type warnings.
- Fix #684: [FTBS] configure script error with libmnl on openSUSE 15.3
(and possibly other distributions)
++++ patterns-alp:
- Requires ALP-build-key.
++++ suse-module-tools:
- Update to version 16.0.20:
* Bump version to 16.0.20
* driver-check.sh: avoid false positive error messages (boo#1200107)
* don't hardcode /boot for kernel-related files (boo#1199873)
* spec file: use "install -p" consistently
++++ xkeyboard-config:
- U_Fixes-regression-from-c3c5d02-were-mistakenly-replac.patch
* Regression fixed from
c3c5d02rules: sort the names of multimedia keyboards alphabetically
"\" at the end of line were mistakenly replacd by "/"
- Update to version 2.36
* bugfixes
* removed autotools support :-(
- switched to meson
------------------------------------------------------------------
------------------ 2022-6-1 - Jun 1 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- Add patch to fix glitches with KMS (boo#1199885):
* U_llvmpipe-flush-resources-for-kms-swrast-path.patch
++++ Mesa-drivers:
- Add patch to fix glitches with KMS (boo#1199885):
* U_llvmpipe-flush-resources-for-kms-swrast-path.patch
++++ hwdata:
- Update to version 0.360 (bsc#1200110):
+ Updated pci, usb and vendor ids.
++++ kernel-default:
- iommu/amd: Increase timeout waiting for GA log enablement
(bsc#1199052).
- commit dfccb72
- iommu/amd: Increase timeout waiting for GA log enablement
(bsc#1199052).
- commit 0578d76
- KVM: x86: avoid calling x86 emulator without a decoded
instruction (CVE-2022-1852 bsc#1199875).
- commit b4b07c8
- KVM: x86: avoid calling x86 emulator without a decoded
instruction (CVE-2022-1852 bsc#1199875).
- commit 01a406d
++++ alsa:
- Update to version 1.2.7:
more extended UCM API, PCM rate,multi,direct plugin fixes and
enhancements, compilation fixes, etc. For details see:
https://www.alsa-project.org/wiki/Changes_v1.2.6.3_v1.2.7#alsa-lib
++++ parted:
- use static keyring file (and switch to the release team keyring)
++++ systemd:
- Upgrade to v251.2 (commit 949d6bb7201dd48167ee9716ed6278764d1f4c0f)
See https://github.com/openSUSE/systemd/blob/SUSE/v251/NEWS for
details.
This includes the following bug fixes:
- upstream commit e6b169418369abbc88c8f622e02e1d704a23d4ef (bsc#1137373 bsc#1181658 bsc#1194708 bsc#1195157 bsc#1197570)
* Rebased 0001-conf-parser-introduce-early-drop-ins.patch
* systemd-testsuite now requires python3-pexpect due to TEST-69-SHUTDOWN
relying on this module.
* sysusers.d/systemd-network.conf has been moved to systemd-network
sub-package since the tmpfiles configuration snippets for networkd has also
been moved to this sub-package.
++++ libvirt:
- Update to libvirt 8.4.0
- Many incremental improvements and bug fixes, see
https://libvirt.org/news.html#v8-4-0-2022-06-01
++++ pam:
- Move PAM config files from /usr/etc/pam.d to /usr/lib/pam.d
++++ patterns-base:
- No long recommend haveged (boo#1190024): The mainline Linux
Kernel has now HAVEGED algorithm build in internally (since
version 5.6).
++++ python-libvirt-python:
- Update to 8.4.0
- Add all new APIs and constants in libvirt 8.4.0
++++ python-pyOpenSSL:
- Shift BuildRequires on openssl, it's only required for tests.
------------------------------------------------------------------
------------------ 2022-5-31 - May 31 2022 -------------------
------------------------------------------------------------------
++++ glib2:
- Update to version 2.72.2:
+ Bugs fixed: glgo#GNOME/GLib#2640, glgo#GNOME/GLib!2605,
glgo#GNOME/GLib!2616, glgo#GNOME/GLib!2629,
glgo#GNOME/GLib!2643, glgo#GNOME/GLib!2644,
glgo#GNOME/GLib!2662, glgo#GNOME/GLib!2691.
+ Updated translations.
++++ grub2:
- Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581)
* 0001-video-Remove-trailing-whitespaces.patch
* 0002-loader-efi-chainloader-Simplify-the-loader-state.patch
* 0003-commands-boot-Add-API-to-pass-context-to-loader.patch
- Fix CVE-2022-28736 (bsc#1198496)
* 0004-loader-efi-chainloader-Use-grub_loader_set_ex.patch
- Fix CVE-2022-28735 (bsc#1198495)
* 0005-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch
* 0006-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch
* 0007-video-readers-png-Abort-sooner-if-a-read-operation-f.patch
* 0008-video-readers-png-Refuse-to-handle-multiple-image-he.patch
- Fix CVE-2021-3695 (bsc#1191184)
* 0009-video-readers-png-Drop-greyscale-support-to-fix-heap.patch
- Fix CVE-2021-3696 (bsc#1191185)
* 0010-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch
* 0011-video-readers-png-Sanity-check-some-huffman-codes.patch
* 0012-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch
* 0013-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch
* 0014-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch
- Fix CVE-2021-3697 (bsc#1191186)
* 0015-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch
* 0016-normal-charset-Fix-array-out-of-bounds-formatting-un.patch
- Fix CVE-2022-28733 (bsc#1198460)
* 0017-net-ip-Do-IP-fragment-maths-safely.patch
* 0018-net-netbuff-Block-overly-large-netbuff-allocs.patch
* 0019-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch
* 0020-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch
* 0021-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch
* 0022-net-tftp-Avoid-a-trivial-UAF.patch
* 0023-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch
- Fix CVE-2022-28734 (bsc#1198493)
* 0024-net-http-Fix-OOB-write-for-split-http-headers.patch
- Fix CVE-2022-28734 (bsc#1198493)
* 0025-net-http-Error-out-on-headers-with-LF-without-CR.patch
* 0026-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch
* 0027-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch
* 0028-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch
* 0029-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch
* 0030-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch
* 0031-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch
* 0032-Use-grub_loader_set_ex-for-secureboot-chainloader.patch
- Bump grub's SBAT generation to 2
- Use boot disks in OpenFirmware, fixing regression caused by
0001-ieee1275-implement-FCP-methods-for-WWPN-and-LUNs.patch, when
the root LV is completely in the boot LUN (bsc#1197948)
* 0001-ofdisk-improve-boot-time-by-lookup-boot-disk-first.patch
++++ k3s-install:
- Drop inform-user-of-current-k3s-SELinux-support.patch, no longer
needed.
- Add dependency on container-selinux.
- Drop dependencies on containerd, cni-plugins, conntrack-tools,
runc packages since k3s ships its own stack.
- Update to version 1.23.6+k3s1:
* Fix issue with datastore corruption on cluster-reset (#5515)
* Bump containerd for selinux fix (#5507)
* Secrets Encryption: Add RetryOnConflict around updating nodes (#5495)
* Fix issue with long-running apiserver endpoints watch (#5478)
* Update Kubernetes to v1.23.6 (#5477)
* Fix default ipv6 cidr (#5467)
* E2E Validation Improvements (#5444)
* Add s390x arch support for k3s (#5018)
* Bump etcd to 3.5.3-k3s1
* Move IPv4/v6 selection into helpers
* Fix issue with RKE2 servers hanging on listing apiserver addresses
* Print a helpful error when trying to join additional servers but etcd is not in use
* Use core constants for cert user/group values
* Bump containerd to v1.5.11-k3s1
* Added option to deploy hardened k3s (#5415)
* Added support for repeated extra arguments
* update sonobuoy to 0.56.4 (#5419)
* Bump Reencryption Test timeout, improve comments (#5431)
* Added default endpoint for IPv6
* Update golangci-lint to 1.45.2
* fixes and updates to jenkinsfile (#5370)
* Fixed flannel backend helper text
* update trivy to 0.25.3
* fix: non-idiomatic returning of boolean expression (#5343)
* Add certificate rotation integration tests (#5393)
* Update helm-controller version
* Move the apiserver addresses controller into the etcd package
* Updated wireguard-native options and added log message
* Added new flannel backend to use wireguard from flannel
* Fix crash on early snapshot
* Don't print password conversion rate
* Allow agents to query non-apiserver supervisors for apiserver endpoints
* Add client certificate authentication support to core Authenticator
* Redact datastore and etcd snapshot config from serialization
* netpol: Add dual-stack support
* Allow using flannel wireguard backend in a custom config
* Fixed http URL on etcd
* Fixed loadbalancer in case of IPv6 addresses
* Fixed etcd register
* Fixed client URL
* Skip setting up client tls when etcd server does not have tls enabled
* add a wrapper around the containerd.New call to fix and pass the proper npipe connector
* Updated localhost address on IPv6 only setup
* Defragment etcd datastore before clearing alarms
* Fix etcd-only secrets encryption rotation
* Properly attach secrets-encrypt events to the node resource
* Fix log spam due to servicelb event recorder namespace conflict
* Ensure that apiserver ready channel checks re-dial every time
* Fixed etcd URL in case of IPv6 address
* vagrant: Set mount options for NFS
* vagrant: Enable IPv6 and IP forwarding
* go generate
* Bump coredns to v1.9.1
* Update Kubernetes to v1.23.5-k3s1
* Refactor automation using terraform (#5268)
* Defer ensuring node passwords on etcd-only nodes during initial cluster bootstrap
* Replace CentOS 8 with Rocky Linux 8 for install testing (#5279)
* E2E Split Server Test (#5286)
* Handle empty entries in bootstrap path map
* Update helm-controller
* Track upstream changes to kubectl command execution
* Add cross-compilation as sanity check (#5255)
* Close additional leaked GPRC clients
* Testing directory and documentation rework. (#5256)
* Changed ipv6 config on flannel setup
* Added ipv6 only support with flannel
* fix function arg call (#5234)
* Populate EtcdConfig in runtime from datastore when etcd is disabled (#5222)
* Fixed log in case of ipv6 only config
* Added switch case to check netMode
* Fixed in case of empty address
* Updated flannel to 0.17
* Support MixedProtocolLBService and clean up Daemonsets on type change.
* Update Fossa API key variable to match what the plugin wants
* Bump containerd to v1.5.10-k3s1
* Mark 1.22.7 as stable (#5192)
* [master] changing package to k3s-io (#4846)
* servicelb pool selector
* Switch to drone-fossa plugin
* E2E Add external DB options to ValidateCluster test (#5157)
* Bootstrap the executor even when the agent is disabled
* Fix etcd-snapshot commands by making setup more consistent.
* Ignore cluster membership errors when reconciling from temp etcd
* Move temporary etcd startup into etcd module
* Wait for process to exit before returning from kill helper
* Add function to clear local alarms on etcd startup
* E2E secrets encryption test (#5144)
* Add http/2 support to API server (#5149)
* Disable ineffassign CI plugin for excessive false positives
* Fix adding etcd-only node to existing cluster
* Bump up github.com/containerd/stargz-snapshotter (v0.11.0) (#5032)
* Remove unnecessary copies of etcdconfig struct
* Remove unnecessary copies of runtime struct
* Fix cluster bootstrap test
* Add contributors documentation (#5154)
* Add `--json` flag for `k3s secrets-encrypt status` (#5127)
* add ability to specify etcd snapshot list output format (#5132)
* Create encryption hash file if it doesn't exist (#5140)
* Move testing lock from server creation to test start (#5155)
* Update to V1.23.4 k3s1 (#5135)
* Fix deploy controller resource deletion
* Fix annoying netpol log
* Add support for IPv6 only mode
* E2E Test Improvements (#5102)
* Migrate Ginkgo testing framework to V2, consolidate integration tests (#5097)
* Add k3s etcd restoration integration test (#5014)
* Remove the iptables rules from ipmasq flannel
* Fix cluster validation and add upgrade cluster test (#5020)
* Update CentOS 8 smoke vm's with vault repositories (#5092)
* netpol: Use kube-router as a library
* Check for `--kubeconfig` flag with embedded `kubectl` (#5064)
* Update legacy-unknown-cert and legacy-unknown-key (#5057)
* Bump K3s stable to v1.22.6 (#5050)
* Update versions:
* Fixes to Drone CI Stability (#4897)
* Add server flag to access nonlocal/nondefault k3s server (#5016)
* Update to v1.23.3 (#5027)
* Add Rocket.Chat to list of adopters (#5017)
* Move containerd wait into exported function
* Update to v1.23.2 (#4997)
* Add new upgradecluster E2E test (#4900)
* Update packaged components
* go generate
* Upgrade: metrics server version bump from v0.5.0 to v0.5.2
* Remove ip6table rules when cleaning up k3s
* Added debug log for IPv6 Masquerading rule
* Bump etcd and containerd to track upstream
* Skip CGroup v2 evac when agent is disabled
* Added flannel-ipv6-masq flag to enable IPv6 nat
* Added iptables masquerade rules for ipv6 on flannel
* Adds the ability to compress etcd snapshots (#4866)
* Enable logging on all subcommands (#4921)
* Move ClusterResetRestore handling ControlConfig setup
* Update building documentation for macOS (#4850)
* Add basic etcd join test
* Fix handling of agent-token fallback to token
* Fix use of agent creds for secrets-encrypt and config validate
* Don't skip the dev image when skipping airgap
* Fix a typo: advertise-up -> advertise-ip (#4827)
* Integration tests utilities improvements (#4832)
* Enable make generate to use dapper and standardize go and gzip versions (#4861)
* linter doesn't actually run on windows, found these while getting it running on a windows machine
* Update channel.yaml for 1.23
* Export default parser
* Require integration test to be run as sudo/root (#4824)
* Fix cgroup smoke test (#4823)
* Update golang
* Update modules for Kubernetes v1.23
* Add tests to use vagrantfile (#4722)
* Bump stable to v1.22.5+k3s1 (#4821)
* package rename wasnt approved yet, backing out cruft that snuck into last pr
* Fix panic checking name of uninitialized etcd member
* Add etcd sonobuoy tests
* Add variable to enforce max test concurrency
* Fix previous channel detection
* More codespell ignores
* Update bootstrap logic to output all changed files on disk (#4800)
* delete vendor dir
* code changes to drop the vendor dir
* Move flannel logs to logrus
* Close agentReady channel only in k3s (#4792)
* Close etcd clients to avoid leaking GRPC connections
* Remove Disables, Skips and DisableKubeProxy from the comparing configs
* Add initial skeleton ADOPTERS.md to better track large use cases (#4764)
* Add ADR
* Build standalone containerd
* Build script cleanups
* Bump k3s-root to v0.10.1
* Fix cold boot and reconcilation on secondary servers (#4747)
* docs: adrs: Dual-stack in network policy agent
* Fix snapshot restoration on fresh nodes (#4737)
* Resolve Bootstrap Migration Edge Case (#4730)
* Add in docs/adr to ensure we capture decisions properly during design calls (#4707)
* Resolve restore bootstrap (#4704)
* Update wharfie usage in windows code path
* [master] Add validation to certificate rotation (#4692)
* Bump runc to v1.0.3
* Add `SKIP_AIRGAP` enviroment variable for make (#4688)
* Include node-external-ip in serving-kubelet.crt SANs (#4620)
* Secrets-encryption rotation (#4372)
* Check HA network parameters
* Bump wharfie to v0.5.1 and use shared decompression code
* bump kine to v0.8.1
* Update dynamiclistener
* Nighlty automation vagrant rework (#4574)
* Bump stable to v1.21.7+k3s1 (#4636)
* Add cert rotation command (#4495)
* Update maintainers list (#4622)
* Improved cleanup for etcd unit test (#4537)
* etcd snapshot functionality enhancements (#4453)
* go generate
* Add package version to traefik helm chart
* Improve flannel logging
* [master] Bump golang and containerd (#4538)
* [master] Bump Kubernetes to v1.22.4-k3s1 (#4536)
* Fix regression with cluster reset (#4521)
* Improved regex for double equals arguments (#4505)
* Removed value from warning about skipping flags (#4491)
* tests/vagrant: refactor vagrant smoke tests (#4484)
* [master] Add etcd extra args support for K3s (#4463)
* Feature: Add CoreDNS Customization Options
* Fix to allow etcd-snapshot to use config file with flags that are only used with k3s server. (#4464)
* Increase agent's apiserver ready timeout (#4454)
* go generate
* Add dashboard annotations to Traefik helm chart
* Allow svclb pod to enable ipv6 forwarding
* update bootstrap logic (#4438)
* Corrected skip check for dualstack on CI (#4427)
* install: /usr/sbin/transactional-update (#4403)
* Match to last After keyword for parser (#4383)
* Replace gzip with pigz for faster builds (#4411)
* Remove unit tests from drone CI (#4424)
* [master] updating to new signals package in wrangler (#4399)
* install.sh: fix path detection for sle-micro (#4398)
* containerd: v1.5.7-k3s2 (#4387)
* Bump klipper-lb image for arm fix
* Update k3s CI to run all integration tests (#4358)
* Enable Epics Action to automatically check off child issues in an epic (#4353)
* refactor: Use plain channel send or receive
* Fix log/reap reexec
* containerd/cri: enable the btrfs snapshotter (#4316)
* Fix other uses of NewForConfigOrDie in contexts where we could return err
* Watch the local Node object instead of get/sleep looping
* Block scheduler startup on untainted node when using embedded CCM
* install.sh: initial support for sle-micro (#4331)
* Update to v1.22.3 (#4354)
* K3s Integration test fixes (#4341)
* Update peer address when running cluster-reset
* reset buffer after use (#4279)
* Bump klipper-helm version
* Added configuration input to etcd-snapshot (#4280)
* install.sh: capture quoted environment variables (#4275)
* Update to the newest flannel
* Bump klog fork version
* set duration to second (#4231)
* Add etcd s3 timeout (#4207)
* Copy old bootstrap buffer data for use during migration (#4215)
* Fix race condition in cloud provider
* Add containerd ready channel to delay etcd node join
* maintainers: add Manuel and Michal (#4193)
* Display cluster tls error only in debug mode (#4124)
* Refactor log and reaper exec to omit MAINPID
* vagrant: Add Ubuntu 21.04 support
* vagrant: Update package list for Ubuntu
* vagrant: Add support for vagrant-libvirt
* vagrant: Change OS environment variable to DISTRO
* Improve error message when using a "K10" prefixed token (#4180)
* Add ability to reconcile bootstrap data between datastore and disk (#3398)
* moving fossa to being inline step with a sles image
* Add "etcd-" prefix to etcd-snapshot commands as aliases (#4161)
* Dual-stack support LB controller
* Update stable to v1.21.5+k3s2
* Add topologySpreadConstraints to support scaling of coredns
* Bump containerd to v1.5.7+k3s1
* Don't evacuate the root cgroup when rootless
* Skip tests that violate version skew policy
* Send MAINPID to systemd when reexecing for logfile output
* Properly handle operation as init process
* set transport to skip verify if se skip flag passed (#4102)
* Bump stable to v1.21.5+k3s1 (#4068)
* Enable the inheritance of settings for ipv6
* Adding fossa anaylze/test drone step
* Drop broken SupportNoneCgroupDriver support
* Add 1.22 channel
* Update build images to python3 for compat with recent gsutil change
* Use the new klipper-lb image that has newer go and Alpine versions
* Revert "Use the newer klipper-lb image"
* Disable automounting service account token in servicelb pods
* Make sure there are no duplicates in etcd member list (#4025)
* Use the newer klipper-lb image
* Enable JobTrackingWithFinalizers FeatureGate
* Fix regression from commit 137e80cd865efe51aa3ef0323fd6b0a014b7b9de
* Bump golang version
* Update Kubernetes to v1.22.2-k3s1
* Remove expiremental from cluster commands (#4024)
* Nvidia container runtime discovery in containerd config template (#3890)
* Fix premature etcd shutdown when joining an existing cluster
* Add StargzSupported stub for Windows
* Retrieve "CONTAINERD_" environment variables
* No-op when etcd member was already removed and use existing name for etcd controller (#4014)
* Add tests to the dual-stack PR and enable dual-stack with flannel backend
* Add dual-stack support
* Bump helm-controller and klipper-helm image version
* Return the error since it just gets logged and retried anyways
* Use SubjectAccessReview to validate CCM RBAC
* Set controller authn/authz kubeconfigs
* Pass context into all Executor functions
* Handle cgroup v1/2/hybrid in check-config.sh more explicitly/accurately
* [master] Add `etcd-member-management` controller to K3s (#4001)
* go mod tidy
* Minor cleanup on cribbed function
* Wait for apiserver readyz instead of healthz
* Anything not EL7 is EL8
* Add exposed metrics listener instead of replacing loopback listener
* Replace klog with non-exiting fork
* SupportPodPidsLimit is locked to true of 1.20, making pids cgroup support mandatory
* Migrate sqlite data to etcd when initializing the cluster
* feat: add option to disable s3 over https
* Ship Stargz Snapshotter (#2936)
* Add missing node name entry to apiserver SAN list
* added raspberry installation hint (#2379)
* Update maintainers to reflect team changes
* Bump kine for metrics/tls changes
* Small updates to CONTRIBUTING (#3734)
* Fix condition for adding kubernetes endpoints (#3941)
* Bump stable to v1.21.4+k3s1
* Creation of K3s integration test Sonobuoy plugin (#3931)
* Make consistent use of os-release vars
* Fix issue where addon checksum was never stored
* Move cniplugins version to 0.9.1
* Add functions to separate ipv4 from ipv6 functions
* github actions: enable workflow_dispatch (#3923)
* Redux: Enable K3s integration test to run on existing cluster (#3905)
* Check /etc/os-release exists before sourcing it
* install.sh: Inform user of current k3s+SELinux support status for SUSE/openSUSE systems
* Remove runtime V1 (`containerd-shim`)
* Update RootlessKit to v0.14.5 (#3902)
* Fix rootless regression in 1.22 (Set KubeletInUserNamespace gate) (#3901)
* Revert "Enable K3s integration test to run on existing cluster (#3892)" (#3899)
* Enable K3s integration test to run on existing cluster (#3892)
* Set osImage for docker image
* Fix PREVIOUS_CHANNEL lookup when current minor release is not stable
* Fix lint failures
* Replace dropped v1beta1 APIs with v1
* Update wrangler to v0.8.5
* Wrap errors in runControllers for additional context
* Disable deprecated insecure port
* Update containerd to 1.5
* Update grpc
* Update kine for etcd v3.5 compat
* update golangci config to sync with RKE2
* Bump gopls and golangci-lint
* Update etcd to v3.5.0
* Update Kubernetes to v1.22.1
* K3s Flock Integration Test (#3887)
* Reset load balancer state during restoraion (#3877)
* Add missing labels to stalebot config
* Update Kubernetes to v1.21.4-k3s1
* Bump containerd to v1.4.9-k3s1
* Bump helm-controller to work around tiller crashes
* Fix URL pruning when joining an etcd member (#3832)
* Added new testing documentation (#3823)
* Added locking system for integration tests (#3820)
* Updated the code to use GetNetworkByName and tweaked logic.
* Moved testing utils into tests directory. Improved gotests template. (#3805)
* account for an s3 folder when listing objects (#3807)
* Prevent snapshot commands from creating empty snapshot directory (#3783)
* Use New Image Names (#3749)
* Fix Node stuck at deletion (#3771)
* Bump helm-controller to v0.10.2
* install.sh: Use built-in shell functionality instead of awk
* Wrap context with lease before importing images
* Fix initial start of etcd only nodes (#3748)
* update rancher/local-path-provisioner to v0.0.20
* Update MAINTAINERS (#3744)
* Improve config retrieval messages
* Sync DisableKubeProxy into control struct
* Add nightly automation tests
* Add in stalebot config, starting with 6mo old stale issues. (#3739)
* Notify systemd for etcd only node (#3732)
* Exporting the AddFeatureGate function and adding a unit test for it. (#3661)
* Added logic to strip any existing hyphens before processing the args. (#3662)
* Fix to allow non-root users access to storage volumes. (#3714)
* Wait until server is ready before configuring kube-proxy (#3716)
* Introduction of Integration Tests (#3695)
* add gotests templates (#3709)
* Ignore markdown files for github actions (#3676)
* Update 1.21 stable version
* more fixes
* more fixes
* replace error with warn in delete
* fix warning msg
* migrate old token key format
* simplifying the code
* migrate empty string key properly
* Fix multiple bootstrap keys found
* move go routines for api server ready beneath wait group
* Bump Kubernetes to v1.21.3
* Bump containerd to v1.4.8-k3s1
* adding startup hooks args to access to Disables and Skips (#3674)
* Update .github/ISSUE_TEMPLATE/feature_request.md
* Update .github/ISSUE_TEMPLATE/bug_report.md
* Fix to allow prune to correctly cleanup custom named snapshots (#3649)
* Add checkbox to denote backporting required on issue templates
* Adding support for waitgroup to the Startuphooks (#3654)
* Bump helm-controller to v0.10.1 (#3644)
* Add issue template for creating release checklist issues (#3604)
* fix a runtime core panic (#3627)
* Convert existing unit tests to standard layout (#3621)
* Upgrade k3s-root version
* prevent snapshot save when snapshots are disabled (#3475)
* 🳠burp to inetaf/tcpproxy
* Bump the packaged runc binary version
* Update etcd snapshot error message to be more informative when etcd database is not found (#3568)
* Fixing various bugs related to windows.
* Update ROADMAP.md
* Dispatch to rancher/system-agent-installer-k3s when tagged (#3589)
* Update embedded kube-router (#3557)
* missing build tag for windows
* Set ulimits in docker-compose.yml
* Update to v1.21.2
* Fix coverage reporting to include all packages, not just those with tests
* Add unit tests for pkg/etcd (#3549)
* Fix spelling to satisfy codespell check
* Allow passing targeted environment variables to containerd
* Add user-facing change section to PR template
* (docs) Update README.md
* Export cli server flags and etcd restoration functions (#3527)
* Bump kine to resolve race condition and unrevisioned delete
* Changes local storage pods to have 700 permissions (#3537)
* Redux: Add Unit Test Coverage to CI (#3524)
* Move cloud-controller-manager into an embedded executor (#3525)
* Bump stable version to v1.21.2+k3s1 (#3526)
* Adds a command-line flag '--disable-helm-controller' that will disable the server's built-in helm controller.
* Revert "Add Unit Test Coverage to CI (#3494)" (#3499)
* Add Unit Test Coverage to CI (#3494)
* Basic windows agent that will join a cluster without CNI.
* Fix storing bootstrap data with empty token string (#3422)
* Fail to start k3s if nm-cloud-setup is enabled
* Renamed client-cloud-controller crt and key (#3470)
* Redux: Change containerd image leases from context lifespan to permanent (#3464)
* Revert "Change containerd image leases from 24h to permanent (#3452)" (#3461)
* Change containerd image leases from 24h to permanent (#3452)
* Send systemd notifications for both server and agent (#3430)
* Emit events for AddOn lifecycle
* Add comments, clean up imports and function names
* Tidy up function calls with many args
* Add nodename to UA string for deploy controller
* Changed iptables version check for fail if version is between 1.8.0 and 1.8.3 and using nf_tables mode (#3425)
* Add kubernetes.default.svc to serving certs
* Change Replace with ReplaceAll function
* fix possible race where bootstrap data might not save
* add log message indicating etcd snapshots are disabled
* Fix RBAC cloud-controller-manager name 3308 (#3388)
* cgroup2 CI: add rootless
* k3s-rootless.service: use fuse-overlayfs snapshotter
* Add a path for wireguard's privatekey
* Initial windows support for agent (#3375)
* Bump stable version to v1.21.1+k3s1 and add v1.21 channel
* Update flannel version
* containerd: v1.4.4-k3s2
* Bump channel stable version to v1.20.7+k3s1
* Fix shell expansion and file permission issues install.sh
* runc: v1.0.0-rc95 (#3348)
* move object channel defer close to goroutine
* add retention default and wire in s3 prune
* Handle conntrack-related sysctls in supervisor agent setup
* Add support for multiple env files for systemd unit
* add etcd snapshot save subcommand
++++ mozilla-nss:
- update to NSS 3.78.1
* bmo#1767590 - Initialize pointers passed to
NSS_CMSDigestContext_FinishMultiple
++++ rpm:
- drop requires-ge-macro.diff: this is already in rpm-config-SUSE
- enable-postin-scripts-error.diff: refresh
++++ libselinux:
- Added restorecon_pin_file.patch. Fixes issus when running
fixfiles/restorecon
++++ systemd:
- Import commit 4dbc543953eabd4c578da67ce6e2970d6f96c406 (merge of v250.6)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/0d950479e58dd3af007eb3780d600a5446aac519...4dbc543953eabd4c578da67ce6e2970d6f96c406
------------------------------------------------------------------
------------------ 2022-5-30 - May 30 2022 -------------------
------------------------------------------------------------------
++++ cups:
- Version upgrade to 2.4.2:
See https://github.com/openprinting/cups/releases
CUPS 2.4.2 brings the fix for CVE-2022-26691 (#bsc1199474)
together with LibreSSL/OpenSSL and minimal AIX support.
* Fixed certificate strings comparison
for Local authorization (CVE-2022-26691)
* The `cupsFileOpen` function no longer opens files
for append in read-write mode (Issue #291)
* The cupsd daemon removed processing temporary
queue (Issue #364)
* Fixed delay in IPP backend if GNUTLS is used and endpoint
doesn't confirm closing the connection (Issue #365)
* Fixed conditional jump based on uninitialized value
in cups/ppd.c (Issue #329)
* Fixed CSS related issues in CUPS Web UI (Issue #344)
* Fixed copyright in CUPS Web UI trailer template (Issue #346)
* mDNS hostname in device uri is not resolved when installaling
a permanent IPP Everywhere queue (Issues #340, #343)
* The `lpstat` command now reports when the scheduler
is not running (Issue #352)
* Updated the man pages concerning the `-h` option (Issue #357)
* Re-added LibreSSL/OpenSSL support (Issue #362)
* Updated the Solaris smf service file (Issue #368)
* Fixed a regression in lpoptions option support (Issue #370)
* The scheduler now regenerates the PPD cache information after
changing the "cupsd.conf" file (Issue #371)
* Updated the scheduler to set "auth-info-required"
to "username,password" if a backend reports it needs
authentication info but doesn't set a method
for authentication (Issue #373)
* Updated the configure script to look for the OpenSSL library
the old way if pkg-config is not available (Issue #375)
* Fixed the prototype for the `httpWriteResponse`
function (Issue #380)
* Brought back minimal AIX support (Issue #389)
* `cupsGetResponse` did not always set the last error.
* Fixed a number of old references to the Apple CUPS web page.
* Restored the default/generic printer icon file
for the web interface.
* Removed old stylesheet classes that are no longer used
by the web interface.
- Adapted downgrade-autoconf-requirement.patch for CUPS 2.4.2
++++ kernel-default:
- Linux 5.18.1 (bsc#1012628).
- ALSA: ctxfi: Add SB046x PCI ID (bsc#1012628).
- ACPI: sysfs: Fix BERT error region memory mapping (bsc#1012628).
- random: check for signals after page of pool writes
(bsc#1012628).
- random: wire up fops->splice_{read,write}_iter() (bsc#1012628).
- random: convert to using fops->write_iter() (bsc#1012628).
- random: convert to using fops->read_iter() (bsc#1012628).
- random: unify batched entropy implementations (bsc#1012628).
- random: move randomize_page() into mm where it belongs
(bsc#1012628).
- random: move initialization functions out of hot pages
(bsc#1012628).
- random: make consistent use of buf and len (bsc#1012628).
- random: use proper return types on get_random_{int,long}_wait()
(bsc#1012628).
- random: remove extern from functions in header (bsc#1012628).
- random: use static branch for crng_ready() (bsc#1012628).
- random: credit architectural init the exact amount
(bsc#1012628).
- random: handle latent entropy and command line from
random_init() (bsc#1012628).
- random: use proper jiffies comparison macro (bsc#1012628).
- random: remove ratelimiting for in-kernel unseeded randomness
(bsc#1012628).
- random: move initialization out of reseeding hot path
(bsc#1012628).
- random: avoid initializing twice in credit race (bsc#1012628).
- random: use symbolic constants for crng_init states
(bsc#1012628).
- siphash: use one source of truth for siphash permutations
(bsc#1012628).
- random: help compiler out with fast_mix() by using simpler
arguments (bsc#1012628).
- random: do not use input pool from hard IRQs (bsc#1012628).
- random: order timer entropy functions below interrupt functions
(bsc#1012628).
- random: do not pretend to handle premature next security model
(bsc#1012628).
- random: use first 128 bits of input as fast init (bsc#1012628).
- random: do not use batches when !crng_ready() (bsc#1012628).
- random: insist on random_get_entropy() existing in order to
simplify (bsc#1012628).
- xtensa: use fallback for random_get_entropy() instead of zero
(bsc#1012628).
- sparc: use fallback for random_get_entropy() instead of zero
(bsc#1012628).
- um: use fallback for random_get_entropy() instead of zero
(bsc#1012628).
- x86/tsc: Use fallback for random_get_entropy() instead of zero
(bsc#1012628).
- nios2: use fallback for random_get_entropy() instead of zero
(bsc#1012628).
- arm: use fallback for random_get_entropy() instead of zero
(bsc#1012628).
- mips: use fallback for random_get_entropy() instead of just
c0 random (bsc#1012628).
- riscv: use fallback for random_get_entropy() instead of zero
(bsc#1012628).
- m68k: use fallback for random_get_entropy() instead of zero
(bsc#1012628).
- timekeeping: Add raw clock fallback for random_get_entropy()
(bsc#1012628).
- powerpc: define get_cycles macro for arch-override
(bsc#1012628).
- alpha: define get_cycles macro for arch-override (bsc#1012628).
- parisc: define get_cycles macro for arch-override (bsc#1012628).
- s390: define get_cycles macro for arch-override (bsc#1012628).
- ia64: define get_cycles macro for arch-override (bsc#1012628).
- init: call time_init() before rand_initialize() (bsc#1012628).
- random: fix sysctl documentation nits (bsc#1012628).
- HID: amd_sfh: Add support for sensor discovery (bsc#1012628).
- lockdown: also lock down previous kgdb use (bsc#1012628).
- commit df81444
++++ mozilla-nss:
- update to NSS 3.78
* bmo#1755264 - Added TLS 1.3 zero-length inner plaintext checks and
tests, zero-length record/fragment handling tests.
* bmo#1294978 - Reworked overlong record size checks and added TLS1.3
specific boundaries.
* bmo#1763120 - Add ECH Grease Support to tstclnt
* bmo#1765003 - Add a strict variant of moz::pkix::CheckCertHostname.
* bmo#1166338 - Change SSL_REUSE_SERVER_ECDHE_KEY default to false.
* bmo#1760813 - Make SEC_PKCS12EnableCipher succeed
* bmo#1762489 - Update zlib in NSS to 1.2.12.
++++ ncurses:
- Add ncurses patch 20220529
+ expanded notes for teken/syscons -TD
+ fix overlooked copying of extended string-heap in copy_termtype
(cf: 20220430).
+ update config.guess
- Add ncurses patch 20220521
+ improve memory-leak checking in several test-programs.
+ set trailing null on string passed from winsnstr() to wins_nwstr().
+ modify del_curterm() to fix memory-leak introduced by change to
copy_termtype().
- Update tack to 1.09-20220528
+ Autoconf fixes
++++ libzypp:
- PluginRepoverification: initial version hooked into
repo::Downloader and repo refresh.
- Immediately start monitoring the download.transfer_timeout.
Do not wait until the first data arrived. (bsc#1199042)
- singletrans: no dry-run commit if doing just download-only.
- Work around cases where sat repo.start points to an invalid
solvable. May happen if (wrong arch) solvables were removed
at the beginning of the repo.
- fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER
(fixes #388)
- version 17.30.1 (22)
------------------------------------------------------------------
------------------ 2022-5-29 - May 29 2022 -------------------
------------------------------------------------------------------
++++ boost-base:
- Fix failing conversion of cpp_dec_float to double, depending on
locale (gh#boostorg/multiprecision#464, boo#1199968).
Add boost-mp-locale-fix.patch
++++ btrfsprogs:
- update to 5.18:
* fixes:
* dump-tree: don't print traling zeros in checksums
* recognize paused balance as exclusive operation state, allow to start
device add
* convert: properly initialize target filesystem label
* mkfs: don't create free space bitmaps for empty filesystem
* restore: make lzo support build-time configurable, print supported
compression in help text
* update kernel-lib sources
* other:
* documentation updates, finish conversion to RST, CHANGES and INSTALL
could be included into RST
* fix build detection of experimental mode
* new tests
++++ krb5:
- update to 1.20.0:
* Added a "disable_pac" realm relation to suppress adding PAC authdata
to tickets, for realms which do not need to support S4U requests.
* Most credential cache types will use atomic replacement when a cache
is reinitialized using kinit or refreshed from the client keytab.
* kprop can now propagate databases with a dump size larger than 4GB,
if both the client and server are upgraded.
* kprop can now work over NATs that change the destination IP address,
if the client is upgraded.
* Updated the KDB interface. The sign_authdata() method is replaced
with the issue_pac() method, allowing KDB modules to add logon info
and other buffers to the PAC issued by the KDC.
* Host-based initiator names are better supported in the GSS krb5
mechanism.
* Replaced AD-SIGNEDPATH authdata with minimal PACs.
* To avoid spurious replay errors, password change requests will not
be attempted over UDP until the attempt over TCP fails.
* PKINIT will sign its CMS messages with SHA-256 instead of SHA-1.
* Updated all code using OpenSSL to be compatible with OpenSSL 3.
* Reorganized the libk5crypto build system to allow the OpenSSL
back-end to pull in material from the builtin back-end depending on
the OpenSSL version.
* Simplified the PRNG logic to always use the platform PRNG.
* Converted the remaining Tcl tests to Python.
++++ tiff:
- update to 4.4.0:
* TIFFIsBigTiff() function added.
* Functions TIFFFieldSetGetSize() and TIFFieldSetGetCountSize() added.
* LZWDecode(): major speed improvements (~30% faster)
* Predictor 2 (horizontal differenciation): support 64-bit
* Support libjpeg 9d
* avoid hang in TIFFRewriteDirectory() if a classic file > 4 GB is attempted
to be created
* tif_jbig.c: fix crash when reading a file with multiple IFD in
memory-mapped mode and when bit reversal is needed
* TIFFFetchNormalTag(): avoid calling memcpy() with a null source pointer and
size of zero
* TIFFWriteDirectoryTagData(): turn assertion on data length into a runtime
check
* TIFFFetchStripThing(): avoid calling memcpy() with a null source pointer
and size of zero
* TIFFReadDirectory(): avoid calling memcpy() with a null source pointer and
size of zero
* TIFFYCbCrToRGBInit(): avoid Integer-overflow
* TIFFGetField(TIFFTAG_STRIPBYTECOUNTS/TIFFTAG_STRIPOFFSETS): return error if
returned pointer is NULL (fixes #342)
* OJPEG: avoid assertion when using TIFFReadScanline()
* TIFFReadDirectory: fix OJPEG hack
* LZW codec: fix support for strips/tiles > 2 GB on Windows
* TIFFAppendToStrip(): fix rewrite-in-place logic
* Fix TIFFRewriteDirectory discarding directories.
* TIFFReadCustomDirectory(): avoid crash when reading SubjectDistance tag on
a non EXIF directory
* Fix Segmentation fault printing GPS directory if Altitude tag is present
* tif_jpeg.c: do not emit progressive scans with mozjpeg. (#266)
* _TIFFRewriteField(): fix when writing a IFD with a single tile that is a
sparse one, on big endian hosts
* Fix all remaining uses of legacy Deflate compression id and warn on use.
- drop tiff-CVE-2022-0907.patch, tiff-CVE-2022-0561.patch, tiff-CVE-2022-0562.patch,
tiff-CVE-2022-0865.patch, tiff-CVE-2022-0909.patch, tiff-CVE-2022-0924.patch,
tiff-CVE-2022-0908.patch, tiff-CVE-2022-1056,CVE-2022-0891.patch: all upstream
- add signature validation, adds tiff.keyring
++++ mozilla-nspr:
- update to version 4.34
* add an API that returns a preferred loopback IP on hosts that
have two IP stacks available.
++++ python310-packaging:
- Add patch to fix testsuite on big-endian targets
+ fix-big-endian-build.patch
++++ vim:
- Updated to version 8.2.5038, fixes the following problems
- CVE-2022-1927 - boo#1200012
- CVE-2022-1897 - boo#1200010
- CVE-2022-1898 - boo#1200011
- CVE-2022-1886 - boo#1199969
- CVE-2022-1851 - boo#1199936
- CVE-2022-1796 - boo#1199747
- CVE-2022-1785 - boo#1199745
- CVE-2022-1771 - boo#1199693
- CVE-2022-1733 - boo#1199655
- CVE-2022-1769 - boo#1199658
- CVE-2022-1735 - boo#1199651
- CVE-2022-1720 - boo#1200732
- CVE-2022-1674 - boo#1199502
- CVE-2022-1621 - boo#1199435
- CVE-2022-1629 - boo#1199436
- CVE-2022-1619 - boo#1199333
- CVE-2022-1620 - boo#1199334
- CVE-2022-1616 - boo#1199331
* Valgrind warning for using uninitialized variable.
* Screendump test may fail when using valgrind.
* Vim9: misplaced elseif causes invalid memory access.
* "P" in Visual mode still changes some registers.
* Cannot make 'breakindent' use a specific column.
* String interpolation only works in heredoc.
* Test fails without the job/channel feature. (Dominique Pellé)
* Test fails with the job/channel feature.
* Vim9: redir in skipped block seen as assignment.
* Channel log does not show invoking a timer callback.
* Line number of lambda ignores line continuation.
* Inconsistent capitalization in error messages.
* Vim help presentation could be better.
* Test failures because of changed error messages.
* Distributed import files are not installed.
* Buffer overflow with invalid command with composing chars.
* Expression in command block does not look after NL when command is typed.
* Comment inside an expression in lambda ignores the rest of the expression.
* Coverity complains about pointer usage.
* With latin1 encoding CTRL-W might go before the start of the command line.
* Vim9 expression test fails without the job feature.
* NULL pointer access when using invalid pattern.
* Mouse wheel scrolling is inconsistent.
* Cannot get the current cmdline completion type and position.
* codecov includes MS-Windows install files.
* codecov includes MS-Windows install header file.
* Some users do not want a line comment always inserted.
* No text formatting for // comment after a statement.
* MODE_ enum entries names are too generic.
* Imperfect coding.
* The mode #defines are not clearly named.
* Using execute() to define a lambda doesn't work. (Ernie Rael)
* Popup_hide() does not always have effect.
* String interpolation in :def function may fail.
* Sometimes the cursor is in the wrong position.
* Mouse in Insert mode test fails.
* Fuzzy expansion of option names is not right.
* Conceal character from matchadd() displayed too many times.
* Can add invalid bytes with :spellgood.
* Spell test fails because of new illegal byte check.
* Mouse test fails on MS-Windows.
* Test checks for terminal feature unnecessarily.
* maparg() may return a string that cannot be reused.
* Trailing backslash may cause reading past end of line.
* #ifdef for crypt feature around too many lines.
* Return type of remove() incorrect when using three arguments.
* Various white space and cosmetic mistakes.
* Off-by-one error in in statusline item.
* Interpolated string expression requires escaping.
* Crash with sequence of Perl commands.
* Not easy to filter the output of maplist().
* A few more capitalization mistakes in error messages.
* String interpolation fails when not evaluating.
* With 'foldmethod' "indent" some lines are not included in the fold. (Oleg
Koshovetc)
* No test for what 8.2.4931 fixes.
* Crash when matching buffer with invalid pattern.
* matchfuzzypos() with "matchseq" does not have all positions.
* Some code is never used.
* '[ and '] marks may be wrong after undo.
* Error when setting 'filetype' in help file again.
* Changing 'switchbuf' may have no effect.
* Text properties are wrong after "cc". (Axel Forsman)
* Inconsistent use of white space.
* Vim9: some code not covered by tests.
* Text properties not adjusted when accepting spell suggestion.
* Cannot use Perl heredoc in nested :def function. (Virginia Senioria)
* Vim9: some code not covered by tests.
* Text properties position wrong after shifting text.
* Smart indenting done when not enabled.
* GUI test will fail if color scheme changes.
* With 'smartindent' inserting '}' after completion goes wrong.
* Inserting line breaks text property spanning more then one line.
* Text property in wrong position after auto-indent.
* Reading past end of line with "gf" in Visual block mode.
* Text properties in a wrong position after a block change.
* A couple conditions are always true.
* Using NULL regexp program.
* Text properties that cross line boundary are not correctly updated for
a deleted line.
* Build error with a certain combination of features.
* Files show up in git status.
* Expanding path with "/**" may overrun end of buffer.
* GUI: testing mouse move event depends on screen cell size.
* Changing text in Visual mode may cause invalid memory access.
* "eval 123" gives an error, "eval 'abc'" does not.
* Vim9: interpolated string seen as range.
* Vim9: compilation fails when using dict member when skipping.
* Vim9: type error for list unpack mentions argument.
* ":so" command may read after end of buffer.
* Recursive command line loop may cause a crash.
* Coverity complains about not restoring a saved value.
* Memory access error when substitute expression changes window.
* No error if engine selection atom is not at the start.
* Accessing freed memory when line is flushed.
* When 'shortmess' contains 'A' loading a session may still warn for an
existing swap file. (Melker Österberg)
* It is not possible to manipulate autocommands.
* Colors in terminal window are not 100% correct.
* Colors test fails in the GUI.
* Dragging statusline fails for window with winbar.
* PVS warns for possible array underrun.
* Some github actions are outdated.
* After deletion a small fold may be closable.
* Textprop in wrong position when replacing multi-byte chars.
* Cannot specify a function name for :defcompile.
* Memory leak when :defcompile fails.
* No test for hwat patch 8.1.0535 fixes.
* Compiler warning for possibly uninitialized variable. (Tony Mechelynck)
* smart/C/lisp indenting is optional, which makes the code more complex,
while it only reduces the executable size a bit.
* Tests are using legacy functions.
* Still a compiler warning for possibly uninitialized variable. (Tony
Mechelynck)
* setbufline() may change Visual selection. (Qiming Zhao)
* Python: changing hidden buffer can cause the display to be messed up.
* Vim9: crash when using multiple funcref().
* Filetype test table is not properly sorted.
* Checking translations affects the search pattern history.
* deletebufline() may change Visual selection.
* Cannot do bitwise shifts.
* Right shift on negative number does not work as documented.
* Compiler warning for uninitialized variable. (John Marriott)
* Asan warns for undefined behavior.
* Spell suggestion may use uninitialized memory. (Zdenek Dohnal)
* When 'formatoptions' contains "/" wrongly wrapping a long trailing comment.
* Fold may not be closeable after appending.
* The terminal debugger uses various global variables.
* Replacing an autocommand requires several lines.
* Cannot select one character inside ().
* After text formatting the cursor may be in an invalid position.
* Byte offsets are wrong when using text properties.
* Hoon and Moonscript files are not recognized.
* Access before start of text with a put command.
* Gcc 12.1 warns for uninitialized variable.
* Vim9: some code is not covered by tests.
* Cannot get the first screen column of a character.
* Using 'imstatusfunc' and 'imactivatefunc' breaks 'foldopen'.
* Build fails with normal features and +terminal. (Dominique Pellé)
* 'completefunc'/'omnifunc' error does not end completion.
* Substitute overwrites allocated buffer.
* Using freed memory with "]d".
* Vim9: a few lines not covered by tests.
* Error for missing :endif when an exception was thrown. (Dani Dickstein)
* Syntax regexp matching can be slow.
* "textlock" is always zero.
* autocmd_add() can only handle one event and pattern.
* Cannot easily run the benchmarks.
* Python 3 test fails without the GUI.
* Build error with +eval but without +quickfix. Warning for uninitialized
variable.
* There is no way to get the byte index from a virtual column.
* When splitting a window the changelist position moves.
* Using two counters for timeout check in NFA engine.
* Cursor position may be invalid after "0;" range.
* A finished terminal in a popup window does not show a scrollbar.
------------------------------------------------------------------
------------------ 2022-5-28 - May 28 2022 -------------------
------------------------------------------------------------------
++++ llvm15:
- Update to version 14.0.4.
* This release contains bug-fixes for the LLVM 14.0.0 release.
This release is API and ABI compatible with 14.0.0.
- Don't use gold for linking anymore: on s390x we use ld.bfd with
LLVMgold.so, on ppc64 we disable ThinLTO for now.
- Using ld.bfd on s390x exposed an issue with the existing
llvm_build_tablegen_component_as_shared_library.patch: linking
llvm-tblgen with libLLVM.so means we also have to link libraries
used for that (like LLVMTableGenGlobalISel) with libLLVM.so.
- Rewrite summary and description for llvm-gold to point out that
it can also be used with ld.bfd, recommend with binutils.
- Prefer RPM macros over shell scripting, so that we can better
inspect the build script with substitutions in place.
- More memory for stage 1 build jobs due to recent OOMs.
- Add %_libclang_sonum RPM macro to llvm-devel, since that might
now diverge from %_llvm_sonum.
- Rebase llvm-do-not-install-static-libraries.patch.
------------------------------------------------------------------
------------------ 2022-5-27 - May 27 2022 -------------------
------------------------------------------------------------------
++++ gnutls:
- Update to version 3.7.6:
* libgnutls: Fixed invalid write when gnutls_realloc_zero() is
called with new_size < old_size. This bug caused heap
corruption when gnutls_realloc_zero() has been set as gmp
reallocfunc.
* Remove gnutls-3.7.5-fix-gnutls_realloc_zero.patch: Fixed
upstream.
++++ kernel-default:
- Update config files -- DEBUG_INFO_DWARF5 (bsc#1199932)
Set DEBUG_INFO_DWARF5 which makes use of dwarf5 on gcc-7 and newer.
- commit d1b0a08
++++ qemu:
- It has been observed that building QEMU with _FORTIFY_SOURCE=3
causes problem (see bsc#1199924). Force it to =2 for now, while
we investigate the issue.
++++ update-alternatives:
- version update to 1.21.8
* fix CVE-2022-1664 [bsc#1199944], dpkg -- security update
* lot of changes, see changelog
- modified patches
% update-alternatives-suse.patch (refreshed)
------------------------------------------------------------------
------------------ 2022-5-26 - May 26 2022 -------------------
------------------------------------------------------------------
++++ dbus-1:
- The great dbus package split of 22, in preperation for replacing
dbus-daemon with dbus-broker currently there is no functional
difference that will change later, this follows a similar setup
to RedHat and Debian.
* dbus-daemon is now in its own separate package
* Create a dbus-1-common package with all the files and config
that are shared between the dbus-daemon and dbus-broker
implementations.
* Create a dbus-1-tools package with the tools eventually we will
likely want to move to only recommending this package Redhat and
Debian have both already gone down this path.
++++ grub2:
- Fix error message in displaying help on bootable snapshot (bsc#1199609)
++++ kernel-default:
- Update patches.suse/Revert-net-af_key-add-check-for-pfkey_broadcast-in-f.patch
Update to upstream version, update upstream reference and move into sorted
section.
- commit 3ae1db7
- series.conf: cleanup
- update upstream reference and move into sorted section:
- patches.suse/simplefb-Enable-boot-time-VESA-graphic-mode-selectio.patch
- commit dc762c4
- kernel-binary.spec: Support radio selection for debuginfo.
To disable debuginfo on 5.18 kernel a radio selection needs to be
switched to a different selection. This requires disabling the currently
active option and selecting NONE as debuginfo type.
- commit 43b5dd3
- Update config files -- DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT (bsc#1199932)
Set DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT which makes use of dwarf5 on
gcc-11 and newer.
- commit f439809
------------------------------------------------------------------
------------------ 2022-5-25 - May 25 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- buildrequire DirectX-Headers only on %{ix86} x86_64, since it's
only relevant on these platforms
++++ Mesa-drivers:
- buildrequire DirectX-Headers only on %{ix86} x86_64, since it's
only relevant on these platforms
++++ gnutls:
- Add gnutls-3.7.5-fix-gnutls_realloc_zero.patch: Fix memory
corruption in gnutls_realloc_zero (gl#gnutls/gnutls#1367,
boo#1199929).
++++ kernel-default:
- random: do not use input pool from hard IRQs (bsc#1199803).
- commit 3352b92
++++ logrotate:
- update to 3.20.1:
* drop world-readable permission on state file even when ACLs are enabled (#446)
- removed obsolete logrotate-CVE-2022-1348-follow-up.patch
- Security fix: (bsc#1199652, CVE-2022-1348)
* Add follow-up upstream patch for the introduced fix.
* Added patch logrotate-CVE-2022-1348-follow-up.patch
- Update patch:
* logrotate-3.19.0-man_logrotate.patch -> logrotate-3.20.0-man_logrotate.patch
- update to 3.20.0:
* fix potential DoS from unprivileged users via the state file (CVE-2022-1348)
* fix a misleading debug message with copytruncate and rotate 0 (#443)
* add support for unsigned time_t (#438)
* do not lock state file /dev/null (#433)
------------------------------------------------------------------
------------------ 2022-5-24 - May 24 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- Calling patch with '-p1' (as the others are) so 'git show'
.patch output works.
- Generating 'n_stop-iris-flicker.patch' from 'git format-patch' vs.
a standard diff.
- Fixing up 'stop-iris-flicker.patch' patch name to follow standards.
++++ Mesa-drivers:
- Calling patch with '-p1' (as the others are) so 'git show'
.patch output works.
- Generating 'n_stop-iris-flicker.patch' from 'git format-patch' vs.
a standard diff.
- Fixing up 'stop-iris-flicker.patch' patch name to follow standards.
++++ NetworkManager:
- Fold NetworkManager-wifi back into the main package: The dep
chain is not really different and it causes too many problems for
users having that split. Not worth the pain (boo#1199710,
boo#1199706).
- As a consequence, also drop the recommends fro the main package
to -wifi.
++++ grep:
- use release keyring rather than full one for validation
- Do not link an unversioned file by URL (and refresh keyring)
++++ libidn2:
- Refresh libidn2.keyring
++++ wayland:
- modernize spec file
* use licensedir
* use bcond
* use https:// urls
* spec-cleaner
++++ python-cryptography:
- update to 37.0.2:
* Fixed an issue where parsing an encrypted private key with the public
loader functions would hang waiting for console input on OpenSSL 3.0.x rather
than raising an error.
* Restored some legacy symbols for older ``pyOpenSSL`` users. These will be
removed again in the future, so ``pyOpenSSL`` users should still upgrade
to the latest version of that package when they upgrade ``cryptography``.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.2.
* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL 2.9.x and 3.0.x.
The new minimum LibreSSL version is 3.1+.
* **BACKWARDS INCOMPATIBLE:** Removed ``signer`` and ``verifier`` methods
from the public key and private key classes. These methods were originally
deprecated in version 2.0, but had an extended deprecation timeline due
to usage. Any remaining users should transition to ``sign`` and ``verify``.
* Deprecated OpenSSL 1.1.0 support. OpenSSL 1.1.0 is no longer supported by
the OpenSSL project. The next release of ``cryptography`` will be the last
to support compiling with OpenSSL 1.1.0.
* Deprecated Python 3.6 support. Python 3.6 is no longer supported by the
Python core team. Support for Python 3.6 will be removed in a future
``cryptography`` release.
* Deprecated the current minimum supported Rust version (MSRV) of 1.41.0.
In the next release we will raise MSRV to 1.48.0. Users with the latest
``pip`` will typically get a wheel and not need Rust installed, but check
:doc:`/installation` for documentation on installing a newer ``rustc`` if
required.
* Deprecated
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.CAST5`,
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.SEED`,
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.IDEA`, and
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.Blowfish` because
they are legacy algorithms with extremely low usage. These will be removed
in a future version of ``cryptography``.
* Added limited support for distinguished names containing a bit string.
* We now ship ``universal2`` wheels on macOS, which contain both ``arm64``
and ``x86_64`` architectures. Users on macOS should upgrade to the latest
``pip`` to ensure they can use this wheel, although we will continue to
ship ``x86_64`` specific wheels for now to ease the transition.
* This will be the final release for which we ship ``manylinux2010`` wheels.
Going forward the minimum supported ``manylinux`` ABI for our wheels will
be ``manylinux2014``. The vast majority of users will continue to receive
``manylinux`` wheels provided they have an up to date ``pip``. For PyPy
wheels this release already requires ``manylinux2014`` for compatibility
with binaries distributed by upstream.
* Added support for multiple
:class:`~cryptography.x509.ocsp.OCSPSingleResponse` in a
:class:`~cryptography.x509.ocsp.OCSPResponse`.
* Restored support for signing certificates and other structures in
:doc:`/x509/index` with SHA3 hash algorithms.
* :class:`~cryptography.hazmat.primitives.ciphers.algorithms.TripleDES` is
disabled in FIPS mode.
* Added support for serialization of PKCS#12 CA friendly names/aliases in
:func:`~cryptography.hazmat.primitives.serialization.pkcs12.serialize_key_and_certificates`
* Added support for 12-15 byte (96 to 120 bit) nonces to
:class:`~cryptography.hazmat.primitives.ciphers.aead.AESOCB3`. This class
previously supported only 12 byte (96 bit).
* Added support for
:class:`~cryptography.hazmat.primitives.ciphers.aead.AESSIV` when using
OpenSSL 3.0.0+.
* Added support for serializing PKCS7 structures from a list of
certificates with
:class:`~cryptography.hazmat.primitives.serialization.pkcs7.serialize_certificates`.
* Added support for parsing :rfc:`4514` strings with
:meth:`~cryptography.x509.Name.from_rfc4514_string`.
* Added :attr:`~cryptography.hazmat.primitives.asymmetric.padding.PSS.AUTO` to
:class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`. This can
be used to verify a signature where the salt length is not already known.
* Added :attr:`~cryptography.hazmat.primitives.asymmetric.padding.PSS.DIGEST_LENGTH`
to :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`. This
constant will set the salt length to the same length as the ``PSS`` hash
algorithm.
* Added support for loading RSA-PSS key types with
:func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key`
and
:func:`~cryptography.hazmat.primitives.serialization.load_der_private_key`.
This functionality is limited to OpenSSL 1.1.1e+ and loads the key as a
normal RSA private key, discarding the PSS constraint information.
++++ python-psutil:
- removed obsolete skip-partitions-erros.patch
- update to 5.9.1
* Enhancements
- 1053: drop Python 2.6 support. (patches by Matthieu Darbois and Hugo van Kemenade)
- 2050, [Linux]: increase read(2) buffer size from 1k to 32k when reading /proc
pseudo files line by line. This should help having more consistent results.
- 2057, [OpenBSD]: add support for cpu_freq().
- 2107, [Linux]: Process.memory_full_info() (reporting process USS/PSS/Swap memory)
now reads /proc/pid/smaps_rollup instead of /proc/pids/smaps, which makes it 5 times faster.
* Bug fixes
- 2048: AttributeError is raised if psutil.Error class is raised manually and passed through str.
- 2049, [Linux]: cpu_freq() erroneously returns curr value in GHz while min and max are in MHz.
- 2050, [Linux]: virtual_memory() may raise ValueError if running in a LCX container.
------------------------------------------------------------------
------------------ 2022-5-23 - May 23 2022 -------------------
------------------------------------------------------------------
++++ bash-completion:
- Add patch bsc1199724-modules.patch (bsc#1199724)
* Enable upstream commit to list ko.zst modules as well
++++ kernel-default:
- Add dtb-starfive
- commit 85335b1
- Revert "net: af_key: add check for pfkey_broadcast in function
pfkey_process" (20220523022438.ofhehjievu2alj3h@lion.mk-sys.cz).
- commit 2023975
++++ openldap2:
- Update to release 2.6.2
* Added support for OpenSSL 3.0 (ITS#9436)
* Fixed ldapdelete to prune LDAP subentries (ITS#9737)
* Fixed libldap to drop connection when non-LDAP data is
received (ITS#9803)
* Fixed libldap to allow newlines at end of included file
(ITS#9811)
* Fixed slapd slaptest conversion of olcLastBind (ITS#9808)
* Fixed slapd to correctly init global_host earlier (ITS#9787)
* Fixed slapd bconfig locking for cn=config replication
(ITS#9584)
* Fixed slapd usage of thread local counters (ITS#9789)
* Fixed slapd to clear runqueue task correctly (ITS#9785)
* Fixed slapd idletimeout handling (ITS#9820)
* Fixed slapd syncrepl handling of new sessions (ITS#9584)
* Fixed slapd to clear connections on bind (ITS#9799)
* Fixed slapd to correctly advance connections index (ITS#9831)
* Fixed slapd syncrepl ODSEE replication of unknown attr
(ITS#9801)
* Fixed slapd-asyncmeta memory leak in keepalive setting,
slapd-ldap memory leak in keepalive setting, SEGV on config
rewrite, ordering on config rewrite, memory leak in keepalive
setting (ITS#9802)
* Fixed slapo-pcache SEGV & slapd-monitor SEGV on shutdown
(ITS#9809)
* Fixed slapd-monitor crash when hitting sizelimit (ITS#9832)
* Fixed slapd-sql to properly escape filter value (ITS#9815)
* Fixed slapo-dynlist dynamic group regression (ITS#9825)
* Fixed slapo-ppolicy operation handling to be consistent
(ITS#9794)
* Fixed slapo-translucent to correctly duplicate substring
filters (ITS#9818)
* Contrib:
* Update ppm module to the 2.1 release (ITS#9814)
* Documentation:
* admin26: Document new lloadd features (ITS#9780)
* Fixed slapd.conf(5)/slapd-config(5) syncrepl
sizelimit/timelimit documentation (ITS#9804)
* Fixed slapd-sock(5) to clarify "sockresps result" behavior
(ITS#8255)
++++ ceph:
- Update to 16.2.9.50-g7d9f12156fb:
+ (jsc#SES-2515) High-availability NFS export
+ (bsc#1196044) cephadm: prometheus: The generatorURL in alerts is only using hostname
+ (bsc#1196785) cephadm: avoid crashing on expected non-zero exit
++++ libunwind:
- Fix dependencies
- Fix file list
++++ osinfo-db:
- Update to database version 20220516
osinfo-db-20220516.tar.xz
++++ podman:
- Backport upstream commit be5abf03ababc ("fix: Container.cGroupPath()
skip empty line to avoid false error logging") for fixing "Error parsing
cgroup: expected 3 fields but got 1" (see bsc#1199790, as it applies
to Factory/Tumbleweed too)
* 0004-fix-Container.cGroupPath-skip-empty-line-to-avoid-fa.patch
++++ qemu:
- Backport a GCC 12 aarch64 build fix (bsc#1199625)
* Patches added:
block-qdict-Fix-Werror-maybe-uninitializ.patch
++++ runc:
- Backport <https://github.com/opencontainers/runc/pull/3474> to fix issues
with newer syscalls (namely faccessat2) on older kernels on s390(x) caused by
that platform's syscall multiplexing semantics. bsc#1192051 bsc#1199565
+ bsc1192051-0001-seccomp-enosys-always-return-ENOSYS-for-setup-2-on-s390x.patch
++++ systemd-presets-common-SUSE:
- enable ignition-delete-config by default (bsc#1199524)
++++ virt-manager:
- Change dependency on package xorriso to Requires from Recommends
virt-manager.spec
------------------------------------------------------------------
------------------ 2022-5-22 - May 22 2022 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Update to 5.18 final
- refresh configs (headers only)
- commit d0f5e4b
++++ libxkbcommon:
- Update to release 1.4.1
* Fix compose sequence overriding (common prefix) not working
correctly. Regressed in 1.2.0.
* Remove various bogus currency sign (particulary Euro and
Korean Won) entries from the keysym <-> Unicode mappings.
They prevented the real keysyms/codepoints for these from
mapping correctly.
------------------------------------------------------------------
------------------ 2022-5-21 - May 21 2022 -------------------
------------------------------------------------------------------
++++ gnutls:
- update to 3.7.5:
* add options disable session ticket usage in TLS 1.2 because
it does not provide forward secrecy
* For TLS 1.3 where session tickets do provide forward secrecy,
the PFS priority string now only disables session tickets in
TLS 1.2.
* Future backward incompatibility: in the next major release of
GnuTLS those flag and modifier are planned to be removed
* gnutls-cli, gnutls-serv: Channel binding for printing
information has been changed from tls-unique to tls-exporter
as tls-unique is not supported in TLS 1.3.
* Certificate sanity checks has been enhanced to make gnutls
more RFC 5280 compliant:
* Removed 3DES from FIPS approved algorithms
* Optimized support for AES-SIV-CMAC algorithms
* libgnutls: HKDF and AES-GCM algorithms are now approved in
FIPS-140 mode when used in TLS
++++ harfbuzz:
- Update to version 4.3.0:
+ Major speed up in loading and subsetting fonts, especially in
handling CFF table. Subsetting some fonts is now 3 times faster
+ Speed up blending CFF2 table
+ Speed up hb_ot_tags_from_language()
+ Fix USE classification of U+10A38 to fix multiple marks on
single Kharoshthi base
+ Fix parsing of empty CFF Index
+ Fix subsetting CPAL table with partial palette overlaps
------------------------------------------------------------------
------------------ 2022-5-20 - May 20 2022 -------------------
------------------------------------------------------------------
++++ lsof:
- Fix hostname in reproducible builds, bsc#1199709
* remove-hostname.patch
++++ selinux-policy:
- Update to version 20220520 to pass stricter 3.4 toolchain checks
- Update to version 20220428. Refreshed:
* fix_apache.patch
* fix_hadoop.patch
* fix_init.patch
* fix_iptables.patch
* fix_kernel_sysctl.patch
* fix_networkmanager.patch
* fix_systemd.patch
* fix_systemd_watch.patch
* fix_unprivuser.patch
* fix_usermanage.patch
* fix_wine.patch
------------------------------------------------------------------
------------------ 2022-5-19 - May 19 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- Update to 22.1.0
* lot of great featurres, including (since rc5) additional
kopper backports for zink, and support for Intel's Alchemist
DG2 platform.
++++ Mesa-drivers:
- Update to 22.1.0
* lot of great featurres, including (since rc5) additional
kopper backports for zink, and support for Intel's Alchemist
DG2 platform.
++++ cockpit-machines:
- Add suse-vv-install.patch to display SUSE hint for virt-viewer
installation (bsc#1199673)
++++ cockpit-tukit:
- Update to version 0.0.3~git6.03c747e:
* Hide snapshot item extension part
* Change help URL to official docs
* Mention node_modules.sums in spec sources
* Use compression for source archive
++++ gtk3:
- Update to version 3.24.34:
+ Include legacy hicolor icons.
+ Fix the build with gcc 12.
+ X11: Trap errors when getting output properties.
+ Wayland: Ignore empty preedit updates. This fixes a problem
with textview scrolling.
+ Updated translations.
++++ libbpf:
- Update to release 0.8.0
* New features and APIs:
- support auto-resolution of binaries and shared libraries from PATH, if necessary;
- support attaching by function names (only by IP was supported before);
- support attaching to USDTs (SEC("usdt/...") and
bpf_program__attach_usdt()) with initially supported architectures:
x86-64 (amd64); x86 (i386); s390x; ARM64 (aarch64); RISC V (riscv);
- improved BPF verifier log reporting for CO-RE relocation failures (no
more obscure "invalid func unknown#195896080" errors);
- auto-adjust BPF ringbuf size according to host kernel's page size requirements;
- high-level BPF map APIs: bpf_map__lookup_elem(), bpf_map__update_elem(),
etc that validate key/value buffer sizes;
- bpf_link_create() can create all bpf_link-based (including raw_tp,
fentry/fexit, etc), falling back to bpf_raw_tracepoint_open() on old
kernels transparently;
- support opting out from auto-loading BPF programs declaratively with
SEC("?...");
- support opting out from auto-creation of declarative BPF maps with
bpf_map__set_autocreate();
- support multi-kprobes (SEC("kprobe.multi/...") and
bpf_program__attach_kprobe_multi_opts());
- support target-less SEC() programs (e.g., SEC("kprobe"), SEC("tp"), etc);
- support BPF sub-skeletons for "incomplete" BPF object files (requires
matching bpftool to generate .subskel.h);
- BPF cookie support for fentry/fexit/fmod_ret BPF programs
(bpf_program__attach_trace_opts());
- support for custom SEC() handlers (libbpf_register_prog_handler()).
* BPF-side API
- BPF-side USDT APIs. See new usdt.bpf.h header:
* BPF_USDT() program wrapper macro; bpf_usdt_arg(), bpf_usdt_arg_cnt(),
* bpf_usdt_cookie() helpers;
- new bpf_core_field_offset() CO-RE helper and support
bpf_core_field_size(type, field) forms;
- barrier() and barrier_var() macros for improving BPF code generation;
- __kptr and __kptr_ref tags added;
- ARC architecture support in bpf_tracing.h header;
- new BPF helpers:
* bpf_skb_set_tstamp();
* bpf_ima_file_hash();
* bpf_kptr_xchg();
* bpf_map_lookup_percpu_elem().
* Bug fixes
- netlink bug fixes;
- libbpf.pc fixes to support patch releases properly;
- BPF_MAP_TYPE_PERF_EVENT_ARRAY map auto-pinning fix;
- minor CO-RE fixes and improvements for some corner cases;
- various other small fixes and improvements.
++++ salt:
- Make sure SaltCacheLoader use correct fileclient (bsc#1199149)
- Added:
* make-sure-saltcacheloader-use-correct-fileclient-519.patch
++++ selinux-policy:
- Add fix_dnsmasq.patch to fix problems with virtualization on Microos
(bsc#1199518)
------------------------------------------------------------------
------------------ 2022-5-18 - May 18 2022 -------------------
------------------------------------------------------------------
++++ aaa_base:
- Update to version 84.87+git20220518.dc83f4e:
* Also in /etc/profile, rootsh is not restricted
- Update to version 84.87+git20220518.78b2a0b:
* The wrapper rootsh is not a restricted shell
++++ kernel-default:
- perf: Fix sys_perf_event_open() race against self
(CVE-2022-1729, bsc#1199507).
- commit c1eda89
- Linux 5.17.9 (bsc#1012628).
- batman-adv: Don't skb_split skbuffs with frag_list
(bsc#1012628).
- iwlwifi: iwl-dbg: Use del_timer_sync() before freeing
(bsc#1012628).
- hwmon: (tmp401) Add OF device ID table (bsc#1012628).
- mac80211: Reset MBSSID parameters upon connection (bsc#1012628).
- net: rds: use maybe_get_net() when acquiring refcount on TCP
sockets (bsc#1012628).
- net: Fix features skip in for_each_netdev_feature()
(bsc#1012628).
- net: mscc: ocelot: fix last VCAP IS1/IS2 filter persisting in
hardware when deleted (bsc#1012628).
- net: mscc: ocelot: fix VCAP IS2 filters matching on both lookups
(bsc#1012628).
- net: mscc: ocelot: restrict tc-trap actions to VCAP IS2 lookup 0
(bsc#1012628).
- net: mscc: ocelot: avoid corrupting hardware counters when
moving VCAP filters (bsc#1012628).
- fbdev: simplefb: Cleanup fb_info in .fb_destroy rather than
.remove (bsc#1012628).
- fbdev: efifb: Cleanup fb_info in .fb_destroy rather than .remove
(bsc#1012628).
- fbdev: vesafb: Cleanup fb_info in .fb_destroy rather than
.remove (bsc#1012628).
- platform/surface: aggregator: Fix initialization order when
compiling as builtin module (bsc#1012628).
- ice: Fix race during aux device (un)plugging (bsc#1012628).
- ice: clear stale Tx queue settings before configuring
(bsc#1012628).
- ice: fix PTP stale Tx timestamps cleanup (bsc#1012628).
- ipv4: drop dst in multicast routing path (bsc#1012628).
- drm/nouveau: Fix a potential theorical leak in
nouveau_get_backlight_name() (bsc#1012628).
- netlink: do not reset transport header in netlink_recvmsg()
(bsc#1012628).
- net: chelsio: cxgb4: Avoid potential negative array offset
(bsc#1012628).
- fbdev: efifb: Fix a use-after-free due early fb_info cleanup
(bsc#1012628).
- net: sfc: fix memory leak due to ptp channel (bsc#1012628).
- fanotify: do not allow setting dirent events in mask of non-dir
(bsc#1012628).
- mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU
protection (bsc#1012628).
- nfs: fix broken handling of the softreval mount option
(bsc#1012628).
- ionic: fix missing pci_release_regions() on error in
ionic_probe() (bsc#1012628).
- dim: initialize all struct fields (bsc#1012628).
- hwmon: (ltq-cputemp) restrict it to SOC_XWAY (bsc#1012628).
- procfs: prevent unprivileged processes accessing fdinfo dir
(bsc#1012628).
- selftests: vm: Makefile: rename TARGETS to VMTARGETS
(bsc#1012628).
- net: dsa: flush switchdev workqueue on bridge join error path
(bsc#1012628).
- arm64: vdso: fix makefile dependency on vdso.so (bsc#1012628).
- virtio: fix virtio transitional ids (bsc#1012628).
- s390/ctcm: fix variable dereferenced before check (bsc#1012628).
- s390/ctcm: fix potential memory leak (bsc#1012628).
- s390/lcs: fix variable dereferenced before check (bsc#1012628).
- net/sched: act_pedit: really ensure the skb is writable
(bsc#1012628).
- net: ethernet: mediatek: ppe: fix wrong size passed to memset()
(bsc#1012628).
- net: bcmgenet: Check for Wake-on-LAN interrupt probe deferral
(bsc#1012628).
- drm/vc4: hdmi: Fix build error for implicit function declaration
(bsc#1012628).
- mlxsw: Avoid warning during ip6gre device removal (bsc#1012628).
- net: dsa: bcm_sf2: Fix Wake-on-LAN with mac_link_down()
(bsc#1012628).
- net/smc: non blocking recvmsg() return -EAGAIN when no data
and signal_pending (bsc#1012628).
- net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe()
(bsc#1012628).
- tls: Fix context leak on tls_device_down (bsc#1012628).
- drm/vmwgfx: Fix fencing on SVGAv3 (bsc#1012628).
- gfs2: Fix filesystem block deallocation for short writes
(bsc#1012628).
- hwmon: (asus_wmi_sensors) Fix CROSSHAIR VI HERO name
(bsc#1012628).
- hwmon: (f71882fg) Fix negative temperature (bsc#1012628).
- RDMA/irdma: Fix deadlock in irdma_cleanup_cm_core()
(bsc#1012628).
- iommu: arm-smmu: disable large page mappings for Nvidia arm-smmu
(bsc#1012628).
- ASoC: max98090: Reject invalid values in custom control put()
(bsc#1012628).
- ASoC: max98090: Generate notifications on changes for custom
control (bsc#1012628).
- ASoC: ops: Validate input values in snd_soc_put_volsw_range()
(bsc#1012628).
- s390: disable -Warray-bounds (bsc#1012628).
- ASoC: SOF: Fix NULL pointer exception in sof_pci_probe callback
(bsc#1012628).
- io_uring: assign non-fixed early for async work (bsc#1012628).
- net: emaclite: Don't advertise 1000BASE-T and do auto
negotiation (bsc#1012628).
- net: sfp: Add tx-fault workaround for Huawei MA5671A SFP ONT
(bsc#1012628).
- secure_seq: use the 64 bits of the siphash for port offset
calculation (bsc#1012628).
- tcp: use different parts of the port_offset for index and offset
(bsc#1012628).
- tcp: resalt the secret every 10 seconds (bsc#1012628).
- tcp: add small random increments to the source port
(bsc#1012628).
- tcp: dynamically allocate the perturb table used by source ports
(bsc#1012628).
- tcp: increase source port perturb table to 2^16 (bsc#1012628).
- tcp: drop the hash_32() part from the index calculation
(bsc#1012628).
- block: Do not call folio_next() on an unreferenced folio
(bsc#1012628).
- interconnect: Restore sync state by ignoring ipa-virt in
provider count (bsc#1012628).
- perf tests: Fix coresight `perf test` failure (bsc#1012628).
- firmware_loader: use kernel credentials when reading firmware
(bsc#1012628).
- KVM: PPC: Book3S PR: Enable MSR_DR for switch_mmu_context()
(bsc#1012628).
- usb: xhci-mtk: fix fs isoc's transfer error (bsc#1012628).
- x86/mm: Fix marking of unused sub-pmd ranges (bsc#1012628).
- tty/serial: digicolor: fix possible null-ptr-deref in
digicolor_uart_probe() (bsc#1012628).
- tty: n_gsm: fix buffer over-read in gsm_dlci_data()
(bsc#1012628).
- tty: n_gsm: fix mux activation issues in gsm_config()
(bsc#1012628).
- tty: n_gsm: fix invalid gsmtty_write_room() result
(bsc#1012628).
- usb: gadget: uvc: allow for application to cleanly shutdown
(bsc#1012628).
- usb: cdc-wdm: fix reading stuck on device close (bsc#1012628).
- usb: typec: tcpci: Don't skip cleanup in .remove() on error
(bsc#1012628).
- usb: typec: tcpci_mt6360: Update for BMC PHY setting
(bsc#1012628).
- USB: serial: pl2303: add device id for HP LM930 Display
(bsc#1012628).
- USB: serial: qcserial: add support for Sierra Wireless EM7590
(bsc#1012628).
- USB: serial: option: add Fibocom L610 modem (bsc#1012628).
- USB: serial: option: add Fibocom MA510 modem (bsc#1012628).
- slimbus: qcom: Fix IRQ check in qcom_slim_probe (bsc#1012628).
- fsl_lpuart: Don't enable interrupts too early (bsc#1012628).
- genirq: Remove WARN_ON_ONCE() in generic_handle_domain_irq()
(bsc#1012628).
- serial: 8250_mtk: Fix UART_EFR register address (bsc#1012628).
- serial: 8250_mtk: Fix register address for XON/XOFF character
(bsc#1012628).
- ceph: fix setting of xattrs on async created inodes
(bsc#1012628).
- Revert "mm/memory-failure.c: skip huge_zero_page in
memory_failure()" (bsc#1012628).
- mm/huge_memory: do not overkill when splitting huge_zero_page
(bsc#1012628).
- mm: mremap: fix sign for EFAULT error return value
(bsc#1012628).
- drm/vmwgfx: Disable command buffers on svga3 without gbobjects
(bsc#1012628).
- drm/nouveau/tegra: Stop using iommu_present() (bsc#1012628).
- i40e: i40e_main: fix a missing check on list iterator
(bsc#1012628).
- net: phy: Fix race condition on link status change
(bsc#1012628).
- writeback: Avoid skipping inode writeback (bsc#1012628).
- cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in
cpuset_init_smp() (bsc#1012628).
- ping: fix address binding wrt vrf (bsc#1012628).
- ath11k: reduce the wait time of 11d scan and hw scan while
add interface (bsc#1012628).
- arm[64]/memremap: don't abuse pfn_valid() to ensure presence
of linear map (bsc#1012628).
- net: phy: micrel: Do not use kszphy_suspend/resume for KSZ8061
(bsc#1012628).
- net: phy: micrel: Pass .probe for KS8737 (bsc#1012628).
- SUNRPC: Ensure that the gssproxy client can start in a connected
state (bsc#1012628).
- drm/vmwgfx: Initialize drm_mode_fb_cmd2 (bsc#1012628).
- Revert "drm/amd/pm: keep the BACO feature enabled for suspend"
(bsc#1012628).
- dma-buf: call dma_buf_stats_setup after dmabuf is in valid list
(bsc#1012628).
- mm/hwpoison: use pr_err() instead of dump_page() in
get_any_page() (bsc#1012628).
- net: phy: micrel: Fix incorrect variable type in micrel
(bsc#1012628).
- mm/kfence: reset PG_slab and memcg_data before freeing
__kfence_pool (bsc#1012628).
- commit eab1a2c
++++ lttng-ust:
- Update to version 2.13.2 (changes since 2.13.0):
* Fix: ust-compiler: constructor/destructor build on g++ 4.8.
* ust-compiler: constructor/destructor whitespaces layout and
macro dependency.
* Fix: ust-cancelstate: include string.h for strerror.
* Fix: libnuma is prepended to LIBS.
* Fix: Allow disabling some abi compat tests.
* Fix: generate probe registration constructor as a C++
constuctor.
* Fix: nestable pthread cancelstate.
* Fix: abort on decrement_sem_count during concurrent tracing
start and teardown.
* Fix: allocating C++ compound literal on heap with Clang.
* Check for C++11 when building C++ probe providers.
* fix: liblttng-ust-fd async-signal-safe close().
* tracepoints: print debug message when lttng-ust-tracepoint.so
is not found.
* Fix: static_assert unavailable with glibc < 2.16.
* Fix: combined tracing of lttng-ust 2.12/2.13 generates
corrupted traces.
* doc/man: Document LTTNG_UST_ABORT_ON_CRITICAL variable.
* Fix: remove autoconf features default value in help message.
* Fix: add extern "C" to two header files.
* Fix: __STDC_VERSION__ can be undefined in C++.
* Fix: sample discarded events count before reserve.
* Fix: ring buffer event counter.
* Fix: concurrent exec(2) file descriptor leak.
* Add "domain" parameter to the Log4j 2.x agent.
* Fix: Convert custom loglevels in Log4j 2.x agent.
* Fix: coverity reported null returns in Log4j2 agent.
* Add a Log4j 2.x Java agent.
* Fix: may be used uninitialised on powerpc.
* Fix: doc/examples/java-log4j: fix paths to directories.
* Fix: doc/examples/java-jul: fix paths to directories.
++++ parted:
- add new type command from upstream
added patches:
- type-command.patch
++++ libunwind:
- Adjust baselibs.conf for shlib guideline.
------------------------------------------------------------------
------------------ 2022-5-17 - May 17 2022 -------------------
------------------------------------------------------------------
++++ transactional-update:
- Version 4.0.0~rc4
- Fix building with GCC 12
- Fix stack overflow with very long commands / ids [bsc#1196149]
- Use separate mount namespace for chroot, allowing overwriting
the bind mounts from the update environment - this could have
lead to data loss of the bind mount previously
- Fix C error and exception handling for snapshots
++++ glibc:
- nptl-spurious-eintr.patch: nptl: Handle spurious EINTR when thread
cancellation is disabled (BZ #29029)
++++ grub2:
- Fix installation over serial console ends up in infinite boot loop
(bsc#1187810)
* 0001-Fix-infinite-boot-loop-on-headless-system-in-qemu.patch
- Fix ppc64le build error for new IEEE long double ABI
* 0001-libc-config-merge-from-glibc.patch
++++ kernel-firmware:
- Update to version 20220516 (git commit 251d29004ffc):
* amdgpu: update beige goby firmware for 22.10
* amdgpu: update renoir firmware for 22.10
* amdgpu: update dimgrey cavefish firmware for 22.10
* amdgpu: update vega20 firmware for 22.10
* amdgpu: update yellow carp firmware for 22.10
* amdgpu: update vega12 firmware for 22.10
* amdgpu: update navy flounder firmware for 22.10
* amdgpu: update vega10 firmware for 22.10
* amdgpu: update raven2 firmware for 22.10
* amdgpu: update raven firmware for 22.10
* amdgpu: update sienna cichlid firmware for 22.10
* amdgpu: update green sardine firmware for 22.10
* amdgpu: update PCO firmware for 22.10
* amdgpu: update vangogh firmware for 22.10
* amdgpu: update navi14 firmware for 22.10
* amdgpu: update navi12 firmware for 22.10
* amdgpu: update navi10 firmware for 22.10
* amdgpu: update aldebaran firmware for 22.10
* linux-firmware: Update firmware file for Intel Bluetooth 9462
* linux-firmware: Update firmware file for Intel Bluetooth 9462
* linux-firmware: Update firmware file for Intel Bluetooth 9560
* linux-firmware: Update firmware file for Intel Bluetooth 9560
* linux-firmware: Update firmware file for Intel Bluetooth AX201
* linux-firmware: Update firmware file for Intel Bluetooth AX201
* linux-firmware: Update firmware file for Intel Bluetooth AX211
* linux-firmware: Update firmware file for Intel Bluetooth AX211
* linux-firmware: Update firmware file for Intel Bluetooth AX210
* linux-firmware: Update firmware file for Intel Bluetooth AX200
* linux-firmware: Update firmware file for Intel Bluetooth AX201
* mediatek: Update mt8192 SCP firmware
++++ gcc12:
- Update to gcc-12 branch head, 325d82b08696da17fb26bd2e1b6b, git78
------------------------------------------------------------------
------------------ 2022-5-16 - May 16 2022 -------------------
------------------------------------------------------------------
++++ NetworkManager:
- Update to version 1.38.0:
+ Add support for route type "throw".
+ Fix bug setting priority for IP addresses.
+ Static IPv6 addresses from "ipv6.addresses" are now preferred
over addresses from DHCPv6, which are preferred over addresses
from autoconf. This affects IPv6 source address selection, if
the rules from RFC 6724, section 5 don't give a exhaustive
match.
+ Static IPv6 addresses from "ipv6.addresses" are now interpreted
with first address being preferred. Their order got inverted.
This is now consistent with IPv4.
+ Wi-Fi hotspots will use a (stable) random channel number unless
one is chosen manually.
+ Don't use unsupported SAE/WPA3 mode for AP mode.
+ NetworkManager will no longer advertise frequencies as
supported when they're disallowed in configured regulatory
domain.
+ Attempt to connect to WEP-encrypted Wi-Fi network will now fail
gracefully with a recent version of wpa_supplicant when built
without WEP support. As long as wpa_supplicant supports WEP,
NetworkManager will continue to work.
+ Disable WPA3 transition mode for wifi.key-mgmt=wpa-psk if the
NIC does not support PMF. This is known to cause problems in
some setups. It is still possible to explicitly configure
wifi.key-mgmt=sae for WPA3.
+ Add new dummy crypto backend "null" that does nothing.
NetworkManager uses the crypto library when handling
certificates for 802.1x profiles.
+ Veth devices with name "eth*" are now managed by default via
the udev rule. This is to support managing the network in LXD
containers.
+ The hostname received from DHCP is now shortened to the first
dot (or to 64 characters, whatever comes first) if it's too
long.
+ As the insecure WEP encryption for Wi-Fi network is phased out,
nmcli now discourages its use when activating or modifying a
profile.
+ Fix connectivity checks in case the check endpoint address
resolves to multiple addresses.
+ Workaround libcurl blocking NetworkManager while resolving DNS
names.
+ nmcli: indicate missing Wi-Fi hardware when showing rfkill
setting.
+ nmcli: add connection migrate command to move a profile to a
specified settings plugin. This allows to convert profiles in
the deprecated ifcfg-rh format to keyfile.
+ Set "src" attribute for routes from DHCPv4 to the leased
address. This helps with source address selection.
+ Various bugfixes and internal improvements.
+ Updated translations.
- Recommend NetworkNanager-wifi from the main package: after the
split, there is currently nothing pulling in NM-wifi. Preferably
this would happen based on wifi chips prsence, but that is not
yet done (boo#1199550).
++++ gpg2:
- added tpm support, added a new subpackage gpg2-tpm
++++ kernel-default:
- Linux 5.17.8 (bsc#1012628).
- mm: fix invalid page pointer returned with FOLL_PIN gups
(bsc#1012628).
- mm,migrate: fix establishing demotion target (bsc#1012628).
- mm/mlock: fix potential imbalanced rlimit ucounts adjustment
(bsc#1012628).
- mm/hwpoison: fix error page recovered but reported "not
recovered" (bsc#1012628).
- mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte()
and __mcopy_atomic() (bsc#1012628).
- mm: shmem: fix missing cache flush in shmem_mfill_atomic_pte()
(bsc#1012628).
- mm: hugetlb: fix missing cache flush in
hugetlb_mcopy_atomic_pte() (bsc#1012628).
- mm: hugetlb: fix missing cache flush in
copy_huge_page_from_user() (bsc#1012628).
- mm: fix missing cache flush for all tail pages of compound page
(bsc#1012628).
- udf: Avoid using stale lengthOfImpUse (bsc#1012628).
- rfkill: uapi: fix RFKILL_IOCTL_MAX_SIZE ioctl request definition
(bsc#1012628).
- Bluetooth: Fix the creation of hdev->name (bsc#1012628).
- commit 718e8e9
- Update to 5.18-rc7
- commit 1778f40
++++ ncurses:
- Add ncurses patch 20220514
+ further improvements to test/test_mouse.c; compare with ncurses test
program menu A/a.
++++ libproxy:
- Add libproxy-python-310.patch: Detect python 3.10.
++++ libunwind:
- Add Conflict markers for earlier combined libunwind.
++++ u-boot-rpiarm64:
- Remove build dependency on SDL, none of the installed tools need that
- Use pkgconfig dependencies for gnutls, uuid, openssl
------------------------------------------------------------------
------------------ 2022-5-15 - May 15 2022 -------------------
------------------------------------------------------------------
++++ apparmor:
- add dovecot-profiles-boo1199535-mr881.diff: update dovecot profiles
for latest dovecot (boo#1199535)
++++ librsvg:
- Update to version 2.54.3:
+ Fix detection of gi-docgen.
+ Install the generated documentation in the correct place so
that Devhelp can find it.
- Changes from version 2.54.2:
+ Fix regressions when computing element geometries.
+ Add a --disable-gtk-doc option for the configure script, so
people can disable generating documentation for
cross-compiling.
+ MSVC: Support generating documentation, and passing
introspection paths.
++++ libapparmor:
- add dovecot-profiles-boo1199535-mr881.diff: update dovecot profiles
for latest dovecot (boo#1199535)
------------------------------------------------------------------
------------------ 2022-5-14 - May 14 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- autoselect libvdpau_r300/libvdpau_r600/libvdpau_radeonsi packages
via hardware supplements on AMD GPUs
++++ Mesa-drivers:
- autoselect libvdpau_r300/libvdpau_r600/libvdpau_radeonsi packages
via hardware supplements on AMD GPUs
------------------------------------------------------------------
------------------ 2022-5-13 - May 13 2022 -------------------
------------------------------------------------------------------
++++ iptables:
- Update to release 1.8.8
* Add iptables-translate support for: sctp match's
- -chunk-types option, connlimit match, multiport match's
- -ports option, and the tcpmss match.
* Reject setuid executables in libxtables for safety reasons
* Extended arptables-nft with -C, -I, -R, -S cmomands and the
"-c N,M" counter syntax.
* Debug output in iptables-restore (all variants), iptables-nft
and ebtables-nft when specifying -v multiple times
* Improved performance of iptables-save and -restore
++++ open-iscsi:
- Set initiatorname in %post (at end of install), for cases
where root is read-only at startup time (bsc#1198457)
++++ systemd:
- Update rpmlintrc for shlib-policy-name-error/multibuild case.
++++ libunwind:
- Resolve rpmlint error "libunwind.x86_64: E:
shlib-policy-name-error SONAME: libunwind-coredump.so.0,
expected package suffix: 0"
++++ libyajl:
- add libyajl-CVE-2022-24795.patch (CVE-2022-24795, bsc#1198405)
------------------------------------------------------------------
------------------ 2022-5-12 - May 12 2022 -------------------
------------------------------------------------------------------
++++ chrony:
- Moved 20-chrony file from user specif directory
/etc/NetworkManager/dispatcher.d to vendor specific directory
/usr/lib/NetworkManager/dispatcher.d. So, users changes can
still be done in /etc and will not be overwritten by an update.
++++ glibc:
- Follow the distro default gcc version to build the cross
bootstrap packages.
++++ kernel-default:
- Linux 5.17.7 (bsc#1012628).
- PCI: aardvark: Update comment about link going down after
link-up (bsc#1012628).
- PCI: aardvark: Drop __maybe_unused from advk_pcie_disable_phy()
(bsc#1012628).
- PCI: aardvark: Don't mask irq when mapping (bsc#1012628).
- PCI: aardvark: Remove irq_mask_ack() callback for INTx
interrupts (bsc#1012628).
- PCI: aardvark: Use separate INTA interrupt for emulated root
bridge (bsc#1012628).
- PCI: aardvark: Fix support for PME requester on emulated bridge
(bsc#1012628).
- PCI: aardvark: Add support for PME interrupts (bsc#1012628).
- PCI: aardvark: Optimize writing PCI_EXP_RTCTL_PMEIE and
PCI_EXP_RTSTA_PME on emulated bridge (bsc#1012628).
- PCI: aardvark: Add support for ERR interrupt on emulated bridge
(bsc#1012628).
- PCI: aardvark: Enable MSI-X support (bsc#1012628).
- PCI: aardvark: Fix setting MSI address (bsc#1012628).
- PCI: aardvark: Add support for masking MSI interrupts
(bsc#1012628).
- PCI: aardvark: Refactor unmasking summary MSI interrupt
(bsc#1012628).
- PCI: aardvark: Use dev_fwnode() instead of
of_node_to_fwnode(dev->of_node) (bsc#1012628).
- PCI: aardvark: Make msi_domain_info structure a static driver
structure (bsc#1012628).
- PCI: aardvark: Make MSI irq_chip structures static driver
structures (bsc#1012628).
- PCI: aardvark: Check return value of generic_handle_domain_irq()
when processing INTx IRQ (bsc#1012628).
- PCI: aardvark: Rewrite IRQ code to chained IRQ handler
(bsc#1012628).
- PCI: aardvark: Replace custom PCIE_CORE_INT_* macros with
PCI_INTERRUPT_* (bsc#1012628).
- mmc: rtsx: add 74 Clocks in power on flow (bsc#1012628).
- selftest/vm: verify remap destination address in mremap_test
(bsc#1012628).
- selftest/vm: verify mmap addr in mremap_test (bsc#1012628).
- KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt
is advertised (bsc#1012628).
- KVM: x86/mmu: avoid NULL-pointer dereference on page freeing
bugs (bsc#1012628).
- KVM: x86: Do not change ICR on write to APIC_SELF_IPI
(bsc#1012628).
- x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume
(bsc#1012628).
- KVM: selftests: Silence compiler warning in the
kvm_page_table_test (bsc#1012628).
- kvm: selftests: do not use bitfields larger than 32-bits for
PTEs (bsc#1012628).
- KVM: VMX: Exit to userspace if vCPU has injected exception
and invalid state (bsc#1012628).
- KVM: SEV: Mark nested locking of vcpu->lock (bsc#1012628).
- iommu/dart: Add missing module owner to ops structure
(bsc#1012628).
- fbdev: Make fb_release() return -ENODEV if fbdev was
unregistered (bsc#1012628).
- kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has
architectural PMU (bsc#1012628).
- net: rds: acquire refcount on TCP sockets (bsc#1012628).
- gpio: mvebu: drop pwm base assignment (bsc#1012628).
- parisc: Mark cr16 clock unstable on all SMP machines
(bsc#1012628).
- btrfs: always log symlinks in full mode (bsc#1012628).
- smsc911x: allow using IRQ0 (bsc#1012628).
- selftests: ocelot: tc_flower_chains: specify conform-exceed
action for policer (bsc#1012628).
- bnxt_en: Fix unnecessary dropping of RX packets (bsc#1012628).
- bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS
flag (bsc#1012628).
- dt-bindings: pci: apple,pcie: Drop max-link-speed from example
(bsc#1012628).
- selftests: mirror_gre_bridge_1q: Avoid changing PVID while
interface is operational (bsc#1012628).
- rxrpc: Enable IPv6 checksums on transport socket (bsc#1012628).
- mld: respect RCU rules in ip6_mc_source() and ip6_mc_msfilter()
(bsc#1012628).
- SUNRPC: Don't leak sockets in xs_local_connect() (bsc#1012628).
- hinic: fix bug of wq out of bound access (bsc#1012628).
- drm/msm/dp: remove fail safe mode related code (bsc#1012628).
- selftests/net: so_txtime: usage(): fix documentation of default
clock (bsc#1012628).
- selftests/net: so_txtime: fix parsing of start time stamp on
32 bit systems (bsc#1012628).
- net: emaclite: Add error handling for of_address_to_resource()
(bsc#1012628).
- net: igmp: respect RCU rules in ip_mc_source() and
ip_mc_msfilter() (bsc#1012628).
- net: cpsw: add missing of_node_put() in cpsw_probe_dt()
(bsc#1012628).
- net: mdio: Fix ENOMEM return value in BCM6368 mux bus controller
(bsc#1012628).
- net: stmmac: dwmac-sun8i: add missing of_node_put() in
sun8i_dwmac_register_mdio_mux() (bsc#1012628).
- net: dsa: mt7530: add missing of_node_put() in mt7530_setup()
(bsc#1012628).
- net: ethernet: mediatek: add missing of_node_put() in
mtk_sgmii_init() (bsc#1012628).
- NFSv4: Don't invalidate inode attributes on delegation return
(bsc#1012628).
- RDMA/irdma: Fix possible crash due to NULL netdev in notifier
(bsc#1012628).
- RDMA/irdma: Reduce iWARP QP destroy time (bsc#1012628).
- RDMA/irdma: Flush iWARP QP if modified to ERR from RTR state
(bsc#1012628).
- RDMA/siw: Fix a condition race issue in MPA request processing
(bsc#1012628).
- SUNRPC release the transport of a relocated task with an
assigned transport (bsc#1012628).
- ALSA: hda/realtek: Fix mute led issue on thinkpad with cs35l41
s-codec (bsc#1012628).
- selftests/seccomp: Don't call read() on TTY from background pgrp
(bsc#1012628).
- net/mlx5e: TC, fix decap fallback to uplink when int port not
supported (bsc#1012628).
- net/mlx5e: Lag, Don't skip fib events on current dst
(bsc#1012628).
- net/mlx5e: Lag, Fix fib_info pointer assignment (bsc#1012628).
- net/mlx5e: Lag, Fix use-after-free in fib event handler
(bsc#1012628).
- net/mlx5: Fix deadlock in sync reset flow (bsc#1012628).
- net/mlx5: Avoid double clear or set of sync reset requested
(bsc#1012628).
- net/mlx5: Fix matching on inner TTC (bsc#1012628).
- net/mlx5e: Fix the calling of update_buffer_lossy() API
(bsc#1012628).
- net/mlx5e: CT: Fix queued up restore put() executing after
relevant ft release (bsc#1012628).
- net/mlx5e: Don't match double-vlan packets if cvlan is not set
(bsc#1012628).
- net/mlx5e: Fix wrong source vport matching on tunnel rule
(bsc#1012628).
- net/mlx5: Fix slab-out-of-bounds while reading resource dump
menu (bsc#1012628).
- net/mlx5e: Fix trust state reset in reload (bsc#1012628).
- iommu/dart: check return value after calling
platform_get_resource() (bsc#1012628).
- iommu/vt-d: Drop stop marker messages (bsc#1012628).
- ASoC: soc-ops: fix error handling (bsc#1012628).
- ASoC: meson: axg-card: Fix nonatomic links (bsc#1012628).
- ASoC: meson: axg-tdm-interface: Fix formatters in trigger"
(bsc#1012628).
- ASoC: dmaengine: Restore NULL prepare_slave_config() callback
(bsc#1012628).
- hwmon: (pmbus) disable PEC if not enabled (bsc#1012628).
- hwmon: (adt7470) Fix warning on module removal (bsc#1012628).
- gpio: pca953x: fix irq_stat not updated when irq is disabled
(irq_mask not set) (bsc#1012628).
- gpio: visconti: Fix fwnode of GPIO IRQ (bsc#1012628).
- NFC: netlink: fix sleep in atomic bug when firmware download
timeout (bsc#1012628).
- nfc: nfcmrvl: main: reorder destructive operations in
nfcmrvl_nci_unregister_dev to avoid bugs (bsc#1012628).
- nfc: replace improper check device_is_registered() in netlink
related functions (bsc#1012628).
- can: grcan: only use the NAPI poll budget for RX (bsc#1012628).
- can: grcan: grcan_probe(): fix broken system id check for
errata workaround needs (bsc#1012628).
- can: grcan: use ofdev->dev when allocating DMA memory
(bsc#1012628).
- can: isotp: remove re-binding of bound socket (bsc#1012628).
- can: grcan: grcan_close(): fix deadlock (bsc#1012628).
- s390/dasd: Fix read inconsistency for ESE DASD devices
(bsc#1012628).
- s390/dasd: Fix read for ESE with blksize < 4k (bsc#1012628).
- s390/dasd: prevent double format of tracks for ESE devices
(bsc#1012628).
- s390/dasd: fix data corruption for ESE devices (bsc#1012628).
- ASoC: meson: Fix event generation for AUI CODEC mux
(bsc#1012628).
- ASoC: meson: Fix event generation for G12A tohdmi mux
(bsc#1012628).
- ASoC: meson: Fix event generation for AUI ACODEC mux
(bsc#1012628).
- ASoC: wm8958: Fix change notifications for DSP controls
(bsc#1012628).
- ASoC: rt9120: Correct the reg 0x09 size to one byte
(bsc#1012628).
- ASoC: da7219: Fix change notifications for tone generator
frequency (bsc#1012628).
- genirq: Synchronize interrupt thread startup (bsc#1012628).
- btrfs: skip compression property for anything other than files
and dirs (bsc#1012628).
- btrfs: do not allow compression on nodatacow files
(bsc#1012628).
- btrfs: export a helper for compression hard check (bsc#1012628).
- btrfs: do not BUG_ON() on failure to update inode when setting
xattr (bsc#1012628).
- btrfs: force v2 space cache usage for subpage mount
(bsc#1012628).
- btrfs: sysfs: export the balance paused state of exclusive
operation (bsc#1012628).
- net: stmmac: disable Split Header (SPH) for Intel platforms
(bsc#1012628).
- firewire: core: extend card->lock in fw_core_handle_bus_reset
(bsc#1012628).
- firewire: remove check of list iterator against head past the
loop body (bsc#1012628).
- firewire: fix potential uaf in outbound_phy_packet_callback()
(bsc#1012628).
- timekeeping: Mark NMI safe time accessors as notrace
(bsc#1012628).
- Revert "SUNRPC: attempt AF_LOCAL connect on setup"
(bsc#1012628).
- hwmon: (pmbus) delta-ahe50dc-fan: work around hardware quirk
(bsc#1012628).
- RISC-V: relocate DTB if it's outside memory region
(bsc#1012628).
- drm/amdgpu: do not use passthrough mode in Xen dom0
(bsc#1012628).
- drm/amd/display: Avoid reading audio pattern past
AUDIO_CHANNELS_COUNT (bsc#1012628).
- iommu/arm-smmu-v3: Fix size calculation in
arm_smmu_mm_invalidate_range() (bsc#1012628).
- iommu/vt-d: Calculate mask for non-aligned flushes
(bsc#1012628).
- KVM: x86/svm: Account for family 17h event renumberings in
amd_pmc_perf_hw_id (bsc#1012628).
- x86/fpu: Prevent FPU state corruption (bsc#1012628).
- gpiolib: of: fix bounds check for 'gpio-reserved-ranges'
(bsc#1012628).
- mmc: core: Set HS clock speed before sending HS CMD13
(bsc#1012628).
- mmc: sunxi-mmc: Fix DMA descriptors allocated above 32 bits
(bsc#1012628).
- mmc: sdhci-msm: Reset GCC_SDCC_BCR register for SDHC
(bsc#1012628).
- ALSA: fireworks: fix wrong return count shorter than expected
by 4 bytes (bsc#1012628).
- ALSA: hda/realtek: Add quirk for Yoga Duet 7 13ITL6 speakers
(bsc#1012628).
- parisc: Merge model and model name into one line in
/proc/cpuinfo (bsc#1012628).
- Revert "parisc: Mark sched_clock unstable only if clocks are
not syncronized" (bsc#1012628).
- Revert "parisc: Mark cr16 CPU clocksource unstable on all SMP
machines" (bsc#1012628).
- MIPS: Fix CP0 counter erratum detection for R4k CPUs
(bsc#1012628).
- ipmi:ipmi_ipmb: Fix null-ptr-deref in ipmi_unregister_smi()
(bsc#1012628).
- ipmi: When handling send message responses, don't process the
message (bsc#1012628).
- pci_irq_vector() can't be used in atomic context any
longer. This conflicts with the usage of this function
in nic_mbx_intr_handler(). age of this function in
nic_mbx_intr_handler() (bsc#1012628).
- commit c9a5fa1
++++ openldap2:
- bsc#1199277 - Resolve segfault when calling new ctx with global ctx
* 0017-Resolve-error-handling-in-new-ctx-when-global.patch
++++ runc:
- Add ExcludeArch for s390 (not s390x) since we've never supported it.
------------------------------------------------------------------
------------------ 2022-5-11 - May 11 2022 -------------------
------------------------------------------------------------------
++++ apparmor:
- Update samba-new-dcerpcd.patch for aarch64 which needs some
additional rules; (bnc#1198309).
++++ curl:
- Update to 7.83.1:
* Security fixes:
- (bsc#1199225, CVE-2022-30115) HSTS bypass via trailing dot
- (bsc#1199224, CVE-2022-27782) TLS and SSH connection too eager reuse
- (bsc#1199223, CVE-2022-27781) CERTINFO never-ending busy-loop
- (bsc#1199222, CVE-2022-27780) percent-encoded path separator in URL host
- (bsc#1199221, CVE-2022-27779) cookie for trailing dot TLD
- (bsc#1199220, CVE-2022-27778) removes wrong file on error
* Bugfixes:
- altsvc: fix host name matching for trailing dots
- cirrus: Update to FreeBSD 12.3
- cirrus: Use pip for Python packages on FreeBSD
- conn: fix typo 'connnection' -> 'connection' in two function names
- cookies: make bad_domain() not consider a trailing dot fine
- curl: free resource in error path
- curl: guard against size_t wraparound in no-clobber code
- CURLOPT_DOH_URL.3: mention the known bug
- CURLOPT_HSTS*FUNCTION.3: document the involved structs as well
- CURLOPT_SSH_AUTH_TYPES.3: fix the default
- data/test376: set a proper name
- GHA/mbedtls: enabled nghttp2 in the build
- gha: build msh3
- gskit: fixed bogus setsockopt calls
- gskit: remove unused function set_callback
- hsts: ignore trailing dots when comparing hosts names
- HTTP-COOKIES: add missing CURLOPT_COOKIESESSION
- http: move Curl_allow_auth_to_host()
- http_proxy/hyper: handle closed connections
- hyper: fix test 357
- Makefile: fix "make ca-firefox"
- mbedtls: bail out if rng init fails
- mbedtls: fix compile when h2-enabled
- mbedtls: fix some error messages
- misc: use "autoreconf -fi" instead buildconf
- msh3: get msh3 version from MsH3Version
- msh3: print boolean value as text representation
- msh3: psss remote_port to MsH3ConnectionOpen
- ngtcp2: add ca-fallback support for OpenSSL backend
- nss: return error if seemingly stuck in a cert loop
- openssl: define HAVE_SSL_CTX_SET_EC_CURVES for libressl
- post_per_transfer: remove the updated file name
- sectransp: bail out if SSLSetPeerDomainName fails
- tests/server: declare variable 'reqlogfile' static
- tests: fix markdown formatting in README
- test{898,974,976}: add 'HTTP proxy' keywords
- tls: check more TLS details for connection reuse
- url: check SSH config match on connection reuse
- urlapi: address (harmless) UndefinedBehavior sanitizer warning
- urlapi: reject percent-decoding host name into separator bytes
- x509asn1: make do_pubkey handle EC public keys
++++ gnutls:
- disable kcapi usage for now, as kernel-obs-build not adjusted
to contain the algorithms. bsc#1189283
++++ hwdata:
- Update to version 0.359:
+ Updated pci, usb and vendor ids.
++++ kernel-firmware:
- Update to version 20220509 (git commit b19cbdca78ab):
* mediatek: Update mt8183 SCP firmware
* ice: Update package to 1.3.28.0
* i915: Add DMC v2.06 for DG2
* rtl_bt: Update RTL8852A BT USB firmware to 0xDBB7_C1D9
* amdgpu: update psp_13_0_8 firmware
* amdgpu: update gc_10_3_7_rlc firmware
* amdgpu: update dcn_3_1_6_dmcub firmware
* ath11k: QCA6390 hw2.0: update to WLAN.HST.1.0.1-05266-QCAHSTSWPLZ_V2_TO_X86-1
* qcom: add firmware files for Adreno a420 & related generations
* qcom: add firmware files for Adreno a330
* qcom: add firmware files for Adreno a220
* i915: Add GuC v70.1.2 for DG2
* rtw89: 8852c: add new firmware v0.27.20.0 for RTL8852C
* Mellanox: Add lc_ini_bundle for xx.2010.1006
* Mellanox: xx.2010.1502: Distribute non-xz-compressed lc_ini_bundle
* ath10k: QCA9984 hw1.0: update board-2.bin
* ath10k: QCA9984 hw1.0: update firmware-5.bin to 10.4-3.9.0.2-00156
* ath10k: QCA9888 hw2.0: update board-2.bin
* ath10k: QCA9888 hw2.0: update firmware-5.bin to 10.4-3.9.0.2-00156
* ath10k: QCA6174 hw3.0: update board-2.bin
* ath10k: QCA6174 hw3.0: update firmware-6.bin to WLAN.RM.4.4.1-00288-QCARMSWPZ-1
* ath10k: QCA4019 hw1.0: update board-2.bin
* ath10k: QCA99X0 hw2.0: add board-2.bin
* ath11k: WCN6855 hw2.0: update to WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.7
* ath11k: WCN6750 hw1.0: add to WLAN.MSL.1.0.1-00887-QCAMSLSWPLZ-1
* ath11k: WCN6750 hw1.0: add board-2.bin
* ath11k: QCN9074 hw1.0: add to WLAN.HK.2.5.0.1-01208-QCAHKSWPL_SILICONZ-1
* ath11k: QCN9074 hw1.0: add board-2.bin
* ath11k: QCA6390 hw2.0: update board-2.bin
* ath11k: IPQ8074 hw2.0: update to WLAN.HK.2.5.0.1-01208-QCAHKSWPL_SILICONZ-1
* ath11k: IPQ8074 hw2.0: update board-2.bin
* ath11k: IPQ6018 hw1.0: update to WLAN.HK.2.5.0.1-01208-QCAHKSWPL_SILICONZ-1
* ath11k: IPQ6018 hw1.0: update board-2.bin
* Mellanox: Add new mlxsw_spectrum firmware xx.2010.1502
* amdgpu: update yellow carp DMCUB firmware
* linux-firmware: update firmware for mediatek bluetooth chip (MT7922)
* linux-firmware: update firmware for MT7922 WiFi device
* mediatek: Add mt8195 SCP firmware
* qcom: apq8096: add modem firmware
* qcom: apq8096: add aDSP firmware
* rtl_bt: Add firmware and config files for RTL8852C
* i915: Add GuC v70.1.1 for all platforms
- Update aliases
++++ libapparmor:
- Update samba-new-dcerpcd.patch for aarch64 which needs some
additional rules; (bnc#1198309).
++++ multipath-tools:
- Update to version 0.8.9+90+suse.71a70fb:
* support overriding -D_FORTIFY_SOURCE in OPTFLAGS
* add -U_FORTIFY_SOURCE to optflags to avoid compilation errors
on old distros
++++ protobuf:
- Do not use %%autosetup, but %%setup and %%patch on other line
* Allows building on SLE-12-SP5
++++ libvisual:
- Remove old specfile constructs
- Remove --with-pic, this is only useful with --enable-static
- Make %install sh-compatible
- Remove .la files, I do not think we will need it
- Repair rpmlint error "libvisual.x86_64: E:
shlib-policy-name-error SONAME: libvisual-0.4.so.0, expected
package suffix: 0_4-0"
++++ qemu:
- Filter out rpmlint error that is valid for qemu, but will
have its badness increased in the future.
++++ runc:
- Update to runc v1.1.2. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.1.2.
CVE-2022-29162 bsc#1199460
* A bug was found in runc where runc exec --cap executed processes with
non-empty inheritable Linux process capabilities, creating an atypical Linux
environment. For more information, see [GHSA-f3fp-gc8g-vw66][] and
CVE-2022-29162. bsc#1199460
* `runc spec` no longer sets any inheritable capabilities in the created
example OCI spec (`config.json`) file.
------------------------------------------------------------------
------------------ 2022-5-10 - May 10 2022 -------------------
------------------------------------------------------------------
++++ gcc12:
- Enable PRU architecture for AM335x platforms
++++ multipath-tools:
- Update to version 0.8.9+87+suse.a1eb122:
* add ability to autodetect support for -D_FORTIFY_SOURCE=3
++++ numactl:
- Update to version 2.0.14.39.g8b18345:
* numa(3): Fix typos and punctuation
* Avoid libnuma.so dependency on util.o
* test/prefered: add test cases for new 'preferred-many' policy
* test/prefered: fix compiling problem
* numa(3): Update the man page
* Update to support multiple nodes
* numademo: Add a new test for multiple-preferred-nodes policy
* numactl: Simplify preferred selection
* libnuma: Export interface to set/get preferred nodes
* util: Add new preferred-many type
++++ python310-core:
- Refresh bluez-devel-vendor.tar.xz
++++ python310:
- Refresh bluez-devel-vendor.tar.xz
------------------------------------------------------------------
------------------ 2022-5-9 - May 9 2022 -------------------
------------------------------------------------------------------
++++ checkpolicy:
- Update to version 3.4
* warn on bogus IP address or netmask in nodecon statement
* allow wildcard permissions in constraints
* mention class name on invalid permission
++++ gstreamer:
- Enable use of libunwind on riscv64
- Update to version 1.20.2
+ Highlighted bugfixes:
- avviddec: Remove vc1/wmv3 override and fix crashes on WMV
files with FFMPEG 5.0+
- macOS: fix plugin discovery for GStreamer installed via brew
and fix loading of Rust plugins
- rtpbasepayload: various header extension handling fixes
- rtpopusdepay: fix regression in stereo input handling if
sprop-stereo is not advertised
- rtspclientsink: fix possible shutdown deadlock
- mpegts: gracefully handle "empty" program maps and fix AC-4
detection
- mxfdemux: Handle empty VANC packets and fix EOS handling
- playbin3: various playbin3, uridecodebin3, and playsink fixes
- ptpclock: fix initial sync-up with certain devices
- gltransformation: let graphene alloc its structures memory
aligned
- webrtcbin fixes and webrtc sendrecv example improvements
- video4linux2: various fixes including some fixes for
Raspberry Pi users
- videorate segment handling fixes and other fixes
- nvh264dec, nvh265dec: Fix broken key-unit trick modes and
reverse playback
- wpe: Reintroduce persistent WebContext
- cerbero: Make it easier to consume 1.20.1 macOS GStreamer
.pkgs
- build fixes and gobject annotation fixes
- bug fixes, security fixes, memory leak fixes, and other
stability and reliability improvements
+ gstreamer:
- devicemonitor: clean up signal handlers and hidden providers
list
- Leaks tracer: fix pthread_atfork return value check leading
to bogus warning in log
- Rust plugins: Not picked up by the plugin loader on macOS
- Failed to use plugins of latest GStreamer version 1.20.x
installed by brew on macOS
- ptpclock: Allow at least 100ms delay between Sync/Follow_Up
and Delay_Req/Delay_Resp messages. Fixes problems acquiring
initial sync with certain devices
- meson: Add -Wl,-rpath,${libdir} on macOS
- registry: skip Rust dep builddirs when searching for plugins
recursively
++++ gstreamer-plugins-base:
- Update to version 1.20.2:
+ appsrc: Clarify buffer ref semantics in signals documentation
+ appsrc: fix annotations for bindings
+ typefind: Skip extension parsing for data:// URIs, fixing
regression with mp4 files serialised to data uris
+ playbin3: various fixes
+ playbin3: fix missing lock when unknown stream type in
pad-removed cb
+ decodebin3: fix collection leaks
+ decodebin3: Don't duplicate stream selections
+ discoverer: chain up to parent finalize methods in all our
types to fix memory leaks
+ glmixerbin: slightly better pad/element creation
+ gltransformation: let graphene alloc its structures memory
aligned
+ ogg: fix possible buffer overrun
+ rtpbasepayload: Don't write header extensions if there's no
corresponding...
+ rtpbasepayload: always store input buffer meta before
negotiation
+ rtpbasepayload: fix transfer annotation for push and push_list
+ subparse: don't try to index string with -1
+ riff-media: fix memory leak after usage for g_strjoin()
+ playbin/playbin3: Allow setting a NULL URI
+ playsink: Complete reconfiguration on pad release.
+ parsebin: Expose streams of unknown type
+ pbutils: Fix wmv screen description detection
+ subparse: don't deref a potentially NULL variable
+ rawvideoparse: set format from caps in
gst_raw_video_parse_set_config_from_caps
+ videodecoder: release stream lock after handling gap events
+ videorate: fix assertion when pushing last and only buffer
without duration
+ videorate: Revert "don't reset on segment update" to fix
segment handling regressions
+ gst-play-1.0, gst-launch-1.0: Enable win32 high-resolution
timer also for MinGW build
- Drop patch already included in 1.20.2:
+ 5a074a11f90e3d70b24bf0c535ab0480fad9e701.patch
++++ kernel-default:
- Linux 5.17.6 (bsc#1012628).
- usb: mtu3: fix USB 3.0 dual-role-switch from device to host
(bsc#1012628).
- floppy: disable FDRAWCMD by default (bsc#1012628).
- USB: quirks: add a Realtek card reader (bsc#1012628).
- USB: quirks: add STRING quirk for VCOM device (bsc#1012628).
- USB: serial: whiteheat: fix heap overflow in
WHITEHEAT_GET_DTR_RTS (bsc#1012628).
- USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader
(bsc#1012628).
- USB: serial: option: add support for Cinterion MV32-WA/MV32-WB
(bsc#1012628).
- USB: serial: option: add Telit 0x1057, 0x1058, 0x1075
compositions (bsc#1012628).
- usb: xhci: tegra:Fix PM usage reference leak of
tegra_xusb_unpowergate_partitions (bsc#1012628).
- xhci: Enable runtime PM on second Alderlake controller
(bsc#1012628).
- xhci: stop polling roothubs after shutdown (bsc#1012628).
- xhci: increase usb U3 -> U0 link resume timeout from 100ms to
500ms (bsc#1012628).
- iio: dac: ad5592r: Fix the missing return value (bsc#1012628).
- iio: scd4x: check return of scd4x_write_and_fetch (bsc#1012628).
- iio: dac: ad5446: Fix read_raw not returning set value
(bsc#1012628).
- iio: magnetometer: ak8975: Fix the error handling in
ak8975_power_on() (bsc#1012628).
- iio: imu: inv_icm42600: Fix I2C init possible nack
(bsc#1012628).
- usb: misc: fix improper handling of refcount in uss720_probe()
(bsc#1012628).
- usb: core: Don't hold the device lock while sleeping in
do_proc_control() (bsc#1012628).
- usb: typec: ucsi: Fix reuse of completion structure
(bsc#1012628).
- usb: typec: ucsi: Fix role swapping (bsc#1012628).
- usb: gadget: uvc: Fix crash when encoding data for usb request
(bsc#1012628).
- usb: gadget: configfs: clear deactivation flag in
configfs_composite_unbind() (bsc#1012628).
- usb: dwc3: Try usb-role-switch first in dwc3_drd_init
(bsc#1012628).
- usb: dwc3: core: Fix tx/rx threshold settings (bsc#1012628).
- usb: dwc3: core: Only handle soft-reset in DCTL (bsc#1012628).
- usb: dwc3: gadget: Return proper request status (bsc#1012628).
- usb: dwc3: pci: add support for the Intel Meteor Lake-P
(bsc#1012628).
- usb: cdns3: Fix issue for clear halt endpoint (bsc#1012628).
- usb: phy: generic: Get the vbus supply (bsc#1012628).
- kernfs: fix NULL dereferencing in kernfs_remove (bsc#1012628).
- binder: Gracefully handle BINDER_TYPE_FDA objects with num_fds=0
(bsc#1012628).
- binder: Address corner cases in deferred copy and fixup
(bsc#1012628).
- serial: imx: fix overrun interrupts in DMA mode (bsc#1012628).
- serial: amba-pl011: do not time out prematurely when draining
tx fifo (bsc#1012628).
- serial: 8250: Also set sticky MCR bits in console restoration
(bsc#1012628).
- serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device
(bsc#1012628).
- eeprom: at25: Use DMA safe buffers (bsc#1012628).
- arch_topology: Do not set llc_sibling if llc_id is invalid
(bsc#1012628).
- topology: make core_mask include at least cluster_siblings
(bsc#1012628).
- ceph: fix possible NULL pointer dereference for req->r_session
(bsc#1012628).
- bus: mhi: host: pci_generic: Add missing poweroff() PM callback
(bsc#1012628).
- bus: mhi: host: pci_generic: Flush recovery worker during freeze
(bsc#1012628).
- arm64: dts: imx8mm-venice: fix spi2 pin configuration
(bsc#1012628).
- pinctrl: samsung: fix missing GPIOLIB on ARM64 Exynos config
(bsc#1012628).
- f2fs: should not truncate blocks during roll-forward recovery
(bsc#1012628).
- hex2bin: make the function hex_to_bin constant-time
(bsc#1012628).
- hex2bin: fix access beyond string end (bsc#1012628).
- bus: fsl-mc-msi: Fix MSI descriptor mutex lock for
msi_first_desc() (bsc#1012628).
- riscv: patch_text: Fixup last cpu should be master
(bsc#1012628).
- x86/cpu: Load microcode during restore_processor_state()
(bsc#1012628).
- x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests
(bsc#1012628).
- iocost: don't reset the inuse weight of under-weighted debtors
(bsc#1012628).
- virtio_net: fix wrong buf address calculation when using xdp
(bsc#1012628).
- cpufreq: qcom-hw: drop affinity hint before freeing the IRQ
(bsc#1012628).
- cpufreq: qcom-hw: fix the race between LMH worker and cpuhp
(bsc#1012628).
- cpufreq: qcom-hw: fix the opp entries refcounting (bsc#1012628).
- cpufreq: qcom-cpufreq-hw: Fix throttle frequency value on EPSS
platforms (bsc#1012628).
- video: fbdev: udlfb: properly check endpoint type (bsc#1012628).
- arm64: dts: meson: remove CPU opps below 1GHz for G12B boards
(bsc#1012628).
- arm64: dts: meson: remove CPU opps below 1GHz for SM1 boards
(bsc#1012628).
- iio: dac: ad3552r: fix signedness bug in ad3552r_reset()
(bsc#1012628).
- iio:imu:bmi160: disable regulator in error path (bsc#1012628).
- iio:filter:admv8818: select REGMAP_SPI for ADMV8818
(bsc#1012628).
- mtd: rawnand: fix ecc parameters for mt7622 (bsc#1012628).
- tee: optee: add missing mutext_destroy in optee_ffa_probe
(bsc#1012628).
- xsk: Fix l2fwd for copy mode + busy poll combo (bsc#1012628).
- arm64: dts: imx8qm: Correct SCU clock controller's compatible
property (bsc#1012628).
- USB: Fix xhci event ring dequeue pointer ERDP update issue
(bsc#1012628).
- soc: imx: imx8m-blk-ctrl: Fix IMX8MN_DISPBLK_PD_ISI hang
(bsc#1012628).
- ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue
(bsc#1012628).
- iio:dac:ad3552r: Fix an IS_ERR() vs NULL check (bsc#1012628).
- arm64: dts: imx8mq-tqma8mq: change the spi-nor tx (bsc#1012628).
- arm64: dts: imx8mn: Fix SAI nodes (bsc#1012628).
- arm64: dts: meson-sm1-bananapi-m5: fix wrong GPIO pin labeling
for CON1 (bsc#1012628).
- phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe
(bsc#1012628).
- phy: samsung: exynos5250-sata: fix missing device put in probe
error paths (bsc#1012628).
- ARM: OMAP2+: Fix refcount leak in omap_gic_of_init
(bsc#1012628).
- bus: ti-sysc: Make omap3 gpt12 quirk handling SoC specific
(bsc#1012628).
- ARM: dts: dra7: Fix suspend warning for vpe powerdomain
(bsc#1012628).
- phy: ti: omap-usb2: Fix error handling in
omap_usb2_enable_clocks (bsc#1012628).
- ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek
(bsc#1012628).
- ARM: dts: at91: sama5d4_xplained: fix pinctrl phandle name
(bsc#1012628).
- ARM: dts: at91: fix pinctrl phandles (bsc#1012628).
- phy: mapphone-mdm6600: Fix PM error handling in
phy_mdm6600_probe (bsc#1012628).
- phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe
(bsc#1012628).
- interconnect: qcom: sc7180: Drop IP0 interconnects
(bsc#1012628).
- interconnect: qcom: sdx55: Drop IP0 interconnects (bsc#1012628).
- ARM: dts: Fix mmc order for omap3-gta04 (bsc#1012628).
- ARM: dts: am33xx-l4: Add missing touchscreen clock properties
(bsc#1012628).
- ARM: dts: am3517-evm: Fix misc pinmuxing (bsc#1012628).
- ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35
(bsc#1012628).
- pinctrl: qcom: sm6350: fix order of UFS & SDC pins
(bsc#1012628).
- ipvs: correctly print the memory size of ip_vs_conn_tab
(bsc#1012628).
- phy: amlogic: fix error path in phy_g12a_usb3_pcie_probe()
(bsc#1012628).
- pinctrl: mediatek: moore: Fix build error (bsc#1012628).
- mtd: rawnand: Fix return value check of
wait_for_completion_timeout (bsc#1012628).
- mtd: fix 'part' field data corruption in mtd_info (bsc#1012628).
- pinctrl: stm32: Do not call stm32_gpio_get() for edge triggered
IRQs in EOI (bsc#1012628).
- memory: renesas-rpc-if: Fix HF/OSPI data transfer in Manual Mode
(bsc#1012628).
- net: dsa: Add missing of_node_put() in dsa_port_link_register_of
(bsc#1012628).
- netfilter: nft_set_rbtree: overlap detection with element
re-addition after deletion (bsc#1012628).
- bpf, lwt: Fix crash when using bpf_skb_set_tunnel_key() from
bpf_xmit lwt hook (bsc#1012628).
- pinctrl: rockchip: fix RK3308 pinmux bits (bsc#1012628).
- tcp: md5: incorrect tcp_header_len for incoming connections
(bsc#1012628).
- pinctrl: stm32: Keep pinctrl block clock enabled when LEVEL
IRQ requested (bsc#1012628).
- tcp: ensure to use the most recently sent skb when filling
the rate sample (bsc#1012628).
- wireguard: device: check for metadata_dst with skb_valid_dst()
(bsc#1012628).
- sctp: check asoc strreset_chunk in sctp_generate_reconf_event
(bsc#1012628).
- ARM: dts: imx6ull-colibri: fix vqmmc regulator (bsc#1012628).
- arm64: dts: imx8mn-ddr4-evk: Describe the 32.768 kHz PMIC clock
(bsc#1012628).
- pinctrl: pistachio: fix use of irq_of_parse_and_map()
(bsc#1012628).
- cpufreq: fix memory leak in sun50i_cpufreq_nvmem_probe
(bsc#1012628).
- net: hns3: clear inited state and stop client after failed to
register netdev (bsc#1012628).
- net: hns3: fix error log of tx/rx tqps stats (bsc#1012628).
- net: hns3: modify the return code of
hclge_get_ring_chain_from_mbx (bsc#1012628).
- net: hns3: add validity check for message data length
(bsc#1012628).
- net: hns3: add return value for mailbox handling in PF
(bsc#1012628).
- net/smc: sync err code when tcp connection was refused
(bsc#1012628).
- net: lan966x: fix a couple off by one bugs (bsc#1012628).
- ip_gre: Make o_seqno start from 0 in native mode (bsc#1012628).
- ip6_gre: Make o_seqno start from 0 in native mode (bsc#1012628).
- ip_gre, ip6_gre: Fix race condition on o_seqno in collect_md
mode (bsc#1012628).
- tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT
(bsc#1012628).
- tcp: make sure treq->af_specific is initialized (bsc#1012628).
- bus: sunxi-rsb: Fix the return value of
sunxi_rsb_device_create() (bsc#1012628).
- clk: sunxi: sun9i-mmc: check return value after calling
platform_get_resource() (bsc#1012628).
- cpufreq: qcom-cpufreq-hw: Clear dcvs interrupts (bsc#1012628).
- mctp: defer the kfree of object mdev->addrs (bsc#1012628).
- net: bcmgenet: hide status block before TX timestamping
(bsc#1012628).
- net: phy: marvell10g: fix return value on error (bsc#1012628).
- net: dsa: mv88e6xxx: Fix port_hidden_wait to account for
port_base_addr (bsc#1012628).
- drm/sun4i: Remove obsolete references to PHYS_OFFSET
(bsc#1012628).
- ice: wait 5 s for EMP reset after firmware flash (bsc#1012628).
- Bluetooth: hci_event: Fix checking for invalid handle on error
status (bsc#1012628).
- net: dsa: lantiq_gswip: Don't set GSWIP_MII_CFG_RMII_CLK
(bsc#1012628).
- io_uring: check reserved fields for send/sendmsg (bsc#1012628).
- io_uring: check reserved fields for recv/recvmsg (bsc#1012628).
- netfilter: nf_conntrack_tcp: re-init for syn packets only
(bsc#1012628).
- netfilter: conntrack: fix udp offload timeout sysctl
(bsc#1012628).
- platform/x86: asus-wmi: Potential buffer overflow in
asus_wmi_evaluate_method_buf() (bsc#1012628).
- platform/x86: asus-wmi: Fix driver not binding when fan curve
control probe fails (bsc#1012628).
- drm/amdkfd: Fix GWS queue count (bsc#1012628).
- drm/amd/display: Fix memory leak in dcn21_clock_source_create
(bsc#1012628).
- tls: Skip tls_append_frag on zero copy size (bsc#1012628).
- bnx2x: fix napi API usage sequence (bsc#1012628).
- net: fec: add missing of_node_put() in fec_enet_init_stop_mode()
(bsc#1012628).
- gfs2: Minor retry logic cleanup (bsc#1012628).
- gfs2: Make sure not to return short direct writes (bsc#1012628).
- gfs2: No short reads or writes upon glock contention
(bsc#1012628).
- perf arm-spe: Fix addresses of synthesized SPE events
(bsc#1012628).
- ixgbe: ensure IPsec VF<->PF compatibility (bsc#1012628).
- net: enetc: allow tc-etf offload even with NETIF_F_CSUM_MASK
(bsc#1012628).
- Revert "ibmvnic: Add ethtool private flag for driver-defined
queue limits" (bsc#1012628).
- tcp: fix F-RTO may not work correctly when receiving DSACK
(bsc#1012628).
- ASoC: soc-pcm: use GFP_KERNEL when the code is sleepable
(bsc#1012628).
- ASoC: cs35l41: Fix a shift-out-of-bounds warning found by UBSAN
(bsc#1012628).
- ASoC: rt711/5682: check if bus is active before deferred jack
detection (bsc#1012628).
- ASoC: Intel: soc-acpi: correct device endpoints for max98373
(bsc#1012628).
- ASoC: wm8731: Disable the regulator when probing fails
(bsc#1012628).
- Input: cypress-sf - register a callback to disable the
regulators (bsc#1012628).
- ext4: fix bug_on in start_this_handle during umount filesystem
(bsc#1012628).
- arch: xtensa: platforms: Fix deadlock in rs_close()
(bsc#1012628).
- ksmbd: increment reference count of parent fp (bsc#1012628).
- ksmbd: set fixed sector size to FS_SECTOR_SIZE_INFORMATION
(bsc#1012628).
- erofs: fix use-after-free of on-stack io[] (bsc#1012628).
- bonding: do not discard lowest hash bit for non layer3+4 hashing
(bsc#1012628).
- x86: __memcpy_flushcache: fix wrong alignment if size > 2^32
(bsc#1012628).
- cifs: destage any unwritten data to the server before calling
copychunk_write (bsc#1012628).
- drivers: net: hippi: Fix deadlock in rr_close() (bsc#1012628).
- powerpc/perf: Fix 32bit compile (bsc#1012628).
- ALSA: hda: intel-dsp-config: Add RaptorLake PCI IDs
(bsc#1012628).
- selftest/vm: verify mmap addr in mremap_test (bsc#1012628).
- selftest/vm: verify remap destination address in mremap_test
(bsc#1012628).
- bfq: Fix warning in bfqq_request_over_limit() (bsc#1012628).
- Revert "ACPI: processor: idle: fix lockup regression on 32-bit
ThinkPad T40" (bsc#1012628).
- Revert "block: inherit request start time from bio for
BLK_CGROUP" (bsc#1012628).
- zonefs: Fix management of open zones (bsc#1012628).
- zonefs: Clear inode information flags on inode creation
(bsc#1012628).
- kasan: prevent cpu_quarantine corruption when CPU offline and
cache shrink occur at same time (bsc#1012628).
- mtd: rawnand: qcom: fix memory corruption that causes panic
(bsc#1012628).
- netfilter: Update ip6_route_me_harder to consider L3 domain
(bsc#1012628).
- drm/amdgpu: don't runtime suspend if there are displays attached
(v3) (bsc#1012628).
- drm/i915: Check EDID for HDR static metadata when choosing blc
(bsc#1012628).
- drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses
(bsc#1012628).
- net: ethernet: stmmac: fix write to sgmii_adapter_base
(bsc#1012628).
- ACPI: processor: idle: Avoid falling back to C3 type C-states
(bsc#1012628).
- thermal: int340x: Fix attr.show callback prototype
(bsc#1012628).
- btrfs: fix direct I/O read repair for split bios (bsc#1012628).
- btrfs: fix direct I/O writes for split bios on zoned devices
(bsc#1012628).
- btrfs: fix leaked plug after failure syncing log on zoned
filesystems (bsc#1012628).
- btrfs: zoned: use dedicated lock for data relocation
(bsc#1012628).
- btrfs: fix assertion failure during scrub due to block group
reallocation (bsc#1012628).
- ARM: dts: at91: sama7g5ek: enable pull-up on flexcom3 console
lines (bsc#1012628).
- ARM: dts: imx8mm-venice-gw{71xx,72xx,73xx}: fix OTG controller
OC mode (bsc#1012628).
- perf symbol: Pass is_kallsyms to symbols__fixup_end()
(bsc#1012628).
- perf symbol: Update symbols__fixup_end() (bsc#1012628).
- perf symbol: Remove arch__symbols__fixup_end() (bsc#1012628).
- tty: n_gsm: fix missing mux reset on config change at responder
(bsc#1012628).
- tty: n_gsm: fix restart handling via CLD command (bsc#1012628).
- tty: n_gsm: fix decoupled mux resource (bsc#1012628).
- tty: n_gsm: fix mux cleanup after unregister tty device
(bsc#1012628).
- tty: n_gsm: fix wrong signal octet encoding in convergence
layer type 2 (bsc#1012628).
- tty: n_gsm: fix frame reception handling (bsc#1012628).
- tty: n_gsm: fix malformed counter for out of frame data
(bsc#1012628).
- netfilter: nft_socket: only do sk lookups when indev is
available (bsc#1012628).
- tty: n_gsm: fix insufficient txframe size (bsc#1012628).
- tty: n_gsm: fix wrong DLCI release order (bsc#1012628).
- tty: n_gsm: fix missing explicit ldisc flush (bsc#1012628).
- tty: n_gsm: fix wrong command retry handling (bsc#1012628).
- tty: n_gsm: fix wrong command frame length field encoding
(bsc#1012628).
- tty: n_gsm: fix wrong signal octets encoding in MSC
(bsc#1012628).
- tty: n_gsm: fix missing tty wakeup in convergence layer type 2
(bsc#1012628).
- tty: n_gsm: fix reset fifo race condition (bsc#1012628).
- tty: n_gsm: fix incorrect UA handling (bsc#1012628).
- tty: n_gsm: fix missing update of modem controls after DLCI open
(bsc#1012628).
- tty: n_gsm: fix broken virtual tty handling (bsc#1012628).
- tty: n_gsm: fix invalid use of MSC in advanced option
(bsc#1012628).
- tty: n_gsm: fix software flow control handling (bsc#1012628).
- tty: n_gsm: fix sometimes uninitialized warning in
gsm_dlci_modem_output() (bsc#1012628).
- objtool: Fix code relocs vs weak symbols (bsc#1012628).
- objtool: Fix type of reloc::addend (bsc#1012628).
- powerpc/64: Add UADDR64 relocation support (bsc#1012628).
- Update config files.
- commit 35de487
- net: atlantic: always deep reset on pm op, fixing up my null
deref regression (resume crash).
- commit e2300f2
++++ libcap-ng:
- Update to 0.8.3:
* Add vararg support to python bindings for capng_updatev
* Add support for ambient capabilities
* Add support for V3 filesystem capabilities
* If procfs is not available, leave last_cap as CAP_LAST_CAP
* If bounding and ambient not found in status, try prctl method
* In capng_apply, move ambient caps to the end of the transaction
* In capng_apply, return errors more aggressively.
* In capng_apply, if the action includes the bounding set,resync with the kernel
* Fix signed/unsigned warning in cap-ng.c
* In capng_apply, return a unique error code to diagnose any failure
* In capng_have_capability, return 0 for failure
* Add the libdrop_ambient admin tool
* In capng_apply, if we blew up in bounding set, allow setting capabilities
* If PR_CAP_AMBIENT is not available, do not build libdrop_ambient
* Improve last_cap check
* Fix parameters to capng_updatev python bindings to be signed
* Detect capability options at runtime to make containerization easier (ntkme)
* Initialize the library when linked statically
* Add gcc function attributes for deallocation
++++ multipath-tools:
- Update to version 0.8.9+85+suse.a9da21c:
* This is a pre-release of multipath-tools 0.9.0
* multipath.conf: add "protocol" subsection in "overrides" section
This allows to set "dev_loss_tmo", "fast_io_fail_tmo", and
"eh_deadline" on a per-protocol basis rather than per storage
* multipath.conf: drop support for deprecated options:
getuid_callout, pg_timeout, config_dir, multipath_dir
* multipathd: don't switch to DAEMON_IDLE during startup
(bsc#1199346, bsc#1197570)
* multipathd: avoid delays during uevent processing (bsc#1199347)
* Fixes for minor issues reported by coverity
* Fix for memory leak with uid_attrs
* Fix possibility to redefine -D_FORTIFY_SOURCE macro.
* Updates for built in hardware db
++++ ncurses:
- Add ncurses patch 20220507
+ add test/test_mouse.c (patch by Leonid S Usov).
+ add a few debug-traces for tic, fix a couple of memory-leaks.
++++ open-iscsi:
- Update to latest upstream, including:
* Added 'distclean' to Makefile targets
* Ensure Makefile '.PHONY' targets set up correctly
* fix an iscsid logout bug generating a false error
and cleanup logout error messages
++++ libselinux:
- Update to version 3.4:
* Use PCRE2 by default
* Make selinux_log() and is_context_customizable() thread-safe
* Prevent leakeing file descriptors
* Correctly hash specfiles larger than 4G
- Refreshed skip_cycles.patch
++++ libsemanage:
- Update to version 3.4
* Optionally rebuild policy when modules are changed externally
* Fix USE_AFTER_FREE (CWE-672) in semanage_direct_get_module_info()
* Allow spaces in user/group names
++++ libsepol:
- Update to version 3.4
* Add 'ioctl_skip_cloexec' policy capability
* Add sepol_av_perm_to_string
* Add policy utilities
* Support IPv4/IPv6 address embedding
* Hardened/added many validations
* Add support for file types in writing out policy.conf
* Allow optional file type in genfscon rules
++++ tiff:
- security update:
* CVE-2022-0907 [bsc#1197070]
+ tiff-CVE-2022-0907.patch
- security update
* CVE-2022-0561 [bsc#1195964]
+ tiff-CVE-2022-0561.patch
* CVE-2022-0562 [bsc#1195965]
+ tiff-CVE-2022-0562.patch
* CVE-2022-0865 [bsc#1197066]
+ tiff-CVE-2022-0865.patch
* CVE-2022-0909 [bsc#1197072]
+ tiff-CVE-2022-0909.patch
* CVE-2022-0924 [bsc#1197073]
+ tiff-CVE-2022-0924.patch
* CVE-2022-0908 [bsc#1197074]
+ tiff-CVE-2022-0908.patch
++++ libvirt:
- Update to libvirt 8.3.0
- Many incremental improvements and bug fixes, see
https://libvirt.org/news.html#v8-3-0-2022-05-02
++++ policycoreutils:
- Update to version 3.4
* fixfiles: Use parallel relabeling
- Refreshed patches
* get_os_version.patch
* run_init.pamd.patch
++++ libselinux-bindings:
- Update to version 3.4:
* Use PCRE2 by default
* Make selinux_log() and is_context_customizable() thread-safe
* Prevent leakeing file descriptors
* Correctly hash specfiles larger than 4G
- Refreshed skip_cycles.patch
++++ python-libvirt-python:
- Update to 8.3.0
- Add all new APIs and constants in libvirt 8.3.0
++++ python-semanage:
- Update to version 3.4
* Optionally rebuild policy when modules are changed externally
* Fix USE_AFTER_FREE (CWE-672) in semanage_direct_get_module_info()
* Allow spaces in user/group names
------------------------------------------------------------------
------------------ 2022-5-8 - May 8 2022 -------------------
------------------------------------------------------------------
++++ apparmor:
- Add python310-help-mr848.patch so that Tumbleweed can switch
python3 to Python 3.10
(https://gitlab.com/apparmor/apparmor/-/merge_requests/848)
++++ kernel-default:
- Update to 5.18-rc6
- commit ed50f8f
++++ libapparmor:
- Add python310-help-mr848.patch so that Tumbleweed can switch
python3 to Python 3.10
(https://gitlab.com/apparmor/apparmor/-/merge_requests/848)
++++ sqlite3:
- update to 3.38.5:
* Fix a blunder in the CLI of the 3.38.4 release
- includes changes from 3.38.4:
* fix a byte-code problem in the Bloom filter pull-down
optimization added by release 3.38.0 in which an error in the
byte code causes the byte code engine to enter an infinite loop
when the pull-down optimization encounters a NULL key
------------------------------------------------------------------
------------------ 2022-5-7 - May 7 2022 -------------------
------------------------------------------------------------------
++++ nfs-utils:
- switch to https urls
++++ lsof:
- update to 4.95.0:
* Update perl scripts for the past few decades of progress
* Drop LSOF_CCDATE across all dialects to ensure reproducible builds
* Fix FD field description.
* Adjust alignment of buffer passed to stat().
* Clean up source code and documents.
- remove trailing whitespace,
- fix some issues in scripts found through shellcheck, and
- fix spelling
* man page: fix hyphen issues
* Fix broken LSOF_CFLAGS_OVERRIDE.
* [linux] Remove sysvlegacy function.
* [linux] use close_range instead of calling close repeatedly
* Add -Q option for adjusting exit status when failed to find a
search item (#129)
- drop lsof-no-build-date-etc.patch (obsolete)
++++ pigz:
- update to 2.7:
* Improved display of multiple-member gzip files
* Better gzip compatibility and bug fixes
- add pigz-2.7-NOTHREAD-tests.patch to fix tests
------------------------------------------------------------------
------------------ 2022-5-6 - May 6 2022 -------------------
------------------------------------------------------------------
++++ kernel-default:
- rpm/kernel-obs-build.spec.in: Also depend on dracut-systemd (bsc#1195775)
- commit 5d4e32c
++++ gcc12:
- Update to GCC 12.1 release, 1ea978e3066ac565a1ec28a96a4d61, git27
++++ open-iscsi:
- Updated to latest upstream version, tagged 2.1.7. Changes
included:
* updated/fixed test script
* updated build system
* several bug fixes, including one for bsc#1199264
++++ systemd:
- Import commit 0d950479e58dd3af007eb3780d600a5446aac519 (merge of v250.5)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/736db5a59f1ab1317ef64ec6e7dc394250178146...0d950479e58dd3af007eb3780d600a5446aac519
++++ tiff:
- security update
* CVE-2022-1056 [bsc#1197631]
* CVE-2022-0891 [bsc#1197068]
+ tiff-CVE-2022-1056,CVE-2022-0891.patch
++++ libunwind:
- Enable build on riscv64 and run testsuite
++++ vim:
- Updated to version 8.2.4877, fixes the following problems
- CVE-2022-1420 - boo#1198748
- CVE-2022-1381 - boo#1198596
* Using wrong flag for using bell in the terminal.
* Supercollider filetype not recognized.
* No filetype override for .sys files.
* Cannot use an imported function in a mapping.
* <script> is not expanded in autocmd context.
* Small pieces of dead code.
* Mapping <SID>name.Func does not work for script in autoload directory.
* Wrong 'statusline' value can cause illegal memory access.
* Error from setting an option is silently ignored.
* Still using cached values after unsetting some known environment variables.
* Cannot use <SID>FuncRef in completion spec.
* Build error without the +eval feature.
* List of libraries to suppress lsan errors is outdated.
* When using an LSP channel want to get the message ID.
* CurSearch highlight does not work for multi-line match.
* Using matchfuzzy() on a long list can take a while.
* Documentation for using LSP messages is incomplete.
* Using freed memory when using synstack() and synID() in WinEnter.
* Using invalid pointer with "V:" in Ex mode.
* CI uses an older gcc version.
* Function matchfuzzy() sorts too many items.
* KRL files using "deffct" not recognized.
* Openscad files are not recognized.
* CI: codecov upload sometimes does not work.
* Build warning with UCRT.
* Cannot easily mix expression and heredoc.
* Coverity warns for not checking return value.
* Old Coverity warning for not checking ftell() return value.
* Build failure without the +eval feature.
* Crash when using a number for lambda name.
* SpellBad highlighting does not work in Konsole.
* GTK: 'lines' and 'columns' may change during startup.
* Screendump tests fail because of a redraw.
* Pacman files use dosini filetype.
* lsan suppression is too version specific.
* Parsing an LSP message fails when it is split.
* Maxima files are not recognized.
* Accessing freed memory.
* Coverity warns for leaking memory.
* Lamba test with timer is flaky.
* Visual mode not stopped early enough if win_gotoid() goes to another
buffer. (Sergey Vlasov)
* Test for win_gotoid() in Visual mode fails on Mac.
* prop_find() does not find the right property.
* Large payload for LSP message not tested.
* The cursor may be in the in wrong place when using :redraw while editing
the cmdline.
* Lilypond filetype not recognized.
* Indent operator creates an undo entry for every line.
* Recognizing Maxima filetype even though it might be another.
* Compiler warning for not initialized variable.
* 'cursorbind' scrolling depends on whether 'cursorline' is set.
* File left behind after running cursorline tests.
* getwininfo() may get oudated values.
* t_8u option was reset even when set by the user.
* Popup does not use correct topline.
* Missing test update for adjusted t_8u behavior.
* Fix for cursorbind fix not fully tested.
* WinScrolled not always triggered when scrolling with the mouse.
* Expression in heredoc doesn't work for compiled function.
* CurSearch used for all matches in current line.
* A mapping using <LeftDrag> does not start Select mode.
* Processing key eveints in Win32 GUI is not ideal.
* Unused item in engine struct.
* Various things not properly tested.
* Missing changes in one file.
* Unused struct item.
* Pasting text while indent folding may mess up folds.
* Possible to leave a popup window with win_gotoid().
* Cannot build with older GTK version.
* Still using older codecov app in some places of CI.
* No test for what 8.2.4806 fixes.
* Unmapping simplified keys also deletes other mapping.
* Not simple programmatic way to find a specific mapping.
* Crash when imported autoload script was deleted.
* Setting ufunc to NULL twice.
* Concatenating more than 2 strings in a :def function is inefficient.
* Expression is evaluated multiple times.
* Can only get a list of mappings.
* .cshtml files are not recognized.
* Typo in variable name. (Gabriel Dupras)
* Fix for unmapping simplified key not fully tested.
* A key may be simplified to NUL.
* Possible endless loop if there is unused typahead.
* Crash when using maparg() and unmapping simplified keys.
* Passing zero instead of NULL to a pointer argument.
* Failure of mapping not checked for.
* Vim9: some lines not covered by tests.
* Modifiers not simplified when timed out or using feedkeys() with 'n" flag.
* Checking for absolute path is not trivial.
* Compiler warning for unused argument.
* Heredoc expression evaluated even when skipping.
* Empty string considered an error for expand() when 'verbose' is
set. (Christian Brabandt)
* expand("%:p") is not empty when there is no buffer name.
Bender)
* <C-S-I> is simplified to <S-Tab>.
* Duplicate code.
* Termcodes test fails.
* Crash when using uninitialized function pointer.
* Local completion with mappings and simplification not working.
* Gleam filetype not detected.
* Mksession mixes up "tabpages" and "curdir" arguments.
* Compiler warning for uninitialized variable.
* ANSI color index to RGB value not correct.
* CI with FreeBSD is a bit outdated.
* Array size does not match usage.
* Robot files are not recognized.
* MinGW compiler complains about unknown escape sequence.
* Yaml indent for multiline is wrong.
* K_SPECIAL may be escaped twice.
* wget2 files are not recognized.
* It is not easy to restore saved mappings.
* Vim9: test may fail when run with valgrind.
* Accessing freed memory in test without the +channel feature. (Dominique
Pellé)
* Vim9: script test fails.
* :startinsert right after :stopinsert does not work when popup menu is
still visible.
* Duplicate code in "get" functions.
* Listing of mapping with K_SPECIAL is wrong.
* When closing help window autocmds triggered for the wrong window.
* Expression in command block does not look after NL.
* Vim9: expression in :substitute is not compiled.
* Vim9: in :def function no error for using a range with a command that
does not accept one.
* Vim9: no error for using an expression only at the script level when
followed by an empty line.
* Vim9: using "else" differs from using "endif/if !cond".
* Win32 GUI: horizontal scroll wheel not handled properly.
------------------------------------------------------------------
------------------ 2022-5-5 - May 5 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- Update to 22.0.3
* bugfix release with fixes for most of the major drivers
++++ Mesa-drivers:
- Update to 22.0.3
* bugfix release with fixes for most of the major drivers
++++ conmon:
- Update to version 2.1.0
* logging: buffer partial messages to journald
* exit: close all fds >= 3
* fix: cgroup: Free memory_cgroup_file_path if open fails.
Call g_free instead of free.
- Update to version 2.0.32
* Fix: Avoid mainfd_std{in,out} sharing the same file descriptor.
* exit_command: Fix: unset subreaper attribute before running exit command
- Update to version 2.0.31
* logging: new mode -l passthrough
* ctr_logs: use container name or ID as SYSLOG_IDENTIFIER for journald
* conmon: Fix: free userdata files before exec cleanup
++++ kernel-default:
- Revert "build initrd without systemd" (bsc#1195775)"
This reverts commit 3a2140fa2acded48224e1438ac9b4775340c94c2. Again,
this breaks many packages as:
* iproute2 is missing, and
* kernel-obs-qa fails with:
Timed out waiting for device /dev/disk/by-id/virtio-0.
- commit e57ab05
++++ fuse3:
- Update to version 3.11.0:
* Add support for flag FOPEN_NOFLUSH for avoiding flush on close.
* Fixed returning an error condition to ioctl(2)
++++ pcre2:
- do not enable jit-sealloc [bsc#1182864] [bsc#1199208]
- enable jit for s390x [bsc#1199196]
++++ protobuf:
- Add temporary patch gcc12-disable-__constinit-with-c++-11.patch
that addresses gh#protocolbuffers/protobuf#9916.
- Remove change_desc_db.patch, because underlying bug in
gh#googleapis/python-api-core#372 has been fixed.
++++ python310-core:
- Switch primary_interpreter from python38 to python310 for
Factory (only)
++++ openssl:
- Use same %description as openssl-3 (describe the software,
not the project).
++++ python310:
- Switch primary_interpreter from python38 to python310 for
Factory (only)
------------------------------------------------------------------
------------------ 2022-5-4 - May 4 2022 -------------------
------------------------------------------------------------------
++++ kdump:
- kdumptool calibrate: add more margin to reservation calculations
(bsc#1196728)
++++ kernel-default:
- io_uring: fix uninitialized field in rw io_kiocb (bsc#1199087
CVE-2022-29968).
- commit 8ca9274
++++ libpng16:
- switch source url to https
++++ tiff:
- switch source url to https
++++ libxcb:
- buildrequire xcb-proto >= 1.15
- Update to version 1.15
* xcb_auth: Quiet -Wimplicit-fallthrough warning in get_authptr()
* Fix integer overflows in xcb_in.c
* Use the 'present' field to properly check that the XC-MISC
* Fix a memory leak
* Increment libtool version info for libxcb-dri3
* Add newline when printing auth/connection failure string to stderr
* Fix build on Windows
* Fix writev emulation on Windows
* c_client.py: Extract get_expr_field_names()
* c_client.py: Use get_expr_field_names directly to resolve list fields
* c_client: Extract _c_get_field_mapping_for_expr()
* c_client.py: Implement handling of <length> element
* tests: don't use deprecated fail_unless check API
* gitignore: add files generated by make check
* Avoid request counter truncation in replies map after 2**32 requests
* Fix hang in xcb_request_check()
* Improve/fix docs for reply fds functions
++++ perl:
- Update to 5.34.1 - maintenance release
B::Deparse has been upgraded from version 1.56 to 1.57.
Encode has been upgraded from version 3.08 to 3.08_01.
GDBM_File has been upgraded from version 1.19 to 1.19_01.
Module::CoreList has been upgraded from version 5.20210520 to 5.20220313.
perl5db.pl has been upgraded from version 1.60 to 1.60_01.
- Drop c029d660f2fe60699cf64bbb3fa9f671a1a370d5.patch (upstream)
------------------------------------------------------------------
------------------ 2022-5-3 - May 3 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- _constraints:
* raised requirements to 9 GB disk space and added aarch64
architecture (bsc#1199040)
++++ Mesa-drivers:
- _constraints:
* raised requirements to 9 GB disk space and added aarch64
architecture (bsc#1199040)
++++ transactional-update:
- Version 4.0.0~rc3
- Add Snapshot interface
- Reworked signal handling: All public signals are sent from the
main thread now, keeping the same sender for everything
- Implement D-Bus call "Execute" for Transactions
- Implement interface for listing Snapshots
- Implement Reboot interface
- Fix bug when using --continue on old snapshots
- Fix hypothetical integer overflow in snapshot list [bsc#1196826]
- Fix wrong sort order in status command
[gh#openSUSE/transactional-update#80]
++++ kernel-default:
- Revert "Revert "build initrd without systemd" (bsc#1195775)"
This reverts commit e962fefb4c9cd553921cf49c24f9d0e1d16f90b3.
d9a821b1f81a from packaging should fix this. So let's try.
- commit 3a2140f
- Revert "Revert "Revert "build initrd without systemd" (bsc#1195775)""
This reverts commit ac62a28013491cd72dd4a81604454658314e4ba5. It's still
not ready:
- some packages need iproute2
- osc shell is still defunct
- commit e962fef
++++ snapper:
- fixed error handling when reading configs
(gh#openSUSE/snapper#715)
- version 0.10.2
++++ selinux-policy:
- Modified fix_init.patch to allow init to setup contrained environment
for accountsservice. This needs a better, more general solution
(bsc#1197610)
------------------------------------------------------------------
------------------ 2022-5-2 - May 2 2022 -------------------
------------------------------------------------------------------
++++ bzip2:
- Port rpmlintrc format to rpmlint 2.x.
++++ ca-certificates-mozilla:
- Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079)
Added:
- Autoridad de Certificacion Firmaprofesional CIF A62634068
- D-TRUST BR Root CA 1 2020
- D-TRUST EV Root CA 1 2020
- GlobalSign ECC Root CA R4
- GTS Root R1
- GTS Root R2
- GTS Root R3
- GTS Root R4
- HiPKI Root CA - G1
- ISRG Root X2
- Telia Root CA v2
- vTrus ECC Root CA
- vTrus Root CA
Removed:
- Cybertrust Global Root
- DST Root CA X3
- DigiNotar PKIoverheid CA Organisatie - G2
- GlobalSign ECC Root CA R4
- GlobalSign Root CA R2
- GTS Root R1
- GTS Root R2
- GTS Root R3
- GTS Root R4
++++ kernel-default:
- Update config files.
No pmem support on s390 - no such device.
- commit 9704fc2
- config.conf: reenable armv7hl configs
- Update config files for armv7hl lpae/default
- Inherit settings from x86_64
- Use =m where available
- stick with CONFIG_UNWINDER_FRAME_POINTER=y
- commit 2821d72
++++ freetype2:
- drop revert-ft212-subpixel-hinting-change.patch: upstream
- Update to 2.12.1:
- Loading CFF fonts sometimes made FreeType crash (bug introduced in
version 2.12.0)
- Loading a fully hinted TrueType glyph a second time (without
caching) sometimes yielded different rendering results if TrueType
hinting was active (bug introduced in version 2.12.0).
- The generation of the pkg-config file `freetype2.pc` was broken if
the build was done with cmake (bug introduced in version 2.12.0).
- The meson build no longer enforces both static and dynamic
versions of the library by default.
- The internal zlib library was updated to version 1.2.12. Note,
however, that FreeType is *not* affected by CVE-2018-25032 since
it only does decompression.
- Drop freetype-2.12.0-cff_slot_load-segfault.patch
- Drop 079a22da037835daf5be2bd9eccf7bc1eaa2e783.patch
++++ ncurses:
- Add ncurses patch 20220501
+ build-fix for debug-traces (report/patch by Chris Clayton).
- Add ncurses patch 20220430
+ modify samples for xterm mouse 1002/1003 modes to use 1006 mode, and
also provide for focus in/out responses -TD
+ modify default case in handle_wheel() to always report button-release
events, e.g., for xterm mouse mode 1003 (patch by Leonid S Usov).
+ improve valid_entryname() to disallow characters used in terminfo
syntax: '#', '=', '|', '\'.
+ alter copy_termtype() to allocate new str_table and ext_str_table
data rather than relying upon its callers.
+ use calloc in _nc_init_entry() when allocating stringbuf, to ensure
it is initialized.
+ add library-level TYPE_CALLOC for consistency with TYPE_MALLOC.
+ add some debug-traces for tic/infocmp.
- Correct offsets of patches
* ncurses-5.9-ibm327x.dif
* ncurses-6.3.dif
++++ libxml2:
- Update to 2.9.14:
* Security:
+ [CVE-2022-29824] Integer overflow in xmlBuf and xmlBuffer
+ Fix potential double-free in xmlXPtrStringRangeFunction
+ Fix memory leak in xmlFindCharEncodingHandler
+ Normalize XPath strings in-place
+ Prevent integer-overflow in htmlSkipBlankChars() and
xmlSkipBlankChars()
+ Fix leak of xmlElementContent
* Bug fixes:
+ Fix parsing of subtracted regex character classes
+ Fix recursion check in xinclude.c
+ Reset last error in xmlCleanupGlobals
+ Fix certain combinations of regex range quantifiers
+ Fix range quantifier on subregex
* Improvements:
+ Fix recovery from invalid HTML start tags
* Build system, portability:
+ Define LFS macros before including system headers
+ Initialize XPath floating-point globals
+ configure: check for icu DEFS
+ configure.ac: produce tar.xz only (GNOME policy)
+ CMakeLists.txt: Fix LIBXML_VERSION_NUMBER
+ Fix build with older Python versions
+ Fix --without-valid build
++++ libxml2-python:
- Update to 2.9.14:
* Security:
+ [CVE-2022-29824] Integer overflow in xmlBuf and xmlBuffer
+ Fix potential double-free in xmlXPtrStringRangeFunction
+ Fix memory leak in xmlFindCharEncodingHandler
+ Normalize XPath strings in-place
+ Prevent integer-overflow in htmlSkipBlankChars() and
xmlSkipBlankChars()
+ Fix leak of xmlElementContent
* Bug fixes:
+ Fix parsing of subtracted regex character classes
+ Fix recursion check in xinclude.c
+ Reset last error in xmlCleanupGlobals
+ Fix certain combinations of regex range quantifiers
+ Fix range quantifier on subregex
* Improvements:
+ Fix recovery from invalid HTML start tags
* Build system, portability:
+ Define LFS macros before including system headers
+ Initialize XPath floating-point globals
+ configure: check for icu DEFS
+ configure.ac: produce tar.xz only (GNOME policy)
+ CMakeLists.txt: Fix LIBXML_VERSION_NUMBER
+ Fix build with older Python versions
+ Fix --without-valid build
++++ ovmf:
- Respin amd-sev and amd-sev-es features
After more testing, we found that not all descriptors can support
both amd-sev with amd-sev-es. So we removed all amd-sev and amd-sev-es
feature tags but only keep them in ovmf-x86_64-2m.json and
60-ovmf-x86_64.json. (bsc#1198246#c75)
++++ selinux-policy:
- Add systemd_domain_dyntrans_type.patch to allow systemd to dyntransition.
This happens in certain boot conditions (bsc#1182500)
- Changed fix_unconfineduser.patch to not transition into ldconfig_t
from unconfined_t (bsc#1197169)
------------------------------------------------------------------
------------------ 2022-5-1 - May 1 2022 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Update to 5.18-rc5
- new config options:
- BLK_DEV_FD_RAWCMD=n
- commit da18d3b
------------------------------------------------------------------
------------------ 2022-4-30 - Apr 30 2022 -------------------
------------------------------------------------------------------
++++ llvm15:
- Update to version 14.0.3.
* This release contains bug-fixes for the LLVM 14.0.0 release.
This release is API and ABI compatible with 14.0.0.
- Rebase llvm-do-not-install-static-libraries.patch.
- Use ThinLTO with lld on i586.
++++ fmt:
- Replace obsolete macro %make_jobs by %cmake_build
++++ libseccomp:
- Deactive python3 by default, it's just not a good idea for ring0.
------------------------------------------------------------------
------------------ 2022-4-29 - Apr 29 2022 -------------------
------------------------------------------------------------------
++++ apparmor:
- add php8-fpm-mr876.patch so that php8 php-fpm can read its config
(boo#1186267#c11)
- parser: add conflict with apparmor-utils < 3.0 to avoid aa-status
file conflict on upgrade (boo#1198958)
- utils: add missing dependency on apparmor-parser (boo#1198958#c4)
++++ cockpit-tukit:
- Initial package with version 0.0.3~git0.d4aa7e9:
* Switch to ExecuteAndReboot
* Add no-reboot actions to snapshot menus
* Add some "write" actions
* Disable actions during updates checking
* Add updates error to status
* Add _service file comment
* Add OBS service definition
* Fix license and files in spec
* Switch cockpit-devel lib to last stable
* Add missing global variables
++++ docker:
- Add patch to update golang.org/x/crypto for CVE-2021-43565 and CVE-2022-27191.
bsc#1193930 bsc#1197284
* 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
++++ glibc:
- switched to https urls
++++ kernel-default:
- Update
patches.kernel.org/5.17.2-0822-net-x25-Fix-null-ptr-deref-caused-by-x25_disc.patch
references (add CVE-2022-1516 bsc#1199012).
- commit af2638d
- Update config files (bsc#1199024).
arm, i386 LIBNVDIMM y->m
i386 X86_PMEM_LEGACY y->m
- commit ff4fa9f
++++ libX11:
- Update to version 1.8
* The highlight of this release is that we now try to initialize
thread safety ourselves, rather than hope the application does it.
This should resolve a number of long-standing bugs with the libxcb
integration, since the socket handoff mechanism essentially has to
be thread-safe.
++++ libapparmor:
- add php8-fpm-mr876.patch so that php8 php-fpm can read its config
(boo#1186267#c11)
- parser: add conflict with apparmor-utils < 3.0 to avoid aa-status
file conflict on upgrade (boo#1198958)
- utils: add missing dependency on apparmor-parser (boo#1198958#c4)
++++ gcc12:
- Bump to 621650f64fb6679c457c33abf27c925f28bddc62, git9
* GCC 12.1 release candidate
++++ systemd:
- Call pam_loginuid when creating user@.service (bsc#1198507)
It's a backport of upstream commit 1000522a60ceade446773c67031b47a566d4a70d.
++++ liburing:
- avoid requiring kernel-default (bsc#1193522)
++++ swtpm:
- Updated to version 0.7.3:
- swtpm:
- Use uint64_t in tlv_data_append() to avoid integer overflows
- Use uint64_t to avoid integer wrap-around when adding a uint32_t
- removed allow-FORTIFY_SOURCE=3.patch (upstreamed)
------------------------------------------------------------------
------------------ 2022-4-28 - Apr 28 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- Switching out 'directx-headers' for 'DirectX-Headers'.
++++ Mesa-drivers:
- Switching out 'directx-headers' for 'DirectX-Headers'.
++++ bash:
- use https:// for source urls
- Update to bash 5.2 beta
a. The bash malloc returns memory that is aligned on 16-byte boundaries.
b. There is a new internal timer framework used for read builtin timeouts.
c. Rewrote the command substitution parsing code to call the parser recursively
and rebuild the command string from the parsed command. This allows better
syntax checking and catches errors much earlier.
d. The `ulimit' builtin now treats an operand remaining after all of the options
and arguments are parsed as an argument to the last command specified by
an option. This is for POSIX compatibility.
e. Here-document parsing now handles $'...' and $"..." quoting when reading the
here-document body.
f. The `shell-expand-line' and `history-and-alias-expand-line' bindable readline
commands now understand $'...' and $"..." quoting.
g. There is a new `spell-correct-word' bindable readline command to perform
spelling correction on the current word.
h. The `unset' builtin now attempts to treat arguments as array subscripts
without parsing or expanding the subscript, even when `assoc_expand_once'
is not set.
i. There is a default value for $BASH_LOADABLES_PATH in config-top.h.
j. Associative array assignment and certain instances of referencing (e.g.,
`test -v' now allow `@' and `*' to be used as keys.
k. Bash attempts to expand indexed array subscripts only once when executing
shell constructs and word expansions.
l. The `unset' builtin allows a subscript of `@' or `*' to unset a key with
that value for associative arrays instead of unsetting the entire array
(which you can still do with `unset arrayname'). For indexed arrays, it
removes all elements of the array without unsetting it (like `A=()').
m. Additional builtins (printf/test/read/wait) do a better job of not
parsing array subscripts if array_expand_once is set.
n. New READLINE_ARGUMENT variable set to numeric argument for readline commands
defined using `bind -x'.
o. The new `varredir_close' shell option causes bash to automatically close
file descriptors opened with {var}<fn and other styles of varassign
redirection unless they're arguments to the `exec' builtin.
p. The `$0' special parameter is now set to the name of the script when running
any (non-interactive) startup files such as $BASH_ENV.
q. The `enable' builtin tries to load a loadable builtin using the default
search path if `enable name' (without any options) attempts to enable a
non-existent builtin.
r. The `printf' builtin has a new format specifier: %Q. This acts like %q but
applies any specified precision to the original unquoted argument, then
quotes and outputs the result.
s. The new `noexpand_translations' option controls whether or not the translated
output of $"..." is single-quoted.
t. There is a new parameter transformation operator: @k. This is like @K, but
expands the result to separate words after word splitting.
u. There is an alternate array implementation, selectable at `configure' time,
that optimizes access speed over memory use (use the new configure
- -enable-alt-array-implementation option).
v. If an [N]<&WORD- or [N]>&WORD- redirection has WORD expand to the empty
string, treat the redirection as [N]<&- or [N]>&- and close file descriptor
N (default 0).
w. Invalid parameter transformation operators are now invalid word expansions,
and so cause fatal errors in non-interactive shells.
x. New shell option: patsub_replacement. When enabled, a `&' in the replacement
string of the pattern substitution expansion is replaced by the portion of
the string that matched the pattern. Backslash will escape the `&' and
insert a literal `&'.
y. `command -p' no longer looks in the hash table for the specified command.
z. The new `--enable-translatable-strings' option to `configure' allows $"..."
support to be compiled in or out.
aa. The new `globskipdots' shell option forces pathname expansion never to
return `.' or `..' unless explicitly matched.
bb. Array references using `@' and `*' that are the value of nameref variables
(declare -n ref='v[@]' ; echo $ref) no longer cause the shell to exit if
set -u is enabled and the array (v) is unset.
cc. There is a new bindable readline command name:
`vi-edit-and-execute-command'.
- Remove upstream patchset tarball for 8.1 and create new and empty for 8.2
- Port patches
* bash-2.03-manual.patch
* bash-3.0-evalexp.patch
* bash-3.0-warn-locale.patch
* bash-3.2-printf.patch
* bash-4.0-setlocale.dif
* bash-4.1-completion.dif
* bash-4.2-nscdunmap.dif
* bash-4.3-2.4.4.patch
* bash-4.3-loadables.dif
- Port patch bash-5.1.dif and rename it to bash-5.2.dif
++++ btrfsprogs:
- update to 5.17:
* check:
* repair wrong num_devices in superblock
* recognize overly long xattr names
* fix wrong total bytes check for seed device
* auto-repair on read on RAID56
* property set: unify handling of empty value to mean default, changed meaning
for property 'compression' to allow reset to default and to set NOCOMPRESS,
since kernel 5.14
* fixes:
* dump-tree: print fs-verity items
* fix location of system chunk on zoned filesystem
* do not allow setting seeding flag on a filesystem with dirty log
* mkfs and subpage support: use sectorsize as nodesize fallback for mixed
profiles
* preparatory work for extent tree v2, global roots
* experimental feature (unstable interface, not built by default,
do not use for production):
* btrfstune: option --csum to switch checksum algorithm
* other:
* cleanups, refactoring
* update documentation build, remove asciidocs leftovers
* update fssum to consider xattrs
* add fsstress
++++ fontconfig:
- Seems we now need python3 for building
++++ libaio:
- update to 0.3.113:
* cases/16.t: loongarch only supports eventfd2
* Add loongarch to supported architectures in libaio.spec
* Add endian detection and bit width detection for loongarch
* Use generic syscall number schema for loongarch
* Fix struct io_iocb_vector padding for 32bit architectures
* struct io_iocb_sockaddr padding for 32bit architectures
* Verify structure padding is correct at build time
* harness: add test for aio poll missed events
++++ mozilla-nss:
- update to NSS 3.77
* Bug 1762244 - resolve mpitests build failure on Windows.
* bmo#1761779 - Fix link to TLS page on wireshark wiki
* bmo#1754890 - Add two D-TRUST 2020 root certificates.
* bmo#1751298 - Add Telia Root CA v2 root certificate.
* bmo#1751305 - Remove expired explicitly distrusted certificates
from certdata.txt.
* bmo#1005084 - support specific RSA-PSS parameters in mozilla::pkix
* bmo#1753535 - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate.
* bmo#1756271 - Remove token member from NSSSlot struct.
* bmo#1602379 - Provide secure variants of mpp_pprime and mpp_make_prime.
* bmo#1757279 - Support UTF-8 library path in the module spec string.
* bmo#1396616 - Update nssUTF8_Length to RFC 3629 and fix buffer overrun.
* bmo#1760827 - Add a CI Target for gcc-11.
* bmo#1760828 - Change to makefiles for gcc-4.8.
* bmo#1741688 - Update googletest to 1.11.0
* bmo#1759525 - Add SetTls13GreaseEchSize to experimental API.
* bmo#1755264 - TLS 1.3 Illegal legacy_version handling/alerts.
* bmo#1755904 - Fix calculation of ECH HRR Transcript.
* bmo#1758741 - Allow ld path to be set as environment variable.
* bmo#1760653 - Ensure we don't read uninitialized memory in ssl gtests.
* bmo#1758478 - Fix DataBuffer Move Assignment.
* bmo#1552254 - internal_error alert on Certificate Request with
sha1+ecdsa in TLS 1.3
* bmo#1755092 - rework signature verification in mozilla::pkix
++++ fribidi:
- update to 1.0.12:
* Various fuzzing fixes.
++++ gcc12:
- Bump to f27848a5dc4d3b16cd4112bddcb59e0916eba623, git192706.
- Switch ppc64le to the IEEE long double ABI by default in Factory.
- Separate ppc64le from ppc/ppc64 specific configury.
- Add _multibuild to gather all .spec files and reduce the number
of .changes files to one, autogenerated by change_spec.
- Drop %ringdisabled handling.
- Ada bootstrap now requires at least GCC 5, use GCC 7 on SLES 12
instead of GCC 4.8.
++++ readline:
- Update to readline-8.2-beta
a. There is now an HS_HISTORY_VERSION containing the version number of the
history library for applications to use.
b. History expansion better understands multiple history expansions that may
contain strings that would ordinarily inhibit history expansion (e.g.,
`abc!$!$').
c. There is a new framework for readline timeouts, including new public
functions to set timeouts and query how much time is remaining before a
timeout hits, and a hook function that can trigger when readline times
out. There is a new state value to indicate a timeout.
d. Automatically bind termcap key sequences for page-up and page-down to
history-search-backward and history-search-forward, respectively.
e. There is a new `fetch-history' bindable command that retrieves the history
entry corresponding to its numeric argument. Negative arguments count back
from the end of the history.
f. `vi-undo' is now a bindable command.
g. There is a new option: `enable-active-region'. This separates control of
the active region and bracketed-paste. It has the same default value as
bracketed-paste, and enabling bracketed paste enables the active region.
Users can now turn off the active region while leaving bracketed paste
enabled.
h. rl_completer_word_break_characters is now `const char *' like
rl_basic_word_break_characters.
i. Readline looks in $LS_COLORS for a custom filename extension
(*.readline-colored-completion-prefix) and uses that as the default color
for the common prefix displayed when `colored-completion-prefix' is set.
j. Two new bindable string variables: active-region-start-color and
active-region-end-color. The first sets the color used to display the
active region; the second turns it off. If set, these are used in place
of terminal standout mode.
k. New readline state (RL_STATE_EOF) and application-visible variable
(rl_eof_found) to allow applications to detect when readline reads EOF
before calling the deprep-terminal hook.
l. There is a new configuration option: --with-shared-termcap-library, which
forces linking the shared readline library with the shared termcap (or
curses/ncurses/termlib) library so applications don't have to do it.
- Remove upstream patches and their signatures now obsolete
* readline81-001
* readline81-001.sig
* readline81-002
* readline81-002.sig
- Port patches
* readline-5.2-conf.patch
* readline-6.2-metamode.patch
* readline-6.2-xmalloc.dif
* readline-6.3-input.dif
* readline-6.3-rltrace.patch
* readline-7.0-screen.patch
- Port patch readline-8.1.dif and rename it to readline-8.2.dif
++++ sqlite3:
- update to 3.38.3:
* Fix a case of the query planner be overly aggressive with
optimizing automatic-index and Bloom-filter construction,
using inappropriate ON clause terms to restrict the size of the
automatic-index or Bloom filter, and resulting in missing rows
in the output.
* Other minor patches. See the timeline for details.
++++ python-pycurl:
- Update to 7.45.1:
* Fixed build against libcurl < 7.64.1 (patch by Scott Talbert).
* Add CURLOPT_MAXLIFETIME_CONN (patch by fsbs).
* Easy handle duplication support (patch by fsbs).
* Support for unsetting a number of multi options (patch by fsbs).
* pycurl classes can now be subclassed (patch by fsbs).
* Multi callbacks' thread state management fixed (patch by fsbs).
* Add CURL_LOCK_DATA_PSL (patch by fsbs).
* Add support for SecureTransport SSL backend (MacOS)
(patch by Scott Talbert).
* Fixed Python thread initialization causing hangs on operations
(patch by Scott Talbert).
* getinfo(CURLINFO_FTP_ENTRY_PATH) now handles NULL return from
libcurl, returning None in this case.
* Python 3.9 is now officially supported (patch by Bill Collins).
* Added CURLOPT_DOH_URL (patch by resokou).
* Best effort Python 2 support has been reinstated.
* Added missing fields to curl_version_info struct (patch by Hasan).
* Added CURLINFO_CONDITION_UNMET (patch by Dima Tisnek).
* Exposed MAX_CONCURRENT_STREAMS in CurlMulti (patch by Alexandre Pion).
* Compilation fixed against Python 3.10 alpha (patch by Kamil Dudka).
- Remove patch curl7770_compatibility.patch and remove_nose.patch:
* They have both merged upstream.
- Modify patch disable_randomly_failing_tests.patch:
* Use pytest rather than nose methods.
- Add patch curl-789-error-message.patch:
* Handle missing ! in a returned error message.
------------------------------------------------------------------
------------------ 2022-4-27 - Apr 27 2022 -------------------
------------------------------------------------------------------
++++ apparmor:
- Enhance zgrep-profile-mr870.diff to also allow/support zstd
(boo#1198922).
++++ btrfsprogs:
- update to 5.16.2:
* mkfs: fix detection of profile type for zoned mode when creating DUP
* build:
* add missing stub for zoned mode helper when zoned mode not enabled
* fix 64bit types on MIPS and PowerPC
* improved zoned mode support autodetection, for systems with existing
blkzone.h header but missing support for zone capacity
* other:
* doc updates
* test updates
- add gpg signature validation
++++ fillup:
- use https as url
++++ gzip:
- Rename xz_lzma.patch xz_lzma_zstd.patch and expand the patch to
supprt zstd compression (boo#1198922).
++++ kernel-default:
- Linux 5.17.5 (bsc#1012628).
- etherdevice: Adjust ether_addr* prototypes to silence
- Wstringop-overead (bsc#1012628).
- perf tools: Fix segfault accessing sample_id xyarray
(bsc#1012628).
- drm/amd/display: Only set PSR version when valid (bsc#1012628).
- block/compat_ioctl: fix range check in BLKGETSIZE (bsc#1012628).
- gfs2: assign rgrp glock before compute_bitstructs (bsc#1012628).
- scsi: ufs: core: scsi_get_lba() error fix (bsc#1012628).
- net/sched: cls_u32: fix netns refcount changes in u32_change()
(bsc#1012628).
- ALSA: usb-audio: Clear MIDI port active flag after draining
(bsc#1012628).
- ALSA: usb-audio: add mapping for MSI MAG X570S Torpedo MAX
(bsc#1012628).
- ALSA: hda/realtek: Add quirk for Clevo NP70PNP (bsc#1012628).
- ASoC: atmel: Remove system clock tree configuration for
at91sam9g20ek (bsc#1012628).
- ASoC: topology: Correct error handling in
soc_tplg_dapm_widget_create() (bsc#1012628).
- ASoC: rk817: Use devm_clk_get() in rk817_platform_probe
(bsc#1012628).
- ASoC: msm8916-wcd-digital: Check failure for
devm_snd_soc_register_component (bsc#1012628).
- ASoC: codecs: wcd934x: do not switch off SIDO Buck when codec
is in use (bsc#1012628).
- dmaengine: idxd: fix device cleanup on disable (bsc#1012628).
- dmaengine: imx-sdma: Fix error checking in sdma_event_remap
(bsc#1012628).
- dmaengine: mediatek:Fix PM usage reference leak of
mtk_uart_apdma_alloc_chan_resources (bsc#1012628).
- dmaengine: dw-edma: Fix unaligned 64bit access (bsc#1012628).
- spi: spi-mtk-nor: initialize spi controller after resume
(bsc#1012628).
- firmware: cs_dsp: Fix overrun of unterminated control name
string (bsc#1012628).
- esp: limit skb_page_frag_refill use to a single page
(bsc#1012628).
- spi: cadence-quadspi: fix incorrect supports_op() return value
(bsc#1012628).
- igc: Fix infinite loop in release_swfw_sync (bsc#1012628).
- igc: Fix BUG: scheduling while atomic (bsc#1012628).
- igc: Fix suspending when PTM is active (bsc#1012628).
- ice: allow creating VFs for !CONFIG_NET_SWITCHDEV (bsc#1012628).
- ice: fix crash in switchdev mode (bsc#1012628).
- ice: Fix memory leak in ice_get_orom_civd_data() (bsc#1012628).
- ALSA: hda/hdmi: fix warning about PCM count when used with SOF
(bsc#1012628).
- rxrpc: Restore removed timer deletion (bsc#1012628).
- net/smc: Fix sock leak when release after smc_shutdown()
(bsc#1012628).
- net/packet: fix packet_sock xmit return value checking
(bsc#1012628).
- ip6_gre: Avoid updating tunnel->tun_hlen in __gre6_xmit()
(bsc#1012628).
- ip6_gre: Fix skb_under_panic in __gre6_xmit() (bsc#1012628).
- net: restore alpha order to Ethernet devices in config
(bsc#1012628).
- net/sched: cls_u32: fix possible leak in u32_init_knode()
(bsc#1012628).
- l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be
using netdev_master_upper_dev_get_rcu (bsc#1012628).
- ipv6: make ip6_rt_gc_expire an atomic_t (bsc#1012628).
- can: isotp: stop timeout monitoring when no first frame was sent
(bsc#1012628).
- net: dsa: hellcreek: Calculate checksums in tagger
(bsc#1012628).
- net: mscc: ocelot: fix broken IP multicast flooding
(bsc#1012628).
- netlink: reset network and mac headers in netlink_dump()
(bsc#1012628).
- drm/i915/display/psr: Unset enable_psr2_sel_fetch if other
checks in intel_psr2_config_valid() fails (bsc#1012628).
- RISC-V: KVM: Remove 's' & 'u' as valid ISA extension
(bsc#1012628).
- RISC-V: KVM: Restrict the extensions that can be disabled
(bsc#1012628).
- net: stmmac: Use readl_poll_timeout_atomic() in atomic state
(bsc#1012628).
- dmaengine: idxd: match type for retries var in idxd_enqcmds()
(bsc#1012628).
- dmaengine: idxd: fix retry value to be constant for duration
of function call (bsc#1012628).
- dmaengine: idxd: add RO check for wq max_batch_size write
(bsc#1012628).
- dmaengine: idxd: add RO check for wq max_transfer_size write
(bsc#1012628).
- dmaengine: idxd: skip clearing device context when device is
read-only (bsc#1012628).
- selftests: mlxsw: vxlan_flooding: Prevent flooding of unwanted
packets (bsc#1012628).
- selftests: mlxsw: vxlan_flooding_ipv6: Prevent flooding of
unwanted packets (bsc#1012628).
- userfaultfd: mark uffd_wp regardless of VM_WRITE flag
(bsc#1012628).
- arm64: mm: fix p?d_leaf() (bsc#1012628).
- XArray: Disallow sibling entries of nodes (bsc#1012628).
- drm/msm/gpu: Rename runtime suspend/resume functions
(bsc#1012628).
- drm/msm/gpu: Remove mutex from wait_event condition
(bsc#1012628).
- ARM: vexpress/spc: Avoid negative array index when !SMP
(bsc#1012628).
- reset: renesas: Check return value of reset_control_deassert()
(bsc#1012628).
- reset: tegra-bpmp: Restore Handle errors in BPMP response
(bsc#1012628).
- platform/x86: samsung-laptop: Fix an unsigned comparison which
can never be negative (bsc#1012628).
- ALSA: usb-audio: Fix undefined behavior due to shift overflowing
the constant (bsc#1012628).
- drm/msm/disp: check the return value of kzalloc() (bsc#1012628).
- selftests: KVM: Free the GIC FD when cleaning up in arch_timer
(bsc#1012628).
- ALSA: hda: intel-dsp-config: update AlderLake PCI IDs
(bsc#1012628).
- arm64: dts: imx: Fix imx8*-var-som touchscreen property sizes
(bsc#1012628).
- vxlan: fix error return code in vxlan_fdb_append (bsc#1012628).
- cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1012628).
- net: atlantic: Avoid out-of-bounds indexing (bsc#1012628).
- mt76: Fix undefined behavior due to shift overflowing the
constant (bsc#1012628).
- brcmfmac: sdio: Fix undefined behavior due to shift overflowing
the constant (bsc#1012628).
- dpaa_eth: Fix missing of_node_put in dpaa_get_ts_info()
(bsc#1012628).
- drm/msm/mdp5: check the return of kzalloc() (bsc#1012628).
- KVM: x86: hyper-v: Avoid writing to TSC page without an active
vCPU (bsc#1012628).
- net: macb: Restart tx only if queue pointer is lagging
(bsc#1012628).
- scsi: iscsi: Release endpoint ID when its freed (bsc#1012628).
- scsi: iscsi: Merge suspend fields (bsc#1012628).
- scsi: iscsi: Fix NOP handling during conn recovery
(bsc#1012628).
- scsi: qedi: Fix failed disconnect handling (bsc#1012628).
- stat: fix inconsistency between struct stat and struct
compat_stat (bsc#1012628).
- VFS: filename_create(): fix incorrect intent (bsc#1012628).
- nvme: add a quirk to disable namespace identifiers
(bsc#1012628).
- nvme-pci: disable namespace identifiers for the MAXIO
MAP1002/1202 (bsc#1012628).
- nvme-pci: disable namespace identifiers for Qemu controllers
(bsc#1012628).
- irq_work: use kasan_record_aux_stack_noalloc() record callstack
(bsc#1012628).
- EDAC/synopsys: Read the error count from the correct register
(bsc#1012628).
- mm/memory-failure.c: skip huge_zero_page in memory_failure()
(bsc#1012628).
- memcg: sync flush only if periodic flush is delayed
(bsc#1012628).
- mm, hugetlb: allow for "high" userspace addresses (bsc#1012628).
- oom_kill.c: futex: delay the OOM reaper to allow time for
proper futex cleanup (bsc#1012628).
- mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove()
(bsc#1012628).
- ata: pata_marvell: Check the 'bmdma_addr' beforing reading
(bsc#1012628).
- dma: at_xdmac: fix a missing check on list iterator
(bsc#1012628).
- dmaengine: imx-sdma: fix init of uart scripts (bsc#1012628).
- net: atlantic: invert deep par in pm functions, preventing
null derefs (bsc#1012628).
- drm/radeon: fix logic inversion in radeon_sync_resv
(bsc#1012628).
- io_uring: free iovec if file assignment fails (bsc#1012628).
- Input: omap4-keypad - fix pm_runtime_get_sync() error checking
(bsc#1012628).
- scsi: sr: Do not leak information in ioctl (bsc#1012628).
- sched/pelt: Fix attach_entity_load_avg() corner case
(bsc#1012628).
- perf/core: Fix perf_mmap fail when CONFIG_PERF_USE_VMALLOC
enabled (bsc#1012628).
- drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not
initialised (bsc#1012628).
- drm/panel/raspberrypi-touchscreen: Initialise the bridge in
prepare (bsc#1012628).
- powerpc/time: Always set decrementer in timer_interrupt()
(bsc#1012628).
- KVM: PPC: Fix TCE handling for VFIO (bsc#1012628).
- drm/vc4: Use pm_runtime_resume_and_get to fix
pm_runtime_get_sync() usage (bsc#1012628).
- powerpc/perf: Fix power9 event alternatives (bsc#1012628).
- powerpc/perf: Fix power10 event alternatives (bsc#1012628).
- arm/xen: Fix some refcount leaks (bsc#1012628).
- perf script: Always allow field 'data_src' for auxtrace
(bsc#1012628).
- perf report: Set PERF_SAMPLE_DATA_SRC bit for Arm SPE event
(bsc#1012628).
- fs: fix acl translation (bsc#1012628).
- cifs: fix NULL ptr dereference in refresh_mounts()
(bsc#1012628).
- cifs: use correct lock type in cifs_reconnect() (bsc#1012628).
- xtensa: patch_text: Fixup last cpu should be master
(bsc#1012628).
- xtensa: fix a7 clobbering in coprocessor context load/store
(bsc#1012628).
- openvswitch: fix OOB access in reserve_sfa_size() (bsc#1012628).
- ASoC: rt5682: fix an incorrect NULL check on list iterator
(bsc#1012628).
- ASoC: soc-dapm: fix two incorrect uses of list iterator
(bsc#1012628).
- e1000e: Fix possible overflow in LTR decoding (bsc#1012628).
- codecs: rt5682s: fix an incorrect NULL check on list iterator
(bsc#1012628).
- ARC: entry: fix syscall_trace_exit argument (bsc#1012628).
- drm/vmwgfx: Fix gem refcounting and memory evictions
(bsc#1012628).
- arm_pmu: Validate single/group leader events (bsc#1012628).
- KVM: x86/pmu: Update AMD PMC sample period to fix guest
NMI-watchdog (bsc#1012628).
- KVM: x86: Don't re-acquire SRCU lock in complete_emulated_io()
(bsc#1012628).
- KVM: x86: Pend KVM_REQ_APICV_UPDATE during vCPU creation to
fix a race (bsc#1012628).
- KVM: nVMX: Defer APICv updates while L2 is active until L1 is
active (bsc#1012628).
- KVM: SVM: Simplify and harden helper to flush SEV guest page(s)
(bsc#1012628).
- KVM: SVM: Flush when freeing encrypted pages even on
SME_COHERENT CPUs (bsc#1012628).
- ext4: fix fallocate to use file_modified to update permissions
consistently (bsc#1012628).
- ext4: fix symlink file size not match to file content
(bsc#1012628).
- ext4: fix use-after-free in ext4_search_dir (bsc#1012628).
- ext4: limit length to bitmap_maxbytes - blocksize in punch_hole
(bsc#1012628).
- ext4, doc: fix incorrect h_reserved size (bsc#1012628).
- ext4: fix overhead calculation to account for the reserved
gdt blocks (bsc#1012628).
- ext4: force overhead calculation if the s_overhead_cluster
makes no sense (bsc#1012628).
- ext4: update the cached overhead value in the superblock
(bsc#1012628).
- jbd2: fix a potential race while discarding reserved buffers
after an abort (bsc#1012628).
- spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem
and controller (bsc#1012628).
- ASoC: SOF: topology: cleanup dailinks on widget unload
(bsc#1012628).
- io_uring: fix leaks on IOPOLL and CQE_SKIP (bsc#1012628).
- arm64: dts: qcom: add IPA qcom,qmp property (bsc#1012628).
- Update config files.
- commit fd20f5f
- Refresh
patches.suse/simplefb-Enable-boot-time-VESA-graphic-mode-selectio.patch.
Update upstream status.
- commit 3b1b874
- Refresh
patches.suse/gpio-Request-interrupts-after-IRQ-is-initialized.patch.
Update upstream status.
- commit 90a0e50
++++ kexec-tools:
- update to 2.0.24:
* arm64: fix static data relocations in machine_apply_elf_rel()
* kexec/elf: assign one to align if sh_addralign equals zero
* arm64/crashdump-arm64: explicit type conversion to suppress compiler warning
* arm64/kexec-arm64: add support for R_AARCH64_MOVW_UABS_G* rela
* arm64/kexec-arm64: use enum to organize the reloc type
* arm64/kexec-arm64: add support for R_AARCH64_LDST128_ABS_LO12_NC rela
* kexec-tools: fix leak FILE pointer.
* purgatory: do not enable vectorization automatically for purgatory compiling
* kexec-tools: Determine if the image is lzma commpressed
* util_lib/elf_info: harden parsing of printk buffer
* github: run apt-get update before installing packages
* kexec-xen: Allow xen_kexec_exec() to return in case of Live Update
* kexec-tools: print error if kexec_file_load fails
* kexec-tools: mips: Concatenate --reuse-cmdline and --append
* kexec-tools: mips: Add some debug info
* arm64: fix PAGE_OFFSET calc for flipped mm
* arm64: read VA_BITS from kcore for 52-bits VA kernel
* arm64/crashdump: unify routine to get page_offset
* arm64: make phys_offset signed
* s390: add support for --reuse-cmdline
* use slurp_proc_file() in get_command_line()
* add slurp_proc_file()
* s390: use KEXEC_ALL_OPTIONS
* s390: add variable command line size
* arm64: support more than one crash kernel regions
* s390: handle R_390_PLT32DBL reloc entries in machine_apply_elf_rel()
* arm64/crashdump: deduce paddr of _text based on kernel code size
- drop kexec-tools-print-error-if-kexec_file_load-fails.patch,
kexec-tools-remove-duplicate-ramdisk-definition.patch (upstream)
- add homepage url
- add gpg validation
++++ libapparmor:
- Enhance zgrep-profile-mr870.diff to also allow/support zstd
(boo#1198922).
++++ argon2:
- use a source url
++++ libeconf:
- Update to version 0.4.6+git20220427.3016f4e:
* econftool:
* * Parsing error: Reporting file and line nr.
* * --delimeters=spaces Taking all kind of spaces for delimiter
* libeconf:
Fixed bsc#1198165: Parsing files correctly which have space characters
AND none space characters as delimiters.
++++ gcc12:
- Drop no longer necessary gcc12-d-workaround.patch
++++ ncurses:
- Include FORTIFY_SOURCE_3-fix.patch as the patch
is needed for upcoming -D_FORTIFY_SOURCE=3 $optflag.
We discussed the change with upstream, but the project
disagrees about stricter rules used with -D_FORTIFY_SOURCE=3.
++++ perl-Bootloader:
- merge gh#openSUSE/perl-bootloader#139
- fix sysconfig parsing (bsc#1198828)
- 0.939
++++ raspberrypi-firmware-dt:
- Use last patch commit date instead patch creation date when creating
device tree archive and package version. Patch creation date could be
much earlier than patch commit date, which could mislead which patches
are included inside the package.
For example:
commit 7e72dd813a175ea7bf166655217ce60fbd7d4a21
Author: Dom Cobley <popcornmix@gmail.com>
AuthorDate: Tue Oct 19 14:15:45 2021 +0100
Commit: Dom Cobley <popcornmix@gmail.com>
CommitDate: Mon Nov 29 16:26:09 2021 +0000
dt: Move VEC clock to clk-raspberrypi
Package which contain this commit was named 2021.11.19 while obviously it
has changes from 2021.11.29.
- Update to da91801ca1 (2022-04-24)
* overlays: Fix pitft28/35-resistive rotate params
* ARM: dts: Add i2c0mux node to Model B rev 1
* overlays: Add "drm" parameter to pitft28-resistive
* overlays: mipi-dbi-spi: width-mm and height-mm are mandatory
* Add support for the AudioInjector.net bare i2s sound card
* dtoverlays: Add overlay for Sony IMX258 image sensor
* ARM: dts: Enable PMU on Cortex-A72 in AArch32 state
* overlays/rpi-display: Add support for DRM driver
* Revert "update rpi-display-overlay.dts pins for 5.10+"
* overlays: Add overlay for MIPI DBI displays
* dtoverlays: Connect the backlight to the pitft35 display
* overlays: iqs550: Enable interrupt pull-down
* CM1&3 cam1_reg and cam1_reg_gpio fix
* dtoverlay: Add VCM option to ov5647 overlay
* dtoverlays: Add VCM option to imx219
* ARM: dts: bcm2711-rpi-ds: Disable the BCM2835 STC
------------------------------------------------------------------
------------------ 2022-4-26 - Apr 26 2022 -------------------
------------------------------------------------------------------
++++ coreutils:
- remove builddisabled conditions for rings - will be done now as
BuildFlags: excludebuilds
++++ elfutils:
- Update to version 0.187:
* debuginfod: Support -C option for connection thread pooling.
* debuginfod-client: Negative cache file are now zero sized instead of
no-permission files.
* addr2line: The -A, --absolute option, which shows file names including
the full compilation directory is now the default. To get the
old behavior use the new option --relative.
* readelf, elflint: Recognize FDO Packaging Metadata ELF notes
* libdw, debuginfo-client: Load libcurl lazily only when files need to
be fetched remotely. libcurl is now never
loaded when DEBUGINFOD_URLS is unset. And when
DEBUGINFOD_URLS is set, libcurl is only loaded
when the debuginfod_begin function is called.
++++ file:
- Try to solve 32bit import dependency problems (boo#1198788)
++++ texinfo:
- Add 13a8894fe2.patch
* Fixing @headings: Add missing option value 'single'.
Resolved regression where gpm could not be build.
++++ augeas:
- Employ shared library packaging guideline and resolve this
rpmlint report: "libaugeas0.x86_64: E: shlib-policy-name-error
SONAME: libfa.so.1, expected package suffix: 1" [boo#1191749]
------------------------------------------------------------------
------------------ 2022-4-25 - Apr 25 2022 -------------------
------------------------------------------------------------------
++++ librsvg:
- Update to version 2.54.1:
+ Fix oversight in the Minimum Supported Rust Version (MSRV):
this release requires Rust 1.56 or later.
+ Make rst2man and gi-docgen optional.
+ Fix documentation comments.
++++ gpg2:
- GnuPG 2.3.6:
* Up to five times faster verification of detached signatures,
doubled detached signing speed, threefold decryption speedup
for large files, nearly double the AES256.OCB encryption speed
* Add support for GeNUA cards
* Added and improved options for crypto options, and all-around
bug fixes
++++ texinfo:
- Update to version 6.8
* new command @displaymath for formatting of mathematical notation
* new command @example takes an argument to specify the language
* Deprecate commands: @centerchap, @definfoenclose, @refill, @inforef
* new paper size @bsixpaper
* texi2any
* should be faster as Perl XS parser is enabled by default
* SHOW_MENU customization variable replaced by FORMAT_MENU.
* only check menu structure if CHECK_NORMAL_MENU_STRUCTURE
variable is set
* MathJax support for display of math.
* JavaScript License Web Labels support
* Use sectional tables of contents instead of menus by defaut
* Use section names in links by default
* CONTENTS_OUTPUT_LOCATION sets location of table of contents
* Document sections wrapped in <div> elements
* New variable USE_NODE_DIRECTIONS to use node or section structure
for node directions
* copiable anchor links for definitions
* Don't add an extra period before file extension given as
an argument to @image if image file is not found
* info: Support compressed dir files
* texi2dvi: Stop on first error in input file
* texinfo.tex:
* put logical page numbers into PDF's ('page labels')
* put chapter numbers in the PDF outline
* new Finnish translation
- Rebased texinfo-zlib.patch
++++ kernel-default:
- pahole 1.22 required for full BTF features.
also recommend pahole for kernel-source to make the kernel buildable
with standard config
- commit 364f54b
- Update config files.
Just running oldconfig after 5.17.4.
- commit 2e251f8
- Revert "Revert "build initrd without systemd" (bsc#1195775)"
This reverts commit 5d1f5d2e7552fcd3d37c11eb714944859e92e7b4. A fix is
to be merged via packaging.
- commit ac62a28
++++ ncurses:
- Add ncurses patch 20220423
+ in-progress work on invalid_merge(), disable it (cf: 20220402).
+ fix memory leak in _nc_tic_dir() when called from _nc_set_writedir().
+ fix memory leak in tic when "-c" option is used.
++++ pango:
- Update to version 1.50.7:
+ coretext: Fix the build.
+ editing: Fix moving across paragraph boundaries in rtl.
+ layout: Try harder to survive without fonts.
+ Windows:
- Register a sans-serif font.
- Try harder to load a font.
++++ protobuf:
- Update to 3.20.1:
- PHP
- Fix building packaged PHP extension (#9727)
- Fixed composer.json to only advertise compatibility with
PHP 7.0+. (#9819)
- Ruby
- Disable the aarch64 build on macOS until it can be fixed. (#9816)
- Other
- Fix versioning issues in 3.20.0
- Update to 3.20.1:
- Ruby
- Dropped Ruby 2.3 and 2.4 support for CI and releases.
(#9311)
- Added Ruby 3.1 support for CI and releases (#9566).
- Message.decode/encode: Add recursion_limit option
(#9218/#9486)
- Allocate with xrealloc()/xfree() so message allocation is
visible to the
- Ruby GC. In certain tests this leads to much lower memory
usage due to more
- frequent GC runs (#9586).
- Fix conversion of singleton classes in Ruby (#9342)
- Suppress warning for intentional circular require (#9556)
- JSON will now output shorter strings for double and float
fields when possible
- without losing precision.
- Encoding and decoding of binary format will now work
properly on big-endian
- systems.
- UTF-8 verification was fixed to properly reject surrogate
code points.
- Unknown enums for proto2 protos now properly implement
proto2's behavior of
- putting such values in unknown fields.
- Java
- Revert "Standardize on Array copyOf" (#9400)
- Resolve more java field accessor name conflicts (#8198)
- Fix parseFrom to only throw InvalidProtocolBufferException
- InvalidProtocolBufferException now allows arbitrary wrapped
Exception types.
- Fix bug in FieldSet.Builder.mergeFrom
- Flush CodedOutputStream also flushes underlying
OutputStream
- When oneof case is the same and the field type is Message,
merge the
- subfield. (previously it was replaced.)’
- Add @CheckReturnValue to some protobuf types
- Report original exceptions when parsing JSON
- Add more info to @deprecated javadoc for set/get/has
methods
- Fix initialization bug in doc comment line numbers
- Fix comments for message set wire format.
- Kotlin
- Add test scope to kotlin-test for protobuf-kotlin-lite
(#9518)
- Add orNull extensions for optional message fields.
- Add orNull extensions to all proto3 message fields.
- Python
- Dropped support for Python < 3.7 (#9480)
- Protoc is now able to generate python stubs (.pyi) with
- -pyi_out
- Pin multibuild scripts to get manylinux1 wheels back
(#9216)
- Fix type annotations of some Duration and Timestamp
methods.
- Repeated field containers are now generic in field types
and could be used in type annotations.
- Protobuf python generated codes are simplified. Descriptors
and message classes' definitions are now dynamic created in
internal/builder.py.
- Insertion Points for messages classes are discarded.
- has_presence is added for FieldDescriptor in python
- Loosen indexing type requirements to allow valid index()
implementations rather than only PyLongObjects.
- Fix the deepcopy bug caused by not copying
message_listener.
- Added python JSON parse recursion limit (default 100)
- Path info is added for python JSON parse errors
- Pure python repeated scalar fields will not able to pickle.
Convert to list first.
- Timestamp.ToDatetime() now accepts an optional tzinfo
parameter. If specified, the function returns
a timezone-aware datetime in the given time zone. If
omitted or None, the function returns a timezone-naive UTC
datetime (as previously).
- Adds client_streaming and server_streaming fields to
MethodDescriptor.
- Add "ensure_ascii" parameter to json_format.MessageToJson.
This allows smaller JSON serializations with UTF-8 or other
non-ASCII encodings.
- Added experimental support for directly assigning numpy
scalars and array.
- Improve the calculation of public_dependencies in
DescriptorPool.
- [Breaking Change] Disallow setting fields to numpy
singleton arrays or repeated fields to numpy
multi-dimensional arrays. Numpy arrays should be indexed or
flattened explicitly before assignment.
- Compiler
- Migrate IsDefault(const std::string*) and
UnsafeSetDefault(const std::string*)
- Implement strong qualified tags for TaggedPtr
- Rework allocations to power-of-two byte sizes.
- Migrate IsDefault(const std::string*) and
UnsafeSetDefault(const std::string*)
- Implement strong qualified tags for TaggedPtr
- Make TaggedPtr Set...() calls explicitly spell out the
content type.
- Check for parsing error before verifying UTF8.
- Enforce a maximum message nesting limit of 32 in the
descriptor builder to
- guard against stack overflows
- Fixed bugs in operators for RepeatedPtrIterator
- Assert a maximum map alignment for allocated values
- Fix proto1 group extension protodb parsing error
- Do not log/report the same descriptor symbol multiple
times if it contains
- more than one invalid character.
- Add UnknownFieldSet::SerializeToString and
SerializeToCodedStream.
- Remove explicit default pointers and deprecated API from
protocol compiler
- Arenas
- Change Repeated*Field to reuse memory when using arenas.
- Implements pbarenaz for profiling proto arenas
- Introduce CreateString() and CreateArenaString() for
cleaner semantics
- Fix unreferenced parameter for MSVC builds
- Add UnsafeSetAllocated to be used for one-of string
fields.
- Make Arena::AllocateAligned() a public function.
- Determine if ArenaDtor related code generation is
necessary in one place.
- Implement on demand register ArenaDtor for
InlinedStringField
- C++
- Enable testing via CTest (#8737)
- Add option to use external GTest in CMake (#8736)
- CMake: Set correct sonames for libprotobuf-lite.so and
libprotoc.so (#8635) (#9529)
- Add cmake option protobuf_INSTALL to not install files
(#7123)
- CMake: Allow custom plugin options e.g. to generate mocks
(#9105)
- CMake: Use linker version scripts (#9545)
- Manually *struct Cord fields to work better with arenas.
- Manually destruct map fields.
- Generate narrower code
- Fix #9378 by removing
- shadowed cached_size field
- Remove GetPointer() and explicit nullptr defaults.
- Add proto_h flag for speeding up large builds
- Add missing overload for reference wrapped fields.
- Add MergedDescriptorDatabase::FindAllFileNames()
- RepeatedField now defines an iterator type instead of
using a pointer.
- Remove obsolete macros GOOGLE_PROTOBUF_HAS_ONEOF and
GOOGLE_PROTOBUF_HAS_ARENAS.
- PHP
- Fix: add missing reserved classnames (#9458)
- PHP 8.1 compatibility (#9370)
- C#
- Fix trim warnings (#9182)
- Fixes NullReferenceException when accessing
FieldDescriptor.IsPacked (#9430)
- Add ToProto() method to all descriptor classes (#9426)
- Add an option to preserve proto names in JsonFormatter
(#6307)
- Objective-C
- Add prefix_to_proto_package_mappings_path option. (#9498)
- Rename proto_package_to_prefix_mappings_path to
package_to_prefix_mappings_path. (#9552)
- Add a generation option to control use of forward
declarations in headers. (#9568)
- Add change_desc_db.patch to fix
gh#googleapis/python-api-core#372 and
gh#protocolbuffers/protobuf#9867
++++ python310-packaging:
- Ignore python3.6.2 since the test doesn't support it.
------------------------------------------------------------------
------------------ 2022-4-24 - Apr 24 2022 -------------------
------------------------------------------------------------------
++++ coreutils:
- gnulib-simple-backup-fix.patch: Add patch to make simple backups in correct
directory; broken in 9.1. See https://bugs.gnu.org/55029
++++ kernel-default:
- Update to 5.18-rc4
- refresh configs
- commit 4ddddbd
++++ llvm15:
- Update to version 14.0.1.
* This release contains bug-fixes for the LLVM 14.0.0 release.
This release is API and ABI compatible with 14.0.0.
- Rebase llvm-do-not-install-static-libraries.patch.
- Drop obsolete patches:
* PPCISelLowering-Avoid-emitting-calls-to-__multi3.patch
- Don't override default linker flags. (We were losing -Wl,-z,now.)
++++ harfbuzz:
- Update to version 4.2.1:
+ Make sure hb_blob_create_from_file_or_fail() always returns
nullptr in case of failure and not empty blob sometimes
+ Add --passthrough-tables option to hb-subset
+ Reinstate a pause after basic features in Khmer shaper, fixing
a regression introduced in previous release
+ Better handling of Regional_Indicator when shaped with RTL-
native scripts, reverting earlier fix that caused regressions
in AAT shaping
------------------------------------------------------------------
------------------ 2022-4-23 - Apr 23 2022 -------------------
------------------------------------------------------------------
++++ ansible-core:
- first version of package ansible-core at version 2.12.4
++++ argon2:
- Fix version of package: 20171227 is the upstream version number
of the package
- Replaced optflags.patch with adjust-makefile.patch, the
patch will now also allow to set the file permissions of installed
libraries. This fixes the rpmlint error: shared-library-not-executable
------------------------------------------------------------------
------------------ 2022-4-22 - Apr 22 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- Update to 22.0.2
* bugfix release with almost all nominated patches
++++ Mesa-drivers:
- Update to 22.0.2
* bugfix release with almost all nominated patches
++++ cockpit-podman:
- Remove translate-toolkit which is not available in SLE
++++ curl:
- Patches rework:
* Refreshed all patches as -p1.
* Use autopatch macro.
* Renamed:
- dont-mess-with-rpmoptflags.diff -> dont-mess-with-rpmoptflags.patch
* Removed (already upstream):
- curl-fix-verifyhost.patch
- Update to 7.83.0:
* Security fixes:
- (bsc#1198766, CVE-2022-27776) Auth/cookie leak on redirect
- (bsc#1198723, CVE-2022-27775) Bad local IPv6 connection reuse
- (bsc#1198608, CVE-2022-27774) Credential leak on redirect
- (bsc#1198614, CVE-2022-22576) OAUTH2 bearer bypass in connection re-use
* Changes:
- curl: add %header{name} experimental support in -w handling
- curl: add %{header_json} experimental support in -w handling
- curl: add --no-clobber
- curl: add --remove-on-error
- header api: add curl_easy_header and curl_easy_nextheader
- msh3: add support for QUIC and HTTP/3 using msh3
* Bugfixes:
- appveyor: add Cygwin build
- appveyor: only add MSYS2 to PATH where required
- BearSSL: add CURLOPT_SSL_CIPHER_LIST support
- BearSSL: add CURLOPT_SSL_CTX_FUNCTION support
- BINDINGS.md: add Hollywood binding
- CI: Do not use buildconf. Instead, just use: autoreconf -fi
- CI: install Python package impacket to run SMB test 1451
- configure.ac: move -pthread CFLAGS setting back where it used to be
- configure: bump the copyright year range int the generated output
- conncache: include the zone id in the "bundle" hashkey
- connecache: remove duplicate connc->closure_handle check
- connect: make Curl_getconnectinfo work with conn cache from share handle
- connect: use TCP_KEEPALIVE only if TCP_KEEPIDLE is not defined
- cookie.d: clarify when cookies are sent
- cookies: improve errorhandling for reading cookiefile
- curl/system.h: update ifdef condition for MCST-LCC compiler
- curl: error out if -T and -d are used for the same URL
- curl: error out when options need features not present in libcurl
- curl: escape '?' in generated --libcurl code
- curl: fix segmentation fault for empty output file names.
- curl_easy_header: fix typos in documentation
- CURLINFO_PRIMARY_PORT.3: clarify which port this is
- CURLOPT*TLSAUTH.3: they only work with OpenSSL or GnuTLS
- CURLOPT_DISALLOW_USERNAME_IN_URL.3: use uppercase URL
- CURLOPT_PREQUOTE.3: only works for FTP file transfers, not dirs
- CURLOPT_PROGRESSFUNCTION.3: fix typo in example
- CURLOPT_UNRESTRICTED_AUTH.3: extended explanation
- CURLSHOPT_UNLOCKFUNC.3: fix the callback prototype
- docs/HYPER.md: updated to reflect current hyper build needs
- docs/opts: Mention Schannel client cert type is P12
- docs: Fix missing semicolon in example code
- docs: lots of minor language polish
- English: use American spelling consistently
- fail.d: tweak the description
- firefox-db2pem.sh: make the shell script safer
- ftp: fix error message for partial file upload
- gen.pl: change wording for mutexed options
- GHA: add openssl3 jobs moved over from zuul
- GHA: build hyper with nightly rustc
- GHA: move bearssl jobs over from zuul
- gha: move the event-based test over from Zuul
- gtls: fix build for disabled TLS-SRP
- http2: handle DONE called for the paused stream
- http2: RST the stream if we stop it on our own will
- http: avoid auth/cookie on redirects same host diff port
- http: close the stream (not connection) on time condition abort
- http: reject header contents with nul bytes
- http: return error on colon-less HTTP headers
- http: streamclose "already downloaded"
- hyper: fix status_line() return code
- hyper: fix tests 580 and 581 for hyper
- hyper: no h2c support
- infof: consistent capitalization of warning messages
- ipv4/6.d: clarify that they are about using IP addresses
- json.d: fix typo (overriden -> overridden)
- keepalive-time.d: It takes many probes to detect brokenness
- lib/warnless.[ch]: only check for WIN32 and ignore _WIN32
- lib670: avoid double check result
- lib: #ifdef on USE_HTTP2 better
- lib: fix some misuse of curlx_convert_wchar_to_UTF8
- lib: remove exclamation marks
- libssh2: compare sha256 strings case sensitively
- libssh2: make the md5 comparison fail if wrong length
- libssh: fix build with old libssh versions
- libssh: fix double close
- libssh: Improve fix for missing SSH_S_ stat macros
- libssh: unstick SFTP transfers when done event-based
- macos: set .plist version in autoconf
- mbedtls: remove 'protocols' array from backend when ALPN is not used
- mbedtls: remove server_fd from backend
- mk-ca-bundle.pl: Use stricter logic to process the certificates
- mk-ca-bundle.vbs: delete this script in favor of mk-ca-bundle.pl
- mlc_config.json: add file to ignore known troublesome URLs
- mqtt: better handling of TCP disconnect mid-message
- ngtcp2: add client certificate authentication for OpenSSL
- ngtcp2: avoid busy loop in low CWND situation
- ngtcp2: deal with sub-millisecond timeout
- ngtcp2: disconnect the QUIC connection proper
- ngtcp2: enlarge H3_SEND_SIZE
- ngtcp2: fix HTTP/3 upload stall and avoid busy loop
- ngtcp2: fix memory leak
- ngtcp2: fix QUIC_IDLE_TIMEOUT
- ngtcp2: make curl 1ms faster
- ngtcp2: remove remote_addr which is not used in a meaningful way
- ngtcp2: update to work after recent ngtcp2 updates
- ngtcp2: use token when detecting :status header field
- nonblock: restore setsockopt method to curlx_nonblock
- openssl: check SSL_get_peer_cert_chain return value
- openssl: enable CURLOPT_SSL_EC_CURVES with BoringSSL
- openssl: fix CN check error code
- options: remove mistaken space before paren in prototype
- perl: removed a double semicolon at end of line
- pop3/smtp: return *WEIRD_SERVER_REPLY when not understood
- projects/README: converted to markdown
- projects: Update VC version names for VS2017, VS2022
- rtsp: don't let CSeq error override earlier errors
- runtests: add 'bearssl' as testable feature
- runtests: make 'oldlibssh' be before 0.9.4
- schannel: remove dead code that will never run
- scripts/copyright.pl: ignore the new mlc_config.json file
- scripts: move three scripts from lib/ to scripts/
- test1135: sync with recent API updates
- test1459: disable for oldlibssh
- test375: fix line endings on Windows
- test386: Fix an incorrect test markup tag
- test718: edited slightly to return better HTTP
- tests/server/util.h: align WIN32 condition with util.c
- tests: refactor server/socksd.c to support --unix-socket
- timediff.[ch]: add curlx helper functions for timeval conversions
- tls: make mbedtls and NSS check for h2, not nghttp2
- tool and tests: force flush of all buffers at end of program
- tool_cb_hdr: Turn the Location: into a terminal hyperlink
- tool_getparam: error out on missing -K file
- tool_listhelp.c: uppercase URL
- tool_operate: fix a scan-build warning
- tool_paramhlp: use feof(3) to identify EOF correctly when using fread(3)
- transfer: redirects to other protocols or ports clear auth
- unit1620: call global_init before calling Curl_open
- url: check sasl additional parameters for connection reuse.
- vtls: provide a unified APLN-disagree string for all backends
- vtls: use a backend standard message for "ALPN: offers %s"
- vtls: use a generic "ALPN, server accepted" message
- winbuild/README.md: fixup dead link
- winbuild: Add a Visual Studio example to the README
- wolfssl: fix compiler error without IPv6
++++ dracut:
- Update to version 056+suse.275.g4ce7a6a7:
* fix(resume): relax exclusion check (bsc#1198554)
* fix(nfs): /var is not mounted during the transactional-update run (bsc#1184970)
* fix(nfs): give /run/rpcbind ownership to rpc user (bsc#1177461)
* fix(nfs): require and install needed binaries
++++ kernel-default:
- gpio: Request interrupts after IRQ is initialized (bsc#1198697).
- commit 283f2c7
- use jobs not processors in the constraints
jobs is the number of vcpus available to the build, while processors
is the total processor count of the machine the VM is running on.
- commit a6e141d
++++ zchunk:
- Update to version 1.2.2
* Turn off EOL handling for the *.zck test files.
* Let the tests also pass with libzstd-1.4.10.
++++ nerdctl:
- Update to version 0.19.0:
* Add nerdctl cp command
* nerdctl run:
* seccomp: relax restrictions depending on --cap-add
* Add --init flag for enabling tini
* nerdctl build: Fix content digest ... not found for
multi-platform images
* nerdctl push: Add --ipfs-address flag to push to a
remote IPFS node
* nerdctl inspect: Add --type=(container|image) flag
* nerdctl container inspect: Add Mounts field for Docker
compatibility
* nerdctl image inspect: Fix the format of Created field
for Docker compatibility
* nerdctl volume rm: Refuse removing volumes in use
- Update to version 0.18.0:
* nerdctl build: Support using containerd worker, for efficiency
and for supporting local base images
* nerdctl network create: Switch away from CNI isolation plugin
to firewall plugin (>= 1.1.0), with ingressPolicy
* nerdctl run:
* Support automatic host port assignment for nerdctl run -p
* Add --ip option
* nerdctl namespace: Add nerdctl namespace (create|inspect|remove|update) commands
* nerdctl push: Add --allow-nondistributable-artifacts option
* Update to use Go 1.18
- Update to version 0.17.1:
* nerdctl network create:
* Add --driver=(macvlan|ipvlan)
* Add --ipam-driver=dhcp
- Update to version 0.17.0:
* Rootless containers can be now executed without slirp4netns overhead.
* nerdctl run:
* Support bypass4netns to bypass slirp4netns overhead:
nerdctl run --label nerdctl/bypass4netns=true
* Add nerdctl run --mount
* nerdctl images: Show blob sizes
* nerdctl history: Add nerdctl history command
* Compose: Support multi compose files
* Kata: Support CNI networking for Kata
- Update to version 0.16.0:
* Support nerdctl.toml for global configuration
* nerdctl pull, nerdctl push, nerdctl login:
Support /etc/containerd/certs.d/<HOST:PORT>/hosts.toml
(~/.config/containerd/certs.d/<HOST:PORT>/hosts.toml) for configuring certs
* nerdctl run:
* Add --verify=cosign and --cosign-key=KEY flags for cosign integration
* Automatically generate a container name from the image name
* Add --cpuset-mems, --cpu-quota, and --cpu-period options
* Add --rdt-class option for Intel RDT classes
* nerdctl commit:
* Add --pause=false option
* Support overriding ENTRYPOINT with --change option
* nerdctl ipfs registry: Add --read-retry-num and --read-timeout options
* nerdctl build:
* Add --label option
* Add a dummy --rm option
* nerdctl create: Add nerdctl create command
* nerdctl network rm: Remove bridge network interface
* nerdctl compose:
* Support specifying service name for nerdctl compose pull/push
* Support labels in nerdctl compose up --build
* Support specifying subnets
* Add --services, --volumes, and --hash options for nerdctl compose config
* Add nerdctl compose kill command
- Update to version 0.15.0:
* nerdctl pull:
* Support verifying Cosign signatures: nerdctl pull --verify=cosign
* Support OverlayBD
* Add --quiet option (#599, thanks to @Junnplus)
* nerdctl push: Support signing Cosign signatures: nerdctl push --sign=cosign
* nerdctl build: Add --iidfile option
* nerdctl commit: Add --change 'CMD ["foo", "bar"]' option
* nerdctl load: Support loading gzipped archive
* nerdctl image convert: Add --zstdchunked option
* nerdctl exec: Add --user option
* nerdctl ps: Add --latest and --last options
* nerdctl stats: Support showing network I/O stats on cgroup v2 hosts
* nerdctl compose:
* Add nerdctl compose up --scale option
* Add nerdctl compose config command
* Support ulimits
* Support interpolating host env vars
++++ rootlesskit:
- Update to version 1.0.0:
* use Go 1.18
* updated some dependencies
------------------------------------------------------------------
------------------ 2022-4-21 - Apr 21 2022 -------------------
------------------------------------------------------------------
++++ coreutils:
- update to 9.1:
* chmod -R no longer exits with error status when encountering symlinks.
All files would be processed correctly, but the exit status was incorrect.
* If 'cp -Z A B' checks B's status and some other process then removes B,
cp no longer creates B with a too-generous SELinux security context
before adjusting it to the correct value.
* 'cp --preserve=ownership A B' no longer ignores the umask when creating B.
Also, 'cp --preserve-xattr A B' is less likely to temporarily chmod u+w B.
* 'id xyz' now uses the name 'xyz' to determine groups, instead of xyz's uid.
* 'ls -v' and 'sort -V' no longer mishandle corner cases like "a..a" vs "a.+"
or lines containing NULs. Their behavior now matches the documentation
for file names like ".m4" that consist entirely of an extension,
and the documentation has been clarified for unusual cases.
* 'mv -T --backup=numbered A B/' no longer miscalculates the backup number
for B when A is a directory, possibly inflooping.
* cat now uses the copy_file_range syscall if available, when doing
simple copies between regular files. This may be more efficient, by avoiding
user space copies, and possibly employing copy offloading or reflinking.
* chown and chroot now warn about usages like "chown root.root f",
which have the nonstandard and long-obsolete "." separator that
causes problems on platforms where user names contain ".".
Applications should use ":" instead of ".".
* cksum no longer allows abbreviated algorithm names,
so that forward compatibility and robustness is improved.
* date +'%-N' now suppresses excess trailing digits, instead of always
padding them with zeros to 9 digits. It uses clock_getres and
clock_gettime to infer the clock resolution.
* dd conv=fsync now synchronizes output even after a write error,
and similarly for dd conv=fdatasync.
* dd now counts bytes instead of blocks if a block count ends in "B".
For example, 'dd count=100KiB' now copies 100 KiB of data, not
102,400 blocks of data. The flags count_bytes, skip_bytes and
seek_bytes are therefore obsolescent and are no longer documented,
though they still work.
* ls no longer colors files with capabilities by default, as file-based
capabilties are very rarely used, and lookup increases processing per file by
about 30%. It's best to use getcap [-r] to identify files with capabilities.
* ls no longer tries to automount files, reverting to the behavior
before the statx() call was introduced in coreutils-8.32.
* stat no longer tries to automount files by default, reverting to the
behavior before the statx() call was introduced in coreutils-8.32.
Only `stat --cached=never` will continue to automount files.
* timeout --foreground --kill-after=... will now exit with status 137
if the kill signal was sent, which is consistent with the behavior
when the --foreground option is not specified. This allows users to
distinguish if the command was more forcefully terminated.
* dd now supports the aliases iseek=N for skip=N, and oseek=N for seek=N,
like FreeBSD and other operating systems.
* dircolors takes a new --print-ls-colors option to display LS_COLORS
entries, on separate lines, colored according to the entry color code.
* dircolors will now also match COLORTERM in addition to TERM environment
variables. The default config will apply colors with any COLORTERM set.
* cp, mv, and install now use openat-like syscalls when copying to a directory.
* This avoids some race conditions and should be more efficient.
* The new 'date' option --resolution outputs the timestamp resolution.
* With conv=fdatasync or conv=fsync, dd status=progress now reports
any extra final progress just before synchronizing output data,
since synchronizing can take a long time.
* printf now supports printing the numeric value of multi-byte characters.
* sort --debug now diagnoses issues with --field-separator characters
that conflict with characters possibly used in numbers.
* 'tail -f file | filter' now exits on Solaris when filter exits.
* root invoked coreutils, that are built and run in single binary mode,
now adjust /proc/$pid/cmdline to be more specific to the utility
being run, rather than using the general "coreutils" binary name.
- coreutils-i18n.patch: Re-sync the patch with Fedora.
- drop coreutils-chmod-fix-exit-status-ign-symlinks.patch (upstream)
++++ glib2:
- Update to version 2.72.2:
+ Fix building projects which use g_warning_once() with clang++.
+ Fix g_file_trash not deleting directories via portals backend.
+ A number more compiler warnings fixed for MSVC.
+ Fix detection of broken poll function on macOS.
+ Fix spawning subprocesses from GUI programs on Windows.
+ Bugs fixed:
- #2312 gdbus-test-codegen tests leak GWeakRef objects.
- #2625 g_warning_once fails to build with clang++.
- #2629 g_file_trash doesn't in directories inside a sandbox.
- !2495 Cleanup warnings split 6.
- !2499 Various contenttype-related test fixes on win32.
- !2534 gpowerprofilemonitor: Tweak wording of documentation.
- !2540 Various win32 tests skip & fixes.
- !2541 meson: simplify lookup of python command.
- !2543 ci: Update the Fedora CI image to Fedora 34.
- !2556 gdbusconnection: Use g_strv_contains().
- !2557 gdbusmethodinvocation: Fix a leak on early return path.
- !2558 Move unit test on g_basename() function to
glib/tests/fileutils.c.
- !2559 Move tests/relation-test.c to glib/tests/relation.c.
- !2560 ci: Update Coverity, mingw and Android CI images
to Fedora 34.
- !2563 glib: Format GDateTime ISO8601 years as %C%y.
- !2564 Move test files on slices from tests/ to glib/tests/.
- !2566 tests: Add more tests for GResolver response parsing.
- !2573 Backport translation fixes and !2571 meson: Set
BROKEN_POLL in macOS builds to glib-2-72.
- !2574 Backport !2565 Revert meson: simplify lookup of python
command to glib-2-72.
- !2587 Backport !2583 Fix trashing sandboxed directories to
glib-2-72.
- !2588 Backport !2582 glib/win32: fix spawn from GUI regression
to glib-2-72.
- !2590 Backport !2589 tests: Don't exit gdbus-method-invocation
test early on connection close to glib-2-72.
- !2593 Backport !2578 atomic: Add a C++ variant of
g_atomic_int_compare_and_exchange() to glib-2-72.
+ Translation updates.
++++ grub2:
- Fix Power10 LPAR error "The partition fails to activate as partition went
into invalid state" (bsc#1198714)
* 0001-powerpc-do-CAS-in-a-more-compatible-way.patch
++++ kernel-default:
- config.conf: reenable armv6hl config
Uses same config settings like x86_64
- commit 1fbebaa
- scripts: dummy-tools, add pahole (bsc#1198388).
- scripts: dummy-tools, add pahole (bsc#1198388).
- Update config files.
The config files now contain the dummy PAHOLE_VERSION (9999).
- commit 1fe0032
++++ at-spi2-core:
- Update to version 2.44.1:
+ Fix use after free when removing a hung process.
+ Fix the build with X11 disabled.
+ Fix crash when NULL is passed to some listener-related functions.
+ impl_deregister_keystroke_listener: fix memory leak on
iteration error.
++++ rpm:
- update rpm-shorten-changelog.diff: fix shortening of changelog,
the non-primary binary packages had the full changelog
- update macrosin.diff: remove binarychangelog cutoff setting,
this comes from rpm-config-SUSE now
++++ libseccomp:
- Update to release 2.5.4
* Update the syscall table for Linux v5.17.
* Fix minor issues with binary tree testing and with empty
binary trees.
* Minor documentation improvements including retiring the
mailing list.
++++ snapper:
- compress file lists using gzip
- version 0.10.1
++++ libunwind:
- update to 1.6.2:
* Fix off-by-one error in x86_64 stack frames
* Fix error in aarch64 unw_sigcontext
* resolve possible null pointer dereference
* Switch to C11 atomics
* RISC-V support
* aarch64 getcontext functionality
++++ python-gobject:
- Update to version 3.42.1:
+ Do not error out for unknown scopes.
+ gtk overrides: restore Gtk.ListStore.insert_with_valuesv with
newer GTK4.
+ gtk overrides: Do not override Treeview.enable_model_drag_xx
for GTK4.
+ Implement DynamicImporter.find_spec() to silence deprecation
warning.
+ Some test/CI fixes.
++++ rpm-config-SUSE:
- Update to version 20220421:
* Automatically trim opensuse changelogs to the last 3 years
* use zstd for tarball compression
------------------------------------------------------------------
------------------ 2022-4-20 - Apr 20 2022 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Linux 5.17.4 (bsc#1012628).
- drm/amd/display: Add pstate verification and recovery for DCN31
(bsc#1012628).
- drm/amd/display: Fix p-state allow debug index on dcn31
(bsc#1012628).
- cpuidle: PSCI: Move the `has_lpi` check to the beginning of
the function (bsc#1012628).
- ACPI: processor idle: Check for architectural support for LPI
(bsc#1012628).
- net: dsa: realtek: allow subdrivers to externally lock regmap
(bsc#1012628).
- net: dsa: realtek: rtl8365mb: serialize indirect PHY register
access (bsc#1012628).
- net: dsa: realtek: make interface drivers depend on OF
(bsc#1012628).
- btrfs: remove no longer used counter when reading data page
(bsc#1012628).
- btrfs: remove unused variable in
btrfs_{start,write}_dirty_block_groups() (bsc#1012628).
- RISC-V: KVM: Don't clear hgatp CSR in kvm_arch_vcpu_put()
(bsc#1012628).
- media: si2157: unknown chip version Si2147-A30 ROM 0x50
(bsc#1012628).
- uapi/linux/stddef.h: Add include guards (bsc#1012628).
- drm/amdgpu: Ensure HDA function is suspended before ASIC reset
(bsc#1012628).
- btrfs: release correct delalloc amount in direct IO write path
(bsc#1012628).
- btrfs: fix btrfs_submit_compressed_write cgroup attribution
(bsc#1012628).
- btrfs: return allocated block group from do_chunk_alloc()
(bsc#1012628).
- ALSA: core: Add snd_card_free_on_error() helper (bsc#1012628).
- ALSA: sis7019: Fix the missing error handling (bsc#1012628).
- ALSA: ali5451: Fix the missing snd_card_free() call at probe
error (bsc#1012628).
- ALSA: als300: Fix the missing snd_card_free() call at probe
error (bsc#1012628).
- ALSA: als4000: Fix the missing snd_card_free() call at probe
error (bsc#1012628).
- ALSA: atiixp: Fix the missing snd_card_free() call at probe
error (bsc#1012628).
- ALSA: au88x0: Fix the missing snd_card_free() call at probe
error (bsc#1012628).
- ALSA: aw2: Fix the missing snd_card_free() call at probe error
(bsc#1012628).
- ALSA: azt3328: Fix the missing snd_card_free() call at probe
error (bsc#1012628).
- ALSA: bt87x: Fix the missing snd_card_free() call at probe error
(bsc#1012628).
- ALSA: ca0106: Fix the missing snd_card_free() call at probe
error (bsc#1012628).
- ALSA: cmipci: Fix the missing snd_card_free() call at probe
error (bsc#1012628).
- ALSA: cs4281: Fix the missing snd_card_free() call at probe
error (bsc#1012628).
- ALSA: cs5535audio: Fix the missing snd_card_free() call at
probe error (bsc#1012628).
- ALSA: echoaudio: Fix the missing snd_card_free() call at probe
error (bsc#1012628).
- ALSA: emu10k1x: Fix the missing snd_card_free() call at probe
error (bsc#1012628).
- ALSA: ens137x: Fix the missing snd_card_free() call at probe
error (bsc#1012628).
- ALSA: es1938: Fix the missing snd_card_free() call at probe
error (bsc#1012628).
- ALSA: es1968: Fix the missing snd_card_free() call at probe
error (bsc#1012628).
- ALSA: fm801: Fix the missing snd_card_free() call at probe error
(bsc#1012628).
- ALSA: galaxy: Fix the missing snd_card_free() call at probe
error (bsc#1012628).
- ALSA: hdsp: Fix the missing snd_card_free() call at probe error
(bsc#1012628).
- ALSA: hdspm: Fix the missing snd_card_free() call at probe error
(bsc#1012628).
- ALSA: ice1724: Fix the missing snd_card_free() call at probe
error (bsc#1012628).
- ALSA: intel8x0: Fix the missing snd_card_free() call at probe
error (bsc#1012628).
- ALSA: intel_hdmi: Fix the missing snd_card_free() call at
probe error (bsc#1012628).
- ALSA: korg1212: Fix the missing snd_card_free() call at probe
error (bsc#1012628).
- ALSA: lola: Fix the missing snd_card_free() call at probe error
(bsc#1012628).
- ALSA: lx6464es: Fix the missing snd_card_free() call at probe
error (bsc#1012628).
- ALSA: maestro3: Fix the missing snd_card_free() call at probe
error (bsc#1012628).
- ALSA: oxygen: Fix the missing snd_card_free() call at probe
error (bsc#1012628).
- ALSA: riptide: Fix the missing snd_card_free() call at probe
error (bsc#1012628).
- ALSA: rme32: Fix the missing snd_card_free() call at probe error
(bsc#1012628).
- ALSA: rme9652: Fix the missing snd_card_free() call at probe
error (bsc#1012628).
- ALSA: rme96: Fix the missing snd_card_free() call at probe error
(bsc#1012628).
- ALSA: sc6000: Fix the missing snd_card_free() call at probe
error (bsc#1012628).
- ALSA: sonicvibes: Fix the missing snd_card_free() call at
probe error (bsc#1012628).
- ALSA: via82xx: Fix the missing snd_card_free() call at probe
error (bsc#1012628).
- ALSA: usb-audio: Cap upper limits of buffer/period bytes for
implicit fb (bsc#1012628).
- ALSA: nm256: Don't call card private_free at probe error path
(bsc#1012628).
- drm/msm: Add missing put_task_struct() in debugfs path
(bsc#1012628).
- nfsd: Fix a write performance regression (bsc#1012628).
- firmware: arm_scmi: Remove clear channel call on the TX channel
(bsc#1012628).
- memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe
(bsc#1012628).
- Revert "ath11k: mesh: add support for 256 bitmap in blockack
frames in 11ax" (bsc#1012628).
- firmware: arm_scmi: Fix sorting of retrieved clock rates
(bsc#1012628).
- media: rockchip/rga: do proper error checking in probe
(bsc#1012628).
- KVM: arm64: Generalise VM features into a set of flags
(bsc#1012628).
- KVM: arm64: mixed-width check should be skipped for
uninitialized vCPUs (bsc#1012628).
- SUNRPC: Fix the svc_deferred_event trace class (bsc#1012628).
- net/sched: flower: fix parsing of ethertype following VLAN
header (bsc#1012628).
- veth: Ensure eth header is in skb's linear part (bsc#1012628).
- gpiolib: acpi: use correct format characters (bsc#1012628).
- cifs: release cached dentries only if mount is complete
(bsc#1012628).
- ice: arfs: fix use-after-free when freeing @rx_cpu_rmap
(bsc#1012628).
- Revert "iavf: Fix deadlock occurrence during resetting VF
interface" (bsc#1012628).
- net: mdio: don't defer probe forever if PHY IRQ provider is
missing (bsc#1012628).
- mlxsw: i2c: Fix initialization error flow (bsc#1012628).
- sctp: use the correct skb for security_sctp_assoc_request
(bsc#1012628).
- net/sched: fix initialization order when updating chain 0 head
(bsc#1012628).
- cachefiles: unmark inode in use in error path (bsc#1012628).
- cachefiles: Fix KASAN slab-out-of-bounds in
cachefiles_set_volume_xattr (bsc#1012628).
- net: dsa: felix: suppress -EPROBE_DEFER errors (bsc#1012628).
- KVM: selftests: riscv: Set PTE A and D bits in VS-stage page
table (bsc#1012628).
- KVM: selftests: riscv: Fix alignment of the guest_hang()
function (bsc#1012628).
- RISC-V: KVM: include missing hwcap.h into vcpu_fp (bsc#1012628).
- io_uring: flag the fact that linked file assignment is sane
(bsc#1012628).
- net: ethernet: stmmac: fix altr_tse_pcs function when using
a fixed-link (bsc#1012628).
- net/sched: taprio: Check if socket flags are valid
(bsc#1012628).
- cfg80211: hold bss_lock while updating nontrans_list
(bsc#1012628).
- mac80211: fix ht_capa printout in debugfs (bsc#1012628).
- netfilter: nft_socket: make cgroup match work in input too
(bsc#1012628).
- drm/msm: Fix range size vs end confusion (bsc#1012628).
- drm/msm/dsi: Use connector directly in
msm_dsi_manager_connector_init() (bsc#1012628).
- drm/msm/dp: add fail safe mode outside of event_mutex context
(bsc#1012628).
- io_uring: stop using io_wq_work as an fd placeholder
(bsc#1012628).
- net/smc: use memcpy instead of snprintf to avoid out of bounds
read (bsc#1012628).
- net/smc: Fix NULL pointer dereference in smc_pnet_find_ib()
(bsc#1012628).
- scsi: pm80xx: Mask and unmask upper interrupt vectors 32-63
(bsc#1012628).
- scsi: pm80xx: Enable upper inbound, outbound queues
(bsc#1012628).
- scsi: iscsi: Move iscsi_ep_disconnect() (bsc#1012628).
- scsi: iscsi: Fix offload conn cleanup when iscsid restarts
(bsc#1012628).
- scsi: iscsi: Fix endpoint reuse regression (bsc#1012628).
- scsi: iscsi: Fix conn cleanup and stop race during iscsid
restart (bsc#1012628).
- scsi: iscsi: Fix unbound endpoint error handling (bsc#1012628).
- sctp: Initialize daddr on peeled off socket (bsc#1012628).
- net: lan966x: Fix when a port's upper is changed (bsc#1012628).
- net: lan966x: Stop processing the MAC entry is port is wrong
(bsc#1012628).
- netfilter: nf_tables: nft_parse_register can return a negative
value (bsc#1012628).
- io_uring: fix assign file locking issue (bsc#1012628).
- ALSA: ad1889: Fix the missing snd_card_free() call at probe
error (bsc#1012628).
- ALSA: mtpav: Don't call card private_free at probe error path
(bsc#1012628).
- io_uring: move io_uring_rsrc_update2 validation (bsc#1012628).
- io_uring: verify that resv2 is 0 in io_uring_rsrc_update2
(bsc#1012628).
- io_uring: verify pad field is 0 in io_get_ext_arg (bsc#1012628).
- testing/selftests/mqueue: Fix mq_perf_tests to free the
allocated cpu set (bsc#1012628).
- ALSA: usb-audio: Increase max buffer size (bsc#1012628).
- ALSA: usb-audio: Limit max buffer and period sizes per time
(bsc#1012628).
- perf tools: Fix misleading add event PMU debug message
(bsc#1012628).
- macvlan: Fix leaking skb in source mode with nodst option
(bsc#1012628).
- net: ftgmac100: access hardware register after clock ready
(bsc#1012628).
- nfc: nci: add flush_workqueue to prevent uaf (bsc#1012628).
- cifs: potential buffer overflow in handling symlinks
(bsc#1012628).
- dm mpath: only use ktime_get_ns() in historical selector
(bsc#1012628).
- vfio/pci: Fix vf_token mechanism when device-specific VF
drivers are used (bsc#1012628).
- tun: annotate access to queue->trans_start (bsc#1012628).
- net: dsa: felix: fix tagging protocol changes with multiple
CPU ports (bsc#1012628).
- net: bcmgenet: Revert "Use stronger register read/writes to
assure ordering" (bsc#1012628).
- block: fix offset/size check in bio_trim() (bsc#1012628).
- block: null_blk: end timed out poll request (bsc#1012628).
- io_uring: abort file assignment prior to assigning creds
(bsc#1012628).
- KVM: PPC: Book3S HV P9: Fix "lost kick" race (bsc#1012628).
- drm/amd: Add USBC connector ID (bsc#1012628).
- btrfs: fix fallocate to use file_modified to update permissions
consistently (bsc#1012628).
- btrfs: do not warn for free space inode in cow_file_range
(bsc#1012628).
- drm/amdgpu: conduct a proper cleanup of PDB bo (bsc#1012628).
- drm/amdgpu/gmc: use PCI BARs for APUs in passthrough
(bsc#1012628).
- drm/amd/display: fix audio format not updated after edid updated
(bsc#1012628).
- drm/amd/display: FEC check in timing validation (bsc#1012628).
- drm/amd/display: Update VTEM Infopacket definition
(bsc#1012628).
- drm/amdkfd: Fix Incorrect VMIDs passed to HWS (bsc#1012628).
- drm/amdgpu/vcn: improve vcn dpg stop procedure (bsc#1012628).
- drm/amdkfd: Check for potential null return of kmalloc_array()
(bsc#1012628).
- Drivers: hv: vmbus: Deactivate sysctl_record_panic_msg by
default in isolated guests (bsc#1012628).
- Drivers: hv: vmbus: Propagate VMbus coherence to each VMbus
device (bsc#1012628).
- PCI: hv: Propagate coherence from VMbus device to PCI device
(bsc#1012628).
- Drivers: hv: vmbus: Prevent load re-ordering when reading ring
buffer (bsc#1012628).
- scsi: target: tcmu: Fix possible page UAF (bsc#1012628).
- scsi: lpfc: Improve PCI EEH Error and Recovery Handling
(bsc#1012628).
- scsi: lpfc: Fix unload hang after back to back PCI EEH faults
(bsc#1012628).
- scsi: lpfc: Fix queue failures when recovering from PCI parity
error (bsc#1012628).
- scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024
(bsc#1012628).
- net: micrel: fix KS8851_MLL Kconfig (bsc#1012628).
- ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs
(bsc#1012628).
- gpu: ipu-v3: Fix dev_dbg frequency output (bsc#1012628).
- regulator: wm8994: Add an off-on delay for WM8994 variant
(bsc#1012628).
- static_call: Properly initialise DEFINE_STATIC_CALL_RET0()
(bsc#1012628).
- arm64: alternatives: mark patch_alternative() as `noinstr`
(bsc#1012628).
- tlb: hugetlb: Add more sizes to tlb_remove_huge_tlb_entry
(bsc#1012628).
- net: axienet: setup mdio unconditionally (bsc#1012628).
- Drivers: hv: balloon: Disable balloon and hot-add accordingly
(bsc#1012628).
- net: usb: aqc111: Fix out-of-bounds accesses in RX fixup
(bsc#1012628).
- myri10ge: fix an incorrect free for skb in myri10ge_sw_tso
(bsc#1012628).
- spi: cadence-quadspi: fix protocol setup for non-1-1-X
operations (bsc#1012628).
- drm/amd/display: Correct Slice reset calculation (bsc#1012628).
- drm/amd/display: Enable power gating before init_pipes
(bsc#1012628).
- drm/amd/display: Revert FEC check in validation (bsc#1012628).
- drm/amd/display: Fix allocate_mst_payload assert on resume
(bsc#1012628).
- drbd: set QUEUE_FLAG_STABLE_WRITES (bsc#1012628).
- scsi: mpt3sas: Fail reset operation if config request timed out
(bsc#1012628).
- scsi: mvsas: Add PCI ID of RocketRaid 2640 (bsc#1012628).
- scsi: megaraid_sas: Target with invalid LUN ID is deleted
during scan (bsc#1012628).
- drivers: net: slip: fix NPD bug in sl_tx_timeout()
(bsc#1012628).
- x86,bpf: Avoid IBT objtool warning (bsc#1012628).
- io_uring: zero tag on rsrc removal (bsc#1012628).
- io_uring: use nospec annotation for more indexes (bsc#1012628).
- perf/imx_ddr: Fix undefined behavior due to shift overflowing
the constant (bsc#1012628).
- mm/secretmem: fix panic when growing a memfd_secret
(bsc#1012628).
- mm, page_alloc: fix build_zonerefs_node() (bsc#1012628).
- mm: fix unexpected zeroed page mapping with zram swap
(bsc#1012628).
- mm: kmemleak: take a full lowmem check in kmemleak_*_phys()
(bsc#1012628).
- hugetlb: do not demote poisoned hugetlb pages (bsc#1012628).
- revert "fs/binfmt_elf: fix PT_LOAD p_align values for loaders"
(bsc#1012628).
- revert "fs/binfmt_elf: use PT_LOAD p_align values for static
PIE" (bsc#1012628).
- KVM: x86/mmu: Resolve nx_huge_pages when kvm.ko is loaded
(bsc#1012628).
- SUNRPC: Fix NFSD's request deferral on RDMA transports
(bsc#1012628).
- memory: renesas-rpc-if: fix platform-device leak in error path
(bsc#1012628).
- gcc-plugins: latent_entropy: use /dev/urandom (bsc#1012628).
- cifs: verify that tcon is valid before dereference in
cifs_kill_sb (bsc#1012628).
- gpio: sim: fix setting and getting multiple lines (bsc#1012628).
- ath9k: Properly clear TX status area before reporting to
mac80211 (bsc#1012628).
- ath9k: Fix usage of driver-private space in tx_info
(bsc#1012628).
- btrfs: zoned: activate block group only for extent allocation
(bsc#1012628).
- btrfs: fix root ref counts in error handling in
btrfs_get_root_ref (bsc#1012628).
- btrfs: mark resumed async balance as writing (bsc#1012628).
- ALSA: hda/realtek: Add quirk for Clevo PD50PNT (bsc#1012628).
- ALSA: hda/realtek: add quirk for Lenovo Thinkpad X12 speakers
(bsc#1012628).
- ALSA: pcm: Test for "silence" field in struct "pcm_format_data"
(bsc#1012628).
- nl80211: correctly check NL80211_ATTR_REG_ALPHA2 size
(bsc#1012628).
- ipv6: fix panic when forwarding a pkt with no in6 dev
(bsc#1012628).
- drm/amd/display: don't ignore alpha property on pre-multiplied
mode (bsc#1012628).
- drm/amdgpu: Enable gfxoff quirk on MacBook Pro (bsc#1012628).
- x86/tsx: Use MSR_TSX_CTRL to clear CPUID bits (bsc#1012628).
- x86/tsx: Disable TSX development mode at boot (bsc#1012628).
- genirq/affinity: Consider that CPUs on nodes can be unbalanced
(bsc#1012628).
- tick/nohz: Use WARN_ON_ONCE() to prevent console saturation
(bsc#1012628).
- ARM: davinci: da850-evm: Avoid NULL pointer dereference
(bsc#1012628).
- ep93xx: clock: Fix UAF in ep93xx_clk_register_gate()
(bsc#1012628).
- dm integrity: fix memory corruption when tag_size is less than
digest size (bsc#1012628).
- i2c: dev: check return value when calling dev_set_name()
(bsc#1012628).
- Revert "net: dsa: setup master before ports" (bsc#1012628).
- smp: Fix offline cpu check in flush_smp_call_function_queue()
(bsc#1012628).
- dt-bindings: memory: snps,ddrc-3.80a compatible also need
interrupts (bsc#1012628).
- i2c: pasemi: Wait for write xfers to finish (bsc#1012628).
- dt-bindings: net: snps: remove duplicate name (bsc#1012628).
- timers: Fix warning condition in __run_timers() (bsc#1012628).
- dma-direct: avoid redundant memory sync for swiotlb
(bsc#1012628).
- mm, kfence: support kmem_dump_obj() for KFENCE objects
(bsc#1012628).
- drm/i915: Sunset igpu legacy mmap support based on
GRAPHICS_VER_FULL (bsc#1012628).
- cpu/hotplug: Remove the 'cpu' member of cpuhp_cpu_state
(bsc#1012628).
- ax25: Fix UAF bugs in ax25 timers (bsc#1012628).
- io_uring: use right issue_flags for splice/tee (bsc#1012628).
- io_uring: fix poll file assign deadlock (bsc#1012628).
- io_uring: fix poll error reporting (bsc#1012628).
- commit 75e9961
++++ json-c:
- Update to 0.16:
+ Deprecated and removed features:
* JSON_C_OBJECT_KEY_IS_CONSTANT is deprecated in favor of
JSON_C_OBJECT_ADD_CONSTANT_KEY
* Direct access to lh_table and lh_entry structure members is deprecated.
Use access functions instead, lh_table_head(), lh_entry_next(), etc...
* Drop REFCOUNT_DEBUG code.
+ Changes and bug fixes
* Cap string length at INT_MAX to avoid various issues with very long strings.
* json_object_deep_copy: fix deep copy of strings containing '\0'
* Fix read past end of buffer in the "json_parse" command
* Avoid out of memory accesses in the locally provided vasprintf() function
(for those platforms that use it)
* Handle allocation failure in json_tokener_new_ex
* Fix use-after-free in json_tokener_new_ex() in the event of printbuf_new() returning NULL
* printbuf_memset(): set gaps to zero - areas within the print buffer which
have not been initialized by using printbuf_memset
* printbuf: return -1 on invalid arguments (len < 0 or total buffer > INT_MAX)
* sprintbuf(): propagate printbuf_memappend errors back to the caller
* Validate size arguments in arraylist functions.
* Use getrandom() if available; with GRND_NONBLOCK to allow use of json-c
very early during boot, such as part of cryptsetup.
* Use arc4random() if it's available.
* random_seed: on error, continue to next method instead of exiting the process
* Close file when unable to read from /dev/urandom in get_dev_random_seed()
* Speed up parsing by replacing ctype functions with simplified, faster
non-locale-sensitive ones in json_tokener and json_object_to_json_string.
* Neither vertical tab nor formfeed are considered whitespace per the JSON spec
* json_object: speed up creation of objects, calloc() -> malloc() + set fields
* Avoid needless extra strlen() call in json_c_shallow_copy_default() and
json_object_equal() when the object is known to be a json_type_string.
++++ ncurses:
- Add ncurses patch 20220416 (boo#1198627 for CVE-2022-29458)
+ add a limit-check to guard against corrupt terminfo data
(report/testcase by NCNIPC of China).
+ add check/warning in configure script if option --with-xterm-kbs is
missing or inconsistent (Arch #74379).
+ add setlocale call to several test-programs.
+ allow extended-color number in opts parameter of wattr_on.
++++ parted:
- update to version 3.5:
* Add support for JSON output.
* Add support for linux-home flag for GPT.
* Add --fix option.
added patches:
- direct-handling-of-partition-type-id-and-uuid.patch
- parted-json-no-type-flag.patch
refreshed patches:
- libparted-open-the-device-RO-and-lazily-switch-to-RW.patch
- parted-2.4-ncursesw6.patch
- parted-add-ignore-busy-option.patch
- parted-fix-resizepart-and-rm-command.patch
- parted-implement-wipesignatures-option.patch
- parted-print-max-partitions-for-yast.patch
- parted-type.patch
- tests-disable.patch
removed patches:
- parted-escape-printed-device-path.patch
- parted-mkpart-allow-empty-gpt-part-name.patch
++++ systemd:
- spec: add sbat (boo#1198589)
- spec: sign the systemd-boot efi binary (boo#1198586)
++++ makedumpfile:
- Update to 1.7.1:
* support for kernel up to 5.17
* sadump: remove variable length array
* print error when reading with unsupported compression
- Drop upstreamed makedumpfile-sadump-kaslr-fix-kaslr_offset-calculation.patch
++++ policycoreutils:
- Fix file list: package ru/man8/sepolgen.8 only in the devel
package (was in devel and main).
++++ xauth:
- update to version 1.1.2
* tests: make tests work in out-of-tree builds
* tests: Fix failure to make distcheck
* tests: report failure if stderr has unexpected output
* configure.ac: fail build if xtrans is not found
* gitlab CI: add a basic build test
* Build xz tarballs instead of bzip2
* Fix off-by-one in quote-stripping routines
* gitlab CI: stop requiring Signed-off-by in commits
* Improve portability
* Removed build requirement "cmdtest".
* Fix warning -Wstringop-truncation for strncpy by using memcpy instead
* Expand checks of socket file with S_ISSOCK
------------------------------------------------------------------
------------------ 2022-4-19 - Apr 19 2022 -------------------
------------------------------------------------------------------
++++ aaa_base:
- Update to version 84.87+git20220419.bf51b75:
* add Yama LSM sysctl setting and description
* Stop lowering the inotify limit
* move DIR_COLORS to where ls.bash is
++++ e2fsprogs:
- avoid empty preuninstall script
++++ hwdata:
- Update to version 0.358 (bsc#1196332):
+ Updated pci, usb and vendor ids.
++++ kernel-default:
- Update config files. (vanilla)
After commit b76702ae4983 (Update config files.), arm64 vanilla fails.
Just ran oldconfig.
- commit 2d96192
- Update
patches.kernel.org/5.17.3-312-SUNRPC-Ensure-we-flush-any-closed-sockets-befo.patch
(bsc#1012628 bsc#1198330 CVE-2022-28893).
Update upstream status.
- commit a0f1f93
++++ freetype2:
- add revert-ft212-subpixel-hinting-change.patch (bsc#1198536)
- add 079a22da037835daf5be2bd9eccf7bc1eaa2e783.patch to avoid
an integer overflow occuring during fuzzing
++++ gcc12:
- Bump to b85abacd902813daec5e44b97f275eb88caaf715, git192607.
++++ ncurses:
- Add ncurses patch 20220409
+ add test/test_unget_wch.c
++++ ceph:
- Update to 16.2.7-969-g6195a460d89
+ (jsc#SES-2515) High-availability NFS export
++++ systemd:
- Drop 0011-core-disable-session-keyring-per-system-sevice-entir.patch
Since bsc#1081947 has been addressed, we can attempt to re-enable private
session kernel keyring for each system service hence each service gets a
session keyring that is specific to the service.
- Import commit 736db5a59f1ab1317ef64ec6e7dc394250178146
98bc28d824 tmpfiles: constify item_compatible() parameters
3faf1a2648 test: adapt install_pam() for openSUSE
b7ca34fa28 test: add test checking tmpfiles conf file precedence
2713693d93 test tmpfiles: add a test for 'w+'
ce2cbefe38 tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090)
769f5a0cbe Support -D_FORTIFY_SOURCE=3 by using __builtin_dynamic_object_size.
++++ unbound:
- drop python2 packages
- update to 1.15.0:
This release has bug fixes for crashes that happened on heavy network
usage. The default for the aggressive-nsec option has changed, it is now
enabled.
The ratelimit logic had to be reworked for the crash fixes. As a result,
there are new options to control the behaviour of ratelimiting.
The ratelimit-backoff and ip-ratelimit-backoff options can be used to
control how severe the backoff is when the ratelimit is exceeded.
The rpz-signal-nxdomain-ra option can be used to unset the RA flag, for
NXDOMAIN answers from RPZ. That is used by some clients to detect that
the domain is externally blocked. The RPZ option for-downstream can be
used like for auth zones, this allows the RPZ zone information to be queried.
That can be useful for monitoring scripts.
Features
- Fix #596: unset the RA bit when a query is blocked by an unbound
RPZ nxdomain reply. The option rpz-signal-nxdomain-ra allows to
signal that a domain is externally blocked to clients when it
is blocked with NXDOMAIN by unsetting RA.
- Add rpz: for-downstream: yesno option, where the RPZ zone is
authoritatively answered for, so the RPZ zone contents can be
checked with DNS queries directed at the RPZ zone.
- Merge PR #616: Update ratelimit logic. It also introduces
ratelimit-backoff and ip-ratelimit-backoff configuration options.
- Change aggressive-nsec default to yes.
Bug Fixes
- Fix compile warning for if_nametoindex on windows 64bit.
- Merge PR #581 from fobser: Fix -Wmissing-prototypes and -Wshadow
warnings in rpz.
- Fix validator debug output about DS support, print correct algorithm.
- Add code similar to fix for ldns for tab between strings, for
consistency, the test case was not broken.
- Allow local-data for classes other than IN to inherit a configured
local-zone's type if possible, instead of defaulting to type
transparent as per the implicit rule.
- Fix to pick up other class local zone information before unlock.
- Add missing configure flags for optional features in the
documentation.
- Fix Unbound capitalization in the documentation.
- Fix #591: Unbound-anchor manpage links to non-existent license file.
- contrib/aaaa-filter-iterator.patch file renewed diff content to
apply cleanly to the current coderepo for the current code version.
- Fix to add test for rpz-signal-nxdomain-ra.
- Fix #596: only unset RA when NXDOMAIN is signalled.
- Fix that RPZ does not set RD flag on replies, it should be copied
from the query.
- Fix for #596: fix that rpz return message is returned and not just
the rcode from the iterator return path. This fixes signal unset RA
after a CNAME.
- Fix unit tests for rpz now that the AA flag returns successfully from
the iterator loop.
- Fix for #596: add unit test for nsdname trigger and signal unset RA.
- Fix for #596: add unit test for nsip trigger and signal unset RA.
- Fix #598: Fix unbound-checkconf fatal error: module conf
'respip dns64 validator iterator' is not known to work.
- Fix for #596: Fix rpz-signal-nxdomain-ra to work for clientip
triggered operation.
- Merge #600 from pemensik: Change file mode before changing file
owner.
- Fix prematurely terminated TCP queries when a reply has the same ID.
- For #602: Allow the module-config "subnetcache validator cachedb
iterator".
- Fix EDNS to upstream where the same option could be attached
more than once.
- Add a region to serviced_query for allocations.
- For dnstap, do not wakeupnow right there. Instead zero the timer to
force the wakeup callback asap.
- Fix #610: Undefine-shift in sldns_str2wire_hip_buf.
- Fix #588: Unbound 1.13.2 crashes due to p->pc is NULL in
serviced_udp_callback.
- Merge PR #612: TCP race condition.
- Test for NSID in SERVFAIL response due to DNSSEC bogus.
- Fix #599: [FR] RFC 9156 (obsoletes RFC 7816), by noting the new RFC
document.
- Fix tls-* and ssl-* documented alternate syntax to also be available
through remote-control and unbound-checkconf.
- Better cleanup on failed DoT/DoH listening socket creation.
- iana portlist update.
- Fix review comment for use-after-free when failing to send UDP out.
- Merge PR #603 from fobser: Use OpenSSL 1.1 API to access DSA and RSA
internals.
- Merge PR #532 from Shchelk: Fix: buffer overflow bug.
- Merge PR #617: Update stub/forward-host notation to accept port and
tls-auth-name.
- Update stream_ssl.tdir test to also use the new forward-host
notation.
- Fix header comment for doxygen for authextstrtoaddr.
- please clang analyzer for loop in test code.
- Fix docker splint test to use more portable uname.
- Update contrib/aaaa-filter-iterator.patch with diff for current
software version.
- Fix for #611: Integer overflow in sldns_wire2str_pkt_scan.
++++ python-urllib3:
- Remove unneeded BuildRequires of mock.
++++ qemu:
- enable aio=io_uring on all kvm architectures (bsc#1197699)
++++ rsync:
- Update to 3.2.4
* A new form of arg protection was added that works similarly to
the older `--protect-args` (`-s`) option but in a way that
avoids breaking things like rrsync.
* A long-standing bug was preventing rsync from figuring out the
current locale's decimal point character, which made rsync
always output numbers using the "C" locale.
* Too many changes to list, see included NEWS.md file.
- Drop rsync-CVE-2020-14387.patch, already included upstream.
++++ vim:
- skip empty post/postun on gvim for SLE15+
++++ which:
- https urls, added signature (but did not find the public key)
------------------------------------------------------------------
------------------ 2022-4-18 - Apr 18 2022 -------------------
------------------------------------------------------------------
++++ libjpeg-turbo:
- Use nasm instead of yasm, the latter has not released any update
in 7 years.
------------------------------------------------------------------
------------------ 2022-4-17 - Apr 17 2022 -------------------
------------------------------------------------------------------
++++ kernel-default:
- config: enable arm64 builds
- reenable arm64 configs after update to 5.18-rc2
- new arm64 config options:
- SHADOW_CALL_STACK=n
- RELR=n
- KCOV=n
- commit ffb18e4
- Update to 5.18-rc3
- update configs
- x86_64
- NET_DSA_REALTEK_RTL8365MB=m
- NET_DSA_REALTEK_RTL8366RB=m
- commit 04810ad
------------------------------------------------------------------
------------------ 2022-4-16 - Apr 16 2022 -------------------
------------------------------------------------------------------
++++ apparmor:
- update zgrep-profile-mr870.diff to allow executing 'expr' (boo#1198531)
++++ libapparmor:
- update zgrep-profile-mr870.diff to allow executing 'expr' (boo#1198531)
++++ pcre2:
- pcre2 10.40:
* Added support for Bidi_Class and a number of binary Unicode
properties, including Bidi_Control.
* A number of changes to script matching for \p and \P:
speed improvements, add the syntax \p{script:xxx} and
\p{script_extensions:xxx} (synonyms sc and scx), Changed
\p{scriptname} from being the same as \p{sc:scriptname} to
being the same as \p{scx:scriptname}, recognize the standard
Unicode 4-letter abbreviations for script names, implement
Unicode and Perl's "loose matching" rules on property names
------------------------------------------------------------------
------------------ 2022-4-15 - Apr 15 2022 -------------------
------------------------------------------------------------------
++++ boost-base:
- update to 1.79.0:
* no new libraries
* for details on all changes see,
https://www.boost.org/users/history/version_1_79_0.html
- add 0001-json-array-erase-relocate.patch
- drop 0001-b2-fix-install.patch (obsolete)
++++ fontconfig:
- update to 2.14.0:
* Fix endianness on generating MD5 cache name
* Fix a typo in the description of FcWeightFromOpenTypeDouble
* fc-validate: returns an error code when missing some glyphs
* Fallback uuid-based name to read a cache if no MD5-based cache
* fc-cache: Show font directories to generate cache with -v
* Replace UUID file mechanism with per-directory 'map' attribute [v2]
* memleak fixes
- drop fontconfig-do-not-remove-UUID-file.patch (obsolete)
- add skip-network-test.patch
++++ avahi:
- Stop requiring "avahi" from "libavahi-devel". The devel package
ought to facilitate building programs with avahi, not run the
whole deamon.
++++ freetype2:
- fix segfault in some applications boo#1198497
add freetype-2.12.0-cff_slot_load-segfault.patch
++++ libnl3:
- Update to release 3.6.0
* route/mdb: add support for MAC multicast entries
* mdb: support bridge multicast database notification
* Support Hardware offload capability for MACsec
* nflog: add CT support
* Add IPv6 GRE support
* Add IPv6 VTI support
* Add support for team devices
- Drop 0001-route-link-add-RTNL_LINK_REASM_OVERLAPS-stat.patch
(merged)
++++ u-boot-rpiarm64:
- socfpga: Fix regression that dropped the install binary from package
------------------------------------------------------------------
------------------ 2022-4-14 - Apr 14 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- Adding changes I need for iris to not flicker and have d3d12
available for use in WSL.
++++ Mesa-drivers:
- Adding changes I need for iris to not flicker and have d3d12
available for use in WSL.
++++ NetworkManager:
- Modify NetworkManager.spec: Split into a few small subpackages
(bsc#1198128).
++++ containerd:
- Update to containerd v1.5.11 to fix CVE-2022-24769. bsc#1197517
++++ docker:
- Update to Docker 20.10.14-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/#201014>. bsc#1197517
CVE-2022-24769
++++ kernel-default:
- Update config files.
set modprobe path to /usr/sbin/modprobe after usrmerge completion
in Tumbleweed.
- commit 767eb22
- Update config files (bsc#1198722, bsc#1197746).
Enable compiled in LSMs on boot
* landlock: optional ability for user land applications to sandbox
themselves
* yama: optional restrict of use of ptrace for nonprivileged users
* default to apparmor, list selinux before bpf to avoid bsc#1197746
* bpf: create eBPF based LSMs dynamically
- commit 5506937
- Update config files.
- set CONFIG_NO_HZ_FULL again on armv7/aarch64 (bsc#1189692)
- commit bfb0c41
- Update config files.
Disable legacy pty support (bsc#1198506)
- commit 295a9c6
- Update config files.
set CONFIG_LSM_MMAP_MIN_ADDR according to upstream default to
32768/65536 to have a minimum protection against null pointer
vulnerabilities. This was previously set to 0 to enable dosemu,
but dosemu no longer requires that setting, especially not on
non-x86.
- commit 30bf192
- Linux 5.17.3 (bsc#1012628).
- lib/logic_iomem: correct fallback config references
(bsc#1012628).
- um: fix and optimize xor select template for CONFIG64 and
timetravel mode (bsc#1012628).
- rtc: wm8350: Handle error for wm8350_register_irq (bsc#1012628).
- net: dsa: felix: fix possible NULL pointer dereference
(bsc#1012628).
- mm: kfence: fix objcgs vector allocation (bsc#1012628).
- KVM: x86/pmu: Use different raw event masks for AMD and Intel
(bsc#1012628).
- KVM: SVM: Fix kvm_cache_regs.h inclusions for is_guest_mode()
(bsc#1012628).
- KVM: x86/svm: Clear reserved bits written to PerfEvtSeln MSRs
(bsc#1012628).
- KVM: x86/pmu: Fix and isolate TSX-specific performance event
logic (bsc#1012628).
- KVM: x86/emulator: Emulate RDPID only if it is enabled in guest
(bsc#1012628).
- drm: Add orientation quirk for GPD Win Max (bsc#1012628).
- Bluetooth: hci_sync: Fix compilation warning (bsc#1012628).
- ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111
(bsc#1012628).
- Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt
(bsc#1012628).
- drm/amd/display: Add signal type check when verify stream
backends same (bsc#1012628).
- drm/amdkfd: enable heavy-weight TLB flush on Arcturus
(bsc#1012628).
- drm/edid: remove non_desktop quirk for HPN-3515 and LEN-B800
(bsc#1012628).
- drm/edid: improve non-desktop quirk logging (bsc#1012628).
- Bluetooth: hci_event: Ignore multiple conn complete events
(bsc#1012628).
- drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj
(bsc#1012628).
- drm/amd/display: Fix memory leak (bsc#1012628).
- drm/amd/display: Use PSR version selected during set_psr_caps
(bsc#1012628).
- usb: gadget: tegra-xudc: Do not program SPARAM (bsc#1012628).
- usb: gadget: tegra-xudc: Fix control endpoint's definitions
(bsc#1012628).
- usb: cdnsp: fix cdnsp_decode_trb function to properly handle
ret value (bsc#1012628).
- ptp: replace snprintf with sysfs_emit (bsc#1012628).
- Bluetooth: hci_sync: Fix queuing commands when HCI_UNREGISTER
is set (bsc#1012628).
- selftests, xsk: Fix bpf_res cleanup test (bsc#1012628).
- net/mlx5e: TC, Hold sample_attr on stack instead of pointer
(bsc#1012628).
- drm/amdkfd: Don't take process mutex for svm ioctls
(bsc#1012628).
- drm/amdkfd: Ensure mm remain valid in svm deferred_list work
(bsc#1012628).
- drm/amdkfd: svm range restore work deadlock when process exit
(bsc#1012628).
- drm/amdgpu: Fix an error message in rmmod (bsc#1012628).
- mlxsw: spectrum: Guard against invalid local ports
(bsc#1012628).
- RDMA/rtrs-clt: Do stop and failover outside reconnect work
(bsc#1012628).
- powerpc/xive: Export XIVE IPI information for online-only
processors (bsc#1012628).
- powerpc: dts: t104xrdb: fix phy type for FMAN 4/5 (bsc#1012628).
- ath11k: fix kernel panic during unload/load ath11k modules
(bsc#1012628).
- ath11k: pci: fix crash on suspend if board file is not found
(bsc#1012628).
- ath11k: mhi: use mhi_sync_power_up() (bsc#1012628).
- net/smc: Send directly when TCP_CORK is cleared (bsc#1012628).
- drm/bridge: Add missing pm_runtime_put_sync (bsc#1012628).
- bpf: Make dst_port field in struct bpf_sock 16-bit wide
(bsc#1012628).
- scsi: mvsas: Replace snprintf() with sysfs_emit() (bsc#1012628).
- scsi: bfa: Replace snprintf() with sysfs_emit() (bsc#1012628).
- drm/v3d: fix missing unlock (bsc#1012628).
- power: supply: axp20x_battery: properly report current when
discharging (bsc#1012628).
- mt76: mt7921: fix crash when startup fails (bsc#1012628).
- mt76: dma: initialize skip_unmap in mt76_dma_rx_fill
(bsc#1012628).
- i40e: Add sending commands in atomic context (bsc#1012628).
- cfg80211: don't add non transmitted BSS to 6GHz scanned channels
(bsc#1012628).
- libbpf: Fix build issue with llvm-readelf (bsc#1012628).
- ipv6: make mc_forwarding atomic (bsc#1012628).
- ref_tracker: implement use-after-free detection (bsc#1012628).
- net: initialize init_net earlier (bsc#1012628).
- powerpc: Set crashkernel offset to mid of RMA region
(bsc#1012628).
- drm/amdgpu: Fix recursive locking warning (bsc#1012628).
- scsi: smartpqi: Fix rmmod stack trace (bsc#1012628).
- scsi: smartpqi: Fix kdump issue when controller is locked up
(bsc#1012628).
- PCI: aardvark: Fix support for MSI interrupts (bsc#1012628).
- kvm: selftests: aarch64: fix assert in gicv3_access_reg
(bsc#1012628).
- kvm: selftests: aarch64: pass vgic_irq guest args as a pointer
(bsc#1012628).
- kvm: selftests: aarch64: fix the failure check in
kvm_set_gsi_routing_irqchip_check (bsc#1012628).
- kvm: selftests: aarch64: fix some vgic related comments
(bsc#1012628).
- kvm: selftests: aarch64: use a tighter assert in vgic_poke_irq()
(bsc#1012628).
- iommu/arm-smmu-v3: fix event handling soft lockup (bsc#1012628).
- usb: ehci: add pci device support for Aspeed platforms
(bsc#1012628).
- KVM: arm64: Do not change the PMU event filter after a VCPU
has run (bsc#1012628).
- libbpf: Fix accessing syscall arguments on powerpc
(bsc#1012628).
- libbpf: Fix accessing the first syscall argument on arm64
(bsc#1012628).
- libbpf: Fix accessing the first syscall argument on s390
(bsc#1012628).
- PCI: endpoint: Fix alignment fault error in copy tests
(bsc#1012628).
- tcp: Don't acquire inet_listen_hashbucket::lock with disabled BH
(bsc#1012628).
- PCI: pciehp: Add Qualcomm quirk for Command Completed erratum
(bsc#1012628).
- scsi: mpi3mr: Fix deadlock while canceling the fw event
(bsc#1012628).
- scsi: mpi3mr: Fix reporting of actual data transfer size
(bsc#1012628).
- scsi: mpi3mr: Fix memory leaks (bsc#1012628).
- powerpc/set_memory: Avoid spinlock recursion in
change_page_attr() (bsc#1012628).
- power: supply: axp288-charger: Set Vhold to 4.4V (bsc#1012628).
- drm/sprd: fix potential NULL dereference (bsc#1012628).
- drm/sprd: check the platform_get_resource() return value
(bsc#1012628).
- drm/amd/display: reset lane settings after each PHY repeater LT
(bsc#1012628).
- net/mlx5e: Disable TX queues before registering the netdev
(bsc#1012628).
- HID: apple: Report Magic Keyboard 2021 battery over USB
(bsc#1012628).
- HID: apple: Report Magic Keyboard 2021 with fingerprint reader
battery over USB (bsc#1012628).
- usb: dwc3: pci: Set the swnode from inside dwc3_pci_quirks()
(bsc#1012628).
- iwlwifi: mvm: Correctly set fragmented EBS (bsc#1012628).
- iwlwifi: fix small doc mistake for iwl_fw_ini_addr_val
(bsc#1012628).
- iwlwifi: mvm: move only to an enabled channel (bsc#1012628).
- ipv6: annotate some data-races around sk->sk_prot (bsc#1012628).
- drm/msm/dsi: Remove spurious IRQF_ONESHOT flag (bsc#1012628).
- x86/mce: Work around an erratum on fast string copy instructions
(bsc#1012628).
- rtw89: fix RCU usage in rtw89_core_txq_push() (bsc#1012628).
- ath11k: Fix frames flush failure caused by deadlock
(bsc#1012628).
- ipv4: Invalidate neighbour for broadcast address upon address
addition (bsc#1012628).
- rtw88: change rtw_info() to proper message level (bsc#1012628).
- dm ioctl: prevent potential spectre v1 gadget (bsc#1012628).
- dm: requeue IO if mapping table not yet available (bsc#1012628).
- drm/amdkfd: make CRAT table missing message informational only
(bsc#1012628).
- vfio/pci: Stub vfio_pci_vga_rw when !CONFIG_VFIO_PCI_VGA
(bsc#1012628).
- scsi: pm8001: Fix pm80xx_pci_mem_copy() interface (bsc#1012628).
- scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (bsc#1012628).
- scsi: pm8001: Fix tag values handling (bsc#1012628).
- scsi: pm8001: Fix task leak in pm8001_send_abort_all()
(bsc#1012628).
- scsi: pm8001: Fix tag leaks on error (bsc#1012628).
- scsi: pm8001: Fix memory leak in
pm8001_chip_fw_flash_update_req() (bsc#1012628).
- mt76: mt7915: fix injected MPDU transmission to not use HW
A-MSDU (bsc#1012628).
- mctp: make __mctp_dev_get() take a refcount hold (bsc#1012628).
- powerpc/64s/hash: Make hash faults work in NMI context
(bsc#1012628).
- mt76: mt7615: Fix assigning negative values to unsigned variable
(bsc#1012628).
- power: supply: axp288_charger: Use
acpi_quirk_skip_acpi_ac_and_battery() (bsc#1012628).
- power: supply: axp288_fuel_gauge: Use
acpi_quirk_skip_acpi_ac_and_battery() (bsc#1012628).
- scsi: aha152x: Fix aha152x_setup() __setup handler return value
(bsc#1012628).
- scsi: hisi_sas: Free irq vectors in order for v3 HW
(bsc#1012628).
- scsi: hisi_sas: Limit users changing debugfs BIST count value
(bsc#1012628).
- net/smc: correct settings of RMB window update limit
(bsc#1012628).
- mips: ralink: fix a refcount leak in ill_acc_of_setup()
(bsc#1012628).
- iavf: stop leaking iavf_status as "errno" values (bsc#1012628).
- macvtap: advertise link netns via netlink (bsc#1012628).
- platform/x86: thinkpad_acpi: Add dual fan probe (bsc#1012628).
- tuntap: add sanity checks about msg_controllen in sendmsg
(bsc#1012628).
- Bluetooth: mediatek: fix the conflict between mtk and msft
vendor event (bsc#1012628).
- Bluetooth: Fix not checking for valid hdev on
bt_dev_{info,warn,err,dbg} (bsc#1012628).
- Bluetooth: use memset avoid memory leaks (bsc#1012628).
- bnxt_en: Eliminate unintended link toggle during FW reset
(bsc#1012628).
- PCI: endpoint: Fix misused goto label (bsc#1012628).
- MIPS: fix fortify panic when copying asm exception handlers
(bsc#1012628).
- powerpc/code-patching: Pre-map patch area (bsc#1012628).
- powerpc/64e: Tie PPC_BOOK3E_64 to PPC_FSL_BOOK3E (bsc#1012628).
- powerpc/secvar: fix refcount leak in format_show()
(bsc#1012628).
- scsi: libfc: Fix use after free in fc_exch_abts_resp()
(bsc#1012628).
- platform/x86: x86-android-tablets: Depend on EFI and SPI
(bsc#1012628).
- can: isotp: set default value for N_As to 50 micro seconds
(bsc#1012628).
- can: etas_es58x: es58x_fd_rx_event_msg(): initialize
rx_event_msg before calling es58x_check_msg_len() (bsc#1012628).
- riscv: Fixed misaligned memory access. Fixed pointer comparison
(bsc#1012628).
- net: account alternate interface name memory (bsc#1012628).
- net: limit altnames to 64k total (bsc#1012628).
- net/mlx5e: Remove overzealous validations in netlink EEPROM
query (bsc#1012628).
- platform/x86: hp-wmi: Fix SW_TABLET_MODE detection method
(bsc#1012628).
- platform/x86: hp-wmi: Fix 0x05 error code reported by several
WMI calls (bsc#1012628).
- net: sfp: add 2500base-X quirk for Lantech SFP module
(bsc#1012628).
- usb: dwc3: omap: fix "unbalanced disables for smps10_out1"
on omap5evm (bsc#1012628).
- xen/usb: harden xen_hcd against malicious backends
(bsc#1012628).
- mt76: fix monitor mode crash with sdio driver (bsc#1012628).
- xtensa: fix DTC warning unit_address_format (bsc#1012628).
- iwlwifi: mei: fix building iwlmei (bsc#1012628).
- MIPS: ingenic: correct unit node address (bsc#1012628).
- Bluetooth: Fix use after free in hci_send_acl (bsc#1012628).
- netfilter: conntrack: revisit gc autotuning (bsc#1012628).
- netlabel: fix out-of-bounds memory accesses (bsc#1012628).
- ceph: fix inode reference leakage in ceph_get_snapdir()
(bsc#1012628).
- ceph: fix memory leak in ceph_readdir when note_last_dentry
returns error (bsc#1012628).
- lib/Kconfig.debug: add ARCH dependency for FUNCTION_ALIGN option
(bsc#1012628).
- init/main.c: return 1 from handled __setup() functions
(bsc#1012628).
- minix: fix bug when opening a file with O_DIRECT (bsc#1012628).
- clk: si5341: fix reported clk_rate when output divider is 2
(bsc#1012628).
- clk: mediatek: Fix memory leaks on probe (bsc#1012628).
- staging: vchiq_arm: Avoid NULL ptr deref in
vchiq_dump_platform_instances (bsc#1012628).
- staging: vchiq_core: handle NULL result of
find_service_by_handle (bsc#1012628).
- phy: amlogic: phy-meson-gxl-usb2: fix shared reset controller
use (bsc#1012628).
- phy: amlogic: meson8b-usb2: Use dev_err_probe() (bsc#1012628).
- phy: amlogic: meson8b-usb2: fix shared reset control use
(bsc#1012628).
- clk: rockchip: drop CLK_SET_RATE_PARENT from dclk_vop* on rk3568
(bsc#1012628).
- cpufreq: CPPC: Fix performance/frequency conversion
(bsc#1012628).
- opp: Expose of-node's name in debugfs (bsc#1012628).
- staging: wfx: apply the necessary SDIO quirks for the Silabs
WF200 (bsc#1012628).
- staging: wfx: fix an error handling in wfx_init_common()
(bsc#1012628).
- w1: w1_therm: fixes w1_seq for ds28ea00 sensors (bsc#1012628).
- NFSv4.2: fix reference count leaks in _nfs42_proc_copy_notify()
(bsc#1012628).
- NFSv4: Protect the state recovery thread against direct reclaim
(bsc#1012628).
- habanalabs: fix possible memory leak in MMU DR fini
(bsc#1012628).
- habanalabs: reject host map with mmu disabled (bsc#1012628).
- habanalabs/gaudi: handle axi errors from NIC engines
(bsc#1012628).
- xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32
(bsc#1012628).
- clk: ti: Preserve node in ti_dt_clocks_register() (bsc#1012628).
- clk: Enforce that disjoints limits are invalid (bsc#1012628).
- SUNRPC/xprt: async tasks mustn't block waiting for memory
(bsc#1012628).
- SUNRPC: remove scheduling boost for "SWAPPER" tasks
(bsc#1012628).
- NFS: swap IO handling is slightly different for O_DIRECT IO
(bsc#1012628).
- NFS: swap-out must always use STABLE writes (bsc#1012628).
- x86: Annotate call_on_stack() (bsc#1012628).
- x86/Kconfig: Do not allow CONFIG_X86_X32_ABI=y with llvm-objcopy
(bsc#1012628).
- serial: samsung_tty: do not unlock port->lock for
uart_write_wakeup() (bsc#1012628).
- virtio_console: eliminate anonymous module_init & module_exit
(bsc#1012628).
- jfs: prevent NULL deref in diFree (bsc#1012628).
- SUNRPC: Fix socket waits for write buffer space (bsc#1012628).
- NFS: nfsiod should not block forever in mempool_alloc()
(bsc#1012628).
- NFS: Avoid writeback threads getting stuck in mempool_alloc()
(bsc#1012628).
- selftests: net: Add tls config dependency for tls selftests
(bsc#1012628).
- parisc: Fix CPU affinity for Lasi, WAX and Dino chips
(bsc#1012628).
- parisc: Fix patch code locking and flushing (bsc#1012628).
- mm: fix race between MADV_FREE reclaim and blkdev direct IO read
(bsc#1012628).
- drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire()
(bsc#1012628).
- Drivers: hv: vmbus: Fix initialization of device object in
vmbus_device_register() (bsc#1012628).
- Drivers: hv: vmbus: Fix potential crash on module unload
(bsc#1012628).
- netfilter: bitwise: fix reduce comparisons (bsc#1012628).
- Revert "NFSv4: Handle the special Linux file open access mode"
(bsc#1012628).
- NFSv4: fix open failure with O_ACCMODE flag (bsc#1012628).
- scsi: core: scsi_logging: Fix a BUG (bsc#1012628).
- scsi: sr: Fix typo in CDROM(CLOSETRAY|EJECT) handling
(bsc#1012628).
- scsi: core: Fix sbitmap depth in scsi_realloc_sdev_budget_map()
(bsc#1012628).
- scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one()
(bsc#1012628).
- vdpa: mlx5: prevent cvq work from hogging CPU (bsc#1012628).
- net: sfc: add missing xdp queue reinitialization (bsc#1012628).
- net/tls: fix slab-out-of-bounds bug in decrypt_internal
(bsc#1012628).
- vrf: fix packet sniffing for traffic originating from ip tunnels
(bsc#1012628).
- skbuff: fix coalescing for page_pool fragment recycling
(bsc#1012628).
- Revert "net: dsa: stop updating master MTU from master.c"
(bsc#1012628).
- ice: Clear default forwarding VSI during VSI release
(bsc#1012628).
- ice: Fix MAC address setting (bsc#1012628).
- mctp: Fix check for dev_hard_header() result (bsc#1012628).
- mctp: Use output netdev to allocate skb headroom (bsc#1012628).
- net: ipv4: fix route with nexthop object delete warning
(bsc#1012628).
- net: stmmac: Fix unset max_speed difference between DT and
non-DT platforms (bsc#1012628).
- drm/imx: imx-ldb: Check for null pointer after calling kmemdup
(bsc#1012628).
- drm/imx: Fix memory leak in imx_pd_connector_get_modes
(bsc#1012628).
- drm/imx: dw_hdmi-imx: Fix bailout in error cases of probe
(bsc#1012628).
- regulator: rtq2134: Fix missing active_discharge_on setting
(bsc#1012628).
- spi: rpc-if: Fix RPM imbalance in probe error path
(bsc#1012628).
- regulator: atc260x: Fix missing active_discharge_on setting
(bsc#1012628).
- arch/arm64: Fix topology initialization for core scheduling
(bsc#1012628).
- bnxt_en: Synchronize tx when xdp redirects happen on same ring
(bsc#1012628).
- bnxt_en: reserve space inside receive page for skb_shared_info
(bsc#1012628).
- bnxt_en: Prevent XDP redirect from running when stopping TX
queue (bsc#1012628).
- sfc: Do not free an empty page_ring (bsc#1012628).
- RDMA/mlx5: Don't remove cache MRs when a delay is needed
(bsc#1012628).
- RDMA/mlx5: Add a missing update of cache->last_add
(bsc#1012628).
- IB/cm: Cancel mad on the DREQ event when the state is
MRA_REP_RCVD (bsc#1012628).
- cifs: fix potential race with cifsd thread (bsc#1012628).
- IB/rdmavt: add lock to call to rvt_error_qp to prevent a race
condition (bsc#1012628).
- sctp: count singleton chunks in assoc user stats (bsc#1012628).
- dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe (bsc#1012628).
- ice: Set txq_teid to ICE_INVAL_TEID on ring creation
(bsc#1012628).
- ice: Do not skip not enabled queues in ice_vc_dis_qs_msg
(bsc#1012628).
- ipv6: Fix stats accounting in ip6_pkt_drop (bsc#1012628).
- ice: synchronize_rcu() when terminating rings (bsc#1012628).
- ice: xsk: fix VSI state check in ice_xsk_wakeup() (bsc#1012628).
- ice: clear cmd_type_offset_bsz for TX rings (bsc#1012628).
- net: openvswitch: don't send internal clone attribute to the
userspace (bsc#1012628).
- net: ethernet: mv643xx: Fix over zealous checking
of_get_mac_address() (bsc#1012628).
- net: openvswitch: fix leak of nested actions (bsc#1012628).
- rxrpc: fix a race in rxrpc_exit_net() (bsc#1012628).
- net: sfc: fix using uninitialized xdp tx_queue (bsc#1012628).
- net: phy: mscc-miim: reject clause 45 register accesses
(bsc#1012628).
- qede: confirm skb is allocated before using (bsc#1012628).
- spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op()
(bsc#1012628).
- drm/amd/display: Fix for dmub outbox notification enable
(bsc#1012628).
- drm/amd/display: Remove redundant dsc power gating from init_hw
(bsc#1012628).
- bpf: Support dual-stack sockets in bpf_tcp_check_syncookie
(bsc#1012628).
- drbd: Fix five use after free bugs in get_initial_state
(bsc#1012628).
- scsi: sd: sd_read_cpr() requires VPD pages (bsc#1012628).
- scsi: ufs: ufshpb: Fix a NULL check on list iterator
(bsc#1012628).
- io_uring: nospec index for tags on files update (bsc#1012628).
- io_uring: don't touch scm_fp_list after queueing skb
(bsc#1012628).
- SUNRPC: Handle ENOMEM in call_transmit_status() (bsc#1012628).
- SUNRPC: Handle low memory situations in call_status()
(bsc#1012628).
- SUNRPC: svc_tcp_sendmsg() should handle errors from
xdr_alloc_bvec() (bsc#1012628).
- iommu/omap: Fix regression in probe for NULL pointer dereference
(bsc#1012628).
- perf unwind: Don't show unwind error messages when augmenting
frame pointer stack (bsc#1012628).
- perf: arm-spe: Fix perf report --mem-mode (bsc#1012628).
- perf tools: Fix perf's libperf_print callback (bsc#1012628).
- perf session: Remap buf if there is no space for event
(bsc#1012628).
- arm64: Add part number for Arm Cortex-A78AE (bsc#1012628).
- scsi: mpt3sas: Fix use after free in
_scsih_expander_node_remove() (bsc#1012628).
- scsi: ufs: ufs-pci: Add support for Intel MTL (bsc#1012628).
- Revert "mmc: sdhci-xenon: fix annoying 1.8V regulator warning"
(bsc#1012628).
- mmc: block: Check for errors after write on SPI (bsc#1012628).
- mmc: mmci: stm32: correctly check all elements of sg list
(bsc#1012628).
- mmc: renesas_sdhi: special 4tap settings only apply to HS400
(bsc#1012628).
- mmc: renesas_sdhi: don't overwrite TAP settings when HS400
tuning is complete (bsc#1012628).
- mmc: core: Fixup support for writeback-cache for eMMC and SD
(bsc#1012628).
- lz4: fix LZ4_decompress_safe_partial read out of bound
(bsc#1012628).
- highmem: fix checks in __kmap_local_sched_{in,out}
(bsc#1012628).
- mmmremap.c: avoid pointless invalidate_range_start/end on
mremap(old_size=0) (bsc#1012628).
- mm/mempolicy: fix mpol_new leak in shared_policy_replace
(bsc#1012628).
- io_uring: don't check req->file in io_fsync_prep()
(bsc#1012628).
- io_uring: defer splice/tee file validity check until command
issue (bsc#1012628).
- io_uring: implement compat handling for IORING_REGISTER_IOWQ_AFF
(bsc#1012628).
- io_uring: fix race between timeout flush and removal
(bsc#1012628).
- perf/x86/intel: Update the FRONTEND MSR mask on Sapphire Rapids
(bsc#1012628).
- btrfs: fix qgroup reserve overflow the qgroup limit
(bsc#1012628).
- btrfs: zoned: traverse devices under chunk_mutex in
btrfs_can_activate_zone (bsc#1012628).
- btrfs: remove device item and update super block in the same
transaction (bsc#1012628).
- btrfs: avoid defragging extents whose next extents are not
targets (bsc#1012628).
- btrfs: prevent subvol with swapfile from being deleted
(bsc#1012628).
- spi: core: add dma_map_dev for __spi_unmap_msg() (bsc#1012628).
- cifs: force new session setup and tcon for dfs (bsc#1012628).
- qed: fix ethtool register dump (bsc#1012628).
- arm64: patch_text: Fixup last cpu should be master
(bsc#1012628).
- RDMA/hfi1: Fix use-after-free bug for mm struct (bsc#1012628).
- drbd: fix an invalid memory access caused by incorrect use of
list iterator (bsc#1012628).
- gpio: Restrict usage of GPIO chip irq members before
initialization (bsc#1012628).
- x86/msi: Fix msi message data shadow struct (bsc#1012628).
- x86/mm/tlb: Revert retpoline avoidance approach (bsc#1012628).
- perf/x86/intel: Don't extend the pseudo-encoding to GP counters
(bsc#1012628).
- ata: sata_dwc_460ex: Fix crash due to OOB write (bsc#1012628).
- perf: qcom_l2_pmu: fix an incorrect NULL check on list iterator
(bsc#1012628).
- perf/core: Inherit event_caps (bsc#1012628).
- irqchip/gic-v3: Fix GICR_CTLR.RWP polling (bsc#1012628).
- fbdev: Fix unregistering of framebuffers without device
(bsc#1012628).
- amd/display: set backlight only if required (bsc#1012628).
- drm/panel: ili9341: fix optional regulator handling
(bsc#1012628).
- drm/amd/display: Fix by adding FPU protection for
dcn30_internal_validate_bw (bsc#1012628).
- drm/amdgpu/display: change pipe policy for DCN 2.1
(bsc#1012628).
- drm/amdgpu/smu10: fix SoC/fclk units in auto mode (bsc#1012628).
- drm/amdgpu/vcn: Fix the register setting for vcn1 (bsc#1012628).
- drm/amdkfd: Create file descriptor after client is added to
smi_clients list (bsc#1012628).
- drm/amdgpu: don't use BACO for reset in S3 (bsc#1012628).
- SUNRPC: Ensure we flush any closed sockets before xs_xprt_free()
(bsc#1012628).
- Revert "ACPI: processor: idle: Only flush cache on entering C3"
(bsc#1012628).
- drm/amdkfd: Fix variable set but not used warning (bsc#1012628).
- net/smc: send directly on setting TCP_NODELAY (bsc#1012628).
- Revert "selftests: net: Add tls config dependency for tls
selftests" (bsc#1012628).
- bpf: Make remote_port field in struct bpf_sk_lookup 16-bit wide
(bsc#1012628).
- selftests/bpf: Fix u8 narrow load checks for bpf_sk_lookup
remote_port (bsc#1012628).
- bpf: Treat bpf_sk_lookup remote_port as a 2-byte field
(bsc#1012628).
- perf build: Don't use -ffat-lto-objects in the python feature
test when building with clang-13 (bsc#1012628).
- perf python: Fix probing for some clang command line options
(bsc#1012628).
- tools build: Filter out options and warnings not supported by
clang (bsc#1012628).
- tools build: Use $(shell ) instead of `` to get embedded
libperl's ccopts (bsc#1012628).
- dmaengine: Revert "dmaengine: shdma: Fix runtime PM imbalance
on error" (bsc#1012628).
- KVM: avoid NULL pointer dereference in kvm_dirty_ring_push
(bsc#1012628).
- Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb()
(bsc#1012628).
- powerpc: Fix virt_addr_valid() for 64-bit Book3E & 32-bit
(bsc#1012628).
- Revert "powerpc: Set max_mapnr correctly" (bsc#1012628).
- x86/bug: Prevent shadowing in __WARN_FLAGS (bsc#1012628).
- objtool: Fix SLS validation for kcov tail-call replacement
(bsc#1012628).
- sched/core: Fix forceidle balancing (bsc#1012628).
- sched: Teach the forced-newidle balancer about CPU affinity
limitation (bsc#1012628).
- x86,static_call: Fix __static_call_return0 for i386
(bsc#1012628).
- x86/extable: Prefer local labels in .set directives
(bsc#1012628).
- irqchip/gic-v4: Wait for GICR_VPENDBASER.Dirty to clear before
descheduling (bsc#1012628).
- powerpc/64: Fix build failure with allyesconfig in
book3s_64_entry.S (bsc#1012628).
- irqchip/gic, gic-v3: Prevent GSI to SGI translations
(bsc#1012628).
- mm/sparsemem: fix 'mem_section' will never be NULL gcc 12
warning (bsc#1012628).
- static_call: Don't make __static_call_return0 static
(bsc#1012628).
- io_uring: move read/write file prep state into actual opcode
handler (bsc#1012628).
- io_uring: propagate issue_flags state down to file assignment
(bsc#1012628).
- io_uring: defer file assignment (bsc#1012628).
- io_uring: drop the old style inflight file tracking
(bsc#1012628).
- Update config files.
- commit a63605c
++++ libgcrypt:
- FIPS: extend the service indicator [bsc#1190700]
* introduced a pk indicator function
* adapted the approved and non approved ciphersuites
* Add libgcrypt_indicators_changes.patch
* Add libgcrypt-indicate-shake.patch
++++ multipath-tools:
- Update to version 0.8.9+42+suse.45974f11:
* Logging improvements
* Fix busy loop with delayed_reconfigure (bsc#1199342)
* multipathd: use remove_map_callback for delayed reconfigure
* multipathd: Don't keep starting TUR threads, if they always hang.
(bsc#1199345)
* Fix handling of path addition in read-only arrays on NVMe
* Updates of built-in hardware database
- Update to upstream 0.8.9
* libmultipath: only warn once about unsupported dev_loss_tmo
* Otherwise code-identical to 0.8.8+64
++++ zchunk:
- Update to version 1.2.1
* Better error detection
* Add support for specifying compression-format in zck
* zck: add option to select chunk hash
* Fix testsuite: Add expected sha256sums for zstd 1.5.1+
* Fix memory leaks
* Various bug fixes
- Drop upstream merged zstd-1.5.1.patch
++++ rpm-config-SUSE:
- Update to version 20220414:
* add SBAT values (boo#1193282)
* Explain that rpm-config-SUSE covers also openSUSE
------------------------------------------------------------------
------------------ 2022-4-13 - Apr 13 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- use _multibuild
++++ Mesa-drivers:
- use _multibuild
++++ apparmor:
- Add samba-new-dcerpcd.patch, samba-4.16 has a new dcerpcd daemon
which now will spawn new additional services on demand. We need to
modify the existing smbd/winbind profiles and additionally add a
new set of profiles to cater for the new functionality;
(bnc#1198309);
++++ file:
- update file-5.41-cache-regexps.patch to fix cache offset
miscalculation (bsc#1197780)
++++ kernel-default:
- arm64: Update config files to v5.18-rc2
- commit 2158d93
- Update config files: set CONFIG_EFI_VARS_PSTORE_DEFAULT_DISABLE=y (bsc#1198276)
Using efivars as the pstore default backend is dangerous, as it might fill up
quickly with dumps, eventually resulting in a non-bootable system.
The feature can be enabled manually via efi_pstore.pstore_disable=0 option.
- commit 7821031
- ALSA: memalloc: Add fallback SG-buffer allocations for x86
(bsc#1198248).
- commit c87e719
++++ kexec-tools:
- kexec-tools-print-error-if-kexec_file_load-fails.patch: print
error if kexec_file_load fails (bsc#1197176).
++++ libapparmor:
- Add samba-new-dcerpcd.patch, samba-4.16 has a new dcerpcd daemon
which now will spawn new additional services on demand. We need to
modify the existing smbd/winbind profiles and additionally add a
new set of profiles to cater for the new functionality;
(bnc#1198309);
++++ tar:
- Add recommends to zstd, a modern fast compression type.
++++ vim:
- Updated to version 8.2.4745, fixes the following problems
- CVE-2022-1160 - boo#1197814
- CVE-2022-1154 - boo#1197813
* Vim9: not enough test coverage for executing :def function.
* Sourcing buffer lines is too complicated.
* Error for redefining a script item may be confusing.
* Error for arguments of remote_expr() even when the +clientserver feature
is not included.
* Test fails because of changed error message.
* Sourcing buffer lines may lead to errors for conflicts.
* getcompletion() does not work properly when 'wildoptions contains "fuzzy".
* :unhide does not check for failing to close a window.
* Some conditions are always true.
* Typos in tests; one lua line not covered by test.
* Vim9: cannot use a recursive call in a nested function. (Sergey Vlasov)
* Return type of swapfile_unchanged() is wrong.
* Redrawing too much when 'cursorline' is set and jumping around.
* Mapping with escaped bar does not work in :def function. (Sergey Vlasov)
* Vim9: Declarations in a {} block of a user command do not use Vim9 rules
if defined in a legacy script. (Yegappan Lakshmanan)
* No completion for :scriptnames.
* Command line completion does not recognize single letter commands.
* Mapping is cancelled when mouse moves and popup is visible.
* Two letter substitute commands don't work. (Yegappan Lakshmanan)
* Crash when using the tabline right-click menu.
* Vim9: Crash with :execute and :finish. (Sergey Vlasov)
* Coverity warns for using uninitialized field.
* Old Coverity warning for resource leak.
* Old Coverity warning for resource leak.
* Visual area not fully updated when removing sign in Visual mode while
scrolling.
* flatten() does not use maxdepth correctly.
* Not enough testing for 2/3 letter substitute commands.
* flattennew() makes a deep copy unnecessarily.
* 'cursorline' not always updated with 'cursorlineopt' is "screenline".
* Crash when switching window in BufWipeout autocommand.
* Using freed memory in flatten().
* Visual range does not work before command modifiers.
* Vim9: cannot initialize a variable to null_list.
* Tests using null list or dict fail.
* Not using Visual range.
* Warning for using uninitialized variable. (Tony Mechelynck)
* Superfluous check if a redraw is needed for 'cursorline'.
* Not sufficient parenthesis in preprocessor macros.
* Some boolean options use "long" instead of "int".
* May mark the wrong window for redrawing.
* Vim9: in :def function script var cannot be null.
* Vim9: variable may be locked unintentionally.
* Redrawing too often when 'relativenumber' is set.
* 'shortmess' changed when session does not store options.
* Using buffer line after it has been freed in old regexp engine.
* "source" can read past end of copied line.
* Handling LSP messages is a bit slow.
* Various formatting problems.
* "import autoload" only works with using 'runtimepath'.
* Test fails because path differs.
* Leaking memory if assignment fails.
* "import autoload" does not check the file name.
* Missing changes for import check.
* Command line completion popup menu positioned wrong when using a terminal
window.
* Vim9: can't use items from "import autoload" with autoload directory name.
* Errors for functions are sometimes hard to read.
* Org-mode files are not recognized.
* Invalid memory access when using printable function name.
* Cursorcolumn is sometimes not correct.
* Coverity warning for using uninitialized variable.
* No error for using out of range list index.
* Occasional crash when running the GUI tests.
* Elvish files are not recognized.
* Popup with "minwidth" and scrollbar not updated properly.
* Vim9: assignment not recognized in skipped block.
* expandcmd() fails on an error.
* Buffer allocation failures insufficiently tested.
* In compiled code len('string') is not inlined.
* Memory allocation failures for new tab page not tested.
* 'wildignorecase' is sometimes not used for glob().
* Using :normal with Ex mode may make :substitute hang.
* Redrawing a vertically split window is slow when using CTRL-F and CTRL-B.
* Cannot force getting MouseMove events.
* No error for missing expression after :elseif. (Ernie Rael)
* Test fails with different error.
* Vim9: not all code is tested.
* Cannot have expandcmd() give an error message for mistakes.
* Build failure without +postscript.
* Build fails with a combination of features.
* Vim9: can use :unlockvar for const variable. (Ernie Rael)
* Verbose check with dict_find() to see if a key is present.
* Cannot open a channel on a Unix domain socket.
* When a swap file is found for a popup there is no dialog and the buffer
is loaded anyway.
* Configure doesn't find the Motif library with Cygwin.
* "vimgrep /\%v/ *" may cause a crash.
* New regexp engine does not give an error for "\%v".
* Using <Cmd> in a mapping does not work for mouse keys in Insert
mode. (Sergey Vlasov)
* Channel tests fail on MS-Windows.
* Solution for <Cmd> in a mapping causes trouble.
* No test for what 8.2.4691 fixes.
* new regexp does not accept pattern "\%>0v".
* Avoidance of #elif causes more preproc nesting.
* JSON encoding could be faster.
* delete() with "rf" argument does not report a failure.
* Vim9: crash when adding a duplicate key to a dictionary.
* Vim9: script variable has no flag that it was set.
* Hard to reproduce hang when reading from a channel.
* Buffer remains active if a WinClosed event throws an exception.
* Kuka Robot Language files not recognized.
* C++ scope labels are hard-coded.
* Memory leak in handling 'cinscopedecls'.
* Using "else" after return or break increases indent.
* Jump list marker disappears.
* Buffer remains active if a WinClosed event throws an exception when
there are multiple tabpages.
* Redrawing could be a bit more efficient.
* PHP test files are not recognized.
* After :redraw the statusline highlight might be used.
* Smart indenting does not work after completion.
* When 'insermode' is set :edit from <Cmd> mapping misbehaves.
* Only get profiling information after exiting.
* Plugins cannot track text scrolling.
* Using g:filetype_dat and g:filetype_src not tested.
* Vagrantfile not recognized.
* Memory allocation failure not tested when defining a function.
* For TextYankPost v:event does not contain information about the operation
being inclusive or not.
* @@@ in the last line sometimes drawn in the wrong place.
* ">" marker sometimes not displayed in the jumplist.
* ABB Rapid files are not recognized properly.
* Cooklang files are not recognized.
* When a recording is ended with a mapped key that key is also recorded.
* The ModeChanged autocmd event is inefficient.
* Current instance of last search pattern not easily spotted.
* Unused variable in tiny build.
* Cannot use expand() to get the script name.
* Unused code.
* No test that v:event cannot be modified.
* HEEx and Surface templates do not need a separate filetype.
* The changelist index is not remembered per buffer.
* Duplicate code to free fuzzy matches.
* HEEx and Surface do need a separate filetype.
* getcharpos() may change a mark position.
* Quickfix tests can be a bit hard to read.
* Build problem for Cygwin with Motif.
* // in JavaScript string recognized as comment.
* Esc on commandline executes command instead of abandoning it.
* Accessing freed memory after WinScrolled autocmd event.
* When expand() fails there is no error message.
* Startup test fails.
* There is no way to start logging very early in startup.
* A terminal window can't use the bell.
* Using wrong flag for using bell in the terminal.
------------------------------------------------------------------
------------------ 2022-4-12 - Apr 12 2022 -------------------
------------------------------------------------------------------
++++ dracut:
- Update to version 056+suse.268.g0b2bd662:
* fix(resume): do not add this module if there is no suitable swap (bsc#1198095)
* feat(resume): improve sanity check by verifying volatile swap (bsc#1198095)
* fix(resume): correct call to block_is_netdevice function (bsc#1197737)
* fix(lvm): add missing grep requirement (bsc#1198271)
++++ kdump:
- remount filesystem r/w for fadump (bsc#1197125)
- stop reloading FADump on CPU hot-add event
++++ kernel-default:
- Update
patches.suse/x86-pm-save-the-msr-validity-status-at-context-setup.patch
(bsc#1198400).
- Update
patches.suse/x86-speculation-restore-speculation-related-msrs-during-s3-resume.patch
(bsc#1198400).
- commit b1cc750
++++ libcap:
- update to 2.64:
* Fix memory leak in libpsx at program exit.
* Be more resilient to CGo configuration with Go compiler when building tests.
* Fix cap_*prctl() return code/errno handling.
* Minor clarification to cap_get_pid() man page concerning pid value within namespaces.
++++ xz:
- use https urls.
++++ usbredir:
- Add 0001-Use-D_FORTIFY_SOURCE-instead-of-Wp-D_FORTIFY_SOURCE.patch
that enables future switch to -D_FORTIFY_SOURCE=3
(gl#spice/usbredir#60).
++++ podman:
- Require catatonit >= 0.1.7 for pause functionality needed by pods
++++ salt:
- Prevent data pollution between actions proceesed
at the same time (bsc#1197637)
- Fix regression preventing bootstrapping new clients
caused by redundant dependency on psutil (bsc#1197533)
- Added:
* fix-regression-with-depending-client.ssh-on-psutil-b.patch
* prevent-affection-of-ssh.opts-with-lazyloader-bsc-11.patch
++++ shim:
- use common SBAT values (boo#1193282)
++++ timezone:
- Add --add-exports for java versions that support it.
* Fixes build in factory, since this is compulsory for jdk17+
++++ trousers:
- changed urls to https (except main URL which has no https)
------------------------------------------------------------------
------------------ 2022-4-11 - Apr 11 2022 -------------------
------------------------------------------------------------------
++++ aaa_base:
- Update to version 84.87+git20220411.adfb912:
* move bash completion back to -extras (bsc#1187213)
++++ apparmor:
- Add samba_deny_net_admin.patch to add new rule to deny
noisy setsockopt calls from systemd; (bnc#1196850).
++++ audit-secondary:
- Drop buildrequire on C++ compiler.
- Modernize specfile constructs.
++++ catatonit:
- Update to catatont v0.1.7
- This release adds the ability for catatonit to be used as the only
process in a pause container, by passing the -P flag (in this mode no
subprocess is spawned and thus no signal forwarding is done).
++++ grub2:
- use common SBAT values (boo#1193282)
++++ kernel-default:
- drm/nouveau/pmu: Add missing callbacks for Tegra devices
(bsc#1196967).
- commit 0789f15
- Update to 5.18-rc2
- eliminate 1 patch
- patches.suse/net-fungible-Fix-reference-to-__udivdi3-on-32b-build.patch
- update configs
- SATA_LPM_POLICY renamed to SATA_MOBILE_LPM_POLICY
- commit d8f6a40
++++ kernel-firmware:
- Update to version 20220411 (git commit f219d616f42b):
* mediatek: Add mt8192 SCP firmware
* linux-firmware: Update AMD cpu microcode
(CVE-2021-26339, CVE-2021-26373, CVE-2021-26347, CVE-2021-26376,
CVE-2021-26375, CVE-2021-26378, CVE-2021-26372, CVE-2021-26339,
CVE-2021-26348, CVE-2021-26342, CVE-2021-26388, CVE-2021-26349,
CVE-2021-26364, CVE-2021-26312, CVE-2021-26350, bsc#1199459)
* nvidia: add GA102/GA103/GA104/GA106/GA107 signed firmware
* brcm: rename Rock960 NVRAM to AP6356S and link devices to it
* linux-firmware: Update firmware file for Intel Bluetooth 9462
* linux-firmware: Update firmware file for Intel Bluetooth 9462
* linux-firmware: Update firmware file for Intel Bluetooth 9560
* linux-firmware: Update firmware file for Intel Bluetooth 9560
* linux-firmware: Update firmware file for Intel Bluetooth AX201
* linux-firmware: Update firmware file for Intel Bluetooth AX201
* linux-firmware: Update firmware file for Intel Bluetooth AX211
* linux-firmware: Update firmware file for Intel Bluetooth AX211
* linux-firmware: Update firmware file for Intel Bluetooth AX210
* linux-firmware: Update firmware file for Intel Bluetooth AX200
* linux-firmware: Update firmware file for Intel Bluetooth AX201
* linux-firmware: Update firmware file for Intel Bluetooth 9560
* linux-firmware: Update firmware file for Intel Bluetooth 9260
* amdgpu: update green sardine VCN firmware
* amdgpu: update renoir VCN firmware
* amdgpu: update navi14 VCN firmware
* amdgpu: update navi12 VCN firmware
* amdgpu: update navi10 VCN firmware
* linux-firmware: update firmware for MT7921 WiFi device
* linux-firmware: update firmware for mediatek bluetooth chip (MT7921)
* rtw88: 8821c: Update normal firmware to v24.11.00
* ice: Add wireless edge file for Intel E800 series driver
* ice: update ice DDP comms package to 1.3.31.0
* amdgpu: update PSP 13.0.8 firmware
* amdgpu: update GC 10.3.7 firmware
* rtl_bt: Add firmware and config files for RTL8852B
- Update aliases
++++ libapparmor:
- Add samba_deny_net_admin.patch to add new rule to deny
noisy setsockopt calls from systemd; (bnc#1196850).
++++ audit:
- Modernize specfile constructs.
++++ openldap2:
- Use libargon2 instead of libsodium because it supports p>1
- Added new contrib overlays: authzid, datamorph, variant, vc
++++ systemd-presets-common-SUSE:
- Enable appstream-sync-cache.service by default(bsc#1197684).
------------------------------------------------------------------
------------------ 2022-4-10 - Apr 10 2022 -------------------
------------------------------------------------------------------
++++ apparmor:
- add profile for zgrep and xzgrep to prevent CVE-2022-1271
(zgrep-profile-mr870.diff)
++++ libapparmor:
- add profile for zgrep and xzgrep to prevent CVE-2022-1271
(zgrep-profile-mr870.diff)
++++ libxcrypt:
- update to 4.4.28:
* Add glibc-on-or1k (OpenRISC 1000) entry to libcrypt.minver.
This was added in GNU libc 2.35.
++++ mozilla-nss:
- Require nss-util in nss.pc and subsequently remove -lnssutil3
++++ libtpms:
- update to 0.9.3:
* build-sys: Add probing for -fstack-protector
* tpm2: Do not call EVP_PKEY_CTX_set0_rsa_oaep_label() for label of size
* (OSSL 3)
* tpm2: When writing state initialize s_ContextSlotMask if not set
++++ libusb-1_0:
- Update to version 1.0.26
* Fix regression with transfer free's after closing device
* Fix regression with destroyed context if API is misused
* Workaround for applications using missing default context
* Fix hotplog enumeration regression
* Build fixes for various platforms and configurations
* Add interface bound checking for broken devices
* Add umockdev tests on Linux
------------------------------------------------------------------
------------------ 2022-4-9 - Apr 9 2022 -------------------
------------------------------------------------------------------
++++ gzip:
- update to 1.12 (CVE-2022-1271,bsc#1198062):
* 'gzip -l' no longer misreports file lengths 4 GiB and larger.
Previously, 'gzip -l' output the 32-bit value stored in the gzip
header even though that is the uncompressed length modulo 2**32.
Now, 'gzip -l' calculates the uncompressed length by decompressing
the data and counting the resulting bytes. Although this can take
much more time, nowadays the correctness pros seem to outweigh the
performance cons.
* 'zless' is no longer installed on platforms lacking 'less'.
* zgrep applied to a crafted file name with two or more newlines
can no longer overwrite an arbitrary, attacker-selected file.
[bug introduced in gzip-1.3.10]
* zgrep now names input file on error instead of mislabeling it as
"(standard input)", if grep supports the GNU -H and --label options.
* 'zdiff -C 5' no longer misbehaves by treating '5' as a file name.
* Configure-time options like --program-prefix now work.
- refresh zdiff.diff, zgrep.diff, zmore.diff
++++ kernel-default:
- Linux 5.17.2 (bsc#1012628).
- USB: serial: pl2303: add IBM device IDs (bsc#1012628).
- dt-bindings: usb: hcd: correct usb-device path (bsc#1012628).
- USB: serial: pl2303: fix GS type detection (bsc#1012628).
- USB: serial: simple: add Nokia phone driver (bsc#1012628).
- mm: kfence: fix missing objcg housekeeping for SLAB
(bsc#1012628).
- locking/lockdep: Avoid potential access of invalid memory in
lock_class (bsc#1012628).
- drm/amdgpu: move PX checking into amdgpu_device_ip_early_init
(bsc#1012628).
- drm/amdgpu: only check for _PR3 on dGPUs (bsc#1012628).
- iommu/iova: Improve 32-bit free space estimate (bsc#1012628).
- block: flush plug based on hardware and software queue order
(bsc#1012628).
- block: ensure plug merging checks the correct queue at least
once (bsc#1012628).
- usb: typec: tipd: Forward plug orientation to typec subsystem
(bsc#1012628).
- USB: usb-storage: Fix use of bitfields for hardware data in
ene_ub6250.c (bsc#1012628).
- xhci: fix garbage USBSTS being logged in some cases
(bsc#1012628).
- xhci: fix runtime PM imbalance in USB2 resume (bsc#1012628).
- xhci: make xhci_handshake timeout for xhci_reset() adjustable
(bsc#1012628).
- xhci: fix uninitialized string returned by
xhci_decode_ctrl_ctx() (bsc#1012628).
- mei: me: disable driver on the ign firmware (bsc#1012628).
- mei: me: add Alder Lake N device id (bsc#1012628).
- mei: avoid iterator usage outside of list_for_each_entry
(bsc#1012628).
- bus: mhi: pci_generic: Add mru_default for Quectel EM1xx series
(bsc#1012628).
- bus: mhi: Fix pm_state conversion to string (bsc#1012628).
- bus: mhi: Fix MHI DMA structure endianness (bsc#1012628).
- docs: sphinx/requirements: Limit jinja2<3.1 (bsc#1012628).
- coresight: Fix TRCCONFIGR.QE sysfs interface (bsc#1012628).
- coresight: syscfg: Fix memleak on registration failure in
cscfg_create_device (bsc#1012628).
- dt-bindings: iio: adc: zynqmp_ams: Add clock entry
(bsc#1012628).
- iio: adc: xilinx-ams: Fix single channel switching sequence
(bsc#1012628).
- iio: accel: mma8452: use the correct logic to get mma8452_data
(bsc#1012628).
- iio: adc: aspeed: Add divider flag to fix incorrect voltage
reading (bsc#1012628).
- iio: imu: st_lsm6dsx: use dev_to_iio_dev() to get iio_dev struct
(bsc#1012628).
- iio: afe: rescale: use s64 for temporary scale calculations
(bsc#1012628).
- iio: adc: xilinx-ams: Fixed missing PS channels (bsc#1012628).
- iio: adc: xilinx-ams: Fixed wrong sequencer register settings
(bsc#1012628).
- iio: inkern: apply consumer scale on IIO_VAL_INT cases
(bsc#1012628).
- iio: inkern: apply consumer scale when no channel scale is
available (bsc#1012628).
- iio: inkern: make a best effort on offset calculation
(bsc#1012628).
- greybus: svc: fix an error handling bug in gb_svc_hello()
(bsc#1012628).
- clk: rockchip: re-add rational best approximation algorithm
to the fractional divider (bsc#1012628).
- clk: uniphier: Fix fixed-rate initialization (bsc#1012628).
- ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on
PTRACE_SEIZE (bsc#1012628).
- cifs: truncate the inode and mapping when we simulate fcollapse
(bsc#1012628).
- cifs: fix handlecache and multiuser (bsc#1012628).
- cifs: we do not need a spinlock around the tree access during
umount (bsc#1012628).
- KEYS: fix length validation in keyctl_pkey_params_get_2()
(bsc#1012628).
- KEYS: asymmetric: enforce that sig algo matches key algo
(bsc#1012628).
- KEYS: asymmetric: properly validate hash_algo and encoding
(bsc#1012628).
- Documentation: add link to stable release candidate tree
(bsc#1012628).
- Documentation: update stable tree link (bsc#1012628).
- firmware: stratix10-svc: add missing callback parameter on RSU
(bsc#1012628).
- firmware: sysfb: fix platform-device leak in error path
(bsc#1012628).
- HID: intel-ish-hid: Use dma_alloc_coherent for firmware update
(bsc#1012628).
- SUNRPC: avoid race between mod_timer() and del_timer_sync()
(bsc#1012628).
- SUNRPC: Do not dereference non-socket transports in sysfs
(bsc#1012628).
- NFS: NFSv2/v3 clients should never be setting NFS_CAP_XATTR
(bsc#1012628).
- NFSD: prevent underflow in nfssvc_decode_writeargs()
(bsc#1012628).
- NFSD: prevent integer overflow on 32 bit systems (bsc#1012628).
- f2fs: fix to unlock page correctly in error path of is_alive()
(bsc#1012628).
- f2fs: quota: fix loop condition at f2fs_quota_sync()
(bsc#1012628).
- f2fs: fix to do sanity check on .cp_pack_total_block_count
(bsc#1012628).
- remoteproc: Fix count check in rproc_coredump_write()
(bsc#1012628).
- mm/mlock: fix two bugs in user_shm_lock() (bsc#1012628).
- pinctrl: ingenic: Fix regmap on X series SoCs (bsc#1012628).
- pinctrl: samsung: drop pin banks references on error paths
(bsc#1012628).
- net: bnxt_ptp: fix compilation error (bsc#1012628).
- spi: mxic: Fix the transmit path (bsc#1012628).
- mtd: spi-nor: Skip erase logic when SPI_NOR_NO_ERASE is set
(bsc#1012628).
- mtd: rawnand: protect access to rawnand devices while in suspend
(bsc#1012628).
- can: m_can: m_can_tx_handler(): fix use after free of skb
(bsc#1012628).
- jffs2: fix use-after-free in jffs2_clear_xattr_subsystem
(bsc#1012628).
- jffs2: fix memory leak in jffs2_do_mount_fs (bsc#1012628).
- jffs2: fix memory leak in jffs2_scan_medium (bsc#1012628).
- mm: fs: fix lru_cache_disabled race in bh_lru (bsc#1012628).
- mm: don't skip swap entry even if zap_details specified
(bsc#1012628).
- mm/pages_alloc.c: don't create ZONE_MOVABLE beyond the end of
a node (bsc#1012628).
- mm: invalidate hwpoison page cache page in fault path
(bsc#1012628).
- mempolicy: mbind_range() set_policy() after vma_merge()
(bsc#1012628).
- scsi: core: sd: Add silence_suspend flag to suppress some PM
messages (bsc#1012628).
- scsi: ufs: Fix runtime PM messages never-ending cycle
(bsc#1012628).
- scsi: scsi_transport_fc: Fix FPIN Link Integrity statistics
counters (bsc#1012628).
- scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA
commands (bsc#1012628).
- qed: display VF trust config (bsc#1012628).
- qed: validate and restrict untrusted VFs vlan promisc mode
(bsc#1012628).
- riscv: dts: canaan: Fix SPI3 bus width (bsc#1012628).
- riscv: Fix fill_callchain return value (bsc#1012628).
- riscv: Increase stack size under KASAN (bsc#1012628).
- RISC-V: Declare per cpu boot data as static (bsc#1012628).
- cifs: do not skip link targets when an I/O fails (bsc#1012628).
- cifs: fix incorrect use of list iterator after the loop
(bsc#1012628).
- cifs: prevent bad output lengths in smb2_ioctl_query_info()
(bsc#1012628).
- cifs: fix NULL ptr dereference in smb2_ioctl_query_info()
(bsc#1012628).
- ALSA: cs4236: fix an incorrect NULL check on list iterator
(bsc#1012628).
- ALSA: hda: Avoid unsol event during RPM suspending
(bsc#1012628).
- ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and
mmap_lock (bsc#1012628).
- ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020
(bsc#1012628).
- rtc: mc146818-lib: fix locking in mc146818_set_time
(bsc#1012628).
- rtc: pl031: fix rtc features null pointer dereference
(bsc#1012628).
- io_uring: ensure that fsnotify is always called (bsc#1012628).
- ocfs2: fix crash when mount with quota enabled (bsc#1012628).
- drm/simpledrm: Add "panel orientation" property on non-upright
mounted LCD panels (bsc#1012628).
- mm: madvise: skip unmapped vma holes passed to process_madvise
(bsc#1012628).
- mm: madvise: return correct bytes advised with process_madvise
(bsc#1012628).
- Revert "mm: madvise: skip unmapped vma holes passed to
process_madvise" (bsc#1012628).
- mm,hwpoison: unmap poisoned page before invalidation
(bsc#1012628).
- mm: only re-generate demotion targets when a numa node changes
its N_CPU state (bsc#1012628).
- mm/kmemleak: reset tag when compare object pointer
(bsc#1012628).
- dm stats: fix too short end duration_ns when using
precise_timestamps (bsc#1012628).
- dm: fix use-after-free in dm_cleanup_zoned_dev() (bsc#1012628).
- dm: interlock pending dm_io and dm_wait_for_bios_completion
(bsc#1012628).
- dm: fix double accounting of flush with data (bsc#1012628).
- dm integrity: set journal entry unused when shrinking device
(bsc#1012628).
- tracing: Have trace event string test handle zero length strings
(bsc#1012628).
- drbd: fix potential silent data corruption (bsc#1012628).
- can: isotp: sanitize CAN ID checks in isotp_bind()
(bsc#1012628).
- PCI: fu740: Force 2.5GT/s for initial device probe
(bsc#1012628).
- arm64: signal: nofpsimd: Do not allocate fp/simd context when
not available (bsc#1012628).
- arm64: Do not defer reserve_crashkernel() for platforms with
no DMA memory zones (bsc#1012628).
- arm64: dts: qcom: sm8250: Fix MSI IRQ for PCIe1 and PCIe2
(bsc#1012628).
- arm64: dts: ti: k3-am65: Fix gic-v3 compatible regs
(bsc#1012628).
- arm64: dts: ti: k3-j721e: Fix gic-v3 compatible regs
(bsc#1012628).
- arm64: dts: ti: k3-j7200: Fix gic-v3 compatible regs
(bsc#1012628).
- arm64: dts: ti: k3-am64: Fix gic-v3 compatible regs
(bsc#1012628).
- arm64: dts: ti: k3-j721s2: Fix gic-v3 compatible regs
(bsc#1012628).
- ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM
(bsc#1012628).
- mmc: core: use sysfs_emit() instead of sprintf() (bsc#1012628).
- Revert "ACPI: Pass the same capabilities to the _OSC regardless
of the query flag" (bsc#1012628).
- ACPI: properties: Consistently return -ENOENT if there are no
more references (bsc#1012628).
- coredump: Also dump first pages of non-executable ELF libraries
(bsc#1012628).
- ext4: fix ext4_fc_stats trace point (bsc#1012628).
- ext4: fix fs corruption when tring to remove a non-empty
directory with IO error (bsc#1012628).
- ext4: make mb_optimize_scan option work with set/unset mount
cmd (bsc#1012628).
- ext4: make mb_optimize_scan performance mount option work with
extents (bsc#1012628).
- samples/landlock: Fix path_list memory leak (bsc#1012628).
- landlock: Use square brackets around "landlock-ruleset"
(bsc#1012628).
- mailbox: tegra-hsp: Flush whole channel (bsc#1012628).
- btrfs: zoned: put block group after final usage (bsc#1012628).
- block: fix rq-qos breakage from skipping rq_qos_done_bio()
(bsc#1012628).
- block: limit request dispatch loop duration (bsc#1012628).
- block: don't merge across cgroup boundaries if blkcg is enabled
(bsc#1012628).
- drm/edid: check basic audio support on CEA extension block
(bsc#1012628).
- fbdev: Hot-unplug firmware fb devices on forced removal
(bsc#1012628).
- video: fbdev: sm712fb: Fix crash in smtcfb_read() (bsc#1012628).
- video: fbdev: atari: Atari 2 bpp (STe) palette bugfix
(bsc#1012628).
- rfkill: make new event layout opt-in (bsc#1012628).
- ARM: dts: at91: sama7g5: Remove unused properties in i2c nodes
(bsc#1012628).
- ARM: dts: at91: sama5d2: Fix PMERRLOC resource size
(bsc#1012628).
- ARM: dts: exynos: fix UART3 pins configuration in Exynos5250
(bsc#1012628).
- ARM: dts: exynos: add missing HDMI supplies on SMDK5250
(bsc#1012628).
- ARM: dts: exynos: add missing HDMI supplies on SMDK5420
(bsc#1012628).
- mgag200 fix memmapsl configuration in GCTL6 register
(bsc#1012628).
- carl9170: fix missing bit-wise or operator for tx_params
(bsc#1012628).
- pstore: Don't use semaphores in always-atomic-context code
(bsc#1012628).
- thermal: int340x: Increase bitmap size (bsc#1012628).
- lib/raid6/test: fix multiple definition linking error
(bsc#1012628).
- exec: Force single empty string when argv is empty
(bsc#1012628).
- crypto: rsa-pkcs1pad - only allow with rsa (bsc#1012628).
- crypto: rsa-pkcs1pad - correctly get hash from source
scatterlist (bsc#1012628).
- crypto: rsa-pkcs1pad - restore signature length check
(bsc#1012628).
- crypto: rsa-pkcs1pad - fix buffer overread in
pkcs1pad_verify_complete() (bsc#1012628).
- bcache: fixup multiple threads crash (bsc#1012628).
- PM: domains: Fix sleep-in-atomic bug caused by
genpd_debug_remove() (bsc#1012628).
- DEC: Limit PMAX memory probing to R3k systems (bsc#1012628).
- media: gpio-ir-tx: fix transmit with long spaces on Orange Pi PC
(bsc#1012628).
- media: omap3isp: Use struct_group() for memcpy() region
(bsc#1012628).
- media: venus: vdec: fixed possible memory leak issue
(bsc#1012628).
- media: venus: hfi_cmds: List HDR10 property as unsupported
for v1 and v3 (bsc#1012628).
- media: venus: venc: Fix h264 8x8 transform control
(bsc#1012628).
- media: davinci: vpif: fix unbalanced runtime PM get
(bsc#1012628).
- media: davinci: vpif: fix unbalanced runtime PM enable
(bsc#1012628).
- media: davinci: vpif: fix use-after-free on driver unbind
(bsc#1012628).
- mips: Always permit to build u-boot images (bsc#1012628).
- btrfs: zoned: mark relocation as writing (bsc#1012628).
- btrfs: extend locking to all space_info members accesses
(bsc#1012628).
- btrfs: verify the tranisd of the to-be-written dirty extent
buffer (bsc#1012628).
- xtensa: define update_mmu_tlb function (bsc#1012628).
- xtensa: fix stop_machine_cpuslocked call in patch_text
(bsc#1012628).
- xtensa: fix xtensa_wsr always writing 0 (bsc#1012628).
- KVM: s390x: fix SCK locking (bsc#1012628).
- drm/syncobj: flatten dma_fence_chains on transfer (bsc#1012628).
- drm/nouveau/backlight: Fix LVDS backlight detection on some
laptops (bsc#1012628).
- drm/nouveau/backlight: Just set all backlight types as RAW
(bsc#1012628).
- drm/fb-helper: Mark screen buffers in system memory with
FBINFO_VIRTFB (bsc#1012628).
- brcmfmac: firmware: Allocate space for default boardrev in nvram
(bsc#1012628).
- brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup
error path (bsc#1012628).
- brcmfmac: pcie: Declare missing firmware files in pcie.c
(bsc#1012628).
- brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with
memcpy_toio (bsc#1012628).
- brcmfmac: pcie: Fix crashes due to early IRQs (bsc#1012628).
- drm/i915/opregion: check port number bounds for SWSCI display
power state (bsc#1012628).
- drm/i915/gem: add missing boundary check in vm_access
(bsc#1012628).
- PCI: imx6: Allow to probe when dw_pcie_wait_for_link() fails
(bsc#1012628).
- PCI: pciehp: Clear cmd_busy bit in polling mode (bsc#1012628).
- PCI: xgene: Revert "PCI: xgene: Use inbound resources for setup"
(bsc#1012628).
- PCI: xgene: Revert "PCI: xgene: Fix IB window setup"
(bsc#1012628).
- regulator: qcom_smd: fix for_each_child.cocci warnings
(bsc#1012628).
- selinux: access superblock_security_struct in LSM blob way
(bsc#1012628).
- selinux: check return value of sel_make_avc_files (bsc#1012628).
- crypto: ccp - Ensure psp_ret is always init'd in
__sev_platform_init_locked() (bsc#1012628).
- crypto: qat - fix a signedness bug in get_service_enabled()
(bsc#1012628).
- hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER
(bsc#1012628).
- crypto: sun8i-ss - really disable hash on A80 (bsc#1012628).
- crypto: kdf - Select hmac in addition to sha256 (bsc#1012628).
- crypto: qat - fix access to PFVF interrupt registers for GEN4
(bsc#1012628).
- crypto: authenc - Fix sleep in atomic context in decrypt_tail
(bsc#1012628).
- crypto: octeontx2 - select CONFIG_NET_DEVLINK (bsc#1012628).
- crypto: mxs-dcp - Fix scatterlist processing (bsc#1012628).
- selinux: Fix selinux_sb_mnt_opts_compat() (bsc#1012628).
- thermal: int340x: Check for NULL after calling kmemdup()
(bsc#1012628).
- crypto: octeontx2 - remove CONFIG_DM_CRYPT check (bsc#1012628).
- spi: tegra114: Add missing IRQ check in tegra_spi_probe
(bsc#1012628).
- spi: tegra210-quad: Fix missin IRQ check in tegra_qspi_probe
(bsc#1012628).
- perf: MARVELL_CN10K_TAD_PMU should depend on ARCH_THUNDER
(bsc#1012628).
- selftests/sgx: Fix NULL-pointer-dereference upon early test
failure (bsc#1012628).
- selftests/sgx: Do not attempt enclave build without valid
enclave (bsc#1012628).
- selftests/sgx: Ensure enclave data available during debug print
(bsc#1012628).
- stack: Constrain and fix stack offset randomization with Clang
builds (bsc#1012628).
- arm64/mm: avoid fixmap race condition when create pud mapping
(bsc#1012628).
- security: add sctp_assoc_established hook (bsc#1012628).
- security: implement sctp_assoc_established hook in selinux
(bsc#1012628).
- blk-cgroup: set blkg iostat after percpu stat aggregation
(bsc#1012628).
- selftests/x86: Add validity check and allow field splitting
(bsc#1012628).
- selftests/sgx: Treat CC as one argument (bsc#1012628).
- crypto: rockchip - ECB does not need IV (bsc#1012628).
- block: update io_ticks when io hang (bsc#1012628).
- audit: log AUDIT_TIME_* records only from rules (bsc#1012628).
- EVM: fix the evm= __setup handler return value (bsc#1012628).
- crypto: ccree - don't attempt 0 len DMA mappings (bsc#1012628).
- crypto: hisilicon/sec - fix the aead software fallback for
engine (bsc#1012628).
- spi: pxa2xx-pci: Balance reference count for PCI DMA device
(bsc#1012628).
- hwmon: (pmbus) Add mutex to regulator ops (bsc#1012628).
- hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING
(bsc#1012628).
- nvme: cleanup __nvme_check_ids (bsc#1012628).
- nvme: fix the check for duplicate unique identifiers
(bsc#1012628).
- block: don't delete queue kobject before its children
(bsc#1012628).
- PM: hibernate: fix __setup handler error handling (bsc#1012628).
- PM: suspend: fix return value of __setup handler (bsc#1012628).
- spi: spi-zynqmp-gqspi: Handle error for dma_set_mask
(bsc#1012628).
- hwrng: atmel - disable trng on failure path (bsc#1012628).
- crypto: sun8i-ss - call finalize with bh disabled (bsc#1012628).
- crypto: sun8i-ce - call finalize with bh disabled (bsc#1012628).
- crypto: amlogic - call finalize with bh disabled (bsc#1012628).
- crypto: gemini - call finalize with bh disabled (bsc#1012628).
- crypto: vmx - add missing dependencies (bsc#1012628).
- clocksource/drivers/timer-ti-dm: Fix regression from errata
i940 fix (bsc#1012628).
- clocksource/drivers/exynos_mct: Handle DTS with higher number
of interrupts (bsc#1012628).
- clocksource/drivers/timer-microchip-pit64b: Use notrace
(bsc#1012628).
- clocksource/drivers/timer-of: Check return value of of_iomap
in timer_of_base_init() (bsc#1012628).
- arm64: prevent instrumentation of bp hardening callbacks
(bsc#1012628).
- perf/arm-cmn: Hide XP PUB events for CMN-600 (bsc#1012628).
- perf/arm-cmn: Update watchpoint format (bsc#1012628).
- KEYS: trusted: Fix trusted key backends when building as module
(bsc#1012628).
- KEYS: trusted: Avoid calling null function trusted_key_exit
(bsc#1012628).
- ACPI: APEI: fix return value of __setup handlers (bsc#1012628).
- crypto: ccp - ccp_dmaengine_unregister release dma channels
(bsc#1012628).
- crypto: ccree - Fix use after free in cc_cipher_exit()
(bsc#1012628).
- crypto: qat - fix initialization of pfvf cap_msg structures
(bsc#1012628).
- crypto: qat - fix initialization of pfvf rts_map_msg structures
(bsc#1012628).
- hwrng: nomadik - Change clk_disable to clk_disable_unprepare
(bsc#1012628).
- hwmon: (pmbus) Add Vin unit off handling (bsc#1012628).
- clocksource: acpi_pm: fix return value of __setup handler
(bsc#1012628).
- io_uring: don't check unrelated req->open.how in accept request
(bsc#1012628).
- io_uring: terminate manual loop iterator loop correctly for
non-vecs (bsc#1012628).
- watch_queue: Fix NULL dereference in error cleanup
(bsc#1012628).
- watch_queue: Actually free the watch (bsc#1012628).
- f2fs: fix to enable ATGC correctly via gc_idle sysfs interface
(bsc#1012628).
- sched/debug: Remove mpol_get/put and task_lock/unlock from
sched_show_numa (bsc#1012628).
- sched/core: Export pelt_thermal_tp (bsc#1012628).
- sched/sugov: Ignore 'busy' filter when rq is capped by
uclamp_max (bsc#1012628).
- sched/uclamp: Fix iowait boost escaping uclamp restriction
(bsc#1012628).
- rseq: Remove broken uapi field layout on 32-bit little endian
(bsc#1012628).
- perf/core: Fix address filter parser for multiple filters
(bsc#1012628).
- perf/x86/intel/pt: Fix address filter config for 32-bit kernel
(bsc#1012628).
- sched/fair: Improve consistency of allowed NUMA balance
calculations (bsc#1012628).
- f2fs: fix missing free nid in f2fs_handle_failed_inode
(bsc#1012628).
- ext4: fix remount with 'abort' option (bsc#1012628).
- nfsd: more robust allocation failure handling in
nfsd_file_cache_init (bsc#1012628).
- sched/cpuacct: Fix charge percpu cpuusage (bsc#1012628).
- sched/rt: Plug rt_mutex_setprio() vs push_rt_task() race
(bsc#1012628).
- f2fs: fix to avoid potential deadlock (bsc#1012628).
- btrfs: fix unexpected error path when reflinking an inline
extent (bsc#1012628).
- iomap: Fix iomap_invalidatepage tracepoint (bsc#1012628).
- fs: erofs: add sanity check for kobject in
erofs_unregister_sysfs (bsc#1012628).
- f2fs: fix compressed file start atomic write may cause data
corruption (bsc#1012628).
- cifs: use a different reconnect helper for non-cifsd threads
(bsc#1012628).
- selftests, x86: fix how check_cc.sh is being invoked
(bsc#1012628).
- drivers/base/memory: add memory block to memory group after
registration succeeded (bsc#1012628).
- kunit: make kunit_test_timeout compatible with comment
(bsc#1012628).
- pinctrl: samsung: Remove EINT handler for Exynos850 ALIVE and
CMGP gpios (bsc#1012628).
- media: staging: media: zoran: fix usage of
vb2_dma_contig_set_max_seg_size (bsc#1012628).
- media: camss: csid-170: fix non-10bit formats (bsc#1012628).
- media: camss: csid-170: don't enable unused irqs (bsc#1012628).
- media: camss: csid-170: set the right HALT_CMD when disabled
(bsc#1012628).
- media: camss: vfe-170: fix "VFE halt timeout" error
(bsc#1012628).
- media: staging: media: imx: imx7-mipi-csis: Make subdev name
unique (bsc#1012628).
- media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers
across ioctls (bsc#1012628).
- media: mtk-vcodec: potential dereference of null pointer
(bsc#1012628).
- media: imx: imx8mq-mipi-csi2: remove wrong irq config write
operation (bsc#1012628).
- media: imx: imx8mq-mipi_csi2: fix system resume (bsc#1012628).
- media: bttv: fix WARNING regression on tunerless devices
(bsc#1012628).
- media: atmel: atmel-sama7g5-isc: fix ispck leftover
(bsc#1012628).
- ASoC: sh: rz-ssi: Drop calling rz_ssi_pio_recv() recursively
(bsc#1012628).
- ASoC: codecs: Check for error pointer after calling
devm_regmap_init_mmio (bsc#1012628).
- ASoC: xilinx: xlnx_formatter_pcm: Handle sysclk setting
(bsc#1012628).
- ASoC: simple-card-utils: Set sysclk on all components
(bsc#1012628).
- memory: tegra20-emc: Correct memory device mask (bsc#1012628).
- media: coda: Fix missing put_device() call in coda_get_vdoa_data
(bsc#1012628).
- media: meson: vdec: potential dereference of null pointer
(bsc#1012628).
- media: hantro: Fix overfill bottom register field name
(bsc#1012628).
- media: ov6650: Fix set format try processing path (bsc#1012628).
- media: v4l: Avoid unaligned access warnings when printing 4cc
modifiers (bsc#1012628).
- media: ov5648: Don't pack controls struct (bsc#1012628).
- media: ov2740: identify module after subdev initialisation
(bsc#1012628).
- media: aspeed: Correct value for h-total-pixels (bsc#1012628).
- video: fbdev: matroxfb: set maxvram of vbG200eW to the same
as vbG200 to avoid black screen (bsc#1012628).
- video: fbdev: controlfb: Fix COMPILE_TEST build (bsc#1012628).
- video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe()
(bsc#1012628).
- video: fbdev: atmel_lcdfb: fix an error code in
atmel_lcdfb_probe() (bsc#1012628).
- video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name()
(bsc#1012628).
- ARM: dts: Fix OpenBMC flash layout label addresses
(bsc#1012628).
- ASoC: max98927: add missing header file (bsc#1012628).
- arm64: dts: qcom: sc7280: Fix gmu unit address (bsc#1012628).
- firmware: qcom: scm: Remove reassignment to desc following
initializer (bsc#1012628).
- ARM: dts: qcom: ipq4019: fix sleep clock (bsc#1012628).
- soc: qcom: rpmpd: Check for null return of devm_kcalloc
(bsc#1012628).
- soc: qcom: ocmem: Fix missing put_device() call in of_get_ocmem
(bsc#1012628).
- soc: qcom: aoss: Fix missing put_device call in qmp_get
(bsc#1012628).
- soc: qcom: aoss: remove spurious IRQF_ONESHOT flags
(bsc#1012628).
- arm64: dts: qcom: sdm845: fix microphone bias properties and
values (bsc#1012628).
- arm64: dts: qcom: sm8250: fix PCIe bindings to follow schema
(bsc#1012628).
- arm64: dts: qcom: msm8916-j5: Fix typo (bsc#1012628).
- arm64: dts: broadcom: bcm4908: use proper TWD binding
(bsc#1012628).
- arm64: dts: qcom: sm8150: Correct TCS configuration for apps
rsc (bsc#1012628).
- arm64: dts: qcom: sm8350: Correct TCS configuration for apps
rsc (bsc#1012628).
- arm64: dts: qcom: sm8450: Update cpuidle states parameters
(bsc#1012628).
- arm64: dts: qcom: msm8994: Provide missing "xo_board" and
"sleep_clk" to GCC (bsc#1012628).
- arm64: dts: qcom: ipq6018: fix usb reference period
(bsc#1012628).
- firmware: ti_sci: Fix compilation failure when
CONFIG_TI_SCI_PROTOCOL is not defined (bsc#1012628).
- soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe
(bsc#1012628).
- cpuidle: qcom-spm: Check if any CPU is managed by SPM
(bsc#1012628).
- ARM: dts: sun8i: v3s: Move the csi1 block to follow address
order (bsc#1012628).
- ARM: dts: stm32: fix AV96 board SAI2 pin muxing on stm32mp15
(bsc#1012628).
- vsprintf: Fix potential unaligned access (bsc#1012628).
- ARM: dts: qcom: sdx55: Fix the address used for PCIe EP local
addr space (bsc#1012628).
- ARM: dts: imx: Add missing LVDS decoder on M53Menlo
(bsc#1012628).
- media: mexon-ge2d: fixup frames size in registers (bsc#1012628).
- media: video/hdmi: handle short reads of hdmi info frame
(bsc#1012628).
- media: ti-vpe: cal: Fix a NULL pointer dereference in
cal_ctx_v4l2_init_formats() (bsc#1012628).
- media: em28xx: initialize refcount before kref_get
(bsc#1012628).
- media: uapi: Init VP9 stateless decode params (bsc#1012628).
- media: usb: go7007: s2250-board: fix leak in probe()
(bsc#1012628).
- media: cedrus: H265: Fix neighbour info buffer size
(bsc#1012628).
- media: cedrus: h264: Fix neighbour info buffer size
(bsc#1012628).
- arm64: dts: ti: k3-j721s2-mcu-wakeup: Fix the interrupt-parent
for wkup_gpioX instances (bsc#1012628).
- ASoC: codecs: rx-macro: fix accessing compander for aux
(bsc#1012628).
- ASoC: codecs: rx-macro: fix accessing array out of bounds for
enum type (bsc#1012628).
- ASoC: codecs: va-macro: fix accessing array out of bounds for
enum type (bsc#1012628).
- ASoC: codecs: wc938x: fix accessing array out of bounds for
enum type (bsc#1012628).
- ASoC: codecs: wcd938x: fix kcontrol max values (bsc#1012628).
- ASoC: codecs: wcd934x: fix kcontrol max values (bsc#1012628).
- ASoC: codecs: wcd934x: fix return value of
wcd934x_rx_hph_mode_put (bsc#1012628).
- media: v4l2-core: Initialize h264 scaling matrix (bsc#1012628).
- media: hantro: sunxi: Fix VP9 steps (bsc#1012628).
- media: ov5640: Fix set format, v4l2_mbus_pixelcode not updated
(bsc#1012628).
- selftests: vm: remove dependecy from internal kernel macros
(bsc#1012628).
- selftests/lkdtm: Add UBSAN config (bsc#1012628).
- vsprintf: Fix %pK with kptr_restrict == 0 (bsc#1012628).
- uaccess: fix nios2 and microblaze get_user_8() (bsc#1012628).
- ASoC: rt5663: check the return value of devm_kzalloc() in
rt5663_parse_dp() (bsc#1012628).
- ASoC: acp: check the return value of devm_kzalloc() in
acp_legacy_dai_links_create() (bsc#1012628).
- soc: mediatek: pm-domains: Add wakeup capacity support in
power domain (bsc#1012628).
- mmc: sdhci_am654: Fix the driver data of AM64 SoC (bsc#1012628).
- ASoC: ti: davinci-i2s: Add check for clk_enable() (bsc#1012628).
- ALSA: spi: Add check for clk_enable() (bsc#1012628).
- arm64: dts: ns2: Fix spi-cpol and spi-cpha property
(bsc#1012628).
- arm64: dts: broadcom: Fix sata nodename (bsc#1012628).
- printk: fix return value of printk.devkmsg __setup handler
(bsc#1012628).
- ASoC: mxs-saif: Handle errors for clk_enable (bsc#1012628).
- ASoC: atmel_ssc_dai: Handle errors for clk_enable (bsc#1012628).
- ASoC: dwc-i2s: Handle errors for clk_enable (bsc#1012628).
- ASoC: soc-compress: prevent the potentially use of null pointer
(bsc#1012628).
- media: i2c: Fix pixel array positions in ov8865 (bsc#1012628).
- memory: emif: Add check for setup_interrupts (bsc#1012628).
- memory: emif: check the pointer temp in get_device_details()
(bsc#1012628).
- ALSA: firewire-lib: fix uninitialized flag for AV/C deferred
transaction (bsc#1012628).
- arm64: dts: rockchip: Fix SDIO regulator supply properties on
rk3399-firefly (bsc#1012628).
- m68k: coldfire/device.c: only build for MCF_EDMA when h/w
macros are defined (bsc#1012628).
- media: stk1160: If start stream fails, return buffers with
VB2_BUF_STATE_QUEUED (bsc#1012628).
- media: vidtv: Check for null return of vzalloc (bsc#1012628).
- ASoC: cs35l41: Fix GPIO2 configuration (bsc#1012628).
- ASoC: cs35l41: Fix max number of TX channels (bsc#1012628).
- ASoC: atmel: Add missing of_node_put() in
at91sam9g20ek_audio_probe (bsc#1012628).
- ASoC: wm8350: Handle error for wm8350_register_irq
(bsc#1012628).
- ASoC: fsi: Add check for clk_enable (bsc#1012628).
- video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of
(bsc#1012628).
- media: saa7134: fix incorrect use to determine if list is empty
(bsc#1012628).
- ivtv: fix incorrect device_caps for ivtvfb (bsc#1012628).
- ASoC: atmel: Fix error handling in snd_proto_probe
(bsc#1012628).
- ASoC: rockchip: i2s: Fix missing clk_disable_unprepare()
in rockchip_i2s_probe (bsc#1012628).
- ASoC: SOF: Add missing of_node_put() in imx8m_probe
(bsc#1012628).
- ASoC: mediatek: mt8192-mt6359: Fix error handling in
mt8192_mt6359_dev_probe (bsc#1012628).
- ASoC: rk817: Fix missing clk_disable_unprepare() in
rk817_platform_probe (bsc#1012628).
- ASoC: dmaengine: do not use a NULL prepare_slave_config()
callback (bsc#1012628).
- ASoC: mxs: Fix error handling in mxs_sgtl5000_probe
(bsc#1012628).
- ASoC: fsl_spdif: Disable TX clock when stop (bsc#1012628).
- ASoC: imx-es8328: Fix error return code in imx_es8328_probe()
(bsc#1012628).
- ASoC: SOF: Intel: enable DMI L1 for playback streams
(bsc#1012628).
- ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare()
in msm8916_wcd_digital_probe (bsc#1012628).
- mmc: davinci_mmc: Handle error for clk_enable (bsc#1012628).
- rtla/osnoise: Fix osnoise hist stop tracing message
(bsc#1012628).
- ASoC: rockchip: Fix PM usage reference of
rockchip_i2s_tdm_resume (bsc#1012628).
- ASoC: atmel: Fix error handling in sam9x5_wm8731_driver_probe
(bsc#1012628).
- ASoC: msm8916-wcd-analog: Fix error handling in
pm8916_wcd_analog_spmi_probe (bsc#1012628).
- ASoC: mediatek: mt8195: Fix error handling in
mt8195_mt6359_rt1019_rt5682_dev_probe (bsc#1012628).
- ASoC: codecs: wcd934x: Add missing of_node_put() in
wcd934x_codec_parse_data (bsc#1012628).
- ASoC: amd: Fix reference to PCM buffer address (bsc#1012628).
- ARM: configs: multi_v5_defconfig: re-enable
CONFIG_V4L_PLATFORM_DRIVERS (bsc#1012628).
- ARM: configs: multi_v5_defconfig: re-enable DRM_PANEL and FB_xxx
(bsc#1012628).
- drm/bridge: sn65dsi83: Fix an error handling path in
sn65dsi83_probe() (bsc#1012628).
- drm/meson: osd_afbcd: Add an exit callback to struct
meson_afbcd_ops (bsc#1012628).
- drm/meson: Fix error handling when afbcd.ops->init fails
(bsc#1012628).
- drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev
(bsc#1012628).
- drm/bridge: Add missing pm_runtime_disable() in
__dw_mipi_dsi_probe (bsc#1012628).
- drm/bridge: nwl-dsi: Fix PM disable depth imbalance in
nwl_dsi_probe (bsc#1012628).
- drm: bridge: adv7511: Fix ADV7535 HPD enablement (bsc#1012628).
- ath11k: add missing of_node_put() to avoid leak (bsc#1012628).
- ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern
(bsc#1012628).
- drm/v3d/v3d_drv: Check for error num after setting mask
(bsc#1012628).
- Bluetooth: hci_sync: unlock on error in
hci_inquiry_result_with_rssi_evt() (bsc#1012628).
- ath11k: free peer for station when disconnect from AP for
QCA6390/WCN6855 (bsc#1012628).
- drm/panfrost: Check for error num after setting mask
(bsc#1012628).
- bpftool: Fix error check when calling hashmap__new()
(bsc#1012628).
- libbpf: Fix possible NULL pointer dereference when destroying
skeleton (bsc#1012628).
- bpftool: Only set obj->skeleton on complete success
(bsc#1012628).
- ath11k: fix error code in ath11k_qmi_assign_target_mem_chunk()
(bsc#1012628).
- udmabuf: validate ubuf->pagecount (bsc#1012628).
- bpf: Fix UAF due to race between btf_try_get_module and
load_module (bsc#1012628).
- drm/selftests/test-drm_dp_mst_helper: Fix memory leak in
sideband_msg_req_encode_decode (bsc#1012628).
- drm/locking: fix drm_modeset_acquire_ctx kernel-doc
(bsc#1012628).
- selftests: bpf: Fix bind on used port (bsc#1012628).
- Bluetooth: btintel: Fix WBS setting for Intel legacy ROM
products (bsc#1012628).
- Bluetooth: hci_serdev: call init_rwsem() before p->open()
(bsc#1012628).
- Bluetooth: mt7921s: fix firmware coredump retrieve
(bsc#1012628).
- Bluetooth: mt7921s: fix bus hang with wrong privilege
(bsc#1012628).
- Bluetooth: btmtksdio: refactor
btmtksdio_runtime_[suspend|resume]() (bsc#1012628).
- Bluetooth: mt7921s: fix btmtksdio_[drv|fw]_pmctrl()
(bsc#1012628).
- Bluetooth: btmtksdio: mask out interrupt status (bsc#1012628).
- mtd: onenand: Check for error irq (bsc#1012628).
- mtd: rawnand: gpmi: fix controller timings setting
(bsc#1012628).
- selftests, xsk: Fix rx_full stats test (bsc#1012628).
- drm/edid: Don't clear formats if using deep color (bsc#1012628).
- drm/edid: Split deep color modes between RGB and YUV444
(bsc#1012628).
- ionic: fix type complaint in ionic_dev_cmd_clean()
(bsc#1012628).
- ionic: start watchdog after all is setup (bsc#1012628).
- ionic: Don't send reset commands if FW isn't running
(bsc#1012628).
- ionic: fix up printing of timeout error (bsc#1012628).
- ionic: Correctly print AQ errors if completions aren't received
(bsc#1012628).
- net: dsa: Move VLAN filtering syncing out of
dsa_switch_bridge_leave (bsc#1012628).
- net: dsa: Avoid cross-chip syncing of VLAN filtering
(bsc#1012628).
- Bluetooth: hci_event: Fix HCI_EV_VENDOR max_len (bsc#1012628).
- drm/nouveau/acr: Fix undefined behavior in
nvkm_acr_hsfw_load_bl() (bsc#1012628).
- drm/amd/display: Call dc_stream_release for remove link enc
assignment (bsc#1012628).
- drm/amd/display: Fix a NULL pointer dereference in
amdgpu_dm_connector_add_common_modes() (bsc#1012628).
- drm/amd/pm: return -ENOTSUPP if there is no
get_dpm_ultimate_freq function (bsc#1012628).
- net: phy: at803x: move page selection fix to config_init
(bsc#1012628).
- selftests/bpf/test_xdp_redirect_multi: use temp netns for
testing (bsc#1012628).
- ath9k_htc: fix uninit value bugs (bsc#1012628).
- ath11k: set WMI_PEER_40MHZ while peer assoc for 6 GHz
(bsc#1012628).
- RDMA/core: Set MR type in ib_reg_user_mr (bsc#1012628).
- KVM: PPC: Fix vmx/vsx mixup in mmio emulation (bsc#1012628).
- selftests/net: timestamping: Fix bind_phc check (bsc#1012628).
- rtw88: check for validity before using a pointer (bsc#1012628).
- rtw88: fix idle mode flow for hw scan (bsc#1012628).
- rtw88: fix memory overrun and memory leak during hw_scan
(bsc#1012628).
- drm/bridge: lt9611: Fix an error handling path in lt9611_probe()
(bsc#1012628).
- i40e: don't reserve excessive XDP_PACKET_HEADROOM on XSK Rx
to skb (bsc#1012628).
- i40e: respect metadata on XSK Rx to skb (bsc#1012628).
- ice: don't reserve excessive XDP_PACKET_HEADROOM on XSK Rx to
skb (bsc#1012628).
- ice: respect metadata on XSK Rx to skb (bsc#1012628).
- igc: don't reserve excessive XDP_PACKET_HEADROOM on XSK Rx to
skb (bsc#1012628).
- ixgbe: pass bi->xdp to ixgbe_construct_skb_zc() directly
(bsc#1012628).
- ixgbe: don't reserve excessive XDP_PACKET_HEADROOM on XSK Rx
to skb (bsc#1012628).
- ixgbe: respect metadata on XSK Rx to skb (bsc#1012628).
- power: reset: gemini-poweroff: Fix IRQ check in
gemini_poweroff_probe (bsc#1012628).
- ray_cs: Check ioremap return value (bsc#1012628).
- powerpc: dts: t1040rdb: fix ports names for Seville Ethernet
switch (bsc#1012628).
- KVM: PPC: Book3S HV: Check return value of kvmppc_radix_init
(bsc#1012628).
- powerpc/perf: Don't use perf_hw_context for trace IMC PMU
(bsc#1012628).
- mt76: connac: fix sta_rec_wtbl tag len (bsc#1012628).
- mt76: mt7915: use proper aid value in
mt7915_mcu_wtbl_generic_tlv in sta mode (bsc#1012628).
- mt76: mt7915: use proper aid value in mt7915_mcu_sta_basic_tlv
(bsc#1012628).
- mt76: mt76_connac: fix MCU_CE_CMD_SET_ROC definition error
(bsc#1012628).
- mt76: mt7921: set EDCA parameters with the MCU CE command
(bsc#1012628).
- mt76: mt7921: do not always disable fw runtime-pm (bsc#1012628).
- mt76: mt7921: fix a leftover race in runtime-pm (bsc#1012628).
- mt76: mt7615: fix a leftover race in runtime-pm (bsc#1012628).
- mt76: mt7915: fix ht mcs in mt7915_mac_add_txs_skb()
(bsc#1012628).
- mt76: mt7921: fix ht mcs in mt7921_mac_add_txs_skb()
(bsc#1012628).
- mt76: mt7921s: fix mt7921s_mcu_[fw|drv]_pmctrl (bsc#1012628).
- mt76: mt7921e: fix possible probe failure after reboot
(bsc#1012628).
- mt76: mt7603: check sta_rates pointer in
mt7603_sta_rate_tbl_update (bsc#1012628).
- mt76: mt7615: check sta_rates pointer in
mt7615_sta_rate_tbl_update (bsc#1012628).
- mt76: mt7915: fix possible memory leak in mt7915_mcu_add_sta
(bsc#1012628).
- mt76: mt7921s: fix a possible memory leak in mt7921_load_patch
(bsc#1012628).
- mt76: mt7915: fix mcs_map in mt7915_mcu_set_sta_he_mcs()
(bsc#1012628).
- mt76: mt7915: fix the nss setting in bitrates (bsc#1012628).
- ptp: unregister virtual clocks when unregistering physical clock
(bsc#1012628).
- net: dsa: mv88e6xxx: Enable port policy support on 6097
(bsc#1012628).
- bpf: Fix a btf decl_tag bug when tagging a function
(bsc#1012628).
- mac80211: limit bandwidth in HE capabilities (bsc#1012628).
- scripts/dtc: Call pkg-config POSIXly correct (bsc#1012628).
- livepatch: Fix build failure on 32 bits processors
(bsc#1012628).
- net: asix: add proper error handling of usb read errors
(bsc#1012628).
- i2c: bcm2835: Fix the error handling in 'bcm2835_i2c_probe()'
(bsc#1012628).
- mtd: mchp23k256: Add SPI ID table (bsc#1012628).
- mtd: mchp48l640: Add SPI ID table (bsc#1012628).
- selftests/bpf: Extract syscall wrapper (bsc#1012628).
- selftests/bpf: Use "__se_" prefix on architectures without
syscall wrapper (bsc#1012628).
- igc: avoid kernel warning when changing RX ring parameters
(bsc#1012628).
- igb: refactor XDP registration (bsc#1012628).
- drm/amdgpu: Don't offset by 2 in FRU EEPROM (bsc#1012628).
- PCI: aardvark: Fix reading MSI interrupt number (bsc#1012628).
- PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated
bridge (bsc#1012628).
- RDMA/rxe: Check the last packet by RXE_END_MASK (bsc#1012628).
- libbpf: Fix signedness bug in btf_dump_array_data()
(bsc#1012628).
- libbpf: Fix riscv register names (bsc#1012628).
- cxl/core: Fix cxl_probe_component_regs() error message
(bsc#1012628).
- tools/testing/cxl: Fix root port to host bridge assignment
(bsc#1012628).
- cxl/regs: Fix size of CXL Capability Header Register
(bsc#1012628).
- Netvsc: Call hv_unmap_memory() in the netvsc_device_remove()
(bsc#1012628).
- net:enetc: allocate CBD ring data memory using DMA coherent
methods (bsc#1012628).
- libbpf: Fix compilation warning due to mismatched printf format
(bsc#1012628).
- rtw88: fix use after free in rtw_hw_scan_update_probe_req()
(bsc#1012628).
- drm/bridge: dw-hdmi: use safe format when first in bridge chain
(bsc#1012628).
- power: supply: ab8500: Swap max and overvoltage (bsc#1012628).
- libbpf: Fix libbpf.map inheritance chain for LIBBPF_0.7.0
(bsc#1012628).
- libbpf: Use dynamically allocated buffer when receiving netlink
messages (bsc#1012628).
- power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init
(bsc#1012628).
- HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports
(bsc#1012628).
- iommu/ipmmu-vmsa: Check for error num after setting mask
(bsc#1012628).
- drm/bridge: anx7625: Fix overflow issue on reading EDID
(bsc#1012628).
- ath11k: fix uninitialized rate_idx in
ath11k_dp_tx_update_txcompl() (bsc#1012628).
- i2c: pasemi: Drop I2C classes from platform driver variant
(bsc#1012628).
- bpftool: Fix the error when lookup in no-btf maps (bsc#1012628).
- drm/amd/pm: enable pm sysfs write for one VF mode (bsc#1012628).
- drm/amd/display: Add affected crtcs to atomic state for dsc
mst unplug (bsc#1012628).
- bpftool: Fix pretty print dump for maps without BTF loaded
(bsc#1012628).
- libbpf: Fix memleak in libbpf_netlink_recv() (bsc#1012628).
- IB/cma: Allow XRC INI QPs to set their local ACK timeout
(bsc#1012628).
- cxl/core/port: Rename bus.c to port.c (bsc#1012628).
- cxl/port: Hold port reference until decoder release
(bsc#1012628).
- dax: make sure inodes are flushed before destroy cache
(bsc#1012628).
- selftests: mptcp: add csum mib check for mptcp_connect
(bsc#1012628).
- iwlwifi: mvm: Don't call iwl_mvm_sta_from_mac80211() with NULL
sta (bsc#1012628).
- iwlwifi: mvm: don't iterate unadded vifs when handling FW SMPS
req (bsc#1012628).
- iwlwifi: mvm: align locking in D3 test debugfs (bsc#1012628).
- iwlwifi: yoyo: remove DBGI_SRAM address reset writing
(bsc#1012628).
- iwlwifi: yoyo: Avoid using dram data if allocation failed
(bsc#1012628).
- iwlwifi: mvm: fix off by one in iwl_mvm_stat_iterator_all_macs()
(bsc#1012628).
- iwlwifi: Fix -EIO error code that is never returned
(bsc#1012628).
- iwlwifi: mvm: Fix an error code in iwl_mvm_up() (bsc#1012628).
- mtd: rawnand: pl353: Set the nand chip node as the flash node
(bsc#1012628).
- drm/msm/dp: do not initialize phy until plugin interrupt
received (bsc#1012628).
- drm/msm/dp: populate connector of struct dp_panel (bsc#1012628).
- drm/msm/dp: stop link training after link training 2 failed
(bsc#1012628).
- drm/msm/dp: always add fail-safe mode into connector mode list
(bsc#1012628).
- drm/msm/dsi: Use "ref" fw clock instead of global name for
VCO parent (bsc#1012628).
- drm/msm/dsi/phy: fix 7nm v4.0 settings for C-PHY mode
(bsc#1012628).
- drm/msm/dpu: add DSPP blocks teardown (bsc#1012628).
- drm/msm/dpu: fix dp audio condition (bsc#1012628).
- drm/msm/dpu: remove msm_dp cached in dpu_encoder_virt
(bsc#1012628).
- drm/msm/dp: fix panel bridge attachment (bsc#1012628).
- i40e: remove dead stores on XSK hotpath (bsc#1012628).
- ath11k: Invalidate cached reo ring entry before accessing it
(bsc#1012628).
- mips: Enable KCSAN (bsc#1012628).
- dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS
(bsc#1012628).
- vfio/pci: fix memory leak during D3hot to D0 transition
(bsc#1012628).
- vfio/pci: wake-up devices around reset functions (bsc#1012628).
- scsi: fnic: Fix a tracing statement (bsc#1012628).
- scsi: pm8001: Fix command initialization in
pm80XX_send_read_log() (bsc#1012628).
- scsi: pm8001: Fix command initialization in
pm8001_chip_ssp_tm_req() (bsc#1012628).
- scsi: pm8001: Fix payload initialization in
pm80xx_set_thermal_config() (bsc#1012628).
- scsi: pm8001: Fix le32 values handling in
pm80xx_set_sas_protocol_timer_config() (bsc#1012628).
- scsi: pm8001: Fix payload initialization in
pm80xx_encrypt_update() (bsc#1012628).
- scsi: pm8001: Fix le32 values handling in
pm80xx_chip_ssp_io_req() (bsc#1012628).
- scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req()
(bsc#1012628).
- scsi: pm8001: Fix NCQ NON DATA command task initialization
(bsc#1012628).
- scsi: pm8001: Fix NCQ NON DATA command completion handling
(bsc#1012628).
- scsi: pm8001: Fix abort all task initialization (bsc#1012628).
- mt76: do not always copy ethhdr in reverse_frag0_hdr_trans
(bsc#1012628).
- mt76: fix endianness errors in reverse_frag0_hdr_trans
(bsc#1012628).
- mt76: mt7921s: fix missing fc type/sub-type for 802.11 pkts
(bsc#1012628).
- net: dsa: realtek-smi: fix kdoc warnings (bsc#1012628).
- net: dsa: realtek-smi: move to subdirectory (bsc#1012628).
- RDMA/mlx5: Fix the flow of a miss in the allocation of a cache
ODP MR (bsc#1012628).
- drm/amd/display: Remove vupdate_int_entry definition
(bsc#1012628).
- TOMOYO: fix __setup handlers return values (bsc#1012628).
- power: supply: sbs-charger: Don't cancel work that is not
initialized (bsc#1012628).
- mt76: mt7915: enlarge wcid size to 544 (bsc#1012628).
- mt76: mt7915: fix the muru tlv issue (bsc#1012628).
- drm/dp: Fix OOB read when handling Post Cursor2 register
(bsc#1012628).
- ext2: correct max file size computing (bsc#1012628).
- drm/tegra: Fix reference leak in tegra_dsi_ganged_probe
(bsc#1012628).
- power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled()
wrong false return (bsc#1012628).
- scsi: hisi_sas: Change permission of parameter prot_mask
(bsc#1012628).
- drm/bridge: cdns-dsi: Make sure to to create proper aliases
for dt (bsc#1012628).
- bpf, arm64: Call build_prologue() first in first JIT pass
(bsc#1012628).
- bpf, arm64: Feed byte-offset into bpf line info (bsc#1012628).
- xsk: Fix race at socket teardown (bsc#1012628).
- RDMA/irdma: Fix netdev notifications for vlan's (bsc#1012628).
- RDMA/irdma: Fix Passthrough mode in VM (bsc#1012628).
- RDMA/irdma: Remove incorrect masking of PD (bsc#1012628).
- libbpf: Fix BPF_MAP_TYPE_PERF_EVENT_ARRAY auto-pinning
(bsc#1012628).
- gpu: host1x: Fix an error handling path in 'host1x_probe()'
(bsc#1012628).
- gpu: host1x: Fix a memory leak in 'host1x_remove()'
(bsc#1012628).
- libbpf: Skip forward declaration when counting duplicated type
names (bsc#1012628).
- powerpc/mm/numa: skip NUMA_NO_NODE onlining in
parse_numa_properties() (bsc#1012628).
- powerpc/Makefile: Don't pass -mcpu=powerpc64 when building
32-bit (bsc#1012628).
- KVM: x86: Fix emulation in writing cr8 (bsc#1012628).
- KVM: x86/emulator: Defer not-present segment check in
__load_segment_descriptor() (bsc#1012628).
- KVM: SVM: Exit to userspace on ENOMEM/EFAULT GHCB errors
(bsc#1012628).
- hv_balloon: rate-limit "Unhandled message" warning
(bsc#1012628).
- KVM: arm64: Enable Cortex-A510 erratum 2077057 by default
(bsc#1012628).
- i2c: xiic: Make bus names unique (bsc#1012628).
- net: phy: micrel: Fix concurrent register access (bsc#1012628).
- Bluetooth: hci_sync: fix undefined return of
hci_disconnect_all_sync() (bsc#1012628).
- Bluetooth: Fix skb allocation in mgmt_remote_name() &
mgmt_device_connected() (bsc#1012628).
- power: supply: wm8350-power: Handle error for
wm8350_register_irq (bsc#1012628).
- power: supply: wm8350-power: Add missing free in
free_charger_irq (bsc#1012628).
- IB/hfi1: Allow larger MTU without AIP (bsc#1012628).
- RDMA/core: Fix ib_qp_usecnt_dec() called when error
(bsc#1012628).
- PCI: Reduce warnings on possible RW1C corruption (bsc#1012628).
- net: axienet: fix RX ring refill allocation failure handling
(bsc#1012628).
- drm/msm/a6xx: Fix missing ARRAY_SIZE() check (bsc#1012628).
- mips: DEC: honor CONFIG_MIPS_FP_SUPPORT=n (bsc#1012628).
- MIPS: Sanitise Cavium switch cases in TLB handler synthesizers
(bsc#1012628).
- powerpc/sysdev: fix incorrect use to determine if list is empty
(bsc#1012628).
- powerpc/64s: Don't use DSISR for SLB faults (bsc#1012628).
- mfd: mc13xxx: Add check for mc13xxx_irq_request (bsc#1012628).
- libbpf: Unmap rings when umem deleted (bsc#1012628).
- selftests/bpf: Make test_lwt_ip_encap more stable and faster
(bsc#1012628).
- platform/x86: huawei-wmi: check the return value of
device_create_file() (bsc#1012628).
- scsi: mpt3sas: Fix incorrect 4GB boundary check (bsc#1012628).
- powerpc: 8xx: fix a return value error in mpc8xx_pic_init
(bsc#1012628).
- xtensa: add missing XCHAL_HAVE_WINDOWED check (bsc#1012628).
- iwlwifi: pcie: fix SW error MSI-X mapping (bsc#1012628).
- vxcan: enable local echo for sent CAN frames (bsc#1012628).
- ath10k: Fix error handling in ath10k_setup_msa_resources
(bsc#1012628).
- mips: cdmm: Fix refcount leak in mips_cdmm_phys_base
(bsc#1012628).
- MIPS: RB532: fix return value of __setup handler (bsc#1012628).
- MIPS: pgalloc: fix memory leak caused by pgd_free()
(bsc#1012628).
- mtd: rawnand: atmel: fix refcount issue in
atmel_nand_controller_init (bsc#1012628).
- power: ab8500_chargalg: Use CLOCK_MONOTONIC (bsc#1012628).
- RDMA/irdma: Prevent some integer underflows (bsc#1012628).
- Revert "RDMA/core: Fix ib_qp_usecnt_dec() called when error"
(bsc#1012628).
- RDMA/mlx5: Fix memory leak in error flow for subscribe event
routine (bsc#1012628).
- bpf, sockmap: Fix memleak in sk_psock_queue_msg (bsc#1012628).
- bpf, sockmap: Fix memleak in tcp_bpf_sendmsg while sk msg is
full (bsc#1012628).
- bpf, sockmap: Fix more uncharged while msg has more_data
(bsc#1012628).
- bpf, sockmap: Fix double uncharge the mem of sk_msg
(bsc#1012628).
- samples/bpf, xdpsock: Fix race when running for fix duration
of time (bsc#1012628).
- USB: storage: ums-realtek: fix error code in rts51x_read_mem()
(bsc#1012628).
- drm/amd/display: Fix double free during GPU reset on DC streams
(bsc#1012628).
- RDMA/rxe: Change variable and function argument to proper type
(bsc#1012628).
- RDMA/rxe: Fix ref error in rxe_av.c (bsc#1012628).
- powerpc/xive: fix return value of __setup handler (bsc#1012628).
- powerpc/time: Fix KVM host re-arming a timer beyond decrementer
range (bsc#1012628).
- drm/i915/display: Fix HPD short pulse handling for eDP
(bsc#1012628).
- drm/i915/display: Do not re-enable PSR after it was marked as
not reliable (bsc#1012628).
- netfilter: flowtable: Fix QinQ and pppoe support for inet table
(bsc#1012628).
- mt76: mt7921: fix mt7921_queues_acq implementation
(bsc#1012628).
- can: isotp: return -EADDRNOTAVAIL when reading from unbound
socket (bsc#1012628).
- can: isotp: support MSG_TRUNC flag when reading from socket
(bsc#1012628).
- bareudp: use ipv6_mod_enabled to check if IPv6 enabled
(bsc#1012628).
- PCI: imx6: Invoke the PHY exit function after PHY power off
(bsc#1012628).
- PCI: imx6: Assert i.MX8MM CLKREQ# even if no device present
(bsc#1012628).
- ibmvnic: fix race between xmit and reset (bsc#1012628).
- af_unix: Fix some data-races around unix_sk(sk)->oob_skb
(bsc#1012628).
- selftests/bpf: Fix error reporting from sock_fields programs
(bsc#1012628).
- Bluetooth: hci_uart: add missing NULL check in h5_enqueue
(bsc#1012628).
- Bluetooth: call hci_le_conn_failed with hdev lock in
hci_le_conn_failed (bsc#1012628).
- Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt
(bsc#1012628).
- RDMA/nldev: Prevent underflow in
nldev_stat_set_counter_dynamic_doit() (bsc#1012628).
- ipv4: Fix route lookups when handling ICMP redirects and PMTU
updates (bsc#1012628).
- mptcp: Fix crash due to tcp_tsorted_anchor was initialized
before release skb (bsc#1012628).
- af_netlink: Fix shift out of bounds in group mask calculation
(bsc#1012628).
- i2c: meson: Fix wrong speed use from probe (bsc#1012628).
- netfilter: conntrack: Add and use
nf_ct_set_auto_assign_helper_warned() (bsc#1012628).
- i2c: mux: demux-pinctrl: do not deactivate a master that is
not active (bsc#1012628).
- powerpc/pseries: Fix use after free in remove_phb_dynamic()
(bsc#1012628).
- ax25: Fix refcount leaks caused by ax25_cb_del() (bsc#1012628).
- ax25: Fix NULL pointer dereferences in ax25 timers
(bsc#1012628).
- drm/i915: Fix renamed struct field (bsc#1012628).
- selftests/bpf/test_lirc_mode2.sh: Exit with proper code
(bsc#1012628).
- bpftool: Fix print error when show bpf map (bsc#1012628).
- PCI: Avoid broken MSI on SB600 USB devices (bsc#1012628).
- net: bcmgenet: Use stronger register read/writes to assure
ordering (bsc#1012628).
- tcp: ensure PMTU updates are processed during fastopen
(bsc#1012628).
- openvswitch: always update flow key after nat (bsc#1012628).
- net: dsa: fix panic on shutdown if multi-chip tree failed to
probe (bsc#1012628).
- net: wwan: qcom_bam_dmux: fix wrong pointer passed to IS_ERR()
(bsc#1012628).
- tipc: fix the timer expires after interval 100ms (bsc#1012628).
- mfd: asic3: Add missing iounmap() on error asic3_mfd_probe
(bsc#1012628).
- ice: fix 'scheduling while atomic' on aux critical err interrupt
(bsc#1012628).
- ice: don't allow to run ice_send_event_to_aux() in atomic ctx
(bsc#1012628).
- drivers: ethernet: cpsw: fix panic when interrupt coaleceing
is set via ethtool (bsc#1012628).
- kernel/resource: fix kfree() of bootmem memory again
(bsc#1012628).
- clk: renesas: r9a07g044: Update multiplier and divider values
for PLL2/3 (bsc#1012628).
- staging: r8188eu: release_firmware is not called if allocation
fails (bsc#1012628).
- mxser: fix xmit_buf leak in activate when LSR == 0xff
(bsc#1012628).
- fsi: scom: Fix error handling (bsc#1012628).
- fsi: scom: Remove retries in indirect scoms (bsc#1012628).
- pwm: lpc18xx-sct: Initialize driver data and hardware before
pwmchip_add() (bsc#1012628).
- pps: clients: gpio: Propagate return value from pps_gpio_probe
(bsc#1012628).
- fsi: Aspeed: Fix a potential double free (bsc#1012628).
- misc: alcor_pci: Fix an error handling path (bsc#1012628).
- cpufreq: qcom-cpufreq-nvmem: fix reading of PVS Valid fuse
(bsc#1012628).
- soundwire: intel: fix wrong register name in intel_shim_wake
(bsc#1012628).
- clk: qcom: ipq8074: fix PCI-E clock oops (bsc#1012628).
- dmaengine: idxd: restore traffic class defaults after wq reset
(bsc#1012628).
- iio: mma8452: Fix probe failing when an i2c_device_id is used
(bsc#1012628).
- staging: qlge: add unregister_netdev in qlge_probe
(bsc#1012628).
- serial: 8250_aspeed_vuart: add PORT_ASPEED_VUART port type
(bsc#1012628).
- staging:iio:adc:ad7280a: Fix handing of device address bit
reversing (bsc#1012628).
- clk: renesas: r8a779f0: Fix RSW2 clock divider (bsc#1012628).
- pinctrl: renesas: r8a77470: Reduce size for narrow VIN1 channel
(bsc#1012628).
- pinctrl: renesas: checker: Fix miscalculation of number of
states (bsc#1012628).
- clk: qcom: ipq8074: Use floor ops for SDCC1 clock (bsc#1012628).
- phy: dphy: Correct lpx parameter and its
derivatives(ta_{get,go,sure}) (bsc#1012628).
- phy: phy-brcm-usb: fixup BCM4908 support (bsc#1012628).
- serial: 8250_mid: Balance reference count for PCI DMA device
(bsc#1012628).
- serial: 8250_lpss: Balance reference count for PCI DMA device
(bsc#1012628).
- NFS: Use of mapping_set_error() results in spurious errors
(bsc#1012628).
- serial: 8250: Fix race condition in RTS-after-send handling
(bsc#1012628).
- iio: adc: Add check for devm_request_threaded_irq (bsc#1012628).
- habanalabs: Add check for pci_enable_device (bsc#1012628).
- NFS: Return valid errors from nfs2/3_decode_dirent()
(bsc#1012628).
- staging: r8188eu: fix endless loop in recv_func (bsc#1012628).
- dma-debug: fix return value of __setup handlers (bsc#1012628).
- clk: imx7d: Remove audio_mclk_root_clk (bsc#1012628).
- clk: imx: off by one in imx_lpcg_parse_clks_from_dt()
(bsc#1012628).
- clk: at91: sama7g5: fix parents of PDMCs' GCLK (bsc#1012628).
- clk: qcom: clk-rcg2: Update logic to calculate D value for RCG
(bsc#1012628).
- clk: qcom: clk-rcg2: Update the frac table for pixel clock
(bsc#1012628).
- clk: starfive: jh7100: Don't round divisor up twice
(bsc#1012628).
- clk: starfive: jh7100: Handle audio_div clock properly
(bsc#1012628).
- dmaengine: hisi_dma: fix MSI allocate fail when reload hisi_dma
(bsc#1012628).
- remoteproc: qcom: Fix missing of_node_put in
adsp_alloc_memory_region (bsc#1012628).
- remoteproc: qcom_wcnss: Add missing of_node_put() in
wcnss_alloc_memory_region (bsc#1012628).
- remoteproc: qcom_q6v5_mss: Fix some leaks in
q6v5_alloc_memory_region (bsc#1012628).
- nvdimm/region: Fix default alignment for small regions
(bsc#1012628).
- clk: actions: Terminate clk_div_table with sentinel element
(bsc#1012628).
- clk: loongson1: Terminate clk_div_table with sentinel element
(bsc#1012628).
- clk: hisilicon: Terminate clk_div_table with sentinel element
(bsc#1012628).
- clk: clps711x: Terminate clk_div_table with sentinel element
(bsc#1012628).
- clk: Fix clk_hw_get_clk() when dev is NULL (bsc#1012628).
- clk: tegra: tegra124-emc: Fix missing put_device() call in
emc_ensure_emc_driver (bsc#1012628).
- mailbox: imx: fix crash in resume on i.mx8ulp (bsc#1012628).
- NFS: remove unneeded check in decode_devicenotify_args()
(bsc#1012628).
- staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree
(bsc#1012628).
- staging: mt7621-dts: fix formatting (bsc#1012628).
- staging: mt7621-dts: fix pinctrl properties for ethernet
(bsc#1012628).
- staging: mt7621-dts: fix GB-PC2 devicetree (bsc#1012628).
- pinctrl: ocelot: fix confops resource index (bsc#1012628).
- pinctrl: ocelot: fix duplicate debugfs entry (bsc#1012628).
- pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init
(bsc#1012628).
- pinctrl: mediatek: paris: Fix PIN_CONFIG_BIAS_* readback
(bsc#1012628).
- pinctrl: mediatek: paris: Fix "argument" argument type for
mtk_pinconf_get() (bsc#1012628).
- pinctrl: mediatek: paris: Fix pingroup pin config state readback
(bsc#1012628).
- pinctrl: mediatek: paris: Skip custom extra pin config dump
for virtual GPIOs (bsc#1012628).
- pinctrl: ocelot: Fix interrupt parsing (bsc#1012628).
- pinctrl: microchip-sgpio: lock RMW access (bsc#1012628).
- pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe
(bsc#1012628).
- pinctrl/rockchip: Add missing of_node_put() in
rockchip_pinctrl_probe (bsc#1012628).
- clk: visconti: prevent array overflow in
visconti_clk_register_gates() (bsc#1012628).
- tty: hvc: fix return value of __setup handler (bsc#1012628).
- kgdboc: fix return value of __setup handler (bsc#1012628).
- serial: 8250: fix XOFF/XON sending when DMA is used
(bsc#1012628).
- virt: acrn: obtain pa from VMA with PFNMAP flag (bsc#1012628).
- virt: acrn: fix a memory leak in acrn_dev_ioctl() (bsc#1012628).
- kgdbts: fix return value of __setup handler (bsc#1012628).
- firmware: google: Properly state IOMEM dependency (bsc#1012628).
- driver core: dd: fix return value of __setup handler
(bsc#1012628).
- perf test arm64: Test unwinding using fame-pointer (fp) mode
(bsc#1012628).
- jfs: fix divide error in dbNextAG (bsc#1012628).
- SUNRPC/call_alloc: async tasks mustn't block waiting for memory
(bsc#1012628).
- SUNRPC: improve 'swap' handling: scheduling and PF_MEMALLOC
(bsc#1012628).
- SUNRPC: Don't call connect() more than once on a TCP socket
(bsc#1012628).
- perf parse-events: Move slots only with topdown (bsc#1012628).
- netfilter: egress: Report interface as outgoing (bsc#1012628).
- netfilter: nf_conntrack_tcp: preserve liberal flag in tcp
options (bsc#1012628).
- SUNRPC don't resend a task on an offlined transport
(bsc#1012628).
- NFSv4.1: don't retry BIND_CONN_TO_SESSION on session error
(bsc#1012628).
- kdb: Fix the putarea helper function (bsc#1012628).
- perf stat: Fix forked applications enablement of counters
(bsc#1012628).
- net: stmmac: dwmac-qcom-ethqos: Enable RGMII functional clock
on resume (bsc#1012628).
- clk: qcom: gcc-msm8994: Fix gpll4 width (bsc#1012628).
- vsock/virtio: initialize vdev->priv before using VQs
(bsc#1012628).
- vsock/virtio: read the negotiated features before using VQs
(bsc#1012628).
- vsock/virtio: enable VQs early on probe (bsc#1012628).
- clk: Initialize orphan req_rate (bsc#1012628).
- xen: fix is_xen_pmu() (bsc#1012628).
- net: enetc: report software timestamping via SO_TIMESTAMPING
(bsc#1012628).
- net: hns3: fix bug when PF set the duplicate MAC address for
VFs (bsc#1012628).
- net: hns3: fix port base vlan add fail when concurrent with
reset (bsc#1012628).
- net: hns3: add vlan list lock to protect vlan list
(bsc#1012628).
- net: hns3: refine the process when PF set VF VLAN (bsc#1012628).
- net: phy: broadcom: Fix brcm_fet_config_init() (bsc#1012628).
- selftests: test_vxlan_under_vrf: Fix broken test case
(bsc#1012628).
- NFS: Don't loop forever in nfs_do_recoalesce() (bsc#1012628).
- libperf tests: Fix typo in perf_evlist__open() failure error
messages (bsc#1012628).
- net: hns3: fix ethtool tx copybreak buf size indicating not
aligned issue (bsc#1012628).
- net: hns3: add max order judgement for tx spare buffer
(bsc#1012628).
- net: hns3: clean residual vf config after disable sriov
(bsc#1012628).
- net: hns3: add netdev reset check for hns3_set_tunable()
(bsc#1012628).
- net: hns3: add NULL pointer check for hns3_set/get_ringparam()
(bsc#1012628).
- net: hns3: fix phy can not link up when autoneg off and reset
(bsc#1012628).
- net: sparx5: depends on PTP_1588_CLOCK_OPTIONAL (bsc#1012628).
- qlcnic: dcb: default to returning -EOPNOTSUPP (bsc#1012628).
- net/x25: Fix null-ptr-deref caused by x25_disconnect
(bsc#1012628).
- net: sparx5: switchdev: fix possible NULL pointer dereference
(bsc#1012628).
- octeontx2-af: initialize action variable (bsc#1012628).
- selftests: tls: skip cmsg_to_pipe tests with TLS=n
(bsc#1012628).
- net/sched: act_ct: fix ref leak when switching zones
(bsc#1012628).
- NFSv4/pNFS: Fix another issue with a list iterator pointing
to the head (bsc#1012628).
- net: dsa: bcm_sf2_cfp: fix an incorrect NULL check on list
iterator (bsc#1012628).
- fs: fd tables have to be multiples of BITS_PER_LONG
(bsc#1012628).
- lib/test: use after free in register_test_dev_kmod()
(bsc#1012628).
- fs: fix fd table size alignment properly (bsc#1012628).
- LSM: general protection fault in legacy_parse_param
(bsc#1012628).
- regulator: rpi-panel: Handle I2C errors/timing to the Atmel
(bsc#1012628).
- crypto: hisilicon/qm - cleanup warning in qm_vf_read_qos
(bsc#1012628).
- crypto: octeontx2 - CN10K CPT to RNM workaround (bsc#1012628).
- gcc-plugins/stackleak: Exactly match strings instead of prefixes
(bsc#1012628).
- rcu: Kill rnp->ofl_seq and use only rcu_state.ofl_lock for
exclusion (bsc#1012628).
- pinctrl: npcm: Fix broken references to chip->parent_device
(bsc#1012628).
- rcu: Mark writes to the rcu_segcblist structure's ->flags field
(bsc#1012628).
- block: throttle split bio in case of iops limit (bsc#1012628).
- memstick/mspro_block: fix handling of read-only devices
(bsc#1012628).
- block/bfq_wf2q: correct weight to ioprio (bsc#1012628).
- crypto: xts - Add softdep on ecb (bsc#1012628).
- crypto: hisilicon/sec - not need to enable sm4 extra mode at
HW V3 (bsc#1012628).
- block, bfq: don't move oom_bfqq (bsc#1012628).
- selinux: use correct type for context length (bsc#1012628).
- powercap/dtpm_cpu: Reset per_cpu variable in the release
function (bsc#1012628).
- arm64: module: remove (NOLOAD) from linker script (bsc#1012628).
- selinux: allow FIOCLEX and FIONCLEX with policy capability
(bsc#1012628).
- loop: use sysfs_emit() in the sysfs xxx show() (bsc#1012628).
- Fix incorrect type in assignment of ipv6 port for audit
(bsc#1012628).
- irqchip/qcom-pdc: Fix broken locking (bsc#1012628).
- irqchip/nvic: Release nvic_base upon failure (bsc#1012628).
- fs/binfmt_elf: Fix AT_PHDR for unusual ELF files (bsc#1012628).
- hwrng: cavium - fix NULL but dereferenced coccicheck error
(bsc#1012628).
- bfq: fix use-after-free in bfq_dispatch_request (bsc#1012628).
- ACPICA: Avoid walking the ACPI Namespace if it is not there
(bsc#1012628).
- ACPI / x86: Add skip i2c clients quirk for Nextbook Ares 8
(bsc#1012628).
- ACPI / x86: Add skip i2c clients quirk for Lenovo Yoga Tablet
1050F/L (bsc#1012628).
- lib/raid6/test/Makefile: Use $(pound) instead of \# for Make
4.3 (bsc#1012628).
- Revert "Revert "block, bfq: honor already-setup queue merges""
(bsc#1012628).
- ACPI/APEI: Limit printable size of BERT table data
(bsc#1012628).
- PM: core: keep irq flags in device_pm_check_callbacks()
(bsc#1012628).
- parisc: Fix non-access data TLB cache flush faults
(bsc#1012628).
- parisc: Fix handling off probe non-access faults (bsc#1012628).
- nvme-tcp: lockdep: annotate in-kernel sockets (bsc#1012628).
- spi: tegra20: Use of_device_get_match_data() (bsc#1012628).
- spi: fsi: Implement a timeout for polling status (bsc#1012628).
- atomics: Fix atomic64_{read_acquire,set_release} fallbacks
(bsc#1012628).
- locking/lockdep: Iterate lock_classes directly when reading
lockdep files (bsc#1012628).
- ext4: correct cluster len and clusters changed accounting in
ext4_mb_mark_bb (bsc#1012628).
- ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit
(bsc#1012628).
- sched/tracing: Report TASK_RTLOCK_WAIT tasks as
TASK_UNINTERRUPTIBLE (bsc#1012628).
- ext4: don't BUG if someone dirty pages without asking ext4 first
(bsc#1012628).
- f2fs: fix to do sanity check on curseg->alloc_type
(bsc#1012628).
- NFSD: Fix nfsd_breaker_owns_lease() return values (bsc#1012628).
- f2fs: don't get FREEZE lock in f2fs_evict_inode in frozen fs
(bsc#1012628).
- btrfs: harden identification of a stale device (bsc#1012628).
- btrfs: make search_csum_tree return 0 if we get -EFBIG
(bsc#1012628).
- btrfs: handle csum lookup errors properly on reads
(bsc#1012628).
- btrfs: do not double complete bio on errors during compressed
reads (bsc#1012628).
- btrfs: do not clean up repair bio if submit fails (bsc#1012628).
- f2fs: use spin_lock to avoid hang (bsc#1012628).
- f2fs: compress: fix to print raw data size in error path of
lz4 decompression (bsc#1012628).
- Adjust cifssb maximum read size (bsc#1012628).
- ntfs: add sanity check on allocation size (bsc#1012628).
- media: staging: media: zoran: move videodev alloc (bsc#1012628).
- media: staging: media: zoran: calculate the right buffer number
for zoran_reap_stat_com (bsc#1012628).
- media: staging: media: zoran: fix various V4L2 compliance errors
(bsc#1012628).
- media: atmel: atmel-isc-base: report frame sizes as full
supported range (bsc#1012628).
- media: ir_toy: free before error exiting (bsc#1012628).
- ASoC: sh: rz-ssi: Make the data structures available before
registering the handlers (bsc#1012628).
- ASoC: cs42l42: Report full jack status when plug is detected
(bsc#1012628).
- ASoC: SOF: Intel: match sdw version on link_slaves_found
(bsc#1012628).
- media: imx-jpeg: Prevent decoding NV12M jpegs into single-planar
buffers (bsc#1012628).
- ASoC: SOF: Intel: hda: Remove link assignment limitation
(bsc#1012628).
- media: iommu/mediatek-v1: Free the existed fwspec if the master
dev already has (bsc#1012628).
- media: iommu/mediatek: Return ENODEV if the device is NULL
(bsc#1012628).
- media: iommu/mediatek: Add device_link between the consumer
and the larb devices (bsc#1012628).
- video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow
(bsc#1012628).
- video: fbdev: w100fb: Reset global state (bsc#1012628).
- video: fbdev: cirrusfb: check pixclock to avoid divide by zero
(bsc#1012628).
- video: fbdev: omapfb: acx565akm: replace snprintf with
sysfs_emit (bsc#1012628).
- ARM: dts: qcom: fix gic_irq_domain_translate warnings for
msm8960 (bsc#1012628).
- ARM: dts: bcm2837: Add the missing L1/L2 cache information
(bsc#1012628).
- ASoC: madera: Add dependencies on MFD (bsc#1012628).
- media: atomisp_gmin_platform: Add DMI quirk to not turn AXP
ELDO2 regulator off on some boards (bsc#1012628).
- media: atomisp: fix dummy_ptr check to avoid duplicate active_bo
(bsc#1012628).
- ARM: ftrace: avoid redundant loads or clobbering IP
(bsc#1012628).
- ALSA: hda: Fix driver index handling at re-binding
(bsc#1012628).
- ARM: dts: imx7: Use audio_mclk_post_div instead
audio_mclk_root_clk (bsc#1012628).
- arm64: defconfig: build imx-sdma as a module (bsc#1012628).
- video: fbdev: omapfb: panel-dsi-cm: Use sysfs_emit() instead
of snprintf() (bsc#1012628).
- video: fbdev: omapfb: panel-tpo-td043mtea1: Use sysfs_emit()
instead of snprintf() (bsc#1012628).
- video: fbdev: udlfb: replace snprintf in show functions with
sysfs_emit (bsc#1012628).
- ARM: dts: bcm2711: Add the missing L1/L2 cache information
(bsc#1012628).
- ASoC: soc-core: skip zero num_dai component in searching dai
name (bsc#1012628).
- ASoC: Intel: sof_es8336: add quirk for Huawei D15 2021
(bsc#1012628).
- media: imx-jpeg: fix a bug of accessing array out of bounds
(bsc#1012628).
- media: cx88-mpeg: clear interrupt status register before
streaming video (bsc#1012628).
- ASoC: rt5682s: Fix the wrong jack type detected (bsc#1012628).
- ARM: tegra: transformer: Drop reg-shift for Tegra HS UART
(bsc#1012628).
- uaccess: fix type mismatch warnings from access_ok()
(bsc#1012628).
- lib/test_lockup: fix kernel pointer check for separate address
spaces (bsc#1012628).
- ARM: tegra: tamonten: Fix I2C3 pad setting (bsc#1012628).
- ARM: mmp: Fix failure to remove sram device (bsc#1012628).
- ASoC: amd: vg: fix for pm resume callback sequence
(bsc#1012628).
- ASoC: amd: vangogh: fix uninitialized symbol warning in machine
driver (bsc#1012628).
- video: fbdev: sm712fb: Fix crash in smtcfb_write()
(bsc#1012628).
- media: i2c: ov5648: Fix lockdep error (bsc#1012628).
- media: Revert "media: em28xx: add missing
em28xx_close_extension" (bsc#1012628).
- media: hdpvr: initialize dev->worker at hdpvr_register_videodev
(bsc#1012628).
- ASoC: SOF: debug: clarify operator precedence (bsc#1012628).
- ASoC: Intel: sof_sdw: fix quirks for 2022 HP Spectre x360 13"
(bsc#1012628).
- ASoC: SOF: Intel: hda: retrieve DMIC number for I2S boards
(bsc#1012628).
- ALSA: intel-nhlt: add helper to detect SSP link mask
(bsc#1012628).
- ALSA: intel-dsp-config: add more ACPI HIDs for ES83x6 devices
(bsc#1012628).
- ASoC: Intel: soc-acpi: add more ACPI HIDs for ES83x6 devices
(bsc#1012628).
- ALSA: intel-dspconfig: add ES8336 support for CNL (bsc#1012628).
- ASoC: Intel: Revert "ASoC: Intel: sof_es8336: add quirk for
Huawei D15 2021" (bsc#1012628).
- ASoC: Intel: sof_es8336: log all quirks (bsc#1012628).
- tracing: Have TRACE_DEFINE_ENUM affect trace event types as well
(bsc#1012628).
- mmc: host: Return an error when ->enable_sdio_irq() ops is
missing (bsc#1012628).
- ASoC: mediatek: Fix error handling in
mt8183_da7219_max98357_dev_probe (bsc#1012628).
- media: atomisp: fix bad usage at error handling logic
(bsc#1012628).
- ALSA: hda/realtek: Add alc256-samsung-headphone fixup
(bsc#1012628).
- KVM: SVM: Allow AVIC support on system w/ physical APIC ID >
255 (bsc#1012628).
- KVM: x86: Reinitialize context if host userspace toggles
EFER.LME (bsc#1012628).
- KVM: x86/mmu: Use common TDP MMU zap helper for MMU notifier
unmap hook (bsc#1012628).
- KVM: x86/mmu: Move "invalid" check out of kvm_tdp_mmu_get_root()
(bsc#1012628).
- KVM: x86/mmu: Zap _all_ roots when unmapping gfn range in TDP
MMU (bsc#1012628).
- KVM: x86/mmu: Check for present SPTE when clearing dirty bit
in TDP MMU (bsc#1012628).
- KVM: x86: hyper-v: Drop redundant 'ex' parameter from
kvm_hv_send_ipi() (bsc#1012628).
- KVM: x86: hyper-v: Drop redundant 'ex' parameter from
kvm_hv_flush_tlb() (bsc#1012628).
- KVM: x86: hyper-v: Fix the maximum number of sparse banks for
XMM fast TLB flush hypercalls (bsc#1012628).
- KVM: x86: hyper-v: HVCALL_SEND_IPI_EX is an XMM fast hypercall
(bsc#1012628).
- powerpc/kasan: Fix early region not updated correctly
(bsc#1012628).
- powerpc/tm: Fix more userspace r13 corruption (bsc#1012628).
- powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1012628).
- powerpc/lib/sstep: Fix build errors with newer binutils
(bsc#1012628).
- powerpc: Add set_memory_{p/np}() and remove set_memory_attr()
(bsc#1012628).
- powerpc: Fix build errors with newer binutils (bsc#1012628).
- drm/dp: Fix off-by-one in register cache size (bsc#1012628).
- drm/i915: Treat SAGV block time 0 as SAGV disabled
(bsc#1012628).
- drm/i915: Fix PSF GV point mask when SAGV is not possible
(bsc#1012628).
- drm/i915: Reject unsupported TMDS rates on ICL+ (bsc#1012628).
- scsi: qla2xxx: Refactor asynchronous command initialization
(bsc#1012628).
- scsi: qla2xxx: Implement ref count for SRB (bsc#1012628).
- scsi: qla2xxx: Fix stuck session in gpdb (bsc#1012628).
- scsi: qla2xxx: Fix warning message due to adisc being flushed
(bsc#1012628).
- scsi: qla2xxx: Fix scheduling while atomic (bsc#1012628).
- scsi: qla2xxx: Fix premature hw access after PCI error
(bsc#1012628).
- scsi: qla2xxx: Fix wrong FDMI data for 64G adapter
(bsc#1012628).
- scsi: qla2xxx: Fix warning for missing error code (bsc#1012628).
- scsi: qla2xxx: Fix device reconnect in loop topology
(bsc#1012628).
- scsi: qla2xxx: edif: Fix clang warning (bsc#1012628).
- scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for
28XX adapters (bsc#1012628).
- scsi: qla2xxx: Add devids and conditionals for 28xx
(bsc#1012628).
- scsi: qla2xxx: Check for firmware dump already collected
(bsc#1012628).
- scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair()
(bsc#1012628).
- scsi: qla2xxx: Fix disk failure to rediscover (bsc#1012628).
- scsi: qla2xxx: Fix incorrect reporting of task management
failure (bsc#1012628).
- scsi: qla2xxx: Fix hang due to session stuck (bsc#1012628).
- scsi: qla2xxx: Fix laggy FC remote port session recovery
(bsc#1012628).
- scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests
(bsc#1012628).
- scsi: qla2xxx: Fix crash during module load unload test
(bsc#1012628).
- scsi: qla2xxx: Fix N2N inconsistent PLOGI (bsc#1012628).
- scsi: qla2xxx: Fix stuck session of PRLI reject (bsc#1012628).
- scsi: qla2xxx: Reduce false trigger to login (bsc#1012628).
- scsi: qla2xxx: Use correct feature type field during RFF_ID
processing (bsc#1012628).
- platform: chrome: Split trace include file (bsc#1012628).
- MIPS: crypto: Fix CRC32 code (bsc#1012628).
- KVM: x86: Check lapic_in_kernel() before attempting to set a
SynIC irq (bsc#1012628).
- KVM: x86: Avoid theoretical NULL pointer dereference in
kvm_irq_delivery_to_apic_fast() (bsc#1012628).
- KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't
activated (bsc#1012628).
- KVM: x86/mmu: do compare-and-exchange of gPTE via the user
address (bsc#1012628).
- KVM: Prevent module exit until all VMs are freed (bsc#1012628).
- KVM: x86: fix sending PV IPI (bsc#1012628).
- KVM: SVM: fix panic on out-of-bounds guest IRQ (bsc#1012628).
- KVM: avoid double put_page with gfn-to-pfn cache (bsc#1012628).
- ubifs: rename_whiteout: Fix double free for whiteout_ui->data
(bsc#1012628).
- ubifs: Fix deadlock in concurrent rename whiteout and inode
writeback (bsc#1012628).
- ubifs: Add missing iput if do_tmpfile() failed in rename
whiteout (bsc#1012628).
- ubifs: Rename whiteout atomically (bsc#1012628).
- ubifs: Fix 'ui->dirty' race between do_tmpfile() and writeback
work (bsc#1012628).
- ubifs: Rectify space amount budget for mkdir/tmpfile operations
(bsc#1012628).
- ubifs: setflags: Make dirtied_ino_d 8 bytes aligned
(bsc#1012628).
- ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock()
(bsc#1012628).
- ubifs: Fix to add refcount once page is set private
(bsc#1012628).
- ubifs: rename_whiteout: correct old_dir size computing
(bsc#1012628).
- nvme: allow duplicate NSIDs for private namespaces
(bsc#1012628).
- nvme: fix the read-only state for zoned namespaces with
unsupposed features (bsc#1012628).
- wireguard: queueing: use CFI-safe ptr_ring cleanup function
(bsc#1012628).
- wireguard: socket: free skb in send6 when ipv6 is disabled
(bsc#1012628).
- wireguard: socket: ignore v6 endpoints when ipv6 is disabled
(bsc#1012628).
- XArray: Fix xas_create_range() when multi-order entry present
(bsc#1012628).
- can: mcba_usb: properly check endpoint type (bsc#1012628).
- can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix return
of error value (bsc#1012628).
- XArray: Include bitmap.h from xarray.h (bsc#1012628).
- XArray: Update the LRU list in xas_split() (bsc#1012628).
- modpost: restore the warning message for missing symbol versions
(bsc#1012628).
- rtc: gamecube: Fix refcount leak in
gamecube_rtc_read_offset_from_sram (bsc#1012628).
- rtc: check if __rtc_read_time was successful (bsc#1012628).
- loop: fix ioctl calls using compat_loop_info (bsc#1012628).
- gfs2: gfs2_setattr_size error path fix (bsc#1012628).
- gfs2: Fix gfs2_file_buffered_write endless loop workaround
(bsc#1012628).
- gfs2: Make sure FITRIM minlen is rounded up to fs block size
(bsc#1012628).
- net: hns3: fix the concurrency between functions reading debugfs
(bsc#1012628).
- net: hns3: fix software vlan talbe of vlan 0 inconsistent with
hardware (bsc#1012628).
- rxrpc: fix some null-ptr-deref bugs in server_key.c
(bsc#1012628).
- rxrpc: Fix call timer start racing with call destruction
(bsc#1012628).
- mailbox: imx: fix wakeup failure from freeze mode (bsc#1012628).
- crypto: x86/poly1305 - Fixup SLS (bsc#1012628).
- crypto: arm/aes-neonbs-cbc - Select generic cbc and aes
(bsc#1012628).
- watch_queue: Free the page array when watch_queue is dismantled
(bsc#1012628).
- pinctrl: pinconf-generic: Print arguments for bias-pull-*
(bsc#1012628).
- watchdog: rti-wdt: Add missing pm_runtime_disable() in probe
function (bsc#1012628).
- net: sparx5: uses, depends on BRIDGE or !BRIDGE (bsc#1012628).
- pinctrl: nuvoton: npcm7xx: Rename DS() macro to DSTR()
(bsc#1012628).
- pinctrl: nuvoton: npcm7xx: Use %zu printk format for
ARRAY_SIZE() (bsc#1012628).
- ASoC: rockchip: i2s_tdm: Fixup config for SND_SOC_DAIFMT_DSP_A/B
(bsc#1012628).
- ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs
(bsc#1012628).
- ubi: Fix race condition between ctrl_cdev_ioctl and
ubi_cdev_ioctl (bsc#1012628).
- ARM: iop32x: offset IRQ numbers by 1 (bsc#1012628).
- block: Fix the maximum minor value is blk_alloc_ext_minor()
(bsc#1012628).
- Revert "virtio-pci: harden INTX interrupts" (bsc#1012628).
- Revert "virtio_pci: harden MSI-X interrupts" (bsc#1012628).
- virtio: use virtio_device_ready() in virtio_device_restore()
(bsc#1012628).
- io_uring: remove poll entry from list when canceling all
(bsc#1012628).
- io_uring: bump poll refs to full 31-bits (bsc#1012628).
- io_uring: fix memory leak of uid in files registration
(bsc#1012628).
- riscv module: remove (NOLOAD) (bsc#1012628).
- ACPI: CPPC: Avoid out of bounds access when parsing _CPC data
(bsc#1012628).
- vhost: handle error while adding split ranges to iotlb
(bsc#1012628).
- spi: Fix Tegra QSPI example (bsc#1012628).
- platform/chrome: cros_ec_typec: Check for EC device
(bsc#1012628).
- platform/x86: asus-wmi: Fix regression when probing for fan
curve control (bsc#1012628).
- can: isotp: restore accidentally removed MSG_PEEK feature
(bsc#1012628).
- proc: bootconfig: Add null pointer check (bsc#1012628).
- x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation
(bsc#1012628).
- drm/connector: Fix typo in documentation (bsc#1012628).
- scsi: qla2xxx: Add qla2x00_async_done() for async routines
(bsc#1012628).
- staging: mt7621-dts: fix pinctrl-0 items to be size-1 items
on ethernet (bsc#1012628).
- docs: fix 'make htmldocs' warning in SCTP.rst (bsc#1012628).
- arm64: mm: Drop 'const' from conditional arm64_dma_phys_limit
definition (bsc#1012628).
- ASoC: soc-compress: Change the check for codec_dai
(bsc#1012628).
- KVM: x86: SVM: fix avic spec based definitions again
(bsc#1012628).
- ax25: fix UAF bug in ax25_send_control() (bsc#1012628).
- Reinstate some of "swiotlb: rework "fix info leak with
DMA_FROM_DEVICE"" (bsc#1012628).
- tracing: Have type enum modifications copy the strings
(bsc#1012628).
- mips: Enable KCSAN - take 2 (bsc#1012628).
- net: add skb_set_end_offset() helper (bsc#1012628).
- mm/mmap: return 1 from stack_guard_gap __setup() handler
(bsc#1012628).
- ARM: 9187/1: JIVE: fix return value of __setup handler
(bsc#1012628).
- mm/memcontrol: return 1 from cgroup.memory __setup() handler
(bsc#1012628).
- mm/usercopy: return 1 from hardened_usercopy __setup() handler
(bsc#1012628).
- af_unix: Support POLLPRI for OOB (bsc#1012628).
- libbpf: Define BTF_KIND_* constants in btf.h to avoid
compilation errors (bsc#1012628).
- bpf: Adjust BPF stack helper functions to accommodate skip >
0 (bsc#1012628).
- bpf: Fix comment for helper bpf_current_task_under_cgroup()
(bsc#1012628).
- nbd: fix possible overflow on 'first_minor' in nbd_dev_add()
(bsc#1012628).
- mmc: rtsx: Use pm_runtime_{get,put}() to handle runtime PM
(bsc#1012628).
- dt-bindings: mtd: nand-controller: Fix the reg property
description (bsc#1012628).
- dt-bindings: mtd: nand-controller: Fix a comment in the examples
(bsc#1012628).
- dt-bindings: spi: mxic: The interrupt property is not mandatory
(bsc#1012628).
- media: dt-binding: media: hynix,hi846: use $defs/port-base
port description (bsc#1012628).
- media: dt-bindings: media: hynix,hi846: add link-frequencies
description (bsc#1012628).
- dt-bindings: memory: mtk-smi: Rename clock to clocks
(bsc#1012628).
- dt-bindings: memory: mtk-smi: No need mediatek,larb-id for
mt8167 (bsc#1012628).
- dt-bindings: memory: mtk-smi: Correct minItems to 2 for the
gals clocks (bsc#1012628).
- dt-bindings: pinctrl: mt8195: fix bias-pull-{up,down} checks
(bsc#1012628).
- dt-bindings: pinctrl: pinctrl-microchip-sgpio: Fix example
(bsc#1012628).
- ubi: fastmap: Return error code if memory allocation fails in
add_aeb() (bsc#1012628).
- net: preserve skb_end_offset() in skb_unclone_keeptruesize()
(bsc#1012628).
- ASoC: SOF: Intel: Fix build error without SND_SOC_SOF_PCI_DEV
(bsc#1012628).
- ASoC: topology: Allow TLV control to be either read or write
(bsc#1012628).
- perf vendor events: Update metrics for SkyLake Server
(bsc#1012628).
- media: ov6650: Add try support to selection API operations
(bsc#1012628).
- media: ov6650: Fix crop rectangle affected by set format
(bsc#1012628).
- pinctrl: canonical rsel resistance selection property
(bsc#1012628).
- spi: mediatek: support tick_delay without enhance_timing
(bsc#1012628).
- ARM: dts: spear1340: Update serial node properties
(bsc#1012628).
- ARM: dts: spear13xx: Update SPI dma properties (bsc#1012628).
- arm64: dts: ls1043a: Update i2c dma properties (bsc#1012628).
- arm64: dts: ls1046a: Update i2c node dma properties
(bsc#1012628).
- um: Fix uml_mconsole stop/go (bsc#1012628).
- docs: sysctl/kernel: add missing bit to panic_print
(bsc#1012628).
- xsk: Do not write NULL in SW ring at allocation failure
(bsc#1012628).
- ice: xsk: Fix indexing in ice_tx_xsk_pool() (bsc#1012628).
- vdpa/mlx5: Avoid processing works if workqueue was destroyed
(bsc#1012628).
- openvswitch: Fixed nd target mask field in the flow dump
(bsc#1012628).
- torture: Make torture.sh help message match reality
(bsc#1012628).
- n64cart: convert bi_disk to bi_bdev->bd_disk fix build
(bsc#1012628).
- Revert "nbd: fix possible overflow on 'first_minor' in
nbd_dev_add()" (bsc#1012628).
- mmc: rtsx: Let MMC core handle runtime PM (bsc#1012628).
- mmc: rtsx: Fix build errors/warnings for unused variable
(bsc#1012628).
- coredump: Snapshot the vmas in do_coredump (bsc#1012628).
- coredump: Remove the WARN_ON in dump_vma_snapshot (bsc#1012628).
- coredump/elf: Pass coredump_params into fill_note_info
(bsc#1012628).
- coredump: Use the vma snapshot in fill_files_note (bsc#1012628).
- Update config files.
- commit b49cf22
++++ krb5:
- update to 1.19.3 (bsc#1189929, CVE-2021-37750):
* Fix a denial of service attack against the KDC [CVE-2021-37750].
* Fix KDC null deref on TGS inner body null server
* Fix conformance issue in GSSAPI tests
++++ systemd:
- libseccomp is needed everywhere
++++ libunistring:
- Update to 1.0:
* Unicode 14.0.0 support
* License changed to LGPL-3.0-or-later OR GPL-2.0-or-later
* *_uctomb functions now support strings larger than 2 GiB
* linebreak functions now make it easier to work with strings
that contain CR-LF sequences
* New properties for recognizing pictographics symbols and
regional indicators
- drop disable-broken-tests.patch
------------------------------------------------------------------
------------------ 2022-4-8 - Apr 8 2022 -------------------
------------------------------------------------------------------
++++ acl:
- Disable -D_FORTIFY_SOURCE=3 for now
as explained here: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104964
++++ gettext-runtime:
- Added patch:
* gettext-0.21-jdk17.patch
+ Build with java source and target levels 1.8
+ Allows building with JDK17
+ Fixes build in Factory
++++ kernel-default:
- x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO
(bsc#1196961).
- commit 18b6eb8
++++ freetype2:
- update to 2.12.0:
- FreeType now handles OT-SVG fonts, to be controlled with
`FT_CONFIG_OPTION_SVG` configuration macro. By default, it can
only load the 'SVG ' table of an OpenType font. However, by using
the `svg-hooks` property of the new 'ot-svg' module it is possible
to register an external SVG rendering engine. The FreeType demo
programs have been set up to use 'librsvg' as the rendering
library.
- The handling of fonts with an 'sbix' table has been improved.
- The internal 'zlib' code has been updated to be in sync with the
current 'zlib' version (1.2.11).
- The previously internal load flag `FT_LOAD_SBITS_ONLY` is now
public.
- Some minor improvements of the building systems, in particular
handling of the 'zlib' library (internal vs. external).
- Support for non-desktop Universal Windows Platform.
- Various other minor bug and documentation fixes.
- The `ftdump` demo program shows more information for Type1 fonts
if option `-n` is given.
- `ftgrid` can now display embedded bitmap strikes.
- fixes bsc#1198830 (CVE-2022-27404), bsc#1198832 (CVE-2022-27405),
bsc#1198823 (CVE-2022-27406)
------------------------------------------------------------------
------------------ 2022-4-7 - Apr 7 2022 -------------------
------------------------------------------------------------------
++++ libgpg-error:
- update to 1.45:
* gpgrt_access and gpgrt_mkdir now support file names longer than
MAX_PATH
++++ systemd:
- Move coredumpctl completion files into systemd-coredump sub-package.
++++ perl-Bootloader:
- merge gh#openSUSE/perl-bootloader#138
- grub2/install: reset error code when passing through recover code
(bsc#1198197)
- 0.938
++++ podman:
- Add patch to make buildah happy after selinux change:
* 0001-Adjust-buildah-to-opencontainers-selinux-v1.10.1.patch
- Add patch to fix starting containers on btrfs with SELinux
(gh#opencontainers/selinux#172):
* 0001-Relabel-relabel-links-instead-of-their-targets.patch
- Add patch to fix starting containers as user service with systemd 250
(boo#1197672, gh#containers/podman#13731):
* 0002-specgen-do-not-set-OOMScoreAdj-by-default.patch
++++ python-M2Crypto:
- Add missing bug references to this changelog.
++++ u-boot-rpiarm64:
- Add new build dependencies
------------------------------------------------------------------
------------------ 2022-4-6 - Apr 6 2022 -------------------
------------------------------------------------------------------
++++ dracut:
- Update to version 056+suse.261.gf83268d5:
* chore(suse): remove fipscheck requirement (bsc#1198065)
++++ libeconf:
- Update to version 0.4.5+git20220406.c9658f2:
* econftool:
* * New call "syntax" for checking the configuration files only.
Returns an error string with line number if an error occurs.
* * New options "--comment" and "--delimeters"
* * Parsing one file only if needed.
++++ gcc12:
- On SLE15 and later, use make -Oline to synchronize configure output by
lines
- Bump to 86242eb1bd03eba82d8e22b01b16925d43bcc539, git192423.
Fixes aarch64 bootstrap issue (PR105144).
++++ libnfnetlink:
- Update to release 1.0.2
* Resolved Valgrind warnings due to uninitialized padding in
netlink messages.
++++ open-iscsi:
- Updated to latest upstream, including bug fixes and cleanups.
Changes included:
* add handling name/value pairs for firmware login (bsc#1196113),
including man page update for same
* Fix bug where some package parts were installed using
DESTDIR twice
* general build cleanup (in prep for removing DB files from
/etc/iscsi some day soon)
Also, now delivering a "package config" file for libopeniscsiusr.
++++ systemd:
- Import commit e43a1b018899266b764ab81afb9c30fb417675c6
1c229f8fc1 cryptsetup: fall back to traditional unlocking if any TPM2 operation fails
8881f21539 cryptsetup: fix typo
5882148902 journald: make use of CLAMP() in cache_space_refresh()
6ee0601f73 journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114)
fe928f3d49 fs-util: make sure openat_report_new() initializes return param also on shortcut
3881af1806 fs-util: fix typos in comments
96060b73ba journal-file: port journal_file_open() to openat_report_new()
611d9955bb fs-util: add openat_report_new() wrapper around openat()
f16edb41d4 network: ignore all errors in loading .network files (bsc#1197968)
5422730a7b meson: build kernel-install man page when necessary
45c627cfc2 build: include status of TPM2 in the feature string show by --version
- Drop 0001-meson-build-kernel-install-man-page-when-necessary.patch
It's been merged in the SUSE git repo.
++++ swtpm:
- Cheery-pick upstream patch allow-FORTIFY_SOURCE=3.patch.
++++ u-boot-rpiarm64:
- Update to 2022.04
Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2022.04
* Patches dropped:
0010-sunxi-Enable-SPI-support-on-Orange-.patch
0011-Disable-CONFIG_CMD_BTRFS-in-xilinx_.patch
0012-smbios-Fix-table-when-no-string-is-.patch
0013-riscv-enable-CMD_BTRFS.patch
0014-Disable-timer-check-in-file-loading.patch
0015-Enable-EFI-and-ISO-partitions-suppo.patch
0016-mx6qsabrelite-Enable-DM_ETH-to-re-e.patch
0017-rockchip-sdhci-Fix-RK3399-eMMC-PHY-.patch
* Patches added:
0010-Disable-CONFIG_CMD_BTRFS-in-xilinx_.patch
0011-smbios-Fix-table-when-no-string-is-.patch
0012-riscv-enable-CMD_BTRFS.patch
0013-Disable-timer-check-in-file-loading.patch
0014-Enable-EFI-and-ISO-partitions-suppo.patch
0015-mx6qsabrelite-Enable-DM_ETH-to-re-e.patch
------------------------------------------------------------------
------------------ 2022-4-5 - Apr 5 2022 -------------------
------------------------------------------------------------------
++++ dnsmasq:
- bsc#1197872, CVE-2022-0934, dnsmasq-CVE-2022-0934.patch:
Heap use after free in dhcp6_no_relay
++++ dracut:
- Update to version 056+suse.259.g16e9c5e9:
* fix(ifcfg): repair POSIX compliance
* fix(network-legacy): repair POSIX compliance
* fix(dracut-install): copy files preserving ownership attributes (bsc#1197967)
* fix(bluetooth): make $dbussystem/bluetooth.conf optional (bsc#1195047)
++++ kernel-default:
- x86/speculation: Restore speculation related MSRs during S3
resume (git-fixes).
- commit ffe3c2b
- x86/pm: Save the MSR validity status at context setup
(git-fixes).
- commit b756c61
++++ libmnl:
- Update to release 1.0.5
* New example program
* "MNL_SOCKET_DUMP_SIZE" define, holding a recommended buffer
size for netlink dumps.
* Resolved compiler warnings
++++ osinfo-db:
- bsc#1197958 - request support for SLE15-SP4 in the osinfo database
- Add support for SUSE linux Enterprise Micro 5.2
add-slem5.2-support.patch
++++ salt:
- Fixes for Python 3.10
- Added:
* fixes-for-python-3.10-502.patch
++++ python-urllib3:
- Remove unbundling off ssl.match_hostname.
* It was only done for the primary python3 flavor
* It is bundled for a reason gh#urllib3/urllib3#2439,
gh#urllib3/urllib3#2448
* The tests (and probably urllib3 users) use wildcard patterns
not supported by the stdlib
- Fix undbundling of six for all flavors
- Replace brotlipy recommendation and test with python-Brotli
(see release notes below)
++++ qemu:
- Backport aqmp patches from upstream which can fix iotest issues
* Patches added:
python-aqmp-add-__del__-method-to-legacy.patch
python-aqmp-add-_session_guard.patch
python-aqmp-add-SocketAddrT-to-package-r.patch
python-aqmp-add-socket-bind-step-to-lega.patch
python-aqmp-add-start_server-and-accept-.patch
python-aqmp-copy-type-definitions-from-q.patch
python-aqmp-drop-_bind_hack.patch
python-aqmp-fix-docstring-typo.patch
python-aqmp-Fix-negotiation-with-pre-oob.patch
python-aqmp-fix-race-condition-in-legacy.patch
Python-aqmp-fix-type-definitions-for-myp.patch
python-aqmp-handle-asyncio.TimeoutError-.patch
python-aqmp-refactor-_do_accept-into-two.patch
python-aqmp-remove-_new_session-and-_est.patch
python-aqmp-rename-accept-to-start_serve.patch
python-aqmp-rename-AQMPError-to-QMPError.patch
python-aqmp-split-_client_connected_cb-o.patch
python-aqmp-squelch-pylint-warning-for-t.patch
python-aqmp-stop-the-server-during-disco.patch
python-introduce-qmp-shell-wrap-convenie.patch
python-machine-raise-VMLaunchFailure-exc.patch
python-move-qmp-shell-under-the-AQMP-pac.patch
python-move-qmp-utilities-to-python-qemu.patch
python-qmp-switch-qmp-shell-to-AQMP.patch
python-support-recording-QMP-session-to-.patch
python-upgrade-mypy-to-0.780.patch
- Drop the patches which are workaround to fix iotest issues
* Patches dropped:
Revert-python-iotests-replace-qmp-with-a.patch
Revert-python-machine-add-instance-disam.patch
Revert-python-machine-add-sock_dir-prope.patch
Revert-python-machine-handle-fast-QEMU-t.patch
Revert-python-machine-move-more-variable.patch
Revert-python-machine-remove-_remove_mon.patch
------------------------------------------------------------------
------------------ 2022-4-4 - Apr 4 2022 -------------------
------------------------------------------------------------------
++++ cups:
- Have cups.pc in %{_libdir} to avoid a conflict
that cups-devel and cups-devel-32bit would
both contain /usr/lib/pkgconfig/cups.pc because
when cups.pc is arch dependent it has to be in %{_libdir}
which it is because it contains 'libdir=/usr/lib64' on x86_64
(if it was arch independent it would have to be in %{_datadir})
cf. https://build.opensuse.org/request/show/965680
++++ kernel-default:
- net/fungible: Fix reference to __udivdi3 on 32b builds.
Fix i386 build failure.
- commit 6385d80
- can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb
in error path (CVE-2022-28389 bsc#1198033).
- can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb()
in error path (CVE-2022-28388 bsc#1198032).
- can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb()
in error path (CVE-2022-28390 bsc#1198031).
- commit e456953
- Update to 5.18-rc1
- eliminate 47 patches (42 stable, 5 mainline)
- patches.kernel.org/*
- patches.suse/Bluetooth-btusb-Add-missing-Chicony-device-for-Realt.patch
- patches.suse/Revert-Input-clear-BTN_RIGHT-MIDDLE-on-buttonpads.patch
- patches.suse/Revert-swiotlb-rework-fix-info-leak-with-DMA_FROM_DE.patch
- patches.suse/block-restore-the-old-set_task_ioprio-behaviour-wrt-.patch
- patches.suse/bpf-add-config-to-allow-loading-modules-with-BTF-mis.patch
- refresh
- patches.suse/s390-export-symbols-for-crash-kmp.patch
- patches.suse/vfs-add-super_operations-get_inode_dev
- disable ARM architectures (need config update)
- new config options
- General setup
CLOCKSOURCE_WATCHDOG_MAX_SKEW_US=100
- Processor type and features
X86_KERNEL_IBT=n
- Binary Emulations
X86_X32_ABI=n (renamed X86_X32)
- General architecture-dependent options
RANDOMIZE_KSTACK_OFFSET=y
- Enable the block layer
BLOCK_LEGACY_AUTOLOAD=y
- Networking support
PAGE_POOL_STATS=n
- File systems
F2FS_UNFAIR_RWSEM=n
- Security options
USER_DECRYPTED_DATA=n
- Cryptographic API
CRYPTO_DH_RFC7919_GROUPS=y
CRYPTO_SM3_AVX_X86_64=m
- Kernel hacking
DEBUG_INFO_NONE=n
DEBUG_INFO_DWARF5=n
KFENCE_DEFERRABLE=n
FPROBE=y
- PCI support
CXL_PCI=m
- NVME Support
NVME_VERBOSE_ERRORS=n
- Serial ATA and Parallel ATA drivers (libata)
SATA_LPM_POLICY=0
- Network device support
NET_DSA_REALTEK=m
NET_VENDOR_DAVICOM=y
DM9051=m
NET_VENDOR_FUNGIBLE=y
FUN_ETH=m
MT7921U=m
- Input device support
TOUCHSCREEN_IMAGIS=m
- Power supply class support
IP5XXX_POWER=m
BATTERY_SAMSUNG_SDI=n
BATTERY_UG3105=m
- Hardware Monitoring support
I8K=n
SENSORS_LM25066_REGULATOR=y
SENSORS_PLI1209BC=m
SENSORS_PLI1209BC_REGULATOR=y
SENSORS_XDPE122_REGULATOR=y
SENSORS_SY7636A=m
SENSORS_TMP464=m
SENSORS_ASUS_EC=m
- Voltage and Current Regulator Support
REGULATOR_RT5190A=m
REGULATOR_SY7636A=m
- Multimedia support
VIDEO_HI847=m
VIDEO_OG01A1B=m
VIDEO_OV08D10=m
- Graphics support
DRM_PANEL_MIPI_DBI=m
DRM_SSD130X=n
- Sound card support
SND_SOC_AMD_ACP_PCI=m
SND_SOC_INTEL_AVS=m
SND_SOC_INTEL_SOF_SSP_AMP_MACH=m
SND_SOC_AW8738=n
SND_SOC_TAS5805M=n
- HID support
HID_RAZER=m
HID_SIGMAMICRO=m
- USB support
TYPEC_RT1719=m
TYPEC_WUSB3801=m
- Staging drivers
VIDEO_ZORAN_DC30=y
VIDEO_ZORAN_ZR36060=y
VIDEO_ZORAN_BUZ=y
VIDEO_ZORAN_DC10=y
VIDEO_ZORAN_LML33=y
VIDEO_ZORAN_LML33R10=y
VIDEO_ZORAN_AVS6EYES=y
- X86 Platform Specific Device Drivers
AMD_HSMP=m
INTEL_CHTWC_INT33FE=m
INTEL_SDSI=m
SERIAL_MULTI_INSTANTIATE=m
- Industrial I/O support
ADXL367_SPI=n
ADXL367_I2C=n
ADA4250=n
LTC2688=n
ADMV1014=n
ADMV4420=n
SX9324=n
SX9360=n
PECI=n
PECI=n
- Misc drivers
MTD_NAND_ECC_MXIC=n
I2C_DESIGNWARE_AMDPSP=y
SPI_INTEL_PCI=m
SPI_INTEL_PLATFORM=m
INTEL_HFI_THERMAL=y
MFD_SIMPLE_MFD_I2C=n
MLX5_VFIO_PCI=m
VMGENID=y
CHROMEOS_PRIVACY_SCREEN=m
RPMSG_CTRL=m
- OF dependent (i386, ppc64/ppc64le, riscv64)
- OPEN_DICE=m
- MFD_MAX77714=n
- REGULATOR_TPS6286X=m
- VIDEO_ISL7998X=m
- DRM_PANEL_ILITEK_ILI9341=n
- DRM_PANEL_NOVATEK_NT35560=n
- DRM_ITE_IT6505=n
- COMMON_CLK_RS9_PCIE=m
- PHY_CADENCE_DPHY_RX=m
- i586
- DTPM_DEVFREQ=y
- INTEGRITY_MACHINE_KEYRING=y
- ppc64 / ppc64le
- NET_DSA_REALTEK_MDIO=m
- NET_DSA_REALTEK_RTL8365MB=m
- NET_DSA_REALTEK_RTL8366RB=m
- MCTP_TRANSPORT_I2C=m
- CRC64_ROCKSOFT=m
- s390x
- EXPOLINE_EXTERN=y
- CRC64_ROCKSOFT=m
- riscv64
- RSEQ=y
- DEBUG_RSEQ=n
- CPU_IDLE=y
- CPU_IDLE_GOV_LADDER=y
- CPU_IDLE_GOV_TEO=y
- RISCV_SBI_CPUIDLE=y
- CPU_IDLE_GOV_MENU=y
- PARPORT_PC=m
- PARPORT_SERIAL=m
- PARPORT_PC_FIFO=y
- PARPORT_PC_PCMCIA=n
- PARIDE=m
- PARIDE_*=m (PARIDE_EPATC8=y
- SCSI_PPA=m
- SCSI_IMM=m
- SCSI_IZIP_EPP16=n
- SCSI_IZIP_SLOW_CTR=n
- NET_DSA_REALTEK_MDIO=m
- NET_DSA_REALTEK_RTL8365MB=m
- NET_DSA_REALTEK_RTL8366RB=m
- KS0108=n
- CLK_STARFIVE_JH7100_AUDIO=m
- POLARFIRE_SOC_SYS_CTRL=m
- IDLE_INJECT=y
- RISCV_PMU=y
- RISCV_PMU_LEGACY=y
- RISCV_PMU_SBI=y
- CPU_IDLE_THERMAL=y
- commit e499f10
++++ ncurses:
- Add ncurses patch 20220402
+ amend extended_captype(), returning CANCEL if a string is explicitly
cancelled.
+ make description-fields distinct -TD
++++ systemd:
- spec: define %bootstrap with %bcond_with so it can be used with %when. Also
re-order the meson options a bit.
- spec: make sure /lib exists when installing conf files in /lib/modprobe.d
------------------------------------------------------------------
------------------ 2022-4-3 - Apr 3 2022 -------------------
------------------------------------------------------------------
++++ kernel-default:
- series.conf: cleanup
- update upstream references and move into sorted section:
- patches.suse/Revert-Input-clear-BTN_RIGHT-MIDDLE-on-buttonpads.patch
- patches.suse/block-restore-the-old-set_task_ioprio-behaviour-wrt-.patch
- commit 6038bd3
++++ llvm15:
- Update to version 14.0.0.
* For details, see the release notes:
- https://releases.llvm.org/14.0.0/docs/ReleaseNotes.html
- https://releases.llvm.org/14.0.0/tools/clang/docs/ReleaseNotes.html
- https://releases.llvm.org/14.0.0/tools/clang/tools/extra/docs/ReleaseNotes.html
- https://releases.llvm.org/14.0.0/projects/libcxx/docs/ReleaseNotes.html
- https://releases.llvm.org/14.0.0/tools/lld/docs/ReleaseNotes.html
* New LLVM tools:
- llvm-debuginfod-find: Tool to fetch debuginfod artifacts.
- llvm-tli-checker: LLVM TargetLibraryInfo versus SDK checker.
* New Clang tools:
- clang-linker-wrapper: A wrapper utility over the host linker.
- clang-nvlink-wrapper: A wrapper tool over nvlink program.
- Add clang-repl-private-deps.patch to make link dependencies of
clang-repl private, otherwise CMake can't install.
- Add PPCISelLowering-Avoid-emitting-calls-to-__multi3.patch to
fix build on PowerPC (32-bit).
- Drop llvm-exegesis-link-dylib.patch, instead we don't build
llvm-exegesis anymore and add check-no-llvm-exegesis.patch to
disable the corresponding tests.
- Rebase patches:
* lldb-cmake.patch
* llvm-do-not-install-static-libraries.patch
* llvm-normally-versioned-libllvm.patch
- Drop patches that have landed upstream:
* llvm-update-extract-section-script.patch
- Split up Clang libraries: libclang.so is no longer so-versioned
alongside LLVM but will stay at libclang.so.13 for now. So we
put it into a separate package from libclang-cpp.so. Since we
can't have multiple LLVM versions generate the same package, we
prefix it for the non-default LLVM with a mechanism inspired by
the GCC packaging.
- Patch exported clang/ClangTargets-relwithdebinfo.cmake to refer
to libclang only by soname, because the installed library might
be newer than the one originally build with the package.
- Use the same mechanism to for libc++ and package Clang scripts
only for the default version. This means we'll no longer have to
touch the package when a new major version comes out.
- Make sure we properly clean up the clang scripts if we're not
packaging them.
- Let python3-clang use libclang.so.XX, which means we can always
build it and makes it depend on libclang instead of clang-devel.
- Fix some rpmlint issues: we don't need explicit library
dependencies that are detected automatically, and we add proper
library dependencies to the *-devel packages.
- Merge llvm-LTO-devel into llvm-devel. That's where the header
files already are, and they are hard to separate.
- Let llvm-polly-devel depend on llvm-devel.
- Remove libLTO and *-devel packages from baselibs, they don't
seem to be needed. We mostly need libLLVM and maybe libclang-cpp.
- Consistently set host triple as *-suse-linux-gnu*.
- Only suggest documentation packages.
++++ libX11:
- Update to version 1.7.4
* Don't try to destroy NULL condition variables
++++ libXcursor:
- Update to version 1.2.1
* This release provides bug fixes, code cleanups, and some
significant documentation improvements.
++++ libdbusmenu-gtk2:
- Set GTKDOCIZE=true when gtk3 to fix issues with autoconf 2.70
++++ libdbusmenu-gtk3:
- Set GTKDOCIZE=true when gtk3 to fix issues with autoconf 2.70
------------------------------------------------------------------
------------------ 2022-4-2 - Apr 2 2022 -------------------
------------------------------------------------------------------
++++ mozilla-nss:
- update to NSS 3.76.1
NSS 3.76.1
* bmo#1756271 - Remove token member from NSSSlot struct.
NSS 3.76
* bmo#1755555 - Hold tokensLock through nssToken_GetSlot calls in
nssTrustDomain_GetActiveSlots.
* bmo#1370866 - Check return value of PK11Slot_GetNSSToken.
* bmo#1747957 - Use Wycheproof JSON for RSASSA-PSS
* bmo#1679803 - Add SHA256 fingerprint comments to old
certdata.txt entries.
* bmo#1753505 - Avoid truncating files in nss-release-helper.py.
* bmo#1751157 - Throw illegal_parameter alert for illegal extensions
in handshake message.
++++ openldap2:
- Update to release 2.6.1
* Ability to log directly to a file bypassing syslog
* back-ndb is retired
* back-sql and back-perl are deprecated
* lloadd(8): Additional load balancing strategies.
* lloadd(8): Additional options to improve coherence with certain
controls and extended operations.
------------------------------------------------------------------
------------------ 2022-4-1 - Apr 1 2022 -------------------
------------------------------------------------------------------
++++ NetworkManager:
- Install nfs dispatcher script in /usr/lib/NetworkManager, not /etc
++++ dracut:
- Update to version 056+suse.252.g75c0d4d5:
See https://github.com/dracutdevs/dracut/releases/tag/056 for details.
Additional changes:
* feat(resume): sanity check (bsc#1197192)
* fix(dracut-initramfs-restore.sh): unpack uncompressed initrd as last option (bsc#1197195)
* fix(resume): only exclude this module when swap is netdev
* fix(network): do not use network-wicked as default network handler
* chore(suse): update spec
++++ glib2:
- remove provides/obsoletes on glib2-doc, it was split into
two packages again
- spec-cleaner reorderings
++++ gcc12:
- Add provides/conflicts to glibc crosses since only one GCC version
for the same target can be installed at the same time.
- Add provides/conflicts to libgccjit
++++ libsoup:
- Update to version 3.0.6:
+ Misc HTTP/2 fixes.
+ Add PUT/POST support to examples/get.
+ Add `--user-agent` option to examples/get.
+ Misc meson improvements.
+ Fix build with Visual Studio.
++++ libvirt:
- Update to libvirt 8.2.0
- CVE-2022-0897
- Many incremental improvements and bug fixes, see
https://libvirt.org/news.html#v8-2-0-2022-04-01
- Dropped patches:
823a62ec-qemu-fix-undefine-crash.patch
++++ podman:
- Update to version 4.0.3:
* Security
- This release fixes CVE-2022-27649, where containers run by Podman would have excess inheritable capabilities set.
* Changes
- The podman machine rm --force command will now remove running machines as well (such machines are shut down first, then removed) (#13448).
- When a podman machine VM is started that is using a too-old VM image, it will now start in a reduced functionality mode, and provide instructions on how to recreate it (previously, VMs were effectively unusable) (#13510).
* Bugfixes
- Fixed a bug where devices added to containers by the --device option to podman run and podman create would not be accessible within the container.
- Fixed a bug where Podman would refuse to create containers when the working directory in the container was a symlink (#13346).
- Fixed a bug where pods would be created with cgroups even if cgroups were disabled in containers.conf (#13411).
- Fixed a bug where the podman play kube command would produce confusing errors if invalid YAML with duplicated container named was passed (#13332).
- Fixed a bug where the podman machine rm command would not remove the Podman API socket on the host that was associated with the VM.
- Fixed a bug where the remote Podman client was unable to properly resize the TTYs of containers on non-Linux OSes.
- Fixed a bug where rootless Podman could hang indefinitely when starting containers on systems with IPv6 disabled (#13388).
- Fixed a bug where the podman version command could sometimes print excess blank lines as part of its output.
- Fixed a bug where the podman generate systemd command would sometimes generate systemd services with names beginning with a hyphen (#13272).
- Fixed a bug where locally building the pause image could fail if the current directory contained a .dockerignore file (#13529).
- Fixed a bug where root containers in VMs created by podman machine could not bind ports to specific IPs on the host (#13543).
- Fixed a bug where the storage utilization percentages displayed by podman system df were incorrect (#13516).
- Fixed a bug where the CPU utilization percentages displayed by podman stats were incorrect (#13597).
- Fixed a bug where containers created with the --no-healthcheck option would still display healthcheck status in podman inspect (#13578).
- Fixed a bug where the podman pod rm command could print a warning about a missing cgroup (#13382).
- Fixed a bug where the podman exec command could sometimes print a timed out waiting for file error after the process in the container exited (#13227).
- Fixed a bug where virtual machines created by podman machine were not tolerant of changes to the path to the qemu binary on the host (#13394).
- Fixed a bug where the remote Podman client's podman build command did not properly handle the context directory if a Containerfile was manually specified using -f (#13293).
- Fixed a bug where Podman would not properly detect the use of systemd as PID 1 in a container when the entrypoint was prefixed with /bin/sh -c (#13324).
- Fixed a bug where rootless Podman could, on systems that do not use systemd as init, print a warning message about the rootless network namespace (#13703).
- Fixed a bug where the default systemd unit file for podman system service did not delegate all cgroup controllers, resulting in podman info queries against the remote API returning incorrect cgroup controllers (#13710).
- Fixed a bug where the slirp4netns port forwarder for rootless Podman would only publish the first port of a range (#13643).
* API
- Fixed a bug where the Compat Create API for containers did not properly handle permissions for tmpfs mounts (#13108).
* Misc
- The static binary for Linux is now built with CGo disabled to avoid panics due to a Golang bug (#13557).
- Updated Buildah to v1.24.3
- Updated the containers/storage library to v1.38.3
- Updated the containers/image library to v5.19.2
- Updated the containers/common library to v0.47.5
++++ python-libvirt-python:
- Update to 8.2.0
- Add all new APIs and constants in libvirt 8.2.0
------------------------------------------------------------------
------------------ 2022-3-31 - Mar 31 2022 -------------------
------------------------------------------------------------------
++++ kdump:
- pull sources directly from git using obs_scm
- fix bsc#1190299, bsc#1186272
- add support for Zstandard compression algorithm
- remove patches included in upstream git:
kdump-calibrate-include-af_packet.patch,
kdump-calibrate-fix-nic-naming.patch,
kdump-calibrate.conf-depends-on-kdumptool.patch
++++ kernel-default:
- Revert "config: Enable BPF LSM" (bsc#1197746)
This reverts commit c2c25b18721866d6211054f542987036ed6e0a50.
This config change was reported to break boot if SELinux is enabled. Revert
until we have a fix.
- commit 0a20128
- Revert "config: Enable BPF LSM" (bsc#1197746)
This reverts commit c2c25b18721866d6211054f542987036ed6e0a50.
- commit 58205bc
++++ libX11:
- Update to version 1.7.4
* bugfix release
- supersedes p_khmer-compose.diff
++++ ceph:
- Update to v16.2.7-654-gd5a90ff46f0
+ (bsc#1196733) remove build directory during %clean
++++ systemd:
- Temporarily disable 'libcryptsetup plugins until dracut 056 is merged in
Factory
- Add 0001-meson-build-kernel-install-man-page-when-necessary.patch
Submitted to upstream: https://github.com/systemd/systemd/pull/22918
++++ salt:
- Fix salt-ssh opts poisoning (bsc#1197637)
- Added:
* fix-salt-ssh-opts-poisoning-bsc-1197637-3004-501.patch
- Fix multiple security issues (bsc#1197417)
* Sign authentication replies to prevent MiTM (CVE-2022-22935)
* Sign pillar data to prevent MiTM attacks. (CVE-2022-22934)
* Prevent job and fileserver replays (CVE-2022-22936)
* Fixed targeting bug, especially visible when using syndic and user auth. (CVE-2022-22941)
- Added:
* fix-multiple-security-issues-bsc-1197417.patch
++++ qemu:
- Support the SGX feature (bsc#1197807)
* Patches added:
doc-Add-the-SGX-numa-description.patch
numa-Enable-numa-for-SGX-EPC-sections.patch
numa-Support-SGX-numa-in-the-monitor-and.patch
------------------------------------------------------------------
------------------ 2022-3-30 - Mar 30 2022 -------------------
------------------------------------------------------------------
++++ lvm2-device-mapper:
- lvm2-monitor.service reported warning messages for udev didn't finish to set up device database (bsc#1197183)
+ 0025-vgchange-monitor-don-t-use-udev-info.patch
++++ kernel-default:
- Refresh patches.rpmify/powerpc-64-BE-option-to-use-ELFv2-ABI-for-big-endian.patch.
- Refresh config files.
- commit bd4767f
++++ harfbuzz:
- Update to version 4.2.0:
+ Revert Indic shaper change in previous release that broke some
fonts and instead make per-syllable restriction of “GSUBâ€
application limited to script-specific Indic features, while
applying them and discretionary features in one go
+ Fix decoding of private in gvar table
+ Fix handling of contextual lookups that delete too many glyphs
+ Make “morx†deleted glyphs don’t block “GPOS†application
++++ lvm2:
- lvm2-monitor.service reported warning messages for udev didn't finish to set up device database (bsc#1197183)
+ 0025-vgchange-monitor-don-t-use-udev-info.patch
++++ libosinfo:
- bsc#1197769 - FTBFS: libosinfo won't compile on SP4
libosinfo.spec
++++ ceph:
- Update to v16.2.7-652-gf5dc462fdb5
+ (bsc#1194875) [SES7P] include/buffer: include <memory>
++++ rpm:
- Update zstdpool.diff in order to fix boo#1197643.
++++ virt-manager:
- bsc#1196806 - [jsc#SLE-18834][virt-install] ERROR SEV launch
security requires a Q35 UEFI machine (epic: jsc#SLE-18732)
virtman-add-sev-memory-support.patch
- Add firmware features to description tooltip when mouse hovers
over the selected firmware file.
virtman-add-tooltip-to-firmware.patch
------------------------------------------------------------------
------------------ 2022-3-29 - Mar 29 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- Update to 22.0.1
* fixes in lavapipe and zink, maintainer scripts and panfrost
- supersedes U_meson-restore-private-requires-to-libdrm-in-dri.pc-f.patch
++++ Mesa-drivers:
- Update to 22.0.1
* fixes in lavapipe and zink, maintainer scripts and panfrost
- supersedes U_meson-restore-private-requires-to-libdrm-in-dri.pc-f.patch
++++ apparmor:
- ensure precompiled cache files are newer than (text) profiles
- reload profiles in %posttrans instead of %post to ensure both
- profiles and -abstractons package are updated before the cache
in /var/cache/apparmor/ gets built (boo#1195463 #c20)
++++ cni-plugins:
- Update to version 1.1.1:
* ipam/dhcp: Fix client id in renew/release
* call ipam.ExceDel after clean up device in netns fix #666
* portmap: fix checkPorts result when chain does not exist
* portmap: fix bug that new udp connection deletes all existing conntrack entries
* Enhanced dad set to 1
* Add boolean to enable/disable dad
* Disable DAD for container side veth
* firewall: support ingressPolicy=(open|same-bridge) for isolating bridges as in Docker
* Fix host-device gofmt
* host-device: Bring interfaces up after moving into container
* pkg/ns: use file system magic numbers from golang.org/x/sys/unix
* gofmt
* go mod tidy
* build: bump to go 1.17
* Remove arp notify setting per comment
* plugins: replace arping package with arp_notify
* fix #685
* Ran go fmt so tests would pass
* Fixed DHCP problem that broke when fast retry was added.
* dhcp ipam: adjust retry mechanism
* add ipam tests for dpdk device
* add ipam support for dpdk device
* ipvlan: Send Gratuitous ARP after IPs are set
* dhcp ipam: fix client id
* dhcp ipam: rename inconsistent options among files
* dhcp ipam: add more options capable for sending
* dhcp ipam: add fast retry
* dhcp ipam: support customizing dhcp options
* dhcp ipam: truncate client id to 254 bytes
* dhcp ipam: print error correctly without format string
* dhcp ipam: using full config to regular the code
* Allow setting sysctls on a particular interface
* dhcp: remove implemented TODO
* Don't redundantly filepath.Clean the output of filepath.Join
* Use crypto/rand.Read, not crypto.Reader.Read
* bridge: Add macspoofchk support
* plugins: fix bug where support for CNI version 0.4.0 or 1.0.0 was dropped
* vendor: bump to libcni v1.0.1
* static ipam: do not parse the CIDR twice
* static ipam: improve error msgs when provisioning invalid CIDR
* bump go to 1.16, other misc fixes
* vendor: bump all direct dependencies
* vendor: bump to libcni v1.0
* docs: Update the CI badge from Travis CI to GitHub Actions
* bridge: Fix typo in error message for promiscuous mode
* ip: place veth peer in host namspace directly
* bridge: Add mac field to specify container iface mac
* static ipam: decide wrong cidr error msg
* static ipam: stop wrapping net.ParseCIDR errors
* static ipam: show confusing error msg
* utils, hwaddr: Remove unused package
* ip, link_linux: Remove unused SetHWAddrByIP function
* plugins: remove flannel
* refactor(win-bridge): netconf
* refactor(win-bridge): hcn api processing
* refactor(win-bridge): hns api processing
* chore(win-bridge): location related
* chore(win-bridge): text related
* Remove Bryan Boreham as maintainer
* host-local: support ip/prefix in env args and CNI args
* [sbr]: Use different tableID for every ipCfg Check tableID not in use for every ipCfg
* Small typo improves in README.md
* Allow multiple routes to be added for the same prefix. Enables ECMP
* Update to lastest vendor/github.com/vishvananda/netlink
* tuning: always update MAC in CNI result
* vendor: bump to libcni v1.0-rc1
* tuning: Add support of altering the allmulticast flag
* [sbr]: Use different tableID for every ipCfg Move default table routes which match the ipCfg config
* Fix nil-pointer check
* host-local: support custom IPs allocation through runtime configuration
* pkg/ip: introduce a new type `IP` to support formated <ip>[/<prefix>]
* go.mod: github.com/j-keck/arping v1.0.1
* go.mod: github.com/buger/jsonparser v1.1.1
* go.mod: github.com/alexflint/go-filemutex v1.1.0
* go.mod github.com/Microsoft/hcsshim v0.8.16
* go.mod: godbus/dbus/v5 v5.0.3, coreos/go-systemd v22.2.0
* go.mod: github.com/mattn/go-shellwords v1.0.11
* go.mod: github.com/sirupsen/logrus v1.8.1
* CI: Install linux-modules-extra for VRF module
* Fix broken links to online docs in plugin READMEs
* gha: update actions/setup-go@v2
* remove redundant startRange in RangeIter due to overlap check on multi ranges
* fix(win-bridge): panic while calling HNS api
* portmap: use slashes in sysctl template to support interface names which separated by dots
* pkg/ipam: use slash as sysctl separator so interface name can have dot
* [macvlan] Stop setting proxy-arp on macvlan interface
* tuning: increase test coverage to 1.0.0 and older spec versions
* portmap: increase test coverage to 1.0.0 and older spec versions
* flannel: increase test coverage to 1.0.0 and older spec versions
* firewall: increase test coverage to 1.0.0 and older spec versions
* bandwidth: increase test coverage to 1.0.0 and older spec versions
* host-local: increase test coverage to 1.0.0 and older spec versions
* static: increase test coverage to 1.0.0 and older spec versions
* dhcp: increase test coverage to 1.0.0 and older spec versions
* dhcp: add -resendmax option to limit lease acquisition time for testcases
* vlan: increase test coverage to 1.0.0 and older spec versions
* ptp: increase test coverage to 1.0.0 and older spec versions
* macvlan: increase test coverage to 1.0.0 and older spec versions
* loopback: increase test coverage to 1.0.0 and older spec versions
* ipvlan: increase test coverage to 1.0.0 and older spec versions
* host-device: increase test coverage to 1.0.0 and older spec versions
* bridge: increase test coverage to 1.0.0 and older spec versions
* bridge: simplify version-based testcase code
* testutils: add test utilities for spec version features
* plugins: update to spec version 1.0.0
* vendor: bump CNI to 1.0.0-pre @ 62e54113 (fixes bsc#1181961 aka CVE-2021-20206)
- Drop %go_nostrip
++++ kernel-default:
- Refresh
patches.suse/block-restore-the-old-set_task_ioprio-behaviour-wrt-.patch.
Update to upstream version.
- commit eed8aee
++++ libapparmor:
- ensure precompiled cache files are newer than (text) profiles
- reload profiles in %posttrans instead of %post to ensure both
- profiles and -abstractons package are updated before the cache
in /var/cache/apparmor/ gets built (boo#1195463 #c20)
++++ rdma-core:
- Update to v39.1
- Major fixes for hns provider
- Bug fixes for all providers
- systemd hardening
- NDR rate support
- Dropped srp_daemon-Detect-proper-path-to-systemctl.patch
as it was fixed upstream
++++ expat:
- update to 2.4.8:
* Other changes:
- pkg-config: Move "-lm" to section "Libs.private"
- CMake|MSVC: Fix pkg-config section "Libs"
- CMake|macOS: Start using linker arguments
"-compatibility_version <version>" and
"-current_version <version>" in a way compatible with GNU
Libtool
- Version info bumped from 9:7:8 to 9:8:8;
see https://verbump.de/ for what these numbers do
++++ sqlite3:
- update to 3.38.2:
* Fix a problem with the Bloom filter optimization that might
cause an incorrect answer when doing a LEFT JOIN with a WHERE
clause constraint that says that one of the columns on the
right table of the LEFT JOIN is NULL.
* Other minor patches.
++++ python-urllib3:
- update to 1.26.9:
* Changed ``urllib3[brotli]`` extra to favor installing Brotli libraries that are still
receiving updates like ``brotli`` and ``brotlicffi`` instead of ``brotlipy``.
This change does not impact behavior of urllib3, only which dependencies are installed.
* Fixed a socket leaking when ``HTTPSConnection.connect()`` raises an exception.
* Fixed ``server_hostname`` being forwarded from ``PoolManager`` to ``HTTPConnectionPool``
when requesting an HTTP URL. Should only be forwarded when requesting an HTTPS URL.
++++ qemu:
- Backport CVE-2021-3929 (bsc#1193880)
* Patches added:
hw-nvme-fix-CVE-2021-3929.patch
- The patches from upstream cause testsuit failures (bsc#1197150 bsc#1197528)
* Patches added:
Revert-python-iotests-replace-qmp-with-a.patch
Revert-python-machine-add-instance-disam.patch
Revert-python-machine-add-sock_dir-prope.patch
Revert-python-machine-handle-fast-QEMU-t.patch
Revert-python-machine-move-more-variable.patch
Revert-python-machine-remove-_remove_mon.patch
- Add missing patch from a PTFs (bsc#1194938)
* Patches added:
scsi-generic-check-for-additional-SG_IO-.patch
++++ runc:
- Update to runc v1.1.1. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.1.1.
* runc run/start can now run a container with read-only /dev in OCI spec,
rather than error out. (#3355)
* runc exec now ensures that --cgroup argument is a sub-cgroup. (#3403)
libcontainer systemd v2 manager no longer errors out if one of the files
listed in /sys/kernel/cgroup/delegate do not exist in container's
cgroup. (#3387, #3404)
* Loosen OCI spec validation to avoid bogus "Intel RDT is not supported"
error. (#3406)
* libcontainer/cgroups no longer panics in cgroup v1 managers if stat
of /sys/fs/cgroup/unified returns an error other than ENOENT. (#3435)
------------------------------------------------------------------
------------------ 2022-3-28 - Mar 28 2022 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Revert "swiotlb: rework "fix info leak with DMA_FROM_DEVICE""
(bsc#1197460).
- commit ffd9dce
- block: restore the old set_task_ioprio() behaviour wrt
PF_EXITING (bsc#1197582).
- commit c349fed
- Linux 5.17.1 (bsc#1012628).
- llc: only change llc->dev when bind() succeeds (bsc#1012628).
- drm/msm/gpu: Fix crash on devices without devfreq support (v2)
(bsc#1012628).
- nds32: fix access_ok() checks in get/put_user (bsc#1012628).
- m68k: fix access_ok for coldfire (bsc#1012628).
- wcn36xx: Differentiate wcn3660 from wcn3620 (bsc#1012628).
- tpm: use try_get_ops() in tpm-space.c (bsc#1012628).
- tpm: fix reference counting for struct tpm_chip (bsc#1012628).
- mac80211: fix potential double free on mesh join (bsc#1012628).
- uaccess: fix integer overflow on access_ok() (bsc#1012628).
- rcu: Don't deboost before reporting expedited quiescent state
(bsc#1012628).
- jbd2: fix use-after-free of transaction_t race (bsc#1012628).
- drm/virtio: Ensure that objs is not NULL in
virtio_gpu_array_put_free() (bsc#1012628).
- Revert "ath: add support for special 0x0 regulatory domain"
(bsc#1012628).
- Bluetooth: btusb: Use quirk to skip HCI_FLT_CLEAR_ALL on fake
CSR controllers (bsc#1012628).
- Bluetooth: hci_sync: Add a new quirk to skip HCI_FLT_CLEAR_ALL
(bsc#1012628).
- Bluetooth: btusb: Add one more Bluetooth part for the Realtek
RTL8852AE (bsc#1012628).
- crypto: qat - disable registration of algorithms (bsc#1012628).
- ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU
(bsc#1012628).
- ACPI: battery: Add device HID and quirk for Microsoft Surface
Go 3 (bsc#1012628).
- ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board
(bsc#1012628).
- netfilter: nf_tables: validate registers coming from userspace
(bsc#1012628).
- netfilter: nf_tables: initialize registers in nft_do_chain()
(bsc#1012628).
- drivers: net: xgene: Fix regression in CRC stripping
(bsc#1012628).
- ALSA: pci: fix reading of swapped values from pcmreg in AC97
codec (bsc#1012628).
- ALSA: cmipci: Restore aux vol on suspend/resume (bsc#1012628).
- ALSA: usb-audio: Add mute TLV for playback volumes on RODE
NT-USB (bsc#1012628).
- ALSA: pcm: Add stream lock during PCM reset ioctl operations
(bsc#1012628).
- ALSA: pcm: Fix races among concurrent prealloc proc writes
(bsc#1012628).
- ALSA: pcm: Fix races among concurrent prepare and
hw_params/hw_free calls (bsc#1012628).
- ALSA: pcm: Fix races among concurrent read/write and buffer
changes (bsc#1012628).
- ALSA: pcm: Fix races among concurrent hw_params and hw_free
calls (bsc#1012628).
- ALSA: hda/realtek: Add quirk for ASUS GA402 (bsc#1012628).
- ALSA: hda/realtek - Fix headset mic problem for a HP machine
with alc671 (bsc#1012628).
- ALSA: hda/realtek: Add quirk for Clevo NP50PNJ (bsc#1012628).
- ALSA: hda/realtek: Add quirk for Clevo NP70PNJ (bsc#1012628).
- ALSA: usb-audio: add mapping for new Corsair Virtuoso SE
(bsc#1012628).
- ALSA: oss: Fix PCM OSS buffer allocation overflow (bsc#1012628).
- ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call
(bsc#1012628).
- llc: fix netdevice reference leaks in llc_ui_bind()
(bsc#1012628).
- Bluetooth: btusb: Add another Realtek 8761BU (bsc#1012628).
- tpm: Fix error handling in async work (bsc#1012628).
- commit e830013
++++ kmod:
- add keyring so that gpg validation actually does something
++++ libfido2:
- Version 1.10.0 (2022-01-17)
* hid_osx: handle devices with paths > 511 bytes; gh#462.
* bio: fix CTAP2 canonical CBOR encoding in fido_bio_dev_enroll_*(); gh#480.
* winhello: fallback to GetTopWindow() if GetForegroundWindow() fails.
* winhello: fallback to hid_win.c if webauthn.dll isn’t available.
* New API calls:
- fido_dev_info_set;
- fido_dev_io_handle;
- fido_dev_new_with_info;
- fido_dev_open_with_info.
* Cygwin and NetBSD build fixes.
* Documentation and reliability fixes.
* Support for TPM 2.0 attestation of COSE_ES256 credentials.
++++ gcc12:
- Bump to 9f37d31324f89d0b7b2abac988a976d121ae29c6, git192251.
++++ multipath-tools:
- If multipath-tools is newly installed, load dm-multipath
(bsc#1196898)
++++ ncurses:
- Add ncurses patch 20220326
+ update teken -TD
+ add teken-16color, teken-vt and teken-sc -TD
+ add a few missing details for vte-2018 (report by Robert Lange) -TD
++++ systemd:
- Move systemd-boot and all components managing (secure) UEFI boot into udev
sub-package: they may deserve a dedicated sub-package in the future but for
now move them to udev so they aren't installed in systemd based containers.
- Move a bunch of components operating on (mainly block) devices into udev as
without udev they're most likely useless.
- spec: enable 'efi' support regardless of whether sd_boot is enabled or not
We should support EFI systems even if systemd-boot is not enabled.
++++ openssh:
- read ssh and sshd config file also from /usr/etc
- add openssh-server-config-rootlogin subpackage that enabled PermitRootLogin
++++ shared-mime-info:
- Update to 2.2:
* model/3mf: new type
* Match shared libraries with version suffix
* model/obj: add mtllib and Blender comment based magic
* model/mtl: add Blender comment magic, increase newmtl range
* model/obj, model/mtl: new types
* Add Electron Archive Format type application/x-asar
* text/x-qml: Lower match priority to avoid conflicts with Python
* Move '*.blend' to top of Blender glob list
* Adding SPARQL media types
* application/zip: Add `*.zipx` glob and test fixture
* Added DSD mime type
* Differentiate comic book archives
* FITS: Add missing `application/fits` and legacy globs
* Add Godot engine files
* Add FlashForge "xgcode" mime-type
* text/x-objc++src: new type
* image/heif: test .hif extension too
* image/hif: add *.hif glob
* image/heif: add another test case
* image/heif: add magics
* Add a build-tools option to allow installing only the mime data
* Add compressed SVG glob pattern `*.svg.gz`
* Add Apple Wallet pass type application/vnd.apple.pkpass
* migrate from custom itstool to builtin msgfmt for creating
translated XML
* Make the remaining plain text types subclasses of text/plain
* audio/mobile-xmf: separate from audio/x-xmf
* Adding ZIM file
* Make text/x-mrml a subclass of application/xml
* image/avif: move acronym and expansion to separate fields from
comment
* freedesktop_generate.sh: Don't hardcode ninja
* Add text/x-mpl2
* application/x-apple-systemprofiler+xml: require
_SPCommandLineArguments in plist
* image/jpeg: add test case with embedded property list XML
* audio/vnd.dts.hd: include parent type magic in magic match
* model/gltf+json: new type
* model/gltf-binary: new type
* application/x-object: add *.mod and a test case
* application/x-mod: add some ProTracker magics and a test case
* image/jxl: include test files in test list
* tests: add trailing linefeed to mime-detection list
* Make application/x-mswinurl a subclass of text/plain
* Change description for *.desktop files to "desktop entry"
* application/x-x509-ca-cert: add magics and test cases
* application/pkix-cert: add BEGIN/END X509 CERTIFICATE magic
* application/pkix-crl: add magic and test case
* application/pkix-cert: add magic and test case
* image/jxl: new type
* Added .sc filename extension for Scala source code, as it is
occasionally used
* application/schema+json: new type
* Add text/x-crystal
* application/x-krita: remove stray period from comment
* adding org-mode
* Add Elixir source code mime type
* Add two new offsets for .kra and .krz
* text/x-python3: add *.pyi glob (Python stub files)
* image/x-canon-cr3: new type
* image/x-xpixmap: make XPM3 magic more specific
* image/x-xpixmap: add XPM2 magic
* application/x-troff-man: add *.[1-9] glob
* application/toml: new type
* Lower priority of "BEGIN {" for perl, awk uses that too
* Add Smacker video type video/vnd.radgamettools.smacker
* Clarify database license
* meson: make xmlto optional, build spec only if found
* application/x-7z-compressed: add *.7z.001 glob
* Add Bink video type video/vnd.radgamettools.bink
* image/x-nikon-nrw: add test case
* image/x-nikon-nrw: new type
* application/x-vhdx-disk: improve acronym and its expansion
* application/ovf: new type
* application/x-qed-disk: new type
* application/x-vdi-disk: new type
* application/x-vmdk-disk: new type
* application/x-vhd-disk, /x-vhdx-disk: new types
* application/vnd.apple.numbers, .pages: add older magics and
test cases
* Add text/x-dart
* application/vnd.apple.numbers, /vnd.apple.pages: new types
* xdgmime: configure as submodule
- Drop obsolete patches:
* fix-build-meson-0_60.patch
* drop-itstool-dep.patch
------------------------------------------------------------------
------------------ 2022-3-27 - Mar 27 2022 -------------------
------------------------------------------------------------------
++++ python-Jinja2:
- specfile:
* update copyright year
* require python-base >= 3.7
- update to version 3.1.1:
* The template filename on Windows uses the primary path separator.
:issue:`1637`
- changes from version 3.1.0:
* Drop support for Python 3.6. :pr:`1534`
* Remove previously deprecated code. :pr:`1544`
+ "WithExtension" and "AutoEscapeExtension" are built-in now.
+ "contextfilter" and "contextfunction" are replaced by
"pass_context". "evalcontextfilter" and "evalcontextfunction"
are replaced by "pass_eval_context". "environmentfilter" and
"environmentfunction" are replaced by "pass_environment".
+ "Markup" and "escape" should be imported from MarkupSafe.
+ Compiled templates from very old Jinja versions may need to be
recompiled.
+ Legacy resolve mode for "Context" subclasses is no longer
supported. Override "resolve_or_missing" instead of "resolve".
+ "unicode_urlencode" is renamed to "url_quote".
* Add support for native types in macros. :issue:`1510`
* The "{% trans %}" tag can use "pgettext" and "npgettext" by
passing a context string as the first token in the tag, like "{%
trans "title" %}". :issue:`1430`
* Update valid identifier characters from Python 3.6 to 3.7.
:pr:`1571`
* Filters and tests decorated with "@async_variant" are pickleable.
:pr:`1612`
* Add "items" filter. :issue:`1561`
* Subscriptions ("[0]", etc.) can be used after filters, tests, and
calls when the environment is in async mode. :issue:`1573`
* The "groupby" filter is case-insensitive by default, matching
other comparison filters. Added the "case_sensitive" parameter
to control this. :issue:`1463`
* Windows drive-relative path segments in template names will not
result in "FileSystemLoader" and "PackageLoader" loading from
drive-relative paths. :pr:`1621`
------------------------------------------------------------------
------------------ 2022-3-26 - Mar 26 2022 -------------------
------------------------------------------------------------------
++++ audit-secondary:
- Fix buildrequire for openldap2-devel - audit doesn't require the
(outdated) C++ binding, but the C headers that happen to be pulled
in by buildrequiring the C++ devel package
++++ cni:
- Update to version v1.0.1:
* Rewritten spec
+ non-List configurations are removed
+ the version field in the interfaces array was redundant and
is removed
* libcni improvements
- Employ RPM macros.go where feasible
- Use vendor tarball
- Remove ./build.sh
++++ gstreamer-plugins-base:
- Add 5a074a11f90e3d70b24bf0c535ab0480fad9e701.patch: playsink:
Complete reconfiguration on pad release.
- Use ldconfig_scriptlets macro for post(un) handling.
++++ iproute2:
- update to 5.17:
* lib/fs: fix memory leak in get_task_name()
* bridge: Remove vlan listing from `bridge link`
* bond: add arp_missed_max option
* libnetlink: fix socket leak in rtnl_open_byproto()
* dcb: Fix error reporting when accessing "dcb app"
* tc_util: Fix parsing action control with space and slash
* lib: fix ax25.h include for musl
* uapi: add missing rose and ax25 files
* rdma: Fix res_print_uint() and add res_print_u64()
* tc: Add support for ce_threshold_value/mask in fq_codel
- Add tmpfiles.d conf for /run/netns
++++ openldap2:
- Add _multibuild support to integrate the build of libldapcpp-devel
to drop the outdated copy
++++ python310-core:
- Update to 3.10.4:
- bpo-46968: Check for the existence of the “sys/auxv.h†header
in faulthandler to avoid compilation problems in systems
where this header doesn’t exist. Patch by Pablo Galindo
- bpo-23691: Protect the re.finditer() iterator from
re-entering.
- bpo-42369: Fix thread safety of zipfile._SharedFile.tell() to
avoid a “zipfile.BadZipFile: Bad CRC-32 for file†exception
when reading a ZipFile from multiple threads.
- bpo-38256: Fix binascii.crc32() when it is compiled to use
zlib’c crc32 to work properly on inputs 4+GiB in length
instead of returning the wrong result. The workaround prior
to this was to always feed the function data in increments
smaller than 4GiB or to just call the zlib module function.
- bpo-39394: A warning about inline flags not at the start of
the regular expression now contains the position of the flag.
- bpo-47061: Deprecate the various modules listed by PEP 594:
- aifc, asynchat, asyncore, audioop, cgi, cgitb, chunk, crypt,
imghdr, msilib, nntplib, nis, ossaudiodev, pipes, smtpd,
sndhdr, spwd, sunau, telnetlib, uu, xdrlib
- bpo-2604: Fix bug where doctests using globals would fail
when run multiple times.
- bpo-45997: Fix asyncio.Semaphore re-aquiring FIFO order.
- bpo-47022: The asynchat, asyncore and smtpd modules have been
deprecated since at least Python 3.6. Their documentation and
deprecation warnings and have now been updated to note they
will removed in Python 3.12 (PEP 594).
- bpo-46421: Fix a unittest issue where if the command was
invoked as python -m unittest and the filename(s) began with
a dot (.), a ValueError is returned.
- bpo-40296: Fix supporting generic aliases in pydoc.
- Update to 3.10.3:
- bpo-46940: Avoid overriding AttributeError metadata
information for nested attribute access calls. Patch by Pablo
Galindo.
- bpo-46852: Rename the private undocumented
float.__set_format__() method to float.__setformat__() to fix
a typo introduced in Python 3.7. The method is only used by
test_float. Patch by Victor Stinner.
- bpo-46794: Bump up the libexpat version into 2.4.6
- bpo-46820: Fix parsing a numeric literal immediately (without
spaces) followed by “not in†keywords, like in 1not in x. Now
the parser only emits a warning, not a syntax error.
- bpo-46762: Fix an assert failure in debug builds when a ‘<’,
‘>’, or ‘=’ is the last character in an f-string that’s
missing a closing right brace.
- bpo-46724: Make sure that all backwards jumps use the
JUMP_ABSOLUTE instruction, rather than JUMP_FORWARD with an
argument of (2**32)+offset.
- bpo-46732: Correct the docstring for the __bool__() method.
Patch by Jelle Zijlstra.
- bpo-46707: Avoid potential exponential backtracking when
producing some syntax errors involving lots of brackets.
Patch by Pablo Galindo.
- bpo-40479: Add a missing call to va_end() in
Modules/_hashopenssl.c.
- bpo-46615: When iterating over sets internally in
setobject.c, acquire strong references to the resulting items
from the set. This prevents crashes in corner-cases of
various set operations where the set gets mutated.
- bpo-45773: Remove two invalid “peephole†optimizations from
the bytecode compiler.
- bpo-43721: Fix docstrings of getter, setter, and deleter to
clarify that they create a new copy of the property.
- bpo-46503: Fix an assert when parsing some invalid N escape
sequences in f-strings.
- bpo-46417: Fix a race condition on setting a type __bases__
attribute: the internal function add_subclass() now gets the
PyTypeObject.tp_subclasses member after calling
PyWeakref_NewRef() which can trigger a garbage collection
which can indirectly modify PyTypeObject.tp_subclasses. Patch
by Victor Stinner.
- bpo-46383: Fix invalid signature of _zoneinfo’s module_free
function to resolve a crash on wasm32-emscripten platform.
- bpo-46070: Py_EndInterpreter() now explicitly untracks all
objects currently tracked by the GC. Previously, if an object
was used later by another interpreter, calling
PyObject_GC_UnTrack() on the object crashed if the previous
or the next object of the PyGC_Head structure became
a dangling pointer. Patch by Victor Stinner.
- bpo-46339: Fix a crash in the parser when retrieving the
error text for multi-line f-strings expressions that do not
start in the first line of the string. Patch by Pablo Galindo
- bpo-46240: Correct the error message for unclosed parentheses
when the tokenizer doesn’t reach the end of the source when
the error is reported. Patch by Pablo Galindo
- bpo-46091: Correctly calculate indentation levels for lines
with whitespace character that are ended by line continuation
characters. Patch by Pablo Galindo
- bpo-43253: Fix a crash when closing transports where the
underlying socket handle is already invalid on the Proactor
event loop.
- bpo-47004: Apply bugfixes from importlib_metadata 4.11.3,
including bugfix for EntryPoint.extras, which was returning
match objects and not the extras strings.
- bpo-46985: Upgrade pip wheel bundled with ensurepip (pip
22.0.4)
- bpo-46968: faulthandler: On Linux 5.14 and newer, dynamically
determine size of signal handler stack size CPython allocates
using getauxval(AT_MINSIGSTKSZ). This changes allows for
Python extension’s request to Linux kernel to use AMX_TILE
instruction set on Sapphire Rapids Xeon processor to succeed,
unblocking use of the ISA in frameworks.
- bpo-46955: Expose asyncio.base_events.Server as
asyncio.Server. Patch by Stefan Zabka.
- bpo-23325: The signal module no longer assumes that SIG_IGN
and SIG_DFL are small int singletons.
- bpo-46932: Update bundled libexpat to 2.4.7
- bpo-25707: Fixed a file leak in
xml.etree.ElementTree.iterparse() when the iterator is not
exhausted. Patch by Jacob Walls.
- bpo-44886: Inherit asyncio proactor datagram transport from
asyncio.DatagramTransport.
- bpo-46827: Support UDP sockets in asyncio.loop.sock_connect()
for selector-based event loops. Patch by Thomas Grainger.
- bpo-46811: Make test suite support Expat >=2.4.5
- bpo-46252: Raise TypeError if ssl.SSLSocket is passed to
transport-based APIs.
- bpo-46784: Fix libexpat symbols collisions with user
dynamically loaded or statically linked libexpat in embedded
Python.
- bpo-39327: shutil.rmtree() can now work with VirtualBox
shared folders when running from the guest operating-system.
- bpo-46756: Fix a bug in
urllib.request.HTTPPasswordMgr.find_user_password() and
urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated()
which allowed to bypass authorization. For example, access to
URI example.org/foobar was allowed if the user was authorized
for URI example.org/foo.
- bpo-46643: In typing.get_type_hints(), support evaluating
stringified ParamSpecArgs and ParamSpecKwargs annotations.
Patch by Gregory Beauregard.
- bpo-45863: When the tarfile module creates a pax format
archive, it will put an integer representation of timestamps
in the ustar header (if possible) for the benefit of older
unarchivers, in addition to the existing full-precision
timestamps in the pax extended header.
- bpo-46676: Make typing.ParamSpec args and kwargs equal to
themselves. Patch by Gregory Beauregard.
- bpo-46672: Fix NameError in asyncio.gather() when initial
type check fails.
- bpo-46655: In typing.get_type_hints(), support evaluating
bare stringified TypeAlias annotations. Patch by Gregory
Beauregard.
- bpo-45948: Fixed a discrepancy in the C implementation of the
xml.etree.ElementTree module. Now, instantiating an
xml.etree.ElementTree.XMLParser with a target=None keyword
provides a default xml.etree.ElementTree.TreeBuilder target
as the Python implementation does.
- bpo-46521: Fix a bug in the codeop module that was
incorrectly identifying invalid code involving string quotes
as valid code.
- bpo-46581: Brings ParamSpec propagation for GenericAlias in
line with Concatenate (and others).
- bpo-46591: Make the IDLE doc URL on the About IDLE dialog
clickable.
- bpo-46400: expat: Update libexpat from 2.4.1 to 2.4.4
- bpo-46487: Add the get_write_buffer_limits method to
asyncio.transports.WriteTransport and to the SSL transport.
- bpo-45173: Note the configparser deprecations will be removed
in Python 3.12.
- bpo-46539: In typing.get_type_hints(), support evaluating
stringified ClassVar and Final annotations inside Annotated.
Patch by Gregory Beauregard.
- bpo-46491: Allow typing.Annotated to wrap typing.Final and
typing.ClassVar. Patch by Gregory Beauregard.
- bpo-46436: Fix command-line option -d/--directory in module
http.server which is ignored when combined with command-line
option --cgi. Patch by Géry Ogam.
- bpo-41403: Make mock.patch() raise a TypeError with
a relevant error message on invalid arg. Previously it
allowed a cryptic AttributeError to escape.
- bpo-46474: In importlib.metadata.EntryPoint.pattern, avoid
potential REDoS by limiting ambiguity in consecutive
whitespace.
- bpo-46469: asyncio generic classes now return
types.GenericAlias in __class_getitem__ instead of the same
class.
- bpo-46434: pdb now gracefully handles help when __doc__ is
missing, for example when run with pregenerated optimized
.pyc files.
- bpo-46333: The __eq__() and __hash__() methods of
typing.ForwardRef now honor the module parameter of
typing.ForwardRef. Forward references from different modules
are now differentiated.
- bpo-46246: Add missing __slots__ to
importlib.metadata.DeprecatedList. Patch by Arie Bovenberg.
- bpo-46266: Improve day constants in calendar.
- Now all constants (MONDAY … SUNDAY) are documented, tested,
and added to __all__.
- bpo-46232: The ssl module now handles certificates with bit
strings in DN correctly.
- bpo-43118: Fix a bug in inspect.signature() that was causing
it to fail on some subclasses of classes with
a __text_signature__ referencing module globals. Patch by
Weipeng Hong.
- bpo-26552: Fixed case where failing asyncio.ensure_future()
did not close the coroutine. Patch by Kumar Aditya.
- bpo-21987: Fix an issue with tarfile.TarFile.getmember()
getting a directory name with a trailing slash.
- bpo-20392: Fix inconsistency with uppercase file extensions
in MimeTypes.guess_type(). Patch by Kumar Aditya.
- bpo-46080: Fix exception in argparse help text generation if
a argparse.BooleanOptionalAction argument’s default is
argparse.SUPPRESS and it has help specified. Patch by Felix
Fontein.
- bpo-44439: Fix .write() method of a member file in ZipFile,
when the input data is an object that supports the buffer
protocol, the file length may be wrong.
- bpo-45703: When a namespace package is imported before
another module from the same namespace is created/installed
in a different sys.path location while the program is
running, calling the importlib.invalidate_caches() function
will now also guarantee the new module is noticed.
- bpo-24959: Fix bug where unittest sometimes drops frames from
tracebacks of exceptions raised in tests.
- bpo-44791: Fix substitution of ParamSpec in Concatenate with
different parameter expressions. Substitution with a list of
types returns now a tuple of types. Substitution with
Concatenate returns now a Concatenate with concatenated lists
of arguments.
- bpo-14156: argparse.FileType now supports an argument of ‘-’
in binary mode, returning the .buffer attribute of
sys.stdin/sys.stdout as appropriate. Modes including ‘x’ and
‘a’ are treated equivalently to ‘w’ when argument is ‘-’.
Patch contributed by Josh Rosenberg
- bpo-46463: Fixes escape4chm.py script used when building the
CHM documentation file
- bpo-46913: Fix test_faulthandler.test_sigfpe() if Python is
built with undefined behavior sanitizer (UBSAN): disable
UBSAN on the faulthandler_sigfpe() function. Patch by Victor
Stinner.
- bpo-46708: Prevent default asyncio event loop policy
modification warning after test_asyncio execution.
- bpo-46678: The function make_legacy_pyc in
Lib/test/support/import_helper.py no longer fails when
PYTHONPYCACHEPREFIX is set to a directory on a different
device from where tempfiles are stored.
- bpo-46616: Ensures test_importlib.test_windows cleans up
registry keys after completion.
- bpo-44359: test_ftplib now silently ignores socket errors to
prevent logging unhandled threading exceptions. Patch by
Victor Stinner.
- bpo-46542: Fix a Python crash in test_lib2to3 when using
Python built in debug mode: limit the recursion limit. Patch
by Victor Stinner.
- bpo-46576: test_peg_generator now disables compiler
optimization when testing compilation of its own C extensions
to significantly speed up the testing on non-debug builds of
CPython.
- bpo-46542: Fix test_json tests checking for RecursionError:
modify these tests to use support.infinite_recursion(). Patch
by Victor Stinner.
- bpo-13886: Skip test_builtin PTY tests on non-ASCII
characters if the readline module is loaded. The readline
module changes input() behavior, but test_builtin is not
intented to test the readline module. Patch by Victor
Stinner.
- bpo-38472: Fix GCC detection in setup.py when
cross-compiling. The C compiler is now run with LC_ALL=C.
Previously, the detection failed with a German locale.
- bpo-46513: configure no longer uses AC_C_CHAR_UNSIGNED macro
and pyconfig.h no longer defines reserved symbol
__CHAR_UNSIGNED__.
- bpo-45296: Clarify close, quit, and exit in IDLE. In the File
menu, ‘Close’ and ‘Exit’ are now ‘Close Window’ (the current
one) and ‘Exit’ is now ‘Exit IDLE’ (by closing all windows).
In Shell, ‘quit()’ and ‘exit()’ mean ‘close Shell’. If there
are no other windows, this also exits IDLE.
- bpo-45447: Apply IDLE syntax highlighting to pyi files. Patch
by Alex Waygood and Terry Jan Reedy.
- bpo-46433: The internal function _PyType_GetModuleByDef now
correctly handles inheritance patterns involving static
types.
- bpo-14916: Fixed bug in the tokenizer that prevented
PyRun_InteractiveOne from parsing from the provided FD.
++++ python310:
- Update to 3.10.4:
- bpo-46968: Check for the existence of the “sys/auxv.h†header
in faulthandler to avoid compilation problems in systems
where this header doesn’t exist. Patch by Pablo Galindo
- bpo-23691: Protect the re.finditer() iterator from
re-entering.
- bpo-42369: Fix thread safety of zipfile._SharedFile.tell() to
avoid a “zipfile.BadZipFile: Bad CRC-32 for file†exception
when reading a ZipFile from multiple threads.
- bpo-38256: Fix binascii.crc32() when it is compiled to use
zlib’c crc32 to work properly on inputs 4+GiB in length
instead of returning the wrong result. The workaround prior
to this was to always feed the function data in increments
smaller than 4GiB or to just call the zlib module function.
- bpo-39394: A warning about inline flags not at the start of
the regular expression now contains the position of the flag.
- bpo-47061: Deprecate the various modules listed by PEP 594:
- aifc, asynchat, asyncore, audioop, cgi, cgitb, chunk, crypt,
imghdr, msilib, nntplib, nis, ossaudiodev, pipes, smtpd,
sndhdr, spwd, sunau, telnetlib, uu, xdrlib
- bpo-2604: Fix bug where doctests using globals would fail
when run multiple times.
- bpo-45997: Fix asyncio.Semaphore re-aquiring FIFO order.
- bpo-47022: The asynchat, asyncore and smtpd modules have been
deprecated since at least Python 3.6. Their documentation and
deprecation warnings and have now been updated to note they
will removed in Python 3.12 (PEP 594).
- bpo-46421: Fix a unittest issue where if the command was
invoked as python -m unittest and the filename(s) began with
a dot (.), a ValueError is returned.
- bpo-40296: Fix supporting generic aliases in pydoc.
- Update to 3.10.3:
- bpo-46940: Avoid overriding AttributeError metadata
information for nested attribute access calls. Patch by Pablo
Galindo.
- bpo-46852: Rename the private undocumented
float.__set_format__() method to float.__setformat__() to fix
a typo introduced in Python 3.7. The method is only used by
test_float. Patch by Victor Stinner.
- bpo-46794: Bump up the libexpat version into 2.4.6
- bpo-46820: Fix parsing a numeric literal immediately (without
spaces) followed by “not in†keywords, like in 1not in x. Now
the parser only emits a warning, not a syntax error.
- bpo-46762: Fix an assert failure in debug builds when a ‘<’,
‘>’, or ‘=’ is the last character in an f-string that’s
missing a closing right brace.
- bpo-46724: Make sure that all backwards jumps use the
JUMP_ABSOLUTE instruction, rather than JUMP_FORWARD with an
argument of (2**32)+offset.
- bpo-46732: Correct the docstring for the __bool__() method.
Patch by Jelle Zijlstra.
- bpo-46707: Avoid potential exponential backtracking when
producing some syntax errors involving lots of brackets.
Patch by Pablo Galindo.
- bpo-40479: Add a missing call to va_end() in
Modules/_hashopenssl.c.
- bpo-46615: When iterating over sets internally in
setobject.c, acquire strong references to the resulting items
from the set. This prevents crashes in corner-cases of
various set operations where the set gets mutated.
- bpo-45773: Remove two invalid “peephole†optimizations from
the bytecode compiler.
- bpo-43721: Fix docstrings of getter, setter, and deleter to
clarify that they create a new copy of the property.
- bpo-46503: Fix an assert when parsing some invalid N escape
sequences in f-strings.
- bpo-46417: Fix a race condition on setting a type __bases__
attribute: the internal function add_subclass() now gets the
PyTypeObject.tp_subclasses member after calling
PyWeakref_NewRef() which can trigger a garbage collection
which can indirectly modify PyTypeObject.tp_subclasses. Patch
by Victor Stinner.
- bpo-46383: Fix invalid signature of _zoneinfo’s module_free
function to resolve a crash on wasm32-emscripten platform.
- bpo-46070: Py_EndInterpreter() now explicitly untracks all
objects currently tracked by the GC. Previously, if an object
was used later by another interpreter, calling
PyObject_GC_UnTrack() on the object crashed if the previous
or the next object of the PyGC_Head structure became
a dangling pointer. Patch by Victor Stinner.
- bpo-46339: Fix a crash in the parser when retrieving the
error text for multi-line f-strings expressions that do not
start in the first line of the string. Patch by Pablo Galindo
- bpo-46240: Correct the error message for unclosed parentheses
when the tokenizer doesn’t reach the end of the source when
the error is reported. Patch by Pablo Galindo
- bpo-46091: Correctly calculate indentation levels for lines
with whitespace character that are ended by line continuation
characters. Patch by Pablo Galindo
- bpo-43253: Fix a crash when closing transports where the
underlying socket handle is already invalid on the Proactor
event loop.
- bpo-47004: Apply bugfixes from importlib_metadata 4.11.3,
including bugfix for EntryPoint.extras, which was returning
match objects and not the extras strings.
- bpo-46985: Upgrade pip wheel bundled with ensurepip (pip
22.0.4)
- bpo-46968: faulthandler: On Linux 5.14 and newer, dynamically
determine size of signal handler stack size CPython allocates
using getauxval(AT_MINSIGSTKSZ). This changes allows for
Python extension’s request to Linux kernel to use AMX_TILE
instruction set on Sapphire Rapids Xeon processor to succeed,
unblocking use of the ISA in frameworks.
- bpo-46955: Expose asyncio.base_events.Server as
asyncio.Server. Patch by Stefan Zabka.
- bpo-23325: The signal module no longer assumes that SIG_IGN
and SIG_DFL are small int singletons.
- bpo-46932: Update bundled libexpat to 2.4.7
- bpo-25707: Fixed a file leak in
xml.etree.ElementTree.iterparse() when the iterator is not
exhausted. Patch by Jacob Walls.
- bpo-44886: Inherit asyncio proactor datagram transport from
asyncio.DatagramTransport.
- bpo-46827: Support UDP sockets in asyncio.loop.sock_connect()
for selector-based event loops. Patch by Thomas Grainger.
- bpo-46811: Make test suite support Expat >=2.4.5
- bpo-46252: Raise TypeError if ssl.SSLSocket is passed to
transport-based APIs.
- bpo-46784: Fix libexpat symbols collisions with user
dynamically loaded or statically linked libexpat in embedded
Python.
- bpo-39327: shutil.rmtree() can now work with VirtualBox
shared folders when running from the guest operating-system.
- bpo-46756: Fix a bug in
urllib.request.HTTPPasswordMgr.find_user_password() and
urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated()
which allowed to bypass authorization. For example, access to
URI example.org/foobar was allowed if the user was authorized
for URI example.org/foo.
- bpo-46643: In typing.get_type_hints(), support evaluating
stringified ParamSpecArgs and ParamSpecKwargs annotations.
Patch by Gregory Beauregard.
- bpo-45863: When the tarfile module creates a pax format
archive, it will put an integer representation of timestamps
in the ustar header (if possible) for the benefit of older
unarchivers, in addition to the existing full-precision
timestamps in the pax extended header.
- bpo-46676: Make typing.ParamSpec args and kwargs equal to
themselves. Patch by Gregory Beauregard.
- bpo-46672: Fix NameError in asyncio.gather() when initial
type check fails.
- bpo-46655: In typing.get_type_hints(), support evaluating
bare stringified TypeAlias annotations. Patch by Gregory
Beauregard.
- bpo-45948: Fixed a discrepancy in the C implementation of the
xml.etree.ElementTree module. Now, instantiating an
xml.etree.ElementTree.XMLParser with a target=None keyword
provides a default xml.etree.ElementTree.TreeBuilder target
as the Python implementation does.
- bpo-46521: Fix a bug in the codeop module that was
incorrectly identifying invalid code involving string quotes
as valid code.
- bpo-46581: Brings ParamSpec propagation for GenericAlias in
line with Concatenate (and others).
- bpo-46591: Make the IDLE doc URL on the About IDLE dialog
clickable.
- bpo-46400: expat: Update libexpat from 2.4.1 to 2.4.4
- bpo-46487: Add the get_write_buffer_limits method to
asyncio.transports.WriteTransport and to the SSL transport.
- bpo-45173: Note the configparser deprecations will be removed
in Python 3.12.
- bpo-46539: In typing.get_type_hints(), support evaluating
stringified ClassVar and Final annotations inside Annotated.
Patch by Gregory Beauregard.
- bpo-46491: Allow typing.Annotated to wrap typing.Final and
typing.ClassVar. Patch by Gregory Beauregard.
- bpo-46436: Fix command-line option -d/--directory in module
http.server which is ignored when combined with command-line
option --cgi. Patch by Géry Ogam.
- bpo-41403: Make mock.patch() raise a TypeError with
a relevant error message on invalid arg. Previously it
allowed a cryptic AttributeError to escape.
- bpo-46474: In importlib.metadata.EntryPoint.pattern, avoid
potential REDoS by limiting ambiguity in consecutive
whitespace.
- bpo-46469: asyncio generic classes now return
types.GenericAlias in __class_getitem__ instead of the same
class.
- bpo-46434: pdb now gracefully handles help when __doc__ is
missing, for example when run with pregenerated optimized
.pyc files.
- bpo-46333: The __eq__() and __hash__() methods of
typing.ForwardRef now honor the module parameter of
typing.ForwardRef. Forward references from different modules
are now differentiated.
- bpo-46246: Add missing __slots__ to
importlib.metadata.DeprecatedList. Patch by Arie Bovenberg.
- bpo-46266: Improve day constants in calendar.
- Now all constants (MONDAY … SUNDAY) are documented, tested,
and added to __all__.
- bpo-46232: The ssl module now handles certificates with bit
strings in DN correctly.
- bpo-43118: Fix a bug in inspect.signature() that was causing
it to fail on some subclasses of classes with
a __text_signature__ referencing module globals. Patch by
Weipeng Hong.
- bpo-26552: Fixed case where failing asyncio.ensure_future()
did not close the coroutine. Patch by Kumar Aditya.
- bpo-21987: Fix an issue with tarfile.TarFile.getmember()
getting a directory name with a trailing slash.
- bpo-20392: Fix inconsistency with uppercase file extensions
in MimeTypes.guess_type(). Patch by Kumar Aditya.
- bpo-46080: Fix exception in argparse help text generation if
a argparse.BooleanOptionalAction argument’s default is
argparse.SUPPRESS and it has help specified. Patch by Felix
Fontein.
- bpo-44439: Fix .write() method of a member file in ZipFile,
when the input data is an object that supports the buffer
protocol, the file length may be wrong.
- bpo-45703: When a namespace package is imported before
another module from the same namespace is created/installed
in a different sys.path location while the program is
running, calling the importlib.invalidate_caches() function
will now also guarantee the new module is noticed.
- bpo-24959: Fix bug where unittest sometimes drops frames from
tracebacks of exceptions raised in tests.
- bpo-44791: Fix substitution of ParamSpec in Concatenate with
different parameter expressions. Substitution with a list of
types returns now a tuple of types. Substitution with
Concatenate returns now a Concatenate with concatenated lists
of arguments.
- bpo-14156: argparse.FileType now supports an argument of ‘-’
in binary mode, returning the .buffer attribute of
sys.stdin/sys.stdout as appropriate. Modes including ‘x’ and
‘a’ are treated equivalently to ‘w’ when argument is ‘-’.
Patch contributed by Josh Rosenberg
- bpo-46463: Fixes escape4chm.py script used when building the
CHM documentation file
- bpo-46913: Fix test_faulthandler.test_sigfpe() if Python is
built with undefined behavior sanitizer (UBSAN): disable
UBSAN on the faulthandler_sigfpe() function. Patch by Victor
Stinner.
- bpo-46708: Prevent default asyncio event loop policy
modification warning after test_asyncio execution.
- bpo-46678: The function make_legacy_pyc in
Lib/test/support/import_helper.py no longer fails when
PYTHONPYCACHEPREFIX is set to a directory on a different
device from where tempfiles are stored.
- bpo-46616: Ensures test_importlib.test_windows cleans up
registry keys after completion.
- bpo-44359: test_ftplib now silently ignores socket errors to
prevent logging unhandled threading exceptions. Patch by
Victor Stinner.
- bpo-46542: Fix a Python crash in test_lib2to3 when using
Python built in debug mode: limit the recursion limit. Patch
by Victor Stinner.
- bpo-46576: test_peg_generator now disables compiler
optimization when testing compilation of its own C extensions
to significantly speed up the testing on non-debug builds of
CPython.
- bpo-46542: Fix test_json tests checking for RecursionError:
modify these tests to use support.infinite_recursion(). Patch
by Victor Stinner.
- bpo-13886: Skip test_builtin PTY tests on non-ASCII
characters if the readline module is loaded. The readline
module changes input() behavior, but test_builtin is not
intented to test the readline module. Patch by Victor
Stinner.
- bpo-38472: Fix GCC detection in setup.py when
cross-compiling. The C compiler is now run with LC_ALL=C.
Previously, the detection failed with a German locale.
- bpo-46513: configure no longer uses AC_C_CHAR_UNSIGNED macro
and pyconfig.h no longer defines reserved symbol
__CHAR_UNSIGNED__.
- bpo-45296: Clarify close, quit, and exit in IDLE. In the File
menu, ‘Close’ and ‘Exit’ are now ‘Close Window’ (the current
one) and ‘Exit’ is now ‘Exit IDLE’ (by closing all windows).
In Shell, ‘quit()’ and ‘exit()’ mean ‘close Shell’. If there
are no other windows, this also exits IDLE.
- bpo-45447: Apply IDLE syntax highlighting to pyi files. Patch
by Alex Waygood and Terry Jan Reedy.
- bpo-46433: The internal function _PyType_GetModuleByDef now
correctly handles inheritance patterns involving static
types.
- bpo-14916: Fixed bug in the tokenizer that prevented
PyRun_InteractiveOne from parsing from the provided FD.
++++ python-cryptography:
- update to 36.0.2:
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 1.1.1n.
++++ ovmf:
- Add GCC 12 workaround (ovmf-ignore-spurious-GCC-12-warning.patch)
that handles: https://bugzilla.tianocore.org/show_bug.cgi?id=3816
The same patch is already included in qemu package.
------------------------------------------------------------------
------------------ 2022-3-25 - Mar 25 2022 -------------------
------------------------------------------------------------------
++++ audit-secondary:
- Fix unhandled ECONNREFUSED with LDAP environments (bsc#1196645)
* add libaudit-fix-unhandled-ECONNREFUSED-from-getpwnam-25.patch
- Fix hang in audisp-remote with disk_low_action=suspend (bsc#1196517)
* add audisp-remote-fix-hang-with-disk_low_action-suspend-.patch
++++ glib2:
- desktop-file-utils: add Budgie desktop environment
++++ grub2:
- Fix wrong order in kernel sorting of listing rc before final release
(bsc#1197376)
* grub2-use-rpmsort-for-version-sorting.patch
++++ kernel-default:
- series.conf: cleanup
- update mainline references and move into sorted section:
- patches.suse/Bluetooth-btusb-Add-missing-Chicony-device-for-Realt.patch
- patches.suse/bpf-add-config-to-allow-loading-modules-with-BTF-mis.patch
- commit 62d2682
- Revert "Input: clear BTN_RIGHT/MIDDLE on buttonpads"
(bsc#1197243).
- commit 7257225
- Drop HID multitouch fix patch (bsc#1197243)
Delete patches.suse/HID-multitouch-fix-Dell-Precision-7550-and-7750-butt.patch.
Replaced with another revert patch.
- commit 01821ca
++++ colord:
- Update to version 1.4.6:
+ Add missing copyright notices.
+ Add Spyder X entry.
+ Document where to send patches.
+ Don't use exact floating point comparisons.
+ Drop option for removed reverse engineering tools.
+ Drop references to hughski.com.
+ Fix a small memory leak in sqlite3_exec().
+ Fix typo in device-removed signal documentation.
+ Make introspection optional in meson.
- Drop -Dreverse=false meson parameter: no longer supported.
- Fix a few rpmlint warnings:
+ Do not self-obsolete shared-color-profiles by providing the
symbol with a version.
+ Call +%tmpfiles_create %{_tmpfilesdir}/colord.conf in %post.
+ Package /usr/share/bash-completion/completions/colormgr with
mode 644: the files are not executed, but sourced.
+ Own %{_localstatedir}/lib/colord/icc (ghost): this directory is
generated by %tmpfiles_create.
++++ mozilla-nss:
- Add nss-util pkgconfig and config files (copied from RH/Fedora)
++++ zlib:
- Fix memory corruption on deflate, bsc#1197459
* bsc1197459.patch - CVE-2018-25032
- Update 410.patch
* Remove included patches:
bsc1174551-fxi-imcomplete-raw-streams.patch
zlib-compression-switching.patch
zlib-s390x-z15-fix-hw-compression.patch
- Refresh bsc1174736-DFLTCC_LEVEL_MASK-set-to-0x1ff.patch
++++ libzypp:
- ZConfig: Update solver settings if target changes (bsc#1196368)
- version 17.30.0 (22)
++++ python-setuptools:
- Refresh remove_mock.patch to add a missing file to it.
++++ qemu:
- Kill downstream patches around bifmt handling that makes
cumbersome to run multi-arch containers, and switch to the
upstream behavior, which is well documented and valid on
all other distros. This is possible thanks to Linux kernel
commit 2347961b11d4 and QEMU commit 6e1c0d7b951e19c53 (so
it can only work on Leap/SLE 15.4 and higher). (bsc#1197298)
* Patches dropped:
qemu-binfmt-conf.sh-allow-overriding-SUS.patch
qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch
- Fix update_git.sh wiping all the package file of the local
checkout while cloning the git repository on demand (in case they
don't exist and the user as to do so).
------------------------------------------------------------------
------------------ 2022-3-24 - Mar 24 2022 -------------------
------------------------------------------------------------------
++++ aaa_base:
- Update to version 84.87+git20220324.fca4619:
* No completion in restricted bash
* No longer install /usr/lib/restricted/bin/hostname => /bin/hostname symlink
++++ apparmor:
- Add update-samba-bgqd.diff to add new rule to fix 'DENIED' open on
/proc/{pid}/fd for samba-bgqd (bnc#1196850).
- Add update-usr-sbin-smbd.diff to add new rule to allow reading of
openssl.cnf (bnc#1195463).
++++ bash:
- Do use old legacy PreReq to get bash installed before bash-sh
but do not require bash-sh by bash (bsc#1197448)
++++ gtk3:
- Update to version 3.24.33+12:
+ icons: add legacy icons (boo#1197480).
+ Updated translations.
++++ libapparmor:
- Add update-samba-bgqd.diff to add new rule to fix 'DENIED' open on
/proc/{pid}/fd for samba-bgqd (bnc#1196850).
- Add update-usr-sbin-smbd.diff to add new rule to allow reading of
openssl.cnf (bnc#1195463).
++++ augeas:
- add sysctl_parsing.patch (bsc#1197443)
++++ python310-core:
- (bsc#1196784, CVE-2022-25236) Rename patch:
support-expat-245.patch to support-expat-CVE-2022-25236-patched.patch
and update the patch to detect expat >= 2.4.4 instead of >= 2.4.5
as it was fully patched against CVE-2022-25236.
++++ ceph:
- Update to 16.2.7-650-gd083eaa3886
+ (pr#469) cephadm: update image paths to registry.suse.com
+ (pr#468) cephadm: use snmp-notifier image from registry.suse.de
+ (pr#467) cephadm: infer the default container image during pull
+ (pr#465) mgr/cephadm: try to get FQDN for inventory address
+ Sync _constaints file for IBS and OBS
++++ openSUSE-build-key:
- gpg-pubkey-307e3d54-5aaa90a5 is actually "package gpg-pubkey,
version-release 307e3d54-5aaa90a5"
++++ python310:
- (bsc#1196784, CVE-2022-25236) Rename patch:
support-expat-245.patch to support-expat-CVE-2022-25236-patched.patch
and update the patch to detect expat >= 2.4.4 instead of >= 2.4.5
as it was fully patched against CVE-2022-25236.
++++ qemu:
- Improve test reliability
* Patches added:
Fix-the-module-building-problem-for-s390.patch
tests-qemu-iotests-040-Skip-TestCommitWi.patch
tests-qemu-iotests-testrunner-Quote-case.patch
++++ sudo:
- update to 1.9.10:
* Added new log_passwords and passprompt_regex sudoers options. If
log_passwords is disabled, sudo will attempt to prevent passwords from being
logged. If sudo detects any of the regular expressions in the passprompt_regex
list in the terminal output, sudo will log ‘*’ characters instead of the
terminal input until a newline or carriage return is found in the input or an
output character is received.
* Added new log_passwords and passprompt_regex settings to sudo_logsrvd that
operate like the sudoers options when logging terminal input.
* Fixed several few bugs in the cvtsudoers utility when merging multiple sudoers
sources.
* Fixed a bug in sudo_logsrvd parsing the sudo_logsrvd.conf file, where the
retry_interval in the [relay] section was not being recognized.
* Restored the pre-1.9.9 behavior of not performing authentication when sudo’s -n
option is specified. A new noninteractive_auth sudoers option has been added to
enable PAM authentication in non-interactive mode. GitHub issue #131.
* On systems with /proc, if the /proc/self/stat (Linux) or /proc/pid/psinfo
(other systems) file is missing or invalid, sudo will now check file
descriptors 0-2 to determine the user’s terminal. Bug #1020.
* Fixed a compilation problem on Debian kFreeBSD. Bug #1021.
* Fixed a crash in sudo_logsrvd when running in relay mode if an alert message is
received.
* Fixed an issue that resulting in “problem with defaults entries†email to be
sent if a user ran sudo when the sudoers entry in the nsswitch.conf file
includes “sss†but no sudo provider is configured in /etc/sssd/sssd.conf.
* Updated the warning displayed when the invoking user is not allowed to run
sudo. If sudo has been configured to send mail on failed attempts (see the
mail_* flags in sudoers), it will now print “This incident has been reported to
the administrator.†If the mailto or mailerpath sudoers settings are disabled,
the message will not be printed and no mail will be sent.
* Fixed a bug where the user-specified command timeout was not being honored if
the sudoers rule did not also specify a timeout.
* Added support for using POSIX extended regular expressions in sudoers rules. A
command and/or arguments in sudoers are treated as a regular expression if they
start with a ‘^’ character and end with a ‘$’. The command and arguments are
matched separately, either one (or both) may be a regular expression.
* A user may now only run sudo -U otheruser -l if they have a “sudo ALLâ€
privilege where the RunAs user contains either root or otheruser. Previously,
having “sudo ALL†was sufficient, regardless of the RunAs user. GitHub issue
[#134].
* The sudo lecture is now displayed immediately before the password prompt. As a
result, sudo will no longer display the lecture unless the user needs to enter
a password. Authentication methods that don’t interact with the user via a
terminal do not trigger the lecture.
* Sudo now uses its own closefrom() emulation on Linux systems. The glibc version
may not work in a chroot jail where /proc is not available. If close_range(2)
is present, it will be used in preference to /proc/self/fd.
- drop sudo-1.9.9-honor-T_opt.patch , feature-upstream-restrict-sudo-U-other-l.patch
(upstream)
------------------------------------------------------------------
------------------ 2022-3-23 - Mar 23 2022 -------------------
------------------------------------------------------------------
++++ audit-secondary:
- add audit-userspace-517-compat.patch
++++ file:
- add file-5.41-cache-regexps-locale-restore.patch to restore
previous locale handling behavior
++++ gcc12:
- Bump to e8cd3edc0fc6c02a732dcecf519c22d835e5f422, git192197.
++++ harfbuzz:
- Update to version 4.1.0:
+ Various OSS-Fuzz fixes
+ Make fallback vertical-origin match FreeType’s
+ Treat visible viramas like dependent vowels in USE shaper
+ Apply presentation forms features and discretionary features in
one go in Indic shaper, which seems to match Uniscribe and
CoreText behaviour
+ Various bug fixes
++++ spice:
- Add patch to let spice build with gstreamer 1.20.x
(https://gitlab.freedesktop.org/spice/spice/-/merge_requests/207)
* fix-build-with-gstreamer-1.20.patch
++++ systemd:
- spec: cope with %{_modprobedir} being /lib/modprobe.d on SLE
++++ qemu:
- Fix virtiofs crashing with glibc >= 2.35, due to rseq syscall
(bsc#1196924)
* Patches added:
tools-virtiofsd-Add-rseq-syscall-to-the-.patch
------------------------------------------------------------------
------------------ 2022-3-22 - Mar 22 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- get rid of Mesa-libVulkan-devel(-32bit) package, which no longer
makes sense since Mesa 21.1.0
* https://gitlab.freedesktop.org/mesa/mesa/-/commit/5e6db1916860ec217eac60903e0a9d10189d1c53
++++ Mesa-drivers:
- get rid of Mesa-libVulkan-devel(-32bit) package, which no longer
makes sense since Mesa 21.1.0
* https://gitlab.freedesktop.org/mesa/mesa/-/commit/5e6db1916860ec217eac60903e0a9d10189d1c53
++++ NetworkManager:
- Update to version 1.36.4:
+ The internal DHCPv4 client now discards NAKs packets coming
from servers different from the one that sent the offer.
+ Fix activation of PPPoE connections with "pppoe.parent" unset.
+ Fix potential libnm crash when the client object initialization
gets canceled.
+ Other various fixes and improvements.
++++ container-selinux:
- Add udica templates to the package
++++ glib-networking:
- Update to version 2.72.0:
+ Fix proxy tests.
+ GnuTLS: use IANA-style ciphersuite names with GnuTLS 3.7.4.
+ meson devenv.
+ Updated translations.
++++ libgcrypt:
- FIPS: Implement a service indicator for asymmetric ciphers [bsc#1190700]
* Mark RSA public key encryption and private key decryption with
padding (e.g. OAEP, PKCS) as non-approved since RSA-OAEP lacks
peer key assurance validation requirements per SP800-56Brev2.
* Mark ECC as approved only for NIST curves P-224, P-256, P-384
and P-521 with check for common NIST names and aliases.
* Mark DSA, ELG, EDDSA, ECDSA and ECDH as non-approved.
* Add libgcrypt-FIPS-SLI-pk.patch
* Rebase libgcrypt-FIPS-service-indicators.patch
- Run the regression tests also in FIPS mode.
* Disable tests for non-FIPS approved algos.
* Rebase: libgcrypt-FIPS-verify-unsupported-KDF-test.patch
++++ qemu:
- Avoid warnings caused by a GCC 12 bug, see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98503
(bsc#1197018)
* Patches added:
hw-i386-amd_iommu-Fix-maybe-uninitialize.patch
Silence-GCC-12-spurious-warnings.patch
Ignore-spurious-GCC-12-warning.patch
------------------------------------------------------------------
------------------ 2022-3-21 - Mar 21 2022 -------------------
------------------------------------------------------------------
++++ aaa_base:
- Update to version 84.87+git20220321.f60f2de:
* order header in the way spec-cleaner wants it
* move changes from package to git
* merge audio files highlighting fixes from coreutils 9
* Update from coreutils 9
* Make source validator happy
- Update to version 84.87+git20220321.5a5cb79:
* DIR_COLORS: lz support
* DIR_COLORS: zstd support
++++ kernel-default:
- rpm/constraints.in: skip SLOW_DISK workers for kernel-source
- commit e84694f
- Revert "rpm/macros.kernel-source: avoid %if's and %define's"
This reverts commit d0cec50d019c853336e26f5ff5df5a4c9c3ea120.
- commit b20736a
- macros.kernel-source: Fix conditional expansion.
Fixes: bb95fef3cf19 ("rpm: Use bash for %() expansion (jsc#SLE-18234).")
- commit 7e857f7
- rpm/macros.kernel-source: avoid %if's and %define's
It's not supported in rpm macros scripts. So for now, resolve
%kernel_build_shell_package to bash-sh in stable branch unconditionally.
When this is fixed in the packaging branch, revert this.
- commit d0cec50
- Refresh
patches.suse/Bluetooth-btusb-Add-missing-Chicony-device-for-Realt.patch.
Update upstream status.
- commit 36a1351
++++ ncurses:
- Make extended status line support of xterm a switch (boo#1197313)
- Add ncurses patch 20220319
+ add xgterm -TD
+ correct setal in mintty/tmux entries, add to vte-2018 (report by
Robert Lange)
+ add blink to vte-2018 (report by Robert Lange)
+ improve tic warning about XT versus redundant tsl, etc.
++++ nfs-utils:
- drop reenable-nfsv2.patch (poo#106679)
++++ snapper:
- transfer filelist by pipe instead of DBus message to avoid
exceeding allowed DBus message size
- version 0.10.0
++++ libsolv:
- reworked choice rule generation to cover more usecases
- support SOLVABLE_PREREQ_IGNOREINST in the ordering code
[bsc#1196514]
- support parsing of Debian's Multi-Arch indicator
- bump version to 0.7.22
++++ libzypp:
- Fix possible hang in singletrans mode (bsc#1197134)
- Do 2 retries if mount is still busy.
- version 17.29.7 (22)
++++ makedumpfile:
- makedumpfile-sadump-kaslr-fix-kaslr_offset-calculation.patch:
sadump, kaslr: fix failure of calculating kaslr_offset
(bsc#1196736).
++++ vim:
- Updated to version 8.2.4602, fixes the following problems
- CVE-2022-0943 - boo#1197225
* Vim9: "break" inside try/catch not handled correctly.
* Coverity warning for refactored tag search code.
* Coverity warnings for not using returned value.
* Duplicate #undef.
* The neXTaw GUI is old and does not work well.
* Script-local function is deleted when used in a funcref.
* Cannot build with Motif and editres. (Tony Mechelynck)
* When mapping <Esc> terminal codes are not recognized.
* In a :def function "put = expr" does not work.
* Linear tag search is a bit slow.
* Vim9: using null values not sufficiently tested.
* getmousepos() returns the wrong column. (Ernie Rael)
* Test fails without the +job or +channel feature. (Dominique Pellé)
* Confusing comment about 'cursorlineopt'.
* getmousepos() returns the screen column. (Ernie Rael)
* Suspending with CTRL-Z does not work on DragonFlyBSD.
* Build failure with some combination of features. (John Marriott)
* Linear tag search is not optimal.
* "z=" in Visual mode may go beyond the end of the line.
* Running test leaves file behind. (Dominique Pellé)
* No command line completion for :breakadd and :breakdel.
* Check for existing buffer in session file does not work for files in
the home directory.
* Bracketed paste doesn't work well in Visual linewise mode.
* getmousepos() does not compute the column below the last line.
* Coverity warning for not using a return value.
* No command line completion for :profile and :profdel.
* Not all gdb files are recognized.
* Vim9: return type "any" is sometimes changed to first returned type.
(Virginia Senioria)
* A nested function (closure) is compiled for debugging without context.
* Vim9: test for profiling fails.
* Vim9: error for comparing with null can be annoying.
* Message test is flaky. (Elimar Riesebieter)
* No warning when an autoload script for completion function has an error.
* Cannot use page-up and page-down in the command line completion popup menu.
* Vim9: incorrect error for shadowing variable.
* Null types not fully tested.
* Useless code handling a type declaration.
* Screendump test fails.
* Error for using autoload function in custom completion.
* Cannot use keypad page-up/down for completion menu.
* Vim9: no error for using lower case name for "func" argument. (Ernie Rael)
* Vim9: double free after unpacking a list.
* Mapping with key code after other matching mapping does not work.
* Cannot index the g: dictionary.
* Vim9: range type check has wrong offset.
* Cursor line not updated when a callback moves the cursor.
* Search continues after giving E1204.
* Unnecessary call to redraw_later().
* Need to write script to a file to be able to source them.
* X11: using --remote-wait may keep the CPU busy.
* Installing tutor binary may fail.
* LuaV_debug() not covered by tests.
* Profile completion test sometimes fails.
* GTK: get assertion errors when scrolling a split window.
* Vim9: not enough test coverage for executing :def function.
------------------------------------------------------------------
------------------ 2022-3-20 - Mar 20 2022 -------------------
------------------------------------------------------------------
++++ gsettings-desktop-schemas:
- Update to version 42.0:
+ Updated translations.
++++ kernel-default:
- Update to 5.17 final
- refresh configs (headers only)
- commit be2cbd1
++++ libjpeg-turbo:
- update to 2.1.3:
* Fixed a regression introduced by 2.0 beta1[7] whereby cjpeg compressed PGM
input files into full-color JPEG images unless the `-grayscale` option was
used.
* cjpeg now automatically compresses GIF and 8-bit BMP input files into
grayscale JPEG images if the input files contain only shades of gray.
* The build system now enables the intrinsics implementation of the AArch64
(Arm 64-bit) Neon SIMD extensions by default when using GCC 12 or later.
* Fixed a segfault that occurred while decompressing a 4:2:0 JPEG image using
the merged (non-fancy) upsampling algorithms (that is, with
`cinfo.do_fancy_upsampling` set to `FALSE`) along with `jpeg_crop_scanline()`.
Specifically, the segfault occurred if the number of bytes remaining in the
output buffer was less than the number of bytes required to represent one
uncropped scanline of the output image. For that reason, the issue could only
be reproduced using the libjpeg API, not using djpeg.
++++ nghttp2:
- update to 1.47.0:
* see https://nghttp2.org/blog/2022/02/23/nghttp2-v1-47-0/
++++ libvirt-dbus:
- Avoid self cycle due to user
------------------------------------------------------------------
------------------ 2022-3-19 - Mar 19 2022 -------------------
------------------------------------------------------------------
++++ file:
- add file-5.41-cache-regexps.patch to cache regexp lookups
++++ kernel-default:
- rpm: Use bash for %() expansion (jsc#SLE-18234).
Since 15.4 alternatives for /bin/sh are provided by packages
<something>-sh. While the interpreter for the build script can be
selected the interpreter for %() cannot.
The kernel spec files use bashisms in %().
While this could technically be fixed there is more serious underlying
problem: neither bash nor any of the alternatives are 100% POSIX
compliant nor bug-free.
It is not my intent to maintain bug compatibility with any number of
shells for shell scripts embedded in the kernel spec file. The spec file
syntax is not documented so embedding the shell script in it causes some
unspecified transformation to be applied to it. That means that
ultimately any changes must be tested by building the kernel, n times if
n shells are supported.
To reduce maintenance effort require that bash is used for kernel build
always.
- commit bb95fef
- Linux 5.16.16 (bsc#1012628).
- ice: Fix race condition during interface enslave (bsc#1012628).
- kselftest/vm: fix tests build with old libc (bsc#1012628).
- bnx2: Fix an error message (bsc#1012628).
- sfc: extend the locking on mcdi->seqno (bsc#1012628).
- tcp: make tcp_read_sock() more robust (bsc#1012628).
- nl80211: Update bss channel on channel switch for P2P_CLIENT
(bsc#1012628).
- drm/vrr: Set VRR capable prop only if it is attached to
connector (bsc#1012628).
- iwlwifi: don't advertise TWT support (bsc#1012628).
- Input: goodix - workaround Cherry Trail devices with a bogus
ACPI Interrupt() resource (bsc#1012628).
- Input: goodix - use the new soc_intel_is_byt() helper
(bsc#1012628).
- netfilter: egress: silence egress hook lockdep splats
(bsc#1012628).
- atm: firestream: check the return value of ioremap() in
fs_init() (bsc#1012628).
- can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN
device when fully ready (bsc#1012628).
- Bluetooth: hci_core: Fix leaking sent_cmd skb (bsc#1012628).
- ARM: 9178/1: fix unmet dependency on BITREVERSE for
HAVE_ARCH_BITREVERSE (bsc#1012628).
- MIPS: smp: fill in sibling and core maps earlier (bsc#1012628).
- mac80211: refuse aggregations sessions before authorized
(bsc#1012628).
- ARM: dts: rockchip: fix a typo on rk3288 crypto-controller
(bsc#1012628).
- ARM: dts: rockchip: reorder rk322x hmdi clocks (bsc#1012628).
- arm64: dts: agilex: use the compatible
"intel,socfpga-agilex-hsotg" (bsc#1012628).
- arm64: dts: rockchip: reorder rk3399 hdmi clocks (bsc#1012628).
- arm64: dts: rockchip: align pl330 node name with dtschema
(bsc#1012628).
- arm64: dts: rockchip: fix rk3399-puma eMMC HS400 signal
integrity (bsc#1012628).
- xfrm: Fix xfrm migrate issues when address family changes
(bsc#1012628).
- xfrm: Check if_id in xfrm_migrate (bsc#1012628).
- arm64: dts: rockchip: fix rk3399-puma-haikou USB OTG mode
(bsc#1012628).
- arm64: dts: rockchip: fix dma-controller node names on rk356x
(bsc#1012628).
- Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0"
(bsc#1012628).
- commit d9656de
- HID: multitouch: fix Dell Precision 7550 and 7750 button type
(bsc#1197243).
- commit 5500e44
++++ openssl-3:
- Enable zlib compression support [bsc#1195149]
++++ pango:
- Update to version 1.50.6:
+ Drop hb-glib dependency.
+ Fix test font configuration.
+ Maintain order in pango_attr_list_change.
+ Fix a use-after-free in pango_attr_list_change.
------------------------------------------------------------------
------------------ 2022-3-18 - Mar 18 2022 -------------------
------------------------------------------------------------------
++++ bcm43xx-firmware:
- Add required firmware file for Bluetooth module found on RPi Zero 2W (bsc#1197286)
++++ cockpit:
- re-add suse-microos-branding.patch from GitHub
- add hide-docs.patch (bsc#1197003)
++++ container-selinux:
- Update to version 2.180.0
* Allow container domains to read/write kvm_device_t
* Update kublet mappings to inlcude /usr/local/*
* Allow container domains to use container runtime tcp and udp sockets
* Alow containers to use unix_stream_sockets leaked from container runtimes
* Allow userdomains to execute conmon_exec_t and use it as an entrypoint
* Allow conmon_exec_t as an entrypoint
* Add container_use_devices boolean to allow containers to use any device
* Add explicit range transition for conmon
* Add missing dbus class declaration into container_runtime_run()
* Remove lockdown allow rules
* Remove k3s fcontexts
* Allow container domains to be used by user roles
- Changed source url to allow for download via source service
++++ librsvg:
- Update to version 2.54.0:
+ Librsvg now supports SVG2 geometry properties for these
elements: rect, circle, ellipse, image, svg.
+ Catch circular references when rendering patterns.
+ The C API documentation now uses gi-docgen instead of gtk-doc.
Rsvg-convert's man page is now converted to reStructuredText
instead of troff.
+ The "Recommendations for applications" chapter in the
documentation is much improved.
- Update to version 2.53.2:
+ Output filled text as text for PDF; fixes regression due to
outputting all text as paths.
+ Fix taller-than-wide proportional scaling and size limiting in
rsvg-convert.
+ Implement SVG2 geometry properties for these elements: rect,
circle, ellipse, image, svg.
+ Fix potential unaligned accesses in surface iterators.
+ Actually use GDK_PIXBUF_MODULEDIR when calling
gdk-pixbuf-query-loaders.
+ Add links to functions and types throughout the C API
documentation.
- Switch to gitcheckout of released tag.
- Switch to rust-packaging:
+ Add rust-packaging and libtool BuildRequires.
+ Drop cargo and rust BuildRequires.
+ Pass NOCONFIGURE=1 ./autogen.sh, bootstrap build.
+ Add rust config to _service
+ Add vendor.tar.xz and cargo_config as sources + macro.
- Enable testsuite again for x86_64, as it now passes.
- Update to version 2.53.1:
+ Fix incorrect text rendering when text has different scales
in the X/Y axes. This regressed after librsvg 2.52.5, when
Pango had to revert its fix for the same bug. Now librsvg
renders all text as paths, and does the scaling itself. Please
file a bug if you have evidence that this presents a
performance problem for you.
+ Update to the latest gtk-rs release.
- Update to version 2.53.0:
+ This is the first release in the new development series. There
are no new features, just changes to how the documentation is
built.
+ The man page for rsvg-convert is now generated from a
reStructuredText document, and the C API reference is generated
using gi-docgen.
+ Please make sure you install python3-docutils (for rst2man) and
gi-docgen before compiling librsvg from a tarball.
- Add python3-docutils and pkgconfig(gi-docgen) BuildRequires
following upstream changes.
- Update to version 2.52.8:
+ Catch circular references when rendering patterns
(glgo#GNOME/librsvg#721).
++++ gdk-pixbuf:
- Update to version 2.42.8 (boo#1201826):
+ Clear the pixbuf's memory buffer to avoid returning
uninitialized memory.
+ Turn GdkPixbufModule functions into typed callbacks.
+ tiff: Use non-deprecated C99 integer types.
+ gif: Check for overflow when compositing or clearing frames.
+ Change png/jpeg/tiff build options from boolean to feature.
+ jpeg: Do not rely on UB around setjmp/longjmp.
+ Build fixes.
+ Documentation fixes.
+ Security fixes: CVE-2021-46829.
+ Updated translations.
- Stop passing options to meson that just follow upstream default,
just rely on upstream providing sane defaults, apart from where
we want to deviate.
++++ gobject-introspection:
- Update to version 1.72.0:
+ Add new utility API to libgirepository for bindings
implementing an argument cache.
+ Update the GIR data for GLib, GObject, GModule, and GIO.
++++ glib2:
- Update to version 2.72.0:
+ Bugs fixed: glgo#GNOME/GLib#2620, glgo#GNOME/GLib!2538,
glgo#GNOME/GLib!2542, glgo#GNOME/GLib!2547,
glgo#GNOME/GLib!2548, glgo#GNOME/GLib!2551,
glgo#GNOME/GLib!2552.
+ Updated translations.
++++ gnutls:
- FIPS: Additional PBKDF2 requirements for KAT [bsc#1184669]
* The IG 10.3.A and SP800-132 require some minimum parameters for
the salt length, password length and iteration count. These
parameters should be also used in the KAT.
* Add gnutls-FIPS-PBKDF2-KAT-requirements.patch
- Enable to run the regression tests also in FIPS mode.
- Update to 3.7.4:
* libgnutls: Added support for certificate compression as defined
in RFC8879.
* certtool: Added option --compress-cert that allows user to
specify compression methods for certificate compression.
* libgnutls: GnuTLS can now be compiled with --enable-strict-x509
configure option to enforce stricter certificate sanity checks
that are compliant with RFC5280.
* libgnutls: Removed IA5String type from DirectoryString within
issuer and subject name to make DirectoryString RFC5280 compliant.
* libgnutls: Added function to retrieve the name of current
ciphersuite from session.
* Bump libgnutlsxx soname due to ABI break
* API and ABI modifications:
- GNUTLS_COMP_BROTLI: New gnutls_compression_method_t enum member
- GNUTLS_COMP_ZSTD: New gnutls_compression_method_t enum member
- gnutls_compress_certificate_get_selected_method: Added
- gnutls_compress_certificate_set_methods: Added
* Update gnutls.keyring
++++ grub2:
- Fix duplicated insmod part_gpt lines in grub.cfg (bsc#1197186)
* 0001-grub-probe-Deduplicate-probed-partmap-output.patch
++++ gstreamer:
- Update to version 1.20.1:
+ deinterlace: various bug fixes for yadif, greedy and scalerbob
methods
+ gtk video sink: Fix rotation not being applied when paused
+ gst-play-1.0: Fix trick-mode handling in keyboard shortcut
+ jpegdec: fix RGB conversion handling
+ matroskademux: improved ProRes video handling
+ matroskamux: Handle multiview-mode/flags/pixel-aspect-ratio
caps fields correctly when checking caps equality on input caps
changes
+ videoaggregator fixes (negative rate handling, current position
rounding)
+ soup http plugin: Lookup libsoup dylib files on Apple
platforms; fix Cerbero static build on Android and iOS
+ Support build against libfreeaptx in openaptx plugin
+ Fix linking issues on Illumos distros
+ GstPlay: Fix new error + warning parsing API (was unusuable
before)
+ mpegtsmux: VBR muxing fixes
+ nvdecoder: Various fixes for 4:4:4 and high-bitdepth decoding
+ Support build against libfreeaptx in openaptx plugin
+ webrtc: Various fixes to the webrtc-sendrecv python example
+ macOS: support a relocatable `GStreamer.framework` on macOS
+ macOS: fix applemedia plugin failing to load on ARM64 macOS
+ windows: ship wavpack library
+ gst-python: Fix build with Python 3.11
+ various bug fixes, memory leak fixes, and other stability and
reliability improvements
+ plugin loader: show the reason when spawning of
gst-plugin-scanner fails
+ registry, plugin loading: fix dynamic relocation if
GST_PLUGIN_SUBDIR (libdir) is not a single subdirectory;
improve GST_PLUGIN_SUBDIR handling
+ context: fix transfer annotation on
gst_context_writable_structure() for bindings
+ baseparse: Don't truncate the duration to milliseconds in
gst_base_parse_convert_default()
+ bufferpool: Deactivate pool and get rid of references to other
objects from dispose instead of finalize
++++ gstreamer-plugins-base:
- Update to version 1.20.1:
+ typefindfunctions: Fix WebVTT format detection for very short
files
+ gldisplay: Reorder GST_GL_WINDOW check for egl-device
+ rtpbasepayload: Copy all buffer metadata instead of just
GstMetas for the input meta buffer
+ codec-utils: Avoid out-of-bounds error
+ navigation: Fix Since markers for mouse scroll events
+ videoaggregator: Fix for unhandled negative rate
+ videoaggregator: Use floor() to calculate current position
+ video-color: Fix for missing clipping in PQ EOTF function
+ gst-play-1.0: Fix trick-mode handling in keyboard shortcut
+ audiovisualizer: shader: Fix out of bound write
++++ kernel-default:
- Disable 5.16.10-026-NFSv4.1-query-for-fs_location-attr-on-a-new-f.patch (boo#1196521)
This patch causes a regression and probably should not have been
backported to stable anyway. Disable it.
Links to upstream discussions in the bug.
- commit 40a4b1d
++++ at-spi2-core:
- Update to version 2.44.0:
+ Unlink the socket before binding when using dbus-broker. Fixes
regression introduced in 2.43.92 where restarting the bus
launcher would fail.
++++ libepoxy:
- Update to version 1.5.10:
+ Fix for building with MSVC on non-English locale.
+ Fix build on Android.
+ Add the right include paths for EGL and X11 headers.
- Upstream tarball url changed, probably by mistake, so leave old
url in place, but disabled.
++++ graphene:
- Update to version 1.10.8:
+ ray:
- simplify NaN checking.
- Improve intersection
+ Build fixes.
+ SIMD:
- Make reciprocal operations 0-safe.
- Add simplified scalar reciprocal.
+ tests:
- Fix installed introspection test.
- Add ray intersection unit.
+ Fix detection of AArch64.
+ Documentation fixes.
++++ openssl-3:
- Add crypto-policies support.
* Fix some tests that couldn't find the openssl3.cnf location
* Rebase patch:
openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
++++ libsoup:
- Update to version 3.0.5:
+ Misc HTTP/2 fixes.
+ Fix missing files for installed-tests.
+ Fix SoupServer not properly handling invalid percent encoded
paths.
+ Fix other areas not properly handling invalid percent encoded
paths.
+ Fix SoupLogger:max-body-size of 0 meaning log nothing.
++++ libxml2:
- Build python bindings in a 2nd run, using multibuild: otherwise,
libxml2 requires pkgconfig(libxml-2.0) to build, causing issues
to bootstrap.
++++ openSUSE-build-key:
- gpg-pubkey-307e3d54-5aaa90a5.asc: remove the RSA 1024bit SLE11 key
and try to remove it from installed systems via Obsoletes.
++++ python-MarkupSafe:
- specfile:
* update copyright year
* require python >= 3.7
- update to version 2.1.1:
* Avoid ambiguous regex matches in "striptags". :pr:`293`
- changes from version 2.1.0:
* Drop support for Python 3.6. :pr:`262`
* Remove "soft_unicode", which was previously deprecated. Use
"soft_str" instead. :pr:`261`
* Raise error on missing single placeholder during string
interpolation. :issue:`225`
* Disable speedups module for GraalPython. :issue:`277`
++++ libxml2-python:
- Build python bindings in a 2nd run, using multibuild: otherwise,
libxml2 requires pkgconfig(libxml-2.0) to build, causing issues
to bootstrap.
++++ rpm-config-SUSE:
- Update to version 20220317:
* set buildshell to use bash
------------------------------------------------------------------
------------------ 2022-3-17 - Mar 17 2022 -------------------
------------------------------------------------------------------
++++ cockpit-machines:
- Update to 264:
https://github.com/cockpit-project/cockpit-machines/releases/tag/264
++++ dbus-1:
- Drop use of %{with libalternatives}, there's no such bcond defined
and in many other places it's not optional anyway (boo#1197258)
++++ glib2:
- Update to version 2.71.3:
+ Fix flaky `GDebugController` tests
+ Numerous small documentation updates
+ Bugs fixed: glgo#GNOME/GLib#517, glgo#GNOME/GLib#1929,
glgo#GNOME/GLib#2589, glgo#GNOME/GLib#2598,
glgo#GNOME/GLib#2609, glgo#GNOME/GLib#2611,
glgo#GNOME/GLib#2612, glgo#GNOME/GLib#2613,
glgo#GNOME/GLib!1707, glgo#GNOME/GLib!2424,
glgo#GNOME/GLib!2451, glgo#GNOME/GLib!2466,
glgo#GNOME/GLib!2480, glgo#GNOME/GLib!2485,
glgo#GNOME/GLib!2490, glgo#GNOME/GLib!2491,
glgo#GNOME/GLib!2492, glgo#GNOME/GLib!2493,
glgo#GNOME/GLib!2501, glgo#GNOME/GLib!2502,
glgo#GNOME/GLib!2503, glgo#GNOME/GLib!2504,
glgo#GNOME/GLib!2505, glgo#GNOME/GLib!2506,
glgo#GNOME/GLib!2507, glgo#GNOME/GLib!2508,
glgo#GNOME/GLib!2509, glgo#GNOME/GLib!2510,
glgo#GNOME/GLib!2512, glgo#GNOME/GLib!2513,
glgo#GNOME/GLib!2514, glgo#GNOME/GLib!2515,
glgo#GNOME/GLib!2516, glgo#GNOME/GLib!2517,
glgo#GNOME/GLib!2518, glgo#GNOME/GLib!2519,
glgo#GNOME/GLib!2520, glgo#GNOME/GLib!2523,
glgo#GNOME/GLib!2524, glgo#GNOME/GLib!2525,
glgo#GNOME/GLib!2526, glgo#GNOME/GLib!2527,
glgo#GNOME/GLib!2528, glgo#GNOME/GLib!2531.
+ Updated translations.
- Split gtk-docs from -devel package, these are not needed
during building projects using glib2
- Use _multibuild as the meson buildprocess is very awkward
regarding the documentation - builds single-jobs only and
twice (again during %install). This way the rest of distribution
waiting for glib2-devel to be available is not blocked by this
- Update to version 2.71.2:
+ Rework `glib-compile-resources` to output compiler-specific
files to reduce compilation time; see the new `--compiler`
option.
+ Add a cross-platform API for aligned memory allocations
(`g_aligned_alloc()`, `g_aligned_alloc0()` and
`g_aligned_free()`).
+ Deprecate `force_posix_threads` configure option, since it was
a workaround for static linking on Windows.
+ Add `GBindingGroup` and `GSignalGroup` APIs.
+ Implement FD remapping support for
`g_spawn_async_with_pipes_and_fds()` on Windows.
+ Add an async file move API, `g_file_move_async()`.
+ Bugs fixed: glgo#GNOME/GLib#1190, glgo#GNOME/GLib#2329,
glgo#GNOME/GLib#2492, glgo#GNOME/GLib#2563,
glgo#GNOME/GLib#2574, glgo#GNOME/GLib#2592,
glgo#GNOME/GLib#2601, glgo#GNOME/GLib!2235,
glgo#GNOME/GLib!2378, glgo#GNOME/GLib!2404,
glgo#GNOME/GLib!2433, glgo#GNOME/GLib!2458,
glgo#GNOME/GLib!2464, glgo#GNOME/GLib!2465,
glgo#GNOME/GLib!2467, glgo#GNOME/GLib!2468,
glgo#GNOME/GLib!2469, glgo#GNOME/GLib!2471,
glgo#GNOME/GLib!2472, glgo#GNOME/GLib!2473,
glgo#GNOME/GLib!2476, glgo#GNOME/GLib!2477,
glgo#GNOME/GLib!2481, glgo#GNOME/GLib!2482,
glgo#GNOME/GLib!2483, glgo#GNOME/GLib!2484,
glgo#GNOME/GLib!2487, glgo#GNOME/GLib!2488.
+ Updated translations.
- Update to version 2.71.1:
+ Basic support for static builds on Windows
+ Add `GDebugController` and a D-Bus implementation which exposes
whether debug output is enabled in a process using the
`org.gtk.Debugging` D-Bus interface
+ Support for `AF_UNIX` sockets on Windows 10 (and later)
+ Several important fixes to GDBus message and GVariant parsing
of invalid data
+ Fix potential data loss due to missing fsync when saving files
on btrfs
+ Fix potential buffer overflows in `garray.c` for very large
`GArray`s and `GPtrArray`s
+ Fix FDs in gspawn not being closed and causing process hangs if
`close_range()` fails unexpectedly
+ Fix `g_find_program_in_path()` not returning an absolute path
if `$PATH` is relative
+ Add support for loading PKCS#12 encrypted files in
`GTlsCertificate`
+ A number of improvements to unit tests
+ Support `LOCAL_PEERPID` on macOS, giving partial support for
PIDs in `GCredentials` on that platform
+ Add `g_get_user_state_dir()` to support `XDG_STATE_HOME`
+ Add `g_hash_table_new_similar()` to copy a hash table and its
hash/equal functions without its data
+ Support D-Bus client authentication with `EXTERNAL` on Windows
+ Add a reStructuredText documentation generator to
`gdbus-codegen`
+ Add a Windows implementation of `GMemoryMonitor`
+ Bugs fixed: glgo#GNOME/GLib#692, glgo#GNOME/GLib#1190,
glgo#GNOME/GLib#2487, glgo#GNOME/GLib#2550,
glgo#GNOME/GLib#2557, glgo#GNOME/GLib#2559,
glgo#GNOME/GLib#2560, glgo#GNOME/GLib#2564,
glgo#GNOME/GLib#2565, glgo#GNOME/GLib#2571,
glgo#GNOME/GLib#2572, glgo#GNOME/GLib#2578,
glgo#GNOME/GLib#2579, glgo#GNOME/GLib#2580,
glgo#GNOME/GLib#2582, glgo#GNOME/GLib#2585,
glgo#GNOME/GLib#2586, glgo#GNOME/GLib!2239,
glgo#GNOME/GLib!2362, glgo#GNOME/GLib!2384,
glgo#GNOME/GLib!2395, glgo#GNOME/GLib!2399,
glgo#GNOME/GLib!2400, glgo#GNOME/GLib!2402,
glgo#GNOME/GLib!2403, glgo#GNOME/GLib!2405,
glgo#GNOME/GLib!2407, glgo#GNOME/GLib!2411,
glgo#GNOME/GLib!2412, glgo#GNOME/GLib!2413,
glgo#GNOME/GLib!2414, glgo#GNOME/GLib!2417,
glgo#GNOME/GLib!2423, glgo#GNOME/GLib!2425,
glgo#GNOME/GLib!2426, glgo#GNOME/GLib!2428,
glgo#GNOME/GLib!2429, glgo#GNOME/GLib!2431,
glgo#GNOME/GLib!2432, glgo#GNOME/GLib!2434,
glgo#GNOME/GLib!2440, glgo#GNOME/GLib!2441,
glgo#GNOME/GLib!2442, glgo#GNOME/GLib!2447,
glgo#GNOME/GLib!2448, glgo#GNOME/GLib!2452,
glgo#GNOME/GLib!2453, glgo#GNOME/GLib!2454,
glgo#GNOME/GLib!2456, glgo#GNOME/GLib!2459,
glgo#GNOME/GLib!2461, glgo#GNOME/GLib!2463.
+ Updated translations.
- Update to version 2.71.0:
+ Fix network changes not being signalled from NetworkManager.
+ Fix build when building with --fatal-meson-warnings.
+ Various fixes to GWeakRef cleanup and toggle refs.
+ Add `G_DBUS_PROXY_FLAGS_NO_MATCH_RULE` flag for disabling match
rules when creating a `GDBusProxy`.
+ Fix FD remapping in `g_spawn_async_with_pipes_and_fds()` with
certain values of target FDs.
+ Make `GDBusProxy::g-signal` signal detailed with D-Bus signal
names.
+ Emit `launched` signal for D-Bus activation of apps with
`GDesktopAppInfo`.
+ Fix IDs of `GDesktopAppInfo`s which are constructed from a
`.desktop` file in a subdirectory.
+ Add `--interactive` option to `gdbus call`.
+ Add `G_SUBPROCESS_FLAGS_SEARCH_PATH_FROM_ENVP` to
`GSubprocess`.
+ Lots of bug fixes.
+ Updated translations.
- Rebase glib2-bgo569829-gettext-gkeyfile.patch.
- Update to version 2.70.5:
+ g_time_zone_new_offset() assertion failure if offset >= 25
hours.
+ glib: fix buffer overflow in g_canonicalize_filename().
+ gtimezone: Fix assertion failure when called with a huge
offset.
+ Updated translations.
++++ rdma-core:
- util-Add-barriers-support-for-RISC-V.patch: Backport from upstream: Add
barriers support for RISC-V
++++ gcc12:
- Bump to c43cb355f25dd22133d15819bd6ec03d3d3939fd, git192094.
++++ systemd:
- Add 1000-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch
A temporary workaround until bsc#1197178 is resolved.
++++ timezone:
- timezone update 2022a:
* Palestine will spring forward on 2022-03-27, not -03-26*
* zdump -v now outputs better failure indications
* Bug fixes for code that reads corrupted TZif data
------------------------------------------------------------------
------------------ 2022-3-16 - Mar 16 2022 -------------------
------------------------------------------------------------------
++++ NetworkManager:
- Do not requires dhcp-client, NM is using its internal client
by default for a long time now.
- Convert iproute2 and iputils requires to recommends, they
should not be hard requires.
++++ grub2:
- Fix GCC 12 build failure (bsc#1196546)
* 0001-mkimage-Fix-dangling-pointer-may-be-used-error.patch
* 0002-Fix-Werror-array-bounds-array-subscript-0-is-outside.patch
* 0003-reed_solomon-Fix-array-subscript-0-is-outside-array-.patch
- Revised
* grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch
* 0002-ieee1275-powerpc-enables-device-mapper-discovery.patch
++++ k3s-selinux:
- Update to version 1.1.stable.1:
* fix centos 7
- remove file k3s.if as it is now included in a release
- Update to version 1.0.stable.1:
* centos 8 vault: side-step eol problems (#28)
* k3s-root: reduced executable privileges (#26)
++++ kernel-default:
- Linux 5.16.15 (bsc#1012628).
- arm64: dts: qcom: sm8350: Describe GCC dependency clocks
(bsc#1012628).
- arm64: dts: qcom: sm8350: Correct UFS symbol clocks
(bsc#1012628).
- HID: elo: Revert USB reference counting (bsc#1012628).
- HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts
(bsc#1012628).
- ARM: boot: dts: bcm2711: Fix HVS register range (bsc#1012628).
- clk: qcom: gdsc: Add support to update GDSC transition delay
(bsc#1012628).
- clk: qcom: dispcc: Update the transition delay for MDSS GDSC
(bsc#1012628).
- soc: mediatek: mt8192-mmsys: Fix dither to dsi0 path's input
sel (bsc#1012628).
- HID: vivaldi: fix sysfs attributes leak (bsc#1012628).
- HID: nintendo: check the return value of alloc_workqueue()
(bsc#1012628).
- arm64: dts: armada-3720-turris-mox: Add missing ethernet0 alias
(bsc#1012628).
- tipc: fix kernel panic when enabling bearer (bsc#1012628).
- vdpa/mlx5: add validation for VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET
command (bsc#1012628).
- vduse: Fix returning wrong type in vduse_domain_alloc_iova()
(bsc#1012628).
- net: phy: meson-gxl: fix interrupt handling in forced mode
(bsc#1012628).
- mISDN: Fix memory leak in dsp_pipeline_build() (bsc#1012628).
- vhost: fix hung thread due to erroneous iotlb entries
(bsc#1012628).
- virtio-blk: Don't use MAX_DISCARD_SEGMENTS if max_discard_seg
is zero (bsc#1012628).
- virtio-blk: Remove BUG_ON() in virtio_queue_rq() (bsc#1012628).
- vdpa: fix use-after-free on vp_vdpa_remove (bsc#1012628).
- isdn: hfcpci: check the return value of dma_set_mask() in
setup_hw() (bsc#1012628).
- net: qlogic: check the return value of dma_alloc_coherent()
in qed_vf_hw_prepare() (bsc#1012628).
- esp: Fix BEET mode inter address family tunneling on GSO
(bsc#1012628).
- net: gro: move skb_gro_receive_list to udp_offload.c
(bsc#1012628).
- qed: return status of qed_iov_get_link (bsc#1012628).
- smsc95xx: Ignore -ENODEV errors when device is unplugged
(bsc#1012628).
- gpiolib: acpi: Convert ACPI value of debounce to microseconds
(bsc#1012628).
- drm/i915/psr: Set "SF Partial Frame Enable" also on full update
(bsc#1012628).
- drm/sun4i: mixer: Fix P010 and P210 format numbers
(bsc#1012628).
- net: dsa: mt7530: fix incorrect test in
mt753x_phylink_validate() (bsc#1012628).
- ARM: dts: aspeed: Fix AST2600 quad spi group (bsc#1012628).
- iavf: Fix handling of vlan strip virtual channel messages
(bsc#1012628).
- i40e: stop disabling VFs due to PF error responses
(bsc#1012628).
- ice: stop disabling VFs due to PF error responses (bsc#1012628).
- ice: Fix error with handling of bonding MTU (bsc#1012628).
- ice: Don't use GFP_KERNEL in atomic context (bsc#1012628).
- ice: Fix curr_link_speed advertised speed (bsc#1012628).
- ethernet: Fix error handling in xemaclite_of_probe
(bsc#1012628).
- tipc: fix incorrect order of state message data sanity check
(bsc#1012628).
- net: ethernet: ti: cpts: Handle error for clk_enable
(bsc#1012628).
- net: ethernet: lpc_eth: Handle error for clk_enable
(bsc#1012628).
- net: marvell: prestera: Add missing of_node_put() in
prestera_switch_set_base_mac_addr (bsc#1012628).
- ax25: Fix NULL pointer dereference in ax25_kill_by_device
(bsc#1012628).
- net/mlx5: Fix size field in bufferx_reg struct (bsc#1012628).
- net/mlx5: Fix a race on command flush flow (bsc#1012628).
- net/mlx5e: Lag, Only handle events from highest priority
multipath entry (bsc#1012628).
- net/mlx5e: SHAMPO, reduce TIR indication (bsc#1012628).
- NFC: port100: fix use-after-free in port100_send_complete
(bsc#1012628).
- selftests: pmtu.sh: Kill tcpdump processes launched by subshell
(bsc#1012628).
- selftests: pmtu.sh: Kill nettest processes launched in subshell
(bsc#1012628).
- gpio: ts4900: Do not set DAT and OE together (bsc#1012628).
- mm: gup: make fault_in_safe_writeable() use fixup_user_fault()
(bsc#1012628).
- gianfar: ethtool: Fix refcount leak in gfar_get_ts_info
(bsc#1012628).
- net: phy: DP83822: clear MISR2 register to disable interrupts
(bsc#1012628).
- sctp: fix kernel-infoleak for SCTP sockets (bsc#1012628).
- net: arc_emac: Fix use after free in arc_mdio_probe()
(bsc#1012628).
- net: bcmgenet: Don't claim WOL when its not available
(bsc#1012628).
- net: phy: meson-gxl: improve link-up behavior (bsc#1012628).
- selftests/bpf: Add test for bpf_timer overwriting crash
(bsc#1012628).
- swiotlb: fix info leak with DMA_FROM_DEVICE (bsc#1012628).
- usb: dwc3: pci: add support for the Intel Raptor Lake-S
(bsc#1012628).
- pinctrl: tigerlake: Revert "Add Alder Lake-M ACPI ID"
(bsc#1012628).
- KVM: Fix lockdep false negative during host resume
(bsc#1012628).
- kvm: x86: Disable KVM_HC_CLOCK_PAIRING if tsc is in always
catchup mode (bsc#1012628).
- spi: rockchip: Fix error in getting num-cs property
(bsc#1012628).
- spi: rockchip: terminate dma transmission when slave abort
(bsc#1012628).
- drm/vc4: hdmi: Unregister codec device on unbind (bsc#1012628).
- of/fdt: move elfcorehdr reservation early for crash dump kernel
(bsc#1012628).
- x86/kvm: Don't use pv tlb/ipi/sched_yield if on 1 vCPU
(bsc#1012628).
- drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()
(bsc#1012628).
- net-sysfs: add check for netdevice being present to speed_show
(bsc#1012628).
- hwmon: (pmbus) Clear pmbus fault/warning bits after read
(bsc#1012628).
- nvme-tcp: send H2CData PDUs based on MAXH2CDATA (bsc#1012628).
- PCI: Mark all AMD Navi10 and Navi14 GPU ATS as broken
(bsc#1012628).
- gpio: Return EPROBE_DEFER if gc->to_irq is NULL (bsc#1012628).
- drm/amdgpu: bypass tiling flag check in virtual display case
(v2) (bsc#1012628).
- Revert "xen-netback: remove 'hotplug-status' once it has served
its purpose" (bsc#1012628).
- Revert "xen-netback: Check for hotplug-status existence before
watching" (bsc#1012628).
- ipv6: prevent a possible race condition with lifetimes
(bsc#1012628).
- tracing: Ensure trace buffer is at least 4096 bytes large
(bsc#1012628).
- tracing/osnoise: Make osnoise_main to sleep for microseconds
(bsc#1012628).
- tracing: Fix selftest config check for function graph start
up test (bsc#1012628).
- selftest/vm: fix map_fixed_noreplace test failure (bsc#1012628).
- selftests/memfd: clean up mapping in mfd_fail_write
(bsc#1012628).
- ARM: Spectre-BHB: provide empty stub for non-config
(bsc#1012628).
- fuse: fix fileattr op failure (bsc#1012628).
- fuse: fix pipe buffer lifetime for direct_io (bsc#1012628).
- staging: rtl8723bs: Fix access-point mode deadlock
(bsc#1012628).
- staging: gdm724x: fix use after free in gdm_lte_rx()
(bsc#1012628).
- net: macb: Fix lost RX packet wakeup race in NAPI receive
(bsc#1012628).
- riscv: alternative only works on !XIP_KERNEL (bsc#1012628).
- mmc: meson: Fix usage of meson_mmc_post_req() (bsc#1012628).
- riscv: Fix auipc+jalr relocation range checks (bsc#1012628).
- tracing/osnoise: Force quiescent states while tracing
(bsc#1012628).
- tracing/osnoise: Do not unregister events twice (bsc#1012628).
- arm64: dts: marvell: armada-37xx: Remap IO space to bus address
0x0 (bsc#1012628).
- arm64: Ensure execute-only permissions are not allowed without
EPAN (bsc#1012628).
- arm64: kasan: fix include error in MTE functions (bsc#1012628).
- swiotlb: rework "fix info leak with DMA_FROM_DEVICE"
(bsc#1012628).
- virtio: unexport virtio_finalize_features (bsc#1012628).
- virtio: acknowledge all features before access (bsc#1012628).
- net/mlx5: Fix offloading with ESWITCH_IPV4_TTL_MODIFY_ENABLE
(bsc#1012628).
- ARM: fix Thumb2 regression with Spectre BHB (bsc#1012628).
- watch_queue: Fix filter limit check (bsc#1012628).
- watch_queue, pipe: Free watchqueue state after clearing pipe
ring (bsc#1012628).
- watch_queue: Fix to release page in ->release() (bsc#1012628).
- watch_queue: Fix to always request a pow-of-2 pipe ring size
(bsc#1012628).
- watch_queue: Fix the alloc bitmap size to reflect notes
allocated (bsc#1012628).
- watch_queue: Free the alloc bitmap when the watch_queue is
torn down (bsc#1012628).
- watch_queue: Fix lack of barrier/sync/lock between post and read
(bsc#1012628).
- watch_queue: Make comment about setting ->defunct more accurate
(bsc#1012628).
- x86/boot: Fix memremap of setup_indirect structures
(bsc#1012628).
- x86/boot: Add setup_indirect support in
early_memremap_is_setup_data() (bsc#1012628).
- x86/module: Fix the paravirt vs alternative order (bsc#1012628).
- x86/sgx: Free backing memory after faulting the enclave page
(bsc#1012628).
- x86/traps: Mark do_int3() NOKPROBE_SYMBOL (bsc#1012628).
- drm/panel: Select DRM_DP_HELPER for DRM_PANEL_EDP (bsc#1012628).
- perf parse: Fix event parser error for hybrid systems
(bsc#1012628).
- btrfs: make send work with concurrent block group relocation
(bsc#1012628).
- riscv: dts: k210: fix broken IRQs on hart1 (bsc#1012628).
- vhost: allow batching hint without size (bsc#1012628).
- commit 2bd8d63
- config: enable XFS_RT (bsc#1197190)
- commit 253c423
- rpm: Run external scriptlets on uninstall only when available
(bsc#1196514 bsc#1196114 bsc#1196942).
When dependency cycles are encountered package dependencies may not be
fulfilled during zypper transaction at the time scriptlets are run.
This is a problem for kernel scriptlets provided by suse-module-tools
when migrating to a SLE release that provides these scriptlets only as
part of LTSS. The suse-module-tools that provides kernel scriptlets may
be removed early causing migration to fail.
- commit ab8dd2d
- rpm/*.spec.in: remove backtick usage
- commit 87ca1fb
- rpm: SC2006: Use $(...) notation instead of legacy backticked `...`.
- commit f0d0e90
++++ libiscsi:
- Update to version 1.19.0+git.20220303:
* iscsi-command: Fix leak in iscsi_send_data_out
* iscsi-pr: add persistent reservation tool
* add iscsi_force_reconnect()
* add libiscsi.syms to .gitignore
++++ protobuf:
- Change Requires: zlib-devel to pkgconfig(zlib) so as not to conflict with libz-ng-compat1.
++++ sqlite3:
- Remove obsolete configure flags
- Package the Tcl bindings here again so that we only ship one copy
of SQLite (bsc#1195773).
++++ systemd:
- Import commit 8ef8dfd5401ba18caec59e54a05af9f2e0d7ac65 (merge of v250.4)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/ca89b1d1fd1ae86cc1e763d2d01ec2806f3a4d3a...8ef8dfd5401ba18caec59e54a05af9f2e0d7ac65
- Import commit ca89b1d1fd1ae86cc1e763d2d01ec2806f3a4d3a
37b683c832 journal: preserve acls when rotating user journals with NOCOW attribute set
d043fabebc journal: when copying journal file to undo NOCOW flag, go via fd
78c2766689 journal-file: explicitly handle file systems that do not support hole punching
7ecfb4b098 journal-file: fix error handling of pread() in journald_file_punch_holes()
c4946a412c journal-file: don't use pread() when determining where to append, use mmap as before
d3fbd20628 journal: various fixes to journal_file_read_object()
5897a8e8d4 shared: Handle filesystems that don't support hole punching in COPY_HOLES
27746408e2 journal: Truncate file instead of punching hole in final object
59b6130030 shared: Ensure COPY_HOLES copies trailing holes
ac9ccba73f journal: stat journal file after truncating
0257283444 journal: Copy holes when archiving BTRFS journal files
26c2a9952d shared: Copy holes in sparse files in copy_bytes_full()
6c7191dece copy: fix wrong argument passed to S_ISREG() in copy_file_fd_full()
af0a43024d udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529)
++++ podman:
- Update to version 4.0.2:
* Bump to v4.0.2
* Update release notes for v4.0.2
* Revert "use GetRuntimeDir() from c/common"
* Revert "Option --url and --connection should imply --remote."
* Option --url and --connection should imply --remote.
* Bump to v4.0.2-dev
* Bump to v4.0.1
* Update release notes for v4.0.1
* Fix a potential flake in volume plugins tests
* Propagate $CONTAINERS_CONF to conmon
* tests: Remove inaccurate comment
* System tests: show one-line config overview
* provide better error on invalid flag
* use GetRuntimeDir() from c/common
* kube: honor --build=false and make --build=true by default
* system tests: cleanup networks on teardown
* Remove the runtime lock
* Don't log errors on removing volumes inuse, if container --volumes-from
* kube: honor mount propagation mode
* Load ip_tables modules at boot
* Cirrus: Disable F34 aka prior-fedora testing
* Cirrus: Update VM Images for 4.0 release
* Bump to v4.0.1-dev
* Bump to v4.0.0
* Release notes for v4.0.0 final
* Fix lint
* Fix manifest 4.0 Endpoints Branch forced 4.0 only endpoints
* Introduce podman machine init --root=t|f and podman machine set --root=t|f
* Initial implementation of mac forwarding using a privileged docker sock claim helper
* ignition: propagate proxy settings from a host into a vm
* Update to podman4 copr stream
* Unify ls --filter docs for networks and pods
* e2e: merge after/since image-filter tests
* podman network: add documentation for netavark
* create: Fix key=value annotation in the flag output
* enable netavark specific tests
* Fix checkpoint/restore pod tests
* Make sure building with relative paths work correctly.
* Add 409 response to swagger godoc
* Fix images since/after tests
* Changes of docker descriptions
* Temporarily pull machine images from side repo
* Cirrus: TODO: netavark/aardvark release branches
* Cirrus: Expand netavark testing to include rootless
* Cirrus: Minor - limit release task applicability
* Cirrus: Add [CI:BUILD] magic that only builds
* CI: fix nightly builds
* Cirrus: Log netavark/aardvark binary build info.
* Cirrus: Add netavark/aardvark system test task
* Cirrus: Also download aardvark-dns binary
* Cirrus: Add e2e task w/ upstream netavark
* Revert minimum API change
* netavark e2e tests
* Bump to v4.0.0-dev
* Bump to v4.0.0-RC5
* Update release notes for v4.0.0-RC5
* Modify /etc/resolv.conf when connecting/disconnecting
* Do not set the network config dir to cni plugin dir
* Show API doc for several versions
* [NO NEW TEST NEEDED] Add schema for ImageCreate 200 response.
* fix: Multiplication of durations
* move rootless netns slirp4netns process to systemd user.slice
* compat: endpoint /build must set header content type as application/json in reponse
* Cleanup: remove obsolete/misleading bug workaround
* tests: retrofit healthcheck system tests
* healthcheck, libpod: Read healthcheck event output from os pipe
* Fix: Do not print error when parsing journald log fails
* Bump github.com/buger/goterm from 1.0.1 to 1.0.4
* append podman dns search domain
* Podman pod create --share-parent vs --share=cgroup
* System tests: revert emergency skip of checkpoint tests
* Add version guard to libpod API endpoints
* [v4.0] Bump c/common to v0.47.4
* idmap should be able to be specified along with other options
* Vendor in containers/buildah v1.24.1
* Bump to v4.0.0-dev
* Bump to v4.0.0-RC4
* Disable failing E2E test
* Revert "Move each search dns to its own line"
* Move each search dns to its own line
* Update release notes for v4.0.0-RC4
* Document `schema` values in the `--url` flag
* podman image scp syntax correction
* system prune: remove all networks
* Only change network fields if they were actually changed by the user
* docs: clarify rootless net stats
* Fix size to match Docker selection
* libpod: enforce noexec,nosuid,nodev for /dev/shm
* Clarify remote client means Mac and Windows
* libpod: report slirp4netns network stats
* Add notes to "--oom-kill-disable" not supported on cgroups V2
* Fix use of infra image to clarify default
* Adapt podman images ls filters docs to be aligned with prune filters docs
* ignition, machine: delegate cpu,io cgroup controllers to machine's default users
* pkg/bindings/images.Build(): slashify "dockerfile" values, too
* Remove mention of IPv6 portfwd from release notes
* Bump to v4.0.0-dev
* Bump to v4.0.0-RC3
* Update release notes for v4.0.0-RC3
* Fix Cirrus destination branch
* volume: add support for non-volatile upperdir,workdir for overlay volumes
* github: label issues based on os fix regex
* github: label issues based on os
* Cirrus: Fix get_ci_vm.sh initial setup
* System tests: emergency skip of checkpoint tests
* network create: allow multiple subnets
* Update troubleshooting.md
* Fix sort ordering of filters
* Unify podman prune filter description: volumes, networks, system
* Bump Buildah to v1.24.0
* rootless: drop permission check for devices
* switch podman image scp from depending on machinectl to just os/exec
* Bump github.com/containers/image/v5 from 5.18.0 to 5.19.0
* Bump github.com/containers/storage from 1.38.0 to 1.38.1
* change location of where make outputs podman binary on osx
* Github workflow: Fix parsing of GraphQL response JSON
* Github-workflow: Fix YAML syntax
* Update godoc, swagger using wrong struct
* Makefile: install targets independent of build
* [CI:DOCS] Fix typos and improve language
* CI: enable rootless-remote system tests
* pkg/specgen/generate/security: fix error message
* Github workflow: Send e-mail on job error
* Github workflow: Update Cirrus-cron GraphQL query
* remote build: set rootless oci isolation correctly
* [CI:DOCS] Fix typos and improve language
* Fix handling of duplicate matches on id expansion
* Show correct default values or show none
* exec: retry rm -rf on ENOTEMPTY and EBUSY
* container create: do not check for network dns support
* libpod: fix leaking fd
* libpod: fix connection leak
* [CI:DOCS] fix typo subpordinate
* Fix filter description and unify filters docs for containers/images prune
* Remove unused param and clean API handlers
* Restore machine start logic that was hanging
* Bump to v4.0.0-dev
* Bump to v4.0.0-RC2
* Final release notes for v4.0.0-rc2
* Run codespell on code
* Update release notes for Podman v4.0.0
* Fix #2 for compat commit handling of --changes
* Fix nil pointer dereference for configmap optional
* Make error message matching in 030-run.bats less fragile
* Don't explicitly check for crun|runc in package information
* Don't segfault if an image layer has no creation timestamp
* compat: remove hardcoded index from load images output report
* compat: images/load must be able to load tar with multiple images
* System tests: fix for new systemd on rawhide
* Remove rootless_networking option from containers.conf
* vendor c/psgo@v1.7.2 (fixes CVE-2022-1227 / bsc#1182428)
* Engine.Remote from containers.conf
* vendor: bump c/common and other vendors
* rootless: report correctly the error
* Implement API forwarding for podman machine on Windows
* Implement env parsing on Windows
* Handle changes in docker compat mode
* Show package version when running on alpine
* Handlers for `generate systemd` with custom dependencies
* APIv2 tests: followup to recent log test
* Add IndexConfigs to compat /info endpoint
* Bump github.com/opencontainers/runc from 1.0.3 to 1.1.0
* apiv2 test: add regression test for #12904
* SECURITY.md: fix the project name
* rename --cni-config-dir to --network-config-dir
* compat attach: fix write on closed channel
* upgrade all dependencies
* Revert "Cirrus: Temporarily disable OSX Cross task"
* Bump github.com/opencontainers/runc from 1.0.3 to 1.1.0
* bump go module to version 4
* [NO NEW TESTS NEEDED] add builddeps to copr template
* CI: rootless user: also create in some root tests
* [WIP] Tests for podman image scp (the sudo form)
* Revamp Libpod state strings for Docker compat
* Cirrus: Temporarily disable OSX Cross task
* update c/common to latest
* Use PODMAN_USERNS environment variable when running as a service
* Unify the method of parsing filters in cmd
* fix default branch links
* [CI:DOCS] fix default branch links
* [CI:DOCS] Unprivileged native overlayfs is now supported
* [CI:DOCS] Fix typo in --env
* Recursively copy cert files.
* Refactor manifest list operations
* Add rpkg template for COPR autobuild
* Fix cgroup mode handling in api server
* Standardize on capatalized Cgroups
* test/system: podman run update /etc/hosts
* Remove two GetImages functions from API
* Use fully-qualified device name in CDI test
* Use new CDI API
* troubleshooting links to main branch
* Podman Build use absolute filepath
* Prohibit --uid/gid map and --pod for container create/run
* podman container rm: remove pod
* Manual fixes for PR #12642:
* podman build enable --all-platforms and --unsetenv
* use events_logfile_path from containers.conf for events log.
* Podman Pod Create --sysctl support
* Wait for podman stop to complete
* libpod: fix check for systemd session
* libpod: refine check for empty pod cgroup
* fix buildah-bud test diff
* upgrade test: check that network backend is cni
* use netns package from c/common
* update buildah to latest and use new network stack
* podman image scp: implement --quiet
* use libnetwork from c/common
* Add --noout option to prevent the output of ids
* remote events: convert TimeNano properly
* Bump github.com/BurntSushi/toml from 0.4.1 to 1.0.0
* vendor latest c/common
* add additional fields to podman machine ls --json
* buildah bud tests: skip failing tests
* Fix permission on secrets directory
* Add podman rm --depend
* fix host.containers.internal entry for macvlan networks
* It takes some time to start a VM
* Pretty Print output of podman machine ls --format json
* Use the InfraImage defined in containers.conf
* Cirrus: Freshen VM images
* Revert "Cirrus: Temp. ignore gitlab task failures"
* pkg: use PROXY_VARS from c/common
* ignition: add support from setting SSL_CERT_FILE
* ignition: propogate HTTP proxy variables from host to remote
* System tests: fix RHEL8 gating tests
* vendor c/common
* Remove dead RuntimeOption functions
* Update docker cli message for case where user creates directory
* Don't add env if optional and not found
* Fix type-o in podman.wxs
* [CI:DOCS] fixes indentation of example pod yaml
* Prevent double decoding of storage options
* Emergency system-test fixes
* add OCI Runtime name to errors
* fix healthcheck timeouts and ut8 coercion
* Don't rename pod if container has the same name
* Set volume NeedsCopyUp to false iff data was copied up
* Fix CI
* correct typo words in docs
* Change Tests to ignore missing containers when removing --all
* test/e2e/pod_initcontainers: fix a flake
* test/e2e/run: don't use date +%N on Alpine
* Support all volume mounts for rootless containers
* Fix wrong 'podman search --format' placeholder
* Fix Container List API call to return mount info
* fix misleading comment regarding default value of cpu period [NO NEW TESTS NEEDED]
* add --ip6 flag to podman create/run
* legacy events: also set exitCode
* Don't initialize the global RNG with GinkgoRandomSeed() in e2e tests
* Avoid collisions on RemoteSocket paths
* Refactor remote socket path determination in tests
* fix doc
* test/system: podman run image with filesystem permission
* test/system: podman run with log-opt option
* Update swagger documentation
* Make it possible to select the volume driver
* Check the mount type for future compatibility
* Implement virtfs volumes for podman machine
* [CI:DOCS] Add example of cpus to init command
* prefix imageId with sha256: in containers list test for compat API ImageId
* Pod Security Option support
* ignition: add certs from current user into the machine while init
* docs: sort swagger operations alpabetically
* .service file removal on failure
* Introduce Windows WSL implementation of podman machine
* podman image scp never enter podman user NS
* Allow users to add host user accounts to /etc/passwd
* container creation: don't apply reserved annotations from image
* [CI:DOCS] clarify `io.podman.annotations.seccomp`
* Error out early if system does not support pre-copy checkpointing
* Update go-criu to v5.3.0
* [CI:DOCS] docs: document rootless userns mappings
* Switch to a new installer approach using a path manipulation helper
* e2e: Add dev/shm checkpoint/restore test
* Enable checkpoint/restore for /dev/shm
* Update github.com/checkpoint-restore/checkpointctl
* Always run passwd management code when DB value is nil
* Warn on use of --kernel-memory
* support hosts without /etc/hosts
* Podman run --passwd
* ci: force scratch build for crun
* Use hosts public ip address in rootless containers
* compat: image normalization: handle sha256 prefix
* specgen: honor userns=auto from containers.conf
* [CI:DOCS] Small checkpoint/restore man page fixes
* [CI:DOCS] Explicitly mention that checkpointing systemd containers might fail
* vendor: update containers/storage
* build: fix test for subid 4
* test: add --rm to podman run commands
* fix(generate): fix up podman generate kube missing env field bug
* legacy events: also set Action="die"
* rootless: include the args in the debug message
* apiv2 tests: use quay.io/libpod/testimage:20210610 for platform tests
* image rm: allow for force-remove infra images
* tests: adjust old build test to expect exit code
* Test for checkpoint specific inspect fields
* Add more checkpoint/restore information to 'inspect'
* build: relay exitcode from imagebuildah to registry
* Removed .service file for healthchecks
* Set machine timezone
* MovePauseProcessToScope do not seed everytime
* bindings rmi test: clarify behavior
* bump cobra to 1.3.0
* .github: revert to the old template
* oci: configure the devices cgroup with default devices
* kill: fix output
* e2e: search flake: skip test on registry.redhat.io
* APIv2 tests: fail on syntax/logic errors
* Show --external containers even without --all option
* apiv2 tests: refactor complicated curls
* fix network id handling
* Update Windows Install Doc
* Fixes #12063 Add docker compatible output after image build.
* pause scope: don't use the global math/rand RNG
* specgen: check that networks are only set with bridge
* container restore/import: store networks from db
* play kube add support for multiple networks
* support advanced network configuration via cli
* Add new networks format to spegecen
* fix incorrect swagger doc for network dis/connect
* network connect allow ip, ipv6 and mac address
* network db: add new strucutre to container create
* remove unneeded return value from c.Networks()
* network db rewrite: migrate existing settings
* network ls: show networks in deterministic order
* Bump github.com/docker/docker
* pprof flakes: bump timeout to 20 seconds
* Add secret list --filter to cli
* Cirrus: Temp. ignore gitlab task failures
* compat build: adhere to q/quiet
* Make XRegistryAuthHeader and XRegistryConfigHeader private
* Remove the authfile parameter of MakeXRegistryAuthHeader
* Simplify the header decision in pkg/bindings/images.Build a bit
* Remove the authfile parameter of MakeXRegistryConfigHeader
* Remove no-longer-useful name variables
* Consolidate creation of SystemContext with auth.json into a helper
* Remove pkg/auth.Header
* Call MakeXRegistryAuthHeader instead of Header(..., XRegistryAuthHeader)
* Turn headerAuth into MakeXRegistryAuthHeader
* Call MakeXRegistryConfigHeader instead of Header(..., XRegistryConfigHeader)
* Turn headerConfig into MakeXRegistryConfigHeader
* Move the auth file creation to GetCredentials
* Consolidate the error handling path in GetCredentials
* Only look up HTTP header values once in GetCredentials
* Use Header.Values in GetCredentials.has
* Beautify GetCredentials.has a bit
* Pass a header value directly to parseSingleAuthHeader and parseMultiAuthHeader
* Simplify parseSingleAuthHeader
* Simplify the interface of parseSingleAuthHeader
* Don't return a header name from auth.GetCredentials
* Fix normalizeAuthFileKey to use the correct semantics
* Rename normalize and a few variables
* Add TestHeaderGetCredentialsRoundtrip
* Add tests for auth.Header
* Improve TestAuthConfigsToAuthFile
* Add unit tests for singleAuthHeader
* Add unit tests for multiAuthHeader
* fix e2e test missing network cleanup
* pprof CI flakes: enforce 5 seconds grace period
* [NO NEW TESTS NEEDED] rootless: declare TEMP_FAILURE_RETRY before usage (Fixes: #12563)
* --hostname should be set when using --pod new:foobar
* Cirrus: Use cached swagger binary
* inotify: make sure to remove files
* System tests: remove rm_pause_image()
* specgen: honor empty args for entrypoint
* generate systemd: support entrypoint JSON strings
* Bump github.com/uber/jaeger-client-go
* remove runlabel test for global opts
* utils: reintroduce moveToCgroup
* autocopr: distro conditionals for containers-common
* vendor c/image/v5@main
* Update vendor or containers/common moving pkg/cgroups there
* volume: apply exact permission of target directory without adding extra 0111
* Cirrus: Remove remnants of nix-based static build
* Refactor podman pods to report.Formatter
* rootless netns: resolve all path components for resolv.conf
* tests: clean up FIXMEs and noise
* fix remote run/start flake
* e2e: fix pprof flakes
* Bump github.com/opencontainers/runc from 1.0.2 to 1.0.3
* vendor c/common@main
* Escape trailing slash in install directory location so the closing quote is not escaped
* centos 9 stream cannot use %autochangelog
* Refactor podman system to report.Formatter [NO NEW TESTS NEEDED]
* add spec file for automated copr builds
* Add restart-sec option to systemd generate
* Fix documentation of (podman image save --compress --uncompressed)
* Improve documentation of (podman image save --format)
* Add support for configmap volumes to play kube
* cmd, push: use the configured compression format
* [CI:DOCS] logformatter: fix corner case with links
* UPdate vendor of image-spec and containers/storage
* vendor: update containers/common
* Update doc to explictly mention using ed25519 in ssh keys
* Refactor podman image command output
* Manual fixes
* Same thing, with BeNumerically("==", x)
* Use HaveLen(x) instead of Expect(len(y)).To(Equal(x))
* Same thing, for BeNumerically("==", 0)
* Use BeEmpty() instead of len(x).To(Equal(0))
* Same as previous, for assertions other than Equal()
* e2e tests: a little more minor cleanup
* compat API: push: report size of manifest
* compat: images/json
* Add ashley-cui, lsm5 and floutoc to owners
* remove ARTIFACT_DIR and ArtifactPath
* Image caches: allow overriding cache dir
* Rename CrioRoot as just Root
* Fix possible rootless netns cleanup race
* [NO NEW TESTS NEEDED] Refactor podman container command output
* Hostname in `spec.hostname` should be passed to infra ctr init opt
* container, cgroup: detect pid termination
* top: parse ps(1) args correctly
* podman, push: expose --compression-format
* e2e: yet more cleanup of BeTrue/BeFalse
* Ensure the generated NodePort values are unique
* Allow containerPortsToServicePorts to fail
* Don't use the global math/rand RNG for service ports
* Move a comment to the relevant place
* a few more manual BeTrue cleanups
* Convert strings.Contains() to Expect(ContainSubstring)
* e2e tests: more cleanup of BeTrue()s
* Implement 'podman run --blkio-weight-device'
* systemd: replace multi-user with default.target
* compat API: allow enforcing short-names resolution to Docker Hub
* Fixed the containerfile not found during remote build.
* podman-remote: prevent leaking secret into image
* podman-remote: copy secret to contextdir is absolute path on host
* api: allow build api to accept secrets
* Only open save output file with WRONLY
* List /etc/containers/certs.d as default for --cert-path
* e2e tests: enable golint
* fix: parsing of HostConfig.Mounts for container create
* Move the chown to after the ADDs
* fix: error reporting for archive endpoint
* Bindings test: emit GIT_COMMIT, for links in logs
* checkpoint do not modify XDG_RUNTIME_DIR
* libpod: improve heuristic to detect cgroup
* libpod, inspect: export cgroup path
* stats: get the memory limit from the spec
* compat: Add compatiblity with Docker/Moby API for scenarios where build fails
* libpod: leave thread locked on errors
* Find and fix empty Expect()s
* Unset SocketLabel after system finishes checkpointing
* Remove StringInSlice(), part 2
* Remove StringInSlice(), part 1
* e2e test cleanup, continued
* Update basic_networking.md
* Warn on failing to update container status
* oci: ack crun output when container is not there
* oci: exit gracefully if container is already dead
* Support env variables based on ConfigMaps sent in payload
* image lookup: do not match *any* tags
* generate systemd: add --start-timeout flag
* Oops! Manual edits to broken tests
* e2e tests: clean up antihelpful BeTrue()s
* Cirrus: Strip out static nix build
* Rename pod on generate of container
* [CI:DOCS] Update notes on java TZ in man page
* Bump github.com/containers/image/v5 from 5.16.1 to 5.17.0
* Fix netavark error handling and teardown issue
* swagger: add layers to build api docs
* compat: add layer caching compatiblity for non podman clients
* Bump github.com/opencontainers/selinux from 1.9.1 to 1.10.0
* Add note about volume with unprivileged container
* Add EXPOSE e2e test
* Support EXPOSE with port ranges
* compat: Add subnet mask behind IP address to match Docker API
* [CI:DOCS] Add java TZ note to run manpage
* Bump github.com/rootless-containers/rootlesskit from 0.14.5 to 0.14.6
* podman-remote does not support signature-policy
* Add tests for restore runtime verification
* Use same runtime to restore a container as during checkpointing
* Force iptables driver for netavark tests
* Make sure netavark output is logged to the syslog
* filter: use filepath.Match to maintain consistency with other pattern matching in podman
* Semiperiodic cleanup of obsolete Skip()s
* [CI:DOCS]upload a translation file
* api/handlers: Add checkpoint/restore FileLocks
* test: Update error string for --file-locks test
* fix duplicated logs command
* Bump github.com/docker/docker
* Bump k8s.io/api from 0.22.3 to 0.22.4
* Do not store the exit command in container config
* Add test for checkpoint/restore with --file-locks
* Add --file-locks checkpoint/restore option
* Cirrus: Bump Fedora to release 35
* Cirrus: Partially revert catatonit --force install
* Revert "Cirrus: Temp. disable prior-fedora testing"
* Cirrus: Workaround log_driver=journald setting
* Cirrus: Fix bindings test hang b/c logging config mismatch
* Cirrus: Timeout bindings test after 30m
* Cirrus: Log more things in bindings and unit tests
* Minor Makefile fix
* rootless netns, one netns per libpod tmp dir
* Introduce Address type to be used in secondary IPv4 and IPv6 inspect data structure.
* volumes: add new option idmap
* remote checkpoint/restore: more fixes
* fix CI
* fix: take absolute path for dd on apple silicon
* System tests: new checkpoint tests
* rootless: use catatonit to maintain user+mnt namespace
* rootless: drop strerror(errno) calls
* rootless: reuse existing open_namespace function
* rootless: use auto cleanup functions
* utils: use podman-pause-$RANDOM.scope name
* hack/bats: deal with new bin helpers
* Change error message for compatibility with docker
* rename libpod nettypes fields
* podman machine start wait for ssh
* fix remote checkpoint/restore
* Add --unsetenv & --unsetenv-all to remove def environment variables
* Set config environment variables early in Podman init
* journald logs: keep reading until the journal's end
* secret: honor custom target for secrets with run
* bindings: reuse context for API requests
* podman machine improve port forwarding
* Network test: fix podman-remote-rootless corner case
* filter: add basic pattern matching for label keys
* cirrus: force-install catatonit
* infra container: replace pause with catatonit
* Revert "add kubernetes pause"
* Added test for checkpoint/restore --print-stats
* Update man pages for checkpoint/restore --print-stats
* Added optional container restore statistics
* Added optional container checkpointing statistics
* Error logs --follow if events-backend != journald, event-logger=journald
* Enable 'podman run --memory-swappiness=0'
* Fix network mode in play kube
* Always create working directory when using compat API
* play kube: don't force-pull infra image
* Podman Image SCP transfer patch
* --authfile command line argument for image sign command.
* Cirrus: Temp. disable prior-fedora testing
* Cirrus: Update to Ubuntu 21.10
* Add failing run test for netavark
* Add flag to overwrite network backend from config
* libpod: create /etc/mtab safely
* Add network backend to podman info
* Add more netavark tests
* select network backend based on config
* Fix RUST_LOG envar for netavark
* netavark IPAM assignment
* netavark network interface
* Make networking code reusable
* Fix flake in upgrade tests
* export adding id-specifier code to setContainerNameForTemplate
* VOLUME must be declared after RUN chown command
* network reload return error if we cannot reload ports
* network reload without ports should not reload ports
* Print headers for system connection ls
* [CI:DOCS] Add CI check for SEE ALSO in man pages
* podman load: support downloading files
* Add links to all SEE ALSO sections
* pod create: read infra image from containers.conf
* rootless: adjust error message
* Fix rootless networking with userns and ports
* support health checks from image configs
* change from run to create in 250-systemd.bats
* Exclude already built sources for static build
* shm_lock: Handle ENOSPC better in AllocateSemaphore
* Fix Zsh completion command documentation
* Match .c files in Makefile
* Add Static Build download instructions to README
* Add links to podman build,run, create see also
* Minor test tweaks
* pod create: read network mode from config
* Bump Catatonit up to v0.1.7
* test connection add
* system: Adds support for removing all named destination via --all
* pod/container create: resolve conflicts of generated names
* podman-generate-kube - remove empty structs from YAML
* Add some information about disabling SELinux when using system volumes
* Fix swagger definition for the new mac address type
* Log Apache access_log-like entries at Info level [NO NEW TESTS NEEDED]
* Test to check for presence of 'stats-dump' in exported checkpoints
* Add 'stats-dump' file to exported checkpoint
* Podman Image SCP rootful to rootless transfer
* rename rootless cni ns to rootless netns
* mount full XDG_RUNTIME_DIR in rootless cni ns
* Bump github.com/checkpoint-restore/go-criu/v5 from 5.1.0 to 5.2.0
* Keep error semantics intact
* Fix rootless cni netns cleanup logic
* tweak a couple of flag descriptions in help output
* Update swagger doc make filed optional
* Fix bindings container log test
* test: run --cgroups=split in new cgroup
* MAC address json unmarshal should allow strings
* Make stop message more similar to start
* Implement top streaming for containers and pods
* Handle HTTP 409 error messages properly for Pod actions
* Add tests
* Fix swagger definitions
* More conforming libpod API and swagger types
* More conforming libpod API and swagger types
* Better emptiness test for custom JSON serializer
* System tests: enhance volume test, add debug prints
* add unit test to containers_test
* Use correct swagger type in doc-comment
* Cirrus: Authorize rootless user self-ssh
* Fix libpod API conformance to swagger
* Fix help message case for `podman version`
* Fix pause usage example
* Use systemctl in local system test
* Allow label and labels when creating volumes
* volumes: be more tolerant and fix infinite loop
* Add information on how podman machine is updated
* volumes: allow more options for devpts
* volumes: do not pass mount opt as formatter string
* Bump k8s.io/api from 0.22.2 to 0.22.3
* runtime: change PID existence check
* oci: rename sub-cgroup to runtime instead of supervisor
* libpod: deduplicate ports in db
* Set flags to test 'logs -f' with journald driver
* Set Checkpointed state to false after restore
* container create: fix --tls-verify parsing
* runtime: check for pause pid existence
* utils: do not overwrite the err variable
* Fix systemd PID1 test
* Record the image stream along with the path
* cgroups: use SessionBusPrivateNoAutoStartup
* vendor: update godbus to v5.0.6
* Slirp4netns with ipv6 set net.ipv6.conf.default.accept_dad=0
* Fix a few problems in 'podman logs --tail' with journald driver
* Allow 'container restore' with '--ipc host'
* Document to not set K8S envars for CNI
* Bump github.com/docker/docker
* pod create: remove need for pause image
* add kubernetes pause
* cirrus: containers: mount directory in /var/tmp to /tmp
* overlay root fs: create mount on runtime dir
* Update vendor github.com/opencontainers/runtime-tools
* If Dockerfile exists in same directory as service, we should not use it.
* Fix tests of podman image trust --raw and --json
* Tighten the expected output of the "podman image trust show" test
* Use INTEGRATION_ROOT instead of current directory
* Add support to play kube for --log-opt
* [NO NEW TESTS NEEDED] Fix off-by-one index comparision (reported by LGTM)
* Fix some typos in documentation and comments (found by codespell)
* Replace 'an user' => 'a user'
* [CI:DOCS] Fix typo keep_id -> keep-id
* Set DOCKER_HOST in the VM
* fuse-overlay probably means fuse-overlayfs.
* Support template unit files in podman generate systemd
* Remove --kernel-memory options
* tag: Support tagging manifest list instead of resolving to images
* Remove infra ID from DB before removing containers
* System tests: confirm that -a and -l clash
* systemd: compatible with rootless mode
* system tests: CONTAINER_* and --help: cleanup
* podman run --memory=0 ... should not set memory limit
* Add information on how to discover default log driver
* Add test for system connection
* Generate Kube should not print default structs
* libpod: change mountpoint ownership c.Root when using overlay on top of external rootfs
* Change podman connection list to use default field
* Allow API to specify size and inode quota
* Use exponential backoff when waiting for a journal entry
* Pod Rm Infra Improvements
* system tests: socket activation: clean up
* rootfs-overlay: fix overlaybase path for cleanups
* Move CONTAINER_HOST and _CONNECTION to IsRemote Function
* We should only be relabeling when on first run
* If CONTAINER_HOST env variable is set default podman --remote=true
* Set targetPort to the port value in the kube yaml
* Do not add TCP to protocol in generated kube yaml
* Use CGO_ENABLED=1 when building natively on darwin
* Test-hang fix: Wait for ready + timeout on connect.
* Checkpoint/Restore test fixes
* Don't include ctr.log if not using file logging
* Don't use docker/pkg/archive, use containers/storage/pkg/archive
* Fix codespell errors
* Adjust tests to verify all subcommands show the help message
* Fix panic in container create compat api
* Don't add image entrypoint to the generate kube yaml
* Display help text on empty subcommand by default
* podman search: display only name and description by default
* codespell code
* Add information about .containerignore to podman build man page
* CNI: fix network create --ip-range
* Kube Gen run as user/group issues
* rootlessport: reduce memory usage of the process
* No space in kube annotations for bind mounts
* Fix CI flake on time of shutdown for API service
* Refactor podman search to be more code friendly
* Unit files: Use actual installed path for podman
* Bump github.com/onsi/ginkgo from 1.16.4 to 1.16.5
* cgroups: use cgroup.controllers to read controllers
* builder: Add support for builder prune
* Remove a volume with --force if container is running
* Use SplitN(2) when copying env variables
* podman stats: move cgroup validation to server
* fix test
* Support readonly rootfs contains colon
* [CI:DOCS] oci-hooks.5.md: fixup section in header
* Enable /debug/pprof API service endpoints
* Not all fields in machine list were set properly
* faster image inspection
* Warn if podman stop timeout expires that sigkill was sent
* [CI:DOCS] introduce --replace flag for play kube
* [CI:DOCS] Include manifest example usage
* Change podman.1 man page to show corret log-level default
* Bump github.com/opencontainers/selinux from 1.8.5 to 1.9.1
* Fixes #11668
* libpod: fix race when closing STDIN
* Ensure `podman ps --sync` functions
* Allow `podman stop` to be run on Stopping containers
* Bump github.com/containers/image/v5 from 5.16.0 to 5.16.1
* Bump github.com/docker/docker
* It really should be no **NEW** tests needed
* README.md: Point to Podman's channels
* Add podman-plugins to upstream image
* CNI networks: reload networks if needed
* bump c/common to latest and c/storage to 1.37.0
* Add --time out for podman * rm -f commands
* Cirrus: Fix defunct package metadata breaking cache
* Pod Events Logging Fix
* [NO TESTS NEEDED] Ignore removed containers
* Pod Volumes From Support
* Add note about empty fields and null values for API responses
* Bump github.com/containers/buildah from 1.23.0 to 1.23.1
* Add podman play kube --no-hosts options
* Gating tests: fix permissions error
* pkg/specgen: cache image in generator
* cirrus: gitlab: download packages
* Add guard for BuildOptions.CommonBuildOpts
* System tests: tighten 'is' operator
* Update README and release notes for v3.4.0
* sdnotify test: accept MAINPID anywhere
* machine: silently cleanup dangling sockets before rm if possible
* Add expose type map[uint16]string to description
* [NO TESTS NEEDED] Fix typo in storage.conf file exists message
* Support selinux options with bind mounts play/gen
* kube: fix conversion from milliCPU to period/quota
* Bump github.com/mattn/go-isatty from 0.0.12 to 0.0.14
* test: use new helper
* test: skip test on rootless cgroupsv1
* machine: Info on successfully stopping qemu machine
* Allow a value of -1 to set unlimited pids limit
* Vendor in latest containers/storage
* Storage can remove ErrNotAContainer as well
* libpod: container create: init variable: do not deep copy spec
* libpod: add GetConfigNoCopy()
* libpod: add execSessionNoCopy
* libpod: do not call (*container).Spec()
* Pod Device-Read-BPS support
* Remind user to check connection or use podman machine
* Ensure pod ID bucket is properly updated on rename
* Fix contributor make targets on Ubuntu and Debian
* Implement PR template to assist review & release
* libpod: do not call (*container).Config()
* [NO TESTS NEEDED] Add port configuration to first regular container
* [CI:DOCS] cmd/podman: no dot for short descriptions
* move network alias validation to container create
* set --cni-config-dir for exit command
* always add short container id as net alias
* image prune: support removing external containers
* System tests: speed up. They've gotten too slow.
* Add dockerfile.5 as man link to containerfile man page
* Set MSI to be 64-bit only.
* fix podman network prune integration test flakes
* Cirrus: Add gitlab podman runner test
* CNI: network remove do not error for ENOENT
* remote build: EvalSymlinks() the context directory
* stop: Do nothing if container was never created in runtime
* logging: new mode -l passthrough
* Allow machine options to be set from containers.conf
* Vendor in containers/common v0.46.0
* podman machine: do not join userns
* Disable docker and alias to podman in FCOS ignition
* added healthcheck to ps command
* Fix english on prune prompt
* Document missing /images/search query parameters
* rootful: do not set XDG_RUNTIME_DIR for cni plugins
* Revert "rootful: unset XDG_RUNTIME_DIR"
* Add completion for machine list format
* Set context dir for play kube build
* Makefile: use -ldflags/-gccgoflags depending on the go implemenatiton
* Update docs for --platform in podman-build.1
* shell completion: do not show images without tag
* podman inspect add State.Health field for docker compat
* podman save: enforce signature removal
* Add JSON version of the machine list
* Add support for :U flag with --mount option
* [CI:DOCS] Add link to running ctrimage on enablesysadm
* Ignore mount errors except ErrContainerUnknown when cleaningup container
* standardize logrus messages to upper case
* podman generate kube should not include images command
* Fix machine image
* sync container state before reading the healthcheck
* Also show the (initial) disk size
* Show cpus and memory in machine list
* Eighty-six eighty-eighty
* net types: remove omitempty from required fields
* podman save: add `--uncompressed`
* Bump CNI to v1.0.1
* vendor c/psgo@v1.7.1
* [CI:DOCS] Add network alias note in man pages
* Add a backoff and retries to retrieving exited event
* Cross-build release-archives w/ arch in filename
* Fix Error, empty output for info: 'VERSION'
* Generate kube should'd add podman default environment vars
* volume: Add support for overlay on named volumes
* Pod Device Support
* Support --format tables in ps output
* Remove references to kube being development
* Add support for retrieving system service --timeout
* Add podman image/container inspect man pages
* [CI:DOCS] Add link to skopeo delete in podman rmi
* vendor c/common@main
* remote untag: support digests
* Created MapOptions for PodCreate
* Bump k8s.io/api from 0.22.1 to 0.22.2
* compat API: /images/json prefix image id with sha256
* podman machine: use gvproxy for host.containers.internal
* utils: return error message from StartTransientUnit
* utils: raise warning only on cgroupv2
* Add podman machine init --now option
* System tests: cleanup, and remove obsolete skips
* Add username flag for machine ssh
* Remove unused code from libpod
* [CI:DOCS] markdown cleanup
* Fix up build the docs site
* Use a new markdown converter for sphinx
* runtime: move pause process to scope
* system: move MovePauseProcessToScope to utils
* system: always move pause process when running on systemd
* system: avoid reading pause pid file
* Only add 127.0.0.1 entry to /etc/hosts with --net=none
* Add no-trunc support to podman-events
* CNI: add ipvlan driver
* CNI: network create support macvlan modes
* Do not allow network modes to be used as network names
* fix inverted condition
* Fix /auth compat endpoint
* Add Drivers method to the Network Interface
* CI: load ipv6 kernel modules for rootless tests
* Drop OCICNI dependency
* Wire network interface into libpod
* cni network configs set ipv6 enables correctly
* default network: do not validate the used subnets
* network create: validate the input subnet
* Set default storage from containers.conf for temporary images
* container runlabel remove image tag from name
* build.bats: fix copy tests after containers/buildah#3486
* build: mirror --authfile to filesystem if pointing to FD instead of file
* Fix example in podman machine init man page
* vendor: Bump github.com/containers/buildah from 1.22.3 to 1.23.0
* api: handle nil pointer dereference in rest endpoints
* build: take advantage of --platform lists
* Document `all` query parameter for /libpod/images/prune
* Show variant and codename of the distribution
* Use new aarch64 fcos repos
* Enhance bindings for IDE hints
* Pod Volumes Support
* test: enable --cgroup-parent test
* libpod: honor --cgroups=split also with pods
* tests: enable --cgroups=disabled test for rootless
* tests: simplify --cgroups=disabled test
* libpod: rootful close binded ports
* Search gvproxy with config.FindHelperBinary()
* rootfs: Add support for rootfs-overlay and bump to buildah v1.22.1-0.202108
* fix restart always with rootlessport
* Cirrus: NM/CNI workaround + Remove prior-Ubuntu
* If container exits with 125 podman should exit with 125
* Bump github.com/json-iterator/go from 1.1.11 to 1.1.12
* bump c/common to v0.44.0
* remove rootlessport socket to prevent EADDRINUSE
* Add deprecated fields for 1.22+ clients that still expect them
* Use default username for podman machine ssh
------------------------------------------------------------------
------------------ 2022-3-15 - Mar 15 2022 -------------------
------------------------------------------------------------------
++++ cockpit:
- make package compatible with OBS version (bsc#1197224):
* move branding images to distribution-logos-SLE package
* re-add dependency on distribution-logos
* remove branding patch and assets (suse-microos-branding.patch,
suse-microos-branding.tar.gz); moved to GitHub fork
* remove local __python3 macro
* apply SLE specific patches only on SLE
++++ distribution-logos-SLE:
- Initial package version (bsc#1197224)
- This package provides distribution-logos to match openSUSE
approach and keep brand images separate from other branding
files (e.g. CSS) which can be submitted to respective upstream
projects.
++++ glib2-branding-openSUSE:
- Update .gschema.override.in: Change default libreoffice startup
entry to libreoffice-startcenter.desktop according to the
libreoffice update (bsc#1195836, bsc#1196951).
++++ grep:
- Make profiling deterministic (bsc#1040589)
++++ kernel-default:
- esp: Fix possible buffer overflow in ESP transformation
(CVE-2022-0886 bsc#1197131).
- commit f5ed8a3
- rpm/kernel-source.spec.in: call fdupes per subpackage
It is a waste of time to do a global fdupes when we have
subpackages.
- commit 1da8439
++++ kernel-firmware:
- Update to version 20220309 (git commit cd01f857da28):
* iwlwifi: add new FWs from core68-60 release
* ath11k: add links for WCN6855 hw2.1
* ath11k: WCN6855 hw2.0: add WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3
* ath11k: WCN6855 hw2.0: add board-2.bin and regdb.bin
* ath10k/ath11k: mark notice.txt as "File:"
* linux-firmware: add firmware for MT7986
* amdgpu: add firmware for SDMA 5.2.7 IP block
* amdgpu: add firmware for PSP 13.0.8 IP block
* amdgpu: add firmware for DCN 3.1.6 IP block
* amdgpu: add firmware for GC 10.3.7 IP block
* rtw89: 8852a: update fw to v0.13.36.0
* iwlwifi: update 9000-family firmwares to core68-60
* amdgpu: update raven2 VCN firmware
* amdgpu: update raven VCN firmware
* amdgpu: update picasso VCN firmware
* linux-firmware: Update firmware file for Intel Bluetooth 9462
* linux-firmware: Update firmware file for Intel Bluetooth 9462
* linux-firmware: Update firmware file for Intel Bluetooth 9560
* linux-firmware: Update firmware file for Intel Bluetooth 9560
* linux-firmware: Update firmware file for Intel Bluetooth AX201
* linux-firmware: Update firmware file for Intel Bluetooth AX201
* linux-firmware: Update firmware file for Intel Bluetooth AX211
* linux-firmware: Update firmware file for Intel Bluetooth AX211
* linux-firmware: Update firmware file for Intel Bluetooth AX210
* linux-firmware: Update firmware file for Intel Bluetooth AX200
* linux-firmware: Update firmware file for Intel Bluetooth AX201
* linux-firmware: Update firmware file for Intel Bluetooth 9560
* linux-firmware: Update firmware file for Intel Bluetooth 9260
* linux-firmware: Update AMD SEV firmware
(CVE-2021-46744, CVE-2021-26339, bsc#1199470, bsc#1199459)
* rtw89: 8852a: update fw to v0.13.35.0
++++ gcc12:
- Add a proper barebones cross compiler for hppa
(named cross-hppa-gcc12-bootstrap). Doesn't yet drop or
rename the icecream variant cross-hppa-gcc12, not does this
add a proper glibc-using cross compiler for hppa.
++++ openssl-1_1:
- Update to 1.1.1n: [bsc#1196877, CVE-2022-0778]
* Security fix [CVE-2022-0778]: Infinite loop for non-prime moduli
in BN_mod_sqrt() reachable when parsing certificates.
* Add ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK
(RFC 5489) to the list of ciphersuites providing Perfect Forward
Secrecy as required by SECLEVEL >= 3.
* Rebase openssl-1.1.1-fips.patch openssl-1.1.1-evp-kdf.patch
++++ openssl-3:
- Update to 3.0.2: [bsc#1196877, CVE-2022-0778]
* Security fix [CVE-2022-0778]: Infinite loop for non-prime moduli
in BN_mod_sqrt() reachable when parsing certificates.
* Add ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK
(RFC 5489) to the list of ciphersuites providing Perfect Forward
Secrecy as required by SECLEVEL >= 3.
* Made the AES constant time code for no-asm configurations
optional due to the resulting 95% performance degradation.
The AES constant time code can be enabled, for no assembly
builds, with: ./config no-asm -DOPENSSL_AES_CONST_TIME
* Fixed PEM_write_bio_PKCS8PrivateKey() to make it possible to
use empty passphrase strings.
* The negative return value handling of the certificate
verification callback was reverted. The replacement is to set
the verification retry state with the SSL_set_retry_verify()
function.
* Rebase openssl-use-versioned-config.patch
++++ ceph:
- Update to 16.2.7-640-gceb23c7491b
+ (bsc#1194875) common: fix FTBFS due to dout & need_dynamic on GCC-12
+ (bsc#1196938) cephadm: preserve authorized_keys file during upgrade
++++ openssl:
- Update to 1.1.1n release
++++ patterns-alp:
- Don't ship too much NetworkManager packages
- Don't install busybox (not needed ATM).
++++ python-py:
- use %python_expand for %fdupes
++++ qemu:
- Proactive fix
* Patches added:
hw-nvram-at24-return-0xff-if-1-byte-addr.patch
++++ ovmf:
- TPM_ENABLE got renamed to TPM2_ENABLE and TPM_CONFIG_ENABLE removed
(except on ARM for some reason) (boo#1197104)
------------------------------------------------------------------
------------------ 2022-3-14 - Mar 14 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- U_meson-restore-private-requires-to-libdrm-in-dri.pc-f.patch
* Due to a typo the private requires to libdrm were lost in dri.pc.
Fixed another typo (only comment).
++++ Mesa-drivers:
- U_meson-restore-private-requires-to-libdrm-in-dri.pc-f.patch
* Due to a typo the private requires to libdrm were lost in dri.pc.
Fixed another typo (only comment).
++++ cockpit-machines:
- Hide links pointing to RHEL docs, hide-docs.patch (bsc#1197003)
++++ dbus-1:
- set runstatedir correctly
++++ kernel-default:
- Revert "- rpm/fdupes_relink: dups linking implementation in perl (bsc#1195709)"
This has been fixed in fdupes directly, and is no longer necessary. Plus
this causes conflicts with packaging branch, where this should have
landed.
This reverts commit 359854d6ca73269851c604addecdd247d01dfbf0.
- commit d0317f8
++++ ncurses:
- Add ncurses patch 20220312
+ add xterm+acs building-block -TD
+ add xterm-p370, for use in older terminals -TD
+ add dec+sl to xterm-new, per patch #371 -TD
+ add mosh and mosh-256color -TD
- Correct offsets of patches
* ncurses-5.9-ibm327x.dif
* ncurses-6.3.dif
++++ rpm:
- drop rpm-deptracking.patch, this is already upstream and
we were just adding it twice
++++ libzypp:
- Fix package signature check (bsc#1184501)
Pay attention that header and payload are secured by a valid
signature and report more detailed which signature is missing.
- Retry umount if device is busy (bsc#1196061, closes #381)
A previously released ISO image may need a bit more time to
release it's loop device. So we wait a bit and retry.
- Fix serializing/deserializing type mismatch in zypp-rpm
protocol (bsc#1196925)
- Fix handling of ISO media in releaseAll (bsc#1196061)
- Hint on common ptf resolver conflicts (bsc#1194848)
- version 17.29.6 (22)
++++ mdevctl:
- spec: BuildRequires python3-docutils instead of all python
flavors of the docutils module
------------------------------------------------------------------
------------------ 2022-3-13 - Mar 13 2022 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Update to 5.17-rc8
- update configs
- arm64
- MITIGATE_SPECTRE_BRANCH_HISTORY=y
- armv7hl
- HARDEN_BRANCH_HISTORY=y
- commit 9555b2a
++++ sqlite3:
- update to 3.38.1:
* Fix problems with the new Bloom filter optimization that might
cause some obscure queries to get an incorrect answer.
* Fix the localtime modifier of the date and time functions so
that it preserves fractional seconds.
* Fix the sqlite_offset SQL function so that it works correctly
even in corner cases such as when the argument is a virtual
column or the column of a view.
* Fix row value IN operator constraints on virtual tables so that
they work correctly even if the virtual table implementation
relies on bytecode to filter rows that do not satisfy the
constraint.
* Other minor fixes to assert() statements, test cases, and
documentation. See the source code timeline for details.
- add upstream patch to run atof1 tests only on x86_64
sqlite-src-3380100-atof1.patch
------------------------------------------------------------------
------------------ 2022-3-12 - Mar 12 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- enabled "i915" Gallium-based Intel Gen3 driver
++++ Mesa-drivers:
- enabled "i915" Gallium-based Intel Gen3 driver
++++ librsvg:
- Update to version 2.52.7:
+ Backport a fix for the regression that was introduced in the
last release: Output filled text as text for PDF; fixes
regression due to outputting all text as paths.
++++ harfbuzz:
- Update to version 4.0.1:
+ Update OpenType to AAT mappings for “hist†and “vrtr†features
+ Update IANA Language Subtag Registry to 2022-03-02
+ Update USE shaper to allow any non-numeric tail in a symbol
cluster, and remove obsolete data overrides
+ Fix handling of baseline variations to return correctly scaled
values
++++ systemd:
- Update Supplements to new format in baselibs.conf
- Fix libsystemd-shared exclusion in baselibs.conf
- Exclude new cryptsetup libraries in baselibs.conf
------------------------------------------------------------------
------------------ 2022-3-11 - Mar 11 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- fixed llvm/clang buildrequires for sle15-sp4/Leap 15.4
- no longer try to build classic non-Gallium OpenGL drivers
i915, i965, nouveau, r100 and r200, which have been dropped with
Mesa 22.0.0; see also some documentation on Phoronix
https://www.phoronix.com/scan.php?page=news_item&px=Mesa-Classic-Retired
++++ Mesa-drivers:
- fixed llvm/clang buildrequires for sle15-sp4/Leap 15.4
- no longer try to build classic non-Gallium OpenGL drivers
i915, i965, nouveau, r100 and r200, which have been dropped with
Mesa 22.0.0; see also some documentation on Phoronix
https://www.phoronix.com/scan.php?page=news_item&px=Mesa-Classic-Retired
++++ boost-base:
- add dependency on libzstd and libzstd-devel to get on-the-fly
zstd compression in boost-iostreams
++++ permissions:
- Update to version 20220309:
* apptainer whitelisting (bsc#1196145)
++++ curl:
- Fix: openssl: fix CN check error code
* Add curl-fix-verifyhost.patch
++++ grub2:
- Fix grub-install error when efi system partition is created as mdadm software
raid1 device (bsc#1179981) (bsc#1195204)
* 0001-install-fix-software-raid1-on-esp.patch
++++ kernel-default:
- Linux 5.16.14 (bsc#1012628).
- Revert "ACPI: PM: s2idle: Cancel wakeup before dispatching EC
GPE" (bsc#1012628).
- xen/netfront: react properly to failing
gnttab_end_foreign_access_ref() (bsc#1012628).
- xen/gnttab: fix gnttab_end_foreign_access() without page
specified (bsc#1012628).
- xen/pvcalls: use alloc/free_pages_exact() (bsc#1012628).
- xen/9p: use alloc/free_pages_exact() (bsc#1012628).
- xen: remove gnttab_query_foreign_access() (bsc#1012628).
- xen/gntalloc: don't use gnttab_query_foreign_access()
(bsc#1012628).
- xen/scsifront: don't use gnttab_query_foreign_access() for
mapped status (bsc#1012628).
- xen/netfront: don't use gnttab_query_foreign_access() for
mapped status (bsc#1012628).
- xen/blkfront: don't use gnttab_query_foreign_access() for
mapped status (bsc#1012628).
- xen/grant-table: add gnttab_try_end_foreign_access()
(bsc#1012628).
- xen/xenbus: don't let xenbus_grant_ring() remove grants in
error case (bsc#1012628).
- ARM: fix build warning in proc-v7-bugs.c (bsc#1012628).
- arm64: Do not include __READ_ONCE() block in assembly files
(bsc#1012628).
- ARM: Do not use NOCROSSREFS directive with ld.lld (bsc#1012628).
- ARM: fix co-processor register typo (bsc#1012628).
- ARM: fix build error when BPF_SYSCALL is disabled (bsc#1012628).
- arm64: proton-pack: Include unprivileged eBPF status in Spectre
v2 mitigation reporting (bsc#1012628).
- arm64: Use the clearbhb instruction in mitigations
(bsc#1012628).
- KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered
and migrated (bsc#1012628).
- arm64: Mitigate spectre style branch history side channels
(bsc#1012628).
- Update config files.
- arm64: proton-pack: Report Spectre-BHB vulnerabilities as part
of Spectre-v2 (bsc#1012628).
- arm64: Add percpu vectors for EL1 (bsc#1012628).
- arm64: entry: Add macro for reading symbol addresses from the
trampoline (bsc#1012628).
- arm64: entry: Add vectors that have the bhb mitigation sequences
(bsc#1012628).
- arm64: entry: Add non-kpti __bp_harden_el1_vectors for
mitigations (bsc#1012628).
- arm64: entry: Allow the trampoline text to occupy multiple pages
(bsc#1012628).
- arm64: entry: Make the kpti trampoline's kpti sequence optional
(bsc#1012628).
- arm64: entry: Move trampoline macros out of ifdef'd section
(bsc#1012628).
- arm64: entry: Don't assume tramp_vectors is the start of the
vectors (bsc#1012628).
- arm64: entry: Allow tramp_alias to access symbols after the
4K boundary (bsc#1012628).
- arm64: entry: Move the trampoline data page before the text page
(bsc#1012628).
- arm64: entry: Free up another register on kpti's tramp_exit path
(bsc#1012628).
- arm64: entry: Make the trampoline cleanup optional
(bsc#1012628).
- KVM: arm64: Allow indirect vectors to be used without
SPECTRE_V3A (bsc#1012628).
- arm64: spectre: Rename spectre_v4_patch_fw_mitigation_conduit
(bsc#1012628).
- arm64: entry.S: Add ventry overflow sanity checks (bsc#1012628).
- arm64: cpufeature: add HWCAP for FEAT_RPRES (bsc#1012628).
- arm64: cpufeature: add HWCAP for FEAT_AFP (bsc#1012628).
- arm64: add ID_AA64ISAR2_EL1 sys register (bsc#1012628).
- ARM: include unprivileged BPF status in Spectre V2 reporting
(bsc#1012628).
- ARM: Spectre-BHB workaround (bsc#1012628).
- Update config files.
- ARM: use LOADADDR() to get load address of sections
(bsc#1012628).
- ARM: early traps initialisation (bsc#1012628).
- ARM: report Spectre v2 status through sysfs (bsc#1012628).
- Update config files.
- x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF +
SMT (bsc#1012628).
- x86/speculation: Warn about Spectre v2 LFENCE mitigation
(bsc#1012628).
- x86/speculation: Update link to AMD speculation whitepaper
(bsc#1012628).
- x86/speculation: Use generic retpoline by default on AMD
(bsc#1012628).
- x86/speculation: Include unprivileged eBPF status in Spectre
v2 mitigation reporting (bsc#1012628).
- Documentation/hw-vuln: Update spectre doc (bsc#1012628).
- x86/speculation: Add eIBRS + Retpoline options (bsc#1012628).
- x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
(bsc#1012628).
- commit 80acc65
++++ libvirt-dbus:
- Add CONFIG parameter to %sysusers_generate_pre
- Update to version 1.4.1:
* Release of libvirt-dbus 1.4.1
* tests: allow running our tests against installed libvirt-dbus
* tests: report proper error if `abs_top_builddir` is not defined
* gitlab: use --fatal-meson-warnings in builds
* meson: add git_werror option and only set if -Dwerror is not set
* meson: honour meson warning_level setting
* gitlab: adapt to use meson for libvirt-glib build
* ci: refresh containers for CentOS-8 PowerTools repo rename
* gitlab: replace "libvirt-" prefix with "ci-" in dockerfiles
* gitlab: refresh containers with lcitool for fully minimized base
* Dropped patches: libvirt-dbus-systemd.diff
- Add source service file
- Change system-user-libvirt-dbus subpackage to noarch
- Require libvirt group in system-user-libvirt-dbus subpackage
bsc#1196968
++++ zlib:
- Don't install (internal) crypt.h header in minizip
* minizip-dont-install-crypt-header.patch
++++ mdevctl:
- spec: Add /etc/mdevctl.d/scripts.d directory to %files
++++ pam:
- pam-hostnames-in-access_conf.patch: update with upstream
submission. Fixes several bugs including memory leaks.
++++ vim:
- Updated to version 8.2.4542, fixes the following problems
* Terminal test may fail on some machines.
* The GPM library can only be linked statically.
* Vim9: compiling filter() call fails with funcref that has unknown
arguments.
* Vim9: compiling sort() call fails with a funcref that has unknown
arguments.
* Vim9: wrong error for defining dict function.
* Not enough testing for quickfix code.
* Completion only uses strict matching.
* Dtrace files are recognized as filetype D.
* Fuzzy completion does not order matches properly.
"create-directories" as the final argument.
* Running filetype test leaves file behind.
* Coverity warns for uninitialized struct member.
* Coverity warns for uninitialized variable.
* Coverity warns for use of a freed function name.
* Coverity warnds for not checking return value of ftell().
* Memory allocation failures not tested in quickfix code.
* Fuzzy cmdline completion does not work for lower case.
* Operator name spelled wrong.
* Crash when using fuzzy completion.
* No fuzzy completieon for maps and abbreviations.
* Suspending with CTRL-Z does not work on Android.
* Cmdline popup menu not removed when 'lazyredraw' is set.
* No fuzzy cmdline completion for user defined completion.
* Command completion makes two rounds to collect matches.
* Vim9: some error messages are not tested.
* Compiler warning for uninitialized variable.
* Vim9: cannot compare with v:null.
* Build error with +eval but without +channel or +job.
* Failing test for comparing v:null with number.
* Terminal focus reporting only works for xterm-like terminals. (Jonathan
Rascher)
* MS-Windows makefile dependencies are outdated.
* No error if an option is given an invalid value with ":let &opt = val".
* Options test fails in the GUI.
* The find_tags() function is much too long.
* Help test fails in 24 line terminal.
* Coverity gives warnings after tags code refactoring.
* Wrong color for half of wide character next to pum scrollbar.
* Using <Plug> with "noremap" does not work.
* Vim9: at the script level declarations leak from try block to catch and
finally block.
* Vim9: can declare a global variable on the command line.
* With 'showbreak' set and after the end of the line the cursor may be
displayed in the wrong position.
* In the GUI a modifier is not recognized for the key typed after CTRL-X,
which may result in a mapping to be used. (Daniel Steinberg)
* Vim9: there is no point in supporting :Print and :mode.
* When there is a partially matching map and modifyOtherKeys is active a
full map may not work.
* Vim9: outdated "autocmd nested" still works.
* "pattern not found" for :global is not an error message.
* Test fails because of new error message.
* Vim9: cannot assign to a global variable on the command line.
* Vim9: can declare a variable with ":va".
* Vim9: shortening commands leads to confusing script.
* Filetype test fails.
* The find_tags_in_file() function is much too long.
* Window-local directory is not applied if 'acd' fails.
* Vim9: some flow commands can be shortened.
* Old subsitute syntax is still supported.
* Build failure without the +eval feature.
* The binary tag search feature is always enabled.
* Vim9: Can still use ":fini" and ":finis" for ":finish".
* Using wrong highlight for cursor line number.
* Build failure without the +diff feature. (John Marriott)
* GUI test fails with Motif. (Dominique Pellé)
* When gvim is started maximized the 'window' option isn't set
properly. (Christian J. Robinson)
* Some GUI tests don't work on Athena.
* Vim9: cannot set variables to a null value.
* The Athena GUI is old and does not work well.
* Crash when using null_function for a partial.
* Vim9: comparing partial with function fails.
* Making comparison with null work changes legacy behavior.
* LGTM warnings for condition always true and buffer size too small.
* Suspending with CTRL-Z does not work on OpenBSD.
* Vim9: no test that after assigning null the type is still checked.
* Vim9: "is" operator with empty string and null returns true.
* Filename modifer ":8" removes the filename.
* Debugger test fails when breaking on expression.
* Output from linter and language server shows up in git.
* The find_tags_in_file() function is too long.
* When comparing special v:none and v:null are handled the same when
compiling.
* Line number for error is off by one.
* Crash in debugger when a variable is not available in the current block.
* Vim9: "break" inside try/catch not handled correctly.
------------------------------------------------------------------
------------------ 2022-3-10 - Mar 10 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- update to 22.0.0
* lavapipe,radv,anv KHR_dynamic_rendering
* radv EXT_image_view_min_lod
* VK_KHR_synchronization2 on RADV.
* OpenSWR has been moved to the Amber branch
* radeonsi, zink ARB_sparse_texture
* d3d12 GLES3.1 (shader storage buffers, images, compute, indirect draw, draw params,
ARB_framebuffer_no_attachments, ARB_sample_shading, and GLSL400)
* radeonsi, zink ARB_sparse_texture2
* zink EXT_memory_object, EXT_memory_object_fd, EXT_semaphore, EXT_semaphore_fd
* anv VK_VALVE_mutable_descriptor_type
* Vulkan 1.3 on RADV,Anv.
* radeonsi, zink ARB_sparse_texture_clamp
++++ Mesa-drivers:
- update to 22.0.0
* lavapipe,radv,anv KHR_dynamic_rendering
* radv EXT_image_view_min_lod
* VK_KHR_synchronization2 on RADV.
* OpenSWR has been moved to the Amber branch
* radeonsi, zink ARB_sparse_texture
* d3d12 GLES3.1 (shader storage buffers, images, compute, indirect draw, draw params,
ARB_framebuffer_no_attachments, ARB_sample_shading, and GLSL400)
* radeonsi, zink ARB_sparse_texture2
* zink EXT_memory_object, EXT_memory_object_fd, EXT_semaphore, EXT_semaphore_fd
* anv VK_VALVE_mutable_descriptor_type
* Vulkan 1.3 on RADV,Anv.
* radeonsi, zink ARB_sparse_texture_clamp
++++ cockpit-machines:
- Require virt-install and qemu display drivers needed to start
new VMs (bsc#1196971)
++++ lvm2-device-mapper:
- Udev database has incomplete information about device /dev/sda. (bsc#1181242)
+ 0024-pvscan-don-t-use-udev-for-external-device-info.patch
++++ grub2:
- Fix riscv64 build error
* 0001-RISC-V-Adjust-march-flags-for-binutils-2.38.patch
- Fix error in grub-install when linux root device is on lvm thin volume
(bsc#1192622) (bsc#1191974)
* 0001-grub-install-bailout-root-device-probing.patch
++++ kernel-default:
- rpm/arch-symbols,guards,*driver: Replace Novell with SUSE.
- commit 174a64f
- rpm/kernel-docs.spec.in: use %%license for license declarations
Limited to SLE15+ to avoid compatibility nightmares.
- commit 73d560e
++++ libbpf:
- Enable building and packaging of static library.
Explicitly enable fat LTO objects.
++++ rdma-core:
- Update spec file from upstream
- install modprobe.conf files to %_modprobedir (bsc#1196275, jsc#SLE-20639)
- fix build support for riscv
- Added cmake-Make-modprobe.d-path-configurable.patch
- Backport from upstream to allow modprobe files to be installed in a
configurable directory
++++ lvm2:
- Udev database has incomplete information about device /dev/sda. (bsc#1181242)
+ 0024-pvscan-don-t-use-udev-for-external-device-info.patch
++++ mdevctl:
- Update to version v1.1.0 (jsc#SLE-18449):
* use imported std::env for CARGO_PKG_VERSION in build.rs directly
* fix build.rs to allow specify exact path or name of the rst2man
* Don't call unnecessary to_string()
* Report a useful error when /etc/mdevctl.d doesn't exist
* Handle FS permissions problems for defined devices
* Fix needless borrow warning from clippy
* tests: read stdin in callout test scripts
* Report root error when a callout can't be executed
* Don't emit warning for files in /etc/mdevctl.d/scripts.d
* env: add function to get base scripts directory
++++ osinfo-db:
- bsc#1196965 - openSUSE Tumbleweed unattended installation with
libvirt fails
opensuse-autoyast-desktop.patch
++++ ovmf:
- Update to edk2-stable202202
- Features (https://github.com/tianocore/edk2/releases):
OvmfPkg Add new target for Cloud Hypervisor
Add TDVF to OvmfPkg
Add new APIs to UefiCpuPkg/UefiCpuLib
Add AMD Secure Nested Paging Support
Add SSDT PCI generator in DynamicTablesPkg
Support ACPI 6.4 PPTT changes
Add FdtHwInfoParser library
Add DynamicPlatRepo library
Make package and platform builds reproducible across source format changes
Add Uncrustify CI Plugin
Apply uncrustify changes to all package C and H files
- Patches (git log --oneline --reverse edk2-stable202111~..edk2-stable202202):
bb1bba3d77 NetworkPkg: Fix invalid pointer for DNS response token on error
ef9a059cdb EmulatorPkg/Win/Host: Update CC_FLAGS
69877614fd .pytool/Plugin/EccCheck: Remove RevertCode()
854462bd34 .pytool/Plugin/EccCheck: Remove temp directory on exception
3019f1bbab .pytool/Plugin/EccCheck: Add performance optimizations
99f84ff473 .pytools/Plugin/LicenseCheck: Use temp directory for git diff output
76a1ce4d5f .azurepipelines/templates: Update max pipeline job time to 2 hours
365dced2c3 ArmPkg: Update YAML to ignore specific ECC files/errors
1939fc9569 ArmPlatformPkg: Update YAML to ignore specific ECC files/errors
c97fee87f0 ArmVirtPkg: Update YAML to ignore specific ECC files/errors
d5744ecba8 CryptoPkg: Update YAML to ignore specific ECC files/errors
d7d30e8f21 EmulatorPkg: Update YAML to ignore specific ECC files/errors
9deb937076 MdeModulePkg: Update YAML to ignore specific ECC files/errors
df790cd6b3 MdePkg: Update YAML to ignore specific ECC files/errors
60fa40be45 SecurityPkg: Update YAML to ignore specific ECC files/errors
9944508e85 ShellPkg: Update YAML to ignore specific ECC files/errors
c30c40d6c6 StandaloneMmPkg: Update YAML to ignore specific ECC files/errors
c057347977 UefiPayloadPkg: Update YAML to ignore specific ECC files/errors
f0f3f5aae7 UnitTestFrameworkPkg: Update YAML to ignore specific ECC files/errors
dfafa8e453 MdeModulePkg/DxeCorePerformanceLib:Variable Initial
a4a582e180 ArmPkg: Change use of EFI_D_* to DEBUG_*
1d2482e1e3 ArmPlatformPkg: Change use of EFI_D_* to DEBUG_*
c5b3a56e4f ArmVirtPkg: Change use of EFI_D_* to DEBUG_*
a1878955b2 EmbeddedPkg: Change use of EFI_D_* to DEBUG_*
9c7da8d804 EmulatorPkg: Change use of EFI_D_* to DEBUG_*
917e98f3e5 FatPkg: Change use of EFI_D_* to DEBUG_*
87000d7708 MdeModulePkg: Change use of EFI_D_* to DEBUG_*
5f289f3ae3 MdePkg: Change use of EFI_D_* to DEBUG_*
c49ca4a29e NetworkPkg: Change use of EFI_D_* to DEBUG_*
47719926e8 OvmfPkg: Change use of EFI_D_* to DEBUG_*
ca56749b0e PcAtChipsetPkg: Change use of EFI_D_* to DEBUG_*
e905fbb05a SecurityPkg: Change use of EFI_D_* to DEBUG_*
4a1aee13d8 ShellPkg: Change use of EFI_D_* to DEBUG_*
586fda4800 SourceLevelDebugPkg: Change use of EFI_D_* to DEBUG_*
96e1cba5c1 UefiCpuPkg: Change use of EFI_D_* to DEBUG_*
1871d28eaf ArmPkg: Change OPTIONAL keyword usage style
2863ba97ca ArmPlatformPkg: Change OPTIONAL keyword usage style
9607597a74 ArmVirtPkg: Change OPTIONAL keyword usage style
c8f46130f8 CryptoPkg: Change OPTIONAL keyword usage style
fe2d81892f DynamicTablesPkg: Change OPTIONAL keyword usage style
792433088c EmbeddedPkg: Change OPTIONAL keyword usage style
c69fc80c80 EmulatorPkg: Change OPTIONAL keyword usage style
9c721071d3 FmpDevicePkg: Change OPTIONAL keyword usage style
e3917e22e7 MdeModulePkg: Change OPTIONAL keyword usage style
d0e2f8232a MdePkg: Change OPTIONAL keyword usage style
8874fa199d NetworkPkg: Change OPTIONAL keyword usage style
79d49e162e OvmfPkg: Change OPTIONAL keyword usage style
237295f46d PcAtChipsetPkg: Change OPTIONAL keyword usage style
dc8fe5ec95 RedfishPkg: Change OPTIONAL keyword usage style
12710fe93b SecurityPkg: Change OPTIONAL keyword usage style
9b8507cabe ShellPkg: Change OPTIONAL keyword usage style
18908e6131 SignedCapsulePkg: Change OPTIONAL keyword usage style
f9c9215b55 SourceLevelDebugPkg: Change OPTIONAL keyword usage style
902e76de19 StandaloneMmPkg: Change OPTIONAL keyword usage style
4ec586b9f6 UefiCpuPkg: Change OPTIONAL keyword usage style
e35dd32821 UefiPayloadPkg: Change OPTIONAL keyword usage style
78bc3bdd2a UnitTestFrameworkPkg: Change OPTIONAL keyword usage style
ea85f0fe13 ArmVirtPkg: Change complex DEBUG_CODE() to DEBUG_CODE_BEGIN/END()
e3b855f283 CryptoPkg: Change complex DEBUG_CODE() to DEBUG_CODE_BEGIN/END()
4a9d411662 DynamicTablesPkg: Change complex DEBUG_CODE() to DEBUG_CODE_BEGIN/END()
db52c7f755 MdeModulePkg: Change complex DEBUG_CODE() to DEBUG_CODE_BEGIN/END()
098307e082 MdePkg: Change complex DEBUG_CODE() to DEBUG_CODE_BEGIN/END()
ed7f7c9168 NetworkPkg: Change complex DEBUG_CODE() to DEBUG_CODE_BEGIN/END()
8e875037bf OvmfPkg: Change complex DEBUG_CODE() to DEBUG_CODE_BEGIN/END()
deba54761a PcAtChipsetPkg: Change complex DEBUG_CODE() to DEBUG_CODE_BEGIN/END()
f9f4fb2329 SecurityPkg: Change complex DEBUG_CODE() to DEBUG_CODE_BEGIN/END()
7c2a6033c1 UefiCpuPkg: Change complex DEBUG_CODE() to DEBUG_CODE_BEGIN/END()
429309e0c6 ArmPkg: Apply uncrustify changes
40b0b23ed3 ArmPlatformPkg: Apply uncrustify changes
2b16a4fb91 ArmVirtPkg: Apply uncrustify changes
7c34237831 CryptoPkg: Apply uncrustify changes
731c67e1d7 DynamicTablesPkg: Apply uncrustify changes
e7108d0e96 EmbeddedPkg: Apply uncrustify changes
a550d468a6 EmulatorPkg: Apply uncrustify changes
bcdcc4160d FatPkg: Apply uncrustify changes
45ce0a67bb FmpDevicePkg: Apply uncrustify changes
111f2228dd IntelFsp2Pkg: Apply uncrustify changes
7c7184e201 IntelFsp2WrapperPkg: Apply uncrustify changes
1436aea4d5 MdeModulePkg: Apply uncrustify changes
2f88bd3a12 MdePkg: Apply uncrustify changes
d1050b9dff NetworkPkg: Apply uncrustify changes
ac0a286f4d OvmfPkg: Apply uncrustify changes
5220bd211d PcAtChipsetPkg: Apply uncrustify changes
39de741e2d RedfishPkg: Apply uncrustify changes
c411b485b6 SecurityPkg: Apply uncrustify changes
47d20b54f9 ShellPkg: Apply uncrustify changes
b878648967 SignedCapsulePkg: Apply uncrustify changes
c1e126b119 SourceLevelDebugPkg: Apply uncrustify changes
91415a36ae StandaloneMmPkg: Apply uncrustify changes
053e878bfb UefiCpuPkg: Apply uncrustify changes
e5efcf8be8 UefiPayloadPkg: Apply uncrustify changes
7c0ad2c338 UnitTestFrameworkPkg: Apply uncrustify changes
dc453b5164 .pytool/Plugin/UncrustifyCheck: Add Uncrustify CI plugin
1832eb15aa UefiPayloadPkg/UefiPayloadPkg.fdf: Update DXE Apriori list
ca78281c25 UefiPayloadPkg/PayloadEntry: Inherit 4/5-level paging from bootloader
b2f7ee2ded UefiPayloadPkg: Increase SystemMemoryUefiRegionSize from 32M to 64M
94e0a7bddb UefiPayloadPkg: Add missing Guid gUefiAcpiBoardInfoGuid
2527723de9 UefiPayloadPkg: Add performance measurement feature
ffdde9d719 UefiPayloadPkg: Skip ModuleInfo HOB in Payload
965292135b UefiPayloadPkg/UefiPayloadPkg.dsc:Add BootManagerLib for BootManagerMenuApp
85a678bf76 UefiPayloadPkg: Add integration instruction for coreboot common error
7b28310008 BaseTools: Increase the DevicePath length for support more PCD value.
d25b803e51 MdeModulePkg/Bus/Pci/UhciDxe: Fix the UsbHc memory allocate and free issue
c82ab4d8c1 BaseTools/VfrCompile: Correct Bit Field Flags for numeric/one of
2ddacfb6b8 OvmfPkg/SecMain: move SEV specific routines in AmdSev.c
e2289d19d8 UefiCpuPkg/MpInitLib: move SEV specific routines in AmdSev.c
2fe8edfe55 OvmfPkg/ResetVector: move clearing GHCB in SecMain
3053183d41 OvmfPkg/ResetVector: introduce SEV metadata descriptor for VMM use
707c71a01b OvmfPkg: reserve SNP secrets page
cca9cd3dd6 OvmfPkg: reserve CPUID page
f2dc28f0b6 OvmfPkg/ResetVector: pre-validate the data pages used in SEC phase
34819f2cac OvmfPkg/ResetVector: use SEV-SNP-validated CPUID values
d9822304ce OvmfPkg/MemEncryptSevLib: add MemEncryptSevSnpEnabled()
7c3b2892ea OvmfPkg/SecMain: register GHCB gpa for the SEV-SNP guest
d2b998fbdc OvmfPkg/VmgExitLib: use SEV-SNP-validated CPUID values
a19b648952 OvmfPkg/PlatformPei: register GHCB gpa for the SEV-SNP guest
19914edc5a OvmfPkg/AmdSevDxe: do not use extended PCI config space
ade62c18f4 OvmfPkg/MemEncryptSevLib: add support to validate system RAM
d706f8fec2 OvmfPkg/MemEncryptSevLib: add function to check the VMPL0
11b15336f0 OvmfPkg/BaseMemEncryptSevLib: skip the pre-validated system RAM
d39f8d88ec OvmfPkg/MemEncryptSevLib: add support to validate > 4GB memory in PEI phase
202fb22be6 OvmfPkg/SecMain: validate the memory used for decompressing Fv
8eb79b5f4f OvmfPkg/PlatformPei: validate the system RAM when SNP is active
26210f9436 MdePkg: Define ConfidentialComputingGuestAttr
504ae26b80 OvmfPkg/PlatformPei: set PcdConfidentialComputingAttr when SEV is active
b95908e043 UefiCpuPkg/MpInitLib: use PcdConfidentialComputingAttr to check SEV status
f4e3ce5f53 UefiCpuPkg: add PcdGhcbHypervisorFeatures
f5a6e1bab5 OvmfPkg/PlatformPei: set the Hypervisor Features PCD
2c354252be MdePkg/GHCB: increase the GHCB protocol max version
9c703bc0f1 UefiCpuPkg/MpLib: add support to register GHCB GPA when SEV-SNP is enabled
d4d7c9ad5f UefiCpuPkg/MpInitLib: use BSP to do extended topology check
b928eb44d5 OvmfPkg/MemEncryptSevLib: change the page state in the RMP table
b7b8872031 OvmfPkg/MemEncryptSevLib: skip page state change for Mmio address
ea3a12d970 OvmfPkg/PlatformPei: mark cpuid and secrets memory reserved in EFI map
67484aed69 OvmfPkg/AmdSev: expose the SNP reserved pages through configuration table
06544455d0 UefiCpuPkg/MpInitLib: Use SEV-SNP AP Creation NAE event to launch APs
0f1d7477c0 OvmfPkg: Remove unused print service driver (PrintDxe)
30631f0a26 MdePkg: Add missing Cache ID (in)valid define
0077c22f6d MdePkg: Remove PPTT ID type structure
a50b65ce22 ShellPkg: Update Acpiview PPTT parser to ACPI 6.4
8cf2bdfcfb ShellPkg: Add Cache ID to PPTT parser
b2bbe3df54 DynamicTablesPkg: Remove PPTT ID structure from ACPI 6.4 generator
e139829dd6 DynamicTablesPkg: Update PPTT generator to ACPI 6.4
e81a81e584 DynamicTablesPkg: Add CacheId to PPTT generator
9afcd48a94 OvmfPkg: Handle Cloud Hypervisor host bridge
2ccefa32a6 OvmfPkg: Create global entry point for SMBIOS parsing
d8ef774346 OvmfPkg: Retrieve SMBIOS from Cloud Hypervisor
66bce05f6d OvmfPkg: Generalize AcpiPlatformDxe
7594c5bfe2 OvmfPkg: Install ACPI tables for Cloud Hypervisor
f6df289a1c OvmfPkg/OvmfXen: Fix Xen build
2b20a34fd5 OvmfPkg-EmuVariableFvbRuntimeDxe: Support Access To Memory Above 4G
d5efc875ef MdePkg: Introduce CcMeasurementProtocol for CC Guest firmware
a124cd4ef9 SecurityPkg: Support CcMeasurementProtocol in DxeTpm2MeasureBootLib
8c06c53b58 SecurityPkg: Support CcMeasurementProtocol in DxeTpmMeasurementLib
adf070ff56 OvmfPkg/Microvm: add PcdConfidentialComputingGuestAttr
2686468c43 OvmfPkg/Bhyve: add MemEncryptSevLib
61be49e0f7 OvmfPkg/PlatformCI: factor out PlatformBuildLib.py
21ee379407 OvmfPkg/PlatformCI: add QEMU_SKIP
64bccda534 OvmfPkg/PlatformCI: add BhyveBuild.py
04eacd3943 OvmfPkg/PlatformCI: add MicrovmBuild.py
8b8ae609a7 OvmfPkg/PlatformCI: add AmdSevBuild.py
2722856a87 OvmfPkg/PlatformCI: dummy grub.efi for AmdSev
1203eba58e OvmfPkg/PlatformCI: add XenBuild.py
64ef0dd1d3 OvmfPkg/Microvm/fdt: add device tree support
79dcaf7054 OvmfPkg/Microvm/fdt: load fdt from fw_cfg
c802f8935c OvmfPkg/Microvm/fdt: add empty fdt
2a68abf6ee OvmfPkg/Microvm/virtio: add virtio-mmio support
e07d27e24d OvmfPkg/Microvm: add README
7f1861be2b DynamicTablesPkg: AML Code generation for memory ranges
0e7147fe75 DynamicTablesPkg: AML Code generation to create a named Package()
fd5fc4bbb7 DynamicTablesPkg: AML Code generation to create a named ResourceTemplate()
b2b8def4e3 DynamicTablesPkg: AML Code generation to add _PRT entries
69ddfee1c3 DynamicTablesPkg: Add AmlAttachNode()
ce306e48eb DynamicTablesPkg: Add Pci related objects
e35a746cf5 DynamicTablesPkg: SSDT Pci express generator
ec37fd9c1f DynamicTablesPkg: Fix multiple objects parsing
557dede8a6 OvmfPkg/PlatformPei: ScanOrAdd64BitE820Ram improvements
759e3c6d21 OvmfPkg/PlatformPei: prefer etc/e820 for memory detection
41d8bb3038 OvmfPkg/PlatformPei: stop using cmos for memory detection
7a6e6ae933 EmulatorPkg: Update lldbefi.py to work with current lldb which uses python3
4d30352445 ArmPkg: Add SMC helper functions
c039fa7ff0 ArmPkg: Update SMC calls to use the new ArmCallSmc0/1/2/3 functions
90ad4b3b34 DynamicTablesPkg: Definition for HwInfoParser interface
d59c5a20f8 DynamicTablesPkg: FdtHwInfoParser: CM Object descriptor helper
5d8b5d171c DynamicTablesPkg: FdtHwInfoParser: Add FDT utility functions
8d2691c3d5 DynamicTablesPkg: FdtHwInfoParser: Add Boot Arch parser
3ebe1ff5c9 DynamicTablesPkg: FdtHwInfoParser: Generic Timer Parser
51941f7558 DynamicTablesPkg: FdtHwInfoParser: Add Serial port parser
e366a41ef0 DynamicTablesPkg: FdtHwInfoParser: Add GICC parser
0fa1217726 DynamicTablesPkg: FdtHwInfoParser: Add GICD parser
b04cf355a0 DynamicTablesPkg: FdtHwInfoParser: Add MSI Frame parser
d250d408cf DynamicTablesPkg: FdtHwInfoParser: Add ITS parser
7b6c8b30a5 DynamicTablesPkg: FdtHwInfoParser: Add GICR parser
26bf034a59 DynamicTablesPkg: FdtHwInfoParser: Add GIC dispatcher
c67bf628c8 DynamicTablesPkg: FdtHwInfoParser: Add PCI config parser
deb01dfd7f DynamicTablesPkg: Add FdtHwInfoParser library
9006967c8d DynamicTablesPkg: Handle 16550_WITH_GAS id
b2d0ed20fd DynamicTablesPkg: Definition for DynamicPlatRepoLib interface
2e2db65e39 DynamicTablesPkg: DynamicPlatRepo: Add TokenGenerator
740e3bb634 DynamicTablesPkg: DynamicPlatRepo: Add TokenFixer
5fe5b6f94f DynamicTablesPkg: DynamicPlatRepo: Add TokenMapper
38f6d78c3b DynamicTablesPkg: Add DynamicPlatRepo library
f14fff5135 StandaloneMmPkg/FvLib: Support large file with EFI_FFS_FILE_HEADER2.
3a72ec71cd OvmfPkg: remove unused TPM options from MicrovmX64.dsc
b47575801e OvmfPkg: move tcg configuration to dsc and fdf include files
5711ff4d0b OvmfPkg: drop TPM_CONFIG_ENABLE
b819388772 OvmfPkg: create Tcg12ConfigPei.inf
4de8d61bce OvmfPkg: rework TPM configuration
e6ea1464a8 OvmfPkg/PlatformPei: Revert "stop using cmos for memory detection"
a6c0418651 ArmPkg/SmbiosMiscDxe: Remove duplicate HII string definition
45e3842970 ArmPkg/SmbiosMiscDxe: Get full SMBIOS strings from OemMiscLib
b451c69088 ArmPkg/ProcessorSubClassDxe: Get serial and part number from OemMiscLib
8ed8568922 SecurityPkg: Debug code to audit BIOS TPM extend operations
195f011973 SecurityPkg: Reallocate TPM Active PCRs based on platform support
ab5ab2f603 SecurityPkg: TPM must go to Idle state on CRB command completion
c63a10ecb7 EmbeddedPkg/AcpiLib: Add more helper functions
f129b1f06f OvmfPkg/Bhyve: fix tls-enabled build
ee1f8262b8 OvmfPkg: Call PlatformInitializeConsole for GPU passthrough case
de9e5b7dc7 IntelFsp2WrapperPkg : FSPM/S UPD data address based on Build Type
9ec2cc1f31 IntelFsp2WrapperPkg : Remove EFIAPI from local functions.
ae8272ef78 MdeModulePkg/UsbBusDxe: fix NOOPT build error
15c596aeeb OvmfPkg: Bhyve: Delete unused AcpiTables/Ssdt.asl file
6612ff8561 UefiCpuPkg: Extend measurement of microcode patches to TPM
e910f076ad BaseTools: Fix the bug of --cmd-len build option
7935be0fbd IntelFsp2Pkg/FspSecCore: ExtendedImageRevision was not printed.
c095122d4b MdeModulePkg/PciBusDxe: Enumerator to check for RCiEP before looking for RP
d463c56ddd MdeModulePkg: Replace with UFS_UNIT_DESC to fix timeout problem
45920941d9 MdeModulePkg: Refactoring UFS DME request and fix timing problem
13d9e8ec98 MdeModulePkg: Put off UFS HCS.DP checking to fix timing problem
079a58276b OvmfPkg/AmdSev/SecretPei: Mark SEV launch secret area as reserved
9dd14fc91c MdePkg: Add registers of boot partition feature
14a731096d UnitTestFrameworkPkg: CI YAML: Grant cmockery spell check exception
6062002bd5 MdeModulePkg/PartitionDxe: Add break to handle invalid LBA0 in MBR
7438a85bf1 BaseTools: Fix wrong variable header size
c712ce2bb1 OvmfPkg/CloudHv: Add new target for Cloud Hypervisor
a2da72b2ca OvmfPkg/CloudHv: Replace legacy 8254 PIT with local APIC timer
6ecdda71fe OvmfPkg/CloudHv: Connect serial console
1552050ce7 OvmfPkg/CloudHv: Remove legacy 8259 PIC support
fdcea7ff6f OvmfPkg/CloudHv: Remove Q35 specifics
71082d3d1b OvmfPkg/CloudHv: Reduce dependency on QemuFwCfg
196be601f9 OvmfPkg/CloudHv: Remove video support
7b6cbe0a81 OvmfPkg/CloudHv: Remove USB support
e73d1bf96a OvmfPkg/CloudHv: Remove CSM support
b66056ef21 OvmfPkg/CloudHv: add Maintainers.txt entry
5302bd81d9 OvmfPkg: Add CloudHvX64 to the CI
59c48c9314 UefiPayloadPkg: Change the user interface name of the Uiapp
5801910013 UefiPayloadPkg: Not use BaseCpuTimerLib by default.
772c5bb8dc FmpDevicePkg/FmpDxe: Update FmpDeviceCheckImageWithStatus() handling
7709988dd8 RedfishPkg/RedfishRestExDxe:Simplify status check
21320ef669 MdeModulePkg/Variable: Make only EFI_VARIABLE_NON_VOLATILE invalid
7e5c603cba MdeModulePkg/SdMmcPciHcDxe: Robust improvements for SD card 1.8V switch
ee67067f17 MdeModulePkg: VariableSmmRuntimeDxe: Fix Variable Policy Message Length
5b39832e18 MdePkg: MmCommunication2: Update MM communicate2 function description
ce37f45955 ArmPkg: MmCommunicationDxe: MM communicate function argument attributes
541a077bd1 ArmPkg: MmCommunicationDxe: Update MM communicate `CommBuffer**` checks
1aa1ec4574 ArmPkg: MmCommunicationDxe: Update MM communicate `CommSize` check
8cc5590eab ArmPkg: MmCommunicationDxe: Update MM communicate `MessageLength` check
6777e67383 EmbeddedPkg: Fix a build error in FwVol.c in X64 arch
a867f3a704 UefiPayloadPkg: Use BaseCpuTimerLib for Universal Payload by default
f4b7b473b4 MdeModulePkg/UefiBootManagerLib: Convert BmLoadOption to Variable Policy
76b3d45b75 ShellPkg: Add the missing VariablePolicyHelperLib in ShellPkg.dsc
8542fc5f95 NetworkPkg: Add the missing VariablePolicyHelperLib in NetworkPkg.dsc
ae35314e7b Maintainers.txt: Add Sami Mujawar as reviewer for ArmPkg
862ea6e836 OvmfPkg: change qemu default resolution to 1280x800
e95b44c90e ArmVirtPkg: change qemu default resolution to 1280x800
929804b172 OvmfPkg: add PcdVideoResolutionSource
7f25ddbc03 OvmfPkg/QemuVideoDxe: simplify InitializeBochsGraphicsMode
336da55ca8 OvmfPkg/QemuVideoDxe: drop QEMU_VIDEO_BOCHS_MODES->ColorDepth
55c05427b9 OvmfPkg/QemuVideoDxe: factor out QemuVideoBochsAddMode
49a2d8cbf5 OvmfPkg/QemuVideoDxe: parse edid blob, detect display resolution
ba79becd55 OvmfPkg/BaseCachingPciExpressLib: Migrate BaseCachingPciExpressLib
103fa647d1 ArmPkg: Replace CoreId and ClusterId with Mpidr in ARM_CORE_INFO struct
742dafd2cc DynamicTablesPkg: Print specifier macro for CM_OBJECT_ID
13136cc311 DynamicTablesPkg: FdtHwInfoParserLib: Parse Pmu info
5751d60821 DynamicTablesPkg: AmlLib: AmlAddPrtEntry() to handle GSI
5816bd3eab DynamicTablesPkg: AcpiSsdtPcieLibArm: Remove link device generation
dc1118fa0d ArmVirtPkg: Add cspell exceptions
0dbd356983 ArmVirtPkg/Kvmtool: Add DSDT ACPI table
312ef7a0a4 ArmVirtPkg/Kvmtool: Add Configuration Manager
17a02163bd ArmVirtPkg/Kvmtool: Enable ACPI support
5b3c682d91 ArmVirtPkg/Kvmtool: Enable Acpiview
017564d637 ArmPkg/ArmMmuLib AARCH64: avoid EL0 accessible mappings
45b1612659 DynamicTablesPkg: Add Memory32Fixed function
007a95055b DynamicTablesPkg: Remove redundant cast in AmlCodeGenReturn
33189f0527 DynamicTablesPkg: Add AmlCodeGenMethodRetInteger function
a4b7aa362d MdeModulePkg/Bus/Pci/PciBusDxe: Support platform PCI ROM override
6fb09da89f ShellPkg: Fix incorrect PPTT FlagName dereference
c09dbc92e9 BaseTools/Conf: Add new macro for customizing dll file reduction.
d4ac53aa91 BaseTools: Fix error leg in DscBuildData.py
f78b937c95 MdeModulePkg/RuntimeDxe: clear mVirtualMapMaxIndex
96b8b5fd10 MdeModulePkg/UiApp: Fix spelling of 'FRONTPAGE'
bd676f080a Maintainers.txt: add missing github IDs to OvmfPkf/Fdt reviewers
1f54eaa725 Maintainers.txt: update email for Leif Lindholm
b360b0b589 Maintainers.txt: Update email address
c9b7c6e0cc BaseTools: Update CLANG{35,38}_WARNING_OVERRIDES to ignore unused vars
42af706dfb BaseTools: Update brotli submodule
1193aa2dfb MdeModulePkg: update brotli submodule
85589ddbf6 OvmfPkg/VmgExitLib: Fix uninitialized variable warning with XCODE5
c28e376edc OvmfPkg/FvbServicesSmm: use the VmgExitLibNull
8a57673316 ShellPkg: Fix Ping GetTimerPeriod API failure
b24306f15d NetworkPkg: Fix incorrect unicode string of the AKM/Cipher Suite
- Add amd-sev-es to the following descriptors because James Fehlig
tested them (bsc#1196879):
60-ovmf-x86_64.json
60-ovmf-x86_64-2m.json
60-ovmf-x86_64-ms.json
60-ovmf-x86_64-2m-ms.json
- Backported patches in ovmf-bsc1196879-sev-fix.patch for fixing SEV:
de463163d9 OvmfPkg/AmdSev: reserve snp pages
63c50d3ff2 OvmfPkg/ResetVector: cache the SEV status MSR value in workarea
f1d1c337e7 OvmfPkg/BaseMemEncryptLib: use the SEV_STATUS MSR value from workarea
------------------------------------------------------------------
------------------ 2022-3-9 - Mar 9 2022 -------------------
------------------------------------------------------------------
++++ cyrus-sasl:
- update to 2.1.28 (bsc#1196036, CVE-2022-24407):
* https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28
- drop cyrus-sasl-bug587.patch (upstream)
++++ kernel-default:
- rpm/*.spec.in: Use https:// urls
- commit 77b5f8e
- Bluetooth: btusb: Add missing Chicony device for Realtek
RTL8723BE (bsc#1196779).
- commit 47faa85
++++ lua54:
- Added patches from upstream:
* luabugs1.patch
* luabugs2.patch
- Adjust buildsystem so that it matches upstream git (testes??)
++++ p11-kit:
- make sure p11-kit components have matching versions (boo#1196812)
++++ libxslt:
- Update to version 1.1.35:
* Security fixes:
+ [CVE-2021-30560] Use-after-free in xsltApplyTemplates;
+ A couple of memory leak and a double-free fixes.
* A couple of regression fixes.
* Many bug fixes.
* New xsltproc --huge option, provided by libxml XML_PARSE_HUGE.
* Numerous tests and code and fuzzing fixes and improvements.
* Updated documentation.
- The full Libxslt 2.9.13 NEWS can be found here:
https://download.gnome.org/sources/libxslt/1.1/libxslt-1.1.35.\
news
- Switch libxml2-devel package with its pkgconfig module
counterpart (libxml-2.0) to align with CONFIGURE script's checks.
- Add fdupes build requirement/macro to hard-link duplicate files
in the DATADIR inside the buildroot.
- Add explicit 'gcc' build requirement to align with CONFIGURE
checks.
- Update http://xmlsoft.org URL tag to Libxslt's new web home:
https://gitlab.gnome.org/GNOME/libxslt.
- Update ftp://xmlsoft.org Source tag to Libxslt's new download
host: https://download.gnome.org.
- Drop no longer needed/used libgpg-error-devel. Note that despite
'lgpg-error' being linked against some libraries, there's no
automatic generation of run-time requirements on libgpg-error*
symbols our build system. And there's no mention of gpg-error in
the whole source tarball at all.
- Drop no longer needed explicit libtool build requirement and
`autoreconf` call in build section since we don't touch the build
system scripts nor use checked out git trees anymore.
- Drop libxslt.keyring source file as the new download host doesn't
offer GPG signatures.
- Drop fixed upstream patches:
libxslt-config-fixes.patch (glgo#GNOME/libxslt!3);
libxslt-Stop-using-maxParserDepth-XPath-limit.patch;
libxslt-Do-not-set-maxDepth-in-XPath-contexts.patch; and
Recreate-xsltproc-man-page-with-old-Docbook-styleshe.patch.
- Use ldconfig_scriptlets macro for post(un) handling of ldconfig
calls.
++++ python-PyYAML:
- do not use setup.py test construct
https://trello.com/c/me9Z4sIv/121-setuppy-test-leftovers
++++ swtpm:
- Update to version 0.7.2:
- swtpm:
- Do not chdir(/) when using --daemon
- swtpm-localca:
- Re-implement variable resolution for swtpm-localca.conf
- tests:
- Use ${WORKDIR} in config files to test env. var replacement
- man pages:
- Add missing .config directory to path description when using ${HOME}
- build-sys:
- Add probing for -fstack-protector
------------------------------------------------------------------
------------------ 2022-3-8 - Mar 8 2022 -------------------
------------------------------------------------------------------
++++ hwdata:
- Update to version 0.357 (bsc#1196332):
+ Updated pci, usb and vendor ids.
++++ kbd:
- Refresh kbdsettings-nox86.patch to fix build on non-x86*
architectures
++++ kernel-default:
- Linux 5.16.13 (bsc#1012628).
- mac80211_hwsim: report NOACK frames in tx_status (bsc#1012628).
- mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work
(bsc#1012628).
- i2c: bcm2835: Avoid clock stretching timeouts (bsc#1012628).
- ASoC: rt5682s: do not block workqueue if card is unbound
(bsc#1012628).
- ASoC: rt5668: do not block workqueue if card is unbound
(bsc#1012628).
- ASoC: rt5682: do not block workqueue if card is unbound
(bsc#1012628).
- regulator: core: fix false positive in regulator_late_cleanup()
(bsc#1012628).
- Input: clear BTN_RIGHT/MIDDLE on buttonpads (bsc#1012628).
- btrfs: get rid of warning on transaction commit when using
flushoncommit (bsc#1012628).
- KVM: arm64: vgic: Read HW interrupt pending state from the HW
(bsc#1012628).
- block: loop:use kstatfs.f_bsize of backing file to set discard
granularity (bsc#1012628).
- tipc: fix a bit overflow in tipc_crypto_key_rcv() (bsc#1012628).
- cifs: do not use uninitialized data in the owner/group sid
(bsc#1012628).
- cifs: fix double free race when mount fails in cifs_get_root()
(bsc#1012628).
- HID: amd_sfh: Handle amd_sfh work buffer in PM ops
(bsc#1012628).
- HID: amd_sfh: Add functionality to clear interrupts
(bsc#1012628).
- HID: amd_sfh: Add interrupt handler to process interrupts
(bsc#1012628).
- cifs: modefromsids must add an ACE for authenticated users
(bsc#1012628).
- selftests/seccomp: Fix seccomp failure by adding missing headers
(bsc#1012628).
- drm/amd/pm: correct UMD pstate clocks for Dimgrey Cavefish
and Beige Goby (bsc#1012628).
- selftests/ftrace: Do not trace do_softirq because of PREEMPT_RT
(bsc#1012628).
- dmaengine: shdma: Fix runtime PM imbalance on error
(bsc#1012628).
- i2c: cadence: allow COMPILE_TEST (bsc#1012628).
- i2c: imx: allow COMPILE_TEST (bsc#1012628).
- i2c: qup: allow COMPILE_TEST (bsc#1012628).
- net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990
(bsc#1012628).
- block-map: add __GFP_ZERO flag for alloc_page in function
bio_copy_kern (bsc#1012628).
- exfat: reuse exfat_inode_info variable instead of calling
EXFAT_I() (bsc#1012628).
- exfat: fix i_blocks for files truncated over 4 GiB
(bsc#1012628).
- tracing: Add test for user space strings when filtering on
string pointers (bsc#1012628).
- arm64: Mark start_backtrace() notrace and NOKPROBE_SYMBOL
(bsc#1012628).
- serial: stm32: prevent TDR register overwrite when sending
x_char (bsc#1012628).
- KVM: arm64: Workaround Cortex-A510's single-step and PAC trap
errata (bsc#1012628).
- ext4: drop ineligible txn start stop APIs (bsc#1012628).
- ext4: simplify updating of fast commit stats (bsc#1012628).
- ext4: fast commit may not fallback for ineligible commit
(bsc#1012628).
- ext4: fast commit may miss file actions (bsc#1012628).
- sched/fair: Fix fault in reweight_entity (bsc#1012628).
- KVM: x86: Add KVM_CAP_ENABLE_CAP to x86 (bsc#1012628).
- ata: pata_hpt37x: fix PCI clock detection (bsc#1012628).
- drm/amdgpu: check vm ready by amdgpu_vm->evicting flag
(bsc#1012628).
- tracing: Add ustring operation to filtering string pointers
(bsc#1012628).
- ipv6: fix skb drops in igmp6_event_query() and
igmp6_event_report() (bsc#1012628).
- btrfs: defrag: bring back the old file extent search behavior
(bsc#1012628).
- btrfs: defrag: don't use merged extent map for their generation
check (bsc#1012628).
- ALSA: intel_hdmi: Fix reference to PCM buffer address
(bsc#1012628).
- ucounts: Fix systemd LimitNPROC with private users regression
(bsc#1012628).
- binfmt_elf: Avoid total_mapping_size for ET_EXEC (bsc#1012628).
- riscv/efi_stub: Fix get_boot_hartid_from_fdt() return value
(bsc#1012628).
- riscv: Fix config KASAN && SPARSEMEM && !SPARSE_VMEMMAP
(bsc#1012628).
- riscv: Fix config KASAN && DEBUG_VIRTUAL (bsc#1012628).
- iwlwifi: mvm: check debugfs_dir ptr before use (bsc#1012628).
- ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min
(bsc#1012628).
- iommu/vt-d: Fix double list_add when enabling VMD in scalable
mode (bsc#1012628).
- iommu/amd: Recover from event log overflow (bsc#1012628).
- drm/i915: s/JSP2/ICP2/ PCH (bsc#1012628).
- drm/amd/display: Reduce dmesg error to a debug print
(bsc#1012628).
- xen/netfront: destroy queues before real_num_tx_queues is zeroed
(bsc#1012628).
- thermal: core: Fix TZ_GET_TRIP NULL pointer dereference
(bsc#1012628).
- mac80211: fix EAPoL rekey fail in 802.3 rx path (bsc#1012628).
- blktrace: fix use after free for struct blk_trace (bsc#1012628).
- ntb: intel: fix port config status offset for SPR (bsc#1012628).
- mm: Consider __GFP_NOWARN flag for oversized kvmalloc() calls
(bsc#1012628).
- xfrm: fix MTU regression (bsc#1012628).
- netfilter: fix use-after-free in __nf_register_net_hook()
(bsc#1012628).
- bpf, sockmap: Do not ignore orig_len parameter (bsc#1012628).
- xfrm: fix the if_id check in changelink (bsc#1012628).
- xfrm: enforce validity of offload input flags (bsc#1012628).
- e1000e: Correct NVM checksum verification flow (bsc#1012628).
- net: fix up skbs delta_truesize in UDP GRO frag_list
(bsc#1012628).
- netfilter: nf_queue: don't assume sk is full socket
(bsc#1012628).
- netfilter: nf_queue: fix possible use-after-free (bsc#1012628).
- netfilter: nf_queue: handle socket prefetch (bsc#1012628).
- batman-adv: Request iflink once in batadv-on-batadv check
(bsc#1012628).
- batman-adv: Request iflink once in batadv_get_real_netdevice
(bsc#1012628).
- batman-adv: Don't expect inter-netns unique iflink indices
(bsc#1012628).
- net: ipv6: ensure we call ipv6_mc_down() at most once
(bsc#1012628).
- net: dcb: flush lingering app table entries for unregistered
devices (bsc#1012628).
- net: ipa: fix a build dependency (bsc#1012628).
- net: ipa: add an interconnect dependency (bsc#1012628).
- net/smc: fix connection leak (bsc#1012628).
- net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated
by client (bsc#1012628).
- net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause
by server (bsc#1012628).
- btrfs: fix ENOSPC failure when attempting direct IO write into
NOCOW range (bsc#1012628).
- platform/x86: amd-pmc: Set QOS during suspend on CZN w/ timer
wakeup (bsc#1012628).
- net: dsa: microchip: fix bridging with more than two member
ports (bsc#1012628).
- mac80211: fix forwarded mesh frames AC & queue selection
(bsc#1012628).
- net: stmmac: fix return value of __setup handler (bsc#1012628).
- mac80211: treat some SAE auth steps as final (bsc#1012628).
- iavf: Fix missing check for running netdev (bsc#1012628).
- net: sxgbe: fix return value of __setup handler (bsc#1012628).
- ibmvnic: register netdev after init of adapter (bsc#1012628).
- net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe()
(bsc#1012628).
- ixgbe: xsk: change !netif_carrier_ok() handling in
ixgbe_xmit_zc() (bsc#1012628).
- iavf: Fix deadlock in iavf_reset_task (bsc#1012628).
- efivars: Respect "block" flag in efivar_entry_set_safe()
(bsc#1012628).
- auxdisplay: lcd2s: Fix lcd2s_redefine_char() feature
(bsc#1012628).
- firmware: arm_scmi: Remove space in MODULE_ALIAS name
(bsc#1012628).
- ASoC: cs4265: Fix the duplicated control name (bsc#1012628).
- auxdisplay: lcd2s: Fix memory leak in ->remove() (bsc#1012628).
- auxdisplay: lcd2s: Use proper API to free the instance of
charlcd object (bsc#1012628).
- can: gs_usb: change active_channels's type from atomic_t to u8
(bsc#1012628).
- iommu/tegra-smmu: Fix missing put_device() call in
tegra_smmu_find (bsc#1012628).
- arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output
(bsc#1012628).
- igc: igc_read_phy_reg_gpy: drop premature return (bsc#1012628).
- ARM: Fix kgdb breakpoint for Thumb2 (bsc#1012628).
- mips: setup: fix setnocoherentio() boolean setting
(bsc#1012628).
- ARM: 9182/1: mmu: fix returns from early_param() and __setup()
functions (bsc#1012628).
- mptcp: Correctly set DATA_FIN timeout when number of retransmits
is large (bsc#1012628).
- selftests: mlxsw: tc_police_scale: Make test more robust
(bsc#1012628).
- pinctrl: sunxi: Use unique lockdep classes for IRQs
(bsc#1012628).
- igc: igc_write_phy_reg_gpy: drop premature return (bsc#1012628).
- ibmvnic: free reset-work-item when flushing (bsc#1012628).
- memfd: fix F_SEAL_WRITE after shmem huge page allocated
(bsc#1012628).
- s390/setup: preserve memory at OLDMEM_BASE and OLDMEM_SIZE
(bsc#1012628).
- s390/extable: fix exception table sorting (bsc#1012628).
- sched: Fix yet more sched_fork() races (bsc#1012628).
- arm64: dts: rockchip: drop pclk_xpcs from gmac0 on rk3568
(bsc#1012628).
- arm64: dts: juno: Remove GICv2m dma-range (bsc#1012628).
- arm64: dts: rockchip: fix Quartz64-A ddr regulator voltage
(bsc#1012628).
- arm64: dts: imx8mm: Fix VPU Hanging (bsc#1012628).
- iommu/amd: Fix I/O page table memory leak (bsc#1012628).
- MIPS: ralink: mt7621: do memory detection on KSEG1
(bsc#1012628).
- ARM: dts: switch timer config to common devkit8000 devicetree
(bsc#1012628).
- ARM: dts: Use 32KiHz oscillator on devkit8000 (bsc#1012628).
- soc: fsl: guts: Revert commit 3c0d64e867ed (bsc#1012628).
- soc: fsl: guts: Add a missing memory allocation failure check
(bsc#1012628).
- soc: fsl: qe: Check of ioremap return value (bsc#1012628).
- soc: imx: gpcv2: Fix clock disabling imbalance in error path
(bsc#1012628).
- netfilter: nf_tables: prefer kfree_rcu(ptr, rcu) variant
(bsc#1012628).
- ARM: tegra: Move panels to AUX bus (bsc#1012628).
- Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks
(bsc#1012628).
- can: etas_es58x: change opened_channel_cnt's type from atomic_t
to u8 (bsc#1012628).
- net: stmmac: enhance XDP ZC driver level switching performance
(bsc#1012628).
- net: stmmac: only enable DMA interrupts when ready
(bsc#1012628).
- ibmvnic: initialize rc before completing wait (bsc#1012628).
- ibmvnic: define flush_reset_queue helper (bsc#1012628).
- ibmvnic: complete init_done on transport events (bsc#1012628).
- ibmvnic: Update driver return codes (bsc#1012628).
- ibmvnic: init init_done_rc earlier (bsc#1012628).
- ibmvnic: clear fop when retrying probe (bsc#1012628).
- ibmvnic: Allow queueing resets during probe (bsc#1012628).
- net: chelsio: cxgb3: check the return value of
pci_find_capability() (bsc#1012628).
- net: sparx5: Fix add vlan when invalid operation (bsc#1012628).
- iavf: Add trace while removing device (bsc#1012628).
- iavf: Rework mutexes for better synchronisation (bsc#1012628).
- iavf: Add waiting so the port is initialized in remove
(bsc#1012628).
- iavf: Fix init state closure on remove (bsc#1012628).
- iavf: Fix locking for VIRTCHNL_OP_GET_OFFLOAD_VLAN_V2_CAPS
(bsc#1012628).
- iavf: Fix race in init state (bsc#1012628).
- iavf: Fix __IAVF_RESETTING state usage (bsc#1012628).
- drm/i915/guc/slpc: Correct the param count for unset param
(bsc#1012628).
- drm/bridge: ti-sn65dsi86: Properly undo autosuspend
(bsc#1012628).
- e1000e: Fix possible HW unit hang after an s0ix exit
(bsc#1012628).
- MIPS: ralink: mt7621: use bitwise NOT instead of logical
(bsc#1012628).
- nl80211: Handle nla_memdup failures in handle_nan_filter
(bsc#1012628).
- ptp: ocp: Add ptp_ocp_adjtime_coarse for large adjustments
(bsc#1012628).
- drm/amdgpu: fix suspend/resume hang regression (bsc#1012628).
- net: dcb: disable softirqs in dcbnl_flush_dev() (bsc#1012628).
- selftests: mlxsw: resource_scale: Fix return value
(bsc#1012628).
- net: stmmac: perserve TX and RX coalesce value during XDP setup
(bsc#1012628).
- Input: elan_i2c - move regulator_[en|dis]able() out of
elan_[en|dis]able_power() (bsc#1012628).
- Input: elan_i2c - fix regulator enable count imbalance after
suspend/resume (bsc#1012628).
- Input: samsung-keypad - properly state IOMEM dependency
(bsc#1012628).
- HID: add mapping for KEY_DICTATE (bsc#1012628).
- HID: add mapping for KEY_ALL_APPLICATIONS (bsc#1012628).
- tracing/histogram: Fix sorting on old "cpu" value (bsc#1012628).
- tracing: Fix return value of __setup handlers (bsc#1012628).
- btrfs: fix lost prealloc extents beyond eof after full fsync
(bsc#1012628).
- btrfs: fix relocation crash due to premature return from
btrfs_commit_transaction() (bsc#1012628).
- btrfs: subpage: fix a wrong check on subpage->writers
(bsc#1012628).
- btrfs: do not WARN_ON() if we have PageError set (bsc#1012628).
- btrfs: qgroup: fix deadlock between rescan worker and remove
qgroup (bsc#1012628).
- btrfs: add missing run of delayed items after unlink during
log replay (bsc#1012628).
- btrfs: fallback to blocking mode when doing async dio over
multiple extents (bsc#1012628).
- btrfs: do not start relocation until in progress drops are done
(bsc#1012628).
- Revert "xfrm: xfrm_state_mtu should return at least 1280 for
ipv6" (bsc#1012628).
- proc: fix documentation and description of pagemap
(bsc#1012628).
- x86/kvmclock: Fix Hyper-V Isolated VM's boot issue when vCPUs >
64 (bsc#1012628).
- s390/ftrace: fix arch_ftrace_get_regs implementation
(bsc#1012628).
- s390/ftrace: fix ftrace_caller/ftrace_regs_caller generation
(bsc#1012628).
- KVM: x86/mmu: Passing up the error state of
mmu_alloc_shadow_roots() (bsc#1012628).
- Update config files.
- commit bd40cb2
- Update
patches.kernel.org/5.16.11-207-lib-iov_iter-initialize-flags-in-new-pipe_buf.patch
(bsc#1012628 bsc#1196584 CVE-2022-0847).
Add references.
- commit 82f40a9
++++ util-linux:
- Update to version 2.37.4:
* Fix security issue in chsh(1) and chfn(8) (CVE-2022-0563).
SUSE is not affected (bsc#1196241).
++++ nfs-utils:
- add reenable-nfsv2.patch for reverting nfsv2 deprecation until
test coverage is fixed (poo#106679)
++++ ceph:
- Update to 16.2.7-596-g7d574789716
+ Update Prometheus Container image paths (pr #459)
+ mgr/dashboard: Fix documentation URL (pr #456)
+ mgr/dashboard: Adapt downstream branded navigation page (pr #454)
++++ rpm:
- use fileprovide /usr/bin/gzip for "rpm-build" to make alternative
providers possible
++++ systemd:
- systemd.spec: minor simplification by assuming that %{bootstrap} is always
defined.
- Make sure to create 'systemd-coredump' system user when systemd-coredump is
installed (follow-up for the split of the sysusers config files).
- Upgrade to v250.3 (commit dbd8bd2b9fd827ca89ed18034b60703c95798e01)
See https://github.com/openSUSE/systemd/blob/SUSE/v250/NEWS for
details.
This includes the following bug fixes:
- upstream commit 34357545590d4791d1acbbeb07ae8f7636e187cb (bsc#1198093)
* Rebased 0001-conf-parser-introduce-early-drop-ins.patch
0001-restore-var-run-and-var-lock-bind-mount-if-they-aren.patch
- Dropped 0007-networkd-make-network.service-an-alias-of-systemd-ne.patch
The alias makes little sense as soon as multiple network managers are used in
parallel.
- Fix the default target when it's been incorrectly set to one of the runlevel
targets (bsc#1196567)
The script 'upgrade-from-pre-210.sh' used to initialize the default target
during migration from sysvinit to systemd. However it created symlinks to
runlevel targets, which are deprecated and might be missing when
systemd-sysvcompat package is not installed. If such symlinks are found the
script now renames them to point to 'true' systemd target units.
- When migrating from sysvinit to systemd (it probably won't happen anymore),
let's use the default systemd target, which is the graphical.target one. In
most cases it will do the right thing anyway.
++++ libxml2:
- Update to version 2.9.13:
* Security fixes:
+ [CVE-2022-23308] Use-after-free of ID and IDREF attributes
(boo#1196490);
+ Several memory leaks and another issues.
* Many regressions fixes.
* Numerous bug fixes, including, among many others:
+ xmllint's --maxmem option should work as expected now;
+ xmllint now returns an error if arguments are missing.
* Numerous tests and code and fuzzing fixes and improvements.
* Updated documentation.
- The full Libxml2 2.9.13 NEWS can be found here:
https://download.gnome.org/sources/libxml2/2.9/\
libxml2-2.9.13.news.
- Replace version-release macros in all 3 Obsoletes tag with
plain 2.9.13 to avoid unwanted behaviors in the future.
- Remove dropped upstream AUTHORS file from list of files to be
installed in the documentation location with 'cp' command.
- Update http://xmlsoft.org URL tag to Libxml2's new web home:
https://gitlab.gnome.org/GNOME/libxml2.
- Update ftp://xmlsoft.org Source tag to Libxml2's new download
host: https://download.gnome.org.
- Drop deprecated Python-2-related macro definitions/conditional
statement from spec file.
- Drop merged upstream patches:
libxml2-fix-lxml-corrupted-subtree-structures.patch;
libxml2-fix-regression-in-xmlNodeDumpOutputInternal.patch.
- Drop libxml2.keyring source file as the new download host doesn't
offer GPG signatures.
- Use ldconfig_scriptlets macro for post(un) handling.
++++ libxml2-python:
- Update to version 2.9.13:
* Security fixes:
+ [CVE-2022-23308] Use-after-free of ID and IDREF attributes
(boo#1196490);
+ Several memory leaks and another issues.
* Many regressions fixes.
* Numerous bug fixes, including, among many others:
+ xmllint's --maxmem option should work as expected now;
+ xmllint now returns an error if arguments are missing.
* Numerous tests and code and fuzzing fixes and improvements.
* Updated documentation.
- The full Libxml2 2.9.13 NEWS can be found here:
https://download.gnome.org/sources/libxml2/2.9/\
libxml2-2.9.13.news.
- Replace version-release macros in all 3 Obsoletes tag with
plain 2.9.13 to avoid unwanted behaviors in the future.
- Remove dropped upstream AUTHORS file from list of files to be
installed in the documentation location with 'cp' command.
- Update http://xmlsoft.org URL tag to Libxml2's new web home:
https://gitlab.gnome.org/GNOME/libxml2.
- Update ftp://xmlsoft.org Source tag to Libxml2's new download
host: https://download.gnome.org.
- Drop deprecated Python-2-related macro definitions/conditional
statement from spec file.
- Drop merged upstream patches:
libxml2-fix-lxml-corrupted-subtree-structures.patch;
libxml2-fix-regression-in-xmlNodeDumpOutputInternal.patch.
- Drop libxml2.keyring source file as the new download host doesn't
offer GPG signatures.
- Use ldconfig_scriptlets macro for post(un) handling.
++++ util-linux-systemd:
- Update to version 2.37.4:
* Fix security issue in chsh(1) and chfn(8) (CVE-2022-0563).
SUSE is not affected (bsc#1196241).
------------------------------------------------------------------
------------------ 2022-3-7 - Mar 7 2022 -------------------
------------------------------------------------------------------
++++ NetworkManager:
- Update to version 1.36.2:
+ When the list of plugins is not specified via "main.plugins" in
NetworkManager.conf and no build-time default is set with
"--with-config-plugins-default" configure argument, now all
known plugins found in the plugin directory are loaded (and the
built-in "keyfile" plugin is preferred over others).
+ Preserve external ports during checkpoint rollback.
+ Fix removal of ovsdb entry when an OVS interface goes away.
+ Fix DNS configuration for WWAN connections.
++++ curl:
- Update to 7.82.0:
* curl: add --json command line option
* curl: make it so that sensitive command line arguments do not
show as easily in the output of ps(1)
* curl_multi_socket.3: remove callback and typical usage descriptions
* ftp: provide error message for control bytes in path
* ldap: return CURLE_URL_MALFORMAT for bad URL
* lib: remove support for CURL_DOES_CONVERSIONS
* mqtt: plug some memory leaks
* multi: allow user callbacks to call curl_multi_assign
* multi: remember connection_id before returning connection to pool
* multi: set in_callback for multi interface callbacks
* netware: remove support
* ngtcp2: adapt to changed end of headers callback proto
* openldap: implement SASL authentication
* openssl: return error if TLS 1.3 is requested when not supported
* sectransp: mark a 3DES cipher as weak
* smb: pass socket for writing and reading data instead of FIRSTSOCKET
* tool_getparam: DNS options that need c-ares now fail without it
* TPF: drop support
* url: given a user in the URL, find pwd for that user in netrc
* url: keep trailing dot in host name
* urlapi: handle "redirects" smarter
* urldata: CONN_IS_PROXIED replaces bits.proxy when proxy can be disabled
* urldata: remove conn->bits.user_passwd
++++ gsettings-desktop-schemas:
- Update to version 42.rc:
+ Updated translations.
++++ kernel-default:
- nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION
(CVE-2022-26490 bsc#1196830).
- commit b002fe2
++++ libbpf:
- Python is not used during build; remove it and help break
a cycle.
++++ gcc12:
- drop armv5tel, merge arm and armv6hl
- use --with-cpu rather than specifying --with-arch/--with-tune
- Bump to 40c1d4a07e5798c01e4364336c9617550744861d, git191925.
++++ lua54:
- Drop the lua_docdir define, package docs in the standard
location. Instead just silently drop packaging the README with
the path that does not makes sense for a rpm package, but for a
source tarball install. Simpler solution to boo#1186233.
++++ ncurses:
- Add ncurses patch 20220305
+ replace obsolescent "-gnatg" option with "-gnatwa" and "-gnatyg", to
work around build problems with gnat 12.
+ update external links in Ada95.html
+ trim unused return-value from canonical_name().
++++ openssh:
- Version update to 8.9p1:
= Security
* sshd(8): fix an integer overflow in the user authentication path
that, in conjunction with other logic errors, could have yielded
unauthenticated access under difficult to exploit conditions.
This situation is not exploitable because of independent checks in
the privilege separation monitor. Privilege separation has been
enabled by default in since openssh-3.2.2 (released in 2002) and
has been mandatory since openssh-7.5 (released in 2017). Moreover,
portable OpenSSH has used toolchain features available in most
modern compilers to abort on signed integer overflow since
openssh-6.5 (released in 2014).
Thanks to Malcolm Stagg for finding and reporting this bug.
= Potentially-incompatible changes
* sshd(8), portable OpenSSH only: this release removes in-built
support for MD5-hashed passwords. If you require these on your
system then we recommend linking against libxcrypt or similar.
* This release modifies the FIDO security key middleware interface
and increments SSH_SK_VERSION_MAJOR.
= New features
* ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for
restricting forwarding and use of keys added to ssh-agent(1)
A detailed description of the feature is available at
https://www.openssh.com/agent-restrict.html and the protocol
extensions are documented in the PROTOCOL and PROTOCOL.agent
files in the source release.
* ssh(1), sshd(8): add the sntrup761x25519-sha512@openssh.com hybrid
ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the
default KEXAlgorithms list (after the ECDH methods but before the
prime-group DH ones). The next release of OpenSSH is likely to
make this key exchange the default method.
* ssh-keygen(1): when downloading resident keys from a FIDO token,
pass back the user ID that was used when the key was created and
append it to the filename the key is written to (if it is not the
default). Avoids keys being clobbered if the user created multiple
resident keys with the same application string but different user
IDs.
* ssh-keygen(1), ssh(1), ssh-agent(1): better handling for FIDO keys
on tokens that provide user verification (UV) on the device itself,
including biometric keys, avoiding unnecessary PIN prompts.
* ssh-keygen(1): add "ssh-keygen -Y match-principals" operation to
perform matching of principals names against an allowed signers
file. To be used towards a TOFU model for SSH signatures in git.
* ssh-add(1), ssh-agent(1): allow pin-required FIDO keys to be added
to ssh-agent(1). $SSH_ASKPASS will be used to request the PIN at
authentication time.
* ssh-keygen(1): allow selection of hash at sshsig signing time
(either sha512 (default) or sha256).
* ssh(1), sshd(8): read network data directly to the packet input
buffer instead of indirectly via a small stack buffer. Provides a
modest performance improvement.
* ssh(1), sshd(8): read data directly to the channel input buffer,
providing a similar modest performance improvement.
* ssh(1): extend the PubkeyAuthentication configuration directive to
accept yes|no|unbound|host-bound to allow control over one of the
protocol extensions used to implement agent-restricted keys.
= Bugfixes
* sshd(8): document that CASignatureAlgorithms, ExposeAuthInfo and
PubkeyAuthOptions can be used in a Match block. PR277.
* sshd(8): fix possible string truncation when constructing paths to
.rhosts/.shosts files with very long user home directory names.
* ssh-keysign(1): unbreak for KEX algorithms that use SHA384/512
exchange hashes
* ssh(1): don't put the TTY into raw mode when SessionType=none,
avoids ^C being unable to kill such a session. bz3360
* scp(1): fix some corner-case bugs in SFTP-mode handling of
~-prefixed paths.
* ssh(1): unbreak hostbased auth using RSA keys. Allow ssh(1) to
select RSA keys when only RSA/SHA2 signature algorithms are
configured (this is the default case). Previously RSA keys were
not being considered in the default case.
* ssh-keysign(1): make ssh-keysign use the requested signature
algorithm and not the default for the key type. Part of unbreaking
hostbased auth for RSA/SHA2 keys.
* ssh(1): stricter UpdateHostkey signature verification logic on
the client- side. Require RSA/SHA2 signatures for RSA hostkeys
except when RSA/SHA1 was explicitly negotiated during initial
KEX; bz3375
* ssh(1), sshd(8): fix signature algorithm selection logic for
UpdateHostkeys on the server side. The previous code tried to
prefer RSA/SHA2 for hostkey proofs of RSA keys, but missed some
cases. This will use RSA/SHA2 signatures for RSA keys if the
client proposed these algorithms in initial KEX. bz3375
* All: convert all uses of select(2)/pselect(2) to poll(2)/ppoll(2).
This includes the mainloops in ssh(1), ssh-agent(1), ssh-agent(1)
and sftp-server(8), as well as the sshd(8) listen loop and all
other FD read/writability checks. On platforms with missing or
broken poll(2)/ppoll(2) syscalls a select(2)-based compat shim is
available.
* ssh-keygen(1): the "-Y find-principals" command was verifying key
validity when using ca certs but not with simple key lifetimes
within the allowed signers file.
* ssh-keygen(1): make sshsig verify-time argument parsing optional
* sshd(8): fix truncation in rhosts/shosts path construction.
* ssh(1), ssh-agent(1): avoid xmalloc(0) for PKCS#11 keyid for ECDSA
keys (we already did this for RSA keys). Avoids fatal errors for
PKCS#11 libraries that return empty keyid, e.g. Microchip ATECC608B
"cryptoauthlib"; bz#3364
* ssh(1), ssh-agent(1): improve the testing of credentials against
inserted FIDO: ask the token whether a particular key belongs to
it in cases where the token supports on-token user-verification
(e.g. biometrics) rather than just assuming that it will accept it.
Will reduce spurious "Confirm user presence" notifications for key
handles that relate to FIDO keys that are not currently inserted in at
least some cases. bz3366
* ssh(1), sshd(8): correct value for IPTOS_DSCP_LE. It needs to
allow for the preceding two ECN bits. bz#3373
* ssh-keygen(1): add missing -O option to usage() for the "-Y sign"
option.
* ssh-keygen(1): fix a NULL deref when using the find-principals
function, when matching an allowed_signers line that contains a
namespace restriction, but no restriction specified on the
command-line
* ssh-agent(1): fix memleak in process_extension(); oss-fuzz
issue #42719
* ssh(1): suppress "Connection to xxx closed" messages when LogLevel
is set to "error" or above. bz3378
* ssh(1), sshd(8): use correct zlib flags when inflate(3)-ing
compressed packet data. bz3372
* scp(1): when recursively transferring files in SFTP mode, create the
destination directory if it doesn't already exist to match scp(1) in
legacy RCP mode behaviour.
* scp(1): many improvements in error message consistency between scp(1)
in SFTP mode vs legacy RCP mode.
* sshd(8): fix potential race in SIGTERM handling PR289
* ssh(1), ssh(8): since DSA keys are deprecated, move them to the
end of the default list of public keys so that they will be tried
last. PR295
* ssh-keygen(1): allow 'ssh-keygen -Y find-principals' to match
wildcard principals in allowed_signers files
= Portability
* ssh(1), sshd(8): don't trust closefrom(2) on Linux. glibc's
implementation does not work in a chroot when the kernel does not
have close_range(2). It tries to read from /proc/self/fd and when
that fails dies with an assertion of sorts. Instead, call
close_range(2) directly from our compat code and fall back if
that fails. bz#3349,
* OS X poll(2) is broken; use compat replacement. For character-
special devices like /dev/null, Darwin's poll(2) returns POLLNVAL
when polled with POLLIN. Apparently this is Apple bug 3710161 -
not public but a websearch will find other OSS projects
rediscovering it periodically since it was first identified in
2005.
* Correct handling of exceptfds/POLLPRI in our select(2)-based
poll(2)/ppoll(2) compat implementation.
* Cygwin: correct checking of mbstowcs() return value.
* Add a basic SECURITY.md that refers people to the openssh.com
website.
* Enable additional compiler warnings and toolchain hardening flags,
including -Wbitwise-instead-of-logical, -Wmisleading-indentation,
- fzero-call-used-regs and -ftrivial-auto-var-init.
* HP/UX. Use compat getline(3) on HP-UX 10.x, where the libc version
is not reliable.
- Rebased patches:
* openssh-7.7p1-ldap.patch
* openssh-8.0p1-gssapi-keyex.patch
* openssh-8.1p1-audit.patch
* openssh-8.4p1-vendordir.patch
* openssh-reenable-dh-group14-sha1-default.patch
++++ qemu:
- Build PPC firmwares from sources on non-PPC builds as well
(bsc#1193545)
- Build RiscV firmwares on non-RiscV builds as well
- While there, refactor (and simplify!) the firmware building
logic and code
* Patches added:
Makefile-define-endianess-for-cross-buil.patch
Makefile-fix-build-with-binutils-2.38.patch
- qemu,kvm,xen: NULL pointer dereference issue in megasas-gen2 host
bus adapter (bsc#1180432, CVE-2020-35503)
* Patches added:
hw-scsi-megasas-check-for-NULL-frame-in-.patch
------------------------------------------------------------------
------------------ 2022-3-6 - Mar 6 2022 -------------------
------------------------------------------------------------------
++++ transactional-update:
- Version 4.0.0~rc2
- Fix missing prompt in "shell" command [bsc#1196580]
- Add output of tukit commands to log file
- Fix compilation error with GCC12 [boo#1194876]
- Fixed (non-critical) security review comments [boo#1196149]
- Fixed selfupdate
- Code cleanup
++++ kernel-default:
- Update to 5.17-rc7
- commit 04b7727
++++ llvm15:
- Fix armv6hl cpu architecture typo.
------------------------------------------------------------------
------------------ 2022-3-5 - Mar 5 2022 -------------------
------------------------------------------------------------------
++++ gtk3:
- Update to version 3.24.33:
+ No changes.
++++ at-spi2-core:
- Update to version 2.43.92:
+ The AT-SPI bus now uses the user's XDG_RUNTIME_DIR for its
socket. Fixes accessibility for Snap-confined applications.
+ Caps lock is now unlocked for key synthesis. Fixes cutting and
pasting from brltty when caps lock is on.
+ Several fixes to the dbus specification.
+ Fix the build when x11 is disabled.
+ Fix several compiler warnings.
- Use ldconfig_scriptlets macro for post(un) handling.
- Move autostart .desktop and xwayland-session config to
distconfdir.
++++ expat:
- update to 2.4.7 (bsc#1196784, CVE-2022-25236):
* Bug fixes:
- Relax fix to CVE-2022-25236 (introduced with release 2.4.5)
with regard to all valid URI characters (RFC 3986),
i.e. the following set (excluding whitespace):
ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz
0123456789 % -._~ :/?#[]@ !$&'()*+,;=
* Other changes:
- CMake|Windows: Store Expat version in the DLL
- Document consequences of namespace separator choices not just
in doc/reference.html but also in header <expat.h>
- Document Expat's lack of validation of namespace URIs against
RFC 3986, and that the XML 1.0r4 specification doesn't
require Expat to validate namespace URIs, and that Expat
may do more in that regard in future releases.
If you find need for strict RFC 3986 URI validation on
application level today, https://uriparser.github.io/ may
be of interest.
- Fix documentation of XML_EndDoctypeDeclHandler in <expat.h>
- Document that a call to XML_FreeContentModel can be done at
a later time from outside the element declaration handler
- Make hardcoded namespace URIs easier to find in code
- Update documentation on use of XML_POOR_ENTOPY on Solaris
- tests: Resolve use of macros NAN and INFINITY for GNU G++
4.8.2 on Solaris.
- Version info bumped from 9:6:8 to 9:7:8;
see https://verbump.de/ for what these numbers do
++++ open-iscsi:
- Update to latest upstream, including test cleanup, minor
bug fixes (cosmetic), and fixing iscsi-init (bsc#1195656).
++++ pango:
- Update to version 1.50.5:
+ Fix compiler warnings.
+ Enable cairo by default.
+ pango-view: Show more baselines.
+ layout: Handle baselines.
- Use ldconfig_scriptlets macro for post(un) handling.
------------------------------------------------------------------
------------------ 2022-3-4 - Mar 4 2022 -------------------
------------------------------------------------------------------
++++ cups:
- Improved comments in spec file and in changes file
- Have cups.keyring in ASCII armored format
- Do not error out when 'make test' fails in the 'check' section
because https://github.com/OpenPrinting/cups/issues/155
is not yet actually fixed so currently the testsuite
still sometimes fails
++++ dbus-1:
- Update to version 1.14.0:
+ Dependencies:
- dbus now requires at least a basic level of support for C99
variadic macros, as implemented in gcc >= 3, all versions of
Clang, and MSVC >= 2005. In practice this requirement has
existed since version 1.9.2, but it is now official.
- dbus now requires a C99-compatible va_copy() macro
(or a __va_copy() macro with the same behaviour), except when
building for Windows using MSVC and CMake.
- On Unix platforms, if getpwnam_r() and getgrnam_r() are
implemented, they must be POSIX-conformant. The non-POSIX
signature seen in ancient Solaris versions will no longer
work.
- GLib >= 2.38 is required if full test coverage is enabled
(reduced from 2.40 in dbus 1.12.x.)
- Building using CMake now requires CMake 3.4.
- Building documentation using CMake now requires xsltproc,
Docbook DTDs (for example docbook-xml on Debian derivatives),
and Docbook XSLT stylesheets (for example docbook-xsl on
Debian derivatives). Using KDE's meinproc4 documentation
processor is no longer supported.
+ Build-time configuration changes: Move CMake build system to
top level, matching normal practice for CMake projects
+ Deprecations:
- Third-party software should install default dbus policies for
the system bus into ${datadir}/dbus-1/system.d (this has been
supported since dbus 1.10, released in August 2015).
Installing default dbus policies in
${sysconfdir}/dbus-1/system.d is now considered to be
deprecated. Policy files in ${sysconfdir}/dbus-1/system.d
continue to be read, but this directory should only be used
by system administrators wishing to override the default
policies.
- The ${datadir} applicable to dbus is usually /usr/share and
the ${sysconfdir} is usually /etc.
- A similar pattern applies to the session bus policies in
session.d.
- The dbus-send(1) man page now documents --bus and --peer
instead of the old --address synonym for --peer, which has
been deprecated since the introduction of --bus and --peer in
1.7.6
- The dbus-daemon man page now has scarier warnings about
<allow_anonymous/> and non-local TCP, which are insecure and
should not be used, particularly for the standard system and
session buses.
- DBusServer (and hence the dbus-daemon) no longer accepts
usernames (login names) for the recommended EXTERNAL
authentication mechanism, only numeric user IDs or the empty
string. See 1.13.0 release notes for full details.
+ New features:
- On Linux 4.13 or later when built against a suitable glibc
version, GetConnectionCredentials() now includes
UnixGroupIDs, the effective group IDs of the initiator of the
connection, taken from SO_PEERGROUPS.
- On Linux 4.13 or later, <policy group="…"> now uses the
SO_PEERGROUPS credentials-passing socket option to get the
effective group IDs of the initiator of the connection. See
1.13.4 release notes for details.
- Add a --sender option to dbus-send, which requests a name and
holds it until the signal has been sent
- dbus-daemon <allow> and <deny> rules can now specify a
send_destination_prefix attribute, which is like a
combination of send_destination and the arg0namespace keyword
in match rules. See 1.13.12 release notes for more details.
- The dbus-daemon now filters the messages that it relays,
removing header fields that it does not understand. Clients
must not rely on this behaviour unless they have confirmed
that they are connected to a suitable message bus
implementation, for example by querying its Features
property.
- The dbus-daemon now emits a signal,
ActivatableServicesChanged, when the list of activatable
services may have changed. Support for this signal can be
discovered by querying the Features property.
- It is now possible to disable traditional (non-systemd)
service activation at build-time (Autotools:
- -disable-traditional-activation, CMake:
- DENABLE_TRADITIONAL_ACTIVATION=OFF). See 1.13.10 release
notes for details.
- The API reference manual can be built as a Qt compiled help
file if qhelpgenerator(-qt5) is available. See 1.13.16
release notes for details.
+ Miscellaneous behaviour changes:
- When using the "user bus" (--enable-user-session), put the
dbus-daemon in the session slice
- Several environment variables set by systemd are no longer
passed on to activated services
- If the dbus-daemon is compiled for Linux with systemd
support, it now informs systemd that it is ready for use via
the sd_notify() mechanism.
- Tarball releases no longer contain pre-2007 changelogs and
are now compressed with xz, making them around 35% smaller.
- Drop conditionals for old obsolete versions of openSUSE.
- Rebase patches with quilt.
- Use https for source and sig URL.
++++ grub2:
- Support saving grub environment for POWER signed grub images (jsc#SLE-23854)
* 0001-Add-grub_envblk_buf-helper-function.patch
* 0002-Add-grub_disk_write_tail-helper-function.patch
* 0003-grub-install-support-prep-environment-block.patch
* 0004-Introduce-prep_load_env-command.patch
* 0005-export-environment-at-start-up.patch
- Use enviroment variable in early boot config to looking up root device
* grub2.spec
++++ gtk3:
- Update to version 3.24.32:
+ GtkCellRendererProgress: Use tabular figures.
+ GtkFontChooser:
- Fix the build with older Pango.
- Fix axis name handling.
+ Theme: Fix border color for tiled windows.
+ Accessibility: Fix cell accessible leak.
+ Wayland:
- Support new high-contrast setting.
- Only update scale when on any outputs.
+ Updated translations.
++++ iproute2:
- Add eBPF(libbpf) support
- Adjust NETNS_RUN_DIR from /var/run to /run
++++ kernel-default:
- config: refresh
Since commit bb988d4625a3 ("kernel-binary: Do not include sourcedir in
certificate path."), MODULE_SIG_HASH config option is mandatory in diff
configs.
- commit 191d88f
++++ libbpf:
- Update to release 0.7.0
* legacy BPF map definitions (using struct bpf_map_def) are
deprecated when LIBBPF_STRICT_MAP_DEFINITIONS is passed to
libbpf_set_strict_mode(). Please use BTF-defined map
definitions.
* ability to control and capture BPF verifier log output on
per-object and per-program level
* CO-RE support and other improvements for "light skeleton"
* improved compilation when system BTF UAPI headers are outdated
++++ openssl-1_1:
- Security fix: [bsc#1192820, CVE-2002-20001]
* Fix DHEATER: The Diffie-Hellman Key Agreement Protocol allows
remote attackers (from the client side) to send arbitrary
numbers that are actually not public keys, and trigger
expensive server-side DHE calculation.
* Stop recommending the DHE in SSL_DEFAULT_SUSE_CIPHER_LIST
* Rebase openssl-DEFAULT_SUSE_cipher.patch
++++ ceph:
- Update to 16.2.7-577-g3e3603b5dd1
+ Update prometheus-server version
++++ raspberrypi-firmware:
- Install modprobe.conf files to %_modprobedir (bsc#1196275, jsc#SLE-20639)
++++ raspberrypi-firmware-config:
- Install modprobe.conf files to %_modprobedir (bsc#1196275, jsc#SLE-20639)
++++ raspberrypi-firmware-config-camera:
- Install modprobe.conf files to %_modprobedir (bsc#1196275, jsc#SLE-20639)
------------------------------------------------------------------
------------------ 2022-3-3 - Mar 3 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- baselibs.conf: readded mistakenly removed packages
* Mesa-libVulkan-devel
* Mesa-vulkan-device-select
* Mesa-vulkan-overlay
++++ Mesa-drivers:
- baselibs.conf: readded mistakenly removed packages
* Mesa-libVulkan-devel
* Mesa-vulkan-device-select
* Mesa-vulkan-overlay
++++ containerd:
- Update to containerd v1.4.13 to fix CVE-2022-23648. bsc#1196441
- Remove upstreamed patch:
- CVE-2022-23648.patch
++++ filesystem:
- Create tmpfiles.d which creates /usr/local on the fly
++++ kernel-default:
- config: ppc64{,le}: build vmx-crypto as module (bsc#1195768)
Building CONFIG_CRYPTO_DEV_VMX_ENCRYPT as module is the default in
mainline since v4.8, we use it in SLES and already in
config/ppc64/default. Thus unify it in the other configs.
There are build dependencies which has been fixed in mainline
647d41d3952d ("crypto: vmx - add missing dependencies")
(currently still at maintainer herbert/cryptodev-2.6 tree)
But instead of waiting commit to be accepted or backporting it we just
unify configs, which is useful anyway
- commit 70a0d71
++++ util-linux:
- Fix "su -s" bash completion
(bsc#1172427, util-linux-bash-completion-su-chsh-l.patch).
++++ libglvnd:
- provide/obsolete Mesa-libGLESv1_CM1 and Mesa-libGLESv2-2 packages
(bsc#1196576)
++++ nfs-utils:
- Add gcc12-fix.patch upstream fix for GCC 12 compiler.
++++ libvirt:
- qemu: Fix segmentation fault in qemuDomainUndefineFlags
823a62ec-qemu-fix-undefine-crash.patch
++++ perl:
- Don't install anything in testsuite build
- Run testsuite also in qemu build
- posix-sigaction.patch: remove, this has been fixed properly in commit
19c9c2ee4a
++++ pinentry:
- Correction for previous change: ensure the packages built in the
gui flavor do not change their package name. e.g pinentry-qt5
wrongly got renamed to pinentry-gui-qt5.
++++ python-libvirt-python:
- Update to 8.1.0
- Add all new APIs and constants in libvirt 8.1.0
++++ sudo:
- Add sudo-1.9.9-honor-T_opt.patch
* the -T option of sudo does nothing even when
'Defaults user_command_timeouts' is present in the configuration.
* [bsc#1193446]
* Credit to Jaroslav Jindrak <dzejrou@gmail.com>
++++ util-linux-systemd:
- Fix "su -s" bash completion
(bsc#1172427, util-linux-bash-completion-su-chsh-l.patch).
------------------------------------------------------------------
------------------ 2022-3-2 - Mar 2 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- raise memory limit to 1024 in the hope of avoiding OOM on ppc64
(boo#1196640)
++++ Mesa-drivers:
- raise memory limit to 1024 in the hope of avoiding OOM on ppc64
(boo#1196640)
++++ containerd:
[ This patch was only released in SLES and Leap. ]
- Add patch for CVE-2022-23648. bsc#1196441
+ CVE-2022-23648.patch
++++ kernel-default:
- kernel-binary.spec: Also exclude the kernel signing key from devel package.
There is a check in OBS that fails when it is included. Also the key is
not reproducible.
Fixes: bb988d4625a3 ("kernel-binary: Do not include sourcedir in certificate path.")
- commit 68fa069
- rpm/check-for-config-changes: Ignore PAHOLE_VERSION.
- commit 88ba5ec
- Linux 5.16.12 (bsc#1012628).
- memblock: use kfree() to release kmalloced memblock regions
(bsc#1012628).
- gpio: tegra186: Fix chip_data type confusion (bsc#1012628).
- pinctrl: k210: Fix bias-pull-up (bsc#1012628).
- pinctrl: fix loop in k210_pinconf_get_drive() (bsc#1012628).
- tty: n_gsm: fix deadlock in gsmtty_open() (bsc#1012628).
- tty: n_gsm: fix wrong modem processing in convergence layer
type 2 (bsc#1012628).
- tty: n_gsm: fix wrong tty control line for flow control
(bsc#1012628).
- tty: n_gsm: fix NULL pointer access due to DLCI release
(bsc#1012628).
- tty: n_gsm: fix proper link termination after failed open
(bsc#1012628).
- tty: n_gsm: fix encoding of command/response bit (bsc#1012628).
- tty: n_gsm: fix encoding of control signal octet bit DV
(bsc#1012628).
- hugetlbfs: fix a truncation issue in hugepages parameter
(bsc#1012628).
- mm/hugetlb: fix kernel crash with hugetlb mremap (bsc#1012628).
- riscv: fix oops caused by irqsoff latency tracer (bsc#1012628).
- riscv: fix nommu_k210_sdcard_defconfig (bsc#1012628).
- IB/qib: Fix duplicate sysfs directory name (bsc#1012628).
- tps6598x: clear int mask on probe failure (bsc#1012628).
- staging: fbtft: fb_st7789v: reset display before initialization
(bsc#1012628).
- thermal: int340x: fix memory leak in int3400_notify()
(bsc#1012628).
- RDMA/cma: Do not change route.addr.src_addr outside state checks
(bsc#1012628).
- btrfs: reduce extent threshold for autodefrag (bsc#1012628).
- btrfs: autodefrag: only scan one inode once (bsc#1012628).
- btrfs: defrag: allow defrag_one_cluster() to skip large extent
which is not a target (bsc#1012628).
- btrfs: prevent copying too big compressed lzo segment
(bsc#1012628).
- btrfs: defrag: remove an ambiguous condition for rejection
(bsc#1012628).
- btrfs: defrag: don't defrag extents which are already at max
capacity (bsc#1012628).
- btrfs: defrag: don't try to merge regular extents with
preallocated extents (bsc#1012628).
- driver core: Free DMA range map when device is released
(bsc#1012628).
- mtd: core: Fix a conflict between MTD and NVMEM on wp-gpios
property (bsc#1012628).
- nvmem: core: Fix a conflict between MTD and NVMEM on wp-gpios
property (bsc#1012628).
- xhci: Prevent futile URB re-submissions due to incorrect return
value (bsc#1012628).
- xhci: re-initialize the HC during resume if HCE was set
(bsc#1012628).
- usb: dwc3: gadget: Let the interrupt handler disable bottom
halves (bsc#1012628).
- usb: dwc3: pci: Fix Bay Trail phy GPIO mappings (bsc#1012628).
- usb: dwc3: pci: Add "snps,dis_u2_susphy_quirk" for Intel Bay
Trail (bsc#1012628).
- usb: dwc2: drd: fix soft connect when gadget is unconfigured
(bsc#1012628).
- USB: serial: option: add Telit LE910R1 compositions
(bsc#1012628).
- USB: serial: option: add support for DW5829e (bsc#1012628).
- tracefs: Set the group ownership in apply_options() not
parse_options() (bsc#1012628).
- USB: gadget: validate endpoint index for xilinx udc
(bsc#1012628).
- usb: gadget: rndis: add spinlock for rndis response list
(bsc#1012628).
- Revert "USB: serial: ch341: add new Product ID for CH341A"
(bsc#1012628).
- ata: pata_hpt37x: disable primary channel on HPT371
(bsc#1012628).
- sc16is7xx: Fix for incorrect data being transmitted
(bsc#1012628).
- iio: Fix error handling for PM (bsc#1012628).
- iio: imu: st_lsm6dsx: wait for settling time in
st_lsm6dsx_read_oneshot (bsc#1012628).
- iio: accel: fxls8962af: add padding to regmap for SPI
(bsc#1012628).
- iio: adc: ad7124: fix mask used for setting AIN_BUFP & AIN_BUFM
bits (bsc#1012628).
- iio: adc: tsc2046: fix memory corruption by preventing array
overflow (bsc#1012628).
- iio: adc: men_z188_adc: Fix a resource leak in an error handling
path (bsc#1012628).
- iio:imu:adis16480: fix buffering for devices with no burst mode
(bsc#1012628).
- tracing: Have traceon and traceoff trigger honor the instance
(bsc#1012628).
- tracing: Dump stacktrace trigger to the corresponding instance
(bsc#1012628).
- bpf: Fix crash due to out of bounds access into reg2btf_ids
(bsc#1012628).
- bpf: Extend kfunc with PTR_TO_CTX, PTR_TO_MEM argument support
(bsc#1012628).
- RDMA/ib_srp: Fix a deadlock (bsc#1012628).
- configfs: fix a race in configfs_{,un}register_subsystem()
(bsc#1012628).
- bnxt_en: Increase firmware message response DMA wait time
(bsc#1012628).
- RDMA/rtrs-clt: Move free_permit from free_clt to rtrs_clt_close
(bsc#1012628).
- RDMA/rtrs-clt: Fix possible double free in error case
(bsc#1012628).
- net-timestamp: convert sk->sk_tskey to atomic_t (bsc#1012628).
- net: use sk_is_tcp() in more places (bsc#1012628).
- regmap-irq: Update interrupt clear register for proper reset
(bsc#1012628).
- gpio: rockchip: Reset int_bothedge when changing trigger
(bsc#1012628).
- PCI: mvebu: Fix device enumeration regression (bsc#1012628).
- spi: spi-zynq-qspi: Fix a NULL pointer dereference in
zynq_qspi_exec_mem_op() (bsc#1012628).
- net/mlx5e: Add missing increment of count (bsc#1012628).
- net/mlx5: Update log_max_qp value to be 17 at most
(bsc#1012628).
- net/mlx5: DR, Fix slab-out-of-bounds in mlx5_cmd_dr_create_fte
(bsc#1012628).
- net/mlx5e: kTLS, Use CHECKSUM_UNNECESSARY for device-offloaded
packets (bsc#1012628).
- net/mlx5e: MPLSoUDP decap, fix check for unsupported matches
(bsc#1012628).
- net/mlx5: DR, Fix the threshold that defines when pool sync
is initiated (bsc#1012628).
- net/mlx5: Fix wrong limitation of metadata match on ecpf
(bsc#1012628).
- net/mlx5: Fix possible deadlock on rule deletion (bsc#1012628).
- net/mlx5: DR, Don't allow match on IP w/o matching on full
ethertype/ip_version (bsc#1012628).
- ibmvnic: schedule failover only if vioctl fails (bsc#1012628).
- net/mlx5: DR, Cache STE shadow memory (bsc#1012628).
- udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister()
(bsc#1012628).
- surface: surface3_power: Fix battery readings on batteries
without a serial number (bsc#1012628).
- net/smc: Use a mutex for locking "struct smc_pnettable"
(bsc#1012628).
- netfilter: nf_tables: fix memory leak during stateful obj update
(bsc#1012628).
- net: mdio-ipq4019: add delay after clock enable (bsc#1012628).
- nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac()
(bsc#1012628).
- net: dsa: avoid call to __dev_set_promiscuity() while rtnl_mutex
isn't held (bsc#1012628).
- netfilter: nf_tables: unregister flowtable hooks on netns exit
(bsc#1012628).
- net: Force inlining of checksum functions in net/checksum.h
(bsc#1012628).
- net: ll_temac: check the return value of devm_kmalloc()
(bsc#1012628).
- net/sched: act_ct: Fix flow table lookup after ct clear or
switching zones (bsc#1012628).
- drm/amd/display: For vblank_disable_immediate, check PSR is
really used (bsc#1012628).
- drm/i915/dg2: Print PHY name properly on calibration error
(bsc#1012628).
- drm/vc4: crtc: Fix runtime_pm reference counting (bsc#1012628).
- block: clear iocb->private in blkdev_bio_end_io_async()
(bsc#1012628).
- net/mlx5e: TC, Reject rules with drop and modify hdr action
(bsc#1012628).
- net/mlx5e: TC, Reject rules with forward and drop actions
(bsc#1012628).
- net/mlx5e: Fix wrong return value on ioctl EEPROM query failure
(bsc#1012628).
- drm/edid: Always set RGB444 (bsc#1012628).
- openvswitch: Fix setting ipv6 fields causing hw csum failure
(bsc#1012628).
- net: mv643xx_eth: process retval from of_get_mac_address
(bsc#1012628).
- gso: do not skip outer ip header in case of ipip and
net_failover (bsc#1012628).
- clk: qcom: gcc-msm8994: Remove NoC clocks (bsc#1012628).
- tipc: Fix end of loop tests for list_for_each_entry()
(bsc#1012628).
- nvme: also mark passthrough-only namespaces ready in
nvme_update_ns_info (bsc#1012628).
- net: __pskb_pull_tail() & pskb_carve_frag_list() drop_monitor
friends (bsc#1012628).
- io_uring: add a schedule point in io_add_buffers()
(bsc#1012628).
- bpf: Add schedule points in batch ops (bsc#1012628).
- bpf: Fix a bpf_timer initialization issue (bsc#1012628).
- selftests: bpf: Check bpf_msg_push_data return value
(bsc#1012628).
- bpf: Do not try bpf_msg_push_data with len 0 (bsc#1012628).
- bpf: Fix crash due to incorrect copy_map_value (bsc#1012628).
- net/mlx5: Update the list of the PCI supported devices
(bsc#1012628).
- ice: initialize local variable 'tlv' (bsc#1012628).
- ice: check the return of ice_ptp_gettimex64 (bsc#1012628).
- ice: fix concurrent reset and removal of VFs (bsc#1012628).
- ice: fix setting l4 port flag when adding filter (bsc#1012628).
- net/mlx5: Fix tc max supported prio for nic mode (bsc#1012628).
- hwmon: Handle failure to register sensor with thermal zone
correctly (bsc#1012628).
- bnxt_en: Restore the resets_reliable flag in bnxt_open()
(bsc#1012628).
- bnxt_en: Fix incorrect multicast rx mask setting when not
requested (bsc#1012628).
- bnxt_en: Fix occasional ethtool -t loopback test failures
(bsc#1012628).
- bnxt_en: Fix offline ethtool selftest with RDMA enabled
(bsc#1012628).
- bnxt_en: Fix active FEC reporting to ethtool (bsc#1012628).
- bnxt_en: Fix devlink fw_activate (bsc#1012628).
- bnx2x: fix driver load from initrd (bsc#1012628).
- selftests: mptcp: be more conservative with cookie MPJ limits
(bsc#1012628).
- selftests: mptcp: fix diag instability (bsc#1012628).
- mptcp: add mibs counter for ignored incoming options
(bsc#1012628).
- mptcp: fix race in incoming ADD_ADDR option processing
(bsc#1012628).
- perf data: Fix double free in perf_session__delete()
(bsc#1012628).
- perf evlist: Fix failed to use cpu list for uncore events
(bsc#1012628).
- gpu: host1x: Always return syncpoint value when waiting
(bsc#1012628).
- Revert "i40e: Fix reset bw limit when DCB enabled with 1 TC"
(bsc#1012628).
- ping: remove pr_err from ping_lookup (bsc#1012628).
- netfilter: nf_tables_offload: incorrect flow offload action
array size (bsc#1012628).
- netfilter: xt_socket: missing ifdef CONFIG_IP6_NF_IPTABLES
dependency (bsc#1012628).
- netfilter: xt_socket: fix a typo in socket_mt_destroy()
(bsc#1012628).
- CDC-NCM: avoid overflow in sanity checking (bsc#1012628).
- USB: zaurus: support another broken Zaurus (bsc#1012628).
- sr9700: sanity check for packet length (bsc#1012628).
- drm/i915: Fix bw atomic check when switching between SAGV
vs. no SAGV (bsc#1012628).
- drm/i915: Correctly populate use_sagv_wm for all pipes
(bsc#1012628).
- drm/i915: Disconnect PHYs left connected by BIOS on disabled
ports (bsc#1012628).
- drm/i915: Widen the QGV point mask (bsc#1012628).
- drm/amdgpu: do not enable asic reset for raven2 (bsc#1012628).
- drm/amdgpu: disable MMHUB PG for Picasso (bsc#1012628).
- drm/amd: Check if ASPM is enabled from PCIe subsystem
(bsc#1012628).
- drm/amd/pm: fix some OEM SKU specific stability issues
(bsc#1012628).
- drm/amd/display: Protect update_bw_bounding_box FPU code
(bsc#1012628).
- drm/amd/display: Fix stream->link_enc unassigned during stream
removal (bsc#1012628).
- KVM: x86: nSVM: disallow userspace setting of
MSR_AMD64_TSC_RATIO to non default value when tsc scaling
disabled (bsc#1012628).
- KVM: x86/mmu: make apf token non-zero to fix bug (bsc#1012628).
- parisc/unaligned: Fix ldw() and stw() unalignment handlers
(bsc#1012628).
- parisc/unaligned: Fix fldd and fstd unaligned handlers on
32-bit kernel (bsc#1012628).
- vhost/vsock: don't check owner in vhost_vsock_stop() while
releasing (bsc#1012628).
- selinux: fix misuse of mutex_is_locked() (bsc#1012628).
- io_uring: disallow modification of rsrc_data during quiesce
(bsc#1012628).
- io_uring: don't convert to jiffies for waiting on timeouts
(bsc#1012628).
- clk: jz4725b: fix mmc0 clock gating (bsc#1012628).
- slab: remove __alloc_size attribute from __kmalloc_track_caller
(bsc#1012628).
- btrfs: tree-checker: check item_size for dev_item (bsc#1012628).
- btrfs: tree-checker: check item_size for inode_item
(bsc#1012628).
- cgroup-v1: Correct privileges check in release_agent writes
(bsc#1012628).
- cgroup/cpuset: Fix a race between cpuset_attach() and cpu
hotplug (bsc#1012628).
- mm/filemap: Fix handling of THPs in generic_file_buffered_read()
(bsc#1012628).
- commit 9b89dd3
++++ kernel-default-base:
- Add binfmt_misc (boo#1196373)
++++ mozilla-nss:
- update to NSS 3.75
* bmo#1749030 - This patch adds gcc-9 and gcc-10 to the CI.
* bmo#1749794 - Make DottedOIDToCode.py compatible with python3.
* bmo#1749475 - Avoid undefined shift in SSL_CERT_IS while fuzzing.
* bmo#1748386 - Remove redundant key type check.
* bmo#1749869 - Update ABI expectations to match ECH changes.
* bmo#1748386 - Enable CKM_CHACHA20.
* bmo#1747327 - check return on NSS_NoDB_Init and NSS_Shutdown.
* bmo#1747310 - real move assignment operator.
* bmo#1748245 - Run ECDSA test vectors from bltest as part of the CI tests.
* bmo#1743302 - Add ECDSA test vectors to the bltest command line tool.
* bmo#1747772 - Allow to build using clang's integrated assembler.
* bmo#1321398 - Allow to override python for the build.
* bmo#1747317 - test HKDF output rather than input.
* bmo#1747316 - Use ASSERT macros to end failed tests early.
* bmo#1747310 - move assignment operator for DataBuffer.
* bmo#1712879 - Add test cases for ECH compression and unexpected
extensions in SH.
* bmo#1725938 - Update tests for ECH-13.
* bmo#1725938 - Tidy up error handling.
* bmo#1728281 - Add tests for ECH HRR Changes.
* bmo#1728281 - Server only sends GREASE HRR extension if enabled
by preference.
* bmo#1725938 - Update generation of the Associated Data for ECH-13.
* bmo#1712879 - When ECH is accepted, reject extensions which were
only advertised in the Outer Client Hello.
* bmo#1712879 - Allow for compressed, non-contiguous, extensions.
* bmo#1712879 - Scramble the PSK extension in CHOuter.
* bmo#1712647 - Split custom extension handling for ECH.
* bmo#1728281 - Add ECH-13 HRR Handling.
* bmo#1677181 - Client side ECH padding.
* bmo#1725938 - Stricter ClientHelloInner Decompression.
* bmo#1725938 - Remove ECH_inner extension, use new enum format.
* bmo#1725938 - Update the version number for ECH-13 and adjust
the ECHConfig size.
++++ gcc12:
- Drop unconditional -gccN suffix from libstdc++6-pp packages and
instead use the same suffix as for the matching libstdc++6
package it supplements to ease future updates. Add Obsoletes
to pre-existing libstdc++6-pp-gcc{9,10,11} packages to allow
updates to happen. [bsc#1196107]
++++ harfbuzz:
- Update to version 4.0.0:
+ New public API to create subset plan and gather information on
things like glyph mappings in the final subset. The plan can
then be passed on to perform the subsetting operation.
+ Draw API for extracting glyph shapes have been extended and
finalized and is no longer an experimental API. The draw API
supports glyf, CFF and CFF2 glyph outlines tables, and applies
variation settings set on the font as well as synthetic slant.
The new public API is not backward compatible with the
previous, non-public, experimental API.
+ The hb-view tool will use HarfBuzz draw API to render the
glyphs instead of cairo-ft when compiled with Cairo 1.17.5 or
newer, setting HB_DRAW environment variable to 1 or 0 will
force using or not use the draw API, respectively.
+ The hb-shape and hb-view tools now default to using HarfBuzz’s
own font loading functions (ot) instead of FreeType ones (ft).
They also have a new option, --font-slant, to apply synthetic
slant to the font.
+ HarfBuzz now supports more than 65535 (the OpenType limit)
glyph shapes and metrics. See be-fonts/boring-expansion-spec#6
and be-fonts/boring-expansion-spec#7 for details.
+ New API to get the dominant horizontal baseline tag for a given
script.
+ New API to get the baseline positions from the font, and
synthesize missing ones. As well as new API to get font metrics
and synthesize missing ones.
+ Improvements to finding dependencies on Windows when building
with Visual Studio.
+ New buffer flag, HB_BUFFER_FLAG_PRODUCE_UNSAFE_TO_CONCAT, that
must be set during shaping for HB_GLYPH_FLAG_UNSAFE_TO_CONCAT
flag to be reliably produced. This is to limit the performance
hit of producing this flag to when it is actually needed.
+ Documentation improvements.
+ New API:
- General:
. HB_BUFFER_FLAG_PRODUCE_UNSAFE_TO_CONCAT
. hb_var_num_t
- Draw:
. hb_draw_funcs_t
. hb_draw_funcs_create()
. hb_draw_funcs_reference()
. hb_draw_funcs_destroy()
. hb_draw_funcs_is_immutable()
. hb_draw_funcs_make_immutable()
. hb_draw_move_to_func_t
. hb_draw_funcs_set_move_to_func()
. hb_draw_line_to_func_t
. hb_draw_funcs_set_line_to_func()
. hb_draw_quadratic_to_func_t
. hb_draw_funcs_set_quadratic_to_func()
. hb_draw_cubic_to_func_t
. hb_draw_funcs_set_cubic_to_func()
. hb_draw_close_path_func_t
. hb_draw_funcs_set_close_path_func()
. hb_draw_state_t
. HB_DRAW_STATE_DEFAULT
. hb_draw_move_to()
. hb_draw_line_to()
. hb_draw_quadratic_to()
. hb_draw_cubic_to()
. hb_draw_close_path()
. hb_font_get_glyph_shape_func_t
. hb_font_funcs_set_glyph_shape_func()
. hb_font_get_glyph_shape()
- OpenType layout:
. HB_OT_LAYOUT_BASELINE_TAG_IDEO_FACE_CENTRAL
. HB_OT_LAYOUT_BASELINE_TAG_IDEO_EMBOX_CENTRAL
. hb_ot_layout_get_horizontal_baseline_tag_for_script()
. hb_ot_layout_get_baseline_with_fallback()
- Metrics: hb_ot_metrics_get_position_with_fallback()
- Subset:
. hb_subset_plan_t
. hb_subset_plan_create_or_fail()
. hb_subset_plan_reference()
. hb_subset_plan_destroy()
. hb_subset_plan_set_user_data()
. hb_subset_plan_get_user_data()
. hb_subset_plan_execute_or_fail()
. hb_subset_plan_unicode_to_old_glyph_mapping()
. hb_subset_plan_new_to_old_glyph_mapping()
. hb_subset_plan_old_to_new_glyph_mapping()
++++ raspberrypi-firmware:
- Update to 231daece7c (2022-03-01):
* firmware: board_info: Handle misprogrammed 3B rev 1.2s
* firmware: mmal: Add mapping for IL OMX_IndexParamBrcmEnableIJGTableScaling param
* firmware: Handle overlay parameters embedded in overlay_map.dtb
See: raspberrypi/linux#4860
* firmware: firmware: Add HDMI_PORTS trait
* firmware: arm_dt: Fix rpi-poe overlay parameters
See: #1689
* firmware: jpeghw: Skip APP0 AVI1 headers, regardless of length
See: https://forums.raspberrypi.com/viewtopic.php?p=1975448
* firmware: camera_subsystem: Report ignored interfaces due to libcamera
See: #1679
* firmware: Export os_prefix, overlay_prefix, rsts and boot-mode on all models
* firmware: vcfw/hdmi_i2c: Initialise all instances from hdmi_i2c_init
* firmware: mmal: Add mapping for IL OMX_IndexParamBrcmEnableIJGTableScaling param
See: raspberrypi/linux#4669
++++ raspberrypi-firmware-config:
- Update to 231daece7c (2022-03-01):
* firmware: board_info: Handle misprogrammed 3B rev 1.2s
* firmware: mmal: Add mapping for IL OMX_IndexParamBrcmEnableIJGTableScaling param
* firmware: Handle overlay parameters embedded in overlay_map.dtb
See: raspberrypi/linux#4860
* firmware: firmware: Add HDMI_PORTS trait
* firmware: arm_dt: Fix rpi-poe overlay parameters
See: #1689
* firmware: jpeghw: Skip APP0 AVI1 headers, regardless of length
See: https://forums.raspberrypi.com/viewtopic.php?p=1975448
* firmware: camera_subsystem: Report ignored interfaces due to libcamera
See: #1679
* firmware: Export os_prefix, overlay_prefix, rsts and boot-mode on all models
* firmware: vcfw/hdmi_i2c: Initialise all instances from hdmi_i2c_init
* firmware: mmal: Add mapping for IL OMX_IndexParamBrcmEnableIJGTableScaling param
See: raspberrypi/linux#4669
++++ raspberrypi-firmware-config-camera:
- Update to 231daece7c (2022-03-01):
* firmware: board_info: Handle misprogrammed 3B rev 1.2s
* firmware: mmal: Add mapping for IL OMX_IndexParamBrcmEnableIJGTableScaling param
* firmware: Handle overlay parameters embedded in overlay_map.dtb
See: raspberrypi/linux#4860
* firmware: firmware: Add HDMI_PORTS trait
* firmware: arm_dt: Fix rpi-poe overlay parameters
See: #1689
* firmware: jpeghw: Skip APP0 AVI1 headers, regardless of length
See: https://forums.raspberrypi.com/viewtopic.php?p=1975448
* firmware: camera_subsystem: Report ignored interfaces due to libcamera
See: #1679
* firmware: Export os_prefix, overlay_prefix, rsts and boot-mode on all models
* firmware: vcfw/hdmi_i2c: Initialise all instances from hdmi_i2c_init
* firmware: mmal: Add mapping for IL OMX_IndexParamBrcmEnableIJGTableScaling param
See: raspberrypi/linux#4669
++++ raspberrypi-firmware-dt:
- Update to 8dd9f663bd7c (2022-02-25):
* Add GPIO names
* Add overlays:
- spi0-0cs
- vc4-kms-dpi-hyperpixel2r
- vc4-kms-dpi-hyperpixel4
- vc4-kms-dpi-hyperpixel4sq
- vc4-kms-dpi-panel
- waveshare-can-fd-hat-mode-a
- waveshare-can-fd-hat-mode-b
++++ virt-manager:
- bsc#1196202 - virt-install crashes on a time-of-check time-of-use
(TOCTOU) race condition
Resolved by upgrade to version 4.0.0 (jsc#SLE-18261)
virt-manager-4.0.0.tar.gz
- Other features and bug fixes (bsc#1027942)
virt-install –os-variant/–osinfo is now a hard requirement for most cases
Add ‘Enable shared memory’ UI checkbox (Lin Ma)
add UI preference to default to UEFI for new VMs (Charles Arnold)
Add virtiofs filesystem driver UI option
Fill in all –cputune, –cpu, –shmem, –input, and –boot suboptions (Hugues Fafard)
virt-* mdev improvements (Shalini Chellathurai Saroja)
bhyve improvments (Roman Bogorodskiy)
Revive network portgroup UI
enable a TPM by default when UEFI is used (Daniel P. Berrangé)
Use cpu host-passthrough by default on qemu x86
use virtio-gpu video for most modern distros
Default to extra pcie root ports for q35
set discard=unmap by default for sparse disks and block devices
We now require xorissofs for –location ISO
We now use setuptools rather than just plain distutils
- Add virtman-revert-use-of-AyatanaAppIndicator3.patch
- Drop the following patches
0e15cd51-virt-manager-enable-MDEV-support.patch
143c6bef-virtinst-fix-error-message-format-string.patch
4d0e3232-virtinst-Fix-TOCTOU-in-domain-enumeration.patch
8bb64ad5-console-Dont-block-console-reconnect-for-non-error.patch
9363e1e6-virt-xml-add-support-for-mediated-devices.patch
965480e8-virt-install-add-mediated-device.patch
9d4002ee-tests-verify-MDEV-support.patch
cf93e2db-console-fix-error-with-old-pygobject.patch
d3c627f1-volumeupload-Use-1MiB-read-size.patch
d9b5090e-Fix-forgetting-password-from-keyring.patch
e7222b50-addstorage-Dont-pass-None-to-widget.set_active.patch
f87e96d3-hostdev-use-method-get_mdev_uuid.patch
fe8722e7-createnet-Remove-some-unnecessary-max_length-annotations.patch
virtinst-graphics-add-check-for-qemu-modules-in-spice-graphic.patch
virtman-add-firmware-preferences.patch
virtman-legacy-bios-support.patch
virtman-show-no-firmware-for-xenpv.patch
------------------------------------------------------------------
------------------ 2022-3-1 - Mar 1 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- autoselect libvulkan_intel package via hardware supplements on
Intel GPUs
- autoselect libvulkan_radeon package via hardware supplements on
AMD GPUs
- no longer install libvulkan_lvp package (lavapipe=Software
Vulkan driver), libvulkan_broadcom and libvulkan_freedreno packages
by default, i.e. no longer have libvulkan_intel/libvulkan_radeon
and libvulkan_lvp packages installed at the same time (boo#1180522)
- libvulkan_intel/libvulkan_radeon/libvulkan_lvp now require
Mesa-vulkan-device-select package, not the other way round!
(baselibs.conf also adjusted)
++++ Mesa-drivers:
- autoselect libvulkan_intel package via hardware supplements on
Intel GPUs
- autoselect libvulkan_radeon package via hardware supplements on
AMD GPUs
- no longer install libvulkan_lvp package (lavapipe=Software
Vulkan driver), libvulkan_broadcom and libvulkan_freedreno packages
by default, i.e. no longer have libvulkan_intel/libvulkan_radeon
and libvulkan_lvp packages installed at the same time (boo#1180522)
- libvulkan_intel/libvulkan_radeon/libvulkan_lvp now require
Mesa-vulkan-device-select package, not the other way round!
(baselibs.conf also adjusted)
++++ cups:
- Version upgrade to 2.4.1:
See https://github.com/openprinting/cups/releases
CUPS 2.4.1 is the first bug fix release from 2.4.x series.
Among the other bug fixes it fixes sharing default color mode
to clients and several memory leaks.
* The default color mode now is now configurable and defaults
to the printer's reported default mode (Issue #277)
* Configuration script now checks linking for -Wl,-pie flags
(Issue #303)
* Fixed memory leaks -
in testi18n (Issue #313),
in cups_enum_dests() (Issue #317),
in _cupsEncodeOption() and http_tls_upgrade() (Issue #322)
* Fixed missing bracket in de/index.html (Issue #299)
* Fixed typos in configuration scripts (Issues #304, #316)
* Removed remaining legacy code for RIP_MAX_CACHE environment
variable (Issue #323)
* Removed deprecated directives from cupsctl and
cups-files.conf (Issue #300)
* Removed purge-jobs legacy code from CGI scripts and
templates (Issue #325)
- Version upgrade to 2.4.0:
CUPS 2.4.0 is the latest stable OpenPrinting CUPS release.
Among the changes from beta and release candidate
the stable release adds two new configuration options for
optimizing cupsd setup on servers and several other changes.
* Added configure option --with-idle-exit-timeout (Issue #294)
* Added --with-systemd-timeoutstartsec configure
option (Issue #298)
* DigestOptions now are applied for MD5 Digest authentication
defined by RFC 2069 as well (Issue #287)
* Fixed compilation on Solaris (Issue #293)
* Fixed and improved German translations (Issue #296, Issue #297)
- Version upgrade to 2.4rc1:
CUPS 2.4rc1 is a release candidate for OpenPrinting CUPS 2.4.0,
which adds two enhancements before the stable release.
* Added warning and debug messages when loading printers
if the queue is raw or with driver (Issue #286)
* Compilation now uses -fstack-protector-strong
if available (Issue #285)
- Version upgrade to 2.4b1:
CUPS 2.4b1 is the beta release for OpenPrinting CUPS 2.4
which contains several new features such as basic OAuth support,
support for AirPrint and Mopria clients and support for running
CUPS as a snap, several deprecations (Kerberos, cups-config),
removals of old deprecated directives, and many bug fixes.
* Added support for CUPS running in a Snapcraft snap.
* Added basic OAuth 2.0 client support (Issue #100)
* Added support for AirPrint and Mopria clients (Issue #105)
* Added configure support for specifying systemd dependencies
in the CUPS service file (Issue #144)
* Added several features and improvements to ipptool (Issue #153)
* Added a JSON output mode for ipptool.
* The ipptool command now correctly reports an error
when a test file cannot be found.
* CUPS library now uses thread safe getpwnam_r and getpwuid_r
functions (Issue #274)
* Fixed Kerberos authentication for the web interface (Issue #19)
* The ZPL sample driver now supports more "standard" label
sizes (Issue #70)
* Fixed reporting of printer instances when enumerating and when
no options are set for the main instance (Issue #71)
* Reverted USB read limit enforcement change
from CUPS 2.2.12 (Issue #72)
* The IPP backend did not return the correct status code
when a job was canceled at the printer/server (Issue #74)
* The testlang unit test program now loops over all of the
available locales by default (Issue #85)
* The cupsfilter command now shows error messages when options
are used incorrectly (Issue #88)
* The PPD functions now treat boolean values as
case-insensitive (Issue #106)
* Temporary queue names no longer end with an
underscore (Issue #110)
* The USB backend now runs as root (Issue #121)
* Added pkg-config file for libcups (Issue #122)
* Fixed a PPD memory leak caused by emulator
definitions (Issue #124)
* Fixed a DISPLAY bug in ipptool (Issue #139)
* The scheduler now includes the [Job N] prefix for job log
messages, even when using syslog logging (Issue #154)
* Added support for locales using the GB18030
character set (Issue #159)
* httpReconnect2 did not reset the socket file descriptor
when the TLS negotiation failed (Apple #5907)
* httpUpdate did not reset the socket file descriptor
when the TLS negotiation failed (Apple #5915)
* The IPP backend now retries Validate-Job requests (Issue #132)
* Now show better error messages when a driver interface program
fails to provide a PPD file (Issue #148)
* Added dark mode support to the CUPS web interface (Issue #152)
* Added a workaround for Solaris in httpAddrConnect2 (Issue #156)
* Fixed an interaction between --remote-admin and --remote-any
for the cupsctl command (Issue #158)
* Now use a 60 second timeout for reading USB backchannel
data (Issue #160)
* The USB backend now tries harder to find a serial
number (Issue #170)
* Fixed @IF(name) handling in cupsd.conf (Apple #5918)
* Fixed documentation and added examples for CUPS' limited
CGI support (Apple #5940)
* Fixed the lpc command prompt (Apple #5946)
* Now always pass "localhost" in the Host: header when talking
over a domain socket or the loopback interface (Issue #185)
* Fixed a job history update issue in the scheduler (Issue #187)
* Fixed job-pages-per-set value for duplex print jobs.
* Fixed an edge case in ippReadIO to make sure that only complete
attributes and values are retained on an error (Issue #195)
* Hardened ippReadIO to prevent invalid IPP messages from being
propagated (Issue #195, Issue #196)
* The scheduler now supports the "everywhere" model
directly (Issue #201)
* Fixed some IPP Everywhere option mapping problems (Issue #238)
* Fixed support for "job-hold-until" with the Restart-Job
operation (Issue #250)
* Fixed the default color/grayscale presets for
IPP Everywhere PPDs (Issue #262)
* Fixed support for the 'offline-report' state for all
USB backends (Issue #264)
* Documentation fixes (Issue #92, Issue #163, Issue #177,
Issue #184)
* Localization updates (Issue #123, Issue #129, Issue #134,
Issue #146, Issue #164)
* USB quirk updates (Issue #192, Issue #270, Apple #5766,
Apple #5838, Apple #5843, Apple #5867)
* Web interface updates (Issue #142, Issue #218)
* The ippeveprinter tool now automatically uses an
available port.
* Fixed several Windows TLS and hashing issues.
* Deprecated cups-config (Issue #97)
* Deprecated Kerberos (AuthType Negotiate)
authentication (Issue #98)
* Removed support for the (long deprecated and unused)
FontPath, ListenBackLog, LPDConfigFile, KeepAliveTimeout,
RIPCache, and SMBConfigFile directives in cupsd.conf
and cups-files.conf.
* Stubbed out deprecated httpMD5 functions.
* Add test for undefined page ranges during printing.
- downgrade-autoconf-requirement.patch downgrades the
autoconf requirement to what is currently available in openSUSE
- fix-negotiate-authentication-between-CGIs-and-scheduler.patch
is obsolete because it is included in the upstream code, see
https://github.com/OpenPrinting/cups/commit/3ff789ee90b18205c735e42e599eb3ee3043e88a
https://github.com/OpenPrinting/cups/pull/19
https://github.com/apple/cups/pull/5847
https://github.com/apple/cups/issues/5596
- upstream_pull_174.patch
is obsolete because it is included in the upstream code, see
https://github.com/OpenPrinting/cups/commit/43edb9df51b977d92929b084186dcd67d4f5ca44
https://github.com/OpenPrinting/cups/pull/174
https://github.com/OpenPrinting/cups/issues/72
- patch cups-2.1.0-cups-systemd-socket.patch
is obsolete because it is included in the upstream code, see
https://github.com/OpenPrinting/cups/commit/e96e96b4bd0d4e6f634bbb66b95d6e475501541c
- Updated upstream source tarball signing key in cups.keyring, see
https://github.com/OpenPrinting/cups/discussions/327#discussioncomment-2060579
- Re-enabled the CUPS upstream testsuite via 'make test'
and removed 'make check' because since the upstream commit
https://github.com/OpenPrinting/cups/commit/96ba46ebc818b610b0e40cbc9d62ef1dcd3ec9b6
the two Makefile targets 'test' and 'check' are identical.
- Changed cups-2.1.0-cups-systemd-socket.patch
to accomodate new coding style
- Changed cups-config-libs.orig to accommodate
recent code changes (SSL->TLS)
- Changed cups-2.1.0-default-webcontent-path.patch
to accommodate code changes
++++ dbus-1:
- Update to version 1.12.22:
+ On Linux, when using traditional (non-systemd) service
activation, don't log warnings about failing to reset OOM score
adjustment if the process is already more susceptible to the
OOM killer, as user processes usually are with systemd ≥ 250.
+ On Linux, when using traditional (non-systemd) system bus
activation, reset the OOM score adjustment to 0 as intended.
If the system dbus-daemon is protected from the OOM killer,
this avoids that protection unintentionally being inherited by
every system service.
+ Avoid malloc() after fork on non-GNU libc.
+ Fix build with clang 13 by using Standard C offsetof where
available.
+ Fix build of tests on FreeBSD.
+ Make documentation build more reproducible.
+ On Unix, make X11 autolaunch cope with slashes in DISPLAY.
+ Don't try to raise RLIMIT_NOFILE beyond OPEN_MAX on macOS.
+ Fix compilation if embedded tests are enabled but verbose mode
and stats are both disabled.
+ On Linux, fix a race condition in the integration test for
transient services.
++++ lvm2-device-mapper:
- Update lvm2 from LVM2.2.03.12 to LVM2.2.03.15
* ** WHATS_NEW from 2.03.13 to 2.03.15 ***
Version 2.03.15 - 07th February 2022
====================================
Remove service based autoactivation. global/event_activation = 0 is NOOP.
Improve support for metadata profiles for --type writecache.
Use cache or active DM device when available with new kernels.
Introduce function to utilize UUIDs from DM_DEVICE_LIST.
Increase some hash table size to better support large device sets.
Version 2.03.14 - 20th October 2021
===================================
Device scanning is skipping directories on different filesystems.
Print info message with too many or too large archived files.
Reduce metadata readings during scanning phase.
Optimize computation of crc32 check sum with multiple PVs.
Enhance recover path on cache creation failure.
Filter out unsupported MQ/SMQ cache policy setting.
Fix memleak in mpath filter.
Support newer location for VDO statistics.
Add support for VDO async-unsafe write policy.
Improve lvm_import_vdo script.
Support VDO LV with lvcreate -ky.
Fix lvconvert for VDO LV bigger then 2T.
Create VDO LVs automatically without zeroing.
Rename vdoimport to lvm_import_vdo.
Version 2.03.13 - 11th August 2021
==================================
Changes in udev support:
- obtain_device_list_from_udev defaults to 0.
- see devices/external_device_info_source,
devices/obtain_device_list_from_udev, and devices/multipath_wwids_file help
in lvm.conf
Fix devices file handling of loop with deleted backing file.
Fix devices file handling of scsi_debug WWIDs.
Fix many static analysis issues.
Support --poolmetadataspare with vgsplit and vgmerge.
Fix detection of active components of external origin volume.
Add vdoimport tool to support conversion of VDO volumes.
Support configurable allocation/vdo_pool_header_size.
Fix handling of lvconvert --type vdo-pool --virtualsize.
Simplified handling of archive() and backup() internal calls.
Add 'idm' locking type for IDM lock manager.
Fix load of kvdo target when it is not present in memory (2.03.12).
* ** WHATS_NEW_DM from 1.02.179 to 1.02.183 ***
Version 1.02.183 - 07th February 2022
=====================================
Unmangle UUIDs for DM_DEVICE_LIST ioctl.
Version 1.02.181 - 20th October 2021
====================================
Add IMA support with 'dmsetup measure' command.
Add defines DM_NAME_LIST_FLAG_HAS_UUID, DM_NAME_LIST_FLAG_DOESNT_HAVE_UUID.
Enhance tracking of activated devices when preloading dm tree.
Fix bug in construction of cache table line (regression from 1.02.159).
Version 1.02.179 - 11th August 2021
===================================
(empty)
- Drop patches that have been merged into upstream
- 0001-lvmlockd-idm-Introduce-new-locking-scheme.patch
- 0002-lvmlockd-idm-Hook-Seagate-IDM-wrapper-APIs.patch
- 0003-lib-locking-Add-new-type-idm.patch
- 0004-lib-locking-Parse-PV-list-for-IDM-locking.patch
- 0005-tools-Add-support-for-idm-lock-type.patch
- 0006-configure-Add-macro-LOCKDIDM_SUPPORT.patch
- 0007-enable-command-syntax-for-thin-and-writecache.patch
- 0008-lvremove-fix-removing-thin-pool-with-writecache-on-d.patch
- 0009-vdo-fix-preload-of-kvdo.patch
- 0010-writecache-fix-lv_on_pmem.patch
- 0011-writecache-don-t-pvmove-device-used-by-writecache.patch
- 0012-pvchange-fix-file-locking-deadlock.patch
- 0013-tests-Enable-the-testing-for-IDM-locking-scheme.patch
- 0014-tests-Support-multiple-backing-devices.patch
- 0015-tests-Cleanup-idm-context-when-prepare-devices.patch
- 0016-tests-Add-checking-for-lvmlockd-log.patch
- 0017-tests-stress-Add-single-thread-stress-testing.patch
- 0018-tests-stress-Add-multi-threads-stress-testing-for-VG.patch
- 0019-tests-stress-Add-multi-threads-stress-testing-for-PV.patch
- 0020-tests-Support-idm-failure-injection.patch
- 0021-tests-Add-testing-for-lvmlockd-failure.patch
- 0022-tests-idm-Add-testing-for-the-fabric-failure.patch
- 0023-tests-idm-Add-testing-for-the-fabric-failure-and-tim.patch
- 0024-tests-idm-Add-testing-for-the-fabric-s-half-brain-fa.patch
- 0025-tests-idm-Add-testing-for-IDM-lock-manager-failure.patch
- 0026-tests-multi-hosts-Add-VG-testing.patch
- 0027-tests-multi-hosts-Add-LV-testing.patch
- 0028-tests-multi-hosts-Test-lease-timeout-with-LV-exclusi.patch
- 0029-tests-multi-hosts-Test-lease-timeout-with-LV-shareab.patch
- 0030-fix-empty-mem-pool-leak.patch
- 0031-tests-writecache-blocksize-add-dm-cache-tests.patch
- 0032-tests-rename-test.patch
- 0033-tests-add-writecache-cache-blocksize-2.patch
- 0034-lvmlockd-Fix-the-compilation-warning.patch
- 0035-devices-don-t-use-deleted-loop-backing-file-for-devi.patch
- 0036-man-help-fix-common-option-listing.patch
- 0037-archiving-take-archive-automatically.patch
- 0038-backup-automatically-store-data-on-vg_unlock.patch
- 0039-archive-avoid-abuse-of-internal-flag.patch
- 0040-pvck-add-lock_global-before-clean_hint_file.patch
- 0041-lvmdevices-add-deviceidtype-option.patch
- bug-1188141_toolcontext-fix-double-free-core-dumped-issue.patch
- 0043-udev-create-symlinks-and-watch-even-in-suspended-sta.patch
- bug-1179691_config-set-external_device_info_source-none.patch
- Add upstream patch
- 0001-post-release.patch
- 0002-asan-fix-some-reports-from-libasan.patch
- 0003-make-generate.patch
- 0004-tests-udev-pvscan-vgchange-fix-service-wait.patch
- 0005-devices-file-do-not-clear-PVID-of-unread-devices.patch
- 0006-tests-skip-vgchange-pvs-online.sh-on-rhel5.patch
- 0007-dev_manager-fix-dm_task_get_device_list.patch
- 0008-dev_manager-failing-status-is-not-internal-error.patch
- 0009-clang-add-extra-check.patch
- 0010-clang-possible-better-compilation-with-musl-c.patch
- 0011-dev_manager-do-not-query-for-open_count.patch
- 0012-dev_manager-use-list-info-for-preset-devs.patch
- 0013-man-lvmcache-add-more-writecache-cachesettings-info.patch
- 0014-man-update-cachesettings-option-description.patch
- 0015-man-lvmcache-mention-writecache-memory-usage.patch
- 0016-writecache-display-block-size-from-lvs.patch
- 0017-devices-simplify-dev_cache_get_by_devt.patch
- 0018-devices-drop-incorrect-paths-from-aliases-list.patch
- 0019-devices-initial-use-of-existing-option.patch
- 0020-devices-fix-dev_name-assumptions.patch
- 0021-devices-use-dev-cache-aliases-handling-from-label-sc.patch
- 0022-devices-only-close-PVs-on-LVs-when-scan_lvs-is-enabl.patch
- 0023-writecache-check-memory-usage.patch
- Update patch
- fate-309425_display-dm-name-for-lv-name.patch
- lvm2.spec
- add new binraries: lvmdevices vgimportdevices
- add config item "--with-cluster=internal" for cluster test
- add config item "--with-integrity=internal"
- add new man lvmautoactivation.7
- remove lvm2-activation-generator & man page
- remove lvm2-pvscan@.service
- replace 69-dm-lvm-metad.rules with 69-dm-lvm.rules
++++ grub2:
- Remove obsolete openSUSE 12.2 conditionals in spec file
- Clean up powerpc certificate handling.
++++ kbd:
- [kbdsettings] try to run numlockbios from /usr/libexec/kbd/ first
as Tumbleweed moved to this location a while ago (boo#1179295)
++++ kernel-default-base:
- Add quota modules (bsc#1196585)
- Add nfs layout modules
++++ gcc12:
- Use proper patch for SLE 15.x.
- Bump to 4a1c20df82c9e14478d79fbe1ae9690a36285ac1, git191847.
- Add gcc12-d-workaround.patch that fixes issue with gcc11 compiler.
- Bump to 673a10aee1aafe0c99bfadc29a7458339bdddb3a, git191845.
++++ lvm2:
- Update lvm2 from LVM2.2.03.12 to LVM2.2.03.15
* ** WHATS_NEW from 2.03.13 to 2.03.15 ***
Version 2.03.15 - 07th February 2022
====================================
Remove service based autoactivation. global/event_activation = 0 is NOOP.
Improve support for metadata profiles for --type writecache.
Use cache or active DM device when available with new kernels.
Introduce function to utilize UUIDs from DM_DEVICE_LIST.
Increase some hash table size to better support large device sets.
Version 2.03.14 - 20th October 2021
===================================
Device scanning is skipping directories on different filesystems.
Print info message with too many or too large archived files.
Reduce metadata readings during scanning phase.
Optimize computation of crc32 check sum with multiple PVs.
Enhance recover path on cache creation failure.
Filter out unsupported MQ/SMQ cache policy setting.
Fix memleak in mpath filter.
Support newer location for VDO statistics.
Add support for VDO async-unsafe write policy.
Improve lvm_import_vdo script.
Support VDO LV with lvcreate -ky.
Fix lvconvert for VDO LV bigger then 2T.
Create VDO LVs automatically without zeroing.
Rename vdoimport to lvm_import_vdo.
Version 2.03.13 - 11th August 2021
==================================
Changes in udev support:
- obtain_device_list_from_udev defaults to 0.
- see devices/external_device_info_source,
devices/obtain_device_list_from_udev, and devices/multipath_wwids_file help
in lvm.conf
Fix devices file handling of loop with deleted backing file.
Fix devices file handling of scsi_debug WWIDs.
Fix many static analysis issues.
Support --poolmetadataspare with vgsplit and vgmerge.
Fix detection of active components of external origin volume.
Add vdoimport tool to support conversion of VDO volumes.
Support configurable allocation/vdo_pool_header_size.
Fix handling of lvconvert --type vdo-pool --virtualsize.
Simplified handling of archive() and backup() internal calls.
Add 'idm' locking type for IDM lock manager.
Fix load of kvdo target when it is not present in memory (2.03.12).
* ** WHATS_NEW_DM from 1.02.179 to 1.02.183 ***
Version 1.02.183 - 07th February 2022
=====================================
Unmangle UUIDs for DM_DEVICE_LIST ioctl.
Version 1.02.181 - 20th October 2021
====================================
Add IMA support with 'dmsetup measure' command.
Add defines DM_NAME_LIST_FLAG_HAS_UUID, DM_NAME_LIST_FLAG_DOESNT_HAVE_UUID.
Enhance tracking of activated devices when preloading dm tree.
Fix bug in construction of cache table line (regression from 1.02.159).
Version 1.02.179 - 11th August 2021
===================================
(empty)
- Drop patches that have been merged into upstream
- 0001-lvmlockd-idm-Introduce-new-locking-scheme.patch
- 0002-lvmlockd-idm-Hook-Seagate-IDM-wrapper-APIs.patch
- 0003-lib-locking-Add-new-type-idm.patch
- 0004-lib-locking-Parse-PV-list-for-IDM-locking.patch
- 0005-tools-Add-support-for-idm-lock-type.patch
- 0006-configure-Add-macro-LOCKDIDM_SUPPORT.patch
- 0007-enable-command-syntax-for-thin-and-writecache.patch
- 0008-lvremove-fix-removing-thin-pool-with-writecache-on-d.patch
- 0009-vdo-fix-preload-of-kvdo.patch
- 0010-writecache-fix-lv_on_pmem.patch
- 0011-writecache-don-t-pvmove-device-used-by-writecache.patch
- 0012-pvchange-fix-file-locking-deadlock.patch
- 0013-tests-Enable-the-testing-for-IDM-locking-scheme.patch
- 0014-tests-Support-multiple-backing-devices.patch
- 0015-tests-Cleanup-idm-context-when-prepare-devices.patch
- 0016-tests-Add-checking-for-lvmlockd-log.patch
- 0017-tests-stress-Add-single-thread-stress-testing.patch
- 0018-tests-stress-Add-multi-threads-stress-testing-for-VG.patch
- 0019-tests-stress-Add-multi-threads-stress-testing-for-PV.patch
- 0020-tests-Support-idm-failure-injection.patch
- 0021-tests-Add-testing-for-lvmlockd-failure.patch
- 0022-tests-idm-Add-testing-for-the-fabric-failure.patch
- 0023-tests-idm-Add-testing-for-the-fabric-failure-and-tim.patch
- 0024-tests-idm-Add-testing-for-the-fabric-s-half-brain-fa.patch
- 0025-tests-idm-Add-testing-for-IDM-lock-manager-failure.patch
- 0026-tests-multi-hosts-Add-VG-testing.patch
- 0027-tests-multi-hosts-Add-LV-testing.patch
- 0028-tests-multi-hosts-Test-lease-timeout-with-LV-exclusi.patch
- 0029-tests-multi-hosts-Test-lease-timeout-with-LV-shareab.patch
- 0030-fix-empty-mem-pool-leak.patch
- 0031-tests-writecache-blocksize-add-dm-cache-tests.patch
- 0032-tests-rename-test.patch
- 0033-tests-add-writecache-cache-blocksize-2.patch
- 0034-lvmlockd-Fix-the-compilation-warning.patch
- 0035-devices-don-t-use-deleted-loop-backing-file-for-devi.patch
- 0036-man-help-fix-common-option-listing.patch
- 0037-archiving-take-archive-automatically.patch
- 0038-backup-automatically-store-data-on-vg_unlock.patch
- 0039-archive-avoid-abuse-of-internal-flag.patch
- 0040-pvck-add-lock_global-before-clean_hint_file.patch
- 0041-lvmdevices-add-deviceidtype-option.patch
- bug-1188141_toolcontext-fix-double-free-core-dumped-issue.patch
- 0043-udev-create-symlinks-and-watch-even-in-suspended-sta.patch
- bug-1179691_config-set-external_device_info_source-none.patch
- Add upstream patch
- 0001-post-release.patch
- 0002-asan-fix-some-reports-from-libasan.patch
- 0003-make-generate.patch
- 0004-tests-udev-pvscan-vgchange-fix-service-wait.patch
- 0005-devices-file-do-not-clear-PVID-of-unread-devices.patch
- 0006-tests-skip-vgchange-pvs-online.sh-on-rhel5.patch
- 0007-dev_manager-fix-dm_task_get_device_list.patch
- 0008-dev_manager-failing-status-is-not-internal-error.patch
- 0009-clang-add-extra-check.patch
- 0010-clang-possible-better-compilation-with-musl-c.patch
- 0011-dev_manager-do-not-query-for-open_count.patch
- 0012-dev_manager-use-list-info-for-preset-devs.patch
- 0013-man-lvmcache-add-more-writecache-cachesettings-info.patch
- 0014-man-update-cachesettings-option-description.patch
- 0015-man-lvmcache-mention-writecache-memory-usage.patch
- 0016-writecache-display-block-size-from-lvs.patch
- 0017-devices-simplify-dev_cache_get_by_devt.patch
- 0018-devices-drop-incorrect-paths-from-aliases-list.patch
- 0019-devices-initial-use-of-existing-option.patch
- 0020-devices-fix-dev_name-assumptions.patch
- 0021-devices-use-dev-cache-aliases-handling-from-label-sc.patch
- 0022-devices-only-close-PVs-on-LVs-when-scan_lvs-is-enabl.patch
- 0023-writecache-check-memory-usage.patch
- Update patch
- fate-309425_display-dm-name-for-lv-name.patch
- lvm2.spec
- add new binraries: lvmdevices vgimportdevices
- add config item "--with-cluster=internal" for cluster test
- add config item "--with-integrity=internal"
- add new man lvmautoactivation.7
- remove lvm2-activation-generator & man page
- remove lvm2-pvscan@.service
- replace 69-dm-lvm-metad.rules with 69-dm-lvm.rules
++++ libosinfo:
- Update to version 1.10.0
Changes in this release include:
* Add API for resolving multiple tree matches
* Add API for resolving multiple media matches
* Add API to match between two OsinfoTree
* Add API to match between two OsinfoMedia
* Add API to get a complete list of firmwares
* Add missing documentation of osinfo_os_add_firmware()
* Add release status to osinfo-query
* Add --all flag to all tools to report all matches
* Fix hiding database entries
* Adapt to libsoup3 which is now preferred over libsoup2
* Several CI improvements
* Several translations improvements
++++ libvirt:
- Update to libvirt 8.1.0
- Many incremental improvements and bug fixes, see
https://libvirt.org/news.html#v8-1-0-2022-03-01
- Dropped patches:
3be5ba11-libvirt-guests-install.patch,
16172741-libvirt-guests-manpage.patch,
8eb44616-remove-sysconfig-files.patch,
31e937fb-libxl-save-lock-indicator.patch,
105dace2-revert-virProcessGetStatInfo.patch,
e0241f33-libxl-mark-allocated-graphics-ports.patch,
18ec405a-libxl-release-graphics-ports.patch,
76deb656-qemu-fix-snapshot-revert.patch,
454b927d-libxl-fix-dom-restore.patch
++++ osinfo-db:
- Update to database version 20220214
osinfo-db-20220214.tar.xz
------------------------------------------------------------------
------------------ 2022-2-28 - Feb 28 2022 -------------------
------------------------------------------------------------------
++++ cockpit:
- add hide-pcp.patch to hide references to PCP (Performance
Co-Pilot) and metric collection (bsc#1195943). The cockpit-pcp
package is not included in SLE Micro 5.2 base and these parts
require it.
++++ glibc:
- get-nprocs-sched-uninit-read.patch: linux: __get_nprocs_sched: do not
feed CPU_COUNT_S with garbage (BZ #28850)
- get-nprocs-inaccurate.patch: linux: fix accuracy of get_nprocs and
get_nprocs_conf (BZ #28865)
- strcmp-rtm-fallback.path: x86: Fallback {str|wcs}cmp RTM in the ncmp
overflow case (BZ #28896)
- pt-load-invalid-hole.patch: elf: Check invalid hole in PT_LOAD segments
(BZ #28838)
- localedef-ld-monetary.patch: localedef: Update LC_MONETARY handling (BZ
[#28845])
++++ kernel-firmware:
- Update to version 20220224 (git commit 9cab94f59b23):
* Mellanox: Add new mlxsw_spectrum firmware xx.2010.1406
* wfx: update to firmware 3.14
* wfx: add antenna configuration files
* wfx: rename silabs/ into wfx/
* linux-firmware: update firmware for mediatek bluetooth chip(MT7921)
* linux-firmware: Update firmware patch for Intel Bluetooth 8260
* linux-firmware: Update firmware file for Intel Bluetooth 8265
* linux-firmware: Intel BT 7265: Fix Security Issues
(CVE-2021-33139,CVE-2021-33155,INTEL-SA-00604,bsc#1195786)
- Update license.txt for wfx
- Temporary fix for WHENCE for wfx:
wfx-WHENCE-fix.diff
++++ libdrm:
- update to 2.4.110:
* build system updates
* amdgpu: implement new CTX OP to set/get stable pstates
* amdgpu: update_drm for new CTX OP to set/get stable pstates
* intel: Add support for ADL-N
* intel: Add support for RPLS platform
* intel: sync pciids with Linux kernel
* update to tests
++++ gcc12:
- Bump to 37b583b9d7719f663656ce65ac822c11471fb540, git191817.
- Bump sover of libgo library.
++++ ncurses:
- Add ncurses patch 20220226
+ fix issues found with coverity:
+ rewrite canonical_name() function of infocmp to ensure buffer size
+ corrected use of original tty-modes in tput init/reset subcommands
+ modify tabs program to limit tab-stop values to max-columns
+ add limit-checks for palette rgb values in test/ncurses.c
+ add a few null-pointer checks to help with static-analysis.
+ enforce limit on number of soft-keys used in c++ binding.
+ adjust a buffer-limit in write_entry.c to quiet a bogus warning from
gcc 12.0.1
++++ salt:
- Fix issues found around pre_flight_script_args
- Added:
* prevent-shell-injection-via-pre_flight_script_args-4.patch
------------------------------------------------------------------
------------------ 2022-2-27 - Feb 27 2022 -------------------
------------------------------------------------------------------
++++ gnutls:
- build with lto
- build with -Wl,-z,now -Wl,-z,relro
- build without -fanalyzer, which cuts build time in ~ half
++++ kernel-default:
- Update to 5.17-rc6
- commit 3bbcd8f
- config: update vanilla configs
FB_BOOT_VESA_SUPPORT was replaced BOOT_VESA_SUPPORT by a patch but this
patch is not applied to vanilla flavor so that we have to keep the option
in */vanilla configs until the patch reaches mainline.
- commit 22f5560
- rpm/kernel-obs-build.spec.in: add systemd-initrd and terminfo dracut module (bsc#1195775)
- commit d9a821b
------------------------------------------------------------------
------------------ 2022-2-26 - Feb 26 2022 -------------------
------------------------------------------------------------------
++++ sqlite3:
- update to 3.38.0
* Add the -> and ->> operators for easier processing of JSON
* The JSON functions are now built-ins
* Enhancements to date and time functions
* Rename the printf() SQL function to format() for better
compatibility, with alias for backwards compatibility.
* Add the sqlite3_error_offset() interface for helping localize
an SQL error to a specific character in the input SQL text
* Enhance the interface to virtual tables
* CLI columnar output modes are enhanced to correctly handle tabs
and newlines embedded in text, and add options like "--wrap N",
"--wordwrap on", and "--quote" to the columnar output modes.
* Query planner enhancements using a Bloom filter to speed up
large analytic queries, and a balanced merge tree to evaluate
UNION or UNION ALL compound SELECT statements that have an
ORDER BY clause.
* The ALTER TABLE statement is changed to silently ignores
entries in the sqlite_schema table that do not parse when
PRAGMA writable_schema=ON
------------------------------------------------------------------
------------------ 2022-2-25 - Feb 25 2022 -------------------
------------------------------------------------------------------
++++ permissions:
- Update to version 20220202:
* mount.nfs: switch from migration mode to fixed path in /usr/sbin
* changed gendered pronouns
* mgetty: faxq-helper now finally reside in /usr/libexec
++++ elfutils:
- Add support for zstd, needed to inspect kernel modules (bsc#1196510)
++++ libcap:
- Use "or" in the license tag to avoid confusion (bsc#1180073)
++++ libsolv:
- fix segfault on conflict resolution when using bindings
- fix split provides not working if the update includes a forbidden
vendor change
- support strict repository priorities
new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY
- support zstd compressed control files in debian packages
- add an ifdef allowing to rename Solvable dependency members
("requires" is a keyword in C++20)
- support setting/reading userdata in solv files
new functions: repowriter_set_userdata, solv_read_userdata
- support queying of the custom vendor check function
new function: pool_get_custom_vendorcheck
- support solv files with an idarray block
- allow accessing the toolversion at runtime
- bump version to 0.7.21
------------------------------------------------------------------
------------------ 2022-2-24 - Feb 24 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- update to 21.3.7
* sixth bugfix release
++++ Mesa-drivers:
- update to 21.3.7
* sixth bugfix release
++++ NetworkManager:
- Update to version 1.36.0:
+ The handling of Layer 3 configurations has been substantially
reworked. While this is mostly internal change, it results in
more robust behavior when addressing information from multiple
sources (DHCP, manually configured, VPN) need to be applied
simultaneously. Overall performance and memory use have also
slightly improved.
+ Manually configured addresses can no longer expire even if the
same addresses are also obtained dynamically.
+ Code for systemd-based DHCP and DHCPv6 clients has been updated
from upstream.
+ NTP servers obtained via DHCPv6 are now exposed on the DBus
API, visible in nmcli and available for use by dispatcher
scripts.
+ 5G NR (New Radio) modems are now supported.
+ The "rd.znet_ifnames" kernel command line option is now honored
on network bootups on an IBM s390 platform.
+ Wi-Fi P2P support does now work with the IWD backend, in
addition to wpa_supplicant backend.
+ Support for special route types have been added: "prohibit",
"blackhole" and "unreachable".
+ Routes managed by routing daemons are now ignored. This is done
to address a performance bottleneck on specialized routers.
+ Handling of IP addressing and routing information is now
slightly more efficient and uses less memory. This is apparent
on systems with large amount of IP configuration information.
+ It is now possible to start NetworkManager without root user
privileges. This is experimental doesn't necessarily result in
a working daemon. NetworkManager service already drops many of
capabilities available to the root user.
+ WPA3 Wi-FI network security have been improved by enabling new
H2E (hash to element) method for generating SAE password
element.
+ It is now possible to select the default Wi-Fi backend
(wpa_supplicant or IWD) at build-time.
+ Replies from broken DHCP servers that send duplicate address or
mask options are now handled gracefully.
+ Bridge support has gained the possibility of turning off MAC
ageing.
+ "configure-and-quit" mode and nm-iface-helper have been
removed.
+ A number of bugs that could cause NetworkManager to crash in
rare conditions have been fixed.
- Drop pkgconfig(libteam) BuildRequires and stop passing
teamdctl=true to meson: No longer build teamdctl support.
- Drop patches fixed upstream:
+ 4685651e7671e064b911a3a05f096908e5ef0580.patch
+ 471e987add98b36520ece72ee493176fc7bc863c.patch
+ 6329f1db5ac75ee3b7d2f7ce062e951a598625fe.patch
+ 634e023e72d4729788a022ea1fae665af28d1b0f.patch
+ aadf0fb64f491f94b2771058621dc140c562b62b.patch
- Drop nm-dhcp-use-valid-lease-on-timeout.patch: Patch was rejected
upstream.
- Rebase patches with quilt.
++++ bash:
- Add signatures files of the upstream patches as well
++++ file:
- Reenable libseccomp sandboxing
- Fix previous entry: remove stray pkg-config call in CFLAGS (as it
was called without parameters, it only made output on stderr,
which did not impact CFLAGS; so de facto only a cleanup change).
++++ kernel-default:
- Update config files.
A vanilla fix for commit 17ec1907657a (simplefb: Enable boot time VESA
graphic mode selection (bsc#1193250).)
- commit 90630c5
++++ libglvnd:
- Update libglvnd-add-bti.patch from latest upstream submission
++++ ncurses:
- Avoid lto-bytecode error on static libraries
++++ systemd:
- Fix a regression caused by the split of the sysusers config files shipped by
systemd (bsc#1196322)
Calls to %sysusers_create were not updated accordingly.
++++ libzypp:
- Hint on ptf<>patch resolver conflicts (bsc#1194848)
- version 17.29.5 (22)
++++ logrotate:
- Added own logrotate.service file in order to define a new order
of parsed config files:
/usr/etc/logrotate.conf Default configuration file defined by
the vendor.
/usr/etc/logrotate.d/* Directory for additional configuration
files defined by the vendor.
/etc/logrotate.conf Default configuration file defined by
the administrator. (optional)
/etc/logrotate.d/* Directory for additional configuration
files defined by the administrator.
(optional)
- drop logrotate-3.19.0-systemd_add_home_env.patch:
- included in new logrotate.service
- Adapted man page: logrotate-3.19.0-man_logrotate.patch
++++ pinentry:
- Fix name tag for multibuild: name tag should be conditional on
the multibuild flavor.
++++ salt:
- Add salt-ssh with Salt Bundle support (venv-salt-minion)
(bsc#1182851, bsc#1196432)
- Added:
* add-salt-ssh-support-with-venv-salt-minion-3004-493.patch
++++ zypper:
- info: print the packages upstream URL if available (fixes #426)
- info: Fix SEGV with not installed PTFs (bsc#1196317)
- Don't prevent less restrictive umasks (bsc#1195999)
- version 1.14.52
------------------------------------------------------------------
------------------ 2022-2-23 - Feb 23 2022 -------------------
------------------------------------------------------------------
++++ bash:
- Verify upstream release signatures
++++ kernel-default:
- Linux 5.16.11 (bsc#1012628).
- drm/nouveau/pmu/gm200-: use alternate falcon reset sequence
(bsc#1012628).
- bpf: Introduce composable reg, ret and arg types (bsc#1012628).
- bpf: Replace ARG_XXX_OR_NULL with ARG_XXX | PTR_MAYBE_NULL
(bsc#1012628).
- bpf: Replace RET_XXX_OR_NULL with RET_XXX | PTR_MAYBE_NULL
(bsc#1012628).
- bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL
(bsc#1012628).
- bpf: Introduce MEM_RDONLY flag (bsc#1012628).
- bpf: Convert PTR_TO_MEM_OR_NULL to composable types
(bsc#1012628).
- bpf: Make per_cpu_ptr return rdonly PTR_TO_MEM (bsc#1012628).
- bpf: Add MEM_RDONLY for helper args that are pointers to rdonly
mem (bsc#1012628).
- bpf/selftests: Test PTR_TO_RDONLY_MEM (bsc#1012628).
- HID:Add support for UGTABLET WP5540 (bsc#1012628).
- Revert "svm: Add warning message for AVIC IPI invalid target"
(bsc#1012628).
- parisc: Show error if wrong 32/64-bit compiler is being used
(bsc#1012628).
- serial: parisc: GSC: fix build when IOSAPIC is not set
(bsc#1012628).
- parisc: Drop __init from map_pages declaration (bsc#1012628).
- parisc: Fix data TLB miss in sba_unmap_sg (bsc#1012628).
- parisc: Fix sglist access in ccio-dma.c (bsc#1012628).
- mmc: block: fix read single on recovery logic (bsc#1012628).
- mm: don't try to NUMA-migrate COW pages that have other uses
(bsc#1012628).
- HID: amd_sfh: Add illuminance mask to limit ALS max value
(bsc#1012628).
- HID: i2c-hid: goodix: Fix a lockdep splat (bsc#1012628).
- HID: amd_sfh: Increase sensor command timeout (bsc#1012628).
- selftests: kvm: Remove absent target file (bsc#1012628).
- HID: amd_sfh: Correct the structure field name (bsc#1012628).
- PCI: hv: Fix NUMA node assignment when kernel boots with custom
NUMA topology (bsc#1012628).
- parisc: Add ioread64_lo_hi() and iowrite64_lo_hi()
(bsc#1012628).
- HID: apple: Set the tilde quirk flag on the Wellspring 5 and
later (bsc#1012628).
- btrfs: don't hold CPU for too long when defragging a file
(bsc#1012628).
- btrfs: send: in case of IO error log it (bsc#1012628).
- btrfs: defrag: don't try to defrag extents which are under
writeback (bsc#1012628).
- ASoC: mediatek: fix unmet dependency on GPIOLIB for SND_SOC_DMIC
(bsc#1012628).
- platform/x86: touchscreen_dmi: Add info for the RWC NANOTE P8
AY07J 2-in-1 (bsc#1012628).
- platform/x86: ISST: Fix possible circular locking dependency
detected (bsc#1012628).
- platform/x86: amd-pmc: Correct usage of SMU version
(bsc#1012628).
- kunit: tool: Import missing importlib.abc (bsc#1012628).
- selftests: rtc: Increase test timeout so that all tests run
(bsc#1012628).
- kselftest: signal all child processes (bsc#1012628).
- selftests: netfilter: reduce zone stress test running time
(bsc#1012628).
- net: ieee802154: at86rf230: Stop leaking skb's (bsc#1012628).
- selftests/zram: Skip max_comp_streams interface on newer kernel
(bsc#1012628).
- selftests/zram01.sh: Fix compression ratio calculation
(bsc#1012628).
- selftests/zram: Adapt the situation that /dev/zram0 is being
used (bsc#1012628).
- selftests: openat2: Print also errno in failure messages
(bsc#1012628).
- selftests: openat2: Add missing dependency in Makefile
(bsc#1012628).
- selftests: openat2: Skip testcases that fail with EOPNOTSUPP
(bsc#1012628).
- selftests: skip mincore.check_file_mmap when fs lacks needed
support (bsc#1012628).
- ax25: improve the incomplete fix to avoid UAF and NPD bugs
(bsc#1012628).
- cifs: unlock chan_lock before calling cifs_put_tcp_session
(bsc#1012628).
- pinctrl: bcm63xx: fix unmet dependency on REGMAP for GPIO_REGMAP
(bsc#1012628).
- vfs: make freeze_super abort when sync_filesystem returns error
(bsc#1012628).
- vfs: make sync_filesystem return errors from ->sync_fs
(bsc#1012628).
- quota: make dquot_quota_sync return errors from ->sync_fs
(bsc#1012628).
- scsi: pm80xx: Fix double completion for SATA devices
(bsc#1012628).
- kselftest: Fix vdso_test_abi return status (bsc#1012628).
- scsi: core: Reallocate device's budget map on queue depth change
(bsc#1012628).
- scsi: pm8001: Fix use-after-free for aborted TMF sas_task
(bsc#1012628).
- scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task
(bsc#1012628).
- drm/amd: Warn users about potential s0ix problems (bsc#1012628).
- mailmap: update Christian Brauner's email address (bsc#1012628).
- nvme: fix a possible use-after-free in controller reset during
load (bsc#1012628).
- nvme-tcp: fix possible use-after-free in transport
error_recovery work (bsc#1012628).
- nvme-rdma: fix possible use-after-free in transport
error_recovery work (bsc#1012628).
- net: sparx5: do not refer to skb after passing it on
(bsc#1012628).
- drm/amd: add support to check whether the system is set to s3
(bsc#1012628).
- drm/amd: Only run s3 or s0ix if system is configured properly
(bsc#1012628).
- drm/amdgpu: fix logic inversion in check (bsc#1012628).
- x86/Xen: streamline (and fix) PV CPU enumeration (bsc#1012628).
- Revert "module, async: async_synchronize_full() on module init
iff async is used" (bsc#1012628).
- gcc-plugins/stackleak: Use noinstr in favor of notrace
(bsc#1012628).
- random: wake up /dev/random writers after zap (bsc#1012628).
- KVM: x86/xen: Fix runstate updates to be atomic when preempting
vCPU (bsc#1012628).
- KVM: x86: nSVM/nVMX: set nested_run_pending on VM entry which
is a result of RSM (bsc#1012628).
- KVM: x86: SVM: don't passthrough SMAP/SMEP/PKE bits in !NPT &&
!gCR0.PG case (bsc#1012628).
- KVM: x86: nSVM: fix potential NULL derefernce on nested
migration (bsc#1012628).
- KVM: x86: nSVM: mark vmcb01 as dirty when restoring SMM saved
state (bsc#1012628).
- iwlwifi: remove deprecated broadcast filtering feature
(bsc#1012628).
- iwlwifi: fix use-after-free (bsc#1012628).
- drm/mediatek: mtk_dsi: Avoid EPROBE_DEFER loop with external
bridge (bsc#1012628).
- drm/radeon: Fix backlight control on iMac 12,1 (bsc#1012628).
- drm/atomic: Don't pollute crtc_state->mode_blob with error
pointers (bsc#1012628).
- drm/amd/pm: correct the sequence of sending gpu reset msg
(bsc#1012628).
- drm/amdgpu: skipping SDMA hw_init and hw_fini for S0ix
(bsc#1012628).
- drm/i915/opregion: check port number bounds for SWSCI display
power state (bsc#1012628).
- drm/i915: Fix dbuf slice config lookup (bsc#1012628).
- drm/i915: Fix mbus join config lookup (bsc#1012628).
- vsock: remove vsock from connected table when connect is
interrupted by a signal (bsc#1012628).
- tee: export teedev_open() and teedev_close_context()
(bsc#1012628).
- optee: use driver internal tee_context for some rpc
(bsc#1012628).
- drm/cma-helper: Set VM_DONTEXPAND for mmap (bsc#1012628).
- drm/i915/gvt: Make DRM_I915_GVT depend on X86 (bsc#1012628).
- drm/i915/ttm: tweak priority hint selection (bsc#1012628).
- iwlwifi: pcie: fix locking when "HW not ready" (bsc#1012628).
- iwlwifi: pcie: gen2: fix locking when "HW not ready"
(bsc#1012628).
- iwlwifi: mvm: fix condition which checks the version of
rate_n_flags (bsc#1012628).
- iwlwifi: fix iwl_legacy_rate_to_fw_idx (bsc#1012628).
- iwlwifi: mvm: don't send SAR GEO command for 3160 devices
(bsc#1012628).
- selftests: netfilter: fix exit value for nft_concat_range
(bsc#1012628).
- netfilter: nft_synproxy: unregister hooks on init error path
(bsc#1012628).
- selftests: netfilter: disable rp_filter on router (bsc#1012628).
- ipv4: fix data races in fib_alias_hw_flags_set (bsc#1012628).
- ipv6: fix data-race in fib6_info_hw_flags_set / fib6_purge_rt
(bsc#1012628).
- ipv6: mcast: use rcu-safe version of ipv6_get_lladdr()
(bsc#1012628).
- ipv6: per-netns exclusive flowlabel checks (bsc#1012628).
- Revert "net: ethernet: bgmac: Use
devm_platform_ioremap_resource_byname" (bsc#1012628).
- mac80211: mlme: check for null after calling kmemdup
(bsc#1012628).
- brcmfmac: firmware: Fix crash in brcm_alt_fw_path (bsc#1012628).
- cfg80211: fix race in netlink owner interface destruction
(bsc#1012628).
- net: dsa: lan9303: fix reset on probe (bsc#1012628).
- net: dsa: mv88e6xxx: flush switchdev FDB workqueue before
removing VLAN (bsc#1012628).
- net: dsa: lantiq_gswip: fix use after free in gswip_remove()
(bsc#1012628).
- net: dsa: lan9303: handle hwaccel VLAN tags (bsc#1012628).
- net: dsa: lan9303: add VLAN IDs to master device (bsc#1012628).
- net: ieee802154: ca8210: Fix lifs/sifs periods (bsc#1012628).
- ping: fix the dif and sdif check in ping_lookup (bsc#1012628).
- bonding: force carrier update when releasing slave
(bsc#1012628).
- mctp: fix use after free (bsc#1012628).
- drop_monitor: fix data-race in dropmon_net_event /
trace_napi_poll_hit (bsc#1012628).
- net_sched: add __rcu annotation to netdev->qdisc (bsc#1012628).
- crypto: af_alg - get rid of alg_memory_allocated (bsc#1012628).
- bonding: fix data-races around agg_select_timer (bsc#1012628).
- nfp: flower: netdev offload check for ip6gretap (bsc#1012628).
- net/smc: Avoid overwriting the copies of clcsock callback
functions (bsc#1012628).
- net: phy: mediatek: remove PHY mode check on MT7531
(bsc#1012628).
- atl1c: fix tx timeout after link flap on Mikrotik 10/25G NIC
(bsc#1012628).
- tipc: fix wrong publisher node address in link publications
(bsc#1012628).
- dpaa2-switch: fix default return of
dpaa2_switch_flower_parse_mirror_key (bsc#1012628).
- dpaa2-eth: Initialize mutex used in one step timestamping path
(bsc#1012628).
- net: mscc: ocelot: fix use-after-free in ocelot_vlan_del()
(bsc#1012628).
- net: bridge: multicast: notify switchdev driver whenever MC
processing gets disabled (bsc#1012628).
- perf bpf: Defer freeing string after possible strlen() on it
(bsc#1012628).
- selftests/exec: Add non-regular to TEST_GEN_PROGS (bsc#1012628).
- arm64: Correct wrong label in macro __init_el2_gicv3
(bsc#1012628).
- ALSA: usb-audio: revert to IMPLICIT_FB_FIXED_DEV for M-Audio
FastTrack Ultra (bsc#1012628).
- ALSA: hda/realtek: Add quirk for Legion Y9000X 2019
(bsc#1012628).
- ALSA: hda: Fix regression on forced probe mask option
(bsc#1012628).
- ALSA: hda: Fix missing codec probe on Shenker Dock 15
(bsc#1012628).
- ASoC: ops: Fix stereo change notifications in
snd_soc_put_volsw() (bsc#1012628).
- ASoC: ops: Fix stereo change notifications in
snd_soc_put_volsw_range() (bsc#1012628).
- ASoC: ops: Fix stereo change notifications in
snd_soc_put_volsw_sx() (bsc#1012628).
- ASoC: ops: Fix stereo change notifications in
snd_soc_put_xr_sx() (bsc#1012628).
- cifs: fix set of group SID via NTSD xattrs (bsc#1012628).
- cifs: fix confusing unneeded warning message on smb2.1 and
earlier (bsc#1012628).
- ACPI: processor: idle: fix lockup regression on 32-bit ThinkPad
T40 (bsc#1012628).
- powerpc/603: Fix boot failure with DEBUG_PAGEALLOC and KFENCE
(bsc#1012628).
- powerpc/lib/sstep: fix 'ptesync' build error (bsc#1012628).
- mtd: rawnand: gpmi: don't leak PM reference in error path
(bsc#1012628).
- smb3: fix snapshot mount option (bsc#1012628).
- tipc: fix wrong notification node addresses (bsc#1012628).
- scsi: ufs: Remove dead code (bsc#1012628).
- scsi: ufs: Fix a deadlock in the error handler (bsc#1012628).
- ASoC: tas2770: Insert post reset delay (bsc#1012628).
- ASoC: qcom: Actually clear DMA interrupt register for HDMI
(bsc#1012628).
- block/wbt: fix negative inflight counter when remove scsi device
(bsc#1012628).
- NFS: Remove an incorrect revalidation in
nfs4_update_changeattr_locked() (bsc#1012628).
- NFS: LOOKUP_DIRECTORY is also ok with symlinks (bsc#1012628).
- NFS: Do not report writeback errors in nfs_getattr()
(bsc#1012628).
- tty: n_tty: do not look ahead for EOL character past the end
of the buffer (bsc#1012628).
- block: fix surprise removal for drivers calling
blk_set_queue_dying (bsc#1012628).
- mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe()
(bsc#1012628).
- mtd: parsers: qcom: Fix kernel panic on skipped partition
(bsc#1012628).
- mtd: parsers: qcom: Fix missing free for pparts in cleanup
(bsc#1012628).
- mtd: phram: Prevent divide by zero bug in phram_setup()
(bsc#1012628).
- mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status
(bsc#1012628).
- scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1012628).
- EDAC: Fix calculation of returned address and next offset in
edac_align_ptr() (bsc#1012628).
- x86/ptrace: Fix xfpregs_set()'s incorrect xmm clearing
(bsc#1012628).
- ucounts: Base set_cred_ucounts changes on the real user
(bsc#1012628).
- ucounts: Handle wrapping in is_ucounts_overlimit (bsc#1012628).
- ucounts: Enforce RLIMIT_NPROC not RLIMIT_NPROC+1 (bsc#1012628).
- rlimit: Fix RLIMIT_NPROC enforcement failure caused by
capability calls in set_user (bsc#1012628).
- ucounts: Move RLIMIT_NPROC handling after set_user
(bsc#1012628).
- net: sched: limit TC_ACT_REPEAT loops (bsc#1012628).
- dmaengine: sh: rcar-dmac: Check for error num after setting mask
(bsc#1012628).
- dmaengine: stm32-dmamux: Fix PM disable depth imbalance in
stm32_dmamux_probe (bsc#1012628).
- dmaengine: sh: rcar-dmac: Check for error num after
dma_set_max_seg_size (bsc#1012628).
- tests: fix idmapped mount_setattr test (bsc#1012628).
- i2c: qcom-cci: don't delete an unregistered adapter
(bsc#1012628).
- i2c: qcom-cci: don't put a device tree node before
i2c_add_adapter() (bsc#1012628).
- dmaengine: ptdma: Fix the error handling path in pt_core_init()
(bsc#1012628).
- copy_process(): Move fd_install() out of sighand->siglock
critical section (bsc#1012628).
- scsi: qedi: Fix ABBA deadlock in qedi_process_tmf_resp()
and qedi_process_cmd_cleanup_resp() (bsc#1012628).
- ASoC: wm_adsp: Correct control read size when parsing compressed
buffer (bsc#1012628).
- ice: enable parsing IPSEC SPI headers for RSS (bsc#1012628).
- i2c: brcmstb: fix support for DSL and CM variants (bsc#1012628).
- lockdep: Correct lock_classes index mapping (bsc#1012628).
- HID: elo: fix memory leak in elo_probe (bsc#1012628).
- mtd: rawnand: ingenic: Fix missing put_device in ingenic_ecc_get
(bsc#1012628).
- Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj
(bsc#1012628).
- KVM: x86/pmu: Refactoring find_arch_event() to pmc_perf_hw_id()
(bsc#1012628).
- KVM: x86/pmu: Don't truncate the PerfEvtSeln MSR when creating
a perf event (bsc#1012628).
- KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW
(bsc#1012628).
- ARM: OMAP2+: hwmod: Add of_node_put() before break
(bsc#1012628).
- ARM: OMAP2+: adjust the location of put_device() call in
omapdss_init_of (bsc#1012628).
- phy: usb: Leave some clocks running during suspend
(bsc#1012628).
- staging: vc04_services: Fix RCU dereference check (bsc#1012628).
- phy: phy-mtk-tphy: Fix duplicated argument in phy-mtk-tphy
(bsc#1012628).
- irqchip/sifive-plic: Add missing thead,c900-plic match string
(bsc#1012628).
- x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm
(bsc#1012628).
- netfilter: conntrack: don't refresh sctp entries in closed state
(bsc#1012628).
- ksmbd: fix same UniqueId for dot and dotdot entries
(bsc#1012628).
- ksmbd: don't align last entry offset in smb2 query directory
(bsc#1012628).
- lib/iov_iter: initialize "flags" in new pipe_buffer
(bsc#1012628).
- arm64: dts: meson-gx: add ATF BL32 reserved-memory region
(bsc#1012628).
- arm64: dts: meson-g12: add ATF BL32 reserved-memory region
(bsc#1012628).
- arm64: dts: meson-g12: drop BL32 region from SEI510/SEI610
(bsc#1012628).
- pidfd: fix test failure due to stack overflow on some arches
(bsc#1012628).
- selftests: fixup build warnings in pidfd / clone3 tests
(bsc#1012628).
- mm: io_uring: allow oom-killer from io_uring_setup
(bsc#1012628).
- ACPI: PM: Revert "Only mark EC GPE for wakeup on Intel systems"
(bsc#1012628).
- kconfig: let 'shell' return enough output for deep path names
(bsc#1012628).
- ata: libata-core: Disable TRIM on M88V29 (bsc#1012628).
- soc: aspeed: lpc-ctrl: Block error printing on probe defer cases
(bsc#1012628).
- xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create
(bsc#1012628).
- drm/rockchip: dw_hdmi: Do not leave clock enabled in error case
(bsc#1012628).
- tracing: Fix tp_printk option related with
tp_printk_stop_on_boot (bsc#1012628).
- display/amd: decrease message verbosity about watermarks table
failure (bsc#1012628).
- drm/amdgpu: add utcl2_harvest to gc 10.3.1 (bsc#1012628).
- drm/amd/display: Cap pflip irqs per max otg number
(bsc#1012628).
- drm/amd/display: fix yellow carp wm clamping (bsc#1012628).
- net: usb: qmi_wwan: Add support for Dell DW5829e (bsc#1012628).
- net: macb: Align the dma and coherent dma masks (bsc#1012628).
- kconfig: fix failing to generate auto.conf (bsc#1012628).
- Update config files.
- commit 607a2b1
- Refresh
patches.suse/libsubcmd-Fix-use-after-free-for-realloc-.-0.patch.
Update upstream status.
- commit 1c604e1
- bpf: add config to allow loading modules with BTF mismatches (bsc#1194501).
- Update config files.
- commit 4e672b2
- simplefb: Enable boot time VESA graphic mode selection (bsc#1193250).
- Update config files.
- commit 17ec190
++++ avahi:
- switch to use _multibuild
- delete _avahi_spec-prepare.sh, pre_checkin.sh: obsolete
- use https urls
++++ rpm:
- add leave-malloc-check-set.diff to actually use MALLOC_CHECK_ during
build
++++ systemd:
- spec: fix dependencies for mini variants (follow-up)
systemd-mini-container is one of the sub-package that relies systemd-mini to
conflict with kiwi and to not be installed on real systems.
++++ psmisc:
- Change patch 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch
* Add a fallback if the system call name_to_handle_at() is
not supported by the used file system.
++++ vim:
- Updated to version 8.2.4456, fixes the following problems
- boo#1196226 - CVE-2022-0629
- boo#1196227 - CVE-2022-0685
- boo#1196361 - CVE-2022-0696
- boo#1196358 - CVE-2022-0714
- boo#1196437 - CVE-2022-0729
* ctx_imports is not used.
* Not enough tests for command line completion.
* CI steps for Windows are a bit unorganized.
* Incsearch highlight broken when calling searchcount() in 'tabLine'
function. (Mirko Palmer)
* An empty change is reported to a listener.
* Small differences between Chinese translation files.
* Translation file listed twice.
* A custom 'tabline' may cause Esc to work like Enter on the command line
when the popup menu is displayed.
* Vim9: unused code lines.
* Vim9: error message not tested, some code not tested.
* Cannot build tiny version.
* Still cannot build tiny version.
* Command line completion doesn't always work properly.
* Dead code in op_insert().
* screenpos() does not handle a position in a closed fold.
* Vim9: list from declaration with inferred type does not set the type on
the value.
* Command line executed when typing Esc in the GUI.
* MS-Windows with VIMDLL: Escaping CSI is wrong.
* Possible number overflow with nested folds.
* UTF8 select mode test fails on MS-Windows.
* Some code lines not covered by tests.
* Python3 test fails.
* Crash when using many composing characters in error message.
* Some command completion functions are too long.
* Crash after ml_get error.
* MS-Windows: cannot use the mouse in the console with VIMDLL.
* Map listing does not clear the rest of the command line.
* Missing parenthesis may cause unexpected problems.
* ml_get error with nested folds and deleting lines.
* Vim9: some code not covered by tests.
* Compiler warning for unused variable without the +folding feature. (Tony
Mechelynck)
* Expand functions use confusing argument names.
* Vim9: some code not covered by tests.
* Bicep files are not recognized.
* Translation cleanup script does not remove empty lines at end.
* Vim9: Coverity warns for using NULL pointer.
* Solidity files are not recognized.
* Function argument name conflicts with C++ keyword.
* Vim9: using a script-local function requires using "s:" when setting
'completefunc'.
* Using NULL pointer.
* Crash when using special multi-byte character.
* Illegal memory access when using exactly 20 highlights.
* Menu translations are inconsistent.
* Some installed files and directories have wrong permissions.
* Autochdir test fails on MS-Windows.
* "make nvcmdidxs" fails.
* ".gts" and ".gjs" files are not recognized.
* map() function does not check function arguments at compile time.
* map() function on string and blob does not check argument types at
compile time.
* getchar() may return modifiers if no character is available.
* Crash when switching tabpage while in the cmdline window.
* Using script-local function from the wrong script when using a
partial. (Yegappan Lakshmanan)
* GTK: crash when using 'guiligatures' and reading from stdin.
* Unnecessary condition when assigning to a variable.
* Cannot use settabvar() while the cmdline window is open.
* CI: cannot see interface versions for MS-Windows.
* Duplicate check for cmdline window.
* Dead code in checking map() arguments. (Dominique Pellé)
* Crash with weird 'vartabstop' value.
* Vartabs test fails on MS-Windows.
* Crash on exit when using cmdline window.
* Accepting "iso8859" 'encoding' as "iso-8859-".
* Crash with specific regexp pattern and string.
* Vim9: function argument of filter() not checked like map().
* Test for error reading input fails on MS-Windows.
* Regexp pattern test fails on Mac.
* Beep caused by test. ASAN reports leaks.
* Exit test fails on MS-Windows anyway.
* Vim9: cannot refer to a global function like a local one.
* Vim9: can still use s:var in a compiled function.
* Filetype detection is failing.
* vim9: function argument of sort() not checked at compile time.
* List sort test fails.
* sort() fails when ignoring case.
* Test for what 8.2.4436 fixes does not check for regression.
* :helpgrep may free an option that was not allocated. (Yegappan Lakshmanan)
* Resetting cmdwin_type only for one situation.
* Accepting one and zero for the second sort() argument is strange.
------------------------------------------------------------------
------------------ 2022-2-22 - Feb 22 2022 -------------------
------------------------------------------------------------------
++++ openssl-1_1:
- Fix the engines section in /etc/ssl/openssl.cnf [bsc#1194187]
* In an INI-type file, the sections begin with a [section_name]
and they run until the next section begins.
* Rebase openssl-1_1-use-include-directive.patch
++++ openssl-3:
- Keep CA_default and tsa_config1 default paths in openssl3.cnf
- Rebase patches:
* openssl-Override-default-paths-for-the-CA-directory-tree.patch
* openssl-use-versioned-config.patch
++++ polkit:
- Fixed denial of service via file descriptor leak (bsc#1195542 CVE-2021-4115)
0001-CVE-2021-4115-GHSL-2021-077-fix.patch
++++ python310-core:
- Add patch support-expat-245.patch:
* Support Expat >= 2.4.5
++++ systemd:
- Import commit 0bb1977021be2fc9ebfae10d766dff0b1a457f88 (merge of v249.10)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/b9b83c5d11e686178ddd545862a00b33c6fdfabb...0bb1977021be2fc9ebfae10d766dff0b1a457f88
- Import commit b9b83c5d11e686178ddd545862a00b33c6fdfabb
8973cb2462 systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23866)
++++ python310:
- Add patch support-expat-245.patch:
* Support Expat >= 2.4.5
++++ python-immutables:
- update to 0.16:
* Refactor typings
* Update Python 3.10 support, drop Python 3.5
* Fix test_none_collisions on 32-bit systems
* Clarify the license of the included pythoncapi_compat.h header
* Use cibuildwheel to build wheels
- drop skip_32bit_tests.patch, test_none_collisions-32-bit.patch (upstream)
++++ python-pbr:
- update to 5.8.1:
* Add release note about missing pbr.json fix
* Avoid recursive calls into SetupTools entrypoint
* remove explicit mock
* Don't test with setuptools local distutils
* Use context blocks for open() calls in packaging
- remove remove_mock.patch (upstream)
++++ setools:
- Add make_networkx_optional.patch to cut down installation requirements
- Change python3-networkx from require into recommend
------------------------------------------------------------------
------------------ 2022-2-21 - Feb 21 2022 -------------------
------------------------------------------------------------------
++++ NetworkManager:
- Add upstream bug fix patches:
+ 4685651e7671e064b911a3a05f096908e5ef0580.patch: glib-aux: fix
nm_ref_string_equal_str() Fix comparison with a NULL string
+ 6329f1db5ac75ee3b7d2f7ce062e951a598625fe.patch: libnm/tests:
fix maybe-uninitialized warning in "test-setting"
+ aadf0fb64f491f94b2771058621dc140c562b62b.patch: libnm/tests:
fix maybe-uninitialized warning in "test-libnmc-setting"
+ 471e987add98b36520ece72ee493176fc7bc863c.patch: device:
initialize nm_auto variable in _ethtool_features_reset()
+ 634e023e72d4729788a022ea1fae665af28d1b0f.patch: glib-aux:
workaround maybe-uninitialized warning with LTO in
nm_uuid_generate_from_string_str()
++++ aaa_base:
- Update to version 84.87+git20220221.b62a2cf:
* package: Require new enough version of glibc
* package: build in place support
* drop /etc/ttytype (boo#1191923)
++++ file:
- Drop pkgconfig(libseccomp) BuildRequires and stop injecting
libseccomp cflags into CFLAGS: libseccomp has been disabled for a
long time already.
- Move the special 'check' part from install to %check.
++++ texinfo:
- Split locale text-domain to take care of package info
- The package makeinfo needs both the locale text-domain of info
and makeinfo
++++ kbd:
- Fix build without %_distconfdir (see bsc#1195679)
++++ kernel-default:
- Revert: reset: raspberrypi: Don't reset USB if already up (bsc#1180336)
- commit f3fe985
- libsubcmd: Fix use-after-free for realloc(..., 0) (gcc 12).
- commit 6e98c6d
++++ ncurses:
- Add ncurses patch 20220219
+ expanded description in man/resizeterm.3x
+ additional workaround for ImageMagick in test/picsmap.c
++++ systemd:
- Fix build if %_distconfdir is not defined (see bsc#1195679)
++++ swtpm:
- Update to version 0.7.1:
- swtpm:
- Check header size indicator against expected size (CVE-2022-23645 bsc#1196240)
- swtpm_localca:
- Test for available issuercert before creating CA
++++ toolbox:
- adjusted the patch to the toolbox container in registry
------------------------------------------------------------------
------------------ 2022-2-20 - Feb 20 2022 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Update to 5.17-rc5
- refresh configs
- commit a9b2c1d
++++ kernel-firmware:
- Update to version 20220218 (git commit c53073d4e148):
* rtl_bt: Update RTL8852A BT USB firmware to 0xDFB7_6D7A
* rtl_bt: Update RTL8822C BT USB firmware to 0x19B7_6D7D
* rtl_bt: Update RTL8822C BT UART firmware to 0x15B7_6D7D
* amdgpu: Update yellow carp firmware from 21.50
* amdgpu: Update vega20 firmware from 21.50
* amdgpu: Update vega12 firmware from 21.50
* amdgpu: Update vega10 firmware from 21.50
* amdgpu: Update vangogh firmware from 21.50
* amdgpu: Update renoir firmware from 21.50
* amdgpu: Update raven2 firmware from 21.50
* amdgpu: Update raven firmware from 21.50
* amdgpu: Update picasso firmware from 21.50
* amdgpu: Update beige goby firmware from 21.50
* amdgpu: Update dimgrey cavefish firmware from 21.50
* amdgpu: Update navy flounder firmware from 21.50
* amdgpu: Update sienna cichlid firmware from 21.50
* amdgpu: Update navi14 firmware from 21.50
* amdgpu: Update navi12 firmware from 21.50
* amdgpu: Update navi10 firmware from 21.50
* amdgpu: Update cyan skillfish2 firmware from 21.50
* amdgpu: Update green sardine firmware from 21.50
* amdgpu: Update arcturus firmware from 21.50
* amdgpu: Add aldebaran firmware from 21.50
* LICENSE.amdgpu: update copyright date
* linux-firmware: Update AMD cpu microcode
* linux-firmware: update firmware for MT7921 WiFi device
* linux-firmware: Amphion: Add VPU firmwares for NXP i.MX8Q SoCs
* i915: Add DMC firmware v2.16 for ADL-P
* linux-firmware: mediatek: Update MT8173 VPU firmware to v1.1.7
- Add entry for amphion
- Update spec template
- Update aliases
++++ expat:
- update to 2.4.6 (bsc#1196168, CVE-2022-25313):
* Bug fixes:
- Fix a regression introduced by the fix for CVE-2022-25313
in release 2.4.5 that affects applications that (1)
call function XML_SetElementDeclHandler and (2) are
parsing XML that contains nested element declarations
(e.g. "<!ELEMENT junk ((bar|foo|xyz+), zebra*)>").
- Version info bumped from 9:5:8 to 9:6:8;
see https://verbump.de/ for what these numbers do.
++++ vim:
- Update apparmor.vim to latest version (from AppArmor 3.0.4)
* add network mctp keyword
------------------------------------------------------------------
------------------ 2022-2-19 - Feb 19 2022 -------------------
------------------------------------------------------------------
++++ llvm15:
- Let clang-devel accept a newer version of clang-tools:
we don't keep multiple versions of the latter.
++++ expat:
- update to 2.4.5 (bsc#1196171, bsc#1196169, bsc#1196168,
bsc#1196026, bsc#1196025):
* Security fixes:
- CVE-2022-25235 -- Passing malformed 2- and 3-byte UTF-8
sequences (e.g. from start tag names) to the XML
processing application on top of Expat can cause
arbitrary damage (e.g. code execution) depending
on how invalid UTF-8 is handled inside the XML
processor; validation was not their job but Expat's.
Exploits with code execution are known to exist.
- CVE-2022-25236 -- Passing (one or more) namespace separator
characters in "xmlns[:prefix]" attribute values
made Expat send malformed tag names to the XML
processor on top of Expat which can cause
arbitrary damage (e.g. code execution) depending
on such unexpectable cases are handled inside the XML
processor; validation was not their job but Expat's.
Exploits with code execution are known to exist.
- CVE-2022-25313 -- Fix stack exhaustion in doctype parsing
that could be triggered by e.g. a 2 megabytes
file with a large number of opening braces.
Expected impact is denial of service or potentially
arbitrary code execution.
- CVE-2022-25314 -- Fix integer overflow in function copyString;
only affects the encoding name parameter at parser creation
time which is often hardcoded (rather than user input),
takes a value in the gigabytes to trigger, and a 64-bit
machine. Expected impact is denial of service.
- CVE-2022-25315 -- Fix integer overflow in function storeRawNames;
needs input in the gigabytes and a 64-bit machine.
Expected impact is denial of service or potentially
arbitrary code execution.
* Other changes:
- Version info bumped from 9:4:8 to 9:5:8;
see https://verbump.de/ for what these numbers do
------------------------------------------------------------------
------------------ 2022-2-18 - Feb 18 2022 -------------------
------------------------------------------------------------------
++++ NetworkManager:
- Use meson LTO setup as NM makes changes to CFLAGS
++++ dracut:
- Update to version 055+suse.238.gacab0df5:
* fix(cpio): correct dev_t -> rmajor/rminor mapping (bsc#1195808)
* ci(cpio): add test_archive_dev_maj_min (bsc#1195808)
* ci(cpio): add TempWorkDir.create_tmp_mknod helper (bsc#1195808)
++++ texinfo:
- Do not recommend texinfo-lang in package info anymore (boo#1196156)
- Rename texinfo-lang to makeinfo-lang as package makeinfo
uses those locale files
++++ rdma-core:
- Add srp_daemon-Detect-proper-path-to-systemctl.patch to fix path to systemctl (bsc#1195874)
++++ libvirt:
- libxl: Fix libvirtd crash on domain restore
454b927d-libxl-fix-dom-restore.patch
bsc#1196115
++++ qemu:
- Include vmxcap in the qemu-tools package (is being very useful
for debugging bsc#1193364)
- The qemu package should require qemu-x86, qemu-arm, etc, as there's
no point installing it without _any_ of them. Additionally, right
now, the user does not get a working qemu, if recommended packages
are disabled (e.g., on MicroOS or SLE Micro). bsc#1196087
- Give clearer instructions on how to modify the package patches
from the output of update_git.sh (docs change only, no functional
change)
- qemu,kvm: potential privilege escalation via virtiofsd
(bsc#1195161, CVE-2022-0358)
* Patches added:
virtiofsd-Drop-membership-of-all-supplem.patch
* Patches added:
block-backend-Retain-permissions-after-m.patch
iotest-065-explicit-compression-type.patch
iotest-214-explicit-compression-type.patch
iotest-302-use-img_info_log-helper.patch
iotest-303-explicit-compression-type.patch
iotest-39-use-_qcow2_dump_header.patch
iotests-60-more-accurate-set-dirty-bit-i.patch
iotests-bash-tests-filter-compression-ty.patch
iotests-common.rc-introduce-_qcow2_dump_.patch
iotests-declare-lack-of-support-for-comp.patch
iotests-drop-qemu_img_verbose-helper.patch
iotests-massive-use-_qcow2_dump_header.patch
iotests-MRCE-Write-data-to-source.patch
iotests.py-filter-out-successful-output-.patch
iotests.py-img_info_log-rename-imgopts-a.patch
iotests.py-implement-unsupported_imgopts.patch
iotests.py-qemu_img-create-support-IMGOP.patch
iotests.py-rewrite-default-luks-support-.patch
iotests-specify-some-unsupported_imgopts.patch
qcow2-simple-case-support-for-downgradin.patch
tests-qemu-iotests-Fix-051-for-binaries-.patch
++++ xkeyboard-config:
- removed n_suse-ctrl-alt-bksp-terminate.patch
* no longer needed; made it impossible to disable Ctrl-Alt-BS
on Wayland (boo#1195871)
------------------------------------------------------------------
------------------ 2022-2-17 - Feb 17 2022 -------------------
------------------------------------------------------------------
++++ dracut:
- Update to version 055+suse.234.gbdaf66ff:
* fix(tpm2-tss): install SUSE specific files (bsc#1195984)
* fix(systemd-sysusers): override systemd-sysusers.service (bsc#1195983)
++++ librsvg:
- Update to version 2.52.6:
+ Fix incorrect text rendering when text has different scales in
the X/Y axes. This regressed after librsvg 2.52.5, when Pango
had to revert its fix for the same bug. Now librsvg renders all
text as paths, and does the scaling itself. Please file a bug
if you have evidence that this presents a performance problem
for you.
++++ avahi:
- remove avahi-mono* subspecfiles, they are no longer required
by anything. this makes the spec file slightly more readable.
++++ systemd:
- Drop enablement symlink migration support of SysV init scripts
And let's finish reducing the support of SysV init scripts to its minimum.
++++ salt:
- Restrict "state.orchestrate_single" to pass a pillar value if it exists (bsc#1194632)
- Added:
* state.orchestrate_single-does-not-pass-pillar-none-4.patch
++++ ovmf:
- Sort file lists for reproducible build results
++++ selinux-policy:
- use %license tag for COPYING file
++++ systemd-rpm-macros:
- Bump to version 16
- Drop enablement symlink migration support of SysV init scripts
This was announced here:
https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/thread/3ERUP5ZZJ6PPA36L3HVN46BH6U6JL74O/
------------------------------------------------------------------
------------------ 2022-2-16 - Feb 16 2022 -------------------
------------------------------------------------------------------
++++ texinfo:
- The new package texinfo-lang should not include the binaries
with its helper files, therefore recreate texinfo package
- Require glibc-locale at build time as otherwise perl falls
always back to C locale
++++ kernel-default:
- Revert "config: x86-64: Enable DRM stack for early-boot graphics (boo#1193472)"
This reverts commit a6b1e6089c7fbcb3dc149eb1a005a32f0345fa13.
Going back to efifb/vesafb for now. See boo#1195885 and boo#1195887.
- commit 230a3c7
- Revert "config: x86-64: Enable DRM stack for early-boot graphics (boo#1193472)"
This reverts commit 8e500f570e98a3997e9f4bc80b4c45bba2a50789.
Going back to efifb/vesafb for now. See boo#1195885 and boo#1195887.
- commit 20d1fcf
- Linux 5.16.10 (bsc#1012628).
- integrity: check the return value of audit_log_start()
(bsc#1012628).
- audit: don't deref the syscall args when checking the openat2
open_how::flags (bsc#1012628).
- ima: fix reference leak in asymmetric_verify() (bsc#1012628).
- ima: Remove ima_policy file before directory (bsc#1012628).
- ima: Allow template selection with ima_template[_fmt]= after
ima_hash= (bsc#1012628).
- ima: Do not print policy rule with inactive LSM labels
(bsc#1012628).
- mmc: sdhci-of-esdhc: Check for error num after setting mask
(bsc#1012628).
- mmc: core: Wait for command setting 'Power Off Notification'
bit to complete (bsc#1012628).
- mmc: sh_mmcif: Check for null res pointer (bsc#1012628).
- can: isotp: fix potential CAN frame reception race in
isotp_rcv() (bsc#1012628).
- can: isotp: fix error path in isotp_sendmsg() to unlock wait
queue (bsc#1012628).
- net: phy: marvell: Fix RGMII Tx/Rx delays setting in
88e1121-compatible PHYs (bsc#1012628).
- net: phy: marvell: Fix MDI-x polarity setting in
88e1118-compatible PHYs (bsc#1012628).
- NFS: Fix initialisation of nfs_client cl_flags field
(bsc#1012628).
- NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes
(bsc#1012628).
- NFSD: Fix ia_size underflow (bsc#1012628).
- NFSD: Clamp WRITE offsets (bsc#1012628).
- NFSD: Fix offset type in I/O trace points (bsc#1012628).
- NFSD: Fix the behavior of READ near OFFSET_MAX (bsc#1012628).
- NFS: change nfs_access_get_cached to only report the mask
(bsc#1012628).
- NFSv4 only print the label when its queried (bsc#1012628).
- nfs: nfs4clinet: check the return value of kstrdup()
(bsc#1012628).
- NFSv4.1: Fix uninitialised variable in devicenotify
(bsc#1012628).
- NFSv4 remove zero number of fs_locations entries error check
(bsc#1012628).
- NFSv4 store server support for fs_location attribute
(bsc#1012628).
- NFSv4.1 query for fs_location attr on a new file system
(bsc#1012628).
- NFSv4 expose nfs_parse_server_name function (bsc#1012628).
- NFSv4 handle port presence in fs_location server string
(bsc#1012628).
- SUNRPC allow for unspecified transport time in rpc_clnt_add_xprt
(bsc#1012628).
- net/sunrpc: fix reference count leaks in
rpc_sysfs_xprt_state_change (bsc#1012628).
- sunrpc: Fix potential race conditions in
rpc_sysfs_xprt_state_change() (bsc#1012628).
- irqchip/realtek-rtl: Service all pending interrupts
(bsc#1012628).
- perf/x86/rapl: fix AMD event handling (bsc#1012628).
- x86/perf: Avoid warning for Arch LBR without XSAVE
(bsc#1012628).
- sched: Avoid double preemption in __cond_resched_*lock*()
(bsc#1012628).
- drm/vc4: Fix deadlock on DSI device attach error (bsc#1012628).
- drm: panel-orientation-quirks: Add quirk for the 1Netbook
OneXPlayer (bsc#1012628).
- net: sched: Clarify error message when qdisc kind is unknown
(bsc#1012628).
- powerpc/fixmap: Fix VM debug warning on unmap (bsc#1012628).
- s390/module: test loading modules with a lot of relocations
(bsc#1012628).
- arm64: Add Cortex-X2 CPU part definition (bsc#1012628).
- arm64: errata: Update ARM64_ERRATUM_[2119858|2224489] with
Cortex-X2 ranges (bsc#1012628).
- scsi: target: iscsi: Make sure the np under each tpg is unique
(bsc#1012628).
- scsi: ufs: ufshcd-pltfrm: Check the return value of
devm_kstrdup() (bsc#1012628).
- scsi: qedf: Add stag_work to all the vports (bsc#1012628).
- scsi: qedf: Fix refcount issue when LOGO is received during TMF
(bsc#1012628).
- scsi: qedf: Change context reset messages to ratelimited
(bsc#1012628).
- scsi: pm8001: Fix bogus FW crash for maxcpus=1 (bsc#1012628).
- scsi: ufs: Use generic error code in ufshcd_set_dev_pwr_mode()
(bsc#1012628).
- scsi: ufs: Treat link loss as fatal error (bsc#1012628).
- scsi: myrs: Fix crash in error case (bsc#1012628).
- net: stmmac: reduce unnecessary wakeups from eee sw timer
(bsc#1012628).
- PM: hibernate: Remove register_nosave_region_late()
(bsc#1012628).
- drm/amd/display: Correct MPC split policy for DCN301
(bsc#1012628).
- drm/amdgpu/display: adjust msleep limit in
dp_wait_for_training_aux_rd_interval (bsc#1012628).
- drm/amdgpu/display: use msleep rather than udelay for long
delays (bsc#1012628).
- usb: dwc2: gadget: don't try to disable ep0 in
dwc2_hsotg_suspend (bsc#1012628).
- perf: Always wake the parent event (bsc#1012628).
- nvme-pci: add the IGNORE_DEV_SUBNQN quirk for Intel P4500/P4600
SSDs (bsc#1012628).
- MIPS: Fix build error due to PTR used in more places
(bsc#1012628).
- net: stmmac: dwmac-sun8i: use return val of readl_poll_timeout()
(bsc#1012628).
- arm64: errata: Add detection for TRBE ignored system register
writes (bsc#1012628).
- arm64: errata: Add detection for TRBE invalid prohibited states
(bsc#1012628).
- arm64: errata: Add detection for TRBE trace data corruption
(bsc#1012628).
- arm64: cpufeature: List early Cortex-A510 parts as having
broken dbm (bsc#1012628).
- kasan: test: fix compatibility with FORTIFY_SOURCE
(bsc#1012628).
- KVM: eventfd: Fix false positive RCU usage warning
(bsc#1012628).
- KVM: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER
(bsc#1012628).
- KVM: nVMX: Also filter MSR_IA32_VMX_TRUE_PINBASED_CTLS when
eVMCS (bsc#1012628).
- KVM: SVM: Don't kill SEV guest if SMAP erratum triggers in
usermode (bsc#1012628).
- KVM: VMX: Set vmcs.PENDING_DBG.BS on #DB in STI/MOVSS blocking
shadow (bsc#1012628).
- KVM: x86: Report deprecated x87 features in supported CPUID
(bsc#1012628).
- riscv: fix build with binutils 2.38 (bsc#1012628).
- riscv: Fix XIP_FIXUP_FLASH_OFFSET (bsc#1012628).
- riscv: cpu-hotplug: clear cpu from numa map when teardown
(bsc#1012628).
- riscv/mm: Add XIP_FIXUP for phys_ram_base (bsc#1012628).
- riscv: eliminate unreliable __builtin_frame_address(1)
(bsc#1012628).
- gfs2: Fix gfs2_release for non-writers regression (bsc#1012628).
- Revert "gfs2: check context in gfs2_glock_put" (bsc#1012628).
- Revert "PCI/portdrv: Do not setup up IRQs if there are no users"
(bsc#1012628).
- ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group
(bsc#1012628).
- ARM: dts: Fix boot regression on Skomer (bsc#1012628).
- ARM: socfpga: fix missing RESET_CONTROLLER (bsc#1012628).
- nvme-tcp: fix bogus request completion when failing to send AER
(bsc#1012628).
- ACPI/IORT: Check node revision for PMCG resources (bsc#1012628).
- PM: s2idle: ACPI: Fix wakeup interrupts handling (bsc#1012628).
- drm/amdgpu/display: change pipe policy for DCN 2.0
(bsc#1012628).
- drm/rockchip: vop: Correct RK3399 VOP register fields
(bsc#1012628).
- drm/i915: Disable DRRS on IVB/HSW port != A (bsc#1012628).
- ARM: dts: Fix timer regression for beagleboard revision c
(bsc#1012628).
- ARM: dts: meson: Fix the UART compatible strings (bsc#1012628).
- ARM: dts: meson8: Fix the UART device-tree schema validation
(bsc#1012628).
- ARM: dts: meson8b: Fix the UART device-tree schema validation
(bsc#1012628).
- phy: broadcom: Kconfig: Fix PHY_BRCM_USB config option
(bsc#1012628).
- tee: optee: do not check memref size on return from Secure World
(bsc#1012628).
- optee: add error checks in optee_ffa_do_call_with_arg()
(bsc#1012628).
- staging: fbtft: Fix error path in fbtft_driver_module_init()
(bsc#1012628).
- ARM: dts: imx6qdl-udoo: Properly describe the SD card detect
(bsc#1012628).
- phy: xilinx: zynqmp: Fix bus width setting for SGMII
(bsc#1012628).
- phy: stm32: fix a refcount leak in stm32_usbphyc_pll_enable()
(bsc#1012628).
- ARM: dts: imx7ulp: Fix 'assigned-clocks-parents' typo
(bsc#1012628).
- arm64: dts: imx8mq: fix mipi_csi bidirectional port numbers
(bsc#1012628).
- usb: f_fs: Fix use-after-free for epfile (bsc#1012628).
- arm64: Enable Cortex-A510 erratum 2051678 by default
(bsc#1012628).
- phy: dphy: Correct clk_pre parameter (bsc#1012628).
- gpio: aggregator: Fix calling into sleeping GPIO controllers
(bsc#1012628).
- NFS: Don't overfill uncached readdir pages (bsc#1012628).
- NFS: Don't skip directory entries when doing uncached readdir
(bsc#1012628).
- NFS: Avoid duplicate uncached readdir calls on eof
(bsc#1012628).
- drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd
(bsc#1012628).
- misc: fastrpc: avoid double fput() on failed usercopy
(bsc#1012628).
- net: sparx5: Fix get_stat64 crash in tcpdump (bsc#1012628).
- netfilter: nft_payload: don't allow th access for fragments
(bsc#1012628).
- netfilter: ctnetlink: disable helper autoassign (bsc#1012628).
- arm64: dts: meson-g12b-odroid-n2: fix typo 'dio2133'
(bsc#1012628).
- arm64: dts: meson-sm1-odroid: use correct enable-gpio pin for
tf-io regulator (bsc#1012628).
- arm64: dts: meson-sm1-bananapi-m5: fix wrong GPIO domain for
GPIOE_2 (bsc#1012628).
- arm64: dts: meson-sm1-odroid: fix boot loop after reboot
(bsc#1012628).
- ixgbevf: Require large buffers for build_skb on 82599VF
(bsc#1012628).
- tcp: take care of mixed splice()/sendmsg(MSG_ZEROCOPY) case
(bsc#1012628).
- net: mscc: ocelot: fix all IP traffic getting trapped to CPU
with PTP over IP (bsc#1012628).
- drm/panel: simple: Assign data from panel_dpi_probe() correctly
(bsc#1012628).
- s390/module: fix building test_modules_helpers.o with clang
(bsc#1012628).
- ACPI: PM: s2idle: Cancel wakeup before dispatching EC GPE
(bsc#1012628).
- gpiolib: Never return internal error codes to user space
(bsc#1012628).
- gpio: sifive: use the correct register to read output values
(bsc#1012628).
- fbcon: Avoid 'cap' set but not used warning (bsc#1012628).
- SUNRPC: lock against ->sock changing during sysfs read
(bsc#1012628).
- gve: Recording rx queue before sending to napi (bsc#1012628).
- bonding: pair enable_port with slave_arr_updates (bsc#1012628).
- net: dsa: mv88e6xxx: don't use devres for mdiobus (bsc#1012628).
- net: dsa: ar9331: register the mdiobus under devres
(bsc#1012628).
- net: dsa: bcm_sf2: don't use devres for mdiobus (bsc#1012628).
- net: dsa: felix: don't use devres for mdiobus (bsc#1012628).
- net: dsa: ocelot: seville: utilize of_mdiobus_register
(bsc#1012628).
- net: dsa: seville: register the mdiobus under devres
(bsc#1012628).
- net: dsa: mt7530: fix kernel bug in mdiobus_free() when
unbinding (bsc#1012628).
- net: dsa: lantiq_gswip: don't use devres for mdiobus
(bsc#1012628).
- ibmvnic: don't release napi in __ibmvnic_open() (bsc#1012628).
- net: ethernet: litex: Add the dependency on HAS_IOMEM
(bsc#1012628).
- ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table()
on failure path (bsc#1012628).
- nfp: flower: fix ida_idx not being released (bsc#1012628).
- net: do not keep the dst cache when uncloning an skb dst and
its metadata (bsc#1012628).
- net: fix a memleak when uncloning an skb dst and its metadata
(bsc#1012628).
- veth: fix races around rq->rx_notify_masked (bsc#1012628).
- net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE
(bsc#1012628).
- tipc: rate limit warning for received illegal binding update
(bsc#1012628).
- net: amd-xgbe: disable interrupts during pci removal
(bsc#1012628).
- net: dsa: fix panic when DSA master device unbinds on shutdown
(bsc#1012628).
- drm/amd/pm: fix hwmon node of power1_label create issue
(bsc#1012628).
- mptcp: netlink: process IPv6 addrs in creating listening sockets
(bsc#1012628).
- dpaa2-eth: unregister the netdev before disconnecting from
the PHY (bsc#1012628).
- ice: fix an error code in ice_cfg_phy_fec() (bsc#1012628).
- ice: fix IPIP and SIT TSO offload (bsc#1012628).
- ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler
(bsc#1012628).
- ice: Avoid RTNL lock when re-creating auxiliary device
(bsc#1012628).
- net: mscc: ocelot: fix mutex lock error during ethtool stats
read (bsc#1012628).
- net: dsa: mv88e6xxx: fix use-after-free in
mv88e6xxx_mdios_unregister (bsc#1012628).
- vt_ioctl: fix array_index_nospec in vt_setactivate
(bsc#1012628).
- vt_ioctl: add array_index_nospec to VT_ACTIVATE (bsc#1012628).
- n_tty: wake up poll(POLLRDNORM) on receiving data (bsc#1012628).
- eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX
(bsc#1012628).
- usb: dwc2: drd: fix soft connect when gadget is unconfigured
(bsc#1012628).
- Revert "usb: dwc2: drd: fix soft connect when gadget is
unconfigured" (bsc#1012628).
- net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
(bsc#1012628).
- usb: ulpi: Move of_node_put to ulpi_dev_release (bsc#1012628).
- usb: ulpi: Call of_node_put correctly (bsc#1012628).
- usb: dwc3: gadget: Prevent core from processing stale TRBs
(bsc#1012628).
- usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE
transition (bsc#1012628).
- USB: gadget: validate interface OS descriptor requests
(bsc#1012628).
- usb: gadget: rndis: check size of RNDIS_MSG_SET command
(bsc#1012628).
- usb: gadget: f_uac2: Define specific wTerminalType
(bsc#1012628).
- usb: raw-gadget: fix handling of dual-direction-capable
endpoints (bsc#1012628).
- USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320
(bsc#1012628).
- USB: serial: option: add ZTE MF286D modem (bsc#1012628).
- USB: serial: ch341: add support for GW Instek USB2.0-Serial
devices (bsc#1012628).
- USB: serial: cp210x: add NCR Retail IO box id (bsc#1012628).
- USB: serial: cp210x: add CPI Bulk Coin Recycler id
(bsc#1012628).
- speakup-dectlk: Restore pitch setting (bsc#1012628).
- phy: ti: Fix missing sentinel for clk_div_table (bsc#1012628).
- iio: buffer: Fix file related error handling in
IIO_BUFFER_GET_FD_IOCTL (bsc#1012628).
- fs/proc: task_mmu.c: don't read mapcount for migration entry
(bsc#1012628).
- mm: vmscan: remove deadlock due to throttling failing to make
progress (bsc#1012628).
- mm: memcg: synchronize objcg lists with a dedicated spinlock
(bsc#1012628).
- seccomp: Invalidate seccomp mode to catch death failures
(bsc#1012628).
- signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE
(bsc#1012628).
- s390/cio: verify the driver availability for path_event call
(bsc#1012628).
- bus: mhi: pci_generic: Add mru_default for Foxconn SDX55
(bsc#1012628).
- bus: mhi: pci_generic: Add mru_default for Cinterion MV31-W
(bsc#1012628).
- x86/sgx: Silence softlockup detection when releasing large
enclaves (bsc#1012628).
- Makefile.extrawarn: Move -Wunaligned-access to W=1
(bsc#1012628).
- scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled
(bsc#1012628).
- scsi: lpfc: Reduce log messages seen after firmware download
(bsc#1012628).
- MIPS: octeon: Fix missed PTR->PTR_WD conversion (bsc#1012628).
- arm64: dts: imx8mq: fix lcdif port node (bsc#1012628).
- perf: Fix list corruption in perf_cgroup_switch() (bsc#1012628).
- kconfig: fix missing fclose() on error paths (bsc#1012628).
- docs/ABI: testing: aspeed-uart-routing: Escape asterisk
(bsc#1012628).
- iommu: Fix potential use-after-free during probe (bsc#1012628).
- Update config files.
- commit 3192082
- Refresh
patches.suse/drm-i915-Workaround-broken-BIOS-DBUF-configuration-o.patch.
Update upstream status.
- commit 9ffab43
- Refresh
patches.suse/drm-i915-Populate-pipe-dbuf-slices-more-accurately-d.patch.
Update upstream status.
- commit ae6fdf3
- Refresh
patches.suse/drm-i915-Allow-join_mbus-cases-for-adlp-dbuf-configu.patch.
Update upstream status.
- commit d6e9958
- config: Disable CONFIG_READ_ONLY_THP_FOR_FS (bsc#1195774)
- commit 4a5d464
++++ avahi:
- Replace avahi-0.6.31-systemd-order.patch with
avahi-add-resolv-conf-to-inotify.patch: re-read configuration
when resolv.conf changes, per discussion on the bug
(boo#1194561).
++++ multipath-tools:
- Update to version 0.8.8+64+suse.f265f7e0:
* libmultipath: fix printing native nvme multipath topology
(bsc#1196011)
* libmultipath: add %L path wildcard for 64-bit hex LUN
* libmultipath: support host adapter name lookup for s390x ccw bus
++++ patterns-base:
- Use ntfs-3g again, udisks no longer works with the new ntfs3 module
(gh#storaged-project/udisks#932)
++++ python-cryptography:
- split tests in a multibuild variant to optimize rebuild time a bit
++++ qemu:
-Backport patch from upstream, bsc#1194063 CVE-2021-4158
* Patches added:
acpi-validate-hotplug-selector-on-access.patch
++++ sudo:
- Restrict use of sudo -U other -l to people who have permission
to run commands as that user (bsc#1181703, jsc#SLE-22569)
* feature-upstream-restrict-sudo-U-other-l.patch
------------------------------------------------------------------
------------------ 2022-2-15 - Feb 15 2022 -------------------
------------------------------------------------------------------
++++ kernel-default:
- rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926,
bsc#1198484)
Let's iron out the reduced initrd optimisation in Tumbleweed.
Build full blown dracut initrd with systemd for SLE15 SP4.
- commit ea76821
- config.conf: reenable armv6hl/armv7hl and aarch64
- Update config files:
Taken choices from x86_64/default for all new options
Otherwise =m where possible, =y otherwise unless DEBUG or EXPERIMENTAL
- commit 2ab3225
++++ llvm15:
- AND instead of OR in License tag after sr#954337.
++++ multipath-tools:
- Update to version 0.8.8+60+suse.4c5922cb:
* multipathd: add suppport for FC Fabric Performance Impact
Notifications (FPIN) (bsc#1195506)
++++ python310-core:
- bsc#1195831 Obsolete older "most modern" versions of python
packages (python39 for python310 and so forth). For next
versions it is necessary just to edit the macro.
++++ libselinux:
- Add Requires for exact libselinux1 version for selinux-tools
- Simplyfied check for correct boot paramaters in selinux-ready
(bsc#1195361)
++++ python310:
- bsc#1195831 Obsolete older "most modern" versions of python
packages (python39 for python310 and so forth). For next
versions it is necessary just to edit the macro.
++++ python-charset-normalizer:
- update to 2.0.12:
* ASCII miss-detection on rare cases (PR #170)
* Explicit support for Python 3.11 (PR #164)
* The logging behavior have been completely reviewed, now using only TRACE
and DEBUG levels
++++ python-distro:
- remove shebang from distro.py
- update to version 1.7.0:
- BACKWARD COMPATIBILITY:
- Dropped support for EOL Pythons 2.7, 3.4 and 3.5 [[#281](https://github.com/python-distro/distro/pull/281)]
- Dropped support for LSB and `uname` back-ends when `--root-dir` is specified [[#311](https://github.com/python-distro/distro/pull/311)]
- Moved `distro.py` to `src/distro/distro.py` [[#315](https://github.com/python-distro/distro/pull/315)]
- ENHANCEMENTS:
- Documented that `distro.version()` can return an empty string on rolling releases [[#312](https://github.com/python-distro/distro/pull/312)]
- Documented support for Python 3.10 [[#316](https://github.com/python-distro/distro/pull/316)]
- Added official support for Rocky Linux distribution [[#318](https://github.com/python-distro/distro/pull/318)]
- Added a shebang to `distro.py` to allow standalone execution [[#313](https://github.com/python-distro/distro/pull/313)]
- Added support for AIX platforms [[#311](https://github.com/python-distro/distro/pull/311)]
- Added compliance for PEP-561 [[#315](https://github.com/python-distro/distro/pull/315)]
- BUG FIXES:
- Fixed `include_uname` parameter oversight [[#305](https://github.com/python-distro/distro/pull/305)]
- Fixed crash when `uname -rs` output is empty [[#304](https://github.com/python-distro/distro/pull/304)]
- Fixed Amazon Linux identifier in `distro.id()` documentation [[#318](https://github.com/python-distro/distro/pull/318)]
- Fixed OpenSuse >= 15 support [[#319](https://github.com/python-distro/distro/pull/319)]
- Fixed encoding issues when opening distro release files [[#324](https://github.com/python-distro/distro/pull/324)]
- Fixed `linux_distribution` regression introduced in [[#230](https://github.com/python-distro/distro/pull/230)] [[#325](https://github.com/python-distro/distro/pull/325)]
------------------------------------------------------------------
------------------ 2022-2-14 - Feb 14 2022 -------------------
------------------------------------------------------------------
++++ dracut:
- Update to version 055+suse.230.g3fdde49a:
* fix(dasd_rules): correct udev dasd rules parsing (bsc#1195309)
* revert(lvm): remove 69-dm-lvm-metad.rules (bsc#1195604)
++++ gobject-introspection:
- Update to version 1.71.0:
+ Create new API for libffi closures
+ Treat @-prefixed shlib paths as absolute on macOS
+ Add new `forever` scope
+ Build fixes with newer Meson
+ Improve regression test suite
+ Avoid a segfault when using an invalid GType
+ Build fixes on Windows when using g-i as a subproject
+ Warn about property name collisions
+ Add "strict" warnings to g-ir-scanner
+ Add the "emitter" annotation for signal emitters
+ Add a command line option to g-ir-scanner to specify the
compiler
+ Add new convenience API to libgirepository
+ Build fixes on Windows when using MSVC
+ Documentation fixes
+ Update the GIR data for GLib, GObject, and GIO
- Drop patches fixed upstream:
+ 7c1178069f1c58a05ec56a94ca6ba124215a947b.patch
+ effb1e09dee263cdac4ec593e8caf316e6f01fe2.patch
+ 827494d6415b696a98fa195cbd883b50cc893bfc.patch
++++ gsettings-desktop-schemas:
- Update to version 42.beta:
+ Add setting to control privacy screen feature.
+ Updated translations.
++++ iputils:
- rarpd and rdisc tools are now disabled again [jsc#SLE-23521]
++++ kernel-default:
- usb: gadget: clear related members when goto fail
(CVE-2022-24958 bsc#1195905).
- usb: gadget: don't release an existing dev->buf (CVE-2022-24958
bsc#1195905).
- commit dedbf20
- ALSA: hda/realtek: Fix deadlock by COEF mutex (bsc#1195913).
- ALSA: usb-audio: Don't abort resume upon errors (bsc#1195913).
- ALSA: memalloc: invalidate SG pages before sync (bsc#1195913).
- ALSA: memalloc: Fix dma_need_sync() checks (bsc#1195913).
- commit 86181b2
++++ llvm15:
- More conflicts for addition to Leap: clang-tools conflicts with
llvm9 because that doesn't have the move of hmaptool yet, and
llvm13-devel with llvm{5,7} as they used to have FileCheck.1.gz.
++++ lcms2:
- update to 2.13.1:
* Fix a bug on grayscale that made printing gray on white paper
* Added support for premultiplied alpha
* tifficc can now handle alpha channels, both unassociated and premultiplied
* Better documentation
* CGATS parser can now deal with very long strings
* Added Projects for Visual Studio 2020
* Travis CI discontinued, GitHub actions used instead
* Added a very preliminary meson build script (thanks to xclaesse)
* Added ARM64 target to visual studio 2019 (thanks to gaborkertesz-linaro)
* Added thread safe code to get time
* Added automatic linear space detection
* Added cmsGetStageContextID function
* Added cmsDetectRGBProfileGamma
* configure now accepts --without-fastfloat to turn plugin off
* autogen.sh has now a --distclean toggle to get rid of all autotools generated files
* Checked to work on STM32 Cortex-A, Cortex-M families
* Bug & typos fixing (thanks to many reporters and contributors)
* Fixed mem leaks and out-of bounds accesses as reported by fuzzer
++++ ncurses:
- Add ncurses patch 20220212
+ improve font-formatting in other manpages, for consistency.
+ correct/improve font-formatting in curs_wgetch.3x (patch by Benno
Schulenberg).
++++ libnetfilter_conntrack:
- Update to release 1.0.9
* This release comes with the new nfct_nlmsg_build_filter()
function that allows to add metadata for kernel-side
filtering of conntrack entries during conntrack table dump.
* The nfct_query() API supports the new NFCT_Q_FLUSH_FILTER
argument, it allows to flush only IPv6 or IPv4 entries from
the connection tracking table.
++++ open-iscsi:
- Updated to latest upstream 2.1.6 as 2.1.6-suse, which contains
bug fixes and cleanups. See the Changelog for more details.
++++ systemd:
- spec: fix dependencies for mini variants
Make sure that all mini variants won't be installed in real systems and won't
be involved when building medias with kiwi. Note that sub-packages that
requires systemd (such as udev) don't need any special treatment since the
specific deps are inherited from the main (mini) package.
- spec: simplify systemd-mini-doc dependencies by assuming that the doc
sub-package can't be a build requirement for other packages.
- spec: libsystemd-mini and libudev-mini need to provide libsystemd and libudev
respectively
- Rename systemd-sysvinit into systemd-sysvcompat
systemd-sysvinit was probably provided to allow systems to switch from
sysvinit to systemd by overwriting /sbin/init with a link to systemd. But this
isn't very useful anymore due to the fact that sysvinit is not supported since
several years. Therefore the subpackage contains now the files needed to keep
backward compatibility with SysV init scripts (most notably sysv-generator)
and has been renamed accordingly. The few files that are not specific to
sysvinit (such as /bin/init) have been moved to the main package.
Normally this new subpackage shouldn't be needed (since all packages use
systemd unit files) unless a 3rd party application is installed and still
relies on SysV init scripts.
- systemd.spec: explicitely turn on/off build options
Hence a feature can't be accidentally turned on/off because its dep is pulled
in or removed due to another feature being turned on/off.
++++ vim:
- Updated to version 8.2.4375, fixes the following problems
- CVE-2022-0572 - boo#1196023
- CVE-2022-0554 - boo#1195846
* Vim9: strict type checking after copy() and deepcopy().
* Cannot assign empty list with any list type to variable with specific
list type.
* Preprocessor indents are inconsistent.
* Warnings reported by MSVC.
* Error number used twice.
* Test fails.
* Vim9: when copying a list it gets type list<any> even when the original
list did not have a type.
* Vim9: concatenating two lists may result in wrong type.
* Vim9: not all code covered by tests.
* Vim9: not all code covered by tests.
* Divide by zero with huge tabstop value.
* SafeState autocommand interferes with debugging.
* Cannot build tiny version. (Tony Mechelynck)
* Vim9: type error for copy of dict.
* Vim9: return type of getline() is too strict.
* A few messages should not be translated.
* Vim9: slice() makes a copy but doesn't change the type.
* Tex filetype detection fails.
* No test for fixed perl filetype check.
* A few more messages should not be translated.
* Vim9: cannot list autoload function.
* Vim9: crash when using a partial in the wrong context.
* Vim9: constant list and dict get a declaration type other than "any".
* Vim9: changing script variable type not caught at compile time.
* No error for using :vim9script in a :def function.
* Vim9: cannot change type of list after making a slice.
* Test fails where lines are skipped.
* Put in Visual mode not fully tested.
* Various comment and indent mistakes, returning wrong zero.
* :put does not work properly in compiled function. (John Beckett)
* Athena and Motif: when maximized scrollbar position is wrong.
* Vim9: crash when using a funcref to a closure.
* Vim9: crash when using funcref with closure.
* Vim9: nested function name can start with "_".
* Vim9: script-local function name can start with "_".
* 'wildmenu' only shows few matches.
* "o" and "O" copying comment not sufficiently tested.
* May end up with no current buffer.
* Command line complete matches cleard when typing character. (Dominique
Pellé)
* No support for end line number and column in 'errorformat'.
* Vim9: no error if script imports itself.
* Vim9: no test for existing script variable in block.
* Vim9: incomplete test for existing script variable in block.
* cstack not always passed to where it is needed.
* Command line popup menu not positioned correctly.
* No autocommand event triggered before changing directory. (Ronnie Magatti)
* Using :filter for :scriptnames does not work. (Ben Jackson)
* Part of condition is always true.
* An error from an expression mapping messes up the display.
* CTRL-A does not work properly with the cmdline popup menu.
* Command line not redrawn when finishing popup menu and the screen has
scrolled up.
* CI will soon switch to other windows version.
* When reloading not all properties are detected.
* <amatch> is expanded like a file name for DirChangedPre.
* A custom statusline may cause Esc to work like Enter on the command line
when the popup menu is displayed.
* In some build setups UNUSED is not defined.
* "legacy exe cmd" does not do what one would expect.
* FEAT_GUI_ENABLED defined but never used.
* No coverage is measured on MS-Windows CI.
* ReScript files are not recognized.
* CI does not use the latest Lua and Python.
* Dynamic loading of libsodium not handled properly.
* Unnecessary call to check_colorcolumn().
* Command line completion functions are very long.
* sticky command modifiers are too sticky.
* Vim9: line number of exception is not set.
* crash when repeatedly using :retab.
* Vim9: allowing use of "s:" leads to inconsistencies.
* Vim9: some tests fail.
* :retab may allocate too much memory.
* sticky command modifiers are too sticky.
* Not enough tests for command line completion.
* Calling in_vim9script() multiple times.
* Amiga: a few compiler warnings.
* Redundant #ifdef argument.
* MS-Windows: libsodium.dll not included with the installer.
* Vim9: can create a script variable from a legacy function.
* Filetype detection from file contents is in legacy script.
* Expression test fails.
* Unreachable code.
* ctx_imports is not used.
------------------------------------------------------------------
------------------ 2022-2-13 - Feb 13 2022 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Update to 5.17-rc4
- commit 660988d
++++ harfbuzz:
- update to 3.4.0:
+ Perform sanity checks on shaping results is now part of
“harfbuzz†library and can be enabled by setting the buffer
flag HB_BUFFER_FLAG_VERIFY
+ Arabic Mark Transient Reordering Algorithm have been updated
to revision 6
+ ISO 15924 code for mathematical notation, ‘Zmth’, now maps to
the OpenType ‘math’ tag
+ It is now possible to get at once all math kerning values for a
given glyph at a given corner
+ Fix locale_t portability issues on systems the typedef’s it to
a void pointer
------------------------------------------------------------------
------------------ 2022-2-12 - Feb 12 2022 -------------------
------------------------------------------------------------------
++++ glib2-branding-openSUSE:
- Drop gnome-documents from favorite-apps for both openSUSE and
SLED, package is archived upstream.
++++ grep:
- use glibc-locale to reenable less common locale tests (bsc#1195390)
------------------------------------------------------------------
------------------ 2022-2-11 - Feb 11 2022 -------------------
------------------------------------------------------------------
++++ glib-networking:
- Update to version 2.72.beta:
+ Add environment variable proxy resolver.
+ OpenSSL: fix uninitialized memory use.
++++ glib2:
- Update to version 2.70.4:
+ Bugs fixed: glgo#GNOME/GLib!2462 “Fix memory leak in
gio/gdbusauthmechanismsha1.c†to glib-2-70.
+ Updated translations.
++++ kernel-default:
- kernel-binary: Do not include sourcedir in certificate path.
The certs macro runs before build directory is set up so it creates the
aggregate of supplied certificates in the source directory.
Using this file directly as the certificate in kernel config works but
embeds the source directory path in the kernel config.
To avoid this symlink the certificate to the build directory and use
relative path to refer to it.
Also fabricate a certificate in the same location in build directory
when none is provided.
- commit bb988d4
- BTF: Don't break ABI when debuginfo is disabled.
- commit 9ff5fa4
- constraints: Also adjust disk requirement for x86 and s390.
- commit 9719db0
- constraints: Increase disk space for aarch64
- commit 09c2882
- Linux 5.16.9 (bsc#1012628).
- tipc: improve size validations for received domain records
(bsc#1012628).
- crypto: api - Move cryptomgr soft dependency into algapi
(bsc#1012628).
- ksmbd: fix SMB 3.11 posix extension mount failure (bsc#1012628).
- KVM: s390: Return error on SIDA memop on normal guest
(bsc#1012628).
- moxart: fix potential use-after-free on remove path
(bsc#1012628).
- ata: libata-core: Fix ata_dev_config_cpr() (bsc#1012628).
- commit 704dc30
++++ gcc12:
- Update to trunk head, 165947fecf4d78c7effb0f1ee15e694 (git191602)
- Add gcc12-PIE, similar to gcc-PIE but affecting gcc12 [bsc#1195628]
++++ openssl-1_1:
- Pull libopenssl-1_1 when updating openssl-1_1 with the same
version. [bsc#1195792]
++++ libsigc++2:
- Update to version 2.10.8:
+ Build:
- Meson build: Perl is not required by new versions of
mm-common
- NMake Makefiles: Support building with VS2022
+ Documentation: Upgrade the manual from DocBook 4.1 to DocBook
5.0
++++ makedumpfile:
- Turn on zstd in Tumbleweed.
------------------------------------------------------------------
------------------ 2022-2-10 - Feb 10 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- update to 21.3.6
* sixth bugfix release
++++ Mesa-drivers:
- update to 21.3.6
* sixth bugfix release
++++ apparmor:
- update to AppArmor 3.0.4
- various fixes in profiles, abstractions, apparmor_parser and utils
(some of them were already included as patches)
- add support for mctp address family
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.4
for the full upstream changelog
- remove upstream(ed) patches:
- aa-notify-more-arch-mr809.diff
- ruby-3.1-build-fix.diff
- add-samba-bgqd.diff
- openssl-engdef-mr818.diff
- profiles-python-3.10-mr783.diff
- update-samba-abstractions-ldb2.diff
- refresh patches:
- apparmor-samba-include-permissions-for-shares.diff
- ruby-2_0-mkmf-destdir.patch
++++ gobject-introspection:
- use bash for bash scripts (bsc#1195391)
++++ grub2:
- Set grub2-check-default shebang to "#!/bin/bash", as the the code
uses many instructions which are undefined for a POSIX sh.
(boo#1195794).
++++ texinfo:
- Split out texinfo-lang package, so info does not refer to
traslations from texinfo package.
++++ kernel-default:
- Revert "build initrd without systemd" (bsc#1195775)
This reverts commit ef4c569b998635a9369390d4e9cfe3a922815c76. systemd is
needed to at least mount /sys/kernel/security/ during apparmor build.
- commit 5d1f5d2
++++ libapparmor:
- update to AppArmor 3.0.4
- various fixes in profiles, abstractions, apparmor_parser and utils
(some of them were already included as patches)
- add support for mctp address family
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.4
for the full upstream changelog
- remove upstream(ed) patches:
- aa-notify-more-arch-mr809.diff
- ruby-3.1-build-fix.diff
- add-samba-bgqd.diff
- openssl-engdef-mr818.diff
- profiles-python-3.10-mr783.diff
- update-samba-abstractions-ldb2.diff
- refresh patches:
- apparmor-samba-include-permissions-for-shares.diff
- ruby-2_0-mkmf-destdir.patch
++++ libproxy:
- Drop gconf2-devel BuildRequires: libproxy was ported to gsettings
quite some time ago.
- Update our Supplements to current standard.
++++ libsemanage:
- Drop Buildrequires for libustr-devel, not needed anymore
++++ unbound:
- update to 1.15.0
Features
- Fix #596: unset the RA bit when a query is blocked by an unbound
RPZ nxdomain reply. The option rpz-signal-nxdomain-ra allows to
signal that a domain is externally blocked to clients when it
is blocked with NXDOMAIN by unsetting RA.
- Add rpz: for-downstream: yesno option, where the RPZ zone is
authoritatively answered for, so the RPZ zone contents can be
checked with DNS queries directed at the RPZ zone.
- Merge PR #616: Update ratelimit logic. It also introduces
ratelimit-backoff and ip-ratelimit-backoff configuration options.
- Change aggressive-nsec default to yes.
Bug Fixes
- Fix compile warning for if_nametoindex on windows 64bit.
- Merge PR #581 from fobser: Fix -Wmissing-prototypes and -Wshadow
warnings in rpz.
- Fix validator debug output about DS support, print correct algorithm.
- Add code similar to fix for ldns for tab between strings, for
consistency, the test case was not broken.
- Allow local-data for classes other than IN to inherit a configured
local-zone's type if possible, instead of defaulting to type
transparent as per the implicit rule.
- Fix to pick up other class local zone information before unlock.
- Add missing configure flags for optional features in the
documentation.
- Fix Unbound capitalization in the documentation.
- Fix #591: Unbound-anchor manpage links to non-existent license file.
- contrib/aaaa-filter-iterator.patch file renewed diff content to
apply cleanly to the current coderepo for the current code version.
- Fix to add test for rpz-signal-nxdomain-ra.
- Fix #596: only unset RA when NXDOMAIN is signalled.
- Fix that RPZ does not set RD flag on replies, it should be copied
from the query.
- Fix for #596: fix that rpz return message is returned and not just
the rcode from the iterator return path. This fixes signal unset RA
after a CNAME.
- Fix unit tests for rpz now that the AA flag returns successfully from
the iterator loop.
- Fix for #596: add unit test for nsdname trigger and signal unset RA.
- Fix for #596: add unit test for nsip trigger and signal unset RA.
- Fix #598: Fix unbound-checkconf fatal error: module conf
'respip dns64 validator iterator' is not known to work.
- Fix for #596: Fix rpz-signal-nxdomain-ra to work for clientip
triggered operation.
- Merge #600 from pemensik: Change file mode before changing file
owner.
- Fix prematurely terminated TCP queries when a reply has the same ID.
- For #602: Allow the module-config "subnetcache validator cachedb
iterator".
- Fix EDNS to upstream where the same option could be attached
more than once.
- Add a region to serviced_query for allocations.
- For dnstap, do not wakeupnow right there. Instead zero the timer to
force the wakeup callback asap.
- Fix #610: Undefine-shift in sldns_str2wire_hip_buf.
- Fix #588: Unbound 1.13.2 crashes due to p->pc is NULL in
serviced_udp_callback.
- Merge PR #612: TCP race condition.
- Test for NSID in SERVFAIL response due to DNSSEC bogus.
- Fix #599: [FR] RFC 9156 (obsoletes RFC 7816), by noting the new RFC
document.
- Fix tls-* and ssl-* documented alternate syntax to also be available
through remote-control and unbound-checkconf.
- Better cleanup on failed DoT/DoH listening socket creation.
- iana portlist update.
- Fix review comment for use-after-free when failing to send UDP out.
- Merge PR #603 from fobser: Use OpenSSL 1.1 API to access DSA and RSA
internals.
- Merge PR #532 from Shchelk: Fix: buffer overflow bug.
- Merge PR #617: Update stub/forward-host notation to accept port and
tls-auth-name.
- Update stream_ssl.tdir test to also use the new forward-host
notation.
- Fix header comment for doxygen for authextstrtoaddr.
- please clang analyzer for loop in test code.
- Fix docker splint test to use more portable uname.
- Update contrib/aaaa-filter-iterator.patch with diff for current
software version.
- Fix for #611: Integer overflow in sldns_wire2str_pkt_scan.
++++ liburing:
- add explicit liburing2-devel alias to reflect SLE/LEAP 15.4+ naming
(bsc#1193522)
++++ python-semanage:
- Drop Buildrequires for libustr-devel, not needed anymore
++++ selinux-policy:
- Updated fix_cron.patch. Adjust labeling for at (bsc#1195683)
------------------------------------------------------------------
------------------ 2022-2-9 - Feb 9 2022 -------------------
------------------------------------------------------------------
++++ btrfsprogs:
- Update to 5.16.1
* mkfs: support DUP on metadata on zoned devices
* subvol delete: drop warning for root when search ioctl fails
* check:
* fix --init-csum-tree to not create checksums for extents that are not
supposed to have them
* add check for metadata item levels
* add udev rule for zoned devices as they require mq-deadline
* build: fix redefinition of ALIGN on mixed old/new kernel/userspace (5.11)
* other:
* typo fixes
* new tests
* CI targets updated
* Removed patches: btrfs-progs-kerncompat-add-local-definition-for-alig.patch (upstream)
++++ kernel-default:
- rpm/fdupes_relink: dups linking implementation in perl (bsc#1195709)
- rpm/kernel-source.spec.in: use the above
This is orders of magnitude faster.
- commit 359854d
- Update config files.
Set CONFIG_FRAMEBUFFER_CONSOLE_LEGACY_ACCELERATION=y on i386. the
rest to =n. Copied from master branch.
- commit 224cad2
- Linux 5.16.8 (bsc#1012628).
- drm/i915: Disable DSB usage for now (bsc#1012628).
- selinux: fix double free of cond_list on error paths
(bsc#1012628).
- audit: improve audit queue handling when "audit=1" on cmdline
(bsc#1012628).
- ipc/sem: do not sleep with a spin lock held (bsc#1012628).
- spi: stm32-qspi: Update spi registering (bsc#1012628).
- ASoC: hdmi-codec: Fix OOB memory accesses (bsc#1012628).
- ASoC: ops: Reject out of bounds values in snd_soc_put_volsw()
(bsc#1012628).
- ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx()
(bsc#1012628).
- ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx()
(bsc#1012628).
- ALSA: usb-audio: Correct quirk for VF0770 (bsc#1012628).
- ALSA: hda: Fix UAF of leds class devs at unbinding
(bsc#1012628).
- ALSA: hda: realtek: Fix race at concurrent COEF updates
(bsc#1012628).
- ALSA: hda/realtek: Add quirk for ASUS GU603 (bsc#1012628).
- ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte
X570 ALC1220 quirks (bsc#1012628).
- ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus
Master (newer chipset) (bsc#1012628).
- ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus
Xtreme after reboot from Windows (bsc#1012628).
- ata: libata-core: Introduce ATA_HORKAGE_NO_LOG_DIR horkage
(bsc#1012628).
- btrfs: don't start transaction for scrub if the fs is mounted
read-only (bsc#1012628).
- btrfs: fix deadlock between quota disable and qgroup rescan
worker (bsc#1012628).
- btrfs: fix use-after-free after failure to create a snapshot
(bsc#1012628).
- Revert "fs/9p: search open fids first" (bsc#1012628).
- drm/nouveau: fix off by one in BIOS boundary checking
(bsc#1012628).
- drm/i915/adlp: Fix TypeC PHY-ready status readout (bsc#1012628).
- drm/amdgpu: fix a potential GPU hang on cyan skillfish
(bsc#1012628).
- drm/amd/pm: correct the MGpuFanBoost support for Beige Goby
(bsc#1012628).
- drm/amd/display: Update watermark values for DCN301
(bsc#1012628).
- drm/amd/display: watermark latencies is not enough on DCN31
(bsc#1012628).
- drm/amd/display: Force link_rate as LINK_RATE_RBR2 for 2018 15"
Apple Retina panels (bsc#1012628).
- nvme-fabrics: fix state check in nvmf_ctlr_matches_baseopts()
(bsc#1012628).
- mm/debug_vm_pgtable: remove pte entry from the page table
(bsc#1012628).
- mm/pgtable: define pte_index so that preprocessor could
recognize it (bsc#1012628).
- mm/kmemleak: avoid scanning potential huge holes (bsc#1012628).
- block: bio-integrity: Advance seed correctly for larger interval
sizes (bsc#1012628).
- dma-buf: heaps: Fix potential spectre v1 gadget (bsc#1012628).
- IB/hfi1: Fix panic with larger ipoib send_queue_size
(bsc#1012628).
- IB/hfi1: Fix alloc failure with larger txqueuelen (bsc#1012628).
- IB/hfi1: Fix AIP early init panic (bsc#1012628).
- Revert "fbdev: Garbage collect fbdev scrolling acceleration,
part 1 (from TODO list)" (bsc#1012628).
- Revert "fbcon: Disable accelerated scrolling" (bsc#1012628).
- fbcon: Add option to enable legacy hardware acceleration
(bsc#1012628).
- mptcp: fix msk traversal in mptcp_nl_cmd_set_flags()
(bsc#1012628).
- Revert "ASoC: mediatek: Check for error clk pointer"
(bsc#1012628).
- RISC-V: KVM: make CY, TM, and IR counters accessible in VU mode
(bsc#1012628).
- KVM: arm64: Avoid consuming a stale esr value when SError occur
(bsc#1012628).
- KVM: arm64: Stop handle_exit() from handling HVC twice when
an SError occurs (bsc#1012628).
- arm64: Add Cortex-A510 CPU part definition (bsc#1012628).
- RDMA/cma: Use correct address when leaving multicast group
(bsc#1012628).
- RDMA/ucma: Protect mc during concurrent multicast leaves
(bsc#1012628).
- RDMA/siw: Fix refcounting leak in siw_create_qp() (bsc#1012628).
- IB/rdmavt: Validate remote_addr during loopback atomic tests
(bsc#1012628).
- RDMA/siw: Fix broken RDMA Read Fence/Resume logic (bsc#1012628).
- RDMA/mlx4: Don't continue event handler after memory allocation
failure (bsc#1012628).
- ALSA: usb-audio: initialize variables that could ignore errors
(bsc#1012628).
- ALSA: hda: Fix signedness of sscanf() arguments (bsc#1012628).
- ALSA: hda: Skip codec shutdown in case the codec is not
registered (bsc#1012628).
- iommu/vt-d: Fix potential memory leak in
intel_setup_irq_remapping() (bsc#1012628).
- iommu/amd: Fix loop timeout issue in iommu_ga_log_enable()
(bsc#1012628).
- spi: bcm-qspi: check for valid cs before applying chip select
(bsc#1012628).
- spi: mediatek: Avoid NULL pointer crash in interrupt
(bsc#1012628).
- spi: meson-spicc: add IRQ check in meson_spicc_probe
(bsc#1012628).
- spi: uniphier: fix reference count leak in uniphier_spi_probe()
(bsc#1012628).
- IB/hfi1: Fix tstats alloc and dealloc (bsc#1012628).
- IB/cm: Release previously acquired reference counter in the
cm_id_priv (bsc#1012628).
- net: ieee802154: hwsim: Ensure proper channel selection at
probe time (bsc#1012628).
- net: ieee802154: mcr20a: Fix lifs/sifs periods (bsc#1012628).
- net: ieee802154: ca8210: Stop leaking skb's (bsc#1012628).
- netfilter: nft_reject_bridge: Fix for missing reply from
prerouting (bsc#1012628).
- net: ieee802154: Return meaningful error codes from the netlink
helpers (bsc#1012628).
- net/smc: Forward wakeup to smc socket waitqueue after fallback
(bsc#1012628).
- net: stmmac: dwmac-visconti: No change to ETHER_CLOCK_SEL for
unexpected speed request (bsc#1012628).
- net: stmmac: properly handle with runtime pm in
stmmac_dvr_remove() (bsc#1012628).
- net: macsec: Fix offload support for NETDEV_UNREGISTER event
(bsc#1012628).
- net: macsec: Verify that send_sci is on when setting Tx sci
explicitly (bsc#1012628).
- net: stmmac: dump gmac4 DMA registers correctly (bsc#1012628).
- net, neigh: Do not trigger immediate probes on NUD_FAILED from
neigh_managed_work (bsc#1012628).
- net: stmmac: ensure PTP time register reads are consistent
(bsc#1012628).
- drm: mxsfb: Fix NULL pointer dereference (bsc#1012628).
- drm/kmb: Fix for build errors with Warray-bounds (bsc#1012628).
- drm/i915/overlay: Prevent divide by zero bugs in scaling
(bsc#1012628).
- drm/i915: Lock timeline mutex directly in error path of
eb_pin_timeline (bsc#1012628).
- drm/amd: avoid suspend on dGPUs w/ s2idle support when runtime
PM enabled (bsc#1012628).
- ASoC: rt5682: Fix deadlock on resume (bsc#1012628).
- ASoC: fsl: Add missing error handling in pcm030_fabric_probe
(bsc#1012628).
- ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple
of period bytes (bsc#1012628).
- ASoC: simple-card: fix probe failure on platform component
(bsc#1012628).
- ASoC: cpcap: Check for NULL pointer after calling
of_get_child_by_name (bsc#1012628).
- ASoC: max9759: fix underflow in speaker_gain_control_put()
(bsc#1012628).
- ASoC: codecs: wcd938x: fix incorrect used of portid
(bsc#1012628).
- ASoC: codecs: lpass-rx-macro: fix sidetone register offsets
(bsc#1012628).
- ASoC: codecs: wcd938x: fix return value of mixer put function
(bsc#1012628).
- ASoC: qdsp6: q6apm-dai: only stop graphs that are started
(bsc#1012628).
- pinctrl: sunxi: Fix H616 I2S3 pin data (bsc#1012628).
- pinctrl: intel: Fix a glitch when updating IRQ flags on a
preconfigured line (bsc#1012628).
- pinctrl: intel: fix unexpected interrupt (bsc#1012628).
- pinctrl: bcm2835: Fix a few error paths (bsc#1012628).
- btrfs: fix use of uninitialized variable at rm device ioctl
(bsc#1012628).
- scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (bsc#1012628).
- nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed
client (bsc#1012628).
- gve: fix the wrong AdminQ buffer queue index check
(bsc#1012628).
- bpf: Use VM_MAP instead of VM_ALLOC for ringbuf (bsc#1012628).
- selftests/exec: Remove pipe from TEST_GEN_FILES (bsc#1012628).
- selftests: futex: Use variable MAKE instead of make
(bsc#1012628).
- tools/resolve_btfids: Do not print any commands when building
silently (bsc#1012628).
- e1000e: Separate ADP board type from TGP (bsc#1012628).
- rtc: cmos: Evaluate century appropriate (bsc#1012628).
- objtool: Fix truncated string warning (bsc#1012628).
- kvm: add guest_state_{enter,exit}_irqoff() (bsc#1012628).
- kvm/arm64: rework guest entry logic (bsc#1012628).
- perf: Copy perf_event_attr::sig_data on modification
(bsc#1012628).
- perf stat: Fix display of grouped aliased events (bsc#1012628).
- perf/x86/intel/pt: Fix crash with stop filters in single-range
mode (bsc#1012628).
- x86/perf: Default set FREEZE_ON_SMI for all (bsc#1012628).
- EDAC/altera: Fix deferred probing (bsc#1012628).
- EDAC/xgene: Fix deferred probing (bsc#1012628).
- ext4: prevent used blocks from being allocated during fast
commit replay (bsc#1012628).
- ext4: modify the logic of ext4_mb_new_blocks_simple
(bsc#1012628).
- ext4: fix error handling in ext4_restore_inline_data()
(bsc#1012628).
- ext4: fix error handling in ext4_fc_record_modified_inode()
(bsc#1012628).
- ext4: fix incorrect type issue during replay_del_range
(bsc#1012628).
- net: dsa: mt7530: make NET_DSA_MT7530 select MEDIATEK_GE_PHY
(bsc#1012628).
- cgroup/cpuset: Fix "suspicious RCU usage" lockdep warning
(bsc#1012628).
- tools include UAPI: Sync sound/asound.h copy with the kernel
sources (bsc#1012628).
- gpio: idt3243x: Fix an ignored error return from
platform_get_irq() (bsc#1012628).
- gpio: mpc8xxx: Fix an ignored error return from
platform_get_irq() (bsc#1012628).
- selftests: nft_concat_range: add test for reload with no
element add/del (bsc#1012628).
- selftests: netfilter: check stateless nat udp checksum fixup
(bsc#1012628).
- Update config files.
- commit 1b44d21
++++ gcc12:
- Put libstdc++6-pp Requires on the shared library and drop
to Recoomends.
++++ multipath-tools:
- Version 0.8.8+57+suse.dfb672fe
* kpartx.rules: skip MD devices (bsc#1195644)
* libmultipath: hwtable: use ALUA for all LIO targets (bsc#1195649)
* multipathd.service: drop ExecStartPre for loading dm-multipath
(bsc#1195397)
++++ pango:
- Update to version 1.50.4:
+ Tweak synthetic space size.
+ itemize: Try harder to avoid NULL fonts.
+ docs: Some additions.
+ Pass synthetic slant to harfbuzz.
+ Make sloped carets work with uneven scales.
+ Fix serialiation on arm.
+ Avoid an uninitialized variable warning.
+ Reinstate previous behavior of pango_attr_list_splice.
+ Deprecated pango_coverage_ref/unref.
+ Fix serialization on non-glibc systems.
+ Fix allow-breaks handling.
++++ pam:
- Move group.conf and faillock.conf to /usr/etc/security
++++ selinux-policy:
- Fix bitlbee runtime directory (bsc#1193230)
* add fix_bitlbee.patch
------------------------------------------------------------------
------------------ 2022-2-8 - Feb 8 2022 -------------------
------------------------------------------------------------------
++++ hwdata:
- Update to version 0.356:
+ Updated pci, usb and vendor ids.
++++ kdump:
- Exclude i586 from SLE builds.
++++ kernel-default:
- Refresh
patches.suse/0001-lib-raid6-Use-strict-priority-ranking-for-pq-gen-ben.patch.
- Refresh
patches.suse/0001-lib-raid6-skip-benchmark-of-non-chosen-xor_syndrome-.patch.
- Refresh
patches.suse/cifs-fix-workstation_name-for-multiuser-mounts.patch.
Update upstream status and move to sorted section.
- commit 9ebef3e
++++ llvm15:
- Add SUSE_Backports_policy-SLE_conflict to rpmlintrc, we're
deliberately conflicting with SLE here to offer a newer version
than what SUSE wants to support.
(https://code.opensuse.org/leap/features/issue/55)
++++ gcc12:
- Bump to 943d631abdd7be623cbf2b870d3d0cfef89f5f26, git191519.
++++ libvirt:
- qemu: fix inactive snapshot revert
76deb656-qemu-fix-snapshot-revert.patch
boo#1195690
++++ libzypp:
- Fix handling of redirected command in-/output (bsc#1195326)
This fixes delays at the end of zypper operations, where
zypper unintentionally waits for appdata plugin scripts to
complete.
- version 17.29.4 (22)
++++ salt:
- Update generated documentation to 3004
- Expose missing "ansible" module functions in Salt 3004 (bsc#1195625)
- Added:
* add-missing-ansible-module-functions-to-whitelist-in.patch
------------------------------------------------------------------
------------------ 2022-2-7 - Feb 7 2022 -------------------
------------------------------------------------------------------
++++ kernel-default:
- drm/i915: Workaround broken BIOS DBUF configuration on TGL/RKL
(bsc#1193640).
- drm/i915: Populate pipe dbuf slices more accurately during
readout (bsc#1193640).
- drm/i915: Allow !join_mbus cases for adlp+ dbuf configuration
(bsc#1193640).
- commit 0503f69
++++ harfbuzz:
- update to 3.3.2:
+ Revert splitting of pair positioning values introduced in 3.3.0
as it proved problematic
- includes changes from 3.3.1:
+ Fix heap-use-after-free in harfbuzz-subset introduced in
previous release
- includes changes from 3.3.0:
+ Improved documentation, code cleanup
+ The low 16-bits of face index will be used by hb_face_create()
to select a face inside a font collection file format, while the
high 16-bits will be used by hb_font_create() to load the named
instance
+ Glyph positions and other font metrics now apply synthetic slant
set by hb_font_set_synthetic_slant(), for improved positioning
for synthetically slanted fonts
+ Fixed unintentional locale dependency in hb_variation_to_string()
for decimal point representation
+ When applying pair positioning (kerning) the positioning value
is split between the two sides of the pair for improved cursor
positioning between such pairs
+ Introduced new HB_GLYPH_FLAG_UNSAFE_TO_CONCAT, to be used in
conjunction with HB_GLYPH_FLAG_UNSAFE_TO_BREAK for optimizing
re-shaping during line breaking. Check the documentation for
further details
+ Improved handling of macrolanguages when mapping BCP 47 codes
to OpenType tags
++++ ncurses:
- Add ncurses patch 20220205
+ workaround in test/picsmap.c for use of floating point for rgb values
by ImageMagick 6.9.11, which appears to use the wrong upper limit.
+ improve use of "trap" in shell scripts, using "fixup-trap".
++++ libvirt:
- libxl: Mark auto-allocated graphics ports to used on reconnect
e0241f33-libxl-mark-allocated-graphics-ports.patch
- libxl: Release all auto-allocated graphics ports
18ec405a-libxl-release-graphics-ports.patch
bsc#1191668
++++ pam:
- Update to current git for enhanced vendordir support (pam-git.diff)
Obsoletes:
- 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch
- 0002-Only-include-vendordir-in-manual-page-if-set-401.patch
- 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch
++++ pam-config:
- Update to Version 1.6
- Create /etc/pam.d if not there
- Support file option of pam_pwhistory
++++ patterns-base:
- No longer recommend apparmor pattern by enhanced_base:
installations using YaST have the LSM selected during
installation. Other setups might just as well pick SELinux.
++++ salt:
- Fix salt-call event.send with pillar or grains
- Added:
* fix-salt-call-event.send-call-with-grains-and-pillar.patch
++++ python-setuptools:
- update to 58.3.0:
* ``setup.py install`` and ``easy_install`` commands are now officially
deprecated. Use other standards-based installers (like pip) and builders (like
build). Workloads reliant on this behavior should pin to this major version of
Setuptools.
* #1988: Deprecated the ``bdist_rpm`` command.
* #2785: Replace confirparser's readfp with read_file, deprecated since Python 3.2.
* #2823: Officially deprecated support for ``setup_requires``. Users are
encouraged instead to migrate to PEP 518 ``build-system.requires`` in
``pyproject.toml``. Users reliant on ``setup_requires`` should consider
pinning to this major version to avoid disruption.
* #2762: Changed codecov.yml to configure the threshold to be lower
* #2757: Add windows arm64 launchers for scripts generated by easy_install.
* #2800: Added ``--owner`` and ``--group`` options to the ``sdist`` command,
for specifying file ownership within the produced tarball (similarly
to the corresponding distutils ``sdist`` options).
* #2792: Document how the legacy and non-legacy versions are compared, and
reference to the `PEP 440 <https://www.python.org/dev/peps/pep-0440/>`_
scheme.
* #2773: Retain case in setup.cfg during sdist.
* #2777: Build does not fail fast when ``use_2to3`` is supplied but set to a
false value.
* #2769: Build now fails fast when ``use_2to3`` is supplied.
* #2765: In Distribution.finalize_options, suppress known removed entry points
to avoid issues with older Setuptools.
* #2086: Removed support for 2to3 during builds. Projects should port to a
unified codebase or pin to an older version of Setuptools using PEP 518
build-requires.
* #2712: Added implicit globbing support for `[options.data_files]` values.
* #2737: fix various syntax and style errors in code snippets in docs
------------------------------------------------------------------
------------------ 2022-2-6 - Feb 6 2022 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Update to 5.17-rc3
- eliminate 1 patch
- patches.suse/cifs-fix-workstation_name-for-multiuser-mounts.patch
- update configs
- FRAMEBUFFER_CONSOLE_LEGACY_ACCELERATION=n (y on i386)
- commit 335402f
- Linux 5.16.7 (bsc#1012628).
- Revert "drm/vc4: hdmi: Make sure the device is powered with CEC"
again (bsc#1012628).
- Revert "drm/vc4: hdmi: Make sure the device is powered with CEC"
(bsc#1012628).
- commit 37d59fa
++++ gdbm:
- update to 1.23:
* Bucket cache switched from balanced tree to hash table
* Speed up flushing the changed buckets on disk
* New option codes for gdbm_setopt
* Enable or disable automatic cache adjustment
- remove obsolete texinfo packaging macros
++++ rpm-config-SUSE:
- Update to version 0.g96:
* changes
* Avoid bash specific construct
------------------------------------------------------------------
------------------ 2022-2-5 - Feb 5 2022 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Linux 5.16.6 (bsc#1012628).
- ovl: fix NULL pointer dereference in copy up warning
(bsc#1012628).
- tcp: add missing tcp_skb_can_collapse() test in
tcp_shift_skb_data() (bsc#1012628).
- tcp: fix mem under-charging with zerocopy sendmsg()
(bsc#1012628).
- af_packet: fix data-race in packet_setsockopt /
packet_setsockopt (bsc#1012628).
- e1000e: Handshake with CSME starts from ADL platforms
(bsc#1012628).
- cpuset: Fix the bug that subpart_cpus updated wrongly in
update_cpumask() (bsc#1012628).
- bpf: Fix possible race in inc_misses_counter (bsc#1012628).
- net: ipa: request IPA register values be retained (bsc#1012628).
- rtnetlink: make sure to refresh master_dev/m_ops in
__rtnl_newlink() (bsc#1012628).
- net: sched: fix use-after-free in tc_new_tfilter()
(bsc#1012628).
- fanotify: Fix stale file descriptor in copy_event_to_user()
(bsc#1012628).
- net: amd-xgbe: Fix skb data length underflow (bsc#1012628).
- net: amd-xgbe: ensure to reset the tx_timer_active flag
(bsc#1012628).
- i40e: Fix reset path while removing the driver (bsc#1012628).
- i40e: Fix reset bw limit when DCB enabled with 1 TC
(bsc#1012628).
- ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (bsc#1012628).
- net/mlx5e: Avoid implicit modify hdr for decap drop rule
(bsc#1012628).
- net/mlx5: E-Switch, Fix uninitialized variable modact
(bsc#1012628).
- net/mlx5e: Fix broken SKB allocation in HW-GRO (bsc#1012628).
- net/mlx5e: Fix wrong calculation of header index in HW_GRO
(bsc#1012628).
- net/mlx5e: Avoid field-overflowing memcpy() (bsc#1012628).
- net/mlx5: Bridge, Fix devlink deadlock on net namespace deletion
(bsc#1012628).
- net/mlx5e: Don't treat small ceil values as unlimited in HTB
offload (bsc#1012628).
- net/mlx5: Fix offloading with ESWITCH_IPV4_TTL_MODIFY_ENABLE
(bsc#1012628).
- net/mlx5e: TC, Reject rules with forward and drop actions
(bsc#1012628).
- net/mlx5e: Fix module EEPROM query (bsc#1012628).
- net/mlx5: Use del_timer_sync in fw reset flow of halting poll
(bsc#1012628).
- net/mlx5e: Fix handling of wrong devices during bond netevent
(bsc#1012628).
- net/mlx5: Bridge, ensure dev_name is null-terminated
(bsc#1012628).
- net/mlx5: Bridge, take rtnl lock in init error handler
(bsc#1012628).
- net/mlx5e: TC, Reject rules with drop and modify hdr action
(bsc#1012628).
- net/mlx5e: IPsec: Fix tunnel mode crypto offload for non
TCP/UDP traffic (bsc#1012628).
- net/mlx5e: IPsec: Fix crypto offload for non TCP/UDP
encapsulated traffic (bsc#1012628).
- lockd: fix failure to cleanup client locks (bsc#1012628).
- lockd: fix server crash on reboot of client holding lock
(bsc#1012628).
- ovl: don't fail copy up if no fileattr support on upper
(bsc#1012628).
- net: phy: Fix qca8081 with speeds lower than 2.5Gb/s
(bsc#1012628).
- Revert "mm/gup: small refactoring: simplify try_grab_page()"
(bsc#1012628).
- cgroup-v1: Require capabilities to set release_agent
(bsc#1012628).
- drm/vc4: hdmi: Make sure the device is powered with CEC
(bsc#1012628).
- net: ipa: prevent concurrent replenish (bsc#1012628).
- net: ipa: use a bitmap for endpoint replenish_enabled
(bsc#1012628).
- selftests: mptcp: fix ipv6 routing setup (bsc#1012628).
- PCI: pciehp: Fix infinite loop in IRQ handler upon power fault
(bsc#1012628).
- commit 1e2a324
- Refresh patches.suse/Input-elan_i2c-Add-deny-list-for-Lenovo-Yoga-Slim-7.patch
Fix section mistmatch warning
- commit 672f0d5
++++ wpa_supplicant:
- Apply Revert-DBus-Add-sae-to-interface-key_mgmt-capabilities.patch
to fix connect with AVM FB, if WPA3 transition mode is activated,
e.g. Wifi -> Security: is WPA2 + WPA3, alt. switch to WPA2 (CCMP)
(bsc#1195312)
------------------------------------------------------------------
------------------ 2022-2-4 - Feb 4 2022 -------------------
------------------------------------------------------------------
++++ gstreamer:
- Update to version 1.20.0:
+ Development in GitLab was switched to a single git repository
containing all the modules
+ GstPlay: new high-level playback library, replaces GstPlayer
+ WebM Alpha decoding support
+ Encoding profiles can now be tweaked with additional
application-specified element properties
+ Compositor: multi-threaded video conversion and mixing
+ RTP header extensions: unified support in RTP depayloader and
payloader base classes
+ SMPTE 2022-1 2-D Forward Error Correction support
+ Smart encoding (pass through) support for VP8, VP9, H.265 in
encodebin and transcodebin
+ Runtime compatibility support for libsoup2 and libsoup3
(libsoup3 support experimental)
+ Video decoder subframe support
+ Video decoder automatic packet-loss, data corruption, and
keyframe request handling for RTP / WebRTC / RTSP
+ mp4 and Matroska muxers now support profile/level/resolution
changes for H.264/H.265 input streams (i.e. codec data changing
on the fly)
+ mp4 muxing mode that initially creates a fragmented mp4 which
is converted to a regular mp4 on EOS
+ Audio support for the WebKit Port for Embedded (WPE) web page
source element
+ CUDA based video color space convert and rescale elements and
upload/download elements
+ NVIDIA memory:NVMM support for OpenGL glupload and gldownload
elements
+ Many WebRTC improvements
+ The new VA-API plugin implementation fleshed out with more
decoders and new postproc elements
+ AppSink API to retrieve events in addition to buffers and
buffer lists
+ AppSrc gained more configuration options for the internal queue
(leakiness, limits in buffers and time, getters to read current
levels)
+ Updated Rust bindings and many new Rust plugins
+ Improved support for custom minimal GStreamer builds
+ Support build against FFmpeg 5.0
+ Linux Stateless CODEC support gained MPEG-2 and VP9
+ Windows Direct3D11/DXVA decoder gained AV1 and MPEG-2 support
+ Lots of new plugins, features, performance improvements and bug
fixes
- Use ldconfig_scriptlets macro for post(un) handling where
possible.
- Update Source url.
- Update to version 1.18.6:
+ gstplugin: Fix for UWP build
+ gst-ptp-helper: Do not disable multicast loopback
+ concat: fix qos event handling
+ pluginfeature: Fix object leak
+ baseparse: fix invalid avg_bitrate after reset
+ multiqueue: Fix query unref race on flush
+ gst: Initialize optional event/message fields when parsing
+ bitwriter: Fix the trailing bits lost when getting its data
+ multiqueue: never consider a queue that is not waiting
+ input-selector: Use proper segments when cleaning cached
buffers
++++ gstreamer-plugins-base:
- Update to version 1.20.0:
+ Development in GitLab was switched to a single git repository
containing all the modules
+ GstPlay: new high-level playback library, replaces GstPlayer
+ WebM Alpha decoding support
+ Encoding profiles can now be tweaked with additional
application-specified element properties
+ Compositor: multi-threaded video conversion and mixing
+ RTP header extensions: unified support in RTP depayloader and
payloader base classes
+ SMPTE 2022-1 2-D Forward Error Correction support
+ Smart encoding (pass through) support for VP8, VP9, H.265 in
encodebin and transcodebin
+ Runtime compatibility support for libsoup2 and libsoup3
(libsoup3 support experimental)
+ Video decoder subframe support
+ Video decoder automatic packet-loss, data corruption, and
keyframe request handling for RTP / WebRTC / RTSP
+ mp4 and Matroska muxers now support profile/level/resolution
changes for H.264/H.265 input streams (i.e. codec data changing
on the fly)
+ mp4 muxing mode that initially creates a fragmented mp4 which
is converted to a regular mp4 on EOS
+ Audio support for the WebKit Port for Embedded (WPE) web page
source element
+ CUDA based video color space convert and rescale elements and
upload/download elements
+ NVIDIA memory:NVMM support for OpenGL glupload and gldownload
elements
+ Many WebRTC improvements
+ The new VA-API plugin implementation fleshed out with more
decoders and new postproc elements
+ AppSink API to retrieve events in addition to buffers and
buffer lists
+ AppSrc gained more configuration options for the internal queue
(leakiness, limits in buffers and time, getters to read current
levels)
+ Updated Rust bindings and many new Rust plugins
+ Improved support for custom minimal GStreamer builds
+ Support build against FFmpeg 5.0
+ Linux Stateless CODEC support gained MPEG-2 and VP9
+ Windows Direct3D11/DXVA decoder gained AV1 and MPEG-2 support
+ Lots of new plugins, features, performance improvements and bug
fixes
- Rebase add_wayland_dep_to_tests.patch.
- Drop gstreamer-plugins-base-gl-deps.patch: Fixed upstream
- Stop using service due to upstreams new mono-repo, just use
tarballs for now.
- Update to version 1.18.6:
+ tagdemux: Fix crash when presented with malformed files
(security fix)
+ videoencoder: make sure the buffer is writable before modifying
metadata
+ video-converter: Fix for broken gamma remap with high bitdepth
YUV output
+ sdpmessage: fix mapping single char fmtp params
+ oggdemux: fix a race in push mode when performing the duration
seek
+ uridecodebin: Fix critical warnings
+ audio-converter: Fix resampling when there's nothing to output
+ tcp: fix build on Solaris
+ uridecodebin3: Nullify current item after all play items are
freed.
+ audio-resampler: Fix segfault when we can't output any frames
+ urisourcebin: Handle sources with dynamic pads and pads already
present
+ playbin2/3: autoplug/caps: don't expand caps to ANY
+ uridecodebin3/urisourcebin: Reusability fixes
+ rtspconnection: Only reset timeout when socket is unused
+ gstvideoaggregator.c: fix build with gcc 4.8
- Drop service, use source url, upstream changes in git.
++++ openssl-1_1:
- FIPS: Fix function and reason error codes [bsc#1182959]
* Add openssl-1_1-FIPS-fix-error-reason-codes.patch
++++ procps:
- Add patch bsc1195468-23da4f40.patch to fix bsc#1195468 that is
ignore SIGURG
++++ systemd:
- Always create systemd-network system user, even if systemd-networkd is not
installed (bsc#1195559)
++++ libxkbcommon:
- Update to release 1.4.0
* In libxkbregistry, variants now inherit iso639, iso3166 and
brief from parent layout if omitted.
* In libxkbregistry, skip over invalid ISO-639 or ISO-3166
entries.
++++ python-pyOpenSSL:
- update to 22.0.0:
- Drop support for Python 2.7.
- The minimum ``cryptography`` version is now 35.0.
- Expose wrappers for some `DTLS
<https://en.wikipedia.org/wiki/Datagram_Transport_Layer_Security>`_
primitives.
- drop check_inv_ALPN_lists.patch: upstream
++++ system-user-root:
- Add /bin/bash as shell for root to sysusers.d config
- Add trusted group to sysusers.d config, too.
------------------------------------------------------------------
------------------ 2022-2-3 - Feb 3 2022 -------------------
------------------------------------------------------------------
++++ dosfstools:
- Drop vim BuildRequires: the test suite passes without it present.
++++ glibc:
- Update to glibc 2.35
Major new features:
* Unicode 14.0.0 Support
* Bump r_version in the debugger interface to 2
* Support for the C.UTF-8 locale has been added to glibc
* <math.h> functions that round their results to a narrower type, and
corresponding <tgmath.h> macros, are added from TS 18661-1:2014, TS
18661-3:2015 and draft ISO C2X
* <math.h> functions for floating-point maximum and minimum,
corresponding to new operations in IEEE 754-2019, and corresponding
<tgmath.h> macros, are added from draft ISO C2X
* <math.h> macros for single-precision float constants are added as a
GNU extension
* The __STDC_IEC_60559_BFP__ and __STDC_IEC_60559_COMPLEX__ macros are
predefined as specified in TS 18661-1:2014
* The exp10 functions in <math.h> now have a corresponding type-generic
macro in <tgmath.h>
* The ISO C2X macro _PRINTF_NAN_LEN_MAX has been added to <stdio.h>
* printf-family functions now support the %b format for output of
integers in binary, as specified in draft ISO C2X, and the %B variant
of that format recommended by draft ISO C2X
* A new DSO sorting algorithm has been added in the dynamic linker that uses
topological sorting by depth-first search (DFS), solving performance issues
of the existing sorting algorithm when encountering particular circular
object dependency cases
* A new tunable, glibc.rtld.dynamic_sort, can be used to select between
the two DSO sorting algorithms
* ABI support for a new function '__memcmpeq'. '__memcmpeq' is meant
to be used by compilers for optimizing usage of 'memcmp' when its
return value is only used for its boolean status
* Support for automatically registering threads with the Linux rseq
system call has been added
* A symbolic link to the dynamic linker is now installed under
/usr/bin/ld.so (or more precisely, '${bindir}/ld.so')
* All programs and the testsuite in glibc are now built as position independent
executables (PIE) by default on toolchains and architectures that support it
* On Linux, a new tunable, glibc.malloc.hugetlb, can be used to
either make malloc issue madvise plus MADV_HUGEPAGE on mmap and sbrk
or to use huge pages directly with mmap calls with the MAP_HUGETLB
flags)
* The printf family of functions now handles the flagged %#m conversion
specifier, printing errno as an error constant (similar to strerrorname_np)
* The function _dl_find_object has been added
* On Linux, the epoll_pwait2 function has been added
* The function posix_spawn_file_actions_addtcsetpgrp_np has been added,
enabling posix_spawn and posix_spawnp to set the controlling terminal in
the new process in a race free manner
* Source fortification (_FORTIFY_SOURCE) level 3 is now available for
applications compiling with glibc and gcc 12 and later
Deprecated and removed features, and other changes affecting compatibility:
* On x86-64, the LD_PREFER_MAP_32BIT_EXEC environment variable support
has been removed since the first PT_LOAD segment is no longer executable
due to defaulting to -z separate-code
* The r_version update in the debugger interface makes the glibc binary
incompatible with GDB
* Intel MPX support (lazy PLT, ld.so profile, and LD_AUDIT) has been removed
* The catchsegv script and associated libSegFault.so shared object have
been removed
* Support for prelink will be removed in the next release; this includes
removal of the LD_TRACE_PRELINKING, and LD_USE_LOAD_BIAS, environment
variables and their functionality in the dynamic loader
Changes to build and runtime requirements:
* The audit module interface version LAV_CURRENT is increased to enable
proper bind-now support
* The audit interface on aarch64 is extended to support both the indirect
result location register (x8) and NEON Q register
Security related changes:
* CVE-2022-23219: Passing an overlong file name to the clnt_create
legacy function could result in a stack-based buffer overflow when
using the "unix" protocol
* CVE-2022-23218: Passing an overlong file name to the svcunix_create
legacy function could result in a stack-based buffer overflow
* CVE-2021-3998: Passing a path longer than PATH_MAX to the realpath
function could result in a memory leak and potential access of
uninitialized memory
* CVE-2021-3999: Passing a buffer of size exactly 1 byte to the getcwd
function may result in an off-by-one buffer underflow and overflow
when the current working directory is longer than PATH_MAX and also
corresponds to the / directory through an unprivileged mount
namespace
- copy-and-spawn-sgid-double-close.patch,
fcntl-time-bits-64-redirect.patch, gaiconf-init-double-free.patch,
gconv-parseconfdir-memory-leak.patch, getcwd-attribute-access.patch,
glibc-c-utf8-locale.patch, iconv-charmap-close-output.patch,
ld-show-auxv-colon.patch, ldconfig-leak-empty-paths.patch,
librt-null-pointer.patch, pthread-kill-fail-after-exit.patch,
pthread-kill-race-thread-exit.patch, pthread-kill-return-esrch.patch,
pthread-kill-send-specific-thread.patch,
pthread-mutexattr-getrobust-np-type.patch,
setxid-deadlock-blocked-signals.patch,
sysconf-nprocessors-affinity.patch, x86-string-control-test.patch:
Removed.
++++ llvm15:
- Update to version 13.0.1.
* This release contains bug-fixes for the LLVM 13.0.0 release.
This release is API and ABI compatible with 13.0.0.
- Rebase llvm-do-not-install-static-libraries.patch.
- Drop obsolete patches:
* llvm-fix-building-with-GCC-12.patch
- Drop RUNPATH from packaged binaries, instead set LD_LIBRARY_PATH
for building and testing to simulate behavior of actual package.
++++ libcontainers-common:
- Update storage to 1.38.2
- Update image to 5.19.1
- Update Podman to 3.4.4
- Update common to 0.47.3
++++ openssl-1_1:
- Enable zlib compression support [bsc#1195149]
++++ python310-pyparsing:
- specfile:
* update copyright year
- update to version 3.0.7:
* Fixed bug #345, in which delimitedList changed expressions in
place using expr.streamline(). Reported by Kim Gräsman, thanks!
* Fixed bug #346, when a string of word characters was passed to
WordStart or WordEnd instead of just taking the default
value. Originally posted as a question by Parag on StackOverflow,
good catch!
* Fixed bug #350, in which White expressions could fail to match due
to unintended whitespace-skipping. Reported by Fu Hanxi, thank
you!
* Fixed bug #355, when a QuotedString is defined with characters in
its quoteChar string containing regex-significant characters such
as ., *, ?, [, ], etc.
* Fixed bug in ParserElement.run_tests where comments would be
displayed using with_line_numbers.
* Added optional "min" and "max" arguments to `delimited_list`. PR
submitted by Marius, thanks!
* Added new API change note in `whats_new_in_pyparsing_3_0_0`,
regarding a bug fix in the `bool()` behavior of `ParseResults`.
* Prior to pyparsing 3.0.x, the `ParseResults` class implementation
of `__bool__` would return `False` if the `ParseResults` item list
was empty, even if it contained named results. In 3.0.0 and later,
`ParseResults` will return `True` if either the item list is not
empty *or* if the named results dict is not empty.
* Minor enhancement to Word generation of internal regular
expression, to emit consecutive characters in range, such as "ab",
as "ab", not "a-b".
* Fixed character ranges for search terms using non-Western
characters in booleansearchparser, PR submitted by tc-yu, nice
work!
* Additional type annotations on public methods.
++++ vim:
- fixes boo#1195509 CVE-2022-0443
- Updated to version 8.2.4286, fixes the following problems
* Compiler warning for uninitialized variable.
* Unused entry in keymap enum.
* CI log output is long.
* Coverity warns for using a NULL pointer.
* Generating nv_cmdidxs.h requires building Vim twice.
* Vim9 expr test fails without the channel feature. (Dominique Pellé)
* The EBCDIC support is outdated.
* Basic and form filetype detection is incomplete.
* Cannot use an autoload function from a package under start.
* Separate test function for the GUI scrollbar.
* Vim9: an import does not shadow a command modifier.
* Build with Athena GUI fails. (Elimar Riesebieter)
* Vim9: cannot change item type with map() after range().
* list-dict test crashes.
* Using freed memory with :lopen and :bwipe.
* Restricted mode requires the -Z command line option.
* Using a variable for the return value is not needed.
* Old mac resources files are no longer used.
* Vim9: type of item in for loop not checked properly.
* Vim9: strict type checking after copy() and deepcopy().
------------------------------------------------------------------
------------------ 2022-2-2 - Feb 2 2022 -------------------
------------------------------------------------------------------
++++ findutils:
- Update to 4.9.0.
Announcement: https://savannah.gnu.org/forum/forum.php?forum_id=10108
- gnulib-port-year2038-to-glibc-2.34.patch: Remove now-upstream patch.
- findutils.spec: Update version and remove above patch.
- findutils-xautofs.patch: Refresh.
++++ kernel-default:
- cifs: fix workstation_name for multiuser mounts (bsc#1195360).
- commit 6d27379
- Linux 5.16.5 (bsc#1012628).
- mtd: rawnand: mpc5121: Remove unused variable in
ads5121_select_chip() (bsc#1012628).
- block: Fix wrong offset in bio_truncate() (bsc#1012628).
- KVM: nVMX: Allow VMREAD when Enlightened VMCS is in use
(bsc#1012628).
- KVM: nVMX: Implement evmcs_field_offset() suitable for
handle_vmread() (bsc#1012628).
- KVM: nVMX: Rename vmcs_to_field_offset{,_table} (bsc#1012628).
- tools/testing/scatterlist: add missing defines (bsc#1012628).
- usr/include/Makefile: add linux/nfc.h to the compile-test
coverage (bsc#1012628).
- usb: dwc3: xilinx: fix uninitialized return value (bsc#1012628).
- psi: fix "defined but not used" warnings when CONFIG_PROC_FS=n
(bsc#1012628).
- psi: fix "no previous prototype" warnings when CONFIG_CGROUPS=n
(bsc#1012628).
- perf/core: Fix cgroup event list management (bsc#1012628).
- PCI: mt7621: Remove unused function pcie_rmw() (bsc#1012628).
- dt-bindings: can: tcan4x5x: fix mram-cfg RX FIFO config
(bsc#1012628).
- irqchip/realtek-rtl: Fix off-by-one in routing (bsc#1012628).
- irqchip/realtek-rtl: Map control data to virq (bsc#1012628).
- net: bridge: vlan: fix memory leak in __allowed_ingress
(bsc#1012628).
- ipv4: remove sparse error in ip_neigh_gw4() (bsc#1012628).
- ipv4: tcp: send zero IPID in SYNACK messages (bsc#1012628).
- ipv4: raw: lock the socket in raw_bind() (bsc#1012628).
- net: bridge: vlan: fix single net device option dumping
(bsc#1012628).
- Revert "ipv6: Honor all IPv6 PIO Valid Lifetime values"
(bsc#1012628).
- gve: Fix GFP flags when allocing pages (bsc#1012628).
- ceph: put the requests/sessions when it fails to alloc memory
(bsc#1012628).
- KVM: selftests: Don't skip L2's VMCALL in SMM test for SVM guest
(bsc#1012628).
- Revert "drm/ast: Support 1600x900 with 108MHz PCLK"
(bsc#1012628).
- sch_htb: Fail on unsupported parameters when offload is
requested (bsc#1012628).
- KVM: selftests: Re-enable access_tracking_perf_test
(bsc#1012628).
- net: hns3: handle empty unknown interrupt for VF (bsc#1012628).
- net: cpsw: Properly initialise struct page_pool_params
(bsc#1012628).
- yam: fix a memory leak in yam_siocdevprivate() (bsc#1012628).
- drm/msm/a6xx: Add missing suspend_count increment (bsc#1012628).
- drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc
(bsc#1012628).
- drm/msm/hdmi: Fix missing put_device() call in msm_hdmi_get_phy
(bsc#1012628).
- hwmon: (nct6775) Fix crash in clear_caseopen (bsc#1012628).
- can: tcan4x5x: regmap: fix max register value (bsc#1012628).
- video: hyperv_fb: Fix validation of screen resolution
(bsc#1012628).
- net/smc: Transitional solution for clcsock race issue
(bsc#1012628).
- ibmvnic: don't spin in tasklet (bsc#1012628).
- ibmvnic: init ->running_cap_crqs early (bsc#1012628).
- ibmvnic: Allow extra failures before disabling (bsc#1012628).
- ipv4: fix ip option filtering for locally generated fragments
(bsc#1012628).
- powerpc/perf: Fix power_pmu_disable to call
clear_pmi_irq_pending only if PMI is pending (bsc#1012628).
- hwmon: (adt7470) Prevent divide by zero in adt7470_fan_write()
(bsc#1012628).
- hwmon: (lm90) Fix sysfs and udev notifications (bsc#1012628).
- hwmon: (lm90) Mark alert as broken for MAX6654 (bsc#1012628).
- hwmon: (lm90) Re-enable interrupts after alert clears
(bsc#1012628).
- Drivers: hv: balloon: account for vmbus packet header in
max_pkt_size (bsc#1012628).
- block: fix memory leak in
disk_register_independent_access_ranges (bsc#1012628).
- io_uring: fix bug in slow unregistering of nodes (bsc#1012628).
- efi/libstub: arm64: Fix image check alignment at entry
(bsc#1012628).
- rxrpc: Adjust retransmission backoff (bsc#1012628).
- octeontx2-af: Add KPU changes to parse NGIO as separate layer
(bsc#1012628).
- octeontx2-pf: Forward error codes to VF (bsc#1012628).
- octeontx2-af: cn10k: Do not enable RPM loopback for LPC
interfaces (bsc#1012628).
- octeontx2-af: Increase link credit restore polling timeout
(bsc#1012628).
- octeontx2-pf: cn10k: Ensure valid pointers are freed to aura
(bsc#1012628).
- octeontx2-af: cn10k: Use appropriate register for LMAC enable
(bsc#1012628).
- octeontx2-af: Retry until RVU block reset complete
(bsc#1012628).
- octeontx2-af: Fix LBK backpressure id count (bsc#1012628).
- octeontx2-af: Do not fixup all VF action entries (bsc#1012628).
- phylib: fix potential use-after-free (bsc#1012628).
- net: stmmac: dwmac-visconti: Fix clock configuration for RMII
mode (bsc#1012628).
- net: stmmac: dwmac-visconti: Fix bit definitions for
ETHER_CLK_SEL (bsc#1012628).
- ethtool: Fix link extended state for big endian (bsc#1012628).
- net: phy: broadcom: hook up soft_reset for BCM54616S
(bsc#1012628).
- sched/pelt: Relax the sync of util_sum with util_avg
(bsc#1012628).
- perf: Fix perf_event_read_local() time (bsc#1012628).
- powerpc/64s: Mask SRR0 before checking against the masked NIP
(bsc#1012628).
- remoteproc: qcom: q6v5: fix service routines build errors
(bsc#1012628).
- netfilter: conntrack: don't increment invalid counter on
NF_REPEAT (bsc#1012628).
- powerpc64/bpf: Limit 'ldbrx' to processors compliant with ISA
v2.06 (bsc#1012628).
- SUNRPC: Don't dereference xprt->snd_task if it's a cookie
(bsc#1012628).
- KVM: arm64: pkvm: Use the mm_ops indirection for cache
maintenance (bsc#1012628).
- NFS: Ensure the server has an up to date ctime before renaming
(bsc#1012628).
- NFS: Ensure the server has an up to date ctime before
hardlinking (bsc#1012628).
- ipv6: annotate accesses to fn->fn_sernum (bsc#1012628).
- drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable
(bsc#1012628).
- drm/msm/dsi: Fix missing put_device() call in dsi_get_phy
(bsc#1012628).
- drm/msm: Fix wrong size calculation (bsc#1012628).
- net-procfs: show net devices bound packet types (bsc#1012628).
- NFSv4: nfs_atomic_open() can race when looking up a non-regular
file (bsc#1012628).
- NFSv4: Handle case where the lookup of a directory fails
(bsc#1012628).
- hwmon: (lm90) Reduce maximum conversion rate for G781
(bsc#1012628).
- ipv4: avoid using shared IP generator for connected sockets
(bsc#1012628).
- ping: fix the sk_bound_dev_if match in ping_lookup
(bsc#1012628).
- hwmon: (lm90) Mark alert as broken for MAX6680 (bsc#1012628).
- hwmon: (lm90) Mark alert as broken for MAX6646/6647/6649
(bsc#1012628).
- net: fix information leakage in /proc/net/ptype (bsc#1012628).
- ARM: 9170/1: fix panic when kasan and kprobe are enabled
(bsc#1012628).
- ipv6_tunnel: Rate limit warning messages (bsc#1012628).
- scsi: bnx2fc: Flush destroy_work queue before calling
bnx2fc_interface_put() (bsc#1012628).
- scsi: elx: efct: Don't use GFP_KERNEL under spin lock
(bsc#1012628).
- rpmsg: char: Fix race between the release of rpmsg_eptdev and
cdev (bsc#1012628).
- rpmsg: char: Fix race between the release of rpmsg_ctrldev
and cdev (bsc#1012628).
- usb: roles: fix include/linux/usb/role.h compile issue
(bsc#1012628).
- i40e: fix unsigned stat widths (bsc#1012628).
- i40e: Fix for failed to init adminq while VF reset
(bsc#1012628).
- i40e: Fix queues reservation for XDP (bsc#1012628).
- i40e: Fix issue when maximum queues is exceeded (bsc#1012628).
- i40e: Increase delay to 1 s after global EMP reset
(bsc#1012628).
- powerpc/32: Fix boot failure with GCC latent entropy plugin
(bsc#1012628).
- powerpc/32s: Fix kasan_init_region() for KASAN (bsc#1012628).
- powerpc/32s: Allocate one 256k IBAT instead of two consecutives
128k IBATs (bsc#1012628).
- x86/cpu: Add Xeon Icelake-D to list of CPUs that support PPIN
(bsc#1012628).
- x86/MCE/AMD: Allow thresholding interface updates after init
(bsc#1012628).
- PCI/sysfs: Find shadow ROM before static attribute
initialization (bsc#1012628).
- sched/membarrier: Fix membarrier-rseq fence command missing
from query bitmask (bsc#1012628).
- ocfs2: fix a deadlock when commit trans (bsc#1012628).
- jbd2: export jbd2_journal_[grab|put]_journal_head (bsc#1012628).
- mm, kasan: use compare-exchange operation to set KASAN page tag
(bsc#1012628).
- mt76: connac: introduce MCU_CE_CMD macro (bsc#1012628).
- ucsi_ccg: Check DEV_INT bit only when starting CCG4
(bsc#1012628).
- usb: typec: tcpm: Do not disconnect when receiving VSAFE0V
(bsc#1012628).
- usb: typec: tcpm: Do not disconnect while receiving VBUS off
(bsc#1012628).
- usb: typec: tcpci: don't touch CC line if it's Vconn source
(bsc#1012628).
- USB: core: Fix hang in usb_kill_urb by adding memory barriers
(bsc#1012628).
- usb: dwc3: xilinx: Fix error handling when getting USB3 PHY
(bsc#1012628).
- usb: dwc3: xilinx: Skip resets and USB3 register settings for
USB2.0 mode (bsc#1012628).
- usb: cdnsp: Fix segmentation fault in cdns_lost_power function
(bsc#1012628).
- usb: gadget: f_sourcesink: Fix isoc transfer for
USB_SPEED_SUPER_PLUS (bsc#1012628).
- usb: common: ulpi: Fix crash in ulpi_match() (bsc#1012628).
- usb: xhci-plat: fix crash when suspend if remote wake enable
(bsc#1012628).
- usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge
(bsc#1012628).
- kbuild: remove include/linux/cyclades.h from header file check
(bsc#1012628).
- tty: Add support for Brainboxes UC cards (bsc#1012628).
- tty: Partially revert the removal of the Cyclades public API
(bsc#1012628).
- tty: n_gsm: fix SW flow control encoding/handling (bsc#1012628).
- tty: rpmsg: Fix race condition releasing tty port (bsc#1012628).
- serial: stm32: fix software flow control transfer (bsc#1012628).
- serial: 8250: of: Fix mapped region size when using reg-offset
property (bsc#1012628).
- serial: pl011: Fix incorrect rs485 RTS polarity on set_mctrl
(bsc#1012628).
- dm: properly fix redundant bio-based IO accounting
(bsc#1012628).
- block: add bio_start_io_acct_time() to control start_time
(bsc#1012628).
- dm: revert partial fix for redundant bio-based IO accounting
(bsc#1012628).
- arm64: extable: fix load_unaligned_zeropad() reg indices
(bsc#1012628).
- security, lsm: dentry_init_security() Handle multi LSM
registration (bsc#1012628).
- KVM: PPC: Book3S HV Nested: Fix nested HFSCR being clobbered
with multiple vCPUs (bsc#1012628).
- KVM: x86: Sync the states size with the XCR0/IA32_XSS at,
any time (bsc#1012628).
- KVM: x86: Update vCPU's runtime CPUID on write to MSR_IA32_XSS
(bsc#1012628).
- KVM: x86: Keep MSR_IA32_XSS unchanged for INIT (bsc#1012628).
- KVM: x86: Check .flags in kvm_cpuid_check_equal() too
(bsc#1012628).
- KVM: x86: Forcibly leave nested virt when SMM state is toggled
(bsc#1012628).
- KVM: x86: Free kvm_cpuid_entry2 array on post-KVM_RUN
KVM_SET_CPUID{,2} (bsc#1012628).
- KVM: x86: Move CPUID.(EAX=0x12,ECX=1) mangling to
__kvm_update_cpuid_runtime() (bsc#1012628).
- KVM: x86: nSVM: skip eax alignment check for non-SVM
instructions (bsc#1012628).
- KVM: SVM: Don't intercept #GP for SEV guests (bsc#1012628).
- KVM: SVM: Never reject emulation due to SMAP errata for !SEV
guests (bsc#1012628).
- KVM: LAPIC: Also cancel preemption timer during SET_LAPIC
(bsc#1012628).
- drm/amd/display: Wrap dcn301_calculate_wm_and_dlg for FPU
(bsc#1012628).
- drm/amd/display: Fix FP start/end for dcn30_internal_validate_bw
(bsc#1012628).
- drm/amdgpu/display: Remove t_srx_delay_us (bsc#1012628).
- drm/amdgpu: filter out radeon secondary ids as well
(bsc#1012628).
- drm/atomic: Add the crtc to affected crtc only if uapi.enable =
true (bsc#1012628).
- drm/etnaviv: relax submit size limits (bsc#1012628).
- perf/x86/intel: Add a quirk for the calculation of the number
of counters on Alder Lake (bsc#1012628).
- perf/x86/intel/uncore: Fix CAS_COUNT_WRITE issue for ICX
(bsc#1012628).
- powerpc/audit: Fix syscall_get_arch() (bsc#1012628).
- psi: Fix uaf issue when psi trigger is destroyed while being
polled (bsc#1012628).
- Revert "KVM: SVM: avoid infinite loop on NPF from bad address"
(bsc#1012628).
- fsnotify: fix fsnotify hooks in pseudo filesystems
(bsc#1012628).
- fsnotify: invalidate dcache before IN_DELETE event
(bsc#1012628).
- ceph: set pool_ns in new inode layout for async creates
(bsc#1012628).
- ceph: properly put ceph_string reference after async create
attempt (bsc#1012628).
- tracing: Don't inc err_log entry count if entry allocation fails
(bsc#1012628).
- tracing: Propagate is_signed to expression (bsc#1012628).
- tracing/histogram: Fix a potential memory leak for kstrdup()
(bsc#1012628).
- PM: wakeup: simplify the output logic of pm_show_wakelocks()
(bsc#1012628).
- efi: runtime: avoid EFIv2 runtime services on Apple x86 machines
(bsc#1012628).
- udf: Fix NULL ptr deref when converting from inline format
(bsc#1012628).
- udf: Restore i_lenAlloc when inode expansion fails
(bsc#1012628).
- scsi: zfcp: Fix failed recovery on gone remote port with
non-NPIV FCP devices (bsc#1012628).
- ucount: Make get_ucount a safe get_user replacement
(bsc#1012628).
- powerpc/bpf: Update ldimm64 instructions during extra pass
(bsc#1012628).
- powerpc32/bpf: Fix codegen for bpf-to-bpf calls (bsc#1012628).
- bpf: Guard against accessing NULL pt_regs in
bpf_get_task_stack() (bsc#1012628).
- s390/nmi: handle vector validity failures for KVM guests
(bsc#1012628).
- s390/nmi: handle guarded storage validity failures for KVM
guests (bsc#1012628).
- s390/hypfs: include z/VM guests with access control group set
(bsc#1012628).
- s390/module: fix loading modules with a lot of relocations
(bsc#1012628).
- KVM: arm64: vgic-v3: Restrict SEIS workaround to known broken
systems (bsc#1012628).
- KVM: arm64: Use shadow SPSR_EL1 when injecting exceptions on
!VHE (bsc#1012628).
- ARM: 9180/1: Thumb2: align ALT_UP() sections in modules
sufficiently (bsc#1012628).
- ARM: 9179/1: uaccess: avoid alignment faults in
copy_[from|to]_kernel_nofault (bsc#1012628).
- net: stmmac: skip only stmmac_ptp_register when resume from
suspend (bsc#1012628).
- net: stmmac: configure PTP clock source prior to PTP
initialization (bsc#1012628).
- net: sfp: ignore disabled SFP node (bsc#1012628).
- can: m_can: m_can_fifo_{read,write}: don't read or write
from/to FIFO if length is 0 (bsc#1012628).
- btrfs: update writeback index when starting defrag
(bsc#1012628).
- btrfs: add back missing dirty page rate limiting to defrag
(bsc#1012628).
- btrfs: fix deadlock when reserving space during defrag
(bsc#1012628).
- btrfs: defrag: properly update range->start for autodefrag
(bsc#1012628).
- btrfs: defrag: fix wrong number of defragged sectors
(bsc#1012628).
- btrfs: allow defrag to be interruptible (bsc#1012628).
- btrfs: fix too long loop when defragging a 1 byte file
(bsc#1012628).
- Bluetooth: refactor malicious adv data check (bsc#1012628).
- commit 5681efc
++++ libgpg-error:
- Update to 1.44:
* Fix dependency to gpg-error-config-test.sh.
* Run the posix locking test only on supported platforms.
* Detect Linux systems using musl.
* Fix gpg-error-config-test for PKG_CONFIG_LIBDIR.
* Fix returning of option attributes for options with args.
* Add Turkish translations.
++++ multipath-tools:
- Version 0.8.8+45+suse.628d603e
* fix handling of historical-service-time path selector (bsc#1195425)
* fix marking multipath devices as failed prematurely on startup
(bsc#1195426)
* multipathd.service: remove LimitCORE=infinity directive
This should only be enabled for debugging.
* multipathd.service: don't load scsi_dh modules (bsc#1195397)
This is done via modules-load.d functionality on (open)SUSE
- Upstream fixes:
* Fix claiming of paths with "find_multipaths strict"
* Avoid unnecessary read-only reloads
++++ ncurses:
- Do not remove detection of getttynam() to avoid fallback
as with patch 6.3 20211204 this is obsolete
- Add ncurses patch 20220129
+ minor updates for test-packages
+ improve handling of --with-pkg-config-libdir option, allowing for the
case where either $PKG_CONFIG_LIBDIR or the option value has a
colon-separated list of directories (report by Rudi Heitbaum,
cf: 20211113).
+ update kitty -TD
- Add ncurses patch 20220122
+ add ABI 7 defaults to configure script.
+ add warning in configure script if file specified for "--with-caps"
does not exist.
+ use fix for CF_FIX_WARNINGS from cdk-perl, ignoring error-exit on
format-warnings.
+ improve readability of long parameterized expressions with the
infocmp "-f" option by allowing split before a "%p" marker.
- Correct offsets of patch ncurses-6.3.dif
++++ systemd:
- Make more use of %{_unitdir} in files.{systemd,container}
++++ python-psutil:
- Fix name of Patch4, it is skip-partitions-erros.patch
++++ u-boot-rpiarm64:
- Add nanopc-t4-rk3399 and nanopi-m4b-rk3399 flavor
------------------------------------------------------------------
------------------ 2022-2-1 - Feb 1 2022 -------------------
------------------------------------------------------------------
++++ cups:
- Enhanced harden_cups.service.patch by adding
ReadWritePaths=/etc/cups
because cupsd needs write access in /etc/cups
(boo#1195288)
++++ lvm2-device-mapper:
- udev: create symlinks and watch even in suspended state (bsc#1195231)
+ (add) 0043-udev-create-symlinks-and-watch-even-in-suspended-sta.patch
++++ gobject-introspection:
- Add upstream patches to fix build with meson 0.61.0 and newer:
+ 7c1178069f1c58a05ec56a94ca6ba124215a947b.patch
+ effb1e09dee263cdac4ec593e8caf316e6f01fe2.patch
+ 827494d6415b696a98fa195cbd883b50cc893bfc.patch
++++ kbd:
- use bash for invoking bash scripts (bsc#1195391)
++++ kdump:
- kdump-calibrate.conf-depends-on-kdumptool.patch: calibrate.conf:
Add dependency on kdumptool.
- kdump-calibrate-fix-nic-naming.patch: calibrate: Fix network
interface naming.
- kdump-calibrate-include-af_packet.patch: calibrate: Explicitly
include af_packet in the test initrd.
- Update to 1.0.2
* Adjust crash kernel reservation at boot time (jsc#SLE-18441).
- All remaining patches have been upstreamed:
* kdump-fillupdir-fixes.patch
* kdump-use-pbl.patch
* kdump-calibrate-Ignore-malformed-VMCOREINFO.patch
++++ kernel-default:
- Input: synaptics: retry query upon error (bsc#1194086).
- commit cfcc1f5
- Input: elan_i2c: Add deny list for Lenovo Yoga Slim 7
(bsc#1193064).
- commit 26e60ad
++++ libgcrypt:
- FIPS: Disable DSA in FIPS mode [bsc#1195385]
* Upstream task: https://dev.gnupg.org/T5710
* Add libgcrypt-FIPS-disable-DSA.patch
++++ lvm2:
- udev: create symlinks and watch even in suspended state (bsc#1195231)
+ (add) 0043-udev-create-symlinks-and-watch-even-in-suspended-sta.patch
++++ ncurses:
- use bash everywhere, the scripts are not posix shell compatible
(bsc#1195391)
++++ openssl-3:
- Fix conflict with openssl and libressl
++++ rpm:
- invoke find-lang.sh with bash, it is a bash script (bsc#1195391)
++++ systemd:
- Installation of libnss_mymachines.so depended on %{bootstrap} but it is
actually installed when %{with machined} is true.
- Call ldconfig when container subpackage is installed since it ships
nss-mymachines NSS plug-in module.
++++ libusb-1_0:
- Update to version 1.0.25
* Fix regression with some particular devices
* Fix regression with libusb_handle_events_timeout_completed()
* Fix regression with cpu usage in libusb_bulk_transfer
* New NO_DEVICE_DISCOVERY option replaces WEAK_AUTHORITY option
* Various other bug fixes and improvements
- Drop not longer needed patch:
* 0001-fix-descriptor-parsing.patch
++++ libzypp:
- Public header files on older distros must use c++11
(bsc#1194597)
- Fix exception handling when reading or writing credentials
(bsc#1194898)
- version 17.29.3 (22)
++++ psmisc:
- Change patch 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch
* Determine the namespace of a process only once to speed
up the parsing of fdinfo (bsc#1194172).
- Adopt patch 0002-Use-new-statx-2-system-call-to-avoid-hangs-on-NFS.patch
++++ sudo:
- Update to 1.9.9
* Sudo can now be built with OpenSSL 3.0 without generating
warnings about deprecated OpenSSL APIs.
* A digest can now be specified along with the ALL command in
the LDAP and SSSD back-ends. Sudo 1.9.0 introduced support for
this in the sudoers file but did not include corresponding
changes for the other back-ends.
* visudo now only warns about an undefined alias or a cycle in
an alias once for each alias.
* The sudoRole cn was truncated by a single character in warning
messages. GitHub issue #115.
* The cvtsudoers utility has new --group-file and --passwd-file
options to use a custom passwd or group file when the
- -match-local option is also used.
* The cvtsudoers utility can now filter or match based on a command.
* The cvtsudoers utility can now produce output in csv
(comma-separated value) format. This can be used to help generate
entitlement reports.
* Fixed a bug in sudo_logsrvd that could result in the connection
being dropped for very long command lines.
* Fixed a bug where sudo_logsrvd would not accept a restore point
of zero.
* Fixed a bug in visudo where the value of the editor setting was
not used if it did not match the user’s EDITOR environment
variable. This was only a problem if the env_editor setting was
not enabled. Bug #1000.
* Sudo now builds with the -fcf-protection compiler option and the
- z now linker option if supported.
* The output of sudoreplay -l now more closely matches the
traditional sudo log format.
* The sudo_sendlog utility will now use the full contents of the
log.json file, if present. This makes it possible to send
sudo-format I/O logs that use the newer log.json format to
sudo_logsrvd without losing any information.
* Fixed compilation of the arc4random_buf() replacement on systems
with arc4random() but no arc4random_buf(). Bug #1008.
* Sudo now uses its own getentropy() by default on Linux. The GNU
libc version of getentropy() will fail on older kernels that
don’t support the getrandom() system call.
* It is now possible to build sudo with WolfSSL’s OpenSSL
compatibility layer by using the --enable-wolfssl configure
option.
* Fixed a bug related to Daylight Saving Time when parsing
timestamps in Generalized Time format. This affected the NOTBEFORE
and NOTAFTER options in sudoers. Bug #1006.
* Added the -O and -P options to visudo, which can be used to check
or set the owner and permissions. This can be used in conjunction
with the -c option to check that the sudoers file ownership and
permissions are correct. Bug #1007.
* It is now possible to set resource limits in the sudoers file
itself. The special values default and “user†refer to the
default system limit and invoking user limit respectively. The
core dump size limit is now set to 0 by default unless overridden
by the sudoers file.
* The cvtsudoers utility can now merge multiple sudoers sources into
a single, combined sudoers file. If there are conflicting entries,
cvtsudoers will attempt to resolve them but manual intervention
may be required. The merging of sudoers rules is currently fairly
simplistic but will be improved in a future release.
* Sudo was parsing but not applying the “deref†and “tls_reqcertâ€
ldap.conf settings. This meant the options were effectively ignored
which broke dereferencing of aliases in LDAP. Bug #1013.
* Clarified in the sudo man page that the security policy may
override the user’s PATH environment variable. Bug #1014.
* When sudo is run in non-interactive mode (with the -n option), it
will now attempt PAM authentication and only exit with an error if
user interaction is required. This allows PAM modules that don’t
interact with the user to succeed. Previously, sudo would not
attempt authentication if the -n option was specified. Bug #956
and GitHub issue #83.
* Fixed a regression introduced in version 1.9.1 when sudo is built
with the --with-fqdn configure option. The local host name was
being resolved before the sudoers file was processed, making it
impossible to disable DNS lookups by negating the fqdn sudoers
option. Bug #1016.
* Added support for negated sudoUser attributes in the LDAP and SSSD
sudoers back ends. A matching sudoUser that is negated will cause
the sudoRole containing it to be ignored.
* Fixed a bug where the stack resource limit could be set to a value
smaller than that of the invoking user and not be reset before the
command was run. Bug #1016.
- sudo no longer ships schema for LDAP.
- sudo-feature-negated-LDAP-users.patch dropped, included upstream
- refreshed sudo-sudoers.patch
++++ systemd-presets-common-SUSE:
- enable vgauthd service for VMWare by default (bsc#1195251)
++++ sysuser-tools:
- invoke bash for bash scripts (bsc#1195391)
++++ wpa_supplicant:
- drop restore-old-dbus-interface.patch, wicked has been
switching to the new dbus interface in version 0.6.66.
- drop wpa_supplicant-getrandom.patch : glibc has been updated
so the getrandom() wrapper is now there
- config:
* enable QCA vendor extensions to nl80211
* enable EAP-EKE
* Support HT overrides
* WPA3-Enterprise
* TLS v1.1 and TLS v1.2
* Fast Session Transfer (FST)
* Automatic Channel Selection
* Multi Band Operation
* Fast Initial Link Setup
* Mesh Networking (IEEE 802.11s)
------------------------------------------------------------------
------------------ 2022-1-31 - Jan 31 2022 -------------------
------------------------------------------------------------------
++++ cockpit:
- change self-signed cert group from cockpit-wsintance to
cockpit-ws on upgrade
- update to new LTS version from openSUSE:Factory
- port remove-pwscore.patch
* remove dependency on pwscore (bsc#1182924)
* remove password strenth indicator
- port branding changes as suse-microos "theme"
* remove suse_cockpit_assets.tar.gz
* add suse-microos-branding.tar.gz
* remove branding_tests.patch
* add suse-microos-branding.patch
- remove files not needed to build this version anymore
* webpack-warnings-are-not-errors.patch
* github_package.patch
* nodejs_output_helper.bash
- remove cockpit.permissions workaround (bsc#1169614)
++++ cockpit-machines:
- Remove translate-toolkit which is not available in SLE
++++ cyrus-sasl:
- cyrus-sasl: prevent fail of %pre when berkely db utils are
not installed (seems like we want to use this only for upgrade
so no Prereq added)
- move license to licensedir
- remove use of RPM_BUILD_ROOT
- minimal spec cleanups
- avoid bashisms
++++ kernel-default:
- kernel-obs-build: include 9p (boo#1195353)
To be able to share files between host and the qemu vm of the build
script, the 9p and 9p_virtio kernel modules need to be included in
the initrd of kernel-obs-build.
- commit 0cfe67a
- config: x86-64: Enable DRM stack for early-boot graphics (boo#1193472)
Replace fbdev's generic drivers with DRM-based simpledrm. Enables the
DRM graphics stack for early-boot graphics, recovery and unsupported
chipsets.
- commit 89d164b
++++ llvm15:
- Update constraints for riscv64
++++ libcap:
- update to 2.63:
* restore errno to zero by the time main() is executed
* Consistent psx handling (a panic) for syscalls that return thread dependent
status Inconsistend behavior noticed by Lorenz Bauer
* Add a test case for a deadlock under investigation in golang
* Trim some of the #include file use to make the tree compile more
efficiently
++++ expat:
- update to 2.4.4 (bsc#1195217, bsc#1195054):
* Security fixes:
- CVE-2022-23852 -- Fix signed integer overflow
(undefined behavior) in function XML_GetBuffer
that is also called by function XML_Parse internally)
for when XML_CONTEXT_BYTES is defined to >0 (which is both
common and default).
Impact is denial of service or more.
- CVE-2022-23990 -- Fix unsigned integer overflow in function
doProlog triggered by large content in element type
declarations when there is an element declaration handler
present (from a prior call to XML_SetElementDeclHandler).
Impact is denial of service or more.
* Bug fixes:
- xmlwf: Fix a memory leak on output file opening error
* Other changes:
- Version info bumped from 9:3:8 to 9:4:8;
see https://verbump.de/ for what these numbers do
* Drop unused file valid-xhtml10.png
++++ lcms2:
- Update to 2.13:
* Added support for premultiplied alpha
* tifficc can now handle alpha channels, both unassociated and premultiplied
* CGATS parser can now deal with very long strings
* Added Projects for Visual Studio 2020
* Added ARM64 target to visual studio 2019 (thanks to gaborkertesz-linaro)
* Added thread safe code to get time
* Added automatic linear space detection
* Added cmsGetStageContextID function
* Added cmsDetectRGBProfileGamma function
* configure now accepts --without-fastfloat to turn plugin off
* Checked to work on STM32 Cortex-A, Cortex-M families
* Bug & typos fixing (thanks to many reporters and contributors)
- Rebase lcms2-visibility.patch
++++ nfs-utils:
- Update to version 2.6.1
- https://kernel.org/pub/linux/utils/nfs-utils/2.6.1/2.6.1-Changelog
- remove patches from this release:
- 0001-gssd-fix-crash-in-debug-message.patch,
- Add-disable-sbin-override-for-when-sbin-is-a-symlink.patch
++++ systemd:
- Import commit 117bd7f14aa7834d85a4306cd380d292bec04108
1395c74be7 udevadm: cleanup-db: don't delete information for kept db entries (bsc#1194912)
bbafc8092a udevadm: cleanup_dir: use dot_or_dot_dot()
- Drop 0006-sysv-generator-add-back-support-for-SysV-scripts-for.patch
0009-sysv-add-back-support-for-all-virtual-facility-and-f.patch
Given the fact that Factory no more ship SysV init scripts since several
months, only scripts coming from 3rd party applications should remain which
are unlikely to rely on the SUSE specifities implemented by these
patches. This change was announced on the Factory mailing list:
https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/thread/3ERUP5ZZJ6PPA36L3HVN46BH6U6JL74O/
- Import commit 885e0b9126bd2cf1e3f6b147c45ec58a5550c75c
41334be59e meson: minor cleanup
3db0c28462 sysusers: split up systemd.conf
- Drop 0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch (bsc#1195153)
Since v241, the patch isn't useful anymore because resolved is no more able to
create /etc/resolv.conf symlink by itself,it runs as 'systemd-resolve'
user. The symlink is now handled by a tmpfiles config file which is only
installed when systemd-resolved is. The tmpfiles config file has currently a
lower priority than the one shipped by netconfig.
- Make use of %ldconfig_scriptlets
++++ salt:
- Fix exception in batch_async caused by a bad function call
- Added:
* drop-serial-from-event.unpack-in-cli.batch_async.patch
++++ vim:
- Updated to version 8.2.4266, fixes the following problems
- CVE-2022-0417 - boo#1195499
- CVE-2022-0413 - boo#1195356
- CVE-2022-0408 - boo#1195359
- CVE-2022-0407 - boo#1195354
- CVE-2022-0393 - boo#1195336
- CVE-2022-0392 - boo#1195332
- CVE-2022-0368 - boo#1195205
- CVE-2022-0361 - boo#1195202
- CVE-2022-0359 - boo#1195203
- CVE-2022-0351 - boo#1195126
- CVE-2022-0319 - boo#1195066
* Cannot use an import in 'patchexpr'.
* Gnuplot file not recognized.
* Not all gitconfig files are recognized.
* All conceal tests are skipped without the screendumps feature.
* json5 files are not recognized.
* Cannot use an import in 'printexpr'.
* Cannot use an import in 'charconvert'.
* Resizing terminal may cause to behave like CTRL-Z.
* Various file types not recognized.
* Cannot use an import in the "expr" part of 'spellsuggest'.
* Vim9: the switch for executing instructions is too long.
* Some tests do not clean up properly.
* When using the GUI CTRL-Z does not stop gvim.
* Vim9: cannot export function that exists globally.
* Entering a character with CTRL-V may include modifiers.
* screenpos() has non-zero row for invisible text.
* The normal_cmd() function is too long.
* Condition with many "(" causes a crash.
* Recursion test fails with MSVC.
* Using setbufvar() may change the window title.
* partial in 'opfunc' cannot use an imported function.
* Window title test fails in some configurations.
* Too much code for supporting old MSVC versions.
* Illegal memory access with large 'tabstop' in Ex mode.
* Illegal memory access when copying lines in Visual mode.
* Vim9: cannot use a function from an autoload import directly.
* Illegal memory access when undo makes Visual area invalid.
* Illegal memory access with bracketed paste in Ex mode.
* Reading before the start of the line.
* Some functions in normal.c are very long.
* Long/int compiler warnings; function arguments swapped.
* Vim9: no error when using a number for map() second argument
* Vim9: depth argument of :lockvar not parsed in :def function.
* Filter-map test fails.
* Vim9: using "lockvar!" in :def function does not work.
* No tests for clicking in the GUI tabline.
* Possible crash when invoking timer callback fails.
* MS-Windows: set_guifontwide() is included but won't work.
* Vim9: map() gives type error when type was not declared.
* Some compilers don't like a goto label without statement.
* Crash when recording and using Select mode.
* test_garbagecollect_now() does not check v:testing as documented.
* Invalid check for NULL pointer.
* Accessing freed memory.
* Record buffer wrong if character in Select mode was not typed.
* *.tf file could be fileytpe "tf" or "terraform".
* Build fails with unusual configuration.
* Error for using flatten() in Vim9 script is unclear.
* Some type casts are redundant.
* Put in Visual mode cannot be repeated.
* Lua tests fail with Lua 5.4.4.
* ":retab 0" may cause illegal memory access.
* One error message not in errors.h. (Antonio Colombo)
* Stack corruption when looking for spell suggestions.
* No proper test for moving the window separator.
* The timeout limit for spell suggestions is always 5000 milli seconds.
* Channel out callback test is flaky on Mac.
* Vala files are not recognized.
* Generating the normal command table at runtime is inefficient.
* Using freed memory when substitute uses a recursive function call.
* Using short instead of int.
* Theoretical computation overflow.
* Vim9: finding global function without g: prefix but not finding global
variable is inconsistent.
* Coverity warns for array overrun.
* Number of test functions for GUI events is growing.
* Vim9: can still use a global function without g: at the script level.
* Accessing invalid memory when a regular expression checks the Visual
area while matching in a string.
* Some search tests fail.
* No test for the GUI find/replace dialog.
* Vim9: can use old style autoload function name.
* Autoload tests fails.
* Compiler warning for uninitialized variable.
++++ wpa_supplicant:
- config:
* Reenable Fast BSS Transition (likely fixing bsc#1195312)
* Enable OCV, security feature that prevents MITM
multi-channel attacks
* Enable OWE for better hotspot support
------------------------------------------------------------------
------------------ 2022-1-30 - Jan 30 2022 -------------------
------------------------------------------------------------------
++++ gzip:
- add conflicts/provides for alternative(gzip)
- modernize spec file
++++ kernel-default:
- Update to 5.17-rc2
- eliminate 3 patches
- patches.suse/s390-uaccess-fix-compile-error.patch
- patches.suse/tcp-Add-a-stub-for-sk_defer_free_flush.patch
- patches.suse/tcp-add-a-missing-sk_defer_free_flush-in-tcp_splice_.patch
- refresh configs
- commit e736c55
++++ zstd:
- enable zlib/gzip compatible backend, as zlib is significantly
(50%-100%) faster than gzip
- add zstd-gzip compatibility subpackage which can be used
as a drop in compatible replacement for gzip
- small spec file cleanups
++++ python-psutil:
- Add skip-partitions-erros.patch skipping tests failing on Linux
(gh#giampaolo/psutil#2043).
------------------------------------------------------------------
------------------ 2022-1-29 - Jan 29 2022 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Linux 5.16.4 (bsc#1012628).
- drm/amd/display: reset dcn31 SMU mailbox on failures
(bsc#1012628).
- io_uring: fix not released cached task refs (bsc#1012628).
- bnx2x: Utilize firmware 7.13.21.0 (bsc#1012628).
- bnx2x: Invalidate fastpath HSI version for VFs (bsc#1012628).
- memcg: better bounds on the memcg stats updates (bsc#1012628).
- rcu: Tighten rcu_advance_cbs_nowake() checks (bsc#1012628).
- select: Fix indefinitely sleeping task in
poll_schedule_timeout() (bsc#1012628).
- arm64/bpf: Remove 128MB limit for BPF JIT programs
(bsc#1012628).
- commit b146677
- drm/vmwgfx: Fix stale file descriptors on failed usercopy
(CVE-2022-22942 bsc#1195065).
- commit c31491c
------------------------------------------------------------------
------------------ 2022-1-28 - Jan 28 2022 -------------------
------------------------------------------------------------------
++++ bash-completion:
- remove PS1-completion-boo903362.patch as it breaks on non-bash
shells and the original problem in
bsc#903362#c9 does not occur anymore
- add versioned dependency to bash versions that have the fix
++++ cockpit:
- new version 251.3
* https://cockpit-project.org/blog/cockpit-251.html
with additional fixes
* Fix "Administrative Access" prompt for "Duo" MFA
++++ cockpit-machines:
- Re-add source-offset to _service.
++++ dracut:
- Update to version 055+suse.226.g44139dde:
* fix(zfcp_rules): remove collect based udev rule creators
* fix(dasd_rules): remove collect based udev rule creators
* fix(kernel-modules-extra): handle zstd module extension
* fix(ifcfg): add SUSE specific write-ifcfg file (bsc#1193518)
* fix(dracut-functions): skip iSCSI sessions without initiatorname (bsc#1195011)
* fix(dracut-functions.sh): ip route parsing (bsc#1195011)
* fix(fips): missing sourcing of dracut-lib
* fix(fips): wrong error message
* fix(network-legacy): install only existing SUSE specific files (bsc#1194879)
* fix(network-legacy): set dhclient as optional (bsc#1194879)
* fix(40network): consistent use of "$gw" for gateway (bsc#1192685)
* fix(multipathd-configure.service): drop unneeded dependencies
* fix(multipath): check if mpathconf is available
* fix(multipathd.service): drop dependencies on iscsi and iscsid
* fix(multipathd.service): adapt to upstream multipath-tools unit file
* fix(multipathd.service): remove dependency on systemd-udev-settle
* fix(fips): avoid shellcheck warnings
* fix(fips): get _vmname value only if it is needed
* fix(fips.sh): respect rd.fips.skipkernel
* fix(fips): alignment with the upstream format
++++ e2fsprogs:
- Update to 1.46.5:
* better handling for resizing to fs sizes which would exceed inode limits
* fix crash in e2fsck fastcommit handling
* fix possibly lost quota limits when e2fsck corrects quota files
* fix tune2fs to properly transfer quota limits when convertion quota files
* add support for handling of version 0 quota files in tune2fs
* teach libss to use libreadline.so.8
* optimize resize2fs cpu usage for large filesystems
* teach libuuid to use getrandom() or getentropy() if available
- libss-add-newer-libreadline.so.8-to-dlopen-path.patch: Remove, merged upstream
- quota-Add-support-to-version-0-quota-format.patch: Remove, merged upstream
- quota-Fold-quota_read_all_dquots-into-quota_update_l.patch: Remove, merged upstream
- quota-Rename-quota_update_limits-to-quota_read_all_d.patch: Remove, merged upstream
- tune2fs-Fix-conversion-of-quota-files.patch: Remove, merged upstream
- e2fsck-Do-not-trash-user-limits-when-processing-orph.patch: Remove, merged upstream
- debugfs-Fix-headers-for-quota-commands.patch: Remove, merged upstream
- quota-Drop-dead-code.patch: Remove, merged upstream
++++ kernel-default:
- tcp: add a missing sk_defer_free_flush() in tcp_splice_read()
(git-fixes).
- commit f8aca60
- tcp: Add a stub for sk_defer_free_flush().
Fix another s390x/zfcpdump build failure.
- commit 235f271
- s390/uaccess: fix compile error.
Fix s390x/zfcpdump build.
- commit d01fea5
- Linux 5.16.3 (bsc#1012628).
- KVM: x86/mmu: Fix write-protection of PTs mapped by the TDP MMU
(bsc#1012628).
- KVM: VMX: switch blocked_vcpu_on_cpu_lock to raw spinlock
(bsc#1012628).
- HID: Ignore battery for Elan touchscreen on HP Envy X360
15t-dr100 (bsc#1012628).
- HID: uhid: Fix worker destroying device without any protection
(bsc#1012628).
- ALSA: core: Fix SSID quirk lookup for subvendor=0 (bsc#1012628).
- cifs: free ntlmsspblob allocated in negotiate (bsc#1012628).
- f2fs: fix to do sanity check on inode type during garbage
collection (bsc#1012628).
- f2fs: fix to do sanity check in is_alive() (bsc#1012628).
- f2fs: fix to do sanity check on last xattr entry in
__f2fs_setxattr() (bsc#1012628).
- f2fs: avoid EINVAL by SBI_NEED_FSCK when pinning a file
(bsc#1012628).
- nfc: llcp: fix NULL error pointer dereference on sendmsg()
after failed bind() (bsc#1012628).
- mtd: rawnand: gpmi: Add ERR007117 protection for
nfc_apply_timings (bsc#1012628).
- mtd: rawnand: gpmi: Remove explicit default gpmi clock setting
for i.MX6 (bsc#1012628).
- mtd: Fixed breaking list in __mtd_del_partition (bsc#1012628).
- mtd: rawnand: davinci: Don't calculate ECC when reading page
(bsc#1012628).
- mtd: rawnand: davinci: Avoid duplicated page read (bsc#1012628).
- mtd: rawnand: davinci: Rewrite function description
(bsc#1012628).
- mtd: rawnand: Export nand_read_page_hwecc_oob_first()
(bsc#1012628).
- mtd: rawnand: ingenic: JZ4740 needs 'oob_first' read page
function (bsc#1012628).
- riscv: Get rid of MAXPHYSMEM configs (bsc#1012628).
- RISC-V: Use common riscv_cpuid_to_hartid_mask() for both SMP=y
and SMP=n (bsc#1012628).
- riscv: try to allocate crashkern region from 32bit addressible
memory (bsc#1012628).
- riscv: Don't use va_pa_offset on kdump (bsc#1012628).
- riscv: use hart id instead of cpu id on machine_kexec
(bsc#1012628).
- riscv: mm: fix wrong phys_ram_base value for RV64 (bsc#1012628).
- x86/gpu: Reserve stolen memory for first integrated Intel GPU
(bsc#1012628).
- tools/nolibc: x86-64: Fix startup code bug (bsc#1012628).
- crypto: x86/aesni - don't require alignment of data
(bsc#1012628).
- tools/nolibc: i386: fix initial stack alignment (bsc#1012628).
- tools/nolibc: fix incorrect truncation of exit code
(bsc#1012628).
- rtc: cmos: take rtc_lock while reading from CMOS (bsc#1012628).
- net: phy: marvell: add Marvell specific PHY loopback
(bsc#1012628).
- ksmbd: uninitialized variable in create_socket() (bsc#1012628).
- ksmbd: fix guest connection failure with nautilus (bsc#1012628).
- ksmbd: add support for smb2 max credit parameter (bsc#1012628).
- ksmbd: move credit charge deduction under processing request
(bsc#1012628).
- ksmbd: limits exceeding the maximum allowable outstanding
requests (bsc#1012628).
- ksmbd: add reserved room in ipc request/response (bsc#1012628).
- media: cec: fix a deadlock situation (bsc#1012628).
- media: ov8865: Disable only enabled regulators on error path
(bsc#1012628).
- media: v4l2-ioctl.c: readbuffers depends on V4L2_CAP_READWRITE
(bsc#1012628).
- media: flexcop-usb: fix control-message timeouts (bsc#1012628).
- media: mceusb: fix control-message timeouts (bsc#1012628).
- media: em28xx: fix control-message timeouts (bsc#1012628).
- media: cpia2: fix control-message timeouts (bsc#1012628).
- media: s2255: fix control-message timeouts (bsc#1012628).
- media: dib0700: fix undefined behavior in tuner shutdown
(bsc#1012628).
- media: redrat3: fix control-message timeouts (bsc#1012628).
- media: pvrusb2: fix control-message timeouts (bsc#1012628).
- media: stk1160: fix control-message timeouts (bsc#1012628).
- media: cec-pin: fix interrupt en/disable handling (bsc#1012628).
- can: softing_cs: softingcs_probe(): fix memleak on registration
failure (bsc#1012628).
- mei: hbm: fix client dma reply status (bsc#1012628).
- iio: adc: ti-adc081c: Partial revert of removal of ACPI IDs
(bsc#1012628).
- iio: trigger: Fix a scheduling whilst atomic issue seen on
tsc2046 (bsc#1012628).
- lkdtm: Fix content of section containing
lkdtm_rodata_do_nothing() (bsc#1012628).
- bus: mhi: pci_generic: Graceful shutdown on freeze
(bsc#1012628).
- bus: mhi: core: Fix reading wake_capable channel configuration
(bsc#1012628).
- bus: mhi: core: Fix race while handling SYS_ERR at power up
(bsc#1012628).
- cxl/pmem: Fix reference counting for delayed work (bsc#1012628).
- cxl/pmem: Fix module reload vs workqueue state (bsc#1012628).
- thermal/drivers/int340x: Fix RFIM mailbox write commands
(bsc#1012628).
- arm64: errata: Fix exec handling in erratum 1418040 workaround
(bsc#1012628).
- ARM: dts: at91: update alternate function of signal PD20
(bsc#1012628).
- iommu/io-pgtable-arm-v7s: Add error handle for page table
allocation failure (bsc#1012628).
- gpu: host1x: Add back arm_iommu_detach_device() (bsc#1012628).
- drm/tegra: Add back arm_iommu_detach_device() (bsc#1012628).
- io_uring: fix no lock protection for ctx->cq_extra
(bsc#1012628).
- virtio/virtio_mem: handle a possible NULL as a memcpy parameter
(bsc#1012628).
- dma_fence_array: Fix PENDING_ERROR leak in
dma_fence_array_signaled() (bsc#1012628).
- PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA
controller (bsc#1012628).
- mm_zone: add function to check if managed dma zone exists
(bsc#1012628).
- dma/pool: create dma atomic pool only if dma zone has managed
pages (bsc#1012628).
- mm/page_alloc.c: do not warn allocation failure on zone DMA
if no managed pages (bsc#1012628).
- ath11k: add string type to search board data in board-2.bin
for WCN6855 (bsc#1012628).
- shmem: fix a race between shmem_unused_huge_shrink and
shmem_evict_inode (bsc#1012628).
- drm/rockchip: dsi: Hold pm-runtime across bind/unbind
(bsc#1012628).
- drm/rockchip: dsi: Reconfigure hardware on resume()
(bsc#1012628).
- drm/ttm: Put BO in its memory manager's lru list (bsc#1012628).
- Bluetooth: hci_vhci: Fix to set the force_wakeup value
(bsc#1012628).
- Bluetooth: mgmt: Fix Experimental Feature Changed event
(bsc#1012628).
- Bluetooth: L2CAP: Fix not initializing sk_peer_pid
(bsc#1012628).
- drm/bridge: display-connector: fix an uninitialized pointer
in probe() (bsc#1012628).
- drm: fix null-ptr-deref in drm_dev_init_release() (bsc#1012628).
- drm/panel: kingdisplay-kd097d04: Delete panel on attach()
failure (bsc#1012628).
- drm/panel: innolux-p079zca: Delete panel on attach() failure
(bsc#1012628).
- drm/rockchip: dsi: Fix unbalanced clock on probe error
(bsc#1012628).
- drm/rockchip: dsi: Disable PLL clock on bind error
(bsc#1012628).
- Bluetooth: virtio_bt: fix memory leak in virtbt_rx_handle()
(bsc#1012628).
- Bluetooth: cmtp: fix possible panic when cmtp_init_sockets()
fails (bsc#1012628).
- clk: bcm-2835: Pick the closest clock rate (bsc#1012628).
- clk: bcm-2835: Remove rounding up the dividers (bsc#1012628).
- drm/vc4: hdmi: Set a default HSM rate (bsc#1012628).
- drm/vc4: hdmi: Move the HSM clock enable to runtime_pm
(bsc#1012628).
- drm/vc4: hdmi: Make sure the controller is powered in detect
(bsc#1012628).
- drm/vc4: hdmi: Make sure the controller is powered up during
bind (bsc#1012628).
- drm/vc4: hdmi: Rework the pre_crtc_configure error handling
(bsc#1012628).
- drm/vc4: crtc: Make sure the HDMI controller is powered when
disabling (bsc#1012628).
- drm/bridge: sn65dsi83: Fix bridge removal (bsc#1012628).
- drm/virtio: fix potential integer overflow on shift of a int
(bsc#1012628).
- drm/virtio: fix another potential integer overflow on shift
of a int (bsc#1012628).
- wcn36xx: ensure pairing of init_scan/finish_scan and
start_scan/end_scan (bsc#1012628).
- wcn36xx: Indicate beacon not connection loss on
MISSED_BEACON_IND (bsc#1012628).
- libbpf: Fix section counting logic (bsc#1012628).
- drm/vc4: hdmi: Enable the scrambler on reconnection
(bsc#1012628).
- libbpf: Fix non-C89 loop variable declaration in gen_loader.c
(bsc#1012628).
- libbpf: Free up resources used by inner map definition
(bsc#1012628).
- wcn36xx: Fix DMA channel enable/disable cycle (bsc#1012628).
- wcn36xx: Release DMA channel descriptor allocations
(bsc#1012628).
- wcn36xx: Put DXE block into reset before freeing memory
(bsc#1012628).
- wcn36xx: populate band before determining rate on RX
(bsc#1012628).
- wcn36xx: fix RX BD rate mapping for 5GHz legacy rates
(bsc#1012628).
- ath11k: Send PPDU_STATS_CFG with proper pdev mask to firmware
(bsc#1012628).
- bpftool: Fix memory leak in prog_dump() (bsc#1012628).
- mtd: hyperbus: rpc-if: Check return value of rpcif_sw_init()
(bsc#1012628).
- media: videobuf2: Fix the size printk format (bsc#1012628).
- media: ipu3-cio2: fix error code in cio2_bridge_connect_sensor()
(bsc#1012628).
- media: atomisp: add missing media_device_cleanup() in
atomisp_unregister_entities() (bsc#1012628).
- media: atomisp: fix punit_ddr_dvfs_enable() argument for
mrfld_power up case (bsc#1012628).
- media: atomisp: fix inverted logic in buffers_needed()
(bsc#1012628).
- media: atomisp: do not use err var when checking port validity
for ISP2400 (bsc#1012628).
- media: atomisp: fix inverted error check for
ia_css_mipi_is_source_port_valid() (bsc#1012628).
- media: atomisp: fix ifdefs in sh_css.c (bsc#1012628).
- media: atomisp: add NULL check for asd obtained from
atomisp_video_pipe (bsc#1012628).
- media: atomisp: fix enum formats logic (bsc#1012628).
- media: atomisp: fix uninitialized bug in
gmin_get_pmic_id_and_addr() (bsc#1012628).
- media: aspeed: fix mode-detect always time out at 2nd run
(bsc#1012628).
- media: em28xx: fix memory leak in em28xx_init_dev (bsc#1012628).
- media: aspeed: Update signal status immediately to ensure sane
hw state (bsc#1012628).
- arm64: dts: amlogic: meson-g12: Fix GPU operating point table
node name (bsc#1012628).
- arm64: dts: amlogic: Fix SPI NOR flash node name for ODROID
N2/N2+ (bsc#1012628).
- arm64: dts: meson-gxbb-wetek: fix HDMI in early boot
(bsc#1012628).
- arm64: dts: meson-gxbb-wetek: fix missing GPIO binding
(bsc#1012628).
- fs: dlm: don't call kernel_getpeername() in error_report()
(bsc#1012628).
- memory: renesas-rpc-if: Return error in case
devm_ioremap_resource() fails (bsc#1012628).
- Bluetooth: stop proccessing malicious adv data (bsc#1012628).
- Bluetooth: fix uninitialized variables notify_evt (bsc#1012628).
- ath11k: Fix ETSI regd with weather radar overlap (bsc#1012628).
- ath11k: clear the keys properly via DISABLE_KEY (bsc#1012628).
- ath11k: reset RSN/WPA present state for open BSS (bsc#1012628).
- spi: hisi-kunpeng: Fix the debugfs directory name incorrect
(bsc#1012628).
- tee: fix put order in teedev_close_context() (bsc#1012628).
- kernel/locking: Use a pointer in ww_mutex_trylock()
(bsc#1012628).
- fs: dlm: fix build with CONFIG_IPV6 disabled (bsc#1012628).
- drm/dp: Don't read back backlight mode in
drm_edp_backlight_enable() (bsc#1012628).
- selftests/bpf: Fix xdpxceiver failures for no hugepages
(bsc#1012628).
- mctp/test: Update refcount checking in route fragment tests
(bsc#1012628).
- drm/vboxvideo: fix a NULL vs IS_ERR() check (bsc#1012628).
- ath11k: set correct NL80211_FEATURE_DYNAMIC_SMPS for WCN6855
(bsc#1012628).
- ath11k: allocate dst ring descriptors from cacheable memory
(bsc#1012628).
- ath11k: add hw_param for wakeup_mhi (bsc#1012628).
- arm64: dts: renesas: cat875: Add rx/tx delays (bsc#1012628).
- media: dmxdev: fix UAF when dvb_register_device() fails
(bsc#1012628).
- crypto: atmel-aes - Reestablish the correct tfm context at
dequeue (bsc#1012628).
- crypto: keembay-ocs-ecc - Fix error return code in
kmb_ocs_ecc_probe() (bsc#1012628).
- crypto: qce - fix uaf on qce_aead_register_one (bsc#1012628).
- crypto: qce - fix uaf on qce_ahash_register_one (bsc#1012628).
- crypto: qce - fix uaf on qce_skcipher_register_one
(bsc#1012628).
- arm64: dts: qcom: sc7280: Fix incorrect clock name
(bsc#1012628).
- arm64: dts: qcom: sc7280: Fix 'interrupt-map' parent address
cells (bsc#1012628).
- mtd: hyperbus: rpc-if: fix bug in rpcif_hb_remove (bsc#1012628).
- cpufreq: qcom-cpufreq-hw: Update offline CPUs per-cpu thermal
pressure (bsc#1012628).
- soc: imx: gpcv2: keep i.MX8MM VPU-H1 bus clock active
(bsc#1012628).
- cpufreq: qcom-hw: Fix probable nested interrupt handling
(bsc#1012628).
- ARM: dts: stm32: fix dtbs_check warning on ili9341 dts binding
on stm32f429 disco (bsc#1012628).
- libbpf: Load global data maps lazily on legacy kernels
(bsc#1012628).
- tools/resolve_btf_ids: Close ELF file on error (bsc#1012628).
- libbpf: Fix potential misaligned memory access in btf_ext__new()
(bsc#1012628).
- libbpf: Fix glob_syms memory leak in bpf_linker (bsc#1012628).
- libbpf: Fix using invalidated memory in bpf_linker
(bsc#1012628).
- crypto: qat - fix undetected PFVF timeout in ACK loop
(bsc#1012628).
- ath11k: Use host CE parameters for CE interrupts configuration
(bsc#1012628).
- arm64: dts: ti: k3-j721e: correct cache-sets info (bsc#1012628).
- tty: serial: atmel: Check return code of dmaengine_submit()
(bsc#1012628).
- tty: serial: atmel: Call dma_async_issue_pending()
(bsc#1012628).
- pinctrl: apple: return an error if pinmux is missing in the DT
(bsc#1012628).
- net: dsa: rtl8365mb: set RGMII RX delay in steps of 0.3 ns
(bsc#1012628).
- mfd: atmel-flexcom: Remove #ifdef CONFIG_PM_SLEEP (bsc#1012628).
- mfd: atmel-flexcom: Use .resume_noirq (bsc#1012628).
- bfq: Do not let waker requests skip proper accounting
(bsc#1012628).
- libbpf: Silence uninitialized warning/error in
btf_dump_dump_type_data (bsc#1012628).
- media: i2c: imx274: fix s_frame_interval runtime resume not
requested (bsc#1012628).
- media: i2c: Re-order runtime pm initialisation (bsc#1012628).
- media: i2c: ov8865: Fix lockdep error (bsc#1012628).
- media: rcar-csi2: Correct the selection of hsfreqrange
(bsc#1012628).
- media: imx-pxp: Initialize the spinlock prior to using it
(bsc#1012628).
- media: si470x-i2c: fix possible memory leak in
si470x_i2c_probe() (bsc#1012628).
- media: mtk-vcodec: Fix an error handling path in
'mtk_vcodec_probe()' (bsc#1012628).
- media: mtk-vcodec: call v4l2_m2m_ctx_release first when file
is released (bsc#1012628).
- media: hantro: Hook up RK3399 JPEG encoder output (bsc#1012628).
- media: coda: fix CODA960 JPEG encoder buffer overflow
(bsc#1012628).
- media: venus: correct low power frequency calculation for
encoder (bsc#1012628).
- media: venus: core: Fix a potential NULL pointer dereference
in an error handling path (bsc#1012628).
- media: venus: core: Fix a resource leak in the error handling
path of 'venus_probe()' (bsc#1012628).
- net: stmmac: Add platform level debug register dump feature
(bsc#1012628).
- net: lantiq: fix missing free_netdev() on error in
ltq_etop_probe() (bsc#1012628).
- thermal/drivers/imx: Implement runtime PM support (bsc#1012628).
- igc: AF_XDP zero-copy metadata adjust breaks SKBs on XDP_PASS
(bsc#1012628).
- netfilter: bridge: add support for pppoe filtering
(bsc#1012628).
- powerpc: Avoid discarding flags in system_call_exception()
(bsc#1012628).
- rcu: Avoid alloc_pages() when recording stack (bsc#1012628).
- arm64: dts: qcom: msm8916: fix MMC controller aliases
(bsc#1012628).
- drm/vmwgfx: Remove the deprecated lower mem limit (bsc#1012628).
- drm/vmwgfx: Fail to initialize on broken configs (bsc#1012628).
- cgroup: Trace event cgroup id fields should be u64
(bsc#1012628).
- ACPI: EC: Rework flushing of EC work while suspended to idle
(bsc#1012628).
- pinctrl: mediatek: uninitialized variable in
mtk_pctrl_show_one_pin() (bsc#1012628).
- pinctrl: mediatek: add a check for error in
mtk_pinconf_bias_get_rsel() (bsc#1012628).
- thermal/drivers/imx8mm: Enable ADC when enabling monitor
(bsc#1012628).
- drm/amdgpu: Fix a NULL pointer dereference in
amdgpu_connector_lcd_native_mode() (bsc#1012628).
- drm/radeon/radeon_kms: Fix a NULL pointer dereference in
radeon_driver_open_kms() (bsc#1012628).
- libbpf: Clean gen_loader's attach kind (bsc#1012628).
- null_blk: allow zero poll queues (bsc#1012628).
- crypto: caam - save caam memory to support crypto engine retry
mechanism (bsc#1012628).
- arm64: dts: ti: k3-am642: Fix the L2 cache sets (bsc#1012628).
- arm64: dts: ti: k3-j7200: Fix the L2 cache sets (bsc#1012628).
- arm64: dts: ti: k3-j721e: Fix the L2 cache sets (bsc#1012628).
- arm64: dts: ti: k3-j7200: Correct the d-cache-sets info
(bsc#1012628).
- tty: serial: uartlite: allow 64 bit address (bsc#1012628).
- serial: amba-pl011: do not request memory region twice
(bsc#1012628).
- mtd: core: provide unique name for nvmem device (bsc#1012628).
- floppy: Fix hang in watchdog when disk is ejected (bsc#1012628).
- staging: rtl8192e: return error code from rtllib_softmac_init()
(bsc#1012628).
- staging: rtl8192e: rtllib_module: fix error handle case in
alloc_rtllib() (bsc#1012628).
- Bluetooth: btmtksdio: fix resume failure (bsc#1012628).
- bpf: Fix the test_task_vma selftest to support output shorter
than 1 kB (bsc#1012628).
- sched/fair: Fix detection of per-CPU kthreads waking a task
(bsc#1012628).
- sched/fair: Fix per-CPU kthread and wakee stacking for asym
CPU capacity (bsc#1012628).
- bpf: Adjust BTF log size limit (bsc#1012628).
- bpf: Disallow BPF_LOG_KERNEL log level for bpf(BPF_BTF_LOAD)
(bsc#1012628).
- bpf: Remove config check to enable bpf support for branch
records (bsc#1012628).
- drm: rcar-du: Add DSI support to rcar_du_output_name
(bsc#1012628).
- drm: rcar-du: crtc: Support external DSI dot clock
(bsc#1012628).
- arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP ==
1 (bsc#1012628).
- arm64: mte: DC {GVA,GZVA} shouldn't be used when DCZID_EL0.DZP
== 1 (bsc#1012628).
- platform/x86: wmi: Replace read_takes_no_args with a flags field
(bsc#1012628).
- platform/x86: wmi: Fix driver->notify() vs ->probe() race
(bsc#1012628).
- samples/bpf: Clean up samples/bpf build failes (bsc#1012628).
- samples: bpf: Fix xdp_sample_user.o linking with Clang
(bsc#1012628).
- samples: bpf: Fix 'unknown warning group' build warning on Clang
(bsc#1012628).
- media: uvcvideo: Fix memory leak of object map on error exit
path (bsc#1012628).
- media: uvcvideo: Avoid invalid memory access (bsc#1012628).
- media: uvcvideo: Avoid returning invalid controls (bsc#1012628).
- media: dib8000: Fix a memleak in dib8000_init() (bsc#1012628).
- media: saa7146: mxb: Fix a NULL pointer dereference in
mxb_attach() (bsc#1012628).
- media: si2157: Fix "warm" tuner state detection (bsc#1012628).
- wireless: iwlwifi: Fix a double free in iwl_txq_dyn_alloc_dma
(bsc#1012628).
- sched/rt: Try to restart rt period timer when rt runtime
exceeded (bsc#1012628).
- mtd: spi-nor: Get rid of nor->page_size (bsc#1012628).
- mtd: spi-nor: Fix mtd size for s3an flashes (bsc#1012628).
- ath10k: Fix the MTU size on QCA9377 SDIO (bsc#1012628).
- ath11k: Fix QMI file type enum value (bsc#1012628).
- Bluetooth: MGMT: Use hci_dev_test_and_{set,clear}_flag
(bsc#1012628).
- Bluetooth: btusb: Handle download_firmware failure cases
(bsc#1012628).
- drm/amd/display: Fix bug in debugfs crc_win_update entry
(bsc#1012628).
- drm/amd/display: Fix out of bounds access on DNC31 stream
encoder regs (bsc#1012628).
- drm/msm/gpu: Don't allow zero fence_id (bsc#1012628).
- drm/msm/dp: displayPort driver need algorithm rational
(bsc#1012628).
- rcu/exp: Mark current CPU as exp-QS in IPI loop second pass
(bsc#1012628).
- wcn36xx: Fix max channels retrieval (bsc#1012628).
- drm/msm/dsi: fix initialization in the bonded DSI case
(bsc#1012628).
- mwifiex: Fix possible ABBA deadlock (bsc#1012628).
- xfrm: fix a small bug in xfrm_sa_len() (bsc#1012628).
- x86/uaccess: Move variable into switch case statement
(bsc#1012628).
- libbpf: Add "bool skipped" to struct bpf_map (bsc#1012628).
- selftests: clone3: clone3: add case CLONE3_ARGS_NO_TEST
(bsc#1012628).
- selftests: harness: avoid false negatives if test has no ASSERTs
(bsc#1012628).
- crypto: stm32/cryp - fix CTR counter carry (bsc#1012628).
- crypto: stm32/cryp - fix xts and race condition in crypto_engine
requests (bsc#1012628).
- crypto: stm32/cryp - check early input data (bsc#1012628).
- crypto: stm32/cryp - fix double pm exit (bsc#1012628).
- crypto: stm32/cryp - fix lrw chaining mode (bsc#1012628).
- crypto: stm32/cryp - fix bugs and crash in tests (bsc#1012628).
- crypto: stm32 - Revert broken pm_runtime_resume_and_get changes
(bsc#1012628).
- crypto: hisilicon/qm - fix incorrect return value of
hisi_qm_resume() (bsc#1012628).
- libbpf: Fix gen_loader assumption on number of programs
(bsc#1012628).
- ath11k: Fix deleting uninitialized kernel timer during fragment
cache flush (bsc#1012628).
- spi: Fix incorrect cs_setup delay handling (bsc#1012628).
- kunit: tool: fix --json output for skipped tests (bsc#1012628).
- ARM: dts: gemini: NAS4220-B: fis-index-block with 128 KiB
sectors (bsc#1012628).
- perf/arm-cmn: Fix CPU hotplug unregistration (bsc#1012628).
- media: dw2102: Fix use after free (bsc#1012628).
- media: msi001: fix possible null-ptr-deref in msi001_probe()
(bsc#1012628).
- media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes
(bsc#1012628).
- ath11k: Fix a NULL pointer dereference in
ath11k_mac_op_hw_scan() (bsc#1012628).
- net: dsa: hellcreek: Fix insertion of static FDB entries
(bsc#1012628).
- net: dsa: hellcreek: Add STP forwarding rule (bsc#1012628).
- net: dsa: hellcreek: Allow PTP P2P measurements on blocked ports
(bsc#1012628).
- net: dsa: hellcreek: Add missing PTP via UDP rules
(bsc#1012628).
- arm64: dts: qcom: c630: Fix soundcard setup (bsc#1012628).
- arm64: dts: qcom: ipq6018: Fix gpio-ranges property
(bsc#1012628).
- drm/msm/dpu: fix safe status debugfs file (bsc#1012628).
- drm/bridge: ti-sn65dsi86: Set max register for regmap
(bsc#1012628).
- gpu: host1x: select CONFIG_DMA_SHARED_BUFFER (bsc#1012628).
- drm/tegra: gr2d: Explicitly control module reset (bsc#1012628).
- drm/tegra: vic: Fix DMA API misuse (bsc#1012628).
- media: hantro: Fix probe func error path (bsc#1012628).
- xfrm: interface with if_id 0 should return error (bsc#1012628).
- xfrm: state and policy should fail if XFRMA_IF_ID 0
(bsc#1012628).
- ARM: 9159/1: decompressor: Avoid UNPREDICTABLE NOP encoding
(bsc#1012628).
- usb: ftdi-elan: fix memory leak on device disconnect
(bsc#1012628).
- arm64: dts: marvell: cn9130: add GPIO and SPI aliases
(bsc#1012628).
- arm64: dts: marvell: cn9130: enable CP0 GPIO controllers
(bsc#1012628).
- ARM: dts: armada-38x: Add generic compatible to UART nodes
(bsc#1012628).
- mt76: mt7921: drop offload_flags overwritten (bsc#1012628).
- mt76: mt7921: fix MT7921E reset failure (bsc#1012628).
- mt76: debugfs: fix queue reporting for mt76-usb (bsc#1012628).
- mt76: fix possible OOB issue in mt76_calculate_default_rate
(bsc#1012628).
- mt76: mt7921: fix possible NULL pointer dereference in
mt7921_mac_write_txwi (bsc#1012628).
- mt76: mt7921: move mt76_connac_mcu_set_hif_suspend to
bus-related files (bsc#1012628).
- mt76: mt7921s: fix the device cannot sleep deeply in suspend
(bsc#1012628).
- mt76: mt7921: use correct iftype data on 6GHz cap init
(bsc#1012628).
- mt76: mt7921s: fix possible kernel crash due to invalid Rx count
(bsc#1012628).
- mt76: connac: fix last_chan configuration in
mt76_connac_mcu_rate_txpower_band (bsc#1012628).
- mt76: mt7921: fix possible resume failure (bsc#1012628).
- mt76: connac: introduce MCU_EXT macros (bsc#1012628).
- mt76: connac: align MCU_EXT definitions with 7915 driver
(bsc#1012628).
- mt76: connac: remove MCU_FW_PREFIX bit (bsc#1012628).
- mt76: connac: introduce MCU_UNI_CMD macro (bsc#1012628).
- mt76: mt7921s: fix suspend error with enlarging mcu timeout
value (bsc#1012628).
- wilc1000: fix double free error in probe() (bsc#1012628).
- rtw88: add quirk to disable pci caps on HP 250 G7 Notebook PC
(bsc#1012628).
- rtw88: Disable PCIe ASPM while doing NAPI poll on 8821CE
(bsc#1012628).
- iwlwifi: mvm: fix 32-bit build in FTM (bsc#1012628).
- iwlwifi: don't pass actual WGDS revision number in
table_revision (bsc#1012628).
- iwlwifi: mvm: test roc running status bits before removing
the sta (bsc#1012628).
- iwlwifi: mvm: perform 6GHz passive scan after suspend
(bsc#1012628).
- iwlwifi: mvm: set protected flag only for NDP ranging
(bsc#1012628).
- mmc: meson-mx-sdhc: add IRQ check (bsc#1012628).
- mmc: meson-mx-sdio: add IRQ check (bsc#1012628).
- block: fix error unwinding in device_add_disk (bsc#1012628).
- selinux: fix potential memleak in selinux_add_opt()
(bsc#1012628).
- um: fix ndelay/udelay defines (bsc#1012628).
- um: rename set_signals() to um_set_signals() (bsc#1012628).
- um: virt-pci: Fix 32-bit compile (bsc#1012628).
- lib/logic_iomem: Fix 32-bit build (bsc#1012628).
- lib/logic_iomem: Fix operation on 32-bit (bsc#1012628).
- um: virtio_uml: Fix time-travel external time propagation
(bsc#1012628).
- Bluetooth: L2CAP: Fix using wrong mode (bsc#1012628).
- bpftool: Enable line buffering for stdout (bsc#1012628).
- backlight: qcom-wled: Validate enabled string indices in DT
(bsc#1012628).
- backlight: qcom-wled: Pass number of elements to read to
read_u32_array (bsc#1012628).
- backlight: qcom-wled: Fix off-by-one maximum with default
num_strings (bsc#1012628).
- backlight: qcom-wled: Override default length with
qcom,enabled-strings (bsc#1012628).
- backlight: qcom-wled: Use cpu_to_le16 macro to perform
conversion (bsc#1012628).
- backlight: qcom-wled: Respect enabled-strings in set_brightness
(bsc#1012628).
- software node: fix wrong node passed to find nargs_prop
(bsc#1012628).
- ath11k: Fix unexpected return buffer manager error for QCA6390
(bsc#1012628).
- mt76: mt7921: fix a possible race enabling/disabling runtime-pm
(bsc#1012628).
- Bluetooth: hci_qca: Stop IBS timer during BT OFF (bsc#1012628).
- x86/boot/compressed: Move CLANG_FLAGS to beginning of
KBUILD_CFLAGS (bsc#1012628).
- crypto: octeontx2 - prevent underflow in get_cores_bmap()
(bsc#1012628).
- block: null_blk: only set set->nr_maps as 3 if active
poll_queues is > 0 (bsc#1012628).
- regulator: qcom-labibb: OCP interrupts are not a failure while
disabled (bsc#1012628).
- hwmon: (mr75203) fix wrong power-up delay value (bsc#1012628).
- x86/mce/inject: Avoid out-of-bounds write when setting flags
(bsc#1012628).
- io_uring: remove double poll on poll update (bsc#1012628).
- bpf: Add missing map_get_next_key method to bloom filter map
(bsc#1012628).
- serial: 8250_bcm7271: Propagate error codes from
brcmuart_probe() (bsc#1012628).
- drm/amd/display: fix dereference before NULL check
(bsc#1012628).
- ACPI: scan: Create platform device for BCM4752 and LNV4752
ACPI nodes (bsc#1012628).
- pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in
__nonstatic_find_io_region() (bsc#1012628).
- pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in
nonstatic_find_mem_region() (bsc#1012628).
- power: reset: mt6397: Check for null res pointer (bsc#1012628).
- net/xfrm: IPsec tunnel mode fix inner_ipproto setting in
sec_path (bsc#1012628).
- net: ethernet: mtk_eth_soc: fix return values and refactor
MDIO ops (bsc#1012628).
- net: dsa: fix incorrect function pointer check for MRP ring
roles (bsc#1012628).
- netfilter: ipt_CLUSTERIP: fix refcount leak in
clusterip_tg_check() (bsc#1012628).
- bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC
(bsc#1012628).
- bpf, sockmap: Fix return codes from tcp_bpf_recvmsg_parser()
(bsc#1012628).
- bpf, sockmap: Fix double bpf_prog_put on error case in map_link
(bsc#1012628).
- bpf: Don't promote bogus looking registers after null check
(bsc#1012628).
- bpf: Fix verifier support for validation of async callbacks
(bsc#1012628).
- bpf: Fix SO_RCVBUF/SO_SNDBUF handling in _bpf_setsockopt()
(bsc#1012628).
- libbpf: Use probe_name for legacy kprobe (bsc#1012628).
- netfilter: nft_payload: do not update layer 4 checksum when
mangling fragments (bsc#1012628).
- netfilter: nft_set_pipapo: allocate pcpu scratch maps on clone
(bsc#1012628).
- net: fix SOF_TIMESTAMPING_BIND_PHC to work with multiple sockets
(bsc#1012628).
- ppp: ensure minimum packet size in ppp_write() (bsc#1012628).
- rocker: fix a sleeping in atomic bug (bsc#1012628).
- staging: greybus: audio: Check null pointer (bsc#1012628).
- fsl/fman: Check for null pointer after calling devm_ioremap
(bsc#1012628).
- Bluetooth: hci_bcm: Check for error irq (bsc#1012628).
- Bluetooth: hci_qca: Fix NULL vs IS_ERR_OR_NULL check in
qca_serdev_probe (bsc#1012628).
- net/smc: Reset conn->lgr when link group registration fails
(bsc#1012628).
- usb: dwc3: qcom: Fix NULL vs IS_ERR checking in dwc3_qcom_probe
(bsc#1012628).
- usb: dwc2: do not gate off the hardware if it does not support
clock gating (bsc#1012628).
- usb: dwc2: gadget: initialize max_speed from params
(bsc#1012628).
- usb: gadget: u_audio: fix calculations for small bInterval
(bsc#1012628).
- usb: gadget: u_audio: Subdevice 0 for capture ctls
(bsc#1012628).
- HID: hid-uclogic-params: Invalid parameter check in
uclogic_params_init (bsc#1012628).
- HID: hid-uclogic-params: Invalid parameter check in
uclogic_params_get_str_desc (bsc#1012628).
- HID: hid-uclogic-params: Invalid parameter check in
uclogic_params_huion_init (bsc#1012628).
- HID: hid-uclogic-params: Invalid parameter check in
uclogic_params_frame_init_v1_buttonpad (bsc#1012628).
- debugfs: lockdown: Allow reading debugfs files that are not
world readable (bsc#1012628).
- drivers/firmware: Add missing platform_device_put() in
sysfb_create_simplefb (bsc#1012628).
- serial: liteuart: fix MODULE_ALIAS (bsc#1012628).
- serial: stm32: move tx dma terminate DMA to shutdown
(bsc#1012628).
- spi: qcom: geni: set the error code for gpi transfer
(bsc#1012628).
- spi: qcom: geni: handle timeout for gpi mode (bsc#1012628).
- x86, sched: Fix undefined reference to
init_freq_invariance_cppc() build error (bsc#1012628).
- net/mlx5e: Fix page DMA map/unmap attributes (bsc#1012628).
- net/mlx5e: Fix nullptr on deleting mirroring rule (bsc#1012628).
- net/mlx5e: Fix wrong usage of fib_info_nh when routes with
nexthop objects are used (bsc#1012628).
- net/mlx5e: Don't block routes with nexthop objects in SW
(bsc#1012628).
- Revert "net/mlx5e: Block offload of outer header csum for UDP
tunnels" (bsc#1012628).
- Revert "net/mlx5e: Block offload of outer header csum for GRE
tunnel" (bsc#1012628).
- net/mlx5e: Fix matching on modified inner ip_ecn bits
(bsc#1012628).
- net/mlx5: Fix access to sf_dev_table on allocation failure
(bsc#1012628).
- net/mlx5e: Sync VXLAN udp ports during uplink representor
profile change (bsc#1012628).
- net/mlx5: Set command entry semaphore up once got index free
(bsc#1012628).
- lib/mpi: Add the return value check of kcalloc() (bsc#1012628).
- Bluetooth: L2CAP: uninitialized variables in
l2cap_sock_setsockopt() (bsc#1012628).
- Bluetooth: hci_sock: fix endian bug in hci_sock_setsockopt()
(bsc#1012628).
- mptcp: fix per socket endpoint accounting (bsc#1012628).
- mptcp: fix opt size when sending DSS + MP_FAIL (bsc#1012628).
- mptcp: fix a DSS option writing error (bsc#1012628).
- mptcp: Check reclaim amount before reducing allocation
(bsc#1012628).
- spi: spi-meson-spifc: Add missing pm_runtime_disable() in
meson_spifc_probe (bsc#1012628).
- octeontx2-af: Increment ptp refcount before use (bsc#1012628).
- octeontx2-nicvf: Free VF PTP resources (bsc#1012628).
- ax25: uninitialized variable in ax25_setsockopt() (bsc#1012628).
- netrom: fix api breakage in nr_setsockopt() (bsc#1012628).
- regmap: Call regmap_debugfs_exit() prior to _init()
(bsc#1012628).
- net: mscc: ocelot: fix incorrect balancing with down LAG ports
(bsc#1012628).
- octeontx2-af: Fix interrupt name strings (bsc#1012628).
- can: mcp251xfd: add missing newline to printed strings
(bsc#1012628).
- tpm: add request_locality before write TPM_INT_ENABLE
(bsc#1012628).
- tpm_tis: Fix an error handling path in 'tpm_tis_core_init()'
(bsc#1012628).
- can: softing: softing_startstop(): fix set but not used variable
warning (bsc#1012628).
- can: xilinx_can: xcan_probe(): check for error irq
(bsc#1012628).
- can: rcar_canfd: rcar_canfd_channel_probe(): make sure we free
CAN network device (bsc#1012628).
- pcmcia: fix setting of kthread task states (bsc#1012628).
- netfilter: egress: avoid a lockdep splat (bsc#1012628).
- net: openvswitch: Fix ct_state nat flags for conns arriving
from tc (bsc#1012628).
- iwlwifi: mvm: Use div_s64 instead of do_div in
iwl_mvm_ftm_rtt_smoothing() (bsc#1012628).
- bnxt_en: use firmware provided max timeout for messages
(bsc#1012628).
- net: mcs7830: handle usb read errors properly (bsc#1012628).
- amt: fix wrong return type of amt_send_membership_update()
(bsc#1012628).
- ext4: avoid trim error on fs with small groups (bsc#1012628).
- ASoC: Intel: sof_sdw: fix jack detection on HP Spectre x360
convertible (bsc#1012628).
- ALSA: jack: Add missing rwsem around snd_ctl_remove() calls
(bsc#1012628).
- ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls
(bsc#1012628).
- ALSA: hda: Add missing rwsem around snd_ctl_remove() calls
(bsc#1012628).
- ALSA: hda: Fix potential deadlock at codec unbinding
(bsc#1012628).
- RDMA/bnxt_re: Scan the whole bitmap when checking if "disabling
RCFW with pending cmd-bit" (bsc#1012628).
- RDMA/hns: Validate the pkey index (bsc#1012628).
- scsi: pm80xx: Update WARN_ON check in pm8001_mpi_build_cmd()
(bsc#1012628).
- clk: renesas: rzg2l: Check return value of pm_genpd_init()
(bsc#1012628).
- clk: renesas: rzg2l: propagate return value
of_genpd_add_provider_simple() (bsc#1012628).
- clk: imx8mn: Fix imx8mn_clko1_sels (bsc#1012628).
- ASoC: cs42l42: Report initial jack state (bsc#1012628).
- powerpc/prom_init: Fix improper check of prom_getprop()
(bsc#1012628).
- ASoC: uniphier: drop selecting non-existing
SND_SOC_UNIPHIER_AIO_DMA (bsc#1012628).
- ASoC: codecs: wcd938x: add SND_SOC_WCD938_SDW to codec list
instead (bsc#1012628).
- RDMA/rtrs-clt: Fix the initial value of min_latency
(bsc#1012628).
- ALSA: hda: Make proper use of timecounter (bsc#1012628).
- dt-bindings: thermal: Fix definition of cooling-maps
contribution property (bsc#1012628).
- powerpc/perf: Fix PMU callbacks to clear pending PMI before
resetting an overflown PMC (bsc#1012628).
- powerpc/modules: Don't WARN on first module allocation attempt
(bsc#1012628).
- powerpc/32s: Fix shift-out-of-bounds in KASAN init
(bsc#1012628).
- clocksource: Avoid accidental unstable marking of clocksources
(bsc#1012628).
- ALSA: oss: fix compile error when OSS_DEBUG is enabled
(bsc#1012628).
- ALSA: usb-audio: Drop superfluous '0' in Presonus Studio
1810c's ID (bsc#1012628).
- ASoC: amd: Fix dependency for SPI master (bsc#1012628).
- misc: at25: Make driver OF independent again (bsc#1012628).
- char/mwave: Adjust io port register size (bsc#1012628).
- binder: fix handling of error during copy (bsc#1012628).
- binder: avoid potential data leakage when copying txn
(bsc#1012628).
- openrisc: Add clone3 ABI wrapper (bsc#1012628).
- iommu: Extend mutex lock scope in iommu_probe_device()
(bsc#1012628).
- iommu/io-pgtable-arm: Fix table descriptor paddr formatting
(bsc#1012628).
- ASoC: SOF: Intel: fix build issue related to CODEC_PROBE_ENTRIES
(bsc#1012628).
- scsi: core: Fix scsi_device_max_queue_depth() (bsc#1012628).
- scsi: ufs: Fix race conditions related to driver data
(bsc#1012628).
- RDMA/qedr: Fix reporting max_{send/recv}_wr attrs (bsc#1012628).
- PCI/MSI: Fix pci_irq_vector()/pci_irq_get_affinity()
(bsc#1012628).
- powerpc/powermac: Add additional missing lockdep_register_key()
(bsc#1012628).
- iommu/arm-smmu-qcom: Fix TTBR0 read (bsc#1012628).
- RDMA/core: Let ib_find_gid() continue search even after empty
entry (bsc#1012628).
- RDMA/cma: Let cma_resolve_ib_dev() continue search even after
empty entry (bsc#1012628).
- ASoC: rt5663: Handle device_property_read_u32_array error codes
(bsc#1012628).
- of: unittest: fix warning on PowerPC frame size warning
(bsc#1012628).
- of: unittest: 64 bit dma address test requires arch support
(bsc#1012628).
- clk: stm32: Fix ltdc's clock turn off by clk_disable_unused()
after system enter shell (bsc#1012628).
- mips: add SYS_HAS_CPU_MIPS64_R5 config for MIPS Release 5
support (bsc#1012628).
- mips: fix Kconfig reference to PHYS_ADDR_T_64BIT (bsc#1012628).
- dmaengine: pxa/mmp: stop referencing config->slave_id
(bsc#1012628).
- iommu/amd: Restore GA log/tail pointer on host resume
(bsc#1012628).
- iommu/amd: X2apic mode: re-enable after resume (bsc#1012628).
- iommu/amd: X2apic mode: setup the INTX registers on mask/unmask
(bsc#1012628).
- iommu/amd: X2apic mode: mask/unmask interrupts on suspend/resume
(bsc#1012628).
- iommu/amd: Remove useless irq affinity notifier (bsc#1012628).
- ASoC: Intel: catpt: Test dmaengine_submit() result before
moving on (bsc#1012628).
- iommu/iova: Fix race between FQ timeout and teardown
(bsc#1012628).
- ASoC: mediatek: mt8195: correct default value (bsc#1012628).
- counter: 104-quad-8: Fix persistent enabled events bug
(bsc#1012628).
- of: fdt: Aggregate the processing of "linux,usable-memory-range"
(bsc#1012628).
- efi: apply memblock cap after memblock_add() (bsc#1012628).
- scsi: block: pm: Always set request queue runtime active in
blk_post_runtime_resume() (bsc#1012628).
- phy: uniphier-usb3ss: fix unintended writing zeros to PHY
register (bsc#1012628).
- ASoC: mediatek: Check for error clk pointer (bsc#1012628).
- powerpc/64s: Mask NIP before checking against SRR0
(bsc#1012628).
- powerpc/64s: Use EMIT_WARN_ENTRY for SRR debug warnings
(bsc#1012628).
- phy: cadence: Sierra: Fix to get correct parent for mux clocks
(bsc#1012628).
- iio: chemical: sunrise_co2: set val parameter only on success
(bsc#1012628).
- ASoC: samsung: idma: Check of ioremap return value
(bsc#1012628).
- misc: lattice-ecp3-config: Fix task hung when firmware load
failed (bsc#1012628).
- ASoC: mediatek: mt8195: correct pcmif BE dai control flow
(bsc#1012628).
- arm64: tegra: Remove non existent Tegra194 reset (bsc#1012628).
- mips: lantiq: add support for clk_set_parent() (bsc#1012628).
- mips: bcm63xx: add support for clk_set_parent() (bsc#1012628).
- powerpc/xive: Add missing null check after calling kmalloc
(bsc#1012628).
- ASoC: fsl_mqs: fix MODULE_ALIAS (bsc#1012628).
- ALSA: hda/cs8409: Increase delay during jack detection
(bsc#1012628).
- ALSA: hda/cs8409: Fix Jack detection after resume (bsc#1012628).
- cxl/core: Remove cxld_const_init in cxl_decoder_alloc()
(bsc#1012628).
- MIPS: fix local_{add,sub}_return on MIPS64 (bsc#1012628).
- RDMA/cxgb4: Set queue pair state when being queried
(bsc#1012628).
- clk: qcom: gcc-sc7280: Mark gcc_cfg_noc_lpass_clk always enabled
(bsc#1012628).
- ASoC: imx-card: Need special setting for ak4497 on i.MX8MQ
(bsc#1012628).
- ASoC: imx-card: Fix mclk calculation issue for akcodec
(bsc#1012628).
- ASoC: imx-card: improve the sound quality for low rate
(bsc#1012628).
- ASoC: fsl_asrc: refine the check of available clock divider
(bsc#1012628).
- clk: bm1880: remove kfrees on static allocations (bsc#1012628).
- of: base: Fix phandle argument length mismatch error message
(bsc#1012628).
- of/fdt: Don't worry about non-memory region overlap for no-map
(bsc#1012628).
- MIPS: compressed: Fix build with ZSTD compression (bsc#1012628).
- mailbox: fix gce_num of mt8192 driver data (bsc#1012628).
- mailbox: imx: Fix an IS_ERR() vs NULL bug (bsc#1012628).
- mailbox: pcc: Avoid using the uninitialized variable 'dev'
(bsc#1012628).
- mailbox: pcc: Handle all PCC subtypes correctly in pcc_mbox_irq
(bsc#1012628).
- ARM: dts: omap3-n900: Fix lp5523 for multi color (bsc#1012628).
- leds: lp55xx: initialise output direction from dts
(bsc#1012628).
- Bluetooth: hci_sock: purge socket queues in the destruct()
callback (bsc#1012628).
- Bluetooth: Fix debugfs entry leak in hci_register_dev()
(bsc#1012628).
- Bluetooth: Fix memory leak of hci device (bsc#1012628).
- drm/panel: Delete panel on mipi_dsi_attach() failure
(bsc#1012628).
- Bluetooth: Fix removing adv when processing cmd complete
(bsc#1012628).
- drm/sched: Avoid lockdep spalt on killing a processes
(bsc#1012628).
- fs: dlm: filter user dlm messages for kernel locks
(bsc#1012628).
- libbpf: Detect corrupted ELF symbols section (bsc#1012628).
- libbpf: Improve sanity checking during BTF fix up (bsc#1012628).
- drm/lima: fix warning when CONFIG_DEBUG_SG=y &
CONFIG_DMA_API_DEBUG=y (bsc#1012628).
- selftests/bpf: Fix memory leaks in btf_type_c_dump() helper
(bsc#1012628).
- selftests/bpf: Destroy XDP link correctly (bsc#1012628).
- selftests/bpf: Fix bpf_object leak in skb_ctx selftest
(bsc#1012628).
- ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START
reply (bsc#1012628).
- drm/bridge: dw-hdmi: handle ELD when
DRM_BRIDGE_ATTACH_NO_CONNECTOR (bsc#1012628).
- drm/nouveau/pmu/gm200-: avoid touching PMU outside of
DEVINIT/PREOS/ACR (bsc#1012628).
- media: atomisp: fix try_fmt logic (bsc#1012628).
- media: atomisp: set per-device's default mode (bsc#1012628).
- media: atomisp-ov2680: Fix ov2680_set_fmt() clobbering the
exposure (bsc#1012628).
- media: atomisp: check before deference asd variable
(bsc#1012628).
- ARM: shmobile: rcar-gen2: Add missing of_node_put()
(bsc#1012628).
- ath11k: enable IEEE80211_VHT_EXT_NSS_BW_CAPABLE if NSS ratio
enabled (bsc#1012628).
- batman-adv: allow netlink usage in unprivileged containers
(bsc#1012628).
- bpf: Change value of MAX_TAIL_CALL_CNT from 32 to 33
(bsc#1012628).
- media: atomisp: handle errors at sh_css_create_isp_params()
(bsc#1012628).
- ath11k: Fix crash caused by uninitialized TX ring (bsc#1012628).
- usb: dwc3: meson-g12a: fix shared reset control use
(bsc#1012628).
- USB: ehci_brcm_hub_control: Improve port index sanitizing
(bsc#1012628).
- usb: gadget: f_fs: Use stream_open() for endpoint files
(bsc#1012628).
- psi: Fix PSI_MEM_FULL state when tasks are in memstall and
doing reclaim (bsc#1012628).
- drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga
Book X91F/L (bsc#1012628).
- HID: magicmouse: Report battery level over USB (bsc#1012628).
- HID: apple: Do not reset quirks when the Fn key is not found
(bsc#1012628).
- media: b2c2: Add missing check in flexcop_pci_isr:
(bsc#1012628).
- libbpf: Accommodate DWARF/compiler bug with duplicated structs
(bsc#1012628).
- ethernet: renesas: Use div64_ul instead of do_div (bsc#1012628).
- EDAC/synopsys: Use the quirk for version instead of ddr version
(bsc#1012628).
- arm64: dts: qcom: sm[68]350: Use interrupts-extended with pdc
interrupts (bsc#1012628).
- arm64: dts: qcom: sm8350: Shorten camera-thermal-bottom name
(bsc#1012628).
- soc: imx: gpcv2: Synchronously suspend MIX domains
(bsc#1012628).
- ARM: imx: rename DEBUG_IMX21_IMX27_UART to DEBUG_IMX27_UART
(bsc#1012628).
- ath11k: Fix mon status ring rx tlv processing (bsc#1012628).
- drm/amd/display: check top_pipe_to_program pointer
(bsc#1012628).
- drm/amdgpu/display: set vblank_disable_immediate for DC
(bsc#1012628).
- soc: ti: pruss: fix referenced node in error message
(bsc#1012628).
- mlxsw: pci: Add shutdown method in PCI driver (bsc#1012628).
- drm/amd/display: add else to avoid double destroy clk_mgr
(bsc#1012628).
- drm/bridge: megachips: Ensure both bridges are probed before
registration (bsc#1012628).
- mxser: keep only !tty test in ISR (bsc#1012628).
- mxser: don't throttle manually (bsc#1012628).
- mxser: increase buf_overrun if tty_insert_flip_char() fails
(bsc#1012628).
- serial: 8250_dw: Add StarFive JH7100 quirk (bsc#1012628).
- tty: serial: imx: disable UCR4_OREN in .stop_rx() instead of
.shutdown() (bsc#1012628).
- gpiolib: acpi: Do not set the IRQ type if the IRQ is already
in use (bsc#1012628).
- HSI: core: Fix return freed object in hsi_new_client
(bsc#1012628).
- crypto: jitter - consider 32 LSB for APT (bsc#1012628).
- rtw89: fix potentially access out of range of RF register array
(bsc#1012628).
- rsi: Fix use-after-free in rsi_rx_done_handler() (bsc#1012628).
- rsi: Fix out-of-bounds read in rsi_read_pkt() (bsc#1012628).
- ath11k: Avoid NULL ptr access during mgmt tx cleanup
(bsc#1012628).
- media: venus: avoid calling core_clk_setrate() concurrently
during concurrent video sessions (bsc#1012628).
- regulator: da9121: Prevent current limit change when enabled
(bsc#1012628).
- drm/vmwgfx: Release ttm memory if probe fails (bsc#1012628).
- drm/vmwgfx: Introduce a new placement for MOB page tables
(bsc#1012628).
- ACPI / x86: Drop PWM2 device on Lenovo Yoga Book from always
present table (bsc#1012628).
- ACPI: Change acpi_device_always_present() into
acpi_device_override_status() (bsc#1012628).
- ACPI / x86: Allow specifying acpi_device_override_status()
quirks by path (bsc#1012628).
- ACPI / x86: Add not-present quirk for the PCI0.SDHB.BRC1 device
on the GPD win (bsc#1012628).
- drm: Return error codes from struct drm_driver.gem_create_object
(bsc#1012628).
- drm/amd/display: Use oriented source size when checking cursor
scaling (bsc#1012628).
- arm64: dts: ti: j7200-main: Fix 'dtbs_check' serdes_ln_ctrl node
(bsc#1012628).
- arm64: dts: ti: j721e-main: Fix 'dtbs_check' in serdes_ln_ctrl
node (bsc#1012628).
- usb: uhci: add aspeed ast2600 uhci support (bsc#1012628).
- floppy: Add max size check for user space request (bsc#1012628).
- x86/mm: Flush global TLB when switching to trampoline page-table
(bsc#1012628).
- drm: rcar-du: Fix CRTC timings when CMM is used (bsc#1012628).
- media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds
(bsc#1012628).
- media: rcar-vin: Update format alignment constraints
(bsc#1012628).
- media: saa7146: hexium_orion: Fix a NULL pointer dereference
in hexium_attach() (bsc#1012628).
- media: atomisp: fix "variable dereferenced before check 'asd'"
(bsc#1012628).
- media: m920x: don't use stack on USB reads (bsc#1012628).
- thunderbolt: Runtime PM activate both ends of the device link
(bsc#1012628).
- arm64: dts: renesas: Fix thermal bindings (bsc#1012628).
- iwlwifi: mvm: synchronize with FW after multicast commands
(bsc#1012628).
- iwlwifi: mvm: avoid clearing a just saved session protection id
(bsc#1012628).
- iwlwifi: acpi: fix wgds rev 3 size (bsc#1012628).
- rcutorture: Avoid soft lockup during cpu stall (bsc#1012628).
- ath11k: avoid deadlock by change ieee80211_queue_work for
regd_update_work (bsc#1012628).
- ath10k: Fix tx hanging (bsc#1012628).
- rtw89: don't kick off TX DMA if failed to write skb
(bsc#1012628).
- net-sysfs: update the queue counts in the unregistration path
(bsc#1012628).
- ath10k: drop beacon and probe response which leak from other
channel (bsc#1012628).
- net: phy: prefer 1000baseT over 1000baseKX (bsc#1012628).
- gpio: aspeed: Convert aspeed_gpio.lock to raw_spinlock
(bsc#1012628).
- gpio: aspeed-sgpio: Convert aspeed_sgpio.lock to raw_spinlock
(bsc#1012628).
- selftests/ftrace: make kprobe profile testcase description
unique (bsc#1012628).
- arm64: dts: rockchip: Fix Bluetooth on ROCK Pi 4 boards
(bsc#1012628).
- ath11k: Avoid false DEADLOCK warning reported by lockdep
(bsc#1012628).
- ARM: dts: qcom: sdx55: fix IPA interconnect definitions
(bsc#1012628).
- x86/mce: Allow instrumentation during task work queueing
(bsc#1012628).
- x86/mce: Prevent severity computation from being instrumented
(bsc#1012628).
- x86/mce: Mark mce_panic() noinstr (bsc#1012628).
- x86/mce: Mark mce_end() noinstr (bsc#1012628).
- x86/mce: Mark mce_read_aux() noinstr (bsc#1012628).
- net: bonding: debug: avoid printing debug logs when bond is
not notifying peers (bsc#1012628).
- kunit: Don't crash if no parameters are generated (bsc#1012628).
- bpf: Do not WARN in bpf_warn_invalid_xdp_action() (bsc#1012628).
- drm/amdkfd: Fix error handling in svm_range_add (bsc#1012628).
- drm/amdgpu: fix amdgpu_ras_mca_query_error_status scope
(bsc#1012628).
- HID: quirks: Allow inverting the absolute X/Y values
(bsc#1012628).
- HID: i2c-hid-of: Expose the touchscreen-inverted properties
(bsc#1012628).
- media: igorplugusb: receiver overflow should be reported
(bsc#1012628).
- media: rockchip: rkisp1: use device name for debugfs subdir name
(bsc#1012628).
- media: saa7146: hexium_gemini: Fix a NULL pointer dereference
in hexium_attach() (bsc#1012628).
- mmc: tmio: reinit card irqs in reset routine (bsc#1012628).
- mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO
(bsc#1012628).
- mmc: omap_hsmmc: Revert special init for wl1251 (bsc#1012628).
- drm/amd/amdgpu: fix psp tmr bo pin count leak in SRIOV
(bsc#1012628).
- drm/amd/amdgpu: fix gmc bo pin count leak in SRIOV
(bsc#1012628).
- audit: ensure userspace is penalized the same as the kernel
when under pressure (bsc#1012628).
- arm64: dts: ls1028a-qds: move rtc node to the correct i2c bus
(bsc#1012628).
- arm64: tegra: Adjust length of CCPLEX cluster MMIO region
(bsc#1012628).
- crypto: ccp - Move SEV_INIT retry for corrupted data
(bsc#1012628).
- crypto: hisilicon/hpre - fix memory leak in
hpre_curve25519_src_init() (bsc#1012628).
- crypto: hisilicon/qm - fix deadlock for remove driver
(bsc#1012628).
- PM: runtime: Add safety net to supplier device release
(bsc#1012628).
- cpufreq: Fix initialization of min and max frequency QoS
requests (bsc#1012628).
- usb: hub: Add delay for SuperSpeed hub resume to let links
transit to U0 (bsc#1012628).
- mt76: mt7615: fix possible deadlock while
mt7615_register_ext_phy() (bsc#1012628).
- mt76: mt7915: fix SMPS operation fail (bsc#1012628).
- mt76: connac: fix a theoretical NULL pointer dereference in
mt76_connac_get_phy_mode (bsc#1012628).
- mt76: do not pass the received frame with decryption error
(bsc#1012628).
- mt76: mt7615: improve wmm index allocation (bsc#1012628).
- mt76: mt7921: fix network buffer leak by txs missing
(bsc#1012628).
- ath9k_htc: fix NULL pointer dereference at ath9k_htc_rxep()
(bsc#1012628).
- ath9k_htc: fix NULL pointer dereference at
ath9k_htc_tx_get_packet() (bsc#1012628).
- ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream
(bsc#1012628).
- rtw88: 8822c: update rx settings to prevent potential hw
deadlock (bsc#1012628).
- PM: AVS: qcom-cpr: Use div64_ul instead of do_div (bsc#1012628).
- iwlwifi: recognize missing PNVM data and then log filename
(bsc#1012628).
- iwlwifi: fix leaks/bad data after failed firmware load
(bsc#1012628).
- iwlwifi: remove module loading failure message (bsc#1012628).
- iwlwifi: mvm: Fix calculation of frame length (bsc#1012628).
- iwlwifi: mvm: fix AUX ROC removal (bsc#1012628).
- iwlwifi: pcie: make sure prph_info is set when treating wakeup
IRQ (bsc#1012628).
- mmc: sdhci-pci-gli: GL9755: Support for CD/WP inversion on OF
platforms (bsc#1012628).
- block: check minor range in device_add_disk() (bsc#1012628).
- um: registers: Rename function names to avoid conflicts and
build problems (bsc#1012628).
- ath11k: Fix napi related hang (bsc#1012628).
- Bluetooth: btintel: Add missing quirks and msft ext for legacy
bootloader (bsc#1012628).
- cpufreq: intel_pstate: Update cpuinfo.max_freq on HWP_CAP
changes (bsc#1012628).
- Bluetooth: vhci: Set HCI_QUIRK_VALID_LE_STATES (bsc#1012628).
- xfrm: rate limit SA mapping change message to user space
(bsc#1012628).
- drm/etnaviv: consider completed fence seqno in hang check
(bsc#1012628).
- jffs2: GC deadlock reading a page that is used in
jffs2_write_begin() (bsc#1012628).
- ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions
(bsc#1012628).
- ACPICA: Utilities: Avoid deleting the same object twice in a
row (bsc#1012628).
- ACPICA: Executer: Fix the REFCLASS_REFOF case in
acpi_ex_opcode_1A_0T_1R() (bsc#1012628).
- ACPICA: Fix wrong interpretation of PCC address (bsc#1012628).
- ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5
(bsc#1012628).
- mmc: mtk-sd: Use readl_poll_timeout instead of open-coded
polling (bsc#1012628).
- drm/amdgpu: fixup bad vram size on gmc v8 (bsc#1012628).
- mfd: intel_soc_pmic: Use CPU-id check instead of _HRV check
to differentiate variants (bsc#1012628).
- amdgpu/pm: Make sysfs pm attributes as read-only for VFs
(bsc#1012628).
- ACPI: battery: Add the ThinkPad "Not Charging" quirk
(bsc#1012628).
- ACPI: CPPC: Check present CPUs for determining _CPC is valid
(bsc#1012628).
- net/mlx5: DR, Fix error flow in creating matcher (bsc#1012628).
- btrfs: remove BUG_ON() in find_parent_nodes() (bsc#1012628).
- btrfs: remove BUG_ON(!eie) in find_parent_nodes (bsc#1012628).
- net: mdio: Demote probed message to debug print (bsc#1012628).
- dm btree: add a defensive bounds check to insert_at()
(bsc#1012628).
- dm space map common: add bounds check to sm_ll_lookup_bitmap()
(bsc#1012628).
- can: do not increase rx statistics when generating a CAN rx
error message frame (bsc#1012628).
- bpf/selftests: Fix namespace mount setup in tc_redirect
(bsc#1012628).
- mlxsw: pci: Avoid flow control for EMAD packets (bsc#1012628).
- net: phy: marvell: configure RGMII delays for 88E1118
(bsc#1012628).
- net: gemini: allow any RGMII interface mode (bsc#1012628).
- regulator: qcom_smd: Align probe function with rpmh-regulator
(bsc#1012628).
- serial: pl010: Drop CR register reset on set_termios
(bsc#1012628).
- serial: pl011: Drop CR register reset on set_termios
(bsc#1012628).
- serial: core: Keep mctrl register state and cached copy in sync
(bsc#1012628).
- random: do not throw away excess input to crng_fast_load
(bsc#1012628).
- net/mlx5: Update log_max_qp value to FW max capability
(bsc#1012628).
- net/mlx5e: Unblock setting vid 0 for VF in case PF isn't
eswitch manager (bsc#1012628).
- parisc: Avoid calling faulthandler_disabled() twice
(bsc#1012628).
- can: flexcan: allow to change quirks at runtime (bsc#1012628).
- can: flexcan: rename RX modes (bsc#1012628).
- can: flexcan: add more quirks to describe RX path capabilities
(bsc#1012628).
- x86/kbuild: Enable CONFIG_KALLSYMS_ALL=y in the defconfigs
(bsc#1012628).
- clk: samsung: exynos850: Register clocks early (bsc#1012628).
- powerpc/6xx: add missing of_node_put (bsc#1012628).
- powerpc/powernv: add missing of_node_put (bsc#1012628).
- powerpc/cell: add missing of_node_put (bsc#1012628).
- powerpc/btext: add missing of_node_put (bsc#1012628).
- powerpc/watchdog: Fix missed watchdog reset due to memory
ordering race (bsc#1012628).
- ASoC: imx-hdmi: add put_device() after of_find_device_by_node()
(bsc#1012628).
- i2c: i801: Don't silently correct invalid transfer size
(bsc#1012628).
- powerpc/smp: Move setup_profiling_timer() under CONFIG_PROFILING
(bsc#1012628).
- i2c: mpc: Correct I2C reset procedure (bsc#1012628).
- clk: meson: gxbb: Fix the SDM_EN bit for MPLL0 on GXBB
(bsc#1012628).
- powerpc/powermac: Add missing lockdep_register_key()
(bsc#1012628).
- KVM: PPC: Book3S: Suppress warnings when allocating too big
memory slots (bsc#1012628).
- KVM: PPC: Book3S: Suppress failed alloc warning in
H_COPY_TOFROM_GUEST (bsc#1012628).
- w1: Misuse of get_user()/put_user() reported by sparse
(bsc#1012628).
- nvmem: core: set size for sysfs bin file (bsc#1012628).
- dm: fix alloc_dax error handling in alloc_dev (bsc#1012628).
- dm: make the DAX support depend on CONFIG_FS_DAX (bsc#1012628).
- ASoC: test-component: fix null pointer dereference
(bsc#1012628).
- interconnect: qcom: rpm: Prevent integer overflow in rate
(bsc#1012628).
- scsi: ufs: Fix a kernel crash during shutdown (bsc#1012628).
- scsi: lpfc: Fix leaked lpfc_dmabuf mbox allocations with NPIV
(bsc#1012628).
- scsi: lpfc: Trigger SLI4 firmware dump before doing driver
cleanup (bsc#1012628).
- ALSA: seq: Set upper limit of processed events (bsc#1012628).
- MIPS: Loongson64: Use three arguments for slti (bsc#1012628).
- powerpc/40x: Map 32Mbytes of memory at startup (bsc#1012628).
- selftests/powerpc/spectre_v2: Return skip code when miss_percent
is high (bsc#1012628).
- powerpc: handle kdump appropriately with
crash_kexec_post_notifiers option (bsc#1012628).
- powerpc/fadump: Fix inaccurate CPU state info in vmcore
generated with panic (bsc#1012628).
- ASoC: SOF: Intel: hda: add quirks for HDAudio DMA position
information (bsc#1012628).
- udf: Fix error handling in udf_new_inode() (bsc#1012628).
- MIPS: OCTEON: add put_device() after of_find_device_by_node()
(bsc#1012628).
- irqchip/gic-v4: Disable redistributors' view of the VPE table
at boot time (bsc#1012628).
- i2c: designware-pci: Fix to change data types of hcnt and lcnt
parameters (bsc#1012628).
- scsi: hisi_sas: Prevent parallel FLR and controller reset
(bsc#1012628).
- ASoC: SOF: ipc: Add null pointer check for substream->runtime
(bsc#1012628).
- selftests/powerpc: Add a test of sigreturning to the kernel
(bsc#1012628).
- MIPS: Octeon: Fix build errors using clang (bsc#1012628).
- scsi: sr: Don't use GFP_DMA (bsc#1012628).
- scsi: mpi3mr: Fixes around reply request queues (bsc#1012628).
- ASoC: mediatek: mt8192-mt6359: fix device_node leak
(bsc#1012628).
- phy: phy-mtk-tphy: add support efuse setting (bsc#1012628).
- ASoC: mediatek: mt8173: fix device_node leak (bsc#1012628).
- ASoC: mediatek: mt8183: fix device_node leak (bsc#1012628).
- habanalabs: change wait for interrupt timeout to 64 bit
(bsc#1012628).
- habanalabs: skip read fw errors if dynamic descriptor invalid
(bsc#1012628).
- phy: mediatek: Fix missing check in mtk_mipi_tx_probe
(bsc#1012628).
- mailbox: change mailbox-mpfs compatible string (bsc#1012628).
- signal: In get_signal test for signal_group_exit every time
through the loop (bsc#1012628).
- PCI: mediatek-gen3: Disable DVFSRC voltage request
(bsc#1012628).
- PCI: qcom: Fix an error handling path in 'qcom_pcie_probe()'
(bsc#1012628).
- PCI: rcar: Check if device is runtime suspended instead of
__clk_is_enabled() (bsc#1012628).
- PCI: dwc: Do not remap invalid res (bsc#1012628).
- PCI: aardvark: Fix checking for MEM resource type (bsc#1012628).
- PCI: apple: Fix REFCLK1 enable/poll logic (bsc#1012628).
- KVM: VMX: Don't unblock vCPU w/ Posted IRQ if IRQs are disabled
in guest (bsc#1012628).
- KVM: s390: Ensure kvm_arch_no_poll() is read once when blocking
vCPU (bsc#1012628).
- KVM: VMX: Read Posted Interrupt "control" exactly once per
loop iteration (bsc#1012628).
- KVM: X86: Ensure that dirty PDPTRs are loaded (bsc#1012628).
- KVM: x86: Handle 32-bit wrap of EIP for EMULTYPE_SKIP with
flat code seg (bsc#1012628).
- KVM: x86: Exit to userspace if emulation prepared a completion
callback (bsc#1012628).
- i3c: fix incorrect address slot lookup on 64-bit (bsc#1012628).
- i3c/master/mipi-i3c-hci: Fix a potentially infinite loop in
'hci_dat_v1_get_index()' (bsc#1012628).
- tracing: Do not let synth_events block other dyn_event systems
during create (bsc#1012628).
- Input: ti_am335x_tsc - set ADCREFM for X configuration
(bsc#1012628).
- Input: ti_am335x_tsc - fix STEPCONFIG setup for Z2
(bsc#1012628).
- PCI: mvebu: Check for errors from pci_bridge_emul_init() call
(bsc#1012628).
- PCI: mvebu: Do not modify PCI IO type bits in conf_write
(bsc#1012628).
- PCI: mvebu: Fix support for bus mastering and PCI_COMMAND on
emulated bridge (bsc#1012628).
- PCI: mvebu: Fix configuring secondary bus of PCIe Root Port
via emulated bridge (bsc#1012628).
- PCI: mvebu: Setup PCIe controller to Root Complex mode
(bsc#1012628).
- PCI: mvebu: Fix support for PCI_BRIDGE_CTL_BUS_RESET on emulated
bridge (bsc#1012628).
- PCI: mvebu: Fix support for PCI_EXP_DEVCTL on emulated bridge
(bsc#1012628).
- PCI: mvebu: Fix support for PCI_EXP_RTSTA on emulated bridge
(bsc#1012628).
- PCI: mvebu: Fix support for DEVCAP2, DEVCTL2 and LNKCTL2
registers on emulated bridge (bsc#1012628).
- KVM: RISC-V: Avoid spurious virtual interrupts after clearing
hideleg CSR (bsc#1012628).
- NFSD: Fix verifier returned in stable WRITEs (bsc#1012628).
- Revert "nfsd: skip some unnecessary stats in the v4 case"
(bsc#1012628).
- nfsd: fix crash on COPY_NOTIFY with special stateid
(bsc#1012628).
- x86/hyperv: Properly deal with empty cpumasks in
hyperv_flush_tlb_multi() (bsc#1012628).
- drm/i915/pxp: Hold RPM wakelock during PXP unbind (bsc#1012628).
- drm/i915: don't call free_mmap_offset when purging
(bsc#1012628).
- SUNRPC: Fix sockaddr handling in the svc_xprt_create_error
trace point (bsc#1012628).
- SUNRPC: Fix sockaddr handling in svcsock_accept_class trace
points (bsc#1012628).
- drm/sun4i: dw-hdmi: Fix missing put_device() call in
sun8i_hdmi_phy_get (bsc#1012628).
- drm/atomic: Check new_crtc_state->active to determine if CRTC
needs disable in self refresh mode (bsc#1012628).
- ntb_hw_switchtec: Fix pff ioread to read into mmio_part_cfg_all
(bsc#1012628).
- ntb_hw_switchtec: Fix bug with more than 32 partitions
(bsc#1012628).
- drm/amd/display: invalid parameter check in dmub_hpd_callback
(bsc#1012628).
- drm/amdkfd: Check for null pointer after calling kmemdup
(bsc#1012628).
- drm/amdgpu: use spin_lock_irqsave to avoid deadlock by local
interrupt (bsc#1012628).
- PCI: mt7621: Add missing MODULE_LICENSE() (bsc#1012628).
- i3c: master: dw: check return of dw_i3c_master_get_free_pos()
(bsc#1012628).
- dma-buf: cma_heap: Fix mutex locking section (bsc#1012628).
- tracing/uprobes: Check the return value of kstrdup() for
tu->filename (bsc#1012628).
- tracing/probes: check the return value of kstrndup() for pbuf
(bsc#1012628).
- mm: defer kmemleak object creation of module_alloc()
(bsc#1012628).
- kasan: fix quarantine conflicting with init_on_free
(bsc#1012628).
- selftests/vm: make charge_reserved_hugetlb.sh work with existing
cgroup setting (bsc#1012628).
- hugetlbfs: fix off-by-one error in hugetlb_vmdelete_list()
(bsc#1012628).
- rpmsg: core: Clean up resources on announce_create failure
(bsc#1012628).
- ifcvf/vDPA: fix misuse virtio-net device config size for blk
dev (bsc#1012628).
- crypto: omap-aes - Fix broken pm_runtime_and_get() usage
(bsc#1012628).
- crypto: stm32/crc32 - Fix kernel BUG triggered in probe()
(bsc#1012628).
- crypto: caam - replace this_cpu_ptr with raw_cpu_ptr
(bsc#1012628).
- ubifs: Error path in ubifs_remount_rw() seems to wrongly free
write buffers (bsc#1012628).
- tpm: fix potential NULL pointer access in tpm_del_char_device
(bsc#1012628).
- tpm: fix NPE on probe for missing device (bsc#1012628).
- mfd: tps65910: Set PWR_OFF bit during driver probe
(bsc#1012628).
- spi: uniphier: Fix a bug that doesn't point to private data
correctly (bsc#1012628).
- xen/gntdev: fix unmap notification order (bsc#1012628).
- md: Move alloc/free acct bioset in to personality (bsc#1012628).
- HID: magicmouse: Fix an error handling path in
magicmouse_probe() (bsc#1012628).
- x86/mce: Check regs before accessing it (bsc#1012628).
- fuse: Pass correct lend value to filemap_write_and_wait_range()
(bsc#1012628).
- serial: Fix incorrect rs485 polarity on uart open (bsc#1012628).
- cputime, cpuacct: Include guest time in user time in
cpuacct.stat (bsc#1012628).
- sched/cpuacct: Fix user/system in shown cpuacct.usage*
(bsc#1012628).
- tracing/osnoise: Properly unhook events if
start_per_cpu_kthreads() fails (bsc#1012628).
- tracing/kprobes: 'nmissed' not showed correctly for kretprobe
(bsc#1012628).
- tracing: Have syscall trace events use
trace_event_buffer_lock_reserve() (bsc#1012628).
- remoteproc: imx_rproc: Fix a resource leak in the remove
function (bsc#1012628).
- iwlwifi: mvm: Increase the scan timeout guard to 30 seconds
(bsc#1012628).
- device property: Fix fwnode_graph_devcon_match() fwnode leak
(bsc#1012628).
- drm/tegra: submit: Add missing pm_runtime_mark_last_busy()
(bsc#1012628).
- drm/etnaviv: limit submit sizes (bsc#1012628).
- drm/amd/display: Fix the uninitialized variable in
enable_stream_features() (bsc#1012628).
- drm/nouveau/kms/nv04: use vzalloc for nv04_display
(bsc#1012628).
- drm/bridge: analogix_dp: Make PSR-exit block less (bsc#1012628).
- parisc: Fix lpa and lpa_user defines (bsc#1012628).
- powerpc/64s/radix: Fix huge vmap false positive (bsc#1012628).
- scsi: lpfc: Fix lpfc_force_rscn ndlp kref imbalance
(bsc#1012628).
- drm/amdgpu: Use correct VIEWPORT_DIMENSION for DCN2
(bsc#1012628).
- drm/amdgpu: don't do resets on APUs which don't support it
(bsc#1012628).
- drm/amd/display: Revert W/A for hard hangs on DCN20/DCN21
(bsc#1012628).
- drm/i915/display/ehl: Update voltage swing table (bsc#1012628).
- PCI: xgene: Fix IB window setup (bsc#1012628).
- PCI: pciehp: Use down_read/write_nested(reset_lock) to fix
lockdep errors (bsc#1012628).
- PCI: pci-bridge-emul: Make expansion ROM Base Address register
read-only (bsc#1012628).
- PCI: pci-bridge-emul: Properly mark reserved PCIe bits in PCI
config space (bsc#1012628).
- PCI: pci-bridge-emul: Fix definitions of reserved bits
(bsc#1012628).
- PCI: pci-bridge-emul: Correctly set PCIe capabilities
(bsc#1012628).
- PCI: pci-bridge-emul: Set PCI_STATUS_CAP_LIST for PCIe device
(bsc#1012628).
- xfrm: fix policy lookup for ipv6 gre packets (bsc#1012628).
- xfrm: fix dflt policy check when there is no policy configured
(bsc#1012628).
- btrfs: fix deadlock between quota enable and other quota
operations (bsc#1012628).
- btrfs: zoned: cache reported zone during mount (bsc#1012628).
- btrfs: check the root node for uptodate before returning it
(bsc#1012628).
- btrfs: add extent allocator hook to decide to allocate chunk
or not (bsc#1012628).
- btrfs: zoned: unset dedicated block group on allocation failure
(bsc#1012628).
- btrfs: zoned: fix chunk allocation condition for zoned allocator
(bsc#1012628).
- btrfs: respect the max size in the header when activating swap
file (bsc#1012628).
- ext4: make sure to reset inode lockdep class when quota enabling
fails (bsc#1012628).
- ext4: make sure quota gets properly shutdown on error
(bsc#1012628).
- ext4: fix a possible ABBA deadlock due to busy PA (bsc#1012628).
- ext4: initialize err_blk before calling __ext4_get_inode_loc
(bsc#1012628).
- ext4: fix fast commit may miss tracking range for
FALLOC_FL_ZERO_RANGE (bsc#1012628).
- ext4: set csum seed in tmp inode while migrating to extents
(bsc#1012628).
- ext4: Fix BUG_ON in ext4_bread when write quota data
(bsc#1012628).
- ext4: use ext4_ext_remove_space() for fast commit replay delete
range (bsc#1012628).
- ext4: fast commit may miss tracking unwritten range during
ftruncate (bsc#1012628).
- ext4: destroy ext4_fc_dentry_cachep kmemcache on module removal
(bsc#1012628).
- ext4: fix null-ptr-deref in '__ext4_journal_ensure_credits'
(bsc#1012628).
- ext4: fix an use-after-free issue about data=journal writeback
mode (bsc#1012628).
- ext4: don't use the orphan list when migrating an inode
(bsc#1012628).
- drm/radeon: fix error handling in radeon_driver_open_kms
(bsc#1012628).
- drm/amdgpu/display: Only set vblank_disable_immediate when
PSR is not enabled (bsc#1012628).
- firmware: Update Kconfig help text for Google firmware
(bsc#1012628).
- can: mcp251xfd: mcp251xfd_tef_obj_read(): fix typo in error
message (bsc#1012628).
- media: rcar-csi2: Optimize the selection PHTW register
(bsc#1012628).
- drm/vc4: hdmi: Make sure the device is powered with CEC
(bsc#1012628).
- media: correct MEDIA_TEST_SUPPORT help text (bsc#1012628).
- Documentation: coresight: Fix documentation issue (bsc#1012628).
- Documentation: dmaengine: Correctly describe dmatest with
channel unset (bsc#1012628).
- Documentation: ACPI: Fix data node reference documentation
(bsc#1012628).
- Documentation, arch: Remove leftovers from raw device
(bsc#1012628).
- Documentation, arch: Remove leftovers from CIFS_WEAK_PW_HASH
(bsc#1012628).
- Documentation: refer to config RANDOMIZE_BASE for kernel
address-space randomization (bsc#1012628).
- Documentation: fix firewire.rst ABI file path error
(bsc#1012628).
- Bluetooth: btusb: Return error code when getting patch status
failed (bsc#1012628).
- net: usb: Correct reset handling of smsc95xx (bsc#1012628).
- Bluetooth: hci_sync: Fix not setting adv set duration
(bsc#1012628).
- scsi: core: Show SCMD_LAST in text form (bsc#1012628).
- of: base: Improve argument length mismatch error (bsc#1012628).
- scsi: ufs: ufs-mediatek: Fix error checking in
ufs_mtk_init_va09_pwr_ctrl() (bsc#1012628).
- dmaengine: uniphier-xdmac: Fix type of address variables
(bsc#1012628).
- dmaengine: idxd: fix wq settings post wq disable (bsc#1012628).
- RDMA/hns: Modify the mapping attribute of doorbell to device
(bsc#1012628).
- RDMA/rxe: Fix a typo in opcode name (bsc#1012628).
- dmaengine: stm32-mdma: fix STM32_MDMA_CTBR_TSEL_MASK
(bsc#1012628).
- Revert "net/mlx5: Add retry mechanism to the command entry
index allocation" (bsc#1012628).
- powerpc/cell: Fix clang -Wimplicit-fallthrough warning
(bsc#1012628).
- powerpc/fsl/dts: Enable WA for erratum A-009885 on fman3l MDIO
buses (bsc#1012628).
- block: fix async_depth sysfs interface for mq-deadline
(bsc#1012628).
- block: Fix fsync always failed if once failed (bsc#1012628).
- drm/vc4: crtc: Drop feed_txp from state (bsc#1012628).
- drm/vc4: Fix non-blocking commit getting stuck forever
(bsc#1012628).
- drm/vc4: crtc: Copy assigned channel to the CRTC (bsc#1012628).
- libbpf: Remove deprecation attribute from struct
bpf_prog_prep_result (bsc#1012628).
- bpftool: Remove inclusion of utilities.mak from Makefiles
(bsc#1012628).
- bpftool: Fix indent in option lists in the documentation
(bsc#1012628).
- xdp: check prog type before updating BPF link (bsc#1012628).
- bpf: Fix mount source show for bpffs (bsc#1012628).
- bpf: Mark PTR_TO_FUNC register initially with zero offset
(bsc#1012628).
- perf evsel: Override attr->sample_period for non-libpfm4 events
(bsc#1012628).
- ipv4: update fib_info_cnt under spinlock protection
(bsc#1012628).
- ipv4: avoid quadratic behavior in netns dismantle (bsc#1012628).
- mlx5: Don't accidentally set RTO_ONLINK before
mlx5e_route_lookup_ipv4_get() (bsc#1012628).
- net/fsl: xgmac_mdio: Add workaround for erratum A-009885
(bsc#1012628).
- net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module
(bsc#1012628).
- parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries
(bsc#1012628).
- RISC-V: defconfigs: Set CONFIG_FB=y, for FB console
(bsc#1012628).
- riscv: dts: microchip: mpfs: Drop empty chosen node
(bsc#1012628).
- drm/vmwgfx: Remove explicit transparent hugepages support
(bsc#1012628).
- drm/vmwgfx: Remove unused compile options (bsc#1012628).
- f2fs: fix remove page failed in invalidate compress pages
(bsc#1012628).
- f2fs: fix to avoid panic in is_alive() if metadata is
inconsistent (bsc#1012628).
- f2fs: compress: fix potential deadlock of compress file
(bsc#1012628).
- f2fs: fix to reserve space for IO align feature (bsc#1012628).
- f2fs: fix to check available space of CP area correctly in
update_ckpt_flags() (bsc#1012628).
- crypto: octeontx2 - uninitialized variable in kvf_limits_store()
(bsc#1012628).
- af_unix: annote lockless accesses to unix_tot_inflight &
gc_in_progress (bsc#1012628).
- clk: Emit a stern warning with writable debugfs enabled
(bsc#1012628).
- clk: si5341: Fix clock HW provider cleanup (bsc#1012628).
- pinctrl/rockchip: fix gpio device creation (bsc#1012628).
- gpio: mpc8xxx: Fix IRQ check in mpc8xxx_probe (bsc#1012628).
- gpio: idt3243x: Fix IRQ check in idt_gpio_probe (bsc#1012628).
- net/smc: Fix hung_task when removing SMC-R devices
(bsc#1012628).
- net: axienet: increase reset timeout (bsc#1012628).
- net: axienet: Wait for PhyRstCmplt after core reset
(bsc#1012628).
- net: axienet: reset core on initialization prior to MDIO access
(bsc#1012628).
- net: axienet: add missing memory barriers (bsc#1012628).
- net: axienet: limit minimum TX ring size (bsc#1012628).
- net: axienet: Fix TX ring slot available check (bsc#1012628).
- net: axienet: fix number of TX ring slots for available check
(bsc#1012628).
- net: axienet: fix for TX busy handling (bsc#1012628).
- net: axienet: increase default TX ring size to 128
(bsc#1012628).
- bitops: protect find_first_{,zero}_bit properly (bsc#1012628).
- um: gitignore: Add kernel/capflags.c (bsc#1012628).
- HID: vivaldi: fix handling devices not using numbered reports
(bsc#1012628).
- mctp: test: zero out sockaddr (bsc#1012628).
- rtc: Move variable into switch case statement (bsc#1012628).
- rtc: pxa: fix null pointer dereference (bsc#1012628).
- vdpa/mlx5: Fix wrong configuration of virtio_version_1_0
(bsc#1012628).
- virtio_ring: mark ring unused on error (bsc#1012628).
- taskstats: Cleanup the use of task->exit_code (bsc#1012628).
- inet: frags: annotate races around fqdir->dead and
fqdir->high_thresh (bsc#1012628).
- netns: add schedule point in ops_exit_list() (bsc#1012628).
- iwlwifi: fix Bz NMI behaviour (bsc#1012628).
- xfrm: Don't accidentally set RTO_ONLINK in decode_session4()
(bsc#1012628).
- vdpa/mlx5: Fix config_attr_mask assignment (bsc#1012628).
- vdpa/mlx5: Restore cur_num_vqs in case of failure in
change_num_qps() (bsc#1012628).
- gre: Don't accidentally set RTO_ONLINK in
gre_fill_metadata_dst() (bsc#1012628).
- libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route()
(bsc#1012628).
- perf script: Fix hex dump character output (bsc#1012628).
- dmaengine: at_xdmac: Don't start transactions at tx_submit level
(bsc#1012628).
- dmaengine: at_xdmac: Start transfer for cyclic channels in
issue_pending (bsc#1012628).
- dmaengine: at_xdmac: Print debug message after realeasing the
lock (bsc#1012628).
- dmaengine: at_xdmac: Fix concurrency over xfers_list
(bsc#1012628).
- dmaengine: at_xdmac: Fix lld view setting (bsc#1012628).
- dmaengine: at_xdmac: Fix at_xdmac_lld struct definition
(bsc#1012628).
- perf cputopo: Fix CPU topology reading on s/390 (bsc#1012628).
- perf tools: Drop requirement for libstdc++.so for libopencsd
check (bsc#1012628).
- perf metricgroup: Fix use after free in metric__new()
(bsc#1012628).
- perf test: Enable system wide for metricgroups test
(bsc#1012628).
- perf probe: Fix ppc64 'perf probe add events failed' case
(bsc#1012628).
- perf metric: Fix metric_leader (bsc#1012628).
- devlink: Remove misleading internal_flags from health reporter
dump (bsc#1012628).
- arm64: dts: qcom: msm8996: drop not documented adreno properties
(bsc#1012628).
- net: fix sock_timestamping_bind_phc() to release device
(bsc#1012628).
- net: bonding: fix bond_xmit_broadcast return value error bug
(bsc#1012628).
- net: ipa: fix atomic update in ipa_endpoint_replenish()
(bsc#1012628).
- net_sched: restore "mpu xxx" handling (bsc#1012628).
- net: mscc: ocelot: don't let phylink re-enable TX PAUSE on
the NPI port (bsc#1012628).
- bcmgenet: add WOL IRQ check (bsc#1012628).
- net: mscc: ocelot: don't dereference NULL pointers with shared
tc filters (bsc#1012628).
- net: wwan: Fix MRU mismatch issue which may lead to data
connection lost (bsc#1012628).
- net: ethernet: mtk_eth_soc: fix error checking in
mtk_mac_config() (bsc#1012628).
- net: ocelot: Fix the call to switchdev_bridge_port_offload
(bsc#1012628).
- net: sfp: fix high power modules without diagnostic monitoring
(bsc#1012628).
- net: cpsw: avoid alignment faults by taking NET_IP_ALIGN into
account (bsc#1012628).
- net: phy: micrel: use kszphy_suspend()/kszphy_resume for irq
aware devices (bsc#1012628).
- net: mscc: ocelot: fix using match before it is set
(bsc#1012628).
- dt-bindings: display: meson-dw-hdmi: add missing
sound-name-prefix property (bsc#1012628).
- dt-bindings: display: meson-vpu: Add missing amlogic,canvas
property (bsc#1012628).
- dt-bindings: watchdog: Require samsung,syscon-phandle for
Exynos7 (bsc#1012628).
- sch_api: Don't skip qdisc attach on ingress (bsc#1012628).
- scripts/dtc: dtx_diff: remove broken example from help text
(bsc#1012628).
- lib82596: Fix IRQ check in sni_82596_probe (bsc#1012628).
- mm/hmm.c: allow VM_MIXEDMAP to work with hmm_range_fault
(bsc#1012628).
- bonding: Fix extraction of ports from the packet headers
(bsc#1012628).
- lib/test_meminit: destroy cache in kmem_cache_alloc_bulk()
test (bsc#1012628).
- KVM: x86: Do runtime CPUID update before updating
vcpu->arch.cpuid_entries (bsc#1012628).
- KVM: x86: Partially allow KVM_SET_CPUID{,2} after KVM_RUN
(bsc#1012628).
- KVM: selftests: Rename 'get_cpuid_test' to 'cpuid_test'
(bsc#1012628).
- KVM: selftests: Test KVM_SET_CPUID2 after KVM_RUN (bsc#1012628).
- ASoC: SOF: topology: remove sof_load_pipeline_ipc()
(bsc#1012628).
- ASoC: SOF: free widgets in sof_tear_down_pipelines() for static
pipelines (bsc#1012628).
- ASoC: SOF: sof-audio: setup sched widgets during pipeline
complete step (bsc#1012628).
- ASoC: SOF: handle paused streams during system suspend
(bsc#1012628).
- scripts: sphinx-pre-install: add required ctex dependency
(bsc#1012628).
- scripts: sphinx-pre-install: Fix ctex support on Debian
(bsc#1012628).
- commit c7377e3
- config: disable REGULATOR_MAX20086 on s390x
This driver seems to make little sense on s390x and it also fails to build
due to disabled CONFIG_GPIOLIB.
- commit 5152409
++++ augeas:
- testsuite requires glibc-locale, buildrequire it
++++ libgudev:
- add explicit glibc-locale buildrequires for passing the testsuite (bsc#1195390)
++++ openssl-1_1:
- Backport cryptographic improvements from OpenSSL 3 [jsc#SLE-19742]
* Optimize RSA on armv8: openssl-1_1-Optimize-RSA-armv8.patch
* Optimize AES-XTS mode for aarch64:
openssl-1_1-Optimize-AES-XTS-aarch64.patch
* Optimize AES-GCM for uarchs with unroll and new instructions:
openssl-1_1-Optimize-AES-GCM-uarchs.patch
- POWER10 performance enhancements for cryptography [jsc#SLE-18136]
* openssl-1_1-Optimize-ppc64.patch
++++ openssl-3:
- Remove /etc/pki/CA from the [jsc#SLE-17856, jsc#SLE-19044]
openssl-Override-default-paths-for-the-CA-directory-tree.patch
- Remove unused patches
++++ protobuf:
- update to 3.19.4:
Python:
* Make libprotobuf symbols local on OSX to fix issue #9395 (#9435)
Ruby:
* Fixed a data loss bug that could occur when the number of optional fields
in a message is an exact multiple of 32
PHP:
* Fixed a data loss bug that could occur when the number of optional fields
in a message is an exact multiple of 32.
++++ rpm:
- Fix minimize_writes not minimizing writes since 4.15 regression
new patch: 0001-fix-minimize_writes.patch
- switch to glibc-locale-base to reduce system installation size
by ~220MB (bsc#1195390)
++++ systemd:
- Merge nss-resolved and nss-mymachines NSS plug-in modules into systemd-network
and systemd-container respectively.
These modules are plug-in modules hence the shared library packaging policy
doesn't apply for them. Moreover they're pretty useless alone without their
respective systemd services, Hence let's reduce the number of sub-packages as
the list keeps increasing.
++++ salt:
- Fix inspector module export function (bsc#1097531)
- Wipe NOTIFY_SOCKET from env in cmdmod (bsc#1193357)
- Added:
* fix-inspector-module-export-function-bsc-1097531-481.patch
* wipe-notify_socket-from-env-in-cmdmod-bsc-1193357-30.patch
++++ suse-module-tools:
- Update to version 16.0.19:
* Add /etc/modprobe.d/README on SLE/Leap (bsc#1195051)
* rpm-script: force-copy kernel to /boot (boo#1194501)
------------------------------------------------------------------
------------------ 2022-1-27 - Jan 27 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- update to 21.3.5
* bugfix release: mostly Zink fixes
++++ Mesa-drivers:
- update to 21.3.5
* bugfix release: mostly Zink fixes
++++ fontconfig:
- adding bug reference to this changelog [bsc#1172301]
++++ kernel-default:
- mac80211: allow non-standard VHT MCS-10/11 (bsc#1192891).
- commit f7171e6
- Delete patches.suse/Bluetooth-Apply-initial-command-workaround-for-more-.patch
The upstream had already the fix
- commit 59dcb9d
++++ krb5:
- Resolve "Credential cache directory /run/user/0/krb5cc does not
exist while opening default credentials cache" by using a kernel
keyring instead of a dir cache; (bsc#1109830);
++++ graphite2:
- Fix license header so that it corresponds to SPDX abbreviation
++++ rpm:
- make patches git quiltimport friendlier
++++ systemd:
- Merge libudev-devel into systemd-devel
- Make sure that libopenssl-devel is installed when building resolved. Openssl
was implictly pulled in by systemd-experimental subpackage but could be
missing if the build of this subpackage was disabled.
++++ sudo:
- Add support in the LDAP filter for negated users, patch taken
from upstream (jsc#20068)
* Adds sudo-feature-negated-LDAP-users.patch
++++ u-boot-rpiarm64:
Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2022.01
* Patches added:
0016-mx6qsabrelite-Enable-DM_ETH-to-re-e.patch
0017-rockchip-sdhci-Fix-RK3399-eMMC-PHY-.patch
------------------------------------------------------------------
------------------ 2022-1-26 - Jan 26 2022 -------------------
------------------------------------------------------------------
++++ NetworkManager:
- Packaging additions with Autotools replacement:
+ Add Meson build requirement and replace Automake macros with
Meson equivalent ones as autotools will be deprecated in the
future.
+ Options passed to Meson to mimmic our default preferences:
systemdsystemunitdir=%{_unitdir}, udev_dir=%{_udevdir},
dbus_conf_dir=%{_dbusconfdir}, iptables=%{_sbindir}/iptables,
dnsmasq=%{_sbindir}/dnsmasq, dnssec_trigger=%{_libexecdir}\
/dnssec-trigger-script, dist_version=%{version},
polkit_agent_helper_1=%{_libexecdir}/polkit-1\
/polkit-agent-helper-1, hostname_persist=suse, switchable
libaudit=%{libaudit_meson_opt}, iwd=true, pppd=%{_sbindir}\
/pppd, pppd_plugin_dir=%{_pppddir}, nm_cloud_setup=true,
bluez5_dun=true, netconfig=%{_sbindir}/netconfig,
dhclient=%{_sbindir}/dhclient, docs=true, switchable
tests=%{tests_meson_opt}, more_asserts=0, more_logging=false,
qt=false, and switchable teamdctl=true (teamctl is about to be
deprecated).
+ Add conditionalized audit pkgconfig module build requirement to
allow easier feature testing, and pass
'yes-disabled-by-default' to 'libaudit' Meson option. As an
observation: Meson defaults passing 'yes' to this feature.
+ Add explicit c++_compiler build requirement to avoid build
abortion.
+ Add explicit libselinux pkgconfig module build requirement
checked by Meson and was already being pulled in by some other
package.
+ Add polkit-gobject-1 pkgconfig module build requirement checked
by Meson and needed for user auth-polkit support.
+ Add mobile-broadband-provider-info pkgconfig module build
requirement checked by Meson and needed for ModemManager1
interface support.
+ Add sed command to fix server.conf config file location from
defaultdocdir/NetworkManager/examples to
defaultdocdir/NetworkManager.
+ Add useful %{_pppddir} and %{_dbusconfdir} macros to spec file,
while dropping no longed needed pppddir shell variable
definition and 'test -n "$pppddir" || exit 1' construct.
+ Add "< 1.21" version to libnm-glib-vpn1, libnm-glib4, and
libnm-util2 < 1.21 to main package's Obsoletes tags, following
packaging good practices to avoid future unwated behavior
regarding versioning schemes.
+ Replace %version macro with hardcoded "0.9.1" version to the
devel subpackage's %name-doc Obsoletes tag following packaging
good practices to avoid future unwanted behaviors regarding
versioning schemes (the doc subpackage was merged with the
devel one in the 0.9.0 release).
+ Pass "%{?no_lang_C}" to %find_lang macro to avoid stripping
any English translations (the default language) from main
package.
- Packaging deletions with Autotools replacement:
+ Remove data/server.conf from %doc macro in files section as it
no longer works with Meson.
+ Remove "rm" command on server.conf file following sed command
addition to fix the right location of the file.
+ Remove no longer useful conditional build abortion depending
whether or not netconfig support was found
'grep "with_netconfig='no'" config.log' since this file isn't
generated by Meson.
+ Remove no longer needed "find" command for GNU Libtool LA files
deletion.
+ Drop no longer needed libtool build requirement as Meson does
not use it.
+ Drop redundant sysconfig-netconfig build requirement as it does
not add anything to the build anymore.
+ Drop comment about suse-release build requirement not being
needed anymore, it's been deprecated for almost a decade now.
+ Drop setBadness for 'dbus-file-unauthorized' in the rpmlintrc:
the new dbus file has been whitelisted already (bsc#1194799).
++++ apparmor:
- add ruby-3.1-build-fix.diff: fix build with ruby 3.1 (boo#1194221,
MR 827)
++++ glib2:
- Update to version 2.70.3:
+ Several important fixes to FD handling in gspawn.
+ Several important fixes to GDBus message and GVariant parsing
of invalid data.
+ Fix potential data loss due to missing fsync when saving files
on btrfs.
+ Bugs fixed: glgo#GNOME/GLib#2503, glgo#GNOME/GLib#2506,
glgo#GNOME/GLib#2557, glgo#GNOME/GLib#2572,
glgo#GNOME/GLib#2580, glgo#GNOME/GLib!2394,
glgo#GNOME/GLib!2415, glgo#GNOME/GLib!2437,
glgo#GNOME/GLib!2444, glgo#GNOME/GLib!2455.
+ Updated translations.
++++ k3s-selinux:
- Add missing spec license/copyright
++++ kernel-default:
- drm/i915: Flush TLBs before releasing backing store
(CVE-2022-0330 bsc#1194880).
- commit 32e5616
- Update config files: disable CONFIG_INTEL_IDXD_COMPAT (bsc#1194858)
The compat support is rather unwanted, and this allows us to build
idxd bus as module, too.
- commit 527268a
++++ libapparmor:
- add ruby-3.1-build-fix.diff: fix build with ruby 3.1 (boo#1194221,
MR 827)
++++ lua54:
- Ensure shared library is installed with executable bit set
- Update to Lua 5.4.4:
* fixes all bugs found in Lua 5.4.3
- Removed upstream-bugs.patch: new release (no bugs found yet)
- Removed upstream-bugs-test.patch: new release (no bugs found yet)
++++ polkit:
- Switch from mozjs to duktape:
* Add duktape-support.patch
++++ systemd:
- resolved: disable fallback DNS servers and fail when no DNS server info could
be obtained from the links. It's better to let the sysadmin know that
something is likely misconfigured rather than silently handing over the DNS
queries to Google or Cloudflare.
- resolved: disable DNSSEC until the following issue is solved:
https://github.com/systemd/systemd/issues/10579
- Replace '%setup+%autopatch' with '%autosetup'
++++ libvirt:
- Revert commit 938382b60a since it changes semantics on some
public APIs
105dace2-revert-virProcessGetStatInfo.patch
++++ salt:
- Update to version 3004, see release notes: https://docs.saltproject.io/en/master/topics/releases/3004.html
- Don't check for cached pillar errors on state.apply (bsc#1190781)
- Added:
* state.apply-don-t-check-for-cached-pillar-errors.patch
- Modified:
* add-migrated-state-and-gpg-key-management-functions-.patch
* switch-firewalld-state-to-use-change_interface.patch
* include-aliases-in-the-fqdns-grains.patch
* debian-info_installed-compatibility-50453.patch
* info_installed-works-without-status-attr-now.patch
* fix-traceback.print_exc-calls-for-test_pip_state-432.patch
* add-custom-suse-capabilities-as-grains.patch
* add-rpm_vercmp-python-library-for-version-comparison.patch
* 3003.3-do-not-consider-skipped-targets-as-failed-for.patch
* support-transactional-systems-microos.patch
* do-not-crash-when-unexpected-cmd-output-at-listing-p.patch
* enable-passing-a-unix_socket-for-mysql-returners-bsc.patch
* update-target-fix-for-salt-ssh-to-process-targets-li.patch
* fix-exception-in-yumpkg.remove-for-not-installed-pac.patch
* enhance-openscap-module-add-xccdf_eval-call-386.patch
* add-environment-variable-to-know-if-yum-is-invoked-f.patch
* zypperpkg-ignore-retcode-104-for-search-bsc-1176697-.patch
* run-salt-master-as-dedicated-salt-user.patch
* 3003.3-postgresql-json-support-in-pillar-423.patch
* prevent-pkg-plugins-errors-on-missing-cookie-path-bs.patch
* early-feature-support-config.patch
* implementation-of-held-unheld-functions-for-state-pk.patch
* x509-fixes-111.patch
* fix-issues-with-salt-ssh-s-extra-filerefs.patch
* mock-ip_addrs-in-utils-minions.py-unit-test-443.patch
* use-adler32-algorithm-to-compute-string-checksums.patch
* refactor-and-improvements-for-transactional-updates-.patch
* improvements-on-ansiblegate-module-354.patch
* revert-fixing-a-use-case-when-multiple-inotify-beaco.patch
- Removed:
* add-alibaba-cloud-linux-2-by-backporting-upstream-s-.patch
* prevent-logging-deadlock-on-salt-api-subprocesses-bs.patch
* do-not-break-master_tops-for-minion-with-version-low.patch
* don-t-call-zypper-with-more-than-one-no-refresh.patch
* do-not-monkey-patch-yaml-bsc-1177474.patch
* add-missing-aarch64-to-rpm-package-architectures-405.patch
* figure-out-python-interpreter-to-use-inside-containe.patch
* parsing-epoch-out-of-version-provided-during-pkg-rem.patch
* fix-a-test-and-some-variable-names-229.patch
* add-astra-linux-common-edition-to-the-os-family-list.patch
* better-handling-of-bad-public-keys-from-minions-bsc-.patch
* templates-move-the-globals-up-to-the-environment-jin.patch
* virt-enhancements.patch
* fix-aptpkg.normalize_name-when-package-arch-is-all.patch
* adding-preliminary-support-for-rocky.-59682-391.patch
* fix-save-for-iptables-state-module-bsc-1185131-372.patch
++++ toolbox:
- Allow docker as an alternative to podman in the package Requires. This was
supported since 2.2.
------------------------------------------------------------------
------------------ 2022-1-25 - Jan 25 2022 -------------------
------------------------------------------------------------------
++++ iputils:
- temporarily reintroduce rarpd and rdisc tools to get them into
15sp4 [jsc#SLE-23521]
++++ kernel-default:
- config: Enable BPF LSM
This LSM might get more adoption both in core system projects and
container/k8s works and it would be good to be ready to support them.
BPF LSM is a feature available since kernel 5.7 which allows to write
BPF programs attached to LSM hooks and allowing/denying a particular
event.
BPF LSM is already adopted in a (not yet default) restrict-fs feature in
systemd[0].
BPF LSM is also used in the lockc[1] project which we develop at SUSE.
There should be no functional or performance changes for users who don't
load any BPF LSM programs. BPF LSM works only if some BPF programs is
explicitly loaded.
[0] https://github.com/systemd/systemd/blob/main/src/core/bpf/restrict_fs/restrict-fs.bpf.c
[1] https://github.com/rancher-sandbox/lockc
- commit c2c25b1
- drm/amdgpu: Fix rejecting Tahiti GPUs (bsc#1194906).
- commit 8a4cb35
++++ p11-kit:
- Update to version 0.24.1:
* rpc: Support protocol version negotiation.
* proxy: Support copying attribute array recursively.
* Link libp11-kit so that it cannot unload.
* Translation improvements.
* Build fixes.
++++ polkit:
- Fixed pkexec Local Privilege Escalation aka pwnkit (CVE-2021-4034 bsc#1194568)
CVE-2021-4034-pkexec-fix.patch
++++ python310-core:
- Remove second superfluous BR rpm-build-python
- Remove second superfluous BR rpm-build-python
- Add fix_configure_rst.patch, which removes duplicate link
targets and make documentation with old Sphinx in SLE
- Skip test_capi (bsc#1195140 and bpo#37169)
++++ libvirt:
- libxl: Add lock process indicator to saved VM state
31e937fb-libxl-save-lock-indicator.patch
bsc#1191668
++++ wayland:
- There is a file conflict in current wayland-devel-32bit and
prvevious libwayland-egl-devel-32bit package; therefore add
a conflicts to baselibs.conf
++++ python310:
- Remove second superfluous BR rpm-build-python
- Remove second superfluous BR rpm-build-python
- Add fix_configure_rst.patch, which removes duplicate link
targets and make documentation with old Sphinx in SLE
- Skip test_capi (bsc#1195140 and bpo#37169)
++++ raspberrypi-firmware:
- Update to 9c04ed2c1a (2022-01-24):
* firmware: platform: Limit max clock-id to CLOCK_VEC for now
See: #1688
++++ raspberrypi-firmware-config:
- Update to 9c04ed2c1a (2022-01-24):
* firmware: platform: Limit max clock-id to CLOCK_VEC for now
See: #1688
++++ raspberrypi-firmware-config-camera:
- Update to 9c04ed2c1a (2022-01-24):
* firmware: platform: Limit max clock-id to CLOCK_VEC for now
See: #1688
------------------------------------------------------------------
------------------ 2022-1-24 - Jan 24 2022 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Update
patches.kernel.org/5.16.2-005-vfs-fs_context-fix-up-param-length-parsing-in-.patch
(bsc#1012628 CVE-2022-0185 bsc#1194517).
Add CVE reference.
- commit 0d710a8
- kernel-binary.spec.in: Move 20-kernel-default-extra.conf to the correctr
directory (bsc#1195051).
- commit c80b5de
- s390/mm: fix 2KB pgtable release race (bsc#1188896).
- commit 6f62d73
++++ util-linux:
- update to 2.37.3 (bsc#1194976):
This release fixes two security mount(8) and umount(8) issues:
* CVE-2021-3996
Improper UID check in libmount allows an unprivileged user to unmount FUSE
filesystems of users with similar UID.
* CVE-2021-3995
This issue is related to parsing the /proc/self/mountinfo file allows an
unprivileged user to unmount other user's filesystems that are either
world-writable themselves or mounted in a world-writable directory.
++++ mozilla-nss:
- update to NSS 3.74
* bmo#966856 - mozilla::pkix: support SHA-2 hashes in CertIDs in
OCSP responses
* bmo#1553612 - Ensure clients offer consistent ciphersuites after HRR
* bmo#1721426 - NSS does not properly restrict server keys based on policy
* bmo#1733003 - Set nssckbi version number to 2.54
* bmo#1735407 - Replace Google Trust Services LLC (GTS) R4 root certificate
* bmo#1735407 - Replace Google Trust Services LLC (GTS) R3 root certificate
* bmo#1735407 - Replace Google Trust Services LLC (GTS) R2 root certificate
* bmo#1735407 - Replace Google Trust Services LLC (GTS) R1 root certificate
* bmo#1735407 - Replace GlobalSign ECC Root CA R4
* bmo#1733560 - Remove Expired Root Certificates - DST Root CA X3
* bmo#1740807 - Remove Expiring Cybertrust Global Root and GlobalSign root
certificates
* bmo#1741930 - Add renewed Autoridad de Certificacion Firmaprofesional
CIF A62634068 root certificate
* bmo#1740095 - Add iTrusChina ECC root certificate
* bmo#1740095 - Add iTrusChina RSA root certificate
* bmo#1738805 - Add ISRG Root X2 root certificate
* bmo#1733012 - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate
* bmo#1738028 - Avoid a clang 13 unused variable warning in opt build
* bmo#1735028 - Check for missing signedData field
* bmo#1737470 - Ensure DER encoded signatures are within size limits
- enable key logging option (boo#1195040)
++++ gcc12:
- Update to trunk head, 978abe918f8c8deed28e92297d3c0cc (git191254)
- Fix filenames in the following patches:
gcc11-amdgcn-disable-hot-cold-partitioning.patch,
gcc41-ppc32-retaddr.patch.
++++ protobuf:
- Update to 3.19.3:
C++:
* Make proto2::Message::DiscardUnknownFields() non-virtual
* Separate RepeatedPtrField into its own header file
* For default floating point values of 0, consider all bits significant
* Fix shadowing warnings
* Fix for issue #8484, constant initialization doesn't compile in msvc clang-cl environment
Java:
* Improve performance characteristics of UnknownFieldSet parsing
* For default floating point values of 0, consider all bits significant
* Annotate //java/com/google/protobuf/util/... with nullness annotations
* Use ArrayList copy constructor
Bazel:
* Ensure that release archives contain everything needed for Bazel
* Align dependency handling with Bazel best practices
Javascript:
* Fix ReferenceError: window is not defined when getting the global object
Ruby:
* Fix memory leak in MessageClass.encode
* Override Map.clone to use Map's dup method
* Ruby: build extensions for arm64-darwin
* Add class method Timestamp.from_time to ruby well known types
* Adopt pure ruby DSL implementation for JRuby
* Add size to Map class
* Fix for descriptor_pb.rb: google/protobuf should be required first
Python:
* Proto2 DecodeError now includes message name in error message
* Make MessageToDict convert map keys to strings
* Add python-requires in setup.py
* Add python 3.10
++++ systemd:
- systemd.spec: explicitely list all files for each main (sub) packages
Using glob patterns in %files section to reduce the number of listed files was
error-prone as some introduced files could silently be placed in the wrong
subpackage. The sections were also hard to read and many files needed to be
excluded from the main package making the point of glob pattern usage moot.
systemd, udev, systemd-container and systemd-network packages have now their
list of files described in a dedicated file. The lists are kept sorted to make
them easy to parse. The size of the files, especially the one for the main
package, is still reasonable and much easier to read now.
During this rework, a couple of cleanups happened: more use of
%{_systemd_util_dir}, some files was incorrectly owned by the main package and
have been moved to the correct sub-package, etc...
Note: the rest of the subpackages might be addressed later but let's find how
it goes for now.
++++ raspberrypi-firmware:
- Update to 827fdd0736 (2022-01-20):
* firmware: dtoverlay: Don't mix non-fatal errors and offsets
See: #1686
* firmware: arm_loader: Load vl805 overlay on CM4
See: https://forums.raspberrypi.com/viewtopic.php?t=326088
* firmware: gencmdserv: Add mailbox interface to gencmd
* firmware: improve firmware camera detection
* firmware: arm-loader: Fix kernel8.img selection on 2837 with arm_64bit=1
See: #1671
* firmware: ldconfig: Discard subsequent chunks from a truncated line
See: #1669
* firmware: cec: Fail set_passive_mode when running with kms
* firmware: Firmware: Remove PWM/audio traits for CM4
* firmware: usb: Fix non-BCM2711 MSD support
See: raspberrypi/usbboot#102
++++ raspberrypi-firmware-config:
- Update to 827fdd0736 (2022-01-20):
* firmware: dtoverlay: Don't mix non-fatal errors and offsets
See: #1686
* firmware: arm_loader: Load vl805 overlay on CM4
See: https://forums.raspberrypi.com/viewtopic.php?t=326088
* firmware: gencmdserv: Add mailbox interface to gencmd
* firmware: improve firmware camera detection
* firmware: arm-loader: Fix kernel8.img selection on 2837 with arm_64bit=1
See: #1671
* firmware: ldconfig: Discard subsequent chunks from a truncated line
See: #1669
* firmware: cec: Fail set_passive_mode when running with kms
* firmware: Firmware: Remove PWM/audio traits for CM4
* firmware: usb: Fix non-BCM2711 MSD support
See: raspberrypi/usbboot#102
++++ raspberrypi-firmware-config-camera:
- Update to 827fdd0736 (2022-01-20):
* firmware: dtoverlay: Don't mix non-fatal errors and offsets
See: #1686
* firmware: arm_loader: Load vl805 overlay on CM4
See: https://forums.raspberrypi.com/viewtopic.php?t=326088
* firmware: gencmdserv: Add mailbox interface to gencmd
* firmware: improve firmware camera detection
* firmware: arm-loader: Fix kernel8.img selection on 2837 with arm_64bit=1
See: #1671
* firmware: ldconfig: Discard subsequent chunks from a truncated line
See: #1669
* firmware: cec: Fail set_passive_mode when running with kms
* firmware: Firmware: Remove PWM/audio traits for CM4
* firmware: usb: Fix non-BCM2711 MSD support
See: raspberrypi/usbboot#102
++++ selinux-policy:
- Update to version 20220124. Refreshed:
* fix_hadoop.patch
* fix_init.patch
* fix_kernel_sysctl.patch
* fix_systemd.patch
* fix_systemd_watch.patch
- Added fix_hypervkvp.patch to fix issues with hyperv labeling
(bsc#1193987)
++++ util-linux-systemd:
- update to 2.37.3 (bsc#1194976):
This release fixes two security mount(8) and umount(8) issues:
* CVE-2021-3996
Improper UID check in libmount allows an unprivileged user to unmount FUSE
filesystems of users with similar UID.
* CVE-2021-3995
This issue is related to parsing the /proc/self/mountinfo file allows an
unprivileged user to unmount other user's filesystems that are either
world-writable themselves or mounted in a world-writable directory.
------------------------------------------------------------------
------------------ 2022-1-23 - Jan 23 2022 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Update to 5.17-rc1
- eliminated 73 patches (67 stable, 6 mainline)
- patches.kernel.org/*
- patches.suse/0001-usb-Add-Xen-pvUSB-protocol-description.patch
- patches.suse/0002-usb-Introduce-Xen-pvUSB-frontend-xen-hcd.patch
- patches.suse/ALSA-usb-audio-Add-minimal-mute-notion-in-dB-mapping.patch
- patches.suse/ALSA-usb-audio-Fix-dB-level-of-Bose-Revolve-SoundLin.patch
- patches.suse/ALSA-usb-audio-Use-int-for-dB-map-values.patch
- patches.suse/mwifiex-Fix-skb_over_panic-in-mwifiex_usb_recv.patch
- refresh
- patches.rpmify/powerpc-64-BE-option-to-use-ELFv2-ABI-for-big-endian.patch
- patches.suse/iwlwifi-module-firmware-ucode-fix.patch
- patches.suse/vfs-add-super_operations-get_inode_dev
- patches.suse/kernel-add-product-identifying-information-to-kernel-build.patch
- disable ARM architectures (need config update)
- new config options
- Power management and ACPI options
- ACPI_PFRUT=m
- ACPI_PCC=y
- X86_AMD_PSTATE=m
- Memory Management options
- ANON_VMA_NAME=y
- Networking support
- NET_9P_FD=m
- File systems
- CACHEFILES_ERROR_INJECTION=n
- UNICODE_UTF8_DATA=y
- Kernel hacking
- NET_DEV_REFCNT_TRACKER=n
- NET_NS_REFCNT_TRACKER=n
- PAGE_TABLE_CHECK=y
- PAGE_TABLE_CHECK_ENFORCED=n
- FTRACE_SORT_STARTUP_TEST=n
- TEST_REF_TRACKER=n
- TEST_SIPHASH=n
- Generic Driver Options
- DEVTMPFS_SAFE=n
- Network device support
- NET_VENDOR_ENGLEDER=y
- TSNEP=m
- TSNEP_SELFTESTS=n
- ICE_HWTS=y
- NET_VENDOR_VERTEXCOM=y
- MSE102X=m
- MCTP_SERIAL=m
- IWLMEI=m
- WWAN_DEBUGFS=n
- Hardware Monitoring support
- SENSORS_NZXT_SMART2=m
- SENSORS_DELTA_AHE50DC_FAN=m
- SENSORS_IR38064_REGULATOR=y
- SENSORS_MP5023=m
- SENSORS_INA238=m
- SENSORS_ASUS_WMI=m
- SENSORS_ASUS_WMI_EC=m
- Voltage and Current Regulator Support
- REGULATOR_MAX20086=m
- REGULATOR_TPS68470=m
- Graphics support
- TINYDRM_ILI9163=n
- Sound card support
- SND_HDA_SCODEC_CS35L41_I2C=m
- SND_HDA_SCODEC_CS35L41_SPI=m
- SND_SOC_INTEL_SOF_NAU8825_MACH=m
- SND_SOC_SOF_AMD_TOPLEVEL=m
- SND_SOC_SOF_AMD_RENOIR=m
- SND_SOC_AK4375=n
- SND_SOC_TLV320ADC3XXX=n
- X86 Platform Specific Device Drivers
- YOGABOOK_WMI=m
- ASUS_TF103C_DOCK=m
- INTEL_VSEC=m
- X86_ANDROID_TABLETS=m
- SIEMENS_SIMATIC_IPC=m
- SIEMENS_SIMATIC_IPC_WDT=m
- Common Clock Framework
- COMMON_CLK_TPS68470=n
- COMMON_CLK_LAN966X=n
- Industrial I/O support
- TI_ADS8344=n
- TI_ADS8688=n
- TI_ADS124S08=n
- AD74413R=n
- AD3552R=n
- AD7293=n
- MAX5821=n
- ADMV8818=n
- ADMV1013=n
- Misc drivers
- GNSS_USB=m
- SERIAL_8250_PERICOM=y
- GPIO_SIM=m
- CHARGER_MAX77976=m
- VIDEO_OV5693=m
- HID_LETSKETCH=m
- LEDS_SIEMENS_SIMATIC_IPC=m
- OF dependent (i386, ppc64/ppc64le, riscv64)
- DRM_RCAR_USE_LVDS=n
- DRM_RCAR_MIPI_DSI=n
- DRM_PANEL_BOE_BF060Y8M_AJ0=n
- DRM_PANEL_JDI_R63452=n
- DRM_PANEL_NOVATEK_NT35950=n
- DRM_PANEL_SONY_TULIP_TRULY_NT35521=n
- VIDEO_MAX96712=m
- PHY_FSL_IMX8M_PCIE=m
- x86_64
- SLS=y
- i386
- PHY_LAN966X_SERDES=m
- ppc64 / ppc64le
- KVM_BOOK3S_HV_NESTED_PMU_WORKAROUND=n
- SURFACE_PLATFORMS=n
- s390x
- SURFACE_PLATFORMS=n
- CRYPTO_CHACHA_S390=m
- riscv64
- SOC_STARFIVE=y
- RISCV_BOOT_SPINWAIT=y
- PINCTRL_STARFIVE=m
- SND_AMD_ACP_CONFIG=m
- CLK_STARFIVE_JH7100=y
- RESET_STARFIVE_JH7100=y
- PHY_LAN966X_SERDES=m
- commit 8751a94
++++ userspace-rcu:
- update to 0.13.1:
* fix: properly detect 'cmpxchg' on x86-32
* fix: use urcu-tls compat with c++ compiler
* fix: remove autoconf features default value in help message
* fix: add missing pkgconfig file for memb flavour lib
* Make temporary variable in _rcu_dereference non-const
* Fix: x86 and s390: uatomic __hp() macro C++ support
* Fix: x86 and s390: uatomic __hp() macro clang support
* Fix: x86 and s390 uatomic: __hp() macro warning with gcc 11
++++ python-py:
- update to 1.11.0:
* Support Python 3.11
* Support ``NO_COLOR`` environment variable
* Update vendored apipkg: 1.5 => 2.0
++++ qemu:
- Enable modules for testsuite
++++ vim:
- Updated to version 8.2.4186, fixes the following problems
- CVE-2022-0318 - boo#1195004
- CVE-2022-0261 - boo#1194872
- CVE-2022-0213 - boo#1194885
* Vim9: exported function in autoload script not found. (Yegappan Lakshmanan)
* Foam files are not detected.
* Computation overflow with large count for :yank.
* Vim9: imported autoload script loaded again.
* Vim9: cannot call imported function with :call. (Drew Vogel)
* Vim9: import test fails.
* Vim9: import test fails on MS-Windows.
* Using uninitialized memory when reading empty file.
* Vim9: no detection of return in try/endtry. (Dominique Pellé)
* Vim9: compiling function fails when autoload script is not loaded yet.
* Coverity warns for using NULL pointer.
* Going over the end of NameBuff.
* Test failures.
* Memory leak in autoload import.
* Not all Libsensors files are recognized.
* Terminal test for current directory not used on FreeBSD.
* MS-Windows: "gvim --version" didn't work when build with VIMDLL.
* Not sufficient test coverage for xxd.
* CodeQL reports problem in if_cscope causing it to fail.
* Check for autoload file name and prefix fails. (Christian J. Robinson)
* Vim9: no test for "vim9script autoload' and using script variable in
the same script.
* Memory leak when looking for autoload prefixed variable.
* Vim9: no test for using import in legacy script.
* "cctx" argument of find_func_even_dead() is unused.
* Cannot test items from an autoload script easily.
* Xxd cannot output everything in one line.
* Terminal test for current directory fails on FreeBSD.
* After restoring a session buffer order can be quite different.
* Virtcol is recomputed for statusline unnecessarily.
* MacOS CI: unnecessarily doing "Install packages".
* Cached breakindent values not initialized properly.
* 'virtualedit' is window-local but using buffer-local enum.
* Sed script not recognized by the first line.
* Linux CI: unnecessarily installing packages
* Wrong number in error message on 32 bit system. (John Paul Adrian Glaubitz)
* Typing "interrupt" at debug prompt may keep exception around, causing
function calls to fail.
* Vim9: cannot use Vim9 syntax in mapping.
* Early return when getting the 'formatlistpat' value.
* Warning for unused argument in tiny version.
* Vim9: import cannot be used after method.
* Vim9: variable declared in for loop not initialzed.
* Vim9: lower casing the autoload prefix causes problems.
* Translation related comment in the wrong place.
* Going over the end of the w_lines array.
* Script context not restored after using <ScriptCmd>.
* Going over the end of the w_lines array.
* MS-Windows: high dpi support is outdated.
* Coverity warns for using NULL pointer.
* Potential proglem when map is deleted while executing.
* Function not deleted at end of test.
* Typo on DOCMD_RANGEOK results in not recognizing command.
* Vim9: type checking for a funcref does not work for when it is used in
a method.
* Cannot use a method with a complex expression.
* Vim9: cannot use a method with a complex expression in a :def function.
* Vim9: wrong white space error after using imported item.
* Using UNUSED for argument that is used.
* Build failure when disabling the channel feature.
* Block insert goes over the end of the line.
* Visual test fails on MS-Windows.
* ":command Cmd" does not show custom completion argument.
* Complete function cannot be import.Name.
* Vim9: method in compiled function may not see script item.
* Completion tests fail.
* Crash on exit when built with dynamic Tcl and EXITFREE is
defined. (Dominique Pellé)
* Build failure without the +eval feature.
* Crash when method cannot be found. (Christian J. Robinson)
* Building with +sound but without +eval fails. (Dominique Pellé)
* MS-Windows: MSVC build may have libraries duplicated.
* Vim9: calling function in autoload import does not work in a :def function.
* Vim9: wrong error message when autoload script can't be found.
* output of ":scriptnames" goes into the message history, while this des
not happen for other commands, such as ":ls".
* MS-Windows: test for import with absolute path fails.
* Vim9: ":scriptnames" shows unloaded imported autoload script.
* Vim9: the "autoload" argument of ":vim9script" is not useful.
* Vim9: calling import with and without method is inconsistent.
* Vim9: no error for return with argument when the function does not
return anything.
* Using freed memory if an expression abbreviation deletes the abbreviation.
* maparg() does not indicate the type of script where it was defined.
* Vim9 builtin functions test fails.
* Build failure with normal features without persistent undo.
* MS-Windows: IME support for Win9x is obsolete.
* Cannot load libsodium dynamically.
* Confusing error when using name of import for a function.
* Vim9: shadowed function can be used in compiled function but not at
script level.
* E464 does not always include the offending command.
* Deleting any mapping may cause <ScriptCmd> to not set the script context.
* Test override not restored, autocommand left behind.
* Coverity warns for using pointer after free.
* Reading beyond the end of a line.
* Block insert with double wide character fails.
* MS-Windows: Global IME is no longer supported.
* ml_get error when exchanging windows in Visual mode.
* Translating strftime() argument results in check error.
* Fileinfo message overwrites echo'ed message.
* Terminal test fails because Windows sets the title.
* MS-Windows: memory leak in :browse.
* MS-Windows: _WndProc() is very long.
* Cannot change the register used for Select mode delete.
* Vim9: warning for missing white space after imported variable.
* Vim9: no error for redefining function with export.
* No error for omitting function name after autoload prefix.
* Error in legacy code for function shadowing variable.
* The nv_g_cmd() function is too long.
* Undo synced when switching buffer in another window.
* Vim9: error message for old style import.
* Disallowing empty function name breaks existing plugins.
* MS-Windows: unnessary casts and other minor things.
* MS-Windows: still using old message API calls.
* Cannot invoke option function using autoload import.
* Filetype detection for BASIC is not optimal.
* Cannot use an import in 'foldexpr'.
* Vim9: can use an autoload name in normal script.
* MS-Windows: runtime check for multi-line balloon is obsolete.
* Vim9: cannot use imported function with call().
* Vim9: autoload script not loaded after "vim9script noclear".
* Vim9: invalid error for return type of lambda when debugging.
* 'foldtext' is evaluated in the current script context.
* 'balloonexpr' is evaluated in the current script context.
* Vim9: cannot use an import in 'diffexpr'.
* Memory leak when evaluating 'diffexpr'.
* Cannot use an import in 'formatexpr'.
* Cannot use an import in 'includeexpr'.
* Cannot use an import in 'indentexpr'.
* Cannot use an import in 'patchexpr'.
++++ wpa_supplicant:
- update to 2.10.0:
* SAE changes
- improved protection against side channel attacks
[https://w1.fi/security/2022-1/]
- added support for the hash-to-element mechanism (sae_pwe=1 or
sae_pwe=2); this is currently disabled by default, but will likely
get enabled by default in the future
- fixed PMKSA caching with OKC
- added support for SAE-PK
* EAP-pwd changes
- improved protection against side channel attacks
[https://w1.fi/security/2022-1/]
* fixed P2P provision discovery processing of a specially constructed
invalid frame
[https://w1.fi/security/2021-1/]
* fixed P2P group information processing of a specially constructed
invalid frame
[https://w1.fi/security/2020-2/]
* fixed PMF disconnection protection bypass in AP mode
[https://w1.fi/security/2019-7/]
* added support for using OpenSSL 3.0
* increased the maximum number of EAP message exchanges (mainly to
support cases with very large certificates)
* fixed various issues in experimental support for EAP-TEAP peer
* added support for DPP release 2 (Wi-Fi Device Provisioning Protocol)
* a number of MKA/MACsec fixes and extensions
* added support for SAE (WPA3-Personal) AP mode configuration
* added P2P support for EDMG (IEEE 802.11ay) channels
* fixed EAP-FAST peer with TLS GCM/CCM ciphers
* improved throughput estimation and BSS selection
* dropped support for libnl 1.1
* added support for nl80211 control port for EAPOL frame TX/RX
* fixed OWE key derivation with groups 20 and 21; this breaks backwards
compatibility for these groups while the default group 19 remains
backwards compatible
* added support for Beacon protection
* added support for Extended Key ID for pairwise keys
* removed WEP support from the default build (CONFIG_WEP=y can be used
to enable it, if really needed)
* added a build option to remove TKIP support (CONFIG_NO_TKIP=y)
* added support for Transition Disable mechanism to allow the AP to
automatically disable transition mode to improve security
* extended D-Bus interface
* added support for PASN
* added a file-based backend for external password storage to allow
secret information to be moved away from the main configuration file
without requiring external tools
* added EAP-TLS peer support for TLS 1.3 (disabled by default for now)
* added support for SCS, MSCS, DSCP policy
* changed driver interface selection to default to automatic fallback
to other compiled in options
* a large number of other fixes, cleanup, and extensions
- drop wpa_supplicant-p2p_iname_size.diff, CVE-2021-30004.patch,
CVE-2021-27803.patch, CVE-2021-0326.patch, CVE-2019-16275.patch:
upstream
- refresh config from 2.10 defconfig, re-enable CONFIG_WEP
------------------------------------------------------------------
------------------ 2022-1-21 - Jan 21 2022 -------------------
------------------------------------------------------------------
++++ kdump:
- kdump-calibrate-Ignore-malformed-VMCOREINFO.patch: calibrate:
Ignore malformed VMCOREINFO lines (address occasional OBS build
failures).
- Update to 1.0
* Estimate kdump memory requirements at build time
(jsc#SLE-18441).
- Remove patches that have been upstreamed:
* kdump-0.9.2-mkdumprd-properly-pass-compression-params.patch
++++ kernel-default:
- HID: wacom: Avoid using stale array indicies to read contact
count (bsc#1194667).
- HID: wacom: Ignore the confidence flag when a touch is removed
(bsc#1194667).
- HID: wacom: Reset expected and received contact counts at the
same time (bsc#1194667).
- commit 07a970c
- Linux 5.16.2 (bsc#1012628).
- ALSA: hda/realtek: Re-order quirk entries for Lenovo
(bsc#1012628).
- ALSA: hda/realtek: Add quirk for Legion Y9000X 2020
(bsc#1012628).
- ALSA: hda/tegra: Fix Tegra194 HDA reset failure (bsc#1012628).
- ALSA: hda: ALC287: Add Lenovo IdeaPad Slim 9i 14ITL5 speaker
quirk (bsc#1012628).
- ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus
Master after reboot from Windows (bsc#1012628).
- ALSA: hda/realtek: Use ALC285_FIXUP_HP_GPIO_LED on another HP
laptop (bsc#1012628).
- ALSA: hda/realtek: Add speaker fixup for some Yoga 15ITL5
devices (bsc#1012628).
- perf annotate: Avoid TUI crash when navigating in the annotation
of recursive functions (bsc#1012628).
- firmware: qemu_fw_cfg: fix kobject leak in probe error path
(bsc#1012628).
- firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate
entries (bsc#1012628).
- firmware: qemu_fw_cfg: fix sysfs information leak (bsc#1012628).
- rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore()
with interrupts enabled (bsc#1012628).
- media: uvcvideo: fix division by zero at stream start
(bsc#1012628).
- video: vga16fb: Only probe for EGA and VGA 16 color graphic
cards (bsc#1012628).
- 9p: fix enodata when reading growing file (bsc#1012628).
- 9p: only copy valid iattrs in 9P2000.L setattr implementation
(bsc#1012628).
- NFSD: Fix zero-length NFSv3 WRITEs (bsc#1012628).
- remoteproc: qcom: pas: Add missing power-domain "mxc" for CDSP
(bsc#1012628).
- KVM: s390: Clarify SIGP orders versus STOP/RESTART
(bsc#1012628).
- KVM: x86: don't print when fail to read/write pv eoi memory
(bsc#1012628).
- KVM: x86: Register Processor Trace interrupt hook iff PT
enabled in guest (bsc#1012628).
- KVM: x86: Register perf callbacks after calling vendor's
hardware_setup() (bsc#1012628).
- perf: Protect perf_guest_cbs with RCU (bsc#1012628).
- vfs: fs_context: fix up param length parsing in
legacy_parse_param (bsc#1012628).
- remoteproc: qcom: pil_info: Don't memcpy_toio more than is
provided (bsc#1012628).
- orangefs: Fix the size of a memory allocation in
orangefs_bufmap_alloc() (bsc#1012628).
- drm/amd/display: explicitly set is_dsc_supported to false
before use (bsc#1012628).
- devtmpfs regression fix: reconfigure on each mount
(bsc#1012628).
- commit 6fa29ec
++++ avahi:
- Change to systemd-sysusers
++++ libglvnd:
- Re-enable asm on aarch64
- Add patch to fix run with BTI enabled on aarch64:
* libglvnd-add-bti.patch - boo#1188928
++++ openssl-3:
- Ship openssl-3 as binary names [jsc#SLE-17856, jsc#SLE-19044]
- Use openssl3.cnf
* openssl-use-versioned-config.patch
* fix-config-in-tests.patch
- Support crypto policies
* openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
* openssl-Override-default-paths-for-the-CA-directory-tree.patch
- Remove obsolets, not ready to force an upgrade yet
++++ zstd:
- update to 1.5.2:
* correct a performance regression
* smaller improvements and fixes
* See https://github.com/facebook/zstd/releases/tag/v1.5.2
- Refresh pzstd.1.patch
- Drop upstream noexecstack.patch
++++ raspberrypi-firmware-dt:
- Switch to 5.16 branch - boo#1194423
- Update to ffd6c6dc4dbf (2022-01-19)
------------------------------------------------------------------
------------------ 2022-1-20 - Jan 20 2022 -------------------
------------------------------------------------------------------
++++ NetworkManager:
- Split out NetworkManager-pppoe, needed to configure regular PPPoE
connections (Not very common, as most users have PPPoE routers
for the DSL connections).
++++ kernel-default:
- kernel-binary.spec: Do not use the default certificate path (bsc#1194943).
Using the the default path is broken since Linux 5.17
- commit 68b36f0
- disable the Bluetooth patch again
The kernel is currently tested whether the patch is needed at all. As
95655456e7ce in upstream might fix the issue too (but differently).
- commit c3bbaae
++++ llvm15:
- Add support for experimental targets and enable the M68k backend
- Add patch to fix testsuite after enabling the M68k backend
+ llvm-update-extract-section-script.patch
++++ procps:
- Correct used URLs
++++ libzypp:
- Fix Legacy include (bsc#1194597)
- version 17.29.2 (22)
++++ psmisc:
- Update to 23.4:
* killall: Dynamically link to selinux and use security attributes
* pstree: Do not crash on missing processes !21
* pstree: fix layout when using -C !24
* pstree: add time namespace !25
* pstree: Dynamically link to selinux and use attr
* fuser: Get less confused about duplicate dev_id !10
* fuser: Only check pathname on non-block devices !31
- Rebase 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch
- Rebase 0002-Use-new-statx-2-system-call-to-avoid-hangs-on-NFS.patch
- Port psmisc-22.21-pstree.patch
- Delete psmisc-v23.3-selinux.patch as not needed anymore
- Rename psmisc-v23.3.dif which is now psmisc-v23.4.dif with correct offsets
++++ virt-manager:
- bsc#1194323 - [jsc#SLE-19237][virt-manager] Detected the wrong
win2k22 guest system version from the local install media
virtinst-windows-server-detection.patch
- Upstream bug fixes (bsc#1027942)
8bb64ad5-console-Dont-block-console-reconnect-for-non-error.patch
Drop virtman-init-viewer-on-reboot.patch
------------------------------------------------------------------
------------------ 2022-1-19 - Jan 19 2022 -------------------
------------------------------------------------------------------
++++ btrfsprogs:
- add python-rpm-macros (bsc#1194748)
++++ kernel-default:
- series.conf: cleanup
- move mainline patches into sorted section:
- patches.suse/mwifiex-Fix-skb_over_panic-in-mwifiex_usb_recv.patch
- patches.suse/0001-usb-Add-Xen-pvUSB-protocol-description.patch
- patches.suse/0002-usb-Introduce-Xen-pvUSB-frontend-xen-hcd.patch
- update upstream references and move into sorted section:
- patches.suse/ALSA-usb-audio-Add-minimal-mute-notion-in-dB-mapping.patch
- patches.suse/ALSA-usb-audio-Fix-dB-level-of-Bose-Revolve-SoundLin.patch
- patches.suse/ALSA-usb-audio-Use-int-for-dB-map-values.patch
No effect on expanded tree.
- commit 607f978
- Refresh and reenable
patches.suse/Bluetooth-Apply-initial-command-workaround-for-more-.patch.
- commit a7b7c0d
++++ kernel-firmware:
- Update to version 20220119 (git commit 0c6a7b3bf728):
* linux-firmware: Update firmware file for Intel Bluetooth 9260
* linux-firmware: Update firmware file for Intel Bluetooth 9462
* linux-firmware: Update firmware file for Intel Bluetooth 9462
* linux-firmware: Update firmware file for Intel Bluetooth 9560
* linux-firmware: Update firmware file for Intel Bluetooth 9560
* linux-firmware: Update firmware file for Intel Bluetooth AX201
* linux-firmware: Update firmware file for Intel Bluetooth AX201
* linux-firmware: Update firmware file for Intel Bluetooth AX211
* linux-firmware: Update firmware file for Intel Bluetooth AX211
* linux-firmware: Update firmware file for Intel Bluetooth AX210
* linux-firmware: Update firmware file for Intel Bluetooth 9560
* linux-firmware: Update firmware file for Intel Bluetooth AX200
* linux-firmware: Update firmware file for Intel Bluetooth AX201
* linux-firmware: update firmware for mediatek bluetooth chip(MT7921)
* linux-firmware: update firmware for MT7921 WiFi device
* Mellanox: Add new mlxsw_spectrum firmware xx.2010.1232
* linux-firmware: add marvell CPT firmware images
* QCA: Add Bluetooth nvm file for WCN685x
* QCA: Update Bluetooth WCN685x 2.1 firmware to 2.1.0-00324
* QCA: Update Bluetooth WCN685x 2.0 firmware to 2.0.0-00609
* i915: Add GuC v69.0.3 for all platforms
- Add entry for rvu_cptpf
++++ gcc12:
- Bump to 0bd247bbbe4cf396173f09eeec37e116e98f8471.
- Fix filename in gcc10-amdgcn-llvm-as.patch.
- Remove sys/rseq.h from include-fixed
++++ libgcrypt:
- FIPS: Service level indicator [bsc#1190700]
* Provide an indicator to check wether the service utilizes an
approved cryptographic algorithm or not.
* Add patches:
- libgcrypt-FIPS-service-indicators.patch
- libgcrypt-FIPS-verify-unsupported-KDF-test.patch
- libgcrypt-FIPS-HMAC-short-keylen.patch
++++ python310-core:
- Update to 3.10.2:
Bugfix only
- bpo#46347 memory leak in PyEval_EvalCodeEx (especially
visible with Cython code)
- and many others
++++ systemd:
- Move the whole content of /usr/share/doc/packages/systemd in doc subpackage
- Move the systemd-network-generator stuff in udev package
This generator can generate .link files and is mainly used in initrd where
udev is mandatory.
++++ python310:
- Update to 3.10.2:
Bugfix only
- bpo#46347 memory leak in PyEval_EvalCodeEx (especially
visible with Cython code)
- and many others
++++ rpm-config-SUSE:
- Update to version 0.g93:
* locale.attr: Match all files inside LC_MESSAGES (boo#1194865)
* remove leap_version as it's obsolete
++++ systemd-rpm-macros:
- Bump to version 15
------------------------------------------------------------------
------------------ 2022-1-18 - Jan 18 2022 -------------------
------------------------------------------------------------------
++++ btrfsprogs:
- spec: also provide btrfs-progs as it's common package name in other distros
- spec: clean up conditionals for < 12 versions
- spec: let SLE12 build again (conditional dependency of libreiserfscore)
- Removed patches: sles11-defaults.h (no SLE11 compatibility anymore)
- Added patches: btrfs-progs-kerncompat-add-local-definition-for-alig.patch
(fix build on SLE12/SLE15)
++++ gnutls:
- Update to 3.7.3: [bsc#1190698, bsc#1190796]
* libgnutls: The allowlisting configuration mode has been added
to the system-wide settings. In this mode, all the algorithms
are initially marked as insecure or disabled, while the
applications can re-enable them either through the [overrides]
section of the configuration file or the new API (#1172).
* The build infrastructure no longer depends on GNU AutoGen for
generating command-line option handling, template file parsing
in certtool, and documentation generation (#773, #774). This
change also removes run-time or bundled dependency on the
libopts library, and requires Python 3.6 or later to regenerate
the distribution tarball. Note that this brings in known backward
incompatibility in command-line tools, such as long options are
now case sensitive, while previously they were treated in a case
insensitive manner: for example --RSA is no longer a valid option
of certtool. The existing scripts using GnuTLS tools may need
adjustment for this change.
* libgnutls: The tpm2-tss-engine compatible private blobs can be loaded
and used as a gnutls_privkey_t (#594). The code was originally written
for the OpenConnect VPN project by David Woodhouse. To generate such
blobs, use the tpm2tss-genkey tool from tpm2-tss-engine:
https://github.com/tpm2-software/tpm2-tss-engine/#rsa-operations
or the tpm2_encodeobject tool from unreleased tpm2-tools.
* libgnutls: The library now transparently enables Linux KTLS (kernel
TLS) when the feature is compiled in with --enable-ktls configuration
option (#1113). If the KTLS initialization fails it automatically falls
back to the user space implementation.
* certtool: The certtool command can now read the Certificate Transparency
(RFC 6962) SCT extension (#232). New API functions are also provided to
access and manipulate the extension values.
* certtool: The certtool command can now generate, manipulate, and evaluate
x25519 and x448 public keys, private keys, and certificates.
* libgnutls: Disabling a hashing algorithm through "insecure-hash"
configuration directive now also disables TLS ciphersuites that use it
as a PRF algorithm.
* libgnutls: PKCS#12 files are now created with modern algorithms by default
(!1499). Previously certtool used PKCS12-3DES-SHA1 for key derivation and
HMAC-SHA1 as an integity measure in PKCS#12. Now it uses AES-128-CBC with
PBKDF2 and SHA-256 for both key derivation and MAC algorithms, and the
default PBKDF2 iteration count has been increased to 600000.
* libgnutls: PKCS#12 keys derived using GOST algorithm now uses
HMAC_GOSTR3411_2012_512 instead of HMAC_GOSTR3411_2012_256 for integrity,
to conform with the latest TC-26 requirements (#1225).
* libgnutls: The library now provides a means to report the status
of approved cryptographic operations (!1465). To adhere to the
FIPS140-3 IG 2.4.C., this complements the existing mechanism to
prohibit the use of unapproved algorithms by making the library
unusable state.
* gnutls-cli: The gnutls-cli command now provides a --list-config
option to print the library configuration (!1508).
* libgnutls: Fixed possible race condition in
gnutls_x509_trust_list_verify_crt2 when a single trust list object
is shared among multiple threads (#1277). [GNUTLS-SA-2022-01-17,
CVSS: low]
* API and ABI modifications:
GNUTLS_PRIVKEY_FLAG_RSA_PSS_FIXED_SALT_LENGTH: new flag in
gnutls_privkey_flags_t
GNUTLS_VERIFY_RSA_PSS_FIXED_SALT_LENGTH: new flag in
gnutls_certificate_verify_flags
gnutls_ecc_curve_set_enabled: Added.
gnutls_sign_set_secure: Added.
gnutls_sign_set_secure_for_certs: Added.
gnutls_digest_set_secure: Added.
gnutls_protocol_set_enabled: Added.
gnutls_fips140_context_init: New function
gnutls_fips140_context_deinit: New function
gnutls_fips140_push_context: New function
gnutls_fips140_pop_context: New function
gnutls_fips140_get_operation_state: New function
gnutls_fips140_operation_state_t: New enum
gnutls_transport_is_ktls_enabled: New function
gnutls_get_library_configuration: New function
* Remove patches fixed in the update:
- gnutls-FIPS-module-version.patch
- gnutls-FIPS-service-indicator.patch
- gnutls-FIPS-service-indicator-public-key.patch
- gnutls-FIPS-service-indicator-symmetric-key.patch
- gnutls-FIPS-RSA-PSS-flags.patch
- gnutls-FIPS-RSA-mod-sizes.patch
- FIPS: Fix regression tests in fips and non-fips mode [bsc#1194468]
* Add gnutls-FIPS-disable-failing-tests.patch
* Remove patches:
- gnutls-temporarily_disable_broken_guile_reauth_test.patch
- disable-psk-file-test.patch
++++ kernel-default:
- lib/raid6: skip benchmark of non-chosen xor_syndrome (bsc#1195037)
- lib/raid6: Use strict priority ranking for pq gen()
benchmarking (bsc#1195037).
- commit 3ce1e9c
++++ gcc12:
- Bump to 3c4a54adb2164315d18fd8980c0fc37eb3d22252.
- Rebase patches after .cc renaming.
++++ ncurses:
- Fix boo#1194805 by skipping linker optimizations from final
pkgconfig files as well as ncurses-config
++++ systemd:
- Restore /sbin/udevadm and /bin/systemctl (obsolete) paths when split_usr is
true (bsc#1194519)
++++ libvirt:
- sysconfig files have not been distributed for many months. Add
upstream patches that improve documentation and moves service
default settings to the associated systemd service file.
3be5ba11-libvirt-guests-install.patch,
16172741-libvirt-guests-manpage.patch,
8eb44616-remove-sysconfig-files.patch
- Update to libvirt 8.0.0
- CVE-2021-4147
- bsc#1191511
- jsc#SLE-11435, jsc#SLE-18354
- Many incremental improvements and bug fixes, see
https://libvirt.org/news.html#v8-0-0-2022-01-14
- Dropped patches:
23b51d7b-libxl-disable-death-event.patch,
a4e6fba0-libxl-rename-threadinfo-struct.patch,
e4f7589a-libxl-shutdown-thread-name.patch,
b9a5faea-libxl-handle-death-thread.patch,
5c5df531-libxl-search-domid-in-thread.patch,
a7a03324-libxl-protect-logger-access.patch,
cbae4eaa-libxl-add-domainGetMessages.patch
++++ python-libvirt-python:
- Update to 8.0.0
- Add all new APIs and constants in libvirt 8.0.0
- jsc#SLE-11435, jsc#SLE-18354
++++ systemd-rpm-macros:
- %sysusers_create_inline was wrongly marked as deprecated
- %sysusers_create can be useful in certain cases and won't go away until we'll
move to file triggers. So don't mark it as deprecated too
++++ u-boot-rpiarm64:
- Update to 2022.01
------------------------------------------------------------------
------------------ 2022-1-17 - Jan 17 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- using memory-constraints on ppc64 for trying to avoid OOM during
build (boo#1194739)
++++ Mesa-drivers:
- using memory-constraints on ppc64 for trying to avoid OOM during
build (boo#1194739)
++++ apparmor:
- add update-samba-abstractions-ldb2.diff: Cater for changes to ldb
packaging to allow parallel installation with libldb (bsc#1192684).
++++ docker:
- Update to Docker 20.10.12-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/#201012>.
- Remove CHANGELOG.md. It hasn't been maintained since 2017, and all of the
changelogs are currently only available online.
++++ dracut:
- Update to version 055+suse.194.gdd41932a:
* fix(network-legacy): add wicked as an alternative to arping (bsc#1193670)
* fix(network): add wicked as an alternative to arping (bsc#1193670)
- Update to version 055+suse.191.g67eb4ea8:
* fix(dracut-initramfs-restore.sh): add test for SUSE initrd name (bsc#1194570)
* fix(dracut.spec): require util-linux-systemd (bsc#1194162)
* fix(network-wicked): multiple path corrections
* fix(drm): add privacy screen modules to the initrd (bsc#1193590)
* fix(dracut.spec): update usrmerged mkinitrd dir
* fix(url-lib): improve ca-bundle detection (bsc#1175892)
++++ gnutls:
- FIPS: Provide module identifier and version [bsc#1190796]
* Add configurable options to output the module name/identifier
(--with-fips140-module-name) and the module version
(--with-fips140-module-version).
* Add the CLI option list-config that reports the configuration
of the library.
* Add gnutls-FIPS-module-version.patch
++++ kbd:
- Add patch to fix random doubling of font sizes (bsc#1194698):
* 0001-libkfont-Initialize-kfont_context-options.patch
++++ kernel-default:
- series.conf: Add sorted section header/footer
Even though we don't carry many patches in the stable or master
branches, having the sorted section header/footer allows the automated
tools to work.
- commit 05f8150
++++ libapparmor:
- add update-samba-abstractions-ldb2.diff: Cater for changes to ldb
packaging to allow parallel installation with libldb (bsc#1192684).
++++ avahi:
- Reinstate avahi-0.6.31-systemd-order.patch (boo#1194561).
This can probably go away if/when gh#lathiat/avahi#118 is fixed.
- Drop avahi-0.6.32-suppress-resolv-conf-warning.patch: we should
no longer need this given the above patch.
- Add several patches from git:
0001-man-fix-reference-to-avahi-autoipd.action-8-in-avahi.patch
0005-avahi-dnsconfd.service-Drop-Also-avahi-daemon.socket.patch
0006-man-add-missing-bshell.1-symlink.patch
0007-Ship-avahi-discover-1-bssh-1-and-bvnc-1-also-for-GTK.patch
0009-fix-bytestring-decoding-for-proper-display.patch 0010-avahi_dns_packet_consume_uint32-fix-potential-undefi.patch
- Build manpages with xmltoman. Currently needed for bssh.
- Minor spec file clean-up.
- Require python-rpm-macros for all builds (boo#1194744 boo#1194745).
++++ expat:
- update to 2.4.3 (bsc#1194251, bsc#1194362, bsc#1194474,
bsc#1194476, bsc#1194477, bsc#1194478, bsc#1194479, bsc#1194480):
* CVE-2021-45960 -- Fix issues with left shifts by >=29 places
resulting in
a) realloc acting as free
b) realloc allocating too few bytes
c) undefined behavior
depending on architecture and precise value
for XML documents with >=2^27+1 prefixed attributes
on a single XML tag a la
"<r xmlns:a='[..]' a:a123='[..]' [..] />"
where XML_ParserCreateNS is used to create the parser
(which needs argument "-n" when running xmlwf).
Impact is denial of service, or more.
* CVE-2021-46143 (ZDI-CAN-16157) -- Fix integer overflow
on variable m_groupSize in function doProlog leading
to realloc acting as free.
Impact is denial of service or more.
* CVE-2022-22822 to CVE-2022-22827 -- Prevent integer overflows
near memory allocation at multiple places. Mitre assigned
a dedicated CVE for each involved internal C function:
- CVE-2022-22822 for function addBinding
- CVE-2022-22823 for function build_model
- CVE-2022-22824 for function defineAttribute
- CVE-2022-22825 for function lookup
- CVE-2022-22826 for function nextScaffoldPart
- CVE-2022-22827 for function storeAtts
Impact is denial of service or more.
++++ libnettle:
- Provide s390x CPACF/SHA/AES Support for Crypto Libraries
* Add libnettle-s390x-CPACF-SHA-AES-support.patch [jsc#SLE-20733]
++++ ncurses:
- Add ncurses patch 20220115
+ improve checks for valid mouse events when an intermediate mouse
state is not part of the mousemask specified by the caller (report by
Anton Vidovic, cf: 20111022).
+ use newer version 1.36 of gnathtml for generating Ada html files.
++++ libpwquality:
- Add python-rpm-macros to BuildRequires (boo#1194757).
++++ libseccomp:
- buildrequire python-rpm-macros
++++ systemd:
- Import commit 3743acbce3bd44208af453fc6dc384a1236dc83c (merge of v249.9)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/e2ca79dd775d1f7d39861d57f23c43f6cd85a872...3743acbce3bd44208af453fc6dc384a1236dc83c
++++ qemu:
* Patches added:
meson-build-all-modules-by-default.patch
++++ runc:
- Update to runc v1.1.0. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.1.0.
- libcontainer will now refuse to build without the nsenter package being
correctly compiled (specifically this requires CGO to be enabled). This
should avoid folks accidentally creating broken runc binaries (and
incorrectly importing our internal libraries into their projects). (#3331)
++++ toolbox:
- Update to version 2.3+git20220117.bd53c7c:
- Fixes error where if custom image is used toolbox will download
the default image before entering an existing container. (#40)
------------------------------------------------------------------
------------------ 2022-1-16 - Jan 16 2022 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Linux 5.16.1 (bsc#1012628).
- workqueue: Fix unbind_workers() VS wq_worker_running() race
(bsc#1012628).
- workqueue: Fix unbind_workers() VS wq_worker_sleeping() race
(bsc#1012628).
- staging: r8188eu: switch the led off during deinit
(bsc#1012628).
- bpf: Fix out of bounds access from invalid *_or_null type
verification (bsc#1012628).
- Bluetooth: btusb: Add one more Bluetooth part for the Realtek
RTL8852AE (bsc#1012628).
- Bluetooth: btusb: Fix application of sizeof to pointer
(bsc#1012628).
- Bluetooth: btusb: fix memory leak in
btusb_mtk_submit_wmt_recv_urb() (bsc#1012628).
- Bluetooth: btusb: enable Mediatek to support AOSP extension
(bsc#1012628).
- Bluetooth: btusb: Add the new support IDs for WCN6855
(bsc#1012628).
- Bluetooth: btusb: Add one more Bluetooth part for WCN6855
(bsc#1012628).
- Bluetooth: btusb: Add two more Bluetooth parts for WCN6855
(bsc#1012628).
- Bluetooth: btusb: Add support for Foxconn MT7922A (bsc#1012628).
- Bluetooth: btintel: Fix broken LED quirk for legacy ROM devices
(bsc#1012628).
- Bluetooth: btusb: Add support for Foxconn QCA 0xe0d0
(bsc#1012628).
- Bluetooth: bfusb: fix division by zero in send path
(bsc#1012628).
- ARM: dts: exynos: Fix BCM4330 Bluetooth reset polarity in I9100
(bsc#1012628).
- USB: core: Fix bug in resuming hub's handling of wakeup requests
(bsc#1012628).
- USB: Fix "slab-out-of-bounds Write" bug in
usb_hcd_poll_rh_status (bsc#1012628).
- ath11k: Fix buffer overflow when scanning with extraie
(bsc#1012628).
- mmc: sdhci-pci: Add PCI ID for Intel ADL (bsc#1012628).
- Bluetooth: add quirk disabling LE Read Transmit Power
(bsc#1012628).
- Bluetooth: btbcm: disable read tx power for some Macs with
the T2 Security chip (bsc#1012628).
- Bluetooth: btbcm: disable read tx power for MacBook Air 8,1
and 8,2 (bsc#1012628).
- veth: Do not record rx queue hint in veth_xmit (bsc#1012628).
- mfd: intel-lpss: Fix too early PM enablement in the ACPI
- >probe() (bsc#1012628).
- mfd: intel-lpss-pci: Fix clock speed for 38a8 UART
(bsc#1012628).
- can: gs_usb: fix use of uninitialized variable, detach device
on reception of invalid USB data (bsc#1012628).
- can: isotp: convert struct tpcon::{idx,len} to unsigned int
(bsc#1012628).
- can: gs_usb: gs_can_start_xmit(): zero-initialize
hf->{flags,reserved} (bsc#1012628).
- random: fix data race on crng_node_pool (bsc#1012628).
- random: fix data race on crng init time (bsc#1012628).
- platform/x86/intel: hid: add quirk to support Surface Go 3
(bsc#1012628).
- drm/i915: Avoid bitwise vs logical OR warning in
snb_wm_latency_quirk() (bsc#1012628).
- staging: greybus: fix stack size warning with UBSAN
(bsc#1012628).
- parisc: Fix pdc_toc_pim_11 and pdc_toc_pim_20 definitions
(bsc#1012628).
Disabled:
patches.suse/Bluetooth-Apply-initial-command-workaround-for-more-.patch
as it conflicts with 95655456e7ce. Asked in bsc#1193124.
- commit 13f032a
------------------------------------------------------------------
------------------ 2022-1-15 - Jan 15 2022 -------------------
------------------------------------------------------------------
++++ python-certifi:
- update to 2021.10.8:
added certs:
* CN=TunTrust Root CA O=Agence Nationale de Certification Electronique
* CN=HARICA TLS ECC Root CA 2021 O=Hellenic Academic and Research Institutions CA
------------------------------------------------------------------
------------------ 2022-1-14 - Jan 14 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- update to 21.3.4
* bugfix release
++++ Mesa-drivers:
- update to 21.3.4
* bugfix release
++++ NetworkManager:
- Update to version 1.34.0:
+ initrd: wait for both IPv4 and IPv6 with "ip=dhcp,dhcp6"
+ core: better handle sd-resolved errors when resolving hostnames
+ nmcli: fix import WireGuard profile with DNS domain and address
family disabled
+ ndisc: send router solicitations before expiry
+ policy: send earlier the ip configs to the DNS manager
+ core: support linking with LLD 13
+ wireguard: importing wg-quick configuration files with nmcli
no longer sets a negative, exclusive "dns-priority". This plays
better with common split DNS setups that use systemd-resolved.
Adjust the "dns-priority" to your liking after import yourself.
+ NetworkManager no longer listens for netlink events for traffic
control objects (qdiscs and filters).
+ core: add internal nm-priv-helper service for separating
privileges and have a way to drop capabilities from
NetworkManager daemon.
+ bond: add support for setting queue-id of bond port.
+ dns: support configuring DNS over TLS (DoT) with
systemd-resolved.
+ nmtui: add support for WireGuard profiles.
+ nmcli: add aliases `nmcli device up|down` beside
connect|disconnect.
+ conscious language: Deprecate 'Device.Slaves' D-Bus property in
favor of new 'Device.Ports' property. Depracate
'nm_device_*_get_slaves()' in favor of 'nm_device_get_ports()'
in libnm.
+ nmcli: invoking nmcli command without arguments will now show
'default' instead of null address in route4 or route6 section.
- Refresh patches with quilt.
- Replace addFilter("suse-branding-unversioned-requires*") from
rpmlintrc, with the current branding-requires-unversioned.
- Update our Supplements to current standard.
- Add the new internal nm-priv-helper.service to pre(un)/post(un)
handling.
++++ bash:
- Update bash 5.1 to patch level 16
* Add official patch bash51-013
Bash did not always perform tilde expansion following an unquoted colon on
the rhs of an assignment statement in posix mode.
* Add official patch bash51-014
Bash may produce corrupted input if a multibyte character spans a 512-byte
boundary while reading the output of a command substitution.
* Add official patch bash51-015
There are some characters (e.g., cyrillic) that can't be displayed using
certain single-byte encodings (e.g., cp1251) because the negative signed
int is interpreted as EOF and not displayed.
* Add official patch bash51-016
Multiple `!' tokens should toggle negation of an expression in a [[
conditional command, instead of simply negating the expression.
++++ cryptsetup:
- cryptsetup 2.4.3:
* Fix possible attacks against data confidentiality through
LUKS2 online reencryption extension crash recovery
CVE-2021-4122, boo#1194469
* Add configure option --disable-luks2-reencryption to completely
disable LUKS2 reencryption code.
* Improve internal metadata validation code for reencryption
metadata
* Add updated documentation for LUKS2 On-Disk Format
Specification version 1.1.0
* Fix support for bitlk (BitLocker compatible) startup key with
new metadata entry introduced in Windows 11
* Fix space restriction for LUKS2 reencryption with data shift
++++ grub2:
- Power guest secure boot with static keys: GRUB2 signing portion
(jsc#SLE-18271) (bsc#1192764)
* 0001-grub-install-Add-SUSE-signed-image-support-for-power.patch
++++ readline:
- Add official patch readline81-002 and its signature
* There are some characters (e.g., cyrillic) that can't be displayed using
certain single-byte encodings (e.g., cp1251) because the negative signed
int is interpreted as EOF and not displayed.
++++ systemd:
- Extract bits from 0008-sysv-generator-translate-Required-Start-into-a-Wants.patch
which are not specific to the handling of 'Required-Start:' and move them into a
new patch 0009-sysv-add-back-support-for-all-virtual-facility-and-f.patch
++++ openSUSE-build-key:
- refresh the openSUSE Backports key (bsc#1193092)
- gpg-pubkey-65176565-59787af5.asc
+ gpg-pubkey-65176565-61a0ee8f.asc
- removed old security key
- updated security key to 2020 version
++++ patterns-base:
- Install PAM manual pages instead of the PDFs
++++ selinux-policy:
- Allow colord to use systemd hardenings (bsc#1194631)
------------------------------------------------------------------
------------------ 2022-1-13 - Jan 13 2022 -------------------
------------------------------------------------------------------
++++ cyrus-sasl:
- postfix: sasl authentication with password fails (bsc#1194265)
Add config parameter --with-dblib=gdbm
- Avoid converting of /etc/sasldb2 by every update. Convert
/etc/sasldb2 only if it is a Berkeley DB
++++ grub2:
- Fix wrong default entry when booting snapshot (bsc#1159205)
* grub2-btrfs-08-workaround-snapshot-menu-default-entry.patch
++++ kernel-default:
- Refresh patches.suse/iwlwifi-module-firmware-ucode-fix.patch.
Adapt the uapi version for the latest kernel-firmware-20220111.
- commit 2f088f6
- Update patches.suse/vfs-add-super_operations-get_inode_dev
Copy an updated version from SLE15-SP4 with one minor refresh.
- commit c02e2ab
- Refresh
patches.suse/0001-usb-Add-Xen-pvUSB-protocol-description.patch.
- Refresh
patches.suse/0002-usb-Introduce-Xen-pvUSB-frontend-xen-hcd.patch.
- commit 8950040
++++ kernel-firmware:
- Update to version 20220111 (git commit 13dca280f760):
* linux-firmware: update firmware for MT7915
* iwlwifi: add new FWs from core63-136 release
* iwlwifi: add new FWs from core66-88 release
* iwlwifi: update 9000-family firmwares to core66-88
* linux-firmware: add firmware for MT7916
* linux-firmware: Update firmware file for Intel Bluetooth 9462
* linux-firmware: Update firmware file for Intel Bluetooth 9462
* linux-firmware: Update firmware file for Intel Bluetooth 9560
* linux-firmware: Update firmware file for Intel Bluetooth 9560
* linux-firmware: Update firmware file for Intel Bluetooth AX201
* linux-firmware: Update firmware file for Intel Bluetooth AX201
* linux-firmware: Update firmware file for Intel Bluetooth AX211
* linux-firmware: Update firmware file for Intel Bluetooth AX211
* linux-firmware: Update firmware file for Intel Bluetooth AX210
* WHENCE: add missing symlink for NanoPi R1
* amdgpu: update yellow carp dmcub firmware
* cxgb4: Update firmware to revision 1.26.6.0
- update aliases from 5.16 final
++++ gcc12:
- New package, inherits from gcc11
* Enable LSAN and TSAN for s390x target.
* Require gcc-d as dependency for proper bootstrap.
* Use gcc11-amdgcn-disable-hot-cold-partitioning.patch only conditionally
on older SUSE products.
* Add --enable-offload-defaulted to configure options.
* Include a couple of new header files.
* Do not require llvm11 for cross compilers (assembler was fixed
in latest LLVM releases), use llvm11 only on SLE 15.
* Remove unnecessary gcc10-foffload-default.patch patch.
- Take patches inherited from GCC 11.
* gcc-add-defaultsspec.diff, add the ability to provide a specs
file that is read by default
* tls-no-direct.diff, avoid direct %fs references on x86 to not
slow down Xen
* gcc43-no-unwind-tables.diff, do not produce unwind tables for
CRT files
* gcc41-ppc32-retaddr.patch, fix expansion of __builtin_return_addr
for ppc, just a testcase
* gcc44-textdomain.patch, make translation files version specific
and adjust textdomain to find them
* gcc44-rename-info-files.patch, fix cross-references in info files
when renaming them to be version specific
* gcc48-libstdc++-api-reference.patch, fix link in the installed
libstdc++ html documentation
* gcc48-remove-mpfr-2.4.0-requirement.patch, make GCC work with
earlier mpfr versions on old products
* gcc5-no-return-gcc43-workaround.patch, make build work with
host gcc 4.3
* gcc7-remove-Wexpansion-to-defined-from-Wextra.patch, removes
new warning from -Wextra
* gcc7-avoid-fixinc-error.diff
* gcc9-reproducible-builds-buildid-for-checksum.patch
* gcc9-reproducible-builds.patch
* gcc10-amdgcn-llvm-as.patch
++++ openssl-3:
- Update to 3.0.1: [bsc#1193740, CVE-2021-4044]
* RNDR and RNDRRS support in provider functions to provide
random number generation for Arm CPUs (aarch64).
* s_client and s_server apps now explicitly say when the TLS
version does not include the renegotiation mechanism. This
avoids confusion between that scenario versus when the TLS
version includes secure renegotiation but the peer lacks
support for it.
* The default SSL/TLS security level has been changed from 1 to 2.
RSA, DSA and DH keys of 1024 bits and above and less than 2048
bits and ECC keys of 160 bits and above and less than 224 bits
were previously accepted by default but are now no longer
allowed. By default TLS compression was already disabled in
previous OpenSSL versions. At security level 2 it cannot be
enabled.
* The SSL_CTX_set_cipher_list family functions now accept
ciphers using their IANA standard names.
* The PVK key derivation function has been moved from
b2i_PVK_bio_ex() into the legacy crypto provider as an
EVP_KDF. Applications requiring this KDF will need to load
the legacy crypto provider.
* The various OBJ_* functions have been made thread safe.
* CCM8 cipher suites in TLS have been downgraded to security
level zero because they use a short authentication tag which
lowers their strength.
* Subject or issuer names in X.509 objects are now displayed
as UTF-8 strings by default.
* Parallel dual-prime 1536/2048-bit modular exponentiation
for AVX512_IFMA capable processors.
++++ systemd:
- Import commit e2ca79dd775d1f7d39861d57f23c43f6cd85a872 (merge of v249.8)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/458220239c69b8e5fe7be480929348daeccb70d1...e2ca79dd775d1f7d39861d57f23c43f6cd85a872
- Import commit 458220239c69b8e5fe7be480929348daeccb70d1
e95df40b09 shared/rm-rf: loop over nested directories instead of instead of recursing (CVE-2021-3997 bsc#1194178)
078e04305d shared/rm_rf: refactor rm_rf() to shorten code a bit
6d560d0aca shared/rm_rf: refactor rm_rf_children_inner() to shorten code a bit
6666ff056c localectl: don't omit keymaps files that are symlinks (bsc#1191826)
- Drop the following patches as they have been merged into SUSE/v249 branch:
5000-shared-rm_rf-refactor-rm_rf_children_inner-to-shorte.patch
5001-shared-rm_rf-refactor-rm_rf-to-shorten-code-a-bit.patch
5002-shared-rm-rf-loop-over-nested-directories-instead-of.patch
++++ patterns-base:
- specfile cleanup
++++ perl-Bootloader:
- merge gh#openSUSE/perl-bootloader#137
- grub2 install: Support secure boot on powerpc (bsc#1192764
jsc#SLE-18271).
- 0.937
++++ vim:
- disable-unreliable-tests-arch.patch: refresh
++++ virt-manager:
- jsc#SLE-20855 KVM: Enable vfio-ccw and vfio-ap in virt-* tools
965480e8-virt-install-add-mediated-device.patch
f87e96d3-hostdev-use-method-get_mdev_uuid.patch
9d4002ee-tests-verify-MDEV-support.patch
9363e1e6-virt-xml-add-support-for-mediated-devices.patch
0e15cd51-virt-manager-enable-MDEV-support.patch
------------------------------------------------------------------
------------------ 2022-1-12 - Jan 12 2022 -------------------
------------------------------------------------------------------
++++ btrfsprogs:
- Update to 5.16
* rescue: new subcommand clear-uuid-tree to fix failed mount due to bad uuid
subvolume keys, caught by tree-checker
* fi du: skip inaccessible files
* prop: properly resolve to symlink targets
* send, receive: fix crash after parent subvolume lookup errors
* build:
* fix build on 5.12+ kernels due to changes in linux/kernel.h
* fix build on musl with old kernel headers
* other:
* error handling fixes, cleanups, refactoring
* extent tree v2 preparatory work
* lots of RST documentation updates (last release with asciidoc sources),
https://btrfs.readthedocs.io
- Update to 5.15.1
* fi usage: fix wrongly reported space of used or unallocated space
* fix detection of block device discard capability
* check: add more sanity checks for checksum items
* build: make sphinx optional backend for documentation
++++ kernel-default:
- update patches metadata
- update upstream references
- patches.suse/media-Revert-media-uvcvideo-Set-unique-vdev-name-bas.patch
- patches.suse/mwifiex-Fix-skb_over_panic-in-mwifiex_usb_recv.patch
- patches.suse/random-fix-crash-on-multiple-early-calls-to-add_bootloader_randomness.patch
- commit 949bbaa
++++ avahi:
- Move sftp-ssh and ssh services to the doc directory. They allow
a host's up/down status to be easily discovered and should not
be enabled by default (boo#1179060).
++++ sqlite3:
- update to 3.37.2:
* Fix a bug introduced in version 3.35.0 (2021-03-12) that can
cause database corruption if a SAVEPOINT is rolled back while
in PRAGMA temp_store=MEMORY mode, and other changes are made,
and then the outer transaction commits
* Fix a long-standing problem with ON DELETE CASCADE and ON
UPDATE CASCADE in which a cache of the bytecode used to
implement the cascading change was not being reset following a
local DDL change
++++ shadow:
- The legacy code does not support /etc/login.defs.d used by YaST.
Enable libeconf to read it (bsc#1192954).
++++ patterns-base:
- Don't recommend ntfs-3g by default on TW, the kernel module got
improved
++++ qemu:
- It's time to really start requiring -F when using -b in
qemu-img for us as well. Users/customers have been warned
in the relevant release notes (bsc#1190135)
* Patches dropped:
Revert-qemu-img-Improve-error-for-rebase.patch
Revert-qemu-img-Require-F-with-b-backing.patch
------------------------------------------------------------------
------------------ 2022-1-11 - Jan 11 2022 -------------------
------------------------------------------------------------------
++++ grub2:
- Power guest secure boot with static keys: GRUB2 signing portion
(jsc#SLE-18271) (bsc#1192764)
* grub2.spec
- Power guest secure boot with static keys: GRUB2 portion (jsc#SLE-18144)
(bsc#1192686)
* 0001-ieee1275-Drop-HEAP_MAX_ADDR-and-HEAP_MIN_SIZE-consta.patch
* 0002-ieee1275-claim-more-memory.patch
* 0003-ieee1275-request-memory-with-ibm-client-architecture.patch
* 0004-Add-suport-for-signing-grub-with-an-appended-signatu.patch
* 0005-docs-grub-Document-signing-grub-under-UEFI.patch
* 0006-docs-grub-Document-signing-grub-with-an-appended-sig.patch
* 0007-dl-provide-a-fake-grub_dl_set_persistent-for-the-emu.patch
* 0008-pgp-factor-out-rsa_pad.patch
* 0009-crypto-move-storage-for-grub_crypto_pk_-to-crypto.c.patch
* 0010-posix_wrap-tweaks-in-preparation-for-libtasn1.patch
* 0011-libtasn1-import-libtasn1-4.18.0.patch
* 0012-libtasn1-disable-code-not-needed-in-grub.patch
* 0013-libtasn1-changes-for-grub-compatibility.patch
* 0014-libtasn1-compile-into-asn1-module.patch
* 0015-test_asn1-test-module-for-libtasn1.patch
* 0016-grub-install-support-embedding-x509-certificates.patch
* 0017-appended-signatures-import-GNUTLS-s-ASN.1-descriptio.patch
* 0018-appended-signatures-parse-PKCS-7-signedData-and-X.50.patch
* 0019-appended-signatures-support-verifying-appended-signa.patch
* 0020-appended-signatures-verification-tests.patch
* 0021-appended-signatures-documentation.patch
* 0022-ieee1275-enter-lockdown-based-on-ibm-secure-boot.patch
* 0023-x509-allow-Digitial-Signature-plus-other-Key-Usages.patch
++++ iproute2:
- remove routef from links; it doesn't exist anymore
- update to 5.16:
* devlink: Fix cmd_dev_param_set() to check configuration mode
* ip: add AMT support
* iplink_can: fix configuration ranges in print_usage() and add
unit
* tc: flower: Fix buffer overflow on large labels
* ip/ipnexthop: fix unsigned overflow in parse_nh_group_type_res()
* tc/m_vlan: fix print_vlan() conditional on TCA_VLAN_ACT_PUSH_ETH
* iplink_can: add new CAN FD bittiming parameters:
Transmitter Delay Compensation (TDC)
++++ libcontainers-common:
- Switch registries.conf to v2 format
++++ systemd:
- Added patches to fix CVE-2021-3997 (bsc#1194178)
5000-shared-rm_rf-refactor-rm_rf_children_inner-to-shorte.patch
5001-shared-rm_rf-refactor-rm_rf-to-shorten-code-a-bit.patch
5002-shared-rm-rf-loop-over-nested-directories-instead-of.patch
These patches will be dropped and cherry-picked from upstream once upstream
will commit them in their main branch.
++++ wayland:
- Add wayland-shm-Close-file-descriptors-not-needed.patch: For
platforms that support mremap(), we don't need to hold file
descriptors all the time, because programs like Xwayland will
hold a lot of file descriptors and may crash, this patch close
file descriptors earlier for those platforms (bsc#1194190).
++++ vim:
- Updated to version 8.2.4063, fixes the following problems
- fixes boo#1194559 CVE-2022-0156
* Not all sshconfig files are detected as such.
* Vim9: type checking for list and dict lacks information about declared
type.
* Vim9: not enough testing for extend() and map().
* Asan error for adding zero to NULL.
* Redundant check for NUL byte.
* Coverity warns for checking for NULL pointer after using it.
* Insert complete code uses global variables.
* First char typed in Select mode can be wrong.
* Error messages are spread out.
* Old compiler complains about struct init with variable.
* Error messages are spread out.
* Vim9: crash when declaring variable on the command line.
* Session does not restore help buffer properly when "options' is missing
from 'sessionoptions'.
* Error messages are spread out.
* Reading one byte beyond the end of the line.
* Error messages are spread out.
* Test fails because of changed error number.
* Error messages are spread out.
* Build failure without the spell feature.
* Git and gitcommit file types not properly recognized.
* Build failure with tiny features. (Tony Mechelynck)
* Vim9: incorrect error for argument that is shadowing var.
* Gcc warns for misleading indent in Athena menu code.
* ml_get error when win_execute redraws with Visual selection.
* Vim9: import mechanism is too complicated.
* Debugger test fails.
* Missing part of the :import changes.
* Two error messages in the wrong file.
* Using uninitialized variable.
* Confusing error message if imported name is used directly.
* Error for import not ending in .vim does not work for .vimrc.
* ml_get error with specific win_execute() command. (Sean Dewar)
* ml_get error with :doautoall and Visual area. (Sean Dewar)
* Debugging NFA regexp my crash, cached indent may be wrong.
* A script local funcref is not found from a mapping.
* Crash in xterm with only two lines. (Dominique Pellé)
* ATTRIBUTE_NORETURN is not needed.
* Running filetype tests leaves directory behind.
* Coverity warns for possibly using a NULL pointer.
* Timer triggered at the debug prompt may cause trouble.
* Vim9: script test file is getting too long.
* Insert mode completion is insufficiently tested.
* Various code not used when features are disabled.
* The xdiff library is linked in even when not used.
* Keeping track of allocated lines in user functions is too complicated.
* Using unitialized pointer.
* Vim9: build error.
* Using int for second argument of ga_init2().
* Vim9: no error when importing the same script twice.
* Some global functions are only used in one file.
* Some error messages not in the right place.
* Depending on the build features error messages are unused.
* gcc complains about use of "%p" in printf.
* Vim9: reading before the start of the line with "$" by itself.
* Vim9: need to prefix every item in an autoload script.
* Compiler complains about possibly uninitialized variable.
* Not easy to resize a window from a plugin.
* Vim9: autoload mechanism doesn't fully work yet.
* Vim9 script test fails.
* Vim9: line break in expression causes v:errmsg to be filled. (Yegappan
Lakshmanan)
* Vim9: memory leak when exporting function in autoload script.
* Vim9: not fully implementing the autoload mechanism.
* Vim9: import test failure in wrong line.
* Vim9: an expression of a map cannot access script-local items. (Maxim Kim)
* win_execute() is slow on systems where getcwd() or chdir() is slow. (Rick
Howe)
* Codecov bash script is deprecated.
* Match highlighting of tab too short.
* Vim9: exported function in autoload script not found. (Yegappan Lakshmanan)
------------------------------------------------------------------
------------------ 2022-1-10 - Jan 10 2022 -------------------
------------------------------------------------------------------
++++ chrony:
- boo#1194206: Use /run instead of /var/run throughout.
- bsc#1194229: Fix pool package dependencies, so that SLE actually
prefers chrony-pool-suse over chrony-pool-empty.
++++ grub2:
- Fix no menuentry is found if hibernation on btrfs RAID1 (bsc#1193090)
* grub2-systemd-sleep-plugin
++++ gsettings-desktop-schemas:
- Update to version 42.alpha:
+ Add color scheme setting and high-contrast preference
+ Updated translations.
++++ kernel-default:
- Refresh
patches.suse/random-fix-crash-on-multiple-early-calls-to-add_bootloader_randomness.patch.
* Update upstream status
* Update to the latest (upstream) version
* Move it within series to upstream-soon patches
- commit c4ca5fd
- Refresh
patches.suse/rtw89-update-partition-size-of-firmware-header-on-sk.patch.
Update upstream status.
- commit a6f5d1b
- Update to 5.16 final
- refresh configs (headers only)
- commit b8251b4
++++ libfido2:
- Use BuildRequires: openssl-devel instead of forcing 1.1 since 3.x
is now supported.
++++ ncurses:
- Add ncurses patch 20220101
+ add section on releasing memory to curs_termcap.3x and
curs_terminfo.3x manpages.
- Add ncurses patch 20211225
+ improve markup, e.g., for external manpage links in the manpages
(prompted by report by Helge Kreutzmann).
- Add ncurses patch 20211219
+ install ncurses-examples programs in libexecdir, adding a wrapper
script to invoke those.
+ add help-screen and screen-dump to test/combine.c
- Rename package ncurses-tests to ncurses-examples as upstream does
++++ ceph:
- Update to 16.2.7-37-gb3be69440db:
+ (bsc#1194353) Downstream branding breaks dashboard npm build
++++ wayland:
- obsolete/provide libwayland-egl-devel 18.0.2 also on sle15-sp4
++++ libzypp:
- Fix broken install path for parser compat headers (fixes #372,
bsc#1194597)
- RepoManager: remember exec errors in exception history
(bsc#1193007)
- version 17.29.1 (22)
++++ python-charset-normalizer:
- update to 2.0.10:
* Fallback match entries might lead to UnicodeDecodeError for large bytes
sequence
* Skipping the language-detection (CD) on ASCII
++++ python-msgpack:
- update to 1.0.3:
* add python 3.10 support
* bugfixes
++++ python-psutil:
- update to 5.9.0:
* [Linux]: `cpu_freq()`_ is slow on systems with many CPUs. Read current
frequency values for all CPUs from ``/proc/cpuinfo`` instead of opening many
files in ``/sys`` fs. (patch by marxin)
* `NoSuchProcess`_ message now specifies if the PID has been reused.
* error classes (`NoSuchProcess`_, `AccessDenied`_, etc.) now have a better
formatted and separated ``__repr__`` and ``__str__`` implementations.
* [Linux]: `disk_partitions()`_: convert ``/dev/root`` device (an alias
used on some Linux distros) to real root device path.
* ``PSUTIL_DEBUG`` mode now prints file name and line number of the debug
messages coming from C extension modules.
* rewrite HISTORY.rst to use hyperlinks pointing to psutil API doc.
* [Linux]: `wait_procs()`_ should catch ``subprocess.TimeoutExpired``
exception.
* [Linux]: `sensors_battery()`_ can raise ``TypeError`` on PureOS.
* [Linux]: psutil does not handle ``ENAMETOOLONG`` when accessing process
file descriptors in procfs. (patch by Nikita Radchenko)
* **[critical]**: ``memoize_when_activated`` decorator is not thread-safe.
* **[critical]**: `process_iter()`_ is not thread safe and can raise
``TypeError`` if invoked from multiple threads.
* [Linux]: `cpu_freq()`_ return order is wrong on systems with more than
9 CPUs.
++++ python-urllib3:
- update to 1.26.8:
* Added extra message to``urllib3.exceptions.ProxyError`` when urllib3 detects that
a proxy is configured to use HTTPS but the proxy itself appears to only use HTTP.
* Added a mention of the size of the connection pool when discarding a
connection due to the pool being full.
* Added explicit support for Python 3.11.
* Deprecated the ``Retry.MAX_BACKOFF`` class property in favor of
``Retry.DEFAULT_MAX_BACKOFF`` to better match the rest of the default parameter names.
``Retry.MAX_BACKOFF`` is removed in v2.0.
* Changed location of the vendored ``ssl.match_hostname`` function from
``urllib3.packages.ssl_match_hostname`` to
``urllib3.util.ssl_match_hostname`` to ensure Python 3.10+ compatibility after
being repackaged by downstream distributors.
* Fixed absolute imports, all imports are now relative.
++++ wpa_supplicant:
- Added hardening to systemd service(s) (bsc#1181400). Modified:
* wpa_supplicant.service
------------------------------------------------------------------
------------------ 2022-1-9 - Jan 9 2022 -------------------
------------------------------------------------------------------
++++ curl:
- update to 7.81.0:
* mime: use percent-escaping for multipart form field and file names
* asyn-ares: ares_getaddrinfo needs no happy eyeballs timer
* azure: make the "w/o HTTP/SMTP/IMAP" build disable SSL proper
* BINDINGS: add cURL client for PostgreSQL
* BINDINGS: add one from Everything curl and update a link
* checksrc: detect more kinds of NULL comparisons we avoid
* CI: build examples for additional code verification
* CI: bump job to use mbedtls 3.1.0
* cmake: don't set _USRDLL on a static Windows build
* cmake: prevent dev warning due to mismatched arg
* cmake: private identifiers use CURL_ instead of CMAKE_ prefix
* config.d: update documentation to match the path search
* configure: add -lm to configure for rustls build.
* configure: better diagnostics if hyper is built wrong
* configure: don't enable TLS when --without-* flags are used
* configure: fix runtime-lib detection on macOS
* curl.1: require "see also" for every documented option
* curl: improve error message for --head with -J
* curl_easy_cleanup.3: remove from multi handle first
* curl_easy_escape.3: call curl_easy_cleanup in example
* curl_easy_unescape.3: call curl_easy_cleanup in example
* curl_multi_init.3: fix EXAMPLE formatting
* curl_multi_perform/socket_action.3: clarify what errors mean
* curl_share_setopt.3: split out options into their own manpages
* CURLOPT_STDERR.3: does not work with libcurl as a win32 DLL
* digest: compute user:realm:pass digest w/o userhash
* docs/checksrc: Add documentation for STRERROR
* docs/cmdline-opts: do not say "protocols: all"
* docs/examples: workaround broken -Wno-pedantic-ms-format
* docs/HTTP3: describe how to setup a h3 reverse-proxy for testing
* docs/INSTALL.md: typo fix : added missing "get" verb
* docs/URL-SYNTAX.md: space is not fine in a given URL
* docs: add known bugs list to HTTP3.md
* docs: address proselint nits
* docs: consistent manpage SYNOPSIS
* docs: fix dead links, remove ECH.md
* docs: fix typo in OpenSSL 3 build instructions
* docs: Update the Reducing Size section
* example/progressfunc: remove code for old libcurls
* examples/multi-single.c: remove WAITMS()
* FAQ: typo fix : "yout" ➤ "your"
* ftp: disable warning 4706 in MSVC
* gen.pl: improve example output format
* github workflow: add wolfssl (removed from zuul)
* github/workflows: add mbedtls and mbedtls-clang (removed from zuul)
* gtls: check return code for gnutls_alpn_set_protocols
* hash: lazy-alloc the table in Curl_hash_add()
* http2:set_transfer_url() return early on OOM
* HTTP3: update quiche build instructions
* http: enable haproxy support for hyper backend
* http: Fix CURLOPT_HTTP200ALIASES
* http_proxy: don't close the socket (too early)
* insecure.d: detail its use for SFTP and SCP as well
* insecure.d: expand and clarify
* libcurl-multi.3: "SOCKS proxy handshakes" are not blocking
* libcurl-security.3: mention address and URL mitigations
* libssh2: fix error message for sha256 mismatch
* libtest: avoid "assignment within conditional expression"
* lift: ignore is a deprecated config option, use ignoreRules
* linkcheck.yml: add CI job that checks markdown links
* m4/curl-compilers: tell clang -Wno-pointer-bool-conversion
* Makefile.m32: rename -winssl option to -schannel and tidy up
* mbedTLS: add support for CURLOPT_CAINFO_BLOB
* mbedtls: fix CURLOPT_SSLCERT_BLOB
* mbedtls: fix private member designations for v3.1.0
* misc: remove unused doh flags when CURL_DISABLE_DOH is defined
* misc: s/e-mail/email
* multi: cleanup the socket hash when destroying it
* multi: handle errors returned from socket/timer callbacks
* multi: shut down CONNECT in Curl_detach_connnection
* netrc.d: edit the .netrc example to look nicer
* ngtcp2: verify the server cert on connect (quictls)
* ngtcp2: verify the server certificate for the gnutls case
* nss:set_cipher don't clobber the cipher list
* openldap: implement STARTTLS
* openldap: process search query response messages one by one
* openldap: several minor improvements
* openldap: simplify ldif generation code
* openssl: check the return value of BIO_new()
* openssl: define HAVE_OPENSSL_VERSION for OpenSSL 1.1.0+
* openssl: remove `RSA_METHOD_FLAG_NO_CHECK` handling if unavailable
* openssl: remove usage of deprecated `SSL_get_peer_certificate`
* openssl: use non-deprecated API to read key parameters
* page-footer: add a mention of how to report bugs to the man page
* page-footer: document more environment variables
* request.d: refer to 'method' rather than 'command'
* retry-all-errors.d: make the example complete
* runtests: make the SSH library a testable feature
* rustls: read of zero bytes might be okay
* rustls: remove comment about checking handshaking
* rustls: remove incorrect EOF check
* sha256/md5: return errors when init fails
* socks5: use appropriate ATYP for numerical IP address host names
* test1156: enable for hyper
* test1156: fixup the stdout check for Windows
* test1525: tweaked for hyper
* test1526: enable for hyper
* test1527: enable for hyper
* test1528: enable for hyper
* test1554: adjust for hyper
* test1556: adjust for hyper
* test302[12]: run only with the libssh2 backend
* test661: enable for hyper
* tests/CI.md: add more information on CI environments
* tests/data/test302[12]: fix MSYS2 path conversion of hostpubsha256
* tftp: mark protocol as not possible to do over CONNECT
* tool_findfile: updated search for a file in the homedir
* tool_operate: only set SSH related libcurl options for SSH URLs
* tool_operate: warn if too many output arguments were found
* url.c: fix the SIGPIPE comment for Curl_close
* url: check ssl_config when re-use proxy connection
* url: reduce ssl backend count for CURL_DISABLE_PROXY builds
* urlapi: accept port number zero
* urlapi: if possible, shorten given numerical IPv6 addresses
* urlapi: provide more detailed return codes
* urlapi: reject short file URLs
* version_win32: Check build number and platform id
* vtls/rustls: adapt to the updated rustls_version proto
* writeout: fix %{http_version} for HTTP/3
* x509asn1: return early on errors
* zuul.d: update rustls-ffi to version 0.8.2
* zuul: fix quiche build pointing to wrong Cargo
++++ k3s-selinux:
- add k3s.if as source file, as it is empty in v0.5.stable.1
- this was cherry-picked from the latest commit:
https://github.com/k3s-io/k3s-selinux/commit/7b982cf500e20c0adbad8a83cc27c43a79218aca
- create new package at version 0.5.stable.1
- Update to version 0.5.latest.1:
* mention rpm signing keys in the readme
* fix for over-broad container_runtime_exec_t (#25)
* el8: keep on truckin (#24)
* drone: publish sle artifacts (#22)
* support sles 15 with sle micro packages (#21)
* [migrate k3s-io] drone tweaks
* Make k3s-selinux conflict with rke2-selinux
* Build independent el7 and el8 RPMs for k3s-selinux
* Modify build script to put the source RPM where we expect, as well as generate the source RPM
* Initial k3s-selinux el7_8 work
------------------------------------------------------------------
------------------ 2022-1-8 - Jan 8 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- rename n_no-sse2-on-ix86.patch to
n_no-sse2-on-ix86-except-for-intel-drivers.patch
* no longer disable sse2 support for intel drivers, since this
breaks build, which is probably unresolvable (boo1190409)
++++ Mesa-drivers:
- rename n_no-sse2-on-ix86.patch to
n_no-sse2-on-ix86-except-for-intel-drivers.patch
* no longer disable sse2 support for intel drivers, since this
breaks build, which is probably unresolvable (boo1190409)
------------------------------------------------------------------
------------------ 2022-1-7 - Jan 7 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- Adding 'stop-iris-flicker.patch'.
++++ Mesa-drivers:
- Adding 'stop-iris-flicker.patch'.
++++ glib-networking:
- Update to version 2.72.alpha:
+ OpenSSL:
- Fix unsafe error handling.
- Fail when appropriate if Must-Staple extension is set.
+ GnuTLS: fix TLS 1.3 ciphersuite names, should use underscores.
+ Improve failure of tls-unique channel binding requests.
+ Do not fill SNI extension with IP address.
++++ kernel-default:
- Refresh BT workaround patch (bsc#1193124)
Fix yet another broken device 8086:0aa7
- commit 163b552
++++ rdma-core:
- Update to v38.1
- Major fixes for hns provider
++++ fmt:
- Update to version 8.1.1
* Restored ABI compatibility with version 8.0.x
* Fixed chrono formatting on big-endian systems
++++ multipath-tools:
- Version 0.8.8+13+suse.79c3556f
* code-wise identical to 0.8.8+38+suse.2bdd3a14
(previous version number was too high by mistake)
++++ libsoup:
- Update to version 3.0.4:
+ Fix HTTP/2 not properly handling socket timeouts.
+ Improvements to test reliablity.
+ Fix cross-compiling to Windows.
+ Fix tests with development glib-networking.
+ Expose soup_uri_copy() to Vala.
++++ logrotate:
- update to 3.19.0:
* continue on EINTR in compressLogFile() (#430)
* enforce stricter parsing of configuration files (#427, #431)
* avoid confusing error message in debug mode (#426)
* fix full_write() on incomplete write (#415)
* do not use alloca() any more (#412)
* do not rotate hard links unless allowhardlink is used (#407)
* change directory after dropping privileges (#397)
* add defence in depth when dropping privileges (#400)
* remove invalid configuration on error (#408)
* do not open symbolic link log files by accident (#399)
* do not write state if state file is /dev/null (#395)
- rebased logrotate-3.13.0-systemd_add_home_env.patch
and renamed to logrotate-3.19.0-systemd_add_home_env.patch
- removed obsolete logrotate-dont_warn_on_size=_syntax.patch
------------------------------------------------------------------
------------------ 2022-1-6 - Jan 6 2022 -------------------
------------------------------------------------------------------
++++ Mesa:
- n_no-sse2-on-ix86.patch
* disabled sse2 support on %ix86 (boo#1190409)
++++ Mesa-drivers:
- n_no-sse2-on-ix86.patch
* disabled sse2 support on %ix86 (boo#1190409)
++++ systemd:
- Import commit a54f80116ccf105dff11aef5d18dd110ebd3e8ee
30cbebc56f tmpfiles: 'st' may have been used uninitialized
5443654ec0 macro: add new helper RET_NERRNO()
8d90ecc435 rm-rf: optionally fsync() after removing directory tree
591344010d rm-rf: refactor rm_rf_children(), split out body of directory iteration loop
8c7762c4f1 Bump the max number of inodes for /dev to a million (bsc#1192858)
dc9476c881 journal: don't remove the flushed flag when journald is stopped
29efc29efd TEST-10: don't attempt to write a byte to the socket
773fb785b6 Bump the max number of inodes for /dev to 128k (bsc#1192858)
------------------------------------------------------------------
------------------ 2022-1-5 - Jan 5 2022 -------------------
------------------------------------------------------------------
++++ hwdata:
- Update to version 0.355 (bsc#1194338):
+ Updated pci, usb and vendor ids.
++++ kernel-default:
- Linux 5.15.13 (bsc#1012628).
- Input: i8042 - enable deferred probe quirk for ASUS UM325UA
(bsc#1012628).
- tomoyo: Check exceeded quota early in
tomoyo_domain_quota_is_ok() (bsc#1012628).
- tomoyo: use hwight16() in tomoyo_domain_quota_is_ok()
(bsc#1012628).
- net/sched: Extend qdisc control block with tc control block
(bsc#1012628).
- parisc: Clear stale IIR value on instruction access rights trap
(bsc#1012628).
- platform/mellanox: mlxbf-pmc: Fix an IS_ERR() vs NULL bug in
mlxbf_pmc_map_counters (bsc#1012628).
- platform/x86: apple-gmux: use resource_size() with res
(bsc#1012628).
- memblock: fix memblock_phys_alloc() section mismatch error
(bsc#1012628).
- ALSA: hda: intel-sdw-acpi: harden detection of controller
(bsc#1012628).
- ALSA: hda: intel-sdw-acpi: go through HDAS ACPI at max depth
of 2 (bsc#1012628).
- recordmcount.pl: fix typo in s390 mcount regex (bsc#1012628).
- powerpc/ptdump: Fix DEBUG_WX since generic ptdump conversion
(bsc#1012628).
- efi: Move efifb_setup_from_dmi() prototype from arch headers
(bsc#1012628).
- selinux: initialize proto variable in
selinux_ip_postroute_compat() (bsc#1012628).
- scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write()
(bsc#1012628).
- net/mlx5: DR, Fix NULL vs IS_ERR checking in
dr_domain_init_resources (bsc#1012628).
- net/mlx5: Fix error print in case of IRQ request failed
(bsc#1012628).
- net/mlx5: Fix SF health recovery flow (bsc#1012628).
- net/mlx5: Fix tc max supported prio for nic mode (bsc#1012628).
- net/mlx5e: Wrap the tx reporter dump callback to extract the sq
(bsc#1012628).
- net/mlx5e: Fix interoperability between XSK and ICOSQ recovery
flow (bsc#1012628).
- net/mlx5e: Fix ICOSQ recovery flow for XSK (bsc#1012628).
- net/mlx5e: Use tc sample stubs instead of ifdefs in source file
(bsc#1012628).
- net/mlx5e: Delete forward rule for ct or sample action
(bsc#1012628).
- udp: using datalen to cap ipv6 udp max gso segments
(bsc#1012628).
- selftests: Calculate udpgso segment count without header
adjustment (bsc#1012628).
- sctp: use call_rcu to free endpoint (bsc#1012628).
- net/smc: fix using of uninitialized completions (bsc#1012628).
- net: usb: pegasus: Do not drop long Ethernet frames
(bsc#1012628).
- net: ag71xx: Fix a potential double free in error handling paths
(bsc#1012628).
- net: lantiq_xrx200: fix statistics of received bytes
(bsc#1012628).
- NFC: st21nfca: Fix memory leak in device probe and remove
(bsc#1012628).
- net/smc: don't send CDC/LLC message if link not ready
(bsc#1012628).
- net/smc: fix kernel panic caused by race of smc_sock
(bsc#1012628).
- igc: Fix TX timestamp support for non-MSI-X platforms
(bsc#1012628).
- drm/amd/display: Send s0i2_rdy in stream_count == 0 optimization
(bsc#1012628).
- drm/amd/display: Set optimize_pwr_state for DCN31 (bsc#1012628).
- ionic: Initialize the 'lif->dbid_inuse' bitmap (bsc#1012628).
- net/mlx5e: Fix wrong features assignment in case of error
(bsc#1012628).
- net: bridge: mcast: add and enforce query interval minimum
(bsc#1012628).
- net: bridge: mcast: add and enforce startup query interval
minimum (bsc#1012628).
- selftests/net: udpgso_bench_tx: fix dst ip argument
(bsc#1012628).
- selftests: net: Fix a typo in udpgro_fwd.sh (bsc#1012628).
- net: bridge: mcast: fix br_multicast_ctx_vlan_global_disabled
helper (bsc#1012628).
- net/ncsi: check for error return from call to nla_put_u32
(bsc#1012628).
- selftests: net: using ping6 for IPv6 in udpgro_fwd.sh
(bsc#1012628).
- fsl/fman: Fix missing put_device() call in fman_port_probe
(bsc#1012628).
- i2c: validate user data in compat ioctl (bsc#1012628).
- nfc: uapi: use kernel size_t to fix user-space builds
(bsc#1012628).
- uapi: fix linux/nfc.h userspace compilation errors
(bsc#1012628).
- drm/nouveau: wait for the exclusive fence after the shared
ones v2 (bsc#1012628).
- drm/amdgpu: When the VCN(1.0) block is suspended, powergating
is explicitly enabled (bsc#1012628).
- drm/amdgpu: add support for IP discovery gc_info table v2
(bsc#1012628).
- drm/amd/display: Changed pipe split policy to allow for
multi-display pipe split (bsc#1012628).
- xhci: Fresco FL1100 controller should not have BROKEN_MSI
quirk set (bsc#1012628).
- usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear
(bsc#1012628).
- usb: mtu3: add memory barrier before set GPD's HWO
(bsc#1012628).
- usb: mtu3: fix list_head check warning (bsc#1012628).
- usb: mtu3: set interval of FS intr and isoc endpoint
(bsc#1012628).
- nitro_enclaves: Use get_user_pages_unlocked() call to handle
mmap assert (bsc#1012628).
- binder: fix async_free_space accounting for empty parcels
(bsc#1012628).
- scsi: vmw_pvscsi: Set residual data length conditionally
(bsc#1012628).
- Input: appletouch - initialize work before device registration
(bsc#1012628).
- Input: spaceball - fix parsing of movement data packets
(bsc#1012628).
- mm/damon/dbgfs: fix 'struct pid' leaks in
'dbgfs_target_ids_write()' (bsc#1012628).
- net: fix use-after-free in tw_timer_handler (bsc#1012628).
- fs/mount_setattr: always cleanup mount_kattr (bsc#1012628).
- perf intel-pt: Fix parsing of VM time correlation arguments
(bsc#1012628).
- perf script: Fix CPU filtering of a script's switch events
(bsc#1012628).
- perf scripts python: intel-pt-events.py: Fix printing of switch
events (bsc#1012628).
- commit 01786ae
++++ kernel-firmware:
- Update to version 20211229 (git commit 57d6b9507e28):
* cnm: add chips&media wave521c firmware.
* linux-firmware: update firmware for MT7921 WiFi device
* linux-firmware: update firmware for mediatek bluetooth chip (MT7921)
* rtw88: 8822c: Update normal firmware to v9.9.11
* QCA: Update Bluetooth WCN685x firmware to 2.1.0-00298
* amdgpu: update green sardine PSP firmware
* bnx2x: Add FW 7.13.21.0
* linux-firmware: update frimware for mediatek bluetooth chip (MT7921)
* linux-firmware: wilc1000: update WILC1000 firmware to v15.4.1
* rtl_bt: Update RTL8761B BT UART firmware to 0x0CA9_8A6B
* rtl_bt: Update RTL8761B BT USB firmware to 0x09A9_8A6B
* cxgb4: Update firmware to revision 1.26.4.0
* rtw89: 8852a: update fw to v0.13.33.0
* i915: Add DMC firmware v2.14 for ADL-P
* QCA: Add Bluetooth default nvm file for WCN685x
++++ libssh:
- Add patch to make the compression option more compatible (boo#1192731):
* 0001-Soften-behaviour-of-the-Compression-no-yes-option.patch
++++ usbredir:
- Drop unknown llvm-fuzz meson paramerter: meson 0.60 is strict and
fails when unknown parameters are being passed.
++++ zstd:
- add noexecstack.patch (bsc#1194337)
++++ osinfo-db:
- Update to database version 20211216
osinfo-db-20211216.tar.xz
- Drop add-missing-oracle-linux-versions.patch
++++ python-pyzmq:
- Skip test_log due to flaky socket handling inside obs environments.
- Add less-flaky.patch to increase flakiness of test_retry_poll
and test_timeout.
++++ python-requests:
- update to 2.27.1
* Fixed parsing issue that resulted in the auth component being
dropped from proxy URLs. (#6028)
------------------------------------------------------------------
------------------ 2022-1-4 - Jan 4 2022 -------------------
------------------------------------------------------------------
++++ glib-networking:
- Increase testsuite timeout
++++ libeconf:
- Update to version 0.4.4+git20220104.962774f:
* Fixed i586 build (#158)
- Update to version 0.4.2+git20220104.5dfd69d:
* Reading numbers with different bases (e.g. oktal) (bsc#1193632) (#157)
++++ libglvnd:
- update to 1.4.0:
* tests cleanups
* Update bin/symbols-check.py from mesa/mesa@6f854145
* Remove extra paragraph from license text.
* Add one more missing dep_x11_headers
* Update uthash to v2.3.0
* EGL: Add support for eglQueryDisplayAttribKHR and NV.
++++ libndp:
- update to 1.8:
* libndp,ndptool: use poll() instead of select()
* ndptool: avoid static buffer for string in ndptool
* libndp: avoid static buffer for debug string in ndp_sock_recv()
* libndp: use thread local variables for static return arguments
* ndptool: fix printing dnssl lifetime in ndptool
* ndptool: fix potential memory leak caused by strdup
* libndp: close sockfd after using to avoid handle leak
++++ systemd:
- Update systemd-user PAM service again
Change the default implementation of pam_setcred() again, previously
customized to run the full "auth" PAM stack and only call pam_deny.so which is
basically the SUSE default behavior without pam_warn.so.
This is considered safer, especially on SLE where a regression was spotted by
QA.
++++ yaml-cpp:
- add fix-cmake-export.patch untabify-cmakelists.patch (bsc#1191137)
++++ python-requests:
- update to 2.27.0:
* Officially added support for Python 3.10. (#5928)
* Added a `requests.exceptions.JSONDecodeError` to unify JSON exceptions between
Python 2 and 3. This gets raised in the `response.json()` method, and is
backwards compatible as it inherits from previously thrown exceptions.
Can be caught from `requests.exceptions.RequestException` as well. (#5856)
* Improved error text for misnamed `InvalidSchema` and `MissingSchema`
exceptions. This is a temporary fix until exceptions can be renamed
(Schema->Scheme). (#6017)
* Improved proxy parsing for proxy URLs missing a scheme. This will address
recent changes to `urlparse` in Python 3.9+. (#5917)
* Fixed defect in `extract_zipped_paths` which could result in an infinite loop
for some paths. (#5851)
* Fixed handling for `AttributeError` when calculating length of files obtained
by `Tarfile.extractfile()`. (#5239)
* Fixed urllib3 exception leak, wrapping `urllib3.exceptions.InvalidHeader` with
`requests.exceptions.InvalidHeader`. (#5914)
* Fixed bug where two Host headers were sent for chunked requests. (#5391)
* Fixed regression in Requests 2.26.0 where `Proxy-Authorization` was
incorrectly stripped from all requests sent with `Session.send`. (#5924)
* Fixed performance regression in 2.26.0 for hosts with a large number of
proxies available in the environment. (#5924)
* Fixed idna exception leak, wrapping `UnicodeError` with
`requests.exceptions.InvalidURL` for URLs with a leading dot (.) in the
domain. (#5414)
* Requests support for Python 2.7 and 3.6 will be ending in 2022. While we
don't have exact dates, Requests 2.27.x is likely to be the last release
series providing support.
++++ suse-module-tools:
- Update to version 16.0.18:
* cdrom: Disable autoclose by default (boo#1165047).
* Make regenerate-initrd-posttrans compatible with Dracut's
UEFI mode (unified kernel image)
++++ vim:
- Updated to version 8.2.3995, fixes the following problems
- fixed boo#1194219
- CVE-2021-46059 - boo#1194556
* Various build flags accidentally enabled.
* Cannot disable requesting key codes from xterm.
* Vim9: compiler complains about using "try" as a struct member.
* Vim9: type checking global variables is inconsistent.
* Implementation of some list functions too complicated.
* Vim9: function test fails.
* Vim9: type checking for "any" is inconsistent.
context menu. (Gabriel Dupras)
* List.c contains code for dict and blob.
* Vim9: finddir() and uniq() return types can be more specific.
* go.mod files are not recognized.
* Cannot highlight the number column for a sign.
* gcc complains about buffer overrun.
* 'cindent' does not recognize inline namespace.
* Function does not abort after a type error in compare
* Vim9: debugger tries to read more lines than there are.
* getreg() and getregtype() contain dead code.
* Solution filter files are not recognized.
* More duplicated code in f_getreginfo().
* Crash when switching to other regexp engine fails.
* Crash when clearing the argument list while using it.
* Arglist test fails.
* Can define autocmd for every event by using "au!".
* E1135 is used for two different errors.
* The argument list may contain duplicates.
* Duplicate code for translating script-local function name.
* Vim9: type check for using v: variables is basic.
* When modifyOtherKeys is used CTRL-C is not recognized.
* Vim9: many local variables are initialized with an instruction.
* Vim9: no proper type check for first argument of call().
* Vim9: confusing error when using function() with a number.
* Vim9: no test for nested function not available later.
* Vim9: the second argument of map() and filter() is not checked at
compile time.
* Vim9: not sufficient testing for variable initialization.
* Vim9: test for map() on string fails.
* It is not easy to use a script-local function for an option.
* Vim9: Cannot set 'cpo' in main .vimrc if using Vim9 script.
* Vim9: double free with nested :def function.
* "gM" does not count tabs as expected.
* Vim9: skip expression type is not checked at compile time.
* Dockerfile using prefix name not recognized.
* Vim9 help still contains "under development" warnings.
* Error messages are spread out.
* Cannot use a script-local function for 'foldtext'.
* Containerfile using prefix name not recognized.
* When the compare function of sort() produces and error then sort()
does not abort.
* Vim9: type check for filter() does not accept unknown.
* The ins_complete() function is much too long.
* Help for expressions does not mention Vim9 syntax.
* Various spelling mistakes in comments.
* illegal memory access when completing with invalid bytes.
* No error for passing an invalid line number to append().
* The eval.txt help file is way too big.
* Function list test fails.
* Vim9: wrong argument for append() results in two errors.
* Restoring directory after using another window is inefficient.
* The way xdiff is used is inefficient.
* Cannot build with dynamic Ruby 3.1.
* Vim9: double free if a nested function has a line break in the argument
list.
* Vim9: no error if something follows :enddef in a nested function.
* Diff mode confused by NUL bytes.
* Build failure without the 'autochdir' option. (John Marriott)
* Vim9: double free when using lambda.
* Heredoc test fails.
* Using unititialized variable.
* getcmdline() argument has a misleading type.
* Coverity reports a memory leak.
* C line comment not formatted properly.
* After ":cd" fails ":cd -" is incorrect.
* Repeating line comment is undesired for "O" command.
* CTRL-U in Insert mode does not fix the indent.
* No proper test for maintaining change mark in diff mode.
* Insert mode completion function is too long.
* Line comment start is also found in a string.
* Match highlight disappears when doing incsearch for ":s/pat".
* SIGTSTP is not handled.
* Coverity reports a possible memory leak.
* Compiler warning from gcc for uninitialized variable.
* Insert mode completion functions are too long.
* Vim9: partial variable argument types are wrong, leading to a crash.
* When an internal error makes Vim exit the error is not seen.
* Unnecessary check for NULL pointer.
* Vim9: failure with partial with unknown argument count.
* Using freed memory with /\%V.
* Going beyond the end of the line with /\%V.
* Vim9: memory leak when text after a nested function.
* First line not redrawn when adding lines to an empty buffer.
* Insert completion code is too complicated.
* Vim9: no error for shadowing if script var is declared later.
* Duplicate assignment.
* Build failure compiling xxd with "-std=c2x".
* Error messages are spread out.
* Build fails for missing error message.
* Build failure with tiny and small features. (Tony Mechelynck)
* Some common lisp and scheme files not recognized.
* Vim9: no easy way to check if Vim9 script is supported.
* When using feedkeys() abbreviations may be blocked.
* Error messages are spread out.
* Build failure.
* Value of MAXCOL not available in Vim script.
* Error messages are spread out.
* Build fails.
* Error messages are spread out.
* Tiny build fails.
* Vim9: LISTAPPEND instruction does not check for a locked list.
* Error messages are spread out.
* FEARG_LAST is never used. (Dominique Pellé)
* Error messages are spread out.
* Build error when using dynamycally loaded Python 3.
* Vim9: the feature is not mentioned in the right places.
* If 'operatorfunc' invokes an operator the remembered Visual mode may be
changed. (Naohiro Ono)
* Vim9: debugging a for loop doesn't stop before it starts.
* Some lines of code not covered by tests.
* Error messages are spread out.
* Tiny build fails.
* Some insert completion code is not tested.
* Testing wrong operator.
* Vim9: error when extending dict<any> with another type that it was
initialized with.
* Wrong local-additions in the help with language mix.
* When recording a change in Select mode the first typed character appears
twice.
* Vim9: extend() complains about the type even when it was not declared.
* Not all sshconfig files are detected as such.
------------------------------------------------------------------
------------------ 2022-1-3 - Jan 3 2022 -------------------
------------------------------------------------------------------
++++ kdump:
- kdump-0.9.2-mkdumprd-properly-pass-compression-params.patch: Fix
malformation in passing Dracut compression parameters in mkdumprd
(bsc#1193765).
- Refresh existing patches.
++++ kernel-default:
- Revert "config: disable BTRFS_ASSERT in default kernels"
This was pushed without enough review, reverting.
- commit e86c2a0
- Revert "config: disable BTRFS_ASSERT in default kernels"
This was pushed without enough review, reverting.
- commit 4fb1cfd
- Revert "config: disable BTRFS_ASSERT in default kernels"
This reverts commit 81985a674cf03fa1ef7c290050be04e57f8490dc.
This is a change affecting correctness, trading it for some performance.
This was done without prior discussion with btrfs people, so revert it
to previous state.
- commit 55f2c08
- media: Revert "media: uvcvideo: Set unique vdev name based in
type" (bsc#1193255).
- commit b3f1eb0
++++ fmt:
- Update to version 8.1.0
* Optimized chrono formatting.
+ Processing of some specifiers such as %z and %Y is now up
to 10-20 times faster, for example on GCC 11 with
libstdc++.
* Implemented subsecond formatting for chrono durations.
* Fixed handling of precision 0 when formatting chrono
durations.
* Fixed an overflow on invalid inputs in the tm formatter.
* Added fmt::group_digits that formats integers with a
non-localized digit separator (comma) for groups of three
digits.
* Added support for faint, conceal, reverse and blink text
styles.
* Added experimental support for compile-time floating point
formatting.
* Added UDL-based named argument support to compile-time
format string checks.
* Implemented escaping of string range elements.
* Switched to JSON-like representation of maps and sets for
consistency with Python's str.format.
* Extended fmt::join to support C++20-only ranges.
* Optimized handling of non-const-iterable ranges and
implemented initial support for non-const-formattable types.
* Disabled implicit conversions of scoped enums to integers
that was accidentally introduced in earlier versions.
* Deprecated implicit conversion of [const] signed char* and
[const] unsigned char* to C strings.
* Deprecated _format, a legacy UDL-based format API.
* Marked format, formatted_size and to_string as [[nodiscard]].
* Added missing diagnostic when trying to format function and
member pointers as well as objects convertible to pointers
which is explicitly disallowed.
* Optimized writing to a contiguous buffer with format_to_n.
* Optimized writing to non-char buffers.
* Decimal point is now localized when using the L specifier.
* Improved floating point formatter implementation.
* Fixed handling of very large precision in fixed format.
* Made a table of cached powers used in FP formatting static.
* Resolved a lookup ambiguity with C++20 format-related
functions due to ADL.
* Removed unnecessary inline namespace qualification.
* Implemented argument forwarding in format_to_n.
* Fixed handling of implicit conversions in fmt::to_string and
format string compilation.
* Changed the default access mode of files created by
fmt::output_file to -rw-r--r-- for consistency with fopen.
* Make fmt::ostream::flush public.
* Improved C++14/17 attribute detection.
* Improved documentation.
* Improved fuzzers and added a fuzzer for chrono timepoint
formatting.
* Added the FMT_SYSTEM_HEADERS CMake option setting which
marks {fmt}'s headers as system. It can be used to suppress
warnings.
* Added the Bazel build system support.
* Improved build configuration and tests.
* Fixed various warnings and compilation issues.
++++ shadow:
- Update to 4.11.1:
* build: include lib/shadowlog_internal.h in dist tarballs
- Update to 4.11:
* Handle possible TOCTTOU issues in usermod/userdel
- (CVE-2013-4235)
- Use O_NOFOLLOW when copying file
- Kill all user tasks in userdel
* Fix useradd -D segfault
* Clean up obsolete libc feature-check ifdefs
* Fix -fno-common build breaks due to duplicate Prog declarations
* Have single date_to_str definition
* Fix libsubid SONAME version
* Clarify licensing info, use SPDX.
- Update to 4.10:
* From this release forward, su from this package should be
considered deprecated. Please replace any users of it with su
from util-linux
* libsubid fixes
* Rename the test program list_subid_ranges to getsubids, write
a manpage, so distros can ship it.
* Add libeconf dep for new*idmap
* Allow all group types with usermod -G
* Avoid useradd generating empty subid range
* Handle NULL pw_passwd
* Fix default value SHA_get_salt_rounds
* Use https where possible in README
* Update content and format of README
* Translation updates
* Switch from xml2po to itstool in 'make dist'
* Fix double frees
* Add LOG_INIT configurable to useradd
* Add CREATE_MAIL_SPOOL documentation
* Create a security.md
* Fix su never being SIGKILLd when trapping TERM
* Fix wrong SELinux labels in several possible cases
* Fix missing chmod in chadowtb_move
* Handle malformed hushlogins entries
* Fix groupdel segv when passwd does not exist
* Fix covscan-found newgrp segfault
* Remove trailing slash on hoedir
* Fix passwd -l message - it does not change expirey
* Fix SIGCHLD handling bugs in su and vipw
* Remove special case for "" in usermod
* Implement usermod -rG to remove a specific group
* call pam_end() after fork in child path for su and login
* useradd: In absence of /etc/passwd, assume 0 == root
* lib: check NULL before freeing data
* Fix pwck segfault
- Remove because upstreamed:
* shadow-4.9-pwck-segfault.patch
* shadow-4.9-newgrp-segfault.patch
* shadow-4.9-useradd-subuid.patch
* shadow-4.9-sgent-free.patch
* shadow-passwd-handle-null.patch
* shadow-fix-sigabrt.patch
* shadow-libeconf-include.patch
* libsubid-build-fix.patch
- Refreshed:
* shadow-util-linux.patch
* shadow.changes
* shadow.keyring
* shadow.spec
* useradd-script.patch
* useradd-userkeleton.patch
* userdel-script.patch
- Update shadow.keyring:
* Serge Hallyn serge@hallyn.com (B175CFA98F192AF2)
* Christian Brauner christian@brauner.io (4880B8C9BD0E5106FC070F4F7B3C391EFEA93624)
++++ zchunk:
- add zstd-1.5.1.patch (gh#zchunk/zchunk/57)
++++ zstd:
- fix pkgconfig pc file settings by passing in right prefix during build
++++ ovmf:
- Modified gdb_uefi.py.in for python3 (bsc#1192126)
- change 'long' to 'int'
- using
print ('
instead of
print "
++++ update-alternatives:
- rebase patches:
* update-alternatives.changes
* update-alternatives.spec
* update-alternatives-suse.patch
- New upstream release 1.21.1
dpkg (1.21.1) unstable; urgency=medium
[ Guillem Jover ]
* dpkg-buildpackage: Remove duplicate command print for dpkg-genchanges.
* dpkg-buildpackage: Fix build description due to improper multiline match.
* dpkg-realpath: Remove spurious heading space from --help output.
* update-alternatives: When initializing admindir from DPKG_ADMINDIR append
"/alternatives". Closes: #1001198
* Code internals:
- Remove <ar.h> inclusions.
* Packaging:
- Install deb-md5sums(5) into dpkg-dev package.
dpkg (1.21.0) unstable; urgency=medium
[ Guillem Jover ]
* dpkg-genchanges: Include orig tarball on source package renames.
Closes: #980066
* scripts: Consider SHA-1 and RIPEMD-160 weak algorithms in OpenPGP
signatures.
* dpkg: During unpack print a removal message due to Conflicts.
Closes: #985401
* scripts: Add zsh completions for dpkg-parsechangelog.
Thanks to Daniel Shahaf <danielsh@apache.org>. Closes: #986103
* dpkg-buildpackage: When printing build type match the extension exactly.
Closes: #989824
* dpkg-maintscript-helper: Use xargs -I argument instead of deprecated -i.
* dpkg-maintscript-helper: Quote variable inside ${} to avoid pattern match.
* libdpkg: Fix dpkg_fsys_get_path() to always strip leading / and ./.
* libdpkg: Set the default database directory relative to the system root.
* dpkg-divert, dpkg-statoverride: Set admindir after instdir.
* update-alternatives: Fix admindir setting.
Prompted by Johannes Schauer Marin Rodrigues <josch@debian.org>.
* dselect: Honor DPKG_ADMINDIR environment variable.
* dpkg-query, dpkg-trigger, dselect: Add support for setting the root
directory.
* dpkg-fsys-usrunmess: Move forced reconfiguration to the last step.
See #991190.
* dpkg-fsys-usrunmess: Install a local policy-rc.d to ignore service
restarts. Closes: #991190
* dpkg-fsys-usrunmess: Do not fail when removing lingering directories.
* dpkg-fsys-usrunmess: Generate a regression prevention package.
* dpkg-fsys-usrunmess: Fix typo in debug message.
* dpkg: Distinguish deconfiguration message for installation and multi-arch
syncs.
* dpkg-buildpackage: Add new --changes-file option.
Prompted by Niels Thykier <niels@thykier.net>.
* dpkg-buildpackage: Add new --buildinfo-file option.
* dpkg: Rework --assert-<feature> logic to be more robust.
Prompted by Helmut Grohne <helmut@subdivi.de>.
Prompted by David Kalnischkies <donkult@debian.org>.
* dpkg: Improve --assert-<feature> descriptions.
* dpkg: Add a new --assert-help option.
* scripts/mk: Pass DEB_BUILD_PATH to dpkg-buildflags. See #985553.
* dpkg-db-backup: New program factored out from Debian-specific daily cron.
* dpkg-db-backup: Accept an option to override the number of rotation cycles.
* dpkg-db-backup: Honor the admindir set at configure time.
* update-alternatives: Fix --auto and --set-selections output progress.
* update-alternatives: Print defaults for configuration and database
pathnames.
* scripts: Replace shebang in dpkg-error shell library with shellcheck
directive.
* dpkg-buildpackage: Add support for terse DEB_BUILD_OPTIONS.
* dpkg-mergechangelogs: Add new --merge-unreleased option. Closes: #582921
* dpkg: Restore fallback to "new-prerm failed-upgrade" for downgrades.
Analysis by Ian Jackson <ijackson@chiark.greenend.org.uk>. Closes: #996959
* dselect: Use safe temporary file creation in methods setup.
* dselect: Remove bashism from update script in multicd method.
* dpkg: Fix --verify to handle missing or inaccessible pathnames.
Closes: #963087
* dpkg: Add partial --verify support for mode checks.
* Use «digest» instead of «hash» in output messages.
Reported by Sven Joachim <svenjoac@gmx.de>.
* dselect: use `grep -E` instead of `egrep`.
Thanks to Ville Skyttä <ville.skytta@iki.fi>. Closes: #999600
* libdpkg: Fix memory leak on End Of Tape condition in tar parser.
* dpkg: Fix short lived memory leak with --recursive.
* dpkg: Fix conffile removal-on-upgrade handling. Closes: #995387
* dpkg-deb: Fix conffile name length tracking on remove-on-upgrade parsing.
Reported by uau on IRC.
* Architecture support:
- Clarify that the regex columns need to be ordered to match first.
- Add support for ARCv2 CPU. Closes: #980963
Based on a patch by Alexey Brodkin <Alexey.Brodkin@synopsys.com>.
* Portability:
- start-stop-daemon: Define SOCK_NONBLOCK to 0 if not defined.
- libdpkg: Add support for AIX to dpkg_get_progname().
* Perl modules:
- Dpkg::Source::Quilt: Add hint to check missing files on patch apply
failures.
Reported by Joseph Nahmias <jello@debian.org>.
- Dpkg::Changelog::Parse: Require format plugins to inherit from
Dpkg::Changelog.
- Dpkg::OpenPGP: Refactor openpgp implementation execution into a new
function.
- Dpkg::Vendor::Debian: Refactor compiler flag names into an array.
- Dpkg::Vendor::Debian: Add new lto feature in new optimize area.
Closes: #940571
- Test::Dpkg: Print actual error messages in test_neutralize_checksums().
- Dpkg::Deps: Use current_sub feature for __SUB__.
- Dpkg::BuildFlags: Add support for ASFLAGS.
See https://salsa.debian.org/debian/debhelper/-/merge_requests/50.
- Dpkg::Compression: Use gzip --rsyncable unconditionally.
- Dpkg::Changelog::Entry::Debian: Fix full month misuse warning.
- Dpkg::Shlibs::Symbol: Emit a warning on fully qualified symver patterns.
Closes: #993991
- Dpkg::Control::HashCore: Add new keep_duplicate option.
- Dpkg::Control::FieldsCore: Add new field_parse_binary_source().
Closes: #980527
- Dpkg::Control::FieldsCore: Fix types allowed for
field_parse_binary_source().
Reported by Johannes Schauer Marin Rodrigues <josch@debian.org>.
- Dpkg::Shlibs::Objdump: Fix apply_relocations to work with versioned
symbols. Closes: #1000421
- Dpkg::Vendor::Ubuntu: Update Maintainer field logic to include
“canonicalâ€. Based on a patch by
William 'jawn-smith' Wilson <william.wilson@canonical.com>.
Closes: #1000557
- Dpkg::Source::Package::V2: Add hint about version matching source tree.
Based on a patch by Samuel Henrique <samueloph@debian.org>.
Closes: #996044
* Documentation:
- man: Itemize dpkg-gensymbols -c levels.
- man: Add man page for deb-md5sums(5).
Reported by Maxim Cournoyer (on IRC).
- man: Switch the Architecture field in deb-control(5) to required.
Reported by Maxim Cournoyer (on IRC).
- man: Make clear that dpkg-query arguments accept multiple values.
Prompted by Rémi Rampin <remirampin@gmail.com>. See #913781.
- man: Document dpkg-query --search and --listfiles output formats.
- doc: Fix incorrect use of ‘an’ article.
- doc: Update coding style to document POD instead of troff.
- doc: Update THANKS file.
- doc: Annotate current maintainer start year.
- doc: Sort maintenance information chronologically.
- man: Add versions since features where introduced.
- man: Further clarify when re-inclusions of excluded pathnames happen.
Closes: #871420
- doc: Update Doxygen configuration from version 1.9.1.
- doc: Improve description of dpkg suite.
Prompted by Fabrice Bauzac-Stehly <noon@mykolab.com>.
- man: Add a reference to where the Installed-Size algorithm is described.
- man: Improve dpkg --verify-format rpm format documentation.
- man: Document in deb-substvars(5) what ${} is good for.
Prompted by Paul Wise <pabs@debian.org>.
- man: Document in dpkg-architecture(1) target being useful for emulators
too. Prompted by Helmut Grohne <helmut@subdivi.de>.
- man: Document in dpkg-query(1) full --search and --listfiles output
format. Prompted by Johannes Schauer Marin Rodrigues <josch@debian.org>.
* Code internals:
- Remove irrelevant or obsolete FIXME markers.
- Turn FIXME markers denoting pending actions into TODO markers.
- Turn FIXME markers giving historic information into simple Notes.
- update-alternatives: Turn FIXME for explicit behavior choice into an XXX.
- Use localtime_r() instead of localtime().
- libdpkg: Remove MDEBUG support from m_malloc() implementation.
- libdpkg: Mark dpkg_arch_unmark() arch_remove argument as const.
- libdpkg: Mark treewalk_open() func argument as const.
- dpkg: Mark ignore_depends() pkg argument as const.
- dpkg: Mark deb_parse_conffiles() pkg argument as const.
- libcompat: Remove local setexecfilecon() and require libselinux 2.3.
- libdpkg: Add missing DPKG_{BEGIN,END}_DECLS in header files.
- dpkg: Move SE Linux function declarations into its own header file.
- dpkg: Move the command action enum to its own header file.
- dpkg: Switch from including "main.h" to "force.h".
- dselect: Rename dme() to display_menu_entry().
- dpkg: Split function handling deconfiguration due to install and removal.
- libdpkg: Add new ACTION_MUX macro for continued options.
- dpkg: Refactor --assert-<feature> handling to be data driven.
- dpkg-fsys-usrunmess: Do not use interpolated strings for literals.
- dpkg-db-backup: Add a license header comment.
* Build system:
- Fallback to $^X and 'perl' if $Config{perlpath} is unset or empty.
- Bump minimal Perl version to 5.28.1.
- Remove redundant localedir and pkgconfdir initializations.
- Check for libsocket.
- Do not set have_libmd on the found branch in AC_SEARCH_LIBS.
- Switch DPKG_FUNC_C99_SNPRINTF from AC_LANG_SOURCE to AC_LANG_PROGRAM.
- Check whether fsync(3) works on directories.
- Remove obsolete AC_HEADER_STDC.
- Detect appropriate sed program at configure time.
- Rename DPKG_DEB_PROG_TAR to DPKG_PROG_TAR.
- Parametrize the backups directory with a configure option.
- Add a check for symlinks in the git repository.
- Rename shell scripts to .sh.
- Switch from hardcoded /run to parametrized runstatedir.
- Use new Dpkg::Control keep_duplicate option in gen-changelog.
- Use title-case for field in gen-changelog.
- Execute run-script via CONFIG_SHELL.
Reported by Larkin Nickle <me@larbob.org>.
- Quote variables containing pathnames in m4 macros.
- Add support for commit message fix up machinery in gen-changelog.
* Packaging:
- Use absolute pathnames in .install debhelper fragments.
- Remove unused dh_installcron call for arch-indep targets.
- Add support for a native systemd timer. Closes: #985444
- Create auotpkgtest installation directory.
- Bump Standards-Version to 4.6.0 (no changes needed).
* Test suite:
- Pass --ignore-builtin-builddeps to dpkg-buildpackage.
- Use can_run() instead of find_command().
- Add descriptions to makefile test runners.
- Add unit tests for architecture bijective mapping property.
- Suppress cppcheck constParameter check.
- Suppress bogus cppcheck for nullPointerRedundantCheck.
- Mark external sourced shell files for checking.
- Ignore new shellcheck checks.
- Remove shipped dpkg database.
- Add re-inclusion of symlink case to t-filtering. See #871420.
- Generate symlink during test build time.
- Remove superfluous long filename.
- Refactor parse_ctrl() from parse_dsc().
- Update codespell stopwords.
[ Helge Kreutzmann ]
* deb-md5sums.pod: Fix typo.
[ Add programs translations ]
* Occitan (Quentin PAGÈS).
[ Update dselect translations ]
* German (Sven Joachim).
[ Update man pages translations ]
* German (Helge Kreutzmann).
[ Update programs translations ]
* German (Sven Joachim).
* Polish (Marcin Owsiany, Åukasz Dulny).
[ Update scripts translations ]
* German (Helge Kreutzmann).
------------------------------------------------------------------
------------------ 2022-1-2 - Jan 2 2022 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Update to 5.16-rc8
- commit b59b474
++++ sqlite3:
- update to 3.37.1:
* Fix a bug introduced by the UPSERT enhancements of version
3.35.0 that can cause incorrect byte-code to be generated for
some obscure but valid SQL, possibly resulting in a NULL-
pointer dereference.
* Fix an OOB read that can occur in FTS5 when reading corrupt
database files.
* Improved robustness of the --safe option in the CLI.
* Other minor fixes to assert() statements and test cases.
------------------------------------------------------------------
------------------ 2021-12-31 - Dec 31 2021 -------------------
------------------------------------------------------------------
++++ Mesa:
- update to 21.3.3
* Bug fixes
* Assassin’s Creed Syndicate crashes with Mesa 21.3.0+ ACO
* [21.3 regression] swr: Build failure with MSVC
* anv: dEQP-VK.graphicsfuzz.spv-stable-pillars-volatile-nontemporal-store fails
++++ Mesa-drivers:
- update to 21.3.3
* Bug fixes
* Assassin’s Creed Syndicate crashes with Mesa 21.3.0+ ACO
* [21.3 regression] swr: Build failure with MSVC
* anv: dEQP-VK.graphicsfuzz.spv-stable-pillars-volatile-nontemporal-store fails
++++ kernel-default:
- config: Enable CONFIG_CMA on riscv64
Non-default dependent config changes:
- DMA_CMA=y
- commit c0aa71e
++++ unbound:
- Change to systemd-sysusers
------------------------------------------------------------------
------------------ 2021-12-30 - Dec 30 2021 -------------------
------------------------------------------------------------------
++++ iptables:
- Only use nftables backend when iptables-backend-nft is installed
when using libalternatives
++++ kernel-default:
- igc: Do not enable crosstimestamping for i225-V models
(bsc#1193039).
- commit a77f415
- fix rpm build warning
tumbleweed rpm is adding these warnings to the log:
It's not recommended to have unversioned Obsoletes: Obsoletes: microcode_ctl
- commit 3ba8941
++++ libcap:
- update to 2.62:
* Bug fix for Go package "cap" and launching
* Build cleanups
* Documentation updates: cap_max_bits has a man page entry
* Recognize default securebits as a libcap mode: HYBRID
++++ lua54:
- Re-enable readline support in Lua, the way to do this changed
in Lua 5.4
- Because we are linking with readline add GPLv3+ only to the
main package
- Subsequently, update main_test.patch to ignore another test
- Update upstream-bugs.patch and upstream-bugs-test.patch to fix
bugs 9,10,12 for build and tests respectively. Bug 11 changes
interface of luaD_pretailcall. (bsc#1194575,CVE-2021-44647)
------------------------------------------------------------------
------------------ 2021-12-29 - Dec 29 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Update config files.
- commit 375fcb8
- Linux 5.15.12 (bsc#1012628).
- arm64: vdso32: require CROSS_COMPILE_COMPAT for gcc+bfd
(bsc#1012628).
- net: usb: lan78xx: add Allied Telesis AT29M2-AF (bsc#1012628).
- ext4: prevent partial update of the extent blocks (bsc#1012628).
- ext4: check for out-of-order index extents in
ext4_valid_extent_entries() (bsc#1012628).
- ext4: check for inconsistent extents between index and leaf
block (bsc#1012628).
- selftests: KVM: Fix non-x86 compiling (bsc#1012628).
- HID: holtek: fix mouse probing (bsc#1012628).
- HID: potential dereference of null pointer (bsc#1012628).
- NFSD: Fix READDIR buffer overflow (bsc#1012628).
- PM: sleep: Fix error handling in dpm_prepare() (bsc#1012628).
- arm64: dts: allwinner: orangepi-zero-plus: fix PHY mode
(bsc#1012628).
- bus: sunxi-rsb: Fix shutdown (bsc#1012628).
- spi: change clk_disable_unprepare to clk_unprepare
(bsc#1012628).
- ucounts: Fix rlimit max values check (bsc#1012628).
- drm/mediatek: hdmi: Perform NULL pointer check for mtk_hdmi_conf
(bsc#1012628).
- ASoC: meson: aiu: fifo: Add missing
dma_coerce_mask_and_coherent() (bsc#1012628).
- RDMA/hns: Fix RNR retransmission issue for HIP08 (bsc#1012628).
- IB/qib: Fix memory leak in qib_user_sdma_queue_pkts()
(bsc#1012628).
- RDMA/hns: Replace kfree() with kvfree() (bsc#1012628).
- netfilter: nf_tables: fix use-after-free in
nft_set_catchall_destroy() (bsc#1012628).
- netfilter: fix regression in looped (broad|multi)cast's MAC
handling (bsc#1012628).
- ARM: dts: imx6qdl-wandboard: Fix Ethernet support (bsc#1012628).
- ice: Use xdp_buf instead of rx_buf for xsk zero-copy
(bsc#1012628).
- ice: xsk: return xsk buffers back to pool when cleaning the ring
(bsc#1012628).
- net: marvell: prestera: fix incorrect return of port_find
(bsc#1012628).
- net: marvell: prestera: fix incorrect structure access
(bsc#1012628).
- qlcnic: potential dereference null pointer of
rx_queue->page_ring (bsc#1012628).
- tcp: move inet->rx_dst_ifindex to sk->sk_rx_dst_ifindex
(bsc#1012628).
- ipv6: move inet6_sk(sk)->rx_dst_cookie to sk->sk_rx_dst_cookie
(bsc#1012628).
- inet: fully convert sk->sk_rx_dst to RCU rules (bsc#1012628).
- net: accept UFOv6 packages in virtio_net_hdr_to_skb
(bsc#1012628).
- net: skip virtio_net_hdr_set_proto if protocol already set
(bsc#1012628).
- igb: fix deadlock caused by taking RTNL in RPM resume path
(bsc#1012628).
- ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module
(bsc#1012628).
- gpio: virtio: remove timeout (bsc#1012628).
- bonding: fix ad_actor_system option setting to default
(bsc#1012628).
- fjes: Check for error irq (bsc#1012628).
- drivers: net: smc911x: Check for error irq (bsc#1012628).
- net: ks8851: Check for error irq (bsc#1012628).
- sfc: Check null pointer of rx_queue->page_ring (bsc#1012628).
- sfc: falcon: Check null pointer of rx_queue->page_ring
(bsc#1012628).
- asix: fix uninit-value in asix_mdio_read() (bsc#1012628).
- asix: fix wrong return value in asix_check_host_enable()
(bsc#1012628).
- io_uring: zero iocb->ki_pos for stream file types (bsc#1012628).
- veth: ensure skb entering GRO are not cloned (bsc#1012628).
- net: stmmac: ptp: fix potentially overflowing expression
(bsc#1012628).
- net: bridge: Use array_size() helper in copy_to_user()
(bsc#1012628).
- net: bridge: fix ioctl old_deviceless bridge argument
(bsc#1012628).
- r8152: fix the force speed doesn't work for RTL8156
(bsc#1012628).
- net: stmmac: dwmac-visconti: Fix value of
ETHER_CLK_SEL_FREQ_SEL_2P5M (bsc#1012628).
- Input: elantech - fix stack out of bound access in
elantech_change_report_id() (bsc#1012628).
- pinctrl: bcm2835: Change init order for gpio hogs (bsc#1012628).
- hwmon: (lm90) Fix usage of CONFIG2 register in detect function
(bsc#1012628).
- hwmon: (lm90) Prevent integer overflow/underflow in hysteresis
calculations (bsc#1012628).
- hwmon: (lm90) Introduce flag indicating extended temperature
support (bsc#1012628).
- hwmon: (lm90) Add basic support for TI TMP461 (bsc#1012628).
- hwmon: (lm90) Drop critical attribute support for MAX6654
(bsc#1012628).
- ARM: 9160/1: NOMMU: Reload __secondary_data after
PROCINFO_INITFUNC (bsc#1012628).
- uapi: Fix undefined __always_inline on non-glibc systems
(bsc#1012628).
- compiler.h: Fix annotation macro misplacement with Clang
(bsc#1012628).
- platform/x86/intel: Remove X86_PLATFORM_DRIVERS_INTEL
(bsc#1012628).
- kernel/crash_core: suppress unknown crashkernel parameter
warning (bsc#1012628).
- Revert "x86/boot: Pull up cmdline preparation and early param
parsing" (bsc#1012628).
- x86/boot: Move EFI range reservation after cmdline parsing
(bsc#1012628).
- ALSA: jack: Check the return value of kstrdup() (bsc#1012628).
- ALSA: drivers: opl3: Fix incorrect use of vp->state
(bsc#1012628).
- ALSA: rawmidi - fix the uninitalized user_pversion
(bsc#1012628).
- ALSA: hda/hdmi: Disable silent stream on GLK (bsc#1012628).
- ALSA: hda/realtek: Amp init fixup for HP ZBook 15 G6
(bsc#1012628).
- ALSA: hda/realtek: Add new alc285-hp-amp-init model
(bsc#1012628).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook
(bsc#1012628).
- ALSA: hda/realtek: Fix quirk for Clevo NJ51CU (bsc#1012628).
- ASoC: meson: aiu: Move AIU_I2S_MISC hold setting to aiu-fifo-i2s
(bsc#1012628).
- ASoC: tegra: Add DAPM switches for headphones and mic jack
(bsc#1012628).
- ASoC: tegra: Restore headphones jack name on Nyan Big
(bsc#1012628).
- Input: atmel_mxt_ts - fix double free in mxt_read_info_block
(bsc#1012628).
- ipmi: bail out if init_srcu_struct fails (bsc#1012628).
- ipmi: ssif: initialize ssif_info->client early (bsc#1012628).
- ipmi: fix initialization when workqueue allocation fails
(bsc#1012628).
- parisc: Correct completer in lws start (bsc#1012628).
- parisc: Fix mask used to select futex spinlock (bsc#1012628).
- tee: handle lookup of shm with reference count 0 (bsc#1012628).
- x86/pkey: Fix undefined behaviour with PKRU_WD_BIT
(bsc#1012628).
- platform/x86: amd-pmc: only use callbacks for suspend
(bsc#1012628).
- platform/x86: intel_pmc_core: fix memleak on registration
failure (bsc#1012628).
- KVM: x86: Always set kvm_run->if_flag (bsc#1012628).
- KVM: x86/mmu: Don't advance iterator after restart due to
yielding (bsc#1012628).
- KVM: nVMX: Synthesize TRIPLE_FAULT for L2 if emulation is
required (bsc#1012628).
- KVM: VMX: Always clear vmx->fail on emulation_required
(bsc#1012628).
- KVM: VMX: Wake vCPU when delivering posted IRQ even if vCPU ==
this vCPU (bsc#1012628).
- pinctrl: stm32: consider the GPIO offset to expose all the
GPIO lines (bsc#1012628).
- gpio: dln2: Fix interrupts when replugging the device
(bsc#1012628).
- mmc: sdhci-tegra: Fix switch to HS400ES mode (bsc#1012628).
- mmc: meson-mx-sdhc: Set MANUAL_STOP for multi-block SDIO
commands (bsc#1012628).
- mmc: core: Disable card detect during shutdown (bsc#1012628).
- mmc: mmci: stm32: clear DLYB_CR after sending tuning command
(bsc#1012628).
- ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling
(bsc#1012628).
- ksmbd: fix error code in ndr_read_int32() (bsc#1012628).
- ksmbd: fix uninitialized symbol 'pntsd_size' (bsc#1012628).
- ksmbd: disable SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1
(bsc#1012628).
- mac80211: fix locking in ieee80211_start_ap error path
(bsc#1012628).
- mm: mempolicy: fix THP allocations escaping mempolicy
restrictions (bsc#1012628).
- mm, hwpoison: fix condition in free hugetlb page path
(bsc#1012628).
- mm/hwpoison: clear MF_COUNT_INCREASED before retrying
get_any_page() (bsc#1012628).
- mm/damon/dbgfs: protect targets destructions with kdamond_lock
(bsc#1012628).
- tee: optee: Fix incorrect page free bug (bsc#1012628).
- f2fs: fix to do sanity check on last xattr entry in
__f2fs_setxattr() (bsc#1012628).
- netfs: fix parameter of cleanup() (bsc#1012628).
- KVM: VMX: Fix stale docs for
kvm-intel.emulate_invalid_guest_state (bsc#1012628).
- arm64: dts: lx2160a: fix scl-gpios property name (bsc#1012628).
- kfence: fix memory leak when cat kfence objects (bsc#1012628).
- Input: iqs626a - prohibit inlining of channel parsing functions
(bsc#1012628).
- Input: elants_i2c - do not check Remark ID on eKTH3900/eKTH5312
(bsc#1012628).
- Input: goodix - add id->model mapping for the "9111" model
(bsc#1012628).
- ASoC: tas2770: Fix setting of high sample rates (bsc#1012628).
- ASoC: SOF: Intel: pci-tgl: add new ADL-P variant (bsc#1012628).
- ASoC: SOF: Intel: pci-tgl: add ADL-N support (bsc#1012628).
- ASoC: rt5682: fix the wrong jack type detected (bsc#1012628).
- pinctrl: mediatek: fix global-out-of-bounds issue (bsc#1012628).
- hwmom: (lm90) Fix citical alarm status for MAX6680/MAX6681
(bsc#1012628).
- hwmon: (lm90) Do not report 'busy' status bit as alarm
(bsc#1012628).
- r8152: sync ocp base (bsc#1012628).
- ax25: NPD bug when detaching AX25 device (bsc#1012628).
- hamradio: defer ax25 kfree after unregister_netdev
(bsc#1012628).
- hamradio: improve the incomplete fix to avoid NPD (bsc#1012628).
- tun: avoid double free in tun_free_netdev (bsc#1012628).
- phonet/pep: refuse to enable an unbound pipe (bsc#1012628).
- Refresh
patches.suse/add-product-identifying-information-to-vmcoreinfo.patch.
- commit 202eb92
++++ mozilla-nss:
- update to NSS 3.73.1:
* Add SHA-2 support to mozilla::pkix's OSCP implementation
++++ mozilla-nspr:
- update to 4.33:
* fixes to build system and export of private symbols
------------------------------------------------------------------
------------------ 2021-12-28 - Dec 28 2021 -------------------
------------------------------------------------------------------
++++ openssl-1_1:
- Update to 1.1.1m:
* Avoid loading of a dynamic engine twice.
* Prioritise DANE TLSA issuer certs over peer certs
- Rebased patches:
* openssl-1.1.1-evp-kdf.patch
* openssl-1.1.1-system-cipherlist.patch
++++ openssl:
- Update to 1.1.1m release
------------------------------------------------------------------
------------------ 2021-12-27 - Dec 27 2021 -------------------
------------------------------------------------------------------
++++ expat:
- update to 2.4.2:
* Link againgst libm for function "isnan"
* Include expat_config.h as early as possible
* Autotools: Include files with release archives:
- buildconf.sh
- fuzz/*.c
* Autotools: Sync CMake templates
* docs: Document that function XML_GetBuffer may return NULL
when asking for a buffer of 0 (zero) bytes size
* docs: Fix return value docs for both
XML_SetBillionLaughsAttackProtection* functions
* Version info bumped from 9:1:8 to 9:2:8
++++ zstd:
- update to 1.5.1:
* perf: rebalanced compression levels, to better match the intended speed/level curve
* perf: faster huffman decoder, using x64 assembly
* perf: slightly faster high speed modes (strategies fast & dfast)
* perf: improved binary size and faster compilation times
* perf: new row64 mode, used notably in level 12
* perf: faster mid-level compression speed in presence of highly repetitive patterns
* perf: minor compression ratio improvements for small data at high levels
* perf: reduced stack usage (mostly useful for Linux Kernel)
* perf: faster compression speed on incompressible data
* perf: on-demand reduced ZSTD_DCtx state size, using build macro ZSTD_DECODER_INTERNAL_BUFFER, at a small cost of performance
* build: allows hiding static symbols in the dynamic library, using build macro
* build: support for m68k (Motorola 68000's)
* build: improved AIX support
* build: improved meson unofficial build
* cli : custom memory limit when training dictionary (#2925)
* cli : report advanced parameters information when compressing in very verbose mode (``-vv`)
------------------------------------------------------------------
------------------ 2021-12-26 - Dec 26 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Update to 5.16-rc7
- refresh
- patches.suse/add-product-identifying-information-to-vmcoreinfo.patch
- refresh configs
- commit cce91fd
------------------------------------------------------------------
------------------ 2021-12-24 - Dec 24 2021 -------------------
------------------------------------------------------------------
++++ gpgme:
- Add patches to support building bindings packages for
Python 3.10
* gpgme-D545-python310.patch -- https://dev.gnupg.org/D545
* gpgme-D546-python310.patch -- https://dev.gnupg.org/D546
------------------------------------------------------------------
------------------ 2021-12-23 - Dec 23 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Disable patches.suse/btrfs-use-the-new-VFS-super_block_dev.patch (bsc#1194007)
Better to disable it completely.
- commit 730a488
++++ pango:
- Update to version 1.50.3:
+ pango-view: Add --serialize-to option for easy bug reporting.
+ Revert a transformation change that broke metrics for vertical
text.
+ Handle fonts without space glyph (such as icon fonts) better.
+ Fix some corner cases of line width accounting.
+ Fix line height with emulated Small Caps.
++++ libzypp:
- Use the default zypp.conf settings if no zypp.conf exists
(bsc#1193488)
- Fix wrong encoding of iso: URL components (bsc#954813)
- Handle armv8l as armv7hl compatible userland.
- Introduce zypp-curl a sublibrary for CURL related code.
- zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set.
- Save all signatures associated with a public key in its
PublicKeyData.
- version 17.29.0 (22)
++++ python-setuptools:
- Remove unzip BuildRequires: the tarball is proper gz compressed,
no zip files to decompress here.
++++ ovmf:
- Removed useless patch files because they are merged to edk2-stable202111
- ovmf-OvmfPkg-OvmfXen-Fix-build-with-QemuKernelLoaderFsDxe.patch
- ovmf-OvmfPkg-OvmfXen-add-QemuKernelLoaderFsDxe.patch
- ovmf-OvmfPkg-OvmfXen-set-PcdAcpiS3Enable-at-initializatio.patch
- Updated URL to the edk2 repo on github
- Use downloaded edk2-edk2-stable%{version}.tar.gz instead of the URL
for Source0 because the edk2-edk2-stable202111 tarball is broken
in tianocore repo which can not pass the "osc service runall download_files"
testing.
- We ill change it back to the following setting when upstream fixed tarball:
Source0: https://github.com/tianocore/edk2/releases/download/edk2-stable%{version}/edk2-edk2-stable%{version}.tar.gz
++++ u-boot-rpiarm64:
- Update to 2022.01-rc4
- Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2022.01
* Patches dropped (upstreamed):
0016-Revert-video-backlight-fix-pwm-s-du.patch
0017-rpi-Add-identifier-for-the-new-RPi-.patch
++++ zypper:
- Singletrans: handle fatal and non-fatal script errors properly.
- Add SingleTransReportReceiver.
- Immediately write out additional rpm output.
- BuildRequires: libzypp-devel >= 17.29.0.
Need SingleTransReport and immediate rpm script output reports.
- version 1.14.51
------------------------------------------------------------------
------------------ 2021-12-22 - Dec 22 2021 -------------------
------------------------------------------------------------------
++++ gnutls:
- FIPS: Provide a service-level indicator [bsc#1190698]
* Add support for a "service indicator" as required in
the FIPS140-3 Implementation Guidance in section 2.4.C
* Add patches:
- gnutls-FIPS-service-indicator.patch
- gnutls-FIPS-service-indicator-public-key.patch
- gnutls-FIPS-service-indicator-symmetric-key.patch
- gnutls-FIPS-RSA-PSS-flags.patch
++++ gpg2:
- GnuPG 2.3.4:
* gpg: New option --min-rsa-length
* gpg: New option --forbid-gen-key
* gpg: New option --override-compliance-check
* gpgconf: New command --show-configs
* agent,dirmngr,keyboxd: New option --steal-socket
* gpg: Fix printing of binary notations
* gpg: Remove stale ultimately trusted keys from the trustdb
* gpg: Fix indentation of --print-mds and --print-md sha512
* gpg: Emit gpg 2.2 compatible Ed25519 signature
* gpgsm: Detect circular chains in --list-chain
* dirmngr: Make reading resolv.conf more robust
* dirmngr: Ask keyservers to provide the key fingerprints
* gpgconf: Allow changing gpg's deprecated keyserver option
* gpg-wks-server: Fix created file permissions
* scd: Support longer data for ssh-agent authentication with
openpgp cards
* scd: Modify DEVINFO behavior to support looping forever
* Silence warning about the rootdir under Unices w/o a mounted
/proc file system
* Fix possible build problems about missing include files
++++ kernel-default:
- build initrd without systemd
This reduces the size of the initrd by over 25%, which
improves startup time of the virtual machine by 0.5-0.6s on
very fast machines, more on slower ones.
- commit ef4c569
- config: disable BTRFS_ASSERT in default kernels
BTRFS_ASSERT is marked as developer only option and hence
shouldn't be enabled in the default kernel. we enable it
in the debug flavor now.
This improves performance of a fio randrw run by over 21% and
reduces code size by 25%.
- commit 6567403
- Linux 5.15.11 (bsc#1012628).
- xen/netback: don't queue unlimited number of packages
(bsc#1012628).
- xen/netback: fix rx queue stall detection (bsc#1012628).
- xen/console: harden hvc_xen against event channel storms
(bsc#1012628).
- xen/netfront: harden netfront against event channel storms
(bsc#1012628).
- xen/blkfront: harden blkfront against event channel storms
(bsc#1012628).
- Revert "xsk: Do not sleep in poll() when need_wakeup set"
(bsc#1012628).
- selftests/damon: test debugfs file reads/writes with huge count
(bsc#1012628).
- bus: ti-sysc: Fix variable set but not used warning for
reinit_modules (bsc#1012628).
- io-wq: drop wqe lock before creating new worker (bsc#1012628).
- rcu: Mark accesses to rcu_state.n_force_qs (bsc#1012628).
- io-wq: check for wq exit after adding new worker task_work
(bsc#1012628).
- io-wq: remove spurious bit clear on task_work addition
(bsc#1012628).
- scsi: scsi_debug: Sanity check block descriptor length in
resp_mode_select() (bsc#1012628).
- scsi: scsi_debug: Fix type in min_t to avoid stack OOB
(bsc#1012628).
- scsi: scsi_debug: Don't call kcalloc() if size arg is zero
(bsc#1012628).
- ovl: fix warning in ovl_create_real() (bsc#1012628).
- fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1012628).
- media: mxl111sf: change mutex_init() location (bsc#1012628).
- USB: core: Make do_proc_control() and do_proc_bulk() killable
(bsc#1012628).
- bpf: Fix extable address check (bsc#1012628).
- bpf, x64: Factor out emission of REX byte in more cases
(bsc#1012628).
- mptcp: add missing documented NL params (bsc#1012628).
- xsk: Do not sleep in poll() when need_wakeup set (bsc#1012628).
- ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name
(bsc#1012628).
- can: m_can: pci: use custom bit timings for Elkhart Lake
(bsc#1012628).
- can: m_can: make custom bittiming fields const (bsc#1012628).
- Revert "can: m_can: remove support for custom bit timing"
(bsc#1012628).
- drm/amd/pm: fix reading SMU FW version from amdgpu_firmware_info
on YC (bsc#1012628).
- drm/amdgpu: don't override default ECO_BITs setting
(bsc#1012628).
- drm/amdgpu: correct register access for RLC_JUMP_TABLE_RESTORE
(bsc#1012628).
- powerpc/module_64: Fix livepatching for RO modules
(bsc#1012628).
- libata: if T_LENGTH is zero, dma direction should be DMA_NONE
(bsc#1012628).
- perf inject: Fix segfault due to perf_data__fd() without open
(bsc#1012628).
- perf inject: Fix segfault due to close without open
(bsc#1012628).
- riscv: dts: unmatched: Add gpio card detect to mmc-spi-slot
(bsc#1012628).
- riscv: dts: unleashed: Add gpio card detect to mmc-spi-slot
(bsc#1012628).
- locking/rtmutex: Fix incorrect condition in
rtmutex_spin_on_owner() (bsc#1012628).
- cifs: sanitize multiple delimiters in prepath (bsc#1012628).
- timekeeping: Really make sure wall_to_monotonic isn't positive
(bsc#1012628).
- serial: 8250_fintek: Fix garbled text for console (bsc#1012628).
- iocost: Fix divide-by-zero on donation from low hweight cgroup
(bsc#1012628).
- zonefs: add MODULE_ALIAS_FS (bsc#1012628).
- btrfs: fix missing blkdev_put() call in btrfs_scan_one_device()
(bsc#1012628).
- btrfs: check WRITE_ERR when trying to read an extent buffer
(bsc#1012628).
- btrfs: fix double free of anon_dev after failure to create
subvolume (bsc#1012628).
- Refresh
patches.suse/btrfs-use-the-new-VFS-super_block_dev.patch.
- btrfs: fix memory leak in __add_inode_ref() (bsc#1012628).
- selinux: fix sleeping function called from invalid context
(bsc#1012628).
- USB: serial: option: add Telit FN990 compositions (bsc#1012628).
- USB: serial: cp210x: fix CP2105 GPIO registration (bsc#1012628).
- usb: gadget: u_ether: fix race in setting MAC address in setup
phase (bsc#1012628).
- usb: typec: tcpm: fix tcpm unregister port but leave a pending
timer (bsc#1012628).
- usb: cdnsp: Fix lack of spin_lock_irqsave/spin_lock_restore
(bsc#1012628).
- usb: cdnsp: Fix issue in cdnsp_log_ep trace event (bsc#1012628).
- usb: cdnsp: Fix incorrect calling of cdnsp_died function
(bsc#1012628).
- usb: cdnsp: Fix incorrect status for control request
(bsc#1012628).
- usb: xhci: Extend support for runtime power management for
AMD's Yellow carp (bsc#1012628).
- usb: xhci-mtk: fix list_del warning when enable list debug
(bsc#1012628).
- PCI/MSI: Mask MSI-X vectors only on success (bsc#1012628).
- PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error (bsc#1012628).
- usb: dwc2: fix STM ID/VBUS detection startup delay in
dwc2_driver_probe (bsc#1012628).
- USB: NO_LPM quirk Lenovo USB-C to Ethernet Adapher(RTL8153-04)
(bsc#1012628).
- tty: n_hdlc: make n_hdlc_tty_wakeup() asynchronous
(bsc#1012628).
- KVM: x86: Drop guest CPUID check for host initiated writes to
MSR_IA32_PERF_CAPABILITIES (bsc#1012628).
- Revert "usb: early: convert to readl_poll_timeout_atomic()"
(bsc#1012628).
- USB: gadget: bRequestType is a bitfield, not a enum
(bsc#1012628).
- powerpc/85xx: Fix oops when CONFIG_FSL_PMC=n (bsc#1012628).
- bpf, selftests: Fix racing issue in btf_skc_cls_ingress test
(bsc#1012628).
- bpf: Fix extable fixup offset (bsc#1012628).
- arm64: kexec: Fix missing error code 'ret' warning in
load_other_segments() (bsc#1012628).
- afs: Fix mmap (bsc#1012628).
- sit: do not call ipip6_dev_free() from sit_init_net()
(bsc#1012628).
- net: systemport: Add global locking for descriptor lifecycle
(bsc#1012628).
- net/smc: Prevent smc_release() from long blocking (bsc#1012628).
- net: Fix double 0x prefix print in SKB dump (bsc#1012628).
- dsa: mv88e6xxx: fix debug print for SPEED_UNFORCED
(bsc#1012628).
- sfc_ef100: potential dereference of null pointer (bsc#1012628).
- net: stmmac: dwmac-rk: fix oob read in rk_gmac_setup
(bsc#1012628).
- net/packet: rx_owner_map depends on pg_vec (bsc#1012628).
- netdevsim: Zero-initialize memory for new map's value in
function nsim_bpf_map_alloc (bsc#1012628).
- ixgbe: set X550 MDIO speed before talking to PHY (bsc#1012628).
- ixgbe: Document how to enable NBASE-T support (bsc#1012628).
- igc: Fix typo in i225 LTR functions (bsc#1012628).
- igbvf: fix double free in `igbvf_probe` (bsc#1012628).
- igb: Fix removal of unicast MAC filters of VFs (bsc#1012628).
- soc/tegra: fuse: Fix bitwise vs. logical OR warning
(bsc#1012628).
- mptcp: fix deadlock in __mptcp_push_pending() (bsc#1012628).
- mptcp: clear 'kern' flag from fallback sockets (bsc#1012628).
- mptcp: remove tcp ulp setsockopt support (bsc#1012628).
- drm/amd/pm: fix a potential gpu_metrics_table memory leak
(bsc#1012628).
- drm/amd/display: Set exit_optimized_pwr_state for DCN31
(bsc#1012628).
- ice: Don't put stale timestamps in the skb (bsc#1012628).
- ice: Use div64_u64 instead of div_u64 in adjfine (bsc#1012628).
- rds: memory leak in __rds_conn_create() (bsc#1012628).
- flow_offload: return EOPNOTSUPP for the unsupported mpls action
type (bsc#1012628).
- net: stmmac: fix tc flower deletion for VLAN priority Rx
steering (bsc#1012628).
- mac80211: fix lookup when adding AddBA extension element
(bsc#1012628).
- cfg80211: Acquire wiphy mutex on regulatory work (bsc#1012628).
- mac80211: agg-tx: don't schedule_and_wake_txq() under sta->lock
(bsc#1012628).
- drm/i915/display: Fix an unsigned subtraction which can never
be negative (bsc#1012628).
- drm/ast: potential dereference of null pointer (bsc#1012628).
- mptcp: never allow the PM to close a listener subflow
(bsc#1012628).
- selftest/net/forwarding: declare NETIFS p9 p10 (bsc#1012628).
- net: dsa: mv88e6xxx: Unforce speed & duplex in mac_link_down()
(bsc#1012628).
- selftests/net: toeplitz: fix udp option (bsc#1012628).
- net/sched: sch_ets: don't remove idle classes from the
round-robin list (bsc#1012628).
- drm: simpledrm: fix wrong unit with pixel clock (bsc#1012628).
- dmaengine: st_fdma: fix MODULE_ALIAS (bsc#1012628).
- dmaengine: idxd: fix missed completion on abort path
(bsc#1012628).
- selftests: Fix IPv6 address bind tests (bsc#1012628).
- selftests: Fix raw socket bind tests with VRF (bsc#1012628).
- selftests: Add duplicate config only for MD5 VRF tests
(bsc#1012628).
- net: hns3: fix race condition in debugfs (bsc#1012628).
- net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg
(bsc#1012628).
- selftests: icmp_redirect: pass xfail=0 to log_test()
(bsc#1012628).
- netdevsim: don't overwrite read only ethtool parms
(bsc#1012628).
- inet_diag: fix kernel-infoleak for UDP sockets (bsc#1012628).
- sch_cake: do not call cake_destroy() from cake_init()
(bsc#1012628).
- s390/kexec_file: fix error handling when applying relocations
(bsc#1012628).
- selftests: net: Correct ping6 expected rc from 2 to 1
(bsc#1012628).
- Revert "drm/fb-helper: improve DRM fbdev emulation device names"
(bsc#1012628).
- vdpa: Consider device id larger than 31 (bsc#1012628).
- virtio/vsock: fix the transport to work with VMADDR_CID_ANY
(bsc#1012628).
- virtio: always enter drivers/virtio/ (bsc#1012628).
- iwlwifi: mvm: don't crash on invalid rate w/o STA (bsc#1012628).
- soc: imx: Register SoC device only on i.MX boards (bsc#1012628).
- clk: Don't parent clks until the parent is fully registered
(bsc#1012628).
- arm64: dts: imx8mq: remove interconnect property from lcdif
(bsc#1012628).
- ARM: socfpga: dts: fix qspi node compatible (bsc#1012628).
- ceph: initialize pathlen variable in reconnect_caps_cb
(bsc#1012628).
- ceph: fix duplicate increment of opened_inodes metric
(bsc#1012628).
- tee: amdtee: fix an IS_ERR() vs NULL bug (bsc#1012628).
- mac80211: track only QoS data frames for admission control
(bsc#1012628).
- dmaengine: idxd: fix calling wq quiesce inside spinlock
(bsc#1012628).
- dmaengine: idxd: add halt interrupt support (bsc#1012628).
- arm64: dts: rockchip: fix poweroff on helios64 (bsc#1012628).
- arm64: dts: rockchip: fix audio-supply for Rock Pi 4
(bsc#1012628).
- arm64: dts: rockchip: fix rk3399-leez-p710 vcc3v3-lan supply
(bsc#1012628).
- arm64: dts: rockchip: fix rk3308-roc-cc vcc-sd supply
(bsc#1012628).
- arm64: dts: rockchip: remove mmc-hs400-enhanced-strobe from
rk3399-khadas-edge (bsc#1012628).
- pinctrl: amd: Fix wakeups when IRQ is shared with SCI
(bsc#1012628).
- drm/i915/hdmi: Turn DP++ TMDS output buffers back on in
encoder->shutdown() (bsc#1012628).
- drm/i915/hdmi: convert intel_hdmi_to_dev to intel_hdmi_to_i915
(bsc#1012628).
- scsi: ufs: core: Retry START_STOP on UNIT_ATTENTION
(bsc#1012628).
- btrfs: remove stale comment about the btrfs_show_devname
(bsc#1012628).
- btrfs: update latest_dev when we create a sprout device
(bsc#1012628).
- btrfs: use latest_dev in btrfs_show_devname (bsc#1012628).
- btrfs: convert latest_bdev type to btrfs_device and rename
(bsc#1012628).
- audit: improve robustness of the audit queue handling
(bsc#1012628).
- dm btree remove: fix use after free in rebalance_children()
(bsc#1012628).
- ceph: fix up non-directory creation in SGID directories
(bsc#1012628).
- arm64: dts: ten64: remove redundant interrupt declaration for
gpio-keys (bsc#1012628).
- recordmcount.pl: look for jgnop instruction as well as bcrl
on s390 (bsc#1012628).
- s390/entry: fix duplicate tracking of irq nesting level
(bsc#1012628).
- vdpa: check that offsets are within bounds (bsc#1012628).
- virtio_ring: Fix querying of maximum DMA mapping size for
virtio device (bsc#1012628).
- vduse: check that offset is within bounds in get_config()
(bsc#1012628).
- vduse: fix memory corruption in vduse_dev_ioctl() (bsc#1012628).
- bpf, selftests: Update test case for atomic cmpxchg on r0 with
pointer (bsc#1012628).
- bpf: Fix kernel address leakage in atomic cmpxchg's r0 aux reg
(bsc#1012628).
- bpf, selftests: Add test case trying to taint map value pointer
(bsc#1012628).
- bpf: Make 32->64 bounds propagation slightly more robust
(bsc#1012628).
- bpf: Fix signed bounds propagation after mov32 (bsc#1012628).
- bpf, selftests: Add test case for atomic fetch on spilled
pointer (bsc#1012628).
- bpf: Fix kernel address leakage in atomic fetch (bsc#1012628).
- firmware: arm_scpi: Fix string overflow in SCPI genpd driver
(bsc#1012628).
- mac80211: validate extended element ID is present (bsc#1012628).
- mac80211: send ADDBA requests using the tid/queue of the
aggregation session (bsc#1012628).
- mac80211: mark TX-during-stop for TX in in_reconfig
(bsc#1012628).
- mac80211: fix regression in SSN handling of addba tx
(bsc#1012628).
- mac80211: fix rate control for retransmitted frames
(bsc#1012628).
- KVM: X86: Fix tlb flush for tdp in kvm_invalidate_pcid()
(bsc#1012628).
- x86/kvm: remove unused ack_notifier callbacks (bsc#1012628).
- KVM: downgrade two BUG_ONs to WARN_ON_ONCE (bsc#1012628).
- KVM: selftests: Make sure kvm_create_max_vcpus test won't hit
RLIMIT_NOFILE (bsc#1012628).
- KVM: VMX: clear vmx_x86_ops.sync_pir_to_irr if APICv is disabled
(bsc#1012628).
- reset: tegra-bpmp: Revert Handle errors in BPMP response
(bsc#1012628).
- commit 9903b31
++++ rpm:
- Update OCaml requires/provides generators to ignore cmxs
new patch: ocaml-cmxs.diff
++++ qemu:
- Fix testsuite failures by not using modules when building tests
(and some other, also testsuite related, spec file problems)
++++ raspberrypi-firmware:
- Update to 1a0297bfbf (2021-12-01):
* firmware: board_info: Add upstream dtb names for cm1 & 3
* firmware: board_info: Add upstream dtb name for cm4
See: #1660
* firmware: platform: Allow users to disable camera boot HMAC check
See: #1657
* firmware: clock: 2711: Fix potential API issue in 2711 VCO setup
* firmware: arm_loader: Enable USB MSD boot mode on Zero 2 W
* firmware: isp: Fix Rec.709 colour space problems
++++ raspberrypi-firmware-config:
- Update to 1a0297bfbf (2021-12-01):
* firmware: board_info: Add upstream dtb names for cm1 & 3
* firmware: board_info: Add upstream dtb name for cm4
See: #1660
* firmware: platform: Allow users to disable camera boot HMAC check
See: #1657
* firmware: clock: 2711: Fix potential API issue in 2711 VCO setup
* firmware: arm_loader: Enable USB MSD boot mode on Zero 2 W
* firmware: isp: Fix Rec.709 colour space problems
++++ raspberrypi-firmware-config-camera:
- Update to 1a0297bfbf (2021-12-01):
* firmware: board_info: Add upstream dtb names for cm1 & 3
* firmware: board_info: Add upstream dtb name for cm4
See: #1660
* firmware: platform: Allow users to disable camera boot HMAC check
See: #1657
* firmware: clock: 2711: Fix potential API issue in 2711 VCO setup
* firmware: arm_loader: Enable USB MSD boot mode on Zero 2 W
* firmware: isp: Fix Rec.709 colour space problems
------------------------------------------------------------------
------------------ 2021-12-21 - Dec 21 2021 -------------------
------------------------------------------------------------------
++++ boost-base:
- update to 1.78.0:
* for details on all changes see,
https://www.boost.org/users/history/version_1_78_0.html
- boost-math.patch: removed
- 0001-b2-fix-install.patch: added from upstream
++++ grub2:
- Fix CVE-2021-3981 (bsc#1189644)
* 0001-grub-mkconfig-restore-umask-for-grub.cfg.patch
++++ gtk3:
- Update to version 3.24.31:
+ input: Fix a crash with touch on GtkScale.
+ clipboard: Avoid a double-free.
+ css: Avoid a crash with radial gradients.
+ GtkFileChooser: Don't leak search results.
+ GtkTextView: Support css letterspacing.
+ Wayland:
- Reset position when hiding popups.
- Ignore globals we did not bind ourselves.
- Avoid infinite loops when hiding surfaces.
- Avoid clipboard-related lockups.
+ X11:
- Trap errors while doing XRANDR calls.
- Support touchpad gestures with XI 2.4.
+ Updated translations.
++++ libthai:
- Update to version 0.1.29.
* Rewritten thbrk test.
* More compliance with UAX#14 (Unicode Line Breaking Algorithm)
for thbrk.
* Fix a typo in TIS-620 character name in tis.h.
* Updated word break dictionary.
++++ qemu:
- [JIRA] (SLE-20965) Make QEMU guests more failsafe when resizing
SCSI passthrough disks
* Patches added:
scsi-generic-replace-logical-block-count.patch
++++ ovmf:
- Update to edk2-stable202111
- Features (https://github.com/tianocore/edk2/releases):
Add SSDT CPU topology generator
Support ACPI 6.4 in GTDT parser and generator
Support ACPI 6.4 in DynamicTables FADT parser
Support ACPI 6.4 in Acpiview PCCT parser
Support ACPI 6.4 in Acpiview HMAT parser
Add support for the microvm machine type (qemu)
OVMF/ArmVirt: add support for virtio-mmio 1.0
IntelFsp2Pkg: adopt FSP 2.3 specification
UefiCpuPkg VTF0 X64: Build page tables using Linear-Address Translation to a 1-GByte Page
Enable wildcard host name matching in HTTPS/TLS implementation
Add QuickSort function into BaseLib
Add SMM NV variable support in universal UEFI payload
Add TDVF to OvmfPkg
Make package and platform builds reproducible across source format changes
- Patches (git log --oneline --reverse edk2-stable202108~..edk2-stable202111):
7b4a99be8a CryptoPkg: BaseCryptLib fix incorrect param order
82f7e315d6 MdeModulePkg/PeiCore: Remove MigrateSecModulesInFv()
8b15024dc7 Maintainers: Add kraxel as Reviewer to ArmVirtPkg and OvmfPkg
80e67af9af OvmfPkg: introduce a common work area
ab77b6031b OvmfPkg/ResetVector: update SEV support to use new work area format
b9af5037b2 OvmfPkg/ResetVector: move the GHCB page setup in AmdSev.asm
a82bad9730 ArmPkg/GicV3Dxe: Don't signal EOI on arbitrary interrupts
94e465e5cb OvmfPkg/Virtio10: Add virtio-mmio 1.0 defines
08293e43da OvmfPkg/VirtioMmioDeviceLib: Add virtio 1.0 detection.
212a2b9bb8 OvmfPkg/VirtioMmioDeviceLib: virtio 1.0: Fix SetPageSize.
537a724421 OvmfPkg/VirtioMmioDeviceLib: virtio 1.0: Fix SetQueueAddress
6a3e9576b8 OvmfPkg/VirtioMmioDeviceLib: virtio 1.0: Add default QueueNum
ae12188cf8 OvmfPkg/VirtioMmioDeviceLib: virtio 1.0: Adapt feature bit handling
77d5fa8024 OvmfPkg/VirtioMmioDeviceLib: enable virtio 1.0
b04453d36b MdeModulePkg/EbcDxe: Mitigate memcpy intrinsics
dc995ce906 MdeModulePkg: Add BootDiscoveryPolicyOld variable.
443300be46 MdePkg:Update IndustryStandard/Nvme.h with Nvme amdin controller data
0f11537548 MdeModulePkg:Increase Nvme capacity display
cae735f613 ArmPkg: Enable boot discovery policy for ARM package.
cb0d24637d OvmfPkg/OvmfXen: set PcdAcpiS3Enable at initialization
28152333bc OvmfPkg/LockBoxLib: use PcdAcpiS3Enable to detect S3 support
52e2dabc0f OvmfPkg/PlatformBootManagerLib: use PcdAcpiS3Enable to detect S3 support
5b5f10d746 OvmfPkg/SmmControl2Dxe: use PcdAcpiS3Enable to detect S3 support
9f3eda177a OvmfPkg/OvmfXen: add QemuKernelLoaderFsDxe
f0fe55bca4 UefiPayloadPkg: Fix the build error when enable Core ci for UefiPayloadPkg
5d34cc49d5 UefiCpuPkg/PiSmmCpuDxeSmm: Update mPatchCetSupported set condition
cdda3f74a1 UefiPayloadPkg/UefiPayloadEntry: Fix memory corruption
3b3f882288 MdeModulePkg/PiSmmCore: Drop deprecated image profiling commands
b170806518 UefiCpuPkg: Clean up save state boundary checks and comments.
12e33dca4c IntelFsp2Pkg: Support Config File and Binary delta comparison
63fddc98e0 UefiPayloadPkg: Create .yaml file in UefiPayloadPkg
e3ee8c8dbd .azurepipelines: Add UefiPayloadPkg in gate-build-job.yml and CISetting.py
b6bc203375 MdeModulePkg/HiiDatabaseDxe:remove dead code block
c5e805ffe1 MdeModulePkg: Fix typo of "memory" in RamDiskDxe debug message
81d71fb86e Maintainers.txt: Update maintainer/reviewer roles in MdeModulePkg
edf8bc6d24 SecurityPkg/MemoryOverwriteControl: Add missing argument to DEBUG print
4473834e7d OvmfPkg/OvmfXen: Fix build with QemuKernelLoaderFsDxe
a7cf2c5664 RedfishPkg: Fix various typos
851785ea67 UefiPayloadPkg: Include more modules in UefiPayloadPkg.
d248516b3a UefiPayloadPkg: Include Network modules in UefiPayloadPkg.
6c7d6d4a5e UefiCpuPkg: ResetVector Tool Support for Python 3
cf7c650592 UefiCpuPkg: ResetVector Tool additional debug prints
d96df7e993 UefiPayloadPkg: Fix the bug in dump guid HOB info functions
dcd3d63f4f UefiPayloadPkg: Dump hob info from gEdkiiBootManagerMenuFileGuid
610d8073f2 SecurityPkg/TPM: Import PeiDxeTpmPlatformHierarchyLib.c from edk2-platforms
4d5f39cd22 SecurityPkg/TPM: Fix bugs in imported PeiDxeTpmPlatformHierarchyLib
ebbc8ab2cd SecrutiyPkg/Tcg: Import Tcg2PlatformDxe from edk2-platforms
2906e572c6 SecurityPkg/Tcg: Make Tcg2PlatformDxe buildable and fix style issues
f108178c56 SecurityPkg: Introduce new PCD PcdRandomizePlatformHierarchy
a4867dea2a SecurityPkg/Tcg: Import Tcg2PlatformPei from edk2-platforms
2fa89c8e11 SecurityPkg/Tcg: Make Tcg2PlatformPei buildable and fix style issues
3b69fcf5f8 SecurityPkg: Add references to header and inf files to SecurityPkg
6c80564b89 MdeModulePkg/Core/Pei: Fix typo in function descriptions
6f501a7c9b MdeModulePkg/Core/Pei: Make migrated PEIM message verbose
c19d18136e MdeModulePkg/Core/Pei: Fix pointer size mismatch in EvacuateTempRam()
f4e72cf9d6 UefiPayloadPkg: Add script to build UniversalPayload in UefiPayloadPkg
bda3546c55 UefiPayloadPkg: Fix the warning when building UefiPayloadPkg with IA32+X64
010753b7e7 UefiCpuPkg: Refactor initialization of CPU features during S3 resume
89f7ed8b29 UefiCpuPkg: Prevent from re-initializing CPU features during S3 resume
60d8bb9f28 UefiCpuPkg: VTF0 Linear-Address Translation to a 1-GByte Page till 512GB
ac6388add4 ArmPkg/ProcessorSubClassDxe: Fix the format of ProcessorId
e3e47d7963 UefiCpuPkg: SecCoreNative without ResetVector
542cba73d2 SecurityPkg: Add debug log for indicating IBB verified OBB successfully
f334c5a41d IntelFsp2WrapperPkg: Make PcdFspModeSelection dynamic
79019c7a42 OvmfPkg: set a default value for the WorkAreaHeader PCD
fdeff3fdae EmbeddedPkg: Remove duplicate libfdt.h include
f2a7e24e38 EmbeddedPkg: AndroidBootImgBoot error handling updates
c0cd26f43c EmbeddedPkg: Install FDT if UpdateDtb is not present
7ea7f9c077 EmbeddedPkg: Add LoadFile2 for linux initrd
d60915b751 UefiPayloadPkg: Add Macro to enable or disable some drivers.
46b4606ba2 MdeModulePkg/PciBusDxe: Improve the flow of testing support attributes
f57040b038 MdeModulePkg/BootManagerMenuApp: Limit string drawing within one line
b0f1b1c5fd MdePkg: Fix DEVICE_SECURITY_EVENT_DATA_HEADER version definition
cc5a67269e UefiPayloadPkg: Build a HOB from bootloader ACPI table
dc430ccf3f UefiPayloadPkg: Use dummy constructor for PlatformHookLib
4a1899dd79 UefiPayloadPkg: Add ".upld_info" in universal payload
2ea0a0a414 BaseTools: Switch to downloading the ARM compiler from Arm's site
1ce6ceb75b BaseTools: Switch to downloading the AARCH64 compiler from Arm's site
c214128a38 BaseTools/GenMake: Use ToolDefinition as fallback option
259c184c8f BaseTools/build: Set MakefileName
445c39f757 BaseTools: Remove Makefile/MakefileName fields
c7d5b046d9 BaseTools: Remove hard-coded strings for target and tools_def
442e46d3b6 UefiPayloadPkg: Update maximum logic processor to 256
499c4608b1 OvmfPkg/TPM PPI: Connect default consoles for user interaction
b8675deaa8 OvmfPkg: Handle TPM 2 physical presence opcodes much earlier
8ab8fbc016 OvmfPkg: Reference new Tcg2PlatformDxe in the build system for compilation
bd298d7593 OvmfPkg: Reference new Tcg2PlatformPei in the build system
f86de75862 MdePkg: MmCommunication: Added definition of MM Communication PPI
8b4bb94f64 MdePkg: CI YAML: Added new GUID to ignore duplicate list
9e950cda6a MdeModulePkg: CI YAML: Added new GUID to ignore duplicate list
2273799677 SecurityPkg: Fix SecureBootDefaultKeysDxe failed to start
422e5d2f7f UefiPayloadPkg: Remove asm code and sharing libraries
0875443f7e DynamicTablesPkg: Extract AcpiHelperLib from TableHelperLib
20775950c6 DynamicTablesPkg: Update TableHelperLib.inf
1ad5182500 DynamicTablesPkg: Rename single char input parameter
653113412f DynamicTablesPkg: Add HexFromAscii() to AcpiHelperLib
72ab552554 DynamicTablesPkg: Add AmlGetEisaIdFromString() to AcpiHelperLib
96e006b37e DynamicTablesPkg: Add Configuration Manager Object parser
235ff9fcd1 DynamicTablesPkg: Use %a formatter in AmlDbgPrint
7a8c037e9e DynamicTablesPkg: Update DynamicTablesPkg.ci.yaml
691c5f7762 DynamicTablesPkg: Deprecate Crs specific methods in AmlLib
22873f58c4 DynamicTablesPkg: Rework AmlResourceDataCodegen.c/h
4cc1458dbe IntelFsp2Pkg: Adopt FSP 2.3 specification.
c49cb8f30e ArmPkg: SmbiosMiscDxe: Don't populate ExtendedBiosSize when size < 16MB
282122ec5f ArmVirtPkg/TPM: Add a NULL implementation of TpmPlatformHierarchyLib
b3685956d2 ArmVirtPkg: Reference new TPM classes in the build system for compilation
c806b76865 ArmVirtPkg: Disable the TPM2 platform hierarchy
606340fba3 OvmfPkg/Microvm: copy OvmfPkgX64 files as-is
4932f05a00 OvmfPkg/Microvm: rename output files, fix includes
2a49c19b9e OvmfPkg/Microvm: no smm
60d55c4156 OvmfPkg/Microvm: no secure boot
0569c52b15 OvmfPkg/Microvm: no tpm
06fa1f1931 OvmfPkg/Microvm: no sev
6073bf6cd8 OvmfPkg/Microvm: no csm
b9dd64b80e OvmfPkg/Microvm: no emulated scsi
27de86ae41 OvmfPkg/Microvm: use MdePkg/Library/SecPeiDxeTimerLibCpu
76602f45dc OvmfPkg/Microvm: use XenTimerDxe (lapic timer)
6a8e9ad24b OvmfPkg/Microvm: PlatformPei/MemDetect tweaks
8583b57c5c OvmfPkg/Microvm: PlatformPei/Platform memory map tweaks
bf02d73e74 OvmfPkg/Microvm: PlatformPei/Platform: add id.
1d3e89f349 OvmfPkg/ResetSystemLib: add driver for microvm
2c467c9be2 OvmfPkg/Microvm: BdsPlatform: PciAcpiInitialization tweak.
8456785986 OvmfPkg/Microvm: use PciHostBridgeLibNull
55f47d2299 OvmfPkg/Microvm: wire up serial console, drop super-io
862e814de4 OvmfPkg/Microvm: add Maintainers.txt entry
06a326caf1 DynamicTablesPkg: Update FADT generator to ACPI 6.4
f09dbf20b9 DynamicTablesPkg: Rename SBSA generic watchdog
942c9bd357 ShellPkg: Update Acpiview GTDT parser to ACPI 6.4
80e67bcb23 ShellPkg: Update Acpiview PCCT parser to ACPI 6.4
b4da6c29f1 ShellPkg: Add Type 5 PCC Subspace Structure parser
5ece2ad36c MdeModulePkg/Core/Dxe: Add lock protection in CoreLocateHandleBuffer()
30400318a2 ShellPkg: Update Acpiview HMAT parser to ACPI spec version 6.4
71c3c9c0c4 DynamicTablesPkg: Remove unnecessary includes
25cf58a163 DynamicTablesPkg: Add missing parameter check
bfaf7c8b9e DynamicTablesPkg: Add AddSsdtAcpiHeader()
28b2df475f DynamicTablesPkg: Add AmlRdSetEndTagChecksum()
74addfeab6 DynamicTablesPkg: Add AmlSetRdListCheckSum()
7b2022d39e DynamicTablesPkg: Set EndTag's Checksum if RdList is modified
2dd7dd3952 DynamicTablesPkg: Clear pointer in node creation fcts
37bd08176c DynamicTablesPkg: Update error handling for node creation
6d2777d85f DynamicTablesPkg: Make AmlNodeGetIntegerValue public
f995f8672b DynamicTablesPkg: AML Code generation for Register()
9454d1ebcb DynamicTablesPkg: AML Code generation for Resource data EndTag
1e33479b39 DynamicTablesPkg: AML code generation for a Package
12e65fd258 DynamicTablesPkg: Helper function to compute package length
ce15936f2f DynamicTablesPkg: AML code generation for a ResourceTemplate
de62ccbf4f DynamicTablesPkg: AML code generation for a Method
e2d7b4950b DynamicTablesPkg: AML code generation to Return a NameString
3e958e93ce DynamicTablesPkg: AML code generation for a Method returning a NS
018a962d92 DynamicTablesPkg: AML code generation for a _LPI object
a5e36ad9bc DynamicTablesPkg: AML code generation to add an _LPI state
f17ef10e63 DynamicTablesPkg: Add CM_ARM_LPI_INFO object
769e63999f DynamicTablesPkg: SSDT CPU topology and LPI state generator
19ee56c4b3 UefiPayloadPkg: Add a macro to select the SecurityStubDxe driver.
782d018703 MdePkg: Add ProcessorUpgradeSocketLGA4677 from SMBIOS 3.5.0
ba4ae92234 ShellPkg: Support ProcessorUpgradeSocketLGA4677 from SMBIOS 3.5.0
f22feb0e3b CryptoPkg/BaseCryptLib: Eliminate extra buffer copy in Pkcs7Verify()
4225a464c6 MdePkg/BaseLib: Add QuickSort function on BaseLib
6ed6abd6c1 BaseTools: Change RealPath to AbsPath
978d428ec3 UefiPayloadPkg: Add PCI root bridge info hob support for SBL
43b3840873 MdeModulePkg/Sd: Corrections for Extra.uni files
a7fcab7aa3 MdeModulePkg/Core/Dxe: Acquire a lock when iterating gHandleList
e40fefafa9 ArmVirtPkg/FdtClintDxe: Move FdtClientDxe to EmbeddedPkg
fb759b8b73 MdePkg: Add PcdPciIoTranslation PCD
7d78a86ecf ArmPkg: Use PcdPciIoTranslation PCD from MdePkg
77e9b3a7c6 ArmVirtPkg/FdtPciPcdProducerLib: Relocate PciPcdProducerLib to OvmfPkg
d881c6ddf5 ArmVirtPkg/HighMemDxe: Relocate HighMemDxe to OvmfPkg
47bd85e9f9 OvmfPkg/HighMemDxe: Add RISC-V in the supported arch.
f8d0501ded ArmVirtPkg/QemuFwCfgLib: Relocate QemuFwCfgLib to OvmfPkg
26aa241d2f OvmfPkg/QemuFwCfgLibMmio: Add RISC-V arch support
c6770f4b88 MdePkg: Add PcdPciMmio32(64)Translation PCDs
9a7509e465 ArmVirtPkg/FdtPciHostBridgeLib: Relocate FdtPciHostBridgeLib to OvmfPkg/Fdt
b21c6794de OvmfPkg/FdtPciHostBridgeLib: Add RISC-V in the supported arch.
e0c23cba5e ArmVirtPkg/VirtioFdtDxe: Relocate VirtioFdtDxe to OvmfPkg/Fdt
f2400e06db BaseTools: add edk2-test repo to SetupGit.py
785cfd3305 UefiPayloadPkg: Use SECURITY_STUB_ENABLE to control the SecurityStubDxe
7e43d3e086 ArmPkg/Smbios: Fix max cache size 2 wrong issue
f10a112f08 UefiPayloadPkg: Fix the build issue for coreboot
2108698346 StandaloneMmPkg: Support CLANGPDB builds
11a4af85a4 Ovmfpkg: update Ia32 build to use new work area
36b561623a OvmfPkg/AmdSev: update the fdf to use new workarea PCD
91a978ce7e UefiPayloadPkg: Replace MEMROY_ENTRY by MEMORY_ENTRY
6ef5797447 UefiPayloadPkg: Fix ECC reported issues
90246a6d9f UefiPayloadPkg: Fix the build failure for non-universal payload
37a33f02aa UefiCpuPkg: Cpu feature data stored in memory may be migrated
4fdf843c75 DynamicTablesPkg: Fix unitialized variable use
6893865b30 DynamicTablesPkg: Fix void pointer arithmetic
99325a8b65 MdeModulePkg/SortLib: Add QuickSort function on BaseLib
305fd6bee0 UefiCpuPkg/CpuCacheInfoLib: Add QuickSort function on BaseLib
2f286930a8 ShellPkg: Parse I/O APIC and x2APIC structure
bd5ec03d87 NetworkPkg/HttpBootDxe: make file extension check case-insensitive
6254037223 ArmPkg: Implement PlatformBootManagerLib for LinuxBoot
f079e9b450 OvmfPkg: Copy Main.asm from UefiCpuPkg to OvmfPkg's ResetVector
5a2411784b OvmfPkg: Clear WORK_AREA_GUEST_TYPE in Main.asm
c9ec74a198 OvmfPkg: Add IntelTdxMetadata.asm
8b76f23534 OvmfPkg: Enable TDX in ResetVector
87a34ca0cf UefiPayloadPkg: Add a common SmmAccessDxe module
e7e8ea27d4 UefiPayloadPkg: Add a common SMM control Runtime DXE module
bed990aae6 UefiPayloadPkg: Add bootloader SMM support module
1d66480aa4 UefiPayloadPkg: Add SpiFlashLib
04714cef46 UefiPayloadPkg: Add FlashDeviceLib
ae8acce8ae UefiPayloadPkg: Add a common FVB SMM module
242dcfe30f UefiPayloadPkg: Add a SMM dispatch module
b80c17b62d UefiPayloadPkg: Add SMM support and SMM variable support
2f6f3329ad FmpDevicePkg/FmpDxe: Use new Variable Lock interface
9a95d11023 IntelFsp2Pkg/SplitFspBin.py: adopt FSP 2.3 specification.
bb146ce32d MdePkg Cpuid.h: Define CPUID.(EAX=7,ECX=0):EDX[30]
1bc232aae3 RedfishPkg: Update link to staging/RedfishClientPkg in Readme.md
e7663fdd82 UefiPayloadPkg: Remove SystemTableInfo GUID.
91b772ab62 RedfishPkg: Add more information to Readme.md
c8594a5311 SecurityPkg/FvReportPei: Remove the ASSERT to allow neither M nor V
939c2355da IntelFsp2Pkg SplitFspBin.py: Correct file name in file header
6f9e83f757 NetworkPkg/HttpDxe: Enable wildcard host name matching for HTTP+TLS.
b258f12889 BaseTools/VrfCompile: Fix uninitialized field from unnamed field
0f4cdad25b DynamicTablesPkg: Add missing BaseStackCheckLib instance
e13e53cb2f NetworkPkg/NetworkPkg.dsc: Add RngLib mapping for ARM and RISCV64
c1f2287635 SecurityPkg/SecurityPkg.dsc: Add missing RngLib for ARM and RISCV64
b0a03ca4a9 SignedCapsulePkg/SignedCapsulePkg.dsc: Add RngLib mapping
15e635d1b5 UefiCpuPkg/MtrrLib/UnitTest: Fix 32-bit GCC build issues
4050c873b5 MdeModulePkg/Variable/RuntimeDxeUnitTest: Fix 32-bit GCC builds
d79df34beb BaseTools: Fix StructurePcd offset error.
b5d4a35d90 MdeModulePkg/XhciSched: Fix missing DEBUG arguments
48452993ad MdePkg/Include: Enhance DebugLib to support reproduce builds
5948ec3647 MdePkg: Reproduce builds across source format changes
f331310a10 ArmPkg: Reproduce builds across source format changes
77dcd03ecf MdeModulePkg: Reproduce builds across source format changes
45137bca2f NetworkPkg: Reproduce builds across source format changes
d939a25d41 SecurityPkg: Reproduce builds across source format changes
fd42dcb1fc OvmfPkg: Reproduce builds across source format changes
8c1b1fe634 ShellPkg: Add comment that ItemPtr is set after validation
d6e6337cd6 MdePkg: Fix ACPI memory aggregator/device type mismatch
c974257821 MdeModulePkg AtaAtapiPassThru: Always do S.M.A.R.T. check if device support
aab6bb3d32 MdeModulePkg/DxeCapsuleLibFmp: Capsule on Disk file name capsule
a7b35aae13 MdeModulePkg\UfsBlockIoPei: UFS MMIO address size support both 32/64 bits
f826b20811 UefiCpuPkg/UefiCpuLib: Add GetCpuFamilyModel and GetCpuSteppingId
8c8867c5da MdeModulePkg/DxeCapsuleLibFmp: Use new Variable Lock interface
22c3b5a865 BaseTools: Add authenticated variable store support
a92559671a OvmfPkg/Xen: Fix VS2019 build issues
4c495e5e3d OvmfPkg/Bhyve/PlatformPei: Fix VS2019 X64 NOOPT build issue
466ebdd2e0 MdeModulePkg/FPDT: Lock boot performance table address variable at EndOfDxe
455b0347a7 UefiCpuPkg/PiSmmCpuDxeSmm: Use SMM Interrupt Shadow Stack
e1e7306b54 OvmfPkg/Library/ResetSystemLib: Fix Microvm VS2019 NOOPT build issue
4c7ce0d285 MdeModulePkg AtaAtapiPassThru: Skip the potential NULL pointer access
bb1bba3d77 NetworkPkg: Fix invalid pointer for DNS response token on error
- Removed patches which are merged to mainline:
- ovmf-OvmfPkg-OvmfXen-set-PcdAcpiS3Enable-at-initializatio.patch to fix the
S3 detection in ovmf-xen
- cb0d24637d edk2-stable202111-rc1~220
- ovmf-OvmfPkg-OvmfXen-add-QemuKernelLoaderFsDxe.patch to add QemuKernelLoaderFsDxe
to ovmf-xen to load kernel from qemu fw_cfg
- 9f3eda177a edk2-stable202111-rc1~216
- ovmf-OvmfPkg-OvmfXen-Fix-build-with-QemuKernelLoaderFsDxe.patch
- 4473834e7d edk2-stable202111-rc1~203
- The edk2-stable202111 includes the following patches for bsc#1192126
to fix unlimited reset. (bsc#1192126)
80e67af9af OvmfPkg: introduce a common work area
ab77b6031b OvmfPkg/ResetVector: update SEV support to use new work area format
b9af5037b2 OvmfPkg/ResetVector: move the GHCB page setup in AmdSev.asm
++++ vim:
- Updated to version 8.2.3863, fixes the following problems
* Freeze when calling term_wait() in a close callback.
* Xxd code has duplicate expressions.
* List of distributed files is outdated.
* Header for source file is outdated.
* Count for 'operatorfunc' in Visual mode is not redone.
* Vim9: The "no effect" error is not given for all registers.
* Using <sfile> in a function gives an unexpected result.
* GTK: when using ligatures the cursor is drawn wrong.
* "verbose pwd" is incorrect after dropping files on Vim.
* Vim9: error for variable declared in while loop.
* Vim9: for loop variable can be a list member.
* Vim9: no error for :lock or :unlock with unknown variable.
* Can only get text properties one line at a time.
* Terminal ANSI colors may be wrong.
* GTK: a touch-drag does not update the selection.
* Compiler warning for using size_t for int.
* Vim9: no error for an evironment variable by itself.
* Vim9: debug text misses one line of return statement.
* Duplicate code in xxd.
* Integer overflow with large line number.
* Overflow check uses wrong number.
* Test for put with large count fails.
* Illegal memory access if malloc() fails.
* Using %S in printf() does not work correctly.
* Cannot adjust sign highlighting for 'cursorline'.
* Cannot use a lambda for 'tagfunc'.
* Libvterm is outdated.
* Building libvterm fails with MSVC.
* Messages may be corrupted.
* Buffer overflow with long help argument.
* Error checks repeated several times.
* Restarting Insert mode in prompt buffer too often when a callback switches
windows and comes back. (Sean Dewar)
* Build failure with unsigned char.
* Crash when allocating signal stack fails.
* When ml_get_buf() fails it messes up IObuff.
* Using freed memory when vim_strsave() fails.
* Unused runtime file.
* After a put the '] mark is on the last byte of a multi-byte character.
* Illegal memory access.
* objc file detected as Octave. (Antony Lee)
* Repeated code in xxd.
* Cannot drag popup window after click on a status line. (Sergey Vlasov)
* Vim9: assigning to a script variable drops the required type.
* Vim9: cannot use `=expr` in :...do commands.
* Blockwise insert does not handle autoindent properly.
* Visual studio project files are not recognized.
* Filetype detection often mixes up Forth and F#.
* Blockwise insert does not handle autoindent properly when tab is inserted.
* The window title is not updated when dragging the scrollbar.
* ex_let_one() is too long.
* Vim9: "filter #pat# cmd" does not work.
* Build failure with small features.
* Vim9: cannot use :func inside a :def function.
* Coverity warns for possibly using a NULL pointer.
* Cannot use quotes in the count of an Ex command.
* Confusing error for missing key.
* Vim9: error for invalid assignment when skipping.
* Cannot drag a popup without a border.
* Match highlighting continues over breakindent.
* The +title feature adds a lot of #ifdef but little code.
* Text property highlighting continues over breakindent.
* Vim9: invalid LHS is not possible.
* First key in dict is seen as curly expression and fails.
* Most people call F# "fsharp" and not "fs".
* Vim9: cannot use a list declaration in a :def function.
* Cannot pass a lambda name to function() or funcref(). (Yegappan Lakshmanan)
* Text property highlighting is used on Tab.
* Vim9: constant expression of elseif not recognized.
* Vim9: test fails with different error.
* Vim9: backtick expression expanded when not desired.
* Vim9: backtick expression expanded for :global.
* Vim9: memory leak when compiling :elseif fails.
* Cannot use Vim9 lambda for 'tagfunc'.
* MS-Windows: No error message if vimgrep pattern is not matching.
* Some unused assignments and ugly code in xxd.
* Vim9: valgrind reports spurious problems for a test.
* Vim9: range without a command is not compiled.
* Vim9: error for constant list size is only given at runtime.
* Compiler warns for unused variable without the +textprop feature. (John
Marriott)
* MS-Windows: test sometimes runs into existing swap file.
* Vim9: Internal error when invoking closure in legacy context.
* Using memory freed by losing the clipboard selection. (Dominique Pellé)
* Amiga: superfluous messages for freeing lots of yanked text.
* When using 'linebreak' a text property starts too early.
* Build error for missing error message in small build.
* Cannot use a lambda for 'completefunc' and 'omnifunc'.
* README file in a config directory gets wrong filetype.
* In a gnome terminal keys are recognized as mouse events.
* Internal error when passing range() to list2blob().
* No support for squirrels.
* "/etc/Muttrc.d/README" gets filetype muttrc.
* "set! termcap" shows codes in one column, but not keys.
* "set! termcap" test fails.
* Vim9: using "legacy" before range does not work.
* Vim9: crash when no pattern match found.
* Cannot use a lambda for 'imactivatefunc'.
* Test fails without the channel feature. (Dominique Pellé)
* Test fails without the 'autochdir' option.
* Screen is cleared when a FocusLost autocommand triggers.
* In wrong directory when using win_execute() with 'acd' set.
* Memory left allocated on exit when using Tcl.
* Using freed memory in open command.
* Dec mouse test fails without gnome terminfo entry.
* ":sign" can add a highlight group without a name.
* E854 is not tested; some spelling suggestions are not tested.
* Autochdir test fails without the +channel feature.
* Cannot disassemble function starting with "debug" or "profile".
* Cannot remove highlight from an existing sign. (James McCoy)
* Giving an error for an empty sign argument breaks a plugin.
* Error messages are everywhere.
* Error messages are everywhere.
* Cannot assign a lambda to an option that takes a function.
* Build error when using Photon GUI.
* Vim9: function unreferenced while called is never deleted.
* Undesired changing of the indent of the first formatted line.
* Coverity warns for using a buffer in another scope.
* might crash when callback is not valid.
* An overlong highlight group name is silently truncated.
* Options that take a function insufficiently tested.
* Quickfix buffer becomes hidden while still in a window.
* Not automatically handling gnome terminal mouse like xterm.
* Focus change is not passed on to a terminal window.
* If the quickfix buffer is wiped out getqflist() still returns its number.
* When editing the command line a FocusLost callback may cause the screen
to scroll up.
* Cannot see any text when window was made zero lines or zero columns.
* Vim9: cannot use a lambda for 'opfunc' and others.
* Converting a funcref to a string leaves out "g:", causing the meaning
of the name depending on the context.
* Crash when using NULL partial.
* timer_info() has the wrong repeat value in a timer callback. (Sergey
Vlasov)
* Zig files are not recognized.
* New compiler warnings from clang-12 and clang-13.
* Vim9: accessing freed memory when checking type.
* Timer info test fails on slow machine.
* Wrong window size when a modeline changes 'columns' and there is more
than one tabpage. (Michael Soyka)
* Test for command line height fails.
* Vim9: lambda compiled without outer context when debugging.
* When a tags file line is long a tag may not be found.
* Spell file write error not checked.
* Lambda debug test fails in some configurations.
* Using freed memory when defining a user command from a user command.
* ":cd" works differently on MS-Windows.
* The option window script is outdated.
* Vim9: no error if a function shadows a script variable.
* Confusing error for using a variable as a function.
* The help for options is outdated.
* Running CI on MacOS with gcc is not useful.
* Test fails because of using Vim9 syntax in legacy function.
* No proper formatting of a C line comment after a statement.
* Lambda for option that is a function may be garbage collected.
* Test_window_minimal_size can fail on a slow machine.
* Test for term_gettitle() fails in some environments.
* Build error with +cindent but without +smartindent.
* Setting *func options insufficiently tested.
* Using "g:Func" as a funcref does not work in script context because "g:"
is dropped.
* Vim9: cannot find script-local func using "s:". (Yegappan Lakshmanan)
* Too many #ifdefs.
* The funcexe_T struct members are not named consistently.
* No good reason to limit the message history in the tiny version.
* A :def callback function postpones an error message.
* Edit test hangs or fails.
* When cross compiling the output of "uname" cannot be set. (Ben Reeves)
* If a terminal shows in two windows, only one is redrawn.
* Terminal in two windows test fails on some systems.
* Crash when 'writedelay' is set and using a terminal window to execute
a shell command.
* Script context not set when copying 'swf' and 'ts'.
* i3config files are not recognized.
* Terminal focus test fails sometimes.
* Vim9: can call import with star directly.
* Vim9: obsolete TODO items
* Vim9: crash when garbage collecting a nested partial. (Virginia Senioria)
* Vim9: expr4 test fails on MS-Windows.
* The opfunc error test fails on a slow machine.
* Vim9: leaking memory in numbered function test.
* confusing error when using :cc without error list. (Gary Johnson)
* .csx files and .sln files are not recognized.
* Vim9: cannot have a multi-line dict inside a block.
* Compiler warning for posible loss of data on MS-Windows.
* Vim9: Not using NL as command end does not work for :autocmd.
* Cannot filter or map characters in a string.
* Test fails because error message changed.
* "vrc" does not replace composing characters, while "rc" does.
* ASAN test run fails.
* Leaking memory in map() and filter(), cannot use a string argument in
Vim9 script.
* Test for visual replace is in wrong function.
* No ASAN support for MSVC.
* Various comments could be improved.
* Vim9: using "g:Func" as a funcref does not work in a :def function.
* Huntr badge does not really fit in the list.
* when opening a terminal from a timer the first typed character is
lost. (Virginia Senioria)
* No error when setting a func option to a script-local function.
* Error messages are spread out.
* Opfunc test fails when missing feature changes function name. (Dominique
Pellé)
* Test fails because of changed error message.
* Error from term_start() not caught by try/catch.
* Test_out_cb often fails on Mac.
* The inline-function example does not work.
* Vim9: comment after expression not skipped to find NL.
* QNX: crash when compiled with GUI but using terminal.
* Cannot use script-local function for setting *func options.
* Using \z() with \z1 not tested for syntax highlighting.
* Useless test for negative index in check functions.
* Vim9: outdated TODO items, disabled tests that work.
* Vim9: can change locked list and list items.
* Dep3patch files are not recognized.
* Vim9: no type error if assigning a value with type func(number) to a
variable of type func(string).
* Vim9: test fails when the channel feature is missing.
* No error when using control character for 'lcs' or 'fcs'.
* Illegal memory access when using a lambda with an error.
* Cannot use reduce() for a string.
* Functions implementing reduce and map are too long.
* Illegal memory access when displaying a partial.
* Vim9: overhead when comparing string, dict or function.
* Vim9: not enough tests.
* Vim9: not enough tests.
* Vim9: inconsistent arguments for test functions.
* Illegal memory access when displaying a blob.
* Vim9: not enough tests.
* Vim9: inconsistent error for using function().
* Vim9: not enough tests.
* Vim9: some code lines not tested.
* Vim9: codecov struggles with the file size.
* List of distributed files is outdated.
* Crash on exit with EXITFREE and using win_execute().
* Various build flags accidentally enabled.
------------------------------------------------------------------
------------------ 2021-12-20 - Dec 20 2021 -------------------
------------------------------------------------------------------
++++ apparmor:
- Modify add-samba-bgqd.diff: Add new rule to fix new "DENIED
operation="file_mmap" violation in SLE15-SP4; (bsc#1192336).
++++ cockpit-podman:
- Add source-offest to _service to fix build error in Leap.
++++ kernel-default:
- add kvmsmall flavor for aarch64
- commit 1775f8c
++++ libapparmor:
- Modify add-samba-bgqd.diff: Add new rule to fix new "DENIED
operation="file_mmap" violation in SLE15-SP4; (bsc#1192336).
++++ libxcrypt:
- update to 4.4.27:
* Limit the maximum amount of rbytes to 64 bytes (512 bits) for yescrypt,
gost-yescrypt, and scrypt
++++ usbredir:
- update to 0.12.0:
* Implement dropping packets from isochronous devices
when buffer is owned by usbredirparser library
* Use packet size limit on deserialization
* Fix possible bad state in deserialization logic
* Fix possible memory leak in serialization logic
* Fix (un)serialization with empty write buffers
* Improvements to usbredirparserfuzz
++++ xxhash:
- fix racy check execution
++++ python-cryptography:
- update to 36.0.1:
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 1.1.1m.
++++ suse-module-tools:
- Update to version 16.0.17:
* 60-io-scheduler.rules: add rules for virtual devices
(boo#1193759)
* 60-io-scheduler.rules: enforce "none" for loop devices
(boo#1193759)
* install some modprobe.d files only for relevant architectures
(apm_bios, sonypi, toshiba, legacy rtc) (bsc#1192974)
------------------------------------------------------------------
------------------ 2021-12-19 - Dec 19 2021 -------------------
------------------------------------------------------------------
++++ apparmor:
- add openssl-engdef-mr818.diff: Allow reading /etc/ssl/engdef.d/ and
/etc/ssl/engines.d/ in abstractions/openssl which were introduced
with the latest openssl update
++++ kernel-default:
- Update to 5.16-rc6
- refresh configs
- disable
patches.suse/btrfs-use-the-new-VFS-super_block_dev.patch
- needs an update after mainline commit 33fab972497a ("btrfs: fix double
free of anon_dev after failure to create subvolume")
- commit ccebb20
- config: enable and refresh arm architectures
- commit 487d839
++++ libapparmor:
- add openssl-engdef-mr818.diff: Allow reading /etc/ssl/engdef.d/ and
/etc/ssl/engines.d/ in abstractions/openssl which were introduced
with the latest openssl update
------------------------------------------------------------------
------------------ 2021-12-18 - Dec 18 2021 -------------------
------------------------------------------------------------------
++++ llvm15:
- BuildRequires: python-rpm-macros to fix Leap 15.3 build.
- More memory for GCC compile jobs.
++++ nghttp2:
- update to 1.46.0:
* see https://nghttp2.org/blog/2021/07/18/nghttp2-v1-44-0/
* see https://nghttp2.org/blog/2021/09/20/nghttp2-v1-45-0/
* see https://nghttp2.org/blog/2021/10/19/nghttp2-v1-46-0/
------------------------------------------------------------------
------------------ 2021-12-17 - Dec 17 2021 -------------------
------------------------------------------------------------------
++++ librsvg:
- Update to version 2.52.5:
+ Fix mangled output in rsvg-convert when redirecting output to
a pipe on Windows.
+ When outputting to SVG, rsvg-convert now uses the width/height
units specified in the command line; it always used pixels
before.
+ Fix incorrect top/left margins for SVG/PS/EPS/PDF output.
+ Fix incorrect placement of glyphs when text has non-uniform
scaling in the X/Y axes. This is not a librsvg bug, but is
fixed by Pango 1.49.3 and later. Hopefully Pango 1.48.11 will
be released soon with this fix as well. Note that this release
of librsvg cannot increase the minimum Pango version to 1.48.11
because it is not released yet.
+ Miscellaneous: Updated crate dependencies: assert_cmd, cast,
clap cssparser, float-cmp, itertools, nalgebra, png, proptest,
rctree, selectors, system-deps.
++++ grub2:
- Fix can't allocate initrd error (bsc#1191378)
* 0001-Factor-out-grub_efi_linux_boot.patch
* 0002-Fix-race-in-EFI-validation.patch
* 0003-Handle-multi-arch-64-on-32-boot-in-linuxefi-loader.patch
* 0004-Try-to-pick-better-locations-for-kernel-and-initrd.patch
* 0005-x86-efi-Use-bounce-buffers-for-reading-to-addresses-.patch
* 0006-x86-efi-Re-arrange-grub_cmd_linux-a-little-bit.patch
* 0007-x86-efi-Make-our-own-allocator-for-kernel-stuff.patch
* 0008-x86-efi-Allow-initrd-params-cmdline-allocations-abov.patch
* 0009-x86-efi-Reduce-maximum-bounce-buffer-size-to-16-MiB.patch
* 0010-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch
* 0011-Also-define-GRUB_EFI_MAX_ALLOCATION_ADDRESS-for-RISC.patch
++++ kernel-default:
- kernel-obs-build: remove duplicated/unused parameters
lbs=0 - this parameters is just giving "unused parameter" and it looks
like I can not find any version that implemented this.
rd.driver.pre=binfmt_misc is not needed when setup_obs is used, it
alread loads the kernel module.
quiet and panic=1 will now be also always added by OBS, so we don't have
to set it here anymore.
- commit 972c692
- Linux 5.15.10 (bsc#1012628).
- perf inject: Fix itrace space allowed for new attributes
(bsc#1012628).
- fuse: make sure reclaim doesn't write the inode (bsc#1012628).
- staging: most: dim2: use device release method (bsc#1012628).
- tracing: Fix a kmemleak false positive in tracing_map
(bsc#1012628).
- drm/amdkfd: process_info lock not needed for svm (bsc#1012628).
- drm/amd/display: add connector type check for CRC source set
(bsc#1012628).
- drm/amdkfd: fix double free mem structure (bsc#1012628).
- drm/amd/display: Fix for the no Audio bug with Tiled Displays
(bsc#1012628).
- drm/amdgpu: check atomic flag to differeniate with legacy path
(bsc#1012628).
- drm/amdgpu: cancel the correct hrtimer on exit (bsc#1012628).
- net: netlink: af_netlink: Prevent empty skb by adding a check
on len (bsc#1012628).
- i2c: rk3x: Handle a spurious start completion interrupt flag
(bsc#1012628).
- parisc/agp: Annotate parisc agp init functions with __init
(bsc#1012628).
- ALSA: hda/hdmi: fix HDA codec entry table order for ADL-P
(bsc#1012628).
- ALSA: hda: Add Intel DG2 PCI ID and HDMI codec vid
(bsc#1012628).
- loop: Use pr_warn_once() for loop_control_remove() warning
(bsc#1012628).
- net/mlx4_en: Update reported link modes for 1/10G (bsc#1012628).
- Revert "tty: serial: fsl_lpuart: drop earlycon entry for
i.MX8QXP" (bsc#1012628).
- s390/test_unwind: use raw opcode instead of invalid instruction
(bsc#1012628).
- KVM: arm64: Save PSTATE early on exit (bsc#1012628).
- drm/msm/dp: Avoid unpowered AUX xfers that caused crashes
(bsc#1012628).
- drm/msm/dsi: set default num_data_lanes (bsc#1012628).
- drm/msm/a6xx: Fix uinitialized use of gpu_scid (bsc#1012628).
- drm/msm: Fix null ptr access msm_ioctl_gem_submit()
(bsc#1012628).
- i2c: virtio: fix completion handling (bsc#1012628).
- vmxnet3: fix minimum vectors alloc issue (bsc#1012628).
- ice: fix FDIR init missing when reset VF (bsc#1012628).
- RDMA/irdma: Don't arm the CQ more than two times if no CE for
this CQ (bsc#1012628).
- RDMA/irdma: Report correct WC errors (bsc#1012628).
- RDMA/irdma: Fix a potential memory allocation issue in
'irdma_prm_add_pble_mem()' (bsc#1012628).
- RDMA/irdma: Fix a user-after-free in add_pble_prm (bsc#1012628).
- netfs: Fix lockdep warning from taking sb_writers whilst
holding mmap_lock (bsc#1012628).
- perf bpf_skel: Do not use typedef to avoid error on old clang
(bsc#1012628).
- clk: qcom: sm6125-gcc: Swap ops of ice and apps on sdcc1
(bsc#1012628).
- dt-bindings: media: nxp,imx7-mipi-csi2: Drop bad if/then schema
(bsc#1012628).
- inet: use #ifdef CONFIG_SOCK_RX_QUEUE_MAPPING consistently
(bsc#1012628).
- mtd: rawnand: Fix nand_choose_best_timings() on unsupported
interface (bsc#1012628).
- mtd: rawnand: Fix nand_erase_op delay (bsc#1012628).
- RDMA/mlx5: Fix releasing unallocated memory in dereg MR flow
(bsc#1012628).
- RDMA: Fix use-after-free in rxe_queue_cleanup (bsc#1012628).
- hwmon: (corsair-psu) fix plain integer used as NULL pointer
(bsc#1012628).
- nfc: fix segfault in nfc_genl_dump_devices_done (bsc#1012628).
- commit 85804f3
++++ harfbuzz:
- Use ldconfig_scriptlets macro for post(un) handling.
- Add generic c_compiler BuildRequires for completeness.
- Update to 3.2.0:
+ Fixed shaping of Apple Color Emoji flags in right-to-left context
+ Fixed positioning of CFF fonts in HB_TINY profile
+ OpenType 1.9 language tags update
+ Add HB_NO_VERTICAL config option
+ Add HB_CONFIG_OVERRIDE_H for easier configuration
+ Improved packing of cmap, loca, and Ligature tables
+ Significantly improved overflow-resolution strategy in the repacker
- Update to 3.1.2:
+ hb-shape / hb-view: revert treating text on the commandline as
single paragraph (was introduced in 3.0.0); add new
- -single-par to do that
+ Subsetter bug fixes
++++ p11-kit:
- Update to version 0.24.0:
* Use inclusive language on certificate distrust. Note: This
changes the directory and attribute names to distrust certain
CAs to "blocklist".
* Fix issues spotted by coverity and ASan.
* Integrate gettext with tools more tightly.
* rpc: Forbid use of array of attributes.
* Build fixes.
- Change dirs from blacklist to blocklist ref upstream changes.
++++ patterns-base:
- Drop low-memory-monitor: It's not enabled by default, not used by
any of the default applications and would conflict with other
installed OOM handling daemons like earlyoom or oomd
- Run pre_checkin.sh
- base: favour psmisc over busybox-psmisc or other equivalents
------------------------------------------------------------------
------------------ 2021-12-16 - Dec 16 2021 -------------------
------------------------------------------------------------------
++++ chrony:
- Update to 4.2
* Add support for NTPv4 extension field improving synchronisation
stability and resolution of root delay and dispersion
(experimental)
* Add support for NTP over PTP (experimental)
* Add support for AES-CMAC and hash functions in GnuTLS
* Improve server interleaved mode to be more reliable and support
multiple clients behind NAT
* Update seccomp filter
* Fix RTC support with 64-bit time_t on 32-bit Linux
* Fix seccomp filter to work correctly with bind*device directives
- Obsoleted patches:
* chrony-refid-internal-md5.patch
* harden_chrony-wait.service.patch
* harden_chronyd.service.patch
- Update clknetsim to snapshot 470b5e9.
++++ gnutls:
- FIPS: RSA KeyGen/SigGen fail with 4096 bit key sizes [bsc#1192008]
* fips: allow more RSA modulus sizes
* Add gnutls-FIPS-RSA-mod-sizes.patch
* Delete gnutls-3.6.7-fips-rsa-4096.patch
++++ kernel-default:
- Linux 5.15.9 (bsc#1012628).
- netfilter: selftest: conntrack_vrf.sh: fix file permission
(bsc#1012628).
- commit edf812e
- armv6hl: Update config files.
Update config to v5.16-rc5
- commit fcea0c3
- armv7hl: Update config files.
Update config to v5.16-rc3
- commit 36ef1bb
- arm64: Update config files.
Update configs to v5.16-rc5
- commit 99d3870
++++ pango:
- Update to version 1.50.2:
+ Fix a problem with font fallback for Arabic.
+ Fix handling of fonts without a space glyph.
+ Various documentation improvements.
+ Fix build issues.
++++ qemu:
- Add an audio-oss sub-package
- Add some new (mostly documentation) files in the package
- Remove option --audio-drv-list because audio is detected by
meson automatically in latest version.
- Remove options --disable-jemalloc and --disable-tcmalloc
which are changed in v6.2.0.
- Update to v 6.2.0. For full release notese, see:
* https://wiki.qemu.org/ChangeLog/6.2.
Be sure to also check the following pages:
* https://qemu-project.gitlab.io/qemu/about/removed-features.html
* https://qemu-project.gitlab.io/qemu/about/deprecated.html
Some notable changes:
* virtio-mem: guest memory dumps are now fully supported, along
with pre-copy/post-copy migration and background guest snapshots
* QMP: support for nw DEVICE_UNPLUG_GUEST_ERROR to detect
guest-reported hotplug failures
* TCG: improvements to TCG plugin argument syntax, and multi-core
support for cache plugin
* 68k: improved support for Apple’s NuBus, including ability to
load declaration ROMs, and slot IRQ support
* ARM: macOS hosts with Apple Silicon CPUs now support ‘hvf’
accelerator for AArch64 guests
* ARM: emulation support for Fujitsu A64FX processor model
* ARM: emulation support for kudo-mbc machine type
* ARM: M-profile MVE extension is now supported for Cortex-M55
* ARM: ‘virt’ machine now supports an emulated ITS (Interrupt
Translation Service) and supports more than 123 CPUs in
emulation mode
* ARM: xlnx-zcu102 and xlnx-versal-virt machines now support
BBRAM and eFUSE devices
* PowerPC: improved POWER10 support for the ‘powernv’ machine type
* PowerPC: initial support for POWER10 DD2.0 CPU model
* PowerPC: support for FORM2 PAPR NUMA descriptions for ‘pseries’ machine type
* RISC-V: support for Zb[abcs] instruction set extensions
* RISC-V: support for vhost-user and numa mem options across all boards
* RISC-V: SiFive PWM support
* x86: support for new Snowridge-v4 CPU model
* x86: guest support for Intel SGX
* x86: AMD SEV guests now support measurement of kernel binary when doing
direct kernel boot (not using a bootloader)
* Patches dropped:
9pfs-fix-crash-in-v9fs_walk.patch
block-introduce-max_hw_iov-for-use-in-sc.patch
hmp-Unbreak-change-vnc.patch
hw-acpi-ich9-Add-compat-prop-to-keep-HPC.patch
hw-i386-acpi-build-Deny-control-on-PCIe-.patch
i386-cpu-Remove-AVX_VNNI-feature-from-Co.patch
net-vmxnet3-validate-configuration-value.patch
pcie-rename-native-hotplug-to-x-native-h.patch
plugins-do-not-limit-exported-symbols-if.patch
plugins-execlog-removed-unintended-s-at-.patch
qemu-nbd-Change-default-cache-mode-to-wr.patch
qemu-sockets-fix-unix-socket-path-copy-a.patch
target-arm-Don-t-skip-M-profile-reset-en.patch
target-i386-add-missing-bits-to-CR4_RESE.patch
tcg-arm-Fix-tcg_out_vec_op-function-sign.patch
uas-add-stream-number-sanity-checks.patch
vhost-vsock-fix-migration-issue-when-seq.patch
virtio-balloon-don-t-start-free-page-hin.patch
virtio-mem-pci-Fix-memory-leak-when-crea.patch
virtio-net-fix-use-after-unmap-free-for-.patch
------------------------------------------------------------------
------------------ 2021-12-15 - Dec 15 2021 -------------------
------------------------------------------------------------------
++++ bcm43xx-firmware:
- Introduce firmware files for Raspberry Pi Zero 2 W support (jsc#SLE-23064).
- Update BCM4345C0.hcd to fix Spectra for CYW43455 (CVE-2020-10370)
- Change source file links from branch master to branch buster.
++++ iputils:
- Update to version 20211215
https://github.com/iputils/iputils/releases/tag/20211215
- rarpd and rdisc are going to be removed in next release
(https://github.com/iputils/iputils/issues/363)
therefore don't pack it since this release
- Drop harden_rdisc.service.patch, which was 1) merged upstream
4bb0ace ("systemd: Add ProtectHostname, ProtectKernelLogs")
for all services
2) we don't build rdisc since this release
++++ userspace-rcu:
- update to 0.13.0:
* The Userspace RCU 0.13 release is mostly a library soname version bump
to address an ABI incompatibility between the 0.10 and { 0.11, 0.12 }
releases. see https://lists.lttng.org/pipermail/lttng-dev/2021-June/030023.html
------------------------------------------------------------------
------------------ 2021-12-14 - Dec 14 2021 -------------------
------------------------------------------------------------------
++++ ansible:
- Require python macros for building
++++ kernel-default:
- Revert "- rpm/*build: use buildroot macro instead of env variable"
buildroot macro is not being expanded inside a shell script. go
back to the environment variable usage. This reverts parts of
commit e2f60269b9330d7225b2547e057ef0859ccec155.
- commit fe85f96
- kernel-obs-build: include the preferred kernel parameters
Currently the Open Build Service hardcodes the kernel boot parameters
globally. Recently functionality was added to control the parameters
by the kernel-obs-build package, so make use of that. parameters here
will overwrite what is used by OBS otherwise.
- commit a631240
- Linux 5.15.8 (bsc#1012628).
- bpf: Add selftests to cover packet access corner cases
(bsc#1012628).
- clocksource/drivers/dw_apb_timer_of: Fix probe failure
(bsc#1012628).
- misc: fastrpc: fix improper packet size calculation
(bsc#1012628).
- irqchip: nvic: Fix offset for Interrupt Priority Offsets
(bsc#1012628).
- irqchip/irq-gic-v3-its.c: Force synchronisation when issuing
INVALL (bsc#1012628).
- aio: Fix incorrect usage of eventfd_signal_allowed()
(bsc#1012628).
- irqchip/armada-370-xp: Fix support for Multi-MSI interrupts
(bsc#1012628).
- irqchip/armada-370-xp: Fix return value of
armada_370_xp_msi_alloc() (bsc#1012628).
- irqchip/aspeed-scu: Replace update_bits with write_bits
(bsc#1012628).
- csky: fix typo of fpu config macro (bsc#1012628).
- bus: mhi: core: Add support for forced PM resume (bsc#1012628).
- bus: mhi: pci_generic: Fix device recovery failed issue
(bsc#1012628).
- nvmem: eeprom: at25: fix FRAM byte_len (bsc#1012628).
- misc: rtsx: Avoid mangling IRQ during runtime PM (bsc#1012628).
- iio: accel: kxcjk-1013: Fix possible memory leak in probe and
remove (bsc#1012628).
- iio: ad7768-1: Call iio_trigger_notify_done() on error
(bsc#1012628).
- iio: adc: axp20x_adc: fix charging current reporting on AXP22x
(bsc#1012628).
- iio: adc: stm32: fix a current leak by resetting pcsel before
disabling vdda (bsc#1012628).
- iio: at91-sama5d2: Fix incorrect sign extension (bsc#1012628).
- iio: dln2: Check return value of devm_iio_trigger_register()
(bsc#1012628).
- iio: dln2-adc: Fix lockdep complaint (bsc#1012628).
- iio: itg3200: Call iio_trigger_notify_done() on error
(bsc#1012628).
- iio: kxsd9: Don't return error code in trigger handler
(bsc#1012628).
- iio: ltr501: Don't return error code in trigger handler
(bsc#1012628).
- iio: mma8452: Fix trigger reference couting (bsc#1012628).
- iio: stk3310: Don't return error code in interrupt handler
(bsc#1012628).
- iio: trigger: stm32-timer: fix MODULE_ALIAS (bsc#1012628).
- iio: trigger: Fix reference counting (bsc#1012628).
- iio: gyro: adxrs290: fix data signedness (bsc#1012628).
- xhci: avoid race between disable slot command and host runtime
suspend (bsc#1012628).
- usb: core: config: using bit mask instead of individual bits
(bsc#1012628).
- xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from
runtime suspending (bsc#1012628).
- usb: core: config: fix validation of wMaxPacketValue entries
(bsc#1012628).
- Revert "usb: dwc3: dwc3-qcom: Enable tx-fifo-resize property
by default" (bsc#1012628).
- USB: gadget: zero allocate endpoint 0 buffers (bsc#1012628).
- USB: gadget: detect too-big endpoint 0 requests (bsc#1012628).
- selftests/fib_tests: Rework fib_rp_filter_test() (bsc#1012628).
- net/qla3xxx: fix an error code in ql_adapter_up() (bsc#1012628).
- net, neigh: clear whole pneigh_entry at alloc time
(bsc#1012628).
- net: fec: only clear interrupt of handling queue in
fec_enet_rx_queue() (bsc#1012628).
- net: altera: set a couple error code in probe() (bsc#1012628).
- net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero
(bsc#1012628).
- tools build: Remove needless libpython-version feature check
that breaks test-all fast path (bsc#1012628).
- dt-bindings: net: Reintroduce PHY no lane swap binding
(bsc#1012628).
- Documentation/locking/locktypes: Update migrate_disable() bits
(bsc#1012628).
- perf tools: Fix SMT detection fast read path (bsc#1012628).
- drm/amd/display: Fix DPIA outbox timeout after S3/S4/reset
(bsc#1012628).
- Revert "PCI: aardvark: Fix support for PCI_ROM_ADDRESS1 on
emulated bridge" (bsc#1012628).
- i40e: Fix NULL pointer dereference in i40e_dbg_dump_desc
(bsc#1012628).
- bpf, sockmap: Re-evaluate proto ops when psock is removed from
sockmap (bsc#1012628).
- mtd: rawnand: fsmc: Fix timing computation (bsc#1012628).
- mtd: rawnand: fsmc: Take instruction delay into account
(bsc#1012628).
- i40e: Fix pre-set max number of queues for VF (bsc#1012628).
- i40e: Fix failed opcode appearing if handling messages from VF
(bsc#1012628).
- clk: qcom: clk-alpha-pll: Don't reconfigure running Trion
(bsc#1012628).
- clk: imx: use module_platform_driver (bsc#1012628).
- hwmon: (dell-smm) Fix warning on /proc/i8k creation error
(bsc#1012628).
- RDMA/hns: Do not destroy QP resources in the hw resetting phase
(bsc#1012628).
- RDMA/hns: Do not halt commands during reset until later
(bsc#1012628).
- ASoC: codecs: wcd934x: return correct value from mixer put
(bsc#1012628).
- ASoC: codecs: wcd934x: handle channel mappping list correctly
(bsc#1012628).
- ASoC: codecs: wsa881x: fix return values from kcontrol put
(bsc#1012628).
- ASoC: qdsp6: q6routing: Fix return value from
msm_routing_put_audio_mixer (bsc#1012628).
- ASoC: rt5682: Fix crash due to out of scope stack vars
(bsc#1012628).
- PM: runtime: Fix pm_runtime_active() kerneldoc comment
(bsc#1012628).
- qede: validate non LSO skb length (bsc#1012628).
- ALSA: usb-audio: Reorder snd_djm_devices[] entries
(bsc#1012628).
- scsi: scsi_debug: Fix buffer size of REPORT ZONES command
(bsc#1012628).
- scsi: pm80xx: Do not call scsi_remove_host() in pm8001_alloc()
(bsc#1012628).
- block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2)
(bsc#1012628).
- i2c: mpc: Use atomic read and fix break condition (bsc#1012628).
- tracefs: Set all files to the same group ownership as the
mount option (bsc#1012628).
- aio: fix use-after-free due to missing POLLFREE handling
(bsc#1012628).
- aio: keep poll requests on waitqueue until completed
(bsc#1012628).
- signalfd: use wake_up_pollfree() (bsc#1012628).
- binder: use wake_up_pollfree() (bsc#1012628).
- wait: add wake_up_pollfree() (bsc#1012628).
- io_uring: ensure task_work gets run as part of cancelations
(bsc#1012628).
- libata: add horkage for ASMedia 1092 (bsc#1012628).
- drm/syncobj: Deal with signalled fences in
drm_syncobj_find_fence (bsc#1012628).
- thermal: int340x: Fix VCoRefLow MMIO bit offset for TGL
(bsc#1012628).
- clk: qcom: regmap-mux: fix parent clock lookup (bsc#1012628).
- mmc: renesas_sdhi: initialize variable properly when tuning
(bsc#1012628).
- hwmon: (pwm-fan) Ensure the fan going on in .probe()
(bsc#1012628).
- selftests: KVM: avoid failures due to reserved HyperTransport
region (bsc#1012628).
- tracefs: Have new files inherit the ownership of their parent
(bsc#1012628).
- nfsd: Fix nsfd startup race (again) (bsc#1012628).
- nfsd: fix use-after-free due to delegation race (bsc#1012628).
- md: fix update super 1.0 on rdev size change (bsc#1012628).
- perf intel-pt: Fix error timestamp setting on the decoder
error path (bsc#1012628).
- perf intel-pt: Fix missing 'instruction' events with 'q' option
(bsc#1012628).
- perf intel-pt: Fix next 'err' value, walking trace
(bsc#1012628).
- perf intel-pt: Fix state setting when receiving overflow (OVF)
packet (bsc#1012628).
- perf intel-pt: Fix intel_pt_fup_event() assumptions about
setting state type (bsc#1012628).
- perf intel-pt: Fix sync state when a PSB (synchronization)
packet is found (bsc#1012628).
- perf intel-pt: Fix some PGE (packet generation enable/control
flow packets) usage (bsc#1012628).
- btrfs: free exchange changeset on failures (bsc#1012628).
- btrfs: replace the BUG_ON in btrfs_del_root_ref with proper
error handling (bsc#1012628).
- btrfs: fix re-dirty process of tree-log nodes (bsc#1012628).
- btrfs: clear extent buffer uptodate when we fail to write it
(bsc#1012628).
- scsi: qla2xxx: Format log strings only if needed (bsc#1012628).
- cifs: Fix crash on unload of cifs_arc4.ko (bsc#1012628).
- ALSA: pcm: oss: Handle missing errors in
snd_pcm_oss_change_params*() (bsc#1012628).
- ALSA: pcm: oss: Limit the period size to 16MB (bsc#1012628).
- ALSA: pcm: oss: Fix negative period/buffer sizes (bsc#1012628).
- ALSA: hda/realtek: Fix quirk for TongFang PHxTxX1 (bsc#1012628).
- ALSA: hda/realtek - Add headset Mic support for Lenovo ALC897
platform (bsc#1012628).
- ALSA: ctl: Fix copy of updated id with element read/write
(bsc#1012628).
- mm: bdi: initialize bdi_min_ratio when bdi is unregistered
(bsc#1012628).
- mm/slub: fix endianness bug for alloc/free_traces attributes
(bsc#1012628).
- mm/damon/core: fix fake load reports due to uninterruptible
sleeps (bsc#1012628).
- timers: implement usleep_idle_range() (bsc#1012628).
- KVM: x86: Wait for IPIs to be delivered when handling Hyper-V
TLB flush hypercall (bsc#1012628).
- KVM: x86: Ignore sparse banks size for an "all CPUs", non-sparse
IPI req (bsc#1012628).
- KVM: x86: Don't WARN if userspace mucks with RCX during string
I/O exit (bsc#1012628).
- net: mvpp2: fix XDP rx queues registering (bsc#1012628).
- net/sched: fq_pie: prevent dismantle issue (bsc#1012628).
- net: dsa: felix: Fix memory leak in felix_setup_mmio_filtering
(bsc#1012628).
- net: dsa: mv88e6xxx: error handling for serdes_power functions
(bsc#1012628).
- net: bcm4908: Handle dma_set_coherent_mask error codes
(bsc#1012628).
- devlink: fix netns refcount leak in devlink_nl_cmd_reload()
(bsc#1012628).
- IB/hfi1: Correct guard on eager buffer deallocation
(bsc#1012628).
- iavf: Fix reporting when setting descriptor count (bsc#1012628).
- iavf: restore MSI state on reset (bsc#1012628).
- netfilter: conntrack: annotate data-races around ct->timeout
(bsc#1012628).
- netfilter: nft_exthdr: break evaluation if setting TCP option
fails (bsc#1012628).
- udp: using datalen to cap max gso segments (bsc#1012628).
- seg6: fix the iif in the IPv6 socket control block
(bsc#1012628).
- nfp: Fix memory leak in nfp_cpp_area_cache_add() (bsc#1012628).
- bonding: make tx_rebalance_counter an atomic (bsc#1012628).
- ethtool: do not perform operations on net devices being
unregistered (bsc#1012628).
- ice: ignore dropped packets during init (bsc#1012628).
- bpf: Fix the off-by-two error in range markings (bsc#1012628).
- bpf: Make sure bpf_disable_instrumentation() is safe vs
preemption (bsc#1012628).
- bpf, sockmap: Attach map progs to psock early for feature probes
(bsc#1012628).
- bpf, x86: Fix "no previous prototype" warning (bsc#1012628).
- vrf: don't run conntrack on vrf with !dflt qdisc (bsc#1012628).
- selftests: netfilter: add a vrf+conntrack testcase
(bsc#1012628).
- nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done
(bsc#1012628).
- platform/x86: amd-pmc: Fix s2idle failures on certain AMD
laptops (bsc#1012628).
- x86/sme: Explicitly map new EFI memmap table as encrypted
(bsc#1012628).
- net: dsa: mv88e6xxx: allow use of PHYs on CPU and DSA ports
(bsc#1012628).
- net: dsa: mv88e6xxx: fix "don't use PHY_DETECT on internal
PHY's" (bsc#1012628).
- can: m_can: Disable and ignore ELO interrupt (bsc#1012628).
- can: m_can: pci: fix iomap_read_fifo() and iomap_write_fifo()
(bsc#1012628).
- can: m_can: pci: fix incorrect reference clock rate
(bsc#1012628).
- can: m_can: m_can_read_fifo: fix memory leak in error branch
(bsc#1012628).
- can: pch_can: pch_can_rx_normal: fix use after free
(bsc#1012628).
- can: sja1000: fix use after free in ems_pcmcia_add_card()
(bsc#1012628).
- can: kvaser_pciefd: kvaser_pciefd_rx_error_frame(): increase
correct stats->{rx,tx}_errors counter (bsc#1012628).
- can: kvaser_usb: get CAN clock frequency from device
(bsc#1012628).
- IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr (bsc#1012628).
- IB/hfi1: Fix early init panic (bsc#1012628).
- IB/hfi1: Insure use of smp_processor_id() is preempt disabled
(bsc#1012628).
- nft_set_pipapo: Fix bucket load in AVX2 lookup routine for
six 8-bit groups (bsc#1012628).
- platform/x86/intel: hid: add quirk to support Surface Go 3
(bsc#1012628).
- HID: Ignore battery for Elan touchscreen on Asus UX550VE
(bsc#1012628).
- HID: sony: fix error path in probe (bsc#1012628).
- mmc: spi: Add device-tree SPI IDs (bsc#1012628).
- mtd: dataflash: Add device-tree SPI IDs (bsc#1012628).
- HID: check for valid USB device for many HID drivers
(bsc#1012628).
- HID: wacom: fix problems when device is not a valid USB device
(bsc#1012628).
- HID: bigbenff: prevent null pointer dereference (bsc#1012628).
- HID: add USB_HID dependancy on some USB HID drivers
(bsc#1012628).
- HID: add USB_HID dependancy to hid-chicony (bsc#1012628).
- HID: add USB_HID dependancy to hid-prodikeys (bsc#1012628).
- HID: add hid_is_usb() function to make it simpler for USB
detection (bsc#1012628).
- HID: intel-ish-hid: ipc: only enable IRQ wakeup when requested
(bsc#1012628).
- HID: google: add eel USB id (bsc#1012628).
- HID: quirks: Add quirk for the Microsoft Surface 3 type-cover
(bsc#1012628).
- usb: gadget: uvc: fix multiple opens (bsc#1012628).
- commit 3f92609
++++ util-linux:
- The legacy code does not support /etc/login.defs.d used by YaST.
Enable libeconf to read it (bsc#1192954) on released products.
++++ ncurses:
- Add ncurses patch 20211211
+ add test/combine.c, to demo/test combining characters.
++++ libvirt:
- libxl: Implement domainGetMessages API
cbae4eaa-libxl-add-domainGetMessages.patch
bsc##1193623
++++ qemu:
- Reinstate Lin Ma's fixes for bsc#1192147 as they were
submitted only to IBS.
* Patches added:
hw-acpi-ich9-Add-compat-prop-to-keep-HPC.patch
hw-i386-acpi-build-Deny-control-on-PCIe-.patch
pcie-rename-native-hotplug-to-x-native-h.patch
- Rename the Guest Agent service qemu-guest-agent, like in other
distros (and upstream). bsc#1185543
++++ runc:
- Update to runc v1.1.0~rc1. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.1.0-rc.1.
+ Add support for RDMA cgroup added in Linux 4.11.
* runc exec now produces exit code of 255 when the exec failed.
This may help in distinguishing between runc exec failures
(such as invalid options, non-running container or non-existent
binary etc.) and failures of the command being executed.
+ runc run: new --keep option to skip removal exited containers artefacts.
This might be useful to check the state (e.g. of cgroup controllers) after
the container hasexited.
+ seccomp: add support for SCMP_ACT_KILL_PROCESS and SCMP_ACT_KILL_THREAD
(the latter is just an alias for SCMP_ACT_KILL).
+ seccomp: add support for SCMP_ACT_NOTIFY (seccomp actions). This allows
users to create sophisticated seccomp filters where syscalls can be
efficiently emulated by privileged processes on the host.
+ checkpoint/restore: add an option (--lsm-mount-context) to set
a different LSM mount context on restore.
+ intelrdt: support ClosID parameter.
+ runc exec --cgroup: an option to specify a (non-top) in-container cgroup
to use for the process being executed.
+ cgroup v1 controllers now support hybrid hierarchy (i.e. when on a cgroup v1
machine a cgroup2 filesystem is mounted to /sys/fs/cgroup/unified, runc
run/exec now adds the container to the appropriate cgroup under it).
+ sysctl: allow slashes in sysctl names, to better match sysctl(8)'s
behaviour.
+ mounts: add support for bind-mounts which are inaccessible after switching
the user namespace. Note that this does not permit the container any
additional access to the host filesystem, it simply allows containers to
have bind-mounts configured for paths the user can access but have
restrictive access control settings for other users.
+ Add support for recursive mount attributes using mount_setattr(2). These
have the same names as the proposed mount(8) options -- just prepend r
to the option name (such as rro).
+ Add runc features subcommand to allow runc users to detect what features
runc has been built with. This includes critical information such as
supported mount flags, hook names, and so on. Note that the output of this
command is subject to change and will not be considered stable until runc
1.2 at the earliest. The runtime-spec specification for this feature is
being developed in opencontainers/runtime-spec#1130.
* system: improve performance of /proc/$pid/stat parsing.
* cgroup2: when /sys/fs/cgroup is configured as a read-write mount, change
the ownership of certain cgroup control files (as per
/sys/kernel/cgroup/delegate) to allow for proper deferral to the container
process.
* runc checkpoint/restore: fixed for containers with an external bind mount
which destination is a symlink.
* cgroup: improve openat2 handling for cgroup directory handle hardening.
runc delete -f now succeeds (rather than timing out) on a paused
container.
* runc run/start/exec now refuses a frozen cgroup (paused container in case of
exec). Users can disable this using --ignore-paused.
- Update version data embedded in binary to correctly include the git commit of
the release.
- Drop runc-rpmlintrc because we don't have runc-test anymore.
++++ util-linux-systemd:
- The legacy code does not support /etc/login.defs.d used by YaST.
Enable libeconf to read it (bsc#1192954) on released products.
------------------------------------------------------------------
------------------ 2021-12-13 - Dec 13 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- config: INPUT_EVBUG=n (bsc#1192974).
Debug driver unsuitable for production, only enabled on ppc64.
- commit 4e0adba
- kernel-obs-build: inform build service about virtio-serial
Inform the build worker code that this kernel supports virtio-serial,
which improves performance and relability of logging.
- commit 301a3a7
- rpm/*.spec.in: use buildroot macro instead of env variable
The RPM_BUILD_ROOT variable is considered deprecated over
a buildroot macro. future proof the spec files.
- commit e2f6026
- Update to 5.16-rc5
- commit c317c11
++++ colord:
- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
* harden_colord.service.patch
++++ gdbm:
- version update to 1.22
* Fix file header validation
* Fix key verification in sequential access
* Fix testing with DejaGNU 1.6.3
* Fix stack overflow in print_usage
* Fix a leak of avail entry on pushing a new avail block
* New gdbmtool variables: errorexit, errormask, trace, timing
* etc. see CHANGES
- modified patches
% gdbm-no-build-date.patch (refreshed)
++++ p11-kit:
- Enable systemd support
++++ libvirt:
- Don't spawn pkttyagent when stdin is not a tty
0001-util-Don-t-spawn-pkttyagent-when-stdin-is-not-a-tty.patch
bsc#1193574
++++ pam:
- Drop pam_umask-usergroups-login_defs.patch, does more harm
than helps. If not explizit specified as module option, we
use UMASK from login.defs unmodified.
++++ qemu:
- disable QOM cast debug outside the testsuite as the corresponding
asserts show up occassionally as top #1 in perf(1) traces under
heavy virtio load
- enable LTO when we'd like to use LTO
------------------------------------------------------------------
------------------ 2021-12-11 - Dec 11 2021 -------------------
------------------------------------------------------------------
++++ aaa_base:
- Update to version 84.87+git20211206.de24bdf:
* Add "rpm" make target
* Remove legacy usrmerged sections
* Add rpmlintrc and README from OBS too
* Fix osc service instructions
* Add obs workflow for git integration
* Adopt upstream way of setting rp_filter and promote_secondaries
* Don't fail if net.ipv4.ping_group_range can't be set
* add spec file
++++ libbpf:
- Update to release 0.6.1
* Introduce legacy kprobe events support
* Add legacy uprobe attaching support
* Support uniform BTF-defined key/value specification across
all BPF maps
* Support kernel module function calls
* Support detecting and attaching of writable tracepoint
program
* Add bloom filter map implementation
* Add typeless and weak ksym support to gen_loader
* Add RISC-V (RV64) support to bpf_tracing.h
* Deprecate AF_XDP support
* Support BTF_KIND_TYPE_TAG
++++ pango:
- Update to version 1.50.1:
+ Fix a crash in tab handling.
+ Fix tab positioning without line wrapping.
+ Fix an assertion failure found by fuzzing.
+ Make underlines work again for broken fonts.
------------------------------------------------------------------
------------------ 2021-12-10 - Dec 10 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Update BT fix patch for regression with 8087:0026 device (bsc#1193124)
Also corrected the references and patch description
- commit ee06149
++++ libX11:
- Update to version 1.7.3.1
* This release of libX11 corrects a packaging problem in 1.7.3
which caused the m4 files needed for autoreconf to not be
included in the tarballs.
* As a bonus, this release also includes one tiny typo fix in the
XIM specs.
++++ alsa:
- Update to version 1.2.6.1:
a minor fix release:
* conf: fix the device parsing when arguments has no defaults
* conf: accept '_' character in the variable name
++++ libssh2_org:
- Bump to version 1.10.0
Enhancements and bugfixes:
* support ECDSA certificate authentication
* fix detailed _libssh2_error being overwritten by generic errors
* unified error handling
* fix _libssh2_random() silently discarding errors
* don't error if using keys without RSA
* avoid OpenSSL latent error in FIPS mode
* fix EVP_Cipher interface change in openssl 3
* fix potential overwrite of buffer when reading stdout of command
* use string_buf in ecdh_sha2_nistp() to avoid attempting to parse malformed data
* correct a typo which may lead to stack overflow
* fix random big number generation to match openssl
* added key exchange group16-sha512 and group18-sha512.
* add support for an OSS Fuzzer fuzzing target
* adds support for ECDSA for both key exchange and host key algorithms
* clean up curve25519 code
* update the min, preferred and max DH group values based on RFC 8270.
* changed type of LIBSSH2_FX_* constants to unsigned long
* added diffie-hellman-group14-sha256 kex
* fix for use of uninitialized aes_ctr_cipher.key_len when using HAVE_OPAQUE_STRUCTS, regression
* fixes memory leaks and use after free AES EVP_CIPHER contexts when using OpenSSL 1.0.x.
* fixes crash with delayed compression option using Bitvise server.
* adds support for PKIX key reading
* use new API to parse data in packet_x11_open() for better bounds checking.
* double the static buffer size when reading and writing known hosts
* improved bounds checking in packet_queue_listener
* improve message parsing (CVE-2019-17498)
* improve bounds checking in kex_agree_methods()
* adding SSH agent forwarding.
* fix agent forwarding message, updated example.
* added integration test code and cmake target. Added example to cmake list.
* don't call `libssh2_crypto_exit()` until `_libssh2_initialized` count is down to zero.
* add an EWOULDBLOCK check for better portability
* fix off by one error when loading public keys with no id
* fix use-after-free crash on reinitialization of openssl backend
* preserve error info from agent_list_identities()
* make sure the error code is set in _libssh2_channel_open()
* fixed misspellings
* fix potential typecast error for `_libssh2_ecdsa_key_get_curve_type`
* rename _libssh2_ecdsa_key_get_curve_type to _libssh2_ecdsa_get_curve_type
- Rebased patch libssh2-ocloexec.path
- Removed patch libssh2_org-CVE-2019-17498.patch: the security fix
is already included in the latest version.
------------------------------------------------------------------
------------------ 2021-12-9 - Dec 9 2021 -------------------
------------------------------------------------------------------
++++ dracut:
- Update to version 055+suse.179.g3cf989c2:
* fix(cpio): write zeros instead of seek for padding and alignment (bsc#1190982)
* fix(dracut.sh): check kernel zstd support early
* fix(dracut.sh): check availability of configured compression
* fix(dracut.sh): inform user about auto-selected compression method
* fix(dracut.sh): drop pointless check for module compression method
* chore(suse): add dracut-cpio archiver (jsc#SLE-16157)
* ci(TEST-63-DRACUT-CPIO): kernel extraction tests for dracut-cpio
* feat(dracut.sh): add "--enhanced-cpio" option for calling dracut-cpio
* feat(Makefile): cargo wrapper for dracut-cpio build
* feat(cpio): add newc archive creation utility
* feat(cpio): add rust argument parsing library from crosvm
* ci(TEST-62-SKIPCPIO): add simple skipcpio test
* ci(test): export basedir and testdir as absolute paths
* ci(TEST-60-BONDBRIDGEVLANIFCFG): use toplevel Makefile
* fix(dracut.spec): check for non-usrmerged environments
* fix(zfcp_rules): add quotes around rule installation argument
* fix(zipl): correct argument for uuid to device conversion
* fix(fips): missing value of _vmname variable (bsc#1193267)
++++ kdump:
- Sync with SLE15-SP4 changelog. These patches were never applied
to Factory:
* kdump-avoid-endless-loop-EAI_AGAIN.patch
* kdump-calibrate-Add-LUKS2-Argon2-requirements-to-the-reser.patch
* kdump-calibrate-Fix-kernel-command-line-parsing.patch
* kdump-do-not-add-rd.neednet.patch
* kdump-Do-not-list-all-block-devices-if-no-block-devices-ar.patch
* kdump-ensure-initrd.target.wants-directory.patch
* kdump-Enumerate-all-BTRFS-devices-for-btrfs-mount-points.patch
* kdump-Implement-KString-isHexNumber.patch
* kdump-install-etc-resolv.conf-using-resolved-path.patch
* kdump-Mount-and-device-resolution-using-libmount-and-lsblk.patch
* kdump-remove-console-hvc0-from-commandline.patch
* kdump-set-serial-console-from-Xen-cmdline.patch
++++ kernel-default:
- Disable hyperv_fb in favour of hyperv_drm (jsc#SLE-19733)
- commit f85f403
++++ libcap-ng:
- Update to 0.7.11
* Really clear bounding set if asked in capng_change_id
* Add CAP_PERFMON, CAP_BPF, & CAP_CHECKPOINT_RESTORE
* Avoid malloc/free in capng_apply (Natanael Copa)
* If procfs is not available, get bounding set via prctl
- Removed unneeded rules from rpmlintrc
++++ libiscsi:
- Update to version 1.19.0+git.20210930:
* iscsi-support: fix memory leak
* add README.md to dist tarball
* add libiscsi.syms.in to dist tarball
* test-tool, xcopy: Fix target descriptor handling
* iser: Fix a compiler warning triggered by the container_of() definition
* configure: Remove -Wno-strict-aliasing
* slist: Clean up the slist.h header file
* slist: Make this header file compatible with C++
* scsi-lowlevel.h: Include <assert.h>
* examples/iscsi-dd: use stderr for all error text
* examples/iscsi-dd: fix typos
* ci: Add a github build action
* test: fix ExtendedCopy.Large SKIPPED cases
* configure.ac: Quote argument to m4_esyscmd() properly
* Fixed several code style problems
* test-tool: check that ReceiveCopyResults is implemented
* lib: init version for 8Fh VPD page
* ci: Enable MinGW
* MinGW: Second step of porting to MinGW
* configure.ac: Use AC_CONFIG_HEADERS() instead of AC_CONFIG_HEADER()
* lib/libiscsi.syms: Sort alphabetically
* ci: First phase of adding MingW support
* configure.ac: Run autoupdate
* README.md: Update
* README: Rename into README.md
* ci: Switch from Travis to AppVeyor
* test-tool: Do not use empty initializers
++++ libtpms:
- Update to version 0.9.1
* Downgrade to previous versions is not possible, as the size of
the context gap has been adjusted to 0xffff from 0xff.
* Enabled Camellia symmetric key encryption algorithm
* tpm2: Update to TPM 2 spec rev 164
* tpm2: Added a cache for private exponent D and prime Q
* tpm2: bug fixes
- Drop upstream fixed libtpms-CVE-2021-3746.patch
- Fixed CVE-2021-3623 (bsc#1187767)
++++ unbound:
- update to 1.14.0
Features
- Merge #401: RPZ triggers. This add additional RPZ triggers,
unbound supports a full set of rpz triggers, and this now
includes nsdname, nsip and clientip triggers. Also actions
are fully supported, and this now includes the tcp-only action.
- Merge #519: Support for selective enabling tcp-upstream for
stub/forward zones.
- Merge PR #514, from ziollek: Docker environment for run tests.
- Support using system-wide crypto policies.
- Fix that --with-ssl can use "/usr/include/openssl11" to pass the
location of a different openssl version.
- Merged #41 from Moritz Schneider: made outbound-msg-retry
configurable.
- Implement RFC8375: Special-Use Domain 'home.arpa.'.
- Merge PR #555 from fobser: Allow interface names as scope-id in IPv6
link-local addresses.
Bug Fixes
- Add test tool readzone to .gitignore.
- Merge #521: Update mini_event.c.
- Merge #523: fix: free() call more than once with the same pointer.
- For #519: note stub-tcp-upstream and forward-tcp-upstream in
the example configuration file.
- For #519: yacc and lex. And fix python bindings, and test program
unbound-dnstap-socket.
- For #519: fix comments for doxygen.
- Fix to print error from unbound-anchor for writing to the key
file, also when not verbose.
- For #514: generate configure.
- Fix for #431: Squelch permission denied errors for udp connect,
and udp send, they are visible at higher verbosity settings.
- Fix zonemd verification of key that is not in DNS but in the zone
and needs a chain of trust.
- zonemd, fix order of bogus printout string manipulation.
- Fix to support harden-algo-downgrade for ZONEMD dnssec checks.
- Merge PR #528 from fobser: Make sldns_str2wire_svcparam_buf()
static.
- Fix #527: not sending quad9 cert to syslog (and may be more).
- Fix sed script in ssldir split handling.
- Fix #529: Fix: log_assert does nothing if UNBOUND_DEBUG is
undefined.
- Fix #531: Fix: passed to proc after free.
- Fix #536: error: RPZ: name of record (drop.spamhaus.org.rpz.local.)
to insert into RPZ.
- Fix the stream wait stream_wait_count_lock and http2 buffer locks
setup and desetup from race condition.
- Fix RPZ locks. Do not unlock zones lock if requested and rpz find
zone does not find the zone. Readlock the clientip that is found
for ipbased triggers. Unlock the nsdname zone lock when done.
Unlock zone and ip in rpz nsip and nsdname callback. Unlock
authzone and localzone if clientip found in rpz worker call.
- Fix compile warning in libunbound for listen desetup routine.
- Fix asynclook unit test for setup of lockchecks before log.
- Fix #533: Negative responses get cached even when setting
cache-max-negative-ttl: 1
- Fix tcp fastopen failure when disabled, try normal connect instead.
- Fix #538: Fix subnetcache statistics.
- Small fixes for #41: changelog, conflicts resolved,
processQueryResponse takes an iterator env argument like other
functions in the iterator, no colon in string for set_option,
and some whitespace style, to make it similar to the rest.
- Fix for #41: change outbound retry to int to fix signed comparison
warnings.
- Fix root_anchor test to check with new icannbundle date.
- Fix initialisation errors reported by gcc sanitizer.
- Fix lock debug code for gcc sanitizer reports.
- Fix more initialisation errors reported by gcc sanitizer.
- Fix crosscompile on windows to work with openssl 3.0.0 the
link with ws2_32 needs -l:libssp.a for __strcpy_chk.
Also copy results from lib64 directory if needed.
- For crosscompile on windows, detect 64bit stackprotector library.
- Fix crosscompile shell syntax.
- Fix crosscompile windows to use libssp when it exists.
- For the windows compile script disable gost.
- Fix that on windows, use BIO_set_callback_ex instead of deprecated
BIO_set_callback.
- Fix crosscompile script for the shared build flags.
- Fix to add example.conf note for outbound-msg-retry.
- Fix chaos replies to have truncation for short message lengths,
or long reply strings.
- Fix to protect custom regional create against small values.
- Fix #552: Unbound assumes index.html exists on RPZ host.
- Fix that forward-zone name is documented as the full name of the
zone. It is not relative but a fully qualified domain name.
- Fix analyzer review failure in rpz action override code to not
crash on unlocking the local zone lock.
- Fix to remove unused code from rpz resolve client and action
function.
- Merge #565: unbound.service.in: Disable ProtectKernelTunables again.
- Fix for #558: fix loop in comm_point->tcp_free when a comm_point is
reclaimed more than once during callbacks.
- Fix for #558: clear the UB_EV_TIMEOUT bit before adding an event.
- Improve EDNS option handling, now also works for synthesised
responses such as local-data and server.id CH TXT responses.
- Merge PR #570 from rex4539: Fix typos.
- Fix for #570: regen aclocal.m4, fix configure.ac for spelling.
- Fix to make python module opt_list use opt_list_in.
- Fix #574: unbound-checkconf reports fatal error if interface names
are used as value for interfaces:
- Fix #574: Review fixes for it.
- Fix #576: [FR] UB_* error codes in unbound.h
- Fix #574: Review fix for spelling.
- Fix to remove git tracking and ci information from release tarballs.
- iana portlist update.
- Merge PR #511 from yan12125: Reduce unnecessary linking.
- Merge PR #493 from Jaap: Fix generation of libunbound.pc.
- Merge PR #562 from Willem: Reset keepalive per new tcp session.
- Merge PR #522 from sibeream: memory management violations fixed.
- Merge PR #530 from Shchelk: Fix: dereferencing a null pointer.
- Fix #454: listen_dnsport.c:825: error: ‘IPV6_TCLASS’ undeclared.
- Fix #574: Review fixes for size allocation.
- Fix doc/unbound.doxygen to remove obsolete tag warning.
++++ wayland:
- Update to release 1.20
* A few protocol additions: wl_surface.offset allows clients to
update a surface's buffer offset independently from the
buffer, wl_output.name and description allow clients to
identify outputs without depending on xdg-output-unstable-v1.
* In protocol definitions, events have a new "type" attribute
and can now be marked as destructors.
* A number of bug fixes, including a race condition when
destroying proxies in multi-threaded clients.
++++ podman:
- Add: Provides: podman:/usr/bin/podman-remote subpackage for a clearer upgrade
path from podman < 3.1.2
++++ python-pyOpenSSL:
- Inject multibuild to avoid a build loop.
------------------------------------------------------------------
------------------ 2021-12-8 - Dec 8 2021 -------------------
------------------------------------------------------------------
++++ grub2:
- Add support for simplefb (boo#1193532).
+ grub2-simplefb.patch
++++ kdump:
- Update to 0.9.2
* Isolate fadump initrd within the default one (jsc#SLE-18272)
* Bug fixes
* Code cleanups
- Remove patches that have been upstreamed:
* kdump-mounts.cc-Include-sys-ioctl.h.patch
* kdump-Add-bootdev-to-dracut-command-line.patch
* kdump-do-not-iterate-past-end-of-string.patch
* kdump-fix-incorrect-exit-code-checking.patch
* kdump-avoid-endless-loop-on-EAI_AGAIN.patch
* kdump-install-real-resolv.conf.patch
* kdump-Store-kdump-initrd-in-kernel-image-path.patch
- Remove patches that have been solved differently:
* kdump-on-error-option-yesno.patch
++++ kernel-default:
- Linux 5.15.7 (bsc#1012628).
- ALSA: usb-audio: Rename early_playback_start flag with
lowlatency_playback (bsc#1012628).
- ALSA: usb-audio: Disable low-latency playback for free-wheel
mode (bsc#1012628).
- ALSA: usb-audio: Disable low-latency mode for implicit feedback
sync (bsc#1012628).
- ALSA: usb-audio: Check available frames for the next packet size
(bsc#1012628).
- ALSA: usb-audio: Add spinlock to stop_urbs() (bsc#1012628).
- ALSA: usb-audio: Improved lowlatency playback support
(bsc#1012628).
- ALSA: usb-audio: Avoid killing in-flight URBs during draining
(bsc#1012628).
- ALSA: usb-audio: Fix packet size calculation regression
(bsc#1012628).
- ALSA: usb-audio: Less restriction for low-latency playback mode
(bsc#1012628).
- ALSA: usb-audio: Switch back to non-latency mode at a later
point (bsc#1012628).
- ALSA: usb-audio: Don't start stream for capture at prepare
(bsc#1012628).
- gfs2: release iopen glock early in evict (bsc#1012628).
- gfs2: Fix length of holes reported at end-of-file (bsc#1012628).
- powerpc/pseries/ddw: Revert "Extend upper limit for huge DMA
window for persistent memory" (bsc#1012628).
- powerpc/pseries/ddw: Do not try direct mapping with persistent
memory and one window (bsc#1012628).
- drm/sun4i: fix unmet dependency on RESET_CONTROLLER for
PHY_SUN6I_MIPI_DPHY (bsc#1012628).
- mac80211: do not access the IV when it was stripped
(bsc#1012628).
- mac80211: fix throughput LED trigger (bsc#1012628).
- x86/hyperv: Move required MSRs check to initial platform probing
(bsc#1012628).
- net/smc: Transfer remaining wait queue entries during fallback
(bsc#1012628).
- atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait
(bsc#1012628).
- net: return correct error code (bsc#1012628).
- pinctrl: qcom: fix unmet dependencies on GPIOLIB for
GPIOLIB_IRQCHIP (bsc#1012628).
- platform/x86: dell-wmi-descriptor: disable by default
(bsc#1012628).
- platform/x86: thinkpad_acpi: Add support for dual fan control
(bsc#1012628).
- platform/x86: thinkpad_acpi: Fix WWAN device disabled issue
after S3 deep (bsc#1012628).
- s390/setup: avoid using memblock_enforce_memory_limit
(bsc#1012628).
- btrfs: silence lockdep when reading chunk tree during mount
(bsc#1012628).
- btrfs: check-integrity: fix a warning on write caching disabled
disk (bsc#1012628).
- thermal: core: Reset previous low and high trip during thermal
zone init (bsc#1012628).
- scsi: iscsi: Unblock session then wake up error handler
(bsc#1012628).
- net: usb: r8152: Add MAC passthrough support for more Lenovo
Docks (bsc#1012628).
- drm/amd/pm: Remove artificial freq level on Navi1x
(bsc#1012628).
- drm/amd/amdkfd: Fix kernel panic when reset failed and been
triggered again (bsc#1012628).
- drm/amd/amdgpu: fix potential memleak (bsc#1012628).
- ata: ahci: Add Green Sardine vendor ID as board_ahci_mobile
(bsc#1012628).
- ata: libahci: Adjust behavior when StorageD3Enable _DSD is set
(bsc#1012628).
- ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array
overflow in hns_dsaf_ge_srst_by_port() (bsc#1012628).
- ipv6: check return value of ipv6_skip_exthdr (bsc#1012628).
- net: tulip: de4x5: fix the problem that the array 'lp->phy[8]'
may be out of bound (bsc#1012628).
- net: ethernet: dec: tulip: de4x5: fix possible array overflows
in type3_infoblock() (bsc#1012628).
- perf sort: Fix the 'weight' sort key behavior (bsc#1012628).
- perf sort: Fix the 'ins_lat' sort key behavior (bsc#1012628).
- perf sort: Fix the 'p_stage_cyc' sort key behavior
(bsc#1012628).
- perf inject: Fix ARM SPE handling (bsc#1012628).
- perf hist: Fix memory leak of a perf_hpp_fmt (bsc#1012628).
- perf report: Fix memory leaks around perf_tip() (bsc#1012628).
- tracing: Don't use out-of-sync va_list in event printing
(bsc#1012628).
- net/smc: Avoid warning of possible recursive locking
(bsc#1012628).
- ACPI: Add stubs for wakeup handler functions (bsc#1012628).
- net/tls: Fix authentication failure in CCM mode (bsc#1012628).
- vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf
dev xmit (bsc#1012628).
- kprobes: Limit max data_size of the kretprobe instances
(bsc#1012628).
- ALSA: hda/cs8409: Set PMSG_ON earlier inside cs8409 driver
(bsc#1012628).
- rt2x00: do not mark device gone on EPROTO errors during start
(bsc#1012628).
- ipmi: Move remove_work to dedicated workqueue (bsc#1012628).
- cpufreq: Fix get_cpu_device() failure in add_cpu_dev_symlink()
(bsc#1012628).
- iwlwifi: mvm: retry init flow if failed (bsc#1012628).
- dma-buf: system_heap: Use 'for_each_sgtable_sg' in pages free
flow (bsc#1012628).
- s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1012628).
- fget: check that the fd still exists after getting a ref to it
(bsc#1012628).
- sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl
(bsc#1012628).
- sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl
(bsc#1012628).
- scsi: lpfc: Fix non-recovery of remote ports following an
unsolicited LOGO (bsc#1012628).
- scsi: ufs: ufs-pci: Add support for Intel ADL (bsc#1012628).
- ipv6: fix memory leak in fib6_rule_suppress (bsc#1012628).
- drm/amd/display: Allow DSC on supported MST branch devices
(bsc#1012628).
- drm/i915/dp: Perform 30ms delay after source OUI write
(bsc#1012628).
- KVM: fix avic_set_running for preemptable kernels (bsc#1012628).
- KVM: Disallow user memslot with size that exceeds "unsigned
long" (bsc#1012628).
- KVM: x86/mmu: Fix TLB flush range when handling disconnected pt
(bsc#1012628).
- KVM: Ensure local memslot copies operate on up-to-date
arch-specific data (bsc#1012628).
- KVM: x86: ignore APICv if LAPIC is not enabled (bsc#1012628).
- KVM: nVMX: Emulate guest TLB flush on nested VM-Enter with
new vpid12 (bsc#1012628).
- KVM: nVMX: Flush current VPID (L1 vs. L2) for
KVM_REQ_TLB_FLUSH_GUEST (bsc#1012628).
- KVM: nVMX: Abide to KVM_REQ_TLB_FLUSH_GUEST request on nested
vmentry/vmexit (bsc#1012628).
- KVM: VMX: prepare sync_pir_to_irr for running with APICv
disabled (bsc#1012628).
- KVM: x86: Use a stable condition around all VT-d PI paths
(bsc#1012628).
- KVM: MMU: shadow nested paging does not have PKU (bsc#1012628).
- KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and
CPTR_EL2 to 1 (bsc#1012628).
- KVM: X86: Use vcpu->arch.walk_mmu for kvm_mmu_invlpg()
(bsc#1012628).
- KVM: x86: check PIR even for vCPUs with disabled APICv
(bsc#1012628).
- tracing/histograms: String compares should not care about
signed values (bsc#1012628).
- net: dsa: mv88e6xxx: Fix application of erratum 4.8 for 88E6393X
(bsc#1012628).
- net: dsa: mv88e6xxx: Drop unnecessary check in
mv88e6393x_serdes_erratum_4_6() (bsc#1012628).
- net: dsa: mv88e6xxx: Save power by disabling SerDes trasmitter
and receiver (bsc#1012628).
- net: dsa: mv88e6xxx: Add fix for erratum 5.2 of 88E6393X family
(bsc#1012628).
- net: dsa: mv88e6xxx: Fix inband AN for 2500base-x on 88E6393X
family (bsc#1012628).
- net: dsa: mv88e6xxx: Link in pcs_get_state() if AN is bypassed
(bsc#1012628).
- wireguard: selftests: increase default dmesg log size
(bsc#1012628).
- wireguard: allowedips: add missing __rcu annotation to satisfy
sparse (bsc#1012628).
- wireguard: selftests: actually test for routing loops
(bsc#1012628).
- wireguard: selftests: rename DEBUG_PI_LIST to DEBUG_PLIST
(bsc#1012628).
- wireguard: device: reset peer src endpoint when netns exits
(bsc#1012628).
- wireguard: receive: use ring buffer for incoming handshakes
(bsc#1012628).
- wireguard: receive: drop handshakes if queue lock is contended
(bsc#1012628).
- wireguard: ratelimiter: use kvcalloc() instead of kvzalloc()
(bsc#1012628).
- i2c: stm32f7: flush TX FIFO upon transfer errors (bsc#1012628).
- i2c: stm32f7: recover the bus on access timeout (bsc#1012628).
- i2c: stm32f7: stop dma transfer in case of NACK (bsc#1012628).
- i2c: cbus-gpio: set atomic transfer callback (bsc#1012628).
- natsemi: xtensa: fix section mismatch warnings (bsc#1012628).
- tcp: fix page frag corruption on page fault (bsc#1012628).
- net: qlogic: qlcnic: Fix a NULL pointer dereference in
qlcnic_83xx_add_rings() (bsc#1012628).
- net: mpls: Fix notifications when deleting a device
(bsc#1012628).
- siphash: use _unaligned version by default (bsc#1012628).
- arm64: ftrace: add missing BTIs (bsc#1012628).
- iwlwifi: fix warnings produced by kernel debug options
(bsc#1012628).
- net/mlx5e: IPsec: Fix Software parser inner l3 type setting
in case of encapsulation (bsc#1012628).
- net/mlx4_en: Fix an use-after-free bug in
mlx4_en_try_alloc_resources() (bsc#1012628).
- selftests: net: Correct case name (bsc#1012628).
- net: dsa: b53: Add SPI ID table (bsc#1012628).
- mt76: mt7915: fix NULL pointer dereference in
mt7915_get_phy_mode (bsc#1012628).
- ASoC: tegra: Fix wrong value type in ADMAIF (bsc#1012628).
- ASoC: tegra: Fix wrong value type in I2S (bsc#1012628).
- ASoC: tegra: Fix wrong value type in DMIC (bsc#1012628).
- ASoC: tegra: Fix wrong value type in DSPK (bsc#1012628).
- ASoC: tegra: Fix kcontrol put callback in ADMAIF (bsc#1012628).
- ASoC: tegra: Fix kcontrol put callback in I2S (bsc#1012628).
- ASoC: tegra: Fix kcontrol put callback in DMIC (bsc#1012628).
- ASoC: tegra: Fix kcontrol put callback in DSPK (bsc#1012628).
- ASoC: tegra: Fix kcontrol put callback in AHUB (bsc#1012628).
- rxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle()
(bsc#1012628).
- rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer()
(bsc#1012628).
- ALSA: intel-dsp-config: add quirk for CML devices based on
ES8336 codec (bsc#1012628).
- net: stmmac: Avoid DMA_CHAN_CONTROL write if no Split Header
support (bsc#1012628).
- net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of
"0" if no IRQ is available (bsc#1012628).
- net: marvell: mvpp2: Fix the computation of shared CPUs
(bsc#1012628).
- dpaa2-eth: destroy workqueue at the end of remove function
(bsc#1012628).
- octeontx2-af: Fix a memleak bug in rvu_mbox_init()
(bsc#1012628).
- net: annotate data-races on txq->xmit_lock_owner (bsc#1012628).
- ipv4: convert fib_num_tclassid_users to atomic_t (bsc#1012628).
- net/smc: fix wrong list_del in smc_lgr_cleanup_early
(bsc#1012628).
- net/rds: correct socket tunable error in rds_tcp_tune()
(bsc#1012628).
- net/smc: Keep smc_close_final rc during active close
(bsc#1012628).
- drm/msm/a6xx: Allocate enough space for GMU registers
(bsc#1012628).
- drm/msm: Do hw_init() before capturing GPU state (bsc#1012628).
- drm/vc4: kms: Wait for the commit before increasing our clock
rate (bsc#1012628).
- drm/vc4: kms: Fix return code check (bsc#1012628).
- drm/vc4: kms: Add missing drm_crtc_commit_put (bsc#1012628).
- drm/vc4: kms: Clear the HVS FIFO commit pointer once done
(bsc#1012628).
- drm/vc4: kms: Don't duplicate pending commit (bsc#1012628).
- drm/vc4: kms: Fix previous HVS commit wait (bsc#1012628).
- atlantic: Increase delay for fw transactions (bsc#1012628).
- atlatnic: enable Nbase-t speeds with base-t (bsc#1012628).
- atlantic: Fix to display FW bundle version instead of FW mac
version (bsc#1012628).
- atlantic: Add missing DIDs and fix 115c (bsc#1012628).
- Remove Half duplex mode speed capabilities (bsc#1012628).
- atlantic: Fix statistics logic for production hardware
(bsc#1012628).
- atlantic: Remove warn trace message (bsc#1012628).
- KVM: x86/mmu: Skip tlb flush if it has been done in
zap_gfn_range() (bsc#1012628).
- KVM: x86/mmu: Pass parameter flush as false in
kvm_tdp_mmu_zap_collapsible_sptes() (bsc#1012628).
- drm/msm/devfreq: Fix OPP refcnt leak (bsc#1012628).
- drm/msm: Fix mmap to include VM_IO and VM_DONTDUMP
(bsc#1012628).
- drm/msm: Fix wait_fence submitqueue leak (bsc#1012628).
- drm/msm: Restore error return on invalid fence (bsc#1012628).
- ASoC: rk817: Add module alias for rk817-codec (bsc#1012628).
- iwlwifi: Fix memory leaks in error handling path (bsc#1012628).
- KVM: X86: Fix when shadow_root_level=5 && guest root_level<4
(bsc#1012628).
- KVM: SEV: initialize regions_list of a mirror VM (bsc#1012628).
- net/mlx5e: Fix missing IPsec statistics on uplink representor
(bsc#1012628).
- net/mlx5: Move MODIFY_RQT command to ignore list in internal
error state (bsc#1012628).
- net/mlx5: E-switch, Respect BW share of the new group
(bsc#1012628).
- net/mlx5: E-Switch, fix single FDB creation on BlueField
(bsc#1012628).
- net/mlx5: E-Switch, Check group pointer before reading bw_share
value (bsc#1012628).
- KVM: x86/pmu: Fix reserved bits for AMD PerfEvtSeln register
(bsc#1012628).
- KVM: VMX: Set failure code in prepare_vmcs02() (bsc#1012628).
- mctp: Don't let RTM_DELROUTE delete local routes (bsc#1012628).
- Revert "drm/i915: Implement Wa_1508744258" (bsc#1012628).
- io-wq: don't retry task_work creation failure on fatal
conditions (bsc#1012628).
- x86/sev: Fix SEV-ES INS/OUTS instructions for word, dword,
and qword (bsc#1012628).
- x86/entry: Add a fence for kernel entry SWAPGS in
paranoid_entry() (bsc#1012628).
- x86/entry: Use the correct fence macro after swapgs in kernel
CR3 (bsc#1012628).
- x86/xen: Add xenpv_restore_regs_and_return_to_usermode()
(bsc#1012628).
- preempt/dynamic: Fix setup_preempt_mode() return value
(bsc#1012628).
- sched/uclamp: Fix rq->uclamp_max not set on first enqueue
(bsc#1012628).
- KVM: SEV: Return appropriate error codes if SEV-ES scratch
setup fails (bsc#1012628).
- KVM: x86/mmu: Rename slot_handle_leaf to slot_handle_level_4k
(bsc#1012628).
- KVM: x86/mmu: Remove spurious TLB flushes in TDP MMU zap
collapsible path (bsc#1012628).
- net/mlx5e: Rename lro_timeout to packet_merge_timeout
(bsc#1012628).
- net/mlx5e: Rename TIR lro functions to TIR packet merge
functions (bsc#1012628).
- net/mlx5e: Sync TIR params updates against concurrent
create/modify (bsc#1012628).
- serial: 8250_bcm7271: UART errors after resuming from S2
(bsc#1012628).
- parisc: Fix KBUILD_IMAGE for self-extracting kernel
(bsc#1012628).
- parisc: Fix "make install" on newer debian releases
(bsc#1012628).
- parisc: Mark cr16 CPU clocksource unstable on all SMP machines
(bsc#1012628).
- vgacon: Propagate console boot parameters before calling
`vc_resize' (bsc#1012628).
- USB: NO_LPM quirk Lenovo Powered USB-C Travel Hub (bsc#1012628).
- usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect
(bsc#1012628).
- usb: cdns3: gadget: fix new urb never complete if ep cancel
previous requests (bsc#1012628).
- usb: cdnsp: Fix a NULL pointer dereference in
cdnsp_endpoint_init() (bsc#1012628).
- x86/tsc: Add a timer to make sure TSC_adjust is always checked
(bsc#1012628).
- x86/tsc: Disable clocksource watchdog for TSC on qualified
platorms (bsc#1012628).
- x86/64/mm: Map all kernel memory into trampoline_pgd
(bsc#1012628).
- tty: serial: msm_serial: Deactivate RX DMA for polling support
(bsc#1012628).
- serial: pl011: Add ACPI SBSA UART match id (bsc#1012628).
- serial: tegra: Change lower tolerance baud rate limit for
tegra20 and tegra30 (bsc#1012628).
- serial: core: fix transmit-buffer reset and memleak
(bsc#1012628).
- serial: 8250_pci: Fix ACCES entries in pci_serial_quirks array
(bsc#1012628).
- serial: 8250_pci: rewrite pericom_do_set_divisor()
(bsc#1012628).
- serial: 8250: Fix RTS modem control while in rs485 mode
(bsc#1012628).
- serial: liteuart: Fix NULL pointer dereference in ->remove()
(bsc#1012628).
- serial: liteuart: fix use-after-free and memleak on unbind
(bsc#1012628).
- serial: liteuart: fix minor-number leak on probe errors
(bsc#1012628).
- ipmi: msghandler: Make symbol 'remove_work_wq' static
(bsc#1012628).
- Refresh patches.suse/suse-hv-guest-os-id.patch.
- commit b92986a
++++ at-spi2-core:
- Configure to use dbus-broker when available.
- Add libsystemd to BuildRequires: needed for dbus-broker support.
++++ python310-core:
- Upgrade to 3.10.1 (jsc#SLE-18038):
- PEP 623 – Deprecate and prepare for the removal of the wstr
member in PyUnicodeObject.
- PEP 604 – Allow writing union types as X | Y
- PEP 612 – Parameter Specification Variables
- PEP 626 – Precise line numbers for debugging and other tools.
- PEP 618 – Add Optional Length-Checking To zip.
- bpo-12782: Parenthesized context managers are now officially
allowed.
- PEP 632 – Deprecate distutils module.
- PEP 613 – Explicit Type Aliases
- PEP 634 – Structural Pattern Matching: Specification
- PEP 635 – Structural Pattern Matching: Motivation and
Rationale
- PEP 636 – Structural Pattern Matching: Tutorial
- PEP 644 – Require OpenSSL 1.1.1 or newer
- PEP 624 – Remove Py_UNICODE encoder APIs
- PEP 597 – Add optional EncodingWarning
- Patches readjusted:
- bpo-31046_ensurepip_honours_prefix.patch
- python-3.3.0b1-fix_date_time_compiler.patch
++++ tpm2-0-tss:
- Version 3.1.0 includes:
+ cover update to 2.4.5 (jsc#SLE-17366)
+ cover update to 2.3.0 (jsc#SLE-9515)
+ fix policy session for TPM2_PolicyAuthValue (bsc#1160736)
- Add version the configuration file tpm2-tss-fapi.conf
++++ podman:
- Update to version 3.4.4:
* Bugfixes
- Fixed a bug where the podman exec command would, under some circumstances,
print a warning message about failing to move conmon to the appropriate cgroup (#12535).
- Fixed a bug where named volumes created as part of container creation
(e.g. podman run --volume avolume:/a/mountpoint or similar) would be
mounted with incorrect permissions (#12523).
- Fixed a bug where the podman-remote create and podman-remote run commands
did not properly handle the --entrypoint="" option (to clear the container's entrypoint) (#12521).
++++ python310:
- Upgrade to 3.10.1 (jsc#SLE-18038):
- PEP 623 – Deprecate and prepare for the removal of the wstr
member in PyUnicodeObject.
- PEP 604 – Allow writing union types as X | Y
- PEP 612 – Parameter Specification Variables
- PEP 626 – Precise line numbers for debugging and other tools.
- PEP 618 – Add Optional Length-Checking To zip.
- bpo-12782: Parenthesized context managers are now officially
allowed.
- PEP 632 – Deprecate distutils module.
- PEP 613 – Explicit Type Aliases
- PEP 634 – Structural Pattern Matching: Specification
- PEP 635 – Structural Pattern Matching: Motivation and
Rationale
- PEP 636 – Structural Pattern Matching: Tutorial
- PEP 644 – Require OpenSSL 1.1.1 or newer
- PEP 624 – Remove Py_UNICODE encoder APIs
- PEP 597 – Add optional EncodingWarning
- Patches readjusted:
- bpo-31046_ensurepip_honours_prefix.patch
- python-3.3.0b1-fix_date_time_compiler.patch
++++ ovmf:
- For preparing push to SLE15-SP4, add more notes:
- Drop upstreamed ovmf-jscSLE-16075-SEV-ES-fixes.patch from 15-SP4
- All patches in the above big patch are in edk2-stable202011
- Some changes in ovmf.spec file of 15-SP4:
- brotli-v1.0.7-17-g666c328-c.tar.xz and "add brotli" section
be removed because ovmf-disable-brotli.patch.
- Using %{_prefix} instead of /usr hard code.
- Redundant %defattr(-,root,root) are removed.
- BuildRoot be removed because factory doesn't have it.
- Sync some differences in the change log between 15-SP3 with openSUSE
TW since "Wed Jan 24 06:31:21 UTC 2018":
- Add TLS and IPv6 supports for ArmVirtQemu.
- ovmf-bsc1119454-additional-scsi-drivers.patch to support more
SCSI drivers (PvScsi, MptScsi, and LsiScsi) (bsc#1119454)
- already in edk2-stable202008
- Drop the build requirement of python2
++++ tpm2.0-tools:
- The update to 5.2 fill also jsc#SLE-9515 (4.1) and jsc#SLE-17366 (4.3.0)
------------------------------------------------------------------
------------------ 2021-12-7 - Dec 7 2021 -------------------
------------------------------------------------------------------
++++ chrony:
- Add chrony-htonl.patch to work around undocumented behaviour of
htonl() in older glibc versions (SLE-12) on 64 bit big endian
architectures (s390x).
++++ hwdata:
- Update to version 0.354:
+ Updated pci, usb and vendor ids.
++++ libX11:
- Update to version 1.7.3
* This release includes a number of bug fixes and adds support for
the _EVDEVK keysyms added in xorgproto 2021.2.
++++ libcbor:
- fix duplicate src package name issue on multibuild
++++ libgcrypt:
- FIPS: Fix gcry_mpi_sub_ui subtraction [bsc#1193480]
* gcry_mpi_sub_ui: fix subtracting from negative value
* Add libgcrypt-FIPS-fix-gcry_mpi_sub_ui.patch
++++ systemd:
- move files related to static nodes to udev
++++ podman:
- Update to version 3.4.3:
* Security
- This release addresses CVE-2021-4024 / bsc#1193166, where the podman machine command opened the gvproxy API (used to forward ports to podman machine VMs) to the public internet on port 7777.
- This release addresses CVE-2021-41190 / bsc#1193273, where incomplete specification of behavior regarding image manifests could lead to inconsistent decoding on different clients.
* Features
- The --secret type=mount option to podman create and podman run supports a new option, target=, which specifies where in the container the secret will be mounted (#12287).
* Bugfixes
- Fixed a bug where rootless Podman would occasionally print warning messages about failing to move the pause process to a new cgroup (#12065).
- Fixed a bug where the podman run and podman create commands would, when pulling images, still require TLS even with registries set to Insecure via config file (#11933).
- Fixed a bug where the podman generate systemd command generated units that depended on multi-user.target, which has been removed from some distributions (#12438).
- Fixed a bug where Podman could not run containers with images that had /etc/ as a symlink (#12189).
- Fixed a bug where the podman logs -f command would, when using the journald logs backend, exit immediately if the container had previously been restarted (#12263).
- Fixed a bug where, in containers on VMs created by podman machine, the host.containers.internal name pointed to the VM, not the host system (#11642).
- Fixed a bug where containers and pods created by the podman play kube command in VMs managed by podman machine would not automatically forward ports from the host machine (#12248).
- Fixed a bug where podman machine init would fail on OS X when GNU Coreutils was installed (#12329).
- Fixed a bug where podman machine start would exit before SSH on the started VM was accepting connections (#11532).
- Fixed a bug where the podman run command with signal proxying (--sig-proxy) enabled could print an error if it attempted to send a signal to a container that had just exited (#8086).
- Fixed a bug where the podman stats command would not return correct information for containers running Systemd as PID1 (#12400).
- Fixed a bug where the podman image save command would fail on OS X when writing the image to STDOUT (#12402).
- Fixed a bug where the podman ps command did not properly handle PS arguments which contained whitespace (#12452).
- Fixed a bug where the podman-remote wait command could fail to detect that the container exited and return an error under some circumstances (#12457).
- Fixed a bug where the Windows MSI installer for podman-remote would break the PATH environment variable by adding an extra " (#11416).
* API
- Updated the containers/image library to v5.17.0
- The Libpod Play Kube endpoint now also accepts ConfigMap YAML as part of its payload, and will use provided any ConfigMap to configure provided pods and services.
- Fixed a bug where the Compat Create endpoint for Containers would not always create the container's working directory if it did not exist (#11842).
- Fixed a bug where the Compat Create endpoint for Containers returned an incorrect error message with 404 errors when the requested image was not found (#12315).
- Fixed a bug where the Compat Create endpoint for Containers did not properly handle the HostConfig.Mounts field (#12419).
- Fixed a bug where the Compat Archive endpoint for Containers did not properly report errors when the operation failed (#12420).
- Fixed a bug where the Compat Build endpoint for Images ignored the layers query parameter (for caching intermediate layers from the build) (#12378).
- Fixed a bug where the Compat Build endpoint for Images did not report errors in a manner compatible with Docker (#12392).
- Fixed a bug where the Compat Build endpoint for Images would fail to build if the context directory was a symlink (#12409).
- Fixed a bug where the Compat List endpoint for Images included manifest lists (and not just images) in returned results (#12453).
* Misc
- Podman now builds by default with cgo enabled on OS X, resolving some issues with SSH (#10737).
++++ qemu:
* Patches added (bsc#1186256):
qemu-binfmt-conf.sh-allow-overriding-SUS.patch
------------------------------------------------------------------
------------------ 2021-12-6 - Dec 6 2021 -------------------
------------------------------------------------------------------
++++ glib-networking:
- Update to version 2.70.1:
+ Fix crashes when handshake is cancelled
+ OpenSSL: fix spurious certificate expired verification errors
+ GnuTLS:
- Fix tests on 32-bit systems
- Fix crash when invalid priority string is forced
- Add check section and run meson_test macro during build.
++++ grub2:
- Fix extent not found when initramfs contains shared extents (bsc#1190982)
* 0001-fs-btrfs-Make-extent-item-iteration-to-handle-gaps.patch
++++ kmod:
- Ensure that kmod and packages linking to libkmod provide same features
(bsc#1193430).
++++ alsa:
- Update to version 1.2.6:
lots of changes, including UCM and config updates and rawmidi
framing mode support: for details, see below
https://www.alsa-project.org/wiki/Changes_v1.2.5.1_v1.2.6#alsa-lib
- Add *.sig file for the source tarball
++++ multipath-tools:
- Update to 0.8.8+38+suse.2bdd3a14.obscpio
* upstream version bump. Code-wise identical to 0.8.7+138+suse.7c9afe31
++++ ncurses:
- Add ncurses patch 20211204
+ improve configure check for getttynam (report by Werner Fink).
- Correct offsets of patch ncurses-6.3.dif
++++ openssl-1_1:
- Added openssl-1_1-use-include-directive.patch so that the default
/etc/ssl/openssl.cnf file will include any configuration files that
other packages might place into /etc/ssl/engines.d/ and
/etc/ssl/engdef.d/ This is a fix for bsc#1004463 where scripting was
being used to modify the openssl.cnf file. The scripting would fail
if either the default openssl.cnf file, or the sample openssl-ibmca
configuration file would be changed by upstream.
- Updated spec file to create the two new necessary directores for
the above patch.
++++ polkit:
- update to 0.120:
* transition from Intltool to gettext
* several tarball, meson and pipeline fixups
* Portuguese translation
* Romanian translation
* meson build system added
* CVE-2021-3560 mitigation
* properties in text listener
* typos fixups
* Update Hungarian translation
- drop CVE-2021-3560.patch (upstream)
++++ makedumpfile:
- Non-existent patches must be listed twice to appear as added in a
unified diff against a version that had them. Only that can make
factory-auto happy. Here we go:
* makedumpfile-Retrieve-MAX_PHYSMEM_BITS-from-vmcoreinfo.patch
* makedumpfile-arm64-Add-support-for-ARMv8.2-LPA-52-bit-PA-su.patch
++++ python-charset-normalizer:
- update to 2.0.9:
* Moderating the logging impact (since 2.0.8) for specific
environments
* Wrong logging level applied when setting kwarg `explain` to True
++++ python-pbr:
- update to 5.8.0:
* Add python2 testing back to PBR
* Allow PEP517 without setup\_requires
* Clarify the need for setup.py with PEP517
++++ qemu:
- cross-i386-binutils and cross-i386-gcc are not needed and were
dropped from Factory - boo#1193424
++++ ovmf:
- cross-i386-binutils and cross-i386-gcc have been dropped from
Factory, so use only cross-x86_64-* - boo#1193424
++++ runc:
- Update to runc v1.0.3. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.0.3. CVE-2021-43784
bsc#1193436
* A potential vulnerability was discovered in runc (related to an internal
usage of netlink), however upon further investigation we discovered that
while this bug was exploitable on the master branch of runc, no released
version of runc could be exploited using this bug. The exploit required
being able to create a netlink attribute with a length that would overflow a
uint16 but this was not possible in any released version of runc. For more
information see GHSA-v95c-p5hm-xq8f and CVE-2021-43784.
Due to an abundance of caution we decided to do an emergency release with
this fix, but to reiterate we do not believe this vulnerability was
possible to exploit. Thanks to Felix Wilhelm from Google Project Zero for
discovering and reporting this vulnerability so quickly.
* Fixed inability to start a container with read-write bind mount of a
read-only fuse host mount.
* Fixed inability to start when read-only /dev in set in spec.
* Fixed not removing sub-cgroups upon container delete, when rootless cgroup
v2 is used with older systemd.
* Fixed returning error from GetStats when hugetlb is unsupported (which
causes excessive logging for kubernetes).
++++ suse-module-tools:
- Update to version 16.0.16:
* modprobe.d: split conf files (jsc#SLE-21626, boo#1193059)
- Rather than shipping two large files with modprobe.d options
(00-system.conf and 50-blacklist.conf), ship multiple small
per-module files. This makes it easier for users to override
distribution defaults.
* blacklist isst_if_mbox_msr (bsc#1187196)
* boot-sysctl: make sure file exists (fix for containers)
* remove blacklist entry for snd_bt87x (bsc#1192974, bsc#51718)
------------------------------------------------------------------
------------------ 2021-12-5 - Dec 5 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Update to 5.16-rc4
- eliminated 1 patch:
- patches.suse/rtw89-update-partition-size-of-firmware-header-on-sk.patch
- commit d1dc164
++++ libcbor:
- update to 0.9.0:
* Improved pkg-config paths handling
* Use explicit math.h linkage
* BREAKING: Fixed handling of items that exceed the host size_t range
* cbor_decode explicitly checks size to avoid overflows (previously broken,
potentially resulting in erroneous decoding on affected systems)
- split docs into multibuild flavor to avoid build cycle via openssh<->
python-pyOpenSSL <-> python-cryptography
++++ libedit:
- update to 20210910:
* all: sync with upstream source
* see http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libedit
- drop libedit-20180525-manpage-conflicts.patch (upstream)
++++ hidapi:
- update to 0.11.0:
* hidraw: (explicit) workaround to allow build with kernels older than 2.6.39
* libusb: stabilize device path (uses same semantic as Linux kernel)
* libusb: add platform-specific hid_libusb_wrap_sys_device
* general: lots of documentation improvements
* general: (Windows) DDK build files are obsolete
* general: add CMake build system
* general: deprecated Autotools build scripts
* lots of other small fixes and improvements
- remove 0001-configure.ac-remove-duplicate-AC_CONFIG_MACRO_DIR-22.patch (obsolete)
------------------------------------------------------------------
------------------ 2021-12-4 - Dec 4 2021 -------------------
------------------------------------------------------------------
++++ python310-core:
- Remove pdb_adjust_breakpoints.patch and instead just adjust location
of the test breakpoint in Lib/test/test_pdb.py via sed, because we
have shortened Lib/pdb.py by removing the shebang (bpo#45964).
++++ python310:
- Remove pdb_adjust_breakpoints.patch and instead just adjust location
of the test breakpoint in Lib/test/test_pdb.py via sed, because we
have shortened Lib/pdb.py by removing the shebang (bpo#45964).
------------------------------------------------------------------
------------------ 2021-12-3 - Dec 3 2021 -------------------
------------------------------------------------------------------
++++ bash:
- avoid duplicating COPYING file in bash-doc (already in main package in
licensedir)
++++ glib2:
- Update to version 2.70.2:
+ Fix use of the default log writer with journald namespaces
+ Fix hang in `dbus-daemon` under `GTestDBus` when
`G_MESSAGES_DEBUG=all` is set
+ Speed up `g_canonicalize_filename()` to avoid pathogenic cases
with `..`
+ Fix URI for pcre subproject as it’s moved upstream
+ Fix storing GSettings dictionaries on macOS
+ Speed up ‘remove dot segments’ algorithm in `GUri` to avoid
pathogenic cases with `..`
+ Fix infinite loops in D-Bus message parsing for truncated
inputs
+ Improve correctness of version information returned by
`g_get_os_info()` for Windows 10/Server 2019+
+ Bugs fixed: glgo#GNOME/GLib#2400, glgo#GNOME/GLib#2426,
glgo#GNOME/GLib#2528, glgo#GNOME/GLib#2530,
glgo#GNOME/GLib#2537, glgo#GNOME/GLib#2541,
glgo#GNOME/GLib!2312, glgo#GNOME/GLib!2313,
glgo#GNOME/GLib!2314, glgo#GNOME/GLib!2316,
glgo#GNOME/GLib!2320, glgo#GNOME/GLib!2335,
glgo#GNOME/GLib!2337, glgo#GNOME/GLib!2340,
glgo#GNOME/GLib!2344, glgo#GNOME/GLib!2356,
glgo#GNOME/GLib!2359, glgo#GNOME/GLib!2361,
glgo#GNOME/GLib!2363, glgo#GNOME/GLib!2366,
glgo#GNOME/GLib!2375, glgo#GNOME/GLib!2383.
+ Updated translations.
++++ kernel-default:
- xhci: Fix commad ring abort, write all 64 bits to CRCR register
(bsc#1192569).
- commit 0f8ae34
++++ multipath-tools:
- Drop versioned dependency on libmpath0 again (bsc#1190622)
* Since 0.8.6, libmultipath and libmpathpersist have got proper ABI
versioning, and rpmbuild auto-generates dependencies on
libmultipath.so.0(LIBMULTIPATH_13.0.0) etc.
++++ pango:
- Update to version 1.50.0:
+ Fix glyph placement in gravity east
+ Fix line heights in improper gravities
+ Only shown selected ignorables with nicks
+ Support tab alignments other than left
+ Support custom decimal points on decimal tabs
+ Fix a pango-view crash
+ Optimize handling of many tabs
+ Drop json-glib dependency
- Drop pkgconfig(json-glib-1.0) BuildRequires, no longer needed.
++++ makedumpfile:
- Merge SLE15 SP3 changelog.
- Patches that were never actually applied to Factory:
* makedumpfile-Retrieve-MAX_PHYSMEM_BITS-from-vmcoreinfo.patch
(included in 1.6.8)
* makedumpfile-arm64-Add-support-for-ARMv8.2-LPA-52-bit-PA-su.patch
(included in 1.6.8)
++++ ovmf:
- Merge the difference from SLE for pushing back to SLE15-SP4
- Add/Update 50-xen-hvm-x86_64.json in descriptors.tar.xz
- Add the json descriptor for xen-hvm (bsc#1180050)
- Add "nvram-template" and change the firmware file to
ovmf-x86_64-ms-4m.bin (bsc#1180050, bsc#1181264)
- The following patches in SLE are already in edk2-edk2-stable202108
in factory, so they will be removed from 15-SP4
- ovmf-bsc1177789-cryptopkg-fix-null-dereference.patch to fix
the potential NULL dereference in AuthenticodeVerify()
(bsc#1177789, CVE-2019-14584)
- 26442d11e620a9 edk2-stable202011~124
- ovmf-bsc1180079-amd-sev-es-mitigation.patch to mitigate the
potential AMD SEV-ES security issues
(bsc#1180079)
- a91b700e385e74 edk2-stable202102~181
- ovmf-jscSLE-16075-SEV-ES-use-physical-address.patch as the
follow-up patch for SEV-ES to fix the flash writing
(jsc#SLE-16075)
- 3a3501862f7309 edk2-stable202102~105
- ovmf-bsc1183578-lzma-catch-4GB.patch to fix the possible
heap corruption
(bsc#1183578, CVE-2021-28211)
- e7bd0dd26db7e5 edk2-stable202011~7
- ovmf-bsc1183579-fix-fv-recursion.patch to fix unlimited FV
recursion
(bsc#1183579, CVE-2021-28210)
- b9bdfc72853fe9 edk2-stable202011~9
- Add ovmf-bsc1186151-fix-iscsi-overflows.patch to fix the possible
overflows in IScsiDxe
(bsc#1186151)
- 83761337ec91fb edk2-stable202108-rc0~171
------------------------------------------------------------------
------------------ 2021-12-2 - Dec 2 2021 -------------------
------------------------------------------------------------------
++++ librsvg:
- Remove librsvg-s390x-cairo-has-current-point.patch - it is included
in the upstream tarball now.
++++ kernel-default:
- Bluetooth: Apply initial command workaround for more Intel chips
(bsc#83f2dafe2a62).
- commit 9c66401
- rpm/kernel-binary.spec.in: don't strip vmlinux again (bsc#1193306)
After usrmerge, vmlinux file is not named vmlinux-<version>, but simply
vmlinux. And this is not reflected in STRIP_KEEP_SYMTAB we set.
So fix this by removing the dash...
- commit 83af88d
++++ rdma-core:
- Update to v38.0 (jsc#SLE-18383)
- Bugfixes on all providers
- New provider for irdma support
- Add rdma-ndd to recommended depencies of rdma-core
++++ freetype2:
- update to 2.11.1:
* Some fields in the `CID_FaceDictRec`, `CID_FaceInfoRec`, and
`FT_Data` structures have been changed from signed to unsigned
type, which better reflects the actual usage. It is also an
additional means to protect against malformed input.
* Cmake support has been further improved. To do that various
backward-incompatible changes were necessary; please see file
`CMakeLists.txt` for more details.
* The experimental 'COLR' v1 API has been updated to the latest
OpenType standard 1.9.
++++ multipath-tools:
- Update to version 0.8.7+138+suse.7c9afe31:
New upstream version (pre-0.8.8)
* deprecate "config_dir" and "multipath_dir" config options
(will be removed in future version)
* remove dependency on systemd-udevd-settle.service (boo#1193336)
* fix crash in remove_map (boo#1193334)
* CLI: add path wildcard "%I" for init state
* CLI: add "reconfigure all" command
* allow multiple pending "reconfigure" commands (bsc#1189551)
* speed up "reconfigure" by avoiding unnecessary map reloads
(bsc#1189551)
* rework of CLI command handler (unix socket handler) to avoid
hanging CLI commands (bsc#1189551)
* fix multipathd startup after stop during reconfigure (boo#1193338)
* improve error detection and warning messages in config file parser
* fix exit status of multipath -T (bsc#1191900)
* fix defects reported by coverity (boo#1193342)
- avoid sleeping with locks held
- exit if bindings file is broken
- set umask before mkstemp
- add bounds and consistency checks in SCSI VPD parsing code
* add hardware table entry for DellEMC/ME4 (PowerVault ME4)
++++ python310-core:
- Add pdb_adjust_breakpoints.patch fixing expectd results in
test_pdb_breakpoints_preserved_across_interactive_sessions
(bpo#45964).
++++ libseccomp:
- reenable python bindings at least for the distro default python3
package:
- adds make-python-build.patch
++++ libvirt:
- libxl: Fix libvirtd deadlocks and segfaults
23b51d7b-libxl-disable-death-event.patch,
a4e6fba0-libxl-rename-threadinfo-struct.patch,
e4f7589a-libxl-shutdown-thread-name.patch,
b9a5faea-libxl-handle-death-thread.patch,
5c5df531-libxl-search-domid-in-thread.patch,
a7a03324-libxl-protect-logger-access.patch
bsc#1191668, bsc#1192017
- Update to libvirt 7.10.0
- jsc#SLE-18260, jsc#SLE-19264
- Many incremental improvements and bug fixes, see
https://libvirt.org/news.html#v7-10-0-2021-12-01
++++ xxhash:
- update to 0.8.1:
* perf : much improved performance for XXH3 streaming variants, notably on
gcc and msvc
* perf : improved XXH64 speed and latency on small inputs
* perf : small XXH32 speed and latency improvement on small inputs of random
size
* perf : minor stack usage improvement for XXH32 and XXH64
* api : new experimental variants XXH3_*_withSecretandSeed()
* api : update XXH3_generateSecret(), can no generate secret of any size (>=
XXH3_SECRET_SIZE_MIN)
* cli : xxhsum can now generate and check XXH3 checksums, using command `-H3`
* build: can build xxhash without XXH3, with new build macro XXH_NO_XXH3
* build: fix xxh_x86dispatch build with MSVC, by @apankrat
* build: XXH_INLINE_ALL can always be used safely, even after XXH_NAMESPACE
or a previous XXH_INLINE_ALL
* build: improved PPC64LE vector support
* install: fix pkgconfig
* install: compatibility with Haiku
* doc : code comments made compatible with doxygen
* misc : XXH_ACCEPT_NULL_INPUT_POINTER is no longer necessary, all functions
can accept NULL input pointers, as long as size == 0
* misc : complete refactor of CI tests on Github Actions, offering much
larger coverage
* misc : xxhsum code base split into multiple specialized units, within
directory cli/
- add 836f4e735cf368542f14005e41d2f84ec29dfd60.patch (fix manpage installation)
++++ python310:
- Add pdb_adjust_breakpoints.patch fixing expectd results in
test_pdb_breakpoints_preserved_across_interactive_sessions
(bpo#45964).
++++ python-libvirt-python:
- Update to 7.10.0
- Add all new APIs and constants in libvirt 7.10.0
- jsc#SLE-18260, jsc#SLE-19264
------------------------------------------------------------------
------------------ 2021-12-1 - Dec 1 2021 -------------------
------------------------------------------------------------------
++++ Mesa:
- update to 21.3.1
* mostly AMD, Intel & Zink fixes.
++++ Mesa-drivers:
- update to 21.3.1
* mostly AMD, Intel & Zink fixes.
++++ dracut:
- Update to version 055+suse.158.g51e87247:
* chore(suse): add fido2 module (jsc#SLE-21070)
* feat(crypt): check if fido2 module is needed in hostonly mode (jsc#SLE-21070)
* feat(fido2): introducing the fido2 module (jsc#SLE-21070)
* feat(crypt): check if tpm2-tss module is needed in hostonly mode (jsc#SLE-21070)
* fix(dracut-functions.sh): get block device driver if in a virtual subsystem (bsc#1189776)
* fix(mdraid): allow UUID comparison for more than one UUID (bsc#1192665)
* fix(dracut.spec): update dependency for suse-module-tools
* fix(network-legacy): route parsing issues in ifup (bsc#1182688)
* fix(systemd-udevd): make collect optional (bsc#1177870)
++++ kernel-default:
- Linux 5.15.6 (bsc#1012628).
- drm/amdgpu/gfx9: switch to golden tsc registers for renoir+
(bsc#1012628).
- drm/amdgpu/gfx10: add wraparound gpu counter check for APUs
as well (bsc#1012628).
- block: avoid to quiesce queue in elevator_init_mq (bsc#1012628).
- blk-mq: cancel blk-mq dispatch work in both blk_cleanup_queue
and disk_release() (bsc#1012628).
- docs: accounting: update delay-accounting.rst reference
(bsc#1012628).
- firmware: arm_scmi: Fix type error in sensor protocol
(bsc#1012628).
- firmware: arm_scmi: Fix type error assignment in voltage
protocol (bsc#1012628).
- io_uring: fix soft lockup when call __io_remove_buffers
(bsc#1012628).
- cifs: nosharesock should be set on new server (bsc#1012628).
- tracing: Check pid filtering when creating events (bsc#1012628).
- ksmbd: Fix an error handling path in 'smb2_sess_setup()'
(bsc#1012628).
- vhost/vsock: fix incorrect used length reported to the guest
(bsc#1012628).
- vdpa_sim: avoid putting an uninitialized iova_domain
(bsc#1012628).
- iommu/amd: Clarify AMD IOMMUv2 initialization messages
(bsc#1012628).
- ceph: properly handle statfs on multifs setups (bsc#1012628).
- cifs: nosharesock should not share socket with future sessions
(bsc#1012628).
- riscv: dts: microchip: drop duplicated MMC/SDHC node
(bsc#1012628).
- riscv: dts: microchip: fix board compatible (bsc#1012628).
- f2fs: set SBI_NEED_FSCK flag when inconsistent node block found
(bsc#1012628).
- f2fs: quota: fix potential deadlock (bsc#1012628).
- iommu/vt-d: Fix unmap_pages support (bsc#1012628).
- iommu/rockchip: Fix PAGE_DESC_HI_MASKs for RK3568 (bsc#1012628).
- sched/scs: Reset task stack state in bringup_cpu()
(bsc#1012628).
- perf: Ignore sigtrap for tracepoints destined for other tasks
(bsc#1012628).
- locking/rwsem: Make handoff bit handling more consistent
(bsc#1012628).
- net: mscc: ocelot: correctly report the timestamping RX filters
in ethtool (bsc#1012628).
- net: mscc: ocelot: don't downgrade timestamping RX filters in
SIOCSHWTSTAMP (bsc#1012628).
- net: hns3: fix incorrect components info of ethtool --reset
command (bsc#1012628).
- net: hns3: fix VF RSS failed problem after PF enable multi-TCs
(bsc#1012628).
- net/smc: Don't call clcsock shutdown twice when smc shutdown
(bsc#1012628).
- net: vlan: fix underflow for the real_dev refcnt (bsc#1012628).
- ethtool: ioctl: fix potential NULL deref in
ethtool_set_coalesce() (bsc#1012628).
- net/sched: sch_ets: don't peek at classes beyond 'nbands'
(bsc#1012628).
- net: stmmac: Disable Tx queues when reconfiguring the interface
(bsc#1012628).
- tls: fix replacing proto_ops (bsc#1012628).
- tls: splice_read: fix accessing pre-processed records
(bsc#1012628).
- tls: splice_read: fix record type check (bsc#1012628).
- MIPS: use 3-level pgtable for 64KB page size on MIPS_VA_BITS_48
(bsc#1012628).
- MIPS: loongson64: fix FTLB configuration (bsc#1012628).
- igb: fix netpoll exit with traffic (bsc#1012628).
- nvmet: use IOCB_NOWAIT only if the filesystem supports it
(bsc#1012628).
- net/smc: Fix loop in smc_listen (bsc#1012628).
- net/smc: Fix NULL pointer dereferencing in smc_vlan_by_tcpsk()
(bsc#1012628).
- net: phylink: Force retrigger in case of latched link-fail
indicator (bsc#1012628).
- net: phylink: Force link down and retrigger resolve on interface
change (bsc#1012628).
- lan743x: fix deadlock in lan743x_phy_link_status_change()
(bsc#1012628).
- tcp_cubic: fix spurious Hystart ACK train detections for
not-cwnd-limited flows (bsc#1012628).
- drm/amd/display: Set plane update flags for all planes in reset
(bsc#1012628).
- drm/amd/display: Fix DPIA outbox timeout after GPU reset
(bsc#1012628).
- PM: hibernate: use correct mode for swsusp_close()
(bsc#1012628).
- net/ncsi : Add payload to be 32-bit aligned to fix dropped
packets (bsc#1012628).
- arm64: uaccess: avoid blocking within critical sections
(bsc#1012628).
- drm/hyperv: Fix device removal on Gen1 VMs (bsc#1012628).
- nvmet-tcp: fix incomplete data digest send (bsc#1012628).
- cpufreq: intel_pstate: Add Ice Lake server to out-of-band IDs
(bsc#1012628).
- net: marvell: mvpp2: increase MTU limit when XDP enabled
(bsc#1012628).
- net: ipa: kill ipa_cmd_pipeline_clear() (bsc#1012628).
- net: ipa: separate disabling setup from modem stop
(bsc#1012628).
- net: ipa: directly disable ipa-setup-ready interrupt
(bsc#1012628).
- mlxsw: spectrum: Protect driver from buggy firmware
(bsc#1012628).
- net/smc: Ensure the active closing peer first closes clcsock
(bsc#1012628).
- i2c: virtio: disable timeout handling (bsc#1012628).
- erofs: fix deadlock when shrink erofs slab (bsc#1012628).
- scsi: scsi_debug: Zero clear zones at reset write pointer
(bsc#1012628).
- scsi: core: sysfs: Fix setting device state to SDEV_RUNNING
(bsc#1012628).
- ice: avoid bpf_prog refcount underflow (bsc#1012628).
- ice: fix vsi->txq_map sizing (bsc#1012628).
- net: nexthop: release IPv6 per-cpu dsts when replacing a
nexthop group (bsc#1012628).
- net: ipv6: add fib6_nh_release_dsts stub (bsc#1012628).
- net: stmmac: retain PTP clock time during SIOCSHWTSTAMP ioctls
(bsc#1012628).
- nfp: checking parameter process for rx-usecs/tx-usecs is invalid
(bsc#1012628).
- ipv6: fix typos in __ip6_finish_output() (bsc#1012628).
- firmware: smccc: Fix check for ARCH_SOC_ID not implemented
(bsc#1012628).
- af_unix: fix regression in read after shutdown (bsc#1012628).
- mptcp: use delegate action to schedule 3rd ack retrans
(bsc#1012628).
- mptcp: fix delack timer (bsc#1012628).
- ALSA: intel-dsp-config: add quirk for JSL devices based on
ES8336 codec (bsc#1012628).
- xen/pvh: add missing prototype to header (bsc#1012628).
- x86/pvh: add prototype for xen_pvh_init() (bsc#1012628).
- iavf: Fix VLAN feature flags after VFR (bsc#1012628).
- iavf: Fix refreshing iavf adapter stats on ethtool request
(bsc#1012628).
- iavf: Prevent changing static ITR values if adaptive moderation
is on (bsc#1012628).
- HID: magicmouse: prevent division by 0 on scroll (bsc#1012628).
- HID: input: set usage type to key on keycode remap
(bsc#1012628).
- HID: input: Fix parsing of HID_CP_CONSUMER_CONTROL fields
(bsc#1012628).
- net: marvell: prestera: fix double free issue on err path
(bsc#1012628).
- net: marvell: prestera: fix brige port operation (bsc#1012628).
- drm/aspeed: Fix vga_pw sysfs output (bsc#1012628).
- drm/vc4: fix error code in vc4_create_object() (bsc#1012628).
- scsi: mpt3sas: Fix incorrect system timestamp (bsc#1012628).
- scsi: mpt3sas: Fix system going into read-only mode
(bsc#1012628).
- scsi: mpt3sas: Fix kernel panic during drive powercycle test
(bsc#1012628).
- scsi: qla2xxx: edif: Fix off by one bug in
qla_edif_app_getfcinfo() (bsc#1012628).
- drm/nouveau/acr: fix a couple NULL vs IS_ERR() checks
(bsc#1012628).
- ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE
(bsc#1012628).
- NFSv42: Don't fail clone() unless the OP_CLONE operation failed
(bsc#1012628).
- ASoC: stm32: i2s: fix 32 bits channel length without mclk
(bsc#1012628).
- firmware: arm_scmi: pm: Propagate return value to caller
(bsc#1012628).
- firmware: arm_scmi: Fix base agent discover response
(bsc#1012628).
- net: ieee802154: handle iftypes as u32 (bsc#1012628).
- ASoC: codecs: lpass-rx-macro: fix HPHR setting CLSH mask
(bsc#1012628).
- ASoC: codecs: wcd934x: return error code correctly from
hw_params (bsc#1012628).
- ASoC: codecs: wcd938x: fix volatile register range
(bsc#1012628).
- ASoC: topology: Add missing rwsem around snd_ctl_remove()
calls (bsc#1012628).
- ASoC: qdsp6: q6asm: fix q6asm_dai_prepare error handling
(bsc#1012628).
- ASoC: qdsp6: q6routing: Conditionally reset FrontEnd Mixer
(bsc#1012628).
- ARM: dts: bcm2711: Fix PCIe interrupts (bsc#1012628).
- ARM: dts: BCM5301X: Add interrupt properties to GPIO node
(bsc#1012628).
- ARM: dts: BCM5301X: Fix I2C controller interrupt (bsc#1012628).
- firmware: arm_scmi: Fix null de-reference on error path
(bsc#1012628).
- media: v4l2-core: fix VIDIOC_DQEVENT handling on non-x86
(bsc#1012628).
- netfilter: flowtable: fix IPv6 tunnel addr match (bsc#1012628).
- netfilter: ipvs: Fix reuse connection if RS weight is 0
(bsc#1012628).
- netfilter: ctnetlink: do not erase error code with EINVAL
(bsc#1012628).
- netfilter: ctnetlink: fix filtering with CTA_TUPLE_REPLY
(bsc#1012628).
- ASoC: SOF: Intel: hda: fix hotplug when only codec is suspended
(bsc#1012628).
- proc/vmcore: fix clearing user buffer by properly using
clear_user() (bsc#1012628).
- drm/amd/display: Fix OLED brightness control on eDP
(bsc#1012628).
- PCI: aardvark: Fix link training (bsc#1012628).
- PCI: aardvark: Simplify initialization of rootcap on virtual
bridge (bsc#1012628).
- PCI: aardvark: Implement re-issuing config requests on CRS
response (bsc#1012628).
- PCI: aardvark: Deduplicate code in advk_pcie_rd_conf()
(bsc#1012628).
- NFSv42: Fix pagecache invalidation after COPY/CLONE
(bsc#1012628).
- iomap: Fix inline extent handling in iomap_readpage
(bsc#1012628).
- powerpc/32: Fix hardlockup on vmap stack overflow (bsc#1012628).
- cpufreq: intel_pstate: Fix active mode offline/online EPP
handling (bsc#1012628).
- arm64: mm: Fix VM_BUG_ON(mm != &init_mm) for trans_pgd
(bsc#1012628).
- mdio: aspeed: Fix "Link is Down" issue (bsc#1012628).
- mmc: sdhci: Fix ADMA for PAGE_SIZE >= 64KiB (bsc#1012628).
- mmc: sdhci-esdhc-imx: disable CMDQ support (bsc#1012628).
- tracing: Fix pid filtering when triggers are attached
(bsc#1012628).
- tracing/uprobe: Fix uprobe_perf_open probes iteration
(bsc#1012628).
- KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB
(bsc#1012628).
- ksmbd: fix memleak in get_file_stream_info() (bsc#1012628).
- ksmbd: contain default data stream even if xattr is empty
(bsc#1012628).
- ksmbd: downgrade addition info error msg to debug in
smb2_get_info_sec() (bsc#1012628).
- drm/nouveau: recognise GA106 (bsc#1012628).
- drm/amdgpu/pm: fix powerplay OD interface (bsc#1012628).
- drm/amdgpu: IH process reset count when restart (bsc#1012628).
- io_uring: fix link traversal locking (bsc#1012628).
- io_uring: fail cancellation for EXITING tasks (bsc#1012628).
- io_uring: correct link-list traversal locking (bsc#1012628).
- xen: detect uninitialized xenbus in xenbus_init (bsc#1012628).
- xen: don't continue xenstore initialization in case of errors
(bsc#1012628).
- fuse: release pipe buf after last use (bsc#1012628).
- staging: r8188eu: fix a memory leak in rtw_wx_read32()
(bsc#1012628).
- staging: r8188eu: use GFP_ATOMIC under spinlock (bsc#1012628).
- staging: r8188eu: Fix breakage introduced when 5G code was
removed (bsc#1012628).
- staging: r8188eu: Use kzalloc() with GFP_ATOMIC in atomic
context (bsc#1012628).
- staging: rtl8192e: Fix use after free in
_rtl92e_pci_disconnect() (bsc#1012628).
- staging: greybus: Add missing rwsem around snd_ctl_remove()
calls (bsc#1012628).
- staging/fbtft: Fix backlight (bsc#1012628).
- HID: wacom: Use "Confidence" flag to prevent reporting invalid
contacts (bsc#1012628).
- Revert "parisc: Fix backtrace to always include init funtion
names" (bsc#1012628).
- media: cec: copy sequence field for the reply (bsc#1012628).
- ALSA: hda/realtek: Fix LED on HP ProBook 435 G7 (bsc#1012628).
- ALSA: hda/realtek: Add quirk for ASRock NUC Box 1100
(bsc#1012628).
- ALSA: ctxfi: Fix out-of-range access (bsc#1012628).
- binder: fix test regression due to sender_euid change
(bsc#1012628).
- usb: hub: Fix locking issues with address0_mutex (bsc#1012628).
- usb: hub: Fix usb enumeration issue due to address0 race
(bsc#1012628).
- usb: xhci: tegra: Check padctrl interrupt presence in device
tree (bsc#1012628).
- usb: typec: fusb302: Fix masking of comparator and bc_lvl
interrupts (bsc#1012628).
- usb: chipidea: ci_hdrc_imx: fix potential error pointer
dereference in probe (bsc#1012628).
- net: nexthop: fix null pointer dereference when IPv6 is not
enabled (bsc#1012628).
- net: usb: Correct PHY handling of smsc95xx (bsc#1012628).
- usb: dwc3: gadget: Fix null pointer exception (bsc#1012628).
- usb: dwc3: gadget: Check for L1/L2/U3 for Start Transfer
(bsc#1012628).
- usb: dwc3: gadget: Ignore NoStream after End Transfer
(bsc#1012628).
- usb: dwc3: core: Revise GHWPARAMS9 offset (bsc#1012628).
- usb: dwc3: leave default DMA for PCI devices (bsc#1012628).
- usb: dwc2: hcd_queue: Fix use of floating point literal
(bsc#1012628).
- usb: dwc2: gadget: Fix ISOC flow for elapsed frames
(bsc#1012628).
- USB: serial: option: add Fibocom FM101-GL variants
(bsc#1012628).
- USB: serial: option: add Telit LE910S1 0x9200 composition
(bsc#1012628).
- USB: serial: pl2303: fix GC type detection (bsc#1012628).
- ACPI: CPPC: Add NULL pointer check to cppc_get_perf()
(bsc#1012628).
- ACPI: Get acpi_device's parent from the parent field
(bsc#1012628).
- scsi: sd: Fix sd_do_mode_sense() buffer length handling
(bsc#1012628).
- commit 30c5f4d
- mwifiex: Fix skb_over_panic in mwifiex_usb_recv()
(CVE-2021-43976 bsc#1192847).
- commit 62666c5
++++ kernel-firmware:
- Update to version 20211123 (git commit b0e898fbaf37):
* linux-firmware: Update firmware file for Intel Bluetooth 9462
* linux-firmware: Update firmware file for Intel Bluetooth 9462
* linux-firmware: Update firmware file for Intel Bluetooth 9560
* linux-firmware: Update firmware file for Intel Bluetooth 9560
* linux-firmware: Update firmware file for Intel Bluetooth AX201
* linux-firmware: Update firmware file for Intel Bluetooth AX201
* linux-firmware: Update firmware file for Intel Bluetooth AX211
* linux-firmware: Update firmware file for Intel Bluetooth AX211
* linux-firmware: Update firmware file for Intel Bluetooth AX210
* linux-firmware: Update firmware file for Intel Bluetooth 9560
* linux-firmware: Update firmware file for Intel Bluetooth 9260
* linux-firmware: Update firmware file for Intel Bluetooth AX200
* linux-firmware: Update firmware file for Intel Bluetooth AX201
* amdgpu: update yellow carp dmcub firmware
* amdgpu: update vangogh DMCUB firmware
* Update ath10k/QCA6174/hw3.0/board-2.bin
* mrvl: prestera: Update Marvell Prestera Switchdev v4.0
* QCA: Add Bluetooth firmware for WCN685x
- Fix the script to adapt ZSTD compressed modules (jsc#SLE-21256)
- Update _service to follow branch main instead
- Update aliases
++++ libXfixes:
- update to version 6.0 is needed for GNOME41, particularly the
gnome-settings-daemon's new feature to disconnect from Xwayland
(JIRA #SLE-22829)
++++ libffi:
- disable static trampolines (bsc#1193272)
++++ mozilla-nss:
- update to NSS 3.73
* bmo#1735028 - check for missing signedData field.
* bmo#1737470 - Ensure DER encoded signatures are within size limits.
* bmo#1729550 - NSS needs FiPS 140-3 version indicators.
* bmo#1692132 - pkix_CacheCert_Lookup doesn't return cached certs
* bmo#1738600 - sunset Coverity from NSS
MFSA 2021-51 (bsc#1193170)
* CVE-2021-43527 (bmo#1737470)
Memory corruption via DER-encoded DSA and RSA-PSS signatures
------------------------------------------------------------------
------------------ 2021-11-30 - Nov 30 2021 -------------------
------------------------------------------------------------------
++++ libgcrypt:
- FIPS: Define an entropy source SP800-90B compliant [bsc#1185140]
* Disable jitter entropy by default in random.conf
* Disable only-urandom option by default in random.conf
++++ sqlite3:
- SQLite3 3.37.0:
* STRICT tables provide a prescriptive style of data type
management, for developers who prefer that kind of thing.
* When adding columns that contain a CHECK constraint or a
generated column containing a NOT NULL constraint, the
ALTER TABLE ADD COLUMN now checks new constraints against
preexisting rows in the database and will only proceed if no
constraints are violated.
* Added the PRAGMA table_list statement.
* Add the .connection command, allowing the CLI to keep multiple
database connections open at the same time.
* Add the --safe command-line option that disables dot-commands
and SQL statements that might cause side-effects that extend
beyond the single database file named on the command-line.
* CLI: Performance improvements when reading SQL statements that
span many lines.
* Added the sqlite3_autovacuum_pages() interface.
* The sqlite3_deserialize() does not and has never worked
for the TEMP database. That limitation is now noted in the
documentation.
* The query planner now omits ORDER BY clauses on subqueries and
views if removing those clauses does not change the semantics
of the query.
* The generate_series table-valued function extension is modified
so that the first parameter ("START") is now required. This is
done as a way to demonstrate how to write table-valued
functions with required parameters. The legacy behavior is
available using the -DZERO_ARGUMENT_GENERATE_SERIES
compile-time option.
* Added new sqlite3_changes64() and sqlite3_total_changes64()
interfaces.
* Added the SQLITE_OPEN_EXRESCODE flag option to sqlite3_open_v2().
* Use less memory to hold the database schema.
* bsc#1189802, CVE-2021-36690: Fix an issue with the SQLite Expert
extension when a column has no collating sequence.
++++ shadow:
- Really enable USERGROUPS_ENAB [bsc#1189139].
Did go lost during merges.
++++ raspberrypi-firmware-dt:
- Update to 14c1845ff9 (2021-11-19):
* Add DTS:
- bcm2710-rpi-zero-2-w.dts
- bcm2710-rpi-zero-2.dts
* Add overlays:
- adafruit-st7735r-overlay.dts
- fbtft-overlay.dts
- imx519-overlay.dts
- mcp2515-overlay.dts
- mlx90640-overlay.dts
++++ u-boot-rpiarm64:
Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.10
* Patches added:
0017-rpi-Add-identifier-for-the-new-RPi-.patch
------------------------------------------------------------------
------------------ 2021-11-29 - Nov 29 2021 -------------------
------------------------------------------------------------------
++++ audit-secondary:
- Use %autosetup
- Don't include sample rules as %doc, they're already installed
as normal files
- Fix create-augenrules-service.patch:
* auditd.service needs to require augenrules.service,
not the other way around
- Fix documentation for enable-stop-rules.patch
++++ gettext-runtime:
- Remove libcroco from BuildRequires: it is now bundled internally.
++++ ncurses:
- Add ncurses patch 20211127
+ fix errata in description fields (report by Eric Lindblad) -TD
+ add x10term+sl, aixterm+sl, ncr260vp+sl, ncr260vp+vt, wyse+sl -TD
- Correct offsets of patch ncurses-6.3.dif
++++ python310-core:
- Remove shebangs from from python-base libraries in _libdir
(bsc#1193179).
- Readjust patches:
- bpo-31046_ensurepip_honours_prefix.patch
- decimal.patch
- python-3.3.0b1-fix_date_time_compiler.patch
++++ python310:
- Remove shebangs from from python-base libraries in _libdir
(bsc#1193179).
- Readjust patches:
- bpo-31046_ensurepip_honours_prefix.patch
- decimal.patch
- python-3.3.0b1-fix_date_time_compiler.patch
++++ python-charset-normalizer:
- update to 2.0.8:
* Improvement over Vietnamese detection
* MD improvement on trailing data and long foreign (non-pure latin)
* Efficiency improvements in cd/alphabet_languages
* call sum() without an intermediary list following PEP 289 recommendations
* Code style as refactored by Sourcery-AI
* Minor adjustment on the MD around european words
* Remove and replace SRTs from assets / tests
* Initialize the library logger with a `NullHandler` by default
* Setting kwarg `explain` to True will add provisionally
* Fix large (misleading) sequence giving UnicodeDecodeError
* Avoid using too insignificant chunk
* Add and expose function `set_logging_handler` to configure a specific
StreamHandler
++++ python-pycparser:
- update to 2.21:
- Much improved support for C11 (multiple PRs)
- Support for parehthesized compount statements (#423)
- Support for modern Python versions (3.9 and 3.10)
- Fix support for structs with nested enums (#387)
- Multiple small bug fixes
++++ tpm2.0-tools:
- Fix python3-PyYAML requirement
- Move the tests inside a bcond. Disabled by default.
++++ xauth:
- update to version 1.1.1
* This is a minor bugfix release, including fixes for reported
crashes.
------------------------------------------------------------------
------------------ 2021-11-28 - Nov 28 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Update to 5.16-rc3
- refresh configs
- commit e8ae228
++++ libxcrypt:
- update to 4.4.26:
* fix compilation on system with gcc >= 10 that do not support
declarations with __attribute__((symver))
- switch to bootstrapped tarball, add upstream signing key and
verify source signature
++++ mozilla-nss:
- update to NSS 3.72
* Remove newline at the end of coreconf.dep
* bmo#1731911 - Fix nsinstall parallel failure.
* bmo#1729930 - Increase KDF cache size to mitigate perf
regression in about:logins
------------------------------------------------------------------
------------------ 2021-11-27 - Nov 27 2021 -------------------
------------------------------------------------------------------
++++ lttng-ust:
- Update to version 2.13.0:
* See https://git.lttng.org/?p=lttng-ust.git;a=blob_plain;f=ChangeLog;hb=v2.13.0
- Add liburcu requirement to the development package.
- Add ARMv7 and RISC-V to supported architectures.
++++ lua54:
- Update upstream-bugs.patch and upstream-bugs-test.patch to fix
bugs 7,8 for build and tests respectively. (bsc#1192613,CVE-2021-43519)
++++ pango:
- Update to version 1.49.4:
+ Require fontconfig 2.13
+ Require harfbuzz 2.6
+ Many fixes to line breaking accuracy
+ coretext: Correctly clamp text weights at min/max values
+ Add serialization api for PangoLayout, PangoFont and
PangoAttrList
+ Require json-glib
+ tests:
- Use serialized layouts for test cases
- Include fonts in git
+ pango-view: Accept serialized layouts
+ Fix a rounding problem with font metrics
+ Fix visible space display using â£
- Changes from version 1.49.3:
+ Fix hinting of glyph metrics
+ Fix logical glyph extents in vertical gravities
+ Visualize more default-ignorable glyphs
+ Fix advance widths in transformed contexts
+ Implement Small Caps and other casing variations
- Changes from version 1.49.2:
+ Update Unicode data to Unicode 14
+ Fix underlining of spaces
+ Round font metrics when appropriate
+ Fix some corner cases of cursor positioning
+ Handle Catalan middle-dot in text segmentation
- Changes from version 1.49.1:
+ Only recompute log attrs when needed
+ Validate log attrs
+ Fix conformance issues in Thai and Indic linebreaking
+ Add pango_attr_break to support customizing line and word
breaks
+ Add font-dependent baseline shifts and sizing for super- and
subscripts
+ Improve hyphenation support
+ pango-view:
- Visualize caret positions and slopes
- Show glyph rects
- Make --annotate easier to use
+ Add pango_layout_get_caret_pos to support sloped carets
+ Improve caret positioning for ligatures
+ Better under- and overline placement
+ layout:
- Allocate a bit less
- Fix cluster extents with rise
+ Add pango_layout_iter_get_run_baseline
+ Add pango_glyph_string_index_to_x_full
+ coretext: Set size on font descriptions
+ Add color information to PangoGlyphVisAttr
- Changes from version 1.49.0:
+ Require fribidi 1.0.6
+ Fix threadsafety issues with Thai
+ Fix a rounding problem on i386
+ Fix font choice for ellipsis
+ New api:
- pango_font_get_languages
- Introspection helpers for attributes
+ Ignore width in horizontal context when itemizing
+ markup:
- Allow specifying size and rise in points
- Allow specifying size as percentage
+ Rewrite pango_layout_move_cursor_visually
+ Add a line-height attribute and make logical line extents
respect it
+ Add pango_justify_last_line
+ Add pango_shape_item
+ Add a text-transform attribute and implement it
+ Clean up fribidi api usage
+ Fix a bug in the gravity data table
+ pango-view: Improve the --annotate option
+ Fix a possible crash in rendering strikethroughs
- Add pkgconfig(json-glib-1.0) BuildRequires, new dependency.
++++ python-cryptography:
- update to 36.0.0:
* FINAL DEPRECATION Support for verifier and signer on our asymmetric key
classes was deprecated in version 2.1. These functions had an extended
deprecation due to usage, however the next version of cryptography will
drop support. Users should migrate to sign and verify.
* The entire X.509 layer is now written in Rust. This allows alternate
asymmetric key implementations that can support cloud key management
services or hardware security modules provided they implement the necessary
interface (for example: EllipticCurvePrivateKey).
* Deprecated the backend argument for all functions.
* Added support for AESOCB3.
* Added support for iterating over arbitrary request attributes.
* Deprecated the get_attribute_for_oid method on CertificateSigningRequest in
favor of get_attribute_for_oid() on the new Attributes object.
* Fixed handling of PEM files to allow loading when certificate and key are
in the same file.
* Fixed parsing of CertificatePolicies extensions containing legacy BMPString values in their explicitText.
* Allow parsing of negative serial numbers in certificates. Negative serial
numbers are prohibited by RFC 5280 so a deprecation warning will be raised
whenever they are encountered. A future version of cryptography will drop
support for parsing them.
* Added support for parsing PKCS12 files with friendly names for all
certificates with load_pkcs12(), which will return an object of type
PKCS12KeyAndCertificates.
* rfc4514_string() and related methods now have an optional
attr_name_overrides parameter to supply custom OID to name mappings, which
can be used to match vendor-specific extensions.
* BACKWARDS INCOMPATIBLE: Reverted the nonstandard formatting of email
address fields as E in rfc4514_string() methods from version 35.0.
* The previous behavior can be restored with:
name.rfc4514_string({NameOID.EMAIL_ADDRESS: "E"})
* Allow X25519PublicKey and X448PublicKey to be used as public keys when
parsing certificates or creating them with CertificateBuilder. These key
types must be signed with a different signing algorithm as X25519 and X448
do not support signing.
* Extension values can now be serialized to a DER byte string by calling public_bytes().
* Added experimental support for compiling against BoringSSL. As BoringSSL
does not commit to a stable API, cryptography tests against the latest
commit only. Please note that several features are not available when
building against BoringSSL.
* Parsing CertificateSigningRequest from DER and PEM now, for a limited time
period, allows the Extension critical field to be incorrectly encoded. See
the issue for complete details. This will be reverted in a future
cryptography release.
* When OCSPNonce are parsed and generated their value is now correctly
wrapped in an ASN.1 OCTET STRING. This conforms to RFC 6960 but conflicts
with the original behavior specified in RFC 2560. For a temporary period
for backwards compatibility, we will also parse values that are encoded as
specified in RFC 2560 but this behavior will be removed in a future
release.
* Changed the version scheme. This will result in us incrementing the major
version more frequently, but does not change our existing backwards
compatibility policy.
* BACKWARDS INCOMPATIBLE: The X.509 PEM parsers now require that the PEM
string passed have PEM delimiters of the correct type. For example, parsing
a private key PEM concatenated with a certificate PEM will no longer be
accepted by the PEM certificate parser.
* BACKWARDS INCOMPATIBLE: The X.509 certificate parser no longer allows
negative serial numbers. RFC 5280 has always prohibited these.
* BACKWARDS INCOMPATIBLE: Additional forms of invalid ASN.1 found during
X.509 parsing will raise an error on initial parse rather than when the
malformed field is accessed.
* Rust is now required for building cryptography, the
CRYPTOGRAPHY_DONT_BUILD_RUST environment variable is no longer respected.
* Parsers for X.509 no longer use OpenSSL and have been rewritten in Rust.
This should be backwards compatible (modulo the items listed above) and
improve both security and performance.
* Added support for OpenSSL 3.0.0 as a compilation target.
* Added support for SM3 and SM4, when using OpenSSL 1.1.1. These algorithms
are provided for compatibility in regions where they may be required, and
are not generally recommended.
* We now ship manylinux_2_24 and musllinux_1_1 wheels, in addition to our
manylinux2010 and manylinux2014 wheels. Users on distributions like Alpine
Linux should ensure they upgrade to the latest pip to correctly receive
wheels.
* Added rfc4514_attribute_name attribute to x509.NameAttribute.
- drop disable-uneven-sizes-tests.patch (upstream)
- drop disable-RustExtension.patch: building rust extension now
------------------------------------------------------------------
------------------ 2021-11-26 - Nov 26 2021 -------------------
------------------------------------------------------------------
++++ glibc:
- Enable building the cross packages in rings.
++++ gnutls:
- Drop bogus condition "> 1550": that would mean 'more recent than
Tumbleweed' which is technically impossible, as Tumbleweed is the
leading project (and the condition causes issues as Tumbleweed
needs to move away from 1550 due to CODE 15 SP5 plans).
++++ kernel-default:
- constraints: Build aarch64 on recent ARMv8.1 builders.
Request asimdrdm feature which is available only on recent ARMv8.1 CPUs.
This should prevent scheduling the kernel on an older slower builder.
- commit 60fc53f
++++ libdrm:
- update to 2.4.109:
* amdgpu: add new function to get fd
* radeon: remove duplicate struct declaration
* xf86drm: fix compiler warnings
* ci fixes
++++ libffi:
- update to 3.4.2:
* Add static trampoline support for Linux on x86_64 and ARM64.
* Add support for Alibaba's CSKY architecture.
* Add support for Kalray's KVX architecture.
* Add support for Intel Control-flow Enforcement Technology (CET).
* Add support for ARM Pointer Authentication (PA).
* Fix 32-bit PPC regression.
* Fix MIPS soft-float problem.
* Enable tmpdir override with the $LIBFFI_TMPDIR environment variable.
* Enable compatibility with MSVC runtime stack checking.
* Reject float and small integer argument in ffi_prep_cif_var().
* Callers must promote these types themselves.
- drop aarch64.patch: fixed upstream differently
- drop info dependency, uses file triggers now
++++ libgcrypt:
- FIPS: RSA KeyGen/SigGen fail with 4096 bit key sizes [bsc#1192240]
* rsa: Check RSA keylen constraints for key operations.
* rsa: Fix regression in not returning an error for prime generation.
* tests: Add 2k RSA key working in FIPS mode.
* tests: pubkey: Replace RSA key to one of 2k.
* tests: pkcs1v2: Skip tests with small keys in FIPS.
* Add patches:
- libgcrypt-FIPS-RSA-keylen.patch
- libgcrypt-FIPS-RSA-keylen-tests.patch
++++ python-charset-normalizer:
- require lower-case name instead of breaking build
------------------------------------------------------------------
------------------ 2021-11-25 - Nov 25 2021 -------------------
------------------------------------------------------------------
++++ aaa_base:
- Clear term.sh and term.csh also from file list
++++ catatonit:
- Add 99bb9048f.patch: configure.ac: call AM_INIT_AUTOMAKE only
once. Fix build with autocnf 2.71 / automake 1.16.5.
++++ kdump:
- kdump-Store-kdump-initrd-in-kernel-image-path.patch: Fix kdumprd
location for usrmerge kernels (boo#1190920).
++++ kernel-default:
- Linux 5.15.5 (bsc#1012628).
- arm64: zynqmp: Do not duplicate flash partition label property
(bsc#1012628).
- arm64: zynqmp: Fix serial compatible string (bsc#1012628).
- clk: sunxi-ng: Unregister clocks/resets when unbinding
(bsc#1012628).
- ARM: dts: sunxi: Fix OPPs node name (bsc#1012628).
- arm64: dts: allwinner: h5: Fix GPU thermal zone node name
(bsc#1012628).
- arm64: dts: allwinner: a100: Fix thermal zone node name
(bsc#1012628).
- staging: wfx: ensure IRQ is ready before enabling it
(bsc#1012628).
- ARM: dts: BCM5301X: Fix nodes names (bsc#1012628).
- ARM: dts: BCM5301X: Fix MDIO mux binding (bsc#1012628).
- ARM: dts: NSP: Fix mpcore, mmc node names (bsc#1012628).
- arm64: dts: broadcom: bcm4908: Move reboot syscon out of bus
(bsc#1012628).
- scsi: pm80xx: Fix memory leak during rmmod (bsc#1012628).
- scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()
(bsc#1012628).
- ASoC: mediatek: mt8195: Add missing of_node_put() (bsc#1012628).
- arm64: dts: hisilicon: fix arm,sp805 compatible string
(bsc#1012628).
- RDMA/bnxt_re: Check if the vlan is valid before reporting
(bsc#1012628).
- bus: ti-sysc: Add quirk handling for reinit on context lost
(bsc#1012628).
- bus: ti-sysc: Use context lost quirk for otg (bsc#1012628).
- usb: musb: tusb6010: check return value after calling
platform_get_resource() (bsc#1012628).
- usb: typec: tipd: Remove WARN_ON in tps6598x_block_read
(bsc#1012628).
- ARM: dts: ux500: Skomer regulator fixes (bsc#1012628).
- staging: rtl8723bs: remove possible deadlock when disconnect
(v2) (bsc#1012628).
- staging: rtl8723bs: remove a second possible deadlock
(bsc#1012628).
- staging: rtl8723bs: remove a third possible deadlock
(bsc#1012628).
- ARM: BCM53016: Specify switch ports for Meraki MR32
(bsc#1012628).
- arm64: dts: qcom: msm8998: Fix CPU/L2 idle state latency and
residency (bsc#1012628).
- arm64: dts: qcom: ipq6018: Fix qcom,controlled-remotely property
(bsc#1012628).
- arm64: dts: qcom: ipq8074: Fix qcom,controlled-remotely property
(bsc#1012628).
- arm64: dts: qcom: sdm845: Fix qcom,controlled-remotely property
(bsc#1012628).
- arm64: dts: freescale: fix arm,sp805 compatible string
(bsc#1012628).
- arm64: dts: ls1012a: Add serial alias for ls1012a-rdb
(bsc#1012628).
- RDMA/rxe: Separate HW and SW l/rkeys (bsc#1012628).
- ASoC: SOF: Intel: hda-dai: fix potential locking issue
(bsc#1012628).
- scsi: core: Fix scsi_mode_sense() buffer length handling
(bsc#1012628).
- ALSA: usb-audio: disable implicit feedback sync for Behringer
UFX1204 and UFX1604 (bsc#1012628).
- clk: imx: imx6ul: Move csi_sel mux to correct base register
(bsc#1012628).
- ASoC: es8316: Use IRQF_NO_AUTOEN when requesting the IRQ
(bsc#1012628).
- ASoC: rt5651: Use IRQF_NO_AUTOEN when requesting the IRQ
(bsc#1012628).
- ASoC: nau8824: Add DMI quirk mechanism for active-high
jack-detect (bsc#1012628).
- scsi: advansys: Fix kernel pointer leak (bsc#1012628).
- scsi: smartpqi: Add controller handshake during kdump
(bsc#1012628).
- arm64: dts: imx8mm-kontron: Fix reset delays for ethernet PHY
(bsc#1012628).
- ALSA: intel-dsp-config: add quirk for APL/GLK/TGL devices
based on ES8336 codec (bsc#1012628).
- ASoC: Intel: soc-acpi: add missing quirk for TGL SDCA single
amp (bsc#1012628).
- ASoC: Intel: sof_sdw: add missing quirk for Dell SKU 0A45
(bsc#1012628).
- firmware_loader: fix pre-allocated buf built-in firmware use
(bsc#1012628).
- HID: multitouch: disable sticky fingers for UPERFECT Y
(bsc#1012628).
- ALSA: usb-audio: Add support for the Pioneer DJM 750MK2
Mixer/Soundcard (bsc#1012628).
- ARM: dts: omap: fix gpmc,mux-add-data type (bsc#1012628).
- usb: host: ohci-tmio: check return value after calling
platform_get_resource() (bsc#1012628).
- ASoC: rt5682: fix a little pop while playback (bsc#1012628).
- ARM: dts: ls1021a: move thermal-zones node out of soc/
(bsc#1012628).
- ARM: dts: ls1021a-tsn: use generic "jedec,spi-nor" compatible
for flash (bsc#1012628).
- ALSA: ISA: not for M68K (bsc#1012628).
- iommu/vt-d: Do not falsely log intel_iommu is unsupported
kernel option (bsc#1012628).
- tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc
(bsc#1012628).
- MIPS: sni: Fix the build (bsc#1012628).
- scsi: scsi_debug: Fix out-of-bound read in resp_readcap16()
(bsc#1012628).
- scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs()
(bsc#1012628).
- scsi: target: Fix ordered tag handling (bsc#1012628).
- scsi: target: Fix alua_tg_pt_gps_count tracking (bsc#1012628).
- iio: imu: st_lsm6dsx: Avoid potential array overflow in
st_lsm6dsx_set_odr() (bsc#1012628).
- RDMA/core: Use kvzalloc when allocating the struct ib_port
(bsc#1012628).
- scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine
(bsc#1012628).
- scsi: lpfc: Fix link down processing to address NULL pointer
dereference (bsc#1012628).
- scsi: lpfc: Allow fabric node recovery if recovery is in
progress before devloss (bsc#1012628).
- memory: tegra20-emc: Add runtime dependency on devfreq governor
module (bsc#1012628).
- powerpc/5200: dts: fix memory node unit name (bsc#1012628).
- ARM: dts: qcom: fix memory and mdio nodes naming for RB3011
(bsc#1012628).
- arm64: dts: qcom: Fix node name of rpm-msg-ram device nodes
(bsc#1012628).
- ALSA: gus: fix null pointer dereference on pointer block
(bsc#1012628).
- ALSA: usb-audio: fix null pointer dereference on pointer cs_desc
(bsc#1012628).
- clk: at91: sama7g5: remove prescaler part of master clock
(bsc#1012628).
- iommu/dart: Initialize DART_STREAMS_ENABLE (bsc#1012628).
- powerpc/dcr: Use cmplwi instead of 3-argument cmpli
(bsc#1012628).
- powerpc/8xx: Fix Oops with STRICT_KERNEL_RWX without
DEBUG_RODATA_TEST (bsc#1012628).
- sh: check return code of request_irq (bsc#1012628).
- maple: fix wrong return value of maple_bus_init() (bsc#1012628).
- f2fs: fix up f2fs_lookup tracepoints (bsc#1012628).
- f2fs: fix to use WHINT_MODE (bsc#1012628).
- f2fs: fix wrong condition to trigger background checkpoint
correctly (bsc#1012628).
- sh: fix kconfig unmet dependency warning for FRAME_POINTER
(bsc#1012628).
- sh: math-emu: drop unused functions (bsc#1012628).
- sh: define __BIG_ENDIAN for math-emu (bsc#1012628).
- f2fs: compress: disallow disabling compress on non-empty
compressed file (bsc#1012628).
- f2fs: fix incorrect return value in f2fs_sanity_check_ckpt()
(bsc#1012628).
- clk: ingenic: Fix bugs with divided dividers (bsc#1012628).
- clk/ast2600: Fix soc revision for AHB (bsc#1012628).
- clk: qcom: gcc-msm8996: Drop (again) gcc_aggre1_pnoc_ahb_clk
(bsc#1012628).
- KVM: arm64: Fix host stage-2 finalization (bsc#1012628).
- mips: BCM63XX: ensure that CPU_SUPPORTS_32BIT_KERNEL is set
(bsc#1012628).
- MIPS: boot/compressed/: add __bswapdi2() to target for ZSTD
decompression (bsc#1012628).
- sched/core: Mitigate race
cpus_share_cache()/update_top_cache_domain() (bsc#1012628).
- sched/fair: Prevent dead task groups from regaining cfs_rq's
(bsc#1012628).
- perf/x86/vlbr: Add c->flags to vlbr event constraints
(bsc#1012628).
- blkcg: Remove extra blkcg_bio_issue_init (bsc#1012628).
- tracing/histogram: Do not copy the fixed-size char array field
over the field size (bsc#1012628).
- perf bpf: Avoid memory leak from perf_env__insert_btf()
(bsc#1012628).
- perf bench futex: Fix memory leak of perf_cpu_map__new()
(bsc#1012628).
- perf tests: Remove bash construct from
record+zstd_comp_decomp.sh (bsc#1012628).
- drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame
(bsc#1012628).
- bpf: Fix inner map state pruning regression (bsc#1012628).
- samples/bpf: Fix summary per-sec stats in xdp_sample_user
(bsc#1012628).
- net/ipa: ipa_resource: Fix wrong for loop range (bsc#1012628).
- tcp: Fix uninitialized access in skb frags array for Rx 0cp
(bsc#1012628).
- tracing: Add length protection to histogram string copies
(bsc#1012628).
- nl80211: fix radio statistics in survey dump (bsc#1012628).
- mac80211: fix monitor_sdata RCU/locking assertions
(bsc#1012628).
- net: ipa: HOLB register sometimes must be written twice
(bsc#1012628).
- net: ipa: disable HOLB drop when updating timer (bsc#1012628).
- selftests: gpio: fix gpio compiling error (bsc#1012628).
- net: bnx2x: fix variable dereferenced before check
(bsc#1012628).
- bnxt_en: reject indirect blk offload when hw-tc-offload is off
(bsc#1012628).
- tipc: only accept encrypted MSG_CRYPTO msgs (bsc#1012628).
- sock: fix /proc/net/sockstat underflow in sk_clone_lock()
(bsc#1012628).
- net/smc: Make sure the link_id is unique (bsc#1012628).
- NFSD: Fix exposure in nfsd4_decode_bitmap() (bsc#1012628).
- iavf: Fix return of set the new channel count (bsc#1012628).
- iavf: check for null in iavf_fix_features (bsc#1012628).
- iavf: free q_vectors before queues in iavf_disable_vf
(bsc#1012628).
- iavf: don't clear a lock we don't hold (bsc#1012628).
- iavf: Fix failure to exit out from last all-multicast mode
(bsc#1012628).
- iavf: prevent accidental free of filter structure (bsc#1012628).
- iavf: validate pointers (bsc#1012628).
- iavf: Fix for the false positive ASQ/ARQ errors while issuing
VF reset (bsc#1012628).
- iavf: Fix for setting queues to 0 (bsc#1012628).
- iavf: Restore VLAN filters after link down (bsc#1012628).
- bpf: Fix toctou on read-only map's constant scalar tracking
(bsc#1012628).
- MIPS: generic/yamon-dt: fix uninitialized variable error
(bsc#1012628).
- mips: bcm63xx: add support for clk_get_parent() (bsc#1012628).
- mips: lantiq: add support for clk_get_parent() (bsc#1012628).
- gpio: rockchip: needs GENERIC_IRQ_CHIP to fix build errors
(bsc#1012628).
- platform/x86: hp_accel: Fix an error handling path in
'lis3lv02d_probe()' (bsc#1012628).
- platform/x86: think-lmi: Abort probe on analyze failure
(bsc#1012628).
- udp: Validate checksum in udp_read_sock() (bsc#1012628).
- btrfs: make 1-bit bit-fields of scrub_page unsigned int
(bsc#1012628).
- RDMA/core: Set send and receive CQ before forwarding to the
driver (bsc#1012628).
- net/mlx5e: kTLS, Fix crash in RX resync flow (bsc#1012628).
- net/mlx5e: Wait for concurrent flow deletion during neigh/fib
events (bsc#1012628).
- net/mlx5: E-Switch, Fix resetting of encap mode when entering
switchdev (bsc#1012628).
- net/mlx5e: nullify cq->dbg pointer in mlx5_debug_cq_remove()
(bsc#1012628).
- net/mlx5: Update error handler for UCTX and UMEM (bsc#1012628).
- net/mlx5: E-Switch, rebuild lag only when needed (bsc#1012628).
- net/mlx5e: CT, Fix multiple allocations and memleak of mod acts
(bsc#1012628).
- net/mlx5: Lag, update tracker when state change event received
(bsc#1012628).
- net/mlx5: E-Switch, return error if encap isn't supported
(bsc#1012628).
- scsi: ufs: core: Improve SCSI abort handling (bsc#1012628).
- scsi: core: sysfs: Fix hang when device state is set via sysfs
(bsc#1012628).
- scsi: ufs: core: Fix task management completion timeout race
(bsc#1012628).
- scsi: ufs: core: Fix another task management completion race
(bsc#1012628).
- net: mvmdio: fix compilation warning (bsc#1012628).
- net: sched: act_mirred: drop dst for the direction from egress
to ingress (bsc#1012628).
- net: dpaa2-eth: fix use-after-free in dpaa2_eth_remove
(bsc#1012628).
- net: virtio_net_hdr_to_skb: count transport header in UFO
(bsc#1012628).
- i40e: Fix correct max_pkt_size on VF RX queue (bsc#1012628).
- i40e: Fix NULL ptr dereference on VSI filter sync (bsc#1012628).
- i40e: Fix changing previously set num_queue_pairs for PFs
(bsc#1012628).
- i40e: Fix ping is lost after configuring ADq on VF
(bsc#1012628).
- RDMA/mlx4: Do not fail the registration on port stats
(bsc#1012628).
- i40e: Fix warning message and call stack during rmmod i40e
driver (bsc#1012628).
- i40e: Fix creation of first queue by omitting it if is not
power of two (bsc#1012628).
- i40e: Fix display error code in dmesg (bsc#1012628).
- NFC: reorganize the functions in nci_request (bsc#1012628).
- NFC: reorder the logic in nfc_{un,}register_device
(bsc#1012628).
- NFC: add NCI_UNREG flag to eliminate the race (bsc#1012628).
- e100: fix device suspend/resume (bsc#1012628).
- ptp: ocp: Fix a couple NULL vs IS_ERR() checks (bsc#1012628).
- tools build: Fix removal of feature-sync-compare-and-swap
feature detection (bsc#1012628).
- riscv: fix building external modules (bsc#1012628).
- KVM: PPC: Book3S HV: Use GLOBAL_TOC for
kvmppc_h_set_dabr/xdabr() (bsc#1012628).
- powerpc: clean vdso32 and vdso64 directories (bsc#1012628).
- powerpc/pseries: rename numa_dist_table to form2_distances
(bsc#1012628).
- powerpc/pseries: Fix numa FORM2 parsing fallback code
(bsc#1012628).
- pinctrl: qcom: sdm845: Enable dual edge errata (bsc#1012628).
- pinctrl: qcom: sm8350: Correct UFS and SDC offsets
(bsc#1012628).
- perf/x86/intel/uncore: Fix filter_tid mask for CHA events on
Skylake Server (bsc#1012628).
- perf/x86/intel/uncore: Fix IIO event constraints for Skylake
Server (bsc#1012628).
- perf/x86/intel/uncore: Fix IIO event constraints for Snowridge
(bsc#1012628).
- s390/kexec: fix return code handling (bsc#1012628).
- blk-cgroup: fix missing put device in error path from
blkg_conf_pref() (bsc#1012628).
- dmaengine: remove debugfs #ifdef (bsc#1012628).
- tun: fix bonding active backup with arp monitoring
(bsc#1012628).
- Revert "mark pstore-blk as broken" (bsc#1012628).
- pstore/blk: Use "%lu" to format unsigned long (bsc#1012628).
- hexagon: export raw I/O routines for modules (bsc#1012628).
- hexagon: clean up timer-regs.h (bsc#1012628).
- tipc: check for null after calling kmemdup (bsc#1012628).
- ipc: WARN if trying to remove ipc object which is absent
(bsc#1012628).
- shm: extend forced shm destroy to support objects from several
IPC nses (bsc#1012628).
- mm: kmemleak: slob: respect SLAB_NOLEAKTRACE flag (bsc#1012628).
- hugetlb, userfaultfd: fix reservation restore on userfaultfd
error (bsc#1012628).
- kmap_local: don't assume kmap PTEs are linear arrays in memory
(bsc#1012628).
- mm/damon/dbgfs: use '__GFP_NOWARN' for user-specified size
buffer allocation (bsc#1012628).
- mm/damon/dbgfs: fix missed use of damon_dbgfs_lock
(bsc#1012628).
- x86/boot: Pull up cmdline preparation and early param parsing
(bsc#1012628).
- x86/sgx: Fix free page accounting (bsc#1012628).
- x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V
setup fails (bsc#1012628).
- KVM: x86: Assume a 64-bit hypercall for guests with protected
state (bsc#1012628).
- KVM: x86: Fix uninitialized eoi_exit_bitmap usage in
vcpu_load_eoi_exitmap() (bsc#1012628).
- KVM: x86/mmu: include EFER.LMA in extended mmu role
(bsc#1012628).
- KVM: x86/xen: Fix get_attr of KVM_XEN_ATTR_TYPE_SHARED_INFO
(bsc#1012628).
- powerpc/signal32: Fix sigset_t copy (bsc#1012628).
- powerpc/xive: Change IRQ domain to a tree domain (bsc#1012628).
- powerpc/8xx: Fix pinned TLBs with CONFIG_STRICT_KERNEL_RWX
(bsc#1012628).
- Revert "drm/i915/tgl/dsi: Gate the ddi clocks after pll mapping"
(bsc#1012628).
- Revert "parisc: Reduce sigreturn trampoline to 3 instructions"
(bsc#1012628).
- ata: libata: improve ata_read_log_page() error message
(bsc#1012628).
- ata: libata: add missing ata_identify_page_supported() calls
(bsc#1012628).
- scsi: qla2xxx: Fix mailbox direction flags in
qla2xxx_get_adapter_id() (bsc#1012628).
- pinctrl: ralink: include 'ralink_regs.h' in 'pinctrl-mt7620.c'
(bsc#1012628).
- s390/setup: avoid reserving memory above identity mapping
(bsc#1012628).
- s390/boot: simplify and fix kernel memory layout setup
(bsc#1012628).
- s390/vdso: filter out -mstack-guard and -mstack-size
(bsc#1012628).
- s390/kexec: fix memory leak of ipl report buffer (bsc#1012628).
- s390/dump: fix copying to user-space of swapped kdump oldmem
(bsc#1012628).
- block: Check ADMIN before NICE for IOPRIO_CLASS_RT
(bsc#1012628).
- fbdev: Prevent probing generic drivers if a FB is already
registered (bsc#1012628).
- KVM: SEV: Disallow COPY_ENC_CONTEXT_FROM if target has created
vCPUs (bsc#1012628).
- KVM: nVMX: don't use vcpu->arch.efer when checking host state
on nested state load (bsc#1012628).
- drm/cma-helper: Release non-coherent memory with
dma_free_noncoherent() (bsc#1012628).
- printk: restore flushing of NMI buffers on remote CPUs after
NMI backtraces (bsc#1012628).
- udf: Fix crash after seekdir (bsc#1012628).
- spi: fix use-after-free of the add_lock mutex (bsc#1012628).
- net: stmmac: socfpga: add runtime suspend/resume callback for
stratix10 platform (bsc#1012628).
- Drivers: hv: balloon: Use VMBUS_RING_SIZE() wrapper for
dm_ring_size (bsc#1012628).
- btrfs: fix memory ordering between normal and ordered work
functions (bsc#1012628).
- fs: handle circular mappings correctly (bsc#1012628).
- net: stmmac: Fix signed/unsigned wreckage (bsc#1012628).
- parisc/sticon: fix reverse colors (bsc#1012628).
- cfg80211: call cfg80211_stop_ap when switch from P2P_GO type
(bsc#1012628).
- mac80211: fix radiotap header generation (bsc#1012628).
- mac80211: drop check for DONT_REORDER in
__ieee80211_select_queue (bsc#1012628).
- drm/amd/display: Update swizzle mode enums (bsc#1012628).
- drm/amd/display: Limit max DSC target bpp for specific monitors
(bsc#1012628).
- drm/i915/guc: Fix outstanding G2H accounting (bsc#1012628).
- drm/i915/guc: Don't enable scheduling on a banned context,
guc_id invalid, not registered (bsc#1012628).
- drm/i915/guc: Workaround reset G2H is received after schedule
done G2H (bsc#1012628).
- drm/i915/guc: Don't drop ce->guc_active.lock when unwinding
context (bsc#1012628).
- drm/i915/guc: Unwind context requests in reverse order
(bsc#1012628).
- drm/udl: fix control-message timeout (bsc#1012628).
- drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap
(bsc#1012628).
- drm/nouveau: Add a dedicated mutex for the clients list
(bsc#1012628).
- drm/nouveau: use drm_dev_unplug() during device removal
(bsc#1012628).
- drm/nouveau: clean up all clients on device removal
(bsc#1012628).
- drm/i915/dp: Ensure sink rate values are always valid
(bsc#1012628).
- drm/i915/dp: Ensure max link params are always valid
(bsc#1012628).
- drm/i915: Fix type1 DVI DP dual mode adapter heuristic for
modern platforms (bsc#1012628).
- drm/amdgpu: fix set scaling mode Full/Full aspect/Center not
works on vga and dvi connectors (bsc#1012628).
- drm/amd/pm: avoid duplicate powergate/ungate setting
(bsc#1012628).
- signal: Implement force_fatal_sig (bsc#1012628).
- exit/syscall_user_dispatch: Send ordinary signals on failure
(bsc#1012628).
- signal/powerpc: On swapcontext failure force SIGSEGV
(bsc#1012628).
- signal/s390: Use force_sigsegv in default_trap_handler
(bsc#1012628).
- signal/sparc32: Exit with a fatal signal when
try_to_clear_window_buffer fails (bsc#1012628).
- signal/sparc32: In setup_rt_frame and setup_fram use
force_fatal_sig (bsc#1012628).
- signal/vm86_32: Properly send SIGSEGV when the vm86 state
cannot be saved (bsc#1012628).
- signal/x86: In emulate_vsyscall force a signal instead of
calling do_exit (bsc#1012628).
- signal: Replace force_sigsegv(SIGSEGV) with
force_fatal_sig(SIGSEGV) (bsc#1012628).
- signal: Don't always set SA_IMMUTABLE for forced signals
(bsc#1012628).
- signal: Replace force_fatal_sig with force_exit_sig when in
doubt (bsc#1012628).
- hugetlbfs: flush TLBs correctly after huge_pmd_unshare
(bsc#1012628).
- RDMA/netlink: Add __maybe_unused to static inline in C file
(bsc#1012628).
- bpf: Forbid bpf_ktime_get_coarse_ns and bpf_timer_* in tracing
progs (bsc#1012628).
- selinux: fix NULL-pointer dereference when hashtab allocation
fails (bsc#1012628).
- ASoC: DAPM: Cover regression by kctl change notification fix
(bsc#1012628).
- ASoC: rsnd: fixup DMAEngine API (bsc#1012628).
- usb: max-3421: Use driver data instead of maintaining a list
of bound devices (bsc#1012628).
- ice: Fix VF true promiscuous mode (bsc#1012628).
- ice: Delete always true check of PF pointer (bsc#1012628).
- fs: export an inode_update_time helper (bsc#1012628).
- btrfs: update device path inode time instead of bd_inode
(bsc#1012628).
- net: add and use skb_unclone_keeptruesize() helper
(bsc#1012628).
- x86/Kconfig: Fix an unused variable error in dell-smm-hwmon
(bsc#1012628).
- ALSA: hda: hdac_ext_stream: fix potential locking issues
(bsc#1012628).
- ALSA: hda: hdac_stream: fix potential locking issue in
snd_hdac_stream_assign() (bsc#1012628).
- Update config files.
- commit 83fc974
++++ pam:
- Don't define doc/manpages packages in main build
++++ policycoreutils:
- finish UsrMerge (bsc#1191089)
++++ python-charset-normalizer:
- Use lower-case name of prettytable package
++++ python-psutil:
- Update skip-obs.patch to also skip TestProcess.test_ionice_linux
++++ trousers:
- Added hardening to systemd service(s) (bsc#1181400). Modified:
* tcsd.service
------------------------------------------------------------------
------------------ 2021-11-24 - Nov 24 2021 -------------------
------------------------------------------------------------------
++++ aaa_base:
- Update to version 84.87+git20211124.5486aad:
* Remove term.sh and term.csh: no COLORTERM anymore
Avoid changing COLORTERM variable in urxvt (boo#1190833)
++++ buildkit:
- Initial Packaging
++++ libdrm:
- update to 2.4.108:
* amdgpu: add amdgpu_stress utility v2
* amdgpu: add marketing names from 21.30
* amdgpu: add new marketing name
* amdgpu: Make marketing names consistent
* amdgpu: use drmCloseBufferHandle
* build: bump version to 2.4.108
* drm_fourcc: sync drm_fourcc with latest drm-next kernel
* etnaviv: use drmCloseBufferHandle
* exynos: use drmCloseBufferHandle
* Fix -Werror=format build errors on FreeBSD
* freedreno: use drmCloseBufferHandle
* headers: drm: Sync with drm-next
* intel: Do not assert on unknown chips in drm_intel_decode_context_alloc
* intel: Drop legacy execbuffer support
* intel: sync ADL-S PCI IDs with kernel
* intel: Sync pci ids
* intel: use drmCloseBufferHandle
* man: refer to drmCloseBufferHandle instead of DRM_IOCTL_GEM_CLOSE
* meson: Build libdrm.so as an unversioned lib on Android.
* meson: Don't build libkms for Android.
* nouveau: print bo address in the GPU/CPU vm and its size
* nouveau: use drmCloseBufferHandle
* omap: use drmCloseBufferHandle
* radeon: use drmCloseBufferHandle
* tegra: use drmCloseBufferHandle
* test/amdgpu: Bob to Alice copy should be TMZ in secure bounce test
* tests/amdgpu: Fix TMZ secure bounce test
* xf86drm: add GEM_CLOSE ioctl wrapper
* xf86drm: add iterator API for DRM/KMS IN_FORMATS blobs
* xf86drm: fix mem leak in drm_usb_dev_path()
* xf86drmMode: make drm_property_type_is arg const
* xf86drmMode: simplify drm_property_type_is
* xf86drmMode: switch to standard inline qualifier
* xf86drm: Update drmGetFormatModifierNameFromArm to handle AFRC
++++ libjpeg-turbo:
- update to 2.1.2:
* Fixed a regression introduced by 2.1 beta1[13] that caused the remaining
GAS implementations of AArch64 (Arm 64-bit) Neon SIMD functions (which are used
by default with GCC for performance reasons) to be placed in the `.rodata`
section rather than in the `.text` section. This caused the GNU linker to
automatically place the `.rodata` section in an executable segment, which
prevented libjpeg-turbo from working properly with other linkers and also
represented a potential security risk.
* Fixed an issue whereby the `tjTransform()` function incorrectly computed the
MCU block size for 4:4:4 JPEG images with non-unary sampling factors and thus
unduly rejected some cropping regions, even though those regions aligned with
8x8 MCU block boundaries.
* Fixed a regression introduced by 2.1 beta1[13] that caused the build system
to enable the Arm Neon SIMD extensions when targetting Armv6 and other legacy
architectures that do not support Neon instructions.
* libjpeg-turbo now performs run-time detection of AltiVec instructions on
FreeBSD/PowerPC systems if AltiVec instructions are not enabled at compile
time. This allows both AltiVec-equipped and non-AltiVec-equipped CPUs to be
supported using the same build of libjpeg-turbo.
* cjpeg now accepts a `-strict` argument similar to that of djpeg and
jpegtran, which causes the compressor to abort if an LZW-compressed GIF input
image contains incomplete or corrupt image data.
++++ snapper:
- added bash completion provided by community
++++ libsoup:
- Update to version 3.0.3:
+ Fix various HTTP/2 issues.
+ Error when libsoup2 has been loaded before libsoup3.
+ Fix memory leak when using TLS.
++++ systemd:
- Replace S:$n references with SOURCE$n. Makes vim * search work.
++++ pam:
- Add missing recommends and split provides
- Use multibuild to build docu with correct paths and available
features.
++++ policycoreutils:
- Add run_init.pamd.patch to adjust to SUSE pam setup. Removed
run_init_use_pam_keyinit.patch and included it in the new patch
(bsc#1190098)
++++ python310-packaging:
- update to 21.3:
* Add a pp3-none-any tag (gh#pypa/packaging#311)
* Replace the blank pyparsing 3 exclusion with a 3.0.5 exclusion
(gh#pypa/packaging#481), (gh#pypa/packaging#486)
* Fix a spelling mistake (gh#pypa/packaging#479)
++++ python310-pyparsing:
- requires jinja2 for testing
- requires railroad-diagrams for testing
- update to 3.0.6:
* Added suppress_warning() method to individually suppress a warning
on a specific ParserElement. Used to refactor original_text_for
to preserve internal results names, which, while undocumented, had
been adopted by some projects.
* Fix bug when delimited_list was called with a str literal instead
of a parse expression.
- changes from 3.0.5:
* Added return type annotations for col, line, and lineno.
* Fixed bug when warn_ungrouped_named_tokens_in_collection warning
was raised when assigning a results name to an original_text_for
expression. (Issue #110, would raise warning in packaging.)
* Fixed internal bug where ParserElement.streamline() would not
return self if already streamlined.
* Changed run_tests() output to default to not showing line and
column numbers. If line numbering is desired, call with
with_line_numbers=True. Also fixed minor bug where separating
line was not included after a test failure.
- changes from 3.0.4:
* Fixed bug in which Dict classes did not correctly return tokens
as nested ParseResults
* Documented API-changing side-effect of converting ParseResults
to use __slots__ to pre-define instance attributes.
* Fixed bug in railroad diagramming where the vertical limit would
count all expressions in a group, not just those that would
create visible railroad elements.
- changes from 3.0.3:
* Fixed regex typo in one_of fix for as_keyword=True.
* Fixed a whitespace-skipping bug, Issue #319, introduced as part
of the revert of the LineStart changes.
* Added header column labeling > 100 in with_line_numbers - some
input lines are longer than others.
- changes from 3.0.2:
* Reverted change in behavior with LineStart and StringStart, which
changed the interpretation of when and how LineStart and
StringStart should match when a line starts with spaces. In 3.0.0,
the xxxStart expressions were not really treated like expressions
in their own right, but as modifiers to the following expression
when used like LineStart() + expr, so that if there were whitespace
on the line before expr (which would match in versions prior to
3.0.0), the match would fail.
3.0.0 implemented this by automatically promoting LineStart() +
expr to AtLineStart(expr), which broke existing parsers that did
not expect expr to necessarily be right at the start of the line,
but only be the first token found on the line. This was reported
as a regression in Issue (gh#pyparsing/pyparsing/issues#317).
In 3.0.2, pyparsing reverts to the previous behavior, but will
retain the new AtLineStart and AtStringStart expression classes,
so that parsers can chose whichever behavior applies in their
specific instance.
* Performance enhancement to one_of to always generate an internal
Regex, even if caseless or as_keyword args are given as True
(unless explicitly disabled by passing use_regex=False).
* IndentedBlock class now works with recursive flag. By default,
the results parsed by an IndentedBlock are grouped. This can be
disabled by constructing the IndentedBlock with grouped=False.
- changes from 3.0.1
* Fixed bug where Word(max=n) did not match word groups less than
length 'n'. Thanks to Joachim Metz for catching this!
* Fixed bug where ParseResults accidentally created recursive
contents. Joachim Metz on this one also!
* Fixed bug where warn_on_multiple_string_args_to_oneof warning
is raised even when not enabled.
- changes from 3.0.0
* A consolidated list of all the changes in the 3.0.0 release
can be found in docs/whats_new_in_3_0_0.rst.
(https://github.com/pyparsing/pyparsing/blob/master/docs/whats_new_in_3_0_0.rst)
- disable build for python2, not supported anymore
++++ toolbox:
- Update to version 2.2+git20211124.09791b1:
* Introduce -n/--nostop switch so mutiple sessions can be run inside an existing toolbox
------------------------------------------------------------------
------------------ 2021-11-23 - Nov 23 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- kernel-source.spec: install-kernel-tools also required on 15.4
- commit 6cefb55
++++ protobuf-c:
- Drop no longer needed rpmlintrc.
- Also add a protobuf-c =< version Obsoletes to devel sub-package.
++++ nerdctl:
- Initial Packaging
++++ osinfo-db:
- jsc#SLE-17764 - Dev: Support Oracle Linux as a guest VM. See also
bsc#1192238 [Build58.2][KVM] The latest supported OracleLinux as
guest versions are not included anywhere
add-missing-oracle-linux-versions.patch
++++ rootlesskit:
- Initial Packaging
++++ virt-manager:
- jsc#SLE-17735 - Support Oracle Linux as a guest VM. See also
bsc#1192238 [Build58.2][KVM] The latest supported OracleLinux as
guest versions are not included anywhere
virtinst-add-oracle-linux-support.patch
------------------------------------------------------------------
------------------ 2021-11-22 - Nov 22 2021 -------------------
------------------------------------------------------------------
++++ transactional-update:
- Version 4.0.0~rc1
This release is API, but not ABI compatible with previous releases;
existing applications will have to be recompiled against this new version.
Major features:
- Introduces a D-Bus service to access the libtukit API via the
org.opensuse.tukit.Transaction interface
- Introduces a C binding via libtukit.h.
Other changes:
- t-u: Rework --quiet handling to make sure no output is shown even in
error cases; this is necessary for automation, e.g. with Salt.
[gh#openSUSE/transactional-update#73]
- tukit: Allow storing command output into variable by introducing a new
optional parameter for "execute" and "callExt".
- Replace multiple and non-standalone occurenses of {} in "callExt"
argument.
- Split transactional-update.timer into transactional-update.timer
and transactional-update-cleanup.timer; the later will clean up
old snapshots even when the system does not do automatic updates.
- tukit: Remove legacy alias "setDiscard" for "setDiscardIfUnchanged".
- Throw exception if snapshot is not found.
- Fix various compiler warnings
- Update spec file:
- Include tukitd D-Bus daemon
- Only install one version of the library (as there are no breaking API
changes yet)
- Add %pre scriplets for systemd services
- Replace %systemd_postun scriptlets with %systemd_postun_with_restart
to satisfy rpmlint checks
- Add transactional-update log file as %ghost file
++++ kernel-default:
- config: disable unprivileged BPF by default (jsc#SLE-22573)
Backport of mainline commit 8a03e56b253e ("bpf: Disallow unprivileged bpf
by default") only changes kconfig default, used e.g. for "make oldconfig"
when the config option is missing, but does not update our kernel configs
used for build. Update also these to make sure unprivileged BPF is really
disabled by default.
[ddiss: extend to all tumbleweed kernel configs]
- commit 61d2576
- Linux 5.15.4 (bsc#1012628).
- string: uninline memcpy_and_pad (bsc#1012628).
- Revert "drm: fb_helper: improve CONFIG_FB dependency"
(bsc#1012628).
- Revert "drm: fb_helper: fix CONFIG_FB dependency" (bsc#1012628).
- btrfs: introduce btrfs_is_data_reloc_root (bsc#1012628).
- btrfs: zoned: add a dedicated data relocation block group
(bsc#1012628).
- btrfs: zoned: only allow one process to add pages to a
relocation inode (bsc#1012628).
- btrfs: zoned: use regular writes for relocation (bsc#1012628).
- btrfs: check for relocation inodes on zoned btrfs in
should_nocow (bsc#1012628).
- btrfs: zoned: allow preallocation for relocation inodes
(bsc#1012628).
- fortify: Explicitly disable Clang support (bsc#1012628).
- block: Add a helper to validate the block size (bsc#1012628).
- loop: Use blk_validate_block_size() to validate block size
(bsc#1012628).
- Bluetooth: btusb: Add support for TP-Link UB500 Adapter
(bsc#1012628).
- parisc/entry: fix trace test in syscall exit path (bsc#1012628).
- PCI/MSI: Deal with devices lying about their MSI mask capability
(bsc#1012628).
- PCI: Add MSI masking quirk for Nvidia ION AHCI (bsc#1012628).
- perf/core: Avoid put_page() when GUP fails (bsc#1012628).
- thermal: Fix NULL pointer dereferences in of_thermal_ functions
(bsc#1012628).
- Revert "ACPI: scan: Release PM resources blocked by unused
objects" (bsc#1012628).
- Update config files.
- commit f51b3ce
++++ ncurses:
- Add ncurses patch 20211120
+ add dim, ecma+strikeout to st-0.6 -TD
+ deallocate the tparm cache when del_curterm is called for the last
allocated TERMINAL structure (report/testcase by Bram Moolenaar,
cf: 20200531).
+ modify test-package to more closely conform to Debian multi-arch.
+ if the --with-pkg-config-libdir option is not given, use
${libdir}/pkgconfig as a default (prompted by discussion with Ross
Burton).
- Correct offsets of patch ncurses-6.3.dif
++++ ceph:
- Update to 16.2.6-463-g22e7612f9ad:
+ (bsc#1178073) mgr/dashboard: fix downstream NFS doc links
++++ systemd:
- Import commit 523f32df573d459551760b072cb62906f4a2cf23 (merge of v249.7)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/c34c98712600bc206919ec6ed136195f75ac1967...523f32df573d459551760b072cb62906f4a2cf23
- Import commit c34c98712600bc206919ec6ed136195f75ac1967
f99aa40c6e TEST-12: make sure 'adm' group exist
6c7194ff99 TEST-08: don't force ext4 for /
dd1814b8f9 test: use kbd-mode-map we ship in one more test case
94c5febf2a test: fix TEST-10-ISSUE-2467
- Update the dependencies of the systemd-testsuite sub-package.
++++ pam:
- common-session: move pam_systemd to first position as if the
file would have been generated with pam-config
- Add vendordir fixes and enhancements from upstream:
- pam_xauth_data.3.xml.patch
- 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch
- 0002-Only-include-vendordir-in-manual-page-if-set-401.patch
- 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch
- For buggy bot: Makefile-pam_unix-nis.diff belonged to the other
spec file.
++++ raspberrypi-firmware:
- Fix deps for raspberrypi-firmware-config and raspberrypi-firmware-config-camera
++++ raspberrypi-firmware-config:
- Fix deps for raspberrypi-firmware-config and raspberrypi-firmware-config-camera
++++ raspberrypi-firmware-config-camera:
- Fix deps for raspberrypi-firmware-config and raspberrypi-firmware-config-camera
++++ vim:
- fix boo#1192871
- Updated to version 8.2.3640, fixes the following problems
* Arglist test does not clear the argument list consistently.
* ":verbose pwd" does not mention 'autochdir' was applied.
* getcwd() is unclear about how 'autochdir' is used.
* Cannot use a lambda for 'operatorfunc'.
* Memory leak reported in libtlib.
* Build failure.
* "verbose pwd" shows confusing info when :lcd does not change directory.
* "$*" is expanded to "nonomatch".
* When renaming a terminal buffer the status text is not updated.
* Illegal memory access when C-indenting.
* "au!" and "au! event" cannot be followed by another command as documented.
* difficult to know where the text starts in a window. (Sergey Vlasov)
* Looking up terminal colors is a bit slow.
* Command completion in cmdline window uses global user commands, not
local commands for the window where it was opened from.
* Printf() with %S does not handle multi-byte correctly.
* "syntax enable" does not work properly in Vim9 context.
* GTK3: undercurl does not get removed properly.
* Vim9: line number of lambda is off by one.
* Error for already defined function uses wrong line number.
* GTK: composing underline does not show.
* Coverity warns for unreachable code.
* Typos in test files.
* getcompletion() always passes zero as position to custom completion
function.
* Line commented out accidentally.
* Freeze when calling term_wait() in a close callback.
------------------------------------------------------------------
------------------ 2021-11-21 - Nov 21 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- update to 5.16-rc2
- refresh
- patches.suse/suse-hv-guest-os-id.patch
- update configs (restore values before 5.14-rc1)
- PSTORE_ZONE=m
- PSTORE_BLK=m
- PSTORE_BLK_BLKDEV=""
- PSTORE_BLK_KMSG_SIZE=64
- PSTORE_BLK_MAX_REASON=2
- MTD_PSTORE=m
- commit 696d453
++++ libcap:
- libcap 2.61:
* Better error handling of the numerical arguments for capsh and
setcap
* Fix executable mode for all of the .so files. There were two
situations where this was failing (with a hard to debug SIGSEGV
inside libc)
* Added an example of a shared library object with its own file
capability
* Fix the top-level include for Make.Rules in the contrib/sucap
example application
* Add support for running constructors at libcap.so start up time
when running as stand alone binary.
- includes changes from 2.60:
* Some build, code linting fixes, the addition of the
cap_fill_flag() API and a memory latency optimization
* General improvement in thread safety for libcap and cap package
* Minor API change replacing libcap:cap_launch_*() void returning
functions with int + errno status returns.
* Added a cap_iab_dup(), and (*cap.IAB).Dup() to API
* New features for capsh: --quiet, -+ and =+ arguments
- add upstream signing key and verify source signature
++++ patterns-base:
- enhanced_base: Recommend low-memory-monitor an early boot daemon
to monitor memory pressure and react to low memory.
- Run pre_checkin.sh to sync 32-bit patterns.
------------------------------------------------------------------
------------------ 2021-11-20 - Nov 20 2021 -------------------
------------------------------------------------------------------
++++ libappindicator:
- Update to version 12.10.1~bzr20200706.298 (chages since
12.10.1~bzr20170215.282):
* Fix build failures.
* Vendorise indicator-desktop-shortcuts (convenience wrapper
around gdesktopappinfo) from the libindicator project, to drop
the dependency on libindicator as none of the rest of it is
used.
* Don't build with -Werror.
* Drop Python 2 bindings and GObject Introspection for GTK 2
(lp#1740637).
* app-indicator: Don't pass unexpected parameter to signal
emissions (lp#1867996).
* app-indicator: Only check for item numbers when iterating
array (lp#1867996).
* Fall back to tray icon when StatusNotifierHost is not
available.
- Drop libappindicator-no-Werror.patch: fixed upstream.
- Drop only_require_python_for_gtk2.patch: no longer needed.
- Rebase xappstatusicon.patch.
++++ colord:
- Change to systemd-sysusers
------------------------------------------------------------------
------------------ 2021-11-19 - Nov 19 2021 -------------------
------------------------------------------------------------------
++++ chrony:
- SLE bugs that have been fixed in openSUSE up to this point
without explicit references: bsc#1183783, bsc#1184400,
bsc#1171806, bsc#1161119, bsc#1159840.
- Obsoleted SLE patches:
* chrony-fix-open.patch
* chrony-gettimeofday.patch
* chrony-ntp-era-split.patch
* chrony-pidfile.patch
* chrony-select-timeout.patch
* chrony-urandom.patch
* chrony.sysconfig
* clknetsim-glibc-2.31.patch
++++ containerd:
- Update to containerd v1.4.12 for Docker 20.10.11-ce. bsc#1192814
bsc#1193273 CVE-2021-41190
++++ dracut:
- Update to version 055+suse.142.g7d8c3ce3:
* style(dracut.sh): remove redundant script header
* fix(dracut.sh): change misspelled variable name
* fix(dracut.sh): remove wrong $ in loop sequence
* chore(suse): update spec (jsc#SLE-20248)
* fix(90kernel-modules): add isp1760 USB controller
* fix(iscsi): add support for the new iscsiadm "no-wait" (-W) command (bsc#1187190)
* ci(suse.conf.example): optimal compression parameters for zstd (jsc#SLE-20248)
* feat(dracut.sh): check if target kernel has zstd support compiled in (jsc#SLE-20248)
* ci(suse.conf.example): change default compression option for SUSE (jsc#SLE-20248)
++++ transactional-update:
- Version 3.6.2
- Bind mount root file system snapshot on itself, this makes the
temporary directory in /tmp unnecessary; also fixes [boo#1188110]
to return the correct snapshot's working directory via API call.
- Use separate mount namespace for transactional-update; this should
fix several applications that fail to run if a mount point has the
'unbindable' mount flag set
++++ iptables:
- Fix libalternatives configuration for ebtables and arptables
by keeping argv0, fixes bsc#1192799.
++++ kernel-default:
- blacklist.conf: add one arm64's w/o prerequisites
- commit 404f576
- samples/bpf: Fix incorrect use of strlen in xdp_redirect_cpu
(git-fixes).
- commit a48a8e6
- selftests: net: switch to socat in the GSO GRE test (git-fixes).
- KVM: Fix steal time asm constraints (git-fixes).
- commit 24aa787
++++ protobuf-c:
- Fold main package into devel package, as it needed its own
devel-package, add a protobuf-c = version Provides to devel
sub-package.
++++ libvirt:
- virt-create-rootfs: Fix repository URLs
Updated virt-create-rootfs.patch
boo#1192318
++++ makedumpfile:
- Turn on zstd.
++++ patterns-base:
- x11 pattern: Require xf86-input-libinput also on s390x
(JIRA#SLE-18632)
++++ python-distro:
- Tests: Set locale to UTF-8 to fix tests on Leap 15.3.
------------------------------------------------------------------
------------------ 2021-11-18 - Nov 18 2021 -------------------
------------------------------------------------------------------
++++ Mesa:
- n_buildfix-21.3.0.patch
* fixes Mesa-drivers build
++++ Mesa-drivers:
- n_buildfix-21.3.0.patch
* fixes Mesa-drivers build
++++ bash:
- Update bash 5.1 to patch level 12
* Add official patch bash51-009
The bash malloc implementation of malloc_usable_size() does not follow the
specification. This can cause library functions that use it to overwrite
memory bounds checking.
* Add official patch bash51-010
If `wait -n' is interrupted by a trapped signal other than SIGINT, it does
not completely clean up state, and that can prevent subsequent calls to
`wait -n' from working correctly.
* Add official patch bash51-011
When reading a compound assignment, and running it through the parser to
split it into words, we need to save and restore any alias we're currently
expanding.
* Add official patch bash51-012
There is a possible race condition that arises when a child process receives
a signal trapped by the parent before it can reset the signal dispositions.
The child process is not supposed to trap the signal in this circumstance.
++++ cryptsetup:
- cryptsetup 2.4.2:
* Fix possible large memory allocation if LUKS2 header size is
invalid.
* Fix memory corruption in debug message printing LUKS2
checksum.
* veritysetup: remove link to the UUID library for the static
build.
* Remove link to pwquality library for integritysetup and
veritysetup. These tools do not read passphrases.
* OpenSSL3 backend: avoid remaining deprecated calls in API.
Crypto backend no longer use API deprecated in OpenSSL 3.0
* Check if kernel device-mapper create device failed in an early
phase. This happens when a concurrent creation of device-mapper
devices meets in the very early state.
* Do not set compiler optimization flag for Argon2 KDF if the
memory wipe is implemented in libc.
* Do not attempt to unload LUKS2 tokens if external tokens are
disabled. This allows building a static binary with
- -disable-external-tokens.
* LUKS convert: also check sysfs for device activity.
If udev symlink is missing, code fallbacks to sysfs scan to
prevent data corruption for the active device.
++++ dnsmasq:
- bsc#1192529, dnsmasq-resolv-conf.patch:
Fix a segfault when re-reading an empty resolv.conf
- Remove "nogroup" membership from the dnsmasq user.
++++ docker:
- Update to Docker 20.10.11-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/#201011>. bsc#1192814
bsc#1193273 CVE-2021-41190
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
- Remove upstreamed patches:
- 0006-bsc1190670-seccomp-add-support-for-clone3-syscall-in.patch
++++ librsvg:
- Disable testsuite for now, let upstream figure out the issue with
harfbuzz 3.1.1.
++++ kernel-default:
- Linux 5.15.3 (bsc#1012628).
- xhci: Fix USB 3.1 enumeration issues by increasing roothub
power-on-good delay (bsc#1012628).
- usb: xhci: Enable runtime-pm by default on AMD Yellow Carp
platform (bsc#1012628).
- Input: iforce - fix control-message timeout (bsc#1012628).
- Input: elantench - fix misreporting trackpoint coordinates
(bsc#1012628).
- libata: fix read log timeout value (bsc#1012628).
- ocfs2: fix data corruption on truncate (bsc#1012628).
- scsi: scsi_ioctl: Validate command size (bsc#1012628).
- scsi: core: Avoid leaving shost->last_reset with stale value
if EH does not run (bsc#1012628).
- scsi: core: Remove command size deduction from
scsi_setup_scsi_cmnd() (bsc#1012628).
- scsi: lpfc: Don't release final kref on Fport node while ABTS
outstanding (bsc#1012628).
- scsi: lpfc: Fix FCP I/O flush functionality for TMF routines
(bsc#1012628).
- scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1012628).
- scsi: qla2xxx: Fix kernel crash when accessing port_speed
sysfs file (bsc#1012628).
- scsi: qla2xxx: Fix use after free in eh_abort path
(bsc#1012628).
- ce/gf100: fix incorrect CE0 address calculation on some GPUs
(bsc#1012628).
- char: xillybus: fix msg_ep UAF in xillyusb_probe()
(bsc#1012628).
- mmc: mtk-sd: Add wait dma stop done flow (bsc#1012628).
- mmc: dw_mmc: Dont wait for DRTO on Write RSP error
(bsc#1012628).
- exfat: fix incorrect loading of i_blocks for large files
(bsc#1012628).
- io-wq: remove worker to owner tw dependency (bsc#1012628).
- parisc: Fix set_fixmap() on PA1.x CPUs (bsc#1012628).
- parisc: Fix ptrace check on syscall return (bsc#1012628).
- tpm: Check for integer overflow in tpm2_map_response_body()
(bsc#1012628).
- firmware/psci: fix application of sizeof to pointer
(bsc#1012628).
- crypto: s5p-sss - Add error handling in s5p_aes_probe()
(bsc#1012628).
- media: rkvdec: Do not override sizeimage for output format
(bsc#1012628).
- media: ite-cir: IR receiver stop working after receive overflow
(bsc#1012628).
- media: rkvdec: Support dynamic resolution changes (bsc#1012628).
- media: ir-kbd-i2c: improve responsiveness of hauppauge zilog
receivers (bsc#1012628).
- media: v4l2-ioctl: Fix check_ext_ctrls (bsc#1012628).
- ALSA: hda/realtek: Fix mic mute LED for the HP Spectre x360 14
(bsc#1012628).
- ALSA: hda/realtek: Add a quirk for HP OMEN 15 mute LED
(bsc#1012628).
- ALSA: hda/realtek: Add quirk for Clevo PC70HS (bsc#1012628).
- ALSA: hda/realtek: Headset fixup for Clevo NH77HJQ
(bsc#1012628).
- ALSA: hda/realtek: Add a quirk for Acer Spin SP513-54N
(bsc#1012628).
- ALSA: hda/realtek: Add quirk for ASUS UX550VE (bsc#1012628).
- ALSA: hda/realtek: Add quirk for HP EliteBook 840 G7 mute LED
(bsc#1012628).
- ALSA: ua101: fix division by zero at probe (bsc#1012628).
- ALSA: 6fire: fix control and bulk message timeouts
(bsc#1012628).
- ALSA: line6: fix control and interrupt message timeouts
(bsc#1012628).
- ALSA: mixer: oss: Fix racy access to slots (bsc#1012628).
- ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume
(bsc#1012628).
- ALSA: usb-audio: Line6 HX-Stomp XL USB_ID for 48k-fixed quirk
(bsc#1012628).
- ALSA: usb-audio: Add registration quirk for JBL Quantum 400
(bsc#1012628).
- ALSA: hda: Free card instance properly at probe errors
(bsc#1012628).
- ALSA: synth: missing check for possible NULL after the call
to kstrdup (bsc#1012628).
- ALSA: pci: rme: Fix unaligned buffer addresses (bsc#1012628).
- ALSA: PCM: Fix NULL dereference at mmap checks (bsc#1012628).
- ALSA: timer: Fix use-after-free problem (bsc#1012628).
- ALSA: timer: Unconditionally unlink slave instances, too
(bsc#1012628).
- Revert "ext4: enforce buffer head state assertion in
ext4_da_map_blocks" (bsc#1012628).
- ext4: fix lazy initialization next schedule time computation
in more granular unit (bsc#1012628).
- ext4: ensure enough credits in ext4_ext_shift_path_extents
(bsc#1012628).
- ext4: refresh the ext4_ext_path struct after dropping i_data_sem
(bsc#1012628).
- fuse: fix page stealing (bsc#1012628).
- x86/sme: Use #define USE_EARLY_PGTABLE_L5 in
mem_encrypt_identity.c (bsc#1012628).
- x86/cpu: Fix migration safety with X86_BUG_NULL_SEL
(bsc#1012628).
- x86/irq: Ensure PI wakeup handler is unregistered before module
unload (bsc#1012628).
- x86/iopl: Fake iopl(3) CLI/STI usage (bsc#1012628).
- btrfs: clear MISSING device status bit in btrfs_close_one_device
(bsc#1012628).
- btrfs: fix lost error handling when replaying directory deletes
(bsc#1012628).
- btrfs: call btrfs_check_rw_degradable only if there is a
missing device (bsc#1012628).
- KVM: x86/mmu: Drop a redundant, broken remote TLB flush
(bsc#1012628).
- KVM: VMX: Unregister posted interrupt wakeup handler on hardware
unsetup (bsc#1012628).
- KVM: PPC: Tick accounting should defer vtime accounting 'til
after IRQ handling (bsc#1012628).
- ia64: kprobes: Fix to pass correct trampoline address to the
handler (bsc#1012628).
- selinux: fix race condition when computing ocontext SIDs
(bsc#1012628).
- ipmi:watchdog: Set panic count to proper value on a panic
(bsc#1012628).
- md/raid1: only allocate write behind bio for WriteMostly device
(bsc#1012628).
- hwmon: (pmbus/lm25066) Add offset coefficients (bsc#1012628).
- regulator: s5m8767: do not use reset value as DVS voltage if
GPIO DVS is disabled (bsc#1012628).
- regulator: dt-bindings: samsung,s5m8767: correct
s5m8767,pmic-buck-default-dvs-idx property (bsc#1012628).
- EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell
(bsc#1012628).
- mwifiex: fix division by zero in fw download path (bsc#1012628).
- ath6kl: fix division by zero in send path (bsc#1012628).
- ath6kl: fix control-message timeout (bsc#1012628).
- ath10k: fix control-message timeout (bsc#1012628).
- ath10k: fix division by zero in send path (bsc#1012628).
- PCI: Mark Atheros QCA6174 to avoid bus reset (bsc#1012628).
- rtl8187: fix control-message timeouts (bsc#1012628).
- evm: mark evm_fixmode as __ro_after_init (bsc#1012628).
- ifb: Depend on netfilter alternatively to tc (bsc#1012628).
- platform/surface: aggregator_registry: Add support for Surface
Laptop Studio (bsc#1012628).
- mt76: mt7615: fix skb use-after-free on mac reset (bsc#1012628).
- HID: surface-hid: Use correct event registry for managing HID
events (bsc#1012628).
- HID: surface-hid: Allow driver matching for target ID 1 devices
(bsc#1012628).
- wcn36xx: Fix HT40 capability for 2Ghz band (bsc#1012628).
- wcn36xx: Fix tx_status mechanism (bsc#1012628).
- wcn36xx: Fix (QoS) null data frame bitrate/modulation
(bsc#1012628).
- PM: sleep: Do not let "syscore" devices runtime-suspend during
system transitions (bsc#1012628).
- mwifiex: Read a PCI register after writing the TX ring write
pointer (bsc#1012628).
- mwifiex: Try waking the firmware until we get an interrupt
(bsc#1012628).
- libata: fix checking of DMA state (bsc#1012628).
- dma-buf: fix and rework dma_buf_poll v7 (bsc#1012628).
- wcn36xx: handle connection loss indication (bsc#1012628).
- rsi: fix occasional initialisation failure with BT coex
(bsc#1012628).
- rsi: fix key enabled check causing unwanted encryption for
vap_id > 0 (bsc#1012628).
- rsi: fix rate mask set leading to P2P failure (bsc#1012628).
- rsi: Fix module dev_oper_mode parameter description
(bsc#1012628).
- perf/x86/intel/uncore: Support extra IMC channel on Ice Lake
server (bsc#1012628).
- perf/x86/intel/uncore: Fix invalid unit check (bsc#1012628).
- perf/x86/intel/uncore: Fix Intel ICX IIO event constraints
(bsc#1012628).
- RDMA/qedr: Fix NULL deref for query_qp on the GSI QP
(bsc#1012628).
- ASoC: tegra: Set default card name for Trimslice (bsc#1012628).
- ASoC: tegra: Restore AC97 support (bsc#1012628).
- signal: Remove the bogus sigkill_pending in ptrace_stop
(bsc#1012628).
- memory: renesas-rpc-if: Correct QSPI data transfer in Manual
mode (bsc#1012628).
- signal/mips: Update (_save|_restore)_fp_context to fail with
- EFAULT (bsc#1012628).
- signal: Add SA_IMMUTABLE to ensure forced siganls do not get
changed (bsc#1012628).
- soc: samsung: exynos-pmu: Fix compilation when nothing selects
CONFIG_MFD_CORE (bsc#1012628).
- soc: fsl: dpio: replace smp_processor_id with
raw_smp_processor_id (bsc#1012628).
- soc: fsl: dpio: use the combined functions to protect critical
zone (bsc#1012628).
- mtd: rawnand: socrates: Keep the driver compatible with on-die
ECC engines (bsc#1012628).
- mctp: handle the struct sockaddr_mctp padding fields
(bsc#1012628).
- power: supply: max17042_battery: Prevent int underflow in
set_soc_threshold (bsc#1012628).
- power: supply: max17042_battery: use VFSOC for capacity when
no rsns (bsc#1012628).
- iio: core: fix double free in iio_device_unregister_sysfs()
(bsc#1012628).
- iio: core: check return value when calling dev_set_name()
(bsc#1012628).
- KVM: arm64: Extract ESR_ELx.EC only (bsc#1012628).
- KVM: x86: Fix recording of guest steal time / preempted status
(bsc#1012628).
- KVM: x86: Add helper to consolidate core logic of SET_CPUID{2}
flows (bsc#1012628).
- KVM: nVMX: Query current VMCS when determining if MSR bitmaps
are in use (bsc#1012628).
- KVM: nVMX: Handle dynamic MSR intercept toggling (bsc#1012628).
- can: peak_usb: always ask for BERR reporting for PCAN-USB
devices (bsc#1012628).
- can: mcp251xfd: mcp251xfd_irq(): add missing
can_rx_offload_threaded_irq_finish() in case of bus off
(bsc#1012628).
- can: j1939: j1939_tp_cmd_recv(): ignore abort message in the
BAM transport (bsc#1012628).
- can: j1939: j1939_can_recv(): ignore messages with invalid
source address (bsc#1012628).
- can: j1939: j1939_tp_cmd_recv(): check the dst address of
TP.CM_BAM (bsc#1012628).
- iio: adc: tsc2046: fix scan interval warning (bsc#1012628).
- powerpc/85xx: Fix oops when mpc85xx_smp_guts_ids node cannot
be found (bsc#1012628).
- io_uring: honour zeroes as io-wq worker limits (bsc#1012628).
- ring-buffer: Protect ring_buffer_reset() from reentrancy
(bsc#1012628).
- serial: core: Fix initializing and restoring termios speed
(bsc#1012628).
- ifb: fix building without CONFIG_NET_CLS_ACT (bsc#1012628).
- xen/balloon: add late_initcall_sync() for initial ballooning
done (bsc#1012628).
- ovl: fix use after free in struct ovl_aio_req (bsc#1012628).
- ovl: fix filattr copy-up failure (bsc#1012628).
- PCI: pci-bridge-emul: Fix emulation of W1C bits (bsc#1012628).
- PCI: cadence: Add cdns_plat_pcie_probe() missing return
(bsc#1012628).
- cxl/pci: Fix NULL vs ERR_PTR confusion (bsc#1012628).
- PCI: aardvark: Do not clear status bits of masked interrupts
(bsc#1012628).
- PCI: aardvark: Fix checking for link up via LTSSM state
(bsc#1012628).
- PCI: aardvark: Do not unmask unused interrupts (bsc#1012628).
- PCI: aardvark: Fix reporting Data Link Layer Link Active
(bsc#1012628).
- PCI: aardvark: Fix configuring Reference clock (bsc#1012628).
- PCI: aardvark: Fix return value of MSI domain .alloc() method
(bsc#1012628).
- PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG
(bsc#1012628).
- PCI: aardvark: Fix support for bus mastering and PCI_COMMAND
on emulated bridge (bsc#1012628).
- PCI: aardvark: Fix support for PCI_BRIDGE_CTL_BUS_RESET on
emulated bridge (bsc#1012628).
- PCI: aardvark: Set PCI Bridge Class Code to PCI Bridge
(bsc#1012628).
- PCI: aardvark: Fix support for PCI_ROM_ADDRESS1 on emulated
bridge (bsc#1012628).
- quota: check block number when reading the block in quota file
(bsc#1012628).
- quota: correct error number in free_dqentry() (bsc#1012628).
- cifs: To match file servers, make sure the server hostname
matches (bsc#1012628).
- cifs: set a minimum of 120s for next dns resolution
(bsc#1012628).
- mfd: simple-mfd-i2c: Select MFD_CORE to fix build error
(bsc#1012628).
- pinctrl: core: fix possible memory leak in pinctrl_enable()
(bsc#1012628).
- coresight: cti: Correct the parameter for pm_runtime_put
(bsc#1012628).
- coresight: trbe: Fix incorrect access of the sink specific data
(bsc#1012628).
- coresight: trbe: Defer the probe on offline CPUs (bsc#1012628).
- iio: buffer: check return value of kstrdup_const()
(bsc#1012628).
- iio: buffer: Fix memory leak in
iio_buffers_alloc_sysfs_and_mask() (bsc#1012628).
- iio: buffer: Fix memory leak in
__iio_buffer_alloc_sysfs_and_mask() (bsc#1012628).
- iio: buffer: Fix memory leak in
iio_buffer_register_legacy_sysfs_groups() (bsc#1012628).
- drivers: iio: dac: ad5766: Fix dt property name (bsc#1012628).
- iio: dac: ad5446: Fix ad5622_write() return value (bsc#1012628).
- iio: ad5770r: make devicetree property reading consistent
(bsc#1012628).
- Documentation:devicetree:bindings:iio:dac: Fix val
(bsc#1012628).
- USB: serial: keyspan: fix memleak on probe errors (bsc#1012628).
- serial: 8250: fix racy uartclk update (bsc#1012628).
- ksmbd: set unique value to volume serial field in
FS_VOLUME_INFORMATION (bsc#1012628).
- io-wq: serialize hash clear with wakeup (bsc#1012628).
- serial: 8250: Fix reporting real baudrate value in c_ospeed
field (bsc#1012628).
- Revert "serial: 8250: Fix reporting real baudrate value in
c_ospeed field" (bsc#1012628).
- most: fix control-message timeouts (bsc#1012628).
- USB: iowarrior: fix control-message timeouts (bsc#1012628).
- USB: chipidea: fix interrupt deadlock (bsc#1012628).
- power: supply: max17042_battery: Clear status bits in interrupt
handler (bsc#1012628).
- component: do not leave master devres group open after bind
(bsc#1012628).
- dma-buf: WARN on dmabuf release with pending attachments
(bsc#1012628).
- drm: panel-orientation-quirks: Update the Lenovo Ideapad D330
quirk (v2) (bsc#1012628).
- drm: panel-orientation-quirks: Add quirk for KD Kurio Smart
C15200 2-in-1 (bsc#1012628).
- drm: panel-orientation-quirks: Add quirk for the Samsung Galaxy
Book 10.6 (bsc#1012628).
- Bluetooth: fix use-after-free error in lock_sock_nested()
(bsc#1012628).
- Bluetooth: call sock_hold earlier in sco_conn_del (bsc#1012628).
- drm/panel-orientation-quirks: add Valve Steam Deck
(bsc#1012628).
- rcutorture: Avoid problematic critical section nesting on
PREEMPT_RT (bsc#1012628).
- platform/x86: wmi: do not fail if disabling fails (bsc#1012628).
- drm/amdgpu: move iommu_resume before ip init/resume
(bsc#1012628).
- MIPS: lantiq: dma: add small delay after reset (bsc#1012628).
- MIPS: lantiq: dma: reset correct number of channel
(bsc#1012628).
- locking/lockdep: Avoid RCU-induced noinstr fail (bsc#1012628).
- net: sched: update default qdisc visibility after Tx queue
cnt changes (bsc#1012628).
- ACPI: resources: Add DMI-based legacy IRQ override quirk
(bsc#1012628).
- rcu-tasks: Move RTGS_WAIT_CBS to beginning of
rcu_tasks_kthread() loop (bsc#1012628).
- smackfs: Fix use-after-free in netlbl_catmap_walk()
(bsc#1012628).
- ath11k: Align bss_chan_info structure with firmware
(bsc#1012628).
- crypto: aesni - check walk.nbytes instead of err (bsc#1012628).
- x86/mm/64: Improve stack overflow warnings (bsc#1012628).
- x86: Increase exception stack sizes (bsc#1012628).
- mwifiex: Run SET_BSS_MODE when changing from P2P to STATION
vif-type (bsc#1012628).
- mwifiex: Properly initialize private structure on interface
type changes (bsc#1012628).
- spi: Check we have a spi_device_id for each DT compatible
(bsc#1012628).
- fscrypt: allow 256-bit master keys with AES-256-XTS
(bsc#1012628).
- drm/amdgpu: Fix MMIO access page fault (bsc#1012628).
- drm/amd/display: Fix null pointer dereference for encoders
(bsc#1012628).
- selftests: net: fib_nexthops: Wait before checking reported
idle time (bsc#1012628).
- ath11k: Avoid reg rules update during firmware recovery
(bsc#1012628).
- ath11k: add handler for scan event WMI_SCAN_EVENT_DEQUEUED
(bsc#1012628).
- ath11k: Change DMA_FROM_DEVICE to DMA_TO_DEVICE when map
reinjected packets (bsc#1012628).
- ath10k: high latency fixes for beacon buffer (bsc#1012628).
- octeontx2-pf: Enable promisc/allmulti match MCAM entries
(bsc#1012628).
- media: mt9p031: Fix corrupted frame after restarting stream
(bsc#1012628).
- media: netup_unidvb: handle interrupt properly according to
the firmware (bsc#1012628).
- media: atomisp: Fix error handling in probe (bsc#1012628).
- media: stm32: Potential NULL pointer dereference in
dcmi_irq_thread() (bsc#1012628).
- media: uvcvideo: Set capability in s_param (bsc#1012628).
- media: uvcvideo: Return -EIO for control errors (bsc#1012628).
- media: uvcvideo: Set unique vdev name based in type
(bsc#1012628).
- media: vidtv: Fix memory leak in remove (bsc#1012628).
- media: s5p-mfc: fix possible null-pointer dereference in
s5p_mfc_probe() (bsc#1012628).
- media: s5p-mfc: Add checking to s5p_mfc_probe() (bsc#1012628).
- media: videobuf2: rework vb2_mem_ops API (bsc#1012628).
- media: imx: set a media_device bus_info string (bsc#1012628).
- media: rcar-vin: Use user provided buffers when starting
(bsc#1012628).
- media: mceusb: return without resubmitting URB in case of
- EPROTO error (bsc#1012628).
- ia64: don't do IA64_CMPXCHG_DEBUG without CONFIG_PRINTK
(bsc#1012628).
- rtw88: fix RX clock gate setting while fifo dump (bsc#1012628).
- brcmfmac: Add DMI nvram filename quirk for Cyberbook T116 tablet
(bsc#1012628).
- media: rcar-csi2: Add checking to rcsi2_start_receiver()
(bsc#1012628).
- ipmi: Disable some operations during a panic (bsc#1012628).
- fs/proc/uptime.c: Fix idle time reporting in /proc/uptime
(bsc#1012628).
- kselftests/sched: cleanup the child processes (bsc#1012628).
- ACPICA: Avoid evaluating methods too early during system resume
(bsc#1012628).
- cpufreq: Make policy min/max hard requirements (bsc#1012628).
- ice: Move devlink port to PF/VF struct (bsc#1012628).
- media: imx-jpeg: Fix possible null pointer dereference
(bsc#1012628).
- media: ipu3-imgu: imgu_fmt: Handle properly try (bsc#1012628).
- media: ipu3-imgu: VIDIOC_QUERYCAP: Fix bus_info (bsc#1012628).
- media: usb: dvd-usb: fix uninit-value bug in
dibusb_read_eeprom_byte() (bsc#1012628).
- net-sysfs: try not to restart the syscall if it will fail
eventually (bsc#1012628).
- drm/amdkfd: rm BO resv on validation to avoid deadlock
(bsc#1012628).
- tracefs: Have tracefs directories not set OTH permission bits
by default (bsc#1012628).
- tracing: Disable "other" permission bits in the tracefs files
(bsc#1012628).
- ath: dfs_pattern_detector: Fix possible null-pointer dereference
in channel_detector_create() (bsc#1012628).
- KVM: arm64: Propagate errors from __pkvm_prot_finalize hypercall
(bsc#1012628).
- mmc: moxart: Fix reference count leaks in moxart_probe
(bsc#1012628).
- iov_iter: Fix iov_iter_get_pages{,_alloc} page fault return
value (bsc#1012628).
- ACPI: battery: Accept charges over the design capacity as full
(bsc#1012628).
- ACPI: scan: Release PM resources blocked by unused objects
(bsc#1012628).
- drm/amd/display: fix null pointer deref when plugging in display
(bsc#1012628).
- drm/amdkfd: fix resume error when iommu disabled in Picasso
(bsc#1012628).
- net: phy: micrel: make *-skew-ps check more lenient
(bsc#1012628).
- leaking_addresses: Always print a trailing newline
(bsc#1012628).
- thermal/core: Fix null pointer dereference in thermal_release()
(bsc#1012628).
- drm/msm: prevent NULL dereference in
msm_gpu_crashstate_capture() (bsc#1012628).
- thermal/drivers/tsens: Add timeout to get_temp_tsens_valid
(bsc#1012628).
- block: bump max plugged deferred size from 16 to 32
(bsc#1012628).
- floppy: fix calling platform_device_unregister() on invalid
drives (bsc#1012628).
- md: update superblock after changing rdev flags in state_store
(bsc#1012628).
- memstick: r592: Fix a UAF bug when removing the driver
(bsc#1012628).
- locking/rwsem: Disable preemption for spinning region
(bsc#1012628).
- lib/xz: Avoid overlapping memcpy() with invalid input with
in-place decompression (bsc#1012628).
- lib/xz: Validate the value before assigning it to an enum
variable (bsc#1012628).
- workqueue: make sysfs of unbound kworker cpumask more clever
(bsc#1012628).
- tracing/cfi: Fix cmp_entries_* functions signature mismatch
(bsc#1012628).
- mt76: mt7915: fix an off-by-one bound check (bsc#1012628).
- mwl8k: Fix use-after-free in mwl8k_fw_state_machine()
(bsc#1012628).
- iwlwifi: change all JnP to NO-160 configuration (bsc#1012628).
- block: remove inaccurate requeue check (bsc#1012628).
- media: allegro: ignore interrupt if mailbox is not initialized
(bsc#1012628).
- drm/amdgpu/pm: properly handle sclk for profiling modes on
vangogh (bsc#1012628).
- nvmet: fix use-after-free when a port is removed (bsc#1012628).
- nvmet-rdma: fix use-after-free when a port is removed
(bsc#1012628).
- nvmet-tcp: fix use-after-free when a port is removed
(bsc#1012628).
- nvme: drop scan_lock and always kick requeue list when removing
namespaces (bsc#1012628).
- samples/bpf: Fix application of sizeof to pointer (bsc#1012628).
- arm64: vdso32: suppress error message for 'make mrproper'
(bsc#1012628).
- PM: hibernate: Get block device exclusively in swsusp_check()
(bsc#1012628).
- selftests: kvm: fix mismatched fclose() after popen()
(bsc#1012628).
- selftests/bpf: Fix perf_buffer test on system with offline cpus
(bsc#1012628).
- iwlwifi: mvm: disable RX-diversity in powersave (bsc#1012628).
- smackfs: use __GFP_NOFAIL for smk_cipso_doi() (bsc#1012628).
- ARM: clang: Do not rely on lr register for stacktrace
(bsc#1012628).
- gre/sit: Don't generate link-local addr if addr_gen_mode is
IN6_ADDR_GEN_MODE_NONE (bsc#1012628).
- can: bittiming: can_fixup_bittiming(): change type of tseg1
and alltseg to unsigned int (bsc#1012628).
- gfs2: Cancel remote delete work asynchronously (bsc#1012628).
- gfs2: Fix glock_hash_walk bugs (bsc#1012628).
- ARM: 9136/1: ARMv7-M uses BE-8, not BE-32 (bsc#1012628).
- tools/latency-collector: Use correct size when writing
queue_full_warning (bsc#1012628).
- vrf: run conntrack only in context of lower/physdev for locally
generated packets (bsc#1012628).
- net: annotate data-race in neigh_output() (bsc#1012628).
- ACPI: AC: Quirk GK45 to skip reading _PSR (bsc#1012628).
- ACPI: resources: Add one more Medion model in IRQ override quirk
(bsc#1012628).
- btrfs: reflink: initialize return value to 0 in
btrfs_extent_same() (bsc#1012628).
- btrfs: do not take the uuid_mutex in btrfs_rm_device
(bsc#1012628).
- spi: bcm-qspi: Fix missing clk_disable_unprepare() on error
in bcm_qspi_probe() (bsc#1012628).
- wcn36xx: Correct band/freq reporting on RX (bsc#1012628).
- wcn36xx: Fix packet drop on resume (bsc#1012628).
- Revert "wcn36xx: Enable firmware link monitoring" (bsc#1012628).
- ftrace: do CPU checking after preemption disabled (bsc#1012628).
- inet: remove races in inet{6}_getname() (bsc#1012628).
- x86/hyperv: Protect set_hv_tscchange_cb() against getting
preempted (bsc#1012628).
- drm/amd/display: dcn20_resource_construct reduce scope of FPU
enabled (bsc#1012628).
- selftests/core: fix conflicting types compile error for
close_range() (bsc#1012628).
- perf/x86/intel: Fix ICL/SPR INST_RETIRED.PREC_DIST encodings
(bsc#1012628).
- parisc: fix warning in flush_tlb_all (bsc#1012628).
- task_stack: Fix end_of_stack() for architectures with
upwards-growing stack (bsc#1012628).
- erofs: don't trigger WARN() when decompression fails
(bsc#1012628).
- parisc/unwind: fix unwinder when CONFIG_64BIT is enabled
(bsc#1012628).
- parisc/kgdb: add kgdb_roundup() to make kgdb work with idle
polling (bsc#1012628).
- netfilter: conntrack: set on IPS_ASSURED if flows enters
internal stream state (bsc#1012628).
- selftests/bpf: Fix strobemeta selftest regression (bsc#1012628).
- fbdev/efifb: Release PCI device's runtime PM ref during FB
destroy (bsc#1012628).
- drm/bridge: anx7625: Propagate errors from sp_tx_rst_aux()
(bsc#1012628).
- perf/x86/intel/uncore: Fix Intel SPR CHA event constraints
(bsc#1012628).
- perf/x86/intel/uncore: Fix Intel SPR IIO event constraints
(bsc#1012628).
- perf/x86/intel/uncore: Fix Intel SPR M2PCIE event constraints
(bsc#1012628).
- perf/x86/intel/uncore: Fix Intel SPR M3UPI event constraints
(bsc#1012628).
- drm/bridge: it66121: Initialize {device,vendor}_ids
(bsc#1012628).
- drm/bridge: it66121: Wait for next bridge to be probed
(bsc#1012628).
- Bluetooth: fix init and cleanup of sco_conn.timeout_work
(bsc#1012628).
- libbpf: Don't crash on object files with no symbol tables
(bsc#1012628).
- Bluetooth: hci_uart: fix GPF in h5_recv (bsc#1012628).
- rcu: Fix existing exp request check in
sync_sched_exp_online_cleanup() (bsc#1012628).
- MIPS: lantiq: dma: fix burst length for DEU (bsc#1012628).
- x86/xen: Mark cpu_bringup_and_idle() as dead_end_function
(bsc#1012628).
- objtool: Handle __sanitize_cov*() tail calls (bsc#1012628).
- net/mlx5: Publish and unpublish all devlink parameters at once
(bsc#1012628).
- drm/v3d: fix wait for TMU write combiner flush (bsc#1012628).
- crypto: sm4 - Do not change section of ck and sbox
(bsc#1012628).
- virtio-gpu: fix possible memory allocation failure
(bsc#1012628).
- lockdep: Let lock_is_held_type() detect recursive read as read
(bsc#1012628).
- net: net_namespace: Fix undefined member in key_remove_domain()
(bsc#1012628).
- net: phylink: don't call netif_carrier_off() with NULL netdev
(bsc#1012628).
- drm: bridge: it66121: Fix return value it66121_probe
(bsc#1012628).
- spi: Fixed division by zero warning (bsc#1012628).
- cgroup: Make rebind_subsystems() disable v2 controllers all
at once (bsc#1012628).
- wcn36xx: Fix Antenna Diversity Switching (bsc#1012628).
- wilc1000: fix possible memory leak in cfg_scan_result()
(bsc#1012628).
- Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync
(bsc#1012628).
- drm/amdgpu: Fix crash on device remove/driver unload
(bsc#1012628).
- drm/amd/display: Pass display_pipe_params_st as const in DML
(bsc#1012628).
- drm/amdgpu: move amdgpu_virt_release_full_gpu to fini_early
stage (bsc#1012628).
- crypto: caam - disable pkc for non-E SoCs (bsc#1012628).
- crypto: qat - power up 4xxx device (bsc#1012628).
- Bluetooth: hci_h5: Fix (runtime)suspend issues on RTL8723BS HCIs
(bsc#1012628).
- bnxt_en: Check devlink allocation and registration status
(bsc#1012628).
- qed: Don't ignore devlink allocation failures (bsc#1012628).
- rxrpc: Fix _usecs_to_jiffies() by using usecs_to_jiffies()
(bsc#1012628).
- mptcp: do not shrink snd_nxt when recovering (bsc#1012628).
- fortify: Fix dropped strcpy() compile-time write overflow check
(bsc#1012628).
- mac80211: twt: don't use potentially unaligned pointer
(bsc#1012628).
- cfg80211: always free wiphy specific regdomain (bsc#1012628).
- net/mlx5: Accept devlink user input after driver initialization
complete (bsc#1012628).
- net: dsa: rtl8366rb: Fix off-by-one bug (bsc#1012628).
- net: dsa: rtl8366: Fix a bug in deleting VLANs (bsc#1012628).
- bpf/tests: Fix error in tail call limit tests (bsc#1012628).
- ath11k: fix some sleeping in atomic bugs (bsc#1012628).
- ath11k: Avoid race during regd updates (bsc#1012628).
- ath11k: fix packet drops due to incorrect 6 GHz freq value in
rx status (bsc#1012628).
- ath11k: Fix memory leak in ath11k_qmi_driver_event_work
(bsc#1012628).
- gve: DQO: avoid unused variable warnings (bsc#1012628).
- ath10k: Fix missing frame timestamp for beacon/probe-resp
(bsc#1012628).
- ath10k: sdio: Add missing BH locking around napi_schdule()
(bsc#1012628).
- drm/ttm: stop calling tt_swapin in vm_access (bsc#1012628).
- arm64: mm: update max_pfn after memory hotplug (bsc#1012628).
- drm/amdgpu: fix warning for overflow check (bsc#1012628).
- libbpf: Fix skel_internal.h to set errno on loader retval <
0 (bsc#1012628).
- media: em28xx: add missing em28xx_close_extension (bsc#1012628).
- media: meson-ge2d: Fix rotation parameter changes detection in
'ge2d_s_ctrl()' (bsc#1012628).
- media: cxd2880-spi: Fix a null pointer dereference on error
handling path (bsc#1012628).
- media: ttusb-dec: avoid release of non-acquired mutex
(bsc#1012628).
- media: dvb-usb: fix ununit-value in az6027_rc_query
(bsc#1012628).
- media: imx258: Fix getting clock frequency (bsc#1012628).
- media: v4l2-ioctl: S_CTRL output the right value (bsc#1012628).
- media: mtk-vcodec: venc: fix return value when start_streaming
fails (bsc#1012628).
- media: TDA1997x: handle short reads of hdmi info frame
(bsc#1012628).
- media: mtk-vpu: Fix a resource leak in the error handling path
of 'mtk_vpu_probe()' (bsc#1012628).
- media: imx-jpeg: Fix the error handling path of
'mxc_jpeg_probe()' (bsc#1012628).
- media: i2c: ths8200 needs V4L2_ASYNC (bsc#1012628).
- media: sun6i-csi: Allow the video device to be open multiple
times (bsc#1012628).
- media: radio-wl1273: Avoid card name truncation (bsc#1012628).
- media: si470x: Avoid card name truncation (bsc#1012628).
- media: tm6000: Avoid card name truncation (bsc#1012628).
- media: cx23885: Fix snd_card_free call on null card pointer
(bsc#1012628).
- media: atmel: fix the ispck initialization (bsc#1012628).
- scs: Release kasan vmalloc poison in scs_free process
(bsc#1012628).
- kprobes: Do not use local variable when creating debugfs file
(bsc#1012628).
- crypto: ecc - fix CRYPTO_DEFAULT_RNG dependency (bsc#1012628).
- drm: fb_helper: fix CONFIG_FB dependency (bsc#1012628).
- cpuidle: Fix kobject memory leaks in error paths (bsc#1012628).
- media: em28xx: Don't use ops->suspend if it is NULL
(bsc#1012628).
- ath10k: Don't always treat modem stop events as crashes
(bsc#1012628).
- ath9k: Fix potential interrupt storm on queue reset
(bsc#1012628).
- PM: EM: Fix inefficient states detection (bsc#1012628).
- x86/insn: Use get_unaligned() instead of memcpy() (bsc#1012628).
- EDAC/amd64: Handle three rank interleaving mode (bsc#1012628).
- rcu: Always inline rcu_dynticks_task*_{enter,exit}()
(bsc#1012628).
- rcu: Fix rcu_dynticks_curr_cpu_in_eqs() vs noinstr
(bsc#1012628).
- netfilter: nft_dynset: relax superfluous check on set updates
(bsc#1012628).
- media: venus: fix vpp frequency calculation for decoder
(bsc#1012628).
- media: dvb-frontends: mn88443x: Handle errors of
clk_prepare_enable() (bsc#1012628).
- crypto: ccree - avoid out-of-range warnings from clang
(bsc#1012628).
- crypto: qat - detect PFVF collision after ACK (bsc#1012628).
- crypto: qat - disregard spurious PFVF interrupts (bsc#1012628).
- hwrng: mtk - Force runtime pm ops for sleep ops (bsc#1012628).
- ima: fix deadlock when traversing "ima_default_rules"
(bsc#1012628).
- b43legacy: fix a lower bounds test (bsc#1012628).
- b43: fix a lower bounds test (bsc#1012628).
- gve: Recover from queue stall due to missed IRQ (bsc#1012628).
- gve: Track RX buffer allocation failures (bsc#1012628).
- mmc: sdhci-omap: Fix NULL pointer exception if regulator is
not configured (bsc#1012628).
- mmc: sdhci-omap: Fix context restore (bsc#1012628).
- memstick: avoid out-of-range warning (bsc#1012628).
- memstick: jmb38x_ms: use appropriate free function in
jmb38x_ms_alloc_host() (bsc#1012628).
- net, neigh: Fix NTF_EXT_LEARNED in combination with NTF_USE
(bsc#1012628).
- hwmon: Fix possible memleak in __hwmon_device_register()
(bsc#1012628).
- hwmon: (pmbus/lm25066) Let compiler determine outer dimension
of lm25066_coeff (bsc#1012628).
- ath10k: fix max antenna gain unit (bsc#1012628).
- kernel/sched: Fix sched_fork() access an invalid
sched_task_group (bsc#1012628).
- net: fealnx: fix build for UML (bsc#1012628).
- net: intel: igc_ptp: fix build for UML (bsc#1012628).
- net: tulip: winbond-840: fix build for UML (bsc#1012628).
- tcp: switch orphan_count to bare per-cpu counters (bsc#1012628).
- crypto: octeontx2 - set assoclen in aead_do_fallback()
(bsc#1012628).
- thermal/core: fix a UAF bug in
__thermal_cooling_device_register() (bsc#1012628).
- drm/msm/dsi: do not enable irq handler before powering up the
host (bsc#1012628).
- drm/msm: Fix potential Oops in a6xx_gmu_rpmh_init()
(bsc#1012628).
- drm/msm: potential error pointer dereference in init()
(bsc#1012628).
- drm/msm: unlock on error in get_sched_entity() (bsc#1012628).
- drm/msm: fix potential NULL dereference in cleanup
(bsc#1012628).
- drm/msm: uninitialized variable in msm_gem_import()
(bsc#1012628).
- net: stream: don't purge sk_error_queue in
sk_stream_kill_queues() (bsc#1012628).
- thermal/drivers/qcom/lmh: make QCOM_LMH depends on QCOM_SCM
(bsc#1012628).
- mailbox: Remove WARN_ON for async_cb.cb in cmdq_exec_done
(bsc#1012628).
- media: ivtv: fix build for UML (bsc#1012628).
- media: ir_toy: assignment to be16 should be of correct type
(bsc#1012628).
- mmc: mxs-mmc: disable regulator on error and in the remove
function (bsc#1012628).
- io-wq: Remove duplicate code in io_workqueue_create()
(bsc#1012628).
- block: ataflop: fix breakage introduced at blk-mq refactoring
(bsc#1012628).
- blk-wbt: prevent NULL pointer dereference in wb_timer_fn
(bsc#1012628).
- platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning
(bsc#1012628).
- mailbox: mtk-cmdq: Validate alias_id on probe (bsc#1012628).
- mailbox: mtk-cmdq: Fix local clock ID usage (bsc#1012628).
- ACPI: PM: Turn off unused wakeup power resources (bsc#1012628).
- ACPI: PM: Fix sharing of wakeup power resources (bsc#1012628).
- drm/amdkfd: Fix an inappropriate error handling in allloc
memory of gpu (bsc#1012628).
- mt76: mt7921: fix endianness in mt7921_mcu_tx_done_event
(bsc#1012628).
- mt76: mt7915: fix endianness warning in mt7915_mac_add_txs_skb
(bsc#1012628).
- mt76: mt7921: fix endianness warning in mt7921_update_txs
(bsc#1012628).
- mt76: mt7615: fix endianness warning in mt7615_mac_write_txwi
(bsc#1012628).
- mt76: mt7915: fix info leak in mt7915_mcu_set_pre_cal()
(bsc#1012628).
- mt76: connac: fix mt76_connac_gtk_rekey_tlv usage (bsc#1012628).
- mt76: fix build error implicit enumeration conversion
(bsc#1012628).
- mt76: mt7921: fix survey-dump reporting (bsc#1012628).
- mt76: mt76x02: fix endianness warnings in mt76x02_mac.c
(bsc#1012628).
- mt76: mt7921: Fix out of order process by invalid event pkt
(bsc#1012628).
- mt76: mt7915: fix potential overflow of eeprom page index
(bsc#1012628).
- mt76: mt7915: fix bit fields for HT rate idx (bsc#1012628).
- mt76: mt7921: fix dma hang in rmmod (bsc#1012628).
- mt76: connac: fix GTK rekey offload failure on WPA mixed mode
(bsc#1012628).
- mt76: overwrite default reg_ops if necessary (bsc#1012628).
- mt76: mt7921: report HE MU radiotap (bsc#1012628).
- mt76: mt7921: fix firmware usage of RA info using legacy rates
(bsc#1012628).
- mt76: mt7921: fix kernel warning from cfg80211_calculate_bitrate
(bsc#1012628).
- mt76: mt7921: always wake device if necessary in debugfs
(bsc#1012628).
- mt76: mt7915: fix hwmon temp sensor mem use-after-free
(bsc#1012628).
- mt76: mt7615: fix hwmon temp sensor mem use-after-free
(bsc#1012628).
- mt76: mt7915: fix possible infinite loop release semaphore
(bsc#1012628).
- mt76: mt7921: fix retrying release semaphore without end
(bsc#1012628).
- mt76: mt7615: fix monitor mode tear down crash (bsc#1012628).
- mt76: connac: fix possible NULL pointer dereference in
mt76_connac_get_phy_mode_v2 (bsc#1012628).
- mt76: mt7915: fix sta_rec_wtbl tag len (bsc#1012628).
- mt76: mt7915: fix muar_idx in mt7915_mcu_alloc_sta_req()
(bsc#1012628).
- rsi: stop thread firstly in rsi_91x_init() error handling
(bsc#1012628).
- mwifiex: Send DELBA requests according to spec (bsc#1012628).
- iwlwifi: mvm: reset PM state on unsuccessful resume
(bsc#1012628).
- iwlwifi: pnvm: don't kmemdup() more than we have (bsc#1012628).
- iwlwifi: pnvm: read EFI data only if long enough (bsc#1012628).
- net: enetc: unmap DMA in enetc_send_cmd() (bsc#1012628).
- phy: micrel: ksz8041nl: do not use power down mode
(bsc#1012628).
- nbd: Fix use-after-free in pid_show (bsc#1012628).
- nvme-rdma: fix error code in nvme_rdma_setup_ctrl (bsc#1012628).
- PM: hibernate: fix sparse warnings (bsc#1012628).
- clocksource/drivers/timer-ti-dm: Select TIMER_OF (bsc#1012628).
- x86/sev: Fix stack type check in vc_switch_off_ist()
(bsc#1012628).
- drm/msm: Fix potential NULL dereference in DPU SSPP
(bsc#1012628).
- drm/msm/dsi: fix wrong type in msm_dsi_host (bsc#1012628).
- crypto: tcrypt - fix skcipher multi-buffer tests for 1420B
blocks (bsc#1012628).
- smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi
(bsc#1012628).
- KVM: selftests: Fix nested SVM tests when built with clang
(bsc#1012628).
- libbpf: Fix memory leak in btf__dedup() (bsc#1012628).
- bpftool: Avoid leaking the JSON writer prepared for program
metadata (bsc#1012628).
- libbpf: Fix overflow in BTF sanity checks (bsc#1012628).
- libbpf: Fix BTF header parsing checks (bsc#1012628).
- mt76: mt7615: mt7622: fix ibss and meshpoint (bsc#1012628).
- s390/gmap: validate VMA in __gmap_zap() (bsc#1012628).
- s390/gmap: don't unconditionally call pte_unmap_unlock()
in __gmap_zap() (bsc#1012628).
- s390/mm: validate VMA in PGSTE manipulation functions
(bsc#1012628).
- s390/mm: fix VMA and page table handling code in storage key
handling functions (bsc#1012628).
- s390/uv: fully validate the VMA before calling follow_page()
(bsc#1012628).
- KVM: s390: pv: avoid double free of sida page (bsc#1012628).
- KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm
(bsc#1012628).
- irq: mips: avoid nested irq_enter() (bsc#1012628).
- net: dsa: avoid refcount warnings when ->port_{fdb,mdb}_del
returns error (bsc#1012628).
- ARM: 9142/1: kasan: work around LPAE build warning
(bsc#1012628).
- ath10k: fix module load regression with iram-recovery feature
(bsc#1012628).
- block: ataflop: more blk-mq refactoring fixes (bsc#1012628).
- blk-cgroup: synchronize blkg creation against policy
deactivation (bsc#1012628).
- libbpf: Fix off-by-one bug in bpf_core_apply_relo()
(bsc#1012628).
- tpm: fix Atmel TPM crash caused by too frequent queries
(bsc#1012628).
- tpm_tis_spi: Add missing SPI ID (bsc#1012628).
- libbpf: Fix endianness detection in
BPF_CORE_READ_BITFIELD_PROBED() (bsc#1012628).
- tcp: don't free a FIN sk_buff in tcp_remove_empty_skb()
(bsc#1012628).
- tracing: Fix missing trace_boot_init_histograms kstrdup NULL
checks (bsc#1012628).
- cpufreq: intel_pstate: Fix cpu->pstate.turbo_freq initialization
(bsc#1012628).
- spi: spi-rpc-if: Check return value of rpcif_sw_init()
(bsc#1012628).
- samples/kretprobes: Fix return value if register_kretprobe()
failed (bsc#1012628).
- KVM: s390: Fix handle_sske page fault handling (bsc#1012628).
- libertas_tf: Fix possible memory leak in probe and disconnect
(bsc#1012628).
- libertas: Fix possible memory leak in probe and disconnect
(bsc#1012628).
- wcn36xx: add proper DMA memory barriers in rx path
(bsc#1012628).
- wcn36xx: Fix discarded frames due to wrong sequence number
(bsc#1012628).
- bpf: Avoid races in __bpf_prog_run() for 32bit arches
(bsc#1012628).
- bpf: Fixes possible race in update_prog_stats() for 32bit arches
(bsc#1012628).
- wcn36xx: Channel list update before hardware scan (bsc#1012628).
- drm/amdgpu: fix a potential memory leak in
amdgpu_device_fini_sw() (bsc#1012628).
- drm/amdgpu/gmc6: fix DMA mask from 44 to 40 bits (bsc#1012628).
- selftests/bpf: Fix fd cleanup in sk_lookup test (bsc#1012628).
- selftests/bpf: Fix memory leak in test_ima (bsc#1012628).
- sctp: allow IP fragmentation when PLPMTUD enters Error state
(bsc#1012628).
- sctp: reset probe_timer in sctp_transport_pl_update
(bsc#1012628).
- sctp: subtract sctphdr len in sctp_transport_pl_hlen
(bsc#1012628).
- sctp: return true only for pathmtu update in
sctp_transport_pl_toobig (bsc#1012628).
- net: amd-xgbe: Toggle PLL settings during rate change
(bsc#1012628).
- ipmi: kcs_bmc: Fix a memory leak in the error handling path of
'kcs_bmc_serio_add_device()' (bsc#1012628).
- nfp: fix NULL pointer access when scheduling dim work
(bsc#1012628).
- nfp: fix potential deadlock when canceling dim work
(bsc#1012628).
- net: phylink: avoid mvneta warning when setting pause parameters
(bsc#1012628).
- net: bridge: fix uninitialized variables when BRIDGE_CFM is
disabled (bsc#1012628).
- selftests: net: bridge: update IGMP/MLD membership interval
value (bsc#1012628).
- crypto: pcrypt - Delay write to padata->info (bsc#1012628).
- selftests/bpf: Fix fclose/pclose mismatch in test_progs
(bsc#1012628).
- udp6: allow SO_MARK ctrl msg to affect routing (bsc#1012628).
- ibmvnic: don't stop queue in xmit (bsc#1012628).
- ibmvnic: Process crqs after enabling interrupts (bsc#1012628).
- ibmvnic: delay complete() (bsc#1012628).
- selftests: mptcp: fix proto type in link_failure tests
(bsc#1012628).
- skmsg: Lose offset info in sk_psock_skb_ingress (bsc#1012628).
- cgroup: Fix rootcg cpu.stat guest double counting (bsc#1012628).
- bpf: Fix propagation of bounds from 64-bit min/max into 32-bit
and var_off (bsc#1012628).
- bpf: Fix propagation of signed bounds from 64-bit min/max into
32-bit (bsc#1012628).
- of: unittest: fix EXPECT text for gpio hog errors (bsc#1012628).
- cpufreq: Fix parameter in parse_perf_domain() (bsc#1012628).
- staging: r8188eu: fix memory leak in rtw_set_key (bsc#1012628).
- arm64: dts: meson: sm1: add Ethernet PHY reset line for
ODROID-C4/HC4 (bsc#1012628).
- iio: st_sensors: disable regulators after device unregistration
(bsc#1012628).
- RDMA/rxe: Fix wrong port_cap_flags (bsc#1012628).
- ARM: dts: BCM5301X: Fix memory nodes names (bsc#1012628).
- arm64: dts: broadcom: bcm4908: Fix UART clock name
(bsc#1012628).
- clk: mvebu: ap-cpu-clk: Fix a memory leak in error handling
paths (bsc#1012628).
- scsi: pm80xx: Fix lockup in outbound queue management
(bsc#1012628).
- scsi: qla2xxx: edif: Use link event to wake up app
(bsc#1012628).
- scsi: lpfc: Fix NVMe I/O failover to non-optimized path
(bsc#1012628).
- ARM: s3c: irq-s3c24xx: Fix return value check for
s3c24xx_init_intc() (bsc#1012628).
- arm64: dts: rockchip: Fix GPU register width for RK3328
(bsc#1012628).
- ARM: dts: qcom: msm8974: Add xo_board reference clock to DSI0
PHY (bsc#1012628).
- RDMA/bnxt_re: Fix query SRQ failure (bsc#1012628).
- arm64: dts: ti: k3-j721e-main: Fix "max-virtual-functions"
in PCIe EP nodes (bsc#1012628).
- arm64: dts: ti: k3-j721e-main: Fix "bus-range" upto 256 bus
number for PCIe (bsc#1012628).
- arm64: dts: ti: j7200-main: Fix "vendor-id"/"device-id"
properties of pcie node (bsc#1012628).
- arm64: dts: ti: j7200-main: Fix "bus-range" upto 256 bus number
for PCIe (bsc#1012628).
- arm64: dts: meson-g12a: Fix the pwm regulator supply properties
(bsc#1012628).
- arm64: dts: meson-g12b: Fix the pwm regulator supply properties
(bsc#1012628).
- arm64: dts: meson-sm1: Fix the pwm regulator supply properties
(bsc#1012628).
- bus: ti-sysc: Fix timekeeping_suspended warning on resume
(bsc#1012628).
- ARM: dts: at91: tse850: the emac<->phy interface is rmii
(bsc#1012628).
- arm64: dts: qcom: sc7180: Base dynamic CPU power coefficients
in reality (bsc#1012628).
- soc: qcom: llcc: Disable MMUHWT retention (bsc#1012628).
- arm64: dts: qcom: sc7280: fix display port phy reg property
(bsc#1012628).
- scsi: dc395: Fix error case unwinding (bsc#1012628).
- MIPS: loongson64: make CPU_LOONGSON64 depends on MIPS_FP_SUPPORT
(bsc#1012628).
- JFS: fix memleak in jfs_mount (bsc#1012628).
- pinctrl: renesas: rzg2l: Fix missing port register 21h
(bsc#1012628).
- ASoC: wcd9335: Use correct version to initialize Class H
(bsc#1012628).
- arm64: dts: qcom: msm8916: Fix Secondary MI2S bit clock
(bsc#1012628).
- arm64: dts: renesas: beacon: Fix Ethernet PHY mode
(bsc#1012628).
- iommu/mediatek: Fix out-of-range warning with clang
(bsc#1012628).
- arm64: dts: qcom: pm8916: Remove wrong reg-names for rtc@6000
(bsc#1012628).
- iommu/dma: Fix sync_sg with swiotlb (bsc#1012628).
- iommu/dma: Fix arch_sync_dma for map (bsc#1012628).
- ALSA: hda: Reduce udelay() at SKL+ position reporting
(bsc#1012628).
- ALSA: hda: Use position buffer for SKL+ again (bsc#1012628).
- ALSA: usb-audio: Fix possible race at sync of urb completions
(bsc#1012628).
- soundwire: debugfs: use controller id and link_id for debugfs
(bsc#1012628).
- power: reset: at91-reset: check properly the return value of
devm_of_iomap (bsc#1012628).
- scsi: ufs: core: Fix ufshcd_probe_hba() prototype to match
the definition (bsc#1012628).
- scsi: ufs: core: Stop clearing UNIT ATTENTIONS (bsc#1012628).
- scsi: megaraid_sas: Fix concurrent access to ISR between IRQ
polling and real interrupt (bsc#1012628).
- scsi: pm80xx: Fix misleading log statement in
pm8001_mpi_get_nvmd_resp() (bsc#1012628).
- driver core: Fix possible memory leak in device_link_add()
(bsc#1012628).
- arm: dts: omap3-gta04a4: accelerometer irq fix (bsc#1012628).
- ASoC: SOF: topology: do not power down primary core during
topology removal (bsc#1012628).
- iio: st_pressure_spi: Add missing entries SPI to device ID table
(bsc#1012628).
- soc/tegra: Fix an error handling path in
tegra_powergate_power_up() (bsc#1012628).
- memory: fsl_ifc: fix leak of irq and nand_irq in
fsl_ifc_ctrl_probe (bsc#1012628).
- clk: at91: check pmc node status before registering syscore ops
(bsc#1012628).
- powerpc/mem: Fix arch/powerpc/mm/mem.c:53:12: error: no previous
prototype for 'create_section_mapping' (bsc#1012628).
- video: fbdev: chipsfb: use memset_io() instead of memset()
(bsc#1012628).
- powerpc: fix unbalanced node refcount in check_kvm_guest()
(bsc#1012628).
- powerpc/paravirt: correct preempt debug splat in
vcpu_is_preempted() (bsc#1012628).
- serial: 8250_dw: Drop wrong use of ACPI_PTR() (bsc#1012628).
- usb: gadget: hid: fix error code in do_config() (bsc#1012628).
- =?UTF-8?q?power:=20supply:=20rt5033=5Fbattery:=20Change?=
=?UTF-8?q?=20voltage=20values=20to=20=C2=B5V?= (bsc#1012628).
- power: supply: max17040: fix null-ptr-deref in max17040_probe()
(bsc#1012628).
- scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn()
(bsc#1012628).
- RDMA/mlx4: Return missed an error if device doesn't support
steering (bsc#1012628).
- usb: musb: select GENERIC_PHY instead of depending on it
(bsc#1012628).
- staging: most: dim2: do not double-register the same device
(bsc#1012628).
- staging: ks7010: select CRYPTO_HASH/CRYPTO_MICHAEL_MIC
(bsc#1012628).
- RDMA/core: Set sgtable nents when using ib_dma_virt_map_sg()
(bsc#1012628).
- dyndbg: make dyndbg a known cli param (bsc#1012628).
- powerpc/perf: Fix cycles/instructions as PM_CYC/PM_INST_CMPL
in power10 (bsc#1012628).
- pinctrl: renesas: checker: Fix off-by-one bug in drive register
check (bsc#1012628).
- ARM: dts: stm32: Reduce DHCOR SPI NOR frequency to 50 MHz
(bsc#1012628).
- ARM: dts: stm32: fix STUSB1600 Type-C irq level on
stm32mp15xx-dkx (bsc#1012628).
- ARM: dts: stm32: fix SAI sub nodes register range (bsc#1012628).
- ARM: dts: stm32: fix AV96 board SAI2 pin muxing on stm32mp15
(bsc#1012628).
- ASoC: cs42l42: Always configure both ASP TX channels
(bsc#1012628).
- ASoC: cs42l42: Correct some register default values
(bsc#1012628).
- ASoC: cs42l42: Defer probe if request_threaded_irq() returns
EPROBE_DEFER (bsc#1012628).
- soc: qcom: rpmhpd: Make power_on actually enable the domain
(bsc#1012628).
- soc: qcom: socinfo: add two missing PMIC IDs (bsc#1012628).
- iio: buffer: Fix double-free in
iio_buffers_alloc_sysfs_and_mask() (bsc#1012628).
- usb: typec: STUSB160X should select REGMAP_I2C (bsc#1012628).
- iio: adis: do not disabe IRQs in 'adis_init()' (bsc#1012628).
- soundwire: bus: stop dereferencing invalid slave pointer
(bsc#1012628).
- scsi: ufs: ufshcd-pltfrm: Fix memory leak due to probe defer
(bsc#1012628).
- scsi: lpfc: Wait for successful restart of SLI3 adapter during
host sg_reset (bsc#1012628).
- serial: imx: fix detach/attach of serial console (bsc#1012628).
- usb: dwc2: drd: fix dwc2_force_mode call in dwc2_ovr_init
(bsc#1012628).
- usb: dwc2: drd: fix dwc2_drd_role_sw_set when clock could be
disabled (bsc#1012628).
- usb: dwc2: drd: reset current session before setting the new
one (bsc#1012628).
- powerpc/booke: Disable STRICT_KERNEL_RWX, DEBUG_PAGEALLOC and
KFENCE (bsc#1012628).
- usb: dwc3: gadget: Skip resizing EP's TX FIFO if already resized
(bsc#1012628).
- firmware: qcom_scm: Fix error retval in
__qcom_scm_is_call_available() (bsc#1012628).
- soc: qcom: rpmhpd: fix sm8350_mxc's peer domain (bsc#1012628).
- soc: qcom: apr: Add of_node_put() before return (bsc#1012628).
- arm64: dts: qcom: pmi8994: Fix "eternal"->"external" typo in
WLED node (bsc#1012628).
- arm64: dts: qcom: sdm845: Use RPMH_CE_CLK macro directly
(bsc#1012628).
- arm64: dts: qcom: sdm845: Fix Qualcomm crypto engine bus clock
(bsc#1012628).
- pinctrl: equilibrium: Fix function addition in multiple groups
(bsc#1012628).
- ASoC: topology: Fix stub for snd_soc_tplg_component_remove()
(bsc#1012628).
- phy: qcom-qusb2: Fix a memory leak on probe (bsc#1012628).
- phy: ti: gmii-sel: check of_get_address() for failure
(bsc#1012628).
- phy: qcom-qmp: another fix for the sc8180x PCIe definition
(bsc#1012628).
- phy: qcom-snps: Correct the FSEL_MASK (bsc#1012628).
- phy: Sparx5 Eth SerDes: Fix return value check in
sparx5_serdes_probe() (bsc#1012628).
- serial: xilinx_uartps: Fix race condition causing stuck TX
(bsc#1012628).
- clk: at91: sam9x60-pll: use DIV_ROUND_CLOSEST_ULL (bsc#1012628).
- clk: at91: clk-master: check if div or pres is zero
(bsc#1012628).
- clk: at91: clk-master: fix prescaler logic (bsc#1012628).
- HID: u2fzero: clarify error check and length calculations
(bsc#1012628).
- HID: u2fzero: properly handle timeouts in usb_submit_urb
(bsc#1012628).
- powerpc/nohash: Fix __ptep_set_access_flags() and
ptep_set_wrprotect() (bsc#1012628).
- powerpc/book3e: Fix set_memory_x() and set_memory_nx()
(bsc#1012628).
- powerpc/44x/fsp2: add missing of_node_put (bsc#1012628).
- powerpc/xmon: fix task state output (bsc#1012628).
- ALSA: oxfw: fix functional regression for Mackie Onyx 1640i
in v5.14 or later (bsc#1012628).
- iommu/dma: Fix incorrect error return on iommu deferred attach
(bsc#1012628).
- powerpc: Don't provide __kernel_map_pages() without
ARCH_SUPPORTS_DEBUG_PAGEALLOC (bsc#1012628).
- ASoC: cs42l42: Correct configuring of switch inversion from
ts-inv (bsc#1012628).
- RDMA/hns: Fix initial arm_st of CQ (bsc#1012628).
- RDMA/hns: Modify the value of MAX_LP_MSG_LEN to meet hardware
compatibility (bsc#1012628).
- ASoC: rsnd: Fix an error handling path in 'rsnd_node_count()'
(bsc#1012628).
- serial: cpm_uart: Protect udbg definitions by
CONFIG_SERIAL_CPM_CONSOLE (bsc#1012628).
- virtio_ring: check desc == NULL when using indirect with packed
(bsc#1012628).
- vdpa/mlx5: Fix clearing of VIRTIO_NET_F_MAC feature bit
(bsc#1012628).
- mips: cm: Convert to bitfield API to fix out-of-bounds access
(bsc#1012628).
- power: supply: bq27xxx: Fix kernel crash on IRQ handler register
error (bsc#1012628).
- RDMA/core: Require the driver to set the IOVA correctly during
rereg_mr (bsc#1012628).
- apparmor: fix error check (bsc#1012628).
- rpmsg: Fix rpmsg_create_ept return when RPMSG config is not
defined (bsc#1012628).
- mtd: rawnand: intel: Fix potential buffer overflow in probe
(bsc#1012628).
- nfsd: don't alloc under spinlock in rpc_parse_scope_id
(bsc#1012628).
- rtc: ds1302: Add SPI ID table (bsc#1012628).
- rtc: ds1390: Add SPI ID table (bsc#1012628).
- rtc: pcf2123: Add SPI ID table (bsc#1012628).
- remoteproc: imx_rproc: Fix TCM io memory type (bsc#1012628).
- i2c: i801: Use PCI bus rescan mutex to protect P2SB access
(bsc#1012628).
- dmaengine: idxd: move out percpu_ref_exit() to ensure it's
outside submission (bsc#1012628).
- rtc: mcp795: Add SPI ID table (bsc#1012628).
- Input: ariel-pwrbutton - add SPI device ID table (bsc#1012628).
- i2c: mediatek: fixing the incorrect register offset
(bsc#1012628).
- NFS: Default change_attr_type to NFS4_CHANGE_TYPE_IS_UNDEFINED
(bsc#1012628).
- NFS: Don't set NFS_INO_DATA_INVAL_DEFER and NFS_INO_INVALID_DATA
(bsc#1012628).
- NFS: Ignore the directory size when marking for revalidation
(bsc#1012628).
- NFS: Fix dentry verifier races (bsc#1012628).
- pnfs/flexfiles: Fix misplaced barrier in
nfs4_ff_layout_prepare_ds (bsc#1012628).
- drm/bridge/lontium-lt9611uxc: fix provided connector suport
(bsc#1012628).
- drm/plane-helper: fix uninitialized variable reference
(bsc#1012628).
- PCI: aardvark: Don't spam about PIO Response Status
(bsc#1012628).
- PCI: aardvark: Fix preserving PCI_EXP_RTCTL_CRSSVE flag on
emulated bridge (bsc#1012628).
- opp: Fix return in _opp_add_static_v2() (bsc#1012628).
- NFS: Fix deadlocks in nfs_scan_commit_list() (bsc#1012628).
- sparc: Add missing "FORCE" target when using if_changed
(bsc#1012628).
- fs: orangefs: fix error return code of
orangefs_revalidate_lookup() (bsc#1012628).
- Input: st1232 - increase "wait ready" timeout (bsc#1012628).
- drm/bridge: nwl-dsi: Add atomic_get_input_bus_fmts
(bsc#1012628).
- mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare()
(bsc#1012628).
- PCI: uniphier: Serialize INTx masking/unmasking and fix the
bit operation (bsc#1012628).
- mtd: rawnand: arasan: Prevent an unsupported configuration
(bsc#1012628).
- mtd: core: don't remove debugfs directory if device is in use
(bsc#1012628).
- remoteproc: Fix a memory leak in an error handling path in
'rproc_handle_vdev()' (bsc#1012628).
- rtc: rv3032: fix error handling in rv3032_clkout_set_rate()
(bsc#1012628).
- dmaengine: at_xdmac: call at_xdmac_axi_config() on resume path
(bsc#1012628).
- dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro
(bsc#1012628).
- dmaengine: stm32-dma: fix stm32_dma_get_max_width (bsc#1012628).
- NFS: Fix up commit deadlocks (bsc#1012628).
- NFS: Fix an Oops in pnfs_mark_request_commit() (bsc#1012628).
- Fix user namespace leak (bsc#1012628).
- auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty
string (bsc#1012628).
- auxdisplay: ht16k33: Connect backlight to fbdev (bsc#1012628).
- auxdisplay: ht16k33: Fix frame buffer device blanking
(bsc#1012628).
- soc: fsl: dpaa2-console: free buffer before returning from
dpaa2_console_read (bsc#1012628).
- netfilter: nfnetlink_queue: fix OOB when mac header was cleared
(bsc#1012628).
- dmaengine: dmaengine_desc_callback_valid(): Check for
`callback_result` (bsc#1012628).
- dmaengine: tegra210-adma: fix pm runtime unbalance
(bsc#1012628).
- dmanegine: idxd: fix resource free ordering on driver removal
(bsc#1012628).
- dmaengine: idxd: reconfig device after device reset command
(bsc#1012628).
- signal/sh: Use force_sig(SIGKILL) instead of
do_group_exit(SIGKILL) (bsc#1012628).
- m68k: set a default value for MEMORY_RESERVE (bsc#1012628).
- watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT
(bsc#1012628).
- ar7: fix kernel builds for compiler test (bsc#1012628).
- scsi: target: core: Remove from tmr_list during LUN unlink
(bsc#1012628).
- scsi: qla2xxx: Relogin during fabric disturbance (bsc#1012628).
- scsi: qla2xxx: Fix gnl list corruption (bsc#1012628).
- scsi: qla2xxx: Turn off target reset during issue_lip
(bsc#1012628).
- scsi: qla2xxx: edif: Fix app start fail (bsc#1012628).
- scsi: qla2xxx: edif: Fix app start delay (bsc#1012628).
- scsi: qla2xxx: edif: Flush stale events and msgs on session down
(bsc#1012628).
- scsi: qla2xxx: edif: Increase ELS payload (bsc#1012628).
- scsi: qla2xxx: edif: Fix EDIF bsg (bsc#1012628).
- NFSv4: Fix a regression in nfs_set_open_stateid_locked()
(bsc#1012628).
- dmaengine: idxd: fix resource leak on dmaengine driver disable
(bsc#1012628).
- i2c: xlr: Fix a resource leak in the error handling path of
'xlr_i2c_probe()' (bsc#1012628).
- gpio: realtek-otto: fix GPIO line IRQ offset (bsc#1012628).
- xen-pciback: Fix return in pm_ctrl_init() (bsc#1012628).
- nbd: fix max value for 'first_minor' (bsc#1012628).
- nbd: fix possible overflow for 'first_minor' in nbd_dev_add()
(bsc#1012628).
- io-wq: fix max-workers not correctly set on multi-node system
(bsc#1012628).
- net: davinci_emac: Fix interrupt pacing disable (bsc#1012628).
- kselftests/net: add missed icmp.sh test to Makefile
(bsc#1012628).
- kselftests/net: add missed setup_loopback.sh/setup_veth.sh to
Makefile (bsc#1012628).
- kselftests/net: add missed SRv6 tests (bsc#1012628).
- kselftests/net: add missed vrf_strict_mode_test.sh test to
Makefile (bsc#1012628).
- kselftests/net: add missed toeplitz.sh/toeplitz_client.sh to
Makefile (bsc#1012628).
- ethtool: fix ethtool msg len calculation for pause stats
(bsc#1012628).
- openrisc: fix SMP tlb flush NULL pointer dereference
(bsc#1012628).
- net: vlan: fix a UAF in vlan_dev_real_dev() (bsc#1012628).
- net: dsa: felix: fix broken VLAN-tagged PTP under VLAN-aware
bridge (bsc#1012628).
- ice: Fix replacing VF hardware MAC to existing MAC filter
(bsc#1012628).
- ice: Fix not stopping Tx queues for VFs (bsc#1012628).
- kdb: Adopt scheduler's task classification (bsc#1012628).
- ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses
(bsc#1012628).
- PCI: j721e: Fix j721e_pcie_probe() error path (bsc#1012628).
- nvdimm/btt: do not call del_gendisk() if not needed
(bsc#1012628).
- scsi: bsg: Fix errno when scsi_bsg_register_queue() fails
(bsc#1012628).
- scsi: ufs: ufshpb: Use proper power management API
(bsc#1012628).
- scsi: ufs: core: Fix NULL pointer dereference (bsc#1012628).
- scsi: ufs: ufshpb: Properly handle max-single-cmd (bsc#1012628).
- selftests: net: properly support IPv6 in GSO GRE test
(bsc#1012628).
- drm/nouveau/svm: Fix refcount leak bug and missing check
against null bug (bsc#1012628).
- nvdimm/pmem: cleanup the disk if pmem_release_disk() is yet
assigned (bsc#1012628).
- block/ataflop: use the blk_cleanup_disk() helper (bsc#1012628).
- block/ataflop: add registration bool before calling
del_gendisk() (bsc#1012628).
- block/ataflop: provide a helper for cleanup up an atari disk
(bsc#1012628).
- ataflop: remove ataflop_probe_lock mutex (bsc#1012628).
- PCI: Do not enable AtomicOps on VFs (bsc#1012628).
- cpufreq: intel_pstate: Clear HWP desired on suspend/shutdown
and offline (bsc#1012628).
- net: phy: fix duplex out of sync problem while changing settings
(bsc#1012628).
- block: fix device_add_disk() kobject_create_and_add() error
handling (bsc#1012628).
- drm/ttm: remove ttm_bo_vm_insert_huge() (bsc#1012628).
- bonding: Fix a use-after-free problem when
bond_sysfs_slave_add() failed (bsc#1012628).
- octeontx2-pf: select CONFIG_NET_DEVLINK (bsc#1012628).
- ALSA: memalloc: Catch call with NULL snd_dma_buffer pointer
(bsc#1012628).
- mfd: core: Add missing of_node_put for loop iteration
(bsc#1012628).
- mfd: cpcap: Add SPI device ID table (bsc#1012628).
- mfd: sprd: Add SPI device ID table (bsc#1012628).
- mfd: altera-sysmgr: Fix a mistake caused by resource_size
conversion (bsc#1012628).
- ACPI: PM: Fix device wakeup power reference counting error
(bsc#1012628).
- libbpf: Fix lookup_and_delete_elem_flags error reporting
(bsc#1012628).
- selftests/bpf/xdp_redirect_multi: Put the logs to tmp folder
(bsc#1012628).
- selftests/bpf/xdp_redirect_multi: Use arping to accurate the
arp number (bsc#1012628).
- selftests/bpf/xdp_redirect_multi: Give tcpdump a chance to
terminate cleanly (bsc#1012628).
- selftests/bpf/xdp_redirect_multi: Limit the tests in netns
(bsc#1012628).
- drm: fb_helper: improve CONFIG_FB dependency (bsc#1012628).
- Revert "drm/imx: Annotate dma-fence critical section in commit
path" (bsc#1012628).
- drm/amdgpu/powerplay: fix sysfs_emit/sysfs_emit_at handling
(bsc#1012628).
- can: etas_es58x: es58x_rx_err_msg(): fix memory leak in error
path (bsc#1012628).
- can: mcp251xfd: mcp251xfd_chip_start(): fix error handling
for mcp251xfd_chip_rx_int_enable() (bsc#1012628).
- mm/zsmalloc.c: close race window between zs_pool_dec_isolated()
and zs_unregister_migration() (bsc#1012628).
- zram: off by one in read_block_state() (bsc#1012628).
- perf bpf: Add missing free to bpf_event__print_bpf_prog_info()
(bsc#1012628).
- llc: fix out-of-bound array index in llc_sk_dev_hash()
(bsc#1012628).
- nfc: pn533: Fix double free when pn533_fill_fragment_skbs()
fails (bsc#1012628).
- litex_liteeth: Fix a double free in the remove function
(bsc#1012628).
- arm64: arm64_ftr_reg->name may not be a human-readable string
(bsc#1012628).
- arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline
functions (bsc#1012628).
- bpf, sockmap: Remove unhash handler for BPF sockmap usage
(bsc#1012628).
- bpf, sockmap: Fix race in ingress receive verdict with redirect
to self (bsc#1012628).
- bpf: sockmap, strparser, and tls are reusing qdisc_skb_cb and
colliding (bsc#1012628).
- bpf, sockmap: sk_skb data_end access incorrect when src_reg =
dst_reg (bsc#1012628).
- dmaengine: stm32-dma: fix burst in case of unaligned memory
address (bsc#1012628).
- dmaengine: stm32-dma: avoid 64-bit division in
stm32_dma_get_max_width (bsc#1012628).
- gve: Fix off by one in gve_tx_timeout() (bsc#1012628).
- drm/i915/fb: Fix rounding error in subsampled plane size
calculation (bsc#1012628).
- init: make unknown command line param message clearer
(bsc#1012628).
- seq_file: fix passing wrong private data (bsc#1012628).
- drm/amdgpu: fix uvd crash on Polaris12 during driver unloading
(bsc#1012628).
- net: dsa: mv88e6xxx: Don't support >1G speeds on 6191X on
ports other than 10 (bsc#1012628).
- net/sched: sch_taprio: fix undefined behavior in
ktime_mono_to_any (bsc#1012628).
- net: hns3: fix ROCE base interrupt vector initialization bug
(bsc#1012628).
- net: hns3: fix pfc packet number incorrect after querying pfc
parameters (bsc#1012628).
- net: hns3: fix kernel crash when unload VF while it is being
reset (bsc#1012628).
- net: hns3: allow configure ETS bandwidth of all TCs
(bsc#1012628).
- net: stmmac: allow a tc-taprio base-time of zero (bsc#1012628).
- net: ethernet: ti: cpsw_ale: Fix access to un-initialized memory
(bsc#1012628).
- net: marvell: mvpp2: Fix wrong SerDes reconfiguration order
(bsc#1012628).
- vsock: prevent unnecessary refcnt inc for nonblocking connect
(bsc#1012628).
- net/smc: fix sk_refcnt underflow on linkdown and fallback
(bsc#1012628).
- cxgb4: fix eeprom len when diagnostics not implemented
(bsc#1012628).
- selftests/net: udpgso_bench_rx: fix port argument (bsc#1012628).
- thermal: int340x: fix build on 32-bit targets (bsc#1012628).
- smb3: do not error on fsync when readonly (bsc#1012628).
- ARM: 9155/1: fix early early_iounmap() (bsc#1012628).
- ARM: 9156/1: drop cc-option fallbacks for architecture selection
(bsc#1012628).
- parisc: Fix backtrace to always include init funtion names
(bsc#1012628).
- parisc: Flush kernel data mapping in set_pte_at() when
installing pte for user page (bsc#1012628).
- MIPS: fix duplicated slashes for Platform file path
(bsc#1012628).
- MIPS: fix *-pkg builds for loongson2ef platform (bsc#1012628).
- MIPS: Fix assembly error from MIPSr2 code used within
MIPS_ISA_ARCH_LEVEL (bsc#1012628).
- x86/mce: Add errata workaround for Skylake SKX37 (bsc#1012628).
- PCI/MSI: Move non-mask check back into low level accessors
(bsc#1012628).
- PCI/MSI: Destroy sysfs before freeing entries (bsc#1012628).
- KVM: x86: move guest_pv_has out of user_access section
(bsc#1012628).
- posix-cpu-timers: Clear task::posix_cputimers_work in
copy_process() (bsc#1012628).
- irqchip/sifive-plic: Fixup EOI failed when masked (bsc#1012628).
- f2fs: should use GFP_NOFS for directory inodes (bsc#1012628).
- f2fs: include non-compressed blocks in compr_written_block
(bsc#1012628).
- f2fs: fix UAF in f2fs_available_free_memory (bsc#1012628).
- ceph: fix mdsmap decode when there are MDS's beyond max_mds
(bsc#1012628).
- erofs: fix unsafe pagevec reuse of hooked pclusters
(bsc#1012628).
- drm/i915/guc: Fix blocked context accounting (bsc#1012628).
- block: Hold invalidate_lock in BLKDISCARD ioctl (bsc#1012628).
- block: Hold invalidate_lock in BLKZEROOUT ioctl (bsc#1012628).
- block: Hold invalidate_lock in BLKRESETZONE ioctl (bsc#1012628).
- ksmbd: Fix buffer length check in
fsctl_validate_negotiate_info() (bsc#1012628).
- ksmbd: don't need 8byte alignment for request length in
ksmbd_check_message (bsc#1012628).
- dmaengine: ti: k3-udma: Set bchan to NULL if a channel request
fail (bsc#1012628).
- dmaengine: ti: k3-udma: Set r/tchan or rflow to NULL if request
fail (bsc#1012628).
- dmaengine: bestcomm: fix system boot lockups (bsc#1012628).
- net, neigh: Enable state migration between NUD_PERMANENT and
NTF_USE (bsc#1012628).
- 9p/net: fix missing error check in p9_check_errors
(bsc#1012628).
- mm/filemap.c: remove bogus VM_BUG_ON (bsc#1012628).
- memcg: prohibit unconditional exceeding the limit of dying tasks
(bsc#1012628).
- mm, oom: pagefault_out_of_memory: don't force global OOM for
dying tasks (bsc#1012628).
- mm, oom: do not trigger out_of_memory from the #PF
(bsc#1012628).
- mm, thp: lock filemap when truncating page cache (bsc#1012628).
- mm, thp: fix incorrect unmap behavior for private pages
(bsc#1012628).
- mfd: dln2: Add cell for initializing DLN2 ADC (bsc#1012628).
- video: backlight: Drop maximum brightness override for
brightness zero (bsc#1012628).
- bcache: fix use-after-free problem in bcache_device_free()
(bsc#1012628).
- bcache: Revert "bcache: use bvec_virt" (bsc#1012628).
- PM: sleep: Avoid calling put_device() under dpm_list_mtx
(bsc#1012628).
- s390/cpumf: cpum_cf PMU displays invalid value after hotplug
remove (bsc#1012628).
- s390/cio: check the subchannel validity for dev_busid
(bsc#1012628).
- s390/tape: fix timer initialization in tape_std_assign()
(bsc#1012628).
- s390/ap: Fix hanging ioctl caused by orphaned replies
(bsc#1012628).
- s390/cio: make ccw_device_dma_* more robust (bsc#1012628).
- remoteproc: elf_loader: Fix loading segment when is_iomem true
(bsc#1012628).
- remoteproc: Fix the wrong default value of is_iomem
(bsc#1012628).
- remoteproc: imx_rproc: Fix ignoring mapping vdev regions
(bsc#1012628).
- remoteproc: imx_rproc: Fix rsc-table name (bsc#1012628).
- mtd: rawnand: fsmc: Fix use of SM ORDER (bsc#1012628).
- mtd: rawnand: ams-delta: Keep the driver compatible with on-die
ECC engines (bsc#1012628).
- mtd: rawnand: xway: Keep the driver compatible with on-die
ECC engines (bsc#1012628).
- mtd: rawnand: mpc5121: Keep the driver compatible with on-die
ECC engines (bsc#1012628).
- mtd: rawnand: gpio: Keep the driver compatible with on-die
ECC engines (bsc#1012628).
- mtd: rawnand: pasemi: Keep the driver compatible with on-die
ECC engines (bsc#1012628).
- mtd: rawnand: orion: Keep the driver compatible with on-die
ECC engines (bsc#1012628).
- mtd: rawnand: plat_nand: Keep the driver compatible with on-die
ECC engines (bsc#1012628).
- mtd: rawnand: au1550nd: Keep the driver compatible with on-die
ECC engines (bsc#1012628).
- powerpc/vas: Fix potential NULL pointer dereference
(bsc#1012628).
- powerpc/bpf: Fix write protecting JIT code (bsc#1012628).
- powerpc/32e: Ignore ESR in instruction storage interrupt handler
(bsc#1012628).
- powerpc/powernv/prd: Unregister OPAL_MSG_PRD2 notifier during
module unload (bsc#1012628).
- powerpc/security: Use a mutex for interrupt exit code patching
(bsc#1012628).
- powerpc/64s/interrupt: Fix check_return_regs_valid() false
positive (bsc#1012628).
- powerpc/pseries/mobility: ignore ibm, platform-facilities
updates (bsc#1012628).
- powerpc/85xx: fix timebase sync issue when CONFIG_HOTPLUG_CPU=n
(bsc#1012628).
- drm/sun4i: Fix macros in sun8i_csc.h (bsc#1012628).
- PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros (bsc#1012628).
- PCI: aardvark: Fix PCIe Max Payload Size setting (bsc#1012628).
- SUNRPC: Partial revert of commit 6f9f17287e78 (bsc#1012628).
- drm/amd/display: Look at firmware version to determine using
dmub on dcn21 (bsc#1012628).
- media: vidtv: move kfree(dvb) to vidtv_bridge_dev_release()
(bsc#1012628).
- cifs: fix memory leak of smb3_fs_context_dup::server_hostname
(bsc#1012628).
- ath10k: fix invalid dma_addr_t token assignment (bsc#1012628).
- mmc: moxart: Fix null pointer dereference on pointer host
(bsc#1012628).
- selftests/x86/iopl: Adjust to the faked iopl CLI/STI usage
(bsc#1012628).
- selftests/bpf: Fix also no-alu32 strobemeta selftest
(bsc#1012628).
- arch/cc: Introduce a function to check for confidential
computing features (bsc#1012628).
- x86/sev: Add an x86 version of cc_platform_has() (bsc#1012628).
- x86/sev: Make the #VC exception stacks part of the default
stacks storage (bsc#1012628).
- media: videobuf2: always set buffer vb2 pointer (bsc#1012628).
- media: videobuf2-dma-sg: Fix buf->vb NULL pointer dereference
(bsc#1012628).
- Update config files.
On armv7hl, set DRM_PANEL_SIMPLE=m to fix link error caused by
9d6366e743f3.
- commit 60fa139
++++ libnftnl:
- Update to release 1.2.1
* expr: add last match time support
* expr: missing netlink attribute in last expression
++++ shadow:
- Fix segfaults in newgrp and pwck
* Add shadow-4.9-newgrp-segfault.patch
https://github.com/shadow-maint/shadow/pull/437
* Add shadow-4.9-pwck-segfault.patch
https://github.com/shadow-maint/shadow/pull/445
++++ makedumpfile:
- Update to 1.7.0
* Zstandard (zstd) compression support
* New -L option to limit output file size
* Support of kernels up to v5.15 (x86_64)
++++ shared-mime-info:
- Add fix-build-meson-0_60.patch: Fix build with meson 0.60 and
newer.
- Add drop-itstool-dep.patch: Drop itstool as it is no longer
needed, upstream was missing this in the patch. Following this:
drop itstool BuildRequires.
++++ vim:
- Updated to version 8.2.3616, fixes the following problems
* Compiler test fails with backslash file separator.
* Break statement is never reached.
* Failure when the "term_rows" argument of term_start() is an unusual value.
* Test for v:colornames sometimes fails. (Dominique Pellé)
* No event is triggered when closing a window.
* Test_hlset fails when terminal has many columns.
* Directory is wrong after executing "lcd" with win_execute().
* Xxd code is a bit difficult to understand.
* Check for signed overflow might not work everywhere.
* Crash when using :pedit in Vim9 script.
* Vim seems to hang when writing a very long text to a terminal window.
* RouterOS filetype is not recognized.
* Not all gdbinit files are recognized.
* Filetype test fails.
* Check for overflow in put count does not work well.
* Python3 test fails with Python 3.10 on MS-Windows.
* Fish filetype not recognized.
* Not all sudoers files are recognized.
* Cannot clear and unlinke a highlight group with hlset() in a single call.
* File missing from list of distributed files.
* GTK3 screen updating is slow.
* Users who type "q:" instead of ":q" are confused.
* Internal error when ModeChanged is triggered when v:event is already
in use.
* Crash when ModeChanged triggered too early.
* Crash when using CTRL-W f without finding a file name.
* Using freed memory with regexp using a mark.
* :find test fails.
* zindex of popup windows not used when redrawing popup menu.
* When re-formatting with an indent expression the first line of a paragraph
may get the wrong indent. (Martin F. Krafft)
* Arglist test does not clear the argument list consistently.
------------------------------------------------------------------
------------------ 2021-11-17 - Nov 17 2021 -------------------
------------------------------------------------------------------
++++ Mesa:
- update to 21.3.0
* Panfrost is now officially GLES 3.1 conformant
* RADV has (experimental) ray tracing support
* Iris gained threaded shader compilation
* Zink has seen an enormous amount of work, and now supports GLES 3.2
* Lavapipe has a bunch of new extensions, and now supports Vulkan 1.2
* LLVMpipe got 2-3 times faster for 2D workloads, and gained support for
the compatibility profile on GL 4.5
* VA-API gained support for AV1 videos
* EGL now works on Windows
* Wayland got a workaround for games making bad assumption (alpha means
transparency? who could have known)
* VK_EXT_color_write_enable on lavapipe
* GL_ARB_texture_filter_anisotropic in llvmpipe
* Anisotropic texture filtering in lavapipe
* VK_EXT_shader_atomic_float2 on Intel and RADV.
* VK_EXT_vertex_input_dynamic_state on RADV.
* VK_KHR_timeline_semaphore on lavapipe
* VK_EXT_external_memory_host on lavapipe
* GL_AMD_pinned_memory on llvmpipe
* GL 4.5 compatibility on llvmpipe
* VK_EXT_primitive_topology_list_restart on RADV and lavapipe.
* ES 3.2 on zink
* VK_KHR_depth_stencil_resolve on lavapipe
* VK_KHR_shader_integer_dot_product on RADV.
* OpenGL FP16 support on llvmpipe
* VK_KHR_shader_float16_int8 on lavapipe
* VK_KHR_shader_subgroup_extended_types on lavapipe
* VK_KHR_spirv_1_4 on lavapipe
* Experimental raytracing support on RADV
* VK_KHR_synchronization2 on Intel
* NGG shader based culling is now enabled by default on GFX10.3 on RADV.
* VK_KHR_maintenance4 on RADV
* VK_KHR_format_feature_flags2 on RADV.
* EGL_EXT_present_opaque on wayland
++++ Mesa-drivers:
- update to 21.3.0
* Panfrost is now officially GLES 3.1 conformant
* RADV has (experimental) ray tracing support
* Iris gained threaded shader compilation
* Zink has seen an enormous amount of work, and now supports GLES 3.2
* Lavapipe has a bunch of new extensions, and now supports Vulkan 1.2
* LLVMpipe got 2-3 times faster for 2D workloads, and gained support for
the compatibility profile on GL 4.5
* VA-API gained support for AV1 videos
* EGL now works on Windows
* Wayland got a workaround for games making bad assumption (alpha means
transparency? who could have known)
* VK_EXT_color_write_enable on lavapipe
* GL_ARB_texture_filter_anisotropic in llvmpipe
* Anisotropic texture filtering in lavapipe
* VK_EXT_shader_atomic_float2 on Intel and RADV.
* VK_EXT_vertex_input_dynamic_state on RADV.
* VK_KHR_timeline_semaphore on lavapipe
* VK_EXT_external_memory_host on lavapipe
* GL_AMD_pinned_memory on llvmpipe
* GL 4.5 compatibility on llvmpipe
* VK_EXT_primitive_topology_list_restart on RADV and lavapipe.
* ES 3.2 on zink
* VK_KHR_depth_stencil_resolve on lavapipe
* VK_KHR_shader_integer_dot_product on RADV.
* OpenGL FP16 support on llvmpipe
* VK_KHR_shader_float16_int8 on lavapipe
* VK_KHR_shader_subgroup_extended_types on lavapipe
* VK_KHR_spirv_1_4 on lavapipe
* Experimental raytracing support on RADV
* VK_KHR_synchronization2 on Intel
* NGG shader based culling is now enabled by default on GFX10.3 on RADV.
* VK_KHR_maintenance4 on RADV
* VK_KHR_format_feature_flags2 on RADV.
* EGL_EXT_present_opaque on wayland
++++ kernel-default:
- Refresh
patches.suse/Input-i8042-Add-deferred-probe-support.patch.
Fix cut & paste error in param description.
- commit 6d1d038
++++ util-linux:
- Update to version 2.37.2:
* No longer uses Groff to maintain man-pages.
* New implementation of hardlink.
* lscpu reimplemented.
* uclampset: new util to manipulate the utilization clamping
attributes of the system or a process.
* hexdump automatically uses -C when called as "hd".
* dmesg supports new command-line options --since and --until.
* findmnt supports new command-line options --shadowed to print
only filesystems over-mounted by another filesystem.
* mount supports --read-only command-line option for non-root
users too.
* umount(8) can umount also all over-mounted filesystems (more
filesystems on the the same mount point) when executed with
- -recursive.
* libfdisk (and fdisk, sfdisk, cfdisk) supports partition type
names on input, ignoring the case of the characters and all
non-alphanumeric and non-digit characters in the name
(e.g. type="Linux /usr x86" is the same as type="linux usr-x86"
for sfdisk).
* libmount no longer contains a workaround to detect inconsistent
/proc/self/mountinfo reads.
* libblkid supports "probing hints" now. The hints are the
optional way how to force probing functions to check for
example another location -- for example specific session on
multi-session UDF. The command blkid(8) supports this
functionality with a new --hint option. The library has been
also extended to support others ISO9660 and UDF identifiers.
* blkzone provides a new "capacity" command.
* cfdisk is possible to start in read-only mode by a new
command-line option --read-only
* lsblk provides new columns FSROOTS, and MOUNTPOINTS. The column
MOUNTPOINTS is used in the default output now and this new
column prints all mount points where the device is used (btrfs
subvolumes, bind mounts, etc).
* losetup uses LOOP_CONFIG ioctl now.
* column supports a new command-line option --table-columns-limit
to specify a maximal number of the input columns. The last
column will contain all remaining line data if the limit is
smaller than the number of the columns in the input data.
* Many other new features and fixes. For the complete list see
https://www.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37-ReleaseNotes
https://www.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.1-ReleaseNotes
https://www.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.2-ReleaseNotes
- Update util-linux-login_defs-check.sh and
login_defs-support-for-util-linux to version 2.37
(new variable LOGIN_KEEP_USERNAME).
++++ libglvnd:
- Disable asm on aarch64 Tumbleweed due to issue with BTI - boo#1188928
++++ libvirt:
- spec: Weaken apparmor-abstractions dependency to Recommends
bsc#1192119
++++ pam:
- Update pam-login_defs-check.sh regexp and
login_defs-support-for-pam symbol to version 1.5.2
(new variable HMAC_CRYPTO_ALGO).
++++ raspberrypi-firmware:
- Add raspberrypi-firmware-config-camera flavor - boo#1192047
- Update to 12bc6e3677 (2021-11-16):
* firmware: dtoverlay: Rebase aliases in overlays like labels
* firmware: isp: Set core/vpu min clock to 320Mhz during ISP operation
* firmware: arm_loader: Enable watchdog early if wanted
See: #1651
* firmware: hello_fft: Update outdated link to V3D spec
* firmware: hello_fft: Remove unused function declaration
See: #1645
See: raspberrypi/userland#710
* firmware: platform: Declare CM4's SIO_1V8_SEL and SD_PWR_ON
See: raspberrypi/Raspberry-Pi-OS-64bit#188
* firmware: platform: Fix incorrect turbo voltage scaling on Pi0
See: raspberrypi/documentation#2255
* firmware: ISP: Fix magenta colour in right hand image of stereo pair
See: https://forums.raspberrypi.com/viewtopic.php?t=321089
* firmware: platform: Remove licence on VP6, VP8, Theora, and FLAC
See: raspberrypi/linux#4661
* firmware: arm_loader: Allow VEC clock to be controlled by arm
* firmware: userland: Reduce debug_sym error messages
See: https://forums.raspberrypi.com/viewtopic.php?f=98&t=322238
* firmware: arm_dt: Increase maximum line length to 98
See: raspberrypi/linux#4638
* firmware: video_decode: i/p port enable/disable without o/p active could stall
See: RPi-Distro/vlc#48
See: Hexxeh/rpi-firmware#272
See: #1637
* firmware: clock-2711: Limit PLLB VCO frequency to the high range
* firmware: arm_dt: Export the boot-mode, partition and usb state via device-tree
See: #1621
++++ raspberrypi-firmware-config:
- Add raspberrypi-firmware-config-camera flavor - boo#1192047
- Update to 12bc6e3677 (2021-11-16):
* firmware: dtoverlay: Rebase aliases in overlays like labels
* firmware: isp: Set core/vpu min clock to 320Mhz during ISP operation
* firmware: arm_loader: Enable watchdog early if wanted
See: #1651
* firmware: hello_fft: Update outdated link to V3D spec
* firmware: hello_fft: Remove unused function declaration
See: #1645
See: raspberrypi/userland#710
* firmware: platform: Declare CM4's SIO_1V8_SEL and SD_PWR_ON
See: raspberrypi/Raspberry-Pi-OS-64bit#188
* firmware: platform: Fix incorrect turbo voltage scaling on Pi0
See: raspberrypi/documentation#2255
* firmware: ISP: Fix magenta colour in right hand image of stereo pair
See: https://forums.raspberrypi.com/viewtopic.php?t=321089
* firmware: platform: Remove licence on VP6, VP8, Theora, and FLAC
See: raspberrypi/linux#4661
* firmware: arm_loader: Allow VEC clock to be controlled by arm
* firmware: userland: Reduce debug_sym error messages
See: https://forums.raspberrypi.com/viewtopic.php?f=98&t=322238
* firmware: arm_dt: Increase maximum line length to 98
See: raspberrypi/linux#4638
* firmware: video_decode: i/p port enable/disable without o/p active could stall
See: RPi-Distro/vlc#48
See: Hexxeh/rpi-firmware#272
See: #1637
* firmware: clock-2711: Limit PLLB VCO frequency to the high range
* firmware: arm_dt: Export the boot-mode, partition and usb state via device-tree
See: #1621
++++ raspberrypi-firmware-config-camera:
- Add raspberrypi-firmware-config-camera flavor - boo#1192047
- Update to 12bc6e3677 (2021-11-16):
* firmware: dtoverlay: Rebase aliases in overlays like labels
* firmware: isp: Set core/vpu min clock to 320Mhz during ISP operation
* firmware: arm_loader: Enable watchdog early if wanted
See: #1651
* firmware: hello_fft: Update outdated link to V3D spec
* firmware: hello_fft: Remove unused function declaration
See: #1645
See: raspberrypi/userland#710
* firmware: platform: Declare CM4's SIO_1V8_SEL and SD_PWR_ON
See: raspberrypi/Raspberry-Pi-OS-64bit#188
* firmware: platform: Fix incorrect turbo voltage scaling on Pi0
See: raspberrypi/documentation#2255
* firmware: ISP: Fix magenta colour in right hand image of stereo pair
See: https://forums.raspberrypi.com/viewtopic.php?t=321089
* firmware: platform: Remove licence on VP6, VP8, Theora, and FLAC
See: raspberrypi/linux#4661
* firmware: arm_loader: Allow VEC clock to be controlled by arm
* firmware: userland: Reduce debug_sym error messages
See: https://forums.raspberrypi.com/viewtopic.php?f=98&t=322238
* firmware: arm_dt: Increase maximum line length to 98
See: raspberrypi/linux#4638
* firmware: video_decode: i/p port enable/disable without o/p active could stall
See: RPi-Distro/vlc#48
See: Hexxeh/rpi-firmware#272
See: #1637
* firmware: clock-2711: Limit PLLB VCO frequency to the high range
* firmware: arm_dt: Export the boot-mode, partition and usb state via device-tree
See: #1621
++++ systemd-rpm-macros:
- Bump version to 14
- Introduce %_systemd_util_dir
It's a backport of upstream commit 3bc66bfa0136e370a8f7b06c3b69a52f5636ef82.
++++ util-linux-systemd:
- Update to version 2.37.2:
* No longer uses Groff to maintain man-pages.
* New implementation of hardlink.
* lscpu reimplemented.
* uclampset: new util to manipulate the utilization clamping
attributes of the system or a process.
* hexdump automatically uses -C when called as "hd".
* dmesg supports new command-line options --since and --until.
* findmnt supports new command-line options --shadowed to print
only filesystems over-mounted by another filesystem.
* mount supports --read-only command-line option for non-root
users too.
* umount(8) can umount also all over-mounted filesystems (more
filesystems on the the same mount point) when executed with
- -recursive.
* libfdisk (and fdisk, sfdisk, cfdisk) supports partition type
names on input, ignoring the case of the characters and all
non-alphanumeric and non-digit characters in the name
(e.g. type="Linux /usr x86" is the same as type="linux usr-x86"
for sfdisk).
* libmount no longer contains a workaround to detect inconsistent
/proc/self/mountinfo reads.
* libblkid supports "probing hints" now. The hints are the
optional way how to force probing functions to check for
example another location -- for example specific session on
multi-session UDF. The command blkid(8) supports this
functionality with a new --hint option. The library has been
also extended to support others ISO9660 and UDF identifiers.
* blkzone provides a new "capacity" command.
* cfdisk is possible to start in read-only mode by a new
command-line option --read-only
* lsblk provides new columns FSROOTS, and MOUNTPOINTS. The column
MOUNTPOINTS is used in the default output now and this new
column prints all mount points where the device is used (btrfs
subvolumes, bind mounts, etc).
* losetup uses LOOP_CONFIG ioctl now.
* column supports a new command-line option --table-columns-limit
to specify a maximal number of the input columns. The last
column will contain all remaining line data if the limit is
smaller than the number of the columns in the input data.
* Many other new features and fixes. For the complete list see
https://www.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37-ReleaseNotes
https://www.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.1-ReleaseNotes
https://www.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.2-ReleaseNotes
- Update util-linux-login_defs-check.sh and
login_defs-support-for-util-linux to version 2.37
(new variable LOGIN_KEEP_USERNAME).
------------------------------------------------------------------
------------------ 2021-11-16 - Nov 16 2021 -------------------
------------------------------------------------------------------
++++ curl:
- Update to 7.80.0:
* Changes:
- CURLOPT_MAXLIFETIME_CONN: maximum allowed lifetime for conn reuse
- CURLOPT_PREREQFUNCTION: add new callback
- libssh2: add SHA256 fingerprint support
- urlapi: add curl_url_strerror()
* Bugfixes:
- aws-sigv4: make signature work when post data is binary
- c-hyper: don't abort CONNECT responses early when auth-in-progress
- c-hyper: make CURLOPT_SUPPRESS_CONNECT_HEADERS work
- cmake: add CURL_ENABLE_SSL option
- cmake: with OpenSSL, define OPENSSL_SUPPRESS_DEPRECATED
- configure.ac: replace krb5-config with pkg-config
- configure: when hyper is selected, deselect nghttp2
- curl-confopts.m4: remove --enable/disable-hidden-symbols
- curl-openssl.m4: modify library order for openssl linking
- curl_ntlm_core: use OpenSSL only if DES is available
- Curl_updateconninfo: store addresses for QUIC connections too
- ftp: make the MKD retry to retry once per directory
- http: fix Basic auth with empty name field in URL
- http: reject HTTP response codes < 100
- http: remove assert that breaks hyper
- http: set content length earlier
- imap: display quota information
- libssh2: Get the version at runtime if possible
- md5: fix compilation with OpenSSL 3.0 API
- ngtcp2: advertise h3 as well as h3-29
- ngtcp2: compile with the latest nghttp3
- ngtcp2: use latest QUIC TLS RFC9001
- NTLM: use DES_set_key_unchecked with OpenSSL
- openssl: if verifypeer is not requested, skip the CA loading
- openssl: with OpenSSL 1.1.0+ a failed RAND_status means goaway
- schannel: fix memory leak due to failed SSL connection
- sendf: accept zero-length data in Curl_client_write()
- sha256: use high-level EVP interface for OpenSSL
- sws: fix memory leak on exit
- tool_operate: a failed etag save now only fails that transfer
- url: check the return value of curl_url()
- url: set "k->size" -1 at start of request
- urlapi: skip a strlen(), pass in zero
- urlapi: URL decode percent-encoded host names
- vtls: Fix a memory leak if an SSL session cannot be added to the cache
- wolfssl: use for SHA256, MD4, MD5, and setting DES odd parity
* Use --with-openssl configure option, --with-ssl is now deprecated
++++ glibc:
- Add ExtraBuildFlags for build flags that cannot be passed to configure.
- Add support for livepatches (JSC #SLE-20049).
- Generate ipa-clones tarball artifact when livepatching is enabled.
++++ kernel-default:
- random: fix crash on multiple early calls to add_bootloader_randomness() (bsc#1184924)
- commit e24ee9e
- ALSA: usb-audio: Fix dB level of Bose Revolve+ SoundLink
(bsc#1192375).
- ALSA: usb-audio: Add minimal-mute notion in dB mapping table
(bsc#1192375).
- ALSA: usb-audio: Use int for dB map values (bsc#1192375).
- ALSA: usb-audio: Fix dB level of Bose Revolve+ SoundLink
(bsc#1192375).
- ALSA: usb-audio: Add minimal-mute notion in dB mapping table
(bsc#1192375).
- ALSA: usb-audio: Use int for dB map values (bsc#1192375).
- commit 7a21313
- rtw89: update partition size of firmware header on skb->data
(bsc#1188303).
- commit 4e4f5f9
- rtw89: update partition size of firmware header on skb->data
(bsc#1188303).
- commit d879057
- kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740).
- commit a133bf4
- Drop downstream rtw89 fix patch, to be replaced with the upstream fix
- commit 9ba8358
++++ kernel-firmware:
- Update to version 20211115 (git commit f5d519563ac9):
* linux-firmware: Update AMD cpu microcode
* amdgpu: update raven2 firmware from 21.40
* amdgpu: update navi14 firmware from 21.40
* amdgpu: update raven firmware from 21.40
* amdgpu: update navi12 firmware from 21.40
* amdgpu: update navi10 firmware from 21.40
* amdgpu: update vega20 firmware from 21.40
* amdgpu: update vega12 firmware from 21.40
* amdgpu: update vega10 firmware from 21.40
* amdgpu: update picasso firmware from 21.40
* amdgpu: update vangogh firmware from 21.40
* amdgpu: update beige goby firmware from 21.40
* amdgpu: add cyan skillfish firmware from 21.40
* amdgpu: update dimgrey cavefish firmware from 21.40
* amdgpu: update green sardine firmware from 21.40
* amdgpu: update navy flounder firmware from 21.40
* amdgpu: update renoir firmware from 21.40
* amdgpu: update arcturus firmware from 21.40
* amdgpu: update sienna cichlid firmware from 21.40
* rtl_bt: Update RTL8852A BT USB firmware to 0xDBA9_6937
* iwlwifi: add new FWs from core64-96 release
* iwlwifi: update 9000-family firmwares to core64-96
* amdgpu: update VCN firmware for green sardine
* linux-firmware: update frimware for mediatek bluetooth chip (MT7921)
- Update aliases
++++ gmp:
- Add gmp-6.2.1-CVE-2021-43618.patch to fix buffer overflow on
malformed input to mpz_inp_raw. [bsc#1192717, CVE-2021-43618]
++++ ncurses:
- Add ncurses patch 20211115
+ fix memory-leak in delwin for pads (report by Werner Fink, OpenSUSE
[#1192668], cf: 20211106),
++++ python310-core:
- Move rpm-build-python construct to correct place.
++++ shadow:
- Added hardening to systemd service(s) (bsc#1181400). Modified:
* shadow.service
++++ python310:
- Move rpm-build-python construct to correct place.
++++ rsync:
- Added hardening to systemd service(s) (bsc#1181400). Modified:
* rsyncd.service
------------------------------------------------------------------
------------------ 2021-11-15 - Nov 15 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Update to 5.16-rc1
- eliminated 26 patches (13 stable, 13 mainline)
- patches.kernel.org/*
- patches.suse/ALSA-usb-audio-Restrict-rates-for-the-shared-clocks.patch
- patches.suse/Bluetooth-sco-Fix-lock_sock-blockage-by-memcpy_from_.patch
- patches.suse/Input-i8042-Add-quirk-for-Fujitsu-Lifebook-T725.patch
- patches.suse/arm64-dts-rockchip-Disable-CDN-DP-on-Pinebook-Pro.patch
- patches.suse/rtw89-Fix-two-spelling-mistakes-in-debug-messages.patch
- patches.suse/rtw89-Fix-variable-dereferenced-before-check-sta.patch
- patches.suse/rtw89-Remove-redundant-check-of-ret-after-call-to-rt.patch
- patches.suse/rtw89-add-Realtek-802.11ax-driver.patch
- patches.suse/rtw89-fix-error-function-parameter.patch
- patches.suse/rtw89-fix-return-value-check-in-rtw89_cam_send_sec_k.patch
- patches.suse/rtw89-fix-return-value-in-hfc_pub_cfg_chk.patch
- patches.suse/rtw89-remove-duplicate-register-definitions.patch
- patches.suse/rtw89-remove-unneeded-semicolon.patch
- refresh
- patches.suse/kernel-add-product-identifying-information-to-kernel-build.patch
- patches.suse/suse-hv-guest-os-id.patch
- disable ARM architectures (need config update)
- new config options
- General setup
- PREEMPT_DYNAMIC=y
- Processor type and features
- SCHED_CLUSTER=y
- STRICT_SIGALTSTACK_SIZE=n
- Networking support
- NETFILTER_EGRESS=y
- MCTP=y
- File systems
- EROFS_FS_ZIP_LZMA=y
- Library routines
- XZ_DEC_MICROLZMA=y
- Kernel hacking
- DEBUG_PREEMPT=n
- PREEMPT_TRACER=n
- SCSI device support
- SCSI_UFS_HWMON=y
- Network device support
- AMT=m
- NET_VENDOR_ASIX=y
- SPI_AX88796C=m
- SPI_AX88796C_COMPRESSION=y
- ICE_SWITCHDEV=y
- MT7921S=m
- Character devices
- RPMSG_TTY=m
- CEC support
- CEC_GPIO=m
- CEC_PIN_ERROR_INJ=n
- Multimedia support
- VIDEO_HI846=m
- VIDEO_OV13B10=m
- Graphics support
- DRM_DEBUG_MODESET_LOCK=n
- DRM_I915_PXP=y
- Sound card support
- SND_SOC_AMD_VANGOGH_MACH=m
- SND_SOC_AMD_ACP6x=m
- SND_SOC_AMD_ACP_COMMON=m
- SND_SOC_AMD_YC_MACH=m
- SND_AMD_ASOC_RENOIR=m
- SND_SOC_AMD_LEGACY_MACH=m
- SND_SOC_AMD_SOF_MACH=m
- SND_SOC_INTEL_SOF_ES8336_MACH=m
- SND_SOC_CS35L41_SPI=m
- SND_SOC_CS35L41_I2C=m
- SND_SOC_MAX98520=m
- SND_SOC_RT9120=m
- SND_SOC_NAU8821=m
- HID support
- HID_XIAOMI=m
- HID_NINTENDO=m
- NINTENDO_FF=y
- X86 Platform Specific Device Drivers
- NVIDIA_WMI_EC_BACKLIGHT=m
- INTEL_ISHTP_ECLITE=m
- BARCO_P50_GPIO=m
- Industrial I/O support
- ADXL313_I2C=n
- ADXL313_SPI=n
- ADXL355_I2C=n
- ADXL355_SPI=n
- SCD4X=n
- SENSEAIR_SUNRISE_CO2=n
- ADRF6780=n
- MAX31865=m
- Misc devices
- INTEL_MEI_PXP=m
- KEYBOARD_CYPRESS_SF=m
- SENSORS_MAX6620=m
- HT16K33=n
- ALIBABA_ENI_VDPA=m
- MLXREG_LC=m
- OF dependent (i386, ppc64/ppc64le, riscv64)
- SPI_CADENCE_XSPI=m
- DRM_PANEL_EDP=m
- DRM_PANEL_SAMSUNG_S6D27A1=n
- DRM_PANEL_SHARP_LS060T1SX01=n
- i386
SND_AUDIO_GRAPH_CARD2=n
SND_TEST_COMPONENT=m
- ppc64
- IPMI_IPMB=m
- s390x
- COMMAND_LINE_SIZE=4096 (default)
- riscv64
- TIME_NS=y
- VIRTUALIZATION=y
- KVM=m
- SND_AUDIO_GRAPH_CARD2=n
- SND_TEST_COMPONENT=m
- */debug
- DRM_DEBUG_MODESET_LOCK=y
- commit 2e30d30
++++ libX11:
- u_no-longer-crash-in-XVisualIDFromVisual.patch
* no longer crash in XVisualIDFromVisual() [boo#1191517]
++++ ncurses:
- Add ncurses patch 20211113
+ minor clarification to clear.1 (Debian #999437).
+ add xterm+sl-alt, use that in foot+base (report by Jonas Grosse
Sundrup) -TD
+ improve search-path check for pkg-config, for Debian testing which
installs pkg-config with architecture-prefixes.
- Correct offsets of patch ncurses-6.3.dif
++++ systemd:
- Import commit 61c79e68381801428c0bc00a56b9e2e9cfa68373 (merge of v249.6)
bcdeee7b4c virt: Support detection for ARM64 Hyper-V guests (bsc#1186071)
[...]
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/8521f8d22fd44400289fcea03493ebd7f8b1487d...61c79e68381801428c0bc00a56b9e2e9cfa68373
- Drop 0001-Revert-core-Check-unit-start-rate-limiting-earlier.patch
It's part of v249.6.
++++ salt:
- Simplify "transactional_update" module to not use SSH wrapper and allow more flexible execution
- Add "--no-return-event" option to salt-call to prevent sending return event back to master.
- Make "state.highstate" to acts on concurrent flag.
- Fix print regression for yumnotify plugin
- Added:
* refactor-and-improvements-for-transactional-updates-.patch
* fix-the-regression-for-yumnotify-plugin-456.patch
------------------------------------------------------------------
------------------ 2021-11-14 - Nov 14 2021 -------------------
------------------------------------------------------------------
++++ gawk:
- disable racy iolint tests boo#1192521
add gawk-5.1.1-Disable-racy-test-in-test-iolint.awk.patch
++++ python-Jinja2:
- update to 3.0.3
* Fix traceback rewriting internals for Python 3.10 and 3.11. (#1535)
* Fix how the native environment treats leading and trailing spaces
when parsing values on Python 3.10. (PR#1537)
* Improve async performance by avoiding checks for common types. (#1514)
* Revert change to ``hash(Node)`` behavior. Nodes are hashed by id again (#1521)
* ``PackageLoader`` works when the package is a single module file. (#1512)
------------------------------------------------------------------
------------------ 2021-11-13 - Nov 13 2021 -------------------
------------------------------------------------------------------
++++ librsvg:
- Update to version 2.52.4:
+ New features:
- Support the isolation property from the Compositing and
Blending Level 1 specification.
- Support Visual Studio 2022.
+ Bug fixes:
- The opacity and mix-blend-mode properties were not being
applied when an element has a mask.
- Fix panic when an empty group has a pattern fill and filters.
- Fix the tests on Windows; the still only work when Fontconfig
is present.
- Work around a bug in the cairo-rs bindings in the test suite,
that only manifests itself in s/390x due to its calling
convention. See
https://github.com/gtk-rs/gtk-rs-core/issues/335
++++ iproute2:
- update to 5.15:
* lib: bpf_legacy: fix bpffs mount when /sys/fs/bpf exists
* man: devlink-port: fix the devlink port add synopsis
* man: devlink-port: fix pfnum for devlink port add
* iptuntap: fix multi-queue flag display
* mptcp: unbreak JSON endpoint list
* ipneigh: add support to print brief output of neigh cache in
tabular format
* ip/bond: add LACP active support
* ip/tunnel: always print all known attributes
* Add, show, link, remove IOAM namespaces and schemas
* New IOAM6 encap type for routes
* tc/skbmod: Introduce SKBMOD_F_ECN option
* tc/f_flower: fix port range parsing
++++ kernel-default:
- Linux 5.15.2 (bsc#1012628).
- rsi: fix control-message timeout (bsc#1012628).
- media: staging/intel-ipu3: css: Fix wrong size comparison
imgu_css_fw_init (bsc#1012628).
- staging: r8188eu: fix memleak in rtw_wx_set_enc_ext
(bsc#1012628).
- staging: rtl8192u: fix control-message timeouts (bsc#1012628).
- staging: r8712u: fix control-message timeout (bsc#1012628).
- comedi: vmk80xx: fix bulk and interrupt message timeouts
(bsc#1012628).
- comedi: vmk80xx: fix bulk-buffer overflow (bsc#1012628).
- comedi: vmk80xx: fix transfer-buffer overflows (bsc#1012628).
- comedi: ni_usb6501: fix NULL-deref in command paths
(bsc#1012628).
- comedi: dt9812: fix DMA buffers on stack (bsc#1012628).
- isofs: Fix out of bound access for corrupted isofs image
(bsc#1012628).
- staging: rtl8712: fix use-after-free in rtl8712_dl_fw
(bsc#1012628).
- btrfs: fix lzo_decompress_bio() kmap leakage (bsc#1012628).
- kfence: default to dynamic branch instead of static keys mode
(bsc#1012628).
- kfence: always use static branches to guard kfence_alloc()
(bsc#1012628).
- binder: don't detect sender/target during buffer cleanup
(bsc#1012628).
- binder: use cred instead of task for getsecid (bsc#1012628).
- binder: use cred instead of task for selinux checks
(bsc#1012628).
- binder: use euid from cred instead of using task (bsc#1012628).
- Revert "proc/wchan: use printk format instead of
lookup_symbol_name()" (bsc#1012628).
- usb-storage: Add compatibility quirk flags for iODD 2531/2541
(bsc#1012628).
- usb: musb: Balance list entry in musb_gadget_queue
(bsc#1012628).
- usb: gadget: Mark USB_FSL_QE broken on 64-bit (bsc#1012628).
- usb: ehci: handshake CMD_RUN instead of STS_HALT (bsc#1012628).
- Revert "x86/kvm: fix vcpu-id indexed array sizes" (bsc#1012628).
- KVM: x86: avoid warning with -Wbitwise-instead-of-logical
(bsc#1012628).
- commit 26a203b
++++ fribidi:
- update to 1.0.11:
* Updated Unicode tables to version 14.
* Skip isolates in fribidi_get_par_direction().
* Various fuzzing fixes.
* Various build fixes.
++++ podman:
- Update to version 3.4.2:
* Fixed a bug where podman tag could not tag manifest lists (#12046).
* Fixed a bug where built-in volumes specified by images would not be
created correctly under some circumstances.
* Fixed a bug where, when using Podman Machine on OS X, containers in pods
did not have working port forwarding from the host (#12207).
* Fixed a bug where the podman network reload command command on containers
using the slirp4netns network mode and the rootlessport port forwarding
driver would make an unnecessary attempt to restart rootlessport
on containers that did not forward ports.
* Fixed a bug where the podman generate kube command would generate YAML
including some unnecessary (set to default) fields (e.g. empty SELinux and
DNS configuration blocks, and the privileged flag when set to false) (#11995).
* Fixed a bug where the podman pod rm command could, if interrupted at the right moment,
leave a reference to an already-removed infra container behind (#12034).
* Fixed a bug where the podman pod rm command would not remove pods with
more than one container if all containers save for the infra container
were stopped unless --force was specified (#11713).
* Fixed a bug where the --memory flag to podman run and podman create did
not accept a limit of 0 (which should specify unlimited memory) (#12002).
* Fixed a bug where the remote Podman client's podman build command could
attempt to build a Dockerfile in the working directory of the podman
system service instance instead of the Dockerfile specified by the user (#12054).
* Fixed a bug where the podman logs --tail command could function improperly
(printing more output than requested) when the journald log driver was used.
* Fixed a bug where containers run using the slirp4netns network mode with
IPv6 enabled would not have IPv6 connectivity until several seconds after they started (#11062).
* Fixed a bug where some Podman commands could cause an extra dbus-daemon
process to be created (#9727).
* Fixed a bug where rootless Podman would sometimes print warnings
about a failure to move the pause process into a given CGroup (#12065).
* Fixed a bug where the checkpointed field in podman inspect on a container
was not set to false after a container was restored.
* Fixed a bug where the podman system service command would print
overly-verbose logs about request IDs (#12181).
* Fixed a bug where Podman could, when creating a new container without a name
explicitly specified by the user, sometimes use an auto-generated name already
in use by another container if multiple containers were being created in parallel (#11735).
------------------------------------------------------------------
------------------ 2021-11-12 - Nov 12 2021 -------------------
------------------------------------------------------------------
++++ container-selinux:
- Update to version 2.171.0
* Define kubernetes_file_t as a config_type
* Allow containers to be socket activated by user domains and by systemd.
* Allow iptables to use fifo files of a container runtime
* Allow container_runtime create all tmpfs content as container_runtime_tmpfs_t
* Allow containers to create lnk_file on tmpfs_t directories.
++++ health-checker:
- Update to version 1.6
* Adapt rd.retry to also trigger initqueue timeout tasks
[gh#kubic-project/health-checker#11]
* Reboot system and let the GRUB health-checker part try to find
a working initrd if root file system could not be mounted -
instead of ending up in an emergency shell
* Correctly declare Bash scripts as such
++++ llvm15:
- Add FileCheck into the devel package, as is required for testing
Rust (boo#1192629)
++++ wayland:
- Switch to meson buildsystem: Add meson BuildRequires and macros.
- Add generic c_compiler and c++_compiler BuildRequires, needed now
with the meson buildsystem.
- Use ldconfig_scriptlets macro for post(un) handling for
Tumbleweed and newer.
++++ vim:
- fixes boo#1192631
- Updated to version 8.2.3587, fixes the following problems
* Reading uninitialized memory when giving spell suggestions.
* The "gd" and "gD" commands do not update search stats. (Gary Johnson)
* "verbose set efm" reports the location of the :compiler command. (Gary
Johnson)
* Crash when passing float to "term_rows" in the options argument of
term_start(). (Virginia Senioria)
* Command completion test fails.
* Compiler test fails with backslash file separator.
------------------------------------------------------------------
------------------ 2021-11-11 - Nov 11 2021 -------------------
------------------------------------------------------------------
++++ checkpolicy:
- Update to version 3.3
* When reading a binary policy by checkpolicy, do not automatically change the version
to the max policy version supported by libsepol or, if specified, the value given
using the "-c" flag.
* Updated documentation
* Prints the reason why opening a source policy file failed
++++ ebtables:
- Add build dependency on libalternatives
- Run spec-cleaner
++++ elfutils:
- Update to version 0.186:
debuginfod-client: Default $DEBUGINFOD_URLS is computed from drop-in files
etc/debuginfod*.urls rather than hardcoded into the
/etc/profile.d/debuginfod* scripts.
Add $DEBUGINFOD_MAXSIZE and $DEBUGINFOD_MAXTIME settings
for skipping large/slow transfers.
Add $DEBUGINFOD_RETRY for retrying aborted lookups.
debuginfod: Supply extra HTTP response headers, describing archive/file
names that satisfy the requested buildid content.
Support -d :memory: option for in-memory databases.
Protect against loops in federated server configurations.
Add -r option to use -I/-X regexes for grooming stale files.
Protect against wasted CPU from duplicate concurrent requests.
Limit the duration of groom ops roughly to rescan (-t) times.
Add --passive mode for serving from read-only database.
Several other performance improvements & prometheus metrics.
libdw: Support for the NVIDIA Cuda line map extensions.
DW_LNE_NVIDIA_inlined_call and DW_LNE_NVIDIA_set_function_name
are defined in dwarf.h. New functions dwarf_linecontext and
dwarf_linefunctionname
- Remove tests-Allow-an-extra-pthread_kill-frame-in-backtrace.patch
and disable-run-readelf-self-test.patch.
- Remove -flto-partition=none -Wno-error=stack-usage= from _lto_flags
++++ grub2:
- Fix arm64 kernel image not aligned on 64k boundary (bsc#1192522)
* 0001-arm64-Fix-EFI-loader-kernel-image-allocation.patch
* 0002-Arm-check-for-the-PE-magic-for-the-compiled-arch.patch
++++ hwdata:
- Update to version 0.353 (bsc#1192587):
+ Updated pci, usb and vendor ids.
++++ kernel-default:
- Fix problem with missing installkernel on Tumbleweed.
- commit 2ed6686
- config: refresh
- drop PROFILE_ALL_BRANCHES where not available any more
- commit d11f2e4
++++ libeconf:
- Update to version libeconf-0.4.2+git20211111.c7a2c52:
* CMake fixes regarding document installation.
* Fixed different issues while writing string values to file.
* Writing comments to file too.
* Fixed memory leaks.
* Fixed crash while merging values.
++++ open-iscsi:
- Merged latest upstream. Mostly cleanup, but includes a fix for
iscsi-init.service when trying to write to the root volume too
early (bsc#1192568), as well as an upstream fix for possible
deadlock when dealing with sysfs.
++++ openssl-1_1:
- Add support for livepatches (jsc#SLE-20049).
- Generate ipa-clones tarball artifact when livepatching is enabled.
++++ libselinux:
- Update to version 3.3:
* Lots of smaller issues fixed found by fuzzing
++++ libsemanage:
- Update to version 3.3
* Fixed use-after-free in parse_module_store()
* Fixed use_after_free in semanage_direct_write_langext()
++++ libsepol:
- Update to version 3.3
* Dropped CVE-2021-36085.patch, CVE-2021-36086.patch, CVE-2021-36087.patch
are all included
* Lot of smaller fixes identified by fuzzing
++++ libtasn1:
- Update libtasn1.keyring with upstream keys
- libtasn1 4.18.0:
* Improve GTK-DOC manual
* Improve --help and --version for tools with gnulib
* Update gnulib files and various maintenance fixes
- drop libtasn1-rpmlintrc due to no longer being required on TW
++++ libzypp:
- Disable logger in the child after fork (bsc#1192436)
- version 17.28.8 (22)
++++ policycoreutils:
- Update to version 3.3
* Lots of fuzzing fixes
* `fixfiles -C` doesn't exclude /dev and /run anymore
Refreshed get_os_version.patch
++++ libselinux-bindings:
- Update to version 3.3:
* Lots of smaller issues fixed found by fuzzing
++++ python-semanage:
- Update to version 3.3
* Fixed use-after-free in parse_module_store()
* Fixed use_after_free in semanage_direct_write_langext()
++++ selinux-policy:
- Update to version 20211111. Refreshed:
* fix_dbus.patch
* fix_systemd.patch
* fix_authlogin.patch
* fix_auditd.patch
* fix_kernel_sysctl.patch
* fix_networkmanager.patch
* fix_chronyd.patch
* fix_unconfineduser.patch
* fix_unconfined.patch
* fix_firewalld.patch
* fix_init.patch
* fix_xserver.patch
* fix_logging.patch
* fix_hadoop.patch
------------------------------------------------------------------
------------------ 2021-11-10 - Nov 10 2021 -------------------
------------------------------------------------------------------
++++ btrfsprogs:
- Update to 5.15
* mkfs: new defaults!
* no-holes
* free-space-tree
* DUP for metadata unconditionally
* libbtrfsutil: add missing profile defines
* libbtrfs: minimize its impact on the other code, refactor and separate
implementation where needed, cleanup afterwards, reduced header exports
* documentation: introduce sphinx build and RST versions of manual pages,
will become the new format and replace asciidoc
* fixes: warning regarding v1 space cache when only v2 (free space tree) is
enabled
- Update to 5.14.1
* fixes
* zoned mode
* properly detect non-zoned devices in emulation mode
* properly create quota tree
* raid1c3/4 also excluded from unsupported profiles
* use sysfs-based detection of device discard capability, fix mkfs-time trim
for non-standard devices
* mkfs: fix creation of populated filesystem with free space tree
* detect multipath devices (needs libudev)
* replace start: add option -K/--nodiscard, similar to what mkfs or device add has
* dump-tree: print complete root_item
* mkfs: add option --verbose
* sb-mod: better help, no checksum calculation on read-only actions
* subvol show:
* print more information (regarding send and receive)
* print warning if read-write subvolume has received_uuid set
* property set:
* add parameter -f to force changes
* changing ro->rw switch now needs -f if subvolume has received_uuid set,
(see documentation)
* build: optional libudev (on by default)
* other
* remove deprecated support for CREATE_ASYNC bit for subvolume ioctl
* CI updates
* new and updated tests
- Update patch: mkfs-default-features.patch (add stub define for new defaults)
++++ transactional-update:
- Version 3.6.1
- Fix rsyncing /etc into the running system with
- -drop-if-no-change [bsc#1192242]
++++ glib2:
- Stop passing fam=true to meson and drop gamin-devel
BuildRequires, following upstream default. Following this, drop
libgio-fam sub-package.
++++ glibc:
- glibc.rpmlintrc: Update for rpmlint2
++++ ceph:
- Preservation of Bugzilla, Jira and CVE citations from earlier incarnations of
this changes file after double-checking that none of these fixes got lost in
the pacific rebase:
+ bsc#1163764 (--container-init feature cherry-picked to octopus)
+ bsc#1170200 (mgr/dashboard: Fix for CrushMap viewer items getting compressed vertically)
+ bsc#1172926 (mgr/orchestrator: Sort 'ceph orch device ls' by host)
+ bsc#1173079 (mgr/devicehealth: device_health_metrics pool gets created even without any OSDs in the cluster)
+ bsc#1174466 (mon: have 'mon stat' output json as well)
+ bsc#1174526 (mgr/dashboard: allow getting fresh inventory data from the orchestrator)
+ bsc#1174529 (rpm: on SUSE, podman is required for cephadm to work)
+ bsc#1174644 (cephadm: log to file)
+ bsc#1175120 (downstream branding)
+ bsc#1175161 (downstream branding)
+ bsc#1175169 (downstream branding)
+ bsc#1176390 (mgr/dashboard: enable different URL for users of browser to Grafana)
+ bsc#1176451 (Drop patch "rpm: on SUSE, podman is required for cephadm to work")
+ bsc#1176489 (mgr/cephadm: lock multithreaded access to OSDRemovalQueue)
+ bsc#1176499 (mgr/cephadm: fix RemoveUtil.load_from_store())
+ bsc#1176638 (ceph-volume: batch: call the right prepare method)
+ bsc#1176679 (mgr/dashboard: enable different URL for users of browser to Grafana)
+ bsc#1176828 (cephadm: command_unit: call systemctl with verbose=True)
+ bsc#1177078 (mgr/dashboard: Fix bugs in a unit test and i18n translation)
+ bsc#1177151 (python-common: do not skip unavailable devices)
+ bsc#1177319 (--container-init feature cherry-picked to octopus)
+ bsc#1177344 (mgr/dashboard: support Orchestrator and user-defined Ganesha cluster)
+ bsc#1177360 (cephadm: silence "Failed to evict container" log msg)
+ bsc#1177450 (ceph-volume: don't exit before empty report can be printed)
+ bsc#1177643 (Revert "spec: Podman (temporarily) requires apparmor-abstractions on suse")
+ bsc#1177676 (cephadm: allow uid/gid == 0 in copy_tree, copy_files, move_files)
+ bsc#1177843 (CVE-2020-25660)
+ bsc#1177857 (mgr/cephadm: upgrade: fail gracefully, if daemon redeploy fails)
+ bsc#1177933 (cephadm: configure journald as the logdriver)
+ bsc#1178531 (cephadm: set default container_image to registry.suse.com/ses/7/ceph/ceph)
+ bsc#1178837 (rgw: cls/user: set from_index for reset stats calls)
+ bsc#1178860 (mgr/dashboard: Disable TLS 1.0 and 1.1)
+ bsc#1178905 (CVE-2020-25678)
+ bsc#1178932 (cephadm: reference the last local image by digest)
+ bsc#1179016 (rpm: require smartmontools on SUSE)
+ bsc#1179452 (mgr/insights: Test environment requires 'six')
+ bsc#1179526 (rgw: during GC defer, prevent new GC enqueue)
+ bsc#1179569 (cephadm: reference the last local image by digest)
+ bsc#1179802 (CVE-2020-27781)
+ bsc#1179997 (CVE-2020-27839)
+ bsc#1180107 (ceph-volume: pass --filter-for-batch from drive-group subcommand)
+ bsc#1180155 (CVE-2020-27781)
+ bsc#1181291 (mgr/cephadm: alias rgw-nfs -> nfs)
+ bsc#1182766 (cephadm: fix 'inspect' and 'pull')
+ bsc#1183074 (CVE-2021-20288)
+ bsc#1183561 (mgr/cephadm: on ssh connection error, advice chmod 0600)
+ bsc#1183899 (bluestore: fix huge reads/writes at BlueFS)
+ bsc#1184231 (cephadm: Allow to use paths in all <_devices> drivegroup sections)
+ bsc#1184517 (cls/rgw: look for plane entries in non-ascii plain namespace too)
+ bsc#1185246 (rgw: check object locks in multi-object delete)
+ bsc#1185619 (CVE-2021-3524)
+ bsc#1185619 (CVE-2021-3524)
+ bsc#1186020 (CVE-2021-3531)
+ bsc#1186021 (CVE-2021-3509)
+ bsc#1186348 (mgr/zabbix: adapt zabbix_sender default path)
+ bsc#1188979 ("mgr/cephadm: pass --container-init to "cephadm deploy" if specified" and "Revert "cephadm: default container_init to False")
+ bsc#1189173 (downstream branding)
+ jsc#SES-1071 (ceph-volume: major batch refactor - upstream PR#34740)
+ jsc#SES-185 (SES support with cache software)
+ jsc#SES-704 (mgr/snap_schedule)
++++ libxslt:
- Add missing library .so files [bsc#1191771]
++++ swtpm:
- Update to version 0.7.0:
- swtpm:
- Support for linear file storage backend (file://)
- Report 'tpm-1.2' & 'tpm-2.0' in --print-capabilities depending what
libtpms supports
- Add implementation of SWTPM_HMAC using OpenSSL 3.0 APIs
- Wipe keys from stack and heap
- Many other small changes
- Make --daemon not racy
- swtpm_setup:
- Only activate SHA256 PCR bank, not SHA1 bank anymore by default
- Support for linear file storage backend (file://)
- Implement option --create-config-files to create config files
- Use non-deprecated APIs to contruct RSA key (OSSL 3)
- Report stderr as returned by external tool (swtpm-localcal)
- Replace '+' and ',' characters in VMId's to make work with
common name in X509 subject
- Add support for --reconfigure flag to change active PCR banks
- swtpm_localca:
- Created certificates for CAs and TPM that do not expire
- swtpm_cert:
- Allow passing -1 for days to get a non-expiring certificate
- test:
- ASAN-related test changes and skipping of tests if ASAN is used
- Fix tests using tpm2-abrmd by preventing concurrency
- Skip chardev related tests after checking for chardev support
- exit with error code if mktemp fails
- OSSL 3: Make TPM 1.2 test compile; skip IBM TSS 2 test
- build-sys:
- Introduce --enable-sanitizers to configure
- Remove check for pip3 that was used by python swtpm_setup
- Allow passing of aditional CFLAGS during build
------------------------------------------------------------------
------------------ 2021-11-9 - Nov 9 2021 -------------------
------------------------------------------------------------------
++++ apparmor:
- add aa-notify-more-arch-mr809.diff: Add support for reading s390x
and aarch64 wtmp files (boo#1181155)
++++ kernel-default:
- Revert "rpm/config.sh: Compress modules with zstd (jsc#SLE-21256)."
This reverts commit 648b5c7cb84366056aed609528029ae9c75c3d37.
Reported to cause build problems in IBS (boo#1192457).
- commit dcfd611
- Update config files: set CONFIG_FORTIFY_SOURCE=y consistently (bsc#1192476)
- commit 3837451
++++ libapparmor:
- add aa-notify-more-arch-mr809.diff: Add support for reading s390x
and aarch64 wtmp files (boo#1181155)
++++ harfbuzz:
- Update to version 3.1.1:
+ Work around GCC cast-align error/warning on some platforms.
+ Documentation improvements.
- Drop patch fixed upstream:
+ harfbuzz-3.1.0-work-around-GCC-cast-align-error-warning.patch
++++ shadow:
- shadow-util-linux.patch:
* Remove the section patching lib/getdef.c in favor of the
upstream FOREIGNDEFS.
* Add LOGIN_KEEP_USERNAME to login.defs.
* Remove PREVENT_NO_AUTH from login.defs. Only used by the
unpackaged login and su.
- shadow-login_defs-unused-by-pam.patch:
* Remove variables BCRYPT_MIN_ROUNDS, BCRYPT_MAX_ROUNDS,
YESCRYPT_COST_FACTOR, not supported by the current
configuratiton.
- Update login_defs-support-for-pam symbol to version 1.5.2
(support for new variable HMAC_CRYPTO_ALGO).
- Update login_defs-support-for-util-linux to version 2.37
(support for new variable LOGIN_KEEP_USERNAME).
- Refresh shadow-login_defs-comments.patch and
shadow-login_defs-suse.patch.
- Improve shadow-login_defs-check.sh:
* Add helper to import local new version in the parent dir.
* Fix spec editing sed expression.
* Add PREVENT_NO_AUTH to known unused variables.
* Update pam sed expression to find HMAC_CRYPTO_ALGO.
* Add more sanity checks.
++++ patterns-base:
- Add filesystem tools to base for SLE (bsc#1095916)
++++ salt:
- Use dnfnotify instead yumnotify for relevant distros
- dnfnotify pkgset plugin implementation
- Add rpm_vercmp python library support for version comparison
- Prevent pkg plugins errors on missing cookie path (bsc#1186738)
- Added:
* add-rpm_vercmp-python-library-for-version-comparison.patch
* mock-ip_addrs-in-utils-minions.py-unit-test-443.patch
* dnfnotify-pkgset-plugin-implementation-3002.2-450.patch
* fix-traceback.print_exc-calls-for-test_pip_state-432.patch
* prevent-pkg-plugins-errors-on-missing-cookie-path-bs.patch
------------------------------------------------------------------
------------------ 2021-11-8 - Nov 8 2021 -------------------
------------------------------------------------------------------
++++ dbus-1:
- Add CONFIG parameter to %sysusers_generate_pre
++++ kernel-default:
- Update config files (bsc#1192456).
CONFIG_IMA_TRUSTED_KEYRING=y
- commit 2251920
++++ libgcrypt:
- FIPS: Disable 3DES/Triple-DES in FIPS mode [bsc#1185138]
* Add libgcrypt-FIPS-disable-3DES.patch
++++ ncurses:
- Add ncurses patch 20211106
+ improve check in misc/Makefile.in for empty $PKG_CONFIG_LIBDIR
+ modify wnoutrefresh to call pnoutrefresh if its parameter is a pad,
rather than treating it as an error, and modify new_panel to permit
its window-parameter to be a pad (report by Giorgos Xou).
+ fix a memory-leak in del_curterm (prompted by discussion with Bram
Moolenaar, cf: 20210821).
++++ patterns-base:
- Use the correct icon for "A very basic desktop" pattern on Leap
for SLE don't show the pattern at all but require it from
x11 (bsc#1171725)
- Further handling for yast2 patterns split (boo#1159875)
- Handle also SLE specific changes
++++ ovmf:
- Update rpmlintrc (fixes aarch64 build)
++++ suse-module-tools:
- Update to version 16.0.14:
* add udev rules from udev-extra-rules (formerly system-tuning-common-SUSE).
Both packages are now obsoleted by suse-module-tools.
(jsc#SLE-21032)
* 60-io-scheduler.rules: don't use BFQ for real multiqueue devices
(jsc#SLE-21032, bsc#1192161)
* 60-io-scheduler.rules: use "none" for multipath components
(bsc#1192161)
++++ toolbox:
- Don't install config file in /etc in favor of a built-in default. Avoids
empty /etc pulling wrong image.
- Handle Leap Micro (boo#1192474)
------------------------------------------------------------------
------------------ 2021-11-7 - Nov 7 2021 -------------------
------------------------------------------------------------------
++++ audit-secondary:
- Update to version 3.0.6:
* fixes a segfault on some SELINUX_ERR records
* makes IPX packet interpretation dependent on the ipx header
file existing
* adds b32/b64 support to ausyscall
* adds support for armv8l
* fixes auditctl list of syscalls on PPC
* auditd.service now restarts auditd under some conditions
++++ kernel-default:
- series.conf: cleanup
- update upstream reference and move to appropriate section
- patches.suse/ALSA-usb-audio-Restrict-rates-for-the-shared-clocks.patch
- commit 651a971
++++ audit:
- Update to version 3.0.6:
* fixes a segfault on some SELINUX_ERR records
* makes IPX packet interpretation dependent on the ipx header
file existing
* adds b32/b64 support to ausyscall
* adds support for armv8l
* fixes auditctl list of syscalls on PPC
* auditd.service now restarts auditd under some conditions
++++ libseccomp:
- Update to release 2.5.3
* Update the syscall table for Linux v5.15
* Fix issues with multiplexed syscalls on mipsel introduced in v2.5.2
* Document that seccomp_rule_add() may return -EACCES
++++ python-resolvelib:
- update to 0.8.0:
* Add ``backtrack_causes`` to ``get_preference``, which contains information
about the requirements involved in the most recent backtrack. This allows
the provider to utilise this information to tweak the ordering as well as
for recording/reporting conflicts.
* When merging a candidate's dependencies, make sure the merge target is
up-to-date within the loop, so the merge does not lose information when a
candidate returns multiple dependency specifications under one identifier
(e.g. specifyiung two dependencies ``a>1`` and ``a<2``, instead of one single
``a>1,<2`` dependency). `#80 <https://github.com/sarugaku/resolvelib/issues/80>`_
* Redesign ``get_preference()`` to include resolution state on dependencies
other than the currently working one, to allow the provider to better take
account of the global resolver knowledge and determine the best strategy. The
provider now can, for example, correctly calculate how far a dependency is
from the root node in the graph. `#74 <https://github.com/sarugaku/resolvelib/issues/74>`_
* A new argument ``incompatibilities`` is now passed to the ``find_matches()``
hook, which the provider must use to exclude matches from the return value.
* Redesign ``find_matches()`` to include resolution state on dependencies other
than the currently working one, to handle usages that need to return candidates
based on non-local states. One such example is PEP 508 direct URLs specified
on a package, which need to be available to the same package specified with
extras (which would have a different identifier).
* The resolver no longer relies on implicit candidate equality to detect
incompatibilities. This is done by an additional ``find_matches()`` argument;
see the *Features* section to learn more.
* Provide type stubs for most classes.
* Fix a state management bug that causes the resolver to enter an infinite loop
in certain backtracking cases.
* Fix a performance regression if ``find_matches()`` returns a non-built-in sequence instance.
* ``find_matches()`` now may return a ``Callable[[], Iterator[Candidate]]`` to
avoid needing to provide all candidates eagerly for the resolver. This
improves performance when fetching candidates is costly, but not always
required.
* Add ``parent`` argument to the ``add_requirement()`` reporter hook.
* Redesign ``find_matches()`` to support a requirement "adding" candidates to
the set, and nudge the provider away from implementing ``find_matches()`` and
``is_satisfied_by()`` with incorrect set properties.
------------------------------------------------------------------
------------------ 2021-11-6 - Nov 6 2021 -------------------
------------------------------------------------------------------
++++ gawk:
- Add readline-devel to enable readline support in the debugger
- Add mpfr-devel to enable support for MPFR mode
++++ librsvg:
- Add librsvg-s390x-cairo-has-current-point.patch for
https://github.com/gtk-rs/gtk-rs-core/issues/335 - otherwise the
test suite fails on s390x due to a bug in the cairo-rs bindings.
++++ gobject-introspection:
- Add explicit libgirepository-1_0-1 Requires to devel subpackage,
it was already pulled in via the main package, so no real change.
- Use ldconfig_scriptlets macro for post(un) handling.
++++ kernel-default:
- Linux 5.15.1 (bsc#1012628).
- sfc: Fix reading non-legacy supported link modes (bsc#1012628).
- Revert "xhci: Set HCD flag to defer primary roothub
registration" (bsc#1012628).
- Revert "usb: core: hcd: Add support for deferring roothub
registration" (bsc#1012628).
- drm/amdkfd: fix boot failure when iommu is disabled in Picasso
(bsc#1012628).
- Revert "soc: imx: gpcv2: move reset assert after requesting
domain power up" (bsc#1012628).
- ARM: 9120/1: Revert "amba: make use of -1 IRQs warn"
(bsc#1012628).
- Revert "wcn36xx: Disable bmps when encryption is disabled"
(bsc#1012628).
- drm/amdgpu: revert "Add autodump debugfs node for gpu reset v8"
(bsc#1012628).
- drm/amd/display: Revert "Directly retrain link from debugfs"
(bsc#1012628).
- Revert "drm/i915/gt: Propagate change in error status to
children on unhold" (bsc#1012628).
- ALSA: usb-audio: Add quirk for Audient iD14 (bsc#1012628).
- commit 7ecebb2
++++ harfbuzz:
- harfbuzz 3.1.0:
* Better offset-overflow handling in the subsetter library
* Improved Unicode 14 properties in the USE shaper, and various
other USE shaper fixes
* MATH and COLR v1 tables subsetting support, and various other
subsetter fixes
* Support for Pwo Karen / Ason Chin medial la. (Simon Cozens)
* Apply GPOS positioning when substituting with morx table, if
kerx is missing
* Apply calt and clig features across syllable boundaries in
Indic shaper
* Meson option for enabling Graphite 2 has been renamed to
graphite2
* Build and documentation fixes
- add harfbuzz-3.1.0-work-around-GCC-cast-align-error-warning.patch
++++ python-cffi:
- update to 1.15.0:
* Fixed MANIFEST.in to include missing file for Windows arm64 support
* Fixed Linux wheel build to use gcc default ISA for libffi
* Updated setup.py Python trove specifiers to currently-tested Python versions
* CPython 3.10 support (including wheels)
* MacOS arm64 support (including wheels)
* Initial Windows arm64 support
* Misc. doc and test updates
++++ python310-packaging:
- update to 21.2:
* Update documentation entry for 21.1.
* Update pin to pyparsing to exclude 3.0.0.
* PEP 656: musllinux support
* Drop support for Python 2.7, Python 3.4 and Python 3.5.
* Replace distutils usage with sysconfig
* Add support for zip files in ``parse_sdist_filename``
* Use cached ``_hash`` attribute to short-circuit tag equality comparisons
* Specify the default value for the ``specifier`` argument to ``SpecifierSet``
* Proper keyword-only "warn" argument in packaging.tags
* Correctly remove prerelease suffixes from ~= check
* Fix type hints for ``Version.post`` and ``Version.dev``
* Use typing alias ``UnparsedVersion``
* Improve type inference for ``packaging.specifiers.filter()``
* Tighten the return type of ``canonicalize_version()``
++++ python-pbr:
- update to 5.7.0:
* Add a PEP517 interface
* PBR package testing improvements
* Run python3.9 test jobs
* Correct comment for 'D1\_D2\_SETUP\_ARGS'
------------------------------------------------------------------
------------------ 2021-11-5 - Nov 5 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Input: i8042 - Add deferred probe support (bsc#1190256).
- commit 5a246e6
- update patch metadata
- update upstream reference
- patches.suse/arm64-dts-rockchip-Disable-CDN-DP-on-Pinebook-Pro.patch
- commit aa05ab3
- series.conf: cleanup
- move to the section for short lived patches:
- patches.suse/rtw89-Fix-crash-by-loading-compressed-firmware-file.patch
- commit 1fb2e08
- rtw89: Fix crash by loading compressed firmware file
(bsc#1188303).
- commit 42e1103
++++ libgpg-error:
- Update to 1.43:
* Fix for building against GNU libc 2.34.
* Fix gpgrt-config problems.
* Fix gpgrt_free for legacy platforms.
* Fix truncation of error message in the middle of a character.
* Fix the --disable-threads configure options.
* Improve lock-obj generation for cross-builds.
* Improve cross-builds.
* Improve gpgrt_wait_processes.
++++ pcre2:
- pcre2 10.39:
* Fix incorrect detection of alternatives in first character
search in JIT
* Update to Unicode 14.0.0
++++ ceph:
- Update to 16.2.6-462-g5fefbbf8888:
+ rebased on top of upstream commit SHA1 dd7139c66c1d36da50475ec97d8d6b54b07d1dea
* (bsc#1191751) rgw/tracing: unify SO version numbers within librgw2 package
* spec: make selinux scriptlets respect CEPH_AUTO_RESTART_ON_UPGRADE
++++ libsoup:
- Require libsoup-3_0-0 instead of libsoup by in the devel package:
defacto the same package, as the library provides the base name,
but more explicit and clearer.
++++ libxslt:
- shared lib packaging policy boo#1191771
++++ systemd-presets-common-SUSE:
- Replace the pipewire-media-session preset with a wireplumber
user service preset to enable it by default.
++++ vim:
- Updated to version 8.2.3582, fixes the following problems
* Overflow check fails with 32 ints.
* Manipulating highlighting is complicated.
* CI sometimes fails for MinGW.
* gj does not move properly with a wide character.
* Reading character past end of line.
* Reading uninitialized memory when giving spell suggestions.
- add obsolete/conflict with nginx vim plugin
------------------------------------------------------------------
------------------ 2021-11-4 - Nov 4 2021 -------------------
------------------------------------------------------------------
++++ cracklib:
- %check: really test the package [bsc#1191736]
++++ gdk-pixbuf:
- Stop passing no longer used nor recognized options jasper=false
and x11=false to meson, fails the build when using meson 0.60.x.
++++ libvirt:
- Update to libvirt 7.9.0
- jsc#SLE-19264
- Many incremental improvements and bug fixes, see
https://libvirt.org/news.html
- Dropped patches:
3f9c1a4b-fix-host-validate-sev.patch,
2703b0b5-qemu-dont-report-eof.patch,
1b9ce05c-lxc-fix-cgroupV1.patch
- Include collection of active VM config files in the
supportconfig plugin
++++ libzypp:
- Check log writer before accessing it (fixes #355, bsc#1192337)
- Save locks: Update an existing locks changed comment string.
- Allow uname-r format in purge kernels keepspec (fixes
openSUSE/zypper#418)
- version 17.28.7 (22)
++++ patterns-alp:
- renamed to ALP
++++ python-libvirt-python:
- Update to 7.9.0
- Add all new APIs and constants in libvirt 7.9.0
- jsc#SLE-19264
------------------------------------------------------------------
------------------ 2021-11-3 - Nov 3 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- supported-flag: consolidate a bit more
patches.suse/revert-modpost-remove-get_next_text-and-make-grab-release_-file-s.patch
is a partial revert of mainline commit 75893572d453 ("modpost: remove
get_next_text() and make {grab,release_}file static"); it restores function
get_next_line() which was removed in mainline but we still need it.
As the function is static and only used in code built only with
CONFIG_SUSE_KERNEL_SUPPORTED enabled, compiler issues a warning when
building with CONFIG_SUSE_KERNEL_SUPPORTED disabled. Merge the patch into
patches.suse/add-suse-supported-flag.patch and move the function into
an #ifdef CONFIG_SUSE_KERNEL_SUPPORTED block.
The only effect on expanded tree is moving get_next_line() lower so that it
is only compiled when CONFIG_SUSE_KERNEL_SUPPORTED=n.
- commit 0c612fa
- Input: i8042 - Add quirk for Fujitsu Lifebook T725
(bsc#1191980).
- commit 44f2754
- update patch metadata
- update upstream references:
- patches.suse/Bluetooth-sco-Fix-lock_sock-blockage-by-memcpy_from_.patch
- patches.suse/media-firewire-firedtv-avc-fix-a-buffer-overflow-in-.patch
- patches.suse/rtw89-Fix-two-spelling-mistakes-in-debug-messages.patch
- patches.suse/rtw89-Fix-variable-dereferenced-before-check-sta.patch
- patches.suse/rtw89-Remove-redundant-check-of-ret-after-call-to-rt.patch
- patches.suse/rtw89-add-Realtek-802.11ax-driver.patch
- patches.suse/rtw89-fix-error-function-parameter.patch
- patches.suse/rtw89-fix-return-value-check-in-rtw89_cam_send_sec_k.patch
- patches.suse/rtw89-fix-return-value-in-hfc_pub_cfg_chk.patch
- patches.suse/rtw89-remove-duplicate-register-definitions.patch
- patches.suse/rtw89-remove-unneeded-semicolon.patch
- commit 2e35b89
++++ patterns-base:
- remove glibc-locale-base from enhanced_base, already recommended in base
- replace no longer existing system-tuning-common-SUSE with udev-extra-rules
- add handling for grub2-branding-SLE (should be done in grub2 really)
++++ vim:
- Updated to version 8.2.3577, fixes the following problems
* Test_very_large_count fails on 32bit systems.
* Some unicode control characters are considered printable.
* Memory leak when closing window and using "multispace" in 'listchars'.
* Cannot decide whether to skip test that fails with 64 bit ints. (closes
[#9072])
* Divide by zero.
* Overflow check still fails when sizeof(int) == sizeof(long).
* Some functions are not documented for use with a method.
* Overflow check fails with 32 ints.
- Current vim seems to have timing problems with its parser to
distinguish between <ESC> and <ESC>[~3 at least in urxvt
------------------------------------------------------------------
------------------ 2021-11-2 - Nov 2 2021 -------------------
------------------------------------------------------------------
++++ aaa_base:
- Update to version 84.87+git20211102.80d7177:
* Add $HOME/.local/bin to PATH, if it exists (bsc#1192248)
* Avoid tcsh undefined LANG variable (boo#1190142)
++++ librsvg:
- Add cargo audit obs service
++++ llvm15:
- Let clang recommend gcc and glibc-devel as we need both for
building executables. No hard requirement because Clang can be
used as a frontend only. (boo#1191587)
- Set minimal CMake version required.
- Backport llvm-fix-building-with-GCC-12.patch in order to fix building
with GCC 12.
++++ libgcrypt:
- FIPS: PBKDF requirements [bsc#1185137]
* The PBKDF2 selftests were introduced in libgcrypt version
1.9.1 in the function selftest_pbkdf2()
* Upstream task: https://dev.gnupg.org/T5182
++++ ncurses:
- Add ncurses patch 20211030
+ simplify some references to WINDOWS._flags using macros.
+ add a "check" rule in Ada95 makefile, to help with test-packages.
+ build-fix for cross-compiling to MingW, conditionally add -lssp
- Correct offsets of patch ncurses-6.3.dif
++++ openssl-1_1:
- Add missing libopenssl1_1-hmac 32bit package
++++ systemd:
- Add 0001-Revert-core-Check-unit-start-rate-limiting-earlier.patch
Temporarly revert commit ed8fbbf1745c6a2dc0b8cd560ac8a3353f72e979
until the regression it introduced [1] is addressed by upstream and
a fix is released via the stable tree.
[1] https://github.com/systemd/systemd/issues/21025
++++ pam:
- Add /run/pam_timestamp to pam.tmpfiles
++++ vim:
- fix boo#1192225
- Updated to version 8.2.3570, fixes the following problems
* CTRL-I in Insert mode is not tested
* Ctrl-hat test fails with Athena and Motif. (Elimar Riesebieter)
* Error for :let when vimrc is Vim 9 script.
* Test_very_large_count fails on 32bit systems.
- Avoid the second to parse the Delete ANSI sequence in gvim
------------------------------------------------------------------
------------------ 2021-11-1 - Nov 1 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Drop patches where were added for ustat()
glibc doesn't expose this system call anymore, and so no point in
carrying this delta. LTP does test for this but the test uses its
own headers instead of libc for it. It is not worth carrying this
delta for a deprecated call.
This patch set was tested with kernel-ci and found no new regressions
with btrfs.
- Delete
patches.suse/btrfs-fs-super.c-add-new-super-block-devices-super_block_d.patch.
- Delete patches.suse/btrfs-use-the-new-VFS-super_block_dev.patch.
(Cherry picked from commit ea7c7f6bd63bd560c95f994b1aff269fa53bfc8d)
- commit 9fa259a
- Refresh patches.suse/iwlwifi-module-firmware-ucode-fix.patch (boo#1191417)
There is one model that contains *-66.ucode. Add the exception.
- commit f0d7a09
++++ libfido2:
- Version 1.9.0 (2021-10-27)
* Enabled NFC support on Linux.
* Added OpenSSL 3.0 compatibility.
* Removed OpenSSL 1.0 compatibility.
* Support for FIDO 2.1 "minPinLength" extension.
* Support for COSE_EDDSA, COSE_ES256, and COSE_RS1 attestation.
* Support for TPM 2.0 attestation.
* Support for device timeouts; see fido_dev_set_timeout().
* New API calls:
- es256_pk_from_EVP_PKEY;
- fido_cred_attstmt_len;
- fido_cred_attstmt_ptr;
- fido_cred_pin_minlen;
- fido_cred_set_attstmt;
- fido_cred_set_pin_minlen;
- fido_dev_set_pin_minlen_rpid;
- fido_dev_set_timeout;
- rs256_pk_from_EVP_PKEY.
* Reliability and portability fixes.
* Better handling of HID devices without identification strings; gh#381.
* Fixed detection of Windows’s native webauthn API; gh#382.
++++ openssl-1_1:
- Drop openssl-no-date.patch
Upstream added support for reproducible builds via SOURCE_DATE_EPOCH in
https://github.com/openssl/openssl/commit/8a8d9e190533ee41e8b231b18c7837f98f1ae231
thereby making this patch obsolete as builds *should* still be reproducible.
++++ python-PyYAML:
- Add patch setuptools.patch
- update to 6.0
* drop Python 2.7
* always require `Loader` arg to `yaml.load()`
* fix float resolver to ignore `.` and `._`
* fix representation of Enum subclasses
* fix libyaml extension compiler warnings
* fix ResourceWarning on leaked file descriptors
* remove remaining direct distutils usage
------------------------------------------------------------------
------------------ 2021-10-31 - Oct 31 2021 -------------------
------------------------------------------------------------------
++++ gawk:
- GNU awk 5.1.1
* asort and asorti now allow FUNCTAB and SYMTAB as the first
argument if a second destination array is supplied. Similarly,
using either array as the second argument is now a fatal error.
Additionally, using either array as the destination for split(),
match(), etc. also causes a fatal error.
* The new -I/--trace option prints a trace of the byte codes as
they are executed.
* A number of subtle bugs relating to MPFR mode that caused
differences between regular operation and MPFR mode have been
fixed.
* The API now handles MPFR/GMP values slightly differently,
requiring different memory management for those values.
* $0 and the fields are now cleared before starting a BEGINFILE
rule.
* Handling of Infinity and NaN values has been improved
* The "no effect" lint warnings have been fixed up and now behave
more sanely.
* The behavior of strongly-typed regexp constants when passed as
the third argument to sub() or gsub() has been clarified in the
code and in the manual.
* Similar to item #4 above, division by zero is now fatal in MPFR
mode, as it is in regular mode.
++++ kernel-default:
- Update to 5.15 final
- refresh configs
- drop CONFIG_RESET_PISTACHIO
- commit 2ab31e7
- config: update and enable armv6hl
Update armv6hl configs to 5.15-rc7 and enable them. Where possible, values
are taken from armv7hl, the rest is guesswork based on values of similar
config options.
- commit 22c5286
- config: update and enable armv7hl
Update armv7hl configs to 5.15-rc7 and enable them. Where possible, values
are taken from arm64, the rest is guesswork based on values of similar
config options.
- commit 3b362e7
- config: update and enable arm64
Update arm64 configs to 5.15-rc7 and enable them. Where possible, values
are taken from x86_64, the rest is guesswork based on values of similar
config options.
- commit 482d5b4
++++ vim:
- Updated to version 8.2.3567, fixes the following problems
* Xxd revert does not handle end of line correctly.
* Xxd has various way to exit.
* ModeChanged is not triggered on every mode change.
* Filler lines are incorrect for other window in diff mode after making
a change.
* Vim9: cannot call imported funcref at script level.
* Vim9: asserting the wrong variable.
* Loop variable recreated every time.
* Using freed memory with lambda.
* Cscope has a complicated way of giving an error message.
* Cannot add color names.
* Build failure with +eval but without GUI or +termguicolors
* Invalid memory access when scrolling without a valid screen.
* Makefile dependencies are outdated. (Gary Johnson)
* Build failure on old systems when using nano timestamp.
* CTRL-I in Insert mode is not tested
------------------------------------------------------------------
------------------ 2021-10-30 - Oct 30 2021 -------------------
------------------------------------------------------------------
++++ python-pyOpenSSL:
- Add check_inv_ALPN_lists.patch checks for invalid ALPN lists
before calling OpenSSL (gh#pyca/pyopenssl#1056).
------------------------------------------------------------------
------------------ 2021-10-29 - Oct 29 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- rtw89: Fix variable dereferenced before check 'sta'
(bsc#1191321).
- rtw89: fix return value in hfc_pub_cfg_chk (bsc#1191321).
- rtw89: remove duplicate register definitions (bsc#1191321).
- rtw89: fix error function parameter (bsc#1191321).
- rtw89: remove unneeded semicolon (bsc#1191321).
- rtw89: fix return value check in rtw89_cam_send_sec_key_cmd()
(bsc#1191321).
- rtw89: Remove redundant check of ret after call to
rtw89_mac_enable_bb_rf (bsc#1191321).
- rtw89: Fix two spelling mistakes in debug messages
(bsc#1191321).
- rtw89: Fix variable dereferenced before check 'sta'
(bsc#1191321).
- rtw89: fix return value in hfc_pub_cfg_chk (bsc#1191321).
- rtw89: remove duplicate register definitions (bsc#1191321).
- rtw89: fix error function parameter (bsc#1191321).
- rtw89: remove unneeded semicolon (bsc#1191321).
- rtw89: fix return value check in rtw89_cam_send_sec_key_cmd()
(bsc#1191321).
- rtw89: Remove redundant check of ret after call to
rtw89_mac_enable_bb_rf (bsc#1191321).
- rtw89: Fix two spelling mistakes in debug messages
(bsc#1191321).
- commit 719bb03
------------------------------------------------------------------
------------------ 2021-10-28 - Oct 28 2021 -------------------
------------------------------------------------------------------
++++ Mesa:
- update to 21.2.5
* bit of everything: general vulkan, panfrost, and zink are the
biggest changes.
++++ Mesa-drivers:
- update to 21.2.5
* bit of everything: general vulkan, panfrost, and zink are the
biggest changes.
++++ cpio:
- Update keyring
++++ glib2:
- Update to version 2.70.1:
+ Fix network changes not being signalled from NetworkManager.
+ Fix build when building with --fatal-meson-warnings.
+ Bugs fixed: glgo#GNOME/GLib#2505, glgo#GNOME/GLib!2245,
glgo#GNOME/GLib!2253, glgo#GNOME/GLib!2256,
glgo#GNOME/GLib!2259, glgo#GNOME/GLib!2262,
glgo#GNOME/GLib!2271, glgo#GNOME/GLib!2276,
glgo#GNOME/GLib!2300, glgo#GNOME/GLib!2301,
glgo#GNOME/GLib!2302, glgo#GNOME/GLib!2304.
- Refresh patches with quilt.
++++ kernel-default:
- config: arm64: enable dpaa2 restool support
References: bsc#1191190
- commit c86f145
++++ kmod:
- Enable ZSTD on 15.3 as well (boo#1192104).
- Only test ZSTD in testsuite on releases where it is available.
++++ libgcrypt:
- FIPS: Fix regression tests in FIPS mode [bsc#1192131]
* Add libgcrypt-FIPS-fix-regression-tests.patch
* Upstream task: https://dev.gnupg.org/T5520
++++ nfs-utils:
- Add CONFIG parameter to %sysusers_generate_pre
- Remove unneeded group line (user implies group)
- Add Shell parameter to statd-user.conf
++++ python-requests:
- Correct {Build,}Requires for charset_normalizer.
- Add trustme to BuildRequires for the test suite.
++++ virt-manager:
- bsc#1188223 - L3: Sles12sp3 DomU won't boot after adding phys
hard drive
virtinst-xenbus-disk-index-fix.patch
------------------------------------------------------------------
------------------ 2021-10-27 - Oct 27 2021 -------------------
------------------------------------------------------------------
++++ librsvg:
- Update to version 2.52.3:
+ Bugfixes, mostly for text layout. Also, text links in PDF!
- Support text-decoration=overline.
- Basic support for the unicode-bidi property. Librsvg still
considers each tspan independently of others, which is
incorrect, but at least bidi-override works now for a single
embedding level.
- Fix placement of tspan that changes the text direction.
- :lang() selector should now match lang attribute from an
element's parent.
- Fix the text-anchor property for right-to-left text.
- PDF now includes links inside text elements.
++++ kernel-default:
- Linux 5.14.15 (bsc#1012628).
- block/mq-deadline: Move dd_queued() to fix defined but not
used warning (bsc#1012628).
- parisc: math-emu: Fix fall-through warnings (bsc#1012628).
- sh: pgtable-3level: fix cast to pointer from integer of
different size (bsc#1012628).
- arm: dts: vexpress-v2p-ca9: Fix the SMB unit-address
(bsc#1012628).
- ARM: dts: at91: sama5d2_som1_ek: disable ISC node by default
(bsc#1012628).
- block: decode QUEUE_FLAG_HCTX_ACTIVE in debugfs output
(bsc#1012628).
- xen/x86: prevent PVH type from getting clobbered (bsc#1012628).
- r8152: avoid to resubmit rx immediately (bsc#1012628).
- drm/amdgpu/display: fix dependencies for DRM_AMD_DC_SI
(bsc#1012628).
- drm/amdgpu: init iommu after amdkfd device init (bsc#1012628).
- xtensa: xtfpga: use CONFIG_USE_OF instead of CONFIG_OF
(bsc#1012628).
- xtensa: xtfpga: Try software restart before simulating CPU reset
(bsc#1012628).
- NFSD: Keep existing listeners on portlist error (bsc#1012628).
- powerpc/lib: Add helper to check if offset is within conditional
branch range (bsc#1012628).
- powerpc/bpf: Validate branch ranges (bsc#1012628).
- powerpc/security: Add a helper to query stf_barrier type
(bsc#1012628).
- powerpc/bpf: Emit stf barrier instruction sequences for
BPF_NOSPEC (bsc#1012628).
- ASoC: pcm512x: Mend accesses to the I2S_1 and I2S_2 registers
(bsc#1012628).
- ASoC: fsl_xcvr: Fix channel swap issue with ARC (bsc#1012628).
- ASoC: pcm179x: Add missing entries SPI to device ID table
(bsc#1012628).
- ASoC: cs4341: Add SPI device ID table (bsc#1012628).
- KVM: arm64: Fix host stage-2 PGD refcount (bsc#1012628).
- KVM: arm64: Release mmap_lock when using VM_SHARED with MTE
(bsc#1012628).
- netfilter: xt_IDLETIMER: fix panic that occurs when timer_type
has garbage value (bsc#1012628).
- netfilter: nf_tables: skip netdev events generated on netns
removal (bsc#1012628).
- dma-debug: fix sg checks in debug_dma_map_sg() (bsc#1012628).
- ASoC: wm8960: Fix clock configuration on slave mode
(bsc#1012628).
- ice: Fix failure to re-add LAN/RDMA Tx queues (bsc#1012628).
- ice: Avoid crash from unnecessary IDA free (bsc#1012628).
- ice: fix getting UDP tunnel entry (bsc#1012628).
- ice: Print the api_patch as part of the fw.mgmt.api
(bsc#1012628).
- netfilter: ip6t_rt: fix rt0_hdr parsing in rt_mt6 (bsc#1012628).
- netfilter: ipvs: make global sysctl readonly in non-init netns
(bsc#1012628).
- sctp: fix transport encap_port update in sctp_vtag_verify
(bsc#1012628).
- lan78xx: select CRC32 (bsc#1012628).
- tcp: md5: Fix overlap between vrf and non-vrf keys
(bsc#1012628).
- ipv6: When forwarding count rx stats on the orig netdev
(bsc#1012628).
- hamradio: baycom_epp: fix build for UML (bsc#1012628).
- net: dsa: lantiq_gswip: fix register definition (bsc#1012628).
- net/sched: act_ct: Fix byte count on fragmented packets
(bsc#1012628).
- NIOS2: irqflags: rename a redefined register name (bsc#1012628).
- net: dsa: Fix an error handling path in
'dsa_switch_parse_ports_of()' (bsc#1012628).
- powerpc/smp: do not decrement idle task preempt count in CPU
offline (bsc#1012628).
- net: hns3: Add configuration of TM QCN error event
(bsc#1012628).
- net: hns3: reset DWRR of unused tc to zero (bsc#1012628).
- net: hns3: add limit ets dwrr bandwidth cannot be 0
(bsc#1012628).
- net: hns3: schedule the polling again when allocation fails
(bsc#1012628).
- net: hns3: fix vf reset workqueue cannot exit (bsc#1012628).
- net: hns3: disable sriov before unload hclge layer
(bsc#1012628).
- net: stmmac: Fix E2E delay mechanism (bsc#1012628).
- ptp: Fix possible memory leak in ptp_clock_register()
(bsc#1012628).
- e1000e: Fix packet loss on Tiger Lake and later (bsc#1012628).
- igc: Update I226_K device ID (bsc#1012628).
- ice: Add missing E810 device ids (bsc#1012628).
- net/mlx5e: IPsec: Fix a misuse of the software parser's fields
(bsc#1012628).
- net/mlx5e: IPsec: Fix work queue entry ethernet segment checksum
flags (bsc#1012628).
- drm/panel: ilitek-ili9881c: Fix sync for Feixin K101-IM2BYL02
panel (bsc#1012628).
- drm/kmb: Work around for higher system clock (bsc#1012628).
- drm/kmb: Remove clearing DPHY regs (bsc#1012628).
- drm/kmb: Disable change of plane parameters (bsc#1012628).
- drm/kmb: Corrected typo in handle_lcd_irq (bsc#1012628).
- drm/kmb: Enable ADV bridge after modeset (bsc#1012628).
- net: enetc: fix ethtool counter name for PM0_TERR (bsc#1012628).
- net: enetc: make sure all traffic classes can send large frames
(bsc#1012628).
- can: rcar_can: fix suspend/resume (bsc#1012628).
- can: peak_usb: pcan_usb_fd_decode_status(): fix back to
ERROR_ACTIVE state notification (bsc#1012628).
- can: peak_pci: peak_pci_remove(): fix UAF (bsc#1012628).
- can: isotp: isotp_sendmsg(): fix return error on FC timeout
on TX path (bsc#1012628).
- can: isotp: isotp_sendmsg(): add result check for
wait_event_interruptible() (bsc#1012628).
- can: isotp: isotp_sendmsg(): fix TX buffer concurrent access
in isotp_sendmsg() (bsc#1012628).
- can: j1939: j1939_tp_rxtimer(): fix errant alert in
j1939_tp_rxtimer (bsc#1012628).
- can: j1939: j1939_netdev_start(): fix UAF for rx_kref of
j1939_priv (bsc#1012628).
- can: j1939: j1939_xtp_rx_dat_one(): cancel session if receive
TP.DT with error length (bsc#1012628).
- can: j1939: j1939_xtp_rx_rts_session_new(): abort TP less than
9 bytes (bsc#1012628).
- ceph: skip existing superblocks that are blocklisted or shut
down when mounting (bsc#1012628).
- ceph: fix handling of "meta" errors (bsc#1012628).
- tracing: Have all levels of checks prevent recursion
(bsc#1012628).
- ocfs2: fix data corruption after conversion from inline format
(bsc#1012628).
- ocfs2: mount fails with buffer overflow in strlen (bsc#1012628).
- mm/userfaultfd: selftests: fix memory corruption with thp
enabled (bsc#1012628).
- userfaultfd: fix a race between writeprotect and exit_mmap()
(bsc#1012628).
- mm/mempolicy: do not allow illegal MPOL_F_NUMA_BALANCING |
MPOL_LOCAL in mbind() (bsc#1012628).
- elfcore: correct reference to CONFIG_UML (bsc#1012628).
- vfs: check fd has read access in kernel_read_file_from_fd()
(bsc#1012628).
- mm/secretmem: fix NULL page->mapping dereference in
page_is_secretmem() (bsc#1012628).
- ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset
(bsc#1012628).
- ALSA: hda/realtek: Add quirk for Clevo PC50HS (bsc#1012628).
- ASoC: DAPM: Fix missing kctl change notifications (bsc#1012628).
- ASoC: nau8824: Fix headphone vs headset, button-press detection
no longer working (bsc#1012628).
- blk-cgroup: blk_cgroup_bio_start() should use irq-safe
operations on blkg->iostat_cpu (bsc#1012628).
- audit: fix possible null-pointer dereference in
audit_filter_rules (bsc#1012628).
- net: dsa: mt7530: correct ds->num_ports (bsc#1012628).
- ucounts: Move get_ucounts from cred_alloc_blank to
key_change_session_keyring (bsc#1012628).
- ucounts: Pair inc_rlimit_ucounts with dec_rlimit_ucoutns in
commit_creds (bsc#1012628).
- ucounts: Proper error handling in set_cred_ucounts
(bsc#1012628).
- ucounts: Fix signal ucount refcounting (bsc#1012628).
- KVM: PPC: Book3S HV: Fix stack handling in
idle_kvm_start_guest() (bsc#1012628).
- KVM: PPC: Book3S HV: Make idle_kvm_start_guest() return 0 if
it went to guest (bsc#1012628).
- powerpc/idle: Don't corrupt back chain when going idle
(bsc#1012628).
- mm, slub: fix mismatch between reconstructed freelist depth
and cnt (bsc#1012628).
- mm, slub: fix potential memoryleak in kmem_cache_open()
(bsc#1012628).
- mm, slub: fix potential use-after-free in slab_debugfs_fops
(bsc#1012628).
- mm, slub: fix incorrect memcg slab count for bulk free
(bsc#1012628).
- KVM: nVMX: promptly process interrupts delivered while in
guest mode (bsc#1012628).
- KVM: SEV: Flush cache on non-coherent systems before
RECEIVE_UPDATE_DATA (bsc#1012628).
- KVM: SEV-ES: rename guest_ins_data to sev_pio_data
(bsc#1012628).
- KVM: SEV-ES: clean up kvm_sev_es_ins/outs (bsc#1012628).
- KVM: SEV-ES: keep INS functions together (bsc#1012628).
- KVM: SEV-ES: fix length of string I/O (bsc#1012628).
- KVM: SEV-ES: go over the sev_pio_data buffer in multiple passes
if needed (bsc#1012628).
- KVM: SEV-ES: reduce ghcb_sa_len to 32 bits (bsc#1012628).
- KVM: x86: leave vcpu->arch.pio.count alone in
emulator_pio_in_out (bsc#1012628).
- KVM: x86: check for interrupts before deciding whether to exit
the fast path (bsc#1012628).
- KVM: x86: split the two parts of emulator_pio_in (bsc#1012628).
- KVM: x86: remove unnecessary arguments from
complete_emulator_pio_in (bsc#1012628).
- nfc: nci: fix the UAF of rf_conn_info object (bsc#1012628).
- isdn: cpai: check ctr->cnr to avoid array index out of bound
(bsc#1012628).
- netfilter: Kconfig: use 'default y' instead of 'm' for bool
config option (bsc#1012628).
- selftests: netfilter: remove stray bash debug line
(bsc#1012628).
- net: bridge: mcast: use multicast_membership_interval for IGMPv3
(bsc#1012628).
- KVM: SEV-ES: Set guest_state_protected after VMSA update
(bsc#1012628).
- drm: mxsfb: Fix NULL pointer dereference crash on unload
(bsc#1012628).
- net: hns3: fix the max tx size according to user manual
(bsc#1012628).
- KVM: MMU: Reset mmu->pkru_mask to avoid stale data
(bsc#1012628).
- kunit: fix reference count leak in kfree_at_end (bsc#1012628).
- drm/msm/a6xx: Serialize GMU communication (bsc#1012628).
- gcc-plugins/structleak: add makefile var for disabling
structleak (bsc#1012628).
- iio/test-format: build kunit tests without structleak plugin
(bsc#1012628).
- device property: build kunit tests without structleak plugin
(bsc#1012628).
- thunderbolt: build kunit tests without structleak plugin
(bsc#1012628).
- bitfield: build kunit tests without structleak plugin
(bsc#1012628).
- objtool: Check for gelf_update_rel[a] failures (bsc#1012628).
- objtool: Update section header before relocations (bsc#1012628).
- btrfs: deal with errors when checking if a dir entry exists
during log replay (bsc#1012628).
- net: stmmac: add support for dwmac 3.40a (bsc#1012628).
- ARM: dts: spear3xx: Fix gmac node (bsc#1012628).
- isdn: mISDN: Fix sleeping function called from invalid context
(bsc#1012628).
- platform/x86: intel_scu_ipc: Increase virtual timeout to 10s
(bsc#1012628).
- platform/x86: intel_scu_ipc: Update timeout value in comment
(bsc#1012628).
- ALSA: hda: avoid write to STATESTS if controller is in reset
(bsc#1012628).
- spi: Fix deadlock when adding SPI controllers on SPI buses
(bsc#1012628).
- spi-mux: Fix false-positive lockdep splats (bsc#1012628).
- libperf test evsel: Fix build error on !x86 architectures
(bsc#1012628).
- libperf tests: Fix test_stat_cpu (bsc#1012628).
- perf/x86/msr: Add Sapphire Rapids CPU support (bsc#1012628).
- Input: snvs_pwrkey - add clk handling (bsc#1012628).
- ASoC: codec: wcd938x: Add irq config support (bsc#1012628).
- scsi: iscsi: Fix set_param() handling (bsc#1012628).
- scsi: storvsc: Fix validation for unsolicited incoming packets
(bsc#1012628).
- scsi: mpi3mr: Fix duplicate device entries when scanning
through sysfs (bsc#1012628).
- scsi: qla2xxx: Fix a memory leak in an error path of
qla2x00_process_els() (bsc#1012628).
- mm/thp: decrease nr_thps in file's mapping on THP split
(bsc#1012628).
- sched/scs: Reset the shadow stack when idle_task_exit
(bsc#1012628).
- net: hns3: fix for miscalculation of rx unused desc
(bsc#1012628).
- net/mlx5: Lag, move lag destruction to a workqueue
(bsc#1012628).
- net/mlx5: Lag, change multipath and bonding to be mutually
exclusive (bsc#1012628).
- drm/kmb: Enable alpha blended second plane (bsc#1012628).
- drm/kmb: Limit supported mode to 1080p (bsc#1012628).
- autofs: fix wait name hash calculation in autofs_wait()
(bsc#1012628).
- scsi: core: Fix shost->cmd_per_lun calculation in
scsi_add_host_with_dma() (bsc#1012628).
- s390/pci: cleanup resources only if necessary (bsc#1012628).
- s390/pci: fix zpci_zdev_put() on reserve (bsc#1012628).
- bpf, test, cgroup: Use sk_{alloc,free} for test cases
(bsc#1012628).
- net: mdiobus: Fix memory leak in __mdiobus_register
(bsc#1012628).
- e1000e: Separate TGP board type from SPT (bsc#1012628).
- ARM: 9122/1: select HAVE_FUTEX_CMPXCHG (bsc#1012628).
- pinctrl: stm32: use valid pin identifier in
stm32_pinctrl_resume() (bsc#1012628).
- Update config files.
- commit 3416a5a
++++ kernel-firmware:
- Update to version 20211027 (git commit 1d00989a6596):
* linux-firmware: Update AMD cpu microcode
* QCA: Update Bluetooth firmware for WCN685x
* bnx2x: Add FW 7.13.20.0
* Mellanox: Add new mlxsw_spectrum firmware xx.2010.1006
* linux-firmware: Update NXP Management Complex firmware to version 10.28.1
* linux-firmware: update firmware for MT7921 WiFi device
* rtw89: 8852a: update fw to v0.13.30.0
* linux-firmware: Update firmware file for Intel Bluetooth 9462
* linux-firmware: Update firmware file for Intel Bluetooth 9462
* linux-firmware: Update firmware file for Intel Bluetooth 9560
* linux-firmware: Update firmware file for Intel Bluetooth 9560
* linux-firmware: Update firmware file for Intel Bluetooth AX201
* linux-firmware: Update firmware file for Intel Bluetooth AX201
* linux-firmware: Update firmware file for Intel Bluetooth AX211
* linux-firmware: Update firmware file for Intel Bluetooth AX211
* linux-firmware: Update firmware file for Intel Bluetooth AX210
* linux-firmware: Update firmware file for Intel Bluetooth 9560
* linux-firmware: Update firmware file for Intel Bluetooth 9260
* linux-firmware: Update firmware file for Intel Bluetooth AX200
* linux-firmware: Update firmware file for Intel Bluetooth AX201
- Update topics and aliases for rtw88 and rtw89
++++ ncurses:
- Add ncurses patch 20211026
+ corrected regex needed for older pkg-config used in Solaris 10.
+ amend configure option's auto-search to account for systems where
none of the directories known to pkg-config exist, adapted from
mailing-list comment (report by Milan P. Stanic).
- Port patch ncurses-6.2.dif which is now named ncurses-6.3.dif
++++ snappy:
- Re-enable RTTI, without which other applications can't subclass
snappy::Source (this breaks Ceph, as one example)
- Add reenable-rtti.patch
++++ patterns-base:
- remove mention of "Minimal" from the base pattern
------------------------------------------------------------------
------------------ 2021-10-26 - Oct 26 2021 -------------------
------------------------------------------------------------------
++++ python-pyOpenSSL:
- update to 21.0.0 (bsc#1200771, jsc#SLE-24519):
- The minimum ``cryptography`` version is now 3.3.
- Drop support for Python 3.5
- Raise an error when an invalid ALPN value is set.
- Added ``OpenSSL.SSL.Context.set_min_proto_version`` and ``OpenSSL.SSL.Context.set_max_proto_version``
- Updated ``to_cryptography`` and ``from_cryptography`` methods to support an
upcoming release of ``cryptography`` without raising deprecation warnings.
++++ python-requests:
- update to 2.26.0:
- `Session.send` now correctly resolves proxy configurations from both
the Session and Request. Behavior now matches `Session.request`. (#5681)
- Fixed a race condition in zip extraction when using Requests in parallel
from zip archive. (#5707)
- Instead of `chardet`, use the MIT-licensed `charset_normalizer` for Python3
to remove license ambiguity for projects bundling requests.
- Requests now supports `idna` 3.x on Python 3. `idna` 2.x will continue to
be used on Python 2 installations. (#5711)
- The `requests[security]` extra has been converted to a no-op install.
PyOpenSSL is no longer the recommended secure option for Requests. (#5867)
- Requests has officially dropped support for Python 3.5. (#5867)
- drop 5711.patch: upstream
++++ python-urllib3:
- update to 1.26.7:
* Fixed a bug with HTTPS hostname verification involving IP addresses and lack
of SNI.
* Fixed a bug where IPv6 braces weren't stripped during certificate hostname
matching.
++++ qemu:
- qemu: virtio-net: heap use-after-free in virtio_net_receive_rcu
(bsc#1189938 CVE-2021-3748)
solved by virtio-net-fix-use-after-unmap-free-for-.patch
- kvm,qemu: out-of-bounds write in UAS (USB Attached SCSI) device emulation
(bsc#1189702 CVE-2021-3713)
* Patches added:
uas-add-stream-number-sanity-checks.patch
++++ ovmf:
- Removed patches which are merged to mainline:
ovmf-bsc1186151-fix-iscsi-overflows.patch
ovmf-xen-relocate-shared_info_page-map.patch
- Removed patches because replaced:
ovmf-fix-xen-s3-detection.patch -> ovmf-OvmfPkg-OvmfXen-set-PcdAcpiS3Enable-at-initializatio.patch
ovmf-xen-add-qemu-kernel-loader-fs.patch -> ovmf-OvmfPkg-OvmfXen-add-QemuKernelLoaderFsDxe.patch
++++ virt-manager:
- jsc#SLE-21540 Dev: Prefer UEFI when creating new virtual machines.
Add a preferences option to allow users to default to UEFI when
creating a new VM. Libvirt decides which firmware file to use.
virtman-add-firmware-preferences.patch
- Renamed patch virtinst-modify-gui-defaults.patch to
virtman-modify-gui-defaults.patch
------------------------------------------------------------------
------------------ 2021-10-25 - Oct 25 2021 -------------------
------------------------------------------------------------------
++++ boost-base:
- Fix boost nowide development not requiring the library itself
++++ kernel-default:
- Update to 5.15-rc7
- commit 89a05b7
++++ avahi:
- Change %python38_version_nodots to %suse_version which is
compatible with Leap and SLE. See also:
https://github.com/openSUSE/python-rpm-macros/issues/107
++++ openldap2:
- update to 2.5.9
OpenLDAP 2.5.9 Release (2021/10/25)
Fixed slapo-accesslog to initialize minCSN on import of 2.4 databases (ITS#9720)
++++ nfs-utils:
- add Add-disable-sbin-override-for-when-sbin-is-a-symlink.patch
and use it to move last few binaries from /sbin to /usr/sbin
(bsc#1191082)
- Move nfsdclddb and nfsdclnts from nfs-client to
nfs-kernel-server and fix their permissions.
++++ open-iscsi:
- Fix the usr-merge changes (bsc#1192013). This includes catching
all the places that /sbin was still used directly, as well as
making the SPEC file build using /usr/sbin for openSUSE but
still use /sbin for SLE, for now.
++++ selinux-policy:
- fix_wine.patch: give Wine .dll same context as .so (bsc#1191976)
------------------------------------------------------------------
------------------ 2021-10-24 - Oct 24 2021 -------------------
------------------------------------------------------------------
++++ pcre2:
- pcre2 10.38:
* Following Perl's lead, \K is now locked out in lookaround
assertions by default, but an option is provided to re-enable
the previous behaviour
++++ libsoup:
- Update to version 3.0.2:
+ Add support for multiple auth challenges in one response.
+ Fix SoupCache test failures on 32bit
+ Don't treat `-Wincompatible-pointer-types` as error. The
`glib-mkenums` tool sometimes triggered this.
+ Improve `gssapi` dependency handling.
+ Fix undefined `ssize_t` on Windows.
+ Updated translations.
- No longer ignore test failure on 32-bit arches, fixed upstream.
------------------------------------------------------------------
------------------ 2021-10-23 - Oct 23 2021 -------------------
------------------------------------------------------------------
++++ mozilla-nss:
- update to NSS 3.71
* bmo#1717716 - Set nssckbi version number to 2.52.
* bmo#1667000 - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py
* bmo#1373716 - Import of PKCS#12 files with Camellia encryption is not supported
* bmo#1717707 - Add HARICA Client ECC Root CA 2021.
* bmo#1717707 - Add HARICA Client RSA Root CA 2021.
* bmo#1717707 - Add HARICA TLS ECC Root CA 2021.
* bmo#1717707 - Add HARICA TLS RSA Root CA 2021.
* bmo#1728394 - Add TunTrust Root CA certificate to NSS.
- required for Firefox 94
------------------------------------------------------------------
------------------ 2021-10-22 - Oct 22 2021 -------------------
------------------------------------------------------------------
++++ bash:
- Using package bash-sh instead of the update-alternative
mechanism.
++++ transactional-update:
- Version 3.6.0
- Simplify mount hierarchy by just using a single slave bind
mount as the root of the update environment; this may avoid the
error messages of failed unmounts
May fix [boo#1191945]
++++ cairo:
- Add upstream patch
+ cairo-do-not-override-explicitly-requested-grayscale-aa.patch
Do not replace explicitly set applications settings by user
settings for font antialiasing.
See: https://gitlab.freedesktop.org/cairo/cairo/-/merge_requests/114
++++ ncurses:
- Update to ncurses 6.3 (patch 20211021)
+ update release notes
+ add "ncu2openbsd" script, to illustrate how to update an OpenBSD
system to use a current ncurses release.
- Add upstream keyring to verify source signatures of both ncurses
and tack tar ball with their ASC (armored ASCii signature) counterpart
++++ ovmf:
- Removed edk2-stable202105.tar.gz because we updated to edk2-stable202108
++++ suse-module-tools:
- Update to version 16.0.13:
* fixup "rpm-script: fix bad exit status in OpenQA (bsc#1191922)"
- Update to version 16.0.12:
* rpm-script: fix bad exit status in OpenQA (bsc#1191922)
* cert-script: Deal with existing $cert.delete file (bsc#1191804).
* cert-script: Ignore kernel keyring for kernel certificates (bsc#1191480).
* cert-script: Only print mokutil output in verbose mode.
++++ timezone:
- timezone update 2021e:
* Palestine will fall back 10-29 (not 10-30) at 01:00
++++ u-boot-rpiarm64:
Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.10
* Patches added:
0015-Enable-EFI-and-ISO-partitions-suppo.patch - boo#1191966
0016-Revert-video-backlight-fix-pwm-s-du.patch - boo#1187573
++++ vim:
- Use libalternatives instead of update-alternatives.
- Test_suspend disabled temporary.
Updated patches:
disable-unreliable-tests-arch.patch, disable-unreliable-tests.patch
- Updated to version 8.2.3552, fixes the following problems
* Vim9: need more tests for empty string arguments.
* Some type casts are not needed.
* Cannot distinguish Normal and Terminal-Normal mode.
* The ModeChanged event only uses one character for the new_mode and
old_mode values.
* Pattern matching with ModeChanged not tested.
* nginx files are not recognized.
* Cannot detect insert scroll mode.
* Completion submode not indicated for virtual replace.
* CursorHoldI event interferes with "CTRL-G U". (Naohiro Ono)
* Problem with :cd when editing file in non-existent directory. (Yee
Cheng Chin)
* Some files with json syntax are not recognized.
* Crash with error in :catch and also in :finally.
* Crash when using CTRL-T after an empty search pattern.
* Other crashes with empty search pattern not tested.
* Some files with tcl syntax are not recognized.
* Some places use "Vimscript" instead of "Vim script".
* Expression register set by not executed put command.
* Renaming a buffer on startup may cause using freed memory.
* Startup test fails on MS-Windows.
* Still crash with error in :catch and also in :finally.
* Crash when calling job_start with an invalid argument. (Virginia Senioria)
* Test does not fail without the fix for a crash.
* Failures when char is unsigned.
* Reading beyond end of line ending in quote and backslash.
* #ifdef for using sysinfo() is incomplete.
* Crash when going through spell suggestions.
* Python 3 test fails with Python 3.10.
* Illegal memory access with invalid sequence of commands.
* Illegal memory access if buffer name is very long.
* Issue template is not easy to use.
* ml_get error after search with range.
* Superfluous return statements.
* xpm2 filetype dection is not so good.
* Crash when pasting too many times.
* Large count test fails on MS-Windows.
* Illegal memory access in utf_head_off.
* GUI geometry startup test fails on some systems. (Drew Vogel)
* Put test fails when run by itself.
* Recover test may fail on some systems.
* GUI geometry startup test fails.
* tmux filetype dection is incomplete
* Cannot enter password in shell command.
* Vim9: using g:pat:cmd is confusing.
* Vim9: warning for signed vs unsigned.
* Vim9: build failure without the +eval feature.
* Vim9: special cases for "g" and "s" insufficiently tested.
* Generating proto files may fail.
* Vim9: bad separators for "g" and "s" insufficiently tested.
* Undo file is not synced. (Sami Farin)
* Changes are only detected with one second accuracy.
* Vim9: entry for loop variable is created every round.
* Timestamp test fails on some systems.
* Using freed memory when using a timer and searching. (Dominique Pellé)
* Autoread test with nano second time sometimes fails.
* Nano time test fails on Mac and FreeBSD.
* Terminal window does not have transparent background when 'termguicolors'
is used.
* TextChanged does not trigger after TextChangedI.
* Test_xrestore sometimes fails.
* TOML files are not recognized.
* Cannot define a function for thesaurus completion.
* Options completion test fails.
* Cannot use \x and \u when setting 'listchars'.
* Duplicated code in xxd.
* GUI: ligatures are not used.
* Option variable name does not match option name. (Christ van Willigen)
* Tests have clumsy check for X11 based GUI.
* Gcc complains about uninitialized variable. (Tony Mechelynck)
* 'thesaurus' and 'thesaurusfunc' do not have the same scope.
* Xxd usage output is incomplete.
* ":buf \{a}" fails while ":edit \{a}" works.
* Command line completion test fails on MS-Windows.
* The previous '' mark is restored after moving the cursor to the original
jump position. (Tony Chen)
* Inefficient code in xxd.
* Autoread test is a bit flaky.
* If-else indenting is confusing.
* The do_highlight() function is way too long.
* mode() does not return the right value in 'operatorfunc'.
* Else-if indenting is confusing.
* GTK3: with 'rightleft' set scrollbar may move unintentionally.
* The mark '] is wrong after put with a count. (Naohiro Ono)
* Compiler warning for unused variable in tiny version.
* Too many comments are old style.
* Swapname has double slash when 'directory' ends in double slash. (Shane
Smith)
* Unix: may leak file descriptor when using a non-existing directory.
* setcellwidths() may make 'listchars' or 'fillchars' invalid.
* Build failure without the +eval feature.
* Opening the quickfix window triggers BufWinEnter twice. (Yorick Peterse)
* GTK GUI crashen when reading from stdin.
* Mistakes in test comments.
* completion() does not work properly.
* Checking first character of url twice.
* Xxd revert does not handle end of line correctly.
++++ virt-manager:
- Add dependency in spec file for python3-gobject-Gdk (bsc#1191705)
virt-manager.spec
------------------------------------------------------------------
------------------ 2021-10-21 - Oct 21 2021 -------------------
------------------------------------------------------------------
++++ boost-base:
- make boost-json-devel require boost-container-devel (bsc#1191822)
++++ file:
- Remove file-5.38-allow-readlinkat.dif as already done in latest
file 5.41
++++ grub2:
- Remove openSUSE Tumbleweed specific handling for default grub
distributor (bsc#1191198)
- Use /usr/lib/os-release as fallback (bsc#1191196)
* grub2-default-distributor.patch
* grub2-check-default.sh
- VUL-0: grub2: grub2-once uses fixed file name in /var/tmp (bsc#1190474) (CVE-2021-46705)
* grub2-once
* grub2-once.service
- Fix unknown TPM error on buggy uefi firmware (bsc#1191504)
* 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch
- Fix error /boot/grub2/locale/POSIX.gmo not found (bsc#1189769)
* 0001-Filter-out-POSIX-locale-for-translation.patch
- Fix error lvmid disk cannot be found after second disk added to the root
volume group (bsc#1189874) (bsc#1071559)
* 0001-ieee1275-implement-FCP-methods-for-WWPN-and-LUNs.patch
- Fix error in grub installation due to unnecessary requirement to support
excessive device for the root logical volume (bsc#1184135)
* 0001-disk-diskfilter-Use-nodes-in-logical-volume-s-segmen.patch
- Fix regression in reading xfs v4
* 0001-fs-xfs-Fix-unreadable-filesystem-with-v4-superblock.patch
++++ kernel-default:
- Update
patches.kernel.org/5.14.14-060-x86-fpu-Mask-out-the-invalid-MXCSR-bits-prope.patch
(bsc#1012628 bsc#1191855).
- commit 2b5383f
- Linux 5.14.14 (bsc#1012628).
- ALSA: usb-audio: Add quirk for VF0770 (bsc#1012628).
- ALSA: pcm: Workaround for a wrong offset in SYNC_PTR compat
ioctl (bsc#1012628).
- ALSA: usb-audio: Fix a missing error check in scarlett gen2
mixer (bsc#1012628).
- ALSA: seq: Fix a potential UAF by wrong private_free call order
(bsc#1012628).
- ALSA: hda/realtek: Enable 4-speaker output for Dell Precision
5560 laptop (bsc#1012628).
- ALSA: hda - Enable headphone mic on Dell Latitude laptops with
ALC3254 (bsc#1012628).
- ALSA: hda/realtek: Complete partial device name to avoid
ambiguity (bsc#1012628).
- ALSA: hda/realtek: Add quirk for Clevo X170KM-G (bsc#1012628).
- ALSA: hda/realtek - ALC236 headset MIC recording issue
(bsc#1012628).
- ALSA: hda/realtek: Add quirk for TongFang PHxTxX1 (bsc#1012628).
- ALSA: hda/realtek: Fix for quirk to enable speaker output on
the Lenovo 13s Gen2 (bsc#1012628).
- ALSA: hda/realtek: Fix the mic type detection issue for ASUS
G551JW (bsc#1012628).
- platform/x86: gigabyte-wmi: add support for B550 AORUS ELITE
AX V2 (bsc#1012628).
- platform/x86: amd-pmc: Add alternative acpi id for PMC
controller (bsc#1012628).
- spi: atmel: Fix PDC transfer setup bug (bsc#1012628).
- mtd: rawnand: qcom: Update code word value for raw read
(bsc#1012628).
- nds32/ftrace: Fix Error: invalid operands (*UND* and *UND*
sections) for `^' (bsc#1012628).
- dm: fix mempool NULL pointer race when completing IO
(bsc#1012628).
- ACPI: PM: Include alternate AMDI0005 id in special behaviour
(bsc#1012628).
- dm rq: don't queue request to blk-mq during DM suspend
(bsc#1012628).
- s390: fix strrchr() implementation (bsc#1012628).
- clk: socfpga: agilex: fix duplicate s2f_user0_clk (bsc#1012628).
- csky: don't let sigreturn play with priveleged bits of status
register (bsc#1012628).
- csky: Fixup regs.sr broken in ptrace (bsc#1012628).
- drm/fbdev: Clamp fbdev surface size if too large (bsc#1012628).
- arm64/hugetlb: fix CMA gigantic page order for non-4K PAGE_SIZE
(bsc#1012628).
- drm/nouveau/fifo: Reinstate the correct engine bit programming
(bsc#1012628).
- drm/msm: Do not run snapshot on non-DPU devices (bsc#1012628).
- drm/msm: Avoid potential overflow in timeout_to_jiffies()
(bsc#1012628).
- btrfs: unlock newly allocated extent buffer after error
(bsc#1012628).
- btrfs: deal with errors when replaying dir entry during log
replay (bsc#1012628).
- btrfs: deal with errors when adding inode reference during
log replay (bsc#1012628).
- btrfs: check for error when looking up inode during dir entry
replay (bsc#1012628).
- btrfs: update refs for any root except tree log roots
(bsc#1012628).
- btrfs: fix abort logic in btrfs_replace_file_extents
(bsc#1012628).
- module: fix clang CFI with MODULE_UNLOAD=n (bsc#1012628).
- x86/resctrl: Free the ctrlval arrays when
domain_setup_mon_state() fails (bsc#1012628).
- mei: me: add Ice Lake-N device id (bsc#1012628).
- mei: hbm: drop hbm responses on early shutdown (bsc#1012628).
- USB: xhci: dbc: fix tty registration race (bsc#1012628).
- xhci: guard accesses to ep_state in xhci_endpoint_reset()
(bsc#1012628).
- xhci: add quirk for host controllers that don't update endpoint
DCS (bsc#1012628).
- xhci: Fix command ring pointer corruption while aborting a
command (bsc#1012628).
- xhci: Enable trust tx length quirk for Fresco FL11 USB
controller (bsc#1012628).
- cb710: avoid NULL pointer subtraction (bsc#1012628).
- efi/cper: use stack buffer for error record decoding
(bsc#1012628).
- efi: Change down_interruptible() in virt_efi_reset_system()
to down_trylock() (bsc#1012628).
- usb: musb: dsps: Fix the probe error path (bsc#1012628).
- Input: xpad - add support for another USB ID of Nacon GC-100
(bsc#1012628).
- USB: serial: qcserial: add EM9191 QDL support (bsc#1012628).
- USB: serial: option: add Quectel EC200S-CN module support
(bsc#1012628).
- USB: serial: option: add Telit LE910Cx composition 0x1204
(bsc#1012628).
- USB: serial: option: add prod. id for Quectel EG91
(bsc#1012628).
- misc: fastrpc: Add missing lock before accessing find_vma()
(bsc#1012628).
- virtio: write back F_VERSION_1 before validate (bsc#1012628).
- EDAC/armada-xp: Fix output of uncorrectable error counter
(bsc#1012628).
- nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells
(bsc#1012628).
- virtio-blk: remove unneeded "likely" statements (bsc#1012628).
- Revert "virtio-blk: Add validation for block size in config
space" (bsc#1012628).
- x86/Kconfig: Do not enable AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT
automatically (bsc#1012628).
- powerpc/xive: Discard disabled interrupts in get_irqchip_state()
(bsc#1012628).
- iio: adc: aspeed: set driver data when adc probe (bsc#1012628).
- drivers: bus: simple-pm-bus: Add support for probing simple
bus only devices (bsc#1012628).
- driver core: Reject pointless SYNC_STATE_ONLY device links
(bsc#1012628).
- iio: adc: ad7192: Add IRQ flag (bsc#1012628).
- iio: adc: ad7780: Fix IRQ flag (bsc#1012628).
- iio: adc: ad7793: Fix IRQ flag (bsc#1012628).
- iio: adis16480: fix devices that do not support sleep mode
(bsc#1012628).
- iio: adc128s052: Fix the error handling path of 'adc128_probe()'
(bsc#1012628).
- iio: adc: max1027: Fix wrong shift with 12-bit devices
(bsc#1012628).
- iio: adis16475: fix deadlock on frequency set (bsc#1012628).
- iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (bsc#1012628).
- iio: light: opt3001: Fixed timeout error when 0 lux
(bsc#1012628).
- iio: accel: fxls8962af: return IRQ_HANDLED when fifo is flushed
(bsc#1012628).
- iio: adc: max1027: Fix the number of max1X31 channels
(bsc#1012628).
- iio: ssp_sensors: add more range checking in
ssp_parse_dataframe() (bsc#1012628).
- iio: ssp_sensors: fix error code in ssp_print_mcu_debug()
(bsc#1012628).
- Input: resistive-adc-touch - fix division by zero error on z1 ==
0 (bsc#1012628).
- eeprom: 93xx46: Add SPI device ID table (bsc#1012628).
- eeprom: 93xx46: fix MODULE_DEVICE_TABLE (bsc#1012628).
- eeprom: at25: Add SPI ID table (bsc#1012628).
- fpga: ice40-spi: Add SPI device ID table (bsc#1012628).
- iio: dac: ti-dac5571: fix an error code in probe()
(bsc#1012628).
- tracing: Fix missing osnoise tracer on max_latency
(bsc#1012628).
- tee: optee: Fix missing devices unregister during optee_remove
(bsc#1012628).
- ARM: dts: bcm2711-rpi-4-b: Fix usb's unit address (bsc#1012628).
- ARM: dts: bcm283x: Fix VEC address for BCM2711 (bsc#1012628).
- ARM: dts: bcm2711: fix MDIO #address- and #size-cells
(bsc#1012628).
- firmware: arm_ffa: Fix __ffa_devices_unregister (bsc#1012628).
- firmware: arm_ffa: Add missing remove callback to ffa_bus_type
(bsc#1012628).
- ARM: dts: bcm2711-rpi-4-b: fix sd_io_1v8_reg regulator states
(bsc#1012628).
- ARM: dts: bcm2711-rpi-4-b: Fix pcie0's unit address formatting
(bsc#1012628).
- clk: renesas: rzg2l: Fix clk status function (bsc#1012628).
- nvme-pci: Fix abort command id (bsc#1012628).
- sctp: account stream padding length for reconf chunk
(bsc#1012628).
- gpio: 74x164: Add SPI device ID table (bsc#1012628).
- gpio: pca953x: Improve bias setting (bsc#1012628).
- net: arc: select CRC32 (bsc#1012628).
- net: korina: select CRC32 (bsc#1012628).
- net/smc: improved fix wait on already cleared link
(bsc#1012628).
- net/mlx5e: Fix memory leak in mlx5_core_destroy_cq() error path
(bsc#1012628).
- net/mlx5e: Mutually exclude RX-FCS and RX-port-timestamp
(bsc#1012628).
- net/mlx5e: Switchdev representors are not vlan challenged
(bsc#1012628).
- net: stmmac: fix get_hw_feature() on old hardware (bsc#1012628).
- net: phy: Do not shutdown PHYs in READY state (bsc#1012628).
- net: dsa: mv88e6xxx: don't use PHY_DETECT on internal PHY's
(bsc#1012628).
- net: dsa: microchip: Added the condition for scheduling
ksz_mib_read_work (bsc#1012628).
- net: dsa: fix spurious error message when unoffloaded port
leaves bridge (bsc#1012628).
- net: encx24j600: check error in devm_regmap_init_encx24j600
(bsc#1012628).
- ethernet: s2io: fix setting mac address during resume
(bsc#1012628).
- vhost-vdpa: Fix the wrong input in config_cb (bsc#1012628).
- nfc: fix error handling of nfc_proto_register() (bsc#1012628).
- NFC: digital: fix possible memory leak in
digital_tg_listen_mdaa() (bsc#1012628).
- NFC: digital: fix possible memory leak in
digital_in_send_sdd_req() (bsc#1012628).
- pata_legacy: fix a couple uninitialized variable bugs
(bsc#1012628).
- ata: ahci_platform: fix null-ptr-deref in
ahci_platform_enable_regulators() (bsc#1012628).
- mlxsw: thermal: Fix out-of-bounds memory accesses (bsc#1012628).
- platform/mellanox: mlxreg-io: Fix argument base in kstrtou32()
call (bsc#1012628).
- platform/mellanox: mlxreg-io: Fix read access of n-bytes size
attributes (bsc#1012628).
- spi: spidev: Add SPI ID table (bsc#1012628).
- spi: bcm-qspi: clear MSPI spifie interrupt during probe
(bsc#1012628).
- drm/panel: olimex-lcd-olinuxino: select CRC32 (bsc#1012628).
- drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks
read (bsc#1012628).
- drm/msm: Fix null pointer dereference on pointer edp
(bsc#1012628).
- drm/msm/mdp5: fix cursor-related warnings (bsc#1012628).
- drm/msm/submit: fix overflow check on 64-bit architectures
(bsc#1012628).
- drm/msm/a6xx: Track current ctx by seqno (bsc#1012628).
- drm/msm/a4xx: fix error handling in a4xx_gpu_init()
(bsc#1012628).
- drm/msm/a3xx: fix error handling in a3xx_gpu_init()
(bsc#1012628).
- drm/msm/dsi: dsi_phy_14nm: Take ready-bit into account in
poll_for_ready (bsc#1012628).
- drm/msm/dsi: Fix an error code in msm_dsi_modeset_init()
(bsc#1012628).
- drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling
(bsc#1012628).
- acpi/arm64: fix next_platform_timer() section mismatch error
(bsc#1012628).
- platform/x86: intel_scu_ipc: Fix busy loop expiry time
(bsc#1012628).
- mqprio: Correct stats in mqprio_dump_class_stats()
(bsc#1012628).
- mptcp: fix possible stall on recvmsg() (bsc#1012628).
- qed: Fix missing error code in qed_slowpath_start()
(bsc#1012628).
- r8152: select CRC32 and CRYPTO/CRYPTO_HASH/CRYPTO_SHA256
(bsc#1012628).
- ice: fix locking for Tx timestamp tracking flush (bsc#1012628).
- block/rnbd-clt-sysfs: fix a couple uninitialized variable bugs
(bsc#1012628).
- nfp: flow_offload: move flow_indr_dev_register from app init
to app start (bsc#1012628).
- net: mscc: ocelot: make use of all 63 PTP timestamp identifiers
(bsc#1012628).
- net: mscc: ocelot: avoid overflowing the PTP timestamp FIFO
(bsc#1012628).
- net: mscc: ocelot: warn when a PTP IRQ is raised for an unknown
skb (bsc#1012628).
- net: mscc: ocelot: deny TX timestamping of non-PTP packets
(bsc#1012628).
- net: mscc: ocelot: cross-check the sequence id from the
timestamp FIFO with the skb PTP header (bsc#1012628).
- net: dsa: felix: break at first CPU port during init and
teardown (bsc#1012628).
- ionic: don't remove netdev->dev_addr when syncing uc list
(bsc#1012628).
- commit 6859230
++++ rpm-config-SUSE:
- Update to version 0.g89:
* find-provides.ksyms: Do not set IFS - it is not needed for anything.
* find-provides.ksyms: Fix compressed modules.
* Allow locale directory to be named "locales" too
------------------------------------------------------------------
------------------ 2021-10-20 - Oct 20 2021 -------------------
------------------------------------------------------------------
++++ dnsmasq:
- Use systemd-sysusers from 15.3 onwards
++++ iptables:
- Added alts requirements for iptables-backend-nft package.
++++ kernel-default:
- Update tags in patches.suse/readahead-request-tunables.patch (VM
Performance, bsc#548529 bsc#1189955).
- commit b531271
- media: firewire: firedtv-avc: fix a buffer overflow in
avc_ca_pmt() (CVE-2021-3542 bsc#1184673).
- commit 45f5ddd
- x86/fpu: Mask out the invalid MXCSR bits properly (x86_32
breakage).
- commit 565cd48
- kernel-binary.spec: Bump dwarves requirement to 1.22.
1.22 is finally released, and it is required for functionality.
- commit c88d345
++++ libglvnd:
- libglvnd.rpmlintrc
* workaround for future buildcheck (boo#1191763)
++++ polkit:
- fork libpolkit0 package into libpolkit-agent-1-0 and libpolkit-gobject-1-0
as mandated. bsc#1191781
++++ libxml2:
- Rewrite package to the single-spec %python_subpackage_only style and
eliminate unnecessary multibuild.
++++ osinfo-db:
- Update to database version 20211013
osinfo-db-20211013.tar.xz
++++ podman:
- Update to version 3.4.1:
* Bugfixes
- Fixed a bug where podman machine init could, under some circumstances,
create invalid machine configurations which could not be started (#11824).
- Fixed a bug where the podman machine list command would not properly
populate some output fields.
- Fixed a bug where podman machine rm could leave dangling sockets from
the removed machine (#11393).
- Fixed a bug where podman run --pids-limit=-1 was not supported (it now
sets the PID limit in the container to unlimited) (#11782).
- Fixed a bug where podman run and podman attach could throw errors about
a closed network connection when STDIN was closed by the client (#11856).
- Fixed a bug where the podman stop command could fail when run on a
container that had another podman stop command run on it previously.
- Fixed a bug where the --sync flag to podman ps was nonfunctional.
- Fixed a bug where the Windows and OS X remote clients' podman stats
command would fail (#11909).
- Fixed a bug where the podman play kube command did not properly handle
environment variables whose values contained an = (#11891).
- Fixed a bug where the podman generate kube command could generate
invalid annotations when run on containers with volumes that use SELinux
relabelling (:z or :Z) (#11929).
- Fixed a bug where the podman generate kube command would generate YAML
including some unnecessary (set to default) fields (e.g. user and group,
entrypoint, default protocol for forwarded ports) (#11914, #11915, and #11965).
- Fixed a bug where the podman generate kube command could, under some
circumstances, generate YAML including an invalid targetPort field for
forwarded ports (#11930).
- Fixed a bug where rootless Podman's podman info command could, under
some circumstances, not read available CGroup controllers (#11931).
- Fixed a bug where podman container checkpoint --export would fail to
checkpoint any container created with --log-driver=none (#11974).
* API
- Fixed a bug where the Compat Create endpoint for Containers could panic
when no options were passed to a bind mount of tmpfs (#11961).
++++ libxml2-python:
- Rewrite package to the single-spec %python_subpackage_only style and
eliminate unnecessary multibuild.
++++ tpm2.0-tools:
- Update to version 5.2:
+ tpm2_nvextend:
* Added option -n, --name to specify the name of the nvindex in
hex bytes. This is used when cpHash ought to be calculated
without dispatching the TPM2_NV_Extend command to the TPM.
+ tpm2_nvread:
* Added option --rphash=FILE to specify ile path to record the
hash of the response parameters. This is commonly termed as
rpHash.
* Added option -n, --name to specify the name of the nvindex in
hex bytes. This is used when cpHash ought to be calculated
without dispatching the TPM2_NVRead command to the TPM.
* Added option -S, --session to specify to specify an auxiliary
session for auditing and or encryption/decryption of the
parameters.
+ tpm2_nvsetbits:
* Added option --rphash=FILE to specify file path to record the
hash of the response parameters. This is commonly termed as
rpHash.
* Added option -S, --session to specify to specify an auxiliary
session for auditing and or encryption/decryption of the
parameters.
* Added option -n, --name to specify the name of the nvindex in
hex bytes. This is used when cpHash ought to be calculated
without dispatching the TPM2_NV_SetBits command to the TPM.
+ tpm2_createprimary:
* Support public-key output at creation time in various public-key
formats.
+ tpm2_create:
* Support public-key output at creation time in various public-key
formats.
+ tpm2_print:
* Support outputing public key in various public key formats over
the default YAML output. Supports taking -u output from
tpm2_create and converting it to a PEM or DER file format.
+ tpm2_import:
* Add support for importing keys with sealed-data-blobs.
+ tpm2_rsaencrypt, tpm2_rsadecrypt:
* Add support for specifying the hash algorithm with oaep.
+ tpm2_pcrread, tpm2_quote:
* Add option -F, --pcrs_format to specify PCR format selection for
the binary blob in the PCR output file. 'values' will output a
binary blob of the PCR values. 'serialized' will output a binary
blob of the PCR values in the form of serialized data structure
in little endian format.
+ tpm2_eventlog:
* Add support for decoding StartupLocality.
* Add support for printing the partition information.
* Add support for reading eventlogs longer than 64kb including
from /sys/kernel/security/tpm0/binary_bios-measurements.
+ tpm2_duplicate:
* Add option -L, --policy to specify an authorization policy to be
associated with the duplicated object.
* Added support for external key duplication without needing the
TCTI.
+ tools:
* Enhance error message on invalid passwords when sessions cannot
be used.
+ lib/tpm2_options:
* Add option to specify fake tcti which is required in cases where
sapi ctx is required to be initialized for retrieving command
parameters without invoking the tcti to talk to the TPM.
+ openssl:
* Dropped support for OpenSSL < 1.1.0
* Add support for OpenSSL 3.0.0
+ Support added to make the repository documentation and man pages
available live on readthedocs.
+ Bug-fixes:
* tpm2_import: Don't allow setting passwords for imported object
with -p option as the tool doesn't modify the TPM2B_SENSITIVE
structure. Added appropriate logging to indicate using
tpm2_changeauth after import.
* lib/tpm2_util.c: The function to calculate pHash algorithm
returned error when input session is a password session and the
only session in the command.
* lib/tpm2_alg_util.c: Fix an error where oaep was parsed under
ECC.
* tpm2_sign: Fix segfaults when tool does not find TPM resources
(TPM or RM).
* tpm2_makecredential: Fix an issue where reading input from stdin
could result in unsupported data size larger than the largest
digest size.
* tpm2_loadexternal: Fix an issue where restricted attribute could
not be set.
* lib/tpm2_nv_util.h: The NV index size is dependent on different
data sets read from the GetCapability structures because there
is a dependency on the NV operation type: Define vs Read vs
Write vs Extend. Fix a sane default in the case where
GetCapability fails or fails to report the specific property/
data set. This is especially true because some properties are
TPM implementation dependent.
* tpm2_createpolicy: Fix an issue where tool exited silently
without reporting an error if wrong pcr string is specified.
* lib/tpm2_alg_util: add error message on public init to prevent
tools from dying silently, add an error message.
* tpm2_import: fix an issue where an imported hmac object scheme
was NULL. While allowed, it was inconsistent with other tools
like tpm2_create which set the scheme as hmac->sha256 when
generating a keyedhash object.
- Drop patches already in upstream:
+ 0001-tpm2_checkquote-fix-uninitialized-variable.patch
+ 0001-tpm2_eventlog-fix-buffer-offset-when-reading-the-eve.patch
+ 0001-tpm2_eventlog-read-eventlog-file-in-chunks.patch
------------------------------------------------------------------
------------------ 2021-10-19 - Oct 19 2021 -------------------
------------------------------------------------------------------
++++ file:
- Update to 5.41:
* Avinash Sonawane: Fix tzname detection
* Fix relationship tests with "search" magic, don't short circuit
logic
* Fix memory leak in compile mode
* PR/272: kiefermat: Only set returnval = 1 when we printed something
(in all cases print or !print). This simplifies the logic and fixes
the issue in the PR with -k and --mime-type there was no continuation
printed before the default case.
* PR/270: Don't translate unprintable characters in %s magic formats
when -r
* PR/269: Avoid undefined behavior with clang (adding offset to NULL)
* Add a new flag (f) that requires that the match is a full word,
not a partial word match.
* Add varint types (unused)
* PR/256: mutableVoid: If the file is less than 3 bytes, use the file
length to determine type
* PR/259: aleksandr.v.novichkov: mime printing through indirect magic
is not taken into account, use match directly so that it does.
- Remove patches now upstream
* file-5.40-1c677c04.patch
* file-5.40-3096f87f.patch
* file-5.40-4c5fe1ad.patch
* file-5.40-6b34436a.patch
* file-5.40-749e1ecf.patch
* file-5.40-9b0459af.patch
* file-5.40-9e2becec.patch
* file-5.40-ascii.patch
* file-5.40-f0601504.patch
* file-5.40-f7705dca.patch
- Port patches
* file-5.19-biorad.dif
* file-5.19-printf.dif
* file-5.19-zip2.0.dif
* file-5.23-endian.patch
* file-5.28-btrfs-image.dif
* file-5.38-allow-readlinkat.dif
* file-secure_getenv.patch
- Port and rename patch file-5.39.dif which is now file-5.41.dif
++++ grub2:
- Fix installation on usrmerged s390x
++++ kernel-default:
- rpm/kernel-obs-build.spec.in: move to zstd for the initrd
Newer distros have capability to decompress zstd, which
provides a 2-5% better compression ratio at very similar
cpu overhead. Plus this tests the zstd codepaths now as well.
- commit 3d53a5b
- rpm/kernel-obs-build.spec.in: reduce initrd functionality
For building in OBS, we always build inside a virtual machine
that gets a new, freshly created scratch filesystem image. So
we do not need to handle fscks because that ain't gonna happen,
as well as not we do not need to handle microcode update in the
initrd as these only can be run on the host system anyway. We
can also strip and hardlink as an additional optimisation that
should not significantly hurt.
- commit c72c6fc
++++ avahi:
- Add rpmlintrc: Filter shlib-policy-name-error for libdns_sd
(boo#1191750).
++++ ncurses:
- Add ncurses patch 20211018
+ check for screen size-change in scr_init() and scr_restore(), in case
a screen dump does not match the current screen dimensions (report by
Frank Tkalcevic).
++++ parted:
- fixed name of shared library package and split off
libparted-fs-resize (bsc#1191778)
- BuildRequire python3-base: Fix execution of test suite. Otherwise
we fail with
./t0282-gpt-move-backup.sh: /usr/bin/python3: bad interpreter: No
such file or directory.
++++ systemd:
- Disable nss-systemd and translations features for the mini flavour
++++ logrotate:
- Add patch:
* logrotate-dont_warn_on_size=_syntax.patch (boo#1191816)
------------------------------------------------------------------
------------------ 2021-10-18 - Oct 18 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Update upstream commit id for rtw89 patch (bsc#1191321)
- commit 9587a7b
- Update to 5.15-rc6
- refresh configs
- drop SIMPLE_PM_BUS
- commit b7fe390
++++ ncurses:
- Add ncurses patch 20211017
+ amend change for pkg-config to account for "none" being returned in
the libdir-path result rather than "no" (report by Gabriele Balducci).
- Add ncurses patch 20211016
+ build-fix for pmake with libtool.
+ improve make-tar.sh scripts, adding COPYING to tar file, and clean up
shellcheck warnings.
+ add link for "reset6" manpage in test-package ncurses6-doc
+ revise configure option --with-pkg-config-libdir, using the actual
search path from pkg-config or pkgconf using the output from --debug
(report by Pascal Pignard).
+ freeze ABI in ".map" files.
- Correct offsets of patch ncurses-6.2.dif
++++ systemd:
- Really enable libiptc for masquerading support (bsc#1191651)
Currently used by systemd-nspawn and systemd-networkd.
- Convert systemd package to multibuild
++++ libvirt:
- supportconfig: Use systemctl command 'is-active' instead of
'is-enabled' when checking if libvirtd is active
++++ libzypp:
- Zypper should keep cached files if transaction is aborted
(bsc#1190356)
Singletrans mode currently does not keep files around if the
transaction is aborted. This patch fixes the problem.
- Require a minimum number of mirrors for multicurl (bsc#1191609)
- Use procfs to detect nr of open fd's if rlimit is too high
(bsc#1191324)
Especially in a VM iterating over all possible fd's to close open
ones right before a exec() slows down zypper unnecessarily. This
patch uses /proc/self/fd to iterate over open fd's in case rlimit
is above 1024.
- po: Fix some lost '%' signs in positional args (bsc#1191370)
- RepoManager: Don't probe for plaindir repo if URL schema is
plugin: (bsc#1191286)
- version 17.28.6 (22)
++++ zypper:
- Fix compiler warning.
- zypper.conf: New option whether to collect subcommands found in
$PATH (fixes #379)
+[subcommand] i
+
+## Whether to look for subcommands in $PATH
+##
+## If a subcommand is not found in the zypper_execdir, the wrapper
+## will look in the rest of your $PATH for it. Thus, it's possible
+## to write local zypper extensions that don't live in system space.
+## See section SUBCOMMANDS in the zypper manpage.
+##
+## Valid values: boolean
+## Default value: yes
+##
+# seachSubcommandInPath = yes.
- help subcommand: show path of command found in $PATH.
- version 1.14.50
------------------------------------------------------------------
------------------ 2021-10-17 - Oct 17 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Linux 5.14.13 (bsc#1012628).
- hwmon: (pmbus/ibm-cffps) max_power_out swap changes
(bsc#1012628).
- io_uring: kill fasync (bsc#1012628).
- sched: Always inline is_percpu_thread() (bsc#1012628).
- perf/core: fix userpage->time_enabled of inactive events
(bsc#1012628).
- scsi: qla2xxx: Fix excessive messages during device logout
(bsc#1012628).
- scsi: virtio_scsi: Fix spelling mistake "Unsupport" ->
"Unsupported" (bsc#1012628).
- scsi: ses: Fix unsigned comparison with less than zero
(bsc#1012628).
- drm/amdgpu: fix gart.bo pin_count leak (bsc#1012628).
- net: sun: SUNVNET_COMMON should depend on INET (bsc#1012628).
- vboxfs: fix broken legacy mount signature checking
(bsc#1012628).
- net: bgmac-platform: handle mac-address deferral (bsc#1012628).
- mac80211: check return value of rhashtable_init (bsc#1012628).
- net: prevent user from passing illegal stab size (bsc#1012628).
- hwmon: (ltc2947) Properly handle errors when looking for the
external clock (bsc#1012628).
- m68k: Handle arrivals of multiple signals correctly
(bsc#1012628).
- pinctrl: qcom: sc7280: Add PM suspend callbacks (bsc#1012628).
- mac80211: Drop frames from invalid MAC address in ad-hoc mode
(bsc#1012628).
- netfilter: nf_nat_masquerade: defer conntrack walk to work queue
(bsc#1012628).
- netfilter: nf_nat_masquerade: make async masq_inet6_event
handling generic (bsc#1012628).
- KVM: arm64: nvhe: Fix missing FORCE for hyp-reloc.S build rule
(bsc#1012628).
- ASoC: SOF: loader: release_firmware() on load failure to avoid
batching (bsc#1012628).
- HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device
IDs (bsc#1012628).
- netfilter: ip6_tables: zero-initialize fragment offset
(bsc#1012628).
- HID: apple: Fix logical maximum and usage maximum of Magic
Keyboard JIS (bsc#1012628).
- ALSA: usb-audio: Unify mixer resume and reset_resume procedure
(bsc#1012628).
- ALSA: oxfw: fix transmission method for Loud models based on
OXFW971 (bsc#1012628).
- ASoC: Intel: sof_sdw: tag SoundWire BEs as non-atomic
(bsc#1012628).
- ext4: correct the error path of ext4_write_inline_data_end()
(bsc#1012628).
- ext4: check and update i_disksize properly (bsc#1012628).
- commit ab3ca44
++++ python-apipkg:
- Update to v2.1.0
* fix race condition for import of modules using apipkg.initpkg
in Python 3.3+ by updating existing modules in-place rather
than replacing in sys.modules with an apipkg.ApiModule
instances. This race condition exists for import statements
(and __import__) in Python 3.3+ where sys.modules is checked
before obtaining an import lock, and for
importlib.import_module in Python 3.11+ for the same reason.
- Release 2.0.1
* fix race conditions for attribute creation
- Release 2.0.0
* also transfer __spec__ attribute
* make py.test hack more specific to avoid hiding real errors
* switch from Travis CI to GitHub Actions
* modernize package build
* reformat code with black
- Drop pytest4.patch
++++ python-charset-normalizer:
- Update to version 2.0.7
* Addition: bento Add support for Kazakh (Cyrillic) language
detection
* Improvement: sparkle Further improve inferring the language
from a given code page (single-byte).
* Removed: fire Remove redundant logging entry about detected
language(s).
* Improvement: zap Refactoring for potential performance
improvements in loops.
* Improvement: sparkles Various detection improvement (MD+CD).
* Bugfix: bug Fix a minor inconsistency between Python 3.5 and
other versions regarding language detection.
- Update to version 2.0.6
* Bugfix: bug Unforeseen regression with the loss of the
backward-compatibility with some older minor of Python 3.5.x.
* Bugfix: bug Fix CLI crash when using --minimal output in
certain cases.
* Improvement: sparkles Minor improvement to the detection
efficiency (less than 1%).
- Update to version 2.0.5
* Improvement: sparkles The BC-support with v1.x was improved,
the old staticmethods are restored.
* Remove: fire The project no longer raise warning on tiny
content given for detection, will be simply logged as warning
instead.
* Improvement: sparkles The Unicode detection is slightly
improved, see #93
* Bugfix: bug In some rare case, the chunks extractor could cut
in the middle of a multi-byte character and could mislead the
mess detection.
* Bugfix: bug Some rare 'space' characters could trip up the
UnprintablePlugin/Mess detection.
* Improvement: art Add syntax sugar __bool__ for results
CharsetMatches list-container.
- Update to version 2.0.4
* Improvement: sparkle Adjust the MD to lower the sensitivity,
thus improving the global detection reliability.
* Improvement: sparkle Allow fallback on specified encoding
if any.
* Bugfix: bug The CLI no longer raise an unexpected exception
when no encoding has been found.
* Bugfix: bug Fix accessing the 'alphabets' property when the
payload contains surrogate characters.
* Bugfix: bug pencil2 The logger could mislead (explain=True) on
detected languages and the impact of one MBCS match (in #72)
* Bugfix: bug Submatch factoring could be wrong in rare edge
cases (in #72)
* Bugfix: bug Multiple files given to the CLI were ignored when
publishing results to STDOUT. (After the first path) (in #72)
* Internal: art Fix line endings from CRLF to LF for certain
files.
- Update to version 2.0.3
* Improvement: sparkles Part of the detection mechanism has been
improved to be less sensitive, resulting in more accurate
detection results. Especially ASCII. #63 Fix #62
* Improvement: sparklesAccording to the community wishes, the
detection will fall back on ASCII or UTF-8 in a last-resort
case.
- Update to version 2.0.2
* Bugfix: bug Empty/Too small JSON payload miss-detection fixed.
* Improvement: sparkler Don't inject unicodedata2 into sys.modules
- Update to version 2.0.1
* Bugfix: bug Make it work where there isn't a filesystem
available, dropping assets frequencies.json.
* Improvement: sparkles You may now use aliases in cp_isolation
and cp_exclusion arguments.
* Bugfix: bug Using explain=False permanently disable the verbose
output in the current runtime #47
* Bugfix: bug One log entry (language target preemptive) was not
show in logs when using explain=True #47
* Bugfix: bug Fix undesired exception (ValueError) on getitem of
instance CharsetMatches #52
* Improvement: wrench Public function normalize default args
values were not aligned with from_bytes #53
- Update to version 2.0.0
* Performance: zap 4x to 5 times faster than the previous 1.4.0
release.
* Performance: zap At least 2x faster than Chardet.
* Performance: zap Accent has been made on UTF-8 detection,
should perform rather instantaneous.
* Improvement: back The backward compatibility with Chardet has
been greatly improved. The legacy detect function returns an
identical charset name whenever possible.
* Improvement: sparkle The detection mechanism has been slightly
improved, now Turkish content is detected correctly (most of
the time)
* Code: art The program has been rewritten to ease the
readability and maintainability. (+Using static typing)
* Tests: heavy_check_mark New workflows are now in place to
verify the following aspects: Performance, Backward-
Compatibility with Chardet, and Detection Coverage in addition#
to currents tests. (+CodeQL)
* Dependency: heavy_minus_sign This package no longer require
anything when used with Python 3.5 (Dropped cached_property)
* Docs: pencil2 Performance claims have been updated, the guide
to contributing, and the issue template.
* Improvement: sparkle Add --version argument to CLI
* Bugfix: bug The CLI output used the relative path of the
file(s). Should be absolute.
* Deprecation: red_circle Methods coherence_non_latin, w_counter,
chaos_secondary_pass of the class CharsetMatch are now
deprecated and scheduled for removal in v3.0
* Improvement: sparkle If no language was detected in content,
trying to infer it using the encoding name/alphabets used.
* Removal: fire Removed support for these languages: Catalan,
Esperanto, Kazakh, Baque, Volapük, Azeri, Galician, Nynorsk,
Macedonian, and Serbocroatian.
* Improvement: sparkle utf_7 detection has been reinstated.
* Removal: fire The exception hook on UnicodeDecodeError has
been removed.
- Update to version 1.4.1
* Improvement: art Logger configuration/usage no longer
conflict with others #44
- Update to version 1.4.0
* Dependency: heavy_minus_sign Using standard logging instead
of using the package loguru.
* Dependency: heavy_minus_sign Dropping nose test framework in
favor of the maintained pytest.
* Dependency: heavy_minus_sign Choose to not use dragonmapper
package to help with gibberish Chinese/CJK text.
* Dependency: wrench heavy_minus_sign Require cached_property
only for Python 3.5 due to constraint. Dropping for every
other interpreter version.
* Bugfix: bug BOM marker in a CharsetNormalizerMatch instance
could be False in rare cases even if obviously present. Due
to the sub-match factoring process.
* Improvement: sparkler Return ASCII if given sequences fit.
* Performance: zap Huge improvement over the larges payload.
* Change: fire Stop support for UTF-7 that does not contain a
SIG. (Contributions are welcome to improve that point)
* Feature: sparkler CLI now produces JSON consumable output.
* Dependency: Dropping PrettyTable, replaced with pure JSON
output.
* Bugfix: bug Not searching properly for the BOM when trying
utf32/16 parent codec.
* Other: zap Improving the package final size by compressing
frequencies.json.
------------------------------------------------------------------
------------------ 2021-10-16 - Oct 16 2021 -------------------
------------------------------------------------------------------
++++ librsvg:
- Update to version 2.52.2:
+ New features:
- rsvg-convert now supports generating multi-page PDFs in a
sensible way.
- With one SVG document per page, each page with the SVG's
natural size:
- rsvg-convert --format=pdf -o out.pdf a.svg b.svg c.svg
- With all pages sized as portrait US Letter, and each SVG
scaled to fit so that there is a 1in margin around each page:
rsvg-convert --format=pdf -o out.pdf \
- -page-width=8.5in --page-height=11in \
- -width=6.5in --height=8.5in --keep-aspect-ratio \
- -top=1in --left=1in a.svg b.svg c.svg
Please see the man page for details.
- Support <a> elements inside <text>. Also, support the CSS
:link pseudo-class for matching against links.
- Support the CSS :lang() pseudo-class for matching against an
element's xml:lang attribute.
- Support the mask-type property from SVG2.
+ Bugs fixed:
- Don't panic when a shorthand property is set to inherit.
- Fix regression with the viewport size of interior <svg>
elements.
- Allow length units to be case-insensitive, per SVG2.
+ Documentation:
- There is now a FEATURES.md in the repository, where you can
see all the elements, attributes, and properties that librsvg
supports. We will be adding detail to this gradually.
- For developers, there is now devel-docs/adding-a-property.md
with a tutorial on how to add support for new CSS properties.
++++ dtc:
- update to 1.6.1:
* A number of bugfixes
* Fix many warnings with -Wsign-compare
* Add compilation with meson (not used by default so far)
* Yet another revamp of how we handle unaligned accesses
* Added a number of extra checks for common tree errors
* Checks for interrupt providers
* i2c reg properties
* Tighten checking of gpio properties
* Reduce dependencies when building libfdt only
* Allow libfdt.h header to be used from C++ more easily
* Accept .dtbo extension for overlays
* Update valid node and property characters to match current devicetree spec
* Add several checks for root node sanity in fdt_check_full()
* Somewhat more robust type labelling for the benefit of yaml output
++++ unbound:
- Fix pidfile location
++++ python-idna:
- update to 3.3:
- Update to Unicode 14.0.0
- Update to in-line type annotations
- Throw IDNAError exception correctly for some malformed input
- Advertise support for Python 3.10
- Improve testing regime on Github
- Fix Russian typo in documentation
++++ python-testtools:
- update to 2.5.0:
* Update testtools/compat.py
* Note Python 3.5 is EOL and will be dropped after the next release
* Fix for Python 3.10
* Add python 3.10 to ci configuration
* testtools.compat: provide BytesIO, StringIO again
* Add support for Python 3.9
* Update and simplify workflow
* Fix UserWarning: Usage of dash-separated ...
* Fix tests with Python 3.10
* Remove mimeparse dependency
* trivial: Cleanup imports
* Re-introduce 'try\_imports'
* Remove use of 'try\_imports'
* tox: Don't skip sdist
* Remove use of 'safe\_hasattr'
* NEWS: Add note about unittest2 removal
* Fix github actions
* Update testtools/content.py
* Update tox.ini
* Update github actions config to use release 3.9
* Drop traceback2 in favor of traceback and remove unused linecache2
* Update tox.ini
* Add tox.ini file
* Remove tox.ini file
* restore testtools/tests/test\_testcase.py
* Remove unittest2 from setup.cfg and add tox.ini file
* Remove unrelated change
* Restore test\_spinner.py
* Remove unused try\_import
* Test on Python 3.9-dev
* Compare items using sets instead of sequences
* Add implementation for legacy assertItemsEqual existing in unittest2 library
* Do actually remove all references to unittest2 library
* Remove the travis config
* Add back travis config
* Update testtools/testcase.py
* Limit use of unittest2 to old Python versions
* Fix syntax error test for Python 3.9
* Remove Travis CI config
* Test on GitHub Actions
* Remove stray six import
* Testtools 2.4.0 is the last to support Python 2.7
- remove python-testtools-no-unittest2.patch (upstream)
++++ timezone:
- timezone update 2021d:
* Fiji suspends DST for the 2021/2022 season
* 'zic -r' marks unspecified timestamps with "-00"
------------------------------------------------------------------
------------------ 2021-10-15 - Oct 15 2021 -------------------
------------------------------------------------------------------
++++ Mesa:
- update to 21.2.4
* fourth bugfix release
* 300 fixes from the new r300 maintainer! Additionally, panfrost,
lots of crocus, some freedreno, intel, radv, core meas, gallivum,
anv, spirv, gallim, aco, i915g, lima, and llvmpipe fixes.
- supersedes U_gallivm-add-new-wrapper-around-Module.patch,
U_gallivm-fix-FTBFS-on-i386-with-LLVM-13.patch
++++ Mesa-drivers:
- update to 21.2.4
* fourth bugfix release
* 300 fixes from the new r300 maintainer! Additionally, panfrost,
lots of crocus, some freedreno, intel, radv, core meas, gallivum,
anv, spirv, gallim, aco, i915g, lima, and llvmpipe fixes.
- supersedes U_gallivm-add-new-wrapper-around-Module.patch,
U_gallivm-fix-FTBFS-on-i386-with-LLVM-13.patch
++++ apparmor:
- add add-samba-bgqd.diff: add profile for samba-bgqd (boo#1191532)
++++ audit-secondary:
- Add CONFIG parameter to %sysusers_generate_pre
++++ cups:
- Added hardening to systemd service(s) (bsc#1181400), see
https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
Added patch: harden_cups.service.patch
++++ e2fsprogs:
- Drop ProtectClock hardening, can cause issues if other device acceess is needed
++++ ebtables:
- Added hardening to systemd service(s) (bsc#1181400). Modified:
* ebtables.service
++++ gnutls:
- Add crypto-policies support for Leap and SLE 15.4 [jsc#SLE-20287]
- Add DANE guards
++++ iputils:
- Drop ProtectClock hardening, can cause issues if other device acceess is needed
++++ libapparmor:
- add add-samba-bgqd.diff: add profile for samba-bgqd (boo#1191532)
++++ rdma-core:
- Update to rdma-core v37.1 (jsc#SLE-18381, jsc#SLE-19249)
- Bugfixes on all providers
- Fix cmake flags to correct paths for .pc files
++++ systemd:
- Import commit 8521f8d22fd44400289fcea03493ebd7f8b1487d (merge of v249.5)
8de173ff93 mount-util: fix fd_is_mount_point() when both the parent and directory are network fs (bsc#1190984)
[...]
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/355e113ce193e5e2d195278c57d47f9a1b00ae46...8521f8d22fd44400289fcea03493ebd7f8b1487d
- Import commit 355e113ce193e5e2d195278c57d47f9a1b00ae46
3b4a005095 meson: add missing include directory when using xkbcommon
4c4e642712 meson: allow extra net naming schemes to be defined during configuration (jsc#SLE-18514)
78466e4464 meson: drop the list of valid net naming schemes
b9a2098f9d netif-naming: inline one iterator variable
d7fbbc5e74 Add remaining supported schemes as options for default-net-naming-scheme
- Rename %{gnu-efi} into %{sd_boot}
Build conditionals (%bcond_with and %bcond_without) are used to
define a specific feature of systemd. "gnu-efi" is rather an
implemenation detail. Also not really sure what "efi" option alone
is useful for since systemd-boot & co depends on "gnu-efi".
- Enable sd_boot support for aarch64
- Ghost own directories /var/log/journal and /var/log/journal/remote again
rpmlint no more complain about the setgid bit, see sr#923496.
++++ libvirt:
- Drop 'Requires: libvirt-daemon-driver-lxc' from the main libvirt
package
jsc#SLE-22296
- qemu: Do not report eof when processing monitor IO
2703b0b5-qemu-dont-report-eof.patch
bsc#1190917
++++ salt:
- Fix ip6_interface grain to not leak secondary IPv4 aliases (bsc#1191412)
- Make "salt-api" package to require python3-cherrypy on RHEL systems
- Make "tar" as required for "salt-transactional-update" package
- Added:
* fix-ip6_interface-grain-to-not-leak-secondary-ipv4-a.patch
------------------------------------------------------------------
------------------ 2021-10-14 - Oct 14 2021 -------------------
------------------------------------------------------------------
++++ Mesa:
- u_fix-build-on-ppc64le.patch
* fixes build on ppc64le (boo#1191569)
++++ Mesa-drivers:
- u_fix-build-on-ppc64le.patch
* fixes build on ppc64le (boo#1191569)
++++ rpm:
- Add support for using a thread pool for threaded zstd compression
new patch: zstdpool.diff
- Switch to threaded zstd compression with a pool of 8 threads
new patch: zstdthreaded.diff
++++ patterns-alp:
- NetworkManager instead of Wicked
++++ ovmf:
- Update to edk2-stable202108
- Features (https://github.com/tianocore/edk2/releases):
OvmfPkg: remove Xen support from OvmfPkg*.dsc, in favor of OvmfXen.dsc
Add CLANGDWARF toolchain for generating ELF+DWARF
NetworkPkg/IScsiDxe: remotely exploitable buffer overflows
NetworkPkg/IScsiDxe: add sha256 support to CHAP
Create header files and multiple Hobs for Universal Payload
Add search feature in config editor
Add additional build option to treat Dynamic Pcd as DynamicEx Pcd
Add a new MicrocodeLib for microcode loading
Implement key enrolment from default key variables
StandaloneMm support for 32bit Arm machines
Add firmware support for Cloud Hypervisor on arm64
Support architecture-specific openssl acceleration
Support measured AMD SEV boot with kernel/initrd/cmdline
Add ACPI 6.4 header
Add new BootDiscoveryPolicyUiLib
- Patches (git log --oneline --reverse edk2-stable202105~..edk2-stable202108):
e1999b264f ArmPkg/ArmGic: Fix maximum number of interrupts in GICv3
b8ed8c0fb2 Maintainers.txt: add Sami Mujawar as top-level ArmVirtPkg reviewer
dbc22a1785 UefiCpuPkg/MpInitLib: Allocate a separate SEV-ES AP reset stack area
0095070e70 MdePkg/Register/Amd: expand the SEV MSR to include the SNP definition
f828fc9876 MdePkg/Register/Amd: realign macros with more space for future expansion
34e16ff883 MdePkg/Register/Amd: define GHCB macros for hypervisor feature detection
f0983b2074 MdePkg/Register/Amd: define GHCB macro for Register GPA structure
4665fa6503 MdePkg/Register/Amd: define GHCB macro for the Page State Change
dfd41aef78 MdePkg/Register/Amd: define GHCB macros for SNP AP creation
5a7cbd54a1 MdePkg/BaseLib: add support for PVALIDATE instruction
2b5b2ff04d MdePkg/BaseLib: add support for RMPADJUST instruction
901a9bfc3a OvmfPkg/BaseMemEncryptSevLib: introduce MemEncryptSevClearMmioPageEncMask()
c394fa4c9e OvmfPkg/AmdSevDxe: use MemEncryptSevClearMmioPageEncMask() to clear EncMask
8ee4e52ba8 OvmfPkg/QemuFlashFvbServicesRuntimeDxe: use Mmio helper to clear enc mask
b4a8de5d27 OvmfPkg/TpmMmioSevDecryptPei: use MemEncryptSevClearMmioPageEncMask()
adfa3327d4 OvmfPkg/BaseMemEncryptSevLib: remove Flush parameter
fe5da0927a IntelFsp2WrapperPkg: Remove microcode related PCDs
d3ff5dbe1d MdePkg: MmControl: Fix function and structure definition mismatches
197e27c90a MdePkg: Add new 16550-compatible Serial Port Subtypes to DBG2
fdf3666f01 MdePkg: Update DBG2 and SPCR header with NVIDIA 16550 Subtype
b233eb1849 EmbeddedPkg/RealTimeClockRuntimeDxe: Improve GetWakeupTime
b5379899b3 MdeModulePkg/Xhci: Fix TRT when data length is 0
039e07f626 MdePkg/MdeModulePkg: Move AML_NAME_SEG_SIZE definition
1f515342d8 DynamicTablesPkg: Use AML_NAME_SEG_SIZE define
75e9154f81 OvmfPkg/VirtioMmioDeviceLib: Add EFIAPI to VirtioMmioSetQueueAddress
c410ad4da4 MdePkg/BaseLib: Fix AsmReadSs() with GCC toolchain
c1aa3bab12 BaseTools: Add ClangBase.lds for CLANG8 tool chain with max-page-size
c6b872c6ab BaseTools GenFw: Support CLANG8ELF with conversion ELF to PE/COFF image
cf9959adff BaseTools: Update build_rule to skip CLANG resource section generation
4b56ad2049 BaseTools: Add new CLANG8ELF tool chain for new LLVM/CLANG8
e1636fe18f BaseTools: Update ClangBase.lds to keep dynamic section
924c2b847f BaseTools: Change CLANG8ELF to CLANGDWARF
e25566cd2b OvmfPkg: remove the Xen drivers from the IA32, IA32X64, and X64 platforms
aa7f19f480 OvmfPkg: remove the Xen drivers from the AmdSev platform
7bc04a75a7 OvmfPkg: switch IA32, IA32X64, X64 to the fw_cfg-only ACPI platform driver
d697037446 OvmfPkg: switch the AmdSev platform to the fw_cfg-only ACPI platform driver
ae4aa4a346 OvmfPkg/README: bump minimum QEMU version to 1.7.1, machine types to 1.7
2a85d9b07e OvmfPkg/AcpiPlatformDxe: fix header file warts
180f1908b3 OvmfPkg/AcpiPlatformDxe: sort #includes and [LibraryClasses]
6d1e56e715 OvmfPkg/AcpiPlatformDxe/QemuLoader.h: remove QemuFwCfgLib class dependency
747b1ef725 OvmfPkg/AcpiPlatformDxe: move "QemuLoader.h" to IndustryStandard
cc302b799e OvmfPkg/AcpiPlatformDxe: consolidate #includes and [LibraryClasses]
c9bba52fc7 OvmfPkg/XenAcpiPlatformDxe: create from AcpiPlatformDxe
a31fcb5096 OvmfPkg/AcpiPlatformDxe: remove the "AcpiPlatformDxe.inf" driver
4115840c28 OvmfPkg/XenAcpiPlatformDxe: remove the QEMU ACPI linker/loader client
d6ba8aa6ef OvmfPkg/XenAcpiPlatformDxe: remove QEMU fw_cfg dependency
3f975ee570 OvmfPkg/XenAcpiPlatformDxe: remove the InstallAcpiTable() helper function
8f8d3d90c5 OvmfPkg/XenAcpiPlatformDxe: remove OVMF's built-in ACPI tables
4174c5c787 OvmfPkg/Bhyve/AcpiPlatformDxe: fix file path typo in comment
d491c88a0c OvmfPkg/AcpiTables: remove unused module
e7641171b6 OvmfPkg/OvmfXen: make "PcdPciDisableBusEnumeration" Fixed-at-Build
3357ac7380 OvmfPkg/XenAcpiPlatformDxe: remove delayed ACPI table installation
d06eb2d1d9 OvmfPkg/PlatformPei: remove Xen support
8899e3fe6a OvmfPkg: drop PcdPciDisableBusEnumeration from the IA32, IA32X64, X64 DSCs
2833589ad0 OvmfPkg: drop PcdPciDisableBusEnumeration from the AmdSev platform
e43cca74ad OvmfPkg/Bhyve: make "PcdPciDisableBusEnumeration" Fixed-at-Build
b005f9f1f5 OvmfPkg/OvmfXen: remove IncompatiblePciDeviceSupport DXE driver
8c8f886f27 OvmfPkg/Bhyve: remove IncompatiblePciDeviceSupport DXE driver
984c93ece3 OvmfPkg/IncompatiblePciDeviceSupportDxe: remove PcdPciDisableBusEnumeration
32fef03563 OvmfPkg/PciHostBridgeLib: consolidate #includes and INF file sections
e120c962f5 OvmfPkg/PciHostBridgeLibScan: create from PciHostBridgeLib
c2f24ba321 OvmfPkg/Bhyve: consume PciHostBridgeLibScan
307763c3da OvmfPkg/OvmfXen: consume PciHostBridgeLibScan
242678da2a OvmfPkg/PciHostBridgeLib: remove Bhyve and Xen support
33d4f3e39e OvmfPkg/PciHostBridgeLibScan: remove QEMU (fw_cfg) support
4c81178cf0 OvmfPkg/PciHostBridgeLibScan: remove PcdOvmfHostBridgePciDevId
8af38170b5 OvmfPkg/PciHostBridgeLibScan: clean up file names and file-top comments
7e25086a00 OvmfPkg/SmbiosPlatformDxe: clean up #includes and INF
5072593738 OvmfPkg/SmbiosPlatformDxe: return EFI_NOT_FOUND if there is no SMBIOS data
4db374562f OvmfPkg/SmbiosPlatformDxe: locate SMBIOS protocol in InstallAllStructures()
a8ab14424e OvmfPkg/SmbiosPlatformDxe: split GetXenSmbiosTables() decl. to new header
9d84e74ca0 OvmfPkg/SmbiosPlatformDxe: declare InstallAllStructures() in header file
d4a8aaee73 OvmfPkg/SmbiosPlatformDxe: create Xen-specific module INF file
ce270905bf OvmfPkg/SmbiosPlatformDxe: split Xen entry point from QEMU entry point
51adb689e1 OvmfPkg: restrict XenPlatformLib to BdsDxe in the IA32, IA32X64, X64 DSCs
ddb3fdbef3 BaseTools GenFw: Fix regression issue to convert the image to ACPI data
558d83ab1a OvmfPkg/README: Fix typo in README
beb443fde0 ShellPkg: Fix typo
702ba436ed OvmfPkg/PlatformCI: bump QEMU choco package version to 2021.5.5
83761337ec NetworkPkg/IScsiDxe: wrap IScsiCHAP source files to 80 characters
29cab43bb7 NetworkPkg/IScsiDxe: simplify "ISCSI_CHAP_AUTH_DATA.InChallenge" size
95616b8661 NetworkPkg/IScsiDxe: clean up "ISCSI_CHAP_AUTH_DATA.OutChallengeLength"
e8f28b09e6 NetworkPkg/IScsiDxe: clean up library class dependencies
cf01b2dc8f NetworkPkg/IScsiDxe: fix potential integer overflow in IScsiBinToHex()
d90fff40cb NetworkPkg/IScsiDxe: assert that IScsiBinToHex() always succeeds
dc469f1371 NetworkPkg/IScsiDxe: reformat IScsiHexToBin() leading comment block
47b76780b4 NetworkPkg/IScsiDxe: fix IScsiHexToBin() hex parsing
54e90edaed NetworkPkg/IScsiDxe: fix IScsiHexToBin() buffer overflow
b8649cf2a3 NetworkPkg/IScsiDxe: check IScsiHexToBin() return values
288bd74a22 Pytool: SpellCheck: Fix incorrect file mask across package matrices
1ad794b627 MdeModulePkg: Fix device path when boot manager menu is from different FV
11b1c1d4b9 SecurityPkg: TcgStorageOpalLib: Initialize SupportedAttributes parameter.
d58016b768 UefiPayloadPkg: Get platform specific logic via protocol for BDS
d8c18ba3f4 MdeModulePkg: Add Universal Payload general definition header file
b597b6e24c MdeModulePkg: Add new structure for the PCI Root Bridge Info Hob
99de2e7e03 UefiPayloadPkg: UefiPayload retrieve PCI root bridge from Guid Hob
9d53e01efe MdeModulePkg: Add new structure for the Universal Payload SMBios Table Hob
70e8c9c3bc MdeModulePkg/Universal/SmbiosDxe: Scan for existing tables
302a8f353c UefiPayloadPkg: Create gUniversalPayloadSmbiosTableGuid Hob
75293330ea MdeModulePkg: Add new structure for the Universal Payload ACPI Table Hob
761329ee27 MdeModulePkg/ACPI: Install ACPI table from HOB.
8c0d678063 UefiPayloadPkg: Create gUniversalPayloadAcpiTableGuid Hob
fa24b6ed26 UefiPayloadPkg: Use DynamicEx instead of Dynamic to pass PCD across binary
c511426abe MdeModulePkg/UniversalPayload: Add definition for extra info in payload
fe471d4a57 UefiPayloadPkg: Add PayloadLoaderPeim which can load ELF payload
ab2b389e7a PeiCore: Remove assertion when failing to load PE image
1b380aa603 BaseTools GenFw: Keep read only alloc section as text when convert ELF
9cf9de668f StandaloneMmPkg: Core: Spelling error in comment
610385fa3b ArmPlatformPkg: SpellCheck: Switch spellcheck CI to AuditOnly
04ddd1271e ArmPkg: SpellCheck: Update valid acronyms in ExtendedWords
cdf7544703 MdeModulePkg PciBusDxe: Increase the width of data read during oprom shadow
2847c72fda Maintainers.txt: Add Reviewers for Universal Payload definitions
1162ae8297 Maintainers.txt: Add reviewers for ACPI and SMBIOS modules
a63914d3f6 ArmPkg: Move cache defs used in Universal/Smbios into ArmCache.h
6cfeeb71c4 UefiCpuPkg/CpuCommonFeaturesLib: Correct the CPU location check
d9a7612f8d MdeModulePkg/BdsDxe: Update BdsEntry to use Variable Policy
5959879e92 ArmVirtPkg: Add PCIe host bridge utility lib for ArmVirtPkg
4dda0f7ab4 ArmVirtPkg: Enable PCIe support for Kvmtool
1e5e58d39b UefiPayloadPkg/UefiPayloadEntry: Improve bootloader memrange parsing
7471751a4d UefiPayloadPkg/UefiPayloadEntry: Remove 4GB memory WA
20ca528828 CryptoPkg: BaseCryptLib: Update Salt length requirement for RSA-PSS scheme.
18b2272e4d Azurepipeline: SpellCheck: Enforce Node dependency to use version 14.x
eba32695ee CryptoPkg/BaseCryptLib: Enabled CryptSha512 for Smm/Runtime drivers
12e34cd2f7 OvmfPkg/Bhyve: clean up TPM_ENABLE remnants
82f727c4af UefiPayloadPkg: Add HobLib for UniversalPayload
ea0bd5f6a7 MdeModulePkg: Add new structure for the Universal Payload Serial Port Info
a75c029f60 UefiPayloadPkg: Add a separate PlatformHookLib for Universal Payload
d63595c3c9 UefiPayloadPkg: Update the function definition of HobConstructor
0ff6de9358 UefiPayloadPkg: Create separate Payload Entry for UniversalPayload
b208d37c73 UefiPayloadPkg: Get and enter DxeCore for Universal Payload
27cb64fffc UefiPayloadPkg: Fix up UPL Pcd database
6b69f73b59 UefiPayloadPkg: Include UniversalPayLoad modules in UefiPayloadPkg.dsc
86e6948cfb UefiPayloadPkg: Remove assert when reserve MMIO/IO resource for devices
2db0ed93ff UefiPayloadPkg: Add macro to enable and disable some drivers
3eb72b308a UefiPayloadPkg: Add PcdInstallAcpiSdtProtocol feature in UefiPayloadPkg
caa139fe17 UefiPayloadPkg: Add PcdResetOnMemoryTypeInformationChange in UefiPayloadPkg
8efd912baf UefiPayloadPkg: Add new structure for BootManagerMenuFile HOB
19a541d70e UefiPayloadPkg: consume the BootManagerMenuFile HOB
333a866106 BaseTools: Remove check for Split.exe in toolset.bat
f0a3f6d9c3 BaseTools: Fix spelling of "overwrite" and "overwriting" in toolset.bat
17143c4837 BaseTools: Reset ERRORLEVEL in toolsetup.bat after edk2basetools check
abfff7c45d BaseTools GenFw: Add support for RISCV GOT/PLT relocations
27b8a52957 MdePkg: MmConfiguration: Move definition of EFI_MM_RESERVED_MMRAM_REGION
d1fc3d7ef3 MdePkg: MmConfiguration: Added definition of MM Configuration PPI
5a2e030f73 OvmfPkg/GenericQemuLoadImageLib: plug cmdline blob leak on success
932449710c OvmfPkg/X86QemuLoadImageLib: plug cmdline blob leak on success
24b0e9d128 Revert "OvmfPkg/QemuKernelLoaderFsDxe: don't expose kernel command line"
cf20302474 OvmfPkg/GenericQemuLoadImageLib: Read cmdline from QemuKernelLoaderFs
9421f5ab8d OvmfPkg/X86QemuLoadImageLib: State fw_cfg dependency in file header
b37cfdd280 OvmfPkg/XenPlatformPei: Relocate shared_info page mapping
55dee4947b MdePkg : Add IPMI Macro and Structure Defintions to resolve build errors
580b11201e IntelFsp2Pkg: Add Config Editor tool support
939ed3a592 UefiPayloadPkg/PayloadLoader: Fix bug in locating relocation section
3cde0d553d UefiPayloadPkg/PayloadLoader: Remove assertion
49eeda113a NetworkPkg/IScsiDxe: re-set session-level authentication state before login
7eba9f698e NetworkPkg/IScsiDxe: add horizontal whitespace to IScsiCHAP files
7b6c2b2a26 NetworkPkg/IScsiDxe: distinguish "maximum" and "selected" CHAP digest sizes
903ce1d8f8 NetworkPkg/IScsiDxe: support multiple hash algorithms for CHAP
47fea2abcb NetworkPkg/IScsiDxe: support SHA256 in CHAP
bb33c27fbe NetworkPkg: introduce the NETWORK_ISCSI_MD5_ENABLE feature test macro
8697dc60cc Maintainers.txt: Update Maintainers and reviewers for UefiPayloadPkg
fea7901dba UefiPayloadPkg: Fix the build failure
1e0c441c92 OvmfPkg/Bhyve: add USB support
44ced03798 OvmfPkg/Bhyve: use static PCI32Base address
b3db0cb1f8 MdeModulePkg/PartitionDxe: Ignore PMBR BootIndicator per UEFI spec
0a6b303dce UefiCpuPkg/ExceptionLib: Conditionally clear shadow stack token busy bit
d10e058016 MdeModulePkg/RegularExpressionDxe: Fix memory assert in FreePool()
4c051c2c65 MdeModulePkg: Update YAML file to fix CI error
31fcee6d99 ArmVirtPkg: Add PlatformHasAcpiDtDxe for Cloud Hypervisor
c28fc8ab3b ArmVirtPkg: Install Acpi tables for Cloud Hypervisor
0e3b6bd0ee ArmVirtPkg: support Cloud Hypervisor in edk2
b560e9d9b6 IntelFsp2Pkg: PatchFv parseInfFile function modification
f47c4676dd Pytool: SpellCheck: Defer path expansion in cspell parameters
cc89d245f9 Maintainers.txt: remove Laszlo Ersek's entries
84af6ea320 BaseTools/Scripts: Ignore Mergify merge commits in PatchCheck.py
b491eace37 .mergify: Simplify Mergify rules using GitHub status checks
5ef08a49e3 .azurepipelines: Remove FINISHED and FAILED states
ad1009ec62 MdePkg/Include: Add STATIC_ASSERT for L'' and L"" strings
3de3c24755 BaseTools: Remove non-ascii character of StructurePcd comment
40a9066439 BaseTools: Enable the flag to treat dynamic pcd as dynamicEx
22fe311bd2 .pytool/EccCheck: Locate BaseTools dir with EDK_TOOLS_PATH
a050c599df .pytool/EccCheck: Rename edk2_path as workspace_path
50672d2692 .pytool/EccCheck: Check ecc_csv exists
fb5b6220a9 .pytool/EccCheck: Set PACKAGES_PATH env var in Ecc
fda5226aa3 UefiPayloadPkg: Dump hob information from boot loader
7d748705b1 MdeModulePkg: Change the PldHeader to Header in ExtraData.h
9bf4aee734 UefiPayloadPkg: Assign the length of UniversalPayload ExtraData
d0b6596b8e MdeModulePkg/RamDiskDxe: Init list head before registering RamDisk protocol
91f5d3b410 IntelFsp2Pkg: BaseCacheLib EfiProgramMtrr MtrrNumber Should be UINT32
be282b1493 UefiPayloadPkg: Add PCD_DYNAMIC_AS_DYNAMICEX and set to True
cac83b6f3b IntelFsp2Pkg: Add search function for Config Editor
4bac086e8e UefiPayloadPkg: Add FV Guid for DXEFV and PLDFV
fddb8d24ec ArmPlatformPkg/Scripts: Infer dll load address from console output
885efcd3f9 MdePkg/Include: Smbios Specification 3.4.0 changes
83b43c4cb1 MdeModulePkg PCD: Print which PCD was unable to be found
c32c5911c4 BaseTools GenFw: Add support for R_RISCV_PCREL_LO12_S relocation
097aeeb119 MdePkg/BaseLib: Add MemoryFence implementation for RiscV64
391cffcb61 MdeModulePkg PiSmmCore: Change MemoryAttributes message to DEBUG_VERBOSE
8781b143de BaseTools/Scripts: Fix GetMaintainer.py line endings
28ef05ce10 BaseTools/Scripts: Allow GitHub ID at end Maintainers.txt lines
2f5ad3f451 Maintainers.txt: Add GitHub IDs
332632abf3 Maintainers.txt: Add Jiewen Yao as OvmfPkg Maintainer
4d28a1c2fd BaseTools: Remove COMMON section from the GCC discard list
878a92a887 CryptoPkg/OpensslLib: Add native instruction support for X64
147f34b56c CryptoPkg/OpensslLib: Commit the auto-generated assembly files for X64
ac70e71b1f NetworkPkg: Making the HTTP IO timeout value programmable with PCD
ab796d3e2a NetworkPkg: Add HTTP Additional Event Notifications
b461d67639 OvmfPkg/ResetVector: move SEV specific code in a separate file
7f05102f65 OvmfPkg/ResetVector: add the macro to invoke MSR protocol based VMGEXIT
dc485c556d OvmfPkg/ResetVector: add the macro to request guest termination
f05eb2dfe5 OvmfPkg/AmdSev/SecretDxe: fix header comment to generic naming
35e267cb34 OvmfPkg/AmdSev: use GenericQemuLoadImageLib in AmdSev builds
a26a08dc1f OvmfPkg: PlatformBootManagerLibGrub: Allow executing kernel via fw_cfg
0cb48007f7 OvmfPkg: add library class BlobVerifierLib with null implementation
c73e31f54d OvmfPkg: add BlobVerifierLibNull to DSC
6bf5580a3d ArmVirtPkg: add BlobVerifierLibNull to DSC
d10ad8444f OvmfPkg/QemuKernelLoaderFsDxe: call VerifyBlob after fetch from fw_cfg
5ace477f34 OvmfPkg/AmdSev/SecretPei: build hob for full page
0deeab36d1 OvmfPkg/AmdSev: reserve MEMFD space for for firmware config hashes
385b9d80a0 OvmfPkg/AmdSev: add BlobVerifierLibSevHashes
514b3aa08e OvmfPkg/AmdSev: Enforce hash verification of kernel blobs
8e6bb64fe4 EmbeddedPkg/VirtualRealTimeClockLib: Fix SetTime issues
610bcc69ed ArmVirtPkg: Remove meaningless comment
3445058aea MdeModulePkg/CapsuleApp: Fix typo in error message
2e1fb41339 build: Fix python3.10 threading DeprecationWarnings
0b1b0a9674 python: Replace distutils.utils.split_quotes with shlex.split
fc50df0d8e BaseTools: Drop check for distutils.utils
03e77558d4 BaseTools: use shutil.copyfile instead shutil.copy2
2b47aaecef MdeModulePkg: Add BootDiscoveryPolicyUiLib.
bb806a6e88 SecurityPkg: Create SecureBootVariableLib.
9732659698 SecurityPkg: Create library for enrolling Secure Boot variables.
12a4d0cb9d ArmVirtPkg: add SecureBootVariableLib class resolution
3d427c5f83 OvmfPkg: add SecureBootVariableLib class resolution
b926956418 EmulatorPkg: add SecureBootVariableLib class resolution
db959018b6 SecurityPkg: Remove duplicated functions from SecureBootConfigDxe.
a97e9e327e ArmPlatformPkg: Create include file for default key content.
94e065582b SecurityPkg: Add SecureBootDefaultKeysDxe driver
19107590b6 SecurityPkg: Add EnrollFromDefaultKeys application.
45f3dd2ce9 SecurityPkg: Add new modules to Security package.
55266a9b8a SecurityPkg: Add option to reset secure boot keys.
6355287206 Maintainers.txt: Add new maintainer and reviewer to EmbeddedPkg/
9abc60f9f7 EmbeddedPkg/libfdt: Add strcmp and strncpy to libfdt_env.h
0856cdc89e MdePkg: add definition of LINUX_EFI_INITRD_MEDIA_GUID
97fdcbda4e OvmfPkg: Remove Initrd LINUX_EFI_INITRD_MEDIA_GUID
4de77ae989 UefiCpuPkg/CpuCacheInfoLib: Sort CpuCacheInfo array
3c6107758b SecurityPkg: Fix GetSupportedAndActivePcrs counter calculation
b40bdd6ecd UefiPayloadPkg: Add Fixed PCDs and use Macro to define the default value.
d497eace3b UefiPayloadPkg: define some PCD as DynamicEX PCD
ac6e5d6b41 UefiPayloadPkg: change the default value of some PCDs.
672bd1c711 UefiPayloadPkg: Add a macro to enable or diable the serial driver.
d02dbb53cd UefiPayloadPkg: Fix the non-ascii character in UniversalPayloadEntry.c
a7ddc7847c RedfishPkg/JsonLib: Add more JsonLib functions
5963ce5d28 MdePkg: Add ACPI 6.4 header file
4d7137f261 MdePkg: Increment FADT version
d910e83299 MdePkg: Rename SBSA Generic Watchdog to Arm Generic Watchdog
ad3dea9861 MdePkg: Update PMTT to ACPI 6.4
ced4cb7609 MdePkg: Add SPA Location Cookie field to SPA Range structure
c82d6dd4a3 MdePkg: Remove DPPT table
357383bc4f MdePkg: Add flags and MinTransferSize to Generic Initiator
7b17bcd9a0 MdePkg: Add 'Type 5' PCC structure
0938f9235c MdePkg: Add Multiprocessor Wakeup structure
75c4a8e10d MdePkg: Add the Platform Health Assessment Table (PHAT)
1803757a9b MdePkg: Add Secure Access Components in the SDEV table
605c4a1ff2 MdePkg: Add Cache ID to PPTT
3d359ff905 MdePkg: Fix broken coding style in Acpi64.h
7311e96417 RedfishPkg/RefishCrtLib: Public RefishCrtLib
03e19e6bc8 ArmPkg/IndustryStandard: 32b/64b agnostic FF-A, Mm SVC and Std SMC IDs
aee0098faf ArmPkg: prepare 32bit ARM build of StandaloneMmPkg
ca1773878d GenFv: Arm: support images entered in Thumb mode
b7f0226a46 StandaloneMmPkg: fix pointer/int casts against 32bit architectures
a776bbabd9 StandaloneMmPkg: build for 32bit arm machines
ac826886c9 MdeModulePkg/UefiSortLib:Add UefiSortLib unit test
6fdd1c13a7 MdeModulePkg PCD: Reinstall PCD service PPIS when memory available
ef56f55d19 EmbeddedPkg/NonCoherentDmaLib: Avoid dereferencing unset Map field
8dd4fc5be6 UefiCpuPkg/CpuCacheInfoLib: Correct logical for identifying cache type
7b4a99be8a CryptoPkg: BaseCryptLib fix incorrect param order
- Removed patches which are merged to mainline:
ovmf-bsc1186151-fix-iscsi-overflows.patch
ovmf-xen-relocate-shared_info_page-map.patch
- Updated patches
ovmf-fix-xen-s3-detection.patch -> ovmf-OvmfPkg-OvmfXen-set-PcdAcpiS3Enable-at-initializatio.patch
ovmf-xen-add-qemu-kernel-loader-fs.patch -> ovmf-OvmfPkg-OvmfXen-add-QemuKernelLoaderFsDxe.patch
- Added patches
ovmf-OvmfPkg-OvmfXen-Fix-build-with-QemuKernelLoaderFsDxe.patch
++++ tar:
- tests-skip-time01-on-32bit-time_t.patch: Add patch to skip test
'tests/time01.at' on platforms with 32-bit time_t for now.
- tar.spec: Reference it.
(%check): Output the testsuite.log in case the testsuite failed.
------------------------------------------------------------------
------------------ 2021-10-13 - Oct 13 2021 -------------------
------------------------------------------------------------------
++++ audit-secondary:
- Create separate service for augenrules (bsc#1191614, bsc#1181400)
* add create-augenrules-service.patch
Remove ReadWritePaths=/etc/audit from auditd.service, also removes
augenrules call from ExecStartPost.
Create augenrules.service with the ReadWritePaths directive above.
This makes /etc/audit only accessible by augenrules.service and
let auditd.service (and daemon) to be sandboxed again.
- Update audit-secondary.spec to accomodate the new service file.
++++ kernel-default:
- kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229).
The semantic changed in an incompatible way so invoking the macro now
causes a build failure.
- commit 3e55f55
- Linux 5.14.12 (bsc#1012628).
- dsa: tag_dsa: Fix mask for trunked packets (bsc#1012628).
- x86/hpet: Use another crystalball to evaluate HPET usability
(bsc#1012628).
- x86/entry: Clear X86_FEATURE_SMAP when CONFIG_X86_SMAP=n
(bsc#1012628).
- x86/entry: Correct reference to intended CONFIG_64_BIT
(bsc#1012628).
- x86/fpu: Restore the masking out of reserved MXCSR bits
(bsc#1012628).
- x86/sev: Return an error on a returned non-zero
SW_EXITINFO1[31:0] (bsc#1012628).
- x86/Kconfig: Correct reference to MWINCHIP3D (bsc#1012628).
- x86/platform/olpc: Correct ifdef symbol to intended
CONFIG_OLPC_XO15_SCI (bsc#1012628).
- pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init
(bsc#1012628).
- powerpc/32s: Fix kuap_kernel_restore() (bsc#1012628).
- powerpc/64s: Fix unrecoverable MCE calling async handler from
NMI (bsc#1012628).
- powerpc/traps: do not enable irqs in _exception (bsc#1012628).
- powerpc/64s: fix program check interrupt emergency stack path
(bsc#1012628).
- powerpc/bpf ppc32: Fix BPF_SUB when imm == 0x80000000
(bsc#1012628).
- powerpc/bpf ppc32: Do not emit zero extend instruction for
64-bit BPF_END (bsc#1012628).
- powerpc/bpf ppc32: Fix JMP32_JSET_K (bsc#1012628).
- powerpc/bpf ppc32: Fix ALU32 BPF_ARSH operation (bsc#1012628).
- powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1012628).
- powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1012628).
- objtool: Make .altinstructions section entry size consistent
(bsc#1012628).
- objtool: Remove reloc symbol type checks in get_alt_entry()
(bsc#1012628).
- scsi: iscsi: Fix iscsi_task use after free (bsc#1012628).
- RISC-V: Include clone3() on rv32 (bsc#1012628).
- i2c: mlxcpld: Modify register setting for 400KHz frequency
(bsc#1012628).
- i2c: mlxcpld: Fix criteria for frequency setting (bsc#1012628).
- bpf, s390: Fix potential memory leak about jit_data
(bsc#1012628).
- riscv/vdso: make arch_setup_additional_pages wait for mmap_sem
for write killable (bsc#1012628).
- riscv/vdso: Move vdso data page up front (bsc#1012628).
- riscv/vdso: Refactor asm/vdso.h (bsc#1012628).
- RISC-V: Fix VDSO build for !MMU (bsc#1012628).
- riscv: explicitly use symbol offsets for VDSO (bsc#1012628).
- i2c: mediatek: Add OFFSET_EXT_CONF setting back (bsc#1012628).
- i2c: acpi: fix resource leak in reconfiguration device addition
(bsc#1012628).
- powerpc/iommu: Report the correct most efficient DMA mask for
PCI devices (bsc#1012628).
- net: prefer socket bound to interface when not in VRF
(bsc#1012628).
- iavf: fix double unlock of crit_lock (bsc#1012628).
- i40e: Fix freeing of uninitialized misc IRQ vector
(bsc#1012628).
- i40e: fix endless loop under rtnl (bsc#1012628).
- gve: report 64bit tx_bytes counter from
gve_handle_report_stats() (bsc#1012628).
- gve: fix gve_get_stats() (bsc#1012628).
- rtnetlink: fix if_nlmsg_stats_size() under estimation
(bsc#1012628).
- gve: Properly handle errors in gve_assign_qpl (bsc#1012628).
- gve: Avoid freeing NULL pointer (bsc#1012628).
- gve: Correct available tx qpl check (bsc#1012628).
- net: stmmac: trigger PCS EEE to turn off on link down
(bsc#1012628).
- net: pcs: xpcs: fix incorrect steps on disable EEE
(bsc#1012628).
- drm/nouveau/debugfs: fix file release memory leak (bsc#1012628).
- drm/nouveau/kms/nv50-: fix file release memory leak
(bsc#1012628).
- drm/nouveau: avoid a use-after-free when BO init fails
(bsc#1012628).
- video: fbdev: gbefb: Only instantiate device when built for IP32
(bsc#1012628).
- drm/panel: abt-y030xx067a: yellow tint fix (bsc#1012628).
- drm/nouveau/fifo/ga102: initialise chid on return from channel
creation (bsc#1012628).
- drm/sun4i: dw-hdmi: Fix HDMI PHY clock setup (bsc#1012628).
- bus: ti-sysc: Use CLKDM_NOAUTO for dra7 dcan1 for errata i893
(bsc#1012628).
- perf jevents: Free the sys_event_tables list after processing
entries (bsc#1012628).
- drm/amdgpu: handle the case of pci_channel_io_frozen only in
amdgpu_pci_resume (bsc#1012628).
- drm/amdkfd: fix a potential ttm->sg memory leak (bsc#1012628).
- ARM: defconfig: gemini: Restore framebuffer (bsc#1012628).
- netlink: annotate data races around nlk->bound (bsc#1012628).
- net: pcs: xpcs: fix incorrect CL37 AN sequence (bsc#1012628).
- net: sfp: Fix typo in state machine debug string (bsc#1012628).
- net/sched: sch_taprio: properly cancel timer from
taprio_destroy() (bsc#1012628).
- net: bridge: fix under estimation in br_get_linkxstats_size()
(bsc#1012628).
- net: bridge: use nla_total_size_64bit() in
br_get_linkxstats_size() (bsc#1012628).
- afs: Fix afs_launder_page() to set correct start file position
(bsc#1012628).
- netfs: Fix READ/WRITE confusion when calling iov_iter_xarray()
(bsc#1012628).
- drm/i915/bdb: Fix version check (bsc#1012628).
- drm/i915/tc: Fix TypeC port init/resume time sanitization
(bsc#1012628).
- drm/i915/jsl: Add W/A 1409054076 for JSL (bsc#1012628).
- drm/i915/audio: Use BIOS provided value for RKL HDA link
(bsc#1012628).
- ARM: imx6: disable the GIC CPU interface before calling
stby-poweroff sequence (bsc#1012628).
- dt-bindings: drm/bridge: ti-sn65dsi86: Fix reg value
(bsc#1012628).
- arm64: dts: ls1028a: fix eSDHC2 node (bsc#1012628).
- arm64: dts: imx8mm-kontron-n801x-som: do not allow to switch
off buck2 (bsc#1012628).
- arm64: dts: imx8: change the spi-nor tx (bsc#1012628).
- ARM: dts: imx: change the spi-nor tx (bsc#1012628).
- ptp_pch: Load module automatically if ID matches (bsc#1012628).
- powerpc/fsl/dts: Fix phy-connection-type for fm1mac3
(bsc#1012628).
- netfilter: nf_tables: honor NLM_F_CREATE and NLM_F_EXCL in
event notification (bsc#1012628).
- MIPS: Revert "add support for buggy MT7621S core detection"
(bsc#1012628).
- net: stmmac: dwmac-rk: Fix ethernet on rk3399 based devices
(bsc#1012628).
- net: mscc: ocelot: fix VCAP filters remaining active after
being deleted (bsc#1012628).
- net_sched: fix NULL deref in fifo_set_limit() (bsc#1012628).
- libbpf: Fix memory leak in strset (bsc#1012628).
- phy: mdio: fix memory leak (bsc#1012628).
- libbpf: Fix segfault in light skeleton for objects without BTF
(bsc#1012628).
- net/mlx5e: Fix the presented RQ index in PTP stats
(bsc#1012628).
- net/mlx5: Fix setting number of EQs of SFs (bsc#1012628).
- net/mlx5: Fix length of irq_index in chars (bsc#1012628).
- net/mlx5: Avoid generating event after PPS out in Real time mode
(bsc#1012628).
- net/mlx5: Force round second at 1PPS out start time
(bsc#1012628).
- net/mlx5: E-Switch, Fix double allocation of acl flow counter
(bsc#1012628).
- net/mlx5e: Keep the value for maximum number of channels in-sync
(bsc#1012628).
- net/mlx5e: IPSEC RX, enable checksum complete (bsc#1012628).
- bpf: Fix integer overflow in prealloc_elems_and_freelist()
(bsc#1012628).
- soc: ti: omap-prm: Fix external abort for am335x pruss
(bsc#1012628).
- bpf, arm: Fix register clobbering in div/mod implementation
(bsc#1012628).
- netfilter: nf_tables: reverse order in rule replacement
expansion (bsc#1012628).
- netfilter: nf_tables: add position handle in event notification
(bsc#1012628).
- netfilter: conntrack: fix boot failure with
nf_conntrack.enable_hooks=1 (bsc#1012628).
- iwlwifi: pcie: add configuration of a Wi-Fi adapter on Dell
XPS 15 (bsc#1012628).
- xtensa: call irqchip_init only when CONFIG_USE_OF is selected
(bsc#1012628).
- xtensa: use CONFIG_USE_OF instead of CONFIG_OF (bsc#1012628).
- arm64: dts: qcom: pm8150: use qcom,pm8998-pon binding
(bsc#1012628).
- ath5k: fix building with LEDS=m (bsc#1012628).
- PCI: hv: Fix sleep while in non-sleep context when removing
child devices from the bus (bsc#1012628).
- ARM: dts: imx6qdl-pico: Fix Ethernet support (bsc#1012628).
- ARM: dts: imx: Fix USB host power regulator polarity on M53Menlo
(bsc#1012628).
- ARM: dts: imx: Add missing pinctrl-names for panel on M53Menlo
(bsc#1012628).
- soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment
(bsc#1012628).
- iwlwifi: mvm: Fix possible NULL dereference (bsc#1012628).
- ARM: at91: pm: do not panic if ram controllers are not enabled
(bsc#1012628).
- Revert "arm64: dts: qcom: sc7280: Fixup the cpufreq node"
(bsc#1012628).
- ARM: dts: qcom: apq8064: Use 27MHz PXO clock as DSI PLL
reference (bsc#1012628).
- soc: qcom: socinfo: Fixed argument passed to platform_set_data()
(bsc#1012628).
- bus: ti-sysc: Add break in switch statement in sysc_init_soc()
(bsc#1012628).
- riscv: Flush current cpu icache before other cpus (bsc#1012628).
- scsi: ufs: core: Fix task management completion (bsc#1012628).
- ARM: dts: qcom: apq8064: use compatible which contains chipid
(bsc#1012628).
- ARM: dts: imx6dl-yapp4: Fix lp5562 LED driver probe
(bsc#1012628).
- ARM: dts: omap3430-sdp: Fix NAND device node (bsc#1012628).
- xen/balloon: fix cancelled balloon action (bsc#1012628).
- SUNRPC: fix sign error causing rpcsec_gss drops (bsc#1012628).
- nfsd4: Handle the NFSv4 READDIR 'dircount' hint being zero
(bsc#1012628).
- nfsd: fix error handling of register_pernet_subsys() in
init_nfsd() (bsc#1012628).
- ovl: fix IOCB_DIRECT if underlying fs doesn't support direct IO
(bsc#1012628).
- ovl: fix missing negative dentry check in ovl_rename()
(bsc#1012628).
- fbdev: simplefb: fix Kconfig dependencies (bsc#1012628).
- Update config files.
- mmc: sdhci-of-at91: replace while loop with read_poll_timeout
(bsc#1012628).
- mmc: sdhci-of-at91: wait for calibration done before proceed
(bsc#1012628).
- mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk
(bsc#1012628).
- xen/privcmd: fix error handling in mmap-resource processing
(bsc#1012628).
- drm/i915: Extend the async flip VT-d w/a to skl/bxt
(bsc#1012628).
- drm/i915: Fix runtime pm handling in i915_gem_shrink
(bsc#1012628).
- drm/amd/display: Fix DCN3 B0 DP Alt Mapping (bsc#1012628).
- drm/amd/display: Fix detection of 4 lane for DPALT
(bsc#1012628).
- drm/amd/display: Limit display scaling to up to 4k for DCN 3.1
(bsc#1012628).
- drm/nouveau/ga102-: support ttm buffer moves via copy engine
(bsc#1012628).
- drm/nouveau/kms/tu102-: delay enabling cursor until after
assign_windows (bsc#1012628).
- drm/amdgpu: During s0ix don't wait to signal GFXOFF
(bsc#1012628).
- drm/amd/display: USB4 bring up set correct address
(bsc#1012628).
- drm/amd/display: Fix B0 USB-C DP Alt mode (bsc#1012628).
- usb: typec: tipd: Remove dependency on "connector" child fwnode
(bsc#1012628).
- usb: typec: tcpm: handle SRC_STARTUP state if cc changes
(bsc#1012628).
- usb: typec: tcpci: don't handle vSafe0V event if it's not
enabled (bsc#1012628).
- USB: cdc-acm: fix break reporting (bsc#1012628).
- USB: cdc-acm: fix racy tty buffer accesses (bsc#1012628).
- usb: gadget: f_uac2: fixed EP-IN wMaxPacketSize (bsc#1012628).
- usb: chipidea: ci_hdrc_imx: Also search for 'phys' phandle
(bsc#1012628).
- usb: cdc-wdm: Fix check for WWAN (bsc#1012628).
- Partially revert "usb: Kconfig: using select for USB_COMMON
dependency" (bsc#1012628).
- Update config files.
- commit 7246625
++++ python310-core:
- BuildRequire rpm-build-python: The provider to inject python(abi)
has been moved there. rpm-build pulls rpm-build-python
automatically in when building anything against python3-base, but
this implies that the initial build of python3-base does not
trigger the automatic installation.
++++ openslp:
- Added hardening to systemd service(s) (bsc#1181400). Modified:
* slpd.service
++++ liburing:
- update to 2.1 (bsc#1193522):
* Ignore spurious fadvise/madvise failures
* build: add -D_GNU_SOURCE to all CPPFLAGS/CFLAGS.
* man: clean up spelling
* man/io_uring_enter.2: add notes about direct open/accept
* io_uring.h: sync with 5.15 kernel
* Fix IORING_REGISTER_IOWQ_MAX_WORKERS name
* man: document new register/update API
* liburing: add helpers for direct open/accept
* liburing.h: correct max_worker name
* Change IORING_REGISTER_IOWQ_MAX_UNBOUND_WORKERS
* src/syscall.h: get rid of useless externs
* man/io_uring_enter.2: document IORING_ENTER_EXT_ARG
* Add io_uring_register_iowq_max_unbound() helper
* Get rid of useless 'extern' on function declarations in liburing.h
* Add (UN)REGISTER_IOWQ_AFF helpers
* man/io_uring_register.2: note when MAX_UNBOUND became available
* man/io_uring_register.2: add missing punctuation
* man/io_uring_register.2: document IORING_REGISTER_IOWQ_MAX_UNBOUND
* man/io_uring_enter.2: add IORING_OP_TIMEOUT clock sources
* man/io_uring_enter.2: improve timeout entry
* man/io_uring_enter.2: update SQE
* man/io_uring_enter.2: note that not all requests support fixed files
* man/io_uring_enter.2: add new 5.15 opcodes
* man/io_uring_enter.2: note that cqe->flags is indeed used
* man/io_uring_enter.2: add poll update and multishot mode
* man/io_uring_register.2: add IORING_(UN)REGISTER_IOWQ
* man: update notes on register quiesce
* man: fix io_uring_sqe alignment
* register: add tagging and buf update helpers
* liburing.h: make header clean for implicit sign and size conversions
* configure: document --cc and --cxx options
* io_uring: update buffer update feature testing
* liburing.h: dedup poll mask conversion
* liburing.h: add a multipoll helper
* Update io_uring.h
* examples: disable ucontext-cp for elbrus (e2k) architecture
* Update io_uring_setup.2
* man/io_uring_setup.2: document the two most recent FEAT flags
* man/io_uring_setup.2: make sure FEAT flags are kernel versioned
* correct syscall NR in mips
* Fix 32-bit compile warnings
* liburing.h: make all file/IO offset __u64
* src/queue: don't flush SQ ring for new wait interface
* man/io_uring_enter.2: further clarify what cqe->res holds
* Clarify information about error results
* Refer to the accept_flags in io_uring_enter manual
* Fix a bug due to the unreleased lock before function returns
* debian/rules: add missing slash for relativelibdir
* man/io_uring_enter.2: clarify io_uring_enter(2) SQPOLL return value
* liburing.h: add linkat prep helper
* io_uring.h: add linkat opcode
* liburing.h: add symlinkat prep helper
* io_uring.h: add symlinkat opcode
* liburing.h: add mkdirat prep helper
* update rsrc register/update ABI and tests
* queue: clean up SQ flushing
* io_uring_enter(2): Clarify how to read from and write to non-seekable files
* clarify an edge case of IORING_SETUP_SQ_AFF
* io_uring_enter(2): clarify OP_READ and OP_WRITE
* sync io_uring.h API file with Linux 5.13
* man: Fix typo in man io_uring_queue_exit
* examples/link-cp: fix a couple of strerror negations
* src/setup: don't treat dummy ring init as failure
* src/setup: add some documentation to the memlock helpers
* examples/ucontext-cp.c: cope with variable SIGSTKSZ
* setup: provide helpers to inquire about necessary mlock sizes
* examples/io_uring-cp: wait for pending writes before exit copy loop
* spec: add explicit build dependency on make
* spec: bump version to 2.0
* man/io_uring_enter.2: note that -EBUSY can also happen for getevents
++++ python310:
- BuildRequire rpm-build-python: The provider to inject python(abi)
has been moved there. rpm-build pulls rpm-build-python
automatically in when building anything against python3-base, but
this implies that the initial build of python3-base does not
trigger the automatic installation.
++++ python-pyzmq:
- Update to 22.3.0:
- Fix strlcpy compilation issues on alpine, freebsd. Adds new
build-time dependency on packaging.
- In event-loop integration: warn instead of raise when
triggering callback on a socket whose context has been
closed.
- Bundled libzmq in wheels backport a patch to avoid crashes
due to inappropriate closing of libsodium's random generator
when using CurveZMQ.
- New ResourceWarnings when contexts and sockets are closed by
garbage collection, which can be a source of hangs and leaks
(matches open files)
------------------------------------------------------------------
------------------ 2021-10-12 - Oct 12 2021 -------------------
------------------------------------------------------------------
++++ transactional-update:
- Version 3.5.7
Various fixes affecting Salt support:
- t-u: Don't squash stderr messages into stdout
- t-u: Correctly handle case when the snapshot has been deleted due to
using --drop-if-no-change: Don't show reboot messages and avoid an awk
error message [bsc#1191475]
- tukit: Make inotify handler less sensitive / ignore more directories
[bsc#1191475]
++++ gpg2:
- GnuPG 2.3.3:
* agent: Fix segv in GET_PASSPHRASE (regression)
* dirmngr: Fix Let's Encrypt certificate chain validation
* gpg: Change default and maximum AEAD chunk size to 4 MiB
* gpg: Print a warning when importing a bad cv25519 secret key
* gpg: Fix --list-packets for undecryptable AEAD packets
* gpg: Verify backsigs for v5 keys correctly
* keyboxd: Fix checksum computation for no UBID entry on disk
* keyboxd: Fix "invalid object" error with cv448 keys
* dirmngr: New option --ignore-cert
* agent: Fix calibrate_get_time use of clock_gettime
* Support a gpgconf.ctl file under Unix and use this for the
regression tests
++++ pam:
- Corrected macro definition of %_pam_moduledir:
%_pam_moduledir %{_libdir}/security
[macros.pam]
++++ python-cryptography:
- Add disable-RustExtension.patch in order to avoid a build
requirement setuptools_rust
- Next version (35.0) needs a full Rust toolchain.
- Clean runtime, build and test requirements
- Disable python2 build: Not supported anymore
++++ virt-manager:
- bsc#1191358 - The Virtual Machine Manager shows disconnected
after rebooting virtual machine in Xen mode in SLES15 SP3.
virtman-init-viewer-on-reboot.patch
------------------------------------------------------------------
------------------ 2021-10-11 - Oct 11 2021 -------------------
------------------------------------------------------------------
++++ ansible:
- update to 2.9.27
++++ kernel-default:
- rtw89: add Realtek 802.11ax driver (bsc#1191321).
- commit 4c399ab
- Enable CONFIG_RTW88_DEBUG and CONFIG_RTW89_DEBUG on debug flavors (bsc#1191321)
- commit d98701e
- Update to 5.15-rc5
- update configs
- FIRMWARE_MEMMAP=y (ppc64, ppc64le, s390x)
- FW_CFG_SYSFS=m (ppc64)
- FB_SIMPLE=n (s390x)
- commit f616781
++++ openldap2:
- update to 2.5.8
OpenLDAP 2.5.8 Release (2021/10/11)
Fixed libldap ldap_int_tls_connect: isdigit() requires unsigned char (ITS#9668)
Fixed libldap memory leak in ldap_get_option LDAP_OPT_X_TLS_PEERCERT (ITS#9696)
Fixed slapd to allow normalized values for namingContexts in cn=monitor (ITS#8341)
Fixed slapd to normalize the suffix in rootDSE (ITS#9664)
Fixed slapd slapadd to avoid destroying configDB prematurely (ITS#9678)
Fixed slapd to not spam logs with lastbind information (ITS#9156)
Fixed slapd slaptest migration to correctly set olcTSLVerifyClient (ITS#9711)
Fixed slapd-mdb multival delete handling (ITS#9712)
Fixed slapd-sql ldap_entry_objectclass table for mariadb/mysql (ITS#9679)
Fixed slapd-wt multiple issues (ITS#9463)
Fixed slapd-wt to close cache db correctly (ITS#9631)
Fixed slapo-ppolicy to restore OpenLDAP 2.4 compatibilty (ITS#9671)
Fixed slapo-syncprov to free uuid list when finished replaying sessionlog (ITS#6467)
Build
Fixed libldap result.c compilation on musl systems (ITS#9648)
Fixed slapd duplicate definition of peerbv (ITS#9659)
Fixed test suite with memberof modular builds (ITS#9464)
Contrib
Added man page for ppm contrib module (ITS#9644)
Fix crash when pwdCheckModuleArg is not defined for ppm (ITS#9656)
Documentation
Fixed guide download link for heimdal (ITS#9669)
Fixed guide documentation for TLSECName (ITS#9687)
Fixed guide documentation missing tags (ITS#9693)
Fixed guide loadbalancer typo (ITS#9699)
Fixed guide synprov-nopresent redundant text (ITS#9689)
Fixed guide various typos and fix config alignment (ITS#9706)
Removed ppolicy.schema from servers/slapd/schema/README (ITS#9156)
Fixed slapd.conf(5)/slapd-config(5) to document default for database monitoring (ITS#9674)
Fixed slapd-meta(5)/slapd-asyncmeta(5) verbiage for try-propagate (ITS#9646)
Fixed slapo-syncprov(5) to note entryCSN indexing is highly recommended (ITS#9688)
++++ ncurses:
- Add ncurses patch 20211009
+ implement "+m" option in tabs program.
+ fill in some details for infoton -TD
+ fix spelling/consistency in several descriptions -TD
+ use vt420+lrmm in vt420 -TD
+ modify save_tty_settings() to avoid opening /dev/tty for cases other
than reset/init, e.g., for clear.
+ modify output of "toe -as" to show first description found rather
than the last.
+ improve tic checks for number of parameters of smglp, smgrp, smgtp,
and smgbp (cf: 20020525).
+ correct off-by-one comparison in last_char(), which did not allow
special case of ":" in a terminfo description field (cf: 20120407).
+ remove check in tic that assumes that none or both parameterized and
non-parameterized margin-setting capabilities are present
(cf: 20101002).
++++ pam-config:
- Update to Version 1.5
- Don't print an error message if one of the systemd PAM modules
does not exist if creating the *-pc files [bsc#1191528]
- Drop pam_systemd_home again [bsc#1191528]
------------------------------------------------------------------
------------------ 2021-10-10 - Oct 10 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Linux 5.14.11 (bsc#1012628).
- Revert "ARM: imx6q: drop of_platform_default_populate() from
init_machine" (bsc#1012628).
- Revert "brcmfmac: use ISO3166 country code and 0 rev as
fallback" (bsc#1012628).
- libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870
SSD (bsc#1012628).
- perf/x86: Reset destroy callback on event init failure
(bsc#1012628).
- KVM: x86: nSVM: restore int_vector in svm_clear_vintr
(bsc#1012628).
- kvm: x86: Add AMD PMU MSRs to msrs_to_save_all[] (bsc#1012628).
- KVM: x86: reset pdptrs_from_userspace when exiting smm
(bsc#1012628).
- KVM: do not shrink halt_poll_ns below grow_start (bsc#1012628).
- selftests: KVM: Align SMCCC call with the spec in steal_time
(bsc#1012628).
- kasan: always respect CONFIG_KASAN_STACK (bsc#1012628).
- tools/vm/page-types: remove dependency on opt_file for idle
page tracking (bsc#1012628).
- block: don't call rq_qos_ops->done_bio if the bio isn't tracked
(bsc#1012628).
- io_uring: allow conditional reschedule for intensive iterators
(bsc#1012628).
- x86/insn, tools/x86: Fix undefined behavior due to potential
unaligned accesses (bsc#1012628).
- smb3: correct smb3 ACL security descriptor (bsc#1012628).
- irqchip/gic: Work around broken Renesas integration
(bsc#1012628).
- scsi: ses: Retry failed Send/Receive Diagnostic commands
(bsc#1012628).
- thermal/drivers/tsens: Fix wrong check for tzd in irq handlers
(bsc#1012628).
- nvme-fc: avoid race between time out and tear down
(bsc#1012628).
- nvme-fc: update hardware queues before using them (bsc#1012628).
- swiotlb-xen: ensure to issue well-formed XENMEM_exchange
requests (bsc#1012628).
- Xen/gntdev: don't ignore kernel unmapping error (bsc#1012628).
- selftests: kvm: fix get_run_delay() ignoring fscanf() return
warn (bsc#1012628).
- selftests: kvm: move get_run_delay() into lib/test_util
(bsc#1012628).
- selftests:kvm: fix get_trans_hugepagesz() ignoring fscanf()
return warn (bsc#1012628).
- selftests:kvm: fix get_warnings_count() ignoring fscanf()
return warn (bsc#1012628).
- selftests: be sure to make khdr before other targets
(bsc#1012628).
- habanalabs/gaudi: fix LBW RR configuration (bsc#1012628).
- habanalabs: fail collective wait when not supported
(bsc#1012628).
- habanalabs/gaudi: use direct MSI in single mode (bsc#1012628).
- usb: dwc2: check return value after calling
platform_get_resource() (bsc#1012628).
- usb: testusb: Fix for showing the connection speed
(bsc#1012628).
- scsi: elx: efct: Do not hold lock while calling
fc_vport_terminate() (bsc#1012628).
- scsi: sd: Free scsi_disk device via put_device() (bsc#1012628).
- drm/amdkfd: fix svm_migrate_fini warning (bsc#1012628).
- drm/amdkfd: handle svm migrate init error (bsc#1012628).
- ext2: fix sleeping in atomic bugs on error (bsc#1012628).
- platform/x86: gigabyte-wmi: add support for B550I Aorus Pro AX
(bsc#1012628).
- sparc64: fix pci_iounmap() when CONFIG_PCI is not set
(bsc#1012628).
- xen-netback: correct success/error reporting for the
SKB-with-fraglist case (bsc#1012628).
- net: mdio: introduce a shutdown method to mdio device drivers
(bsc#1012628).
- btrfs: fix mount failure due to past and transient device
flush error (bsc#1012628).
- btrfs: replace BUG_ON() in btrfs_csum_one_bio() with proper
error handling (bsc#1012628).
- nfsd: back channel stuck in SEQ4_STATUS_CB_PATH_DOWN
(bsc#1012628).
- platform/x86: touchscreen_dmi: Update info for the Chuwi Hi10
Plus (CWI527) tablet (bsc#1012628).
- platform/x86: touchscreen_dmi: Add info for the Chuwi HiBook
(CWI514) tablet (bsc#1012628).
- afs: Add missing vnode validation checks (bsc#1012628).
- spi: rockchip: handle zero length transfers without timing out
(bsc#1012628).
- commit 834dddd
++++ python-Jinja2:
- dropped obsolete no-warnings-as-errors.patch
- update to 3.0.2
* Fix a loop scoping bug that caused assignments in nested loops to still
be referenced outside of it. #1427
* Make compile_templates deterministic for filter and import names. #1452, #1453
* Revert an unintended change that caused Undefined to act like
StrictUndefined for the in operator. #1448
* Imported macros have access to the current template globals in async
environments. #1494
* PackageLoader will not include a current directory (.) path segment.
This allows loading templates from the root of a zip import. #1467
------------------------------------------------------------------
------------------ 2021-10-8 - Oct 8 2021 -------------------
------------------------------------------------------------------
++++ chrony:
- boo#1190926: PrivateDevices is too strict, we might need to
access the rtc and ptp devices.
- Add back support to build chrony on SLE12.
- Drop dependency on asciidoctor. It is only needed for building
the HTML documentation which we don't package anyway.
++++ kernel-default:
- iwlwifi: Fix MODULE_FIRMWARE() for non-existing ucode version
(boo#1191417).
- commit b3fa747
++++ systemd:
- Overwriting rootprefix= is only required when split-usr is enabled
- Rename %usrmerged into %split_usr
++++ libvirt:
- lxc: controller: Fix container launch on cgroup v1
1b9ce05c-lxc-fix-cgroupV1.patch
boo#1183247
++++ salt:
- Fix issues with salt-ssh's extra-filerefs
- Added:
* fix-issues-with-salt-ssh-s-extra-filerefs.patch
- Fix crash when calling manage.not_alive runners
- Added:
* fix-crash-when-calling-manage.not_alive-runners.patch
++++ qemu:
- Stable fixes from upstream
* Patches added:
block-introduce-max_hw_iov-for-use-in-sc.patch
hmp-Unbreak-change-vnc.patch
qemu-nbd-Change-default-cache-mode-to-wr.patch
target-arm-Don-t-skip-M-profile-reset-en.patch
vhost-vsock-fix-migration-issue-when-seq.patch
virtio-mem-pci-Fix-memory-leak-when-crea.patch
virtio-net-fix-use-after-unmap-free-for-.patch
++++ tar:
- The following issues have already been fixed in this package but
weren't previously mentioned in the changes file:
* bsc#1181131, CVE-2021-20193
* bsc#1120610
------------------------------------------------------------------
------------------ 2021-10-7 - Oct 7 2021 -------------------
------------------------------------------------------------------
++++ compat-usrmerge:
- Fix logic for detecting conflicts with directories (boo#1191111)
++++ kernel-default:
- Linux 5.14.10 (bsc#1012628).
- media: hantro: Fix check for single irq (bsc#1012628).
- media: cedrus: Fix SUNXI tile size calculation (bsc#1012628).
- media: s5p-jpeg: rename JPEG marker constants to prevent build
warnings (bsc#1012628).
- ASoC: fsl_sai: register platform component before registering
cpu dai (bsc#1012628).
- ASoC: fsl_esai: register platform component before registering
cpu dai (bsc#1012628).
- ASoC: fsl_micfil: register platform component before registering
cpu dai (bsc#1012628).
- ASoC: fsl_spdif: register platform component before registering
cpu dai (bsc#1012628).
- ASoC: fsl_xcvr: register platform component before registering
cpu dai (bsc#1012628).
- ASoC: mediatek: common: handle NULL case in suspend/resume
function (bsc#1012628).
- scsi: elx: efct: Fix void-pointer-to-enum-cast warning for
efc_nport_topology (bsc#1012628).
- ASoC: SOF: Fix DSP oops stack dump output contents
(bsc#1012628).
- ASoC: SOF: imx: imx8: Bar index is only valid for IRAM and
SRAM types (bsc#1012628).
- ASoC: SOF: imx: imx8m: Bar index is only valid for IRAM and
SRAM types (bsc#1012628).
- pinctrl: qcom: spmi-gpio: correct parent irqspec translation
(bsc#1012628).
- net/mlx4_en: Resolve bad operstate value (bsc#1012628).
- s390/qeth: Fix deadlock in remove_discipline (bsc#1012628).
- s390/qeth: fix deadlock during failing recovery (bsc#1012628).
- m68k: Update ->thread.esp0 before calling syscall_trace()
in ret_from_signal (bsc#1012628).
- NIOS2: fix kconfig unmet dependency warning for
SERIAL_CORE_CONSOLE (bsc#1012628).
- kasan: fix Kconfig check of CC_HAS_WORKING_NOSANITIZE_ADDRESS
(bsc#1012628).
- HID: amd_sfh: Fix potential NULL pointer dereference
(bsc#1012628).
- perf test: Fix DWARF unwind for optimized builds (bsc#1012628).
- perf iostat: Use system-wide mode if the target cpu_list is
unspecified (bsc#1012628).
- perf iostat: Fix Segmentation fault from NULL 'struct
perf_counts_values *' (bsc#1012628).
- watchdog/sb_watchdog: fix compilation problem due to
COMPILE_TEST (bsc#1012628).
- tty: Fix out-of-bound vmalloc access in imageblit (bsc#1012628).
- cpufreq: schedutil: Use kobject release() method to free
sugov_tunables (bsc#1012628).
- scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS
(bsc#1012628).
- drm/amdgpu: adjust fence driver enable sequence (bsc#1012628).
- drm/amdgpu: avoid over-handle of fence driver fini in s3 test
(v2) (bsc#1012628).
- drm/amdgpu: stop scheduler when calling hw_fini (v2)
(bsc#1012628).
- cpufreq: schedutil: Destroy mutex before kobject_put() frees
the memory (bsc#1012628).
- scsi: ufs: ufs-pci: Fix Intel LKF link stability (bsc#1012628).
- ALSA: rawmidi: introduce SNDRV_RAWMIDI_IOCTL_USER_PVERSION
(bsc#1012628).
- ALSA: firewire-motu: fix truncated bytes in message tracepoints
(bsc#1012628).
- ALSA: hda/realtek: Quirks to enable speaker output for Lenovo
Legion 7i 15IMHG05, Yoga 7i 14ITL5/15ITL5, and 13s Gen2 laptops
(bsc#1012628).
- ACPI: NFIT: Use fallback node id when numa info in NFIT table
is incorrect (bsc#1012628).
- fs-verity: fix signed integer overflow with i_size near S64_MAX
(bsc#1012628).
- hwmon: (tmp421) handle I2C errors (bsc#1012628).
- hwmon: (w83793) Fix NULL pointer dereference by removing
unnecessary structure field (bsc#1012628).
- hwmon: (w83792d) Fix NULL pointer dereference by removing
unnecessary structure field (bsc#1012628).
- hwmon: (w83791d) Fix NULL pointer dereference by removing
unnecessary structure field (bsc#1012628).
- gpio: pca953x: do not ignore i2c errors (bsc#1012628).
- scsi: ufs: Fix illegal offset in UPIU event trace (bsc#1012628).
- mac80211: fix use-after-free in CCMP/GCMP RX (bsc#1012628).
- platform/x86/intel: hid: Add DMI switches allow list
(bsc#1012628).
- x86/kvmclock: Move this_cpu_pvti into kvmclock.h (bsc#1012628).
- ptp: Fix ptp_kvm_getcrosststamp issue for x86 ptp_kvm
(bsc#1012628).
- KVM: x86: Fix stack-out-of-bounds memory access from
ioapic_write_indirect() (bsc#1012628).
- KVM: x86: nSVM: don't copy virt_ext from vmcb12 (bsc#1012628).
- KVM: x86: Clear KVM's cached guest CR3 at RESET/INIT
(bsc#1012628).
- KVM: x86: Swap order of CPUID entry "index" vs. "significant
flag" checks (bsc#1012628).
- KVM: nVMX: Filter out all unsupported controls when eVMCS was
activated (bsc#1012628).
- KVM: SEV: Update svm_vm_copy_asid_from for SEV-ES (bsc#1012628).
- KVM: SEV: Pin guest memory for write for RECEIVE_UPDATE_DATA
(bsc#1012628).
- KVM: SEV: Acquire vcpu mutex when updating VMSA (bsc#1012628).
- KVM: SEV: Allow some commands for mirror VM (bsc#1012628).
- KVM: SVM: fix missing sev_decommission in sev_receive_start
(bsc#1012628).
- KVM: nVMX: Fix nested bus lock VM exit (bsc#1012628).
- KVM: VMX: Fix a TSX_CTRL_CPUID_CLEAR field mask issue
(bsc#1012628).
- mmc: renesas_sdhi: fix regression with hard reset on old SDHIs
(bsc#1012628).
- media: ir_toy: prevent device from hanging during transmit
(bsc#1012628).
- RDMA/cma: Do not change route.addr.src_addr.ss_family
(bsc#1012628).
- RDMA/cma: Ensure rdma_addr_cancel() happens before issuing
more requests (bsc#1012628).
- nbd: use shifts rather than multiplies (bsc#1012628).
- drm/amd/display: initialize backlight_ramping_override to false
(bsc#1012628).
- drm/amd/display: Pass PCI deviceid into DC (bsc#1012628).
- drm/amd/display: Fix Display Flicker on embedded panels
(bsc#1012628).
- drm/amdgpu: force exit gfxoff on sdma resume for rmb s0ix
(bsc#1012628).
- drm/amdgpu: check tiling flags when creating FB on GFX8-
(bsc#1012628).
- drm/amdgpu: correct initial cp_hqd_quantum for gfx9
(bsc#1012628).
- interconnect: qcom: sdm660: Fix id of slv_cnoc_mnoc_cfg
(bsc#1012628).
- interconnect: qcom: sdm660: Correct NOC_QOS_PRIORITY shift
and mask (bsc#1012628).
- drm/i915/gvt: fix the usage of ww lock in gvt scheduler
(bsc#1012628).
- ipvs: check that ip_vs_conn_tab_bits is between 8 and 20
(bsc#1012628).
- bpf: Handle return value of BPF_PROG_TYPE_STRUCT_OPS prog
(bsc#1012628).
- IB/cma: Do not send IGMP leaves for sendonly Multicast groups
(bsc#1012628).
- RDMA/cma: Fix listener leak in rdma_cma_listen_on_all() failure
(bsc#1012628).
- bpf, mips: Validate conditional branch offsets (bsc#1012628).
- hwmon: (mlxreg-fan) Return non-zero value when fan current
state is enforced from sysfs (bsc#1012628).
- RDMA/irdma: Skip CQP ring during a reset (bsc#1012628).
- RDMA/irdma: Validate number of CQ entries on create CQ
(bsc#1012628).
- RDMA/irdma: Report correct WC error when transport retry
counter is exceeded (bsc#1012628).
- RDMA/irdma: Report correct WC error when there are MW bind
errors (bsc#1012628).
- netfilter: nf_tables: unlink table before deleting it
(bsc#1012628).
- netfilter: log: work around missing softdep backend module
(bsc#1012628).
- Revert "mac80211: do not use low data rates for data frames
with no ack flag" (bsc#1012628).
- mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug
(bsc#1012628).
- mac80211: limit injected vht mcs/nss in
ieee80211_parse_tx_radiotap (bsc#1012628).
- mac80211: mesh: fix potentially unaligned access (bsc#1012628).
- mac80211-hwsim: fix late beacon hrtimer handling (bsc#1012628).
- driver core: fw_devlink: Add support for
FWNODE_FLAG_NEEDS_CHILD_BOUND_ON_ADD (bsc#1012628).
- net: mdiobus: Set FWNODE_FLAG_NEEDS_CHILD_BOUND_ON_ADD for
mdiobus parents (bsc#1012628).
- sctp: break out if skb_header_pointer returns NULL in
sctp_rcv_ootb (bsc#1012628).
- mptcp: don't return sockets in foreign netns (bsc#1012628).
- mptcp: allow changing the 'backup' bit when no sockets are open
(bsc#1012628).
- RDMA/hns: Work around broken constant propagation in gcc 8
(bsc#1012628).
- hwmon: (tmp421) report /PVLD condition as fault (bsc#1012628).
- hwmon: (tmp421) fix rounding for negative values (bsc#1012628).
- net: enetc: fix the incorrect clearing of IF_MODE bits
(bsc#1012628).
- net: ipv4: Fix rtnexthop len when RTA_FLOW is present
(bsc#1012628).
- smsc95xx: fix stalled rx after link change (bsc#1012628).
- drm/i915/request: fix early tracepoints (bsc#1012628).
- drm/i915: Remove warning from the rps worker (bsc#1012628).
- dsa: mv88e6xxx: 6161: Use chip wide MAX MTU (bsc#1012628).
- dsa: mv88e6xxx: Fix MTU definition (bsc#1012628).
- dsa: mv88e6xxx: Include tagger overhead when setting MTU for
DSA and CPU ports (bsc#1012628).
- e100: fix length calculation in e100_get_regs_len (bsc#1012628).
- e100: fix buffer overrun in e100_get_regs (bsc#1012628).
- RDMA/hfi1: Fix kernel pointer leak (bsc#1012628).
- RDMA/hns: Fix the size setting error when copying CQE in
clean_cq() (bsc#1012628).
- RDMA/hns: Add the check of the CQE size of the user space
(bsc#1012628).
- bpf: Exempt CAP_BPF from checks against bpf_jit_limit
(bsc#1012628).
- libbpf: Fix segfault in static linker for objects without BTF
(bsc#1012628).
- selftests, bpf: Fix makefile dependencies on libbpf
(bsc#1012628).
- selftests, bpf: test_lwt_ip_encap: Really disable rp_filter
(bsc#1012628).
- bpf, x86: Fix bpf mapping of atomic fetch implementation
(bsc#1012628).
- net: ks8851: fix link error (bsc#1012628).
- ionic: fix gathering of debug stats (bsc#1012628).
- Revert "block, bfq: honor already-setup queue merges"
(bsc#1012628).
- scsi: csiostor: Add module softdep on cxgb4 (bsc#1012628).
- ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup
(bsc#1012628).
- net: hns3: do not allow call hns3_nic_net_open repeatedly
(bsc#1012628).
- net: hns3: remove tc enable checking (bsc#1012628).
- net: hns3: don't rollback when destroy mqprio fail
(bsc#1012628).
- net: hns3: fix mixed flag HCLGE_FLAG_MQPRIO_ENABLE and
HCLGE_FLAG_DCB_ENABLE (bsc#1012628).
- net: hns3: fix show wrong state when add existing uc mac address
(bsc#1012628).
- net: hns3: reconstruct function hns3_self_test (bsc#1012628).
- net: hns3: fix always enable rx vlan filter problem after
selftest (bsc#1012628).
- net: hns3: disable firmware compatible features when uninstall
PF (bsc#1012628).
- net: phy: bcm7xxx: Fixed indirect MMD operations (bsc#1012628).
- net: sched: flower: protect fl_walk() with rcu (bsc#1012628).
- net: stmmac: fix EEE init issue when paired with EEE capable
PHYs (bsc#1012628).
- af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
(bsc#1012628).
- objtool: Teach get_alt_entry() about more relocation types
(bsc#1012628).
- perf/x86/intel: Update event constraints for ICX (bsc#1012628).
- sched/fair: Add ancestors of unthrottled undecayed cfs_rq
(bsc#1012628).
- sched/fair: Null terminate buffer when updating tunable_scaling
(bsc#1012628).
- hwmon: (occ) Fix P10 VRM temp sensors (bsc#1012628).
- hwmon: (pmbus/mp2975) Add missed POUT attribute for page 1
mp2975 controller (bsc#1012628).
- kvm: fix objtool relocation warning (bsc#1012628).
- nvme: add command id quirk for apple controllers (bsc#1012628).
- elf: don't use MAP_FIXED_NOREPLACE for elf interpreter mappings
(bsc#1012628).
- driver core: fw_devlink: Improve handling of cyclic dependencies
(bsc#1012628).
- debugfs: debugfs_create_file_size(): use IS_ERR to check for
error (bsc#1012628).
- ipack: ipoctal: fix stack information leak (bsc#1012628).
- ipack: ipoctal: fix tty registration race (bsc#1012628).
- ipack: ipoctal: fix tty-registration error handling
(bsc#1012628).
- ipack: ipoctal: fix missing allocation-failure check
(bsc#1012628).
- ipack: ipoctal: fix module reference leak (bsc#1012628).
- ext4: fix loff_t overflow in ext4_max_bitmap_size()
(bsc#1012628).
- ext4: limit the number of blocks in one ADD_RANGE TLV
(bsc#1012628).
- ext4: fix reserved space counter leakage (bsc#1012628).
- ext4: add error checking to ext4_ext_replay_set_iblocks()
(bsc#1012628).
- ext4: fix potential infinite loop in ext4_dx_readdir()
(bsc#1012628).
- ext4: flush s_error_work before journal destroy in
ext4_fill_super (bsc#1012628).
- HID: u2fzero: ignore incomplete packets without data
(bsc#1012628).
- net: udp: annotate data race around udp_sk(sk)->corkflag
(bsc#1012628).
- NIOS2: setup.c: drop unused variable 'dram_start' (bsc#1012628).
- usb: hso: remove the bailout parameter (bsc#1012628).
- HID: betop: fix slab-out-of-bounds Write in betop_probe
(bsc#1012628).
- netfilter: ipset: Fix oversized kvmalloc() calls (bsc#1012628).
- mm: don't allow oversized kvmalloc() calls (bsc#1012628).
- HID: usbhid: free raw_report buffers in usbhid_stop
(bsc#1012628).
- crypto: aesni - xts_crypt() return if walk.nbytes is 0
(bsc#1012628).
- KVM: x86: Handle SRCU initialization failure during page track
init (bsc#1012628).
- netfilter: conntrack: serialize hash resizes and cleanups
(bsc#1012628).
- netfilter: nf_tables: Fix oversized kvmalloc() calls
(bsc#1012628).
- drivers: net: mhi: fix error path in mhi_net_newlink
(bsc#1012628).
- objtool: print out the symbol type when complaining about it
(bsc#1012628).
- HID: amd_sfh: Fix potential NULL pointer dereference - take 2
(bsc#1012628).
- commit 7c980ba
- ALSA: hda: intel: Allow repeatedly probing on codec
configuration errors (bsc#1190801).
- commit 924f4be
++++ util-linux:
- Add bc to BuildRequires to run more complete testsuite
(bsc#1178236#c19).
++++ libvirt:
- tools: Fix virt-host-validate SEV detection
3f9c1a4b-fix-host-validate-sev.patch
boo#1188715
++++ systemd-presets-common-SUSE:
- Haveged as a daemon is no longer required since kernel 5.6
do not enable by default.
++++ util-linux-systemd:
- Add bc to BuildRequires to run more complete testsuite
(bsc#1178236#c19).
++++ virt-manager:
- bsc#1191356 - virt-manager should not depend on gtk4
Modified files:
virt-manager.spec
virtman-dont-specify-gtksource-version.patch
virtman-dont-specify-vte-version.patch
------------------------------------------------------------------
------------------ 2021-10-6 - Oct 6 2021 -------------------
------------------------------------------------------------------
++++ containerd:
- Update to containerd v1.4.11, to fix CVE-2021-41103. bsc#1191355
- Switch to Go 1.16.x compiler, in line with upstream.
- Update to containerd v1.4.11, to fix CVE-2021-41103 bsc#1191121. bsc#1191355
- Switch to Go 1.16.x compiler, in line with upstream.
++++ docker:
- Update to Docker 20.10.9-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/#20109>. bsc#1191355
CVE-2021-41089 bsc#1191015 CVE-2021-41091 bsc#1191434
CVE-2021-41092 bsc#1191334 CVE-2021-41103 bsc#1191121
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
* 0006-bsc1190670-seccomp-add-support-for-clone3-syscall-in.patch
- Switch to Go 1.16.x compiler, in line with upstream.
++++ dracut:
- Update to version 055+suse.129.g7d8c3ce3:
* fix(kernel-modules): add blk_mq_alloc_disk and blk_cleanup_disk to blockfuncs (bsc#1190326)
* docs: update SUSE maintainers doc
* fix(suse): add 60-io-scheduler.rules (bsc#1188713)
* revert: remove /sbin/installkernel script from dracut package
* spec: modernize specfile constructs
++++ librsvg:
- Update to version 2.52.1:
+ Fix ordering of tspan inside text elements for right-to-left
languages.
+ Fix text-anchor positioning for right-to-left languages.
+ Fix regression in computing sizes when an SVG has only one of
width/height and a viewBox.
+ Spec compliance - the writing-mode property applies only to
text elements, no to individual tspan elements.
+ Fix build on big-endian platforms.
+ Clarify documentation for the rsvg_handle_write() /
rsvg_handle_close() deprecated APIs.
++++ hwdata:
- Update to version 0.352 (bsc#1191375):
+ Updated pci, usb and vendor ids.
++++ systemd:
- Suppress PAM warning when the credentials for user@.service service
are established (bsc#1190515)
systemd-user PAM service needs to define a default implementation of
pam_setcred() otherwise the fallback (defined by /etc/pam.d/other)
is used, which consists of pam_warn.so + pam_deny.so, and will throw
a warning each time a user logs in.
++++ pam:
- Prepend a slash to the expansion of %{_lib} in macros.pam as
this are defined without a leading slash!
++++ salt:
- Do not consider skipped targets as failed for ansible.playbooks state (bsc#1190446)
- Added:
* 3003.3-do-not-consider-skipped-targets-as-failed-for.patch
------------------------------------------------------------------
------------------ 2021-10-5 - Oct 5 2021 -------------------
------------------------------------------------------------------
++++ elfutils:
- Enhance license fields: all the libraries actually have a different
license to the tools. While the tools are GPL-3.0-or-later, the
libraries are (LGPL-3.0-or-later OR GPL-2.0-or-later)
SLE bug (for tracking the above) bsc#1191310
++++ glibc:
- ld-show-auxv-colon.patch: elf: Fix missing colon in LD_SHOW_AUXV output
(BZ #282539
- x86-string-control-test.patch: x86-64: Use testl to check
__x86_string_control
- pthread-kill-fail-after-exit.patch: nptl: pthread_kill, pthread_cancel
should not fail after exit (BZ #19193)
- pthread-kill-race-thread-exit.patch: nptl: Fix race between pthread_kill
and thread exit (BZ #12889)
- getcwd-attribute-access.patch: posix: Fix attribute access mode on
getcwd (BZ #27476)
- pthread-kill-return-esrch.patch: nptl: pthread_kill needs to return
ESRCH for old programs (BZ #19193)
- pthread-mutexattr-getrobust-np-type.patch: nptl: Fix type of
pthread_mutexattr_getrobust_np, pthread_mutexattr_setrobust_np (BZ
[#28036])
- setxid-deadlock-blocked-signals.patch: nptl: Avoid setxid deadlock with
blocked signals in thread exit (BZ #28361)
- pthread-kill-send-specific-thread.patch: nptl: pthread_kill must send
signals to a specific thread (BZ #28407)
- sysconf-nprocessors-affinity.patch: linux: Revert the use of
sched_getaffinity on get_nproc (BZ #28310)
- iconv-charmap-close-output.patch: renamed from
icon-charmap-close-output.patch
++++ kernel-default:
- rpm: use _rpmmacrodir (boo#1191384)
- commit e350c14
++++ open-iscsi:
- Fix possible systemd cycle by adding an "obsoletes" for
the old libopeniscsiusr for older versions.
++++ python310-core:
- Final release of 3.10.0:
Complete list on https://www.python.org/downloads/release/python-3100/,
but highlights are:
- PEP 623 – Deprecate and prepare for the removal of the wstr
member in PyUnicodeObject.
- PEP 604 – Allow writing union types as X | Y
- PEP 612 – Parameter Specification Variables
- PEP 626 – Precise line numbers for debugging and other
tools.
- PEP 618 – Add Optional Length-Checking To zip.
- PEP 632 – Deprecate distutils module.
- PEP 613 – Explicit Type Aliases
- PEP 634 – Structural Pattern Matching: Specification
- PEP 635 – Structural Pattern Matching: Motivation and
Rationale
- PEP 636 – Structural Pattern Matching: Tutorial
- PEP 644 – Require OpenSSL 1.1.1 or newer
- PEP 624 – Remove Py_UNICODE encoder APIs
- PEP 597 – Add optional EncodingWarning
- bpo-12782: Parenthesized context managers are now officially
allowed.
++++ python310:
- Final release of 3.10.0:
Complete list on https://www.python.org/downloads/release/python-3100/,
but highlights are:
- PEP 623 – Deprecate and prepare for the removal of the wstr
member in PyUnicodeObject.
- PEP 604 – Allow writing union types as X | Y
- PEP 612 – Parameter Specification Variables
- PEP 626 – Precise line numbers for debugging and other
tools.
- PEP 618 – Add Optional Length-Checking To zip.
- PEP 632 – Deprecate distutils module.
- PEP 613 – Explicit Type Aliases
- PEP 634 – Structural Pattern Matching: Specification
- PEP 635 – Structural Pattern Matching: Motivation and
Rationale
- PEP 636 – Structural Pattern Matching: Tutorial
- PEP 644 – Require OpenSSL 1.1.1 or newer
- PEP 624 – Remove Py_UNICODE encoder APIs
- PEP 597 – Add optional EncodingWarning
- bpo-12782: Parenthesized context managers are now officially
allowed.
++++ raspberrypi-firmware:
- Update to b5257da58c (2021-09-30):
* firmware: arm_loader: Allow non-optional reads of current clock
See: #1619
* firmware: dispmanx: Demote null eptr from vcos_verify to no warning
See: raspberrypi/linux#4592
* firmware: filesystem: sdcard: Probe FAT type in GPT ESD partitions
* firmware: tvservice: Add check to warn when running with kms
* firmware: filesystem: sdcard: Fix Hybrid GPT partitions
See: #1465
* firmware: video_decode: Ensure all buffers are flushed before
port disable completes
* firmware: arm_loader: Allow hvs interrupt during SET_NOTIFY_DISPLAY_DONE
* firmware: arm_display: Allow null buffer in successful call
See: raspberrypi/linux#4540
++++ raspberrypi-firmware-config:
- Update to b5257da58c (2021-09-30):
* firmware: arm_loader: Allow non-optional reads of current clock
See: #1619
* firmware: dispmanx: Demote null eptr from vcos_verify to no warning
See: raspberrypi/linux#4592
* firmware: filesystem: sdcard: Probe FAT type in GPT ESD partitions
* firmware: tvservice: Add check to warn when running with kms
* firmware: filesystem: sdcard: Fix Hybrid GPT partitions
See: #1465
* firmware: video_decode: Ensure all buffers are flushed before
port disable completes
* firmware: arm_loader: Allow hvs interrupt during SET_NOTIFY_DISPLAY_DONE
* firmware: arm_display: Allow null buffer in successful call
See: raspberrypi/linux#4540
++++ raspberrypi-firmware-config-camera:
- Update to b5257da58c (2021-09-30):
* firmware: arm_loader: Allow non-optional reads of current clock
See: #1619
* firmware: dispmanx: Demote null eptr from vcos_verify to no warning
See: raspberrypi/linux#4592
* firmware: filesystem: sdcard: Probe FAT type in GPT ESD partitions
* firmware: tvservice: Add check to warn when running with kms
* firmware: filesystem: sdcard: Fix Hybrid GPT partitions
See: #1465
* firmware: video_decode: Ensure all buffers are flushed before
port disable completes
* firmware: arm_loader: Allow hvs interrupt during SET_NOTIFY_DISPLAY_DONE
* firmware: arm_display: Allow null buffer in successful call
See: raspberrypi/linux#4540
++++ trousers:
- move libraries to /usr/lib (bsc#1191102)
++++ u-boot-rpiarm64:
- Update to 2021.10
------------------------------------------------------------------
------------------ 2021-10-4 - Oct 4 2021 -------------------
------------------------------------------------------------------
++++ Mesa:
- Fix build with LLVM 13:
* U_gallivm-add-new-wrapper-around-Module.patch
* U_gallivm-fix-FTBFS-on-i386-with-LLVM-13.patch
++++ Mesa-drivers:
- Fix build with LLVM 13:
* U_gallivm-add-new-wrapper-around-Module.patch
* U_gallivm-fix-FTBFS-on-i386-with-LLVM-13.patch
++++ bash-completion:
- Add patch boo1190929-9af4afd0.patch for boo#1190929
add support for compeletion modinfo completion recognize .ko.zst
as well as .ko.bz2
++++ ca-certificates:
- Update to version 2+git20211004.3efbea9:
* Ensure --root option propagates prefix properly to other scripts
++++ coreutils:
- coreutils-i18n.patch: Re-sync the patch with Fedora.
Refresh the patch, adding a hunk to link the expand+unexpand tools
against lib/mbfile.c, thus fixing build problems with clang
(see https://src.fedoraproject.org/rpms/coreutils/c/f4a53e34).
++++ findutils:
- gnulib-port-year2038-to-glibc-2.34.patch: Add patch to avoid
build failure regarding 64-bit time_t on i586 with glibc-2.34.
- findutils.spec: Reference it, and add BR:automake and run 'autoreconf'.
While at it, remove obsolete condition for suse_version 1100.
- findutils-xautofs.patch: Refresh.
++++ kbd:
- regenerated cz-map.patch needed for xkeyboard-config 2.34 update
++++ lz4:
- version 1.9.3 fixes also CVE-2021-3520 [bsc#1185438]
++++ ncurses:
- Add ncurses patch 20211002
+ use return-value from vsnprintf to reallocate as needed to allow for
buffers larger than the screen size (report by "_RuRo_").
+ modify tset "-q" option to refrain from modifying terminal modes, to
match the documentation.
+ add section on margins to terminfo.5, adapted from X/Open Curses.
+ make tput/tset warning messages consistently using alias names when
those are used, rather than the underlying program's name.
+ improve tput usage message for aliases such as clear, by eliminating
tput-specific portions.
+ add a check in toe to ensure that a "termcap file" is text rather
than binary.
+ further build-fixes for OpenBSD 6.9, whose header files differ from
++++ systemd:
- No need to install upstream pam configuration file "systemd-user"
It's overwritten by the SUSE version anyway.
++++ libzypp:
- Downloader does not respect checkExistsOnly flag (bsc#1190712)
A missing check causes zyppng::Downloader to always download full
files even if the checkExistsOnly flag is set. This patch adds
the missing logic.
- Fix kernel-*-livepatch removal in purge-kernels (bsc#1190815)
The kernel-*-livepatch packages are supposed to serve as a stable
handle for the ephemeral kernel livepatch packages. See
FATE#320268 for details. As part of the kernel live patching
ecosystem, kernel-*-livepatch packages should not block the
purge-kernels step.
- version 17.28.5 (22)
++++ perl:
- Add multibuild flavor to split the testsuite out of the main package
build time. The testsuite dominates the build time and having perl
in the bootstrap cycle, we better seperate it. The testsuite flavor
rebuilds the same package the same way, but runs the check section
++++ python-cryptography:
- update to 3.4.8
- keep new rust support disabled for now to avoid new dependencies
++++ suse-module-tools:
- Update to version 16.0.11:
* inkmp-script(postun): don't pass existing files to weak-modules2
(boo#1191200)
* kernel-scriptlets: skip cert scriptlet on non-UEFI systems
(boo#1191260)
++++ virt-manager:
- jsc#SLE-20856 Dev: KVM: Enable vfio-ccw and vfio-ap in virt-* tools
965480e8-virt-install-add-mediated-device.patch
++++ xkeyboard-config:
- update to version 2.34
* xml2lst: use dynamic Perl path
* Resolved 101key Old Hungarian II
* Old turkish f layout (with pc104 support) added.
* Fix wrong key symbol name
* Added International Phonetic Alphabet (QWERTY)
* gitlab CI: update to latest ci-templates
* Hellenic keyboard perfected.
* lt: Place sterling symbol on AD03, layer 4 (with E and euro)
* Use single guillemots on L4 (not less/greater) where L3 has guillemots
* Added English (Dvorak, Macintosh) based on the MacOS dvorak layout
* Accommodate uppercase/lowercase ß, long s, §; deduplicate Å
* Move left/right quotes one key to the right, place lower quotes on AB04
* Update symbols/it adding credits and reference for fur lang
* lt/us: Inherit AE09/AE10 from latin
* Add Russian GOST layouts
* Add Polish(lefty) layout
* Add Arabic(Ergoarabic) keyboard layout
* translation sync
* Hebrew translation added
------------------------------------------------------------------
------------------ 2021-10-3 - Oct 3 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Update to 5.15-rc4
- commit 01d91cd
------------------------------------------------------------------
------------------ 2021-10-2 - Oct 2 2021 -------------------
------------------------------------------------------------------
++++ ca-certificates-mozilla:
- updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006)
- Added CAs:
+ HARICA Client ECC Root CA 2021
+ HARICA Client RSA Root CA 2021
+ HARICA TLS ECC Root CA 2021
+ HARICA TLS RSA Root CA 2021
+ TunTrust Root CA
++++ llvm15:
- Update to version 13.0.0.
* For details, see the release notes:
- https://releases.llvm.org/13.0.0/docs/ReleaseNotes.html
- https://releases.llvm.org/13.0.0/tools/clang/docs/ReleaseNotes.html
- https://releases.llvm.org/13.0.0/tools/clang/tools/extra/docs/ReleaseNotes.html
- https://releases.llvm.org/13.0.0/projects/libcxx/docs/ReleaseNotes.html
- https://releases.llvm.org/13.0.0/tools/lld/docs/ReleaseNotes.html
* New LLVM tools:
- llvm-otool: Mach-O object file displaying tool.
- llvm-sim: LLVM IR Similarity Visualizer.
- llvm-tapi-diff: Diff tool for tbd files.
- llvm-windres: Tool to manipulate Windows resources.
* llvm-elfabi was removed.
* New Clang tools:
- clang-repl, an interactive interpreter for C/C++.
- intercept-build, analyze-build: the former intercepts build
commands to build a compilation database, the latter runs
the static analyzer over all translation units.
- scan-build-py: Python reimplementation of scan-build.
- Rebase patches:
* link-clang-shared.patch
* llvm-do-not-install-static-libraries.patch
* llvm-exegesis-link-dylib.patch
- Drop patches that have landed upstream:
* tablegen-test-link-static.patch
- Run tests on more architectures, disable those that seem to hang.
Don't run libcxx tests at all anymore because they take so long.
- Relax constraints so that we can build on more machines.
++++ timezone:
- timezone update 2021c:
* Revert almost all of 2021b's changes to the 'backward' file
* Fix a bug in 'zic -b fat' that caused old timestamps to be
mishandled in 32-bit-only readers
------------------------------------------------------------------
------------------ 2021-10-1 - Oct 1 2021 -------------------
------------------------------------------------------------------
++++ containerd:
- Install systemd service file as well (fixes bsc#1190826)
++++ coreutils:
- spec file cleanups (spec-cleaner run)
++++ kernel-default:
- ALSA: usb-audio: Restrict rates for the shared clocks
(bsc#1190418).
- commit ffe0c6a
- Update
patches.kernel.org/5.14.9-147-Revert-drm-vc4-hdmi-runtime-PM-changes.patch
(bsc#1012628 bsc#1190469).
- Delete patches.suse/drm-vc4-hdmi-Fix-HPD-GPIO-detection.patch.
The former superseded the latter.
- commit 2bc4ba2
++++ kernel-default-base:
- Add nls_utf8 module (boo#1190797)
++++ mozilla-nss:
- update to NSS 3.70
* bmo#1726022 - Update test case to verify fix.
* bmo#1714579 - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max
* bmo#1714579 - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback
* bmo#1681975 - Avoid using a lookup table in nssb64d.
* bmo#1724629 - Use HW accelerated SHA2 on AArch64 Big Endian.
* bmo#1714579 - Change default value of enableHelloDowngradeCheck to true.
* bmo#1726022 - Cache additional PBE entries.
* bmo#1709750 - Read HPKE vectors from official JSON.
- required for Firefox 93
++++ libvirt:
- Update to libvirt 7.8.0
- jsc#SLE-18260
- Many incremental improvements and bug fixes, see
https://libvirt.org/news.html
- Dropped patches:
b75a16ae-libxl-improve-die-id.patch,
65fab900-libxl-fix-driver-reload.patch,
51eb680b-libxl-dont-autostart-on-reload.patch
++++ podman:
- Update to version 3.4.0:
* Features
- Pods now support init containers! Init containers are containers which run before the rest of the pod starts. There are two types of init containers: "always", which always run before the pod is started, and "once", which only run the first time the pod starts and are subsequently removed. They can be added using the podman create command's --init-ctr option.
- Support for init containers has also been added to podman play kube and podman generate kube - init containers contained in Kubernetes YAML will be created as Podman init containers, and YAML generated by Podman will include any init containers created.
- The podman play kube command now supports building images. If the --build option is given and a directory with the name of the specified image exists in the current working directory and contains a valid Containerfile or Dockerfile, the image will be built and used for the container.
- The podman play kube command now supports a new option, --teardown, which removes any pods and containers created by the given Kubernetes YAML.
- The podman generate kube command now generates annotations for SELinux mount options on volume (:z and :Z) that are respected by the podman play kube command.
- A new command has been added, podman pod logs, to return logs for all containers in a pod at the same time.
- Two new commands have been added, podman volume export (to export a volume to a tar file) and podman volume import) (to populate a volume from a given tar file).
- The podman auto-update command now supports simple rollbacks. If a container fails to start after an automatic update, it will be rolled back to the previous image and restarted again.
- Pods now share their user namespace by default, and the podman pod create command now supports the --userns option. This allows rootless pods to be created with the --userns=keep-id option.
- The podman pod ps command now supports a new filter with its --filter option, until, which returns pods created before a given timestamp.
- The podman image scp command has been added. This command allows images to be transferred between different hosts.
- The podman stats command supports a new option, --interval, to specify the amount of time before the information is refreshed.
- The podman inspect command now includes ports exposed (but not published) by containers (e.g. ports from --expose when --publish-all is not specified).
- The podman inspect command now has a new boolean value, Checkpointed, which indicates that a container was stopped as a result of a podman container checkpoint operation.
- Volumes created by podman volume create now support setting quotas when run atop XFS. The size and inode options allow the maximum size and maximum number of inodes consumed by a volume to be limited.
- The podman info command now outputs information on what log drivers, network drivers, and volume plugins are available for use (#11265).
- The podman info command now outputs the current log driver in use, and the variant and codename of the distribution in use.
- The parameters of the VM created by podman machine init (amount of disk space, memory, CPUs) can now be set in containers.conf.
- The podman machine ls command now shows additional information (CPUs, memory, disk size) about VMs managed by podman machine.
- The podman ps command now includes healthcheck status in container state for containers that have healthchecks (#11527).
* Changes
- The podman build command has a new alias, podman buildx, to improve compatibility with Docker. We have already added support for many docker buildx flags to podman build and aim to continue to do so.
- Cases where Podman is run without a user session or a writable temporary files directory will now produce better error messages.
- The default log driver has been changed from file to journald. The file driver did not properly support log rotation, so this should lead to a better experience. If journald is not available on the system, Podman will automatically revert to the file.
- Podman no longer depends on ip for removing networks (#11403).
- The deprecated --macvlan flag to podman network create now warns when it is used. It will be removed entirely in the Podman 4.0 release.
- The podman machine start command now prints a message when the VM is successfully started.
- The podman stats command can now be used on containers that are paused.
- The podman unshare command will now return the exit code of the command that was run in the user namespace (assuming the command was successfully run).
- Successful healthchecks will no longer add a healthy line to the system log to reduce log spam.
- As a temporary workaround for a lack of shortname prompts in the Podman remote client, VMs created by podman machine now default to only using the docker.io registry.
* Bugfixes
- Fixed a bug where whitespace in the definition of sysctls (particularly default sysctls specified in containers.conf) would cause them to be parsed incorrectly.
- Fixed a bug where the Windows remote client improperly validated volume paths (#10900).
- Fixed a bug where the first line of logs from a container run with the journald log driver could be skipped.
- Fixed a bug where images created by podman commit did not include ports exposed by the container.
- Fixed a bug where the podman auto-update command would ignore the io.containers.autoupdate.authfile label when pulling images (#11171).
- Fixed a bug where the --workdir option to podman create and podman run could not be set to a directory where a volume was mounted (#11352).
- Fixed a bug where systemd socket-activation did not properly work with systemd-managed Podman containers (#10443).
- Fixed a bug where environment variable secrets added to a container were not available to exec sessions launched in the container.
- Fixed a bug where rootless containers could fail to start the rootlessport port-forwarding service when XDG_RUNTIME_DIR was set to a long path.
- Fixed a bug where arguments to the --systemd option to podman create and podman run were case-sensitive (#11387).
- Fixed a bug where the podman manifest rm command would also remove images referenced by the manifest, not just the manifest itself (#11344).
- Fixed a bug where the Podman remote client on OS X would not function properly if the TMPDIR environment variable was not set (#11418).
- Fixed a bug where the /etc/hosts file was not guaranteed to contain an entry for localhost (this is still not guaranteed if --net=host is used; such containers will exactly match the host's /etc/hosts) (#11411).
- Fixed a bug where the podman machine start command could print warnings about unsupported CPU features (#11421).
- Fixed a bug where the podman info command could segfault when accessing cgroup information.
- Fixed a bug where the podman logs -f command could hang when a container exited (#11461).
- Fixed a bug where the podman generate systemd command could not be used on containers that specified a restart policy (#11438).
- Fixed a bug where the remote Podman client's podman build command would fail to build containers if the UID and GID on the client were higher than 65536 (#11474).
- Fixed a bug where the remote Podman client's podman build command would fail to build containers if the context directory was a symlink (#11732).
- Fixed a bug where the --network flag to podman play kube was not properly parsed when a non-bridge network configuration was specified.
- Fixed a bug where the podman inspect command could error when the container being inspected was removed as it was being inspected (#11392).
- Fixed a bug where the podman play kube command ignored the default pod infra image specified in containers.conf.
- Fixed a bug where the --format option to podman inspect was nonfunctional under some circumstances (#8785).
- Fixed a bug where the remote Podman client's podman run and podman exec commands could skip a byte of output every 8192 bytes (#11496).
- Fixed a bug where the podman stats command would print nonsensical results if the container restarted while it was running (#11469).
- Fixed a bug where the remote Podman client would error when STDOUT was redirected on a Windows client (#11444).
- Fixed a bug where the podman run command could return 0 when the application in the container exited with 125 (#11540).
- Fixed a bug where containers with --restart=always set using the rootlessport port-forwarding service could not be restarted automatically.
- Fixed a bug where the --cgroups=split option to podman create and podman run was silently discarded if the container was part of a pod.
- Fixed a bug where the podman container runlabel command could fail if the image name given included a tag.
- Fixed a bug where Podman could add an extra 127.0.0.1 entry to /etc/hosts under some circumstances (#11596).
- Fixed a bug where the remote Podman client's podman untag command did not properly handle tags including a digest (#11557).
- Fixed a bug where the --format option to podman ps did not properly support the table argument for tabular output.
- Fixed a bug where the --filter option to podman ps did not properly handle filtering by healthcheck status (#11687).
- Fixed a bug where the podman run and podman start --attach commands could race when retrieving the exit code of a container that had already been removed resulting in an error (e.g. by an external podman rm -f) (#11633).
- Fixed a bug where the podman generate kube command would add default environment variables to generated YAML.
- Fixed a bug where the podman generate kube command would add the default CMD from the image to generated YAML (#11672).
- Fixed a bug where the podman rm --storage command could fail to remove containers under some circumstances (#11207).
- Fixed a bug where the podman machine ssh command could fail when run on Linux (#11731).
- Fixed a bug where the podman stop command would error when used on a container that was already stopped (#11740).
- Fixed a bug where renaming a container in a pod using the podman rename command, then removing the pod using podman pod rm, could cause Podman to believe the new name of the container was permanently in use, despite the container being removed (#11750).
* API
- The Libpod Pull endpoint for Images now has a new query parameter, quiet, which (when set to true) suppresses image pull progress reports (#10612).
- The Compat Events endpoint now includes several deprecated fields from the Docker v1.21 API for improved compatibility with older clients.
- The Compat List and Inspect endpoints for Images now prefix image IDs with sha256: for improved Docker compatibility (#11623).
- The Compat Create endpoint for Containers now properly sets defaults for healthcheck-related fields (#11225).
- The Compat Create endpoint for Containers now supports volume options provided by the Mounts field (#10831).
- The Compat List endpoint for Secrets now supports a new query parameter, filter, which allows returned results to be filtered.
- The Compat Auth endpoint now returns the correct response code (500 instead of 400) when logging into a registry fails.
- The Version endpoint now includes information about the OCI runtime and Conmon in use (#11227).
- Fixed a bug where the X-Registry-Config header was not properly handled, leading to errors when pulling images (#11235).
- Fixed a bug where invalid query parameters could cause a null pointer dereference when creating error messages.
- Logging of API requests and responses at trace level has been greatly improved, including the addition of an X-Reference-Id header to correlate requests and responses (#10053).
* Misc
- Updated Buildah to v1.23.0
- Updated the containers/storage library to v1.36.0
- Updated the containers/image library to v5.16.0
- Updated the containers/common library to v0.44.0
++++ python-libvirt-python:
- Update to 7.8.0
- Add all new APIs and constants in libvirt 7.8.0
- jsc#SLE-18260
++++ vim:
- updated vim-7.4-rpmlintrc
- drop no-common.patch
- Updated to version 8.2.3459, fixes the following problems
* Can delete a numbered function. (Naohiro Ono)
* Reading beyond end of line with invalid utf-8 character.
* Crash with linebreak, listchars and large tabstop.
* Vim9: crash when using base name of import. (Naohiro Ono)
* Vim9: importing the wrong file.
* Vim9: too many characters are allowed in import name.
* fullcommand() gives the wrong name if there is a buffer-local user
command. (Naohiro Ono)
* Vim9: Not all function argument types are properly checked.
* Second error is reported while exception is being thrown.
* Vim9: a failing debug expression aborts script sourcing.
* Garbage collection while evaluating may cause trouble.
* A failing debug expression may make Vim unusable.
* _REENTRANT defined more than once.
* A bit of code is not covered by tests.
* Vim9: no failure if return type differs from returned variable.
* Vim9: list += list creates a new list in :def function.
* A sequence of spaces is hard to see in list mode.
* Warning for using uninitialized variable.
* Crash when deleting a listener in a listener callback. (Naohiro Ono)
* Double free when list is copied.
* Using freed memory when replacing. (Dhiraj Mishra)
* Leaking memory when assigning to list or dict.
* No generic way to trigger an autocommand on mode change.
* Completion for :disas sorts local functions first.
* Octave/Matlab filetype detection does not work properly.
* :delcommand does not take a -buffer option.
* Function prototype for trigger_modechanged() is incomplete.
* Vim9: dict is not passed to dict function.
* Check for optional bool type has confusing return type.
* Compiler warnings for 32/64 bit usage.
* Cannot manipulate blobs.
* Deleted lines go to wrong yank register.
* Recover test fails if there is an old swap file.
* Vim9: || and && are not handled at compile time when possible.
* Vim9: memory leak when and/or fails.
* concealed text not revealed when leaving insert mode. (Michael Soyka)
* On Solaris longVersion may be declared twice. (Vladimir Marek)
* Not enough tests for empty string arguments.
* A couple of declarations are not ANSI C.
* :endtry after function call that throws not found.
* Sort fails if the sort compare function returns 999.
* Coveralls action fails.
* Not all apache files are recognized.
* MPD files are not recognized.
* Autocmd not executed when editing a directory ending in a path separator
inside try block.
* Using a count with "gp" leave cursor in wrong position. (Naohiro Ono)
* Using a count with "gp" leaves '] in wrong position. (Naohiro Ono)
* Vim9: Not all functions are tested with an empty string argument.
* Not all dictdconf files are recognized.
* Vim9: need more tests for empty string arguments.
------------------------------------------------------------------
------------------ 2021-9-30 - Sep 30 2021 -------------------
------------------------------------------------------------------
++++ Mesa:
- update to 21.2.3
* third bugfix release
++++ Mesa-drivers:
- update to 21.2.3
* third bugfix release
++++ bash:
- Install bash_builtins manpage under the correct name
++++ coreutils:
- coreutils-skip-tests-rm-ext3-perf.patch: Add patch to skip the test
'tests/rm/ext3-perf.sh' temporarily as it hangs on OBS.
++++ dracut:
- Update to version 055+suse.119.g6c4187af:
* fix(suse-initrd): handle cases with zero modprobe.d files (bsc#1189895)
++++ e2fsprogs:
- quota-Add-support-to-version-0-quota-format.patch: quota: Add support to
version 0 quota format (jsc#SLE-17360)
quota-Fold-quota_read_all_dquots-into-quota_update_l.patch: quota: Fold
quota_read_all_dquots() into quota_update_limits() (jsc#SLE-17360)
quota-Rename-quota_update_limits-to-quota_read_all_d.patch: quota: Rename
quota_update_limits() to quota_read_all_dquots() (jsc#SLE-17360)
tune2fs-Fix-conversion-of-quota-files.patch: tune2fs: Fix conversion of quota
files (jsc#SLE-17360)
e2fsck-Do-not-trash-user-limits-when-processing-orph.patch: e2fsck: Do not
trash user limits when processing orphan list (jsc#SLE-17360)
debugfs-Fix-headers-for-quota-commands.patch: debugfs: Fix headers for quota
commands (jsc#SLE-17360)
quota-Drop-dead-code.patch: quota: Drop dead code (jsc#SLE-17360)
- add these not yet released fixes to e2fsprogs package so that SLE15-SP4 ships
with them
++++ texinfo:
- Move to /usr for UsrMerge (boo#1191099)
++++ kernel-default:
- Linux 5.14.9 (bsc#1012628).
- mm, hwpoison: add is_free_buddy_page() in HWPoisonHandlable()
(bsc#1012628).
- ocfs2: drop acl cache for directories too (bsc#1012628).
- mm/debug: sync up MR_CONTIG_RANGE and MR_LONGTERM_PIN
(bsc#1012628).
- mm: fix uninitialized use in overcommit_policy_handler
(bsc#1012628).
- usb: gadget: r8a66597: fix a loop in set_feature()
(bsc#1012628).
- usb: gadget: u_audio: EP-OUT bInterval in fback frequency
(bsc#1012628).
- usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave
(bsc#1012628).
- usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA
(bsc#1012628).
- usb: musb: tusb6010: uninitialized data in
tusb_fifo_write_unaligned() (bsc#1012628).
- cifs: Not to defer close on file when lock is set (bsc#1012628).
- cifs: Fix soft lockup during fsstress (bsc#1012628).
- cifs: fix incorrect check for null pointer in header_assemble
(bsc#1012628).
- xen/x86: fix PV trap handling on secondary processors
(bsc#1012628).
- usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c
(bsc#1012628).
- USB: serial: cp210x: add ID for GW Instek GDM-834x Digital
Multimeter (bsc#1012628).
- USB: cdc-acm: fix minor-number release (bsc#1012628).
- Revert "USB: bcma: Add a check for devm_gpiod_get"
(bsc#1012628).
- binder: make sure fd closes complete (bsc#1012628).
- binder: fix freeze race (bsc#1012628).
- staging: greybus: uart: fix tty use after free (bsc#1012628).
- usb: isp1760: do not sleep in field register poll (bsc#1012628).
- Re-enable UAS for LaCie Rugged USB3-FW with fk quirk
(bsc#1012628).
- usb: dwc3: core: balance phy init and exit (bsc#1012628).
- usb: cdns3: fix race condition before setting doorbell
(bsc#1012628).
- usb: core: hcd: Add support for deferring roothub registration
(bsc#1012628).
- USB: serial: mos7840: remove duplicated 0xac24 device ID
(bsc#1012628).
- USB: serial: option: add Telit LN920 compositions (bsc#1012628).
- USB: serial: option: remove duplicate USB device ID
(bsc#1012628).
- USB: serial: option: add device id for Foxconn T99W265
(bsc#1012628).
- misc: bcm-vk: fix tty registration race (bsc#1012628).
- misc: genwqe: Fixes DMA mask setting (bsc#1012628).
- mcb: fix error handling in mcb_alloc_bus() (bsc#1012628).
- KVM: rseq: Update rseq when processing NOTIFY_RESUME on xfer
to KVM guest (bsc#1012628).
- erofs: fix up erofs_lookup tracepoint (bsc#1012628).
- nexthop: Fix division by zero while replacing a resilient group
(bsc#1012628).
- btrfs: prevent __btrfs_dump_space_info() to underflow its free
space (bsc#1012628).
- xhci: Set HCD flag to defer primary roothub registration
(bsc#1012628).
- serial: 8250: 8250_omap: Fix RX_LVL register offset
(bsc#1012628).
- serial: mvebu-uart: fix driver's tx_empty callback
(bsc#1012628).
- scsi: sd_zbc: Ensure buffer size is aligned to SECTOR_SIZE
(bsc#1012628).
- drm/amd/pm: Update intermediate power state for SI
(bsc#1012628).
- net: hso: fix muxed tty registration (bsc#1012628).
- platform/x86: amd-pmc: Increase the response register timeout
(bsc#1012628).
- arm64: Restore forced disabling of KPTI on ThunderX
(bsc#1012628).
- arm64: Mitigate MTE issues with str{n}cmp() (bsc#1012628).
- comedi: Fix memory leak in compat_insnlist() (bsc#1012628).
- regulator: qcom-rpmh-regulator: fix pm8009-1 ldo7 resource name
(bsc#1012628).
- afs: Fix page leak (bsc#1012628).
- afs: Fix incorrect triggering of sillyrename on 3rd-party
invalidation (bsc#1012628).
- afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS
server (bsc#1012628).
- afs: Fix updating of i_blocks on file/dir extension
(bsc#1012628).
- platform/x86/intel: punit_ipc: Drop wrong use of ACPI_PTR()
(bsc#1012628).
- regulator: max14577: Revert "regulator: max14577: Add proper
module aliases strings" (bsc#1012628).
- NLM: Fix svcxdr_encode_owner() (bsc#1012628).
- virtio-net: fix pages leaking when building skb in big mode
(bsc#1012628).
- enetc: Fix illegal access when reading affinity_hint
(bsc#1012628).
- enetc: Fix uninitialized struct dim_sample field usage
(bsc#1012628).
- net: dsa: tear down devlink port regions when tearing down
the devlink port on error (bsc#1012628).
- net: bgmac-bcma: handle deferred probe error due to mac-address
(bsc#1012628).
- napi: fix race inside napi_enable (bsc#1012628).
- bnxt_en: Fix TX timeout when TX ring size is set to the smallest
(bsc#1012628).
- net: hns3: fix change RSS 'hfunc' ineffective issue
(bsc#1012628).
- net: hns3: fix inconsistent vf id print (bsc#1012628).
- net: hns3: fix misuse vf id and vport id in some logs
(bsc#1012628).
- net: hns3: check queue id range before using (bsc#1012628).
- net: hns3: check vlan id before using it (bsc#1012628).
- net: hns3: fix a return value error in hclge_get_reset_status()
(bsc#1012628).
- net/smc: add missing error check in smc_clc_prfx_set()
(bsc#1012628).
- net/smc: fix 'workqueue leaked lock' in smc_conn_abort_work
(bsc#1012628).
- net: dsa: fix dsa_tree_setup error path (bsc#1012628).
- net: dsa: don't allocate the slave_mii_bus using devres
(bsc#1012628).
- net: dsa: realtek: register the MDIO bus under devres
(bsc#1012628).
- platform/x86: dell: fix DELL_WMI_PRIVACY dependencies & build
error (bsc#1012628).
- kselftest/arm64: signal: Add SVE to the set of features we
can check for (bsc#1012628).
- kselftest/arm64: signal: Skip tests if required features are
missing (bsc#1012628).
- spi: Revert modalias changes (bsc#1012628).
- s390/qeth: fix NULL deref in qeth_clear_working_pool_list()
(bsc#1012628).
- gpiolib: acpi: Make set-debounce-timeout failures non fatal
(bsc#1012628).
- gpio: uniphier: Fix void functions to remove return value
(bsc#1012628).
- qed: rdma - don't wait for resources under hw error recovery
flow (bsc#1012628).
- mptcp: ensure tx skbs always have the MPTCP ext (bsc#1012628).
- nexthop: Fix memory leaks in nexthop notification chain
listeners (bsc#1012628).
- nfc: st-nci: Add SPI ID matching DT compatible (bsc#1012628).
- net: ethernet: mtk_eth_soc: avoid creating duplicate offload
entries (bsc#1012628).
- net: mscc: ocelot: fix forwarding from BLOCKING ports remaining
enabled (bsc#1012628).
- net/mlx4_en: Don't allow aRFS for encapsulated packets
(bsc#1012628).
- atlantic: Fix issue in the pm resume flow (bsc#1012628).
- drm/amdkfd: map SVM range with correct access permission
(bsc#1012628).
- drm/amdkfd: fix dma mapping leaking warning (bsc#1012628).
- scsi: iscsi: Adjust iface sysfs attr detection (bsc#1012628).
- scsi: target: Fix the pgr/alua_support_store functions
(bsc#1012628).
- tty: synclink_gt: rename a conflicting function name
(bsc#1012628).
- fpga: machxo2-spi: Return an error on failure (bsc#1012628).
- fpga: machxo2-spi: Fix missing error code in
machxo2_write_complete() (bsc#1012628).
- x86/fault: Fix wrong signal when vsyscall fails with pkey
(bsc#1012628).
- nvme-tcp: fix incorrect h2cdata pdu offset accounting
(bsc#1012628).
- nvme: keep ctrl->namespaces ordered (bsc#1012628).
- thermal/core: Potential buffer overflow in
thermal_build_list_of_policies() (bsc#1012628).
- cifs: fix a sign extension bug (bsc#1012628).
- scsi: sd_zbc: Support disks with more than 2**32 logical blocks
(bsc#1012628).
- scsi: ufs: Revert "Utilize Transfer Request List Completion
Notification Register" (bsc#1012628).
- scsi: ufs: Retry aborted SCSI commands instead of completing
these successfully (bsc#1012628).
- scsi: ufs: core: Unbreak the reset handler (bsc#1012628).
- scsi: qla2xxx: Restore initiator in dual mode (bsc#1012628).
- scsi: lpfc: Use correct scnprintf() limit (bsc#1012628).
- irqchip/goldfish-pic: Select GENERIC_IRQ_CHIP to fix build
(bsc#1012628).
- irqchip/gic-v3-its: Fix potential VPE leak on error
(bsc#1012628).
- md: fix a lock order reversal in md_alloc (bsc#1012628).
- x86/asm: Fix SETZ size enqcmds() build failure (bsc#1012628).
- io_uring: fix race between poll completion and cancel_hash
insertion (bsc#1012628).
- io_uring: fix missing set of EPOLLONESHOT for CQ ring overflow
(bsc#1012628).
- io_uring: put provided buffer meta data under memcg accounting
(bsc#1012628).
- io_uring: don't punt files update to io-wq unconditionally
(bsc#1012628).
- blktrace: Fix uaf in blk_trace access after removing by sysfs
(bsc#1012628).
- net: phylink: Update SFP selected interface on advertising
changes (bsc#1012628).
- net: macb: fix use after free on rmmod (bsc#1012628).
- net: stmmac: allow CSR clock of 300MHz (bsc#1012628).
- blk-mq: avoid to iterate over stale request (bsc#1012628).
- m68k: Double cast io functions to unsigned long (bsc#1012628).
- ipv6: delay fib6_sernum increase in fib6_add (bsc#1012628).
- dma-debug: prevent an error message from causing runtime
problems (bsc#1012628).
- cpufreq: intel_pstate: Override parameters if HWP forced by BIOS
(bsc#1012628).
- bpf: Add oversize check before call kvcalloc() (bsc#1012628).
- xen/balloon: use a kernel thread instead a workqueue
(bsc#1012628).
- nvme-multipath: fix ANA state updates when a namespace is not
present (bsc#1012628).
- nvme-rdma: destroy cm id before destroy qp to avoid use after
free (bsc#1012628).
- sparc32: page align size in arch_dma_alloc (bsc#1012628).
- amd/display: downgrade validation failure log level
(bsc#1012628).
- drm/ttm: fix type mismatch error on sparc64 (bsc#1012628).
- block: check if a profile is actually registered in
blk_integrity_unregister (bsc#1012628).
- block: flush the integrity workqueue in blk_integrity_unregister
(bsc#1012628).
- blk-cgroup: fix UAF by grabbing blkcg lock before destroying
blkg pd (bsc#1012628).
- compiler.h: Introduce absolute_pointer macro (bsc#1012628).
- net: i825xx: Use absolute_pointer for memcpy from fixed memory
location (bsc#1012628).
- sparc: avoid stringop-overread errors (bsc#1012628).
- qnx4: avoid stringop-overread errors (bsc#1012628).
- parisc: Use absolute_pointer() to define PAGE0 (bsc#1012628).
- drm/amdkfd: make needs_pcie_atomics FW-version dependent
(bsc#1012628).
- drm/amd/display: Fix unstable HPCP compliance on Chrome Barcelo
(bsc#1012628).
- drm/amd/display: Link training retry fix for abort case
(bsc#1012628).
- amd/display: enable panel orientation quirks (bsc#1012628).
- arm64: Mark __stack_chk_guard as __ro_after_init (bsc#1012628).
- alpha: Declare virt_to_phys and virt_to_bus parameter as
pointer to volatile (bsc#1012628).
- net: 6pack: Fix tx timeout and slot time (bsc#1012628).
- spi: Fix tegra20 build with CONFIG_PM=n (bsc#1012628).
- libperf evsel: Make use of FD robust (bsc#1012628).
- Revert drm/vc4 hdmi runtime PM changes (bsc#1012628).
- EDAC/synopsys: Fix wrong value type assignment for edac_mode
(bsc#1012628).
- EDAC/dmc520: Assign the proper type to dimm->edac_mode
(bsc#1012628).
- x86/setup: Call early_reserve_memory() earlier (bsc#1012628).
- thermal/drivers/int340x: Do not set a wrong tcc offset on resume
(bsc#1012628).
- irqchip/armada-370-xp: Fix ack/eoi breakage (bsc#1012628).
- arm64: add MTE supported check to thread switching and syscall
entry/exit (bsc#1012628).
- USB: serial: cp210x: fix dropped characters with CP2102
(bsc#1012628).
- software node: balance refcount for managed software nodes
(bsc#1012628).
- xen/balloon: fix balloon kthread freezing (bsc#1012628).
- qnx4: work around gcc false positive warning bug (bsc#1012628).
- usb: gadget: f_uac2: Add missing companion descriptor for
feedback EP (bsc#1012628).
- usb: gadget: f_uac2: Populate SS descriptors' wBytesPerInterval
(bsc#1012628).
- Refresh patches.suse/drm-vc4-hdmi-Fix-HPD-GPIO-detection.patch.
- commit 85f5318
- arm64: Update config files. (bsc#1185927)
Set PINCTRL_ZYNQMP as build-in.
- commit 94782db
++++ kernel-firmware:
- Update to version 20210928 (git commit 7a30050592e2):
* brcm: Add 43455 based AP6255 NVRAM for the ACEPC T8 Mini PC
* linux-firmware: Update firmware file for Intel Bluetooth 9462
* amdgpu: update VCN firmware for dimgrey cavefish
* amdgpu: update VCN firmware for navy flounder
* amdgpu: update VCN firmware for sienna cichlid
* amdgpu: update VCN firmware for vangogh
* amdgpu: update VCN firmware for renoir
* amdgpu: update VCN firmware for picasso
* amdgpu: update VCN firmware for raven2
* amdgpu: update VCN firmware for raven
* amdgpu: Add initial firmware for Beige Goby
* cxgb4: Update firmware to revision 1.26.2.0
* linux-firmware: update frimware for mediatek bluetooth chip (MT7921)
* linux-firmware: Update firmware file for Intel Bluetooth AX211
* linux-firmware: Update firmware file for Intel Bluetooth AX201
* linux-firmware: Update firmware file for Intel Bluetooth 9560
* qed: Add firmware 8.59.1.0
* linux-firmware: Update firmware file for Intel Bluetooth AX211
* linux-firmware: Update firmware file for Intel Bluetooth AX210
* linux-firmware: Update firmware file for Intel Bluetooth AX200
* linux-firmware: Update firmware file for Intel Bluetooth AX201
* linux-firmware: Update firmware file for Intel Bluetooth 9560
* linux-firmware: Update firmware file for Intel Bluetooth 9260
* linux-firmware: Update firmware file for Intel Bluetooth 8265
* iwlwifi: add FWs for new So device types with multiple RF modules
* amdgpu: add initial firmware for Yellow Carp
* i915: Update ADLP DMC v2.12
* linux-firmware: add frimware for mediatek bluetooth chip (MT7922)
* linux-firmware: Update AMD SEV firmware (bsc#1186938)
* Revert "iwlwifi: add FW for new So/Gf device type"
- Update aliases
++++ krb5:
- Added hardening to systemd services; (bsc#1181400);
++++ open-iscsi:
- Update to latest from upstream, fixing:
* Moving the executables from /sbin to /usr/sbin (bsc#1191054)
* Remove default dependencies from iscsi-init.service
(bsc#1187190)
++++ libsoup:
- Ignore test failure on 32-bit arm, as it is done for 32-bit x86
https://gitlab.gnome.org/GNOME/libsoup/-/issues/236
++++ salt:
- Do not break master_tops for minion with version lower to 3003
- Added:
* do-not-break-master_tops-for-minion-with-version-low.patch
++++ u-boot-rpiarm64:
Fix Grub loading slowdown when connecting USB keyboard (bsc#1171222).
Enable BTRFS for Risc-V.
Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.10
* Patches added:
0013-riscv-enable-CMD_BTRFS.patch
0014-Disable-timer-check-in-file-loading.patch
------------------------------------------------------------------
------------------ 2021-9-29 - Sep 29 2021 -------------------
------------------------------------------------------------------
++++ libjpeg-turbo:
- previous version updates fixes following bugs:
CVE-2014-9092, CVE-2018-14498, CVE-2019-2201, CVE-2020-17541
(bsc#1128712, bsc#1186764, bsc#807183, bsc#906761)
++++ libnss_usrfiles:
- Install into _libdir [bsc#1191070]
++++ systemd:
- Work around rpmlint complaining about /var/log/journal shipped with setgid bit
This setgid bit has been already reviewed in the past and wasn't a
concern. However we want the mode/ownership adjusted by tmpfiles and
avoid the duplication of these info in rpm.
- Don't ghost own any directories created dynamically by tmpfiles
Again rpmlint complains but it doesn't seem to make sense to try to
track all paths (including theirs perms, ownerships...) created
dynamically. And 'rpm -V' is likely to report issues later with
these paths anyway.
This effectively partially reverts the two previous commits.
++++ systemd-rpm-macros:
- Use %{load:} instead of %{?load:}: fix build with RPM 4.17.
------------------------------------------------------------------
------------------ 2021-9-28 - Sep 28 2021 -------------------
------------------------------------------------------------------
++++ fuse-overlayfs:
- Update to version 1.7.1
* set FUSE_CAP_POSIX_ACL only when it is supported by FUSE.
* treat statx failure with EINVAL as ENOSYS, so that the fallback
is attempted.
- Update to version 1.7.0
* fix read xattrs for device files
* don't create whiteout files in opaque dirs.
* fix reading files when running with euid != 0.
* enable POSIX ACLs.
- Update to version 1.6.0
* fix an invalid access when filtering internal xattrs that could
deal to a segfault.
- Update to version 1.5.0
* honor FUSE_OVERLAYFS_DISABLE_OVL_WHITEOUT also for renames
* use strncpy instead of strcpy
* fix renameat2(RENAME_NOREPLACE) on older kernels that lack
device whiteouts for unprivileged users.
* fix creating a symlink on top of a removed file.
* fix copyup of xattrs longer than 256 bytes.
++++ libcap:
- update to 2.59:
* Fixed a potential libcap memory leak by adding a destructor
* Major improvement is that there is a path for Linux-PAM compliant
applications to support setting Ambient vector Capabilities via pam_cap.so now
* Added libcap cap_proc_root() API function
* Added color support to captree
* Fixed contrib/sucap/su to correctly handle the Inheritable flag
* capsh enhancements
* getcap -r / now generates readable output
* The shared library objects: pam_cap.so, libcap.so and libpsx.so, are all now
runnable as standalone binaries
* The module pam_cap.so now contains support for a default=<IAB> module argument
* Enhanced capsh --suggest to also compare against the capability value names
and not just their descriptions
* Added capsh --current support
* Added a contrib/sucap/su.c pure-capabilities PAM implementation of su
* Fix for a corner case infinite loop handling long strings
* Added libcap cap_iab_compare() and cap_iab_get_pid() APIs
* Added a Go utility, captree, to display the process (and thread) graph along with
the POSIX.1e and IAB capabilities of each PID{TID} tree.
++++ jitterentropy:
- Trim conjecture from descriptions.
++++ libpwquality:
- Use %_pam_moduledir instead of hardcoding %{_lib}/security
(boo#1191042).
++++ openssh:
- Version update to 8.8p1:
= Security
* sshd(8) from OpenSSH 6.2 through 8.7 failed to correctly initialise
supplemental groups when executing an AuthorizedKeysCommand or
AuthorizedPrincipalsCommand, where a AuthorizedKeysCommandUser or
AuthorizedPrincipalsCommandUser directive has been set to run the
command as a different user. Instead these commands would inherit
the groups that sshd(8) was started with.
Depending on system configuration, inherited groups may allow
AuthorizedKeysCommand/AuthorizedPrincipalsCommand helper programs to
gain unintended privilege.
Neither AuthorizedKeysCommand nor AuthorizedPrincipalsCommand are
enabled by default in sshd_config(5).
= Potentially-incompatible changes
* This release disables RSA signatures using the SHA-1 hash algorithm
by default. This change has been made as the SHA-1 hash algorithm is
cryptographically broken, and it is possible to create chosen-prefix
hash collisions for <USD$50K.
For most users, this change should be invisible and there is
no need to replace ssh-rsa keys. OpenSSH has supported RFC8332
RSA/SHA-256/512 signatures since release 7.2 and existing ssh-rsa keys
will automatically use the stronger algorithm where possible.
Incompatibility is more likely when connecting to older SSH
implementations that have not been upgraded or have not closely tracked
improvements in the SSH protocol. For these cases, it may be necessary
to selectively re-enable RSA/SHA1 to allow connection and/or user
authentication via the HostkeyAlgorithms and PubkeyAcceptedAlgorithms
options.
= New features
* ssh(1): allow the ssh_config(5) CanonicalizePermittedCNAMEs
directive to accept a "none" argument to specify the default
behaviour.
= Bugfixes
* scp(1): when using the SFTP protocol, continue transferring files
after a transfer error occurs, better matching original scp/rcp
behaviour.
* ssh(1): fixed a number of memory leaks in multiplexing,
* ssh-keygen(1): avoid crash when using the -Y find-principals
command.
* A number of documentation and manual improvements, including
bz#3340, PR139, PR215, PR241, PR257
- Additional changes from 8.7p1 release:
= Potentially-incompatible changes
* scp(1): this release changes the behaviour of remote to remote
copies (e.g. "scp host-a:/path host-b:") to transfer through the
local host by default. This was previously available via the -3
flag. This mode avoids the need to expose credentials on the
origin hop, avoids triplicate interpretation of filenames by the
shell (by the local system, the copy origin and the destination)
and, in conjunction with the SFTP support for scp(1) mentioned
below, allows use of all authentication methods to the remote
hosts (previously, only non-interactive methods could be used).
A -R flag has been added to select the old behaviour.
* ssh(1)/sshd(8): both the client and server are now using a
stricter configuration file parser. The new parser uses more
shell-like rules for quotes, space and escape characters. It is
also more strict in rejecting configurations that include options
lacking arguments. Previously some options (e.g. DenyUsers) could
appear on a line with no subsequent arguments. This release will
reject such configurations. The new parser will also reject
configurations with unterminated quotes and multiple '='
characters after the option name.
* ssh(1): when using SSHFP DNS records for host key verification,
ssh(1) will verify all matching records instead of just those
with the specific signature type requested. This may cause host
key verification problems if stale SSHFP records of a different
or legacy signature type exist alongside other records for a
particular host. bz#3322
* ssh-keygen(1): when generating a FIDO key and specifying an
explicit attestation challenge (using -Ochallenge), the challenge
will now be hashed by the builtin security key middleware. This
removes the (undocumented) requirement that challenges be exactly
32 bytes in length and matches the expectations of libfido2.
* sshd(8): environment="..." directives in authorized_keys files are
now first-match-wins and limited to 1024 discrete environment
variable names.
= New features
* scp(1): experimental support for transfers using the SFTP protocol
as a replacement for the venerable SCP/RCP protocol that it has
traditionally used. SFTP offers more predictable filename handling
and does not require expansion of glob(3) patterns via the shell
on the remote side.
* sftp-server(8): add a protocol extension to support expansion of
~/ and ~user/ prefixed paths. This was added to support these
paths when used by scp(1) while in SFTP mode.
* ssh(1): add a ForkAfterAuthentication ssh_config(5) counterpart to
the ssh(1) -f flag. GHPR231
* ssh(1): add a StdinNull directive to ssh_config(5) that allows the
config file to do the same thing as -n does on the ssh(1) command-
line. GHPR231
* ssh(1): add a SessionType directive to ssh_config, allowing the
configuration file to offer equivalent control to the -N (no
session) and -s (subsystem) command-line flags. GHPR231
* ssh-keygen(1): allowed signers files used by ssh-keygen(1)
signatures now support listing key validity intervals alongside
they key, and ssh-keygen(1) can optionally check during signature
verification whether a specified time falls inside this interval.
This feature is intended for use by git to support signing and
verifying objects using ssh keys.
* ssh-keygen(8): support printing of the full public key in a sshsig
signature via a -Oprint-pubkey flag.
= Bugfixes
* ssh(1)/sshd(8): start time-based re-keying exactly on schedule in
the client and server mainloops. Previously the re-key timeout
could expire but re-keying would not start until a packet was sent
or received, causing a spin in select() if the connection was
quiescent.
* ssh-keygen(1): avoid Y2038 problem in printing certificate
validity lifetimes. Dates past 2^31-1 seconds since epoch were
displayed incorrectly on some platforms. bz#3329
* scp(1): allow spaces to appear in usernames for local to remote
and scp -3 remote to remote copies. bz#1164
* ssh(1)/sshd(8): remove references to ChallengeResponseAuthentication
in favour of KbdInteractiveAuthentication. The former is what was in
SSHv1, the latter is what is in SSHv2 (RFC4256) and they were
treated as somewhat but not entirely equivalent. We retain the old
name as a deprecated alias so configuration files continue to work
as well as a reference in the man page for people looking for it.
bz#3303
* ssh(1)/ssh-add(1)/ssh-keygen(1): fix decoding of X.509 subject name
when extracting a key from a PKCS#11 certificate. bz#3327
* ssh(1): restore blocking status on stdio fds before close. ssh(1)
needs file descriptors in non-blocking mode to operate but it was
not restoring the original state on exit. This could cause
problems with fds shared with other programs via the shell,
bz#3280 and GHPR246
* ssh(1)/sshd(8): switch both client and server mainloops from
select(3) to pselect(3). Avoids race conditions where a signal
may arrive immediately before select(3) and not be processed until
an event fires. bz#2158
* ssh(1): sessions started with ControlPersist were incorrectly
executing a shell when the -N (no shell) option was specified.
bz#3290
* ssh(1): check if IPQoS or TunnelDevice are already set before
overriding. Prevents values in config files from overriding values
supplied on the command line. bz#3319
* ssh(1): fix debug message when finding a private key to match a
certificate being attempted for user authentication. Previously it
would print the certificate's path, whereas it was supposed to be
showing the private key's path. GHPR247
* sshd(8): match host certificates against host public keys, not
private keys. Allows use of certificates with private keys held in
a ssh-agent. bz#3524
* ssh(1): add a workaround for a bug in OpenSSH 7.4 sshd(8), which
allows RSA/SHA2 signatures for public key authentication but fails
to advertise this correctly via SSH2_MSG_EXT_INFO. This causes
clients of these server to incorrectly match
PubkeyAcceptedAlgorithmse and potentially refuse to offer valid
keys. bz#3213
* sftp(1)/scp(1): degrade gracefully if a sftp-server offers the
limits@openssh.com extension but fails when the client tries to
invoke it. bz#3318
* ssh(1): allow ssh_config SetEnv to override $TERM, which is
otherwise handled specially by the protocol. Useful in ~/.ssh/config
to set TERM to something generic (e.g. "xterm" instead of
"xterm-256color") for destinations that lack terminfo entries.
* sftp-server(8): the limits@openssh.com extension was incorrectly
marked as an operation that writes to the filesystem, which made it
unavailable in sftp-server read-only mode. bz#3318
* ssh(1): fix SEGV in UpdateHostkeys debug() message, triggered when
the update removed more host keys than remain present.
* Many manual page fixes.
- Additional changes from 8.6p1 release:
= Security
* sshd(8): OpenSSH 8.5 introduced the LogVerbose keyword. When this
option was enabled with a set of patterns that activated logging
in code that runs in the low-privilege sandboxed sshd process, the
log messages were constructed in such a way that printf(3) format
strings could effectively be specified the low-privilege code.
= New features
* sftp-server(8): add a new limits@openssh.com protocol extension
that allows a client to discover various server limits, including
maximum packet size and maximum read/write length.
* sftp(1): use the new limits@openssh.com extension (when available)
to select better transfer lengths in the client.
* sshd(8): Add ModuliFile keyword to sshd_config to specify the
location of the "moduli" file containing the groups for DH-GEX.
* unit tests: Add a TEST_SSH_ELAPSED_TIMES environment variable to
enable printing of the elapsed time in seconds of each test.
= Bugfixes
* ssh_config(5), sshd_config(5): sync CASignatureAlgorithms lists in
manual pages with the current default. GHPR174
* ssh(1): ensure that pkcs11_del_provider() is called before exit.
GHPR234
* ssh(1), sshd(8): fix problems in string->argv conversion. Multiple
backslashes were not being dequoted correctly and quoted space in
the middle of a string was being incorrectly split. GHPR223
* ssh(1): return non-zero exit status when killed by signal; bz#3281
* sftp-server(8): increase maximum SSH2_FXP_READ to match the maximum
packet size. Also handle zero-length reads that are not explicitly
banned by the spec.
- Additional changes from 8.5p1 release:
= Security
* ssh-agent(1): fixed a double-free memory corruption that was
introduced in OpenSSH 8.2 . We treat all such memory faults as
potentially exploitable. This bug could be reached by an attacker
with access to the agent socket.
= Potentially-incompatible changes
* ssh(1), sshd(8): this release changes the first-preference signature
algorithm from ECDSA to ED25519.
* ssh(1), sshd(8): set the TOS/DSCP specified in the configuration
for interactive use prior to TCP connect. The connection phase of
the SSH session is time-sensitive and often explicitly interactive.
The ultimate interactive/bulk TOS/DSCP will be set after
authentication completes.
* ssh(1), sshd(8): remove the pre-standardization cipher
rijndael-cbc@lysator.liu.se. It is an alias for aes256-cbc before
it was standardized in RFC4253 (2006), has been deprecated and
disabled by default since OpenSSH 7.2 (2016) and was only briefly
documented in ssh.1 in 2001.
* ssh(1), sshd(8): update/replace the experimental post-quantum
hybrid key exchange method based on Streamlined NTRU Prime coupled
with X25519. The previous sntrup4591761x25519-sha512@tinyssh.org
method is replaced with sntrup761x25519-sha512@openssh.com.
* ssh(1): disable CheckHostIP by default. It provides insignificant
benefits while making key rotation significantly more difficult,
especially for hosts behind IP-based load-balancers.
= New features
* ssh(1): this release enables UpdateHostkeys by default subject to
some conservative preconditions:
- The key was matched in the UserKnownHostsFile (and not in the
GlobalKnownHostsFile).
- The same key does not exist under another name.
- A certificate host key is not in use.
- known_hosts contains no matching wildcard hostname pattern.
- VerifyHostKeyDNS is not enabled.
- The default UserKnownHostsFile is in use.
* ssh(1), sshd(8): add a new LogVerbose configuration directive for
that allows forcing maximum debug logging by file/function/line
pattern-lists.
* ssh(1): when prompting the user to accept a new hostkey, display
any other host names/addresses already associated with the key.
* ssh(1): allow UserKnownHostsFile=none to indicate that no
known_hosts file should be used to identify host keys.
* ssh(1): add a ssh_config KnownHostsCommand option that allows the
client to obtain known_hosts data from a command in addition to
the usual files.
* ssh(1): add a ssh_config PermitRemoteOpen option that allows the
client to restrict the destination when RemoteForward is used
with SOCKS.
* ssh(1): for FIDO keys, if a signature operation fails with a
"incorrect PIN" reason and no PIN was initially requested from the
user, then request a PIN and retry the operation. This supports
some biometric devices that fall back to requiring PIN when reading
of the biometric failed, and devices that require PINs for all
hosted credentials.
* sshd(8): implement client address-based rate-limiting via new
sshd_config(5) PerSourceMaxStartups and PerSourceNetBlockSize
directives that provide more fine-grained control on a per-origin
address basis than the global MaxStartups limit.
= Bugfixes
* ssh(1): Prefix keyboard interactive prompts with "(user@host)" to
make it easier to determine which connection they are associated
with in cases like scp -3, ProxyJump, etc. bz#3224
* sshd(8): fix sshd_config SetEnv directives located inside Match
blocks. GHPR201
* ssh(1): when requesting a FIDO token touch on stderr, inform the
user once the touch has been recorded.
* ssh(1): prevent integer overflow when ridiculously large
ConnectTimeout values are specified, capping the effective value
(for most platforms) at 24 days. bz#3229
* ssh(1): consider the ECDSA key subtype when ordering host key
algorithms in the client.
* ssh(1), sshd(8): rename the PubkeyAcceptedKeyTypes keyword to
PubkeyAcceptedAlgorithms. The previous name incorrectly suggested
that it control allowed key algorithms, when this option actually
specifies the signature algorithms that are accepted. The previous
name remains available as an alias. bz#3253
* ssh(1), sshd(8): similarly, rename HostbasedKeyTypes (ssh) and
HostbasedAcceptedKeyTypes (sshd) to HostbasedAcceptedAlgorithms.
* sftp-server(8): add missing lsetstat@openssh.com documentation
and advertisement in the server's SSH2_FXP_VERSION hello packet.
* ssh(1), sshd(8): more strictly enforce KEX state-machine by
banning packet types once they are received. Fixes memleak caused
by duplicate SSH2_MSG_KEX_DH_GEX_REQUEST (oss-fuzz #30078).
* sftp(1): allow the full range of UIDs/GIDs for chown/chgrp on 32bit
platforms instead of being limited by LONG_MAX. bz#3206
* Minor man page fixes (capitalization, commas, etc.) bz#3223
* sftp(1): when doing an sftp recursive upload or download of a
read-only directory, ensure that the directory is created with
write and execute permissions in the interim so that the transfer
can actually complete, then set the directory permission as the
final step. bz#3222
* ssh-keygen(1): document the -Z, check the validity of its argument
earlier and provide a better error message if it's not correct.
bz#2879
* ssh(1): ignore comments at the end of config lines in ssh_config,
similar to what we already do for sshd_config. bz#2320
* sshd_config(5): mention that DisableForwarding is valid in a
sshd_config Match block. bz3239
* sftp(1): fix incorrect sorting of "ls -ltr" under some
circumstances. bz3248.
* ssh(1), sshd(8): fix potential integer truncation of (unlikely)
timeout values. bz#3250
* ssh(1): make hostbased authentication send the signature algorithm
in its SSH2_MSG_USERAUTH_REQUEST packets instead of the key type.
This make HostbasedAcceptedAlgorithms do what it is supposed to -
filter on signature algorithm and not key type.
- Rebased patches:
* openssh-7.7p1-IPv6_X_forwarding.patch
* openssh-7.7p1-X11_trusted_forwarding.patch
* openssh-7.7p1-X_forward_with_disabled_ipv6.patch
* openssh-7.7p1-cavstest-ctr.patch
* openssh-7.7p1-cavstest-kdf.patch
* openssh-7.7p1-disable_openssl_abi_check.patch
* openssh-7.7p1-eal3.patch
* openssh-7.7p1-enable_PAM_by_default.patch
* openssh-7.7p1-fips.patch
* openssh-7.7p1-fips_checks.patch
* openssh-7.7p1-host_ident.patch
* openssh-7.7p1-hostname_changes_when_forwarding_X.patch
* openssh-7.7p1-ldap.patch
* openssh-7.7p1-no_fork-no_pid_file.patch
* openssh-7.7p1-pam_check_locks.patch
* openssh-7.7p1-pts_names_formatting.patch
* openssh-7.7p1-remove_xauth_cookies_on_exit.patch
* openssh-7.7p1-seccomp_ipc_flock.patch
* openssh-7.7p1-seccomp_stat.patch
* openssh-7.7p1-send_locale.patch
* openssh-7.7p1-sftp_force_permissions.patch
* openssh-7.7p1-sftp_print_diagnostic_messages.patch
* openssh-7.7p1-systemd-notify.patch
* openssh-7.9p1-keygen-preserve-perms.patch
* openssh-7.9p1-revert-new-qos-defaults.patch
* openssh-8.0p1-gssapi-keyex.patch
* openssh-8.1p1-audit.patch
* openssh-8.1p1-seccomp-clock_gettime64.patch
* openssh-8.1p1-seccomp-clock_nanosleep.patch
* openssh-8.1p1-seccomp-clock_nanosleep_time64.patch
* openssh-8.1p1-use-openssl-kdf.patch
* openssh-8.4p1-vendordir.patch
* openssh-fips-ensure-approved-moduli.patch
* openssh-link-with-sk.patch
* openssh-reenable-dh-group14-sha1-default.patch
* openssh-whitelist-syscalls.patch
- Removed openssh-fix-ssh-copy-id.patch (fixed upstream).
- openssh.keyring: rotated to new key from https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/RELEASE_KEY.asc
++++ selinux-policy:
- Fix auditd service start with systemd hardening directives (boo#1190918)
* add fix_auditd.patch
++++ u-boot-rpiarm64:
- Update to 2021.10-rc5
- Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.10
* Patches dropped (upstreamed):
0013-configs-rpi-Enable-SMBIOS-sysinfo-d.patch
- Add hack to allow enabling CONFIG_CMD_BTRFS on riscv64
------------------------------------------------------------------
------------------ 2021-9-27 - Sep 27 2021 -------------------
------------------------------------------------------------------
++++ Mesa:
- covers jira#SLE/SLE-18743
++++ Mesa-drivers:
- covers jira#SLE/SLE-18743
++++ kernel-default:
- Those are all really old, some of them might have been fixed via BIOS enhancements:
- Delete patches.suse/acpi_thermal_passive_blacklist.patch. (bsc#1189969)
- Delete
patches.suse/acpi_thinkpad_introduce_acpi_root_table_boot_param.patch. (bsc#1189968)
- Delete patches.suse/perf_timechart_fix_zero_timestamps.patch. (bsc#1189958)
- Delete patches.suse/pstore_disable_efi_backend_by_default.patch. (bsc#1189961)
- Delete
patches.suse/x86-apic-force-bigsmp-apic-on-IBM-EXA3-4.patch. (bsc#1189956)
- commit c421931
- kernel-binary.spec: Do not sign kernel when no key provided
(bsc#1187167).
- commit e3309d1
- blacklist.conf: add idxd commit
- commit 06dbf6b
++++ libbpf:
- Update to 0.5.0:
+ New features and user-space APIs:
- libbpf_set_strict_mode() allowing to opt-in into backwards incompatible libbpf-1.0 changes. See "Libbpf: the road to 1.0" and "Libbpf 1.0 migration guide" for more details.
- streamlined error reporting for low-level APIs, high-level error-returning APIs, and pointer-returning APIs (as a libbpf-1.0 opt-in);
- "Light" BPF skeleton support;
- BPF_PROG_TYPE_SYSCALL support;
- BPF perf link support for kprobe, uprobe, tracepoint, and perf_event BPF programs;
- BPF cookie support for kprobe, uprobe, tracepoint, and perf_event BPF programs through bpf_program__attach_[ku]probe_opts() APIs;
- allow to specify ref_ctr_off for USDT semaphores through bpf_program__attach_uprobe_opts() API;
- btf_custom_path support in bpf_object_open_opts, allowing to specify custom BTF for CO-RE relocations;
- sk_reuseport/migrate program type support;
- btf_dump__dump_type_data() API, allowing to dump binary data according to BTF type description;
- btf__load_into_kernel() and btf__load_from_kernel_by_id(), and split BTF variants of them;
- btf__load_vmlinux_btf() and btf__load_module_btf() APIs;
- bpf_map__initial_value() API to get initial value of mmap-ed BPF maps;
- bpf_map_lookup_and_delete_elem_flags() API.
+ BPF-side APIs and features:
- support for weak typed __ksym externs;
- BPF timer helpers: bpf_timer_init(), bpf_timer_set_callback(), bpf_timer_start(), bpf_timer_cancel();
- bpf_get_attach_cookie() helper to get BPF cookie from BPF program side;
- bpf_get_func_ip() helper;
- bpf_sys_bpf() helper;
- bpf_task_pt_regs() helper;
- bpf_btf_find_by_name_kind() helper;
- usability improvements for bpf_tracing.h when target architecture is missing.
+ Bug fixes and compatibility improvements:
- improve BPF support detection on old Red Hat kernels with backported BPF patches;
- improvements for LTO builds with GCC 10+;
- pass NLM_F_EXCL when creating TC qdisc;
- better support of BPF map reuse on old kernels;
- fix the bug resulting in sometimes closing FD 0, which wasn't created and owned by libbpf itself.
- Remove patches merged upstream
+ libdir.patch
+ libbpf-Fix-build-with-latest-gcc-binutils-with-LTO.patch
++++ libdrm:
- covers jira#SLE/SLE-18743
++++ libepoxy:
- needed for jira#SLE/SLE-19965, jira#SLE/SLE-19964, jira#SLE/SLE-18653
++++ libglvnd:
- covers jira#SLE/SLE-18743
++++ ncurses:
- Add ncurses patch 20210925
+ add kbeg to xterm+keypad to accommodate termcap applications -TD
+ add smglp and smgrp to vt420+lrmm, to provide useful data for the
"tabs" +m option -TD
+ build-fix for gcc 3.4.3 with Solaris10, which does not allow forward
reference of anonymous struct typedef.
+ modify tput to allow multiple commands per line.
+ minor fixes for tset manpage.
- Correct offsets of patch ncurses-6.2.dif
++++ openssl-1_1:
- Enforce crypto-policies for the upcoming Leap 15.4 and SLE 15-SP4
++++ openSUSE-build-key:
- Only add openSUSE Backports key when building for a Leap system
(sle_version > 0). Tumbleweed does not use Backports.
++++ timezone:
- timezone update 2021b:
* Jordan now starts DST on February's last Thursday.
* Samoa no longer observes DST.
* Move some backward-compatibility links to 'backward'.
* Rename Pacific/Enderbury to Pacific/Kanton.
* Correct many pre-1993 transitions in Malawi, Portugal, etc.
* zic now creates each output file or link atomically.
* zic -L no longer omits the POSIX TZ string in its output.
* zic fixes for truncation and leap second table expiration.
* zic now follows POSIX for TZ strings using all-year DST.
* Fix some localtime crashes and bugs in obscure cases.
* zdump -v now outputs more-useful boundary cases.
* tzfile.5 better matches a draft successor to RFC 8536.
------------------------------------------------------------------
------------------ 2021-9-26 - Sep 26 2021 -------------------
------------------------------------------------------------------
++++ coreutils:
- Update to 9.0:
* Noteworthy changes in release 9.0 (2021-09-24) [stable]
* * Bug fixes
chmod -v no longer misreports modes of dangling symlinks.
[bug introduced in coreutils-5.3.0]
cp -a --attributes-only now never removes destination files,
even if the destination files are hardlinked, or the source
is a non regular file.
[bug introduced in coreutils-8.6]
csplit --suppress-matched now elides the last matched line
when a specific number of pattern matches are performed.
[bug introduced with the --suppress-matched feature in coreutils-8.22]
df no longer outputs duplicate remote mounts in the presence of bind mounts.
[bug introduced in coreutils-8.26]
df no longer mishandles command-line args that it pre-mounts
[bug introduced in coreutils-8.29]
du no longer crashes on XFS file systems when the directory hierarchy is
heavily changed during the run.
[bug introduced in coreutils-8.25]
env -S no longer crashes when given unusual whitespace characters
[bug introduced in coreutils-8.30]
expr no longer mishandles unmatched \(...\) in regular expressions.
[bug introduced in coreutils-6.0]
ls no longer crashes when printing the SELinux context for unstatable files.
[bug introduced in coreutils-6.9.91]
mkdir -m no longer mishandles modes more generous than the umask.
[bug introduced in coreutils-8.22]
nl now handles single character --section-delimiter arguments,
by assuming a second ':' character has been specified, as specified by POSIX.
[This bug was present in "the beginning".]
pr again adjusts tabs in input, to maintain alignment in multi column output.
[bug introduced in coreutils-6.9]
rm no longer skips an extra file when the removal of an empty directory fails.
[bug introduced by the rewrite to use fts in coreutils-8.0]
split --number=K/N will again correctly split chunk K of N to stdout.
Previously a chunk starting after 128KiB, output the wrong part of the file.
[bug introduced in coreutils-8.26]
tail -f no longer overruns a stack buffer when given too many files
to follow and ulimit -n exceeds 1024.
[bug introduced in coreutils-7.5]
tr no longer crashes when using --complement with certain
invalid combinations of case character classes.
[bug introduced in coreutils-8.6]
basenc --base64 --decode no longer silently discards decoded characters
on (1024*5) buffer boundaries
[bug introduced in coreutils-8.31]
* * Changes in behavior
cp and install now default to copy-on-write (COW) if available.
cp, install and mv now use the copy_file_range syscall if available.
Also, they use lseek+SEEK_HOLE rather than ioctl+FS_IOC_FIEMAP on sparse
files, as lseek is simpler and more portable.
On GNU/Linux systems, ls no longer issues an error message on a
directory merely because it was removed. This reverts a change
that was made in release 8.32.
ptx -T no longer attempts to substitute old-fashioned TeX escapes
for 8-bit non-ASCII alphabetic characters. TeX indexes should
instead use '\usepackage[latin1]{inputenc}' or equivalent.
stat will use decomposed (major,minor) device numbers in its default format.
This is less ambiguous, and more consistent with ls.
sum [-r] will output a file name, even if only a single name is passed.
This is consistent with sum -s, cksum, and other sum(1) implementations.
* * New Features
cksum now supports the -a (--algorithm) option to select any
of the existing sum, md5sum, b2sum, sha*sum implementations etc.
cksum now subsumes all of these programs, and coreutils
will introduce no future standalone checksum utility.
cksum -a now supports the 'sm3' argument, to use the SM3 digest algorithm.
cksum --check now supports auto detecting the digest type to use,
when verifying tagged format checksums.
expr and factor now support bignums on all platforms.
ls --classify now supports the "always", "auto", or "never" flags,
to support only outputting classifier characters if connected to a tty.
ls now accepts the --sort=width option, to sort by file name width.
This is useful to more compactly organize the default vertical column output.
ls now accepts the --zero option, to terminate each output line with
NUL instead of newline.
nl --line-increment can now take a negative number to decrement the count.
stat supports more formats for representing decomposed device numbers.
%Hd,%Ld and %Hr,%Lr will output major,minor device numbers and device types
respectively. %d corresponds to st_dev and %r to std_rdev.
* * Improvements
cat --show-ends will now show \r\n as ^M$. Previously the \r was taken
literally, thus overwriting the first character in the line with '$'.
cksum [-a crc] is now up to 4 times faster by using a slice by 8 algorithm,
and at least 8 times faster where pclmul instructions are supported.
A new --debug option will indicate if pclmul is being used.
md5sum --check now supports checksum files with CRLF line endings.
This also applies to cksum, sha*sum, and b2sum.
df now recognizes these file systems as remote:
acfs, coda, fhgfs, gpfs, ibrix, ocfs2, and vxfs.
rmdir now clarifies the error if a symlink_to_dir/ has not been traversed.
This is the case on GNU/Linux systems, where the trailing slash is ignored.
stat and tail now know about the "devmem", "exfat", "secretmem", "vboxsf",
and "zonefs" file system types. stat -f -c%T now reports the file system
type, and tail -f uses polling for "vboxsf" and inotify for the others.
timeout now supports sub-second timeouts on macOS.
wc is up to 5 times faster when counting only new line characters,
where avx2 instructions are supported.
A new --debug option will indicate if avx2 is being used.
- Remove patches which are included in the new upstream version now:
* coreutils-gnulib-disable-test-float.patch
* coreutils-ls-restore-8.31-behavior-on-removed-dirs.patch
* coreutils-tests-fix-FP-in-ls-stat-free-color.patch
* gnulib-test-avoid-FP-perror-strerror.patch
- coreutils-i18n.patch: Refresh patch. Also patch 'tests/Coreutils.pm' used
by perl-based tests to allow longer test names ... which the i18n tests with
their "-mb" suffix have.
- coreutils-chmod-fix-exit-status-ign-symlinks.patch: Add upstream patch to
fix a regression with the exit code of chmod introduced in 9.0.
- coreutils.spec:
* Version: bump version.
* Remove the above removed patches.
* Reference the above new patch.
++++ librsvg:
- Disable testsuite run on ix86 and arm.
++++ kernel-default:
- Update to 5.15-rc3
- eliminated 3 patches:
- patches.rpmify/scripts-sorttable-riscv-fix-undelcred-identifier-EM_.patch
- patches.suse/posix-cpu-timers-Fix-spuriously-armed-0-value-itimer.patch
- patches.suse/nvmem-nintendo-otp-add-dependency-on-CONFIG_HAS_IOME.patch
(still meaningful in upstream but no longer needed four our configs)
- refresh configs
- drop NVMEM_NINTENDO_OTP
- i386: drop XEN_PCIDEV_FRONTEND and SWIOTLB_XEN
- commit e48f187
- nvmet: fix a width vs precision bug in
nvmet_subsys_attr_serial_show() (git-fixes).
- commit fef4ef0
- Linux 5.14.8 (bsc#1012628).
- drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (bsc#1012628).
- selinux,smack: fix subjective/objective credential use mixups
(bsc#1012628).
- io_uring: fix off-by-one in BUILD_BUG_ON check of
__REQ_F_LAST_BIT (bsc#1012628).
- cifs: properly invalidate cached root handle when closing it
(bsc#1012628).
- sched/idle: Make the idle timer expire in hard interrupt context
(bsc#1012628).
- rtc: rx8010: select REGMAP_I2C (bsc#1012628).
- blk-mq: allow 4x BLK_MAX_REQUEST_COUNT at blk_plug for
multiple_queues (bsc#1012628).
- blk-throttle: fix UAF by deleteing timer in blk_throtl_exit()
(bsc#1012628).
- block: genhd: don't call blkdev_show() with major_names_lock
held (bsc#1012628).
- nvmet: fixup buffer overrun in nvmet_subsys_attr_serial()
(bsc#1012628).
- pwm: stm32-lp: Don't modify HW state in .remove() callback
(bsc#1012628).
- pwm: rockchip: Don't modify HW state in .remove() callback
(bsc#1012628).
- pwm: img: Don't modify HW state in .remove() callback
(bsc#1012628).
- habanalabs: cannot sleep while holding spinlock (bsc#1012628).
- habanalabs: add "in device creation" status (bsc#1012628).
- habanalabs: fix mmu node address resolution in debugfs
(bsc#1012628).
- habanalabs: add validity check for event ID received from F/W
(bsc#1012628).
- drm/amdgpu: fix fdinfo race with process exit (bsc#1012628).
- drm/amd/display: Fix memory leak reported by coverity
(bsc#1012628).
- drm/amdgpu: Fixes to returning VBIOS RAS EEPROM address
(bsc#1012628).
- habanalabs: fix nullifying of destroyed mmu pgt pool
(bsc#1012628).
- thermal/drivers/rcar_gen3_thermal: Store TSC id as unsigned int
(bsc#1012628).
- nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group
(bsc#1012628).
- nilfs2: fix memory leak in nilfs_sysfs_create_snapshot_group
(bsc#1012628).
- nilfs2: fix memory leak in nilfs_sysfs_delete_##name##_group
(bsc#1012628).
- nilfs2: fix memory leak in nilfs_sysfs_create_##name##_group
(bsc#1012628).
- nilfs2: fix NULL pointer in nilfs_##name##_attr_release
(bsc#1012628).
- nilfs2: fix memory leak in nilfs_sysfs_create_device_group
(bsc#1012628).
- btrfs: fix lockdep warning while mounting sprout fs
(bsc#1012628).
- btrfs: delay blkdev_put until after the device remove
(bsc#1012628).
- btrfs: update the bdev time directly when closing (bsc#1012628).
- s390/unwind: use current_frame_address() to unwind current task
(bsc#1012628).
- ceph: lockdep annotations for try_nonblocking_invalidate
(bsc#1012628).
- ceph: remove the capsnaps when removing caps (bsc#1012628).
- ceph: request Fw caps before updating the mtime in
ceph_write_iter (bsc#1012628).
- ceph: fix memory leak on decode error in ceph_handle_caps
(bsc#1012628).
- ACPI: PM: s2idle: Run both AMD and Microsoft methods if both
are supported (bsc#1012628).
- ASoC: audio-graph: respawn Platform Support (bsc#1012628).
- s390: add kmemleak annotation in stack_alloc() (bsc#1012628).
- dmaengine: xilinx_dma: Set DMA mask for coherent APIs
(bsc#1012628).
- dmaengine: ioat: depends on !UML (bsc#1012628).
- cxl/pci: Introduce cdevm_file_operations (bsc#1012628).
- cxl: Move cxl_core to new directory (bsc#1012628).
- dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (bsc#1012628).
- dmaengine: idxd: depends on !UML (bsc#1012628).
- riscv: dts: microchip: mpfs-icicle: Fix serial console
(bsc#1012628).
- of: property: Disable fw_devlink DT support for X86
(bsc#1012628).
- drm/ttm: Fix a deadlock if the target BO is not idle during swap
(bsc#1012628).
- arm64: mm: limit linear region to 51 bits for KVM in nVHE mode
(bsc#1012628).
- iommu/vt-d: Fix a deadlock in intel_svm_drain_prq()
(bsc#1012628).
- iommu/vt-d: Fix PASID leak in intel_svm_unbind_mm()
(bsc#1012628).
- iommu/amd: Relocate GAMSup check to early_enable_iommus
(bsc#1012628).
- parisc: Move pci_dev_is_behind_card_dino to where it is used
(bsc#1012628).
- dma-buf: DMABUF_DEBUG should depend on DMA_SHARED_BUFFER
(bsc#1012628).
- Update config files.
- dma-buf: DMABUF_MOVE_NOTIFY should depend on DMA_SHARED_BUFFER
(bsc#1012628).
- Update config files.
- drivers: base: cacheinfo: Get rid of
DEFINE_SMP_CALL_CACHE_FUNCTION() (bsc#1012628).
- drm/amdgpu: Disable PCIE_DPM on Intel RKL Platform
(bsc#1012628).
- thermal/core: Fix thermal_cooling_device_register() prototype
(bsc#1012628).
- tracing/boot: Fix to loop on only subkeys (bsc#1012628).
- tools/bootconfig: Fix tracing_on option checking in
ftrace2bconf.sh (bsc#1012628).
- Kconfig.debug: drop selecting non-existing
HARDLOCKUP_DETECTOR_ARCH (bsc#1012628).
- init: move usermodehelper_enable() to populate_rootfs()
(bsc#1012628).
- math: RATIONAL_KUNIT_TEST should depend on RATIONAL instead
of selecting it (bsc#1012628).
- SUNRPC: don't pause on incomplete allocation (bsc#1012628).
- s390/entry: make oklabel within CHKSTG macro local
(bsc#1012628).
- platform/chrome: cros_ec_trace: Fix format warnings
(bsc#1012628).
- platform/chrome: sensorhub: Add trace events for sample
(bsc#1012628).
- dmaengine: idxd: clear block on fault flag when clear wq
(bsc#1012628).
- dmaengine: idxd: fix abort status check (bsc#1012628).
- dmaengine: idxd: fix wq slot allocation index check
(bsc#1012628).
- dmaengine: idxd: have command status always set (bsc#1012628).
- dmanegine: idxd: cleanup all device related bits after disabling
device (bsc#1012628).
- pwm: mxs: Don't modify HW state in .probe() after the PWM chip
was registered (bsc#1012628).
- pwm: lpc32xx: Don't modify HW state in .probe() after the PWM
chip was registered (bsc#1012628).
- ceph: cancel delayed work instead of flushing on mdsc teardown
(bsc#1012628).
- thermal/drivers/qcom/spmi-adc-tm5: Don't abort probing if a
sensor is not used (bsc#1012628).
- PM: sleep: core: Avoid setting power.must_resume to false
(bsc#1012628).
- profiling: fix shift-out-of-bounds bugs (bsc#1012628).
- nilfs2: use refcount_dec_and_lock() to fix potential UAF
(bsc#1012628).
- prctl: allow to setup brk for et_dyn executables (bsc#1012628).
- pwm: ab8500: Fix register offset calculation to not depend on
probe order (bsc#1012628).
- 9p/trans_virtio: Remove sysfs file on probe failure
(bsc#1012628).
- thermal/drivers/exynos: Fix an error code in exynos_tmu_probe()
(bsc#1012628).
- n64cart: fix return value check in n64cart_probe()
(bsc#1012628).
- staging: rtl8723bs: fix wpa_set_auth_algs() function
(bsc#1012628).
- perf tools: Allow build-id with trailing zeros (bsc#1012628).
- perf symbol: Look for ImageBase in PE file to compute .text
offset (bsc#1012628).
- perf test: Fix bpf test sample mismatch reporting (bsc#1012628).
- dmaengine: acpi: Avoid comparison GSI with Linux vIRQ
(bsc#1012628).
- RDMA/mlx5: Fix xlt_chunk_align calculation (bsc#1012628).
- RDMA/hns: Enable stash feature of HIP09 (bsc#1012628).
- um: virtio_uml: fix memory leak on init failures (bsc#1012628).
- coredump: fix memleak in dump_vma_snapshot() (bsc#1012628).
- um: fix stub location calculation (bsc#1012628).
- staging: rtl8192u: Fix bitwise vs logical operator in
TranslateRxSignalStuff819xUsb() (bsc#1012628).
- console: consume APC, DM, DCS (bsc#1012628).
- PCI: aardvark: Fix reporting CRS value (bsc#1012628).
- PCI: pci-bridge-emul: Add PCIe Root Capabilities Register
(bsc#1012628).
- commit 94242c6
++++ libsoup:
- Update to version 3.0.1:
+ Move python overrides to upstream pygobject.
+ Fix minor build warnings.
- Drop python3-Soup sub-package following upstream changes.
++++ python-distro:
- Expliciting setting of locale is not necessary anymore
(gh#python-distro/distro#223).
------------------------------------------------------------------
------------------ 2021-9-25 - Sep 25 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- rpm/config.sh: Compress modules with zstd (jsc#SLE-21256, boo#1192457).
- rpm/config.sh: Compress modules with zstd (jsc#SLE-21256).
- commit 0851921
++++ libsolv:
- fix misparsing of '&' in attributes with libxml2
- choice rules: treat orphaned packages as newest [bsc#1190465]
- fix compatibility with Python 3.10
- new SOLVER_EXCLUDEFROMWEAK job type
- support for environments in comps parser
- bump version to 0.7.20
------------------------------------------------------------------
------------------ 2021-9-24 - Sep 24 2021 -------------------
------------------------------------------------------------------
++++ ca-certificates-mozilla:
- remove the DST_Root_CA_X3.pem trust, as it expires september 30th 2021.
(bsc#1190858)
++++ conmon:
- Update to version 2.0.30:
* Remove unreachable code path
* exit: report if the exit command was killed
* exit: fix race zombie reaper
* conn_sock: allow watchdog messages through the notify socket proxy
* seccomp: add support for seccomp notify
++++ crypto-policies:
- Remove the scripts and documentation regarding
fips-finish-install and test-fips-setup
* Add crypto-policies-FIPS.patch
- Update to version 20210917.c9d86d1:
* openssl: fix disabling ChaCha20
* pacify pylint 2.11: use format strings
* pacify pylint 2.11: specify explicit encoding
* fix minor things found by new pylint
* update-crypto-policies: --check against regenerated
* update-crypto-policies: fix --check's walking order
* policygenerators/gnutls: revert disabling DTLS0.9...
* policygenerators/java: add javasystem backend
* LEGACY: bump 1023 key size to 1024
* cryptopolicies: fix 'and' in deprecation warnings
* *ssh: condition ecdh-sha2-nistp384 on SECP384R1
* nss: hopefully the last fix for nss sigalgs check
* cryptopolicies: Python 3.10 compatibility
* nss: postponing check + testing at least something
* Rename 'policy modules' to 'subpolicies'
* validation.rules: fix a missing word in error
* cryptopolicies: raise errors right after warnings
* update-crypto-policies: capitalize warnings
* cryptopolicies: syntax-precheck scope errors
* .gitlab-ci.yml, Makefile: enable codespell
* all: fix several typos
* docs: don't leave zero TLS/DTLS protocols on
* openssl: separate TLS/DTLS MinProtocol/MaxProtocol
* alg_lists: order protocols new-to-old for consistency
* alg_lists: max_{d,}tls_version
* update-crypto-policies: fix pregenerated + local.d
* openssh: allow validation with pre-8.5
* .gitlab-ci.yml: run commit-range against upstream
* openssh: Use the new name for PubkeyAcceptedKeyTypes
* sha1_in_dnssec: deprecate
* .gitlab-ci.yml: test commit ranges
* FIPS:OSPP: sign = -*-SHA2-224
* scoped policies: documentation update
* scoped policies: use new features to the fullest...
* scoped policies: rewrite + minimal policy changes
* scoped policies: rewrite preparations
* nss: postponing the version check again, to 3.64
- Remove patches fixed upstream: crypto-policies-typos.patch
- Rebase: crypto-policies-test_supported_modules_only.patch
- Merge crypto-policies-asciidoc.patch into
crypto-policies-no-build-manpages.patch
++++ kmod:
- Enable ZSTD on 15.4 (jsc#SLE-21256).
++++ systemd:
- Make sure the build process won't create /var/log/journal
- /var/log/journal/remote is owned by systemd-journal-remote
- systemd.spec: fix a bunch of rpmlint errors/warnings
- Drop systemd-logger
This sub package was introduced in order to configure persistent
journal and also to make sure that another syslog provider (such as
rsyslog) couldn't be installed at the same time: each syslog
provider conflicts with each others.
However this mechanism didn't work since uninstalling systemd-logger
wasn't magically turning off persistent logging because
/var/log/journal is likely to be populated hence not removed.
Moreover using a subpackage to configure the mode of journald was
overkill and the usual ways (main conf file or drop-ins) should be
preferred.
++++ salt:
- Support querying for JSON data in external sql pillar
- Added:
* 3003.3-postgresql-json-support-in-pillar-423.patch
------------------------------------------------------------------
------------------ 2021-9-23 - Sep 23 2021 -------------------
------------------------------------------------------------------
++++ dbus-1:
- Added BuildRequires alts for libalternatives.
++++ dnsmasq:
- jsc#SLE-17936: Sync this state from Factory to SLE-15-SP1.
- SLE bugs that got fixed upstream between 2.79 and 2.86, but for
which we need to keep references when syncing:
* bsc#1176076: dnsmasq-servfail.patch
* bsc#1156543: dnsmasq-siocgstamp.patch
* bsc#1138743: dnsmasq-cache-size.patch
* bsc#1076958: CVE-2017-15107, dnsmasq-CVE-2017-15107.patch
* bsc#1180914: Open inotify socket only when used.
* removed dnsmasq-dnspooq.patch
- bsc#1173646, CVE-2020-14312: Set --local-service by default.
++++ transactional-update:
- Version 3.5.6
- tukit: Add S/390 bootloader support [bsc#1189807]
- t-u: support purge-kernels with t-u patch [bsc#1190788]
++++ gawk:
- remove update-alternatives support, as on linux systems GNU software
(i.e. gawk in this case) is usually considered the default implementation.
- use %make macros
++++ rpm:
- update to rpm-4.17.0
- dropped support for berkeley db
- archive unpacking failures no longer leave garbage
- unified built-in and user-define macro syntax and calling conventions
- python generators and debuginfo extraction has been split into a
separate upstream project
- support for ed25519 signatures
- easier rpm macro access in lua
- new patches:
* python-rpm-packaging.diff
* singlefilemode.diff
* verbosearg.diff
- modified patches:
* usr-lib-sysimage-rpm.patch
* localetag.diff
* brp.diff
* findlang.diff
* macrosin.diff
* rpmqpack.diff
* build.diff
* whatrequires-doc.diff
* remove-brp-strips.diff
* fileattrs.diff
* langnoc.diff
* find-lang-qt-qm.patch
* findsupplements.diff
* finddebuginfo.diff
* finddebuginfo-absolute-links.diff
* debugsubpkg.diff
* debuglink.diff
* debuginfo-mono.patch
- dropped patches:
* db.diff
* dbfsync.diff
* dbprivate.diff
* dwarf5.diff
* ndbglue.diff
* pythondistdeps.diff
* suspendlock.diff
* taggedfileindex.diff
* waitlock.diff
* add-dwz-single-file-mode-option.patch
++++ libvirt:
- spec: Fix hangs during package update
bsc#1177902, bsc#1190693
- spec: Don't add --timeout arg to /etc/sysconfig/libvirtd when
running in traditional mode without socket activation
bsc#1190695
++++ python-rpm:
- update to rpm-4.17.0
------------------------------------------------------------------
------------------ 2021-9-22 - Sep 22 2021 -------------------
------------------------------------------------------------------
++++ NetworkManager:
- Update to version 1.32.12:
+ Fix wrong order of addresses when restarting NetworkManager.
+ Preserve the IPv6 ff00::/8 route added by kernel in the local
table, necessary for multicast communication.
+ Fix emitting the signal for changed metered status of devices.
+ Fix applying the ethtool autonegotiation and speed settings.
+ initrd: fix crash parsing plain '=' without key.
+ cloud-setup: use suppress_prefixlength rule to honor
non-default-routes in the main table.
- Drop nm-add-CAP_CHOWN-capability.patch: This solution was denied
by upstream maintainers.
++++ curl:
- Update to 7.79.1:
* Bugfixes:
- Curl_http2_setup: don't change connection data on repeat invokes
- curl_multi_fdset: make FD_SET() not operate on sockets out of range
- dist: provide lib/.checksrc in the tarball
- FAQ: add GOPHERS + curl works on data, not files
- hsts: CURLSTS_FAIL from hsts read callback should fail transfer
- hsts: handle unlimited expiry
- http: fix the broken >3 digit response code detection
- strerror: use sys_errlist instead of strerror on Windows
- test1184: disable: https://github.com/curl/curl/issues/7725
- tests/sshserver.pl: make it work with openssh-8.7p1
++++ grub2:
- Improve support for SLE Micro 5.1 on s390x. (bsc#1190395)
* amend grub2-s390x-04-grub2-install.patch
* refresh grub2-s390x-11-secureboot.patch
++++ iputils:
- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
* harden_rdisc.service.patch
++++ kernel-default:
- kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as
well.
Fixes: e98096d5cf85 ("rpm: Abolish scritplet templating (bsc#1189841).")
- commit e082fbf
- Linux 5.14.7 (bsc#1012628).
- net: stmmac: fix MAC not working when system resume back with
WoL active (bsc#1012628).
- io_uring: ensure symmetry in handling iter types in
loop_rw_iter() (bsc#1012628).
- swiotlb-xen: avoid double free (bsc#1012628).
- swiotlb-xen: fix late init retry (bsc#1012628).
- xen: reset legacy rtc flag for PV domU (bsc#1012628).
- xen: fix usage of pmd_populate in mremap for pv guests
(bsc#1012628).
- bnx2x: Fix enabling network interfaces without VFs
(bsc#1012628).
- arm64/sve: Use correct size when reinitialising SVE state
(bsc#1012628).
- PM: base: power: don't try to use non-existing RTC for storing
data (bsc#1012628).
- PCI: Add AMD GPU multi-function power dependencies
(bsc#1012628).
- drm/amd/display: Get backlight from PWM if DMCU is not
initialized (bsc#1012628).
- drm/amd/display: dsc mst 2 4K displays go dark with 2 lane HBR3
(bsc#1012628).
- drm/amd/display: Fix white screen page fault for gpuvm
(bsc#1012628).
- drm/amd/pm: fix runpm hang when amdgpu loaded prior to sound
driver (bsc#1012628).
- drm/amd/amdgpu: Increase HWIP_MAX_INSTANCE to 10 (bsc#1012628).
- drm/amdgpu: use IS_ERR for debugfs APIs (bsc#1012628).
- drm/amdgpu: fix use after free during BO move (bsc#1012628).
- drm/amdgpu: add amdgpu_amdkfd_resume_iommu (bsc#1012628).
- drm/amdgpu: move iommu_resume before ip init/resume
(bsc#1012628).
- drm/amd/pm: fix the issue of uploading powerplay table
(bsc#1012628).
- drm/amdkfd: separate kfd_iommu_resume from kfd_resume
(bsc#1012628).
- drm/radeon: pass drm dev radeon_agp_head_init directly
(bsc#1012628).
- io_uring: allow retry for O_NONBLOCK if async is supported
(bsc#1012628).
- drm/etnaviv: return context from etnaviv_iommu_context_get
(bsc#1012628).
- drm/etnaviv: put submit prev MMU context when it exists
(bsc#1012628).
- drm/etnaviv: stop abusing mmu_context as FE running marker
(bsc#1012628).
- drm/etnaviv: keep MMU context across runtime suspend/resume
(bsc#1012628).
- drm/etnaviv: exec and MMU state is lost when resetting the GPU
(bsc#1012628).
- drm/etnaviv: fix MMU context leak on GPU reset (bsc#1012628).
- drm/etnaviv: reference MMU context when setting up hardware
state (bsc#1012628).
- drm/etnaviv: add missing MMU context put when reaping MMU
mapping (bsc#1012628).
- s390/sclp: fix Secure-IPL facility detection (bsc#1012628).
- net: qrtr: revert check in qrtr_endpoint_post() (bsc#1012628).
- x86/pat: Pass valid address to sanitize_phys() (bsc#1012628).
- x86/mm: Fix kern_addr_valid() to cope with existing but not
present entries (bsc#1012628).
- x86/mce: Avoid infinite loop for copy from user recovery
(bsc#1012628).
- net: remove the unnecessary check in cipso_v4_doi_free
(bsc#1012628).
- net/{mlx5|nfp|bnxt}: Remove unnecessary RTNL lock assert
(bsc#1012628).
- net-caif: avoid user-triggerable WARN_ON(1) (bsc#1012628).
- ptp: dp83640: don't define PAGE0 (bsc#1012628).
- dccp: don't duplicate ccid when cloning dccp sock (bsc#1012628).
- net/l2tp: Fix reference count leak in l2tp_udp_recv_core
(bsc#1012628).
- r6040: Restore MDIO clock frequency after MAC reset
(bsc#1012628).
- tipc: increase timeout in tipc_sk_enqueue() (bsc#1012628).
- drm/rockchip: cdn-dp-core: Make cdn_dp_core_resume
__maybe_unused (bsc#1012628).
- rtc: cmos: Disable irq around direct invocation of
cmos_interrupt() (bsc#1012628).
- drm/i915/dp: return proper DPRX link training result
(bsc#1012628).
- perf machine: Initialize srcline string member in add_location
struct (bsc#1012628).
- net/mlx5: FWTrace, cancel work on alloc pd error flow
(bsc#1012628).
- net/mlx5: Fix potential sleeping in atomic context
(bsc#1012628).
- net: stmmac: fix system hang caused by eee_ctrl_timer during
suspend/resume (bsc#1012628).
- igc: fix tunnel offloading (bsc#1012628).
- nvme-tcp: fix io_work priority inversion (bsc#1012628).
- powerpc/64s: system call scv tabort fix for corrupt irq
soft-mask state (bsc#1012628).
- events: Reuse value read using READ_ONCE instead of re-reading
it (bsc#1012628).
- net: ipa: initialize all filter table slots (bsc#1012628).
- gen_compile_commands: fix missing 'sys' package (bsc#1012628).
- vhost_net: fix OoB on sendmsg() failure (bsc#1012628).
- net/af_unix: fix a data-race in unix_dgram_poll (bsc#1012628).
- net: dsa: destroy the phylink instance on any error in
dsa_slave_phy_setup (bsc#1012628).
- x86/uaccess: Fix 32-bit __get_user_asm_u64() when
CC_HAS_ASM_GOTO_OUTPUT=y (bsc#1012628).
- tcp: fix tp->undo_retrans accounting in tcp_sacktag_one()
(bsc#1012628).
- selftest: net: fix typo in altname test (bsc#1012628).
- qed: Handle management FW error (bsc#1012628).
- udp_tunnel: Fix udp_tunnel_nic work-queue type (bsc#1012628).
- dt-bindings: arm: Fix Toradex compatible typo (bsc#1012628).
- ibmvnic: check failover_pending in login response (bsc#1012628).
- KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode
changing registers (bsc#1012628).
- powerpc/64s: system call rfscv workaround for TM bugs
(bsc#1012628).
- powerpc/mce: Fix access error in mce handler (bsc#1012628).
- s390/pci_mmio: fully validate the VMA before calling
follow_pte() (bsc#1012628).
- bnxt_en: make bnxt_free_skbs() safe to call after
bnxt_free_mem() (bsc#1012628).
- net: hns3: pad the short tunnel frame before sending to hardware
(bsc#1012628).
- net: hns3: change affinity_mask to numa node range
(bsc#1012628).
- net: hns3: disable mac in flr process (bsc#1012628).
- net: hns3: fix the timing issue of VF clearing interrupt sources
(bsc#1012628).
- net: stmmac: platform: fix build warning when with
!CONFIG_PM_SLEEP (bsc#1012628).
- Drivers: hv: vmbus: Fix kernel crash upon unbinding a device
from uio_hv_generic driver (bsc#1012628).
- net/mlx5e: Fix mutual exclusion between CQE compression and
HW TS (bsc#1012628).
- ice: Correctly deal with PFs that do not support RDMA
(bsc#1012628).
- net: dsa: qca8k: fix kernel panic with legacy mdio mapping
(bsc#1012628).
- net: dsa: lantiq_gswip: Add 200ms assert delay (bsc#1012628).
- net: hns3: fix the exception when query imp info (bsc#1012628).
- nvme: avoid race in shutdown namespace removal (bsc#1012628).
- blkcg: fix memory leak in blk_iolatency_init (bsc#1012628).
- net: dsa: flush switchdev workqueue before tearing down CPU/DSA
ports (bsc#1012628).
- mlxbf_gige: clear valid_polarity upon open (bsc#1012628).
- dt-bindings: mtd: gpmc: Fix the ECC bytes vs. OOB bytes equation
(bsc#1012628).
- remoteproc: qcom: wcnss: Fix race with iris probe (bsc#1012628).
- mfd: db8500-prcmu: Adjust map to reality (bsc#1012628).
- PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms
(bsc#1012628).
- fuse: fix use after free in fuse_read_interrupt() (bsc#1012628).
- PCI: tegra194: Fix handling BME_CHGED event (bsc#1012628).
- PCI: tegra194: Fix MSI-X programming (bsc#1012628).
- PCI: tegra: Fix OF node reference leak (bsc#1012628).
- mfd: Don't use irq_create_mapping() to resolve a mapping
(bsc#1012628).
- PCI: rcar: Fix runtime PM imbalance in rcar_pcie_ep_probe()
(bsc#1012628).
- riscv: fix the global name pfn_base confliction error
(bsc#1012628).
- KVM: arm64: Make hyp_panic() more robust when protected mode
is enabled (bsc#1012628).
- tracing/probes: Reject events which have the same name of
existing one (bsc#1012628).
- PCI: cadence: Use bitfield for *quirk_retrain_flag* instead
of bool (bsc#1012628).
- PCI: cadence: Add quirk flag to set minimum delay in LTSSM
Detect.Quiet state (bsc#1012628).
- PCI: j721e: Add PCIe support for J7200 (bsc#1012628).
- PCI: j721e: Add PCIe support for AM64 (bsc#1012628).
- PCI: Add ACS quirks for Cavium multi-function devices
(bsc#1012628).
- watchdog: Start watchdog in watchdog_set_last_hw_keepalive
only if appropriate (bsc#1012628).
- octeontx2-af: Add additional register check to rvu_poll_reg()
(bsc#1012628).
- Set fc_nlinfo in nh_create_ipv4, nh_create_ipv6 (bsc#1012628).
- flow: fix object-size-mismatch warning in
flowi{4,6}_to_flowi_common() (bsc#1012628).
- net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920
(bsc#1012628).
- block, bfq: honor already-setup queue merges (bsc#1012628).
- PCI: ibmphp: Fix double unmap of io_mem (bsc#1012628).
- loop: reduce the loop_ctl_mutex scope (bsc#1012628).
- ethtool: Fix an error code in cxgb2.c (bsc#1012628).
- NTB: Fix an error code in ntb_msit_probe() (bsc#1012628).
- NTB: perf: Fix an error code in perf_setup_inbuf()
(bsc#1012628).
- stmmac: dwmac-loongson:Fix missing return value (bsc#1012628).
- net: phylink: add suspend/resume support (bsc#1012628).
- mfd: axp20x: Update AXP288 volatile ranges (bsc#1012628).
- backlight: ktd253: Stabilize backlight (bsc#1012628).
- PCI: controller: PCI_IXP4XX should depend on ARCH_IXP4XX
(bsc#1012628).
- PCI: of: Don't fail devm_pci_alloc_host_bridge() on missing
'ranges' (bsc#1012628).
- PCI: iproc: Fix BCMA probe resource handling (bsc#1012628).
- netfilter: nft_ct: protect nft_ct_pcpu_template_refcnt with
mutex (bsc#1012628).
- KVM: arm64: Restrict IPA size to maximum 48 bits on 4K and
16K page size (bsc#1012628).
- PCI: Fix pci_dev_str_match_path() alloc while atomic bug
(bsc#1012628).
- mfd: tqmx86: Clear GPIO IRQ resource when no IRQ is set
(bsc#1012628).
- tracing/boot: Fix a hist trigger dependency for boot time
tracing (bsc#1012628).
- mtd: mtdconcat: Judge callback existence based on the master
(bsc#1012628).
- mtd: mtdconcat: Check _read, _write callbacks existence before
assignment (bsc#1012628).
- KVM: arm64: Fix read-side race on updates to vcpu reset state
(bsc#1012628).
- KVM: arm64: Handle PSCI resets before userspace touches vCPU
state (bsc#1012628).
- PCI/PTM: Remove error message at boot (bsc#1012628).
- PCI: Sync __pci_register_driver() stub for CONFIG_PCI=n
(bsc#1012628).
- mtd: rawnand: cafe: Fix a resource leak in the error handling
path of 'cafe_nand_probe()' (bsc#1012628).
- ARC: export clear_user_page() for modules (bsc#1012628).
- perf config: Fix caching and memory leak in
perf_home_perfconfig() (bsc#1012628).
- perf unwind: Do not overwrite
FEATURE_CHECK_LDFLAGS-libunwind-{x86,aarch64} (bsc#1012628).
- perf bench inject-buildid: Handle writen() errors (bsc#1012628).
- gpio: mpc8xxx: Fix a resources leak in the error handling path
of 'mpc8xxx_probe()' (bsc#1012628).
- gpio: mpc8xxx: Fix a potential double iounmap call in
'mpc8xxx_probe()' (bsc#1012628).
- gpio: mpc8xxx: Use 'devm_gpiochip_add_data()' to simplify the
code and avoid a leak (bsc#1012628).
- io_uring: retry in case of short read on block device
(bsc#1012628).
- net: dsa: tag_rtl4_a: Fix egress tags (bsc#1012628).
- tools build: Fix feature detect clean for out of source builds
(bsc#1012628).
- mptcp: fix possible divide by zero (bsc#1012628).
- selftests: mptcp: clean tmp files in simult_flows (bsc#1012628).
- net: hso: add failure handler for add_net_device (bsc#1012628).
- net: dsa: b53: Fix calculating number of switch ports
(bsc#1012628).
- net: dsa: b53: Set correct number of ports in the DSA struct
(bsc#1012628).
- mptcp: Only send extra TCP acks in eligible socket states
(bsc#1012628).
- netfilter: socket: icmp6: fix use-after-scope (bsc#1012628).
- fq_codel: reject silly quantum parameters (bsc#1012628).
- qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom
(bsc#1012628).
- iwlwifi: move get pnvm file name to a separate function
(bsc#1012628).
- iwlwifi: pnvm: Fix a memory leak in 'iwl_pnvm_get_from_fs()'
(bsc#1012628).
- ip_gre: validate csum_start only on pull (bsc#1012628).
- net: dsa: b53: Fix IMP port setup on BCM5301x (bsc#1012628).
- bnxt_en: fix stored FW_PSID version masks (bsc#1012628).
- bnxt_en: Fix asic.rev in devlink dev info command (bsc#1012628).
- bnxt_en: Fix possible unintended driver initiated error recovery
(bsc#1012628).
- ip6_gre: Revert "ip6_gre: add validation for csum_start"
(bsc#1012628).
- mfd: lpc_sch: Rename GPIOBASE to prevent build error
(bsc#1012628).
- cxgb3: fix oops on module removal (bsc#1012628).
- net: renesas: sh_eth: Fix freeing wrong tx descriptor
(bsc#1012628).
- bnxt_en: Fix error recovery regression (bsc#1012628).
- net: dsa: bcm_sf2: Fix array overrun in
bcm_sf2_num_active_ports() (bsc#1012628).
- s390/bpf: Fix optimizing out zero-extensions (bsc#1012628).
- s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant
(bsc#1012628).
- s390/bpf: Fix branch shortening during codegen pass
(bsc#1012628).
- Update config files.
- commit aa9b3e1
++++ systemd:
- Import commit 7a5801342fe2f53e5c2a8578d6db132c0eca2d97
8d65ec4a66 test: wc is needed by test/units/testsuite-50.sh
1527bcc5dd test: make the installation of the debug tools optional in the image
f4e6bf0b37 journalctl: never fail at flushing when the flushed flag is set (bsc#1188588)
- Update the dependencies of the testsuite package
The debug tools are optional thus no more required.
OTOH strip(1) is needed when building the test image and nc(1) is
needed by some tests.
++++ sudo:
- update to 1.9.8p2
* Fixed a potential out-of-bounds read with "sudo -i" when the
target user's shell is bash. This is a regression introduced
in sudo 1.9.8. Bug #998.
* sudo_logsrvd now only sends a log ID for first command of a session.
There is no need to send the log ID for each sub-command.
* Fixed a few minor memory leaks in intercept mode.
* Fixed a problem with sudo_logsrvd in relay mode if "store_first"
was enabled when handling sub-commands. A new zero-length journal
file was created for each sub-command instead of simply using
the existing journal file.
- update to 1.9.8p1
* Fixed support for passing a prompt (sudo -p) or a login class
(sudo -l) on the command line. This is a regression introduced
in sudo 1.9.8. Bug #993.
* Fixed a crash with "sudo ALL" rules in the LDAP and SSSD back-ends.
This is a regression introduced in sudo 1.9.8. Bug #994.
* Fixed a compilation error when the --enable-static-sudoers configure
option was specified. This is a regression introduced in sudo
1.9.8 caused by a symbol clash with the intercept and log server
protobuf functions.
* It is now possible to transparently intercepting sub-commands
executed by the original command run via sudo. Intercept support
is implemented using LD_PRELOAD (or the equivalent supported by
the system) and so has some limitations. The two main limitations
are that only dynamic executables are supported and only the
execl, execle, execlp, execv, execve, execvp, and execvpe library
functions are currently intercepted. Its main use case is to
support restricting privileged shells run via sudo.
To support this, there is a new "intercept" Defaults setting and
an INTERCEPT command tag that can be used in sudoers. For example:
Cmnd_Alias SHELLS=/bin/bash, /bin/sh, /bin/csh, /bin/ksh, /bin/zsh
Defaults!SHELLS intercept
would cause sudo to run the listed shells in intercept mode.
This can also be set on a per-rule basis. For example:
Cmnd_Alias SHELLS=/bin/bash, /bin/sh, /bin/csh, /bin/ksh, /bin/zsh
chuck ALL = INTERCEPT: SHELLS
would only apply intercept mode to user "chuck" when running one
of the listed shells.
In intercept mode, sudo will not prompt for a password before
running a sub-command and will not allow a set-user-ID or
set-group-ID program to be run by default. The new
intercept_authenticate and intercept_allow_setid sudoers settings
can be used to change this behavior.
* The new "log_subcmds" sudoers setting can be used to log additional
commands run in a privileged shell. It uses the same mechanism as
the intercept support described above and has the same limitations.
* The new "log_exit_status" sudoers setting can be used to log
the exit status commands run via sudo. This is also a corresponding
"log_exit" setting in the sudo_logsrvd.conf eventlog stanza.
* Support for logging sudo_logsrvd errors via syslog or to a file.
Previously, most sudo_logsrvd errors were only visible in the
debug log.
* Better diagnostics when there is a TLS certificate validation error.
* Using the "+=" or "-=" operators in a Defaults setting that takes
a string, not a list, now produces a warning from sudo and a
syntax error from inside visudo.
* Fixed a bug where the "iolog_mode" setting in sudoers and sudo_logsrvd
had no effect when creating I/O log parent directories if the I/O log
file name ended with the string "XXXXXX".
* Fixed a bug in the sudoers custom prompt code where the size
parameter that was passed to the strlcpy() function was incorrect.
No overflow was possible since the correct amount of memory was
already pre-allocated.
* The mksigname and mksiglist helper programs are now built with
the host compiler, not the target compiler, when cross-compiling.
Bug #989.
* Fixed compilation error when the --enable-static-sudoers configure
option was specified. This was due to a typo introduced in sudo
1.9.7. GitHub PR #113.
- pack /usr/libexec/sudo/sudo/sudo_intercept.so
++++ swtpm:
- Update to version 0.6.1:
- swtpm:
- Clear keys from stack and heap
- swtpm-localca:
- Add missing else branch for pkcs11 and PIN
- swtpm_setup:
- Initialize Gerror and free it
- Replace '\\s' in regex with [[:space:]] to fix cygwin
- tests:
- Kill tpm2-abrmd with SIGKILL rather SIGTERM
- build-sys:
- Use -DOPENSSL_SUPPRESS_DEPRECATED to suppress deprecation warnings (OSSL 3)
- Enable configuring with CFLAGS and passing additional CFLAGS on build
------------------------------------------------------------------
------------------ 2021-9-21 - Sep 21 2021 -------------------
------------------------------------------------------------------
++++ Mesa:
- update to 21.2.2
* second bugfix release: a ton of work went into panfrost,
getting it closer to being conformant (it is conformant on
21.3!); fixes for ir3, croccus, nir, utils, llvmpipe, gallivm,
zink, glsl, v3d, vc4, intel, mesa, aco, iris, radv, and even
osmesa.
++++ Mesa-drivers:
- update to 21.2.2
* second bugfix release: a ton of work went into panfrost,
getting it closer to being conformant (it is conformant on
21.3!); fixes for ir3, croccus, nir, utils, llvmpipe, gallivm,
zink, glsl, v3d, vc4, intel, mesa, aco, iris, radv, and even
osmesa.
++++ btrfsprogs:
- Update to 5.14.1
* fixes:
* defrag: fix parsing of compression (option -c)
* add workaround for old kernels when reading zone sizes
* let only check and restore open the fs with transid failures, namely
preventing btrfstune to do so
* convert: --uuid copy does not fail on duplicate uuids
++++ kernel-default:
- Revert "Revert "rpm: Abolish scritplet templating (bsc#1189841).""
This reverts commit f924054cc523527b52203e352adb073db0962f5f.
New suse-module-tools were accepted to factory:
https://build.opensuse.org/request/show/919089
- commit 6abad1e
++++ libfido2:
- Removed fix-cmake-linking.patch because no longer needed
++++ libgcrypt:
- FIPS: Provide a module name/identifier and version that can be
mapped to the validation records. [bsc#1190706]
* Add libgcrypt-FIPS-module-version.patch
* Upstream task: https://dev.gnupg.org/T5600
- FIPS: Enable hardware support also in FIPS mode [bsc#1187110]
* Add libgcrypt-FIPS-hw-optimizations.patch
* Upstream task: https://dev.gnupg.org/T5508
++++ jitterentropy:
- add a userspace jitter entropy generator library
++++ multipath-tools:
- Add a versioned dependency of multipath-tools on libmpath0
(bsc#1190622)
++++ snapper:
- look for most configuration files in /etc/snapper and
/usr/share/snapper (bsc#1189601)
- version 0.9.1
++++ systemd-default-settings:
- Import commit 6b8dde1d4f867aff713af6d6830510a84fad58d2
6b8dde1 Convert more drop-ins into early ones
------------------------------------------------------------------
------------------ 2021-9-20 - Sep 20 2021 -------------------
------------------------------------------------------------------
++++ audit-secondary:
- Fix hardened auditd.service (bsc#1181400)
* add fix-hardened-service.patch
Make /etc/audit read-write from the service.
Remove PrivateDevices=true to expose /dev/* to auditd.service.
- Enable stop rules for audit.service (cf. bsc#1190227)
* add enable-stop-rules.patch
++++ diffutils:
- Skip stack overflow tests under qemu emulation (bsc#1190046)
++++ docker:
- Add patch to return ENOSYS for clone3 to avoid breaking glibc again.
bsc#1190670
+ 0006-bsc1190670-seccomp-add-support-for-clone3-syscall-in.patch
++++ kernel-default:
- Update to 5.15-rc2
- eliminated 2 patches
- patches.suse/memblock-introduce-saner-memblock_free_ptr-interface.patch
- patches.suse/tools-bootconfig-define-memblock_free_ptr-to-fix-build-error.patch
- update configs
- ARCH_NR_GPIO (1024 on x86_64, 512 on i386)
- drop WARN_DYNAMIC_STACK on s390x
- commit 05c92eb
++++ parted:
- run checks during build
- added patches:
tests-disable.patch
++++ ceph:
- Update to Version: 16.2.6.45+g8fda9838398:
+ rebased on top of upstream commit SHA1 dbc87327c37d0f305c2107e487cb98a072ae858b
upstream 16.2.6 release
https://ceph.io/releases/v16-2-6-pacific-released/
++++ libsoup:
- Update to version 3.0.0:
+ Remove unused dependency on libxml.
+ Use G_DECLARE_FINAL_TYPE when applicable and bump GLib
dependency to 2.69.1.
+ Add PyGObject overrides for SoupMessageHeaders to behave like a
dict.
+ Fix soup_message_add_status_code_handler() in Vala.
+ Ensure that all header values are valid UTF-8, other encodings
are not supported.
+ Support Content-Disposition headers missing a disposition-type.
- Drop pkgconfig(libxml-2.0) BuildRequires: follow upstream.
- Split out new python3-Soup package.
++++ shadow:
- bsc#1190146: Fix empty subid range
Add shadow-4.9-useradd-subuid.patch
https://github.com/shadow-maint/shadow/pull/399
- bsc#1190145: Fix double free in gpasswd:
Add shadow-4.9-sgent-free.patch upstreamed as
https://github.com/shadow-maint/shadow/pull/417
++++ salt:
- Update to Salt release version 3003.3
- See release notes: https://docs.saltstack.com/en/latest/topics/releases/3003.3.html
- Added:
* allow-vendor-change-option-with-zypper.patch
* support-transactional-systems-microos.patch
* virt-enhancements.patch
- Modified:
* adds-explicit-type-cast-for-port.patch
* use-adler32-algorithm-to-compute-string-checksums.patch
* do-not-load-pip-state-if-there-is-no-3rd-party-depen.patch
* fixes-56144-to-enable-hotadd-profile-support.patch
* include-aliases-in-the-fqdns-grains.patch
* implementation-of-held-unheld-functions-for-state-pk.patch
* add-alibaba-cloud-linux-2-by-backporting-upstream-s-.patch
* debian-info_installed-compatibility-50453.patch
* fix-wrong-test_mod_del_repo_multiline_values-test-af.patch
* update-target-fix-for-salt-ssh-to-process-targets-li.patch
* x509-fixes-111.patch
* prevent-logging-deadlock-on-salt-api-subprocesses-bs.patch
* restore-default-behaviour-of-pkg-list-return.patch
* adding-preliminary-support-for-rocky.-59682-391.patch
* add-astra-linux-common-edition-to-the-os-family-list.patch
* templates-move-the-globals-up-to-the-environment-jin.patch
* fix-bsc-1065792.patch
* add-migrated-state-and-gpg-key-management-functions-.patch
* zypperpkg-ignore-retcode-104-for-search-bsc-1176697-.patch
* improvements-on-ansiblegate-module-354.patch
* add-custom-suse-capabilities-as-grains.patch
* return-the-expected-powerpc-os-arch-bsc-1117995.patch
* revert-fixing-a-use-case-when-multiple-inotify-beaco.patch
* enhance-openscap-module-add-xccdf_eval-call-386.patch
* implementation-of-suse_ip-execution-module-bsc-10999.patch
* add-missing-aarch64-to-rpm-package-architectures-405.patch
* async-batch-implementation.patch
* temporary-fix-extend-the-whitelist-of-allowed-comman.patch
* do-not-crash-when-unexpected-cmd-output-at-listing-p.patch
* figure-out-python-interpreter-to-use-inside-containe.patch
* better-handling-of-bad-public-keys-from-minions-bsc-.patch
* early-feature-support-config.patch
* do-not-monkey-patch-yaml-bsc-1177474.patch
- Removed:
* fix-memory-leak-produced-by-batch-async-find_jobs-me.patch
* fix-regression-on-cmd.run-when-passing-tuples-as-cmd.patch
* fix-for-log-checking-in-x509-test.patch
* do-not-make-ansiblegate-to-crash-on-python3-minions.patch
* prevent-race-condition-on-sigterm-for-the-minion-bsc.patch
* remove-msgpack-1.0.0-requirement-in-the-installed-me.patch
* move-server_id-deprecation-warning-to-reduce-log-spa.patch
* re-adding-function-to-test-for-root.patch
* make-profiles-a-package.patch
* handle-master-tops-data-when-states-are-applied-by-t.patch
* fix-unit-tests-for-batch-async-after-refactor.patch
* prevent-test_mod_del_repo_multiline_values-to-fail.patch
* prevent-import-errors-when-running-test_btrfs-unit-t.patch
* fix-failing-unit-tests-for-batch-async.patch
* remove-unnecessary-yield-causing-badyielderror-bsc-1.patch
* virt-use-dev-kvm-to-detect-kvm-383.patch
* 3002.2-xen-spicevmc-dns-srv-records-backports-314.patch
* add-docker-logout-237.patch
* drop-wrong-mock-from-chroot-unit-test.patch
* fix-async-batch-multiple-done-events.patch
* fix-unit-test-for-grains-core.patch
* remove-arch-from-name-when-pkg.list_pkgs-is-called-w.patch
* pkgrepo-support-python-2.7-function-call-295.patch
* opensuse-3000-virt-defined-states-222.patch
* open-suse-3002.2-xen-grub-316.patch
* add-patch-support-for-allow-vendor-change-option-wit.patch
* fix-the-removed-six.itermitems-and-six.-_type-262.patch
* fix-aptpkg-systemd-call-bsc-1143301.patch
* add-almalinux-and-alibaba-cloud-linux-to-the-os-fami.patch
* fix-cve-2020-25592-and-add-tests-bsc-1178319.patch
* regression-fix-of-salt-ssh-on-processing-targets-353.patch
* do-not-break-repo-files-with-multiple-line-values-on.patch
* 3002-set-distro-requirement-to-oldest-supported-vers.patch
* integration-of-msi-authentication-with-azurearm-clou.patch
* zypperpkg-filter-patterns-that-start-with-dot-244.patch
* fix-for-temp-folder-definition-in-loader-unit-test.patch
* fix-novendorchange-option-284.patch
* backport-virt-patches-from-3001-256.patch
* allow-passing-kwargs-to-pkg.list_downloaded-bsc-1140.patch
* path-replace-functools.wraps-with-six.wraps-bsc-1177.patch
* virt-uefi-fix-backport-312.patch
* add-all_versions-parameter-to-include-all-installed-.patch
* add-pkg.services_need_restart-302.patch
* add-batch_presence_ping_timeout-and-batch_presence_p.patch
* allow-vendor-change-option-with-zypper-313.patch
* avoid-traceback-when-http.query-request-cannot-be-pe.patch
* changed-imports-to-vendored-tornado.patch
* fix-issue-parsing-errors-in-ansiblegate-state-module.patch
* sanitize-grains-loaded-from-roster_grains.json.patch
* handle-volumes-on-stopped-pools-in-virt.vm_info-373.patch
* add-multi-file-support-and-globbing-to-the-filetree-.patch
* loosen-azure-sdk-dependencies-in-azurearm-cloud-driv.patch
* backport-thread.is_alive-fix-390.patch
* get-os_arch-also-without-rpm-package-installed.patch
* python3.8-compatibility-pr-s-235.patch
* fixed-bug-lvm-has-no-parttion-type.-the-scipt-later-.patch
* ensure-virt.update-stop_on_reboot-is-updated-with-it.patch
* xfs-do-not-fails-if-type-is-not-present.patch
* grains-master-can-read-grains.patch
* invalidate-file-list-cache-when-cache-file-modified-.patch
* move-vendor-change-logic-to-zypper-class-355.patch
* implement-network.fqdns-module-function-bsc-1134860-.patch
* opensuse-3000.2-virt-backports-236-257.patch
* prevent-ansiblegate-unit-tests-to-fail-on-ubuntu.patch
* batch_async-avoid-using-fnmatch-to-match-event-217.patch
* provide-the-missing-features-required-for-yomi-yet-o.patch
* fix-__mount_device-wrapper-254.patch
* fix-ipv6-scope-bsc-1108557.patch
* fix-failing-unit-tests-for-systemd.patch
* use-current-ioloop-for-the-localclient-instance-of-b.patch
* revert-add-patch-support-for-allow-vendor-change-opt.patch
* remove-deprecated-warning-that-breaks-miniion-execut.patch
* prevent-systemd-run-description-issue-when-running-a.patch
* fix-grains.test_core-unit-test-277.patch
* prevent-command-injection-in-the-snapper-module-bsc-.patch
* backport-of-upstream-pr59492-to-3002.2-404.patch
* use-threadpool-from-multiprocessing.pool-to-avoid-le.patch
* reintroducing-reverted-changes.patch
* add-cpe_name-for-osversion-grain-parsing-u-49946.patch
* add-hold-unhold-functions.patch
* virt._get_domain-don-t-raise-an-exception-if-there-i.patch
* fix-error-handling-in-openscap-module-bsc-1188647-40.patch
* apply-patch-from-upstream-to-support-python-3.8.patch
* remove-deprecated-usage-of-no_mock-and-no_mock_reaso.patch
* add-supportconfig-module-for-remote-calls-and-saltss.patch
* allow-extra_filerefs-as-sanitized-kwargs-for-ssh-cli.patch
* fall-back-to-pymysql.patch
* fixes-cve-2018-15750-cve-2018-15751.patch
* do-not-crash-when-there-are-ipv6-established-connect.patch
* improve-batch_async-to-release-consumed-memory-bsc-1.patch
* support-config-non-root-permission-issues-fixes-u-50.patch
* transactional_update-detect-recursion-in-the-executo.patch
* open-suse-3002.2-virt-network-311.patch
* option-to-en-disable-force-refresh-in-zypper-215.patch
* do-noop-for-services-states-when-running-systemd-in-.patch
* exclude-the-full-path-of-a-download-url-to-prevent-i.patch
* fix-a-wrong-rebase-in-test_core.py-180.patch
* add-new-custom-suse-capability-for-saltutil-state-mo.patch
* opensuse-3000-libvirt-engine-fixes-251.patch
* accumulated-changes-from-yomi-167.patch
* fix-async-batch-race-conditions.patch
* fix-onlyif-unless-when-multiple-conditions-bsc-11808.patch
* loop-fix-variable-names-for-until_no_eval.patch
* batch-async-catch-exceptions-and-safety-unregister-a.patch
* grains.extra-support-old-non-intel-kernels-bsc-11806.patch
* backport-a-few-virt-prs-272.patch
* fix-git_pillar-merging-across-multiple-__env__-repos.patch
* drop-wrong-virt-capabilities-code-after-rebasing-pat.patch
* virt-adding-kernel-boot-parameters-to-libvirt-xml-55.patch
* async-batch-implementation-fix-320.patch
* support-for-btrfs-and-xfs-in-parted-and-mkfs.patch
* support-transactional-systems-microos-271.patch
* strip-trailing-from-repo.uri-when-comparing-repos-in.patch
* opensuse-3000.3-spacewalk-runner-parse-command-250.patch
* calculate-fqdns-in-parallel-to-avoid-blockings-bsc-1.patch
* add-virt.all_capabilities.patch
* ansiblegate-take-care-of-failed-skipped-and-unreacha.patch
* virt-pass-emulator-when-getting-domain-capabilities-.patch
* fixing-streamclosed-issue.patch
* fix-for-some-cves-bsc1181550.patch
* transactional_update-unify-with-chroot.call.patch
* do-not-raise-streamclosederror-traceback-but-only-lo.patch
* fix-batch_async-obsolete-test.patch
* fix-zypper-pkg.list_pkgs-expectation-and-dpkg-mockin.patch
* fix-zypper.list_pkgs-to-be-aligned-with-pkg-state.patch
* accumulated-changes-required-for-yomi-165.patch
* fix-virt.update-with-cpu-defined-263.patch
* remove-vendored-backports-abc-from-requirements.patch
* open-suse-3002.2-bigvm-310.patch
* xen-disk-fixes-264.patch
* virt.network_update-handle-missing-ipv4-netmask-attr.patch
* add-saltssh-multi-version-support-across-python-inte.patch
++++ python-gobject:
- Update to version 3.42.0:
+ meson: Bump minimum meson_version to 0.47.0.
+ Expose GObject.Object.run_dispose().
+ docs: document Gtk.Template.
+ dev: Add poetry support.
+ meson: use main branch for glib subproject.
+ Fix some small memory leaks.
------------------------------------------------------------------
------------------ 2021-9-19 - Sep 19 2021 -------------------
------------------------------------------------------------------
++++ branding-openSUSE:
- Update branding-tumbleweed.zip from https://github.com/openSUSE/branding.git
Drop plymouth-branding-openSUSE's watermark link add a
configuration function to plymouth theme configuration to avoid
logo lost which cause plymouth to fail.
- Update branding-openSUSE.spec: resort plymouth-branding-openSUSE
install and build dependence to avoid plymouth fall to terminal
mode in some scenario(bsc#1189613).
++++ gsettings-desktop-schemas:
- Update to version 41.0:
+ Updated translations.
++++ at-spi2-core:
- Update to version 2.42.0:
+ Set X root property when Xwayland starts on demand.
+ Several dbus introspection fixes.
------------------------------------------------------------------
------------------ 2021-9-18 - Sep 18 2021 -------------------
------------------------------------------------------------------
++++ apparmor:
- lessopen.sh profile: allow reading files that live on NFS over UDP
(added to apparmor-lessopen-nfs-workaround.diff) (boo#1190552)
++++ kernel-default:
- Revert "usb: xhci-mtk: Do not use xhci's virt_dev in drop_endpoint"
(git-fixes).
- tipc: fix an use-after-free issue in tipc_recvmsg (git-fixes).
- ethtool: Fix rxnfc copy to user buffer overflow (git-fixes).
- commit 6131a3c
- Linux 5.14.6 (bsc#1012628).
- Makefile: use -Wno-main in the full kernel tree (bsc#1012628).
- rtc: tps65910: Correct driver module alias (bsc#1012628).
- io_uring: place fixed tables under memcg limits (bsc#1012628).
- io_uring: add ->splice_fd_in checks (bsc#1012628).
- io_uring: fix io_try_cancel_userdata race for iowq
(bsc#1012628).
- io-wq: fix wakeup race when adding new work (bsc#1012628).
- io-wq: fix race between adding work and activating a free worker
(bsc#1012628).
- btrfs: use delalloc_bytes to determine flush amount for
shrink_delalloc (bsc#1012628).
- btrfs: wake up async_delalloc_pages waiters after submit
(bsc#1012628).
- btrfs: wait on async extents when flushing delalloc
(bsc#1012628).
- btrfs: reduce the preemptive flushing threshold to 90%
(bsc#1012628).
- btrfs: do not do preemptive flushing if the majority is global
rsv (bsc#1012628).
- btrfs: zoned: fix block group alloc_offset calculation
(bsc#1012628).
- btrfs: zoned: suppress reclaim error message on EAGAIN
(bsc#1012628).
- btrfs: fix upper limit for max_inline for page size 64K
(bsc#1012628).
- btrfs: reset replace target device to allocation state on close
(bsc#1012628).
- btrfs: zoned: fix double counting of split ordered extent
(bsc#1012628).
- blk-zoned: allow zone management send operations without
CAP_SYS_ADMIN (bsc#1012628).
- blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN
(bsc#1012628).
- powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1012628).
- xen: fix setting of max_pfn in shared_info (bsc#1012628).
- 9p/xen: Fix end of loop tests for list_for_each_entry
(bsc#1012628).
- ceph: fix dereference of null pointer cf (bsc#1012628).
- Input: elan_i2c - reduce the resume time for controller in
Whitebox (bsc#1012628).
- selftests/ftrace: Fix requirement check of README file
(bsc#1012628).
- tools/thermal/tmon: Add cross compiling support (bsc#1012628).
- clk: socfpga: agilex: fix the parents of the psi_ref_clk
(bsc#1012628).
- clk: socfpga: agilex: fix up s2f_user0_clk representation
(bsc#1012628).
- clk: socfpga: agilex: add the bypass register for s2f_usr0 clock
(bsc#1012628).
- pinctrl: stmfx: Fix hazardous u8[] to unsigned long cast
(bsc#1012628).
- pinctrl: ingenic: Fix incorrect pull up/down info (bsc#1012628).
- pinctrl: ingenic: Fix bias config for X2000(E) (bsc#1012628).
- soc: mediatek: mmsys: Fix missing UFOE component in mt8173
table routing (bsc#1012628).
- soc: qcom: aoss: Fix the out of bound usage of cooling_devs
(bsc#1012628).
- soc: aspeed: lpc-ctrl: Fix boundary check for mmap
(bsc#1012628).
- soc: aspeed: p2a-ctrl: Fix boundary check for mmap
(bsc#1012628).
- arm64: Move .hyp.rodata outside of the _sdata.._edata range
(bsc#1012628).
- arm64: mm: Fix TLBI vs ASID rollover (bsc#1012628).
- arm64: head: avoid over-mapping in map_memory (bsc#1012628).
- arm64: Do not trap PMSNEVFR_EL1 (bsc#1012628).
- iio: ltc2983: fix device probe (bsc#1012628).
- wcn36xx: Ensure finish scan is not requested before start scan
(bsc#1012628).
- crypto: public_key: fix overflow during implicit conversion
(bsc#1012628).
- block: bfq: fix bfq_set_next_ioprio_data() (bsc#1012628).
- power: supply: max17042: handle fails of reading status register
(bsc#1012628).
- dm crypt: Avoid percpu_counter spinlock contention in
crypt_page_alloc() (bsc#1012628).
- crypto: ccp - shutdown SEV firmware on kexec (bsc#1012628).
- spi: fsi: Reduce max transfer size to 8 bytes (bsc#1012628).
- VMCI: fix NULL pointer dereference when unmapping queue pair
(bsc#1012628).
- media: uvc: don't do DMA on stack (bsc#1012628).
- media: rc-loopback: return number of emitters rather than error
(bsc#1012628).
- nvmem: core: fix error handling while validating keepout regions
(bsc#1012628).
- s390/qdio: fix roll-back after timeout on ESTABLISH ccw
(bsc#1012628).
- s390/qdio: cancel the ESTABLISH ccw after timeout (bsc#1012628).
- Revert "dmaengine: imx-sdma: refine to load context only once"
(bsc#1012628).
- dmaengine: imx-sdma: remove duplicated sdma_load_context
(bsc#1012628).
- watchdog: iTCO_wdt: Fix detection of SMI-off case (bsc#1012628).
- libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs
(bsc#1012628).
- ARM: 9105/1: atags_to_fdt: don't warn about stack size
(bsc#1012628).
- sched: Prevent balance_push() on remote runqueues (bsc#1012628).
- f2fs: let's keep writing IOs on SBI_NEED_FSCK (bsc#1012628).
- f2fs: fix to do sanity check for sb/cp fields correctly
(bsc#1012628).
- PCI/portdrv: Enable Bandwidth Notification only if port supports
it (bsc#1012628).
- PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported
(bsc#1012628).
- PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure
(bsc#1012628).
- PCI: xilinx-nwl: Enable the clock through CCF (bsc#1012628).
- PCI: aardvark: Configure PCIe resources from 'ranges' DT
property (bsc#1012628).
- PCI: aardvark: Fix checking for PIO status (bsc#1012628).
- PCI: aardvark: Increase polling delay to 1.5s while waiting
for PIO response (bsc#1012628).
- PCI: aardvark: Fix masking and unmasking legacy INTx interrupts
(bsc#1012628).
- f2fs: compress: fix to set zstd compress level correctly
(bsc#1012628).
- RDMA/rtrs: move wr_cnt from rtrs_srv_con to rtrs_con
(bsc#1012628).
- RDMA/rtrs: Enable the same selective signal for heartbeat and IO
(bsc#1012628).
- RDMA/rtrs: Move sq_wr_avail to rtrs_con (bsc#1012628).
- HID: input: do not report stylus battery state as "full"
(bsc#1012628).
- clk: renesas: rzg2l: Fix off-by-one check in
rzg2l_cpg_clk_src_twocell_get() (bsc#1012628).
- f2fs: quota: fix potential deadlock (bsc#1012628).
- pinctrl: armada-37xx: Correct PWM pins definitions
(bsc#1012628).
- scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND
(bsc#1012628).
- clk: rockchip: drop GRF dependency for rk3328/rk3036 pll types
(bsc#1012628).
- IB/hfi1: Adjust pkey entry in index 0 (bsc#1012628).
- RDMA/iwcm: Release resources if iw_cm module initialization
fails (bsc#1012628).
- docs: Fix infiniband uverbs minor number (bsc#1012628).
- scsi: BusLogic: Use %X for u32 sized integer rather than %lX
(bsc#1012628).
- pinctrl: samsung: Fix pinctrl bank pin count (bsc#1012628).
- f2fs: do not submit NEW_ADDR to read node block (bsc#1012628).
- f2fs: turn back remapped address in compressed page endio
(bsc#1012628).
- f2fs: fix wrong checkpoint_changed value in f2fs_remount()
(bsc#1012628).
- vfio: Use config not menuconfig for VFIO_NOIOMMU (bsc#1012628).
- scsi: ufs: Fix memory corruption by ufshcd_read_desc_param()
(bsc#1012628).
- scsi: ufs: Use DECLARE_COMPLETION_ONSTACK() where appropriate
(bsc#1012628).
- scsi: ufs: Fix the SCSI abort handler (bsc#1012628).
- cpuidle: pseries: Fixup CEDE0 latency only for POWER10 onwards
(bsc#1012628).
- powerpc/stacktrace: Include linux/delay.h (bsc#1012628).
- RDMA/hns: Don't overwrite supplied QP attributes (bsc#1012628).
- RDMA/efa: Remove double QP type assignment (bsc#1012628).
- RDMA/mlx5: Delete not-available udata check (bsc#1012628).
- cpuidle: pseries: Mark pseries_idle_proble() as __init
(bsc#1012628).
- f2fs: reduce the scope of setting fsck tag when de->name_len
is zero (bsc#1012628).
- openrisc: don't printk() unconditionally (bsc#1012628).
- dma-debug: fix debugfs initialization order (bsc#1012628).
- xprtrdma: Put rpcrdma_reps before waking the tear-down
completion (bsc#1012628).
- NFSv4/pNFS: Fix a layoutget livelock loop (bsc#1012628).
- NFSv4/pNFS: Always allow update of a zero valued layout barrier
(bsc#1012628).
- NFSv4/pnfs: The layout barrier indicate a minimal value for
the seqid (bsc#1012628).
- SUNRPC: Fix potential memory corruption (bsc#1012628).
- SUNRPC/xprtrdma: Fix reconnection locking (bsc#1012628).
- sunrpc: Fix return value of get_srcport() (bsc#1012628).
- scsi: ufs: Fix unsigned int compared with less than zero
(bsc#1012628).
- scsi: ufshcd: Fix device links when BOOT WLUN fails to probe
(bsc#1012628).
- scsi: fdomain: Fix error return code in fdomain_probe()
(bsc#1012628).
- pinctrl: single: Fix error return code in
pcs_parse_bits_in_pinctrl_entry() (bsc#1012628).
- powerpc/numa: Consider the max NUMA node for migratable LPAR
(bsc#1012628).
- vfio/mbochs: Fix missing error unwind of mbochs_used_mbytes
(bsc#1012628).
- platform/x86: ISST: Fix optimization with use of numa
(bsc#1012628).
- scsi: smartpqi: Fix an error code in pqi_get_raid_map()
(bsc#1012628).
- scsi: qedi: Fix error codes in qedi_alloc_global_queues()
(bsc#1012628).
- scsi: qedf: Fix error codes in qedf_alloc_global_queues()
(bsc#1012628).
- powerpc/config: Fix IPV6 warning in mpc855_ads (bsc#1012628).
- powerpc/config: Renable MTD_PHYSMAP_OF (bsc#1012628).
- f2fs: fix to keep compatibility of fault injection interface
(bsc#1012628).
- iommu/vt-d: Update the virtual command related registers
(bsc#1012628).
- RDMA/hns: Fix return in hns_roce_rereg_user_mr() (bsc#1012628).
- HID: amd_sfh: Fix period data field to enable sensor
(bsc#1012628).
- HID: i2c-hid: Fix Elan touchpad regression (bsc#1012628).
- HID: thrustmaster: clean up Makefile and adapt quirks
(bsc#1012628).
- RDMA/hns: Ownerbit mode add control field (bsc#1012628).
- clk: imx8mm: use correct mux type for clkout path (bsc#1012628).
- clk: imx8m: fix clock tree update of TF-A managed clocks
(bsc#1012628).
- KVM: PPC: Book3S HV: Fix copy_tofrom_guest routines
(bsc#1012628).
- scsi: ufs: ufs-exynos: Fix static checker warning (bsc#1012628).
- KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0
when guest SPRs are live (bsc#1012628).
- powerpc/perf: Fix the check for SIAR value (bsc#1012628).
- RDMA/hns: Fix incorrect lsn field (bsc#1012628).
- RDMA/hns: Bugfix for data type of dip_idx (bsc#1012628).
- RDMA/hns: Bugfix for the missing assignment for dip_idx
(bsc#1012628).
- RDMA/hns: Bugfix for incorrect association between dip_idx
and dgid (bsc#1012628).
- platform/x86: dell-smbios-wmi: Add missing kfree in error-exit
from run_smbios_call (bsc#1012628).
- powerpc/smp: Fix a crash while booting kvm guest with nr_cpus=2
(bsc#1012628).
- powerpc/smp: Update cpu_core_map on all PowerPc systems
(bsc#1012628).
- RDMA/hns: Fix query destination qpn (bsc#1012628).
- RDMA/hns: Fix QP's resp incomplete assignment (bsc#1012628).
- fscache: Fix cookie key hashing (bsc#1012628).
- clk: ralink: avoid to set 'CLK_IS_CRITICAL' flag for gates
(bsc#1012628).
- clk: at91: clk-generated: Limit the requested rate to our range
(bsc#1012628).
- KVM: PPC: Fix clearing never mapped TCEs in realmode
(bsc#1012628).
- soc: mediatek: cmdq: add address shift in jump (bsc#1012628).
- f2fs: fix to account missing .skipped_gc_rwsem (bsc#1012628).
- f2fs: fix unexpected ENOENT comes from f2fs_map_blocks()
(bsc#1012628).
- f2fs: fix to unmap pages from userspace process in punch_hole()
(bsc#1012628).
- f2fs: deallocate compressed pages when error happens
(bsc#1012628).
- f2fs: should put a page beyond EOF when preparing a write
(bsc#1012628).
- MIPS: Malta: fix alignment of the devicetree buffer
(bsc#1012628).
- kbuild: Fix 'no symbols' warning when CONFIG_TRIM_UNUSD_KSYMS=y
(bsc#1012628).
- userfaultfd: prevent concurrent API initialization
(bsc#1012628).
- drm/vmwgfx: Fix subresource updates with new contexts
(bsc#1012628).
- drm/vmwgfx: Fix some static checker warnings (bsc#1012628).
- drm/vc4: hdmi: Set HD_CTL_WHOLSMP and HD_CTL_CHALIGN_SET
(bsc#1012628).
- drm/ttm: Fix multihop assert on eviction (bsc#1012628).
- drm/omap: Follow implicit fencing in prepare_fb (bsc#1012628).
- drm/amdgpu: Fix amdgpu_ras_eeprom_init() (bsc#1012628).
- drm/amdgpu: Fix koops when accessing RAS EEPROM (bsc#1012628).
- drm: vc4: Fix pixel-wrap issue with DVP teardown (bsc#1012628).
- dma-buf: fix dma_resv_test_signaled test_all handling v2
(bsc#1012628).
- drm/panel: Fix up DT bindings for Samsung lms397kf04
(bsc#1012628).
- ASoC: ti: davinci-mcasp: Fix DIT mode support (bsc#1012628).
- ASoC: atmel: ATMEL drivers don't need HAS_DMA (bsc#1012628).
- media: dib8000: rewrite the init prbs logic (bsc#1012628).
- media: ti-vpe: cal: fix error handling in cal_camerarx_create
(bsc#1012628).
- media: ti-vpe: cal: fix queuing of the initial buffer
(bsc#1012628).
- libbpf: Fix reuse of pinned map on older kernel (bsc#1012628).
- drm/vkms: Let shadow-plane helpers prepare the plane's FB
(bsc#1012628).
- x86/hyperv: fix for unwanted manipulation of sched_clock when
TSC marked unstable (bsc#1012628).
- crypto: mxs-dcp - Use sg_mapping_iter to copy data
(bsc#1012628).
- PCI: Use pci_update_current_state() in pci_enable_device_flags()
(bsc#1012628).
- tipc: keep the skb in rcv queue until the whole data is read
(bsc#1012628).
- net: phy: Fix data type in DP83822 dp8382x_disable_wol()
(bsc#1012628).
- iio: dac: ad5624r: Fix incorrect handling of an optional
regulator (bsc#1012628).
- iavf: do not override the adapter state in the watchdog task
(bsc#1012628).
- iavf: fix locking of critical sections (bsc#1012628).
- ARM: dts: qcom: apq8064: correct clock names (bsc#1012628).
- video: fbdev: kyro: fix a DoS bug by restricting user input
(bsc#1012628).
- drm/ast: Disable fast reset after DRAM initial (bsc#1012628).
- netlink: Deal with ESRCH error in nlmsg_notify() (bsc#1012628).
- arm64: dts: qcom: Fix usb entries for SA8155p adp board
(bsc#1012628).
- net: ipa: fix IPA v4.11 interconnect data (bsc#1012628).
- Smack: Fix wrong semantics in smk_access_entry() (bsc#1012628).
- drm: avoid blocking in drm_clients_info's rcu section
(bsc#1012628).
- drm: serialize drm_file.master with a new spinlock
(bsc#1012628).
- drm: protect drm_master pointers in drm_lease.c (bsc#1012628).
- rcu: Fix macro name CONFIG_TASKS_RCU_TRACE (bsc#1012628).
- igc: Check if num of q_vectors is smaller than max before
array access (bsc#1012628).
- usb: host: fotg210: fix the endpoint's transactional
opportunities calculation (bsc#1012628).
- usb: host: fotg210: fix the actual_length of an iso packet
(bsc#1012628).
- usb: gadget: u_ether: fix a potential null pointer dereference
(bsc#1012628).
- USB: EHCI: ehci-mv: improve error handling in mv_ehci_enable()
(bsc#1012628).
- usb: gadget: composite: Allow bMaxPower=0 if self-powered
(bsc#1012628).
- staging: board: Fix uninitialized spinlock when attaching genpd
(bsc#1012628).
- staging: hisilicon,hi6421-spmi-pmic.yaml: fix patternProperties
(bsc#1012628).
- tty: serial: jsm: hold port lock when reporting modem line
changes (bsc#1012628).
- bus: fsl-mc: fix arg in call to dprc_scan_objects()
(bsc#1012628).
- bus: fsl-mc: fix mmio base address for child DPRCs
(bsc#1012628).
- misc/pvpanic-pci: Allow automatic loading (bsc#1012628).
- selftests: firmware: Fix ignored return val of asprintf() warn
(bsc#1012628).
- drm/amd/display: Fix timer_per_pixel unit error (bsc#1012628).
- media: hantro: vp8: Move noisy WARN_ON to vpu_debug
(bsc#1012628).
- media: platform: stm32: unprepare clocks at handling errors
in probe (bsc#1012628).
- media: atomisp: Fix runtime PM imbalance in atomisp_pci_probe
(bsc#1012628).
- media: atomisp: pci: fix error return code in
atomisp_pci_probe() (bsc#1012628).
- nfp: fix return statement in nfp_net_parse_meta() (bsc#1012628).
- ethtool: improve compat ioctl handling (bsc#1012628).
- drm/amd/display: Fixed hardware power down bypass during
headless boot (bsc#1012628).
- drm/amdgpu: Fix a printing message (bsc#1012628).
- drm/amd/amdgpu: Update debugfs link_settings output link_rate
field in hex (bsc#1012628).
- bpf/tests: Fix copy-and-paste error in double word test
(bsc#1012628).
- bpf/tests: Do not PASS tests without actually testing the result
(bsc#1012628).
- drm/bridge: nwl-dsi: Avoid potential multiplication overflow
on 32-bit (bsc#1012628).
- arm64: dts: allwinner: h6: tanix-tx6: Fix regulator node names
(bsc#1012628).
- video: fbdev: asiliantfb: Error out if 'pixclock' equals zero
(bsc#1012628).
- video: fbdev: kyro: Error out if 'pixclock' equals zero
(bsc#1012628).
- video: fbdev: riva: Error out if 'pixclock' equals zero
(bsc#1012628).
- net: ipa: fix ipa_cmd_table_valid() (bsc#1012628).
- net: ipa: always validate filter and route tables (bsc#1012628).
- ipv4: ip_output.c: Fix out-of-bounds warning in ip_copy_addrs()
(bsc#1012628).
- flow_dissector: Fix out-of-bounds warnings (bsc#1012628).
- s390/jump_label: print real address in a case of a jump label
bug (bsc#1012628).
- s390: make PCI mio support a machine flag (bsc#1012628).
- serial: 8250: Define RX trigger levels for OxSemi 950 devices
(bsc#1012628).
- serial: max310x: Use clock-names property matching to recognize
EXTCLK (bsc#1012628).
- xtensa: ISS: don't panic in rs_init (bsc#1012628).
- hvsi: don't panic on tty_register_driver failure (bsc#1012628).
- serial: 8250_pci: make setup_port() parameters explicitly
unsigned (bsc#1012628).
- vt: keyboard.c: make console an unsigned int (bsc#1012628).
- staging: ks7010: Fix the initialization of the 'sleep_status'
structure (bsc#1012628).
- drm/amd/display: Fix PSR command version (bsc#1012628).
- samples: bpf: Fix tracex7 error raised on the missing argument
(bsc#1012628).
- libbpf: Fix race when pinning maps in parallel (bsc#1012628).
- ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init()
(bsc#1012628).
- drm: rcar-du: Shutdown the display on system shutdown
(bsc#1012628).
- Bluetooth: skip invalid hci_sync_conn_complete_evt
(bsc#1012628).
- workqueue: Fix possible memory leaks in wq_numa_init()
(bsc#1012628).
- ARM: dts: stm32: Set {bitclock,frame}-master phandles on DHCOM
SoM (bsc#1012628).
- ARM: dts: stm32: Set {bitclock,frame}-master phandles on ST DKx
(bsc#1012628).
- ARM: dts: stm32: Update AV96 adv7513 node per dtbs_check
(bsc#1012628).
- drm/msm/a6xx: Fix llcc configuration for a660 gpu (bsc#1012628).
- netfilter: nft_compat: use nfnetlink_unicast() (bsc#1012628).
- bonding: 3ad: fix the concurrency between __bond_release_one()
and bond_3ad_state_machine_handler() (bsc#1012628).
- ARM: dts: at91: use the right property for shutdown controller
(bsc#1012628).
- arm64: tegra: Fix Tegra194 PCIe EP compatible string
(bsc#1012628).
- ASoC: Intel: bytcr_rt5640: Move "Platform Clock" routes to
the maps for the matching in-/output (bsc#1012628).
- ASoC: Intel: update sof_pcm512x quirks (bsc#1012628).
- Bluetooth: Fix not generating RPA when required (bsc#1012628).
- dpaa2-switch: do not enable the DPSW at probe time
(bsc#1012628).
- media: imx258: Rectify mismatch of VTS value (bsc#1012628).
- media: imx258: Limit the max analogue gain to 480 (bsc#1012628).
- media: imx: imx7-media-csi: Fix buffer return upon stream
start failure (bsc#1012628).
- media: v4l2-dv-timings.c: fix wrong condition in two for-loops
(bsc#1012628).
- media: TDA1997x: fix tda1997x_query_dv_timings() return value
(bsc#1012628).
- media: tegra-cec: Handle errors of clk_prepare_enable()
(bsc#1012628).
- gfs2: Fix glock recursion in freeze_go_xmote_bh (bsc#1012628).
- arm64: dts: qcom: sdm630: Rewrite memory map (bsc#1012628).
- arm64: dts: qcom: sdm630: Fix TLMM node and pinctrl
configuration (bsc#1012628).
- net: ipa: fix IPA v4.9 interconnects (bsc#1012628).
- serial: 8250_omap: Handle optional overrun-throttle-ms property
(bsc#1012628).
- misc: sram: Only map reserved areas in Tegra SYSRAM
(bsc#1012628).
- ARM: dts: imx53-ppd: Fix ACHC entry (bsc#1012628).
- arm64: dts: qcom: ipq8074: fix pci node reg property
(bsc#1012628).
- arm64: dts: qcom: sdm660: use reg value for memory node
(bsc#1012628).
- arm64: dts: qcom: ipq6018: drop '0x' from unit address
(bsc#1012628).
- arm64: dts: qcom: sdm630: don't use underscore in node name
(bsc#1012628).
- arm64: dts: qcom: msm8994: don't use underscore in node name
(bsc#1012628).
- arm64: dts: qcom: msm8996: don't use underscore in node name
(bsc#1012628).
- arm64: dts: qcom: sm8250: Fix epss_l3 unit address
(bsc#1012628).
- nvmem: qfprom: Fix up qfprom_disable_fuse_blowing() ordering
(bsc#1012628).
- net: ethernet: stmmac: Do not use unreachable() in
ipq806x_gmac_probe() (bsc#1012628).
- drm/msm: mdp4: drop vblank get/put from prepare/complete_commit
(bsc#1012628).
- drm/msm/dsi: Fix DSI and DSI PHY regulator config from SDM660
(bsc#1012628).
- drm: xlnx: zynqmp_dpsub: Call pm_runtime_get_sync before
setting pixel clock (bsc#1012628).
- drm: xlnx: zynqmp: release reset to DP controller before
accessing DP registers (bsc#1012628).
- ARM: dts: ixp4xx: Fix up bad interrupt flags (bsc#1012628).
- thunderbolt: Fix port linking by checking all adapters
(bsc#1012628).
- drm/amd/display: fix missing writeback disablement if plane
is removed (bsc#1012628).
- drm/amd/display: fix incorrect CM/TF programming sequence in
dwb (bsc#1012628).
- selftests/bpf: Fix xdp_tx.c prog section name (bsc#1012628).
- drm/vmwgfx: fix potential UAF in vmwgfx_surface.c (bsc#1012628).
- staging: rtl8723bs: fix right side of condition (bsc#1012628).
- drm/msm/dp: reduce link rate if failed at link training 1
(bsc#1012628).
- drm/msm/dp: reset aux controller after dp_aux_cmd_fifo_tx()
failed (bsc#1012628).
- drm/msm/dp: return correct edid checksum after corrupted edid
checksum read (bsc#1012628).
- drm/msm/dp: do not end dp link training until video is ready
(bsc#1012628).
- net/mlx5: Fix variable type to match 64bit (bsc#1012628).
- gpu: drm: amd: amdgpu: amdgpu_i2c: fix
possible uninitialized-variable access in
amdgpu_i2c_router_select_ddc_port() (bsc#1012628).
- drm/display: fix possible null-pointer dereference in
dcn10_set_clock() (bsc#1012628).
- mac80211: Fix monitor MTU limit so that A-MSDUs get through
(bsc#1012628).
- ARM: tegra: acer-a500: Remove bogus USB VBUS regulators
(bsc#1012628).
- ARM: tegra: tamonten: Fix UART pad setting (bsc#1012628).
- arm64: tegra: Fix compatible string for Tegra132 CPUs
(bsc#1012628).
- arm64: dts: imx8mm-venice-gw700x: fix mp5416 pmic config
(bsc#1012628).
- arm64: dts: imx8mm-venice-gw700x: fix invalid pmic pin config
(bsc#1012628).
- arm64: dts: imx8mm-venice-gw71xx: fix USB OTG VBUS
(bsc#1012628).
- arm64: dts: ls1046a: fix eeprom entries (bsc#1012628).
- nvme-tcp: don't check blk_mq_tag_to_rq when receiving pdu data
(bsc#1012628).
- nvme: code command_id with a genctr for use-after-free
validation (bsc#1012628).
- Bluetooth: Fix handling of LE Enhanced Connection Complete
(bsc#1012628).
- Bluetooth: Fix race condition in handling NOP command
(bsc#1012628).
- opp: Don't print an error if required-opps is missing
(bsc#1012628).
- serial: sh-sci: fix break handling for sysrq (bsc#1012628).
- iomap: pass writeback errors to the mapping (bsc#1012628).
- tcp: enable data-less, empty-cookie SYN with
TFO_SERVER_COOKIE_NOT_REQD (bsc#1012628).
- locking/rtmutex: Set proper wait context for lockdep
(bsc#1012628).
- rpc: fix gss_svc_init cleanup on failure (bsc#1012628).
- iavf: use mutexes for locking of critical sections
(bsc#1012628).
- selftests/bpf: Correctly display subtest skip status
(bsc#1012628).
- selftests/bpf: Fix flaky send_signal test (bsc#1012628).
- hwmon: (pmbus/ibm-cffps) Fix write bits for LED control
(bsc#1012628).
- staging: rts5208: Fix get_ms_information() heap buffer size
(bsc#1012628).
- selftests: nci: Fix the code for next nlattr offset
(bsc#1012628).
- selftests: nci: Fix the wrong condition (bsc#1012628).
- net: Fix offloading indirect devices dependency on qdisc order
creation (bsc#1012628).
- kselftest/arm64: mte: Fix misleading output when skipping tests
(bsc#1012628).
- kselftest/arm64: pac: Fix skipping of tests on systems without
PAC (bsc#1012628).
- ASoC: rsnd: adg: clearly handle clock error / NULL case
(bsc#1012628).
- gfs2: Don't call dlm after protocol is unmounted (bsc#1012628).
- usb: chipidea: host: fix port index underflow and UBSAN
complains (bsc#1012628).
- lockd: lockd server-side shouldn't set fl_ops (bsc#1012628).
- drm/exynos: Always initialize mapping in
exynos_drm_register_dma() (bsc#1012628).
- rtl8xxxu: Fix the handling of TX A-MPDU aggregation
(bsc#1012628).
- rtw88: use read_poll_timeout instead of fixed sleep
(bsc#1012628).
- rtw88: wow: build wow function only if CONFIG_PM is on
(bsc#1012628).
- rtw88: wow: fix size access error of probe request
(bsc#1012628).
- octeontx2-pf: Fix NIX1_RX interface backpressure (bsc#1012628).
- m68knommu: only set CONFIG_ISA_DMA_API for ColdFire sub-arch
(bsc#1012628).
- btrfs: remove racy and unnecessary inode transaction update
when using no-holes (bsc#1012628).
- btrfs: tree-log: check btrfs_lookup_data_extent return value
(bsc#1012628).
- soundwire: intel: fix potential race condition during power down
(bsc#1012628).
- ASoC: Intel: Skylake: Fix module configuration for KPB and MIXER
(bsc#1012628).
- ASoC: Intel: Skylake: Fix passing loadable flag for module
(bsc#1012628).
- of: Don't allow __of_attached_node_sysfs() without CONFIG_SYSFS
(bsc#1012628).
- mmc: sdhci-of-arasan: Modified SD default speed to 19MHz for
ZynqMP (bsc#1012628).
- mmc: sdhci-of-arasan: Check return value of non-void funtions
(bsc#1012628).
- mmc: core: Avoid hogging the CPU while polling for busy in
the I/O err path (bsc#1012628).
- mmc: core: Avoid hogging the CPU while polling for busy for
mmc ioctls (bsc#1012628).
- mmc: core: Avoid hogging the CPU while polling for busy after
I/O writes (bsc#1012628).
- mmc: rtsx_pci: Fix long reads when clock is prescaled
(bsc#1012628).
- selftests/bpf: Enlarge select() timeout for test_maps
(bsc#1012628).
- mmc: core: Return correct emmc response in case of ioctl error
(bsc#1012628).
- octeontx2-pf: cleanup transmit link deriving logic
(bsc#1012628).
- samples: pktgen: fix to print when terminated normally
(bsc#1012628).
- cifs: fix wrong release in sess_alloc_buffer() failed path
(bsc#1012628).
- Revert "USB: xhci: fix U1/U2 handling for hardware with
XHCI_INTEL_HOST quirk set" (bsc#1012628).
- usb: dwc3: imx8mp: request irq after initializing dwc3
(bsc#1012628).
- usb: musb: musb_dsps: request_irq() after initializing musb
(bsc#1012628).
- usbip: give back URBs for unsent unlink requests during cleanup
(bsc#1012628).
- usbip:vhci_hcd USB port can get stuck in the disabled state
(bsc#1012628).
- usb: xhci-mtk: fix use-after-free of mtk->hcd (bsc#1012628).
- usb: xhci-mtk: Do not use xhci's virt_dev in drop_endpoint
(bsc#1012628).
- ASoC: rockchip: i2s: Fix regmap_ops hang (bsc#1012628).
- ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B
(bsc#1012628).
- ASoC: soc-pcm: protect BE dailink state changes in trigger
(bsc#1012628).
- drm/amdkfd: Account for SH/SE count when setting up cu masks
(bsc#1012628).
- nfs: don't atempt blocking locks on nfs reexports (bsc#1012628).
- nfsd: fix crash on LOCKT on reexported NFSv3 (bsc#1012628).
- iwlwifi: pcie: free RBs during configure (bsc#1012628).
- iwlwifi: mvm: Do not use full SSIDs in 6GHz scan (bsc#1012628).
- iwlwifi: mvm: fix a memory leak in
iwl_mvm_mac_ctxt_beacon_changed (bsc#1012628).
- iwlwifi: mvm: avoid static queue number aliasing (bsc#1012628).
- iwlwifi: mvm: Fix umac scan request probe parameters
(bsc#1012628).
- iwlwifi: mvm: fix access to BSS elements (bsc#1012628).
- iwlwifi: fw: correctly limit to monitor dump (bsc#1012628).
- iwlwifi: mvm: don't schedule the roc_done_wk if it is already
running (bsc#1012628).
- iwlwifi: mvm: Fix scan channel flags settings (bsc#1012628).
- net/mlx5: DR, fix a potential use-after-free bug (bsc#1012628).
- net/mlx5: DR, Enable QP retransmission (bsc#1012628).
- usb: isp1760: fix memory pool initialization (bsc#1012628).
- usb: isp1760: fix qtd fill length (bsc#1012628).
- usb: isp1760: write to status and address register
(bsc#1012628).
- usb: isp1760: use the right irq status bit (bsc#1012628).
- usb: isp1760: otg control register access (bsc#1012628).
- parport: remove non-zero check on count (bsc#1012628).
- selftests/bpf: Fix potential unreleased lock (bsc#1012628).
- wcn36xx: Fix missing frame timestamp for beacon/probe-resp
(bsc#1012628).
- ath9k: fix OOB read ar9300_eeprom_restore_internal
(bsc#1012628).
- ath9k: fix sleeping in atomic context (bsc#1012628).
- net: fix NULL pointer reference in cipso_v4_doi_free
(bsc#1012628).
- fix array-index-out-of-bounds in taprio_change (bsc#1012628).
- net: w5100: check return value after calling
platform_get_resource() (bsc#1012628).
- net: hns3: clean up a type mismatch warning (bsc#1012628).
- parisc: fix crash with signals and alloca (bsc#1012628).
- parisc: Fix compile failure when building 64-bit kernel natively
(bsc#1012628).
- printk/console: Check consistent sequence number when handling
race in console_unlock() (bsc#1012628).
- ovl: fix BUG_ON() in may_delete() when called from ovl_cleanup()
(bsc#1012628).
- scsi: BusLogic: Fix missing pr_cont() use (bsc#1012628).
- scsi: qla2xxx: Changes to support kdump kernel (bsc#1012628).
- scsi: qla2xxx: Sync queue idx with queue_pair_map idx
(bsc#1012628).
- mtd: rawnand: intel: Fix error handling in probe (bsc#1012628).
- cpufreq: powernv: Fix init_chip_info initialization in numa=off
(bsc#1012628).
- s390/pv: fix the forcing of the swiotlb (bsc#1012628).
- s390/topology: fix topology information when calling cpu
hotplug notifiers (bsc#1012628).
- mm: fix panic caused by __page_handle_poison() (bsc#1012628).
- hugetlb: fix hugetlb cgroup refcounting during vma split
(bsc#1012628).
- mm/memory_hotplug: use "unsigned long" for PFN in
zone_for_pfn_range() (bsc#1012628).
- mm/hmm: bypass devmap pte when all pfn requested flags are
fulfilled (bsc#1012628).
- mm/hugetlb: initialize hugetlb_usage in mm_init (bsc#1012628).
- mm,vmscan: fix divide by zero in get_scan_count (bsc#1012628).
- mm/page_alloc.c: avoid accessing uninitialized pcp page
migratetype (bsc#1012628).
- mm/mempolicy: fix a race between offset_il_node and
mpol_rebind_task (bsc#1012628).
- memcg: enable accounting for pids in nested pid namespaces
(bsc#1012628).
- libnvdimm/pmem: Fix crash triggered when I/O in-flight during
unbind (bsc#1012628).
- platform/chrome: cros_ec_proto: Send command again when timeout
occurs (bsc#1012628).
- lib/test_stackinit: Fix static initializer test (bsc#1012628).
- net: dsa: lantiq_gswip: fix maximum frame length (bsc#1012628).
- net: stmmac: Fix overall budget calculation for rxtx_napi
(bsc#1012628).
- drm/mgag200: Select clock in PLL update functions (bsc#1012628).
- drm/msi/mdp4: populate priv->kms in mdp4_kms_init (bsc#1012628).
- drm/dp_mst: Fix return code on sideband message failure
(bsc#1012628).
- drm/panfrost: Make sure MMU context lifetime is not bound to
panfrost_priv (bsc#1012628).
- drm/amdgpu: Fix BUG_ON assert (bsc#1012628).
- drm/amdgpu: Enable S/G for Yellow Carp (bsc#1012628).
- drm/amdgpu: Fix a deadlock if previous GEM object allocation
fails (bsc#1012628).
- drm/amd/display: Update number of DCN3 clock states
(bsc#1012628).
- drm/amd/display: Update bounding box states (v2) (bsc#1012628).
- drm/amdkfd: drop process ref count when xnack disable
(bsc#1012628).
- drm/amd/display: setup system context for APUs (bsc#1012628).
- drm/msm/disp/dpu1: add safe lut config in dpu driver
(bsc#1012628).
- drm/ttm: Fix ttm_bo_move_memcpy() for subclassed struct
ttm_resource (bsc#1012628).
- drm/panfrost: Simplify lock_region calculation (bsc#1012628).
- drm/panfrost: Use u64 for size in lock_region (bsc#1012628).
- drm/panfrost: Clamp lock region to Bifrost minimum
(bsc#1012628).
- tracing/osnoise: Fix missed cpus_read_unlock() in
start_per_cpu_kthreads() (bsc#1012628).
- commit 73a28f9
++++ llvm15:
- Set CMAKE_LINKER to workaround CMake wanting to use lld just
because we're using clang as compiler. Fixes build on aarch64.
(https://bugs.llvm.org/show_bug.cgi?id=51115)
++++ libapparmor:
- lessopen.sh profile: allow reading files that live on NFS over UDP
(added to apparmor-lessopen-nfs-workaround.diff) (boo#1190552)
++++ harfbuzz:
- harfbuzz 3.0.0:
+ Unicode 14.0 support
+ hb-subset API and harfbuzz-subset ABI now declared stable
+ hb-style API is now stable
------------------------------------------------------------------
------------------ 2021-9-17 - Sep 17 2021 -------------------
------------------------------------------------------------------
++++ boost-base:
- update to 1.77.0:
* new libraries:
+ Describe - Reflection Library
+ Lambda2 - Lambda Library
* for details on all changes see,
https://www.boost.org/users/history/version_1_77_0.html
- dynamic_linking.patch: updated
- boost-math.patch and boost-process.patch: added from upstream
++++ dnsmasq:
- Update to 2.86:
* Handle DHCPREBIND requests in the DHCPv6 server code.
* Fix bug which caused dnsmasq to lose track of processes forked
to handle TCP DNS connections under heavy load.
* Major rewrite of the DNS server and domain handling code. This
should be largely transparent, but it drastically improves
performance and reduces memory foot-print when configuring
large numbers of domains.
* Revise resource handling for number of concurrent DNS queries.
* Improve efficiency of DNSSEC.
* Connection track mark based DNS query filtering.
* Allow smaller than 64 prefix lengths in synth-domain, with
caveats.
- -synth-domain=1234:4567::/56,example.com is now valid.
* Make domains generated by --synth-domain appear in replies
when in authoritative mode.
* Ensure CAP_NET_ADMIN capability is available when conntrack
is configured.
* When --dhcp-hostsfile --dhcp-optsfile and --addn-hosts are
given a directory as argument, define the order in which files
within that directory are read (alphabetical order of filename).
++++ transactional-update:
- Version 3.5.5
- t-u: Use tukit for SUSEConnect call [bsc#1190574]
Correctly registers repositories
++++ librsvg:
- Update to version 2.52.0:
+ The biggest user-visible change is that rsvg-convert has been
ported to Rust.
+ rsvg-convert is now aware of physical units, and fixes a bug
where PDFs were created at the wrong size.
+ Support for Accept-Language.
+ rsvg-convert's default DPI is now 96, to better match W3C
standards.
+ SVG2/CSS3 features:
- Transform property from SVG2; previously librsvg only
supported the transform attribute from SVG1.1, which has
different syntax.
- context-fill and context-stroke for <marker> and <use>
elements.
- markers now support orient="auto-start-reverse".
- paint-order for text elements.
- "auto" values for the width and height attributes of the
<image>, <rect>, and <svg> elements.
- All the <filter-function> types from the Filter Effects
Module Level 1 specification: blur(), brightness(),
contrast(), drop-shadow(), grayscale(), hue-rotate(),
invert(), opacity(), sepia(), saturate().
- The filter property now supports chains of uri() filters or
<filter-function> shortcuts.
- Support CSS selectors for attribute matching, like
rect[attr^="prefix"]
+ New APIs: See the HTML documentation for details.
- Drop -lang package: there are no translations available anymore.
++++ gobject-introspection:
- Update to version 1.70.0:
+ Update the GIR data for GLib, GObject, and GIO.
++++ glib-networking:
- Update to version 2.70.0:
+ Updated translations.
++++ glib2:
- Update to version 2.70.0:
+ Bug fixed: ci: Replace FreeBSD 11 with FreeBSD 13.
+ Updated translations.
++++ kernel-default:
- kernel-binary.spec: Check for no kernel signing certificates.
Also remove unused variable.
- commit bdc323e
- Revert "rpm/kernel-binary.spec: Use only non-empty certificates."
This reverts commit 30360abfb58aec2c9ee7b6a27edebe875c90029d.
- commit 413e05b
- nvmem: nintendo-otp: add dependency on CONFIG_HAS_IOMEM
(202108250657.h5CWR7Xf-lkp@intel.com).
Fix s390x/zfcpdump build.
- refresh configs (s390x/zfcpdump: NVMEM_NINTENDO_OTP=n)
- commit 68ad835
- rpm/kernel-binary.spec: Use only non-empty certificates.
- commit 30360ab
- drm/vc4: hdmi: Fix HPD GPIO detection (bsc#1190469)
- commit 4a524d3
++++ libcontainers-common:
- Update common to 0.44.0
0.42.3:
* (*libimage.Image).HasDifferentDigest: add authentication
0.42.2:
Backports for Podman 3.3.2
Fix the fallback runtime path
Switch default Rootless Networking to "CNI" for OSX
libimage: disk usage: catch corrupted images
set GOPROXY=https://proxy.golang.org
0.44.0:
Add HelperBinariesDir field to engine config
Add space trimming check in sysctl.Validate
Cirrus: Use fresher VM images
Fix `pkg/sysctl` path typo
Fix the fallback runtime path
Switch default Rootless Networking to "CNI" for OSX
Update pkg/sysctl/sysctl.go
add some cni plugin paths
build(deps): bump github.com/containers/image/v5 from 5.15.0 to 5.16.0
build(deps): bump github.com/containers/storage from 1.34.0 to 1.35.0
build(deps): bump github.com/onsi/gomega from 1.15.0 to 1.16.0
build(deps): bump github.com/opencontainers/runc from 1.0.1 to 1.0.2
build(deps): bump github.com/opencontainers/selinux from 1.8.4 to 1.8.5
docs/containers.conf.5.md: Fix manpage section
fix untag + v0.43.2
libimage: disk usage: catch corrupted images
libimage: relax untag by digest checks
path: dest paths inside container should always be treated as *nix type
remove-image: Add optional `LookupManifest` to RemoveImagesOptions.
runtime: Add ReturnManifestIfPresent to LookupImageOptions
runtime: Add `ManifestList` to `LookupImageOptions`
seccomp: allow memfd_secret
0.43.2:
* libimage: relax untag by digest checks
* path: dest paths inside container should always be treated as *nix type
0.43.1:
Fix spelling mistakes
Fix examples in containers.conf
0.43.0:
Add documentation for Containerfile and Dockerfile
Remove no_libsubid flag
Add machine_image to containers.conf
build(deps): bump github.com/containers/storage from 1.33.1 to 1.34.0
build(deps): bump github.com/opencontainers/selinux from 1.8.2 to 1.8.4
Add machine_image to containers.conf
Switch default logdriver and eventslogger to journald, if root
build(deps): bump github.com/BurntSushi/toml from 0.3.1 to 0.4.1
build(deps): bump github.com/onsi/gomega from 1.14.0 to 1.15.0
libimage: {un}tag: reject digests
build(deps): bump github.com/docker/docker from 20.10.7+incompatible to 20.10.8+incompatible
style: complete containers#556 to-do list part 4
build(deps): bump github.com/containers/image/v5 from 5.14.0 to 5.15.0
set GOPROXY=https://proxy.golang.org
0.42.1:
* pull: fallthrough for registry parsing errors
0.42.0:
* Remove --accept-repositories flag
* pull policy: support camel cases
* Use authfile in options to search image
* vendor in containers/storage v1.33.0
* config: split arguments in DBUS_SESSION_BUS_ADDRESS
* pkg/seccomp: avoid DefaultErrnoRet: null
* Add and use libimage.Runtime.imageIDsForManifest()
* Add libimage/manifests.LockerForImage()
* Add support for path based registry in login/logout
* libimage: pull: normalize docker-daemon
* libimage: report all removed images
* libruntime: layer tree: handle empty images
* refine dangling filters
* libimage.RuntimeFromStore(): stop overriding the BlobInfoCache location
* build(deps): bump github.com/opencontainers/runc from 1.0.0 to 1.0.1
* pull with custom platform: handle "localhost/"
* User option to prepare container after creation for volume copy-up. Docker does this by default.
* add config option for ChownCopiedFiles
* build(deps): bump github.com/containers/storage from 1.32.5 to 1.32.6
* libimage: image tree: fix nil deref
- Update podman to 3.3.1
3.3.1:
[#]## Bugfixes
- Fixed a bug where unit files created by `podman generate systemd` could not cleanup shut down containers when stopped by `systemctl stop` ([#11304](https://github.com/containers/podman/issues/11304)).
- Fixed a bug where `podman machine` commands would not properly locate the `gvproxy` binary in some circumstances.
- Fixed a bug where containers created as part of a pod using the `--pod-id-file` option would not join the pod's network namespace ([#11303](https://github.com/containers/podman/issues/11303)).
- Fixed a bug where Podman, when using the systemd cgroups driver, could sometimes leak dbus sessions.
- Fixed a bug where the `until` filter to `podman logs` and `podman events` was improperly handled, requiring input to be negated ([#11158](https://github.com/containers/podman/issues/11158)).
- Fixed a bug where rootless containers using CNI networking run on systems using `systemd-resolved` for DNS would fail to start if resolved symlinked `/etc/resolv.conf` to an absolute path ([#11358](https://github.com/containers/podman/issues/11358)).
[#]## API
- A large number of potential file descriptor leaks from improperly closing client connections have been fixed.
3.3.0:
[#]## Features
- Containers inside VMs created by `podman machine` will now automatically handle port forwarding - containers in `podman machine` VMs that publish ports via `--publish` or `--publish-all` will have these ports not just forwarded on the VM, but also on the host system.
- The `podman play kube` command's `--network` option now accepts advanced network options (e.g. `--network slirp4netns:port_handler=slirp4netns`) ([#10807](https://github.com/containers/podman/issues/10807)).
- The `podman play kube` commmand now supports Kubernetes liveness probes, which will be created as Podman healthchecks.
- Podman now provides a systemd unit, `podman-restart.service`, which, when enabled, will restart all containers that were started with `--restart=always` after the system reboots.
- Rootless Podman can now be configured to use CNI networking by default by using the `rootless_networking` option in `containers.conf`.
- Images can now be pulled using `image:tag@digest` syntax (e.g. `podman pull fedora:34@sha256:1b0d4ddd99b1a8c8a80e885aafe6034c95f266da44ead992aab388e6aa91611a`) ([#6721](https://github.com/containers/podman/issues/6721)).
- The `podman container checkpoint` and `podman container restore` commands can now be used to checkpoint containers that are in pods, and restore those containers into pods.
- The `podman container restore` command now features a new option, `--publish`, to change the ports that are forwarded to a container that is being restored from an exported checkpoint.
- The `podman container checkpoint` command now features a new option, `--compress`, to specify the compression algorithm that will be used on the generated checkpoint.
- The `podman pull` command can now pull multiple images at once (e.g. `podman pull fedora:34 ubi8:latest` will pull both specified images).
- THe `podman cp` command can now copy files from one container into another directly (e.g. `podman cp containera:/etc/hosts containerb:/etc/`) ([#7370](https://github.com/containers/podman/issues/7370)).
- The `podman cp` command now supports a new option, `--archive`, which controls whether copied files will be chown'd to the UID and GID of the user of the destination container.
- The `podman stats` command now provides two additional metrics: Average CPU, and CPU time.
- The `podman pod create` command supports a new flag, `--pid`, to specify the PID namespace of the pod. If specified, containers that join the pod will automatically share its PID namespace.
- The `podman pod create` command supports a new flag, `--infra-name`, which allows the name of the pod's infra container to be set ([#10794](https://github.com/containers/podman/issues/10794)).
- The `podman auto-update` command has had its output reformatted - it is now much clearer what images were pulled and what containers were updated.
- The `podman auto-update` command now supports a new option, `--dry-run`, which reports what would be updated but does not actually perform the update ([#9949](https://github.com/containers/podman/issues/9949)).
- The `podman build` command now supports a new option, `--secret`, to mount secrets into build containers.
- The `podman manifest remove` command now has a new alias, `podman manifest rm`.
- The `podman login` command now supports a new option, `--verbose`, to print detailed information about where the credentials entered were stored.
- The `podman events` command now supports a new event, `exec_died`, which is produced when an exec session exits, and includes the exit code of the exec session.
- The `podman system connection add` command now supports adding connections that connect using the `tcp://` and `unix://` URL schemes.
- The `podman system connection list` command now supports a new flag, `--format`, to determine how the output is printed.
- The `podman volume prune` and `podman volume ls` commands' `--filter` option now support a new filter, `until`, that matches volumes created before a certain time ([#10579](https://github.com/containers/podman/issues/10579)).
- The `podman ps --filter` option's `network` filter now accepts a new value: `container:`, which matches containers that share a network namespace with a specific container ([#10361](https://github.com/containers/podman/issues/10361)).
- The `podman diff` command can now accept two arguments, allowing two images or two containers to be specified; the diff between the two will be printed ([#10649](https://github.com/containers/podman/issues/10649)).
- Podman can now optionally copy-up content from containers into volumes mounted into those containers earlier (at creation time, instead of at runtime) via the `prepare_on_create` option in `containers.conf` ([#10262](https://github.com/containers/podman/issues/10262)).
- A new option, `--gpus`, has been added to `podman create` and `podman run` as a no-op for better compatibility with Docker. If the nvidia-container-runtime package is installed, GPUs should be automatically added to containers without using the flag.
- If an invalid subcommand is provided, similar commands to try will now be suggested in the error message.
[#]## Changes
- The `podman system reset` command now removes non-Podman (e.g. Buildah and CRI-O) containers as well.
- The new port forwarding offered by `podman machine` requires [gvproxy](https://github.com/containers/gvisor-tap-vsock) in order to function.
- Podman will now automatically create the default CNI network if it does not exist, for both root and rootless users. This will only be done once per user - if the network is subsequently removed, it will not be recreated.
- The `install.cni` makefile option has been removed. It is no longer required to distribute the default `87-podman.conflist` CNI configuration file, as Podman will now automatically create it.
- The `--root` option to Podman will not automatically clear all default storage options when set. Storage options can be set manually using `--storage-opt` ([#10393](https://github.com/containers/podman/issues/10393)).
- The output of `podman system connection list` is now deterministic, with connections being sorted alpabetically by their name.
- The auto-update service (`podman-auto-update.service`) has had its default timer adjusted so it now starts at a random time up to 15 minutes after midnight, to help prevent system congestion from numerous daily services run at once.
- Systemd unit files generated by `podman generate systemd` now depend on `network-online.target` by default ([#10655](https://github.com/containers/podman/issues/10655)).
- Systemd unit files generated by `podman generate systemd` now use `Type=notify` by default, instead of using PID files.
- The `podman info` command's logic for detecting package versions on Gentoo has been improved, and should be significantly faster.
[#]## Bugfixes
- Fixed a bug where the `podman play kube` command did not perform SELinux relabelling of volumes specified with a `mountPath` that included the `:z` or `:Z` options ([#9371](https://github.com/containers/podman/issues/9371)).
- Fixed a bug where the `podman play kube` command would ignore the `USER` and `EXPOSE` directives in images ([#9609](https://github.com/containers/podman/issues/9609)).
- Fixed a bug where the `podman play kube` command would only accept lowercase pull policies.
- Fixed a bug where named volumes mounted into containers with the `:z` or `:Z` options were not appropriately relabelled for access from the container ([#10273](https://github.com/containers/podman/issues/10273)).
- Fixed a bug where the `podman logs -f` command, with the `journald` log driver, could sometimes fail to pick up the last line of output from a container ([#10323](https://github.com/containers/podman/issues/10323)).
- Fixed a bug where running `podman rm` on a container created with the `--rm` option would occasionally emit an error message saying the container failed to be removed, when it was successfully removed.
- Fixed a bug where starting a Podman container would segfault if the `LISTEN_PID` and `LISTEN_FDS` environment variables were set, but `LISTEN_FDNAMES` was not ([#10435](https://github.com/containers/podman/issues/10435)).
- Fixed a bug where exec sessions in containers were sometimes not cleaned up when run without `-d` and when the associated `podman exec` process was killed before completion.
- Fixed a bug where `podman system service` could, when run in a systemd unit file with sdnotify in use, drop some connections when it was starting up.
- Fixed a bug where containers run using the REST API using the `slirp4netns` network mode would leave zombie processes that were not cleaned up until `podman system service` exited ([#9777](https://github.com/containers/podman/issues/9777)).
- Fixed a bug where the `podman system service` command would leave zombie processes after its initial launch that were not cleaned up until it exited ([#10575](https://github.com/containers/podman/issues/10575)).
- Fixed a bug where VMs created by `podman machine` could not be started after the host system restarted ([#10824](https://github.com/containers/podman/issues/10824)).
- Fixed a bug where the `podman pod ps` command would not show headers for optional information (e.g. container names when the `--ctr-names` option was given).
- Fixed a bug where the remote Podman client's `podman create` and `podman run` commands would ignore timezone configuration from the server's `containers.conf` file ([#11124](https://github.com/containers/podman/issues/11124)).
- Fixed a bug where the remote Podman client's `podman build` command would only respect `.containerignore` and not `.dockerignore` files (when both are present, `.containerignore` will be preferred) ([#10907](https://github.com/containers/podman/issues/10907)).
- Fixed a bug where the remote Podman client's `podman build` command would fail to send the Dockerfile being built to the server when it was excluded by the `.dockerignore` file, resulting in an error ([#9867](https://github.com/containers/podman/issues/9867)).
- Fixed a bug where the remote Podman client's `podman build` command could unexpectedly stop streaming the output of the build ([#10154](https://github.com/containers/podman/issues/10154)).
- Fixed a bug where the remote Podman client's `podman build` command would fail to build when run on Windows ([#11259](https://github.com/containers/podman/issues/11259)).
- Fixed a bug where the `podman manifest create` command accepted at most two arguments (an arbitrary number of images are allowed as arguments, which will be added to the manifest).
- Fixed a bug where named volumes would not be properly chowned to the UID and GID of the directory they were mounted over when first mounted into a container ([#10776](https://github.com/containers/podman/issues/10776)).
- Fixed a bug where named volumes created using a volume plugin would be removed from Podman, even if the plugin reported a failure to remove the volume ([#11214](https://github.com/containers/podman/issues/11214)).
- Fixed a bug where the remote Podman client's `podman exec -i` command would hang when input was provided via shell redirection (e.g. `podman --remote exec -i foo cat <<<"hello"`) ([#7360](https://github.com/containers/podman/issues/7360)).
- Fixed a bug where containers created with `--rm` were not immediately removed after being started by `podman start` if they failed to start ([#10935](https://github.com/containers/podman/issues/10935)).
- Fixed a bug where the `--storage-opt` flag to `podman create` and `podman run` was nonfunctional ([#10264](https://github.com/containers/podman/issues/10264)).
- Fixed a bug where the `--device-cgroup-rule` option to `podman create` and `podman run` was nonfunctional ([#10302](https://github.com/containers/podman/issues/10302)).
- Fixed a bug where the `--tls-verify` option to `podman manifest push` was nonfunctional.
- Fixed a bug where the `podman import` command could, in some circumstances, produce empty images ([#10994](https://github.com/containers/podman/issues/10994)).
- Fixed a bug where images pulled using the `docker-daemon:` transport had the wrong registry (`localhost` instead of `docker.io/library`) ([#10998](https://github.com/containers/podman/issues/10998)).
- Fixed a bug where operations that pruned images (`podman image prune` and `podman system prune`) would prune untagged images with children ([#10832](https://github.com/containers/podman/issues/10832)).
- Fixed a bug where dual-stack networks created by `podman network create` did not properly auto-assign an IPv4 subnet when one was not explicitly specified ([#11032](https://github.com/containers/podman/issues/11032)).
- Fixed a bug where port forwarding using the `rootlessport` port forwarder would break when a network was disconnected and then reconnected ([#10052](https://github.com/containers/podman/issues/10052)).
- Fixed a bug where Podman would ignore user-specified SELinux policies for containers using the Kata OCI runtime, or containers using systemd as PID 1 ([#11100](https://github.com/containers/podman/issues/11100)).
- Fixed a bug where Podman containers created using `--net=host` would add an entry to `/etc/hosts` for the container's hostname pointing to `127.0.1.1` ([#10319](https://github.com/containers/podman/issues/10319)).
- Fixed a bug where the `podman unpause --all` command would throw an error for every container that was not paused ([#11098](https://github.com/containers/podman/issues/11098)).
- Fixed a bug where timestamps for the `since` and `until` filters using Unix timestamps with a nanoseconds portion could not be parsed ([#11131](https://github.com/containers/podman/issues/11131)).
- Fixed a bug where the `podman info` command would sometimes print the wrong path for the `slirp4netns` binary.
- Fixed a bug where rootless Podman containers joined to a CNI network would not have functional DNS when the host used systemd-resolved without the resolved stub resolver being enabled ([#11222](https://github.com/containers/podman/issues/11222)).
- Fixed a bug where `podman network connect` and `podman network disconnect` of rootless containers could sometimes break port forwarding to the container ([#11248](https://github.com/containers/podman/issues/11248)).
- Fixed a bug where joining a container to a CNI network by ID and adding network aliases to this network would cause the container to fail to start ([#11285](https://github.com/containers/podman/issues/11285)).
[#]## API
- Fixed a bug where the Compat List endpoint for Containers included healthcheck information for all containers, even those that did not have a configured healthcheck.
- Fixed a bug where the Compat Create endpoint for Containers would fail to create containers with the `NetworkMode` parameter set to `default` ([#10569](https://github.com/containers/podman/issues/10569)).
- Fixed a bug where the Compat Create endpoint for Containers did not properly handle healthcheck commands ([#10617](https://github.com/containers/podman/issues/10617)).
- Fixed a bug where the Compat Wait endpoint for Containers would always send an empty string error message when no error occurred.
- Fixed a bug where the Libpod Stats endpoint for Containers would not error when run on rootless containers on cgroups v1 systems (nonsensical results would be returned, as this configuration cannot be supportable).
- Fixed a bug where the Compat List endpoint for Images omitted the `ContainerConfig` field ([#10795](https://github.com/containers/podman/issues/10795)).
- Fixed a bug where the Compat Build endpoint for Images was too strict when validating the `Content-Type` header, rejecting content that Docker would have accepted ([#11022](https://github.com/containers/podman/issues/11012)).
- Fixed a bug where the Compat Pull endpoint for Images could fail, but return a 200 status code, if an image name that could not be parsed was provided.
- Fixed a bug where the Compat Pull endpoint for Images would continue to pull images after the client disconnected.
- Fixed a bug where the Compat List endpoint for Networks would fail for non-bridge (e.g. macvlan) networks ([#10266](https://github.com/containers/podman/issues/10266)).
- Fixed a bug where the Libpod List endpoint for Networks would return nil, instead of an empty list, when no networks were present ([#10495](https://github.com/containers/podman/issues/10495)).
- The Compat and Libpod Logs endpoints for Containers now support the `until` query parameter ([#10859](https://github.com/containers/podman/issues/10859)).
- The Compat Import endpoint for Images now supports the `platform`, `message`, and `repo` query parameters.
- The Compat Pull endpoint for Images now supports the `platform` query parameter.
[#]## Misc
- Updated Buildah to v1.22.3
- Updated the containers/storage library to v1.34.1
- Updated the containers/image library to v5.15.2
- Updated the containers/common library to v0.42.1
3.3.0-RC3:
This is the third release candidate of Podman v3.3.0
Preliminary release notes follow:
[#]## Features
- Containers inside VMs created by `podman machine` will now automatically handle port forwarding - containers in `podman machine` VMs that publish ports via `--publish` or `--publish-all` will have these ports not just forwarded on the VM, but also on the host system.
- The `podman play kube` command's `--network` option now accepts advanced network options (e.g. `--network slirp4netns:port_handler=slirp4netns`) ([#10807](https://github.com/containers/podman/issues/10807)).
- The `podman play kube` commmand now supports Kubernetes liveness probes, which will be created as Podman healthchecks.
- Podman now provides a systemd unit, `podman-restart.service`, which, when enabled, will restart all containers that were started with `--restart=always` after the system reboots.
- Rootless Podman can now be configured to use CNI networking by default by using the `rootless_networking` option in `containers.conf`.
- Images can now be pulled using `image:tag@digest` syntax (e.g. `podman pull fedora:34@sha256:1b0d4ddd99b1a8c8a80e885aafe6034c95f266da44ead992aab388e6aa91611a`) ([#6721](https://github.com/containers/podman/issues/6721)).
- The `podman container checkpoint` and `podman container restore` commands can now be used to checkpoint containers that are in pods, and restore those containers into pods.
- The `podman container restore` command now features a new option, `--publish`, to change the ports that are forwarded to a container that is being restored from an exported checkpoint.
- The `podman container checkpoint` command now features a new option, `--compress`, to specify the compression algorithm that will be used on the generated checkpoint.
- The `podman pull` command can now pull multiple images at once (e.g. `podman pull fedora:34 ubi8:latest` will pull both specified images).
- THe `podman cp` command can now copy files from one container into another directly (e.g. `podman cp containera:/etc/hosts containerb:/etc/`) ([#7370](https://github.com/containers/podman/issues/7370)).
- The `podman cp` command now supports a new option, `--archive`, which controls whether copied files will be chown'd to the UID and GID of the user of the destination container.
- The `podman stats` command now provides two additional metrics: Average CPU, and CPU time.
- The `podman pod create` command supports a new flag, `--pid`, to specify the PID namespace of the pod. If specified, containers that join the pod will automatically share its PID namespace.
- The `podman pod create` command supports a new flag, `--infra-name`, which allows the name of the pod's infra container to be set ([#10794](https://github.com/containers/podman/issues/10794)).
- The `podman auto-update` command has had its output reformatted - it is now much clearer what images were pulled and what containers were updated.
- The `podman auto-update` command now supports a new option, `--dry-run`, which reports what would be updated but does not actually perform the update ([#9949](https://github.com/containers/podman/issues/9949)).
- The `podman build` command now supports a new option, `--secret`, to mount secrets into build containers.
- The `podman manifest remove` command now has a new alias, `podman manifest rm`.
- The `podman login` command now supports a new option, `--verbose`, to print detailed information about where the credentials entered were stored.
- The `podman events` command now supports a new event, `exec_died`, which is produced when an exec session exits, and includes the exit code of the exec session.
- The `podman system connection add` command now supports adding connections that connect using the `tcp://` and `unix://` URL schemes.
- The `podman system connection list` command now supports a new flag, `--format`, to determine how the output is printed.
- The `podman volume prune` and `podman volume ls` commands' `--filter` option now support a new filter, `until`, that matches volumes created before a certain time ([#10579](https://github.com/containers/podman/issues/10579)).
- The `podman ps --filter` option's `network` filter now accepts a new value: `container:`, which matches containers that share a network namespace with a specific container ([#10361](https://github.com/containers/podman/issues/10361)).
- The `podman diff` command can now accept two arguments, allowing two images or two containers to be specified; the diff between the two will be printed ([#10649](https://github.com/containers/podman/issues/10649)).
- Podman can now optionally copy-up content from containers into volumes mounted into those containers earlier (at creation time, instead of at runtime) via the `prepare_on_create` option in `containers.conf` ([#10262](https://github.com/containers/podman/issues/10262)).
- A new option, `--gpus`, has been added to `podman create` and `podman run` as a no-op for better compatibility with Docker. If the nvidia-container-runtime package is installed, GPUs should be automatically added to containers without using the flag.
- If an invalid subcommand is provided, similar commands to try will now be suggested in the error message.
[#]## Changes
- The `podman system reset` command now removes non-Podman (e.g. Buildah and CRI-O) containers as well.
- The new port forwarding offered by `podman machine` requires [gvproxy](https://github.com/containers/gvisor-tap-vsock) in order to function.
- Podman will now automatically create the default CNI network if it does not exist, for both root and rootless users. This will only be done once per user - if the network is subsequently removed, it will not be recreated.
- The `install.cni` makefile option has been removed. It is no longer required to distribute the default `87-podman.conflist` CNI configuration file, as Podman will now automatically create it.
- The `--root` option to Podman will not automatically clear all default storage options when set. Storage options can be set manually using `--storage-opt` ([#10393](https://github.com/containers/podman/issues/10393)).
- The output of `podman system connection list` is now deterministic, with connections being sorted alpabetically by their name.
- The auto-update service (`podman-auto-update.service`) has had its default timer adjusted so it now starts at a random time up to 15 minutes after midnight, to help prevent system congestion from numerous daily services run at once.
- Systemd unit files generated by `podman generate systemd` now depend on `network-online.target` by default ([#10655](https://github.com/containers/podman/issues/10655)).
- The `podman info` command's logic for detecting package versions on Gentoo has been improved, and should be significantly faster.
[#]## Bugfixes
- Fixed a bug where the `podman play kube` command did not perform SELinux relabelling of volumes specified with a `mountPath` that included the `:z` or `:Z` options ([#9371](https://github.com/containers/podman/issues/9371)).
- Fixed a bug where the `podman play kube` command would ignore the `USER` and `EXPOSE` directives in images ([#9609](https://github.com/containers/podman/issues/9609)).
- Fixed a bug where the `podman play kube` command would only accept lowercase pull policies.
- Fixed a bug where named volumes mounted into containers with the `:z` or `:Z` options were not appropriately relabelled for access from the container ([#10273](https://github.com/containers/podman/issues/10273)).
- Fixed a bug where the `podman logs -f` command, with the `journald` log driver, could sometimes fail to pick up the last line of output from a container ([#10323](https://github.com/containers/podman/issues/10323)).
- Fixed a bug where running `podman rm` on a container created with the `--rm` option would occasionally emit an error message saying the container failed to be removed, when it was successfully removed.
- Fixed a bug where starting a Podman container would segfault if the `LISTEN_PID` and `LISTEN_FDS` environment variables were set, but `LISTEN_FDNAMES` was not ([#10435](https://github.com/containers/podman/issues/10435)).
- Fixed a bug where exec sessions in containers were sometimes not cleaned up when run without `-d` and when the associated `podman exec` process was killed before completion.
- Fixed a bug where `podman system service` could, when run in a systemd unit file with sdnotify in use, drop some connections when it was starting up.
- Fixed a bug where containers run using the REST API using the `slirp4netns` network mode would leave zombie processes that were not cleaned up until `podman system service` exited ([#9777](https://github.com/containers/podman/issues/9777)).
- Fixed a bug where the `podman system service` command would leave zombie processes after its initial launch that were not cleaned up until it exited ([#10575](https://github.com/containers/podman/issues/10575)).
- Fixed a bug where VMs created by `podman machine` could not be started after the host system restarted ([#10824](https://github.com/containers/podman/issues/10824)).
- Fixed a bug where the `podman pod ps` command would not show headers for optional information (e.g. container names when the `--ctr-names` option was given).
- Fixed a bug where the remote Podman client's `podman create` and `podman run` commands would ignore timezone configuration from the server's `containers.conf` file ([#11124](https://github.com/containers/podman/issues/11124)).
- Fixed a bug where the remote Podman client's `podman build` command would only respect `.containerignore` and not `.dockerignore` files (when both are present, `.containerignore` will be preferred) ([#10907](https://github.com/containers/podman/issues/10907)).
- Fixed a bug where the remote Podman client's `podman build` command would fail to send the Dockerfile being built to the server when it was excluded by the `.dockerignore` file, resulting in an error ([#9867](https://github.com/containers/podman/issues/9867)).
- Fixed a bug where the remote Podman client's `podman build` command could unexpectedly stop streaming the output of the build ([#10154](https://github.com/containers/podman/issues/10154)).
- Fixed a bug where the `podman manifest create` command accepted at most two arguments (an arbitrary number of images are allowed as arguments, which will be added to the manifest).
- Fixed a bug where named volumes would not be properly chowned to the UID and GID of the directory they were mounted over when first mounted into a container ([#10776](https://github.com/containers/podman/issues/10776)).
- Fixed a bug where the remote Podman client's `podman exec -i` command would hang when input was provided via shell redirection (e.g. `podman --remote exec -i foo cat <<<"hello"`) ([#7360](https://github.com/containers/podman/issues/7360)).
- Fixed a bug where containers created with `--rm` were not immediately removed after being started by `podman start` if they failed to start ([#10935](https://github.com/containers/podman/issues/10935)).
- Fixed a bug where the `--storage-opt` flag to `podman create` and `podman run` was nonfunctional ([#10264](https://github.com/containers/podman/issues/10264)).
- Fixed a bug where the `--device-cgroup-rule` option to `podman create` and `podman run` was nonfunctional ([#10302](https://github.com/containers/podman/issues/10302)).
- Fixed a bug where the `--tls-verify` option to `podman manifest push` was nonfunctional.
- Fixed a bug where the `podman import` command could, in some circumstances, produce empty images ([#10994](https://github.com/containers/podman/issues/10994)).
- Fixed a bug where images pulled using the `docker-daemon:` transport had the wrong registry (`localhost` instead of `docker.io/library`) ([#10998](https://github.com/containers/podman/issues/10998)).
- Fixed a bug where operations that pruned images (`podman image prune` and `podman system prune`) would prune untagged images with children ([#10832](https://github.com/containers/podman/issues/10832)).
- Fixed a bug where dual-stack networks created by `podman network create` did not properly auto-assign an IPv4 subnet when one was not explicitly specified ([#11032](https://github.com/containers/podman/issues/11032)).
- Fixed a bug where port forwarding using the `rootlessport` port forwarder would break when a network was disconnected and then reconnected ([#10052](https://github.com/containers/podman/issues/10052)).
- Fixed a bug where Podman would ignore user-specified SELinux policies for containers using the Kata OCI runtime, or containers using systemd as PID 1 ([#11100](https://github.com/containers/podman/issues/11100)).
- Fixed a bug where Podman containers created using `--net=host` would add an entry to `/etc/hosts` for the container's hostname pointing to `127.0.1.1` ([#10319](https://github.com/containers/podman/issues/10319)).
- Fixed a bug where the `podman unpause --all` command would throw an error for every container that was not paused ([#11098](https://github.com/containers/podman/issues/11098)).
- Fixed a bug where timestamps for the `since` and `until` filters using Unix timestamps with a nanoseconds portion could not be parsed ([#11131](https://github.com/containers/podman/issues/11131)).
- Fixed a bug where the `podman info` command would sometimes print the wrong path for the `slirp4netns` binary.
[#]## API
- Fixed a bug where the Compat List endpoint for Containers included healthcheck information for all containers, even those that did not have a configured healthcheck.
- Fixed a bug where the Compat Create endpoint for Containers would fail to create containers with the `NetworkMode` parameter set to `default` ([#10569](https://github.com/containers/podman/issues/10569)).
- Fixed a bug where the Compat Create endpoint for Containers did not properly handle healthcheck commands ([#10617](https://github.com/containers/podman/issues/10617)).
- Fixed a bug where the Compat Wait endpoint for Containers would always send an empty string error message when no error occurred.
- Fixed a bug where the Libpod Stats endpoint for Containers would not error when run on rootless containers on cgroups v1 systems (nonsensical results would be returned, as this configuration cannot be supportable).
- Fixed a bug where the Compat List endpoint for Images omitted the `ContainerConfig` field ([#10795](https://github.com/containers/podman/issues/10795)).
- Fixed a bug where the Compat Pull endpoint for Images could fail, but return a 200 status code, if an image name that could not be parsed was provided.
- Fixed a bug where the Compat Pull endpoint for Images would continue to pull images after the client disconnected.
- Fixed a bug where the Compat List endpoint for Networks would fail for non-bridge (e.g. macvlan) networks ([#10266](https://github.com/containers/podman/issues/10266)).
- Fixed a bug where the Libpod List endpoint for Networks would return nil, instead of an empty list, when no networks were present ([#10495](https://github.com/containers/podman/issues/10495)).
- The Compat and Libpod Logs endpoints for Containers now support the `until` query parameter ([#10859](https://github.com/containers/podman/issues/10859)).
- The Compat Import endpoint for Images now supports the `platform`, `message`, and `repo` query parameters.
- The Compat Pull endpoint for Images now supports the `platform` query parameter.
[#]## Misc
- Updated Buildah to v1.22.0
- Updated the containers/storage library to v1.34.1
- Updated the containers/image library to v5.15.1
- Updated the containers/common library to v0.42.1
3.3.0-RC2:
[#]## Features
- Containers inside VMs created by `podman machine` will now automatically handle port forwarding - containers in `podman machine` VMs that publish ports via `--publish` or `--publish-all` will have these ports not just forwarded on the VM, but also on the host system.
- The `podman play kube` command's `--network` option now accepts advanced network options (e.g. `--network slirp4netns:port_handler=slirp4netns`) ([#10807](https://github.com/containers/podman/issues/10807)).
- The `podman play kube` commmand now supports Kubernetes liveness probes, which will be created as Podman healthchecks.
- Podman now provides a systemd unit, `podman-restart.service`, which, when enabled, will restart all containers that were started with `--restart=always` after the system reboots.
- Rootless Podman can now be configured to use CNI networking by default by using the `rootless_networking` option in `containers.conf`.
- Images can now be pulled using `image:tag@digest` syntax (e.g. `podman pull fedora:34@sha256:1b0d4ddd99b1a8c8a80e885aafe6034c95f266da44ead992aab388e6aa91611a`) ([#6721](https://github.com/containers/podman/issues/6721)).
- The `podman container checkpoint` and `podman container restore` commands can now be used to checkpoint containers that are in pods, and restore those containers into pods.
- The `podman container restore` command now features a new option, `--publish`, to change the ports that are forwarded to a container that is being restored from an exported checkpoint.
- The `podman container checkpoint` command now features a new option, `--compress`, to specify the compression algorithm that will be used on the generated checkpoint.
- The `podman pull` command can now pull multiple images at once (e.g. `podman pull fedora:34 ubi8:latest` will pull both specified images).
- THe `podman cp` command can now copy files from one container into another directly (e.g. `podman cp containera:/etc/hosts containerb:/etc/`) ([#7370](https://github.com/containers/podman/issues/7370)).
- The `podman cp` command now supports a new option, `--archive`, which controls whether copied files will be chown'd to the UID and GID of the user of the destination container.
- The `podman stats` command now provides two additional metrics: Average CPU, and CPU time.
- The `podman pod create` command supports a new flag, `--pid`, to specify the PID namespace of the pod. If specified, containers that join the pod will automatically share its PID namespace.
- The `podman pod create` command supports a new flag, `--infra-name`, which allows the name of the pod's infra container to be set ([#10794](https://github.com/containers/podman/issues/10794)).
- The `podman auto-update` command has had its output reformatted - it is now much clearer what images were pulled and what containers were updated.
- The `podman auto-update` command now supports a new option, `--dry-run`, which reports what would be updated but does not actually perform the update ([#9949](https://github.com/containers/podman/issues/9949)).
- The `podman build` command now supports a new option, `--secret`, to mount secrets into build containers.
- The `podman manifest remove` command now has a new alias, `podman manifest rm`.
- The `podman login` command now supports a new option, `--verbose`, to print detailed information about where the credentials entered were stored.
- The `podman events` command now supports a new event, `exec_died`, which is produced when an exec session exits, and includes the exit code of the exec session.
- The `podman system connection add` command now supports adding connections that connect using the `tcp://` and `unix://` URL schemes.
- The `podman system connection list` command now supports a new flag, `--format`, to determine how the output is printed.
- The `podman volume prune` and `podman volume ls` commands' `--filter` option now support a new filter, `until`, that matches volumes created before a certain time ([#10579](https://github.com/containers/podman/issues/10579)).
- The `podman ps --filter` option's `network` filter now accepts a new value: `container:`, which matches containers that share a network namespace with a specific container ([#10361](https://github.com/containers/podman/issues/10361)).
- The `podman diff` command can now accept two arguments, allowing two images or two containers to be specified; the diff between the two will be printed ([#10649](https://github.com/containers/podman/issues/10649)).
- Podman can now optionally copy-up content from containers into volumes mounted into those containers earlier (at creation time, instead of at runtime) via the `prepare_on_create` option in `containers.conf` ([#10262](https://github.com/containers/podman/issues/10262)).
- A new option, `--gpus`, has been added to `podman create` and `podman run` as a no-op for better compatibility with Docker. If the nvidia-container-runtime package is installed, GPUs should be automatically added to containers without using the flag.
- If an invalid subcommand is provided, similar commands to try will now be suggested in the error message.
[#]## Changes
- The `podman system reset` command now removes non-Podman (e.g. Buildah and CRI-O) containers as well.
- The new port forwarding offered by `podman machine` requires [gvproxy](https://github.com/containers/gvisor-tap-vsock) in order to function.
- Podman will now automatically create the default CNI network if it does not exist, for both root and rootless users. This will only be done once per user - if the network is subsequently removed, it will not be recreated.
- The `install.cni` makefile option has been removed. It is no longer required to distribute the default `87-podman.conflist` CNI configuration file, as Podman will now automatically create it.
- The `--root` option to Podman will not automatically clear all default storage options when set. Storage options can be set manually using `--storage-opt` ([#10393](https://github.com/containers/podman/issues/10393)).
- The output of `podman system connection list` is now deterministic, with connections being sorted alpabetically by their name.
- The auto-update service (`podman-auto-update.service`) has had its default timer adjusted so it now starts at a random time up to 15 minutes after midnight, to help prevent system congestion from numerous daily services run at once.
- Systemd unit files generated by `podman generate systemd` now depend on `network-online.target` by default ([#10655](https://github.com/containers/podman/issues/10655)).
- The `podman info` command's logic for detecting package versions on Gentoo has been improved, and should be significantly faster.
[#]## Bugfixes
- Fixed a bug where the `podman play kube` command did not perform SELinux relabelling of volumes specified with a `mountPath` that included the `:z` or `:Z` options ([#9371](https://github.com/containers/podman/issues/9371)).
- Fixed a bug where the `podman play kube` command would ignore the `USER` and `EXPOSE` directives in images ([#9609](https://github.com/containers/podman/issues/9609)).
- Fixed a bug where the `podman play kube` command would only accept lowercase pull policies.
- Fixed a bug where named volumes mounted into containers with the `:z` or `:Z` options were not appropriately relabelled for access from the container ([#10273](https://github.com/containers/podman/issues/10273)).
- Fixed a bug where the `podman logs -f` command, with the `journald` log driver, could sometimes fail to pick up the last line of output from a container ([#10323](https://github.com/containers/podman/issues/10323)).
- Fixed a bug where running `podman rm` on a container created with the `--rm` option would occasionally emit an error message saying the container failed to be removed, when it was successfully removed.
- Fixed a bug where starting a Podman container would segfault if the `LISTEN_PID` and `LISTEN_FDS` environment variables were set, but `LISTEN_FDNAMES` was not ([#10435](https://github.com/containers/podman/issues/10435)).
- Fixed a bug where exec sessions in containers were sometimes not cleaned up when run without `-d` and when the associated `podman exec` process was killed before completion.
- Fixed a bug where `podman system service` could, when run in a systemd unit file with sdnotify in use, drop some connections when it was starting up.
- Fixed a bug where containers run using the REST API using the `slirp4netns` network mode would leave zombie processes that were not cleaned up until `podman system service` exited ([#9777](https://github.com/containers/podman/issues/9777)).
- Fixed a bug where the `podman system service` command would leave zombie processes after its initial launch that were not cleaned up until it exited ([#10575](https://github.com/containers/podman/issues/10575)).
- Fixed a bug where VMs created by `podman machine` could not be started after the host system restarted ([#10824](https://github.com/containers/podman/issues/10824)).
- Fixed a bug where the `podman pod ps` command would not show headers for optional information (e.g. container names when the `--ctr-names` option was given).
- Fixed a bug where the remote Podman client's `podman create` and `podman run` commands would ignore timezone configuration from the server's `containers.conf` file ([#11124](https://github.com/containers/podman/issues/11124)).
- Fixed a bug where the remote Podman client's `podman build` command would only respect `.containerignore` and not `.dockerignore` files (when both are present, `.containerignore` will be preferred) ([#10907](https://github.com/containers/podman/issues/10907)).
- Fixed a bug where the remote Podman client's `podman build` command would fail to send the Dockerfile being built to the server when it was excluded by the `.dockerignore` file, resulting in an error ([#9867](https://github.com/containers/podman/issues/9867)).
- Fixed a bug where the remote Podman client's `podman build` command could unexpectedly stop streaming the output of the build ([#10154](https://github.com/containers/podman/issues/10154)).
- Fixed a bug where the `podman manifest create` command accepted at most two arguments (an arbitrary number of images are allowed as arguments, which will be added to the manifest).
- Fixed a bug where named volumes would not be properly chowned to the UID and GID of the directory they were mounted over when first mounted into a container ([#10776](https://github.com/containers/podman/issues/10776)).
- Fixed a bug where the remote Podman client's `podman exec -i` command would hang when input was provided via shell redirection (e.g. `podman --remote exec -i foo cat <<<"hello"`) ([#7360](https://github.com/containers/podman/issues/7360)).
- Fixed a bug where containers created with `--rm` were not immediately removed after being started by `podman start` if they failed to start ([#10935](https://github.com/containers/podman/issues/10935)).
- Fixed a bug where the `--storage-opt` flag to `podman create` and `podman run` was nonfunctional ([#10264](https://github.com/containers/podman/issues/10264)).
- Fixed a bug where the `--device-cgroup-rule` option to `podman create` and `podman run` was nonfunctional ([#10302](https://github.com/containers/podman/issues/10302)).
- Fixed a bug where the `--tls-verify` option to `podman manifest push` was nonfunctional.
- Fixed a bug where the `podman import` command could, in some circumstances, produce empty images ([#10994](https://github.com/containers/podman/issues/10994)).
- Fixed a bug where images pulled using the `docker-daemon:` transport had the wrong registry (`localhost` instead of `docker.io/library`) ([#10998](https://github.com/containers/podman/issues/10998)).
- Fixed a bug where operations that pruned images (`podman image prune` and `podman system prune`) would prune untagged images with children ([#10832](https://github.com/containers/podman/issues/10832)).
- Fixed a bug where dual-stack networks created by `podman network create` did not properly auto-assign an IPv4 subnet when one was not explicitly specified ([#11032](https://github.com/containers/podman/issues/11032)).
- Fixed a bug where port forwarding using the `rootlessport` port forwarder would break when a network was disconnected and then reconnected ([#10052](https://github.com/containers/podman/issues/10052)).
- Fixed a bug where Podman would ignore user-specified SELinux policies for containers using the Kata OCI runtime, or containers using systemd as PID 1 ([#11100](https://github.com/containers/podman/issues/11100)).
- Fixed a bug where Podman containers created using `--net=host` would add an entry to `/etc/hosts` for the container's hostname pointing to `127.0.1.1` ([#10319](https://github.com/containers/podman/issues/10319)).
- Fixed a bug where the `podman unpause --all` command would throw an error for every container that was not paused ([#11098](https://github.com/containers/podman/issues/11098)).
- Fixed a bug where timestamps for the `since` and `until` filters using Unix timestamps with a nanoseconds portion could not be parsed ([#11131](https://github.com/containers/podman/issues/11131)).
- Fixed a bug where the `podman info` command would sometimes print the wrong path for the `slirp4netns` binary.
[#]## API
- Fixed a bug where the Compat List endpoint for Containers included healthcheck information for all containers, even those that did not have a configured healthcheck.
- Fixed a bug where the Compat Create endpoint for Containers would fail to create containers with the `NetworkMode` parameter set to `default` ([#10569](https://github.com/containers/podman/issues/10569)).
- Fixed a bug where the Compat Create endpoint for Containers did not properly handle healthcheck commands ([#10617](https://github.com/containers/podman/issues/10617)).
- Fixed a bug where the Compat Wait endpoint for Containers would always send an empty string error message when no error occurred.
- Fixed a bug where the Libpod Stats endpoint for Containers would not error when run on rootless containers on cgroups v1 systems (nonsensical results would be returned, as this configuration cannot be supportable).
- Fixed a bug where the Compat List endpoint for Images omitted the `ContainerConfig` field ([#10795](https://github.com/containers/podman/issues/10795)).
- Fixed a bug where the Compat Pull endpoint for Images could fail, but return a 200 status code, if an image name that could not be parsed was provided.
- Fixed a bug where the Compat Pull endpoint for Images would continue to pull images after the client disconnected.
- Fixed a bug where the Compat List endpoint for Networks would fail for non-bridge (e.g. macvlan) networks ([#10266](https://github.com/containers/podman/issues/10266)).
- Fixed a bug where the Libpod List endpoint for Networks would return nil, instead of an empty list, when no networks were present ([#10495](https://github.com/containers/podman/issues/10495)).
- The Compat and Libpod Logs endpoints for Containers now support the `until` query parameter ([#10859](https://github.com/containers/podman/issues/10859)).
- The Compat Import endpoint for Images now supports the `platform`, `message`, and `repo` query parameters.
- The Compat Pull endpoint for Images now supports the `platform` query parameter.
[#]## Misc
- Updated Buildah to v1.22.0
- Updated the containers/storage library to v1.33.1
- Updated the containers/image library to v5.15.0
- Updated the containers/common library to v0.42.1
- Update storage to 1.36.0
1.36.0:
(*Store)Layer(): fix race when loading layers
Add Inodes to OverlayOptionsConfig
build(deps): bump github.com/Microsoft/hcsshim from 0.8.20 to 0.8.22
build(deps): bump github.com/containerd/stargz-snapshotter/estargz
build(deps): bump github.com/klauspost/compress from 1.13.4 to 1.13.5
build(deps): bump github.com/opencontainers/selinux from 1.8.4 to 1.8.5
chunked: cache all the files with the same digest
chunked: do not store the digest if it is empty
chunked: estargz support
chunked: fix linkat for rootless
chunked: restrict dedup with hard links
1.35.0:
chunked: add new pull options use_hard_links and enable_partial_images
build(deps): bump github.com/vbatts/tar-split from 0.11.1 to 0.11.2
build(deps): bump github.com/opencontainers/runc from 1.0.1 to 1.0.2
Update golang.org/x/sys
Add LayerOptions.OriginalDigest and LayerOptions.UncompressedDigest
Separate the IDMappingOptions logic from other LayerOptions work
Reorganize uncompressedCounter
Only compute {un,}compressedDigester.Digest() once
Reorganize the "defragmented" reader construction a bit.
Rename {un,}compressedDigest to {un,}compressedDigester
Have NewReadCloserWrapper pass through io.WriterTo
chunked: remove unused args
chunked: fix fd leak on error
chunked: remove unused argument missingDirsMode
chunked: add new pull option use_hard_links
chunked: allow to disable partial images feature
1.34.1:
types: on error fallback to filepath.Clean()
build(deps): bump github.com/klauspost/compress from 1.13.3 to 1.13.4
Add codespell fixes
ApplyDiff: compress saved headers without concurrency
build(deps): bump github.com/opencontainers/selinux from 1.8.3 to 1.8.4
1.34.0:
overlay: check for aufs-style whiteout at startup
Invert libsubid tag
1.33.2:
build(deps): bump github.com/BurntSushi/toml from 0.3.1 to 0.4.1
Follow symlinks if they exists
idtools: add support for libsubid
Makefile: use buildtags for golangci-lint
Cirrus: Use fresh VM & Container images
build(deps): bump github.com/opencontainers/selinux from 1.8.2 to 1.8.3
build(deps): bump github.com/klauspost/compress from 1.13.1 to 1.13.3
1.33.1:
Fix handling of quota on volumes
1.33.0:
Add inode support to quota
Creating fifo files while non root should be supported
Revert #952, we don't want to use /run/user on non systemd systems
Split pkg/chunked.ZstdCompressor into a separate subpackage
Update docs/containers-storage.conf.5.md
build(deps): bump github.com/opencontainers/runc from 1.0.0 to 1.0.1
overlay: check if we can mknod() kernel whiteout
- Update image to 5.16.0
v0.44.0:
* Add HelperBinariesDir field to engine config
* Add space trimming check in sysctl.Validate
* Cirrus: Use fresher VM images
* Fix `pkg/sysctl` path typo
* Fix the fallback runtime path
* Switch default Rootless Networking to "CNI" for OSX
* Update pkg/sysctl/sysctl.go
* add some cni plugin paths
* build(deps): bump github.com/containers/image/v5 from 5.15.0 to 5.16.0
* build(deps): bump github.com/containers/storage from 1.34.0 to 1.35.0
* build(deps): bump github.com/onsi/gomega from 1.15.0 to 1.16.0
* build(deps): bump github.com/opencontainers/runc from 1.0.1 to 1.0.2
* build(deps): bump github.com/opencontainers/selinux from 1.8.4 to 1.8.5
* docs/containers.conf.5.md: Fix manpage section
* fix untag + v0.43.2
* libimage: disk usage: catch corrupted images
* libimage: relax untag by digest checks
* path: dest paths inside container should always be treated as *nix type
* remove-image: Add optional `LookupManifest` to RemoveImagesOptions.
* runtime: Add ReturnManifestIfPresent to LookupImageOptions
* runtime: Add `ManifestList` to `LookupImageOptions`
* seccomp: allow memfd_secret
v0.43.2:
* libimage: relax untag by digest checks
* path: dest paths inside container should always be treated as *nix type
v0.43.1:
* Fix spelling mistakes
* Fix examples in containers.conf
v0.43.0:
* Add documentation for Containerfile and Dockerfile
* Remove no_libsubid flag
* Add machine_image to containers.conf
* build(deps): bump github.com/containers/storage from 1.33.1 to 1.34.0
* build(deps): bump github.com/opencontainers/selinux from 1.8.2 to 1.8.4
* Add machine_image to containers.conf
* Switch default logdriver and eventslogger to journald, if root
* build(deps): bump github.com/BurntSushi/toml from 0.3.1 to 0.4.1
* build(deps): bump github.com/onsi/gomega from 1.14.0 to 1.15.0
* libimage: {un}tag: reject digests
* build(deps): bump github.com/docker/docker from 20.10.7+incompatible to 20.10.8+incompatible
* style: complete containers#556 to-do list part 4
* build(deps): bump github.com/containers/image/v5 from 5.14.0 to 5.15.0
* set GOPROXY=https://proxy.golang.org
v0.42.1:
* pull: fallthrough for registry parsing errors
v0.42.0:
* Remove --accept-repositories flag
* pull policy: support camel cases
* Use authfile in options to search image
* vendor in containers/storage v1.33.0
* config: split arguments in DBUS_SESSION_BUS_ADDRESS
* pkg/seccomp: avoid DefaultErrnoRet: null
* Add and use libimage.Runtime.imageIDsForManifest()
* Add libimage/manifests.LockerForImage()
* Add support for path based registry in login/logout
* libimage: pull: normalize docker-daemon
* libimage: report all removed images
* libruntime: layer tree: handle empty images
* refine dangling filters
* libimage.RuntimeFromStore(): stop overriding the BlobInfoCache location
* build(deps): bump github.com/opencontainers/runc from 1.0.0 to 1.0.1
* pull with custom platform: handle "localhost/"
* User option to prepare container after creation for volume copy-up. Docker does this by default.
* add config option for ChownCopiedFiles
* build(deps): bump github.com/containers/storage from 1.32.5 to 1.32.6
* libimage: image tree: fix nil deref
- Comment out ostree_repo if it's blank [boo#1189893]
++++ libzypp:
- Make sure to keep states alives while transitioning
(bsc#1190199)
- May set techpreview variables for testing in /etc/zypp/zypp.conf.
If environment variables are unhandy one may enable the desired
techpreview in zypp.conf as well:
[main]
techpreview.ZYPP_SINGLE_RPMTRANS=1
techpreview.ZYPP_MEDIANETWORK=1
- version 17.28.4 (22)
++++ raspberrypi-firmware-dt:
- Update to 2425833c7ff5 (2021-09-17)
* Switch to 5.14 branch
* Drop upstream-overlay-rpi-poe.patch
++++ vim:
- Changed used terminal description in %check scriptlet from "linux"
to "xterm" as the former does not map <S-Tab> to <ESC>[Z
found by a fix in terminfo database of ncurses 6.2 patch 20210904
------------------------------------------------------------------
------------------ 2021-9-16 - Sep 16 2021 -------------------
------------------------------------------------------------------
++++ audit-secondary:
- Change default log_format from ENRICHED to RAW (bsc#1190500):
* add change-default-log_format.patch (SUSE-specific patch)
- Update to version 3.0.5:
* In auditd, flush uid/gid caches when user/group added/deleted/modified
* Fixed various issues when dealing with corrupted logs
* In auditd, check if log_file is valid before closing handle
- Include fixed from 3.0.4:
* Apply performance speedups to auparse library
* Optimize rule loading in auditctl
* Fix an auparse memory leak caused by glibc-2.33 by replacing realpath
* Update syscall table to the 5.14 kernel
* Fixed various issues when dealing with corrupted logs
++++ catatonit:
- Update to catatonit v0.1.6, which fixes a few bugs -- mainly ones related to
socket activation or features somewhat adjacent to socket activation (such as
passing file descriptors).
- Update catatonit-rpmlintrc in order to cover that static binaries are now an
error not a warning.
++++ cryptsetup:
- cryptsetup 2.4.1
* Fix compilation for libc implementations without dlvsym().
* Fix compilation and tests on systems with non-standard libraries
* Try to workaround some issues on systems without udev support.
* Fixes for OpenSSL3 crypto backend (including FIPS mode).
* Print error message when assigning a token to an inactive keyslot.
* Fix offset bug in LUKS2 encryption code if --offset option was used.
* Do not allow LUKS2 decryption for devices with data offset.
* Fix LUKS1 cryptsetup repair command for some specific problems.
++++ dbus-1:
- Fixed spec file regarding removing old update-alternatives
entries.
++++ gdk-pixbuf:
- Remove obsolete translation-update-upstream support
(jsc#SLE-21105).
++++ glib-networking:
- Remove obsolete translation-update-upstream support
(jsc#SLE-21105).
++++ glib2:
- Remove obsolete translation-update-upstream support
(jsc#SLE-21105).
++++ gsettings-desktop-schemas:
- Remove obsolete translation-update-upstream support
(jsc#SLE-21105).
++++ gstreamer:
- Stop building doc sub-package, we will in the future use
upstreams own standalone doc package. Following this: Drop
fdupes, gtk-doc and hotdoc BuildRequires, and fdupes call, no
longer needed nor usefull.
- Refresh patches with quilt.
- Remove obsolete translation-update-upstream and
gnome-patch-translation support (jsc#SLE-21105).
++++ gstreamer-plugins-base:
- Stop building doc sub-package, we will in the future use
upstreams own standalone doc package. Following this: Drop
fdupes, gtk-doc and hotdoc BuildRequires, and fdupes call, no
longer needed nor usefull.
- Remove obsolete translation-update-upstream support
(jsc#SLE-21105).
++++ gtk3:
- Remove obsolete translation-update-upstream support
(jsc#SLE-21105).
++++ iptables:
- Removed update-alternatives dependency in libalternatives mode.
++++ kernel-default:
- Linux 5.14.5 (bsc#1012628).
- Revert "posix-cpu-timers: Force next expiration recalc after
itimer reset" (bsc#1012628).
- Revert "time: Handle negative seconds correctly in
timespec64_to_ns()" (bsc#1012628).
- Delete
patches.suse/posix-cpu-timers-Fix-spuriously-armed-0-value-itimer.patch.
- commit 048e6c0
- crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
(bsc#1189884 CVE-2021-3744 bsc#1190534 CVE-2021-3764).
- commit e7a1776
- posix-cpu-timers: Fix spuriously armed 0-value itimer (timer
breakage).
- commit 2b37340
++++ less:
- Add missing runtime dependency on which, which it is used by lessopen.sh.
Fix bsc#1190552.
++++ audit:
- Update to version 3.0.5:
* In auditd, flush uid/gid caches when user/group added/deleted/modified
* Fixed various issues when dealing with corrupted logs
* In auditd, check if log_file is valid before closing handle
- Include fixed from 3.0.4:
* Apply performance speedups to auparse library
* Optimize rule loading in auditctl
* Fix an auparse memory leak caused by glibc-2.33 by replacing realpath
* Update syscall table to the 5.14 kernel
* Fixed various issues when dealing with corrupted logs
++++ avahi:
- Remove obsolete translation-update-upstream support
(jsc#SLE-21105).
++++ json-glib:
- Remove obsolete translation-update-upstream support
(jsc#SLE-21105).
++++ libsoup:
- Remove obsolete translation-update-upstream support
(jsc#SLE-21105).
++++ perl-Bootloader:
- merge gh#openSUSE/perl-bootloader#136
- report error if config file could not be updated (bsc#1188768)
- 0.936
++++ qemu:
- Fix testsuite dependencies (bsc#1190573)
* Patches added:
modules-quick-fix-a-fundamental-error-in.patch
++++ shared-mime-info:
- Remove obsolete translation-update-upstream support
(jsc#SLE-21105).
++++ u-boot-rpiarm64:
- Add sifiveunmatched flavor
++++ xkeyboard-config:
- Remove obsolete translation-update-upstream support
(jsc#SLE-21105).
------------------------------------------------------------------
------------------ 2021-9-15 - Sep 15 2021 -------------------
------------------------------------------------------------------
++++ curl:
- Temporarily disable flaky test 1184
* See https://github.com/curl/curl/issues/7725
- Update to 7.79.0: [bsc#1190213, CVE-2021-22945]
[bsc#1190373, CVE-2021-22946] [bsc#1190374, CVE-2021-22947]
* Changes:
- bearssl: support CURLOPT_CAINFO_BLOB
- http: consider cookies over localhost to be secure
- secure transport: support CURLINFO_CERTINFO
* Bugfixes:
- CVE-2021-22945: clear the leftovers pointer when sending succeeds
- CVE-2021-22946: do not ignore --ssl-reqd
- CVE-2021-22947: reject STARTTLS server response pipelining
- auth: do not append zero-terminator to authorisation id in kerberos
- auth: properly handle byte order in kerberos security message
- auth: use sasl authzid option in kerberos
- auth: we do not support a security layer after kerberos authentication
- c-hyper: deal with Expect: 100-continue combined with POSTFIELDS
- c-hyper: handle HTTP/1.1 => HTTP/1.0 downgrade on reused connection
- c-hyper: initial step for 100-continue support
- c-hyper: initial support for "dumping" 1xx HTTP responses
- curl-openssl.m4: show correct output for OpenSSL v3
- docs/MQTT: update state of username/password support
- docs: the security list is reached at security at curl.se now
- getparameter: fix the --local-port number parser
- hostip: Make Curl_ipv6works function independent of getaddrinfo
- http_proxy: fix the User-Agent inclusion in CONNECT
- http_proxy: fix user-agent and custom headers for CONNECT with hyper
- http_proxy: only wait for writable socket while sending request
- mailing lists: move from cool.haxx.se to lists.haxx.se
- mbedtls: avoid using a large buffer on the stack
- mbedTLS: initial 3.0.0 support
- ngtcp2: remove the acked_crypto_offset struct field init
- ngtcp2: replace deprecated functions with nghttp3_conn_shutdown_stream_read
- ngtcp2: reset the oustanding send buffer again when drained
- ngtcp2: rework the return value handling of ngtcp2_conn_writev_stream
- ngtcp2: stop buffering crypto data
- ngtcp2: utilize crypto API functions to simplify
- openssl: when creating a new context, there cannot be an old one
- scripts: invoke interpreters through /usr/bin/env
- tests/runtests.pl: cleanup copy&paste mistakes and unused code
- tests: be explicit about using 'python3' instead of 'python'
- tool/tests: fix potential year 2038 issues
- tool_operate: Fix --fail-early with parallel transfers
- x509asn1: fix heap over-read when parsing x509 certificates
* Rebase libcurl-ocloexec.patch
++++ e2fsprogs:
- Update to 1.46.4:
* Default to 256-byte inodes for all filesystems, not only larger ones
* Bigalloc is considered supported now for small cluster sizes
* E2fsck and e2image fixes for quota feature
* Fix mke2fs creation of filesystem into non-existent file
- libss-add-newer-libreadline.so.8-to-dlopen-path.patch: libss: add newer
libreadline.so.8 to dlopen path (bsc#1189453)
++++ gstreamer:
- Update to version 1.18.5:
+ aggregator:
- Release the SRC lock while querying latency
- Release pads' peeked buffer when removing the pad or
finalizing it
+ basesink: Don't swap rstart/rstop when stepping
+ basesrc: Print segments with GST_SEGMENT_FORMAT and not
GST_PTR_FORMAT
+ childproxy: init value in gst_child_proxy_get_property() if
needed
+ clocksync: Fix providing system clock by default
+ concat:
- Properly propagate seqnum of segment events
- adjust running time offsets on downstream events
- fix locking in SEGMENT event handler
+ downloadbuffer/sparsefile: several fixes for win32
+ element: NULL the lists of contexts in dispose()
+ multiqueue:
- Use running time of gap events for wakeups.
- Ensure peer pad exists when iterating internal links
+ pad:
- Keep IDLE probe hook alive during immediate callback
- Ensure last flow return is set on sink pads in push mode
- Don't spam the debug log at INFO level when default-chaining
a buffer list
- clear probes holding mutex
+ parse-launch:
- Fix a critical when using the : operator.
+ Don't do delayed property setting for top-level properties.
+ plugin: load plugins with unknown license strings
+ ptpclock: Don't leak the GList
+ queue2: Refuse all serialized queries when posting buffering
messages
+ systemclock: Update monotonic reference time when re-scheduling
+ High CPU usage in 1.18 (but not master) when pausing playback
in gnome-music
+ Don't use volatile to mean atomic (fixes compiler warnings with
gcc 11)
++++ gstreamer-plugins-base:
- Update to version 1.18.5:
+ appsrc: Don't leak buffer list while wrongly unreffing buffer
on EOS/flushing
+ audioaggregator:
- Don't overwrite already written samples
- Resync on the next buffer when dropping a buffer on discont
resyncing
+ audiobasesink: Fix of double lock release
+ audiobasesrc: Fix divide by zero assertion
+ clockoverlay: Fix broken string formatting by strftime() on
Windows
+ compositor: Fix NV12 blend operation
+ giosrc: Don't leak scheme string in gst_gio_src_query()
+ giobasesink: Handle incomplete writes in
gst_gio_base_sink_render()
+ gl/wayland:
- Use consistent wl_display when creating work queue for proxy
wrapper
- Provide a dummy global_remove function
+ gl: Fix build when Meson >= 0.58.0rc1
+ playbin2: fix base_time selection when flush seeking live (such
as with RTSP)
+ rtspconnection:
- Add IPv6 support for tunneled mode
- Consistently translate GIOError to GstRTSPResult (for
rtspsrc)
+ rawbaseparse: check destination format correctly
+ uridecodebin: Don't force floating reference for future
reusable decodebin
+ parsebin: Put stream flags in GstStream
+ splitmuxsink: always use factory property when set
+ video-converter: Set up matrix tables only once.
+ videoscale: Performance degradation from 1.16.2 -> 1.18.4
+ videotestsrc: Fix a leak when computing alpha caps
+ audio/video-converter: Plug some minor leaks
+ audio,video-format: Make generate_raw_formats idempotent for
assertions
+ Don't use volatile to mean atomic (fixes compiler warnings with
gcc 11)
+ Fix build issue on MinGW64
- Drop 90903917.patch: Fixed upstream.
++++ kernel-default:
- tools/bootconfig: Define memblock_free_ptr() to fix build error
(Build fix for tools.).
- commit 890a28b
- scripts/sorttable: riscv: fix undelcred identifier 'EM_RISCV'
error (e8965b25-f15b-c7b4-748c-d207dda9c8e8@i2se.com).
Fix build on systems with glibc-devel < 2.24.
- commit 62f1dd0
- config: disable ZERO_CALL_USED_REGS
This was enable due to a misunderstanding, I thought it was a workaround
for a recent CPU vulnerability. Now it rather seems to be just another
hardening with questionable gain and measurable performance impact.
- commit b09844e
- memblock: introduce saner 'memblock_free_ptr()' interface
(Fixes memory corruption on boot in 5.15-rc1).
- commit 4311d55
- config: disable CONFIG_SYSFB_SIMPLEFB
The new option in 5.15 is a rename from CONFIG_X86_SYSFB which we had disabled
due to bsc#855821. Moreover, enabling CONFIG_SYSFB_SIMPLEFB caused regression
on my UEFI desktop - no printk output on screen between grub's loading of
kernel and initrd, and a gpu modesetting driver taking over.
- commit 69dc36e
- Revert "rpm: Abolish scritplet templating (bsc#1189841)."
This reverts commit e98096d5cf85dbe90f74a930eb1f0e3fe4a70c7f.
"nothing provides suse-kernel-rpm-scriptlets". This is provided by
suse-module-tools which are not in TW quite yet. See:
https://build.opensuse.org/request/show/919012
So revert this temporarily.
- commit f924054
- Linux 5.14.4 (bsc#1012628).
- locking/mutex: Fix HANDOFF condition (bsc#1012628).
- regmap: fix the offset of register error log (bsc#1012628).
- regulator: tps65910: Silence deferred probe error (bsc#1012628).
- crypto: mxs-dcp - Check for DMA mapping errors (bsc#1012628).
- sched/deadline: Fix reset_on_fork reporting of DL tasks
(bsc#1012628).
- power: supply: axp288_fuel_gauge: Report register-address on
readb / writeb errors (bsc#1012628).
- crypto: omap-sham - clear dma flags only after
omap_sham_update_dma_stop() (bsc#1012628).
- sched/deadline: Fix missing clock update in migrate_task_rq_dl()
(bsc#1012628).
- rcu/tree: Handle VM stoppage in stall detection (bsc#1012628).
- EDAC/mce_amd: Do not load edac_mce_amd module on guests
(bsc#1012628).
- posix-cpu-timers: Force next expiration recalc after itimer
reset (bsc#1012628).
- hrtimer: Avoid double reprogramming in
__hrtimer_start_range_ns() (bsc#1012628).
- hrtimer: Ensure timerfd notification for HIGHRES=n
(bsc#1012628).
- udf: Check LVID earlier (bsc#1012628).
- udf: Fix iocharset=utf8 mount option (bsc#1012628).
- isofs: joliet: Fix iocharset=utf8 mount option (bsc#1012628).
- bcache: add proper error unwinding in bcache_device_init
(bsc#1012628).
- nbd: add the check to prevent overflow in __nbd_ioctl()
(bsc#1012628).
- blk-throtl: optimize IOPS throttle for large IO scenarios
(bsc#1012628).
- nvme-tcp: don't update queue count when failing to set io queues
(bsc#1012628).
- nvme-rdma: don't update queue count when failing to set io
queues (bsc#1012628).
- nvmet: pass back cntlid on successful completion (bsc#1012628).
- power: supply: smb347-charger: Add missing pin control
activation (bsc#1012628).
- power: supply: max17042_battery: fix typo in MAx17042_TOFF
(bsc#1012628).
- s390/cio: add dev_busid sysfs entry for each subchannel
(bsc#1012628).
- s390/zcrypt: fix wrong offset index for APKA master key valid
state (bsc#1012628).
- libata: fix ata_host_start() (bsc#1012628).
- sched/topology: Skip updating masks for non-online nodes
(bsc#1012628).
- crypto: omap - Fix inconsistent locking of device lists
(bsc#1012628).
- crypto: qat - do not ignore errors from enable_vf2pf_comms()
(bsc#1012628).
- crypto: qat - handle both source of interrupt in VF ISR
(bsc#1012628).
- crypto: qat - fix reuse of completion variable (bsc#1012628).
- crypto: qat - fix naming for init/shutdown VF to PF
notifications (bsc#1012628).
- crypto: qat - do not export adf_iov_putmsg() (bsc#1012628).
- crypto: hisilicon/sec - fix the abnormal exiting process
(bsc#1012628).
- crypto: hisilicon/sec - modify the hardware endian configuration
(bsc#1012628).
- crypto: tcrypt - Fix missing return value check (bsc#1012628).
- fcntl: fix potential deadlocks for &fown_struct.lock
(bsc#1012628).
- fcntl: fix potential deadlock for &fasync_struct.fa_lock
(bsc#1012628).
- udf_get_extendedattr() had no boundary checks (bsc#1012628).
- io-wq: remove GFP_ATOMIC allocation off schedule out path
(bsc#1012628).
- s390/kasan: fix large PMD pages address alignment check
(bsc#1012628).
- s390/pci: fix misleading rc in clp_set_pci_fn() (bsc#1012628).
- s390/debug: keep debug data on resize (bsc#1012628).
- s390/debug: fix debug area life cycle (bsc#1012628).
- s390/ap: fix state machine hang after failure to enable irq
(bsc#1012628).
- s390/smp: enable DAT before CPU restart callback is called
(bsc#1012628).
- sched/debug: Don't update sched_domain debug directories before
sched_debug_init() (bsc#1012628).
- power: supply: cw2015: use dev_err_probe to allow deferred probe
(bsc#1012628).
- m68k: emu: Fix invalid free in nfeth_cleanup() (bsc#1012628).
- crypto: x86/aes-ni - add missing error checks in XTS code
(bsc#1012628).
- sched/numa: Fix is_core_idle() (bsc#1012628).
- sched: Fix UCLAMP_FLAG_IDLE setting (bsc#1012628).
- rcu: Fix to include first blocked task in stall warning
(bsc#1012628).
- rcu: Fix stall-warning deadlock due to non-release of rcu_node
- >lock (bsc#1012628).
- m68k: Fix invalid RMW_INSNS on CPUs that lack CAS (bsc#1012628).
- block: return ELEVATOR_DISCARD_MERGE if possible (bsc#1012628).
- spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config
(bsc#1012628).
- spi: spi-pic32: Fix issue with uninitialized dma_slave_config
(bsc#1012628).
- genirq/timings: Fix error return code in irq_timings_test_irqs()
(bsc#1012628).
- irqchip/loongson-pch-pic: Improve edge triggered interrupt
support (bsc#1012628).
- lib/mpi: use kcalloc in mpi_resize (bsc#1012628).
- clocksource/drivers/sh_cmt: Fix wrong setting if don't request
IRQ for clock source channel (bsc#1012628).
- nbd: do del_gendisk() asynchronously for
NBD_DESTROY_ON_DISCONNECT (bsc#1012628).
- block: nbd: add sanity check for first_minor (bsc#1012628).
- spi: coldfire-qspi: Use clk_disable_unprepare in the remove
function (bsc#1012628).
- irqchip/apple-aic: Fix irq_disable from within irq handlers
(bsc#1012628).
- irqchip/gic-v3: Fix priority comparison when non-secure
priorities are used (bsc#1012628).
- crypto: qat - use proper type for vf_mask (bsc#1012628).
- m68k: Fix asm register constraints for atomic ops (bsc#1012628).
- certs: Trigger creation of RSA module signing key if it's not
an RSA key (bsc#1012628).
- tpm: ibmvtpm: Avoid error message when process gets signal
while waiting (bsc#1012628).
- EDAC/i10nm: Fix NVDIMM detection (bsc#1012628).
- x86/mce: Defer processing of early errors (bsc#1012628).
- spi: davinci: invoke chipselect callback (bsc#1012628).
- blk-crypto: fix check for too-large dun_bytes (bsc#1012628).
- regulator: vctrl: Use locked regulator_get_voltage in probe path
(bsc#1012628).
- regulator: vctrl: Avoid lockdep warning in enable/disable ops
(bsc#1012628).
- spi: sprd: Fix the wrong WDG_LOAD_VAL (bsc#1012628).
- spi: spi-zynq-qspi: use wait_for_completion_timeout to make
zynq_qspi_exec_mem_op not interruptible (bsc#1012628).
- drm/panfrost: Fix missing clk_disable_unprepare() on error in
panfrost_clk_init() (bsc#1012628).
- drm/gma500: Fix end of loop tests for list_for_each_entry
(bsc#1012628).
- ASoC: mediatek: mt8192:Fix Unbalanced pm_runtime_enable in
mt8192_afe_pcm_dev_probe (bsc#1012628).
- ASoC: mediatek: mt8183: Fix Unbalanced pm_runtime_enable in
mt8183_afe_pcm_dev_probe (bsc#1012628).
- ASoC: tlv320aic32x4: Fix TAS2505/TAS2521 channel count
(bsc#1012628).
- media: atmel: atmel-sama5d2-isc: fix YUYV format (bsc#1012628).
- media: TDA1997x: enable EDID support (bsc#1012628).
- leds: is31fl32xx: Fix missing error code in
is31fl32xx_parse_dt() (bsc#1012628).
- soc: rockchip: ROCKCHIP_GRF should not default to y,
unconditionally (bsc#1012628).
- media: cxd2880-spi: Fix an error handling path (bsc#1012628).
- drm/of: free the right object (bsc#1012628).
- bpf: Fix a typo of reuseport map in bpf.h (bsc#1012628).
- bpf: Fix potential memleak and UAF in the verifier
(bsc#1012628).
- drm/of: free the iterator object on failure (bsc#1012628).
- gve: fix the wrong AdminQ buffer overflow check (bsc#1012628).
- libbpf: Fix the possible memory leak on error (bsc#1012628).
- ARM: dts: aspeed-g6: Fix HVI3C function-group in pinctrl dtsi
(bsc#1012628).
- ARM: dts: everest: Add phase corrections for eMMC (bsc#1012628).
- arm64: dts: renesas: r8a77995: draak: Remove bogus adv7511w
properties (bsc#1012628).
- i40e: improve locking of mac_filter_hash (bsc#1012628).
- arm64: dts: qcom: sc7180: Set adau wakeup delay to 80 ms
(bsc#1012628).
- soc: qcom: rpmhpd: Use corner in power_off (bsc#1012628).
- libbpf: Fix removal of inner map in bpf_object__create_map
(bsc#1012628).
- gfs2: Fix memory leak of object lsi on error return path
(bsc#1012628).
- arm64: dts: qcom: sm8250: fix usb2 qmp phy node (bsc#1012628).
- bpf, selftests: Fix test_maps now that sockmap supports UDP
(bsc#1012628).
- firmware: fix theoretical UAF race with firmware cache and
resume (bsc#1012628).
- driver core: Fix error return code in really_probe()
(bsc#1012628).
- ionic: cleanly release devlink instance (bsc#1012628).
- media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init
(bsc#1012628).
- media: dvb-usb: fix uninit-value in vp702x_read_mac_addr
(bsc#1012628).
- media: dvb-usb: Fix error handling in dvb_usb_i2c_init
(bsc#1012628).
- net: usb: asix: ax88772: add missing stop (bsc#1012628).
- media: go7007: fix memory leak in go7007_usb_probe
(bsc#1012628).
- media: go7007: remove redundant initialization (bsc#1012628).
- media: v4l2-subdev: fix some NULL vs IS_ERR() checks
(bsc#1012628).
- media: rockchip/rga: fix error handling in probe (bsc#1012628).
- media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats
(bsc#1012628).
- media: atomisp: fix the uninitialized use and rename "retvalue"
(bsc#1012628).
- Bluetooth: sco: prevent information leak in
sco_conn_defer_accept() (bsc#1012628).
- Bluetooth: btusb: Fix a unspported condition to set available
debug features (bsc#1012628).
- 6lowpan: iphc: Fix an off-by-one check of array index
(bsc#1012628).
- drm/amdgpu/acp: Make PM domain really work (bsc#1012628).
- drm/amd/pm: Fix a bug communicating with the SMU (v5)
(bsc#1012628).
- tcp: seq_file: Avoid skipping sk during tcp_seek_last_pos
(bsc#1012628).
- ARM: dts: meson8: Use a higher default GPU clock frequency
(bsc#1012628).
- ARM: dts: meson8b: odroidc1: Fix the pwm regulator supply
properties (bsc#1012628).
- ARM: dts: meson8b: mxq: Fix the pwm regulator supply properties
(bsc#1012628).
- ARM: dts: meson8b: ec100: Fix the pwm regulator supply
properties (bsc#1012628).
- net/mlx5e: Prohibit inner indir TIRs in IPoIB (bsc#1012628).
- net/mlx5e: Block LRO if firmware asks for tunneled LRO
(bsc#1012628).
- cgroup/cpuset: Fix a partition bug with hotplug (bsc#1012628).
- drm: mxsfb: Enable recovery on underflow (bsc#1012628).
- drm: mxsfb: Increase number of outstanding requests on V4 and
newer HW (bsc#1012628).
- drm: mxsfb: Clear FIFO_CLEAR bit (bsc#1012628).
- net: cipso: fix warnings in netlbl_cipsov4_add_std
(bsc#1012628).
- net: ti: am65-cpsw-nuss: fix wrong devlink release order
(bsc#1012628).
- drm: rcar-du: Don't put reference to drm_device in
rcar_du_remove() (bsc#1012628).
- Bluetooth: mgmt: Fix wrong opcode in the response for add_adv
cmd (bsc#1012628).
- drm/amd/pm: Fix a bug in semaphore double-lock (bsc#1012628).
- lib/test_scanf: Handle n_bits == 0 in random tests
(bsc#1012628).
- libbpf: Return non-null error on failures in
libbpf_find_prog_btf_id() (bsc#1012628).
- tools: Free BTF objects at various locations (bsc#1012628).
- arm64: dts: renesas: hihope-rzg2-ex: Add EtherAVB internal rx
delay (bsc#1012628).
- net/mlx5: Fix missing return value in
mlx5_devlink_eswitch_inline_mode_set() (bsc#1012628).
- i2c: highlander: add IRQ check (bsc#1012628).
- leds: lgm-sso: Put fwnode in any case during ->probe()
(bsc#1012628).
- leds: lgm-sso: Don't spam logs when probe is deferred
(bsc#1012628).
- leds: lt3593: Put fwnode in any case during ->probe()
(bsc#1012628).
- leds: rt8515: Put fwnode in any case during ->probe()
(bsc#1012628).
- leds: trigger: audio: Add an activate callback to ensure the
initial brightness is set (bsc#1012628).
- media: em28xx-input: fix refcount bug in em28xx_usb_disconnect
(bsc#1012628).
- media: omap3isp: Fix missing unlock in
isp_subdev_notifier_complete() (bsc#1012628).
- media: venus: hfi: fix return value check in
sys_get_prop_image_version() (bsc#1012628).
- media: venus: venc: Fix potential null pointer dereference on
pointer fmt (bsc#1012628).
- media: venus: helper: do not set constrained parameters for UBWC
(bsc#1012628).
- soc: mmsys: mediatek: add mask to mmsys routes (bsc#1012628).
- PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently
(bsc#1012628).
- PCI: PM: Enable PME if it can be signaled from D3cold
(bsc#1012628).
- bpf, samples: Add missing mprog-disable to xdp_redirect_cpu's
optstring (bsc#1012628).
- soc: qcom: smsm: Fix missed interrupts if state changes while
masked (bsc#1012628).
- net: dsa: build tag_8021q.c as part of DSA core (bsc#1012628).
- net: dsa: tag_sja1105: optionally build as module when switch
driver is module if PTP is enabled (bsc#1012628).
- debugfs: Return error during {full/open}_proxy_open() on rmmod
(bsc#1012628).
- Bluetooth: increase BTNAMSIZ to 21 chars to fix potential
buffer overflow (bsc#1012628).
- arm64: dts: qcom: sc7280: Fixup the cpufreq node (bsc#1012628).
- arm64: dts: qcom: sm8350: fix IPA interconnects (bsc#1012628).
- drm: bridge: it66121: Check drm_bridge_attach retval
(bsc#1012628).
- net: ti: am65-cpsw-nuss: fix RX IRQ state after .ndo_stop()
(bsc#1012628).
- net: dsa: stop syncing the bridge mcast_router attribute at
join time (bsc#1012628).
- net: dsa: mt7530: remove the .port_set_mrouter implementation
(bsc#1012628).
- net: dsa: don't disable multicast flooding to the CPU even
without an IGMP querier (bsc#1012628).
- PM: EM: Increase energy calculation precision (bsc#1012628).
- selftests/bpf: Fix bpf-iter-tcp4 test to print correctly the
dest IP (bsc#1012628).
- leds: lgm-sso: Propagate error codes from callee to caller
(bsc#1012628).
- drm/msm: Fix error return code in msm_drm_init() (bsc#1012628).
- drm/msm/mdp4: refactor HW revision detection into
read_mdp_hw_revision (bsc#1012628).
- drm/msm/mdp4: move HW revision detection to earlier phase
(bsc#1012628).
- drm/msm/dp: update is_connected status base on sink count at
dp_pm_resume() (bsc#1012628).
- drm/msm/dpu: make dpu_hw_ctl_clear_all_blendstages clear
necessary LMs (bsc#1012628).
- arm64: dts: exynos: correct GIC CPU interfaces address range
on Exynos7 (bsc#1012628).
- counter: 104-quad-8: Return error when invalid mode during
ceiling_write (bsc#1012628).
- cgroup/cpuset: Miscellaneous code cleanup (bsc#1012628).
- cgroup/cpuset: Fix violation of cpuset locking rule
(bsc#1012628).
- ASoC: Intel: Fix platform ID matching (bsc#1012628).
- Bluetooth: fix repeated calls to sco_sock_kill (bsc#1012628).
- drm/msm/dsi: Fix some reference counted resource leaks
(bsc#1012628).
- drm/msm/dp: replug event is converted into an unplug followed
by an plug events (bsc#1012628).
- net/mlx5: Fix unpublish devlink parameters (bsc#1012628).
- ASoC: rt5682: Properly turn off regulators if wrong device ID
(bsc#1012628).
- usb: dwc3: meson-g12a: add IRQ check (bsc#1012628).
- usb: dwc3: qcom: add IRQ check (bsc#1012628).
- usb: gadget: udc: at91: add IRQ check (bsc#1012628).
- usb: gadget: udc: s3c2410: add IRQ check (bsc#1012628).
- mac80211: remove unnecessary NULL check in
ieee80211_register_hw() (bsc#1012628).
- usb: misc: brcmstb-usb-pinmap: add IRQ check (bsc#1012628).
- usb: phy: fsl-usb: add IRQ check (bsc#1012628).
- usb: phy: twl6030: add IRQ checks (bsc#1012628).
- usb: gadget: udc: renesas_usb3: Fix soc_device_match() abuse
(bsc#1012628).
- selftests/bpf: Fix test_core_autosize on big-endian machines
(bsc#1012628).
- devlink: Clear whole devlink_flash_notify struct (bsc#1012628).
- samples: pktgen: add missing IPv6 option to pktgen scripts
(bsc#1012628).
- net: stmmac: fix INTR TBU status affecting irq count statistic
(bsc#1012628).
- PM: cpu: Make notifier chain use a raw_spinlock_t (bsc#1012628).
- usb: host: ohci-tmio: add IRQ check (bsc#1012628).
- usb: phy: tahvo: add IRQ check (bsc#1012628).
- libbpf: Re-build libbpf.so when libbpf.map changes
(bsc#1012628).
- mac80211: Fix insufficient headroom issue for AMSDU
(bsc#1012628).
- locking/local_lock: Add missing owner initialization
(bsc#1012628).
- lockd: Fix invalid lockowner cast after vfs_test_lock
(bsc#1012628).
- SUNRPC: Fix a NULL pointer deref in trace_svc_stats_latency()
(bsc#1012628).
- nfsd4: Fix forced-expiry locking (bsc#1012628).
- arm64: dts: marvell: armada-37xx: Extend PCIe MEM space
(bsc#1012628).
- clk: staging: correct reference to config IOMEM to config
HAS_IOMEM (bsc#1012628).
- i2c: synquacer: fix deferred probing (bsc#1012628).
- hwmon: (pmbus/bpa-rs600) Don't use rated limits as warn limits
(bsc#1012628).
- hwmon: remove amd_energy driver in Makefile (bsc#1012628).
- ASoC: fsl_rpmsg: Check -EPROBE_DEFER for getting clocks
(bsc#1012628).
- firmware: raspberrypi: Fix a leak in 'rpi_firmware_get()'
(bsc#1012628).
- usb: gadget: mv_u3d: request_irq() after initializing UDC
(bsc#1012628).
- mm/swap: consider max pages in iomap_swapfile_add_extent
(bsc#1012628).
- lkdtm: replace SCSI_DISPATCH_CMD with SCSI_QUEUE_RQ
(bsc#1012628).
- Bluetooth: add timeout sanity check to hci_inquiry
(bsc#1012628).
- i2c: iop3xx: fix deferred probing (bsc#1012628).
- i2c: s3c2410: fix IRQ check (bsc#1012628).
- i2c: hix5hd2: fix IRQ check (bsc#1012628).
- gfs2: init system threads before freeze lock (bsc#1012628).
- drm/exynos: g2d: fix missing unlock on error in
g2d_runqueue_worker() (bsc#1012628).
- rsi: fix error code in rsi_load_9116_firmware() (bsc#1012628).
- rsi: fix an error code in rsi_probe() (bsc#1012628).
- octeontx2-af: cn10k: Fix SDP base channel number (bsc#1012628).
- octeontx2-pf: send correct vlan priority mask to
npc_install_flow_req (bsc#1012628).
- octeontx2-af: Check capability flag while freeing ipolicer
memory (bsc#1012628).
- octeontx2-pf: Don't install VLAN offload rule if netdev is down
(bsc#1012628).
- octeontx2-pf: Fix algorithm index in MCAM rules with RSS action
(bsc#1012628).
- octeontx2-af: cn10k: Use FLIT0 register instead of FLIT1
(bsc#1012628).
- m68k: coldfire: return success for clk_enable(NULL)
(bsc#1012628).
- ASoC: Intel: kbl_da7219_max98927: Fix format selection for
max98373 (bsc#1012628).
- ASoC: Intel: Skylake: Leave data as is when invoking TLV IPCs
(bsc#1012628).
- ASoC: Intel: Skylake: Fix module resource and format selection
(bsc#1012628).
- mmc: sdhci: Fix issue with uninitialized dma_slave_config
(bsc#1012628).
- mmc: dw_mmc: Fix issue with uninitialized dma_slave_config
(bsc#1012628).
- mmc: moxart: Fix issue with uninitialized dma_slave_config
(bsc#1012628).
- ASoC: wm_adsp: Put debugfs_remove_recursive back in
(bsc#1012628).
- bpf: Fix possible out of bound write in narrow load handling
(bsc#1012628).
- hv_utils: Set the maximum packet size for VSS driver to the
length of the receive buffer (bsc#1012628).
- CIFS: Fix a potencially linear read overflow (bsc#1012628).
- i2c: mt65xx: fix IRQ check (bsc#1012628).
- i2c: xlp9xx: fix main IRQ check (bsc#1012628).
- octeontx2-pf: cn10k: Fix error return code in
otx2_set_flowkey_cfg() (bsc#1012628).
- usb: ehci-orion: Handle errors of clk_prepare_enable() in probe
(bsc#1012628).
- usb: bdc: Fix an error handling path in 'bdc_probe()' when no
suitable DMA config is available (bsc#1012628).
- usb: bdc: Fix a resource leak in the error handling path of
'bdc_probe()' (bsc#1012628).
- tty: serial: fsl_lpuart: fix the wrong mapbase value
(bsc#1012628).
- ASoC: wcd9335: Fix a double irq free in the remove function
(bsc#1012628).
- ASoC: wcd9335: Fix a memory leak in the error handling path
of the probe function (bsc#1012628).
- ASoC: wcd9335: Disable irq on slave ports in the remove function
(bsc#1012628).
- iwlwifi: skip first element in the WTAS ACPI table
(bsc#1012628).
- net/mlx5: Lag, fix multipath lag activation (bsc#1012628).
- net/mlx5: Remove all auxiliary devices at the unregister event
(bsc#1012628).
- net/mlx5e: Fix possible use-after-free deleting fdb rule
(bsc#1012628).
- net/mlx5: E-Switch, Set vhca id valid flag when creating indir
fwd group (bsc#1012628).
- net/mlx5e: Use correct eswitch for stack devices with lag
(bsc#1012628).
- misc/pvpanic: fix set driver data (bsc#1012628).
- ice: fix Tx queue iteration for Tx timestamp enablement
(bsc#1012628).
- ice: add lock around Tx timestamp tracker flush (bsc#1012628).
- ice: restart periodic outputs around time changes (bsc#1012628).
- ice: Only lock to update netdev dev_addr (bsc#1012628).
- net: phy: marvell10g: fix broken PHY interrupts for anyone
after us in the driver probe list (bsc#1012628).
- ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point()
(bsc#1012628).
- ALSA: usb-audio: Add lowlatency module option (bsc#1012628).
- atlantic: Fix driver resume flow (bsc#1012628).
- bcma: Fix memory leak for internally-handled cores
(bsc#1012628).
- brcmfmac: pcie: fix oops on failure to resume and reprobe
(bsc#1012628).
- ipv6: make exception cache less predictible (bsc#1012628).
- ipv4: make exception cache less predictible (bsc#1012628).
- net: qrtr: make checks in qrtr_endpoint_post() stricter
(bsc#1012628).
- sch_htb: Fix inconsistency when leaf qdisc creation fails
(bsc#1012628).
- net: sched: Fix qdisc_rate_table refcount leak when get
tcf_block failed (bsc#1012628).
- net: qualcomm: fix QCA7000 checksum handling (bsc#1012628).
- octeontx2-af: Fix loop in free and unmap counter (bsc#1012628).
- octeontx2-af: Fix mailbox errors in nix_rss_flowkey_cfg
(bsc#1012628).
- octeontx2-af: Fix static code analyzer reported issues
(bsc#1012628).
- octeontx2-af: Set proper errorcode for IPv4 checksum errors
(bsc#1012628).
- ipv4: fix endianness issue in inet_rtm_getroute_build_skb()
(bsc#1012628).
- ASoC: rt5682: Remove unused variable in rt5682_i2c_remove()
(bsc#1012628).
- iwlwifi Add support for ax201 in Samsung Galaxy Book Flex2 Alpha
(bsc#1012628).
- f2fs: guarantee to write dirty data when enabling checkpoint
back (bsc#1012628).
- time: Handle negative seconds correctly in timespec64_to_ns()
(bsc#1012628).
- auxdisplay: hd44780: Fix oops on module unloading (bsc#1012628).
- io_uring: limit fixed table size by RLIMIT_NOFILE (bsc#1012628).
- io_uring: IORING_OP_WRITE needs hash_reg_file set (bsc#1012628).
- io_uring: io_uring_complete() trace should take an integer
(bsc#1012628).
- io_uring: fail links of cancelled timeouts (bsc#1012628).
- bio: fix page leak bio_add_hw_page failure (bsc#1012628).
- raid1: ensure write behind bio has less than BIO_MAX_VECS
sectors (bsc#1012628).
- cifs: Do not leak EDEADLK to dgetents64 for
STATUS_USER_SESSION_DELETED (bsc#1012628).
- smb3: fix posix extensions mount option (bsc#1012628).
- tty: Fix data race between tiocsti() and flush_to_ldisc()
(bsc#1012628).
- perf/x86/intel/uncore: Fix IIO cleanup mapping procedure for
SNR/ICX (bsc#1012628).
- Revert "KVM: x86: mmu: Add guest physical address check in
translate_gpa()" (bsc#1012628).
- KVM: s390: index kvm->arch.idle_mask by vcpu_idx (bsc#1012628).
- KVM: x86: Update vCPU's hv_clock before back to guest when
tsc_offset is adjusted (bsc#1012628).
- KVM: x86: clamp host mapping level to max_level in
kvm_mmu_max_mapping_level (bsc#1012628).
- KVM: x86/mmu: Avoid collision with !PRESENT SPTEs in TDP MMU
lpage stats (bsc#1012628).
- KVM: VMX: avoid running vmx_handle_exit_irqoff in case of
emulation (bsc#1012628).
- KVM: nVMX: Unconditionally clear nested.pi_pending on nested
VM-Enter (bsc#1012628).
- KVM: arm64: Unregister HYP sections from kmemleak in protected
mode (bsc#1012628).
- KVM: arm64: vgic: Resample HW pending state on deactivation
(bsc#1012628).
- ARM: dts: at91: add pinctrl-{names, 0} for all gpios
(bsc#1012628).
- io-wq: check max_worker limits if a worker transitions bound
state (bsc#1012628).
- md/raid10: Remove unnecessary rcu_dereference in
raid10_handle_discard (bsc#1012628).
- char: tpm: Kconfig: remove bad i2c cr50 select (bsc#1012628).
- fuse: truncate pagecache on atomic_o_trunc (bsc#1012628).
- fuse: flush extending writes (bsc#1012628).
- fuse: wait for writepages in syncfs (bsc#1012628).
- IMA: remove -Wmissing-prototypes warning (bsc#1012628).
- IMA: remove the dependency on CRYPTO_MD5 (bsc#1012628).
- fbmem: don't allow too huge resolutions (bsc#1012628).
- ACPI: PRM: Find PRMT table before parsing it (bsc#1012628).
- RDMA/mlx5: Fix number of allocated XLT entries (bsc#1012628).
- bootconfig: Fix missing return check of xbc_node_compose_key
function (bsc#1012628).
- backlight: pwm_bl: Improve bootloader/kernel device handover
(bsc#1012628).
- parisc: Fix unaligned-access crash in bootloader (bsc#1012628).
- clk: kirkwood: Fix a clocking boot regression (bsc#1012628).
- devlink: Break parameter notification sequence to be
before/after unload/load driver (bsc#1012628).
- Refresh
patches.suse/Bluetooth-schedule-SCO-timeouts-with-delayed_work.patch.
- Refresh patches.suse/Bluetooth-switch-to-lock_sock-in-SCO.patch.
- Update config files.
- commit 8706151
- drm/i915/dp: Use max params for panels < eDP 1.4 (bsc#1190506).
- commit ca483c1
++++ libXi:
- Update to version 1.8
* This release of libXi marks the support of XI 2.4 touchpad
gesture events official. This feature is the only difference
between libXi 1.8 and the latest release in the 1.7.x series
(1.7.10).
++++ libtirpc:
- Backport DoS vulnerability fix 0001-Fix-DoS-vulnerability-in-libtirpc.patch
- Replace %setup with %autosetup
++++ pam:
- Rename motd.tmpfiles to pam.tmpfiles
- Add /run/faillock directory
++++ salt:
- Exclude the full path of a download URL to prevent injection of
malicious code (bsc#1190265) (CVE-2021-21996)
- Added:
* exclude-the-full-path-of-a-download-url-to-prevent-i.patch
++++ u-boot-rpiarm64:
- Update to 2021.10-rc4
- Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.10
* Patches dropped:
0014-btrfs-Use-default-subvolume-as-file.patch
------------------------------------------------------------------
------------------ 2021-9-14 - Sep 14 2021 -------------------
------------------------------------------------------------------
++++ NetworkManager:
- Remove obsolete translation-update-upstream support
(jsc#SLE-21105).
++++ libalternatives:
- Update to version v1.2+3.b848aad:
* tests: fix array overrun in unit tests
- Use noun phrase for the summary; fix grammar in description.
++++ ansible:
- update to 2.9.26
++++ dnsmasq:
- Added hardening to systemd service(s) (bsc#1181400).
++++ e2fsprogs:
- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
* harden_e2scrub@.service.patch
* harden_e2scrub_all.service.patch
* harden_e2scrub_fail@.service.patch
* harden_e2scrub_reap.service.patch
++++ libfido2:
- Update to version 1.8.0:
* Dropped 'Requires.private' entry from pkg-config file.
* Better support for FIDO 2.1 authenticators.
* Support for Windows's native webauthn API.
* Support for attestation format 'none'.
* New API calls:
- fido_assert_set_clientdata;
- fido_cbor_info_algorithm_cose;
- fido_cbor_info_algorithm_count;
- fido_cbor_info_algorithm_type;
- fido_cbor_info_transports_len;
- fido_cbor_info_transports_ptr;
- fido_cred_set_clientdata;
- fido_cred_set_id;
- fido_credman_set_dev_rk;
- fido_dev_is_winhello.
* fido2-token: new -Sc option to update a resident credential.
* Documentation and reliability fixes.
* HID access serialisation on Linux.
- disable fix-cmake-linking.patch, not needed currently
++++ libvirt:
- libxl: Improve reporting of die_id in capabilities
b75a16ae-libxl-improve-die-id.patch
boo#1190493
- libxl: Fix driver reload
65fab900-libxl-fix-driver-reload.patch,
51eb680b-libxl-dont-autostart-on-reload.patch
bsc#1190420
++++ qemu:
- Replace patch to fix hardcoded binfmt handler
(bsc#1186256)
* Patches dropped:
qemu-binfmt-conf.sh-allow-overriding-SUS.patch
* Patches added:
qemu-binfmt-conf.sh-should-use-F-as-shor.patch
- Stable fixes from upstream
* Patches added:
9pfs-fix-crash-in-v9fs_walk.patch
i386-cpu-Remove-AVX_VNNI-feature-from-Co.patch
plugins-do-not-limit-exported-symbols-if.patch
plugins-execlog-removed-unintended-s-at-.patch
qemu-sockets-fix-unix-socket-path-copy-a.patch
target-i386-add-missing-bits-to-CR4_RESE.patch
virtio-balloon-don-t-start-free-page-hin.patch
++++ raspberrypi-firmware:
- Update to b80f36b3fb (2021-09-13):
* firmware: hdmi_2711: Use HDMI block REPEAT_PIXEL instead of PV
See: https://forum.libreelec.tv/thread/24415-le-10-beta-for-i4-force-hdmi-resolution
* firmware: DSI display autodetection for kms
* firmware: arm_dt: Load overlays for detected cameras
* firmware: Make more use of the user-warnings DT property
* firmware: arm_loader: Consider required flags from GET_CLOCK_RATE
See: #1598
* firmware: arm_loader: Make most arm clock requests required
See: #1598
* firmware: firmware: Disable VLL loading from file system
See: #1605
* firmware: video_decode: Use the ISP instead of vc_image_convert
* firmware: video_decode: Correct support for YVU formats using ISP
* firmware: arm_dt: Limit CMA to 256MB if total_mem < 2GB or gpu_mem > 256MB
See: #1603
* firmware: hdmi_cec: Remove TX/RX SW_INIT on power_on
See: Hexxeh/rpi-firmware#267
See: https://www.raspberrypi.org/forums/viewtopic.php?p=1895082#p1895082
* firmware: cec: Avoid sending messages with kms
See: raspberrypi/linux#4460
* firmware: Revert: video_decode: Use the ISP instead of vc_image_convert
* firmware: isp: Set the YUV420/YVU420 format stride to 64 byte
* arm_loader: Add message to release firmware framebuffer
* firmware: video_decode: Use the ISP instead of vc_image_convert
* firmware: hdmi-2711: Wait for HDMI hardware scheduler to activate in HDMI mode
* firmware: bcm_host: Recognise all Pi 4 variants, add BCM2711
See: raspberrypi/userland#695
* firmware: PoE+ HAT support
See: raspberrypi/linux#4367
* firmware: arm_loader: Use Pi4 bootloader MAC_ADDRESS if set
* firmware: platform: Apply ARM thermal throttling rules on BCM2711
* firmware: dt-blob.dts: Correct HDMI HPD and EMMC_ENABLE for CM4
See: https://www.raspberrypi.org/forums/viewtopic.php?f=29&p=1858516
* firmware: vcfw/hdmi: CUSTOM modes used for FKMS didn't set RGB quant range correctly
See: #1580
* firmware: platform: Remove build-time constant for MICROVOLTS_PER_PIP
* firmware: Pi400: Reduce MII clock freq when probing ethernet PHY
* firmware: isp: Ensure the VRF is locked when setting up video colour denoise
See: raspberrypi/libcamera-apps#19
* firmware: isp: Remove custom EV mappings from camera tunings
* firmware: Add support for board-type=0xXX conditional filters in bootloader, bootcode and firmware
* firmware: Two UART1 patches
See: #1566
* firmware: arm_loader: kernel_old=1 should force kernel_address=0
See: #1561
* firmware: scalerlib: Fix offset applied to x coordinate of YUV10COL image
See: https://forum.kodi.tv/showthread.php?tid=361164&pid=3024654#pid3024654
* firmware: vcfw/power: Add a new latch for power_pad_control
See: #1552
* firmware: board-info: Fix memsize on 3B+
* firmware: Move core to PLLA and support accurate clk108
See: xbmc/xbmc#19263
* firmware: board_info: Separate memory size from OTP field encoding
* firmware: power: Swap DA9090 ADC assignments to match XR77004
* firmware: vl805: Remove redundant log statement and fix warning
* firmware: power: Fix DA9090 ADC1 register definition
* firmware: arm_loader: Only report clocks arm has set, not siblings
* firmware: arm_loader: Don't report clocks set as turbo side effect of arm clock
* firmware: arm_loader: 2711: gpu clocks are not dependant
* firmware: platform: Need to clear cached versions of get_max_clock_internal vars
* firmware: video_decode: For VC1/WMV with no signalled header bytes, use start of 1st buffer
See: raspberrypi/linux#4113
++++ raspberrypi-firmware-config:
- Update to b80f36b3fb (2021-09-13):
* firmware: hdmi_2711: Use HDMI block REPEAT_PIXEL instead of PV
See: https://forum.libreelec.tv/thread/24415-le-10-beta-for-i4-force-hdmi-resolution
* firmware: DSI display autodetection for kms
* firmware: arm_dt: Load overlays for detected cameras
* firmware: Make more use of the user-warnings DT property
* firmware: arm_loader: Consider required flags from GET_CLOCK_RATE
See: #1598
* firmware: arm_loader: Make most arm clock requests required
See: #1598
* firmware: firmware: Disable VLL loading from file system
See: #1605
* firmware: video_decode: Use the ISP instead of vc_image_convert
* firmware: video_decode: Correct support for YVU formats using ISP
* firmware: arm_dt: Limit CMA to 256MB if total_mem < 2GB or gpu_mem > 256MB
See: #1603
* firmware: hdmi_cec: Remove TX/RX SW_INIT on power_on
See: Hexxeh/rpi-firmware#267
See: https://www.raspberrypi.org/forums/viewtopic.php?p=1895082#p1895082
* firmware: cec: Avoid sending messages with kms
See: raspberrypi/linux#4460
* firmware: Revert: video_decode: Use the ISP instead of vc_image_convert
* firmware: isp: Set the YUV420/YVU420 format stride to 64 byte
* arm_loader: Add message to release firmware framebuffer
* firmware: video_decode: Use the ISP instead of vc_image_convert
* firmware: hdmi-2711: Wait for HDMI hardware scheduler to activate in HDMI mode
* firmware: bcm_host: Recognise all Pi 4 variants, add BCM2711
See: raspberrypi/userland#695
* firmware: PoE+ HAT support
See: raspberrypi/linux#4367
* firmware: arm_loader: Use Pi4 bootloader MAC_ADDRESS if set
* firmware: platform: Apply ARM thermal throttling rules on BCM2711
* firmware: dt-blob.dts: Correct HDMI HPD and EMMC_ENABLE for CM4
See: https://www.raspberrypi.org/forums/viewtopic.php?f=29&p=1858516
* firmware: vcfw/hdmi: CUSTOM modes used for FKMS didn't set RGB quant range correctly
See: #1580
* firmware: platform: Remove build-time constant for MICROVOLTS_PER_PIP
* firmware: Pi400: Reduce MII clock freq when probing ethernet PHY
* firmware: isp: Ensure the VRF is locked when setting up video colour denoise
See: raspberrypi/libcamera-apps#19
* firmware: isp: Remove custom EV mappings from camera tunings
* firmware: Add support for board-type=0xXX conditional filters in bootloader, bootcode and firmware
* firmware: Two UART1 patches
See: #1566
* firmware: arm_loader: kernel_old=1 should force kernel_address=0
See: #1561
* firmware: scalerlib: Fix offset applied to x coordinate of YUV10COL image
See: https://forum.kodi.tv/showthread.php?tid=361164&pid=3024654#pid3024654
* firmware: vcfw/power: Add a new latch for power_pad_control
See: #1552
* firmware: board-info: Fix memsize on 3B+
* firmware: Move core to PLLA and support accurate clk108
See: xbmc/xbmc#19263
* firmware: board_info: Separate memory size from OTP field encoding
* firmware: power: Swap DA9090 ADC assignments to match XR77004
* firmware: vl805: Remove redundant log statement and fix warning
* firmware: power: Fix DA9090 ADC1 register definition
* firmware: arm_loader: Only report clocks arm has set, not siblings
* firmware: arm_loader: Don't report clocks set as turbo side effect of arm clock
* firmware: arm_loader: 2711: gpu clocks are not dependant
* firmware: platform: Need to clear cached versions of get_max_clock_internal vars
* firmware: video_decode: For VC1/WMV with no signalled header bytes, use start of 1st buffer
See: raspberrypi/linux#4113
++++ raspberrypi-firmware-config-camera:
- Update to b80f36b3fb (2021-09-13):
* firmware: hdmi_2711: Use HDMI block REPEAT_PIXEL instead of PV
See: https://forum.libreelec.tv/thread/24415-le-10-beta-for-i4-force-hdmi-resolution
* firmware: DSI display autodetection for kms
* firmware: arm_dt: Load overlays for detected cameras
* firmware: Make more use of the user-warnings DT property
* firmware: arm_loader: Consider required flags from GET_CLOCK_RATE
See: #1598
* firmware: arm_loader: Make most arm clock requests required
See: #1598
* firmware: firmware: Disable VLL loading from file system
See: #1605
* firmware: video_decode: Use the ISP instead of vc_image_convert
* firmware: video_decode: Correct support for YVU formats using ISP
* firmware: arm_dt: Limit CMA to 256MB if total_mem < 2GB or gpu_mem > 256MB
See: #1603
* firmware: hdmi_cec: Remove TX/RX SW_INIT on power_on
See: Hexxeh/rpi-firmware#267
See: https://www.raspberrypi.org/forums/viewtopic.php?p=1895082#p1895082
* firmware: cec: Avoid sending messages with kms
See: raspberrypi/linux#4460
* firmware: Revert: video_decode: Use the ISP instead of vc_image_convert
* firmware: isp: Set the YUV420/YVU420 format stride to 64 byte
* arm_loader: Add message to release firmware framebuffer
* firmware: video_decode: Use the ISP instead of vc_image_convert
* firmware: hdmi-2711: Wait for HDMI hardware scheduler to activate in HDMI mode
* firmware: bcm_host: Recognise all Pi 4 variants, add BCM2711
See: raspberrypi/userland#695
* firmware: PoE+ HAT support
See: raspberrypi/linux#4367
* firmware: arm_loader: Use Pi4 bootloader MAC_ADDRESS if set
* firmware: platform: Apply ARM thermal throttling rules on BCM2711
* firmware: dt-blob.dts: Correct HDMI HPD and EMMC_ENABLE for CM4
See: https://www.raspberrypi.org/forums/viewtopic.php?f=29&p=1858516
* firmware: vcfw/hdmi: CUSTOM modes used for FKMS didn't set RGB quant range correctly
See: #1580
* firmware: platform: Remove build-time constant for MICROVOLTS_PER_PIP
* firmware: Pi400: Reduce MII clock freq when probing ethernet PHY
* firmware: isp: Ensure the VRF is locked when setting up video colour denoise
See: raspberrypi/libcamera-apps#19
* firmware: isp: Remove custom EV mappings from camera tunings
* firmware: Add support for board-type=0xXX conditional filters in bootloader, bootcode and firmware
* firmware: Two UART1 patches
See: #1566
* firmware: arm_loader: kernel_old=1 should force kernel_address=0
See: #1561
* firmware: scalerlib: Fix offset applied to x coordinate of YUV10COL image
See: https://forum.kodi.tv/showthread.php?tid=361164&pid=3024654#pid3024654
* firmware: vcfw/power: Add a new latch for power_pad_control
See: #1552
* firmware: board-info: Fix memsize on 3B+
* firmware: Move core to PLLA and support accurate clk108
See: xbmc/xbmc#19263
* firmware: board_info: Separate memory size from OTP field encoding
* firmware: power: Swap DA9090 ADC assignments to match XR77004
* firmware: vl805: Remove redundant log statement and fix warning
* firmware: power: Fix DA9090 ADC1 register definition
* firmware: arm_loader: Only report clocks arm has set, not siblings
* firmware: arm_loader: Don't report clocks set as turbo side effect of arm clock
* firmware: arm_loader: 2711: gpu clocks are not dependant
* firmware: platform: Need to clear cached versions of get_max_clock_internal vars
* firmware: video_decode: For VC1/WMV with no signalled header bytes, use start of 1st buffer
See: raspberrypi/linux#4113
++++ suse-module-tools:
- Update to version 16.0.10+7:
* rpm-script: link config also into /boot (boo#1189879)
* weak-modules2: accept modules under /usr/lib/modules on stdin
(for support of usr-merged KMPs)
* fix scriptlet path (bsc#1189441)
- Update to version 16.0.10:
* Import kernel scriptlets from kernel-source (bsc#1189441)
* README.md: document environment variables for weak-modules2
------------------------------------------------------------------
------------------ 2021-9-13 - Sep 13 2021 -------------------
------------------------------------------------------------------
++++ libalternatives:
- Update to version v1.2:
* Add config option=KeepArgv0 to keep original argument during
exec() call
++++ kernel-default:
- Delete patches.suse/apparmor-compatibility-with-v2.x-net.patch (bsc#118997)
Apparmor upgraded to v3.x
- commit a1d1731
- Bluetooth: Move shutdown callback before flushing tx and rx
queue (bsc#1190424).
- commit 40ccc64
- Update to 5.15-rc1
- eliminated 36 patches (27 stable, 9 mainline)
- patches.kernel.org/*
- patches.suse/Bluetooth-avoid-circular-locks-in-sco_sock_connect.patch
- patches.suse/Bluetooth-btusb-Add-support-for-Foxconn-Mediatek-Chi.patch
- patches.suse/Bluetooth-btusb-Add-support-for-IMC-Networks-Mediate.patch
- patches.suse/Bluetooth-schedule-SCO-timeouts-with-delayed_work.patch
- patches.suse/Bluetooth-switch-to-lock_sock-in-SCO.patch
- patches.suse/HID-usbhid-Simplify-code-in-hid_submit_ctrl.patch
- patches.suse/crypto-ecc-handle-unaligned-input-buffer-in-ecc_swap.patch
- patches.suse/memcg-enable-accounting-of-ipc-resources.patch
- patches.suse/watchdog-Fix-NULL-pointer-dereference-when-releasing.patch
- refresh
- patches.suse/add-suse-supported-flag.patch
- patches.suse/btrfs-use-the-new-VFS-super_block_dev.patch
- patches.suse/suse-hv-guest-os-id.patch
- disable ARM architectures (need config update)
- new config options
- General setup
- CONFIG_WERROR=n
- CONFIG_PRINTK_INDEX=y
- Processor type and features
- CONFIG_PERF_EVENTS_AMD_UNCORE=m
- Firmware Drivers
- CONFIG_SYSFB_SIMPLEFB=y
- Memory Management options
- CONFIG_DAMON=n
- Networking support
- CONFIG_IPV6_IOAM6_LWTUNNEL=n
- CONFIG_MCTP=m
- File systems
- CONFIG_F2FS_IOSTAT=y
- CONFIG_NTFS3_FS=m
- CONFIG_NTFS3_64BIT_CLUSTER=n
- CONFIG_NTFS3_LZX_XPRESS=y
- CONFIG_NTFS3_FS_POSIX_ACL=y
- CONFIG_SMB_SERVER=m
- CONFIG_SMB_SERVER_SMBDIRECT=n
- CONFIG_SMB_SERVER_CHECK_CAP_NET_ADMIN=y
- CONFIG_SMB_SERVER_KERBEROS5=y
- Security options
- CONFIG_ZERO_CALL_USED_REGS=y
- Cryptographic API
- CONFIG_CRYPTO_SM4_AESNI_AVX_X86_64=m
- CONFIG_CRYPTO_SM4_AESNI_AVX2_X86_64=m
- CONFIG_MODULE_SIG_KEY_TYPE_RSA=y
- CONFIG_MODULE_SIG_KEY_TYPE_ECDSA=n
- Kernel hacking
- CONFIG_FAIL_SUNRPC=n
- SCSI device support
- CONFIG_SCSI_UFS_HPB=y
- CONFIG_SCSI_UFS_FAULT_INJECTION=n
- Network device support
- CONFIG_NET_VENDOR_LITEX=y
- CONFIG_MAXLINEAR_GPHY=m
- CONFIG_MHI_WWAN_MBIM=m
- Power management
- CONFIG_CHARGER_CROS_PCHG=m
- CONFIG_SENSORS_AQUACOMPUTER_D5NEXT=m
- CONFIG_SENSORS_SBRMI=m
- CONFIG_REGULATOR_RTQ2134=m
- CONFIG_REGULATOR_RTQ6752=m
- Graphics support
- CONFIG_DRM_VMWGFX_MKSSTATS=n
- CONFIG_DRM_PANEL_WIDECHIPS_WS2401=n
- Sound card support
- CONFIG_SND_HDA_CODEC_CS8409=m
- CONFIG_SND_SOC_AMD_ACP5x=m
- CONFIG_SND_SOC_ICS43432=n
- CONFIG_SND_SOC_SDW_MOCKUP=m
- DMA Engine support
- CONFIG_INTEL_IDXD_COMPAT=y
- CONFIG_AMD_PTDMA=m
- X86 Platform Specific Device Drivers
- CONFIG_MERAKI_MX100=m
- CONFIG_INTEL_SAR_INT1092=m
- IOMMU Hardware Support
- CONFIG_IOMMU_DEFAULT_DMA_STRICT=n
- CONFIG_IOMMU_DEFAULT_DMA_LAZY=n
- Industrial I/O support
- CONFIG_SENSIRION_SGP40=n
- CONFIG_AD5110=n
- Misc devices
- CONFIG_I2C_VIRTIO=m
- CONFIG_GPIO_VIRTIO=m
- CONFIG_DMABUF_SYSFS_STATS=n
- CONFIG_VDPA_USER=m
- CONFIG_NVMEM_NINTENDO_OTP=m
- OF dependent (i386, ppc64/ppc64le, riscv64)
- HI6421V600_IRQ=m
- LITEX_LITEETH=m
- MFD_RSMU_I2C=n
- MFD_RSMU_SPI=n
- VIDEO_IMX335=m
- VIDEO_IMX412=m
- VIDEO_OV9282=m
- DRM_PANEL_INNOLUX_EJ030NA=n
- DRM_PANEL_SAMSUNG_ATNA33XC20=n
- DRM_PANEL_SAMSUNG_DB7430=n
- COMMON_CLK_XLNX_CLKWZRD=m
- DMA_RESTRICTED_POOL=n
- i386
- CS89x0_ISA=n
- ppc64
- DEBUG_WX=n
- PTDUMP_DEBUGFS=n
- s390x
- KCSAN=n
- KFENCE=y (=n in zfcpdump)
- KFENCE_STATIC_KEYS=y
- KFENCE_SAMPLE_INTERVAL=0
- KFENCE_NUM_OBJECTS=255
- KFENCE_STRESS_TEST_FAULTS=0
- riscv64
- POWER_RESET_TPS65086=y
- DRM_PANEL_ILITEK_ILI9341=n
- commit 8787773
- fixup "rpm: support gz and zst compression methods" once more
(bsc#1190428, bsc#1190358)
Fixes: 3b8c4d9bcc24 ("rpm: support gz and zst compression methods")
Fixes: 23510fce36ec ("fixup "rpm: support gz and zst compression methods"")
- commit 165378a
- Linux 5.14.3 (bsc#1012628).
- cxl/acpi: Do not add DSDT disabled ACPI0016 host bridge ports
(bsc#1012628).
- cxl/pci: Fix lockdown level (bsc#1012628).
- cxl/pci: Fix debug message in cxl_probe_regs() (bsc#1012628).
- PCI: Call Max Payload Size-related fixup quirks early
(bsc#1012628).
- x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
(bsc#1012628).
- staging: mt7621-pci: fix hang when nothing is connected to
pcie ports (bsc#1012628).
- xhci: Fix failure to give back some cached cancelled URBs
(bsc#1012628).
- xhci: fix unsafe memory usage in xhci tracing (bsc#1012628).
- xhci: fix even more unsafe memory usage in xhci tracing
(bsc#1012628).
- usb: mtu3: fix the wrong HS mult value (bsc#1012628).
- usb: mtu3: use @mult for HS isoc or intr (bsc#1012628).
- usb: mtu3: restore HS function when set SS/SSP (bsc#1012628).
- usb: gadget: tegra-xudc: fix the wrong mult value for HS isoc
or intr (bsc#1012628).
- usb: cdnsp: fix the wrong mult value for HS isoc or intr
(bsc#1012628).
- usb: xhci-mtk: fix issue of out-of-bounds array access
(bsc#1012628).
- usb: host: xhci-rcar: Don't reload firmware after the completion
(bsc#1012628).
- Bluetooth: btusb: Make the CSR clone chip force-suspend
workaround more generic (bsc#1012628).
- Bluetooth: Add additional Bluetooth part for Realtek 8852AE
(bsc#1012628).
- ALSA: usb-audio: Add registration quirk for JBL Quantum 800
(bsc#1012628).
- Revert "r8169: avoid link-up interrupt issue on RTL8106e if
user enables ASPM" (bsc#1012628).
- igmp: Add ip_mc_list lock in ip_check_mc_rcu (bsc#1012628).
- can: c_can: fix null-ptr-deref on ioctl() (bsc#1012628).
- firmware: dmi: Move product_sku info to the end of the modalias
(bsc#1012628).
- commit 87c3051
++++ ncurses:
- Add ncurses patch 20210911
+ adjust ifdef in test_opaque.c to fix build with ncurses 5.7
+ add testing note for xterm-{hp|sco|sun} -TD
+ corrected description for ansi.sys-old -TD
+ add xterm+nopcfkeys, to fill in keys for xterm-hp, xterm-sun -TD
+ use hp+arrows in a few places -TD
+ use hp+pfk-cr in a few places -TD
- Correct offsets of patch ncurses-6.2.dif
++++ libseccomp:
- Skip 11-basic-basic_errors test on qemu linux-user emulation
------------------------------------------------------------------
------------------ 2021-9-12 - Sep 12 2021 -------------------
------------------------------------------------------------------
++++ btrfsprogs:
- Update to 5.14
* convert:
* new option --uuid to copy, generate or set a given uuid
* improve output
* mkfs:
* allow to create degenerate raid0 (on 1 device) and raid10 (on 2 devices)
* image:
* improved error messages
* fix some alignment of restored image
* subvol delete: allow to delete by id when path is not resolvable
* check:
* require alignment of nodesize for 64k page systems
* detect and fix invalid block groups
* libbtrfs (deprecated):
* remove most exported symbols, leave only a few that are used by snapper
* no version change (still 0.1)
* remove btrfs-list.h, btrfsck.h
* fixes:
* reset generation of space v1 if v2 is used
* fi us: don't wrongly report missing device size when partition is not readable
* other:
* build: experimental features
* build: better detection of 64bit timestamp support for ext4
* corrupt-block: block group items
* new and updated tests
* refactoring
* experimental features:
* new image dump format, with data
++++ kernel-default:
- fixup "rpm: support gz and zst compression methods" once more
Fixes: 3b8c4d9bcc24 ("rpm: support gz and zst compression methods")
Fixes: 23510fce36ec ("fixup "rpm: support gz and zst compression methods"")
- commit 34e68f4
- Avoid double printing SUSE specific flags in mod->taint (bsc#1190413).
- commit 3b944fc
++++ harfbuzz:
- harfbuzz 2.9.1:
+ Subsetter API close to stable
+ Various fuzzer-found bug fixes
+ hb_buffer_append() now handles the pre- and post-context which
previously were left unchanged in the destination buffer
+ hb-view / hb-shape now accept following new arguments:
- -unicodes: takes a list of hex numbers that represent Unicode
codepoints.
+ Undeprecated API: hb_set_invert()
- includes changes from 2.9.0:
+ Support multiple variation axes with same tag, aka HOI
+ The coretext testing shaper now passes font variations to
CoreText
+ hb-shape/hb-view does not break line at new lines unless text
is read from file
+ hb-view and hb-subset has a --batch now, similar to hb-shape
+ The --batch mode now uses ; as argument separator instead of :
used previously
+ The --batch in hb-shape does not expect 0th argument anymore.
That is, the lines read are interpreted as argv[1:], instead
of argv[0:].
+ The --batch option has been undocumented. We are ready to
document it; send feedback if you find it useful
+ hb-subset got arguments revamps. Added much-requested
- -gids-file, --glyphs, --glyphs-file, --unicodes-file,
supporting ranges in --unicodes.
+ Various bug fixes
++++ pango:
- Update to version 1.48.10:
+ Fix a crash in strikethrough drawing.
+ pango-view:
- Support antialiasing freetype.
- Use GraphicsMagick.
------------------------------------------------------------------
------------------ 2021-9-11 - Sep 11 2021 -------------------
------------------------------------------------------------------
++++ transactional-update:
- Version 3.5.4
- tukit: Fix resolved support [boo#1190383]
++++ kernel-default:
- fixup "rpm: support gz and zst compression methods"
Fixes: 3b8c4d9bcc24 ("rpm: support gz and zst compression methods")
- commit 23510fc
------------------------------------------------------------------
------------------ 2021-9-10 - Sep 10 2021 -------------------
------------------------------------------------------------------
++++ branding-openSUSE:
- Drop systemd icons, since distribution-logos took that over
- Change the name of the font used in the installer
++++ kernel-default:
- kernel-cert-subpackage: Fix certificate location in scriptlets
(bsc#1189841).
Fixes: d9a1357edd73 ("rpm: Define $certs as rpm macro (bsc#1189841).")
- commit 8684de8
- kernel-binary.spec.in Stop templating the scriptlets for subpackages
(bsc#1190358).
The script part for base package case is completely separate from the
part for subpackages. Remove the part for subpackages from the base
package script and use the KMP scripts for subpackages instead.
- commit 5d1f677
- kernel-binary.spec: Do not fail silently when KMP is empty
(bsc#1190358).
Copy the code from kernel-module-subpackage that deals with empty KMPs.
- commit d7d2e6e
- Document suse-hv-guest-os-id.patch (bsc#814005, bsc#1189965).
- commit 6205661
++++ multipath-tools:
- Update to version 0.8.7+14+suse.5a09bfa1:
* Fix possible string overflows (bsc#1188148)
- Upstream fixes / changes
* better string handling
* multipath: print warning if multipathd isn't running
* mpathpersist: better error msg when no usable paths exist
* fixes from 0.8.6+32+suse.f11c192 merged upstream
++++ systemd:
- Drop git internal files from the testsuite sub-package
- Adjust pam macros
++++ libxkbcommon:
- Update to release 1.3.1
* In `xkbcli interactive-x11`, use the Esc keysym instead of
the Esc keycode for quitting.
* In `xkbcli how-to-type`, add `--keysym` argugment for how to
type a keysym instead of a Unicode codepoint.
* Fix a crash in `xkb_x11_keymap_new_from_device` error
handling given some invalid keymaps. Had regressed in 1.2.0.
++++ pam:
- pam-login_defs-check.sh: adjust for new login.defs variable usages
++++ python-Jinja2:
- Add no-warnings-as-errors.patch:
* Do not treat warnings as errors until upstream fix using async loops.
------------------------------------------------------------------
------------------ 2021-9-9 - Sep 9 2021 -------------------
------------------------------------------------------------------
++++ gzip:
- Update to 1.11:
* Performance improvements
* Added hardware acceleration for IBM Z
- Refresh patches:
* manpage-no-date.patch
* xz_lzma.patch
- Remove upstreamed patches:
* gzip-1.10-fix-DFLTCC-segfault.patch
* gzip-1.10-fix_count_of_lines_to_skip.patch
* gzip-1.10-ibm_dfltcc_support.patch
++++ kernel-default:
- Delete 0001-apparmor-fix-unnecessary-creation-of-net-compat.patch
(bsc#1189978)
Compat patch no longer required since userspace is upgraded to v3.x
- commit c28bbe5
++++ util-linux:
- Remove the raw utility altogether, as it is not even built any
more with glibc >=2.34.
++++ nfs-utils:
- Add 0001-gssd-fix-crash-in-debug-message.patch
Fix crash when rpc-gssd run with -v.
(boo#1190144)
++++ microos-tools:
- Update to version 2.12
- Remove special MicroOS firstboot script
- Remove locale-check, replaced by another aaa_base implementation
++++ util-linux-systemd:
- Remove the raw utility altogether, as it is not even built any
more with glibc >=2.34.
------------------------------------------------------------------
------------------ 2021-9-8 - Sep 8 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- supported-flag: consolidate separate patches into one
The history of the five supported flag patches can be found in the commit
log. This commit unifies them and reverts the removal of get_next_line
from mainline to allow supported() to repeatedly scan the file in memory
without modifying it. I looked into using tsearch() to handle the
lookups and it turns out that it's no faster than just scanning the file
repeatedly in memory.
- commit d3dcd16
- Delete patches.suse/setuid-dumpable-wrongdir (bsc#1189957).
- commit 762368d
- Bluetooth: schedule SCO timeouts with delayed_work
(CVE-2021-3640 bsc#1188172).
- Refresh patches.suse/Bluetooth-switch-to-lock_sock-in-SCO.patch.
- commit 2605fb9
- rpm/kernel-source.spec.in: do some more for vanilla_only
Make sure:
* sources are NOT executable
* env is not used as interpreter
* timestamps are correct
We do all this for normal kernel builds, but not for vanilla_only
kernels (linux-next and vanilla).
- commit b41e4fd
- Linux 5.14.2 (bsc#1012628).
- ext4: fix race writing to an inline_data file while its xattrs
are changing (bsc#1012628).
- ext4: fix e2fsprogs checksum failure for mounted filesystem
(bsc#1012628).
- xtensa: fix kconfig unmet dependency warning for
HAVE_FUTEX_CMPXCHG (bsc#1012628).
- USB: serial: pl2303: fix GL type detection (bsc#1012628).
- USB: serial: cp210x: fix control-characters error handling
(bsc#1012628).
- USB: serial: cp210x: fix flow-control error handling
(bsc#1012628).
- ALSA: hda/realtek: Quirk for HP Spectre x360 14 amp setup
(bsc#1012628).
- ALSA: usb-audio: Fix regression on Sony WALKMAN NW-A45 DAC
(bsc#1012628).
- ALSA: hda/realtek: Workaround for conflicting SSID on ASUS
ROG Strix G17 (bsc#1012628).
- ALSA: pcm: fix divide error in snd_pcm_lib_ioctl (bsc#1012628).
- ALSA: usb-audio: Work around for XRUN with low latency playback
(bsc#1012628).
- media: stkwebcam: fix memory leak in stk_camera_probe
(bsc#1012628).
- commit b155faa
++++ open-iscsi:
- Updated to latest upstream 2.1.5 as 2.1.5-suse, which contains
these changes not already present:
* Handle IPv6 interfaces correctly. (bsc#1187958)
* Handle qedi correctly in NPAR mode (bsc#1187958)
* Update iscsiadm man page (bsc#1187958)
* Update iface.example for ipv6
* Change iscsi IP type from defines to enum.
* Handle recv() returning 0 in iscsid_response()
++++ systemd:
- Don't reexecute user manager instances on package update yet
This can't be done until users have their user instance updated to
the new version that supports reexecuting with SIGRTMIN+25 because
this signal terminates the user managers for the previous versions.
- Import commit ec72db9ee0f8ce061f83624d7148ff38a5993b11
3b1aa2f79f manager: reexecute on SIGRTMIN+25, user instances only
fd46c81922 test: make sure to include all haveged unit files
- systemd.spec: reexec user manager instances on package updates
++++ qemu:
- Fix qemu build on ARMv7 (bsc#1190211)
* Patches added:
tcg-arm-Fix-tcg_out_vec_op-function-sign.patch
- Update supported file for ARM machines.
++++ system-users:
- Set shell for nobody in sysusers.d config
++++ sysuser-tools:
- Add support for new shell field [bsc#1189518]
++++ vim:
- Updated to version 8.2.3408, fixes the following problems
* User function completion fails with dict function.
* Vim9: crash with nested :while.
* Buffer overflow when completing long tag name.
* When :edit reuses the current buffer the alternate file is set to the
same buffer.
* Vim9: crash when :for is skipped.
* Vim9: cannot use option for all operations.
* Vim9: debugging elseif does not stop before condition.
* Vim9: :@r executing a register is inconsistent.
* Not all Racket files are recognized.
* Auto formatting after "cw" leaves cursor in wrong spot.
* Vim9: no check for white space before type in declaration. (Naohiro Ono)
* Vim9: :$ENV cannot be followed by ->func() in next line.
* line2byte() value wrong when adding a text property. (Yuto Kimura)
* text property test fails on MS-Windows.
* Pyret files are not recognized.
* Using uninitialized memory.
* Vim9: no warning that "@r" does not do anything.
* Vim9: :disass completion does not understand "s:".
* Crash when using NULL job.
* Crash when using NULL string for funcref().
* Crash when using NULL list with sign functions.
* Crash when getting the type of a NULL partial.
* Vim9: completion for :disassemble adds parenthesis.
* Cannot disable modeline for an individual file.
* Escaping for fish shell does not work properly.
* Using uninitialized memory.
* Compiler warning for non-static function.
* fnamemodify('path/..', ':p') differs from using 'path/../'.
* Cannot stop insert mode completion without side effects.
* Included xdiff code is outdated.
* Crash with combination of 'linebreak' and other options.
* augroup completion escapes regexp pattern characters.
* Escaping for fish shell is skipping some characters.
* Filler lines are wrong when changing text in diff mode.
* Vim9: expression breakpoint not checked in :def function.
* When libcall() fails invalid pointer may be used.
* No test for what 8.2.3391 fixes.
* Html text objects are not fully tested.
* Octave files are not recognized.
* ":z!" is not supported.
* Vim9: cannot use a negative count with finddir() and findfile().
* Invalid memory access when using :retab with large value.
* Memory leak for :retab with invalid argument.
* Vim9: no error for white space before "(".
* Cannot have a comment line in a {} block of a user command.
* On some systems tests fail without _REENTRANT. (Elimar Riesebieter)
* Using uninitialized memory with "let g:['bar'] = 2".
* Can delete a numbered function. (Naohiro Ono)
++++ virt-manager:
- bsc#1190215 - [virt-install] No Support for SUSE Product SLE-HPC
virtinst-add-sle-hpc-support.patch
------------------------------------------------------------------
------------------ 2021-9-7 - Sep 7 2021 -------------------
------------------------------------------------------------------
++++ glib2:
- desktop-file-utils: add Pantheon desktop environment
- Update to version 2.69.3:
+ g_settings_schema_key_range_check() misbehaves for int versus
bool.
+ Compiling anything with GCC <4.6 spews deprecation warnings.
+ `g_invoke_closure` bindings API break..
+ GPowerProfileMonitorPortal does not notice initial
power-saver-enabled status.
+ doc: Explicitly said, that no null term. is needed.
+ ci: Use C.UTF-8 locale on FreeBSD 12.
+ gio: Fix conditions in memory-monitor test.
+ Updated translations.
++++ grub2:
- Follow usr merge for looking up kernel config (bsc#1189782) (bsc#1190061)
* 0001-templates-Follow-the-path-of-usr-merged-kernel-confi.patch
++++ kernel-default:
- series.conf: cleanup
- update upstream reference and move to appropriate section:
- patches.suse/crypto-ecc-handle-unaligned-input-buffer-in-ecc_swap.patch
- commit 1eedbb8
- crypto: ecc - handle unaligned input buffer in ecc_swap_digits
(bsc#1188327).
- commit f7925a4
- Refresh patches.suse/scsi-retry-alua-transition-in-progress.
- Delete patches.suse/megaraid-mbox-fix-SG_IO.
- commit d1e442c
++++ openssl-3:
- Update to 3.0.0
* The full list of changes since version 1.1.1 can be found in:
https://github.com/openssl/openssl/blob/master/CHANGES.md#openssl-30
* OpenSSL 3.0 wiki: https://wiki.openssl.org/index.php/OpenSSL_3.0
* The Migration guide:
https://github.com/openssl/openssl/blob/master/doc/man7/migration_guide.pod
++++ shadow:
- Fix shadow-login_defs-check.sh:
In the last update we switched from calling make to %make_build
macro. Using sed to adapt the spec file now.
++++ pam-config:
- Update to version 1.4
- Fix support for mulitple locations for configuration files
- Drop pam-config-fix-pam_keyinit-options.patch
- Drop pam-config-remove-bad-access-call.patch
------------------------------------------------------------------
------------------ 2021-9-6 - Sep 6 2021 -------------------
------------------------------------------------------------------
++++ transactional-update:
- Version 3.5.3
- t-u: Purge kernels as part of package operations
Required for live patching support [bsc#1189728]
++++ kernel-default:
- memcg: enable accounting of ipc resources (bsc#1190115
CVE-2021-3759).
- commit 9193235
- rpm: Fold kernel-devel and kernel-source scriptlets into spec files
(bsc#1189841).
These are unchanged since 2011 when they were introduced. No need to
track them separately.
- commit 692d38b
- rpm: Abolish image suffix (bsc#1189841).
This is used only with vanilla kernel which is not supported in any way.
The only effect is has is that the image and initrd symlinks are created
with this suffix.
These symlinks are not used except on s390 where the unsuffixed symlinks
are used by zipl.
There is no reason why a vanilla kernel could not be used with zipl as
well as it's quite unexpected to not be able to boot when only a vanilla
kernel is installed.
Finally we now have a backup zipl kernel so if the vanilla kernel is
indeed unsuitable the backup kernel can be used.
- commit e2f37db
- kernel-binary.spec: Define $image as rpm macro (bsc#1189841).
- commit e602b0f
- rpm: Define $certs as rpm macro (bsc#1189841).
Also pass around only the shortened hash rather than full filename.
As has been discussed in bsc#1124431 comment 51
https://bugzilla.suse.com/show_bug.cgi?id=1124431#c51 the placement of
the certificates is an API which cannot be changed unless we can ensure
that no two kernels that use different certificate location can be built
with the same certificate.
- commit d9a1357
++++ kmod:
- Use docbook 4 rather than docbook 5 for building man pages (bsc#1190190).
* Refres no-stylesheet-download.patch
++++ libcontainers-common:
- Comment out ostree_repo [boo#1189893]
++++ fuse3:
- Update to release 3.10.5
* Various improvements to make unit tests more robust.
++++ ncurses:
- Add ncurses patch 20210905
+ correct logic in filtering of redefinitions (report by Sven Joachim,
cf: 20210828).
- Add ncurses patch 20210904
+ modify linux3.0 entry to reflect default mapping of shift-tab by
kbd 1.14 (report by Jan Engelhardt) -TD
+ add historical note to tput, curses-terminfo and curses-color
manpages based on source-code for SVr2, SVr3 and SVr4.
+ minor grammatical fixes for "it's" vs "its" (report by Nick Black).
+ amend fix for --disable-root-environ (report by Arnav Singh).
+ build-fix for compiling link_test
+ drop symbols GCC_PRINTF and GCC_SCANF from curses.h.in, to simplify
use (Debian #993179).
- Add ncurses patch 20210828
+ correct reversed check for --disable-root-environ (report/analysis
by Arnav Singh, cf: 20210626).
+ apply gcc format attribute to prototypes which use a va_list
parameter rather than a "..." variable-length parameter list
(prompted by discussion in a tmux pull-request).
+ modify configure scripts to filter out redefinitions of _XOPEN_SOURCE,
e.g., for NetBSD which generally supports 500, but 600 is needed for
ncursesw.
+ improve documentation for tparm and static/dynamic variables.
+ improve typography in terminfo.5 (patch by Branden Robinson).
- Add ncurses patch 20210821
+ improve tparm implementation of %P and %g, more closely matching
SVr4 terminfo.
+ move internals of TERMINAL structure to new header term.priv.h
+ add "check" rule for ncurses/Makefile
+ corrected tsl capability for terminator -TD
+ add check in tic to report instances where tparm would detect an
error in an expression (cf: 20201010).
+ correct a few places where SP->_pair_limit was used rather than
SP->_pair_alloc (cf: 20170812).
+ fix missing "%d" for setaf/setab code 8-15 in xterm+direct16 (report
by Florian Weimer) -TD
+ fix some documentation errata from OpenBSD changes.
+ update config.sub
- Correct offsets and dates of patch ncurses-6.2.dif
++++ pam:
- Update to 1.5.2
Noteworthy changes in Linux-PAM 1.5.2:
* pam_exec: implemented quiet_log option.
* pam_mkhomedir: added support of HOME_MODE and UMASK from
/etc/login.defs.
* pam_timestamp: changed hmac algorithm to call openssl instead
of the bundled sha1 implementation if selected, added option
to select the hash algorithm to use with HMAC.
* Added pkgconfig files for provided libraries.
* Added --with-systemdunitdir configure option to specify systemd
unit directory.
* Added --with-misc-conv-bufsize configure option to specify the
buffer size in libpam_misc's misc_conv() function, raised the
default value for this parameter from 512 to 4096.
* Multiple minor bug fixes, portability fixes, documentation
improvements, and translation updates.
pam_tally2 has been removed upstream, remove pam_tally2-removal.patch
pam_cracklib has been removed from the upstream sources. This
obsoletes pam-pam_cracklib-add-usersubstr.patch and
pam_cracklib-removal.patch.
The following patches have been accepted upstream and, so,
are obsolete:
- pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch
- pam_securetty-don-t-complain-about-missing-config.patch
- bsc1184358-prevent-LOCAL-from-being-resolved.patch
- revert-check_shadow_expiry.diff
[Linux-PAM-1.5.2-docs.tar.xz, Linux-PAM-1.5.2-docs.tar.xz.asc,
Linux-PAM-1.5.2.tar.xz, Linux-PAM-1.5.2.tar.xz.asc,
pam-pam_cracklib-add-usersubstr.patch, pam_cracklib-removal.patch,
pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch,
pam_securetty-don-t-complain-about-missing-config.patch,
bsc1184358-prevent-LOCAL-from-being-resolved.patch,
revert-check_shadow_expiry.diff]
------------------------------------------------------------------
------------------ 2021-9-4 - Sep 4 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- watchdog: Fix NULL pointer dereference when releasing cdev
(bsc#1190093).
- Update config files.
We can enable the option after this fix again.
- commit 65109d0
- Linux 5.14.1 (bsc#1012628).
- Bluetooth: btusb: check conditions before enabling USB ALT 3
for WBS (bsc#1012628).
- net: dsa: mt7530: fix VLAN traffic leaks again (bsc#1012628).
- btrfs: fix NULL pointer dereference when deleting device by
invalid id (bsc#1012628).
- Revert "floppy: reintroduce O_NDELAY fix" (bsc#1012628).
- fscrypt: add fscrypt_symlink_getattr() for computing st_size
(bsc#1012628).
- ext4: report correct st_size for encrypted symlinks
(bsc#1012628).
- f2fs: report correct st_size for encrypted symlinks
(bsc#1012628).
- ubifs: report correct st_size for encrypted symlinks
(bsc#1012628).
- net: don't unconditionally copy_from_user a struct ifreq for
socket ioctls (bsc#1012628).
- audit: move put_tree() to avoid trim_trees refcount underflow
and UAF (bsc#1012628).
- commit 1059c60
------------------------------------------------------------------
------------------ 2021-9-3 - Sep 3 2021 -------------------
------------------------------------------------------------------
++++ glib-networking:
- Update to version 2.70.rc:
+ gnutls:
- revert AuthorityInformationAccess implementation for now.
- fix use of non-default GTlsDatabases, Geary crash on startup.
- fix leak in g_tls_certificate_gnutls_copy.
- Unbreak GTLS_GNUTLS_CHECK_VERSION.
+ openssl: remove openssl-util.
++++ kernel-default:
- update patches metadata
- update upstream references:
- patches.suse/Bluetooth-avoid-circular-locks-in-sco_sock_connect.patch
- patches.suse/Bluetooth-btusb-Add-support-for-Foxconn-Mediatek-Chi.patch
- patches.suse/Bluetooth-btusb-Add-support-for-IMC-Networks-Mediate.patch
- patches.suse/Bluetooth-switch-to-lock_sock-in-SCO.patch
- commit c2e3f15
- HID: usbhid: Simplify code in hid_submit_ctrl()
(<cover.1630658591.git.mkubecek@suse.cz>).
- HID: usbhid: Fix warning caused by 0-length input reports
(<cover.1630658591.git.mkubecek@suse.cz>).
- HID: usbhid: Fix flood of "control queue full" messages
(<cover.1630658591.git.mkubecek@suse.cz>).
- commit 4552165
- Delete patches.suse/hid-fix-length-inconsistency.patch.
To be replaced by a cherry pick of corresponding upstream commits.
- commit ba7e2a2
++++ mozilla-nss:
- Update to NSS 3.69.1
* bmo#1722613 (Backout) - Disable DTLS 1.0 and 1.1 by default
* bmo#1720226 (Backout) - integrity checks in key4.db not happening
on private components with AES_CBC
NSS 3.69
* bmo#1722613 - Disable DTLS 1.0 and 1.1 by default (backed out again)
* bmo#1720226 - integrity checks in key4.db not happening on private
components with AES_CBC (backed out again)
* bmo#1720235 - SSL handling of signature algorithms ignores
environmental invalid algorithms.
* bmo#1721476 - sqlite 3.34 changed it's open semantics, causing
nss failures.
(removed obsolete nss-btrfs-sqlite.patch)
* bmo#1720230 - Gtest update changed the gtest reports, losing gtest
details in all.sh reports.
* bmo#1720228 - NSS incorrectly accepting 1536 bit DH primes in FIPS mode
* bmo#1720232 - SQLite calls could timeout in starvation situations.
* bmo#1720225 - Coverity/cpp scanner errors found in nss 3.67
* bmo#1709817 - Import the NSS documentation from MDN in nss/doc.
* bmo#1720227 - NSS using a tempdir to measure sql performance not active
- add nss-fips-stricter-dh.patch
- updated existing patches with latest SLE
++++ systemd:
- Make sure the versions of both udev and systemd packages are always the same (bsc#1189480)
++++ libzypp:
- CMake/spec: Add option to force SINGLE_RPMTRANS as default for
zypper (fixes #340)
- Make sure singleTrans is zypper-only for now.
- Do not double check signatures and keys (bsc#1190059)
- version 17.28.3 (22)
++++ osinfo-db:
- Update to database version 20210903
osinfo-db-20210903.tar.xz
++++ zypper:
- Avoid calling 'su' to detect a too restrictive sudo user umask
(bsc#1186602)
- Fix typo in German translation (fixes #395)
- BuildRequires: libzypp-devel >= 17.28.3.
- version 1.14.49
------------------------------------------------------------------
------------------ 2021-9-2 - Sep 2 2021 -------------------
------------------------------------------------------------------
++++ hwdata:
- Update to version 0.351 (bsc#1190091):
+ Updated pci, usb and vendor ids.
++++ kernel-default:
- Delete patches.suse/Revert-netfilter-conntrack-remove-helper-hook-again.patch (bsc#1189964)
The regression addressed by this revert was fixed properly by mainline
commit ee04805ff54a ("netfilter: conntrack: make conntrack userspace
helpers work again") in 5.7.
- commit 775ed38
- series.conf: cleanup
Move queued patches to "almost mainline" section.
No effect on expanded tree.
- commit e91bb9d
- vt_kdsetmode: extend console locking (bsc#1190025
CVE-2021-3753).
- commit 18d6ea3
- Update config files. Disable CONFIG_WATCHDOG_HRTIMER_PRETIMEOUT
(bsc#1190093)
- commit 55bd270
++++ kernel-firmware:
- Update to version 20210901 (git commit 6f5aada830d6):
* linux-firmware: update frimware for mediatek bluetooth chip (MT7921)
* rtl_bt: Update RTL8852A BT USB firmware to 0xD9A9_1D69
* rtl_bt: Update RTL8822C BT UART firmware to 0x05A9_1A4A
* rtl_bt: Update RTL8822C BT USB firmware to 0x09A9_1A4A
* Mellanox: Add new mlxsw_spectrum firmware xx.2008.3326
* iwlwifi: add FW for new So/Gf device type
* rtl_bt: Update RTL8852A BT USB firmware to 0xD9A9_127B
* rtl_nic: update firmware of RTL8153C
* ice: update package file to 1.3.26.0
- Update aliases
++++ mpdecimal:
- Switch on _multibuild with the separate test step (to minimize
dependencies).
- Add a basic baselibs.conf.
++++ ceph:
- Update to 16.2.5-504-g6a3a59bd19e:
+ rebased on top of upstream commit SHA1 0d1e1f2973cae7645126fc88a72743367c790d9d
+ (bsc#1189605) cmake: exclude "grafonnet-lib" target from "all"
++++ systemd:
- Drop dependency on m4 (replaced by Jinja2)
++++ perl:
- update to 5.34.0
* Experimental Try/Catch Syntax
* Blanks freely allowed within but adjacent to curly braces
* New octal syntax 0oddddd
* Fix a memory leak in RegEx [GH #18604]
* ExtUtils::PL2Bat 0.004 has been added to the Perl core.
* Updated Modules and Pragmata
- Rebase perl-5.28.0.dif to perl-5.34.0.dif
- Rebase perl-incfix.diff
- Rebase perl_skip_flaky_tests_powerpc.patch
- Drop perl-gdbm-test-no-mmap.diff (no longer needed with gdbm 1.20)
- Add c029d660f2fe60699cf64bbb3fa9f671a1a370d5.patch to fix build with
gdbm 1.20
- Drop perl-fix2020.patch (included upstream)
++++ podman:
- require runc >= 1.0.1
++++ qemu:
- Keep qemu-img without backing format still deprecated
(bsc#1190135)
* Patches added:
Revert-qemu-img-Improve-error-for-rebase.patch
Revert-qemu-img-Require-F-with-b-backing.patch
- Update the support files to reflect the deprecation.
++++ selinux-policy:
- Modified fix_systemd.patch to allow systemd gpt generator access to
udev files (bsc#1189280)
------------------------------------------------------------------
------------------ 2021-9-1 - Sep 1 2021 -------------------
------------------------------------------------------------------
++++ permissions:
- Update to version 20210901:
* libksysguard5: Updated path for ksgrd_network_helper
* kdesu: Updated path for kdesud
* sbin_dirs cleanup: these binaries have already been moved to /usr/sbin
* mariadb: revert auth_pam_tool to /usr/lib{,64} again
* cleanup: revert virtualbox back to plain /usr/lib
* cleanup: remove deprecated /etc/ssh/sshd_config
* hawk_invoke is not part of newer hawk2 packages anymore
* cleanup: texlive-filesystem: public now resides in libexec
* cleanup: authbind: helper now resides in libexec
* cleanup: polkit: the agent now also resides in libexec
* libexec cleanup: 'inn' news binaries now reside in libexec
++++ grub2:
- Add btrfs zstd compression on i386-pc and also make sure it won't break
existing grub installations (bsc#1161823)
* deleted 0001-btrfs-disable-zstd-support-for-i386-pc.patch
* added 0001-i386-pc-build-btrfs-zstd-support-into-separate-modul.patch
++++ iproute2:
- Update to release 5.14
* ip: Add nodst option to macvlan type source
* iplink: add support for parent device
* iplink: support for WWAN devices
* bridge: reorder cmd line arg parsing to let "-c" be detected
as "color" option
++++ kernel-default:
- Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()
(CVE-2021-3640 bsc#1188172).
- commit b9d15a3
++++ schily:
- Update to release 2021.09.01
* smake: The man page now better describes pattern macro
replacement.
- Drop schily-stksz.diff (resolved upstream)
++++ numactl:
- Update to version 2.0.14.20.g4ee5e0c:
* Fix system call numbers on s390x
* numactl.c: fixed debug verify for --preferred option
* numactl.c: Fixed description for the usage of numactl
++++ libseccomp:
- Update to release 2.5.2
* Update the syscall table for Linux v5.14-rc7
* Add a function, get_notify_fd(), to the Python bindings to
get the nofication file descriptor.
* Consolidate multiplexed syscall handling for all
architectures into one location.
* Add multiplexed syscall support to PPC and MIPS
* The meaning of SECCOMP_IOCTL_NOTIF_ID_VALID changed within
the kernel. libseccomp's fd notification logic was modified
to support the kernel's previous and new usage of
SECCOMP_IOCTL_NOTIF_ID_VALID.
++++ systemd:
- Configure split-usr=true only when %usrmerged is not defined
- Import commit 40bda18e346ff45132ccd6f8f8e96de78dcf3470 (merge of v249.4)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/7f23815a706cf2b2df3eac2eb2f8220736b8f427...40bda18e346ff45132ccd6f8f8e96de78dcf3470
++++ libvirt:
- Update to libvirt 7.7.0
- jsc#SLE-18446
- Many incremental improvements and bug fixes, see
https://libvirt.org/news.html
++++ osinfo-db:
- Update to database version 20210809
osinfo-db-20210809.tar.xz
++++ python-libvirt-python:
- Update to 7.7.0
- Add all new APIs and constants in libvirt 7.7.0
- jsc#SLE-18446
------------------------------------------------------------------
------------------ 2021-8-31 - Aug 31 2021 -------------------
------------------------------------------------------------------
++++ grub2:
- Delete the author list from %description (the %description section is
literally for package descriptions (only) these days, encoding was also
problematic).
- Add %doc AUTHORS to get packaged that info
++++ kernel-default:
- Delete
patches.suse/uapi-add-a-compatibility-layer-between-linux-uio-h-and-glibc (bsc#1189959).
No longer needed, since it's upstream now.
- commit b1aeba4
- rpm: Abolish scritplet templating (bsc#1189841).
Outsource kernel-binary and KMP scriptlets to suse-module-tools.
This allows fixing bugs in the scriptlets as well as defining initrd
regeneration policy independent of the kernel packages.
- commit e98096d
- arm64: Update config files. (bsc#1189922)
Enable ISP1760_DUAL_ROLE
- commit c265161
- rpm/kernel-binary.spec.in: Use kmod-zstd provide.
This makes it possible to use kmod with ZSTD support on non-Tumbleweed.
- commit 357f09a
++++ libtpms:
- security update
- added patches
fix CVE-2021-3746 [bsc#1189935], out-of-bounds access via specially crafted TPM 2 command packets
+ libtpms-CVE-2021-3746.patch
++++ libzypp:
- Workaround Bug 1189788: Don't allow ZYPP_SINGLE_RPMTRANS=1 on a
not UsrMerged Tumbleweed system.
- version 17.28.2 (22)
++++ podman:
- Update to version 3.3.1:
* Bugfixes
- Fixed a bug where unit files created by podman generate systemd could
not cleanup shut down containers when stopped by systemctl stop (#11304).
- Fixed a bug where podman machine commands would not properly locate
the gvproxy binary in some circumstances.
- Fixed a bug where containers created as part of a pod using the
- -pod-id-file option would not join the pod's network namespace (#11303).
- Fixed a bug where Podman, when using the systemd cgroups driver,
could sometimes leak dbus sessions.
- Fixed a bug where the until filter to podman logs and podman events
was improperly handled, requiring input to be negated (#11158).
- Fixed a bug where rootless containers using CNI networking run on
systems using systemd-resolved for DNS would fail to start if resolved
symlinked /etc/resolv.conf to an absolute path (#11358).
* API
- A large number of potential file descriptor leaks from improperly closing
client connections have been fixed.
++++ salt:
- Fix wrong relative paths resolution with Jinja renderer when importing subdirectories
- Added:
* templates-move-the-globals-up-to-the-environment-jin.patch
++++ qemu:
- Update build dependencies versions: libgcrypt >= 1.8.0,
gnutls >= 3.5.18, glib >= 2.56, libssh >= 0.8.7
------------------------------------------------------------------
------------------ 2021-8-30 - Aug 30 2021 -------------------
------------------------------------------------------------------
++++ chrony:
- Added hardening to systemd service(s). Added patch(es):
* harden_chrony-wait.service.patch
* harden_chronyd.service.patch
++++ transactional-update:
- Version 3.5.2
- tukit: Fix overlay syncing errors with SELinux [bsc#1188648]
- Don't print message for `shell` with --quiet
[gh#openSUSE/transactional-update#69]
++++ gsettings-desktop-schemas:
- Update to version 41.rc:
+ Stop setting legacy GNOME 2 shortcut by default.
+ Updated translations.
++++ kernel-default:
- rpm/kernel-binary.spec.in: avoid conflicting suse-release
suse-release has arbitrary values in staging, we can't use it for
dependencies. The filesystem one has to be enough (boo#1184804).
- commit 56f2cba
++++ krb5:
- Fix KDC null pointer dereference via a FAST inner body that
lacks a server field; (CVE-2021-37750); (bsc#1189929);
- Added patches:
* 0009-Fix-KDC-null-deref-on-TGS-inner-body-null-server.patch
++++ python310-core:
- Switch on option --with-system-libmpdec (bsc#1189356).
++++ yaml-cpp:
- Adjust library dependency reference
- Update to 0.7.0:
* Bazel support
* CMake improvements
* Adopts many modern C++ syntaxes
* Bug fixes
* Obsoletes yaml-cpp-CVE-2017-5950.patch (fixed by DepthGuard)
++++ python310:
- Switch on option --with-system-libmpdec (bsc#1189356).
++++ suse-module-tools:
- Update to version 16.0.9:
* weak_modules2: fix "warning: %post(kernel-...) scriptlet failed,
exit status 1" message from rpm (boo#1189881)
* weak-modules2: add logging at verbose level 2
* weak-modules2: control logging with environment variables
WM2_VERBOSE, WM2_DEBUG, WM2_LOGFILE
* regenerate-initrd-posttrans: friendly notice if dracut not found
(boo#1123721)
------------------------------------------------------------------
------------------ 2021-8-29 - Aug 29 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Update to 5.14 final
- refresh configs
- commit d419f63
- config: update and enable armv6hl
New config option values copied from arvm7hl.
- commit 7224850
- config: update and enable armv7hl
New config option values copied from arm64 except:
- PCI_IXP4XX=n (does not allow module build)
- MTD_NAND_PL35X=m
- IPMI_KCS_BMC_CDEV_IPMI=m
- IPMI_KCS_BMC_SERIO=m
- MSC313E_WATCHDOG=m
- REGULATOR_MT6359=m
- REGULATOR_RT5033=m
- ARM_GT_INITIAL_PRESCALER_VAL=2 (default)
- INTEL_QEP=m
- commit 2df785b
------------------------------------------------------------------
------------------ 2021-8-28 - Aug 28 2021 -------------------
------------------------------------------------------------------
++++ Mesa:
- update to 21.2.1
* first bugfix release
++++ Mesa-drivers:
- update to 21.2.1
* first bugfix release
++++ pinentry:
- pinentry 1.2.0:
* qt: Show a warning if Caps Lock is on
* qt: Support password formatting. This makes generated
passwords easier to transcribe
* qt: Fix showing of pinentry window on Wayland
* qt: Check passphrase constraints before accepting passphrase
if passphrase constraints are requested to be enforced
* qt: Improve detection of running in a GUI session
* qt: Improve accessibility when entering new password
------------------------------------------------------------------
------------------ 2021-8-27 - Aug 27 2021 -------------------
------------------------------------------------------------------
++++ compat-usrmerge:
- exit file triggers early if alread usrmerged
- statically link xmv to avoid glibc 2.34 dependency
(__libc_start_main@GLIBC_2.34)
- turn on filetriggers in main package. Needed for single transaction upgrades
(boo#1189788)
++++ filesystem:
- don't perform UsrMerge if ZYPP_SINGLE_RPMTRANS is set. Rely on
file trigger compat mode in that case and do it posttrans
(boo#1189788).
- generic %ghost handling instead of hardcoding
++++ kernel-default:
- rpm: fix kmp install path
- commit 2d3c7bb
++++ kmod:
- Add ZSTD support on Tumbleweed only. Add a way to detect ZSTD.
++++ libbpf:
- Fix LTO build (bsc#1188749).
+ libbpf-Fix-build-with-latest-gcc-binutils-with-LTO.patch
++++ python310-core:
- Reenable profileopt with qemu emulation, test_faulthandler is no longer
run during profiling
++++ python310:
- Reenable profileopt with qemu emulation, test_faulthandler is no longer
run during profiling
++++ qemu:
- Fix hardcoded binfmt handler doesn't play well with containers
(bsc#1186256)
* Patches added:
qemu-binfmt-conf.sh-allow-overriding-SUS.patch
++++ selinux-policy:
- fix rebootmgr does not trigger the reboot properly (boo#1189878)
* fix managing /etc/rebootmgr.conf
* allow rebootmgr_t to cope with systemd and dbus messaging
------------------------------------------------------------------
------------------ 2021-8-26 - Aug 26 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- net: usb: asix: ax88772: Fix less than zero comparison of a u16
(git-fixes).
- commit 8e5c63f
- Linux 5.13.13 (bsc#1012628).
- mtd: cfi_cmdset_0002: fix crash when erasing/writing AMD cards
(bsc#1012628).
- io_uring: Use WRITE_ONCE() when writing to sq_flags
(bsc#1012628).
- USB: core: Avoid WARNings for 0-length descriptor requests
(bsc#1012628).
- USB: core: Fix incorrect pipe calculation in do_proc_control()
(bsc#1012628).
- dmaengine: xilinx_dma: Fix read-after-free bug when terminating
transfers (bsc#1012628).
- dmaengine: usb-dmac: Fix PM reference leak in usb_dmac_probe()
(bsc#1012628).
- spi: spi-mux: Add module info needed for autoloading
(bsc#1012628).
- net: xfrm: Fix end of loop tests for list_for_each_entry
(bsc#1012628).
- ARM: dts: am43x-epos-evm: Reduce i2c0 bus speed for tps65218
(bsc#1012628).
- dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if
controller is not yet available (bsc#1012628).
- scsi: pm80xx: Fix TMF task completion race condition
(bsc#1012628).
- scsi: megaraid_mm: Fix end of loop tests for
list_for_each_entry() (bsc#1012628).
- scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach()
(bsc#1012628).
- scsi: core: Avoid printing an error if target_alloc() returns
- ENXIO (bsc#1012628).
- scsi: core: Fix capacity set to zero after offlinining device
(bsc#1012628).
- drm/amdgpu: fix the doorbell missing when in CGPG issue for
renoir (bsc#1012628).
- qede: fix crash in rmmod qede while automatic debug collection
(bsc#1012628).
- ARM: dts: nomadik: Fix up interrupt controller node names
(bsc#1012628).
- net: usb: pegasus: Check the return value of get_geristers()
and friends; (bsc#1012628).
- perf/x86: Fix out of bound MSR access (bsc#1012628).
- spi: cadence-quadspi: Fix check condition for DTR ops
(bsc#1012628).
- drm/amd/display: Fix Dynamic bpp issue with 8K30 with Navi 1X
(bsc#1012628).
- drm/amd/display: workaround for hard hang on HPD on native DP
(bsc#1012628).
- kyber: make trace_block_rq call consistent with documentation
(bsc#1012628).
- mtd: rawnand: Add a check in of_get_nand_secure_regions()
(bsc#1012628).
- arm64: dts: qcom: c630: fix correct powerdown pin for WSA881x
(bsc#1012628).
- arm64: dts: qcom: msm8992-bullhead: Remove PSCI (bsc#1012628).
- arm64: dts: qcom: msm8992-bullhead: Fix cont_splash_mem mapping
(bsc#1012628).
- iommu: Check if group is NULL before remove device
(bsc#1012628).
- cpufreq: arm_scmi: Fix error path when allocation failed
(bsc#1012628).
- arm64: dts: qcom: msm8994-angler: Disable cont_splash_mem
(bsc#1012628).
- arm64: dts: qcom: sdm845-oneplus: fix reserved-mem
(bsc#1012628).
- mt76: fix enum type mismatch (bsc#1012628).
- mtd: rawnand: Fix probe failure due to
of_get_nand_secure_regions() (bsc#1012628).
- soc: fsl: qe: convert QE interrupt controller to platform_device
(bsc#1012628).
- cpufreq: armada-37xx: forbid cpufreq for 1.2 GHz variant
(bsc#1012628).
- dccp: add do-while-0 stubs for dccp_pr_debug macros
(bsc#1012628).
- virtio: Protect vqs list access (bsc#1012628).
- vhost-vdpa: Fix integer overflow in
vhost_vdpa_process_iotlb_update() (bsc#1012628).
- bus: ti-sysc: Fix error handling for sysc_check_active_timer()
(bsc#1012628).
- vhost: Fix the calculation in vhost_overflow() (bsc#1012628).
- vdpa_sim: Fix return value check for vdpa_alloc_device()
(bsc#1012628).
- vp_vdpa: Fix return value check for vdpa_alloc_device()
(bsc#1012628).
- vDPA/ifcvf: Fix return value check for vdpa_alloc_device()
(bsc#1012628).
- vdpa/mlx5: Avoid destroying MR on empty iotlb (bsc#1012628).
- vdpa/mlx5: Fix queue type selection logic (bsc#1012628).
- drm/mediatek: Add AAL output size configuration (bsc#1012628).
- drm/mediatek: Add component_del in OVL and COLOR remove function
(bsc#1012628).
- bpf: Clear zext_dst of dead insns (bsc#1012628).
- bnxt: don't lock the tx queue from napi poll (bsc#1012628).
- bnxt: disable napi before canceling DIM (bsc#1012628).
- bnxt: make sure xmit_more + errors does not miss doorbells
(bsc#1012628).
- bnxt: count Tx drops (bsc#1012628).
- soc: fsl: qe: fix static checker warning (bsc#1012628).
- net: 6pack: fix slab-out-of-bounds in decode_data (bsc#1012628).
- ptp_pch: Restore dependency on PCI (bsc#1012628).
- bnxt_en: Disable aRFS if running on 212 firmware (bsc#1012628).
- bnxt_en: Add missing DMA memory barriers (bsc#1012628).
- vrf: Reset skb conntrack connection on VRF rcv (bsc#1012628).
- virtio-net: use NETIF_F_GRO_HW instead of NETIF_F_LRO
(bsc#1012628).
- mac80211: fix locking in ieee80211_restart_work() (bsc#1012628).
- net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32
(bsc#1012628).
- ixgbe, xsk: clean up the resources in ixgbe_xsk_pool_enable
error path (bsc#1012628).
- sch_cake: fix srchost/dsthost hashing mode (bsc#1012628).
- net: mdio-mux: Don't ignore memory allocation errors
(bsc#1012628).
- net: mdio-mux: Handle -EPROBE_DEFER correctly (bsc#1012628).
- ovs: clear skb->tstamp in forwarding path (bsc#1012628).
- net: usb: asix: refactor asix_read_phy_addr() and handle errors
on return (bsc#1012628).
- iommu/vt-d: Fix incomplete cache flush in
intel_pasid_tear_down_entry() (bsc#1012628).
- drm/i915: Skip display interruption setup when display is not
available (bsc#1012628).
- drm/i915: Tweaked Wa_14010685332 for all PCHs (bsc#1012628).
- drm/amd/display: Use DCN30 watermark calc for DCN301
(bsc#1012628).
- net: mscc: ocelot: allow forwarding from bridge ports to the
tag_8021q CPU port (bsc#1012628).
- mptcp: fix memory leak on address flush (bsc#1012628).
- mptcp: full fully established support after ADD_ADDR
(bsc#1012628).
- r8152: fix writing USB_BP2_EN (bsc#1012628).
- r8152: fix the maximum number of PLA bp for RTL8153C
(bsc#1012628).
- PCI/sysfs: Use correct variable for the legacy_mem sysfs object
(bsc#1012628).
- i40e: Fix ATR queue selection (bsc#1012628).
- iavf: Fix ping is lost after untrusted VF had tried to change
MAC (bsc#1012628).
- Revert "flow_offload: action should not be NULL when it is
referenced" (bsc#1012628).
- net: dpaa2-switch: disable the control interface on error path
(bsc#1012628).
- iommu/dma: Fix leak in non-contiguous API (bsc#1012628).
- mmc: dw_mmc: Fix hang on data CRC error (bsc#1012628).
- mmc: mmci: stm32: Check when the voltage switch procedure
should be done (bsc#1012628).
- mmc: sdhci-msm: Update the software timeout value for sdhc
(bsc#1012628).
- clk: imx6q: fix uart earlycon unwork (bsc#1012628).
- clk: qcom: gdsc: Ensure regulator init state matches GDSC state
(bsc#1012628).
- arm64: clean vdso & vdso32 files (bsc#1012628).
- cfi: Use rcu_read_{un}lock_sched_notrace (bsc#1012628).
- ALSA: hda - fix the 'Capture Switch' value change notifications
(bsc#1012628).
- tracing: define needed config DYNAMIC_FTRACE_WITH_ARGS
(bsc#1012628).
- tracing / histogram: Fix NULL pointer dereference on strcmp()
on NULL event name (bsc#1012628).
- slimbus: messaging: start transaction ids from 1 instead of zero
(bsc#1012628).
- slimbus: messaging: check for valid transaction id
(bsc#1012628).
- slimbus: ngd: set correct device for pm (bsc#1012628).
- slimbus: ngd: reset dma setup during runtime pm (bsc#1012628).
- ipack: tpci200: fix many double free issues in tpci200_pci_probe
(bsc#1012628).
- ipack: tpci200: fix memory leak in the tpci200_register
(bsc#1012628).
- io_uring: fix code style problems (bsc#1012628).
- io_uring: only assign io_uring_enter() SQPOLL error in actual
error case (bsc#1012628).
- ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15
9510 laptop (bsc#1012628).
- opp: Drop empty-table checks from _put functions (bsc#1012628).
- btrfs: prevent rename2 from exchanging a subvol with a directory
from different parents (bsc#1012628).
- tracing: Apply trace filters on all output channels
(bsc#1012628).
- ALSA: hda/via: Apply runtime PM workaround for ASUS B23E
(bsc#1012628).
- s390/pci: fix use after free of zpci_dev (bsc#1012628).
- usb: typec: tcpm: Fix VDMs sometimes not being forwarded to
alt-mode drivers (bsc#1012628).
- powerpc/32s: Move setup_{kuep/kuap}() into {kuep/kuap}.c
(bsc#1012628).
- powerpc/32s: Refactor update of user segment registers
(bsc#1012628).
- powerpc/32s: Fix random crashes by adding isync() after
locking/unlocking KUEP (bsc#1012628).
- PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI
(bsc#1012628).
- ALSA: hda/realtek: Limit mic boost on HP ProBook 445 G8
(bsc#1012628).
- ASoC: intel: atom: Fix breakage for PCM buffer address setup
(bsc#1012628).
- riscv: Fix a number of free'd resources in init_resources()
(bsc#1012628).
- mm: memcontrol: fix occasional OOMs due to proportional
memory.low reclaim (bsc#1012628).
- mm,hwpoison: make get_hwpoison_page() call get_any_page()
(bsc#1012628).
- mm/hwpoison: retry with shake_page() for unhandlable pages
(bsc#1012628).
- kfence: fix is_kfence_address() for addresses below
KFENCE_POOL_SIZE (bsc#1012628).
- hugetlb: don't pass page cache pages to restore_reserve_on_error
(bsc#1012628).
- io_uring: fix xa_alloc_cycle() error return value check
(bsc#1012628).
- fs: warn about impending deprecation of mandatory locks
(bsc#1012628).
- Update config files.
- commit b44f35f
- post.sh: detect /usr mountpoint too
- commit c7b3d74
++++ libssh:
- Update to version 0.9.6 (bsc#1189608, CVE-2021-3634)
* https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.9.6
++++ qemu:
- Update to v6.1: see https://wiki.qemu.org/ChangeLog/6.1
For a full list of formely deprecated features that are removed,
consult: https://qemu-project.gitlab.io/qemu/about/removed-features.html
For a list of new deprecated features, consult:
https://qemu-project.gitlab.io/qemu/about/deprecated.html
Some noteworthy changes:
* Removed moxie CPU.
* Removed lm32 CPU.
* Removed unicore32 CPU.
* Removed 'info cpustats'.
* Added Aspeed machines: rainier-bmc, quanta-q7l1-bmc.
* Added npcm7xx machine: quanta-gbs-bmc.
* Model for Aspeed's Hash and Crypto Engine.
* SVE2 is now emulated, including bfloat16 support
* FEAT_I8MM, FEAT_TLBIOS, FEAT_TLBRANGE, FEAT_BF16, FEAT_AA32BF16, and
FEAT_MTE3 are now emulated.
* Improved hot-unplug failures on PowerPC pseries machine.
* Implemented some POWER10 instructions in TCG.
* Added shakti_c RISC-V machine.
* Improved documentation for RISC-V machines.
* CPU models for gen16 have been added for s390x.
* New CPU model versions added with XSAVES enabled:
Skylake-Client-v4, Skylake-Server-v5, Cascadelake-Server-v5,
Cooperlake-v2, Icelake-Client-v3, Icelake-Server-v5, Denverton-v3,
Snowridge-v3, Dhyana-v2
* Added ACPI based PCI hotplug support to Q35 machine. Enabled and
used by default since pc-q35-6.1 machine type.
* Added support for the pca9546 and pca9548 I2C muxes.
* Added support for PMBus and several PMBus devices.
* Crypto subsystem:
The preferred crypto backend driver now gnutls, with libgcrypt as the
second choice, and nettle as third choice, with ordering driven mostly
by performance of the ciphers.
* Misc doc improvements.
* Patches removed:
block-nvme-Fix-VFIO_MAP_DMA-failed-No-sp.patch
hmp-Fix-loadvm-to-resume-the-VM-on-succe.patch
hw-block-nvme-align-with-existing-style.patch
hw-block-nvme-consider-metadata-read-aio.patch
hw-net-can-sja1000-fix-buff2frame_bas-an.patch
hw-nvme-fix-missing-check-for-PMR-capabi.patch
hw-nvme-fix-pin-based-interrupt-behavior.patch
hw-pci-host-q35-Ignore-write-of-reserved.patch
hw-rdma-Fix-possible-mremap-overflow-in-.patch
hw-rx-rx-gdbsim-Do-not-accept-invalid-me.patch
hw-usb-Do-not-build-USB-subsystem-if-not.patch
hw-usb-host-stub-Remove-unused-header.patch
linux-user-aarch64-Enable-hwcap-for-RND-.patch
module-for-virtio-gpu-pre-load-module-to.patch
monitor-qmp-fix-race-on-CHR_EVENT_CLOSED.patch
pvrdma-Ensure-correct-input-on-ring-init.patch
pvrdma-Fix-the-ring-init-error-flow-CVE-.patch
qemu-config-load-modules-when-instantiat.patch
qemu-config-parse-configuration-files-to.patch
qemu-config-use-qemu_opts_from_qdict.patch
runstate-Initialize-Error-to-NULL.patch
sockets-update-SOCKET_ADDRESS_TYPE_FD-li.patch
target-i386-Exit-tb-after-wrmsr.patch
target-sh4-Return-error-if-CPUClass-get_.patch
tcg-Allocate-sufficient-storage-in-temp_.patch
tcg-arm-Fix-tcg_out_op-function-signatur.patch
tcg-sparc-Fix-temp_allocate_frame-vs-spa.patch
ui-Fix-memory-leak-in-qemu_xkeymap_mappi.patch
usb-hid-avoid-dynamic-stack-allocation.patch
usb-limit-combined-packets-to-1-MiB-CVE-.patch
usb-mtp-avoid-dynamic-stack-allocation.patch
usb-redir-avoid-dynamic-stack-allocation.patch
usbredir-fix-free-call.patch
vfio-ccw-Permit-missing-IRQs.patch
vhost-user-blk-Check-that-num-queues-is-.patch
vhost-user-blk-Don-t-reconnect-during-in.patch
vhost-user-blk-Fail-gracefully-on-too-la.patch
vhost-user-blk-Get-more-feature-flags-fr.patch
vhost-user-blk-Make-sure-to-set-Error-on.patch
vhost-user-gpu-abstract-vg_cleanup_mappi.patch
vhost-user-gpu-fix-leak-in-virgl_cmd_res.patch
vhost-user-gpu-fix-leak-in-virgl_resourc.patch
vhost-user-gpu-fix-memory-disclosure-in-.patch
vhost-user-gpu-fix-memory-leak-in-vg_res.patch
vhost-user-gpu-fix-memory-leak-while-cal.patch
vhost-user-gpu-fix-OOB-write-in-virgl_cm.patch
vhost-user-gpu-fix-resource-leak-in-vg_r.patch
vhost-vdpa-don-t-initialize-backend_feat.patch
virtio-blk-Fix-rollback-path-in-virtio_b.patch
virtio-Fail-if-iommu_platform-is-request.patch
virtiofsd-Fix-side-effect-in-assert.patch
vl-allow-not-specifying-size-in-m-when-u.patch
vl-Fix-an-assert-failure-in-error-path.patch
vl-plug-object-back-into-readconfig.patch
vl-plumb-keyval-based-options-into-readc.patch
x86-acpi-use-offset-instead-of-pointer-w.patch
++++ selinux-policy:
- Properly label cockpit files
- Allow wicked to communicate with network manager on DBUS (bsc#1188331)
------------------------------------------------------------------
------------------ 2021-8-25 - Aug 25 2021 -------------------
------------------------------------------------------------------
++++ cryptsetup:
- As YaST passes necessary parameters to cryptsetup anyway, we do
not necessarily need to take grub into consideration. So back to
Argon2 to see how it goes.
++++ gobject-introspection:
- Update to version 1.69.0:
+ Fix build when gobject-introspection is a subproject,
+ Add more float types,
+ Make test suite work with cross-related options,
+ Fix several leaks found by Coverity,
+ Fix enum member,
+ Add g-ir-doc-tool man page,
+ Export warnlib sources as variables,
+ Update the GLib annotations,
+ Add "final" class attribute,
+ Add option to make .gir files installation paths configurable,
+ Handle constructors with mismatched GTypes,
+ Add property accessors annotations,
++++ gpg2:
- GnuPG 2.3.2:
* gpg: Allow fingerprint based lookup with --locate-external-key.
* gpg: Allow decryption w/o public key but with correct card inserted.
* gpg: Auto import keys specified with --trusted-keys.
* gpg: Do not use import-clean for LDAP keyserver imports.
* gpg: Fix mailbox based search via AKL keyserver method.
* gpg: Fix memory corruption with --clearsign introduced with 2.3.1.
* gpg: Use a more descriptive prompt for symmetric decryption.
* gpg: Improve speed of secret key listing.
* gpg: Support keygrip search with traditional keyring.
* gpg: Let --fetch-key return an exit code on failure.
* gpg: Emit the NO_SECKEY status again for decryption.
* gpgsm: Support decryption of password based encryption (pwri).
* gpgsm: Support AES-GCM decryption.
* gpgsm: Let --dump-cert --show-cert also print an OpenPGP fingerprint.
* gpgsm: Fix finding of issuer in use-keyboxd mode.
* gpgsm: New option --ldapserver as an alias for --keyserver.
* agent: Use SHA-256 for SSH fingerprint by default.
* agent: Fix calling handle_pincache_put.
* agent: Fix importing protected secret key.
* agent: Fix a regression in agent_get_shadow_info_type.
* agent: Add translatable text for Caps Lock hint.
* agent: New option --pinentry-formatted-passphrase.
* agent: Add checkpin inquiry for pinentry.
* agent: New option --check-sym-passphrase-pattern.
* agent: Use the sysconfdir for a pattern file.
* agent: Make QT_QPA_PLATFORMTHEME=qt5ct work for the pinentry.
* dirmngr: LDAP search by a mailbox now ignores revoked keys.
* dirmngr: For KS_SEARCH return the fingerprint also with LDAP.
* dirmngr: Allow for non-URL specified ldap keyservers.
* dirmngr: New option --ldapserver.
* dirmngr: Fix regression in KS_GET for mail address pattern.
* card: New option --shadow for the list command.
* tests: Make sure the built keyboxd is used.
* scd: Fix computing shared secrets for 512 bit curves.
* scd: Fix unblock PIN by a Reset Code with KDF.
* scd: Fix PC/SC removed card problem.
* scd: Recover the partial match for PORTSTR for PC/SC.
* scd: Make sure to release the PC/SC context.
* scd: Fix zero-byte handling in ECC.
* scd: Fix serial number detection for Yubikey 5.
* scd: Add basic support for AET JCOP cards.
* scd: Detect external interference when --pcsc-shared is in use.
* scd: Fix access to the list of cards.
* gpgconf: Do not list a disabled tpm2d.
* gpgconf: Make runtime changes with different homedir work.
* keyboxd: Fix searching for exact mail adddress.
* keyboxd: Fix searching with multiple patterns.
* tools: Extend gpg-check-pattern.
* wkd: Fix client issue with leading or trailing spaces in user-ids.
* Pass XDG_SESSION_TYPE and QT_QPA_PLATFORM envvars to Pinentry.
* Change the default keyserver to keyserver.ubuntu.com. This is a
temporary change due to the shutdown of the SKS keyserver pools.
++++ json-glib:
- Update to version 1.6.6:
+ New release with the documentation and gi-docgen included in
the archive.
- Drop gtk-doc BuildRequires, no longer needed, nor used.
- Add docbook-xsl-stylesheets and libxslt-tools BuildRequires,
needed for building of manpages.
++++ libsoup:
- Update to version 2.99.9:
+ Make soup_message_set_method() public API.
+ Make SoupMessage:http-version read only.
+ Prevent the same message being queued multiple times.
+ Allow completing SoupMessage::tls-interaction with NULL
certificate.
+ Replace soup_server_set_ssl_cert_file() with
soup_server_set_tls_certificate().
+ Add SoupServer support for client certificates.
+ Fallback to building meson wrap of sqlite if not found.
+ Add soup_message_get_tls_protocol_version() and
soup_message_get_tls_ciphersuite_name() API.
- Changes from version 2.99.8:
+ Enable HTTP/2 by default. The SOUP_FORCE_HTTP1 env var can
disable for debugging.
+ Restrict advertising brotli decoding support to HTTPS.
+ Add new API to handle client certificate authentication
per-message as well as API to PKCS #11 PINs.
+ Add new build features `http2_tests` and `pkcs11_tests` to more
granularly control optional test dependencies.
- Changes from version 2.99.7:
+ Change SoupSession to only support one SoupSessionFeature of a
given type.
+ Remove soup_session_get_features() API.
+ Numerous HTTP/2 fixes and improvements.
- Changes from version 2.99.6:
+ Added HTTP/2 support. Enable by setting `SOUP_ENABLE_HTTP2` env
var.
- Changes from version 2.99.5:
+ Add soup_message_get_remote_address() API.
+ Fix preconnect stealing a connection.
+ Fix potential header issues when included in a C++ project.
+ Disabling tests also disables Autobahn tests by default.
- Changes from version 2.99.4:
+ Rename SoupMessage:tls-certificate and
SoupMessage:tls-certificate-errors to tls-peer-certificate and
tls-peer-certificate-errors respectively.
+ Add SoupMessageMetrics API for tracking message events,
+ Add soup_message_get_connection_id() API.
+ Add WebSocket fuzzing tests with Autobahn.
- Add pkgconfig(gnutls) and pkgconfig(libnghttp2) BuildRequires:
new dependencies.
- Rename libsoup-2_4-1 subpackage to libsoup-3_0-0: follow upstream
library name change.
- Pass -Dautobahn=disabled -Dhttp2_tests=disabled to meson: disable
some tests, as we do not have all deps available.
- Drop libsoup-skip-tls_interaction-test.patch: no longer needed.
------------------------------------------------------------------
------------------ 2021-8-24 - Aug 24 2021 -------------------
------------------------------------------------------------------
++++ openldap2:
- Update to upstream version 2.5.7
Fixed lloadd client state tracking (ITS#9624)
Fixed slapd bconfig to canonicalize structuralObjectclass (ITS#9611)
Fixed slapd-ldif duplicate controls response (ITS#9497)
Fixed slapd-mdb multival crash when attribute is missing an equality matchingrule (ITS#9621)
Fixed slapd-mdb compatibility with OpenLDAP 2.4 MDB databases (ITS#8958)
Fixed slapd-mdb idlexp maximum size handling (ITS#9637)
Fixed slapd-monitor number of ops executing with asynchronous backends (ITS#9628)
Fixed slapd-sql to add support for ppolicy attributes (ITS#9629)
Fixed slapd-sql to close transactions after bind and search (ITS#9630)
Fixed slapo-accesslog to make reqMod optional (ITS#9569)
Fixed slapo-ppolicy logging when pwdChangedTime attribute is not present (ITS#9625)
Documentation
slapd-mdb(5) note max idlexp size is 30, not 31 (ITS#9637)
slapo-accesslog(5) note that reqMod is optional (ITS#9569)
Add ldapvc(1) man page (ITS#9549)
Add guide section on load balancer (ITS#9443)
Updated guide to document multiprovider as replacement for mirrormode (ITS#9200)
Updated guide to clarify slapd-mdb upgrade requirements (ITS#9200)
Updated guide to document removal of deprecated options from client tools (ITS#9200)
++++ openssl-1_1:
- Update to 1.1.1l:
* [bsc#1189520, CVE-2021-3711] Fixed an SM2 Decryption Buffer Overflow.
* [bsc#1189521, CVE-2021-3712] Fixed various read buffer overruns
processing ASN.1 strings
++++ usbredir:
- Update to version 0.11.0
- Avoid use-after-free in serialization (CVE-2021-3700, bsc#1189491)
- Add local directory to include search path for meson
- Fix generated by meson libusbredirhost.pc
- Remove upstreamed patches
- meson-Fix-include-directories-needed-to-build.patch
- meson-Fix-pkgconfig-required-library-name-reference.patch
- usbredir-CVE-2021-3700.patch
- add patch usbredir-CVE-2021-3700.patch
fix use-after-free in usbredirparser_serialize
(CVE-2021-3700,bsc#1189491)
++++ openssl:
- Update to 1.1.1l release
------------------------------------------------------------------
------------------ 2021-8-23 - Aug 23 2021 -------------------
------------------------------------------------------------------
++++ aaa_base:
- Update to version 84.87+git20210823.4c98889:
* Remove /etc/hushlogins
++++ glib2-branding-openSUSE:
- Update for libreoffice-* desktop files no longer dropping the
libreoffice- prefix.
++++ glib-networking:
- Update to version 2.70.beta:
+ gnutls: Ensure that PKCS #11 pins are NUL terminated.
+ openssl: Restore OCSP support.
++++ glib2:
- Update to version 2.69.2:
+ The `DBUS_SESSION_BUS_ADDRESS` environment variable is once
more not used if the process is `AT_SECURE`
(setuid/setgid/setcap); this change was previously applied and
then reverted because it broke gnome-keyring
+ Add `g_test_fail_printf()`, `g_test_skip_printf()`,
`g_test_incomplete_printf()` helper functions for printing
messages when tests end prematurely
+ Add portal implementation of `GPowerProfileMonitor`
+ Various bugs fixed
+ Updated translations.
- Update to version 2.69.1:
+ Support categories in desktop notifications (`GNotification`)
+ Add `GPowerProfileMonitor` for monitoring when to use less
power (due to being on battery power, electricity being
expensive or high-carbon, etc.)
+ Allow static names to be set for `GSource`s to avoid
unnecessary string copies
+ Various bugs fixed
+ Updated translations.
- Update to version 2.69.0:
+ Fix a crash in `GKeyFile` when parsing a file which contains
translations using a `GKeyFile` instance which has loaded
another file previously.
+ Ensure `dlerror()` is used with locking as it’s not thread-safe
in some libc implementations.
+ Drop internal libpcre copy in favour of a subproject from
wrapdb.
+ Optimise grefcount atomic operations.
+ Fix `g_date_time_format()` return value encoding if `LC_TIME`
is not a UTF-8 locale but other locale settings are.
+ Set app name in freedesktop.org notifications with
`GNotification`.
+ Add PKCS#11 flags to `GTlsPasswordFlags`.
- Drop -Dinternal_pcre=false meson parameter: follow upstreams
build recipe changes.
++++ gsettings-desktop-schemas:
- Update to version 41.alpha:
+ Add lockdown setting for revealing passwords.
+ Updated translations.
++++ kernel-default:
- config: re-modularize CRYPTO_{CTS,ECB,XTS} on arm* (bsc#1189034).
Now that FS_ENCRYPTION_ALGS is modular, the crypto modules it utilizes
can be modular as well. CRYPTO_AES and CRYPTO_CBC are used by
ENCRYPTED_KEYS and must remain built-in. CRYPTO_SHA512 and CRYPTO_HMAC
are used by module signature validation and must also remain built-in.
- commit dbb9dbc
- config: re-modularize CRYPTO_{GCM,GHASH,GF128MUL} on arm* (bsc#1189033).
These modules were selected as built-in due to Kconfig changes between
4.14-rc3 and 5.8-rc1 selecting them if BIG_KEYS was enabled. They can
be built as modules again now.
- commit bb04225
- usb: renesas-xhci: Prefer firmware loading on unknown ROM state
(bsc#1189207).
- commit 0567e80
- kernel-binary.spec.in: make sure zstd is supported by kmod if used
- commit f36412b
- kernel-binary.spec.in: add zstd to BuildRequires if used
- commit aa61dba
- Update config files. (vanillas)
Oldconfig on vanillas.
- commit fc469d6
- hid: fix length inconsistency
(20210816130059.3yxtdvu2r7wo4uu3@lion.mk-sys.cz).
- commit 61596f4
- config: refresh vanilla configs
Vanilla configs also need to include DEBUG_INFO_BTF_MODULES even if the
value does not differ from base config.
- commit f317ebc
- Update config files. (arm & epaper drivers and other old graphics)
Propagate recent epaper drivers and other old graphics changes to arms.
- commit dda8a0c
- Update config files. (arm & CONFIG_GAMEPORT)
Propagate recent CONFIG_GAMEPORT changes to arms.
- commit dc92f5f
- Update config files. (arm & CONFIG_BT_MSFTEXT)
Propagate recent CONFIG_BT_MSFTEXT changes to arms.
- commit 408b13b
- Update config files. (arm & ATALK)
Propagate recent ATALK changes to arms.
- commit 32afa86
- Update config files. (arm & EXT4_FS)
Propagate recent EXT4_FS changes to arms.
- commit dbd131f
- Update config files.
Only refresh using scripts/run_oldconfig.sh.
- commit bdb4b85
++++ fuse:
- Add closefrom.patch [boo#1189086]
++++ libgcrypt:
- Update to 1.9.4:
* Bug fixes:
- Fix Elgamal encryption for other implementations. [CVE-2021-33560]
- Fix alignment problem on macOS.
- Check the input length of the point in ECDH.
- Fix an abort in gcry_pk_get_param for "Curve25519".
* Other features:
- Add GCM and CCM to OID mapping table for AES.
* Upstream libgcrypt-CVE-2021-33560-fix-ElGamal-enc.patch
- Remove not needed patch libgcrypt-sparcv9.diff
++++ libnl3:
- Add 0001-route-link-add-RTNL_LINK_REASM_OVERLAPS-stat.patch
[boo#1189451]
++++ pkgconf:
- Update to version 1.8.0:
+ Fix a minor memory leak relating to cross-personalities
+ Fix some edge cases with --redefine-prefix
+ Do not prepend sysroot_dir if the .pc file does not exist
in the sysroot
+ Do not perform path filtering on default system include
and library path lists.
++++ libsoup:
- Update to version 2.74.0:
+ IMPORTANT: Enable ssl-use-system-ca-file by default on
deprecated Sync and Async sessions.
+ Fix including headers in C++ projects.
+ Fix attempting to resolve relative paths with data URIs.
+ Support Content-Disposition headers without a disposition-type.
+ Fix building VAPI bindings with latest Vala.
+ Fix sending a Content-Length header in a response with status
code of 1xx or 204.
+ Updated translations.
- Drop libsoup-fix-SSL-test.patch: fixed upstream.
++++ systemd:
- Rework the test (sub)package:
- it's been renamed into 'systemd-testsuite'
- it includes the extended tests too
- the relevant commits have been backported to SUSE/v249 so no SUSE
specific patch is needed to run the extended tests (see below)
- the deps needed by the extended tests have been added
- Import commit 7f23815a706cf2b2df3eac2eb2f8220736b8f427
ad216581b6 test: if haveged is part of initrd it needs to be installed in the image too
088fbb71d0 test: adapt install_pam() for openSUSE
4d631c1f0c Revert "test: adapt TEST-13-NSPAWN-SMOKE for SUSE"
ef956eb8a2 test: on openSUSE the static linked version of busybox is named "busybox-static"
6f7ce633b0 TEST-13-*: in busybox container sleep(1) takes a delay in seconds only
278baaa3ec test: don't try to find BUILD_DIR when NO_BUILD is set
3bba2f876a test: add support for NO_BUILD=1 on openSUSE
d77cbc1b64 test: make busybox TEST-13-only dependency
++++ libzypp:
- Fix crashes in logging code when shutting down (bsc#1189031)
- version 17.28.1 (22)
++++ podman:
- Revert crun change due to crun having exclusive arch targets
that would drop podman support in PPC and IBM Z
++++ runc:
- Update to runc v1.0.2. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.0.2
* Fixed a failure to set CPU quota period in some cases on cgroup v1.
* Fixed the inability to start a container with the "adding seccomp filter
rule for syscall ..." error, caused by redundant seccomp rules (i.e. those
that has action equal to the default one). Such redundant rules are now
skipped.
* Made release builds reproducible from now on.
* Fixed a rare debug log race in runc init, which can result in occasional
harmful "failed to decode ..." errors from runc run or exec.
* Fixed the check in cgroup v1 systemd manager if a container needs to be
frozen before Set, and add a setting to skip such freeze unconditionally.
The previous fix for that issue, done in runc 1.0.1, was not working.
++++ selinux-policy:
- Added policy module for rebootmgr (jsc#SMO-28)
++++ toolbox:
- Update to version 2.2+git20210823.dd0fff8:
* README mini-typo
* Docker: don't use unsupported --userns=keep-id
* Docker: also check for created status
* Try to use docker if installed and podman is not
* Properly share namespaces in non-user toolboxes
* Properly quote workdir
------------------------------------------------------------------
------------------ 2021-8-22 - Aug 22 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Update to 5.14-rc7
- eliminated 3 patches:
- patches.suse/mmc-sdhci-iproc-cap-min-clock-frequency-on-bcm2711.patch
- patches.suse/mmc-sdhci-iproc-set-sdhci_quirk_cap_clock_base_broken-on-bcm2711.patch
- patches.suse/crypto-drbg-select-SHA512.patch
- refresh configs
- DYNAMIC_FTRACE_WITH_ARGS=y (x86_64 only)
- commit 3e03413
- config: enable CONFIG_NO_HZ_FULL where supported (bsc#1189692).
- commit da75261
- config: enable CONFIG_MAXSMP (bsc#1189691).
- commit 7c67b01
------------------------------------------------------------------
------------------ 2021-8-21 - Aug 21 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- config: disable CONFIG_SOUNDWIRE_QCOM on x86 (bsc#1189686).
- commit fb7c80f
++++ json-glib:
- Update to version 1.6.4:
+ Discover linker flags on all toolchains
+ Fix memory leak
+ Use gi-docgen instead of gtk-doc for generating the API
reference
+ Build against newer versions of GLib
- Pass gtk_doc=disabled to meson, no longer build API
documentation.
------------------------------------------------------------------
------------------ 2021-8-20 - Aug 20 2021 -------------------
------------------------------------------------------------------
++++ ebtables:
- Use libalternatives instead of update-alternatives.
++++ glib2:
- Update to version 2.68.4:
+ Various bugfixes and backports from master.
+ Updated translations.
- Drop 63e7864.patch: fixed upstream.
++++ kernel-default:
- config: disable CONFIG_MD_MULTIPATH (bsc#1189678).
First-class multipath on Linux has used dm-multipath for ages.
- commit 1309089
- config: disable CONFIG_PM_AUTOSLEEP and CONFIG_PM_WAKELOCKS (bsc#1189677).
- commit 77c3a63
- config: disable CONFIG_ISDN on arm* (bsc#1189675).
Without CONFIG_ISDN, we no longer need to carry:
- patches.suse/misdn-add-support-for-group-membership-check.
- config: disable CONFIG_ISDN (bsc#1189675).
Without CONFIG_ISDN, we no longer need to carry:
- patches.suse/misdn-add-support-for-group-membership-check.
- commit 310ae3e
- config: enable CONFIG_PRINTK_CALLER on arm* (bsc#1189674).
- config: enable CONFIG_PRINTK_CALLER (bsc#1189674).
- commit 0ba49b0
- config: arm64: Update to 5.14-rc6
- commit 1a6db50
- rpm: support gz and zst compression methods
Extend commit 18fcdff43a00 ("rpm: support compressed modules") for
compression methods other than xz.
- commit 3b8c4d9
- Update config files: make pinctrl-cherryview built-in (bsc#1189447)
Otherwise some devices aren't properly intiailized.
- commit b19ed90
++++ libbpf:
- Depend on new enough Linux headers.
++++ libjpeg-turbo:
- version update to 2.1.1
1. Fixed a regression introduced in 2.1.0 that caused build failures
with non-GCC-compatible compilers for Un*x/Arm platforms.
2. Fixed a regression introduced by 2.1 beta1[13] that prevented the
Arm 32-bit (AArch32) Neon SIMD extensions from building unless
the C compiler flags included -mfloat-abi=softfp or -mfloat-abi=hard.
3. Fixed an issue in the AArch32 Neon SIMD Huffman encoder whereby
reliance on undefined C compiler behavior led to crashes
("SIGBUS: illegal alignment") on Android systems when running
AArch32/Thumb builds of libjpeg-turbo built with recent versions
of Clang.
4. Added a command-line argument (-copy icc) to jpegtran that causes
it to copy only the ICC profile markers from the source file and
discard any other metadata.
5. libjpeg-turbo should now build and run on CHERI-enabled
architectures, which use capability pointers that are larger than
the size of size_t.
6. Fixed a regression introduced by 2.1 beta1[5] that caused a segfault
in the 64-bit SSE2 Huffman encoder when attempting to losslessly
transform a specially-crafted malformed JPEG image.
++++ open-iscsi:
- Merged latest upstream, which includes:
* iscsid: set PR_SET_IO_FLUSHER (bsc#1188869)
++++ podman:
- Update to version 3.3.0:
* Fix network aliases with network id
* machine: compute sha256 as we read the image file
* machine: check for file exists instead of listing directory
* pkg/bindings/images.nTar(): slashify hdr.Name values
* Volumes: Only remove from DB if plugin removal succeeds
* For compatibility, ignore Content-Type
* [v3.3] Bump c/image 5.15.2, buildah v1.22.3
* Implement SD-NOTIFY proxy in conmon
* Fix rootless cni dns without systemd stub resolver
* fix rootlessport flake
* Skip stats test in CGv1 container environments
* Fix AVC denials in tests of volume mounts
* Restore buildah-bud test requiring new images
* Revert ".cirrus.yml: use fresh images for all VMs"
* Fix device tests using ls test files
* Enhance priv. dev. check
* Workaround host availability of /dev/kvm
* Skip cgroup-parent test due to frequent flakes
* Cirrus: Fix not uploading logformatter html
++++ suse-module-tools:
- Update to version 16.0.8+1:
* spec file: fix BuildRequires
++++ vim:
- Updated to version 8.2.3360, fixes the following problems
* Vim9: cannot ignore quotes in number at the command line.
* Coverity action on github does not work.
* Some local functions are not static.
* Some code is not tested.
* Vim9: checking type of dict does not check member type.
* Help tag for exists_compiled() is wrong. (Maxim Kim)
* Vim9: Cannot use :silent with :endwhile.
* Digraph test fails when LC_ALL is set to "C".
* Vim9: no error passing an empty list of the wrong type.
* No check for sysconf() failing.
* Coverity error for not checking return value.
* v_lock not set when getting value of environment variable.
* Coverity reports using uninitialized field.
* Coverity warns for using value without boundary check.
* Vim9: cannot assign to range in list.
* Vim9: not enough tests run with Vim9.
* Vim9: not enough tests run with Vim9.
* Vim9: not enough tests run with Vim9.
* Behavior of negative index in list change changed. (Naruhiko Nishino)
* Completing "call g:" returns entries with just "g:". (Naohiro Ono)
* Vim9: no type check when assigning a list range. (Naohiro Ono)
* Vim9: cannot lock a member in a local dict.
* Accessing uninitialized pointer.
* Vim9: function call aborted despite try/catch. (Naohiro Ono)
* Test for :let errors fails.
* Vim9: autoload test fails.
* Vimscript test fails.
* Some code not covered by tests.
* Vim9: no error for using "." for concatenation after ":vim9cmd". (Naohiro
Ono)
* Check for legacy script is incomplete. (Naohiro Ono)
* line2byte() returns wrong value after adding textprop. (Yuto Kimura)
* Eval test for scriptversion fails.
* Vim9: using a function by name may delete it. (Naohiro Ono)
* Vim9: error for nested :enddef has wrong line number.
* Vim9: type of argument for negate not checked at compile time.
* Build failure with +byte_offset but without +textprop. (John Marriott)
* Adding many text properties requires a lot of function calls.
* Crash when 'virtualedit' is set and window is narrow.
* Structurizr files are not recognized.
* Vim9: error for type when variable is not set.
* User function completion fails with dict function.
------------------------------------------------------------------
------------------ 2021-8-19 - Aug 19 2021 -------------------
------------------------------------------------------------------
++++ NetworkManager:
- Update to version 1.32.10:
+ core: fix the order of IPv6 addresses changing on service
restart.
+ initrd: add command line option to configure link
autonegotiation and speed.
+ ifcfg-rh:
- fix crash when parsing invalid DNS address.
- extend ifup/ifdown scripts to work with connection profile
names.
+ udev: also react to "move" (and "change") udev actions in our
rules.
- Changes from version 1.32.8:
+ firewalld: configure zones on "Reloaded" signal.
+ core: fix wrong MTU for bridge interfaces.
+ cloud-setup: fix gateway address for Aliyun cloud.
++++ aaa_base:
- Update to version 84.87+git20210819.b55340d:
* Rework locale checks for better support of ssh
* Update mime types from apache
* Better support of Midnight Commander color skins (boo#1188862)
++++ cockpit:
- add --legacy-peer-deps to fix build
++++ openssh:
- sshd-gen-keys-start:
- only source sysconfig file if it exists.
- create /etc/ssh if it does not exists.
Required for image based installation/updates.
++++ patterns-base:
- Fix typo in the icon name for the fips pattern (bsc#1189550)
++++ salt:
- Don't pass shell="/sbin/nologin" to onlyif/unless checks (bsc#1188259)
- Add missing aarch64 to rpm package architectures
- Backport of upstream PR#59492
- Added:
* backport-of-upstream-pr59492-to-3002.2-404.patch
* don-t-use-shell-sbin-nologin-in-requisites.patch
* add-missing-aarch64-to-rpm-package-architectures-405.patch
++++ suse-module-tools:
- Update to version 16.0.8:
* fix problem that initrd may not be rebuilt after installing
kernel-$flavor-extra (bsc#1189441)
- Update to version 16.0.7:
* add kernel-sysctl.service and boot-sysctl.service for applying
kernel-specific sysctl settings (bsc#1184804)
* add support for zstd-compressed kernel modules
------------------------------------------------------------------
------------------ 2021-8-18 - Aug 18 2021 -------------------
------------------------------------------------------------------
++++ cpio:
- Fix regression in last update (bsc#1189465)
* fix-CVE-2021-38185_2.patch
* fix-CVE-2021-38185_3.patch
++++ kernel-default:
- Bluetooth: switch to lock_sock in SCO (CVE-2021-3640
bsc#1188172).
- Bluetooth: avoid circular locks in sco_sock_connect
(CVE-2021-3640 bsc#1188172).
- Bluetooth: switch to lock_sock in SCO (CVE-2021-3640
bsc#1188172).
- Bluetooth: avoid circular locks in sco_sock_connect
(CVE-2021-3640 bsc#1188172).
- commit 9562b07
- driver core: Add missing kernel doc for device::msi_lock
(git-fixes).
- commit 33709df
- Linux 5.13.12 (bsc#1012628).
- lib: use PFN_PHYS() in devmem_is_allowed() (bsc#1012628).
- Revert "usb: dwc3: gadget: Use list_replace_init() before
traversing lists" (bsc#1012628).
- iio: adc: ti-ads7950: Ensure CS is deasserted after reading
channels (bsc#1012628).
- iio: adis: set GPIO reset pin direction (bsc#1012628).
- iio: humidity: hdc100x: Add margin to the conversion time
(bsc#1012628).
- iio: adc: Fix incorrect exit of for-loop (bsc#1012628).
- ASoC: amd: Fix reference to PCM buffer address (bsc#1012628).
- ASoC: xilinx: Fix reference to PCM buffer address (bsc#1012628).
- ASoC: uniphier: Fix reference to PCM buffer address
(bsc#1012628).
- ASoC: tlv320aic31xx: Fix jack detection after suspend
(bsc#1012628).
- ASoC: kirkwood: Fix reference to PCM buffer address
(bsc#1012628).
- ASoC: intel: atom: Fix reference to PCM buffer address
(bsc#1012628).
- i2c: dev: zero out array used for i2c reads from userspace
(bsc#1012628).
- cifs: Handle race conditions during rename (bsc#1012628).
- cifs: create sd context must be a multiple of 8 (bsc#1012628).
- cifs: Call close synchronously during unlink/rename/lease break
(bsc#1012628).
- cifs: use the correct max-length for dentry_path_raw()
(bsc#1012628).
- io_uring: drop ctx->uring_lock before flushing work item
(bsc#1012628).
- io_uring: fix ctx-exit io_rsrc_put_work() deadlock
(bsc#1012628).
- scsi: lpfc: Move initialization of phba->poll_list earlier to
avoid crash (bsc#1012628).
- cgroup: rstat: fix A-A deadlock on 32bit around u64_stats_sync
(bsc#1012628).
- seccomp: Fix setting loaded filter count during TSYNC
(bsc#1012628).
- net: wwan: mhi_wwan_ctrl: Fix possible deadlock (bsc#1012628).
- net: ethernet: ti: cpsw: fix min eth packet size for non-switch
use-cases (bsc#1012628).
- ARC: fp: set FPU_STATUS.FWE to enable FPU_STATUS update on
context switch (bsc#1012628).
- ceph: reduce contention in ceph_check_delayed_caps()
(bsc#1012628).
- pinctrl: k210: Fix k210_fpioa_probe() (bsc#1012628).
- ACPI: NFIT: Fix support for virtual SPA ranges (bsc#1012628).
- libnvdimm/region: Fix label activation vs errors (bsc#1012628).
- riscv: kexec: do not add '-mno-relax' flag if compiler doesn't
support it (bsc#1012628).
- vmlinux.lds.h: Handle clang's module.{c,d}tor sections
(bsc#1012628).
- drm/i915/gvt: Fix cached atomics setting for Windows VM
(bsc#1012628).
- drm/i915/display: Fix the 12 BPC bits for PIPE_MISC reg
(bsc#1012628).
- drm/amd/display: Remove invalid assert for ODM + MPC case
(bsc#1012628).
- drm/amd/display: use GFP_ATOMIC in amdgpu_dm_irq_schedule_work
(bsc#1012628).
- drm/amdgpu: Add preferred mode in modeset when freesync video
mode's enabled (bsc#1012628).
- drm/amdgpu: don't enable baco on boco platforms in runpm
(bsc#1012628).
- drm/amdgpu: handle VCN instances when harvesting (v2)
(bsc#1012628).
- ieee802154: hwsim: fix GPF in hwsim_set_edge_lqi (bsc#1012628).
- ieee802154: hwsim: fix GPF in hwsim_new_edge_nl (bsc#1012628).
- drm/mediatek: Fix cursor plane no update (bsc#1012628).
- pinctrl: mediatek: Fix fallback behavior for bias_set_combo
(bsc#1012628).
- ASoC: cs42l42: Correct definition of ADC Volume control
(bsc#1012628).
- ASoC: cs42l42: Don't allow SND_SOC_DAIFMT_LEFT_J (bsc#1012628).
- ASoC: cs42l42: Fix bclk calculation for mono (bsc#1012628).
- selftests/sgx: Fix Q1 and Q2 calculation in sigstruct.c
(bsc#1012628).
- ASoC: SOF: Intel: Kconfig: fix SoundWire dependencies
(bsc#1012628).
- ASoC: SOF: Intel: hda-ipc: fix reply size checking
(bsc#1012628).
- ASoC: cs42l42: Fix inversion of ADC Notch Switch control
(bsc#1012628).
- ASoC: cs42l42: Remove duplicate control for WNF filter frequency
(bsc#1012628).
- netfilter: nf_conntrack_bridge: Fix memory leak when error
(bsc#1012628).
- pinctrl: tigerlake: Fix GPIO mapping for newer version of
software (bsc#1012628).
- ASoC: cs42l42: PLL must be running when changing MCLK_SRC_SEL
(bsc#1012628).
- ASoC: cs42l42: Fix LRCLK frame start edge (bsc#1012628).
- ASoC: cs42l42: Fix mono playback (bsc#1012628).
- net: dsa: mt7530: add the missing RxUnicast MIB counter
(bsc#1012628).
- net: mvvp2: fix short frame size on s390 (bsc#1012628).
- platform/x86: pcengines-apuv2: Add missing terminating entries
to gpio-lookup tables (bsc#1012628).
- perf/x86/intel: Apply mid ACK for small core (bsc#1012628).
- drm/amd/pm: Fix a memory leak in an error handling path in
'vangogh_tables_init()' (bsc#1012628).
- libbpf: Fix probe for BPF_PROG_TYPE_CGROUP_SOCKOPT
(bsc#1012628).
- libbpf: Do not close un-owned FD 0 on errors (bsc#1012628).
- net: dsa: qca: ar9331: make proper initial port defaults
(bsc#1012628).
- net: phy: micrel: Fix link detection on ksz87xx switch"
(bsc#1012628).
- ppp: Fix generating ifname when empty IFLA_IFNAME is specified
(bsc#1012628).
- io_uring: clear TIF_NOTIFY_SIGNAL when running task work
(bsc#1012628).
- net/smc: fix wait on already cleared link (bsc#1012628).
- net/smc: Correct smc link connection counter in case of smc
client (bsc#1012628).
- net: sched: act_mirred: Reset ct info when mirror/redirect skb
(bsc#1012628).
- ice: Prevent probing virtual functions (bsc#1012628).
- ice: Stop processing VF messages during teardown (bsc#1012628).
- ice: don't remove netdev->dev_addr from uc sync list
(bsc#1012628).
- iavf: Set RSS LUT and key in reset handle path (bsc#1012628).
- psample: Add a fwd declaration for skbuff (bsc#1012628).
- bareudp: Fix invalid read beyond skb's linear data
(bsc#1012628).
- io-wq: fix bug of creating io-wokers unconditionally
(bsc#1012628).
- io-wq: fix IO_WORKER_F_FIXED issue in create_io_worker()
(bsc#1012628).
- net/mlx5: Don't skip subfunction cleanup in case of error in
module init (bsc#1012628).
- net/mlx5: DR, Add fail on error check on decap (bsc#1012628).
- net/mlx5e: Avoid creating tunnel headers for local route
(bsc#1012628).
- net/mlx5e: Destroy page pool after XDP SQ to fix use-after-free
(bsc#1012628).
- net/mlx5: Block switchdev mode while devlink traps are active
(bsc#1012628).
- net/mlx5e: TC, Fix error handling memory leak (bsc#1012628).
- net/mlx5: Synchronize correct IRQ when destroying CQ
(bsc#1012628).
- net/mlx5: Fix return value from tracer initialization
(bsc#1012628).
- drm/meson: fix colour distortion from HDR set during vendor
u-boot (bsc#1012628).
- ovl: fix deadlock in splice write (bsc#1012628).
- bpf: Fix potentially incorrect results with
bpf_get_local_storage() (bsc#1012628).
- net: dsa: microchip: Fix ksz_read64() (bsc#1012628).
- net: dsa: microchip: ksz8795: Fix PVID tag insertion
(bsc#1012628).
- net: dsa: microchip: ksz8795: Reject unsupported VLAN
configuration (bsc#1012628).
- net: dsa: microchip: ksz8795: Fix VLAN untagged flag change
on deletion (bsc#1012628).
- net: dsa: microchip: ksz8795: Use software untagging on CPU port
(bsc#1012628).
- net: dsa: microchip: ksz8795: Fix VLAN filtering (bsc#1012628).
- net: dsa: microchip: ksz8795: Don't use phy_port_cnt in VLAN
table lookup (bsc#1012628).
- net: Fix memory leak in ieee802154_raw_deliver (bsc#1012628).
- net: igmp: fix data-race in igmp_ifc_timer_expire()
(bsc#1012628).
- net: dsa: hellcreek: fix broken backpressure in .port_fdb_dump
(bsc#1012628).
- net: dsa: lan9303: fix broken backpressure in .port_fdb_dump
(bsc#1012628).
- net: dsa: lantiq: fix broken backpressure in .port_fdb_dump
(bsc#1012628).
- net: dsa: sja1105: fix broken backpressure in .port_fdb_dump
(bsc#1012628).
- pinctrl: sunxi: Don't underestimate number of functions
(bsc#1012628).
- net: bridge: fix flags interpretation for extern learn fdb
entries (bsc#1012628).
- net: bridge: fix memleak in br_add_if() (bsc#1012628).
- net: linkwatch: fix failure to restore device state across
suspend/resume (bsc#1012628).
- tcp_bbr: fix u32 wrap bug in round logic if bbr_init() called
after 2B packets (bsc#1012628).
- net: igmp: increase size of mr_ifc_count (bsc#1012628).
- drm/i915: Only access SFC_DONE when media domain is not fused
off (bsc#1012628).
- xen/events: Fix race in set_evtchn_to_irq (bsc#1012628).
- vsock/virtio: avoid potential deadlock when vsock device remove
(bsc#1012628).
- nbd: Aovid double completion of a request (bsc#1012628).
- arm64: efi: kaslr: Fix occasional random alloc (and boot)
failure (bsc#1012628).
- KVM: arm64: Fix off-by-one in range_is_memory (bsc#1012628).
- efi/libstub: arm64: Force Image reallocation if BSS was not
reserved (bsc#1012628).
- efi/libstub: arm64: Relax 2M alignment again for relocatable
kernels (bsc#1012628).
- powerpc/kprobes: Fix kprobe Oops happens in booke (bsc#1012628).
- i2c: iproc: fix race between client unreg and tasklet
(bsc#1012628).
- x86/tools: Fix objdump version check again (bsc#1012628).
- genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP (bsc#1012628).
- x86/msi: Force affinity setup before startup (bsc#1012628).
- x86/ioapic: Force affinity setup before startup (bsc#1012628).
- x86/resctrl: Fix default monitoring groups reporting
(bsc#1012628).
- genirq/msi: Ensure deactivation on teardown (bsc#1012628).
- genirq/timings: Prevent potential array overflow in
__irq_timings_store() (bsc#1012628).
- powerpc/interrupt: Fix OOPS by not calling do_IRQ() from
timer_interrupt() (bsc#1012628).
- PCI/MSI: Enable and mask MSI-X early (bsc#1012628).
- PCI/MSI: Mask all unused MSI-X entries (bsc#1012628).
- PCI/MSI: Enforce that MSI-X table entry is masked for update
(bsc#1012628).
- PCI/MSI: Enforce MSI[X] entry updates to be visible
(bsc#1012628).
- PCI/MSI: Do not set invalid bits in MSI mask (bsc#1012628).
- PCI/MSI: Correct misleading comments (bsc#1012628).
- PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() (bsc#1012628).
- PCI/MSI: Protect msi_desc::masked for multi-MSI (bsc#1012628).
- powerpc/interrupt: Do not call single_step_exception() from
other exceptions (bsc#1012628).
- powerpc/pseries: Fix update of LPAR security flavor after LPM
(bsc#1012628).
- powerpc/32s: Fix napping restore in data storage interrupt (DSI)
(bsc#1012628).
- powerpc/smp: Fix OOPS in topology_init() (bsc#1012628).
- powerpc/xive: Do not skip CPU-less nodes when creating the IPIs
(bsc#1012628).
- powerpc/32: Fix critical and debug interrupts on BOOKE
(bsc#1012628).
- efi/libstub: arm64: Double check image alignment at entry
(bsc#1012628).
- locking/rtmutex: Use the correct rtmutex debugging config option
(bsc#1012628).
- KVM: VMX: Use current VMCS to query WAITPKG support for MSR
emulation (bsc#1012628).
- KVM: nVMX: Use vmx_need_pf_intercept() when deciding if L0
wants a #PF (bsc#1012628).
- KVM: x86/mmu: Don't leak non-leaf SPTEs when zapping all SPTEs
(bsc#1012628).
- KVM: x86/mmu: Protect marking SPs unsync when using TDP MMU
with spinlock (bsc#1012628).
- ceph: add some lockdep assertions around snaprealm handling
(bsc#1012628).
- ceph: clean up locking annotation for ceph_get_snap_realm and
__lookup_snap_realm (bsc#1012628).
- ceph: take snap_empty_lock atomically with snaprealm refcount
change (bsc#1012628).
- kasan, slub: reset tag when printing address (bsc#1012628).
- KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl
(CVE-2021-3653) (bsc#1012628).
- KVM: nSVM: always intercept VMLOAD/VMSAVE when nested
(CVE-2021-3656) (bsc#1012628).
- commit e7679db
++++ kmod:
- Display module information even for modules built into the running kernel
(bsc#1189537).
+ libkmod-Provide-info-even-for-modules-built-into-the.patch
++++ libxcrypt:
- Update to 4.4.25
* Fix several issues found by Covscan in the testsuite. These include:
- CWE-170: String not null terminated (STRING_NULL)
- CWE-188: Reliance on integer endianness (INCOMPATIBLE_CAST)
- CWE-190: Unintentional integer overflow (OVERFLOW_BEFORE_WIDEN)
- CWE-569: Wrong sizeof argument (SIZEOF_MISMATCH)
- CWE-573: Missing varargs init or cleanup (VARARGS)
- CWE-687: Argument cannot be negative (NEGATIVE_RETURNS)
* Stricter checking of invalid salt characters (issue #135).
++++ mozilla-nss:
- Update nss-fips-constructor-self-tests.patch to fix crashes
reported by upstream. This was likely affecting WebRTC calls.
++++ pango:
- Update to version 1.48.9:
+ Don't require a newly attached buffer to apply state.
+ Fix upside-down Xshape surface with EGLstream.
+ Misc. bug fixes and cleanups.
+ Updated translations.
++++ shadow:
- libsubid-devel: add missing requires for libsubid3
- Remove README.changes-pwdutils, all distros you can upgrade from
use already shadow
- login.defs: Enable USERGROUPS_ENAB and CREATE_HOME to
be compatible with other Linux distros and the other tools
creating user accounts in use on openSUSE. Set HOME_MODE to 700
for security reasons and compatibility. [bsc#1189139] [bsc#1182850]
++++ vim:
- Disable unreliable tests also on riscv64
- disable-unreliable-tests-arch.patch: also disable test_vim9_func
------------------------------------------------------------------
------------------ 2021-8-17 - Aug 17 2021 -------------------
------------------------------------------------------------------
++++ ansible:
- Update to 2.9.25
++++ kernel-default:
- Bluetooth: btusb: Add support for Foxconn Mediatek Chip
(bsc#1188064).
- Bluetooth: btusb: Add support for IMC Networks Mediatek Chip
(bsc#1188064).
- Bluetooth: btusb: Add support for Foxconn Mediatek Chip
(bsc#1188064).
- Bluetooth: btusb: Add support for IMC Networks Mediatek Chip
(bsc#1188064).
- Bluetooth: btusb: Add support for Lite-On Mediatek Chip
(bsc#1188064).
- commit 3cfd9ab
++++ shadow:
- Update to 4.9:
* Updated translations
* Major salt updates
* Various coverity and cleanup fixes
* Consistently use 0 to disable PASS_MIN_DAYS in man
* Implement NSS support for subids and a libsubid
* setfcap: retain setfcap when mapping uid 0
* login.defs: include HMAC_CRYPTO_ALGO key
* selinux fixes
* Fix path prefix path handling
* Manpage updates
* Treat an empty passwd field as invalid(Haelwenn Monnier)
* newxidmap: allow running under alternative gid
* usermod: check that shell is executable
* Add yescript support
* useradd memleak fixes
* useradd: use built-in settings by default
* getdefs: add foreign
* buffer overflow fixes
* Adding run-parts style for pre and post useradd/del
- Refresh:
* shadow-login_defs-unused-by-pam.patch
* userdel-script.patch
* useradd-script.patch
* chkname-regex.patch
* useradd-default.patch: bbf4b79 stopped shipping default file.
change group in code now.
* shadow-login_defs-suse.patch
* useradd-userkeleton.patch
- Remove because upstreamed:
* shadow-4.1.5.1-userdel-helpfix.patch
* shadow-4.1.5.1-logmsg.patch
- Add libsubid-build-fix.patch:
See https://github.com/shadow-maint/shadow/issues/387
- Add shadow-libeconf-include.patch:
See c6847011e8b656adacd9a0d2a78418cad0de34cb
- Add shadow-fix-sigabrt.patch:
See https://github.com/shadow-maint/shadow/issues/394
- Add shadow-passwd-handle-null.patch [bsc#1188307]:
See https://github.com/shadow-maint/shadow/pull/398
- Remove %{_sysconfdir}/default/useradd: file not shipped anymore
- Remove --disable-shared: Dont need it anymore
See https://github.com/shadow-maint/shadow/issues/336
++++ selinux-policy:
- Allow systemd-sysctl to read kernel specific sysctl.conf
(fix_kernel_sysctl.patch, boo#1184804)
------------------------------------------------------------------
------------------ 2021-8-16 - Aug 16 2021 -------------------
------------------------------------------------------------------
++++ audit-secondary:
- harden_auditd.service.patch: automatic hardening applied to systemd
services
++++ dracut:
- Update to version 055+suse.117.ge5fc2048:
* fix(suse-initrd): need to handle relative links too
++++ grep:
- Update to grep 3.7
* Preprocessing N patterns would take at least O(N^2) time when too many
patterns hashed to too few buckets
- werror-return-type.patch, gnulib-c-stack.patch: Removed
- Skip stack overflow tests in qemu build
++++ kernel-default:
- kernel-binary.spec: Require dwarves for kernel-binary-devel when BTF is
enabled (jsc#SLE-17288).
About the pahole version: v1.18 should be bare mnimum, v1.22 should be
fully functional, for now we ship git snapshot with fixes on top of
v1.21.
- commit 8ba3382
- Update to 5.14-rc6
- refresh configs
- drop MQ_IOSCHED_DEADLINE_CGROUP
- commit 17c8c26
++++ kernel-firmware:
- Update to version 20210812 (git commit 24c4a85d8514):
* amdgpu: revert back to older raven2 sdma firmware
* amdgpu: revert back to older raven sdma firmware
* amdgpu: revert back to older picasso sdma firmware
* amdgpu: add initial vangogh support
* amdgpu: update vega20 firmware from 21.30
* amdgpu: update vega12 firmware from 21.30
* amdgpu: update vega10 firmware from 21.30
* amdgpu: update renoir firmware from 21.30
* amdgpu: update raven2 firmware from 21.30
* amdgpu: update raven firmware from 21.30
* amdgpu: update polaris12 firmware from 21.30
* amdgpu: update picasso firmware from 21.30
* amdgpu: update dimgrey cavefish firmware from 21.30
* amdgpu: update navy flounder firmware from 21.30
* amdgpu: update sienna cichlid firmware from 21.30
* amdgpu: update navi14 firmware from 21.30
* amdgpu: update navi12 firmware from 21.30
* amdgpu: update navi10 firmware from 21.30
* amdgpu: update green sardine firmware from 21.30
* amdgpu: update arcturus firmware from 21.30
* linux-firmware: Update firmware file for Intel Bluetooth AX210
* linux-firmware: update frimware for mediatek bluetooth chip (MT7921)
* linux-firmware: add firmware for MT7922
* QCA : Updated firmware files for WCN3991
* i915: Add v2.03 DMC for RKL
* i915: Add v2.12 DMC for TGL
* qca: Add firmware files for BT chip WCN6750.
++++ ncurses:
- Add ncurses patch 20210814
+ add workaround for broken pcre2 package in Debian 10, from xterm #369.
- Correct offsets of patch ncurses-6.2.dif
++++ libnsl:
- Update to version 2.0.0
- Remove NIS+ code
- Bump soversion to 3
++++ python-semanage:
- Call "make -j8 pywrap" instead of "make -j8 all pywrap" to fix random
build failures. The toplevel Makefile does not support concurrency,
and it resulted in parallel "make all" and "make pywrap" which weren't
aware of each other and stepped over the other's artifacts.
------------------------------------------------------------------
------------------ 2021-8-15 - Aug 15 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Linux 5.13.11 (bsc#1012628).
- ovl: prevent private clone if bind mount is not allowed
(bsc#1012628).
- ppp: Fix generating ppp unit id when ifname is not specified
(bsc#1012628).
- ALSA: hda: Add quirk for ASUS Flow x13 (bsc#1012628).
- ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 650
G8 Notebook PC (bsc#1012628).
- ALSA: pcm: Fix mmap breakage without explicit buffer setup
(bsc#1012628).
- bpf: Add lockdown check for probe_write_user helper
(bsc#1012628).
- firmware: tee_bnxt: Release TEE shm, session, and context
during kexec (bsc#1012628).
- commit 97e7098
++++ schily:
- Update to release 2021.08.14
* A new test was added to check whether SIGSTKSZ is a constant.
* smake: While expanding the right side of a macro assignment with
the operators :::= and +:=, smake no longer expands $$ to $, but
rather leaves $$ untouched.
* smake: The dynamic macros $? and $^ now work for implicit rules
as well.
- Add schily-stksz.diff
++++ libepoxy:
- Update to version 1.5.9:
+ Allow libopengl.so to be used when GLX_LIB is missing.
++++ libgudev:
- Update to version 237:
+ Fix reading double precision floats from sysfs attributes in
locales that use comma as a separator
+ Fix compilation warning
+ Fix headers to help with build reproducibility
+ Clarify licensing information
- Changes from version 236:
+ Fix meson project name to match autotools.
- Changes from version 235:
+ Port build system to meson and remove autotools
+ Fix conversion of sysfs attributes to boolean.
- Add meson BuildRequires and macros following upstreams port.
- Enable pkgconfig(umockdev-1.0) BuildRequires and test macro.
- Update Licence tag to LGPL-2.1-or-later.
------------------------------------------------------------------
------------------ 2021-8-13 - Aug 13 2021 -------------------
------------------------------------------------------------------
++++ cockpit-machines:
- new version 249.1
https://github.com/cockpit-project/cockpit-machines/releases/tag/249
++++ cockpit-podman:
- new version 33
https://github.com/cockpit-project/cockpit-podman/releases/tag/33
- fix_dependencies.patch no longer needed
++++ kernel-default:
- bpf: Fix integer overflow involving bucket_size (bsc#1189233,
CVE#CVE-2021-38166).
- commit fcfea2b
- Linux 5.13.10 (bsc#1012628).
- Revert "ACPICA: Fix memory leak caused by _CID repair function"
(bsc#1012628).
- ALSA: seq: Fix racy deletion of subscriber (bsc#1012628).
- bus: ti-sysc: Fix gpt12 system timer issue with reserved status
(bsc#1012628).
- net: xfrm: fix memory leak in xfrm_user_rcv_msg (bsc#1012628).
- arm64: dts: ls1028a: fix node name for the sysclk (bsc#1012628).
- dmaengine: idxd: fix array index when int_handles are being used
(bsc#1012628).
- dmaengine: idxd: fix setup sequence for MSIXPERM table
(bsc#1012628).
- ARM: imx: add missing iounmap() (bsc#1012628).
- ARM: imx: add missing clk_disable_unprepare() (bsc#1012628).
- ARM: dts: imx6qdl-sr-som: Increase the PHY reset duration to
10ms (bsc#1012628).
- Revert "soc: imx8m: change to use platform driver"
(bsc#1012628).
- dmaengine: idxd: fix desc->vector that isn't being updated
(bsc#1012628).
- dmaengine: idxd: fix sequence for pci driver remove() and
shutdown() (bsc#1012628).
- dmaengine: idxd: fix submission race window (bsc#1012628).
- arm64: dts: ls1028: sl28: fix networking for variant 2
(bsc#1012628).
- ARM: dts: colibri-imx6ull: limit SDIO clock to 25MHz
(bsc#1012628).
- ARM: imx: fix missing 3rd argument in macro imx_mmdc_perf_init
(bsc#1012628).
- ARM: dts: imx: Swap M53Menlo
pinctrl_power_button/pinctrl_power_out pins (bsc#1012628).
- arm64: dts: armada-3720-turris-mox: fixed indices for the SDHC
controllers (bsc#1012628).
- ext4: fix potential uninitialized access to retval in kmmpd
(bsc#1012628).
- arm64: dts: armada-3720-turris-mox: remove mrvl,i2c-fast-mode
(bsc#1012628).
- ALSA: usb-audio: fix incorrect clock source setting
(bsc#1012628).
- riscv: stacktrace: Fix NULL pointer dereference (bsc#1012628).
- clk: stm32f4: fix post divisor setup for I2S/SAI PLLs
(bsc#1012628).
- ARM: dts: am437x-l4: fix typo in can@0 node (bsc#1012628).
- omap5-board-common: remove not physically existing vdds_1v8_main
fixed-regulator (bsc#1012628).
- dmaengine: uniphier-xdmac: Use readl_poll_timeout_atomic()
in atomic state (bsc#1012628).
- clk: tegra: Implement disable_unused() of
tegra_clk_sdmmc_mux_ops (bsc#1012628).
- dmaengine: stm32-dma: Fix PM usage counter imbalance in stm32
dma ops (bsc#1012628).
- dmaengine: stm32-dmamux: Fix PM usage counter unbalance in
stm32 dmamux ops (bsc#1012628).
- spi: imx: mx51-ecspi: Reinstate low-speed CONFIGREG delay
(bsc#1012628).
- spi: imx: mx51-ecspi: Fix low-speed CONFIGREG delay calculation
(bsc#1012628).
- drm/kmb: Enable LCD DMA for low TVDDCV (bsc#1012628).
- media: videobuf2-core: dequeue if start_streaming fails
(bsc#1012628).
- ARM: dts: stm32: Prefer HW RTC on DHCOM SoM (bsc#1012628).
- ARM: dts: stm32: Disable LAN8710 EDPD on DHCOM (bsc#1012628).
- ARM: dts: stm32: Fix touchscreen IRQ line assignment on DHCOM
(bsc#1012628).
- dmaengine: imx-dma: configure the generic DMA type to make it
work (bsc#1012628).
- net, gro: Set inner transport header offset in tcp/udp GRO hook
(bsc#1012628).
- net: dsa: sja1105: overwrite dynamic FDB entries with static
ones in .port_fdb_add (bsc#1012628).
- net: dsa: sja1105: invalidate dynamic FDB entries learned
concurrently with statically added ones (bsc#1012628).
- net: dsa: sja1105: ignore the FDB entry for unknown multicast
when adding a new address (bsc#1012628).
- net: dsa: sja1105: be stateless with FDB entries on
SJA1105P/Q/R/S/SJA1110 too (bsc#1012628).
- net: dsa: sja1105: match FDB entries regardless of inner/outer
VLAN tag (bsc#1012628).
- net: phy: micrel: Fix detection of ksz87xx switch (bsc#1012628).
- net: natsemi: Fix missing pci_disable_device() in probe and
remove (bsc#1012628).
- gpio: tqmx86: really make IRQ optional (bsc#1012628).
- RDMA/mlx5: Delay emptying a cache entry when a new MR is added
to it recently (bsc#1012628).
- net: bridge: validate the NUD_PERMANENT bit when adding an
extern_learn FDB entry (bsc#1012628).
- sctp: move the active_key update after sh_keys is added
(bsc#1012628).
- drm/i915: Call i915_globals_exit() if pci_register_device()
fails (bsc#1012628).
- nfp: update ethtool reporting of pauseframe control
(bsc#1012628).
- net: ipv6: fix returned variable type in ip6_skb_dst_mtu
(bsc#1012628).
- RDMA/hns: Fix the double unlock problem of poll_sem
(bsc#1012628).
- net: dsa: qca: ar9331: reorder MDIO write sequence
(bsc#1012628).
- riscv: Disable STACKPROTECTOR_PER_TASK if GCC_PLUGIN_RANDSTRUCT
is enabled (bsc#1012628).
- net: sched: fix lockdep_set_class() typo error for sch->seqlock
(bsc#1012628).
- drm/i915: fix i915_globals_exit() section mismatch error
(bsc#1012628).
- MIPS: check return value of pgtable_pmd_page_ctor (bsc#1012628).
- x86/tools/relocs: Fix non-POSIX regexp (bsc#1012628).
- mips: Fix non-POSIX regexp (bsc#1012628).
- kbuild: cancel sub_make_done for the install target to fix DKMS
(bsc#1012628).
- bnx2x: fix an error code in bnx2x_nic_load() (bsc#1012628).
- net: ethernet: ti: am65-cpsw: fix crash in
am65_cpsw_port_offload_fwd_mark_update() (bsc#1012628).
- net: pegasus: fix uninit-value in get_interrupt_interval
(bsc#1012628).
- net: fec: fix use-after-free in fec_drv_remove (bsc#1012628).
- net: vxge: fix use-after-free in vxge_device_unregister
(bsc#1012628).
- blk-iolatency: error out if blk_get_queue() failed in
iolatency_set_limit() (bsc#1012628).
- Bluetooth: defer cleanup of resources in hci_unregister_dev()
(bsc#1012628).
- io-wq: fix no lock protection of acct->nr_worker (bsc#1012628).
- io-wq: fix lack of acct->nr_workers < acct->max_workers
judgement (bsc#1012628).
- USB: usbtmc: Fix RCU stall warning (bsc#1012628).
- USB: serial: option: add Telit FD980 composition 0x1056
(bsc#1012628).
- USB: serial: ch341: fix character loss at high transfer rates
(bsc#1012628).
- USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2
(bsc#1012628).
- USB: serial: pl2303: fix HX type detection (bsc#1012628).
- USB: serial: pl2303: fix GT type detection (bsc#1012628).
- firmware_loader: use -ETIMEDOUT instead of -EAGAIN in
fw_load_sysfs_fallback (bsc#1012628).
- firmware_loader: fix use-after-free in firmware_fallback_sysfs
(bsc#1012628).
- drm/amdgpu: fix checking pmops when PM_SLEEP is not enabled
(bsc#1012628).
- drm/amdgpu/display: fix DMUB firmware version info
(bsc#1012628).
- ALSA: pcm - fix mmap capability check for the snd-dummy driver
(bsc#1012628).
- ALSA: hda/realtek: add mic quirk for Acer SF314-42
(bsc#1012628).
- ALSA: hda/realtek: Fix headset mic for Acer SWIFT SF314-56
(ALC256) (bsc#1012628).
- ALSA: usb-audio: Fix superfluous autosuspend recovery
(bsc#1012628).
- ALSA: usb-audio: Add registration quirk for JBL Quantum 600
(bsc#1012628).
- ALSA: usb-audio: Avoid unnecessary or invalid connector
selection at resume (bsc#1012628).
- usb: dwc3: gadget: Use list_replace_init() before traversing
lists (bsc#1012628).
- usb: dwc3: gadget: Avoid runtime resume if disabling pullup
(bsc#1012628).
- usb: gadget: remove leaked entry from udc driver list
(bsc#1012628).
- usb: cdns3: Fixed incorrect gadget state (bsc#1012628).
- usb: cdnsp: Fixed issue with ZLP (bsc#1012628).
- usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers
(bsc#1012628).
- usb: gadget: f_hid: fixed NULL pointer dereference
(bsc#1012628).
- usb: gadget: f_hid: idle uses the highest byte for duration
(bsc#1012628).
- usb: host: ohci-at91: suspend/resume ports after/before OHCI
accesses (bsc#1012628).
- usb: typec: tcpm: Keep other events when receiving FRS and
Sourcing_vbus events (bsc#1012628).
- usb: otg-fsm: Fix hrtimer list corruption (bsc#1012628).
- clk: fix leak on devm_clk_bulk_get_all() unwind (bsc#1012628).
- scripts/tracing: fix the bug that can't parse raw_trace_func
(bsc#1012628).
- tracing / histogram: Give calculation hist_fields a size
(bsc#1012628).
- tracing: Reject string operand in the histogram expression
(bsc#1012628).
- tracing: Fix NULL pointer dereference in start_creating
(bsc#1012628).
- tracepoint: static call: Compare data on transition from 2->1
callees (bsc#1012628).
- tracepoint: Fix static call function vs data state mismatch
(bsc#1012628).
- tracepoint: Use rcu get state and cond sync for static call
updates (bsc#1012628).
- arm64: stacktrace: avoid tracing arch_stack_walk()
(bsc#1012628).
- optee: Clear stale cache entries during initialization
(bsc#1012628).
- tee: add tee_shm_alloc_kernel_buf() (bsc#1012628).
- tee: Correct inappropriate usage of TEE_SHM_DMA_BUF flag
(bsc#1012628).
- optee: Fix memory leak when failing to register shm pages
(bsc#1012628).
- optee: Refuse to load the driver under the kdump kernel
(bsc#1012628).
- optee: fix tee out of memory failure seen during kexec reboot
(bsc#1012628).
- tpm_ftpm_tee: Free and unregister TEE shared memory during kexec
(bsc#1012628).
- staging: rtl8723bs: Fix a resource leak in sd_int_dpc
(bsc#1012628).
- staging: rtl8712: get rid of flush_scheduled_work (bsc#1012628).
- staging: rtl8712: error handling refactoring (bsc#1012628).
- drivers core: Fix oops when driver probe fails (bsc#1012628).
- media: rtl28xxu: fix zero-length control request (bsc#1012628).
- pipe: increase minimum default pipe size to 2 pages
(bsc#1012628).
- ext4: fix potential htree corruption when growing large_dir
directories (bsc#1012628).
- Revert "thunderbolt: Hide authorized attribute if router does
not support PCIe tunnels" (bsc#1012628).
- serial: tegra: Only print FIFO error message when an error
occurs (bsc#1012628).
- serial: 8250_mtk: fix uart corruption issue when rx power off
(bsc#1012628).
- serial: 8250: Mask out floating 16/32-bit bus bits
(bsc#1012628).
- serial: 8250: fix handle_irq locking (bsc#1012628).
- MIPS: Malta: Do not byte-swap accesses to the CBUS UART
(bsc#1012628).
- serial: 8250_pci: Enumerate Elkhart Lake UARTs via dedicated
driver (bsc#1012628).
- serial: 8250_pci: Avoid irq sharing for MSI(-X) interrupts
(bsc#1012628).
- fpga: dfl: fme: Fix cpu hotplug issue in performance reporting
(bsc#1012628).
- timers: Move clearing of base::timer_running under base:: Lock
(bsc#1012628).
- virt: acrn: Do hcall_destroy_vm() before resource release
(bsc#1012628).
- perf: Fix required permissions if sigtrap is requested
(bsc#1012628).
- xfrm: Fix RCU vs hash_resize_mutex lock inversion (bsc#1012628).
- net/xfrm/compat: Copy xfrm_spdattr_type_t atributes
(bsc#1012628).
- pcmcia: i82092: fix a null pointer dereference bug
(bsc#1012628).
- scsi: ibmvfc: Fix command state accounting and stale response
detection (bsc#1012628).
- selinux: correct the return value when loads initial sids
(bsc#1012628).
- bus: ti-sysc: AM3: RNG is GP only (bsc#1012628).
- Revert "gpio: mpc8xxx: change the gpio interrupt
flags." (bsc#1012628).
- arm64: fix compat syscall return truncation (bsc#1012628).
- ARM: omap2+: hwmod: fix potential NULL pointer access
(bsc#1012628).
- md/raid10: properly indicate failure when ending a failed
write request (bsc#1012628).
- io-wq: fix race between worker exiting and activating free
worker (bsc#1012628).
- s390/dasd: fix use after free in dasd path handling
(bsc#1012628).
- KVM: x86: accept userspace interrupt only if no event is
injected (bsc#1012628).
- KVM: SVM: Fix off-by-one indexing when nullifying last used
SEV VMCB (bsc#1012628).
- KVM: Do not leak memory for duplicate debugfs directories
(bsc#1012628).
- KVM: x86/mmu: Fix per-cpu counter corruption on 32-bit builds
(bsc#1012628).
- soc: ixp4xx: fix printing resources (bsc#1012628).
- interconnect: Fix undersized devress_alloc allocation
(bsc#1012628).
- usb: cdnsp: Fix the IMAN_IE_SET and IMAN_IE_CLEAR macro
(bsc#1012628).
- usb: cdnsp: Fix incorrect supported maximum speed (bsc#1012628).
- spi: meson-spicc: fix memory leak in meson_spicc_remove
(bsc#1012628).
- interconnect: Zero initial BW after sync-state (bsc#1012628).
- interconnect: Always call pre_aggregate before aggregate
(bsc#1012628).
- interconnect: qcom: icc-rpmh: Ensure floor BW is enforced for
all nodes (bsc#1012628).
- drm/i915: Correct SFC_DONE register offset (bsc#1012628).
- soc: ixp4xx/qmgr: fix invalid __iomem access (bsc#1012628).
- perf/x86/amd: Don't touch the AMD64_EVENTSEL_HOSTONLY bit
inside the guest (bsc#1012628).
- sched/rt: Fix double enqueue caused by rt_effective_prio
(bsc#1012628).
- riscv: dts: fix memory size for the SiFive HiFive Unmatched
(bsc#1012628).
- libata: fix ata_pio_sector for CONFIG_HIGHMEM (bsc#1012628).
- reiserfs: add check for root_inode in reiserfs_fill_super
(bsc#1012628).
- reiserfs: check directory items on read from disk (bsc#1012628).
- virt_wifi: fix error on connect (bsc#1012628).
- net: qede: Fix end of loop tests for list_for_each_entry
(bsc#1012628).
- alpha: Send stop IPI to send to online CPUs (bsc#1012628).
- net/qla3xxx: fix schedule while atomic in ql_wait_for_drvr_lock
and ql_adapter_reset (bsc#1012628).
- smb3: rc uninitialized in one fallocate path (bsc#1012628).
- drm/amdgpu/display: only enable aux backlight control for OLED
panels (bsc#1012628).
- platform/x86: gigabyte-wmi: add support for B550 Aorus Elite V2
(bsc#1012628).
- HID: ft260: fix device removal due to USB disconnect
(bsc#1012628).
- commit 37b568f
++++ multipath-tools:
- Spec file: remove compatibility code for SLE <= SLE15-SP2
++++ patterns-alp:
- initial version
++++ podman:
- Switch to crun (bsc#1188914)
------------------------------------------------------------------
------------------ 2021-8-12 - Aug 12 2021 -------------------
------------------------------------------------------------------
++++ dracut:
- Update to version 055+suse.115.gf65e559b:
* fix(suse-initrd): find links of usrmerged kernels (boo#1184804)
* fix(tpm2-tss): typo in depends()
* fix(suse-initrd): inform on usage of obsolete -f parameter (bsc#1187470)
- use manual mode in _service file
++++ multipath-tools:
- Update to version 0.8.6+32+suse.f11c192:
* libmultipath:fix compilation with glibc 2.34 (bsc#1189099)
* libmultipath: avoid buffer size warning with systemd 240+
(bsc#1189176)
* libmultipath: use uint64_t for sg_id.lun (bsc#1187534)
- Upstream bug fixes:
* multipath-tools: make HUAWEI/XSG1 config work with alua and multibus
* multipath-tools: add info about HPE Alletra 6000 and 9000
* multipathd: cli_getprkey(): fix return value and "aptpl" support
* multipathd: don't rescan_path on wwid change in uev_update_path
* kpartx: Don't leak memory when getblock returns NULL
* multipath: free vectors in configure
* multipathd: fix ev_remove_path return code handling
* multipathd: remove duplicate orphan_paths in flush_map
* multipathd: don't fail to remove path once the map is removed
* multipathd: fix compilation issue with liburcu < 0.8
++++ pango:
- Update to version 1.48.8:
+ Rename git `master` branch to `main`
+ Fix threadsafety issues with Thai
+ Fix a rounding problem on i386
+ Fix font choice for ellipsis
+ Fix a crash if no fonts are found.
- Drop 3ff6365.patch: Upstream have made various changes to the
offending commit.
++++ python310-core:
- test_faulthandler is still problematic under qemu linux-user emulation,
disable it there
++++ unbound:
- update to 1.13.2
Features
- Merge PR #317: ZONEMD Zone Verification, with RFC 8976 support.
ZONEMD records are checked for zones loaded as auth-zone,
with DNSSEC if available. There is an added option
zonemd-permissive-mode that makes it log but not fail wrong zones.
With zonemd-reject-absence for an auth-zone the presence of a
zonemd can be mandated for specific zones.
- Fix: Resolve interface names on control-interface too.
- Merge #470 from edevil: Allow configuration of persistent TCP
connections.
- Fix #474: always_null and others inside view.
- Add that log-servfail prints an IP address and more information
about one of the last failures for that query.
- Merge #478: Allow configuration of TCP timeout while waiting for
response.
- Add ./configure --with-deprecate-rsa-1024 that turns off RSA 1024.
- Move the NSEC3 max iterations count in line with the 150 value
used by BIND, Knot and PowerDNS. This sets the default value
for it in the configuration to 150 for all key sizes.
- zonemd-check: yesno option, default no, enables the processing
of ZONEMD records for that zone.
- Merge #486 by fobster: Make VAL_MAX_RESTART_COUNT configurable.
- Merge PR #491: Add SVCB and HTTPS types and handling according to
draft-ietf-dnsop-svcb-https.
- Introduce 'http-user-agent:' and 'hide-http-user-agent:' options.
Bug Fixes
- Fix for Python 3.9, no longer use deprecated functions of
PyEval_CallObject (now PyObject_Call), PyEval_InitThreads (now
none), PyParser_SimpleParseFile (now Py_CompileString).
- Merge PR #420 from dyunwei: DOH not responsing with
"http2_query_read_done failure" logged.
- Fix #422: IPv6 fallback issues when IPv6 is not properly
enabled/configured.
- Fix to make tests work with support indicators set for iterator.
- Fix build on Python 3.10.
- Fix doxygen and pydoc warnings.
- Fix #429: rpz: url: with https: broken (regression in 1.13.1).
- rpz skip nsec3param records, and nicer log for unsupported actions.
- Fix #431: Squelch permission denied errors for tcp connect
and udp connect from the logs, unless at high verbosity.
- Fix for zonemd, that nxdomain for the chain of trust is allowed
for island zones, it is treated as an insecure zone for verification.
- Fix for zonemd, that domain-insecure zones work without dnssec.
- Fix for zonemd, do not reject insecure result from trust anchor
validation step in dnssec chain of trust.
- On startup of unbound it checks if rlimits on memory size look
sufficient for the configured cache size, and logs warning if not.
- Fix function documentation.
- Fix unit test for added ulimit checks.
- spelling fix in header.
- Fix #384: (1) A minor request to improve the log (2) A minor bug in one
log message.
- ipsecmod: Better logging for detecting a cycle when attaching the
A/AAAA subquery.
- Merge PR #367 : DNSTAP log local address. With code from PR #365
and fixes #368 : dnstap does not log the DNS message ID for
FORWARDER_QUERY.
- Fix to allow rpz with wildcard that applies to all TLDs at once.
- Fix for #367: rc_ports don't have ub_sock; skip cleaning up.
- Fix spurious errors about "Could not generate request: out of
memory". The mesh detect cycle routine no longer wrongly stops
the check when the calling mesh state is unique.
- Workaround for #439: prevent loops in the reuse rbtree.
- Debug output for #411 and #439: printout internal error and details.
- Fix parse of LOC RR type for decimetres.
- Fix #441: Minimal NSEC range not accepted for top level domains.
- Fix for #447: squelch connection refused tcp connection failures
from the log, unless verbosity is high.
- Merge #449 from orbea: build: Add missing linker flags.
- Comment out nonworking OSX and IOS travis tests, vm fails to start.
- Fix compile error in listen_dnsport on Android.
- Fix memory leak reported by asan in rpz SOA record query name.
- Fix unused-function warning when compiling with --enable-dnscrypt.
- Fix for #367: fix memory leak when cannot bind to listening port.
- Reformat pythonmod/pythonmod_utils.{c,h}.
- Travis enable all tests again. Clang analyzer only a couple times,
when there is a difference. homebrew updates disabled, so it does
not hang. removed trailing slashes from configure paths. Moved iOS
tests to allow-failure.
- travis, analyzer disabled on test without debug, that does not
run anway. Turn off failing tests except one. Update iOS test
to xcode image 12.2.
- Fix deprecation test to work for iOS TVOS and WatchOS, it uses
CFLAGS and CPPFLAGS and also checks if the item is unavailable.
- Travis, fix script to fail when tasks fail.
- Travis, fix warning in ubsan compile.
- Fix configure Targetconfiditionals.h header check, to use compile.
- Fix that cachedb does not produce empty object files when disabled.
- Fix #429: Also fix end of transfer for http download of auth zones.
- Disable the use of stack-protector for cross compiled 32-bit windows
builds; relates to #444.
- Fix stack-protector change to not override other CFLAGS options.
- Clean makedist.sh.
- Merge #460 from orbea: build: Link with the libtool archive.
- Fix to stop IPv6 PMTU discovery.
- Fix for #411: Depth protect for crash on deleted element timeout.
- rebuild configure to set EXTRALINK to libunbound.la for #460.
- Fix permission denied sendto log, squelch the log messages
unless high verbosity is set.
- Fix (increase) verbosity level for iterator error log in
processQueryTargets().
- Fix that nxdomain synthesis does not happen above the stub or
forward definition.
- Fix documentation comment for files previously residing in checkconf/.
- Remove unused functions worker_handle_reply and libworker_handle_reply.
- Merge #466 from FGasper: Support OpenSSLs that lack
SSL_get0_alpn_selected.
- Fix #468: OpenSSL 1.0.1 can no longer build Unbound.
- Further fix for #468: detect SSL_CTX_set_alpn_protos for build with
OpenSSL 1.0.1.
- Fix that testcode dohclient has OpenSSL initialisation calls.
- Fix compiler warning for signed/unsigned comparison for
max_reuse_tcp_queries.
- Fix #481: Fix comment in configuration file.
- Fix to squelch tcp socket bind failures when the interface is gone.
- Rerun flex and bison.
- Fix for #367: only attempt to get the interface for queries that are no
longer on the tcp_waiting_list.
- Add more logging for out-of-memory cases.
- Fix #485: Unbound occasionally reports broken stats.
- Remove case fallthrough from deprecate-rsa-1024 code.
- Merge PR #487: ifdef RLIMIT_AS in recently added check.
- Fix that auth-zone zonefiles use last TTL if no TTL is specified.
- Fix #489: Compile using MSYS2 MinGW 64-bit.
- Fix for #411, #439, #469: Reset the DNS message ID when moving queries
between TCP streams.
- Refactor for uniform way to produce random DNS message IDs.
- Test code has -q option for quiet output.
- Fix #492: module-config respip missing in unbound.conf.5.in man
page. Merges #494 from he32.
- For #492: Fix font highlighting for the man page on emacs.
- Merge #496 from banburybill: Use build system endianness if
available, otherwise try to work it out.
- Fix test for zonemd-check option.
- Merge #448 from shoeper: Update unbound-control.8.in, fix
rpz_disable typo.
- Fix #425: Document auth-zone supports communication with DNS
primary on nondefault port.
- Fix unused variable warning when compiling with --enable-dnstap.
- Generated lexer and parser for #486; updated example.conf.
- Fix #413 (based on patch by k-ronny): unbound: does not compile
on macOS 11.1-x86_64 host.
- Use host_os instead of target_os in configure for Darwin8 build.
- Fix #500: SPEC file in version 1.13.1 references version 1.4;
unable to build RPM from source.
- Fix contrib/unbound.spec, fixed url and comment.
- Fix configure nonblocking test and onmingw test to use host.
- Merge #440 by kimheino: Various fixes to contrib/unbound_munin_ file.
- Fix a number of warnings reported by the gcc analyzer.
- Fix #495: Documentation or implementation of "verbosity" option.
- Fix #503: DNS over HTTPS response truncated.
- Fix warnings reported by the gcc analyzer.
- Add analyzer and port compile github workflow.
- Fix up permissions on rpl data file in tests.
- Fix testbound newline treatment in moment_read and tempfile write.
- Fix configure grep for reuseport default for failure.
- Fix compat ctime_r return value
- Fix configure does not require pkg-config if not needed.
- Fix unit test in the ctime_r calls for autotrust and in testbound.
- Fix auth zone download on windows to unlink before rename.
- Fix #506: Python Module Seems to Leak Memory if it Experiences an
Unhandled Exception.
- Fix Wunused-result compile warnings.
- Fix compiler warnings for #491.
- Fix clang-analysis warnings for testcode/readzone.c.
- Merge #510 from ndptech: Don't call a function which hasn't been
defined.
- Fix for #510: in depth, use ifdefs for windows api event calls.
- Fix spelling in doc/unbound.doxygen comment.
- Fix spelling in localzone.h comment.
- Fix unbound-control local_data and local_datas to print detailed
syntax errors.
- review fix to remove duplicate error printout.
- Insert header into testcode/readzone.c, it was missing.
- Fix from lint for ignored return value.
- Fix for older parsers for function call in serve expired get cached.
- Fix that ldns_zone_new_frm_fp_l counts the line number for an empty
line after a comment.
- Merge #512: unbound.service.in: upgrade hardening to latest
standards.
- Fix readzone unknown type print for memory resize.
- Merge #513: Stream reuse, attempt to fix #411, #439, #469. This
introduces a couple of fixes for the stream reuse functionality
that could result in broken internal structures.
- Fix #515: Compilation against openssl 3.0.0 beta2 is failing to
build unbound.
- For #515: Fix compilation with openssl 3.0.0 beta2, lib64 dir and
SSL_get_peer_certificate.
- Move acx_nlnetlabs.m4 to version 41, with lib64 openssl dir check.
- Prepare for OpenSSL 3.0.0 provider API usage, move the sldns
keyraw functions to produce EVP_PKEY results.
- Move RSA and DSA to use OpenSSL 3.0.0 API.
- Move ECDSA functions to use OpenSSL 3.0.0 API.
- iana portlist update.
- Fix verbose printout failure in tcp reuse unit test.
- Merge PR #517 from dyunwei: #420 breaks the mesh reply list
function that need to reuse the dns answer.
- Annotate assertion into error printout; we think it may be an
error, but the situation looks harmless.
- Fix sign comparison warning on FreeBSD.
- Listen to read or write events after the SSL handshake.
Sticky events on windows would stick on read when write was needed.
- Merge PR #415 from sibeream: Use
/proc/sys/net/ipv4/ip_local_port_range to determine available outgoing
ports. (New --enable-linux-ip-local-port-range configuration option)
- Bump MAX_RESTART_COUNT to 11 from 8; in relation to #438. This
allows longer CNAME chains in Unbound.
- In unit test use openssl set security level to allow keys in test.
- Fix static analysis warnings about localzone locks that are unused.
- Fix missing locks in zonemd unit test.
- Fix readzone compile under debug config.
- Fix out of sourcedir run of zonemd unit tests.
- Fix libnettle zonemd unit test.
- Fix unit test zonemd_reload for use in run_vm.
- Fix #520: Unbound 1.13.2rc1 fails to build python module.
++++ pam:
- pam_umask-usergroups-login_defs.patch: Deprecate pam_umask
explicit "usergroups" option and instead read it from login.def's
"USERGROUP_ENAB" option if umask is only defined there.
[bsc#1189139]
++++ python310:
- test_faulthandler is still problematic under qemu linux-user emulation,
disable it there
++++ python-pycairo:
- Add Obsoletes/Provides for python3-cairo-devel.
------------------------------------------------------------------
------------------ 2021-8-11 - Aug 11 2021 -------------------
------------------------------------------------------------------
++++ apparmor:
- add profiles-python-3.10-mr783.diff: update abstractions/python and
profiles for python 3.10
++++ cracklib:
- Drop --with-pic, as it has no effect with --disable-static.
++++ lvm2-device-mapper:
- Add lvm2-rpmlintrc where we skip all rpmlint issue for lvm2-testsuite package
(bsc#1179047).
++++ glibc:
- Don't create separate debuginfo packages for cross packages
- ldconfig-leak-empty-paths.patch: ldconfig: avoid leak on empty paths in
config file
- gconv-parseconfdir-memory-leak.patch: gconv_parseconfdir: Fix memory leak
- gaiconf-init-double-free.patch: gaiconf_init: Avoid double-free in label
and precedence lists
- copy-and-spawn-sgid-double-close.patch: copy_and_spawn_sgid: Avoid
double calls to close()
- icon-charmap-close-output.patch: iconv_charmap: Close output file when
done
- fcntl-time-bits-64-redirect.patch: Linux: Fix fcntl, ioctl, prctl
redirects for _TIME_BITS=64 (BZ #28182)
- librt-null-pointer.patch: librt: fix NULL pointer dereference (BZ
[#28213])
++++ kernel-default:
- README: Modernize build instructions.
- commit 8cc5c28
- rpm/kernel-obs-build.spec.in: make builds reproducible (bsc#1189305)
- commit 7f9ade7
- Revert "Revert "UsrMerge the kernel (boo#1184804)""
This reverts commit 999e6048a4cc6accd2653c9dccaaaff2f4ae8f86. By that,
we reverted the original commit 6f5ed044f52a. But the selinux problem is
hopefully fixed in the meantime, so it's time to try UsrMerge for kernel
again.
- Revert "Revert "UsrMerge the kernel (boo#1184804)""
This reverts commit b6ab3ded319fca797d007c541a190a308f940cf7. By that,
we reverted the original commit 6f5ed044f52a. But the two problems were
adressed in the meantime, so it's time to try UsrMerge for kernel again.
- commit 33df9c6
++++ libapparmor:
- add profiles-python-3.10-mr783.diff: update abstractions/python and
profiles for python 3.10
++++ lvm2:
- Add lvm2-rpmlintrc where we skip all rpmlint issue for lvm2-testsuite package
(bsc#1179047).
++++ python310-core:
- Update to 3.10.0rc1 (the penultimate prerelease), which contains
plenty of small bugfixes among others:
- bpo#38605: from __future__ import annotations (PEP 563) used to be
on this list in previous pre-releases but it has been postponed to
Python 3.11 due to some compatibility concerns.
- bpo-44600: Fix incorrect line numbers while tracing some failed
patterns in match statements. Patch by Charles Burkland.
- plenty of modifications in types.Union
++++ libvirt:
- supportconfig: When checking for installed hypervisor drivers,
use the libvirtr-daemon-driver-<hypervisor> package instead of
libvirt-daemon-<hypervisor>. The latter are not required packages
for a functioning hypervisor driver.
++++ salt:
- Fix failing unit test for systemd
- Fix error handling in openscap module (bsc#1188647)
- Better handling of bad public keys from minions (bsc#1189040)
- Added:
* better-handling-of-bad-public-keys-from-minions-bsc-.patch
* fix-error-handling-in-openscap-module-bsc-1188647-40.patch
* fix-failing-unit-tests-for-systemd.patch
++++ python310:
- Update to 3.10.0rc1 (the penultimate prerelease), which contains
plenty of small bugfixes among others:
- bpo#38605: from __future__ import annotations (PEP 563) used to be
on this list in previous pre-releases but it has been postponed to
Python 3.11 due to some compatibility concerns.
- bpo-44600: Fix incorrect line numbers while tracing some failed
patterns in match statements. Patch by Charles Burkland.
- plenty of modifications in types.Union
++++ python-pyzmq:
- Update to 22.2.1
* Nicer reprs of contexts and sockets
* Memory allocated by recv(copy=False) is no longer read-only
* asyncio: Always reference current loop instead of attaching to
the current loop at instantiation time. This fixes e.g. contexts
and/or sockets instantiated prior to a call to asyncio.run.
++++ vim:
- Update apparmor.vim (taken from AppArmor 3.0.3)
* Add syntax highlighting for abi rules
------------------------------------------------------------------
------------------ 2021-8-10 - Aug 10 2021 -------------------
------------------------------------------------------------------
++++ btrfsprogs:
- Update to 5.13.1
* build: fix build on musl libc due to missing definition of NAME_MAX
* check:
* batch more work into one transaction when clearing v1 free space inodes
* detect directoris with wrong number of links
* libbtrfsutil: fix race between subvolume iterator and deletion
* mkfs: be more specific about supported profiles for zoned device
* other:
* documentation updates
++++ glibc:
- Add cross development packages for aarch64 and riscv64.
++++ kernel-default:
- config: arm64: enable audio support for Nvidia Tegra SOCs
- commit 9983afb
++++ mpdecimal:
- Initial package
++++ nfs-utils:
- Remove dependency on fedfs-utils-devel.
fedfs-utils was only ever a "technology preview" and is now
considered "end of life".
nfs-utils is not even built to use it as --enable-junction
isn't being passed to confgure
and fedfs-utils doesn't build wth glibc 2.34.
So remove the unnecessary dependency on fedfs-utils.
(bsc#1189085)
++++ salt:
- Define license macro as doc in spec file if not existing
- Add standalone formulas configuration for salt minion and remove salt-master requirement (bsc#1168327)
++++ qemu:
- usb: unbounded stack allocation in usbredir
(bsc#1186012, CVE-2021-3527)
hw-usb-Do-not-build-USB-subsystem-if-not.patch
hw-usb-host-stub-Remove-unused-header.patch
usb-hid-avoid-dynamic-stack-allocation.patch
usb-limit-combined-packets-to-1-MiB-CVE-.patch
usb-mtp-avoid-dynamic-stack-allocation.patch
++++ selinux-policy:
- Fix quoting in postInstall macro
------------------------------------------------------------------
------------------ 2021-8-9 - Aug 9 2021 -------------------
------------------------------------------------------------------
++++ container-selinux:
- Update to version 2.164.2
* Don't setup users for writing to pid_sockets
* Allow container engines to be started from the staff user.
* Allow spc_t domains to set bpf rules on any domain
* Add support for k3s
++++ cpio:
- Fix CVE-2021-38185 Remote code execution caused by an integer overflow in ds_fgetstr
(CVE-2021-38185, bsc#1189206)
* fix-CVE-2021-38185.patch
++++ kernel-default:
- crypto: drbg - select SHA512 (bsc#1189034).
config: CRYPTO_SHA512 is built-in again.
- commit 80170a0
- Fix filesystem requirement and suse-release requires
Reduce filesystem conflict to anything less than 16 to allow pulling the
change into the next major stable version.
Don't require suse-release as that's not technically required. Conflict
with a too old one instead.
- commit 913f755
++++ gdbm:
- version update to 1.20
* New bucket cache
The bucket cache support has been rewritten from scratch. The new
bucket cache code provides for significant speed up of search
operations.
* Change mmap prereading strategy
Pre-reading of the memory mapper regions, introduced in version 1.19
can be advantageous only when doing intensive look-ups on a read-only
database. It degrades performance otherwise, especially if doing
multiple inserts. Therefore, this version introduces a new flag
to gdbm_open: GDBM_PREREAD. When given, it enables pre-reading of
memory mapped regions.
- modified patches
% gdbm-no-build-date.patch (refreshed)
++++ ncurses:
- Add ncurses patch 20210807
+ ignore "--dynamic-linker" option in generated pkg/config files,
adapted from "distr1" patch.
+ add CF_SHARED_OPTS case for Haiku, from patch in haikuports.
- Correct offsets of patch ncurses-6.2.dif
++++ mozilla-nspr:
- added a ccache conditional
++++ vim:
- Updated to version 8.2.3318, fixes the following problems
* Vim9: exists() does not handle much at compile time.
* Lua: can only execute one Vim command at a time. Not easy to get the
Vim version.
* Memory allocation functions don't have their own place.
* Some structures could be smaller.
* Popup window title with wide characters is truncated.
* Vim9: :finally in skipped block not handled correctly.
* Unexpected "No matching autocommands".
* Vim9: :echoconsole cannot access local variables.
* Vim9: no runtime check for argument type if a function only has varargs.
* Vim9: divide by zero causes a crash.
* Vim9: unpack assignment does not mention source of type error.
* Vim9: check for DO_NOT_FREE_CNT is very slow.
* Vim9: after "if false" line breaks in expression not skipped.
* Unused code in win_exchange() and frame_remove().
* Behavior of exists() in a :def function is unpredictable.
* Cannot use single quote in a float number for readability.
* Float test fails.
* Vim9: No error for missing white space before return type.
* Vim9: cannot ignore quotes in number at the command line.
------------------------------------------------------------------
------------------ 2021-8-8 - Aug 8 2021 -------------------
------------------------------------------------------------------
++++ Mesa:
- fixed build on %ix86 by removing "-flto=auto" from optflags for
cpp
++++ Mesa-drivers:
- fixed build on %ix86 by removing "-flto=auto" from optflags for
cpp
++++ kernel-default:
- Update to 5.14-rc5
- update configs
- PHYS_RAM_BASE_FIXED=n (riscv64 only, follow upstream revert)
- commit 1838496
- blacklist.conf: add one docs fix
- commit 19b1d90
- Revert "qed: fix possible unpaired spin_{un}lock_bh in
_qed_mcp_cmd_and_union()" (git-fixes).
- commit 27fe085
- Linux 5.13.9 (bsc#1012628).
- drm/i915: Revert "drm/i915/gem: Asynchronous cmdparser"
(bsc#1012628).
- Revert "drm/i915: Propagate errors on awaiting already signaled
fences" (bsc#1012628).
- power: supply: ab8500: Call battery population once
(bsc#1012628).
- skmsg: Increase sk->sk_drops when dropping packets
(bsc#1012628).
- skmsg: Pass source psock to sk_psock_skb_redirect()
(bsc#1012628).
- bpf, sockmap: On cleanup we additionally need to remove cached
skb (bsc#1012628).
- cifs: use helpers when parsing uid/gid mount options and
validate them (bsc#1012628).
- cifs: add missing parsing of backupuid (bsc#1012628).
- net: dsa: sja1105: parameterize the number of ports
(bsc#1012628).
- net: dsa: sja1105: fix address learning getting disabled on
the CPU port (bsc#1012628).
- ASoC: Intel: boards: handle hda-dsp-common as a module
(bsc#1012628).
- ASoC: Intel: boards: create sof-maxim-common module
(bsc#1012628).
- ASoC: Intel: boards: fix xrun issue on platform with max98373
(bsc#1012628).
- regulator: rtmv20: Fix wrong mask for strobe-polarity-high
(bsc#1012628).
- regulator: rt5033: Fix n_voltages settings for BUCK and LDO
(bsc#1012628).
- spi: stm32h7: fix full duplex irq handler handling
(bsc#1012628).
- ASoC: tlv320aic31xx: fix reversed bclk/wclk master bits
(bsc#1012628).
- regulator: mtk-dvfsrc: Fix wrong dev pointer for
devm_regulator_register (bsc#1012628).
- qed: fix possible unpaired spin_{un}lock_bh in
_qed_mcp_cmd_and_union() (bsc#1012628).
- ASoC: rt5682: Fix the issue of garbled recording after
powerd_dbus_suspend (bsc#1012628).
- net: Fix zero-copy head len calculation (bsc#1012628).
- ASoC: ti: j721e-evm: Fix unbalanced domain activity tracking
during startup (bsc#1012628).
- ASoC: ti: j721e-evm: Check for not initialized parent_clk_id
(bsc#1012628).
- efi/mokvar: Reserve the table only if it is in boot services
data (bsc#1012628).
- nvme: fix nvme_setup_command metadata trace event (bsc#1012628).
- drm/amd/display: Fix comparison error in dcn21 DML
(bsc#1012628).
- drm/amd/display: Fix max vstartup calculation for modes with
borders (bsc#1012628).
- io_uring: never attempt iopoll reissue from release path
(bsc#1012628).
- io_uring: explicitly catch any illegal async queue attempt
(bsc#1012628).
- Revert "Bluetooth: Shutdown controller after workqueues are
flushed or cancelled" (bsc#1012628).
- Revert "watchdog: iTCO_wdt: Account for rebooting on second
timeout" (bsc#1012628).
- drm/amd/display: Fix ASSR regression on embedded panels
(bsc#1012628).
- spi: mediatek: Fix fifo transfer (bsc#1012628).
- Update config files.
- commit ed76d57
------------------------------------------------------------------
------------------ 2021-8-7 - Aug 7 2021 -------------------
------------------------------------------------------------------
++++ apparmor:
- update to AppArmor 3.0.3
- fix a failure in the parser tests
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.3
for the detailed upstream changelog
++++ diffutils:
- diffutils 3.8:
* diff no longer treats a closed stdin as representing an absent
file in usage like 'diff --new-file - foo <&-'
* diff and related programs no longer get confused if stdin,
stdout, or stderr are closed
* cmp, diff and sdiff no longer treat negative command-line
option-arguments as if they were large positive numbers
- drop gnulib-test-avoid-FP-perror-strerror.patch, upstream
- drop gnulib-c-stack.patch, equivalent change in c-stack
- remove deprecated texinfo packaging macros
++++ libapparmor:
- update to AppArmor 3.0.3
- fix a failure in the parser tests
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.3
for the detailed upstream changelog
++++ libtpms:
- Update to version 0.8.4:
* Reset too large size indicators in TPM2B to avoid access
beyond buffer
* Restore original value in buffer if unmarshalled one was
illegal
++++ swtpm:
- Update to version 0.6.0:
- Addressed potential symlink attack issue (CVE-2020-28407)
- Rewritten in 'C'; needs json-glib
- Use timeouts for communicating with swtpm (Unix socket)
- Fix --print-capabilities for 'swtpm chardev'
- Various cleanups and fixes (coverity)
- Enable selinux support
- Removed swtpm-rename_deprecated_libtasn1_types.patch: upstream
- Fix rpmlint errors
------------------------------------------------------------------
------------------ 2021-8-6 - Aug 6 2021 -------------------
------------------------------------------------------------------
++++ apparmor:
- update to AppArmor 3.0.2
- add missing permissions to several profiles and abstractions
(including boo#1188296)
- bugfixes in utils and parser (including boo#1180766 and boo#1184779)
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.2
for the detailed upstream changelog
- remove upstreamed patches:
- apparmor-dovecot-stats-metrics.diff
- abstractions-php8.diff
- crypto-policies-mr720.diff
++++ glib-networking:
- Update to version 2.70.alpha:
+ Fix TLS channel bindings tests.
+ Require OpenSSL 1.0.2.
+ Fix threadsafety issue in certificate verification.
+ dlopen libsoup for performing HTTP requests.
+ OpenSSL: add DTLS support, plus many related improvements.
+ Implement new GTlsCertificate details APIs.
+ GnuTLS: improve error handling for PIN failures.
+ GnuTLS: expose PIN type on PIN requests.
+ GnuTLS: check cancellable in pull timeout callback.
+ Improve automation of test certificate creation.
+ GnuTLS: use GnuTLS to implement all channel bindings.
+ GnuTLS: rework certificate verification to use TLS session.
+ GnuTLS: improve peer identity verification.
+ Bring back automatic downloading of missing intermediate
certificates (not fixed, may go away again).
++++ libapparmor:
- update to AppArmor 3.0.2
- add missing permissions to several profiles and abstractions
(including boo#1188296)
- bugfixes in utils and parser (including boo#1180766 and boo#1184779)
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.2
for the detailed upstream changelog
- remove upstreamed patches:
- apparmor-dovecot-stats-metrics.diff
- abstractions-php8.diff
- crypto-policies-mr720.diff
++++ rdma-core:
- Update to rdma-core v36.0:
- Bugfixes on all providers
++++ libesmtp:
- Add libesmtp-fix-cve-2019-19977.patch: Fix stack-based buffer
over-read in ntlm/ntlmstruct.c (bsc#1160462 bsc#1189097).
++++ python-Jinja2:
- Babel is not required
++++ qemu:
- usbredir: free call on invalid pointer in bufp_alloc
(bsc#1189145, CVE-2021-3682)
usbredir-fix-free-call.patch
++++ u-boot-rpiarm64:
- u-boot-bin.spl is used for UART or USB boot. Lets package it
for convinience.
++++ vim:
- Updated to version 8.2.3299, fixes the following problems
* Vim9: TODO items in tests can be taken care of.
* Vim9: error about using -complete without -nargs is confusing.
* Julia filetype is not recognized
* No error for insert() or remove() changing a locked blob.
* Scdoc filetype is not recognized.
* win_enter_ext() has too many boolean arguments.
* Channel events not handled in BufEnter autocommand.
* Cannot easily access namespace dictionaries from Lua.
* Compiler warning for unused variable with small features.
* Vim9: compiling dict may use pointer after free and leak memory on failure.
* Coverity warns for not checking return value.
* Underscore in very magic pattern causes a hang. Pattern with \V are
case sensitive. (Yutao Yuan)
* Finding completions may cause an endless loop.
* Lua: memory leak when adding dict item fails.
* 'cursorline' should not apply to 'breakindent'.
* Vim9: cannot add a number to a float.
* Cannot use all commands inside a {} block after :command and :autocmd.
* Build failure with small features.
* Vim9: exists() does not handle much at compile time.
------------------------------------------------------------------
------------------ 2021-8-5 - Aug 5 2021 -------------------
------------------------------------------------------------------
++++ Mesa:
- enabled build of 'crocus' Gallium3D OpenGL driver for i965 "Gen4"
through Haswell "Gen7" graphics (alternative to classic "i965"
OpenGL driver); use MESA_LOADER_DRIVER_OVERRIDE=crocus to use it;
in case of issues with video hardware acceleration(vaapi driver),
set LIBVA_DRIVER_NAME=i965
- update to 21.2.0
* new release
++++ Mesa-drivers:
- enabled build of 'crocus' Gallium3D OpenGL driver for i965 "Gen4"
through Haswell "Gen7" graphics (alternative to classic "i965"
OpenGL driver); use MESA_LOADER_DRIVER_OVERRIDE=crocus to use it;
in case of issues with video hardware acceleration(vaapi driver),
set LIBVA_DRIVER_NAME=i965
- update to 21.2.0
* new release
++++ elfutils:
- Add tests-Allow-an-extra-pthread_kill-frame-in-backtrace.patch
in order to fix boo#1189083.
++++ kernel-default:
- rpm/kernel-binary.spec.in: avoid high suse-release requirements
Not provided in stagings.
- commit 7839440
- rpm/kernel-source.rpmlintrc: ignore new include/config files
In 5.13, since 0e0345b77ac4, config files have no longer .h suffix.
Adapt the zero-length check.
Based on Martin Liska's change.
- commit b6f021b
++++ mozilla-nss:
- update to NSS 3.68
* bmo#1713562 - Fix test leak.
* bmo#1717452 - NSS 3.68 should depend on NSPR 4.32.
* bmo#1693206 - Implement PKCS8 export of ECDSA keys.
* bmo#1712883 - DTLS 1.3 draft-43.
* bmo#1655493 - Support SHA2 HW acceleration using Intel SHA Extension.
* bmo#1713562 - Validate ECH public names.
* bmo#1717610 - Add function to get seconds from epoch from pkix::Time.
- required by Firefox 91.0
- added nss-fips-fix-missing-nspr.patch (via SLE sync)
++++ gpgme:
- Fix build with glibc 2.34: [bsc#1189089]
* Use glibc's closefrom.
* Add gpgme-use-glibc-closefrom.patch
++++ python-immutables:
- Upstream fixed problems with 32bit systems
(gh#MagicStack/immutables#69) so we have removed
skip_32bit_tests.patch and added new solution which actually fixes the
issue: test_none_collisions-32-bit.patch.
------------------------------------------------------------------
------------------ 2021-8-4 - Aug 4 2021 -------------------
------------------------------------------------------------------
++++ dbus-1:
- Use libalternatives instead of update-alternatives.
++++ glib2:
- Add 63e7864.patch: Fix build with glibc 2.34: use 3 parameters
for close_range (boo#1189088).
++++ grub2:
- update grub2-systemd-sleep.sh to fix hibernation by avoiding the
error "no kernelfile matching the running kernel found" on
usrmerged setup
- Use %autosetup
++++ kernel-default:
- config: make CONFIG_INTEL_PMC_CORE modular (bsc#1189072).
When this option was introduced, it was a boolean. Since then it's
been changed to a tristate and can be made modular again.
- config: config: disable epaper drivers and other old graphics (bsc#1189116).
- config: disable CONFIG_GAMEPORT (bsc#1189115).
The last SoundBlaster card to use a Game Port shipped in 2001. Devices
that connect via Game Port can still be used with a USB adapter, which
doesn't use the GAMEPORT driver.
- config: enable CONFIG_BT_MSFTEXT (bsc#1189113).
- config: disable CONFIG_ATALK (bsc#1189112).
This disables support for native AppleTalk which Apple stopped
supporting in 2009. AppleTalk over IP is implemented using the netatalk
package.
- config: enable CONFIG_CMA on x86_64 (bsc#1189109).
CMA was enabled in SLE15-SP3 via jsc#SLE-17227. One difference is that
v5.10-rc1 (b7176c261cd) upstream added the ability to allocate areas for
each NUMA node, which changed some of the defaults.
The default number of areas (19) is used here.
- config: make CONFIG_INTEL_PMC_CORE modular (bsc#1189072).
When this option was introduced, it was a boolean. Since then it's
been changed to a tristate and can be made modular again.
- config: config: disable epaper drivers and other old graphics (bsc#1189116).
- config: disable CONFIG_GAMEPORT (bsc#1189115).
The last SoundBlaster card to use a Game Port shipped in 2001. Devices
that connect via Game Port can still be used with a USB adapter, which
doesn't use the GAMEPORT driver.
- config: enable CONFIG_BT_MSFTEXT (bsc#1189113).
- config: disable CONFIG_ATALK (bsc#1189112).
This disables support for native AppleTalk which Apple stopped
supporting in 2009. AppleTalk over IP is implemented using the netatalk
package.
- config: enable CONFIG_CMA on x86_64 (bsc#1189109).
CMA was enabled in SLE15-SP3 via jsc#SLE-17227. One difference is that
v5.10-rc1 (b7176c261cd) upstream added the ability to allocate areas for
each NUMA node, which changed some of the defaults.
The default number of areas (19) is used here.
- commit c779dde
- config: enable CONFIG_EFI_RCI2_TABLE (bsc#1189108).
- config: disable X86_X32 (bsc#1189069).
This feature requires a userspace rebuild to use the X32 ABI and that
hasn't happened. If that support is eventually added, we can re-enable.
- config: enable CONFIG_EFI_RCI2_TABLE (bsc#1189108).
- config: disable X86_X32 (bsc#1189069).
This feature requires a userspace rebuild to use the X32 ABI and that
hasn't happened. If that support is eventually added, we can re-enable.
- commit 61cb111
- net: usb: lan78xx: don't modify phy_device state concurrently (bsc#1188270).
- commit 79524ad
- Linux 5.13.8 (bsc#1012628).
- octeontx2-af: Remove unnecessary devm_kfree (bsc#1012628).
- perf pmu: Fix alias matching (bsc#1012628).
- can: j1939: j1939_session_deactivate(): clarify lifetime of
session object (bsc#1012628).
- i40e: Add additional info to PHY type error (bsc#1012628).
- io_uring: fix race in unified task_work running (bsc#1012628).
- Revert "perf map: Fix dso->nsinfo refcounting" (bsc#1012628).
- powerpc/pseries: Fix regression while building external modules
(bsc#1012628).
- powerpc/vdso: Don't use r30 to avoid breaking Go lang
(bsc#1012628).
- SMB3: fix readpage for large swap cache (bsc#1012628).
- bpf: Fix pointer arithmetic mask tightening under state pruning
(bsc#1012628).
- bpf: verifier: Allocate idmap scratch in verifier env
(bsc#1012628).
- bpf: Remove superfluous aux sanitation on subprog rejection
(bsc#1012628).
- bpf: Fix leakage due to insufficient speculative store bypass
mitigation (bsc#1012628).
- bpf: Introduce BPF nospec instruction for mitigating Spectre v4
(bsc#1012628).
- can: hi311x: fix a signedness bug in hi3110_cmd() (bsc#1012628).
- sis900: Fix missing pci_disable_device() in probe and remove
(bsc#1012628).
- tulip: windbond-840: Fix missing pci_disable_device() in probe
and remove (bsc#1012628).
- sctp: fix return value check in __sctp_rcv_asconf_lookup
(bsc#1012628).
- block: delay freeing the gendisk (bsc#1012628).
- net/mlx5: Fix mlx5_vport_tbl_attr chain from u16 to u32
(bsc#1012628).
- net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev()
(bsc#1012628).
- net/mlx5: Unload device upon firmware fatal error (bsc#1012628).
- net/mlx5e: Fix page allocation failure for ptp-RQ over SF
(bsc#1012628).
- net/mlx5e: Fix page allocation failure for trap-RQ over SF
(bsc#1012628).
- net/mlx5e: Add NETIF_F_HW_TC to hw_features when HTB offload
is available (bsc#1012628).
- net/mlx5e: RX, Avoid possible data corruption when relaxed
ordering and LRO combined (bsc#1012628).
- net/mlx5: E-Switch, handle devcom events only for ports on
the same device (bsc#1012628).
- net/mlx5: E-Switch, Set destination vport vhca id only when
merged eswitch is supported (bsc#1012628).
- net/mlx5e: Disable Rx ntuple offload for uplink representor
(bsc#1012628).
- net/mlx5: Fix flow table chaining (bsc#1012628).
- bpf, sockmap: Zap ingress queues after stopping strparser
(bsc#1012628).
- KVM: selftests: Fix missing break in dirty_log_perf_test arg
parsing (bsc#1012628).
- drm/msm/dp: Initialize the INTF_CONFIG register (bsc#1012628).
- drm/msm/dp: use dp_ctrl_off_link_stream during PHY compliance
test run (bsc#1012628).
- drm/msm/dpu: Fix sm8250_mdp register length (bsc#1012628).
- net: llc: fix skb_over_panic (bsc#1012628).
- KVM: x86: Check the right feature bit for MSR_KVM_ASYNC_PF_ACK
access (bsc#1012628).
- drm/i915/bios: Fix ports mask (bsc#1012628).
- drm/panel: panel-simple: Fix proper bpc for ytc700tlag_05_201c
(bsc#1012628).
- mlx4: Fix missing error code in mlx4_load_one() (bsc#1012628).
- net: phy: broadcom: re-add check for PHY_BRCM_DIS_TXCRXC_NOENRGY
on the BCM54811 PHY (bsc#1012628).
- octeontx2-pf: Dont enable backpressure on LBK links
(bsc#1012628).
- octeontx2-pf: Fix interface down flag on error (bsc#1012628).
- tipc: do not write skb_shinfo frags when doing decrytion
(bsc#1012628).
- can: mcp251xfd: mcp251xfd_irq(): stop timestamping worker in
case error in IRQ (bsc#1012628).
- ionic: count csum_none when offload enabled (bsc#1012628).
- ionic: fix up dim accounting for tx and rx (bsc#1012628).
- ionic: remove intr coalesce update from napi (bsc#1012628).
- ionic: catch no ptp support earlier (bsc#1012628).
- ionic: make all rx_mode work threadsafe (bsc#1012628).
- net: qrtr: fix memory leaks (bsc#1012628).
- loop: reintroduce global lock for safe loop_validate_file()
traversal (bsc#1012628).
- net: dsa: mv88e6xxx: silently accept the deletion of VID 0 too
(bsc#1012628).
- net: Set true network header for ECN decapsulation
(bsc#1012628).
- tipc: fix sleeping in tipc accept routine (bsc#1012628).
- tipc: fix implicit-connect for SYN+ (bsc#1012628).
- i40e: Fix log TC creation failure when max num of queues is
exceeded (bsc#1012628).
- i40e: Fix queue-to-TC mapping on Tx (bsc#1012628).
- i40e: Fix firmware LLDP agent related warning (bsc#1012628).
- i40e: Fix logic of disabling queues (bsc#1012628).
- netfilter: nft_nat: allow to specify layer 4 protocol NAT only
(bsc#1012628).
- netfilter: conntrack: adjust stop timestamp to real expiry value
(bsc#1012628).
- mac80211: fix enabling 4-address mode on a sta vif after assoc
(bsc#1012628).
- bpf: Fix OOB read when printing XDP link fdinfo (bsc#1012628).
- netfilter: nf_tables: fix audit memory leak in nf_tables_commit
(bsc#1012628).
- RDMA/rxe: Fix memory leak in error path code (bsc#1012628).
- platform/x86: amd-pmc: Fix missing unlock on error in
amd_pmc_send_cmd() (bsc#1012628).
- platform/x86: amd-pmc: Fix SMU firmware reporting mechanism
(bsc#1012628).
- platform/x86: amd-pmc: Fix command completion code
(bsc#1012628).
- RDMA/bnxt_re: Fix stats counters (bsc#1012628).
- cfg80211: Fix possible memory leak in function
cfg80211_bss_update (bsc#1012628).
- io_uring: fix poll requests leaking second poll entries
(bsc#1012628).
- io_uring: don't block level reissue off completion path
(bsc#1012628).
- io_uring: fix io_prep_async_link locking (bsc#1012628).
- nfc: nfcsim: fix use after free during module unload
(bsc#1012628).
- blk-iocost: fix operation ordering in iocg_wake_fn()
(bsc#1012628).
- drm/amdgpu: Fix resource leak on probe error path (bsc#1012628).
- drm/amdgpu: Avoid printing of stack contents on firmware load
error (bsc#1012628).
- drm/amdgpu: Check pmops for desired suspend state (bsc#1012628).
- drm/amd/display: ensure dentist display clock update finished
in DCN20 (bsc#1012628).
- NIU: fix incorrect error return, missed in previous revert
(bsc#1012628).
- net: stmmac: add est_irq_status callback function for GMAC
4.10 and 5.10 (bsc#1012628).
- HID: wacom: Re-enable touch by default for Cintiq 24HDT /
27QHDT (bsc#1012628).
- alpha: register early reserved memory in memblock (bsc#1012628).
- can: esd_usb2: fix memory leak (bsc#1012628).
- can: ems_usb: fix memory leak (bsc#1012628).
- can: usb_8dev: fix memory leak (bsc#1012628).
- can: mcba_usb_start(): add missing urb->transfer_dma
initialization (bsc#1012628).
- can: peak_usb: pcan_usb_handle_bus_evt(): fix reading
rxerr/txerr values (bsc#1012628).
- can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF
(bsc#1012628).
- can: j1939: j1939_xtp_rx_dat_one(): fix rxtimer value between
consecutive TP.DT to 750ms (bsc#1012628).
- mm/memcg: fix NULL pointer dereference in memcg_slab_free_hook()
(bsc#1012628).
- mm: memcontrol: fix blocking rstat function called from atomic
cgroup1 thresholding code (bsc#1012628).
- ocfs2: issue zeroout to EOF blocks (bsc#1012628).
- ocfs2: fix zero out valid data (bsc#1012628).
- KVM: add missing compat KVM_CLEAR_DIRTY_LOG (bsc#1012628).
- x86/kvm: fix vcpu-id indexed array sizes (bsc#1012628).
- ACPI: DPTF: Fix reading of attributes (bsc#1012628).
- Revert "ACPI: resources: Add checks for ACPI IRQ override"
(bsc#1012628).
- btrfs: mark compressed range uptodate only if all bio succeed
(bsc#1012628).
- btrfs: fix rw device counting in __btrfs_free_extra_devids
(bsc#1012628).
- btrfs: fix lost inode on log replay after mix of fsync, rename
and inode eviction (bsc#1012628).
- fs/ext2: Avoid page_address on pages returned by ext2_get_page
(bsc#1012628).
- pipe: make pipe writes always wake up readers (bsc#1012628).
- selftest: fix build error in
tools/testing/selftests/vm/userfaultfd.c (bsc#1012628).
- commit 14162fe
++++ python-gobject:
- Adjust BuildRequires for python_module cairo to python-module
pycairo: the module was renamed 2 years ago.
- Skip build for python2: not supported anymore since 3.38.0.
++++ vim:
- Updated to version 8.2.3281, fixes the following problems
* Display garbled when 'cursorline' is set and lines wrap. (Gabriel Dupras)
* Coverity reports a null pointer dereference.
* Vim9: argument types are not checked at compile time.
* Vim9: crash when compiling string fails. (Yegappan Lakshmanan)
* Dynamic library load error does not mention why it failed.
* Vim9: lambda doesn't find block-local variable.
* Vim9: searchpair() sixth argument is compiled. (Yegappan Lakshmanan)
* Vim9: argument types are not checked at compile time.
* Vim9: execution speed can be improved.
* NOCOMPOUNDSUGS entry in spell file not tested.
* Vim9: argument types are not checked at compile time.
* Vim9: crash when using variable in a loop at script level.
* When using xchaha20 crypt undo file is not removed.
* :find searches non-existing directories.
* Test_term_setansicolors() fails in some configurations.
* Vim9: argument types are not checked at compile time.
* Vim9: cannot used loop variable later as lambda argument.
* Vim: using {} block in autoloade omnifunc fails.
* Cannot call script-local function after :vim9cmd. (Christian J. Robinson)
* Incsearch highlighting is attempted halfway a mapping.
* New digraph functions use old naming scheme.
* 'virtualedit' can only be set globally.
* Cannot use a simple block for the :command argument. (Maarten Tournoij)
* Vim9: runtime and compile time type checks are not the same.
* Vim9: type error when function return type is not known yet.
* Build failure with small features.
* system() does not work without a second argument.
* prop_list() and prop_find() do not indicate the buffer for the used type.
* Crash when printing long string with Lua.
* Cannot use lambda in {} block in user command. (Martin Tournoij)
* mode() does not indicate using CTRL-O in Select mode.
* When a builtin function gives an error processing continues.
* Vim9: error message does not indicate the location.
* Vim9: no error using heredoc for a number variable.
* Lua print() does not work properly.
* Vim9: memory leak when function reports an error.
* Vim9: valgrind reports leaks in builtin function test.
* Lua 5.3 print() with a long string crashes.
* The crypt key may appear in a swap partition.
* Memory use after free.
* Using uninitialized memory when checking for crypt method.
* Vim9: error message for wrong input uses wrong line number.
* Vim9: error for re-imported function with default argument.
* Listing builtin_gui as an available terminal is confusing.
* Duplicated code for adding buffer lines.
* Channel test fails randomly.
* win_gettype() does not recognize a quickfix window.
* ci" finds following string but ci< and others don't.
* Executable test may fail on new Ubuntu system.
* Calling prop_find() with -1 for ID gives errornous error. (Naohiro Ono)
* Error messages have the wrong text.
* When 'indentexpr' causes an error the did_throw flag may remain set.
* Build failure with small features.
* Vim9: when compiling repeat(123, N) return type is number.
* Build failure when ABORT_ON_INTERNAL_ERROR is defined.
* Vim9: "..=" does not accept same types as the ".." operator.
* Vim9: assign test fails.
* Smartcase does not work correctly in very magic pattern.
* Vim9: assignment with two indexes may check next line.
* Vim9: crash when disassembling a function that uses a deleted script
variable.
* Cannot use a block with :autocmd like with :command.
* Vim9: wrong argument check for partial. (Naohiro Ono)
* prop_find() finds property with ID -2.
* Vim9: cannot use :command or :au with a block in a :def function.
* Cannot use id zero with prop_find(). (Naohiro Ono)
* Autocmd test fails.
* Macro for printf format check can be simplified.
* Optimizer can use hints about ga_grow() normally succeeding.
* Vim9: exists() can only be evaluated at runtime.
* Vim9: compiled has() does not work properly.
* Vim9: error when adding 1 to float.
* Vim9: cannot use block in cmdline window.
* 'virtualedit' local to buffer is not the best solution.
* Vim9: TODO items in tests can be taken care of.
------------------------------------------------------------------
------------------ 2021-8-3 - Aug 3 2021 -------------------
------------------------------------------------------------------
++++ cockpit:
- new version 250
https://cockpit-project.org/blog/cockpit-250.html
- fix pam_motd selinux denial (0001-selinux-allow-login-to-read-motd-file.patch)
++++ cryptsetup:
- need to use PBKDF2 by default for LUKS2 as grub can't decrypt when
using Argon.
++++ transactional-update:
- Version 3.5.1
- t-u: Disable status file generation by default
The new experimental `status` command requires the availability of
/etc/YaST2/control.xml, which is not present on all systems. Hide the
creation of the corresponding status file behind a new EXPERIMENTAL_STATUS
option to try out this functionality.
- Increase library version
- Add tukit.conf to spec file
++++ efibootmgr:
- Update to v17: [jsc#SLE-22542]
* use efivar's logging facility more (more info in -v2 , -v3, etc)
* Various bug fixes
* Better -e parsing
* fix pkg-config invocation for ldflags
* Make efibootmgr use EFIDIR / efibootmgr.efidir like fwupdate does
* make --loader default build-time configurable
* sanitize set_mirror()/get_mirror()
* Add support for parsing loader options as UCS2
* GCC 7 fixes
* Don't use -fshort-wchar since we don't run on EFI machines.
- Drop 0001-Don-t-use-fshort-wchar-when-building-63.patch (upstreamed)
- Drop 0002-Remove-extra-const-keywords-gcc-7-gripes-about.patch
(upstreamed)
- Drop 0003-Add-support-for-parsing-optional-data-as-ucs2.patch
(upstreamed)
- Drop MARM-sanitize-set_mirror.diff (upstreamed)
- Drop efibootmgr-derhat.diff (upstreamed)
- Rebase efibootmgr-delete-multiple.diff
++++ grep:
- gnulib-c-stack.patch: Fix AC_SYS_XSI_STACK_OVERFLOW_HEURISTIC configure
check
++++ hwdata:
- Update to version 0.350 (bsc#1189005):
+ Updated pci, usb and vendor ids.
++++ iptables:
- Use libalternatives instead of update-alternatives.
++++ kernel-default:
- config: re-modularize CRYPTO_{CTS,ECB,HMAC,SHA512,XTS} (bsc#1189034).
Now that FS_ENCRYPTION_ALGS is modular, the crypto modules it utilizes
can be modular as well. CRYPTO_AES and CRYPTO_CBC are used by
ENCRYPTED_KEYS and must remain built-in.
- commit 263a9fe
- config: re-modularize CRYPTO_{GCM,GHASH,GF128MUL} (bsc#1189033).
These modules were selected as built-in due to Kconfig changes between
4.14-rc3 and 5.8-rc1 selecting them if BIG_KEYS was enabled. They can
be built as modules again now.
- commit 4426182
- config: re-modularize ext4 (bsc#1189032).
ext2/3/4 hasn't been a default file system for SLE or openSUSE in many
years. There is little reason to continue to keep it as a built-in.
- commit 5b1d047
- arm64: Update config files. (bsc#1188702)
- arm63: Update config files. (bsc#1188702)
- commit a293b6e
++++ pam:
- package man5/motd.5 as a man-pages link to man8/pam_motd.8
[bsc#1188724]
++++ python-distro:
- Update to version 1.6.0
* Deprecated the distro.linux_distribution() function. Use distro.id(), distro.version() and distro.name() instead [#296]
* Deprecated Python 2.7, 3.4 and 3.5 support. Further releases will only support Python 3.6+
* Added type hints to distro module [#269]
* Added __version__ for checking distro version [#292]
* Added support for arbitrary rootfs via the root_dir parameter [#247]
* Added the --root-dir option to CLI [#161]
* Added fallback to /usr/lib/os-release when /etc/os-release isn't available [#262]
* Fixed subprocess.CalledProcessError when running lsb_release [#261]
* Ignore /etc/iredmail-release file while parsing distribution [#268]
* Use a binary file for /dev/null to avoid TextIOWrapper overhead [#271]
++++ qemu:
- Add stable patches from upstream:
block-nvme-Fix-VFIO_MAP_DMA-failed-No-sp.patch
hw-net-can-sja1000-fix-buff2frame_bas-an.patch
hw-pci-host-q35-Ignore-write-of-reserved.patch
++++ u-boot-rpiarm64:
Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.07
* Patches added:
0014-btrfs-Use-default-subvolume-as-file.patch - boo#1185656
------------------------------------------------------------------
------------------ 2021-8-2 - Aug 2 2021 -------------------
------------------------------------------------------------------
++++ cryptsetup:
- cryptsetup 2.4.0 (jsc#SLE-20275)
* External LUKS token plugins
* Experimental SSH token
* Default LUKS2 PBKDF is now Argon2id
* Increase minimal memory cost for Argon2 benchmark to 64MiB.
* Autodetect optimal encryption sector size on LUKS2 format.
* Use VeraCrypt option by default and add --disable-veracrypt option.
* Support --hash and --cipher to limit opening time for TCRYPT type
* Fixed default OpenSSL crypt backend support for OpenSSL3.
* integritysetup: add integrity-recalculate-reset flag.
* cryptsetup: retains keyslot number in luksChangeKey for LUKS2.
* Fix cryptsetup resize using LUKS2 tokens.
* Add close --deferred and --cancel-deferred options.
* Rewritten command-line option parsing to avoid libpopt arguments
memory leaks.
* Add --test-args option.
- Use LUKS2 as default format on Tumbleweed.
It provides some additional features which other tools
(e.g. systemd-cryptenroll) rely on. GRUB 2.06 supports unlocking
LUKS2 volumes meanwhile.
++++ transactional-update:
- Version 3.5.0
- Add alias setDiscardIfUnchanged for setDiscard. The old method name
wasn't really clear and will be removed if we should have an API break
in the future
- Replace mkinitrd with direct dracut call [boo#1186213]
- tukit: Add configuration file support (/etc/tukit.conf)
- Allow users to configure additional bind mounts (see /usr/etc/tukit.conf
for an example and limitations) [bsc#1188322]
- Add 'transactional-update status' call. This is a POC for obtaining a
hash of a system to verify its integrity. The functionality is still
experimental!
- Internal bugfixes / optimizations
++++ e2fsprogs:
- Update to 1.46.3:
* Add -V and -VV options to filefrag
* Fix fs corruption cause by resize2fs on filesystems with MMP blocks
* Fast commit portability fixes
* Fix direct IO support in Unix IO manager
* Avoid calling EXT2_IOC_[GS]ETFLAGS for block devices
* Fix mke2fs to not discard blocks beyond end of filesystem
* Make e2fsck set filetype of '.' and '..' entries
* Fix QCOW image generation in e2image for very large filesystems
* Update translations
++++ filesystem:
- Leave subdirectories of /srv mode 755 as the apache openqa test relies on it
atm. Only set /srv itself to 555
++++ glibc:
- Update to glibc 2.34
Major new features:
* When _DYNAMIC_STACK_SIZE_SOURCE or _GNU_SOURCE are defined,
PTHREAD_STACK_MIN is no longer constant and is redefined to
sysconf(_SC_THREAD_STACK_MIN)
* Add _SC_MINSIGSTKSZ and _SC_SIGSTKSZ
* The dynamic linker implements the --list-diagnostics option, printing
a dump of information related to IFUNC resolver operation and
glibc-hwcaps subdirectory selection
* On Linux, the function execveat has been added
* The ISO C2X function timespec_getres has been added
* The feature test macro __STDC_WANT_IEC_60559_EXT__, from draft ISO
C2X, is supported to enable declarations of functions defined in Annex F
of C2X
* Add support for 64-bit time_t on configurations like x86 where time_t
is traditionally 32-bit
* The main gconv-modules file in glibc now contains only a small set of
essential converter modules and the rest have been moved into a supplementary
configuration file gconv-modules-extra.conf in the gconv-modules.d directory
in the same GCONV_PATH
* On Linux, a new tunable, glibc.pthread.stack_cache_size, can be used
to configure the size of the thread stack cache
* The function _Fork has been added as an async-signal-safe fork replacement
since Austin Group issue 62 droped the async-signal-safe requirement for
fork (and it will be included in the future POSIX standard)
* On Linux, the close_range function has been added
* The function closefrom has been added
* The posix_spawn_file_actions_closefrom_np function has been added, enabling
posix_spawn and posix_spawnp to close all file descriptors great than or
equal to a giver integer
Deprecated and removed features, and other changes affecting compatibility:
* The function pthread_mutex_consistent_np has been deprecated
* The function pthread_mutexattr_getrobust_np has been deprecated
* The function pthread_mutexattr_setrobust_np has been deprecated
* The function pthread_yield has been deprecated
* The function inet_neta declared in <arpa/inet.h> has been deprecated
* Various rarely-used functions declared in <resolv.h> and
<arpa/nameser.h> have been deprecated
* The pthread cancellation handler is now installed with SA_RESTART and
pthread_cancel will always send the internal SIGCANCEL on a cancellation
request
* The symbols mallwatch and tr_break are now deprecated and no longer used in
mtrace
* The __morecore and __after_morecore_hook malloc hooks and the default
implementation __default_morecore have been removed from the API
* Debugging features in malloc such as the MALLOC_CHECK_ environment variable
(or the glibc.malloc.check tunable), mtrace() and mcheck() have now been
disabled by default in the main C library
* The deprecated functions malloc_get_state and malloc_set_state have been
moved from the core C library into libc_malloc_debug.so
* The deprecated memory allocation hooks __malloc_hook, __realloc_hook,
__memalign_hook and __free_hook are now removed from the API
Changes to build and runtime requirements:
* On Linux, the shm_open, sem_open, and related functions now expect the
file shared memory file system to be mounted at /dev/shm
Security related changes:
CVE-2021-27645: The nameserver caching daemon (nscd), when processing
a request for netgroup lookup, may crash due to a double-free,
potentially resulting in degraded service or Denial of Service on the
local system
CVE-2021-33574: The mq_notify function has a potential use-after-free
issue when using a notification type of SIGEV_THREAD and a thread
attribute with a non-default affinity mask
- nss-database-check-reload.patch, nss-load-chroot.patch,
x86-isa-level.patch, nscd-netgroupcache.patch,
nss-database-lookup.patch, select-modify-timeout.patch,
nptl-db-libpthread-load-order.patch, rawmemchr-warning.patch,
tst-cpu-features-amx.patch, mq-notify-use-after-free.patch: Removed
++++ gtk3:
- Drop patch fixed upstream on SLE and Leap 15.4:
gtk3-x11-fix-menu-touch-by-pointer-emulation.patch
++++ kernel-default:
- Update to 5.14-rc4
- refresh configs (cosmetic only)
- commit 025a97d
++++ krb5:
- Update to 1.19.2
* Fix a denial of service attack against the KDC encrypted challenge
code; (CVE-2021-36222);
* Fix a memory leak when gss_inquire_cred() is called without a
credential handle.
++++ libXft:
- Update to version 2.3.4
* This release handles the deprecation of the
FcNameRegisterObjectTypes API by fontconfig, and provides
minor cleanups for compiler warnings and man pages.
++++ avahi:
- Obsolete the same version of mDNSResponder-lib and mDNSResponder
in baselib.conf and spec.
++++ libbpf:
- Create libbpf0-32bit needed by libdwarves1-32bit
++++ ncurses:
- Add ncurses patch 20210731
+ add extensions in xterm+tmux and ecma+strikeout to ms-terminal,
but cancel the non-working Cr and Ms capabilities -TD
+ add foot and foot-direct -TD
- Correct offsets of patch ncurses-6.2.dif
++++ systemd:
- Upgrade to v249.2 (commit c0bb2fcbc26f6aacde574656159504f263916719)
See https://github.com/openSUSE/systemd/blob/SUSE/v249/NEWS for
details.
This includes the following bug fixes:
- upstream commit 6fb61918ccdd0610b425d5b0e5417751f8f8f783 (bsc#1182870)
- upstream commit 6fe2a70b9160e35fdeed9d37bd31727c2d46a8b2 (jsc#SLE-17798)
- Rebased 0002-rc-local-fix-ordering-startup-for-etc-init.d-boot.lo.patch
0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch
++++ libvirt:
- Update to libvirt 7.6.0
- storage_driver: Unlock object on ACL fail in storagePoolLookupByTargetPath
CVE-2021-3667
bsc#1188843
- Many incremental improvements and bug fixes, see
https://libvirt.org/news.html
- Dropped patches:
de1e0ae0-lockd-no-error-if-lockspace.patch,
f58349c9-qemu-storage-migration.patch
++++ python-libvirt-python:
- Update to 7.6.0
- Add all new APIs and constants in libvirt 7.6.0
- jsc#SLE-18354
------------------------------------------------------------------
------------------ 2021-8-1 - Aug 1 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- scsi: sr: Return correct event when media event code is 3
(bsc#1188767 bsc#1188728).
- commit 5794a07
------------------------------------------------------------------
------------------ 2021-7-31 - Jul 31 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Linux 5.13.7 (bsc#1012628).
- ipv6: ip6_finish_output2: set sk into newly allocated nskb
(bsc#1012628).
- ARM: dts: versatile: Fix up interrupt controller node names
(bsc#1012628).
- iomap: remove the length variable in iomap_seek_hole
(bsc#1012628).
- iomap: remove the length variable in iomap_seek_data
(bsc#1012628).
- cifs: fix the out of range assignment to bit fields in
parse_server_interfaces (bsc#1012628).
- firmware: arm_scmi: Fix range check for the maximum number of
pending messages (bsc#1012628).
- firmware: arm_scmi: Fix possible scmi_linux_errmap buffer
overflow (bsc#1012628).
- hfs: add lock nesting notation to hfs_find_init (bsc#1012628).
- hfs: fix high memory mapping in hfs_bnode_read (bsc#1012628).
- hfs: add missing clean-up in hfs_fill_super (bsc#1012628).
- drm/ttm: add a check against null pointer dereference
(bsc#1012628).
- nvme-pci: fix multiple races in nvme_setup_io_queues
(bsc#1012628).
- ipv6: allocate enough headroom in ip6_finish_output2()
(bsc#1012628).
- rcu-tasks: Don't delete holdouts within
trc_wait_for_one_reader() (bsc#1012628).
- rcu-tasks: Don't delete holdouts within trc_inspect_reader()
(bsc#1012628).
- sctp: move 198 addresses from unusable to private scope
(bsc#1012628).
- net: annotate data race around sk_ll_usec (bsc#1012628).
- net/802/garp: fix memleak in garp_request_join() (bsc#1012628).
- net/802/mrp: fix memleak in mrp_request_join() (bsc#1012628).
- cgroup1: fix leaked context root causing sporadic NULL deref
in LTP (bsc#1012628).
- workqueue: fix UAF in pwq_unbound_release_workfn()
(bsc#1012628).
- af_unix: fix garbage collect vs MSG_PEEK (bsc#1012628).
- commit b1bb2c4
++++ schily:
- Update to release 2021.07.29
* Bourne Shell: "cd -" now prints the new directory,
required by POSIX.
* star: A single Linux xattr entry with a zero length value did
disable all Linux xattrs for the related file. This is now
handled correctly.
* ved: ved maxll=79 now checks whether the cursor is > column 79
before entering a new line character.
* ved: ved now aborts the startup if it turns out to be connected to
a hardcopy terminal.
------------------------------------------------------------------
------------------ 2021-7-30 - Jul 30 2021 -------------------
------------------------------------------------------------------
++++ audit-secondary:
- Update to version 3.0.3:
* Dont interpret audit netlink groups unless AUDIT_NLGRP_MAX is defined
* Add support for AUDIT_RESP_ORIGIN_UNBLOCK_TIMED to ids
* Change auparse_feed_has_data in auparse to include incomplete events
* Auditd, stop linking against -lrt
* Add ProtectHome and RestrictRealtime to auditd.service
* In auditd, read up to 3 netlink packets in a row
* In auditd, do not validate path to plugin unless active
* In auparse, only emit config errors when AUPARSE_DEBUG env variable exists
- use https source urls
++++ gdk-pixbuf:
- Drop gdk-pixbuf-bsc1180393-CVE-2020-29385.patch on SLE and Leap
15.4: fixed upstream.
++++ glib2:
- Drop patches fixed upstream on SLE and Leap 15.4:
+ glib2-add-support-for-slim-timezone-format.patch
+ glib2-fix-6-days-until-the-end-of-the-month.patch
+ glib2-CVE-2021-27218.patch
+ glib2-CVE-2021-27219-add-g_memdup2.patch
++++ audit:
- Update to version 3.0.3:
* Dont interpret audit netlink groups unless AUDIT_NLGRP_MAX is defined
* Add support for AUDIT_RESP_ORIGIN_UNBLOCK_TIMED to ids
* Change auparse_feed_has_data in auparse to include incomplete events
* Auditd, stop linking against -lrt
* Add ProtectHome and RestrictRealtime to auditd.service
* In auditd, read up to 3 netlink packets in a row
* In auditd, do not validate path to plugin unless active
* In auparse, only emit config errors when AUPARSE_DEBUG env variable exists
- use https source urls
++++ openldap2:
- Major version update to 2.5.6
See https://www.openldap.org/software/release/announce.html for a list of
changes.
- The threaded version of the OpenLDAP libraries, libldap_r, has been merged
with libldap with 2.5. Removed all related downstream changes, including the
openldap-r-only.dif patch.
Introduce a new compatibility symlink in the other direction: libldap_r
pointing to libldap.
- Removed the ppolicy-check-password module. It is unmaintained and does not
build any more. As part of that also remove the patch
patch 0200-Fix-incorrect-calculation-of-consecutive-number-of-c.patch, which
is applied to this module.
- Removed patch 0001-ITS-8866-slapo-unique-to-return-filter-used-in-diagn.patch
Fixed upstream in 2.5 (ITS#8866)
- Updated patch 0005-pie-compile.dif
Removed the hunks on back-bdb and back-hdb, which are retired backends in 2.5.
- Removed patch 0007-Recover-on-DB-version-change.dif
The back-bdb backend was retired.
- Removed patch 0011-openldap-re24-its7796.patch
Fixed upstream in 2.5 (ITS#7796)
- Remove non-existant configure arguments:
- -enable-rewrite, --enable-monitor, --enable-lmpasswd
- Add the --enable-dynacl configure option, which is required for --enable-aci
- Add the --with-argon2 configure option and remove it from the contrib
modules, since it is now official (ITS#9453).
- Pass mandir to smbk5pwd to ensure the man page ends up in /usr/share.
- Include the new overlays in libdir/openldap in the packages.
- Add the pkgconfig files to the devel package.
- Remove compat macro for _fillupdir, which was introduced in Nov 2017 and
should be widely available now.
++++ ceph:
- Update to 16.2.5-113-g8b5bda7684e:
+ (bsc#1188741) compression/snappy: use uint32_t to be compatible with 1.1.9
improved version of patch that did not work as intended
++++ libsolv:
- Disable python2 usage on suse_version >= 1550 by default (still
possible to use osc build --with=python).
++++ shared-mime-info:
- Do not ghost own %{_datadir}/mime/[a-ms-vxX]*: as those
files/directories do not exist during build, RPM can't expand the
glob and adds it literally to the file list, not having any
effect in the end. A cleanup of the directory structure would not
work anyway, as there are also files generated inside.
++++ sudo:
- update to 1.9.7p2
- enabled openssl support for secure central session
recording collection (without it's clear text)
- fixed SLES12 build
* When formatting JSON output, octal numbers are now stored as
strings, not numbers. The JSON spec does not actually support
octal numbers with a '0' prefix.
* Fixed a compilation issue on Solaris 9.
* Sudo now can handle the getgroups() function returning a different
number of groups for subsequent invocations. GitHub PR #106.
* When loading a Python plugin, python_plugin.so now verifies
that the module loaded matches the one we tried to load. This
allows sudo to display a more useful error message when trying
to load a plugin with a name that conflicts with a Python module
installed in the system location.
* Sudo no longer sets the the open files resource limit to "unlimited"
while it runs. This avoids a problem where sudo's closefrom()
emulation would need to close a very large number of descriptors
on systems without a way to determine which ones are actually open.
* Sudo now includes a configure check for va_copy or __va_copy and
only defines its own version if the configure test fails.
* Fixed a bug in sudo's utmp file handling which prevented old
entries from being reused. As a result, the utmp (or utmpx)
file was appended to unnecessarily. GitHub PR #108.
* Fixed a bug introduced in sudo 1.9.7 that prevented sudo_logsrvd
from accepting TLS connections when OpenSSL is used. Bug #988.
* Fixed an SELinux sudoedit bug when the edited temporary file
could not be opened. The sesh helper would still be run even
when there are no temporary files available to install.
* Fixed a compilation problem on FreeBSD.
* The sudo_noexec.so file is now built as a module on all systems
other than macOS. This makes it possible to use other libtool
implementations such as slibtool. On macOS shared libraries and
modules are not interchangeable and the version of libtool shipped
with sudo must be used.
* Fixed a few bugs in the getgrouplist() emulation on Solaris when
reading from the local group file.
* Fixed a bug in sudo_logsrvd that prevented periodic relay server
connection retries from occurring in "store_first" mode.
* Disabled the nss_search()-based getgrouplist() emulation on HP-UX
due to a crash when the group source is set to "compat" in
/etc/nsswitch.conf. This is probably due to a mismatch between
include/compat/nss_dbdefs.h and what HP-UX uses internally. On
HP-UX we now just cycle through groups the slow way using
getgrent(). Bug #978.
------------------------------------------------------------------
------------------ 2021-7-29 - Jul 29 2021 -------------------
------------------------------------------------------------------
++++ Mesa:
- update to 21.1.6
* sixth bugfix release
++++ Mesa-drivers:
- update to 21.1.6
* sixth bugfix release
++++ filesystem:
- implement mkdir_p for ghost files as components may not exist
- move usrmerge conversion to %pre instead of %pretrans (boo#1188847)
- get rid of usrmerged macro usage, usrmerge is on in Factory always
++++ kernel-default:
- Update config files.
Just refresh.
- commit 2d7b44d
- Linux 5.13.6 (bsc#1012628).
- igc: Fix use-after-free error during reset (bsc#1012628).
- igb: Fix use-after-free error during reset (bsc#1012628).
- igc: change default return of igc_read_phy_reg() (bsc#1012628).
- ixgbe: Fix an error handling path in 'ixgbe_probe()'
(bsc#1012628).
- igc: Fix an error handling path in 'igc_probe()' (bsc#1012628).
- igb: Fix an error handling path in 'igb_probe()' (bsc#1012628).
- fm10k: Fix an error handling path in 'fm10k_probe()'
(bsc#1012628).
- e1000e: Fix an error handling path in 'e1000_probe()'
(bsc#1012628).
- iavf: Fix an error handling path in 'iavf_probe()'
(bsc#1012628).
- igb: Check if num of q_vectors is smaller than max before
array access (bsc#1012628).
- igb: Fix position of assignment to *ring (bsc#1012628).
- net: stmmac: Terminate FPE workqueue in suspend (bsc#1012628).
- gve: Fix an error handling path in 'gve_probe()' (bsc#1012628).
- bpf, samples: Fix xdpsock with '-M' parameter missing unload
process (bsc#1012628).
- bonding: fix suspicious RCU usage in bond_ipsec_add_sa()
(bsc#1012628).
- bonding: fix null dereference in bond_ipsec_add_sa()
(bsc#1012628).
- ixgbevf: use xso.real_dev instead of xso.dev in callback
functions of struct xfrmdev_ops (bsc#1012628).
- bonding: fix suspicious RCU usage in bond_ipsec_del_sa()
(bsc#1012628).
- bonding: disallow setting nested bonding + ipsec offload
(bsc#1012628).
- bonding: Add struct bond_ipesc to manage SA (bsc#1012628).
- bonding: fix suspicious RCU usage in bond_ipsec_offload_ok()
(bsc#1012628).
- bonding: fix incorrect return value of bond_ipsec_offload_ok()
(bsc#1012628).
- ipv6: fix 'disable_policy' for fwd packets (bsc#1012628).
- stmmac: platform: Fix signedness bug in stmmac_probe_config_dt()
(bsc#1012628).
- selftests: icmp_redirect: remove from checking for IPv6 route
get (bsc#1012628).
- selftests: icmp_redirect: IPv6 PMTU info should be cleared
after redirect (bsc#1012628).
- pwm: sprd: Ensure configuring period and duty_cycle isn't
wrongly skipped (bsc#1012628).
- cxgb4: fix IRQ free race during driver unload (bsc#1012628).
- drm/vmwgfx: Fix a bad merge in otable batch takedown
(bsc#1012628).
- mptcp: fix warning in __skb_flow_dissect() when do syn cookie
for subflow join (bsc#1012628).
- mptcp: remove redundant req destruct in subflow_check_req()
(bsc#1012628).
- mptcp: fix syncookie process if mptcp can not_accept new subflow
(bsc#1012628).
- mptcp: add sk parameter for mptcp_get_options (bsc#1012628).
- mptcp: avoid processing packet if a subflow reset (bsc#1012628).
- selftests: mptcp: fix case multiple subflows limited by server
(bsc#1012628).
- mptcp: use fast lock for subflows when possible (bsc#1012628).
- mptcp: refine mptcp_cleanup_rbuf (bsc#1012628).
- mptcp: properly account bulk freed memory (bsc#1012628).
- net: phy: marvell10g: fix differentiation of 88X3310 from
88X3340 (bsc#1012628).
- nvme-pci: do not call nvme_dev_remove_admin from nvme_remove
(bsc#1012628).
- net: ocelot: fix switchdev objects synced for wrong netdev
with LAG offload (bsc#1012628).
- sfc: fix lack of XDP TX queues - error XDP TX failed (-22)
(bsc#1012628).
- KVM: x86/pmu: Clear anythread deprecated bit when 0xa leaf is
unsupported on the SVM (bsc#1012628).
- KVM: SVM: Return -EFAULT if copy_to_user() for SEV mig packet
header fails (bsc#1012628).
- KVM: SVM: Fix sev_pin_memory() error checks in SEV migration
utilities (bsc#1012628).
- arm64: mte: fix restoration of GCR_EL1 from suspend
(bsc#1012628).
- ARM: dts: aspeed: Update e3c246d4i vuart properties
(bsc#1012628).
- firmware: arm_scmi: Ensure drivers provide a probe function
(bsc#1012628).
- perf inject: Fix dso->nsinfo refcounting (bsc#1012628).
- perf map: Fix dso->nsinfo refcounting (bsc#1012628).
- perf probe: Fix dso->nsinfo refcounting (bsc#1012628).
- perf env: Fix sibling_dies memory leak (bsc#1012628).
- perf test session_topology: Delete session->evlist
(bsc#1012628).
- perf test event_update: Fix memory leak of evlist (bsc#1012628).
- perf test event_update: Fix memory leak of unit (bsc#1012628).
- perf dso: Fix memory leak in dso__new_map() (bsc#1012628).
- perf test maps__merge_in: Fix memory leak of maps (bsc#1012628).
- perf env: Fix memory leak of cpu_pmu_caps (bsc#1012628).
- perf report: Free generated help strings for sort option
(bsc#1012628).
- perf script: Release zstd data (bsc#1012628).
- perf script: Fix memory 'threads' and 'cpus' leaks on exit
(bsc#1012628).
- perf lzma: Close lzma stream on exit (bsc#1012628).
- perf probe-file: Delete namelist in del_events() on the error
path (bsc#1012628).
- perf data: Close all files in close_dir() (bsc#1012628).
- perf sched: Fix record failure when CONFIG_SCHEDSTATS is not
set (bsc#1012628).
- Kbuild: lto: fix module versionings mismatch in GNU make 3.X
(bsc#1012628).
- ASoC: wm_adsp: Correct wm_coeff_tlv_get handling (bsc#1012628).
- spi: stm32: fixes pm_runtime calls in probe/remove
(bsc#1012628).
- regulator: hi6421: Use correct variable type for regmap api
val argument (bsc#1012628).
- regulator: hi6421: Fix getting wrong drvdata (bsc#1012628).
- spi: mediatek: fix fifo rx mode (bsc#1012628).
- ASoC: rt5631: Fix regcache sync errors on resume (bsc#1012628).
- bpf, test: fix NULL pointer dereference on invalid
expected_attach_type (bsc#1012628).
- bpf: Fix tail_call_reachable rejection for interpreter when
jit failed (bsc#1012628).
- xdp, net: Fix use-after-free in bpf_xdp_link_release
(bsc#1012628).
- ASoC: SOF: Intel: Update ADL descriptor to use ACPI power states
(bsc#1012628).
- timers: Fix get_next_timer_interrupt() with no timers pending
(bsc#1012628).
- drm/vc4: hdmi: Drop devm interrupt handler for CEC interrupts
(bsc#1012628).
- net: dsa: mv88e6xxx: NET_DSA_MV88E6XXX_PTP should depend on
NET_DSA_MV88E6XXX (bsc#1012628).
- liquidio: Fix unintentional sign extension issue on left shift
of u16 (bsc#1012628).
- s390/bpf: Perform r1 range checking before accessing
jit->seen_reg[r1] (bsc#1012628).
- bpf, sockmap: Fix potential memory leak on unlikely error case
(bsc#1012628).
- bpf, sockmap, tcp: sk_prot needs inuse_idx set for proc stats
(bsc#1012628).
- bpf, sockmap, udp: sk_prot needs inuse_idx set for proc stats
(bsc#1012628).
- bpftool: Check malloc return value in mount_bpffs_for_pin
(bsc#1012628).
- net: fix uninit-value in caif_seqpkt_sendmsg (bsc#1012628).
- spi: spi-cadence-quadspi: Fix division by zero warning
(bsc#1012628).
- usb: hso: fix error handling code of hso_create_net_device
(bsc#1012628).
- dma-mapping: handle vmalloc addresses in
dma_common_{mmap,get_sgtable} (bsc#1012628).
- ASoC: soc-pcm: add a flag to reverse the stop sequence
(bsc#1012628).
- efi/tpm: Differentiate missing and invalid final event log table
(bsc#1012628).
- net: decnet: Fix sleeping inside in af_decnet (bsc#1012628).
- KVM: PPC: Book3S: Fix CONFIG_TRANSACTIONAL_MEM=n crash
(bsc#1012628).
- KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak (bsc#1012628).
- net: sched: fix memory leak in tcindex_partial_destroy_work
(bsc#1012628).
- sctp: trim optlen when it's a huge value in sctp_setsockopt
(bsc#1012628).
- netrom: Decrease sock refcount when sock timers expire
(bsc#1012628).
- scsi: iscsi: Fix iface sysfs attr detection (bsc#1012628).
- scsi: target: Fix protect handling in WRITE SAME(32)
(bsc#1012628).
- spi: cadence: Correct initialisation of runtime PM again
(bsc#1012628).
- ACPI: Kconfig: Fix table override from built-in initrd
(bsc#1012628).
- efi/dev-path-parser: Switch to use for_each_acpi_dev_match()
(bsc#1012628).
- ACPI: utils: Fix reference counting in for_each_acpi_dev_match()
(bsc#1012628).
- bnxt_en: don't disable an already disabled PCI device
(bsc#1012628).
- bnxt_en: Refresh RoCE capabilities in bnxt_ulp_probe()
(bsc#1012628).
- bnxt_en: Add missing check for BNXT_STATE_ABORT_ERR in
bnxt_fw_rset_task() (bsc#1012628).
- bnxt_en: fix error path of FW reset (bsc#1012628).
- bnxt_en: Validate vlan protocol ID on RX packets (bsc#1012628).
- bnxt_en: Check abort error state in bnxt_half_open_nic()
(bsc#1012628).
- net: hisilicon: rename CACHE_LINE_MASK to avoid redefinition
(bsc#1012628).
- net/tcp_fastopen: fix data races around tfo_active_disable_stamp
(bsc#1012628).
- ALSA: hda: intel-dsp-cfg: add missing ElkhartLake PCI ID
(bsc#1012628).
- net: hns3: fix possible mismatches resp of mailbox
(bsc#1012628).
- net: hns3: fix rx VLAN offload state inconsistent issue
(bsc#1012628).
- spi: spi-bcm2835: Fix deadlock (bsc#1012628).
- io_uring: fix memleak in io_init_wq_offload() (bsc#1012628).
- net/sched: act_skbmod: Skip non-Ethernet packets (bsc#1012628).
- ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions
(bsc#1012628).
- ceph: don't WARN if we're still opening a session to an MDS
(bsc#1012628).
- i2c: mpc: Poll for MCF (bsc#1012628).
- scsi: target: Fix NULL dereference on XCOPY completion
(bsc#1012628).
- drm/ttm: Force re-init if ttm_global_init() fails (bsc#1012628).
- nvme-pci: don't WARN_ON in nvme_reset_work if ctrl.state is
not RESETTING (bsc#1012628).
- Revert "USB: quirks: ignore remote wake-up on Fibocom L850-GL
LTE modem" (bsc#1012628).
- afs: Fix tracepoint string placement with built-in AFS
(bsc#1012628).
- afs: check function return (bsc#1012628).
- afs: Fix setting of writeback_index (bsc#1012628).
- r8169: Avoid duplicate sysfs entry creation error (bsc#1012628).
- nvme: set the PRACT bit when using Write Zeroes with T10 PI
(bsc#1012628).
- sctp: update active_key for asoc when old key is being replaced
(bsc#1012628).
- udp: check encap socket in __udp_lib_err (bsc#1012628).
- ibmvnic: Remove the proper scrq flush (bsc#1012628).
- riscv: Fix 32-bit RISC-V boot failure (bsc#1012628).
- tcp: disable TFO blackhole logic by default (bsc#1012628).
- net: dsa: sja1105: make VID 4095 a bridge VLAN too
(bsc#1012628).
- RISC-V: load initrd wherever it fits into memory (bsc#1012628).
- net: sched: cls_api: Fix the the wrong parameter (bsc#1012628).
- drm/panel: raspberrypi-touchscreen: Prevent double-free
(bsc#1012628).
- dpaa2-switch: seed the buffer pool after allocating the swp
(bsc#1012628).
- cifs: only write 64kb at a time when fallocating a small region
of a file (bsc#1012628).
- cifs: fix fallocate when trying to allocate a hole
(bsc#1012628).
- ACPI: fix NULL pointer dereference (bsc#1012628).
- io_uring: Fix race condition when sqp thread goes to sleep
(bsc#1012628).
- mmc: core: Don't allocate IDA for OF aliases (bsc#1012628).
- s390/ftrace: fix ftrace_update_ftrace_func implementation
(bsc#1012628).
- s390/boot: fix use of expolines in the DMA code (bsc#1012628).
- ALSA: usb-audio: Add missing proc text entry for BESPOKEN type
(bsc#1012628).
- ALSA: usb-audio: Add registration quirk for JBL Quantum headsets
(bsc#1012628).
- ALSA: sb: Fix potential ABBA deadlock in CSP driver
(bsc#1012628).
- ALSA: hda/realtek: Fix pop noise and 2 Front Mic issues on a
machine (bsc#1012628).
- ALSA: hdmi: Expose all pins on MSI MS-7C94 board (bsc#1012628).
- ALSA: pcm: Call substream ack() method upon compat mmap commit
(bsc#1012628).
- ALSA: pcm: Fix mmap capability check (bsc#1012628).
- usb: xhci: avoid renesas_usb_fw.mem when it's unusable
(bsc#1012628).
- xhci: Fix lost USB 2 remote wake (bsc#1012628).
- usb: ehci: Prevent missed ehci interrupts with edge-triggered
MSI (bsc#1012628).
- KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state
(bsc#1012628).
- usb: hub: Disable USB 3 device initiated lpm if exit latency
is too high (bsc#1012628).
- usb: hub: Fix link power management max exit latency (MEL)
calculations (bsc#1012628).
- USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS
(bsc#1012628).
- usb: max-3421: Prevent corruption of freed memory (bsc#1012628).
- usb: renesas_usbhs: Fix superfluous irqs happen after
usb_pkt_pop() (bsc#1012628).
- USB: serial: option: add support for u-blox LARA-R6 family
(bsc#1012628).
- USB: serial: cp210x: fix comments for GE CS1000 (bsc#1012628).
- USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick
(bsc#1012628).
- usb: gadget: Fix Unbalanced pm_runtime_enable in
tegra_xudc_probe (bsc#1012628).
- usb: dwc2: Skip clock gating on Samsung SoCs (bsc#1012628).
- usb: dwc2: gadget: Fix GOUTNAK flow for Slave mode
(bsc#1012628).
- usb: dwc2: gadget: Fix sending zero length packet in DDMA mode
(bsc#1012628).
- usb: typec: tipd: Don't block probing of consumer of "connector"
nodes (bsc#1012628).
- usb: typec: stusb160x: register role switch before interrupt
registration (bsc#1012628).
- usb: typec: stusb160x: Don't block probing of consumer of
"connector" nodes (bsc#1012628).
- firmware/efi: Tell memblock about EFI iomem reservations
(bsc#1012628).
- tracepoints: Update static_call before tp_funcs when adding
a tracepoint (bsc#1012628).
- tracing/histogram: Rename "cpu" to "common_cpu" (bsc#1012628).
- tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop
(bsc#1012628).
- tracing: Synthetic event field_pos is an index not a boolean
(bsc#1012628).
- btrfs: check for missing device in btrfs_trim_fs (bsc#1012628).
- btrfs: fix unpersisted i_size on fsync after expanding truncate
(bsc#1012628).
- btrfs: fix lock inversion problem when doing qgroup extent
tracing (bsc#1012628).
- media: ngene: Fix out-of-bounds bug in
ngene_command_config_free_buf() (bsc#1012628).
- ixgbe: Fix packet corruption due to missing DMA sync
(bsc#1012628).
- driver core: auxiliary bus: Fix memory leak when
driver_register() fail (bsc#1012628).
- bus: mhi: pci_generic: Apply no-op for wake using sideband
wake boolean (bsc#1012628).
- bus: mhi: core: Validate channel ID when processing command
completions (bsc#1012628).
- bus: mhi: pci_generic: Fix inbound IPCR channel (bsc#1012628).
- posix-cpu-timers: Fix rearm racing against process tick
(bsc#1012628).
- selftest: use mmap instead of posix_memalign to allocate memory
(bsc#1012628).
- io_uring: explicitly count entries for poll reqs (bsc#1012628).
- io_uring: remove double poll entry on arm failure (bsc#1012628).
- io_uring: fix early fdput() of file (bsc#1012628).
- userfaultfd: do not untag user pointers (bsc#1012628).
- kfence: move the size check to the beginning of __kfence_alloc()
(bsc#1012628).
- kfence: skip all GFP_ZONEMASK allocations (bsc#1012628).
- mm: call flush_dcache_page() in memcpy_to_page() and
memzero_page() (bsc#1012628).
- mm: page_alloc: fix page_poison=1 / INIT_ON_ALLOC_DEFAULT_ON
interaction (bsc#1012628).
- memblock: make for_each_mem_range() traverse MEMBLOCK_HOTPLUG
regions (bsc#1012628).
- mm: fix the deadlock in finish_fault() (bsc#1012628).
- hugetlbfs: fix mount mode command line processing (bsc#1012628).
- rbd: don't hold lock_rwsem while running_list is being drained
(bsc#1012628).
- rbd: always kick acquire on "acquired" and "released"
notifications (bsc#1012628).
- misc: eeprom: at24: Always append device id even if label
property is set (bsc#1012628).
- nds32: fix up stack guard gap (bsc#1012628).
- driver core: Prevent warning when removing a device link from
unregistered consumer (bsc#1012628).
- drm: Return -ENOTTY for non-drm ioctls (bsc#1012628).
- drm/amdgpu: update gc golden setting for dimgrey_cavefish
(bsc#1012628).
- drm/amdgpu: update the golden setting for vangogh (bsc#1012628).
- drm/amdgpu: update golden setting for sienna_cichlid
(bsc#1012628).
- spi: spi-cadence-quadspi: Revert "Fix division by zero warning"
(bsc#1012628).
- bonding: fix build issue (bsc#1012628).
- mptcp: fix 'masking a bool' warning (bsc#1012628).
- skbuff: Release nfct refcount on napi stolen or re-used skbs
(bsc#1012628).
- ARM: multi_v7_defconfig: Make NOP_USB_XCEIV driver built-in
(bsc#1012628).
- Documentation: Fix intiramfs script name (bsc#1012628).
- arm64: entry: fix KCOV suppression (bsc#1012628).
- perf inject: Close inject.output on exit (bsc#1012628).
- drm/i915/gvt: Clear d3_entered on elsp cmd submission
(bsc#1012628).
- spi: spi-cadence-quadspi: Fix division by zero warning - try2
(bsc#1012628).
- sfc: ensure correct number of XDP queues (bsc#1012628).
- skbuff: Fix build with SKB extensions disabled (bsc#1012628).
- commit b45358d
++++ lua54:
- Update upstream-bugs.patch and upstream-bugs-test.patch to fix
bugs 4,5,6 for build and tests respectively.
++++ openssl-3:
- Update to 3.0.0 Beta 2
* The ERR_GET_FUNC() function was removed. With the loss of
meaningful function codes, this function can only cause problems
for calling applications.
* While a callback function set via 'SSL_CTX_set_cert_verify_callback()'
is not allowed to return a value > 1, this is no more taken as
failure.
* Deprecated the obsolete X9.31 RSA key generation related
functions BN_X931_generate_Xpq(), BN_X931_derive_prime_ex(),
and BN_X931_generate_prime_ex().
- Remove openssl-ppc64-fix-build.patch fixed upstream
++++ systemd:
- Avoid the error message when udev is updated due to udev being
already active when the sockets are started again (bsc#1188291)
++++ tpm2.0-tools:
- Add 0001-tpm2_eventlog-fix-buffer-offset-when-reading-the-eve.patch to
fix the offset of the read buffer
------------------------------------------------------------------
------------------ 2021-7-28 - Jul 28 2021 -------------------
------------------------------------------------------------------
++++ NetworkManager:
- Update to version 1.32.6:
+ core:
- Fix adding stale local routes when address changes.
- Introduce "allowed-connections" option to disallow profiles
on a device. This allows to filter out profiles that
originate from initrd.
- Introduce "keep-configuration" device option to forcefully
activate a profile on start.
+ initrd:
- Tag generated profiles with origin in user data.
- Add "ib.pkey=" command line option.
+ dhcp: Handle filename/bootfile_name DHCP option and write it to
device state file for initrd/kickstart.
++++ aaa_base:
- Update to version 84.87+git20210727.b447649:
* Move /etc/profile.d/* to /usr/etc/profile.d/
++++ iproute2:
- Update to release 5.13
* mptcp: add support for port-based endpoints
* nexthop: Add ability to specify group type, add support for
resilient nexthop groups and nexthop buckets
* ip: xfrm: add support for tfcpad
* ip-nexthop: support flush by id
* mptcp: add support for event monitoring
* bridge: monitor: add support for vlan monitoring
++++ kernel-default:
- use 3.0 SPDX identifier in rpm License tags
As requested by Maintenance, change rpm License tags from "GPL-2.0"
(SPDX 2.0) to "GPL-2.0-only" (SPDX 3.0) so that their scripts do not have
to adjust the tags with each maintenance update submission.
- commit f888e0b
- KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow (bsc#1188838
CVE-2021-37576).
- commit b53c0bd
++++ openssl-1_1:
- Require the crypto-policies package from libopenssl-1_1
++++ protobuf:
- Remove two build requires that are not needed
++++ zypper:
- Support new reports for singletrans rpm commit.
- BuildRequires: libzypp-devel >= 17.27.1.
For lock/query comments.
- Prompt: choose exact match if prompt options are not prefix
free (bsc#1188156)
- Install summary: Show new and removed packages closer to the
prompt (fixes #403)
These packages are usually more interesting than the updated
ones. In case of doubt less scrolling is needed to see them.
- Add need reboot/restart hint to XML install summary
(bsc#1188435)
- Add comment option for lock command (fixes #388).
- version 1.14.48
------------------------------------------------------------------
------------------ 2021-7-27 - Jul 27 2021 -------------------
------------------------------------------------------------------
++++ ceph:
- Update to 16.2.5-111-ga5b472dfcf8:
+ (bsc#1188741) compression/snappy: use uint32_t to be compatible with 1.1.9
++++ libvirt:
- spec: Re-exec'ing virt{lock,log}d in posttrans was mistakenly
dropped in a previous change. Add it back.
++++ osinfo-db:
- bsc#1182144 - osinfo-db: autoinst.xml does not work with
Tumbleweed. Fixes nested language problem.
opensuse-autoyast-desktop.patch
++++ perl-Bootloader:
- merge gh#openSUSE/perl-bootloader#135
- fix typo in update-bootloader
- 0.935
------------------------------------------------------------------
------------------ 2021-7-26 - Jul 26 2021 -------------------
------------------------------------------------------------------
++++ NetworkManager:
- Add libnm0 to baselibs.conf to be used by 64bit Steam
++++ bash:
- Use a get_version_number.sh script
++++ ncurses:
- Add ncurses patch 20210724
+ add workaround for Windows Terminal's problems with CR/LF mapping to
ms-terminal (patch by Juergen Pfeifer).
+ review/update current Windows Terminal vs ms-terminal -TD
- Correct offsets of patch ncurses-6.2.dif
++++ parted:
- update to version 3.4:
* Add new partition type flags chromeos_kernel and bls_boot.
* Add support for the F2FS filesystem.
refreshed patches:
- dummy-bootcode-only-for-x86.patch
- parted-fix-resizepart-and-rm-command.patch
- parted-type.patch
- parted-wipeaix.patch
- tests-adapt-to-SUSE.patch
removed patches:
- parted-fix-end_input-usage.patch
- parted-resize-alias-to-resizepart.patch
++++ systemd:
- Import commit 73e9e6fb847513c6d62f2fb445778ef5bc0fe516 (merge of v248.6)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/cb29bcc5ef2c0ee659686c5d229646a6ba98ec50...73e9e6fb847513c6d62f2fb445778ef5bc0fe516
++++ libzypp:
- Rephrase vendor conflict message in case 2 packages are
involved (bsc#1187760)
This covers the case where not the packages itself would change
its vendor, but replaces a package from a different vendor.
- Fix solver jobs for PTFs (bsc#1186503)
- spec: switch to pkgconfig(openssl)
- Show key fpr from signature when signature check fails
(bsc#1187224)
Rpm by default only shows the short key ID when checking the
signature of a package fails. This patch reads the signatures
from the RPM headers and replaces she short IDs with the key
fingerprints fetched from the signatures.
- Implement alternative single transaction commit strategy.
This patch adds a experimental commit strategy that runs all
operations in a single rpm transaction, speeding up the execution
a lot.
- Use ZYPP_MEDIANETWORK=1 to enable the experimental new media
backend.
- Implement zchunk download, refactor Downloader backend.
- Fix purge-kernels fails with kernels from Kernel:HEAD
(bsc#1187738)
There recently was a change in the kernel package naming scheme
in regards to rc kernels. Since kernel upstream uses characters
in the version that are not allowed in rpm versions a "-rc" was
previously replaced with ".rc" which broke sorting by version, to
fix this issue it was replaced with "~rc", which unfortunately
broke the purge-kernels logic. This patch makes sure purge-kernel
does apply the same conversion.
- version 17.28.0 (22)
++++ osinfo-db:
- Add support for openSUSE Leap 15.4, SLE15-SP4, and SLEM 5.1
(bsc#1188692)
add-opensuse-leap-15.4-support.patch
add-sle15sp4-support.patch
add-slem5.1-support.patch
++++ u-boot-rpiarm64:
- Drop qemu-riscv64spl flavor
- Use generic opensbi for sifiveunleashed
- Rename sifivefu540 to sifiveunleashed to follow upstream
- Update to 2021.07
- Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.07
* Patches dropped:
0014-fs-btrfs-fix-the-false-alert-of-dec.patch
0015-arm64-dts-meson-odroidc2-readd-PHY-.patch
------------------------------------------------------------------
------------------ 2021-7-25 - Jul 25 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Update to 5.14-rc3
- eliminated 1 patch:
- patches.suse/seq_file-disallow-extremely-large-seq-buffer-allocat.patch
- update configs
- SND_SOC_SSM2518=n (x86 and riscv64)
- drop SND_SOC_ZX_AUD96P22
- commit ee7a475
- Linux 5.13.5 (bsc#1012628).
- mt76: mt7921: continue to probe driver when fw already
downloaded (bsc#1012628).
- udp: properly flush normal packet at GRO time (bsc#1012628).
- udp: annotate data races around unix_sk(sk)->gso_size
(bsc#1012628).
- firmware: arm_scmi: Avoid padding in sensor message structure
(bsc#1012628).
- drm/panel: nt35510: Do not fail if DSI read fails (bsc#1012628).
- perf test bpf: Free obj_buf (bsc#1012628).
- bpf: Track subprog poke descriptors correctly and fix
use-after-free (bsc#1012628).
- bpftool: Properly close va_list 'ap' by va_end() on error
(bsc#1012628).
- tools: bpf: Fix error in 'make -C tools/ bpf_install'
(bsc#1012628).
- tcp: call sk_wmem_schedule before sk_mem_charge in zerocopy path
(bsc#1012628).
- ipv6: tcp: drop silly ICMPv6 packet too big messages
(bsc#1012628).
- tcp: fix tcp_init_transfer() to not reset icsk_ca_initialized
(bsc#1012628).
- tcp: annotate data races around tp->mtu_info (bsc#1012628).
- tcp: consistently disable header prediction for mptcp
(bsc#1012628).
- ARM: dts: everest: Add phase corrections for eMMC (bsc#1012628).
- ARM: dts: tacoma: Add phase corrections for eMMC (bsc#1012628).
- ARM: dts: aspeed: Fix AST2600 machines line names (bsc#1012628).
- vboxsf: Add support for the atomic_open directory-inode op
(bsc#1012628).
- vboxsf: Add vboxsf_[create|release]_sf_handle() helpers
(bsc#1012628).
- vboxsf: Make vboxsf_dir_create() return the handle for the
created file (bsc#1012628).
- vboxsf: Honor excl flag to the dir-inode create op
(bsc#1012628).
- kbuild: do not suppress Kconfig prompts for silent build
(bsc#1012628).
- dma-buf/sync_file: Don't leak fences on merge failure
(bsc#1012628).
- net: fddi: fix UAF in fza_probe (bsc#1012628).
- net: dsa: properly check for the bridge_leave methods in
dsa_switch_bridge_leave() (bsc#1012628).
- net: validate lwtstate->data before returning from
skb_tunnel_info() (bsc#1012628).
- net: do not reuse skbuff allocated from skbuff_fclone_cache
in the skb cache (bsc#1012628).
- net: send SYNACK packet with accepted fwmark (bsc#1012628).
- net: ti: fix UAF in tlan_remove_one (bsc#1012628).
- net: qcom/emac: fix UAF in emac_remove (bsc#1012628).
- net: moxa: fix UAF in moxart_mac_probe (bsc#1012628).
- net: ip_tunnel: fix mtu calculation for ETHER tunnel devices
(bsc#1012628).
- net: bcmgenet: Ensure all TX/RX queues DMAs are disabled
(bsc#1012628).
- net: netdevsim: use xso.real_dev instead of xso.dev in callback
functions of struct xfrmdev_ops (bsc#1012628).
- net: marvell: always set skb_shared_info in
mvneta_swbm_add_rx_fragment (bsc#1012628).
- net: bridge: sync fdb to new unicast-filtering ports
(bsc#1012628).
- net/sched: act_ct: remove and free nf_table callbacks
(bsc#1012628).
- vmxnet3: fix cksum offload issues for tunnels with non-default
udp ports (bsc#1012628).
- netfilter: nf_tables: Fix dereference of null pointer flow
(bsc#1012628).
- net/sched: act_ct: fix err check for nf_conntrack_confirm
(bsc#1012628).
- netfilter: ctnetlink: suspicious RCU usage in
ctnetlink_dump_helpinfo (bsc#1012628).
- net: ipv6: fix return value of ip6_skb_dst_mtu (bsc#1012628).
- net: dsa: mv88e6xxx: enable SerDes PCS register dump via
ethtool -d on Topaz (bsc#1012628).
- net: dsa: mv88e6xxx: enable SerDes RX stats for Topaz
(bsc#1012628).
- net: dsa: mv88e6xxx: enable devlink ATU hash param for Topaz
(bsc#1012628).
- net: dsa: mv88e6xxx: enable .rmu_disable() on Topaz
(bsc#1012628).
- net: dsa: mv88e6xxx: use correct .stats_set_histogram() on Topaz
(bsc#1012628).
- net: dsa: mv88e6xxx: enable .port_set_policy() on Topaz
(bsc#1012628).
- net: bcmgenet: ensure EXT_ENERGY_DET_MASK is clear
(bsc#1012628).
- f2fs: Show casefolding support only when supported
(bsc#1012628).
- mm/userfaultfd: fix uffd-wp special cases for fork()
(bsc#1012628).
- mm/thp: simplify copying of huge zero page pmd when fork
(bsc#1012628).
- Revert "mm/shmem: fix shmem_swapin() race with swapoff"
(bsc#1012628).
- Revert "swap: fix do_swap_page() race with swapoff"
(bsc#1012628).
- arm64: dts: marvell: armada-37xx: move firmware node to generic
dtsi file (bsc#1012628).
- firmware: turris-mox-rwtm: add marvell,armada-3700-rwtm-firmware
compatible string (bsc#1012628).
- cifs: prevent NULL deref in cifs_compose_mount_options()
(bsc#1012628).
- s390: introduce proper type handling call_on_stack() macro
(bsc#1012628).
- s390/traps: do not test MONITOR CALL without CONFIG_BUG
(bsc#1012628).
- thermal/core/thermal_of: Stop zone device before unregistering
it (bsc#1012628).
- perf/x86/intel/uncore: Clean up error handling path of iio
mapping (bsc#1012628).
- sched/fair: Fix CFS bandwidth hrtimer expiry type (bsc#1012628).
- scsi: qedf: Add check to synchronize abort and flush
(bsc#1012628).
- scsi: libfc: Fix array index out of bound exception
(bsc#1012628).
- scsi: libsas: Add LUN number check in .slave_alloc callback
(bsc#1012628).
- scsi: aic7xxx: Fix unintentional sign extension issue on left
shift of u8 (bsc#1012628).
- rtc: max77686: Do not enforce (incorrect) interrupt trigger type
(bsc#1012628).
- arch/arm64/boot/dts/marvell: fix NAND partitioning scheme
(bsc#1012628).
- kbuild: mkcompile_h: consider timestamp if
KBUILD_BUILD_TIMESTAMP is set (bsc#1012628).
- arm64: dts: qcom: sm8150: Disable Adreno and modem by default
(bsc#1012628).
- arm64: dts: qcom: sm8250: Fix pcie2_lane unit address
(bsc#1012628).
- thermal/drivers/sprd: Add missing of_node_put for loop iteration
(bsc#1012628).
- thermal/drivers/imx_sc: Add missing of_node_put for loop
iteration (bsc#1012628).
- thermal/drivers/rcar_gen3_thermal: Do not shadow
rcar_gen3_ths_tj_1 (bsc#1012628).
- thermal/core: Correct function name
thermal_zone_device_unregister() (bsc#1012628).
- arm64: dts: imx8: conn: fix enet clock setting (bsc#1012628).
- arm64: dts: imx8mq: assign PCIe clocks (bsc#1012628).
- arm64: dts: imx8mn-beacon-som: Assign PMIC clock (bsc#1012628).
- arm64: dts: ls208xa: remove bus-num from dspi node
(bsc#1012628).
- arm64: dts: rockchip: Update RK3399 PCI host bridge window to
32-bit address memory (bsc#1012628).
- firmware: tegra: bpmp: Fix Tegra234-only builds (bsc#1012628).
- soc/tegra: fuse: Fix Tegra234-only builds (bsc#1012628).
- ARM: OMAP2+: Block suspend for am3 and am4 if PM is not
configured (bsc#1012628).
- arm64: dts: qcom: sc7180: Add wakeup delay for adau codec
(bsc#1012628).
- ARM: dts: stm32: fix stpmic node for stm32mp1 boards
(bsc#1012628).
- ARM: dts: stm32: Rename spi-flash/mx66l51235l@N to flash@N on
DHCOM SoM (bsc#1012628).
- ARM: dts: stm32: Rename eth@N to ethernet@N on DHCOM SoM
(bsc#1012628).
- ARM: dts: stm32: Drop unused linux,wakeup from touchscreen
node on DHCOM SoM (bsc#1012628).
- ARM: dts: stm32: fix the Odyssey SoM eMMC VQMMC supply
(bsc#1012628).
- ARM: dts: stm32: fix ltdc pinctrl on microdev2.0-of7
(bsc#1012628).
- ARM: dts: stm32: move stmmac axi config in ethernet node on
stm32mp15 (bsc#1012628).
- ARM: dts: stm32: fix i2c node name on stm32f746 to prevent
warnings (bsc#1012628).
- ARM: dts: rockchip: fix supply properties in io-domains nodes
(bsc#1012628).
- arm64: dts: juno: Update SCPI nodes as per the YAML schema
(bsc#1012628).
- i3c: master: svc: drop free_irq of devm_request_irq allocated
irq (bsc#1012628).
- ARM: dts: bcm283x: Fix up GPIO LED node names (bsc#1012628).
- ARM: dts: bcm283x: Fix up MMC node names (bsc#1012628).
- ARM: dts: aspeed: Everest: Fix cable card PCA chips
(bsc#1012628).
- firmware: arm_scmi: Fix the build when CONFIG_MAILBOX is not
selected (bsc#1012628).
- firmware: arm_scmi: Add SMCCC discovery dependency in Kconfig
(bsc#1012628).
- memory: tegra: Fix compilation warnings on 64bit platforms
(bsc#1012628).
- ARM: dts: stm32: fix timer nodes on STM32 MCU to prevent
warnings (bsc#1012628).
- ARM: dts: stm32: fix RCC node name on stm32f429 MCU
(bsc#1012628).
- ARM: dts: stm32: fix gpio-keys node on STM32 MCU boards
(bsc#1012628).
- ARM: dts: stm32: fix stm32mp157c-odyssey card detect pin
(bsc#1012628).
- ARM: dts: stm32: Fix touchscreen node on dhcom-pdk2
(bsc#1012628).
- ARM: dts: stm32: Remove extra size-cells on dhcom-pdk2
(bsc#1012628).
- arm64: dts: qcom: sc7180: Move rmtfs memory region
(bsc#1012628).
- arm64: dts: qcom: sm8250: fix display nodes (bsc#1012628).
- arm64: dts: qcom: sm8350: fix the node unit addresses
(bsc#1012628).
- ARM: tegra: nexus7: Correct 3v3 regulator GPIO of PM269 variant
(bsc#1012628).
- ARM: tegra: wm8903: Fix polarity of headphones-detection GPIO
in device-trees (bsc#1012628).
- arm64: dts: ti: k3-am654x/j721e/j7200-common-proc-board:
Fix MCU_RGMII1_TXC direction (bsc#1012628).
- arm64: tegra: Add PMU node for Tegra194 (bsc#1012628).
- ARM: dts: OMAP2+: Replace underscores in sub-mailbox node names
(bsc#1012628).
- ARM: dts: am335x: fix ti,no-reset-on-init flag for gpios
(bsc#1012628).
- ARM: dts: am437x-gp-evm: fix ti,no-reset-on-init flag for gpios
(bsc#1012628).
- ARM: dts: am57xx-cl-som-am57x: fix ti,no-reset-on-init flag
for gpios (bsc#1012628).
- kbuild: sink stdout from cmd for silent build (bsc#1012628).
- arm64: dts: renesas: beacon: Fix USB ref clock references
(bsc#1012628).
- arm64: dts: renesas: beacon: Fix USB extal reference
(bsc#1012628).
- rtc: mxc_v2: add missing MODULE_DEVICE_TABLE (bsc#1012628).
- ARM: dts: ux500: Fix orientation of Janice accelerometer
(bsc#1012628).
- ARM: dts: imx6dl-riotboard: configure PHY clock and set proper
EEE value (bsc#1012628).
- ARM: dts: ux500: Fix some compatible strings (bsc#1012628).
- ARM: dts: ux500: Fix orientation of accelerometer (bsc#1012628).
- ARM: dts: ux500: Rename gpio-controller node (bsc#1012628).
- ARM: dts: ux500: Fix interrupt cells (bsc#1012628).
- arm64: dts: rockchip: fix regulator-gpio states array
(bsc#1012628).
- ARM: imx: pm-imx5: Fix references to imx5_cpu_suspend_info
(bsc#1012628).
- ARM: dts: imx6: phyFLEX: Fix UART hardware flow control
(bsc#1012628).
- soc: mediatek: add missing MODULE_DEVICE_TABLE (bsc#1012628).
- soc: bcm: brcmstb: remove unused variable
'brcmstb_machine_match' (bsc#1012628).
- ARM: dts: BCM5301X: Fix pinmux subnodes names (bsc#1012628).
- ARM: dts: Hurricane 2: Fix NAND nodes names (bsc#1012628).
- ARM: dts: BCM63xx: Fix NAND nodes names (bsc#1012628).
- ARM: NSP: dts: fix NAND nodes names (bsc#1012628).
- ARM: Cygnus: dts: fix NAND nodes names (bsc#1012628).
- ARM: brcmstb: dts: fix NAND nodes names (bsc#1012628).
- ARM: dts: BCM5301X: Fix NAND nodes names (bsc#1012628).
- reset: ti-syscon: fix to_ti_syscon_reset_data macro
(bsc#1012628).
- arm64: dts: rockchip: Fix power-controller node names for rk3399
(bsc#1012628).
- arm64: dts: rockchip: Fix power-controller node names for rk3328
(bsc#1012628).
- arm64: dts: rockchip: Fix power-controller node names for px30
(bsc#1012628).
- ARM: dts: rockchip: Fix power-controller node names for rk3288
(bsc#1012628).
- ARM: dts: rockchip: Fix power-controller node names for rk3188
(bsc#1012628).
- ARM: dts: rockchip: Fix power-controller node names for rk3066a
(bsc#1012628).
- ARM: dts: rockchip: Fix IOMMU nodes properties on rk322x
(bsc#1012628).
- ARM: dts: rockchip: Fix the timer clocks order (bsc#1012628).
- arm64: dts: rockchip: fix pinctrl sleep nodename for rk3399.dtsi
(bsc#1012628).
- arm64: dts: rockchip: Use only supported PCIe link speed on
rk3399 (bsc#1012628).
- ARM: dts: rockchip: fix pinctrl sleep nodename for rk3036-kylin
and rk3288 (bsc#1012628).
- ARM: dts: rockchip: Fix thermal sensor cells o rk322x
(bsc#1012628).
- ARM: dts: gemini: add device_type on pci (bsc#1012628).
- ARM: dts: gemini: rename mdio to the right name (bsc#1012628).
- commit d9d5075
------------------------------------------------------------------
------------------ 2021-7-23 - Jul 23 2021 -------------------
------------------------------------------------------------------
++++ bash:
- Get patch lvl by running command to find it instead of hardcoding
- Remove old SUSE RPM constructs
- Clean spec file
++++ ca-certificates:
- Update to version 2+git20210723.27a0476:
* Don't trigger path unit on /usr/share
* Use flock to serialize calls (boo#1188500)
* Add --root <directory> option
++++ conmon:
- Update to version 2.0.29:
* Reset OOM score back to 0 for container runtime
* call functions registered with atexit on SIGTERM
* conn_sock: fix potential segfault
++++ kbd:
- Only run kbdsettings.service if /etc/sysconfig/keyboard exists.
Necessary for image based installations without admin made changes.
++++ kernel-default:
- r8152: Fix a deadlock by doubly PM resume (bsc#1186194).
- r8152: Fix potential PM refcount imbalance (bsc#1186194).
- commit f6cd057
++++ kernel-firmware:
- Update to version 20210719 (git commit 5de082d4d0f2):
* iwlwifi: add ty firmware from Core63-43
- Reduce the LZMA2 dictionary size (bsc#1188662)
++++ libcontainers-common:
- Update common to 0.41.0
0.38.18:
[0.38] seccomp: add support for defaultErrnoRet
0.41.0:
Allow /etc/containers/containers.conf to be read by non-root
Created numMem_linux.go and numMem.go and nummem_unsupported.go
Fix default definition of secrets in containers.conf
Report bad entries in containers.conf to the user
add shelldriver.
build(deps): bump github.com/containers/ocicrypt from 1.1.1 to 1.1.2
build(deps): bump github.com/containers/storage from 1.32.2 to 1.32.5
build(deps): bump github.com/mitchellh/mapstructure from 1.1.2 to 1.4.1
build(deps): bump github.com/onsi/gomega from 1.13.0 to 1.14.0
build(deps): bump github.com/spf13/cobra from 1.1.3 to 1.2.1
feat: add shell secret driver.
libimage: LookupImage: remove IgnorePlatform option
libimage: `(*Runtime).SystemContext()`
libimage: events: deferred write
libimage: force internal image lookups to ignore arch
libimage: import: fix tags
libimage: pull: enforce pull policy for custom platforms
libimage: pull: ignore platform for local image lookup
libimage: pull: override even --pull=never with custom platform
pull: custom platform: do not use local image name
0.38.13:
* libimage: events: deferred write
0.38.12:
* pull: custom platform: do not use local image name
0.40.1:
Vendor in containers/image v5.13.2
seccomp: tweak default profile (followup for #573)
libimage: lookup images by custom platform
libimage: force remove: only untag on multi tag image
build(deps): bump github.com/containers/image/v5 from 5.13.0 to 5.13.1
Set BigFilesTemporaryDir to GetEnv(TMPDIR) if set or /var/tmp
seccomp: always allow get_mempolicy, set_mempolicy, mbind
seccomp: let membarrier fail with ENOSYS
seccomp: allow rseq
seccomp: allow pkey_*
seccomp: let io_uring_* fail with ENOSYS
seccomp: allow clone3
0.40.0:
Add default for log-tag
Add support for config drop in directories
Do not set the default netns
Don't use systemd defaults if /proc/1/comm != systemd
Fix spacing on name value pairs to be consistent
Leave default seccomp path empty
Sort containers.conf and containers.conf.5.md
Strip extra trailing newlines in templates
Tests are writing customer config to host machine
Use SetCredentials and add verbose to loginopts
[NO TESTS NEEDED] Sort containers.conf and containers.conf.5.md
add 'secret' section to the containers.conf struct.
add @Luap99 to OWNERS
add passdriver for secrets.
build(deps): bump github.com/containers/image/v5 from 5.12.0 to 5.13.0
build(deps): bump github.com/containers/storage from 1.32.0 to 1.32.2
build(deps): bump github.com/docker/docker
build(deps): bump github.com/jinzhu/copier from 0.3.0 to 0.3.2
build(deps): bump github.com/onsi/ginkgo from 1.16.2 to 1.16.4
build(deps): bump github.com/onsi/gomega from 1.12.0 to 1.13.0
build(deps): bump github.com/opencontainers/selinux from 1.8.1 to 1.8.2
fix autodiscovery of the secret passdriver.
fixed comments
libimage: fix Exists
libimage: pull: turn image-lookup errors non-fatal
libmage: Exists: catch corrupted images
made necessary changes to handle OS/Arch while importing an image
pkg/config: fix systemd compile errors
pull: don't resolve short names on explicit docker:// reference
seccomp: add support for defaultErrnoRet
seccomp: allow more *_time64 syscalls
seccomp: allow timer_settime64
seccomp: switch default to ENOSYS
secrets: fix build with go 1.15
support tag@digest notation
0.39.0:
Vendor in containers/storage v1.32.0
Ensure configuration directory is created for networks
Include gateway in generated default networks
Use Private as default for rootless when we want CNI
rootless networking
libimage: add some comments
libimage: add more image tests
build(deps): bump github.com/containers/storage from 1.31.1 to 1.32.0
rootless_networking = "slirp4netns | cni"
build(deps): bump github.com/opencontainers/runc from 1.0.0-rc94 to 1.0.0-rc95
- Update podman to 3.2.3
3.2.3:
[#]## Security
- This release addresses CVE-2021-3602, an issue with the `podman build` command with the `--isolation chroot` flag that results in environment variables from the host leaking into build containers.
[#]## Bugfixes
- Fixed a bug where events related to images could occur before the relevant operation had completed (e.g. an image pull event could be written before the pull was finished) ([#10812](https://github.com/containers/podman/issues/10812)).
- Fixed a bug where `podman save` would refuse to save images with an architecture different from that of the host ([#10835](https://github.com/containers/podman/issues/10835)).
- Fixed a bug where the `podman import` command did not correctly handle images without tags ([#10854](https://github.com/containers/podman/issues/10854)).
- Fixed a bug where Podman's journald events backend would fail and prevent Podman from running when run on a host with systemd as PID1 but in an environment (e.g. a container) without systemd ([#10863](https://github.com/containers/podman/issues/10863)).
- Fixed a bug where containers using rootless CNI networking would fail to start when the `dnsname` CNI plugin was in use and the host system's `/etc/resolv.conf` was a symlink ([#10855](https://github.com/containers/podman/issues/10855) and [#10929](https://github.com/containers/podman/issues/10929)).
- Fixed a bug where containers using rootless CNI networking could fail to start due to a race in rootless CNI initialization ([#10930](https://github.com/containers/podman/issues/10930)).
[#]## Misc
- Updated Buildah to v1.21.3
- Updated the containers/common library to v0.38.16
- Update storage to 1.32.6
1.32.6:
Fix runtime panic for opening lockfile if parent dir got removed
Cleanup exclude exceptions path
build(deps): bump github.com/Microsoft/hcsshim from 0.8.17 to 0.8.20
Add test for bad entries in storage.conf
chunked: fix the path used for layers dedup
Report bad entries in storage.conf to the user
Use /run/user/UID in rootless mode if writable
- Update image to 5.14.0
v0.41.0:
* Allow /etc/containers/containers.conf to be read by non-root
* Created numMem_linux.go and numMem.go and nummem_unsupported.go
* Fix default definition of secrets in containers.conf
* Report bad entries in containers.conf to the user
* add shelldriver.
* build(deps): bump github.com/containers/ocicrypt from 1.1.1 to 1.1.2
* build(deps): bump github.com/containers/storage from 1.32.2 to 1.32.5
* build(deps): bump github.com/mitchellh/mapstructure from 1.1.2 to 1.4.1
* build(deps): bump github.com/onsi/gomega from 1.13.0 to 1.14.0
* build(deps): bump github.com/spf13/cobra from 1.1.3 to 1.2.1
* feat: add shell secret driver.
* libimage: LookupImage: remove IgnorePlatform option
* libimage: `(*Runtime).SystemContext()`
* libimage: events: deferred write
* libimage: force internal image lookups to ignore arch
* libimage: import: fix tags
* libimage: pull: enforce pull policy for custom platforms
* libimage: pull: ignore platform for local image lookup
* libimage: pull: override even --pull=never with custom platform
* pull: custom platform: do not use local image name
v0.40.1:
* Vendor in containers/image v5.13.2
* seccomp: tweak default profile (followup for #573)
* libimage: lookup images by custom platform
* libimage: force remove: only untag on multi tag image
* build(deps): bump github.com/containers/image/v5 from 5.13.0 to 5.13.1
* Set BigFilesTemporaryDir to GetEnv(TMPDIR) if set or /var/tmp
* seccomp: always allow get_mempolicy, set_mempolicy, mbind
* seccomp: let membarrier fail with ENOSYS
* seccomp: allow rseq
* seccomp: allow pkey_*
* seccomp: let io_uring_* fail with ENOSYS
* seccomp: allow clone3
v0.40.0:
* Add default for log-tag
* Add support for config drop in directories
* Do not set the default netns
* Don't use systemd defaults if /proc/1/comm != systemd
* Fix spacing on name value pairs to be consistent
* Leave default seccomp path empty
* Sort containers.conf and containers.conf.5.md
* Strip extra trailing newlines in templates
* Tests are writing customer config to host machine
* Use SetCredentials and add verbose to loginopts
* [NO TESTS NEEDED] Sort containers.conf and containers.conf.5.md
* add 'secret' section to the containers.conf struct.
* add @Luap99 to OWNERS
* add passdriver for secrets.
* build(deps): bump github.com/containers/image/v5 from 5.12.0 to 5.13.0
* build(deps): bump github.com/containers/storage from 1.32.0 to 1.32.2
* build(deps): bump github.com/docker/docker
* build(deps): bump github.com/jinzhu/copier from 0.3.0 to 0.3.2
* build(deps): bump github.com/onsi/ginkgo from 1.16.2 to 1.16.4
* build(deps): bump github.com/onsi/gomega from 1.12.0 to 1.13.0
* build(deps): bump github.com/opencontainers/selinux from 1.8.1 to 1.8.2
* fix autodiscovery of the secret passdriver.
* fixed comments
* libimage: fix Exists
* libimage: pull: turn image-lookup errors non-fatal
* libmage: Exists: catch corrupted images
* made necessary changes to handle OS/Arch while importing an image
* pkg/config: fix systemd compile errors
* pull: don't resolve short names on explicit docker:// reference
* seccomp: add support for defaultErrnoRet
* seccomp: allow more *_time64 syscalls
* seccomp: allow timer_settime64
* seccomp: switch default to ENOSYS
* secrets: fix build with go 1.15
* support tag@digest notation
v0.39:
* Vendor in containers/storage v1.32.0
* Ensure configuration directory is created for networks
* Include gateway in generated default networks
* Use Private as default for rootless when we want CNI
* rootless networking
* libimage: add some comments
* libimage: add more image tests
* build(deps): bump github.com/containers/storage from 1.31.1 to 1.32.0
* rootless_networking = "slirp4netns | cni"
* build(deps): bump github.com/opencontainers/runc from 1.0.0-rc94 to 1.0.0-rc95
++++ freetype2:
- Update to version 2.11.0
* A new rendering module has been added to create 8-bit Signed
Distance Field (SDF) bitmaps for both outline and bitmap glyphs.
* A new, experimental API is now available for surfacing properties
of 'COLR' v1 color fonts.
* A new function `FT_Get_Transform` returns the values set by
FT_Set_Transform.
* The legacy Type 1 and CFF engines are further demoted due to lack
of CFF2 charstring support.
* The experimental 'warp' mode (AF_CONFIG_OPTION_USE_WARPER) for the
auto-hinter has been removed.
* The smooth rasterizer performance has been improved by >10%.
* PCF bitmap fonts compressed with LZW (these are usually files with
the extension .pcf.Z) are now handled correctly.
++++ libglvnd:
- update to 1.3.3, fixes boo#1188640
++++ qemu:
- Disabled skiboot building for PowerPC due to the following issue:
https://github.com/open-power/skiboot/issues/265
- Fix possible mremap overflow in the pvrdma
(CVE-2021-3582, bsc#1187499)
hw-rdma-Fix-possible-mremap-overflow-in-.patch
- Ensure correct input on ring init
(CVE-2021-3607, bsc#1187539)
pvrdma-Ensure-correct-input-on-ring-init.patch
- Fix the ring init error flow
(CVE-2021-3608, bsc#1187538)
pvrdma-Fix-the-ring-init-error-flow-CVE-.patch
++++ vim:
- Updated to version 8.2.3204, fixes the following problems
- enable test_recover on x86_64/i586/ppc64* - disable-unreliable-tests.patch
- disable faulty tests on arm and s390x arch - disable-unreliable-tests-arch.patch
* Xxd always reports an old version string. (Ã…smund Ervik)
* Vim9: using try in catch block causes a hang.
* Vim9: an error in a catch block is not reported.
* Vim9: profile test fails.
* Powershell core not supported by default.
* Recover test fails on 32bit systems. (Ondřej Súkup)
* Cannot catch errors in a channel command.
* A channel command "echoerr" does not show anything.
* Crash when passing null string to charclass().
* Vim9: builtin function argument types are not checked at compile time.
* JSONC files are not recognized.
* Vim9: breakpoint on "for" does not work.
* Gemtext files are not recognized.
* With 'virtualedit' set to "block" Visual highlight is wrong after using
"$". (Marco Trosi)
* Garbage collection has useless code.
* With concealing enabled and indirectly closing a fold the cursor may be
somewhere in a folded line.
* Vim9: default argument expression cannot use previous argument
* Vim9: builtin function test fails without the +channel feature.
* tablabel_tooltip test fails with Athena. (Dominique Pellé)
* Test_popup_atcursor_pos() fails without the conceal feature.
* With 'virtualedit' set to "block" block selection is wrong after using
"$". (Marco Trosi)
* Temp files remain after running tests.
* Crash when using "quit" at recovery prompt and autocommands are triggered.
* Popup window test is flaky on MS-Windows with GUI.
* Vim9: missing catch/finally not reported at script level.
* Vim9: no error when using type with unknown number of arguments.
* Missing function prototype for vim_round().
* Test for crash fix does not fail without the fix.
* Swap test may fail on some systems when jobs take longer to exit.
* Vim9: unspecified function type causes type error.
* Vim9: type of partial is wrong when it has arguments.
* Vim9: confusing line number reported for error.
* Vim9: error for arguments while type didn't specify arguments.
* Test for remote_foreground() fails. (Elimar Riesebieter)
* Check for $DISPLAY never fails.
* A pattern that matches the cursor position is bit complicated.
* Vim9: confusing error with extra whitespace before colon.
* With concealing enabled and indirectly closing a fold the cursor may be
somewhere in a folded line when it is not on the first line of
the fold.
* No error when for loop variable shadows script variable.
* Amiga-like systems: build error using stat().
* Coverity complains about free_wininfo() use.
* Vim9: crash when debugging a function with line continuation.
* Vim9: type not properly checked in for loop.
* Vim9: "any" type not handled correctly in for loop.
* Compiler warning for unused argument.
* Crypt with sodium test fails on MS-Windows.
* 'listchars' "exceeds" character appears in foldcolumn. Window separator
is missing. (Leonid V. Fedorenchik)
* With 'nowrap' cursor position is unexected in narrow window. (Leonid V.
Fedorenchik)
* Vim9: confusing error when using white space after option, before one of
"!&<".
* Vim9: no error for white space between option and "=9".
* Variables are set but not used.
* Vim9: for loop error reports wrong line number.
* Vim9: no error when adding number to list of string.
* Vim9: uninitialzed list does not get type checked.
* Vim9: imported uninitialized list does not get type checked.
* Vim9: import test fails.
* Compiler warns for size_t to colnr_T conversion. (Randall W. Morris)
* Vim9: memory leak when add() fails.
* Crash when using typename() on a function reference. (Naohiro Ono)
* Vim9: builtin function arguments not checked at compile time.
* No test for E187 and "No swap file".
* Vim9: no error when a line only has a variable name.
* Debugger test fails.
* Functions for string manipulation are spread out.
* No error when using :complete for :command without -nargs.
* Vim9: type check for has_key() argument is too strict.
* Vim9: A lambda may be compiled with the wrong context if it is called
from a profiled function.
* Vim9: no error when using an invalid value for a line number.
* Vim9: profile test fails without profile feature.
* Vim9: line number wrong for :execute argument.
* Vim9: profiling does not work with a nested function.
* Vim9: function arg type check does not handle base offset.
* Some plugins have a problem with the error check for using :command with
- complete but without -nargs.
* Vim9: argument types are not checked at compile time.
* Vim9: profiling fails if nested function is also profiled.
* Vim9: accessing "s:" results in an error.
* URLs with a dash in the scheme are not recognized.
* Vim9: some type checks for builtin functions fail.
* Some option related code not covered by tests.
* Vim9: term_getansicolors() test fails without +termguicolors.
* Crypt test may fail on MS-Windows.
* Strange error message when using islocked() with a number. (Yegappan
Lakshmanan)
* Cursor displayed in wrong position after deleting line.
* 'breakindent' does not work well for bulleted and numbered lists.
* Vim9: no error when reltime() has invalid arguments.
* Vim9: argument types are not checked at compile time.
* Location list window may open a wrong file.
* Vim9: in a || expression the error line number may be wrong.
* Vim9: nested autoload call error overruled by "Unknown error".
* Get E12 in a job callback when searching for tags. (Andy Stewart)
* Vim9: type error for constant of type any.
* Vim9: cannot handle nested inline function.
* Illegal memory access in test.
* Another illegal memory access in test.
* MzScheme test fails. (Christian Brabandt)
* Vim9: argument types are not checked at compile time.
* Vim9: "legacy undo" finds "undo" variable.
* Vim9: using illegal pointer with inline function inside a lambda.
* Vim9: no type error for comparing number with string.
* Vim9: can not use "for _ in expr" at script level.
* Vim9: the file name of an :import cannot be an expression.
* Vim9: cannot assign to an imported variable at script level.
* Vim9: memory leak when concatenating to an imported string.
* Vim9: builtin function test fails without channel feature.
* Vim9: crash when using removing items from a constant list. (Yegappan
Lakshmanan)
* Duplicate error numbers.
* Cannot add a digraph with a leading space. It is not easy to list
existing digraphs.
* Vim9: start of inline function found in comment line.
* Vim9: not all failures for import tested
* Vim9: popup timer callback is not compiled.
* Vim9: argument types are not checked at compile time.
* Vim9: error when using "try|".
* Error messages are spread out.
* Vim9: not enough code is tested.
* Build failure with small version (Tony Mechelynck).
* screenpos() is wrong when the last line is partially visible and 'display'
is "lastline".
* Vim9: argument types are not checked at compile time.
* Vim9: unclear error when passing too many arguments to lambda.
* Vim9: bool expression with numbers only fails at runtime.
* Error messages are spread out.
* Cannot use 'formatlistpat' for breakindent.
* Vim9: execution speed can be improved.
* Vim9: hard to guess where a type error is given.
* Crash in test.
* Vim9: tests are only executed for legacy script.
* Vim9: compiled string expression causes type error. (Yegappan Lakshmanan)
* Display garbled when 'cursorline' is set and lines wrap. (Gabriel Dupras)
------------------------------------------------------------------
------------------ 2021-7-22 - Jul 22 2021 -------------------
------------------------------------------------------------------
++++ grub2:
- Replace grub2-use-stat-instead-of-udevadm-for-partition-lookup.patch and
fix-grub2-use-stat-instead-of-udevadm-for-partition-lookup-with-new-glibc.patch
with upstream backport:
0001-osdep-Introduce-include-grub-osdep-major.h-and-use-i.patch and
0002-osdep-linux-hostdisk-Use-stat-instead-of-udevadm-for.patch.
++++ iputils:
- Update to version 20210722
https://github.com/iputils/iputils/releases/tag/20210722
- Use rarpd.service from upstream (removes PrivateUsers=yes, which fixes broken
start of the service, adds DynamicUser=yes for more security)
- Add BuildRequires: iproute2 (required for running tests)
++++ kernel-default:
- Update
patches.kernel.org/5.13.4-350-seq_file-disallow-extremely-large-seq-buffer-a.patch
(bsc#1012628 CVE-2021-33909 bsc#1188062).
Add CVE.
- commit d57f3b6
++++ ceph:
- Update to 16.2.5-110-gc5d9c915c46:
+ rebased on top of upstream commit SHA1 7feddc9819ca05586f230accd67b4e26a328e618
+ (bsc#1186348) mgr/zabbix: adapt zabbix_sender default path
++++ libslirp:
- Update to version 4.6.1+7:
* Haiku: proper path to resolv.conf for DNS server
* Fix for Haiku
* dhcp: Always send DHCP_OPT_LEN bytes in options
- Commit _servicedata to fix changelogs
- Don't include .git in source archive, not needed
- Run set_version together with obs_scm
++++ libvirt:
- libxl: ovmf now provides only one firmware for Xen. The firmware
is named ovmf-x86_64-xen-4m.bin in the SUSE ovmf package. Adjust
the upstream default firmware path to match the SUSE name.
- packaging: To improve maintainability, rename suse-ovmf-paths.patch
to suse-qemu-ovmf-paths.patch and suse-xen-ovmf-loaders.patch to
suse-xen-ovmf-paths.patch
++++ python-setuptools:
- update to version 57.4.0:
* Changes
+ #2722: Added support for SETUPTOOLS_EXT_SUFFIX environment
variable to override the suffix normally detected from the
sysconfig module.
- changes from version 57.3.0:
* Changes
+ #2465: Documentation is now published using the Furo theme.
- changes from version 57.2.0:
* Changes
+ #2724: Added detection of Windows ARM64 build environments using
the VSCMD_ARG_TGT_ARCH environment variable.
- changes from version 57.1.0:
* Changes
+ #2692: Globs are now sorted in 'license_files' restoring
reproducibility by eliminating variance from disk order.
+ #2714: Update to distutils at pypa/distutils@e2627b7.
+ #2715: Removed reliance on deprecated ssl.match_hostname by
removing the ssl support. Now any index operations rely on the
native SSL implementation.
* Documentation changes
+ #2604: Revamped the backward/cross tool compatibility section to
remove some confusion. Add some examples and the version since
when entry_points are supported in declarative
configuration. Tried to make the reading flow a bit leaner,
gather some informations that were a bit dispersed.
------------------------------------------------------------------
------------------ 2021-7-21 - Jul 21 2021 -------------------
------------------------------------------------------------------
++++ curl:
- Update to 7.78.0:
[bsc#1188217, CVE-2021-22922][bsc#1188218, CVE-2021-22923]
[bsc#1188219, CVE-2021-22924][bsc#1188220, CVE-2021-22925]
* Changes:
- curl_url_set: reject spaces in URLs w/o CURLU_ALLOW_SPACE
- CURLE_SETOPT_OPTION_SYNTAX: new error name for wrong setopt syntax
- hostip: make 'localhost' return fixed values
- mbedtls: add support for cert and key blob options
- metalink: remove all support for it
- mqtt: add support for username and password
* Bugfixes:
- ares: always store IPv6 addresses first
- c-hyper: abort CONNECT response reading early on non 2xx responses
- c-hyper: add support for transfer-encoding in the request
- c-hyper: bail on too long response headers
- c-hyper: clear NTLM auth buffer when request is issued
- c-hyper: fix NTLM on closed connection tested with test159
- conncache: lowercase the hash key for better match
- curl_multibyte: Remove local encoding fallbacks
- Curl_ntlm_core_mk_nt_hash: fix OOM in error path
- Curl_ssl_getsessionid: fail if no session cache exists
- easy: during upkeep, attach Curl_easy to connections in the cache
- gnutls: set the preferred TLS versions in correct order
- hsts: ignore numberical IP address hosts
- HSTS: not experimental anymore
- http2: init recvbuf struct for pushed streams
- http: fix crash in rate-limited upload
- http: make the haproxy support work with unix domain sockets
- http_proxy: deal with non-200 CONNECT response with Hyper
- lib: don't compare fd to FD_SETSIZE when using poll
- lib: fix compiler warnings with CURL_DISABLE_NETRC
- lib: fix type of len passed to *printf's %*s
- lib: more %u for port and int for %*s fixes
- lib: use %u instead of %ld for port number printf
- libssh2: limit time a disconnect can take to 1 second
- mqtt: detect illegal and too large file size
- msnprintf: return number of printed characters excluding null byte
- multi: add scan-build-6 work-around in curl_multi_fdset
- multi: alter transfer timeout ordering
- multi: do not switch off connect_only flag when closing
- multi: fix crash in curl_multi_wait / curl_multi_poll
- ngtcp2: disable TLSv1.3 compatible mode when using GnuTLS
- openssl: avoid static variable for seed flag
- openssl: don't remove session id entry in disassociate
- socketpair: fix potential hangs
- socks4: scan for the IPv4 address in resolve results
- ssl: read pending close notify alert before closing the connection
- telnet: fix option parser to not send uninitialized contents
- TLS: prevent shutdown loops to get stuck
- vtls: exit addsessionid if no cache is inited
- vtls: fix connection reuse checks for issuer cert and case sensitivity
++++ gnutls:
- Remove gnutls-temporarily_disable_broken_guile_reauth_test.patch
since its already working.
++++ kernel-default:
- seq_file: disallow extremely large seq buffer allocations
(CVE-2021-33909 bsc#1188062).
- commit 060b3df
- Revert "usb: renesas-xhci: Fix handling of unknown ROM state"
(bsc#1188485, bsc#1188515).
- commit 871d0f3
++++ libidn2:
- Update to 2.3.2:
* Upgrade TR46 tables from Unicode 11 to Unicode 13.
- Refresh libidn2.keyring
++++ open-iscsi:
- Merge latest upstream, which includeds:
* Support the "qede" CMA-card driver. (bsc#1188579)
* iscsistart: fix null pointer deref before exit
++++ python310-core:
- Update to 3.10.0b4:
https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-0-beta-4
- Remove python3-imp-returntype.patch which has been upstreamed.
++++ libsepol:
- Fix heap-based buffer over-read in ebitmap_match_any (CVE-2021-36087, 1187928.
Added CVE-2021-36087.patch
++++ libslirp:
- Update to version 4.6.1:
* Release v4.6.1
* Fix "DHCP broken in libslirp v4.6.0"
++++ python310:
- Update to 3.10.0b4:
https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-0-beta-4
- Remove python3-imp-returntype.patch which has been upstreamed.
------------------------------------------------------------------
------------------ 2021-7-20 - Jul 20 2021 -------------------
------------------------------------------------------------------
++++ NetworkManager:
- Update to version 1.32.4:
+ core:
- Remove stale entries from "seen-bssids" and "timestamp" files
in "/var/lib/NetworkManager".
- Add ipv[46].required-timeout option to wait for IP
configuration while activating.
- Send ARP announcements when there is carrier.
- Start DHCPv6 when a prefix delegation is needed for shared
mode.
+ bond: support the peer_notif_delay option.
+ firewall: fix nftables backend to create "ip" table for IPv4
only.
+ initrd: set required-timeout of 20 seconds for default IPv4
configuration to opportunistically wait for IPv4.
+ ifcfg:
- Log warning about invalid keys in ifcfg files.
- Reject non-UTF-8 from ifcfg files.
+ nmcli: show DNS SEARCH field in device information.
+ cloud-setup: add support for Aliyun cloud.
++++ ansible:
- update to 2.9.24
maintenance release containing numerous bugfixes
++++ containerd:
- Update to containerd v1.4.8, to fix CVE-2021-32760. bsc#1188282
- Remove upstreamed patches:
- bsc1188282-use-chmod-path-for-checking-symlink.patch
++++ kernel-default:
- Linux 5.13.4 (bsc#1012628).
- seq_file: disallow extremely large seq buffer allocations
(bsc#1012628).
- misc: alcor_pci: fix inverted branch condition (bsc#1012628).
- scsi: scsi_dh_alua: Fix signedness bug in alua_rtpg()
(bsc#1012628).
- cpufreq: CPPC: Fix potential memleak in cppc_cpufreq_cpu_init
(bsc#1012628).
- perf tools: Fix pattern matching for same substring in different
PMU type (bsc#1012628).
- MIPS: vdso: Invalid GIC access through VDSO (bsc#1012628).
- s390/irq: remove HAVE_IRQ_EXIT_ON_IRQ_STACK (bsc#1012628).
- perf script python: Fix buffer size to report iregs in perf
script (bsc#1012628).
- mips: disable branch profiling in boot/decompress.o
(bsc#1012628).
- mips: always link byteswap helpers into decompressor
(bsc#1012628).
- kprobe/static_call: Restore missing static_call_text_reserved()
(bsc#1012628).
- static_call: Fix static_call_text_reserved() vs __init
(bsc#1012628).
- jump_label: Fix jump_label_text_reserved() vs __init
(bsc#1012628).
- sched/uclamp: Ignore max aggregation if rq is idle
(bsc#1012628).
- scsi: be2iscsi: Fix an error handling path in
beiscsi_dev_probe() (bsc#1012628).
- arm64: dts: rockchip: Re-add regulator-always-on for vcc_sdio
for rk3399-roc-pc (bsc#1012628).
- arm64: dts: rockchip: Re-add regulator-boot-on,
regulator-always-on for vdd_gpu on rk3399-roc-pc (bsc#1012628).
- firmware: turris-mox-rwtm: show message about HWRNG registration
(bsc#1012628).
- firmware: turris-mox-rwtm: fail probing when firmware does
not support hwrng (bsc#1012628).
- firmware: turris-mox-rwtm: report failures better (bsc#1012628).
- firmware: turris-mox-rwtm: fix reply status decoding function
(bsc#1012628).
- kbuild: remove trailing slashes from $(KBUILD_EXTMOD)
(bsc#1012628).
- thermal/drivers/rcar_gen3_thermal: Fix coefficient calculations
(bsc#1012628).
- arm64: dts: ti: k3-am642-evm: align ti,pindir-d0-out-d1-in
property with dt-shema (bsc#1012628).
- arm64: dts: ti: am65: align ti,pindir-d0-out-d1-in property
with dt-shema (bsc#1012628).
- arm64: dts: ti: k3-am642-main: fix ports mac properties
(bsc#1012628).
- ARM: dts: imx6q-dhcom: Add gpios pinctrl for i2c bus recovery
(bsc#1012628).
- ARM: dts: imx6q-dhcom: Fix ethernet plugin detection problems
(bsc#1012628).
- ARM: dts: imx6q-dhcom: Fix ethernet reset time properties
(bsc#1012628).
- thermal/drivers/sprd: Add missing MODULE_DEVICE_TABLE
(bsc#1012628).
- ARM: dts: am437x: align ti,pindir-d0-out-d1-in property with
dt-shema (bsc#1012628).
- ARM: dts: am335x: align ti,pindir-d0-out-d1-in property with
dt-shema (bsc#1012628).
- ARM: dts: dra7: Fix duplicate USB4 target module node
(bsc#1012628).
- arm64: dts: allwinner: a64-sopine-baseboard: change RGMII mode
to TXID (bsc#1012628).
- memory: fsl_ifc: fix leak of private memory on probe failure
(bsc#1012628).
- memory: fsl_ifc: fix leak of IO mapping on probe failure
(bsc#1012628).
- arm64: dts: ti: k3-j721e-common-proc-board: Re-name "link"
name as "phy" (bsc#1012628).
- arm64: dts: ti: k3-j721e-common-proc-board: Use external clock
for SERDES (bsc#1012628).
- arm64: dts: ti: k3-j721e-main: Fix external refclk input to
SERDES (bsc#1012628).
- firmware: arm_scmi: Add delayed response status check
(bsc#1012628).
- Revert "ARM: dts: bcm283x: increase dwc2's RX FIFO size"
(bsc#1012628).
- arm64: dts: renesas: r8a779a0: Drop power-domains property
from GIC node (bsc#1012628).
- reset: bail if try_module_get() fails (bsc#1012628).
- ARM: dts: BCM5301X: Fixup SPI binding (bsc#1012628).
- dt-bindings: i2c: at91: fix example for scl-gpios (bsc#1012628).
- firmware: arm_scmi: Reset Rx buffer to max size during async
commands (bsc#1012628).
- soc: mtk-pm-domains: Fix the clock prepared issue (bsc#1012628).
- soc: mtk-pm-domains: do not register smi node as syscon
(bsc#1012628).
- firmware: tegra: Fix error return code in tegra210_bpmp_init()
(bsc#1012628).
- arm64: dts: qcom: sc7180: Fix sc7180-qmp-usb3-dp-phy reg sizes
(bsc#1012628).
- arm64: dts: qcom: c630: Add no-hpd to DSI bridge node
(bsc#1012628).
- arm64: dts: qcom: trogdor: Add no-hpd to DSI bridge node
(bsc#1012628).
- ARM: dts: stm32: Rework LAN8710Ai PHY reset on DHCOM SoM
(bsc#1012628).
- arm64: dts: renesas: r8a7796[01]: Fix OPP table entry voltages
(bsc#1012628).
- arm64: dts: renesas: Add missing opp-suspend properties
(bsc#1012628).
- ARM: dts: qcom: sdx55-telit: Represent secure-regions as 64-bit
elements (bsc#1012628).
- ARM: dts: qcom: sdx55-t55: Represent secure-regions as 64-bit
elements (bsc#1012628).
- arm64: dts: ti: j7200-main: Enable USB2 PHY RX sensitivity
workaround (bsc#1012628).
- arm64: dts: ti: k3-j7200: Remove "#address-cells" property
from GPIO DT nodes (bsc#1012628).
- arm64: dts: ti: k3-am64-mcu: Fix the compatible string in GPIO
DT node (bsc#1012628).
- arm64: dts: qcom: sdm845-oneplus-common: guard rmtfs-mem
(bsc#1012628).
- ARM: dts: r8a7779, marzen: Fix DU clock names (bsc#1012628).
- arm64: dts: renesas: v3msk: Fix memory size (bsc#1012628).
- rtc: fix snprintf() checking in is_rtc_hctosys() (bsc#1012628).
- rtc: bd70528: fix BD71815 watchdog dependency (bsc#1012628).
- ARM: dts: sun8i: h3: orangepi-plus: Fix ethernet phy-mode
(bsc#1012628).
- memory: pl353: Fix error return code in pl353_smc_probe()
(bsc#1012628).
- arm64: defconfig: Do not override the MTK_PMIC_WRAP symbol
(bsc#1012628).
- reset: brcmstb: Add missing MODULE_DEVICE_TABLE (bsc#1012628).
- memory: atmel-ebi: add missing of_node_put for loop iteration
(bsc#1012628).
- memory: stm32-fmc2-ebi: add missing of_node_put for loop
iteration (bsc#1012628).
- ARM: dts: exynos: fix PWM LED max brightness on Odroid XU4
(bsc#1012628).
- ARM: dts: exynos: fix PWM LED max brightness on Odroid HC1
(bsc#1012628).
- ARM: dts: exynos: fix PWM LED max brightness on Odroid XU/XU3
(bsc#1012628).
- ARM: exynos: add missing of_node_put for loop iteration
(bsc#1012628).
- reset: a10sr: add missing of_match_table reference
(bsc#1012628).
- reset: RESET_INTEL_GW should depend on X86 (bsc#1012628).
- Update config files.
- reset: RESET_BRCMSTB_RESCAL should depend on ARCH_BRCMSTB
(bsc#1012628).
- Update config files.
- arm64: dts: rockchip: Drop fephy pinctrl from gmac2phy on
rk3328 rock-pi-e (bsc#1012628).
- arm64: dts: rockchip: rename LED label for NanoPi R4S
(bsc#1012628).
- ARM: dts: gemini-rut1xx: remove duplicate ethernet node
(bsc#1012628).
- hexagon: use common DISCARDS macro (bsc#1012628).
- hexagon: handle {,SOFT}IRQENTRY_TEXT in linker script
(bsc#1012628).
- NFSv4/pNFS: Don't call _nfs4_pnfs_v3_ds_connect multiple times
(bsc#1012628).
- NFSv4/pnfs: Fix layoutget behaviour after invalidation
(bsc#1012628).
- NFSv4/pnfs: Fix the layout barrier update (bsc#1012628).
- NFS: Fix fscache read from NFS after cache error (bsc#1012628).
- NFS: Ensure nfs_readpage returns promptly when internal error
occurs (bsc#1012628).
- virtio-mem: don't read big block size in Sub Block Mode
(bsc#1012628).
- vdpa/mlx5: Clear vq ready indication upon device reset
(bsc#1012628).
- ALSA: isa: Fix error return code in snd_cmi8330_probe()
(bsc#1012628).
- nfsd: fix NULL dereference in nfs3svc_encode_getaclres
(bsc#1012628).
- NFSD: Prevent a possible oops in the nfs_dirent() tracepoint
(bsc#1012628).
- nfsd: Reduce contention for the nfsd_file nf_rwsem
(bsc#1012628).
- nfsd: move fsnotify on client creation outside spinlock
(bsc#1012628).
- NFSD: Add nfsd_clid_confirmed tracepoint (bsc#1012628).
- powerpc/bpf: Fix detecting BPF atomic instructions
(bsc#1012628).
- nvme-tcp: can't set sk_user_data without write_lock
(bsc#1012628).
- virtio_net: move tx vq operation under tx queue lock
(bsc#1012628).
- vdp/mlx5: Fix setting the correct dma_device (bsc#1012628).
- vdpa/mlx5: Fix possible failure in umem size calculation
(bsc#1012628).
- vdpa/mlx5: Fix umem sizes assignments on VQ create
(bsc#1012628).
- vp_vdpa: correct the return value when fail to map notification
(bsc#1012628).
- io_uring: remove not needed PF_EXITING check (bsc#1012628).
- io_uring: inline __tctx_task_work() (bsc#1012628).
- io_uring: move creds from io-wq work to io_kiocb (bsc#1012628).
- io_uring: don't bounce submit_state cachelines (bsc#1012628).
- io_uring: shuffle rarely used ctx fields (bsc#1012628).
- io_uring: get rid of files in exit cancel (bsc#1012628).
- block: grab a device refcount in disk_uevent (bsc#1012628).
- arch_topology: Avoid use-after-free for scale_freq_data
(bsc#1012628).
- PCI: tegra194: Fix tegra_pcie_ep_raise_msi_irq() ill-defined
shift (bsc#1012628).
- f2fs: remove false alarm on iget failure during GC
(bsc#1012628).
- nfs: update has_sec_mnt_opts after cloning lsm options from
parent (bsc#1012628).
- pwm: imx1: Don't disable clocks at device remove time
(bsc#1012628).
- PCI: intel-gw: Fix INTx enable (bsc#1012628).
- x86/fpu: Limit xstate copy size in xstateregs_set()
(bsc#1012628).
- x86/fpu: Fix copy_xstate_to_kernel() gap handling (bsc#1012628).
- f2fs: fix to avoid adding tab before doc section (bsc#1012628).
- PCI: iproc: Support multi-MSI only on uniprocessor kernel
(bsc#1012628).
- PCI: iproc: Fix multi-MSI base vector number allocation
(bsc#1012628).
- ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode
(bsc#1012628).
- nfs: fix acl memory leak of posix_acl_create() (bsc#1012628).
- SUNRPC: prevent port reuse on transports which don't request it
(bsc#1012628).
- watchdog: jz4740: Fix return value check in jz4740_wdt_probe()
(bsc#1012628).
- watchdog: aspeed: fix hardware timeout calculation
(bsc#1012628).
- watchdog: keembay: Removed timeout update in the TO ISR
(bsc#1012628).
- watchdog: keembay: Remove timeout update in the WDT start
function (bsc#1012628).
- watchdog: keembay: Clear either the TO or TH interrupt bit
(bsc#1012628).
- watchdog: keembay: Update pretimeout to zero in the TH ISR
(bsc#1012628).
- watchdog: keembay: Upadate WDT pretimeout for every update in
timeout (bsc#1012628).
- watchdog: keembay: Update WDT pre-timeout during the
initialization (bsc#1012628).
- ubifs: journal: Fix error return code in ubifs_jnl_write_inode()
(bsc#1012628).
- um: fix error return code in winch_tramp() (bsc#1012628).
- um: fix error return code in slip_open() (bsc#1012628).
- um: Fix stack pointer alignment (bsc#1012628).
- sunrpc: Avoid a KASAN slab-out-of-bounds bug in
xdr_set_page_base() (bsc#1012628).
- NFSv4: Fix an Oops in pnfs_mark_request_commit() when doing
O_DIRECT (bsc#1012628).
- NFSv4: Initialise connection to the server in
nfs4_alloc_client() (bsc#1012628).
- power: supply: rt5033_battery: Fix device tree enumeration
(bsc#1012628).
- Update config files.
- PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun
(bsc#1012628).
- power: supply: surface-charger: Fix type of integer variable
(bsc#1012628).
- remoteproc: k3-r5: Fix an error message (bsc#1012628).
- remoteproc: stm32: fix phys_addr_t format string (bsc#1012628).
- f2fs: compress: fix to disallow temp extension (bsc#1012628).
- f2fs: add MODULE_SOFTDEP to ensure crc32 is included in the
initramfs (bsc#1012628).
- module: correctly exit module_kallsyms_on_each_symbol when fn()
!= 0 (bsc#1012628).
- pwm: visconti: Fix and simplify period calculation
(bsc#1012628).
- cpufreq: scmi: Fix an error message (bsc#1012628).
- x86/signal: Detect and prevent an alternate signal stack
overflow (bsc#1012628).
- NFSD: Fix TP_printk() format specifier in nfsd_clid_class
(bsc#1012628).
- f2fs: atgc: fix to set default age threshold (bsc#1012628).
- power: supply: surface_battery: Fix battery event handling
(bsc#1012628).
- block: fix the problem of io_ticks becoming smaller
(bsc#1012628).
- virtio_console: Assure used length from device is limited
(bsc#1012628).
- virtio_net: Fix error handling in virtnet_restore()
(bsc#1012628).
- virtio-blk: Fix memory leak among suspend/resume procedure
(bsc#1012628).
- ext4: fix WARN_ON_ONCE(!buffer_uptodate) after an error writing
the superblock (bsc#1012628).
- PCI: rockchip: Register IRQ handlers after device and data
are ready (bsc#1012628).
- ACPI: video: Add quirk for the Dell Vostro 3350 (bsc#1012628).
- ACPI: AMBA: Fix resource name in /proc/iomem (bsc#1012628).
- pwm: tegra: Don't modify HW state in .remove callback
(bsc#1012628).
- pwm: img: Fix PM reference leak in img_pwm_enable()
(bsc#1012628).
- drm/amdkfd: fix sysfs kobj leak (bsc#1012628).
- drm/amdgpu: fix Navi1x tcp power gating hang when issuing
lightweight invalidaiton (bsc#1012628).
- power: supply: axp288_fuel_gauge: Make "T3 MRD" no_battery_list
DMI entry more generic (bsc#1012628).
- power: supply: ab8500: add missing MODULE_DEVICE_TABLE
(bsc#1012628).
- power: supply: charger-manager: add missing MODULE_DEVICE_TABLE
(bsc#1012628).
- power: reset: regulator-poweroff: add missing
MODULE_DEVICE_TABLE (bsc#1012628).
- NFS: nfs_find_open_context() may only select open files
(bsc#1012628).
- drm/gma500: Add the missed drm_gem_object_put() in
psb_user_framebuffer_create() (bsc#1012628).
- ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty
(bsc#1012628).
- orangefs: fix orangefs df output (bsc#1012628).
- NFSv4: Fix handling of non-atomic change attrbute updates
(bsc#1012628).
- NFS: Fix up inode attribute revalidation timeouts (bsc#1012628).
- PCI: tegra: Add missing MODULE_DEVICE_TABLE (bsc#1012628).
- remoteproc: stm32: fix mbox_send_message call (bsc#1012628).
- remoteproc: core: Fix cdev remove and rproc del (bsc#1012628).
- x86/fpu: Return proper error codes from user access functions
(bsc#1012628).
- PCI: mediatek-gen3: Add missing MODULE_DEVICE_TABLE
(bsc#1012628).
- fuse: fix illegal access to inode with reused nodeid
(bsc#1012628).
- virtiofs: propagate sync() to file server (bsc#1012628).
- watchdog: iTCO_wdt: Account for rebooting on second timeout
(bsc#1012628).
- watchdog: imx_sc_wdt: fix pretimeout (bsc#1012628).
- watchdog: Fix possible use-after-free by calling
del_timer_sync() (bsc#1012628).
- watchdog: sc520_wdt: Fix possible use-after-free in
wdt_turnoff() (bsc#1012628).
- watchdog: Fix possible use-after-free in wdt_startup()
(bsc#1012628).
- PCI: Dynamically map ECAM regions (bsc#1012628).
- PCI: pciehp: Ignore Link Down/Up caused by DPC (bsc#1012628).
- NFSv4: Fix delegation return in cases where we have to retry
(bsc#1012628).
- PCI/P2PDMA: Avoid pci_get_slot(), which may sleep (bsc#1012628).
- ARM: 9087/1: kprobes: test-thumb: fix for LLVM_IAS=1
(bsc#1012628).
- power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE
(bsc#1012628).
- power: supply: max17040: Do not enforce (incorrect) interrupt
trigger type (bsc#1012628).
- power: supply: max17042: Do not enforce (incorrect) interrupt
trigger type (bsc#1012628).
- pwm: pca9685: Restrict period change for enabled PWMs
(bsc#1012628).
- PCI: hv: Fix a race condition when removing the device
(bsc#1012628).
- power: supply: ab8500: Enable USB and AC (bsc#1012628).
- power: supply: ab8500: Avoid NULL pointers (bsc#1012628).
- power: supply: ab8500: Move to componentized binding
(bsc#1012628).
- PCI: ftpci100: Rename macro name collision (bsc#1012628).
- pwm: spear: Don't modify HW state in .remove callback
(bsc#1012628).
- power: supply: sc2731_charger: Add missing MODULE_DEVICE_TABLE
(bsc#1012628).
- power: supply: sc27xx: Add missing MODULE_DEVICE_TABLE
(bsc#1012628).
- kcov: add __no_sanitize_coverage to fix noinstr for all
architectures (bsc#1012628).
- lib/decompress_unlz4.c: correctly handle zero-padding around
initrds (bsc#1012628).
- phy: intel: Fix for warnings due to EMMC clock 175Mhz change
in FIP (bsc#1012628).
- i2c: core: Disable client irq on reboot/shutdown (bsc#1012628).
- intel_th: Wait until port is in reset before programming it
(bsc#1012628).
- staging: rtl8723bs: fix check allowing 5Ghz settings
(bsc#1012628).
- staging: rtl8723bs: fix macro value for 2.4Ghz only device
(bsc#1012628).
- leds: turris-omnia: add missing MODULE_DEVICE_TABLE
(bsc#1012628).
- ALSA: firewire-motu: fix detection for S/PDIF source on optical
interface in v2 protocol (bsc#1012628).
- ALSA: usb-audio: scarlett2: Fix 6i6 Gen 2 line out descriptions
(bsc#1012628).
- ALSA: hda: Add IRQ check for platform_get_irq() (bsc#1012628).
- backlight: lm3630a: Fix return code of .update_status() callback
(bsc#1012628).
- ASoC: Intel: kbl_da7219_max98357a: shrink platform_id below
20 characters (bsc#1012628).
- ASoC: fsl_xcvr: check return value after calling
platform_get_resource_byname() (bsc#1012628).
- powerpc/boot: Fixup device-tree on little endian (bsc#1012628).
- usb: gadget: hid: fix error return code in hid_bind()
(bsc#1012628).
- usb: gadget: f_hid: fix endianness issue with descriptors
(bsc#1012628).
- ALSA: usb-audio: scarlett2: Fix scarlett2_*_ctl_put() return
values (bsc#1012628).
- ALSA: usb-audio: scarlett2: Fix data_mutex lock (bsc#1012628).
- ALSA: usb-audio: scarlett2: Fix 18i8 Gen 2 PCM Input count
(bsc#1012628).
- m68knommu: fix missing LCD splash screen data initializer
(bsc#1012628).
- ALSA: bebob: add support for ToneWeal FW66 (bsc#1012628).
- Input: hideep - fix the uninitialized use in hideep_nvm_unlock()
(bsc#1012628).
- s390/mem_detect: fix tprot() program check new psw handling
(bsc#1012628).
- s390/mem_detect: fix diag260() program check new psw handling
(bsc#1012628).
- s390/ipl_parm: fix program check new psw handling (bsc#1012628).
- s390/processor: always inline stap() and __load_psw_mask()
(bsc#1012628).
- habanalabs/gaudi: set the correct rc in case of err
(bsc#1012628).
- habanalabs: remove node from list before freeing the node
(bsc#1012628).
- habanalabs: set rc as 'valid' in case of intentional func exit
(bsc#1012628).
- habanalabs: fix mask to obtain page offset (bsc#1012628).
- habanalabs/gaudi: set the correct cpu_id on MME2_QM failure
(bsc#1012628).
- habanalabs: check if asic secured with asic type (bsc#1012628).
- xhci: handle failed buffer copy to URB sg list and fix a W=1
copiler warning (bsc#1012628).
- ASoC: soc-core: Fix the error return code in
snd_soc_of_parse_audio_routing() (bsc#1012628).
- powerpc/mm/book3s64: Fix possible build error (bsc#1012628).
- gpio: pca953x: Add support for the On Semi pca9655
(bsc#1012628).
- selftests/powerpc: Fix "no_handler" EBB selftest (bsc#1012628).
- ALSA: ppc: fix error return code in snd_pmac_probe()
(bsc#1012628).
- scsi: storvsc: Correctly handle multiple flags in srb_status
(bsc#1012628).
- powerpc/inst: Fix sparse detection on get_user_instr()
(bsc#1012628).
- thunderbolt: Fix DROM handling for USB4 DROM (bsc#1012628).
- gpio: zynq: Check return value of irq_get_irq_data
(bsc#1012628).
- gpio: zynq: Check return value of pm_runtime_get_sync
(bsc#1012628).
- ASoC: soc-pcm: fix the return value in dpcm_apply_symmetry()
(bsc#1012628).
- ALSA: control_led - fix initialization in the mode show callback
(bsc#1012628).
- ALSA: n64: check return value after calling
platform_get_resource() (bsc#1012628).
- iommu/arm-smmu: Fix arm_smmu_device refcount leak in address
translation (bsc#1012628).
- iommu/arm-smmu: Fix arm_smmu_device refcount leak when
arm_smmu_rpm_get fails (bsc#1012628).
- powerpc/ps3: Add dma_mask to ps3_dma_region (bsc#1012628).
- ALSA: sb: Fix potential double-free of CSP mixer elements
(bsc#1012628).
- iommu/arm-smmu-qcom: Skip the TTBR1 quirk for db820c
(bsc#1012628).
- selftests: timers: rtcpie: skip test if default RTC device
does not exist (bsc#1012628).
- s390: disable SSP when needed (bsc#1012628).
- s390/sclp_vt220: fix console name to match device (bsc#1012628).
- serial: tty: uartlite: fix console setup (bsc#1012628).
- fsi: Add missing MODULE_DEVICE_TABLE (bsc#1012628).
- iov_iter_advance(): use consistent semantics for move past
the end (bsc#1012628).
- ASoC: img: Fix PM reference leak in img_i2s_in_probe()
(bsc#1012628).
- mfd: cpcap: Fix cpcap dmamask not set warnings (bsc#1012628).
- mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE
(bsc#1012628).
- scsi: qedi: Fix cleanup session block/unblock use (bsc#1012628).
- scsi: qedi: Fix TMF session block/unblock use (bsc#1012628).
- scsi: qedi: Fix race during abort timeouts (bsc#1012628).
- scsi: qedi: Fix null ref during abort handling (bsc#1012628).
- scsi: iscsi: Fix shost->max_id use (bsc#1012628).
- scsi: iscsi: Fix conn use after free during resets
(bsc#1012628).
- scsi: iscsi: Add iscsi_cls_conn refcount helpers (bsc#1012628).
- scsi: megaraid_sas: Handle missing interrupts while re-enabling
IRQs (bsc#1012628).
- scsi: megaraid_sas: Early detection of VD deletion through
RaidMap update (bsc#1012628).
- scsi: megaraid_sas: Fix resource leak in case of probe failure
(bsc#1012628).
- fs/jfs: Fix missing error code in lmLogInit() (bsc#1012628).
- scsi: scsi_dh_alua: Check for negative result value
(bsc#1012628).
- scsi: core: Fixup calling convention for scsi_mode_sense()
(bsc#1012628).
- scsi: mpt3sas: Fix deadlock while cancelling the running
firmware event (bsc#1012628).
- tty: serial: 8250: serial_cs: Fix a memory leak in error
handling path (bsc#1012628).
- ASoC: cs42l42: Fix 1536000 Bit Clock instability (bsc#1012628).
- ALSA: ac97: fix PM reference leak in ac97_bus_remove()
(bsc#1012628).
- scsi: core: Cap scsi_host cmd_per_lun at can_queue
(bsc#1012628).
- scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to
initialize the SGLs (bsc#1012628).
- scsi: lpfc: Fix "Unexpected timeout" error in direct attach
topology (bsc#1012628).
- scsi: hisi_sas: Propagate errors in interrupt_init_v1_hw()
(bsc#1012628).
- scsi: arcmsr: Fix doorbell status being updated late on ARC-1886
(bsc#1012628).
- w1: ds2438: fixing bug that would always get page0
(bsc#1012628).
- ASoC: SOF: topology: fix assignment to use le32_to_cpu
(bsc#1012628).
- usb: common: usb-conn-gpio: fix NULL pointer dereference of
charger (bsc#1012628).
- Revert "ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro"
(bsc#1012628).
- ALSA: usx2y: Don't call free_pages_exact() with NULL address
(bsc#1012628).
- ALSA: usx2y: Avoid camelCase (bsc#1012628).
- iio: magn: bmc150: Balance runtime pm + use
pm_runtime_resume_and_get() (bsc#1012628).
- iio: gyro: fxa21002c: Balance runtime pm + use
pm_runtime_resume_and_get() (bsc#1012628).
- iio: imu: st_lsm6dsx: correct ODR in header (bsc#1012628).
- partitions: msdos: fix one-byte get_unaligned() (bsc#1012628).
- ASoC: intel/boards: add missing MODULE_DEVICE_TABLE
(bsc#1012628).
- misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge
(bsc#1012628).
- misc/libmasm/module: Fix two use after free in ibmasm_init_one
(bsc#1012628).
- serial: 8250: of: Check for CONFIG_SERIAL_8250_BCM7271
(bsc#1012628).
- serial: fsl_lpuart: disable DMA for console and fix sysrq
(bsc#1012628).
- tty: serial: fsl_lpuart: fix the potential risk of division
or modulo by zero (bsc#1012628).
- usb: dwc3: pci: Fix DEFINE for Intel Elkhart Lake (bsc#1012628).
- soundwire: bus: handle -ENODATA errors in clock stop/start
sequences (bsc#1012628).
- soundwire: bus: only use CLOCK_STOP_MODE0 and fix confusions
(bsc#1012628).
- rcu: Reject RCU_LOCKDEP_WARN() false positives (bsc#1012628).
- srcu: Fix broken node geometry after early ssp init
(bsc#1012628).
- scsi: arcmsr: Fix the wrong CDB payload report to IOP
(bsc#1012628).
- dmaengine: fsl-qdma: check dma_set_mask return value
(bsc#1012628).
- ASoC: Intel: sof_sdw: add mutual exclusion between PCH DMIC
and RT715 (bsc#1012628).
- leds: tlc591xx: fix return value check in tlc591xx_probe()
(bsc#1012628).
- net: bridge: multicast: fix MRD advertisement router port
marking race (bsc#1012628).
- net: bridge: multicast: fix PIM hello router port marking race
(bsc#1012628).
- drm/dp_mst: Add missing drm parameters to recently added call
to drm_dbg_kms() (bsc#1012628).
- drm/dp_mst: Avoid to mess up payload table by ports in stale
topology (bsc#1012628).
- drm/dp_mst: Do not set proposed vcpi directly (bsc#1012628).
- btrfs: zoned: fix wrong mutex unlock on failure to allocate
log root tree (bsc#1012628).
- btrfs: don't block if we can't acquire the reclaim lock
(bsc#1012628).
- btrfs: rework chunk allocation to avoid exhaustion of the
system chunk array (bsc#1012628).
- btrfs: fix deadlock with concurrent chunk allocations involving
system chunks (bsc#1012628).
- btrfs: zoned: fix types for u64 division in
btrfs_reclaim_bgs_work (bsc#1012628).
- btrfs: properly split extent_map for REQ_OP_ZONE_APPEND
(bsc#1012628).
- io_uring: use right task for exiting checks (bsc#1012628).
- arm64: Avoid premature usercopy failure (bsc#1012628).
- mm/hugetlb: fix refs calculation from unaligned @vaddr
(bsc#1012628).
- EDAC/igen6: fix core dependency AGAIN (bsc#1012628).
- Update config files.
- fbmem: Do not delete the mode that is still in use
(bsc#1012628).
- cgroup: verify that source is a string (bsc#1012628).
- drm/i915/gt: Fix -EDEADLK handling regression (bsc#1012628).
- drm/i915/gtt: drop the page table optimisation (bsc#1012628).
- drm/amdgpu: add another Renoir DID (bsc#1012628).
- tracing: Do not reference char * as a string in histograms
(bsc#1012628).
- iommu/vt-d: Fix clearing real DMA device's scalable-mode
context entries (bsc#1012628).
- iommu/vt-d: Global devTLB flush when present context entry
changed (bsc#1012628).
- scsi: zfcp: Report port fc_security as unknown early during
remote cable pull (bsc#1012628).
- scsi: core: Fix bad pointer dereference when ehandler kthread
is invalid (bsc#1012628).
- KVM: SVM: remove INIT intercept handler (bsc#1012628).
- KVM: SVM: #SMI interception must not skip the instruction
(bsc#1012628).
- KVM: X86: Disable hardware breakpoints unconditionally before
kvm_x86->run() (bsc#1012628).
- KVM: nSVM: Check the value written to MSR_VM_HSAVE_PA
(bsc#1012628).
- KVM: SVM: Revert clearing of C-bit on GPA in #NPF handler
(bsc#1012628).
- KVM: x86/mmu: Do not apply HPA (memory encryption) mask to GPAs
(bsc#1012628).
- KVM: x86: Use kernel's x86_phys_bits to handle reduced
MAXPHYADDR (bsc#1012628).
- KVM: x86: Use guest MAXPHYADDR from CPUID.0x8000_0008 iff TDP
is enabled (bsc#1012628).
- KVM: selftests: do not require 64GB in set_memory_region_test
(bsc#1012628).
- KVM: mmio: Fix use-after-free Read in
kvm_vm_ioctl_unregister_coalesced_mmio (bsc#1012628).
- cifs: Do not use the original cruid when following DFS links
for multiuser mounts (bsc#1012628).
- cifs: handle reconnect of tcon when there is no cached dfs
referral (bsc#1012628).
- cifs: use the expiry output of dns_query to schedule next
resolution (bsc#1012628).
- commit da86d62
++++ systemd:
- Drop 0001-Revert-core-prevent-excessive-proc-self-mountinfo-pa.patch
Commit 81107b8419c39f726fd2805517a5b9faab204e59 fixes
https://github.com/systemd/systemd/issues/19464 which makes the
aforementioned patch not needed anymore.
- Drop 1003-basic-unit-name-adjust-comments.patch
It's been merged in SUSE/v248 branch
- Import commit cb29bcc5ef2c0ee659686c5d229646a6ba98ec50 (merge of v248.5)
4a1c5f34bd basic/unit-name: do not use strdupa() on a path (bsc#1188063 CVE-2021-33910)
[...]
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/94efce2ee59fca15a48ff9c232c8dd7cf930c0a0...cb29bcc5ef2c0ee659686c5d229646a6ba98ec50
- Drop 1002-basic-unit-name-do-not-use-strdupa-on-a-path.patch as it
was merged in v248.5.
- Import commit 94efce2ee59fca15a48ff9c232c8dd7cf930c0a0 (merge of v248.4)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/c0aecee593511e49638579cb2b9ac8aaf1f8e6c8...94efce2ee59fca15a48ff9c232c8dd7cf930c0a0
- Drop 1001-unit-name-generate-a-clear-error-code-when-convertin.patch
as it was merged in v248.4.
- Import commit c0aecee593511e49638579cb2b9ac8aaf1f8e6c8
42ec1d537a login: use a hwdb entry for tagging Parallels' fb devices with 'master-of-seat' tag
ecc7c7b462 login: use a hwdb entry for tagging HyperV's fb devices with 'master-of-seat' tag
a4cfd70476 login: XGI Z7/Z9 (XG20 core) graphic chip requires master-of-seat to be set (bsc#1187154)
ef553e0199 sd-dhcp-client: tentatively ignore FORCERENEW command (bsc#1185972 CVE-2020-13529)
aae6c575fc sd-dhcp-client: logs when dhcp client unexpectedly gains a new lease
258a3d2043 sd-dhcp-client: shorten code a bit
0a80303114 sd-dhcp-client: check error earlier and reduce indentation
------------------------------------------------------------------
------------------ 2021-7-19 - Jul 19 2021 -------------------
------------------------------------------------------------------
++++ diffutils:
- gnulib-c-stack.patch: c-stack: stop using SIGSTKSZ
++++ kernel-default:
- armv6hl/v7hl: temporarily disable FIPS to workaround crash (bsc#1188327)
- commit 91a0cca
- Linux 5.13.3 (bsc#1012628).
- f2fs: fix to avoid racing on fsync_entry_slab by multi
filesystem instances (bsc#1012628).
- smackfs: restrict bytes count in smk_set_cipso() (bsc#1012628).
- media: v4l2-core: explicitly clear ioctl input data
(bsc#1012628).
- jfs: fix GPF in diFree (bsc#1012628).
- ext4: fix possible UAF when remounting r/o a mmp-protected
file system (bsc#1012628).
- drm/ast: Remove reference to struct drm_device.pdev
(bsc#1012628).
- pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq()
(bsc#1012628).
- dm writecache: write at least 4k when committing (bsc#1012628).
- media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K
(bsc#1012628).
- media: gspca/sunplus: fix zero-length control requests
(bsc#1012628).
- media: gspca/sq905: fix control-request direction (bsc#1012628).
- media: ccs: Fix the op_pll_multiplier address (bsc#1012628).
- media: zr364xx: fix memory leak in zr364xx_start_readpipe
(bsc#1012628).
- media: dtv5100: fix control-request directions (bsc#1012628).
- media: i2c: ccs-core: fix pm_runtime_get_sync() usage count
(bsc#1012628).
- media: subdev: disallow ioctl for saa6588/davinci (bsc#1012628).
- PCI: aardvark: Implement workaround for the readback value of
VEND_ID (bsc#1012628).
- PCI: aardvark: Fix checking for PIO Non-posted Request
(bsc#1012628).
- PCI: Leave Apple Thunderbolt controllers on for s2idle or
standby (bsc#1012628).
- dm btree remove: assign new_root only when removal succeeds
(bsc#1012628).
- dm writecache: flush origin device when writing and cache is
full (bsc#1012628).
- dm zoned: check zone capacity (bsc#1012628).
- coresight: tmc-etf: Fix global-out-of-bounds in
tmc_update_etf_buffer() (bsc#1012628).
- coresight: Propagate symlink failure (bsc#1012628).
- ipack/carriers/tpci200: Fix a double free in tpci200_pci_probe
(bsc#1012628).
- tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT
(bsc#1012628).
- tracing: Simplify & fix saved_tgids logic (bsc#1012628).
- rq-qos: fix missed wake-ups in rq_qos_throttle try two
(bsc#1012628).
- seq_buf: Fix overflow in seq_buf_putmem_hex() (bsc#1012628).
- lkdtm: Enable DOUBLE_FAULT on all architectures (bsc#1012628).
- extcon: intel-mrfld: Sync hardware and software state on init
(bsc#1012628).
- selftests/lkdtm: Fix expected text for CR4 pinning
(bsc#1012628).
- lkdtm/bugs: XFAIL UNALIGNED_LOAD_STORE_WRITE (bsc#1012628).
- nvmem: core: add a missing of_node_put (bsc#1012628).
- mfd: syscon: Free the allocated name field of struct
regmap_config (bsc#1012628).
- power: supply: ab8500: Fix an old bug (bsc#1012628).
- ubifs: Fix races between xattr_{set|get} and listxattr
operations (bsc#1012628).
- thermal/drivers/int340x/processor_thermal: Fix tcc setting
(bsc#1012628).
- ipmi/watchdog: Stop watchdog timer when the current action is
'none' (bsc#1012628).
- qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute
(bsc#1012628).
- i40e: fix PTP on 5Gb links (bsc#1012628).
- mwifiex: bring down link before deleting interface
(bsc#1012628).
- ASoC: tegra: Set driver_name=tegra for all machine drivers
(bsc#1012628).
- fpga: stratix10-soc: Add missing fpga_mgr_free() call
(bsc#1012628).
- clocksource/arm_arch_timer: Improve Allwinner A64 timer
workaround (bsc#1012628).
- cpu/hotplug: Cure the cpusets trainwreck (bsc#1012628).
- arm64: tlb: fix the TTL value of tlb_get_level (bsc#1012628).
- ata: ahci_sunxi: Disable DIPM (bsc#1012628).
- docs: Makefile: Use CONFIG_SHELL not SHELL (bsc#1012628).
- mmc: core: Allow UHS-I voltage switch for SDSC cards if
supported (bsc#1012628).
- mmc: core: clear flags before allowing to retune (bsc#1012628).
- mmc: sdhci: Fix warning message when accessing RPMB in HS400
mode (bsc#1012628).
- mmc: sdhci-acpi: Disable write protect detection on Toshiba
Encore 2 WT8-B (bsc#1012628).
- drm/i915/display: Do not zero past infoframes.vsc (bsc#1012628).
- drm/ingenic: Switch IPU plane to type OVERLAY (bsc#1012628).
- drm/nouveau: Don't set allow_fb_modifiers explicitly
(bsc#1012628).
- drm/arm/malidp: Always list modifiers (bsc#1012628).
- drm/msm/mdp4: Fix modifier support enabling (bsc#1012628).
- drm/tegra: Don't set allow_fb_modifiers explicitly
(bsc#1012628).
- drm/ingenic: Fix pixclock rate for 24-bit serial panels
(bsc#1012628).
- drm/amd/display: Reject non-zero src_y and src_x for video
planes (bsc#1012628).
- pinctrl/amd: Add device HID for new AMD GPIO controller
(bsc#1012628).
- drm/amd/display: fix incorrrect valid irq check (bsc#1012628).
- drm/rockchip: dsi: remove extra component_del() call
(bsc#1012628).
- drm/dp: Handle zeroed port counts in
drm_dp_read_downstream_info() (bsc#1012628).
- drm/vc4: hdmi: Prevent clock unbalance (bsc#1012628).
- drm/vc4: crtc: Skip the TXP (bsc#1012628).
- drm/vc4: txp: Properly set the possible_crtcs mask
(bsc#1012628).
- drm/radeon: Call radeon_suspend_kms() in radeon_pci_shutdown()
for Loongson64 (bsc#1012628).
- drm/radeon: Add the missed drm_gem_object_put() in
radeon_user_framebuffer_create() (bsc#1012628).
- drm/amdgpu: fix the hang caused by PCIe link width switch
(bsc#1012628).
- drm/amdgpu: fix NAK-G generation during PCI-e link width switch
(bsc#1012628).
- drm/amdgpu: enable sdma0 tmz for Raven/Renoir(V2) (bsc#1012628).
- drm/amdgpu: Update NV SIMD-per-CU to 2 (bsc#1012628).
- drm/amdgpu: add new dimgrey cavefish DID (bsc#1012628).
- powerpc/powernv/vas: Release reference to tgid during window
close (bsc#1012628).
- powerpc/barrier: Avoid collision with clang's __lwsync macro
(bsc#1012628).
- powerpc/xive: Fix error handling when allocating an IPI
(bsc#1012628).
- powerpc/bpf: Reject atomic ops in ppc32 JIT (bsc#1012628).
- powerpc/mm: Fix lockup on kernel exec fault (bsc#1012628).
- mm/mremap: hold the rmap lock in write mode when moving page
table entries (bsc#1012628).
- MIPS: MT extensions are not available on MIPS32r1 (bsc#1012628).
- PCI: tegra194: Fix host initialization during resume
(bsc#1012628).
- MIPS: CI20: Reduce clocksource to 750 kHz (bsc#1012628).
- MIPS: set mips32r5 for virt extensions (bsc#1012628).
- MIPS: loongsoon64: Reserve memory below starting pfn to prevent
Oops (bsc#1012628).
- sctp: add size validation when walking chunks (bsc#1012628).
- sctp: validate from_addr_param return (bsc#1012628).
- flow_offload: action should not be NULL when it is referenced
(bsc#1012628).
- bpf: Fix false positive kmemleak report in
bpf_ringbuf_area_alloc() (bsc#1012628).
- sched/fair: Ensure _sum and _avg values stay consistent
(bsc#1012628).
- Bluetooth: btusb: fix bt fiwmare downloading failure issue
for qca btsoc (bsc#1012628).
- Bluetooth: btusb: use default nvm if boardID is 0 for wcn6855
(bsc#1012628).
- Bluetooth: mgmt: Fix the command returns garbage parameter value
(bsc#1012628).
- Bluetooth: btusb: Add support USB ALT 3 for WBS (bsc#1012628).
- Bluetooth: L2CAP: Fix invalid access on ECRED Connection
response (bsc#1012628).
- Bluetooth: L2CAP: Fix invalid access if ECRED Reconfigure fails
(bsc#1012628).
- Bluetooth: btusb: Add a new QCA_ROME device (0cf3:e500)
(bsc#1012628).
- Bluetooth: Shutdown controller after workqueues are flushed
or cancelled (bsc#1012628).
- Bluetooth: Fix alt settings for incoming SCO with transparent
coding format (bsc#1012628).
- Bluetooth: Fix the HCI to MGMT status conversion table
(bsc#1012628).
- Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails
(bsc#1012628).
- Bluetooth: btusb: Fixed too many in-token issue for Mediatek
Chip (bsc#1012628).
- RDMA/cma: Fix rdma_resolve_route() memory leak (bsc#1012628).
- net: ip: avoid OOM kills with large UDP sends over loopback
(bsc#1012628).
- net: retrieve netns cookie via getsocketopt (bsc#1012628).
- media, bpf: Do not copy more entries than user space requested
(bsc#1012628).
- IB/isert: Align target max I/O size to initiator size
(bsc#1012628).
- mac80211: Properly WARN on HW scan before restart (bsc#1012628).
- mac80211_hwsim: add concurrent channels scanning support over
virtio (bsc#1012628).
- mac80211: consider per-CPU statistics if present (bsc#1012628).
- cfg80211: fix default HE tx bitrate mask in 2G band
(bsc#1012628).
- wireless: wext-spy: Fix out-of-bounds warning (bsc#1012628).
- sfc: error code if SRIOV cannot be disabled (bsc#1012628).
- sfc: avoid double pci_remove of VFs (bsc#1012628).
- rtw88: add quirks to disable pci capabilities (bsc#1012628).
- rtw88: 8822c: update RF parameter tables to v62 (bsc#1012628).
- iwlwifi: pcie: fix context info freeing (bsc#1012628).
- iwlwifi: pcie: free IML DMA memory allocation (bsc#1012628).
- iwlwifi: mvm: fix error print when session protection ends
(bsc#1012628).
- iwlwifi: mvm: apply RX diversity per PHY context (bsc#1012628).
- iwlwifi: mvm: don't change band on bound PHY contexts
(bsc#1012628).
- RDMA/rxe: Don't overwrite errno from ib_umem_get()
(bsc#1012628).
- drm/amd/display: Fix edp_bootup_bl_level initialization issue
(bsc#1012628).
- vsock: notify server to shutdown when client has pending signal
(bsc#1012628).
- atm: nicstar: register the interrupt handler in the right place
(bsc#1012628).
- atm: nicstar: use 'dma_free_coherent' instead of 'kfree'
(bsc#1012628).
- net: fec: add ndo_select_queue to fix TX bandwidth fluctuations
(bsc#1012628).
- net: fec: add FEC_QUIRK_HAS_MULTI_QUEUES represents i.MX6SX
ENET IP (bsc#1012628).
- MIPS: add PMD table accounting into MIPS'pmd_alloc_one
(bsc#1012628).
- rtl8xxxu: Fix device info for RTL8192EU devices (bsc#1012628).
- mt76: fix iv and CCMP header insertion (bsc#1012628).
- mt76: mt7915: fix IEEE80211_HE_PHY_CAP7_MAX_NC for station mode
(bsc#1012628).
- mt76: connac: fix the maximum interval schedule scan can support
(bsc#1012628).
- mt76: connac: fix UC entry is being overwritten (bsc#1012628).
- mt76: mt7921: enable hw offloading for wep keys (bsc#1012628).
- mt76: mt7921: reset wfsys during hw probe (bsc#1012628).
- mt76: mt7921: fix reset under the deep sleep is enabled
(bsc#1012628).
- mt76: mt7915: fix tssi indication field of DBDC NICs
(bsc#1012628).
- drm/amdkfd: Walk through list with dqm lock hold (bsc#1012628).
- drm/amdgpu: fix bad address translation for sienna_cichlid
(bsc#1012628).
- io_uring: fix false WARN_ONCE (bsc#1012628).
- net: sched: fix error return code in tcf_del_walker()
(bsc#1012628).
- net: ipa: Add missing of_node_put() in ipa_firmware_load()
(bsc#1012628).
- net: fix mistake path for netdev_features_strings (bsc#1012628).
- mt76: dma: use ieee80211_tx_status_ext to free packets when
tx fails (bsc#1012628).
- mt76: mt7615: fix fixed-rate tx status reporting (bsc#1012628).
- ice: mark PTYPE 2 as reserved (bsc#1012628).
- ice: fix incorrect payload indicator on PTYPE (bsc#1012628).
- ext4: fix memory leak in ext4_fill_super (bsc#1012628).
- bpf: Fix up register-based shifts in interpreter to silence
KUBSAN (bsc#1012628).
- net: hsr: don't check sequence number if tag removal is
offloaded (bsc#1012628).
- drm/amdkfd: Fix circular lock in nocpsch path (bsc#1012628).
- drm/amdkfd: fix circular locking on get_wave_state
(bsc#1012628).
- cw1200: add missing MODULE_DEVICE_TABLE (bsc#1012628).
- wl1251: Fix possible buffer overflow in wl1251_cmd_scan
(bsc#1012628).
- net: phy: nxp-c45-tja11xx: enable MDIO write access to the
master/slave registers (bsc#1012628).
- wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP
(bsc#1012628).
- dm writecache: commit just one block, not a full page
(bsc#1012628).
- xfrm: Fix error reporting in xfrm_state_construct (bsc#1012628).
- ibmvnic: fix kernel build warnings in build_hdr_descs_arr
(bsc#1012628).
- drm/amd/display: Verify Gamma & Degamma LUT sizes in
amdgpu_dm_atomic_check (bsc#1012628).
- r8169: avoid link-up interrupt issue on RTL8106e if user
enables ASPM (bsc#1012628).
- selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC
(bsc#1012628).
- net: mido: mdio-mux-bcm-iproc: Use
devm_platform_get_and_ioremap_resource() (bsc#1012628).
- fjes: check return value after calling platform_get_resource()
(bsc#1012628).
- drm/amdkfd: use allowed domain for vmbo validation
(bsc#1012628).
- net: sgi: ioc3-eth: check return value after calling
platform_get_resource() (bsc#1012628).
- selftests: Clean forgotten resources as part of cleanup()
(bsc#1012628).
- net: phy: realtek: add delay to fix RXC generation issue
(bsc#1012628).
- drm/amd/display: Fix crash during MPO + ODM combine mode
recalculation (bsc#1012628).
- drm/amd/display: Fix off-by-one error in DML (bsc#1012628).
- drm/amd/display: Set DISPCLK_MAX_ERRDET_CYCLES to 7
(bsc#1012628).
- drm/amd/display: Release MST resources on switch from MST to
SST (bsc#1012628).
- drm/amd/display: Update scaling settings on modeset
(bsc#1012628).
- drm/amd/display: Revert "Fix clock table filling logic"
(bsc#1012628).
- drm/amd/display: Fix DCN 3.01 DSCCLK validation (bsc#1012628).
- net: moxa: Use devm_platform_get_and_ioremap_resource()
(bsc#1012628).
- net: micrel: check return value after calling
platform_get_resource() (bsc#1012628).
- net: mvpp2: check return value after calling
platform_get_resource() (bsc#1012628).
- net: bcmgenet: check return value after calling
platform_get_resource() (bsc#1012628).
- net: mscc: ocelot: check return value after calling
platform_get_resource() (bsc#1012628).
- virtio_net: Remove BUG() to avoid machine dead (bsc#1012628).
- ice: fix clang warning regarding deadcode.DeadStores
(bsc#1012628).
- ice: set the value of global config lock timeout longer
(bsc#1012628).
- pinctrl: mcp23s08: fix race condition in irq handler
(bsc#1012628).
- net: bridge: mrp: Update ring transitions (bsc#1012628).
- block: introduce BIO_ZONE_WRITE_LOCKED bio flag (bsc#1012628).
- dm: Fix dm_accept_partial_bio() relative to zone management
commands (bsc#1012628).
- dm writecache: don't split bios when overwriting contiguous
cache content (bsc#1012628).
- dm space maps: don't reset space map allocation cursor when
committing (bsc#1012628).
- RDMA/cxgb4: Fix missing error code in create_qp() (bsc#1012628).
- icmp: fix lib conflict with trinity (bsc#1012628).
- net: tcp better handling of reordering then loss cases
(bsc#1012628).
- clk: tegra: tegra124-emc: Fix clock imbalance in
emc_set_timing() (bsc#1012628).
- drm/amdgpu: remove unsafe optimization to drop preamble ib
(bsc#1012628).
- drm/amd/display: Avoid HDCP over-read and corruption
(bsc#1012628).
- drm/amdgpu: fix sdma firmware version error in sriov
(bsc#1012628).
- drm/amdgpu: fix metadata_size for ubo ioctl queries
(bsc#1012628).
- MIPS: ingenic: Select CPU_SUPPORTS_CPUFREQ &&
MIPS_EXTERNAL_TIMER (bsc#1012628).
- MIPS: cpu-probe: Fix FPU detection on Ingenic JZ4760(B)
(bsc#1012628).
- ipv6: use prandom_u32() for ID generation (bsc#1012628).
- virtio-net: Add validation for used length (bsc#1012628).
- drm: bridge: cdns-mhdp8546: Fix PM reference leak in
(bsc#1012628).
- clk: tegra: Ensure that PLLU configuration is applied properly
(bsc#1012628).
- clk: tegra: Fix refcounting of gate clocks (bsc#1012628).
- drm/tegra: hub: Fix YUV support (bsc#1012628).
- RDMA/rtrs: Change MAX_SESS_QUEUE_DEPTH (bsc#1012628).
- net: stmmac: the XPCS obscures a potential "PHY not found"
error (bsc#1012628).
- drm: rockchip: add missing registers for RK3066 (bsc#1012628).
- drm: rockchip: add missing registers for RK3188 (bsc#1012628).
- net/mlx5: Fix lag port remapping logic (bsc#1012628).
- net/mlx5e: IPsec/rep_tc: Fix rep_tc_update_skb drops IPsec
packet (bsc#1012628).
- drm/amdgpu/swsmu/aldebaran: fix check in is_dpm_running
(bsc#1012628).
- drm/amd/display: fix odm scaling (bsc#1012628).
- clk: renesas: r8a77995: Add ZA2 clock (bsc#1012628).
- drm/bridge: cdns: Fix PM reference leak in cdns_dsi_transfer()
(bsc#1012628).
- igb: fix assignment on big endian machines (bsc#1012628).
- igb: handle vlan types with checker enabled (bsc#1012628).
- e100: handle eeprom as little endian (bsc#1012628).
- drm/vc4: hdmi: Fix PM reference leak in
vc4_hdmi_encoder_pre_crtc_co() (bsc#1012628).
- drm/vc4: Fix clock source for VEC PixelValve on BCM2711
(bsc#1012628).
- drm/amd/pm: fix return value in aldebaran_set_mp1_state()
(bsc#1012628).
- net: xilinx_emaclite: Do not print real IOMEM pointer
(bsc#1012628).
- udf: Fix NULL pointer dereference in udf_symlink function
(bsc#1012628).
- drm/sched: Avoid data corruptions (bsc#1012628).
- drm/scheduler: Fix hang when sched_entity released
(bsc#1012628).
- pinctrl: equilibrium: Add missing MODULE_DEVICE_TABLE
(bsc#1012628).
- net: ethernet: ixp4xx: Fix return value check in
ixp4xx_eth_probe() (bsc#1012628).
- net/sched: cls_api: increase max_reclassify_loop (bsc#1012628).
- net: mdio: provide shim implementation of
devm_of_mdiobus_register (bsc#1012628).
- drm/virtio: Fix double free on probe failure (bsc#1012628).
- reiserfs: add check for invalid 1st journal block (bsc#1012628).
- drm/bridge: lt9611: Add missing MODULE_DEVICE_TABLE
(bsc#1012628).
- net: mdio: ipq8064: add regmap config to disable REGCACHE
(bsc#1012628).
- drm/panfrost: devfreq: Disable devfreq when num_supplies > 1
(bsc#1012628).
- drm/mediatek: Fix PM reference leak in mtk_crtc_ddp_hw_init()
(bsc#1012628).
- net: Treat __napi_schedule_irqoff() as __napi_schedule()
on PREEMPT_RT (bsc#1012628).
- atm: nicstar: Fix possible use-after-free in nicstar_cleanup()
(bsc#1012628).
- mISDN: fix possible use-after-free in HFC_cleanup()
(bsc#1012628).
- atm: iphase: fix possible use-after-free in ia_module_exit()
(bsc#1012628).
- hugetlb: clear huge pte during flush function on mips platform
(bsc#1012628).
- MIPS: Loongson64: Fix build error 'secondary_kexec_args'
undeclared under !SMP (bsc#1012628).
- clk: renesas: rcar-usb2-clock-sel: Fix error handling in
.probe() (bsc#1012628).
- drm/amd/display: fix use_max_lb flag for 420 pixel formats
(bsc#1012628).
- drm/amd/display: Fix clock table filling logic (bsc#1012628).
- drm/amdgpu: change the default timeout for kernel compute queues
(bsc#1012628).
- net: pch_gbe: Use proper accessors to BE data in pch_ptp_match()
(bsc#1012628).
- drm/imx: Add 8 pixel alignment fix (bsc#1012628).
- drm/bridge: nwl-dsi: Force a full modeset when
crtc_state->active is changed to be true (bsc#1012628).
- drm/vc4: fix argument ordering in vc4_crtc_get_margins()
(bsc#1012628).
- drm/amd/amdgpu/sriov disable all ip hw status by default
(bsc#1012628).
- drm/amd/display: Fix BSOD with NULL check (bsc#1012628).
- drm/amd/display: Revert wait vblank on update dpp clock
(bsc#1012628).
- drm/amd/display: fix HDCP reset sequence on reinitialize
(bsc#1012628).
- drm/ast: Fixed CVE for DP501 (bsc#1012628).
- drm/zte: Don't select DRM_KMS_FB_HELPER (bsc#1012628).
- drm/mxsfb: Don't select DRM_KMS_FB_HELPER (bsc#1012628).
- commit 6e62593
- armv6hl/armv7hl: set CRYPTO_ECDSA=m (bsc#1188327)
This avoids a crash on boot as the ECDSA code relies on unaligned
accesses.
- commit ccf5b18
++++ ncurses:
- Add ncurses patch 20210718
+ correct typo in "vip" comments (report by Nick Black), reviewed this
against Glink manual -TD
+ fill in some missing pieces for pccons, to make it comparable to the
vt220 entry -TD
+ modify mk-1st.awk to account for extra-suffix configure option
(report by Juergen Pfeifer).
+ change default for --disable-wattr-macros option to help packagers
who reuse wide ncursesw header file with non-wide ncurses library.
+ build-fix for test/test_opaque.c, for configurations without opaque
curses structs.
++++ numactl:
- Update to version 2.0.14.17.g498385e:
* numactl.c: fix use after free
* sysfs.c: prevent mem leak in sysfs_node_read()
* sysfs.c: don't leak fd if fail in sysfs_read()
* shm.c: fix memleak in verify_shm()
* shm.c: fix memleak in dump_shm()
* fix description for numa_node_size64 in man as well
* fix numa_node_size definition in manpage numa.3
* link with -latomic if needed
* libnuma: make numa_police_memory() free of race
* numademo: Use first two nodes instead of node 0 and 1
- Enhance _service magic
- Enable automake
++++ netcfg:
- Add localhost.localdomain fallback hostname used by NetworkManager
(bsc#1177835).
++++ openssh:
- The linux kernel has close_range(2) syscall which current glibc
uses to implement closefrom(3) which will be then used by openssh.
whitelist the new system call so closefrom does not fail or
fallback to iterating proc/self/fd (openssh-whitelist-syscalls.patch)
++++ osinfo-db:
- bsc#1188336 - openSUSE Tumbleweed unattended installation in
libvirt fails due to invalid autoyast.xml
Drop fix-autoyast-validation.patch
------------------------------------------------------------------
------------------ 2021-7-18 - Jul 18 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Update to 5.14-rc2
- update configs
- NCSI_OEM_CMD_KEEP_PHY=y
- EDAC_IGEN6=m (x86_64 only)
- commit 1d63327
- series.conf: cleanup
- move submitted patch to "almost mainline" section:
- patches.suse/arm64-dts-rockchip-Disable-CDN-DP-on-Pinebook-Pro.patch
- commit df2d619
++++ polkit:
- Change to using systemd-sysusers
- Remove unneeded shadow dependency, no longer required due to
systemd-sysusers
- Fix 50-default.rules file-parent-ownership-mismatch warning
- Remove --with-pic, no effect with --disable-static
++++ libselinux:
- Add missing libselinux-utils Provides to selinux-tools so that
%selinux_requires works
++++ mozilla-nspr:
- update to version 4.32
* implement new socket option PR_SockOpt_DontFrag
* support larger DNS records by increasing the default buffer
size for DNS queries
++++ runc:
- Update to runc v1.0.1. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.0.1
* Fixed occasional runc exec/run failure ("interrupted system call") on an
Azure volume.
* Fixed "unable to find groups ... token too long" error with /etc/group
containing lines longer than 64K characters.
* cgroup/systemd/v1: fix leaving cgroup frozen after Set if a parent cgroup is
frozen. This is a regression in 1.0.0, not affecting runc itself but some
of libcontainer users (e.g Kubernetes).
* cgroupv2: bpf: Ignore inaccessible existing programs in case of
permission error when handling replacement of existing bpf cgroup
programs. This fixes a regression in 1.0.0, where some SELinux
policies would block runc from being able to run entirely.
* cgroup/systemd/v2: don't freeze cgroup on Set.
* cgroup/systemd/v1: avoid unnecessary freeze on Set.
- Remove upstreamed patches:
+ boo1187704-0001-cgroupv2-ebpf-ignore-inaccessible-existing-programs.patch
------------------------------------------------------------------
------------------ 2021-7-17 - Jul 17 2021 -------------------
------------------------------------------------------------------
++++ gstreamer-plugins-base:
- Add 90903917.patch: Fix build with meson >= 0.58.0rc1
++++ libbpf:
- libbpf is now a separate project, stop building from the kernel
(bsc#1188419 jsc#SLE-17288 jsc#SLE-18805).
- Fix LIBSUBDIR
+ libdir.patch
++++ libcap:
- update to 2.51:
* Fix capsh installation
* Add an autoauth module flag to pam_cap.so
* Unified libcap/cap (Go) and libcap (C) default generation of external format binary data
* API enhancement cap_fill() and (*cap.Set).Fill() - to permit copying one
capability flag to another.
* --explain=cap_foo: describe what cap_foo does
* --suggest=phrase: search all the cap descriptions and describe those that match the phrase
* Add "keepcaps" module argument support to pam_cap.so (reported by Zoltan Fridrich. Bug 212945)
* extend libcap to include cap_prctl() and cap_prctlw() functions to regain
feature parity with Go "cap" package. These are only needed when linking
against -lpsx for keepcaps POSIX semantics.
* this likely requires substantial application changes to make Ambient
capability support usable in general, but doing our part for the admin.
* Add a test case for recent kernel fix
* Go pragma fix for convenience functions in "cap" module
++++ harfbuzz:
- Drop pkgconfig(chafa) BuildRequires for now: causes a cycle
between chafa and harfbuzz, and disable it in meson
++++ libogg:
- update to 1.3.5:
* Fix unsigned typedef problem on macOS.
* Fix overflow check in ogg_sync_buffer.
* Clean up cmake and autotools build files.
* Remove Symbian and Apple XCode build files.
* Fix documentation cross-reference links.
++++ podman:
- Update to version 3.2.3:
* Bump to v3.2.3
* Update release notes for v3.2.3
* vendor containers/common@v0.38.16
* vendor containers/buildah@v1.21.3
* Fix race conditions in rootless cni setup
* CNI-in-slirp4netns: fix bind-mount for /run/systemd/resolve/stub-resolv.conf
* Make rootless-cni setup more robust
* Support uid,gid,mode options for secrets
* vendor containers/common@v0.38.15
* [CI:DOCS] podman search: clarify that results depend on implementation
* vendor containers/common@v0.38.14
* vendor containers/common@v0.38.13
* [3.2] vendor containers/common@v0.38.12
* Bump README to v3.2.2
* Bump to v3.2.3-dev
++++ python-pycairo:
- update to 1.20.1
* setup.py: Respect the PKG_CONFIG environment variable
* Make import_cairo inline in addition to static
* docs: Fix example in Pattern.set_filter() docs _pr_`221`
* docs: Fix build with newer sphinx
* docs: Fix NumPy width, height-conventions in examples
* docs: Last parameter of rel_curve_to should be dy3, not dy4
* mypy: Fixes for mypy 0.800+
* mypy: Don't run mypy via pytest
++++ xkeyboard-config:
- update to version 2.33
* translation updates
* Replaced division slash with fraction slash on Neo2 (de) layout
* rules: correct Indic IPA to use iso639 code "eng"
* rules: remove two non-existing ISO639 codes
* rules: change ISO639 language codes to 639-2/T only
* rules: the xkb.dtd file is not an XML document
* symbols/nl: Add a "Dutch (US)" variant
* Simplify gb(basic) so that Shift+Right Alt behaves the same as Right Alt+Shift.
------------------------------------------------------------------
------------------ 2021-7-16 - Jul 16 2021 -------------------
------------------------------------------------------------------
++++ k3s-install:
- Update to version 1.21.2+k3s1:
* Update to v1.21.2 (#3479)
* Renamed client-cloud-controller crt and key (#3472)
* Send systemd notifications for both server and agent (#3430) (#3460)
* Changed iptables version check for fail if version is between 1.8.0 and 1.8.3 and using nf_tables mode (#3454)
* Add kubernetes.default.svc to serving certs
* Fix RBAC cloud-controller-manager name 3308 (#3388) (#3408)
* Add a path for wireguard's privatekey
* Update flannel version
* move object channel defer close to goroutine
* add retention default and wire in s3 prune
* add etcd snapshot save subcommand
- Initial Package
++++ kernel-default:
- rpm/kernel-binary.spec.in: Do not install usrmerged kernel on Leap
(boo#1184804).
- commit 5b51131
++++ kernel-firmware:
- Update to version 20210716 (git commit b7c134f0d349):
* linux-firmware: update NXP 8897/8997 firmware images
* rtlwifi: de-dupe rtl8723b WiFi firmware
* rtlwifi: de-dupe rtl8192e WiFi firmware
* linux-firmware: update frimware for mediatek bluetooth chip (MT7921)
* cxgb4: Update firmware to revision 1.26.0.0
* firmware/i915/guc: Add HuC v7.9.3 for TGL & DG1
* firmware/i915/guc: Add GuC v62.0.3 for ADL-P
* firmware/i915/guc: Add GuC v62.0.0 for all platforms
- Make TW packages only installable on post-UsrMerge systems;
the packages for Leap are found in OBS Kernel:stable:Backport repo,
instead
- Update aliases from 5.14-rc1
++++ libslirp:
- Update to version 4.6.0:
* build-sys: forgot to bump version to 4.6.0
* changelog: post-release
* Release v4.6.0
* udp: check upd_input buffer size
* tftp: introduce a header structure
* tftp: check tftp_input buffer size
* upd6: check udp6_input buffer size
* bootp: check bootp_input buffer size
* bootp: limit vendor-specific area to input packet memory buffer
* Revert "Set macOS deployment target to macOS 10.4"
++++ libvirt:
- spec: Don't forcibly remove '--listen' arg from
/etc/sysconfig/libvirtd. Add '--timeout 120' if '--listen' is
not specified.
bsc#1188232
- spec: Remove the sysconfig fillup files for the various daemons
- Dropped patches:
suse-libvirtd-sysconfig-settings.patch,
suse-virtlockd-sysconfig-settings.patch,
suse-virtlogd-sysconfig-settings.patch
- spec: Add bash-completion dependency to libvirt-daemon and
libvirt-client. It was mistakenly dropped when
libvirt-bash-completion was merged into the daemon and client
subpackages
- qemu: Use correct flag constant for enabling storage migration
f58349c9-qemu-storage-migration.patch
bsc#1188171
++++ salt:
- Do noop for services states when running systemd in offline mode (bsc#1187787)
- transactional_updates: do not execute states in parallel but use a queue (bsc#1188170)
- Added:
* do-noop-for-services-states-when-running-systemd-in-.patch
++++ python-cffi:
- update to 1.14.6:
* Revert "grovel: detect :float and :double in the :auto type"
++++ selinux-policy:
- Update to version 20210716
- Remove interfaces for container module before building the package
(bsc#1188184)
- Updated
* fix_init.patch
* fix_systemd_watch.patch
to adapt to upstream changes
------------------------------------------------------------------
------------------ 2021-7-15 - Jul 15 2021 -------------------
------------------------------------------------------------------
++++ Mesa:
- update to 21.1.5
* fith bugfix release
++++ Mesa-drivers:
- update to 21.1.5
* fith bugfix release
++++ apparmor:
- added apparmor-dovecot-stats-metrics.diff to allow Prometheus metrics end-point
++++ glib2:
- Silence output in libgio-2_0-0 post scriptlet in case the
ENV-mimeapps.list files do not exist: we are ready to create them
in this case. An error message is only confusing.
++++ kernel-default:
- arm64: dts: rockchip: Disable CDN DP on Pinebook Pro
(bsc#1188234).
- commit 73020a9
++++ libapparmor:
- added apparmor-dovecot-stats-metrics.diff to allow Prometheus metrics end-point
++++ libgcrypt:
- Fix building test t-lock with pthread. [bsc#1189745]
* Explicitly add -lpthread to compile the t-lock test.
* Add libgcrypt-pthread-in-t-lock-test.patch
++++ tpm2-0-tss:
- Remove conflicting sysusers.d file
++++ mokutil:
- Update to 0.5.0
+ mokutil: delete key/hash from the reverse request
+ efi_x509: fix an error handling in is_immediate_ca()
+ efi_x509: fix certificates fingerprint calculation
+ efi_x509: use EVP_Digest()* functions instead of the deprecated
SHA1_*()
+ src/util.c: fix NULL pointer dereference in mok_get_variable
+ mokutil: Read the SbatLevelRT variable to get the SBAT entries
+ mokutil: add mok-variables parsing support
+ mokutil: Add option to print the UEFI SBAT variable content
+ mokutil: only check for Secure Boot support in options that
need it
+ efi_x509: add the function to fetch SKID
+ keyring: add the function to check kernel keyring
+ mokutil: initialize data for efi_get_variable()
+ mokutil: correct the data for efi_set_variable() in
set_password()
+ mokutil: improve the readability of issue_mok_request()
+ mokutil: drop the checks for PK and KEK
+ mokutil: check the blocklists before enrolling a key
+ mokutil: adjust the command bits
+ mokutil: remove "--simple-hash"
+ make CA check non-fatal
+ mokutil: close file in the error path
+ mokutil: do the CA check
+ efi_x509: add the function to check immediate CA
+ efi_x509: use d2i_X509() to create X509 handling
+ mokutil: rename hash_file as pw_hash_file
+ password-crypt: update the function names
+ password-crypt: fix the types of several functions
+ mokutil: fix the error message in sb_state()
+ mokutil: move x509 functions to efi_x509.c
+ mokutil: move the hash functions to efi_hash.c
+ util: add functions for db_var_name and db_friendly_name
+ Remove the SHA1 code from identify_hash_type()
+ Map the UEFI variable names with a function
+ Fix -Wcast-align warnings
+ Fix 32 bit build
+ Add --timeout to manpage and other corrections.
+ mokutil.c: fix typo enrollement -> enrollment
+ Avoid taking pointer to packed struct
+ Fix name of --enable-validation in the description
+ Remove shebang from bash-completion/mokutil
- Add mokutil-fix-missing-header.patch to fix the compilation error
due to the missing header
- Refresh mokutil-remove-libkeyutils-check.patch and only apply
it to openSUSE Leap 15.*
- Drop upstreamed patches:
+ mokutil-remove-shebang-from-bash-completion-file.patch
+ mokutil-bsc1173115-add-ca-and-keyring-checks.patch
- Drop mokutil-support-revoke-builtin-cert.patch since we don't use
the builtin cert prompt patch in shim anymore.
++++ selinux-policy:
- Use tabrmd SELinux modules from tpm2.0-abrmd instead of storing
here
++++ shim:
- Update the SLE signatures (sync shim.changes from SLE)
++++ sysuser-tools:
- Use /bin/bash for sysusers-generate-pre
------------------------------------------------------------------
------------------ 2021-7-14 - Jul 14 2021 -------------------
------------------------------------------------------------------
++++ containerd:
[ This patch was only released in SLES and Leap. ]
- Add patch for GHSA-c72p-9xmj-rx3w. CVE-2021-32760 bsc#1188282
+ bsc1188282-use-chmod-path-for-checking-symlink.patch
++++ kernel-default:
- Linux 5.13.2 (bsc#1012628).
- Bluetooth: hci_qca: fix potential GPF (bsc#1012628).
- Bluetooth: Remove spurious error message (bsc#1012628).
- ALSA: bebob: fix rx packet format for Yamaha GO44/GO46,
Terratec Phase 24/x24 (bsc#1012628).
- ALSA: usb-audio: fix rate on Ozone Z90 USB headset
(bsc#1012628).
- ALSA: usb-audio: Fix OOB access at proc output (bsc#1012628).
- ALSA: firewire-motu: fix stream format for MOTU 8pre FireWire
(bsc#1012628).
- ALSA: usb-audio: scarlett2: Fix wrong resume call (bsc#1012628).
- ALSA: intel8x0: Fix breakage at ac97 clock measurement
(bsc#1012628).
- ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 450 G8
(bsc#1012628).
- ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 445 G8
(bsc#1012628).
- ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 630 G8
(bsc#1012628).
- ALSA: hda/realtek: Add another ALC236 variant support
(bsc#1012628).
- ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook x360
830 G8 (bsc#1012628).
- ALSA: hda/realtek: Improve fixup for HP Spectre x360 15-df0xxx
(bsc#1012628).
- ALSA: hda/realtek: Fix bass speaker DAC mapping for Asus UM431D
(bsc#1012628).
- ALSA: hda/realtek: Apply LED fixup for HP Dragonfly G1, too
(bsc#1012628).
- ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook 830
G8 Notebook PC (bsc#1012628).
- ALSA: hda/realtek: fix mute led of the HP Pavilion 15-eh1xxx
series (bsc#1012628).
- media: dvb-usb: fix wrong definition (bsc#1012628).
- Input: usbtouchscreen - fix control-request directions
(bsc#1012628).
- net: can: ems_usb: fix use-after-free in ems_usb_disconnect()
(bsc#1012628).
- usb: gadget: eem: fix echo command packet response issue
(bsc#1012628).
- usb: renesas-xhci: Fix handling of unknown ROM state
(bsc#1012628).
- USB: cdc-acm: blacklist Heimann USB Appset device (bsc#1012628).
- usb: dwc3: Fix debugfs creation flow (bsc#1012628).
- usb: typec: tcpci: Fix up sink disconnect thresholds for PD
(bsc#1012628).
- usb: typec: tcpm: Relax disconnect threshold during power
negotiation (bsc#1012628).
- usb: typec: Add the missed altmode_id_remove() in
typec_register_altmode() (bsc#1012628).
- xhci: solve a double free problem while doing s4 (bsc#1012628).
- mm/page_alloc: fix memory map initialization for descending
nodes (bsc#1012628).
- gfs2: Fix underflow in gfs2_page_mkwrite (bsc#1012628).
- gfs2: Fix error handling in init_statfs (bsc#1012628).
- ntfs: fix validity check for file name attribute (bsc#1012628).
- selftests/lkdtm: Avoid needing explicit sub-shell (bsc#1012628).
- copy_page_to_iter(): fix ITER_DISCARD case (bsc#1012628).
- teach copy_page_to_iter() to handle compound pages
(bsc#1012628).
- iov_iter_fault_in_readable() should do nothing in xarray case
(bsc#1012628).
- Input: joydev - prevent use of not validated data in
JSIOCSBTNMAP ioctl (bsc#1012628).
- crypto: nx - Fix memcpy() over-reading in nonce (bsc#1012628).
- arm_pmu: Fix write counter incorrect in ARMv7 big-endian mode
(bsc#1012628).
- ARM: dts: ux500: Fix LED probing (bsc#1012628).
- ARM: dts: at91: sama5d4: fix pinctrl muxing (bsc#1012628).
- btrfs: zoned: print message when zone sanity check type fails
(bsc#1012628).
- btrfs: zoned: bail out if we can't read a reliable write pointer
(bsc#1012628).
- btrfs: send: fix invalid path for unlink operations after
parent orphanization (bsc#1012628).
- btrfs: compression: don't try to compress if we don't have
enough pages (bsc#1012628).
- btrfs: fix unbalanced unlock in qgroup_account_snapshot()
(bsc#1012628).
- btrfs: clear defrag status of a root if starting transaction
fails (bsc#1012628).
- ext4: cleanup in-core orphan list if ext4_truncate() failed
to get a transaction handle (bsc#1012628).
- ext4: fix kernel infoleak via ext4_extent_header (bsc#1012628).
- ext4: fix overflow in ext4_iomap_alloc() (bsc#1012628).
- ext4: return error code when ext4_fill_flex_info() fails
(bsc#1012628).
- ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit
(bsc#1012628).
- ext4: remove check for zero nr_to_scan in ext4_es_scan()
(bsc#1012628).
- ext4: fix avefreec in find_group_orlov (bsc#1012628).
- ext4: use ext4_grp_locked_error in mb_find_extent (bsc#1012628).
- can: bcm: delay release of struct bcm_op after synchronize_rcu()
(bsc#1012628).
- can: gw: synchronize rcu operations before removing gw job entry
(bsc#1012628).
- can: isotp: isotp_release(): omit unintended hrtimer restart
on socket release (bsc#1012628).
- can: j1939: j1939_sk_init(): set SOCK_RCU_FREE to call
sk_destruct() after RCU is done (bsc#1012628).
- can: peak_pciefd: pucan_handle_status(): fix a potential
starvation issue in TX path (bsc#1012628).
- mac80211: remove iwlwifi specific workaround that broke sta
NDP tx (bsc#1012628).
- mac80211: fix NULL ptr dereference during mesh peer connection
for non HE devices (bsc#1012628).
- SUNRPC: Fix the batch tasks count wraparound (bsc#1012628).
- SUNRPC: Should wake up the privileged task firstly
(bsc#1012628).
- bus: mhi: core: Fix power down latency (bsc#1012628).
- bus: mhi: Wait for M2 state during system resume (bsc#1012628).
- bus: mhi: pci-generic: Add missing
'pci_disable_pcie_error_reporting()' calls (bsc#1012628).
- mm/gup: fix try_grab_compound_head() race with split_huge_page()
(bsc#1012628).
- perf/smmuv3: Don't trample existing events with global filter
(bsc#1012628).
- KVM: nVMX: Handle split-lock #AC exceptions that happen in L2
(bsc#1012628).
- KVM: PPC: Book3S HV: Workaround high stack usage with clang
(bsc#1012628).
- KVM: x86/mmu: Remove broken WARN that fires on 32-bit KVM w/
nested EPT (bsc#1012628).
- KVM: x86/mmu: Treat NX as used (not reserved) for all !TDP
shadow MMUs (bsc#1012628).
- KVM: x86/mmu: Use MMU's role to detect CR4.SMEP value in nested
NPT walk (bsc#1012628).
- KVM: x86: Properly reset MMU context at vCPU RESET/INIT
(bsc#1012628).
- KVM: x86: Force all MMUs to reinitialize if guest CPUID is
modified (bsc#1012628).
- s390/cio: dont call css_wait_for_slow_path() inside a lock
(bsc#1012628).
- s390: mm: Fix secure storage access exception handling
(bsc#1012628).
- f2fs: Advertise encrypted casefolding in sysfs (bsc#1012628).
- f2fs: Prevent swap file in LFS mode (bsc#1012628).
- clk: k210: Fix k210_clk_set_parent() (bsc#1012628).
- clk: agilex/stratix10/n5x: fix how the bypass_reg is handled
(bsc#1012628).
- clk: agilex/stratix10: remove noc_clk (bsc#1012628).
- clk: agilex/stratix10: fix bypass representation (bsc#1012628).
- clk: agilex/stratix10: add support for the 2nd bypass
(bsc#1012628).
- rtc: stm32: Fix unbalanced clk_disable_unprepare() on probe
error path (bsc#1012628).
- iio: frequency: adf4350: disable reg and clk on error in
adf4350_probe() (bsc#1012628).
- iio: light: tcs3472: do not free unallocated IRQ (bsc#1012628).
- iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1}
and PS_DATA as volatile, too (bsc#1012628).
- iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR
(bsc#1012628).
- iio: ltr501: ltr501_read_ps(): add missing endianness conversion
(bsc#1012628).
- iio: accel: bma180: Fix BMA25x bandwidth register values
(bsc#1012628).
- iio: accel: bmc150: Fix bma222 scale unit (bsc#1012628).
- iio: accel: bmc150: Fix dereferencing the wrong pointer in
bmc150_get/set_second_device (bsc#1012628).
- iio: accel: bmc150: Don't make the remove function of the
second accelerometer unregister itself (bsc#1012628).
- serial: mvebu-uart: fix calculation of clock divisor
(bsc#1012628).
- serial: sh-sci: Stop dmaengine transfer in sci_stop_tx()
(bsc#1012628).
- serial_cs: Add Option International GSM-Ready 56K/ISDN modem
(bsc#1012628).
- serial_cs: remove wrong GLOBETROTTER.cis entry (bsc#1012628).
- ath9k: Fix kernel NULL pointer dereference during
ath_reset_internal() (bsc#1012628).
- ssb: sdio: Don't overwrite const buffer if block_write fails
(bsc#1012628).
- rsi: Assign beacon rate settings to the correct rate_info
descriptor field (bsc#1012628).
- rsi: fix AP mode with WPA failure due to encrypted EAPOL
(bsc#1012628).
- selftests/resctrl: Fix incorrect parsing of option "-t"
(bsc#1012628).
- tracing/histograms: Fix parsing of "sym-offset" modifier
(bsc#1012628).
- tracepoint: Add tracepoint_probe_register_may_exist() for BPF
tracing (bsc#1012628).
- seq_buf: Make trace_seq_putmem_hex() support data longer than 8
(bsc#1012628).
- powerpc/stacktrace: Fix spurious "stale" traces in
raise_backtrace_ipi() (bsc#1012628).
- x86/gpu: add JasperLake to gen11 early quirks (bsc#1012628).
- perf/x86/intel: Fix fixed counter check warning for some Alder
Lake (bsc#1012628).
- perf/x86/intel: Add more events requires FRONTEND MSR on
Sapphire Rapids (bsc#1012628).
- perf/x86/intel: Fix instructions:ppp support in Sapphire Rapids
(bsc#1012628).
- loop: Fix missing discard support when using LOOP_CONFIGURE
(bsc#1012628).
- evm: Execute evm_inode_init_security() only when an HMAC key
is loaded (bsc#1012628).
- evm: Refuse EVM_ALLOW_METADATA_WRITES only if an HMAC key is
loaded (bsc#1012628).
- fuse: Fix crash in fuse_dentry_automount() error path
(bsc#1012628).
- fuse: Fix crash if superblock of submount gets killed early
(bsc#1012628).
- fuse: Fix infinite loop in sget_fc() (bsc#1012628).
- fuse: ignore PG_workingset after stealing (bsc#1012628).
- fuse: check connected before queueing on fpq->io (bsc#1012628).
- fuse: reject internal errno (bsc#1012628).
- thermal/cpufreq_cooling: Update offline CPUs per-cpu
thermal_pressure (bsc#1012628).
- spi: Make of_register_spi_device also set the fwnode
(bsc#1012628).
- Add a reference to ucounts for each cred (bsc#1012628).
- staging: media: rkvdec: fix pm_runtime_get_sync() usage count
(bsc#1012628).
- media: i2c: imx334: fix the pm runtime get logic (bsc#1012628).
- media: marvel-ccic: fix some issues when getting pm_runtime
(bsc#1012628).
- media: mdk-mdp: fix pm_runtime_get_sync() usage count
(bsc#1012628).
- media: s5p: fix pm_runtime_get_sync() usage count (bsc#1012628).
- media: am437x: fix pm_runtime_get_sync() usage count
(bsc#1012628).
- media: sh_vou: fix pm_runtime_get_sync() usage count
(bsc#1012628).
- media: mtk-vcodec: fix PM runtime get logic (bsc#1012628).
- media: s5p-jpeg: fix pm_runtime_get_sync() usage count
(bsc#1012628).
- media: sunxi: fix pm_runtime_get_sync() usage count
(bsc#1012628).
- media: sti/bdisp: fix pm_runtime_get_sync() usage count
(bsc#1012628).
- media: exynos4-is: fix pm_runtime_get_sync() usage count
(bsc#1012628).
- media: exynos-gsc: fix pm_runtime_get_sync() usage count
(bsc#1012628).
- spi: spi-loopback-test: Fix 'tx_buf' might be 'rx_buf'
(bsc#1012628).
- spi: spi-topcliff-pch: Fix potential double free in
pch_spi_process_messages() (bsc#1012628).
- spi: omap-100k: Fix the length judgment problem (bsc#1012628).
- regulator: uniphier: Add missing MODULE_DEVICE_TABLE
(bsc#1012628).
- sched/core: Initialize the idle task with preemption disabled
(bsc#1012628).
- hwrng: exynos - Fix runtime PM imbalance on error (bsc#1012628).
- crypto: nx - add missing MODULE_DEVICE_TABLE (bsc#1012628).
- media: sti: fix obj-$(config) targets (bsc#1012628).
- sched: Make the idle task quack like a per-CPU kthread
(bsc#1012628).
- media: cpia2: fix memory leak in cpia2_usb_probe (bsc#1012628).
- media: cobalt: fix race condition in setting HPD (bsc#1012628).
- media: hevc: Fix dependent slice segment flags (bsc#1012628).
- media: pvrusb2: fix warning in pvr2_i2c_core_done (bsc#1012628).
- media: imx: imx7_mipi_csis: Fix logging of only error event
counters (bsc#1012628).
- crypto: qat - check return code of qat_hal_rd_rel_reg()
(bsc#1012628).
- crypto: qat - remove unused macro in FW loader (bsc#1012628).
- crypto: qce: skcipher: Fix incorrect sg count for dma transfers
(bsc#1012628).
- crypto: ecdh - fix ecdh-nist-p192's entry in testmgr
(bsc#1012628).
- crypto: ecdh - fix 'ecdh_init' (bsc#1012628).
- arm64: perf: Convert snprintf to sysfs_emit (bsc#1012628).
- sched/fair: Fix ascii art by relpacing tabs (bsc#1012628).
- ima: Don't remove security.ima if file must not be appraised
(bsc#1012628).
- media: i2c: ov2659: Use clk_{prepare_enable,disable_unprepare}()
to set xvclk on/off (bsc#1012628).
- media: bt878: do not schedule tasklet when it is not setup
(bsc#1012628).
- media: em28xx: Fix possible memory leak of em28xx struct
(bsc#1012628).
- media: hantro: Fix .buf_prepare (bsc#1012628).
- media: cedrus: Fix .buf_prepare (bsc#1012628).
- media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release
(bsc#1012628).
- media: bt8xx: Fix a missing check bug in bt878_probe
(bsc#1012628).
- media: st-hva: Fix potential NULL pointer dereferences
(bsc#1012628).
- crypto: hisilicon/sec - fixup 3des minimum key size declaration
(bsc#1012628).
- arm64: entry: don't instrument entry code with KCOV
(bsc#1012628).
- Makefile: fix GDB warning with CONFIG_RELR (bsc#1012628).
- media: dvd_usb: memory leak in cinergyt2_fe_attach
(bsc#1012628).
- memstick: rtsx_usb_ms: fix UAF (bsc#1012628).
- mmc: sdhci-sprd: use sdhci_sprd_writew (bsc#1012628).
- mmc: via-sdmmc: add a check against NULL pointer dereference
(bsc#1012628).
- mmc: sdhci-of-aspeed: Turn down a phase correction warning
(bsc#1012628).
- spi: meson-spicc: fix a wrong goto jump for avoiding memory leak
(bsc#1012628).
- spi: meson-spicc: fix memory leak in meson_spicc_probe
(bsc#1012628).
- regulator: mt6315: Fix checking return value of
devm_regmap_init_spmi_ext (bsc#1012628).
- crypto: shash - avoid comparing pointers to exported functions
under CFI (bsc#1012628).
- media: dvb_net: avoid speculation from net slot (bsc#1012628).
- media: dvbdev: fix error logic at dvb_register_device()
(bsc#1012628).
- media: siano: fix device register error path (bsc#1012628).
- media: imx-csi: Skip first few frames from a BT.656 source
(bsc#1012628).
- hwmon: (max31790) Report correct current pwm duty cycles
(bsc#1012628).
- hwmon: (max31790) Fix pwmX_enable attributes (bsc#1012628).
- sched/fair: Take thermal pressure into account while estimating
energy (bsc#1012628).
- perf/x86: Reset the dirty counter to prevent the leak for an
RDPMC task (bsc#1012628).
- drivers/perf: fix the missed ida_simple_remove() in
ddr_perf_probe() (bsc#1012628).
- KVM: arm64: Restore PMU configuration on first run
(bsc#1012628).
- KVM: PPC: Book3S HV: Fix TLB management on SMT8 POWER9 and
POWER10 processors (bsc#1012628).
- btrfs: fix error handling in __btrfs_update_delayed_inode
(bsc#1012628).
- btrfs: abort transaction if we fail to update the delayed inode
(bsc#1012628).
- btrfs: always abort the transaction if we abort a trans handle
(bsc#1012628).
- btrfs: sysfs: fix format string for some discard stats
(bsc#1012628).
- btrfs: don't clear page extent mapped if we're not invalidating
the full page (bsc#1012628).
- btrfs: disable build on platforms having page size 256K
(bsc#1012628).
- locking/lockdep: Fix the dep path printing for backwards BFS
(bsc#1012628).
- lockding/lockdep: Avoid to find wrong lock dep path in
check_irq_usage() (bsc#1012628).
- KVM: s390: get rid of register asm usage (bsc#1012628).
- regulator: mt6358: Fix vdram2 .vsel_mask (bsc#1012628).
- regulator: da9052: Ensure enough delay time for
.set_voltage_time_sel (bsc#1012628).
- media: Fix Media Controller API config checks (bsc#1012628).
- seccomp: Support atomic "addfd + send reply" (bsc#1012628).
- HID: do not use down_interruptible() when unbinding devices
(bsc#1012628).
- EDAC/ti: Add missing MODULE_DEVICE_TABLE (bsc#1012628).
- ACPI: scan: Rearrange dep_unmet initialization (bsc#1012628).
- hv_utils: Fix passing zero to 'PTR_ERR' warning (bsc#1012628).
- lib: vsprintf: Fix handling of number field widths in vsscanf
(bsc#1012628).
- Input: goodix - platform/x86: touchscreen_dmi - Move upside
down quirks to touchscreen_dmi.c (bsc#1012628).
- platform/x86: touchscreen_dmi: Add an extra entry for the upside
down Goodix touchscreen on Teclast X89 tablets (bsc#1012628).
- platform/x86: touchscreen_dmi: Add info for the Goodix GT912
panel of TM800A550L tablets (bsc#1012628).
- ACPI: EC: Make more Asus laptops use ECDT _GPE (bsc#1012628).
- block_dump: remove block_dump feature in mark_inode_dirty()
(bsc#1012628).
- blk-mq: grab rq->refcount before calling ->fn in
blk_mq_tagset_busy_iter (bsc#1012628).
- blk-mq: clear stale request in tags->rq[] before freeing one
request pool (bsc#1012628).
- fs: dlm: fix srcu read lock usage (bsc#1012628).
- fs: dlm: reconnect if socket error report occurs (bsc#1012628).
- fs: dlm: cancel work sync othercon (bsc#1012628).
- fs: dlm: fix connection tcp EOF handling (bsc#1012628).
- random32: Fix implicit truncation warning in
prandom_seed_state() (bsc#1012628).
- open: don't silently ignore unknown O-flags in openat2()
(bsc#1012628).
- drivers: hv: Fix missing error code in vmbus_connect()
(bsc#1012628).
- fs: dlm: fix lowcomms_start error case (bsc#1012628).
- fs: dlm: fix memory leak when fenced (bsc#1012628).
- ACPICA: Fix memory leak caused by _CID repair function
(bsc#1012628).
- ACPI: bus: Call kobject_put() in acpi_init() error path
(bsc#1012628).
- ACPI: resources: Add checks for ACPI IRQ override (bsc#1012628).
- HID: hid-input: add Surface Go battery quirk (bsc#1012628).
- HID: sony: fix freeze when inserting ghlive ps3/wii dongles
(bsc#1012628).
- block: fix race between adding/removing rq qos and normal IO
(bsc#1012628).
- platform/x86: asus-nb-wmi: Revert "Drop duplicate DMI quirk
structures" (bsc#1012628).
- platform/x86: asus-nb-wmi: Revert "add support for ASUS ROG
Zephyrus G14 and G15" (bsc#1012628).
- platform/x86: toshiba_acpi: Fix missing error code in
toshiba_acpi_setup_keyboard() (bsc#1012628).
- nvme-pci: fix var. type for increasing cq_head (bsc#1012628).
- nvmet-fc: do not check for invalid target port in
nvmet_fc_handle_fcp_rqst() (bsc#1012628).
- EDAC/Intel: Do not load EDAC driver when running as a guest
(bsc#1012628).
- tools/power/x86/intel-speed-select: Fix uncore memory frequency
display (bsc#1012628).
- PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv()
(bsc#1012628).
- cifs: improve fallocate emulation (bsc#1012628).
- cifs: fix check of dfs interlinks (bsc#1012628).
- cifs: retry lookup and readdir when EAGAIN is returned
(bsc#1012628).
- smb3: fix uninitialized value for port in witness protocol move
(bsc#1012628).
- cifs: fix SMB1 error path in cifs_get_file_info_unix
(bsc#1012628).
- ACPI: EC: trust DSDT GPE for certain HP laptop (bsc#1012628).
- block, bfq: fix delayed stable merge check (bsc#1012628).
- clocksource: Retry clock read if long delays detected
(bsc#1012628).
- clocksource: Check per-CPU clock synchronization when marked
unstable (bsc#1012628).
- tpm_tis_spi: add missing SPI device ID entries (bsc#1012628).
- ACPI: tables: Add custom DSDT file as makefile prerequisite
(bsc#1012628).
- smb3: fix possible access to uninitialized pointer to DACL
(bsc#1012628).
- HID: wacom: Correct base usage for capacitive ExpressKey status
bits (bsc#1012628).
- cifs: fix missing spinlock around update to ses->status
(bsc#1012628).
- mailbox: qcom: Use PLATFORM_DEVID_AUTO to register platform
device (bsc#1012628).
- block: fix discard request merge (bsc#1012628).
- kthread_worker: fix return value when kthread_mod_delayed_work()
races with kthread_cancel_delayed_work_sync() (bsc#1012628).
- ia64: mca_drv: fix incorrect array size calculation
(bsc#1012628).
- writeback, cgroup: increment isw_nr_in_flight before grabbing
an inode (bsc#1012628).
- mm: define default MAX_PTRS_PER_* in include/pgtable.h
(bsc#1012628).
- kbuild: skip per-CPU BTF generation for pahole v1.18-v1.21
(bsc#1012628).
- spi: Allow to have all native CSs in use along with GPIOs
(bsc#1012628).
- spi: Avoid undefined behaviour when counting unused native CSs
(bsc#1012628).
- media: venus: Rework error fail recover logic (bsc#1012628).
- media: s5p_cec: decrement usage count if disabled (bsc#1012628).
- media: i2c: ccs-core: return the right error code at suspend
(bsc#1012628).
- media: hantro: do a PM resume earlier (bsc#1012628).
- crypto: ixp4xx - dma_unmap the correct address (bsc#1012628).
- crypto: ixp4xx - update IV after requests (bsc#1012628).
- crypto: ux500 - Fix error return code in hash_hw_final()
(bsc#1012628).
- sata_highbank: fix deferred probing (bsc#1012628).
- pata_rb532_cf: fix deferred probing (bsc#1012628).
- media: I2C: change 'RST' to "RSET" to fix multiple build errors
(bsc#1012628).
- sched/uclamp: Fix wrong implementation of cpu.uclamp.min
(bsc#1012628).
- sched/uclamp: Fix locking around cpu_util_update_eff()
(bsc#1012628).
- kbuild: Fix objtool dependency for
'OBJECT_FILES_NON_STANDARD_<obj> := n' (bsc#1012628).
- pata_octeon_cf: avoid WARN_ON() in ata_host_activate()
(bsc#1012628).
- evm: fix writing <securityfs>/evm overflow (bsc#1012628).
- crypto: testmgr - fix initialization of 'secret_size'
(bsc#1012628).
- crypto: hisilicon/hpre - fix unmapping invalid dma address
(bsc#1012628).
- x86/elf: Use _BITUL() macro in UAPI headers (bsc#1012628).
- crypto: sa2ul - Fix leaks on failure paths with sa_dma_init()
(bsc#1012628).
- crypto: sa2ul - Fix pm_runtime enable in sa_ul_probe()
(bsc#1012628).
- crypto: sa2ul - Use of_device_get_match_data() helper
(bsc#1012628).
- crypto: ccp - Fix a resource leak in an error handling path
(bsc#1012628).
- media: rc: i2c: Fix an error message (bsc#1012628).
- regulator: bd71815: add select to fix build (bsc#1012628).
- pata_ep93xx: fix deferred probing (bsc#1012628).
- locking/lockdep: Reduce LOCKDEP dependency list (bsc#1012628).
- sched: Don't defer CPU pick to migration_cpu_stop()
(bsc#1012628).
- media: ipu3-cio2: Fix reference counting when looping over
ACPI devices (bsc#1012628).
- media: venus: hfi_cmds: Fix conceal color property
(bsc#1012628).
- media: rkvdec: Fix .buf_prepare (bsc#1012628).
- media: exynos4-is: Fix a use after free in isp_video_release
(bsc#1012628).
- media: au0828: fix a NULL vs IS_ERR() check (bsc#1012628).
- media: tc358743: Fix error return code in tc358743_probe_of()
(bsc#1012628).
- media: vicodec: Use _BITUL() macro in UAPI headers
(bsc#1012628).
- media: gspca/gl860: fix zero-length control requests
(bsc#1012628).
- regulator: fan53555: Fix missing slew_reg/mask/shift settings
for FAN53526 (bsc#1012628).
- drivers/perf: hisi: Fix data source control (bsc#1012628).
- m68k: atari: Fix ATARI_KBD_CORE kconfig unmet dependency warning
(bsc#1012628).
- media: siano: Fix out-of-bounds warnings in
smscore_load_firmware_family2() (bsc#1012628).
- regulator: fan53880: Fix vsel_mask setting for FAN53880_BUCK
(bsc#1012628).
- crypto: nitrox - fix unchecked variable in
nitrox_register_interrupts (bsc#1012628).
- crypto: omap-sham - Fix PM reference leak in omap sham ops
(bsc#1012628).
- crypto: x86/curve25519 - fix cpu feature checking logic in
mod_exit (bsc#1012628).
- crypto: sm2 - fix a memory leak in sm2 (bsc#1012628).
- mmc: usdhi6rol0: fix error return code in usdhi6_probe()
(bsc#1012628).
- arm64/mm: Fix ttbr0 values stored in struct thread_info for
software-pan (bsc#1012628).
- media: v4l2-core: ignore native time32 ioctls on 64-bit
(bsc#1012628).
- media: subdev: remove VIDIOC_DQEVENT_TIME32 handling
(bsc#1012628).
- media: s5p-g2d: Fix a memory leak on ctx->fh.m2m_ctx
(bsc#1012628).
- media: i2c: rdacm21: Fix OV10640 powerup (bsc#1012628).
- media: i2c: rdacm21: Power up OV10640 before OV490
(bsc#1012628).
- hwmon: (pmbus/bpa-rs600) Handle Vin readings >= 256V
(bsc#1012628).
- hwmon: (lm70) Revert "hwmon: (lm70) Add support for ACPI"
(bsc#1012628).
- hwmon: (max31722) Remove non-standard ACPI device IDs
(bsc#1012628).
- hwmon: (max31790) Fix fan speed reporting for fan7..12
(bsc#1012628).
- KVM: nVMX: Add a return code to
vmx_complete_nested_posted_interrupt (bsc#1012628).
- KVM: nVMX: Sync all PGDs on nested transition with shadow paging
(bsc#1012628).
- KVM: nVMX: Ensure 64-bit shift when checking VMFUNC bitmap
(bsc#1012628).
- KVM: nVMX: Don't clobber nested MMU's A/D status on EPTP switch
(bsc#1012628).
- KVM: x86/mmu: Fix return value in
tdp_mmu_map_handle_target_level() (bsc#1012628).
- KVM: x86/mmu: Fix pf_fixed count in
tdp_mmu_map_handle_target_level() (bsc#1012628).
- perf/arm-cmn: Fix invalid pointer when access dtc object
sharing the same IRQ number (bsc#1012628).
- KVM: arm64: Don't zero the cycle count register when PMCR_EL0.P
is set (bsc#1012628).
- regulator: hi655x: Fix pass wrong pointer to config.driver_data
(bsc#1012628).
- regulator: qcom-rpmh: Add terminator at the end of
pm7325x_vreg_data[] array (bsc#1012628).
- regulator: hi6421v600: Fix setting idle mode (bsc#1012628).
- regulator: bd9576: Fix the driver name in id table
(bsc#1012628).
- btrfs: clear log tree recovering status if starting transaction
fails (bsc#1012628).
- x86/sev: Make sure IRQs are disabled while GHCB is active
(bsc#1012628).
- x86/sev: Split up runtime #VC handler for correct state tracking
(bsc#1012628).
- sched/rt: Fix RT utilization tracking during policy change
(bsc#1012628).
- sched/rt: Fix Deadline utilization tracking during policy change
(bsc#1012628).
- sched/uclamp: Fix uclamp_tg_restrict() (bsc#1012628).
- lockdep: Fix wait-type for empty stack (bsc#1012628).
- lockdep/selftests: Fix selftests vs PROVE_RAW_LOCK_NESTING
(bsc#1012628).
- x86/sev: Use "SEV: " prefix for messages from sev.c
(bsc#1012628).
- spi: spi-sun6i: Fix chipselect/clock bug (bsc#1012628).
- perf: Fix task context PMU for Hetero (bsc#1012628).
- crypto: nx - Fix RCU warning in nx842_OF_upd_status
(bsc#1012628).
- objtool: Don't make .altinstructions writable (bsc#1012628).
- psi: Fix race between psi_trigger_create/destroy (bsc#1012628).
- KVM: selftests: fix triple fault if ept=0 in dirty_log_test
(bsc#1012628).
- KVM: selftests: Remove errant asm/barrier.h include to fix
arm64 build (bsc#1012628).
- media: video-mux: Skip dangling endpoints (bsc#1012628).
- media: mtk-vpu: on suspend, read/write regs only if vpu is
running (bsc#1012628).
- media: s5p-mfc: Fix display delay control creation
(bsc#1012628).
- EDAC/aspeed: Use proper format string for printing resource
(bsc#1012628).
- PM / devfreq: Add missing error code in devfreq_add_device()
(bsc#1012628).
- ACPI: PM / fan: Put fan device IDs into separate header file
(bsc#1012628).
- block: avoid double io accounting for flush request
(bsc#1012628).
- x86/hyperv: fix logical processor creation (bsc#1012628).
- nvme-pci: look for StorageD3Enable on companion ACPI device
instead (bsc#1012628).
- ACPI: tables: FPDT: Add missing acpi_put_table() in
acpi_init_fpdt() (bsc#1012628).
- ACPI: sysfs: Fix a buffer overrun problem with
description_show() (bsc#1012628).
- mark pstore-blk as broken (bsc#1012628).
- md: revert io stats accounting (bsc#1012628).
- HID: surface-hid: Fix get-report request (bsc#1012628).
- clocksource/drivers/timer-ti-dm: Save and restore timer
TIOCP_CFG (bsc#1012628).
- nvme-tcp: fix error codes in nvme_tcp_setup_ctrl()
(bsc#1012628).
- extcon: extcon-max8997: Fix IRQ freeing at error path
(bsc#1012628).
- ACPI: APEI: fix synchronous external aborts in user-mode
(bsc#1012628).
- EDAC/igen6: fix core dependency (bsc#1012628).
- blk-wbt: introduce a new disable state to prevent false positive
by rwb_enabled() (bsc#1012628).
- blk-wbt: make sure throttle is enabled properly (bsc#1012628).
- block, bfq: avoid delayed merge of async queues (bsc#1012628).
- block, bfq: reset waker pointer with shared queues
(bsc#1012628).
- ACPI: bgrt: Fix CFI violation (bsc#1012628).
- cpufreq: Make cpufreq_online() call driver->offline() on errors
(bsc#1012628).
- PM / devfreq: passive: Fix get_target_freq when not using
required-opp (bsc#1012628).
- block: fix trace completion for chained bio (bsc#1012628).
- blk-mq: update hctx->dispatch_busy in case of real scheduler
(bsc#1012628).
- ocfs2: fix snprintf() checking (bsc#1012628).
- dax: fix ENOMEM handling in grab_mapping_entry() (bsc#1012628).
- mm/debug_vm_pgtable: ensure THP availability via
has_transparent_hugepage() (bsc#1012628).
- mm: mmap_lock: use local locks instead of disabling preemption
(bsc#1012628).
- swap: fix do_swap_page() race with swapoff (bsc#1012628).
- mm/shmem: fix shmem_swapin() race with swapoff (bsc#1012628).
- mm: memcg/slab: properly set up gfp flags for objcg pointer
array (bsc#1012628).
- mm/page_alloc: fix counting of managed_pages (bsc#1012628).
- xfrm: xfrm_state_mtu should return at least 1280 for ipv6
(bsc#1012628).
- drm/bridge/sii8620: fix dependency on extcon (bsc#1012628).
- drm/bridge: Fix the stop condition of
drm_bridge_chain_pre_enable() (bsc#1012628).
- drm/amd/dc: Fix a missing check bug in dm_dp_mst_detect()
(bsc#1012628).
- drm/ast: Fix missing conversions to managed API (bsc#1012628).
- drm/bridge: anx7625: Fix power on delay (bsc#1012628).
- drm/bridge: fix LONTIUM_LT8912B dependencies (bsc#1012628).
- video: fbdev: imxfb: Fix an error message (bsc#1012628).
- drm/imx: ipuv3-plane: do not advertise YUV formats on planes
without CSC (bsc#1012628).
- drm/imx: ipuv3-plane: fix PRG modifiers after drm managed
resource conversion (bsc#1012628).
- rtnetlink: avoid RCU read lock when holding RTNL (bsc#1012628).
- net: mvpp2: Put fwnode in error case during ->probe()
(bsc#1012628).
- net: pch_gbe: Propagate error from devm_gpio_request_one()
(bsc#1012628).
- pinctrl: renesas: r8a7796: Add missing bias for PRESET# pin
(bsc#1012628).
- pinctrl: renesas: r8a77990: JTAG pins do not have pull-down
capabilities (bsc#1012628).
- RDMA/hns: Remove the condition of light load for posting DWQE
(bsc#1012628).
- drm/vmwgfx: Mark a surface gpu-dirty after the
SVGA3dCmdDXGenMips command (bsc#1012628).
- drm/vmwgfx: Fix cpu updates of coherent multisample surfaces
(bsc#1012628).
- libbpf: Fix ELF symbol visibility update logic (bsc#1012628).
- drm/i915: Merge fix for "drm: Switch to %p4cc format modifier"
(bsc#1012628).
- net: qrtr: ns: Fix error return code in qrtr_ns_init()
(bsc#1012628).
- clk: meson: g12a: fix gp0 and hifi ranges (bsc#1012628).
- drm/amd/display: fix potential gpu reset deadlock (bsc#1012628).
- drm/amd/display: Avoid HPD IRQ in GPU reset state (bsc#1012628).
- drm/amd/display: take dc_lock in short pulse handler only
(bsc#1012628).
- net: ftgmac100: add missing error return code in
ftgmac100_probe() (bsc#1012628).
- clk: rockchip: fix rk3568 cpll clk gate bits (bsc#1012628).
- clk: sunxi-ng: v3s: fix incorrect postdivider on pll-audio
(bsc#1012628).
- drm/vc4: crtc: Pass the drm_atomic_state to config_pv
(bsc#1012628).
- drm/vc4: crtc: Fix vc4_get_crtc_encoder logic (bsc#1012628).
- drm/vc4: crtc: Lookup the encoder from the register at boot
(bsc#1012628).
- drm: rockchip: set alpha_en to 0 if it is not used
(bsc#1012628).
- drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare()
on error in cdn_dp_grf_write() (bsc#1012628).
- drm/rockchip: dsi: move all lane config except LCDC mux to
bind() (bsc#1012628).
- drm/rockchip: lvds: Fix an error handling path (bsc#1012628).
- drm/rockchip: cdn-dp: fix sign extension on an int multiply
for a u64 result (bsc#1012628).
- mptcp: fix pr_debug in mptcp_token_new_connect (bsc#1012628).
- mptcp: generate subflow hmac after mptcp_finish_join()
(bsc#1012628).
- mptcp: make sure flag signal is set when add addr with port
(bsc#1012628).
- RDMA/hns: Fix wrong timer context buffer page size
(bsc#1012628).
- RDMA/srp: Fix a recently introduced memory leak (bsc#1012628).
- RDMA/rtrs-clt: Check state of the rtrs_clt_sess before reading
its stats (bsc#1012628).
- RDMA/rtrs: Do not reset hb_missed_max after re-connection
(bsc#1012628).
- RDMA/rtrs-srv: Fix memory leak of unfreed rtrs_srv_stats object
(bsc#1012628).
- RDMA/rtrs-srv: Fix memory leak when having multiple sessions
(bsc#1012628).
- RDMA/rtrs-clt: Check if the queue_depth has changed during a
reconnection (bsc#1012628).
- RDMA/rtrs-clt: Fix memory leak of not-freed sess->stats and
stats->pcpu_stats (bsc#1012628).
- ehea: fix error return code in ehea_restart_qps() (bsc#1012628).
- clk: tegra30: Use 300MHz for video decoder by default
(bsc#1012628).
- xfrm: remove the fragment check for ipv6 beet mode
(bsc#1012628).
- net/sched: act_vlan: Fix modify to allow 0 (bsc#1012628).
- RDMA/core: Sanitize WQ state received from the userspace
(bsc#1012628).
- IB/cm: Pair cm_alloc_response_msg() with a
cm_free_response_msg() (bsc#1012628).
- IB/cm: Split cm_alloc_msg() (bsc#1012628).
- Revert "IB/cm: Mark stale CM id's whenever the mad agent was
unregistered" (bsc#1012628).
- IB/cm: Improve the calling of cm_init_av_for_lap and
cm_init_av_by_path (bsc#1012628).
- drm/pl111: depend on CONFIG_VEXPRESS_CONFIG (bsc#1012628).
- RDMA/rxe: Fix failure during driver load (bsc#1012628).
- drm/pl111: Actually fix CONFIG_VEXPRESS_CONFIG depends
(bsc#1012628).
- drm/vc4: hdmi: Fix error path of hpd-gpios (bsc#1012628).
- clk: vc5: fix output disabling when enabling a FOD
(bsc#1012628).
- drm: qxl: ensure surf.data is ininitialized (bsc#1012628).
- stmmac: prefetch right address (bsc#1012628).
- net: stmmac: Fix potential integer overflow (bsc#1012628).
- tools/bpftool: Fix error return code in do_batch()
(bsc#1012628).
- ath10k: go to path err_unsupported when chip id is not supported
(bsc#1012628).
- ath10k: add missing error return code in ath10k_pci_probe()
(bsc#1012628).
- wireless: carl9170: fix LEDS build errors & warnings
(bsc#1012628).
- ieee802154: hwsim: Fix possible memory leak in
hwsim_subscribe_all_others (bsc#1012628).
- clk: imx8mq: remove SYS PLL 1/2 clock gates (bsc#1012628).
- wcn36xx: Move hal_buf allocation to devm_kmalloc in probe
(bsc#1012628).
- net: wwan: Fix WWAN config symbols (bsc#1012628).
- drm/i915/selftests: Reorder tasklet_disable vs local_bh_disable
(bsc#1012628).
- ssb: Fix error return code in ssb_bus_scan() (bsc#1012628).
- brcmfmac: fix setting of station info chains bitmask
(bsc#1012628).
- brcmfmac: correctly report average RSSI in station info
(bsc#1012628).
- brcmfmac: Fix a double-free in brcmf_sdio_bus_reset
(bsc#1012628).
- brcmsmac: mac80211_if: Fix a resource leak in an error handling
path (bsc#1012628).
- cw1200: Revert unnecessary patches that fix unreal
use-after-free bugs (bsc#1012628).
- ath11k: Fix an error handling path in
ath11k_core_fetch_board_data_api_n() (bsc#1012628).
- ath10k: Fix an error code in ath10k_add_interface()
(bsc#1012628).
- ath11k: send beacon template after vdev_start/restart during
csa (bsc#1012628).
- wil6210: remove erroneous wiphy locking (bsc#1012628).
- netlabel: Fix memory leak in netlbl_mgmt_add_common
(bsc#1012628).
- RDMA/mlx5: Don't add slave port to unaffiliated list
(bsc#1012628).
- netfilter: nft_exthdr: check for IPv6 packet before further
processing (bsc#1012628).
- netfilter: nft_osf: check for TCP packet before further
processing (bsc#1012628).
- netfilter: nft_tproxy: restrict support to TCP and UDP transport
protocols (bsc#1012628).
- RDMA/rxe: Fix qp reference counting for atomic ops
(bsc#1012628).
- selftests/bpf: Whitelist test_progs.h from .gitignore
(bsc#1012628).
- selftests/bpf: Fix ringbuf test fetching map FD (bsc#1012628).
- xsk: Fix missing validation for skb and unaligned mode
(bsc#1012628).
- xsk: Fix broken Tx ring validation (bsc#1012628).
- bpf: Fix libelf endian handling in resolv_btfids (bsc#1012628).
- RDMA/rtrs-srv: Set minimal max_send_wr and max_recv_wr
(bsc#1012628).
- RDMA/hns: Clear extended doorbell info before using
(bsc#1012628).
- samples/bpf: Fix Segmentation fault for xdp_redirect command
(bsc#1012628).
- samples/bpf: Fix the error return code of xdp_redirect's main()
(bsc#1012628).
- net: pxa168_eth: Fix a potential data race in pxa168_eth_remove
(bsc#1012628).
- mt76: mt7915: fix a signedness bug in mt7915_mcu_apply_tx_dpd()
(bsc#1012628).
- mt76: fix possible NULL pointer dereference in mt76_tx
(bsc#1012628).
- mt76: mt7615: fix NULL pointer dereference in tx_prepare_skb()
(bsc#1012628).
- mt76: mt7921: fix mt7921_wfsys_reset sequence (bsc#1012628).
- mt76: mt7921: Don't alter Rx path classifier (bsc#1012628).
- mt76: connac: fw_own rely on all packet memory all being free
(bsc#1012628).
- mt76: connac: fix WoW with disconnetion and bitmap pattern
(bsc#1012628).
- mt76: mt7921: consider the invalid value for to_rssi
(bsc#1012628).
- mt76: mt7921: add back connection monitor support (bsc#1012628).
- mt76: mt7921: fix invalid register access in wake_work
(bsc#1012628).
- mt76: mt7921: fix OMAC idx usage (bsc#1012628).
- mt76: mt7921: avoid unnecessary consecutive WiFi resets
(bsc#1012628).
- mt76: mt7921: do not schedule hw reset if the device is not
running (bsc#1012628).
- mt76: testmode: fix memory leak in mt76_testmode_alloc_skb
(bsc#1012628).
- mt76: testmode: remove undefined behaviour in
mt76_testmode_alloc_skb (bsc#1012628).
- mt76: mt7615: fix potential overflow on large shift
(bsc#1012628).
- mt76: mt7915: fix MT_EE_CAL_GROUP_SIZE (bsc#1012628).
- mt76: mt7921: wake the device before dumping power table
(bsc#1012628).
- mt76: mt7915: fix rx fcs error count in testmode (bsc#1012628).
- mt76: mt7921: fix kernel warning when reset on vif is not sta
(bsc#1012628).
- mt76: mt7921: fix the coredump is being truncated (bsc#1012628).
- net: ethernet: aeroflex: fix UAF in greth_of_remove
(bsc#1012628).
- net: ethernet: ezchip: fix UAF in nps_enet_remove (bsc#1012628).
- net: ethernet: ezchip: fix error handling (bsc#1012628).
- selftests/bpf: Retry for EAGAIN in udp_redir_to_connected()
(bsc#1012628).
- udp: Fix a memory leak in udp_read_sock() (bsc#1012628).
- skmsg: Clear skb redirect pointer before dropping it
(bsc#1012628).
- skmsg: Fix a memory leak in sk_psock_verdict_apply()
(bsc#1012628).
- skmsg: Teach sk_psock_verdict_apply() to return errors
(bsc#1012628).
- vrf: do not push non-ND strict packets with a source LLA
through packet taps again (bsc#1012628).
- net: sched: add barrier to ensure correct ordering for lockless
qdisc (bsc#1012628).
- selftests: tls: clean up uninitialized warnings (bsc#1012628).
- selftests: tls: fix chacha+bidir tests (bsc#1012628).
- tls: prevent oversized sendfile() hangs by ignoring MSG_MORE
(bsc#1012628).
- netfilter: nf_tables: memleak in hw offload abort path
(bsc#1012628).
- netfilter: nf_tables_offload: check FLOW_DISSECTOR_KEY_BASIC
in VLAN transfer logic (bsc#1012628).
- mptcp: fix bad handling of 32 bit ack wrap-around (bsc#1012628).
- mptcp: fix 32 bit DSN expansion (bsc#1012628).
- net: mana: Fix a memory leak in an error handling path in
'mana_create_txq()' (bsc#1012628).
- net: dsa: mv88e6xxx: Fix adding vlan 0 (bsc#1012628).
- pkt_sched: sch_qfq: fix qfq_change_class() error path
(bsc#1012628).
- xfrm: Fix xfrm offload fallback fail case (bsc#1012628).
- netfilter: nf_tables: skip netlink portID validation if zero
(bsc#1012628).
- netfilter: nf_tables: do not allow to delete table with owner
by handle (bsc#1012628).
- iwlwifi: increase PNVM load timeout (bsc#1012628).
- bpf: Fix regression on BPF_OBJ_GET with non-O_RDWR flags
(bsc#1012628).
- rtw88: 8822c: fix lc calibration timing (bsc#1012628).
- vxlan: add missing rcu_read_lock() in neigh_reduce()
(bsc#1012628).
- bpf: Fix integer overflow in argument calculation for
bpf_map_area_alloc (bsc#1012628).
- mptcp: avoid race on msk state changes (bsc#1012628).
- ip6_tunnel: fix GRE6 segmentation (bsc#1012628).
- net/ipv4: swap flow ports when validating source (bsc#1012628).
- net: broadcom: bcm4908_enet: reset DMA rings sw indexes properly
(bsc#1012628).
- net: ti: am65-cpsw-nuss: Fix crash when changing number of TX
queues (bsc#1012628).
- tc-testing: fix list handling (bsc#1012628).
- RDMA/hns: Force rewrite inline flag of WQE (bsc#1012628).
- RDMA/hns: Fix uninitialized variable (bsc#1012628).
- ieee802154: hwsim: Fix memory leak in hwsim_add_one
(bsc#1012628).
- ieee802154: hwsim: avoid possible crash in hwsim_del_edge_nl()
(bsc#1012628).
- bpf: Fix null ptr deref with mixed tail calls and subprogs
(bsc#1012628).
- drm/msm/dp: handle irq_hpd with sink_count = 0 correctly
(bsc#1012628).
- drm/msm/disp/dpu1: avoid perf update in frame done event
(bsc#1012628).
- drm/msm: Fix error return code in msm_drm_init() (bsc#1012628).
- drm/msm/dpu: Fix error return code in dpu_mdss_init()
(bsc#1012628).
- mac80211: remove iwlwifi specific workaround NDPs of
null_response (bsc#1012628).
- net: bcmgenet: Fix attaching to PYH failed on RPi 4B
(bsc#1012628).
- ipv6: exthdrs: do not blindly use init_net (bsc#1012628).
- can: j1939: j1939_sk_setsockopt(): prevent allocation of j1939
filter for optlen == 0 (bsc#1012628).
- bpf: Do not change gso_size during bpf_skb_change_proto()
(bsc#1012628).
- i40e: Fix error handling in i40e_vsi_open (bsc#1012628).
- i40e: Fix autoneg disabling for non-10GBaseT links
(bsc#1012628).
- i40e: Fix missing rtnl locking when setting up pf switch
(bsc#1012628).
- RDMA/hns: Add a check to ensure integer mtu is positive
(bsc#1012628).
- RDMA/hns: Add window selection field of congestion control
(bsc#1012628).
- Revert "ibmvnic: simplify reset_long_term_buff function"
(bsc#1012628).
- Revert "ibmvnic: remove duplicate napi_schedule call in open
function" (bsc#1012628).
- ibmvnic: clean pending indirect buffs during reset
(bsc#1012628).
- ibmvnic: account for bufs already saved in indir_buf
(bsc#1012628).
- ibmvnic: set ltb->buff to NULL after freeing (bsc#1012628).
- ibmvnic: free tx_pool if tso_pool alloc fails (bsc#1012628).
- RDMA/cma: Protect RMW with qp_mutex (bsc#1012628).
- net: macsec: fix the length used to copy the key for offloading
(bsc#1012628).
- net: phy: mscc: fix macsec key length (bsc#1012628).
- net: atlantic: fix the macsec key length (bsc#1012628).
- ipv6: fix out-of-bound access in ip6_parse_tlv() (bsc#1012628).
- e1000e: Check the PCIm state (bsc#1012628).
- net: dsa: sja1105: fix NULL pointer dereference in
sja1105_reload_cbs() (bsc#1012628).
- bpfilter: Specify the log level for the kmsg message
(bsc#1012628).
- RDMA/cma: Fix incorrect Packet Lifetime calculation
(bsc#1012628).
- gve: Fix swapped vars when fetching max queues (bsc#1012628).
- Revert "be2net: disable bh with spin_lock in be_process_mcc"
(bsc#1012628).
- clk: zynqmp: fix compile testing without ZYNQMP_FIRMWARE
(bsc#1012628).
- Bluetooth: virtio_bt: add missing null pointer check on
alloc_skb call return (bsc#1012628).
- Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid
(bsc#1012628).
- Bluetooth: Fix Set Extended (Scan Response) Data (bsc#1012628).
- Bluetooth: Fix handling of HCI_LE_Advertising_Set_Terminated
event (bsc#1012628).
- clk: qcom: gcc: Add support for a new frequency for SC7280
(bsc#1012628).
- clk: actions: Fix UART clock dividers on Owl S500 SoC
(bsc#1012628).
- clk: actions: Fix SD clocks factor table on Owl S500 SoC
(bsc#1012628).
- clk: actions: Fix bisp_factor_table based clocks on Owl S500
SoC (bsc#1012628).
- clk: actions: Fix AHPPREDIV-H-AHB clock chain on Owl S500 SoC
(bsc#1012628).
- clk: qcom: clk-alpha-pll: fix CAL_L write in
alpha_pll_fabia_prepare (bsc#1012628).
- clk: si5341: Wait for DEVICE_READY on startup (bsc#1012628).
- clk: si5341: Avoid divide errors due to bogus register contents
(bsc#1012628).
- clk: si5341: Check for input clock presence and PLL lock on
startup (bsc#1012628).
- clk: si5341: Update initialization magic (bsc#1012628).
- bpf, x86: Fix extable offset calculation (bsc#1012628).
- writeback: fix obtain a reference to a freeing memcg css
(bsc#1012628).
- net: lwtunnel: handle MTU calculation in forwading
(bsc#1012628).
- net: sched: fix warning in tcindex_alloc_perfect_hash
(bsc#1012628).
- net: tipc: fix FB_MTU eat two pages (bsc#1012628).
- RDMA/mlx5: Don't access NULL-cleared mpi pointer (bsc#1012628).
- RDMA/core: Always release restrack object (bsc#1012628).
- MIPS: Fix PKMAP with 32-bit MIPS huge page support
(bsc#1012628).
- staging: rtl8712: Fix some tests against some 'data' subtype
frames (bsc#1012628).
- staging: fbtft: Rectify GPIO handling (bsc#1012628).
- staging: fbtft: Don't spam logs when probe is deferred
(bsc#1012628).
- ASoC: rt5682: Disable irq on shutdown (bsc#1012628).
- rcu: Invoke rcu_spawn_core_kthreads() from
rcu_spawn_gp_kthread() (bsc#1012628).
- serial: fsl_lpuart: don't modify arbitrary data on lpuart32
(bsc#1012628).
- serial: fsl_lpuart: remove RTSCTS handling from get_mctrl()
(bsc#1012628).
- serial: 8250_omap: fix a timeout loop condition (bsc#1012628).
- tty: nozomi: Fix a resource leak in an error handling function
(bsc#1012628).
- phy: ralink: phy-mt7621-pci: properly print pointer address
(bsc#1012628).
- mwifiex: re-fix for unaligned accesses (bsc#1012628).
- iio: adis_buffer: do not return ints in irq handlers
(bsc#1012628).
- iio: adis16400: do not return ints in irq handlers
(bsc#1012628).
- iio: adis16475: do not return ints in irq handlers
(bsc#1012628).
- iio: accel: bma180: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (bsc#1012628).
- iio: accel: bma220: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (bsc#1012628).
- iio: accel: hid: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (bsc#1012628).
- iio: accel: kxcjk-1013: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (bsc#1012628).
- iio: accel: mxc4005: Fix overread of data and alignment issue
(bsc#1012628).
- iio: accel: stk8312: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (bsc#1012628).
- iio: accel: stk8ba50: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (bsc#1012628).
- iio: adc: ti-ads1015: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (bsc#1012628).
- iio: adc: vf610: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (bsc#1012628).
- iio: gyro: bmg160: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (bsc#1012628).
- iio: humidity: am2315: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (bsc#1012628).
- iio: prox: srf08: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (bsc#1012628).
- iio: prox: pulsed-light: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (bsc#1012628).
- iio: prox: as3935: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (bsc#1012628).
- iio: magn: hmc5843: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (bsc#1012628).
- iio: magn: bmc150: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (bsc#1012628).
- iio: light: isl29125: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (bsc#1012628).
- iio: light: tcs3414: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (bsc#1012628).
- iio: light: tcs3472: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (bsc#1012628).
- iio: chemical: atlas: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (bsc#1012628).
- iio: cros_ec_sensors: Fix alignment of buffer in
iio_push_to_buffers_with_timestamp() (bsc#1012628).
- iio: potentiostat: lmp91000: Fix alignment of buffer in
iio_push_to_buffers_with_timestamp() (bsc#1012628).
- ASoC: rk3328: fix missing clk_disable_unprepare() on error in
rk3328_platform_probe() (bsc#1012628).
- ASoC: hisilicon: fix missing clk_disable_unprepare() on error
in hi6210_i2s_startup() (bsc#1012628).
- backlight: lm3630a_bl: Put fwnode in error case during ->probe()
(bsc#1012628).
- usb: typec: tcpm: Fix up PR_SWAP when vsafe0v is signalled
(bsc#1012628).
- ASoC: rsnd: tidyup loop on rsnd_adg_clk_query() (bsc#1012628).
- Input: hil_kbd - fix error return code in hil_dev_connect()
(bsc#1012628).
- perf scripting python: Fix tuple_set_u64() (bsc#1012628).
- mtd: partitions: redboot: seek fis-index-block in the right node
(bsc#1012628).
- mtd: parsers: qcom: Fix leaking of partition name (bsc#1012628).
- mtd: rawnand: arasan: Ensure proper configuration for the
asserted target (bsc#1012628).
- staging: mmal-vchiq: Fix incorrect static vchiq_instance
(bsc#1012628).
- char: pcmcia: error out if 'num_bytes_read' is greater than
4 in set_protocol() (bsc#1012628).
- misc/pvpanic-pci: Fix error handling in 'pvpanic_pci_probe()'
(bsc#1012628).
- misc/pvpanic-mmio: Fix error handling in 'pvpanic_mmio_probe()'
(bsc#1012628).
- firmware: stratix10-svc: Fix a resource leak in an error
handling path (bsc#1012628).
- tty: nozomi: Fix the error handling path of 'nozomi_card_init()'
(bsc#1012628).
- leds: class: The -ENOTSUPP should never be seen by user space
(bsc#1012628).
- leds: lgm-sso: Fix clock handling (bsc#1012628).
- leds: lm3532: select regmap I2C API (bsc#1012628).
- leds: lm36274: Put fwnode in error case during ->probe()
(bsc#1012628).
- leds: lm3692x: Put fwnode in any case during ->probe()
(bsc#1012628).
- leds: lm3697: Don't spam logs when probe is deferred
(bsc#1012628).
- leds: lp50xx: Put fwnode in error case during ->probe()
(bsc#1012628).
- scsi: FlashPoint: Rename si_flags field (bsc#1012628).
- scsi: iscsi: Stop queueing during ep_disconnect (bsc#1012628).
- scsi: iscsi: Force immediate failure during shutdown
(bsc#1012628).
- scsi: iscsi: Use system_unbound_wq for destroy_work
(bsc#1012628).
- scsi: iscsi: Rel ref after iscsi_lookup_endpoint()
(bsc#1012628).
- scsi: iscsi: Fix in-kernel conn failure handling (bsc#1012628).
- scsi: iscsi: Flush block work before unblock (bsc#1012628).
- mfd: mp2629: Select MFD_CORE to fix build error (bsc#1012628).
- mfd: Remove software node conditionally and locate at right
place (bsc#1012628).
- mfd: rn5t618: Fix IRQ trigger by changing it to level mode
(bsc#1012628).
- fsi: core: Fix return of error values on failures (bsc#1012628).
- fsi: scom: Reset the FSI2PIB engine for any error (bsc#1012628).
- fsi: occ: Don't accept response from un-initialized OCC
(bsc#1012628).
- fsi/sbefifo: Clean up correct FIFO when receiving reset request
from SBE (bsc#1012628).
- fsi/sbefifo: Fix reset timeout (bsc#1012628).
- visorbus: fix error return code in visorchipset_init()
(bsc#1012628).
- iommu/amd: Fix extended features logging (bsc#1012628).
- iommu/amd: Tidy up DMA ops init (bsc#1012628).
- s390: enable HAVE_IOREMAP_PROT (bsc#1012628).
- s390: appldata depends on PROC_SYSCTL (bsc#1012628).
- selftests: splice: Adjust for handler fallback removal
(bsc#1012628).
- iommu/dma: Fix IOVA reserve dma ranges (bsc#1012628).
- ASoC: max98373-sdw: add missing memory allocation check
(bsc#1012628).
- ASoC: max98373-sdw: use first_hw_init flag on resume
(bsc#1012628).
- ASoC: rt1308-sdw: use first_hw_init flag on resume
(bsc#1012628).
- ASoC: rt1316-sdw: use first_hw_init flag on resume
(bsc#1012628).
- ASoC: rt5682-sdw: use first_hw_init flag on resume
(bsc#1012628).
- ASoC: rt700-sdw: use first_hw_init flag on resume (bsc#1012628).
- ASoC: rt711-sdca-sdw: use first_hw_init flag on resume
(bsc#1012628).
- ASoC: rt711-sdw: use first_hw_init flag on resume (bsc#1012628).
- ASoC: rt715-sdca-sdw: use first_hw_init flag on resume
(bsc#1012628).
- ASoC: rt715-sdw: use first_hw_init flag on resume (bsc#1012628).
- ASoC: rt715-sdca: fix clock stop prepare timeout issue
(bsc#1012628).
- ASoC: rt5682: Fix a problem with error handling in the io init
function of the soundwire (bsc#1012628).
- ASoC: rt5682-sdw: set regcache_cache_only false before reading
RT5682_DEVICE_ID (bsc#1012628).
- ASoC: rt711-sdca-sdw: add readable for SDW_SDCA_CTL() registers
(bsc#1012628).
- ASoC: rt711-sdca: handle mbq_regmap in rt711_sdca_io_init
(bsc#1012628).
- ASoC: mediatek: mtk-btcvsd: Fix an error handling path in
'mtk_btcvsd_snd_probe()' (bsc#1012628).
- usb: gadget: f_fs: Fix setting of device and driver data
cross-references (bsc#1012628).
- usb: dwc2: Don't reset the core after setting turnaround time
(bsc#1012628).
- eeprom: idt_89hpesx: Put fwnode in matching case during
- >probe() (bsc#1012628).
- eeprom: idt_89hpesx: Restore printing the unsupported fwnode
name (bsc#1012628).
- mtd: spi-nor: otp: fix access to security registers in 4 byte
mode (bsc#1012628).
- mtd: spi-nor: otp: return -EROFS if region is read-only
(bsc#1012628).
- thunderbolt: Bond lanes only when dual_link_port != NULL in
alloc_dev_default() (bsc#1012628).
- mtd: spinand: Fix double counting of ECC stats (bsc#1012628).
- kunit: Fix result propagation for parameterised tests
(bsc#1012628).
- iio: dummy: Fix build error when CONFIG_IIO_TRIGGERED_BUFFER
is not set (bsc#1012628).
- iio: adc: at91-sama5d2: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (bsc#1012628).
- iio: adc: hx711: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (bsc#1012628).
- iio: adc: mxs-lradc: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (bsc#1012628).
- iio: adc: ti-ads8688: Fix alignment of buffer in
iio_push_to_buffers_with_timestamp() (bsc#1012628).
- iio: magn: rm3100: Fix alignment of buffer in
iio_push_to_buffers_with_timestamp() (bsc#1012628).
- iio: light: vcnl4000: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (bsc#1012628).
- ASoC: fsl_spdif: Fix error handler with pm_runtime_enable
(bsc#1012628).
- staging: gdm724x: check for buffer overflow in
gdm_lte_multi_sdu_pkt() (bsc#1012628).
- staging: gdm724x: check for overflow in gdm_lte_netif_rx()
(bsc#1012628).
- staging: rtl8712: fix error handling in r871xu_drv_init
(bsc#1012628).
- staging: rtl8712: fix memory leak in rtl871x_load_fw_cb
(bsc#1012628).
- coresight: core: Fix use of uninitialized pointer (bsc#1012628).
- staging: mt7621-dts: fix pci address for PCI memory range
(bsc#1012628).
- usb: phy: tegra: Wait for VBUS wakeup status deassertion on
suspend (bsc#1012628).
- usb: phy: tegra: Correct definition of B_SESS_VLD_WAKEUP_EN bit
(bsc#1012628).
- serial: 8250: Actually allow UPF_MAGIC_MULTIPLIER baud rates
(bsc#1012628).
- iio: light: vcnl4035: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (bsc#1012628).
- iio: prox: isl29501: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (bsc#1012628).
- ASoC: cs42l42: Correct definition of CS42L42_ADC_PDN_MASK
(bsc#1012628).
- of: Fix truncation of memory sizes on 32-bit platforms
(bsc#1012628).
- mtd: rawnand: marvell: add missing clk_disable_unprepare()
on error in marvell_nfc_resume() (bsc#1012628).
- habanalabs: Fix an error handling path in 'hl_pci_probe()'
(bsc#1012628).
- scsi: mpt3sas: Fix error return value in _scsih_expander_add()
(bsc#1012628).
- soundwire: stream: Fix test for DP prepare complete
(bsc#1012628).
- phy: uniphier-pcie: Fix updating phy parameters (bsc#1012628).
- phy: ti: dm816x: Fix the error handling path in
'dm816x_usb_phy_probe() (bsc#1012628).
- extcon: sm5502: Drop invalid register write in sm5502_reg_data
(bsc#1012628).
- extcon: max8997: Add missing modalias string (bsc#1012628).
- powerpc/powernv: Fix machine check reporting of async store
errors (bsc#1012628).
- ASoC: atmel-i2s: Set symmetric sample bits (bsc#1012628).
- ASoC: atmel-i2s: Fix usage of capture and playback at the same
time (bsc#1012628).
- ASoC: fsl_xcvr: disable all interrupts when suspend happens
(bsc#1012628).
- configfs: fix memleak in configfs_release_bin_file
(bsc#1012628).
- ASoC: Intel: sof_sdw: add SOF_RT715_DAI_ID_FIX for AlderLake
(bsc#1012628).
- ASoC: fsl_spdif: Fix unexpected interrupt after suspend
(bsc#1012628).
- leds: as3645a: Fix error return code in as3645a_parse_node()
(bsc#1012628).
- leds: ktd2692: Fix an error handling path (bsc#1012628).
- selftests/ftrace: fix event-no-pid on 1-core machine
(bsc#1012628).
- selftests/sgx: remove checks for file execute permissions
(bsc#1012628).
- staging: rtl8723bs: Fix an error handling path (bsc#1012628).
- serial: 8250: 8250_omap: Fix possible interrupt storm on K3 SoCs
(bsc#1012628).
- powerpc: Offline CPU in stop_this_cpu() (bsc#1012628).
- powerpc/papr_scm: Properly handle UUID types and API
(bsc#1012628).
- powerpc/64s: Fix copy-paste data exposure into newly created
tasks (bsc#1012628).
- powerpc/papr_scm: Make 'perf_stats' invisible if perf-stats
unavailable (bsc#1012628).
- powerpc: Fix is_kvm_guest() / kvm_para_available()
(bsc#1012628).
- ALSA: firewire-lib: Fix 'amdtp_domain_start()' when no
AMDTP_OUT_STREAM stream is found (bsc#1012628).
- serial: mvebu-uart: do not allow changing baudrate when uartclk
is not available (bsc#1012628).
- serial: mvebu-uart: correctly calculate minimal possible
baudrate (bsc#1012628).
- arm64: dts: marvell: armada-37xx: Fix reg for standard variant
of UART (bsc#1012628).
- powerpc/64s: fix hash page fault interrupt handler
(bsc#1012628).
- powerpc/64s/interrupt: preserve regs->softe for NMI interrupts
(bsc#1012628).
- vfio/pci: Handle concurrent vma faults (bsc#1012628).
- mm/huge_memory.c: remove dedicated macro HPAGE_CACHE_INDEX_MASK
(bsc#1012628).
- mm/huge_memory.c: add missing read-only THP checking in
transparent_hugepage_enabled() (bsc#1012628).
- mm/huge_memory.c: don't discard hugepage if other processes
are mapping it (bsc#1012628).
- hugetlb: remove prep_compound_huge_page cleanup (bsc#1012628).
- mm/z3fold: fix potential memory leak in z3fold_destroy_pool()
(bsc#1012628).
- mm/z3fold: use release_z3fold_page_locked() to release locked
z3fold page (bsc#1012628).
- mm: migrate: fix missing update page_private to
hugetlb_page_subpool (bsc#1012628).
- mm/zswap.c: fix two bugs in zswap_writeback_entry()
(bsc#1012628).
- kfence: unconditionally use unbound work queue (bsc#1012628).
- lib/math/rational.c: fix divide by zero (bsc#1012628).
- selftests/vm/pkeys: fix alloc_random_pkey() to make it really,
really random (bsc#1012628).
- selftests/vm/pkeys: handle negative sys_pkey_alloc() return code
(bsc#1012628).
- selftests/vm/pkeys: refill shadow register after implicit
kernel write (bsc#1012628).
- perf llvm: Return -ENOMEM when asprintf() fails (bsc#1012628).
- i2c: mpc: Restore reread of I2C status register (bsc#1012628).
- csky: syscache: Fixup duplicate cache flush (bsc#1012628).
- exfat: handle wrong stream entry size in exfat_readdir()
(bsc#1012628).
- scsi: megaraid_sas: Send all non-RW I/Os for TYPE_ENCLOSURE
device through firmware (bsc#1012628).
- scsi: fc: Correct RHBA attributes length (bsc#1012628).
- scsi: target: cxgbit: Unmap DMA buffer before calling
target_execute_cmd() (bsc#1012628).
- scsi: lpfc: Fix unreleased RPIs when NPIV ports are created
(bsc#1012628).
- scsi: lpfc: Fix Node recovery when driver is handling
simultaneous PLOGIs (bsc#1012628).
- scsi: libfc: Correct the condition check and invalid argument
passed (bsc#1012628).
- mailbox: qcom-ipcc: Fix IPCC mbox channel exhaustion
(bsc#1012628).
- fscrypt: don't ignore minor_hash when hash is 0 (bsc#1012628).
- fscrypt: fix derivation of SipHash keys on big endian CPUs
(bsc#1012628).
- tpm: Replace WARN_ONCE() with dev_err_once() in tpm_tis_status()
(bsc#1012628).
- erofs: fix error return code in erofs_read_superblock()
(bsc#1012628).
- block: return the correct bvec when checking for gaps
(bsc#1012628).
- io_uring: fix blocking inline submission (bsc#1012628).
- io_uring: add IOPOLL and reserved field checks to
IORING_OP_RENAMEAT (bsc#1012628).
- io_uring: add IOPOLL and reserved field checks to
IORING_OP_UNLINKAT (bsc#1012628).
- mmc: block: Disable CMDQ on the ioctl path (bsc#1012628).
- mmc: vub3000: fix control-request direction (bsc#1012628).
- media: exynos4-is: remove a now unused integer (bsc#1012628).
- scsi: core: Retry I/O for Notify (Enable Spinup) Required error
(bsc#1012628).
- crypto: qce - fix error return code in
qce_skcipher_async_req_handle() (bsc#1012628).
- s390: preempt: Fix preempt_count initialization (bsc#1012628).
- sched: Stop PF_NO_SETAFFINITY from being inherited by various
init system threads (bsc#1012628).
- cred: add missing return error code when set_cred_ucounts()
failed (bsc#1012628).
- iommu/dma: Fix compile warning in 32-bit builds (bsc#1012628).
- powerpc/preempt: Don't touch the idle task's preempt_count
during hotplug (bsc#1012628).
- Update config files.
WWAN_CORE is gone by 89212e160b81.
PSTORE_BLK is broken by d07f3b081ee6.
- commit 89416ca
++++ harfbuzz:
- Update to version 2.8.2:
+ Shaping LTR digits for RTL scripts now makes the native
direction of the digits LTR, applying shaping and positioning
rules on the same glyph order as Uniscribe
+ Subsetting COLR v1 and CPAL tables is now supported
+ Various fixes and improvements to the subsetter
+ When applying morx table, mark glyph widths should not be zeroed
+ GPOS is preferred over kerx, if GSUB was applied
+ Regional_Indicator pairs are grouped together when clustering
++++ tpm2-0-tss:
- Clean spec file
- Add new library libtss2-tcti-pcap0
- Update to 3.1.0:
* Fix FAPI PolicyPCR not instatiating correctly (CVE-2020-24455)
* Fixed possible access outside the array in ifapi_calculate_tree
* Added pcap TCTI
* Added GlobalSign TPM Root CA certs to FAPI cert store
* Changed EncryptDecrypt mode type to align with TPM2.0 spec 1.59
* Added two new TPM commands TPM2_CC_CertifyX509,
and TPM2_CC_ACT_SetTimeout
------------------------------------------------------------------
------------------ 2021-7-13 - Jul 13 2021 -------------------
------------------------------------------------------------------
++++ lvm2-device-mapper:
- lvm2: double free or corruption with invalid LVM_SYSTEM_DIR breaks guestfs-tools (bsc#1188141)
+ bug-1188141_toolcontext-fix-double-free-core-dumped-issue.patch
- replace exist patch with bug fixed patches
- (remove) fate-31841_fsadm-add-support-for-btrfs.patch
+ (add) fate-31841-01_fsadm-add-support-to-resize-check-btrfs-filesystem.patch
+ (add) fate-31841-02_man-add-support-for-btrfs.patch
+ (add) fate-31841-03_tests-new-test-suite-of-fsadm-for-btrfs.patch
++++ health-checker:
- Added /usr/local/libexec/health-checker for user defined plugins.
++++ lvm2:
- lvm2: double free or corruption with invalid LVM_SYSTEM_DIR breaks guestfs-tools (bsc#1188141)
+ bug-1188141_toolcontext-fix-double-free-core-dumped-issue.patch
- replace exist patch with bug fixed patches
- (remove) fate-31841_fsadm-add-support-for-btrfs.patch
+ (add) fate-31841-01_fsadm-add-support-to-resize-check-btrfs-filesystem.patch
+ (add) fate-31841-02_man-add-support-for-btrfs.patch
+ (add) fate-31841-03_tests-new-test-suite-of-fsadm-for-btrfs.patch
++++ nfs-utils:
- Update to version 2.5.4
https://mirrors.edge.kernel.org/pub/linux/utils/nfs-utils/2.5.4/2.5.4-Changelog
Notable changes:
* Handle failures in gssd better
* handle 'sloppy' option to mount better
* minor documentation improvements
- Drop 2.5.4-rc4 patches: nfs-utils-2-5-4-rc1.patch, nfs-utils-2-5-4-rc2.patch,
nfs-utils-2-5-4-rc3.patch, nfs-utils-2-5-4-rc4.patch.
++++ pango:
- Add 3ff6365.patch, reverse applied: fix build of e.g. g-c-c. This
commit introduced a requirement to run X.
++++ libproxy:
- Do no longer BuildRequire libmodman-devel: libproxy 0.4.17 was
changed upstream to only support to internal version (no other
consumer of libmodman exists).
- No longer pass -DFORCE_SYSTEM_LIBMODMAN=ON to cmake: not
understood anymore (boo#1188265).
++++ snappy:
- Update to 1.1.9:
* Performance improvements
- Add fix-always-inline.patch
- Add use-system-test-libs.patch
- Add a hardcoded snappy.pc file
++++ pam:
- revert-check_shadow_expiry.diff: revert wrong
CRYPT_SALT_METHOD_LEGACY check.
++++ patterns-base:
- Suggest libjack-devel so it's preferred to
pipewire-libjack-0_3-devel since both provide pkgconfig(jack).
++++ python-urllib3:
- update to 1.26.6
* Deprecated the urllib3.contrib.ntlmpool module.
* Changed HTTPConnection.request_chunked() to not erroneously emit multiple
Transfer-Encoding headers in the case that one is already specified.
* Fixed typo in deprecation message to recommend Retry.DEFAULT_ALLOWED_METHODS.
------------------------------------------------------------------
------------------ 2021-7-12 - Jul 12 2021 -------------------
------------------------------------------------------------------
++++ ansible:
- If building with Python 3, change the shebang of the test scripts
shipped in ansible-test to be /usr/bin/python3.
++++ btrfsprogs:
- Update to 5.13
* restore: remove loop checks for extent count and directory scan
* inspect dump-tree: new options to print node (--csum-headers) and data
checksums (--csum-items)
* fi usage:
* print stripe count for striped profiles
* print zoned information: size, total unusable
* mkfs: print note about sha256 accelerated module loading issue
* check: ability to reset dev_item::bytes_used
* fixes
* detect zoned kernel support at run time too
* exclusive op running check return value
* fi resize: support cancel (kernel 5.14)
* device remove: support cancel (kernel 5.14)
* documentation about general topics
* compression
* zoned mode
* storage model
* hardware considerations
* other
* libbtrfsutil API overview
* help text fixes and updates
* hash speedtest measure time, cycles using perf and print throughput
++++ kernel-default:
- Update to 5.14-rc1
- eliminated 13 patches (3 stable, 9 mainline, 1 obsolete SUSE)
- patches.kernel.org/5.13.1-001-Revert-KVM-x86-mmu-Drop-kvm_mmu_extended_role..patch
- patches.kernel.org/5.13.1-002-mm-page_alloc-correct-return-value-of-populate.patch
- patches.kernel.org/5.13.1-003-Linux-5.13.1.patch
- patches.rpmify/scripts-mkmakefile-honor-second-argument.patch
- patches.suse/ACPI-PM-s2idle-Add-missing-LPS0-functions-for-AMD.patch
- patches.suse/ACPI-processor-idle-Fix-up-C-state-latency-if-not-or.patch
- patches.suse/Bluetooth-btqca-Don-t-modify-firmware-contents-in-pl.patch
- patches.suse/Input-elants_i2c-Fix-NULL-dereference-at-probing.patch
- patches.suse/brcmfmac-Add-clm_blob-firmware-files-to-modinfo.patch
- patches.suse/brcmfmac-Delete-second-brcm-folder-hierarchy.patch
- patches.suse/crypto-ccp-Annotate-SEV-Firmware-file-names.patch
- patches.suse/pinctrl-bcm2835-accept-fewer-than-expected-irqs.patch
- patches.suse/proc-Avoid-mixing-integer-types-in-mem_rw.patch
- refresh
- patches.suse/add-product-identifying-information-to-vmcoreinfo.patch
- patches.suse/dm-table-switch-to-readonly
- patches.suse/kernel-add-product-identifying-information-to-kernel-build.patch
- patches.suse/kernel-add-release-status-to-kernel-build.patch
- patches.suse/supported-flag
- disable ARM architectures (need config update)
- new config options
- General setup
- SCHED_CORE=y
- Power management and ACPI options
- ACPI_PRMT=y
- TPS68470_PMIC_OPREGION=y
- Block layer
- BLK_CGROUP_FC_APPID=y
- BLK_CGROUP_IOPRIO=y
- Networking support
- NETFILTER_NETLINK_HOOK=m
- File systems
- HUGETLB_PAGE_FREE_VMEMMAP_DEFAULT_ON=n
- Security options
- IMA_DISABLE_HTABLE=n
- Kernel hacking
- STACKTRACE_BUILD_ID=y
- DEBUG_FORCE_FUNCTION_ALIGN_64B=n
- OSNOISE_TRACER=y
- TIMERLAT_TRACER=y
- TEST_SCANF=n
- TEST_CLOCKSOURCE_WATCHDOG=n
- PCI support
- CXL_ACPI=m
- CXL_PMEM=m
- SCSI device support
- SCSI_MPI3MR=m
- SCSI_EFCT=m
- Network device support
- DWMAC_LOONGSON=m
- MEDIATEK_GE_PHY=m
- MOTORCOMM_PHY=m
- WWAN_HWSIM=m
- RPMSG_WWAN_CTRL=m
- IOSM=m
- PHY_CAN_TRANSCEIVER=m
- INFINIBAND_IRDMA=m
- Hardware Monitoring support
- SENSORS_DPS920AB=m
- SENSORS_MP2888=m
- SENSORS_PIM4328=m
- SENSORS_SHT4x=m
- Voltage and Current Regulator Support
- REGULATOR_MAX8893=m
- REGULATOR_RT6160=m
- REGULATOR_RT6245=m
- REGULATOR_RT4831=m
- Graphics support
- HSA_AMD_SVM=y
- DRM_SIMPLEDRM=m
- DRM_HYPERV=m
- FB_SSD1307=m
- BACKLIGHT_RT4831=m
- Sound card support
- SND_SOC_INTEL_SOF_CS42L42_MACH=m
- SND_SOC_TFA989X=n
- SND_SOC_WCD938X_SDW=n
- X86 Platform Specific Device Drivers
- DELL_WMI_PRIVACY=y
- WIRELESS_HOTKEY=m
- THINKPAD_LMI=m
- X86_PLATFORM_DRIVERS_INTEL=y
- INTEL_SKL_INT3472=m
- Common Clock Framework
- ICST=n
- CLK_SP810=n
- LMK04832=m
- IOMMU Hardware Support
- VIRTIO_IOMMU=m
- Industrial I/O support
- FXLS8962AF_I2C=n
- FXLS8962AF_SPI=n
- SCA3300=n
- TI_TSC2046=n
- SPS30_I2C=n
- SPS30_SERIAL=n
- IIO_ST_LSM9DS0=n
- TSL2591=n
- TMP117=n
- Misc devices
- MTD_MCHP48L640=n
- JOYSTICK_QWIIC=m
- XILLYUSB=m
- GPIO_TPS68470=n
- BATTERY_RT5033=m
- WATCHDOG_HRTIMER_PRETIMEOUT=y
- MFD_RT4831=m
- VIDEO_IMX208=m
- LEDS_LT3593=m
- RESET_MCHP_SPARX5=n
- OF dependent (i386, ppc64 / ppc64le, riscv64)
- MFD_QCOM_PM8008=n
- DRM_ITE_IT66121=n
- DRM_TI_SN65DSI83=n
- i386
- DRM_CROS_EC_ANX7688=n
- ppc64 / ppc64le
- STRICT_MODULE_RWX=y
- PPC_RFI_SRR_DEBUG=n
- ppc64
- PS3_VERBOSE_RESULT=n
- s390x
- SPARX5_SWITCH=m
- RESET_TI_SYSCON=n
- riscv64
- PHYS_RAM_BASE=0x80000000 (default)
- VMAP_STACK=y
- TRANSPARENT_HUGEPAGE=y
- READ_ONLY_THP_FOR_FS=y
- SND_SOC_RK817=n
- SND_SOC_RT5640=m
- POLARFIRE_SOC_MAILBOX=m
- DEV_DAX=m
- STACK_HASH_ORDER=20 (default)
- KFENCE=y
- KFENCE_STATIC_KEYS=y
- KFENCE_SAMPLE_INTERVAL=0 (other archs, see bsc#1185565)
- KFENCE_NUM_OBJECTS=255 (default)
- KFENCE_STRESS_TEST_FAULTS=0 (default)
- commit 34fe32a
- Revert "UsrMerge the kernel (boo#1184804)"
This reverts commit 6f5ed044f52ae3de78db9492d404f9c88d29b938 as it still
breaks in MicroOS. This time, selinux policies forbid accessing
sysctl.conf which is now moved from /boot to /usr/lib.
- Revert "UsrMerge the kernel (boo#1184804)"
This reverts commit 6f5ed044f52ae3de78db9492d404f9c88d29b938 as it:
1) breaks installation in Leap/SLE -- no initrd is generated.
2) breaks installation-images -- expecting kernel in /boot and modules
in /lib.
- commit 999e604
++++ ncurses:
- Add ncurses patch 20210710
+ improve history section for tset manpage based on the 1BSD tarball,
which preceded BSD's SCCS checkins by more than three years.
+ improve CF_XOPEN_CURSES macro used in test/configure (report by Urs
Jansen).
+ further improvement of libtool configuration, adding a dependency of
the install.tic rule, etc., on the library in the build-tree.
+ update config.sub
++++ sudo:
- Fix commented out "Defaults env_keep" in sudo-sudoers.patch
- Fix LC_TIME incorrectly named LC_ATIME
------------------------------------------------------------------
------------------ 2021-7-11 - Jul 11 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- config: riscv64: enable DRM_I2C_NXP_TDA998X
This also selects SND_SOC_HDMI_CODEC, SND_PCM_ELD, SND_PCM_IEC958.
- commit d56d022
- config: riscv64: enable MFD_TPS65086
Also enable the related drivers GPIO_TPS65086 and REGULATOR_TPS65086.
- commit ce26f32
++++ libdrm:
- Update to version 2.4.107:
* amdgpu: update marketing names
* tests/amdgpu: Fix valgrind warning
* test/amdgpu: Add helper functions for hot unplug
* test/amdgpu/hotunplug: Add test suite for GPU unplug
* tests/amdgpu/hotunplug: Add unplug with cs test.
* tests/amdgpu/hotunplug: Add hotunplug with exported bo test
* tests/amdgpu/hotunplug: Add hotunplug with exported fence
* amdgpu: Add vamgr for capture/replay.
* include <sys/types.h> in xf86drmMode when the OS is FreeBSD
* _WANT_KERNEL_ERRNO must be defined in FreeBSD for ERESTART to be used
* Conditionally include <linux/limits.h> and <sys/params.h> on Linux, BSD
* Revert "tests/amdgpu: fix bo eviction test issue"
* xf86drm: Add a human readable representation for format modifiers
* xf86drm: Add a vendor function to decode the format modifier
* xf86drm: Add support for decoding Nvidia format modifiers
* xf86drm: Add support for decoding AMD format modifiers
* xf86drm: Add support for decoding AMLOGIC format modifiers
* README.rst: Include some notes about syncing uapi headers
* amdgpu: Added product name for E9390,E9560 and E9565 dgpu
* intel: Add support for ADLP
------------------------------------------------------------------
------------------ 2021-7-10 - Jul 10 2021 -------------------
------------------------------------------------------------------
++++ llvm15:
- Update to version 12.0.1.
* This release contains bug-fixes for the LLVM 12.0.0 release.
This release is API and ABI compatible with 12.0.0.
- Rebase llvm-do-not-install-static-libraries.patch.
- Drop obsolete patches:
* clangd-cmake-non-standard-layout.patch
* compiler-rt-Remove-cyclades-inclusion-in-sanitizer.patch
* lld-no-version-on-undefined-weak-lazy-symbols.patch
++++ mozilla-nss:
- update to NSS 3.66
* no releasenotes available yet
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.66_release_notes
- update to NSS 3.65
* bmo#1709654 - Update for NetBSD configuration.
* bmo#1709750 - Disable HPKE test when fuzzing.
* bmo#1566124 - Optimize AES-GCM for ppc64le.
* bmo#1699021 - Add AES-256-GCM to HPKE.
* bmo#1698419 - ECH -10 updates.
* bmo#1692930 - Update HPKE to final version.
* bmo#1707130 - NSS should use modern algorithms in PKCS#12 files by default.
* bmo#1703936 - New coverity/cpp scanner errors.
* bmo#1697303 - NSS needs to update it's csp clearing to FIPS 180-3 standards.
* bmo#1702663 - Need to support RSA PSS with Hashing PKCS #11 Mechanisms.
* bmo#1705119 - Deadlock when using GCM and non-thread safe tokens.
- refreshed patches
- Firefox 90.0 requires NSS 3.66
++++ makedumpfile:
- Update to 1.6.9
* Add initial mips64 support
* Support newer kernels up to v5.12
* x86_64: fix a use-after-free bug in -e option
* arm64: support flipped VA and 52-bit kernel VA
* Add shorthand --show-stats option to show report stats
* Add --dry-run option to prevent writing the dumpfile
* printk: add support for lockless ringbuffer
- Fix rpmlintrc to not be version agnostic
- Refresh makedumpfile-override-libtinfo.patch
- Drop upstream merged
* makedumpfile-printk-add-support-for-lockless-ringbuffer.patch
* makedumpfile-printk-use-committed-finalized-state-value.patch
* makedumpfile-use-uts_namespace.name-offset-VMCOREINFO.patch
* makedumpfile-1-3-Use-vmcoreinfo-note-in-proc-kcore-for-mem-.patch
* makedumpfile-2-3-arm64-Make-use-of-NUMBER-VA_BITS-in-vmcore.patch
* makedumpfile-3-3-arm64-support-flipped-VA-and-52-bit-kernel.patch
------------------------------------------------------------------
------------------ 2021-7-9 - Jul 9 2021 -------------------
------------------------------------------------------------------
++++ gtk3:
- Update to version 3.24.30:
+ Input:
- Ignore NoSymbol key events (happens with some XKB options).
- Fix incomplete reset in some cases.
+ GtkEmojiChooser:
- Update data from CLDR 39.
- Support translated keywords for multiple languages.
- Allow inserting multiple Emoji with Ctrl.
- Match keywords for search.
- Fix a memory leak.
+ GtkFileChooser: Accessibility improvements.
+ GtkTreeView:
- Fix an accessibility-related memory leak.
- Fix assertion failures in some cases.
+ Printing: Remove the Google Cloud Print backend, since the
service was shut down.
+ Wayland: Work with pointer-gestures v1 protocol.
+ Updated translations.
++++ kernel-default:
- arm64: Update config files. (bsc#1187589)
Enable PL330 DMA controller.
- commit 0cb8827
- rpm/kernel-binary.spec.in: Remove zdebug define used only once.
- commit 85a9fc2
++++ at-spi2-core:
- Update to version 2.40.3
+ Bugfix: Use abstract sockets if libdbus is older than 1.12.0
++++ libeconf:
- Update to version 0.4.1+git20210709.cf671f2:
* CMake fixes regarding installation of econftool and man pages.
++++ python-Jinja2:
- clean up single-spec: Remove python2 remnants
++++ ovmf:
- Add ovmf-fix-xen-s3-detection.patch to fix the S3 detection in
ovmf-xen
- Add ovmf-xen-add-qemu-kernel-loader-fs.patch to add
QemuKernelLoaderFsDxe to ovmf-xen to load kernel from qemu fw_cfg
------------------------------------------------------------------
------------------ 2021-7-8 - Jul 8 2021 -------------------
------------------------------------------------------------------
++++ hwdata:
- Update to version 0.349 (bsc#1187948):
+ Updated pci, usb and vendor ids.
++++ kernel-default:
- Update config files (boo#1187824).
CRYPTO_FIPS=y
CRYPTO_MANAGER_DISABLE_TESTS=n
- commit c81d16b
- kernel-binary.spec: Exctract s390 decompression code (jsc#SLE-17042).
- commit 7f97df2
- rpm/config.sh: Build on s390.
- commit 641dff8
- kernel-binary.spec: Fix up usrmerge for non-modular kernels.
- commit d718cd9
- Linux 5.13.1 (bsc#1012628).
- Revert "KVM: x86/mmu: Drop kvm_mmu_extended_role.cr4_la57 hack"
(bsc#1012628).
- commit bfd7864
++++ libeconf:
- Update to version 0.4.0+git20210708.6918ea1:
* Fixed covscan FORWARD_NULL_issues warnings
++++ ceph:
- Update to 16.2.5-29-g97c2c82c2f5:
+ rebased on top of upstream commit SHA1 0883bdea7337b95e4b611c768c0279868462204a
upstream 16.2.5 release
https://ceph.io/releases/v16-2-5-pacific-released/
+ cherry-pick fix for bsc#1188111:
* include/denc: include used header
* mon,osd: always init local variable
* common/Formatter: include used header
++++ systemd:
- Added patches to fix CVE-2021-33910 (bsc#1188063)
Added 1001-unit-name-generate-a-clear-error-code-when-convertin.patch
Added 1002-basic-unit-name-do-not-use-strdupa-on-a-path.patch
Added 1003-basic-unit-name-adjust-comments.patch
These patches will be moved to the git repo once the bug will become
public.
++++ lsof:
- Update to 4.94.0:
* Fix various bugs
* Display more information for eventfd and other objects
- Remove lsof-glibc-linux-5.0.patch as it has been fixed upstream
- Remove lsof_4.81-include.patch as it is not needed anymore
- Remove lsof_4.81-perl.patch as this change is now done inside the spec file
- Remove lsof_4.81-fmt.patch as it is not needed anymore
++++ mdevctl:
- Update to version 0.81:
* Automatic version commit for tag 0.81
* Fix define from jsonfile
++++ salt:
- Handle "master tops" data when states are applied by "transactional_update" (bsc#1187787)
- Enhance openscap module: add "xccdf_eval" call
- Added:
* enhance-openscap-module-add-xccdf_eval-call-386.patch
* handle-master-tops-data-when-states-are-applied-by-t.patch
++++ timezone:
- Install tzdata.zi (bsc#1188127)
++++ tpm2.0-tools:
- prepare running the test suite via %check, but leave it commented out,
because it is broken due to LTO linking.
------------------------------------------------------------------
------------------ 2021-7-7 - Jul 7 2021 -------------------
------------------------------------------------------------------
++++ containerd:
- Build with go1.15 for reproducible build results (boo#1102408)
++++ kernel-default:
- config: riscv64: enable MFD_DA9063
Also enable the related drivers DA9063_WATCHDOG, REGULATOR_DA9063,
RTC_DRV_DA9063.
- commit 40fb687
++++ kernel-firmware:
- Update to version 20210629 (git commit d79c26779d45):
* amdgpu: update vcn firmware for green sardine for 21.20
* amdgpu: update vcn firmware for renoir for 21.20
* amdgpu: update vcn firmware for navi14 for 21.20
* amdgpu: update vcn firmware for navi12 for 21.20
* amdgpu: update vcn firmware for navi10 for 21.20
* amdgpu: add initial dimgrey cavefish firmware from 21.20
* amdgpu: update sienna cichlid firmware from 21.20
* amdgpu: update vega20 firmware from 21.20
* amdgpu: update Picasso firmware from 21.20
* amdgpu: update navi14 firmware from 21.20
* amdgpu: update green sardine firmware from 21.20
* amdgpu: update vega12 firmware from 21.20
* amdgpu: update navi12 firmware from 21.20
* amdgpu: update vega10 firmware from 21.20
* amdgpu: update renoir firmware from 21.20
* amdgpu: update navi10 firmware from 21.20
* amdgpu: update raven2 firmware from 21.20
* amdgpu: update arcturus firmware from 21.20
* amdgpu: update raven firmware from 21.20
* amdgpu: update navy flounder firmware from 21.20
* linux-firmware: Update firmware file for Intel Bluetooth AX210
* linux-firmware: Update firmware file for Intel Bluetooth AX200
* linux-firmware: Update firmware file for Intel Bluetooth AX201
* rtl_bt: Update RTL8852A BT USB firmware to 0xD9A8_A0CD
* linux-firmware: update firmware for MT7921 WiFi device to 20210612122753
* rtl_bt: Update RTL8822C BT(UART I/F) FW to 0x05A8_C6B4
* QCA: Update Bluetooth firmware for QCA6174
- Add missing CA0132 firmware files into kernel-firmware-sound
(boo#1187825)
- Update aliases
++++ libeconf:
- Update to version 0.4.0+git20210707.537a8a:
* Fixed resource leaks found by Iker Pedrosa.
++++ gpgme:
- gpgme 1.16.0:
* New context flag "cert-expire"
* New data flags "io-buffer-size" and "sensitive"
* cpp,qt: Add support for trust signatures
* qt: Add support for flags in LDAP server options
* qt: Fix too high memory consumption due to QProcess
* qt: Do not set empty base DN as query of keyserver URL
* qt: Extend SignKeyJob to create signatures with expiration date
* python: New optional parameter filter_signatures for decrypt
- run all tests again
- add patches to fix tests:
* gpgme-1.16.0-Use-after-free-in-t-edit-sign-test.patch
* gpgme-1.16.0-t-various-testSignKeyWithExpiration-32-bit.patch
++++ polkit:
- Move /etc/polkit-1/rules.d/50-default.rules to
/usr/share/polkit-1/rules.d/50-default.rules. The first location
is only for admin changes.
++++ libvirt:
- virtlockd: Don't report error if lockspace exists
de1e0ae0-lockd-no-error-if-lockspace.patch
bsc#1184253
------------------------------------------------------------------
------------------ 2021-7-6 - Jul 6 2021 -------------------
------------------------------------------------------------------
++++ less:
- Fix build on Leap:
Account for distinction in confdir after UsrMerge.
++++ xxhash:
- add patch xxhash-avoid-armv6-unaligned-access.patch
do not expect unaligned accesses to work on armv6, it breaks
in our build setup using aarch64 kernels
++++ salt:
- virt: pass emulator when getting domain capabilities from libvirt
- Adding preliminary support for Rocky Linux
- Implementation of held/unheld functions for state pkg (bsc#1187813)
- Added:
* implementation-of-held-unheld-functions-for-state-pk.patch
* adding-preliminary-support-for-rocky.-59682-391.patch
* virt-pass-emulator-when-getting-domain-capabilities-.patch
++++ selinux-policy:
- Add tabrmd SELinux modules from upstream (bsc#1187925)
https://github.com/tpm2-software/tpm2-abrmd/tree/master/selinux
- Automatic spec-cleaner to fix ordering and misaligned spaces
------------------------------------------------------------------
------------------ 2021-7-5 - Jul 5 2021 -------------------
------------------------------------------------------------------
++++ ca-certificates-mozilla:
- updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006)
Added CAs:
* AC RAIZ FNMT-RCM SERVIDORES SEGUROS
* ANF Secure Server Root CA
* Certum EC-384 CA
* Certum Trusted Root CA
* GlobalSign Root E46
* GlobalSign Root R46
* GlobalSign Secure Mail Root E45
* GlobalSign Secure Mail Root R45
* GLOBALTRUST 2020
Removed CAs:
* GeoTrust Primary Certification Authority - G2
* QuoVadis Root Certification Authority
* Sonera Class2 CA
* Trustis FPS Root CA
* VeriSign Universal Root Certification Authority
++++ kernel-default:
- update upstream references
- update upstream references of patches added in 5.14 merge window:
- patches.suse/pinctrl-bcm2835-accept-fewer-than-expected-irqs.patch
- patches.suse/proc-Avoid-mixing-integer-types-in-mem_rw.patch
- commit 9510801
++++ ncurses:
- Add ncurses patch 20210703
+ amend libtool configuration to add dependency for install.tic, etc.,
in ncurses/Makefile on the lower-level libraries.
+ modify configure script to support ".PHONY" make program feature.
- Correct offsets of patch ncurses-6.2.dif
- Update tack to 1.09-20210619
+ Fix scan-build warning about unused assignment
+ Autoconf fixes
++++ openssl-3:
- Update to 3.0.0 Beta 1
* Add a configurable flag to output date formats as ISO 8601.
Does not change the default date format.
* Version of MSVC earlier than 1300 could get link warnings, which
could be suppressed if the undocumented -DI_CAN_LIVE_WITH_LNK4049
was set. Support for this flag has been removed.
* Rework and make DEBUG macros consistent. Remove unused
- DCONF_DEBUG, -DBN_CTX_DEBUG, and REF_PRINT. Add a new tracing
category and use it for printing reference counts. Rename
- DDEBUG_UNUSED to -DUNUSED_RESULT_DEBUG. Fix BN_DEBUG_RAND so it
compiles and, when set, force DEBUG_RAND to be set also. Rename
engine_debug_ref to be ENGINE_REF_PRINT also for consistency.
* The public definitions of conf_method_st and conf_st have been
deprecated. They will be made opaque in a future release.
* Many functions in the EVP_ namespace that are getters of values
from implementations or contexts were renamed to include get or
get0 in their names. Old names are provided as macro aliases for
compatibility and are not deprecated.
* PKCS#5 PBKDF1 key derivation has been moved from PKCS5_PBE_keyivgen()
into the legacy crypto provider as an EVP_KDF. Applications requiring
this KDF will need to load the legacy crypto provider. This includes
these PBE algorithms which use this KDF:
- NID_pbeWithMD2AndDES_CBC - NID_pbeWithMD5AndDES_CBC
- NID_pbeWithSHA1AndRC2_CBC - NID_pbeWithMD2AndRC2_CBC
- NID_pbeWithMD5AndRC2_CBC - NID_pbeWithSHA1AndDES_CBC
* Deprecated obsolete BIO_set_callback(), BIO_get_callback(), and
BIO_debug_callback() functions.
- Fix build on ppc and ppc64
* Add openssl-ppc64-fix-build.patch
* See https://github.com/openssl/openssl/issues/15923
++++ pango:
- Update to version 1.48.7:
+ Fix a thread-safety issue in fontmap initialization.
+ Small documentation improvements.
++++ libsepol:
- Fix use-after-free in __cil_verify_classperms (CVE-2021-36085, 1187965).
Added CVE-2021-36085.patch
- Fix use-after-free in cil_reset_classpermission (CVE-2021-36086, 1187964).
Added CVE-2021-36086.patch
++++ systemd:
- systemd-hwdb-update.service should be shipped by the udev package
++++ python-pyzmq:
- Update to 22.1.0
* New features:
- asyncio: experimental support for Proactor eventloop if
tornado 6.1 is available by running a selector in a
background thread.
* Fixes:
- Windows: fix type of socket.FD option in win-amd64
- asyncio: Cancel timers when using HWM with async Sockets
* Other changes:
- Windows: update bundled libzmq dll URLs for Windows. Windows
wheels no longer include concrt140.dll.
- adopt pre-commit for formatting, linting
- Increase memory constraint from 8000M to 9000M since build
sometimes fails with "Out of memory" errors.
++++ python-setuptools:
- Add patch to remove a dependency cycle between
python-more-itertools and python-setuptools (which requires the
former just for one simple function):
* remove-more-itertools-dependency-cycle.patch
++++ suse-module-tools:
- Update to version 16.0.6:
* modprobe.d: Remove dma=none setting for parport_pc
(bsc#1177695)
------------------------------------------------------------------
------------------ 2021-7-4 - Jul 4 2021 -------------------
------------------------------------------------------------------
++++ ca-certificates-mozilla:
- fix mozila typo in installed files
------------------------------------------------------------------
------------------ 2021-7-3 - Jul 3 2021 -------------------
------------------------------------------------------------------
++++ fmt:
- Update to version 8.0.1
* Fixed the version number in the inline namespace.
* Added a missing presentation type check for std::string.
* Fixed a linkage error when mixing code built with clang and
gcc.
* Fixed documentation issues.
* Removed dead code in FP formatter.
* Fixed various warnings and compilation issues.
++++ qemu:
- Fix qemu-supportconfig network-manager verification
------------------------------------------------------------------
------------------ 2021-7-2 - Jul 2 2021 -------------------
------------------------------------------------------------------
++++ llvm15:
- Add compiler-rt-Remove-cyclades-inclusion-in-sanitizer.patch:
Fix build with linux-glibc-devel 5.13.
++++ avahi:
- Add avahi-CVE-2021-3502.patch: fix NULL pointer crashes
(boo#1184846 CVE-2021-3502).
++++ procps:
- Skip test suite on emulated riscv64 systems as the qemu process
is unexpected on the command lines of processes
++++ ovmf:
- Add ovmf-xen-relocate-shared_info_page-map.patch to fix the
save/restore/migrate in ovmf-xen
------------------------------------------------------------------
------------------ 2021-7-1 - Jul 1 2021 -------------------
------------------------------------------------------------------
++++ Mesa:
- update to 21.1.4
* fourth bugfix release
++++ Mesa-drivers:
- update to 21.1.4
* fourth bugfix release
++++ chrony:
- boo#1187906: Consolidate all references to the helper script.
- bsc#1173760: MD5 is not available from mozilla-nss in FIPS mode,
but needed for calculating refids from IPv6 addresses as part of
the NTP protocol (rfc5905). As this is a non-cryptographic use of
MD5 we can use our own implementation without violating FIPS
rules: chrony-refid-internal-md5.patch .
++++ cryptsetup:
- cryptsetup 2.3.6:
* integritysetup: Fix possible dm-integrity mapping table truncation.
* cryptsetup: Backup header can be used to activate TCRYPT device.
Use --header option to specify the header.
* cryptsetup: Avoid LUKS2 decryption without detached header.
This feature will be added later and is currently not supported.
* Additional fixes and workarounds for common warnings produced
by some static analysis tools (like gcc-11 analyzer) and additional
code hardening.
* Fix standalone libintl detection for compiled tests.
* Add Blake2b and Blake2s hash support for crypto backends.
Kernel and gcrypt crypto backend support all variants.
OpenSSL supports only Blake2b-512 and Blake2s-256.
Crypto backend supports kernel notation e.g. "blake2b-512".
++++ kernel-default:
- kernel-binary.spec: Remove obsolete and wrong comment
mkmakefile is repleced by echo on newer kernel
- commit d9209e7
- update upstream references
- update upstream references of patches added in 5.14 merge window:
- patches.suse/ACPI-PM-s2idle-Add-missing-LPS0-functions-for-AMD.patch
- patches.suse/ACPI-processor-idle-Fix-up-C-state-latency-if-not-or.patch
- patches.suse/Bluetooth-btqca-Don-t-modify-firmware-contents-in-pl.patch
- patches.suse/brcmfmac-Add-clm_blob-firmware-files-to-modinfo.patch
- patches.suse/brcmfmac-Delete-second-brcm-folder-hierarchy.patch
- patches.suse/crypto-ccp-Annotate-SEV-Firmware-file-names.patch
- commit f094788
- Set CONFIG_SCSI_SNIC_DEBUG_FS=y (bsc#1158776 comment 19).
- commit d8e1777
- Set CONFIG_BLK_SED_OPAL=y on arm64 (bsc#1158776 comment 16).
- commit 59a8e8d
- Set CONFIG_SATA_ZPODD=y on arm64 (bsc#1158776 comment 14).
- commit aad226c
- Disable MANDATORY_FILE_LOCKING on arm and arm64 (bsc#1158776 comment 12).
- commit b10530c
- Disable 842 compression on arm64 (bsc#1158776 comment 11).
- commit 41a7837
- Set CONFIG_USB_CHAOSKEY=m on arm64 (bsc#1158776 comment 9).
- commit e652a59
- Set CONFIG_INET_DIAG_DESTROY=y on arm64 (bsc#1158776 comment 7).
- commit 1a13a0b
- Set CONFIG_SLAB_FREELIST_RANDOM=y on arm64 (bsc#1158776 comment 6).
- commit 75baa7c
- Disable CONFIG_PCCARD on arm64 (bsc#1158776 comment 2).
- commit 1c1f5ad
- mm/page_alloc: Correct return value of populated elements if
bulk array is populated (bsc#1187901).
- commit b48104a
++++ shadow:
- login.defs/MOTD_FILE: Use "" instead of blank entry [bsc#1187536]
- Add /etc/login.defs.d directory
++++ systemd:
- Finally don't create /run/lock/subsys anymore
This effectively reverts the fix for bsc#1187292 made earlier. This
directory is specific to RH sysvinit and since we're going to fade
the support of SysV init script away the directory has no future.
++++ libvirt:
- Update to libvirt 7.5.0
- security: Fix insecure sVirt label generation - CVE-2021-3631
bsc#1187871
- apparmor: Permit new capabilities required by libvirtd
boo#1186888
- Many incremental improvements and bug fixes, see
https://libvirt.org/news.html
- Dropped patches:
suse-apparmor-libnl-paths.patch
- supportconfig plugin improvements
++++ python-libvirt-python:
- Update to 7.5.0
- Add all new APIs and constants in libvirt 7.5.0
++++ python-requests:
- Skip test_pyopenssl_redirect due to gh#psf/requests#5846
++++ qemu:
- Fix stable issues found in upstream:
hmp-Fix-loadvm-to-resume-the-VM-on-succe.patch
hw-block-nvme-align-with-existing-style.patch
hw-nvme-fix-missing-check-for-PMR-capabi.patch
hw-nvme-fix-pin-based-interrupt-behavior.patch
linux-user-aarch64-Enable-hwcap-for-RND-.patch
qemu-config-load-modules-when-instantiat.patch
qemu-config-parse-configuration-files-to.patch
qemu-config-use-qemu_opts_from_qdict.patch
runstate-Initialize-Error-to-NULL.patch
target-i386-Exit-tb-after-wrmsr.patch
tcg-Allocate-sufficient-storage-in-temp_.patch
tcg-sparc-Fix-temp_allocate_frame-vs-spa.patch
vhost-vdpa-don-t-initialize-backend_feat.patch
vl-allow-not-specifying-size-in-m-when-u.patch
vl-Fix-an-assert-failure-in-error-path.patch
vl-plug-object-back-into-readconfig.patch
vl-plumb-keyval-based-options-into-readc.patch
x86-acpi-use-offset-instead-of-pointer-w.patch
- Update qemu-supportconfig plugin
++++ runc:
- Backport <https://github.com/opencontainers/runc/pull/3055> to fix issues
with runc under openSUSE MicroOS's SELinux policy. boo#1187704
+ boo1187704-0001-cgroupv2-ebpf-ignore-inaccessible-existing-programs.patch
++++ shim:
- Add shim-bsc1187696-avoid-deleting-rt-variables.patch to avoid
deleting the mirrored RT variables (bsc#1187696)
++++ suse-module-tools:
- Update to version 16.0.5
* moved config files to /usr/lib/modprobe.d and /usr/lib/depmod.d
* "modprobe $FS" for a blacklisted file system now offers to
unblacklist the module permanently
* disabled automatic un-blacklisting of filesystem modules loaded
at installation time
* added faster substitute for lsinitrd to speed up weak-modules2
* added README.md
* modprobe.conf cleanup
++++ zypper:
- Quick fix obs:// platform guessing for Leap (bsc#1187425)
- man: point out more clearly that patches update affected
packages to the latest version (bsc#1187466)
- version 1.14.47
------------------------------------------------------------------
------------------ 2021-6-30 - Jun 30 2021 -------------------
------------------------------------------------------------------
++++ NetworkManager:
- Update to version 1.32.2 (CVE-2020-13529):
+ hostname: prefer IPv4 addresses for reverse DNS lookup.
+ dhcp: ignore unauthenticated FORCERENEW messages with internal,
systemd-based DHCPv4 plugin (CVE-2020-13529). This plugin is
not used, unless the undocumented dhcp=systemd option was set.
+ cloud-setup: preserve IP addresses, routes and rules from
currently active connection profile.
+ Various bugfixes and performance improvements.
++++ pkgconf:
- Update to 1.7.4
+ Add PKG_CONFIG_DONT_DEFINE_PREFIX environment variable
+ Handle platforms where realpath(3) requires a pre-allocated
buffer
+ Fix null-dereference crash when pulling a malformed
'uninstalled' .pc file into a dependency tree.
++++ systemd-rpm-macros:
- Bump to version 13
- Make use of "Suggests:" in %systemd_ordering
Until libzypp supports "OrderWithRequires:", we need to specify a
similar ordering constraint that can be understood by the dep solver
as well. Hence the use of "Suggests:" in %systemd_ordering
(workaround for bsc#1187332).
++++ vim:
- disabled test_recover because is broken on 32bit archs
- -> disable-unreliable-tests.patch
- Updated to version 8.2.3075, fixes the following problems
* Vim: when debugging only the first line of a command using line
continuation is displayed.
* Coverity warns for freeing static string.
* Vim9: Assigning to @# requires a string. (Naohiro Ono)
* Confusing error when expression is followed by comma.
* Vim9: debugger shows too many lines.
* Formatting using quickfixtextfunc is lost when updating location lists
for different buffers. (Yorick Peterse)
* Location list only has the start position.
* Unreachable code.
* Spaces allowed between option name and "!", "?", etc.
* Available encryption methods are not strong enough.
* Vim9: arguments for execute() not checked at compile time.
* execute() function test fails.
* Not enough tests for quickfix end_col and end_lnum.
* Vim9: cannot set breakpoint in compiled function.
* Vim9: breakpoint in compiled function not always checked.
* GUI mouse events not tested.
* Vim9: crash when using operator and list unpack assignment. (Naohiro Ono)
* Coverity reports a memory leak.
* No error if a function name starts with an underscore. (Naohiro Ono)
* Build problems with MSVC, other crypt issues with libsodium.
* No error when using alpha delimiter with :global.
* Installing packages on github CI sometimes fails.
* Vim9: crash when calling :def function with partial and return type is
not set.
* Vim9: builtin function arguments not checked at compile time.
* Configure reports libcanberra when checking for libsodium.
* Amiga built-in version string doesn't include build date.
* Vim9: breakpoint at a comment line does not work.
* GUI: dropping files not tested.
* Detecting if the process of a swap file is running fails if the process
is owned by another user.
* Swap file test fails.
* Minor typos.
* Increment and decrement don't allow for next command.
* Strange error for white space after ++ command.
* JSON patch file not recognized.
* Cannot recognize elixir files.
* Vim9: for loop with one list variable does not work.
* Vim9: "legacy call" does not work.
* Vim9: cannot assign to @@ in :def function
* Vim9: unpack assignment using "_" after semicolon fails.
* Strange error for assigning to "x.key" on non-dictionary.
* Vim9: using default value in lambda gives confusing error.
* Vim9: debugger test fails with normal features and +terminal. (Dominique
Pellé)
* Vim9: cannot use ternary operator in parenthesis.
* Vim9: memory leak when using lambda.
* Vim9: cannot use ternary operator in parenthesis.
* Testing the shell option is incomplete and spread out.
* Internal error when adding several text properties.
* Crash when switching 'cryptmethod' to xchaha20 with an existing undo
file. (Martin Tournoij)
* Vim9: in script cannot set item in uninitialized list.
* Vim9: error when sourcing script twice and reusing a function name.
* Vim9: debugging lambda does not work.
* Building fails with Athena. (Elimar Riesebieter)
* Unicode tables are slightly outdated.
* Error messages are spread out.
* Not enough testing for shell use.
* Shell options are not set properly for PowerShell.
* The "zy" command does not work well when 'virtualedit' is set to
"block". (Johann Höchtl)
* When cursor is move for block append wrong text is inserted.
* popup_atcursor() uses wrong position with concealing.
------------------------------------------------------------------
------------------ 2021-6-29 - Jun 29 2021 -------------------
------------------------------------------------------------------
++++ libcontainers-common:
- Mention libcontainers-common.rpmlintrc as source
- Use versioned obsoletes
++++ pango:
- Update to version 1.48.6:
+ Avoid attribute index overflow.
+ Add a new pango-segmentation utility.
+ Documentation cleanups and fixes.
+ Update script property data for gravity.
+ Bring back careful glyph position rounding.
+ Add a few missing bidi types.
+ Add more tests.
++++ sysuser-tools:
- Remove usage of grep from sysusers-generate-pre
- Add a simple test of sysusers-generate-pre to %check
------------------------------------------------------------------
------------------ 2021-6-28 - Jun 28 2021 -------------------
------------------------------------------------------------------
++++ dracut:
- Update to version 055+suse.110.gbe35f166:
* fix(fips-suse): fipscheck doesn't need the -c parameter (bsc#1187498)
* fix(kernel-install): initrd vs initramfs
++++ gobject-introspection:
- Revert back o HOSTTYPE: RPM_ARCH is not available to the dep
scanners.
++++ grub2:
- Fix error not a btrfs filesystem on s390x (bsc#1187645)
* 80_suse_btrfs_snapshot
++++ kernel-default:
- ACPI: PM: s2idle: Add missing LPS0 functions for AMD
(bsc#1185840).
- ACPI: processor idle: Fix up C-state latency if not ordered
(bsc#1185840).
- Bluetooth: btqca: Don't modify firmware contents in-place
(bsc#1187472).
- Input: elants_i2c - Fix NULL dereference at probing
(bsc#1186454).
- mmc: sdhci-iproc: Cap min clock frequency on BCM2711
(bsc#1176576).
- mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on
BCM2711 (bsc#1176576).
- pinctrl: bcm2835: Accept fewer than expected IRQs (bsc#1181942).
- Refresh
patches.suse/proc-Avoid-mixing-integer-types-in-mem_rw.patch.
Port post-5.13 patches from the stable branch.
Note that patches.suse/proc-Avoid-mixing-integer-types-in-mem_rw.patch
is in the -mmotm tree, so that the updated upstream info (esp. the SHA)
is subject to change.
- commit bd5babc
- Revert "drm/amdgpu/gfx10: enlarge CP_MEC_DOORBELL_RANGE_UPPER
to cover full doorbell." (amd gpu reverts).
- Revert "drm/amdgpu/gfx9: fix the doorbell missing when in CGPG
issue." (amd gpu reverts).
- commit 74bd8c0
- Refresh
patches.suse/Input-elants_i2c-Fix-NULL-dereference-at-probing.patch.
- Refresh
patches.suse/mmc-sdhci-iproc-cap-min-clock-frequency-on-bcm2711.patch.
- Refresh
patches.suse/mmc-sdhci-iproc-set-sdhci_quirk_cap_clock_base_broken-on-bcm2711.patch.
Update upstream statuses.
- commit 9cef814
++++ ncurses:
- Add ncurses patch 20210626
+ add configure option --disable-root-access, which tells ncurses to
disallow most file-opens by setuid processes.
+ use default colors in pccon "op" -TD
+ correct rmacs/smacs in aaa+dec, aaa+rv -TD
+ add hpterm-color2 and hp98550-color (Martin Trusler)
+ regenerate man-html documentation.
- Remove setfsuid code from patch ncurses-6.2.dif as now upstream solved
- Correct offset of patch ncurses-5.9-ibm327x.dif and ncurses-6.2.dif
++++ systemd:
- Import commit e9a23d9e064c2e7ac21a1b984d116bcf15327e63
8dd19c6ee3 sd-device: allow to read sysattr which contains embedded NUL
d52409e5fe pid1: only add a Wants= type dependency on /tmp when PrivateTmp=yes (bsc#1181970
- Enable TPM2 support
++++ tpm2-0-tss:
- small services fixes and comments
++++ zeromq:
- Explicit BR on python is not necessary.
++++ selinux-policy:
- Update to version 20210419
- Dropped fix_gift.patch, module was removed
- Updated wicked.te to removed dropped interface
- Refreshed:
* fix_cockpit.patch
* fix_hadoop.patch
* fix_init.patch
* fix_logging.patch
* fix_logrotate.patch
* fix_networkmanager.patch
* fix_nscd.patch
* fix_rpm.patch
* fix_selinuxutil.patch
* fix_systemd.patch
* fix_systemd_watch.patch
* fix_thunderbird.patch
* fix_unconfined.patch
* fix_unconfineduser.patch
* fix_unprivuser.patch
* fix_xserver.patch
++++ tpm2.0-tools:
- update to version 5.1.1:
- tpm2_import: fix fixed AES key CVE-2021-3565
- tpm2_import used a fixed AES key for the inner wrapper, which means that
a MITM attack would be able to unwrap the imported key. To fix this,
ensure the key size is 16 bytes or bigger and use OpenSSL to generate a
secure random AES key.
- Avoid pandoc build dependency, use prebuilt man pages everywhere
- Drop 0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch, now upstream
- Drop _service, unused
- Drop unused unzip build dependency
- Drop autoreconfigure call, no longer necessary
- Use %autosetup
- Verify tarball signature
- Build against efivar
- Drop %check section, tests weren't built, so that was a noop
------------------------------------------------------------------
------------------ 2021-6-27 - Jun 27 2021 -------------------
------------------------------------------------------------------
++++ cockpit-machines:
- Add source-offest to _service to fix build error in Leap 15.3.
++++ kernel-default:
- Update to 5.13 final
- refresh configs
- update headers
- armv7hl: drop GPIO_TQMX86
- commit 54fc53e
++++ podman:
- Update to version 3.2.2:
* Bump to v3.2.2
* fix systemcontext to use correct TMPDIR
* Scrub podman commands to use report package
* Fix volumes with uid and gid options
* Vendor in c/common v0.38.11
* Initial release notes for v3.2.2
* Fix restoring of privileged containers
* Fix handling of podman-remote build --device
* Add support for podman remote build -f - .
* Fix panic condition in cgroups.getAvailableControllers
* Fix permissions on initially created named volumes
* Fix building static podman-remote
* add correct slirp ip to /etc/hosts
* disable tty-size exec checks in system tests
* Fix resize race with podman exec -it
* Fix documentation of the --format option of podman push
* Fix systemd-resolved detection.
* Health Check is not handled in the compat LibpodToContainerJSON
* Do not use inotify for OCICNI
* getContainerNetworkInfo: lock netNsCtr before sync
* [NO TESTS NEEDED] Create /etc/mtab with the correct ownership
* Create the /etc/mtab file if does not exists
* [v3.2] cp: do not allow dir->file copying
* create: support images with invalid platform
* vendor containers/common@v0.38.10
* logs: k8s-file: restore poll sleep
* logs: k8s-file: fix spurious error logs
* utils: move message from warning to debug
* Bump to v3.2.2-dev
------------------------------------------------------------------
------------------ 2021-6-26 - Jun 26 2021 -------------------
------------------------------------------------------------------
++++ ceph:
- Update to 16.2.4-564-g9689286366a:
+ rebased on top of upstream commit SHA1 e57defcbcc91e67aac958c4a52d657a7a907e8ef
------------------------------------------------------------------
------------------ 2021-6-25 - Jun 25 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Revert "Update config files (bsc#1187167)" (bsc#1187711).
The key is needed. When a random key is generaeted it is a problem with
OBS repository setup. OBS should provide a signing key.
- commit 6b7eebf
++++ libcontainers-common:
- Update common to 0.38.11
0.38.11:
* Strip extra trailing newlines in templates
* Set BigFilesTemporaryDir to GetEnv(TMPDIR) if set or /var/tmp
0.38.10:
* libimage: pull: override even --pull=never with custom platfo
* libimage: pull: enforce pull policy for custom platforms
* libimage: pull: ignore platform for local image lookup
* Allow /etc/containers/containers.conf to be read by non-root
* [0.38] libimage: force remove: only untag on multi tag image
0.38.9:
* libimage: fix Exists
0.38.8:
* libmage: Exists: catch corrupted images
0.38.7:
* libimage: pull: turn image-lookup errors non-fatal
0.38.6:
* [0.38] Leave default seccomp path empty
0.38.5:
* pull: don't resolve short names on explicit docker:// reference
0.38.4:
Revert "Do not emit warnings about OCI runtime paths"
libimage: lookup: tolerate corrupted image
0.38.3:
build(deps): bump github.com/containers/storage from 1.30.3 to 1.31.1
libimage: fix manifest list lookup
- Update podman to 3.2.2
3.2.2:
[#]## Changes
- Podman's handling of the Architecture field of images has been relaxed. Since 3.2.0, Podman required that the architecture of the image match the architecture of the system to run containers based on an image, but images often incorrectly report architecture, causing Podman to reject valid images ([#10648](https://github.com/containers/podman/issues/10648) and [#10682](https://github.com/containers/podman/issues/10682)).
- Podman no longer uses inotify to monitor for changes to CNI configurations. This removes potential issues where Podman cannot be run because a user has exhausted their available inotify sessions ([#10686](https://github.com/containers/podman/issues/10686)).
[#]## Bugfixes
- Fixed a bug where the `podman cp` would, when given a directory as its source and a target that existed and was a file, copy the contents of the directory into the parent directory of the file; this now results in an error.
- Fixed a bug where the `podman logs` command would, when following a running container's logs, not include the last line of output from the container when it exited when the `k8s-file` driver was in use ([#10675](https://github.com/containers/podman/issues/10675)).
- Fixed a bug where Podman would fail to run containers if `systemd-resolved` was incorrectly detected as the system's DNS server ([#10733](https://github.com/containers/podman/issues/10733)).
- Fixed a bug where the `podman exec -t` command would only resize the exec session's TTY after the session started, leading to a race condition where the terminal would initially not have a size set ([#10560](https://github.com/containers/podman/issues/10560)).
- Fixed a bug where Podman containers using the `slirp4netns` network mode would add an incorrect entry to `/etc/hosts` pointing the container's hostname to the wrong IP address.
- Fixed a bug where Podman would create volumes specified by images with incorrect permissions ([#10188](https://github.com/containers/podman/issues/10188) and [#10606](https://github.com/containers/podman/issues/10606)).
- Fixed a bug where Podman would not respect the `uid` and `gid` options to `podman volume create -o` ([#10620](https://github.com/containers/podman/issues/10620)).
- Fixed a bug where the `podman run` command could panic when parsing the system's cgroup configuration ([#10666](https://github.com/containers/podman/issues/10666)).
- Fixed a bug where the remote Podman client's `podman build -f - ...` command did not read a Containerfile from STDIN ([#10621](https://github.com/containers/podman/issues/10621)).
- Fixed a bug where the `podman container restore --import` command would fail to restore checkpoints created from privileged containers ([#10615](https://github.com/containers/podman/issues/10615)).
- Fixed a bug where Podman was not respecting the `TMPDIR` environment variable when pulling images ([#10698](https://github.com/containers/podman/issues/10698)).
- Fixed a bug where a number of Podman commands did not properly support using Go templates as an argument to the `--format` option.
[#]## API
- Fixed a bug where the Compat Inspect endpoint for Containers did not include information on container healthchecks ([#10457](https://github.com/containers/podman/issues/10457)).
- Fixed a bug where the Libpod and Compat Build endpoints for Images did not properly handle the `devices` query parameter ([#10614](https://github.com/containers/podman/issues/10614)).
[#]## Misc
- Fixed a bug where the Makefile's `make podman-remote-static` target to build a statically-linked `podman-remote` binary was instead producing dynamic binaries ([#10656](https://github.com/containers/podman/issues/10656)).
- Updated the containers/common library to v0.38.11
3.2.1:
[#]## Changes
- Podman now allows corrupt images (e.g. from restarting the system during an image pull) to be replaced by a `podman pull` of the same image (instead of requiring they be removed first, then re-pulled).
[#]## Bugfixes
- Fixed a bug where Podman would fail to start containers if a Seccomp profile was not available at `/usr/share/containers/seccomp.json` ([#10556](https://github.com/containers/podman/issues/10556)).
- Fixed a bug where the `podman machine start` command failed on OS X machines with the AMD64 architecture and certain QEMU versions ([#10555](https://github.com/containers/podman/issues/10555)).
- Fixed a bug where Podman would always use the slow path for joining the rootless user namespace.
- Fixed a bug where the `podman stats` command would fail on Cgroups v1 systems when run on a container running systemd ([#10602](https://github.com/containers/podman/issues/10602)).
- Fixed a bug where pre-checkpoint support for `podman container checkpoint` did not function correctly.
- Fixed a bug where the remote Podman client's `podman build` command did not properly handle the `-f` option ([#9871](https://github.com/containers/podman/issues/9871)).
- Fixed a bug where the remote Podman client's `podman run` command would sometimes not resize the container's terminal before execution began ([#9859](https://github.com/containers/podman/issues/9859)).
- Fixed a bug where the `--filter` option to the `podman image prune` command was nonfunctional.
- Fixed a bug where the `podman logs -f` command would exit before all output for a container was printed when the `k8s-file` log driver was in use ([#10596](https://github.com/containers/podman/issues/10596)).
- Fixed a bug where Podman would not correctly detect that systemd-resolved was in use on the host and adjust DNS servers in the container appropriately under some circumstances ([#10570](https://github.com/containers/podman/issues/10570)).
- Fixed a bug where the `podman network connect` and `podman network disconnect` commands acted improperly when containers were in the Created state, marking the changes as done but not actually performing them.
[#]## API
- Fixed a bug where the Compat and Libpod Prune endpoints for Networks returned null, instead of an empty array, when nothing was pruned.
- Fixed a bug where the Create API for Images would continue to pull images even if a client closed the connection mid-pull ([#7558](https://github.com/containers/podman/issues/7558)).
- Fixed a bug where the Events API did not include some information (including labels) when sending events.
- Fixed a bug where the Events API would, when streaming was not requested, send at most one event ([#10529](https://github.com/containers/podman/issues/10529)).
[#]## Misc
- Updated the containers/common library to v0.38.9
3.2.0:
[#]## Features
- Docker Compose is now supported with rootless Podman ([#9169](https://github.com/containers/podman/issues/9169)).
- The `podman network connect`, `podman network disconnect`, and `podman network reload` commands have been enabled for rootless Podman.
- An experimental new set of commands, `podman machine`, was added to assist in managing virtual machines containing a Podman server. These are intended for easing the use of Podman on OS X by handling the creation of a Linux VM for running Podman.
- The `podman generate kube` command can now be run on Podman named volumes (generating `PersistentVolumeClaim` YAML), in addition to pods and containers.
- The `podman play kube` command now supports two new options, `--ip` and `--mac`, to set static IPs and MAC addresses for created pods ([#8442](https://github.com/containers/podman/issues/8442) and [#9731](https://github.com/containers/podman/issues/9731)).
- The `podman play kube` command's support for `PersistentVolumeClaim` YAML has been greatly improved.
- The `podman generate kube` command now preserves the label used by `podman auto-update` to identify containers to update as a Kubernetes annotation, and the `podman play kube` command will convert this annotation back into a label. This allows `podman auto-update` to be used with containers created by `podman play kube`.
- The `podman play kube` command now supports Kubernetes `secretRef` YAML (using the secrets support from `podman secret`) for environment variables.
- Secrets can now be added to containers as environment variables using the `type=env` option to the `--secret` flag to `podman create` and `podman run`.
- The `podman start` command now supports the `--all` option, allowing all containers to be started simultaneously with a single command. The `--filter` option has also been added to filter which containers to start when `--all` is used.
- Filtering containers with the `--filter` option to `podman ps` and `podman start` now supports a new filter, `restart-policy`, to filter containers based on their restart policy.
- The `--group-add` option to rootless `podman run` and `podman create` now accepts a new value, `keep-groups`, which instructs Podman to retain the supplemental groups of the user running Podman in the created container. This is only supported with the `crun` OCI runtime.
- The `podman run` and `podman create` commands now support a new option, `--timeout`. This sets a maximum time the container is allowed to run, after which it is killed ([#6412](https://github.com/containers/podman/issues/6412)).
- The `podman run` and `podman create` commands now support a new option, `--pidfile`. This will create a file when the container is started containing the PID of the first process in the container.
- The `podman run` and `podman create` commands now support a new option, `--requires`. The `--requires` option adds dependency containers - containers that must be running before the current container. Commands like `podman start` will automatically start the requirements of a container before starting the container itself.
- Auto-updating containers can now be done with locally-built images, not just images hosted on a registry, by creating containers with the `io.containers.autoupdate` label set to `local`.
- Podman now supports the [Container Device Interface](https://github.com/container-orchestrated-devices/container-device-interface) (CDI) standard.
- Podman now adds an entry to `/etc/hosts`, `host.containers.internal`, pointing to the current gateway (which, for root containers, is usually a bridge interface on the host system) ([#5651](https://github.com/containers/podman/issues/5651)).
- The `podman ps`, `podman pod ps`, `podman network list`, `podman secret list`, and `podman volume list` commands now support a `--noheading` option, which will cause Podman to omit the heading line including column names.
- The `podman unshare` command now supports a new flag, `--rootless-cni`, to join the rootless network namespace. This allows commands to be run in the same network environment as rootless containers with CNI networking.
- The `--security-opt unmask=` option to `podman run` and `podman create` now supports glob operations to unmask a group of paths at once (e.g. `podman run --security-opt unmask=/proc/* ...` will unmask all paths in `/proc` in the container).
- The `podman network prune` command now supports a `--filter` option to filter which networks will be pruned.
[#]## Changes
- The change in Podman 3.1.2 where the `:z` and `:Z` mount options for volumes were ignored for privileged containers has been reverted after discussion in [#10209](https://github.com/containers/podman/issues/10209).
- Podman's rootless CNI functionality no longer requires a sidecar container! The removal of the requirement for the `rootless-cni-infra` container means that rootless CNI is now usable on all architectures, not just AMD64, and no longer requires pulling an image ([#8709](https://github.com/containers/podman/issues/8709)).
- The Image handling code used by Podman has seen a major rewrite to improve code sharing with our other projects, Buildah and CRI-O. This should result in fewer bugs and performance gains in the long term. Work on this is still ongoing.
- The `podman auto-update` command now prunes previous versions of images after updating if they are unused, to prevent disk exhaustion after repeated updates ([#10190](https://github.com/containers/podman/issues/10190)).
- The `podman play kube` now treats environment variables configured as references to a `ConfigMap` as mandatory unless the `optional` parameter was set; this better matches the behavior of Kubernetes.
- Podman now supports the `--context=default` flag from Docker as a no-op for compatibility purposes.
- When Podman is run as root, but without `CAP_SYS_ADMIN` being available, it will run in a user namespace using the same code as rootless Podman (instead of failing outright).
- The `podman info` command now includes the path of the Seccomp profile Podman is using, available cgroup controllers, and whether Podman is connected to a remote service or running containers locally.
- Containers created with the `--rm` option now automatically use the `volatile` storage flag when available for their root filesystems, causing them not to write changes to disk as often as they will be removed at completion anyways. This should result in improved performance.
- The `podman generate systemd --new` command will now include environment variables referenced by the container in generated unit files if the value would be looked up from the system environment.
- Podman now requires that Conmon v2.0.24 be available.
[#]## Bugfixes
- Fixed a bug where the remote Podman client's `podman build` command did not support the `--arch`, `--platform`, and `--os`, options.
- Fixed a bug where the remote Podman client's `podman build` command ignored the `--rm=false` option ([#9869](https://github.com/containers/podman/issues/9869)).
- Fixed a bug where the remote Podman client's `podman build --iidfile` command could include extra output (in addition to just the image ID) in the image ID file written ([#10233](https://github.com/containers/podman/issues/10233)).
- Fixed a bug where the remote Podman client's `podman build` command did not preserve hardlinks when moving files into the container via `COPY` instructions ([#9893](https://github.com/containers/podman/issues/9893)).
- Fixed a bug where the `podman generate systemd --new` command could generate extra `--iidfile` arguments if the container was already created with one.
- Fixed a bug where the `podman generate systemd --new` command would generate unit files that did not include `RequiresMountsFor` lines ([#10493](https://github.com/containers/podman/issues/10493)).
- Fixed a bug where the `podman generate kube` command produced incorrect YAML for containers which bind-mounted both `/` and `/root` from the host system into the container ([#9764](https://github.com/containers/podman/issues/9764)).
- Fixed a bug where pods created by `podman play kube` from YAML that specified `ShareProcessNamespace` would only share the PID namespace (and not also the UTS, Network, and IPC namespaces) ([#9128](https://github.com/containers/podman/issues/9128)).
- Fixed a bug where the `podman network reload` command could generate spurious error messages when `iptables-nft` was in use.
- Fixed a bug where rootless Podman could fail to attach to containers when the user running Podman had a large UID.
- Fixed a bug where the `podman ps` command could fail with a `no such container` error due to a race condition with container removal ([#10120](https://github.com/containers/podman/issues/10120)).
- Fixed a bug where containers using the `slirp4netns` network mode and setting a custom `slirp4netns` subnet while using the `rootlesskit` port forwarder would not be able to forward ports ([#9828](https://github.com/containers/podman/issues/9828)).
- Fixed a bug where the `--filter ancestor=` option to `podman ps` did not require an exact match of the image name/ID to include a container in its results.
- Fixed a bug where the `--filter until=` option to `podman image prune` would prune images created after the specified time (instead of before).
- Fixed a bug where setting a custom Seccomp profile via the `seccomp_profile` option in `containers.conf` had no effect, and the default profile was used instead.
- Fixed a bug where the `--cgroup-parent` option to `podman create` and `podman run` was ignored in rootless Podman on cgroups v2 systems with the `cgroupfs` cgroup manager ([#10173](https://github.com/containers/podman/issues/10173)).
- Fixed a bug where the `IMAGE` and `NAME` variables in `podman container runlabel` were not being correctly substituted ([#10192](https://github.com/containers/podman/issues/10192)).
- Fixed a bug where Podman could freeze when creating containers with a specific combination of volumes and working directory ([#10216](https://github.com/containers/podman/issues/10216)).
- Fixed a bug where rootless Podman containers restarted by restart policy (e.g. containers created with `--restart=always`) would lose networking after being restarted ([#8047](https://github.com/containers/podman/issues/8047)).
- Fixed a bug where the `podman cp` command could not copy files into containers created with the `--pid=host` flag ([#9985](https://github.com/containers/podman/issues/9985)).
- Fixed a bug where filters to the `podman events` command could not be specified twice (if a filter is specified more than once, it will match if any of the given values match - logical or) ([#10507](https://github.com/containers/podman/issues/10507)).
- Fixed a bug where Podman would include IPv6 nameservers in `resolv.conf` in containers without IPv6 connectivity ([#10158](https://github.com/containers/podman/issues/10158)).
- Fixed a bug where containers could not be created with static IP addresses when connecting to a network using the `macvlan` driver ([#10283](https://github.com/containers/podman/issues/10283)).
[#]## API
- Fixed a bug where the Compat Create endpoint for Containers did not allow advanced network options to be set ([#10110](https://github.com/containers/podman/issues/10110)).
- Fixed a bug where the Compat Create endpoint for Containers ignored static IP information provided in the `IPAMConfig` block ([#10245](https://github.com/containers/podman/issues/10245)).
- Fixed a bug where the Compat Inspect endpoint for Containers returned null (instead of an empty list) for Networks when the container was not joined to a CNI network ([#9837](https://github.com/containers/podman/issues/9837)).
- Fixed a bug where the Compat Wait endpoint for Containers could miss containers exiting if they were immediately restarted.
- Fixed a bug where the Compat Create endpoint for Volumes required that the user provide a name for the new volume ([#9803](https://github.com/containers/podman/issues/9803)).
- Fixed a bug where the Libpod Info handler would sometimes not return the correct path to the Podman API socket.
- Fixed a bug where the Compat Events handler used the wrong name for container exited events (`died` instead of `die`) ([#10168](https://github.com/containers/podman/issues/10168)).
- Fixed a bug where the Compat Push endpoint for Images could leak goroutines if the remote end closed the connection prematurely.
[#]## Misc
- Updated Buildah to v1.21.0
- Updated the containers/common library to v0.38.5
- Updated the containers/storage library to v1.31.3
3.2.0-RC3:
This is the third release candidate for Podman v3.2.0. We expect it will be the final RC.
Preliminary release notes follow:
[#]## Features
- Docker Compose is now supported with rootless Podman ([#9169](https://github.com/containers/podman/issues/9169)).
- The `podman network connect`, `podman network disconnect`, and `podman network reload` commands have been enabled for rootless Podman.
- An experimental new set of commands, `podman machine`, was added to assist in managing virtual machines containing a Podman server. These are intended for easing the use of Podman on OS X by handling the creation of a Linux VM for running Podman.
- The `podman generate kube` command can now be run on Podman named volumes (generating `PersistentVolumeClaim` YAML), in addition to pods and containers.
- The `podman play kube` command now supports two new options, `--ip` and `--mac`, to set static IPs and MAC addresses for created pods ([#8442](https://github.com/containers/podman/issues/8442) and [#9731](https://github.com/containers/podman/issues/9731)).
- The `podman play kube` command's support for `PersistentVolumeClaim` YAML has been greatly improved.
- The `podman generate kube` command now preserves the label used by `podman auto-update` to identify containers to update as a Kubernetes annotation, and the `podman play kube` command will convert this annotation back into a label. This allows `podman auto-update` to be used with containers created by `podman play kube`.
- The `podman play kube` command now supports Kubernetes `secretRef` YAML (using the secrets support from `podman secret`) for environment variables.
- Secrets can now be added to containers as environment variables using the `type=env` option to the `--secret` flag to `podman create` and `podman run`.
- The `podman start` command now supports the `--all` option, allowing all containers to be started simultaneously with a single command. The `--filter` option has also been added to filter which containers to start when `--all` is used.
- Filtering containers with the `--filter` option to `podman ps` and `podman start` now supports a new filter, `restart-policy`, to filter containers based on their restart policy.
- The `--group-add` option to rootless `podman run` and `podman create` now accepts a new value, `keep-groups`, which instructs Podman to retain the supplemental groups of the user running Podman in the created container. This is only supported with the `crun` OCI runtime.
- The `podman run` and `podman create` commands now support a new option, `--timeout`. This sets a maximum time the container is allowed to run, after which it is killed ([#6412](https://github.com/containers/podman/issues/6412)).
- The `podman run` and `podman create` commands now support a new option, `--pidfile`. This will create a file when the container is started containing the PID of the first process in the container.
- The `podman run` and `podman create` commands now support a new option, `--requires`. The `--requires` option adds dependency containers - containers that must be running before the current container. Commands like `podman start` will automatically start the requirements of a container before starting the container itself.
- Auto-updating containers can now be done with locally-built images, not just images hosted on a registry, by creating containers with the `io.containers.autoupdate` label set to `local`.
- Podman now supports the [Container Device Interface](https://github.com/container-orchestrated-devices/container-device-interface) (CDI) standard.
- Podman now adds an entry to `/etc/hosts`, `host.containers.internal`, pointing to the current gateway (which, for root containers, is usually a bridge interface on the host system) ([#5651](https://github.com/containers/podman/issues/5651)).
- The `podman ps`, `podman pod ps`, `podman network list`, `podman secret list`, and `podman volume list` commands now support a `--noheading` option, which will cause Podman to omit the heading line including column names.
- The `podman unshare` command now supports a new flag, `--rootless-cni`, to join the rootless network namespace. This allows commands to be run in the same network environment as rootless containers with CNI networking.
- The `--security-opt unmask=` option to `podman run` and `podman create` now supports glob operations to unmask a group of paths at once (e.g. `podman run --security-opt unmask=/proc/* ...` will unmask all paths in `/proc` in the container).
- The `podman network prune` command now supports a `--filter` option to filter which networks will be pruned.
[#]## Changes
- The change in Podman 3.1.2 where the `:z` and `:Z` mount options for volumes were ignored for privileged containers has been reverted after discussion in [#10209](https://github.com/containers/podman/issues/10209).
- Podman's rootless CNI functionality no longer requires a sidecar container! The removal of the requirement for the `rootless-cni-infra` container means that rootless CNI is now usable on all architectures, not just AMD64, and no longer requires pulling an image ([#8709](https://github.com/containers/podman/issues/8709)).
- The Image handling code used by Podman has seen a major rewrite to improve code sharing with our other projects, Buildah and CRI-O. This should result in fewer bugs and performance gains in the long term. Work on this is still ongoing.
- The `podman auto-update` command now prunes previous versions of images after updating if they are unused, to prevent disk exhaustion after repeated updates ([#10190](https://github.com/containers/podman/issues/10190)).
- The `podman play kube` now treats environment variables configured as references to a `ConfigMap` as mandatory unless the `optional` parameter was set; this better matches the behavior of Kubernetes.
- Podman now supports the `--context=default` flag from Docker as a no-op for compatibility purposes.
- When Podman is run as root, but without `CAP_SYS_ADMIN` being available, it will run in a user namespace using the same code as rootless Podman (instead of failing outright).
- The `podman info` command now includes the path of the Seccomp profile Podman is using, available cgroup controllers, and whether Podman is connected to a remote service or running containers locally.
- Containers created with the `--rm` option now automatically use the `volatile` storage flag when available for their root filesystems, causing them not to write changes to disk as often as they will be removed at completion anyways. This should result in improved performance.
- The `podman generate systemd --new` command will now include environment variables referenced by the container in generated unit files if the value would be looked up from the system environment.
- Podman now requires that Conmon v2.0.24 be available.
[#]## Bugfixes
- Fixed a bug where the remote Podman client's `podman build` command did not support the `--arch`, `--platform`, and `--os`, options.
- Fixed a bug where the remote Podman client's `podman build` command ignored the `--rm=false` option ([#9869](https://github.com/containers/podman/issues/9869)).
- Fixed a bug where the remote Podman client's `podman build --iidfile` command could include extra output (in addition to just the image ID) in the image ID file written ([#10233](https://github.com/containers/podman/issues/10233)).
- Fixed a bug where the remote Podman client's `podman build` command did not preserve hardlinks when moving files into the container via `COPY` instructions ([#9893](https://github.com/containers/podman/issues/9893)).
- Fixed a bug where the `podman generate systemd --new` command could generate extra `--iidfile` arguments if the container was already created with one.
- Fixed a bug where the `podman generate kube` command produced incorrect YAML for containers which bind-mounted both `/` and `/root` from the host system into the container ([#9764](https://github.com/containers/podman/issues/9764)).
- Fixed a bug where pods created by `podman play kube` from YAML that specified `ShareProcessNamespace` would only share the PID namespace (and not also the UTS, Network, and IPC namespaces) ([#9128](https://github.com/containers/podman/issues/9128)).
- Fixed a bug where the `podman network reload` command could generate spurious error messages when `iptables-nft` was in use.
- Fixed a bug where rootless Podman could fail to attach to containers when the user running Podman had a large UID.
- Fixed a bug where the `podman ps` command could fail with a `no such container` error due to a race condition with container removal ([#10120](https://github.com/containers/podman/issues/10120)).
- Fixed a bug where containers using the `slirp4netns` network mode and setting a custom `slirp4netns` subnet while using the `rootlesskit` port forwarder would not be able to forward ports ([#9828](https://github.com/containers/podman/issues/9828)).
- Fixed a bug where the `--filter ancestor=` option to `podman ps` did not require an exact match of the image name/ID to include a container in its results.
- Fixed a bug where the `--filter until=` option to `podman image prune` would prune images created after the specified time (instead of before).
- Fixed a bug where setting a custom Seccomp profile via the `seccomp_profile` option in `containers.conf` had no effect, and the default profile was used instead.
- Fixed a bug where the `--cgroup-parent` option to `podman create` and `podman run` was ignored in rootless Podman on cgroups v2 systems with the `cgroupfs` cgroup manager ([#10173](https://github.com/containers/podman/issues/10173)).
- Fixed a bug where the `IMAGE` and `NAME` variables in `podman container runlabel` were not being correctly substituted ([#10192](https://github.com/containers/podman/issues/10192)).
- Fixed a bug where Podman could freeze when creating containers with a specific combination of volumes and working directory ([#10216](https://github.com/containers/podman/issues/10216)).
- Fixed a bug where rootless Podman containers restarted by restart policy (e.g. containers created with `--restart=always`) would lose networking after being restarted ([#8047](https://github.com/containers/podman/issues/8047)).
- Fixed a bug where the `podman cp` command could not copy files into containers created with the `--pid=host` flag ([#9985](https://github.com/containers/podman/issues/9985)).
[#]## API
- Fixed a bug where the Compat Create endpoint for Containers did not allow advanced network options to be set ([#10110](https://github.com/containers/podman/issues/10110)).
- Fixed a bug where the Compat Create endpoint for Containers ignored static IP information provided in the `IPAMConfig` block ([#10245](https://github.com/containers/podman/issues/10245)).
- Fixed a bug where the Compat Inspect endpoint for Containers returned null (instead of an empty list) for Networks when the container was not joined to a CNI network ([#9837](https://github.com/containers/podman/issues/9837)).
- Fixed a bug where the Compat Wait endpoint for Containers could miss containers exiting if they were immediately restarted.
- Fixed a bug where the Compat Create endpoint for Volumes required that the user provide a name for the new volume ([#9803](https://github.com/containers/podman/issues/9803)).
- Fixed a bug where the Libpod Info handler would sometimes not return the correct path to the Podman API socket.
- Fixed a bug where the Compat Events handler used the wrong name for container exited events (`died` instead of `die`) ([#10168](https://github.com/containers/podman/issues/10168)).
[#]## Misc
- Updated Buildah to v1.21.0
- Updated the containers/common library to v0.38.4
- Updated the containers/storage library to v1.31.1
3.2.0-RC2:
This is the second release candidate for Podman v3.2.0. We expect a final RC early next week, and a final release late next week if all goes well
Preliminary release notes follow:
[#]## Features
- Docker Compose is now supported with rootless Podman ([#9169](https://github.com/containers/podman/issues/9169)).
- The `podman network connect`, `podman network disconnect`, and `podman network reload` commands have been enabled for rootless Podman.
- An experimental new set of commands, `podman machine`, was added to assist in managing virtual machines containing a Podman server. These are intended for easing the use of Podman on OS X by handling the creation of a Linux VM for running Podman.
- The `podman generate kube` command can now be run on Podman named volumes (generating `PersistentVolumeClaim` YAML), in addition to pods and containers.
- The `podman play kube` command now supports two new options, `--ip` and `--mac`, to set static IPs and MAC addresses for created pods ([#8442](https://github.com/containers/podman/issues/8442) and [#9731](https://github.com/containers/podman/issues/9731)).
- The `podman play kube` command's support for `PersistentVolumeClaim` YAML has been greatly improved.
- The `podman generate kube` command now preserves the label used by `podman auto-update` to identify containers to update as a Kubernetes annotation, and the `podman play kube` command will convert this annotation back into a label. This allows `podman auto-update` to be used with containers created by `podman play kube`.
- The `podman play kube` command now supports Kubernetes `secretRef` YAML (using the secrets support from `podman secret`) for environment variables.
- Secrets can now be added to containers as environment variables using the `type=env` option to the `--secret` flag to `podman create` and `podman run`.
- The `podman start` command now supports the `--all` option, allowing all containers to be started simultaneously with a single command. The `--filter` option has also been added to filter which containers to start when `--all` is used.
- Filtering containers with the `--filter` option to `podman ps` and `podman start` now supports a new filter, `restart-policy`, to filter containers based on their restart policy.
- The `--group-add` option to rootless `podman run` and `podman create` now accepts a new value, `keep-groups`, which instructs Podman to retain the supplemental groups of the user running Podman in the created container. This is only supported with the `crun` OCI runtime.
- The `podman run` and `podman create` commands now support a new option, `--timeout`. This sets a maximum time the container is allowed to run, after which it is killed ([#6412](https://github.com/containers/podman/issues/6412)).
- The `podman run` and `podman create` commands now support a new option, `--pidfile`. This will create a file when the container is started containing the PID of the first process in the container.
- The `podman run` and `podman create` commands now support a new option, `--requires`. The `--requires` option adds dependency containers - containers that must be running before the current container. Commands like `podman start` will automatically start the requirements of a container before starting the container itself.
- Auto-updating containers can now be done with locally-built images, not just images hosted on a registry, by creating containers with the `io.containers.autoupdate` label set to `local`.
- Podman now supports the [Container Device Interface](https://github.com/container-orchestrated-devices/container-device-interface) (CDI) standard.
- Podman now adds an entry to `/etc/hosts`, `host.containers.internal`, pointing to the current gateway (which, for root containers, is usually a bridge interface on the host system) ([#5651](https://github.com/containers/podman/issues/5651)).
- The `podman ps`, `podman pod ps`, `podman network list`, `podman secret list`, and `podman volume list` commands now support a `--noheading` option, which will cause Podman to omit the heading line including column names.
- The `podman unshare` command now supports a new flag, `--rootless-cni`, to join the rootless network namespace. This allows commands to be run in the same network environment as rootless containers with CNI networking.
- The `--security-opt unmask=` option to `podman run` and `podman create` now supports glob operations to unmask a group of paths at once (e.g. `podman run --security-opt unmask=/proc/* ...` will unmask all paths in `/proc` in the container).
- The `podman network prune` command now supports a `--filter` option to filter which networks will be pruned.
[#]## Changes
- The change in Podman 3.1.2 where the `:z` and `:Z` mount options for volumes were ignored for privileged containers has been reverted after discussion in [#10209](https://github.com/containers/podman/issues/10209).
- Podman's rootless CNI functionality no longer requires a sidecar container! The removal of the requirement for the `rootless-cni-infra` container means that rootless CNI is now usable on all architectures, not just AMD64, and no longer requires pulling an image ([#8709](https://github.com/containers/podman/issues/8709)).
- The Image handling code used by Podman has seen a major rewrite to improve code sharing with our other projects, Buildah and CRI-O. This should result in fewer bugs and performance gains in the long term. Work on this is still ongoing.
- The `podman auto-update` command now prunes previous versions of images after updating if they are unused, to prevent disk exhaustion after repeated updates ([#10190](https://github.com/containers/podman/issues/10190)).
- The `podman play kube` now treats environment variables configured as references to a `ConfigMap` as mandatory unless the `optional` parameter was set; this better matches the behavior of Kubernetes.
- Podman now supports the `--context=default` flag from Docker as a no-op for compatibility purposes.
- When Podman is run as root, but without `CAP_SYS_ADMIN` being available, it will run in a user namespace using the same code as rootless Podman (instead of failing outright).
- The `podman info` command now includes the path of the Seccomp profile Podman is using, and whether Podman is connected to a remote service or running containers locally.
- Containers created with the `--rm` option now automatically use the `volatile` storage flag when available for their root filesystems, causing them not to write changes to disk as often as they will be removed at completion anyways. This should result in improved performance.
- The `podman generate systemd --new` command will now include environment variables referenced by the container in generated unit files if the value would be looked up from the system environment.
- Podman now requires that Conmon v2.0.24 be available.
[#]## Bugfixes
- Fixed a bug where the remote Podman client's `podman build` command did not support the `--arch`, `--platform`, and `--os`, options.
- Fixed a bug where the remote Podman client's `podman build` command ignored the `--rm=false` option ([#9869](https://github.com/containers/podman/issues/9869)).
- Fixed a bug where the `podman generate systemd --new` command could generate extra `--iidfile` arguments if the container was already created with one.
- Fixed a bug where the `podman generate kube` command produced incorrect YAML for containers which bind-mounted both `/` and `/root` from the host system into the container ([#9764](https://github.com/containers/podman/issues/9764)).
- Fixed a bug where pods created by `podman play kube` from YAML that specified `ShareProcessNamespace` would only share the PID namespace (and not also the UTS, Network, and IPC namespaces) ([#9128](https://github.com/containers/podman/issues/9128)).
- Fixed a bug where the `podman network reload` command could generate spurious error messages when `iptables-nft` was in use.
- Fixed a bug where rootless Podman could fail to attach to containers when the user running Podman had a large UID.
- Fixed a bug where the `podman ps` command could fail with a `no such container` error due to a race condition with container removal ([#10120](https://github.com/containers/podman/issues/10120)).
- Fixed a bug where containers using the `slirp4netns` network mode and setting a custom `slirp4netns` subnet while using the `rootlesskit` port forwarder would not be able to forward ports ([#9828](https://github.com/containers/podman/issues/9828)).
- Fixed a bug where the `--filter ancestor=` option to `podman ps` did not require an exact match of the image name/ID to include a container in its results.
- Fixed a bug where the `--filter until=` option to `podman image prune` would prune images created after the specified time (instead of before).
- Fixed a bug where setting a custom Seccomp profile via the `seccomp_profile` option in `containers.conf` had no effect, and the default profile was used instead.
- Fixed a bug where the `--cgroup-parent` option to `podman create` and `podman run` was ignored in rootless Podman on cgroups v2 systems with the `cgroupfs` cgroup manager ([#10173](https://github.com/containers/podman/issues/10173)).
- Fixed a bug where the `IMAGE` and `NAME` variables in `podman container runlabel` were not being correctly substituted ([#10192](https://github.com/containers/podman/issues/10192)).
- Fixed a bug where the remote Podman client's `podman build --iidfile` command could include extra output (in addition to just the image ID) in the image ID file written ([#10233](https://github.com/containers/podman/issues/10233)).
- Fixed a bug where Podman could freeze when creating containers with a specific combination of volumes and working directory ([#10216](https://github.com/containers/podman/issues/10216)).
- Fixed a bug where rootless Podman containers restarted by restart policy (e.g. containers created with `--restart=always`) would lose networking after being restarted ([#8047](https://github.com/containers/podman/issues/8047)).
[#]## API
- Fixed a bug where the Compat Create endpoint for Containers did not allow advanced network options to be set ([#10110](https://github.com/containers/podman/issues/10110)).
- Fixed a bug where the Compat Create endpoint for Containers ignored static IP information provided in the `IPAMConfig` block ([#10245](https://github.com/containers/podman/issues/10245)).
- Fixed a bug where the Compat Inspect endpoint for Containers returned null (instead of an empty list) for Networks when the container was not joined to a CNI network ([#9837](https://github.com/containers/podman/issues/9837)).
- Fixed a bug where the Compat Wait endpoint for Containers could miss containers exiting if they were immediately restarted.
- Fixed a bug where the Compat Create endpoint for Volumes required that the user provide a name for the new volume ([#9803](https://github.com/containers/podman/issues/9803)).
- Fixed a bug where the Libpod Info handler would sometimes not return the correct path to the Podman API socket.
- Fixed a bug where the Compat Events handler used the wrong name for container exited events (`died` instead of `die`) ([#10168](https://github.com/containers/podman/issues/10168)).
[#]## Misc
- Updated Buildah to v1.21.0
- Updated the containers/common library to v0.38.4
- Updated the containers/storage library to v1.31.1
3.2.0-RC1:
This is the first release candidate for the Podman v3.2.0 release. Podman 3.2.0 features improved rootless networking (including support for rootless Docker compose), a rewritten image backend, and numerous other changes.
Full release notes will be available with the release of RC2 next week.
- Update storage to 1.32.5
1.32.5:
Fix handling of user namespace
1.32.4:
Vendor in opencontainers/runc v1.0.0
overlay: fix check for rootless native diff
1.32.3:
Reload layer storage if layers.json got externally modified
build(deps): bump github.com/klauspost/compress from 1.13.0 to 1.13.1
Fix cancel deferred remove bug
Cirrus: Fix references to master branch
[CI:DOCS] Fix docs links due to branch rename
1.32.2:
lockfile: merge Seek+Read/Write into Pread/Pwrite
Added support for CONTAINERS_STORAGE_CONF override
canUseShifting can segfault
build(deps): bump github.com/mattn/go-shellwords from 1.0.11 to 1.0.12
build(deps): bump github.com/klauspost/compress from 1.12.3 to 1.13.0
overlay: make userxattr,metacopy=on debug message
build(deps): bump github.com/opencontainers/selinux from 1.8.1 to 1.8.2
1.31.3:
* store: ReloadIfChanged propagates errors from Modified()
* store: load additional image stores once
* store: fix graphLock reload
1.32.1:
store: fix graphLock reload
store: ReloadIfChanged propagates errors from Modified()
store: load additional image stores once
delete_internal: return error early
build(deps): bump github.com/klauspost/compress from 1.12.2 to 1.12.3
1.32.0:
chunked: fix build on other platforms
Avoid failure when umount an unmounted mountpoint
overlay: enable native diff for fuse-overlayfs
Enable to export layers from Additional Layer Store
1.31.2:
build(deps): bump github.com/Microsoft/go-winio from 0.4.17 to 0.5.0
build(deps): bump github.com/opencontainers/runc from 1.0.0-rc94 to 1.0.0-rc95
reintroduce store: allow shifting only with contiguous mappings
overlay: check for unix.ENOTSUP
archive/overlay: ignore failures from nested whiteouts
overlay: honor DisableShifting
store: allow shifting only with contiguous mappings
1.31.1:
Revert "store: allow shifting only with contiguous mappings"
- Update image to 5.13.2
v0.38.11:
* Strip extra trailing newlines in templates
* Set BigFilesTemporaryDir to GetEnv(TMPDIR) if set or /var/tmp
v0.38.10:
* libimage: pull: override even --pull=never with custom platfo
* libimage: pull: enforce pull policy for custom platforms
* libimage: pull: ignore platform for local image lookup
* Allow /etc/containers/containers.conf to be read by non-root
* [0.38] libimage: force remove: only untag on multi tag image
v0.38.9:
* libimage: fix Exists
v0.38.8:
* libmage: Exists: catch corrupted images
v0.38.7:
* libimage: pull: turn image-lookup errors non-fatal
v0.38.6:
* [0.38] Leave default seccomp path empty
v0.38.5:
* pull: don't resolve short names on explicit docker:// reference
v0.38.4:
* Revert "Do not emit warnings about OCI runtime paths"
* libimage: lookup: tolerate corrupted image
v0.38.3:
* build(deps): bump github.com/containers/storage from 1.30.3 to 1.31.1
* libimage: fix manifest list lookup
++++ pam:
- Create /run/motd.d
++++ patterns-base:
- Favor libz1 when in doubt and asked for libz.so.1.
++++ salt:
- Replace deprecated Thread.isAlive() with Thread.is_alive()
- Added:
* backport-thread.is_alive-fix-390.patch
++++ python-setuptools:
- Update to 57.0.0
* big changelog since 44.1, see CHANGES.rst.
- No python2 support anymore.
- Refresh sort-for-reproducibility.patch and remove_mock.patch.
- Drop importlib.patch, fixed upstream.
- Remove testdata.tar.gz, packaged upstream.
- Update requirements.
* New Ring-1 dep: python-jaraco.path <-- python-singledispatch
++++ qemu:
- Fix an update-alternative warning when removing qemu-skiboot package
bsc#1178678
++++ rpm-config-SUSE:
- Update to version 0.g83:
* Find kernel modules also in /usr/lib/modules
------------------------------------------------------------------
------------------ 2021-6-24 - Jun 24 2021 -------------------
------------------------------------------------------------------
++++ ansible:
- recommend installation of python-selinux (boo#1187531)
++++ keyutils:
- Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654)
++++ libxcrypt:
- Update to 4.4.23
* Fix output calculation for gensalt_yescrypt_rn().
* Fix -Werror=conversion in lib/crypt-des-obsolete.c,
test/des-obsolete.c, and test/des-obsolete_r.c.
* The crypt_checksalt() function has been fixed to correctly return
with 'CRYPT_SALT_INVALID', in case the setting, that is passed
to be checked, represents an empty passphrase or an uncomputed
setting for descrypt without any salt characters.
* The crypt_checksalt() function will now return the value
'CRYPT_SALT_METHOD_LEGACY' in case the setting, that is passed
to be checked, uses a hashing method, which is considered to be
too weak for use with new passphrases.
* Fix build when the CFLAGS variable, that is passed into the
configure script, has a leading whitespace character in it
(issue #123).
++++ libiscsi:
- Update to version 1.19.0+git.20210523:
* Port to MinGW
* win32/win32_compat.c: Reformat this file
* Enable -Wno-unused-parameter
* Use __attribute__((format(printf, ...))) directly
* build: Add -no-undefined where missing
* build: Correct usage of LIBADD and LDADD
* build: Remove bogus LDADD variables
* Add header <strings.h> for strncasecmp
++++ protobuf:
- Update to 3.17.3:
C++
* Introduce FieldAccessListener.
* Stop emitting boilerplate {Copy/Merge}From in each ProtoBuf class
* Provide stable versions of SortAndUnique().
* Make sure to cache proto3 optional message fields when they are cleared.
* Expose UnsafeArena methods to Reflection.
* Use std::string::empty() rather than std::string::size() > 0.
* [Protoc] C++ Resolved an issue where NO_DESTROY and CONSTINIT are in incorrect order (#8296)
* Fix PROTOBUF_CONSTINIT macro redefinition (#8323)
* Delete StringPiecePod (#8353)
* Create a CMake option to control whether or not RTTI is enabled (#8347)
* Make util::Status more similar to absl::Status (#8405)
* The ::pb namespace is no longer exposed due to conflicts.
* Allow MessageDifferencer::TreatAsSet() (and friends) to override previous
calls instead of crashing.
* Reduce the size of generated proto headers for protos with string or
bytes fields.
* Move arena() operation on uncommon path to out-of-line routine
* For iterator-pair function parameter types, take both iterators by value.
* Code-space savings and perhaps some modest performance improvements in
* RepeatedPtrField.
* Eliminate nullptr check from every tag parse.
* Remove unused _$name$cached_byte_size fields.
* Serialize extension ranges together when not broken by a proto field in the
middle.
* Do out-of-line allocation and deallocation of string object in ArenaString.
* Streamline ParseContext::ParseMessage to avoid code bloat and improve
performance.
* New member functions RepeatedField::Assign, RepeatedPtrField::{Add, Assign}.
on an error path.
* util::DefaultFieldComparator will be final in a future version of protobuf.
* Subclasses should inherit from SimpleFieldComparator instead.
Kotlin
* Introduce support for Kotlin protos (#8272)
* Restrict extension setter and getter operators to non-nullable T.
Java
* Fixed parser to check that we are at a proper limit when a sub-message has
finished parsing.
* updating GSON and Guava to more recent versions (#8524)
* Reduce the time spent evaluating isExtensionNumber by storing the extension
ranges in a TreeMap for faster queries. This is particularly relevant for
protos which define a large number of extension ranges, for example when
each tag is defined as an extension.
* Fix java bytecode estimation logic for optional fields.
* Optimize Descriptor.isExtensionNumber.
* deps: update JUnit and Truth (#8319)
* Detect invalid overflow of byteLimit and return InvalidProtocolBufferException as documented.
* Exceptions thrown while reading from an InputStream in parseFrom are now
included as causes.
* Support potentially more efficient proto parsing from RopeByteStrings.
* Clarify runtime of ByteString.Output.toStringBuffer().
* Added UnsafeByteOperations to protobuf-lite (#8426)
Python
* Add MethodDescriptor.CopyToProto() (#8327)
* Remove unused python_protobuf.{cc,h} (#8513)
* Start publishing python aarch64 manylinux wheels normally (#8530)
* Fix constness issue detected by MSVC standard conforming mode (#8568)
* Make JSON parsing match C++ and Java when multiple fields from the same
oneof are present and all but one is null.
* Fix some constness / char literal issues being found by MSVC standard conforming mode (#8344)
* Switch on "new" buffer API (#8339)
* Enable crosscompiling aarch64 python wheels under dockcross manylinux docker image (#8280)
* Fixed a bug in text format where a trailing colon was printed for repeated field.
* When TextFormat encounters a duplicate message map key, replace the current
one instead of merging.
Ruby
* Add support for proto3 json_name in compiler and field definitions (#8356)
* Fixed memory leak of Ruby arena objects. (#8461)
* Fix source gem compilation (#8471)
* Fix various exceptions in Ruby on 64-bit Windows (#8563)
* Fix crash when calculating Message hash values on 64-bit Windows (#8565)
General
* Support M1 (#8557)
++++ ceph:
- Update _constraints: only honor physical memory, not 'any memory'
(e.g. swap). But then, be happy with 8GB (bumping the current
x86_64 worker pool from 16 to 64). (Dominique Leuenberger)
++++ systemd:
- Import commit fcdb8dce591db2f5fc3c1e3eeb7abe9a2090b401
aa2d840a3b compat-rules: fix warning: "label ‘out’ defined but not used" in path_id_compat.c
- Restore 61-persistent-storage-compat.rules that was mistakenly
dropped during the merge of v248.
++++ zchunk:
- Update to version 1.1.16
* Fix major bug when compressing with dictionary
++++ salt:
- Fix exception in yumpkg.remove for not installed package
- Fix save for iptables state module (bsc#1185131)
- Added:
* fix-exception-in-yumpkg.remove-for-not-installed-pac.patch
* fix-save-for-iptables-state-module-bsc-1185131-372.patch
- virt: use /dev/kvm to detect KVM
- Added:
* virt-use-dev-kvm-to-detect-kvm-383.patch
- zypperpkg: improve logic for handling vendorchange flags
- Added:
* move-vendor-change-logic-to-zypper-class-355.patch
++++ slirp4netns:
- Update to version 1.1.11:
* Add --macaddress option to specify the MAC address of the tap
interface.
* Updated the man page.
------------------------------------------------------------------
------------------ 2021-6-23 - Jun 23 2021 -------------------
------------------------------------------------------------------
++++ grub2:
- Fix error gfxterm isn't found with multiple terminals (bsc#1187565)
* grub2-fix-error-terminal-gfxterm-isn-t-found.patch
++++ gzip:
- Avoid text relocation on i386 (bsc#1143125)
Text relocation doesn't cope well with some security hardening which
consists in prohibiting attempts to change memory mappings to become
executable.
Hence disable the use of assembler code and get rid of text
relocations especially since the assembler code is slower than the
code generated by gcc according to Fedora. According to Debian this
also fixes gzip generating different results on ia64.
++++ kernel-default:
- Linux 5.12.13 (bsc#1012628).
- dmaengine: idxd: add engine 'struct device' missing bus type
assignment (bsc#1012628).
- dmaengine: idxd: add missing dsa driver unregister
(bsc#1012628).
- dmaengine: fsl-dpaa2-qdma: Fix error return code in two
functions (bsc#1012628).
- dmaengine: xilinx: dpdma: initialize registers before
request_irq (bsc#1012628).
- dmaengine: ALTERA_MSGDMA depends on HAS_IOMEM (bsc#1012628).
- dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM (bsc#1012628).
- dmaengine: SF_PDMA depends on HAS_IOMEM (bsc#1012628).
- dmaengine: stedma40: add missing iounmap() on error in
d40_probe() (bsc#1012628).
- afs: Fix an IS_ERR() vs NULL check (bsc#1012628).
- mm/memory-failure: make sure wait for page writeback in
memory_failure (bsc#1012628).
- kvm: LAPIC: Restore guard to prevent illegal APIC register
access (bsc#1012628).
- fanotify: fix copy_event_to_user() fid error clean up
(bsc#1012628).
- batman-adv: Avoid WARN_ON timing related checks (bsc#1012628).
- staging: rtl8723bs: fix monitor netdev register/unregister
(bsc#1012628).
- mac80211: fix skb length check in ieee80211_scan_rx()
(bsc#1012628).
- mlxsw: reg: Spectrum-3: Enforce lowest max-shaper burst size
of 11 (bsc#1012628).
- mlxsw: core: Set thermal zone polling delay argument to real
value at init (bsc#1012628).
- libbpf: Fixes incorrect rx_ring_setup_done (bsc#1012628).
- net: ipv4: fix memory leak in netlbl_cipsov4_add_std
(bsc#1012628).
- vrf: fix maximum MTU (bsc#1012628).
- net: rds: fix memory leak in rds_recvmsg (bsc#1012628).
- net: dsa: felix: re-enable TX flow control in
ocelot_port_flush() (bsc#1012628).
- net: ena: fix DMA mapping function issues in XDP (bsc#1012628).
- net: lantiq: disable interrupt before sheduling NAPI
(bsc#1012628).
- netfilter: nf_tables: initialize set before expression setup
(bsc#1012628).
- netfilter: nft_fib_ipv6: skip ipv6 packets from any to
link-local (bsc#1012628).
- ice: add ndo_bpf callback for safe mode netdev ops
(bsc#1012628).
- ice: parameterize functions responsible for Tx ring management
(bsc#1012628).
- udp: fix race between close() and udp_abort() (bsc#1012628).
- rtnetlink: Fix regression in bridge VLAN configuration
(bsc#1012628).
- net/sched: act_ct: handle DNAT tuple collision (bsc#1012628).
- net/mlx5e: Fix use-after-free of encap entry in neigh update
handler (bsc#1012628).
- net/mlx5e: Remove dependency in IPsec initialization flows
(bsc#1012628).
- net/mlx5e: Fix page reclaim for dead peer hairpin (bsc#1012628).
- net/mlx5: Consider RoCE cap before init RDMA resources
(bsc#1012628).
- net/mlx5: DR, Don't use SW steering when RoCE is not supported
(bsc#1012628).
- Revert "net/mlx5: Arm only EQs with EQEs" (bsc#1012628).
- net/mlx5e: Block offload of outer header csum for UDP tunnels
(bsc#1012628).
- net/mlx5e: Block offload of outer header csum for GRE tunnel
(bsc#1012628).
- skbuff: fix incorrect msg_zerocopy copy notifications
(bsc#1012628).
- netfilter: synproxy: Fix out of bounds when parsing TCP options
(bsc#1012628).
- mptcp: Fix out of bounds when parsing TCP options (bsc#1012628).
- sch_cake: Fix out of bounds when parsing TCP options and header
(bsc#1012628).
- mptcp: try harder to borrow memory from subflow under pressure
(bsc#1012628).
- mptcp: wake-up readers only for in sequence data (bsc#1012628).
- mptcp: do not warn on bad input from the network (bsc#1012628).
- selftests: mptcp: enable syncookie only in absence of reorders
(bsc#1012628).
- mptcp: fix soft lookup in subflow_error_report() (bsc#1012628).
- alx: Fix an error handling path in 'alx_probe()' (bsc#1012628).
- cxgb4: fix endianness when flashing boot image (bsc#1012628).
- cxgb4: fix sleep in atomic when flashing PHY firmware
(bsc#1012628).
- cxgb4: halt chip before flashing PHY firmware image
(bsc#1012628).
- net: stmmac: dwmac1000: Fix extended MAC address registers
definition (bsc#1012628).
- net: make get_net_ns return error if NET_NS is disabled
(bsc#1012628).
- net: qualcomm: rmnet: don't over-count statistics (bsc#1012628).
- ethtool: strset: fix message length calculation (bsc#1012628).
- qlcnic: Fix an error handling path in 'qlcnic_probe()'
(bsc#1012628).
- netxen_nic: Fix an error handling path in 'netxen_nic_probe()'
(bsc#1012628).
- cxgb4: fix wrong ethtool n-tuple rule lookup (bsc#1012628).
- ipv4: Fix device used for dst_alloc with local routes
(bsc#1012628).
- net: qrtr: fix OOB Read in qrtr_endpoint_post (bsc#1012628).
- bpf: Fix leakage under speculation on mispredicted branches
(bsc#1012628).
- net: mhi_net: Update the transmit handler prototype
(bsc#1012628).
- ptp: improve max_adj check against unreasonable values
(bsc#1012628).
- net: cdc_ncm: switch to eth%d interface naming (bsc#1012628).
- lantiq: net: fix duplicated skb in rx descriptor ring
(bsc#1012628).
- net: usb: fix possible use-after-free in smsc75xx_bind
(bsc#1012628).
- net: fec_ptp: fix issue caused by refactor the fec_devtype
(bsc#1012628).
- net: ipv4: fix memory leak in ip_mc_add1_src (bsc#1012628).
- net/af_unix: fix a data-race in unix_dgram_sendmsg /
unix_release_sock (bsc#1012628).
- net/mlx5: Fix error path for set HCA defaults (bsc#1012628).
- net/mlx5: Check that driver was probed prior attaching the
device (bsc#1012628).
- net/mlx5: E-Switch, Read PF mac address (bsc#1012628).
- net/mlx5: E-Switch, Allow setting GUID for host PF vport
(bsc#1012628).
- net/mlx5: SF_DEV, remove SF device on invalid state
(bsc#1012628).
- net/mlx5: DR, Fix STEv1 incorrect L3 decapsulation padding
(bsc#1012628).
- net/mlx5e: Don't create devices during unload flow
(bsc#1012628).
- net/mlx5: Reset mkey index on creation (bsc#1012628).
- be2net: Fix an error handling path in 'be_probe()'
(bsc#1012628).
- net: hamradio: fix memory leak in mkiss_close (bsc#1012628).
- net: cdc_eem: fix tx fixup skb leak (bsc#1012628).
- cxgb4: fix wrong shift (bsc#1012628).
- bnxt_en: Rediscover PHY capabilities after firmware reset
(bsc#1012628).
- bnxt_en: Fix TQM fastpath ring backing store computation
(bsc#1012628).
- bnxt_en: Call bnxt_ethtool_free() in bnxt_init_one() error path
(bsc#1012628).
- icmp: don't send out ICMP messages with a source address of
0.0.0.0 (bsc#1012628).
- net: ethernet: fix potential use-after-free in ec_bhf_remove
(bsc#1012628).
- regulator: cros-ec: Fix error code in dev_err message
(bsc#1012628).
- regulator: bd70528: Fix off-by-one for buck123 .n_voltages
setting (bsc#1012628).
- platform/x86: thinkpad_acpi: Add X1 Carbon Gen 9 second fan
support (bsc#1012628).
- ASoC: rt5659: Fix the lost powers for the HDA header
(bsc#1012628).
- phy: phy-mtk-tphy: Fix some resource leaks in mtk_phy_init()
(bsc#1012628).
- ASoC: fsl-asoc-card: Set .owner attribute when registering card
(bsc#1012628).
- regulator: mt6315: Fix function prototype for mt6315_map_mode
(bsc#1012628).
- regulator: rtmv20: Fix to make regcache value first reading
back from HW (bsc#1012628).
- spi: spi-zynq-qspi: Fix some wrong goto jumps & missing error
code (bsc#1012628).
- sched/pelt: Ensure that *_sum is always synced with *_avg
(bsc#1012628).
- ASoC: tas2562: Fix TDM_CFG0_SAMPRATE values (bsc#1012628).
- regulator: hi6421v600: Fix .vsel_mask setting (bsc#1012628).
- spi: stm32-qspi: Always wait BUSY bit to be cleared in
stm32_qspi_wait_cmd() (bsc#1012628).
- regulator: rt4801: Fix NULL pointer dereference if
priv->enable_gpios is NULL (bsc#1012628).
- ASoC: rt5682: Fix the fast discharge for headset unplugging
in soundwire mode (bsc#1012628).
- pinctrl: ralink: rt2880: avoid to error in calls is pin is
already enabled (bsc#1012628).
- drm/sun4i: dw-hdmi: Make HDMI PHY into a platform device
(bsc#1012628).
- ASoC: qcom: lpass-cpu: Fix pop noise during audio capture begin
(bsc#1012628).
- radeon: use memcpy_to/fromio for UVD fw upload (bsc#1012628).
- hwmon: (scpi-hwmon) shows the negative temperature properly
(bsc#1012628).
- riscv: code patching only works on !XIP_KERNEL (bsc#1012628).
- mm: relocate 'write_protect_seq' in struct mm_struct
(bsc#1012628).
- irqchip/gic-v3: Workaround inconsistent PMR setting on NMI entry
(bsc#1012628).
- perf metricgroup: Fix find_evsel_group() event selector
(bsc#1012628).
- perf metricgroup: Return error code from
metricgroup__add_metric_sys_event_iter() (bsc#1012628).
- bpf: Inherit expanded/patched seen count from old aux data
(bsc#1012628).
- bpf: Do not mark insn as seen under speculative path
verification (bsc#1012628).
- can: bcm: fix infoleak in struct bcm_msg_head (bsc#1012628).
- can: bcm/raw/isotp: use per module netdevice notifier
(bsc#1012628).
- can: j1939: fix Use-after-Free, hold skb ref while in use
(bsc#1012628).
- can: mcba_usb: fix memory leak in mcba_usb (bsc#1012628).
- usb: core: hub: Disable autosuspend for Cypress CY7C65632
(bsc#1012628).
- usb: chipidea: imx: Fix Battery Charger 1.2 CDP detection
(bsc#1012628).
- tracing: Do not stop recording cmdlines when tracing is off
(bsc#1012628).
- tracing: Do not stop recording comms if the trace file is
being read (bsc#1012628).
- tracing: Do no increment trace_clock_global() by one
(bsc#1012628).
- PCI: Mark TI C667X to avoid bus reset (bsc#1012628).
- PCI: Mark some NVIDIA GPUs to avoid bus reset (bsc#1012628).
- PCI: Mark AMD Navi14 GPU ATS as broken (bsc#1012628).
- PCI: aardvark: Fix kernel panic during PIO transfer
(bsc#1012628).
- PCI: Add ACS quirk for Broadcom BCM57414 NIC (bsc#1012628).
- PCI: Work around Huawei Intelligent NIC VF FLR erratum
(bsc#1012628).
- btrfs: zoned: fix negative space_info->bytes_readonly
(bsc#1012628).
- s390/mcck: fix invalid KVM guest condition check (bsc#1012628).
- KVM: x86: Immediately reset the MMU context when the SMM flag
is cleared (bsc#1012628).
- KVM: x86/mmu: Calculate and check "full" mmu_role for nested
MMU (bsc#1012628).
- KVM: X86: Fix x86_emulator slab cache leak (bsc#1012628).
- s390/mcck: fix calculation of SIE critical section size
(bsc#1012628).
- s390/ap: Fix hanging ioctl caused by wrong msg counter
(bsc#1012628).
- ARCv2: save ABI registers across signal handling (bsc#1012628).
- x86/mm: Avoid truncating memblocks for SGX memory (bsc#1012628).
- x86/process: Check PF_KTHREAD and not current->mm for kernel
threads (bsc#1012628).
- x86/ioremap: Map EFI-reserved memory as encrypted for SEV
(bsc#1012628 bsc#1186884).
- x86/pkru: Write hardware init value to PKRU when xstate is init
(bsc#1012628).
- x86/fpu: Prevent state corruption in __fpu__restore_sig()
(bsc#1012628).
- x86/fpu: Invalidate FPU state after a failed XRSTOR from a
user buffer (bsc#1012628).
- x86/fpu: Reset state for all signal restore failures
(bsc#1012628).
- powerpc/perf: Fix crash in perf_instruction_pointer() when
ppmu is not set (bsc#1012628).
- Makefile: lto: Pass -warn-stack-size only on LLD < 13.0.0
(bsc#1012628).
- crash_core, vmcoreinfo: append 'SECTION_SIZE_BITS' to vmcoreinfo
(bsc#1012628).
- dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc
(bsc#1012628).
- mac80211: fix deadlock in AP/VLAN handling (bsc#1012628).
- mac80211: Fix NULL ptr deref for injected rate info
(bsc#1012628).
- mac80211: fix 'reset' debugfs locking (bsc#1012628).
- cfg80211: fix phy80211 symlink creation (bsc#1012628).
- cfg80211: shut down interfaces on failed resume (bsc#1012628).
- mac80211: move interface shutdown out of wiphy lock
(bsc#1012628).
- mac80211: minstrel_ht: fix sample time check (bsc#1012628).
- cfg80211: make certificate generation more robust (bsc#1012628).
- cfg80211: avoid double free of PMSR request (bsc#1012628).
- drm/amdgpu/gfx10: enlarge CP_MEC_DOORBELL_RANGE_UPPER to cover
full doorbell (bsc#1012628).
- drm/amdgpu/gfx9: fix the doorbell missing when in CGPG issue
(bsc#1012628).
- net: ll_temac: Make sure to free skb when it is completely used
(bsc#1012628).
- net: ll_temac: Fix TX BD buffer overwrite (bsc#1012628).
- net: bridge: fix vlan tunnel dst null pointer dereference
(bsc#1012628).
- net: bridge: fix vlan tunnel dst refcnt when egressing
(bsc#1012628).
- mm,hwpoison: fix race with hugetlb page allocation
(bsc#1012628).
- mm/swap: fix pte_same_as_swp() not removing uffd-wp bit when
compare (bsc#1012628).
- mm/hugetlb: expand restore_reserve_on_error functionality
(bsc#1012628).
- mm/slub: clarify verification reporting (bsc#1012628).
- mm/slub: fix redzoning for small allocations (bsc#1012628).
- mm/slub: actually fix freelist pointer vs redzoning
(bsc#1012628).
- mm/slub.c: include swab.h (bsc#1012628).
- net: stmmac: disable clocks in stmmac_remove_config_dt()
(bsc#1012628).
- net: fec_ptp: add clock rate zero check (bsc#1012628).
- tools headers UAPI: Sync linux/in.h copy with the kernel sources
(bsc#1012628).
- perf beauty: Update copy of linux/socket.h with the kernel
sources (bsc#1012628).
- usb: dwc3: debugfs: Add and remove endpoint dirs dynamically
(bsc#1012628).
- usb: dwc3: core: fix kernel panic when do reboot (bsc#1012628).
- Delete
patches.suse/0001-x86-ioremap-Map-efi_mem_reserve-memory-as-encrypted-.patch.
- commit 2ab6e2b
- Add dtb-microchip
- commit c797107
++++ openssh:
- Don't move user-modified ssh_config and sshd_config files to
.rpmsave on upgrade.
++++ qemu:
- Use doc directive to build QEMU documentation
++++ rpm-config-SUSE:
- Update to version 0.g81:
* Support ZSTD compressed kernel modules
* Fix a typo: povides -> provides
* Quote %buildroot in makeinstall macros
------------------------------------------------------------------
------------------ 2021-6-22 - Jun 22 2021 -------------------
------------------------------------------------------------------
++++ Mesa:
- no longer apply n_drirc-disable-rgb10-for-chromium-on-amd.patch
on TW; no longer needed with gstreamer-plugins-vaapi 1.18.4; more
details on
https://gitlab.freedesktop.org/gstreamer/gstreamer-vaapi/-/merge_requests/410
++++ Mesa-drivers:
- no longer apply n_drirc-disable-rgb10-for-chromium-on-amd.patch
on TW; no longer needed with gstreamer-plugins-vaapi 1.18.4; more
details on
https://gitlab.freedesktop.org/gstreamer/gstreamer-vaapi/-/merge_requests/410
++++ aaa_base:
- Switch back to using tar_scm in _service file: with aaa_base
being part of the distro bootstrap (ring0) we want to have the
build deps as lean as possible. Buildtime services equals to
build deps.
++++ ansible:
- Update to 2.9.23, bug-fix release with security fix:
* templating engine fix for not preserving unsafe status when trying
to preserve newlines. CVE-2021-3583
++++ sqlite3:
- SQLite3 3.36.0:
* Improvement to the EXPLAIN QUERY PLAN output to make it
easier to understand.
* Byte-order marks at the start of a token are skipped
as if they were whitespace.
* An error is raised on any attempt to access the rowid of a VIEW
or subquery. Formerly, the rowid of a VIEW would be indeterminate
and often would be NULL. The -DSQLITE_ALLOW_ROWID_IN_VIEW
compile-time option is available to restore the legacy behavior
for applications that need it.
* The sqlite3_deserialize() and sqlite3_serialize() interfaces
are now enabled by default. The -DSQLITE_ENABLE_DESERIALIZE
compile-time option is no longer required. Instead, there is
a new -DSQLITE_OMIT_DESERIALIZE compile-time option to omit
those interfaces.
* The "memdb" VFS now allows the same in-memory database
to be shared among multiple database connections in the same
process as long as the database name begins with "/".
* Back out the EXISTS-to-IN optimization (item 8b in the
SQLite 3.35.0 change log) as it was found to slow down
queries more often than speed them up.
* Improve the constant-propagation optimization so that it works
on non-join queries.
* The REGEXP extension is now included in CLI builds.
++++ patterns-base:
- Make the fips pattern supersede "patterns-server-enterprise-fips",
take missing pieces and obsolete it
------------------------------------------------------------------
------------------ 2021-6-21 - Jun 21 2021 -------------------
------------------------------------------------------------------
++++ libalternatives:
- Update to version v1.1:
* docs: Add broken manpage
* tests: unit tests configs
* tests: fix memory leak during tests
* list_binaries: initialize pointer that is later used in free
* libalts_exec_default() sets errno on not found
++++ grub2:
- Fix boot failure after kdump due to the content of grub.cfg is not
completed with pending modificaton in xfs journal (bsc#1186975)
* grub-install-force-journal-draining-to-ensure-data-i.patch
- Patch refreshed
* grub2-mkconfig-default-entry-correction.patch
++++ fmt:
- Update to version 8.0.0
* Enabled compile-time format string check by default.
* Added compile-time formatting.
* Optimized handling of format specifiers during format string
compilation.
* Added the ``_cf`` user-defined literal to represent a
compiled format string. It can be used instead of the
``FMT_COMPILE`` macro.
* Format string compilation now requires ``format`` functions
of ``formatter`` specializations for user-defined types to
be ``const``.
* Added UDL-based named argument support to format string
compilation.
* Added format string compilation support to ``fmt::print``.
* Added initial support for compiling {fmt} as a C++20 module.
* Made symbols private by default reducing shared library size
* Optimized includes making the result of preprocessing
``fmt/format.h``.
* Added support of ranges with non-const ``begin`` / ``end``
* Added support of ``std::byte`` and other formattable types
to ``fmt::join``.
* Implemented the default format for
``std::chrono::system_clock``.
* Made more chrono specifiers locale independent by default.
Use the ``'L'`` specifier to get localized formatting.
* Improved locale handling in chrono formatting.
* Deprecated ``fmt/locale.h`` moving the formatting functions
that take a locale to ``fmt/format.h`` (``char``) and
``fmt/xchar`` (other overloads). This doesn't introduce a
dependency on ``<locale>`` so there is virtually no compile
time effect.
* Made parameter order in ``vformat_to`` consistent with
``format_to``.
* Added support for time points with arbitrary durations.
* Formatting floating-point numbers no longer produces
trailing zeros by default.
for consistency with ``std::format``.
* Dropped a limit on the number of elements in a range and
replaced ``{}`` with ``[]`` as range delimiters for
consistency with Python's ``str.format``.
* The ``'L'`` specifier for locale-specific numeric formatting
can now be combined with presentation specifiers as in
``std::format``.
* Made the ``0`` specifier ignored for infinity and NaN.
* Made the hexfloat formatting use the right alignment by
default.
* Removed the deprecated numeric alignment (``'='``). Use the
``'0'`` specifier instead.
* Removed the deprecated ``fmt/posix.h`` header that has been
replaced with ``fmt/os.h``.
* Removed the deprecated ``format_to_n_context``,
``format_to_n_args`` and ``make_format_to_n_args``. They
have been replaced with ``format_context``, ``format_args`
and ``make_format_args`` respectively.
* Moved ``wchar_t``-specific functions and types to
``fmt/wchar.h``. You can define
``FMT_DEPRECATED_INCLUDE_WCHAR`` to automatically include
``fmt/wchar.h`` from ``fmt/format.h`` but this will be
disabled in the next major release.
* Fixed handling of the ``'+'`` specifier in localized
formatting.
* Added support for the ``'s'`` format specifier that gives
textual representation of ``bool``.
* Made ``fmt::ptr`` work with function pointers.
* Fixed ``fmt::formatted_size`` with format string compilation
* Fixed handling of empty format strings during format string
compilation.
* Fixed handling of enums in ``fmt::to_string``.
* Improved width computation.
* The experimental fast output stream (``fmt::ostream``) is
now truncated by default for consistency with ``fopen``.
* Fixed moving of ``fmt::ostream`` that holds buffered data
* Replaced the ``fmt::system_error`` exception with a function
of the same name that constructs ``std::system_error``.
* Replaced the ``fmt::windows_error`` exception with a
function of the same name that constructs
``std::system_error`` with the category returned by
``fmt::system_category()``.
* Replaced ``fmt::error_code`` with ``std::error_code`` and
made it formattable.
* Added speech synthesis support.
* Made ``format_to`` work with a memory buffer that has a
custom allocator.
* Added ``Allocator::max_size`` support to
``basic_memory_buffer``.
* Added wide string support to ``fmt::join``
* Made iterators passed to ``formatter`` specializations via a
format context satisfy C++20 ``std::output_iterator``
requirements.
* Optimized the ``printf`` implementation.
* Improved detection of ``constexpr`` ``char_traits``.
* Fixed exception propagation from iterators.
* Improved ``strftime`` error handling.
* Stopped using deprecated GCC UDL template extension.
* Added ``fmt/args.h`` to the install target.
* Error messages are now passed to assert when exceptions are
disabled.
* Added the ``FMT_MASTER_PROJECT`` CMake option to control
build and install targets when {fmt} is included via
``add_subdirectory``.
* Improved build configuration.
* Fixed various warnings and compilation issues.
* Improved documentation.
* Continuous integration and test improvements.
- Bump soversion to 8
++++ ncurses:
- Add ncurses patch 20210619
+ improve configure-macro used for dependencies of --disable-leaks such
as --with-valgrind
+ trim trailing blanks from files
- Remove trailing space in patch ncurses-6.2.dif
++++ libtheora:
- Remove completely unnecessary python BR
++++ libvirt:
- Suggest numad package instead of requiring it. numad is not
required for libvirt daemon to run, it does not support the
cgroup2 API and it has been superseded by the kernel NUMA
balancer which is enabled by default.
bsc#1184722
++++ osinfo-db:
- Update to database version 20210621
osinfo-db-20210621.tar.xz
- Drop patches contained in new tarball
SLE-add-info-about-UEFI-support.patch
add-sle15sp3-support.patch
add-slem50-support.patch
fix-sle15sp1-volume-id-string.patch
++++ salt:
- Add bundled provides for tornado to the spec file
- Enhance logging when inotify beacon is missing pyinotify (bsc#1186310)
- Add "python3-pyinotify" as a recommended package for Salt in SUSE/OpenSUSE distros
- Added:
* enhance-logging-when-inotify-beacon-is-missing-pyino.patch
++++ rpcbind:
- Add now working CONFIG parameter to sysusers generator
- UsrMerge changes
++++ shim:
(sync shim.changes from SLE)
- Split the keys in vendor-dbx.bin to vendor-dbx-sles and
vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce
the size of MokListXRT (bsc#1185261)
+ Also update generate-vendor-dbx.sh in dbx-cert.tar.xz
- Add shim-bsc1185441-fix-handling-of-ignore_db-and-user_insecure_mode.patch
to handle ignore_db and user_insecure_mode correctly
(bsc#1185441, bsc#1187071)
- Add shim-bsc1185621-relax-max-var-sz-check.patch to relax the
maximum variable size check for u-boot (bsc#1185621)
+ Also drop AArch64 suse-signed shim since we merged this patch
- Add shim-bsc1185261-relax-import_mok_state-check.patch to relax
the check for import_mok_state() when Secure Boot is off.
(bsc#1185261)
- Add shim-bsc1185232-relax-loadoptions-length-check.patch to
ignore the odd LoadOptions length (bsc#1185232)
- shim-install: reset def_shim_efi to "shim.efi" if the given
file doesn't exist
- Add shim-fix-aa64-relsz.patch to fix the size of rela sections
for AArch64
Fix: https://github.com/rhboot/shim/issues/371
- Add shim-disable-export-vendor-dbx.patch to disable exporting
vendor-dbx to MokListXRT since writing a large RT variable
could crash some machines (bsc#1185261)
- Add shim-bsc1187260-fix-efi-1.10-machines.patch to avoid the
potential crash when calling QueryVariableInfo in EFI 1.10
machines (bsc#1187260)
- Add shim-bsc1185232-fix-config-table-copying.patch to avoid
buffer overflow when copying data to the MOK config table
(bsc#1185232)
- Add shim-bsc1185232-fix-config-table-copying.patch to avoid
buffer overflow when copying data to the MOK config table
(bsc#1185232)
- Add shim-disable-export-vendor-dbx.patch to disable exporting
vendor-dbx to MokListXRT since writing a large RT variable
could crash some machines (bsc#1185261)
- Add shim-bsc1187260-fix-efi-1.10-machines.patch to avoid the
potential crash when calling QueryVariableInfo in EFI 1.10
machines (bsc#1187260)
++++ sysuser-tools:
- Bump version up to 3.1. The --replace parameter only appeared in
systemd 238, so we need to ensure to get the update order correct
for sysuser-generate when using the 3rd command line parameters:
* systemd -> sysuser-tools -> system-{user|group}-FOO.
- Add dependency on systemd >=238 if systemd is installed to
sysuser-shadow
- update sysuser_requires to request sysuser-shadow 3.1
++++ virt-manager:
- Upstream bug fixes (bsc#1027942)
d3c627f1-volumeupload-Use-1MiB-read-size.patch
cf93e2db-console-fix-error-with-old-pygobject.patch
143c6bef-virtinst-fix-error-message-format-string.patch
fe8722e7-createnet-Remove-some-unnecessary-max_length-annotations.patch
d9b5090e-Fix-forgetting-password-from-keyring.patch
------------------------------------------------------------------
------------------ 2021-6-20 - Jun 20 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Update to 5.13-rc7
- eliminate 1 patch
- patches.suse/0001-x86-ioremap-Map-efi_mem_reserve-memory-as-encrypted-.patch
- refresh configs
- commit d808585
------------------------------------------------------------------
------------------ 2021-6-19 - Jun 19 2021 -------------------
------------------------------------------------------------------
++++ Mesa:
- update to 21.1.3
* third bugfix
* mostly AMD fixes
++++ Mesa-drivers:
- update to 21.1.3
* third bugfix
* mostly AMD fixes
++++ kernel-default:
- Bluetooth: btqca: Don't modify firmware contents in-place
(bsc#1187472).
- commit 43254cf
++++ python-Jinja2:
- updated upstream project URL
------------------------------------------------------------------
------------------ 2021-6-18 - Jun 18 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Linux 5.12.12 (bsc#1012628).
- fib: Return the correct errno code (bsc#1012628).
- net: Return the correct errno code (bsc#1012628).
- net/x25: Return the correct errno code (bsc#1012628).
- rtnetlink: Fix missing error code in rtnl_bridge_notify()
(bsc#1012628).
- drm/amd/amdgpu:save psp ring wptr to avoid attack (bsc#1012628).
- drm/amd/display: Fix potential memory leak in DMUB hw_init
(bsc#1012628).
- drm/amdgpu: refine amdgpu_fru_get_product_info (bsc#1012628).
- drm/amd/display: Allow bandwidth validation for 0 streams
(bsc#1012628).
- net: ipconfig: Don't override command-line hostnames or domains
(bsc#1012628).
- nvme-loop: do not warn for deleted controllers during reset
(bsc#1012628).
- nvme-loop: check for NVME_LOOP_Q_LIVE in
nvme_loop_destroy_admin_queue() (bsc#1012628).
- nvme-loop: clear NVME_LOOP_Q_LIVE when
nvme_loop_configure_admin_queue() fails (bsc#1012628).
- nvme-loop: reset queue count to 1 in
nvme_loop_destroy_io_queues() (bsc#1012628).
- scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V
(bsc#1012628).
- Bluetooth: Add a new USB ID for RTL8822CE (bsc#1012628).
- scsi: qedf: Do not put host in qedf_vport_create()
unconditionally (bsc#1012628).
- ethernet: myri10ge: Fix missing error code in myri10ge_probe()
(bsc#1012628).
- scsi: target: core: Fix warning on realtime kernels
(bsc#1012628).
- gfs2: Fix use-after-free in gfs2_glock_shrink_scan
(bsc#1012628).
- mt76: mt7921: remove leftover 80+80 HE capability (bsc#1012628).
- ALSA: hda: Add AlderLake-M PCI ID (bsc#1012628).
- riscv: Use -mno-relax when using lld linker (bsc#1012628).
- HID: intel-ish-hid: ipc: Add Alder Lake device IDs
(bsc#1012628).
- HID: gt683r: add missing MODULE_DEVICE_TABLE (bsc#1012628).
- HID: multitouch: Disable event reporting on suspend on the
Asus T101HA touchpad (bsc#1012628).
- gfs2: Clean up revokes on normal withdraws (bsc#1012628).
- gfs2: fix a deadlock on withdraw-during-mount (bsc#1012628).
- gfs2: Prevent direct-I/O write fallback errors from getting lost
(bsc#1012628).
- ARM: OMAP2+: Fix build warning when mmc_omap is not built
(bsc#1012628).
- ARM: OMAP1: Fix use of possibly uninitialized irq variable
(bsc#1012628).
- hwmon/pmbus: (q54sj108a2) The PMBUS_MFR_ID is actually 6 chars
instead of 5 (bsc#1012628).
- drm/tegra: sor: Fully initialize SOR before registration
(bsc#1012628).
- gpu: host1x: Split up client initalization and registration
(bsc#1012628).
- drm/tegra: sor: Do not leak runtime PM reference (bsc#1012628).
- mt76: mt7921: fix max aggregation subframes setting
(bsc#1012628).
- HID: usbhid: fix info leak in hid_submit_ctrl (bsc#1012628).
- HID: Add BUS_VIRTUAL to hid_connect logging (bsc#1012628).
- HID: multitouch: set Stylus suffix for Stylus-application
devices, too (bsc#1012628).
- HID: quirks: Add quirk for Lenovo optical mouse (bsc#1012628).
- HID: asus: filter G713/G733 key event to prevent shutdown
(bsc#1012628).
- HID: hid-sensor-hub: Return error for hid_set_field() failure
(bsc#1012628).
- HID: hid-input: add mapping for emoji picker key (bsc#1012628).
- HID: a4tech: use A4_2WHEEL_MOUSE_HACK_B8 for A4TECH NB-95
(bsc#1012628).
- HID: quirks: Add HID_QUIRK_NO_INIT_REPORTS quirk for Dell K15A
keyboard-dock (bsc#1012628).
- HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for Saitek X65
(bsc#1012628).
- HID: asus: Filter keyboard EC for old ROG keyboard
(bsc#1012628).
- net: ieee802154: fix null deref in parse dev addr (bsc#1012628).
- commit 0e46a2c
++++ libgpg-error:
- Drop --with-pic (no effect with --disable-static).
++++ systemd:
- Create /run/lock/subsys again (bsc#1187292)
The creation of this directory was mistakenly dropped when
'filesystem' package took the initialization of the generic paths
over.
Paths under /run/lock are still managed by systemd for lack of
better place.
++++ patterns-base:
- Add pattern to install necessary packages for FIPS (bsc#1183154)
- Run pre_checkin.sh
- Fix build for SLE
++++ tpm2.0-tools:
- Add 0001-tpm2_eventlog-read-eventlog-file-in-chunks.patch to fix the
tpm2_eventlog command (boo#1187360)
------------------------------------------------------------------
------------------ 2021-6-17 - Jun 17 2021 -------------------
------------------------------------------------------------------
++++ dracut:
- Update to version 055+suse.106.g760b0c69:
* chore(suse): add Conflicts for old suse-module-tools to specfile (bsc#1187115)
- Update to version 055+suse.104.g9d45c1df:
* feat(suse-initrd): add INITRD_MODULES from /etc/sysconfig/kernel, too
* fix(suse-initrd): call dracut_instmods with hostonly=
* fix(suse-initrd): use $kernel rather than $(uname -r)
++++ kernel-default:
- UsrMerge the kernel (boo#1184804)
- Move files in /boot to modules dir
The file names in /boot are included as %ghost links. The %post script
creates symlinks for the kernel, sysctl.conf and System.map in
/boot for compatibility. Some tools require adjustments before we
can drop those links. If boot is a separate partition, a copy is
used instead of a link.
The logic for /boot/vmlinuz and /boot/initrd doesn't change with
this patch.
- Use /usr/lib/modules as module dir when usermerge is active in the
target distro.
- commit 6f5ed04
++++ kernel-firmware:
- Update to version 20210609 (git commit 0f66b74b6267):
* cypress: update firmware for cyw54591 pcie
* cypress: update firmware for cyw4373 sdio
* cypress: update firmware for cyw43570 pcie
* cypress: update firmware for cyw4356 sdio
* cypress: update firmware for cyw4354 sdio
* cypress: update firmware for cyw43455 sdio
* cypress: update firmware for cyw43430 sdio
* cypress: update firmware for cyw43340 sdio
* cypress: update firmware for cyw43012 sdio
* rtl_bt: Add rtl8761bu firmware
* rtl_bt: Add rtl8761b firmware
* Mellanox: Add new mlxsw_spectrum firmware xx.2008.2946
* mediatek: update MT7915 firmware to 20201105
* rtl_bt: Update RTL8822C BT(UART I/F) FW to 0x05A8_A0CB
* rtl_bt: Update RTL8822C BT(USB I/F) FW to 0x09A8_A0CB
* linux-firmware: update firmware for MT7921 WiFi device
* QCA: Add Bluetooth firmware for WCN685x
* QCA: Update Bluetooth firmware for QCA6174
* QCA: Update Bluetooth firmware for QCA6390
* cxgb4: Update firmware to revision 1.25.6.0
++++ less:
- update to 590:
* Make less able to read lesskey source files (deprecating lesskey).
* If XDG_CONFIG_HOME is set, find lesskey source file
in $XDG_CONFIG_HOME/lesskey rather than $HOME/.lesskey.
* If XDG_DATA_HOME is set, find and store history file
in $XDG_DATA_HOME/lesshst rather than $HOME/.lesshst.
* Add the --lesskey-src option.
* Add the --file-size option.
* With -F, if screen is resized to make file fit on one screen, don't exit.
++++ patterns-base:
- We now have two command-not-found provider: favor the previously,
well tested one for now (scout-command-not-found).
++++ python-certifi:
- update to 2021.5.30:
Added certs:
* CN=AC RAIZ FNMT-RCM SERVIDORES SEGUROS O=FNMT-RCM OU=Ceres
* CN=GlobalSign Root R46 O=GlobalSign nv-sa
* CN=GlobalSign Root E46 O=GlobalSign nv-sa
* CN=GLOBALTRUST 2020 O=e-commerce monitoring GmbH
* CN=ANF Secure Server Root CA O=ANF Autoridad de Certificacion OU=ANF CA Raiz
* CN=Certum EC-384 CA O=Asseco Data Systems S.A. OU=Certum Certification Authority
* CN=Certum Trusted Root CA O=Asseco Data Systems S.A. OU=Certum Certification Authority
++++ python310-packaging:
- Add Provides: for python*dist(packaging): work around boo#1186870
- skip tests failing because of no-legacyversion-warning.patch
++++ python310-pyparsing:
- Add Provides: for python*dist(pyparsing): work around boo#1186870
++++ python-setuptools:
- Add python dist provides for setuptools, pkg_resources and
easy_install: work around boo#1186870
- Dont create a package for -test flavor
++++ python-six:
- provide python3*dist(six): work around boo#1186870
++++ shim:
- Add shim-fix-aa64-relsz.patch to fix the size of rela sections
for AArch64
Fix: https://github.com/rhboot/shim/issues/371
++++ suse-module-tools:
- Update to version 16.0.4:
* re-add legacy subpackage with "weak-modules", and add a
"Supplements" dependency on dkms, which needs it
- Update to version 16.0.3:
* Fix treatment of compressed modules (bsc#1187093)
++++ tpm2.0-tools:
- Add 0001-tpm2_checkquote-fix-uninitialized-variable.patch for a better
fix of boo#1187316
- Re-enable lto
++++ vim:
- Updated to version 8.2.3013, fixes the following problems
* Builtin function can be shadowed by global variable.
* Using ":!command" does not work if the command uses posix_spawn().
* Still a way to shadow a builtin function. (Yasuhiro Matsumoto)
* E704 for script local variable is not backwards compatible. (Yasuhiro
Matsumoto)
* Computing array length is done in various ways.
* EBCDIC build is broken.
* Superfluous extern declaration.
* Vim9: line continuation comment uses legacy syntax.
* Vim9: no good error for using :legacy in a :def function.
* Test commented out because it fails with ASAN.
* The evalfunc.c file is too big.
* Accidentally enable tcl by default.
* When a popup is visible a mouse move my restart Visual mode.
* Vim9: line continuation comment still uses legacy syntax in one place.
* Select mode test fails.
* When 'clipboard' is "unnamed" zp and zP do not work correctly.
* ASAN error when using text from the clipboard.
* Calculating register width is not always needed. (Christian Brabandt)
* Vim9: converting number to bool uses wrong stack offset. (Salman Halim)
* Popup test fails if rightleft feature not enabled.
* After using motion force from feedkeys() it may not be reset.
* GTK: righthand scrollbar does not show with split window.
* Vim9: using `=expr` does not handle a list of strings.
* Vim9: internal error when calling function with too few arguments
* Vim9: check for argument count ignores default values.
* Vim9: no error when using job or channel as a string.
* Some buffer related code is not tested.
* Vim9: substitute expression cannot be a List in a :def function.
* Build failure without the channel feature.
* Substitute() accepts a number but not a float expression.
* Tests failing because there is no error for float to string conversion.
* Sound code not fully tested.
* Vim9: cannot use heredoc in :def function for :python, :lua, etc.
* Recover test fails on big endian systems.
* Vim9: leaking memory when using heredoc script.
* Short file name extension for Scala not recognized.
* Vim9: using filter in compiled command does not work.
* Vim9: need to plan for future additions.
* Using getchar() in Vim9 script is problematic.
* Function list test fails.
* sound_playfile() is not tested on MS-Windows.
* Swap file recovery not sufficiently tested.
* Keys typed during a :normal command are discarded.
* GUI: mouse move may start Visual mode with a popup visible.
* Vim9: hang when using space after ->. (Naohiro Ono)
* Vim9: crash when calling function that failed to compile.
* ml_get errors after recovering a file. (Yegappan Lakshmanan)
* Vim9: crash when using two levels of partials.
* Vim9: memory leak
* Subtracting from number option fails when result is zero. (Ingo Karkat)
* Python configure check uses deprecated command.
* Cannot yank a block without trailing spaces.
* "%bd" tries to delete popup window buffers, which fails. (Ralf Schandl)
* Fix for recovery and diff mode not tested.
* Greek spell checking uses wrong case folding.
* Vim9: can only use an autoload function name as a string.
* Build failure without the +eval feature.
* Crash when using a null function reference. (Naohiro Ono)
* Warning for uninitialized variable.
* Not all options code is covered by tests.
* Popup window test is a bit flaky.
* Recovery test is not run on big-endian systems.
* Vim9: future commands are not reserved yet.
* Vim9: an inline function requires specifying the return type.
* Vim9: Test fails because of missing return statement.
* Vim9: a compiled function cannot be debugged.
* Build failure without the profile feature.
* Build failure with normal features.
* Vim9: debugger test fails.
* Vim9: memory leak when debugging a :def function.
* Jupyter Notebook files are not recognized.
* Vim9: no completion for :vim9 and :legacy.
* Vim9: completion for :disassemble is incomplete.
* 'fileencodings' default value should depend on 'encoding'. (Gary Johnson)
* Various code is not fully tested.
* Linker errors with dynamic Python 3.10.
* Vim9: when debugging cannot inspect local variables.
* Vim9: disassemble test fails.
* Vim9: disassemble test fails.
* Balloon sometimes does not hide with GTK 3.
* Vim9: warning for uninitialized variable.
* Vim9: memory leak when compilation fails.
* Vim doesn't abort on a fatal Tcl error.
* Vim9: closure compiled with wrong compile type.
* Vim9: error for missing colon given while skipping.
* Vim9: using a void value does not give a proper error message.
* Crash when echoing a value very early. (Naruhiko Nishino)
* Vim9: test for void value fails.
* Startup test may hang.
* Startup test may hang.
* Not enough testing for viminfo code.
* Vim9: cannot get argument values during debugging.
* When 'rightleft' is set the line number is sometimes drawn reversed.
* Vim: when debugging only the first line of a command using line
continuation is displayed.
------------------------------------------------------------------
------------------ 2021-6-16 - Jun 16 2021 -------------------
------------------------------------------------------------------
++++ NetworkManager:
- Update to version 1.32.0:
+ Now NetworkManager uses systemd-resolved API to lookup the
system hostname via reverse DNS. If systemd-resolved is not
available, a 'nm-daemon-helper' binary is spawned to perform
the lookup using the 'dns' NSS module.
- Rebase patches.
++++ aaa_base:
- Update to version 84.87+git20210616.9cf42ff:
* add media type application/wasm (boo#1187387)
* Remove legacy links in /sbin
* Fix profile.csh to really set http proxies
++++ btrfsprogs:
- Add --disable-zoned for leap
++++ kernel-default:
- Refresh
patches.suse/brcmfmac-Add-clm_blob-firmware-files-to-modinfo.patch.
- Refresh
patches.suse/brcmfmac-Delete-second-brcm-folder-hierarchy.patch.
- commit b5a438c
- Refresh
patches.suse/brcmfmac-Add-clm_blob-firmware-files-to-modinfo.patch.
- Refresh
patches.suse/brcmfmac-Delete-second-brcm-folder-hierarchy.patch.
- commit e486bc1
- Update config files: CONFIG_SND_HDA_INTEL=m for armv7hl, too (bsc#1187334)
It's used by openQA.
- commit e752118
- Linux 5.12.11 (bsc#1012628).
- proc: Track /proc/$pid/attr/ opener mm_struct (bsc#1012628).
- ASoC: max98088: fix ni clock divider calculation (bsc#1012628).
- ASoC: amd: fix for pcm_read() error (bsc#1012628).
- spi: Fix spi device unregister flow (bsc#1012628).
- spi: spi-zynq-qspi: Fix stack violation bug (bsc#1012628).
- bpf: Forbid trampoline attach for functions with variable
arguments (bsc#1012628).
- ASoC: codecs: lpass-rx-macro: add missing MODULE_DEVICE_TABLE
(bsc#1012628).
- ASoC: codecs: lpass-tx-macro: add missing MODULE_DEVICE_TABLE
(bsc#1012628).
- net/nfc/rawsock.c: fix a permission check bug (bsc#1012628).
- usb: cdns3: Fix runtime PM imbalance on error (bsc#1012628).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Glavey TM800A550L
tablet (bsc#1012628).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Lenovo Miix 3-830
tablet (bsc#1012628).
- bpf: Add deny list of btf ids check for tracing programs
(bsc#1012628).
- vfio-ccw: Reset FSM state to IDLE inside FSM (bsc#1012628).
- vfio-ccw: Serialize FSM IDLE state with I/O completion
(bsc#1012628).
- ASoC: sti-sas: add missing MODULE_DEVICE_TABLE (bsc#1012628).
- spi: sprd: Add missing MODULE_DEVICE_TABLE (bsc#1012628).
- usb: chipidea: udc: assign interrupt number to USB gadget
structure (bsc#1012628).
- isdn: mISDN: netjet: Fix crash in nj_probe: (bsc#1012628).
- bonding: init notify_work earlier to avoid uninitialized use
(bsc#1012628).
- netlink: disable IRQs for netlink_lock_table() (bsc#1012628).
- net: mdiobus: get rid of a BUG_ON() (bsc#1012628).
- cgroup: disable controllers at parse time (bsc#1012628).
- wq: handle VM suspension in stall detection (bsc#1012628).
- net/qla3xxx: fix schedule while atomic in ql_sem_spinlock
(bsc#1012628).
- RDS tcp loopback connection can hang (bsc#1012628).
- net:sfc: fix non-freed irq in legacy irq mode (bsc#1012628).
- scsi: bnx2fc: Return failure if io_req is already in ABTS
processing (bsc#1012628).
- scsi: vmw_pvscsi: Set correct residual data length
(bsc#1012628).
- scsi: hisi_sas: Drop free_irq() of devm_request_irq() allocated
irq (bsc#1012628).
- scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal
(bsc#1012628).
- net: macb: ensure the device is available before accessing
GEMGXL control registers (bsc#1012628).
- net: appletalk: cops: Fix data race in cops_probe1
(bsc#1012628).
- net: dsa: microchip: enable phy errata workaround on 9567
(bsc#1012628).
- Makefile: LTO: have linker check -Wframe-larger-than
(bsc#1012628).
- nvme-fabrics: decode host pathing error for connect
(bsc#1012628).
- MIPS: Fix kernel hang under FUNCTION_GRAPH_TRACER and
PREEMPT_TRACER (bsc#1012628).
- bpf, selftests: Adjust few selftest result_unpriv outcomes
(bsc#1012628).
- dm verity: fix require_signatures module_param permissions
(bsc#1012628).
- bnx2x: Fix missing error code in bnx2x_iov_init_one()
(bsc#1012628).
- nvme-tcp: remove incorrect Kconfig dep in BLK_DEV_NVME
(bsc#1012628).
- nvmet: fix false keep-alive timeout when a controller is torn
down (bsc#1012628).
- powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P2041 i2c
controllers (bsc#1012628).
- powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P1010 i2c
controllers (bsc#1012628).
- spi: Don't have controller clean up spi device before driver
unbind (bsc#1012628).
- spi: Cleanup on failure of initial setup (bsc#1012628).
- i2c: mpc: Make use of i2c_recover_bus() (bsc#1012628).
- i2c: mpc: implement erratum A-004447 workaround (bsc#1012628).
- ALSA: seq: Fix race of snd_seq_timer_open() (bsc#1012628).
- ALSA: firewire-lib: fix the context to call snd_pcm_stop_xrun()
(bsc#1012628).
- ALSA: hda/realtek: headphone and mic don't work on an Acer
laptop (bsc#1012628).
- ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP
Elite Dragonfly G2 (bsc#1012628).
- ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP
EliteBook x360 1040 G8 (bsc#1012628).
- ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook 840
Aero G8 (bsc#1012628).
- ALSA: hda/realtek: fix mute/micmute LEDs for HP ZBook Power G8
(bsc#1012628).
- spi: bcm2835: Fix out-of-bounds access with more than 4 slaves
(bsc#1012628).
- Revert "ACPI: sleep: Put the FACS table after using it"
(bsc#1012628).
- drm: Fix use-after-free read in drm_getunique() (bsc#1012628).
- drm: Lock pointer access in drm_master_release() (bsc#1012628).
- x86, lto: Pass -stack-alignment only on LLD < 13.0.0
(bsc#1012628).
- perf/x86/intel/uncore: Fix M2M event umask for Ice Lake server
(bsc#1012628).
- KVM: x86: Unload MMU on guest TLB flush if TDP disabled to
force MMU sync (bsc#1012628).
- KVM: X86: MMU: Use the correct inherited permissions to get
shadow page (bsc#1012628).
- kvm: avoid speculation-based attacks from out-of-range memslot
accesses (bsc#1012628).
- staging: rtl8723bs: Fix uninitialized variables (bsc#1012628).
- usb: misc: brcmstb-usb-pinmap: check return value after calling
platform_get_resource() (bsc#1012628).
- misc: rtsx: separate aspm mode into MODE_REG and MODE_CFG
(bsc#1012628).
- bus: mhi: pci_generic: Fix possible use-after-free in
mhi_pci_remove() (bsc#1012628).
- tick/nohz: Only check for RCU deferred wakeup on user/guest
entry when needed (bsc#1012628).
- bcache: remove bcache device self-defined readahead
(bsc#1012628).
- bcache: avoid oversized read request in cache missing code path
(bsc#1012628).
- async_xor: check src_offs is not NULL before updating it
(bsc#1012628).
- btrfs: do not write supers if we have an fs error (bsc#1012628).
- btrfs: zoned: fix zone number to sector/physical calculation
(bsc#1012628).
- btrfs: return value from btrfs_mark_extent_written() in case
of error (bsc#1012628).
- btrfs: promote debugging asserts to full-fledged checks in
validate_super (bsc#1012628).
- coredump: Limit what can interrupt coredumps (bsc#1012628).
- cgroup1: don't allow '\n' in renaming (bsc#1012628).
- ftrace: Do not blindly read the ip address in ftrace_bug()
(bsc#1012628).
- tracing: Correct the length check which causes memory corruption
(bsc#1012628).
- tools/bootconfig: Fix a build error accroding to undefined
fallthrough (bsc#1012628).
- mmc: renesas_sdhi: abort tuning when timeout detected
(bsc#1012628).
- mmc: renesas_sdhi: Fix HS400 on R-Car M3-W+ (bsc#1012628).
- USB: f_ncm: ncm_bitrate (speed) is unsigned (bsc#1012628).
- usb: f_ncm: only first packet of aggregate needs to start timer
(bsc#1012628).
- usb: pd: Set PD_T_SINK_WAIT_CAP to 310ms (bsc#1012628).
- usb: dwc3-meson-g12a: fix usb2 PHY glue init when phy0 is
disabled (bsc#1012628).
- usb: dwc3: meson-g12a: Disable the regulator in the error
handling path of the probe (bsc#1012628).
- usb: dwc3: gadget: Bail from dwc3_gadget_exit() if dwc->gadget
is NULL (bsc#1012628).
- usb: dwc3: ep0: fix NULL pointer exception (bsc#1012628).
- usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling
(bsc#1012628).
- usb: typec: wcove: Use LE to CPU conversion when accessing
msg->header (bsc#1012628).
- usb: typec: ucsi: Clear PPM capability data in ucsi_init()
error path (bsc#1012628).
- usb: typec: intel_pmc_mux: Put fwnode in error case during
- >probe() (bsc#1012628).
- usb: typec: intel_pmc_mux: Add missed error check for
devm_ioremap_resource() (bsc#1012628).
- usb: gadget: f_fs: Ensure io_completion_wq is idle during unbind
(bsc#1012628).
- USB: serial: ftdi_sio: add NovaTech OrionMX product ID
(bsc#1012628).
- USB: serial: omninet: add device id for Zyxel Omni 56K Plus
(bsc#1012628).
- USB: serial: quatech2: fix control-request directions
(bsc#1012628).
- USB: serial: cp210x: fix alternate function for CP2102N QFN20
(bsc#1012628).
- USB: serial: cp210x: fix CP2102N-A01 modem control
(bsc#1012628).
- usb: cdnsp: Fix deadlock issue in cdnsp_thread_irq_handler
(bsc#1012628).
- usb: gadget: eem: fix wrong eem header operation (bsc#1012628).
- usb: fix various gadgets null ptr deref on 10gbps cabling
(bsc#1012628).
- usb: fix various gadget panics on 10gbps cabling (bsc#1012628).
- usb: typec: tcpm: Properly handle Alert and Status Messages
(bsc#1012628).
- usb: typec: tcpm: cancel vdm and state machine hrtimer when
unregister tcpm port (bsc#1012628).
- usb: typec: tcpm: cancel frs hrtimer when unregister tcpm port
(bsc#1012628).
- usb: typec: tcpm: Do not finish VDM AMS for retrying Responses
(bsc#1012628).
- regulator: core: resolve supply for boot-on/always-on regulators
(bsc#1012628).
- regulator: max77620: Use device_set_of_node_from_dev()
(bsc#1012628).
- regulator: bd718x7: Fix the BUCK7 voltage setting on BD71837
(bsc#1012628).
- regulator: da9121: Return REGULATOR_MODE_INVALID for invalid
mode (bsc#1012628).
- regulator: fan53880: Fix missing n_voltages setting
(bsc#1012628).
- regulator: fixed: Ensure enable_counter is correct if
reg_domain_disable fails (bsc#1012628).
- regulator: scmi: Fix off-by-one for linear regulators
.n_voltages setting (bsc#1012628).
- regulator: bd71828: Fix .n_voltages settings (bsc#1012628).
- regulator: atc260x: Fix n_voltages and min_sel for pickable
linear ranges (bsc#1012628).
- regulator: rtmv20: Fix .set_current_limit/.get_current_limit
callbacks (bsc#1012628).
- phy: usb: Fix misuse of IS_ENABLED (bsc#1012628).
- usb: cdns3: Enable TDL_CHK only for OUT ep (bsc#1012628).
- usb: dwc3: gadget: Disable gadget IRQ during pullup disable
(bsc#1012628).
- usb: typec: tcpm: Correct the responses in SVDM Version 2.0 DFP
(bsc#1012628).
- usb: typec: tcpm: Fix misuses of AMS invocation (bsc#1012628).
- usb: typec: mux: Fix copy-paste mistake in typec_mux_match
(bsc#1012628).
- drm/mcde: Fix off by 10^3 in calculation (bsc#1012628).
- drm/msm/a6xx: fix incorrectly set uavflagprd_inv field for A650
(bsc#1012628).
- drm/msm/a6xx: update/fix CP_PROTECT initialization
(bsc#1012628).
- drm/msm/a6xx: avoid shadow NULL reference in failure path
(bsc#1012628).
- hwmon: (corsair-psu) fix suspend behavior (bsc#1012628).
- hwmon: (tps23861) define regmap max register (bsc#1012628).
- hwmon: (tps23861) set current shunt value (bsc#1012628).
- hwmon: (tps23861) correct shunt LSB values (bsc#1012628).
- RDMA/ipoib: Fix warning caused by destroying non-initial netns
(bsc#1012628).
- RDMA/mlx5: Use different doorbell memory for different processes
(bsc#1012628).
- RDMA/mlx4: Do not map the core_clock page to user space unless
enabled (bsc#1012628).
- RDMA/mlx5: Block FDB rules when not in switchdev mode
(bsc#1012628).
- RDMA: Verify port when creating flow rule (bsc#1012628).
- ARM: cpuidle: Avoid orphan section warning (bsc#1012628).
- vmlinux.lds.h: Avoid orphan section with !SMP (bsc#1012628).
- tools/bootconfig: Fix error return code in apply_xbc()
(bsc#1012628).
- phy: cadence: Sierra: Fix error return code in
cdns_sierra_phy_probe() (bsc#1012628).
- ASoC: core: Fix Null-point-dereference in fmt_single_name()
(bsc#1012628).
- ASoC: meson: gx-card: fix sound-dai dt schema (bsc#1012628).
- phy: ti: Fix an error code in wiz_probe() (bsc#1012628).
- gpio: wcd934x: Fix shift-out-of-bounds error (bsc#1012628).
- pinctrl: qcom: Fix duplication in gpio_groups (bsc#1012628).
- perf/x86/intel/uncore: Fix a kernel WARNING triggered by
maxcpus=1 (bsc#1012628).
- perf: Fix data race between pin_count increment/decrement
(bsc#1012628).
- dt-bindings: connector: Replace BIT macro with generic bit ops
(bsc#1012628).
- sched/fair: Keep load_avg and load_sum synced (bsc#1012628).
- sched/fair: Make sure to update tg contrib for blocked load
(bsc#1012628).
- ASoC: SOF: reset enabled_cores state at suspend (bsc#1012628).
- sched/fair: Fix util_est UTIL_AVG_UNCHANGED handling
(bsc#1012628).
- platform/surface: aggregator: Fix event disable function
(bsc#1012628).
- x86/nmi_watchdog: Fix old-style NMI watchdog regression on
old Intel CPUs (bsc#1012628).
- KVM: x86: Ensure liveliness of nested VM-Enter fail tracepoint
message (bsc#1012628).
- IB/mlx5: Fix initializing CQ fragments buffer (bsc#1012628).
- NFS: Fix a potential NULL dereference in nfs_get_client()
(bsc#1012628).
- NFSv4: Fix deadlock between nfs4_evict_inode() and
nfs4_opendata_get_inode() (bsc#1012628).
- pinctrl: qcom: Make it possible to select SC8180x TLMM
(bsc#1012628).
- perf session: Correct buffer copying when peeking events
(bsc#1012628).
- kvm: fix previous commit for 32-bit builds (bsc#1012628).
- NFS: Fix use-after-free in nfs4_init_client() (bsc#1012628).
- NFSv4: Fix second deadlock in nfs4_evict_inode() (bsc#1012628).
- NFSv4: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP
on error (bsc#1012628).
- scsi: core: Fix error handling of scsi_host_alloc()
(bsc#1012628).
- scsi: core: Fix failure handling of scsi_add_host_with_dma()
(bsc#1012628).
- scsi: core: Put .shost_dev in failure path if host state
changes to RUNNING (bsc#1012628).
- scsi: core: Only put parent device if host state differs from
SHOST_CREATED (bsc#1012628).
- proc: only require mm_struct for writing (bsc#1012628).
- commit 522e416
- kernel-binary.spec.in: Regenerate makefile when not using mkmakefile.
- commit 6b30fe5
++++ efivar:
- Add efivar-bsc1187386-fix-emmc-parsing.patch to fix the eMMC
sysfs parsing (bsc#1187386)
- Add efivar-bsc1181967-fix-nvme-parsing.patch to fix the NVME
path parsing (bsc#1181967)
++++ snapper:
- added configure option for location of PAM module
(gh#openSUSE/snapper#659)
++++ microos-tools:
- Update to version 2.11
- Fix unwritable /var / /etc after SELinux relabel [bsc#1186563]
++++ patterns-base:
- Remove requirement on sysconfig package. Doesn't seem to contain anything
useful anymore. Tools that actually need it such as wicked will just require
sysconfig themselves.
------------------------------------------------------------------
------------------ 2021-6-15 - Jun 15 2021 -------------------
------------------------------------------------------------------
++++ btrfsprogs:
- revert previous change, unintentionally disables zstd on tumbleweed
- Fix build for leap
* --disable-zstd if leap < 42.3
* --disable-zoned for leap
++++ compat-usrmerge:
- another fix for split /usr to avoid running out of space (boo#1186781)
- unsafe fallback also for ENOSYS on renameat2 as seen on WSL
++++ kernel-default:
- ACPI: Pass the same capabilities to the _OSC regardless of
the query flag (bsc#1185513).
- commit 7354f79
++++ netcontrol:
- version 0.3.2
- use SPDX shortname lincense and PKG_INSTALLDIR autoconf macro
- virsh iface-list takes too long with many interfaces (bsc#1179144)
- Cleanup netcf functions, include elapsed time in debug messages
- Changed to refresh config and system info to keep them consistent
- Add (fix or) adaptive refresh caching, set to double refresh-time
- Implemented new backend refresh using wicked config/system queries
- remove packages included in 0.3.2 source archive:
[- 0005-bonding-don-t-complain-about-unknown-options.1132794.patch]
[- 0004-udev-use-correct-udev-rule-write-lock-directory.patch]
[- 0003-sysconfig-fix-segfault-on-missed-end-quote-bsc-10277.patch]
[- 0002-Fix-invalid-check-in-route-creation-bsc-1148646.patch]
[- 0001-virsh-iface-list-not-working-as-expected-bsc-1029201.patch]
++++ tpm2.0-tools:
- Disable lto to fix tpm2_checkquote error (boo#1187316)
- Update service file to point to the correct revision
------------------------------------------------------------------
------------------ 2021-6-14 - Jun 14 2021 -------------------
------------------------------------------------------------------
++++ audit-secondary:
- Adjust audit.spec and audit-secondary.spec to support new version
- Include fix for libev
* add libev-werror.patch
- Update to version 3.0.2
- In audispd-statsd pluging, use struct sockaddr_storage (Ville Heikkinen)
- Optionally interpret auid in auditctl -l
- Update some syscall argument interpretations
- In auditd, do not allow spaces in the hostname name format
- Big documentation cleanup (MIZUTA Takeshi)
- Update syscall table to the 5.12 kernel
- Update the auparse normalizer for new event types
- Fix compiler warnings in ids subsystem
- Block a couple signals from flush & reconfigure threads
- In auditd, don't wait on flush thread when exiting
- Output error message if the path of input files are too long ausearch/report
Included fixes from 3.0.1
- Update syscall table to the 5.11 kernel
- Add new --eoe-timeout option to ausearch and aureport (Burn Alting)
- Only enable periodic timers when listening on the network
- Upgrade libev to 4.33
- Add auparse_new_buffer function to auparse library
- Use the select libev backend unless aggregating events
- Add sudoers to some base audit rules
- Update the auparse normalizer for some new syscalls and event types
Included fixes from 3.0
- Generate checkpoint file even when no results are returned (Burn Alting)
- Fix log file creation when file logging is disabled entirely (Vlad Glagolev)
- Convert auparse_test to run with python3 (Tomáš Chvátal)
- Drop support for prelude
- Adjust backlog_wait_time in rules to the kernel default (#1482848)
- Remove ids key syntax checking of rules in auditctl
- Use SIGCONT to dump auditd internal state (#1504251)
- Fix parsing of virtual timestamp fields in ausearch_expression (#1515903)
- Fix parsing of uid & success for ausearch
- Add support for not equal operator in audit by executable (Ondrej Mosnacek)
- Hide lru symbols in auparse
- Add systemd process protections
- Fix aureport summary time range reporting
- Allow unlimited retries on startup for remote logging
- Add queue_depth to remote logging stats and increase default queue_depth size
- Fix segfault on shutdown
- Merge auditd and audispd code
- Close on execute init_pipe fd (#1587995)
- Breakout audisp syslog plugin to be standalone program
- Create a common internal library to reduce code
- Move all audispd config files under /etc/audit/
- Move audispd.conf settings into auditd.conf
- Add queue depth statistics to internal state dump report
- Add network statistics to internal state dump report
- SIGUSR now also restarts queue processing if its suspended
- Update lookup tables for the 4.18 kernel
- Add auparse_normalizer support for SOFTWARE_UPDATE event
- Add 30-ospp-v42.rules to meet new Common Criteria requirements
- Deprecate enable_krb and replace with transport config opt for remote logging
- Mark netlabel events as simple events so that get processed quicker
- When auditd is reconfiguring, only SIGHUP plugins with valid pid (#1614833)
- In aureport, fix segfault in file report
- Add auparse_normalizer support for labeled networking events
- Fix memory leak in audisp-remote plugin when using krb5 transport. (#1622194)
- In ausearch/auparse, event aging is off by a second
- In ausearch/auparse, correct event ordering to process oldest first
- Migrate auparse python test to python3
- auparse_reset was not clearing everything it should
- Add support for AUDIT_MAC_CALIPSO_ADD, AUDIT_MAC_CALIPSO_DEL events
- In ausearch/report, lightly parse selinux portion of USER_AVC events
- Add bpf syscall command argument interpretation to auparse
- In ausearch/report, limit record size when malformed
- Port af_unix plugin to libev
- In auditd, fix extract_type function for network originating events
- In auditd, calculate right size and location for network originating events
- Make legacy script wait for auditd to terminate (#1643567)
- Treat all network originating events as VER2 so dispatcher doesn't format it
- If an event has a node name make it VER2 so dispatcher doesnt format it
- In audisp-remote do an initial connection attempt (#1625156)
- In auditd, allow expression of space left as a percentage (#1650670)
- On PPC64LE systems, only allow 64 bit rules (#1462178)
- Make some parts of auditd state report optional based on config
- Update to libev-4.25
- Fix ausearch when checkpointing a single file (Burn Alting)
- Fix scripting in 31-privileged.rules wrt filecap (#1662516)
- In ausearch, do not checkpt if stdin is input source
- In libev, remove __cold__ attribute for functions to allow proper hardening
- Add tests to configure.ac for openldap support
- Make systemd support files use /run rather than /var/run (Christian Hesse)
- Fix minor memory leak in auditd kerberos credentials code
- Allow exclude and user filter by executable name (Ondrej Mosnacek)
- Fix auditd regression where keep_logs is limited by rotate_logs 2 file test
- In ausearch/report fix --end to use midnight time instead of now (#1671338)
- Add substitue functions for strndupa & rawmemchr
- Fix memleak in auparse caused by corrected event ordering
- Fix legacy reload script to reload audit rules when daemon is reloaded
- Support for unescaping in trusted messages (Dmitry Voronin)
- In auditd, use standard template for DEAMON events (Richard Guy Briggs)
- In aureport, fix segfault for malformed USER_CMD events
- Add exe field to audit_log_user_command in libaudit
- In auditctl support filter on socket address families (Richard Guy Briggs)
- Deprecate support for Alpha & IA64 processors
- If space_left_action is rotate, allow it every time (#1718444)
- In auparse, drop standalone EOE events
- Add milliseconds column for ausearch extra time csv format
- Fix aureport first event reporting when no start given
- In audisp-remote, add new config item for startup connection errors
- Remove dependency on chkconfig
- Install rules to /usr/share/audit/sample-rules/
- Split up ospp rules to make SCAP scanning easier (#1746018)
- In audisp-syslog, support interpreting records (#1497279)
- Audit USER events now sends msg as name value pair
- Add support for AUDIT_BPF event
- Auditd should not process AUDIT_REPLACE events
- Update syscall tables to the 5.5 kernel
- Improve personality interpretation by using PERS_MASK
- Speedup ausearch/report parsing RAW logging format by caching uid/name lookup
- Change auparse python bindings to shared object (Issue #121)
- Add error messages for watch permissions
- If audit rules file doesn't exist log error message instead of info message
- Revise error message for unmatched options in auditctl
- In audisp-remote, fixup remote endpoint disappearin in ascii format
- Add backlog_wait_time_actual reporting / resetting to auditctl (Max Englander)
- In auditctl, add support for sending a signal to auditd
- Removes audit-fno-common.patch: fixed in upstream
- Removes audit-python3.patch: fixed in upstream
++++ dracut:
- Update to version 055+suse.100.ga2700279:
* fix(suse-initrd): remove references to INITRD_MODULES (bsc#1187115)
* chore(suse): erase conditional for usrmerge from specfile
* chore(suse): fix specfile for usrmerge
++++ kernel-default:
- rpm/kernel-binary.spec.in: Fix handling of +arch marker (bsc#1186672)
The previous commit made a module wrongly into Module.optional.
Although it didn't influence on the end result, better to fix it.
Also, add a comment to explain the markers briefly.
- commit 8f79742
- config: riscv64: enable STMMAC_PLATFORM
This also makes DWMAC_DWC_QOS_ETH, DWMAC_GENERIC, DWMAC_INTEL_PLAT visible
which are all enabled.
- commit 617c6b8
++++ less:
- Remove --with-pic (no static libs are ever produced).
++++ alsa:
- Update to version 1.2.5.1:
a bug fix release, including previous patches:
https://www.alsa-project.org/wiki/Changes_v1.2.5_v1.2.5.1
- Drop obsoleted patches:
0001-conf-fix-load_for_all_cards.patch
0002-ucm-add-_alibpref-to-get-the-private-device-prefix.patch
0003-ucm-fix-_alibpref-string-add-.-delimiter-to-the-end.patch
++++ audit:
- Adjust audit.spec and audit-secondary.spec to support new version
- Include fix for libev
* add libev-werror.patch
- Update to version 3.0.2
- In audispd-statsd pluging, use struct sockaddr_storage (Ville Heikkinen)
- Optionally interpret auid in auditctl -l
- Update some syscall argument interpretations
- In auditd, do not allow spaces in the hostname name format
- Big documentation cleanup (MIZUTA Takeshi)
- Update syscall table to the 5.12 kernel
- Update the auparse normalizer for new event types
- Fix compiler warnings in ids subsystem
- Block a couple signals from flush & reconfigure threads
- In auditd, don't wait on flush thread when exiting
- Output error message if the path of input files are too long ausearch/report
Included fixes from 3.0.1
- Update syscall table to the 5.11 kernel
- Add new --eoe-timeout option to ausearch and aureport (Burn Alting)
- Only enable periodic timers when listening on the network
- Upgrade libev to 4.33
- Add auparse_new_buffer function to auparse library
- Use the select libev backend unless aggregating events
- Add sudoers to some base audit rules
- Update the auparse normalizer for some new syscalls and event types
Included fixes from 3.0
- Generate checkpoint file even when no results are returned (Burn Alting)
- Fix log file creation when file logging is disabled entirely (Vlad Glagolev)
- Convert auparse_test to run with python3 (Tomáš Chvátal)
- Drop support for prelude
- Adjust backlog_wait_time in rules to the kernel default (#1482848)
- Remove ids key syntax checking of rules in auditctl
- Use SIGCONT to dump auditd internal state (#1504251)
- Fix parsing of virtual timestamp fields in ausearch_expression (#1515903)
- Fix parsing of uid & success for ausearch
- Add support for not equal operator in audit by executable (Ondrej Mosnacek)
- Hide lru symbols in auparse
- Add systemd process protections
- Fix aureport summary time range reporting
- Allow unlimited retries on startup for remote logging
- Add queue_depth to remote logging stats and increase default queue_depth size
- Fix segfault on shutdown
- Merge auditd and audispd code
- Close on execute init_pipe fd (#1587995)
- Breakout audisp syslog plugin to be standalone program
- Create a common internal library to reduce code
- Move all audispd config files under /etc/audit/
- Move audispd.conf settings into auditd.conf
- Add queue depth statistics to internal state dump report
- Add network statistics to internal state dump report
- SIGUSR now also restarts queue processing if its suspended
- Update lookup tables for the 4.18 kernel
- Add auparse_normalizer support for SOFTWARE_UPDATE event
- Add 30-ospp-v42.rules to meet new Common Criteria requirements
- Deprecate enable_krb and replace with transport config opt for remote logging
- Mark netlabel events as simple events so that get processed quicker
- When auditd is reconfiguring, only SIGHUP plugins with valid pid (#1614833)
- In aureport, fix segfault in file report
- Add auparse_normalizer support for labeled networking events
- Fix memory leak in audisp-remote plugin when using krb5 transport. (#1622194)
- In ausearch/auparse, event aging is off by a second
- In ausearch/auparse, correct event ordering to process oldest first
- Migrate auparse python test to python3
- auparse_reset was not clearing everything it should
- Add support for AUDIT_MAC_CALIPSO_ADD, AUDIT_MAC_CALIPSO_DEL events
- In ausearch/report, lightly parse selinux portion of USER_AVC events
- Add bpf syscall command argument interpretation to auparse
- In ausearch/report, limit record size when malformed
- Port af_unix plugin to libev
- In auditd, fix extract_type function for network originating events
- In auditd, calculate right size and location for network originating events
- Make legacy script wait for auditd to terminate (#1643567)
- Treat all network originating events as VER2 so dispatcher doesn't format it
- If an event has a node name make it VER2 so dispatcher doesnt format it
- In audisp-remote do an initial connection attempt (#1625156)
- In auditd, allow expression of space left as a percentage (#1650670)
- On PPC64LE systems, only allow 64 bit rules (#1462178)
- Make some parts of auditd state report optional based on config
- Update to libev-4.25
- Fix ausearch when checkpointing a single file (Burn Alting)
- Fix scripting in 31-privileged.rules wrt filecap (#1662516)
- In ausearch, do not checkpt if stdin is input source
- In libev, remove __cold__ attribute for functions to allow proper hardening
- Add tests to configure.ac for openldap support
- Make systemd support files use /run rather than /var/run (Christian Hesse)
- Fix minor memory leak in auditd kerberos credentials code
- Allow exclude and user filter by executable name (Ondrej Mosnacek)
- Fix auditd regression where keep_logs is limited by rotate_logs 2 file test
- In ausearch/report fix --end to use midnight time instead of now (#1671338)
- Add substitue functions for strndupa & rawmemchr
- Fix memleak in auparse caused by corrected event ordering
- Fix legacy reload script to reload audit rules when daemon is reloaded
- Support for unescaping in trusted messages (Dmitry Voronin)
- In auditd, use standard template for DEAMON events (Richard Guy Briggs)
- In aureport, fix segfault for malformed USER_CMD events
- Add exe field to audit_log_user_command in libaudit
- In auditctl support filter on socket address families (Richard Guy Briggs)
- Deprecate support for Alpha & IA64 processors
- If space_left_action is rotate, allow it every time (#1718444)
- In auparse, drop standalone EOE events
- Add milliseconds column for ausearch extra time csv format
- Fix aureport first event reporting when no start given
- In audisp-remote, add new config item for startup connection errors
- Remove dependency on chkconfig
- Install rules to /usr/share/audit/sample-rules/
- Split up ospp rules to make SCAP scanning easier (#1746018)
- In audisp-syslog, support interpreting records (#1497279)
- Audit USER events now sends msg as name value pair
- Add support for AUDIT_BPF event
- Auditd should not process AUDIT_REPLACE events
- Update syscall tables to the 5.5 kernel
- Improve personality interpretation by using PERS_MASK
- Speedup ausearch/report parsing RAW logging format by caching uid/name lookup
- Change auparse python bindings to shared object (Issue #121)
- Add error messages for watch permissions
- If audit rules file doesn't exist log error message instead of info message
- Revise error message for unmatched options in auditctl
- In audisp-remote, fixup remote endpoint disappearin in ascii format
- Add backlog_wait_time_actual reporting / resetting to auditctl (Max Englander)
- In auditctl, add support for sending a signal to auditd
- Remove audit-fno-common.patch: fixed in upstream
- Remove audit-python3.patch: fixed in upstream
++++ ncurses:
- Add ncurses patch 20210612
+ fixes for scan-build, valgrind build/testing.
+ update config.guess
++++ podman:
- Update to version 3.2.1:
* Bump to v3.2.1
* Updated release notes for v3.2.1
* Fix network connect race with docker-compose
* Revert "Ensure minimum API version is set correctly in tests"
* Fall back to string for dockerfile parameter
* remote events: fix --stream=false
* [CI:DOCS] fix incorrect network remove api doc
* remote: always send resize before the container starts
* remote events: support labels
* remote pull: cancel pull when connection is closed
* Fix network prune api docs
* Improve systemd-resolved detection
* logs: k8s-file: fix race
* Fix image prune --filter cmd behavior
* Several shell completion fixes
* podman-remote build should handle -f option properly
* System tests: deal with crun 0.20.1
* Fix build tags for pkg/machine...
* Fix pre-checkpointing
* container: ignore named hierarchies
* [v3.2] vendor containers/common@v0.38.9
* rootless: fix fast join userns path
* [v3.2] vendor containers/common@v0.38.7
* [v3.2] vendor containers/common@v0.38.6
* Correct qemu options for Intel macs
* Ensure minimum API version is set correctly in tests
* Bump to v3.2.1-dev
++++ python-M2Crypto:
- Update to 0.38.0:
- Remove the last use of setup.py test idiom.
- Use m2_PyObject_AsReadBuffer instead of PyObject_AsReadBuffer.
- Add support for arm64 big endian <Steev Klimaszewski>
- Make support of RSA_SSLV23_PADDING optional (it has been deprecated).
- Move project to src/ layout
- Allow verify_cb_* to be called with ok=True <Casey Deccio>
- Be prepared if any of constants in x509_vfy.h is not available.
- But we do support 3.8
- We DO NOT support Python 2.6.
- All patches were upstreamed:
- 293_sslv23_padding.patch
- no-need-parameterized.patch
- python-M2Crypto-Allow-on-UNABLE_TO_VERIFY_LEAF_SIGNATURE.patch
------------------------------------------------------------------
------------------ 2021-6-13 - Jun 13 2021 -------------------
------------------------------------------------------------------
++++ chrony:
- Add now working CONFIG parameter to sysusers generator
++++ dnsmasq:
- Add now working CONFIG parameter to sysusers generator
++++ transactional-update:
- Version 3.4.0
- Apply SElinux context on /etc in transaction [boo#1185625], [boo#1185766]
[bsc#1186842], [boo#1186775]
- Implement inotify handling in C instead of Bash; this makes the
- -drop-if-no-change option work on SLE Micro [bsc#1184529]
- Use `tukit call` for up, dup and patch to allow resuming an update after
zypper updated itself in the snapshot [bsc#1185226]
- Fix obsolete output type messages in initrd [boo#1177149]
- Make different base snapshot warning more visible [bsc#1185224]
++++ kernel-default:
- Update to 5.13-rc6
- commit e91bc34
- update patch metadata
- update upstream references and move into more appropriate section
patches.suse/0001-x86-ioremap-Map-efi_mem_reserve-memory-as-encrypted-.patch
- commit 716a407
++++ python-Jinja2:
- skip building for Python 2.x
++++ python-MarkupSafe:
- skip building for Python 2.x
------------------------------------------------------------------
------------------ 2021-6-11 - Jun 11 2021 -------------------
------------------------------------------------------------------
++++ glib2:
- Update to version 2.68.3:
+ Bugs fixed:
- testfilemonitor test leaks ip_watched_file_t struct
- GFile: `g_file_replace_contents()` reports
`G_IO_ERROR_WRONG_ETAG` when saving from a symlink
- Backport !2128 “inotify: Fix a memory leak†to glib-2-68
- Backport !2136 “tlscertificate: Avoid possible invalid readâ€
to glib-2-68
- Backport !2138 “glocalfileoutputstream: Fix ETag check when
replacing through a symlink†to glib-2-68.
++++ glibc:
- Enable usrmerge in Factory always as it's default there
- Add conflict with pre-usrmerge filesystem package
++++ gpg2:
- GnuPG 2.3.1:
* The new configuration file common.conf is now used to enable
the use of the key database daemon with "use-keyboxd". Using
this option in gpg.conf and gpgsm.conf is supported for a
transitional period. See doc/example/common.conf for more.
* gpg: Force version 5 key creation for ed448 and cv448 algorithms.
* gpg: By default do not use the self-sigs-only option when
importing from an LDAP keyserver.
* gpg: Lookup a missing public key of the active card via LDAP.
* gpgsm: New command --show-certs.
* scd: Fix CCID driver for SCM SPR332/SPR532.
* scd: Further improvements for PKCS#15 cards.
* New configure option --with-tss to allow the selection of the
TSS library.
- Rebase patches:
* gnupg-add_legacy_FIPS_mode_option.patch
* gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch
* gnupg-dont-fail-with-seahorse-agent.patch
* gnupg-set_umask_before_open_outfile.patch
- GnuPG 2.3.0:
* A new experimental key database daemon is provided. To enable
it put "use-keyboxd" into gpg.conf and gpgsm.conf. Keys are stored
in a SQLite database and make key lookup much faster.
* New tool gpg-card as a flexible frontend for all types of
supported smartcards.
* New option --chuid for gpg, gpgsm, gpgconf, gpg-card, and
gpg-connect-agent.
* The gpg-wks-client tool is now installed under bin; a wrapper for
its old location at libexec is also installed.
* tpm2d: New daemon to physically bind keys to the local machine.
* gpg: Switch to ed25519/cv25519 as default public key algorithms.
* gpg: Verification results now depend on the --sender option and
the signer's UID subpacket.
* gpg: Do not use any 64-bit block size cipher algorithm for
encryption. Use AES as last resort cipher preference instead of
3DES. This can be reverted using --allow-old-cipher-algos.
* gpg: Support AEAD encryption mode using OCB or EAX.
* gpg: Support v5 keys and signatures.
* gpg: Support curve X448 (ed448, cv448).
* gpg: Allow use of group names in key listings.
* gpg: New option --full-timestrings to print date and time.
* gpg: New option --force-sign-key.
* gpg: New option --no-auto-trust-new-key.
* gpg: The legacy key discovery method PKA is no longer supported.
The command --print-pka-records and the PKA related import and
export options have been removed.
* gpg: Support export of Ed448 Secure Shell keys.
* gpgsm: Add basic ECC support.
* gpgsm: Support creation of EdDSA certificates. [#4888]
* agent: Allow the use of "Label:" in a key file to customize the
pinentry prompt.
* agent: Support ssh-agent extensions for environment variables.
With a patched version of OpenSSH this avoids the need for the
"updatestartuptty" kludge.
* scd: Improve support for multiple card readers and tokens.
* scd: Support PIV cards.
* scd: Support for Rohde&Schwarz Cybersecurity cards.
* scd: Support Telesec Signature Cards v2.0
* scd: Support multiple application on certain smartcard.
* scd: New option --application-priority.
* scd: New option --pcsc-shared; see man page for important notes.
* dirmngr: Support a gpgNtds parameter in LDAP keyserver URLs.
* The symcryptrun tool, a wrapper for the now obsolete external
Chiasmus tool, has been removed.
* Full Unicode support for the command line.
- dropped legacy commands: gpg-zip
++++ kernel-default:
- Add arch-dependent support markers in supported.conf (bsc#1186672)
We may need to put some modules as supported only on specific archs.
This extends the supported.conf syntax to allow to put +arch additionally
after the unsupported marker, then it'll be conditionally supported on
that arch.
- commit 8cbdb41
- Create Symbols.list and ipa-clones.list determistically
without this patch, filesystem readdir order would influence
order of entries in these files.
This patch was done while working on reproducible builds for SLE.
- commit a898b6d
- Update config files (bsc#1187167)
Set empty to CONFIG_MODULE_SIG_KEY for reproducible builds
- commit 332b26c
- tipc: fix kernel-doc warnings (git-fixes).
- commit b92eaf7
- Linux 5.12.10 (bsc#1012628).
- mt76: mt7921: add rcu section in mt7921_mcu_tx_rate_report
(bsc#1012628).
- mt76: mt7921: fix possible AOOB issue in
mt7921_mcu_tx_rate_report (bsc#1012628).
- mt76: mt76x0e: fix device hang during suspend/resume
(bsc#1012628).
- hwmon: (dell-smm-hwmon) Fix index values (bsc#1012628).
- hwmon: (pmbus/isl68137) remove READ_TEMPERATURE_3 for RAA228228
(bsc#1012628).
- netfilter: conntrack: unregister ipv4 sockopts on error unwind
(bsc#1012628).
- efi/fdt: fix panic when no valid fdt found (bsc#1012628).
- efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared
(bsc#1012628).
- efi/libstub: prevent read overflow in find_file_option()
(bsc#1012628).
- efi: cper: fix snprintf() use in cper_dimm_err_location()
(bsc#1012628).
- vfio/pci: Fix error return code in vfio_ecap_init()
(bsc#1012628).
- vfio/pci: zap_vma_ptes() needs MMU (bsc#1012628).
- samples: vfio-mdev: fix error handing in mdpy_fb_probe()
(bsc#1012628).
- vfio/platform: fix module_put call in error flow (bsc#1012628).
- ipvs: ignore IP_VS_SVC_F_HASHED flag when adding service
(bsc#1012628).
- HID: logitech-hidpp: initialize level variable (bsc#1012628).
- HID: pidff: fix error return code in hid_pidff_init()
(bsc#1012628).
- HID: amd_sfh: Fix memory leak in amd_sfh_work (bsc#1012628).
- HID: i2c-hid: fix format string mismatch (bsc#1012628).
- kbuild: Quote OBJCOPY var to avoid a pahole call break the build
(bsc#1012628).
- devlink: Correct VIRTUAL port to not have phys_port attributes
(bsc#1012628).
- net/sched: act_ct: Offload connections with commit action
(bsc#1012628).
- net/sched: act_ct: Fix ct template allocation for zone 0
(bsc#1012628).
- mptcp: fix sk_forward_memory corruption on retransmission
(bsc#1012628).
- mptcp: always parse mptcp options for MPC reqsk (bsc#1012628).
- mptcp: do not reset MP_CAPABLE subflow on mapping errors
(bsc#1012628).
- nvme-rdma: fix in-casule data send for chained sgls
(bsc#1012628).
- ACPICA: Clean up context mutex during object deletion
(bsc#1012628).
- perf probe: Fix NULL pointer dereference in
convert_variable_location() (bsc#1012628).
- net: dsa: tag_8021q: fix the VLAN IDs used for encoding
sub-VLANs (bsc#1012628).
- net: sock: fix in-kernel mark setting (bsc#1012628).
- net/tls: Replace TLS_RX_SYNC_RUNNING with RCU (bsc#1012628).
- net/tls: Fix use-after-free after the TLS device goes down
and up (bsc#1012628).
- net/mlx5e: Fix incompatible casting (bsc#1012628).
- net/mlx5: Check firmware sync reset requested is set before
trying to abort it (bsc#1012628).
- net/mlx5e: Check for needed capability for cvlan matching
(bsc#1012628).
- net/mlx5e: Fix adding encap rules to slow path (bsc#1012628).
- net/mlx5: DR, Create multi-destination flow table with level
less than 64 (bsc#1012628).
- nvmet: fix freeing unallocated p2pmem (bsc#1012628).
- netfilter: nft_ct: skip expectations for confirmed conntrack
(bsc#1012628).
- netfilter: nfnetlink_cthelper: hit EBUSY on updates if size
mismatches (bsc#1012628).
- drm/i915/selftests: Fix return value check in
live_breadcrumbs_smoketest() (bsc#1012628).
- bpf, lockdown, audit: Fix buggy SELinux lockdown permission
checks (bsc#1012628).
- ieee802154: fix error return code in ieee802154_add_iface()
(bsc#1012628).
- ieee802154: fix error return code in
ieee802154_llsec_getparams() (bsc#1012628).
- igb: Fix XDP with PTP enabled (bsc#1012628).
- igb: add correct exception tracing for XDP (bsc#1012628).
- ixgbevf: add correct exception tracing for XDP (bsc#1012628).
- ice: track AF_XDP ZC enabled queues in bitmap (bsc#1012628).
- cxgb4: fix regression with HASH tc prio value update
(bsc#1012628).
- ipv6: Fix KASAN: slab-out-of-bounds Read in
fib6_nh_flush_exceptions (bsc#1012628).
- ice: Fix allowing VF to request more/less queues via virtchnl
(bsc#1012628).
- ice: Fix VFR issues for AVF drivers that expect ATQLEN cleared
(bsc#1012628).
- ice: handle the VF VSI rebuild failure (bsc#1012628).
- ice: report supported and advertised autoneg using PHY
capabilities (bsc#1012628).
- ice: Allow all LLDP packets from PF to Tx (bsc#1012628).
- i2c: qcom-geni: Add shutdown callback for i2c (bsc#1012628).
- sch_htb: fix refcount leak in htb_parent_to_leaf_offload
(bsc#1012628).
- cxgb4: avoid link re-train during TC-MQPRIO configuration
(bsc#1012628).
- i40e: optimize for XDP_REDIRECT in xsk path (bsc#1012628).
- i40e: add correct exception tracing for XDP (bsc#1012628).
- ice: optimize for XDP_REDIRECT in xsk path (bsc#1012628).
- ice: add correct exception tracing for XDP (bsc#1012628).
- ixgbe: optimize for XDP_REDIRECT in xsk path (bsc#1012628).
- ixgbe: add correct exception tracing for XDP (bsc#1012628).
- arm64: dts: ti: j7200-main: Mark Main NAVSS as dma-coherent
(bsc#1012628).
- optee: use export_uuid() to copy client UUID (bsc#1012628).
- bus: ti-sysc: Fix am335x resume hang for usb otg module
(bsc#1012628).
- arm64: dts: ls1028a: fix memory node (bsc#1012628).
- arm64: dts: zii-ultra: remove second GEN_3V3 regulator instance
(bsc#1012628).
- arm64: dts: zii-ultra: fix 12V_MAIN voltage (bsc#1012628).
- arm64: dts: freescale: sl28: var4: fix RGMII clock and voltage
(bsc#1012628).
- arm64: dts: freescale: sl28: var1: fix RGMII clock and voltage
(bsc#1012628).
- ARM: dts: imx7d-meerkat96: Fix the 'tuning-step' property
(bsc#1012628).
- ARM: dts: imx7d-pico: Fix the 'tuning-step' property
(bsc#1012628).
- ARM: dts: imx: emcon-avari: Fix nxp,pca8574 #gpio-cells
(bsc#1012628).
- bus: ti-sysc: Fix flakey idling of uarts and stop using
swsup_sidle_act (bsc#1012628).
- arm64: meson: select COMMON_CLK (bsc#1012628).
- tipc: add extack messages for bearer/media failure
(bsc#1012628).
- tipc: fix unique bearer names sanity check (bsc#1012628).
- riscv: vdso: fix and clean-up Makefile (bsc#1012628).
- amdgpu: fix GEM obj leak in
amdgpu_display_user_framebuffer_create (bsc#1012628).
- io_uring: fix link timeout refs (bsc#1012628).
- io_uring: use better types for cflags (bsc#1012628).
- io_uring: wrap io_kiocb reference count manipulation in helpers
(bsc#1012628).
- io_uring: fix ltout double free on completion race
(bsc#1012628).
- drm/amdgpu/vcn3: add cancel_delayed_work_sync before power gate
(bsc#1012628).
- drm/amdgpu/jpeg2.5: add cancel_delayed_work_sync before power
gate (bsc#1012628).
- drm/amdgpu/jpeg3: add cancel_delayed_work_sync before power gate
(bsc#1012628).
- Bluetooth: fix the erroneous flush_work() order (bsc#1012628).
- Bluetooth: use correct lock to prevent UAF of hdev object
(bsc#1012628).
- wireguard: do not use -O3 (bsc#1012628).
- wireguard: peer: allocate in kmem_cache (bsc#1012628).
- wireguard: use synchronize_net rather than synchronize_rcu
(bsc#1012628).
- wireguard: selftests: remove old conntrack kconfig value
(bsc#1012628).
- wireguard: selftests: make sure rp_filter is disabled on vethc
(bsc#1012628).
- wireguard: allowedips: initialize list head in selftest
(bsc#1012628).
- wireguard: allowedips: remove nodes in O(1) (bsc#1012628).
- wireguard: allowedips: allocate nodes in kmem_cache
(bsc#1012628).
- wireguard: allowedips: free empty intermediate nodes when
removing single node (bsc#1012628).
- net: caif: added cfserl_release function (bsc#1012628).
- net: caif: add proper error handling (bsc#1012628).
- net: caif: fix memory leak in caif_device_notify (bsc#1012628).
- net: caif: fix memory leak in cfusbl_device_notify
(bsc#1012628).
- HID: i2c-hid: Skip ELAN power-on command after reset
(bsc#1012628).
- HID: magicmouse: fix NULL-deref on disconnect (bsc#1012628).
- HID: multitouch: require Finger field to mark Win8 reports as MT
(bsc#1012628).
- gfs2: fix scheduling while atomic bug in glocks (bsc#1012628).
- ALSA: timer: Fix master timer notification (bsc#1012628).
- ALSA: hda: Fix for mute key LED for HP Pavilion 15-CK0xx
(bsc#1012628).
- ALSA: hda: update the power_state during the direct-complete
(bsc#1012628).
- ARM: dts: imx6dl-yapp4: Fix RGMII connection to QCA8334 switch
(bsc#1012628).
- ARM: dts: imx6q-dhcom: Add PU,VDD1P1,VDD2P5 regulators
(bsc#1012628).
- ext4: fix memory leak in ext4_fill_super (bsc#1012628).
- ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at
failed (bsc#1012628).
- ext4: fix fast commit alignment issues (bsc#1012628).
- ext4: fix memory leak in ext4_mb_init_backend on error path
(bsc#1012628).
- ext4: fix accessing uninit percpu counter variable with
fast_commit (bsc#1012628).
- usb: dwc2: Fix build in periphal-only mode (bsc#1012628).
- Revert "MIPS: make userspace mapping young by default"
(bsc#1012628).
- kfence: maximize allocation wait timeout duration (bsc#1012628).
- kfence: use TASK_IDLE when awaiting allocation (bsc#1012628).
- pid: take a reference when initializing `cad_pid` (bsc#1012628).
- ocfs2: fix data corruption by fallocate (bsc#1012628).
- mm/debug_vm_pgtable: fix alignment for pmd/pud_advanced_tests()
(bsc#1012628).
- mm/page_alloc: fix counting of free pages after take off from
buddy (bsc#1012628).
- scsi: lpfc: Fix failure to transmit ABTS on FC link
(bsc#1012628).
- x86/cpufeatures: Force disable X86_FEATURE_ENQCMD and remove
update_pasid() (bsc#1012628).
- dmaengine: idxd: Use cpu_feature_enabled() (bsc#1012628).
- x86/sev: Check SME/SEV support in CPUID first (bsc#1012628).
- KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path
(bsc#1012628).
- nfc: fix NULL ptr dereference in llcp_sock_getname() after
failed connect (bsc#1012628).
- drm/amdgpu: Don't query CE and UE errors (bsc#1012628).
- drm/amdgpu: make sure we unpin the UVD BO (bsc#1012628).
- x86/apic: Mark _all_ legacy interrupts when IO/APIC is missing
(bsc#1012628).
- x86/thermal: Fix LVT thermal setup for SMI delivery mode
(bsc#1012628).
- powerpc/kprobes: Fix validation of prefixed instructions across
page boundary (bsc#1012628).
- btrfs: mark ordered extent and inode with error if we fail to
finish (bsc#1012628).
- btrfs: fix error handling in btrfs_del_csums (bsc#1012628).
- btrfs: return errors from btrfs_del_csums in cleanup_ref_head
(bsc#1012628).
- btrfs: fix fsync failure and transaction abort after writes
to prealloc extents (bsc#1012628).
- btrfs: check error value from btrfs_update_inode in tree log
(bsc#1012628).
- btrfs: fixup error handling in fixup_inode_link_counts
(bsc#1012628).
- btrfs: abort in rename_exchange if we fail to insert the second
ref (bsc#1012628).
- btrfs: fix deadlock when cloning inline extents and low on
available space (bsc#1012628).
- mm, hugetlb: fix simple resv_huge_pages underflow on UFFDIO_COPY
(bsc#1012628).
- drm/msm/dpu: always use mdp device to scale bandwidth
(bsc#1012628).
- KVM: SVM: Truncate GPR value for DR and CR accesses in !64-bit
mode (bsc#1012628).
- x86/kvm: Teardown PV features on boot CPU as well (bsc#1012628).
- x86/kvm: Disable kvmclock on all CPUs on shutdown (bsc#1012628).
- x86/kvm: Disable all PV features on crash (bsc#1012628).
- KVM: arm64: Commit pending PC adjustemnts before returning to
userspace (bsc#1012628).
- KVM: arm64: Resolve all pending PC updates before immediate exit
(bsc#1012628).
- ARM: OMAP1: isp1301-omap: Add missing gpiod_add_lookup_table
function (bsc#1012628).
- i2c: qcom-geni: Suspend and resume the bus during
SYSTEM_SLEEP_PM ops (bsc#1012628).
- x86/fault: Don't send SIGSEGV twice on SEGV_PKUERR
(bsc#1012628).
- netfilter: nf_tables: missing error reporting for not selected
expressions (bsc#1012628).
- xen-netback: take a reference to the RX task thread
(bsc#1012628).
- neighbour: allow NUD_NOARP entries to be forced GCed
(bsc#1012628).
- commit c24c929
++++ libgcrypt:
- Security fix: [bsc#1187212, CVE-2021-33560]
* cipher: Fix ElGamal encryption for other implementations.
* Exponent blinding was added in version 1.9.3. This patch
fixes ElGamal encryption, see: https://dev.gnupg.org/T5328
- Add libgcrypt-CVE-2021-33560-fix-ElGamal-enc.patch
++++ libksba:
- libksba 1.6.0:
* Limited support for the Authenticated-Enveloped-Data
content type.
* Support password based decryption.
* Silence warnings from static analyzers.
* Interface changes relative to the 1.5.0 release:
- KSBA_CT_AUTHENVELOPED_DATA NEW.
++++ openssl-3:
- Update to 3.0.0 Alpha 17
* Added migration guide to man7
* Implemented support for fully "pluggable" TLSv1.3 groups
* Added convenience functions for generating asymmetric key pairs.
* Added a proper HTTP client supporting GET with optional redirection,
POST, arbitrary request and response content types, TLS, persistent
connections, connections via HTTP(s) proxies, connections and
exchange via user-defined BIOs (allowing implicit connections), and
timeout checks.
++++ libpcap:
- Update to 1.10.1
* Fix "type XXX subtype YYY" giving a parse error
* Add PCAP_AVAILABLE_1_11.
* Rename struct bpf_aux_data to avoid NetBSD compile errors
* Fix cross-builds with older kernels lacking BPF_MOD and BPF_XOR
* Fix Bison detection for minor version 0.
* Fix parallel build with FreeBSD make.
* Get DLT_MATCHING_MAX right in gencode.c on NetBSD.
* Define timeradd() and timersub() if necessary.
* Fix Cygwin/MSYS target directories.
* Fix symlinking with DESTDIR.
* Fix generation of libpcap.pc with CMake when not building
a shared library.
* Support reading version 1.2, which some writers produce,
and which is the same as 1.0
* Drop support for text-mode USB captures, as we require a 2.6.27
or later kernel
* Bluetooth: fix non-blocking mode. Don't assume that all compilers
used to build for Linux support the __atomic builtins
++++ openSUSE-build-key:
- remove dumpsigs, unused since SLE12+ (rpm 4.x) (bsc#1186827)
- add URL
- spec-cleaner run
++++ osinfo-db:
- Update to database version 20210531
osinfo-db-20210531.tar.xz
- Drop add-leap15.3-support.patch
++++ qemu:
- Improve compatibility with gcc 11:
target-sh4-Return-error-if-CPUClass-get_.patch
tcg-arm-Fix-tcg_out_op-function-signatur.patch
------------------------------------------------------------------
------------------ 2021-6-10 - Jun 10 2021 -------------------
------------------------------------------------------------------
++++ glibc:
- mq-notify-use-after-free.patch: Use __pthread_attr_copy in mq_notify
(CVE-2021-33574, bsc#1186489, BZ #27896)
- Drop glibc-usrmerge-bootstrap-helper package
++++ kernel-default:
- kernel-binary.spec.in: Add Supplements: for -extra package on Leap
kernel-$flavor-extra should supplement kernel-$flavor on Leap, like
it does on SLED, and like the kernel-$flavor-optional package does.
- commit c60d87f
++++ libxslt:
- Backport upstream xsltproc manpage fix
f165525f Recreate xsltproc man page with old Docbook stylesheet URL
Recreate-xsltproc-man-page-with-old-Docbook-styleshe.patch
++++ libzypp:
- Enhance XML output of repo GPG options (fixes openSUSE/zypper#390)
In addition to the effective values, add optional attributes
showing the raw values actually present in the .repo file.
(raw_gpgcheck, raw_repo_gpgcheck, raw_pkg_gpgcheck)
- Link all executables with -pie (bsc#1186447)
- Ship an empty /etc/zypp/needreboot per default (fixes #311, jsc#PM-2645)
If packages want to trigger the reboot-needed hiint upon installation
they may provide 'installhint(reboot-needed)'.
Builtin packages triggering the hint without the provides are
only kernel and kernel-firmware related.
- Add Solvable::isBlacklisted as superset of retracted and ptf
packages (bsc#1186503)
- Fix segv if ZYPP_FULLOG is set (fixes #317)
- version 17.27.0 (22)
++++ suse-module-tools:
- Update to version 16.0.2:
* fix kernel version in dracut invocation (bug in 16.0.0)
* spec file: really fix ppc64/ppc64le
++++ systemd-presets-common-SUSE:
- To make update of package man work with its new upstream timer
and service units both called man-db enable also man-db.timer
++++ zypper:
- Link all executables with -pie (bsc#1186447)
- Tag PTF packages in the status column (bsc#1186503)
Like retracted packages, a program temporary fix must be
explicitly selected and will otherwise not be considered in
dependency resolution.
- BuildRequires: libzypp-devel >= 17.26.1.
- version 1.14.46
------------------------------------------------------------------
------------------ 2021-6-9 - Jun 9 2021 -------------------
------------------------------------------------------------------
++++ libalternatives:
- Version v1.0.0:
* Prefix symbols with libalts_ to avoid symbol clashes
* Add symbol visibility and versioning
* Decamelize public symbols and rename
++++ ca-certificates:
- Update to version 2+git20210609.a4969d7:
* Restore /etc/ssl/ca-bundle.pem if it doesn't exist
* Get rid of ls
* Fix indent inconsistencies
* Create /var/lib/ca-certificates if needed
* Install hooks with correct number
* Remove legacy files
* Remove find from update-ca-certificates
++++ filesystem:
- Mark /boot, /home, /mnt, /opt, /srv and /usr/local as
%ghost and create from lua in case mounted eg from a read-only fs
such as NFS. Except for the latter also mark them as 0555 while we
are at it (boo#1186894)
- Add /etc/motd.d and /usr/lib/motd.d [bsc#1185897]
++++ alsa:
- Fix regression in config read and UCM handling on pipewire and
pulseaudio (boo#1187079, boo#1187033):
0001-conf-fix-load_for_all_cards.patch
0002-ucm-add-_alibpref-to-get-the-private-device-prefix.patch
0003-ucm-fix-_alibpref-string-add-.-delimiter-to-the-end.patch
++++ fuse3:
- Update to release 3.10.4
* Source code: fixed memory leaks in examples.
++++ hidapi:
- Add 0001-configure.ac-remove-duplicate-AC_CONFIG_MACRO_DIR-22.patch:
fix boo#1187056
++++ libnettle:
- GNU Nettle 3.7.3: [CVE-2021-3580, bsc#1187060]
* Fix crash for zero input to rsa_sec_decrypt and
rsa_decrypt_tr. Potential denial of service vector.
* Ensure that all of rsa_decrypt_tr and rsa_sec_decrypt return
failure for out of range inputs, instead of either crashing,
or silently reducing input modulo n. Potential denial of
service vector.
* Ensure that rsa_decrypt returns failure for out of range
inputs, instead of silently reducing input modulo n.
* Ensure that rsa_sec_decrypt returns failure if the message
size is too large for the given key. Unlike the other bugs,
this would typically be triggered by invalid local
configuration, rather than by processing untrusted remote
data.
++++ polkit:
- Fix verifyscript: the path to the binary was wrongly defined as
%{_libexecdir}/lib.
++++ libzio:
- Correct download URL
- Version 1.08: Fix bug triggered by short files
++++ pam:
- Remove legacy pre-usrmerge compat code (removed pam-usrmerge.diff)
- Backport patch to not install /usr/etc/securetty (boo#1033626) ie
no distro defaults and don't complain about it missing
(pam_securetty-don-t-complain-about-missing-config.patch)
- add debug bcond to be able to build pam with debug output easily
- add macros file to allow other packages to stop hardcoding
directory names. Compatible with Fedora.
++++ qemu:
- Enable zstd compression option to qcow2
++++ ovmf:
- Add ovmf-bsc1186151-fix-iscsi-overflows.patch to fix the possible
overflows in IScsiDxe (bsc#1186151)
++++ tar:
- Link /var/lib/tests/tar/bin/genfile as Position-Independent Executable
(bsc#1184124).
+ tar-PIE.patch
++++ thin-provisioning-tools:
- Link as position-independent executable (bsc#1184124).
++++ u-boot-rpiarm64:
Fix Ethernet PHY initialization on OdroidC2 (boo#1187095)
Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.04
* Patches added:
0015-arm64-dts-meson-odroidc2-readd-PHY-.patch
------------------------------------------------------------------
------------------ 2021-6-8 - Jun 8 2021 -------------------
------------------------------------------------------------------
++++ compat-usrmerge:
- early exit in case of overlayfs (boo#1187027)
- Avoid dependency on mountpoint from util-linux
- Also check for availability of find
++++ lvm2-device-mapper:
- update lvm2 from LVM2.03.10 to LVM2.2.03.12 (bsc#1187010)
* ** WHATS_NEW from 2.03.11 to 2.03.12 ***
Version 2.03.12 - 07th May 2021
===============================
Allow attaching cache to thin data volume.
Fix memleak when generating list of outdated pvs.
Better hyphenation usage in man pages.
Replace use of deprecated security_context_t with char*.
Configure supports AIO_LIBS and AIO_CFLAGS.
Improve build process for static builds.
New --setautoactivation option to modify LV or VG auto activation.
New metadata based autoactivation property for LVs and VGs.
Improve signal handling with lvmpolld.
Signal handler can interrupt command also for SIGTERM.
Lvreduce --yes support.
Add configure option --with/out-symvers for non-glibc builds.
Report error when the filesystem is missing on fsadm resized volume.
Handle better blockdev with --getsize64 support for fsadm.
Do not include editline/history.h when using editline library.
Support error and zero segtype for thin-pool data for testing.
Support mixed extension for striped, error and zero segtypes.
Support resize also for stacked virtual volumes.
Skip dm-zero devices just like with dm-error target.
Reduce ioctl() calls when checking target status.
Merge polling does not fail, when LV is found to be already merged.
Poll volumes with at least 100ms delays.
Do not flush dm cache when cached LV is going to be removed.
New lvmlockctl_kill_command configuration option.
Support interruption while waiting on device close before deactivation.
Flush thin-pool messages before removing more thin volumes.
Improve hash function with less collisions and make it faster.
Reduce ioctl count when deactivating volumes.
Reduce number of metadata parsing.
Enhance performance of lvremove and vgremove commands.
Support interruption when taking archive and backup.
Accelerate large lvremoves.
Speedup search for cached device nodes.
Speedup command initialization.
Add devices file feature, off by default for now.
Support extension of writecached volumes.
Fix problem with unbound variable usage within fsadm.
Fix IMSM MD RAID detection on 4k devices.
Check for presence of VDO target before starting any conversion.
Support metatadata profiles with volume VDO pool conversions.
Support -Zn for conversion of already formated VDO pools.
Avoid removing LVs on error path of lvconvert during creation volumes.
Fix crashing lvdisplay when thin volume was waiting for merge.
Support option --errorwhenfull when converting volume to thin-pool.
Improve thin-performance profile support conversion to thin-pool.
Add workaround to avoid read of internal 'converted' devices.
Prohibit merging snapshot into the read-only thick snapshot origin.
Restore support for flipping rw/r permissions for thin snapshot origin.
Support resize of cached volumes.
Disable autoactivation with global/event_activation=0.
Check if lvcreate passes read_only_volume_list with tags and skips zeroing.
Allocation prints better error when metadata cannot fit on a single PV.
Pvmove can better resolve full thin-pool tree move.
Limit pool metadata spare to 16GiB.
Improves conversion and allocation of pool metadata.
Support thin pool metadata 15.88GiB, adds 64MiB, thin_pool_crop_metadata=0.
Enhance lvdisplay to report raid available/partial.
Support online rename of VDO pools.
Improve removal of pmspare when last pool is removed.
Fix problem with wiping of converted LVs.
Fix memleak in scanning (2.03.11).
Fix corner case allocation for thin-pools.
Version 2.03.11 - 08th January 2021
===================================
Fix pvck handling MDA at offset different from 4096.
Partial or degraded activation of writecache is not allowed.
Enhance error handling for fsadm and handle correct fsck result.
Dmeventd lvm plugin ignores higher reserved_stack lvm.conf values.
Support using BLKZEROOUT for clearing devices.
Support interruption when wipping LVs.
Support interruption for bcache waiting.
Fix bcache when device has too many failing writes.
Fix bcache waiting for IO completion with failing disks.
Configure use own python path name order to prefer using python3.
Add configure --enable-editline support as an alternative to readline.
Enhance reporting and error handling when creating thin volumes.
Enable vgsplit for VDO volumes.
Lvextend of vdo pool volumes ensure at least 1 new VDO slab is added.
Use revert_lv() on reload error path after vg_revert().
Configure --with-integrity enabled.
Restore lost signal blocking while VG lock is held.
Improve estimation of needed extents when creating thin-pool.
Use extra 1% when resizing thin-pool metadata LV with --use-policy.
Enhance --use-policy percentage rounding.
Configure --with-vdo and --with-writecache as internal segments.
Improving VDO man page examples.
Allow pvmove of writecache origin.
Report integrity fields.
Integrity volumes defaults to journal mode.
Switch code base to use flexible array syntax.
Fix 64bit math when calculation cachevol size.
Preserve uint32_t for seqno handling.
Switch from mmap to plain read when loading regular files.
Update lvmvdo man page and better explain DISCARD usage.
* ** WHATS_NEW_DM from 1.02.175 to 1.02.177 ***
Version 1.02.177 - 07th May 2021
================================
Configure proceeds without libaio to allow build of device-mapper only.
Fix symbol versioning build with -O2 -flto.
Add dm_tree_node_add_thin_pool_target_v1 with crop_metadata support.
- Drop patches that have been merged into upstream
- bug-1175565_01-tools-move-struct-element-before-variable-lenght-lis.patch
- bug-1175565_02-gcc-change-zero-sized-array-to-fexlible-array.patch
- bug-1175565_03-gcc-zero-sized-array-to-fexlible-array-C99.patch
- bug-1178680_add-metadata-based-autoactivation-property-for-VG-an.patch
- bug-1185190_01-pvscan-support-disabled-event_activation.patch
- bug-1185190_02-config-improve-description-for-event_activation.patch
- Add patch
+ 0001-lvmlockd-idm-Introduce-new-locking-scheme.patch
+ 0002-lvmlockd-idm-Hook-Seagate-IDM-wrapper-APIs.patch
+ 0003-lib-locking-Add-new-type-idm.patch
+ 0004-lib-locking-Parse-PV-list-for-IDM-locking.patch
+ 0005-tools-Add-support-for-idm-lock-type.patch
+ 0006-configure-Add-macro-LOCKDIDM_SUPPORT.patch
+ 0007-enable-command-syntax-for-thin-and-writecache.patch
+ 0008-lvremove-fix-removing-thin-pool-with-writecache-on-d.patch
+ 0009-vdo-fix-preload-of-kvdo.patch
+ 0010-writecache-fix-lv_on_pmem.patch
+ 0011-writecache-don-t-pvmove-device-used-by-writecache.patch
+ 0012-pvchange-fix-file-locking-deadlock.patch
+ 0013-tests-Enable-the-testing-for-IDM-locking-scheme.patch
+ 0014-tests-Support-multiple-backing-devices.patch
+ 0015-tests-Cleanup-idm-context-when-prepare-devices.patch
+ 0016-tests-Add-checking-for-lvmlockd-log.patch
+ 0017-tests-stress-Add-single-thread-stress-testing.patch
+ 0018-tests-stress-Add-multi-threads-stress-testing-for-VG.patch
+ 0019-tests-stress-Add-multi-threads-stress-testing-for-PV.patch
+ 0020-tests-Support-idm-failure-injection.patch
+ 0021-tests-Add-testing-for-lvmlockd-failure.patch
+ 0022-tests-idm-Add-testing-for-the-fabric-failure.patch
+ 0023-tests-idm-Add-testing-for-the-fabric-failure-and-tim.patch
+ 0024-tests-idm-Add-testing-for-the-fabric-s-half-brain-fa.patch
+ 0025-tests-idm-Add-testing-for-IDM-lock-manager-failure.patch
+ 0026-tests-multi-hosts-Add-VG-testing.patch
+ 0027-tests-multi-hosts-Add-LV-testing.patch
+ 0028-tests-multi-hosts-Test-lease-timeout-with-LV-exclusi.patch
+ 0029-tests-multi-hosts-Test-lease-timeout-with-LV-shareab.patch
+ 0030-fix-empty-mem-pool-leak.patch
+ 0031-tests-writecache-blocksize-add-dm-cache-tests.patch
+ 0032-tests-rename-test.patch
+ 0033-tests-add-writecache-cache-blocksize-2.patch
+ 0034-lvmlockd-Fix-the-compilation-warning.patch
+ 0035-devices-don-t-use-deleted-loop-backing-file-for-devi.patch
+ 0036-man-help-fix-common-option-listing.patch
+ 0037-archiving-take-archive-automatically.patch
+ 0038-backup-automatically-store-data-on-vg_unlock.patch
+ 0039-archive-avoid-abuse-of-internal-flag.patch
+ 0040-pvck-add-lock_global-before-clean_hint_file.patch
+ 0041-lvmdevices-add-deviceidtype-option.patch
- Update patch
- bug-1184687_Add-nolvm-for-kernel-cmdline.patch
- fate-31841_fsadm-add-support-for-btrfs.patch
- lvm.conf
- trim tail space
- fix typo
- [new item] devices/use_devicesfile
- [new item] devices/devicesfile
- [new item] devices/search_for_devnames
- [new item] allocation/thin_pool_crop_metadata
- [new item] global/lvmlockctl_kill_command
- [new item] global/vdo_disabled_features
++++ gobject-introspection:
- gi-find-deps.sh: Don't use HOSTTYPE, use RPM_ARCH.
- ia64 never used ()(64bit) markers, do drop that from gi-find-deps.
- gi-find-deps.sh: on Tumbleweed, HOSTTYPE on ppc64/ppc64le reports
powerpc64 and powerpc64le: accept those strings as 64bit archs.
++++ kernel-default:
- x86/ioremap: Map efi_mem_reserve() memory as encrypted for SEV (bsc#1186884).
- commit e0a9eac
- x86/ioremap: Map efi_mem_reserve() memory as encrypted for SEV (bsc#1186884).
- commit c7fb36b
++++ augeas:
- add remove-unportable-tests.patch to fix build
++++ schily:
- Update to release 2021.06.07
* Manpage updates
++++ lvm2:
- update lvm2 from LVM2.03.10 to LVM2.2.03.12 (bsc#1187010)
* ** WHATS_NEW from 2.03.11 to 2.03.12 ***
Version 2.03.12 - 07th May 2021
===============================
Allow attaching cache to thin data volume.
Fix memleak when generating list of outdated pvs.
Better hyphenation usage in man pages.
Replace use of deprecated security_context_t with char*.
Configure supports AIO_LIBS and AIO_CFLAGS.
Improve build process for static builds.
New --setautoactivation option to modify LV or VG auto activation.
New metadata based autoactivation property for LVs and VGs.
Improve signal handling with lvmpolld.
Signal handler can interrupt command also for SIGTERM.
Lvreduce --yes support.
Add configure option --with/out-symvers for non-glibc builds.
Report error when the filesystem is missing on fsadm resized volume.
Handle better blockdev with --getsize64 support for fsadm.
Do not include editline/history.h when using editline library.
Support error and zero segtype for thin-pool data for testing.
Support mixed extension for striped, error and zero segtypes.
Support resize also for stacked virtual volumes.
Skip dm-zero devices just like with dm-error target.
Reduce ioctl() calls when checking target status.
Merge polling does not fail, when LV is found to be already merged.
Poll volumes with at least 100ms delays.
Do not flush dm cache when cached LV is going to be removed.
New lvmlockctl_kill_command configuration option.
Support interruption while waiting on device close before deactivation.
Flush thin-pool messages before removing more thin volumes.
Improve hash function with less collisions and make it faster.
Reduce ioctl count when deactivating volumes.
Reduce number of metadata parsing.
Enhance performance of lvremove and vgremove commands.
Support interruption when taking archive and backup.
Accelerate large lvremoves.
Speedup search for cached device nodes.
Speedup command initialization.
Add devices file feature, off by default for now.
Support extension of writecached volumes.
Fix problem with unbound variable usage within fsadm.
Fix IMSM MD RAID detection on 4k devices.
Check for presence of VDO target before starting any conversion.
Support metatadata profiles with volume VDO pool conversions.
Support -Zn for conversion of already formated VDO pools.
Avoid removing LVs on error path of lvconvert during creation volumes.
Fix crashing lvdisplay when thin volume was waiting for merge.
Support option --errorwhenfull when converting volume to thin-pool.
Improve thin-performance profile support conversion to thin-pool.
Add workaround to avoid read of internal 'converted' devices.
Prohibit merging snapshot into the read-only thick snapshot origin.
Restore support for flipping rw/r permissions for thin snapshot origin.
Support resize of cached volumes.
Disable autoactivation with global/event_activation=0.
Check if lvcreate passes read_only_volume_list with tags and skips zeroing.
Allocation prints better error when metadata cannot fit on a single PV.
Pvmove can better resolve full thin-pool tree move.
Limit pool metadata spare to 16GiB.
Improves conversion and allocation of pool metadata.
Support thin pool metadata 15.88GiB, adds 64MiB, thin_pool_crop_metadata=0.
Enhance lvdisplay to report raid available/partial.
Support online rename of VDO pools.
Improve removal of pmspare when last pool is removed.
Fix problem with wiping of converted LVs.
Fix memleak in scanning (2.03.11).
Fix corner case allocation for thin-pools.
Version 2.03.11 - 08th January 2021
===================================
Fix pvck handling MDA at offset different from 4096.
Partial or degraded activation of writecache is not allowed.
Enhance error handling for fsadm and handle correct fsck result.
Dmeventd lvm plugin ignores higher reserved_stack lvm.conf values.
Support using BLKZEROOUT for clearing devices.
Support interruption when wipping LVs.
Support interruption for bcache waiting.
Fix bcache when device has too many failing writes.
Fix bcache waiting for IO completion with failing disks.
Configure use own python path name order to prefer using python3.
Add configure --enable-editline support as an alternative to readline.
Enhance reporting and error handling when creating thin volumes.
Enable vgsplit for VDO volumes.
Lvextend of vdo pool volumes ensure at least 1 new VDO slab is added.
Use revert_lv() on reload error path after vg_revert().
Configure --with-integrity enabled.
Restore lost signal blocking while VG lock is held.
Improve estimation of needed extents when creating thin-pool.
Use extra 1% when resizing thin-pool metadata LV with --use-policy.
Enhance --use-policy percentage rounding.
Configure --with-vdo and --with-writecache as internal segments.
Improving VDO man page examples.
Allow pvmove of writecache origin.
Report integrity fields.
Integrity volumes defaults to journal mode.
Switch code base to use flexible array syntax.
Fix 64bit math when calculation cachevol size.
Preserve uint32_t for seqno handling.
Switch from mmap to plain read when loading regular files.
Update lvmvdo man page and better explain DISCARD usage.
* ** WHATS_NEW_DM from 1.02.175 to 1.02.177 ***
Version 1.02.177 - 07th May 2021
================================
Configure proceeds without libaio to allow build of device-mapper only.
Fix symbol versioning build with -O2 -flto.
Add dm_tree_node_add_thin_pool_target_v1 with crop_metadata support.
- Drop patches that have been merged into upstream
- bug-1175565_01-tools-move-struct-element-before-variable-lenght-lis.patch
- bug-1175565_02-gcc-change-zero-sized-array-to-fexlible-array.patch
- bug-1175565_03-gcc-zero-sized-array-to-fexlible-array-C99.patch
- bug-1178680_add-metadata-based-autoactivation-property-for-VG-an.patch
- bug-1185190_01-pvscan-support-disabled-event_activation.patch
- bug-1185190_02-config-improve-description-for-event_activation.patch
- Add patch
+ 0001-lvmlockd-idm-Introduce-new-locking-scheme.patch
+ 0002-lvmlockd-idm-Hook-Seagate-IDM-wrapper-APIs.patch
+ 0003-lib-locking-Add-new-type-idm.patch
+ 0004-lib-locking-Parse-PV-list-for-IDM-locking.patch
+ 0005-tools-Add-support-for-idm-lock-type.patch
+ 0006-configure-Add-macro-LOCKDIDM_SUPPORT.patch
+ 0007-enable-command-syntax-for-thin-and-writecache.patch
+ 0008-lvremove-fix-removing-thin-pool-with-writecache-on-d.patch
+ 0009-vdo-fix-preload-of-kvdo.patch
+ 0010-writecache-fix-lv_on_pmem.patch
+ 0011-writecache-don-t-pvmove-device-used-by-writecache.patch
+ 0012-pvchange-fix-file-locking-deadlock.patch
+ 0013-tests-Enable-the-testing-for-IDM-locking-scheme.patch
+ 0014-tests-Support-multiple-backing-devices.patch
+ 0015-tests-Cleanup-idm-context-when-prepare-devices.patch
+ 0016-tests-Add-checking-for-lvmlockd-log.patch
+ 0017-tests-stress-Add-single-thread-stress-testing.patch
+ 0018-tests-stress-Add-multi-threads-stress-testing-for-VG.patch
+ 0019-tests-stress-Add-multi-threads-stress-testing-for-PV.patch
+ 0020-tests-Support-idm-failure-injection.patch
+ 0021-tests-Add-testing-for-lvmlockd-failure.patch
+ 0022-tests-idm-Add-testing-for-the-fabric-failure.patch
+ 0023-tests-idm-Add-testing-for-the-fabric-failure-and-tim.patch
+ 0024-tests-idm-Add-testing-for-the-fabric-s-half-brain-fa.patch
+ 0025-tests-idm-Add-testing-for-IDM-lock-manager-failure.patch
+ 0026-tests-multi-hosts-Add-VG-testing.patch
+ 0027-tests-multi-hosts-Add-LV-testing.patch
+ 0028-tests-multi-hosts-Test-lease-timeout-with-LV-exclusi.patch
+ 0029-tests-multi-hosts-Test-lease-timeout-with-LV-shareab.patch
+ 0030-fix-empty-mem-pool-leak.patch
+ 0031-tests-writecache-blocksize-add-dm-cache-tests.patch
+ 0032-tests-rename-test.patch
+ 0033-tests-add-writecache-cache-blocksize-2.patch
+ 0034-lvmlockd-Fix-the-compilation-warning.patch
+ 0035-devices-don-t-use-deleted-loop-backing-file-for-devi.patch
+ 0036-man-help-fix-common-option-listing.patch
+ 0037-archiving-take-archive-automatically.patch
+ 0038-backup-automatically-store-data-on-vg_unlock.patch
+ 0039-archive-avoid-abuse-of-internal-flag.patch
+ 0040-pvck-add-lock_global-before-clean_hint_file.patch
+ 0041-lvmdevices-add-deviceidtype-option.patch
- Update patch
- bug-1184687_Add-nolvm-for-kernel-cmdline.patch
- fate-31841_fsadm-add-support-for-btrfs.patch
- lvm.conf
- trim tail space
- fix typo
- [new item] devices/use_devicesfile
- [new item] devices/devicesfile
- [new item] devices/search_for_devnames
- [new item] allocation/thin_pool_crop_metadata
- [new item] global/lvmlockctl_kill_command
- [new item] global/vdo_disabled_features
++++ multipath-tools:
- install to /usr on Tumbleweed (boo#1029961)
++++ libzio:
- Version 1.07: Add support for zstd at least for write and read
++++ pam-config:
- Add "revoke" to the option list for pam_keyinit
(Remove some leftover debugs while we're at it)
[pam-config-fix-pam_keyinit-options.patch]
- prior to writing an service-specific config file, the main function
calls access() on the destination file in /etc/pam.d.
This will fail and no config file will be written when the original
config file was installed in /usr/etc/pam.d.
A similar problem exists when creating the new service file:
create_service_file() wants to give the new service file the same
user, group and mode as the old one, but the old one may not exist.
In that case, set these to 0(root), 0(root), and 0644.
[pam-config-remove-bad-access-call.patch]
++++ podman:
- Update to version 3.2.0:
* Bump to v3.2.0
* Fix network create macvlan with subnet option
* Final release notes updates for v3.2.0
* add ipv6 nameservers only when the container has ipv6 enabled
* Use request context instead of background
* [v.3.2] events: support disjunctive filters
* System tests: add :Z to volume mounts
* generate systemd: make mounts portable
* vendor containers/storage@v1.31.3
* vendor containers/common@v0.38.5
* Bump to v3.2.0-dev
* Bump to v3.2.0-RC3
* Update release notes for v3.2.0-RC3
* Fix race on podman start --all
* Fix race condition in running ls container in a pod
* docs: --cert-dir: point to containers-certs.d(5)
* Handle hard links in different directories
* Improve OCI Runtime error
* Handle hard links in remote builds
* Podman info add support for status of cgroup controllers
* Drop container does not exist on removal to debugf
* Downgrade API service routing table logging
* add libimage events
* docs: generate systemd: XDG_RUNTIME_DIR
* Fix problem copying files when container is in host pid namespace
* Bump to v3.2.0-dev
* Bump to v3.2.0-RC2
* update c/common
* Update Cirrus DEST_BRANCH to v3.2
* Updated vendors of c/image, c/storage, Buildah
* Initial release notes for v3.2.0-RC2
* Add script for identifying commits in release branches
* Add host.containers.internal entry into container's etc/hosts
* image prune: remove unused images only with `--all`
* podman network reload add rootless support
* Use more recent `stale` release...
* network tutorial: update with rootless cni changes
* [CI:DOCS] Update first line in intro page
* Use updated VM images + updated automation tooling
* auto-update service: prune images
* make vendor
* fix system upgrade tests
* Print "extracting" only on compressed file
* podman image tree: restore previous behavior
* fix network restart always test
* fix incorrect log driver in podman container image
* Add support for cli network prune --filter flag
* Move filter parsing to common utils
* Bump github.com/containers/storage from 1.30.2 to 1.30.3
* Update nix pin with `make nixpkgs`
* [CI:DOCS] hack/bats - new helper for running system tests
* fix restart always with slirp4netns
* Bump github.com/opencontainers/runc from 1.0.0-rc93 to 1.0.0-rc94
* Bump github.com/coreos/go-systemd/v22 from 22.3.1 to 22.3.2
* Add host.serviceIsRemote to podman info results
* Add client disconnect to build handler loop
* Remove obsolete skips
* Fix podman-remote build --rm=false ...
* fix: improved "containers/{name}/wait" endpoint
* Bump github.com/containers/storage from 1.30.1 to 1.30.2
* Add envars to the generated systemd unit
* fix: use UTC Time Stamps in response JSON
* fix container startup for empty pidfile
* Kube like pods should share ipc,net,uts by default
* fix: compat API "images/get" for multiple images
* Revert escaped double dash man page flag syntax
* Report Download complete in Compatibility mode
* Add documentation on short-names
* Bump github.com/docker/docker
* Adds support to preserve auto update labels in generate and play kube
* [CI:DOCS] Stop conversion of `--` into en dash
* Revert Patch to relabel if selinux not enabled
* fix per review request
* Add support for environment variable secrets
* fix pre review request
* Fix infinite loop in isPathOnVolume
* Add containers.conf information for changing defaults
* CI: run rootless tests under ubuntu
* Fix wrong macvlan PNG in networking doc.
* Add restart-policy to container filters & --filter to podman start
* Fixes docker-compose cannot set static ip when use ipam
* channel: simplify implementation
* build: improve regex for iidfile
* Bump github.com/onsi/gomega from 1.11.0 to 1.12.0
* cgroup: fix rootless --cgroup-parent with pods
* fix: docker APIv2 `images/get`
* codespell cleanup
* Minor podmanimage docs updates.
* Fix handling of runlabel IMAGE and NAME
* Bump to v3.2.0-dev
* Bump to v3.2.0-rc1
* rootless: improve automatic range split
* podman: set volatile storage flag for --rm containers
* Bump github.com/onsi/ginkgo from 1.16.1 to 1.16.2
* Bump github.com/containers/image/v5 from 5.11.1 to 5.12.0
* migrate Podman to containers/common/libimage
* Add filepath glob support to --security-opt unmask
* Force log_driver to k8s-file for containers in containers
* add --mac-address to podman play kube
* compat api: Networks must be empty instead of null
* System tests: honor $OCI_RUNTIME (for CI)
* is this a bug?
* system test image: add arm64v8 image
* Fix troubleshooting documentation on handling sublemental groups.
* Add --all to podman start
* Fix variable reference typo. in multi-arch image action
* cgroup: always honor --cgroup-parent with cgroupfs
* Bump github.com/uber/jaeger-client-go
* Don't require tests for github-actions & metadata
* Detect if in podman machine virtual vm
* Fix multi-arch image workflow typo
* [CI:DOCS] Add titles to remote docs (windows)
* Remove unused VolumeList* structs
* Cirrus: Update F34beta -> F34
* Update container image docs + fix unstable execution
* Bump github.com/containers/storage from 1.30.0 to 1.30.1
* TODO complete
* Docker returns 'die' status rather then 'died' status
* Check if another VM is running on machine start
* [CI:DOCS] Improve titles of command HTML pages
* system tests: networking: fix another race condition
* Use seccomp_profile as default profile if defined in containers.conf
* Bump github.com/json-iterator/go from 1.1.10 to 1.1.11
* Vendored
* Autoupdate local label functional
* System tests: fix two race conditions
* Add more documentation on conmon
* Allow docker volume create API to pass without name
* Cirrus: Update Ubuntu images to 21.04
* Skip blkio-weight test when no kernel BFQ support
* rootless: Tell the user what was led to the error, not just what it is
* Add troubleshooting advice about the --userns option.
* Fix images prune filter until
* Fix logic for pushing stable multi-arch images
* Fixes generate kube incorrect when bind-mounting "/" and "/root"
* libpod/image: unit tests: don't use system's registries.conf.d
* runtime: create userns when CAP_SYS_ADMIN is not present
* rootless: attempt to copy current mappings first
* [CI:DOCS] Restore missing content to manpages
* [CI:DOCS] Fix Markdown layout bugs
* Fix podman ps --filter ancestor to match exact ImageName/ImageID
* Add machine-enabled to containers.conf for machine
* Several multi-arch image build/push fixes
* Add podman run --timeout option
* Parse slirp4netns net options with compat api
* Fix rootlesskit port forwarder with custom slirp cidr
* Fix removal race condition in ListContainers
* Add github-action workflow to build/push multi-arch
* rootless: if root is not sub?id raise a debug message
* Bump github.com/containers/common from 0.36.0 to 0.37.0
* Add go template shell completion for --format
* Add --group-add keep-groups: suplimentary groups into container
* Fixes from make codespell
* Typo fix to usage text of --compress option
* corrupt-image test: fix an oops
* Add --noheading flag to all list commands
* Bump github.com/containers/storage from 1.29.0 to 1.30.0
* Bump github.com/containers/image/v5 from 5.11.0 to 5.11.1
* [CI:DOCS] Fix Markdown table layout bugs
* podman-remote should show podman.sock info
* rmi: don't break when the image is missing a manifest
* [CI:DOCS] Rewrite --uidmap doc in podman-create.1.md and podman-run.1.md
* Add support for CDI device configuration
* [CI:DOCS] Add missing dash to verbose option
* Bump github.com/uber/jaeger-client-go
* Remove an advanced layer diff function
* Ensure mount destination is clean, no trailing slash
* add it for inspect pidfile
* [CI:DOCS] Fix introduction page typo
* support pidfile on container restore
* fix start it
* skip pidfile test on remote
* improve document
* set pidfile default value int containerconfig
* add pidfile in inspection
* add pidfile it for container start
* skip pidfile it on remote
* Modify according to comments
* WIP: drop test requirement
* runtime: bump required conmon version
* runtime: return findConmon to libpod
* oci: drop ExecContainerCleanup
* oci: use `--full-path` option for conmon
* use AttachSocketPath when removing conmon files
* hide conmon-pidfile flag on remote mode
* Fix possible panic in libpod/image/prune.go
* add --ip to podman play kube
* add flag autocomplete
* add ut
* add flag "--pidfile" for podman create/run
* Add network bindings tests: remove and list
* Fix build with GO111MODULE=off
* system tests: build --pull-never: deal with flakes
* compose test: diagnose flakes v3
* podman play kube apply correct log driver
* Fixes podman-remote save to directories does not work
* Bump github.com/rootless-containers/rootlesskit from 0.14.1 to 0.14.2
* Update documentation of podman-run to reflect volume "U" option
* Fix flake on failed podman-remote build : try 2
* compose test: ongoing efforts to diagnose flakes
* Test that we don't error out on advertised --log-level values
* At trace log level, print error text using %+v instead of %v
* pkg/errorhandling.JoinErrors: don't throw away context for lone errors
* Recognize --log-level=trace
* Fix flake on failed podman-remote build
* System tests: fix racy podman-inspect
* Fixes invalid expression in save command
* Bump github.com/containers/common from 0.35.4 to 0.36.0
* Update nix pin with `make nixpkgs`
* compose test: try to get useful data from flakes
* Remove in-memory state implementation
* Fix message about runtime to show only the actual runtime
* System tests: setup: better cleanup of stray images
* Bump github.com/containers/ocicrypt from 1.1.0 to 1.1.1
* Reflect current state of prune implementation in docs
* Do not delete container twice
* [CI:DOCS] Correct status code for /pods/create
* vendor in containers/storage v1.29.0
* cgroup: do not set cgroup parent when rootless and cgroupfs
* Overhaul Makefile binary and release worflows
* Reorganize Makefile with sections and guide
* Simplify Makefile help target
* Don't shell to obtain current directory
* Remove unnecessary/not-needed release.txt target
* Fix incorrect version number output
* Exclude .gitignore from test req.
* Fix handling of $NAME and $IMAGE in runlabel
* Update podman image Dockerfile to support Podman in container
* Bump github.com/containers/image/v5 from 5.10.5 to 5.11.0
* Fix slashes in socket URLs
* Add network prune filters support to bindings
* Add support for play/generate kube volumes
* Update manifest API endpoints
* Fix panic when not giving a machine name for ssh
* cgroups: force 64 bits to ParseUint
* Bump k8s.io/api from 0.20.5 to 0.21.0
* [CI:DOCS] Fix formatting of podman-build man page
* buildah-bud tests: simplify
* Add missing return
* Bump github.com/onsi/ginkgo from 1.16.0 to 1.16.1
* speed up CI handling of images
* Volumes prune endpoint should use only prune filters
* Cirrus: Use Fedora 34beta images
* Bump go.sum + Makefile for golang 1.16
* Exempt Makefile changes from test requirements
* Adjust libpod API Container Wait documentation to the code
* [CI:DOCS] Update swagger definition of inspect manifest
* use updated ubuntu images
* podman unshare: add --rootless-cni to join the ns
* Update swagger-check
* swagger: remove name wildcards
* Update buildah-bud diffs
* Handle podman-remote --arch, --platform, --os
* buildah-bud tests: handle go pseudoversions, plus...
* Fix flaking rootless compose test
* rootless cni add /usr/sbin to PATH if not present
* System tests: special case for RHEL: require runc
* Add --requires flag to podman run/create
* [CI:DOCS] swagger-check: compare operations
* [CI:DOCS] Polish swagger OpertionIDs
* [NO TESTS NEEDED] Update nix pin with `make nixpkgs`
* Ensure that `--userns=keep-id` sets user in config
* [CI:DOCS] Set all operation id to be compatibile
* Move operationIds to swagger:operation line
* swagger: add operationIds that match with docker
* Cirrus: Make use of shared get_ci_vm container
* Don't relabel volumes if running in a privileged container
* Allow users to override default storage opts with --storage-opt
* Add support for podman --context default
* Verify existence of auth file if specified
* fix machine naming conventions
* Initial network bindings tests
* Update release notes to indicate CVE fix
* Move socket activation check into init() and set global condition.
* Bump github.com/onsi/ginkgo from 1.15.2 to 1.16.0
* Http api tests for network prune with until filter
* podman-run.1.md, podman-create.1.md : Adjust Markdown layout for --userns
* Fix typos --uidmapping and --gidmapping
* Add transport and destination info to manifest doc
* Bump github.com/rootless-containers/rootlesskit from 0.14.0 to 0.14.1
* Add default template functions
* Fix missing podman-remote build options
* Bump github.com/coreos/go-systemd/v22 from 22.3.0 to 22.3.1
* Add ssh connection to root user
* Add rootless docker-compose test to the CI
* Use the slrip4netns dns in the rootless cni ns
* Cleanup the rootless cni namespace
* Add new docker-compose test for two networks
* Make the docker-compose test work rootless
* Remove unused rootless-cni-infra container files
* Only use rootless RLK when the container has ports
* Fix dnsname test
* Enable rootless network connect/disconnect
* Move slirp4netns functions into an extra file
* Fix pod infra container cni network setup
* Add rootless support for cni and --uidmap
* rootless cni without infra container
* Recreate until container prune tests for bindings
* Remove --execute from podman machine ssh
* Fixed podman-remote --network flag
* Makefile: introduce install.docker-full
* Makefile: ensure install.docker creates BINDIR
* Fix unmount doc reference in image.rst
* Should send the OCI runtime path not just the name to buildah
* podman machine shell completion
* Fix handling of remove --log-rusage param
* Fix bindings prune containers flaky test
* [CI:DOCS] Add local html build info to docs/README.md
* Add podman machine list
* Trim white space from /top endpoint results
* Remove semantic version suffices from API calls
* podman machine init --ignition-path
* Document --volume from podman-remote run/create client
* Update main branch to reflect the release of v3.1.0
* Silence podman network reload errors with iptables-nft
* Containers prune endpoint should use only prune filters
* resolve proper aarch64 image names
* APIv2 basic test: relax APIVersion check
* Add machine support for qemu-system-aarch64
* podman machine init user input
* manpage xref: helpful diagnostic for unescaped dash-dash
* Bump to v3.2.0-dev
* swagger: update system version response body
* buildah-bud tests: reenable pull-never test
* [NO TESTS NEEDED] Shrink the size of podman-remote
* Add powershell completions
* [NO TESTS NEEDED] Drop Warning to Info, if cgroups not mounted
* Fix long option format on docs.podman.io
* system tests: friendier messages for 2-arg is()
* service: use LISTEN_FDS
* man pages: correct seccomp-policy label
* rootless: use is_fd_inherited
* podman generate systemd --new do not duplicate params
* play kube: add support for env vars defined from secrets
* play kube: support optional/mandatory env var from config map
* play kube: prepare supporting other env source than config maps
* Add machine support for more Linux distros
* [NO TESTS NEEDED] Use same function podman-remote rmi as podman
* Podman machine enhancements
* Add problematic volume name to kube play error messages
* Fix podman build --pull-never
* [NO TESTS NEEDED] Fix for kernel without CONFIG_USER_NS
* [NO TESTS NEEDED] Turn on podman-remote build --isolation
* Fix list pods filter handling in libpod api
* Remove resize race condition
* [NO TESTS NEEDED] Vendor in containers/buildah v1.20.0
* Use TMPDIR when commiting images
* Add RequiresMountsFor= to systemd generate
* Bump github.com/vbauerster/mpb/v6 from 6.0.2 to 6.0.3
* Fix swapped dimensions from terminal.GetSize
* Rename podman machine create to init and clean up
* Correct json field name
* system tests: new interactive tests
* Improvements for machine
* libpod/image: unit tests: use a `registries.conf` for aliases
* libpod/image: unit tests: defer cleanup
* libpod/image: unit tests: use `require.NoError`
* Add --execute flag to podman machine ssh
* introduce podman machine
* Podman machine CLI and interface stub
* Support multi doc yaml for generate/play kube
* Fix filters in image http compat/libpod api endpoints
* Bump github.com/containers/common from 0.35.3 to 0.35.4
* Bump github.com/containers/storage from 1.28.0 to 1.28.1
* Check if stdin is a term in --interactive --tty mode
* [NO TESTS NEEDED] Remove /tmp/containers-users-* files on reboot
* [NO TESTS NEEDED] Fix rootless volume plugins
* Ensure manually-created volumes have correct ownership
* Bump github.com/rootless-containers/rootlesskit
* Unification of until filter across list/prune endpoints
* Unification of label filter across list/prune endpoints
* fixup
* fix: build endpoint for compat API
* [CI:DOCS] Add note to mappings for user/group userns in build
* Bump k8s.io/api from 0.20.1 to 0.20.5
* Validate passed in timezone from tz option
* WIP: run buildah bud tests using podman
* Fix containers list/prune http api filter behaviour
* Generate Kubernetes PersistentVolumeClaims from named volumes
++++ setools:
- Fix dependency of python3-setools: require python3, not python
(which is python2).
++++ system-users:
- Add default hardware group for 'sgx' enclave access
Since udev v248, a default rule for /dev/sgx_enclave is provided to
give rw access to the new group hopefully making 'sgx' the standard
group name for such devices (bsc#1190572).
------------------------------------------------------------------
------------------ 2021-6-7 - Jun 7 2021 -------------------
------------------------------------------------------------------
++++ apparmor:
- move Requires: python3 back to the python3-apparmor subpackage -
readline usage is in the python modules, not in apparmor-utils
++++ bzip2:
- Drop --with-pic (no effect with --disable-static)
- Use %autosetup (rediff bzip2-1.0.6.2-autoconfiscated.patch to p1)
++++ compat-usrmerge:
- fix conversion with split /usr (boo#1186781)
++++ cups:
- Provide /usr/share/cups/ppdc/ in the "cups" main package
to avoid that "lpinfo -m" results in /var/log/cups/error_log
things like "ppdc: Unable to find include file font.defs"
or "ppdc: Unable to find include file hp.h" and then
"Bad driver information file /usr/share/cups/drv/sample.drv"
(bsc#1186843)
++++ filesystem:
- Set package version number for Tumbleweed to TW
++++ kernel-default:
- brcmfmac: Add clm_blob firmware files to modinfo (bsc#1186857).
- commit aeed335
- brcmfmac: Add clm_blob firmware files to modinfo (bsc#1186857).
- commit a0fa2f0
- Update to 5.13-rc5
- update configs
- HID_SEMITEK=m
- commit 6828450
++++ kmod:
- Enable support for ZSTD compressed modules
++++ libapparmor:
- move Requires: python3 back to the python3-apparmor subpackage -
readline usage is in the python modules, not in apparmor-utils
++++ xz:
- Upgrade old rpm constructs.
++++ ncurses:
- Add ncurses patch 20210605
+ add a summary of ncurses-specific preprocessor symbols to curses.h
(prompted by discussion with Peter Farley, Bill Gray).
- Add ncurses patch 20210522
+ regenerate configure scripts with autoconf 2.52.20210509 to eliminate
an unnecessary warning in config.log (report by Miroslav Lichvar).
+ add a note in manual page to explain ungetch vs unget_wch (prompted
by discussion with Peter Farley).
+ add sp-funcs for erasewchar, killwchar.
+ modify wgetnstr, wgetn_wstr to improve compatibility with SVr4 curses
in its treatment of interrupt and quit characters (prompted by
report/testcase by Bill Gray)
+ update config.guess, config.sub
- Correct offset in patch ncurses-6.2.dif
++++ python310-core:
- Update to 3.10.0b2:
- PEP 623 -- Deprecate and prepare for the removal of the wstr
member in PyUnicodeObject.
- PEP 604 -- Allow writing union types as X | Y
- PEP 612 -- Parameter Specification Variables
- PEP 626 -- Precise line numbers for debugging and other
tools.
- PEP 618 -- Add Optional Length-Checking To zip.
- bpo-12782: Parenthesized context managers are now officially
allowed.
- PEP 632 -- Deprecate distutils module.
- PEP 613 -- Explicit Type Aliases
- PEP 634 -- Structural Pattern Matching: Specification
- PEP 635 -- Structural Pattern Matching: Motivation and
Rationale
- PEP 636 -- Structural Pattern Matching: Tutorial
- PEP 644 -- Require OpenSSL 1.1.1 or newer
- PEP 624 -- Remove Py_UNICODE encoder APIs
- PEP 597 -- Add optional EncodingWarning
- Removed patches (assumed upstream):
- sphinx-update-removed-function.patch
++++ libxslt:
- Don't disable testsuite under QEMU
++++ python310:
- Update to 3.10.0b2:
- PEP 623 -- Deprecate and prepare for the removal of the wstr
member in PyUnicodeObject.
- PEP 604 -- Allow writing union types as X | Y
- PEP 612 -- Parameter Specification Variables
- PEP 626 -- Precise line numbers for debugging and other
tools.
- PEP 618 -- Add Optional Length-Checking To zip.
- bpo-12782: Parenthesized context managers are now officially
allowed.
- PEP 632 -- Deprecate distutils module.
- PEP 613 -- Explicit Type Aliases
- PEP 634 -- Structural Pattern Matching: Specification
- PEP 635 -- Structural Pattern Matching: Motivation and
Rationale
- PEP 636 -- Structural Pattern Matching: Tutorial
- PEP 644 -- Require OpenSSL 1.1.1 or newer
- PEP 624 -- Remove Py_UNICODE encoder APIs
- PEP 597 -- Add optional EncodingWarning
- Removed patches (assumed upstream):
- sphinx-update-removed-function.patch
++++ qemu:
- Fix out-of-bounds write in virgl_cmd_get_capset
CVE-2021-3546 bsc#1185981
vhost-user-gpu-abstract-vg_cleanup_mappi.patch
- Fix memory leaks found in the virtio vhost-user GPU device
CVE-2021-3544 bsc#1186010
vhost-user-gpu-fix-leak-in-virgl_cmd_res.patch
vhost-user-gpu-fix-leak-in-virgl_resourc.patch
vhost-user-gpu-fix-memory-disclosure-in-.patch
vhost-user-gpu-fix-memory-leak-in-vg_res.patch
vhost-user-gpu-fix-memory-leak-while-cal.patch
vhost-user-gpu-fix-OOB-write-in-virgl_cm.patch
- Fix information disclosure due to uninitialized memory read
CVE-2021-3545 bsc#1185990
vhost-user-gpu-fix-resource-leak-in-vg_r.patch
++++ system-users:
- Add third argument to sysusers_generate_pre calls to allow
admin overrides with systemd-sysusers
++++ sysuser-tools:
- Support systemd-sysusers --replace=/usr/lib/sysusers.d/ option
- sysusers-generate-pre: only use first argument for grep
- sysusers2shadow.sh: use "run" prefix for systemd-sysusers call
- macros.sysusers: fix typo
++++ tpm2.0-tools:
- Do not BuildRequire pandoc on ix86 architectures: the haskell
stack is not supported on intel 32bit archs.
------------------------------------------------------------------
------------------ 2021-6-6 - Jun 6 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- series.conf: cleanup
Move submitted patch to "almost mainline" section.
- commit 9f593b6
++++ libX11:
- Update to version 1.7.2
* bug fix release, correcting a regression introduced by and
improving the checks from the fix for CVE-2021-31535.
- supersedes U_Check-for-NULL-strings-before-getting-their-lengths.patch
++++ at-spi2-core:
- Update to version 2.40.2:
+ README: Remove outdated links.
+ Key grab fixes for the new API.
+ registryd: Add a missing call to va_end.
++++ python-idna:
- update to 3.2:
* Add type hints (Thanks, Seth Michael Larson!)
* Remove support for Python 3.4
++++ python-urllib3:
- update to 1.26.5 (bsc#1187045, CVE-2021-33503):
* Fixed deprecation warnings emitted in Python 3.10.
* Updated vendored ``six`` library to 1.16.0.
* Improved performance of URL parser when splitting
the authority component.
------------------------------------------------------------------
------------------ 2021-6-5 - Jun 5 2021 -------------------
------------------------------------------------------------------
++++ librsvg:
- Update to version 2.50.7:
+ Two cairo-related bug fixes:
- glgo#GNOME/librsvg#745: Fix mismatched cairo_save/restore
when running in inside the Cairo test suite.
- glgo#GNOME/librsvg#746: Possible cairo_save() without
cairo_restore() in render_layer().
++++ python310-core:
- Revert previous skip over test_capi
- Add skip-test_pyobject_freed_is_freed.patch to skip failing
test on SLE-15.
++++ shadow:
- Enable shadowgrp so that we can set more secure group passwords
using shadow.
++++ openSUSE-build-key:
- Merge changes from openSUSE Leap 15.3 for rpm-repos-openSUSE (boo#1186593)
++++ python310:
- Revert previous skip over test_capi
- Add skip-test_pyobject_freed_is_freed.patch to skip failing
test on SLE-15.
------------------------------------------------------------------
------------------ 2021-6-4 - Jun 4 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- brcmfmac: Delete second brcm folder hierarchy (bsc#1186857).
- commit 1d77a5f
++++ openldap2:
- updated to 2.4.59
OpenLDAP 2.4.59 Release (2021/06/03)
Fixed libldap TLSv1.3 cipher suites with OpenSSL 1.1.1 (ITS#9521)
Fixed libldap double free of LDAP_OPT_DEFBASE (ITS#9530)
Fixed slapd syncrepl handling of add+delete on single value attr (ITS#9295)
Fixed slapd-mdb cursor init check (ITS#9526)
Fixed slapd-mdb deletion of context entry (ITS#9531)
Fixed slapd-mdb off-by-one affecting search scope (ITS#9557)
Fixed slapo-pcache locking during expiration (ITS#9529)
Contrib
Fixed slapo-autogroup to not thrash thread context (ITS#9494)
Documentation
ldap_modify(3) - Delete non-existent mod_next parameter (ITS#9559)
++++ python310-core:
- allow build with Sphinx >= 3.x
++++ shadow:
- Disable MOTD_FILE to allow the use of pam_motd to unify motd
message output [bsc#1185897]. Else motd entries of e.g. cockpit
will not be shown.
++++ systemd:
- Drop systemd's dependency on udev (jsc#PM-2677)
In some environments (i.e. containers) udev is usually not necessary
but pulls in unnecessary packages.
- Now that chkconfig/insserv are history, let's implement the strict
minimum in systemd-sysv-install to enable/disable SysV init scripts
(bsc#1186595 bsc#1186359)
Indeed there's no much point in dropping SysV support completely
until upstream will do especially since 3rd party applications such
as vmware still rely on it, see bsc#1186359).
++++ salt:
- Fix tmpfiles.d configuration for salt to not use legacy paths (bsc#1173103)
++++ python310:
- allow build with Sphinx >= 3.x
++++ python-pycurl:
- Add curl7770_compatibility.patch to have package compatible
with curl 7.77.0.
++++ shim:
- Add shim-bsc1185232-relax-loadoptions-length-check.patch to
ignore the odd LoadOptions length (bsc#1185232)
- shim-install: reset def_shim_efi to "shim.efi" if the given
file doesn't exist
------------------------------------------------------------------
------------------ 2021-6-3 - Jun 3 2021 -------------------
------------------------------------------------------------------
++++ Mesa:
- update to 21.1.2
* second bugfix
* mostly AMD and Intel changes as usual, but also a decent amount
of ARM fixes and more.
++++ Mesa-drivers:
- update to 21.1.2
* second bugfix
* mostly AMD and Intel changes as usual, but also a decent amount
of ARM fixes and more.
++++ grub2:
- Version bump to 2.06
* rediff
- 0001-add-support-for-UEFI-network-protocols.patch
- 0002-net-read-bracketed-ipv6-addrs-and-port-numbers.patch
- 0003-Make-grub_error-more-verbose.patch
- 0003-bootp-New-net_bootp6-command.patch
- 0005-grub.texi-Add-net_bootp6-doument.patch
- 0006-bootp-Add-processing-DHCPACK-packet-from-HTTP-Boot.patch
- 0006-efi-Set-image-base-address-before-jumping-to-the-PE-.patch
- 0008-efinet-Setting-DNS-server-from-UEFI-protocol.patch
- 0046-squash-verifiers-Move-verifiers-API-to-kernel-image.patch
- grub-install-force-journal-draining-to-ensure-data-i.patch
- grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch
- grub2-diskfilter-support-pv-without-metadatacopies.patch
- grub2-efi-HP-workaround.patch
- grub2-efi-xen-cfg-unquote.patch
- grub2-efi-xen-chainload.patch
- grub2-fix-menu-in-xen-host-server.patch
- grub2-gfxmenu-support-scrolling-menu-entry-s-text.patch
- grub2-install-remove-useless-check-PReP-partition-is-empty.patch
- grub2-lvm-allocate-metadata-buffer-from-raw-contents.patch
- grub2-mkconfig-default-entry-correction.patch
- grub2-pass-corret-root-for-nfsroot.patch
- grub2-s390x-03-output-7-bit-ascii.patch
- grub2-s390x-04-grub2-install.patch
- grub2-secureboot-install-signed-grub.patch
- grub2-setup-try-fs-embed-if-mbr-gap-too-small.patch
- use-grub2-as-a-package-name.patch
* update by patch squashed:
- 0001-Add-support-for-Linux-EFI-stub-loading-on-aarch64.patch
- grub2-efi-chainload-harder.patch
- grub2-secureboot-no-insmod-on-sb.patch
- grub2-secureboot-chainloader.patch
- grub2-secureboot-add-linuxefi.patch
* remove squashed patches:
- 0008-squash-Add-support-for-Linux-EFI-stub-loading-on-aar.patch
- 0009-squash-Add-support-for-linuxefi.patch
- 0041-squash-Add-secureboot-support-on-efi-chainloader.patch
- 0042-squash-grub2-efi-chainload-harder.patch
- 0043-squash-Don-t-allow-insmod-when-secure-boot-is-enable.patch
- 0045-squash-Add-support-for-Linux-EFI-stub-loading-on-aar.patch
* drop upstream patches:
- 0001-Warn-if-MBR-gap-is-small-and-user-uses-advanced-modu.patch
- 0001-include-grub-i386-linux.h-Include-missing-grub-types.patch
- 0001-kern-efi-sb-Add-chainloaded-image-as-shim-s-verifiab.patch
- 0001-mdraid1x_linux-Fix-gcc10-error-Werror-array-bounds.patch
- 0001-normal-Move-common-datetime-functions-out-of-the-nor.patch
- 0001-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch
- 0002-efi-Make-shim_lock-GUID-and-protocol-type-public.patch
- 0002-grub-install-Avoid-incompleted-install-on-i386-pc.patch
- 0002-kern-Add-X-option-to-printf-functions.patch
- 0002-safemath-Add-some-arithmetic-primitives-that-check-f.patch
- 0002-zfs-Fix-gcc10-error-Werror-zero-length-bounds.patch
- 0003-calloc-Make-sure-we-always-have-an-overflow-checking.patch
- 0003-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch
- 0003-normal-main-Search-for-specific-config-files-for-net.patch
- 0004-calloc-Use-calloc-at-most-places.patch
- 0004-datetime-Enable-the-datetime-module-for-the-emu-plat.patch
- 0004-efi-Add-a-function-to-read-EFI-variables-with-attrib.patch
- 0005-Make-linux_arm_kernel_header.hdr_offset-be-at-the-ri.patch
- 0005-efi-Add-secure-boot-detection.patch
- 0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch
- 0006-efi-Only-register-shim_lock-verifier-if-shim_lock-pr.patch
- 0006-iso9660-Don-t-leak-memory-on-realloc-failures.patch
- 0007-font-Do-not-load-more-than-one-NAME-section.patch
- 0007-verifiers-Move-verifiers-API-to-kernel-image.patch
- 0008-efi-Move-the-shim_lock-verifier-to-the-GRUB-core.patch
- 0008-script-Remove-unused-fields-from-grub_script_functio.patch
- 0009-kern-Add-lockdown-support.patch
- 0009-script-Avoid-a-use-after-free-when-redefining-a-func.patch
- 0010-kern-lockdown-Set-a-variable-if-the-GRUB-is-locked-d.patch
- 0010-linux-Fix-integer-overflows-in-initrd-size-handling.patch
- 0011-efi-Lockdown-the-GRUB-when-the-UEFI-Secure-Boot-is-e.patch
- 0012-efi-Use-grub_is_lockdown-instead-of-hardcoding-a-dis.patch
- 0013-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch
- 0014-mmap-Don-t-register-cutmem-and-badram-commands-when-.patch
- 0015-commands-Restrict-commands-that-can-load-BIOS-or-DT-.patch
- 0016-commands-setpci-Restrict-setpci-command-when-locked-.patch
- 0017-commands-hdparm-Restrict-hdparm-command-when-locked-.patch
- 0018-gdb-Restrict-GDB-access-when-locked-down.patch
- 0019-loader-xnu-Don-t-allow-loading-extension-and-package.patch
- 0020-dl-Only-allow-unloading-modules-that-are-not-depende.patch
- 0021-usb-Avoid-possible-out-of-bound-accesses-caused-by-m.patch
- 0022-lib-arg-Block-repeated-short-options-that-require-an.patch
- 0023-commands-menuentry-Fix-quoting-in-setparams_prefix.patch
- 0024-kern-parser-Fix-resource-leak-if-argc-0.patch
- 0025-kern-parser-Fix-a-memory-leak.patch
- 0026-kern-parser-Introduce-process_char-helper.patch
- 0027-kern-parser-Introduce-terminate_arg-helper.patch
- 0028-kern-parser-Refactor-grub_parser_split_cmdline-clean.patch
- 0029-kern-buffer-Add-variable-sized-heap-buffer.patch
- 0030-kern-parser-Fix-a-stack-buffer-overflow.patch
- 0031-util-mkimage-Remove-unused-code-to-add-BSS-section.patch
- 0032-util-mkimage-Use-grub_host_to_target32-instead-of-gr.patch
- 0033-util-mkimage-Always-use-grub_host_to_target32-to-ini.patch
- 0034-util-mkimage-Unify-more-of-the-PE32-and-PE32-header-.patch
- 0035-util-mkimage-Reorder-PE-optional-header-fields-set-u.patch
- 0036-util-mkimage-Improve-data_size-value-calculation.patch
- 0037-util-mkimage-Refactor-section-setup-to-use-a-helper.patch
- 0038-util-mkimage-Add-an-option-to-import-SBAT-metadata-i.patch
- 0039-grub-install-common-Add-sbat-option.patch
- 0040-shim_lock-Only-skip-loading-shim_lock-verifier-with-.patch
- grub-install-define-default-platform-for-risc-v.patch
- grub2-editenv-add-warning-message.patch
- grub2-efi-gop-add-blt.patch
- grub2-efi-uga-64bit-fb.patch
- grub2-verifiers-fix-system-freeze-if-verify-failed.patch
- risc-v-add-clzdi2-symbol.patch
- risc-v-fix-computation-of-pc-relative-relocation-offset.patch
- Add grub2-instdev-fixup.pl for correcting /etc/default/grub_installdevice to
use disk devie if grub has been installed to it
- Add 0001-30_uefi-firmware-fix-printf-format-with-null-byte.patch to fix
detection of efi fwsetup support
++++ kernel-default:
- Refresh config files.
Align across architectures:
BPFILTER_UMH=m
- commit 39d2f9c
- config: armv7hl: Update to 5.13-rc4
- commit f762975
- config: armv6hl: Update to 5.13-rc4
- commit e26370d
- config: arm64: Update to 5.13-rc4
- commit 22709d7
- kernel-binary.spec.in: build-id check requires elfutils.
- commit 01569b3
- Linux 5.12.9 (bsc#1012628).
- ALSA: hda/realtek: the bass speaker can't output sound on Yoga
9i (bsc#1012628).
- ALSA: hda/realtek: Headphone volume is controlled by Front mixer
(bsc#1012628).
- ALSA: hda/realtek: Chain in pop reduction fixup for ThinkStation
P340 (bsc#1012628).
- ALSA: hda/realtek: fix mute/micmute LEDs for HP 855 G8
(bsc#1012628).
- ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP
Zbook G8 (bsc#1012628).
- ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP
Zbook Fury 15 G8 (bsc#1012628).
- ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP
Zbook Fury 17 G8 (bsc#1012628).
- ALSA: usb-audio: fix control-request direction (bsc#1012628).
- ALSA: usb-audio: scarlett2: Fix device hang with ehci-pci
(bsc#1012628).
- ALSA: usb-audio: scarlett2: Improve driver startup messages
(bsc#1012628).
- cifs: fix string declarations and assignments in tracepoints
(bsc#1012628).
- cifs: set server->cipher_type to AES-128-CCM for SMB3.0
(bsc#1012628).
- mtd: rawnand: cs553x: Fix external use of SW Hamming ECC helper
(bsc#1012628).
- mtd: rawnand: txx9ndfmc: Fix external use of SW Hamming ECC
helper (bsc#1012628).
- mtd: rawnand: sharpsl: Fix external use of SW Hamming ECC helper
(bsc#1012628).
- mtd: rawnand: lpc32xx_slc: Fix external use of SW Hamming ECC
helper (bsc#1012628).
- mtd: rawnand: ndfc: Fix external use of SW Hamming ECC helper
(bsc#1012628).
- mtd: rawnand: tmio: Fix external use of SW Hamming ECC helper
(bsc#1012628).
- mtd: rawnand: fsmc: Fix external use of SW Hamming ECC helper
(bsc#1012628).
- NFSv4: Fix a NULL pointer dereference in
pnfs_mark_matching_lsegs_return() (bsc#1012628).
- scsi: target: core: Avoid smp_processor_id() in preemptible code
(bsc#1012628).
- iommu/vt-d: Fix sysfs leak in alloc_iommu() (bsc#1012628).
- s390/dasd: add missing discipline function (bsc#1012628).
- perf intel-pt: Fix sample instruction bytes (bsc#1012628).
- perf intel-pt: Fix transaction abort handling (bsc#1012628).
- perf scripts python: exported-sql-viewer.py: Fix copy to
clipboard from Top Calls by elapsed Time report (bsc#1012628).
- perf scripts python: exported-sql-viewer.py: Fix Array TypeError
(bsc#1012628).
- perf scripts python: exported-sql-viewer.py: Fix warning display
(bsc#1012628).
- proc: Check /proc/$pid/attr/ writes against file opener
(bsc#1012628).
- net: hso: fix control-request directions (bsc#1012628).
- net/sched: fq_pie: re-factor fix for fq_pie endless loop
(bsc#1012628).
- net/sched: fq_pie: fix OOB access in the traffic path
(bsc#1012628).
- netfilter: nft_set_pipapo_avx2: Add irq_fpu_usable() check,
fallback to non-AVX2 version (bsc#1012628).
- dm snapshot: properly fix a crash when an origin has no
snapshots (bsc#1012628).
- md/raid5: remove an incorrect assert in in_chunk_boundary
(bsc#1012628).
- drm/i915: Reenable LTTPR non-transparent LT mode for
DPCD_REV<1.4 (bsc#1012628).
- drm/amd/pm: correct MGpuFanBoost setting (bsc#1012628).
- drm/amdgpu/vcn1: add cancel_delayed_work_sync before power gate
(bsc#1012628).
- drm/amdkfd: correct sienna_cichlid SDMA RLC register offset
error (bsc#1012628).
- drm/amdgpu/vcn2.0: add cancel_delayed_work_sync before power
gate (bsc#1012628).
- drm/amdgpu/vcn2.5: add cancel_delayed_work_sync before power
gate (bsc#1012628).
- drm/amdgpu/jpeg2.0: add cancel_delayed_work_sync before power
gate (bsc#1012628).
- kgdb: fix gcc-11 warnings harder (bsc#1012628).
- Documentation: seccomp: Fix user notification documentation
(bsc#1012628).
- riscv: stacktrace: fix the riscv stacktrace when
CONFIG_FRAME_POINTER enabled (bsc#1012628).
- seccomp: Refactor notification handler to prepare for new
semantics (bsc#1012628).
- debugfs: fix security_locked_down() call for SELinux
(bsc#1012628).
- serial: core: fix suspicious security_locked_down() call
(bsc#1012628).
- misc/uss720: fix memory leak in uss720_probe (bsc#1012628).
- thunderbolt: usb4: Fix NVM read buffer bounds and offset issue
(bsc#1012628).
- thunderbolt: dma_port: Fix NVM read buffer bounds and offset
issue (bsc#1012628).
- KVM: X86: Fix vCPU preempted state from guest's point of view
(bsc#1012628).
- KVM: arm64: Move __adjust_pc out of line (bsc#1012628).
- KVM: arm64: Fix debug register indexing (bsc#1012628).
- KVM: arm64: Prevent mixed-width VM creation (bsc#1012628).
- mei: request autosuspend after sending rx flow control
(bsc#1012628).
- staging: iio: cdc: ad7746: avoid overwrite of num_channels
(bsc#1012628).
- iio: gyro: fxas21002c: balance runtime power in error path
(bsc#1012628).
- iio: dac: ad5770r: Put fwnode in error case during ->probe()
(bsc#1012628).
- iio: adc: ad7768-1: Fix too small buffer passed to
iio_push_to_buffers_with_timestamp() (bsc#1012628).
- iio: adc: ad7124: Fix missbalanced regulator enable / disable
on error (bsc#1012628).
- iio: adc: ad7124: Fix potential overflow due to non sequential
channel numbers (bsc#1012628).
- iio: adc: ad7923: Fix undersized rx buffer (bsc#1012628).
- iio: adc: ad7793: Add missing error code in ad7793_setup()
(bsc#1012628).
- iio: adc: ad7192: Avoid disabling a clock that was never enabled
(bsc#1012628).
- iio: adc: ad7192: handle regulator voltage error first
(bsc#1012628).
- serial: 8250: Add UART_BUG_TXRACE workaround for Aspeed VUART
(bsc#1012628).
- serial: 8250_dw: Add device HID for new AMD UART controller
(bsc#1012628).
- serial: 8250_pci: Add support for new HPE serial device
(bsc#1012628).
- serial: 8250_pci: handle FL_NOIRQ board flag (bsc#1012628).
- USB: trancevibrator: fix control-request direction
(bsc#1012628).
- Revert "irqbypass: do not start cons/prod when failed connect"
(bsc#1012628).
- USB: usbfs: Don't WARN about excessively large memory
allocations (bsc#1012628).
- xhci: fix giving back URB with incorrect status regression in
5.12 (bsc#1012628).
- xhci: Fix 5.12 regression of missing xHC cache clearing command
after a Stall (bsc#1012628).
- drivers: base: Fix device link removal (bsc#1012628).
- serial: tegra: Fix a mask operation that is always true
(bsc#1012628).
- serial: sh-sci: Fix off-by-one error in FIFO threshold register
setting (bsc#1012628).
- serial: rp2: use 'request_firmware' instead of
'request_firmware_nowait' (bsc#1012628).
- USB: serial: ti_usb_3410_5052: add startech.com device id
(bsc#1012628).
- USB: serial: option: add Telit LE910-S1 compositions 0x7010,
0x7011 (bsc#1012628).
- USB: serial: ftdi_sio: add IDs for IDS GmbH Products
(bsc#1012628).
- USB: serial: pl2303: add device id for ADLINK ND-6530 GC
(bsc#1012628).
- thermal/drivers/intel: Initialize RW trip to
THERMAL_TEMP_INVALID (bsc#1012628).
- usb: dwc3: gadget: Properly track pending and queued SG
(bsc#1012628).
- usb: gadget: udc: renesas_usb3: Fix a race in usb3_start_pipen()
(bsc#1012628).
- usb: typec: mux: Fix matching with typec_altmode_desc
(bsc#1012628).
- usb: typec: ucsi: Clear pending after acking connector change
(bsc#1012628).
- usb: typec: tcpm: Use LE to CPU conversion when accessing
msg->header (bsc#1012628).
- usb: typec: tcpm: Properly interrupt VDM AMS (bsc#1012628).
- usb: typec: tcpm: Respond Not_Supported if no snk_vdo
(bsc#1012628).
- net: usb: fix memory leak in smsc75xx_bind (bsc#1012628).
- Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails
(bsc#1012628).
- fs/nfs: Use fatal_signal_pending instead of signal_pending
(bsc#1012628).
- NFS: fix an incorrect limit in filelayout_decode_layout()
(bsc#1012628).
- NFS: Fix an Oopsable condition in __nfs_pageio_add_request()
(bsc#1012628).
- NFS: Don't corrupt the value of pg_bytes_written in
nfs_do_recoalesce() (bsc#1012628).
- NFSv4: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set
NFS_V4_2 config (bsc#1012628).
- drm/meson: fix shutdown crash when component not probed
(bsc#1012628).
- net/mlx5e: reset XPS on error flow if netdev isn't registered
yet (bsc#1012628).
- net/mlx5e: Fix multipath lag activation (bsc#1012628).
- net/mlx5e: Fix error path of updating netdev queues
(bsc#1012628).
- {net,vdpa}/mlx5: Configure interface MAC into mpfs L2 table
(bsc#1012628).
- net/mlx5e: Fix nullptr in mlx5e_tc_add_fdb_flow() (bsc#1012628).
- net/mlx5e: Fix nullptr in add_vlan_push_action() (bsc#1012628).
- net/mlx5: Set reformat action when needed for termination rules
(bsc#1012628).
- net/mlx5e: Fix null deref accessing lag dev (bsc#1012628).
- net/mlx4: Fix EEPROM dump support (bsc#1012628).
- {net, RDMA}/mlx5: Fix override of log_max_qp by other device
(bsc#1012628).
- net/mlx5: Set term table as an unmanaged flow table
(bsc#1012628).
- KVM: X86: Fix warning caused by stale emulation context
(bsc#1012628).
- KVM: X86: Use _BITUL() macro in UAPI headers (bsc#1012628).
- KVM: selftests: Fix 32-bit truncation of vm_get_max_gfn()
(bsc#1012628).
- SUNRPC in case of backlog, hand free slots directly to waiting
task (bsc#1012628).
- Revert "net:tipc: Fix a double free in tipc_sk_mcast_rcv"
(bsc#1012628).
- tipc: wait and exit until all work queues are done
(bsc#1012628).
- tipc: skb_linearize the head skb when reassembling msgs
(bsc#1012628).
- spi: spi-fsl-dspi: Fix a resource leak in an error handling path
(bsc#1012628).
- sctp: fix the proc_handler for sysctl encap_port (bsc#1012628).
- sctp: add the missing setting for asoc encap_port (bsc#1012628).
- netfilter: flowtable: Remove redundant hw refresh bit
(bsc#1012628).
- net: dsa: mt7530: fix VLAN traffic leaks (bsc#1012628).
- net: dsa: bcm_sf2: Fix bcm_sf2_reg_rgmii_cntrl() call for
non-RGMII port (bsc#1012628).
- net: dsa: fix a crash if ->get_sset_count() fails (bsc#1012628).
- net: dsa: sja1105: update existing VLANs from the bridge VLAN
list (bsc#1012628).
- net: dsa: sja1105: use 4095 as the private VLAN for untagged
traffic (bsc#1012628).
- net: dsa: sja1105: error out on unsupported PHY mode
(bsc#1012628).
- net: dsa: sja1105: add error handling in sja1105_setup()
(bsc#1012628).
- net: dsa: sja1105: call dsa_unregister_switch when allocating
memory fails (bsc#1012628).
- net: dsa: sja1105: fix VL lookup command packing for P/Q/R/S
(bsc#1012628).
- i2c: s3c2410: fix possible NULL pointer deref on read message
after write (bsc#1012628).
- i2c: mediatek: Disable i2c start_en and clear intr_stat brfore
reset (bsc#1012628).
- i2c: i801: Don't generate an interrupt on bus reset
(bsc#1012628).
- i2c: sh_mobile: Use new clock calculation formulas for RZ/G2E
(bsc#1012628).
- afs: Fix the nlink handling of dir-over-dir rename
(bsc#1012628).
- perf debug: Move debug initialization earlier (bsc#1012628).
- perf jevents: Fix getting maximum number of fds (bsc#1012628).
- nvmet-tcp: fix inline data size comparison in
nvmet_tcp_queue_response (bsc#1012628).
- mptcp: avoid error message on infinite mapping (bsc#1012628).
- mptcp: fix data stream corruption (bsc#1012628).
- mptcp: drop unconditional pr_warn on bad opt (bsc#1012628).
- platform/x86: hp_accel: Avoid invoking _INI to speed up resume
(bsc#1012628).
- gpio: cadence: Add missing MODULE_DEVICE_TABLE (bsc#1012628).
- Revert "crypto: cavium/nitrox - add an error message to explain
the failure of pci_request_mem_regions" (bsc#1012628).
- Revert "media: usb: gspca: add a missed check for
goto_low_power" (bsc#1012628).
- Revert "ALSA: sb: fix a missing check of snd_ctl_add"
(bsc#1012628).
- Revert "serial: max310x: pass return value of
spi_register_driver" (bsc#1012628).
- serial: max310x: unregister uart driver in case of failure
and abort (bsc#1012628).
- Revert "net: fujitsu: fix a potential NULL pointer dereference"
(bsc#1012628).
- net: fujitsu: fix potential null-ptr-deref (bsc#1012628).
- Revert "net/smc: fix a NULL pointer dereference" (bsc#1012628).
- net/smc: properly handle workqueue allocation failure
(bsc#1012628).
- Revert "net: caif: replace BUG_ON with recovery code"
(bsc#1012628).
- net: caif: remove BUG_ON(dev == NULL) in caif_xmit
(bsc#1012628).
- Revert "char: hpet: fix a missing check of ioremap"
(bsc#1012628).
- char: hpet: add checks after calling ioremap (bsc#1012628).
- Revert "ALSA: gus: add a check of the status of snd_ctl_add"
(bsc#1012628).
- Revert "ALSA: usx2y: Fix potential NULL pointer dereference"
(bsc#1012628).
- Revert "isdn: mISDNinfineon: fix potential NULL pointer
dereference" (bsc#1012628).
- isdn: mISDNinfineon: check/cleanup ioremap failure correctly
in setup_io (bsc#1012628).
- Revert "ath6kl: return error code in
ath6kl_wmi_set_roam_lrssi_cmd()" (bsc#1012628).
- ath6kl: return error code in ath6kl_wmi_set_roam_lrssi_cmd()
(bsc#1012628).
- Revert "isdn: mISDN: Fix potential NULL pointer dereference
of kzalloc" (bsc#1012628).
- isdn: mISDN: correctly handle ph_info allocation failure in
hfcsusb_ph_info (bsc#1012628).
- Revert "dmaengine: qcom_hidma: Check for driver register
failure" (bsc#1012628).
- dmaengine: qcom_hidma: comment platform_driver_register call
(bsc#1012628).
- Revert "libertas: add checks for the return value of
sysfs_create_group" (bsc#1012628).
- libertas: register sysfs groups properly (bsc#1012628).
- Revert "ASoC: cs43130: fix a NULL pointer dereference"
(bsc#1012628).
- ASoC: cs43130: handle errors in cs43130_probe() properly
(bsc#1012628).
- Revert "media: dvb: Add check on sp8870_readreg" (bsc#1012628).
- media: dvb: Add check on sp8870_readreg return (bsc#1012628).
- Revert "media: gspca: mt9m111: Check write_bridge for timeout"
(bsc#1012628).
- media: gspca: mt9m111: Check write_bridge for timeout
(bsc#1012628).
- Revert "media: gspca: Check the return value of write_bridge
for timeout" (bsc#1012628).
- media: gspca: properly check for errors in po1030_probe()
(bsc#1012628).
- Revert "net: liquidio: fix a NULL pointer dereference"
(bsc#1012628).
- net: liquidio: Add missing null pointer checks (bsc#1012628).
- Revert "brcmfmac: add a check for the status of usb_register"
(bsc#1012628).
- brcmfmac: properly check for bus register errors (bsc#1012628).
- btrfs: return whole extents in fiemap (bsc#1012628).
- scsi: ufs: ufs-mediatek: Fix power down spec violation
(bsc#1012628).
- scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic
(bsc#1012628).
- openrisc: Define memory barrier mb (bsc#1012628).
- scsi: pm80xx: Fix drives missing during rmmod/insmod loop
(bsc#1012628).
- btrfs: release path before starting transaction when cloning
inline extent (bsc#1012628).
- btrfs: do not BUG_ON in link_to_fixup_dir (bsc#1012628).
- ALSA: dice: disable double_pcm_frames mode for M-Audio Profire
610, 2626 and Avid M-Box 3 Pro (bsc#1012628).
- platform/x86: hp-wireless: add AMD's hardware id to the
supported list (bsc#1012628).
- platform/x86: intel_punit_ipc: Append MODULE_DEVICE_TABLE for
ACPI (bsc#1012628).
- platform/x86: touchscreen_dmi: Add info for the Mediacom Winpad
7.0 W700 tablet (bsc#1012628).
- SMB3: incorrect file id in requests compounded with open
(bsc#1012628).
- drm/amd/display: Disconnect non-DP with no EDID (bsc#1012628).
- drm/amd/amdgpu: fix refcount leak (bsc#1012628).
- drm/amdgpu: Fix a use-after-free (bsc#1012628).
- drm/amd/amdgpu: fix a potential deadlock in gpu reset
(bsc#1012628).
- drm/amdgpu: stop touching sched.ready in the backend
(bsc#1012628).
- platform/x86: touchscreen_dmi: Add info for the Chuwi Hi10 Pro
(CWI529) tablet (bsc#1012628).
- block: fix a race between del_gendisk and BLKRRPART
(bsc#1012628).
- linux/bits.h: fix compilation error with GENMASK (bsc#1012628).
- spi: take the SPI IO-mutex in the spi_set_cs_timing method
(bsc#1012628).
- net: netcp: Fix an error message (bsc#1012628).
- net: dsa: fix error code getting shifted with 4 in
dsa_slave_get_sset_count (bsc#1012628).
- interconnect: qcom: bcm-voter: add a missing of_node_put()
(bsc#1012628).
- interconnect: qcom: Add missing MODULE_DEVICE_TABLE
(bsc#1012628).
- usb: cdnsp: Fix lack of removing request from pending list
(bsc#1012628).
- ASoC: cs42l42: Regmap must use_single_read/write (bsc#1012628).
- net: stmmac: Fix MAC WoL not working if PHY does not support
WoL (bsc#1012628).
- net: ipa: memory region array is variable size (bsc#1012628).
- vfio-ccw: Check initialized flag in cp_init() (bsc#1012628).
- spi: Assume GPIO CS active high in ACPI case (bsc#1012628).
- net: really orphan skbs tied to closing sk (bsc#1012628).
- net: packetmmap: fix only tx timestamp on request (bsc#1012628).
- net: fec: fix the potential memory leak in fec_enet_init()
(bsc#1012628).
- octeontx2-pf: fix a buffer overflow in otx2_set_rxfh_context()
(bsc#1012628).
- ptp: ocp: Fix a resource leak in an error handling path
(bsc#1012628).
- chelsio/chtls: unlock on error in chtls_pt_recvmsg()
(bsc#1012628).
- net: mdio: thunder: Fix a double free issue in the .remove
function (bsc#1012628).
- net: mdio: octeon: Fix some double free issues (bsc#1012628).
- cxgb4/ch_ktls: Clear resources when pf4 device is removed
(bsc#1012628).
- openvswitch: meter: fix race when getting now_ms (bsc#1012628).
- tls splice: check SPLICE_F_NONBLOCK instead of MSG_DONTWAIT
(bsc#1012628).
- net: sched: fix packet stuck problem for lockless qdisc
(bsc#1012628).
- net: sched: fix tx action rescheduling issue during deactivation
(bsc#1012628).
- net: sched: fix tx action reschedule issue with stopped queue
(bsc#1012628).
- net: hso: check for allocation failure in
hso_create_bulk_serial_device() (bsc#1012628).
- net: bnx2: Fix error return code in bnx2_init_board()
(bsc#1012628).
- bnxt_en: Include new P5 HV definition in VF check (bsc#1012628).
- bnxt_en: Fix context memory setup for 64K page size
(bsc#1012628).
- mld: fix panic in mld_newpack() (bsc#1012628).
- net/smc: remove device from smcd_dev_list after failed
device_add() (bsc#1012628).
- gve: Check TX QPL was actually assigned (bsc#1012628).
- gve: Update mgmt_msix_idx if num_ntfy changes (bsc#1012628).
- gve: Add NULL pointer checks when freeing irqs (bsc#1012628).
- gve: Upgrade memory barrier in poll routine (bsc#1012628).
- gve: Correct SKB queue index validation (bsc#1012628).
- iommu/amd: Clear DMA ops when switching domain (bsc#1012628).
- iommu/virtio: Add missing MODULE_DEVICE_TABLE (bsc#1012628).
- net: hns3: fix incorrect resp_msg issue (bsc#1012628).
- net: hns3: put off calling register_netdev() until client
initialize complete (bsc#1012628).
- net: hns3: fix user's coalesce configuration lost issue
(bsc#1012628).
- net/mlx5: SF, Fix show state inactive when its inactivated
(bsc#1012628).
- net/mlx5e: Make sure fib dev exists in fib event (bsc#1012628).
- net/mlx5e: Reject mirroring on source port change encap rules
(bsc#1012628).
- iommu/vt-d: Check for allocation failure in aux_detach_device()
(bsc#1012628).
- iommu/vt-d: Use user privilege for RID2PASID translation
(bsc#1012628).
- cxgb4: avoid accessing registers when clearing filters
(bsc#1012628).
- staging: emxx_udc: fix loop in _nbu2ss_nuke() (bsc#1012628).
- ASoC: cs35l33: fix an error code in probe() (bsc#1012628).
- bpf, offload: Reorder offload callback 'prepare' in verifier
(bsc#1012628).
- bpf: Set mac_len in bpf_skb_change_head (bsc#1012628).
- ixgbe: fix large MTU request from VF (bsc#1012628).
- ASoC: qcom: lpass-cpu: Use optional clk APIs (bsc#1012628).
- scsi: libsas: Use _safe() loop in sas_resume_port()
(bsc#1012628).
- net: lantiq: fix memory corruption in RX ring (bsc#1012628).
- ipv6: record frag_max_size in atomic fragments in input path
(bsc#1012628).
- scsi: aic7xxx: Restore several defines for aic7xxx firmware
build (bsc#1012628).
- ALSA: usb-audio: scarlett2: snd_scarlett_gen2_controls_create()
can be static (bsc#1012628).
- net: ethernet: mtk_eth_soc: Fix packet statistics support for
MT7628/88 (bsc#1012628).
- sch_dsmark: fix a NULL deref in qdisc_reset() (bsc#1012628).
- net: hsr: fix mac_len checks (bsc#1012628).
- MIPS: alchemy: xxs1500: add gpio-au1000.h header file
(bsc#1012628).
- MIPS: ralink: export rt_sysc_membase for rt2880_wdt.c
(bsc#1012628).
- net: zero-initialize tc skb extension on allocation
(bsc#1012628).
- net: mvpp2: add buffer header handling in RX (bsc#1012628).
- SUNRPC: More fixes for backlog congestion (bsc#1012628).
- thermal/drivers/qcom: Fix error code in
adc_tm5_get_dt_channel_data() (bsc#1012628).
- KVM: X86: hyper-v: Task srcu lock when accessing kvm_memslots()
(bsc#1012628).
- xprtrdma: Revert 586a0787ce35 (bsc#1012628).
- samples/bpf: Consider frame size in tx_only of xdpsock sample
(bsc#1012628).
- net: hns3: check the return of skb_checksum_help()
(bsc#1012628).
- bpftool: Add sock_release help info for cgroup attach/prog
load command (bsc#1012628).
- Revert "Revert "ALSA: usx2y: Fix potential NULL pointer
dereference"" (bsc#1012628).
- net: hso: bail out on interrupt URB allocation failure
(bsc#1012628).
- arm64: mm: don't use CON and BLK mapping if KFENCE is enabled
(bsc#1012628).
- neighbour: Prevent Race condition in neighbour subsytem
(bsc#1012628).
- usb: core: reduce power-on-good delay time of root hub
(bsc#1012628).
- commit f17eb01
++++ qemu:
- disable sheepdog, it was dropped upstream (
https://gitlab.com/qemu-project/qemu/-/commit/09ec85176e4095be15f233ebc870d5680123f024)
and fails to build with gcc 11 on non-x86
++++ ovmf:
- Correct the path to copy the Xen flavor
------------------------------------------------------------------
------------------ 2021-6-2 - Jun 2 2021 -------------------
------------------------------------------------------------------
++++ Mesa:
- no longer autoselect Mesa-dri-nouveau at all; autoselect
libvdpau_nouveau depending on PCI ID (boo#1186721)
++++ Mesa-drivers:
- no longer autoselect Mesa-dri-nouveau at all; autoselect
libvdpau_nouveau depending on PCI ID (boo#1186721)
++++ ansible:
- update to 2.9.22
++++ chrony:
- Change to using systemd-sysusers
- Remove otherproviders, not needed anymore
++++ compat-usrmerge:
- exit early if one of the affected directories has mountpoint
beneath it
++++ dnsmasq:
- Change to using systemd-sysusers on TW
++++ e2fsprogs:
- Fix the %doc files. RELEASE-NOTES is a symlink to
doc/RelNotes/v%version.
++++ hwdata:
- Update to version 0.348 (bsc#1186749):
+ Updated pci, usb and vendor ids.
++++ kbd:
- Update the installed license file.
COPYING is a symlink to LICENSE. Let's use this file directly.
++++ kernel-default:
- kernel-binary.spec: Only use mkmakefile when it exists
Linux 5.13 no longer has a mkmakefile script
- commit b453c7b
++++ kernel-default-base:
- Add nfsd for nfs server support (boo#1186363 bsc#1089118)
++++ avahi:
- Fix libavahi-devel requirements. The devel package installs
libavahi-libevent.so but didn't require the library it's
pointing to.
++++ libcap:
- Fix a broken symlink. libcap-devel installs libpsx.so but
didn't install the library it's pointing to.
++++ python310-core:
- Exclude test_capi on Leap (test fails there)
++++ libxslt:
- Move the Copyright file to %_defaultlicensedir
Configure.ac replaces the COPYING file with a symlink.
++++ patterns-base:
- Suggest kernel-default from patterns-base-base
++++ python310:
- Exclude test_capi on Leap (test fails there)
++++ zypper:
- Add hints to 'trust GPG key' prompt.
- Add report when receiving new package signing keys from a
trusted repo (bsc#1184326)
- Added translation using Weblate (Kabyle)
- version 1.14.45
------------------------------------------------------------------
------------------ 2021-6-1 - Jun 1 2021 -------------------
------------------------------------------------------------------
++++ aaa_base:
- Update to version 84.87+git20210601.8cb043f:
* Use shell builtins for $HOSTTYPE and others (boo#1186296)
++++ boost-base:
- Compile boost iostreams with lzma support for reading .xz files
++++ chrony:
- Update to 4.1
* Add support for NTS servers specified by IP address (matching
Subject Alternative Name in server certificate)
* Add source-specific configuration of trusted certificates
* Allow multiple files and directories with trusted certificates
* Allow multiple pairs of server keys and certificates
* Add copy option to server/pool directive
* Increase PPS lock limit to 40% of pulse interval
* Perform source selection immediately after loading dump files
* Reload dump files for addresses negotiated by NTS-KE server
* Update seccomp filter and add less restrictive level
* Restart ongoing name resolution on online command
* Fix dump files to not include uncorrected offset
* Fix initstepslew to accept time from own NTP clients
* Reset NTP address and port when no longer negotiated by NTS-KE
server
- Update clknetsim to snapshot f89702d.
- Refresh chrony.keyring from
https://chrony.tuxfamily.org/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc
- Ensure the correct pool packages are installed for openSUSE
and SLE (bsc#1180689).
++++ compat-usrmerge:
- add fallback for filesystems without renameat2 (boo#1186637)
++++ gnutls:
- Update to version 3.7.2
* Added Linux kernel AF_ALG based acceleration
* Fixed timing of early data exchange
* The priority string option DISABLE_TLS13_COMPAT_MODE was added
to disable TLS 1.3 middlebox compatibility mode
* The GNUTLS_NO_EXPLICIT_INIT envvar has been renamed to
GNUTLS_NO_IMPLICIT_INIT to reflect the purpose
* certtool:
* When signing a CSR, CRL distribution point (CDP) is no
longer copied from the signing CA by default
* When producing certificates and certificate requests, subject
DN components that are provided individually will now be
ordered by assumed scale
++++ kernel-default:
- kernel-doc: Use Sphinx3.
Sphinx2 is about to be removed from Factory.
- commit fb6d3b6
++++ libvirt:
- Update to libvirt 7.4.0
- Many incremental improvements and bug fixes, see
https://libvirt.org/news.html
- Dropped patches:
ee890f25-libxl-mock-funcs.patch
++++ libxml2:
- Fix python-lxml regression with libxml2 2.9.12:
* Work around lxml API abuse:
gitlab.gnome.org/GNOME/libxml2/issues/255
- Add upstream patches:
* libxml2-fix-lxml-corrupted-subtree-structures.patch
* libxml2-fix-regression-in-xmlNodeDumpOutputInternal.patch
- Update to version 2.9.12
* Fix CVE-2021-3541, CVE-2021-3537 (bsc#1185698, bsc#1185879),
CVE-2021-3518, CVE-2021-3517, CVE-2021-3516, CVE-2020-7595,
CVE-2019-20388, CVE-2020-24977, and CVE-2019-19956 (bsc#1159928)
* Fix null deref in legacy SAX1 parser
* Fix handling of unexpected EOF in xmlParseContent
* Fix user-after-free
* Validate UTF8 in xmlEncodeEntities
* Fix memory leak in xmlParseElementMixedContentDecl
* Fix integer overflow in xmlSchemaGetParticleTotalRangeMin
* Fix SEGV in xmlSAXParseFileWithData
* Don't process siblings of root in xmlXIncludeProcess
* Full changes: http://xmlsoft.org/news.html
- Drop upstream fixed
* libxml2-CVE-2021-3541.patch
* libxml2-CVE-2021-3537.patch
* libxml2-CVE-2021-3518.patch
* libxml2-CVE-2021-3517.patch
* libxml2-CVE-2021-3516.patch
* libxml2-CVE-2020-7595.patch
* libxml2-CVE-2019-20388.patch
* libxml2-CVE-2020-24977.patch
* libxml2-CVE-2019-19956.patch
* libxml2-python39.patch
* libxml2-Avoid-quadratic-checking-of-identity-constraints.patch
- Drop since 2.9.10 merged libxml2-xmlFreeNodeList-recursive.patch
- Drop since 2.8.0 merged fix-perl.diff
- Refresh libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch
++++ libxslt:
- Fix build with libxml2 2.9.12 that removes maxParserDepth XPath limit
- Add upstream patches:
* libxslt-Stop-using-maxParserDepth-XPath-limit.patch
* libxslt-Do-not-set-maxDepth-in-XPath-contexts.patch
++++ libzypp:
- Work around download.o.o broken https redirects.
- Allow trusted repos to add additional signing keys (bsc#1184326)
Repositories signed with a trusted gpg key may import additional
package signing keys. This is needed if different keys were used
to sign the the packages shipped by the repository.
- MediaCurl: Fix logging of redirects.
- Use 15.3 resolver problem and solution texts on all distros.
- $ZYPP_LOCK_TIMEOUT: Let negative values wait forever for the
zypp lock (bsc#1184399)
Helps boot time services like 'zypper purge-kernels' to wait for
the zypp lock until other services using zypper have completed.
- Fix purge-kernels is broken in Leap 15.3 (bsc#1185325)
Leap 15.3 introduces a new kernel package called
kernel-flavour-extra, which contain kmp's. Currently kmp's are
detected by name ".*-kmp(-.*)?" but this does not work which
those new packages. This patch fixes the problem by checking
packages for kmod(*) and ksym(*) provides and only falls back to
name checking if the package in question does not provide one of
those.
- Introduce zypp-runpurge, a tool to run purge-kernels on
testcases.
- version 17.26.0 (22)
++++ salt:
- Check if dpkgnotify is executable (bsc#1186674)
- Added:
* check-if-dpkgnotify-is-executable-bsc-1186674-376.patch
++++ python-MarkupSafe:
- Update to v2.0.1
* Mark top-level names as exported so type checking understands
imports in user projects.
* Fix some types that weren’t available in Python 3.6.0.
- Update to v2.0.0
* Drop Python 2.7, 3.4, and 3.5 support.
* Markup.unescape uses html.unescape() to support HTML5 character
references. #117
* Add type annotations for static typing tools. #149
++++ python-libvirt-python:
- Update to 7.4.0
- Add all new APIs and constants in libvirt 7.4.0
++++ libxml2-python:
- Fix python-lxml regression with libxml2 2.9.12:
* Work around lxml API abuse:
gitlab.gnome.org/GNOME/libxml2/issues/255
- Add upstream patches:
* libxml2-fix-lxml-corrupted-subtree-structures.patch
* libxml2-fix-regression-in-xmlNodeDumpOutputInternal.patch
- Update to version 2.9.12
* Fix CVE-2021-3541, CVE-2021-3537 (bsc#1185698, bsc#1185879),
CVE-2021-3518, CVE-2021-3517, CVE-2021-3516, CVE-2020-7595,
CVE-2019-20388, CVE-2020-24977, and CVE-2019-19956 (bsc#1159928)
* Fix null deref in legacy SAX1 parser
* Fix handling of unexpected EOF in xmlParseContent
* Fix user-after-free
* Validate UTF8 in xmlEncodeEntities
* Fix memory leak in xmlParseElementMixedContentDecl
* Fix integer overflow in xmlSchemaGetParticleTotalRangeMin
* Fix SEGV in xmlSAXParseFileWithData
* Don't process siblings of root in xmlXIncludeProcess
* Full changes: http://xmlsoft.org/news.html
- Drop upstream fixed
* libxml2-CVE-2021-3541.patch
* libxml2-CVE-2021-3537.patch
* libxml2-CVE-2021-3518.patch
* libxml2-CVE-2021-3517.patch
* libxml2-CVE-2021-3516.patch
* libxml2-CVE-2020-7595.patch
* libxml2-CVE-2019-20388.patch
* libxml2-CVE-2020-24977.patch
* libxml2-CVE-2019-19956.patch
* libxml2-python39.patch
* libxml2-Avoid-quadratic-checking-of-identity-constraints.patch
- Drop since 2.9.10 merged libxml2-xmlFreeNodeList-recursive.patch
- Drop since 2.8.0 merged fix-perl.diff
- Refresh libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch
++++ runc:
- Update to runc v1.0.0. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.0.0
! The usage of relative paths for mountpoints will now produce a warning
(such configurations are outside of the spec, and in future runc will
produce an error when given such configurations).
* cgroupv2: devices: rework the filter generation to produce consistent
results with cgroupv1, and always clobber any existing eBPF
program(s) to fix runc update and avoid leaking eBPF programs
(resulting in errors when managing containers).
* cgroupv2: correctly convert "number of IOs" statistics in a
cgroupv1-compatible way.
* cgroupv2: support larger than 32-bit IO statistics on 32-bit architectures.
* cgroupv2: wait for freeze to finish before returning from the freezing
code, optimize the method for checking whether a cgroup is frozen.
* cgroups/systemd: fixed "retry on dbus disconnect" logic introduced in rc94
* cgroups/systemd: fixed returning "unit already exists" error from a systemd
cgroup manager (regression in rc94)
+ cgroupv2: support SkipDevices with systemd driver
+ cgroup/systemd: return, not ignore, stop unit error from Destroy
+ Make "runc --version" output sane even when built with go get or
otherwise outside of our build scripts.
+ cgroups: set SkipDevices during runc update (so we don't modify
cgroups at all during runc update).
+ cgroup1: blkio: support BFQ weights.
+ cgroupv2: set per-device io weights if BFQ IO scheduler is available.
++++ vim:
- Updated to version 8.2.2918, fixes the following problems
* Using <Cmd> mapping on the command line triggers CmdlineChanged. (Naohiro
Ono)
* Configure can add --as-needed a second time.
* Window is not updated after using <Cmd> mapping.
* Custom statusline cannot contain % items.
* White space after "->" does not give E274.
* Get readonly error for device that can't be written to.
* Vim9: exception in ISN_INSTR caught at wrong level.
* Test fails because of changed error message.
* Tcl test fails because of changed error message.
* Adding a text property causes the whole window to be redawn.
* Vim9: "legacy return" is not recognized as a return statement.
* Removing a text property causes the whole window to be redawn.
* Removing a text property does not redraw optimally.
* Vim9: crash when using inline function.
* Skipping over function body fails.
* Vim9: memory leak when using inline function.
* Build failure.
* Vim9: When executing a compiled expression the trylevel at start is
changed but not restored. (closes #8214)
* Using unified diff is not tested.
* CmdlineChange event triggered twice for CTRL-R.
* Unnessary VIM_ISDIGIT() calls, badly indented code.
* Python tests fail without the channel feature.
* Not enough tests for writing buffers.
* Cancelling inputlist() after a digit does not return zero.
* Configure cannot detect Python 3.10.
* Insufficient tests for popup menu rightleft.
* Vim9: for loop list unpack only allows for one "_".
* File extension .hsig not recognized.
* Unified diff fails if actually used.
* Various pieces of code not covered by tests.
* Vim9: memory leak when lambda has an error.
* Not enough cscope code is covered by tests.
* searching for \%'> does not match linewise end of line. (Tim Chase)
* Various pieces of code not covered by tests.
* Crash when passing null string to fullcommand().
* Vim9: "k" command recognized in Vim9 script.
* Typo and verbose comment in Makefiles.
* Text property duplicated when data block splits.
* Cannot build with Perl 5.34.
* Error message contains random characters.
* Multi-byte text in popup title shows up wrong.
* Vim9: random characters appear in some error messages.
* Spellfile functionality not fully tested.
* Vim9: can use reserved words at the script level.
* QuitPre and ExitPre not triggered when GUI window is closed.
* Appveyor script does not detect nmake failure.
* QuitPre is triggered before :wq writes the file, which is different from
other commands.
* Some operators not fully tested.
* Spellfile functionality not fully tested.
* Cursor position wrong on wrapped line with 'signcolumn'.
* "g$" causes scroll if half a double width char is visible.
* No error when defaults.vim cannot be loaded.
* ASAN reports errors for test_startup for unknown reasons.
* Memory leak when running out of memory.
* Crash when using a terminal popup window from the cmdline window.
* Build error with non-Unix system.
* Test for cmdline window and terminal fails on MS-Windows.
* Pattern "\%V" does not match all of block selection. (Rick Howe)
* MS-Windows: most users expect using Unicode.
* MS-Windows conpty supports using mouse events.
* Cannot paste a block without adding padding.
* Operators are not fully tested.
* Spellfile functionality not fully tested.
* Builtin function can be shadowed by global variable.
------------------------------------------------------------------
------------------ 2021-5-31 - May 31 2021 -------------------
------------------------------------------------------------------
++++ cni:
- Update to version 0.8.1:
* This is a security release that fixes a single bug: bsc#1181961 aka CVE-2021-20206
- Tighten up plugin-finding logic (#811).
++++ dracut:
- Update to version 055+suse.97.gb98506b2:
* docs: update NEWS.md and AUTHORS
* fix(fs-lib): install fsck utilities
* fix(integrity): require ALLOW_METADATA_WRITES to come from EVM config file
* fix(install): configure logging earlier
* fix(warpclock): minor cleanups
* fix(dash): minor cleanups
* fix(mksh): minor cleanups
* feat(install): add default value for --firmwaredirs
* fix(dracut-functions): get_maj_min without get_maj_min_cache_file set
* fix(dracut): pipe hardlink output to `dinfo`
* fix(install): sane default --kerneldir
* fix(bash): minor cleanups
* fix(squash): don't mount the mount points if already mounted
* ci: add shfmt to Fedora containers
* fix(base): add missing `str_replace` to `dracut-dev-lib.sh`
* feat(dracut.sh): detect running in a container
* fix(base): split out `dracut-dev-lib.sh`
* fix(dracut-util): print error message with trailing newline
* fix(packit): downstream has renamed the master branch to main
- Update to version 054+suse.96.gb5aa64d2:
* fix(suse-initrd) fix list of modprobe.d directories
++++ filesystem:
- Add Turkish, Romanian and Indonesian to localized man directories
(match up all currently supported languages by man-db)
++++ grub2:
- Fix running grub2-once leads to failure of starting systemd service in the
boot sequence (bsc#1169460)
* grub2-once
* grub2-once.service
++++ libX11:
- U_Check-for-NULL-strings-before-getting-their-lengths.patch
* regression in libX11 1.7.1 (boo#1186643)
fixes segfaults for xforms applications like fdesign
++++ alsa:
- Update to version 1.2.5
* https://www.alsa-project.org/wiki/Changes_v1.2.4_v1.2.5#alsa-lib
- Drop upstream fixed patches
* 0001-dlmisc-the-snd_plugin_dir_set-snd_plugin_dir-must-be.patch
* 0002-dlmisc-fix-snd_plugin_dir-locking-for-not-DL_ORIGIN_.patch
* 0003-pcm-snd_pcm_mmap_readi-fix-typo-in-comment.patch
* 0004-topology-use-inclusive-language-for-bclk.patch
* 0005-topology-use-inclusive-language-for-fsync.patch
* 0006-topology-use-inclusive-language-in-documentation.patch
* 0007-pcm-set-the-snd_pcm_ioplug_status-tstamp-field.patch
* 0009-pcm-Add-snd_pcm_audio_tstamp_type_t-constants.patch
* 0045-pcm-direct-Fix-the-missing-appl_ptr-update.patch
* 0019-pcm-fix-__snd_pcm_state-return-value.patch
* 0025-pcm-plugin-optimize-sync-in-snd_pcm_plugin_status.patch
* 0026-Revert-pcm_plugin-fix-delay.patch
* 0014-rawmidi-fix-memory-leak-in-snd_rawmidi_virtual_open.patch
* 0037-topology-tplg_decode_pcm-add-missing-log-argument-co.patch
* 0040-topology-sort_config-cleanups-use-goto-for-the-error.patch
* 0028-pcm-rate-tidy-up-snd_pcm_rate_avail_update.patch
* 0046-pcm-ioplug-Pass-appl_ptr-and-hw_ptr-in-snd_pcm_statu.patch
* 0030-pcm-rate-use-pcm_frame_diff-in-snd_pcm_rate_playback.patch
* 0047-pcm-null-Pass-appl_ptr-and-hw_ptr-in-snd_pcm_status.patch
* 0043-pcm-dmix-dshare-delay-calculation-fixes-and-cleanups.patch
* 0042-pcm_plugin-set-the-initial-hw_ptr-appl_ptr-from-the-.patch
* 0011-pcm-Fix-a-typo-in-SND_PCM_AUDIO_TSTAMP_TYPE_LAST-def.patch
* 0017-pcm_multi-remove-dead-assignment-from-_snd_pcm_multi.patch
* 0027-pcm-ioplug-fix-the-delay-calculation-in-the-status-c.patch
* 0041-conf-USB-add-Xonar-U7-MKII-to-USB-Audio.pcm.iec958_d.patch
* 0016-pcm-remove-dead-assignments-from-snd_pcm_rate_-commi.patch
* 0035-topology-tplg_pprint_integer-fix-coverity-uninitaliz.patch
* 0034-ucm-fix-possible-memory-leak-in-parse_verb_file.patch
* 0021-conf-fix-return-code-in-_snd_config_load_with_includ.patch
* 0023-pcm-plugin-status-revert-the-recent-changes.patch
* 0020-confmisc-fix-memory-leak-in-snd_func_concat.patch
* 0029-pcm-ioplug-fix-the-delay-calculation-for-old-plugins.patch
* 0039-ucm-uc_mgr_substitute_tree-fix-use-after-free.patch
* 0024-pcm-plugin-tidy-snd_pcm_plugin_avail_update.patch
* 0010-test-audio_time-Make-use-of-SND_PCM_AUDIO_TSTAMP_TYP.patch
* 0033-pcm-rate-fix-the-capture-delay-values.patch
* 0015-timer-fix-sizeof-operator-mismatch-in-snd_timer_quer.patch
* 0036-topology-tplg_add_widget_object-do-not-use-invalid-e.patch
* 0044-topology-fix-parse_tuple_set-remove-dead-condition-c.patch
* 0038-topology-parse_tuple_set-remove-dead-condition-code.patch
* 0018-conf-fix-get_hexachar-return-value.patch
* 0013-ucm-fix-bad-frees-in-get_list0-and-get_list20.patch
* 0012-conf-fix-use-after-free-in-_snd_config_load_with_inc.patch
* 0031-pcm-plugin-fix-status-code-for-capture.patch
* 0048-pcm-share-Pass-appl_ptr-and-hw_ptr-in-snd_pcm_status.patch
* 0032-pcm-rate-use-pcm_frame_diff-on-related-places.patch
* 0022-pcm-plugin-status-fix-the-return-value-regression.patch
++++ openssl:
- Provide openssl(cli) by the meta package: Together with the
suggests openssl in the base patterns, any consumer of this
symbols should get the openssl meta package as candidate, which
allows us to easier change the recommended default version.
++++ python-Jinja2:
- update to 3.0.1
Read the announcement:
https://palletsprojects.com/blog/flask-2-0-released/
Read the full list of changes:
https://jinja.palletsprojects.com/changes/#version-3-0-0
- python-Jinja2-vim subpackage dropped
vim highlight rule files do not exist anymore
++++ ovmf:
- Update to edk2-stable202105
* MdeModulePkg/UfsPassThruDxe: Improve Device initialization
polling Loop
* MdePkg: MmUnblockMemoryLib: Added definition and null instance
* OvmfPkg: resolve MmUnblockMemoryLib (mainly for
VariableSmmRuntimeDxe)
* MdeModulePkg: VariableSmmRuntimeDxe: Added request unblock
memory interface
* SecurityPkg: Tcg2Smm: Switching from gSmst to gMmst
* SecurityPkg: Tcg2Smm: Separate Tcg2Smm into 2 modules
* SecurityPkg: Tcg2Smm: Added support for Standalone Mm
* SecurityPkg: Tcg2Acpi: Added unblock memory interface for NVS
region
* UefiCpuPkg/MpInitLib: Use NASM struc to avoid hardcode offset
* UefiCpuPkg/MpInitLib: Remove unused Lock from
MP_CPU_EXCHANGE_INFO
* UefiCpuPkg/SmmCpuFeaturesLib: Move multi-instance function decl
to header
* UefiCpuPkg/SmmCpuFeaturesLib: Rename SmmCpuFeaturesLib.c
* UefiCpuPkg/SmmCpuFeaturesLib: Cleanup library constructors
* UefiCpuPkg/SmmCpuFeaturesLib: Abstract PcdCpuMaxLogicalProcessorNumber
* UefiCpuPkg/SmmCpuFeaturesLib: Add Standalone MM support
* UefiCpuPkg/PiSmmCpu: Don't allocate Token for SmmStartupThisAp
* RedfishPkg/Library: RedfishLib
* OvmfPkg/CpuHotplugSmm: refactor hotplug logic
* OvmfPkg/CpuHotplugSmm: collect hot-unplug events
* OvmfPkg/CpuHotplugSmm: add Qemu Cpu Status helper
* OvmfPkg/CpuHotplugSmm: introduce UnplugCpus()
* OvmfPkg: define CPU_HOT_EJECT_DATA
* OvmfPkg/SmmCpuFeaturesLib: init CPU ejection state
* OvmfPkg/SmmCpuFeaturesLib: call CPU hot-eject handler
* OvmfPkg/CpuHotplugSmm: add EjectCpu()
* OvmfPkg/CpuHotplugSmm: do actual CPU hot-eject
* OvmfPkg/SmmControl2Dxe: negotiate CPU hot-unplug
* EmbeddedPkg/PrePiHobLib: replace duplicate GUID
* MdePkg/UefiLib: Correct the arguments passed to
IsLanguageSupported()
* UefiCpuPkg/CpuCacheInfoLib: Collect cache associative type
* UefiCpuPkg/MpInitLib: avoid printing debug messages in AP
* UefiCpuPkg/CpuDxe: Rename variables to follow EDKII coding
standard
* UefiCpuPkg/CpuDxe: Guarantee GDT is below 4GB
* BaseTools/Ecc: Make Ecc only check first include guard
* ShellPkg/SmbiosView: add more items for smbiosview -t 3
* MdePkg: Support standalone MM Driver Unload capability
* OvmfPkg/X86QemuLoadImageLib: Handle allocation failure for
CommandLine
* ShellPkg/Pci: Add valid check for PCI extended config space
parser
* CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1j
* OvmfPkg: strip build paths in release builds
* MdeModulePkg: Initialize local variable value before they are
used
* UefiCpuPkg/SmmCommunication: Remove out-dated comments
* MdePkg: use CpuPause() in CpuDeadLoop()
* MdePkg/Include: EFI Redfish Discover protocol
* ShellPkg/UefiHandleParsingLib: Support EFI Redfish protocols
* MdePkg/Include/Protocol: EFI_HII POPUP_PROTOCOL duplicate
declaration
* MdePkg/Include/Protocol: EFI_RESET_NOTIFICATION_PROTOCOL
duplicate
* CryptoPkg/Private/Protocol/Crypto.h: Remove duplicate function
type
* MdePkg/BaseLib: Add support for the XSETBV instruction
* MdeModulePkg/PiDxeS3BootScriptLib: Rename mAcpiS3Enable to
avoid dup symbol
* MdePkg/IoLib: Filter/trace port IO/MMIO access
* MdePkg/Baseib: Filter/trace MSR access for IA32/X64
* UefiCpuPkg: Remove PEI/DXE instances of CpuTimerLib.
* UefiCpuPkg: Add MicrocodeLib for loading microcode
* OvmfPkg: Add MicrocodeLib in DSC files.
* UefiPayloadPkg/UefiPayloadPkg.dsc: Consume MicrocodeLib
* UefiCpuPkg/MpInitLib: Consume MicrocodeLib to remove duplicated
code
* UefiCpuPkg/PiSmmCpuDxeSmm: Support detect SMM shadow stack
overflow
* ShellPkg: Fix smbiosview system enclosure type table
* UefiCpuPkg/CpuTimerLib: Update LIBRARY_CLASS of Base instance.
* RedfishPkg/RedfishDiscoverDxe: EFI Redfish Discover Protocol
* RedfishPkg/RedfishConfigHandler: EDKII RedfishConfigHandler
Protocol
* UefiCpuPkg: PiSmmCpuDxeSmm: Check buffer size before accessing
* BaseTools/Conf: Fix MAKE_FLAGS typos in tools_def.template
* MdeModulePkg: Initialize temp variable in VarCheckPolicyLib
* SecurityPkg/Tcg2Smm: Initialize local Status variable
* DynamicTablesPkg: add validation for PcdNonBsaCompliant16550SerialHid
* OvmfPkg/XenResetVector: Silent a warning from nasm
* MdePkg: Allow PcdFSBClock to by Dynamic
* OvmfPkg/IndustryStandard/Xen: Apply EDK2 coding style to
XEN_VCPU_TIME_INFO
* OvmfPkg/IndustryStandard: Introduce PageTable.h
* OvmfPkg/XenPlatformPei: Map extra physical address
* OvmfPkg/XenPlatformPei: Calibrate APIC timer frequency
* OvmfPkg/OvmfXen: Set PcdFSBClock
* DynamicTablesPkg: Re-order GicItsIdentifierArray struct
* DynamicTablesPkg: Remove EArmObjExtendedInterruptInfo
* MdePkg: Fix AsmReadMsr64() and AsmWriteMsr64() with GCC
toolchain
* BaseTools/PlatformAutoGen: MAKE_FLAGS and MAKE_PATH fixes
* RedfishPkg/RestJsonStructureDxe: Fix typo in function header
* MdePkg/Include: Allow CPU specific defines to be predefined
* CryptoPkg/Library/Include: Allow CPU specific defines to be
predefined
* ArmPlatformPkg: Fix Ecc error 8001
* ArmPlatformPkg: Fix Ecc error 9001
* ArmPlatformPkg: Remove package dependency in
NorFlashStandaloneMm
* ArmPkg: Fix Ecc error 8001 in Chipset
* ArmPkg: Fix Ecc error 8001 in SemihostLib
* ArmPkg: Fix Ecc error 8001 in ArmArchTimerLib
* ArmPkg: Fix Ecc error 9005 in CpuDxe
* ArmPkg: Fix Ecc error 10006 in ArmPkg.dsc
* ArmPkg: Fix Ecc error 10016 in StandaloneMmMmuLib
* ArmPkg: Fix Ecc error 10014 in ArmScmiDxe
* ArmPkg: Fix Ecc error 10014 in GenericWatchdogDxe
* ArmPkg: Fix Ecc error 10014 in MmCommunicationDxe
* ArmPkg: Fix Ecc error 10014 in SemihostLib
* ArmPkg: Remove ArmGic/ArmGicSecLib.c
* ArmPkg: Fix Ecc error 5003 in ArmExceptionLib
* ArmPkg: Fix Ecc error 6001 in MmCommunicationDxe
* ArmPkg: Fix Ecc error 6001 in ArmSoftFloatLib
* ArmPkg: Rename include guard in ArmGicLib.h
* ArmPkg: Fix Ecc error 7008 for SCMI_CLOCK_RATE
* ArmPkg: Fix Ecc error 7008 for OPTEE_MESSAGE_PARAM
* ArmPkg: Fix Ecc error 8005/8007 in ArmDisassemblerLib
* ArmPkg: Fix Ecc error 8005 for SCMI_PROTOCOL_ID
* ArmPkg: Fix Ecc error 8005 for SCMI_MESSAGE_TYPE
* ArmPkg: Fix Ecc error 8005 for SCMI_STATUS
* ArmPkg: Fix Ecc error 8005 for SCMI_MESSAGE_ID
* ArmPkg: Fix Ecc error 8005 for SCMI_MESSAGE_ID_BASE
* ArmPkg: Fix Ecc error 8005 for SCMI_MESSAGE_ID_CLOCK
* ArmPkg: Fix Ecc error 8005 for SCMI_CLOCK_RATE_FORMAT
* ArmPkg: Fix Ecc error 8005 for SCMI_MESSAGE_ID_PERFORMANCE
* RedfishPkg: Add EDK2 Redfish Foundation diagrams
* SecurityPkg/FvReportPei: remove redundant sizeof
* ShellPkg: Rename Address Size to Access size
* DynamicTablesPkg: Add access size to CM_ARM_SERIAL_PORT_INFO
* DynamicTablesPkg: Set the Access size for the SPCR table
* DynamicTablesPkg: Set the Access size for the DBG2 table
* UefiCpuPkg: PiSmmCpuDxeSmm: Not to Change Bitwidth During
Static Paging
* MdePkg/Cpuid.h: Define new element in CPUID Leaf(07h) data
structure.
* SecurityPkg: Add constraints on PK strength
* ArmPkg: Allow platforms to supply more data for SMBIOS Type3
record
* ArmPkg: Allow platforms to report their boot status via
OemMiscLib call
* ArmPkg: Fix calculation of offset of chassis SKU Number in
SmbiosMiscDxe
* ArmPkg: Fix typo of Manufacturer in comment in SmbiosMiscDxe
* ArmPkg: Fix Ecc error 8003
* ArmPkg: Fix Ecc error 3002 in StandaloneMmMmuLib
* ArmPkg: Add missing library headers to ArmPkg.dec
* ArmPlatformPkg: Document libraries in ArmPlatformPkg.dec
* ArmPkg: Add OemMiscLibNull library to ArmPkg.dsc
* ArmPkg: Correct small typos
* ArmPlatformPkg: Add ArmPlatformPkg.ci.yaml
* OvfmPkg/VmgExitLib: Properly decode MMIO MOVZX and MOVSX
opcodes
* OvmfPkg/VmgExitLib: Add support for new MMIO MOV opcodes
* OvmfPkg: Define a new PPI GUID to signal TPM MMIO accessability
* OvmfPkg/TpmMmioSevDecryptPei: Mark TPM MMIO range as
unencrypted for SEV-ES
* OvmfPkg/Tcg2ConfigPei: Update Depex for IA32 and X64
* ArmPkg: Update SCMI Base Protocol version to 0x20000
* MdePkg/BaseRngLib: Add support for ARMv8.5 RNG instructions
* SecurityPkg: Add support for RngDxe on AARCH64
* UefiCpuPkg/MpInitLib: Properly cast from PCD to SEV-ES jump
table pointer
* BaseTools: Add support for version 3 of FMP Image Header
structure
* CryptoPkg: BaseCryptLib: Add RSA PSS verify support
* ShellPkg/UefiShellCommandLib: suppress incorrect gcc warning
* OvmfPkg/VirtioFsDxe: suppress incorrect gcc warnings
* UefiCpuPkg/CpuExceptionHandler: Add missing comma to exception
name array
* UefiCpuPkg/PiSmmCpu: Remove hardcode 48 address size limitation
* MdeModulePkg: Retrieve boot manager menu from any fv
* ShellPkg/HttpDynamicCommand: Fix possible uninitialized use
* MdeModulePkg/PciBusDxe: Fix possible uninitialized use
* CryptoPkg/BaseCryptLib: Fix possible uninitialized use
* MdeModulePkg/PlatformDriOverrideDxe: Fix overflow condition
check
* MdeModulePkg/VariableLock: downgrade compatibility warnings to
DEBUG_WARN
* ArmPkg/ArmGic: Fix maximum number of interrupts in GICv3
- Update openssl to 1.1.1j
- Drop upstreamed patch: ovmf-bsc1184801-fix-sev-with-tpm.patch
- Add the new Xen flavor for x86_64
+ Update 50-xen-hvm-x86_64.json to use ovmf-x86_64-xen-4m.bin as
the default firmware for Xen
------------------------------------------------------------------
------------------ 2021-5-30 - May 30 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Update to 5.13-rc4
- eliminate 3 patches
- patches.suse/bpf-Fix-alu32-const-subreg-bound-tracking-on-bitwise.patch
- patches.suse/bpf-Prevent-writable-memory-mapping-of-read-only-rin.patch
- patches.suse/bpf-ringbuf-Deny-reserve-of-buffers-larger-than-ring.patch
- update configs
- BPF_UNPRIV_DEFAULT_OFF=n (backward compatible)
- MEMTEST=y (riscv64 only, enabled on most architectures)
- commit 25beba1
++++ unbound:
- Enable DNS-over-HTTPS support
------------------------------------------------------------------
------------------ 2021-5-29 - May 29 2021 -------------------
------------------------------------------------------------------
++++ kmod:
- /usr/lib should override /lib where both are available. Support /usr/lib for
depmod.d as well.
* Refresh usr-lib-modprobe.patch
- Remove test patches included in release 29
- kmod-populate-modules-Use-more-bash-more-quotes.patch
- kmod-testsuite-compress-modules-if-feature-is-enabled.patch
- kmod-also-test-xz-compression.patch
------------------------------------------------------------------
------------------ 2021-5-28 - May 28 2021 -------------------
------------------------------------------------------------------
++++ bash:
- Use well defined HOSTTYPE, as well as OS, VENDOR, and MACHTYPE (boo#1186296)
++++ grub2:
- Fix crash in launching gfxmenu without theme file (bsc#1186481)
* grub2-gfxmenu-support-scrolling-menu-entry-s-text.patch
++++ kdump:
- Fix use of DNS in the panic environment (bsc#1183070):
* kdump-avoid-endless-loop-on-EAI_AGAIN.patch: Avoid an endless
loop when resolving a hostname fails with EAI_AGAIN.
* kdump-install-real-resolv.conf.patch: Install /etc/resolv.conf
using its resolved path.
- kdump-fix-incorrect-exit-code-checking.patch: Fix incorrect exit
code checking after "local" with assignment (bsc#1184616,
LTC#192282)
- kdump-do-not-iterate-past-end-of-string.patch: Fix a crash caused
by iterating past end of string (bsc#1186037).
++++ kernel-default:
- Input: elants_i2c - Fix NULL dereference at probing
(bsc#1186454).
- commit bb5e8ab
- Linux 5.12.8 (bsc#1012628).
- NFC: nci: fix memory leak in nci_allocate_device (bsc#1012628).
- KVM: x86: Defer vtime accounting 'til after IRQ handling
(bsc#1012628).
- context_tracking: Move guest exit vtime accounting to separate
helpers (bsc#1012628).
- context_tracking: Move guest exit context tracking to separate
helpers (bsc#1012628).
- bpf: No need to simulate speculative domain for immediates
(bsc#1012628).
- bpf: Fix mask direction swap upon off reg sign change
(bsc#1012628).
- bpf: Wrap aux data inside bpf_sanitize_info container
(bsc#1012628).
- commit 7a4f594
- Refresh
patches.suse/pinctrl-bcm2835-accept-fewer-than-expected-irqs.patch.
Update upstream status.
- commit fc290e6
++++ patterns-base:
- Suggest openssl from patterns-base-base: in case something
requires /usr/bin/openssl or openssl(cli), we want to declare
openssl as our default.
++++ tpm2.0-tools:
- add 0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch: no longer use a
fixed AES key in the context of the tpm2_import command. Fixes CVE-2021-3565
(bsc#1186490).
- drop fix_pie_linking.patch: now contained in upstream tarball
- drop fix_warnings.patch: now contained in upstream tarball
- update to upstream version 5.1:
- Minimum tpm2-tss version dependency bumped to 3.1.0
- Minimum tpm2-abrmd version dependency bumped to 2.4.0
- tss2:
- Support in tools for PolicyRef inclusion in policy search per latest TSS.
- Support to use TPM objects protected by a policy with PolicySigned.
- Enable backward compatibility to old Fapi callback API.
- Fix PCR selection for tss2 quote.
- Support policy signed policies by implementing Fapi_SetSignCB.
- Command/ response parameter support for auditing and pHash policies:
- lib/tpm2_util.c: Add method to determine hashing alg for cp/rphash
- Add support to calculate rphash for tpm2_create, tpm2_activatecredential,
tpm2_certify, tpm2_certifycreation, tpm2_changeauth, tpm2_changeeps,
tpm2_changepps, tpm2_nvdefine, tpm2_nvextend, tpm2_unseal
- Add support to calculate cphash for tpm2_changeeps, tpm2_changepps.
- Session-support:
- tpm2_sessionconfig: Add tool to display and configure session attributes.
- tpm2_getrandom: Fix— session input was hardcoded for audit-only
- tpm2_startauthsession: Add option to specify the bind object and its
authorization value.
- tpm2_startauthsession: support for bounded-only session.
- tpm2_startauthsession: support for salted-only session.
- tpm2_startauthsession: add option to specify an hmac session type.
- Add support for specifying non-authorization sessions for audit and
parameter encryption for tpm2_getrandom, tpm2_create, tpm2_nvextend,
tpm2_nvdefine, tpm2_unseal, tpm2_activatecredential, tpm2_certify,
tpm2_certifycreation, tpm2_changeauth, tpm2_changeeps, tpm2_changepps.
- tpm2_eventlog:
- Support for event type: EV_IPL extensively used by the Shim and Grub.
- Support for event type: EV_EFI_GPT_EVENT to parse.
UEFI_PARTITION_TABLE_HEADER and UEFI_PARTITION_ENTRY.
- Support for event type: EFI_SIGNATURE_LIST, which contains one or more
EFI_SIGNATURE_DATA.
- Support for event type EV_EFI_VARIABLE_AUTHORITY.
- Parse UEFI_PLATFORM_FIRMWARE_BLOB structure that the CRTM MUST put into
the Event Log entry TCG_PCR_EVENT2.event field for event types
EV_POST_CODE, EV_S_CRTM_CONTENTS, and EV_EFI_PLATFORM_FIRMWARE_BLOB.
- Parse secureboot variable to indicate enable as 'Yes'.
- Parse BootOrder variable to a more readable format.
- Parse Boot variables per EFI_LOAD_OPTION described in more details in
UEFI Spec Section 3.1.3
- Parse Device-path in a readable format using the efivar library.
- Support for logs longer than 64 kilobytes.
- Perform verification for event types where digest can be verified from
their event payload.
- Better support for multiline strings.
- Fix handling of event log EV_POST_CODE data where field is empty and len
is specified.
- scripts/utils: Add a utility to read the cert chain of embedded CA.
- tpm2_getekcertificate: Fix tool failing to return error/non-zero for HTTP
404.
- tpm2_nvdefine: allow setting hash algorithm by command line parameter for NV
indices set in extend mode.
- tpm2_duplicate, tpm2_import: support duplicating non-TPM keys to a remote
TPM without first requiring them to be loaded to a local TPM.
- tpm2_dictionarylockout: Fix issue where setting value for one parameter
caused to reset the others.
- tpm2_getpolicydigest: Add new tool to enable TPM2_CC_PolicyGetDigest.
- Fix segfault where optind > argc.
- tools/tpm2_checkquote: fix missing initializer
- tpm2_convert: fix EVP_EncodeUpdate usage for OSSL < 1.1.0
- openssl: fix EVP_ENCODE_CTX_(new|free)
- test: Add support for swTPM simulator to the testing framework and make it
the default if mssim isn't available.
- tpm2_unseal:
- Added option **\--rphash**=_FILE_ to specify ile path to record the hash
of the response parameters. This is commonly termed as rpHash.
- tpm2_nvextend:
- Added option **\--rphash**=_FILE_ to specify ile path to record the hash
of the response parameters. This is commonly termed as rpHash.
- tpm2_nvdefine:
- Added option **\--rphash**=_FILE_ to specify ile path to record the hash
of the response parameters. This is commonly termed as rpHash.
- tpm2_changepps:
- Added option **\--cphash**=_FILE_ to specify ile path to record the hash
of the command parameters. This is commonly termed as cpHash.
- Added option **\--rphash**=_FILE_ to specify ile path to record the hash
- Added option **-S**, **\--session** to specify to specify an auxiliary
session for auditing and or encryption/decryption of the parameters.
- tpm2_changeeps:
- Added option **\--cphash**=_FILE_ to specify ile path to record the hash
of the command parameters. This is commonly termed as cpHash.
- Added option **\--rphash**=_FILE_ to specify ile path to record the hash
of the response parameters. This is commonly termed as rpHash.
- Added option **-S**, **\--session** to specify to specify an auxiliary
session for auditing and or encryption/decryption of the parameters.
- tpm2_changeauth:
- Added option **\--rphash**=_FILE_ to specify ile path to record the hash
of the response parameters. This is commonly termed as rpHash.
- Added option **-S**, **\--session** to specify to specify an auxiliary
session for auditing and or encryption/decryption of the parameters.
- tpm2_certifycreation:
- Added option **\--rphash**=_FILE_ to specify ile path to record the hash
of the response parameters. This is commonly termed as rpHash.
- Added option **-S**, **\--session** to specify to specify an auxiliary
session for auditing and or encryption/decryption of the parameters.
- tpm2_certify:
- Added option **\--rphash**=_FILE_ to specify ile path to record the hash
of the response parameters. This is commonly termed as rpHash.
- Added option **-S**, **\--session** to specify to specify an auxiliary
session for auditing and or encryption/decryption of the parameters.
- tpm2_activatecredential:
- Added option **\--rphash**=_FILE_ to specify ile path to record the hash
of the response parameters. This is commonly termed as rpHash.
- Added option **-S**, **\--session** to specify to specify an auxiliary
session for auditing and or encryption/decryption of the parameters.
- tpm2_create:
- Added option **\--rphash**=_FILE_ to specify ile path to record the hash
of the response parameters. This is commonly termed as rpHash.
- tpm2_unseal:
- Added option **-S**, **--session** to specify auxiliary sessions for
audit and encryption.
- tpm2_nvdefine:
- Added option **-S**, **--session** to specify auxiliary sessions for
audit and encryption.
- tpm2_nvextend:
- Added option **-S**, **--session** to specify auxilary sessions for
audit and encryption.
------------------------------------------------------------------
------------------ 2021-5-27 - May 27 2021 -------------------
------------------------------------------------------------------
++++ cockpit:
- new version 245
https://cockpit-project.org/blog/cockpit-245.html
++++ librsvg:
- Update to version 2.50.6:
+ Librsvg now requires at least Pango 1.44.
+ glgo#GNOME/librsvg#730: Incorrect text spacing when the
transform is not 1:1. You can see this when a small font-size
is scaled up due to a transform. It is less visible for a large
font-size scaled down.
+ glgo#GNOME/librsvg#704: Fix circle/ellipse in paths when they
are made out of a single Arc command.
++++ glibc:
- tst-cpu-features-amx.patch: x86: tst-cpu-features-supports.c: Update AMX
check
++++ issue-generator:
- Update to version 1.13
- SELinux: Do not call agetty --reload [bsc#1186178]
++++ kernel-default:
- Linux 5.12.7 (bsc#1012628).
- firmware: arm_scpi: Prevent the ternary sign expansion bug
(bsc#1012628).
- openrisc: Fix a memory leak (bsc#1012628).
- tee: amdtee: unload TA only when its refcount becomes 0
(bsc#1012628).
- habanalabs/gaudi: Fix a potential use after free in
gaudi_memset_device_memory (bsc#1012628).
- RDMA/siw: Properly check send and receive CQ pointers
(bsc#1012628).
- RDMA/siw: Release xarray entry (bsc#1012628).
- RDMA/core: Prevent divide-by-zero error triggered by the user
(bsc#1012628).
- platform/x86: ideapad-laptop: fix a NULL pointer dereference
(bsc#1012628).
- RDMA/rxe: Clear all QP fields if creation failed (bsc#1012628).
- scsi: ufs: core: Increase the usable queue depth (bsc#1012628).
- scsi: qedf: Add pointer checks in qedf_update_link_speed()
(bsc#1012628).
- scsi: qla2xxx: Fix error return code in
qla82xx_write_flash_dword() (bsc#1012628).
- RDMA/mlx5: Recover from fatal event in dual port mode
(bsc#1012628).
- RDMA/rxe: Split MEM into MR and MW (bsc#1012628).
- RDMA/rxe: Return CQE error if invalid lkey was supplied
(bsc#1012628).
- RDMA/core: Don't access cm_id after its destruction
(bsc#1012628).
- nvmet: fix memory leak in nvmet_alloc_ctrl() (bsc#1012628).
- nvme-loop: fix memory leak in nvme_loop_create_ctrl()
(bsc#1012628).
- nvme-tcp: rerun io_work if req_list is not empty (bsc#1012628).
- nvme-fc: clear q_live at beginning of association teardown
(bsc#1012628).
- platform/mellanox: mlxbf-tmfifo: Fix a memory barrier issue
(bsc#1012628).
- platform/x86: intel_int0002_vgpio: Only call enable_irq_wake()
when using s2idle (bsc#1012628).
- platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios
(bsc#1012628).
- RDMA/mlx5: Fix query DCT via DEVX (bsc#1012628).
- RDMA/uverbs: Fix a NULL vs IS_ERR() bug (bsc#1012628).
- tools/testing/selftests/exec: fix link error (bsc#1012628).
- drm/ttm: Do not add non-system domain BO into swap list
(bsc#1012628).
- powerpc/pseries: Fix hcall tracing recursion in pv queued
spinlocks (bsc#1012628).
- ptrace: make ptrace() fail if the tracee changed its pid
unexpectedly (bsc#1012628).
- nvmet: seset ns->file when open fails (bsc#1012628).
- perf/x86: Avoid touching LBR_TOS MSR for Arch LBR (bsc#1012628).
- locking/lockdep: Correct calling tracepoints (bsc#1012628).
- locking/mutex: clear MUTEX_FLAGS if wait_list is empty due to
signal (bsc#1012628).
- powerpc: Fix early setup to make early_ioremap() work
(bsc#1012628).
- btrfs: avoid RCU stalls while running delayed iputs
(bsc#1012628).
- btrfs: fix removed dentries still existing after log is synced
(bsc#1012628).
- cifs: fix memory leak in smb2_copychunk_range (bsc#1012628).
- fs/mount_setattr: tighten permission checks (bsc#1012628).
- misc: eeprom: at24: check suspend status before disable
regulator (bsc#1012628).
- ALSA: dice: fix stream format for TC Electronic Konnekt Live
at high sampling transfer frequency (bsc#1012628).
- ALSA: intel8x0: Don't update period unless prepared
(bsc#1012628).
- ALSA: firewire-lib: fix amdtp_packet tracepoints event for
packet_index field (bsc#1012628).
- ALSA: line6: Fix racy initialization of LINE6 MIDI
(bsc#1012628).
- ALSA: dice: fix stream format at middle sampling rate for
Alesis iO 26 (bsc#1012628).
- ALSA: firewire-lib: fix calculation for size of IR context
payload (bsc#1012628).
- ALSA: usb-audio: Validate MS endpoint descriptors (bsc#1012628).
- ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro
(bsc#1012628).
- ALSA: hda: fixup headset for ASUS GU502 laptop (bsc#1012628).
- Revert "ALSA: sb8: add a check for request_region"
(bsc#1012628).
- ALSA: firewire-lib: fix check for the size of isochronous
packet payload (bsc#1012628).
- ALSA: hda/realtek: reset eapd coeff to default value for alc287
(bsc#1012628).
- ALSA: hda/realtek: Add some CLOVE SSIDs of ALC293 (bsc#1012628).
- ALSA: hda/realtek: Fix silent headphone output on ASUS UX430UA
(bsc#1012628).
- ALSA: hda/realtek: Add fixup for HP OMEN laptop (bsc#1012628).
- ALSA: hda/realtek: Add fixup for HP Spectre x360 15-df0xxx
(bsc#1012628).
- ALSA: usb-audio: Configure Pioneer DJM-850 samplerate
(bsc#1012628).
- ALSA: usb-audio: DJM-750: ensure format is set (bsc#1012628).
- uio/uio_pci_generic: fix return value changed in refactoring
(bsc#1012628).
- uio_hv_generic: Fix a memory leak in error handling paths
(bsc#1012628).
- uio_hv_generic: Fix another memory leak in error handling paths
(bsc#1012628).
- platform/x86: ideapad-laptop: fix method name typo
(bsc#1012628).
- Revert "rapidio: fix a NULL pointer dereference when
create_workqueue() fails" (bsc#1012628).
- rapidio: handle create_workqueue() failure (bsc#1012628).
- Revert "serial: mvebu-uart: Fix to avoid a potential NULL
pointer dereference" (bsc#1012628).
- nvme-tcp: fix possible use-after-completion (bsc#1012628).
- x86/build: Fix location of '-plugin-opt=' flags (bsc#1012628).
- x86/sev-es: Move sev_es_put_ghcb() in prep for follow on patch
(bsc#1012628).
- x86/sev-es: Invalidate the GHCB after completing VMGEXIT
(bsc#1012628).
- x86/sev-es: Don't return NULL from sev_es_get_ghcb()
(bsc#1012628).
- x86/sev-es: Use __put_user()/__get_user() for data accesses
(bsc#1012628).
- x86/sev-es: Forward page-faults which happen during emulation
(bsc#1012628).
- drm/amd/display: Use the correct max downscaling value for
DCN3.x family (bsc#1012628).
- drm/amdgpu: Fix GPU TLB update error when PAGE_SIZE >
AMDGPU_PAGE_SIZE (bsc#1012628).
- drm/amdgpu: disable 3DCGCG on picasso/raven1 to avoid compute
hang (bsc#1012628).
- drm/amdgpu: update gc golden setting for Navi12 (bsc#1012628).
- drm/amdgpu: update sdma golden setting for Navi12 (bsc#1012628).
- dma-buf: fix unintended pin/unpin warnings (bsc#1012628).
- powerpc/64s/syscall: Use pt_regs.trap to distinguish syscall
ABI difference between sc and scv syscalls (bsc#1012628).
- powerpc/64s/syscall: Fix ptrace syscall info with scv syscalls
(bsc#1012628).
- mmc: sdhci-pci-gli: increase 1.8V regulator wait (bsc#1012628).
- mmc: meson-gx: make replace WARN_ONCE with dev_warn_once about
scatterlist offset alignment (bsc#1012628).
- mmc: meson-gx: also check SD_IO_RW_EXTENDED for scatterlist
size alignment (bsc#1012628).
- gpio: tegra186: Don't set parent IRQ affinity (bsc#1012628).
- xen-pciback: redo VF placement in the virtual topology
(bsc#1012628).
- xen-pciback: reconfigure also from backend watch handler
(bsc#1012628).
- userfaultfd: hugetlbfs: fix new flag usage in error path
(bsc#1012628).
- Revert "mm/gup: check page posion status for
coredump." (bsc#1012628).
- dm snapshot: fix crash with transient storage and zero chunk
size (bsc#1012628).
- kcsan: Fix debugfs initcall return type (bsc#1012628).
- Revert "video: hgafb: fix potential NULL pointer dereference"
(bsc#1012628).
- Revert "net: stmicro: fix a missing check of clk_prepare"
(bsc#1012628).
- Revert "leds: lp5523: fix a missing check of return value of
lp55xx_read" (bsc#1012628).
- Revert "hwmon: (lm80) fix a missing check of bus read in lm80
probe" (bsc#1012628).
- Revert "video: imsttfb: fix potential NULL pointer dereferences"
(bsc#1012628).
- Revert "ecryptfs: replace BUG_ON with error handling code"
(bsc#1012628).
- Revert "scsi: ufs: fix a missing check of
devm_reset_control_get" (bsc#1012628).
- Revert "gdrom: fix a memory leak bug" (bsc#1012628).
- cdrom: gdrom: deallocate struct gdrom_unit fields in
remove_gdrom (bsc#1012628).
- cdrom: gdrom: initialize global variable at init time
(bsc#1012628).
- Revert "media: rcar_drif: fix a memory disclosure"
(bsc#1012628).
- Revert "rtlwifi: fix a potential NULL pointer dereference"
(bsc#1012628).
- Revert "qlcnic: Avoid potential NULL pointer dereference"
(bsc#1012628).
- Revert "niu: fix missing checks of niu_pci_eeprom_read"
(bsc#1012628).
- ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read()
(bsc#1012628).
- net: stmicro: handle clk_prepare() failure during init
(bsc#1012628).
- scsi: ufs: handle cleanup correctly on devm_reset_control_get
error (bsc#1012628).
- net: rtlwifi: properly check for alloc_workqueue() failure
(bsc#1012628).
- ics932s401: fix broken handling of errors when word reading
fails (bsc#1012628).
- leds: lp5523: check return value of lp5xx_read and jump to
cleanup code (bsc#1012628).
- qlcnic: Add null check after calling netdev_alloc_skb
(bsc#1012628).
- video: hgafb: fix potential NULL pointer dereference
(bsc#1012628).
- vgacon: Record video mode changes with VT_RESIZEX (bsc#1012628).
- vt_ioctl: Revert VT_RESIZEX parameter handling removal
(bsc#1012628).
- vt: Fix character height handling with VT_RESIZEX (bsc#1012628).
- tty: vt: always invoke vc->vc_sw->con_resize callback
(bsc#1012628).
- drm/i915/gt: Disable HiZ Raw Stall Optimization on broken gen7
(bsc#1012628).
- openrisc: mm/init.c: remove unused memblock_region variable
in map_ram() (bsc#1012628).
- x86/Xen: swap NX determination and GDT setup on BSP
(bsc#1012628).
- nvme-multipath: fix double initialization of ANA state
(bsc#1012628).
- rtc: pcf85063: fallback to parent of_node (bsc#1012628).
- x86/boot/compressed/64: Check SEV encryption in the 32-bit
boot-path (bsc#1012628).
- nvmet: use new ana_log_size instead the old one (bsc#1012628).
- video: hgafb: correctly handle card detect failure during probe
(bsc#1012628).
- Bluetooth: SMP: Fail if remote and local public keys are
identical (bsc#1012628).
- commit 06f922b
- Refresh
patches.suse/ACPI-PM-s2idle-Add-missing-LPS0-functions-for-AMD.patch.
- Refresh
patches.suse/ath10k-Fix-TKIP-Michael-MIC-verification-for-PCIe.patch.
- Refresh
patches.suse/ath10k-Validate-first-subframe-of-A-MSDU-before-proc.patch.
- Refresh
patches.suse/ath10k-add-CCMP-PN-replay-protection-for-fragmented-.patch.
- Refresh
patches.suse/ath10k-drop-MPDU-which-has-discard-flag-set-by-firmw.patch.
- Refresh
patches.suse/ath10k-drop-fragments-with-multicast-DA-for-PCIe.patch.
- Refresh
patches.suse/ath10k-drop-fragments-with-multicast-DA-for-SDIO.patch.
- Refresh
patches.suse/ath11k-Clear-the-fragment-cache-during-key-install.patch.
- Refresh
patches.suse/can-isotp-prevent-race-between-isotp_bind-and-isotp_.patch.
- Refresh
patches.suse/cfg80211-mitigate-A-MSDU-aggregation-attacks.patch.
- Refresh
patches.suse/clk-bcm-rpi-release-firmware-handle-on-unbind.patch.
- Refresh
patches.suse/drm-i915-gem-Pin-the-L-shape-quirked-object-as-unshrinkable.patch.
- Refresh
patches.suse/drm-radeon-use-the-dummy-page-for-GART-if-needed.patch.
- Refresh
patches.suse/dt-bindings-pwm-add-binding-for-rpi-firmware-pwm-bus.patch.
- Refresh
patches.suse/firmware-raspberrypi-introduce-devm_rpi_firmware_get.patch.
- Refresh
patches.suse/firmware-raspberrypi-keep-count-of-all-consumers.patch.
- Refresh
patches.suse/gpio-raspberrypi-exp-release-firmware-handle-on-unbind.patch.
- Refresh
patches.suse/mac80211-add-fragment-cache-to-sta_info.patch.
- Refresh
patches.suse/mac80211-assure-all-fragments-are-encrypted.patch.
- Refresh
patches.suse/mac80211-check-defrag-PN-against-current-frame.patch.
- Refresh patches.suse/mac80211-drop-A-MSDUs-on-old-ciphers.patch.
- Refresh
patches.suse/mac80211-extend-protection-against-mixed-key-and-fra.patch.
- Refresh
patches.suse/mac80211-prevent-attacks-on-TKIP-WEP-as-well.patch.
- Refresh
patches.suse/mac80211-prevent-mixed-key-and-fragment-cache-attack.patch.
- Refresh
patches.suse/mac80211-properly-handle-A-MSDUs-that-start-with-an-.patch.
- Refresh
patches.suse/proc-Avoid-mixing-integer-types-in-mem_rw.patch.
- Refresh
patches.suse/pwm-add-raspberry-pi-firmware-based-pwm-bus.patch.
- Refresh
patches.suse/reset-raspberrypi-release-firmware-handle-on-unbind.patch.
- Refresh
patches.suse/soc-bcm-raspberrypi-power-release-firmware-handle-on-unbind.patch.
- Refresh
patches.suse/vchiq-release-firmware-handle-on-unbind.patch.
- Refresh
patches.suse/ipc-mqueue-msg-sem-Avoid-relying-on-a-stack-reference.patch.
Update upstream status.
- commit 9d851b0
++++ kmod:
- Update to release 29
* Fix `modinfo -F` not working for built-in modules and
certain fields.
* Fix a memory leak, overflow and double free on error path.
- Drop 0001-Fix-modinfo-F-always-shows-name-for-built-ins.patch,
0001-libkmod-config-revamp-kcmdline-parsing-into-a-state-.patch,
0002-libkmod-config-re-quote-option-from-kernel-cmdline.patch
(all merged)
++++ mozilla-nss:
- update to NSS 3.64
* bmo#1705286 - Properly detect mips64.
* bmo#1687164 - Introduce NSS_DISABLE_CRYPTO_VSX and
disable_crypto_vsx.
* bmo#1698320 - replace __builtin_cpu_supports("vsx") with
ppc_crypto_support() for clang.
* bmo#1613235 - Add POWER ChaCha20 stream cipher vector
acceleration.
++++ pcre2:
- pcre2 10.37:
* removal of the actual POSIX names regcomp etc. from the POSIX
wrapper library because these have caused issues for some
applications, replacing pcre2-symbol-clash.patch
* fix a hypothetical NULL dereference
* fix two bugs related to over-large numbers so the behaviour is
now the same as Perl
* Fix propagation of \K back from the full pattern recursion
* Restore single character repetition optimization in JIT
++++ polkit:
- CVE-2021-3560: fixed a local privilege escalation using polkit_system_bus_name_get_creds_sync()
(bsc#1186497)
CVE-2021-3560.patch
++++ logrotate:
- update to 3.18.1:
* fix memory leaks on error-handling paths
* make `renamecopy` and `copytruncate` override each other
* improve error handling in the parser of configuration files
* improve user experience for non-privileged users of logrotate
++++ mozilla-nspr:
- update to version 4.31:
* Lock access to PRCallOnceType members in PR_CallOnce* for
thread safety bmo#1686138
++++ suse-module-tools:
- Update to version 16.0.1:
* fix ppc64/ppc64le build
- Update to version 16.0.0
- modprobe.conf cleanup (bsc#1161343)
* Unify ppc64 and ppc64le
* Delete files for obsolete architectures
* Remove obsolete SUSE_INITRD statements (bsc#1161343)
* Add dependency on dracut 049.1 (bsc#1142152, ltc#176292, FATE#327775)
- Replace mkinitrd with dracut everywhere
- Remove obsolete "weak-modules" script
++++ systemd-presets-common-SUSE:
- When installing the systemd-presets-common-SUSE package for the
first time in a new system, it might happen that some services
are installed before systemd so the %systemd_pre/post macros
would not work. This is handled by enabling all preset services
in this package's %posttrans section but it wasn't enabling
user services, just system services. Now it enables also the
user services installed before this package, thus fixing
boo#1186561
------------------------------------------------------------------
------------------ 2021-5-26 - May 26 2021 -------------------
------------------------------------------------------------------
++++ curl:
- Update to 7.77.0: [bsc#1186114, CVE-2021-22898]
[bsc#1186115, bsc#1185579, CVE-2021-22901]
* Security fixes:
- CVE-2021-22297: schannel cipher selection surprise
- CVE-2021-22298: TELNET stack contents disclosure
- CVE-2021-22901: TLS session caching disaster
* Changes:
- configure: make the TLS library choice(s) explicit
- curl: ignore options asking for SSLv2 or SSLv3
- hsts: enable by default
- SSL: support in-memory CA certs for some backends
- vtls: refuse setting any SSL version
* Bugfixes:
- configure: provide --with-openssl, deprecate --with-ssl
- cookie: CURLOPT_COOKIEFILE set to NULL switches off cookies
- curl: include libmetalink version in --version output
- data_pending: check only SECONDARY socket for FTP(S) transfers
- gnutls: don't allow TLS 1.3 for versions that don't support it
- gnutls: make setting only the MAX TLS allowed version work
- http2: fix resource leaks in set_transfer_url() and push_promise()
- http: limit the initial send amount to used upload buffer size
- rustls: only return CURLE_AGAIN when TLS session is fully drained
- rustls: use ALPN
- schannel: Disable auto credentials; add an option to enable it
- schannel: Support strong crypto option
- sectransp: allow cipher name to be specified
- sockfilt: avoid getting stuck waiting for writable socket
++++ glibc:
- rawmemchr-warning.patch: string: Work around GCC PR 98512 in rawmemchr
++++ gnutls:
- Rework the crypto-policies dependencies in libraries [bsc#1186385]
++++ kernel-firmware:
- Update to version 20210518 (git commit f8462923ed8f):
* nvidia: fix symlinks for tu104/tu106 acr unload firmware
* rtw88: 8822c: Update normal firmware to v9.9.10
* iwlwifi: update 8000 family firmwares
* iwlwifi: update 9000-family firmwares to core60-51
* iwlwifi: add new FWs from core60-51 release
* nvidia: Update Tegra194 XUSB firmware to v60.09
* nvidia: Update Tegra186 XUSB firmware to v55.18
* nvidia: Update Tegra210 XUSB firmware to v50.26
* linux-firmware: update firmware for mhdp8546
- Update module aliases
++++ augeas:
- Allow all printable ASCII characters in WPA-PSK definition
* augeas-allow_printable_ASCII.patch
* bsc#1185524
* Sourced from https://github.com/hercules-team/augeas/pull/723/commits
* Credit to Michal Filka <mfilka@suse.com>
++++ libvirt-dbus:
- Add libvirtdbus user to libvirt group
boo#1182538
++++ python-idna:
- %check: use %pyunittest rpm macro
------------------------------------------------------------------
------------------ 2021-5-25 - May 25 2021 -------------------
------------------------------------------------------------------
++++ apparmor:
- Remove python symbols (python means currently python2), work
only with python3 ones (fallout from bsc#1185588).
++++ lvm2-device-mapper:
- Link test as position independent executable (bsc#1184124).
+ bug-1184124-link-tests-as-PIE.patch
++++ libapparmor:
- Remove python symbols (python means currently python2), work
only with python3 ones (fallout from bsc#1185588).
++++ util-linux:
- login.pamd: use pam_motd to unify motd handling [bsc#1185897].
Else motd snippets of e.g. cockpit will not be shown.
++++ lvm2:
- Link test as position independent executable (bsc#1184124).
+ bug-1184124-link-tests-as-PIE.patch
++++ libnftnl:
- Update to release 1.2.0
* table: add table owner support
* expr: socket: add cgroups v2 support
++++ systemd:
- Allow the sysusers config files shipped by systemd rpms to be
overriden during system installation (bsc#1171962)
- While at it, add a comment to explain why we don't use
%sysusers_create in %pre and why it should be safe in %post.
++++ util-linux-systemd:
- login.pamd: use pam_motd to unify motd handling [bsc#1185897].
Else motd snippets of e.g. cockpit will not be shown.
------------------------------------------------------------------
------------------ 2021-5-24 - May 24 2021 -------------------
------------------------------------------------------------------
++++ elfutils:
- Update to version 0.185:
debuginfod-client: Simplify curl handle reuse so downloads which
return an error are retried.
elfcompress: Always exit with code 0 when the operation succeeds (even
when nothing was done). On error the exit code is now always 1.
++++ expat:
- Update to 2.4.1:
* Bug fixes:
- Autotools: Fix installed header expat_config.h for multilib
systems; regression introduced in 2.4.0 by pull request #486
* Other changes:
- Version info bumped from 9:0:8 to 9:1:8; see
https://verbump.de/ for what these numbers do
- Update to 2.4.0: [CVE-2013-0340 "Billion Laughs"]
* Security fixes:
- CVE-2013-0340/CWE-776 -- Protect against billion laughs attacks
(denial-of-service; flavors targeting CPU time or RAM or both,
leveraging general entities or parameter entities or both)
by tracking and limiting the input amplification factor
(<amplification> := (<direct> + <indirect>) / <direct>).
By conservative default, amplification up to a factor of 100.0
is tolerated and rejection only starts after 8 MiB of output bytes
(=<direct> + <indirect>) have been processed.
The fix adds the following to the API:
- A new error code XML_ERROR_AMPLIFICATION_LIMIT_BREACH to
signals this specific condition.
- Two new API functions ..
- XML_SetBillionLaughsAttackProtectionMaximumAmplification and
- XML_SetBillionLaughsAttackProtectionActivationThreshold
.. to further tighten billion laughs protection parameters
when desired. Please see file "doc/reference.html" for details.
If you ever need to increase the defaults for non-attack XML
payload, please file a bug report with libexpat.
- Two new XML_FEATURE_* constants ..
- that can be queried using the XML_GetFeatureList function, and
- that are shown in "xmlwf -v" output.
- Two new environment variable switches ..
- EXPAT_ACCOUNTING_DEBUG=(0|1|2|3) and
- EXPAT_ENTITY_DEBUG=(0|1)
.. for runtime debugging of accounting and entity processing.
Specific behavior of these values may change in the future.
- Two new command line arguments "-a FACTOR" and "-b BYTES"
for xmlwf to further tighten billion laughs protection
parameters when desired.
If you ever need to increase the defaults for non-attack XML
payload, please file a bug report with libexpat.
* Bug fixes:
- For (non-default) compilation with -DEXPAT_MIN_SIZE=ON (CMake)
or CPPFLAGS=-DXML_MIN_SIZE (GNU Autotools): Fix segfault
for UTF-16 payloads containing CDATA sections.
- Autotools: Fix generated CMake files for non-64bit and
non-Linux platforms (e.g. macOS and MinGW in particular)
that were introduced with release 2.3.0
* Other changes:
- xmlwf: Improve help output and the xmlwf man page
- xmlwf: Improve maintainability through some refactoring
- xmlwf: Fix man page DocBook validity
- CMake: Support absolute paths for both CMAKE_INSTALL_LIBDIR
and CMAKE_INSTALL_INCLUDEDIR
- CMake: Add support for standard variable BUILD_SHARED_LIBS
- Unexpose symbol _INTERNAL_trim_to_complete_utf8_characters
- Resolve macro HAVE_EXPAT_CONFIG_H
- Delete unused legacy helper file "conftools/PrintPath"
- doc/reference.html: Fix XHTML validity
- doc/reference.html: Replace the 90s look by OK.css
- Version info bumped from 8:0:7 to 9:0:8 due to addition of
new symbols and error codes; see https://verbump.de/ for
what these numbers do
++++ nfs-utils:
- Update to version 2.5.4-rc4 to get all recent fixes:
- nfs-utils-2-5-4-rc4.patch
e4ce810a Move declaration of etab and rmtab into libraries
7a4e2d1d Remove 'force' arg from cache_flush()
c5528f40 Fix NFSv4 export of tmpfs filesystems
ed83085f gssd: use mutex to protect decrement of refcount
- nfs-utils-2-5-4-rc3.patch
972dba0f nfs-utils: Enable the retrieval of raw config settings without expansion
964f4861 nfs-utils: Factor out common structure cleanup calls
8219bdb0 Replace all /var/run with /run
81727afe Fix `statx()` emulation breaking exports
a41afe9e mountd/exports: Fix typo in the man page
- nfs-utils-2-5-4-rc2.patch
2f669b6f NFS server should enable RDMA by default
d77ece22 mountd/exportd: only log confirmed clients, and poll for updates
ac266e2e exportfs: fix unexporting of '/'
- nfs-utils-2-5-4-rc1.patch
7abd15e3 nfsdclnts: Ignore SIGPIPE signal
edeb3815 mountd: add logging of NFSv4 clients attaching and detaching.
f8e2c8d4 mountd: make default ttl settable by option
cc150093 mountd: add --cache-use-ipaddr option to force use_ipaddr
c7a954ae mountd: add logging for authentication results for accesses.
1a8156f8 mountd/exports: update man page
fec7347e mountd: Don't proactively add export info when fh info is requested.
a72c151f mountd: reject unknown client IP when !use_ipaddr.
05bacfed gssd: Add options to rpc.gssd to allow for the use of $HOME/.k5identity files
7e559dbd exportd: server-side gid management
- 0001-Replace-all-var-run-with-run.patch is now part of nfs-utils-2-5-4-rc3.patch
++++ qemu:
- Fix CVE-2021-3527 in usb/redir:
usb-redir-avoid-dynamic-stack-allocation.patch
- Fix issues found upstream:
hw-block-nvme-consider-metadata-read-aio.patch
sockets-update-SOCKET_ADDRESS_TYPE_FD-li.patch
vfio-ccw-Permit-missing-IRQs.patch
vhost-user-blk-Check-that-num-queues-is-.patch
vhost-user-blk-Don-t-reconnect-during-in.patch
vhost-user-blk-Fail-gracefully-on-too-la.patch
vhost-user-blk-Get-more-feature-flags-fr.patch
vhost-user-blk-Make-sure-to-set-Error-on.patch
virtio-blk-Fix-rollback-path-in-virtio_b.patch
virtio-Fail-if-iommu_platform-is-request.patch
virtiofsd-Fix-side-effect-in-assert.patch
monitor-qmp-fix-race-on-CHR_EVENT_CLOSED.patch
------------------------------------------------------------------
------------------ 2021-5-23 - May 23 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Update to 5.13-rc3
- eliminated 3 patches
patches.rpmify/kbuild-dummy-tools-adjust-to-stricter-stackprotector.patch
patches.suse/ipc-mqueue-msg-sem-Avoid-relying-on-a-stack-reference.patch
- commit 2d296e7
------------------------------------------------------------------
------------------ 2021-5-22 - May 22 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Linux 5.12.6 (bsc#1012628).
- x86/msr: Fix wr/rdmsr_safe_regs_on_cpu() prototypes
(bsc#1012628).
- drm/i915/display: fix compiler warning about array overrun
(bsc#1012628).
- airo: work around stack usage warning (bsc#1012628).
- kgdb: fix gcc-11 warning on indentation (bsc#1012628).
- usb: sl811-hcd: improve misleading indentation (bsc#1012628).
- PCI: thunder: Fix compile testing (bsc#1012628).
- dmaengine: dw-edma: Fix crash on loading/unloading driver
(bsc#1012628).
- ARM: 9066/1: ftrace: pause/unpause function graph tracer in
cpu_suspend() (bsc#1012628).
- NFS: Fix fscache invalidation in nfs_set_cache_invalid()
(bsc#1012628).
- ACPI / hotplug / PCI: Fix reference count leak in enable_slot()
(bsc#1012628).
- PCI: tegra: Fix runtime PM imbalance in
pex_ep_event_pex_rst_deassert() (bsc#1012628).
- Input: elants_i2c - do not bind to i2c-hid compatible ACPI
instantiated devices (bsc#1012628).
- Input: silead - add workaround for x86 BIOS-es which bring
the chip up in a stuck state (bsc#1012628).
- NFS: NFS_INO_REVAL_PAGECACHE should mark the change attribute
invalid (bsc#1012628).
- f2fs: fix to avoid NULL pointer dereference (bsc#1012628).
- svcrdma: Don't leak send_ctxt on Send errors (bsc#1012628).
- um: Mark all kernel symbols as local (bsc#1012628).
- um: Disable CONFIG_GCOV with MODULES (bsc#1012628).
- ARM: 9075/1: kernel: Fix interrupted SMC calls (bsc#1012628).
- platform/chrome: cros_ec_typec: Add DP mode check (bsc#1012628).
- riscv: Use $(LD) instead of $(CC) to link vDSO (bsc#1012628).
- scripts/recordmcount.pl: Fix RISC-V regex for clang
(bsc#1012628).
- riscv: Workaround mcount name prior to clang-13 (bsc#1012628).
- scsi: lpfc: Fix illegal memory access on Abort IOCBs
(bsc#1012628).
- ceph: fix fscache invalidation (bsc#1012628).
- ceph: don't clobber i_snap_caps on non-I_NEW inode
(bsc#1012628).
- ceph: don't allow access to MDS-private inodes (bsc#1012628).
- scsi: target: tcmu: Return from tcmu_handle_completions()
if cmd_id not found (bsc#1012628).
- amdgpu/pm: Prevent force of DCEFCLK on NAVI10 and SIENNA_CICHLID
(bsc#1012628).
- bridge: Fix possible races between assigning rx_handler_data
and setting IFF_BRIDGE_PORT bit (bsc#1012628).
- net: hsr: check skb can contain struct hsr_ethhdr in
fill_frame_info (bsc#1012628).
- nvmet: remove unsupported command noise (bsc#1012628).
- drm/amd/display: Fix two cursor duplication when using overlay
(bsc#1012628).
- gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue
10 Pro 5055 (bsc#1012628).
- net:CXGB4: fix leak if sk_buff is not used (bsc#1012628).
- ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP
(bsc#1012628).
- block: reexpand iov_iter after read/write (bsc#1012628).
- lib: stackdepot: turn depot_lock spinlock to raw_spinlock
(bsc#1012628).
- net: stmmac: Do not enable RX FIFO overflow interrupts
(bsc#1012628).
- ip6_gre: proper dev_{hold|put} in ndo_[un]init methods
(bsc#1012628).
- sit: proper dev_{hold|put} in ndo_[un]init methods
(bsc#1012628).
- ip6_tunnel: sit: proper dev_{hold|put} in ndo_[un]init methods
(bsc#1012628).
- bus: mhi: core: Download AMSS image from appropriate function
(bsc#1012628).
- commit fe25271
++++ lua54:
- Fix doc location (boo#1186233)
------------------------------------------------------------------
------------------ 2021-5-21 - May 21 2021 -------------------
------------------------------------------------------------------
++++ apparmor:
- add abstractions-php8.diff to support PHP8 in abstractions/php (boo#1186267)
++++ libapparmor:
- add abstractions-php8.diff to support PHP8 in abstractions/php (boo#1186267)
++++ libepoxy:
- Update to version 1.5.8:
+ Revert changes from PR #238 / #229
+ Fixes regressions: #240, #252, #253
++++ python310-core:
- Stop providing "python" symbol (bsc#1185588), which means
python2 currently.
++++ libsigc++2:
- Update to version 2.10.7:
+ Meson build:
- Make it possible to use sigc++ as a subproject.
- Fix dependency on files generated from .h.m4 files.
- No implicit_include_directories.
- Make quiet installations possible.
- Fix build as subproject without building documentation.
+ Documentation fixes.
++++ zchunk:
- Update to version 1.1.14
* Final fixes for zstd 1.5 support
++++ openSUSE-build-key:
- Refresh the SLE15 build@suse.de key
* Updated gpg-pubkey-39db7c82-5847eb1f.asc
++++ salt:
- Detect Python version to use inside container (bsc#1167586) (bsc#1164192)
- Handle volumes on stopped pools in virt.vm_info (bsc#1186287)
- Drop support for Python2. Obsoletes "python2-salt" package
- Added:
* handle-volumes-on-stopped-pools-in-virt.vm_info-373.patch
* figure-out-python-interpreter-to-use-inside-containe.patch
++++ python310:
- Stop providing "python" symbol (bsc#1185588), which means
python2 currently.
------------------------------------------------------------------
------------------ 2021-5-20 - May 20 2021 -------------------
------------------------------------------------------------------
++++ Mesa:
- update to 21.1.1
* bugfix release
* mostly AMD and Intel changes as usual, but also a decent amount
of ARM fixes and more
++++ Mesa-drivers:
- update to 21.1.1
* bugfix release
* mostly AMD and Intel changes as usual, but also a decent amount
of ARM fixes and more
++++ branding-openSUSE:
- Enable grub2-branding on riscv64
++++ schily:
- Update to release 2021.05.19
* Bourne Shell: The "ERR" trap is now also triggered in case that
the error is of type "command not found" or "cannot execute".
* Bourne Shell: the fc(1) builtin now handles "fc -l -0" the same
way as ksh does and refers to the current command. Before, only
"fc -l -1" did work to select the previous command.
++++ systemd:
- udev requires systemd in its %post (bsc#1185958)
udevadm, called in udev's %post, requires libsystemd-shared-248.so.
- Restore all "License:" tags
udev uses a different license (GPL-2.0-only) than the main package
and "osc service localrun format_spec_file" has the good taste to
restore the license tags for all other subpackages if one of the
subpackage tag differs.
- Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807)
++++ psmisc:
- Do not change CAP within spec file (boo#1186258)
++++ python-charset-normalizer:
- version update to 1.3.9
* Bugfix: bug In some very rare cases, you may end up getting encode/decode errors due to a bad bytes payload #40
* Bugfix: bug Empty given payload for detection may cause an exception if trying to access the alphabets property. #39
* Bugfix: bug The legacy detect function should return UTF-8-SIG if sig is present in the payload. #38
++++ swtpm:
- swtpm_cert: rename deprecated libtasn1 types.
* https://github.com/stefanberger/swtpm/pull/443
* Add swtpm-rename_deprecated_libtasn1_types.patch
++++ systemd-rpm-macros:
- Bump to version 12
- Introduce %sysusers_create_package
%sysusers_create and %sysusers_create_inline are now deprecated and
the new macro should be used instead.
Upstream commit 07a7d4a0040d221ff09e527e91c112b4ffab1dba.
- Introduce %tmpfiles_create_package
%%tmpfiles_create is now deprecreated and the new macros should be
used instead.
Upstream commit 0f78fee8d039000b987848a558fbaa15d916e14e.
- %sysusers_create_inline: use here-docs instead of echo (bsc#1186282)
Upstream commit dd2490ae12ad1e1795ecbf8f8944b950da9c8d06.
------------------------------------------------------------------
------------------ 2021-5-19 - May 19 2021 -------------------
------------------------------------------------------------------
++++ Mesa:
- Add swrast to vulkan
- Enable vulkan on %{arm} and aarch64 with: swrast, amd,
broadcom and freedreno
++++ Mesa-drivers:
- Add swrast to vulkan
- Enable vulkan on %{arm} and aarch64 with: swrast, amd,
broadcom and freedreno
++++ kernel-default:
- Refresh
patches.suse/crypto-ccp-Annotate-SEV-Firmware-file-names.patch.
Update upstream status.
- commit 37a9337
- ipv6: remove extra dev_hold() for fallback tunnels (git-fixes).
- x86/events/amd/iommu: Fix invalid Perf result due to IOMMU
PMC power-gating (git-fixes).
- commit 5eb2110
- Linux 5.12.5 (bsc#1012628).
- KEYS: trusted: Fix memory leak on object td (bsc#1012628).
- tpm: fix error return code in tpm2_get_cc_attrs_tbl()
(bsc#1012628).
- tpm, tpm_tis: Extend locality handling to TPM2 in
tpm_tis_gen_interrupt() (bsc#1012628).
- tpm, tpm_tis: Reserve locality in tpm_tis_resume()
(bsc#1012628).
- btrfs: fix unmountable seed device after fstrim (bsc#1012628).
- KVM: SVM: Make sure GHCB is mapped before updating
(bsc#1012628).
- KVM/VMX: Invoke NMI non-IST entry instead of IST entry
(bsc#1012628).
- ACPI: PM: Add ACPI ID of Alder Lake Fan (bsc#1012628).
- PM: runtime: Fix unpaired parent child_count for force_resume
(bsc#1012628).
- cpufreq: intel_pstate: Use HWP if enabled by platform firmware
(bsc#1012628).
- kvm: Cap halt polling at kvm->max_halt_poll_ns (bsc#1012628).
- ath11k: fix thermal temperature read (bsc#1012628).
- ALSA: usb-audio: Add Pioneer DJM-850 to quirks-table
(bsc#1012628).
- fs: dlm: fix debugfs dump (bsc#1012628).
- fs: dlm: fix mark setting deadlock (bsc#1012628).
- fs: dlm: add errno handling to check callback (bsc#1012628).
- fs: dlm: add check if dlm is currently running (bsc#1012628).
- fs: dlm: change allocation limits (bsc#1012628).
- fs: dlm: check on minimum msglen size (bsc#1012628).
- fs: dlm: flush swork on shutdown (bsc#1012628).
- fs: dlm: add shutdown hook (bsc#1012628).
- tipc: convert dest node's address to network order
(bsc#1012628).
- ASoC: Intel: bytcr_rt5640: Enable jack-detect support on Asus
T100TAF (bsc#1012628).
- net/mlx5e: Use net_prefetchw instead of prefetchw in MPWQE TX
datapath (bsc#1012628).
- net: stmmac: Set FIFO sizes for ipq806x (bsc#1012628).
- ASoC: rsnd: core: Check convert rate in rsnd_hw_params
(bsc#1012628).
- Bluetooth: Fix incorrect status handling in LE PHY UPDATE event
(bsc#1012628).
- i2c: bail out early when RDWR parameters are wrong
(bsc#1012628).
- ALSA: hdsp: don't disable if not enabled (bsc#1012628).
- ALSA: hdspm: don't disable if not enabled (bsc#1012628).
- ALSA: rme9652: don't disable if not enabled (bsc#1012628).
- ALSA: bebob: enable to deliver MIDI messages for multiple ports
(bsc#1012628).
- Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default
(bsc#1012628).
- Bluetooth: initialize skb_queue_head at l2cap_chan_create()
(bsc#1012628).
- net/sched: cls_flower: use ntohs for struct
flow_dissector_key_ports (bsc#1012628).
- net: bridge: when suppression is enabled exclude RARP packets
(bsc#1012628).
- Bluetooth: check for zapped sk before connecting (bsc#1012628).
- selftests/powerpc: Fix L1D flushing tests for Power10
(bsc#1012628).
- ALSA: hda/hdmi: fix max DP-MST dev_num for Intel TGL+ platforms
(bsc#1012628).
- powerpc/32: Statically initialise first emergency context
(bsc#1012628).
- net: hns3: remediate a potential overflow risk of bd_num_list
(bsc#1012628).
- net: hns3: add handling for xmit skb with recursive fraglist
(bsc#1012628).
- ip6_vti: proper dev_{hold|put} in ndo_[un]init methods
(bsc#1012628).
- can: dev: can_free_echo_skb(): don't crash the kernel if
can_priv::echo_skb is accessed out of bounds (bsc#1012628).
- iommu/arm-smmu-v3: Add a check to avoid invalid iotlb sync
(bsc#1012628).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Chuwi Hi8 tablet
(bsc#1012628).
- ice: handle increasing Tx or Rx ring sizes (bsc#1012628).
- Bluetooth: btusb: Enable quirk boolean flag for Mediatek Chip
(bsc#1012628).
- ASoC: rt5670: Add a quirk for the Dell Venue 10 Pro 5055
(bsc#1012628).
- selftests: mptcp: launch mptcp_connect with timeout
(bsc#1012628).
- i2c: Add I2C_AQ_NO_REP_START adapter quirk (bsc#1012628).
- Bluetooth: Do not set cur_adv_instance in adv param MGMT request
(bsc#1012628).
- MIPS: Loongson64: Use _CACHE_UNCACHED instead of
_CACHE_UNCACHED_ACCELERATED (bsc#1012628).
- coresight: Do not scan for graph if none is present
(bsc#1012628).
- IB/hfi1: Correct oversized ring allocation (bsc#1012628).
- mac80211: Set priority and queue mapping for injected frames
(bsc#1012628).
- mac80211: clear the beacon's CRC after channel switch
(bsc#1012628).
- ASoC: soc-compress: lock pcm_mutex to resolve lockdep error
(bsc#1012628).
- net: phy: make PHY PM ops a no-op if MAC driver manages PHY PM
(bsc#1012628).
- net: fec: use mac-managed PHY PM (bsc#1012628).
- pinctrl: samsung: use 'int' for register masks in Exynos
(bsc#1012628).
- rtw88: 8822c: add LC calibration for RTL8822C (bsc#1012628).
- mt76: mt7615: fix key set/delete issues (bsc#1012628).
- mt76: mt7615: support loading EEPROM for MT7613BE (bsc#1012628).
- mt76: mt76x0: disable GTK offloading (bsc#1012628).
- mt76: connac: always check return value from
mt76_connac_mcu_alloc_wtbl_req (bsc#1012628).
- mt76: mt7915: always check return value from
mt7915_mcu_alloc_wtbl_req (bsc#1012628).
- mt76: mt7915: fix key set/delete issue (bsc#1012628).
- mt76: mt7915: fix txpower init for TSSI off chips (bsc#1012628).
- mt76: mt7921: fix key set/delete issue (bsc#1012628).
- mt76: mt7915: add wifi subsystem reset (bsc#1012628).
- i2c: imx: Fix PM reference leak in i2c_imx_reg_slave()
(bsc#1012628).
- fuse: invalidate attrs when page writeback completes
(bsc#1012628).
- virtiofs: fix userns (bsc#1012628).
- cuse: prevent clone (bsc#1012628).
- iwlwifi: pcie: make cfg vs. trans_cfg more robust (bsc#1012628).
- iwlwifi: queue: avoid memory leak in reset flow (bsc#1012628).
- iwlwifi: trans/pcie: defer transport initialisation
(bsc#1012628).
- powerpc/mm: Add cond_resched() while removing hpte mappings
(bsc#1012628).
- ASoC: rsnd: call rsnd_ssi_master_clk_start() from
rsnd_ssi_init() (bsc#1012628).
- net: bridge: propagate error code and extack from
br_mc_disabled_update (bsc#1012628).
- Revert "iommu/amd: Fix performance counter initialization"
(bsc#1012628).
- iommu/amd: Remove performance counter pre-initialization test
(bsc#1012628).
- drm/amd/display: Force vsync flip when reconfiguring MPCC
(bsc#1012628).
- selftests: Set CC to clang in lib.mk if LLVM is set
(bsc#1012628).
- kconfig: nconf: stop endless search loops (bsc#1012628).
- ALSA: hda/realtek: Add quirk for Lenovo Ideapad S740
(bsc#1012628).
- ASoC: Intel: sof_sdw: add quirk for new ADL-P Rvp (bsc#1012628).
- ALSA: hda/hdmi: fix race in handling acomp ELD notification
at resume (bsc#1012628).
- i2c: i801: Add support for Intel Alder Lake PCH-M (bsc#1012628).
- sctp: Fix out-of-bounds warning in sctp_process_asconf_param()
(bsc#1012628).
- flow_dissector: Fix out-of-bounds warning in
__skb_flow_bpf_to_target() (bsc#1012628).
- powerpc/xive: Use the "ibm, chip-id" property only under PowerNV
(bsc#1012628).
- powerpc/smp: Set numa node before updating mask (bsc#1012628).
- wilc1000: Bring MAC address setting in line with typical Linux
behavior (bsc#1012628).
- mac80211: properly drop the connection in case of invalid CSA IE
(bsc#1012628).
- ASoC: rt286: Generalize support for ALC3263 codec (bsc#1012628).
- ethtool: ioctl: Fix out-of-bounds warning in
store_link_ksettings_for_user() (bsc#1012628).
- net: sched: tapr: prevent cycle_time == 0 in
parse_taprio_schedule (bsc#1012628).
- samples/bpf: Fix broken tracex1 due to kprobe argument change
(bsc#1012628).
- powerpc/pseries: Stop calling printk in rtas_stop_self()
(bsc#1012628).
- drm/amd/display: fixed divide by zero kernel crash during dsc
enablement (bsc#1012628).
- drm/amd/display: add handling for hdcp2 rx id list validation
(bsc#1012628).
- drm/amdgpu: Add mem sync flag for IB allocated by SA
(bsc#1012628).
- mt76: mt7615: fix entering driver-own state on mt7663
(bsc#1012628).
- crypto: ccp: Free SEV device if SEV init fails (bsc#1012628).
- wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt
(bsc#1012628).
- wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join
(bsc#1012628).
- qtnfmac: Fix possible buffer overflow in
qtnf_event_handle_external_auth (bsc#1012628).
- powerpc/iommu: Annotate nested lock for lockdep (bsc#1012628).
- iavf: remove duplicate free resources calls (bsc#1012628).
- net: ethernet: mtk_eth_soc: fix RX VLAN offload (bsc#1012628).
- selftests: mlxsw: Increase the tolerance of backlog buildup
(bsc#1012628).
- selftests: mlxsw: Fix mausezahn invocation in ERSPAN scale test
(bsc#1012628).
- kbuild: generate Module.symvers only when vmlinux exists
(bsc#1012628).
- bnxt_en: Add PCI IDs for Hyper-V VF devices (bsc#1012628).
- ia64: module: fix symbolizer crash on fdescr (bsc#1012628).
- watchdog: rename __touch_watchdog() to a better descriptive name
(bsc#1012628).
- watchdog: explicitly update timestamp when reporting softlockup
(bsc#1012628).
- watchdog/softlockup: report the overall time of softlockups
(bsc#1012628).
- watchdog/softlockup: remove logic that tried to prevent repeated
reports (bsc#1012628).
- watchdog: fix barriers when printing backtraces from all CPUs
(bsc#1012628).
- ASoC: rt286: Make RT286_SET_GPIO_* readable and writable
(bsc#1012628).
- leds: lgm: fix gpiolib dependency (bsc#1012628).
- thermal: thermal_of: Fix error return code of
thermal_of_populate_bind_params() (bsc#1012628).
- PCI/RCEC: Fix RCiEP device to RCEC association (bsc#1012628).
- f2fs: fix to allow migrating fully valid segment (bsc#1012628).
- f2fs: fix panic during f2fs_resize_fs() (bsc#1012628).
- f2fs: fix a redundant call to f2fs_balance_fs if an error occurs
(bsc#1012628).
- rtc: tps65910: include linux/property.h (bsc#1012628).
- remoteproc: qcom_q6v5_mss: Validate p_filesz in ELF loader
(bsc#1012628).
- PCI: iproc: Fix return value of iproc_msi_irq_domain_alloc()
(bsc#1012628).
- PCI: brcmstb: Fix error return code in brcm_pcie_probe()
(bsc#1012628).
- PCI: Release OF node in pci_scan_device()'s error path
(bsc#1012628).
- ARM: 9064/1: hw_breakpoint: Do not directly check the event's
overflow_handler hook (bsc#1012628).
- f2fs: fix to align to section for fallocate() on pinned file
(bsc#1012628).
- f2fs: fix to update last i_size if fallocate partially succeeds
(bsc#1012628).
- PCI: endpoint: Fix NULL pointer dereference for ->get_features()
(bsc#1012628).
- f2fs: fix to avoid touching checkpointed data in get_victim()
(bsc#1012628).
- f2fs: fix to cover __allocate_new_section() with curseg_lock
(bsc#1012628).
- fs: 9p: fix v9fs_file_open writeback fid error check
(bsc#1012628).
- f2fs: fix to restrict mount condition on readonly block device
(bsc#1012628).
- f2fs: Fix a hungtask problem in atomic write (bsc#1012628).
- nfs: Subsequent READDIR calls should carry non-zero
cookieverifier (bsc#1012628).
- NFS: Fix handling of cookie verifier in uncached_readdir()
(bsc#1012628).
- NFS: Only change the cookie verifier if the directory page
cache is empty (bsc#1012628).
- f2fs: fix to avoid accessing invalid fio in
f2fs_allocate_data_block() (bsc#1012628).
- rpmsg: qcom_glink_native: fix error return code of
qcom_glink_rx_data() (bsc#1012628).
- NFS: nfs4_bitmask_adjust() must not change the server global
bitmasks (bsc#1012628).
- NFS: Fix attribute bitmask in _nfs42_proc_fallocate()
(bsc#1012628).
- NFSv4.2: Always flush out writes in nfs42_proc_fallocate()
(bsc#1012628).
- NFS: Deal correctly with attribute generation counter overflow
(bsc#1012628).
- PCI: endpoint: Fix missing destroy_workqueue() (bsc#1012628).
- remoteproc: pru: Fixup interrupt-parent logic for fw events
(bsc#1012628).
- remoteproc: pru: Fix wrong success return value for fw events
(bsc#1012628).
- remoteproc: pru: Fix and cleanup firmware interrupt mapping
logic (bsc#1012628).
- pNFS/flexfiles: fix incorrect size check in decode_nfs_fh()
(bsc#1012628).
- NFSv4.2 fix handling of sr_eof in SEEK's reply (bsc#1012628).
- SUNRPC: Move fault injection call sites (bsc#1012628).
- SUNRPC: Remove trace_xprt_transmit_queued (bsc#1012628).
- SUNRPC: Handle major timeout in xprt_adjust_timeout()
(bsc#1012628).
- NFSv42: Copy offload should update the file size when
appropriate (bsc#1012628).
- thermal/drivers/tsens: Fix missing put_device error
(bsc#1012628).
- NFSv4.x: Don't return NFS4ERR_NOMATCHING_LAYOUT if we're
unmounting (bsc#1012628).
- nfsd: ensure new clients break delegations (bsc#1012628).
- rtc: fsl-ftm-alarm: add MODULE_TABLE() (bsc#1012628).
- dmaengine: idxd: Fix potential null dereference on pointer
status (bsc#1012628).
- dmaengine: idxd: fix dma device lifetime (bsc#1012628).
- dmaengine: idxd: cleanup pci interrupt vector allocation
management (bsc#1012628).
- dmaengine: idxd: removal of pcim managed mmio mapping
(bsc#1012628).
- dmaengine: idxd: use ida for device instance enumeration
(bsc#1012628).
- dmaengine: idxd: fix idxd conf_dev 'struct device' lifetime
(bsc#1012628).
- dmaengine: idxd: fix wq conf_dev 'struct device' lifetime
(bsc#1012628).
- dmaengine: idxd: fix engine conf_dev lifetime (bsc#1012628).
- dmaengine: idxd: fix group conf_dev lifetime (bsc#1012628).
- dmaengine: idxd: fix cdev setup and free device lifetime issues
(bsc#1012628).
- SUNRPC: fix ternary sign expansion bug in tracing (bsc#1012628).
- SUNRPC: Fix null pointer dereference in svc_rqst_free()
(bsc#1012628).
- pwm: atmel: Fix duty cycle calculation in .get_state()
(bsc#1012628).
- xprtrdma: Avoid Receive Queue wrapping (bsc#1012628).
- xprtrdma: Fix cwnd update ordering (bsc#1012628).
- xprtrdma: rpcrdma_mr_pop() already does list_del_init()
(bsc#1012628).
- riscv: Select HAVE_DYNAMIC_FTRACE when
- fpatchable-function-entry is available (bsc#1012628).
- swiotlb: Fix the type of index (bsc#1012628).
- ceph: fix inode leak on getattr error in __fh_to_dentry
(bsc#1012628).
- scsi: qla2xxx: Prevent PRLI in target mode (bsc#1012628).
- scsi: ufs: core: Do not put UFS power into LPM if link is broken
(bsc#1012628).
- scsi: ufs: core: Cancel rpm_dev_flush_recheck_work during
system suspend (bsc#1012628).
- scsi: ufs: core: Narrow down fast path in system suspend path
(bsc#1012628).
- rtc: ds1307: Fix wday settings for rx8130 (bsc#1012628).
- net: hns3: fix incorrect configuration for igu_egu_hw_err
(bsc#1012628).
- net: hns3: initialize the message content in
hclge_get_link_mode() (bsc#1012628).
- net: hns3: add check for HNS3_NIC_STATE_INITED in
hns3_reset_notify_up_enet() (bsc#1012628).
- arm64: stacktrace: restore terminal records (bsc#1012628).
- net: hns3: fix for vxlan gpe tx checksum bug (bsc#1012628).
- net: hns3: use netif_tx_disable to stop the transmit queue
(bsc#1012628).
- net: hns3: disable phy loopback setting in hclge_mac_start_phy
(bsc#1012628).
- sctp: do asoc update earlier in sctp_sf_do_dupcook_a
(bsc#1012628).
- RISC-V: Fix error code returned by riscv_hartid_to_cpuid()
(bsc#1012628).
- sunrpc: Fix misplaced barrier in call_decode (bsc#1012628).
- libbpf: Fix signed overflow in ringbuf_process_ring
(bsc#1012628).
- block/rnbd-clt: Change queue_depth type in rnbd_clt_session
to size_t (bsc#1012628).
- block/rnbd-clt: Check the return value of the function
rtrs_clt_query (bsc#1012628).
- ata: ahci_brcm: Fix use of BCM7216 reset controller
(bsc#1012628).
- PCI: brcmstb: Use reset/rearm instead of deassert/assert
(bsc#1012628).
- ethernet:enic: Fix a use after free bug in enic_hard_start_xmit
(bsc#1012628).
- sctp: fix a SCTP_MIB_CURRESTAB leak in sctp_sf_do_dupcook_b
(bsc#1012628).
- netfilter: xt_SECMARK: add new revision to fix structure layout
(bsc#1012628).
- xsk: Fix for xp_aligned_validate_desc() when len == chunk_size
(bsc#1012628).
- powerpc/powernv/memtrace: Fix dcache flushing (bsc#1012628).
- net: stmmac: Clear receive all(RA) bit when promiscuous mode
is off (bsc#1012628).
- drm/radeon: Fix off-by-one power_state index heap overwrite
(bsc#1012628).
- drm/radeon: Avoid power table parsing memory leaks
(bsc#1012628).
- arm64: entry: factor irq triage logic into macros (bsc#1012628).
- arm64: entry: always set GIC_PRIO_PSR_I_SET during entry
(bsc#1012628).
- khugepaged: fix wrong result value for
trace_mm_collapse_huge_page_isolate() (bsc#1012628).
- mm/hugeltb: handle the error case in
hugetlb_fix_reserve_counts() (bsc#1012628).
- mm/migrate.c: fix potential indeterminate pte entry in
migrate_vma_insert_page() (bsc#1012628).
- ksm: fix potential missing rmap_item for stable_node
(bsc#1012628).
- mm/gup: check every subpage of a compound page during isolation
(bsc#1012628).
- mm/gup: return an error on migration failure (bsc#1012628).
- mm/gup: check for isolation errors (bsc#1012628).
- kfence: await for allocation using wait_event (bsc#1012628).
- ethtool: fix missing NLM_F_MULTI flag when dumping
(bsc#1012628).
- net: fix nla_strcmp to handle more then one trailing null
character (bsc#1012628).
- smc: disallow TCP_ULP in smc_setsockopt() (bsc#1012628).
- netfilter: nfnetlink_osf: Fix a missing skb_header_pointer()
NULL check (bsc#1012628).
- netfilter: nftables: Fix a memleak from userdata error path
in new objects (bsc#1012628).
- can: mcp251xfd: mcp251xfd_probe(): fix an error pointer
dereference in probe (bsc#1012628).
- can: mcp251xfd: mcp251xfd_probe(): add missing
can_rx_offload_del() in error path (bsc#1012628).
- can: mcp251x: fix resume from sleep before interface was
brought up (bsc#1012628).
- can: m_can: m_can_tx_work_queue(): fix tx_skb race condition
(bsc#1012628).
- sched: Fix out-of-bound access in uclamp (bsc#1012628).
- sched/fair: Fix unfairness caused by missing load decay
(bsc#1012628).
- net: ipa: fix inter-EE IRQ register definitions (bsc#1012628).
- fs/proc/generic.c: fix incorrect pde_is_permanent check
(bsc#1012628).
- kernel: kexec_file: fix error return code of
kexec_calculate_store_digests() (bsc#1012628).
- kernel/resource: make walk_system_ram_res() find all busy
IORESOURCE_SYSTEM_RAM resources (bsc#1012628).
- kernel/resource: make walk_mem_res() find all busy
IORESOURCE_MEM resources (bsc#1012628).
- netfilter: nftables: avoid overflows in nft_hash_buckets()
(bsc#1012628).
- i40e: fix broken XDP support (bsc#1012628).
- i40e: Fix use-after-free in i40e_client_subtask() (bsc#1012628).
- i40e: fix the restart auto-negotiation after FEC modified
(bsc#1012628).
- i40e: Fix PHY type identifiers for 2.5G and 5G adapters
(bsc#1012628).
- i40e: Remove LLDP frame filters (bsc#1012628).
- mptcp: fix splat when closing unaccepted socket (bsc#1012628).
- ARC: entry: fix off-by-one error in syscall number validation
(bsc#1012628).
- ARC: mm: PAE: use 40-bit physical page mask (bsc#1012628).
- ARC: mm: Use max_high_pfn as a HIGHMEM zone border
(bsc#1012628).
- sh: Remove unused variable (bsc#1012628).
- powerpc/64s: Fix crashes when toggling stf barrier
(bsc#1012628).
- powerpc/64s: Fix crashes when toggling entry flush barrier
(bsc#1012628).
- hfsplus: prevent corruption in shrinking truncate (bsc#1012628).
- squashfs: fix divide error in calculate_skip() (bsc#1012628).
- userfaultfd: release page in error path to avoid BUG_ON
(bsc#1012628).
- kasan: fix unit tests with CONFIG_UBSAN_LOCAL_BOUNDS enabled
(bsc#1012628).
- mm/hugetlb: fix F_SEAL_FUTURE_WRITE (bsc#1012628).
- mm/hugetlb: fix cow where page writtable in child (bsc#1012628).
- blk-iocost: fix weight updates of inner active iocgs
(bsc#1012628).
- x86, sched: Fix the AMD CPPC maximum performance value on
certain AMD Ryzen generations (bsc#1012628).
- arm64: mte: initialize RGSR_EL1.SEED in __cpu_setup
(bsc#1012628).
- arm64: Fix race condition on PG_dcache_clean in
__sync_icache_dcache() (bsc#1012628).
- btrfs: fix deadlock when cloning inline extents and using
qgroups (bsc#1012628).
- btrfs: zoned: fix silent data loss after failure splitting
ordered extent (bsc#1012628).
- btrfs: fix race leading to unpersisted data and metadata on
fsync (bsc#1012628).
- btrfs: initialize return variable in cleanup_free_space_cache_v1
(bsc#1012628).
- btrfs: zoned: sanity check zone type (bsc#1012628).
- drm/radeon/dpm: Disable sclk switching on Oland when two 4K
60Hz monitors are connected (bsc#1012628).
- drm/amd/display: Initialize attribute for hdcp_srm sysfs file
(bsc#1012628).
- drm/i915: Avoid div-by-zero on gen2 (bsc#1012628).
- kvm: exit halt polling on need_resched() as well (bsc#1012628).
- drm/msm: fix LLC not being enabled for mmu500 targets
(bsc#1012628).
- KVM: LAPIC: Accurately guarantee busy wait for timer to expire
when using hv_timer (bsc#1012628).
- drm/msm/dp: initialize audio_comp when audio starts
(bsc#1012628).
- KVM: x86: Cancel pvclock_gtod_work on module removal
(bsc#1012628).
- KVM: x86: Prevent deadlock against tk_core.seq (bsc#1012628).
- KVM: SVM: Move GHCB unmapping to fix RCU warning (bsc#1012628).
- dax: Add an enum for specifying dax wakup mode (bsc#1012628).
- dax: Add a wakeup mode parameter to put_unlocked_entry()
(bsc#1012628).
- dax: Wake up all waiters after invalidating dax entry
(bsc#1012628).
- xen/unpopulated-alloc: fix error return code in fill_list()
(bsc#1012628).
- perf tools: Fix dynamic libbpf link (bsc#1012628).
- usb: dwc3: gadget: Free gadget structure only after freeing
endpoints (bsc#1012628).
- iio: light: gp2ap002: Fix rumtime PM imbalance on error
(bsc#1012628).
- iio: proximity: pulsedlight: Fix rumtime PM imbalance on error
(bsc#1012628).
- iio: hid-sensors: select IIO_TRIGGERED_BUFFER under
HID_SENSOR_IIO_TRIGGER (bsc#1012628).
- iio: core: return ENODEV if ioctl is unknown (bsc#1012628).
- usb: fotg210-hcd: Fix an error message (bsc#1012628).
- hwmon: (occ) Fix poll rate limiting (bsc#1012628).
- usb: typec: tcpm: Fix wrong handling for Not_Supported in VDM
AMS (bsc#1012628).
- usb: musb: Fix an error message (bsc#1012628).
- hwmon: (ltc2992) Put fwnode in error case during ->probe()
(bsc#1012628).
- ACPI: scan: Fix a memory leak in an error handling path
(bsc#1012628).
- kyber: fix out of bounds access when preempted (bsc#1012628).
- nvmet: fix inline bio check for bdev-ns (bsc#1012628).
- nvmet: fix inline bio check for passthru (bsc#1012628).
- nvmet-rdma: Fix NULL deref when SEND is completed with error
(bsc#1012628).
- f2fs: compress: fix to free compress page correctly
(bsc#1012628).
- f2fs: compress: fix race condition of overwrite vs truncate
(bsc#1012628).
- f2fs: compress: fix to assign cc.cluster_idx correctly
(bsc#1012628).
- sched/fair: Fix clearing of has_idle_cores flag in
select_idle_cpu() (bsc#1012628).
- nbd: Fix NULL pointer in flush_workqueue (bsc#1012628).
- powerpc/64s: Make NMI record implicitly soft-masked code as
irqs disabled (bsc#1012628).
- blk-mq: plug request for shared sbitmap (bsc#1012628).
- blk-mq: Swap two calls in blk_mq_exit_queue() (bsc#1012628).
- usb: dwc3: omap: improve extcon initialization (bsc#1012628).
- usb: dwc3: pci: Enable usb2-gadget-lpm-disable for Intel
Merrifield (bsc#1012628).
- usb: xhci: Increase timeout for HC halt (bsc#1012628).
- usb: dwc2: Fix gadget DMA unmap direction (bsc#1012628).
- usb: core: hub: fix race condition about TRSMRCY of resume
(bsc#1012628).
- usb: dwc3: imx8mp: fix error return code in dwc3_imx8mp_probe()
(bsc#1012628).
- usb: dwc3: gadget: Enable suspend events (bsc#1012628).
- usb: dwc3: gadget: Return success always for kick transfer in
ep queue (bsc#1012628).
- usb: typec: tcpm: Fix wrong handling in GET_SINK_CAP
(bsc#1012628).
- usb: typec: ucsi: Retrieve all the PDOs instead of just the
first 4 (bsc#1012628).
- usb: typec: ucsi: Put fwnode in any case during ->probe()
(bsc#1012628).
- xhci-pci: Allow host runtime PM as default for Intel Alder
Lake xHCI (bsc#1012628).
- xhci: Fix giving back cancelled URBs even if halted endpoint
can't reset (bsc#1012628).
- xhci: Do not use GFP_KERNEL in (potentially) atomic context
(bsc#1012628).
- xhci: Add reset resume quirk for AMD xhci controller
(bsc#1012628).
- iio: core: fix ioctl handlers removal (bsc#1012628).
- iio: gyro: mpu3050: Fix reported temperature value
(bsc#1012628).
- iio: tsl2583: Fix division by a zero lux_val (bsc#1012628).
- cdc-wdm: untangle a circular dependency between callback and
softint (bsc#1012628).
- alarmtimer: Check RTC features instead of ops (bsc#1012628).
- xen/gntdev: fix gntdev_mmap() error exit path (bsc#1012628).
- KVM: x86: Emulate RDPID only if RDTSCP is supported
(bsc#1012628).
- KVM: x86: Move RDPID emulation intercept to its own enum
(bsc#1012628).
- KVM: x86: Add support for RDPID without RDTSCP (bsc#1012628).
- KVM: nVMX: Always make an attempt to map eVMCS after migration
(bsc#1012628).
- KVM: VMX: Do not advertise RDPID if ENABLE_RDTSCP control is
unsupported (bsc#1012628).
- KVM: VMX: Disable preemption when probing user return MSRs
(bsc#1012628).
- mm: fix struct page layout on 32-bit systems (bsc#1012628).
- MIPS: Reinstate platform `__div64_32' handler (bsc#1012628).
- MIPS: Avoid DIVU in `__div64_32' is result would be zero
(bsc#1012628).
- MIPS: Avoid handcoded DIVU in `__div64_32' altogether
(bsc#1012628).
- clocksource/drivers/timer-ti-dm: Prepare to handle dra7 timer
wrap issue (bsc#1012628).
- clocksource/drivers/timer-ti-dm: Handle dra7 timer wrap errata
i940 (bsc#1012628).
- kobject_uevent: remove warning in init_uevent_argv()
(bsc#1012628).
- drm/i915/gt: Fix a double free in gen8_preallocate_top_level_pdp
(bsc#1012628).
- drm/msm/dp: check sink_count before update is_connected status
(bsc#1012628).
- drm/i915: Read C0DRB3/C1DRB3 as 16 bits again (bsc#1012628).
- drm/i915/overlay: Fix active retire callback alignment
(bsc#1012628).
- drm/i915: Fix crash in auto_retire (bsc#1012628).
- clk: exynos7: Mark aclk_fsys1_200 as critical (bsc#1012628).
- soc: mediatek: pm-domains: Add a meaningful power domain name
(bsc#1012628).
- soc: mediatek: pm-domains: Add a power domain names for mt8183
(bsc#1012628).
- soc: mediatek: pm-domains: Add a power domain names for mt8192
(bsc#1012628).
- media: rkvdec: Remove of_match_ptr() (bsc#1012628).
- i2c: mediatek: Fix send master code at more than 1MHz
(bsc#1012628).
- dt-bindings: media: renesas,vin: Make resets optional on R-Car
Gen1 (bsc#1012628).
- dt-bindings: thermal: rcar-gen3-thermal: Support five TSC
nodes on r8a779a0 (bsc#1012628).
- arm64: dts: renesas: falcon: Move console config to CPU board
DTS (bsc#1012628).
- dt-bindings: phy: qcom,qmp-usb3-dp-phy: move usb3 compatibles
back to qcom,qmp-phy.yaml (bsc#1012628).
- dt-bindings: serial: 8250: Remove duplicated compatible strings
(bsc#1012628).
- dt-bindings: PCI: rcar-pci-host: Document missing R-Car H1
support (bsc#1012628).
- debugfs: Make debugfs_allow RO after init (bsc#1012628).
- ext4: fix debug format string warning (bsc#1012628).
- nvme: do not try to reconfigure APST when the controller is
not live (bsc#1012628).
- ASoC: rsnd: check all BUSIF status when error (bsc#1012628).
- net: bridge: fix error in br_multicast_add_port when
CONFIG_NET_SWITCHDEV=n (bsc#1012628).
- Refresh
patches.suse/usb-pci-quirks-disable-D3cold-on-xhci-suspend-for-s2.patch.
- commit 0ef707c
++++ libdrm:
- Update to 2.4.106:
* various nouveau fixes
* improve tests
++++ graphite2:
- Define conditionally make_build to fix build on systems that do
not have that macro
++++ json-c:
- Add -std=gnu99 to fix build with some gcc versions
++++ protobuf-c:
- Update to release 1.4.0
* protoc-c: Add custom options support
* Fix packed repeated bool parsing
++++ systemd:
- Spec file minor cleanups:
- Drop all "Group:" tags as they are deprecated.
- Drop "License:" tags from all subpackages and make it inherited
from the main package.
- Drop "%bcond_with parentpathid" as it's not used.
++++ libxml2:
- Security fix: [bsc#1186015, CVE-2021-3541]
* Exponential entity expansion attack bypasses all existing
protection mechanisms.
- Add libxml2-CVE-2021-3541.patch
++++ patterns-base:
- Some enhanced_base cleanup
* alsa-plugins will be pulled in by alsa if needed
* cronie is not needed in favor of systemd timers
* The cups server is not needed in general
* postfix used to be required by cron but not anymore today
* cyrus-sasl will be pulled in by others if needed
* openslp will be pulled in by rsync so far
* translation-update is for build systems only
* udev is pulled in by systemd if needed
* perl-TermReadLine-Gnu ???
++++ python-contextvars:
- use %pytest macro in %check
++++ libxml2-python:
- Security fix: [bsc#1186015, CVE-2021-3541]
* Exponential entity expansion attack bypasses all existing
protection mechanisms.
- Add libxml2-CVE-2021-3541.patch
++++ runc:
- Update to runc v1.0.0~rc95. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc95
This release of runc contains a fix for CVE-2021-30465, and users are
strongly recommended to update (especially if you are providing
semi-limited access to spawn containers to untrusted users). bsc#1185405
++++ shim:
- shim-install: instead of assuming "removable" for Azure, remove
fallback.efi from \EFI\Boot and copy grub.efi/cfg to \EFI\Boot
to make \EFI\Boot bootable and keep the boot option created by
efibootmgr (bsc#1185464, bsc#1185961)
------------------------------------------------------------------
------------------ 2021-5-18 - May 18 2021 -------------------
------------------------------------------------------------------
++++ NetworkManager:
- Add nm-add-CAP_CHOWN-capability.patch: Add CAP_CHOWN to
CapabilityBoundingSet to make teamd work properly
(glfd#NetworkManager/NetworkManager!860, bsc#1185424).
++++ permissions:
- Update to version 20210518:
* whitelist please (bsc#1183669)
- Update to version 20210518:
* Fix enlightenment paths for 32-bit architectures
++++ cockpit:
- new version 244.1
https://cockpit-project.org/blog/cockpit-244.html
- enable SELinux
++++ dracut:
- Update to version 054+suse.95.gd5820102:
* chore(suse) update spec
Important change on mkinitrd:
mkinitrd is now in its own subpackage "dracut-mkinit-deprecated",
which requires dracut. If you need mkinitrd, require "mkinitrd".
However note that in the long run, mkinit will go away. It is
preferred to call dracut directly.
++++ kernel-default:
- can: isotp: prevent race between isotp_bind() and
isotp_setsockopt() (CVE-2021-32606 bsc#1185953 bsc#1185564).
- commit cf6ea2f
- usb: pci-quirks: disable D3cold on xhci suspend for s2idle on
AMD Renoire (bsc#1185840).
- ACPI / idle: override c-state latency when not in conformance
with s0ix (bsc#1185840).
- ACPI: PM: s2idle: Add missing LPS0 functions for AMD
(bsc#1185840).
- commit 152b604
++++ libX11:
- Update to version 1.7.1
* security update for CVE-2021-31535 (bsc#1182506)
- supersedes U_CVE-2021-31535.patch
++++ libcontainers-common:
- Update image to 5.12.0
v0.38.2:
* libimage: add save tests
* libimage/Image.HasDifferentDigest: handle manifest lists
* libimage: push: ignore image platform
* Cirrus: Use config. in common with all repos.
* libimage: add import test
* Fix handling of all capabilities
* libimage: add save tests
* containers.conf: don't set default logging driver
v0.38.1:
* libimage: add save tests
* libimage/Image.HasDifferentDigest: handle manifest lists
* libimage: push: ignore image platform
* Cirrus: Use config. in common with all repos.
* libimage: add import test
* Fix handling of all capabilities
* libimage: add save tests
* containers.conf: don't set default logging driver
v0.38.1:
* adjust log-driver defaults
* Do not emit warnings about OCI runtime paths
* build(deps): bump github.com/opencontainers/selinux from 1.8.0 to 1.8.1
* build(deps): bump github.com/containers/storage from 1.30.1 to 1.30.3
* [NO TESTS NEEDED] Fix reading configs on mac and windows
* libimage: add push tests
* build(deps): bump github.com/opencontainers/runc from 1.0.0-rc93 to 1.0.0-rc94
* libimage: fix pull from dir
* libimage: add load unit tests
* Only close EventChannel if it has been created.
v0.38:
* build(deps): bump github.com/docker/docker
* libimage: add an events system
* libimage: add unit tests
* libimage: rename dockerTransport to registryTransport
* Bump github.com/onsi/gomega from 1.11.0 to 1.12.0
* pull: simplify transports switch
* Fix images tagged by 64 chars cannot be pulled when ommiting "docker://" prefix
* Add support for codespell, and fix issues found
* libimage: restore the ability to pull from docker-daemon and tarball
* Swap default logging to journald
* fix image tree
* Add support for creating default CNI network
* Bump github.com/containers/image/v5 from 5.11.1 to 5.12.0
* Bump github.com/onsi/ginkgo from 1.16.1 to 1.16.2
* Add a default network creation package
* Add ability to specify a subnet for the default network
* libimage: follow-up changes
v0.37.1:
* Bump github.com/containers/storage from 1.30.0 to 1.30.1
* Add support for the runsc OCI Runtime
* Add support for machine_enabled in containers.conf
* modify README.md: Contributing section finetuning
* Add support for image_parallel_copies in containers.conf
* Bump github.com/containers/ocicrypt from 1.1.0 to 1.1.1
- Update common to 0.38.2
0.38.2:
libimage: add save tests
libimage/Image.HasDifferentDigest: handle manifest lists
libimage: push: ignore image platform
Cirrus: Use config. in common with all repos.
libimage: add import test
Fix handling of all capabilities
libimage: add save tests
containers.conf: don't set default logging driver
0.38.1:
adjust log-driver defaults
Do not emit warnings about OCI runtime paths
build(deps): bump github.com/opencontainers/selinux from 1.8.0 to 1.8.1
build(deps): bump github.com/containers/storage from 1.30.1 to 1.30.3
[NO TESTS NEEDED] Fix reading configs on mac and windows
libimage: add push tests
build(deps): bump github.com/opencontainers/runc from 1.0.0-rc93 to 1.0.0-rc94
libimage: fix pull from dir
libimage: add load unit tests
Only close EventChannel if it has been created.
0.38.0:
build(deps): bump github.com/docker/docker
libimage: add an events system
libimage: add unit tests
libimage: rename dockerTransport to registryTransport
Bump github.com/onsi/gomega from 1.11.0 to 1.12.0
pull: simplify transports switch
Fix images tagged by 64 chars cannot be pulled when ommiting "docker://" prefix
Add support for codespell, and fix issues found
libimage: restore the ability to pull from docker-daemon and tarball
Swap default logging to journald
fix image tree
Add support for creating default CNI network
Bump github.com/containers/image/v5 from 5.11.1 to 5.12.0
Bump github.com/onsi/ginkgo from 1.16.1 to 1.16.2
Add a default network creation package
Add ability to specify a subnet for the default network
libimage: follow-up changes
0.37.1:
Bump github.com/containers/storage from 1.30.0 to 1.30.1
Add support for the runsc OCI Runtime
Add support for machine_enabled in containers.conf
modify README.md: Contributing section finetuning
Add support for image_parallel_copies in containers.conf
Bump github.com/containers/ocicrypt from 1.1.0 to 1.1.1
- Update storage to 1.31.0
1.31.0:
Update docs/containers-storage.conf.5.md
store: add option to disable volatile
build(deps): bump github.com/Microsoft/hcsshim from 0.8.16 to 0.8.17
Enable zstd:chunked support in containers/image
overlay: honor DisableShifting
store: allow shifting only with contiguous mappings
idtools: new function IsContiguous
store: replace Modified+Load with ReloadIfChanged
store: new method ROFileBasedStore.ReloadIfChanged()
Expand the scope of transaction in the process of deleting device
Remove unlock/lock caused by Incorrect assumption
1.30.3:
Update to F34 and U2104
Update vendor opencontainers/selinux v1.8.1
AUFS not supported in Ubuntu 21.04+
build(deps): bump github.com/opencontainers/runc from 1.0.0-rc93 to 1.0.0-rc94
TestMatch: handle cases where NewPatternMatcher catches syntax errors
1.30.2:
Switch from ffjson to json-iterator
Remove dependencies on ffjson
Expand Variables on rootlessStoragePath
Log expected rootless overlay mount failures as debug level
++++ rdma-core:
- Update to rdma-core v35.0
- Bugfixes on all providers
- Many improvements on pyverbs
- Fixes dracut path issues on Tumbleweed
- Refresh patches to latest sources:
- Revert-libcxgb3-Remove-libcxgb3-from-rdma-core.patch
- disable-rdma-interface-renaming.patch
++++ libepoxy:
- Update to version 1.5.7:
* Remove type redefinition
- Includes changes from 1.5.6:
* Fix issue loading OpenGL/GLX/EGL libraries
* Expose dependency variables in pkg-config file
* Close output objects when generating files
++++ multipath-tools:
- Update to version 0.8.6+10+suse.47711374:
* Github workflows: add CI for SUSE-specific branches
++++ pango:
- Update to version 1.48.5:
+ Only initialize fontconfig once.
+ Add missing deprecation notices.
+ Add some missing apis to the markup docs.
+ Speed up Emoji classification.
+ Fix hangs and memory leaks.
+ Don't insert hyphens at word boundaries.
+ Handle empty lines better.
+ Avoid width fluctuations with ellipsized text.
+ Add a utility to show text segmentation.
++++ systemd:
- Introduce subpackage systemd-tests
This subpackage is mainly used before submitting a new version of
the systemd packages. As such it's not intended for regular users
hence can be removed/renamed at any time. One might wonder why the
unit tests are not executed during package builds (%check)... the
reason is that the environment used to build package (chroot) is too
limited and therefore only a subset of the unit tests would be
executed in this environment.
To disable the build of the subpackage, use "--without=tests".
- Add 0001-Revert-core-prevent-excessive-proc-self-mountinfo-pa.patch
A temporary patch until
https://github.com/systemd/systemd/issues/19464 is solved.
- Import commit bc08011f04ac4f12569ec05965149f665a0b110b (merge of v248.3)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/6f5c11b28f5739b901390f22c2bf4c003cadedaa...bc08011f04ac4f12569ec05965149f665a0b110b
++++ openssh:
- Use pam_motd to unify motd message output [bsc#1185897]
(openssh-8.4p1-pam_motd.patch)
++++ python-distro:
- use %pytest macro
++++ python-pbr:
- update to 5.6.0:
* Reverse ordering of 'D1\_D2\_SETUP\_ARGS'
* Add test for cfg -> py transformation
* Don't pass empty 'long\_description'
* Move flake8 as a pre-commit local target
* Map requires-python to python-requires (attempt 2)
* Update dependencies to avoid failure with old pip
* Increase OS\_TEST\_TIMEOUT to 1200
* Prevent test failure due to use of setpref
* util: Convert 'D1\_D2\_SETUP\_ARGS' to a list of tuples
* Revert "Map requires-python to python-requires"
* Dropping lower constraints testing
* Adding pre-commit
++++ selinux-policy:
- allow systemd to watch /usr, /usr/lib, /etc, /etc/pki as we have path units
that trigger on changes in those.
Added fix_systemd_watch.patch
- own /usr/share/selinux/packages/$SELINUXTYPE/ and
/var/lib/selinux/$SELINUXTYPE/active/modules/* to allow packages to install
files there
++++ u-boot-rpiarm64:
* Add rockpi-n10-rk3399pro
* Several fixes and cleanups for RK3399/3328 boards:
- Replace repeated board list with is_rk3399/is_rk3328 define
- Fix non-functional rock960, copy bl31.elf
- Remove "make u-boot.itb", already part of "all" target
* Remove obsolete manual generation of SOURCE_DATE_EPOCH
------------------------------------------------------------------
------------------ 2021-5-17 - May 17 2021 -------------------
------------------------------------------------------------------
++++ dracut:
- Update to version 054+suse.94.g1648453e:
* chore(suse): re-add SUSE mkinitrd
- Update to version 054+suse.93.gd393f006:
With this release dracut has undergone a major overhaul.
A lot of systemd related modules have been added.
The integration test suite has finally ironed out the flaky behaviour due to the parallel device probing of the kernel,
which bit sometimes in the non-kvm github CI. So, if you see any /dev/sda in a setup script with more than two hard drives,
chances are, that the script works on the wrong disk. Same goes for network interfaces.
This release is also fully shellcheck'ed with ShellCheck-0.7.2 and indented with shfmt and astyle.
The dracut project builds test containers every day for:
opensuse/tumbleweed-dnf:latest
archlinux:latest
fedora:rawhide
fedora:latest
fedora:33
These containers can easily be used to run the integration tests locally without root permissions via podman.
We hope this serves as a blueprint for your distribution's CI process.
More information can be found in docs/HACKING.md.
Bug Fixes
make testsuite pass on OpenSuse and Arch (8b2afb08)
cope with distributions with /usr/etc files (3ad3b3a4)
deprecate gummiboot (5c94cf41)
set vimrc and emacs indention according to .editorconfig (9012f399)
correctly handle kernel parameters (501d82f7)
remove dracut.pc on make clean (d643156d)
honor KVERSION environment in the Makefile (d8a454a5)
always use mkdir -p (9cf7b1c5)
dracut.sh:
prevent symbolic links containing // (de0c0872)
adding missing globalvars for udev (f35d479d)
sysctl global variables (3ca9aa1d)
add global vars for modules-load (ec4539c6)
omission is an addition to other omissions in conf files (96c31333)
harden dracut against GZIP environment variable (d8e47e20)
add a missing tmpfilesconfdir global variable (8849dd8d)
include modules.builtin.alias in the initramfs (7f633747)
install all depmod relevant configuration files (50a01dd4)
add modules.builtin.modinfo to the initramfs (87c4c178)
search for btrfs devices from actual mount poiont (3fdc734a)
dracut-functions.sh:
implement a cache for get_maj_min (c3bb9d18)
word splitting issue for sed in get_ucode_file (122657b2)
dracut-logger.sh: double dash trigger unknown logger warnings during run (4fbccde5)
dracut-install:
handle $LIB in ldd output parsing (d1a36d3d)
handle builtin modules (2536a9ea)
base:
suppress calls to getarg in build phase (6feaaabc)
source hooks without exec (8059bcb2)
wait_for_dev quote shell variables (b800edd6)
adding crc32c for ext3 (61f45643)
crypt:
install all crypto modules in the generic initrd (10f9e569)
include cryptsetups tmpfile (a4cc1964)
crypt-gpg:
cope with different scdaemon location (44fd1c13)
dbus-broker:
enable the service (df1e5f06)
dbus-daemon:
only error out in install() (ae4fbb3d)
dracut-systemd:
don't refuse root=tmpfs when systemd is used (a96900a8)
examples: remove the examples directory and reference to it (b37c90c8)
fips:
add dh and ecdh ciphers (543b8014)
remove old udev version requirements (be30d987)
i18n:
skip if data is missing (651fe01e)
img-lib:
ignored null byte in input (85eb9680)
integrity:
properly set up EVM when using an x509 cert (4bdd7eb2)
iscsi:
replace sed call with bash internals (66b920c6)
add iscsid.service requirements (bb6770f1)
only rely on socket activiation (0eb87d78)
kernel-modules:
optionally add /usr/lib/modules.d to initramfs (92e6a8f8)
add watchdog drivers for generic initrd (3a60c036)
mdraid:
remove dependency statements (86b75634)
memstrack:
correct dependencies (c2ecc4d1)
multipath:
stop multipath before udev db cleanup (3c244c7c)
revise multipathd-stop (7b8c78ff)
nbd:
assume nbd version >= 3.8 (6209edeb)
remove old udev version requirements (fd15dbad)
make nbd work again with systemd (77906443)
network:
use wicked unit instead of find_binary (57eefcf7)
user variable for sdnetworkd instead of path (4982e16d)
correct regression in iface_has_carrier (36af0518)
network-legacy:
add missing options to dhclient.conf (abfd547a)
silence getargs (60a34d8b)
network-manager:
cope with distributions not using libexec (22d6863e)
set timeout via command line option (8a51ee1f)
run after dracut-cmdline (4d03404f)
create /run directories (49b61496)
use /run/NetworkManager/initrd/neednet in initqueue (6a37c6f6)
only run NetworkManager if rd.neednet=1 (ac0e8f7d)
nm-run.service: don't kill forked processes (1f21fac6)
no default deps for nm-run.service (ba4bcf5f)
nm-lib.sh does not require bash (3402142e)
squash:
post install should be the last step before stripping (8c8aecdc)
systemd:
include all nss libraries (b3bbf5fb)
include hosts and nsswitch.conf in hostonly mode (5912f4fb)
remove old systemd version requirements (fc53987b)
systemd-hostnamed: extra quote (2aa65234)
systemd-modules: remove dependency on systemd meta module (afef4557)
systemd-modules-load:
misc repairs (782ac8f1)
systemd-networkd:
make systemd-networkd a proper network provider (ea779750, closes #737)
systemd-resolved: remove nss libraries (12bef83c)
systemd-sysctl:
sysctl global variables (02acedd0)
systemd-sysusers:
misc fixes and cleanup (7359ba8a)
systemd-udev: use global vars instead of fixed path (fd883a58)
systemd-udevd: add udev id program files (562cb77b)
systemd-verity:
incorrect reference to cryptsetup target (ba92d1fc)
re-naming module to veritysetup (0267f3c3)
tpm2-tss: add tpm2 requirement (8f99fada)
udev-rules:
remove sourcing of network link files (69f4e7cd)
add btrfs udev rules by default (567c4557)
url-lib:
fix passing args (5f6be515)
zipl:
don't depend on grub2 (6b499ec1)
Performance
disable initrd compression when squash module is enabled (7c0bc0b2)
Features
support ZSTD-compressed kernel modules (ce9af251)
also restore the initramfs from /lib/modules (33e27fab)
extend Makefile indent target (e0a0fa61)
customize .editorconfig according to shfmt (1f621aba)
squash module follow --compress option (5d05ffbd)
bluetooth: implement bluetooth support in initrd (64ee2a53)
btrfs: add 64-btrfs-dm.rules rules (d4caa86a)
mkinitrd: remove mkinitrd (43df4ee2)
nbd: support ipv6 link local nbds (b12f8188)
network-manager: run as daemon with D-Bus (112f03f9)
qemu: include the virtio_mem kernel module (f3dcb606)
skipcpio: speed up and harden skipcpio (63033495)
squash:
use busybox for early setup if available (90f269f6)
install and depmod modules seperately (5a18b24a)
systemd-ac-power: introducing the systemd-ac-power module (e7407230)
systemd-hostnamed: introducing the systemd-hostnamed module (bf273e3e)
systemd-initrd: add initrd-usr-fs.target (5eb73610)
systemd-journald: introducing the systemd-journald module (3697891b)
systemd-ldconfig: introducing the systemd-ldconfig module (563c434e)
systemd-network-management: introducing systemd-network-management module (e942d86c)
systemd-resolved: introducing the systemd-resolved module (b7d3caef)
systemd-rfkill: introducing the systemd-rfkill module (21536544)
systemd-sysext: introducing the systemd-sysext module (fc88af54)
systemd-timedated: introducing the systemd-timedated module (1c41cc90)
systemd-timesyncd: introducing the systemd-timesyncd module (2257d545)
systemd-tmpfiles: introducing the systemd-tmpfiles module (2b61be32)
systemd-udevd: introducing the systemd-udevd module (3534789c)
systemd-verity: introducing the systemd-verity module (3d4dea58)
tpm2-tss: introducing the tpm2-tss module (8743b073)
++++ kernel-default:
- ipc/mqueue, msg, sem: Avoid relying on a stack reference past
its expiry (bsc#1185988).
- commit 2d71c6c
- ipc/mqueue, msg, sem: Avoid relying on a stack reference past
its expiry (bsc#1185988).
- commit 3e71e40
- Update to 5.13-rc2
- commit 977da2f
++++ libX11:
- U_CVE-2021-31535.patch
* adds missing request length checks in libX11 (CVE-2021-31535,
bsc#1182506)
++++ ncurses:
- Add ncurses patch 20210515
+ improve manual pages for wgetnstr, newwin (prompted by
report/testcase by Bill Gray).
- Add ncurses patch 20210508
+ modify tputs' error check to allow it to be used without first
calling tgetent or setupterm, noting that terminfo initialization
is requires for supporting the terminfo delay feature (report by
Sebastiano Vigna).
+ fix several warnings from clang --analyze
+ add null-pointer check in comp_parse.c, when a "use=" clause refers
to a nonexisting terminal description (report/patch by Miroslav
Lichvar, cf: 20210227).
++++ openssl-1_1:
- Added openssl-add_rfc3526_rfc7919.patch
* Genpkey: "-pkeyopt dh_param:" can now choose modp_* (rfc3526)
and ffdhe* (rfc7919) groups. Example:
$ openssl genpkey -genparam -algorithm DH -pkeyopt dh_param:ffdhe4096
* DH_new_by_nid(), DH_get_nid(), and EVP_PKEY_CTX_set_dh_nid():
NID_modp_* groups are now available, similar to NID_ffdhe*.
* Fixes bsc#1180995 - openssl s_server fails when FIPS is enabled
++++ snapper:
- fixed systemd sandboxing (bsc#1186095)
++++ libtasn1:
- libtasn1 4.17.0:
* Print deprecation messages for deprecated macros
* Fix some clang issues due to illegal pointers
* Restore handling of SIZE nodes
* Fix memory leak caught by oss-fuzz
* Gtk-doc fixes
* Fix bugs unveiled by Static Analysis
* Update gnulib files and many build fixes
- move tools to -tools packages and clarify licenses
- update upstream signing keyring
- remove deprecated texinfo packaging macros
++++ python-libvirt-python:
- Update to 7.3.0
- Add all new APIs and constants in libvirt 7.3.0
++++ qemu:
- Brotli VLA error was already fixed in v5.2 but the patches wasn't
included in v6.0. This change fixed that
- Patches added:
brotli-fix-actual-variable-array-paramet.patch
hw-rx-rx-gdbsim-Do-not-accept-invalid-me.patch
ui-Fix-memory-leak-in-qemu_xkeymap_mappi.patch
++++ rpcbind:
- Update to rpcbind 1.2.6
- Remove 0031-rpcbind-manpage.patch (accepted upstream in commit 4bedcee)
- Drop pmap_set.c (installed as pmap_set2): bnc#446388 is from 2008, for
openSUSE 11.
- Refresh 0001-change-lockingdir-to-run.patch
- Replace %setup with %autosetup
------------------------------------------------------------------
------------------ 2021-5-16 - May 16 2021 -------------------
------------------------------------------------------------------
++++ acl:
- modernize spec-file (move license to licensedir)
++++ kernel-default:
- drm/i915/gem: Pin the L-shape quirked object as unshrinkable
(bsc#1185624 bsc#1186075).
- commit 6e53ea2
++++ less:
- update to 586:
* Make less able to read lesskey source files (deprecating lesskey).
* If XDG_CONFIG_HOME is set, find lesskey source file
in $XDG_CONFIG_HOME/lesskey rather than $HOME/.lesskey.
* If XDG_DATA_HOME is set, find and store history file
in $XDG_DATA_HOME/lesshst rather than $HOME/.lesshst.
* Add the --lesskey-src option.
* Add the --file-size option.
* Fix bug which could leave terminal in mouse-reporting mode
after exiting less.
* Fix bug which caused failure to respond to window resize.
* Fix backslash bug searching in tag file.
++++ libtirpc:
- update to 1.3.2:
* Replace the final SunRPC licenses with BSD licenses
* blacklist: Add a few more well known ports
* libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS
------------------------------------------------------------------
------------------ 2021-5-15 - May 15 2021 -------------------
------------------------------------------------------------------
++++ filesystem:
- temporarily revert icon and fillup dir to 0755 until fallout
is fixed (bsc#1184786)
++++ kernel-default:
- kbuild: dummy-tools: adjust to stricter stackprotector check.
Fix i386 builds after recent changes of stackprotector feature check and
restore stackprotector related config options.
- commit 9c7db9a
- serial: stm32: fix threaded interrupt handling (git-fixes).
- usb: typec: tcpm: Fix error while calculating PPS out values
(git-fixes).
- RDMA/core: Unify RoCE check and re-factor code (git-fixes).
- commit a5aafd4
- Linux 5.12.4 (bsc#1012628).
- Bluetooth: verify AMP hci_chan before amp_destroy (bsc#1012628).
- bluetooth: eliminate the potential race condition when removing
the HCI controller (bsc#1012628).
- net/nfc: fix use-after-free llcp_sock_bind/connect
(bsc#1012628).
- io_uring: truncate lengths larger than MAX_RW_COUNT on provide
buffers (bsc#1012628).
- coresight: etm-perf: Fix define build issue when built as module
(bsc#1012628).
- software node: Allow node addition to already existing device
(bsc#1012628).
- Revert "USB: cdc-acm: fix rounding error in TIOCSSERIAL"
(bsc#1012628).
- usb: roles: Call try_module_get() from
usb_role_switch_find_by_fwnode() (bsc#1012628).
- tty: moxa: fix TIOCSSERIAL jiffies conversions (bsc#1012628).
- tty: amiserial: fix TIOCSSERIAL permission check (bsc#1012628).
- USB: serial: usb_wwan: fix TIOCSSERIAL jiffies conversions
(bsc#1012628).
- staging: greybus: uart: fix TIOCSSERIAL jiffies conversions
(bsc#1012628).
- USB: serial: ti_usb_3410_5052: fix TIOCSSERIAL permission check
(bsc#1012628).
- staging: fwserial: fix TIOCSSERIAL jiffies conversions
(bsc#1012628).
- tty: moxa: fix TIOCSSERIAL permission check (bsc#1012628).
- tty: mxser: fix TIOCSSERIAL jiffies conversions (bsc#1012628).
- staging: fwserial: fix TIOCSSERIAL permission check
(bsc#1012628).
- tty: mxser: fix TIOCSSERIAL permission check (bsc#1012628).
- drm: bridge: fix LONTIUM use of mipi_dsi_() functions
(bsc#1012628).
- usb: typec: tcpm: Address incorrect values of tcpm psy for
fixed supply (bsc#1012628).
- usb: typec: tcpm: Address incorrect values of tcpm psy for
pps supply (bsc#1012628).
- usb: typec: tcpm: update power supply once partner accepts
(bsc#1012628).
- USB: serial: xr: fix CSIZE handling (bsc#1012628).
- usb: xhci-mtk: remove or operator for setting schedule
parameters (bsc#1012628).
- usb: xhci-mtk: improve bandwidth scheduling with TT
(bsc#1012628).
- ASoC: samsung: tm2_wm5110: check of of_parse return value
(bsc#1012628).
- ASoC: Intel: kbl_da7219_max98927: Fix kabylake_ssp_fixup
function (bsc#1012628).
- ASoC: tlv320aic32x4: Register clocks before registering
component (bsc#1012628).
- ASoC: tlv320aic32x4: Increase maximum register in regmap
(bsc#1012628).
- MIPS: pci-mt7620: fix PLL lock check (bsc#1012628).
- MIPS: pci-rt2880: fix slot 0 configuration (bsc#1012628).
- FDDI: defxx: Bail out gracefully with unassigned PCI resource
for CSR (bsc#1012628).
- PCI: Allow VPD access for QLogic ISP2722 (bsc#1012628).
- KVM: x86: Defer the MMU unload to the normal path on an global
INVPCID (bsc#1012628).
- PCI: xgene: Fix cfg resource mapping (bsc#1012628).
- PCI: keystone: Let AM65 use the pci_ops defined in
pcie-designware-host.c (bsc#1012628).
- PM / devfreq: Unlock mutex and free devfreq struct in error path
(bsc#1012628).
- soc/tegra: regulators: Fix locking up when voltage-spread is
out of range (bsc#1012628).
- iio: inv_mpu6050: Fully validate gyro and accel scale writes
(bsc#1012628).
- iio: magnetometer: yas530: Include right header (bsc#1012628).
- iio: sx9310: Fix write_.._debounce() (bsc#1012628).
- iio:accel:adis16201: Fix wrong axis assignment that prevents
loading (bsc#1012628).
- iio:adc:ad7476: Fix remove handling (bsc#1012628).
- iio: magnetometer: yas530: Fix return value on error path
(bsc#1012628).
- iio: sx9310: Fix access to variable DT array (bsc#1012628).
- iio: hid-sensor-rotation: Fix quaternion data not correct
(bsc#1012628).
- sc16is7xx: Defer probe if device read fails (bsc#1012628).
- phy: cadence: Sierra: Fix PHY power_on sequence (bsc#1012628).
- misc: lis3lv02d: Fix false-positive WARN on various HP models
(bsc#1012628).
- phy: ti: j721e-wiz: Invoke wiz_init() before
of_platform_device_create() (bsc#1012628).
- misc: vmw_vmci: explicitly initialize vmci_notify_bm_set_msg
struct (bsc#1012628).
- misc: vmw_vmci: explicitly initialize vmci_datagram payload
(bsc#1012628).
- selinux: add proper NULL termination to the secclass_map
permissions (bsc#1012628).
- x86, sched: Treat Intel SNC topology as default, COD as
exception (bsc#1012628).
- async_xor: increase src_offs when dropping destination page
(bsc#1012628).
- md/bitmap: wait for external bitmap writes to complete during
tear down (bsc#1012628).
- md-cluster: fix use-after-free issue when removing rdev
(bsc#1012628).
- md: split mddev_find (bsc#1012628).
- md: factor out a mddev_find_locked helper from mddev_find
(bsc#1012628).
- md: md_open returns -EBUSY when entering racing area
(bsc#1012628).
- md: Fix missing unused status line of /proc/mdstat
(bsc#1012628).
- MIPS: generic: Update node names to avoid unit addresses
(bsc#1012628).
- mt76: mt7615: use ieee80211_free_txskb() in
mt7615_tx_token_put() (bsc#1012628).
- ipw2x00: potential buffer overflow in libipw_wx_set_encodeext()
(bsc#1012628).
- net: xilinx: drivers need/depend on HAS_IOMEM (bsc#1012628).
- cfg80211: scan: drop entry from hidden_list on overflow
(bsc#1012628).
- rtw88: Fix array overrun in rtw_get_tx_power_params()
(bsc#1012628).
- mt76: fix potential DMA mapping leak (bsc#1012628).
- FDDI: defxx: Make MMIO the configuration default except for EISA
(bsc#1012628).
- drm/qxl: use ttm bo priorities (bsc#1012628).
- drm/ingenic: Fix non-OSD mode (bsc#1012628).
- drm/panfrost: Clear MMU irqs before handling the fault
(bsc#1012628).
- drm/panfrost: Don't try to map pages that are already mapped
(bsc#1012628).
- drm/radeon: fix copy of uninitialized variable back to userspace
(bsc#1012628).
- drm/dp_mst: Revise broadcast msg lct & lcr (bsc#1012628).
- drm/dp_mst: Set CLEAR_PAYLOAD_ID_TABLE as broadcast
(bsc#1012628).
- drm: bridge: fix ANX7625 use of mipi_dsi_() functions
(bsc#1012628).
- drm: bridge/panel: Cleanup connector on bridge detach
(bsc#1012628).
- drm/amd/display: Reject non-zero src_y and src_x for video
planes (bsc#1012628).
- drm/amdgpu: fix concurrent VM flushes on Vega/Navi v2
(bsc#1012628).
- drm/amdgpu: add new MC firmware for Polaris12 32bit ASIC
(bsc#1012628).
- drm/amdgpu: fix r initial values (bsc#1012628).
- drm/amdgpu: Init GFX10_ADDR_CONFIG for VCN v3 in DPG mode
(bsc#1012628).
- ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries
(bsc#1012628).
- ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries
(bsc#1012628).
- ALSA: hda/realtek: Re-order ALC882 Clevo quirk table entries
(bsc#1012628).
- ALSA: hda/realtek: Re-order ALC269 HP quirk table entries
(bsc#1012628).
- ALSA: hda/realtek: Re-order ALC269 Acer quirk table entries
(bsc#1012628).
- ALSA: hda/realtek: Re-order ALC269 Dell quirk table entries
(bsc#1012628).
- ALSA: hda/realtek: Re-order ALC269 ASUS quirk table entries
(bsc#1012628).
- ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries
(bsc#1012628).
- ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries
(bsc#1012628).
- ALSA: hda/realtek: Re-order remaining ALC269 quirk table entries
(bsc#1012628).
- ALSA: hda/realtek: Re-order ALC662 quirk table entries
(bsc#1012628).
- ALSA: hda/realtek: Remove redundant entry for ALC861
Haier/Uniwill devices (bsc#1012628).
- ALSA: hda/realtek: Fix speaker amp on HP Envy AiO 32
(bsc#1012628).
- KVM: s390: VSIE: correctly handle MVPG when in VSIE
(bsc#1012628).
- KVM: s390: split kvm_s390_logical_to_effective (bsc#1012628).
- KVM: s390: fix guarded storage control register handling
(bsc#1012628).
- s390: fix detection of vector enhancements facility 1 vs. vector
packed decimal facility (bsc#1012628).
- KVM: s390: VSIE: fix MVPG handling for prefixing and MSO
(bsc#1012628).
- KVM: s390: split kvm_s390_real_to_abs (bsc#1012628).
- KVM: s390: extend kvm_s390_shadow_fault to return entry pointer
(bsc#1012628).
- KVM: x86/mmu: Alloc page for PDPTEs when shadowing 32-bit NPT
with 64-bit (bsc#1012628).
- KVM: x86/xen: Drop RAX[63:32] when processing hypercall
(bsc#1012628).
- KVM: X86: Fix failure to boost kernel lock holder candidate
in SEV-ES guests (bsc#1012628).
- KVM: x86: Properly handle APF vs disabled LAPIC situation
(bsc#1012628).
- KVM: x86: Check CR3 GPA for validity regardless of vCPU mode
(bsc#1012628).
- KVM: x86: Remove emulator's broken checks on CR0/CR3/CR4 loads
(bsc#1012628).
- KVM: nSVM: Set the shadow root level to the TDP level for
nested NPT (bsc#1012628).
- KVM: SVM: Don't strip the C-bit from CR2 on #PF interception
(bsc#1012628).
- KVM: SVM: Use online_vcpus, not created_vcpus, to iterate over
vCPUs (bsc#1012628).
- KVM: SVM: Do not set sev->es_active until KVM_SEV_ES_INIT
completes (bsc#1012628).
- KVM: SVM: Do not allow SEV/SEV-ES initialization after vCPUs
are created (bsc#1012628).
- KVM: SVM: Inject #GP on guest MSR_TSC_AUX accesses if RDTSCP
unsupported (bsc#1012628).
- KVM: nVMX: Defer the MMU reload to the normal path on an EPTP
switch (bsc#1012628).
- KVM: VMX: Truncate GPR value for DR and CR reads in !64-bit mode
(bsc#1012628).
- KVM: nVMX: Truncate bits 63:32 of VMCS field on nested check
in !64-bit (bsc#1012628).
- KVM: nVMX: Truncate base/index GPR value on address calc in
!64-bit (bsc#1012628).
- KVM: arm/arm64: Fix KVM_VGIC_V3_ADDR_TYPE_REDIST read
(bsc#1012628).
- KVM: Destroy I/O bus devices on unregister failure _after_
sync'ing SRCU (bsc#1012628).
- KVM: Stop looking for coalesced MMIO zones if the bus is
destroyed (bsc#1012628).
- KVM: arm64: Support PREL/PLT relocs in EL2 code (bsc#1012628).
- KVM: arm64: Fully zero the vcpu state on reset (bsc#1012628).
- KVM: arm64: Fix KVM_VGIC_V3_ADDR_TYPE_REDIST_REGION read
(bsc#1012628).
- KVM: selftests: Sync data verify of dirty logging with guest
sync (bsc#1012628).
- KVM: selftests: Always run vCPU thread with blocked SIG_IPI
(bsc#1012628).
- Revert "drivers/net/wan/hdlc_fr: Fix a double free in pvc_xmit"
(bsc#1012628).
- Revert "i3c master: fix missing destroy_workqueue() on error
in i3c_master_register" (bsc#1012628).
- mfd: stmpe: Revert "Constify static struct resource"
(bsc#1012628).
- ovl: fix missing revert_creds() on error path (bsc#1012628).
- usb: gadget: pch_udc: Revert d3cb25a12138 completely
(bsc#1012628).
- Revert "tools/power turbostat: adjust for temperature offset"
(bsc#1012628).
- firmware: xilinx: Fix dereferencing freed memory (bsc#1012628).
- firmware: xilinx: Remove zynqmp_pm_get_eemi_ops() in
IS_REACHABLE(CONFIG_ZYNQMP_FIRMWARE) (bsc#1012628).
- x86/vdso: Use proper modifier for len's format specifier in
extract() (bsc#1012628).
- fpga: fpga-mgr: xilinx-spi: fix error messages on -EPROBE_DEFER
(bsc#1012628).
- crypto: keembay-ocs-hcu - Fix error return code in
kmb_ocs_hcu_probe() (bsc#1012628).
- crypto: keembay-ocs-aes - Fix error return code in
kmb_ocs_aes_probe() (bsc#1012628).
- crypto: sun8i-ss - fix result memory leak on error path
(bsc#1012628).
- memory: gpmc: fix out of bounds read and dereference on
gpmc_cs[] (bsc#1012628).
- ARM: dts: exynos: correct fuel gauge interrupt trigger level
on GT-I9100 (bsc#1012628).
- ARM: dts: exynos: correct fuel gauge interrupt trigger level
on P4 Note family (bsc#1012628).
- ARM: dts: exynos: correct fuel gauge interrupt trigger level
on Midas family (bsc#1012628).
- ARM: dts: exynos: correct MUIC interrupt trigger level on
Midas family (bsc#1012628).
- ARM: dts: exynos: correct PMIC interrupt trigger level on
Midas family (bsc#1012628).
- ARM: dts: exynos: correct PMIC interrupt trigger level on
Odroid X/U3 family (bsc#1012628).
- ARM: dts: exynos: correct PMIC interrupt trigger level on P4
Note family (bsc#1012628).
- ARM: dts: exynos: correct PMIC interrupt trigger level on
SMDK5250 (bsc#1012628).
- ARM: dts: exynos: correct PMIC interrupt trigger level on Snow
(bsc#1012628).
- ARM: dts: s5pv210: correct fuel gauge interrupt trigger level
on Fascinate family (bsc#1012628).
- ARM: dts: renesas: Add mmc aliases into R-Car Gen2 board dts
files (bsc#1012628).
- arm64: dts: renesas: Add mmc aliases into board dts files
(bsc#1012628).
- bus: ti-sysc: Fix initializing module_pa for modules without
sysc register (bsc#1012628).
- x86/platform/uv: Set section block size for hubless
architectures (bsc#1012628).
- serial: stm32: fix probe and remove order for dma (bsc#1012628).
- serial: stm32: fix startup by enabling usart for reception
(bsc#1012628).
- serial: stm32: fix incorrect characters on console
(bsc#1012628).
- serial: stm32: fix TX and RX FIFO thresholds (bsc#1012628).
- serial: stm32: fix a deadlock condition with wakeup event
(bsc#1012628).
- serial: stm32: fix wake-up flag handling (bsc#1012628).
- serial: stm32: fix a deadlock in set_termios (bsc#1012628).
- serial: liteuart: fix return value check in liteuart_probe()
(bsc#1012628).
- serial: stm32: fix tx dma completion, release channel
(bsc#1012628).
- serial: stm32: call stm32_transmit_chars locked (bsc#1012628).
- serial: stm32: fix FIFO flush in startup and set_termios
(bsc#1012628).
- serial: stm32: add FIFO flush when port is closed (bsc#1012628).
- serial: stm32: fix tx_empty condition (bsc#1012628).
- usb: typec: tcpm: Wait for vbus discharge to VSAFE0V before
toggling (bsc#1012628).
- usb: typec: tcpci: Check ROLE_CONTROL while interpreting
CC_STATUS (bsc#1012628).
- usb: typec: tps6598x: Fix return value check in tps6598x_probe()
(bsc#1012628).
- usb: typec: stusb160x: fix return value check in
stusb160x_probe() (bsc#1012628).
- mfd: intel_pmt: Fix nuisance messages and handling of disabled
capabilities (bsc#1012628).
- regmap: set debugfs_name to NULL after it is freed
(bsc#1012628).
- spi: rockchip: avoid objtool warning (bsc#1012628).
- arm64: dts: broadcom: bcm4908: fix switch parent node name
(bsc#1012628).
- mtd: rawnand: fsmc: Fix error code in fsmc_nand_probe()
(bsc#1012628).
- mtd: rawnand: brcmnand: fix OOB R/W with Hamming ECC
(bsc#1012628).
- mtd: Handle possible -EPROBE_DEFER from parse_mtd_partitions()
(bsc#1012628).
- mtd: rawnand: qcom: Return actual error code instead of -ENODEV
(bsc#1012628).
- mtd: don't lock when recursively deleting partitions
(bsc#1012628).
- mtd: parsers: qcom: Fix error condition (bsc#1012628).
- mtd: parsers: qcom: incompatible with spi-nor 4k sectors
(bsc#1012628).
- mtd: maps: fix error return code of physmap_flash_remove()
(bsc#1012628).
- ARM: dts: stm32: fix usart 2 & 3 pinconf to wake up with flow
control (bsc#1012628).
- arm64: dts: ti: k3-j721e-main: Update the speed modes supported
and their itap delay values for MMCSD subsystems (bsc#1012628).
- iio: adis16480: fix pps mode sampling frequency math
(bsc#1012628).
- arm64: dts: qcom: sc7180: trogdor: Fix trip point config of
charger thermal zone (bsc#1012628).
- arm64: dts: qcom: sm8250: Fix level triggered PMU interrupt
polarity (bsc#1012628).
- arm64: dts: qcom: sm8350: Fix level triggered PMU interrupt
polarity (bsc#1012628).
- arm64: dts: qcom: sm8250: Fix timer interrupt to specify EL2
physical timer (bsc#1012628).
- arm64: dts: qcom: sc7180: Avoid glitching SPI CS at bootup on
trogdor (bsc#1012628).
- arm64: dts: qcom: sdm845: fix number of pins in 'gpio-ranges'
(bsc#1012628).
- arm64: dts: qcom: sm8150: fix number of pins in 'gpio-ranges'
(bsc#1012628).
- arm64: dts: qcom: sm8250: fix number of pins in 'gpio-ranges'
(bsc#1012628).
- arm64: dts: qcom: sm8350: fix number of pins in 'gpio-ranges'
(bsc#1012628).
- arm64: dts: qcom: db845c: fix correct powerdown pin for WSA881x
(bsc#1012628).
- crypto: sun8i-ss - Fix memory leak of object d when dma_iv
fails to map (bsc#1012628).
- spi: stm32: drop devres version of spi_register_master
(bsc#1012628).
- arm64: dts: broadcom: bcm4908: set Asus GT-AC5300 port 7 PHY
mode (bsc#1012628).
- regulator: bd9576: Fix return from bd957x_probe() (bsc#1012628).
- arm64: dts: renesas: r8a77980: Fix vin4-7 endpoint binding
(bsc#1012628).
- selftests/x86: Add a missing .note.GNU-stack section to
thunks_32.S (bsc#1012628).
- crypto: arm/blake2s - fix for big endian (bsc#1012628).
- spi: stm32: Fix use-after-free on unbind (bsc#1012628).
- Drivers: hv: vmbus: Drop error message when 'No request id
available' (bsc#1012628).
- staging: qlge: fix an error code in probe() (bsc#1012628).
- x86/microcode: Check for offline CPUs before requesting new
microcode (bsc#1012628).
- usb: host: ehci-tegra: Select USB_GADGET Kconfig option
(bsc#1012628).
- devtmpfs: fix placement of complete() call (bsc#1012628).
- usb: gadget: pch_udc: Replace cpu_to_le32() by lower_32_bits()
(bsc#1012628).
- usb: gadget: pch_udc: Check if driver is present before calling
- >setup() (bsc#1012628).
- usb: gadget: pch_udc: Check for DMA mapping error (bsc#1012628).
- usb: gadget: pch_udc: Initialize device pointer before use
(bsc#1012628).
- usb: gadget: pch_udc: Provide a GPIO line used on Intel
Minnowboard (v1) (bsc#1012628).
- crypto: ccp - fix command queuing to TEE ring buffer
(bsc#1012628).
- crypto: qat - don't release uninitialized resources
(bsc#1012628).
- crypto: qat - ADF_STATUS_PF_RUNNING should be set after
adf_dev_init (bsc#1012628).
- fotg210-udc: Fix DMA on EP0 for length > max packet size
(bsc#1012628).
- fotg210-udc: Fix EP0 IN requests bigger than two packets
(bsc#1012628).
- fotg210-udc: Remove a dubious condition leading to fotg210_done
(bsc#1012628).
- fotg210-udc: Mask GRP2 interrupts we don't handle (bsc#1012628).
- fotg210-udc: Don't DMA more than the buffer can take
(bsc#1012628).
- fotg210-udc: Complete OUT requests on short packets
(bsc#1012628).
- usb: gadget: s3c: Fix incorrect resources releasing
(bsc#1012628).
- usb: gadget: s3c: Fix the error handling path in
's3c2410_udc_probe()' (bsc#1012628).
- dt-bindings: serial: stm32: Use 'type: object' instead of
false for 'additionalProperties' (bsc#1012628).
- mtd: require write permissions for locking and badblock ioctls
(bsc#1012628).
- arm64: dts: renesas: r8a779a0: Fix PMU interrupt (bsc#1012628).
- arm64: dts: mt8183: Add gce client reg for display subcomponents
(bsc#1012628).
- arm64: dts: mt8173: fix wrong power-domain phandle of pmic
(bsc#1012628).
- bus: qcom: Put child node before return (bsc#1012628).
- arm64: dts: qcom: sm8250: fix display nodes (bsc#1012628).
- soundwire: bus: Fix device found flag correctly (bsc#1012628).
- soc: mediatek: pm-domains: Fix missing error code in
scpsys_add_subdomain() (bsc#1012628).
- phy: ti: j721e-wiz: Delete "clk_div_sel" clk provider during
cleanup (bsc#1012628).
- phy: ralink: phy-mt7621-pci: fix XTAL bitmask (bsc#1012628).
- phy: marvell: ARMADA375_USBCLUSTER_PHY should not default to y,
unconditionally (bsc#1012628).
- phy: ralink: phy-mt7621-pci: fix return value check in
mt7621_pci_phy_probe() (bsc#1012628).
- phy: ingenic: Fix a typo in ingenic_usb_phy_probe()
(bsc#1012628).
- arm64: dts: mediatek: fix reset GPIO level on pumpkin
(bsc#1012628).
- NFSv4.2: fix copy stateid copying for the async copy
(bsc#1012628).
- crypto: poly1305 - fix poly1305_core_setkey() declaration
(bsc#1012628).
- crypto: qat - fix error path in adf_isr_resource_alloc()
(bsc#1012628).
- usb: gadget: aspeed: fix dma map failure (bsc#1012628).
- USB: gadget: udc: fix wrong pointer passed to IS_ERR() and
PTR_ERR() (bsc#1012628).
- drivers: nvmem: Fix voltage settings for QTI qfprom-efuse
(bsc#1012628).
- nvmem: rmem: fix undefined reference to memremap (bsc#1012628).
- driver core: platform: Declare early_platform_cleanup()
prototype (bsc#1012628).
- ARM: dts: qcom: msm8974-lge-nexus5: correct fuel gauge interrupt
trigger level (bsc#1012628).
- ARM: dts: qcom: msm8974-samsung-klte: correct fuel gauge
interrupt trigger level (bsc#1012628).
- memory: pl353: fix mask of ECC page_size config register
(bsc#1012628).
- soundwire: stream: fix memory leak in stream config error path
(bsc#1012628).
- m68k: mvme147,mvme16x: Don't wipe PCC timer config bits
(bsc#1012628).
- firmware: qcom_scm: Make __qcom_scm_is_call_available() return
bool (bsc#1012628).
- firmware: qcom_scm: Reduce locking section for
__get_convention() (bsc#1012628).
- firmware: qcom_scm: Workaround lack of "is available" call on
SC7180 (bsc#1012628).
- iio: adc: Kconfig: make AD9467 depend on ADI_AXI_ADC symbol
(bsc#1012628).
- mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init
(bsc#1012628).
- irqchip/gic-v3: Fix OF_BAD_ADDR error handling (bsc#1012628).
- staging: comedi: tests: ni_routes_test: Fix compilation error
(bsc#1012628).
- staging: rtl8192u: Fix potential infinite loop (bsc#1012628).
- staging: fwserial: fix TIOCSSERIAL implementation (bsc#1012628).
- staging: fwserial: fix TIOCGSERIAL implementation (bsc#1012628).
- staging: greybus: uart: fix unprivileged TIOCCSERIAL
(bsc#1012628).
- platform/x86: dell-wmi-sysman: Make init_bios_attributes()
ACPI object parsing more robust (bsc#1012628).
- soc: qcom: pdr: Fix error return code in pdr_register_listener
(bsc#1012628).
- PM / devfreq: Use more accurate returned new_freq as resume_freq
(bsc#1012628).
- clocksource/drivers/timer-ti-dm: Fix posted mode status check
order (bsc#1012628).
- clocksource/drivers/timer-ti-dm: Add missing
set_state_oneshot_stopped (bsc#1012628).
- clocksource/drivers/ingenic_ost: Fix return value check in
ingenic_ost_probe() (bsc#1012628).
- spi: Fix use-after-free with devm_spi_alloc_* (bsc#1012628).
- spi: fsl: add missing iounmap() on error in of_fsl_spi_probe()
(bsc#1012628).
- soc: qcom: mdt_loader: Validate that p_filesz < p_memsz
(bsc#1012628).
- soc: qcom: mdt_loader: Detect truncated read of segments
(bsc#1012628).
- PM: runtime: Replace inline function
pm_runtime_callbacks_present() (bsc#1012628).
- cpuidle: Fix ARM_QCOM_SPM_CPUIDLE configuration (bsc#1012628).
- ACPI: CPPC: Replace cppc_attr with kobj_attribute (bsc#1012628).
- crypto: allwinner - add missing CRYPTO_ prefix (bsc#1012628).
- crypto: sun8i-ss - Fix memory leak of pad (bsc#1012628).
- crypto: sa2ul - Fix memory leak of rxd (bsc#1012628).
- crypto: qat - Fix a double free in adf_create_ring
(bsc#1012628).
- cpufreq: armada-37xx: Fix setting TBG parent for load levels
(bsc#1012628).
- clk: mvebu: armada-37xx-periph: remove .set_parent method for
CPU PM clock (bsc#1012628).
- cpufreq: armada-37xx: Fix the AVS value for load L1
(bsc#1012628).
- clk: mvebu: armada-37xx-periph: Fix switching CPU freq from
250 Mhz to 1 GHz (bsc#1012628).
- clk: mvebu: armada-37xx-periph: Fix workaround for switching
from L1 to L0 (bsc#1012628).
- cpufreq: armada-37xx: Fix driver cleanup when registration
failed (bsc#1012628).
- cpufreq: armada-37xx: Fix determining base CPU frequency
(bsc#1012628).
- spi: spi-zynqmp-gqspi: use wait_for_completion_timeout to make
zynqmp_qspi_exec_op not interruptible (bsc#1012628).
- spi: spi-zynqmp-gqspi: add mutex locking for exec_op
(bsc#1012628).
- spi: spi-zynqmp-gqspi: transmit dummy circles by using the
controller's internal functionality (bsc#1012628).
- spi: spi-zynqmp-gqspi: fix incorrect operating mode in
zynqmp_qspi_read_op (bsc#1012628).
- spi: fsl-lpspi: Fix PM reference leak in
lpspi_prepare_xfer_hardware() (bsc#1012628).
- usb: gadget: r8a66597: Add missing null check on return from
platform_get_resource (bsc#1012628).
- USB: cdc-acm: fix unprivileged TIOCCSERIAL (bsc#1012628).
- USB: cdc-acm: fix TIOCGSERIAL implementation (bsc#1012628).
- tty: actually undefine superseded ASYNC flags (bsc#1012628).
- tty: fix return value for unsupported ioctls (bsc#1012628).
- tty: fix return value for unsupported termiox ioctls
(bsc#1012628).
- serial: core: return early on unsupported ioctls (bsc#1012628).
- firmware: qcom-scm: Fix QCOM_SCM configuration (bsc#1012628).
- node: fix device cleanups in error handling code (bsc#1012628).
- crypto: chelsio - Read rxchannel-id from firmware (bsc#1012628).
- usbip: vudc: fix missing unlock on error in usbip_sockfd_store()
(bsc#1012628).
- m68k: Add missing mmap_read_lock() to sys_cacheflush()
(bsc#1012628).
- usb: cdnsp: Fixes issue with Configure Endpoint command
(bsc#1012628).
- spi: spi-zynqmp-gqspi: Fix missing unlock on error in
zynqmp_qspi_exec_op() (bsc#1012628).
- memory: renesas-rpc-if: fix possible NULL pointer dereference
of resource (bsc#1012628).
- memory: samsung: exynos5422-dmc: handle clk_set_parent()
failure (bsc#1012628).
- security: keys: trusted: fix TPM2 authorizations (bsc#1012628).
- char: tpm: fix error return code in tpm_cr50_i2c_tis_recv()
(bsc#1012628).
- platform/x86: pmc_atom: Match all Beckhoff Automation baytrail
boards with critclk_systems DMI table (bsc#1012628).
- usb: typec: tcpm: Honour pSnkStdby requirement during
negotiation (bsc#1012628).
- spi: spi-zynqmp-gqspi: Fix runtime PM imbalance in
zynqmp_qspi_probe (bsc#1012628).
- ARM: dts: aspeed: Rainier: Fix humidity sensor bus address
(bsc#1012628).
- Drivers: hv: vmbus: Use after free in __vmbus_open()
(bsc#1012628).
- crypto: arm64/aes-ce - deal with oversight in new CTR carry code
(bsc#1012628).
- spi: spi-zynqmp-gqspi: fix clk_enable/disable imbalance issue
(bsc#1012628).
- spi: spi-zynqmp-gqspi: fix hang issue when suspend/resume
(bsc#1012628).
- spi: spi-zynqmp-gqspi: fix use-after-free in zynqmp_qspi_exec_op
(bsc#1012628).
- spi: spi-zynqmp-gqspi: return -ENOMEM if dma_map_single fails
(bsc#1012628).
- btrfs: zoned: move log tree node allocation out of
log_root_tree->log_mutex (bsc#1012628).
- btrfs: zoned: bail out in btrfs_alloc_chunk for bad input
(bsc#1012628).
- x86/platform/uv: Fix !KEXEC build failure (bsc#1012628).
- hwmon: (pmbus/pxe1610) don't bail out when not all pages are
active (bsc#1012628).
- platform/surface: aggregator: fix a bit test (bsc#1012628).
- Drivers: hv: vmbus: Increase wait time for VMbus unload
(bsc#1012628).
- PM: hibernate: x86: Use crc32 instead of md5 for hibernation
e820 integrity check (bsc#1012628).
- usb: dwc2: Fix host mode hibernation exit with remote wakeup
flow (bsc#1012628).
- usb: dwc2: Fix hibernation between host and device modes
(bsc#1012628).
- ttyprintk: Add TTY hangup callback (bsc#1012628).
- serial: omap: don't disable rs485 if rts gpio is missing
(bsc#1012628).
- serial: omap: fix rs485 half-duplex filtering (bsc#1012628).
- spi: tools: make a symbolic link to the header file spi.h
(bsc#1012628).
- xen-blkback: fix compatibility bug with single page rings
(bsc#1012628).
- soc: aspeed: fix a ternary sign expansion bug (bsc#1012628).
- drm/tilcdc: send vblank event when disabling crtc (bsc#1012628).
- drm/stm: Fix bus_flags handling (bsc#1012628).
- drm/amd/display: Fix off by one in hdmi_14_process_transaction()
(bsc#1012628).
- drm/mcde/panel: Inverse misunderstood flag (bsc#1012628).
- scsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb()
(bsc#1012628).
- sched/fair: Fix shift-out-of-bounds in load_balance()
(bsc#1012628).
- printk: limit second loop of syslog_print_all (bsc#1012628).
- afs: Fix updating of i_mode due to 3rd party change
(bsc#1012628).
- rcu: Remove spurious instrumentation_end() in rcu_nmi_enter()
(bsc#1012628).
- media: mtk: fix mtk-smi dependency (bsc#1012628).
- media: vivid: fix assignment of dev->fbuf_out_flags
(bsc#1012628).
- media: saa7134: use sg_dma_len when building pgtable
(bsc#1012628).
- media: saa7146: use sg_dma_len when building pgtable
(bsc#1012628).
- media: omap4iss: return error code when omap4iss_get() failed
(bsc#1012628).
- media: rkisp1: rsz: crash fix when setting src format
(bsc#1012628).
- media: aspeed: fix clock handling logic (bsc#1012628).
- drm/panel-simple: Undo enable if HPD never asserts
(bsc#1012628).
- power: supply: bq27xxx: fix sign of current_now for newer ICs
(bsc#1012628).
- drm/probe-helper: Check epoch counter in output_poll_execute()
(bsc#1012628).
- media: venus: core: Fix some resource leaks in the error path of
'venus_probe()' (bsc#1012628).
- media: platform: sunxi: sun6i-csi: fix error return code of
sun6i_video_start_streaming() (bsc#1012628).
- media: m88ds3103: fix return value check in m88ds3103_probe()
(bsc#1012628).
- media: docs: Fix data organization of
MEDIA_BUS_FMT_RGB101010_1X30 (bsc#1012628).
- media: [next] staging: media: atomisp: fix memory leak of
object flash (bsc#1012628).
- media: atomisp: Fixed error handling path (bsc#1012628).
- media: m88rs6000t: avoid potential out-of-bounds reads on arrays
(bsc#1012628).
- media: atomisp: Fix use after free in
atomisp_alloc_css_stat_bufs() (bsc#1012628).
- x86/kprobes: Retrieve correct opcode for group instruction
(bsc#1012628).
- drm/amdkfd: fix build error with AMD_IOMMU_V2=m (bsc#1012628).
- drm/amdkfd: Fix recursive lock warnings (bsc#1012628).
- drm/amd/display: Free local data after use (bsc#1012628).
- of: overlay: fix for_each_child.cocci warnings (bsc#1012628).
- scsi: qla2xxx: Check kzalloc() return value (bsc#1012628).
- x86/kprobes: Fix to check non boostable prefixes correctly
(bsc#1012628).
- drm/omap: dsi: Add missing IRQF_ONESHOT (bsc#1012628).
- selftests: fix prepending $(OUTPUT) to $(TEST_PROGS)
(bsc#1012628).
- pata_arasan_cf: fix IRQ check (bsc#1012628).
- pata_ipx4xx_cf: fix IRQ check (bsc#1012628).
- sata_mv: add IRQ checks (bsc#1012628).
- ata: libahci_platform: fix IRQ check (bsc#1012628).
- seccomp: Fix CONFIG tests for Seccomp_filters (bsc#1012628).
- drm/mediatek: Switch the hdmi bridge ops to the atomic versions
(bsc#1012628).
- drm/mediatek: Don't support hdmi connector creation
(bsc#1012628).
- nvme-tcp: block BH in sk state_change sk callback (bsc#1012628).
- nvmet-tcp: fix incorrect locking in state_change sk callback
(bsc#1012628).
- clk: imx: Fix reparenting of UARTs not associated with stdout
(bsc#1012628).
- power: supply: bq25980: Move props from battery node
(bsc#1012628).
- nvme: retrigger ANA log update if group descriptor isn't found
(bsc#1012628).
- media: ccs: Fix sub-device function (bsc#1012628).
- media: ipu3-cio2: Fix pixel-rate derived link frequency
(bsc#1012628).
- media: i2c: imx219: Move out locking/unlocking of vflip and
hflip controls from imx219_set_stream (bsc#1012628).
- media: i2c: imx219: Balance runtime PM use-count (bsc#1012628).
- media: v4l2-ctrls.c: fix race condition in hdl->requests list
(bsc#1012628).
- media: rkvdec: Do not require all controls to be present in
every request (bsc#1012628).
- vfio/fsl-mc: Re-order vfio_fsl_mc_probe() (bsc#1012628).
- vfio/pci: Move VGA and VF initialization to functions
(bsc#1012628).
- vfio/pci: Re-order vfio_pci_probe() (bsc#1012628).
- drm/msm: Fix debugfs deadlock (bsc#1012628).
- drm/msm/dpu: enable DPU_SSPP_QOS_8LVL for SM8250 (bsc#1012628).
- vfio/mdev: Do not allow a mdev_type to have a NULL parent
pointer (bsc#1012628).
- clk: zynqmp: move zynqmp_pll_set_mode out of round_rate callback
(bsc#1012628).
- clk: zynqmp: pll: add set_pll_mode to check condition in
zynqmp_pll_enable (bsc#1012628).
- drm: xlnx: zynqmp: fix a memset in zynqmp_dp_train()
(bsc#1012628).
- media: i2c: rdamc21: Fix warning on u8 cast (bsc#1012628).
- clk: qcom: a7-pll: Add missing MODULE_DEVICE_TABLE
(bsc#1012628).
- clk: qcom: a53-pll: Add missing MODULE_DEVICE_TABLE
(bsc#1012628).
- clk: qcom: apss-ipq-pll: Add missing MODULE_DEVICE_TABLE
(bsc#1012628).
- drm/amd/display: use GFP_ATOMIC in dcn20_resource_construct
(bsc#1012628).
- drm/amd/display: check fb of primary plane (bsc#1012628).
- drm/radeon: Fix a missing check bug in radeon_dp_mst_detect()
(bsc#1012628).
- bcache: Use 64-bit arithmetic instead of 32-bit (bsc#1012628).
- clk: uniphier: Fix potential infinite loop (bsc#1012628).
- scsi: pm80xx: Increase timeout for pm80xx mpi_uninit_check()
(bsc#1012628).
- scsi: pm80xx: Fix potential infinite loop (bsc#1012628).
- scsi: ufs: ufshcd-pltfrm: Fix deferred probing (bsc#1012628).
- scsi: hisi_sas: Fix IRQ checks (bsc#1012628).
- scsi: jazz_esp: Add IRQ check (bsc#1012628).
- scsi: sun3x_esp: Add IRQ check (bsc#1012628).
- scsi: sni_53c710: Add IRQ check (bsc#1012628).
- scsi: ibmvfc: Fix invalid state machine BUG_ON() (bsc#1012628).
- mailbox: sprd: Introduce refcnt when clients requests/free
channels (bsc#1012628).
- mfd: stm32-timers: Avoid clearing auto reload register
(bsc#1012628).
- nvmet-tcp: fix a segmentation fault during io parsing error
(bsc#1012628).
- nvme-pci: don't simple map sgl when sgls are disabled
(bsc#1012628).
- media: meson-ge2d: fix rotation parameters (bsc#1012628).
- media: cedrus: Fix H265 status definitions (bsc#1012628).
- HSI: core: fix resource leaks in hsi_add_client_from_dt()
(bsc#1012628).
- x86/events/amd/iommu: Fix sysfs type mismatch (bsc#1012628).
- perf/amd/uncore: Fix sysfs type mismatch (bsc#1012628).
- io_uring: fix overflows checks in provide buffers (bsc#1012628).
- block/rnbd-clt-sysfs: Remove copy buffer overlap in
rnbd_clt_get_path_name (bsc#1012628).
- sched/debug: Fix cgroup_path[] serialization (bsc#1012628).
- kthread: Fix PF_KTHREAD vs to_kthread() race (bsc#1012628).
- ataflop: potential out of bounds in do_format() (bsc#1012628).
- ataflop: fix off by one in ataflop_probe() (bsc#1012628).
- drivers/block/null_blk/main: Fix a double free in null_init
(bsc#1012628).
- xsk: Respect device's headroom and tailroom on generic xmit path
(bsc#1012628).
- HID: plantronics: Workaround for double volume key presses
(bsc#1012628).
- perf symbols: Fix dso__fprintf_symbols_by_name() to return
the number of printed chars (bsc#1012628).
- ASoC: Intel: boards: sof-wm8804: add check for PLL setting
(bsc#1012628).
- ASoC: Intel: Skylake: Compile when any configuration is selected
(bsc#1012628).
- RDMA/mlx5: Zero out ODP related items in the mlx5_ib_mr
(bsc#1012628).
- RDMA/mlx5: Fix query RoCE port (bsc#1012628).
- RDMA/mlx5: Fix mlx5 rates to IB rates map (bsc#1012628).
- net/mlx5: DR, Add missing vhca_id consume from STEv1
(bsc#1012628).
- wilc1000: write value to WILC_INTR2_ENABLE register
(bsc#1012628).
- KVM: x86/mmu: Retry page faults that hit an invalid memslot
(bsc#1012628).
- Bluetooth: avoid deadlock between hci_dev->lock and socket lock
(bsc#1012628).
- net: lapbether: Prevent racing when checking whether the netif
is running (bsc#1012628).
- libbpf: Add explicit padding to bpf_xdp_set_link_opts
(bsc#1012628).
- bpftool: Fix maybe-uninitialized warnings (bsc#1012628).
- iommu: Check dev->iommu in iommu_dev_xxx functions
(bsc#1012628).
- iommu/dma: Resurrect the "forcedac" option (bsc#1012628).
- iommu/vt-d: Reject unsupported page request modes (bsc#1012628).
- ASoC: tegra30: i2s: Restore hardware state on runtime PM resume
(bsc#1012628).
- net: dsa: bcm_sf2: add function finding RGMII register
(bsc#1012628).
- net: dsa: bcm_sf2: fix BCM4908 RGMII reg(s) (bsc#1012628).
- selftests/bpf: Re-generate vmlinux.h and BPF skeletons if
bpftool changed (bsc#1012628).
- libbpf: Add explicit padding to btf_dump_emit_type_decl_opts
(bsc#1012628).
- powerpc/mm: Move the linear_mapping_mutex to the ifdef where
it is used (bsc#1012628).
- powerpc/fadump: Mark fadump_calculate_reserve_size as __init
(bsc#1012628).
- powerpc/prom: Mark identical_pvr_fixup as __init (bsc#1012628).
- MIPS: fix local_irq_{disable,enable} in asmmacro.h
(bsc#1012628).
- ima: Fix the error code for restoring the PCR value
(bsc#1012628).
- inet: use bigger hash table for IP ID generation (bsc#1012628).
- pinctrl: pinctrl-single: remove unused parameter (bsc#1012628).
- pinctrl: pinctrl-single: fix pcs_pin_dbg_show() when
bits_per_mux is not zero (bsc#1012628).
- MIPS: loongson64: fix bug when PAGE_SIZE > 16KB (bsc#1012628).
- ASoC: wm8960: Remove bitclk relax condition in
wm8960_configure_sysclk (bsc#1012628).
- iommu/arm-smmu-v3: add bit field SFM into GERROR_ERR_MASK
(bsc#1012628).
- RDMA/mlx5: Fix drop packet rule in egress table (bsc#1012628).
- IB/isert: Fix a use after free in isert_connect_request
(bsc#1012628).
- powerpc/64s: Fix hash fault to use TRAP accessor (bsc#1012628).
- powerpc: Fix HAVE_HARDLOCKUP_DETECTOR_ARCH build configuration
(bsc#1012628).
- MIPS/bpf: Enable bpf_probe_read{, str}() on MIPS again
(bsc#1012628).
- gpio: guard gpiochip_irqchip_add_domain() with GPIOLIB_IRQCHIP
(bsc#1012628).
- fs: dlm: fix missing unlock on error in accept_from_sock()
(bsc#1012628).
- ASoC: q6afe-clocks: fix reprobing of the driver (bsc#1012628).
- ALSA: core: remove redundant spin_lock pair in
snd_card_disconnect (bsc#1012628).
- net: phy: lan87xx: fix access to wrong register of LAN87xx
(bsc#1012628).
- udp: skip L4 aggregation for UDP tunnel packets (bsc#1012628).
- udp: never accept GSO_FRAGLIST packets (bsc#1012628).
- powerpc/pseries: Only register vio drivers if vio bus exists
(bsc#1012628).
- net/tipc: fix missing destroy_workqueue() on error in
tipc_crypto_start() (bsc#1012628).
- bug: Remove redundant condition check in report_bug
(bsc#1012628).
- RDMA/core: Fix corrupted SL on passive side (bsc#1012628).
- nfc: pn533: prevent potential memory corruption (bsc#1012628).
- net: hns3: Limiting the scope of vector_ring_chain variable
(bsc#1012628).
- mips: bmips: fix syscon-reboot nodes (bsc#1012628).
- KVM: arm64: Fix error return code in init_hyp_mode()
(bsc#1012628).
- iommu/vt-d: Don't set then clear private data in
prq_event_thread() (bsc#1012628).
- iommu: Fix a boundary issue to avoid performance drop
(bsc#1012628).
- iommu/vt-d: Report right snoop capability when using FL for IOVA
(bsc#1012628).
- iommu/vt-d: Report the right page fault address (bsc#1012628).
- iommu/vt-d: Remove WO permissions on second-level paging entries
(bsc#1012628).
- iommu/vt-d: Invalidate PASID cache when root/context entry
changed (bsc#1012628).
- ALSA: usb-audio: Add error checks for
usb_driver_claim_interface() calls (bsc#1012628).
- HID: lenovo: Use brightness_set_blocking callback for setting
LEDs brightness (bsc#1012628).
- HID: lenovo: Fix lenovo_led_set_tp10ubkbd() error handling
(bsc#1012628).
- HID: lenovo: Check hid_get_drvdata() returns non NULL in
lenovo_event() (bsc#1012628).
- HID: lenovo: Map mic-mute button to KEY_F20 instead of
KEY_MICMUTE (bsc#1012628).
- KVM: arm64: Initialize VCPU mdcr_el2 before loading it
(bsc#1012628).
- ASoC: simple-card: fix possible uninitialized single_cpu local
variable (bsc#1012628).
- liquidio: Fix unintented sign extension of a left shift of a
u16 (bsc#1012628).
- IB/hfi1: Use kzalloc() for mmu_rb_handler allocation
(bsc#1012628).
- powerpc/64s: Fix pte update for kernel memory on radix
(bsc#1012628).
- powerpc/pseries: Add key to flags in
pSeries_lpar_hpte_updateboltedpp() (bsc#1012628).
- powerpc/64s: Use htab_convert_pte_flags() in
hash__mark_rodata_ro() (bsc#1012628).
- powerpc/perf: Fix PMU constraint check for EBB events
(bsc#1012628).
- powerpc: iommu: fix build when neither PCI or IBMVIO is set
(bsc#1012628).
- mac80211: bail out if cipher schemes are invalid (bsc#1012628).
- perf vendor events amd: Fix broken L2 Cache Hits from L2 HWPF
metric (bsc#1012628).
- RDMA/hns: Fix missing assignment of max_inline_data
(bsc#1012628).
- xfs: fix return of uninitialized value in variable error
(bsc#1012628).
- rtw88: Fix an error code in rtw_debugfs_set_rsvd_page()
(bsc#1012628).
- mt7601u: fix always true expression (bsc#1012628).
- mt76: mt7615: fix tx skb dma unmap (bsc#1012628).
- mt76: mt7915: fix tx skb dma unmap (bsc#1012628).
- mt76: mt7921: fix suspend/resume sequence (bsc#1012628).
- mt76: mt7921: fix memory leak in mt7921_coredump_work
(bsc#1012628).
- mt76: connac: fix up the setting for ht40 mode in
mt76_connac_mcu_uni_add_bss (bsc#1012628).
- mt76: mt7921: fixup rx bitrate statistics (bsc#1012628).
- mt76: mt7615: fix memory leak in mt7615_coredump_work
(bsc#1012628).
- mt76: mt7921: fix aggr length histogram (bsc#1012628).
- mt76: mt7915: fix aggr len debugfs node (bsc#1012628).
- mt76: mt7921: fix stats register definitions (bsc#1012628).
- mt76: mt7615: fix TSF configuration (bsc#1012628).
- mt76: mt7615: fix mib stats counter reporting to mac80211
(bsc#1012628).
- mt76: mt7915: fix mib stats counter reporting to mac80211
(bsc#1012628).
- mt76: connac: fix kernel warning adding monitor interface
(bsc#1012628).
- mt76: check return value of mt76_txq_send_burst in
mt76_txq_schedule_list (bsc#1012628).
- mt76: mt7921: fix the base of PCIe interrupt (bsc#1012628).
- mt76: mt7921: fix the base of the dynamic remap (bsc#1012628).
- mt76: mt7915: fix rxrate reporting (bsc#1012628).
- mt76: mt7915: fix txrate reporting (bsc#1012628).
- mt76: mt7663: fix when beacon filter is being applied
(bsc#1012628).
- mt76: mt7663s: make all of packets 4-bytes aligned in sdio tx
aggregation (bsc#1012628).
- mt76: mt7663s: fix the possible device hang in high traffic
(bsc#1012628).
- mt76: mt7615: cleanup mcu tx queue in mt7615_dma_reset()
(bsc#1012628).
- mt76: mt7915: cleanup mcu tx queue in mt7915_dma_reset()
(bsc#1012628).
- mt76: mt7921: always wake the device in mt7921_remove_interface
(bsc#1012628).
- mt76: mt7921: fix inappropriate WoW setup with the missing
ARP informaiton (bsc#1012628).
- mt76: mt7921: fix the dwell time control (bsc#1012628).
- KVM: PPC: Book3S HV P9: Restore host CTRL SPR after guest exit
(bsc#1012628).
- ovl: show "userxattr" in the mount data (bsc#1012628).
- ovl: invalidate readdir cache on changes to dir with origin
(bsc#1012628).
- RDMA/qedr: Fix error return code in qedr_iw_connect()
(bsc#1012628).
- IB/hfi1: Fix error return code in parse_platform_config()
(bsc#1012628).
- RDMA/bnxt_re: Fix error return code in
bnxt_qplib_cq_process_terminal() (bsc#1012628).
- cxgb4: Fix unintentional sign extension issues (bsc#1012628).
- net: thunderx: Fix unintentional sign extension issue
(bsc#1012628).
- mt76: mt7921: fix kernel crash when the firmware fails to
download (bsc#1012628).
- RDMA/srpt: Fix error return code in srpt_cm_req_recv()
(bsc#1012628).
- RDMA/rtrs-clt: destroy sysfs after removing session from active
list (bsc#1012628).
- pinctrl: at91-pio4: Fix slew rate disablement (bsc#1012628).
- i2c: cadence: fix reference leak when pm_runtime_get_sync fails
(bsc#1012628).
- i2c: img-scb: fix reference leak when pm_runtime_get_sync fails
(bsc#1012628).
- i2c: imx-lpi2c: fix reference leak when pm_runtime_get_sync
fails (bsc#1012628).
- i2c: imx: fix reference leak when pm_runtime_get_sync fails
(bsc#1012628).
- i2c: omap: fix reference leak when pm_runtime_get_sync fails
(bsc#1012628).
- i2c: sprd: fix reference leak when pm_runtime_get_sync fails
(bsc#1012628).
- i2c: stm32f7: fix reference leak when pm_runtime_get_sync fails
(bsc#1012628).
- i2c: xiic: fix reference leak when pm_runtime_get_sync fails
(bsc#1012628).
- i2c: cadence: add IRQ check (bsc#1012628).
- i2c: emev2: add IRQ check (bsc#1012628).
- i2c: jz4780: add IRQ check (bsc#1012628).
- i2c: mlxbf: add IRQ check (bsc#1012628).
- i2c: rcar: add IRQ check (bsc#1012628).
- i2c: sh7760: add IRQ check (bsc#1012628).
- fuse: fix matching of FUSE_DEV_IOC_CLONE command (bsc#1012628).
- iwlwifi: rs-fw: don't support stbc for HE 160 (bsc#1012628).
- iwlwifi: dbg: disable ini debug in 9000 family and below
(bsc#1012628).
- powerpc/xive: Drop check on irq_data in xive_core_debug_show()
(bsc#1012628).
- powerpc/xive: Fix xmon command "dxi" (bsc#1012628).
- powerpc/syscall: switch user_exit_irqoff and trace_hardirqs_off
order (bsc#1012628).
- ASoC: ak5558: correct reset polarity (bsc#1012628).
- net/mlx5: Fix bit-wise and with zero (bsc#1012628).
- net/packet: remove data races in fanout operations
(bsc#1012628).
- drm/i915/gvt: Fix error code in intel_gvt_init_device()
(bsc#1012628).
- iommu/vt-d: Fix an error handling path in
'intel_prepare_irq_remapping()' (bsc#1012628).
- iommu/amd: Put newline after closing bracket in warning
(bsc#1012628).
- perf beauty: Fix fsconfig generator (bsc#1012628).
- drm/amdgpu: fix an error code in
init_pmu_entry_by_type_and_add() (bsc#1012628).
- drm/amd/pm: fix error code in smu_set_power_limit()
(bsc#1012628).
- MIPS: pci-legacy: stop using of_pci_range_to_resource
(bsc#1012628).
- powerpc/pseries: extract host bridge from pci_bus prior to
bus removal (bsc#1012628).
- iommu/mediatek: Always enable the clk on resume (bsc#1012628).
- mptcp: fix format specifiers for unsigned int (bsc#1012628).
- powerpc/smp: Reintroduce cpu_core_mask (bsc#1012628).
- KVM: x86: dump_vmcs should not assume GUEST_IA32_EFER is valid
(bsc#1012628).
- rtlwifi: 8821ae: upgrade PHY and RF parameters (bsc#1012628).
- wlcore: fix overlapping snprintf arguments in debugfs
(bsc#1012628).
- i2c: sh7760: fix IRQ error path (bsc#1012628).
- i2c: mediatek: Fix wrong dma sync flag (bsc#1012628).
- mwl8k: Fix a double Free in mwl8k_probe_hw (bsc#1012628).
- netfilter: nft_payload: fix C-VLAN offload support
(bsc#1012628).
- netfilter: nftables_offload: VLAN id needs host byteorder in
flow dissector (bsc#1012628).
- netfilter: nftables_offload: special ethertype handling for VLAN
(bsc#1012628).
- vsock/vmci: log once the failed queue pair allocation
(bsc#1012628).
- libbpf: Initialize the bpf_seq_printf parameters array field
by field (bsc#1012628).
- net: ethernet: ixp4xx: Set the DMA masks explicitly
(bsc#1012628).
- gro: fix napi_gro_frags() Fast GRO breakage due to IP alignment
check (bsc#1012628).
- RDMA/cxgb4: add missing qpid increment (bsc#1012628).
- RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails
(bsc#1012628).
- ALSA: usb: midi: don't return -ENOMEM when usb_urb_ep_type_check
fails (bsc#1012628).
- sfc: ef10: fix TX queue lookup in TX event handling
(bsc#1012628).
- vsock/virtio: free queued packets when closing socket
(bsc#1012628).
- net: marvell: prestera: fix port event handling on init
(bsc#1012628).
- net: davinci_emac: Fix incorrect masking of tx and rx error
channel (bsc#1012628).
- rtw88: refine napi deinit flow (bsc#1012628).
- mt76: mt7615: fix memleak when mt7615_unregister_device()
(bsc#1012628).
- mt76: mt7915: fix memleak when mt7915_unregister_device()
(bsc#1012628).
- mt76: mt7921: run mt7921_mcu_fw_log_2_host holding mt76 mutex
(bsc#1012628).
- powerpc/pseries/iommu: Fix window size for direct mapping with
pmem (bsc#1012628).
- crypto: ccp: Detect and reject "invalid" addresses destined
for PSP (bsc#1012628).
- net: dsa: mv88e6xxx: Fix off-by-one in VTU devlink region size
(bsc#1012628).
- nfp: devlink: initialize the devlink port attribute "lanes"
(bsc#1012628).
- net: stmmac: fix TSO and TBS feature enabling during driver open
(bsc#1012628).
- net: renesas: ravb: Fix a stuck issue when a lot of frames
are received (bsc#1012628).
- net: phy: intel-xway: enable integrated led functions
(bsc#1012628).
- mt76: mt7615: Fix a dereference of pointer sta before it is
null checked (bsc#1012628).
- mt76: mt7921: fix possible invalid register access
(bsc#1012628).
- RDMA/rxe: Fix a bug in rxe_fill_ip_info() (bsc#1012628).
- RDMA/core: Add CM to restrack after successful attachment to
a device (bsc#1012628).
- powerpc/64: Fix the definition of the fixmap area (bsc#1012628).
- ath9k: Fix error check in ath9k_hw_read_revisions() for PCI
devices (bsc#1012628).
- ath10k: Fix a use after free in ath10k_htc_send_bundle
(bsc#1012628).
- ath10k: Fix ath10k_wmi_tlv_op_pull_peer_stats_info() unlock
without lock (bsc#1012628).
- wlcore: Fix buffer overrun by snprintf due to incorrect buffer
size (bsc#1012628).
- powerpc/perf: Fix the threshold event selection for memory
events in power10 (bsc#1012628).
- powerpc/52xx: Fix an invalid ASM expression ('addi' used
instead of 'add') (bsc#1012628).
- net: phy: marvell: fix m88e1011_set_downshift (bsc#1012628).
- net: phy: marvell: fix m88e1111_set_downshift (bsc#1012628).
- net: enetc: fix link error again (bsc#1012628).
- net, xdp: Update pkt_type if generic XDP changes unicast MAC
(bsc#1012628).
- bnxt_en: fix ternary sign extension bug in bnxt_show_temp()
(bsc#1012628).
- ARM: dts: uniphier: Change phy-mode to RGMII-ID to enable
delay pins for RTL8211E (bsc#1012628).
- arm64: dts: uniphier: Change phy-mode to RGMII-ID to enable
delay pins for RTL8211E (bsc#1012628).
- net: geneve: modify IP header check in geneve6_xmit_skb and
geneve_xmit_skb (bsc#1012628).
- selftests: net: mirror_gre_vlan_bridge_1q: Make an FDB entry
static (bsc#1012628).
- selftests: mlxsw: Remove a redundant if statement in port_scale
test (bsc#1012628).
- selftests: mlxsw: Remove a redundant if statement in
tc_flower_scale test (bsc#1012628).
- mptcp: Retransmit DATA_FIN (bsc#1012628).
- bnxt_en: Fix RX consumer index logic in the error path
(bsc#1012628).
- KVM: VMX: Intercept FS/GS_BASE MSR accesses for 32-bit KVM
(bsc#1012628).
- KVM: SVM: Zero out the VMCB array used to track SEV ASID
association (bsc#1012628).
- KVM: SVM: Free sev_asid_bitmap during init if SEV setup fails
(bsc#1012628).
- KVM: SVM: Disable SEV/SEV-ES if NPT is disabled (bsc#1012628).
- net/sched: act_ct: fix wild memory access when clearing
fragments (bsc#1012628).
- net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send
(bsc#1012628).
- selftests/bpf: Fix BPF_CORE_READ_BITFIELD() macro (bsc#1012628).
- selftests/bpf: Fix field existence CO-RE reloc tests
(bsc#1012628).
- selftests/bpf: Fix core_reloc test runner (bsc#1012628).
- bpf: Fix propagation of 32 bit unsigned bounds from 64 bit
bounds (bsc#1012628).
- RDMA/siw: Fix a use after free in siw_alloc_mr (bsc#1012628).
- RDMA/bnxt_re: Fix a double free in bnxt_qplib_alloc_res
(bsc#1012628).
- net: bridge: mcast: fix broken length + header check for MRDv6
Adv (bsc#1012628).
- net: dsa: mv88e6xxx: Fix 6095/6097/6185 ports in non-SERDES
CMODE (bsc#1012628).
- net:nfc:digital: Fix a double free in digital_tg_recv_dep_req
(bsc#1012628).
- perf tools: Change fields type in perf_record_time_conv
(bsc#1012628).
- perf jit: Let convert_timestamp() to be backwards-compatible
(bsc#1012628).
- perf session: Add swap operation for event TIME_CONV
(bsc#1012628).
- ia64: ensure proper NUMA distance and possible map
initialization (bsc#1012628).
- ia64: fix EFI_DEBUG build (bsc#1012628).
- kfifo: fix ternary sign extension bugs (bsc#1012628).
- mm: memcontrol: slab: fix obtain a reference to a freeing memcg
(bsc#1012628).
- mm/sparse: add the missing sparse_buffer_fini() in error branch
(bsc#1012628).
- mm/memory-failure: unnecessary amount of unmapping
(bsc#1012628).
- afs: Fix speculative status fetches (bsc#1012628).
- bpf: Fix alu32 const subreg bound tracking on bitwise operations
(bsc#1012628).
- bpf, ringbuf: Deny reserve of buffers larger than ringbuf
(bsc#1012628).
- bpf: Prevent writable memory-mapping of read-only ringbuf pages
(bsc#1012628).
- net: Only allow init netns to set default tcp cong to a
restricted algo (bsc#1012628).
- smp: Fix smp_call_function_single_async prototype (bsc#1012628).
- Refresh patches.suse/firmware-xilinx-Add-pinctrl-support.patch.
- Update config files.
- commit f003acc
++++ zchunk:
- Update to version 1.1.12
* Update testsuite for zstd 1.5
------------------------------------------------------------------
------------------ 2021-5-14 - May 14 2021 -------------------
------------------------------------------------------------------
++++ Mesa:
- reenabled build of device-select and overlay vulkan layers
++++ Mesa-drivers:
- reenabled build of device-select and overlay vulkan layers
++++ NetworkManager:
- Drop networkmanager-obs-net.patch: the patch needs a full rework.
- Drop networkmanager-checks-po.patch: as it was supposed to fix
something introduced by another patch which we still carry, yet
we can live with this patch disabled, I'd infer this patch is not
nescessary.
++++ filesystem:
- Remove /usr/share/java, as it was moved to
javapackages-filesystem long ago
++++ glib2:
- Update to version 2.68.2:
+ Fix building third-party projects against GLib on CentOS 7.
+ Bugs fixed:
- json-glib does not build with glib 2.68.1.
- gmacros: check that __cplusplus or _MSC_VER is defined.
- gmacros: missing check if __STDC_VERSION__ is defined.
- Backport !2078 “gthreadedresolver: don't ignore flags in
lookup_by_name_with_flags†to glib-2-68.
++++ kernel-default:
- drm/radeon: use the dummy page for GART if needed (bsc#1185516).
- commit 25fe027
- ath11k: Clear the fragment cache during key install
(CVE-2020-24586 CVE-2020-24587 CVE-2020-26145 CVE-2020-24588
CVE-2020-24587 CVE-2020-26141 CVE-2020-26139 bsc#1185859
bsc#1185860 bsc#1185861 bsc#1185862 bsc#1185863 bsc#1185987
bsc#1186062).
- ath10k: Validate first subframe of A-MSDU before processing
the list (CVE-2020-24586 CVE-2020-24587 CVE-2020-26145
CVE-2020-24588 CVE-2020-24587 CVE-2020-26141 CVE-2020-26139
bsc#1185859 bsc#1185860 bsc#1185861 bsc#1185862 bsc#1185863
bsc#1185987 bsc#1186062).
- ath10k: Fix TKIP Michael MIC verification for PCIe
(CVE-2020-24586 CVE-2020-24587 CVE-2020-26145 CVE-2020-24588
CVE-2020-24587 CVE-2020-26141 CVE-2020-26139 bsc#1185859
bsc#1185860 bsc#1185861 bsc#1185862 bsc#1185863 bsc#1185987
bsc#1186062).
- ath10k: drop MPDU which has discard flag set by firmware
for SDIO (CVE-2020-24586 CVE-2020-24587 CVE-2020-26145
CVE-2020-24588 CVE-2020-24587 CVE-2020-26141 CVE-2020-26139
bsc#1185859 bsc#1185860 bsc#1185861 bsc#1185862 bsc#1185863
bsc#1185987 bsc#1186062).
- ath10k: drop fragments with multicast DA for SDIO
(CVE-2020-24586 CVE-2020-24587 CVE-2020-26145 CVE-2020-24588
CVE-2020-24587 CVE-2020-26141 CVE-2020-26139 bsc#1185859
bsc#1185860 bsc#1185861 bsc#1185862 bsc#1185863 bsc#1185987
bsc#1186062).
- ath10k: drop fragments with multicast DA for PCIe
(CVE-2020-24586 CVE-2020-24587 CVE-2020-26145 CVE-2020-24588
CVE-2020-24587 CVE-2020-26141 CVE-2020-26139 bsc#1185859
bsc#1185860 bsc#1185861 bsc#1185862 bsc#1185863 bsc#1185987
bsc#1186062).
- ath10k: add CCMP PN replay protection for fragmented frames
for PCIe (CVE-2020-24586 CVE-2020-24587 CVE-2020-26145
CVE-2020-24588 CVE-2020-24587 CVE-2020-26141 CVE-2020-26139
bsc#1185859 bsc#1185860 bsc#1185861 bsc#1185862 bsc#1185863
bsc#1185987 bsc#1186062).
- mac80211: extend protection against mixed key and fragment
cache attacks (CVE-2020-24586 CVE-2020-24587 CVE-2020-26145
CVE-2020-24588 CVE-2020-24587 CVE-2020-26141 CVE-2020-26139
bsc#1185859 bsc#1185860 bsc#1185861 bsc#1185862 bsc#1185863
bsc#1185987 bsc#1186062).
- mac80211: do not accept/forward invalid EAPOL frames
(CVE-2020-24586 CVE-2020-24587 CVE-2020-26145 CVE-2020-24588
CVE-2020-24587 CVE-2020-26141 CVE-2020-26139 bsc#1185859
bsc#1185860 bsc#1185861 bsc#1185862 bsc#1185863 bsc#1185987
bsc#1186062).
- mac80211: prevent attacks on TKIP/WEP as well (CVE-2020-24586
CVE-2020-24587 CVE-2020-26145 CVE-2020-24588 CVE-2020-24587
CVE-2020-26141 CVE-2020-26139 bsc#1185859 bsc#1185860
bsc#1185861 bsc#1185862 bsc#1185863 bsc#1185987 bsc#1186062).
- mac80211: check defrag PN against current frame (CVE-2020-24586
CVE-2020-24587 CVE-2020-26145 CVE-2020-24588 CVE-2020-24587
CVE-2020-26141 CVE-2020-26139 bsc#1185859 bsc#1185860
bsc#1185861 bsc#1185862 bsc#1185863 bsc#1185987 bsc#1186062).
- mac80211: add fragment cache to sta_info (CVE-2020-24586
CVE-2020-24587 CVE-2020-26145 CVE-2020-24588 CVE-2020-24587
CVE-2020-26141 CVE-2020-26139 bsc#1185859 bsc#1185860
bsc#1185861 bsc#1185862 bsc#1185863 bsc#1185987 bsc#1186062).
- mac80211: drop A-MSDUs on old ciphers (CVE-2020-24586
CVE-2020-24587 CVE-2020-26145 CVE-2020-24588 CVE-2020-24587
CVE-2020-26141 CVE-2020-26139 bsc#1185859 bsc#1185860
bsc#1185861 bsc#1185862 bsc#1185863 bsc#1185987 bsc#1186062).
- cfg80211: mitigate A-MSDU aggregation attacks (CVE-2020-24586
CVE-2020-24587 CVE-2020-26145 CVE-2020-24588 CVE-2020-24587
CVE-2020-26141 CVE-2020-26139 bsc#1185859 bsc#1185860
bsc#1185861 bsc#1185862 bsc#1185863 bsc#1185987 bsc#1186062).
- mac80211: properly handle A-MSDUs that start with an RFC
1042 header (CVE-2020-24586 CVE-2020-24587 CVE-2020-26145
CVE-2020-24588 CVE-2020-24587 CVE-2020-26141 CVE-2020-26139
bsc#1185859 bsc#1185860 bsc#1185861 bsc#1185862 bsc#1185863
bsc#1185987 bsc#1186062).
- mac80211: prevent mixed key and fragment cache attacks
(CVE-2020-24586 CVE-2020-24587 CVE-2020-26145 CVE-2020-24588
CVE-2020-24587 CVE-2020-26141 CVE-2020-26139 bsc#1185859
bsc#1185860 bsc#1185861 bsc#1185862 bsc#1185863 bsc#1185987
bsc#1186062).
- mac80211: assure all fragments are encrypted (CVE-2020-24586
CVE-2020-24587 CVE-2020-26145 CVE-2020-24588 CVE-2020-24587
CVE-2020-26141 CVE-2020-26139 bsc#1185859 bsc#1185860
bsc#1185861 bsc#1185862 bsc#1185863 bsc#1185987 bsc#1186062).
- commit 469e487
- pinctrl: bcm2835: Accept fewer than expected IRQs (bsc#1181942)
- commit af44426
++++ ceph:
- Update to 16.2.4-26-g555d38aa5a5:
+ rebased on top of v16.2.4 tag
https://ceph.io/releases/v16-2-4-pacific-released/
* mgr/dashboard: fix base-href: revert it to previous approach
* (bsc#1186021) mgr/dashboard: fix cookie injection issue (CVE-2021-3509)
* mgr/dashboard: fix set-ssl-certificate{,-key} commands
* (bsc#1186020) rgw: RGWSwiftWebsiteHandler::is_web_dir checks empty subdir_name (CVE-2021-3531)
* (bsc#1185619) rgw: sanitize \r in s3 CORSConfiguration’s ExposeHeader (CVE-2021-3524)
* systemd: remove ProtectClock=true for ceph-osd@.service
++++ zstd:
- Update to version 1.5.0
* https://github.com/facebook/zstd/releases/tag/v1.5.0
* Improved Middle-Level Compression Speed
* Improved High-Level Compression Ratio
* Faster Decompression Speed
* Dynamic Library Supports Multithreading by Default
- Drop zstd-1.4.9-Avoid-SIGBUS-on-armv6.patch, merged upstream
++++ vim:
- Updated to version 8.2.2850, fixes the following problems
* After a timer displays text a hit-enter prompt is given.
* Free Pascal makefile not recognized.
* Vim9: illegal memory access.
* Flicker when the popup menu has an info popup.
* Setting buffer local mapping with mapset() changes global mapping.
* Vim9: cannot use legacy syntax in Vim9 script.
* Vim9: using "++nr" as a command might not work.
* Build fails with tiny features.
* Vim9: increment and decrement not sufficiently tested.
* Vim9: :def function compilation fails when using :legacy.
* Vim9: crash when calling a function in a substitute expression.
* Vim9: error for missing white space doesn't say where it is missing
* Vim9: still crash when using substitute expression.
* Cannot grep using fuzzy matching.
* Vim9: unused variable. (John Marriott)
* Status line flickers when redrawing popup menu info.
* Vim9: comment below expression in lambda causes problems.
* Vim9: script sourcing continues after an error.
* No jump added to jumplist when opening terminal in current window.
* Finishing an abbreviation with a multi-byte char may not work.
* Session file may divide by zero.
* Code in checkreadonly() not fully tested.
* Compiler warnings for int to size_t conversion. (Randall W. Morris)
* Test file was not deleted.
* Coverity complains about not checking the rename() return value.
* Some comments are not correct or clear.
* Terminal colors are not updated when 'background' is set.
* Vim9: expandcmd() not tested.
* Operator cancelled by moving mouse when using popup. (Sergey Vlasov)
* Two key command cancelled by moving mouse when using popup. (Sergey Vlasov)
* Vim9: :cexpr does not work with local variables.
* Vim9: leaking memory in :cexpr.
* Build failure without the +quickfix feature. (John Marriott)
* Various code lines not covered by tests.
* File extension .wrap not recognized.
* Default redirection missing "ash" and "dash".
* Vim9: member operation not fully tested.
* Vim9: skip argument to searchpair() is not compiled.
* Vim9: skip argument to searchpairpos() is not compiled.
* Vim9: memory leak when using searchpair().
* Vim9: "echo Func()" does not give an error for a function without a
return value.
* Perl not tested sufficiently.
* Crash when calling partial.
* Bufwrite not sufficiently tested.
* Recalling commands from history is not tested.
------------------------------------------------------------------
------------------ 2021-5-13 - May 13 2021 -------------------
------------------------------------------------------------------
++++ gnutls:
- Compute the FIPS hmac file without re-defining the
__os_install_post macro, use the brp-50-generate-fips-hmac
script instead. [bsc#1184555]
++++ llvm15:
- Set memory limits for DWZ to 4x.
------------------------------------------------------------------
------------------ 2021-5-12 - May 12 2021 -------------------
------------------------------------------------------------------
++++ acl:
- Update to version 2.3.1
* Update German translation
* getfacl: fix indent in --help output
* getfacl: Add --one-file-system option, with this option getfacl
will not cross mount points
* Fix segfault on allocation failure
* Avoid SIGSEGV with link-time optimisation enabled
- Use SourceUrls
++++ btrfsprogs:
- Update to 5.12.1
* build: fix missing symbols in libbtrfs
* mkfs: check for minimal number of zones
* check: fix warning about cache generation when free space tree is enabled
* fix superblock write in zoned mode on 16K pages
++++ kernel-default:
- Delete patches.suse/radeon-workaround.patch.
An upstream fix follows
- commit ff0b740
- bpf: Prevent writable memory-mapping of read-only ringbuf pages
(bsc#1185640 CVE-2021-3489).
- bpf, ringbuf: Deny reserve of buffers larger than ringbuf
(bsc#1185640 CVE-2021-3489).
- bpf: Fix alu32 const subreg bound tracking on bitwise operations
(bsc#1185641 CVE-2021-3490).
- commit 1f475c8
- Revert "drm/qxl: do not run release if qxl failed to init"
(git-fixes).
- drm/amdgpu/display/dm: add missing parameter documentation
(git-fixes).
- drm/amdgpu/display: remove redundant continue statement
(git-fixes).
- ALSA: hda/realtek: ALC285 Thinkpad jack pin quirk is unreachable
(git-fixes).
- io_uring: update sq_thread_idle after ctx deleted (git-fixes).
- commit 6e5c933
- Linux 5.12.3 (bsc#1012628).
- bus: mhi: core: Fix check for syserr at power_up (bsc#1012628).
- bus: mhi: core: Clear configuration from channel context during
reset (bsc#1012628).
- bus: mhi: core: Sanity check values from remote device before
use (bsc#1012628).
- bus: mhi: core: Add missing checks for MMIO register entries
(bsc#1012628).
- bus: mhi: pci_generic: Remove WQ_MEM_RECLAIM flag from state
workqueue (bsc#1012628).
- bus: mhi: core: Fix MHI runtime_pm behavior (bsc#1012628).
- bus: mhi: core: Fix invalid error returning in mhi_queue
(bsc#1012628).
- nitro_enclaves: Fix stale file descriptors on failed usercopy
(bsc#1012628).
- dyndbg: fix parsing file query without a line-range suffix
(bsc#1012628).
- s390/disassembler: increase ebpf disasm buffer size
(bsc#1012628).
- s390/zcrypt: fix zcard and zqueue hot-unplug memleak
(bsc#1012628).
- s390/vfio-ap: fix circular lockdep when setting/clearing crypto
masks (bsc#1012628).
- s390/cio: remove invalid condition on IO_SCH_UNREG
(bsc#1012628).
- vhost-vdpa: fix vm_flags for virtqueue doorbell mapping
(bsc#1012628).
- tpm: acpi: Check eventlog signature before using it
(bsc#1012628).
- ACPI: custom_method: fix potential use-after-free issue
(bsc#1012628).
- ACPI: custom_method: fix a possible memory leak (bsc#1012628).
- ftrace: Handle commands when closing set_ftrace_filter file
(bsc#1012628).
- ARM: 9056/1: decompressor: fix BSS size calculation for LLVM
ld.lld (bsc#1012628).
- arm64: dts: marvell: armada-37xx: add syscon compatible to NB
clk node (bsc#1012628).
- arm64: dts: mt8173: fix property typo of 'phys' in dsi node
(bsc#1012628).
- ecryptfs: fix kernel panic with null dev_name (bsc#1012628).
- fs/epoll: restore waking from ep_done_scan() (bsc#1012628).
- reset: add missing empty function reset_control_rearm()
(bsc#1012628).
- mtd: spi-nor: core: Fix an issue of releasing resources during
read/write (bsc#1012628).
- Revert "mtd: spi-nor: macronix: Add support for mx25l51245g"
(bsc#1012628).
- mtd: spinand: core: add missing MODULE_DEVICE_TABLE()
(bsc#1012628).
- mtd: rawnand: atmel: Update ecc_stats.corrected counter
(bsc#1012628).
- mtd: physmap: physmap-bt1-rom: Fix unintentional stack access
(bsc#1012628).
- erofs: add unsupported inode i_format check (bsc#1012628).
- spi: stm32-qspi: fix pm_runtime usage_count counter
(bsc#1012628).
- spi: spi-ti-qspi: Free DMA resources (bsc#1012628).
- libceph: bump CephXAuthenticate encoding version (bsc#1012628).
- libceph: allow addrvecs with a single NONE/blank address
(bsc#1012628).
- scsi: qla2xxx: Reserve extra IRQ vectors (bsc#1012628).
- scsi: lpfc: Fix rmmod crash due to bad ring pointers to
abort_iotag (bsc#1012628).
- scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand()
(bsc#1012628).
- scsi: mpt3sas: Only one vSES is present even when IOC has
multi vSES (bsc#1012628).
- scsi: mpt3sas: Block PCI config access from userspace during
reset (bsc#1012628).
- mmc: uniphier-sd: Fix an error handling path in
uniphier_sd_probe() (bsc#1012628).
- mmc: uniphier-sd: Fix a resource leak in the remove function
(bsc#1012628).
- mmc: sdhci: Check for reset prior to DMA address unmap
(bsc#1012628).
- mmc: sdhci-pci: Fix initialization of some SD cards for Intel
BYT-based controllers (bsc#1012628).
- mmc: sdhci-tegra: Add required callbacks to set/clear CQE_EN
bit (bsc#1012628).
- mmc: block: Update ext_csd.cache_ctrl if it was written
(bsc#1012628).
- mmc: block: Issue a cache flush only when it's enabled
(bsc#1012628).
- mmc: core: Do a power cycle when the CMD11 fails (bsc#1012628).
- mmc: core: Set read only for SD cards with permanent write
protect bit (bsc#1012628).
- mmc: core: Fix hanging on I/O during system suspend for
removable cards (bsc#1012628).
- irqchip/gic-v3: Do not enable irqs when handling spurious
interrups (bsc#1012628).
- cifs: Return correct error code from smb2_get_enc_key
(bsc#1012628).
- cifs: fix out-of-bound memory access when calling smb3_notify()
at mount point (bsc#1012628).
- cifs: fix leak in cifs_smb3_do_mount() ctx (bsc#1012628).
- cifs: detect dead connections only when echoes are enabled
(bsc#1012628).
- cifs: fix regression when mounting shares with prefix paths
(bsc#1012628).
- smb2: fix use-after-free in smb2_ioctl_query_info()
(bsc#1012628).
- btrfs: handle remount to no compress during compression
(bsc#1012628).
- x86/build: Disable HIGHMEM64G selection for M486SX
(bsc#1012628).
- btrfs: fix metadata extent leak after failure to create
subvolume (bsc#1012628).
- intel_th: pci: Add Rocket Lake CPU support (bsc#1012628).
- btrfs: fix race between transaction aborts and fsyncs leading
to use-after-free (bsc#1012628).
- btrfs: zoned: fix unpaired block group unfreeze during device
replace (bsc#1012628).
- btrfs: zoned: fail mount if the device does not support zone
append (bsc#1012628).
- posix-timers: Preserve return value in clock_adjtime32()
(bsc#1012628).
- fbdev: zero-fill colormap in fbcmap.c (bsc#1012628).
- cpuidle: tegra: Fix C7 idling state on Tegra114 (bsc#1012628).
- bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices
first (bsc#1012628).
- staging: wimax/i2400m: fix byte-order issue (bsc#1012628).
- spi: ath79: always call chipselect function (bsc#1012628).
- spi: ath79: remove spi-master setup and cleanup assignment
(bsc#1012628).
- bus: mhi: pci_generic: No-Op for device_wake operations
(bsc#1012628).
- bus: mhi: core: Destroy SBL devices when moving to mission mode
(bsc#1012628).
- bus: mhi: core: Process execution environment changes serially
(bsc#1012628).
- crypto: api - check for ERR pointers in crypto_destroy_tfm()
(bsc#1012628).
- crypto: qat - fix unmap invalid dma address (bsc#1012628).
- usb: gadget: uvc: add bInterval checking for HS mode
(bsc#1012628).
- usb: webcam: Invalid size of Processing Unit Descriptor
(bsc#1012628).
- x86/sev: Do not require Hypervisor CPUID bit for SEV guests
(bsc#1012628).
- crypto: hisilicon/sec - fixes a printing error (bsc#1012628).
- genirq/matrix: Prevent allocation counter corruption
(bsc#1012628).
- usb: gadget: f_uac2: validate input parameters (bsc#1012628).
- usb: gadget: f_uac1: validate input parameters (bsc#1012628).
- usb: dwc3: gadget: Ignore EP queue requests during bus reset
(bsc#1012628).
- usb: xhci: Fix port minor revision (bsc#1012628).
- kselftest/arm64: mte: Fix compilation with native compiler
(bsc#1012628).
- ARM: tegra: acer-a500: Rename avdd to vdda of touchscreen node
(bsc#1012628).
- PCI: PM: Do not read power state in pci_enable_device_flags()
(bsc#1012628).
- kselftest/arm64: mte: Fix MTE feature detection (bsc#1012628).
- ARM: dts: BCM5301X: fix "reg" formatting in /memory node
(bsc#1012628).
- ARM: dts: ux500: Fix up TVK R3 sensors (bsc#1012628).
- x86/build: Propagate $(CLANG_FLAGS) to $(REALMODE_FLAGS)
(bsc#1012628).
- x86/boot: Add $(CLANG_FLAGS) to compressed KBUILD_CFLAGS
(bsc#1012628).
- efi/libstub: Add $(CLANG_FLAGS) to x86 flags (bsc#1012628).
- soc/tegra: pmc: Fix completion of power-gate toggling
(bsc#1012628).
- arm64: dts: imx8mq-librem5-r3: Mark buck3 as always on
(bsc#1012628).
- tee: optee: do not check memref size on return from Secure World
(bsc#1012628).
- soundwire: cadence: only prepare attached devices on clock stop
(bsc#1012628).
- perf/arm_pmu_platform: Use dev_err_probe() for IRQ errors
(bsc#1012628).
- perf/arm_pmu_platform: Fix error handling (bsc#1012628).
- random: initialize ChaCha20 constants with correct endianness
(bsc#1012628).
- usb: xhci-mtk: support quirk to disable usb2 lpm (bsc#1012628).
- fpga: dfl: pci: add DID for D5005 PAC cards (bsc#1012628).
- xhci: check port array allocation was successful before
dereferencing it (bsc#1012628).
- xhci: check control context is valid before dereferencing it
(bsc#1012628).
- xhci: fix potential array out of bounds with several
interrupters (bsc#1012628).
- xhci: prevent double-fetch of transfer and transfer event TRBs
(bsc#1012628).
- bus: mhi: core: Clear context for stopped channels from remove()
(bsc#1012628).
- bus: mhi: pci_generic: Implement PCI shutdown callback
(bsc#1012628).
- ARM: dts: at91: change the key code of the gpio key
(bsc#1012628).
- tools/power/x86/intel-speed-select: Increase string size
(bsc#1012628).
- platform/x86: ISST: Account for increased timeout in some cases
(bsc#1012628).
- clocksource/drivers/dw_apb_timer_of: Add handling for potential
memory leak (bsc#1012628).
- resource: Prevent irqresource_disabled() from erasing flags
(bsc#1012628).
- spi: dln2: Fix reference leak to master (bsc#1012628).
- spi: omap-100k: Fix reference leak to master (bsc#1012628).
- spi: qup: fix PM reference leak in spi_qup_remove()
(bsc#1012628).
- usb: dwc3: pci: add support for the Intel Alder Lake-M
(bsc#1012628).
- usb: gadget: tegra-xudc: Fix possible use-after-free in
tegra_xudc_remove() (bsc#1012628).
- usb: musb: fix PM reference leak in musb_irq_work()
(bsc#1012628).
- usb: core: hub: Fix PM reference leak in usb_port_resume()
(bsc#1012628).
- usb: dwc3: gadget: Check for disabled LPM quirk (bsc#1012628).
- tty: n_gsm: check error while registering tty devices
(bsc#1012628).
- intel_th: Consistency and off-by-one fix (bsc#1012628).
- phy: phy-twl4030-usb: Fix possible use-after-free in
twl4030_usb_remove() (bsc#1012628).
- crypto: sun4i-ss - Fix PM reference leak when
pm_runtime_get_sync() fails (bsc#1012628).
- crypto: sun8i-ss - Fix PM reference leak when
pm_runtime_get_sync() fails (bsc#1012628).
- crypto: sun8i-ce - Fix PM reference leak in sun8i_ce_probe()
(bsc#1012628).
- crypto: stm32/hash - Fix PM reference leak on stm32-hash.c
(bsc#1012628).
- crypto: stm32/cryp - Fix PM reference leak on stm32-cryp.c
(bsc#1012628).
- crypto: sa2ul - Fix PM reference leak in sa_ul_probe()
(bsc#1012628).
- crypto: omap-aes - Fix PM reference leak on omap-aes.c
(bsc#1012628).
- platform/x86: intel_pmc_core: Don't use global pmcdev in quirks
(bsc#1012628).
- spi: sync up initial chipselect state (bsc#1012628).
- btrfs: use btrfs_inode_lock/btrfs_inode_unlock inode lock
helpers (bsc#1012628).
- btrfs: fix race between marking inode needs to be logged and
log syncing (bsc#1012628).
- btrfs: fix exhaustion of the system chunk array due to
concurrent allocations (bsc#1012628).
- btrfs: do proper error handling in create_reloc_root
(bsc#1012628).
- btrfs: do proper error handling in btrfs_update_reloc_root
(bsc#1012628).
- btrfs: convert logic BUG_ON()'s in replace_path to ASSERT()'s
(bsc#1012628).
- regulator: da9121: automotive variants identity fix
(bsc#1012628).
- drm: Added orientation quirk for OneGX1 Pro (bsc#1012628).
- drm/qxl: do not run release if qxl failed to init (bsc#1012628).
- drm/qxl: release shadow on shutdown (bsc#1012628).
- drm/ast: Fix invalid usage of AST_MAX_HWC_WIDTH in cursor
atomic_check (bsc#1012628).
- drm/amd/display: changing sr exit latency (bsc#1012628).
- drm/amd/display: Fix MPC OGAM power on/off sequence
(bsc#1012628).
- drm/amd/pm: do not issue message while write "r" into
pp_od_clk_voltage (bsc#1012628).
- drm/ast: fix memory leak when unload the driver (bsc#1012628).
- drm/amd/display: Check for DSC support instead of ASIC revision
(bsc#1012628).
- drm/amd/display: Don't optimize bandwidth before disabling
planes (bsc#1012628).
- drm/amd/display: Return invalid state if GPINT times out
(bsc#1012628).
- drm/amdgpu/display: buffer INTERRUPT_LOW_IRQ_CONTEXT interrupt
work (bsc#1012628).
- drm/amd/display/dc/dce/dce_aux: Remove duplicate line causing
'field overwritten' issue (bsc#1012628).
- scsi: lpfc: Fix incorrect dbde assignment when building target
abts wqe (bsc#1012628).
- scsi: lpfc: Fix pt2pt connection does not recover after LOGO
(bsc#1012628).
- scsi: lpfc: Fix status returned in lpfc_els_retry() error exit
path (bsc#1012628).
- scsi: lpfc: Fix PLOGI ACC to be transmit after REG_LOGIN
(bsc#1012628).
- scsi: lpfc: Fix ADISC handling that never frees nodes
(bsc#1012628).
- drm/amd/pm/swsmu: clean up user profile function (bsc#1012628).
- drm/amdgpu: Fix some unload driver issues (bsc#1012628).
- sched/fair: Fix task utilization accountability in
compute_energy() (bsc#1012628).
- sched/pelt: Fix task util_est update filtering (bsc#1012628).
- sched/topology: fix the issue groups don't span domain->span
for NUMA diameter > 2 (bsc#1012628).
- kvfree_rcu: Use same set of GFP flags as does single-argument
(bsc#1012628).
- drm/virtio: fix possible leak/unlock virtio_gpu_object_array
(bsc#1012628).
- scsi: target: pscsi: Fix warning in pscsi_complete_cmd()
(bsc#1012628).
- media: ite-cir: check for receive overflow (bsc#1012628).
- media: drivers: media: pci: sta2x11: fix Kconfig dependency
on GPIOLIB (bsc#1012628).
- media: drivers/media/usb: fix memory leak in zr364xx_probe
(bsc#1012628).
- media: cx23885: add more quirks for reset DMA on some AMD IOMMU
(bsc#1012628).
- media: imx: capture: Return -EPIPE from
__capture_legacy_try_fmt() (bsc#1012628).
- atomisp: don't let it go past pipes array (bsc#1012628).
- power: supply: bq27xxx: fix power_avg for newer ICs
(bsc#1012628).
- extcon: arizona: Fix some issues when HPDET IRQ fires after
the jack has been unplugged (bsc#1012628).
- extcon: arizona: Fix various races on driver unbind
(bsc#1012628).
- media: venus: core, venc, vdec: Fix probe dependency error
(bsc#1012628).
- s390/qdio: let driver manage the QAOB (bsc#1012628).
- media: media/saa7164: fix saa7164_encoder_register() memory
leak bugs (bsc#1012628).
- media: gspca/sq905.c: fix uninitialized variable (bsc#1012628).
- media: v4l2-ctrls.c: initialize flags field of p_fwht_params
(bsc#1012628).
- power: supply: Use IRQF_ONESHOT (bsc#1012628).
- backlight: qcom-wled: Use sink_addr for sync toggle
(bsc#1012628).
- backlight: qcom-wled: Fix FSC update issue for WLED5
(bsc#1012628).
- drm/amdgpu: enable retry fault wptr overflow (bsc#1012628).
- drm/amdgpu: enable 48-bit IH timestamp counter (bsc#1012628).
- drm/amdgpu: mask the xgmi number of hops reported from psp to
kfd (bsc#1012628).
- drm/amdkfd: Fix UBSAN shift-out-of-bounds warning (bsc#1012628).
- drm/amd/display: Align cursor cache address to 2KB
(bsc#1012628).
- drm/amdgpu : Fix asic reset regression issue introduce by
8f211fe8ac7c4f (bsc#1012628).
- drm/amd/pm: fix workload mismatch on vega10 (bsc#1012628).
- drm/amd/display: Fix UBSAN warning for not a valid value for
type '_Bool' (bsc#1012628).
- drm/amd/display: DCHUB underflow counter increasing in some
scenarios (bsc#1012628).
- drm/amd/display: fix dml prefetch validation (bsc#1012628).
- drm/amd/display: Fix potential memory leak (bsc#1012628).
- scsi: qla2xxx: Always check the return value of
qla24xx_get_isp_stats() (bsc#1012628).
- drm/vkms: fix misuse of WARN_ON (bsc#1012628).
- block, bfq: fix weight-raising resume with !low_latency
(bsc#1012628).
- scsi: qla2xxx: Fix use after free in bsg (bsc#1012628).
- mmc: sdhci-esdhc-imx: validate pinctrl before use it
(bsc#1012628).
- mmc: sdhci-pci: Add PCI IDs for Intel LKF (bsc#1012628).
- mmc: sdhci-brcmstb: Remove CQE quirk (bsc#1012628).
- ata: ahci: Disable SXS for Hisilicon Kunpeng920 (bsc#1012628).
- drm/komeda: Fix bit check to import to value of proper type
(bsc#1012628).
- nvmet: return proper error code from discovery ctrl
(bsc#1012628).
- selftests/resctrl: Enable gcc checks to detect buffer overflows
(bsc#1012628).
- selftests/resctrl: Fix compilation issues for global variables
(bsc#1012628).
- selftests/resctrl: Fix compilation issues for other global
variables (bsc#1012628).
- selftests/resctrl: Clean up resctrl features check
(bsc#1012628).
- selftests/resctrl: Fix missing options "-n" and "-p"
(bsc#1012628).
- selftests/resctrl: Use resctrl/info for feature detection
(bsc#1012628).
- selftests/resctrl: Fix incorrect parsing of iMC counters
(bsc#1012628).
- selftests/resctrl: Fix checking for < 0 for unsigned values
(bsc#1012628).
- power: supply: cpcap-charger: fix small mistake in current to
register conversion (bsc#1012628).
- power: supply: cpcap-charger: Add usleep to cpcap charger to
avoid usb plug bounce (bsc#1012628).
- scsi: smartpqi: Use host-wide tag space (bsc#1012628).
- scsi: smartpqi: Correct request leakage during reset operations
(bsc#1012628).
- scsi: smartpqi: Add new PCI IDs (bsc#1012628).
- scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg()
(bsc#1012628).
- media: em28xx: fix memory leak (bsc#1012628).
- media: vivid: update EDID (bsc#1012628).
- media: uvcvideo: Fix XU id print in forward scan (bsc#1012628).
- media: uvcvideo: Support devices that report an OT as an entity
source (bsc#1012628).
- drm/msm/a6xx: Fix perfcounter oob timeout (bsc#1012628).
- drm/msm/dp: Fix incorrect NULL check kbot warnings in DP driver
(bsc#1012628).
- clk: socfpga: arria10: Fix memory leak of socfpga_clk on error
return (bsc#1012628).
- power: supply: generic-adc-battery: fix possible use-after-free
in gab_remove() (bsc#1012628).
- power: supply: s3c_adc_battery: fix possible use-after-free
in s3c_adc_bat_remove() (bsc#1012628).
- media: tc358743: fix possible use-after-free in
tc358743_remove() (bsc#1012628).
- media: adv7604: fix possible use-after-free in adv76xx_remove()
(bsc#1012628).
- media: i2c: adv7511-v4l2: fix possible use-after-free in
adv7511_remove() (bsc#1012628).
- media: i2c: tda1997: Fix possible use-after-free in
tda1997x_remove() (bsc#1012628).
- media: i2c: adv7842: fix possible use-after-free in
adv7842_remove() (bsc#1012628).
- media: platform: sti: Fix runtime PM imbalance in regs_show
(bsc#1012628).
- media: sun8i-di: Fix runtime PM imbalance in
deinterlace_start_streaming (bsc#1012628).
- media: dvb-usb: fix memory leak in dvb_usb_adapter_init
(bsc#1012628).
- media: gscpa/stv06xx: fix memory leak (bsc#1012628).
- sched/fair: Bring back select_idle_smt(), but differently
(bsc#1012628).
- sched/fair: Ignore percpu threads for imbalance pulls
(bsc#1012628).
- drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal
(bsc#1012628).
- drm/msm/mdp5: Do not multiply vclk line count by 100
(bsc#1012628).
- drm/amdgpu/ttm: Fix memory leak userptr pages (bsc#1012628).
- drm/radeon/ttm: Fix memory leak userptr pages (bsc#1012628).
- drm/amd/display: Fix debugfs link_settings entry (bsc#1012628).
- drm/amd/display: Fix UBSAN: shift-out-of-bounds warning
(bsc#1012628).
- drm/radeon: don't evict if not initialized (bsc#1012628).
- drm/amdkfd: Fix cat debugfs hang_hws file causes system crash
bug (bsc#1012628).
- amdgpu: avoid incorrect %hu format string (bsc#1012628).
- drm/amdgpu/display: fix memory leak for dimgrey cavefish
(bsc#1012628).
- drm/amd/display: Try YCbCr420 color when YCbCr444 fails
(bsc#1012628).
- drm/amdgpu: fix NULL pointer dereference (bsc#1012628).
- drm/amd/display: Update DCN302 SR Exit Latency (bsc#1012628).
- scsi: mpt3sas: Fix out-of-bounds warnings in
_ctl_addnl_diag_query (bsc#1012628).
- scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering
a LOGO response (bsc#1012628).
- scsi: lpfc: Fix reference counting errors in lpfc_cmpl_els_rsp()
(bsc#1012628).
- scsi: lpfc: Fix error handling for mailboxes completed in
MBX_POLL mode (bsc#1012628).
- scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic
(bsc#1012628).
- mfd: intel-m10-bmc: Fix the register access range (bsc#1012628).
- mfd: da9063: Support SMBus and I2C mode (bsc#1012628).
- mfd: arizona: Fix rumtime PM imbalance on error (bsc#1012628).
- scsi: libfc: Fix a format specifier (bsc#1012628).
- perf: Rework perf_event_exit_event() (bsc#1012628).
- sched,fair: Alternative sched_slice() (bsc#1012628).
- block/rnbd-srv: Prevent a deadlock generated by accessing
sysfs in parallel (bsc#1012628).
- block/rnbd-clt: Fix missing a memory free when unloading the
module (bsc#1012628).
- io_uring: safer sq_creds putting (bsc#1012628).
- s390/archrandom: add parameter check for
s390_arch_random_generate (bsc#1012628).
- sched,psi: Handle potential task count underflow bugs more
gracefully (bsc#1012628).
- nvmet: avoid queuing keep-alive timer if it is disabled
(bsc#1012628).
- power: supply: cpcap-battery: fix invalid usage of list cursor
(bsc#1012628).
- ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer
(bsc#1012628).
- ALSA: hda/conexant: Re-order CX5066 quirk table entries
(bsc#1012628).
- ALSA: sb: Fix two use after free in snd_sb_qsound_build
(bsc#1012628).
- ALSA: usb-audio: Explicitly set up the clock selector
(bsc#1012628).
- ALSA: usb-audio: Add dB range mapping for Sennheiser
Communications Headset PC 8 (bsc#1012628).
- ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 445 G7
(bsc#1012628).
- ALSA: hda/realtek: GA503 use same quirks as GA401 (bsc#1012628).
- ALSA: hda/realtek: fix mic boost on Intel NUC 8 (bsc#1012628).
- ALSA: hda/realtek - Headset Mic issue on HP platform
(bsc#1012628).
- ALSA: hda/realtek: fix static noise on ALC285 Lenovo laptops
(bsc#1012628).
- ALSA: hda/realtek: Add quirk for Intel Clevo PCx0Dx
(bsc#1012628).
- tools/power/turbostat: Fix turbostat for AMD Zen CPUs
(bsc#1012628).
- btrfs: fix race when picking most recent mod log operation
for an old root (bsc#1012628).
- btrfs: fix a potential hole punching failure (bsc#1012628).
- arm64/vdso: Discard .note.gnu.property sections in vDSO
(bsc#1012628).
- Makefile: Move -Wno-unused-but-set-variable out of GCC only
block (bsc#1012628).
- riscv/kprobe: fix kernel panic when invoking sys_read traced
by kprobe (bsc#1012628).
- fs: fix reporting supported extra file attributes for statx()
(bsc#1012628).
- virtiofs: fix memory leak in virtio_fs_probe() (bsc#1012628).
- kcsan, debugfs: Move debugfs file creation out of early init
(bsc#1012628).
- ubifs: Only check replay with inode type to judge if inode
linked (bsc#1012628).
- f2fs: fix error handling in f2fs_end_enable_verity()
(bsc#1012628).
- f2fs: fix to avoid out-of-bounds memory access (bsc#1012628).
- mlxsw: spectrum_mr: Update egress RIF list before route's action
(bsc#1012628).
- openvswitch: fix stack OOB read while fragmenting IPv4 packets
(bsc#1012628).
- net/sched: sch_frag: fix stack OOB read while fragmenting IPv4
packets (bsc#1012628).
- ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe
failure (bsc#1012628).
- NFS: fs_context: validate UDP retrans to prevent shift
out-of-bounds (bsc#1012628).
- NFS: Don't discard pNFS layout segments that are marked for
return (bsc#1012628).
- NFSv4: Don't discard segments marked for return in
_pnfs_return_layout() (bsc#1012628).
- Input: ili210x - add missing negation for touch indication on
ili210x (bsc#1012628).
- jffs2: Fix kasan slab-out-of-bounds problem (bsc#1012628).
- jffs2: Hook up splice_write callback (bsc#1012628).
- iommu/vt-d: Force to flush iotlb before creating superpage
(bsc#1012628).
- powerpc/vdso: Separate vvar vma from vdso (bsc#1012628).
- powerpc/powernv: Enable HAIL (HV AIL) for ISA v3.1 processors
(bsc#1012628).
- powerpc/eeh: Fix EEH handling for hugepages in ioremap space
(bsc#1012628).
- powerpc/kexec_file: Use current CPU info while setting up FDT
(bsc#1012628).
- powerpc/32: Fix boot failure with CONFIG_STACKPROTECTOR
(bsc#1012628).
- powerpc: fix EDEADLOCK redefinition error in uapi/asm/errno.h
(bsc#1012628).
- powerpc/kvm: Fix PR KVM with KUAP/MEM_KEYS enabled
(bsc#1012628).
- powerpc/kvm: Fix build error when PPC_MEM_KEYS/PPC_PSERIES=n
(bsc#1012628).
- intel_th: pci: Add Alder Lake-M support (bsc#1012628).
- tpm: efi: Use local variable for calculating final log size
(bsc#1012628).
- tpm: vtpm_proxy: Avoid reading host log when using a virtual
device (bsc#1012628).
- crypto: arm/curve25519 - Move '.fpu' after '.arch'
(bsc#1012628).
- crypto: rng - fix crypto_rng_reset() refcounting when
!CRYPTO_STATS (bsc#1012628).
- md/raid1: properly indicate failure when ending a failed write
request (bsc#1012628).
- dm raid: fix inconclusive reshape layout on fast raid4/5/6
table reload sequences (bsc#1012628).
- fuse: fix write deadlock (bsc#1012628).
- mm: page_alloc: ignore init_on_free=1 for debug_pagealloc=1
(bsc#1012628).
- exfat: fix erroneous discard when clear cluster bit
(bsc#1012628).
- sfc: farch: fix TX queue lookup in TX flush done handling
(bsc#1012628).
- sfc: farch: fix TX queue lookup in TX event handling
(bsc#1012628).
- sfc: adjust efx->xdp_tx_queue_count with the real number of
initialized queues (bsc#1012628).
- rcu/nocb: Fix missed nocb_timer requeue (bsc#1012628).
- security: commoncap: fix -Wstringop-overread warning
(bsc#1012628).
- Fix misc new gcc warnings (bsc#1012628).
- smb3: when mounting with multichannel include it in requested
capabilities (bsc#1012628).
- smb3: if max_channels set to more than one channel request
multichannel (bsc#1012628).
- smb3: do not attempt multichannel to server which does not
support it (bsc#1012628).
- Revert 337f13046ff0 ("futex: Allow FUTEX_CLOCK_REALTIME with
FUTEX_WAIT op") (bsc#1012628).
- futex: Do not apply time namespace adjustment on FUTEX_LOCK_PI
(bsc#1012628).
- x86/cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is
supported (bsc#1012628).
- kbuild: update config_data.gz only when the content of .config
is changed (bsc#1012628).
- ext4: annotate data race in start_this_handle() (bsc#1012628).
- ext4: annotate data race in jbd2_journal_dirty_metadata()
(bsc#1012628).
- ext4: fix check to prevent false positive report of incorrect
used inodes (bsc#1012628).
- ext4: do not set SB_ACTIVE in ext4_orphan_cleanup()
(bsc#1012628).
- ext4: always panic when errors=panic is specified (bsc#1012628).
- ext4: fix error code in ext4_commit_super (bsc#1012628).
- ext4: fix ext4_error_err save negative errno into superblock
(bsc#1012628).
- ext4: fix error return code in ext4_fc_perform_commit()
(bsc#1012628).
- ext4: allow the dax flag to be set and cleared on inline
directories (bsc#1012628).
- ext4: Fix occasional generic/418 failure (bsc#1012628).
- media: dvbdev: Fix memory leak in dvb_media_device_free()
(bsc#1012628).
- media: staging/intel-ipu3: Fix memory leak in imu_fmt
(bsc#1012628).
- media: staging/intel-ipu3: Fix set_fmt error handling
(bsc#1012628).
- media: staging/intel-ipu3: Fix race condition during set_fmt
(bsc#1012628).
- media: v4l2-ctrls: fix reference to freed memory (bsc#1012628).
- media: coda: fix macroblocks count control usage (bsc#1012628).
- media: venus: pm_helpers: Set opp clock name for v1
(bsc#1012628).
- media: venus: venc_ctrls: Change default header mode
(bsc#1012628).
- media: venus: hfi_cmds: Support plane-actual-info property
from v1 (bsc#1012628).
- media: venus: hfi_parser: Don't initialize parser on v1
(bsc#1012628).
- media: venus: hfi_parser: Check for instance after hfi platform
get (bsc#1012628).
- io_uring: remove extra sqpoll submission halting (bsc#1012628).
- io_uring: fix shared sqpoll cancellation hangs (bsc#1012628).
- io_uring: fix work_exit sqpoll cancellations (bsc#1012628).
- io_uring: Check current->io_uring in io_uring_cancel_sqpoll
(bsc#1012628).
- usb: gadget: dummy_hcd: fix gpf in gadget_setup (bsc#1012628).
- usb: gadget: Fix double free of device descriptor pointers
(bsc#1012628).
- usb: gadget/function/f_fs string table fix for multiple
languages (bsc#1012628).
- usb: dwc3: gadget: Remove FS bInterval_m1 limitation
(bsc#1012628).
- usb: dwc3: gadget: Fix START_TRANSFER link state check
(bsc#1012628).
- usb: dwc3: core: Do core softreset when switch mode
(bsc#1012628).
- usb: dwc2: Fix session request interrupt handler (bsc#1012628).
- PCI: dwc: Move iATU detection earlier (bsc#1012628).
- tty: fix memory leak in vc_deallocate (bsc#1012628).
- rsi: Use resume_noirq for SDIO (bsc#1012628).
- tools/power turbostat: Fix offset overflow issue in index
converting (bsc#1012628).
- tracing: Map all PIDs to command lines (bsc#1012628).
- tracing: Restructure trace_clock_global() to never block
(bsc#1012628).
- dm persistent data: packed struct should have an aligned()
attribute too (bsc#1012628).
- dm space map common: fix division bug in sm_ll_find_free_block()
(bsc#1012628).
- dm integrity: fix missing goto in bitmap_flush_interval error
handling (bsc#1012628).
- dm rq: fix double free of blk_mq_tag_set in dev remove after
table load fails (bsc#1012628).
- pinctrl: Ingenic: Add missing pins to the JZ4770 MAC MII group
(bsc#1012628).
- pinctrl: Ingenic: Add support for read the pin configuration
of X1830 (bsc#1012628).
- lib/vsprintf.c: remove leftover 'f' and 'F' cases from
bstr_printf() (bsc#1012628).
- thermal/drivers/cpufreq_cooling: Fix slab OOB issue
(bsc#1012628).
- thermal/core/fair share: Lock the thermal zone while looping
over instances (bsc#1012628).
- commit e0bb900
- scripts/git_sort/git_sort.py: add bpf git repo
- commit 65979e3
++++ libXfixes:
- Update to version 6.0.0
* The big new feature here is support for the new
ClientDisconnectMode. From the corresponding
xorgproto announcement:
An X server that is started on demand (Xwayland) should ideally
also terminate when the last client disconnects. However, some
X11 clients that provide system services will linger around
forever, preventing that shutdown.
* With the new XFixes request, a client can designate itself as
to-be-terminated and the X server can ignore those clients when
counting the number of remaining clients. If no other clients
are left, the server can shut down.
* Note that this requires changes to the X server and each
client to work.
++++ libidn2:
- libidn2 2.3.1:
* Implement full roundtrip for lookup functionality
* Fix domain too long error
* Updated gnulib files and various build fixes
* verify source signature again
++++ open-iscsi:
- Merge latest upstream, which added fix (bsc#1185930):
* Set default 'startup' to 'onboot' for FW nodes
++++ rpm:
- auto-config-update-aarch64-ppc64le.diff: Treat missing timestamp as
infinitely old.
++++ python-psutil:
- remove the dependency on net-tools, since it conflicts with
busybox-hostnmame which is default on MicroOS. boo#1184753
++++ runc:
- Update to runc v1.0.0~rc94. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc94
Breaking Changes:
* cgroupv1: kernel memory limits are now always ignored, as kmemcg has
been effectively deprecated by the kernel. Users should make use of regular
memory cgroup controls.
Regression Fixes:
* seccomp: fix 32-bit compilation errors
* runc init: fix a hang caused by deadlock in seccomp/ebpf loading code
* runc start: fix "chdir to cwd: permission denied" for some setups
- Remove upstreamed patches:
- 0001-cloned_binary-switch-from-error-to-warning-for-SYS_m.patch
++++ sudo:
- update to 1.9.7
* The "fuzz" Makefile target now runs all the fuzzers for 8192
passes (can be overridden via the FUZZ_RUNS variable). This makes
it easier to run the fuzzers in-tree. To run a fuzzer indefinitely,
set FUZZ_RUNS=-1, e.g. "make FUZZ_RUNS=-1 fuzz".
* Fixed fuzzing on FreeBSD where the ld.lld linker returns an
error by default when a symbol is multiply-defined.
* Added support for determining local IPv6 addresses on systems
that lack the getifaddrs() function. This now works on AIX,
HP-UX and Solaris (at least). Bug #969.
* Fixed a bug introduced in sudo 1.9.6 that caused "sudo -V" to
report a usage error. Also, when invoked as sudoedit, sudo now
allows a more restricted set of options that matches the usage
statement and documentation. GitHub issue #95.
* Fixed a crash in sudo_sendlog when the specified certificate
or key does not exist or is invalid. Bug #970
* Fixed a compilation error when sudo is configured with the
- -disable-log-client option.
* Sudo's limited support for SUCCESS=return entries in nsswitch.conf
is now documented. Bug #971.
* Sudo now requires autoconf 2.70 or higher to regenerate the
configure script. Bug #972.
* sudo_logsrvd now has a relay mode which can be used to create
a hierarchy of log servers. By default, when a relay server is
defined, messages from the client are forwarded immediately to
the relay. However, if the "store_first" setting is enabled,
the log will be stored locally until the command completes and
then relayed. Bug #965.
* Sudo now links with OpenSSL by default if it is available unless
the --disable-openssl configure option is used or both the
- -disable-log-client and --disable-log-server configure options
are specified.
* Fixed configure's Python version detection when the version minor
number is more than a single digit, for example Python 3.10.
* The sudo Python module tests now pass for Python 3.10.
* Sudo will now avoid changing the datasize resource limit
as long as the existing value is at least 1GB. This works around
a problem on 64-bit HP-UX where it is not possible to exactly
restore the original datasize limit. Bug #973.
* Fixed a race condition that could result in a hang when sudo is
executed by a process where the SIGCHLD handler is set to SIG_IGN.
This fixes the bug described by GitHub PR #98.
* Fixed an out-of-bounds read in sudoedit and visudo when the
EDITOR, VISUAL or SUDO_EDITOR environment variables end in an
unescaped backslash. Also fixed the handling of quote characters
that are escaped by a backslash. GitHub issue #99.
* Fixed a bug that prevented the "log_server_verify" sudoers option
from taking effect.
* The sudo_sendlog utility has a new -s option to cause it to stop
sending I/O records after a user-specified elapsed time. This
can be used to test the I/O log restart functionality of sudo_logsrvd.
* Fixed a crash introduced in sudo 1.9.4 in sudo_logsrvd when
attempting to restart an interrupted I/O log transfer.
* The TLS connection timeout in the sudoers log client was previously
hard-coded to 10 seconds. It now uses the value of log_server_timeout.
* The configure script now outputs a summary of the user-configurable
options at the end, separate from output of configure script tests.
Bug #820.
* Corrected the description of which groups may be specified via the
- g option in the Runas_Spec section. Bug #975.
------------------------------------------------------------------
------------------ 2021-5-11 - May 11 2021 -------------------
------------------------------------------------------------------
++++ grub2:
- Fix plaintext password in grub config didn't work to unlock menu entry if
enabling secure boot in UEFI (bsc#1181892)
++++ kernel-default:
- sctp: delay auto_asconf init until binding the first addr
(CVE-2021-23133 bsc#1184675).
- Revert "net/sctp: fix race condition in sctp_destroy_sock"
(CVE-2021-23133 bsc#1184675).
- commit 6758015
- proc: Avoid mixing integer types in mem_rw() (CVE-2021-3491
bsc#1185642).
- io_uring: truncate lengths larger than MAX_RW_COUNT on provide
buffers (CVE-2021-3491 bsc#1185642).
- io_uring: fix overflows checks in provide buffers (CVE-2021-3491
bsc#1185642).
- commit 079e747
- pinctrl: Add Xilinx ZynqMP pinctrl driver support (bsc#1185927).
- Update config files. (bsc#1185927)
- firmware: xilinx: Add pinctrl support (bsc#1185927).
- dt-bindings: pinctrl: Add binding for ZynqMP pinctrl driver
(bsc#1185927).
- pinctrl: Introduce MODE group in enum pin_config_param
(bsc#1185927).
- commit fce7e82
- Workaround for a crash in radeon driver (bsc#1185516).
- commit 66123af
++++ snapper:
- fixed systemd sandboxing (gh#openSUSE/snapper#651)
++++ unbound:
- Use --disable-explicit-port-randomisation, the linux kernel
has source port randomization by default if port is 0 since ages.
++++ zstd:
- Add zstd-1.4.9-Avoid-SIGBUS-on-armv6.patch
to fix crashes when running armv6 userspace on armv8 64-bit kernels
++++ shim:
- Add shim-bsc1185261-relax-import_mok_state-check.patch to relax
the check for import_mok_state() when Secure Boot is off.
(bsc#1185261)
------------------------------------------------------------------
------------------ 2021-5-10 - May 10 2021 -------------------
------------------------------------------------------------------
++++ elfutils:
- Update to version 0.184:
debuginfod: Use libarchive's bsdtar as the .deb-family file unpacker.
debuginfod-client: Client caches negative results. If a query for a
file failed with 404, an empty 000 permission
file is created in the cache. This will prevent
requesting the same file for the next 10 minutes.
Client objects now carry long-lived curl handles
for outgoing connections. This makes it more
efficient for multiple sequential queries, because
the TCP connections and/or TLS state info are kept
around awhile, avoiding O(100ms) setup latencies.
libdw: handle DW_FORM_indirect when reading attributes
translations: Update Polish translation.
++++ filesystem:
- temporarily mark appdata and applications 0755 again until fallout
is fixed (bsc#1184786)
++++ kernel-default:
- drm/i915/dp: Use slow and wide link training for everything
(bsc#1185601).
- commit 3d40a8d
- Delete patches.suse/Revert-drm-i915-Try-to-use-fast-narrow-link-on-eDP-a.patch
An upstream fix will follow
- commit 3da1f57
- Add dtb-apple (bsc#1185845)
- commit 405d0ae
- Update to 5.13-rc1
- eliminated 34 patches (22 stable, 12 other)
- patches.kernel.org/*
- patches.suse/clk-bcm-rpi-release-firmware-handle-on-unbind.patch
- patches.suse/dt-bindings-pwm-add-binding-for-rpi-firmware-pwm-bus.patch
- patches.suse/firmware-raspberrypi-introduce-devm_rpi_firmware_get.patch
- patches.suse/firmware-raspberrypi-keep-count-of-all-consumers.patch
- patches.suse/gpio-raspberrypi-exp-release-firmware-handle-on-unbind.patch
- patches.suse/input-raspberrypi-ts-release-firmware-handle-when-not-needed.patch
- patches.suse/media-dvb-usb-Fix-memory-leak-at-error-in-dvb_usb_de.patch
- patches.suse/media-dvb-usb-Fix-use-after-free-access.patch
- patches.suse/pwm-add-raspberry-pi-firmware-based-pwm-bus.patch
- patches.suse/reset-raspberrypi-release-firmware-handle-on-unbind.patch
- patches.suse/soc-bcm-raspberrypi-power-release-firmware-handle-on-unbind.patch
- patches.suse/vchiq-release-firmware-handle-on-unbind.patch
- disable ARM architectures (need config update)
- refresh
- patches.rpmify/powerpc-64-BE-option-to-use-ELFv2-ABI-for-big-endian.patch
- patches.suse/kernel-add-product-identifying-information-to-kernel-build.patch
- patches.suse/supported-flag
- patches.suse/supported-flag-modverdir
- patches.suse/vfs-add-super_operations-get_inode_dev
- config refresh (no longer available as module)
- PVPANIC (m -> y)
- NFS_V4_2_SSC_HELPER (m -> y)
- new config options
- General setup
- CGROUP_MISC=y
- Virtualization
- X86_SGX_KVM=y
- General architecture-dependent options
- RANDOMIZE_KSTACK_OFFSET_DEFAULT=y
- Enable loadable module support
- MODULE_COMPRESS_NONE=y
- MODULE_COMPRESS_GZIP=n
- MODULE_COMPRESS_XZ=n
- MODULE_COMPRESS_ZSTD=n
- MODPROBE_PATH="/sbin/modprobe"
- Networking support
- NF_LOG_SYSLOG=m
- NETFILTER_XTABLES_COMPAT=y
- PCPU_DEV_REFCNT=y
- CAN_ETAS_ES58X=m
- BT_AOSPEXT=y
- BT_VIRTIO=m
- File systems
- NETFS_SUPPORT=m
- NETFS_STATS=y
- Security options
- SECURITY_LANDLOCK=y
- Cryptographic API
- CRYPTO_ECDSA=y
- SYSTEM_REVOCATION_LIST=y
- SYSTEM_REVOCATION_KEYS=""
- Kernel hacking
- VMLINUX_MAP=y
- TEST_DIV64=n
- Virtualiation drivers
- PVPANIC=y
- PVPANIC_MMIO=m
- PVPANIC_PCI=m
- VDPA_SIM_BLOCK=m
- VP_VDPA=m
- Network device support
- NET_DSA_MICROCHIP_KSZ8863_SMI=m
- NET_VENDOR_MICROSOFT=y
- MICROSOFT_MANA=m
- MLX5_TC_SAMPLE=y
- MARVELL_88X2222_PHY=m
- NXP_C45_TJA11XX_PHY=m
- WWAN=y
- WWAN_CORE=m
- MHI_WWAN_CTRL=m
- Input device support
- TOUCHSCREEN_HYCON_HY46XX=m
- TOUCHSCREEN_ILITEK=m
- TOUCHSCREEN_MSG2638=m
- INPUT_IQS626A=m
- Power supply class support
- BATTERY_GOLDFISH=m
- BATTERY_SURFACE=m
- CHARGER_SURFACE=m
- Hardware Monitoring support
- SENSORS_NZXT_KRAKEN2=m
- SENSORS_BPA_RS600=m
- SENSORS_FSP_3Y=m
- SENSORS_IR36021=m
- SENSORS_MAX15301=m
- SENSORS_STPDDC60=m
- Graphics support
- DRM_AMD_SECURE_DISPLAY=y
- DRM_I915_REQUEST_TIMEOUT=20000
- DRM_GUD=m
- Sound card support
- SND_SOC_FSL_RPMSG=n
- SND_SOC_TLV320AIC3X_I2C=n
- SND_SOC_TLV320AIC3X_SPI=n
- SND_VIRTIO=m
- HID support
- HID_FT260=m
- SURFACE_KBD=m
- SURFACE_HID=m
- X86 Platform Specific Device Drivers
- GIGABYTE_WMI=m
- ADV_SWBUTTON=m
- Microsoft Surface Platform-Specific Device Drivers
- SURFACE_AGGREGATOR_REGISTRY=m
- SURFACE_DTX=m
- SURFACE_PLATFORM_PROFILE=m
- Industrial I/O support
- BMI088_ACCEL=n
- TI_ADS131E08=n
- CROS_EC_MKBP_PROXIMITY=n
- Misc devices
- DW_XDATA_PCIE=m
- I2C_CP2615=m
- SPI_ALTERA_CORE=m
- SPI_ALTERA_DFL=m
- INTEL_TCC_COOLING=m
- MFD_ATC260X_I2C=n
- RTC_DRV_GOLDFISH=m
- INTEL_IDXD_PERFMON=y
- UIO_DFL=m
- OF dependent (i386, ppc64 / ppc64le, riscv64)
- MFD_NTXEC=n
- MFD_ROHM_BD957XMUF=n
- DRM_CHIPONE_ICN6211=n
- DRM_LONTIUM_LT8912B=n
- LEDS_RT4505=m
- i386
- MODULE_SIG_ALL=n
- MODULE_SIG_SHA256=y
- SND_SOC_RT1316_SDW=n
- SND_SOC_RT711_SDCA_SDW=n
- SND_SOC_RT715_SDCA_SDW=n
- LEDS_LGM=m
- MODULE_SIG_KEY="certs/signing_key.pem"
- ppc64 / ppc64le
- TIME_NS=y
- STRICT_KERNEL_RWX=y
- CMA_SYSFS=n
- FSL_DPAA2_SWITCH=m
- FSL_ENETC_IERB=m
- DEBUG_RODATA_TEST=n
- DEBUG_VM_PGTABLE=n
- s390x
- CMA_SYSFS=n
- NET_DSA=n
- CIO_INJECT=n
- riscv64
- SOC_MICROCHIP_POLARFIRE=y
- RISCV_ERRATA_ALTERNATIVE=y
- ERRATA_SIFIVE_CIP_453=y
- ERRATA_SIFIVE_CIP_1200=y
- KEXEC=y
- CRASH_DUMP=y
- PHYS_RAM_BASE_FIXED=n
- XIP_KERNEL=n
- STRICT_MODULE_RWX=y
- PCIE_FU740
- PROC_VMCORE=y
- PROC_VMCORE_DEVICE_DUMP=y
- FORTIFY_SOURCE=y
- commit 0ba08a9
- Revert "drm/i915: Try to use fast+narrow link on eDP again
and fall back to the old max strategy on failure" (bsc#1185601).
- commit 6c0f44c
++++ lua54:
- Add shared_link.patch: fix dynamic linking executable
- Stop building static library
++++ openssl-3:
- Update to 3.0.0. Alpha 16
* Mark pop/clear error stack in der2key_decode_p8
++++ systemd:
- Import commit 6f5c11b28f5739b901390f22c2bf4c003cadedaa (merge of v248.2)
2c8ec0095e udev/net_id: don't generate slot based names if multiple devices might claim the same slot (bsc#1192637)
[...]
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/e5f93c9d2e9e26dd0dff430c4c072a547357ae7d...6f5c11b28f5739b901390f22c2bf4c003cadedaa
++++ libxml2:
- Security fix: [bsc#1185698, CVE-2021-3537]
* NULL pointer dereference in valid.c:xmlValidBuildAContentModel
* Add libxml2-CVE-2021-3537.patch
++++ microos-tools:
- Update to version 2.10
- Fixes and improvements for SELinux support
- Add devel tools
- Add new subpackage microos-devel-tools
- Add rpm as build dependency for that subpackage
++++ pam:
- In the 32-bit compatibility package for 64-bit architectures,
require "systemd-32bit" to be also installed as it contains
pam_systemd.so for 32 bit applications.
[bsc#1185562, baselibs.conf]
++++ patterns-base:
- Don't recommend syslinux and binutils in enhanced_base
++++ salt:
- grains.extra: support old non-intel kernels (bsc#1180650)
- Fix missing minion returns in batch mode (bsc#1184659)
- Added:
* fix-missing-minion-returns-in-batch-mode-360.patch
* grains.extra-support-old-non-intel-kernels-bsc-11806.patch
++++ libxml2-python:
- Security fix: [bsc#1185698, CVE-2021-3537]
* NULL pointer dereference in valid.c:xmlValidBuildAContentModel
* Add libxml2-CVE-2021-3537.patch
------------------------------------------------------------------
------------------ 2021-5-9 - May 9 2021 -------------------
------------------------------------------------------------------
++++ btrfsprogs:
- Update to 5.12
* libbtrfsutil: relicensed to LGPL v2.1+
* mkfs: zoned mode support (kernel 5.12+)
* fi df: show zone_unusable per profile type in zoned mode
* fi usage: show total amount of zone_unusable
* fi resize: fix message for exact size
* image: fix warning and enlarge output file if necessary
* core
* refactor chunk allocator for more modes
* implement zoned mode support: allocation and writes, sb log
* crypto/hash refactoring and cleanups
* refactoring and cleanups
* other
* test updates
* CI updates
* travis-ci integration disabled
* docker images updated, more coverage
* incomplete build support for Android removed
* doc updates
* chattr mode m for 'NOCOMPRESS"
* swapfile used from fstab
* how to add a new export to libbtrfsutil
* update status of mount options since 5.9
- Update to 5.11.1
* properly format checksums when a mismatch is reported
* check: fix false alert on tree block crossing 64K page boundary
* convert:
* refuse to convert filesystem with 'needs_recovery'
* update documentation to require fsck before conversion
* balance convert: fix raid56 warning when converting other profiles
* fi resize: improved summary
* other
* build: fix checks and autoconf defines
* fix symlink paths for CI support scripts
* updated tests
++++ python-six:
- update to 1.16.0:
- Port _SixMetaPathImporter to Python 3.10.
------------------------------------------------------------------
------------------ 2021-5-8 - May 8 2021 -------------------
------------------------------------------------------------------
++++ boost-base:
- use https:// in spec file
++++ gstreamer-plugins-base:
- don't own appdata dir - comes from filesystem rpm
++++ sysuser-tools:
- Use /usr/sbin/nologin instead of /sbin/nologin
------------------------------------------------------------------
------------------ 2021-5-7 - May 7 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Linux 5.12.2 (bsc#1012628).
- perf/core: Fix unconditional security_locked_down() call
(bsc#1012628).
- platform/x86: thinkpad_acpi: Correct thermal sensor allocation
(bsc#1012628).
- USB: Add reset-resume quirk for WD19's Realtek Hub
(bsc#1012628).
- USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet
(bsc#1012628).
- ALSA: usb-audio: Fix implicit sync clearance at stopping stream
(bsc#1012628).
- ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX
(bsc#1012628).
- ovl: allow upperdir inside lowerdir (bsc#1012628).
- ovl: fix leaked dentry (bsc#1012628).
- net: qrtr: Avoid potential use after free in MHI send
(bsc#1012628).
- bpf: Fix leakage of uninitialized bpf stack under speculation
(bsc#1012628).
- bpf: Fix masking negation logic upon negative dst register
(bsc#1012628).
- drm/i915: Disable runtime power management during shutdown
(bsc#1012628).
- net: usb: ax88179_178a: initialize local variables before use
(bsc#1012628).
- netfilter: conntrack: Make global sysctls readonly in non-init
netns (bsc#1012628).
- mips: Do not include hi and lo in clobber list for R6
(bsc#1012628).
- commit 85a2a31
++++ kernel-firmware:
- Update to version 20210503 (git commit ecdfcf8e2ca1):
* i915: Add ADL-P DMC Support
* amdgpu: add new polaris 12 MC firmware
* firmware: nvidia: Add VIC firmware for Tegra194
* qcom: add gpu firmwares for sc7280
* brcm: Add a link to enable khadas VIM2's WiFi
* rtw89: 8852a: update fw to v0.13.8.0
* rtl_bt: Update RTL8852A BT USB firmware to 0xD9A8_7893
* qcom: Add venus firmware files for VPU-2.0
* qcom: update venus firmware files for v5.4
- Move adreno and modem firmware into kernel-firmware-qcom
subpackage
- Update license list and module aliases
++++ spice:
- Update to v0.15.0 release
This is the first release in the new 0.15.x stable series.
* Minor updates to CI
* Some compatibility with OpenSSL
* Change the behavior of handle_dev_start ignoring multiple start requests
* Ignore multiple calls to handle_dev_stop
* Pick up newer spice-common to fix a buffer overflow issue
- Dropped patches contained in new tarball
0001-quic-Check-we-have-some-data-to-start-decoding-quic-.patch
0002-quic-Check-image-size-in-quic_decode_begin.patch
0003-quic-Check-RLE-lengths.patch
0004-quic-Avoid-possible-buffer-overflow-in-find_bucket.patch
++++ psmisc:
- Change patch 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch
* Fix bsc#1185208 to make private mount namespaces work as well
as to distinguish NFS mounts from same remote device share.
++++ shim:
- shim-install: always assume "removable" for Azure to avoid the
endless reset loop (bsc#1185464)
------------------------------------------------------------------
------------------ 2021-5-6 - May 6 2021 -------------------
------------------------------------------------------------------
++++ Mesa:
- adjusted filelist to removed vulkan files in Mesa 21.1.0
(packages Mesa-libVulkan-devel, Mesa-vulkan-device-select,
Mesa-vulkan-overlay)
- /usr/include/vulkan/vulkan_intel.h dropped with Mesa 21.1.0, but
let's keep the package containing an empty directory
- update to 21.1.0
* bunch of work here, lots of zink and softpipe, but bits and
pieces of other things: tgsi, freddreno, nir, panfrost, intel,
spirv, core gallium, radv, aco, r600, and core mesa.
- supersedes patches U_clover-Fix-build-with-llvm-12.patch,
U_clover-Add-missing-include-for-llvm-12-build-fix.patch
++++ Mesa-drivers:
- adjusted filelist to removed vulkan files in Mesa 21.1.0
(packages Mesa-libVulkan-devel, Mesa-vulkan-device-select,
Mesa-vulkan-overlay)
- /usr/include/vulkan/vulkan_intel.h dropped with Mesa 21.1.0, but
let's keep the package containing an empty directory
- update to 21.1.0
* bunch of work here, lots of zink and softpipe, but bits and
pieces of other things: tgsi, freddreno, nir, panfrost, intel,
spirv, core gallium, radv, aco, r600, and core mesa.
- supersedes patches U_clover-Fix-build-with-llvm-12.patch,
U_clover-Add-missing-include-for-llvm-12-build-fix.patch
++++ hwdata:
- Update to version 0.347 (bsc#1185697):
+ Updated pci, usb and vendor ids.
++++ kernel-default:
- kernel-docs.spec.in: Build using an utf-8 locale.
Sphinx cannot handle UTF-8 input in non-UTF-8 locale.
- commit 0db6da1
- config: disable kfence by default (bsc#1185565)
Apperently the overhead of kfence is not as negligible as the help text
seemed to promise so that it seems more appropriate to disable kfence by
default by setting CONFIG_KFENCE_SAMPLE_INTERVAL to 0. Anyone who wants to
enable it can still do so using the kfence.sample_interval command line
parameter.
- commit 5d73dc7
++++ harfbuzz:
- Update to version 2.8.1:
+ Subsetter now fully supports GSUB/GPOS/GDEF tables (including
variations); as such, layout tables are retained by subsetter
by default
+ hb-view supports iTerm2 and kitty inline image protocols
it can also use Chafa for terminal graphics if available
- Add pkgconfig(chafa): new, optional depdency.
++++ libpng16:
- install rpm macros in %{_rpmmacrodir} [bsc#1185661]
- call spec-cleaner
++++ ceph:
- Update to 16.2.3-26-g422932e923:
+ rebased on top of upstream pacific SHA1 381b476cb3900f9a92eb95d03b4850b953cfd79a
Pacific v16.2.3 release
see https://ceph.io/releases/v16-2-3-pacific-released/
* cephadm: normalize image digest in 'ls' output too
Pacific v16.2.2 release
see https://ceph.io/releases/v16-2-2-pacific-released/
++++ qemu:
- For the record, these issues are fixed in this package already.
Most are alternate references to previously mentioned issues:
(CVE-2019-15890, bsc#1149813, CVE-2020-8608, bsc#1163019,
CVE-2020-14364, bsc#1175534, CVE-2020-25707, bsc#1178683,
CVE-2020-25723, bsc#1178935, CVE-2020-29130, bsc#1179477,
CVE-2020-29129, bsc#1179484, CVE-2021-3419, bsc#1182975)
++++ shim:
- Include suse-signed shim for AArch64 (bsc#1185621)
(sync shim.changes from SLE)
- Add shim-bsc1185621-relax-max-var-sz-check.patch to relax the
maximum variable size check for u-boot (bsc#1185621)
------------------------------------------------------------------
------------------ 2021-5-5 - May 5 2021 -------------------
------------------------------------------------------------------
++++ bash:
- Add official patch bash51-005
* Fix two memory leaks when assigning arrays using compound assignment syntax.
- Add official patch bash51-006
* Make sure child processes forked to run command substitutions are in the
proper process group.
- Add official patch bash51-007
* The code to check readline versions in an inputrc file had the sense of the
comparisons reversed.
- Add official patch bash51-008
* Process substitution FIFOs opened by child processes as targets of redirections
were not removed appropriately, leaving remnants in the file system.
++++ boost-base:
- Also exclude libboost_math_c99l and libboost_math_tr1l on ppc
++++ kernel-default:
- rpm/kernel-docs.spec.in: Add amscls as required for build.
[ 781s] ! LaTeX Error: File `amsthm.sty' not found.
- commit 1fd6a67
- Fix vanilla ppc64 build.
- commit f1085cb
- mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711 (bsc#1176576)
- commit 310b140
- mmc: sdhci-iproc: Cap min clock frequency on BCM2711 (bsc#1176576)
- commit 3e41868
- rpm: drop /usr/bin/env in interpreter specification
OBS checks don't like /usr/bin/env in script interpreter lines but upstream
developers tend to use it. A proper solution would be fixing the depedency
extraction and drop the OBS check error but that's unlikely to happen so
that we have to work around the problem on our side and rewrite the
interpreter lines in scripts before collecting files for packages instead.
- commit 45c5c1a
++++ python310-core:
- Update to 3.9.5:
* Security
- bpo-43434: Creating a sqlite3.Connection object now also
produces a sqlite3.connect auditing event. Previously this
event was only produced by sqlite3.connect() calls. Patch
by Erlend E. Aasland.
- bpo-43882: The presence of newline or tab characters in
parts of a URL could allow some forms of attacks.
- Following the controlling specification for URLs defined by
WHATWG urllib.parse() now removes ASCII newlines and tabs
from URLs, preventing such attacks.
- bpo-43472: Ensures interpreter-level audit hooks receive
the cpython.PyInterpreterState_New event when called
through the _xxsubinterpreters module.
- bpo-36384: ipaddress module no longer accepts any leading
zeros in IPv4 address strings. Leading zeros are ambiguous
and interpreted as octal notation by some libraries. For
example the legacy function socket.inet_aton() treats
leading zeros as octal notatation. glibc implementation of
modern inet_pton() does not accept any leading zeros. For
a while the ipaddress module used to accept ambiguous
leading zeros.
- bpo-43075: Fix Regular Expression Denial of Service (ReDoS)
vulnerability in urllib.request.AbstractBasicAuthHandler.
The ReDoS-vulnerable regex has quadratic worst-case
complexity and it allows cause a denial of service when
identifying crafted invalid RFCs. This ReDoS issue is on
the client side and needs remote attackers to control the
HTTP server.
- bpo-42800: Audit hooks are now fired for frame.f_code,
traceback.tb_frame, and generator code/frame attribute
access.
* Core and Builtins
- bpo-43105: Importlib now resolves relative paths when
creating module spec objects from file locations.
- bpo-42924: Fix bytearray repetition incorrectly copying
data from the start of the buffer, even if the data is
offset within the buffer (e.g. after reassigning a slice at
the start of the bytearray to a shorter byte string).
* Library
- bpo-43993: Update bundled pip to 21.1.1.
- bpo-43937: Fixed the turtle module working with non-default
root window.
- bpo-43930: Update bundled pip to 21.1 and setuptools to
56.0.0
- bpo-43920: OpenSSL 3.0.0: load_verify_locations() now
returns a consistent error message when cadata contains no
valid certificate.
- bpo-43607: urllib can now convert Windows paths with \\?\
prefixes into URL paths.
- bpo-43284: platform.win32_ver derives the windows version
from sys.getwindowsversion().platform_version which in turn
derives the version from kernel32.dll (which can be of
a different version than Windows itself). Therefore change
the platform.win32_ver to determine the version using the
platform module’s _syscmd_ver private function to return an
accurate version.
- bpo-42248: [Enum] ensure exceptions raised in _missing__
are released
- bpo-43799: OpenSSL 3.0.0: define OPENSSL_API_COMPAT 1.1.1
to suppress deprecation warnings. Python requires OpenSSL
1.1.1 APIs.
- bpo-43794: Add ssl.OP_IGNORE_UNEXPECTED_EOF constants
(OpenSSL 3.0.0)
- bpo-43789: OpenSSL 3.0.0: Don’t call the password callback
function a second time when first call has signaled an
error condition.
- bpo-43788: The header files for ssl error codes are now
OpenSSL version-specific. Exceptions will now show correct
reason and library codes. The make_ssl_data.py script has
been rewritten to use OpenSSL’s text file with error codes.
- bpo-43655: tkinter dialog windows are now recognized as
dialogs by window managers on macOS and X Window.
- bpo-43534: turtle.textinput() and turtle.numinput() create
now a transient window working on behalf of the canvas
window.
- bpo-43522: Fix problem with hostname_checks_common_name.
OpenSSL does not copy hostflags from struct SSL_CTX to
struct SSL.
- bpo-42967: Allow bytes separator argument in
urllib.parse.parse_qs and urllib.parse.parse_qsl when
parsing str query strings. Previously, this raised
a TypeError.
- bpo-43176: Fixed processing of a dataclass that inherits
from a frozen dataclass with no fields. It is now correctly
detected as an error.
- bpo-41735: Fix thread locks in zlib module may go wrong in
rare case. Patch by Ma Lin.
- bpo-36470: Fix dataclasses with InitVars and replace().
Patch by Claudiu Popa.
- bpo-32745: Fix a regression in the handling of ctypes’
ctypes.c_wchar_p type: embedded null characters would cause
a ValueError to be raised. Patch by Zackery Spytz.
* Documentation
- bpo-43959: The documentation on the PyContextVar C-API was
clarified.
- bpo-43938: Update dataclasses documentation to express that
FrozenInstanceError is derived from AttributeError.
- bpo-43755: Update documentation to reflect that
unparenthesized lambda expressions can no longer be the
expression part in an if clause in comprehensions and
generator expressions since Python 3.9.
- bpo-43739: Fixing the example code in
Doc/extending/extending.rst to declare and initialize the
pmodule variable to be of the right type.
* Tests
- bpo-43961: Fix
test_logging.test_namer_rotator_inheritance() on Windows:
use os.replace() rather than os.rename(). Patch by Victor
Stinner.
- bpo-43842: Fix a race condition in the SMTP test of
test_logging. Don’t close a file descriptor (socket) from
a different thread while asyncore.loop() is polling the
file descriptor. Patch by Victor Stinner.
- bpo-43811: Tests multiple OpenSSL versions on GitHub
Actions. Use ccache to speed up testing.
- bpo-43791: OpenSSL 3.0.0: Disable testing of legacy
protocols TLS 1.0 and 1.1. Tests are failing with
TLSV1_ALERT_INTERNAL_ERROR.
- Refreshed patches:
- bpo-31046_ensurepip_honours_prefix.patch
- python-3.3.0b1-fix_date_time_compiler.patch
- Add vendorized files from bluez-devel to enable building support for
Bluetooth.
++++ ceph:
- Update to 16.2.1-283-g9f37a4bec4:
+ rebased on top of upstream pacific SHA1 717ce59b76c659aaef8c5aec1355c0ac5cef7234
Pacific v16.2.1 release
see https://ceph.io/releases/v16-2-1-pacific-released/
* (bsc#1183074) - (CVE-2021-20288) ceph: Unauthorized global_id reuse
* (bsc#1184231) cephadm: Allow to use paths in all <_devices> drivegroup sections
++++ readline:
- Add official patch readline81-001 and its signature
* The code to check readline versions in an inputrc file had the sense of the
comparisons reversed.
++++ python310:
- Update to 3.9.5:
* Security
- bpo-43434: Creating a sqlite3.Connection object now also
produces a sqlite3.connect auditing event. Previously this
event was only produced by sqlite3.connect() calls. Patch
by Erlend E. Aasland.
- bpo-43882: The presence of newline or tab characters in
parts of a URL could allow some forms of attacks.
- Following the controlling specification for URLs defined by
WHATWG urllib.parse() now removes ASCII newlines and tabs
from URLs, preventing such attacks.
- bpo-43472: Ensures interpreter-level audit hooks receive
the cpython.PyInterpreterState_New event when called
through the _xxsubinterpreters module.
- bpo-36384: ipaddress module no longer accepts any leading
zeros in IPv4 address strings. Leading zeros are ambiguous
and interpreted as octal notation by some libraries. For
example the legacy function socket.inet_aton() treats
leading zeros as octal notatation. glibc implementation of
modern inet_pton() does not accept any leading zeros. For
a while the ipaddress module used to accept ambiguous
leading zeros.
- bpo-43075: Fix Regular Expression Denial of Service (ReDoS)
vulnerability in urllib.request.AbstractBasicAuthHandler.
The ReDoS-vulnerable regex has quadratic worst-case
complexity and it allows cause a denial of service when
identifying crafted invalid RFCs. This ReDoS issue is on
the client side and needs remote attackers to control the
HTTP server.
- bpo-42800: Audit hooks are now fired for frame.f_code,
traceback.tb_frame, and generator code/frame attribute
access.
* Core and Builtins
- bpo-43105: Importlib now resolves relative paths when
creating module spec objects from file locations.
- bpo-42924: Fix bytearray repetition incorrectly copying
data from the start of the buffer, even if the data is
offset within the buffer (e.g. after reassigning a slice at
the start of the bytearray to a shorter byte string).
* Library
- bpo-43993: Update bundled pip to 21.1.1.
- bpo-43937: Fixed the turtle module working with non-default
root window.
- bpo-43930: Update bundled pip to 21.1 and setuptools to
56.0.0
- bpo-43920: OpenSSL 3.0.0: load_verify_locations() now
returns a consistent error message when cadata contains no
valid certificate.
- bpo-43607: urllib can now convert Windows paths with \\?\
prefixes into URL paths.
- bpo-43284: platform.win32_ver derives the windows version
from sys.getwindowsversion().platform_version which in turn
derives the version from kernel32.dll (which can be of
a different version than Windows itself). Therefore change
the platform.win32_ver to determine the version using the
platform module’s _syscmd_ver private function to return an
accurate version.
- bpo-42248: [Enum] ensure exceptions raised in _missing__
are released
- bpo-43799: OpenSSL 3.0.0: define OPENSSL_API_COMPAT 1.1.1
to suppress deprecation warnings. Python requires OpenSSL
1.1.1 APIs.
- bpo-43794: Add ssl.OP_IGNORE_UNEXPECTED_EOF constants
(OpenSSL 3.0.0)
- bpo-43789: OpenSSL 3.0.0: Don’t call the password callback
function a second time when first call has signaled an
error condition.
- bpo-43788: The header files for ssl error codes are now
OpenSSL version-specific. Exceptions will now show correct
reason and library codes. The make_ssl_data.py script has
been rewritten to use OpenSSL’s text file with error codes.
- bpo-43655: tkinter dialog windows are now recognized as
dialogs by window managers on macOS and X Window.
- bpo-43534: turtle.textinput() and turtle.numinput() create
now a transient window working on behalf of the canvas
window.
- bpo-43522: Fix problem with hostname_checks_common_name.
OpenSSL does not copy hostflags from struct SSL_CTX to
struct SSL.
- bpo-42967: Allow bytes separator argument in
urllib.parse.parse_qs and urllib.parse.parse_qsl when
parsing str query strings. Previously, this raised
a TypeError.
- bpo-43176: Fixed processing of a dataclass that inherits
from a frozen dataclass with no fields. It is now correctly
detected as an error.
- bpo-41735: Fix thread locks in zlib module may go wrong in
rare case. Patch by Ma Lin.
- bpo-36470: Fix dataclasses with InitVars and replace().
Patch by Claudiu Popa.
- bpo-32745: Fix a regression in the handling of ctypes’
ctypes.c_wchar_p type: embedded null characters would cause
a ValueError to be raised. Patch by Zackery Spytz.
* Documentation
- bpo-43959: The documentation on the PyContextVar C-API was
clarified.
- bpo-43938: Update dataclasses documentation to express that
FrozenInstanceError is derived from AttributeError.
- bpo-43755: Update documentation to reflect that
unparenthesized lambda expressions can no longer be the
expression part in an if clause in comprehensions and
generator expressions since Python 3.9.
- bpo-43739: Fixing the example code in
Doc/extending/extending.rst to declare and initialize the
pmodule variable to be of the right type.
* Tests
- bpo-43961: Fix
test_logging.test_namer_rotator_inheritance() on Windows:
use os.replace() rather than os.rename(). Patch by Victor
Stinner.
- bpo-43842: Fix a race condition in the SMTP test of
test_logging. Don’t close a file descriptor (socket) from
a different thread while asyncore.loop() is polling the
file descriptor. Patch by Victor Stinner.
- bpo-43811: Tests multiple OpenSSL versions on GitHub
Actions. Use ccache to speed up testing.
- bpo-43791: OpenSSL 3.0.0: Disable testing of legacy
protocols TLS 1.0 and 1.1. Tests are failing with
TLSV1_ALERT_INTERNAL_ERROR.
- Refreshed patches:
- bpo-31046_ensurepip_honours_prefix.patch
- python-3.3.0b1-fix_date_time_compiler.patch
- Add vendorized files from bluez-devel to enable building support for
Bluetooth.
------------------------------------------------------------------
------------------ 2021-5-4 - May 4 2021 -------------------
------------------------------------------------------------------
++++ ansible:
- update to 2.9.21
++++ glibc:
- nptl-db-libpthread-load-order.patch: nptl_db: Support different
libpthread/ld.so load orders (bsc#1184214, BZ #27744)
++++ kernel-default:
- supported.conf: add USB Typec to installer (bsc#1184867)
- commit 17b53f0
- scripts/git_sort/git_sort.py: Update nvme repositories
- commit e849c44
++++ schily:
- Update to release 2021.04.21
* Bourne Shell: The new version no longer aborts with an
illegal multi byte sequence as "no match". As a result, the
"*" now again matches any filename - even if the filename
contains an illegal multi-byte sequence.
* SunPro Make: The new operators :::= and +:= have been
introduced.
++++ libjpeg-turbo:
- disable SIMD for armv6hl, not available
++++ nfs-utils:
- Add 0001-Replace-all-var-run-with-run.patch
Use /run instead of /var/run
(bsc#1185170)
++++ snapper:
- fixed systemd sandboxing (bsc#1185596)
++++ mokutil:
- spec file cleanup
++++ salt:
- Parsing Epoch out of version provided during pkg remove (bsc#1173692)
- Added:
* parsing-epoch-out-of-version-provided-during-pkg-rem.patch
++++ ovmf:
- Update the descriptors to add "acpi-s4" tag to allow libvirt
enable hibernation (bsc#1182886#c31)
++++ tpm2.0-tools:
- fix `--version` output of tools. Since now autoreconf is called and
configure.ac attempts to fetch the version from git (which we don't have
during building), the version was empty. Fix this by replacing the git
invocation in configure.ac.
------------------------------------------------------------------
------------------ 2021-5-3 - May 3 2021 -------------------
------------------------------------------------------------------
++++ cockpit:
- install all of pkg/lib in -devel package. Cockpit-machines needs more
++++ cockpit-machines:
- initial package
++++ cups:
- When cupsd creates directories with specific owner group
and permissions (usually owner is 'root' and group matches
"configure --with-cups-group=lp") specify same owner group and
permissions in the RPM spec file to ensure those directories
are installed by RPM with the right settings because if those
directories were installed by RPM with different settings then
cupsd would use them as is and not adjust its specific owner
group and permissions which could lead to privilege escalation
from 'lp' user to 'root' via symlink attacks e.g. if owner is
falsely 'lp' instead of 'root' CVE-2021-25317 (bsc#1184161)
++++ docker:
- Add shell requires for the *-completion subpackages.
++++ kexec-tools:
- Bump version to 2.0.21
- Drop patches from upstream git:
* kexec-tools-video-capability.patch
++++ krb5:
- Build with full Cyrus SASL support
* Negotiating SASL credentials with an EXTERNAL bind mechanism requires
interaction. Kerberos provides its own interaction function that skips
all interaction, thus preventing the mechanism from working.
++++ ncurses:
- Add ncurses patch 20210501
+ add a special case in the configure script to work around one of the
build-time breakages reported for OpenBSD 6 here:
https://www.mail-archive.com/bugs@openbsd.org/msg13200.html
There is no workaround for the other issue, a broken linker spec.
+ modify configure check for libtool to prevent accidental use of an
OpenBSD program which uses the same name.
+ update config.guess, config.sub
- Correct offsets of patch ncurses-6.2.dif
++++ libvirt:
- Update to libvirt 7.3.0
- libvirt-admin package merged with libvirt-daemon
- libvirt-bash-completion package merged with libvirt-client and
libvirt-daemon packages
- Many incremental improvements and bug fixes, see
https://libvirt.org/news.html
- Dropped patches:
suse-bump-xen-version.patch
- Added patches:
ee890f25-libxl-mock-funcs.patch
++++ zchunk:
- Update to version 1.1.11
* Fix memory leak of zck->prep_digest
* Fix argp detection
* Handle certain rare web servers that don't start with \r\n
- Drop upstream merged fix-test-argp.patch
++++ ovmf:
- Add ovmf-bsc1184801-fix-sev-with-tpm.patch to fix SEV-ES guest
crash with TPM (bsc#1184801)
++++ shim:
- Add shim-bsc1185441-fix-handling-of-ignore_db-and-user_insecure_mode.patch
to handle ignore_db and user_insecure_mode correctly
(bsc#1185441, bsc#1187071)
------------------------------------------------------------------
------------------ 2021-5-2 - May 2 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Linux 5.12.1 (bsc#1012628).
- mei: me: add Alder Lake P device id (bsc#1012628).
- cfg80211: fix locking in netlink owner interface destruction
(bsc#1012628).
- iwlwifi: Fix softirq/hardirq disabling in
iwl_pcie_gen2_enqueue_hcmd() (bsc#1012628).
- USB: CDC-ACM: fix poison/unpoison imbalance (bsc#1012628).
- net: hso: fix NULL-deref on disconnect regression (bsc#1012628).
- commit 9f237a4
++++ at-spi2-core:
- Update to version 2.40.1:
+ Fix double free when removing event listeners.
+ Fix numlock detection.
++++ python310-core:
- Make sure to close the import_failed.map file after the exception
has been raised in order to avoid ResourceWarnings when the
failing import is part of a try...except block.
++++ python310:
- Make sure to close the import_failed.map file after the exception
has been raised in order to avoid ResourceWarnings when the
failing import is part of a try...except block.
------------------------------------------------------------------
------------------ 2021-5-1 - May 1 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- powerpc/64: BE option to use ELFv2 ABI for big endian kernels
(BTFIDS vmlinux FAILED unresolved symbol vfs_truncate).
Update config files.
- commit 17ebdf1
++++ openssl-3:
- Update to 3.0.0 Alpha 15
* The default manual page suffix ($MANSUFFIX) has been changed to "ossl"
* Added support for Kernel TLS (KTLS). In order to use KTLS, support for it
must be compiled in using the "enable-ktls" compile time option. It must
also be enabled at run time using the SSL_OP_ENABLE_KTLS option.
* The error return values from some control calls (ctrl) have changed.
One significant change is that controls which used to return -2 for
invalid inputs, now return -1 indicating a generic error condition instead.
* Removed EVP_PKEY_set_alias_type().
* All of these low level RSA functions have been deprecated without
replacement:
RSA_blinding_off, RSA_blinding_on, RSA_clear_flags, RSA_get_version,
RSAPrivateKey_dup, RSAPublicKey_dup, RSA_set_flags, RSA_setup_blinding and
RSA_test_flags.
* All of these RSA flags have been deprecated without replacement:
RSA_FLAG_BLINDING, RSA_FLAG_CACHE_PRIVATE, RSA_FLAG_CACHE_PUBLIC,
RSA_FLAG_EXT_PKEY, RSA_FLAG_NO_BLINDING, RSA_FLAG_THREAD_SAFE and
RSA_METHOD_FLAG_NO_CHECK.
* These low level DH functions have been deprecated without replacement:
DH_clear_flags, DH_get_1024_160, DH_get_2048_224, DH_get_2048_256,
DH_set_flags and DH_test_flags.
The DH_FLAG_CACHE_MONT_P flag has been deprecated without replacement.
The DH_FLAG_TYPE_DH and DH_FLAG_TYPE_DHX have been deprecated. Use
EVP_PKEY_is_a() to determine the type of a key. There is no replacement for
setting these flags.
* These low level DSA functions have been deprecated without replacement:
DSA_clear_flags, DSA_dup_DH, DSAparams_dup, DSA_set_flags and
DSA_test_flags.
* The DSA_FLAG_CACHE_MONT_P flag has been deprecated without replacement.
* Reworked the treatment of EC EVP_PKEYs with the SM2 curve to
automatically become EVP_PKEY_SM2 rather than EVP_PKEY_EC. This is a breaking
change from previous OpenSSL versions.
Unlike in previous OpenSSL versions, this means that applications must not
call 'EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)' to get SM2 computations.
The 'EVP_PKEY_set_alias_type' function has now been removed.
* Parameter and key generation is also reworked to make it possible
to generate EVP_PKEY_SM2 parameters and keys. Applications must now generate
SM2 keys directly and must not create an EVP_PKEY_EC key first.
++++ libxkbcommon:
- Update to release 1.3.0
* `xkbcli list` was changed to output YAML instead of a
custom format.
* Fix segmentation fault in case-insensitive
`xkb_keysym_from_name` for certain values like the empty
string.
++++ python310-packaging:
- add no-legacyversion-warning.patch to restore compatibility with 20.4
------------------------------------------------------------------
------------------ 2021-4-30 - Apr 30 2021 -------------------
------------------------------------------------------------------
++++ cockpit:
- new version 243
https://cockpit-project.org/blog/cockpit-243.html
https://cockpit-project.org/blog/cockpit-242.html
https://cockpit-project.org/blog/cockpit-241.html
https://cockpit-project.org/blog/cockpit-240.html
https://cockpit-project.org/blog/cockpit-239.html
++++ librsvg:
- Update to version 2.50.5:
+ Images embedded as data: URLs didn't render if they had a MIME
type with a charset parameter.
+ Don't allow number lists with unbounded lengths in tableValues
attributes, for feComponentTransfer and feConvolveMatrix.
+ Negative rx/ry in rect element should be ignored.
++++ glib-networking:
- Update to version 2.68.1:
+ Fix threadsafety issue in certificate verification.
+ Temporarily remove support for downloading missing intermediate
certificates with GnuTLS 3.7.
++++ kernel-default:
- rpm/constraints.in: bump disk space to 45GB on riscv64
- commit f8b883f
++++ qemu:
- Update to v6.0: see https://wiki.qemu.org/ChangeLog/6.0
For a full list of formely deprecated features that are removed now,
consult: https://qemu-project.gitlab.io/qemu/system/removed-features.html.
For a list of new deprecated features, consult:
https://qemu-project.gitlab.io/qemu/system/deprecated.html
Some noteworthy changes:
* Removed tileGX CPU (linux-user mode).
* Removed ide-drive device (use ide-hd or ide-cd instead).
* Removed scsi-disk device (use scsi-hd or scsi-cd instead).
* Removed pc-1.0, pc-1.1, pc-1.2, and pc-1.3 machine types.
* Added emulation of Arm-v8.1M arch and Cortex-M55 CPU.
* Added boards mps3-an524 (Cortex-M33) and mps3-an547 (Cortex-M55).
* x86: Support for running SEV-ES encrypted guests; TCG can emulate
the PKS feature; WHPX accelerator supports accelerated APIC.
* ARM: ARMv8.4-TTST, ARMv8.4-SEL2, FEAT_SSBS, and ARMv8.4-DIT emulation
are now supported; Added ARMv8.5-MemTag extension is now supported formely
linux-user. Additional device emulation support for xlnx-zynqmp, xlnx-versal,
sbsa-ref, npcm7xx, and sabrelite board models.
* PowerPC: powernv now allows external BMC; pseries can send QAPI message
if it detects a memory hotplug failure; CPU unplug request can be retried.
* s390: TCG works with Linux kernels built with clang-11 and clang12.
* RISC-V: OpenSBI upgraded to v0.9; Support the QMP dump-guest-memory
command; Add support for the SiFive SPI controller (sifive_u); Add QSPI
NOR flash to Microchip PFSoC.
* Misc doc improvements.
* Multiprocess: Add experimental options to support out-of-process device
emulation.
* ACPI: support for assigning NICs to known names in guest OS independently of
PCI slot placement.
* NVMe: new emulation support for v1.4 spec with many new features, experimental
support for Zoned Namespaces, multipath I/O, and End-to-End Data Protection.
* Xen: New guest loader for testing of Xen-like hypervisors booting kernels.
* virtiofs: misc. security fixes and performance improvements.
* Tools: FUSE block exports to allow mounting any QEMU block device node
as a host file.
* Migration: query/info-migrate now display the migration blocker status and
the reasons for blocking.
* User-mode: Added support for the Qualcomm Hexagon processor.
* TCG: Added support for Apple Silicon hosts (macOS).
* QMP: backup jobs now support multiple asynchronous requests in parallel
* VNC: virtio-vga support for scaling resolution based on client window size
* Patches added:
doc-add-our-support-doc-to-the-main-proj.patch
* Patches removed:
9pfs-Fully-restart-unreclaim-loop-CVE-20.patch
audio-add-sanity-check.patch
block-Fix-deadlock-in-bdrv_co_yield_to_d.patch
block-Fix-locking-in-qmp_block_resize.patch
blockjob-Fix-crash-with-IOthread-when-bl.patch
block-nfs-fix-int-overflow-in-nfs_client.patch
block-rbd-fix-memory-leak-in-qemu_rbd_co.patch
block-rbd-Fix-memory-leak-in-qemu_rbd_co.patch
block-Separate-blk_is_writable-and-blk_s.patch
block-Simplify-qmp_block_resize-error-pa.patch
brotli-fix-actual-variable-array-paramet.patch
build-no-pie-is-no-functional-linker-fla.patch
cadence_gem-switch-to-use-qemu_receive_p.patch
cpu-core-Fix-help-of-CPU-core-device-typ.patch
docs-add-SUSE-support-statements-to-html.patch
dp8393x-switch-to-use-qemu_receive_packe.patch
e1000-fail-early-for-evil-descriptor.patch
e1000-switch-to-use-qemu_receive_packet-.patch
hw-arm-virt-acpi-build-Fix-GSIV-values-o.patch
hw-arm-virt-Disable-pl011-clock-migratio.patch
hw-block-fdc-Fix-fallback-property-on-sy.patch
hw-intc-arm_gic-Fix-interrupt-ID-in-GICD.patch
hw-isa-Kconfig-Add-missing-dependency-VI.patch
hw-isa-piix4-Migrate-Reset-Control-Regis.patch
hw-net-lan9118-Fix-RX-Status-FIFO-PEEK-v.patch
hw-s390x-fix-build-for-virtio-9p-ccw.patch
hw-sd-sd-Actually-perform-the-erase-oper.patch
hw-sd-sd-Fix-build-error-when-DEBUG_SD-i.patch
hw-sd-sdhci-Correctly-set-the-controller.patch
hw-sd-sdhci-Don-t-transfer-any-data-when.patch
hw-sd-sdhci-Don-t-write-to-SDHC_SYSAD-re.patch
hw-sd-sdhci-Limit-block-size-only-when-S.patch
hw-sd-sdhci-Reset-the-data-pointer-of-s-.patch
hw-sd-sd-Move-the-sd_block_-read-write-a.patch
hw-sd-sd-Skip-write-protect-groups-check.patch
hw-timer-slavio_timer-Allow-64-bit-acces.patch
hw-virtio-pci-Added-AER-capability.patch
hw-virtio-pci-Added-counter-for-pcie-cap.patch
i386-acpi-restore-device-paths-for-pre-5.patch
iotests-Fix-_send_qemu_cmd-with-bash-5.1.patch
lan9118-switch-to-use-qemu_receive_packe.patch
lsilogic-Use-PCIDevice-exit-instead-of-D.patch
Make-keycode-gen-output-reproducible-use.patch
memory-clamp-cached-translation-in-case-.patch
monitor-Fix-assertion-failure-on-shutdow.patch
mptsas-Remove-unused-MPTSASState-pending.patch
msf2-mac-switch-to-use-qemu_receive_pack.patch
net-Fix-handling-of-id-in-netdev_add-and.patch
net-introduce-qemu_receive_packet.patch
pcnet-switch-to-use-qemu_receive_packet-.patch
qemu-nbd-Use-SOMAXCONN-for-socket-listen.patch
qemu-storage-daemon-Enable-object-add.patch
rtl8139-switch-to-use-qemu_receive_packe.patch
s390x-add-have_virtio_ccw.patch
s390x-css-report-errors-from-ccw_dstream.patch
s390x-Fix-stringop-truncation-issue-repo.patch
s390x-modularize-virtio-gpu-ccw.patch
s390x-move-S390_ADAPTER_SUPPRESSIBLE.patch
s390x-pci-restore-missing-Query-PCI-Func.patch
spice-app-avoid-crash-when-core-spice-mo.patch
sungem-switch-to-use-qemu_receive_packet.patch
target-arm-Don-t-decode-insns-in-the-XSc.patch
target-arm-Fix-MTE0_ACTIVE.patch
target-arm-Introduce-PREDDESC-field-defi.patch
target-arm-Update-PFIRST-PNEXT-for-pred_.patch
target-arm-Update-REV-PUNPK-for-pred_des.patch
target-arm-Update-ZIP-UZP-TRN-for-pred_d.patch
target-xtensa-fix-meson.build-rule-for-x.patch
tcg-Use-memset-for-large-vector-byte-rep.patch
tools-virtiofsd-Replace-the-word-whiteli.patch
tx_pkt-switch-to-use-qemu_receive_packet.patch
ui-vnc-Add-missing-lock-for-send_color_m.patch
update-linux-headers-Include-const.h.patch
Update-linux-headers-to-5.11-rc2.patch
util-fix-use-after-free-in-module_load_o.patch
vfio-ccw-Connect-the-device-request-noti.patch
vhost-user-blk-fix-blkcfg-num_queues-end.patch
viriofsd-Add-support-for-FUSE_HANDLE_KIL.patch
virtiofsd-extract-lo_do_open-from-lo_ope.patch
virtiofsd-optionally-return-inode-pointe.patch
virtiofsd-prevent-opening-of-special-fil.patch
virtiofs-drop-remapped-security.capabili.patch
virtiofsd-Save-error-code-early-at-the-f.patch
virtio-move-use-disabled-flag-property-t.patch
virtio-pci-compat-page-aligned-ATS.patch
xen-block-Fix-removal-of-backend-instanc.patch
++++ zypper:
- Rephrase needs-rebooting help and messages.
Try to point out that the need to reboot was not necessarily
triggered by the current transaction.
- man page: Recommend the needs-rebooting command to test whether
a system reboot is suggested.
- patch: Let a patch's reboot-needed flag overrule included packages
(bsc#1183268)
- Quickfix setting "openSUSE_Tumbleweed" as default platform for
"MicroOS" (bsc#1153687)
This fixes the guessed platform for "obs://<project>/" URLs.
- Protect against strict/relaxed user umask via sudo (bsc#1183589)
- zypper-log: protect against thread name indicators in a log.
- xml summary: add solvables repository alias (bsc#1182372)
- version 1.14.44
------------------------------------------------------------------
------------------ 2021-4-29 - Apr 29 2021 -------------------
------------------------------------------------------------------
++++ branding-openSUSE:
- Also skip *.tr as config files in
/etc/bootsplash/themes/openSUSE/bootloader (in addition to
/etc/bootsplash/themes/openSUSE/cdrom)
++++ coreutils:
- Use new packageand format
++++ kernel-default:
- Update config files: fix armv7hl/lpae config (bsc#1152773)
CONFIG_OABI_COMPAT was left enabled mistakenly on lpae flavor, which
resulted in the disablement of CONFIG_SECCOMP_FILTER. Fix those.
CONFIG_OABI_COMPAT -> disabled
CONFIG_SECCOMP_FILTER=y
CONFIG_HAVE_ARCH_SECCOMP_FILTER=y
Also corrected the following with the update:
CONFIG_HAVE_ARCH_AUDITSYSCALL=y
CONFIG_AUDITSYSCALL=y
CONFIG_FPE_NWFPE -> removed
CONFIG_FPE_NWFPE_XP -> removed
CONFIG_FPE_FASTFPE -> removed
- commit 644711e
++++ kernel-firmware:
- Update to version 20210426 (git commit fa0efeff4894):
* linux-firmware: Update firmware file for Intel Bluetooth AX210
* linux-firmware: Update firmware file for Intel Bluetooth 9560
* linux-firmware: Update firmware file for Intel Bluetooth 9260
* linux-firmware: Update firmware file for Intel Bluetooth AX200
* linux-firmware: Update firmware file for Intel Bluetooth AX201
* linux-firmware: Intel BT 7265: Fix Security Issues
* linux-firmware: Update firmware file for Intel Bluetooth 8265
* mrvl: prestera: Add Marvell Prestera Switchdev firmware 3.0 version
* rtw88: 8822c: Update normal firmware to v9.9.9
* brcm: add missing symlink for Pi Zero W NVRAM file
* amdgpu: update arcturus firmware from 21.10
* amdgpu: update navy flounder firmware from 21.10
* amdgpu: update sienna cichlid firmware from 21.10
* amdgpu: update vega20 firmware from 21.10
* amdgpu: update picasso firmware from 21.10
* amdgpu: update navi14 firmware from 21.10
* amdgpu: update green sardine firmware from 21.10
* amdgpu: update vega12 firmware from 21.10
* amdgpu: update navi12 firmware from 21.10
* amdgpu: update vega10 firmware from 21.10
* amdgpu: update renoir firmware from 21.10
* amdgpu: update navi10 firmware from 21.10
* amdgpu: update raven2 firmware from 21.10
* amdgpu: update raven firmware from 21.10
* rtl_nic: add new firmware for RTL8153 and RTL8156 series
++++ less:
- update to 581.2:
* This fixes a bug found in less-581 where the terminal was sometimes left in
mouse-reporting mode after exiting less.
++++ libcontainers-common:
- Update common to 0.37.0
0.37.0:
new libimage package
Bump github.com/containers/storage from 1.29.0 to 1.30.0
config: suggest enable-linger only if euid != 0
Change log message in findRuntime()
Add setns to default seccomp.json
Cleanup debugf information to make debugging more useful
- Update podman to 3.1.2
3.1.2:
[#]## Bugfixes
- Fixed a bug where images with empty layers were stored incorrectly, causing them to be unable to be pushed or saved.
- Fixed a bug where the `podman rmi` command could fail to remove corrupt images from storage.
- Fixed a bug where the remote Podman client's `podman save` command did not support the `oci-dir` and `docker-dir` formats ([#9742](https://github.com/containers/podman/issues/9742)).
- Fixed a bug where volume mounts from `podman play kube` created with a trailing `/` in the container path were were not properly superceding named volumes from the image ([#9618](https://github.com/containers/podman/issues/9618)).
- Fixed a bug where Podman could fail to build on 32-bit architectures.
[#]## Misc
- Updated the containers/image library to v5.11.1
- Update storage to 1.30.1
1.30.1:
Allow users to tag images in read/only image stores
build(deps): bump github.com/klauspost/compress from 1.12.1 to 1.12.2
Validate selinux label before attempting to use it
1.30.0:
unshare: new function HasCapSysAdmin
btrfs: Do not disable quota on cleanup
build(deps): bump github.com/klauspost/compress from 1.11.13 to 1.12.1
- Update image to 5.11.1
* new libimage package
* Bump github.com/containers/storage from 1.29.0 to 1.30.0
* config: suggest enable-linger only if euid != 0
* Change log message in findRuntime()
* Add setns to default seccomp.json
* Cleanup debugf information to make debugging more useful
++++ update-alternatives:
- Refresh patches for new version
* update-alternatives-suse.patch
- Set minimum version for po4a to 0.59 in BuildRequires
- Update file list in %files section
- Version update to 1.20.9 (boo#1181867)
[ Guillem Jover ]
* Test suite:
- Pass --ignore-builtin-builddeps to dpkg-buildpackage.
- from version 1.20.8
[ Guillem Jover ]
* start-stop-daemon: Open the --output file in append mode.
* dpkg: Fix --auto-deconfigure for essential and protected during
installation. Reported by Julian Andres Klode <jak@debian.org>.
See #983014.
* dpkg-realpath: Fix resolution for absolute symlinks on «/».
Closes: #983855
* dpkg-realpath: Fix symlink loop tracker.
* Perl modules:
- Test::Dpkg: Fix test data path fetching on CPAN.
- Dpkg::Exit: Preserve exit code in END block.
* Build system:
- Group Test::Dpkg changelog entries into “Perl modules†section.
* Packaging:
- Run autopkgtest test suites in verbose mode.
* Test suite:
- Set PERL in the perl test suite.
- Use gunzip instead of zcat and assume it might not be present.
- Mock dpkg and gcc for architecture detection code.
- Initialize DEB_BUILD_ARCH and DEB_HOST_ARCH to avoid computing them.
- Update suppressions for cppcheck 2.4.
[ Update man pages translations ]
* Dutch (Frans Spiesschaert). Closes: #981884
* German (Helge Kreutzmann).
* Portuguese (Américo Monteiro). Closes: #980018
[ Update programs translations ]
* Dutch (Frans Spiesschaert). Closes: #981882
[ Update scripts translations ]
* German (Helge Kreutzmann). Closes: #983865
- from version 1.20.7
[ Guillem Jover ]
* libdpkg: Do not consider the database locked with a missing lock file.
Reported by David Kalnischkies <donkult@debian.org>.
* Documentation:
- man: Clarify and expand information on dpkg-realpath(1) man page.
Closes: #979564
* Packaging:
- Update copyright notices in debian/copyright.
- Bump Standards-Version to 4.5.1 (no changes required).
* Test suite:
- On as-root mode do not use sudo if already running as root.
- Print WARN instead of FAIL for maintscript fd leaks.
[ Update man pages translations ]
* German (Helge Kreutzmann).
[ Update programs translations ]
* German (Sven Joachim).
- from version 1.20.6
[ Guillem Jover ]
* libdpkg: Fix undefined behavior in varbuf functions.
Reported by KOLANICH <kolan_n@mail.ru>.
* libdpkg: Fix memory leaks in tar_extractor().
* libdpkg: Fix memory leak in trigger deferred processing.
Reported by KOLANICH <kolan_n@mail.ru>.
* libdpkg: Fix memory leak in filesystem treewalk node free function.
* libdpkg: Fix memory leak in filesystem treewalk iterator.
* libdpkg: Fix single-instance memory leak with fsys dir.
* libdpkg: Fix short-lived memory leaks.
* libdpkg: Reset error context errmsg after free().
* dpkg: Fix memory leak for cidir.
Reported by KOLANICH <kolan_n@mail.ru>.
* dpkg: Fix short-lived memory leak in --force-help output.
Based on a patch by KOLANICH <kolan_n@mail.ru>.
* dpkg-deb: Fix single-instance memory leak on missing conffiles control
file.
* dpkg-divert: Fix short-lived memory leaks.
* dpkg-realpath: Add new -z, --zero option.
Requested by Johannes Schauer <josch@debian.org>.
* dpkg-deb: Make decompression error message more descriptive.
Closes: #968442
* dpkg-architecture: Add a --print-format option.
Prompted by #968963.
* dpkg-buildpackage: Warn on known R³ values in uppercase.
Reported by Niels Thykier <niels@thykier.net>.
* dpkg-buildpackage: Error out on R³ "yes" value.
Requested by Niels Thykier <niels@thykier.net>.
* dpkg-buildpackage: Clarify R³ keyword diagnostic messages.
* dpkg-deb, dpkg-split: Fix time handling to support 64-bit time.
* libdpkg: Check that the ar archive time is within bounds.
* libdpkg: Ignore not-installed packages for source related virtual fields.
Closes: #972580
* libdpkg: Make source version parsing more robust on missing data.
See #972580.
* libdpkg: Do not forget not-installed packages that are set on hold.
Reported by David Kalnischkies <donkult@debian.org>.
* update-alternatives: Fix memory leaks for alternative database context on
load errors.
* update-alternatives: Fix short-lived memory leaks for alternative structs.
* update-alternatives: Fix memory leaks with new_choice.
* update-alternatives: Fix short-lived memory leaks for log_file and admdir.
* dpkg-buildflags: Add support for DFLAGS. Closes: #975896
* dpkg-parsechanaglog: Document --file in --help output.
* libdpkg: Fix allocation size wrap around when growing a varbuf.
* dpkg-query: Do not print database loading progress. Closes: #977240
* Rename taint tag to merged-usr-via-aliased-dirs.
* dpkg-buildflags: Enable reproducible=fixfilepath by default.
Thanks to Vagrant Cascadian <vagrant@reproducible-builds.org>.
See https://lists.debian.org/debian-devel/2020/10/msg00222.html.
Closes: #974087
* start-stop-daemon: Move umask setup before any file has been created.
* start-stop-daemon: Add a new --output option to redirect stderr and stdout.
* dpkg-maintscript-helper: Do not pass DPKG_ROOT prefixed pathmames to
dpkg-realpath.
* dpkg: When removing old files check the pathname with diversion and
instdir.
* dpkg-realpath: Make 'link includes root prefix' error more verbose.
* libdpkg: Make sure we do not walk on rootless trees.
* dpkg: Fix incorrect logic around printing dependency warnings.
Thanks to Jessica Clarke <jrtc27@debian.org>.
Reported by Helmut Grohne <helmut@subdivi.de>.
* Support remove-on-upgrade conffile flag via DEBIAN/conffiles.
Based on a patch by Niels Thykier <niels@thykier.net>. Closes: #822462
* dpkg-fsys-usrunmess: New program.
* Perl modules:
- Dpkg::Index: Add new item_opts option.
- Dpkg::Exit: Fix exit handler on program termination. Closes: #966083
- Dpkg::Changelog::Entry::Debian: Fix format string.
Prompted by #967911.
- Dpkg::Changelog::Parse: Add new verbose option.
Prompted by #967911.
- Dpkg::Changelog::Parse: Document 'label' option.
- Dpkg::Source::Package::V1: Print a message when verifying tarball
signatures.
- Dpkg::Path: Fix pathname traversal check for symlinks. Closes: #971203
- Dpkg::Source::Package: Honor no_check for directory traversal checks.
See #971203.
- Dpkg::Source::Package: Call syserr() instead of syserror().
Reported by Drew Parsons <dparsons@debian.org>.
See #849752. Closes: #976249
- Dpkg::Path: Check first whether the files are the same by comparing
string-wise. Closes: #849752
- Dpkg::OpenPGP: Refactor gpg armor code into its own function.
* Documentation:
- man: Fix typo in --print-unset option reference.
Reported by Ferenc Wágner <wferi@debian.org>. Closes: #966110
- man: Clarify that dpkg-architecture uses some of its own variables.
Closes: #966111
- man: Fix casing and namespacing in VARIABLES definitions.
- man: Fix typo in dpkg-source(1).
Thanks to Paul Wise <pabs@debian.org>.
- man: Add a reference to deb-symbols(5) in deb-src-symbols(5) DESCRIPTION.
Prompted by #970083.
- man: Specify that symbol, version and id are separated by a single
whitespace. Closes: #970083
- man: Clarify day-of-month format in deb-changelog(5).
Reported by Axel Beckert <abe@debian.org>.
See #971977.
- man: Update update-alternatives maintainer script usage information.
Prompted by Niels Thykier <niels@thykier.net>.
- man: Switch to use L<> markup for URLs instead of B<>.
- doc, man: Clarify that R³ values are case sensitive.
Prompted by Niels Thykier <niels@thykier.net>.
- man: Add references to deb822(5) to file formats based on it.
Prompted by Niels Thykier <niels@thykier.net>.
- man: Clarify config-files state in dpkg(1).
Prompted by Stuart Prescott <stuart@debian.org>.
- man: Fix typos.
- man: Hyphenate multiple words in deb-override(5) format description.
- man: Uppercase acronyms and logic operators.
- man: Empty or whitespace-only lines in deb-conffiles(5) are not accepted.
* Code internals:
- libcompat, dpkg: Stop using deprecated security_context_t data type.
- update-alternatives: Refactor alternative database context freeing into a
new function.
- libdpkg: Do not define the clamp macro when compiling C++ code.
Reported by Helmut Grohne <helmut@subdivi.de>.
- libdpkg: Replace FSF address by pointing to the gnu.org URL.
- libdpkg: Initialize pkgbin's newhash to NULL.
Prompted by Steinar H. Gunderson <sesse@debian.org>.
- libdpkg: Use memset() instead of open-coding struct blanking.
Prompted by Steinar H. Gunderson <sesse@debian.org>.
- Do not call fsys_hash_init() before command actions.
Prompted by Steinar H. Gunderson <sesse@debian.org>.
- libdpkg: Fix m_pipe() function definition prototype to match declaration.
- libdpkg: Refactor new str_rtrim_spaces().
Based on a patch by Niels Thykier <niels@thykier.net>.
- dpkg: Call fsys_hash_find_node() outside tar_fsys_namenode_queue_push().
- Use a conffilename variable to track the actual conffile name in the
buffer.
Thanks to Niels Thykier <niels@thykier.net>.
* Build system:
- Add new gen-changelog tool.
- Pre-process the curses header before parsing it. Closes: #970545
- Fix variable substitution in man pages.
Reported by Niels Thykier <niels@thykier.net>. Closes: #978983
- Add a README.cpan to be installed as README in the CPAN distribution.
- Do not try to use <sys/sysctl.h> on GNU/Linux.
- Fix «make distcheck» for man pages.
- Update GitLab CI configuration to use built-in functional test suite.
- Make it possible to override PKGDATADIR on built scripts too.
- Disable umask to 0 for Docker executor in GitLab CI.
- Disable functional test suite debug mode on GitLab CI.
- Sort po4a entries in po4a.cfg.
* Packaging:
- Do not fail the bug-script if readlink fails. Closes: #968397
- Improve cron file robustness on missing or empty backup files.
Closes: #969472
- Use AUTOPKGTEST_TMP instead of writing into the source tree.
- Hook the functional test suite into autopkgtest.
- Remove trailing comma from lintian profile file.
- Do not hardcode libdpkg-perl dependency on perl:any.
Thanks to Sven Joachim <svenjoac@gmx.de>.
* Test suite:
- Fix short lived memory leaks in unit tests.
- Print the ehandle unit test error output on verbose mode.
- Improve dpkg-divert test to output stdout and stderr.
- Use intermediate variable for directory traversal item iteration.
- Refactor root handling in Dpkg::Path unit tests.
- Refactor test verbose check into an inline function.
- Make it possible to include test.h from benchmarks.
- Disable hash reports in benchmark tests unless verbose.
- Add support for basic test try/catch/finally keywords.
- Merge the dpkg-tests.git repository into tests/.
- Update merged functional test suite assumptions.
- Remove redundant test cases from the functional test suite.
- Remove source package building support from functional test suite.
- When using DPKG_BUILDTREE add scripts/ to DPKG_PATH.
[ Add man pages translations ]
* Portuguese (Américo Monteiro). Closes: #964751
[ Update dselect translations ]
* Dutch (Frans Spiesschaert). Closes: #968294
* French (Didier Vidal). Closes: #964749
[ Update man pages translations ]
* Dutch (Frans Spiesschaert). Closes: #968743
* German (Helge Kreutzmann).
[ Update programs translations ]
* Dutch (Frans Spiesschaert). Closes: #968744
* German (Sven Joachim).
[ Update scripts translations ]
* German (Helge Kreutzmann).
- from version 1.20.5
[ Guillem Jover ]
* Revert change to prefix the specs file spec string self_spec with +
instead of *. The prefix is supposed to go in the text itself
instead of the spec name, which already had it. This change only
apparently fixed the issue at hand because gcc started parsing it as
the «[SUFFIX]:» case, completely disabling the PIE handling.
Thanks to Thorsten Glaser <tg@mirbsd.de>.
* Perl modules:
- Dpkg::Source::Package::V1: Explicitly initialize constructor options to
their implicit values, otherwise other code end up assuming different
defaults. This is required here too as this class does not call the
initialization from its parent.
* Build system:
- Detect the GNU program variants for make, patch and tar in the CPAN
distribution to replace in the Dpkg module.
- Set DEB_BUILD_ARCH to a dummy “amd64†in the CPAN distribution tests
to not require a dpkg(1) in the system.
* Test suite:
- Only print the Dpkg::Path::check_directory_traversal() error on failure.
[ Updated scripts translations ]
* German (Helge Kreutzmann).
- from version 1.20.4
[ Guillem Jover ]
* Improve PIE flags support:
- Prefix the specs file spec string self_spec with + instead of *.
This way we do not override any previous setting, otherwise when
passing the -specs options twice (f.ex. to compile and link), only the
last one will take effect, which can break the build. Closes: #870383
* Perl modules:
- Dpkg::Source::Package: Explicitly initialize constructor options to
their implicit values, otherwise other code end up assuming different
defaults. Closes: #964017
- Dpkg::OpenPGP: Use a temporary directory for the GnuPG homedir in
verify_signature(), to make sure we do not write to the user home
directory, except for the trustkeys.db file if present.
- Dpkg::Path: Refactor new check_directory_traversal() function out of
Dpkg::Source::Package->extract().
- Dpkg::Path: Do not do partial matches for directory traversal checks,
expect a trailing slash after the base directory name.
- Dpkg::Path: Catch uncanonicanizable pathnames with a proper error.
Closes: #964111
- Dpkg::Path: Do not consider missing symlink targets a directory
traversal attempt. Closes: #964234
- Dpkg::Path: Allow /dev/null for directory traversals.
Reported by Holger Levsen <holger@layer-acht.org>.
* Build system:
- Add Module::Signature as configure recommends for CPAN.
* Test suite:
- Use File::Path::make_path() instead of chained mkdir() in Dpkg_Path.t.
- Add unit tests for Dpkg::Path::check_directory_traversal().
[ Updated programs translations ]
* German (Sven Joachim).
- from version 1.20.3
[ Guillem Jover ]
* Perl modules:
- Dpkg::OpenPGP: Pass --no-options to gpg in verify_signature().
Reported by Bertrand Marc <bmarc@debian.org>. Closes: #963839
- Dpkg::Build::Info: Clarify by giving context to the
get_build_env_whitelist() deprecation warning. Closes: #963844
Reported by Sven Joachim <svenjoac@gmx.de>.
- Dpkg::Source::Package: Fix check_original_tarball_signature() to make
import_key() honor require_valid_signature, which should default to
false. Reported by Mattia Rizzolo <mattia@debian.org>.
- Dpkg::OpenPGP: Use a temporary directory for the GnuPG homedir in
import_key(), to make sure we do not write to the user home directory,
which might be read-only or non-existent. Closes: #963944
Reported by Mattia Rizzolo <mattia@debian.org>.
* Code internals:
- libdpkg: Print a notice if we cannot write to the log file.
* Build system:
- Improve error diagnosis for configure version fetching script.
Prompted by Norbert Preining <norbert@preining.info>.
[ Updated programs translations ]
* German (Sven Joachim).
- from version 1.20.2
* dpkg: Do not include the architecture with --robot --version.
* update-alternatives: Create alternatives directory (/etc/alternatives)
if it is missing, to help with installation bootstrapping.
Reported by Johannes Schauer <josch@debian.org>.
* update-alternatives: Create the log directory if it is missing.
* Perl modules:
- Dpkg::Source::Package: Turn the missing expected tarball signature
error into a warning for now, as it is causing unintended fallout,
and does not play nice (yet) with tarballs repackaged by uscan(1).
Closes: #963821
* Code internals:
- update-alternatives: Move log_msg() after make_path() so that we can use
the latter.
- update-alternatives: Add new xstrndup() and xdirname() functions.
* Build system:
- Set SHELL in the test environment.
- Do not fail if po4a is not found, and search for it just once.
- Fix name and section generation for translated man pages. This caused
pod2man to get an empty --name argument and not output anything,
resulting in generating empty man pages. Closes: #963794
* Packaging:
- Sort debian/dpkg-dev.manpages.
- Install deb-src-symbols(5) in dpkg-dev package.
- from version 1.20.1
[ Guillem Jover ]
* Fix dpkg logging regression introduced in 1.20.0:
- libdpkg: Use varbuf member .used instead of .size in log_message(),
to avoid printing garbage.
- libdpkg: Open the log file as write-only instead of read-only.
Thanks to Roderich Schupp <roderich.schupp@gmail.com>. Closes: #953684
* Unify and cleanup Makefile fragment files comments, including information
about version of introduction.
* Add new buildopts.mk Makefile fragment to support parsing DEB_BUILD_OPTIONS
options with arguments, such as “parallel†as DEB_BUILD_OPTION_PARALLEL.
* dpkg-genchanges: Handle empty Date fields from parsed debian/changelog.
Based on a patch by Baptiste BEAUPLAT <lyknode@cilg.org>. Closes: #956321
* dpkg-source: Check that debian/tests/control has the required fields.
Prompted by Felix Lechner <felix.lechner@lease-up.com>.
* dpkg-deb, dpkg: Do not accept relative pathnames in DEBIAN/conffiles.
Reported by Niels Thykier <niels@thykier.net>.
* dpkg-split: Fix off-by-one check in ar header padding, that was making
parsing error out on valid archives. Regression introduced in dpkg 1.18.8.
* libdpkg: Fix error message for ending version character in dependency
parser:
- Move the version unterminated case before the catchall.
- Print the actual wrong character and print what is expected.
* libdpkg: Do not use econtext->errmsg on out of context abort, as it might
be uninitialized.
* update-alternatives: Set the umask to 022 on program start.
Reported by Paul Wise <pabs@debian.org>.
* dpkg-parsechangelog: Fix --show-field for multiline fields. We were not
stripping trailing whitespace, and were not prefixing empty lines with
a ‘.’, like when printing with the field names.
Reported by Paul Wise <pabs@debian.org>.
* dpkg: Add a new --robot option to be used with --version.
* dpkg, dpkg-query: Document missing options in --help output.
* Unify ellipsis formatting in programs --help output.
* Add Protected field support.
* dpkg-realpath: New program, to be used by dpkg-maintscript-helper, and
any maintainer script that needs a realpath that can handle pathnames
relative to the dpkg root directory.
* dpkg-realpath: Add support for DPKG_ROOT.
Thanks to Helmut Grohne <helmut@subdivi.de>.
* dpkg-realpath: Add support for --root and --instdir options.
* dpkg-maintscript-helper: Add support for DPKG_ROOT:
- Add DPKG_ROOT support for conffiles.
Thanks to David Kalnischkies <david@kalnischkies.de>.
- Add DPKG_ROOT support for symlink to and from directory switches.
Based on a patch by Bastien ROUCARIÈS <roucaries.bastien@gmail.com>.
Closes: #832176
* update-alternatives: Add DPKG_ROOT support, and new --root and --instdir
options. Closes: #871808
* Portability:
- libdpkg: When using uselocale(), include <xlocale.h> for locale_t if
the header is available. Needed on BSDs.
Reported by Sirio Balmelli <sirio@b-ad.ch>.
* Perl modules:
- Dpkg: Add a LICENSE section to the POD.
- Dpkg::Source::Package: Add new get_upstream_signing_key() method.
- Dpkg::Source::Package: Check missing expected tarball signatures.
- Dpkg::Source::Package::V1: Check version format matching source format.
- Dpkg::Vendor::Debian: Add debian-nonupload.gpg keyring.
Thanks to Taowa Munene-Tardif <taowa@debian.org>. Closes: #956055
- Dpkg::Vendor::Debian: Detect merged-usr-via-symlinks also with absolute
pathnames. Reported by Adam Borowski <kilobyte@angband.pl>.
- Dpkg::Build::Info: Avoid whitelist in function name.
- Dpkg::Shlibs::SymbolFile: Avoid blacklist and whitelist terms.
* Documentation:
- man: Fix misused two-fonts macros.
Thanks to Bjarni Ingi Gislason <bjarniig@rhi.hi.is>. Closes: #955028
- man: Trim trailing whitespace from output.
Thanks to Bjarni Ingi Gislason <bjarniig@rhi.hi.is>. Closes: #955030
- man: Mention that dpkg(1) does not provide all back-end interfaces.
Prompted by Elana Hashman <ehashman@debian.org>.
- man: Clarify and fix file formats SYNOPSIS.
- man: Clarify that deb-control(5) is a subset of deb-src-control(5).
Closes: #958229
- man: Unify warning and note admonitions formatting.
- man: Remove useless commented out macros.
- man: Fix unbalanced quotes in macro arguments.
- man: Specify the indentation level for all following .IP macros, not
just the first one.
- man: Use .TP macros instead of hand-crafted formatting.
- man: Fix font markup for some variable and literal strings.
- dpkg-maintscript-helper: Add -?, --help and --version to --help output.
- man: Fix apt and aptitude references.
Reported by Helge Kreutzmann <debian@helgefjell.de>.
- man: Mark commands (eval) in bold and quote library names (libgcc).
Reported by Helge Kreutzmann <debian@helgefjell.de>.
- man: Use UTF-8 quotes instead of ancient groff register variables.
- man: Use literal double quotes instead of groff escape sequences.
- man: Clarify that we resolve bug reports not bug report numbers.
Reported by Helge Kreutzmann <debian@helgefjell.de>.
- man: Clarify POSIX shell eval command usage in dpkg-architecture(1).
- man: Use item lists instead of verbatim or hand-crafted formatting.
- man: Do not use verbatim formatting for text that is not an example.
- man: Markup examples explicitly with .EX/.EE.
- man: Fix indentation for a note admonition in dpkg-scansources(1).
- man: Document that a 3.0 (quilt) patch cannot create or modify symlinks.
Thanks to Johannes Schauer <josch@debian.org>.
- man: Reword text to reduce length in verbatim code block.
- man: Add semicolons before verbatim code blocks.
- man: Update dselect methods provided. Several got removed in 1.20.0.
- man: The Installed-Size field does not get its value from du(1) since
1.18.0.
- man: Fix dpkg-gencontrol -P description to not refer to dpkg-source.
Reported by Jakub Wilk <jwilk@jwilk.net>.
- man: Place description of override value column on its own paragraph.
- man: Surround markup within verbatim blocks with .nf/.fi.
- man: Balance font markup.
- man: Do not nest font markup.
- man: Use .ig/.. macros to disable text instead of commenting it out.
- man: Do not mark end of sentence period with bold.
- man: Add a missing comma after man page reference in SEE ALSO section.
- man: Convert man pages from roff to POD.
- man: Clarify the dpkg --no-act admonition.
- man: Avoid whitelist term in dpkg-source man page.
* Code internals:
- Use $() in shell or qx() in perl instead of ``.
- dpkg-split: Switch part number variables from unsigned int to int.
- scripts: Refactor shell error handling into a shell library
- Reformat shell code to follow the coding style.
- update-alternatives: Parametrize option names in output strings.
- update-alternatives: Move logging function close to output functions.
- update-alternatives: Move argument parsing functions close to main().
- update-alternatives: Add general purpose non-failing functions for
administrative directory access.
- update-alternatives: Add filesystem abstraction functions.
* Build system:
- Handle .git being a plain file when getting the dpkg tree version.
- Add debian/changelog as a Changes file to the CPAN distribution.
- Set DPKG_SERIES to 1.20.x when running the functional test suite.
- When using po4a require at least po4a 0.59. Change the po4a --porefs
argument from no longer supported “noline,wrap†to “fileâ€, as wrapping
is the default since po4a 0.58. We require po4a 0.59 as 0.58 had a
regression in its --srcdir support.
- Switch to set the po4a addendum in the po4a_paths section instead of
repeating it for each man page.
- Use po4a conditional addendum support, and remove empty addenda.
- Use po4a mode=eof support in addenda.
- Do not use make prerequisites on suffix rule definitions.
Closes: #961850
- Add man page number suffixes to the automake SUFFIXES variable.
- Update false positive suppressions for cppcheck 2.1.
- Install specifications and API contracts in docdir.
- Add support for switching man pages from roff to POD format.
- Fix shell files substitution for version variable.
* Packaging:
- Switch to debhelper compatibility level 13.
- Remove debian/tmp prefix from manpages debhelper fragment files.
- Handle missing localized man pages gracefully.
- Install AUTHORS, THANKS, usertags, README.api and
README.feature-removal-schedule only in dpkg.deb.
- Rename debian/usertags to debian/README.bug-usertags.
- Install specifications to /usr/share/doc/dpkg/ in the dpkg-dev package.
- Detect merged-usr-via-symlinks also with absolute pathnames in
bug-script. Reported by Adam Borowski <kilobyte@angband.pl>.
* Test suite:
- Rename deb-content test cases to make them more descriptive.
- Skip autogenerated files from codespell.
[ Updated programs translations ]
* German (Sven Joachim).
* Simplified Chinese (Boyuan Yang). Closes: #958437
[ Updated scripts translations ]
* German (Helge Kreutzmann).
[ Updated man pages translations ]
* German (Helge Kreutzmann).
- from version 1.20.0
[ Guillem Jover ]
* libdpkg: Do not generate a backup file for the available database.
Closes: #343578
* perl: Switch Getopt::Long from bundling to bundling_values. This means
the few scripts using Getopt::Long will stop accepting options in the
form «-ab» for «-a -b», which is not future-proof, as it does not allow
these options to get new arguments without making them ambiguous.
* dpkg-buildpackage: Remove transient backwards R³ compatibility code.
* buildtools.mk: Add support for nostrip in DEB_BUILD_OPTIONS when setting
the STRIP variable.
* dpkg-genbuildinfo: Do not include irrelevant packages in the Binary field.
* dpkg: Do not clear selections for unknown packages. Closes: #927752
* dpkg-shlibdeps: Add support for new Build-Depends-Packages, to be able
to specify multiple packages. Closes: #926669
Based on a patch by Frank Schaefer <kelledin@gmail.com>.
* perl: Remove support for versioned GnuPG 2 program and packages.
* libdpkg: Clarify lock contender error message. Print the PID of the lock
contender, and add a warning explaining that removing the lock file is
never the correct solution.
* dpkg-genchanges, dpkg-mergechangelogs: Remove support for ~vola
versioning, as volatile.debian.org was decommissioned some time ago.
* dpkg-genchanges, dpkg-mergechangelogs: Match ~deb also as a backport
marker in versions. Closes: #934980
* libdpkg, dpkg: Use new versiondescribe_c() for non-localizable call sites,
such as when writing to a log, which should not be localized.
Reported by Julien Cristau <jcristau@debian.org>.
* dpkg-query: Try to use the package synopsis from the available file if
not installed. Closes: #43573
* dpkg-gencontrol: Take into account hardlinks when computing the
Installed-Size substvar. Closes: #923475
Patch co-authored with Sven Joachim <svenjoac@gmx.de>.
* dpkg: Fix and clarify behavior for packages marked to be on “holdâ€. These
need to be processed for configuration and triggers. Closes: #926472
* dpkg: Use DPKG_ADMINDIR to set the admindir. Closes: #900071
* dpkg-source: Remove backwards compatibility code for legacy build-profiles.
* perl: Give more context on field parsing errors. Closes: #637060
* dpkg-buildpackage: Add option to sanitize environment. Closes: #843776
* update-alternatives: Cope with a missing administrative directory.
* update-alternatives: Create the administrative directory on demand.
* dpkg-split: Cope with a missing parts/ database directory.
* dpkg-split: Create the parts/ database directory on demand.
* libdpkg: Consider msdbrw_needsuperuser equivalent to msdbrw_write, so
the same checks are performed on normal non --force-not-root operation.
* libdpkg: Add support for bootstrapping the installation of dpkg:
Closes: #914515
- Create the logfile with correct permissions, and remove the code
setting up the logfile from the dpkg postinst.
- Allow missing status and available databases, so that they get created
on write, and remove the code setting them up from the dpkg postinst.
Closes: #647911
- Do not change the ownership of the triggers database directory. Either
we are running as root:root which means the ownership should be correct
already, or we are not which means we cannot change it anyway.
- Create the dpkg database directory on demand.
- Create the updates/ database directory on demand.
- Create the info/ database directory on demand.
* dpkg-architecture: Fix handling of exec failing in --command.
Reported by Helmut Grohne <helmut@subdivi.de>.
* dpkg-buildpackage: Do not accept equal signs as part of the hook names.
Reported by Daniel Shahaf <danielsh@apache.org>. Closes: #948291
* dselect: Mark a string for translation.
* dselect: Cleanup access methods:
- Remove harddisk methods, as they were non-functional due to fdisk
interface changes, and do not make sense anymore as we can expect users
to mount any such filesystem on their own, to then use a filesystem
method instead. Prompted by Helmut Grohne <helmut@subdivi.de>.
- Remove cdrom method superseded by the multi_cd method.
- Remove nfs methods, as there is nothing special about NFS, and mounting
these should just be left to the local admin, who can mount any other
remote filesystem too.
- Remove multi_mount method, as the multi_cd method can take care of
mounting the necessary images or devices.
- Replace changelog with correct copyright in file header.
* dpkg, dselect: Stop using first-person singular in output messages.
* libdpkg: Fix memory leak in parsedb context close.
* buildtools.mk: Add QMAKE variable. Closes: #920878
* po: Fix translation of --compare-versions. Closes: #951614
Thanks to Boyuan Yang <byang@debian.org>.
* Perl modules:
- Dpkg::Source::Package: Verify original tarball signatures at build time.
- Dpkg::BuildFlags: Add new unset() method.
Requested by Daniel Schepler <dschepler@gmail.com>.
- Dpkg::Source::Package::V2: Emit a special patch header on
single-debian-patch. Closes: #933152
- Dpkg::Vendor::Debian: Only scan /usr/local/ directories that exist.
Closes: #932967
- Dpkg::Vendor::Debian: Do not set -Werror=implicit-function-declaration
for C++. Closes: #939969
- Dpkg::Deps: Check for valid virtual package version relations. Do not
allow non-equal version relations in virtual provides. Closes: #930317
- Dpkg: Remove internal lowercase variables $version, $progname,
$admindir, $dpkglibdir and $pkgdatadir.
- Dpkg::Changelog: Remove obsolete methods dpkg() and rfc822().
- Dpkg::Changelog::Entry::Debian: Remove obsolete methods check_header()
and check_trailer(). Hide variables $regex_header and $regex_trailer.
- Dpkg::Changelog::Parse: Remove warnings of obsolete options forceplugin
and libdir. Remove obsolete functions changelog_parse_debian() and
changelog_parse_plugin().
- Dpkg::Compression: Hide internal lowercase variables
$default_compression, $default_compression_level and
$compression_re_file_ext.
- Dpkg::Deps::KnownFacts: Remove obsolete check_package() method.
- Dpkg::Exit: Hide internal lowercase @handlers variable.
- Dpkg::Gettext: Remove obsolete _g() function.
- Dpkg::Source::Package: Hide internal lowercase variable
@tar_ignore_default_pattern. Remove internal lowercase variable alias
$diff_ignore_default_regexp.
- Dpkg::Substvars: Remove obsolete no_warn() method.
- Dpkg::Index: Change default value for unique_tuple_key to 1.
- Dpkg::Version: Remove deprecation warning from semantic change in
bool overload.
- Dpkg::Checksums: Remove obsolete 'program' property warning.
- Dpkg::Conf: Remove obsolete methods and obsolete croak for method option.
- Dpkg::Vendor: Remove obsolete 'keyrings' hook.
- Dpkg::Exit: Unregister all signal handlers once we have executed them.
Closes: #932841
- Dpkg::Exit: Register exit handlers also for __DIE__.
- Dpkg::Source::Package::V3::Native: Do not say v1.0 for 3.0 formats.
- Dpkg::Dist::Files: On filename parse error say file instead of package.
- Dpkg::Substvars: Add new vendor:Name and vendor:Id substvars.
- Dpkg::Source::Package: Detect directory traversals under debian
directory. Reported by Felix Lechner <felix.lechner@lease-up.com>.
* Documentation:
- man: Fix uncommon wording constructs.
- man: Use a minus sign for a literal string.
- man: Clarify that the pager is called via «$SHELL -c».
- dpkg-shlibdeps: Document split_soname() function.
Prompted by Christopher Crim <christopher.crim@quoininc.com>.
- Dpkg::Changelog: Document methods provided by subclasses.
Reported by Felix Lechner <felix.lechner@lease-up.com>.
- man: Globally adjust left and disable hyphenation.
- man: Split dselect(1) --color from --colour option items.
- man: Describe the SONAME formats supported in deb-shlibs(5).
- man: Move template symbol documentation into new deb-src-symbols(5).
- Dpkg::Changelog::Parse: Remove $ sigil from option names in POD.
- Dpkg: Say class instead of object when appropriate.
- Dpkg::Changelog: Clarify that these classes inherit from some other
base class, which will contain the missing documentation.
Prompted by intrigeri <intrigeri@debian.org>.
- man: Clarify deb-changelog(5) format. Closes: #946780
- man: Clarify debian/source/include-binaries format in dpkg-source(1).
Prompted by Felix Lechner <felix.lechner@lease-up.com>.
- man, doc: Clarify that the postinst "triggered" argument gets the
trigger-name(s) as a space-separated list in the second argument.
Prompted by Michael Biebl <biebl@debian.org>.
- dselect: Update the multicd README file.
- doc, man: Mark T and I package instances to avoid misreadings.
* Code internals:
- Dpkg::Source::Package: Refactor original tarball handling.
- perl: Use File::Copy instead of spawning mv/cp commands.
- Dpkg::OpenPGP: Refactor signature verification into a new function.
- Dpkg::OpenPGP: Make it possible to verify detached signatures.
- Dpkg::OpenPGP: Add support for importing an OpenPGP key into a keyring.
- Dpkg::BuildFlags: Remove unused hash keys.
- libdpkg: Use the variable instead of a type as sizeof() argument.
- libdpkg: Use the totalwritten variable for a consistency check.
- dselect: Reduce scope of variable, to avoid it being unused in a branch.
- dpkg-deb: Fold two adjacent if conditionals into a single one.
- dpkg: Initialize flagdeppossi in check_conflict().
- libdpkg: Add new C locale switch over support.
- libdpkg: Add new versiondescribe_c() to force a C locale.
- dselect: Make baselist::draw_column_*() col arguments const.
- libdpkg: Use p instead of name in dpkg_arch_name_is_illegal().
- dpkg: Remove redundant condition for sourcefile in updateavailable().
- dpkg, update-alternatives: Make variables static.
- libdpkg: Add missing symbols to the version map.
- libdpkg: Fix fiemap memory layout usage that confuses gcc 10 to emit a
warning.
- libdpkg: Only use varbuf_printf() in pkg_format_show() when necessary.
This should speed up «dpkg-query --show» formatting.
- libdpkg: Fix package format string to be a string literal.
This suppresses a gcc warning.
- dpkg: Fix short lived memory leak in --force-help handling.
- dpkg-split: Fix short lived file descriptor leak in --auto.
- start-stop-daemon: Explicitly ignore unimportant function return values.
- start-stop-daemon: Fix memory leak on multiple --chuid arguments.
- start-stop-daemon: Close the notification socket in the child.
- libdpkg: Fix memory leaks in zlib and bz2 decompression functions.
- libdpkg: Add new dir_make_path() and dir_make_path_parent() functions.
- libdpkg: Add new atomic file flag to create the base path when missing.
- libdpkg: Fix modstatdb_rw enum comments.
- libdpkg, dpkg-query: Optimize db-fsys:Files virtual variable loading.
We load either the entire db-fsys for all packages, possibly optimized
per platform (such as by using fiemap), or the specific ones for the
requested packages. This also fixes a problematic cast removing the
constness of a variable.
- Dpkg::Dist::Files: Document the two filename pattern formats.
- update-alternatives: Remove redundant condition in argument parser.
- update-alternatives: Move error context setup before calling setjmp(),
so that cppcheck stops being confused.
- test: Reformat 200_Dpkg_Shlibs.cpp for coding style conformance.
- dpkg: Make it possible for the compiler to check printf() format
string arguments on dependency printer.
- dselect: Reorder branches in packagelist::deselect_one_of so that they
are not duplicated.
- dselect: Use nullptr instead of NULL.
- dselect: Use static_cast<> instead of old-style type qualifier cast.
- dselect: Do not use unnecessary old-style casts.
- dselect: Fix variable types to avoid needing old-style casts.
- libcompat: Disarm libselinux setexecfilecon() declaration for
libcompat-test.
- libdpkg: Define new VARBUF_OBJECT macro.
- libdpkg: Add new ATOMIC_FILE_NORMAL enum value to avoid a cast in C++.
- libdpkg: Use a new DPKG_NULL macro that works in C and C++.
- libdpkg: Use a new DPKG_STATIC_CAST macro that works in C and C++.
- libdpkg: Move printing of errno into dpkg_error_set().
- libdpkg: Use a varbuf to store the problem messages per parsedb context.
- libdpkg: Fix Doxygen comments.
* Build system:
- Bump minimal Perl version to 5.24.1.
- Add a serial versioning to the m4 files.
- Install m4 files into system aclocal directory.
- Bump minimal gettext version to 0.19.8, to get the m4 files that can
cross-build for musl-based systems.
- Enable more compiler warnings.
- Update Doxygen configuration from version 1.8.16.
* Packaging:
- Remove obsolete Breaks satisfied since oldstable.
- Replace custom rule for 'configure' with call to dh_autoreconf.
Thanks to Dan Streetman <ddstreet@canonical.com>. Closes: #939516
- dselect: Remove methods state files on purge.
Spotted by Sven Joachim <svenjoac@gmx.de>.
- Switch to debhelper compatibility level 12.
- Switch from debian/compat to debhelper-commpat in Build-Depends.
- Bump Standards-Version to 4.5.0 (no changes required).
* Test suite:
- Remove perlcritic Documentation::RequirePodLinksIncludeText suppression.
- Clarify cppcheck va_list_usedBeforeStarted suppression.
- Skip build directories from codespell check.
- Update stopwords for codespell 1.16.0.
- Suppress new bogus cppcheck 1.90 false positives.
- libdpkg: Remove redundant assignment in t-ehandle unit test.
- Skip backup files from codespell check.
- Ignore python-3.8 runtime warnings in codespell.
[ Updated programs translations ]
* German (Sven Joachim).
* Portuguese (Miguel Figueiredo). Closes: #935695
* Simplified Chinese (Mo Zhou). Closes: #942195, #945776
[ Updated dselect translations ]
* German (Sven Joachim).
[ Updated scripts translations ]
* German (Helge Kreutzmann).
[ Updated man pages translations ]
* German (Helge Kreutzmann). Closes: #931135
- from version 1.19.7
[ Guillem Jover ]
* dpkg: Fix off-by-one error in dpkg --abort-error. Closes: #924886
Thanks to Tom Goulet <tomg@sentex.ca>.
* dpkg: Set the force defaults before loading the config file, otherwise we
incorrectly override them. Regression introduced in dpkg 1.19.5.
Closes: #928671
* dpkg: Split the trigger dependtry into two, the second of which will be
the one checking trigger cycles when deferring trigger processing due to
unsatisfiable dependencies. Closes: #928429
* dpkg-deb: Validate ar member magic before normalizing any of its fields.
* dpkg-deb: Honor --nocheck when building packages with newlines in
filenames. Regression introduced in dpkg 1.18.1. Closes: #929727
* Documentation:
- rootless-builds.txt: Expand what the builder means. Mention the
dpkg-deb option to use to set the owner and group to root. And reword
the prototyping section to be less confusing with what is currently
implemented. Closes: #929019
- README: Clarify when autopoint is needed. Closes: #929601
- Fix typos in docs and output strings. Warned by codespell.
[ Updated programs translations ]
* Catalan (Guillem Jover).
[ Updated dselect translations ]
* Catalan (Guillem Jover).
[ Updated scripts translations ]
* Catalan (Guillem Jover).
[ Updated man pages translations ]
* Dutch (Frans Spiesschaert). Closes: #926665
* French (Jean-Pierre Giraud). Closes: #929664
- from version 1.19.6
[ Guillem Jover ]
* libdpkg: Add a new TAR_FORMAT_UNKNOWN enum value.
* libdpkg: Set tar_entry to zero on tar_entry_destroy(), to avoid double
free()s and the subsequent crashes.
* libdpkg: Handle non end-of-tape errors from tar_header_decode().
* libdpkg: Use ERANGE instead of EINVAL for tar_atol8() out-of-range error.
* dpkg-gencontrol: Check presence of package build dir before traversing it.
* Perl modules:
- Dpkg::Source::Package::V1: Change default build option style to -sa.
Using -sA by default means the user might lose data on overwrite if
there is already a directory with the same name laying around.
Closes: #910737
- Dpkg::Source::Package: Handle Format field being undefined. On source
format 1.0, the default is for the debian/source/format file not being
present, which means we'll start with an empty Format field name.
Regression introduced in dpkg 1.19.3.
* Packaging:
- Update usertags.
- Install a lintian profile for dpkg based on the debian profile, so that
we can suppress Debian-specific tags, such as the controversial one on
vendor-specific patch series files.
- Add Breaks on lsb-base due to start-stop-daemon exposing breakage in
the killproc function from /lib/lsb/init-functions. Closes: #923861
* Test suite:
- Stop requiring (pseudo-)root in the functional test suite.
- Export and move TESTDATA definition close to the PATH definition.
- Quote the 'yes' command to make a comment clearer.
[ Updated programs translations ]
* Dutch (Frans Spiesschaert). Closes: #924776
[ Updated scripts translations ]
* German (Helge Kreutzmann).
[ Updated man pages translations ]
* Dutch (Frans Spiesschaert). Closes: #924777
* German (Helge Kreutzmann).
- from version 1.19.5
[ Guillem Jover ]
* start-stop-daemon: Make sure that we get a meaningful errno on
parse_unsigned(), so that the error messages always make sense.
* start-stop-daemon: Add new fatalv() and fatale() functions and use the
latter for system errors, so that we are explicit on whether we want to
use errno for error reporting or not.
* start-stop-daemon: Always refuse to parse a world-writable pidfile,
except when that is /dev/null.
* dpkg: Print the current set of enabled force options on --force-help.
* dpkg: Parse and set new DPKG_FORCE environment variable for subprocesses.
Closes: #666147
* dpkg-statoverride: Add support for --force-* options.
* dpkg-statoverride: Switch from --force option to new --force-<thing>
options. Deprecate --force option which will be considered an alias for
- -force-all for now.
* dpkg, dpkg-statoverride: Add new option --refuse-security-mac to control
SELinux. See #811037.
* dpkg: Clarify error on unknown system user/group in statoverride database.
Closes: #920880
* dpkg-buildpackage: Clarify the warning/error on short OpenPGP key IDs.
Closes: #922039
* dpkg-maintscript-helper: Restrict find for dir-to-symlink move to
- maxdepth 1. Thanks to Ralf Treinen <treinen@free.fr>. Closes: #922799
* dpkg-genbuildinfo: Add support for a new Build-Tainted-By field in
.buildinfo files. Suggested by Alexander E. Patrakov <patrakov@gmail.com>.
* libdpkg: Clarify field names in error and warning messages.
* libdpkg: Optimize error handling. Move the error reporting outside the
involved functions so that we do not need to call gettext if there is no
error, which has a significant performance cost.
* libdpkg: Merge nicknames table into fieldinfos, to stop penalizing the
lookup of non-obsolete fieldnames.
* libdpkg: Print a more accurate warning for Revision nicknames.
* libdpkg: Increase the pkg-hash bins size to 65521, to improve hash table
performance at the cost of a bit more memory usage.
* libdpkg: Blank packages that are not-installed with unknown selection.
Closes: #922410
* libdpkg, dpkg: Print the dpkg database directory on access errors.
Closes: #883700
* Perl modules:
- Dpkg::Vendor::Debian: Add support for merged-usr-via-symlinks tainted
tag. Suggested by Alexander E. Patrakov <patrakov@gmail.com>.
- Dpkg::Vendor::Debian: Add support for usr-local-has-* tainted tags.
- Dpkg::Source::Package: Add a missing use Dpkg::Source::Format.
Diagnosed by Ian Jackson <ijackson@chiark.greenend.org.uk>.
Closes: #921031
* Documentation:
- start-stop-daemon(1): Document behavior of --pidfile security checks.
Closes: #921557
- dpkg(1): Document the unknown selection state. Closes: #922407
* Code internals:
- dpkg: Move SELinux fallback label to the SELinux specific code path.
- dpkg: Simplify maintscript_set_exec_context().
- dpkg: Move force options support into its own file.
- dpkg: Do not hardcode the program name in the --force-help output.
- dpkg: Switch force options from individual variables to bit fields.
- dpkg: Switch from a char to an enum to track the force options types.
- dpkg: Switch to set the default force option from the forceinfos array.
- libdpkg: New benchmark programs and infrastructure.
- libdpkg: Add new dpkg_error_move() function.
- libdpkg: Add new dpkg_has_error() function.
- libdpkg: Move status names from parse errors to arguments.
- libdpkg: Use va_arg copy instead of the original on a vasprintf() call.
- libdpkg: Include <string.h> in pager.c.
Reported by Y <sevener@cock.li>. Closes: #922212
- libdpkg: Use pkg_set_want() instead of a direct assignment.
* Build system:
- Check whether this dist is a release, based only on the version format.
This will avoid having to do a two staged release to get a proper perl
distribution tarball.
* Packaging:
- autopkgtest: Add file to Depends fields.
- autopkgtest: Clarify behavior on root/non-root requirement.
- Bump Standards-Version to 4.3.0 (no changes required).
- Remove now unused assert usertag description.
- Remove trailing whitespace from changelog.
- Remove Origin and Bugs fields from control file.
- Include a bug-script to report on tainted merged-usr-via-symlinks.
* Test suite:
- libdpkg: Fix unit test for file_slurp(). Closes: #920974
Diagnosed by Frank Schaefer <kelledin@gmail.com>.
[ Updated programs translations ]
* Dutch (Frans Spiesschaert). Closes: #921942
* German (Sven Joachim).
* Simplified Chinese (Zhou Mo). Closes: #920972
[ Updated scripts translations ]
* German (Helge Kreutzmann).
[ Updated man pages translations ]
* Dutch (Frans Spiesschaert). Closes: #921943
* French (Jean-Pierre Giraud). Closes: #920905
* German (Helge Kreutzmann).
- from version 1.19.4
* start-stop-daemon: Do not sanity check the pidfile when it is specified as
/dev/null, as that implies the caller wants to start the program no matter
what. Closes: #920242
* Portability:
- start-stop-daemon: Only use SO_PASSCRED if defined. Fixes build failure
at least on GNU/Hurd.
* Packaging:
- autopkgtest: Pass --disable-nls and --disable-dselect to configure.
- autopkgtest: Change Depends to «build-essential, autoconf, pkg-config».
- from version 1.19.3
[ Guillem Jover ]
* dpkg-source: Stop filtering @builddeps@ from Testsuite-Triggers field.
Closes: #910734
* dpkg-genchanges: Only reference binary packages being uploaded, which
means that for a source-only upload, the Binary and Description fields
should be empty. Closes: #818618
* dpkg-scanpackages: Do not compute unnecessary checksums when using the
- -hash argument. Based on a patch by Chris Lamb <lamby@debian.org>.
Closes: #916456
* dpkg-scanpackages: Emit a warning with the list of repeat packages.
Prompted by Johannes Schauer <josch@debian.org>.
* start-stop-daemon: Check whether standalone --pidfile use is secure.
Prompted by Michael Orlitzky <michael@orlitzky.com>.
* start-stop-daemon: Print complete verbose lines, instead of partial lines
with no newlines and a final print with a newline.
* start-stop-daemon: Add new --notify-await and --notify-timeout options,
which implement the systemd readiness protocol for services.
Closes: #910707
* update-alternatives: Add new --debug option.
* update-alternatives: Fix removal of obsolete slaves from the linked list.
Reported by Andreas Beckmann <anbe@debian.org>. Closes: #916799
* vendor.mk: Fix dpkg_vendor_derives_from macro documentation.
Thanks to Colin Watson <cjwatson@debian.org>. Closes: #913816
* vendor.mk: Add support for an improved dpkg_vendor_derives_from macro.
Version the macros so that both can be used, and default the unversioned
one to the version 0 macro.
* dpkg: Mark the package we are giving up on a trigger cycle as "istobe"
normal, so that the dependency checks know they cannot expect this package
to be processed anymore. Otherwise we ended up never detecting that we
were not making progress, as we expected to process this package at a later
point, when that would never happen anymore. This then was causing asserts
in the process queue loop. Closes: #901127, #910819
* dpkg: Reset progress_bytrigproc once we have injected it into the current
package process queue iteration, so that we do not keep trying to process
it, which might end up generating artificial trigger cycles, if
dependencies are not satisfied yet.
* dpkg: Convert one trigger processing required type into the new try-queued
one, so that we stop skipping unsatisfiable dependency checks.
* dpkg: Move trigproc cycle reset inside try-deferred conditional. We should
only reset the cycle detection in case we are not bailing out from the
processing with an error, otherwise we could come back to this package and
detect an artificial trigger cycle.
* dpkg: Introduce a new dependency try level for trigger processing. This
completely defers trigger processing until after the dependency cycle
breaking level, so to avoid generating artificial trigger cycles, when we
end up trying to process triggers with yet unsatisifiable dependencies.
Closes: #810724, #854478, #911620
* dpkg: Fix --help output, to clarify which arguments are optional.
* libdpkg: Add proper tar error handling. This makes the tar extractor
track and report back parse errors, so that we can give more descriptive
messages.
* libdpkg: Detect unsupported tar entry types to give better error messages.
* libdpkg: Add new db-fsys:Files and db-fsys:Last-Modified virtual fields.
* Perl modules:
- Dpkg::Changelog::Debian: Preserve modelines at EOF. Closes: #916056
Thanks to Chris Lamb <lamby@debian.org> for initial test cases.
- Dpkg::File: Make file_slurp() also accept pathnames in addition to
filehandles.
- Dpkg::Vendor::Ubuntu: Fix buildflags override after default setting move.
Based on a patch by Iain Lane <laney@ubuntu.com> and
Adam Conrad <adconrad@ubuntu.com>. Closes: #915881
- Dpkg::Shlibs::Objdump: Remove unused Dpkg::IPC import.
- Dpkg::Shlibs::Objdump: Only select objdump program when going to use it.
- Dpkg::Source::Package: Do not reinitialize fields member in constructor.
- Dpkg::Source::Patch: Do not recommend --include-removal when not
supported. Closes: #913012
- Dpkg::Source::Package::V3::Bzr: Fix format name in output message.
- Dpkg::Source::Package: Add a new format option to the new constructor.
Prompted by James McCoy <jamesan@debian.org>.
- Dpkg::Source::Package: Improve debian/source/format parsing and
validation.
- Dpkg::Source::Format: New public module.
Prompted by Mattia Rizzolo <mattia@debian.org>.
* Documentation:
- dpkg(1): Clarify --remove action. Closes: #914478
- dpkg-query(1): Clarify --list option behavior when no arguments are
specified. Closes: #917098
- deb-control(5): Clarify by adding a reference to deb-src-control(5) and
removing an invalid comment in the example.
Prompted by Helmut Grohne <helmut@subdivi.de>.
- dpkg(1): Clarify databases used by --yet-to-unpack and --predep-package.
Prompted by Johannes Schauer <josch@debian.org>.
- Clarify character classes for various formats in man pages, by
explicitly listing the character ranges within parenthesis.
Prompted by Ian Jackson <ijackson@chiark.greenend.org.uk>.
- dpkg-query(1): Document the version introducing the -f option.
- dpkg-architecture(1): Add reference to the TERMS section in the
VARIABLES section. Prompted by Axel Beckert <abe@debian.org>.
- Fix POD for Dpkg::Interface::Storable derived method implementations.
- Dpkg::Deps::Simple(3): Fix POD signature for new constructor.
* Code internals:
- dpkg-maintscript-helper: Use an explicit escape instead of a literal
backslash.
- Quote shell variables. Reported by Johannes Schauer <josch@debian.org>.
- Switch perl code to use the new Dpkg::Source::Format module.
- dpkg-source: Move source format selection earlier in the build.
- dpkg-source: Use new format argument for Dpkg::Source::Package->new().
- dpkg-shlibdeps: Remove unused variable.
- dpkg-scanpackages: Unroll a single iteration loop.
- start-stop-daemon: Compare foundany against 0 instead of treating it
like a boolean.
- start-stop-daemon: Switch code to use new info() and debug() functions.
- update-alternatives: Use enums for actions instead of strings.
- update-alternatives: Switch verbose selection into an enum.
- dpkg: Negate tortoise_not_in_hare() function name and return value.
- dpkg: Initialize trigcyclenode's next member once.
- dpkg: Use common pattern of assigning as an iterator.
- dpkg: Factor trigproc_new_cyclenode() out from check_trigger_cycle().
- dpkg: Switch dependtry from an int to an enum.
- dpkg: Move dependtry description from deferred_configure() to its
declaration.
- dpkg: Split trigger processing types into required, try-queued and
try-deferred.
- dpkg-query: Rename variable to avoid shadowing a local function.
- When allocating use the variable instead of the type in sizeof().
- dselect: Rename variable r to pkgbin.
- libdpkg, dpkg: Rename r variables to fnn.
- libdpkg: Rename ret variable to next.
- libdpkg: Cleanup fsys module symbol names.
- libdpkg: Rename pkg_db symbols to pkg_hash.
- libdpkg: Add new warning printer setter function.
Prompted by Julian Andres Klode <jak@debian.org>.
- libdpkg: Add new DPKG_ERROR_OBJECT macro.
* Build system:
- get-version: Use a format string with printf.
- run-script: Use $() instead of deprecated ``.
- run-script: Remove unused PERL_PROFILE variable, PERL5OPT can be used
instead, and does not require leaving an unquoted variable around.
- run-script: Add «set -e».
- Build.PL: Set environment variables only for CPAN tests.
- Build.PL: Set locale for CPAN tests to C. Fixes CPAN#127314.
- configure: Split AM_INIT_AUTOMAKE arguments into different lines.
* Packaging:
- Bump Standards-Version to 4.2.1 (no changes needed).
- Switch to debhelper compatibility level 11.
- Create the log file in postinst only if it does not exist.
Prompted by Johannes Schauer <josch@debian.org>.
- Add superficial autopkgtest functional tests.
* Test suite:
- Add new shellcheck author test.
- Add descriptions for the shellcheck exclude codes.
- Update cppcheck suppressions.
[ Updated programs translations ]
* Dutch (Frans Spiesschaert). Closes: #912023
* German (Sven Joachim).
* Italian (Milo Casagrande). Closes: #915610
* Portuguese (Miguel Figueiredo). Closes: #917813
* Simplified Chinese (Zhou Mo). Closes: #919040
[ Updated scripts translations ]
* German (Helge Kreutzmann).
[ Updated man pages translations ]
* Dutch (Frans Spiesschaert). Closes: #912024
* German (Helge Kreutzmann).
- from version 1.19.2
[ Guillem Jover ]
* dpkg: Fix --force-not-root for chown() and chmod() based syscalls, and
give a more meaningful error message on chroot(). Closes: #614126
* dpkg-divert, dpkg-statoverride: Add new --instdir and --root options,
and make the commands honor the DPKG_ROOT environment variable.
Closes: #487108
* libdpkg: Call the pager with «$SHELL -c» to respect POSIX. Closes: #910009
* libdpkg: Do not spawn a pager if we are going to call «cat».
* libdpkg: Honor DPKG_PAGER when spawning a pager.
Suggested by Craig Sanders <cas@taz.net.au>.
* libdpkg: Set LESS to “-FRSXMQ†if not already set, when spawning a pager.
* libdpkg: Ignore SIGPIPE when setting up a pager, and then ignore EPIPE
errors when writing to stdout, otherwise if we quit the pager early, the
program will exit with an error code.
* libdpkg: Set stdout to be fully buffered when using a pager.
* dpkg, dpkg-query: Add new --no-pager option. For dpkg this is also a
configuration option. Closes: #909754
* Perl modules:
- Dpkg::OpenPGP: Ignore Version field in enarmored output.
Fixes CPAN#127217.
- Dpkg::OpenPGP: Do not read the gpg user configuration file.
- Dpkg::Source::Functions: Reimplement is_binary() w/o using diff(1).
- Dpkg::Source::Package::V2: Split the BinaryFiles module into its own
file, and give it a more generic name (Dpkg::Source::BinaryFiles).
- Dpkg::Source::Package::V2: Move binary file detection to BinaryFiles
module.
* Documentation:
- dpkg-buildpackage(1): Clarify --build=source explanation.
- dsc(5): Clarify what “flattened†means in Testsuite-Triggers.
Prompted by Mattia Rizzolo <mattia@debian.org>.
- dsc(5): Add a reference to where the source formats are described.
Prompted by Manuel A. Fernandez Montecelo <mafm@debian.org>.
- dpkg-source(1): Improve documentation on vendor-specific series files.
- deb-control(5): Document Build-Ids field.
Prompted by Stuart Prescott <stuart@debian.org>.
- dpkg(1): Clarify which fields are affected by dependency options.
Prompted by James Clarke <jrtc27@debian.org>.
- dpkg-query(1): Document the PAGER environment variable usage.
- Dpkg(1): Add POD documentation about the module hierarchy and API.
* Code internals:
- dpkg-split: Use nfstrnsave() instead of nfmalloc() + memcpy().
- libdpkg: Add new fsys-dir module.
- libdpkg: Pass the file contents to the pager instead of the filename.
- libdpkg: Add a pager kill switch, so that it can be forcefully disabled.
* Build system:
- Distribute a LICENSE file on CPAN.
- Do not make the Build.PL script executable.
- Generalize PACKAGE_CPAN_SIGN by setting PACKAGE_DIST_IS_RELEASE instead.
- Add a release_status key to the CPAN metadata.
- Fix typo in CPAN recommends key.
- Improve test and author CPAN dependencies.
* Packaging:
- Break libapt-pkg5.0 instead of apt. Closes: #909959
Analysis by Sven Joachim <svenjoac@gmx.de>.
* Test suite:
- Skip version checks involving «dpkg --compare-versions» if not available.
This is relevant on CPAN or on non-dpkg-based systems.
[ Updated programs translations ]
* Polish (Åukasz Dulny).
[ Updated man pages translations ]
* German (Helge Kreutzmann).
- from version 1.19.1
[ Guillem Jover ]
* Fix logic in dpkg-buildpackage to decide whether to run build targets,
which broke tons of packages that are violating Debian policy MUSTs.
Thanks to James Clarke <jrtc27@debian.org>. Closes: #878899
* Do not try to recompute hashes for the .dsc file when signing binary-only
builds in dpkg-buildpackage. Reported by Ximin Luo <infinity0@debian.org>.
* Pass the correct source stanza to the dpkg-buildpackage code parsing the
Rules-Requires-Root field. This meant the field was being ignored.
* Run dpkg-source directly from the current working directory in
dpkg-buildpackage, instead of changing directory back and forth.
* Setup and check rootcommand in dpkg-buildpackage only if it is going to
be needed. Reported by Niels Thykier <niels@thykier.net>.
* Add color support to dpkg-maintscript-helper (a shell script).
* Fix warning by including <sys/sysmacros.h> for makedev() in libdpkg.
* Fix directory traversal with dpkg-deb --raw-extract, by guaranteeing
that the DEBIAN pathname does not exist. Closes: #879982
Reported by Jakub Wilk <jwilk@jwilk.net>.
* Add new AS, STRIP, OBJCOPY, OBJDUMP, NM, AR and RANLIB buildtools
variables to buildtools.mk. Prompted by Helmut Grohne <helmut@subdivi.de>.
* Restore rejecting negated architectures in Architecture field in
dpkg-gencontrol and dpkg-genchanges. Regression introduced in dpkg 1.18.5.
* Fix dpkg-gensymbols to print "error" instead of "warning" when these
are fatal. Closes: #881488
* Rename DPKG_GAIN_ROOT_CMD to DEB_GAIN_ROOT_CMD in the R³ support, as
the variable is expected to be set by any builder, not just dpkg. And
introduce ephemeral backwards compatibility even though there are no
known users.
* Do not set DEB_GAIN_ROOT_CMD in dpkg-buildpackage when the R³ value is
<implementations-keywords>, following the specification.
* Specify that DEB_GAIN_ROOT_CMD in R³ should preserve the environment.
Proposed by Josh Triplett <josh@joshtriplett.org>.
* Specify new DEB_RULES_REQUIRES_ROOT variable for R³ support.
* Add new --rules-requires-root option to dpkg-buildpackage.
* Declare R³ specification as "recommendation, stable" with version 1.0.
* Export architecture variables by default from architecture.mk, as
documented in dpkg-architecture(1). Closes: #888964
Thanks to Jack Bates <wdz7eo@nottheoilrig.com>
* Increment the line number on dpkg --set-selections on unknown packages.
Reported by Heinz Repp <heinz.repp@arcor.de>. Closes: #888983
* Switch a DEBIAN/conffile parsing assert() in dpkg due to empty lines
into an ohshit(), because this is really a run-time error.
* Fix assert() in dselect to expect the method lock file descriptor to be
initialized, instead of non-zero.
* Switch a fatal() call in start-stop-daemon into the new BUG() macro,
because it is really an internal error.
* Switch all assert() calls (except in update-alternatives) into internerr()
or BUG() calls, to get way better reporting with variable contents and
descriptions, and to make them always present independent of NDEBUG.
* Add a new --no-rename option to dpkg-divert. This is the current default
behavior, but it will make it possible to do a default switch in 1.20.x.
* Warn when using dpkg-divert --add or --remove w/o --rename or --no-rename.
* Warn when using dpkg-divert --rename on a file from an Essential package.
* Use a single “struct filenamenode†definition for the entire code base.
Closes: #746766
* Add support for frontend locking. This makes it possible for frontends
using this new protocol, to safely lock the dpkg database w/o risk of
race conditions with other dpkg instances or frontends supporting the
same protocol. Thanks to Julian Andres Klode <jak@debian.org>.
Closes: #850417, #851984
* Do not emit perl warnings in dpkg-source --help on source formats w/o
options.
* Make dpkg-buildpackage validate OpenPGP signing key IDs length. Error out
for short key IDs and warn for long key IDs.
* On the dpkg conffile prompt, print the set of environment variables setup
for the conffile shell, for easier discoverability.
* Fix dpkg-buildpackage option --rules-file parsing. It was trying to parse
it as --rules-target, which due to the ordering was a no-op.
* Only check for fallback build targets presence on binary builds in
dpkg-buildpackage.
* Only check required build dependencies for known targets specified with
dpkg-buildpackage --rules-target option.
Reported by Johannes Schauer <josch@debian.org>.
* Track package status dirtiness in dpkg to only log and report in status-fd
when it has changed, removing duplication in output. Closes: #365921
* Use Synopsis instead of Summary for the short Description, to unify the
nomenclature and to make it more descriptive. Add a new binary:Synopsis
virtual field to dpkg-query show format.
* Add new dpkg-buildpackage --no-post-clean option, to be able to explicitly
select the current default behavior.
* Dump database package records in alphabetical order. This will give
reproducible status and available database files, and make it possible
to output other deb822 formatted data in a deterministic way.
* Require both standard input and output to be connected to a terminal to
use a pager.
* Run dpkg-query --list output through a pager if we are on a terminal,
instead of truncating it, to avoid data loss. Closes: #898603
* Fix use after free in dpkg maintainer script handling. Regression
introduced in dpkg 1.19.0.
* Flush output for dpkg-query --status, --print-avail and --listfiles at
the end, instead of after each stanza.
* Add support for dumping all dpkg-query --status and --print-avail records
from the database when no arguments are specified. Closes: #616342
* Add new dpkg-gensymbols -l option to avoid having to abuse LD_LIBRARY_PATH
for cross-build paths.
* Check that DPKG_MAINTSCRIPT_PACKAGE is defined in dpkg-maintscript-helper.
Closes: #907772
* Switch dpkg-gencontrol and dpkg-genchanges to track automatically
generated artifacts by using the Auto-Built-Package field from the binary
package instead of hardcoding package name patterns (such as «-dbgsym$»).
* Add new --reverse option to dpkg-parsechangelog, to list the changelog
entries in reverse order.
* Architecture support:
- Add support for riscv64 CPU. Closes: #822914
Thanks to Manuel A. Fernandez Montecelo <mafm@debian.org>
- Document the purpose and columns in the tupletable file.
* Portability:
- Add libcompat md5 module to the libcompat-test library, so that we
always make sure it builds, even when we use an external implementation.
- Convert libcompat md5 module to use C99 int types, instead of mapping
them from the BSD types at configure time.
- Use MD5_CTX instead of struct MD5Context, as the prevalent more portable
type on system's <md5.h> headers.
- Check for ldconfig command in dpkg only on platforms that do have it.
- Fix file descriptor leak in start-stop-daemon on AIX.
- libcompat: Add new strchrnul() implementation.
* Perl modules:
- Dpkg::Source::Package::V1: Check that $tarname is defined before use.
Thanks to Christoph Biedl <debian.axhn@manchmal.in-ulm.de>.
Closes: #879124
- Dpkg::Vendor::Debian: Use proper %use_feature key. This was causing perl
errors on paths not accepted for fixdebugpath.
Reported by Mattia Rizzolo <mattia@debian.org>, on IRC. Closes: #881051
- Dpkg::Changelog: Print versions for incorrect changelog range warnings.
Thanks to Paul Wise <pabs@debian.org>.
- Dpkg::Shlibs::SymbolFile: Check that $state->{seen} exists instead of
$state being just defined. Fixes regression in dpkg-gensymbols symbols
output. Thanks to Dmitry Shachnev <mitya57@debian.org>. Closes: #880166
- Dpkg::Arch: Add new positive options argument to arch validators.
- Dpkg::Vendor::Debian: Mark hurd-i386 as having gcc builtin PIE.
Requested by Samuel Thibault <sthibault@debian.org>.
- Dpkg::Source::Package::V2: Print one building line per existing tarball.
- Dpkg::Source::Package: Print building lines for upstream tarball
signatures. Closes: #888787
- Dpkg::Deps: Turn virtualpkg tracking from an arrayyref into a hashref.
- Dpkg::Vendor::Debian: Mark riscv64 as having gcc builtin PIE.
- Dpkg::Shlibs::Objdump: Fix ELF program detection, for PIE binaries and
executable libraries.
- Dpkg::Version: Fix bool overload behavior back to be an is_valid()
alias. Emit a specific perl warning until 1.20.x so that users can check
whether the semantic change has any impact on the code, which can then
be quiesced. Closes: #895004
- Dpkg::Changelog::Parse: When detecting the changelog format, read the
last 4KiB of the file instead of using «tail -n40», which should be
both faster and more portable, as the default tail(1) is not POSIX
compliant on all systems (c.f. Solaris).
- Dpkg::Build::Types: Add new set_build_type_from_targets() function.
- Dpkg::Shlibs::SymbolFile: Always assign a proper Dpkg::Version to the
deprecated variable, otherwise the scalar value 0 can get confused
on scalar context to denote it is *not* deprecated instead of being
version 0.
- Dpkg::Shlibs: Disable bool overload Dpkg::Version warnings.
- Dpkg::Vendor::Debian: Inline _parse_feature_area() into
_add_build_flags(), for a small speed up and line count reduction.
- Dpkg::BuildFlags: Move default flags setting into the Dpkg::Vendor
modules.
- Dpkg::Gettext: Fix fallback textdomain() to honor its expected interface.
- Dpkg::Deps: Split subpackages into their own separate modules.
- Dpkg::Source: Do not change patch permissions if not necessary.
Closes: #898010
- Dpkg::Substvars: Reword used/unused warnings to clarify their meaning.
Closes: #904258
- Dpkg::Shlibs: Warn when using LD_LIBRARY_PATH with a private library
directory which is a descendent of the current working directory.
- Dpkg::Source::Package::V3::Quilt: Print series file used when applying
patches.
- Dpkg::OpenPGP: Return the destination path on successful ASCII armor
conversion.
- Dpkg::Control::Fields: Do not use & sigil for function calls.
- Dpkg::Shlibs: Ignore nonexistent directories present in LD_LIBRARY_PATH.
- Dpkg::Deps::KnownFacts: Satisfy :native with arch:all packages too.
These are treated as native packages everywhere else in the multi-arch
design, this was the only exception, which has become a source of
packaging problems as of late. This was apparently an oversight in
the original implementation. Closes: #854438
- Dpkg::Vendor::Debian: Add fixfilepath support to reproducible feature.
- Dpkg::Dist::Files: Add support for file attributes.
* Documentation:
- Update gettext minimal version in README.
- Add a missing dot on the dpkg-buildflags(1) «lfs» feature paragraph.
Spotted by Helge Kreutzmann <debian@helgefjell.de>.
- Document DPKG_COLORS environment variable for all programs using it.
- Document DPKG_NLS environment variable for all programs using it.
- Document the Testsuite and Testsuite-Triggers fields in
deb-src-control(5). Prompted by Mattia Rizzolo <mattia@debian.org>.
- Update git URLs for move away from alioth.debian.org.
- Fix set_build_type_from_options() description in Dpkg::Build::Types.
- Clarify PIE build flag feature semantics. Closes: #900088
- Clarify dpkg-buildpackage pre and post-clean options and their default
state.
- Add --build option equivalents for dpkg-buildpackage short build type
options in --help output.
- Fold dpkg-buildpackage --[no-]check-builddeps in --help into both -D
and -d option descriptions.
- Mark profiles as a replaceable item in dpkg-buildpackage --help output.
- Update test suite requirements in README.
- Document textdomain() and ngettext() replacement functions in
Dpkg::Gettext POD.
- Clarify arch-qualified dependency simplification in Dpkg::Deps POD.
- Improve Dpkg::Deps modules and methods documentation.
- Fix typo in deb-changes(5). Closes: #902616
- Clarify awaiting state for interest and activate directives.
Closes: #904060
- Fix man page markup. Closes: #900033, #900035, #900040
Thanks to Bjarni Ingi Gislason <bjarniig@rhi.hi.is>.
- Fix Doxygen comment for libdpkg dpkg_arch_find() function.
- Document the dangers of using start-stop-daemon(8) only with --pidfile
as matching option with the pid file owned by a non-privileged user.
* Code internals:
- Do not use stringy eval to define different sub implementations,
just assign an anonymous sub to the typeglob.
- Use memccpy() instead of strncpy() to quiesce a gcc-8 warning.
- Change pkgbin_name_needs_arch() to never arch-qualify packages that
have an empty or no architecture, which was already handled as part
of varbuf_add_archqual().
- libdpkg: Factor out cached arch-qualified package name generation into
new pkgbin_name_archqual() function.
- libdpkg: Add new pkg_name() and pkgbin_name() const variants.
- libdpkg, dselect: Use new pkg_name_const() and pkgbin_name_const().
- libdpkg: Rename struct pkginfo files member to archives.
- dpkg: Call ensure_package_clientdata() defensively.
- dpkg: For read-only state functions, check that clientdata is allocated
before using it.
- libdpkg: Move files list information from dpkg clientdata to pkginfo.
- dpkg: Move ensure_package_clientdata() into its own file.
- libdpkg: Move db-fsys code from src to lib/dpkg.
- libdpkg: Rename pkg-db module to pkg-hash.
- libdpkg: Simplify pkg_files_blank() by using a pointer to pointer to
track the previous entry.
- libdpkg: Factor out package files handling into its own module.
- libdpkg: Switch to a new tiny struct to track file on-disk identity.
This should reduce the run-time memory used.
- libdpkg: Reset nfiles in files_db_reset().
- libdpkg: Split push_cleanup() into push_cleanup_fallback().
- Switch from strchr() + strlen() to strchrnul().
- libdpkg: Change dpkg_error to track errno values.
- libdpkg: Add new varbuf_new() and varbuf_free() functions.
- libdpkg: Add new file_slurp() function.
- libdpkg: Switch db-fsys to use the new file_slurp() function.
- libdpkg: Add new pkg_infodb_reset_dir().
- libdpkg: Add new m_dup() function.
- libdpkg: Factor out package stanza printing into its own function.
- libdpkg: Split pager specific code into its own module.
- libdpkg: Add pager spawning and reaping support.
- Use new pager spawning support instead of open-coding it, or piping it
via a shell invocation, which required metacharacter escaping.
- dpkg-query: Split enqperpackage() into each different action.
* Build system:
- Set distribution tarball format to ustar, instead of default v7 format.
- Mark PO4A and POD2MAN as precious variables.
- Automatically replace -Wno- with -W when testing compiler flags,
instead of passing the positive form manually.
- Enable clang -Wdocumentation warning if available.
- Enable gcc-7 -Wregister warning if available.
- Add CPAN distribution machinery for the perl modules. Closes: #821177
- Add an autogen script to help people bootstrap the project.
- Distribute the man.stamp from VPATH.
- Preserve timestamps when distributing man pages.
- Add a GitLab CI configuration file.
- Disable C optimization levels when configuring for code coverage.
* Packaging:
- Install update-alternatives policykit-1 file.
- Add Breaks to libdpkg-perl against pkg-kde-tools (<< 0.15.28~), as
that package is using private modules with no API guarantees, that
obviously broke due to recent changes in 1.19.0. Closes: #878919
- Add Breaks on debhelper << 10.10.1~ to dpkg-dev, so that debhelper users
wanting to use R³ support do not need a versioned dependency on dpkg-dev.
- Add Breaks dgit << 3.13~ to libdpkg-perl, as older dgit versions assumed
that Dpkg::Compression::Process was available, via implicit import
from Dpkg::Source::Package.
Reported by Ian Jackson <ijackson@chiark.greenend.org.uk>.
- Bump Standards-Version to 4.1.1 (no changes needed).
- Add bzip2 and xz-utils to Build-Depends, required by the functional test
suite, but shadowed by dpkg-dev from the build system pulling those in.
- Add versioned libncurses-dev as the first Build-Depends alternative.
Thanks to Sven Joachim <svenjoac@gmx.de>.
- Do not pass VERBOSE to test suite, as we are not using any automake
test driver, so it does not get honored.
- Rename maintainer-build DEB_BUILD_OPTIONS to new standardized terse.
- Enable verbose test suite only in non-terse builds.
- Add a Suggests on sensible-utils to libdpkg-perl.
- Switch libdpkg-perl again to depend on perl:any, now that debootstrap
in stable (stretch) supports arch-qualified dependencies.
- Update libdpkg-perl public module list in package description.
- Add Breaks on apt (<< 1.7~b) for --status-fd duplicate removals.
* Test suite:
- Skip Dpkg::OpenPGP test if gpg is not present.
- Check POD in all perl scripts.
- Consider *.PL also to be perl files.
- Infer automatically the unit test data directory.
- Infer automatically the unit test temp directory.
- Add new po author test case (use i18nspector if available).
- Add new test cases to clarify arch-qualified dependency simplification.
- Add several TODO tests cases for dependency simplification.
- Add new cppcheck author test.
- Add support for new test_get_srcdir() test_get_builddir().
- Add new unit tests for namevalue, fsys-hash and pkg-hash libdpkg modules.
- Improve coverage of perl unit tests.
- Delete fixup lines from i18nspector output instead of emptying them.
- Add new codespell author test.
- Add new test that the public libdpkg headers can be compiled with C++.
[ Josh Triplett ]
* Perl: Replace all calls to Cwd::cwd with Cwd::getcwd; the former calls
/bin/pwd, while the latter uses the getcwd() syscall directly.
[ Updated programs translations ]
* Dutch (Frans Spiesschaert). Closes: #881401
* German (Sven Joachim).
* Italian (Milo Casagrande). Closes: #883085
* Polish (Åukasz Dulny).
* Simplified Chinese (Zhou Mo, Boyuan Yang). Closes: #900547, #890806
* Spanish (Javier Fernández-Sanguino).
* Traditional Chinese (Buo-ren Lin). Closes: #905887
* Turkish (Mert Dirik). Closes: #886252
[ Updated scripts translations ]
* German (Helge Kreutzmann).
[ Updated man pages translations ]
* Dutch (Frans Spiesschaert). Closes: #881403
* German (Helge Kreutzmann).
* Simplified Chinese (Zhou Mo).
------------------------------------------------------------------
------------------ 2021-4-28 - Apr 28 2021 -------------------
------------------------------------------------------------------
++++ boost-base:
- Remove libboost_math_c99l.so* libboost_math_tr1l.so* in spec file
for PowerPC compiled w/ BOOST_MATH_NO_LONG_DOUBLE_MATH_FUNCTIONS
++++ iproute2:
- Update to release 5.12
* devlink: Use library provided string processing APIs
* utils: Introduce helper routines for generic socket recv
* q_cake: Fix incorrect printing of signed values in class statistics
* json_print: Add print_tv()
* nexthop: Add support for nexthop buckets
* nexthop: Add support for resilient nexthop groups
* ip: xfrm: add support for tfcpad
* tc: e_bpf: fix memory leak in parse_bpf()
* lib: bpf_legacy: treat 0 as a valid file descriptor
* ip: drop 2-char command assumption
* bridge: vlan: dump port only if there are any vlans
++++ kernel-default:
- rpm/constraints.in: remove aarch64 disk size exception
obs://Kernel:stable/kernel-default/ARM/aarch64 currrently fails:
installing package kernel-default-livepatch-devel-5.12.0-3.1.g6208a83.aarch64 needs 3MB more space on the / filesystem
The stats say:
Maximal used disk space: 31799 Mbyte
By default, we require 35G. For aarch64 we had an exception to lower
this limit to 30G there. Drop this exception as it is obviously no
longer valid.
- commit ee00b50
++++ open-iscsi:
- Local (SUSE) change: update iscsi.service so that it tries to
logon to any "onboot" and firmware targets, in case a target
was offline when booted but back up when the service is started.
(bsc#1153806)
- Merged with latest from upstream, which contains these fixes:
* Add "no wait" option to iscsiadm firmware login
* Check for ISCSI_ERR_ISCSID_NOTCONN in iscsistart
* Log proper error message when AUTH failure occurs
++++ python310-core:
- Update to 3.9.4:
- bpo#43710: Reverted the fix for https://bugs.python.org/issue42500
as it changed the PyThreadState struct size and broke the 3.9.x ABI
in the 3.9.3 release (visible on 32-bit platforms using binaries
compiled using an earlier version of Python 3.9.x headers).
- bpo#26053: Fixed bug where the pdb interactive run command echoed
the args from the shell command line, even if those have been
overridden at the pdb prompt.
- bpo#42988 (bsc#1183374) CVE-2021-3426: Remove the getfile
feature of the pydoc module which could be abused to read
arbitrary files on the disk (directory traversal
vulnerability). Moreover, even source code of Python modules
can contain sensitive data like passwords. Vulnerability
reported by David Schwörer.
- bpo#43285: ftplib no longer trusts the IP address value
returned from the server in response to the PASV command by
default. This prevents a malicious FTP server from using the
response to probe IPv4 address and port combinations on the
client network. Code that requires the former vulnerable
behavior may set a trust_server_pasv_ipv4_address attribute
on their ftplib.FTP instances to True to re-enable it.
- bpo#43439: Add audit hooks for gc.get_objects(),
gc.get_referrers() and gc.get_referents(). Patch by Pablo
Galindo.
- bpo#43660: Fix crash that happens when replacing sys.stderr
with a callable that can remove the object while an exception
is being printed. Patch by Pablo Galindo.
- bpo#43555: Report the column offset for SyntaxError for
invalid line continuation characters. Patch by Pablo Galindo.
- bpo#43517: Fix misdetection of circular imports when using
from pkg.mod import attr, which caused false positives in
non-trivial multi-threaded code.
- bpo#35883: Python no longer fails at startup with a fatal
error if a command line argument contains an invalid Unicode
character. The Py_DecodeLocale() function now escapes byte
sequences which would be decoded as Unicode characters
outside the [U+0000; U+10ffff] range.
- bpo#43406: Fix a possible race condition where
PyErr_CheckSignals tries to execute a non-Python signal
handler.
- bpo#42500: Improve handling of exceptions near recursion
limit. Converts a number of Fatal Errors in RecursionErrors.
- bpo#43433: xmlrpc.client.ServerProxy no longer ignores query
and fragment in the URL of the server.
- bpo#35930: Raising an exception raised in a “future†instance
will create reference cycles.
- bpo#43577: Fix deadlock when using ssl.SSLContext debug
callback with ssl.SSLContext.sni_callback().
- bpo#43521: ast.unparse can now render NaNs and empty sets.
- bpo#43423: subprocess.communicate() no longer raises an
IndexError when there is an empty stdout or stderr IO buffer
during a timeout on Windows.
- bpo#27820: Fixed long-standing bug of smtplib.SMTP where
doing AUTH LOGIN with initial_response_ok=False will fail.
The cause is that SMTP.auth_login _always_ returns a password
if provided with a challenge string, thus non-compliant with
the standard for AUTH LOGIN. Also fixes bug with the test for
smtpd.
- bpo#43332: Improves the networking efficiency of http.client
when using a proxy via set_tunnel(). Fewer small send calls
are made during connection setup.
- bpo#43399: Fix ElementTree.extend not working on iterators
when using the Python implementation
- bpo#43316: The python -m gzip command line application now
properly fails when detecting an unsupported extension. It
exits with a non-zero exit code and prints an error message
to stderr.
- bpo#43260: Fix TextIOWrapper can not flush internal buffer
forever after very large text is written.
- bpo#42782: Fail fast in shutil.move() to avoid creating
destination directories on failure.
- bpo#37193: Fixed memory leak in socketserver.ThreadingMixIn
introduced in Python 3.7.
- bpo#43199: Answer “Why is there no goto?†in the Design and
History FAQ.
- bpo#43407: Clarified that a result from time.monotonic(),
time.perf_counter(), time.process_time(), or
time.thread_time() can be compared with the result from any
following call to the same function - not just the next
immediate call.
- bpo#27646: Clarify that ‘yield from <expr>’ works with any
iterable, not just iterators.
- bpo#36346: Update some deprecated unicode APIs which are
documented as “will be removed in 4.0†to “3.12â€. See PEP 623
for detail.
- bpo#37945: Fix test_getsetlocale_issue1813() of test_locale:
skip the test if setlocale() fails. Patch by Victor Stinner.
- bpo#41561: Add workaround for Ubuntu’s custom OpenSSL
security level policy.
- bpo#43288: Fix test_importlib to correctly skip Unicode file
tests if the fileystem does not support them.
- bpo#43617: Improve configure.ac: Check for presence of
autoconf-archive package and remove our copies of M4 macros.
- bpo#42225: Document that IDLE can fail on Unix either from
misconfigured IP masquerage rules or failure displaying
complex colored (non-ascii) characters.
- bpo#43283: Document why printing to IDLE’s Shell is often
slower than printing to a system terminal and that it can be
made faster by pre-formatting a single string before
printing.
++++ snapper:
- added systemd sandboxing for services
++++ libxml2:
- Security fix: [bsc#1185408, CVE-2021-3518]
* Fix use-after-free in xinclude.c:xmlXIncludeDoProcess()
* Add libxml2-CVE-2021-3518.patch
- Security fix: [bsc#1185410, CVE-2021-3517]
* Fix heap-based buffer overflow in entities.c:xmlEncodeEntitiesInternal()
* Add libxml2-CVE-2021-3517.patch
- Security fix: [bsc#1185409, CVE-2021-3516]
* Fix use-after-free in entities.c:xmlEncodeEntitiesInternal()
* Add libxml2-CVE-2021-3516.patch
++++ libzypp:
- Properly handle permission denied when providing optional files
(bsc#1185239)
- Fix service detection with cgroupv2 (bsc#1184997)
- version 17.25.10 (22)
++++ python310:
- Update to 3.9.4:
- bpo#43710: Reverted the fix for https://bugs.python.org/issue42500
as it changed the PyThreadState struct size and broke the 3.9.x ABI
in the 3.9.3 release (visible on 32-bit platforms using binaries
compiled using an earlier version of Python 3.9.x headers).
- bpo#26053: Fixed bug where the pdb interactive run command echoed
the args from the shell command line, even if those have been
overridden at the pdb prompt.
- bpo#42988 (bsc#1183374) CVE-2021-3426: Remove the getfile
feature of the pydoc module which could be abused to read
arbitrary files on the disk (directory traversal
vulnerability). Moreover, even source code of Python modules
can contain sensitive data like passwords. Vulnerability
reported by David Schwörer.
- bpo#43285: ftplib no longer trusts the IP address value
returned from the server in response to the PASV command by
default. This prevents a malicious FTP server from using the
response to probe IPv4 address and port combinations on the
client network. Code that requires the former vulnerable
behavior may set a trust_server_pasv_ipv4_address attribute
on their ftplib.FTP instances to True to re-enable it.
- bpo#43439: Add audit hooks for gc.get_objects(),
gc.get_referrers() and gc.get_referents(). Patch by Pablo
Galindo.
- bpo#43660: Fix crash that happens when replacing sys.stderr
with a callable that can remove the object while an exception
is being printed. Patch by Pablo Galindo.
- bpo#43555: Report the column offset for SyntaxError for
invalid line continuation characters. Patch by Pablo Galindo.
- bpo#43517: Fix misdetection of circular imports when using
from pkg.mod import attr, which caused false positives in
non-trivial multi-threaded code.
- bpo#35883: Python no longer fails at startup with a fatal
error if a command line argument contains an invalid Unicode
character. The Py_DecodeLocale() function now escapes byte
sequences which would be decoded as Unicode characters
outside the [U+0000; U+10ffff] range.
- bpo#43406: Fix a possible race condition where
PyErr_CheckSignals tries to execute a non-Python signal
handler.
- bpo#42500: Improve handling of exceptions near recursion
limit. Converts a number of Fatal Errors in RecursionErrors.
- bpo#43433: xmlrpc.client.ServerProxy no longer ignores query
and fragment in the URL of the server.
- bpo#35930: Raising an exception raised in a “future†instance
will create reference cycles.
- bpo#43577: Fix deadlock when using ssl.SSLContext debug
callback with ssl.SSLContext.sni_callback().
- bpo#43521: ast.unparse can now render NaNs and empty sets.
- bpo#43423: subprocess.communicate() no longer raises an
IndexError when there is an empty stdout or stderr IO buffer
during a timeout on Windows.
- bpo#27820: Fixed long-standing bug of smtplib.SMTP where
doing AUTH LOGIN with initial_response_ok=False will fail.
The cause is that SMTP.auth_login _always_ returns a password
if provided with a challenge string, thus non-compliant with
the standard for AUTH LOGIN. Also fixes bug with the test for
smtpd.
- bpo#43332: Improves the networking efficiency of http.client
when using a proxy via set_tunnel(). Fewer small send calls
are made during connection setup.
- bpo#43399: Fix ElementTree.extend not working on iterators
when using the Python implementation
- bpo#43316: The python -m gzip command line application now
properly fails when detecting an unsupported extension. It
exits with a non-zero exit code and prints an error message
to stderr.
- bpo#43260: Fix TextIOWrapper can not flush internal buffer
forever after very large text is written.
- bpo#42782: Fail fast in shutil.move() to avoid creating
destination directories on failure.
- bpo#37193: Fixed memory leak in socketserver.ThreadingMixIn
introduced in Python 3.7.
- bpo#43199: Answer “Why is there no goto?†in the Design and
History FAQ.
- bpo#43407: Clarified that a result from time.monotonic(),
time.perf_counter(), time.process_time(), or
time.thread_time() can be compared with the result from any
following call to the same function - not just the next
immediate call.
- bpo#27646: Clarify that ‘yield from <expr>’ works with any
iterable, not just iterators.
- bpo#36346: Update some deprecated unicode APIs which are
documented as “will be removed in 4.0†to “3.12â€. See PEP 623
for detail.
- bpo#37945: Fix test_getsetlocale_issue1813() of test_locale:
skip the test if setlocale() fails. Patch by Victor Stinner.
- bpo#41561: Add workaround for Ubuntu’s custom OpenSSL
security level policy.
- bpo#43288: Fix test_importlib to correctly skip Unicode file
tests if the fileystem does not support them.
- bpo#43617: Improve configure.ac: Check for presence of
autoconf-archive package and remove our copies of M4 macros.
- bpo#42225: Document that IDLE can fail on Unix either from
misconfigured IP masquerage rules or failure displaying
complex colored (non-ascii) characters.
- bpo#43283: Document why printing to IDLE’s Shell is often
slower than printing to a system terminal and that it can be
made faster by pre-formatting a single string before
printing.
++++ libxml2-python:
- Security fix: [bsc#1185408, CVE-2021-3518]
* Fix use-after-free in xinclude.c:xmlXIncludeDoProcess()
* Add libxml2-CVE-2021-3518.patch
- Security fix: [bsc#1185410, CVE-2021-3517]
* Fix heap-based buffer overflow in entities.c:xmlEncodeEntitiesInternal()
* Add libxml2-CVE-2021-3517.patch
- Security fix: [bsc#1185409, CVE-2021-3516]
* Fix use-after-free in entities.c:xmlEncodeEntitiesInternal()
* Add libxml2-CVE-2021-3516.patch
++++ selinux-policy:
- allow cockpit socket to bind nodes (fix_cockpit.patch)
- use %autosetup to get rid of endless patch lines
++++ shim:
- Split the keys in vendor-dbx.bin to vendor-dbx-sles and
vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce
the size of MokListXRT (bsc#1185261)
+ Also update generate-vendor-dbx.sh in dbx-cert.tar.xz
------------------------------------------------------------------
------------------ 2021-4-27 - Apr 27 2021 -------------------
------------------------------------------------------------------
++++ apparmor:
- add crypto-policies-mr720.diff to allow reading crypto policies
in abstractions/ssl_certs (boo#1183597)
++++ libapparmor:
- add crypto-policies-mr720.diff to allow reading crypto policies
in abstractions/ssl_certs (boo#1183597)
++++ salt:
- Fix issue parsing errors in ansiblegate state module
- Added:
* fix-issue-parsing-errors-in-ansiblegate-state-module.patch
- Prevent command injection in the snapper module (bsc#1185281) (CVE-2021-31607)
- transactional_update: detect recursion in the executor
- Add subpackage salt-transactional-update (jsc#SLE-18028)
- Remove duplicate directories from specfile
- Added:
* transactional_update-detect-recursion-in-the-executo.patch
* prevent-command-injection-in-the-snapper-module-bsc-.patch
++++ selinux-policy:
- Updated fix_networkmanager.patch to allow NetworkManager to watch
its configuration directories
- Added fix_dovecot.patch to fix dovecot authentication (bsc#1182207)
------------------------------------------------------------------
------------------ 2021-4-26 - Apr 26 2021 -------------------
------------------------------------------------------------------
++++ cni-plugins:
- Update to version 0.9.1:
* ipam/dhcp: Add broadcast flag
* add flannel to support dual stack ip
* bandwidth: fix panic in tests
* host-device: Add support for DPDK device
* [main/vlan] Fix error handling for delegate IPAM plugin
* dhcp: default dhcp clien timeout is 10s
* vlan: fix error message text by removing ptp references
* dhcp: daemon dhcp client timeout is configurable
* dhcp: timeout value is set in DHCP daemon
* remove unused function
* deps: go mod tidy coreos/go-iptables
* deps: bump coreos/go-iptables
++++ kernel-default:
- series.conf: cleanup
- fix Patch-mainline tag and move to "almost mainline" section:
patches.suse/crypto-ccp-Annotate-SEV-Firmware-file-names.patch
- commit 3a48ed8
- crypto: ccp: Annotate SEV Firmware file names (bsc#1185282).
- commit 66154b6
++++ kexec-tools:
- kexec-tools-remove-duplicate-ramdisk-definition.patch:
Remove duplicate definition of ramdisk (fix ppc build).
- Bump version to 2.0.21
- Drop patches from upstream git:
* kexec-tools-add-variant-helper-functions.patch
* kexec-tools-arm64-kexec-allocate-memory-space-avoiding-reserved-regions.patch
* kexec-tools-arm64-kdump-deal-with-resource-entries-in-proc-iomem.patch
* kexec-tools-build-multiboot2-for-i386.patch
* kexec-tools-fix-kexec_file_load-error-handling.patch
* kexec-tools-reset-getopt-before-falling-back-to-legacy.patch
* kexec-tools-s390-Reset-kernel-command-line-on-syscal.patch
* kexec-tools-Remove-duplicated-variable-declarations.patch
++++ libjpeg-turbo:
- version update to 2.1.0
lot of changes, see
* https://github.com/libjpeg-turbo/libjpeg-turbo/releases/tag/2.0.90
* https://github.com/libjpeg-turbo/libjpeg-turbo/releases/tag/2.1.0
++++ ncurses:
- Add ncurses patch 20210424
+ avoid using broken system macros for snprintf which interfere with
_nc_SLIMIT's conditionally adding a parameter when the string-hacks
configure option is enabled.
+ add a "all::" rule before the new "check" rule in test/Makefile.in
- Add ncurses patch 20210418
+ improve CF_LINK_FUNCS by ensuring that the source-file is closed
before linking to the target.
+ add "check" rules for headers in c++, progs and test-directories.
+ build-fix for termsort module when configured with termcap (reports
by Rajeev V Pillai, Rudi Heitbaum).
- Add ncurses patch 20210417
+ extend --disable-pkg-ldflags option to also control whether $LDFLAGS
from the build is provided in -config and .pc files (Debian #986764).
+ fix some cppcheck warnings, mostly style, in ncurses and c++
libraries and progs directory.
+ fix off-by-one limit for tput's processing command-line arguments
(patch by Hadrien Lacour).
- Do not strip examples
- Install available manual pages of examples as well
++++ libselinux:
- Remove Recommends for selinux-autorelabel. It's better to have this
in the policy package itself (bsc#1181837)
++++ systemd:
- Upgrade to v248 (commit 5d3d934a5c2f4593207497db94e6f313348e89e7)
See https://github.com/openSUSE/systemd/blob/SUSE/v248/NEWS for
details.
This includes the following bug fixes:
- upstream commit 4327574fc1093513badc2177f71cede2fc88c13c (bsc#1166028)
- upstream commit 3573e032f26724949e86626eace058d006b8bf70 (bsc#1186411)
- upstream commit 30927a24848c4d727f7619cc74b878f098cdd724 (bsc#1200170)
- A couple runtime dependencies on libraries are now tracked
manually (with Recommends:) due to the fact that some symbols of
these libs are dynamically loaded with dlopen() (heck!)
- oomd is left disablde for now
- pam configuration file 'systemd-user' is now shipped in
/usr/etc/pam.d
- Rebased 0001-conf-parser-introduce-early-drop-ins.patch
0003-strip-the-domain-part-from-etc-hostname-when-setting.patch
0006-sysv-generator-add-back-support-for-SysV-scripts-for.patch
- Dropped 0004-tmpfiles-support-exclude-statements-based-on-file-ow.patch
as it is SLE specific.
- Clean systemd-experimental up:
- Enclose "%package/%descriptoin experimental" within a "%if
%experimental/%endif" block condition
- List the build requirements in the sub-package instead of listing
them in the main package.
- Enable support for fido2, pwquality and qrencode in the home
stuff
- Improve the package description
++++ tiff:
- version update to 4.3.0
* Build and usage of the library and its utilities requires a C99
capable compiler.
* New optional codec for the LERC (Limited Error Raster Compression)
compression scheme. To have it available, configure libtiff against
the SDK available at https://github.com/esri/lerc
* Removal of unused, or now useless due to C99 availability,
functions in port/
* tiffcmp: fix comparaison with pixels that are
fractional number of bytes
* tiff2ps: exit the loop in case of error
* tiff2pdf: check that tiff_datasize fits in a signed tsize_t
++++ zchunk:
- Update to version 1.1.9
* Handle zstd 1.4.7+
* Update documentation
* unzck: require a *.zck extension
* General bug fixes
- Dropped upstream merged
d2eae512bee09a4047cfe586de12f644d73b0736.patch
- Add fix-test-argp.patch: Fix argp detection
++++ python-cryptography:
- Remove unnecessary %ifpython3 construct
++++ runc:
- Backport patch to fix build on SLE-12 ppc64le.
+ 0001-cloned_binary-switch-from-error-to-warning-for-SYS_m.patch
++++ selinux-policy:
- Added Recommends for selinux-autorelabel (bsc#1181837)
- Prevent libreoffice fonts from changing types on every relabel
(bsc#1185265). Added fix_libraries.patch
------------------------------------------------------------------
------------------ 2021-4-25 - Apr 25 2021 -------------------
------------------------------------------------------------------
++++ curl:
- update to 7.76.1:
- ngtcp2: Use ALPN h3-29 for now
- TODO: remove 18.22 --fail-with-body
++++ kernel-default:
- Update to 5.12 final
- refresh configs (headers only)
- commit 9683115
- rpm/kernel-binary.spec.in: Require new enough pahole.
pahole 1.21 is required for building line-next BTF
- commit 8df1aaa
------------------------------------------------------------------
------------------ 2021-4-24 - Apr 24 2021 -------------------
------------------------------------------------------------------
++++ cni:
- use buildmode=pie (cnitool is installed into sbindir)
++++ lcms2:
- update to 2.12:
* Added build system for fast-float plugin (see plugin documentation)
* Added new build-in sigmoidal tone curve
* Added XCode 12 project
* Added support for multichannel input up to 15 channels
* Fix LUT8 write matrix
* Fix version mess on 10/11
* Fix tools & samples xgetopt
* Fix warnings on different function pointers
* Fix matlab MEX compilation
* plugin: cleanup and better SSE detection
* plugin: add lab to any on float
* plugin: it can now be compiled as C++
* recover PDF documentation, but try to keep it under a resonable size.
* Prevent a rare but possible out-of-bounds read in postscript generator
* Fix some compiler warnings
* Add named color profile building sample to testbed
++++ openSUSE-build-key:
- fixed s390x key install (bsc#1185245)
------------------------------------------------------------------
------------------ 2021-4-23 - Apr 23 2021 -------------------
------------------------------------------------------------------
++++ container-selinux:
- Fix container runtime binary labels (bsc#1185030). You need to
relable at least /usr/sbin if you're affected
++++ coreutils:
- coreutils-tests-fix-FP-in-ls-stat-free-color.patch: Add upstream patch
to avoid FP in testsuite.
- coreutils.spec:
- Reference the above patch.
- Change keyring URL to new GNU coreutils Group Release Keyring.
- coreutils.keyring: Update with the Group Release Keyring.
++++ lvm2-device-mapper:
- Honor lvm.conf event_activation=0 on "pvscan --cache -aay" (bsc#1185190)
+ bug-1185190_01-pvscan-support-disabled-event_activation.patch
+ bug-1185190_02-config-improve-description-for-event_activation.patch
++++ file:
- Add patch file-5.40-ascii.patch
* fix regressions on dection of smaller ASCII files (boo#1184899)
++++ librsvg:
- Update to version 2.46.5 on SLE and Leap:
+ Update dependent crates that had security vulnerabilities:
generic-array to 0.12.4 - RUSTSEC-2020-0146
smallvec to 0.6.14 - RUSTSEC-2021-0003 - CVE-2021-25900
+ There are no changes to the library code.
+ Fix bash-isms in Makefile.am (Tin-Wei Lan).
+ Fix Visual Studio build (Chun-wei Fan).
- bsc#1183403 - CVE-2021-25900 - buffer overflow in the smallvec crate.
++++ grub2:
- Fix obsolete syslog in systemd unit file and updating to use journal as
StandardOutput (bsc#1185149)
* grub2-once.service
++++ gtk3:
- Update to version 3.24.29:
+ Input:
- Look for a Compose file in the right place.
- Revert some Compose sequence changes (mainly around dead
acute and apostrophe).
- Consume all key events during preedit, to avoid unexpected
interactions.
- Ignore more modifiers during preedit, to allow using 3rd and
5th level choosers.
- Fix handling of cursor positions in non-ASCII preedit text.
+ GtkSpinButton: Interpret localized digits.
+ GtkScale: Fix sporadic criticals.
+ GtkScrolledWindow:
- Cancel overshoot on size changes.
- Avoid criticals with non-overlay scrollbars.
+ GtkFileChooser: Handle smb mounts better.
+ GtkListBox: Fix extending multi-selections.
+ Fix a possible crash in gtk_show_uri.
+ Wayland: Improve font settings fallback.
+ X11:
- Avoid log spam on exit.
- Don't beep on untrusted displays.
+ Updated translations.
- Drop gtk3-prevent-g_file_get_basename-return-NULL.patch: fixed
upstream.
++++ kernel-default:
- rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244)
- commit 52805ed
++++ less:
- less 581:
* Change ESC-u command to toggle, not disable, highlighting per
man page
* Add ESC-U command
* Add ctrl-W search modifier for wrapping search
* F command can be interrupted by ^X
* Support OSC 8 hyperlinks when -R is in effect
* g command with no number will ignore -j and put first line at
top of screen
* Multiple + or -p command line options are handled better
* Add the --incsearch option
* Add the --line-num-width option
* Add the --status-col-width option
* Add the --use-color and --color options
* Display -w highlight even if highlighted line is empty
* If search result is in a long line, scroll to ensure it is
visible
* Editing the same file under different names now creates only
one entry in the file list.
* Make visual bell more visible on some terminals
* Ring end-of-file bell no more than once per second
* Build can use either Python or Perl for Makefile.aut operations
* Fix crash when using the @ search modifier.
* Fix crash in the 's' command due to duplicate free
- drop less-429-save_line_position.patch which was never accepted
upstream due to solving one problem and creating others
++++ lvm2:
- Honor lvm.conf event_activation=0 on "pvscan --cache -aay" (bsc#1185190)
+ bug-1185190_01-pvscan-support-disabled-event_activation.patch
+ bug-1185190_02-config-improve-description-for-event_activation.patch
++++ podman:
- Update to version 3.1.2:
* Bump to v3.1.2
* Update release notes for v3.1.2
* Ensure mount destination is clean, no trailing slash
* Fixes podman-remote save to directories does not work
* [CI:DOCS] Add missing dash to verbose option
* [CI:DOCS] Fix Markdown table layout bugs
* [CI:DOCS] Rewrite --uidmap doc in podman-create.1.md and podman-run.1.md
* rmi: don't break when the image is missing a manifest
* Bump containers/image to v5.11.1
* Bump github.com/coreos/go-systemd from 22.2.0 to 22.3.1
* Fix lint
* Bump to v3.1.2-dev
- Split podman-remote into a subpackage
- Add missing scriptlets for systemd units
- Escape macros in comments
- Drop some obsolete workarounds, including %{go_nostrip}
++++ selinux-policy:
- Transition unconfined users to ldconfig type (bsc#1183121).
Extended fix_unconfineduser.patch
++++ vim:
- Updated to version 8.2.2800, fixes the following problems
* Vim9: message about compiling is wrong when using try/catch.
* Confusing error message with white space before comma in the arguments
of a function declaration.
* Function test fails.
* Special key names don't work if 'isident' is cleared.
* Vim9: wrong error message for referring to legacy script variable.
* Coverity complains about not restoring character.
* Prompt for s///c in Ex mode can be wrong.
* Detecting Lua version is not reliable.
* Vim9: cannot use legacy script-local var from :def function.
* Vim9: function reference found with prefix, not without.
* Vim9: for loop over string is a bit slow.
* Status line not updated when local 'statusline' option set.
* Extending a list with itself can give wrong result.
* Vim9: a lambda accepts too many arguments at the script level.
* Vim9: lambda with varargs doesn't work.
* Vim9: Partial call does not check right arguments.
* Vim9: when compiling a function fails it is cleared.
* Vim9: function state stuck when compiling with ":silent!".
* Vim9: no way to explicitly ignore an argument.
* Vim9: missing part of the argument change.
* Check for duplicate arguments does not work.
* Vim9: not always an error for too many function arguments.
* Vim9: memory leak when calling :def function fails.
* Vim9: test for error can be a bit flaky.
* Vim9: error for using underscore in nested function.
* Coverity warns for using NULL pointer.
* Vim9: cannot ignore an item in assignment unpack.
* :sleep! does not always hide the cursor.
* Vim9: no error for using a number in a condition.
* Vim9: blob index and slice not implemented yet.
* Vim9: blob tests for legacy and Vim9 script are separate.
* Vim9: wrong line number for autoload function with wrong name.
* Vim9: for loop infers type of loop variable.
* Vim9: no error for changing a for loop variable.
* Using "syn include" does not work properly.
* Vim9: function line truncated when compiling.
* Vim9: cannot use type in for loop unpack at script level.
* Memory leak when default function argument is allocated.
* Vim9: not all blob operations work.
* Test failure.
* Compiler warning for unused argument.
* Vim9: memory leak with blob range error.
* Modula-3 config files are not recognized.
* Vim9: type of loop variable is not used.
* Vim9: assignment not recognized if declaration was skipped.
* Problems when restoring 'runtimepath' from a session file.
* PSL filetype not recognized.
* Vim9: cannot import an existing name even when using "as".
* Vim9: wrong line number used for some commands.
* :mksession uses current value of 'splitbelow' and 'splitright' even though
"options" is not in 'sessionoptions'. (Maxim Kim)
* Vim9: blob operations not tested in all ways.
* Problem restoring 'packpath' in session.
* Memory access error in remove() for blob.
* Vim9: for loop over blob doesn't work.
* Add() silently skips when adding to null list or blob.
* Vim9: blob operations not fully tested.
* Duplicate code for setting byte in blob, blob test may fail.
* Vim9: cannot use \=expr in :substitute.
* Vim9: cannot redirect to local variable.
* Vim9: memory leak when using :s with expression.
* Raku is now the only name what once was called perl6.
* Vim9: using \=expr in :substitute does not handle jumps.
* filetype test fails
* Vim9: memory leak when using \=expr in :substitute.
* Vim9: :disas shows instructions for default args but no text.
* Linux users don't know how to get ncurses.
* Coverity warns for not using return value.
* Vim9: redir to variable does not accept an index.
* Search highlight disappears in the Visual area.
* Vim9: redir to variable with append does not accept an index.
* Vim9: type casts don't fully work at the script level.
* After a timer displays text a hit-enter prompt is given.
------------------------------------------------------------------
------------------ 2021-4-22 - Apr 22 2021 -------------------
------------------------------------------------------------------
++++ file:
- Add upstream comitts as patches
* file-5.40-9b0459af.patch
put attributes inside the xz magic. (boo#1184888, boo#1184891)
* file-5.40-749e1ecf.patch
If the file is less than 3 bytes, use the file length to determine type
* file-5.40-f0601504.patch
Fix regression after unsigned/signed printing changes
* file-5.40-f7705dca.patch
fix previous (cast >>)
* file-5.40-3096f87f.patch
Correct return values to exptexted
* file-5.40-4c5fe1ad.patch
Add missing parens
- Port patch
* file-5.28-btrfs-image.dif
due patch file-5.40-f0601504.patch
++++ gtk3:
- Update to version 3.24.28:
+ Input: Improve dead key handling.
+ CSS: Fix rendering of scaled text shadows.
+ Wayland: Fix matching of accelerators with multiple layouts.
+ X11: Trap errors from the COW.
+ Build: Make gtk3-update-icon-cache output reproducible.
+ Updated translations.
++++ kernel-default:
- rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063).
Previously essiv was part of dm-crypt but now it is separate.
Include the module in kernel-obs-build when available.
Fixes: 7cf5b9e26d87 ("rpm/kernel-obs-build.spec.in: add dm-crypt for building with cryptsetup")
- commit fe15b78
- Revert "rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514)"
This turned out to be a bad idea: the kernel-$flavor-devel package
must be usable without kernel-$flavor, e.g. at the build of a KMP.
And this change brought superfluous installation of kernel-preempt
when a system had kernel-syms (bsc#1185113).
- commit d771304
++++ krb5:
- Use /run instead of /var/run for daemon PID files; (bsc#1185163);
++++ libiscsi:
- Update to version 1.19.0+git.20210208:
* test-tool: Change command_is_implemented from a global variable into an argument
* test-tool: Move a logging statement into write_residuals_test()
* test-tool: Add default clauses in recently modified switch statements
* test-tool, residuals: Rename struct residuals_test_data members
* test-tool: Add overwrite check for all test cases
* test-tool: Change write residuals tests overwrite check according to FCP-4
* test-tool: Refactoring residuals write tests
* test-tool: Allow CHECK CONDITION in response to overflow/underflow
* .travis.yml: Multiple changes
* test-tool: add simple REPORT LUNS test
* init: fix Wformat on 32-bit platforms
++++ libzypp:
- Add missing includes for GCC 11 (bsc#1181874)
- Fix unsafe usage of static in media verifier.
- Solver: Avoid segfault if no system is loaded (bsc#1183628)
- MediaVerifier: Relax media set verification in case of a single
not-volatile medium (bsc#1180851)
- Do no cleanup in custom cache dirs (bsc#1182936)
- ZConfig: let pubkeyCachePath follow repoCachePath.
- version 17.25.9 (22)
++++ openssh:
- Change vendor configuration dir from /usr/share/ssh/ to
/usr/etc/ssh/.
- Remove upgrade enablement hack. This has been fixed in
systemd-rpm-macros (bsc#1180083).
++++ python-M2Crypto:
- Add no-need-parameterized.patch ... we don't need run-time requirement
of parameterized package (bsc#1185150).
++++ python-immutables:
- update to 0.15
* python 3.9 support
++++ shim:
- Enable the AArch64 signature check for SLE (sync shim.changes from SLE)
++++ suse-module-tools:
- Update to version 15.4.1:
* dm-crypt requires essiv in SLE15 SP3 (boo#1183063 bsc#1184134 ltc#192244).
------------------------------------------------------------------
------------------ 2021-4-21 - Apr 21 2021 -------------------
------------------------------------------------------------------
++++ Mesa:
- update to 21.0.3
* fixes in haiku, core mesa, radeonsi, lavapipe, nir, radv, anv,
freedreno and turnip, etniviv, iris, egl, lima, core gallium,
spriv, v3d, meson
++++ Mesa-drivers:
- update to 21.0.3
* fixes in haiku, core mesa, radeonsi, lavapipe, nir, radv, anv,
freedreno and turnip, etniviv, iris, egl, lima, core gallium,
spriv, v3d, meson
++++ lvm2-device-mapper:
- LVM cannot be disabled on boot (bsc#1184687)
+ bug-1184687_Add-nolvm-for-kernel-cmdline.patch
- Update patch for avoiding apply warning message
+ bug-1012973_simplify-special-case-for-md-in-69-dm-lvm-metadata.patch
++++ gtk3:
- Add gtk3-prevent-g_file_get_basename-return-NULL.patch:
+ Fix a possible crash in gtk_show_uri
(boo#1185082, glgo#GNOME/gtk!3458).
++++ kernel-default:
- rpm/check-for-config-changes: add AS_HAS_* to ignores
arch/arm64/Kconfig defines a lot of these. So far our current compilers
seem to support them all. But it can quickly change with SLE later.
- commit a4d8194
- Linux 5.11.16 (bsc#1012628).
- bpf: Move sanitize_val_alu out of op switch (bsc#1012628).
- bpf: Improve verifier error messages for users (bsc#1012628).
- bpf: Rework ptr_limit into alu_limit and add common error path
(bsc#1012628).
- ARM: 9071/1: uprobes: Don't hook on thumb instructions
(bsc#1012628).
- bpf: Move off_reg into sanitize_ptr_alu (bsc#1012628).
- bpf: Ensure off_reg has no mixed signed bounds for all types
(bsc#1012628).
- r8169: don't advertise pause in jumbo mode (bsc#1012628).
- r8169: tweak max read request size for newer chips also in
jumbo mtu mode (bsc#1012628).
- kasan: remove redundant config option (bsc#1012628).
- kasan: fix hwasan build for gcc (bsc#1012628).
- KVM: VMX: Don't use vcpu->run->internal.ndata as an array index
(bsc#1012628).
- KVM: VMX: Convert vcpu_vmx.exit_reason to a union (bsc#1012628).
- bpf: Use correct permission flag for mixed signed bounds
arithmetic (bsc#1012628).
- arm64: dts: allwinner: h6: beelink-gs1: Remove ext. 32 kHz
osc reference (bsc#1012628).
- arm64: dts: allwinner: Fix SD card CD GPIO for SOPine systems
(bsc#1012628).
- ARM: OMAP2+: Fix uninitialized sr_inst (bsc#1012628).
- ARM: footbridge: fix PCI interrupt mapping (bsc#1012628).
- ARM: 9069/1: NOMMU: Fix conversion for_each_membock() to
for_each_mem_range() (bsc#1012628).
- ARM: 9063/1: mm: reduce maximum number of CPUs if
DEBUG_KMAP_LOCAL is enabled (bsc#1012628).
- ARM: OMAP2+: Fix warning for omap_init_time_of() (bsc#1012628).
- gro: ensure frag0 meets IP header alignment (bsc#1012628).
- ch_ktls: do not send snd_una update to TCB in middle
(bsc#1012628).
- ch_ktls: tcb close causes tls connection failure (bsc#1012628).
- ch_ktls: fix device connection close (bsc#1012628).
- ch_ktls: Fix kernel panic (bsc#1012628).
- ibmvnic: remove duplicate napi_schedule call in open function
(bsc#1012628).
- ibmvnic: remove duplicate napi_schedule call in do_reset
function (bsc#1012628).
- ibmvnic: avoid calling napi_disable() twice (bsc#1012628).
- ia64: tools: remove inclusion of ia64-specific version of
errno.h header (bsc#1012628).
- ia64: remove duplicate entries in generic_defconfig
(bsc#1012628).
- ethtool: pause: make sure we init driver stats (bsc#1012628).
- i40e: fix the panic when running bpf in xdpdrv mode
(bsc#1012628).
- ibmvnic: correctly use dev_consume/free_skb_irq (bsc#1012628).
- net: Make tcp_allowed_congestion_control readonly in non-init
netns (bsc#1012628).
- mm: ptdump: fix build failure (bsc#1012628).
- net: ip6_tunnel: Unregister catch-all devices (bsc#1012628).
- net: sit: Unregister catch-all devices (bsc#1012628).
- net: phy: marvell: fix detection of PHY on Topaz switches
(bsc#1012628).
- net: davicom: Fix regulator not turned off on failed probe
(bsc#1012628).
- net/mlx5e: Fix setting of RS FEC mode (bsc#1012628).
- netfilter: nftables: clone set element expression template
(bsc#1012628).
- netfilter: nft_limit: avoid possible divide error in
nft_limit_init (bsc#1012628).
- net/mlx5e: fix ingress_ifindex check in mlx5e_flower_parse_meta
(bsc#1012628).
- net: macb: fix the restore of cmp registers (bsc#1012628).
- drm/i915/display/vlv_dsi: Do not skip panel_pwr_cycle_delay
when disabling the panel (bsc#1012628).
- libbpf: Fix potential NULL pointer dereference (bsc#1012628).
- netfilter: arp_tables: add pre_exit hook for table unregister
(bsc#1012628).
- netfilter: bridge: add pre_exit hooks for ebtable unregistration
(bsc#1012628).
- libnvdimm/region: Fix nvdimm_has_flush() to handle
ND_REGION_ASYNC (bsc#1012628).
- ice: Fix potential infinite loop when using u8 loop counter
(bsc#1012628).
- netfilter: conntrack: do not print icmpv6 as unknown via /proc
(bsc#1012628).
- netfilter: flowtable: fix NAT IPv6 offload mangling
(bsc#1012628).
- ixgbe: fix unbalanced device enable/disable in suspend/resume
(bsc#1012628).
- ixgbe: Fix NULL pointer dereference in ethtool loopback test
(bsc#1012628).
- drm/vmwgfx: Make sure we unpin no longer needed buffers
(bsc#1012628).
- scsi: libsas: Reset num_scatter if libata marks qc as NODATA
(bsc#1012628).
- riscv: Fix spelling mistake "SPARSEMEM" to "SPARSMEM"
(bsc#1012628).
- vfio/pci: Add missing range check in vfio_pci_mmap
(bsc#1012628).
- arm64: alternatives: Move length validation in
alternative_{insn, endif} (bsc#1012628).
- arm64: mte: Ensure TIF_MTE_ASYNC_FAULT is set atomically
(bsc#1012628).
- Update config files.
- arm64: fix inline asm in load_unaligned_zeropad() (bsc#1012628).
- drm/i915: Don't zero out the Y plane's watermarks (bsc#1012628).
- readdir: make sure to verify directory entry for legacy
interfaces too (bsc#1012628).
- dm verity fec: fix misaligned RS roots IO (bsc#1012628).
- HID: wacom: set EV_KEY and EV_ABS only for non-HID_GENERIC
type of devices (bsc#1012628).
- Input: i8042 - fix Pegatron C15B ID entry (bsc#1012628).
- Input: s6sy761 - fix coordinate read bit shift (bsc#1012628).
- net/sctp: fix race condition in sctp_destroy_sock (bsc#1012628).
- lib: fix kconfig dependency on ARCH_WANT_FRAME_POINTERS
(bsc#1012628).
- virt_wifi: Return micros for BSS TSF values (bsc#1012628).
- mac80211: clear sta->fast_rx when STA removed from 4-addr VLAN
(bsc#1012628).
- drm/amd/display: Add missing mask for DCN3 (bsc#1012628).
- pcnet32: Use pci_resource_len to validate PCI resource
(bsc#1012628).
- net: ieee802154: forbid monitor for add llsec seclevel
(bsc#1012628).
- net: ieee802154: stop dump llsec seclevels for monitors
(bsc#1012628).
- net: ieee802154: forbid monitor for del llsec devkey
(bsc#1012628).
- net: ieee802154: forbid monitor for add llsec devkey
(bsc#1012628).
- net: ieee802154: stop dump llsec devkeys for monitors
(bsc#1012628).
- net: ieee802154: forbid monitor for del llsec dev (bsc#1012628).
- net: ieee802154: forbid monitor for add llsec dev (bsc#1012628).
- net: ieee802154: stop dump llsec devs for monitors
(bsc#1012628).
- net: ieee802154: forbid monitor for del llsec key (bsc#1012628).
- net: ieee802154: forbid monitor for add llsec key (bsc#1012628).
- net: ieee802154: stop dump llsec keys for monitors
(bsc#1012628).
- iwlwifi: add support for Qu with AX201 device (bsc#1012628).
- scsi: scsi_transport_srp: Don't block target in SRP_PORT_LOST
state (bsc#1012628).
- ASoC: fsl_esai: Fix TDM slot setup for I2S mode (bsc#1012628).
- drm/msm: Fix a5xx/a6xx timestamps (bsc#1012628).
- ARM: omap1: fix building with clang IAS (bsc#1012628).
- ARM: keystone: fix integer overflow warning (bsc#1012628).
- powerpc/signal32: Fix Oops on sigreturn with unmapped VDSO
(bsc#1012628).
- neighbour: Disregard DEAD dst in neigh_update (bsc#1012628).
- bpf: Take module reference for trampoline in module
(bsc#1012628).
- gpu/xen: Fix a use after free in xen_drm_drv_init (bsc#1012628).
- net: axienet: allow setups without MDIO (bsc#1012628).
- ASoC: max98373: Added 30ms turn on/off time delay (bsc#1012628).
- ASoC: max98373: Changed amp shutdown register as volatile
(bsc#1012628).
- xfrm: BEET mode doesn't support fragments for inner packets
(bsc#1012628).
- iwlwifi: Fix softirq/hardirq disabling in
iwl_pcie_enqueue_hcmd() (bsc#1012628).
- arc: kernel: Return -EFAULT if copy_to_user() fails
(bsc#1012628).
- lockdep: Add a missing initialization hint to the "INFO:
Trying to register non-static key" message (bsc#1012628).
- remoteproc: pru: Fix loading of GNU Binutils ELF (bsc#1012628).
- ARM: dts: Fix moving mmc devices with aliases for omap4 & 5
(bsc#1012628).
- ARM: dts: Drop duplicate sha2md5_fck to fix clk_disable race
(bsc#1012628).
- ACPI: x86: Call acpi_boot_table_init() after
acpi_table_upgrade() (bsc#1012628).
- dmaengine: idxd: fix wq cleanup of WQCFG registers
(bsc#1012628).
- dmaengine: idxd: clear MSIX permission entry on shutdown
(bsc#1012628).
- dmaengine: plx_dma: add a missing put_device() on error path
(bsc#1012628).
- dmaengine: Fix a double free in dma_async_device_register
(bsc#1012628).
- dmaengine: dw: Make it dependent to HAS_IOMEM (bsc#1012628).
- dmaengine: idxd: fix wq size store permission state
(bsc#1012628).
- dmaengine: idxd: fix opcap sysfs attribute output (bsc#1012628).
- dmaengine: idxd: fix delta_rec and crc size field for completion
record (bsc#1012628).
- dmaengine: idxd: Fix clobbering of SWERR overflow bit on
writeback (bsc#1012628).
- gpio: sysfs: Obey valid_mask (bsc#1012628).
- Input: nspire-keypad - enable interrupts only when opened
(bsc#1012628).
- mtd: rawnand: mtk: Fix WAITRDY break condition and timeout
(bsc#1012628).
- AMD_SFH: Add DMI quirk table for BIOS-es which don't set the
activestatus bits (bsc#1012628).
- AMD_SFH: Add sensor_mask module parameter (bsc#1012628).
- AMD_SFH: Removed unused activecontrolstatus member from the
amd_mp2_dev struct (bsc#1012628).
- commit d57ad55
++++ dtc:
- explicitly pass -pie in CFLAGS, since the build system explicitly passes
- fPIC, which breaks our gcc-PIE profile. This makes all packaged binaries
PIE-executables (bsc#1184122).
++++ lvm2:
- LVM cannot be disabled on boot (bsc#1184687)
+ bug-1184687_Add-nolvm-for-kernel-cmdline.patch
- Update patch for avoiding apply warning message
+ bug-1012973_simplify-special-case-for-md-in-69-dm-lvm-metadata.patch
++++ shim:
- Update the SLE signatures (sync shim.changes from SLE)
------------------------------------------------------------------
------------------ 2021-4-20 - Apr 20 2021 -------------------
------------------------------------------------------------------
++++ NetworkManager:
- Update to version 1.30.4:
+ Fix crash evaluating match setting properties (CVE-2021-20297).
+ Fix leak of local route added by NetworkManager for configured
addresses.
+ Fix name of the device autoconnect D-Bus property.
+ Multiple bugfixes in the initrd generator.
+ Various minor bugfixes.
++++ cups:
- upstream_pull_174.patch is
https://github.com/OpenPrinting/cups/pull/174
"Use 60s timeout for read_thread, revert read limits"
to fix printing with older USB printers
- New upstream URL https://openprinting.github.io/cups
++++ kexec-tools:
- Hardening: Link as PIE (bsc#1185020).
++++ avahi:
- Add avahi-CVE-2021-3468.patch: avoid infinite loop by handling
HUP event in client_work (boo#1184521 CVE-2021-3468).
https://github.com/lathiat/avahi/pull/330
++++ libgcrypt:
- libgcrypt 1.9.3:
* Bug fixes:
- Fix build problems on i386 using gcc-4.7.
- Fix checksum calculation in OCB decryption for AES on s390.
- Fix a regression in gcry_mpi_ec_add related to certain usages
of curve 25519.
- Fix a symbol not found problem on Apple M1.
- Fix for Apple iOS getentropy peculiarity.
- Make keygrip computation work for compressed points.
* Performance:
- Add x86_64 VAES/AVX2 accelerated implementation of Camellia.
- Add x86_64 VAES/AVX2 accelerated implementation of AES.
- Add VPMSUMD acceleration for GCM mode on PPC.
* Internal changes.
- Harden MPI conditional code against EM leakage.
- Harden Elgamal by introducing exponent blinding.
++++ gmp:
- Compute FIPS hmac for libgmp.so.10 [bsc#1184555]
++++ sqlite3:
- SQLite3 3.35.5:
* Fix defects in the new ALTER TABLE DROP COLUMN feature that
could corrupt the database file
* Fix an obscure query optimizer problem that might cause an
incorrect query result
++++ salt:
- Improvements on "ansiblegate" module (bsc#1185092):
* New methods: ansible.targets / ansible.discover_playbooks
* General bugfixes
- Added:
* improvements-on-ansiblegate-module-354.patch
------------------------------------------------------------------
------------------ 2021-4-19 - Apr 19 2021 -------------------
------------------------------------------------------------------
++++ boost-base:
- update to 1.76.0:
* for details on all changes see,
https://www.boost.org/users/history/version_1_76_0.html
- remove boost-disable-pch-on-aarch64.patch, compile bug seems
to be fixed meanwhile
- baselibs.conf: updated to new version
++++ lvm2-device-mapper:
- Add metadata-based autoactivation property for VG and LV (bsc#1178680)
+ bug-1178680_add-metadata-based-autoactivation-property-for-VG-an.patch
++++ dnsmasq:
- Update to 2.85:
* Fix problem with DNS retries in 2.83/2.84.
* Tweak sort order of tags in get-version.
* Avoid treating a --dhcp-host which has an IPv6 address as
eligible for use with DHCPv4 on the grounds that it has
no address, and vice-versa.
* Add --dynamic-host option: A and AAAA records which take their
network part from the network of a local interface. Useful
for routers with dynamically prefixes.
* Teach --bogus-nxdomain and --ignore-address to take an IPv4
subnet.
* CVE-2021-3448, bsc#1183709: Use random source ports where
possible if source addresses/interfaces in use.
* Change the method of allocation of random source ports for DNS.
* Scale the size of the DNS random-port pool based on the
value of the --dns-forward-max configuration.
* Tweak TFTP code to check sender of all received packets, as
specified in RFC 1350 para 4.
++++ findutils:
- Use new Group Release Keyring
++++ grub2:
- Fix build error on armv6/armv7 (bsc#1184712)
* 0001-emu-fix-executable-stack-marking.patch
++++ kernel-firmware:
- Update to version 20210419 (git commit 940b7f42d45d):
* cxgb4: Update firmware to revision 1.25.4.0
* Mellanox: Add new mlxsw_spectrum firmware xx.2008.2438
* brcm: Link CM4's WiFi firmware with DMI machine name.
* linux-firmware: Update firmware file for Intel Bluetooth AX201
* amdgpu: update navi14 smc firmware
* amdgpu: update navi10 SMC firmware
* QCA: Update Bluetooth firmware for QCA6174
* WHENCE: link to similar config file for rtl8821a support
* nfp: update Agilio SmartNIC flower firmware to rev AOTC-2.14.A.6
* amdgpu: add arcturus firmware
* rtl_bt: Add rtl8723bs_config-OBDA0623.bin symlink
* brcm: Add nvram for the Chuwi Hi8 (CWI509) tablet
* brcm: Add nvram for the Predia Basic tablet
* qcom: sm8250: update remoteproc firmware
* qcom: update a650 firmware files
* rtl_bt: Update RTL8822C BT(UART I/F) FW to 0x59A_76A3
* amdgpu: update sienna cichlid firmware for 20.50
* amdgpu: update vega20 firmware for 20.50
* amdgpu: update picasso firmware for 20.50
* amdgpu: update navi14 firmware for 20.50
* amdgpu: update vega12 firmware for 20.50
* amdgpu: update navi12 firmware for 20.50
* amdgpu: update vega10 firmware for 20.50
* amdgpu: update renoir firmware for 20.50
* amdgpu: update navi10 firmware for 20.50
* amdgpu: update raven2 firmware for 20.50
* amdgpu: update raven firmware for 20.50
* amdgpu: add initial support for navy flounder
- Update aliases
++++ libcontainers-common:
- Force overlay as default storage driver if system is not btrfs
(gh#containers/buildah#3153)
- Update common to 0.36.0
0.36.0:
no changelog found
0.35.4:
pkg/seccomp: simplify and fix IsSupported
pkg/seccomp: use sync.Once to speed up IsSupported
capabilities: ALL returns the bounding set
capabilities: memoize BoundingSet
capabilities: add new method BoundingSet()
Update pause image to 3.5
- Update podman to 3.1.1
3.1.1:
[#]## Changes
- Podman now recognizes `trace` as a valid argument to the `--log-level` command. Trace logging is now the most verbose level of logging available.
- The `:z` and `:Z` options for volume mounts are now ignored when the container is privileged or is run with SELinux isolation disabled (`--security-opt label=disable`). This matches better matches Docker's behavior in this case.
[#]## Bugfixes
- Fixed a bug where pruning images with the `podman image prune` or `podman system prune` commands could cause Podman to panic.
- Fixed a bug where the `podman save` command did not properly error when the `--compress` flag was used with incompatible format types.
- Fixed a bug where the `--security-opt` and `--ulimit` options to the remote Podman client's `podman build` command were nonfunctional.
- Fixed a bug where the `--log-rusage` option to the remote Podman client's `podman build` command was nonfunctional ([#9489](https://github.com/containers/podman/issues/9889)).
- Fixed a bug where the `podman build` command could, in some circumstances, use the wrong OCI runtime ([#9459](https://github.com/containers/podman/issues/9459)).
- Fixed a bug where the remote Podman client's `podman build` command could return 0 despite failing ([#10029](https://github.com/containers/podman/issues/10029)).
- Fixed a bug where the `podman container runlabel` command did not properly expand the `IMAGE` and `NAME` variables in the label ([#9405](https://github.com/containers/podman/issues/9405)).
- Fixed a bug where poststop OCI hooks would be executed twice on containers started with the `--rm` argument ([#9983](https://github.com/containers/podman/issues/9983)).
- Fixed a bug where rootless Podman could fail to launch containers on cgroups v2 systems when the `cgroupfs` cgroup manager was in use.
- Fixed a bug where the `podman stats` command could error when statistics tracked exceeded the maximum size of a 32-bit signed integer ([#9979](https://github.com/containers/podman/issues/9979)).
- Fixed a bug where rootless Podman containers run with `--userns=keepid` (without a `--user` flag in addition) would grant exec sessions run in them too many capabilities ([#9919](https://github.com/containers/podman/issues/9919)).
- Fixed a bug where the `--authfile` option to `podman build` did not validate that the path given existed ([#9572](https://github.com/containers/podman/issues/9572)).
- Fixed a bug where the `--storage-opt` option to Podman was appending to, instead of overriding (as is documented), the default storage options.
- Fixed a bug where the `podman system service` connection did not function properly when run in a socket-activated systemd unit file as a non-root user.
- Fixed a bug where the `--network` option to the `podman play kube` command of the remote Podman client was being ignored ([#9698](https://github.com/containers/podman/issues/9698)).
- Fixed a bug where the `--log-driver` option to the `podman play kube` command was nonfunctional ([#10015](https://github.com/containers/podman/issues/10015)).
[#]## API
- Fixed a bug where the Libpod Create endpoint for Manifests did not properly validate the image the manifest was being created with.
- Fixed a bug where the Libpod DF endpoint could, in error cases, append an extra null to the JSON response, causing decode errors.
- Fixed a bug where the Libpod and Compat Top endpoint for Containers would return process names that included extra whitespace.
- Fixed a bug where the Compat Prune endpoint for Containers accepted too many types of filter.
[#]## Misc
- Updated Buildah to v1.20.1
- Updated the containers/storage library to v1.29.0
- Updated the containers/image library to v5.11.0
- Updated the containers/common library to v0.36.0
- Update storage to 1.29.0
1.29.0:
ReloadConfigurationFile should Reset storage options
rootless overlay: use user.* instead of trusted.*
build(deps): bump github.com/Microsoft/hcsshim from 0.8.15 to 0.8.16
Support additional layer store
overlay, rootless: use user.* instead of trusted.*
archive, rootless: use user.* instead of trusted.*
copy, rootless: skip copying trusted.* xattr
Make sure rootless mounts support the userxattr flag
Rework autons ID mapping generation.
Set default to overlay from storage.conf
build(deps): bump github.com/klauspost/compress from 1.11.12 to 1.11.13
- Update image to 5.11.0
* no changelog found
++++ lua54:
- Add upstream-bugs.patch and upstream-bugs-test.patch to fix
bugs 1,2,3 for build and tests respectively.
++++ lvm2:
- Add metadata-based autoactivation property for VG and LV (bsc#1178680)
+ bug-1178680_add-metadata-based-autoactivation-property-for-VG-an.patch
++++ openssl-3:
- Update to 3.0.0 Alpha 14
* A public key check is now performed during EVP_PKEY_derive_set_peer().
Previously DH was internally doing this during EVP_PKEY_derive().
* The EVP_PKEY_CTRL_PKCS7_ENCRYPT, EVP_PKEY_CTRL_PKCS7_DECRYPT,
EVP_PKEY_CTRL_PKCS7_SIGN, EVP_PKEY_CTRL_CMS_ENCRYPT,
EVP_PKEY_CTRL_CMS_DECRYPT, and EVP_PKEY_CTRL_CMS_SIGN control operations
are deprecated. They are not invoked by the OpenSSL library anymore and
are replaced by direct checks of the key operation against the key type
when the operation is initialized.
* The EVP_PKEY_public_check() and EVP_PKEY_param_check() functions now work for
more key types including RSA, DSA, ED25519, X25519, ED448 and X448.
Previously (in 1.1.1) they would return -2. For key types that do not have
parameters then EVP_PKEY_param_check() will always return 1.
* The output from numerous "printing" functions such as X509_signature_print(),
X509_print_ex(), X509_CRL_print_ex(), and other similar functions has been
amended such that there may be cosmetic differences between the output
observed in 1.1.1 and 3.0. This also applies to the "-text" output from the
x509 and crl applications.
* Improved adherence to Enhanced Security Services (ESS, RFC 2634 and RFC 5035)
for the TSP and CMS Advanced Electronic Signatures (CAdES) implementations.
As required by RFC 5035 check both ESSCertID and ESSCertIDv2 if both present.
Correct the semantics of checking the validation chain in case ESSCertID{,v2}
contains more than one certificate identifier: This means that all
certificates referenced there MUST be part of the validation chain.
* Parallel dual-prime 1024-bit modular exponentiation for AVX512_IFMA
capable processors.
* Added the AuthEnvelopedData content type structure (RFC 5083) with AES-GCM
parameter (RFC 5084) for the Cryptographic Message Syntax (CMS). Its purpose
is to support encryption and decryption of a digital envelope that is both
authenticated and encrypted using AES GCM mode.
++++ snapper:
- fix build on 32 bit musl systems (gh#openSUSE/snapper#644)
++++ libtpms:
- Update to version 0.8.2
* NOTE: Downgrade to 0.7.x or below is not possible.
Due to fixes in the TPM 2 prime number generation code in
rev155 it is not possible to downgrade from libtpms version
0.8.0 to some previous version. The seeds are now associated
with an age so that older seeds use the old TPM 2 prime number
generation code while newer seed use the newer code.
* tpm2: rev155: Add new RsaAdjustPrimeCandidate code but do
not use (bsc#1184939 CVE-2021-3505)
* tpm2: Activate SEED_COMPAT_LEVEL_RSA_PRIME_ADJUST_FIX
(bsc#1184939 CVE-2021-3505)
* Update to TPM 2 code release 159
- X509 support is enabled
+ SM2 signing of ceritificates is NOT supported
- Authenticated timers are disabled
* Update to TPM 2 code relase 162
- ECC encryption / decryption is disabled
* Fix support for elliptic curve due to missing unmarshalling
code
* Runtime filter supported elliptic curves supported by OpenSSL
* Fix output buffer parameter and size for RSA decryption that
could cause stack corruption under certain circumstances
* Set the RSA PSS salt length to the digest length rather than
max
* Fixes to symmetric decryption related to input size check,
defer padding to the user [EVP_CIPHER_CTX_set_padding(ctx, 0)]
and to always use a temporary malloc'ed buffer for decryption
* Fixed the set of PCRs belonging to the TCB group. This affects
the pcrUpdateCounter in TPM2_Pcrread() responses, thus needs
latest swtpm for test cases to succeed there.
++++ makedumpfile:
- Update patch metadata.
++++ podman:
- Update to version 3.1.1:
* Bump to v3.1.1
* Update release notes for v3.1.1
* podman play kube apply correct log driver
* Fix build with GO111MODULE=off
* [CI:DOCS] Set all operation id to be compatibile
* Move operationIds to swagger:operation line
* swagger: add operationIds that match with docker
* Fix missing podman-remote build options
* [NO TESTS NEEDED] Shrink the size of podman-remote
* Move socket activation check into init() and set global condition.
* rootless: use is_fd_inherited
* Recreate until container prune tests for bindings
* System tests: special case for RHEL: require runc
* Document --volume from podman-remote run/create client
* Containers prune endpoint should use only prune filters
* Trim white space from /top endpoint results
* Fix unmount doc reference in image.rst
* Fix handling of remove --log-rusage param
* Makefile: introduce install.docker-full
* Makefile: ensure install.docker creates BINDIR
* Should send the OCI runtime path not just the name to buildah
* Fixed podman-remote --network flag
* podman-run.1.md, podman-create.1.md : Adjust Markdown layout for --userns
* Fix typos --uidmapping and --gidmapping
* Add default template functions
* Don't relabel volumes if running in a privileged container
* Allow users to override default storage opts with --storage-opt
* Add transport and destination info to manifest doc
* Verify existence of auth file if specified
* Ensure that `--userns=keep-id` sets user in config
* [CI:DOCS] Update swagger definition of inspect manifest
* Volumes prune endpoint should use only prune filters
* Adjust libpod API Container Wait documentation to the code
* Add missing return
* [CI:DOCS] Fix formatting of podman-build man page
* cgroups: force 64 bits to ParseUint
* Fix slashes in socket URLs
* [CI:DOCS] Correct status code for /pods/create
* cgroup: do not set cgroup parent when rootless and cgroupfs
* Reflect current state of prune implementation in docs
* Do not delete container twice
* Test that we don't error out on advertised --log-level values
* At trace log level, print error text using %+v instead of %v
* pkg/errorhandling.JoinErrors: don't throw away context for lone errors
* Recognize --log-level=trace
* Fix message about runtime to show only the actual runtime
* Fix handling of $NAME and $IMAGE in runlabel
* Fix flake on failed podman-remote build : try 2
* Fix flake on failed podman-remote build
* Update documentation of podman-run to reflect volume "U" option
* Fixes invalid expression in save command
* Fix possible panic in libpod/image/prune.go
* Update all containers/ project vendors
* Fix tests
* Bump to v3.1.1-dev
++++ qemu:
- Include upstream patch designated as stable material and reviewed
for applicability to include here
mptsas-Remove-unused-MPTSASState-pending.patch
- Clarify in support documents that cpu-add was removed in this
release from both the human monitor protocol (HMP) and QMP
interfaces
++++ ovmf:
- Build ovmf-x86_64-smm against Ia32X64 to enable S3 support
(bsc#1184938)
- Update ovmf-add-exclude-shell-flag.patch to include Ia32X64
++++ selinux-policy:
- Update to version 20210419
- Refreshed:
* fix_dbus.patch
* fix_hadoop.patch
* fix_init.patch
* fix_unprivuser.patch
++++ u-boot-rpiarm64:
Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.04
* Patches added:
0014-fs-btrfs-fix-the-false-alert-of-dec.patch - boo#1183717 bsc#1184947
------------------------------------------------------------------
------------------ 2021-4-18 - Apr 18 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Update to 5.12-rc8
- refresh configs
- commit a71cb9a
++++ mozilla-nss:
- update to NSS 3.63.1
* no upstream release notes for 3.63.1 (yet)
Fixed in 3.63
* bmo#1697380 - Make a clang-format run on top of helpful contributions.
* bmo#1683520 - ECCKiila P384, change syntax of nested structs
initialization to prevent build isses with GCC 4.8.
* bmo#1683520 - [lib/freebl/ecl] P-384: allow zero scalars in dual
scalar multiplication.
* bmo#1683520 - ECCKiila P521, change syntax of nested structs
initialization to prevent build isses with GCC 4.8.
* bmo#1683520 - [lib/freebl/ecl] P-521: allow zero scalars in dual
scalar multiplication.
* bmo#1696800 - HACL* update March 2021 - c95ab70fcb2bc21025d8845281bc4bc8987ca683.
* bmo#1694214 - tstclnt can't enable middlebox compat mode.
* bmo#1694392 - NSS does not work with PKCS #11 modules not supporting
profiles.
* bmo#1685880 - Minor fix to prevent unused variable on early return.
* bmo#1685880 - Fix for the gcc compiler version 7 to support setenv
with nss build.
* bmo#1693217 - Increase nssckbi.h version number for March 2021 batch
of root CA changes, CA list version 2.48.
* bmo#1692094 - Set email distrust after to 21-03-01 for Camerfirma's
'Chambers of Commerce' and 'Global Chambersign' roots.
* bmo#1618407 - Symantec root certs - Set CKA_NSS_EMAIL_DISTRUST_AFTER.
* bmo#1693173 - Add GlobalSign R45, E45, R46, and E46 root certs to NSS.
* bmo#1683738 - Add AC RAIZ FNMT-RCM SERVIDORES SEGUROS root cert to NSS.
* bmo#1686854 - Remove GeoTrust PCA-G2 and VeriSign Universal root certs
from NSS.
* bmo#1687822 - Turn off Websites trust bit for the “Staat der
Nederlanden Root CA - G3†root cert in NSS.
* bmo#1692094 - Turn off Websites Trust Bit for 'Chambers of Commerce
Root - 2008' and 'Global Chambersign Root - 2008’.
* bmo#1694291 - Tracing fixes for ECH.
- required for Firefox 88
++++ protobuf:
- Update to 3.15.8:
- Fixed memory leak of Ruby arena objects (#8461)
++++ mozilla-nspr:
- update to version 4.30
* support longer thread names on macOS
* fix a build failure on OpenBSD
------------------------------------------------------------------
------------------ 2021-4-17 - Apr 17 2021 -------------------
------------------------------------------------------------------
++++ Mesa:
- Move osmesa build back to Mesa, which we can now do after
choosing another dummy driver there.
- Use LLVM-versioned libclc runtime dependency to ensure
bitcode compatibility. We have that in Tumbleweed and soon Leap.
- U_clover-Fix-build-with-llvm-12.patch
* Fixes build with LLVM 12.
- U_clover-Add-missing-include-for-llvm-12-build-fix.patch
* Fixes a missing header in the previous patch.
- Mesa-devel: no longer require libOSMesa-devel, since it's now
built in Mesa-drivers; packages should require it directly now,
preferrably via pkconfig(osmesa) ...
- Switch dummy driver for mesa package from "auto" xorg driver (i965) to
gallium swrast driver
- update to 21.0.2
* many additions especially on the Radeon Vulkan (RADV) driver
front where sparse memory support is in place, AMD Smart Access
Memory / Resizable BAR optimizations, various RDNA 2
improvements, rapid packed math for ACO, and more.
Elsewhere in Mesa 21.0 there are continued RadeonSI
optimizations, many Intel ANV and Iris improvements, OpenGL 3.3
for Freedreno, DXGI Winsys was added and initial Direct3D 12
code for WSL, OpenGL 4.1 for Zink, and more.
- moved osmesa build to Mesa-drivers since swrast driver has been
removed from Mesa
++++ Mesa-drivers:
- Move osmesa build back to Mesa, which we can now do after
choosing another dummy driver there.
- Use LLVM-versioned libclc runtime dependency to ensure
bitcode compatibility. We have that in Tumbleweed and soon Leap.
- U_clover-Fix-build-with-llvm-12.patch
* Fixes build with LLVM 12.
- U_clover-Add-missing-include-for-llvm-12-build-fix.patch
* Fixes a missing header in the previous patch.
- Mesa-devel: no longer require libOSMesa-devel, since it's now
built in Mesa-drivers; packages should require it directly now,
preferrably via pkconfig(osmesa) ...
- Switch dummy driver for mesa package from "auto" xorg driver (i965) to
gallium swrast driver
- update to 21.0.2
* many additions especially on the Radeon Vulkan (RADV) driver
front where sparse memory support is in place, AMD Smart Access
Memory / Resizable BAR optimizations, various RDNA 2
improvements, rapid packed math for ACO, and more.
Elsewhere in Mesa 21.0 there are continued RadeonSI
optimizations, many Intel ANV and Iris improvements, OpenGL 3.3
for Freedreno, DXGI Winsys was added and initial Direct3D 12
code for WSL, OpenGL 4.1 for Zink, and more.
- moved osmesa build to Mesa-drivers since swrast driver has been
removed from Mesa
++++ NetworkManager:
- Update to version 1.30.2:
+ Increase the limit of open file descriptors in
NetworkManager.service.
+ Fix hostname lookup via DNS when resolv.conf is managed by
systemd-resolved.
+ Enable WPA3 for Wi-Fi connections with key_mgmt=WPA-PSK.
+ Fix crash with the IWD Wi-Fi backend.
+ Avoid logging warning when setting bond option
"ad_actor_system=00:00:00:00:00:00".
+ Update SpecificObject D-Bus property of ActiveConnection after
WiFi roaming.
+ Multiple bugfixes in the initrd generator.
+ Various minor bugfixes.
- Drop NM-restore-MAC-on-release-only-when-cloned.patch: fixed
upstream.
++++ glib2:
- Update to version 2.68.1:
+ Fix a crash in `GKeyFile` when parsing a file which contains
translations using a `GKeyFile` instance which has loaded
another file previously.
+ Pin GIO DLL in memory on Windows.
+ Updated translations.
++++ libfido2:
- Update to version 1.7.0:
* hid_win: detect devices with vendor or product IDs > 0x7fff
* Support for FIDO 2.1 authenticator configuration.
* Support for FIDO 2.1 UV token permissions.
* Support for FIDO 2.1 "credBlobs" and "largeBlobs" extensions.
* New API calls
* New fido_init flag to disable fido_dev_open’s U2F fallback
* Experimental NFC support on Linux.
- Enabled hidapi again, issues related to hidapi are fixed upstream
* Added fix-cmake-linking.patch to fix linking
++++ pango:
- Update to version 1.48.4:
+ Include docs in the dist tarball.
+ Include gi-docgen in the dist tarball, too.
+ win32: Fix 'Cursive' fallback.
+ Fix placement of marks in vertical text.
+ Cache metrics for the current font.
+ Improve letterspacing with combining marks.
++++ python-gobject:
- Update to version 3.40.1:
+ Fix tests with glib 2.68.
+ Fix a regression with marshalling partial() objects.
------------------------------------------------------------------
------------------ 2021-4-16 - Apr 16 2021 -------------------
------------------------------------------------------------------
++++ ansible:
- Drop python-coverage run-time requirement from openSUSE/SLE
- Switch to python3-cryptography in openSUSE/SLE
++++ containerd:
- Drop long-since upstreamed patch, originally needed to fix i386 builds on
SLES:
- 0001-makefile-remove-emoji.patch
++++ filesystem:
- make restricteddir and datadir readonly (bsc#1184786)
++++ kernel-default:
- Linux 5.11.15 (bsc#1012628).
- net: sfp: cope with SFPs that set both LOS normal and LOS
inverted (bsc#1012628).
- perf map: Tighten snprintf() string precision to pass gcc
check on some 32-bit arches (bsc#1012628).
- netfilter: x_tables: fix compat match/target pad out-of-bound
write (bsc#1012628).
- block: don't ignore REQ_NOWAIT for direct IO (bsc#1012628).
- riscv,entry: fix misaligned base for excp_vect_table
(bsc#1012628).
- io_uring: don't mark S_ISBLK async work as unbounded
(bsc#1012628).
- null_blk: fix command timeout completion handling (bsc#1012628).
- idr test suite: Create anchor before launching throbber
(bsc#1012628).
- idr test suite: Take RCU read lock in idr_find_test_1
(bsc#1012628).
- radix tree test suite: Register the main thread with the RCU
library (bsc#1012628).
- block: only update parent bi_status when bio fail (bsc#1012628).
- radix tree test suite: Fix compilation (bsc#1012628).
- XArray: Fix splitting to non-zero orders (bsc#1012628).
- gpu: host1x: Use different lock classes for each client
(bsc#1012628).
- drm/tegra: dc: Don't set PLL clock to 0Hz (bsc#1012628).
- tools/kvm_stat: Add restart delay (bsc#1012628).
- ftrace: Check if pages were allocated before calling
free_pages() (bsc#1012628).
- gfs2: report "already frozen/thawed" errors (bsc#1012628).
- drm/imx: imx-ldb: fix out of bounds array access warning
(bsc#1012628).
- KVM: arm64: Disable guest access to trace filter controls
(bsc#1012628).
- KVM: arm64: Hide system instruction access to Trace registers
(bsc#1012628).
- gfs2: Flag a withdraw if init_threads() fails (bsc#1012628).
- interconnect: core: fix error return code of icc_link_destroy()
(bsc#1012628).
- commit 64fb5bf
++++ llvm15:
- Update to version 12.0.0.
* For details, see the release notes:
- https://releases.llvm.org/12.0.0/docs/ReleaseNotes.html
- https://releases.llvm.org/12.0.0/tools/clang/docs/ReleaseNotes.html
- https://releases.llvm.org/12.0.0/tools/clang/tools/extra/docs/ReleaseNotes.html
- https://releases.llvm.org/12.0.0/projects/libcxx/docs/ReleaseNotes.html
- https://releases.llvm.org/12.0.0/tools/lld/docs/ReleaseNotes.html
- Rebase patches:
* assume-opensuse.patch
* lldb-cmake.patch
* llvm-better-detect-64bit-atomics-support.patch
* llvm-do-not-install-static-libraries.patch
* llvm_build_tablegen_component_as_shared_library.patch
- Drop patches that have landed upstream:
* Fix-missing-include.patch
- Always use ld.bfd for stage 1, use lld for stage 2 where we use
ThinLTO and where it's supported, gold where lld doesn't work,
and ld.bfd where we don't use ThinLTO. (boo#1181621)
- Add lld-no-version-on-undefined-weak-lazy-symbols.patch to fix a
bug in lld that made libLLVM.so contain a corrupt symbol version.
- Add clangd-cmake-non-standard-layout.patch to fix build in our
non-monorepo layout.
++++ libcap:
- Add explicit dependency on libcap2 with version to libcap-progs
(bsc#1184690)
++++ rpm:
- Use --dwz-single-file-mode for packages that use
baselibs.conf mechanism.
- Add add-dwz-single-file-mode-option.patch patch.
++++ python-MarkupSafe:
- allow tests to be disabled (still on by default)
------------------------------------------------------------------
------------------ 2021-4-15 - Apr 15 2021 -------------------
------------------------------------------------------------------
++++ NetworkManager:
- Modified NetworkManager.conf: Use dhclient as the default dhcp
client(bsc#1183202).
++++ docker:
- Update to Docker 20.10.6-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/#20106>. bsc#1184768
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- Backport upstream fix <https://github.com/moby/moby/pull/42273> for btrfs
quotas being removed by Docker regularly. bsc#1183855 bsc#1175081
+ 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
++++ libeconf:
- Removed doxygen from build requires.
++++ graphene:
- Update to version 1.10.6:
+ Hide GRAPHENE_SIMD_S from the introspection data.
+ Nudge ray axis when intersecting a box.
- Changes from version 1.10.4:
+ Add ARM NEON support when building with Visual Studio.
+ Build fix on ARM64 Windows.
+ Drop deprecated "python3" Meson module.
+ Fix detection of non-intersecting boxes.
+ Only enable SSE2 on x86_64.
+ Use the compiler-appropriate alignment attributes.
+ Change introspection option to a yielding feature.
- Change -Dintrospection=true meson parameter to
- Dintrospection=enabled: follow upstream build system changes.
- Wrap -Dsse2=true meson parameter into %ifarch x86_64: 32bit
builds for example do not support sse2 (likely boo#1184678).
++++ perl-Bootloader:
- merge gh#openSUSE/perl-bootloader#134
- install with --removable if efivars are not writable
(bsc#1182749, bsc#1174111, bsc#1184160)
- fix whitespace
- 0.934
++++ qemu:
- 6.0.0 qemu is about to be released. Add comments to the in-
package support documents (supported.<arch>.txt) about the new
deprecations as of that release as an early head's up for qemu
users. These deprecations include these command-line options:
- M option: kernel-irqchip=off
- chardev tty
- chardev paraport
- enable-fips
- writeconfig
- spice password=string
------------------------------------------------------------------
------------------ 2021-4-14 - Apr 14 2021 -------------------
------------------------------------------------------------------
++++ gdk-pixbuf:
- Update to stable 2.42.6
+ Yield gtk_doc option value in subprojects
+ Always initialise locale on thumbnailer startup
+ Add fallback subproject for libjpeg
+ Use type:array for the builtin_loaders option
+ Default to using builtin png and jpeg loaders
++++ kernel-default:
- Linux 5.11.14 (bsc#1012628).
- xfrm/compat: Cleanup WARN()s that can be user-triggered
(bsc#1012628).
- ALSA: aloop: Fix initialization of controls (bsc#1012628).
- ALSA: hda/realtek: Fix speaker amp setup on Acer Aspire E1
(bsc#1012628).
- ALSA: hda/conexant: Apply quirk for another HP ZBook G5 model
(bsc#1012628).
- file: fix close_range() for unshare+cloexec (bsc#1012628).
- ASoC: intel: atom: Stop advertising non working S24LE support
(bsc#1012628).
- nfc: fix refcount leak in llcp_sock_bind() (bsc#1012628).
- nfc: fix refcount leak in llcp_sock_connect() (bsc#1012628).
- nfc: fix memory leak in llcp_sock_connect() (bsc#1012628).
- nfc: Avoid endless loops caused by repeated llcp_sock_connect()
(bsc#1012628).
- selinux: make nslot handling in avtab more robust (bsc#1012628).
- selinux: fix cond_list corruption when changing booleans
(bsc#1012628).
- selinux: fix race between old and new sidtab (bsc#1012628).
- xen/evtchn: Change irq_info lock to raw_spinlock_t
(bsc#1012628).
- net: ipv6: check for validity before dereferencing
cfg->fc_nlinfo.nlh (bsc#1012628).
- net: dsa: lantiq_gswip: Let GSWIP automatically set the xMII
clock (bsc#1012628).
- net: dsa: lantiq_gswip: Don't use PHY auto polling
(bsc#1012628).
- net: dsa: lantiq_gswip: Configure all remaining GSWIP_MII_CFG
bits (bsc#1012628).
- ACPI: processor: Fix build when CONFIG_ACPI_PROCESSOR=m
(bsc#1012628).
- drm/radeon: Fix size overflow (bsc#1012628).
- drm/amdgpu: Fix size overflow (bsc#1012628).
- drm/amdgpu/smu7: fix CAC setting on TOPAZ (bsc#1012628).
- rfkill: revert back to old userspace API by default
(bsc#1012628).
- cifs: escape spaces in share names (bsc#1012628).
- cifs: On cifs_reconnect, resolve the hostname again
(bsc#1012628).
- IB/hfi1: Fix probe time panic when AIP is enabled with a buggy
BIOS (bsc#1012628).
- LOOKUP_MOUNTPOINT: we are cleaning "jumped" flag too late
(bsc#1012628).
- gcov: re-fix clang-11+ support (bsc#1012628).
- ia64: fix user_stack_pointer() for ptrace() (bsc#1012628).
- nds32: flush_dcache_page: use page_mapping_file to avoid races
with swapoff (bsc#1012628).
- ocfs2: fix deadlock between setattr and dio_end_io_write
(bsc#1012628).
- fs: direct-io: fix missing sdio->boundary (bsc#1012628).
- ethtool: fix incorrect datatype in set_eee ops (bsc#1012628).
- of: property: fw_devlink: do not link ".*,nr-gpios"
(bsc#1012628).
- parisc: parisc-agp requires SBA IOMMU driver (bsc#1012628).
- parisc: avoid a warning on u8 cast for cmpxchg on u8 pointers
(bsc#1012628).
- ARM: dts: turris-omnia: configure LED[2]/INTn pin as interrupt
pin (bsc#1012628).
- batman-adv: initialize "struct
batadv_tvlv_tt_vlan_data"->reserved field (bsc#1012628).
- ice: Continue probe on link/PHY errors (bsc#1012628).
- ice: Increase control queue timeout (bsc#1012628).
- ice: prevent ice_open and ice_stop during reset (bsc#1012628).
- ice: fix memory allocation call (bsc#1012628).
- ice: remove DCBNL_DEVRESET bit from PF state (bsc#1012628).
- ice: Fix for dereference of NULL pointer (bsc#1012628).
- ice: Use port number instead of PF ID for WoL (bsc#1012628).
- ice: Cleanup fltr list in case of allocation issues
(bsc#1012628).
- iwlwifi: pcie: properly set LTR workarounds on 22000 devices
(bsc#1012628).
- ice: fix memory leak of aRFS after resuming from suspend
(bsc#1012628).
- net: hso: fix null-ptr-deref during tty device unregistration
(bsc#1012628).
- libbpf: Fix bail out from 'ringbuf_process_ring()' on error
(bsc#1012628).
- bpf: Enforce that struct_ops programs be GPL-only (bsc#1012628).
- bpf: link: Refuse non-O_RDWR flags in BPF_OBJ_GET (bsc#1012628).
- ethernet/netronome/nfp: Fix a use after free in
nfp_bpf_ctrl_msg_rx (bsc#1012628).
- libbpf: Ensure umem pointer is non-NULL before dereferencing
(bsc#1012628).
- libbpf: Restore umem state after socket create failure
(bsc#1012628).
- libbpf: Only create rx and tx XDP rings when necessary
(bsc#1012628).
- bpf: Refcount task stack in bpf_get_task_stack (bsc#1012628).
- bpf, sockmap: Fix sk->prot unhash op reset (bsc#1012628).
- bpf, sockmap: Fix incorrect fwd_alloc accounting (bsc#1012628).
- net: ensure mac header is set in virtio_net_hdr_to_skb()
(bsc#1012628).
- i40e: Fix sparse warning: missing error code 'err'
(bsc#1012628).
- i40e: Fix sparse error: 'vsi->netdev' could be null
(bsc#1012628).
- i40e: Fix sparse error: uninitialized symbol 'ring'
(bsc#1012628).
- i40e: Fix sparse errors in i40e_txrx.c (bsc#1012628).
- vdpa/mlx5: Fix suspend/resume index restoration (bsc#1012628).
- net: sched: sch_teql: fix null-pointer dereference
(bsc#1012628).
- net: sched: fix action overwrite reference counting
(bsc#1012628).
- nl80211: fix beacon head validation (bsc#1012628).
- nl80211: fix potential leak of ACL params (bsc#1012628).
- cfg80211: check S1G beacon compat element length (bsc#1012628).
- mac80211: fix time-is-after bug in mlme (bsc#1012628).
- mac80211: fix TXQ AC confusion (bsc#1012628).
- net: hsr: Reset MAC header for Tx path (bsc#1012628).
- net-ipv6: bugfix - raw & sctp - switch to
ipv6_can_nonlocal_bind() (bsc#1012628).
- net: let skb_orphan_partial wake-up waiters (bsc#1012628).
- thunderbolt: Fix a leak in tb_retimer_add() (bsc#1012628).
- thunderbolt: Fix off by one in tb_port_find_retimer()
(bsc#1012628).
- usbip: add sysfs_lock to synchronize sysfs code paths
(bsc#1012628).
- usbip: stub-dev synchronize sysfs code paths (bsc#1012628).
- usbip: vudc synchronize sysfs code paths (bsc#1012628).
- usbip: synchronize event handler with sysfs code paths
(bsc#1012628).
- driver core: Fix locking bug in
deferred_probe_timeout_work_func() (bsc#1012628).
- scsi: pm80xx: Fix chip initialization failure (bsc#1012628).
- scsi: target: iscsi: Fix zero tag inside a trace event
(bsc#1012628).
- percpu: make pcpu_nr_empty_pop_pages per chunk type
(bsc#1012628).
- i2c: turn recovery error on init to debug (bsc#1012628).
- powerpc/vdso: Make sure vdso_wrapper.o is rebuilt everytime
vdso.so is rebuilt (bsc#1012628).
- powerpc/ptrace: Don't return error when getting/setting FP
regs without CONFIG_PPC_FPU_REGS (bsc#1012628).
- KVM: x86/mmu: change TDP MMU yield function returns to match
cond_resched (bsc#1012628).
- KVM: x86/mmu: Merge flush and non-flush
tdp_mmu_iter_cond_resched (bsc#1012628).
- KVM: x86/mmu: Rename goal_gfn to next_last_level_gfn
(bsc#1012628).
- KVM: x86/mmu: Ensure forward progress when yielding in TDP
MMU iter (bsc#1012628).
- KVM: x86/mmu: Yield in TDU MMU iter even if no SPTES changed
(bsc#1012628).
- KVM: x86/mmu: Ensure TLBs are flushed when yielding during
GFN range zap (bsc#1012628).
- KVM: x86/mmu: Ensure TLBs are flushed for TDP MMU during NX
zapping (bsc#1012628).
- KVM: x86/mmu: Don't allow TDP MMU to yield when recovering NX
pages (bsc#1012628).
- KVM: x86/mmu: preserve pending TLB flush across calls to
kvm_tdp_mmu_zap_sp (bsc#1012628).
- net: sched: fix err handler in tcf_action_init() (bsc#1012628).
- ice: Refactor DCB related variables out of the ice_port_info
struct (bsc#1012628).
- ice: Recognize 860 as iSCSI port in CEE mode (bsc#1012628).
- xfrm: interface: fix ipv4 pmtu check to honor ip header df
(bsc#1012628).
- xfrm: Use actual socket sk instead of skb socket for
xfrm_output_resume (bsc#1012628).
- remoteproc: qcom: pil_info: avoid 64-bit division (bsc#1012628).
- regulator: bd9571mwv: Fix AVS and DVFS voltage range
(bsc#1012628).
- ARM: OMAP4: Fix PMIC voltage domains for bionic (bsc#1012628).
- ARM: OMAP4: PM: update ROM return address for OSWR and OFF
(bsc#1012628).
- remoteproc: pru: Fix firmware loading crashes on K3 SoCs
(bsc#1012628).
- net: xfrm: Localize sequence counter per network namespace
(bsc#1012628).
- esp: delete NETIF_F_SCTP_CRC bit from features for esp offload
(bsc#1012628).
- ASoC: SOF: Intel: HDA: fix core status verification
(bsc#1012628).
- ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled for
some chips (bsc#1012628).
- xfrm: Fix NULL pointer dereference on policy lookup
(bsc#1012628).
- virtchnl: Fix layout of RSS structures (bsc#1012628).
- i40e: Added Asym_Pause to supported link modes (bsc#1012628).
- i40e: Fix kernel oops when i40e driver removes VF's
(bsc#1012628).
- hostfs: fix memory handling in follow_link() (bsc#1012628).
- amd-xgbe: Update DMA coherency values (bsc#1012628).
- vxlan: do not modify the shared tunnel info when PMTU triggers
an ICMP reply (bsc#1012628).
- geneve: do not modify the shared tunnel info when PMTU triggers
an ICMP reply (bsc#1012628).
- sch_red: fix off-by-one checks in red_check_params()
(bsc#1012628).
- drivers/net/wan/hdlc_fr: Fix a double free in pvc_xmit
(bsc#1012628).
- arm64: dts: imx8mm/q: Fix pad control of SD1_DATA0
(bsc#1012628).
- xfrm: Provide private skb extensions for segmented and hw
offloaded ESP packets (bsc#1012628).
- can: bcm/raw: fix msg_namelen values depending on
CAN_REQUIRED_SIZE (bsc#1012628).
- can: isotp: fix msg_namelen values depending on
CAN_REQUIRED_SIZE (bsc#1012628).
- can: uapi: can.h: mark union inside struct can_frame packed
(bsc#1012628).
- mlxsw: spectrum: Fix ECN marking in tunnel decapsulation
(bsc#1012628).
- ethernet: myri10ge: Fix a use after free in myri10ge_sw_tso
(bsc#1012628).
- gianfar: Handle error code at MAC address change (bsc#1012628).
- net: dsa: Fix type was not set for devlink port (bsc#1012628).
- clk: qcom: camcc: Update the clock ops for the SC7180
(bsc#1012628).
- cxgb4: avoid collecting SGE_QBASE regs during traffic
(bsc#1012628).
- net:tipc: Fix a double free in tipc_sk_mcast_rcv (bsc#1012628).
- ARM: dts: imx6: pbab01: Set vmmc supply for both SD interfaces
(bsc#1012628).
- net/ncsi: Avoid channel_monitor hrtimer deadlock (bsc#1012628).
- net: qrtr: Fix memory leak on qrtr_tx_wait failure
(bsc#1012628).
- nfp: flower: ignore duplicate merge hints from FW (bsc#1012628).
- net: phy: broadcom: Only advertise EEE for supported modes
(bsc#1012628).
- I2C: JZ4780: Fix bug for Ingenic X1000 (bsc#1012628).
- ASoC: sunxi: sun4i-codec: fill ASoC card owner (bsc#1012628).
- net/mlx5e: Fix mapping of ct_label zero (bsc#1012628).
- net/mlx5: Delete auxiliary bus driver eth-rep first
(bsc#1012628).
- net/mlx5e: Fix ethtool indication of connector type
(bsc#1012628).
- net/mlx5: Don't request more than supported EQs (bsc#1012628).
- net/mlx5e: Guarantee room for XSK wakeup NOP on async ICOSQ
(bsc#1012628).
- net/rds: Fix a use after free in rds_message_map_pages
(bsc#1012628).
- xdp: fix xdp_return_frame() kernel BUG throw for page_pool
memory model (bsc#1012628).
- soc/fsl: qbman: fix conflicting alignment attributes
(bsc#1012628).
- i40e: fix receiving of single packets in xsk zero-copy mode
(bsc#1012628).
- i40e: Fix display statistics for veb_tc (bsc#1012628).
- RDMA/rtrs-clt: Close rtrs client conn before destroying rtrs
clt session files (bsc#1012628).
- drm/msm: Set drvdata to NULL when msm_drm_init() fails
(bsc#1012628).
- net: udp: Add support for getsockopt(..., ..., UDP_GRO, ...,
...); (bsc#1012628).
- mptcp: forbit mcast-related sockopt on MPTCP sockets
(bsc#1012628).
- mptcp: revert "mptcp: provide subflow aware release function"
(bsc#1012628).
- scsi: ufs: core: Fix task management request completion timeout
(bsc#1012628).
- scsi: ufs: core: Fix wrong Task Tag used in task management
request UPIUs (bsc#1012628).
- drm/msm/disp/dpu1: program 3d_merge only if block is attached
(bsc#1012628).
- Revert "arm64: dts: marvell: armada-cp110: Switch to per-port
SATA interrupts" (bsc#1012628).
- ARM: dts: turris-omnia: fix hardware buffer management
(bsc#1012628).
- net: cls_api: Fix uninitialised struct field
bo->unlocked_driver_cb (bsc#1012628).
- net: macb: restore cmp registers on resume path (bsc#1012628).
- clk: fix invalid usage of list cursor in register (bsc#1012628).
- clk: fix invalid usage of list cursor in unregister
(bsc#1012628).
- workqueue: Move the position of debug_work_activate() in
__queue_work() (bsc#1012628).
- s390/cpcmd: fix inline assembly register clobbering
(bsc#1012628).
- perf inject: Fix repipe usage (bsc#1012628).
- openvswitch: fix send of uninitialized stack memory in ct
limit reply (bsc#1012628).
- i2c: designware: Adjust bus_freq_hz when refuse high speed
mode set (bsc#1012628).
- iwlwifi: fix 11ax disabled bit in the regulatory capability
flags (bsc#1012628).
- can: mcp251x: fix support for half duplex SPI host controllers
(bsc#1012628).
- platform/x86: intel-hid: Fix spurious wakeups caused by
tablet-mode events during suspend (bsc#1012628).
- tipc: increment the tmp aead refcnt before attaching it
(bsc#1012628).
- net: hns3: clear VF down state bit before request link status
(bsc#1012628).
- net/mlx5: Fix HW spec violation configuring uplink
(bsc#1012628).
- net/mlx5: Fix placement of log_max_flow_counter (bsc#1012628).
- net/mlx5: Fix PPLM register mapping (bsc#1012628).
- net/mlx5: Fix PBMC register mapping (bsc#1012628).
- RDMA/cxgb4: check for ipv6 address properly while destroying
listener (bsc#1012628).
- perf report: Fix wrong LBR block sorting (bsc#1012628).
- RDMA/qedr: Fix kernel panic when trying to access recv_cq
(bsc#1012628).
- drm/vc4: crtc: Reduce PV fifo threshold on hvs4 (bsc#1012628).
- i40e: Fix parameters in aq_get_phy_register() (bsc#1012628).
- RDMA/addr: Be strict with gid size (bsc#1012628).
- vdpa/mlx5: should exclude header length and fcs from mtu
(bsc#1012628).
- vdpa/mlx5: Fix wrong use of bit numbers (bsc#1012628).
- RAS/CEC: Correct ce_add_elem()'s returned values (bsc#1012628).
- clk: socfpga: fix iomem pointer cast on 64-bit (bsc#1012628).
- lockdep: Address clang -Wformat warning printing for %hd
(bsc#1012628).
- dt-bindings: net: ethernet-controller: fix typo in NVMEM
(bsc#1012628).
- net: sched: bump refcount for new action in ACT replace mode
(bsc#1012628).
- x86/traps: Correct exc_general_protection() and math_error()
return paths (bsc#1012628).
- gpiolib: Read "gpio-line-names" from a firmware node
(bsc#1012628).
- cfg80211: remove WARN_ON() in cfg80211_sme_connect
(bsc#1012628).
- net: tun: set tun->dev->addr_len during TUNSETLINK processing
(bsc#1012628).
- drivers: net: fix memory leak in atusb_probe (bsc#1012628).
- drivers: net: fix memory leak in peak_usb_create_dev
(bsc#1012628).
- net: mac802154: Fix general protection fault (bsc#1012628).
- net: ieee802154: nl-mac: fix check on panid (bsc#1012628).
- net: ieee802154: fix nl802154 del llsec key (bsc#1012628).
- net: ieee802154: fix nl802154 del llsec dev (bsc#1012628).
- net: ieee802154: fix nl802154 add llsec key (bsc#1012628).
- net: ieee802154: fix nl802154 del llsec devkey (bsc#1012628).
- net: ieee802154: forbid monitor for set llsec params
(bsc#1012628).
- net: ieee802154: forbid monitor for del llsec seclevel
(bsc#1012628).
- net: ieee802154: stop dump llsec params for monitors
(bsc#1012628).
- Revert "net: sched: bump refcount for new action in ACT replace
mode" (bsc#1012628).
- commit f68b7e1
- rpm/check-for-config-changes: remove stale comment
It is stale since 8ab393bf905a committed in 2005 :).
- commit c9f9f5a
++++ openssl-3:
- Update to 3.0.0 Alpha 13
* A public key check is now performed during EVP_PKEY_derive_set_peer().
Previously DH was internally doing this during EVP_PKEY_derive().
To disable this check use EVP_PKEY_derive_set_peer_ex(dh, peer, 0). This
may mean that an error can occur in EVP_PKEY_derive_set_peer() rather than
during EVP_PKEY_derive().
* The EVP_PKEY_CTRL_PKCS7_ENCRYPT, EVP_PKEY_CTRL_PKCS7_DECRYPT,
EVP_PKEY_CTRL_PKCS7_SIGN, EVP_PKEY_CTRL_CMS_ENCRYPT,
EVP_PKEY_CTRL_CMS_DECRYPT, and EVP_PKEY_CTRL_CMS_SIGN control operations
are deprecated. They are not invoked by the OpenSSL library anymore and
are replaced by direct checks of the key operation against the key type
when the operation is initialized.
* The EVP_PKEY_public_check() and EVP_PKEY_param_check() functions now work for
more key types including RSA, DSA, ED25519, X25519, ED448 and X448.
Previously (in 1.1.1) they would return -2. For key types that do not have
parameters then EVP_PKEY_param_check() will always return 1.
* The output from numerous "printing" functions such as X509_signature_print(),
X509_print_ex(), X509_CRL_print_ex(), and other similar functions has been
amended such that there may be cosmetic differences between the output
observed in 1.1.1 and 3.0. This also applies to the "-text" output from the
x509 and crl applications.
* Improved adherence to Enhanced Security Services (ESS, RFC 2634 and RFC 5035)
for the TSP and CMS Advanced Electronic Signatures (CAdES) implementations.
As required by RFC 5035 check both ESSCertID and ESSCertIDv2 if both present.
Correct the semantics of checking the validation chain in case ESSCertID{,v2}
contains more than one certificate identifier: This means that all
certificates referenced there MUST be part of the validation chain.
* Parallel dual-prime 1024-bit modular exponentiation for AVX512_IFMA
capable processors.
* Added the AuthEnvelopedData content type structure (RFC 5083) with AES-GCM
parameter (RFC 5084) for the Cryptographic Message Syntax (CMS). Its purpose
is to support encryption and decryption of a digital envelope that is both
authenticated and encrypted using AES GCM mode.
++++ pcre2:
- Remove regcomp, regexec etc. from libpcre2-posix.
(Add pcre2-symbol-clash.patch)
++++ libxkbcommon:
- Update to release 1.2.1 [boo#1184688]
* Fix `xkb_x11_keymap_new_from_device()` failing when the
keymap contains key types with missing level names, like the
one used by the `numpad:mac` option in xkeyboard-config.
(Regressed in 1.2.0.)
------------------------------------------------------------------
------------------ 2021-4-13 - Apr 13 2021 -------------------
------------------------------------------------------------------
++++ ansible:
- update to version 2.9.20
maintenance release containing numerous bugfixes
++++ librsvg:
- Update to version 2.50.4:
+ Update dependent crates that had security vulnerabilities:
- generic-array to 0.13.3 - RUSTSEC-2020-0146
+ Reduced stack usage
+ Add limit for too-large radiuses on the feMorphology filter
+ Properly ignore elements in an error state inside
the "switch" element
++++ glibc:
- Enable support for static PIE (bsc#1184646)
- select-modify-timeout.patch: linux: always update select timeout
(bsc#1184339, BZ #27706)
++++ gzip:
- fix DFLTCC segfault [bsc#1177047]
- added patches
fix https://git.savannah.gnu.org/cgit/gzip.git/commit/?id=be0a534ba2b6e77da289de8da79e70843b1028cc
+ gzip-1.10-fix-DFLTCC-segfault.patch
++++ kernel-default:
- rpm/mkspec: Use tilde instead of dot for version string with rc (bsc#1184650)
- commit f37613f
++++ libxcrypt:
- Update to 4.4.19
* Improve fallback implementation of explicit_bzero.
* Add glibc-on-CSKY, ARC, and RISCV-32 entries to libcrypt.minver.
These were added in GNU libc 2.29, 2.32, and 2.33 respectively
* Do not build xcrypt.h if we’re not going to install it.
* Do not apply --enable-obsolete-api-enosys mode to fcrypt.
* Compilation fix for NetBSD. NetBSD’s <unistd.h> declares encrypt
and setkey to return int, contrary to POSIX (which says they return
void). Rename those declarations out of the way with macros.
* Compilation fixes for building with GCC 11.
Basically fixes for explicit type-casting.
* Force update of existing symlinks during installation
++++ libeconf:
- Update to version 0.4.0+git20210413.fdb8025:
* Installing man pages via meson. (#147)
++++ expat:
- Do not BuildRequire cmake: expat is part of the distro bootstrap
cycle and any additional dependency makes the ring larger. In
this case here, cmake was even only used to own a directory.
++++ harfbuzz:
- Update to version 2.8.0:
+ Shape joining scripts other than Arabic/Syriac using the
Universal Shaping Engine. Previously these were shaped using
the generalized Arabic shaper.
+ Fix regression in shaping of U+0B55 ORIYA SIGN OVERLINE.
+ Update language tags.
+ Variations: reduce error: do not round each interpolated delta.
+ Documentation improvements.
+ Subsetter improvements: subsets most, if not all, lookup types
now.
+ Fuzzer-found fixes and other improvements when memory failures
happen.
+ Removed most atomic implementations now that we have C++11
atomic impl.
+ General codebase upkeep; using more C++11 features: constexpr
constructors, etc.
++++ ceph:
- _constraints: raise s390x disk constraint to 42G after seeing a build fail
with "write error: No space left on device"
++++ salt:
- Regression fix of salt-ssh on processing some targets
- Added:
* regression-fix-of-salt-ssh-on-processing-targets-353.patch
- Add support for Alibaba Cloud Linux 2 (Aliyun Linux)
- Added:
* add-alibaba-cloud-linux-2-by-backporting-upstream-s-.patch
++++ qemu:
- Include upstream patches designated as stable material and
reviewed for applicability to include here. NOTE that the
PIIX4 patch has migration implications: the change will also be
applied to the SLE-15-SP2 qemu, and a live migration from that
version to this SLE-15-SP3 qemu would require this patch to be
applied for a successful migration if PIIX4 southbridge is used
in the machine emulation (x86 i440fx)
block-rbd-fix-memory-leak-in-qemu_rbd_co.patch
block-rbd-Fix-memory-leak-in-qemu_rbd_co.patch
cpu-core-Fix-help-of-CPU-core-device-typ.patch
hw-arm-virt-acpi-build-Fix-GSIV-values-o.patch
hw-block-fdc-Fix-fallback-property-on-sy.patch
hw-isa-Kconfig-Add-missing-dependency-VI.patch
hw-isa-piix4-Migrate-Reset-Control-Regis.patch
hw-virtio-pci-Added-AER-capability.patch
hw-virtio-pci-Added-counter-for-pcie-cap.patch
s390x-css-report-errors-from-ccw_dstream.patch
target-xtensa-fix-meson.build-rule-for-x.patch
util-fix-use-after-free-in-module_load_o.patch
virtio-pci-compat-page-aligned-ATS.patch
++++ rpcbind:
- Specify the appropriate set of local nss modules (boo#1177461)
++++ suse-module-tools:
- Update to version 15.4.0:
* Enable f2fs (bsc#1184415)
------------------------------------------------------------------
------------------ 2021-4-12 - Apr 12 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514)
The devel package requires the kernel binary package itself for building
modules externally.
- commit 794be7b
++++ libeconf:
- Update to version 0.4.0+git20210412.1513a26:
* Added econftool cat option (#146)
* new API call: econf_readDirsHistory (showing ALL locations)
* new API call: econf_getPath (absolute path of the configuration file)
++++ fuse3:
- Update to release 3.10.3
* Fix returning d_ino and d_type from readdir(3) in non-plus mode
++++ osinfo-db:
- Add support for SUSE Linux Enterprise Micro. See also patch
in virt-manager to enable media detection.
add-slem-support.patch
++++ virt-manager:
- Add support for detecting SUSE Linux Enterprise Micro. See also
the osinfo-db package for the SLEM OS description file.
virtinst-add-slem-detection-support.patch
------------------------------------------------------------------
------------------ 2021-4-11 - Apr 11 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Update to 5.12-rc7
- commit bd61ada
- drm/msm: a6xx: fix version check for the A650 SQE microcode
(git-fixes).
- commit b15020c
- Linux 5.11.13 (bsc#1012628).
- init/Kconfig: make COMPILE_TEST depend on HAS_IOMEM
(bsc#1012628).
- Update config files.
- bpf, x86: Validate computation of branch displacements for
x86-32 (bsc#1012628).
- bpf, x86: Validate computation of branch displacements for
x86-64 (bsc#1012628).
- tools/resolve_btfids: Add /libbpf to .gitignore (bsc#1012628).
- kbuild: Do not clean resolve_btfids if the output does not exist
(bsc#1012628).
- kbuild: Add resolve_btfids clean to root clean target
(bsc#1012628).
- tools/resolve_btfids: Set srctree variable unconditionally
(bsc#1012628).
- tools/resolve_btfids: Check objects before removing
(bsc#1012628).
- tools/resolve_btfids: Build libbpf and libsubcmd in separate
directories (bsc#1012628).
- math: Export mul_u64_u64_div_u64 (bsc#1012628).
- io_uring: fix timeout cancel return code (bsc#1012628).
- cifs: Silently ignore unknown oplock break handle (bsc#1012628).
- cifs: revalidate mapping when we open files for SMB1 POSIX
(bsc#1012628).
- ia64: fix format strings for err_inject (bsc#1012628).
- ia64: mca: allocate early mca with GFP_ATOMIC (bsc#1012628).
- selftests/vm: fix out-of-tree build (bsc#1012628).
- arm64: kernel: disable CNP on Carmel (bsc#1012628).
- Update config files.
- scsi: target: pscsi: Clean up after failure in pscsi_map_sg()
(bsc#1012628).
- ptp_qoriq: fix overflow in ptp_qoriq_adjfine() u64 calcalation
(bsc#1012628).
- platform/x86: intel_pmc_core: Ignore GBE LTR on Tiger Lake
platforms (bsc#1012628).
- platform/x86: intel_pmt_class: Initial resource to 0
(bsc#1012628).
- block: clear GD_NEED_PART_SCAN later in bdev_disk_changed
(bsc#1012628).
- x86/build: Turn off -fcf-protection for realmode targets
(bsc#1012628).
- drm/msm/disp/dpu1: icc path needs to be set before dpu runtime
resume (bsc#1012628).
- kselftest/arm64: sve: Do not use non-canonical FFR register
value (bsc#1012628).
- platform/x86: thinkpad_acpi: Allow the FnLock LED to change
state (bsc#1012628).
- net: ipa: fix init header command validation (bsc#1012628).
- netfilter: nftables: skip hook overlap logic if flowtable is
stale (bsc#1012628).
- netfilter: conntrack: Fix gre tunneling over ipv6 (bsc#1012628).
- drm/msm: Ratelimit invalid-fence message (bsc#1012628).
- drm/msm/adreno: a5xx_power: Don't apply A540 lm_setup to other
GPUs (bsc#1012628).
- drm/msm/dsi_pll_7nm: Fix variable usage for pll_lockdet_rate
(bsc#1012628).
- mac80211: choose first enabled channel for monitor
(bsc#1012628).
- mac80211: Check crypto_aead_encrypt for errors (bsc#1012628).
- can: kvaser_usb: Add support for USBcan Pro 4xHS (bsc#1012628).
- net: arcnet: com20020 fix error handling (bsc#1012628).
- mISDN: fix crash in fritzpci (bsc#1012628).
- kunit: tool: Fix a python tuple typing error (bsc#1012628).
- net: pxa168_eth: Fix a potential data race in pxa168_eth_remove
(bsc#1012628).
- net/mlx5e: Enforce minimum value check for ICOSQ size
(bsc#1012628).
- bpf, x86: Use kvmalloc_array instead kmalloc_array in
bpf_jit_comp (bsc#1012628).
- platform/x86: intel-hid: Support Lenovo ThinkPad X1 Tablet Gen 2
(bsc#1012628).
- drm/msm: a6xx: Make sure the SQE microcode is safe
(bsc#1012628).
- bus: ti-sysc: Fix warning on unbind if reset is not deasserted
(bsc#1012628).
- ARM: dts: am33xx: add aliases for mmc interfaces (bsc#1012628).
- commit 0ea11a6
------------------------------------------------------------------
------------------ 2021-4-10 - Apr 10 2021 -------------------
------------------------------------------------------------------
++++ gmp:
- do not break SLE 12 build when applying spec-cleaner
------------------------------------------------------------------
------------------ 2021-4-9 - Apr 9 2021 -------------------
------------------------------------------------------------------
++++ NetworkManager:
- Add nm-dhcp-use-valid-lease-on-timeout.patch: Support valid lease
file on dhcp timeout(glfd#NetworkManager/NetworkManager!811,
bsc#1183202).
- Drop nm-fix-dhcp-client-timeout.patch: Replace by the patch
immediately above.
- Add nm-fix-dhcp-client-timeout.patch: Better handle dhclient's
timeout so that a recorded lease can be used when dhcp server
is down(glfo#NetworkManager/NetworkManager!811, bsc#1183202).
- Modified NetworkManager.conf: Use dhclient as the default dhcp
client(glfo#NetworkManager/NetworkManager!811, bsc#1183202).
++++ bcm43xx-firmware:
- Introduce firmware file for Raspberry Pi 400's bluetooth.
++++ kernel-default:
- Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731).
- commit f037781
- rpm/check-for-config-changes: Also ignore AS_VERSION added in 5.12.
- commit bd64cb2
- post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388).
- commit 18f65df
- Update
patches.kernel.org/5.11.9-100-perf-x86-intel-Fix-a-crash-caused-by-zero-PEBS.patch
(bsc#1012628 CVE-2021-28971 bsc#1184196).
Add a CVE reference.
- commit 1b6b086
++++ rpm:
- change dump_posttrans mechanism to imply --noposttrans so that
libzypp can be compatible with older rpm versions
changed patch: posttrans.diff
++++ snapper:
- improved error handling (see gh#openSUSE/snapper#626)
- version 0.9.0
++++ osinfo-db:
- Update to database version 20210312
osinfo-db-20210312.tar.xz
++++ podman:
- Update to version 3.1.0: (bsc#1181961, CVE-2021-20206)
* Bump to v3.1.0
* Fix test failure
* Update release notes for v3.1.0 final release
* [NO TESTS NEEDED] Turn on podman-remote build --isolation
* Fix long option format on docs.podman.io
* Fix containers list/prune http api filter behaviour
* [CI:DOCS] Add note to mappings for user/group userns in build
* Validate passed in timezone from tz option
* Generate Kubernetes PersistentVolumeClaims from named volumes
* libpod/image: unit tests: use a `registries.conf` for aliases
- Require systemd 241 or newer due to podman dependency go-systemd v22,
otherwise build will fail with unknown C name errors
++++ salt:
- Update target fix for salt-ssh to process targets list (bsc#1179831)
- Added:
* update-target-fix-for-salt-ssh-to-process-targets-li.patch
- Add notify beacon for Debian/Ubuntu systems
- Add core grains support for AlmaLinux and Alibaba Could Linux
- Added:
* add-almalinux-and-alibaba-cloud-linux-to-the-os-fami.patch
* notify-beacon-for-debian-ubuntu-systems-347.patch
++++ raspberrypi-firmware:
- Use smbios overlay to get minimal SMBIOS information through dmidecode (bsc#1183079)
++++ raspberrypi-firmware-config:
- Use smbios overlay to get minimal SMBIOS information through dmidecode (bsc#1183079)
++++ raspberrypi-firmware-config-camera:
- Use smbios overlay to get minimal SMBIOS information through dmidecode (bsc#1183079)
++++ raspberrypi-firmware-dt:
- Add overlay for smbios information (bsc#1183079)
* smbios-overlay.dts
++++ u-boot-rpiarm64:
Fix SMBIOS table entries (bsc#1183079)
Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.04
* Patches added:
0013-configs-rpi-Enable-SMBIOS-sysinfo-d.patch
------------------------------------------------------------------
------------------ 2021-4-8 - Apr 8 2021 -------------------
------------------------------------------------------------------
++++ grub2:
- Fix error grub_file_filters not found in Azure virtual machine (bsc#1182012)
* 0001-Workaround-volatile-efi-boot-variable.patch
++++ kdump:
- kdump-Add-bootdev-to-dracut-command-line.patch: Add 'bootdev=' to
dracut command line (bsc#1182309).
++++ libeconf:
- Update to version 0.4.0+git20210408.6d33e5e:
* Man pages libeconf.3 and econftool.8.
* Handling multiline strings.
* Added libeconf_ext which returns more information like
line_nr, comments, path of the configuration file,...
* Econftool, an command line interface for handling configuration
files.
* Generating HTML API documentation with doxygen.
* Improving error handling and semantic file check.
* Joining entries with the same key to one single entry if
env variable ECONF_JOIN_SAME_ENTRIES has been set.
++++ ceph:
- Update to 16.2.0-91-g24bd0c4acf:
+ rebase on top of upstream pacific SHA1 4cbaf866034715d053e6259dcd5bd8e4e1d1e1ed
++++ snapper:
- move org.opensuse.Snapper.conf from /etc to /usr (bsc#1183398 and
gh#openSUSE/snapper#492)
- run boot.service iff root config exists (gh#openSUSE/snapper#630)
++++ makedumpfile:
- Fix guessing of va_bits (bsc#1183977)
* makedumpfile-1-3-Use-vmcoreinfo-note-in-proc-kcore-for-mem-.patch
* makedumpfile-2-3-arm64-Make-use-of-NUMBER-VA_BITS-in-vmcore.patch
* makedumpfile-3-3-arm64-support-flipped-VA-and-52-bit-kernel.patch
++++ shim:
- Add shim-bsc1184454-allocate-mok-config-table-BS.patch to avoid
the error message during linux system boot (bsc#1184454)
------------------------------------------------------------------
------------------ 2021-4-7 - Apr 7 2021 -------------------
------------------------------------------------------------------
++++ dbus-1:
- avoid listing cmake directory - owned by cmake package
++++ gpg2:
- Remove the "files-are-digests" option from the openSUSE package.
This feature was not upstream and only used in the OBS signing
daemon. The recommended upstream feature for separating the data
to be signed from the private keys is gpg agent forwarding,
available from 2.1. Drop gnupg-2.2.8-files-are-digests.patch
++++ kernel-default:
- Linux 5.11.12 (bsc#1012628).
- arm64: mm: correct the inside linear map range during hotplug
check (bsc#1012628).
- virtiofs: Fail dax mount if device does not support it
(bsc#1012628).
- ext4: shrink race window in ext4_should_retry_alloc()
(bsc#1012628).
- ext4: fix bh ref count on error paths (bsc#1012628).
- fs: nfsd: fix kconfig dependency warning for NFSD_V4
(bsc#1012628).
- rpc: fix NULL dereference on kmalloc failure (bsc#1012628).
- iomap: Fix negative assignment to unsigned sis->pages in
iomap_swapfile_activate (bsc#1012628).
- ASoC: rt1015: fix i2c communication error (bsc#1012628).
- ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by
a factor of 10 (bsc#1012628).
- ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by
a factor of 10 (bsc#1012628).
- ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default
value on probe (bsc#1012628).
- ASoC: es8316: Simplify adc_pga_gain_tlv table (bsc#1012628).
- ASoC: soc-core: Prevent warning if no DMI table is present
(bsc#1012628).
- ASoC: cs42l42: Fix Bitclock polarity inversion (bsc#1012628).
- ASoC: cs42l42: Fix channel width support (bsc#1012628).
- ASoC: cs42l42: Fix mixer volume control (bsc#1012628).
- ASoC: cs42l42: Always wait at least 3ms after reset
(bsc#1012628).
- NFSD: fix error handling in NFSv4.0 callbacks (bsc#1012628).
- ASoC: mediatek: mt8192: fix tdm out data is valid on rising edge
(bsc#1012628).
- kernel: freezer should treat PF_IO_WORKER like PF_KTHREAD for
freezing (bsc#1012628).
- vhost: Fix vhost_vq_reset() (bsc#1012628).
- io_uring: fix ->flags races by linked timeouts (bsc#1012628).
- io_uring: halt SQO submission on ctx exit (bsc#1012628).
- scsi: st: Fix a use after free in st_open() (bsc#1012628).
- scsi: qla2xxx: Fix broken #endif placement (bsc#1012628).
- staging: comedi: cb_pcidas: fix request_irq() warn
(bsc#1012628).
- staging: comedi: cb_pcidas64: fix request_irq() warn
(bsc#1012628).
- ASoC: rt5659: Update MCLK rate in set_sysclk() (bsc#1012628).
- ASoC: rt711: add snd_soc_component remove callback
(bsc#1012628).
- thermal/core: Add NULL pointer check before using cooling
device stats (bsc#1012628).
- locking/ww_mutex: Simplify use_ww_ctx & ww_ctx handling
(bsc#1012628).
- locking/ww_mutex: Fix acquire/release imbalance in
ww_acquire_init()/ww_acquire_fini() (bsc#1012628).
- nvmet-tcp: fix kmap leak when data digest in use (bsc#1012628).
- io_uring: imply MSG_NOSIGNAL for send[msg]()/recv[msg]() calls
(bsc#1012628).
- Revert "PM: ACPI: reboot: Use S5 for reboot" (bsc#1012628).
- nouveau: Skip unvailable ttm page entries (bsc#1012628).
- static_call: Align static_call_is_init() patching condition
(bsc#1012628).
- ext4: do not iput inode under running transaction in
ext4_rename() (bsc#1012628).
- io_uring: call req_set_fail_links() on short
send[msg]()/recv[msg]() with MSG_WAITALL (bsc#1012628).
- net: mvpp2: fix interrupt mask/unmask skip condition
(bsc#1012628).
- mptcp: deliver ssk errors to msk (bsc#1012628).
- mptcp: fix poll after shutdown (bsc#1012628).
- mptcp: init mptcp request socket earlier (bsc#1012628).
- mptcp: add a missing retransmission timer scheduling
(bsc#1012628).
- flow_dissector: fix TTL and TOS dissection on IPv4 fragments
(bsc#1012628).
- mptcp: fix DATA_FIN processing for orphaned sockets
(bsc#1012628).
- mptcp: provide subflow aware release function (bsc#1012628).
- can: dev: move driver related infrastructure into separate
subdir (bsc#1012628).
- net: introduce CAN specific pointer in the struct net_device
(bsc#1012628).
- mptcp: fix race in release_cb (bsc#1012628).
- net: bonding: fix error return code of bond_neigh_init()
(bsc#1012628).
- mptcp: fix bit MPTCP_PUSH_PENDING tests (bsc#1012628).
- can: tcan4x5x: fix max register value (bsc#1012628).
- brcmfmac: clear EAP/association status bits on linkdown events
(bsc#1012628).
- ath11k: add ieee80211_unregister_hw to avoid kernel crash
caused by NULL pointer (bsc#1012628).
- rtw88: coex: 8821c: correct antenna switch function
(bsc#1012628).
- netdevsim: dev: Initialize FIB module after debugfs
(bsc#1012628).
- iwlwifi: pcie: don't disable interrupts for reg_lock
(bsc#1012628).
- ath10k: hold RCU lock when calling
ieee80211_find_sta_by_ifaddr() (bsc#1012628).
- net: ethernet: aquantia: Handle error cleanup of start on open
(bsc#1012628).
- appletalk: Fix skb allocation size in loopback case
(bsc#1012628).
- net: ipa: remove two unused register definitions (bsc#1012628).
- net: ipa: use a separate pointer for adjusted GSI memory
(bsc#1012628).
- net: ipa: fix register write command validation (bsc#1012628).
- net: wan/lmc: unregister device when no matching device is found
(bsc#1012628).
- net: 9p: advance iov on empty read (bsc#1012628).
- bpf: Remove MTU check in __bpf_skb_max_len (bsc#1012628).
- ACPI: tables: x86: Reserve memory occupied by ACPI tables
(bsc#1012628).
- ACPI: processor: Fix CPU0 wakeup in acpi_idle_play_dead()
(bsc#1012628).
- ACPI: scan: Fix _STA getting called on devices with unmet
dependencies (bsc#1012628).
- ALSA: usb-audio: Apply sample rate quirk to Logitech Connect
(bsc#1012628).
- ALSA: hda: Re-add dropped snd_poewr_change_state() calls
(bsc#1012628).
- ALSA: hda: Add missing sanity checks in PM prepare/complete
callbacks (bsc#1012628).
- ALSA: hda/realtek: fix a determine_headset_type issue for a
Dell AIO (bsc#1012628).
- ALSA: hda/realtek: call alc_update_headset_mode() in
hp_automute_hook (bsc#1012628).
- ALSA: hda/realtek: fix mute/micmute LEDs for HP 640 G8
(bsc#1012628).
- xtensa: fix uaccess-related livelock in do_page_fault
(bsc#1012628).
- xtensa: move coprocessor_flush to the .text section
(bsc#1012628).
- KVM: SVM: load control fields from VMCB12 before checking them
(bsc#1012628).
- KVM: SVM: ensure that EFER.SVME is set when running nested
guest or on nested vmexit (bsc#1012628).
- PM: runtime: Fix race getting/putting suppliers at probe
(bsc#1012628).
- PM: runtime: Fix ordering in pm_runtime_get_suppliers()
(bsc#1012628).
- tracing: Fix stack trace event size (bsc#1012628).
- s390/vdso: copy tod_steering_delta value to vdso_data page
(bsc#1012628).
- s390/vdso: fix tod_steering_delta type (bsc#1012628).
- drm/ttm: make ttm_bo_unpin more defensive (bsc#1012628).
- mm: fix race by making init_zero_pfn() early_initcall
(bsc#1012628).
- drm/amdkfd: dqm fence memory corruption (bsc#1012628).
- drm/amd/pm: no need to force MCLK to highest when no display
connected (bsc#1012628).
- drm/amdgpu/vangogh: don't check for dpm in is_dpm_running when
in suspend (bsc#1012628).
- drm/amdgpu: fix offset calculation in
amdgpu_vm_bo_clear_mappings() (bsc#1012628).
- drm/amdgpu: Set a suitable dev_info.gart_page_size
(bsc#1012628).
- drm/amdgpu: check alignment on CPU page for bo map
(bsc#1012628).
- reiserfs: update reiserfs_xattrs_initialized() condition
(bsc#1012628).
- drm/imx: fix memory leak when fails to init (bsc#1012628).
- drm/tegra: dc: Restore coupling of display controllers
(bsc#1012628).
- drm/tegra: sor: Grab runtime PM reference across reset
(bsc#1012628).
- vfio/nvlink: Add missing SPAPR_TCE_IOMMU depends (bsc#1012628).
- pinctrl: microchip-sgpio: Fix wrong register offset for IRQ
trigger (bsc#1012628).
- pinctrl: rockchip: fix restore error in resume (bsc#1012628).
- pinctrl: qcom: sc7280: Fix SDC_QDSD_PINGROUP and UFS_RESET
offsets (bsc#1012628).
- pinctrl: qcom: sc7280: Fix SDC1_RCLK configurations
(bsc#1012628).
- pinctrl: qcom: lpass lpi: use default pullup/strength values
(bsc#1012628).
- pinctrl: qcom: fix unintentional string concatenation
(bsc#1012628).
- extcon: Add stubs for extcon_register_notifier_all() functions
(bsc#1012628).
- extcon: Fix error handling in extcon_dev_register (bsc#1012628).
- firmware: stratix10-svc: reset COMMAND_RECONFIG_FLAG_PARTIAL
to 0 (bsc#1012628).
- powerpc/pseries/mobility: use struct for shared state
(bsc#1012628).
- powerpc/pseries/mobility: handle premature return from H_JOIN
(bsc#1012628).
- usb: dwc3: pci: Enable dis_uX_susphy_quirk for Intel Merrifield
(bsc#1012628).
- video: hyperv_fb: Fix a double free in hvfb_probe (bsc#1012628).
- powerpc/mm/book3s64: Use the correct storage key value when
calling H_PROTECT (bsc#1012628).
- usbip: vhci_hcd fix shift out-of-bounds in vhci_hub_control()
(bsc#1012628).
- USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem
(bsc#1012628).
- usb: musb: Fix suspend with devices connected for a64
(bsc#1012628).
- usb: xhci-mtk: fix broken streams issue on 0.96 xHCI
(bsc#1012628).
- cdc-acm: fix BREAK rx code path adding necessary calls
(bsc#1012628).
- USB: cdc-acm: untangle a circular dependency between callback
and softint (bsc#1012628).
- USB: cdc-acm: downgrade message to debug (bsc#1012628).
- USB: cdc-acm: fix double free on probe failure (bsc#1012628).
- USB: cdc-acm: fix use-after-free after probe failure
(bsc#1012628).
- usb: gadget: udc: amd5536udc_pci fix null-ptr-dereference
(bsc#1012628).
- usb: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board
(bsc#1012628).
- usb: dwc2: Prevent core suspend when port connection flag is 0
(bsc#1012628).
- usb: dwc3: qcom: skip interconnect init for ACPI probe
(bsc#1012628).
- usb: dwc3: gadget: Clear DEP flags after stop transfers in ep
disable (bsc#1012628).
- soc: qcom-geni-se: Cleanup the code to remove proxy votes
(bsc#1012628).
- staging: rtl8192e: Fix incorrect source in memcpy()
(bsc#1012628).
- staging: rtl8192e: Change state information from u16 to u8
(bsc#1012628).
- driver core: clear deferred probe reason on probe retry
(bsc#1012628).
- drivers: video: fbcon: fix NULL dereference in fbcon_cursor()
(bsc#1012628).
- riscv: evaluate put_user() arg before enabling user access
(bsc#1012628).
- io_uring: do ctx sqd ejection in a clear context (bsc#1012628).
- Revert "kernel: freezer should treat PF_IO_WORKER like
PF_KTHREAD for freezing" (bsc#1012628).
- Revert "net: bonding: fix error return code of
bond_neigh_init()" (bsc#1012628).
- commit 92a542e
- config.conf: reenable armv6/armv7 configs
(all modules, otherwise same settings like arm64)
- commit d115d63
- arm64: add debug config with KASAN enabled (bsc#1183716)
- commit b68cba9
++++ krb5:
- do not own %sbindir, it comes from filesystem package
++++ libdrm:
- update to 2.4.105:
* amdgpu: add function of INFO ioctl for querying video caps
* amdgpu: sync up amdgpu_drm.h with latest from kernel
* xf86drmMode: set FB_MODIFIERS flag when modifiers are supplied
* xf86drmMode: introduce drmModeGetPropertyType
* intel: Keep libdrm working without pread/pwrite ioctls
* xf86drm: fix null pointer deref in drmGetBufInfo
* intel: Add support for JSL
* xf86drm: warn about GEM handle reference counting
* xf86drmMode: add drmIsKMS
* intel: add INTEL_ADLS_IDS to the pciids list
* intel: sync i915_pciids.h with kernel
* amdgpu: update marketing names
* tests and build system fixes
++++ libksba:
- libksba 1.5.1:
* Support Brainpool curves specified by ECDomainParameters
++++ pkgconf:
- do not own directories provided by filesystem
- small cleanups inspired by spec-cleaner
++++ snapper:
- avoid redundant quota rescans for same btrfs (see
gh#openSUSE/snapper#507)
- allow absolute sizes for SPACE_LIMIT and FREE_LIMIT
(gh#openSUSE/snapper#507)
++++ libsolv:
- fix rare segfault in resolve_jobrules() that could happen
if new rules are learnt
- fix a couple of memory leaks in error cases
- fix error handling in solv_xfopen_fd()
- bump version to 0.7.19
++++ systemd:
- systemd.spec: clean some of the build deps up:
- libpcre is redundant with libpcre2 (only required by the full
build) and the mini variant needs none of them. Hence drop the ref
to libpcre.
- normally libidn2 is needed by some optional features in
systemd-network (only). But it's implicitly pulled in by libgnutls
(required by the main package). Let's make sure the related
features won't be disabled inadvertently in the future by making
the dep explicit.
++++ makedumpfile:
- Support kernel 5.11:
* makedumpfile-use-uts_namespace.name-offset-VMCOREINFO.patch:
make use of 'uts_namespace.name' offset in VMCOREINFO.
++++ pam:
- If "LOCAL" is configured in access.conf, and a login attempt from
a remote host is made, pam_access tries to resolve "LOCAL" as
a hostname and logs a failure.
Checking explicitly for "LOCAL" and rejecting access in this case
resolves this issue.
[bsc#1184358, bsc1184358-prevent-LOCAL-from-being-resolved.patch]
++++ shim:
- Add remove_build_id.patch to prevent the build id being added to
the binary. That can cause issues with the signature
++++ systemd-presets-common-SUSE:
- Enable hcn-init.service for HNV on POWER (bsc#1184136 ltc#192155).
------------------------------------------------------------------
------------------ 2021-4-6 - Apr 6 2021 -------------------
------------------------------------------------------------------
++++ Mesa:
- Enable radeon and nouveau drivers on riscv64
++++ Mesa-drivers:
- Enable radeon and nouveau drivers on riscv64
++++ cups:
- Disable testsuite for now via "bcond_with testsuite"
until https://github.com/OpenPrinting/cups/issues/155 is fixed
++++ file:
- Add upstream commits as patches
* file-5.40-1c677c04.patch
Don't count each byte encounter as 1, count the total number
of bytes found (Anatol Belski). This makes it behave like 5.39
* file-5.40-6b34436a.patch
remove "u" from the pattern (Joerg Jenderek)
* file-5.40-9e2becec.patch
Encoding bug fix
- Fix offsets of patches
* file-5.17-option.dif
* file-5.19-biorad.dif
* file-5.19-printf.dif
* file-5.19-zip2.0.dif
* file-5.22-elf.dif
* file-5.23-endian.patch
* file-5.28-btrfs-image.dif
* file-5.38-allow-readlinkat.dif
* file-secure_getenv.patch
++++ hwdata:
- Update to version 0.346:
+ Updated pci, usb and vendor ids.
+ Resolves boo#1182482 jsc#SLE-13791 bnc#1170160
++++ kernel-default:
- firewire: nosy: Fix a use-after-free bug in nosy_ioctl()
(CVE-2021-3483 bsc#1184393).
- commit c90d8a9
- drm/i915: Fix invalid access to ACPI _DSM objects (bsc#1184074).
- commit 6dbaa20
- arm64: enable and update config for 5.12
- commit 0a5586c
++++ expat:
- update to 2.3.0:
* When calling XML_ParseBuffer without a prior successful call to
XML_GetBuffer as a user, no longer trigger undefined behavior
(by adding an integer to a NULL pointer) but rather return
XML_STATUS_ERROR and set the error code to (new) code
XML_ERROR_NO_BUFFER. Found by UBSan (UndefinedBehaviorSanitizer)
of Clang 11 (but not Clang 9).
* xmlwf: Exit status 2 was used for both:
- malformed input files (documented) and
- invalid command-line arguments (undocumented).
case of invalid command-line arguments now
has its own exit status 4, resolving the ambiguity.
* Other changes
++++ ncurses:
- Add ncurses patch 20210403
+ fix some cppcheck warnings, mostly style, in ncurses library and
progs directory.
+ improve description of BSD-style padding in curs_termcap.3x
+ improved CF_C11_NORETURN macro, from byacc changes.
+ fix "--enable-leak" in CF_DISABLE_LEAKS to allow turning
leak-checking off later in a set of options.
+ relax modification-time comparison in CF_LINK_FUNCS to allow it to
accept link() function with NFS filesystems which change the mtime
on the link target, e.g., several BSD systems.
+ call delay_output_sp to handle BSD-style padding when tputs_sp is
called, whether directly or internally, to ensure that the SCREEN
pointer is passed correctly (reports by Henric Jungheim, Juraj
Lutter).
- Correct offsets of patch ncurses-6.2.dif
++++ protobuf:
- update to 3.15.7:
C++
* Remove the ::pb namespace (alias) (#8423)
Ruby
* Fix unbounded memory growth for Ruby <2.7 (#8429)
* Fixed message equality in cases where the message type is different (#8434)
++++ rpm:
- auto-config-update-aarch64-ppc64le.diff: Use timestamp in file instead
of searching for arch name, which cannot handle all cases
++++ sqlite3:
- Fix build on SLE-12
- use https urls
++++ ovmf:
- Add ovmf-disable-brotli.patch to remove brotli since there is no
real user and it requires extra effort to maintain the brotli
submodule tarball
+ Drop ovmf-bsc1183713-fix-gcc10-brotli-errors.patch and
brotli-v1.0.7-17-g666c328-c.tar.xz
++++ u-boot-rpiarm64:
- Add u-boot-zturnv5 flavour instead of u-boot-zturn. (bsc#1184733)
I've failed to find anybody who has v4 zturn board.
- mx53loco now uses u-boot-dtb.imx instead of u-boot.imx
- Update to 2021.04 (bsc#1183116)
- Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.04
* Patches dropped:
0006-boo-1123170-Remove-ubifs-support-fr.patch
0007-boo-1144161-Remove-nand-mtd-spi-dfu.patch
0008-Kconfig-add-btrfs-to-distro-boot.patch
0009-configs-Re-sync-with-CONFIG_DISTRO_.patch
0010-configs-am335x_evm-disable-BTRFS.patch
0011-sunxi-dts-OrangePi-Zero-Add-SPI-ali.patch
0012-sunxi-dts-OrangePi-Zero-Enable-SPI-.patch
0013-sunxi-Enable-SPI-support-on-Orange-.patch
0014-Disable-CONFIG_CMD_BTRFS-in-xilinx_.patch
0015-rpi-Add-identifier-for-the-new-RPi4.patch
0016-rpi-Add-identifier-for-the-new-CM4.patch
0017-pci-pcie-brcmstb-Fix-inbound-window.patch
0018-dm-Introduce-xxx_get_dma_range.patch
0019-dm-test-Add-test-case-for-dev_get_d.patch
0020-dm-Introduce-DMA-constraints-into-t.patch
0021-dm-test-Add-test-case-for-dev-dma_o.patch
0022-dm-Introduce-dev_phys_to_bus-dev_bu.patch
0023-dm-test-Add-test-case-for-dev_phys_.patch
0024-xhci-translate-virtual-addresses-in.patch
0025-mmc-Introduce-mmc_phys_to_bus-mmc_b.patch
0026-configs-rpi4-Enable-DM_DMA-across-a.patch
0027-video-arm-rpi-Add-brcm-bcm2711-hdmi.patch
0028-usb-xhci-pci-Add-DM_FLAG_OS_PREPARE.patch
0029-pci-brcmstb-Cleanup-controller-stat.patch
0030-fs-btrfs-Select-SHA256-in-Kconfig.patch
0031-efi_loader-Avoid-emitting-efi_var_b.patch
0032-configs-BPI-R2-Disable-EFI-Grub-wor.patch
0033-configs-RPi2-Disable-EFI-Grub-worka.patch
0034-smbios-Fix-table-whit-no-string-is-.patch
* Patches added:
0006-Kconfig-add-btrfs-to-distro-boot.patch
0007-configs-Re-sync-with-CONFIG_DISTRO_.patch
0008-sunxi-dts-OrangePi-Zero-Add-SPI-ali.patch
0009-sunxi-dts-OrangePi-Zero-Enable-SPI-.patch
0010-sunxi-Enable-SPI-support-on-Orange-.patch
0011-Disable-CONFIG_CMD_BTRFS-in-xilinx_.patch
0012-smbios-Fix-table-when-no-string-is-.patch
++++ vim:
- Updated to version 8.2.2725, fixes the following problems
* strcharpart() cannot include composing characters.
* Character input not fully tested.
* Test disabled on MS-Windows even though it should work.
* Mouse click test fails when using remote connection.
* Conditions for startup tests are not exactly right.
* col('.') may get outdated column value.
* New test throws exception.
* Vim9: function is deleted while executing.
* Test is sourcing the wrong file.
* Vim9: if 'cpo' is changed in Vim9 script it may be restored.
* Vim9: script variable in a block scope not found by a nested function.
* Vim9: cannot use a normal list name to store function refs.
* Vim9: no test for return type of lambda.
* Vim9: Using #{ for a dictionary gives strange errors.
* typval2type() cannot handle recursive structures.
* GTK: error when starting up and -geometry is given. (Dominique Pellé)
* Some tests fail when run as root.
* Atom files not recognized.
* Rss files not recognized.
* GTK3: error when starting up and -geometry is given. (Dominique Pellé)
* No need to check for BSD after checking for not root.
* Vim9: #{ can still be used at the script level.
* Vim9: error for #{{ is not desired.
* Hard to see where a test gets stuck.
* Commands from winrestcmd() do not always work properly. (Leonid
V. Fedorenchik)
* Not all command line arguments are tested.
* Multi-byte 'fillchars' for folding do not show properly.
* 'tagfunc' does not indicate using a pattern.
* Vim9: cannot define an inline function.
* Memory leak when compiling inline function.
* prop_remove() causes a redraw even when nothing changed.
* Cannot write a message to the terminal from the GUI.
* Build failure when fsync() is not available.
* screenstring() returns non-existing composing characters.
* Display test fails because of lacking redraw.
* Vim9: no clear error for wrong inline function.
* Various code not covered by tests.
* prop_clear() causes a screen update even when nothing changed.
* Using inline function is not properly tested.
* Vim9: error for not using string doesn't mention argument.
* Terminal test sometimes hangs.
* Terminal resize test sometimes hangs.
* Vim9: some wincmd arguments cause a white space error.
* Vim9: command modifiers not handled in nested function.
* Vim9: restoring command modifiers happens after jump.
* Vim9: can use command modifier without an effect.
* Build failure.
* Vim9: getting a character from a string can be slow.
* The -w command line argument doesn't work.
* Some command line arguments and regexp errors not tested.
* Vim9: error message for declaring variable in for loop.
* :for cannot loop over a string.
* Eval test fails because for loop on string works.
* Vim9: no error for declaration with trailing text.
* Leaking memory when looping over a string.
* There is no way to avoid some escape sequences.
* Vim9: leaking memory when inline function has an error.
* Vim9: not enough function arguments checked for string.
* Test failures.
* Vim9: not enough function arguments checked for string.
* prop_find() cannot find item matching both id and type.
* Vim9: omitting "call" for "confirm()" does not give an error.
* Command line completion does not work after "vim9".
* Vim9: error for append(0, text).
* Error for line number in legacy script.
* Vim9: cannot use :lockvar and :unlockvar in compiled script.
* Vim9: script-local funcref can have lower case name.
* Directory change in a terminal window shell is not followed.
* Missing error message.
* Vim9: cannot use only some of the default arguments.
* Test for 'autoshelldir' does not reset the option.
* Winbar drawn over status line for non-current window with winbar if
frame is zero height. (Leonid V. Fedorenchik)
* Vim9: problem defining a script variable from legacy function.
* Vim9: test fails for redeclaring script variable.
* Vim9: cannot find Name.Func from "import * as Name". (Alexander Goussas)
* Build failure without the +eval feature.
* Not enough folding code is tested.
* Custom statusline not drawn correctly with WinBar.
* Status line is not updated when going to cmdline mode.
* Vim9: cannot use "const" for global variable in :def function.
* Vim9: crash when using s: for script variable.
* Tiny build fails.
* PowerShell files are not recognized.
* Autoconf may mess up compiler flags.
* Vim9: locked script variable can be changed.
* Vim9: locked script variable can be changed.
* When 'matchpairs' is empty every character beeps. (Marco Hinz)
* Cursor position reset with nested autocommands.
* Lua test fails with Lua 5.4.3 and later.
* Function list test fails.
* Lua test fails on MS-Windows.
* Lua test fails.
* Nested autocmd test fails sometimes.
* Order of removing FORTIFY_SOURCE is wrong.
* Compiler completion test fails when more scripts are added.
* Vim9: memory leak when failing on locked variable.
* Adding a lot of completions can be a bit slow.
* Vim9: misleading reported line number for wrong type.
* Vim9: wrong line number reported for boolean operator.
* Adding a lot of completions can still be a bit slow.
* Test sometimes fails waiting for shell in terminal.
* The GTK GUI has a gap next to the scrollbar.
* Vim9: not all tests cover script and :def function.
* "gj" in a closed fold does not move out of the fold. (Marco Hinz)
* Memory leak when adding to a blob fails.
* Folding code not sufficiently tested.
* Filetype pattern ending in star is too far up.
* Vim9: tests fail without the channel feature. (Dominique Pellé)
* The equivalent class regexp is missing some characters.
* GTK menu items don't show a tooltip.
* Vim9: no explicit test for using a global function without the g: prefix.
* Vim9: appending to dict item doesn't work in a :def function.
* GTK menu tooltip moves the cursor.
* Vim9: cannot have a linebreak inside a lambda.
* Vim9: crash when using LHS with double index.
* Assignment test fails.
* Vim9: concatenating to list in dict not tested.
* Vim9: message about compiling is wrong when using try/catch.
++++ wpa_supplicant:
- Add CVE-2021-30004.patch -- forging attacks may occur because
AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c
(bsc#1184348)
------------------------------------------------------------------
------------------ 2021-4-5 - Apr 5 2021 -------------------
------------------------------------------------------------------
++++ usbredir:
- Update to version 0.9.0
+ Changes noted in ChangeLog.md:
!2 Add usbredirect tool with feature parity with usbredirserver
!6 Add fuzzer for usbredirparser
!12 Add MSI installer for usbredirect tool
!11 Add meson build: autotool will be removed in a future release
!5 Limit packet's length to 65 kB
!4 Fix wrong up-cast when checking for package's length
Require LLVM's compiler-rt (optional: for fuzzer)
Require glib2 >= 2.44 (optional: for usbredirect)
Deprecate usbredirserver in favor of usbredirect
+ Require libusb-1.0 >= 1.22 due to libusb_set_option() usage
+ Require meson >= 0.48 due to dictionary usage
+ Change docs to be in markdown format
+ add usbredir TCP client
+ add meson build support (which we now use to build package)
- Package the new usbredir TCP client: 'usbredirect'
- Fix meson include directory paths
+ meson-Fix-include-directories-needed-to-build.patch
- Fix pkgconfig data used in meson build
+ meson-Fix-pkgconfig-required-library-name-reference.patch
------------------------------------------------------------------
------------------ 2021-4-4 - Apr 4 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Update to 5.12-rc6
- commit b5f88e6
++++ makedumpfile:
- Update upstream project location (URL and Source).
------------------------------------------------------------------
------------------ 2021-4-3 - Apr 3 2021 -------------------
------------------------------------------------------------------
++++ file:
- update to 5.40:
* Add limit to the number of bytes to scan for encoding
* Fix /T (trim flag) for regex
* Trim trailing separator.
* Convert system read errors from corrupt ELF
files into human readable error messages
* Exclude surrogate pairs from utf-8 detection
- drop upstreamed patches:
* file-5.16-ocloexec.patch
* file-5.39-alternate_format.dif
++++ sqlite3:
- SQLite 3.35.4:
* Fix a defect in the query planner optimization
* Fix a defect in the new RETURNING syntax
* Fix the new RETURNING feature so that it raises an error if one
of the terms in the RETURNING clause references a unknown
table, instead of silently ignoring that error
* Fix an assertion associated with aggregate function processing
that was incorrectly triggered by the push-down optimization
++++ libxkbcommon:
- Update to release 1.2.0
* `xkb_x11_keymap_new_from_device()` is much faster. It now
performs only 2 roundtrips to the X server, instead of dozens
(in first-time calls).
* Case-sensitive `xkb_keysym_from_name()` is much faster.
* Keysym names of the form `0x12AB` and `U12AB` are parsed more
strictly.
* Compose files now have a size limit (65535 internal nodes).
* Compose table loading (`xkb_compose_table_new_from_locale()`
and similar) is much faster.
------------------------------------------------------------------
------------------ 2021-4-2 - Apr 2 2021 -------------------
------------------------------------------------------------------
++++ multipath-tools:
- Disabled LTO for multipath-tools
* The test for is_valid_path fails if LTO is enabled, just
disabling it for %check is insufficient.
------------------------------------------------------------------
------------------ 2021-4-1 - Apr 1 2021 -------------------
------------------------------------------------------------------
++++ multipath-tools:
- Update to version 0.8.6+9+suse.6c05a61:
Update to upstream 0.8.6.
* add eh_deadline option to avoid endless SCSI error handling
* add wwid_recheck option to detect storage configuration changes
* add library versioning for libmultipath, libmpathpersist etc. and
to libmultipath plugins
* move some global symbols to libmultipath (udev, logsink, etc)
and provide default implementations for get_multipath_config() etc.
This allows simplifiying libmpathpersist_example.c drastically.
* fixes for shutdown issues and various race conditions on exit
* improve cleanup on exit, fix memory leaks
* add libmpathvalid library
* fixes for SAS expanders (bsc#1178377, bsc#1178379, bsc#1177081)
* Avoid access to root FS while queueing IO (bsc#1178049,
bsc#1181234)
* lots of bug fixes, additions to built-in hardware table, and
CI improvements (bsc#1186212)
* kpartx: free loop device after listing partitions (boo#1107187)
Bug fixes on top of 0.8.5 mentioned below are also included in
this upstream version.
- Update to version 0.8.5+30+suse.633836e:
* multipathd: give up "add missing path" after multiple failures
(bsc#1183963)
++++ ceph:
- Update to 16.2.0-31-g5922b2b9c1:
+ rebase on top of upstream v16.2.0 (first stable release in Pacific series)
see https://ceph.io/releases/v16-2-0-pacific-released/
++++ libvirt:
- spec: Remove use of %fdupes since it was only acting on files
that should be excluded
bsc#1184293
- Remove bogus comment from /etc/sysconfig/libvirtd
bsc#1184253
- Update to libvirt 7.2.0
- Many incremental improvements and bug fixes, see
https://libvirt.org/news.html
- Dropped patches:
ee3dc2c2-libxl-default-pcistub-name.patch,
6b8e9613-avoid-use-after-free.patch,
eab7ae6b-fix-array-access.patch,
c363f03e-virnetdaemon-intro-virNetDaemonQuitExecRestart.patch,
ccc6dd8f-fix-exec-restart.patch
++++ python-libvirt-python:
- Update to 7.2.0
- Add all new APIs and constants in libvirt 7.2.0
------------------------------------------------------------------
------------------ 2021-3-31 - Mar 31 2021 -------------------
------------------------------------------------------------------
++++ curl:
- Update to 7.76.0
* Security fixes:
- [bsc#1183933, CVE-2021-22876]: strip credentials from the
auto-referer header field
- [bsc#1183934, CVE-2021-22890]: add 'isproxy' argument to
Curl_ssl_get/addsessionid()
* Changes:
- cookies: Support multiple -b parameters
- curl: add --fail-with-body
- doh: add options to disable ssl verification
- http: add support to read and store the referrer header
- sasl: support SCRAM-SHA-1 and SCRAM-SHA-256 via libgsasl
- vtls: initial implementation of rustls backend
* Bugfixes:
- CVE-2021-22876: strip credentials from the auto-referer header field
- CVE-2021-22890: add 'isproxy' argument to Curl_ssl_get/addsessionid()
- c-hyper: support automatic content-encoding
- configure: only add OpenSSL paths if they are defined
- configure: provide Largefile feature for curl-config
- curl: set CURLOPT_NEW_FILE_PERMS if requested
- doh: Fix sharing user's resolve list with DOH handles
- doh: Inherit CURLOPT_STDERR from user's easy handle
- dynbuf: bump the max HTTP request to 1MB
- ftp: add 'list_only' to the transfer state struct
- ftp: add 'prefer_ascii' to the transfer state struct
- ftp: allow SIZE to fail when doing (resumed) upload
- ftp: avoid SIZE when asking for a TYPE A file
- ftp: fix memory leak in ftp_done
- ftp: never set data->set.ftp_append outside setopt
- gnutls: assume nettle crypto support
- http2: don't set KEEP_SEND when there's no more data to be sent
- http2: fail if connection terminated without END_STREAM
- http: do not add a referrer header with empty value
- http: strip default port from URL sent to proxy
- http: use credentials from transfer, not connection
- lib: remove 'conn->data' completely
- multi: close the connection when h2=>h1 downgrading
- multi: do once-per-transfer inits in before_perform in DID state
- multi: rename the multi transfer states
- multi: update pending list when removing handle
- ngtcp2: adapt to the new recv_datagram callback
- ngtcp2: clarify calculation precedence
- ngtcp2: sync with recent API updates
- openssl: adapt to v3's new const for a few API calls
- openssl: ensure to check SSL_CTX_set_alpn_protos return values
- openssl: remove get_ssl_version_txt in favor of SSL_get_version
- parse_proxy: fix a memory leak in the OOM path
- url: fix memory leak if OOM in the HSTS handling
- url: fix possible use-after-free in default protocol
- urldata: don't touch data->set.httpversion at run-time
- urldata: merge "struct DynamicStatic" into "struct UrlState"
- urldata: remove the 'rtspversion' field
- urldata: remove the _ORIG suffix from string names
- wolfssl: don't store a NULL sessionid
++++ procps:
- Add upstream patch procps-3.3.17-bsc1181976.patch based on
commit 3dd1661a to fix bsc#1181976 that is change descripton
of psr, which is for 39th field of /proc/[pid]/stat
++++ pam:
- pam_limits: "unlimited" is not a legitimate value for "nofile"
(see setrlimit(2)). So, when "nofile" is set to one of the
"unlimited" values, it is set to the contents of
"/proc/sys/fs/nr_open" instead.
Also changed the manpage of pam_limits to express this.
[bsc#1181443, pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch]
++++ shim:
- Update to 15.4 (bsc#1182057)
+ Rename the SBAT variable and fix the self-check of SBAT
+ sbat: add more dprint()
+ arm/aa64: Swizzle some sections to make old sbsign happier
+ arm/aa64 targets: put .rel* and .dyn* in .rodata
- Drop upstreamed patch:
+ shim-bsc1182057-sbat-variable-enhancement.patch
------------------------------------------------------------------
------------------ 2021-3-30 - Mar 30 2021 -------------------
------------------------------------------------------------------
++++ Mesa:
- update to 20.3.5
* fith bugfix release for the 20.3 branch
* This is a quite large release with a huge number of fixes in it,
and is the last planned release for the 20.3.x series. Radv and
ACO dominate the changes for this release, but there are some
other things mixed in there.
++++ Mesa-drivers:
- update to 20.3.5
* fith bugfix release for the 20.3 branch
* This is a quite large release with a huge number of fixes in it,
and is the last planned release for the 20.3.x series. Radv and
ACO dominate the changes for this release, but there are some
other things mixed in there.
++++ conmon:
- Update to version 2.0.27:
* bump to v2.0.27
* Add CRI-O integration test GitHub action
* exec: don't fail on EBADFD
* close_fds: fix close of external fds
* Add arm64 static build binary
* bump to v2.0.27-dev
++++ gstreamer-plugins-base:
- Update to version 1.18.4:
+ tag: id3v2: fix frame size check and potential invalid reads
+ audio: Fix gst_audio_buffer_truncate() meta handling for non-interleaved audio
+ audioresample: respect buffer layout when draining
+ audioaggregator: fix input_buffer ownership
+ decodebin3: change stream selection message owner, so that the app sends the stream-selection event to the right element
+ rtspconnection: correct data_size when tunneled mode
+ uridecodebin3: make caps property work
+ video-converter: Don't upsample invalid lines
+ videodecoder: Fix racy critical when pool negotiation occurs during flush
+ video: Convert gst_video_info_to_caps() to take self as const ptr
+ examples: added qt core dependency for qt overlay example
++++ kernel-default:
- Linux 5.11.11 (bsc#1012628).
- mt76: fix tx skb error handling in mt76_dma_tx_queue_skb
(bsc#1012628).
- mt76: mt7915: only modify tx buffer list after allocating tx
token id (bsc#1012628).
- net: stmmac: fix dma physical address of descriptor when
display ring (bsc#1012628).
- net: fec: ptp: avoid register access when ipg clock is disabled
(bsc#1012628).
- powerpc/4xx: Fix build errors from mfdcr() (bsc#1012628).
- atm: eni: dont release is never initialized (bsc#1012628).
- atm: lanai: dont run lanai_dev_close if not open (bsc#1012628).
- Revert "r8152: adjust the settings about MAC clock speed down
for RTL8153" (bsc#1012628).
- ALSA: hda: ignore invalid NHLT table (bsc#1012628).
- ixgbe: Fix memleak in ixgbe_configure_clsu32 (bsc#1012628).
- scsi: ufs: ufs-qcom: Disable interrupt in reset path
(bsc#1012628).
- blk-cgroup: Fix the recursive blkg rwstat (bsc#1012628).
- net: tehuti: fix error return code in bdx_probe() (bsc#1012628).
- net: intel: iavf: fix error return code of
iavf_init_get_resources() (bsc#1012628).
- sun/niu: fix wrong RXMAC_BC_FRM_CNT_COUNT count (bsc#1012628).
- gianfar: fix jumbo packets+napi+rx overrun crash (bsc#1012628).
- cifs: ask for more credit on async read/write code paths
(bsc#1012628).
- gfs2: fix use-after-free in trans_drain (bsc#1012628).
- cpufreq: blacklist Arm Vexpress platforms in cpufreq-dt-platdev
(bsc#1012628).
- gpiolib: acpi: Add missing IRQF_ONESHOT (bsc#1012628).
- nfs: fix PNFS_FLEXFILE_LAYOUT Kconfig default (bsc#1012628).
- NFS: Correct size calculation for create reply length
(bsc#1012628).
- net: hisilicon: hns: fix error return code of
hns_nic_clear_all_rx_fetch() (bsc#1012628).
- net: wan: fix error return code of uhdlc_init() (bsc#1012628).
- net: davicom: Use platform_get_irq_optional() (bsc#1012628).
- net: enetc: set MAC RX FIFO to recommended value (bsc#1012628).
- atm: uPD98402: fix incorrect allocation (bsc#1012628).
- atm: idt77252: fix null-ptr-dereference (bsc#1012628).
- cifs: change noisy error message to FYI (bsc#1012628).
- irqchip/ingenic: Add support for the JZ4760 (bsc#1012628).
- kbuild: add image_name to no-sync-config-targets (bsc#1012628).
- umem: fix error return code in mm_pci_probe() (bsc#1012628).
- sparc64: Fix opcode filtering in handling of no fault loads
(bsc#1012628).
- habanalabs: Call put_pid() when releasing control device
(bsc#1012628).
- habanalabs: Disable file operations after device is removed
(bsc#1012628).
- staging: rtl8192e: fix kconfig dependency on CRYPTO
(bsc#1012628).
- u64_stats,lockdep: Fix u64_stats_init() vs lockdep
(bsc#1012628).
- kselftest: arm64: Fix exit code of sve-ptrace (bsc#1012628).
- regulator: qcom-rpmh: Correct the pmic5_hfsmps515 buck
(bsc#1012628).
- regulator: qcom-rpmh: Use correct buck for S1C regulator
(bsc#1012628).
- block: Fix REQ_OP_ZONE_RESET_ALL handling (bsc#1012628).
- drm/amd/display: Enable pflip interrupt upon pipe enable
(bsc#1012628).
- drm/amd/display: Enabled pipe harvesting in dcn30 (bsc#1012628).
- drm/amdgpu/display: Use wm_table.entries for dcn301 calculate_wm
(bsc#1012628).
- drm/amdgpu: fb BO should be ttm_bo_type_device (bsc#1012628).
- drm/radeon: fix AGP dependency (bsc#1012628).
- nvme: simplify error logic in nvme_validate_ns() (bsc#1012628).
- nvme: add NVME_REQ_CANCELLED flag in nvme_cancel_request()
(bsc#1012628).
- nvme-fc: set NVME_REQ_CANCELLED in nvme_fc_terminate_exchange()
(bsc#1012628).
- nvme-fc: return NVME_SC_HOST_ABORTED_CMD when a command has
been aborted (bsc#1012628).
- nvme-core: check ctrl css before setting up zns (bsc#1012628).
- nvme-rdma: Fix a use after free in nvmet_rdma_write_data_done
(bsc#1012628).
- nvme-pci: add the DISABLE_WRITE_ZEROES quirk for a Samsung
PM1725a (bsc#1012628).
- nfs: we don't support removing system.nfs4_acl (bsc#1012628).
- block: Suppress uevent for hidden device when removed
(bsc#1012628).
- io_uring: cancel deferred requests in try_cancel (bsc#1012628).
- mm/fork: clear PASID for new mm (bsc#1012628).
- ia64: fix ia64_syscall_get_set_arguments() for break-based
syscalls (bsc#1012628).
- ia64: fix ptrace(PTRACE_SYSCALL_INFO_EXIT) sign (bsc#1012628).
- static_call: Pull some static_call declarations to the type
headers (bsc#1012628).
- static_call: Allow module use without exposing static_call_key
(bsc#1012628).
- static_call: Fix the module key fixup (bsc#1012628).
- static_call: Fix static_call_set_init() (bsc#1012628).
- KVM: x86: Protect userspace MSR filter with SRCU, and set
atomically-ish (bsc#1012628).
- btrfs: do not initialize dev stats if we have no dev_root
(bsc#1012628).
- btrfs: do not initialize dev replace for bad dev root
(bsc#1012628).
- btrfs: fix check_data_csum() error message for direct I/O
(bsc#1012628).
- btrfs: initialize device::fs_info always (bsc#1012628).
- btrfs: fix sleep while in non-sleep context during qgroup
removal (bsc#1012628).
- btrfs: fix subvolume/snapshot deletion not triggered on mount
(bsc#1012628).
- selinux: don't log MAC_POLICY_LOAD record on failed policy load
(bsc#1012628).
- selinux: fix variable scope issue in live sidtab conversion
(bsc#1012628).
- netsec: restore phy power state after controller reset
(bsc#1012628).
- platform/x86: intel-vbtn: Stop reporting SW_DOCK events
(bsc#1012628).
- psample: Fix user API breakage (bsc#1012628).
- z3fold: prevent reclaim/free race for headless pages
(bsc#1012628).
- squashfs: fix inode lookup sanity checks (bsc#1012628).
- squashfs: fix xattr id and id lookup sanity checks
(bsc#1012628).
- hugetlb_cgroup: fix imbalanced css_get and css_put pair for
shared mappings (bsc#1012628).
- kasan: fix per-page tags for non-page_alloc pages (bsc#1012628).
- gcov: fix clang-11+ support (bsc#1012628).
- mm/highmem: fix CONFIG_DEBUG_KMAP_LOCAL_FORCE_MAP (bsc#1012628).
- ACPI: video: Add missing callback back for Sony VPCEH3U1E
(bsc#1012628).
- ACPICA: Always create namespace nodes using
acpi_ns_create_node() (bsc#1012628).
- arm64: stacktrace: don't trace arch_stack_walk() (bsc#1012628).
- arm64: dts: ls1046a: mark crypto engine dma coherent
(bsc#1012628).
- arm64: dts: ls1012a: mark crypto engine dma coherent
(bsc#1012628).
- arm64: dts: ls1043a: mark crypto engine dma coherent
(bsc#1012628).
- ARM: dts: at91: sam9x60: fix mux-mask for PA7 so it can be
set to A, B and C (bsc#1012628).
- ARM: dts: at91: sam9x60: fix mux-mask to match product's
datasheet (bsc#1012628).
- ARM: dts: at91-sama5d27_som1: fix phy address to 7
(bsc#1012628).
- integrity: double check iint_cache was initialized
(bsc#1012628).
- drm/etnaviv: Use FOLL_FORCE for userptr (bsc#1012628).
- drm/amd/pm: workaround for audio noise issue (bsc#1012628).
- drm/amdgpu/display: restore AUX_DPHY_TX_CONTROL for DCN2.x
(bsc#1012628).
- drm/amdgpu: fix the hibernation suspend with s0ix (bsc#1012628).
- drm/amdgpu: Add additional Sienna Cichlid PCI ID (bsc#1012628).
- drm/i915/dsc: fix DSS CTL register usage for ICL DSI transcoders
(bsc#1012628).
- drm/i915: Fix the GT fence revocation runtime PM logic
(bsc#1012628).
- dm verity: fix DM_VERITY_OPTS_MAX value (bsc#1012628).
- dm: don't report "detected capacity change" on device creation
(bsc#1012628).
- dm ioctl: fix out of bounds array access when no devices
(bsc#1012628).
- bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD (bsc#1012628).
- soc: ti: omap-prm: Fix reboot issue with invalid pcie reset
map for dra7 (bsc#1012628).
- ARM: OMAP2+: Fix smartreflex init regression after dropping
legacy data (bsc#1012628).
- soc: ti: omap-prm: Fix occasional abort on reset deassert for
dra7 iva (bsc#1012628).
- veth: Store queue_mapping independently of XDP prog presence
(bsc#1012628).
- bpf: Dont allow vmlinux BTF to be used in map_create and
prog_load (bsc#1012628).
- bpf: Change inode_storage's lookup_elem return value from NULL
to -EBADF (bsc#1012628).
- libbpf: Fix INSTALL flag order (bsc#1012628).
- net/mlx5e: RX, Mind the MPWQE gaps when calculating offsets
(bsc#1012628).
- net/mlx5e: Set PTP channel pointer explicitly to NULL
(bsc#1012628).
- net/mlx5e: When changing XDP program without reset, take refs
for XSK RQs (bsc#1012628).
- net/mlx5e: Revert parameters on errors when changing PTP state
without reset (bsc#1012628).
- net/mlx5e: Don't match on Geneve options in case option masks
are all zero (bsc#1012628).
- net/mlx5e: E-switch, Fix rate calculation division
(bsc#1012628).
- ipv6: fix suspecious RCU usage warning (bsc#1012628).
- drop_monitor: Perform cleanup upon probe registration failure
(bsc#1012628).
- macvlan: macvlan_count_rx() needs to be aware of preemption
(bsc#1012628).
- net: sched: validate stab values (bsc#1012628).
- net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port
(bsc#1012628).
- igc: reinit_locked() should be called with rtnl_lock
(bsc#1012628).
- igc: Fix Pause Frame Advertising (bsc#1012628).
- igc: Fix Supported Pause Frame Link Setting (bsc#1012628).
- igc: Fix igc_ptp_rx_pktstamp() (bsc#1012628).
- e1000e: add rtnl_lock() to e1000_reset_task (bsc#1012628).
- e1000e: Fix error handling in e1000_set_d0_lplu_state_82571
(bsc#1012628).
- kunit: tool: Disable PAGE_POISONING under --alltests
(bsc#1012628).
- net/qlcnic: Fix a use after free in
qlcnic_83xx_get_minidump_template (bsc#1012628).
- net: phy: broadcom: Add power down exit reset state delay
(bsc#1012628).
- ice: fix napi work done reporting in xsk path (bsc#1012628).
- ftgmac100: Restart MAC HW once (bsc#1012628).
- clk: qcom: gcc-sc7180: Use floor ops for the correct sdcc1 clk
(bsc#1012628).
- net: ipa: terminate message handler arrays (bsc#1012628).
- net: qrtr: fix a kernel-infoleak in qrtr_recvmsg()
(bsc#1012628).
- flow_dissector: fix byteorder of dissected ICMP ID
(bsc#1012628).
- selftests/bpf: Set gopt opt_class to 0 if get tunnel opt failed
(bsc#1012628).
- netfilter: ctnetlink: fix dump of the expect mask attribute
(bsc#1012628).
- net: hdlc_x25: Prevent racing between "x25_close" and
"x25_xmit"/"x25_rx" (bsc#1012628).
- net: phylink: Fix phylink_err() function name error in
phylink_major_config (bsc#1012628).
- tipc: better validate user input in tipc_nl_retrieve_key()
(bsc#1012628).
- tcp: relookup sock for RST+ACK packets handled by obsolete
req sock (bsc#1012628).
- mptcp: fix ADD_ADDR HMAC in case port is specified
(bsc#1012628).
- can: isotp: isotp_setsockopt(): only allow to set low level
TX flags for CAN-FD (bsc#1012628).
- can: isotp: TX-path: ensure that CAN frame flags are initialized
(bsc#1012628).
- can: peak_usb: add forgotten supported devices (bsc#1012628).
- can: flexcan: flexcan_chip_freeze(): fix chip freeze for
missing bitrate (bsc#1012628).
- can: kvaser_pciefd: Always disable bus load reporting
(bsc#1012628).
- can: c_can_pci: c_can_pci_remove(): fix use-after-free
(bsc#1012628).
- can: c_can: move runtime PM enable/disable to c_can_platform
(bsc#1012628).
- can: m_can: m_can_do_rx_poll(): fix extraneous msg loss warning
(bsc#1012628).
- can: m_can: m_can_rx_peripheral(): fix RX being blocked by
errors (bsc#1012628).
- mac80211: fix rate mask reset (bsc#1012628).
- mac80211: Allow HE operation to be longer than expected
(bsc#1012628).
- selftests/net: fix warnings on reuseaddr_ports_exhausted
(bsc#1012628).
- nfp: flower: fix unsupported pre_tunnel flows (bsc#1012628).
- nfp: flower: add ipv6 bit to pre_tunnel control message
(bsc#1012628).
- nfp: flower: fix pre_tun mask id allocation (bsc#1012628).
- ftrace: Fix modify_ftrace_direct (bsc#1012628).
- drm/msm/dsi: fix check-before-set in the 7nm dsi_pll code
(bsc#1012628).
- ionic: linearize tso skb with too many frags (bsc#1012628).
- net/sched: cls_flower: fix only mask bit check in the
validate_ct_state (bsc#1012628).
- netfilter: nftables: report EOPNOTSUPP on unsupported flowtable
flags (bsc#1012628).
- netfilter: nftables: allow to update flowtable flags
(bsc#1012628).
- netfilter: flowtable: Make sure GC works periodically in idle
system (bsc#1012628).
- libbpf: Fix error path in bpf_object__elf_init() (bsc#1012628).
- libbpf: Use SOCK_CLOEXEC when opening the netlink socket
(bsc#1012628).
- ARM: dts: imx6ull: fix ubi filesystem mount failed
(bsc#1012628).
- ipv6: weaken the v4mapped source check (bsc#1012628).
- octeontx2-af: Formatting debugfs entry rsrc_alloc (bsc#1012628).
- octeontx2-af: Remove TOS field from MKEX TX (bsc#1012628).
- octeontx2-af: Fix irq free in rvu teardown (bsc#1012628).
- octeontx2-pf: Clear RSS enable flag on interace down
(bsc#1012628).
- octeontx2-af: fix infinite loop in unmapping NPC counter
(bsc#1012628).
- net: check all name nodes in __dev_alloc_name (bsc#1012628).
- net: cdc-phonet: fix data-interface release on probe failure
(bsc#1012628).
- igb: check timestamp validity (bsc#1012628).
- sctp: move sk_route_caps check and set into
sctp_outq_flush_transports (bsc#1012628).
- r8152: limit the RX buffer size of RTL8153A for USB 2.0
(bsc#1012628).
- net: stmmac: dwmac-sun8i: Provide TX and RX fifo sizes
(bsc#1012628).
- selinux: vsock: Set SID for socket returned by accept()
(bsc#1012628).
- selftests: forwarding: vxlan_bridge_1d: Fix vxlan ecn
decapsulate value (bsc#1012628).
- libbpf: Fix BTF dump of pointer-to-array-of-struct
(bsc#1012628).
- bpf: Fix umd memory leak in copy_process() (bsc#1012628).
- can: isotp: tx-path: zero initialize outgoing CAN frames
(bsc#1012628).
- platform/x86: dell-wmi-sysman: Fix crash caused by calling
kset_unregister twice (bsc#1012628).
- platform/x86: dell-wmi-sysman: Fix possible NULL pointer deref
on exit (bsc#1012628).
- platform/x86: dell-wmi-sysman: Make it safe to call
exit_foo_attributes() multiple times (bsc#1012628).
- platform/x86: dell-wmi-sysman: Fix release_attributes_data()
getting called twice on init_bios_attributes() failure
(bsc#1012628).
- platform/x86: dell-wmi-sysman: Cleanup sysman_init() error-exit
handling (bsc#1012628).
- platform/x86: dell-wmi-sysman: Make sysman_init() return
- ENODEV of the interfaces are not found (bsc#1012628).
- drm/msm: fix shutdown hook in case GPU components failed to bind
(bsc#1012628).
- drm/msm: Fix suspend/resume on i.MX5 (bsc#1012628).
- arm64: kdump: update ppos when reading elfcorehdr (bsc#1012628).
- PM: runtime: Defer suspending suppliers (bsc#1012628).
- net/mlx5: Add back multicast stats for uplink representor
(bsc#1012628).
- net/mlx5e: Allow to match on MPLS parameters only for MPLS
over UDP (bsc#1012628).
- net/mlx5e: Offload tuple rewrite for non-CT flows (bsc#1012628).
- net/mlx5e: Fix error path for ethtool set-priv-flag
(bsc#1012628).
- mfd: intel_quark_i2c_gpio: Revert "Constify static struct
resources" (bsc#1012628).
- PM: EM: postpone creating the debugfs dir till fs_initcall
(bsc#1012628).
- platform/x86: intel_pmt_crashlog: Fix incorrect macros
(bsc#1012628).
- net: bridge: don't notify switchdev for local FDB addresses
(bsc#1012628).
- octeontx2-af: Fix memory leak of object buf (bsc#1012628).
- xen/x86: make XEN_BALLOON_MEMORY_HOTPLUG_LIMIT depend on
MEMORY_HOTPLUG (bsc#1012628).
- RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6
listening server (bsc#1012628).
- mm: memblock: fix section mismatch warning again (bsc#1012628).
- bpf: Don't do bpf_cgroup_storage_set() for kuprobe/tp programs
(bsc#1012628).
- net: Consolidate common blackhole dst ops (bsc#1012628).
- net, bpf: Fix ip6ip6 crash with collect_md populated skbs
(bsc#1012628).
- igb: avoid premature Rx buffer reuse (bsc#1012628).
- net: axienet: Fix probe error cleanup (bsc#1012628).
- net: phy: introduce phydev->port (bsc#1012628).
- net: phy: broadcom: Avoid forward for
bcm54xx_config_clock_delay() (bsc#1012628).
- net: phy: broadcom: Set proper 1000BaseX/SGMII interface mode
for BCM54616S (bsc#1012628).
- net: phy: broadcom: Fix RGMII delays for BCM50160 and BCM50610M
(bsc#1012628).
- Revert "netfilter: x_tables: Switch synchronization to RCU"
(bsc#1012628).
- netfilter: x_tables: Use correct memory barriers (bsc#1012628).
- bpf: Fix fexit trampoline (bsc#1012628).
- bpf: Use NOP_ATOMIC5 instead of emit_nops(&prog, 5) for
BPF_TRAMP_F_CALL_ORIG (bsc#1012628).
- platform/x86: dell-wmi-sysman: Cleanup
create_attributes_level_sysfs_files() (bsc#1012628).
- dm table: Fix zoned model check and zone sectors check
(bsc#1012628).
- mm/mmu_notifiers: ensure range_end() is paired with
range_start() (bsc#1012628).
- Revert "netfilter: x_tables: Update remaining dereference to
RCU" (bsc#1012628).
- ACPI: scan: Rearrange memory allocation in acpi_device_add()
(bsc#1012628).
- ACPI: scan: Use unique number for instance_no (bsc#1012628).
- perf auxtrace: Fix auxtrace queue conflict (bsc#1012628).
- perf synthetic events: Avoid write of uninitialized memory
when generating PERF_RECORD_MMAP* records (bsc#1012628).
- io_uring: fix provide_buffers sign extension (bsc#1012628).
- block: recalculate segment count for multi-segment discards
correctly (bsc#1012628).
- scsi: Revert "qla2xxx: Make sure that aborted commands are
freed" (bsc#1012628).
- scsi: qedi: Fix error return code of qedi_alloc_global_queues()
(bsc#1012628).
- scsi: mpt3sas: Fix error return code of mpt3sas_base_attach()
(bsc#1012628).
- smb3: fix cached file size problems in duplicate extents
(reflink) (bsc#1012628).
- cifs: Adjust key sizes and key generation routines for AES256
encryption (bsc#1012628).
- locking/mutex: Fix non debug version of mutex_lock_io_nested()
(bsc#1012628).
- x86/mem_encrypt: Correct physical address calculation in
__set_clr_pte_enc() (bsc#1012628).
- fs/cachefiles: Remove wait_bit_key layout dependency
(bsc#1012628).
- ch_ktls: fix enum-conversion warning (bsc#1012628).
- can: dev: Move device back to init netns on owning netns delete
(bsc#1012628).
- r8169: fix DMA being used after buffer free if WoL is enabled
(bsc#1012628).
- net: dsa: b53: VLAN filtering is global to all users
(bsc#1012628).
- mac80211: fix double free in ibss_leave (bsc#1012628).
- ext4: add reclaim checks to xattr code (bsc#1012628).
- fs/ext4: fix integer overflow in s_log_groups_per_flex
(bsc#1012628).
- Revert "xen: fix p2m size in dom0 for disabled memory hotplug
case" (bsc#1012628).
- nvme: fix the nsid value to print in nvme_validate_or_alloc_ns
(bsc#1012628).
- can: peak_usb: Revert "can: peak_usb: add forgotten supported
devices" (bsc#1012628).
- selftest/bpf: Add a test to check trampoline freeing logic
(bsc#1012628).
- xen-blkback: don't leak persistent grants from xen_blkbk_map()
(bsc#1012628).
- Update config files.
- commit dbc4a02
++++ libcontainers-common:
- Update common to 0.35.3
0.35.3:
* capabilities: add new method BoundingSet()
* Bump github.com/containers/storage from 1.27.0 to 1.28.0
* Bump github.com/onsi/ginkgo from 1.15.1 to 1.15.2
* Bump github.com/hashicorp/go-multierror from 1.1.0 to 1.1.1
* Bump github.com/sirupsen/logrus from 1.8.0 to 1.8.1
* Remove `vendor` from dependabot config
* Add dependabot config file to support vendoring
* Bump github.com/onsi/gomega from 1.10.5 to 1.11.0
* Bump github.com/onsi/ginkgo from 1.15.0 to 1.15.1
* Bump github.com/containers/image/v5 from 5.10.4 to 5.10.5
0.35.2:
Vendor in containers/common and start using types subdir.
shrink the vendoring size of containers/common/pkg/config
Bump github.com/containers/image/v5 from 5.10.3 to 5.10.4
- Update podman to 3.1.0
3.1.0:
[#]## Features
- A set of new commands has been added to manage secrets! The `podman secret create`, `podman secret inspect`, `podman secret ls` and `podman secret rm` commands have been added to handle secrets, along with the `--secret` option to `podman run` and `podman create` to add secrets to containers. The initial driver for secrets does not support encryption - this will be added in a future release.
- A new command to prune networks, `podman network prune`, has been added ([#8673](https://github.com/containers/podman/issues/8673)).
- The `-v` option to `podman run` and `podman create` now supports a new volume option, `:U`, to chown the volume's source directory on the host to match the UID and GID of the container and prevent permissions issues ([#7778](https://github.com/containers/podman/issues/7778)).
- Three new commands, `podman network exists`, `podman volume exists`, and `podman manifest exists`, have been added to check for the existence of networks, volumes, and manifest lists.
- The `podman cp` command can now copy files into directories mounted as `tmpfs` in a running container.
- The `podman volume prune` command will now list volumes that will be pruned when prompting the user whether to continue and perform the prune ([#8913](https://github.com/containers/podman/issues/8913)).
- The Podman remote client's `podman build` command now supports the `--disable-compression`, `--excludes`, and `--jobs` options.
- The Podman remote client's `podman push` command now supports the `--format` option.
- The Podman remote client's `podman rm` command now supports the `--all` and `--ignore` options.
- The Podman remote client's `podman search` command now supports the `--no-trunc` and `--list-tags` options.
- The `podman play kube` command can now read in Kubernetes YAML from `STDIN` when `-` is specified as file name (`podman play kube -`), allowing input to be piped into the command for scripting ([#8996](https://github.com/containers/podman/issues/8996)).
- The `podman generate systemd` command now supports a `--no-header` option, which disables creation of the header comment automatically added by Podman to generated unit files.
- The `podman generate kube` command can now generate `PersistentVolumeClaim` YAML for Podman named volumes ([#5788](https://github.com/containers/podman/issues/5788)).
- The `podman generate kube` command can now generate YAML files containing multiple resources (pods or deployments) ([#9129](https://github.com/containers/podman/issues/9129)).
[#]## Security
- This release resolves CVE-2021-20291, a deadlock vulnerability in the storage library caused by pulling a specially-crafted container image.
[#]## Changes
- The Podman remote client's `podman build` command no longer allows the `-v` flag to be used. Volumes are not yet supported with remote Podman when the client and service are on different machines.
- The `podman kill` and `podman stop` commands now print the name given by the user for each container, instead of the full ID.
- When the `--security-opt unmask=ALL` or `--security-opt unmask=/sys/fs/cgroup` options to `podman create` or `podman run` are given, Podman will mount cgroups into the container as read-write, instead of read-only ([#8441](https://github.com/containers/podman/issues/8441)).
- The `podman rmi` command has been changed to better handle cases where an image is incomplete or corrupted, which can be caused by interrupted image pulls.
- The `podman rename` command has been improved to be more atomic, eliminating many race conditions that could potentially render a renamed container unusable.
- Detection of which OCI runtimes run using virtual machines and thus require custom SELinux labelling has been improved ([#9582](https://github.com/containers/podman/issues/9582)).
- The hidden `--trace` option to `podman` has been turned into a no-op. It was used in very early versions for performance tracing, but has not been supported for some time.
- The `podman generate systemd` command now generates `RequiresMountsFor` lines to ensure necessary storage directories are mounted before systemd starts Podman.
- Podman will now emit a warning when `--tty` and `--interactive` are both passed, but `STDIN` is not a TTY. This will be made into an error in the next major Podman release some time next year.
[#]## Bugfixes
- Fixed a bug where rootless Podman containers joined to CNI networks could not receive traffic from forwarded ports ([#9065](https://github.com/containers/podman/issues/9065)).
- Fixed a bug where `podman network create` with the `--macvlan` flag did not honor the `--gateway`, `--subnet`, and `--opt` options ([#9167](https://github.com/containers/podman/issues/9167)).
- Fixed a bug where the `podman generate kube` command generated invalid YAML for privileged containers ([#8897](https://github.com/containers/podman/issues/8897)).
- Fixed a bug where the `podman generate kube` command could not be used with containers that were not running.
- Fixed a bug where the `podman generate systemd` command could duplicate some parameters to Podman in generated unit files ([#9776](https://github.com/containers/podman/issues/9776)).
- Fixed a bug where Podman did not add annotations specified in `containers.conf` to containers.
- Foxed a bug where Podman did not respect the `no_hosts` default in `containers.conf` when creating containers.
- Fixed a bug where the `--tail=0`, `--since`, and `--follow` options to the `podman logs` command did not function properly when using the `journald` log backend.
- Fixed a bug where specifying more than one container to `podman logs` when the `journald` log backend was in use did not function correctly.
- Fixed a bug where the `podman run` and `podman create` commands would panic if a memory limit was set, but the swap limit was set to unlimited ([#9429](https://github.com/containers/podman/issues/9429)).
- Fixed a bug where the `--network` option to `podman run`, `podman create`, and `podman pod create` would error if the user attempted to specify CNI networks by ID, instead of name ([#9451](https://github.com/containers/podman/issues/9451)).
- Fixed a bug where Podman's cgroup handling for cgroups v1 systems did not properly handle cases where a cgroup existed on some, but not all, controllers, resulting in errors from the `podman stats` command ([#9252](https://github.com/containers/podman/issues/9252)).
- Fixed a bug where the `podman cp` did not properly handle cases where `/dev/stdout` was specified as the destination (it was treated identically to `-`) ([#9362](https://github.com/containers/podman/issues/9362)).
- Fixed a bug where the `podman cp` command would create files with incorrect ownership ([#9526](https://github.com/containers/podman/issues/9626)).
- Fixed a bug where the `podman cp` command did not properly handle cases where the destination directory did not exist.
- Fixed a bug where the `podman cp` command did not properly evaluate symlinks when copying out of containers.
- Fixed a bug where the `podman rm -fa` command would error when attempting to remove containers created with `--rm` ([#9479](https://github.com/containers/podman/issues/9479)).
- Fixed a bug where the ordering of capabilities was nondeterministic in the `CapDrop` field of the output of `podman inspect` on a container ([#9490](https://github.com/containers/podman/issues/9490)).
- Fixed a bug where the `podman network connect` command could be used with containers that were not initially connected to a CNI bridge network (e.g. containers created with `--net=host`) ([#9496](https://github.com/containers/podman/issues/9496)).
- Fixed a bug where DNS search domains required by the `dnsname` CNI plugin were not being added to container's `resolv.conf` under some circumstances.
- Fixed a bug where the `--ignorefile` option to `podman build` was nonfunctional ([#9570](https://github.com/containers/podman/issues/9570)).
- Fixed a bug where the `--timestamp` option to `podman build` was nonfunctional ([#9569](https://github.com/containers/podman/issues/9569)).
- Fixed a bug where the `--iidfile` option to `podman build` could cause Podman to panic if an error occurred during the build.
- Fixed a bug where the `--dns-search` option to `podman build` was nonfunctional ([#9574](https://github.com/containers/podman/issues/9574)).
- Fixed a bug where the `--pull-never` option to `podman build` was nonfunctional ([#9573](https://github.com/containers/podman/issues/9573)).
- Fixed a bug where the `--build-arg` option to `podman build` would, when given a key but not a value, error (instead of attempting to look up the key as an environment variable) ([#9571](https://github.com/containers/podman/issues/9571)).
- Fixed a bug where the `--isolation` option to `podman build` in the remote Podman client was nonfunctional.
- Fixed a bug where the `podman network disconnect` command could cause errors when the container that had a network removed was stopped and its network was cleaned up ([#9602](https://github.com/containers/podman/issues/9602)).
- Fixed a bug where the `podman network rm` command did not properly check what networks a container was present in, resulting in unexpected behavior if `podman network connect` or `podman network disconnect` had been used with the network ([#9632](https://github.com/containers/podman/issues/9632)).
- Fixed a bug where some errors with stopping a container could cause Podman to panic, and the container to be stuck in an unusable `stopping` state ([#9615](https://github.com/containers/podman/issues/9615)).
- Fixed a bug where the `podman load` command could return 0 even in cases where an error occurred ([#9672](https://github.com/containers/podman/issues/9672)).
- Fixed a bug where specifying storage options to Podman using the `--storage-opt` option would override all storage options. Instead, storage options are now overridden only when the `--storage-driver` option is used to override the current graph driver ([#9657](https://github.com/containers/podman/issues/9657)).
- Fixed a bug where containers created with `--privileged` could request more capabilities than were available to Podman.
- Fixed a bug where `podman commit` did not use the `TMPDIR` environment variable to place temporary files created during the commit ([#9825](https://github.com/containers/podman/issues/9825)).
- Fixed a bug where remote Podman could error when attempting to resize short-lived containers ([#9831](https://github.com/containers/podman/issues/9831)).
- Fixed a bug where Podman was unusable on kernels built without `CONFIG_USER_NS`.
- Fixed a bug where the ownership of volumes created by `podman volume create` and then mounted into a container could be incorrect ([#9608](https://github.com/containers/podman/issues/9608)).
- Fixed a bug where Podman volumes using a volume plugin could not pass certain options, and could not be used as non-root users.
- Fixed a bug where the `--tz` option to `podman create` and `podman run` did not properly validate its input.
[#]## API
- Fixed a bug where the `X-Registry-Auth` header did not accept `null` as a valid value.
- A new compat endpoint, `/auth`, has been added. This endpoint validates credentials against a registry ([#9564](https://github.com/containers/podman/issues/9564)).
- Fixed a bug where the compat Build endpoint for Images specified labels using the wrong type (array vs map). Both formats will be accepted now.
- Fixed a bug where the compat Build endpoint for Images did not report that it successfully tagged the built image in its response.
- Fixed a bug where the compat Create endpoint for Images did not provide progress information on pulling the image in its response.
- Fixed a bug where the compat Push endpoint for Images did not properly handle the destination (used a query parameter, instead of a path parameter).
- Fixed a bug where the compat Push endpoint for Images did not send the progress of the push and the digest of the pushed image in the response body.
- Fixed a bug where the compat List endpoint for Networks returned null, instead of an empty array (`[]`), when no networks were present ([#9293](https://github.com/containers/podman/issues/9293)).
- Fixed a bug where the compat List endpoint for Networks returned nulls, instead of empty maps, for networks that do not have Labels and/or Options.
- The Libpod Inspect endpoint for networks (`/libpod/network/$ID/json`) now has an alias at `/libpod/network/$ID` ([#9691](https://github.com/containers/podman/issues/9691)).
- Fixed a bug where the libpod Inspect endpoint for Networks returned a 1-size array of results, instead of a single result ([#9690](https://github.com/containers/podman/issues/9690)).
- The Compat List endpoint for Networks now supports the legacy format for filters in parallel with the current filter format ([#9526](https://github.com/containers/podman/issues/9526)).
- Fixed a bug where the compat Create endpoint for Containers did not properly handle tmpfs filesystems specified with options ([#9511](https://github.com/containers/podman/issues/9511)).
- Fixed a bug where the compat Create endpoint for Containers did not create bind-mount source directories ([#9510](https://github.com/containers/podman/issues/9510)).
- Fixed a bug where the compat Create endpoint for Containers did not properly handle the `NanoCpus` option ([#9523](https://github.com/containers/podman/issues/9523)).
- Fixed a bug where the Libpod create endpoint for Containers has a misnamed field in its JSON.
- Fixed a bug where the compat List endpoint for Containers did not populate information on forwarded ports ([#9553](https://github.com/containers/podman/issues/9553))
- Fixed a bug where the compat List endpoint for Containers did not populate information on container CNI networks ([#9529](https://github.com/containers/podman/issues/9529)).
- Fixed a bug where the compat and libpod Stop endpoints for Containers would ignore a timeout of 0.
- Fixed a bug where the compat and libpod Resize endpoints for Containers did not set the correct terminal sizes (dimensions were reversed) ([#9756](https://github.com/containers/podman/issues/9756)).
- Fixed a bug where the compat Remove endpoint for Containers would not return 404 when attempting to remove a container that does not exist ([#9675](https://github.com/containers/podman/issues/9675)).
- Fixed a bug where the compat Prune endpoint for Volumes would still prune even if an invalid filter was specified.
- Numerous bugs related to filters have been addressed.
[#]## Misc
- Updated Buildah to v1.20.0
- Updated the containers/storage library to v1.28.1
- Updated the containers/image library to v5.10.5
- Updated the containers/common library to v0.35.4
3.1.0-RC2:
This is the second release candidate for Podman v3.1.0
Preliminary release notes are below. Please note that these are subject to change until the final release.
[#]## Features
- A set of new commands has been added to manage secrets! The `podman secret create`, `podman secret inspect`, `podman secret ls` and `podman secret rm` commands have been added to handle secrets, along with the `--secret` option to `podman run` and `podman create` to add secrets to containers. The initial driver for secrets does not support encryption - this will be added in a future release.
- A new command to prune networks, `podman network prune`, has been added ([#8673](https://github.com/containers/podman/issues/8673)).
- The `-v` option to `podman run` and `podman create` now supports a new volume option, `:U`, to chown the volume's source directory on the host to match the UID and GID of the container and prevent permissions issues ([#7778](https://github.com/containers/podman/issues/7778)).
- Three new commands, `podman network exists`, `podman volume exists`, and `podman manifest exists`, have been added to check for the existence of networks, volumes, and manifest lists.
- The `podman cp` command can now copy files into directories mounted as `tmpfs` in a running container.
- The `podman volume prune` command will now list volumes that will be pruned when prompting the user whether to continue and perform the prune ([#8913](https://github.com/containers/podman/issues/8913)).
- The Podman remote client's `podman build` command now supports the `--disable-compression`, `--excludes`, and `--jobs` options.
- The Podman remote client's `podman push` command now supports the `--format` option.
- The Podman remote client's `podman rm` command now supports the `--all` and `--ignore` options.
- The Podman remote client's `podman search` command now supports the `--no-trunc` and `--list-tags` options.
- The `podman play kube` command can now read in Kubernetes YAML from `STDIN` when `-` is specified as file name (`podman play kube -`), allowing input to be piped into the command for scripting ([#8996](https://github.com/containers/podman/issues/8996)).
- The `podman generate systemd` command now supports a `--no-header` option, which disables creation of the header comment automatically added by Podman to generated unit files.
[#]## Changes
- The Podman remote client's `podman build` command no longer allows the `-v` flag to be used. Volumes are not yet supported with remote Podman when the client and service are on different machines.
- The `podman kill` and `podman stop` commands now print the name given by the user for each container, instead of the full ID.
- When the `--security-opt unmask=ALL` or `--security-opt unmask=/sys/fs/cgroup` options to `podman create` or `podman run` are given, Podman will mount cgroups into the container as read-write, instead of read-only ([#8441](https://github.com/containers/podman/issues/8441)).
- The `podman rmi` command has been changed to better handle cases where an image is incomplete or corrupted, which can be caused by interrupted image pulls.
- The `podman rename` command has been improved to be more atomic, eliminating many race conditions that could potentially render a renamed container unusable.
- Detection of which OCI runtimes run using virtual machines and thus require custom SELinux labelling has been improved ([#9582](https://github.com/containers/podman/issues/9582)).
- The hidden `--trace` option to `podman` has been turned into a no-op. It was used in very early versions for performance tracing, but has not been supported for some time.
[#]## Bugfixes
- Fixed a bug where rootless Podman containers joined to CNI networks could not receive traffic from forwarded ports ([#9065](https://github.com/containers/podman/issues/9065)).
- Fixed a bug where `podman network create` with the `--macvlan` flag did not honor the `--gateway`, `--subnet`, and `--opt` options ([#9167](https://github.com/containers/podman/issues/9167)).
- Fixed a bug where the `podman generate kube` command generated invalid YAML for privileged containers ([#8897](https://github.com/containers/podman/issues/8897)).
- Fixed a bug where the `podman generate kube` command could not be used with containers that were not running.
- Fixed a bug where Podman did not add annotations specified in `containers.conf` to containers.
- Foxed a bug where Podman did not respect the `no_hosts` default in `containers.conf` when creating containers.
- Fixed a bug where the `--tail=0`, `--since`, and `--follow` options to the `podman logs` command did not function properly when using the `journald` log backend.
- Fixed a bug where specifying more than one container to `podman logs` when the `journald` log backend was in use did not function correctly.
- Fixed a bug where the `podman run` and `podman create` commands would panic if a memory limit was set, but the swap limit was set to unlimited ([#9429](https://github.com/containers/podman/issues/9429)).
- Fixed a bug where the `--network` option to `podman run`, `podman create`, and `podman pod create` would error if the user attempted to specify CNI networks by ID, instead of name ([#9451](https://github.com/containers/podman/issues/9451)).
- Fixed a bug where Podman's cgroup handling for cgroups v1 systems did not properly handle cases where a cgroup existed on some, but not all, controllers, resulting in errors from the `podman stats` command ([#9252](https://github.com/containers/podman/issues/9252)).
- Fixed a bug where the `podman cp` did not properly handle cases where `/dev/stdout` was specified as the destination (it was treated identically to `-`) ([#9362](https://github.com/containers/podman/issues/9362)).
- Fixed a bug where the `podman cp` command would create files with incorrect ownership ([#9526](https://github.com/containers/podman/issues/9626)).
- Fixed a bug where the `podman cp` command did not properly handle cases where the destination directory did not exist.
- Fixed a bug where the `podman cp` command did not properly evaluate symlinks when copying out of containers.
- Fixed a bug where the `podman rm -fa` command would error when attempting to remove containers created with `--rm` ([#9479](https://github.com/containers/podman/issues/9479)).
- Fixed a bug where the ordering of capabilities was nondeterministic in the `CapDrop` field of the output of `podman inspect` on a container ([#9490](https://github.com/containers/podman/issues/9490)).
- Fixed a bug where the `podman network connect` command could be used with containers that were not initially connected to a CNI bridge network (e.g. containers created with `--net=host`) ([#9496](https://github.com/containers/podman/issues/9496)).
- Fixed a bug where DNS search domains required by the `dnsname` CNI plugin were not being added to container's `resolv.conf` under some circumstances.
- Fixed a bug where the `--ignorefile` option to `podman build` was nonfunctional ([#9570](https://github.com/containers/podman/issues/9570)).
- Fixed a bug where the `--timestamp` option to `podman build` was nonfunctional ([#9569](https://github.com/containers/podman/issues/9569)).
- Fixed a bug where the `--iidfile` option to `podman build` could cause Podman to panic if an error occurred during the build.
- Fixed a bug where the `--dns-search` option to `podman build` was nonfunctional ([#9574](https://github.com/containers/podman/issues/9574)).
- Fixed a bug where the `--build-arg` option to `podman build` would, when given a key but not a value, error (instead of attempting to look up the key as an environment variable) ([#9571](https://github.com/containers/podman/issues/9571)).
- Fixed a bug where the `podman network disconnect` command could cause errors when the container that had a network removed was stopped and its network was cleaned up ([#9602](https://github.com/containers/podman/issues/9602)).
- Fixed a bug where the `podman network rm` command did not properly check what networks a container was present in, resulting in unexpected behavior if `podman network connect` or `podman network disconnect` had been used with the network ([#9632](https://github.com/containers/podman/issues/9632)).
- Fixed a bug where some errors with stopping a container could cause Podman to panic, and the container to be stuck in an unusable `stopping` state ([#9615](https://github.com/containers/podman/issues/9615)).
- Fixed a bug where the `podman load` command could return 0 even in cases where an error occurred ([#9672](https://github.com/containers/podman/issues/9672)).
- Fixed a bug where specifying storage options to Podman using the `--storage-opt` option would override all storage options. Instead, storage options are now overridden only when the `--storage-driver` option is used to override the current graph driver ([#9657](https://github.com/containers/podman/issues/9657)).
- Fixed a bug where containers created with `--privileged` could request more capabilities than were available to Podman.
[#]## API
- Fixed a bug where the `X-Registry-Auth` header did not accept `null` as a valid value.
- A new compat endpoint, `/auth`, has been added. This endpoint validates credentials against a registry ([#9564](https://github.com/containers/podman/issues/9564)).
- Fixed a bug where the compat Build endpoint for Images specified labels using the wrong type (array vs map). Both formats will be accepted now.
- Fixed a bug where the compat Build endpoint for Images did not report that it successfully tagged the built image in its response.
- Fixed a bug where the compat Create endpoint for Images did not provide progress information on pulling the image in its response.
- Fixed a bug where the compat Push endpoint for Images did not properly handle the destination (used a query parameter, instead of a path parameter).
- Fixed a bug where the compat Push endpoint for Images did not send the progress of the push and the digest of the pushed image in the response body.
- Fixed a bug where the compat List endpoint for Networks returned null, instead of an empty array (`[]`), when no networks were present ([#9293](https://github.com/containers/podman/issues/9293)).
- Fixed a bug where the compat List endpoint for Networks returned nulls, instead of empty maps, for networks that do not have Labels and/or Options.
- The Libpod Inspect endpoint for networks (`/libpod/network/$ID/json`) now has an alias at `/libpod/network/$ID` ([#9691](https://github.com/containers/podman/issues/9691)).
- Fixed a bug where the libpod Inspect endpoint for Networks returned a 1-size array of results, instead of a single result ([#9690](https://github.com/containers/podman/issues/9690)).
- The Compat List endpoint for Networks now supports the legacy format for filters in parallel with the current filter format ([#9526](https://github.com/containers/podman/issues/9526)).
- Fixed a bug where the compat Create endpoint for Containers did not properly handle tmpfs filesystems specified with options ([#9511](https://github.com/containers/podman/issues/9511)).
- Fixed a bug where the compat Create endpoint for Containers did not create bind-mount source directories ([#9510](https://github.com/containers/podman/issues/9510)).
- Fixed a bug where the compat Create endpoint for Containers did not properly handle the `NanoCpus` option ([#9523](https://github.com/containers/podman/issues/9523)).
- Fixed a bug where the compat List endpoint for Containers did not populate information on forwarded ports ([#9553](https://github.com/containers/podman/issues/9553))
- Fixed a bug where the compat List endpoint for Containers did not populate information on container CNI networks ([#9529](https://github.com/containers/podman/issues/9529)).
- Fixed a bug where the compat and libpod Stop endpoints for Containers would ignore a timeout of 0.
- Fixed a bug where the compat Remove endpoint for Containers would not return 404 when attempting to remove a container that does not exist ([#9675](https://github.com/containers/podman/issues/9675)).
- Fixed a bug where the compat Prune endpoint for Volumes would still prune even if an invalid filter was specified.
[#]## Misc
- Updated Buildah to v1.19.8
- Updated the containers/storage library to v1.28.0
- Updated the containers/image library to v5.10.5
- Updated the containers/common library to v0.35.3
3.1.0-RC1:
This is the first release candidate for Podman v3.1.0. Release is expected later this week.
- Update storage to 1.28.1
1.28.1:
overlay.recreateSymlinks: handle missing "link" files, add a test
TestLockfileWriteConcurrent: stay below 8192 goroutines
Use an xz library instead of shelling out to xz for decompression
overlay: check selinux label support
1.28.0:
Add dependabot.yml configuration file
Add more mount information to errors
Inherit system storage driver in rootless configurations
archive: make getFileOwner public
archive: make getWhiteoutConverter public
archive: whiteout creation with a handler
build(deps): bump github.com/Microsoft/hcsshim from 0.8.14 to 0.8.15
build(deps): bump github.com/hashicorp/go-multierror from 1.1.0 to 1.1.1
build(deps): bump github.com/klauspost/compress from 1.11.7 to 1.11.12
build(deps): bump github.com/moby/sys/mountinfo from 0.4.0 to 0.4.1
build(deps): bump github.com/sirupsen/logrus from 1.8.0 to 1.8.1
chown: ignore both pkg/system.EOPNOTSUPP and pkg/system.ErrNotSupportedPlatform
containers-storage: add --volatile to container create
copy: create a unix socket with os.ModeSocket
drivers: make copyRegular public
drivers: new function CopyRegularToFile
fswriters: honor nosync option
overlay: add detection for overlay support in a user namespace
overlay: allow to reset mount_program
overlay: factor function out
overlay: fix path to incompat/volatile
overlay: improve overlay error message
overlay: public function to check for overlay support
overlay: record if using mount_program
overlay: rootless move error to debug message
overlay: use direct mount instead of mountFrom
support patches to prepare #775
tests: test mount/unmount volatile container
types: check for native overlay support
1.27.0:
Move storageOpts structures into types subdir to shrink bindings.
(*store).Diff: add missing unlock in error case
pkg/lockfile: fix a race and re-enable unit tests
Add warning about possible storage corruption
pkg/chrootarchive.TestChrootUntarWithHugeExcludesList: fix compile error
pkg/archive.TestCopyWithTarSrcFile(): update for NoOverwriteDirNonDir
drivers/devmapper: default the rootfs directory to 0555
TestRootlessRuntimeDir: iterate tests using testing.T.Run()
Fix TestDefaultStoreOpts()
getRootlessRuntimeDirIsolated(): don't use an empty tmpPerUserDir
drivers/zfs: default the base layer to 0555
drivers/btrfs: default the base layer to 0555
drivers/aufs: inherit permissions on "/" from parent layers
drivers/vfs: inherit permissions on "/" from parent layers
graphtest: expect 0555 permissions
pkg/archive.parseDirent(): adjust to avoid unsafe pointer conversion
Add warning about possible storage corruption
pkg/idtools.TestParseSubidFileWithNewlinesAndComments(): clean up
pkg/mount.TestSubtreeUnbindable(): check for wrapped EINVAL
pkg/directory: count inodes of directories
Makefile local-test-unit: use -race if it's available
pkg/mount: don't complain if the filesystem volunteers inode32/inode64
CI: run unit tests again
pkg/lockfile: fix a race and an incorrect unit test
1.26.0:
build(deps): bump github.com/sirupsen/logrus from 1.7.1 to 1.8.0
homedir: add GetCacheHome
Call recreateSymlinks when not found during Readlink
build(deps): bump github.com/sirupsen/logrus from 1.7.0 to 1.7.1
We should ignore metacopy option on kernels that do not support it
drivers: add support for volatile to overlay
store: support volatile containers
overlay: support native rootless mounts
overlay: force metacopy=on for naivediff
build(deps): bump github.com/opencontainers/runc from 1.0.0-rc91 to 1.0.0-rc93
1.25.0:
layers: support BigData
Fix FreeBSD support
Remove empty line as per feedback
Improve project quota to support querying disk usage
Use unix.Statfs instead of syscall.Statfs
overlay: use XFS quota when possible
drivers/quota: add GetDiskUsage endpoint
- Update image to 5.10.5
v0.35.3:
* capabilities: add new method BoundingSet()
* Bump github.com/containers/storage from 1.27.0 to 1.28.0
* Bump github.com/onsi/ginkgo from 1.15.1 to 1.15.2
* Bump github.com/hashicorp/go-multierror from 1.1.0 to 1.1.1
* Bump github.com/sirupsen/logrus from 1.8.0 to 1.8.1
* Remove vendor from dependabot config
* Add dependabot config file to support vendoring
* Bump github.com/onsi/gomega from 1.10.5 to 1.11.0
* Bump github.com/onsi/ginkgo from 1.15.0 to 1.15.1
* Bump github.com/containers/image/v5 from 5.10.4 to 5.10.5
v0.35.2:
Vendor in containers/common and start using types subdir.
shrink the vendoring size of containers/common/pkg/config
Bump github.com/containers/image/v5 from 5.10.3 to 5.10.4
++++ rpm:
- update to rpm-4.16.1.3
* security fixes for CVE-2021-3421, CVE-2021-20271, CVE-2021-20266
* fix bdb_ro failing to open database with missing secondary indexes
* dropped: finddebuginfo-check-res-file.patch
* dropped: empty_dbbackend.diff
- require the exact version of librpmbuild in the rpm-build
package [bnc#1180965]
- reformat dwarf5.diff
- add dump_posttrans and --runposttrans options to make it possible
for libzypp to implement file triggers
new patch: posttrans.diff
++++ systemd:
- Import commit 14581e01203df7aa63c7c8383a12e6ebe258476f (merge of v246.13)
423b1e759c Revert "resolved: gracefully handle with packets with too large RR count" (bsc#1183745)
4723778738 meson.build: make xinitrcdir configurable (bsc#1183408)
[...]
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/9753d1c17545a5d46530696cb14254f5f12024f1...14581e01203df7aa63c7c8383a12e6ebe258476f
- Drop 0001-Revert-resolved-gracefully-handle-with-packets-with-.patch
as it's part of v246.13.
- Make use of the new build option to ship xinitrc in
/usr/etc/X11/xinit/xinitrc.d (bsc#1183408)
++++ python-rpm:
- update to rpm-4.16.1.3
++++ qemu:
- Switch method of splitting off hw-s390x-virtio-gpu-ccw.so as a
module to what was accepted upstream (bsc#1181103)
* Patches dropped:
hw-s390x-modularize-virtio-gpu-ccw.patch
* Patches added:
s390x-add-have_virtio_ccw.patch
s390x-modularize-virtio-gpu-ccw.patch
s390x-move-S390_ADAPTER_SUPPRESSIBLE.patch
------------------------------------------------------------------
------------------ 2021-3-29 - Mar 29 2021 -------------------
------------------------------------------------------------------
++++ filesystem:
- also make includedir, mandir, licensedir readonly (bsc#1184786)
++++ kernel-default:
- Update to 5.12-rc5
- refresh configs
- XEN_BALLOON_MEMORY_HOTPLUG_LIMIT renamed to XEN_MEMORY_HOTPLUG_LIMIT (x86_64)
- commit 5fe2d5c
++++ lua54:
- Update to version 5.4.3:
* Fixes bugs found in Lua 5.4.2
- Removed upstream-bugs.patch: new release (no bugs found yet)
- Removed upstream-bugs-test.patch: new release (no bugs found yet)
++++ ncurses:
- Disable pcre support for now (boo#1183960, boo#1184083)
- Add ncurses patch 20210327
+ build-fixes for Solaris10 /bin/sh
+ fix some cppcheck warnings, mostly style, in ncurses test-programs,
form and menu libraries.
++++ podman:
- Create docker subpackage to allow replacing docker with
corresponding aliases to podman.
++++ shim:
- Add shim-bsc1182057-sbat-variable-enhancement.patch to change
the SBAT variable name and enhance the handling of SBAT
(bsc#1182057)
++++ toolbox:
- Update to version 2.1+git20210329.d14ac82:
* Fix localtime and mount sys, e.g., for tracing
* Fix 'toolbox list' returning an error code even if working
------------------------------------------------------------------
------------------ 2021-3-27 - Mar 27 2021 -------------------
------------------------------------------------------------------
++++ apparmor:
- replace %{?systemd_requires} with %{?systemd_ordering} to avoid dragging in
systemd into containers just because apparmor-parser ships a *.service file
++++ gdk-pixbuf:
- Disable building of docs: creates a cycle with python:
+ Drop python3-gi-docgen BuildRequires.
+ Pass gtk_doc=false to meson
++++ libapparmor:
- replace %{?systemd_requires} with %{?systemd_ordering} to avoid dragging in
systemd into containers just because apparmor-parser ships a *.service file
++++ sqlite3:
- SQLite 3.35.3:
* Enhance the OP_OpenDup opcode of the bytecode engine so that
it works even if the cursor being duplicated itself came from
OP_OpenDup
* When materializing correlated common table expressions, do so
separately for each use case, as that is required for
correctness. This fixes a problem that was introduced by the
MATERIALIZED hint enhancement.
* Fix a problem in the filename normalizer of the unix VFS
* Fix the "box" output mode in the CLI so that it works with
statements that returns one or more rows of zero columns
(such as PRAGMA incremental_vacuum)
* Improvements to error messages generated by faulty common
table expressions
* Fix some incorrect assert() statements
* Fix to the SELECT statement syntax diagram so that the FROM
clause syntax is shown correctly
* Fix the EBCDIC character classifier so that it understands
newlines as whitespace
* Improvements the xBestIndex method in the implementation of the
(unsupported) wholenumber virtual table extension so that it
does a better job of convincing the query planner to avoid
trying to materialize a table with an infinite number of rows
------------------------------------------------------------------
------------------ 2021-3-26 - Mar 26 2021 -------------------
------------------------------------------------------------------
++++ filesystem:
- also fix /var/lib/empty to be readonly (bsc#1184786)
++++ kernel-default:
- drm/nouveau/kms/nve4-nv108: Limit cursors to 128x128
(bsc#1183671).
- commit fa5dcf1
- Update config files: disable CONFIG_SND_HDA_INTEL_HDMI_SILENT_STREAM (bsc#1184019)
- commit d848134
++++ libassuan:
- update to 2.5.5:
* Fix a crash in the logging code
* Upgrade autoconf
++++ libgpg-error:
- update to 1.42:
* Improve cross-compiling support
* Improve $libdir determination by gpgrt-config
* Support --disable-thread by gen-lock-obj.sh
* Interface changes relative to the 1.40 release
GPG_ERR_SOURCE_TPM2D
++++ ceph:
- Update to 16.1.0-1217-g8e1da7347e:
+ rpm: drop extraneous explicit sqlite-libs runtime dependency
++++ libsolv:
- fixed regex code on win32
- fixed memory leak in choice rule generation
- repo_add_conda: add flag to skip v2 packages
- bump version to 0.7.18
++++ ovmf:
- Add ovmf-bsc1183713-fix-gcc10-brotli-errors.patch to fix the
gcc10 error from brotli (bsc#1183713)
------------------------------------------------------------------
------------------ 2021-3-25 - Mar 25 2021 -------------------
------------------------------------------------------------------
++++ NetworkManager:
- Add NM-restore-MAC-on-release-only-when-cloned.patch: bond:
restore MAC on release only when there is a cloned MAC address
(glfo#NetworkManager/NetworkManager!775, bsc#1183967).
++++ compat-usrmerge:
- catch boolean deps
++++ cups:
- Add "testsuite" conditional that disables anything within %check
++++ transactional-update:
- Version 3.3.0
- Add support for more package managers by bind mounting their directories
- Support snapshots without dedicated overlay [boo#1183539], [bsc#1183539]
- Link RPM database correctly with older zypper versions [boo#1183521]
- Don't discard manual changes in fstab [boo#1183856], [bsc#1192302]
++++ filesystem:
- make bindir/ _lib and _libdir readonly (mode 0555) to avoid
runpath-to-writeable-directory warning (bsc#1184786)
++++ kernel-default:
- Linux 5.11.10 (bsc#1012628).
- Revert "drm/ttm: Warn on pinning without holding a reference"
(bsc#1012628).
- Revert "drm/ttm: make ttm_bo_unpin more defensive"
(bsc#1012628).
- commit fccd69b
++++ gpgme:
- Can't assume non-existence of python38 macros in Leap.
gh#openSUSE/python-rpm-macros#107
Test for suse_version instead. Only Tumbleweed has and needs the
python_subpackage_only support.
++++ ncurses:
- Add ncurses patch 20210323
+ add configure option --enable-stdnoreturn, making the _Noreturn
keyword optional to ease transition (prompted by report by
Rajeev V Pillai).
++++ openssl-1_1:
- Update to 1.1.1k
* Fixed a problem with verifying a certificate chain when using
the X509_V_FLAG_X509_STRICT flag. This flag enables additional
security checks of the certificates present in a certificate
chain. It is not set by default. ([CVE-2021-3450])
[bsc#1183851]
* Fixed an issue where an OpenSSL TLS server may crash if sent a
maliciously crafted renegotiation ClientHello message from a
client. If a TLSv1.2 renegotiation ClientHello omits the
signature_algorithms extension (where it was present in the
initial ClientHello), but includes a signature_algorithms_cert
extension then a NULL pointer dereference will result, leading
to a crash and a denial of service attack.
A server is only vulnerable if it has TLSv1.2 and renegotiation
enabled (which is the default configuration). OpenSSL TLS
clients are not impacted by this issue. ([CVE-2021-3449])
[bsc#1183852]
++++ protobuf:
- Can't assume non-existence of python38 macros in Leap.
gh#openSUSE/python-rpm-macros#107
Test for suse_version instead. Only Tumbleweed has and needs the
python_subpackage_only support.
++++ ceph:
- pre_checkin.sh: add README-packaging.txt as a source file to ceph-test.spec
(to pacify obs-service-source_validator)
- Update to 16.1.0-1216-gbaca20b112:
+ spec: prepare openSUSE usrmerge (boo#1029961)
- Update to 16.1.0-1215-gd99465b6ba
+ rebase on top of upstream commit 3eb70cf622aace689e45749e8a92fce033d3d55c
(tip of "pacific" branch)
* introduce libnpmem and libpmemobj dependencies to for RBD_RWL and
RBD_SSD_CACHE features backed by system PMDK
* introduce libcephsqlite
- Add README-packaging.txt
++++ openssl:
- Update to 1.1.1k release
------------------------------------------------------------------
------------------ 2021-3-24 - Mar 24 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- drm/ttm: stop destroying pinned ghost object (git-fixes).
- commit 39815e4
- Linux 5.11.9 (bsc#1012628).
- ASoC: ak4458: Add MODULE_DEVICE_TABLE (bsc#1012628).
- ASoC: ak5558: Add MODULE_DEVICE_TABLE (bsc#1012628).
- spi: cadence: set cqspi to the driver_data field of struct
device (bsc#1012628).
- ALSA: dice: fix null pointer dereference when node is
disconnected (bsc#1012628).
- ALSA: hda/realtek: apply pin quirk for XiaomiNotebook Pro
(bsc#1012628).
- ALSA: hda: generic: Fix the micmute led init state
(bsc#1012628).
- ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi Redmibook
Air (bsc#1012628).
- ALSA: hda/realtek: fix mute/micmute LEDs for HP 840 G8
(bsc#1012628).
- ALSA: hda/realtek: fix mute/micmute LEDs for HP 440 G8
(bsc#1012628).
- ALSA: hda/realtek: fix mute/micmute LEDs for HP 850 G8
(bsc#1012628).
- Revert "PM: runtime: Update device status before letting
suppliers suspend" (bsc#1012628).
- s390/vtime: fix increased steal time accounting (bsc#1012628).
- s390/pci: refactor zpci_create_device() (bsc#1012628).
- s390/pci: remove superfluous zdev->zbus check (bsc#1012628).
- s390/pci: fix leak of PCI device structure (bsc#1012628).
- zonefs: Fix O_APPEND async write handling (bsc#1012628).
- zonefs: prevent use of seq files as swap file (bsc#1012628).
- zonefs: fix to update .i_wr_refcnt correctly in
zonefs_open_zone() (bsc#1012628).
- btrfs: fix race when cloning extent buffer during rewind of
an old root (bsc#1012628).
- btrfs: fix slab cache flags for free space tree bitmap
(bsc#1012628).
- vhost-vdpa: fix use-after-free of v->config_ctx (bsc#1012628).
- vhost-vdpa: set v->config_ctx to NULL if eventfd_ctx_fdget()
fails (bsc#1012628).
- drm/amd/display: Correct algorithm for reversed gamma
(bsc#1012628).
- drm/amd/display: Remove MPC gamut remap logic for DCN30
(bsc#1012628).
- iommu/amd: Don't call early_amd_iommu_init() when AMD IOMMU
is disabled (bsc#1012628).
- iommu/amd: Keep track of amd_iommu_irq_remap state
(bsc#1012628).
- iommu/amd: Move Stoney Ridge check to detect_ivrs()
(bsc#1012628).
- ASoC: fsl_ssi: Fix TDM slot setup for I2S mode (bsc#1012628).
- ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 10-p0XX OVCD
current threshold (bsc#1012628).
- ASoC: SOF: Intel: unregister DMIC device on probe error
(bsc#1012628).
- ASoC: SOF: intel: fix wrong poll bits in dsp power down
(bsc#1012628).
- ASoC: qcom: sdm845: Fix array out of bounds access
(bsc#1012628).
- ASoC: qcom: sdm845: Fix array out of range on rx slim channels
(bsc#1012628).
- ASoC: codecs: wcd934x: add a sanity check in set channel map
(bsc#1012628).
- ASoC: qcom: lpass-cpu: Fix lpass dai ids parse (bsc#1012628).
- ASoC: simple-card-utils: Do not handle device clock
(bsc#1012628).
- afs: Fix accessing YFS xattrs on a non-YFS server (bsc#1012628).
- afs: Stop listxattr() from listing "afs.*" attributes
(bsc#1012628).
- ALSA: usb-audio: Fix unintentional sign extension issue
(bsc#1012628).
- nvme: fix Write Zeroes limitations (bsc#1012628).
- nvme-tcp: fix misuse of __smp_processor_id with preemption
enabled (bsc#1012628).
- nvme-tcp: fix possible hang when failing to set io queues
(bsc#1012628).
- nvme-tcp: fix a NULL deref when receiving a 0-length r2t PDU
(bsc#1012628).
- nvmet: don't check iosqes,iocqes for discovery controllers
(bsc#1012628).
- nfsd: Don't keep looking up unhashed files in the nfsd file
cache (bsc#1012628).
- nfsd: don't abort copies early (bsc#1012628).
- NFSD: Repair misuse of sv_lock in 5.10.16-rt30 (bsc#1012628).
- NFSD: fix dest to src mount in inter-server COPY (bsc#1012628).
- svcrdma: disable timeouts on rdma backchannel (bsc#1012628).
- vfio: IOMMU_API should be selected (bsc#1012628).
- vhost_vdpa: fix the missing irq_bypass_unregister_producer()
invocation (bsc#1012628).
- sunrpc: fix refcount leak for rpc auth modules (bsc#1012628).
- i915/perf: Start hrtimer only if sampling the OA buffer
(bsc#1012628).
- iommu/tegra-smmu: Make tegra_smmu_probe_device() to handle
all IOMMU phandles (bsc#1012628).
- pstore: Fix warning in pstore_kill_sb() (bsc#1012628).
- io_uring: ensure that SQPOLL thread is started for exit
(bsc#1012628).
- net/qrtr: fix __netdev_alloc_skb call (bsc#1012628).
- cifs: warn and fail if trying to use rootfs without the config
option (bsc#1012628).
- cifs: fix allocation size on newly created files (bsc#1012628).
- RISC-V: Fix out-of-bounds accesses in init_resources()
(bsc#1012628).
- riscv: Correct SPARSEMEM configuration (bsc#1012628).
- scsi: lpfc: Fix some error codes in debugfs (bsc#1012628).
- scsi: myrs: Fix a double free in myrs_cleanup() (bsc#1012628).
- scsi: ufs: ufs-mediatek: Correct operator & -> && (bsc#1012628).
- scsi: mpt3sas: Do not use GFP_KERNEL in atomic context
(bsc#1012628).
- RISC-V: correct enum sbi_ext_rfence_fid (bsc#1012628).
- counter: stm32-timer-cnt: Report count function when
SLAVE_MODE_DISABLED (bsc#1012628).
- ASoC: codecs: lpass-va-macro: mute/unmute all active decimators
(bsc#1012628).
- ASoC: codecs: lpass-wsa-macro: fix RX MIX input controls
(bsc#1012628).
- powerpc/vdso32: Add missing _restgpr_31_x to fix build failure
(bsc#1012628).
- drm/ttm: Warn on pinning without holding a reference
(bsc#1012628).
- drm/ttm: make ttm_bo_unpin more defensive (bsc#1012628).
- gpiolib: Assign fwnode to parent's if no primary one provided
(bsc#1012628).
- nvme-rdma: fix possible hang when failing to set io queues
(bsc#1012628).
- powerpc: Force inlining of cpu_has_feature() to avoid build
failure (bsc#1012628).
- usb-storage: Add quirk to defeat Kindle's automatic unload
(bsc#1012628).
- usbip: Fix incorrect double assignment to udc->ud.tcp_rx
(bsc#1012628).
- usb: gadget: configfs: Fix KASAN use-after-free (bsc#1012628).
- usb: typec: Remove vdo[3] part of tps6598x_rx_identity_reg
struct (bsc#1012628).
- usb: typec: tcpm: Invoke power_supply_changed for
tcpm-source-psy- (bsc#1012628).
- usb: dwc3: gadget: Allow runtime suspend if UDC unbinded
(bsc#1012628).
- usb: dwc3: gadget: Prevent EP queuing while stopping transfers
(bsc#1012628).
- thunderbolt: Initialize HopID IDAs in tb_switch_alloc()
(bsc#1012628).
- thunderbolt: Increase runtime PM reference count on DP tunnel
discovery (bsc#1012628).
- iio:adc:stm32-adc: Add HAS_IOMEM dependency (bsc#1012628).
- iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID
channel (bsc#1012628).
- iio: adis16400: Fix an error code in adis16400_initial_setup()
(bsc#1012628).
- iio: gyro: mpu3050: Fix error handling in
mpu3050_trigger_handler (bsc#1012628).
- iio: adc: ab8500-gpadc: Fix off by 10 to 3 (bsc#1012628).
- iio: adc: ad7949: fix wrong ADC result due to incorrect bit mask
(bsc#1012628).
- iio: adc: adi-axi-adc: add proper Kconfig dependencies
(bsc#1012628).
- iio: hid-sensor-humidity: Fix alignment issue of timestamp
channel (bsc#1012628).
- iio: hid-sensor-prox: Fix scale not correct issue (bsc#1012628).
- iio: hid-sensor-temperature: Fix issues of timestamp channel
(bsc#1012628).
- counter: stm32-timer-cnt: fix ceiling write max value
(bsc#1012628).
- counter: stm32-timer-cnt: fix ceiling miss-alignment with
reload register (bsc#1012628).
- PCI: rpadlpar: Fix potential drc_name corruption in store
functions (bsc#1012628).
- perf/x86/intel: Fix a crash caused by zero PEBS status
(bsc#1012628).
- perf/x86/intel: Fix unchecked MSR access error caused by
VLBR_EVENT (bsc#1012628).
- x86/ioapic: Ignore IRQ2 again (bsc#1012628).
- kernel, fs: Introduce and use set_restart_fn() and
arch_set_restart_data() (bsc#1012628).
- x86: Move TS_COMPAT back to asm/thread_info.h (bsc#1012628).
- x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall()
(bsc#1012628).
- efivars: respect EFI_UNSUPPORTED return from firmware
(bsc#1012628).
- ext4: fix error handling in ext4_end_enable_verity()
(bsc#1012628).
- ext4: find old entry again if failed to rename whiteout
(bsc#1012628).
- ext4: stop inode update before return (bsc#1012628).
- ext4: do not try to set xattr into ea_inode if value is empty
(bsc#1012628).
- ext4: fix potential error in ext4_do_update_inode (bsc#1012628).
- ext4: fix timer use-after-free on failed mount (bsc#1012628).
- ext4: fix rename whiteout with fast commit (bsc#1012628).
- MAINTAINERS: move some real subsystems off of the staging
mailing list (bsc#1012628).
- MAINTAINERS: move the staging subsystem to lists.linux.dev
(bsc#1012628).
- static_call: Fix static_call_update() sanity check
(bsc#1012628).
- efi: use 32-bit alignment for efi_guid_t literals (bsc#1012628).
- firmware/efi: Fix a use after bug in efi_mem_reserve_persistent
(bsc#1012628).
- genirq: Disable interrupts for force threaded handlers
(bsc#1012628).
- x86/apic/of: Fix CPU devicetree-node lookups (bsc#1012628).
- cifs: Fix preauth hash corruption (bsc#1012628).
- Update config files.
- commit 8be2d1c
++++ systemd:
- Add 0001-Revert-resolved-gracefully-handle-with-packets-with-.patch
Temporary workaround for bsc#1183745 (upstream issue 18917) until an
actual fix is found.
++++ makedumpfile:
- Update to version 1.6.8:
* Support newer kernels up to v5.9
* arm64: Add support for ARMv8.2-LPA (52-bit PA support)
* Retrieve MAX_PHYSMEM_BITS from vmcoreinfo
* sadump, kaslr: fix failure of calculating kaslr_offset
* Introduce --check-params option
* cope with not-present mem section
- Drop upstreamed patches:
* makedumpfile-Fix-cd_header-offset-overflow-with-large-pfn.patch
* makedumpfile-arm64-Align-PMD_SECTION_MASK-with-PHYS_MASK.patch
* makedumpfile-sadump-Fix-failure-of-reading.patch
- Allow to read kernel log from the lockless ringbuffer (bsc#1183965):
* makedumpfile-printk-add-support-for-lockless-ringbuffer.patch
* makedumpfile-printk-use-committed-finalized-state-value.patch
++++ shim:
- Update to 15.3 for SBAT support (bsc#1182057)
+ Drop gnu-efi from BuildRequires since upstream pull it into the
tar ball.
- Generate vender-specific SBAT metadata
+ Add dos2unix to BuildRequires since Makefile requires it for
vendor SBAT
- Update dbx-cert.tar.xz and vendor-dbx.bin to block the following
sign keys:
+ SLES-UEFI-SIGN-Certificate-2020-07.crt
+ openSUSE-UEFI-SIGN-Certificate-2020-07.crt
- Refresh patches
+ shim-arch-independent-names.patch
+ shim-change-debug-file-path.patch
+ shim-bsc1177315-verify-eku-codesign.patch
- Unified with shim-bsc1177315-fix-buffer-use-after-free.patch
- Drop upstreamed fixes
+ shim-correct-license-in-headers.patch
+ shim-always-mirror-mok-variables.patch
+ shim-bsc1175509-more-tpm-fixes.patch
+ shim-bsc1173411-only-check-efi-var-on-sb.patch
+ shim-fix-verify-eku.patch
+ gcc9-fix-warnings.patch
+ shim-fix-gnu-efi-3.0.11.patch
+ shim-bsc1177404-fix-a-use-of-strlen.patch
+ shim-do-not-write-string-literals.patch
+ shim-VLogError-Avoid-Null-pointer-dereferences.patch
+ shim-bsc1092000-fallback-menu.patch
+ shim-bsc1175509-tpm2-fixes.patch
+ shim-bsc1174512-correct-license-in-headers.patch
+ shim-bsc1182776-fix-crash-at-exit.patch
- Drop shim-opensuse-cert-prompt.patch
+ All newly released openSUSE kernels enable kernel lockdown
and signature verification, so there is no need to add the
prompt anymore.
------------------------------------------------------------------
------------------ 2021-3-23 - Mar 23 2021 -------------------
------------------------------------------------------------------
++++ glibc:
- Don't remove -f[asynchronous-]unwind-tables during configure run, no
longer needed
++++ libcontainers-common:
- Reintroduce SLE specific mounts config, to avoid errors on non-SLE systems
++++ ncurses:
- Enhence cursescheck script
++++ systemd:
- enable libiptc for masquerading support in networkd
++++ qemu:
- Fix OOB access in sdhci interface (CVE-2020-17380, bsc#1175144,
CVE-2020-25085, bsc#1176681, CVE-2021-3409, bsc#1182282)
hw-sd-sd-Actually-perform-the-erase-oper.patch
hw-sd-sd-Fix-build-error-when-DEBUG_SD-i.patch
hw-sd-sdhci-Correctly-set-the-controller.patch
hw-sd-sdhci-Don-t-transfer-any-data-when.patch
hw-sd-sdhci-Don-t-write-to-SDHC_SYSAD-re.patch
hw-sd-sdhci-Limit-block-size-only-when-S.patch
hw-sd-sdhci-Reset-the-data-pointer-of-s-.patch
hw-sd-sd-Move-the-sd_block_-read-write-a.patch
hw-sd-sd-Skip-write-protect-groups-check.patch
- Fix potential privilege escalation in virtiofsd tool
(CVE-2021-20263, bsc#1183373)
tools-virtiofsd-Replace-the-word-whiteli.patch
viriofsd-Add-support-for-FUSE_HANDLE_KIL.patch
virtiofsd-extract-lo_do_open-from-lo_ope.patch
virtiofsd-optionally-return-inode-pointe.patch
virtiofsd-prevent-opening-of-special-fil.patch
virtiofs-drop-remapped-security.capabili.patch
virtiofsd-Save-error-code-early-at-the-f.patch
- Fix OOB access (stack overflow) in rtl8139 NIC emulation
(CVE-2021-3416, bsc#1182968)
net-introduce-qemu_receive_packet.patch
rtl8139-switch-to-use-qemu_receive_packe.patch
- Fix OOB access (stack overflow) in other NIC emulations
(CVE-2021-3416)
cadence_gem-switch-to-use-qemu_receive_p.patch
dp8393x-switch-to-use-qemu_receive_packe.patch
e1000-switch-to-use-qemu_receive_packet-.patch
lan9118-switch-to-use-qemu_receive_packe.patch
msf2-mac-switch-to-use-qemu_receive_pack.patch
pcnet-switch-to-use-qemu_receive_packet-.patch
sungem-switch-to-use-qemu_receive_packet.patch
tx_pkt-switch-to-use-qemu_receive_packet.patch
- Fix heap overflow in MSIx emulation (CVE-2020-27821, bsc#1179686)
memory-clamp-cached-translation-in-case-.patch
- Include upstream patches designated as stable material and
reviewed for applicability to include here
hw-arm-virt-Disable-pl011-clock-migratio.patch
xen-block-Fix-removal-of-backend-instanc.patch
- Fix package scripts to not use hard coded paths for temporary
working directories and log files (bsc#1182425)
------------------------------------------------------------------
------------------ 2021-3-22 - Mar 22 2021 -------------------
------------------------------------------------------------------
++++ gsettings-desktop-schemas:
- Update to version 40.0:
+ Updated translations.
++++ attr:
- update to 2.5.1:
* Fix libtool library versioning regression
* Update po files and German translation
* getfattr: Add --one-file-system option
* Move struct stat into struct walk_tree_args
* Move list of open directories into struct walk_tree_args
* Move walk_tree_rec arguments into a separate struct
* xattr.conf: Indicate afs metadata xattrs should be skipped when copying
* Fix typos in manual pages
* getfattr.1: by default only user namespace attributes are dumped
* Enable large-file support on systems that do not enable it by default
* test: escape left brace in a regex in test/run
- drop 0001-attr-2.4.48-test-suite-perl.patch (upstream)
++++ libcap:
- update to 2.49:
* Implement cap_func_launcher() and cap.FuncLauncher().
* More robust "psx" redirection for nocgo compilation - the documentation for
the cgo implementation is now included in the nocgo one because the go.dev
automated documentation builds the docs from the nocgo version.
* Lots of documentation cleanups and added a few man pages: for IAB and
Launching.
* Some general no-op License changes that might cause folk to notice but only
for formatting reasons. These were initially inspired by some lawyerly
interactions, but I ended up rolling back half of them because they
confused automated software infrastructure.
++++ ncurses:
- Disable _Noreturn usage as it breaks build of e.g. dialog
- Add ncurses patch 20210320
+ improve parameter-checking in tput by forcing it to analyze any
extended string capability, e.g., as used in the Cs and Ms
capabilities of the tmux description (report by Brad Town,
cf: 20200531).
+ remove an incorrect free in the fallback (non-checking) version of
_nc_free_and_exit (report by Miroslav Lichvar).
+ correct use-ordering in some xterm-direct flavors -TD
+ add hterm, hterm-256color (Mike Frysinger)
+ if the build-time compiler accepts c11's _Noreturn keyword, use that
rather than gcc's attribute.
+ change configure-check for gcc's noreturn attribute to assume it is
a prefix rather than suffix, matching c11's _Noreturn convention.
+ add "lint" rule to c++/Makefile, e.g., with cppcheck.
- Port patch ncurses-6.2.dif by correcting offsets
++++ systemd:
- Default to the "unified" cgroup hierarchy. At this point, most
users of cgroup (such as docker, libvirt, kubernetes) should be
ready for this change. It's still possible to switch back to the
old "hybrid" hierarchy by passing "systemd.unified_cgroup_hierarchy=0"
option to the kernel command line.
------------------------------------------------------------------
------------------ 2021-3-21 - Mar 21 2021 -------------------
------------------------------------------------------------------
++++ gdk-pixbuf:
- Update to version 2.42.4:
+ Make enum type registration thread safe.
+ Do not install skipped test files.
+ Fix GIF initialization.
+ Always run GIF loader tests.
+ Fix leaks discovered via ASan.
+ Expose GdkPixbufLoader API via introspection.
+ Fix revert-to-previous first frame behaviour for GIF files.
+ Link to libintl if needed.
+ Improve support for using gdk-pixbuf as a subproject.
+ Fix build with GModule disabled.
+ Use gi-docgen to generate the API reference from introspection
data.
- Replace gtk-doc BuildRequires with python3-gi-docgen: follow
upstreams port.
- As a workaround to
https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/177, delete
the installed gi-docgen program files.
++++ kernel-default:
- Update to 5.12-rc4
- update configs
- VFIO=n (s390x/zfcpdump only)
- drop SND_SOC_SIRF_AUDIO_CODEC (removed)
- drop ADI_AXI_ADC (x86_64, depends on OF now)
- commit 094141b
- config: disable obsolete crypto algorithms (bsc#1180928)
- CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE y->n
- drop CRYPTO_ANUBIS
- drop CRYPTO_ARC4
- drop CRYPTO_KHAZAD
- drop CRYPTO_SEED
- drop CRYPTO_TEA
- commit 1c5c406
++++ libnettle:
- GNU Nettle 3.7.2:
* fix a bug in ECDSA signature verification that could lead to a
denial of service attack (via an assertion failure) or possibly
incorrect results (CVE-2021-20305, boo#1184401)
* fix a few related problems where scalars are required to be
canonically reduced modulo the ECC group order, but in fact may
be slightly larger
------------------------------------------------------------------
------------------ 2021-3-20 - Mar 20 2021 -------------------
------------------------------------------------------------------
++++ gobject-introspection:
- Update to version 1.68.0:
+ Update GLib annotations.
+ docs: cleanup.
+ Fix syntax errors in gir-1.2.rnc.
++++ glib-networking:
- Update to version 2.68.0:
+ Fix double free in GnuTLS client certificate request code.
++++ kernel-default:
- Linux 5.11.8 (bsc#1012628).
- io_uring: don't attempt IO reissue from the ring exit path
(bsc#1012628).
- KVM: x86/mmu: Expand on the comment in
kvm_vcpu_ad_need_write_protect() (bsc#1012628).
- KVM: x86/mmu: Set SPTE_AD_WRPROT_ONLY_MASK if and only if PML
is enabled (bsc#1012628).
- mptcp: send ack for every add_addr (bsc#1012628).
- mptcp: pm: add lockdep assertions (bsc#1012628).
- io_uring: refactor scheduling in io_cqring_wait (bsc#1012628).
- io_uring: refactor io_cqring_wait (bsc#1012628).
- io_uring: don't keep looping for more events if we can't flush
overflow (bsc#1012628).
- io_uring: simplify do_read return parsing (bsc#1012628).
- io_uring: clear IOCB_WAITQ for non -EIOCBQUEUED return
(bsc#1012628).
- regulator: pca9450: Add SD_VSEL GPIO for LDO5 (bsc#1012628).
- regulator: pca9450: Enable system reset on WDOG_B assertion
(bsc#1012628).
- regulator: pca9450: Clear PRESET_EN bit to fix BUCK1/2/3
voltage setting (bsc#1012628).
- gfs2: Add common helper for holding and releasing the freeze
glock (bsc#1012628).
- gfs2: move freeze glock outside the make_fs_rw and _ro functions
(bsc#1012628).
- gfs2: bypass signal_our_withdraw if no journal (bsc#1012628).
- bpf: Prohibit alu ops for pointer types not defining ptr_limit
(bsc#1012628).
- bpf: Fix off-by-one for area size in creating mask to left
(bsc#1012628).
- bpf: Simplify alu_limit masking for pointer arithmetic
(bsc#1012628).
- bpf: Add sanity check for upper ptr_limit (bsc#1012628).
- bpf, selftests: Fix up some test_verifier cases for unprivileged
(bsc#1012628).
- arm64: Unconditionally set virtual cpu id registers
(bsc#1012628).
- RDMA/srp: Fix support for unpopulated and unbalanced NUMA nodes
(bsc#1012628).
- fuse: fix live lock in fuse_iget() (bsc#1012628).
- Revert "nfsd4: remove check_conflicting_opens warning"
(bsc#1012628).
- Revert "nfsd4: a client's own opens needn't prevent delegations"
(bsc#1012628).
- net: dsa: b53: Support setting learning on port (bsc#1012628).
- crypto: x86/aes-ni-xts - use direct calls to and 4-way stride
(bsc#1012628).
- commit 995fe45
++++ at-spi2-core:
- Update to version 2.40.0:
+ No changes.
++++ sudo:
- update to 1.9.6p1
* Fixed a regression introduced in sudo 1.9.6 that resulted in an
error message instead of a usage message when sudo is run with
no arguments.
* Fixed a sudo_sendlog compilation problem with the AIX xlC compiler.
* Fixed a regression introduced in sudo 1.9.4 where the
- -disable-root-mailer configure option had no effect.
* Added a --disable-leaks configure option that avoids some
memory leaks on exit that would otherwise occur. This is intended
to be used with development tools that measure memory leaks. It
is not safe to use in production at this time.
* Plugged some memory leaks identified by oss-fuzz and ASAN.
* Fixed the handling of sudoOptions for an LDAP sudoRole that
contains multiple sudoCommands. Previously, some of the options
would only be applied to the first sudoCommand.
* Fixed a potential out of bounds read in the parsing of NOTBEFORE
and NOTAFTER sudoers command options (and their LDAP equivalents).
* The parser used for reading I/O log JSON files is now more
resilient when processing invalid JSON.
* Fixed typos that prevented "make uninstall" from working.
* Fixed a regression introduced in sudo 1.9.4 where the last line
in a sudoers file might not have a terminating NUL character
added if no newline was present.
* Integrated oss-fuzz and LLVM's libFuzzer with sudo. The new
- -enable-fuzzer configure option can be combined with the
- -enable-sanitizer option to build sudo with fuzzing support.
Multiple fuzz targets are available for fuzzing different parts
of sudo. Fuzzers are built and tested via "make fuzz" or as part
of "make check" (even when sudo is not built with fuzzing support).
Fuzzing support currently requires the LLVM clang compiler (not gcc).
* Fixed the --enable-static-sudoers configure option.
* Fixed a potential out of bounds read sudo when is run by a user
with more groups than the value of "max_groups" in sudo.conf.
* Added an "admin_flag" sudoers option to make the use of the
~/.sudo_as_admin_successful file configurable on systems where
sudo is build with the --enable-admin-flag configure option.
This mostly affects Ubuntu and its derivatives.
* The "max_groups" setting in sudo.conf is now limited to 1024.
This setting is obsolete and should no longer be needed.
* Fixed a bug in the tilde expansion of "CHROOT=dir" and "CWD=dir"
sudoers command options. A path "~/foo" was expanded to
"/home/userfoo" instead of "/home/user/foo". This also affects
the runchroot and runcwd Defaults settings.
* Fixed a bug on systems without a native getdelim(3) function
where very long lines could cause parsing of the sudoers file
to end prematurely.
* Fixed a potential integer overflow when converting the
timestamp_timeout and passwd_timeout sudoers settings to a
timespec struct.
* The default for the "group_source" setting in sudo.conf is now
"dynamic" on macOS. Recent versions of macOS do not reliably
return all of a user's non-local groups via getgroups(2), even
when _DARWIN_UNLIMITED_GETGROUPS is defined.
* Fixed a potential use-after-free in the PAM conversation function.
* Fixed potential redefinition of sys/stat.h macros in sudo_compat.h.
------------------------------------------------------------------
------------------ 2021-3-19 - Mar 19 2021 -------------------
------------------------------------------------------------------
++++ cups:
- fix-negotiate-authentication-between-CGIs-and-scheduler.patch
fixes web UI Kerberos authentication (bsc#1175960)
- Upstream changed to https://github.com/OpenPrinting/cups
- Added %check section to specfile that executes
the old 'make check' and the new (see 2.3.3op1) 'make test'
- Version upgrade to 2.3.3op2:
* Security: Fixed a buffer (read) overflow
in the ippReadIO function (CVE-2020-10001)
* Clarified the documentation for the "Listen" directive
* Fixed duplicate ColorModel entries for AirPrint printers
* Fixed directory/permission defaults for Debian
kfreebsd-based systems
* Fixed crash bug in ppdOpen
* Fixed regression in snprintf emulation function
* The scheduler's systemd service file now waits
for the nslcd service to start
* The libusb-based USB backend now uses a simpler read timer
implementation to avoid a regression in a previous change
* The PPD caching code now only tracks the APPrinterIconPath
value on macOS
* Fixed segfault in help.cgi when searching in man pages
* Root certificates were incorrectly stored in "~/.cups/ssl".
* Version upgrade to 2.3.3op1:
* The automated test suite can now be activated using make test
for consistency with other projects and CI environments - the
old make check continues to work as well, and the previous test
server behavior can be accessed by running make testserver.
* ippeveprinter now supports multiple icons and strings files.
* ippeveprinter now uses the system's FQDN with Avahi.
* ippeveprinter now supports Get-Printer-Attributes on "/".
* ippeveprinter now uses a deterministic "printer-uuid" value.
* ippeveprinter now uses system sounds on macOS
for Identify-Printer.
* Updated ippfind to look for files in "~/Desktop" on Windows.
* Updated ippfind to honor SKIP-XXX directives with PAUSE.
* Updated IPP Everywhere support to work around printers that only
advertise color raster support but really also support grayscale
* ipptool now supports DNS-SD URIs like
ipps://My%20Printer._ipps._tcp.local
* The scheduler now allows root backends to have world read
permissions but not world execute permissions
* Failures to bind IPv6 listener sockets no longer cause errors
if IPv6 is disabled on the host
* The SNMP backend now supports the HP and Ricoh vendor MIBs
* The scheduler no longer includes a timestamp in files it writes
* The systemd service names are now "cups.service"
and "cups-lpd.service"
* The scheduler no longer adds the local hostname to
the ServerAlias list
* Added LogFileGroup directive in "cups-files.conf" to control
the group owner of log files
* Added --with-max-log-size configure option
* Added --enable-sync-on-close configure option
* Added --with-error-policy configure option
* IPP Everywhere PPDs could have an "unknown" default InputSlot
* The httpAddrListen function now uses a listen backlog of 128.
* Added USB quirks
* Fixed IPP Everywhere v1.1 conformance issues in ippeveprinter.
* Fixed DNS-SD name collision support in ippeveprinter.
* Fixed compiler and code analyzer warnings.
* Fixed TLS support on Windows.
* Fixed ippfind sub-type searches with Avahi.
* Fixed the default hostname used by ippeveprinter on macOS.
* Fixed resolution of local IPP-USB printers with Avahi.
* Fixed coverity issues
* Fixed httpAddrConnect issues
* Fixed web interface device URI issue
* Fixed lp/lpr "printer/class not found" error reporting
* Fixed xinetd support for LPD clients
* Fixed libtool build issue
* Fixed a memory leak in the scheduler
* Fixed a potential integer overflow in the PPD hashing code
* Fixed output-bin and print-quality handling issues
* Fixed PPD options getting mapped to odd IPP values
like "tray---4"
* Fixed remote access to the cupsd.conf and log files
* Fixed the automated test suite when running in certain
build/CI environments
* Fixed a logging regression caused by a previous change
for Apple issue #5604
* Fixed fax phone number handling with GNOME
* Fixed potential rounding error in rastertopwg filter
* Fixed the "uri-security-supported" value from the scheduler
* Fixed IPP backend crash bug with "printer-alert" values
* Removed old Solaris inetconv(1m) reference in cups-lpd man page
* Fixed default options that incorrectly use the "custom" prefix
* Fixed a memory leak when resolving DNS-SD URIs
* Fixed systemd status reporting by adopting the notify interface
* Fixed crash in rastertopwg
* Fixed cupsManualCopies values in IPP Everywhere PPDs
- Removed let-cupsd-start-after-network.patch
as it is no longer required
- Removed CVE-2020-10001.patch as a fix as been merged upstream
- Removed section of specfile responsible for
renaming "org.cups.cups*" systemd files to cups*, due to
upstream renaming these files
++++ gstreamer:
- update to 1.18.4:
important security fixes for ID3 tag reading, matroska and realmedia
parsing, and gst-libav audio decoding
Details:
* audiomixer, audioaggregator: input buffer handling fixes
* decodebin3: improve stream-selection message handling
* uridecodebin3: make “caps†property work
* wavenc: fix writing of INFO chunks in some cases
* v4l2: bt601 colorimetry, allow encoder resolution changes, fix
decoder frame rate negotiation
* decklinkvideosink: fix auto format detection, and fixes for 29.97fps
framerate output
* mpeg-2 video handling fixes when seeking
* avviddec: fix bufferpool negotiation and possible memory corruption
when changing resolution
* various stability, performance and reliability improvements
* memory leak fixes
* build fixes: rpicamsrc, qt overlay example, d3d11videosink on UWP
* info: Don’t leak log function user_data if the debug system is
compiled out
* task: Use SetThreadDescription() Win32 API for setting thread names,
which preserves thread names in dump files.
* buffer, memory: Mark info in map functions as caller-allocates and
pass allocation params as const pointers where possible
* clock: define AUTO_CLEANUP_FREE_FUNC for GstClockID
* tag: id3v2: fix frame size check and potential invalid reads
* audio: Fix gst_audio_buffer_truncate() meta handling for
non-interleaved audio
* audioresample: respect buffer layout when draining
* audioaggregator: fix input_buffer ownership
* decodebin3: change stream selection message owner, so that the app
sends the stream-selection event to the right element
* rtspconnection: correct data_size when tunneled mode
* uridecodebin3: make caps property work
* video-converter: Don’t upsample invalid lines
* videodecoder: Fix racy critical when pool negotiation occurs during
flush
* video: Convert gst_video_info_to_caps() to take self as const ptr
* examples: added qt core dependency for qt overlay example
* matroskademux: header parsing fixes
* rpicamsrc: depend on posix threads and vchiq_arm to fix build on
raspios again
* wavenc: Fixed INFO chunk corruption, caused by odd sized data not
being padded
* wavpackdec: Add floating point format support to fix distortions in
some cases
* v4l2: recognize V4L2 bt601 colorimetry again
* v4l2videoenc: support resolution change stream encode
* v4l2h265codec: fix HEVC profile string issue
* v4l2object: Need keep same transfer as input caps
* v4l2videodec: Fix vp8 and vp9 streams can’t play on board with
vendor bsp
* v4l2videodec: fix src side frame rate negotiation
* avwait: Don’t post messages with the mutex locked
* d3d11h264dec: Reconfigure decoder object on DPB size change and keep
track of actually configured DPB size
* dashsink: fix double unref of sinkpad caps
* decklinkvideosink: Use correct numerator for 29.97fps
* decklinkvideosink: fix auto format detection
* decklinksrc: Use a more accurate capture time
* d3d11videosink: Fix build error on UWP
* interlace: negotiation and buffer leak fixes
* mpegvideoparse: do not clip, so decoder receives data from keyframe
even if it’s before the segment start
* mpegtsparse: Fix switched DTS/PTS when set-timestamps=false
* nvh264sldec: Reopen decoder object if larger DPB size is required
* sdpsrc: fix double free if sdp is provided as string via the
property
* vulkan: Fix elements long name.
++++ parted:
- Direct file system manipulation support was removed in 2011.
- Removed build dependencies on libreiserfs-devel and
e2fsprogs-devel.
++++ snapper:
- fixed creating root config (root prefix handling)
(gh#openSUSE/snapper#627)
- version 0.8.16
++++ sqlite3:
- Fix typo in macro definition.
++++ libtpms:
- Update to version 0.7.7
* CryptSym: fix AES output IV (bsc#1183729, CVE-2021-3446)
* tpm2: Fix public key context save due to ANY_OBJECT_Marshal usage
* tpm2: Address some Coverity issues (false positives)
* tpm1.2: Backported ASAN/UBSAN related fixes
* tpm2: Return properly sized array for b parameter for NIST P521
(HLK)
* tpm2: Addressed issues detected by UBSAN
* tpm2: Addressed issues detected by cppcheck (false positives)
++++ libvirt-glib:
- Update to version 4.0.0:
+ Replace autotools build system with meson.
+ Mandate libvirt >= 1.2.8.
+ Mandate libxml2 >= 2.9.1.
+ Mandate glib >= 2.48.0.
+ Mandate gobject-introspection >= 1.46.0.
+ Fix docs incompatibility with gtk-doc >= 1.30.
+ Misc API docs fixes.
+ Add constants related to NVRAM during domain delete.
+ Add domain config API for controller ports attribute.
+ Fix compat with newer glib by avoid volatile for enum types.
+ Updated translations.
- Switch build system to meson:
+ Drop libtool BuildRequires: no longer needed.
+ Add meson BuildRequires.
+ Add gtk-doc BuildRequires: new dependency.
+ Replace configure/make/make_install macros with
meson/meson_build/meson_install variants.
++++ python-gobject:
- Update to version 3.40.0:
+ GTK 4 compatibility fixes.
+ Python 3.9 and 3.10 compatibility fixes.
+ New minimal dependency requirements.
- Up glib2, gobject-introspection, and cairo required versions.
------------------------------------------------------------------
------------------ 2021-3-18 - Mar 18 2021 -------------------
------------------------------------------------------------------
++++ ca-certificates:
- openssl command line tools are no longer required, p11-kit does
the job.
++++ compat-usrmerge:
- cp can't handle copying a dir over non-directories. So move those
away in advance. Happened with /lib/udev existing as link on older
distros
++++ cups:
- Remove code comments from expanded scriptlets to reduce size
cf. https://build.opensuse.org/request/show/879976
++++ gobject-introspection:
- Update to version 1.67.1:
+ Requires Python 3.6+.
+ Update GLib annotations.
+ Fix compatibility with Python 3.10.
+ Fix build with GIR data disabled.
+ Add test object for signal marshallers.
++++ glib2:
- Update to version 2.68.0:
+ Bugs fixed:
- build: Drop gconstructor_as_data_h usage from
glib-compile-schemas.
- glib.supp: Generalize some suppressions.
- gbytesicon: Fix error in g_bytes_icon_new() documentation.
- glocalfileoutputstream: Tidy up error handling.
- tests: Fix copy/paste error in queue test.
- Update to version 2.67.6:
+ Fix a security issue when using `g_file_replace()` with
`G_FILE_CREATE_REPLACE_DESTINATION`.
+ Disallow operations on the empty path with
`g_file_new_from_path()`.
+ Various fixes for GLib when building with clang-cl on Windows.
+ Updated translations.
++++ gnutls:
- Require the main package in devel and lib packages as the default
priorities are now set via crypto-policies. [bsc#1183082]
++++ gsettings-desktop-schemas:
- Update to version 40.rc:
+ Updated translations.
++++ kernel-default:
- config.conf: add kernel-debug for arm64 (bsc#1183716)
- commit 68a1ba6
- kbuild: Fix <linux/version.h> for empty SUBLEVEL or PATCHLEVEL
again (git-fixes).
- mptcp: dispose initial struct socket when its subflow is closed
(git-fixes).
- kbuild: Fix <linux/version.h> for empty SUBLEVEL or PATCHLEVEL
again (git-fixes).
- mptcp: dispose initial struct socket when its subflow is closed
(git-fixes).
- commit a314558
++++ kernel-firmware:
- Update to version 20210315 (git commit 3568f962908c):
* linux-firmware: Update firmware file for Intel Bluetooth AX210
* linux-firmware: Update firmware file for Intel Bluetooth AX200
* linux-firmware: Update firmware file for Intel Bluetooth AX201
* rtw88: 8822c: Update normal firmware to v9.9.6
* iwlwifi: add new FWs from core59-66 release
* iwlwifi: update 9000-family firmwares
* iwlwifi: update 7265D firmware
* Mellanox: Add new mlxsw_spectrum firmware xx.2008.2406
* linux-firmware: add frimware for mediatek bluetooth chip (MT7921)
* rtw89: 8852a: add firmware v0.9.12.2
* WHENCE: add missing symlink for BananaPi M3
* Add symlink for BananaPi M2 to brcmfmac43430-sdio config
* brcm: Fix Raspberry Pi 4B NVRAM file
* silabs: add new firmware for WF200
* amdgpu: add initial firmware for green sardine
* rtw88: RTL8822C: Update normal firmware to v9.9.5
- Drop obsoleted patch:
Revert-brcm-rpi4-boardflags3-bit.patch
- Update topics and aliases
++++ at-spi2-core:
- Update to version 2.39.91:
+ Fix a couple of memory leaks.
+ Remove const from AtspiDeviceListenerCB prototype.
++++ multipath-tools:
- Update to version 0.8.5+29+suse.5dabcd2:
* 11-dm-mpath.rules: run "multipath -U" with -v1 (bsc#1182871)
* libmultipath: merge update_multipath_table() and update_multipath_status()
(bsc#1183666)
++++ libsemanage:
- Link to correct so version
- Minor spec file cleanups
++++ libvirt:
- spec: Fix exec-restart of virtlockd and virtlogd on package upgrade
bsc#1183411
++++ python-semanage:
- Minor spec file cleanups
------------------------------------------------------------------
------------------ 2021-3-17 - Mar 17 2021 -------------------
------------------------------------------------------------------
++++ aaa_base:
- Update to version 84.87+git20210317.2c04190:
* Don't rely on external dirname utility, but use ${d:h} tcsh expression.
* Enable locking feature of tcsh history file handling
* Add tcsh xd alias as well.
* Add ash xd() function as well.
* Add new function xd() "jump to the directory of a file"
++++ elfutils:
- Add disable-run-readelf-self-test.patch in order to disable
a failing test-case with GCC 11 (PR27367).
++++ gtk3:
- Update to version 3.24.27:
+ Input: Ensure preedit-start and preedit-end are emitted
properly.
+ GtkScrolledWindow: Revert a change that broke touch scrolling.
+ Theme:
- Fix a problem with size changes in SSD decorations that
caused mutter crashes
- Use transparent black for window border in the dark theme.
+ Updated translations.
++++ kernel-default:
- Linux 5.11.7 (bsc#1012628).
- uapi: nfnetlink_cthelper.h: fix userspace compilation error
(bsc#1012628).
- powerpc/603: Fix protection of user pages mapped with PROT_NONE
(bsc#1012628).
- powerpc/perf: Fix handling of privilege level checks in perf
interrupt context (bsc#1012628).
- powerpc/pseries: Don't enforce MSI affinity with kdump
(bsc#1012628).
- ethernet: alx: fix order of calls on resume (bsc#1012628).
- crypto: mips/poly1305 - enable for all MIPS processors
(bsc#1012628).
- mptcp: fix length of ADD_ADDR with port sub-option
(bsc#1012628).
- ath9k: fix transmitting to stations in dynamic SMPS mode
(bsc#1012628).
- net: Fix gro aggregation for udp encaps with zero csum
(bsc#1012628).
- net: check if protocol extracted by virtio_net_hdr_set_proto
is correct (bsc#1012628).
- net: avoid infinite loop in mpls_gso_segment when mpls_hlen ==
0 (bsc#1012628).
- ath11k: fix AP mode for QCA6390 (bsc#1012628).
- net: l2tp: reduce log level of messages in receive path,
add counter instead (bsc#1012628).
- gpiolib: acpi: Add ACPI_GPIO_QUIRK_ABSOLUTE_NUMBER quirk
(bsc#1012628).
- gpiolib: acpi: Allow to find GpioInt() resource by name and
index (bsc#1012628).
- can: skb: can_skb_set_owner(): fix ref counting if socket was
closed before setting skb ownership (bsc#1012628).
- gpio: pca953x: Set IRQ type when handle Intel Galileo Gen 2
(bsc#1012628).
- can: flexcan: assert FRZ bit in flexcan_chip_freeze()
(bsc#1012628).
- can: flexcan: enable RX FIFO after FRZ/HALT valid (bsc#1012628).
- can: flexcan: invoke flexcan_chip_freeze() to enter freeze mode
(bsc#1012628).
- can: tcan4x5x: tcan4x5x_init(): fix initialization - clear
MRAM before entering Normal Mode (bsc#1012628).
- tcp: Fix sign comparison bug in getsockopt(TCP_ZEROCOPY_RECEIVE)
(bsc#1012628).
- tcp: add sanity tests to TCP_QUEUE_SEQ (bsc#1012628).
- netfilter: nf_nat: undo erroneous tcp edemux lookup
(bsc#1012628).
- netfilter: x_tables: gpf inside xt_find_revision()
(bsc#1012628).
- net: always use icmp{,v6}_ndo_send from ndo_start_xmit
(bsc#1012628).
- net: phy: fix save wrong speed and duplex problem if autoneg
is on (bsc#1012628).
- selftests/bpf: Use the last page in test_snprintf_btf on s390
(bsc#1012628).
- selftests/bpf: No need to drop the packet when there is no
geneve opt (bsc#1012628).
- selftests/bpf: Mask bpf_csum_diff() return value to 16 bits
in test_verifier (bsc#1012628).
- samples, bpf: Add missing munmap in xdpsock (bsc#1012628).
- libbpf: Clear map_info before each bpf_obj_get_info_by_fd
(bsc#1012628).
- ibmvnic: Fix possibly uninitialized old_num_tx_queues variable
warning (bsc#1012628).
- ibmvnic: always store valid MAC address (bsc#1012628).
- ibmvnic: remove excessive irqsave (bsc#1012628).
- mt76: dma: do not report truncated frames to mac80211
(bsc#1012628).
- gpio: fix gpio-device list corruption (bsc#1012628).
- mount: fix mounting of detached mounts onto targets that reside
on shared mounts (bsc#1012628).
- cifs: fix credit accounting for extra channel (bsc#1012628).
- cifs: return proper error code in statfs(2) (bsc#1012628).
- Revert "mm, slub: consider rest of partial list if
acquire_slab() fails" (bsc#1012628).
- docs: networking: drop special stable handling (bsc#1012628).
- net: dsa: tag_rtl4_a: fix egress tags (bsc#1012628).
- sh_eth: fix TRSCER mask for SH771x (bsc#1012628).
- net: enetc: don't overwrite the RSS indirection table when
initializing (bsc#1012628).
- net: enetc: initialize RFS/RSS memories for unused ports too
(bsc#1012628).
- net: enetc: take the MDIO lock only once per NAPI poll cycle
(bsc#1012628).
- net: enetc: fix incorrect TPID when receiving 802.1ad tagged
packets (bsc#1012628).
- net: enetc: don't disable VLAN filtering in IFF_PROMISC mode
(bsc#1012628).
- net: enetc: force the RGMII speed and duplex instead of
operating in inband mode (bsc#1012628).
- net: enetc: remove bogus write to SIRXIDR from enetc_setup_rxbdr
(bsc#1012628).
- net: enetc: keep RX ring consumer index in sync with hardware
(bsc#1012628).
- net: dsa: tag_mtk: fix 802.1ad VLAN egress (bsc#1012628).
- net: ethernet: mtk-star-emac: fix wrong unmap in RX handling
(bsc#1012628).
- net/mlx4_en: update moderation when config reset (bsc#1012628).
- net: stmmac: fix incorrect DMA channel intr enable setting of
EQoS v4.10 (bsc#1012628).
- nexthop: Do not flush blackhole nexthops when loopback goes down
(bsc#1012628).
- net: sched: avoid duplicates in classes dump (bsc#1012628).
- net: mscc: ocelot: properly reject destination IP keys in VCAP
IS1 (bsc#1012628).
- net: dsa: sja1105: fix SGMII PCS being forced to SPEED_UNKNOWN
instead of SPEED_10 (bsc#1012628).
- net: usb: qmi_wwan: allow qmimux add/del with master up
(bsc#1012628).
- netdevsim: init u64 stats for 32bit hardware (bsc#1012628).
- cipso,calipso: resolve a number of problems with the DOI
refcounts (bsc#1012628).
- net: stmmac: Fix VLAN filter delete timeout issue in Intel
mGBE SGMII (bsc#1012628).
- stmmac: intel: Fixes clock registration error seen for multiple
interfaces (bsc#1012628).
- net: lapbether: Remove netif_start_queue / netif_stop_queue
(bsc#1012628).
- net: davicom: Fix regulator not turned off on failed probe
(bsc#1012628).
- net: davicom: Fix regulator not turned off on driver removal
(bsc#1012628).
- net: enetc: allow hardware timestamping on TX queues with
tc-etf enabled (bsc#1012628).
- net: qrtr: fix error return code of qrtr_sendmsg()
(bsc#1012628).
- s390/qeth: fix memory leak after failed TX Buffer allocation
(bsc#1012628).
- s390/qeth: improve completion of pending TX buffers
(bsc#1012628).
- s390/qeth: schedule TX NAPI on QAOB completion (bsc#1012628).
- s390/qeth: fix notification for pending buffers during teardown
(bsc#1012628).
- r8169: fix r8168fp_adjust_ocp_cmd function (bsc#1012628).
- ixgbe: fail to create xfrm offload of IPsec tunnel mode SA
(bsc#1012628).
- tools/resolve_btfids: Fix build error with older host toolchains
(bsc#1012628).
- perf build: Fix ccache usage in $(CC) when generating arch
errno table (bsc#1012628).
- net: stmmac: stop each tx channel independently (bsc#1012628).
- net: stmmac: fix watchdog timeout during suspend/resume stress
test (bsc#1012628).
- net: stmmac: fix wrongly set buffer2 valid when sph unsupport
(bsc#1012628).
- ethtool: fix the check logic of at least one channel for RX/TX
(bsc#1012628).
- net: phy: make mdio_bus_phy_suspend/resume as __maybe_unused
(bsc#1012628).
- selftests: forwarding: Fix race condition in mirror installation
(bsc#1012628).
- mlxsw: spectrum_ethtool: Add an external speed to PTYS register
(bsc#1012628).
- perf traceevent: Ensure read cmdlines are null terminated
(bsc#1012628).
- perf report: Fix -F for branch & mem modes (bsc#1012628).
- net: hns3: fix error mask definition of flow director
(bsc#1012628).
- net: hns3: fix query vlan mask value error for flow director
(bsc#1012628).
- net: hns3: fix bug when calculating the TCAM table info
(bsc#1012628).
- s390/cio: return -EFAULT if copy_to_user() fails again
(bsc#1012628).
- bnxt_en: reliably allocate IRQ table on reset to avoid crash
(bsc#1012628).
- drm/fb-helper: only unmap if buffer not null (bsc#1012628).
- drm/compat: Clear bounce structures (bsc#1012628).
- drm/radeon: also init GEM funcs in
radeon_gem_prime_import_sg_table (bsc#1012628).
- drm/amdgpu/display: use GFP_ATOMIC in
dcn21_validate_bandwidth_fp() (bsc#1012628).
- drm/amd/display: Fix nested FPU context in
dcn21_validate_bandwidth() (bsc#1012628).
- drm/amd/pm: correct the watermark settings for Polaris
(bsc#1012628).
- drm/amd/pm: bug fix for pcie dpm (bsc#1012628).
- drm/amdgpu/display: don't assert in set backlight function
(bsc#1012628 bsc#1180749).
- drm/shmem-helper: Check for purged buffers in fault handler
(bsc#1012628).
- drm/shmem-helper: Don't remove the offset in vm_area_struct
pgoff (bsc#1012628).
- drm: Use USB controller's DMA mask when importing dmabufs
(bsc#1012628).
- drm/amdgpu: fix S0ix handling when the CONFIG_AMD_PMC=m
(bsc#1012628).
- drm: meson_drv add shutdown function (bsc#1012628).
- drm/shmem-helpers: vunmap: Don't put pages for dma-buf
(bsc#1012628).
- drm/i915: Wedge the GPU if command parser setup fails
(bsc#1012628).
- s390/cio: return -EFAULT if copy_to_user() fails (bsc#1012628).
- s390/crypto: return -EFAULT if copy_to_user() fails
(bsc#1012628).
- qxl: Fix uninitialised struct field head.surface_id
(bsc#1012628).
- sh_eth: fix TRSCER mask for R7S9210 (bsc#1012628).
- media: usbtv: Fix deadlock on suspend (bsc#1012628).
- media: rkisp1: params: fix wrong bits settings (bsc#1012628).
- media: v4l: vsp1: Fix uif null pointer access (bsc#1012628).
- media: v4l: vsp1: Fix bru null pointer access (bsc#1012628).
- media: rc: compile rc-cec.c into rc-core (bsc#1012628).
- MIPS: kernel: Reserve exception base early to prevent corruption
(bsc#1012628).
- mptcp: always graft subflow socket to parent (bsc#1012628).
- mptcp: reset last_snd on subflow close (bsc#1012628).
- i2c: rcar: faster irq code to minimize HW race condition
(bsc#1012628).
- i2c: rcar: optimize cacheline to minimize HW race condition
(bsc#1012628).
- scsi: pm80xx: Fix missing tag_free in NVMD DATA req
(bsc#1012628).
- scsi: ufs: WB is only available on LUN #0 to #7 (bsc#1012628).
- scsi: ufs: Protect some contexts from unexpected clock scaling
(bsc#1012628).
- udf: fix silent AED tagLocation corruption (bsc#1012628).
- iommu/vt-d: Clear PRQ overflow only when PRQ is empty
(bsc#1012628).
- mmc: mxs-mmc: Fix a resource leak in an error handling path in
'mxs_mmc_probe()' (bsc#1012628).
- mmc: mediatek: fix race condition between msdc_request_timeout
and irq (bsc#1012628).
- mmc: sdhci-iproc: Add ACPI bindings for the RPi (bsc#1012628).
- platform/x86: amd-pmc: put device on error paths (bsc#1012628).
- Platform: OLPC: Fix probe error handling (bsc#1012628).
- powerpc/pci: Add ppc_md.discover_phbs() (bsc#1012628).
- spi: stm32: make spurious and overrun interrupts visible
(bsc#1012628).
- powerpc: improve handling of unrecoverable system reset
(bsc#1012628).
- powerpc/perf: Record counter overflow always if SAMPLE_IP is
unset (bsc#1012628).
- HID: logitech-dj: add support for the new lightspeed connection
iteration (bsc#1012628).
- powerpc/64: Fix stack trace not displaying final frame
(bsc#1012628).
- iommu/amd: Fix performance counter initialization (bsc#1012628).
- clk: qcom: gdsc: Implement NO_RET_PERIPH flag (bsc#1012628).
- sparc32: Limit memblock allocation to low memory (bsc#1012628).
- sparc64: Use arch_validate_flags() to validate ADI flag
(bsc#1012628).
- Input: applespi - don't wait for responses to commands
indefinitely (bsc#1012628).
- PCI: xgene-msi: Fix race in installing chained irq handler
(bsc#1012628).
- PCI: mediatek: Add missing of_node_put() to fix reference leak
(bsc#1012628).
- drivers/base: build kunit tests without structleak plugin
(bsc#1012628).
- PCI/LINK: Remove bandwidth notification (bsc#1012628).
- ext4: don't try to processed freed blocks until mballoc is
initialized (bsc#1012628).
- kbuild: clamp SUBLEVEL to 255 (bsc#1012628).
- PCI: Fix pci_register_io_range() memory leak (bsc#1012628).
- i40e: Fix memory leak in i40e_probe (bsc#1012628).
- PCI/ERR: Retain status from error notification (bsc#1012628).
- kasan: fix memory corruption in kasan_bitops_tags test
(bsc#1012628).
- s390/smp: __smp_rescan_cpus() - move cpumask away from stack
(bsc#1012628).
- drivers/base/memory: don't store phys_device in memory blocks
(bsc#1012628).
- sysctl.c: fix underflow value setting risk in vm_table
(bsc#1012628).
- scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling
(bsc#1012628).
- scsi: target: core: Add cmd length set before cmd complete
(bsc#1012628).
- scsi: target: core: Prevent underflow for service actions
(bsc#1012628).
- clk: qcom: gpucc-msm8998: Add resets, cxc, fix flags on
gpu_gx_gdsc (bsc#1012628).
- ALSA: hda/conexant: Add quirk for mute LED control on HP ZBook
G5 (bsc#1012628).
- ALSA: hda/ca0132: Add Sound BlasterX AE-5 Plus support
(bsc#1012628).
- ALSA: hda: Drop the BATCH workaround for AMD controllers
(bsc#1012628).
- ALSA: usb-audio: Fix "cannot get freq eq" errors on Dell AE515
sound bar (bsc#1012628).
- ALSA: usb-audio: Disable USB autosuspend properly in
setup_disable_autosuspend() (bsc#1012628).
- ALSA: usb-audio: fix NULL ptr dereference in usb_audio_probe
(bsc#1012628).
- ALSA: usb-audio: fix use after free in usb_audio_disconnect
(bsc#1012628).
- opp: Don't drop extra references to OPPs accidentally
(bsc#1012628).
- Revert 95ebabde382c ("capabilities: Don't allow writing
ambiguous v3 file capabilities") (bsc#1012628).
- block: Discard page cache of zone reset target range
(bsc#1012628).
- block: Try to handle busy underlying device on discard
(bsc#1012628).
- arm64: kasan: fix page_alloc tagging with DEBUG_VIRTUAL
(bsc#1012628).
- arm64: mte: Map hotplugged memory as Normal Tagged
(bsc#1012628).
- arm64: perf: Fix 64-bit event counter read truncation
(bsc#1012628).
- s390/dasd: fix hanging DASD driver unbind (bsc#1012628).
- s390/dasd: fix hanging IO request during DASD driver unbind
(bsc#1012628).
- software node: Fix node registration (bsc#1012628).
- xen/events: reset affinity of 2-level event when tearing it down
(bsc#1012628).
- xen/events: don't unmask an event channel when an eoi is pending
(bsc#1012628).
- xen/events: avoid handling the same event on two cpus at the
same time (bsc#1012628).
- mmc: mmci: Add MMC_CAP_NEED_RSP_BUSY for the stm32 variants
(bsc#1012628).
- mmc: core: Fix partition switch time for eMMC (bsc#1012628).
- mmc: cqhci: Fix random crash when remove mmc module/card
(bsc#1012628).
- cifs: do not send close in compound create+close requests
(bsc#1012628).
- Goodix Fingerprint device is not a modem (bsc#1012628).
- USB: gadget: udc: s3c2410_udc: fix return value check in
s3c2410_udc_probe() (bsc#1012628).
- USB: gadget: u_ether: Fix a configfs return code (bsc#1012628).
- usb: gadget: f_uac2: always increase endpoint max_packet_size
by one audio slot (bsc#1012628).
- usb: gadget: f_uac1: stop playback on function disable
(bsc#1012628).
- usb: dwc3: qcom: Add missing DWC3 OF node refcount decrement
(bsc#1012628).
- usb: dwc3: qcom: add URS Host support for sdm845 ACPI boot
(bsc#1012628).
- usb: dwc3: qcom: add ACPI device id for sc8180x (bsc#1012628).
- usb: dwc3: qcom: Honor wakeup enabled/disabled state
(bsc#1012628).
- USB: usblp: fix a hang in poll() if disconnected (bsc#1012628).
- usb: renesas_usbhs: Clear PIPECFG for re-enabling pipe with
other EPNUM (bsc#1012628).
- usb: xhci: do not perform Soft Retry for some xHCI hosts
(bsc#1012628).
- xhci: Improve detection of device initiated wake signal
(bsc#1012628).
- usb: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing
(bsc#1012628).
- xhci: Fix repeated xhci wake after suspend due to uncleared
internal wake state (bsc#1012628).
- USB: serial: io_edgeport: fix memory leak in edge_startup
(bsc#1012628).
- USB: serial: ch341: add new Product ID (bsc#1012628).
- USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter
(bsc#1012628).
- USB: serial: cp210x: add some more GE USB IDs (bsc#1012628).
- usbip: fix stub_dev to check for stream socket (bsc#1012628).
- usbip: fix vhci_hcd to check for stream socket (bsc#1012628).
- usbip: fix vudc to check for stream socket (bsc#1012628).
- usbip: fix stub_dev usbip_sockfd_store() races leading to gpf
(bsc#1012628).
- usbip: fix vhci_hcd attach_store() races leading to gpf
(bsc#1012628).
- usbip: fix vudc usbip_sockfd_store races leading to gpf
(bsc#1012628).
- Revert "serial: max310x: rework RX interrupt handling"
(bsc#1012628).
- misc/pvpanic: Export module FDT device table (bsc#1012628).
- misc: fastrpc: restrict user apps from sending kernel RPC
messages (bsc#1012628).
- staging: rtl8192u: fix ->ssid overflow in r8192_wx_set_scan()
(bsc#1012628).
- staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan()
(bsc#1012628).
- staging: rtl8712: unterminated string leads to read overflow
(bsc#1012628).
- staging: rtl8188eu: fix potential memory corruption in
rtw_check_beacon_data() (bsc#1012628).
- staging: ks7010: prevent buffer overflow in ks_wlan_set_scan()
(bsc#1012628).
- staging: rtl8712: Fix possible buffer overflow in
r8712_sitesurvey_cmd (bsc#1012628).
- staging: rtl8192e: Fix possible buffer overflow in
_rtl92e_wx_set_scan (bsc#1012628).
- staging: comedi: addi_apci_1032: Fix endian problem for COS
sample (bsc#1012628).
- staging: comedi: addi_apci_1500: Fix endian problem for command
sample (bsc#1012628).
- staging: comedi: adv_pci1710: Fix endian problem for AI command
data (bsc#1012628).
- staging: comedi: das6402: Fix endian problem for AI command data
(bsc#1012628).
- staging: comedi: das800: Fix endian problem for AI command data
(bsc#1012628).
- staging: comedi: dmm32at: Fix endian problem for AI command data
(bsc#1012628).
- staging: comedi: me4000: Fix endian problem for AI command data
(bsc#1012628).
- staging: comedi: pcl711: Fix endian problem for AI command data
(bsc#1012628).
- staging: comedi: pcl818: Fix endian problem for AI command data
(bsc#1012628).
- mlxsw: spectrum_router: Ignore routes using a deleted nexthop
object (bsc#1012628).
- net: phy: ti: take into account all possible interrupt sources
(bsc#1012628).
- sh_eth: fix TRSCER mask for R7S72100 (bsc#1012628).
- powerpc/sstep: Fix VSX instruction emulation (bsc#1012628).
- net: macb: Add default usrio config to default gem config
(bsc#1012628).
- cpufreq: qcom-hw: fix dereferencing freed memory 'data'
(bsc#1012628).
- cpufreq: qcom-hw: Fix return value check in
qcom_cpufreq_hw_cpu_init() (bsc#1012628).
- arm64/mm: Fix pfn_valid() for ZONE_DEVICE based memory
(bsc#1012628).
- SUNRPC: Set memalloc_nofs_save() for sync tasks (bsc#1012628).
- NFS: Don't revalidate the directory permissions on a lookup
failure (bsc#1012628).
- NFS: Don't gratuitously clear the inode cache when lookup failed
(bsc#1012628).
- NFSv4.2: fix return value of _nfs4_get_security_label()
(bsc#1012628).
- block: rsxx: fix error return code of rsxx_pci_probe()
(bsc#1012628).
- drm/ttm: Fix TTM page pool accounting (bsc#1012628).
- nvme-fc: fix racing controller reset and create association
(bsc#1012628).
- configfs: fix a use-after-free in __configfs_open_file
(bsc#1012628).
- arm64: mm: use a 48-bit ID map when possible on 52-bit VA builds
(bsc#1012628).
- io_uring: perform IOPOLL reaping if canceler is thread itself
(bsc#1012628).
- drm/nouveau: fix dma syncing for loops (v2) (bsc#1012628).
- perf/arm_dmc620_pmu: Fix error return code in
dmc620_pmu_device_probe() (bsc#1012628).
- net: expand textsearch ts_state to fit skb_seq_state
(bsc#1012628).
- mptcp: put subflow sock on connect error (bsc#1012628).
- mptcp: fix memory accounting on allocation error (bsc#1012628).
- perf/core: Flush PMU internal buffers for per-CPU events
(bsc#1012628).
- perf/x86/intel: Set PERF_ATTACH_SCHED_CB for large PEBS and LBR
(bsc#1012628).
- hrtimer: Update softirq_expires_next correctly after
__hrtimer_get_next_event() (bsc#1012628).
- powerpc/64s/exception: Clean up a missed SRR specifier
(bsc#1012628).
- seqlock,lockdep: Fix seqcount_latch_init() (bsc#1012628).
- memblock: fix section mismatch warning (bsc#1012628).
- stop_machine: mark helpers __always_inline (bsc#1012628).
- include/linux/sched/mm.h: use rcu_dereference in in_vfork()
(bsc#1012628).
- zram: fix return value on writeback_store (bsc#1012628).
- zram: fix broken page writeback (bsc#1012628).
- linux/compiler-clang.h: define HAVE_BUILTIN_BSWAP*
(bsc#1012628).
- sched: Fix migration_cpu_stop() requeueing (bsc#1012628).
- sched/membarrier: fix missing local execution of
ipi_sync_rq_state() (bsc#1012628).
- sched: Collate affine_move_task() stoppers (bsc#1012628).
- sched: Simplify migration_cpu_stop() (bsc#1012628).
- sched: Optimize migration_cpu_stop() (bsc#1012628).
- sched: Fix affine_move_task() self-concurrency (bsc#1012628).
- sched: Simplify set_affinity_pending refcounts (bsc#1012628).
- efi: stub: omit SetVirtualAddressMap() if marked unsupported
in RT_PROP table (bsc#1012628).
- powerpc/64s: Fix instruction encoding for lis in
ppc_function_entry() (bsc#1012628).
- powerpc: Fix inverted SET_FULL_REGS bitop (bsc#1012628).
- powerpc: Fix missing declaration of [en/dis]able_kernel_vsx()
(bsc#1012628).
- binfmt_misc: fix possible deadlock in bm_register_write
(bsc#1012628).
- kasan, mm: fix crash with HW_TAGS and DEBUG_PAGEALLOC
(bsc#1012628).
- kasan: fix KASAN_STACK dependency for HW_TAGS (bsc#1012628).
- x86/unwind/orc: Disable KASAN checking in the ORC unwinder,
part 2 (bsc#1012628).
- x86/sev-es: Introduce ip_within_syscall_gap() helper
(bsc#1012628).
- x86/sev-es: Check regs->sp is trusted before adjusting #VC
IST stack (bsc#1012628).
- x86/sev-es: Correctly track IRQ states in runtime #VC handler
(bsc#1012628).
- x86/sev-es: Use __copy_from_user_inatomic() (bsc#1012628).
- x86/entry: Fix entry/exit mismatch on failed fast 32-bit
syscalls (bsc#1012628).
- KVM: x86: Ensure deadline timer has truly expired before
posting its IRQ (bsc#1012628).
- KVM: kvmclock: Fix vCPUs > 64 can't be online/hotpluged
(bsc#1012628).
- KVM: arm64: Ensure I-cache isolation between vcpus of a same VM
(bsc#1012628).
- KVM: arm64: Fix range alignment when walking page tables
(bsc#1012628).
- KVM: arm64: Avoid corrupting vCPU context register in guest exit
(bsc#1012628).
- KVM: arm64: nvhe: Save the SPE context early (bsc#1012628).
- KVM: arm64: Reject VM creation when the default IPA size is
unsupported (bsc#1012628).
- KVM: arm64: Fix exclusive limit for IPA size (bsc#1012628).
- mm/highmem.c: fix zero_user_segments() with start > end
(bsc#1012628).
- mm/userfaultfd: fix memory corruption due to writeprotect
(bsc#1012628).
- mm/madvise: replace ptrace attach requirement for
process_madvise (bsc#1012628).
- mm/memcg: set memcg when splitting page (bsc#1012628).
- mm/memcg: rename mem_cgroup_split_huge_fixup to split_page_memcg
and add nr_pages argument (bsc#1012628).
- mm/page_alloc.c: refactor initialization of struct page for
holes in memory layout (bsc#1012628).
- KVM: arm64: Fix nVHE hyp panic host context restore
(bsc#1012628).
- Delete
patches.suse/drm-amdgpu-display-don-t-assert-in-set-backlight-fun.patch.
- Update config files.
- Linux 5.11.7 (bsc#1012628).
- uapi: nfnetlink_cthelper.h: fix userspace compilation error
(bsc#1012628).
- powerpc/603: Fix protection of user pages mapped with PROT_NONE
(bsc#1012628).
- powerpc/perf: Fix handling of privilege level checks in perf
interrupt context (bsc#1012628).
- powerpc/pseries: Don't enforce MSI affinity with kdump
(bsc#1012628).
- ethernet: alx: fix order of calls on resume (bsc#1012628).
- crypto: mips/poly1305 - enable for all MIPS processors
(bsc#1012628).
- mptcp: fix length of ADD_ADDR with port sub-option
(bsc#1012628).
- ath9k: fix transmitting to stations in dynamic SMPS mode
(bsc#1012628).
- net: Fix gro aggregation for udp encaps with zero csum
(bsc#1012628).
- net: check if protocol extracted by virtio_net_hdr_set_proto
is correct (bsc#1012628).
- net: avoid infinite loop in mpls_gso_segment when mpls_hlen ==
0 (bsc#1012628).
- ath11k: fix AP mode for QCA6390 (bsc#1012628).
- net: l2tp: reduce log level of messages in receive path,
add counter instead (bsc#1012628).
- gpiolib: acpi: Add ACPI_GPIO_QUIRK_ABSOLUTE_NUMBER quirk
(bsc#1012628).
- gpiolib: acpi: Allow to find GpioInt() resource by name and
index (bsc#1012628).
- can: skb: can_skb_set_owner(): fix ref counting if socket was
closed before setting skb ownership (bsc#1012628).
- gpio: pca953x: Set IRQ type when handle Intel Galileo Gen 2
(bsc#1012628).
- can: flexcan: assert FRZ bit in flexcan_chip_freeze()
(bsc#1012628).
- can: flexcan: enable RX FIFO after FRZ/HALT valid (bsc#1012628).
- can: flexcan: invoke flexcan_chip_freeze() to enter freeze mode
(bsc#1012628).
- can: tcan4x5x: tcan4x5x_init(): fix initialization - clear
MRAM before entering Normal Mode (bsc#1012628).
- tcp: Fix sign comparison bug in getsockopt(TCP_ZEROCOPY_RECEIVE)
(bsc#1012628).
- tcp: add sanity tests to TCP_QUEUE_SEQ (bsc#1012628).
- netfilter: nf_nat: undo erroneous tcp edemux lookup
(bsc#1012628).
- netfilter: x_tables: gpf inside xt_find_revision()
(bsc#1012628).
- net: always use icmp{,v6}_ndo_send from ndo_start_xmit
(bsc#1012628).
- net: phy: fix save wrong speed and duplex problem if autoneg
is on (bsc#1012628).
- selftests/bpf: Use the last page in test_snprintf_btf on s390
(bsc#1012628).
- selftests/bpf: No need to drop the packet when there is no
geneve opt (bsc#1012628).
- selftests/bpf: Mask bpf_csum_diff() return value to 16 bits
in test_verifier (bsc#1012628).
- samples, bpf: Add missing munmap in xdpsock (bsc#1012628).
- libbpf: Clear map_info before each bpf_obj_get_info_by_fd
(bsc#1012628).
- ibmvnic: Fix possibly uninitialized old_num_tx_queues variable
warning (bsc#1012628).
- ibmvnic: always store valid MAC address (bsc#1012628).
- ibmvnic: remove excessive irqsave (bsc#1012628).
- mt76: dma: do not report truncated frames to mac80211
(bsc#1012628).
- gpio: fix gpio-device list corruption (bsc#1012628).
- mount: fix mounting of detached mounts onto targets that reside
on shared mounts (bsc#1012628).
- cifs: fix credit accounting for extra channel (bsc#1012628).
- cifs: return proper error code in statfs(2) (bsc#1012628).
- Revert "mm, slub: consider rest of partial list if
acquire_slab() fails" (bsc#1012628).
- docs: networking: drop special stable handling (bsc#1012628).
- net: dsa: tag_rtl4_a: fix egress tags (bsc#1012628).
- sh_eth: fix TRSCER mask for SH771x (bsc#1012628).
- net: enetc: don't overwrite the RSS indirection table when
initializing (bsc#1012628).
- net: enetc: initialize RFS/RSS memories for unused ports too
(bsc#1012628).
- net: enetc: take the MDIO lock only once per NAPI poll cycle
(bsc#1012628).
- net: enetc: fix incorrect TPID when receiving 802.1ad tagged
packets (bsc#1012628).
- net: enetc: don't disable VLAN filtering in IFF_PROMISC mode
(bsc#1012628).
- net: enetc: force the RGMII speed and duplex instead of
operating in inband mode (bsc#1012628).
- net: enetc: remove bogus write to SIRXIDR from enetc_setup_rxbdr
(bsc#1012628).
- net: enetc: keep RX ring consumer index in sync with hardware
(bsc#1012628).
- net: dsa: tag_mtk: fix 802.1ad VLAN egress (bsc#1012628).
- net: ethernet: mtk-star-emac: fix wrong unmap in RX handling
(bsc#1012628).
- net/mlx4_en: update moderation when config reset (bsc#1012628).
- net: stmmac: fix incorrect DMA channel intr enable setting of
EQoS v4.10 (bsc#1012628).
- nexthop: Do not flush blackhole nexthops when loopback goes down
(bsc#1012628).
- net: sched: avoid duplicates in classes dump (bsc#1012628).
- net: mscc: ocelot: properly reject destination IP keys in VCAP
IS1 (bsc#1012628).
- net: dsa: sja1105: fix SGMII PCS being forced to SPEED_UNKNOWN
instead of SPEED_10 (bsc#1012628).
- net: usb: qmi_wwan: allow qmimux add/del with master up
(bsc#1012628).
- netdevsim: init u64 stats for 32bit hardware (bsc#1012628).
- cipso,calipso: resolve a number of problems with the DOI
refcounts (bsc#1012628).
- net: stmmac: Fix VLAN filter delete timeout issue in Intel
mGBE SGMII (bsc#1012628).
- stmmac: intel: Fixes clock registration error seen for multiple
interfaces (bsc#1012628).
- net: lapbether: Remove netif_start_queue / netif_stop_queue
(bsc#1012628).
- net: davicom: Fix regulator not turned off on failed probe
(bsc#1012628).
- net: davicom: Fix regulator not turned off on driver removal
(bsc#1012628).
- net: enetc: allow hardware timestamping on TX queues with
tc-etf enabled (bsc#1012628).
- net: qrtr: fix error return code of qrtr_sendmsg()
(bsc#1012628).
- s390/qeth: fix memory leak after failed TX Buffer allocation
(bsc#1012628).
- s390/qeth: improve completion of pending TX buffers
(bsc#1012628).
- s390/qeth: schedule TX NAPI on QAOB completion (bsc#1012628).
- s390/qeth: fix notification for pending buffers during teardown
(bsc#1012628).
- r8169: fix r8168fp_adjust_ocp_cmd function (bsc#1012628).
- ixgbe: fail to create xfrm offload of IPsec tunnel mode SA
(bsc#1012628).
- tools/resolve_btfids: Fix build error with older host toolchains
(bsc#1012628).
- perf build: Fix ccache usage in $(CC) when generating arch
errno table (bsc#1012628).
- net: stmmac: stop each tx channel independently (bsc#1012628).
- net: stmmac: fix watchdog timeout during suspend/resume stress
test (bsc#1012628).
- net: stmmac: fix wrongly set buffer2 valid when sph unsupport
(bsc#1012628).
- ethtool: fix the check logic of at least one channel for RX/TX
(bsc#1012628).
- net: phy: make mdio_bus_phy_suspend/resume as __maybe_unused
(bsc#1012628).
- selftests: forwarding: Fix race condition in mirror installation
(bsc#1012628).
- mlxsw: spectrum_ethtool: Add an external speed to PTYS register
(bsc#1012628).
- perf traceevent: Ensure read cmdlines are null terminated
(bsc#1012628).
- perf report: Fix -F for branch & mem modes (bsc#1012628).
- net: hns3: fix error mask definition of flow director
(bsc#1012628).
- net: hns3: fix query vlan mask value error for flow director
(bsc#1012628).
- net: hns3: fix bug when calculating the TCAM table info
(bsc#1012628).
- s390/cio: return -EFAULT if copy_to_user() fails again
(bsc#1012628).
- bnxt_en: reliably allocate IRQ table on reset to avoid crash
(bsc#1012628).
- drm/fb-helper: only unmap if buffer not null (bsc#1012628).
- drm/compat: Clear bounce structures (bsc#1012628).
- drm/radeon: also init GEM funcs in
radeon_gem_prime_import_sg_table (bsc#1012628).
- drm/amdgpu/display: use GFP_ATOMIC in
dcn21_validate_bandwidth_fp() (bsc#1012628).
- drm/amd/display: Fix nested FPU context in
dcn21_validate_bandwidth() (bsc#1012628).
- drm/amd/pm: correct the watermark settings for Polaris
(bsc#1012628).
- drm/amd/pm: bug fix for pcie dpm (bsc#1012628).
- drm/amdgpu/display: don't assert in set backlight function
(bsc#1012628 bsc#1180749).
- drm/shmem-helper: Check for purged buffers in fault handler
(bsc#1012628).
- drm/shmem-helper: Don't remove the offset in vm_area_struct
pgoff (bsc#1012628).
- drm: Use USB controller's DMA mask when importing dmabufs
(bsc#1012628).
- drm/amdgpu: fix S0ix handling when the CONFIG_AMD_PMC=m
(bsc#1012628).
- drm: meson_drv add shutdown function (bsc#1012628).
- drm/shmem-helpers: vunmap: Don't put pages for dma-buf
(bsc#1012628).
- drm/i915: Wedge the GPU if command parser setup fails
(bsc#1012628).
- s390/cio: return -EFAULT if copy_to_user() fails (bsc#1012628).
- s390/crypto: return -EFAULT if copy_to_user() fails
(bsc#1012628).
- qxl: Fix uninitialised struct field head.surface_id
(bsc#1012628).
- sh_eth: fix TRSCER mask for R7S9210 (bsc#1012628).
- media: usbtv: Fix deadlock on suspend (bsc#1012628).
- media: rkisp1: params: fix wrong bits settings (bsc#1012628).
- media: v4l: vsp1: Fix uif null pointer access (bsc#1012628).
- media: v4l: vsp1: Fix bru null pointer access (bsc#1012628).
- media: rc: compile rc-cec.c into rc-core (bsc#1012628).
- MIPS: kernel: Reserve exception base early to prevent corruption
(bsc#1012628).
- mptcp: always graft subflow socket to parent (bsc#1012628).
- mptcp: reset last_snd on subflow close (bsc#1012628).
- i2c: rcar: faster irq code to minimize HW race condition
(bsc#1012628).
- i2c: rcar: optimize cacheline to minimize HW race condition
(bsc#1012628).
- scsi: pm80xx: Fix missing tag_free in NVMD DATA req
(bsc#1012628).
- scsi: ufs: WB is only available on LUN #0 to #7 (bsc#1012628).
- scsi: ufs: Protect some contexts from unexpected clock scaling
(bsc#1012628).
- udf: fix silent AED tagLocation corruption (bsc#1012628).
- iommu/vt-d: Clear PRQ overflow only when PRQ is empty
(bsc#1012628).
- mmc: mxs-mmc: Fix a resource leak in an error handling path in
'mxs_mmc_probe()' (bsc#1012628).
- mmc: mediatek: fix race condition between msdc_request_timeout
and irq (bsc#1012628).
- mmc: sdhci-iproc: Add ACPI bindings for the RPi (bsc#1012628).
- platform/x86: amd-pmc: put device on error paths (bsc#1012628).
- Platform: OLPC: Fix probe error handling (bsc#1012628).
- powerpc/pci: Add ppc_md.discover_phbs() (bsc#1012628).
- spi: stm32: make spurious and overrun interrupts visible
(bsc#1012628).
- powerpc: improve handling of unrecoverable system reset
(bsc#1012628).
- powerpc/perf: Record counter overflow always if SAMPLE_IP is
unset (bsc#1012628).
- HID: logitech-dj: add support for the new lightspeed connection
iteration (bsc#1012628).
- powerpc/64: Fix stack trace not displaying final frame
(bsc#1012628).
- iommu/amd: Fix performance counter initialization (bsc#1012628).
- clk: qcom: gdsc: Implement NO_RET_PERIPH flag (bsc#1012628).
- sparc32: Limit memblock allocation to low memory (bsc#1012628).
- sparc64: Use arch_validate_flags() to validate ADI flag
(bsc#1012628).
- Input: applespi - don't wait for responses to commands
indefinitely (bsc#1012628).
- PCI: xgene-msi: Fix race in installing chained irq handler
(bsc#1012628).
- PCI: mediatek: Add missing of_node_put() to fix reference leak
(bsc#1012628).
- drivers/base: build kunit tests without structleak plugin
(bsc#1012628).
- PCI/LINK: Remove bandwidth notification (bsc#1012628).
- ext4: don't try to processed freed blocks until mballoc is
initialized (bsc#1012628).
- kbuild: clamp SUBLEVEL to 255 (bsc#1012628).
- PCI: Fix pci_register_io_range() memory leak (bsc#1012628).
- i40e: Fix memory leak in i40e_probe (bsc#1012628).
- PCI/ERR: Retain status from error notification (bsc#1012628).
- kasan: fix memory corruption in kasan_bitops_tags test
(bsc#1012628).
- s390/smp: __smp_rescan_cpus() - move cpumask away from stack
(bsc#1012628).
- drivers/base/memory: don't store phys_device in memory blocks
(bsc#1012628).
- sysctl.c: fix underflow value setting risk in vm_table
(bsc#1012628).
- scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling
(bsc#1012628).
- scsi: target: core: Add cmd length set before cmd complete
(bsc#1012628).
- scsi: target: core: Prevent underflow for service actions
(bsc#1012628).
- clk: qcom: gpucc-msm8998: Add resets, cxc, fix flags on
gpu_gx_gdsc (bsc#1012628).
- ALSA: hda/conexant: Add quirk for mute LED control on HP ZBook
G5 (bsc#1012628).
- ALSA: hda/ca0132: Add Sound BlasterX AE-5 Plus support
(bsc#1012628).
- ALSA: hda: Drop the BATCH workaround for AMD controllers
(bsc#1012628).
- ALSA: usb-audio: Fix "cannot get freq eq" errors on Dell AE515
sound bar (bsc#1012628).
- ALSA: usb-audio: Disable USB autosuspend properly in
setup_disable_autosuspend() (bsc#1012628).
- ALSA: usb-audio: fix NULL ptr dereference in usb_audio_probe
(bsc#1012628).
- ALSA: usb-audio: fix use after free in usb_audio_disconnect
(bsc#1012628).
- opp: Don't drop extra references to OPPs accidentally
(bsc#1012628).
- Revert 95ebabde382c ("capabilities: Don't allow writing
ambiguous v3 file capabilities") (bsc#1012628).
- block: Discard page cache of zone reset target range
(bsc#1012628).
- block: Try to handle busy underlying device on discard
(bsc#1012628).
- arm64: kasan: fix page_alloc tagging with DEBUG_VIRTUAL
(bsc#1012628).
- arm64: mte: Map hotplugged memory as Normal Tagged
(bsc#1012628).
- arm64: perf: Fix 64-bit event counter read truncation
(bsc#1012628).
- s390/dasd: fix hanging DASD driver unbind (bsc#1012628).
- s390/dasd: fix hanging IO request during DASD driver unbind
(bsc#1012628).
- software node: Fix node registration (bsc#1012628).
- xen/events: reset affinity of 2-level event when tearing it down
(bsc#1012628).
- xen/events: don't unmask an event channel when an eoi is pending
(bsc#1012628).
- xen/events: avoid handling the same event on two cpus at the
same time (bsc#1012628).
- mmc: mmci: Add MMC_CAP_NEED_RSP_BUSY for the stm32 variants
(bsc#1012628).
- mmc: core: Fix partition switch time for eMMC (bsc#1012628).
- mmc: cqhci: Fix random crash when remove mmc module/card
(bsc#1012628).
- cifs: do not send close in compound create+close requests
(bsc#1012628).
- Goodix Fingerprint device is not a modem (bsc#1012628).
- USB: gadget: udc: s3c2410_udc: fix return value check in
s3c2410_udc_probe() (bsc#1012628).
- USB: gadget: u_ether: Fix a configfs return code (bsc#1012628).
- usb: gadget: f_uac2: always increase endpoint max_packet_size
by one audio slot (bsc#1012628).
- usb: gadget: f_uac1: stop playback on function disable
(bsc#1012628).
- usb: dwc3: qcom: Add missing DWC3 OF node refcount decrement
(bsc#1012628).
- usb: dwc3: qcom: add URS Host support for sdm845 ACPI boot
(bsc#1012628).
- usb: dwc3: qcom: add ACPI device id for sc8180x (bsc#1012628).
- usb: dwc3: qcom: Honor wakeup enabled/disabled state
(bsc#1012628).
- USB: usblp: fix a hang in poll() if disconnected (bsc#1012628).
- usb: renesas_usbhs: Clear PIPECFG for re-enabling pipe with
other EPNUM (bsc#1012628).
- usb: xhci: do not perform Soft Retry for some xHCI hosts
(bsc#1012628).
- xhci: Improve detection of device initiated wake signal
(bsc#1012628).
- usb: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing
(bsc#1012628).
- xhci: Fix repeated xhci wake after suspend due to uncleared
internal wake state (bsc#1012628).
- USB: serial: io_edgeport: fix memory leak in edge_startup
(bsc#1012628).
- USB: serial: ch341: add new Product ID (bsc#1012628).
- USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter
(bsc#1012628).
- USB: serial: cp210x: add some more GE USB IDs (bsc#1012628).
- usbip: fix stub_dev to check for stream socket (bsc#1012628).
- usbip: fix vhci_hcd to check for stream socket (bsc#1012628).
- usbip: fix vudc to check for stream socket (bsc#1012628).
- usbip: fix stub_dev usbip_sockfd_store() races leading to gpf
(bsc#1012628).
- usbip: fix vhci_hcd attach_store() races leading to gpf
(bsc#1012628).
- usbip: fix vudc usbip_sockfd_store races leading to gpf
(bsc#1012628).
- Revert "serial: max310x: rework RX interrupt handling"
(bsc#1012628).
- misc/pvpanic: Export module FDT device table (bsc#1012628).
- misc: fastrpc: restrict user apps from sending kernel RPC
messages (bsc#1012628).
- staging: rtl8192u: fix ->ssid overflow in r8192_wx_set_scan()
(bsc#1012628).
- staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan()
(bsc#1012628).
- staging: rtl8712: unterminated string leads to read overflow
(bsc#1012628).
- staging: rtl8188eu: fix potential memory corruption in
rtw_check_beacon_data() (bsc#1012628).
- staging: ks7010: prevent buffer overflow in ks_wlan_set_scan()
(bsc#1012628).
- staging: rtl8712: Fix possible buffer overflow in
r8712_sitesurvey_cmd (bsc#1012628).
- staging: rtl8192e: Fix possible buffer overflow in
_rtl92e_wx_set_scan (bsc#1012628).
- staging: comedi: addi_apci_1032: Fix endian problem for COS
sample (bsc#1012628).
- staging: comedi: addi_apci_1500: Fix endian problem for command
sample (bsc#1012628).
- staging: comedi: adv_pci1710: Fix endian problem for AI command
data (bsc#1012628).
- staging: comedi: das6402: Fix endian problem for AI command data
(bsc#1012628).
- staging: comedi: das800: Fix endian problem for AI command data
(bsc#1012628).
- staging: comedi: dmm32at: Fix endian problem for AI command data
(bsc#1012628).
- staging: comedi: me4000: Fix endian problem for AI command data
(bsc#1012628).
- staging: comedi: pcl711: Fix endian problem for AI command data
(bsc#1012628).
- staging: comedi: pcl818: Fix endian problem for AI command data
(bsc#1012628).
- mlxsw: spectrum_router: Ignore routes using a deleted nexthop
object (bsc#1012628).
- net: phy: ti: take into account all possible interrupt sources
(bsc#1012628).
- sh_eth: fix TRSCER mask for R7S72100 (bsc#1012628).
- powerpc/sstep: Fix VSX instruction emulation (bsc#1012628).
- net: macb: Add default usrio config to default gem config
(bsc#1012628).
- cpufreq: qcom-hw: fix dereferencing freed memory 'data'
(bsc#1012628).
- cpufreq: qcom-hw: Fix return value check in
qcom_cpufreq_hw_cpu_init() (bsc#1012628).
- arm64/mm: Fix pfn_valid() for ZONE_DEVICE based memory
(bsc#1012628).
- SUNRPC: Set memalloc_nofs_save() for sync tasks (bsc#1012628).
- NFS: Don't revalidate the directory permissions on a lookup
failure (bsc#1012628).
- NFS: Don't gratuitously clear the inode cache when lookup failed
(bsc#1012628).
- NFSv4.2: fix return value of _nfs4_get_security_label()
(bsc#1012628).
- block: rsxx: fix error return code of rsxx_pci_probe()
(bsc#1012628).
- drm/ttm: Fix TTM page pool accounting (bsc#1012628).
- nvme-fc: fix racing controller reset and create association
(bsc#1012628).
- configfs: fix a use-after-free in __configfs_open_file
(bsc#1012628).
- arm64: mm: use a 48-bit ID map when possible on 52-bit VA builds
(bsc#1012628).
- io_uring: perform IOPOLL reaping if canceler is thread itself
(bsc#1012628).
- drm/nouveau: fix dma syncing for loops (v2) (bsc#1012628).
- perf/arm_dmc620_pmu: Fix error return code in
dmc620_pmu_device_probe() (bsc#1012628).
- net: expand textsearch ts_state to fit skb_seq_state
(bsc#1012628).
- mptcp: put subflow sock on connect error (bsc#1012628).
- mptcp: fix memory accounting on allocation error (bsc#1012628).
- perf/core: Flush PMU internal buffers for per-CPU events
(bsc#1012628).
- perf/x86/intel: Set PERF_ATTACH_SCHED_CB for large PEBS and LBR
(bsc#1012628).
- hrtimer: Update softirq_expires_next correctly after
__hrtimer_get_next_event() (bsc#1012628).
- powerpc/64s/exception: Clean up a missed SRR specifier
(bsc#1012628).
- seqlock,lockdep: Fix seqcount_latch_init() (bsc#1012628).
- memblock: fix section mismatch warning (bsc#1012628).
- stop_machine: mark helpers __always_inline (bsc#1012628).
- include/linux/sched/mm.h: use rcu_dereference in in_vfork()
(bsc#1012628).
- zram: fix return value on writeback_store (bsc#1012628).
- zram: fix broken page writeback (bsc#1012628).
- linux/compiler-clang.h: define HAVE_BUILTIN_BSWAP*
(bsc#1012628).
- sched: Fix migration_cpu_stop() requeueing (bsc#1012628).
- sched/membarrier: fix missing local execution of
ipi_sync_rq_state() (bsc#1012628).
- sched: Collate affine_move_task() stoppers (bsc#1012628).
- sched: Simplify migration_cpu_stop() (bsc#1012628).
- sched: Optimize migration_cpu_stop() (bsc#1012628).
- sched: Fix affine_move_task() self-concurrency (bsc#1012628).
- sched: Simplify set_affinity_pending refcounts (bsc#1012628).
- efi: stub: omit SetVirtualAddressMap() if marked unsupported
in RT_PROP table (bsc#1012628).
- powerpc/64s: Fix instruction encoding for lis in
ppc_function_entry() (bsc#1012628).
- powerpc: Fix inverted SET_FULL_REGS bitop (bsc#1012628).
- powerpc: Fix missing declaration of [en/dis]able_kernel_vsx()
(bsc#1012628).
- binfmt_misc: fix possible deadlock in bm_register_write
(bsc#1012628).
- kasan, mm: fix crash with HW_TAGS and DEBUG_PAGEALLOC
(bsc#1012628).
- kasan: fix KASAN_STACK dependency for HW_TAGS (bsc#1012628).
- x86/unwind/orc: Disable KASAN checking in the ORC unwinder,
part 2 (bsc#1012628).
- x86/sev-es: Introduce ip_within_syscall_gap() helper
(bsc#1012628).
- x86/sev-es: Check regs->sp is trusted before adjusting #VC
IST stack (bsc#1012628).
- x86/sev-es: Correctly track IRQ states in runtime #VC handler
(bsc#1012628).
- x86/sev-es: Use __copy_from_user_inatomic() (bsc#1012628).
- x86/entry: Fix entry/exit mismatch on failed fast 32-bit
syscalls (bsc#1012628).
- KVM: x86: Ensure deadline timer has truly expired before
posting its IRQ (bsc#1012628).
- KVM: kvmclock: Fix vCPUs > 64 can't be online/hotpluged
(bsc#1012628).
- KVM: arm64: Ensure I-cache isolation between vcpus of a same VM
(bsc#1012628).
- KVM: arm64: Fix range alignment when walking page tables
(bsc#1012628).
- KVM: arm64: Avoid corrupting vCPU context register in guest exit
(bsc#1012628).
- KVM: arm64: nvhe: Save the SPE context early (bsc#1012628).
- KVM: arm64: Reject VM creation when the default IPA size is
unsupported (bsc#1012628).
- KVM: arm64: Fix exclusive limit for IPA size (bsc#1012628).
- mm/highmem.c: fix zero_user_segments() with start > end
(bsc#1012628).
- mm/userfaultfd: fix memory corruption due to writeprotect
(bsc#1012628).
- mm/madvise: replace ptrace attach requirement for
process_madvise (bsc#1012628).
- mm/memcg: set memcg when splitting page (bsc#1012628).
- mm/memcg: rename mem_cgroup_split_huge_fixup to split_page_memcg
and add nr_pages argument (bsc#1012628).
- mm/page_alloc.c: refactor initialization of struct page for
holes in memory layout (bsc#1012628).
- KVM: arm64: Fix nVHE hyp panic host context restore
(bsc#1012628).
- Delete
patches.suse/drm-amdgpu-display-don-t-assert-in-set-backlight-fun.patch.
- commit 01db39a
++++ pango:
- Update to version 1.48.3:
+ Miscellaneous introspection fixes
+ Make pango_attr_list_splice clip inserted attrbiutes
+ Do costly fontconfig calls in threads
+ markup: Fix issues with accel handling
+ docs: Convert docs to use gi-docgen
+ Fix build against harfbuzz < 2.6
- Disable gtk-doc for now since upstream have moved to gi-docgen and it is
not in Factory yet
++++ libselinux:
- Switch to pcre2:
+ Replace pcre-devel BuildRequires with pkgconfig(libpcre2-8)
+ Pass USE_PCRE2=y to make.
+ Replace pkgconfig(libpcre) Requires in -devel static with
pkgconfig(libpcre2-8).
++++ libsemanage:
- Move configuration file to separate libsemanage-conf package to allow
for parallel installation in future versions
++++ sqlite3:
- SQLite 3.35.2:
* Fix a problem in the appendvfs.c extension that was introduced
into version 3.35.0.
* Ensure that date/time functions with no arguments (which
generate responses that depend on the current time) are treated
as non-deterministic functions.
* Fix a problem in the sqldiff utility program having to do with
unusual whitespace characters in a virtual table definition.
* Limit the new UNION ALL optimization described by item 8c in
the 3.35.0 release so that it does not try to make too many
new subqueries.
- include changes from 3.35.1:
* Fix a bug in the new DROP COLUMN feature when used on columns
that are indexed and that are quoted in the index definition.
* Improve the built-in documentation for the .dump command in the
CLI.
++++ libvirt:
- spec: Move netcat-openbsd requirement from the libs to the daemon
subpackage. It is only needed by the daemon and introduces an
unneeded dependency for users of libvirt-libs.
++++ salt:
- Allow vendor change option with zypper
- Added:
* allow-vendor-change-option-with-zypper-313.patch
++++ libselinux-bindings:
- Switch to pcre2:
+ Replace pcre-devel BuildRequires with pkgconfig(libpcre2-8)
+ Pass USE_PCRE2=y to make.
++++ qemu:
- Fix s390x "mediated device is in use" error condition
(bsc#1183634)
update-linux-headers-Include-const.h.patch
Update-linux-headers-to-5.11-rc2.patch
vfio-ccw-Connect-the-device-request-noti.patch
++++ u-boot-rpiarm64:
Fix SMBIOS tables without a string present (bsc#1183079)
Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.01
* Patches added:
0034-smbios-Fix-table-whit-no-string-is-.patch
------------------------------------------------------------------
------------------ 2021-3-16 - Mar 16 2021 -------------------
------------------------------------------------------------------
++++ ansible:
- update to version 2.9.19 with minor changes and a few bug fixes
++++ bcm43xx-firmware:
- Introduce Raspberry Pi 4 Compute Module's brcmfmac43455 configuration file.
(bsc#1183524)
++++ cni:
- Set GO111MODULE=auto to build with go1.16+
* Default changed to GO111MODULE=on in go1.16
* Set temporarily until using upstream release with go.mod
* Drop BuildRequires: golang-packaging not currently using macros
* Add BuildRequires: golang(API) >= 1.13 recommended dependency expression
++++ glib-networking:
- Update to version 2.68.rc:
+ Improve heuristic for returning
G_TLS_ERROR_CERTIFICATE_REQUIRED.
+ Fix check for certain handshake failure conditions.
++++ grub2:
- Fix powerpc-ieee1275 lpar takes long time to boot with increasing number of
nvme namespace (bsc#1177751)
0001-ieee1275-Avoiding-many-unecessary-open-close.patch
++++ iputils:
- Binaries were found to be not optimized or built
with proper %optflags.
++++ kernel-default:
- drm/i915/ilk-glk: Fix link training on links with LTTPRs
(bsc#1183294).
- commit 424e43f
- Update config files: enable CONFIG_BMP280=m for x86 (bsc#1183198)
- commit e29c84f
++++ mozilla-nss:
- update to NSS 3.62
* bmo#1688374 - Fix parallel build NSS-3.61 with make
* bmo#1682044 - pkix_Build_GatherCerts() + pkix_CacheCert_Add()
can corrupt "cachedCertTable"
* bmo#1690583 - Fix CH padding extension size calculation
* bmo#1690421 - Adjust 3.62 ABI report formatting for new libabigail
* bmo#1690421 - Install packaged libabigail in docker-builds image
* bmo#1689228 - Minor ECH -09 fixes for interop testing, fuzzing
* bmo#1674819 - Fixup a51fae403328, enum type may be signed
* bmo#1681585 - Add ECH support to selfserv
* bmo#1681585 - Update ECH to Draft-09
* bmo#1678398 - Add Export/Import functions for HPKE context
* bmo#1678398 - Update HPKE to draft-07
- required for Firefox 87
++++ openldap2:
- updated to 2.4.58
OpenLDAP 2.4.58 Release (2021/03/16)
Fixed slapd validity checks for issuerAndThisUpdateCheck (ITS#9454)
Fixed slapd to alloc new conn struct after freeing old one (ITS#9458)
Fixed slapd syncrepl to check all contextCSNs (ITS#9282)
Fixed slapd-bdb lockdetect config (ITS#9449)
++++ ncurses:
- New package ncurses-tests which includes examples and tests
- Include bash script cursescheck for ASC and REP capabilities
++++ protobuf:
- update to 3.15.6:
Ruby
* Fixed bug in string comparison logic (#8386)
* Fixed quadratic memory use in array append (#8379)
* Fixed SEGV when users pass nil messages (#8363)
* Fixed quadratic memory usage when appending to arrays (#8364)
* Ruby <2.7 now uses WeakMap too, which prevents memory leaks. (#8341)
* Fix for FieldDescriptor.get(msg) (#8330)
* Bugfix for Message.[] for repeated or map fields (#8313)
PHP
* read_property() handler is not supposed to return NULL (#8362)
Protocol Compiler
* Optional fields for proto3 are enabled by default, and no longer require
the --experimental_allow_proto3_optional flag.
C++
* Do not disable RTTI by default in the CMake build (#8377)
* Create a CMake option to control whether or not RTTI is enabled (#8361)
* Fix PROTOBUF_CONSTINIT macro redefinition (#8323)
* MessageDifferencer: fixed bug when using custom ignore with multiple
unknown fields
* Use init_seg in MSVC to push initialization to an earlier phase.
* Runtime no longer triggers -Wsign-compare warnings.
* Fixed -Wtautological-constant-out-of-range-compare warning.
* DynamicCastToGenerated works for nullptr input for even if RTTI is disabled
* Arena is refactored and optimized.
* Clarified/specified that the exact value of Arena::SpaceAllocated() is an
implementation detail users must not rely on. It should not be used in
unit tests.
* Change the signature of Any::PackFrom() to return false on error.
* Add fast reflection getter API for strings.
* Constant initialize the global message instances
* Avoid potential for missed wakeup in UnknownFieldSet
* Now Proto3 Oneof fields have "has" methods for checking their presence in
C++.
* Bugfix for NVCC
* Return early in _InternalSerialize for empty maps.
* Adding functionality for outputting map key values in proto path logging
output (does not affect comparison logic) and stop printing 'value' in the
path. The modified print functionality is in the
MessageDifferencer::StreamReporter.
* Fixed https://github.com/protocolbuffers/protobuf/issues/8129
* Ensure that null char symbol, package and file names do not result in a
crash.
* Constant initialize the global message instances
* Pretty print 'max' instead of numeric values in reserved ranges.
* Removed remaining instances of std::is_pod, which is deprecated in C++20.
* Changes to reduce code size for unknown field handling by making uncommon
cases out of line.
* Fix std::is_pod deprecated in C++20 (#7180)
* Fix some -Wunused-parameter warnings (#8053)
* Fix detecting file as directory on zOS issue #8051 (#8052)
* Don't include sys/param.h for _BYTE_ORDER (#8106)
* remove CMAKE_THREAD_LIBS_INIT from pkgconfig CFLAGS (#8154)
* Fix TextFormatMapTest.DynamicMessage issue#5136 (#8159)
* Fix for compiler warning issue#8145 (#8160)
* fix: support deprecated enums for GCC < 6 (#8164)
* Fix some warning when compiling with Visual Studio 2019 on x64 target (#8125)
Python
* Provided an override for the reverse() method that will reverse the internal
collection directly instead of using the other methods of the BaseContainer.
* MessageFactory.CreateProtoype can be overridden to customize class creation.
* Fix PyUnknownFields memory leak (#7928)
* Add macOS big sur compatibility (#8126)
JavaScript
* Generate `getDescriptor` methods with `*` as their `this` type.
* Enforce `let/const` for generated messages.
* js/binary/utils.js: Fix jspb.utils.joinUnsignedDecimalString to work with
negative bitsLow and low but non-zero bitsHigh parameter. (#8170)
PHP
* Added support for PHP 8. (#8105)
* unregister INI entries and fix invalid read on shutdown (#8042)
* Fix PhpDoc comments for message accessors to include "|null". (#8136)
* fix: convert native PHP floats to single precision (#8187)
* Fixed PHP to support field numbers >=2**28. (#8235)
* feat: add support for deprecated fields to PHP compiler (#8223)
* Protect against stack overflow if the user derives from Message. (#8248)
* Fixed clone for Message, RepeatedField, and MapField. (#8245)
* Updated upb to allow nonzero offset minutes in JSON timestamps. (#8258)
Ruby
* Added support for Ruby 3. (#8184)
* Rewrote the data storage layer to be based on upb_msg objects from the
upb library. This should lead to much better parsing performance,
particularly for large messages. (#8184).
* Fill out JRuby support (#7923)
* [Ruby] Fix: (SIGSEGV) gRPC-Ruby issue on Windows. memory alloc infinite
recursion/run out of memory (#8195)
* Fix jruby support to handle messages nested more than 1 level deep (#8194)
Java
* Avoid possible UnsupportedOperationException when using CodedInputSteam
with a direct ByteBuffer.
* Make Durations.comparator() and Timestamps.comparator() Serializable.
* Add more detailed error information for dynamic message field type
validation failure
* Removed declarations of functions declared in java_names.h from
java_helpers.h.
* Now Proto3 Oneof fields have "has" methods for checking their presence in
Java.
* Annotates Java proto generated *_FIELD_NUMBER constants.
* Add -assumevalues to remove JvmMemoryAccessor on Android.
C#
* Fix parsing negative Int32Value that crosses segment boundary (#8035)
* Change ByteString to use memory and support unsafe create without copy (#7645)
* Optimize MapField serialization by removing MessageAdapter (#8143)
* Allow FileDescriptors to be parsed with extension registries (#8220)
* Optimize writing small strings (#8149)
++++ python-urllib3:
- update to 1.26.4:
* Changed behavior of the default ``SSLContext`` when connecting to HTTPS proxy
during HTTPS requests. The default ``SSLContext`` now sets ``check_hostname=True``.
++++ qemu:
- Fix DoS in e1000 emulated device (CVE-2021-20257 bsc#1182577)
e1000-fail-early-for-evil-descriptor.patch
++++ raspberrypi-firmware:
- Fix previous change. No need to set DWC2 in host mode. OTG works fine on
production CM4 IO boards. It was being tested earlier on a pre-release
development board. (bsc#1183241)
- Run pre_checkin.sh, which fixed some style issues.
++++ raspberrypi-firmware-config:
- Fix previous change. No need to set DWC2 in host mode. OTG works fine on
production CM4 IO boards. It was being tested earlier on a pre-release
development board. (bsc#1183241)
- Run pre_checkin.sh, which fixed some style issues.
++++ raspberrypi-firmware-config-camera:
- Fix previous change. No need to set DWC2 in host mode. OTG works fine on
production CM4 IO boards. It was being tested earlier on a pre-release
development board. (bsc#1183241)
- Run pre_checkin.sh, which fixed some style issues.
------------------------------------------------------------------
------------------ 2021-3-15 - Mar 15 2021 -------------------
------------------------------------------------------------------
++++ compat-usrmerge:
- update file lists based on current factory data
++++ kernel-default:
- Refresh
patches.rpmify/kbuild-dummy-tools-fix-inverted-tests-for-gcc.patch.
- Refresh
patches.rpmify/kbuild-dummy-tools-support-MPROFILE_KERNEL-checks-fo.patch.
- Refresh
patches.suse/ALSA-hda-Avoid-spurious-unsol-event-handling-during-.patch.
- Refresh
patches.suse/ALSA-hda-Flush-pending-unsolicited-events-before-sus.patch.
- Refresh
patches.suse/ALSA-hda-hdmi-Cancel-pending-works-before-suspend.patch.
- Refresh
patches.suse/ALSA-usb-Add-Plantronics-C320-M-USB-ctrl-msg-delay-q.patch.
- Refresh
patches.suse/ALSA-usb-audio-Apply-the-control-quirk-to-Plantronic.patch.
Update upstream status.
- commit 3222af6
++++ ncurses:
- Add ncurses patch 20210313
+ improve configure CF_LD_SEARCHPATH macro used for ncurses*-config and
".pc" files, from dialog changes.
+ reduce dependency of math-library in test programs.
+ minor fixes for test_tparm.c (cf: 20210306)
+ mention "ncurses" prefix in curses_version() manpage (report by
Michal Bielinski).
++++ sqlite3:
- update to 3.35.0:
* Added built-in SQL math functions().
(Requires the -DSQLITE_ENABLE_MATH_FUNCTIONS compile-time option.)
* Added support for ALTER TABLE DROP COLUMN.
* Generalize UPSERT:
* Allow multiple ON CONFLICT clauses that are evaluated in order,
* The final ON CONFLICT clause may omit the conflict target and yet still use DO UPDATE.
* Add support for the RETURNING clause on DELETE, INSERT, and UPDATE statements.
* Use less memory when running VACUUM on databases containing very large TEXT
or BLOB values. It is no longer necessary to hold the entire TEXT or BLOB
in memory all at once.
* Add support for the MATERIALIZED and NOT MATERIALIZED hints when specifying
common table expressions. The default behavior was formerly NOT
MATERIALIZED, but is now changed to MATERIALIZED for CTEs that are used
more than once.
* The SQLITE_DBCONFIG_ENABLE_TRIGGER and SQLITE_DBCONFIG_ENABLE_VIEW settings
are modified so that they only control triggers and views in the main
database schema or in attached database schemas and not in the TEMP schema.
TEMP triggers and views are always allowed.
* Query planner/optimizer improvements
* Enhance the ".stats" command to accept new arguments "stmt" and "vmstep",
causing prepare statement statistics and only the virtual-machine step
count to be shown, respectively.
* Add the ".filectrl data_version" command.
* Enhance the ".once" and ".output" commands so that if the destination
argument begins with "|" (indicating that output is redirected into a pipe)
then the argument does not need to be quoted.
* Fix a bug in the IN-operator optimization of version 3.33.0 that can cause
an incorrect answer.
* Fix incorrect answers from the LIKE operator if the pattern ends with "%"
and there is an "ESCAPE '_'" clause.
++++ systemd:
- Import commit 9753d1c17545a5d46530696cb14254f5f12024f1 (merge of v246.11)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/134cf1c8bc3e361a2641161aa11ac2b5b990480b...9753d1c17545a5d46530696cb14254f5f12024f1
- Rebase 0001-conf-parser-introduce-early-drop-ins.patch
- Import commit 13bc08870147b35f87cefb074aec22e767b7ac04
846d61e0a1 boot: Move console declarations to missing_efi.h
171a37228b boot: Add startswith() and endswith() functions with no_case variants
0fad9f309a boot: Drop unnecessary braces
c38bbb0874 boot: Fix void pointer arithmetic warning
438210924b boot: Replace raw efivar gets with typed variants
e46cb3e4a0 boot: Add efivar_get/set_uint64_le() functions
e16bee35c8 boot: Rename efivar_get/set_int() to efivar_get/set_uint_string()
2808d0e9a3 boot: Tighten scope of variables used in loops
d3f3d57743 boot: Add efivar_get_boolean_u8()
0551ecce71 boot: Make all efivar util functions take the guid as an argument
8376ba3b9f boot: Turn all guid constants into C99 compound initializers
166fc2dad2 boot: Enable C99
c87d66e261 boot: Move Secure Boot logic to new file
da7bba9438 udev: fix memleak
e06139117c nspawn: make rootfs relative to oci bundle path (bsc#1182598)
8ba587d46c PATCH] Always free deserialized_subscribed on reload (bsc#1180020)
++++ qemu:
- Fix incorrect guest data in s390x PCI passthrough (bsc#1183372)
s390x-pci-restore-missing-Query-PCI-Func.patch
++++ raspberrypi-firmware:
- Set CM4's DWC2 in host mode by default (bsc#1183241)
++++ raspberrypi-firmware-config:
- Set CM4's DWC2 in host mode by default (bsc#1183241)
++++ raspberrypi-firmware-config-camera:
- Set CM4's DWC2 in host mode by default (bsc#1183241)
++++ raspberrypi-firmware-dt:
- Update to 16991af20b (2021-03-15) (bsc#1183238):
* overlays: Add pcie-32bit-dma overlay
++++ vim:
- Updated to version 8.2.2607, fixes the following problems
* Focus events end Insert mode if 'esckeys' is not set.
* Vim9: "..=" not always recognized.
* Vim9: Function name is not recognized.
* Vim9: no error if variable is defined for existing function.
* Second time a preview popup is opened highlight is not set. (Gabriel
Dupras)
* 'fillchars' "stl" and "stlnc" items must be single byte.
* Tests fail when run as root.
* Test may leave file behind.
* Vim9: crash when getting the types for a legacy function.
* Vim9: using invalid pointer for error message.
* Vim9: crash when calling partial with wrong function.
* Vim9: a function name with "->" in the next line doesn't work.
* Vim9: defining a :func function checks for white space after a comma in
the arguments.
* Compiler warning for type conversion.
* Lua cannot handle a passed in lambda.
* Vim9: crash in garbagecollect after for loop.
* Vim9: checking vararg type is wrong when function is auto-loaded.
* Vim9: sourcing Vim9 script triggers a redraw.
* Vim9: screendump test fails on MS-Windows.
* Vim9: cannot compare result of getenv() with null.
* Vim9: type error for assigning the result of list concatenation to a list.
* Vim9: illegal memory access.
* Process id may be invalid.
* Recover test fails on FreeBSD.
* Build failure with tiny features.
* Recover test hangs in the GUI.
* Vim9: default argument value may cause internal error.
* Poke files are not recognized.
* Code coverage could be improved.
* List of distributed files is incomplete.
* Alternate buffer added to session file even when it's hidden.
* Setting 'winminheight' may cause 'lines' to change.
* :doautocmd may confuse scripts listening to WinEnter.
* Vim9: "import * as" does not work at script level.
* Vim9: :open does not need to be supported.
* Build failure.
* Vim9: crash when putting an unknown type in a dictionary. (Yegappan
Lakshmanan)
* Memory usage test often fails on FreeBSD.
* Vim9: continue doesn't work if :while is very first command. (Yegappan
Lakshmanan)
* Vim9: no effect if user command is also a function.
* GUI-specific command line arguments not tested.
* Vim9: string index and slice does not include composing chars.
* strchars() defaults to counting composing characters.
* strcharpart() cannot include composing characters.
++++ xauth:
- modernize spec file (move license to licensedir)
------------------------------------------------------------------
------------------ 2021-3-14 - Mar 14 2021 -------------------
------------------------------------------------------------------
++++ e2fsprogs:
- e2fsprogs 1.46.2:
* tune2fs -c now takes "random" argument
* Add support for the FS_NOCOMP_FL flag to chattr and lsattr
* Fix warnings when resizing small file systems to a super-large
* Fix the debugfs rdump and ls commands so they will work correctly
for uid's and gid's => 65536
* Fix the debugfs write and symlink commands so they support
targets which contain a pathname
* Fix Direct I/O support on block devices where the logical block
size is greater 1k
* Fix debugfs's logdump so it works on file systems whose block
size is greater than 8k
* Fix a crash when there is error while e2fsck is trying to open
the file system, and e2fsck calls ext2fs_mmp_stop() before MMP
has been initialized
* Improved error checking in the fast commit replay code in e2fsck
* Fix various compiler and Coverity warnings
* Update the Spanish translation from the translation project
++++ kernel-default:
- Update to 5.12-rc3
- eliminated 3 patches
- patches.rpmify/kbuild-dummy-tools-adjust-to-scripts-cc-version.sh.patch
- patches.rpmify/kbuild-dummy-tools-fix-inverted-tests-for-gcc.patch
- patches.rpmify/kbuild-dummy-tools-support-MPROFILE_KERNEL-checks-fo.patch
- update configs
- COMPILE_TEST=n (s390x)
- TMPFS_INODE64=y (s390x)
- commit 89b1f10
- config: update with dummy toolchain
- new config options:
- GCC_PLUGINS=y
- GCC_PLUGIN_CYC_COMPLEXITY is not set
- GCC_PLUGIN_LATENT_ENTROPY is not set
- GCC_PLUGIN_RANDSTRUCT is not set
- GCC_PLUGIN_STRUCTLEAK_USER is not set
- GCC_PLUGIN_STRUCTLEAK_BYREF is not set
- GCC_PLUGIN_STRUCTLEAK_BYREF_ALL is not set
- commit 6e44961
- drm/amd/display: Revert dram_clock_change_latency for DCN2.1
(bsc#1183424).
- drm/amd/display: Copy over soc values before bounding box
creation (bsc#1183424).
- commit bd60fa9
++++ perl:
- update to 5.32.1:
There are no changes intentionally incompatible with Perl 5.32.0.
* Data::Dumper has been upgraded from version 2.174 to 2.174_01.
A number of memory leaks have been fixed.
* DynaLoader has been upgraded from version 1.47 to 1.47_01.
* Module::CoreList has been upgraded from version 5.20200620 to
5.20210123.
* Opcode has been upgraded from version 1.47 to 1.48.
A warning has been added about evaluating untrusted code with the
perl interpreter.
* Safe has been upgraded from version 2.41 to 2.41_01.
A warning has been added about evaluating untrusted code with the
perl interpreter.
------------------------------------------------------------------
------------------ 2021-3-13 - Mar 13 2021 -------------------
------------------------------------------------------------------
++++ cryptsetup:
- cryptsetup 2.3.5:
* Fix partial reads of passphrase from an interactive terminal
* Fix maximum length of password entered through a terminal
* integritysetup: support new dm-integrity HMAC recalculation
options
* integritysetup: display of recalculating sector in dump command
* veritysetup: fix verity FEC if stored in the same image with
hashes
* veritysetup: run FEC repair check even if root hash fails
* veritysetup: do not process hash image if hash area is empty
* veritysetup: store verity hash algorithm in superblock in
lowercase
* bitlk: fix a crash if the device disappears during BitLocker
scan
* bitlk: show a better error when trying to open an NTFS device
* bitlk: add support for startup key protected VMKs
* Fix LUKS1 repair code (regression since version 1.7.x)
* Fix luksKeyChange for LUKS2 with assigned tokens
* Fix cryptsetup resize using LUKS2 tokens
* Print a visible error if device resize is not supported
* Add error message when suspending wrong non-LUKS device
* Fix default XTS mode key size in reencryption
* Rephrase missing locking directory warning and move it to
debug level
* Many fixes for the use of cipher_null (empty debug cipher)
* Fixes for libpasswdqc 2.0.x (optional passphrase quality check)
* Fixes for problems discovered by various tools for code
analysis
* Various fixes to man pages
- silence hmac packaging warnings
++++ liburing:
- skip building the tests that are neither installed nor run
as they fail to build on 32bit platforms (like e.g. armv7l) (bsc#1181571)
- update to 2.0:
* Sync io_uring.h API file with Linux 5.12
* helpers: prefix any helper with t_ instead of io_uring_
* helpers: add io_uring_create_buffers() helper
* helpers: add io_uring_create_file() helper
* helpers: add io_uring_calloc helper
* helpers: add io_uring_posix_memalign helper
* setup: cleanup probe code
* setup: check whether malloc succ before using it
* io_uring_prep_sync_file_range: cleanups
* .gitignore: add sendmsg_fs_cve
* Added prep function for sync_file_range op
* Install man7 pages
* src/queue: never clear data->wait_nr
* src/queue: control kernel enter with a var
* src/queue: don't re-wait for CQEs
* src/queue: don't loop when don't enter
* src/queue: clean _io_uring_get_cqe() err handling
* src/queue: don't wait for less than expected
* Add inline doc in the comments for io_uring_prep_splice
* Fix sigset_t not found in liburing.h
* src/queue: update comment on io_uring_wait_cqes() with timeouts
* io_uring.h: 5.12 pending kernel sync
* man/io_uring_register.2: fix spelling error
* man/io_uring_register.2: Add documentation on IORING_REGISTER_FILES_SKIP
* Add two ring deadlock case
* Fix IORING_OP_FALLOCATE args in io_uring_enter(2) man page
* src/queue: Fix a typo in `__io_uring_flush_sq()`
* src/queue: fix `sq_ring_needs_enter()` indentation
* src/queue: refactor io_uring_get_sqe()
* man/io_uring_setup.2: correct 5.10 -> 5.11 for non-fixed files and SQPOLL
* man/io_uring_enter.2: document new opcodes
* man/io_uring_enter.2: ensure all IORING_ENTER_* flags are documented
* src/queue: add comment on why reading SQ->head for flush isn't atomic
* liburing.h: fix 32-bit compile warning
* man/io_uring.7: Fix typo
* man/io_uring_enter.2: describe timeout updates
* Don't enter the kernel to wait on cqes if they are already available.
* Add timeout update
* remove zero-size array in io_uring.h
* Rename SIG_IS_DATA -> EXT_ARG
* Update SIG_IS_DATA to modified kernel API
* Use IORING_ENTER_GETEVENTS_TIMEOUT if available
* Add wrapper for __io_uring_get_cqe()
* Add __sys_io_uring_enter2()
* Include 'features' in struct io_uring
* io_uring.h: update with 5.11-pending copy
* Fix compilation with iso C standard (c89, c99 and c11)
* examples: disable ucontext-cp if ucontext.h is not available
* Moves function calls out of assert().
* liburing.h: add renameat/unlinkat prep helpers
* io_uring.h: add renameat and unlinkat opcodes
* configure: Fix unsafe temporary file creation
* Add const modifier to functions that do not change the state of the ring
* man/io_uring_enter.2: clarify POLL_ADD return value
* Add get_sqe manpage to debian package
* Add man page for io_uring_get_sqe
* man/io_uring_enter.2: add EACCES and EBADFD errors
* man/io_uring_register.2: add description of restrictions
* man/io_uring_setup.2: add IORING_SETUP_R_DISABLED description
* Makefile: add .PHONY dependency
* man/io_uring_enter.2: split ERRORS section in two sections
* liburing.h: add `io_uring_prep_tee`
* Fix build flag settings
* .gitignore: Add sq-poll-dup
* man/io_uring_enter.2: clarify PROVIDE_BUFFERS requirements
* Update packaging/installation for new man pages
* man/io_uring.7: clarify submission/completion ordering
* man/io_uring.7: style and barrier updates
* Add man page for io_uring_queue_exit
* Add man page for io_uring_queue_init
* Adding section 7 man page for io_uring
* probes: provide our own free function
* .gitignore: add pipe-reuse
* Fold versioned symbols into LIBURING_2.0 version node
* Remove versioned symbols not provided by the shared library anymore
* man/io_uring_setup.2: improve SQPOLL wakeup example
* Fix io_uring_sq_ready() to use load acquire to read khead.
* io_uring.h: fix missing tab
* Bump major version to 2
* Add IORING_OP_SHUTDOWN and prep helper
* Add a few function comments in liburing.h
* Add io_uring_sqring_wait()
* io_uring.h: add new definitions from 5.10
* man/io_uring_setup.2: document missing IORING_FEAT_* feature flags
* man/io_uring_enter.2: add description of buffer selections
* build: Output CXX on quiet output when using a C++ compiler
* Fix missing 'c' in sigfd-deadlock addition
* Add helper to enable rings
* Add helper to register restrictions
* io_uring.h: add register restrictions and enable ring defines
* io_uring.h: use an enumeration for io_uring_register(2) opcodes
* io_uring_prep_splice(): fix type (again)
* Use the right type for io_uring_prep_splice()
* syscall: make syscall.h independently includeable
* sq_ring_needs_enter: revert change to only enter if submit != 0
* man/io_uring_setup.2: document IORING_SETUP_ATTACH_WQ
* update debian/changelog
* update debian/liburing1.symbols
* debian/rules: pass down relativelibdir in order to get an absolute path
* man/io_uring_setup.2: document IORING_SETUP_CLAMP
* man/io_uring_enter: fix openat sqe doc
- update to 0.7:
* io_uring.h: sync with kernel
* io_uring_peek_batch_cqe should also check cq ring overflow
* Check cq ring overflow status
* configure: fix typos in help/error messages
* src/setup: clarify that we always return -errno on error
* man/io_uring_enter.2: updated io_uring_sqe and fixed incorrect flag references.
* Removed misplaced periods from io_uring_enter(2).
* Merge branch 'readme' of https://github.com/jobs-git/liburing
* Make readme sensible
* man/io_uring_enter: update connect to note use of const
* Merge branch 'master' of https://github.com/KayEss/liburing
* Take `sockaddr` immutably in io_uring_prep_connect
* Merge branch 'dev' of https://github.com/CarterLi/liburing
* Merge branch 'fix-splice-docs' of https://github.com/gerow/liburing
* man: fix description of splice offsets
* .travis.yml: Change the language from C to C++
* configure: Use $CC and $CXX as default compilers if set
* Make the liburing header files again compatible with C++
* src/include/liburing/barrier.h: Restore clang compatibility
* src/Makefile: Only specify -shared at link time
* Merge branch 'openat_o_path' of https://github.com/MaxKellermann/liburing
* Convert __io_uring_get_sqe() from a macro into an inline function
* src/include/liburing/barrier.h: Use C11 atomics
* Makefiles: Enable -Wextra
* Bump version to 1.0.7
* change poll_events to 32 bits to cover EPOLLEXCLUSIVE
* examples/ucontext-cp.c: use IORING_OP_TIMEOUT
* man/io_uring_enter: correct the description of
* man/io_uring_register.2: add IORING_CQ_EVENTFD_DISABLED description
* Add helpers to set and get eventfd notification status
* man/io_uring_setup.2: add 'flags' field in the struct io_cqring_offsets
* Add CQ ring 'flags' field
* remove duplicate call to __io_uring_peek_cqe()
* update wait_nr to account for completed event
* preseve wait_nr if SETUP_IOPOLL is set
* man/io_uring_enter.2: add IORING_OP_TEE entry
* update io_uring.h with tee()
* Merge branch 'master' of https://github.com/shuveb/liburing
* Adding section to describe IORING_OP_EPOLL_CTL
* fix missing '#include <sys/stat.h>' in 'src/include/liburing.h
* fix build on musl libc
* Use uint64_t for splice offsets
* Use __off64_t for offsets
* Merge branch 'master' of https://github.com/shuveb/liburing
* Adding description for the IORING_OP_SPLICE operation
* Merge branch 'master' of https://github.com/shuveb/liburing
* Adding section describing IORING_OP_OPENAT2
* Fix 32-bit warnings on compile
* __io_uring_get_cqe: silence signed vs unsigned comparison warning
* io_uring_get_sqe: always use khead
------------------------------------------------------------------
------------------ 2021-3-12 - Mar 12 2021 -------------------
------------------------------------------------------------------
++++ cryptsetup:
- move licenses to licensedir
++++ transactional-update:
- Revert inotify-tools dependency: The package is not available in
SLE. This will probably have to be implemented as a native C
version.
- Version 3.2.2
- Don't skip patches with rebootSuggested flag [bsc#1183442]
++++ gnutls:
- Update to 3.7.1:
[bsc#1183456, CVE-2021-20232] [bsc#1183457, CVE-2021-20231]
* Fixed potential use-after-free in sending "key_share" and
"pre_shared_key" extensions.
* Fixed a regression in handling duplicated certs in a chain.
* Fixed sending of session ID in TLS 1.3 middlebox compatibility
mode. In that mode the client shall always send a non-zero
session ID to make the handshake resemble the TLS 1.2
resumption; this was not true in the previous versions.
* Removed dependency on the external 'fipscheck' package,
when compiled with --enable-fips140-mode.
* Added padlock acceleration for AES-192-CBC.
- Remove patches upstream:
* gnutls-gnutls-cli-debug.patch
* gnutls-ignore-duplicate-certificates.patch
* gnutls-test-fixes.patch
++++ kernel-default:
- Refresh media fixes to the upstreamed version (bsc#1181104)
Refreshed:
patches.suse/media-dvb-usb-Fix-memory-leak-at-error-in-dvb_usb_de.patch
patches.suse/media-dvb-usb-Fix-use-after-free-access.patch
- commit 101728a
++++ multipath-tools:
- Update to version 0.8.5+26+suse.2cbedfd:
Avoid "illegal request" errors on non-RDAC storage
(bsc#1182072, bsc#1177371)
++++ libvirt:
- virtlockd, virtlogd: Fix exec-restart
6b8e9613-avoid-use-after-free.patch,
eab7ae6b-fix-array-access.patch,
c363f03e-virnetdaemon-intro-virNetDaemonQuitExecRestart.patch,
ccc6dd8f-fix-exec-restart.patch
bsc#1183411
++++ python-pyzmq:
- Clean up of SPEC file, while investigating test suite errors.
++++ qemu:
- Include upstream patches designated as stable material and
reviewed for applicability to include here
lsilogic-Use-PCIDevice-exit-instead-of-D.patch
vhost-user-blk-fix-blkcfg-num_queues-end.patch
- Fix potential privilege escalation in virtfs (CVE-2021-20181
bsc#1182137)
9pfs-Fully-restart-unreclaim-loop-CVE-20.patch
- Fix OOB access in vmxnet3 emulation (CVE-2021-20203 bsc#1181639)
net-vmxnet3-validate-configuration-value.patch
- Add #!ForceMultiversion to qemu.spec:
+ As the spec file defines different Version: fiels for various
subpackages, we must instruct OBS to not ever reset the
checkin-counter, as it would by defalut on a version increase.
Resetting the version counter results in sub-packages reusing
their VERSION-RELEASE from the past (e.g. qemu-ipxe is version
1.0.0+, and upon checkin of a new qemu version, RELEASE is
reset to 1.1, thus again producing
qemu-ipxe-1.0.0+-1.1.noarch.rpm.
++++ raspberrypi-firmware:
- Update to 0591568b29 (2021-03-10) (bsc#1183444):
* firmware: video_decode lockup handling
* firmware: isp: Initialise extras to avoid vpitch being random
* firmware: usb: Fix dropouts with USB ethernet gadget
* firmware: imx477: Allow long exposures for the binned modes.
* firmware: arm_dispmanx: Use ALPHA_MIX flag
* firmware: power: Refactor the interface to the PMICs
* firmware: platform: vl805: Get BAR2 address from PCIe BAR2 registers
* firmware: arm_loader: Return all borrowed DMA channels
++++ raspberrypi-firmware-config:
- Update to 0591568b29 (2021-03-10) (bsc#1183444):
* firmware: video_decode lockup handling
* firmware: isp: Initialise extras to avoid vpitch being random
* firmware: usb: Fix dropouts with USB ethernet gadget
* firmware: imx477: Allow long exposures for the binned modes.
* firmware: arm_dispmanx: Use ALPHA_MIX flag
* firmware: power: Refactor the interface to the PMICs
* firmware: platform: vl805: Get BAR2 address from PCIe BAR2 registers
* firmware: arm_loader: Return all borrowed DMA channels
++++ raspberrypi-firmware-config-camera:
- Update to 0591568b29 (2021-03-10) (bsc#1183444):
* firmware: video_decode lockup handling
* firmware: isp: Initialise extras to avoid vpitch being random
* firmware: usb: Fix dropouts with USB ethernet gadget
* firmware: imx477: Allow long exposures for the binned modes.
* firmware: arm_dispmanx: Use ALPHA_MIX flag
* firmware: power: Refactor the interface to the PMICs
* firmware: platform: vl805: Get BAR2 address from PCIe BAR2 registers
* firmware: arm_loader: Return all borrowed DMA channels
++++ selinux-policy:
- Adjust fix_init.patch to allow systemd to do sd-listen on
tcp socket [bsc#1183177]
++++ zisofs-tools:
- refresh spec file (update licensedir)
------------------------------------------------------------------
------------------ 2021-3-11 - Mar 11 2021 -------------------
------------------------------------------------------------------
++++ grub2:
- Fix chainloading windows on dual boot machine (bsc#1183073)
* 0001-kern-efi-sb-Add-chainloaded-image-as-shim-s-verifiab.patch
++++ kernel-default:
- Linux 5.11.6 (bsc#1012628).
- nvme-pci: add quirks for Lexar 256GB SSD (bsc#1012628).
- nvme-pci: mark Seagate Nytro XM1440 as QUIRK_NO_NS_DESC_LIST
(bsc#1012628).
- KVM: SVM: Clear the CR4 register on reset (bsc#1012628).
- scsi: ufs: Fix a duplicate dev quirk number (bsc#1012628).
- ASoC: Intel: sof_sdw: add quirk for HP Spectre x360 convertible
(bsc#1012628).
- ASoC: Intel: sof_sdw: reorganize quirks by generation
(bsc#1012628).
- PCI: cadence: Retrain Link to work around Gen2 training defect
(bsc#1012628).
- HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire
Switch 10E (bsc#1012628).
- ALSA: usb-audio: add mixer quirks for Pioneer DJM-900NXS2
(bsc#1012628).
- ALSA: usb-audio: Add DJM750 to Pioneer mixer quirk
(bsc#1012628).
- HID: i2c-hid: Add I2C_HID_QUIRK_NO_IRQ_AFTER_RESET for ITE8568
EC on Voyo Winpad A15 (bsc#1012628).
- mmc: sdhci-of-dwcmshc: set SDHCI_QUIRK2_PRESET_VALUE_BROKEN
(bsc#1012628).
- drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register
(bsc#1012628).
- scsi: ufs: ufs-exynos: Use UFSHCD_QUIRK_ALIGN_SG_WITH_PAGE_SIZE
(bsc#1012628).
- scsi: ufs: ufs-exynos: Apply vendor-specific values for three
timeouts (bsc#1012628).
- scsi: ufs: Introduce a quirk to allow only page-aligned sg
entries (bsc#1012628).
- misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B
eeprom (bsc#1012628).
- scsi: ufs: Add a quirk to permit overriding UniPro defaults
(bsc#1012628).
- scsi: ufs-mediatek: Enable
UFSHCI_QUIRK_SKIP_MANUAL_WB_FLUSH_CTRL (bsc#1012628).
- iommu/amd: Fix sleeping in atomic in increase_address_space()
(bsc#1012628).
- btrfs: don't flush from btrfs_delayed_inode_reserve_metadata
(bsc#1012628).
- btrfs: export and rename qgroup_reserve_meta (bsc#1012628).
- arm64: Make CPU_BIG_ENDIAN depend on ld.bfd or ld.lld 13.0.0+
(bsc#1012628).
- parisc: Enable -mlong-calls gcc option with CONFIG_COMPILE_TEST
(bsc#1012628).
- nvme-pci: mark Kingston SKC2000 as not supporting the deepest
power state (bsc#1012628).
- media: cedrus: Remove checking for required controls
(bsc#1012628).
- io_uring: don't take uring_lock during iowq cancel
(bsc#1012628).
- io_uring/io-wq: return 2-step work swap scheme (bsc#1012628).
- io_uring/io-wq: kill off now unused IO_WQ_WORK_NO_CANCEL
(bsc#1012628).
- io_uring: get rid of intermediate IORING_OP_CLOSE stage
(bsc#1012628).
- fs: provide locked helper variant of close_fd_get_file()
(bsc#1012628).
- io_uring: deduplicate failing task_work_add (bsc#1012628).
- io_uring: unpark SQPOLL thread for cancelation (bsc#1012628).
- io_uring: deduplicate core cancellations sequence (bsc#1012628).
- io_uring: fix inconsistent lock state (bsc#1012628).
- commit 7358b30
++++ lua54:
- Add upstream-bugs.patch and upstream-bugs-test.patch to fix
bugs 2,3,4 for build and tests respectively.
++++ nfs-utils:
- Include nfsd kernel module Requires (bsc#1089118)
++++ open-iscsi:
- Updated to latest upstream 2.1.4 as 2.1.4-suse, which contains
these changes not already present:
* Enable iscsi.service asynchronous logins, cleanup services
(bsc#1183421)
* libopeniscsiusr: dont error loudly if a session isn't found when
working through iscsi_sessions_get()
* libopeniscsiusr: skip over removed sessions
* libopeniscsiusr: fix error messages
* Avoid hardcoding pkg-config to fix cross build
* Fix iscsistart login issue when target is delayed.
++++ libpng16:
- enable hardware optimizations (such as SSE)
++++ polkit:
- Move /etc/dbus-1/system.d to /usr/share/dbus-1/system.d, the
first location is only for admin changes
- Move pam configuration to /usr/etc/pam.d
++++ systemd:
- create subpackage systemd-experimental to host pstore, repart,
userdb and homed
- Make sure the udev socket units are reloaded during udev package updates
++++ ovmf:
- Update to edk2-stable202102
* ArmVirtPkg: support extra pci root bridges (pxb)
* SEV Encrypted Boot for Ovmf (remote attestation)
* virtio-fs driver for OvmfPkg and ArmVirtPkg
* Apply SEV-ES mitigations for encryption bit position and MMIO
* Add Core CI support for StandaloneMmPkg
* Update LZMA module to LZMA SDK latest version 19.00
* Port open source JSON library (jansson)
* add file buffering to the UEFI shell's COMP command
* Shell: pathname / filename sorting
* Extend support of peripheral x64 MM_STANDALONE drivers
* BaseTools: Convert the Split tool from C language to Python
* ArmPkg: Add Universal/Smbios
* Move to Pip based Basetools python
* Add support for use of FF-A callsw
- Drop upstreamed patches:
+ ovmf-jscSLE-16075-SEV-ES-use-physical-address.patch
+ ovmf-bsc1180079-amd-sev-es-mitigation.patch
++++ shim:
- Refresh shim-bsc1182776-fix-crash-at-exit.patch to do the cleanup
also when Secure Boot is disabled (bsc#1183213, bsc#1182776)
- Merged linker-version.pl into timestamp.pl and add the linker
version to signature files accordingly
++++ toolbox:
- Update to version 2.1+git20210311.15cb3ad:
* Don't check for subuid if root calls toolbox [bsc#1183375]
------------------------------------------------------------------
------------------ 2021-3-10 - Mar 10 2021 -------------------
------------------------------------------------------------------
++++ transactional-update:
- Version 3.2.1
- t-u: Forward --quiet option to tukit
- Regression: Add /opt as bind mount into update environment
- Remove output indicators of the called command to not tamper
the result line
- Fix /etc syncing with --drop-if-no-change
- Requires inotify-tool to have --drop-if-no-change available
++++ file:
- Remove patch file-5.12-zip.dif as it is upstream solved (boo#1183143)
++++ kernel-default:
- ALSA: hda/hdmi: Cancel pending works before suspend
(bsc#1182377).
- ALSA: hda: Avoid spurious unsol event handling during S3/S4
(bsc#1182377).
- ALSA: hda: Flush pending unsolicited events before suspend
(bsc#1182377).
- commit 85f6d4b
- rpm/check-for-config-changes: comment on the list
To explain what it actually is.
- commit e94bacf
- ACPICA: Fix race in generic_serial_bus (I2C) and GPIO op_region
parameter handling (bsc#1012628).
- rpm/check-for-config-changes: define ignores more strictly
* search for whole words, so make wildcards explicit
* use ' for quoting
* prepend CONFIG_ dynamically, so it need not be in the list
- commit 7b06a8c
- rpm/check-for-config-changes: sort the ignores
They are growing so to make them searchable by humans.
- commit 67c6b55
- rpm/check-for-config-changes: add -mrecord-mcount ignore
Added by 3b15cdc15956 (tracing: move function tracer options to Kconfig)
upstream.
- commit 018b013
- Refresh
patches.rpmify/kbuild-dummy-tools-fix-inverted-tests-for-gcc.patch.
- Refresh
patches.rpmify/kbuild-dummy-tools-support-MPROFILE_KERNEL-checks-fo.patch.
Update upstream status.
- commit c867c19
- kbuild: dummy-tools: adjust to scripts/cc-version.sh
(bsc#1181862).
- commit cfbfafc
++++ libisofs:
- Support building against libjte-1 or libjte-2.
++++ multipath-tools:
- Update to version 0.8.5+23+suse.c11b054:
* multipath -U: reduce log level of "adding new path" message
(bsc#1181435, bsc#1183666)
++++ procps:
- Don't install translated man pages for non-installed binaries
(uptime, kill).
++++ snapper:
- updated translations (bsc#1149754)
++++ systemd:
- fix-machines-btrfs-subvol.sh is only shipped when machined is built
++++ libvirt:
- Replace libxl-default-pcistub-name.patch with upstream variant
ee3dc2c2-libxl-default-pcistub-name.patch
++++ salt:
- virt.network_update: handle missing ipv4 netmask attribute
- Added:
* virt.network_update-handle-missing-ipv4-netmask-attr.patch
++++ raspberrypi-firmware:
- Fix typo s/pannel/panel/
++++ raspberrypi-firmware-config:
- Fix typo s/pannel/panel/
++++ raspberrypi-firmware-config-camera:
- Fix typo s/pannel/panel/
++++ rebootmgr:
- Update to version 1.3.1
- Move all dbus config files to /usr/share/dbus-1
++++ systemd-presets-common-SUSE:
- Enable user service pipewire-media-session.service (used with
pipewire >= 0.3.23).
------------------------------------------------------------------
------------------ 2021-3-9 - Mar 9 2021 -------------------
------------------------------------------------------------------
++++ ca-certificates:
- Update to version 2+git20210309.8214505:
* Make sure to trigger in transactional mode (boo#1179884)
++++ checkpolicy:
- Update to version 3.2
* Fix a memleak and an integer overflow
++++ kernel-default:
- Delete patches.rpmify/Kconfig-make-CONFIG_CC_CAN_LINK-always-true.patch.
Should not be needed anymore with dummy-tools.
- commit 41fc82c
- Linux 5.11.5 (bsc#1012628).
- ALSA: hda/realtek: Enable headset mic of Acer SWIFT with ALC256
(bsc#1012628).
- ALSA: usb-audio: use Corsair Virtuoso mapping for Corsair
Virtuoso SE (bsc#1012628).
- ALSA: usb-audio: Don't abort even if the clock rate differs
(bsc#1012628).
- ALSA: usb-audio: Drop bogus dB range in too low level
(bsc#1012628).
- ALSA: usb-audio: Allow modifying parameters with succeeding
hw_params calls (bsc#1012628).
- tpm, tpm_tis: Decorate tpm_tis_gen_interrupt() with
request_locality() (bsc#1012628).
- tpm, tpm_tis: Decorate tpm_get_timeouts() with
request_locality() (bsc#1012628).
- btrfs: avoid double put of block group when emptying cluster
(bsc#1012628).
- btrfs: fix raid6 qstripe kmap (bsc#1012628).
- btrfs: fix race between writes to swap files and scrub
(bsc#1012628).
- btrfs: fix race between swap file activation and snapshot
creation (bsc#1012628).
- btrfs: fix stale data exposure after cloning a hole with
NO_HOLES enabled (bsc#1012628).
- btrfs: tree-checker: do not error out if extent ref hash
doesn't match (bsc#1012628).
- btrfs: fix race between extent freeing/allocation when using
bitmaps (bsc#1012628).
- btrfs: validate qgroup inherit for SNAP_CREATE_V2 ioctl
(bsc#1012628).
- btrfs: free correct amount of space in
btrfs_delayed_inode_reserve_metadata (bsc#1012628).
- btrfs: fix spurious free_space_tree remount warning
(bsc#1012628).
- btrfs: unlock extents in btrfs_zero_range in case of quota
reservation errors (bsc#1012628).
- btrfs: fix warning when creating a directory with smack enabled
(bsc#1012628).
- PM: runtime: Update device status before letting suppliers
suspend (bsc#1012628).
- ring-buffer: Force before_stamp and write_stamp to be different
on discard (bsc#1012628).
- io_uring: ignore double poll add on the same waitqueue head
(bsc#1012628).
- dm bufio: subtract the number of initial sectors in
dm_bufio_get_device_size (bsc#1012628).
- dm verity: fix FEC for RS roots unaligned to block size
(bsc#1012628).
- drm/amd/pm: correct Arcturus mmTHM_BACO_CNTL register address
(bsc#1012628).
- drm/amdgpu:disable VCN for Navi12 SKU (bsc#1012628).
- drm/amdgpu: Only check for S0ix if AMD_PMC is configured
(bsc#1012628).
- drm/amdgpu: fix parameter error of RREG32_PCIE() in
amdgpu_regs_pcie (bsc#1012628).
- crypto - shash: reduce minimum alignment of shash_desc structure
(bsc#1012628).
- ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits
(bsc#1012628).
- RDMA/cm: Fix IRQ restore in ib_send_cm_sidr_rep (bsc#1012628).
- RDMA/rxe: Fix missing kconfig dependency on CRYPTO
(bsc#1012628).
- IB/mlx5: Add missing error code (bsc#1012628).
- ALSA: hda: intel-nhlt: verify config type (bsc#1012628).
- ftrace: Have recordmcount use w8 to read relp->r_info in
arm64_is_fake_mcount (bsc#1012628).
- ia64: don't call handle_signal() unless there's actually a
signal queued (bsc#1012628).
- rsxx: Return -EFAULT if copy_to_user() fails (bsc#1012628).
- iommu/tegra-smmu: Fix mc errors on tegra124-nyan (bsc#1012628).
- iommu: Don't use lazy flush for untrusted device (bsc#1012628).
- iommu/vt-d: Fix status code for Allocate/Free PASID command
(bsc#1012628).
- btrfs: zoned: use sector_t for zone sectors (bsc#1012628).
- tomoyo: recognize kernel threads correctly (bsc#1012628).
- r8169: fix resuming from suspend on RTL8105e if machine runs
on battery (bsc#1012628).
- commit d09469d
- ALSA: usb-audio: Apply the control quirk to Plantronics headsets
(bsc#1182552).
- ALSA: usb: Add Plantronics C320-M USB ctrl msg delay quirk
(bsc#1182552).
- commit f99c94c
++++ ncurses:
- Only libpcre2 for ncurses ABI 6
- Make linker script for ABI 6 check for needed libpcre2
- Add ncurses patch 20210306
+ improved test/test_parm.c, by limiting the tests to capabilities
that might have parameters or padding, and combined with tputs test.
+ improve discussion of padding versus tparm and tputs in
man/curs_terminfo.3x
+ update portability note for FreeBSD in man/tput.1
++++ libselinux:
- Update to version 3.2:
* Use mmap()'ed kernel status page instead of netlink by default.
See "KERNEL STATUS PAGE" section in avc_init(3) for more details.
* New log callback levels for enforcing and policy load notices -
SELINUX_POLICYLOAD, SELINUX_SETENFORCE
* Changed userspace AVC setenforce and policy load messages to audit
format.
++++ libsemanage:
- Update to version 3.2
* dropped old and deprecated symbols and functions
libsemanage version was bumped to libsemanage.so.2
* libsemanage tries to sync data to prevent empty files in SELinux module
store
++++ libsepol:
- Update to version 3.2
* more space-efficient form of storing filename transitions in the binary
policy and reduced the size of the binary policy
* dropped old and deprecated symbols and functions. Version was bumped to
libsepol.so.2
++++ policycoreutils:
- Update to version 3.2
* Tools using sepolgen, e.g. audit2allow, print extended permissions in
hexadecimal
* sepolgen sorts extended rules like normal ones
* `setfiles` doesn't abort on labeling errors
- Refreshed get_os_version.patch
++++ salt:
- Set distro requirement to oldest supported version in requirements/base.txt
- Added:
* 3002-set-distro-requirement-to-oldest-supported-vers.patch
- Do not monkey patch yaml loaders: Prevent breaking Ansible filter modules (bsc#1177474)
- Don't require python3-certifi
- Added:
* do-not-monkey-patch-yaml-bsc-1177474.patch
++++ libselinux-bindings:
- Update to version 3.2:
* Use mmap()'ed kernel status page instead of netlink by default.
See "KERNEL STATUS PAGE" section in avc_init(3) for more details.
* New log callback levels for enforcing and policy load notices -
SELINUX_POLICYLOAD, SELINUX_SETENFORCE
* Changed userspace AVC setenforce and policy load messages to audit
format.
++++ python-semanage:
- Update to version 3.2
* dropped old and deprecated symbols and functions
libsemanage version was bumped to libsemanage.so.2
* libsemanage tries to sync data to prevent empty files in SELinux module
store
++++ setools:
- Update to the version 4.4.0:
* Added support for old Boolean name substitution in seinfo and sesearch.
* Added sechecker tool which is a configuration file driven analysis tool.
++++ selinux-policy:
- Update to version 20210309
- Refreshed
* fix_systemd.patch
* fix_selinuxutil.patch
* fix_iptables.patch
* fix_init.patch
* fix_logging.patch
* fix_nscd.patch
* fix_hadoop.patch
* fix_unconfineduser.patch
* fix_chronyd.patch
* fix_networkmanager.patch
* fix_cron.patch
* fix_usermanage.patch
* fix_unprivuser.patch
* fix_rpm.patch
- Ensure that /usr/etc is labeled according to /etc rules
------------------------------------------------------------------
------------------ 2021-3-8 - Mar 8 2021 -------------------
------------------------------------------------------------------
++++ aaa_base:
- Update to version 84.87+git20210308.d7a7d3a:
* excluding new kernel string in version search
* Fixing possible resource leak. Found by running ccpcheck on the source code.
* Comment out 8-bit C1 conflicting with UTF-8 in /etc/inputrc
* Fix keyseq specifications in /etc/inputrc{,.keys}
++++ btrfsprogs:
- Update to 5.11
* fix device path canonicalization for device mapper devices
* receive: remove workaround for setting capabilities, all stable kernels
have been patched
* receive: fix duplicate mount path detection
* rescue: new subcommand create-control-device
* device stats: minor fix for plain text format output
* build: detect if e2fsprogs support 64bit timestamps
* build: drop libmount, required functionality has been reimplemented
* mkfs: warn when raid56 is used
* balance convert: warn when raid56 is used
* other
* new and updated tests
* documentation updates
* seeding device
* raid56 status
* CI updates
* docker images for various distros
- Update to 5.10.1
* static build works again
* other:
* add a way to test static binaries with the testsuite
* clarify scrub docs
* update dependencies, minimum version for libmount is 2.24, this may
change in the future
- Update to 5.10
* scrub status:
* print percentage of progress
* add size unit options
* fi usage: also print free space from statfs
* convert: copy full 64 bit timestamp from ext4 if availalble
* check:
* add ability to repair extent item generation
* new option to remove leftovers from inode number cache (-o inode_cache)
* check for already running exclusive operation (balance, device add/...)
when starting one
* preliminary json output support for 'device stats'
* fixes:
* subvolume set-default: id 0 correctly falls back to toplevel
* receive: align internal buffer to allow fast CRC calculation
* logical-resolve: distinguish -o subvol and bind mounts
* build: new dependency libmount
* other
* doc fixes and updates
* new tests
* ci on gitlab temporarily disabled
* debugging output enhancements
++++ glib2:
- Update to version 2.67.5:
+ Fix more issues with `glib_typeof` macro from 2.67.3–2.67.4.
+ Fix regression with some FD mappings passed to
`g_subprocess_launcher_spawnv()` caused by changes for #2097 in
GLib 2.67.4.
+ Fix detection of `str[n]casecmp()` when building with
`clang-cl`.
+ Use zlib from subproject if configured with
`wrap_mode=forcefallback`.
+ Updated translations.
++++ glibc:
- nss-database-check-reload.patch: nsswitch: return result when nss
database is locked (BZ #27343)
- nss-load-chroot.patch: nss: Re-enable NSS module loading after chroot
(bsc#1182323, BZ #27389)
- x86-isa-level.patch: x86: Set minimum x86-64 level marker (bsc#1182522,
BZ #27318)
- nss-database-lookup.patch: nss: fix nss_database_lookup2's alternate
handling (bsc#1182247, BZ #27416)
- nss-revert-api.patch: remove
- nscd-netgroupcache.patch: nscd: Fix double free in netgroupcache
(CVE-2021-27645, bsc#1182733, BZ #27462)
++++ kernel-default:
- kbuild: dummy-tools, support MPROFILE_KERNEL checks for ppc
(bsc#1181862).
- commit c4424c2
- Delete
patches.rpmify/Kconfig-make-CONFIG_CC_CAN_LINK-always-true.patch.
With dummy-tools, this is no longer needed.
- commit 84a32d6
- Update config files.
Just oldconfig.
- commit e687fe8
- ALSA: usb-audio: Fix Pioneer DJM devices URB_CONTROL request
direction to set samplerate (git-fixes).
- commit be77cd2
++++ userspace-rcu:
- update to 0.12.2:
* fix: exclude clang from GCC version blacklists
* aarch64: blacklist gcc prior to 5.1
* Fix: configure: support Autoconf 2.70
* fix: bump tests thread limit to 4096
* cleanup: Improve wording of CONFIG_RCU_DEBUG description
* fix: explicitly include urcu/config.h in files using CONFIG_RCU_ defines
* Fix typo in README.md
* fix: add -lurcu-common to pkg-config libs for each flavor
* call_rcu: Fix race between rcu_barrier() and call_rcu_data_free()
++++ patterns-base:
- Require shim and mokutil on AArch64 as well now (boo#1183181)
- Fix bug in create_32bit-patterns_file.pl leading to bogus
"Recommends: pattern()-32bit"
- Skip selinux pattern in pre_checkin.sh
- Ignore boolean deps in create_32bit-patterns_file.pl for now
- Run pre_checkin.sh, was overdue
- Drop unneeded condition in %install
++++ python-pycurl:
- Remove a failing test-case until fixed in curl:
* Upstream issue: https://github.com/curl/curl/issues/6615
++++ raspberrypi-firmware:
- Enable bluetooth over PL011 by default (jsc#SLE-17223)
- Enable VC4 by default on RPi4 (jsc#SLE-12151)
++++ raspberrypi-firmware-config:
- Enable bluetooth over PL011 by default (jsc#SLE-17223)
- Enable VC4 by default on RPi4 (jsc#SLE-12151)
++++ raspberrypi-firmware-config-camera:
- Enable bluetooth over PL011 by default (jsc#SLE-17223)
- Enable VC4 by default on RPi4 (jsc#SLE-12151)
++++ shim:
- Add shim-bsc1182776-fix-crash-at-exit.patch to fix the potential
crash at Exit() (bsc#1182776)
------------------------------------------------------------------
------------------ 2021-3-7 - Mar 7 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- blacklist.conf: add a typo fix
- commit 2ae3683
- Linux 5.11.4 (bsc#1012628).
- ALSA: hda/realtek: Apply dual codec quirks for MSI Godlike
X570 board (bsc#1012628).
- ALSA: hda/realtek: Add quirk for Intel NUC 10 (bsc#1012628).
- ALSA: hda/realtek: Add quirk for Clevo NH55RZQ (bsc#1012628).
- phy: mediatek: Add missing MODULE_DEVICE_TABLE() (bsc#1012628).
- tty: teach the n_tty ICANON case about the new "cookie
continuations" too (bsc#1012628).
- tty: teach n_tty line discipline about the new "cookie
continuations" (bsc#1012628).
- tty: clean up legacy leftovers from n_tty line discipline
(bsc#1012628).
- tty: fix up hung_up_tty_read() conversion (bsc#1012628).
- tty: fix up iterate_tty_read() EOVERFLOW handling (bsc#1012628).
- swap: fix swapfile read/write offset (bsc#1012628).
- xen: fix p2m size in dom0 for disabled memory hotplug case
(bsc#1012628).
- xen-netback: respect gnttab_map_refs()'s return value
(bsc#1012628).
- Xen/gnttab: handle p2m update errors on a per-slot basis
(bsc#1012628).
- scsi: iscsi: Verify lengths on passthrough PDUs (bsc#1012628).
- scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE
(bsc#1012628).
- scsi: iscsi: Restrict sessions and handles to admin capabilities
(bsc#1012628).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Acer One S1002
tablet (bsc#1012628).
- ASoC: Intel: bytcr_rt5651: Add quirk for the Jumper EZpad 7
tablet (bsc#1012628).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Voyo Winpad A15
tablet (bsc#1012628).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Estar Beauty HD
MID 7316R tablet (bsc#1012628).
- sched/features: Fix hrtick reprogramming (bsc#1012628).
- parisc: Bump 64-bit IRQ stack size to 64 KB (bsc#1012628).
- ASoC: Intel: sof_sdw: detect DMIC number based on mach params
(bsc#1012628).
- ASoC: Intel: sof-sdw: indent and add quirks consistently
(bsc#1012628).
- perf/x86/kvm: Add Cascade Lake Xeon steppings to
isolation_ucodes[] (bsc#1012628).
- btrfs: fix error handling in commit_fs_roots (bsc#1012628).
- ASoC: Intel: Add DMI quirk table to soc_intel_is_byt_cr()
(bsc#1012628).
- ALSA: usb-audio: Add DJM-450 to the quirks table (bsc#1012628).
- ALSA: usb-audio: Add DJM450 to Pioneer format quirk
(bsc#1012628).
- nvme-tcp: add clean action for failed reconnection
(bsc#1012628).
- nvme-rdma: add clean action for failed reconnection
(bsc#1012628).
- nvme-core: add cancel tagset helpers (bsc#1012628).
- f2fs: fix to set/clear I_LINKABLE under i_lock (bsc#1012628).
- f2fs: handle unallocated section and zone on pinned/atgc
(bsc#1012628).
- media: uvcvideo: Allow entities with no pads (bsc#1012628).
- drm/amd/amdgpu: add error handling to
amdgpu_virt_read_pf2vf_data (bsc#1012628).
- drm/amd/display: Guard against NULL pointer deref when
get_i2c_info fails (bsc#1012628).
- ALSA: usb-audio: Add support for Pioneer DJM-750 (bsc#1012628).
- ASoC: Intel: bytcr_rt5640: Add new BYT_RT5640_NO_SPEAKERS
quirk-flag (bsc#1012628).
- PCI: Add a REBAR size quirk for Sapphire RX 5600 XT Pulse
(bsc#1012628).
- drm/amdgpu: Add check to prevent IH overflow (bsc#1012628).
- fs: make unlazy_walk() error handling consistent (bsc#1012628).
- crypto: tcrypt - avoid signed overflow in byte count
(bsc#1012628).
- drm/hisilicon: Fix use-after-free (bsc#1012628).
- wilc1000: Fix use of void pointer as a wrong struct type
(bsc#1012628).
- brcmfmac: Add DMI nvram filename quirk for Voyo winpad A15
tablet (bsc#1012628).
- brcmfmac: Add DMI nvram filename quirk for Predia Basic tablet
(bsc#1012628).
- net: ipa: avoid field overflow (bsc#1012628).
- staging: bcm2835-audio: Replace unsafe strcpy() with strscpy()
(bsc#1012628).
- staging: most: sound: add sanity check for function argument
(bsc#1012628).
- Bluetooth: Fix null pointer dereference in
amp_read_loc_assoc_final_data (bsc#1012628).
- Bluetooth: Add new HCI_QUIRK_NO_SUSPEND_NOTIFIER quirk
(bsc#1012628).
- net: sfp: add mode quirk for GPON module Ubiquiti U-Fiber
Instant (bsc#1012628).
- ath10k: fix wmi mgmt tx queue full due to race condition
(bsc#1012628).
- pktgen: fix misuse of BUG_ON() in pktgen_thread_worker()
(bsc#1012628).
- mt76: mt7615: reset token when mac_reset happens (bsc#1012628).
- mt76: mt7915: reset token when mac_reset happens (bsc#1012628).
- selftests/bpf: Remove memory leak (bsc#1012628).
- Bluetooth: btusb: fix memory leak on suspend and resume
(bsc#1012628).
- Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for
btrtl (bsc#1012628).
- wlcore: Fix command execute failure 19 for wl12xx (bsc#1012628).
- vt/consolemap: do font sum unsigned (bsc#1012628).
- can: flexcan: add CAN wakeup function for i.MX8QM (bsc#1012628).
- x86/reboot: Add Zotac ZBOX CI327 nano PCI reboot quirk
(bsc#1012628).
- staging: fwserial: Fix error handling in fwserial_create
(bsc#1012628).
- EDAC/amd64: Do not load on family 0x15, model 0x13
(bsc#1012628).
- ath10k: prevent deinitializing NAPI twice (bsc#1012628).
- ASoC: qcom: Remove useless debug print (bsc#1012628).
- dt-bindings: net: btusb: DT fix
s/interrupt-name/interrupt-names/ (bsc#1012628).
- dt-bindings: ethernet-controller: fix fixed-link specification
(bsc#1012628).
- net: fix dev_ifsioc_locked() race condition (bsc#1012628).
- net: psample: Fix netlink skb length with tunnel info
(bsc#1012628).
- net: hsr: add support for EntryForgetTime (bsc#1012628).
- net: ag71xx: remove unnecessary MTU reservation (bsc#1012628).
- net: dsa: tag_rtl4_a: Support also egress tags (bsc#1012628).
- net/sched: cls_flower: Reject invalid ct_state flags rules
(bsc#1012628).
- net: bridge: use switchdev for port flags set through sysfs too
(bsc#1012628).
- mptcp: fix DATA_FIN generation on early shutdown (bsc#1012628).
- mptcp: do not wakeup listener for MPJ subflows (bsc#1012628).
- tcp: fix tcp_rmem documentation (bsc#1012628).
- RDMA/rtrs-srv: Do not signal REG_MR (bsc#1012628).
- RDMA/rtrs-clt: Use bitmask to check sess->flags (bsc#1012628).
- RDMA/rtrs: Do not signal for heatbeat (bsc#1012628).
- vfio/type1: Use follow_pte() (bsc#1012628).
- mm/hugetlb.c: fix unnecessary address expansion of pmd sharing
(bsc#1012628).
- nbd: handle device refs for DESTROY_ON_DISCONNECT properly
(bsc#1012628).
- riscv: Get rid of MAX_EARLY_MAPPING_SIZE (bsc#1012628).
- mptcp: fix spurious retransmissions (bsc#1012628).
- net: fix up truesize of cloned skb in skb_prepare_for_shift()
(bsc#1012628).
- tomoyo: ignore data race while checking quota (bsc#1012628).
- smackfs: restrict bytes count in smackfs write functions
(bsc#1012628).
- net/af_iucv: remove WARN_ONCE on malformed RX packets
(bsc#1012628).
- xfs: Fix assert failure in xfs_setattr_size() (bsc#1012628).
- media: zr364xx: fix memory leaks in probe() (bsc#1012628).
- media: v4l2-ctrls.c: fix shift-out-of-bounds in std_validate
(bsc#1012628).
- erofs: fix shift-out-of-bounds of blkszbits (bsc#1012628).
- media: mceusb: sanity check for prescaler value (bsc#1012628).
- udlfb: Fix memory leak in dlfb_usb_probe (bsc#1012628).
- sched/core: Allow try_invoke_on_locked_down_task() with irqs
disabled (bsc#1012628).
- JFS: more checks for invalid superblock (bsc#1012628).
- x86/build: Treat R_386_PLT32 relocation as R_386_PC32
(bsc#1012628).
- iwlwifi: add new cards for So and Qu family (bsc#1012628).
- net: usb: qmi_wwan: support ZTE P685M modem (bsc#1012628).
- commit 43a5c33
- Update to 5.12-rc2
- eliminated 1 patch
- patches.suse/swap-fix-swapfile-read-write-offset.patch
- update configs
- KVM_XEN=n (x86)
- SND_SOC_SOF_MERRIFIELD=m (i386)
- commit d9388fc
------------------------------------------------------------------
------------------ 2021-3-6 - Mar 6 2021 -------------------
------------------------------------------------------------------
++++ containerd:
- Update to containerd v1.4.4, to fix CVE-2021-21334.
++++ iproute2:
- Update to release 5.11
* tc: skip actions that don't have options attribute when
printing
* ip route: Print "trap" nexthop indication
* dcb: new utility
++++ kernel-default:
- drm/amd/display: Add a backlight module option (bsc#1180749).
- drm/amdgpu/display: handle aux backlight in
backlight_get_brightness (bsc#1180749).
- drm/amdgpu/display: don't assert in set backlight function
(bsc#1180749).
- drm/amdgpu/display: simplify backlight setting (bsc#1180749).
- commit 24ee23f
------------------------------------------------------------------
------------------ 2021-3-5 - Mar 5 2021 -------------------
------------------------------------------------------------------
++++ kdump:
- kdump-mounts.cc-Include-sys-ioctl.h.patch: mounts.cc: Include
<sys/ioctl.h>.
- Update to 0.9.1
* Add build dependency on libmount
* Drop build dependency on OpenSSL
* Build with --stdc=c++11
* Bug fixes (bsc#1173914, bsc#1177196, bsc#1180513)
- Remove patches that have been upstreamed:
* kdump-block-initrd-parse-etc.service.patch
* kdump-fadump-avoid-multipath-optimizations.patch
* kdump-split-cmdline-purpose-wise.patch
* kdump-fadump-fix-network-bring-up.patch
* kdump-fadump-add-udev-support.patch
* kdump-turn-off-NUMA-in-kdump-kernel.patch
* kdump-remove-noefi-and-acpi_rsdp-for-efi-firmware.patch
* kdump-Restore-only-static-routes-in-kdump-initrd.patch
* kdump-fallback-re-register-fadump-from-userspace.patch
* kdump-recover-from-missing-CRASHTIME.patch
* kdump-fix-multipath-user_friendly_names.patch
* kdump-Add-skip_balance-option-to-BTRFS-mounts.patch
* kdump-kdumprd-Look-for-boot-image-and-boot-Image.patch
* kdump-savedump-search-also-for-vmlinux.xz.patch
* kdump-preserve-white-space.patch
* kdump-Clean-up-the-use-of-current-vs-boot-network-iface.patch
* kdump-Use-a-custom-namespace-for-physical-NICs.patch
* kdump-clean-up-kdump-mount-points.patch
* kdump-skip-mounts-if-no-proc-vmcore.patch
* kdump-nss-modules.patch
* kdump-Add-force-option-to-KDUMP_NETCONFIG.patch
* kdump-Add-fence_kdump_send-when-fence-agents-installed.patch
* kdump-FENCE_KDUMP_SEND-variable.patch
* kdump-Document-fence_kdump_send.patch
* kdump-powerpc-no-reload-on-CPU-removal.patch
* kdump-prefer-by-path-and-device-mapper.patch
* kdump-calibrate-Update-values.patch
* kdump-activate-udev-rules-late-during-boot.patch
* kdump-make-sure-that-the-udev-runtime-directory-exists.patch
* kdump-make-sure-that-initrd.target.wants-directory-exists.patch
* kdump-check-explicit-ip-options.patch
* kdump-query-systemd-network.service.patch
- kdump-query-systemd-network.service.patch: Query systemd
network.service to find out if wicked is used (bsc#1182309).
- kdump-check-explicit-ip-options.patch: Do not add
network-related dracut options if ip= is set explicitly
(bsc#1182309).
++++ kernel-default:
- ARMv6/v7: Update config files. (bsc#1183009)
enable CONFIG_ARM_MODULE_PLTS to fix module loading issues
- commit 501199e
- rpm/check-for-config-changes: declare sed args as an array
So that we can reuse it in both seds.
This also introduces IGNORED_CONFIGS_RE array which can be easily
extended.
- commit a1976d2
++++ patterns-base:
- Recommend issue-generator on Leap as well
++++ psmisc:
- Change patch 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch
* Fix bsc#1178407: fuser does not show open kvm storage image files
such as qcow2 files. Patch from Ali Abdallah <ali.abdallah@suse.com>
++++ qemu:
- Fix GCC11 compiler issue in brotli (edk2) code (boo#1181922)
brotli-fix-actual-variable-array-paramet.patch
- Tweak a few submodule descriptions and summaries
- Fix a backward compatibility issue in ACPI data
i386-acpi-restore-device-paths-for-pre-5.patch
++++ rpm-config-SUSE:
- Update to version 0.g76:
* Prepare usrmerge (boo#1029961)
* scripts/find-provides.ksyms: Handle XZ compressed kernel (boo#1179251).
* find-requires.ksyms: use "if kernel" conditional for modules-load.d
* find-requires.ksyms: actually generate modules-load.d dependencies
* find-requires.ksyms: Silence the awk warning
* find-provides.ksyms: Fix kernel version test
* find-provides.ksyms: Fix ksym-provides test
++++ systemd-rpm-macros:
- Bump to version 11
- Don't pass -f to rm in %service_add_post nor %systemd_user_post
- Add a %systemd_user_pre macro that creates a
/run/systemd/rpm/needs-user-preset/$service file for each new
service being installed so %systemd_user_post can call
`systemctl --global preset $service` properly for newly
installed user services (boo#1183051, boo#1183012).
++++ toolbox:
- Update to version 2.1+git20210305.ca2bc53:
* Avoid copying the user setup script with 'podman cp'
------------------------------------------------------------------
------------------ 2021-3-4 - Mar 4 2021 -------------------
------------------------------------------------------------------
++++ branding-openSUSE:
- move SUSE-brand to /usr/etc
++++ curl:
- Harden build, enable full RELRO
- Never allow undefined symbols anywhere.
++++ glib2:
- Add glib2-CVE-2021-27218.patch: g_byte_array_new_take takes a
gsize as length but stores in a guint, this patch will refuse if
the length is larger than guint. (bsc#1182328,
glgo#GNOME/glib!1944)
++++ gzip:
- gzip.spec: move %patch10 from the ifarch condition (mistake)
++++ kernel-default:
- blacklist.conf: add a /proc revert
- commit 87aa54e
- Linux 5.11.3 (bsc#1012628).
- vmlinux.lds.h: add DWARF v5 sections (bsc#1012628).
- vdpa/mlx5: fix param validation in mlx5_vdpa_get_config()
(bsc#1012628).
- debugfs: be more robust at handling improper input in
debugfs_lookup() (bsc#1012628).
- debugfs: do not attempt to create a new file before the
filesystem is initalized (bsc#1012628).
- driver core: auxiliary bus: Fix calling stage for auxiliary
bus init (bsc#1012628).
- scsi: libsas: docs: Remove notify_ha_event() (bsc#1012628).
- scsi: qla2xxx: Fix mailbox Ch erroneous error (bsc#1012628).
- kdb: Make memory allocations more robust (bsc#1012628).
- w1: w1_therm: Fix conversion result for negative temperatures
(bsc#1012628).
- PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064
(bsc#1012628).
- PCI: Decline to resize resources if boot config must be
preserved (bsc#1012628).
- virt: vbox: Do not use wait_event_interruptible when called
from kernel context (bsc#1012628).
- bfq: Avoid false bfq queue merging (bsc#1012628).
- ALSA: usb-audio: Fix PCM buffer allocation in non-vmalloc mode
(bsc#1012628).
- zsmalloc: account the number of compacted pages correctly
(bsc#1012628).
- MIPS: vmlinux.lds.S: add missing PAGE_ALIGNED_DATA() section
(bsc#1012628).
- vmlinux.lds.h: Define SANTIZER_DISCARDS with
CONFIG_GCOV_KERNEL=y (bsc#1012628).
- random: fix the RNDRESEEDCRNG ioctl (bsc#1012628).
- ALSA: pcm: Call sync_stop at disconnection (bsc#1012628).
- ALSA: pcm: Assure sync with the pending stop operation at
suspend (bsc#1012628).
- ALSA: pcm: Don't call sync_stop if it hasn't been stopped
(bsc#1012628).
- drm/i915/gt: One more flush for Baytrail clear residuals
(bsc#1012628).
- ath10k: Fix error handling in case of CE pipe init failure
(bsc#1012628).
- Bluetooth: btqcomsmd: Fix a resource leak in error handling
paths in the probe function (bsc#1012628).
- Bluetooth: hci_uart: Fix a race for write_work scheduling
(bsc#1012628).
- Bluetooth: Fix initializing response id after clearing struct
(bsc#1012628).
- arm64: dts: renesas: beacon kit: Fix choppy Bluetooth Audio
(bsc#1012628).
- arm64: dts: renesas: beacon: Fix audio-1.8V pin enable
(bsc#1012628).
- ARM: dts: exynos: correct PMIC interrupt trigger level on
Artik 5 (bsc#1012628).
- ARM: dts: exynos: correct PMIC interrupt trigger level on Monk
(bsc#1012628).
- ARM: dts: exynos: correct PMIC interrupt trigger level on Rinato
(bsc#1012628).
- ARM: dts: exynos: correct PMIC interrupt trigger level on Spring
(bsc#1012628).
- ARM: dts: exynos: correct PMIC interrupt trigger level on
Arndale Octa (bsc#1012628).
- ARM: dts: exynos: correct PMIC interrupt trigger level on
Odroid XU3 family (bsc#1012628).
- arm64: dts: exynos: correct PMIC interrupt trigger level on TM2
(bsc#1012628).
- arm64: dts: exynos: correct PMIC interrupt trigger level on
Espresso (bsc#1012628).
- memory: mtk-smi: Fix PM usage counter unbalance in mtk_smi ops
(bsc#1012628).
- Bluetooth: hci_qca: Fix memleak in qca_controller_memdump
(bsc#1012628).
- staging: vchiq: Fix bulk userdata handling (bsc#1012628).
- staging: vchiq: Fix bulk transfers on 64-bit builds
(bsc#1012628).
- arm64: dts: qcom: msm8916-samsung-a5u: Fix iris compatible
(bsc#1012628).
- net: stmmac: dwmac-meson8b: fix enabling the timing-adjustment
clock (bsc#1012628).
- bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h
(bsc#1012628).
- bpf: Avoid warning when re-casting __bpf_call_base into
__bpf_call_base_args (bsc#1012628).
- firmware: arm_scmi: Fix call site of scmi_notification_exit
(bsc#1012628).
- arm64: dts: allwinner: A64: properly connect USB PHY to port 0
(bsc#1012628).
- arm64: dts: allwinner: H6: properly connect USB PHY to port 0
(bsc#1012628).
- arm64: dts: allwinner: Drop non-removable from SoPine/LTS SD
card (bsc#1012628).
- arm64: dts: allwinner: H6: Allow up to 150 MHz MMC bus frequency
(bsc#1012628).
- arm64: dts: allwinner: A64: Limit MMC2 bus frequency to 150 MHz
(bsc#1012628).
- arm64: dts: qcom: msm8916-samsung-a2015: Fix sensors
(bsc#1012628).
- cpufreq: brcmstb-avs-cpufreq: Free resources in error path
(bsc#1012628).
- cpufreq: brcmstb-avs-cpufreq: Fix resource leaks in ->remove()
(bsc#1012628).
- arm64: dts: rockchip: rk3328: Add clock_in_out property to
gmac2phy node (bsc#1012628).
- ACPICA: Fix exception code class checks (bsc#1012628).
- usb: gadget: u_audio: Free requests only after callback
(bsc#1012628).
- arm64: dts: qcom: sdm845-db845c: Fix reset-pin of ov8856 node
(bsc#1012628).
- soc: qcom: socinfo: Fix an off by one in qcom_show_pmic_model()
(bsc#1012628).
- soc: ti: pm33xx: Fix some resource leak in the error handling
paths of the probe function (bsc#1012628).
- staging: media: atomisp: Fix size_t format specifier in
hmm_alloc() debug statemenet (bsc#1012628).
- Bluetooth: drop HCI device reference before return
(bsc#1012628).
- Bluetooth: Put HCI device if inquiry procedure interrupts
(bsc#1012628).
- memory: ti-aemif: Drop child node when jumping out loop
(bsc#1012628).
- ARM: dts: Configure missing thermal interrupt for 4430
(bsc#1012628).
- usb: dwc2: Do not update data length if it is 0 on inbound
transfers (bsc#1012628).
- usb: dwc2: Abort transaction after errors with unknown reason
(bsc#1012628).
- usb: dwc2: Make "trimming xfer length" a debug message
(bsc#1012628).
- staging: rtl8723bs: wifi_regd.c: Fix incorrect number of
regulatory rules (bsc#1012628).
- x86/MSR: Filter MSR writes through X86_IOC_WRMSR_REGS ioctl too
(bsc#1012628).
- arm64: dts: renesas: beacon: Fix EEPROM compatible value
(bsc#1012628).
- can: mcp251xfd: mcp251xfd_probe(): fix errata reference
(bsc#1012628).
- ARM: dts: armada388-helios4: assign pinctrl to LEDs
(bsc#1012628).
- ARM: dts: armada388-helios4: assign pinctrl to each fan
(bsc#1012628).
- arm64: dts: armada-3720-turris-mox: rename u-boot mtd partition
to a53-firmware (bsc#1012628).
- opp: Correct debug message in _opp_add_static_v2()
(bsc#1012628).
- Bluetooth: btusb: Fix memory leak in btusb_mtk_wmt_recv
(bsc#1012628).
- soc: qcom: ocmem: don't return NULL in of_get_ocmem
(bsc#1012628).
- arm64: dts: msm8916: Fix reserved and rfsa nodes unit address
(bsc#1012628).
- arm64: dts: meson: fix broken wifi node for Khadas VIM3L
(bsc#1012628).
- iwlwifi: mvm: set enabled in the PPAG command properly
(bsc#1012628).
- ARM: s3c: fix fiq for clang IAS (bsc#1012628).
- optee: simplify i2c access (bsc#1012628).
- staging: wfx: fix possible panic with re-queued frames
(bsc#1012628).
- ARM: at91: use proper asm syntax in pm_suspend (bsc#1012628).
- ath10k: Fix suspicious RCU usage warning in
ath10k_wmi_tlv_parse_peer_stats_info() (bsc#1012628).
- ath10k: Fix lockdep assertion warning in ath10k_sta_statistics
(bsc#1012628).
- ath11k: fix a locking bug in ath11k_mac_op_start()
(bsc#1012628).
- soc: aspeed: snoop: Add clock control logic (bsc#1012628).
- iwlwifi: mvm: fix the type we use in the PPAG table validity
checks (bsc#1012628).
- iwlwifi: mvm: store PPAG enabled/disabled flag properly
(bsc#1012628).
- iwlwifi: mvm: send stored PPAG command instead of local
(bsc#1012628).
- iwlwifi: mvm: assign SAR table revision to the command later
(bsc#1012628).
- iwlwifi: mvm: don't check if CSA event is running before
removing (bsc#1012628).
- bpf_lru_list: Read double-checked variable once without lock
(bsc#1012628).
- iwlwifi: pnvm: set the PNVM again if it was already loaded
(bsc#1012628).
- iwlwifi: pnvm: increment the pointer before checking the TLV
(bsc#1012628).
- ath9k: fix data bus crash when setting nf_override via debugfs
(bsc#1012628).
- selftests/bpf: Convert test_xdp_redirect.sh to bash
(bsc#1012628).
- ibmvnic: Set to CLOSED state even on error (bsc#1012628).
- bnxt_en: reverse order of TX disable and carrier off
(bsc#1012628).
- bnxt_en: Fix devlink info's stored fw.psid version format
(bsc#1012628).
- xen/netback: fix spurious event detection for common event case
(bsc#1012628).
- dpaa2-eth: fix memory leak in XDP_REDIRECT (bsc#1012628).
- net: phy: consider that suspend2ram may cut off PHY power
(bsc#1012628).
- net/mlx5e: Enable XDP for Connect-X IPsec capable devices
(bsc#1012628).
- net/mlx5e: Don't change interrupt moderation params when DIM
is enabled (bsc#1012628).
- net/mlx5e: Change interrupt moderation channel params also
when channels are closed (bsc#1012628).
- net/mlx5: Fix health error state handling (bsc#1012628).
- net/mlx5e: Replace synchronize_rcu with synchronize_net
(bsc#1012628).
- net/mlx5e: kTLS, Use refcounts to free kTLS RX priv context
(bsc#1012628).
- net/mlx5: Disable devlink reload for multi port slave device
(bsc#1012628).
- net/mlx5: Disallow RoCE on multi port slave device
(bsc#1012628).
- net/mlx5: Disallow RoCE on lag device (bsc#1012628).
- net/mlx5: Disable devlink reload for lag devices (bsc#1012628).
- net/mlx5e: CT: manage the lifetime of the ct entry object
(bsc#1012628).
- net/mlx5e: Check tunnel offload is required before setting SWP
(bsc#1012628).
- mac80211: fix potential overflow when multiplying to u32
integers (bsc#1012628).
- libbpf: Ignore non function pointer member in struct_ops
(bsc#1012628).
- bpf: Fix an unitialized value in bpf_iter (bsc#1012628).
- bpf, devmap: Use GFP_KERNEL for xdp bulk queue allocation
(bsc#1012628).
- bpf: Fix bpf_fib_lookup helper MTU check for SKB ctx
(bsc#1012628).
- selftests: mptcp: fix ACKRX debug message (bsc#1012628).
- tcp: fix SO_RCVLOWAT related hangs under mem pressure
(bsc#1012628).
- net: axienet: Handle deferred probe on clock properly
(bsc#1012628).
- cxgb4/chtls/cxgbit: Keeping the max ofld immediate data size
same in cxgb4 and ulds (bsc#1012628).
- b43: N-PHY: Fix the update of coef for the PHY revision >=
3case (bsc#1012628).
- bpf: Clear subreg_def for global function return values
(bsc#1012628).
- ibmvnic: add memory barrier to protect long term buffer
(bsc#1012628).
- ibmvnic: skip send_request_unmap for timeout reset
(bsc#1012628).
- ibmvnic: serialize access to work queue on remove (bsc#1012628).
- net: dsa: felix: perform teardown in reverse order of setup
(bsc#1012628).
- net: dsa: felix: don't deinitialize unused ports (bsc#1012628).
- net: phy: mscc: adding LCPLL reset to VSC8514 (bsc#1012628).
- net: amd-xgbe: Reset the PHY rx data path when mailbox command
timeout (bsc#1012628).
- net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout
warning (bsc#1012628).
- net: amd-xgbe: Reset link when the link never comes back
(bsc#1012628).
- net: amd-xgbe: Fix network fluctuations when using 1G BELFUSE
SFP (bsc#1012628).
- net: mvneta: Remove per-cpu queue mapping for Armada 3700
(bsc#1012628).
- net: enetc: fix destroyed phylink dereference during unbind
(bsc#1012628).
- Bluetooth: Remove hci_req_le_suspend_config (bsc#1012628).
- arm64: dts: broadcom: bcm4908: use proper NAND binding
(bsc#1012628).
- Bluetooth: hci_qca: Wait for SSR completion during suspend
(bsc#1012628).
- serial: stm32: fix DMA initialization error handling
(bsc#1012628).
- bpf: Declare __bpf_free_used_maps() unconditionally
(bsc#1012628).
- selftests/bpf: Sync RCU before unloading bpf_testmod
(bsc#1012628).
- arm64: dts: qcom: sm8250: correct sdhc_2 xo clk (bsc#1012628).
- arm64: dts: qcom: qrb5165-rb5: fix uSD pins drive strength
(bsc#1012628).
- tty: convert tty_ldisc_ops 'read()' function to take a kernel
pointer (bsc#1012628).
- tty: implement read_iter (bsc#1012628).
- x86/sgx: Fix the return type of sgx_init() (bsc#1012628).
- selftests/bpf: Don't exit on failed bpf_testmod unload
(bsc#1012628).
- arm64: dts: mt8183: rename rdma fifo size (bsc#1012628).
- arm64: dts: mt8183: refine gamma compatible name (bsc#1012628).
- arm64: dts: mt8183: Add missing power-domain for pwm0 node
(bsc#1012628).
- net: sfp: add workaround for Realtek RTL8672 and RTL9601C chips
(bsc#1012628).
- ARM: tegra: ouya: Fix eMMC on specific bootloaders
(bsc#1012628).
- arm64: dts: mt8183: Fix GCE include path (bsc#1012628).
- Bluetooth: hci_qca: check for SSR triggered flag while suspend
(bsc#1012628).
- Bluetooth: hci_qca: Fixed issue during suspend (bsc#1012628).
- soc: aspeed: socinfo: Add new systems (bsc#1012628).
- net/mlx5e: E-switch, Fix rate calculation for overflow
(bsc#1012628).
- net/mlx5e: Enable striding RQ for Connect-X IPsec capable
devices (bsc#1012628).
- net/mlx5e: Fix CQ params of ICOSQ and async ICOSQ (bsc#1012628).
- ibmvnic: change IBMVNIC_MAX_IND_DESCS to 16 (bsc#1012628).
- net: ipa: initialize all resources (bsc#1012628).
- net: phy: mscc: improved serdes calibration applied to VSC8514
(bsc#1012628).
- net: phy: mscc: coma mode disabled for VSC8514 (bsc#1012628).
- fbdev: aty: SPARC64 requires FB_ATY_CT (bsc#1012628).
- drm/gma500: Fix error return code in psb_driver_load()
(bsc#1012628).
- drm: document that user-space should force-probe connectors
(bsc#1012628).
- gma500: clean up error handling in init (bsc#1012628).
- drm/fb-helper: Add missed unlocks in setcmap_legacy()
(bsc#1012628).
- drm/panel: s6e63m0: Fix init sequence again (bsc#1012628).
- drm/panel: mantix: Tweak init sequence (bsc#1012628).
- drm/vc4: hdmi: Take into account the clock doubling flag in
atomic_check (bsc#1012628).
- drm/panel: s6e63m0: Support max-brightness (bsc#1012628).
- crypto: sun4i-ss - linearize buffers content must be kept
(bsc#1012628).
- crypto: sun4i-ss - fix kmap usage (bsc#1012628).
- crypto: arm64/aes-ce - really hide slower algos when faster
ones are enabled (bsc#1012628).
- hwrng: ingenic - Fix a resource leak in an error handling path
(bsc#1012628).
- media: allegro: Fix use after free on error (bsc#1012628).
- ASoC: fsl_aud2htx: select SND_SOC_IMX_PCM_DMA (bsc#1012628).
- kcsan: Rewrite kcsan_prandom_u32_max() without
prandom_u32_state() (bsc#1012628).
- drm: rcar-du: Fix PM reference leak in rcar_cmm_enable()
(bsc#1012628).
- drm: rcar-du: Fix crash when using LVDS1 clock for CRTC
(bsc#1012628).
- drm: rcar-du: Fix the return check of of_parse_phandle and
of_find_device_by_node (bsc#1012628).
- drm/amdgpu: Fix macro name _AMDGPU_TRACE_H_ in preprocessor
if condition (bsc#1012628).
- MIPS: c-r4k: Fix section mismatch for loongson2_sc_init
(bsc#1012628).
- MIPS: lantiq: Explicitly compare LTQ_EBU_PCC_ISTAT against 0
(bsc#1012628).
- drm/virtio: make sure context is created in gem open
(bsc#1012628).
- drm/fourcc: fix Amlogic format modifier masks (bsc#1012628).
- media: ipu3-cio2: Build only for x86 (bsc#1012628).
- media: i2c: ov5670: Fix PIXEL_RATE minimum value (bsc#1012628).
- media: imx: Unregister csc/scaler only if registered
(bsc#1012628).
- media: imx: Fix csc/scaler unregister (bsc#1012628).
- media: mtk-vcodec: fix error return code in vdec_vp9_decode()
(bsc#1012628).
- media: camss: Fix signedness bug in video_enum_fmt()
(bsc#1012628).
- media: camss: missing error code in msm_video_register()
(bsc#1012628).
- media: vsp1: Fix an error handling path in the probe function
(bsc#1012628).
- media: em28xx: Fix use-after-free in em28xx_alloc_urbs
(bsc#1012628).
- media: media/pci: Fix memleak in empress_init (bsc#1012628).
- media: tm6000: Fix memleak in tm6000_start_stream (bsc#1012628).
- media: aspeed: fix error return code in
aspeed_video_setup_video() (bsc#1012628).
- ASoC: cs42l56: fix up error handling in probe (bsc#1012628).
- ASoC: qcom: qdsp6: Move frontend AIFs to q6asm-dai
(bsc#1012628).
- evm: Fix memleak in init_desc (bsc#1012628).
- crypto: qat - replace CRYPTO_AES with CRYPTO_LIB_AES in Kconfig
(bsc#1012628).
- crypto: bcm - Rename struct device_private to bcm_device_private
(bsc#1012628).
- sched/fair: Avoid stale CPU util_est value for schedutil in
task dequeue (bsc#1012628).
- drm/sun4i: tcon: fix inverted DCLK polarity (bsc#1012628).
- media: imx7: csi: Fix regression for parallel cameras on i.MX6UL
(bsc#1012628).
- media: imx7: csi: Fix pad link validation (bsc#1012628).
- media: ti-vpe: cal: fix write to unallocated memory
(bsc#1012628).
- MIPS: properly stop .eh_frame generation (bsc#1012628).
- MIPS: Compare __SYNC_loongson3_war against 0 (bsc#1012628).
- drm/tegra: Fix reference leak when pm_runtime_get_sync() fails
(bsc#1012628).
- drm/amdgpu: toggle on DF Cstate after finishing xgmi injection
(bsc#1012628).
- bsg: free the request before return error code (bsc#1012628).
- macintosh/adb-iop: Use big-endian autopoll mask (bsc#1012628).
- drm/amd/display: Fix 10/12 bpc setup in DCE output bit depth
reduction (bsc#1012628).
- drm/amd/display: Fix HDMI deep color output for DCE 6-11
(bsc#1012628).
- media: software_node: Fix refcounts in
software_node_get_next_child() (bsc#1012628).
- media: lmedm04: Fix misuse of comma (bsc#1012628).
- media: vidtv: psi: fix missing crc for PMT (bsc#1012628).
- media: atomisp: Fix a buffer overflow in debug code
(bsc#1012628).
- media: qm1d1c0042: fix error return code in qm1d1c0042_init()
(bsc#1012628).
- media: cx25821: Fix a bug when reallocating some dma memory
(bsc#1012628).
- media: mtk-vcodec: fix argument used when DEBUG is defined
(bsc#1012628).
- mtd: phram: use div_u64_rem to stop overwrite len in phram_setup
(bsc#1012628).
- media: pxa_camera: declare variable when DEBUG is defined
(bsc#1012628).
- media: i2c/Kconfig: Select FWNODE for OV772x sensor
(bsc#1012628).
- ASoC: max98373: Fixes a typo in max98373_feedback_get
(bsc#1012628).
- sched/eas: Don't update misfit status if the task is pinned
(bsc#1012628).
- f2fs: fix null page reference in redirty_blocks (bsc#1012628).
- f2fs: compress: fix potential deadlock (bsc#1012628).
- ASoC: qcom: lpass-cpu: Remove bit clock state check
(bsc#1012628).
- ASoC: SOF: Intel: hda: cancel D0i3 work during runtime suspend
(bsc#1012628).
- perf/arm-cmn: Fix PMU instance naming (bsc#1012628).
- perf/arm-cmn: Move IRQs when migrating context (bsc#1012628).
- mtd: parser: imagetag: fix error codes in
bcm963xx_parse_imagetag_partitions() (bsc#1012628).
- crypto: talitos - Work around SEC6 ERRATA (AES-CTR mode data
size error) (bsc#1012628).
- crypto: talitos - Fix ctr(aes) on SEC1 (bsc#1012628).
- irqchip/ls-extirq: add IRQCHIP_SKIP_SET_WAKE to the irqchip
flags (bsc#1012628).
- mm: proc: Invalidate TLB after clearing soft-dirty page state
(bsc#1012628).
- ata: ahci_brcm: Add back regulators management (bsc#1012628).
- ASoC: cpcap: fix microphone timeslot mask (bsc#1012628).
- ASoC: codecs: add missing max_register in regmap config
(bsc#1012628).
- mtd: parsers: afs: Fix freeing the part name memory in failure
(bsc#1012628).
- mtd: rawnand: intel: Fix an error handling path in
'ebu_dma_start()' (bsc#1012628).
- f2fs: fix to avoid inconsistent quota data (bsc#1012628).
- drm/amdgpu: Prevent shift wrapping in amdgpu_read_mask()
(bsc#1012628).
- f2fs: fix a wrong condition in __submit_bio (bsc#1012628).
- ASoC: qcom: Fix typo error in HDMI regmap config callbacks
(bsc#1012628).
- KVM: nSVM: Don't strip host's C-bit from guest's CR3 when
reading PDPTRs (bsc#1012628).
- drm/mediatek: Check if fb is null (bsc#1012628).
- Drivers: hv: vmbus: Avoid use-after-free in
vmbus_onoffer_rescind() (bsc#1012628).
- ASoC: Intel: sof_sdw: add missing TGL_HDMI quirk for Dell SKU
0A5E (bsc#1012628).
- ASoC: Intel: sof_sdw: add missing TGL_HDMI quirk for Dell SKU
0A32 (bsc#1012628).
- ASoC: Intel: sof_sdw: add missing TGL_HDMI quirk for Dell SKU
0A3E (bsc#1012628).
- locking/lockdep: Avoid unmatched unlock (bsc#1012628).
- ASoC: qcom: lpass: Fix i2s ctl register bit map (bsc#1012628).
- ASoC: rt5682: Fix panic in rt5682_jack_detect_handler happening
during system shutdown (bsc#1012628).
- ASoC: SOF: debug: Fix a potential issue on string buffer
termination (bsc#1012628).
- btrfs: clarify error returns values in __load_free_space_cache
(bsc#1012628).
- btrfs: fix double accounting of ordered extent for subpage
case in btrfs_invalidapge (bsc#1012628).
- MIPS: relocatable: Provide kaslr_offset() to get the kernel
offset (bsc#1012628).
- KVM: x86: Restore all 64 bits of DR6 and DR7 during RSM on
x86-64 (bsc#1012628).
- s390/zcrypt: return EIO when msg retry limit reached
(bsc#1012628).
- drm/vc4: hdmi: Move hdmi reset to bind (bsc#1012628).
- drm/vc4: hdmi: Fix register offset with longer CEC messages
(bsc#1012628).
- drm/vc4: hdmi: Fix up CEC registers (bsc#1012628).
- drm/vc4: hdmi: Restore cec physical address on reconnect
(bsc#1012628).
- drm/vc4: hdmi: Compute the CEC clock divider from the clock rate
(bsc#1012628).
- drm/vc4: hdmi: Update the CEC clock divider on HSM rate change
(bsc#1012628).
- drm/lima: fix reference leak in lima_pm_busy (bsc#1012628).
- drm/virtio: fix an error code in virtio_gpu_init()
(bsc#1012628).
- drm/dp_mst: Don't cache EDIDs for physical ports (bsc#1012628).
- hwrng: timeriomem - Fix cooldown period calculation
(bsc#1012628).
- crypto: ecdh_helper - Ensure 'len >= secret.len' in decode_key()
(bsc#1012628).
- io_uring: fix possible deadlock in io_uring_poll (bsc#1012628).
- nvmet-tcp: fix receive data digest calculation for multiple
h2cdata PDUs (bsc#1012628).
- nvmet-tcp: fix potential race of tcp socket closing accept_work
(bsc#1012628).
- nvme-multipath: set nr_zones for zoned namespaces (bsc#1012628).
- nvmet: remove extra variable in identify ns (bsc#1012628).
- nvmet: set status to 0 in case for invalid nsid (bsc#1012628).
- ASoC: SOF: sof-pci-dev: add missing Up-Extreme quirk
(bsc#1012628).
- ima: Free IMA measurement buffer on error (bsc#1012628).
- ima: Free IMA measurement buffer after kexec syscall
(bsc#1012628).
- ASoC: simple-card-utils: Fix device module clock (bsc#1012628).
- fs/jfs: fix potential integer overflow on shift of a int
(bsc#1012628).
- jffs2: fix use after free in jffs2_sum_write_data()
(bsc#1012628).
- ubifs: Fix memleak in ubifs_init_authentication (bsc#1012628).
- ubifs: replay: Fix high stack usage, again (bsc#1012628).
- ubifs: Fix error return code in alloc_wbufs() (bsc#1012628).
- irqchip/imx: IMX_INTMUX should not default to y, unconditionally
(bsc#1012628).
- smp: Process pending softirqs in
flush_smp_call_function_from_idle() (bsc#1012628).
- drm/amdgpu/display: remove hdcp_srm sysfs on device removal
(bsc#1012628).
- Input: da7280 - fix missing error test (bsc#1012628).
- Input: da7280 - protect OF match table with CONFIG_OF
(bsc#1012628).
- Input: imx_keypad - add dependency on HAS_IOMEM (bsc#1012628).
- capabilities: Don't allow writing ambiguous v3 file capabilities
(bsc#1012628).
- HSI: Fix PM usage counter unbalance in ssi_hw_init
(bsc#1012628).
- power: supply: cpcap: Add missing IRQF_ONESHOT to fix regression
(bsc#1012628).
- clk: meson: clk-pll: fix initializing the old rate (fallback)
for a PLL (bsc#1012628).
- clk: meson: clk-pll: make "ret" a signed integer (bsc#1012628).
- clk: meson: clk-pll: propagate the error from
meson_clk_pll_set_rate() (bsc#1012628).
- selftests/powerpc: Make the test check in eeh-basic.sh posix
compliant (bsc#1012628).
- regulator: qcom-rpmh-regulator: add pm8009-1 chip revision
(bsc#1012628).
- arm64: dts: qcom: qrb5165-rb5: fix pm8009 regulators
(bsc#1012628).
- quota: Fix memory leak when handling corrupted quota file
(bsc#1012628).
- i2c: iproc: handle only slave interrupts which are enabled
(bsc#1012628).
- i2c: iproc: update slave isr mask (ISR_MASK_SLAVE)
(bsc#1012628).
- i2c: iproc: handle master read request (bsc#1012628).
- spi: cadence-quadspi: Abort read if dummy cycles required are
too many (bsc#1012628).
- clk: sunxi-ng: h6: Fix CEC clock (bsc#1012628).
- clk: renesas: r8a779a0: Remove non-existent S2 clock
(bsc#1012628).
- clk: renesas: r8a779a0: Fix parent of CBFUSA clock
(bsc#1012628).
- HID: core: detect and skip invalid inputs to snto32()
(bsc#1012628).
- RDMA/siw: Fix handling of zero-sized Read and Receive Queues
(bsc#1012628).
- dmaengine: fsldma: Fix a resource leak in the remove function
(bsc#1012628).
- dmaengine: fsldma: Fix a resource leak in an error handling
path of the probe function (bsc#1012628).
- dmaengine: owl-dma: Fix a resource leak in the remove function
(bsc#1012628).
- rtc: rx6110: fix build against modular I2C (bsc#1012628).
- dmaengine: qcom: Always inline gpi_update_reg (bsc#1012628).
- dmaengine: ti: k3-udma: Set rflow count for BCDMA split channels
(bsc#1012628).
- dmaengine: hsu: disable spurious interrupt (bsc#1012628).
- mfd: bd9571mwv: Use devm_mfd_add_devices() (bsc#1012628).
- power: supply: cpcap-charger: Fix missing power_supply_put()
(bsc#1012628).
- power: supply: cpcap-battery: Fix missing power_supply_put()
(bsc#1012628).
- scsi: ufs: Fix a possible NULL pointer issue (bsc#1012628).
- power: supply: cpcap-charger: Fix power_supply_put on null
battery pointer (bsc#1012628).
- fdt: Properly handle "no-map" field in the memory region
(bsc#1012628).
- of/fdt: Make sure no-map does not remove already reserved
regions (bsc#1012628).
- RDMA/rtrs: Extend ibtrs_cq_qp_create (bsc#1012628).
- RDMA/rtrs-srv: Release lock before call into close_sess
(bsc#1012628).
- RDMA/rtrs-srv: Use sysfs_remove_file_self for disconnect
(bsc#1012628).
- RDMA/rtrs-clt: Set mininum limit when create QP (bsc#1012628).
- RDMA/rtrs-srv: Jump to dereg_mr label if allocate iu fails
(bsc#1012628).
- RDMA/rtrs: Call kobject_put in the failure path (bsc#1012628).
- RDMA/rtrs-srv: Fix missing wr_cqe (bsc#1012628).
- RDMA/rtrs-clt: Refactor the failure cases in alloc_clt
(bsc#1012628).
- RDMA/rtrs-srv: Init wr_cnt as 1 (bsc#1012628).
- RDMA/rtrs: Fix KASAN: stack-out-of-bounds bug (bsc#1012628).
- power: reset: at91-sama5d2_shdwc: fix wkupdbc mask
(bsc#1012628).
- rtc: s5m: select REGMAP_I2C (bsc#1012628).
- dmaengine: idxd: set DMA channel to be private (bsc#1012628).
- power: supply: fix sbs-charger build, needs REGMAP_I2C
(bsc#1012628).
- clocksource/drivers/ixp4xx: Select TIMER_OF when needed
(bsc#1012628).
- clocksource/drivers/mxs_timer: Add missing semicolon when
DEBUG is defined (bsc#1012628).
- module: harden ELF info handling (bsc#1012628).
- spi: imx: Don't print error on -EPROBEDEFER (bsc#1012628).
- RDMA/mlx5: Use the correct obj_id upon DEVX TIR creation
(bsc#1012628).
- IB/mlx5: Add mutex destroy call to cap_mask_mutex mutex
(bsc#1012628).
- clk: sunxi-ng: h6: Fix clock divider range on some clocks
(bsc#1012628).
- platform/chrome: cros_ec_proto: Use EC_HOST_EVENT_MASK not BIT
(bsc#1012628).
- platform/chrome: cros_ec_proto: Add LID and BATTERY to default
mask (bsc#1012628).
- regulator: axp20x: Fix reference cout leak (bsc#1012628).
- watch_queue: Drop references to /dev/watch_queue (bsc#1012628).
- certs: Fix blacklist flag type confusion (bsc#1012628).
- regulator: s5m8767: Fix reference count leak (bsc#1012628).
- spi: atmel: Put allocated master before return (bsc#1012628).
- regulator: s5m8767: Drop regulators OF node reference
(bsc#1012628).
- scsi: libsas: Remove notifier indirection (bsc#1012628).
- scsi: libsas: Introduce a _gfp() variant of event notifiers
(bsc#1012628).
- scsi: mvsas: Pass gfp_t flags to libsas event notifiers
(bsc#1012628).
- scsi: isci: Pass gfp_t flags in isci_port_link_down()
(bsc#1012628).
- scsi: isci: Pass gfp_t flags in isci_port_link_up()
(bsc#1012628).
- scsi: isci: Pass gfp_t flags in isci_port_bc_change_received()
(bsc#1012628).
- power: supply: axp20x_usb_power: Init work before enabling IRQs
(bsc#1012628).
- power: supply: smb347-charger: Fix interrupt usage if interrupt
is unavailable (bsc#1012628).
- regulator: core: Avoid debugfs: Directory ... already
present! error (bsc#1012628).
- isofs: release buffer head before return (bsc#1012628).
- watchdog: intel-mid_wdt: Postpone IRQ handler registration
till SCU is ready (bsc#1012628).
- auxdisplay: ht16k33: Fix refresh rate handling (bsc#1012628).
- auxdisplay: Fix duplicate CHARLCD config symbol (bsc#1012628).
- objtool: Fix error handling for STD/CLD warnings (bsc#1012628).
- objtool: Fix retpoline detection in asm code (bsc#1012628).
- objtool: Fix ".cold" section suffix check for newer versions
of GCC (bsc#1012628).
- scsi: lpfc: Fix ancient double free (bsc#1012628).
- iommu: Switch gather->end to the inclusive end (bsc#1012628).
- tools/testing/scatterlist: Fix overflow of max segment size
(bsc#1012628).
- RDMA/mlx5: Allow creating all QPs even when non RDMA profile
is used (bsc#1012628).
- IB/umad: Return EIO in case of when device disassociated
(bsc#1012628).
- IB/umad: Return EPOLLERR in case of when device disassociated
(bsc#1012628).
- KVM: PPC: Make the VMX instruction emulation routines static
(bsc#1012628).
- powerpc/kvm: Force selection of CONFIG_PPC_FPU (bsc#1012628).
- powerpc/47x: Disable 256k page size (bsc#1012628).
- powerpc/sstep: Check instruction validity against ISA version
before emulation (bsc#1012628).
- powerpc/sstep: Fix incorrect return from analyze_instr()
(bsc#1012628).
- powerpc/time: Enable sched clock for irqtime (bsc#1012628).
- powerpc: Fix build error in paravirt.h (bsc#1012628).
- mmc: owl-mmc: Fix a resource leak in an error handling path
and in the remove function (bsc#1012628).
- mmc: sdhci-sprd: Fix some resource leaks in the remove function
(bsc#1012628).
- mmc: usdhi6rol0: Fix a resource leak in the error handling
path of the probe (bsc#1012628).
- mmc: renesas_sdhi_internal_dmac: Fix DMA buffer alignment from
8 to 128-bytes (bsc#1012628).
- ARM: 9046/1: decompressor: Do not clear SCTLR.nTLSMD for ARMv7+
cores (bsc#1012628).
- i2c: qcom-geni: Store DMA mapping data in geni_i2c_dev struct
(bsc#1012628).
- i3c/master/mipi-i3c-hci: Specify HAS_IOMEM dependency
(bsc#1012628).
- amba: Fix resource leak for drivers without .remove
(bsc#1012628).
- iommu: Move iotlb_sync_map out from __iommu_map (bsc#1012628).
- iommu: Properly pass gfp_t in _iommu_map() to avoid atomic
sleeping (bsc#1012628).
- IB/mlx5: Return appropriate error code instead of ENOMEM
(bsc#1012628).
- IB/cm: Avoid a loop when device has 255 ports (bsc#1012628).
- tracepoint: Do not fail unregistering a probe due to memory
failure (bsc#1012628).
- rtc: zynqmp: depend on HAS_IOMEM (bsc#1012628).
- platform/x86: intel_pmt: Make INTEL_PMT_CLASS
non-user-selectable (bsc#1012628).
- platform/x86: intel_pmt_telemetry: Add dependency on
MFD_INTEL_PMT (bsc#1012628).
- platform/x86: intel_pmt_crashlog: Add dependency on
MFD_INTEL_PMT (bsc#1012628).
- perf tools: Fix DSO filtering when not finding a map for a
sampled address (bsc#1012628).
- perf vendor events arm64: Fix Ampere eMag event typo
(bsc#1012628).
- RDMA/rxe: Fix coding error in rxe_recv.c (bsc#1012628).
- RDMA/rxe: Fix coding error in rxe_rcv_mcast_pkt (bsc#1012628).
- RDMA/rxe: Correct skb on loopback path (bsc#1012628).
- spi: stm32: properly handle 0 byte transfer (bsc#1012628).
- mfd: altera-sysmgr: Fix physical address storing more
(bsc#1012628).
- mfd: wm831x-auxadc: Prevent use after free in
wm831x_auxadc_read_irq() (bsc#1012628).
- powerpc/pseries/dlpar: handle ibm, configure-connector delay
status (bsc#1012628).
- powerpc/8xx: Fix software emulation interrupt (bsc#1012628).
- powerpc/sstep: Fix load-store and update emulation
(bsc#1012628).
- powerpc/sstep: Fix darn emulation (bsc#1012628).
- clk: qcom: gfm-mux: fix clk mask (bsc#1012628).
- clk: qcom: gcc-sc7180: Mark the MM XO clocks to be always ON
(bsc#1012628).
- clk: qcom: gcc-msm8998: Fix Alpha PLL type for all GPLLs
(bsc#1012628).
- kunit: tool: fix unit test cleanup handling (bsc#1012628).
- kselftests: dmabuf-heaps: Fix Makefile's inclusion of the
kernel's usr/include dir (bsc#1012628).
- RDMA/hns: Allocate one more recv SGE for HIP08 (bsc#1012628).
- RDMA/hns: Bugfix for checking whether the srq is full when
post wr (bsc#1012628).
- RDMA/hns: Force srq_limit to 0 when creating SRQ (bsc#1012628).
- RDMA/hns: Fixed wrong judgments in the goto branch
(bsc#1012628).
- RDMA/hns: Remove the reserved WQE of SRQ (bsc#1012628).
- RDMA/siw: Fix calculation of tx_valid_cpus size (bsc#1012628).
- RDMA/hns: Avoid filling sgid index when modifying QP to RTR
(bsc#1012628).
- RDMA/hns: Fix type of sq_signal_bits (bsc#1012628).
- RDMA/hns: Add mapped page count checking for MTR (bsc#1012628).
- RDMA/hns: Disable RQ inline by default (bsc#1012628).
- clk: divider: fix initialization with parent_hw (bsc#1012628).
- spi: pxa2xx: Fix the controller numbering for Wildcat Point
(bsc#1012628).
- powerpc/uaccess: Avoid might_fault() when user access is enabled
(bsc#1012628).
- powerpc/kuap: Restore AMR after replaying soft interrupts
(bsc#1012628).
- regulator: qcom-rpmh: fix pm8009 ldo7 (bsc#1012628).
- clk: aspeed: Fix APLL calculate formula from ast2600-A2
(bsc#1012628).
- selftests/ftrace: Update synthetic event syntax errors
(bsc#1012628).
- perf symbols: Use (long) for iterator for bfd symbols
(bsc#1012628).
- regulator: bd718x7, bd71828, Fix dvs voltage levels
(bsc#1012628).
- spi: dw: Avoid stack content exposure (bsc#1012628).
- spi: Skip zero-length transfers in spi_transfer_one_message()
(bsc#1012628).
- printk: avoid prb_first_valid_seq() where possible
(bsc#1012628).
- perf symbols: Fix return value when loading PE DSO
(bsc#1012628).
- nfsd: register pernet ops last, unregister first (bsc#1012628).
- svcrdma: Hold private mutex while invoking rdma_accept()
(bsc#1012628).
- ceph: fix flush_snap logic after putting caps (bsc#1012628).
- RDMA/hns: Fixes missing error code of CMDQ (bsc#1012628).
- RDMA/ucma: Fix use-after-free bug in ucma_create_uevent
(bsc#1012628).
- RDMA/rtrs-srv: Fix stack-out-of-bounds (bsc#1012628).
- RDMA/rtrs: Only allow addition of path to an already established
session (bsc#1012628).
- RDMA/rtrs-srv: fix memory leak by missing kobject free
(bsc#1012628).
- RDMA/rtrs-srv-sysfs: fix missing put_device (bsc#1012628).
- RDMA/rtrs-srv: Do not pass a valid pointer to PTR_ERR()
(bsc#1012628).
- Input: sur40 - fix an error code in sur40_probe() (bsc#1012628).
- perf record: Fix continue profiling after draining the buffer
(bsc#1012628).
- perf unwind: Set userdata for all __report_module() paths
(bsc#1012628).
- perf intel-pt: Fix missing CYC processing in PSB (bsc#1012628).
- perf intel-pt: Fix premature IPC (bsc#1012628).
- perf intel-pt: Fix IPC with CYC threshold (bsc#1012628).
- perf test: Fix unaligned access in sample parsing test
(bsc#1012628).
- Input: elo - fix an error code in elo_connect() (bsc#1012628).
- sparc64: only select COMPAT_BINFMT_ELF if BINFMT_ELF is set
(bsc#1012628).
- sparc: fix led.c driver when PROC_FS is not enabled
(bsc#1012628).
- Input: zinitix - fix return type of zinitix_init_touch()
(bsc#1012628).
- Input: st1232 - add IDLE state as ready condition (bsc#1012628).
- ARM: 9065/1: OABI compat: fix build when EPOLL is not enabled
(bsc#1012628).
- Input: st1232 - fix NORMAL vs. IDLE state handling
(bsc#1012628).
- misc: eeprom_93xx46: Fix module alias to enable module autoprobe
(bsc#1012628).
- phy: rockchip-emmc: emmc_phy_init() always return 0
(bsc#1012628).
- phy: cadence-torrent: Fix error code in cdns_torrent_phy_probe()
(bsc#1012628).
- misc: eeprom_93xx46: Add module alias to avoid breaking support
for non device tree users (bsc#1012628).
- PCI: rcar: Always allocate MSI addresses in 32bit space
(bsc#1012628).
- soundwire: cadence: fix ACK/NAK handling (bsc#1012628).
- pwm: rockchip: Enable APB clock during register access while
probing (bsc#1012628).
- pwm: rockchip: rockchip_pwm_probe(): Remove superfluous
clk_unprepare() (bsc#1012628).
- pwm: rockchip: Eliminate potential race condition when probing
(bsc#1012628).
- PCI: xilinx-cpm: Fix reference count leak on error path
(bsc#1012628).
- VMCI: Use set_page_dirty_lock() when unregistering guest memory
(bsc#1012628).
- PCI: Align checking of syscall user config accessors
(bsc#1012628).
- mei: hbm: call mei_set_devstate() on hbm stop response
(bsc#1012628).
- drm/msm: Fix MSM_INFO_GET_IOVA with carveout (bsc#1012628).
- drm/msm: Add proper checks for GPU LLCC support (bsc#1012628).
- drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY)
(bsc#1012628).
- drm/msm/mdp5: Fix wait-for-commit for cmd panels (bsc#1012628).
- drm/msm: Fix race of GPU init vs timestamp power management
(bsc#1012628).
- drm/msm: Fix races managing the OOB state for timestamp vs
timestamps (bsc#1012628).
- drm/msm/kms: Make a lock_class_key for each crtc mutex
(bsc#1012628).
- drm/msm/dp: trigger unplug event in msm_dp_display_disable
(bsc#1012628).
- vfio/iommu_type1: Populate full dirty when detach non-pinned
group (bsc#1012628).
- vfio/iommu_type1: Fix some sanity checks in detach group
(bsc#1012628).
- vfio-pci/zdev: fix possible segmentation fault issue
(bsc#1012628).
- ext4: fix potential htree index checksum corruption
(bsc#1012628).
- phy: USB_LGM_PHY should depend on X86 (bsc#1012628).
- coresight: etm4x: Skip accessing TRCPDCR in save/restore
(bsc#1012628).
- nvmem: core: Fix a resource leak on error in
nvmem_add_cells_from_of() (bsc#1012628).
- nvmem: core: skip child nodes not matching binding
(bsc#1012628).
- drm/msm: Fix legacy relocs path (bsc#1012628).
- soundwire: bus: use sdw_update_no_pm when initializing a device
(bsc#1012628).
- soundwire: bus: use sdw_write_no_pm when setting the bus scale
registers (bsc#1012628).
- soundwire: export sdw_write/read_no_pm functions (bsc#1012628).
- soundwire: bus: fix confusion on device used by pm_runtime
(bsc#1012628).
- drm/msm/dp: Add a missing semi-colon (bsc#1012628).
- misc: fastrpc: fix incorrect usage of dma_map_sgtable
(bsc#1012628).
- remoteproc/mediatek: acknowledge watchdog IRQ after handled
(bsc#1012628).
- mhi: Fix double dma free (bsc#1012628).
- regmap: sdw: use _no_pm functions in regmap_read/write
(bsc#1012628).
- ext: EXT4_KUNIT_TESTS should depend on EXT4_FS instead of
selecting it (bsc#1012628).
- mailbox: sprd: correct definition of SPRD_OUTBOX_FIFO_FULL
(bsc#1012628).
- device-dax: Fix default return code of range_parse()
(bsc#1012628).
- PCI: pci-bridge-emul: Fix array overruns, improve safety
(bsc#1012628).
- PCI: cadence: Fix DMA range mapping early return error
(bsc#1012628).
- i40e: Fix flow for IPv6 next header (extension header)
(bsc#1012628).
- i40e: Add zero-initialization of AQ command structures
(bsc#1012628).
- i40e: Fix overwriting flow control settings during driver
loading (bsc#1012628).
- i40e: Fix addition of RX filters after enabling FW LLDP agent
(bsc#1012628).
- i40e: Fix VFs not created (bsc#1012628).
- Take mmap lock in cacheflush syscall (bsc#1012628).
- nios2: fixed broken sys_clone syscall (bsc#1012628).
- i40e: Fix add TC filter for IPv6 (bsc#1012628).
- i40e: Fix endianness conversions (bsc#1012628).
- octeontx2-af: Fix an off by one in rvu_dbg_qsize_write()
(bsc#1012628).
- pwm: iqs620a: Fix overflow and optimize calculations
(bsc#1012628).
- ice: report correct max number of TCs (bsc#1012628).
- ice: Account for port VLAN in VF max packet size calculation
(bsc#1012628).
- ice: Fix state bits on LLDP mode switch (bsc#1012628).
- ice: update the number of available RSS queues (bsc#1012628).
- dpaa_eth: fix the access method for the dpaa_napi_portal
(bsc#1012628).
- net: stmmac: fix CBS idleslope and sendslope calculation
(bsc#1012628).
- net/mlx4_core: Add missed mlx4_free_cmd_mailbox() (bsc#1012628).
- PCI: rockchip: Make 'ep-gpios' DT property optional
(bsc#1012628).
- vxlan: move debug check after netdev unregister (bsc#1012628).
- wireguard: device: do not generate ICMP for non-IP packets
(bsc#1012628).
- wireguard: kconfig: use arm chacha even with no neon
(bsc#1012628).
- ocfs2: fix a use after free on error (bsc#1012628).
- mm: memcontrol: fix NR_ANON_THPS accounting in charge moving
(bsc#1012628).
- mm: memcontrol: fix slub memory accounting (bsc#1012628).
- mm/memory.c: fix potential pte_unmap_unlock pte error
(bsc#1012628).
- mm/hugetlb: fix potential double free in hugetlb_register_node()
error path (bsc#1012628).
- mm/hugetlb: suppress wrong warning info when alloc gigantic page
(bsc#1012628).
- mm/compaction: fix misbehaviors of fast_find_migrateblock()
(bsc#1012628).
- net: phy: micrel: set soft_reset callback to genphy_soft_reset
for KSZ8081 (bsc#1012628).
- r8169: fix jumbo packet handling on RTL8168e (bsc#1012628).
- NFSv4: Fixes for nfs4_bitmask_adjust() (bsc#1012628).
- KVM: SVM: Intercept INVPCID when it's disabled to inject #UD
(bsc#1012628).
- KVM: x86/mmu: Expand collapsible SPTE zap for TDP MMU to
ZONE_DEVICE and HugeTLB pages (bsc#1012628).
- cifs: Fix inconsistent IS_ERR and PTR_ERR (bsc#1012628).
- arm64: Add missing ISB after invalidating TLB in
__primary_switch (bsc#1012628).
- i2c: brcmstb: Fix brcmstd_send_i2c_cmd condition (bsc#1012628).
- i2c: exynos5: Preserve high speed master code (bsc#1012628).
- mm,thp,shmem: make khugepaged obey tmpfs mount flags
(bsc#1012628).
- mm: fix memory_failure() handling of dax-namespace metadata
(bsc#1012628).
- mm/rmap: fix potential pte_unmap on an not mapped pte
(bsc#1012628).
- proc: use kvzalloc for our kernel buffer (bsc#1012628).
- csky: Fix a size determination in gpr_get() (bsc#1012628).
- scsi: bnx2fc: Fix Kconfig warning & CNIC build errors
(bsc#1012628).
- scsi: sd: sd_zbc: Don't pass GFP_NOIO to kvcalloc (bsc#1012628).
- block: reopen the device in blkdev_reread_part (bsc#1012628).
- block: fix logging on capacity change (bsc#1012628).
- ide/falconide: Fix module unload (bsc#1012628).
- scsi: sd: Fix Opal support (bsc#1012628).
- blk-settings: align max_sectors on "logical_block_size" boundary
(bsc#1012628).
- soundwire: intel: fix possible crash when no device is detected
(bsc#1012628).
- ACPI: property: Fix fwnode string properties matching
(bsc#1012628).
- ACPI: configfs: add missing check after
configfs_register_default_group() (bsc#1012628).
- cpufreq: ACPI: Set cpuinfo.max_freq directly if max boost is
known (bsc#1012628).
- HID: logitech-dj: add support for keyboard events in eQUAD
step 4 Gaming (bsc#1012628).
- HID: wacom: Ignore attempts to overwrite the touch_max value
from HID (bsc#1012628).
- Input: raydium_ts_i2c - do not send zero length (bsc#1012628).
- Input: xpad - add support for PowerA Enhanced Wired Controller
for Xbox Series X|S (bsc#1012628).
- Input: joydev - prevent potential read overflow in ioctl
(bsc#1012628).
- Input: i8042 - add ASUS Zenbook Flip to noselftest list
(bsc#1012628).
- media: mceusb: Fix potential out-of-bounds shift (bsc#1012628).
- USB: serial: option: update interface mapping for ZTE P685M
(bsc#1012628).
- usb: musb: Fix runtime PM race in musb_queue_resume_work
(bsc#1012628).
- usb: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1
(bsc#1012628).
- usb: dwc3: gadget: Fix dep->interval for fullspeed interrupt
(bsc#1012628).
- USB: serial: ftdi_sio: fix FTX sub-integer prescaler
(bsc#1012628).
- USB: serial: pl2303: fix line-speed handling on newer chips
(bsc#1012628).
- USB: serial: mos7840: fix error code in mos7840_write()
(bsc#1012628).
- USB: serial: mos7720: fix error code in mos7720_write()
(bsc#1012628).
- phy: lantiq: rcu-usb2: wait after clock enable (bsc#1012628).
- ALSA: usb-audio: Correct document for
snd_usb_endpoint_free_all() (bsc#1012628).
- ALSA: usb-audio: Handle invalid running state at releasing EP
(bsc#1012628).
- ALSA: usb-audio: More strict state change in EP (bsc#1012628).
- ALSA: usb-audio: Don't avoid stopping the stream at
disconnection (bsc#1012628).
- ALSA: usb-audio: Add implicit fb quirk for BOSS GP-10
(bsc#1012628).
- ALSA: fireface: fix to parse sync status register of latter
protocol (bsc#1012628).
- ALSA: hda: Add another CometLake-H PCI ID (bsc#1012628).
- ALSA: hda/hdmi: Drop bogus check at closing a stream
(bsc#1012628).
- ALSA: hda/realtek: modify EAPD in the ALC886 (bsc#1012628).
- ALSA: hda/realtek: Quirk for HP Spectre x360 14 amp setup
(bsc#1012628).
- MIPS: Ingenic: Disable HPTLB for D0 XBurst CPUs too
(bsc#1012628).
- MIPS: Support binutils configured with
- -enable-mips-fix-loongson3-llsc=yes (bsc#1012628).
- MIPS: VDSO: Use CLANG_FLAGS instead of filtering out '--target='
(bsc#1012628).
- Revert "MIPS: Octeon: Remove special handling of
CONFIG_MIPS_ELF_APPENDED_DTB=y" (bsc#1012628).
- MIPS: compressed: fix build with enabled UBSAN (bsc#1012628).
- Revert "bcache: Kill btree_io_wq" (bsc#1012628).
- bcache: Give btree_io_wq correct semantics again (bsc#1012628).
- bcache: Move journal work to new flush wq (bsc#1012628).
- Revert "drm/amd/display: Update NV1x SR latency values"
(bsc#1012628).
- drm/amd/display: Add FPU wrappers to dcn21_validate_bandwidth()
(bsc#1012628).
- drm/amd/display: Remove Assert from dcn10_get_dig_frontend
(bsc#1012628).
- drm/amd/display: Add vupdate_no_lock interrupts for DCN2.1
(bsc#1012628).
- Revert "drm/amd/display: reuse current context instead of
recreating one" (bsc#1012628).
- drm/amdkfd: Fix recursive lock warnings (bsc#1012628).
- drm/amdgpu: fix CGTS_TCC_DISABLE register offset on gfx10.3
(bsc#1012628).
- drm/amdgpu: Set reference clock to 100Mhz on Renoir (v2)
(bsc#1012628).
- drm/amdgpu: fix shutdown and poweroff process failed with s0ix
(bsc#1012628).
- drm/ttm: Fix a memory leak (bsc#1012628).
- drm/nouveau/kms: handle mDP connectors (bsc#1012628).
- drm/modes: Switch to 64bit maths to avoid integer overflow
(bsc#1012628).
- drm/sched: Cancel and flush all outstanding jobs before finish
(bsc#1012628).
- drm/panel: kd35t133: allow using non-continuous dsi clock
(bsc#1012628).
- drm/rockchip: Require the YTR modifier for AFBC (bsc#1012628).
- ASoC: siu: Fix build error by a wrong const prefix
(bsc#1012628).
- selinux: fix inconsistency between inode_getxattr and
inode_listsecurity (bsc#1012628).
- erofs: initialized fields can only be observed after bit is set
(bsc#1012628).
- tpm_tis: Fix check_locality for correct locality acquisition
(bsc#1012628).
- tpm_tis: Clean up locality release (bsc#1012628).
- KEYS: trusted: Fix incorrect handling of tpm_get_random()
(bsc#1012628).
- KEYS: trusted: Fix migratable=1 failing (bsc#1012628).
- KEYS: trusted: Reserve TPM for seal and unseal operations
(bsc#1012628).
- btrfs: do not cleanup upper nodes in btrfs_backref_cleanup_node
(bsc#1012628).
- btrfs: do not warn if we can't find the reloc root when looking
up backref (bsc#1012628).
- btrfs: add asserts for deleting backref cache nodes
(bsc#1012628).
- btrfs: abort the transaction if we fail to inc ref in
btrfs_copy_root (bsc#1012628).
- btrfs: fix reloc root leak with 0 ref reloc roots on recovery
(bsc#1012628).
- btrfs: splice remaining dirty_bg's onto the transaction dirty
bg list (bsc#1012628).
- btrfs: handle space_info::total_bytes_pinned inside the delayed
ref itself (bsc#1012628).
- btrfs: account for new extents being deleted in
total_bytes_pinned (bsc#1012628).
- btrfs: fix extent buffer leak on failure to copy root
(bsc#1012628).
- drm/i915/gt: Flush before changing register state (bsc#1012628).
- drm/i915/gt: Correct surface base address for renderclear
(bsc#1012628).
- crypto: arm64/sha - add missing module aliases (bsc#1012628).
- crypto: aesni - prevent misaligned buffers on the stack
(bsc#1012628).
- crypto: michael_mic - fix broken misalignment handling
(bsc#1012628).
- crypto: sun4i-ss - checking sg length is not sufficient
(bsc#1012628).
- crypto: sun4i-ss - IV register does not work on A10 and A13
(bsc#1012628).
- crypto: sun4i-ss - handle BigEndian for cipher (bsc#1012628).
- crypto: sun4i-ss - initialize need_fallback (bsc#1012628).
- soc: samsung: exynos-asv: don't defer early on not-supported
SoCs (bsc#1012628).
- soc: samsung: exynos-asv: handle reading revision register error
(bsc#1012628).
- seccomp: Add missing return in non-void function (bsc#1012628).
- arm64: ptrace: Fix seccomp of traced syscall -1 (NO_SYSCALL)
(bsc#1012628).
- misc: rtsx: init of rts522a add OCP power off when no card is
present (bsc#1012628).
- drivers/misc/vmw_vmci: restrict too big queue size in
qp_host_alloc_queue (bsc#1012628).
- pstore: Fix typo in compression option name (bsc#1012628).
- dts64: mt7622: fix slow sd card access (bsc#1012628).
- arm64: dts: agilex: fix phy interface bit shift for gmac1 and
gmac2 (bsc#1012628).
- staging/mt7621-dma: mtk-hsdma.c->hsdma-mt7621.c (bsc#1012628).
- staging: gdm724x: Fix DMA from stack (bsc#1012628).
- staging: rtl8188eu: Add Edimax EW-7811UN V2 to device table
(bsc#1012628).
- media: i2c: max9286: fix access to unallocated memory
(bsc#1012628).
- media: v4l: ioctl: Fix memory leak in video_usercopy
(bsc#1012628).
- media: ir_toy: add another IR Droid device (bsc#1012628).
- media: ipu3-cio2: Fix mbus_code processing in
cio2_subdev_set_fmt() (bsc#1012628).
- media: marvell-ccic: power up the device on mclk enable
(bsc#1012628).
- media: smipcie: fix interrupt handling and IR timeout
(bsc#1012628).
- x86/virt: Eat faults on VMXOFF in reboot flows (bsc#1012628).
- x86/reboot: Force all cpus to exit VMX root if VMX is supported
(bsc#1012628).
- x86/fault: Fix AMD erratum #91 errata fixup for user code
(bsc#1012628).
- x86/entry: Fix instrumentation annotation (bsc#1012628).
- powerpc/prom: Fix "ibm,arch-vec-5-platform-support" scan
(bsc#1012628).
- rcu: Pull deferred rcuog wake up to rcu_eqs_enter() callers
(bsc#1012628).
- rcu/nocb: Perform deferred wake up before last idle's
need_resched() check (bsc#1012628).
- rcu/nocb: Trigger self-IPI on late deferred wake up before
user resume (bsc#1012628).
- entry: Explicitly flush pending rcuog wakeup before last
rescheduling point (bsc#1012628).
- entry/kvm: Explicitly flush pending rcuog wakeup before last
rescheduling point (bsc#1012628).
- kprobes: Fix to delay the kprobes jump optimization
(bsc#1012628).
- arm64: Extend workaround for erratum 1024718 to all versions
of Cortex-A55 (bsc#1012628).
- iommu/arm-smmu-qcom: Fix mask extraction for bootloader
programmed SMRs (bsc#1012628).
- mailbox: arm_mhuv2: Skip calling kfree() with invalid pointer
(bsc#1012628).
- arm64: kexec_file: fix memory leakage in create_dtb() when
fdt_open_into() fails (bsc#1012628).
- arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing
(bsc#1012628).
- arm64 module: set plt* section addresses to 0x0 (bsc#1012628).
- arm64: spectre: Prevent lockdep splat on v4 mitigation enable
path (bsc#1012628).
- riscv: Disable KSAN_SANITIZE for vDSO (bsc#1012628).
- watchdog: qcom: Remove incorrect usage of QCOM_WDT_ENABLE_IRQ
(bsc#1012628).
- watchdog: mei_wdt: request stop on unregister (bsc#1012628).
- coresight: etm4x: Handle accesses to TRCSTALLCTLR (bsc#1012628).
- mtd: spi-nor: sfdp: Fix last erase region marking (bsc#1012628).
- mtd: spi-nor: sfdp: Fix wrong erase type bitmask for overlaid
region (bsc#1012628).
- mtd: spi-nor: core: Fix erase type discovery for overlaid region
(bsc#1012628).
- mtd: spi-nor: core: Add erase size check for erase command
initialization (bsc#1012628).
- mtd: spi-nor: hisi-sfc: Put child node np on error path
(bsc#1012628).
- fs/affs: release old buffer head on error path (bsc#1012628).
- seq_file: document how per-entry resources are managed
(bsc#1012628).
- x86: fix seq_file iteration for pat/memtype.c (bsc#1012628).
- mm: memcontrol: fix swap undercounting in cgroup2 (bsc#1012628).
- mm: memcontrol: fix get_active_memcg return value (bsc#1012628).
- hugetlb: fix update_and_free_page contig page struct assumption
(bsc#1012628).
- hugetlb: fix copy_huge_page_from_user contig page struct
assumption (bsc#1012628).
- mm/vmscan: restore zone_reclaim_mode ABI (bsc#1012628).
- mm, compaction: make fast_isolate_freepages() stay within zone
(bsc#1012628).
- KVM: nSVM: fix running nested guests when npt=0 (bsc#1012628).
- nvmem: qcom-spmi-sdam: Fix uninitialized pdev pointer
(bsc#1012628).
- module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined
symbols (bsc#1012628).
- mmc: sdhci-esdhc-imx: fix kernel panic when remove module
(bsc#1012628).
- mmc: sdhci-pci-o2micro: Bug fix for SDR104 HW tuning failure
(bsc#1012628).
- powerpc/32: Preserve cr1 in exception prolog stack check to
fix build error (bsc#1012628).
- powerpc/kexec_file: fix FDT size estimation for kdump kernel
(bsc#1012628).
- powerpc/32s: Add missing call to kuep_lock on syscall entry
(bsc#1012628).
- spmi: spmi-pmic-arb: Fix hw_irq overflow (bsc#1012628).
- mei: bus: block send with vtag on non-conformat FW
(bsc#1012628).
- mei: fix transfer over dma with extended header (bsc#1012628).
- mei: me: emmitsburg workstation DID (bsc#1012628).
- mei: me: add adler lake point S DID (bsc#1012628).
- mei: me: add adler lake point LP DID (bsc#1012628).
- gpio: pcf857x: Fix missing first interrupt (bsc#1012628).
- mfd: gateworks-gsc: Fix interrupt type (bsc#1012628).
- printk: fix deadlock when kernel panic (bsc#1012628).
- exfat: fix shift-out-of-bounds in exfat_fill_super()
(bsc#1012628).
- zonefs: Fix file size of zones in full condition (bsc#1012628).
- kcmp: Support selection of SYS_kcmp without CHECKPOINT_RESTORE
(bsc#1012628).
- thermal: cpufreq_cooling: freq_qos_update_request() returns <
0 on error (bsc#1012628).
- cpufreq: qcom-hw: drop devm_xxx() calls from init/exit hooks
(bsc#1012628).
- cpufreq: intel_pstate: Change intel_pstate_get_hwp_max()
argument (bsc#1012628).
- cpufreq: intel_pstate: Get per-CPU max freq via
MSR_HWP_CAPABILITIES if available (bsc#1012628).
- proc: don't allow async path resolution of /proc/thread-self
components (bsc#1012628).
- s390/vtime: fix inline assembly clobber list (bsc#1012628).
- virtio/s390: implement virtio-ccw revision 2 correctly
(bsc#1012628).
- um: mm: check more comprehensively for stub changes
(bsc#1012628).
- um: defer killing userspace on page table update failures
(bsc#1012628).
- irqchip/loongson-pch-msi: Use bitmap_zalloc() to allocate bitmap
(bsc#1012628).
- f2fs: fix out-of-repair __setattr_copy() (bsc#1012628).
- f2fs: enforce the immutable flag on open files (bsc#1012628).
- f2fs: flush data when enabling checkpoint back (bsc#1012628).
- cifs: fix DFS failover (bsc#1012628).
- cifs: check all path components in resolved dfs target
(bsc#1012628).
- cifs: introduce helper for finding referral server to improve
DFS target resolution (bsc#1012628).
- cifs: fix nodfs mount option (bsc#1012628).
- cifs: fix handling of escaped ',' in the password mount argument
(bsc#1012628).
- sparc32: fix a user-triggerable oops in clear_user()
(bsc#1012628).
- perf stat: Use nftw() instead of ftw() (bsc#1012628).
- spi: fsl: invert spisel_boot signal on MPC8309 (bsc#1012628).
- spi: spi-synquacer: fix set_cs handling (bsc#1012628).
- gfs2: fix glock confusion in function signal_our_withdraw
(bsc#1012628).
- gfs2: Don't skip dlm unlock if glock has an lvb (bsc#1012628).
- gfs2: Lock imbalance on error path in gfs2_recover_one
(bsc#1012628).
- gfs2: Recursive gfs2_quota_hold in gfs2_iomap_end (bsc#1012628).
- dm: fix deadlock when swapping to encrypted device
(bsc#1012628).
- dm table: fix iterate_devices based device capability checks
(bsc#1012628).
- dm table: fix DAX iterate_devices based device capability checks
(bsc#1012628).
- dm table: fix zoned iterate_devices based device capability
checks (bsc#1012628).
- dm writecache: fix performance degradation in ssd mode
(bsc#1012628).
- dm writecache: return the exact table values that were set
(bsc#1012628).
- dm writecache: fix writing beyond end of underlying device
when shrinking (bsc#1012628).
- dm era: Recover committed writeset after crash (bsc#1012628).
- dm era: Update in-core bitset after committing the metadata
(bsc#1012628).
- dm era: Verify the data block size hasn't changed (bsc#1012628).
- dm era: Fix bitset memory leaks (bsc#1012628).
- dm era: Use correct value size in equality function of writeset
tree (bsc#1012628).
- dm era: Reinitialize bitset cache before digesting a new
writeset (bsc#1012628).
- dm era: only resize metadata in preresume (bsc#1012628).
- drm/i915: Reject 446-480MHz HDMI clock on GLK (bsc#1012628).
- kgdb: fix to kill breakpoints on initmem after boot
(bsc#1012628).
- ipv6: silence compilation warning for non-IPV6 builds
(bsc#1012628).
- net: icmp: pass zeroed opts from icmp{,v6}_ndo_send before
sending (bsc#1012628).
- wireguard: selftests: test multiple parallel streams
(bsc#1012628).
- wireguard: queueing: get rid of per-peer ring buffers
(bsc#1012628).
- net: sched: fix police ext initialization (bsc#1012628).
- net: qrtr: Fix memory leak in qrtr_tun_open (bsc#1012628).
- net_sched: fix RTNL deadlock again caused by request_module()
(bsc#1012628).
- ARM: dts: aspeed: Add LCLK to lpc-snoop (bsc#1012628).
- Update config files.
- commit 39714eb
- rpm/check-for-config-changes: ignore more configs
Specifially, these:
* CONFIG_CC_HAS_*
* CONFIG_CC_HAVE_*
* CONFIG_CC_CAN_*
* CONFIG_HAVE_[A-Z]*_COMPILER
* CONFIG_TOOLS_SUPPORT_*
are compiler specific too. This will allow us to use super configs
using kernel's dummy-tools.
- commit d12dcbd
++++ libcontainers-common:
- Require util-linux-systemd for %post scripts (findmnt) (boo#1182998)
++++ libxkbcommon:
- Update to release 1.1.0
* Update keysym definitions to latest xorgproto. In particular,
this adds many special keysyms corresponding to Linux evdev
keycodes.
* New XKB_KEY_* definitions.
++++ zstd:
- Update to version 1.4.9
* https://github.com/facebook/zstd/releases/tag/v1.4.9
* >2x Faster Long Distance Mode
* New Experimental Decompression Feature: ZSTD_d_refMultipleDDicts
* bug: Use umask() to Constrain Created File Permissions
* bug: Make Simple Single-Pass Functions Ignore Advanced Parameters
* cli: Fix --output-dir-mirror's Rejection of ..-Containing Paths
* cli: Allow Input From Console When -f/--force is Passed
++++ systemd-presets-common-SUSE:
- Enable user services pipewire.socket and pipewire-pulse.socket
(boo#1183012).
++++ systemd-rpm-macros:
- Fix %systemd_user_post. The --global parameter was handled as if
it was another service name so %systemd_user_post wasn't working
properly. Replace %systemd_user_post with the code from
%service_add_post it was being expanded to but correctly passing
- -global to systemctl (boo#1183051, boo#1182661).
++++ u-boot-rpiarm64:
- Fix confname assignment for zynqmp and zynq case (bsc#1182962)
- Guard 'export BL31' for sun50i_h6 and sun50i_a64 with
'%{with uboot_atf}' condition (bsc#1182962)
------------------------------------------------------------------
------------------ 2021-3-3 - Mar 3 2021 -------------------
------------------------------------------------------------------
++++ docker:
- Update to Docker 20.10.5-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/#20105>. bsc#1182947
- Update runc dependency to 1.0.0~rc93.
- Remove upstreamed patches:
- cli-0001-Rename-bin-md2man-to-bin-go-md2man.patch
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- Switch version to use -ce suffix rather than _ce to avoid confusing other
tools. boo#1182476
++++ dracut:
- Update to version 053+suse.93.g039ac07d:
* fix(kernel-modules): optionally add /usr/lib/modules.d to initramfs
- Update to version 053+suse.91.g4a0bdda1:
* fix(kernel-modules): optionally add /usr/lib/modules.d to initramfs (bsc#1180822)
++++ glib2:
- Add glib2-CVE-2021-27219-add-g_memdup2.patch: g_memdup takes a
guint as parameter and sometimes leads into an integer overflow,
so add a g_memdup2 function which uses gsize to replace it.
(bsc#1182362, glgo#GNOME/glib!1927, glgo#GNOME/glib!1933,
glgo#GNOME/glib!1943)
++++ kernel-default:
- swap: fix swapfile read/write offset.
- commit bdb065a
- config: arm64: sync xgmac-mdio config with SLE
- commit 277fee9
- config: arm64: sync coresight configs with SLE
- commit b4d272d
- Update config files.
Refresh with dummy-tools.
- commit 433c0e0
- kbuild: dummy-tools, fix inverted tests for gcc (bsc#1181862).
- commit ddbefa3
++++ patterns-base:
- Recommend hostname, else you don't get it installed without
installed YaST
- Move shadow from required to recommended, it not needed for a
functional base system and there are alternate solutions, so
allow users to install them.
++++ salt:
- Fix race conditions for corner cases when handling SIGTERM by minion (bsc#1172110)
- Added:
* prevent-race-condition-on-sigterm-for-the-minion-bsc.patch
++++ qemu:
- Add patch from IBM to improve modularization situation on s390
where a new qemu module, hw-s390x-virtio-gpu-ccw.so, and a
corresponding new qemu-hw-s390x-virtio-gpu-ccw subpackage, is
split out (this parallels the hw-display-virtio-gpu-pci.so module).
Split-provides file is also used to track this functionality
splitout. Both the packages supplying the above mentioned modules
now have a Requires on the qemu-hw-display-virtio-gpu package. It
is anticipated that this change is going in upstream as well, and
if done differently the plan is to update to the upstream
implementation if possible (bsc#1181103)
hw-s390x-modularize-virtio-gpu-ccw.patch
++++ vim:
- Updated to version 8.2.2564, fixes the following problems
* Not all fields in "cstack" are initialized which might cause a crash.
* Crash when using :all while using a cmdline window. (Zdenek Dohnal)
* Using freed memory when closing the cmdline window.
* No way to check for the cmdwin feature, cmdline_hist is now always enabled.
* May get stuck in command line window state.
* Condition stack values may be used when not set.
* Color not changed if ModeMsg highlight is set in InsertEnter autocmd
event. (Paul Swanson)
* Autocmd test was failing on MS-Windows with GUI.
* Too many problems with using all autocommand events.
* Double free when using autocommand with "argdel". (Houyunsong)
* Crash when deleting with line number out of range. (Houyunsong)
* Missing error message.
* Some tests are known to cause an error with ASAN.
* Cursor on invalid line with range and :substitute.
* Allowing 'completefunc' to switch windows causes trouble.
* Can still switch windows for 'completefunc'.
* FocusGained does not work when 'ttymouse' is empty.
* :goto does not work correctly with text properties. (Sam McCall)
* :vimgrep expands wildcards twice.
* Warning for -fno-strength-reduce with Clang 11.
* Libvterm tests are executed even when libtool doesn't work.
* Opening cmdline window gives error in BufLeave autocommand.
* Vim9: no error when compiling str2nr() with a number.
* setline() gives an error for some types.
* Vim9 script test is a bit flaky.
* Deprecation warnings with default configuration.
* Out of bounds compiler warning.
++++ wpa_supplicant:
- Fix systemd device ready dependencies in wpa_supplicant@.service file.
(see: https://forums.opensuse.org/showthread.php/547186-wpa_supplicant-service-fails-on-boot-succeeds-on-restart?p=2982844#post2982844)
------------------------------------------------------------------
------------------ 2021-3-2 - Mar 2 2021 -------------------
------------------------------------------------------------------
++++ transactional-update:
- Version 3.2.0
- tukit: Add new command 'callext' to execute an application while the
snapshot is mounted. '{}' as a parameter will be replaced with the path
of the bind mount.
- Fix --drop-if-no-change [boo#1182525]
- Check whether self-updated version is executable (e.g. on noexec /tmp)
[bsc#1173842]
- Fix overlay synchronisation with SELinux (again)
- Always overwrite supplemental files (e.g. for network configuration)
even if they exist in the snapshot already [boo#1182544]
- Improve logging and error messages
++++ glibc:
- Disable x86 ISA level for now (bsc#1182522, BZ #27318)
- nss-revert-api.patch: Workaround for nss-compat brokeness (bsc#1182247,
BZ #27416)
++++ kernel-default:
- Remove zte device tree builds
The zte vendor directory has been dropped in 5.12.rc1 via this change:
commit 89d4f98ae90d95716009bb89823118a8cfbb94dd
Author: Arnd Bergmann <arnd@arndb.de>
Date: Mon Jan 18 14:06:09 2021 +0100
- commit 6811d6c
++++ jigit:
- Update to version 1.22:
* Add support for SHA256 checksums, using jigdo format v2
+ Changes to libjte to generate the new format as an option -
still defaults to v1 for cmpatibility for now
+ libjte updated to major version 2
+ Add support for v2 in jigdump, jigit-mkimage etc. too
+ Add new jigsum-sha256 program, for the base64-like output
with sha256 checksums
* jigdump now also understands jigdo .iso.tmp files
* Misc small cleanups
From version 1.21:
* parallel-sums:
+ New utility for calculating checksums in parallel
* Misc code cleanups
* Misc man page cleanups
* jigit-mkimage:
+ Print missing file names correctly
++++ nfs-utils:
- Update to version 2.5.3
https://mirrors.edge.kernel.org/pub/linux/utils/nfs-utils/2.5.3/2.5.3-Changelog
++++ openssl-1_1:
- Fix unresolved error codes [bsc#1182959]
- Update patches:
* openssl-1.1.1-fips.patch
* openssl-1.1.1-evp-kdf.patch
++++ libosinfo:
- Update to version 1.9.0
Changes in this release include:
* Improve on the osinfo-tools' and osinfo-detect's help
* Several CI improvements
* Several translations improvements
* Improve on debuggability of the loader code
* Fix build when using clang
++++ osinfo-db:
- Update to database version 20210215
osinfo-db-20210215.tar.xz
- Fix AutoYaST profiles to pass the validation during installation
(bsc#1182144).
fix-autoyast-validation.patch
++++ python-libvirt-python:
- Update to 7.1.0
- Add all new APIs and constants in libvirt 7.1.0
------------------------------------------------------------------
------------------ 2021-3-1 - Mar 1 2021 -------------------
------------------------------------------------------------------
++++ bcm43xx-firmware:
- Cater for old and new ways of configuring bluetooth on RPi. Users of
'hciattach' expect the firmware in '/lib/firmware' while users of the serdev
configured bluetooth setups will expect it in '/lib/firmware/brcm'
(bsc#1177189).
++++ glibc:
- Fix build of utils flavor for usrmerge
++++ hwdata:
- Update to version 0.345:
+ Updated pci, usb and vendor ids.
+ Resolves boo#1182482 jsc#SLE-13791 bnc#1170160
++++ kernel-default:
- Update to 5.12-rc1
- eliminated 30 patches (26 stable, 4 other)
- patches.kernel.org/*
- patches.suse/drm-bail-out-of-nouveau_channel_new-if-channel-init-.patch
- patches.suse/floppy-reintroduce-O_NDELAY-fix.patch
- patches.suse/media-uvcvideo-Accept-invalid-bFormatIndex-and-bFram.patch
- patches.suse/nvmem-add-driver-to-expose-reserved-memory-as-nvmem.patch
- disable ARM architectures (need config update)
- refresh
- patches.rpmify/Add-ksym-provides-tool.patch
- patches.rpmify/Kconfig-make-CONFIG_CC_CAN_LINK-always-true.patch
- patches.suse/acpi_thermal_passive_blacklist.patch
- patches.suse/btrfs-use-the-new-VFS-super_block_dev.patch
- patches.suse/supported-flag
- patches.suse/supported-flag-modverdir
- patches.suse/supported-flag-wildcards
- patches.suse/vfs-add-super_operations-get_inode_dev
- new config options
- Power management and ACPI options
- CONFIG_ACPI_FPDT=y
- General architecture-dependent options
- CONFIG_LTO_NONE=y
- Enable loadable module support
- CONFIG_TRIM_UNUSED_KSYMS=n
- Networking support
- CONFIG_IP_VS_TWOS=m
- CONFIG_NET_DSA_TAG_XRS700X=m
- CONFIG_NFC_VIRTUAL_NCI=m
- Library routines
- CONFIG_STACK_HASH_ORDER=20
- Kernel hacking
- CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT=n
- CONFIG_KFENCE=y
- CONFIG_KFENCE_STATIC_KEYS=y
- CONFIG_KFENCE_SAMPLE_INTERVAL=100
- CONFIG_KFENCE_NUM_OBJECTS=255
- CONFIG_KFENCE_STRESS_TEST_FAULTS=0
- CONFIG_DEBUG_IRQFLAGS=n
- PCI support
- CONFIG_PCI_EPF_NTB=m
- CONFIG_CXL_BUS=m
- CONFIG_CXL_MEM=m
- CONFIG_CXL_MEM_RAW_COMMANDS=n
- Network device support
- CONFIG_NET_DSA_XRS700X_I2C=m
- CONFIG_NET_DSA_XRS700X_MDIO=m
- CONFIG_MLX5_SF=y
- CONFIG_XILINX_EMACLITE=n
- CONFIG_MT7921E=m
- Power management
- CONFIG_CHARGER_LTC4162L=m
- CONFIG_CHARGER_BQ256XX=m
- CONFIG_SENSORS_AHT10=m
- CONFIG_SENSORS_TPS23861=m
- CONFIG_REGULATOR_MT6315=m
- Multimedia support
- CONFIG_CIO2_BRIDGE=y
- CONFIG_VIDEO_OV5648=m
- CONFIG_VIDEO_OV8865=m
- CONFIG_VIDEO_RDACM21=m
- Sound card support
- CONFIG_SND_JACK_INJECTION_DEBUG=n
- CONFIG_SND_INTEL_BYT_PREFER_SOF=y
- CONFIG_SND_SOC_RT5659=m
- CONFIG_SND_SOC_LPASS_RX_MACRO=n
- CONFIG_SND_SOC_LPASS_TX_MACRO=n
- HID support
- CONFIG_HID_PLAYSTATION=m
- CONFIG_PLAYSTATION_FF=y
- CONFIG_I2C_HID_ACPI=m
- USB support
- CONFIG_USB_CDNS_SUPPORT=m
- CONFIG_USB_CDNSP_PCI=m
- CONFIG_USB_CDNSP_GADGET=y
- CONFIG_USB_CDNSP_HOST=y
- CONFIG_USB_SERIAL_XR=m
- LED Support
- CONFIG_LEDS_TRIGGER_TTY=m
- CONFIG_LEDS_BLINK=y
- Microsoft Surface Platform-Specific Device Drivers
- CONFIG_SURFACE_HOTPLUG=m
- CONFIG_SURFACE_ACPI_NOTIFY=m
- CONFIG_SURFACE_AGGREGATOR=m
- CONFIG_SURFACE_AGGREGATOR_CDEV=m
- CONFIG_SURFACE_AGGREGATOR_BUS=y
- CONFIG_SURFACE_AGGREGATOR_ERROR_INJECTION=n
- Industrial I/O support
- CONFIG_AD5766=n
- CONFIG_YAMAHA_YAS530=n
- CONFIG_HID_SENSOR_CUSTOM_INTEL_HINGE=n
- Generic powercap sysfs driver
- CONFIG_DTPM=y
- CONFIG_DTPM_CPU=y
- Misc devices
- CONFIG_BCM_VK=m
- CONFIG_BCM_VK_TTY=y
- CONFIG_TCG_TIS_I2C_CR50=m
- CONFIG_SVC_I3C_MASTER=m
- CONFIG_MMC_CRYPTO=y
- CONFIG_INTEL_LDMA=y
- CONFIG_DMABUF_DEBUG=n
- CONFIG_ACRN_HSM=m
- CONFIG_FPGA_DFL_EMIF=m
- CONFIG_NTB_EPF=m
- CONFIG_FPGA_DFL_NIOS_INTEL_PAC_N3000=m
- x86
- CONFIG_X86_PLATFORM_DRIVERS_DELL=y
- OF dependent drivers (i386, ppc64/ppc64le, riscv64)
- PCIE_MICROCHIP_HOST=y
- VIDEO_IMX334=m
- DRM_PANEL_DSI_CM=n
- DRM_PANEL_KHADAS_TS050=n
- I2C_HID_OF=m
- I2C_HID_OF_GOODIX=m
- COMMON_CLK_AXI_CLKGEN=m
- i386
- NET_DSA_MV88E6XXX_PTP=y
- SPI_CADENCE_QUADSPI=m
- LEDS_BLINK_LGM=m
- s390x
- TIME_NS=y
- DEBUG_ENTRY=n
- riscv64
- NUMA=y
- NODES_SHIFT=2
- SPARSEMEM_VMEMMAP=y
- DEFERRED_STRUCT_PAGE_INIT=y
- LEDS_BLINK_LGM=m
- KGDB_HONOUR_BLOCKLIST=y
- FAIL_FUNCTION=n
- KPROBES_SANITY_TEST=n
- NUMA_BALANCING=y
- NUMA_BALANCING_DEFAULT_ENABLED=y
- commit 42fc050
- rpm/kernel-source.spec.in: temporary workaround for a build failure
Upstream c6x architecture removal left a dangling link behind which
triggers openSUSE post-build check in kernel-source, failing
kernel-source build.
A fix deleting the danglink link has been submitted but it did not make
it into 5.12-rc1. Unfortunately we cannot add it as a patch as patch
utility does not handle symlink removal. Add a temporary band-aid which
deletes all dangling symlinks after unpacking the kernel source tarball.
[jslaby] It's not that temporary as we are dragging this for quite some
time in master. The reason is that this can happen any time again, so
let's have this in packaging instead.
- rpm/kernel-source.spec.in: temporary workaround for a build failure
Upstream c6x architecture removal left a dangling link behind which
triggers openSUSE post-build check in kernel-source, failing
kernel-source build.
A fix deleting the danglink link has been submitted but it did not make
it into 5.12-rc1. Unfortunately we cannot add it as a patch as patch
utility does not handle symlink removal. Add a temporary band-aid which
deletes all dangling symlinks after unpacking the kernel source tarball.
- commit 52a1ad7
++++ ncurses:
- Add ncurses patch 20210227
+ modify tic/infocmp to eliminate unnecessary "\" to escape ":" in
terminfo format.
+ add check in tic for duplicate "use=" clauses.
++++ libvirt:
- libxl: Fix node device detach when driver unspecified
libxl-default-pcistub-name.patch
boo#1182885
- spec: Bump minimum glib version to 2.56
- Update to libvirt 7.1.0
- Many incremental improvements and bug fixes, see
https://libvirt.org/news.html
- bsc#1182367, bsc#1182515
- Dropped patches:
32c5e432-revert-f035f53b.patch,
e3d60f76-fix-socket-file-gen.patch,
7cf60006-qemu-swtpm-aarch64.patch,
afb823fc-qemu-validate-swtpm.patch,
8a4b8996-conf-move-virDomainCheckVirtioOptions.patch,
c05f0066-conf-drop-empty-virDomainNetDefPostParse.patch,
19d4e467-conf-improve-virDomainVirtioOptionsCheckABIStability.patch,
bd112c9e-qemu-virtio-options-vsock.patch
++++ salt:
- Allow extra_filerefs as sanitized kwargs for SSH client
- Fix regression on cmd.run when passing tuples as cmd (bsc#1182740)
- Fix for multiple for security issues
(CVE-2020-28243) (CVE-2020-28972) (CVE-2020-35662) (CVE-2021-3148) (CVE-2021-3144)
(CVE-2021-25281) (CVE-2021-25282) (CVE-2021-25283) (CVE-2021-25284) (CVE-2021-3197)
(bsc#1181550) (bsc#1181556) (bsc#1181557) (bsc#1181558) (bsc#1181559) (bsc#1181560)
(bsc#1181561) (bsc#1181562) (bsc#1181563) (bsc#1181564) (bsc#1181565)
- Implementation of suse_ip execution module to prevent issues with network.managed (bsc#1099976)
- Add sleep on exception handling on minion connection attempt to the master (bsc#1174855)
- Allows for the VMware provider to handle CPU and memory hot-add in newer versions of the software. (bsc#1181347)
- Always require python-certifi (used by salt.ext.tornado)
- Bring missing part of async batch implementation back (bsc#1182382) (CVE-2021-25315)
- Added:
* implementation-of-suse_ip-execution-module-bsc-10999.patch
* fix-regression-on-cmd.run-when-passing-tuples-as-cmd.patch
* async-batch-implementation-fix-320.patch
* add-sleep-on-exception-handling-on-minion-connection.patch
* allow-extra_filerefs-as-sanitized-kwargs-for-ssh-cli.patch
* fix-for-some-cves-bsc1181550.patch
* fixes-56144-to-enable-hotadd-profile-support.patch
++++ raspberrypi-firmware-dt:
- Introduce enable-bt-overlay.dts (bsc#1182759)
++++ u-boot-rpiarm64:
- update_git.sh: use safe tmp directories, use authenticated https://
procotol.
- Build with arm-trusted-firmware for Tumbleweed
- Drop unused uboot_atf_pine64 option
++++ vim:
- vim-changelog.sh:
* use https:// URL for authenticity. For this URL needs to be changed to
nluugl.nl which is the actual server behind this and the SSL certificate
only works for this URL.
* Check for number of arguments.
* Maintain leading zeroes in version arguments, otherwise things
like `vim-changelog.sh 0007 0010` fail to work.
------------------------------------------------------------------
------------------ 2021-2-28 - Feb 28 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- config: riscv64: enable EFI_STUB for vanilla
- commit bcd346c
++++ mozilla-nss:
- Add nss-btrfs-sqlite.patch to address bmo#1690232
------------------------------------------------------------------
------------------ 2021-2-27 - Feb 27 2021 -------------------
------------------------------------------------------------------
++++ wpa_supplicant:
- Add CVE-2021-27803.patch -- P2P provision discovery processing vulnerability
(bsc#1182805)
------------------------------------------------------------------
------------------ 2021-2-26 - Feb 26 2021 -------------------
------------------------------------------------------------------
++++ grub2:
- VUL-0: grub2,shim: implement new SBAT method (bsc#1182057)
* 0031-util-mkimage-Remove-unused-code-to-add-BSS-section.patch
* 0032-util-mkimage-Use-grub_host_to_target32-instead-of-gr.patch
* 0033-util-mkimage-Always-use-grub_host_to_target32-to-ini.patch
* 0034-util-mkimage-Unify-more-of-the-PE32-and-PE32-header-.patch
* 0035-util-mkimage-Reorder-PE-optional-header-fields-set-u.patch
* 0036-util-mkimage-Improve-data_size-value-calculation.patch
* 0037-util-mkimage-Refactor-section-setup-to-use-a-helper.patch
* 0038-util-mkimage-Add-an-option-to-import-SBAT-metadata-i.patch
* 0039-grub-install-common-Add-sbat-option.patch
- Fix CVE-2021-20225 (bsc#1182262)
* 0022-lib-arg-Block-repeated-short-options-that-require-an.patch
- Fix CVE-2020-27749 (bsc#1179264)
* 0024-kern-parser-Fix-resource-leak-if-argc-0.patch
* 0025-kern-parser-Fix-a-memory-leak.patch
* 0026-kern-parser-Introduce-process_char-helper.patch
* 0027-kern-parser-Introduce-terminate_arg-helper.patch
* 0028-kern-parser-Refactor-grub_parser_split_cmdline-clean.patch
* 0029-kern-buffer-Add-variable-sized-heap-buffer.patch
* 0030-kern-parser-Fix-a-stack-buffer-overflow.patch
- Fix CVE-2021-20233 (bsc#1182263)
* 0023-commands-menuentry-Fix-quoting-in-setparams_prefix.patch
- Fix CVE-2020-25647 (bsc#1177883)
* 0021-usb-Avoid-possible-out-of-bound-accesses-caused-by-m.patch
- Fix CVE-2020-25632 (bsc#1176711)
* 0020-dl-Only-allow-unloading-modules-that-are-not-depende.patch
- Fix CVE-2020-27779, CVE-2020-14372 (bsc#1179265) (bsc#1175970)
* 0001-include-grub-i386-linux.h-Include-missing-grub-types.patch
* 0002-efi-Make-shim_lock-GUID-and-protocol-type-public.patch
* 0003-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch
* 0004-efi-Add-a-function-to-read-EFI-variables-with-attrib.patch
* 0005-efi-Add-secure-boot-detection.patch
* 0006-efi-Only-register-shim_lock-verifier-if-shim_lock-pr.patch
* 0007-verifiers-Move-verifiers-API-to-kernel-image.patch
* 0008-efi-Move-the-shim_lock-verifier-to-the-GRUB-core.patch
* 0009-kern-Add-lockdown-support.patch
* 0010-kern-lockdown-Set-a-variable-if-the-GRUB-is-locked-d.patch
* 0011-efi-Lockdown-the-GRUB-when-the-UEFI-Secure-Boot-is-e.patch
* 0012-efi-Use-grub_is_lockdown-instead-of-hardcoding-a-dis.patch
* 0013-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch
* 0014-mmap-Don-t-register-cutmem-and-badram-commands-when-.patch
* 0015-commands-Restrict-commands-that-can-load-BIOS-or-DT-.patch
* 0016-commands-setpci-Restrict-setpci-command-when-locked-.patch
* 0017-commands-hdparm-Restrict-hdparm-command-when-locked-.patch
* 0018-gdb-Restrict-GDB-access-when-locked-down.patch
* 0019-loader-xnu-Don-t-allow-loading-extension-and-package.patch
* 0040-shim_lock-Only-skip-loading-shim_lock-verifier-with-.patch
* 0041-squash-Add-secureboot-support-on-efi-chainloader.patch
* 0042-squash-grub2-efi-chainload-harder.patch
* 0043-squash-Don-t-allow-insmod-when-secure-boot-is-enable.patch
* 0044-squash-kern-Add-lockdown-support.patch
* 0045-squash-Add-support-for-Linux-EFI-stub-loading-on-aar.patch
* 0046-squash-verifiers-Move-verifiers-API-to-kernel-image.patch
- Drop patch supersceded by the new backport
* 0001-linuxefi-fail-kernel-validation-without-shim-protoco.patch
* 0001-shim_lock-Disable-GRUB_VERIFY_FLAGS_DEFER_AUTH-if-se.patch
* 0007-linuxefi-fail-kernel-validation-without-shim-protoco.patch
- Add SBAT metadata section to grub.efi
- Drop shim_lock module as it is part of core of grub.efi
* grub2.spec
++++ gtk3:
- Update to version 3.24.26:
+ Input:
- Fix a few oversights in Compose file parsing.
- Fine-tune Compose preedit display.
+ Theme:
- Fine-tune scrollbar size and transitions.
- Reinstate invisible borders for tiled windows.
+ Wayland: Fix a problem with font settings not being found.
+ Updated translations.
++++ kernel-default:
- Linux 5.11.2 (bsc#1012628).
- KVM: Use kvm_pfn_t for local PFN variable in
hva_to_pfn_remapped() (bsc#1012628).
- mm: provide a saner PTE walking API for modules (bsc#1012628).
- KVM: do not assume PTE is writable after follow_pfn
(bsc#1012628).
- KVM: x86: Zap the oldest MMU pages, not the newest
(bsc#1012628).
- hwmon: (dell-smm) Add XPS 15 L502X to fan control blacklist
(bsc#1012628).
- arm64: tegra: Add power-domain for Tegra210 HDA (bsc#1012628).
- Bluetooth: btusb: Some Qualcomm Bluetooth adapters stop working
(bsc#1012628).
- ntfs: check for valid standard information attribute
(bsc#1012628).
- usb: quirks: add quirk to start video capture on ELMO L-12F
document camera reliable (bsc#1012628).
- USB: quirks: sort quirk entries (bsc#1012628).
- HID: make arrays usage and value to be the same (bsc#1012628).
- bpf: Fix truncation handling for mod32 dst reg wrt zero
(bsc#1012628).
- commit 6fd6105
- config: refresh
- fix misspelled USB gadget debugging options
- commit 20be8e3
++++ libsoup:
- Run the regression tests using GnuTLS NORMAL priority
++++ qemu:
- Added a few more usability improvements for our git packaging
workflow
++++ toolbox:
- Update to version 2.1+git20210226.daeb191:
* Set trap only after option parsing (#22)
------------------------------------------------------------------
------------------ 2021-2-25 - Feb 25 2021 -------------------
------------------------------------------------------------------
++++ compat-usrmerge:
- initial package
++++ conmon:
- Update to version 2.0.26:
* conn_sock: do not fail on EAGAIN
* fix segfault from a double freed pointer
* Fix a bug where conmon could never spawn a container, because
a disagreement between the caller and itself on where the attach
socket was.
* improve --full-attach to ignore the socket-dir directly. that
means callers don't need to specify a socket dir at all (and
can remove it)
* add full-attach option to allow callers to not truncate a very
long path for the attach socket
* close only opened FDs
* set locale to inherit environment
++++ crypto-policies:
- Update to version 20210225.05203d2:
* Disable DTLS0.9 protocol in the DEFAULT policy.
* policies/FIPS: insignificant reformatting
* policygenerators/libssh: respect ssh_certs
* policies/modules/OSPP: tighten to follow RHEL 8
* crypto-policies(7): drop not-reenableable comment
* follow up on disabling RC4
- Remove not needed scripts: fips-finish-install fips-mode-setup
++++ cyrus-sasl:
- Fix build: Do not build libsasl2-3 in the bdb package. This will
not be linked to berkely db. libsasl2-3 is now defined as
%BuildRequires and %Requires
++++ libcontainers-common:
- Update commonver to 0.35.1
v0.35.1:
Bump github.com/containers/image/v5 from 5.10.2 to 5.10.3
Stop logging messages about using DOCKER_CONFIG
Add autocompletions to be shared between buildah and podman
Bump github.com/sirupsen/logrus from 1.7.1 to 1.8.0
Export error constants from pkg/secrets
v0.35:
Bump github.com/sirupsen/logrus from 1.7.0 to 1.7.1
Move EnforceRange and HasTable out of Podman and into common
Bump github.com/spf13/cobra from 1.1.1 to 1.1.2
Bump github.com/containers/image/v5 from 5.10.1 to 5.10.2
Add missing values to containers.conf man page
update pause image to 3.4.1
v0.34:
Add image_default_format
Change default log driver to journald
Add compatible template functions
Add U volume flag to chown source volumes
Bump github.com/containers/image/v5 from 5.09.0 to 5.10.1
seccomp: various updates
pkg: check ownership for XDG_RUNTIME_DIR
seccomp: update profile to Linux 5.11 list
seccomp: add CI check for up-to-date seccomp.json
seccomp: re-add generation script
seccomp: deduplicate default profile
Add image_parallel_copies engine config
Fix secret create prefix
cgroupv2: fix typo in comment
Add accessor for log-driver
Fix secret name validation
Fix name validation and dir mode in secrets
Bump github.com/stretchr/testify from 1.6.1 to 1.7.0
config: fix runtime_supports_nocgroup key name
fix - make target all on osx
Fix secret name regex
Rename internal functions to make them easier to understand
- Update podmanver to 3.0.1
3.0.1:
[#]## Changes
- Several frequently-occurring `WARN` level log messages have been downgraded to `INFO` or `DEBUG` to not clutter terminal output.
[#]## Bugfixes
- Fixed a bug where the `Created` field of `podman ps --format=json` was formatted as a string instead of an Unix timestamp (integer) ([#9315](https://github.com/containers/podman/issues/9315)).
- Fixed a bug where failing lookups of individual layers during the `podman images` command would cause the whole command to fail without printing output.
- Fixed a bug where `--cgroups=split` did not function properly on cgroups v1 systems.
- Fixed a bug where mounting a volume over an directory in the container that existed, but was empty, could fail ([#9393](https://github.com/containers/podman/issues/9393)).
- Fixed a bug where mounting a volume over a directory in the container that existed could copy the entirety of the container's rootfs, instead of just the directory mounted over, into the volume ([#9415](https://github.com/containers/podman/pull/9415)).
- Fixed a bug where Podman would treat the `--entrypoint=[""]` option to `podman run` and `podman create` as a literal empty string in the entrypoint, when instead it should have been ignored ([#9377](https://github.com/containers/podman/issues/9377)).
- Fixed a bug where Podman would set the `HOME` environment variable to `""` when the container ran as a user without an assigned home directory ([#9378](https://github.com/containers/podman/issues/9378)).
- Fixed a bug where specifying a pod infra image that had no tags (by using its ID) would cause `podman pod create` to panic ([#9374](https://github.com/containers/podman/issues/9374)).
- Fixed a bug where the `--runtime` option was not properly handled by the `podman build` command ([#9365](https://github.com/containers/podman/issues/9365)).
- Fixed a bug where Podman would incorrectly print an error message related to the remote API when the remote API was not in use and starting Podman failed.
- Fixed a bug where Podman would change ownership of a container's working directory, even if it already existed ([#9387](https://github.com/containers/podman/issues/9387)).
- Fixed a bug where the `podman generate systemd --new` command would incorrectly escape `%t` when generating the path for the PID file ([#9373](https://github.com/containers/podman/issues/9373)).
- Fixed a bug where Podman could, when run inside a Podman container with the host's containers/storage directory mounted into the container, erroneously detect a reboot and reset container state if the temporary directory was not also mounted in ([#9191](https://github.com/containers/podman/issues/9191)).
- Fixed a bug where some options of the `podman build` command (including but not limited to `--jobs`) were nonfunctional ([#9247](https://github.com/containers/podman/issues/9247)).
[#]## API
- Fixed a breaking change to the Libpod Wait API for Containers where the Conditions parameter changed type in Podman v3.0 ([#9351](https://github.com/containers/podman/issues/9351)).
- Fixed a bug where the Compat Create endpoint for Containers did not properly handle forwarded ports that did not specify a host port.
- Fixed a bug where the Libpod Wait endpoint for Containers could write duplicate headers after an error occurred.
- Fixed a bug where the Compat Create endpoint for Images would not pull images that already had a matching tag present locally, even if a more recent version was available at the registry ([#9232](https://github.com/containers/podman/issues/9232)).
- The Compat Create endpoint for Images has had its compatibility with Docker improved, allowing its use with the `docker-java` library.
[#]## Misc
- Updated Buildah to v1.19.4
- Updated the containers/storage library to v1.24.6
3.0.0:
[#]## Features
- Podman now features initial support for Docker Compose.
- Added the `podman rename` command, which allows containers to be renamed after they are created ([#1925](https://github.com/containers/podman/issues/1925)).
- The Podman remote client now supports the `podman copy` command.
- A new command, `podman network reload`, has been added. This command will re-configure the network of all running containers, and can be used to recreate firewall rules lost when the system firewall was reloaded (e.g. via `firewall-cmd --reload`).
- Podman networks now have IDs. They can be seen in `podman network ls` and can be used when removing and inspecting networks. Existing networks receive IDs automatically.
- Podman networks now also support labels. They can be added via the `--label` option to `network create`, and `podman network ls` can filter labels based on them.
- The `podman network create` command now supports setting bridge MTU and VLAN through the `--opt` option ([#8454](https://github.com/containers/podman/issues/8454)).
- The `podman container checkpoint` and `podman container restore` commands can now checkpoint and restore containers that include volumes.
- The `podman container checkpoint` command now supports the `--with-previous` and `--pre-checkpoint` options, and the `podman container restore` command now support the `--import-previous` option. These add support for two-step checkpointing with lowered dump times.
- The `podman push` command can now push manifest lists. Podman will first attempt to push as an image, then fall back to pushing as a manifest list if that fails.
- The `podman generate kube` command can now be run on multiple containers at once, and will generate a single pod containing all of them.
- The `podman generate kube` and `podman play kube` commands now support Kubernetes DNS configuration, and will preserve custom DNS configuration when exporting or importing YAML ([#9132](https://github.com/containers/podman/issues/9132)).
- The `podman generate kube` command now properly supports generating YAML for containers and pods creating using host networking (`--net=host`) ([#9077](https://github.com/containers/podman/issues/9077)).
- The `podman kill` command now supports a `--cidfile` option to kill containers given a file containing the container's ID ([#8443](https://github.com/containers/podman/issues/8443)).
- The `podman pod create` command now supports the `--net=none` option ([#9165](https://github.com/containers/podman/issues/9165)).
- The `podman volume create` command can now specify volume UID and GID as options with the `UID` and `GID` fields passed to the the `--opt` option.
- Initial support has been added for Docker Volume Plugins. Podman can now define available plugins in `containers.conf` and use them to create volumes with `podman volume create --driver`.
- The `podman run` and `podman create` commands now support a new option, `--platform`, to specify the platform of the image to be used when creating the container.
- The `--security-opt` option to `podman run` and `podman create` now supports the `systempaths=unconfined` option to unrestrict access to all paths in the container, as well as `mask` and `unmask` options to allow more granular restriction of container paths.
- The `podman stats --format` command now supports a new format specified, `MemUsageBytes`, which prints the raw bytes of memory consumed by a container without human-readable formatting [#8945](https://github.com/containers/podman/issues/8945).
- The `podman ps` command can now filter containers based on what pod they are joined to via the `pod` filter ([#8512](https://github.com/containers/podman/issues/8512)).
- The `podman pod ps` command can now filter pods based on what networks they are joined to via the `network` filter.
- The `podman pod ps` command can now print information on what networks a pod is joined to via the `.Networks` specifier to the `--format` option.
- The `podman system prune` command now supports filtering what containers, pods, images, and volumes will be pruned.
- The `podman volume prune` commands now supports filtering what volumes will be pruned.
- The `podman system prune` command now includes information on space reclaimed ([#8658](https://github.com/containers/podman/issues/8658)).
- The `podman info` command will now properly print information about packages in use on Gentoo and Arch systems.
- The `containers.conf` file now contains an option for disabling creation of a new kernel keyring on container creation ([#8384](https://github.com/containers/podman/issues/8384)).
- The `podman image sign` command can now sign multi-arch images by producing a signature for each image in a given manifest list.
- The `podman image sign` command, when run as rootless, now supports per-user registry configuration files in `$HOME/.config/containers/registries.d`.
- Configuration options for `slirp4netns` can now be set system-wide via the `NetworkCmdOptions` configuration option in `containers.conf`.
- The MTU of `slirp4netns` can now be configured via the `mtu=` network command option (e.g. `podman run --net slirp4netns:mtu=9000`).
[#]## Security
- A fix for CVE-2021-20199 is included. Podman between v1.8.0 and v2.2.1 used `127.0.0.1` as the source address for all traffic forwarded into rootless containers by a forwarded port; this has been changed to address the issue.
[#]## Changes
- Shortname aliasing support has now been turned on by default. All Podman commands that must pull an image will, if a TTY is available, prompt the user about what image to pull.
- The `podman load` command no longer accepts a `NAME[:TAG]` argument. The presence of this argument broke CLI compatibility with Docker by making `docker load` commands unusable with Podman ([#7387](https://github.com/containers/podman/issues/7387)).
- The Go bindings for the HTTP API have been rewritten with a focus on limiting dependency footprint and improving extensibility. Read more [here](https://github.com/containers/podman/blob/v3.0/pkg/bindings/README.md).
- The legacy Varlink API has been completely removed from Podman.
- The default log level for Podman has been changed from Error to Warn.
- The `podman network create` command can now create `macvlan` networks using the `--driver macvlan` option for Docker compatibility. The existing `--macvlan` flag has been deprecated and will be removed in Podman 4.0 some time next year.
- The `podman inspect` command has had the `LogPath` and `LogTag` fields moved into the `LogConfig` structure (from the root of the Inspect structure). The maximum size of the log file is also included.
- The `podman generate systemd` command no longer generates unit files using the deprecated `KillMode=none` option ([#8615](https://github.com/containers/podman/issues/8615)).
- The `podman stop` command now releases the container lock while waiting for it to stop - as such, commands like `podman ps` will no longer block until `podman stop` completes ([#8501](https://github.com/containers/podman/issues/8501)).
- Networks created with `podman network create --internal` no longer use the `dnsname` plugin. This configuration never functioned as expected.
- Error messages for the remote Podman client have been improved when it cannot connect to a Podman service.
- Error messages for `podman run` when an invalid SELinux is specified have been improved.
- Rootless Podman features improved support for containers with a single user mapped into the rootless user namespace.
- Pod infra containers now respect default sysctls specified in `containers.conf` allowing for advanced configuration of the namespaces they will share.
- SSH public key handling for remote Podman has been improved.
[#]## Bugfixes
- Fixed a bug where the `podman history --no-trunc` command would truncate the `Created By` field ([#9120](https://github.com/containers/podman/issues/9120)).
- Fixed a bug where root containers that did not explicitly specify a CNI network to join did not generate an entry for the network in use in the `Networks` field of the output of `podman inspect` ([#6618](https://github.com/containers/podman/issues/6618)).
- Fixed a bug where, under some circumstances, container working directories specified by the image (via the `WORKDIR` instruction) but not present in the image, would not be created ([#9040](https://github.com/containers/podman/issues/9040)).
- Fixed a bug where the `podman generate systemd` command would generate invalid unit files if the container was creating using a command line that included doubled braces (`{{` and `}}`), e.g. `--log-opt-tag={{.Name}}` ([#9034](https://github.com/containers/podman/issues/9034)).
- Fixed a bug where the `podman generate systemd --new` command could generate unit files including invalid Podman commands if the container was created using merged short options (e.g. `podman run -dt`) ([#8847](https://github.com/containers/podman/issues/8847)).
- Fixed a bug where the `podman generate systemd --new` command could generate unit files that did not handle Podman commands including some special characters (e.g. `$`) ([#9176](https://github.com/containers/podman/issues/9176)
- Fixed a bug where rootless containers joining CNI networks could not set a static IP address ([#7842](https://github.com/containers/podman/issues/7842)).
- Fixed a bug where rootless containers joining CNI networks could not set network aliases ([#8567](https://github.com/containers/podman/issues/8567)).
- Fixed a bug where the remote client could, under some circumstances, not include the `Containerfile` when sending build context to the server ([#8374](https://github.com/containers/podman/issues/8374)).
- Fixed a bug where rootless Podman did not mount `/sys` as a new `sysfs` in some circumstances where it was acceptable.
- Fixed a bug where rootless containers that both joined a user namespace and a CNI networks would cause a segfault. These options are incompatible and now return an error.
- Fixed a bug where the `podman play kube` command did not properly handle `CMD` and `ARGS` from images ([#8803](https://github.com/containers/podman/issues/8803)).
- Fixed a bug where the `podman play kube` command did not properly handle environment variables from images ([#8608](https://github.com/containers/podman/issues/8608)).
- Fixed a bug where the `podman play kube` command did not properly print errors that occurred when starting containers.
- Fixed a bug where the `podman play kube` command errored when `hostNetwork` was used ([#8790](https://github.com/containers/podman/issues/8790)).
- Fixed a bug where the `podman play kube` command would always pull images when the `:latest` tag was specified, even if the image was available locally ([#7838](https://github.com/containers/podman/issues/7838)).
- Fixed a bug where the `podman play kube` command did not properly handle SELinux configuration, rending YAML with custom SELinux configuration unusable ([#8710](https://github.com/containers/podman/issues/8710)).
- Fixed a bug where the `podman generate kube` command incorrectly populated the `args` and `command` fields of generated YAML ([#9211](https://github.com/containers/podman/issues/9211)).
- Fixed a bug where containers in a pod would create a duplicate entry in the pod's shared `/etc/hosts` file every time the container restarted ([#8921](https://github.com/containers/podman/issues/8921)).
- Fixed a bug where the `podman search --list-tags` command did not support the `--format` option ([#8740](https://github.com/containers/podman/issues/8740)).
- Fixed a bug where the `http_proxy` option in `containers.conf` was not being respected, and instead was set unconditionally to true ([#8843](https://github.com/containers/podman/issues/8843)).
- Fixed a bug where rootless Podman could, on systems with a recent Conmon and users with a long username, fail to attach to containers ([#8798](https://github.com/containers/podman/issues/8798)).
- Fixed a bug where the `podman images` command would break and fail to display any images if an empty manifest list was present in storage ([#8931](https://github.com/containers/podman/issues/8931)).
- Fixed a bug where locale environment variables were not properly passed on to Conmon.
- Fixed a bug where Podman would not build on the MIPS architecture ([#8782](https://github.com/containers/podman/issues/8782)).
- Fixed a bug where rootless Podman could fail to properly configure user namespaces for rootless containers when the user specified a `--uidmap` option that included a mapping beginning with UID `0`.
- Fixed a bug where the `podman logs` command using the `k8s-file` backend did not properly handle partial log lines with a length of 1 ([#8879](https://github.com/containers/podman/issues/8879)).
- Fixed a bug where the `podman logs` command with the `--follow` option did not properly handle log rotation ([#8733](https://github.com/containers/podman/issues/8733)).
- Fixed a bug where user-specified `HOSTNAME` environment variables were overwritten by Podman ([#8886](https://github.com/containers/podman/issues/8886)).
- Fixed a bug where Podman would applied default sysctls from `containers.conf` in too many situations (e.g. applying network sysctls when the container shared its network with a pod).
- Fixed a bug where Podman did not properly handle cases where a secondary image store was in use and an image was present in both the secondary and primary stores ([#8176](https://github.com/containers/podman/issues/8176)).
- Fixed a bug where systemd-managed rootless Podman containers where the user in the container was not root could fail as the container's PID file was not accessible to systemd on the host ([#8506](https://github.com/containers/podman/issues/8506)).
- Fixed a bug where the `--privileged` option to `podman run` and `podman create` would, under some circumstances, not disable Seccomp ([#8849](https://github.com/containers/podman/issues/8849)).
- Fixed a bug where the `podman exec` command did not properly add capabilities when the container or exec session were run with `--privileged`.
- Fixed a bug where rootless Podman would use the `--enable-sandbox` option to `slirp4netns` unconditionally, even when `pivot_root` was disabled, rendering `slirp4netns` unusable when `pivot_root` was disabled ([#8846](https://github.com/containers/podman/issues/8846)).
- Fixed a bug where `podman build --logfile` did not actually write the build's log to the logfile.
- Fixed a bug where the `podman system service` command did not close STDIN, and could display user-interactive prompts ([#8700](https://github.com/containers/podman/issues/8700)).
- Fixed a bug where the `podman system reset` command could, under some circumstances, remove all the contents of the `XDG_RUNTIME_DIR` directory ([#8680](https://github.com/containers/podman/issues/8680)).
- Fixed a bug where the `podman network create` command created CNI configurations that did not include a default gateway ([#8748](https://github.com/containers/podman/issues/8748)).
- Fixed a bug where the `podman.service` systemd unit provided by default used the wrong service type, and would cause systemd to not correctly register the service as started ([#8751](https://github.com/containers/podman/issues/8751)).
- Fixed a bug where, if the `TMPDIR` environment variable was set for the container engine in `containers.conf`, it was being ignored.
- Fixed a bug where the `podman events` command did not properly handle future times given to the `--until` option ([#8694](https://github.com/containers/podman/issues/8694)).
- Fixed a bug where the `podman logs` command wrote container `STDERR` logs to `STDOUT` instead of `STDERR` ([#8683](https://github.com/containers/podman/issues/8683)).
- Fixed a bug where containers created from an image with multiple tags would report that they were created from the wrong tag ([#8547](https://github.com/containers/podman/issues/8547)).
- Fixed a bug where container capabilities were not set properly when the `--cap-add=all` and `--user` options to `podman create` and `podman run` were combined.
- Fixed a bug where the `--layers` option to `podman build` was nonfunctional ([#8643](https://github.com/containers/podman/issues/8643)).
- Fixed a bug where the `podman system prune` command did not act recursively, and thus would leave images, containers, pods, and volumes present that would be removed by a subsequent call to `podman system prune` ([#7990](https://github.com/containers/podman/issues/7990)).
- Fixed a bug where the `--publish` option to `podman run` and `podman create` did not properly handle ports specified as a range of ports with no host port specified ([#8650](https://github.com/containers/podman/issues/8650)).
- Fixed a bug where `--format` did not support JSON output for individual fields ([#8444](https://github.com/containers/podman/issues/8444)).
- Fixed a bug where the `podman stats` command would fail when run on root containers using the `slirp4netns` network mode ([#7883](https://github.com/containers/podman/issues/7883)).
- Fixed a bug where the Podman remote client would ask for a password even if the server's SSH daemon did not support password authentication ([#8498](https://github.com/containers/podman/issues/8498)).
- Fixed a bug where the `podman stats` command would fail if the system did not support one or more of the cgroup controllers Podman supports ([#8588](https://github.com/containers/podman/issues/8588)).
- Fixed a bug where the `--mount` option to `podman create` and `podman run` did not ignore the `consistency` mount option.
- Fixed a bug where failures during the resizing of a container's TTY would print the wrong error.
- Fixed a bug where the `podman network disconnect` command could cause the `podman inspect` command to fail for a container until it was restarted ([#9234](https://github.com/containers/podman/issues/9234)).
- Fixed a bug where containers created from a read-only rootfs (using the `--rootfs` option to `podman create` and `podman run`) would fail ([#9230](https://github.com/containers/podman/issues/9230)).
- Fixed a bug where specifying Go templates to the `--format` option to multiple Podman commands did not support the `join` function ([#8773](https://github.com/containers/podman/issues/8773)).
- Fixed a bug where the `podman rmi` command could, when run in parallel on multiple images, return `layer not known` errors ([#6510](https://github.com/containers/podman/issues/6510)).
- Fixed a bug where the `podman inspect` command on containers displayed unlimited ulimits incorrectly ([#9303](https://github.com/containers/podman/issues/9303)).
- Fixed a bug where Podman would fail to start when a volume was mounted over a directory in a container that contained symlinks that terminated outside the directory and its subdirectories ([#6003](https://github.com/containers/podman/issues/6003)).
[#]## API
- Libpod API version has been bumped to v3.0.0.
- All Libpod Pod APIs have been modified to properly report errors with individual containers. Cases where the operation as a whole succeeded but individual containers failed now report an HTTP 409 error ([#8865](https://github.com/containers/podman/issues/8865)).
- The Compat API for Containers now supports the Rename and Copy APIs.
- Fixed a bug where the Compat Prune APIs (for volumes, containers, and images) did not return the amount of space reclaimed in their responses.
- Fixed a bug where the Compat and Libpod Exec APIs for Containers would drop errors that occurred prior to the exec session successfully starting (e.g. a "no such file" error if an invalid executable was passed) ([#8281](https://github.com/containers/podman/issues/8281))
- Fixed a bug where the Volumes field in the Compat Create API for Containers was being ignored ([#8649](https://github.com/containers/podman/issues/8649)).
- Fixed a bug where the NetworkMode field in the Compat Create API for Containers was not handling some values, e.g. `container:`, correctly.
- Fixed a bug where the Compat Create API for Containers did not set container name properly.
- Fixed a bug where containers created using the Compat Create API unconditionally used Kubernetes file logging (the default specified in `containers.conf` is now used).
- Fixed a bug where the Compat Inspect API for Containers could include container states not recognized by Docker.
- Fixed a bug where Podman did not properly clean up after calls to the Events API when the `journald` backend was in use, resulting in a leak of file descriptors ([#8864](https://github.com/containers/podman/issues/8864)).
- Fixed a bug where the Libpod Pull endpoint for Images could fail with an `index out of range` error under certain circumstances ([#8870](https://github.com/containers/podman/issues/8870)).
- Fixed a bug where the Libpod Exists endpoint for Images could panic.
- Fixed a bug where the Compat List API for Containers did not support all filters ([#8860](https://github.com/containers/podman/issues/8860)).
- Fixed a bug where the Compat List API for Containers did not properly populate the Status field.
- Fixed a bug where the Compat and Libpod Resize APIs for Containers ignored the height and width parameters ([#7102](https://github.com/containers/podman/issues/7102)).
- Fixed a bug where the Compat Search API for Images returned an incorrectly-formatted JSON response ([#8758](https://github.com/containers/podman/pull/8758)).
- Fixed a bug where the Compat Load API for Images did not properly clean up temporary files.
- Fixed a bug where the Compat Create API for Networks could panic when an empty IPAM configuration was specified.
- Fixed a bug where the Compat Inspect and List APIs for Networks did not include Scope.
- Fixed a bug where the Compat Wait endpoint for Containers did not support the same wait conditions that Docker did.
[#]## Misc
- Updated Buildah to v1.19.2
- Updated the containers/storage library to v1.24.5
- Updated the containers/image library to v5.10.2
- Updated the containers/common library to v0.33.4
3.0.0-RC3:
Please note that these release notes are preliminary until v3.0.0 final is released
[#]## Features
- Podman now features initial support for Docker Compose.
- Added the `podman rename` command, which allows containers to be renamed after they are created ([#1925](https://github.com/containers/podman/issues/1925)).
- The Podman remote client now supports the `podman copy` command.
- A new command, `podman network reload`, has been added. This command will re-configure the network of all running containers, and can be used to recreate firewall rules lost when the system firewall was reloaded (e.g. via `firewall-cmd --reload`).
- Podman networks now have IDs. They can be seen in `podman network ls` and can be used when removing and inspecting networks. Existing networks receive IDs automatically.
- Podman networks now also support labels. They can be added via the `--label` option to `network create`, and `podman network ls` can filter labels based on them.
- The `podman network create` command now supports setting bridge MTU and VLAN through the `--opt` option ([#8454](https://github.com/containers/podman/issues/8454)).
- The `podman container checkpoint` and `podman container restore` commands can now checkpoint and restore containers that include volumes.
- The `podman container checkpoint` command now supports the `--with-previous` and `--pre-checkpoint` options, and the `podman container restore` command now support the `--import-previous` option. These add support for two-step checkpointing with lowered dump times.
- The `podman push` command can now push manifest lists. Podman will first attempt to push as an image, then fall back to pushing as a manifest list if that fails.
- The `podman generate kube` command can now be run on multiple containers at once, and will generate a single pod containing all of them.
- The `podman generate kube` and `podman play kube` commands now support Kubernetes DNS configuration, and will preserve custom DNS configuration when exporting or importing YAML ([#9132](https://github.com/containers/podman/issues/9132)).
- The `podman generate kube` command now properly supports generating YAML for containers and pods creating using host networking (`--net=host`) ([#9077](https://github.com/containers/podman/issues/9077)).
- The `podman kill` command now supports a `--cidfile` option to kill containers given a file containing the container's ID ([#8443](https://github.com/containers/podman/issues/8443)).
- The `podman pod create` command now supports the `--net=none` option ([#9165](https://github.com/containers/podman/issues/9165)).
- The `podman volume create` command can now specify volume UID and GID as options with the `UID` and `GID` fields passed to the the `--opt` option.
- Initial support has been added for Docker Volume Plugins. Podman can now define available plugins in `containers.conf` and use them to create volumes with `podman volume create --driver`.
- The `podman run` and `podman create` commands now support a new option, `--platform`, to specify the platform of the image to be used when creating the container.
- The `--security-opt` option to `podman run` and `podman create` now supports the `systempaths=unconfined` option to unrestrict access to all paths in the container, as well as `mask` and `unmask` options to allow more granular restriction of container paths.
- The `podman stats --format` command now supports a new format specified, `MemUsageBytes`, which prints the raw bytes of memory consumed by a container without human-readable formatting [#8945](https://github.com/containers/podman/issues/8945).
- The `podman ps` command can now filter containers based on what pod they are joined to via the `pod` filter ([#8512](https://github.com/containers/podman/issues/8512)).
- The `podman pod ps` command can now filter pods based on what networks they are joined to via the `network` filter.
- The `podman pod ps` command can now print information on what networks a pod is joined to via the `.Networks` specifier to the `--format` option.
- The `podman system prune` command now supports filtering what containers, pods, images, and volumes will be pruned.
- The `podman volume prune` commands now supports filtering what volumes will be pruned.
- The `podman system prune` command now includes information on space reclaimed ([#8658](https://github.com/containers/podman/issues/8658)).
- The `podman info` command will now properly print information about packages in use on Gentoo and Arch systems.
- The `containers.conf` file now contains an option for disabling creation of a new kernel keyring on container creation ([#8384](https://github.com/containers/podman/issues/8384)).
- The `podman image sign` command can now sign multi-arch images by producing a signature for each image in a given manifest list.
- The `podman image sign` command, when run as rootless, now supports per-user registry configuration files in `$HOME/.config/containers/registries.d`.
- Configuration options for `slirp4netns` can now be set system-wide via the `NetworkCmdOptions` configuration option in `containers.conf`.
- The MTU of `slirp4netns` can now be configured via the `mtu=` network command option (e.g. `podman run --net slirp4netns:mtu=9000`).
[#]## Security
- A fix for CVE-2021-20199 is included. Podman between v1.8.0 and v2.2.1 used `127.0.0.1` as the source address for all traffic forwarded into rootless containers by a forwarded port; this has been changed to address the issue.
[#]## Changes
- Shortname aliasing support has now been turned on by default. All Podman commands that must pull an image will, if a TTY is available, prompt the user about what image to pull.
- The `podman load` command no longer accepts a `NAME[:TAG]` argument. The presence of this argument broke CLI compatibility with Docker by making `docker load` commands unusable with Podman ([#7387](https://github.com/containers/podman/issues/7387)).
- The Go bindings for the HTTP API have been rewritten with a focus on limiting dependency footprint and improving extensibility. Read more [here](https://github.com/containers/podman/blob/v3.0/pkg/bindings/README.md).
- The legacy Varlink API has been completely removed from Podman.
- The default log level for Podman has been changed from Error to Warn.
- The `podman network create` command can now create `macvlan` networks using the `--driver macvlan` option for Docker compatibility. The existing `--macvlan` flag has been deprecated and will be removed in Podman 4.0 some time next year.
- The `podman inspect` command has had the `LogPath` and `LogTag` fields moved into the `LogConfig` structure (from the root of the Inspect structure). The maximum size of the log file is also included.
- The `podman generate systemd` command no longer generates unit files using the deprecated `KillMode=none` option ([#8615](https://github.com/containers/podman/issues/8615)).
- The `podman stop` command now releases the container lock while waiting for it to stop - as such, commands like `podman ps` will no longer block until `podman stop` completes ([#8501](https://github.com/containers/podman/issues/8501)).
- Networks created with `podman network create --internal` no longer use the `dnsname` plugin. This configuration never functioned as expected.
- Error messages for the remote Podman client have been improved when it cannot connect to a Podman service.
- Error messages for `podman run` when an invalid SELinux is specified have been improved.
- Rootless Podman features improved support for containers with a single user mapped into the rootless user namespace.
- Pod infra containers now respect default sysctls specified in `containers.conf` allowing for advanced configuration of the namespaces they will share.
- SSH public key handling for remote Podman has been improved.
[#]## Bugfixes
- Fixed a bug where the `podman history --no-trunc` command would truncate the `Created By` field ([#9120](https://github.com/containers/podman/issues/9120)).
- Fixed a bug where root containers that did not explicitly specify a CNI network to join did not generate an entry for the network in use in the `Networks` field of the output of `podman inspect` ([#6618](https://github.com/containers/podman/issues/6618)).
- Fixed a bug where, under some circumstances, container working directories specified by the image (via the `WORKDIR` instruction) but not present in the image, would not be created ([#9040](https://github.com/containers/podman/issues/9040)).
- Fixed a bug where the `podman generate systemd` command would generate invalid unit files if the container was creating using a command line that included doubled braces (`{{` and `}}`), e.g. `--log-opt-tag={{.Name}}` ([#9034](https://github.com/containers/podman/issues/9034)).
- Fixed a bug where the `podman generate systemd --new` command could generate unit files including invalid Podman commands if the container was created using merged short options (e.g. `podman run -dt`) ([#8847](https://github.com/containers/podman/issues/8847)).
- Fixed a bug where the `podman generate systemd --new` command could generate unit files that did not handle Podman commands including some special characters (e.g. `$`) ([#9176](https://github.com/containers/podman/issues/9176)
- Fixed a bug where rootless containers joining CNI networks could not set a static IP address ([#7842](https://github.com/containers/podman/issues/7842)).
- Fixed a bug where rootless containers joining CNI networks could not set network aliases ([#8567](https://github.com/containers/podman/issues/8567)).
- Fixed a bug where the remote client could, under some circumstances, not include the `Containerfile` when sending build context to the server ([#8374](https://github.com/containers/podman/issues/8374)).
- Fixed a bug where rootless Podman did not mount `/sys` as a new `sysfs` in some circumstances where it was acceptable.
- Fixed a bug where rootless containers that both joined a user namespace and a CNI networks would cause a segfault. These options are incompatible and now return an error.
- Fixed a bug where the `podman play kube` command did not properly handle `CMD` and `ARGS` from images ([#8803](https://github.com/containers/podman/issues/8803)).
- Fixed a bug where the `podman play kube` command did not properly handle environment variables from images ([#8608](https://github.com/containers/podman/issues/8608)).
- Fixed a bug where the `podman play kube` command did not properly print errors that occurred when starting containers.
- Fixed a bug where the `podman play kube` command errored when `hostNetwork` was used ([#8790](https://github.com/containers/podman/issues/8790)).
- Fixed a bug where the `podman play kube` command would always pull images when the `:latest` tag was specified, even if the image was available locally ([#7838](https://github.com/containers/podman/issues/7838)).
- Fixed a bug where the `podman play kube` command did not properly handle SELinux configuration, rending YAML with custom SELinux configuration unusable ([#8710](https://github.com/containers/podman/issues/8710)).
- Fixed a bug where the `podman generate kube` command incorrectly populated the `args` and `command` fields of generated YAML ([#9211](https://github.com/containers/podman/issues/9211)).
- Fixed a bug where containers in a pod would create a duplicate entry in the pod's shared `/etc/hosts` file every time the container restarted ([#8921](https://github.com/containers/podman/issues/8921)).
- Fixed a bug where the `podman search --list-tags` command did not support the `--format` option ([#8740](https://github.com/containers/podman/issues/8740)).
- Fixed a bug where the `http_proxy` option in `containers.conf` was not being respected, and instead was set unconditionally to true ([#8843](https://github.com/containers/podman/issues/8843)).
- Fixed a bug where rootless Podman could, on systems with a recent Conmon and users with a long username, fail to attach to containers ([#8798](https://github.com/containers/podman/issues/8798)).
- Fixed a bug where the `podman images` command would break and fail to display any images if an empty manifest list was present in storage ([#8931](https://github.com/containers/podman/issues/8931)).
- Fixed a bug where locale environment variables were not properly passed on to Conmon.
- Fixed a bug where Podman would not build on the MIPS architecture ([#8782](https://github.com/containers/podman/issues/8782)).
- Fixed a bug where rootless Podman could fail to properly configure user namespaces for rootless containers when the user specified a `--uidmap` option that included a mapping beginning with UID `0`.
- Fixed a bug where the `podman logs` command using the `k8s-file` backend did not properly handle partial log lines with a length of 1 ([#8879](https://github.com/containers/podman/issues/8879)).
- Fixed a bug where the `podman logs` command with the `--follow` option did not properly handle log rotation ([#8733](https://github.com/containers/podman/issues/8733)).
- Fixed a bug where user-specified `HOSTNAME` environment variables were overwritten by Podman ([#8886](https://github.com/containers/podman/issues/8886)).
- Fixed a bug where Podman would applied default sysctls from `containers.conf` in too many situations (e.g. applying network sysctls when the container shared its network with a pod).
- Fixed a bug where Podman did not properly handle cases where a secondary image store was in use and an image was present in both the secondary and primary stores ([#8176](https://github.com/containers/podman/issues/8176)).
- Fixed a bug where systemd-managed rootless Podman containers where the user in the container was not root could fail as the container's PID file was not accessible to systemd on the host ([#8506](https://github.com/containers/podman/issues/8506)).
- Fixed a bug where the `--privileged` option to `podman run` and `podman create` would, under some circumstances, not disable Seccomp ([#8849](https://github.com/containers/podman/issues/8849)).
- Fixed a bug where the `podman exec` command did not properly add capabilities when the container or exec session were run with `--privileged`.
- Fixed a bug where rootless Podman would use the `--enable-sandbox` option to `slirp4netns` unconditionally, even when `pivot_root` was disabled, rendering `slirp4netns` unusable when `pivot_root` was disabled ([#8846](https://github.com/containers/podman/issues/8846)).
- Fixed a bug where `podman build --logfile` did not actually write the build's log to the logfile.
- Fixed a bug where the `podman system service` command did not close STDIN, and could display user-interactive prompts ([#8700](https://github.com/containers/podman/issues/8700)).
- Fixed a bug where the `podman system reset` command could, under some circumstances, remove all the contents of the `XDG_RUNTIME_DIR` directory ([#8680](https://github.com/containers/podman/issues/8680)).
- Fixed a bug where the `podman network create` command created CNI configurations that did not include a default gateway ([#8748](https://github.com/containers/podman/issues/8748)).
- Fixed a bug where the `podman.service` systemd unit provided by default used the wrong service type, and would cause systemd to not correctly register the service as started ([#8751](https://github.com/containers/podman/issues/8751)).
- Fixed a bug where, if the `TMPDIR` environment variable was set for the container engine in `containers.conf`, it was being ignored.
- Fixed a bug where the `podman events` command did not properly handle future times given to the `--until` option ([#8694](https://github.com/containers/podman/issues/8694)).
- Fixed a bug where the `podman logs` command wrote container `STDERR` logs to `STDOUT` instead of `STDERR` ([#8683](https://github.com/containers/podman/issues/8683)).
- Fixed a bug where containers created from an image with multiple tags would report that they were created from the wrong tag ([#8547](https://github.com/containers/podman/issues/8547)).
- Fixed a bug where container capabilities were not set properly when the `--cap-add=all` and `--user` options to `podman create` and `podman run` were combined.
- Fixed a bug where the `--layers` option to `podman build` was nonfunctional ([#8643](https://github.com/containers/podman/issues/8643)).
- Fixed a bug where the `podman system prune` command did not act recursively, and thus would leave images, containers, pods, and volumes present that would be removed by a subsequent call to `podman system prune` ([#7990](https://github.com/containers/podman/issues/7990)).
- Fixed a bug where the `--publish` option to `podman run` and `podman create` did not properly handle ports specified as a range of ports with no host port specified ([#8650](https://github.com/containers/podman/issues/8650)).
- Fixed a bug where `--format` did not support JSON output for individual fields ([#8444](https://github.com/containers/podman/issues/8444)).
- Fixed a bug where the `podman stats` command would fail when run on root containers using the `slirp4netns` network mode ([#7883](https://github.com/containers/podman/issues/7883)).
- Fixed a bug where the Podman remote client would ask for a password even if the server's SSH daemon did not support password authentication ([#8498](https://github.com/containers/podman/issues/8498)).
- Fixed a bug where the `podman stats` command would fail if the system did not support one or more of the cgroup controllers Podman supports ([#8588](https://github.com/containers/podman/issues/8588)).
- Fixed a bug where the `--mount` option to `podman create` and `podman run` did not ignore the `consistency` mount option.
- Fixed a bug where failures during the resizing of a container's TTY would print the wrong error.
- Fixed a bug where the `podman network disconnect` command could cause the `podman inspect` command to fail for a container until it was restarted ([#9234](https://github.com/containers/podman/issues/9234)).
- Fixed a bug where containers created from a read-only rootfs (using the `--rootfs` option to `podman create` and `podman run`) would fail ([#9230](https://github.com/containers/podman/issues/9230)).
[#]## API
- Libpod API version has been bumped to v3.0.0.
- All Libpod Pod APIs have been modified to properly report errors with individual containers. Cases where the operation as a whole succeeded but individual containers failed now report an HTTP 409 error ([#8865](https://github.com/containers/podman/issues/8865)).
- The Compat API for Containers now supports the Rename and Copy APIs.
- Fixed a bug where the Compat Prune APIs (for volumes, containers, and images) did not return the amount of space reclaimed in their responses.
- Fixed a bug where the Compat and Libpod Exec APIs for Containers would drop errors that occurred prior to the exec session successfully starting (e.g. a "no such file" error if an invalid executable was passed) ([#8281](https://github.com/containers/podman/issues/8281))
- Fixed a bug where the Volumes field in the Compat Create API for Containers was being ignored ([#8649](https://github.com/containers/podman/issues/8649)).
- Fixed a bug where the NetworkMode field in the Compat Create API for Containers was not handling some values, e.g. `container:`, correctly.
- Fixed a bug where the Compat Create API for Containers did not set container name properly.
- Fixed a bug where containers created using the Compat Create API unconditionally used Kubernetes file logging (the default specified in `containers.conf` is now used).
- Fixed a bug where the Compat Inspect API for Containers could include container states not recognized by Docker.
- Fixed a bug where Podman did not properly clean up after calls to the Events API when the `journald` backend was in use, resulting in a leak of file descriptors ([#8864](https://github.com/containers/podman/issues/8864)).
- Fixed a bug where the Libpod Pull endpoint for Images could fail with an `index out of range` error under certain circumstances ([#8870](https://github.com/containers/podman/issues/8870)).
- Fixed a bug where the Libpod Exists endpoint for Images could panic.
- Fixed a bug where the Compat List API for Containers did not support all filters ([#8860](https://github.com/containers/podman/issues/8860)).
- Fixed a bug where the Compat List API for Containers did not properly populate the Status field.
- Fixed a bug where the Compat and Libpod Resize APIs for Containers ignored the height and width parameters ([#7102](https://github.com/containers/podman/issues/7102)).
- Fixed a bug where the Compat Search API for Images returned an incorrectly-formatted JSON response ([#8758](https://github.com/containers/podman/pull/8758)).
- Fixed a bug where the Compat Load API for Images did not properly clean up temporary files.
- Fixed a bug where the Compat Create API for Networks could panic when an empty IPAM configuration was specified.
- Fixed a bug where the Compat Inspect and List APIs for Networks did not include Scope.
[#]## Misc
- Updated Buildah to v1.19.2
- Updated the containers/storage library to v1.24.5
- Updated the containers/common library to v0.33.4
3.0.0-rc2:
This is the second release candidate of Podman v3.0.
3.0.0-rc1:
[#]## Features
- Add ability to set system wide options for slirp4netns
- Add --cidfile to container kill
- Add commas between mount options
- Add compose regression to ci
- Add containerenv information to /run/.containerenv
- Add default sysctls for pod infra containers
- Add --filter to podman system prune
- Adding json formatting to `--list-tags` option in `podman search` command.
- Add mask and unmask option to --security-opt
- Add 'MemUsageBytes' format option
- Add more information and examples on podman and pipes
- Add network filter for podman ps and pod ps
- Add Networks format placeholder to podman ps and pod ps
- Add pod filter for ps
- Add podman network create option for bridge mtu
- Add podman network create option for bridge vlan
- Add pre checkpoint
- Add Security information to podman info
- Add support for Gentoo file to package query
- Add support for network ids
- Add support for pacman package version query
- Add support for persistent volume claims in kube files
- Add support for --platform
- Add systempaths=unconfined option
- Add volume filters to system prune
- Add volume prune --filter support
- Allow podman push to push manifest lists
- Allow users to specify TMPDIR in containers.conf
- Always add the default gateway to the cni config file
- Drop default log-level from error to warn
- Enable short-name aliasing
- Generate kube on multiple containers
- Generate systemd: do not set `KillMode`
- Image sign using per user registries.d
- Implement pod-network-reload
- Include named volumes in container migration
- Initial implementation of renaming containers
- Initial implementation of volume plugins
- Network connect disconnect on non-running containers
- Not use local image create/add manifest
- Podman network label support
- Prepare support in kube play for other volume types than hostPath
- Remote copy
- Remove the ability to use [name:tag] in podman load command
- Remove varlink support from Podman
- Sign multi-arch images
- Support --network=default as if it was private
- Support Unix timestamps for `podman logs --since`
[#]## Changes
- Add LogSize to container inspect
- Allow image errors to bubble up from lower level functions.
- Change name of imageVolumes in container config JSON
- Cleanup CNI Networks on reboot
- Consolidate filter logic to pkg subdirectory
- Make `podman stats` slirp check more robust
- More /var/run -> /run
- Prefer read/write images over read/only images
- Refactor kube.ToSpecGen parameters to struct
- Rename AutocompletePortCommand func
- Repeat system pruning until there is nothing removed
- Switch references of /var/run -> /run
- Use HTTPProxy settings from containers.conf
- Use Libpod tmpdir for pause path
- Use Options as CRImportCheckpoint() argument
- Use Options as exportCheckpoint() argument
- Use PasswordCallback instead of Password for ssh
- Use abi PodPs implementation for libpod/pods/json endpoint
- Validate that the bridge option is supported
- archive: move stat-header handling into copy package
- libpod, conmon: change log level for rootless
- libpod: change function to accept ExecOptions
- libpod: handle single user mapped as root
- make podman play use ENVs from image
- pkg/copy: introduce a Copier
- podman events allow future time for --until
- podman.service should be an exec service not a notify service
- rewrite podman-cp
- rootless: add function to retrieve gid/uid mappings
- rootless: automatically split userns ranges
- runtime: set XDG_* env variables if missing
- shell completion for the network flag
- specgen: improve heuristic for /sys bind mount
- systemd: make rundir always accessible
[#]## Bugfixes
- Close image rawSource when each loop ends
- Containers should not get inheritable caps by default
- Correct port range logic for port generation
- Correct which network commands can be run as rootless
- Disable CGv1 pod stats on net=host post
- Do not error on installing duplicate shutdown handler
- Do not ignore infra command from config files
- Do not mount sysfs as rootless in more cases
- Do not pull if image domain is localhost
- Do not use "true" after "syslog" in exit commands
- Do not validate the volume source path in specgen
- Don't accidently remove XDG_RUNTIME_DIR when reseting storage
- Ensure that `podman play kube` actually reports errors
- Ensure that user-specified HOSTNAME is honored
- Ensure we do not edit container config in Exec
- Exorcise Driver code from libpod/define
- Expose Height/Width fields to decoder
- Expose security attribute errors with their own messages
- Fix Wrong image tag is used when creating a container from an image with multiple tags
- Fix `podman images...` missing headers in table templates
- Fix build for mips architecture
- Fix build for mips architecture follow-up
- Fix custom mac address with a custom cni network
- Fix extra quotation mark in manpages.
- Fix missing options in volumes display while setting uid and gid
- Fix missing podman-container-rename man page link
- Fix network ls --filter invalid value flake
- Fix option names --subuidname and --subgidname
- Fix panic in libpod images exists endpoint
- Fix podman build --logfile
- Fix podman logs read partial log lines
- Fix problems reported by staticcheck
- Fix problems with network remove
- Fix shell completion for ps --filter ancestor
- Fix some nit
- Fix spelling mistakes
- Fix storage.conf to define driver in the VM
- Fix support for rpmbuild < 4.12.0.
- Fix: unpause not supported for CGv1 rootless
- Fxes /etc/hosts duplicated every time after container restarted in a pod
- Handle --rm when starting a container
- Handle podman exec capabilities correctly
- Honor the --layers flag
- Ignore containers.conf sysctls when sharing namespaces
- Improve error message when the the podman service is not enabled
- Make podman generate systemd --new flag parsing more robust
- Pass down EnableKeyring from containers.conf to conmon
- Properly handle --cap-add all when running with a --user flag
- Revert "Allow multiple --network flags for podman run/create"
- Revert e6fbc15f26b2a609936dfc11732037c70ee14cba
- Revert the custom cobra vendor
- Rework pruning to report reclaimed space
- Set NetNS mode instead of value
- The slirp4netns sandbox requires pivot_root
- close journald when reading
- container create: do not clear image name
- container stop: release lock before calling the runtime
- exec: honor --privileged
- fix: disable seccomp by default when privileged.
- image list: ignore bare manifest list
- network: disallow CNI networks with user namespaces
- oci: keep LC_ env variables to conmon
- oci: use /proc/self/fd/FD to open unix socket
- pass full NetworkMode to ParseNetworkNamespace
- play kube: fix args/command handling
- play kube: set entrypoint when interpreting Command
- podman build --force-rm defaults to true in code
- podman logs honor stderr correctly
- podman, exec: move conmon to the correct cgroup
- podman-remote fix sending tar content
- podman: drop checking valid rootless UID
- re-open container log files
- security: honor systempaths=unconfined for ro paths
[#]## API
- Add API for communicating with Docker volume plugins
- Change bindings to stop two API calls for ping
- Close the stdin/tty when using podman as a restAPI.
- Compat api containers/json add support for filters
- Container rename bindings
- Do not pass name argument to Load API
- Docker compat API - /images/search returns wrong structure (#7857)
- Docker compat API - containers create ignores the name
- Fix some network compat api problems
- Jira RUN-1106 Container handlers updates
- Jira RUN-1106 Image handlers updates
- Jira RUN-1106 Network handlers updates
- Jira RUN-1106 System handlers updates
- Jira RUN-1106 Volumes handlers updates
- Makefile: add target to generate bindings
- More docker compat API fixes
- Podman image bindings for 3.0
- REST API v2 - ping - fix typo in header
- REST API v2 - ping - remove newline from response to improve Docker compatibility
- Reduce general binding binary size
- Restore compatible API for prune endpoints
- compat create should use bindings
- hack/podman-socat captures the API stream
- libpod API: pull: fix channel race
- misc bindings to podman v3
- pkg/copy: add parsing API
- podman v3 container bindings
- podman v3 pod bindings
[#]## Misc
- Bump github.com/containernetworking/plugins from 0.8.7 to 0.9.0
- Bump github.com/containers/common from 0.30.0 to 0.31.1
- Bump github.com/containers/image/v5 from 5.8.1 to 5.9.0
- Bump github.com/containers/storage from 1.24.1 to 1.24.5
- Bump github.com/cri-o/ocicni to latest master
- Bump github.com/google/uuid from 1.1.2 to 1.1.5
- Bump github.com/onsi/gomega from 1.10.3 to 1.10.4
- Bump github.com/opencontainers/selinux from 1.6.0 to 1.8.0
- Bump github.com/stretchr/testify from 1.6.1 to 1.7.0
- Bump k8s.io/apimachinery from 0.19.4 to 0.20.2
- Bump master to v3.0.0-dev
- Bump to containers/buildah 1.9.2
- Bump version in README to v2.2.0
- vendor containers/psgo@v1.5.2
- Update storagever to 1.24.8
1.24.8:
Call recreateSymlinks when not found during Readlink
homedir: add GetCacheHome
1.24.7:
ignore metacopy option on kernels that do not support it
1.24.6:
overlay: force metacopy=on for naivediff
- Update imagever to 5.10.4
5.10.4:
* copy: compute blob compression on reused blobs based on source MediaType
* copy: provide compression info about copied blobs
5.10.3:
* place shortnames in `~/.cache` not `~/.config/.cache`
5.10.2:
* short-name-aliases.conf: use cache folders instead of $HOME
Note: the v5.10.x series is now cut from the `release-v5.10` branch.
5.10.1:
Fix segfault if sys is not defined.
5.10.0:
- tarball: fix example code
- Bump github.com/ulikunitz/xz from 0.5.8 to 0.5.9
- Bump github.com/opencontainers/selinux from 1.6.0 to 1.8.0
- Bump github.com/vbauerster/mpb/v5 from 5.3.0 to 5.4.0
- Add DockerLogMirrirChoice to ctx for log
- Rename variables in pkg/docker/config tests
- Fix pkg/docker/config tests on non-Linux systems
- Add macOS test cases to GetPathToAuth
- Fix docker tests with recent c/storage
- Fix signature tests with recent c/storage
- Fix sysregistriesv2 tests with recent c/storage
- Fix pkg/docker/config tests with recent c/storage
- Bump github.com/containers/storage from 1.23.7 to 1.24.5
- Bump github.com/klauspost/compress from 1.11.3 to 1.11.6
- Enable subdomain matching in policy.json
- Bump github.com/stretchr/testify from 1.6.1 to 1.7.0
- Bump github.com/klauspost/compress from 1.11.6 to 1.11.7
- ostree.TestReferenceSignaturePath: fix a compiler warning in a test
- manifest: add a test for UpdatedMIMEType
- blobinfocache: track compression types for locations
- Actually make a copy of ctx as the comment claims
- Actually use the SystemContext copy in the one place that matters
- Update golangci-lint
- Clarify the canModifyBlob condition in copyBlobFromStream
- Cleanup description of shortname expansion
- Allow callers to set the MaxParallelDownloads field
- Fix up errors linter is complaining about
- Set a default User-Agent if unset
++++ toolbox:
- Update to version 2.1+git20210225.5c541c8:
* Check sub{u,g}id if rootless, and fail early if they're not setup
* Fix creating a container with a specific name with `-c`
------------------------------------------------------------------
------------------ 2021-2-24 - Feb 24 2021 -------------------
------------------------------------------------------------------
++++ cockpit:
- new version 238.1
https://cockpit-project.org/blog/cockpit-238.html
https://cockpit-project.org/blog/cockpit-237.html
- No longer recompress tarball at buildtime
++++ cockpit-podman:
- new version 28.1
https://github.com/cockpit-project/cockpit-podman/releases/tag/28.1
- use upstream sources without bundled and pre-built dist since
we want to rebuild it
- use local-npm-registry for building
- fix_dependencies.patch: fix build dependencies
++++ crypto-policies:
- Disable DTLS0.9 protocol in GnuTLS DEFAULT policy. [bsc#1180938]
* The minimum DTLS protocol version in the DEFAULT and FUTURE
policies is DTLS1.2.
* Fixed upstream: 05203d21f6d0ea9bbdb351e4600f1e273720bb8e
++++ kernel-default:
- Update config files. Update config files. Enable USB_GADGET(jsc#SLE-14042)
- supported.conf:
After discussion what the feature request implied, it was
decided that gadget mode is also needed on x86_64
- commit 4adcbc0
- macros.kernel-source: Use spec_install_pre for certificate installation (boo#1182672).
Since rpm 4.16 files installed during build phase are lost.
- commit d0b887e
- update mainline references
- update mainline references:
patches.suse/drm-bail-out-of-nouveau_channel_new-if-channel-init-.patch
patches.suse/floppy-reintroduce-O_NDELAY-fix.patch
patches.suse/media-uvcvideo-Accept-invalid-bFormatIndex-and-bFram.patch
- commit 4eacbc9
++++ libzypp:
- Try to provide a mounted /proc in --root installs (bsc#1181328)
Some systemd tools require /proc to be mounted and fail if it's
not there.
- Enable release packages to request a releaxed suse/opensuse
vendorcheck in dup when migrating. (bsc#1182629)
- version 17.25.8 (22)
++++ openssh:
- Add support for vendor provided configuration files in
/usr/share/ssh/ (openssh-8.4p1-vendordir.patch)
- Move configuration files from /etc/ssh/ to /usr/share/ssh/
++++ patterns-base:
- Suggest pulseaudio, so that zypp has something to base the
decision on when choosing between pulseaudio and
pipewire-pulseaudio (boo#1182730).
++++ podman:
- Drop obsolete varlink.patch
- Update to v3.0.1
* Changes
- Several frequently-occurring WARN level log messages have been downgraded to INFO or DEBUG to not clutter terminal output.
Bugfixes
- Fixed a bug where the Created field of podman ps --format=json was formatted as a string instead of an Unix timestamp (integer) (#9315).
- Fixed a bug where failing lookups of individual layers during the podman images command would cause the whole command to fail without printing output.
- Fixed a bug where --cgroups=split did not function properly on cgroups v1 systems.
- Fixed a bug where mounting a volume over an directory in the container that existed, but was empty, could fail (#9393).
- Fixed a bug where mounting a volume over a directory in the container that existed could copy the entirety of the container's rootfs, instead of just the directory mounted over, into the volume (#9415).
- Fixed a bug where Podman would treat the --entrypoint=[""] option to podman run and podman create as a literal empty string in the entrypoint, when instead it should have been ignored (#9377).
- Fixed a bug where Podman would set the HOME environment variable to "" when the container ran as a user without an assigned home directory (#9378).
- Fixed a bug where specifying a pod infra image that had no tags (by using its ID) would cause podman pod create to panic (#9374).
- Fixed a bug where the --runtime option was not properly handled by the podman build command (#9365).
- Fixed a bug where Podman would incorrectly print an error message related to the remote API when the remote API was not in use and starting Podman failed.
- Fixed a bug where Podman would change ownership of a container's working directory, even if it already existed (#9387).
- Fixed a bug where the podman generate systemd --new command would incorrectly escape %t when generating the path for the PID file (#9373).
- Fixed a bug where Podman could, when run inside a Podman container with the host's containers/storage directory mounted into the container, erroneously detect a reboot and reset container state if the temporary directory was not also mounted in (#9191).
- Fixed a bug where some options of the podman build command (including but not limited to --jobs) were nonfunctional (#9247).
* API
- Fixed a breaking change to the Libpod Wait API for Containers where the Conditions parameter changed type in Podman v3.0 (#9351).
- Fixed a bug where the Compat Create endpoint for Containers did not properly handle forwarded ports that did not specify a host port.
- Fixed a bug where the Libpod Wait endpoint for Containers could write duplicate headers after an error occurred.
- Fixed a bug where the Compat Create endpoint for Images would not pull images that already had a matching tag present locally, even if a more recent version was available at the registry (#9232).
- The Compat Create endpoint for Images has had its compatibility with Docker improved, allowing its use with the docker-java library.
* Misc
- Updated Buildah to v1.19.4
- Updated the containers/storage library to v1.24.6
- Changes from v3.0.0
* Features
- Podman now features initial support for Docker Compose.
- Added the podman rename command, which allows containers to be renamed after they are created (#1925).
- The Podman remote client now supports the podman copy command.
- A new command, podman network reload, has been added. This command will re-configure the network of all running containers, and can be used to recreate firewall rules lost when the system firewall was reloaded (e.g. via firewall-cmd --reload).
- Podman networks now have IDs. They can be seen in podman network ls and can be used when removing and inspecting networks. Existing networks receive IDs automatically.
- Podman networks now also support labels. They can be added via the --label option to network create, and podman network ls can filter labels based on them.
- The podman network create command now supports setting bridge MTU and VLAN through the --opt option (#8454).
- The podman container checkpoint and podman container restore commands can now checkpoint and restore containers that include volumes.
- The podman container checkpoint command now supports the --with-previous and --pre-checkpoint options, and the podman container restore command now support the --import-previous option. These add support for two-step checkpointing with lowered dump times.
- The podman push command can now push manifest lists. Podman will first attempt to push as an image, then fall back to pushing as a manifest list if that fails.
- The podman generate kube command can now be run on multiple containers at once, and will generate a single pod containing all of them.
- The podman generate kube and podman play kube commands now support Kubernetes DNS configuration, and will preserve custom DNS configuration when exporting or importing YAML (#9132).
- The podman generate kube command now properly supports generating YAML for containers and pods creating using host networking (--net=host) (#9077).
- The podman kill command now supports a --cidfile option to kill containers given a file containing the container's ID (#8443).
- The podman pod create command now supports the --net=none option (#9165).
- The podman volume create command can now specify volume UID and GID as options with the UID and GID fields passed to the the --opt option.
- Initial support has been added for Docker Volume Plugins. Podman can now define available plugins in containers.conf and use them to create volumes with podman volume create --driver.
- The podman run and podman create commands now support a new option, --platform, to specify the platform of the image to be used when creating the container.
- The --security-opt option to podman run and podman create now supports the systempaths=unconfined option to unrestrict access to all paths in the container, as well as mask and unmask options to allow more granular restriction of container paths.
- The podman stats --format command now supports a new format specified, MemUsageBytes, which prints the raw bytes of memory consumed by a container without human-readable formatting #8945.
- The podman ps command can now filter containers based on what pod they are joined to via the pod filter (#8512).
- The podman pod ps command can now filter pods based on what networks they are joined to via the network filter.
The podman pod ps command can now print information on what networks a pod is joined to via the .Networks specifier to the --format option.
- The podman system prune command now supports filtering what containers, pods, images, and volumes will be pruned.
- The podman volume prune commands now supports filtering what volumes will be pruned.
- The podman system prune command now includes information on space reclaimed (#8658).
- The podman info command will now properly print information about packages in use on Gentoo and Arch systems.
- The containers.conf file now contains an option for disabling creation of a new kernel keyring on container creation (#8384).
- The podman image sign command can now sign multi-arch images by producing a signature for each image in a given manifest list.
- The podman image sign command, when run as rootless, now supports per-user registry configuration files in $HOME/.config/containers/registries.d.
- Configuration options for slirp4netns can now be set system-wide via the NetworkCmdOptions configuration option in containers.conf.
- The MTU of slirp4netns can now be configured via the mtu= network command option (e.g. podman run --net slirp4netns:mtu=9000).
* Security
- A fix for CVE-2021-20199 / bsc#1181640 is included. Podman between v1.8.0 and v2.2.1 used 127.0.0.1 as the source address for all traffic forwarded into rootless containers by a forwarded port; this has been changed to address the issue.
* Changes
- Shortname aliasing support has now been turned on by default. All Podman commands that must pull an image will, if a TTY is available, prompt the user about what image to pull.
- The podman load command no longer accepts a NAME[:TAG] argument. The presence of this argument broke CLI compatibility with Docker by making docker load commands unusable with Podman (#7387).
- The Go bindings for the HTTP API have been rewritten with a focus on limiting dependency footprint and improving extensibility. Read more here.
- The legacy Varlink API has been completely removed from Podman.
- The default log level for Podman has been changed from Error to Warn.
- The podman network create command can now create macvlan networks using the --driver macvlan option for Docker compatibility. The existing --macvlan flag has been deprecated and will be removed in Podman 4.0 some time next year.
- The podman inspect command has had the LogPath and LogTag fields moved into the LogConfig structure (from the root of the Inspect structure). The maximum size of the log file is also included.
- The podman generate systemd command no longer generates unit files using the deprecated KillMode=none option (#8615).
- The podman stop command now releases the container lock while waiting for it to stop - as such, commands like podman ps will no longer block until podman stop completes (#8501).
- Networks created with podman network create --internal no longer use the dnsname plugin. This configuration never functioned as expected.
- Error messages for the remote Podman client have been improved when it cannot connect to a Podman service.
- Error messages for podman run when an invalid SELinux is specified have been improved.
- Rootless Podman features improved support for containers with a single user mapped into the rootless user namespace.
- Pod infra containers now respect default sysctls specified in containers.conf allowing for advanced configuration of the namespaces they will share.
- SSH public key handling for remote Podman has been improved.
* Bugfixes
- Fixed a bug where the podman history --no-trunc command would truncate the Created By field (#9120).
- Fixed a bug where root containers that did not explicitly specify a CNI network to join did not generate an entry for the network in use in the Networks field of the output of podman inspect (#6618).
- Fixed a bug where, under some circumstances, container working directories specified by the image (via the WORKDIR instruction) but not present in the image, would not be created (#9040).
- Fixed a bug where the podman generate systemd command would generate invalid unit files if the container was creating using a command line that included doubled braces ({{ and }}), e.g. --log-opt-tag={{.Name}} (#9034).
- Fixed a bug where the podman generate systemd --new command could generate unit files including invalid Podman commands if the container was created using merged short options (e.g. podman run -dt) (#8847).
- Fixed a bug where the podman generate systemd --new command could generate unit files that did not handle Podman commands including some special characters (e.g. $) (#9176
- Fixed a bug where rootless containers joining CNI networks could not set a static IP address (#7842).
- Fixed a bug where rootless containers joining CNI networks could not set network aliases (#8567).
- Fixed a bug where the remote client could, under some circumstances, not include the Containerfile when sending build context to the server (#8374).
- Fixed a bug where rootless Podman did not mount /sys as a new sysfs in some circumstances where it was acceptable.
- Fixed a bug where rootless containers that both joined a user namespace and a CNI networks would cause a segfault. These options are incompatible and now return an error.
- Fixed a bug where the podman play kube command did not properly handle CMD and ARGS from images (#8803).
- Fixed a bug where the podman play kube command did not properly handle environment variables from images (#8608).
- Fixed a bug where the podman play kube command did not properly print errors that occurred when starting containers.
- Fixed a bug where the podman play kube command errored when hostNetwork was used (#8790).
- Fixed a bug where the podman play kube command would always pull images when the :latest tag was specified, even if the image was available locally (#7838).
- Fixed a bug where the podman play kube command did not properly handle SELinux configuration, rending YAML with custom SELinux configuration unusable (#8710).
- Fixed a bug where the podman generate kube command incorrectly populated the args and command fields of generated YAML (#9211).
- Fixed a bug where containers in a pod would create a duplicate entry in the pod's shared /etc/hosts file every time the container restarted (#8921).
- Fixed a bug where the podman search --list-tags command did not support the --format option (#8740).
- Fixed a bug where the http_proxy option in containers.conf was not being respected, and instead was set unconditionally to true (#8843).
- Fixed a bug where rootless Podman could, on systems with a recent Conmon and users with a long username, fail to attach to containers (#8798).
- Fixed a bug where the podman images command would break and fail to display any images if an empty manifest list was present in storage (#8931).
- Fixed a bug where locale environment variables were not properly passed on to Conmon.
- Fixed a bug where Podman would not build on the MIPS architecture (#8782).
- Fixed a bug where rootless Podman could fail to properly configure user namespaces for rootless containers when the user specified a --uidmap option that included a mapping beginning with UID 0.
- Fixed a bug where the podman logs command using the k8s-file backend did not properly handle partial log lines with a length of 1 (#8879).
- Fixed a bug where the podman logs command with the --follow option did not properly handle log rotation (#8733).
- Fixed a bug where user-specified HOSTNAME environment variables were overwritten by Podman (#8886).
- Fixed a bug where Podman would applied default sysctls from containers.conf in too many situations (e.g. applying network sysctls when the container shared its network with a pod).
- Fixed a bug where Podman did not properly handle cases where a secondary image store was in use and an image was present in both the secondary and primary stores (#8176).
- Fixed a bug where systemd-managed rootless Podman containers where the user in the container was not root could fail as the container's PID file was not accessible to systemd on the host (#8506).
- Fixed a bug where the --privileged option to podman run and podman create would, under some circumstances, not disable Seccomp (#8849).
- Fixed a bug where the podman exec command did not properly add capabilities when the container or exec session were run with --privileged.
- Fixed a bug where rootless Podman would use the --enable-sandbox option to slirp4netns unconditionally, even when pivot_root was disabled, rendering slirp4netns unusable when pivot_root was disabled (#8846).
- Fixed a bug where podman build --logfile did not actually write the build's log to the logfile.
- Fixed a bug where the podman system service command did not close STDIN, and could display user-interactive prompts (#8700).
- Fixed a bug where the podman system reset command could, under some circumstances, remove all the contents of the XDG_RUNTIME_DIR directory (#8680).
- Fixed a bug where the podman network create command created CNI configurations that did not include a default gateway (#8748).
- Fixed a bug where the podman.service systemd unit provided by default used the wrong service type, and would cause systemd to not correctly register the service as started (#8751).
- Fixed a bug where, if the TMPDIR environment variable was set for the container engine in containers.conf, it was being ignored.
- Fixed a bug where the podman events command did not properly handle future times given to the --until option (#8694).
- Fixed a bug where the podman logs command wrote container STDERR logs to STDOUT instead of STDERR (#8683).
- Fixed a bug where containers created from an image with multiple tags would report that they were created from the wrong tag (#8547).
- Fixed a bug where container capabilities were not set properly when the --cap-add=all and --user options to podman create and podman run were combined.
- Fixed a bug where the --layers option to podman build was nonfunctional (#8643).
- Fixed a bug where the podman system prune command did not act recursively, and thus would leave images, containers, pods, and volumes present that would be removed by a subsequent call to podman system prune (#7990).
- Fixed a bug where the --publish option to podman run and podman create did not properly handle ports specified as a range of ports with no host port specified (#8650).
- Fixed a bug where --format did not support JSON output for individual fields (#8444).
- Fixed a bug where the podman stats command would fail when run on root containers using the slirp4netns network mode (#7883).
- Fixed a bug where the Podman remote client would ask for a password even if the server's SSH daemon did not support password authentication (#8498).
- Fixed a bug where the podman stats command would fail if the system did not support one or more of the cgroup controllers Podman supports (#8588).
- Fixed a bug where the --mount option to podman create and podman run did not ignore the consistency mount option.
- Fixed a bug where failures during the resizing of a container's TTY would print the wrong error.
- Fixed a bug where the podman network disconnect command could cause the podman inspect command to fail for a container until it was restarted (#9234).
- Fixed a bug where containers created from a read-only rootfs (using the --rootfs option to podman create and podman run) would fail (#9230).
- Fixed a bug where specifying Go templates to the --format option to multiple Podman commands did not support the join function (#8773).
- Fixed a bug where the podman rmi command could, when run in parallel on multiple images, return layer not known errors (#6510).
- Fixed a bug where the podman inspect command on containers displayed unlimited ulimits incorrectly (#9303).
- Fixed a bug where Podman would fail to start when a volume was mounted over a directory in a container that contained symlinks that terminated outside the directory and its subdirectories (#6003).
API
- Libpod API version has been bumped to v3.0.0.
- All Libpod Pod APIs have been modified to properly report errors with individual containers. Cases where the operation as a whole succeeded but individual containers failed now report an HTTP 409 error (#8865).
- The Compat API for Containers now supports the Rename and Copy APIs.
- Fixed a bug where the Compat Prune APIs (for volumes, containers, and images) did not return the amount of space reclaimed in their responses.
- Fixed a bug where the Compat and Libpod Exec APIs for Containers would drop errors that occurred prior to the exec session successfully starting (e.g. a "no such file" error if an invalid executable was passed) (#8281)
- Fixed a bug where the Volumes field in the Compat Create API for Containers was being ignored (#8649).
- Fixed a bug where the NetworkMode field in the Compat Create API for Containers was not handling some values, e.g. container:, correctly.
- Fixed a bug where the Compat Create API for Containers did not set container name properly.
- Fixed a bug where containers created using the Compat Create API unconditionally used Kubernetes file logging (the default specified in containers.conf is now used).
- Fixed a bug where the Compat Inspect API for Containers could include container states not recognized by Docker.
- Fixed a bug where Podman did not properly clean up after calls to the Events API when the journald backend was in use, resulting in a leak of file descriptors (#8864).
- Fixed a bug where the Libpod Pull endpoint for Images could fail with an index out of range error under certain circumstances (#8870).
- Fixed a bug where the Libpod Exists endpoint for Images could panic.
- Fixed a bug where the Compat List API for Containers did not support all filters (#8860).
- Fixed a bug where the Compat List API for Containers did not properly populate the Status field.
- Fixed a bug where the Compat and Libpod Resize APIs for Containers ignored the height and width parameters (#7102).
- Fixed a bug where the Compat Search API for Images returned an incorrectly-formatted JSON response (#8758).
- Fixed a bug where the Compat Load API for Images did not properly clean up temporary files.
- Fixed a bug where the Compat Create API for Networks could panic when an empty IPAM configuration was specified.
- Fixed a bug where the Compat Inspect and List APIs for Networks did not include Scope.
- Fixed a bug where the Compat Wait endpoint for Containers did not support the same wait conditions that Docker did.
* Misc
- Updated Buildah to v1.19.2
- Updated the containers/storage library to v1.24.5
- Updated the containers/image library to v5.10.2
- Updated the containers/common library to v0.33.4
++++ virt-manager:
- bsc#1178926 - Unable to find any master var for loader
/usr/share/qemu/{bios.bin, bios-256k.bin}
virtman-legacy-bios-support.patch
++++ zypper:
- doc: give more details about creating versioned package locks
(bsc#1181622)
- man: Document synonymously used patch categories (bsc#1179847)
- version 1.14.43
------------------------------------------------------------------
------------------ 2021-2-23 - Feb 23 2021 -------------------
------------------------------------------------------------------
++++ container-selinux:
- Update to version 2.158.0
- Add nfs remount support
- Allow containers to execmod on nfs, samba and cephs remote shares
- Allow confined users to send dbus messages to container_runtime
++++ dracut:
- Update to version 053+suse.90.gb89b6347:
Highlights: https://github.com/dracutdevs/dracut/releases/tag/053
dracut.sh:
unfreeze /boot on exit (d87ae137)
proper return code for inst_multiple in dracut-init.sh (d437970c)
fcoe:
rename rd.nofcoe to rd.fcoe (6f7823bc)
rd.nofcoe=0 should disable fcoe (805b46c2)
i18n:
get rid of eval calls (5387ed24), backported for 052 downstream
create the keyboard symlinks again (9e1c7f3d), backported for 052 downstream
network-manager:
run as a service if systemd module is present (c17c5b76)
rework how NM is started in debug mode (34c73b33)
drm: skip empty modalias files in drm module setup (c3f24184)
++++ kernel-default:
- Linux 5.11.1 (bsc#1012628).
- Xen/x86: don't bail early from clear_foreign_p2m_mapping()
(bsc#1012628).
- Xen/x86: also check kernel mapping in set_foreign_p2m_mapping()
(bsc#1012628).
- Xen/gntdev: correct dev_bus_addr handling in
gntdev_map_grant_pages() (bsc#1012628).
- Xen/gntdev: correct error checking in gntdev_map_grant_pages()
(bsc#1012628).
- xen/arm: don't ignore return errors from set_phys_to_machine
(bsc#1012628).
- xen-blkback: don't "handle" error by BUG() (bsc#1012628).
- xen-netback: don't "handle" error by BUG() (bsc#1012628).
- xen-scsiback: don't "handle" error by BUG() (bsc#1012628).
- xen-blkback: fix error handling in xen_blkbk_map()
(bsc#1012628).
- tty: protect tty_write from odd low-level tty disciplines
(bsc#1012628).
- Bluetooth: btusb: Always fallback to alt 1 for WBS
(bsc#1012628).
- commit 3652ea1
++++ at-spi2-core:
- Update to version 2.39.90.1:
+ Fix a crash introduced in 2.39.90, along with a few warnings.
++++ libburn:
- update to 1.5.4:
* Bug fix: Early SCSI commands from sg-linux.c were not logged
* New API call burn_drive_set_speed_exact()
* New API call burn_nominal_slowdown()
++++ libisoburn:
- update to 1.5.4:
* Bug fix: -report_system_area as_mkisofs misrepresented GPT with appended
partition and forced boot flag as -part_like_isohybrid
* Bug fix: Boot catalog could get a wrong name if cat_path= is explicitely
given but not containing a slash character
* New helper script xorriso-dd-target
* New command -truncate_overwritable
* Switched to usage of libjte-2.0.0
* New -jigdo parameters "checksum_algorithm", "demand_checksum", "-checksum-list"
* New -as mkisofs options "-jigdo-checksum-algorithm", "-checksum-list", "-jigdo-force-checksum"
* New -read_speed prefixes "soft_force:" and "soft_corr:"
* New -check_media option data_to="-" for standard output
* New -zisofs parameters version_2=, block_size_v2=, max_bpt=, max_bpt_f=,
bpt_target=, bpt_free_ratio=, by_magic=v2, susp_z2=
* New -as mkisofs options --zisofs-version-2, --zisofs2-susp-z2,
- -zisofs2-susp-zf
* Enabled recognition of zisofs by magic without zlib support
* New -osirrox option sparse= controls extraction into sparse files
* New libisoburn extension options isoburn_ropt_map_joliet_stripped and
isoburn_ropt_map_joliet_unmapped
* New command -joliet_map
* New command -extract_boot_images
* New API call isoburn_ropt_get_tree_loaded()
++++ libxml2:
- Fails to build against Python 3.9:
* Add upstream commit that fixes the issue
https://github.com/GNOME/libxml2/commit/e4fb36841800038c289997432ca547c9bfef9db1
- Add patch libxml2-python39.patch
++++ libxml2-python:
- Fails to build against Python 3.9:
* Add upstream commit that fixes the issue
https://github.com/GNOME/libxml2/commit/e4fb36841800038c289997432ca547c9bfef9db1
- Add patch libxml2-python39.patch
++++ selinux-policy:
- Update to version 20210223
- Change name of tar file to a more common schema to allow
parallel installation of several source versions
- Adjust fix_init.patch
------------------------------------------------------------------
------------------ 2021-2-22 - Feb 22 2021 -------------------
------------------------------------------------------------------
++++ fuse-overlayfs:
- Update to version 1.4.0
* add squash_to_uid and squash_to_gid
* add squash_to_root mount option.
* honor option "volatile".
* when writing mode to xattr, create files with mode 0755.
* support ID mapping when using xattr permissions.
* allow opening not accessible but still referenced files.
* invalidate directory cache on create/rename.
* fix segfault if no mountpoint specified
* fix file_exists_at musl compatibility
* introduce extended attribute to override gid/uid/mode.
* support writing uid/gid/mode to an extended attribute.
* fix a memory leak, where inodes are maintained in memory
even if not needed.
++++ grub2:
- Fix build error in binutils 2.36 (bsc#1181741)
* 0001-Fix-build-error-in-binutils-2.36.patch
- Fix executable stack in grub-emu (bsc#1181696)
* 0001-emu-fix-executable-stack-marking.patch
++++ kernel-default:
- arm: Update config files.
Set CONFIG_WATCHDOG_SYSFS to true (bsc#1182560)
- commit 702d1a3
- rpm/kernel-subpackage-build: Workaround broken bot
(https://github.com/openSUSE/openSUSE-release-tools/issues/2439)
- commit b74d860
++++ kernel-default-base:
- Add squashfs for kiwi installiso support (bsc#1182341)
- Add fuse (boo#1182507)
++++ libxcrypt:
- Update to version 4.4.18
* Fix conversion error in lib/alg-gost3411-core.c
++++ ncurses:
- Add ncurses patch 20210220
+ improve tic warning when oc/op do not mention SGR 39/49 for xterm
compatible XT flag.
+ revert change to lib_addch.c in waddch_literal() from 20210130, since
the followup fix in PutCharLR() actually corrects the problem while
this change causes too-early filling/wrapping (report by Johannes
Altmanninger).
+ add/use vt220+pcedit and vt220+vtedit -TD
+ add scrt/securecrt and absolute -TD
+ add nel to xterm-new, though supported since X11R5 -TD
+ add/use xterm+nofkeys -TD
+ move use of ecma+italics from xterm-basic to xterm+nofkeys -TD
- Port patch ncurses-6.2.dif mainly terminfo.src
++++ procps:
- Remove /usr/share/man/uk dir to file list for lang sub package:
It's now provided by filesystem.
++++ rpm:
- Remove debugedit.diff and include dwarf5.diff in order to support
debug DWARF 5 that will be added with GCC 11.
++++ systemd:
- systemd requires aaa_base >= 13.2
This dependency is required because 'systemctl
{is-enabled,enable,disable} <initscript>" ends up calling
systemd-sysv-install which in its turn calls "chkconfig
- -no-systemctl".
aaa_base package has a weird versioning but the '--no-systemctl'
option has been introduced starting from SLE12-SP2-GA, which shipped
version "13.2+git20140911.61c1681".
Spotted in bsc#1180083.
++++ systemd-default-settings:
- Import 0.7
2a61f77 Convert our configuration file dropins into 'early' ones
------------------------------------------------------------------
------------------ 2021-2-21 - Feb 21 2021 -------------------
------------------------------------------------------------------
++++ mozilla-nss:
- update to NSS 3.61
* required for Firefox 86
* bmo#1682071 - Fix issue with IKE Quick mode deriving incorrect key
values under certain conditions.
* bmo#1684300 - Fix default PBE iteration count when NSS is compiled
with NSS_DISABLE_DBM.
* bmo#1651411 - Improve constant-timeness in RSA operations.
* bmo#1677207 - Upgrade Google Test version to latest release.
* bmo#1654332 - Add aarch64-make target to nss-try.
------------------------------------------------------------------
------------------ 2021-2-20 - Feb 20 2021 -------------------
------------------------------------------------------------------
++++ libvirt:
- Remove old initscript patching of libvirt-guests.sh
Modified suse-libvirt-guests-service.patch
boo#1182494
------------------------------------------------------------------
------------------ 2021-2-19 - Feb 19 2021 -------------------
------------------------------------------------------------------
++++ ansible:
- update to version 2.9.18
* CVE-2021-20228 where default and fallback values for no_log parameters
to modules were not previously masked.
* CVE-2021-20178 where several parameters to the snmp_facts module were
logged and displayed despite containing sensitive information.
* CVE-2021-20180 where several parameters to the
bitbucket_pipeline_variable were logged and displayed despite
containing sensitive information.
* CVE-2021-20191 which addresses a number of modules whose parameters
were logged and displayed despite containing sensitive
information. For the full list of affected modules, refer to the
changelog linked below.
++++ krb5:
- Update to 1.19.1
* Fix a linking issue with Samba.
* Better support multiple pkinit_identities values by checking whether
certificates can be loaded for each value.
++++ rdma-core:
- Update to rdma-core v33.1
- No release notes available
- Drop support for libnes
- Drop support for libnes by removing patch:
- Revert-libnes-Remove-libnes-from-rdma-core.patch
- Refresh patches against latest sources:
- Revert-libcxgb3-Remove-libcxgb3-from-rdma-core.patch
- cxgb3-nes-fix-declaration-of-free_context.patch has been replaced by
cxgb3-fix-declaration-of-free_context.patch
- Add patches for cxgb3 support against newest API
- cxgb3-fix-support-for-new-uquery-API.patch
- Enable LTO support
- Trigger udevadm in rdma-ndd %post (bsc#1182391)
++++ openssl-1_1:
- Update to 1.1.1j
* Fixed the X509_issuer_and_serial_hash() function. It attempts
to create a unique hash value based on the issuer and serial
number data contained within an X509 certificate. However it
was failing to correctly handle any errors that may occur
while parsing the issuer field [bsc#1182331, CVE-2021-23841]
* Fixed the RSA_padding_check_SSLv23() function and the
RSA_SSLV23_PADDING padding mode to correctly check for
rollback attacks.
* Fixed the EVP_CipherUpdate, EVP_EncryptUpdate and
EVP_DecryptUpdate functions. Previously they could overflow the
output length argument in some cases where the input length is
close to the maximum permissable length for an integer on the
platform. In such cases the return value from the function call
would be 1 (indicating success), but the output length value
would be negative. This could cause applications to behave
incorrectly or crash. [bsc#1182333, CVE-2021-23840]
* Fixed SRP_Calc_client_key so that it runs in constant time.
The previous implementation called BN_mod_exp without setting
BN_FLG_CONSTTIME. This could be exploited in a side channel
attack to recover the password. Since the attack is local host
only this is outside of the current OpenSSL threat model and
therefore no CVE is assigned.
- Rebase patches:
* openssl-1.1.1-fips.patch
* openssl-1.1.0-issuer-hash.patch
* openssl-1.1.1-evp-kdf.patch
++++ openssl-3:
- Update to 3.0.0 Alpha 12
* The SRP APIs have been deprecated. The old APIs do not work via
providers, and there is no EVP interface to them. Unfortunately
there is no replacement for these APIs at this time.
* Add a compile time option to prevent the caching of provider
fetched algorithms. This is enabled by including the
no-cached-fetch option at configuration time.
* Combining the Configure options no-ec and no-dh no longer
disables TLSv1.3. Typically if OpenSSL has no EC or DH algorithms
then it cannot support connections with TLSv1.3. However OpenSSL
now supports "pluggable" groups through providers.
* The undocumented function X509_certificate_type() has been
deprecated; applications can use X509_get0_pubkey() and
X509_get0_signature() to get the same information.
* Deprecated the obsolete BN_pseudo_rand() and BN_pseudo_rand_range()
functions. They are identical to BN_rand() and BN_rand_range()
respectively.
* The default key generation method for the regular 2-prime RSA keys
was changed to the FIPS 186-4 B.3.6 method (Generation of Probable
Primes with Conditions Based on Auxiliary Probable Primes). This
method is slower than the original method.
* Deprecated the BN_is_prime_ex() and BN_is_prime_fasttest_ex()
functions. They are replaced with the BN_check_prime() function
that avoids possible misuse and always uses at least 64 rounds of
the Miller-Rabin primality test.
* Deprecated EVP_MD_CTX_set_update_fn() and EVP_MD_CTX_update_fn()
as they are not useful with non-deprecated functions.
++++ python310-core:
- Update to 3.9.2:
- bpo#42938 (bsc#1181126): Avoid static buffers when computing
the repr of ctypes.c_double and ctypes.c_longdouble
values. This issue was assigned CVE-2021-3177.
- bpo#42967 (bsc#1182379): Fix web cache poisoning
vulnerability by defaulting the query args separator to &,
and allowing the user to choose a custom separator. This
issue was assigned CVE-2021-23336.
- Upstreamed patches were removed:
- CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch
- bsc1167501-invalid-alignment.patch
- skip_random_failing_tests.patch
- CVE-2019-5010-null-defer-x509-cert-DOS.patch
++++ systemd:
- Add 0001-conf-parser-introduce-early-drop-ins.patch
Introduce early configuration drop-in file. This type of drop-ins
are reserved for vendor own purposes only and should never been used
by users. It might be removed in the future without any notice.
++++ openssl:
- Update to 1.1.1j release
++++ python310:
- Update to 3.9.2:
- bpo#42938 (bsc#1181126): Avoid static buffers when computing
the repr of ctypes.c_double and ctypes.c_longdouble
values. This issue was assigned CVE-2021-3177.
- bpo#42967 (bsc#1182379): Fix web cache poisoning
vulnerability by defaulting the query args separator to &,
and allowing the user to choose a custom separator. This
issue was assigned CVE-2021-23336.
- Upstreamed patches were removed:
- CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch
- bsc1167501-invalid-alignment.patch
- skip_random_failing_tests.patch
- CVE-2019-5010-null-defer-x509-cert-DOS.patch
++++ python-M2Crypto:
- Add 293_sslv23_padding.patch to avoid using RSA_SSLV23_PADDING
(gl#m2crypto/m2crypto#293, gh#openssl/openssl#14216).
++++ python-py:
- Update to 1.10.0
* Fix a regular expression DoS vulnerability in the py.path.svnwc
SVN blame functionality (CVE-2020-29651)
++++ qemu:
- Fix issue of virtio-9p-ccw having been mistakenly dropped from
qemu (bsc#1182496)
hw-s390x-fix-build-for-virtio-9p-ccw.patch
++++ vim:
- install suse vimrc in /usr (boo#1182324, vim-8.2.2411-globalvimrc.patch).
Add back some settings from defaults.vim that were in suse.vimrc before
- prevent double loading of spec.vim
------------------------------------------------------------------
------------------ 2021-2-18 - Feb 18 2021 -------------------
------------------------------------------------------------------
++++ NetworkManager:
- Update to version 1.30.0:
+ Increase timeout of NetworkManager-wait-online.service to 60
seconds.
+ Add "ipv4.dhcp-client-id=ipv6-duid" option for RFC4361.
+ The dhcpcd plugin now requires a minimum version of
dhcpcd-9.3.3 with the --noconfigure option. Using an older
version will cause dhcpcd to exit with a status code of 1.
+ Support building against musl libc.
+ Support new ethtool offload features.
+ Add support for WPA3 Enterprise Suite-B 192 bit mode.
+ Add support for handling Veth devices.
+ New hostname settings for controlling configuring the hostname
from reverse DNS lookup and from DHCP.
+ OVS: support configuring external-ids.
+ libnm: nm_setting_bond_add_option() no longer validates the
option that is set. Instead, use nm_connection_verify() to
validate the profile.
+ libnm: add support for reading/writing keyfile format. This
required to relicense previously GPL-2.0+ code as LGPL-2.1+
with the agreement of the copyright holders.
+ initrd:
- Support for rd.net.timeout.carrier option.
- Support new ip method "link6" for IPv6 link-local only.
+ build: new configure option to set path to
"polkit-agent-helper-1".
+ Many bugfixes and improvements.
+ Updated translations.
- Change License to GPL-2.0-or-later and LGPL-2.1-or-later,
following upstream.
- Replace %systemd_requires with %systemd_ordering.
++++ e2fsprogs:
- Remove autoreconf (and resulting dependencies) from the spec file. The
upstream configure script should be fine.
++++ glibc:
- Prepare for usrmerge (bsc#1029961)
++++ grub2:
- Restore compatibilty sym-links
* grub2.spec
- Use rpmlintrc to filter out rpmlint 2.0 error (bsc#1179044)
* grub2.rpmlintrc
++++ kmod:
- Fix grub's requoted kernel parameters (bsc#1181111)
* 0001-libkmod-config-revamp-kcmdline-parsing-into-a-state-.patch
* 0002-libkmod-config-re-quote-option-from-kernel-cmdline.patch
++++ libnettle:
- GNU Nettle 3.7.1:
* Fix bug in chacha counter update logic (ppc64 and ppc64el)
* Restore support for big-endian ARM platforms
* Fix corner case bug in ECDSA verify, it would produce incorrect
result in the unlikely case of an all-zero message hash
* Support for pbkdf2_hmac_sha384 and pbkdf2_hmac_sha512
* Remove poorly performing ARM Neon code for doing single-block
Salsa20 and Chacha
++++ netcfg:
- services-create.pl: Switch to https (bsc#1182395)
++++ openssh:
- Drop openssh-7.7p1-allow_root_password_login.patch to prevent login
as root via password by default (is also upstream default). Comment
indicates that this was a temporary meassure that we now had for
five years, time to get rid of it (bsc#1173067)
++++ pam:
- Add missing conflicts for pam_unix-nis
++++ qemu:
- Tweaked some spec file details to be again compatible with quilt
setup using the spec file as input
- Remove BuildRequires that were added in anticipation of building
ovmf within this package. We have not taken that route
++++ vim:
- source correct suse.vimrc file (boo#1182324)
------------------------------------------------------------------
------------------ 2021-2-17 - Feb 17 2021 -------------------
------------------------------------------------------------------
++++ crypto-policies:
- Update to version 20210213.5c710c0: [bsc#1180938]
* setup_directories(): perform safer creation of directories
* save_config(): avoid re-opening output file for each iteration
* save_config(): break after first match to avoid unnecessary stat() calls
* CryptoPolicy.parse(): actually stop parsing line on syntax error
* ProfileConfig.parse_string(): correctly extended subpolicies
* Exclude RC4 from LEGACY
* Introduce rc4_md5_in_krb5 to narrow AD_SUPPORT
* code style: fix 'not in' membership testing
* pylintrc: tighten up a bit
* formatting: avoid long lines
* formatting: use f-strings instead of format()
* formatting: reformat all python code with autopep8
* nss: postponing the version check again, to 3.61
* Revert "Unfortunately we have to keep ignoring the openssh check for sk-"
++++ dracut:
- Update to version 052+suse.93.g7bfaa6d9:
* fix(dbus-daemon): make sure that dbus.socket is stopped before switch root (bsc#1181167)
- Update to version 052+suse.91.gb30dce3c:
* chore: update suse/dracut.spec
- Update to version 052+suse.88.gc78b4ac8:
Highlights: https://github.com/dracutdevs/dracut/releases/tag/052
* fix(i18n): get rid of `eval` calls
* fix(i18n): create the keyboard symlinks again
* docs: update NEWS.md and AUTHORS
* chore: add `CONTRIBUTORS` target to Makefile
* fix: shellcheck across multiple modules
* docs: fix dracut.cmdline.7
* fix: update dbus module directory in spec file
* fix: add sdaskpw and sdsyctl to spec file
* fix: cosmetic comment fixes
* feat(systemd-ask-password): introducing systemd-ask-password module
* Revert "nbd: use systemd-run to start nbd-client"
* dmsquash-live-root: squashfs in bare device
* feat(systemd-sysctl): introducing systemd-sysctl module
* fix: adding missing efi paths
* fix: correct the squash quirk
* feat(systemd-modules-load): introducing systemd-modules-load module
* fix(shutdown): add timeout to umount calls
* fix: revise all module checks
* fix: add missing line continuation
* fix: BuildRequiring git-core is enough in dracut.spec
* fix(kernel-modules): add reset controllers for arm
* 35network-legacy: discard pointless RTNETLINK message
* fix(plymouth): install binaries with dependencies
* fix: correct the line continuation
* fix(dbus-daemon): use uid/gid from sysroot is dracutsysrootdir is set
* fix(network-manager): allow override network manager version
* feat(dracut.sh): allow overriding the systemctl command for sysroot
* fix: use find_binary
* fix(dracut.sh): don't override path with foreign sysroot
* fix: quote globbing in module-setup.sh for inst_multiple
* fix(dracut-install): allow globbing for multiple sources
* Fix bad ls parsing
* fix: move ldconfig after library workaround
* feat(kernel-modules): add driver memory
* feat(systemd-repart): introducing systemd-repart module
* feat(dbus-daemon): introducing the dbus-daemon module
* feat(dbus-broker): introducing the dbus-broker module
* feat(dbus): introducing a meta module for dbus
* fix(network-legacy): silent check for leaseinfo
* 95nfs: fix rpc.statd installation
* fix: do not set cmdline for uefi images unless asked
* feat(network-legacy): send dhcp in parallel on all devices
* fix(mdraid): remove offroot
* fix(mdraid): add grow continue service
* fix(spec): add new systemd-coredump module to spec
* fix(watchdog): replace return with echo
* feat(systemd-coredump): introducing systemd-coredump module
* prepare usrmerge (boo#1029961)
* test: incr. disk size for TEST 35 ISCSI-MULTI
* fix(skipcpio): edit skipcpio.c: strstr -> memmem
* fix(1007): adding shared keyring mode to type unit
* feat(systemd-sysusers): introducing systemd-sysuser module
* feat(systemd-sysusers): introducing systemd-sysuser module
* fix(1001): use efivars fs over the deprecated sysfs entries
* fix(kernel-network-modules): also install modules from mdio subdirectory
* fix(06dbus): do not hardcode path to dbus utils
* fix(06dbus): do not hardcode path to systemd unit
* fix(dracut-init.sh): make inst_libdir_file work with dracutsysrootdir set
* fix(99squash): use kernel config instead of modprobe to check modules
* fix(dracut-functions.sh): check kernel config from $dracutsysrootdir
* fix(90kernel-modules): install generic crypto modules with hostonly unset
* feat: add addional global variables
* fix: add a missing efi support
* chore(removal): eliminate bootchart module
* feat: add addional global variables
* feat(cli): add --no-uefi option
* chore(github): add CODEOWNERS file
* chore(cleanup): remove logrotate file
* fix(35network-manager): avoid restarting NetworkManager
* chore: Add configuration for vim
* chore: Add editorconfig
* chore: Editors
* test(conventional): add Conventional Commits PR github action
* docs(development): add HACKING.md
++++ transactional-update:
- Version 3.1.4
- SELinux: Fix syncing of SELinux attributes when using overlays
- SELinux: Tag the overlay directory itself (again)
++++ glib2:
- Update to version 2.67.4:
+ Add a `g_string_replace()` function.
+ Add `G_DBUS_SERVER_FLAGS_AUTHENTICATION_REQUIRE_SAME_USER` flag
to simplify the common case for writing a D-Bus authentication
observer, allowing most uses of `GDBusAuthObserver` to be
dropped.
+ Add a new `g_spawn_with_pipes_and_fds()` variant which supports
renumbering FDs.
+ Add new g_memdup2() API to replace g_memdup(), which is
vulnerable to a silent integer truncation and heap overflow
problem if not used carefully.
+ Fix various regressions caused by rushed security fixes in
2.66.6.
+ Fix a silent integer truncation when calling
g_byte_array_new_take() for byte arrays bigger than G_MAXUINT.
+ Fix `g_utf8_strdown()` to fix some issues in Turkish.
+ Updated translations.
++++ kernel-default:
- Update config files: Set reset-raspberrypi as builtin (bsc#1180336)
This driver is needed in order to boot through USB. Ideally the kernel
module should be selected by dracut, but it's not. So make it builtin
until the relevant dracut fixes are available.
- commit 8186eab
++++ at-spi2-core:
- Update to version 2.39.90:
+ Fix build with X11 disabled.
+ Various fixes for the new device API used for key monitoring
and grabbing.
+ Fixed several memory leaks.
++++ libgcrypt:
- libgcrypt 1.9.2:
* Fix building with --disable-asm on x86
* Check public key for ECDSA verify operation
* Make sure gcry_get_config (NULL) returns a nul-terminated
string
* Fix a memory leak in the ECDH code
* Fix a reading beyond end of input buffer in SHA2-avx2
- remove obsolete texinfo packaging macros
++++ systemd:
- Drop use of %systemd_postun in %postun
This macro is supposed to operate on units but it was used without
passing any parameters. This call was probably used for issuing a
daemon-reload but the following calls to
%systemd_postun_with_restart imply that already. So let's simply
drop it.
++++ libvirt:
- qemu: Add virtio related options to vsock
8a4b8996-conf-move-virDomainCheckVirtioOptions.patch,
c05f0066-conf-drop-empty-virDomainNetDefPostParse.patch,
19d4e467-conf-improve-virDomainVirtioOptionsCheckABIStability.patch,
bd112c9e-qemu-virtio-options-vsock.patch
bsc#1182365
++++ libzypp:
- Patch: Identify well-known category names (bsc#1179847)
This allows to use the RH and SUSE patch categrory names
synonymously:
(recommendedi = bugfix) and (optional = feature = enhancement).
- Add missing includes for GCC 11 compatibility. (bsc#1181874)
- Fix %posttrans script execution (fixes #265)
The scripts are execuable. No need to call them through 'sh -c'.
- Commit: Fix rpmdb compat symlink in case rpm got removed.
- Repo: Allow multiple baseurls specified on one line (fixes #285)
- Regex: Fix memory leak and undefined behavior.
- Add rpm buildrequires for test suite (fixes #279)
- Use rpmdb2solv new -D switch to tell the location ob the
rpmdatabase to use.
- BuildRequires: libsolv-devel >= 0.7.17.
- version 17.25.7 (22)
++++ patterns-base:
- Don't pull in update_test pattern from sw_management
- Move aaa_base-malloccheck from update_test to base
++++ python-M2Crypto:
- OpenSSL allows the verificaton to continue on
UNABLE_TO_VERIFY_LEAF_SIGNATURE
* This unifies the behaviour of a single certificate with an
unknown CA certificate with a self-signed certificate.
- Add python-M2Crypto-Allow-on-UNABLE_TO_VERIFY_LEAF_SIGNATURE.patch
(Thanks for Debian,
https://salsa.debian.org/python-team/packages/m2crypto/-/commit/e0e9ad5cfff8)
- Add source signature file
++++ qemu:
- Fix uninitialized variable in ipxe driver code (boo#1181922)
ath5k-Add-missing-AR5K_EEPROM_READ-in-at.patch
- Add a few improvements to the git-based package workflow scripts
++++ systemd-default-settings:
- Import 0.6
d3fab7c Introduce SLE-Micro branding
------------------------------------------------------------------
------------------ 2021-2-16 - Feb 16 2021 -------------------
------------------------------------------------------------------
++++ e2fsprogs:
- Update to 1.46.1:
* Fix setting extended attributes in libext2fs and debugfs
* Fix e2fsck to accept large_dir directories greater than 4G
* Fix fast commit support on big endian architectures
* Fix mke2fs -d to correctly import a small file stored using inline_data
feature and which has ACL or extended attribute
* Various compilation fixes
* Speedup bitmap loading for large filesystems using multiple threads
* Speedup mke2fs for bigalloc filesystems
* E2fsck fixes when rehashing directories
* Fix e2fsck crashes on maliciously corrupted filesystems
* Fix e2fsck handling of duplicated case-folded file names
* Implement hashed directory support in libext2fs
* Support for fast commit feature
* Support for combination of casefolding and encryption
* Support for stable inodes feature
* Add support for per-inode DAX flag
* Fix tune2fs to unlock MMP on failure
* Fix e2fsck buffer overflow when scanning directory blocks
* Fix resize2fs overflowing block group descriptors with 1k block size
- delete e2fsprogs-1.45.2-gettext.patch - it was merged upstream
- Add autoconf-archive to build requirements
- Fix installation of info files for older distros
++++ glibc:
- Add --enable-memory-tagging for aarch64
++++ gsettings-desktop-schemas:
- Update to version 40.beta:
+ Use pgUp/Down shortcuts for horizontal workspace switching.
+ Add super-based workspace navigation shortcuts.
+ Remove “gnome-fallback†as a valid session name.
+ Fix summary of `two-finger-scroll-enabled` key.
+ Updated translations.
++++ kernel-default:
- series.conf: cleanup
- move patches on the way to mainline into respective section
patches.suse/drm-bail-out-of-nouveau_channel_new-if-channel-init-.patch
patches.suse/media-uvcvideo-Accept-invalid-bFormatIndex-and-bFram.patch
patches.suse/media-dvb-usb-Fix-memory-leak-at-error-in-dvb_usb_de.patch
patches.suse/media-dvb-usb-Fix-use-after-free-access.patch
patches.suse/media-pwc-Use-correct-device-for-DMA.patch
- commit 8309a4e
++++ kernel-firmware:
- Correct the RPi4 brcm config to recover the WiFi breakage
(bsc#1182320):
Revert-brcm-rpi4-boardflags3-bit.patch
++++ avahi:
- Update avahi-daemon-check-dns.sh from Debian. Our previous
version relied on ifconfig, route, and init.d.
- Rebase avahi-daemon-check-dns-suse.patch, and drop privileges
when invoking avahi-daemon-check-dns.sh (boo#1180827
CVE-2021-26720).
- Add sudo to requires: used to drop privileges.
++++ util-linux:
- Update to version 2.36.2:
* agetty: tty eol defaults to REPRINT
* fsck.cramfs: fix fsck.cramfs crashes on blocksizes > 4K
* lib/caputils: add fall back for last cap using prctl.
* lib/signames: change license to public domain
* libfdisk:
* (dos) fix last possible sector calculation
* (script) ignore empty values for start and size
* ignore 33553920 byte optimal I/O size
* libmount:
* add vboxsf, virtiofs to pseudo filesystems
* do not canonicalize ZFS source dataset
* don't use "symfollow" for helpers on user mounts (boo#1181750,
obsoletes util-linux-libmount-dont-use-symfollow.patch)
* fix /{etc,proc}/filesystems use
* login: use full tty path for PAM_TTY
* lsblk: read SCSI_IDENT_SERIAL also from udev
* rfkill: stop execution when rfkill device cannot be opened
* setpriv: allow using [-+]all for capabilities.
* su: use full tty path for PAM_TTY
* switch_root: check if mount point to move even exists
* umount:
* ignore --no-canonicalize,-c for non-root users
* Show the 'r' option in the help menu
* Code cleanups and documentation improvements.
* Translation updates.
++++ pam:
- Split out pam_unix module and build without NIS support
++++ patterns-base:
- Suggest ed to prefer it over busybox-ed
++++ salt:
- Always require python3-distro (bsc#1182293)
++++ qemu:
- Include additional upstream patches designated as stable material
and reviewed for applicability to include here
blockjob-Fix-crash-with-IOthread-when-bl.patch
monitor-Fix-assertion-failure-on-shutdow.patch
qemu-nbd-Use-SOMAXCONN-for-socket-listen.patch
qemu-storage-daemon-Enable-object-add.patch
++++ u-boot-rpiarm64:
Fix boot for BananaPi R2 (bsc#1180732).
Speed up boot time for RPi2.
Patch queue updated from git://github.com/openSUSE/u-boot.git tumbleweed-2021.01
* Patches added:
0032-configs-BPI-R2-Disable-EFI-Grub-wor.patch
0033-configs-RPi2-Disable-EFI-Grub-worka.patch
- Add qemu-riscv64spl
Patch queue updated from git://github.com/openSUSE/u-boot.git tumbleweed-2021.01
* Patches added:
0031-efi_loader-Avoid-emitting-efi_var_b.patch
- Drop pcm051rev3 for Phytec Wega board
++++ util-linux-systemd:
- Update to version 2.36.2:
* agetty: tty eol defaults to REPRINT
* fsck.cramfs: fix fsck.cramfs crashes on blocksizes > 4K
* lib/caputils: add fall back for last cap using prctl.
* lib/signames: change license to public domain
* libfdisk:
* (dos) fix last possible sector calculation
* (script) ignore empty values for start and size
* ignore 33553920 byte optimal I/O size
* libmount:
* add vboxsf, virtiofs to pseudo filesystems
* do not canonicalize ZFS source dataset
* don't use "symfollow" for helpers on user mounts (boo#1181750,
obsoletes util-linux-libmount-dont-use-symfollow.patch)
* fix /{etc,proc}/filesystems use
* login: use full tty path for PAM_TTY
* lsblk: read SCSI_IDENT_SERIAL also from udev
* rfkill: stop execution when rfkill device cannot be opened
* setpriv: allow using [-+]all for capabilities.
* su: use full tty path for PAM_TTY
* switch_root: check if mount point to move even exists
* umount:
* ignore --no-canonicalize,-c for non-root users
* Show the 'r' option in the help menu
* Code cleanups and documentation improvements.
* Translation updates.
++++ xkeyboard-config:
- Update to version 2.32
* latest bugfix release
------------------------------------------------------------------
------------------ 2021-2-15 - Feb 15 2021 -------------------
------------------------------------------------------------------
++++ transactional-update:
- Version 3.1.3
- Fix overlay syncing on SELinux systems
- Fix resuming transactions where the parent does not exist any more
++++ kernel-default:
- kernel-binary.spec: Add back initrd and image symlink ghosts to
filelist (bsc#1182140).
Fixes: 76a9256314c3 ("rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082).")
- commit 606c9d1
- rpm/post.sh: Avoid purge-kernel for the first installed kernel (bsc#1180058)
- commit c29e77d
- Refresh
patches.suse/drm-bail-out-of-nouveau_channel_new-if-channel-init-.patch.
- Refresh
patches.suse/media-uvcvideo-Accept-invalid-bFormatIndex-and-bFram.patch.
Update upstream status.
- commit 1916d9d
++++ libaio:
- Update to version libaio0.3.112+29.696a5e6483ba:
* Fix test issue with gcc-11 (bsc#1181869)
* harness: Skip the test if io_pgetevents() is not implemented
* harness: Print better error messages on error conditions in 22.t
* harness: Fix PROT_WRITE mmap check
* harness: fix read into PROT_WRITE mmap test
* harness: skip 22.p if async_poll isn't supported
* harness: Handle -ENOTSUP from io_submit() with RWF_NOWAIT
* harness: Add fallback code for filesystems not supporting O_DIRECT
* harness: add support for skipping tests
* harness: Make the test exit with a code matching the pass/fail state
++++ ncurses:
- Add ncurses patch 20210213
+ add test/back_ground.c, to exercise the wide-character background
functions.
+ add a check in _nc_build_wch() in case the background character is a
wide-character, rather than a new part of a multibyte character.
+ improve tracemunch's coverage of form/menu/panel libraries.
+ improve tracemunch's checking/reporting the type for the first
parameter, e.g., "WINDOW*" rather than "#1".
++++ openssh:
- Add openssh-whitelist-syscalls.patch (bsc#1182232), fixing
failure to accept connections on 32-bit platforms with
glibc 2.33+.
++++ sysuser-tools:
- Don't abort on unbound first argument
++++ u-boot-rpiarm64:
- Fix binary extension for sunxi based boards
------------------------------------------------------------------
------------------ 2021-2-14 - Feb 14 2021 -------------------
------------------------------------------------------------------
++++ docker:
[NOTE: This update was only ever released in SLES and Leap.]
- It turns out the boo#1178801 libnetwork patch is also broken on Leap, so drop
the patch entirely. bsc#1180401 bsc#1182168
- boo1178801-0001-Add-docker-interfaces-to-firewalld-docker-zone.patch
++++ kernel-default:
- Update to 5.11 final
- refresh configs
- commit 253d8c6
++++ llvm15:
- Don't use gold and ThinLTO on ppc64le because of boo#1181621.
- Fix-missing-include.patch: fix build with GCC 11. (boo#1181875)
- CMake-Look-up-target-subcomponents-in-LLVM_AVAILABLE_LIBS.patch:
Fix target component lookup. (boo#1180748)
++++ libpcap:
- Update to 1.10.0
* Require, and assume, some level of C99 support in the C compiler
* Add support for capturing on DPDK devices
* rpcap: support rpcap-over-TLS
* Fix some memory leaks, including in pcap_compile()
* Linux: handle systems without AF_INET or AF_UNIX socket support
* Catch invalid IPv4 addresses in filters
* Show special Linux BPF offsets symbolically in bpf_image()
and bpf_dump()
* Linux: get rid of Wireless Extensions for turning monitor mode on
* Linux: proper memory sync for PACKET_MMAP
* Linux: drop support for libnl 1 and 2.
* Linux: Require PF_PACKET support, and kernel 2.6.27 or later
* Add DLT_LINUX_SLL2
* Add a new filter "ifindex" for DLT_LINUX_SLL2 files and live
Linux captures
* optimizer: add a hack to try to catch certain optimizer loops
* Probe CONFIGURATION descriptor of connected USB devices
* Linux: return error on interface going away, but not if it just
went down
* Linux: set socket protocol only after packet ring configured,
reducing bogus packet drop reports
* Linux: get ifdrop stats from sysfs.
* Fix various security issues reported by Charles Smith at
Tangible Security
* Fix various security issues reported by Include Security
* rpcapd: on UN*X, don't tell the client why authentication failed
* Linux: when adjusting BPF programs, do not subtract the
SLL[2]_HDR_LEN if the location is negative (special
metadata offset)
* Linux: with a timeout of zero, wait indefinitely
* Linux: clean up support for some non-GNU libc C libraries
* Increase the maximum snaplen for LINKTYPE_USBPCAP/DLT_USBPCAP
* Fix handling of some ioctls that fail with "permission denied"
even when the ioctl isn't supported at all
* Added support for ICMPv6 types 1-4 as tokens in filters
* Report the DLT description in error messages
* Linux: Add support for DSA data link types
* Linux USB: use the snapshot length to set the buffer size,
and set the len field to reflect the length in the URB
* rpcapd: allow rpcapd to rebind more rapidly
* Add Haiku pcap implementation
* rpcap: redo protocol version negotiation to avoid problems
with old servers (it still works with servers using the old
negotiation, as well as servers not supporting negotiation)
* Remove (unused) SITA support here.
* Correctly handle pcapng captures with more than one IDB with a
snspshot length greater than the supported maximum
- Remove libpcap-no-old-socket.patch
- Rebase libpcap-1.0.0-s390.patch
++++ python-pyzmq:
- Update to 22.0.3
* Fix fork-safety bug in garbage collection thread (regression
in 20.0) when using subprocesses.
- Changes in 22.0.1
* Fix type of Frame.bytes for non-copying recvs with CFFI
backend (regression in 21.0)
- Changes in 22.0.0
* This is a major release due to changes in wheels and building
on Windows. Code changes from 21.0 are minimal.
* Some typing fixes
* Bump bundled libzmq to 4.3.4
- Relevant Changes in 21.0
* pyzmq 21 is a major version bump because of dropped support
for old Pythons and some changes in packaging. CPython users
should not face major compatibility issues if installation
works at all :) PyPy users may see issues with the new
implementation of send/recv. If you do, please report them!
The big changes are:
* drop support for Python 3.5. Python >= 3.6 is required
* mypy type stubs, which should improve static analysis of
pyzmq, especially for dynamically defined attributes such as
zmq constants. These are new! Let us know if you find any
issues.
* support for zero-copy and sending bufferables with cffi
backend. This is experimental! Please report issues.
Packaging updates:
* Require Python >= 3.6, required for good type annotation
support
* rework cffi backend in setup.py
New features:
* zero-copy support in CFFI backend (send(copy=False) now does
something).
* Support sending any buffer-interface-providing objects in CFFI
backend.
Bugs fixed:
* Errors during teardown of asyncio Sockets
- Don't test numpy on python36 flavor, because python36-numpy is
no longer available in Tumbleweed (NEP 29)
- Make sure we use the Cython backend, not CFFI, wich is for PyPy.
* fixes gh#zeromq/pyzmq#1431 and gh#zeromq/pyzmq#1432
- Remove skip_test_tracker.patch
- Got an oom error on the build service: Require at least 8GB of
RAM through _constraints file
++++ tar:
- GNU tar 1.34:
* Fix extraction over pipe
* Fix memory leak in read_header
* Fix extraction when . and .. are unreadable
* Gracefully handle duplicate symlinks when extracting
* Re-initialize supplementary groups when switching to user
privileges
------------------------------------------------------------------
------------------ 2021-2-13 - Feb 13 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Linux 5.10.16 (bsc#1012628).
- squashfs: add more sanity checks in xattr id lookup
(bsc#1012628).
- squashfs: add more sanity checks in inode lookup (bsc#1012628).
- squashfs: add more sanity checks in id lookup (bsc#1012628).
- squashfs: avoid out of bounds writes in decompressors
(bsc#1012628).
- Revert "mm: memcontrol: avoid workload stalls when lowering
memory.high" (bsc#1012628).
- nilfs2: make splice write available again (bsc#1012628).
- drm/i915: Skip vswing programming for TBT (bsc#1012628).
- drm/i915: Fix ICL MG PHY vswing handling (bsc#1012628).
- bpf: Fix verifier jsgt branch analysis on max bound
(bsc#1012628).
- bpf: Fix 32 bit src register truncation on div/mod
(bsc#1012628).
- bpf: Fix verifier jmp32 pruning decision logic (bsc#1012628).
- regulator: Fix lockdep warning resolving supplies (bsc#1012628).
- blk-cgroup: Use cond_resched() when destroy blkgs (bsc#1012628).
- i2c: mediatek: Move suspend and resume handling to NOIRQ phase
(bsc#1012628).
- SUNRPC: Handle 0 length opaque XDR object data properly
(bsc#1012628).
- SUNRPC: Move simple_get_bytes and simple_get_netobj into
private header (bsc#1012628).
- iwlwifi: queue: bail out on invalid freeing (bsc#1012628).
- iwlwifi: mvm: guard against device removal in reprobe
(bsc#1012628).
- iwlwifi: pcie: add rules to match Qu with Hr2 (bsc#1012628).
- iwlwifi: mvm: invalidate IDs of internal stations at mvm start
(bsc#1012628).
- iwlwifi: pcie: fix context info memory leak (bsc#1012628).
- iwlwifi: pcie: add a NULL check in iwl_pcie_txq_unmap
(bsc#1012628).
- iwlwifi: mvm: take mutex for calling iwl_mvm_get_sync_time()
(bsc#1012628).
- iwlwifi: mvm: skip power command when unbinding vif during CSA
(bsc#1012628).
- ASoC: Intel: sof_sdw: set proper flags for Dell TGL-H SKU 0A5E
(bsc#1012628).
- ASoC: ak4458: correct reset polarity (bsc#1012628).
- ALSA: hda: intel-dsp-config: add PCI id for TGL-H (bsc#1012628).
- pNFS/NFSv4: Improve rejection of out-of-order layouts
(bsc#1012628).
- pNFS/NFSv4: Try to return invalid layout in
pnfs_layout_process() (bsc#1012628).
- chtls: Fix potential resource leak (bsc#1012628).
- ASoC: Intel: Skylake: Zero snd_ctl_elem_value (bsc#1012628).
- mac80211: 160MHz with extended NSS BW in CSA (bsc#1012628).
- drm/nouveau/nvif: fix method count when pushing an array
(bsc#1012628).
- ASoC: wm_adsp: Fix control name parsing for multi-fw
(bsc#1012628).
- regulator: core: avoid regulator_resolve_supply() race condition
(bsc#1012628).
- af_key: relax availability checks for skb size calculation
(bsc#1012628).
- powerpc/64/signal: Fix regression in __kernel_sigtramp_rt64()
semantics (bsc#1012628).
- gpiolib: cdev: clear debounce period if line set to output
(bsc#1012628).
- io_uring: drop mm/files between task_work_submit (bsc#1012628).
- io_uring: reinforce cancel on flush during exit (bsc#1012628).
- io_uring: fix sqo ownership false positive warning
(bsc#1012628).
- io_uring: fix list corruption for splice file_get (bsc#1012628).
- io_uring: fix flush cqring overflow list while
TASK_INTERRUPTIBLE (bsc#1012628).
- io_uring: fix cancellation taking mutex while
TASK_UNINTERRUPTIBLE (bsc#1012628).
- io_uring: replace inflight_wait with tctx->wait (bsc#1012628).
- io_uring: fix __io_uring_files_cancel() with
TASK_UNINTERRUPTIBLE (bsc#1012628).
- io_uring: if we see flush on exit, cancel related tasks
(bsc#1012628).
- io_uring: account io_uring internal files as REQ_F_INFLIGHT
(bsc#1012628).
- io_uring: fix files cancellation (bsc#1012628).
- io_uring: always batch cancel in *cancel_files() (bsc#1012628).
- io_uring: pass files into kill timeouts/poll (bsc#1012628).
- io_uring: don't iterate io_uring_cancel_files() (bsc#1012628).
- io_uring: add a {task,files} pair matching helper (bsc#1012628).
- io_uring: simplify io_task_match() (bsc#1012628).
- commit 11381f3
------------------------------------------------------------------
------------------ 2021-2-12 - Feb 12 2021 -------------------
------------------------------------------------------------------
++++ transactional-update:
- Version 3.1.2
- libtukit: Report when application was terminated due to a signal, and
return the signal number as a return value. This will cause the
transaction to be aborted when called via `execute`.
- libtukit: Set PATH variable for internal commands to fixed value to
find the helper applications, as in some environments such as PolicyKit
PATH wouldn't be set.
- Fix compiler warnings
++++ gtk3:
- Update to version 3.24.25:
+ Settings: Make cursor aspect ratio setting work.
+ Broadway:
- Fix touchscreen event handling.
- Support Android / Chrome on-screen keyboard.
+ Wayland:
- Avoid crashes with tablet input.
- Add api to support clients with subsurfaces better.
+ Inspector: Make the inspector available in non-debug builds.
+ Theme:
- Make scrollbars larger.
- Disable shadows on maximized, fullscreen and tiled windows.
+ Printing: Support Avahi-discovered printers better.
+ Input:
- Show preedit for compose sequences.
- Support long compose sequences.
- Support compose sequences producing multiple characters.
+ Updated translations.
++++ kernel-default:
- Update config files: enable CONFIG_SERIAL_DEV_CTRL_TTYPORT on x86 (bsc#1182035)
For supporting MS Surface devices. This required CONFIG_SERIAL_DEV_BUS
to be built-in. Also this allowed CONFIG_BT_HCIUART_BCM=y as well.
- commit 52688e6
- media: pwc: Use correct device for DMA (bsc#1181133).
- commit 721eebd
- Drop pwc fix patch; it'll be replaced with the upstream fix (bsc#1181133)
- commit 2202405
- Update config files: armv7hl: Set ledtrig-default-on as builtin (bsc#1182128)
- commit fa9dd94
++++ mpfr:
- Add cummulative patch mpfr-4.1.0-p7.diff fixing various bugs.
++++ openssl-3:
- Update to 3.0.0 Alpha 11
* Deprecated the obsolete X9.31 RSA key generation related
functions BN_X931_generate_Xpq(), BN_X931_derive_prime_ex(),
and BN_X931_generate_prime_ex().
* Deprecated the type OCSP_REQ_CTX and the functions OCSP_REQ_CTX_*().
These were used to collect all necessary data to form a HTTP
request, and to perform the HTTP transfer with that request.
With OpenSSL 3.0, the type is OSSL_HTTP_REQ_CTX, and the
deprecated functions are replaced with OSSL_HTTP_REQ_CTX_*().
* Validation of SM2 keys has been separated from the validation of
regular EC keys, allowing to improve the SM2 validation process
to reject loaded private keys that are not conforming to the SM2
ISO standard. In particular, a private scalar 'k' outside the
range '1 <= k < n-1' is now correctly rejected.
* Behavior of the 'pkey' app is changed, when using the '-check'
or '-pubcheck' switches: a validation failure triggers an early
exit, returning a failure exit status to the parent process.
* Changed behavior of SSL_CTX_set_ciphersuites() and
SSL_set_ciphersuites() to ignore unknown ciphers.
* All of the low level EC_KEY functions have been deprecated.
* Functions that read and write EC_KEY objects and that assign or
obtain EC_KEY objects from an EVP_PKEY are also deprecated.
* Added the '-copy_extensions' option to the 'x509' command for use
with '-req' and '-x509toreq'. When given with the 'copy' or
'copyall' argument, all extensions in the request are copied to
the certificate or vice versa.
* Added the '-copy_extensions' option to the 'req' command for use
with '-x509'. When given with the 'copy' or 'copyall' argument,
all extensions in the certification request are copied to the
certificate.
* The 'x509', 'req', and 'ca' commands now make sure that X.509v3
certificates they generate are by default RFC 5280 compliant in
the following sense: There is a subjectKeyIdentifier extension
with a hash value of the public key and for not self-signed certs
there is an authorityKeyIdentifier extension with a keyIdentifier
field or issuer information identifying the signing key. This is
done unless some configuration overrides the new default behavior,
such as 'subjectKeyIdentifier = none' and 'authorityKeyIdentifier
= none'.
++++ python-cffi:
- update to 1.14.5:
* Source fix for old gcc versions
++++ system-users:
- Revert /var/lib/ntp to the ownership and permissions it had in
the ntp package. It should be owned by root and not be writable
by the ntp user, because it is the base of ntpd's chroot
envoronment and the ntp user is not supposed to log in anyway.
++++ systemd-rpm-macros:
- Bump version to 10
- Make upstream %systemd_{pre,post,preun,postun} aliases to their SUSE
counterparts
Packagers can now choose to use the upstream or the SUSE variants
indifferently. For consistency the SUSE variants should be preferred
since almost all SUSE packages already use them but the upstream
versions might be usefull in certain cases where packages need to
support multiple distros based on RPM.
- Improve the logic used to apply the presets (bsc#1177039)
Before presests were applied at a) package installation b) new units
introduced via a package update (but after making sure that it was
not a SysV initscript being converted).
The problem is that a) didn't handle package a renaming or split
properly since the package with the new name is installed rather
being updated and therefore the presets were applied even if they
were already with the old name.
We now cover this case (and the other ones) by applying presets only
if the units are new and the services are not being migrated. This
regardless of whether this happens during an install or an update.
------------------------------------------------------------------
------------------ 2021-2-11 - Feb 11 2021 -------------------
------------------------------------------------------------------
++++ apparmor:
- merge libapparmor.changes into apparmor.changes
++++ glib2:
- Update to version 2.67.3:
+ Add new `g_memdup2()` API to replace `g_memdup()`, which is
vulnerable to a silent integer truncation and heap overflow
problem if not used carefully.
+ Add new `g_dbus_object_path_escape()` and
`g_dbus_object_path_unescape()` APIs to provide one way of
escaping arbitrary bytestrings for use in D-Bus object paths.
+ Use `bash-completion.pc` (if available) to provide the path to
install completion files into.
+ Fix support for public/private trigraphs in `glib-mkenums`.
+ Add `glib_debug` configure option to allow disabling debug
infrastructure in builds with debug symbols enabled.
+ Fix a regression where `PATH` would always be searched when
using `g_spawn()`, even when it wasn’t supposed to.
+ Override `gio-querymodules` in Meson when used as a submodule.
+ Updated translations.
- Rebase glib2-dbus-socket-path.patch.
- Update to version 2.67.2:
+ Add `gio launch` command to execute programs.
+ Fix unused parameter warnings in code generated by
`gdbus-codegen`.
+ Officially deprecate `to-pixdata` option for
`glib-compile-resources`, in favour of simply embedding more
modern image formats in linked-in `GResource` files.
+ Support querying and running UWP applications on Windows.
+ Support `gio trash --restore` and `gio trash --list` commands.
+ No longer read environment variables for GIO module locations
when running as setuid.
+ More progress on fixing compiler warnings.
+ `GKeyFile` performance improvements.
+ Improve UDP socket behaviour on Windows.
+ Add `-Dtests` meson configure option for disabling tests
entirely.
- Changes from version 1.67.1:
+ Deprecate `g_time_zone_new()` in favour of
`g_time_zone_new_identifier()`, which makes error checking
easier.
+ Remove `volatile` from various public APIs, including
`G_DEFINE_*`. You should adjust your code to not use `volatile`
for atomic variables, `GOnce` variables, or mostly anything.
+ Support passing file handles to `gdbus` command line tool.
+ Add `g_assert_cmpstrv()` test convenience function.
+ Changes to the behaviour of the `G_URI_FLAGS_SCHEME_NORMALIZE`
scheme normalization flag in `GUri`.
+ Add new `--run-prefix` and `--skip-prefix` options to GTest, to
allow running or skipping test suites by prefix.
+ Fix thread-safety of `GBinding`.
+ Updated translations.
- Rebase glib2-bgo569829-gettext-gkeyfile.patch,
glib2-fate300461-gettext-gkeyfile-suse.patch,
glib2-dbus-socket-path.patch and
glib2-gdbus-codegen-version.patch.
- Update to version 2.66.7:
+ Fix various regressions caused by rushed security fixes in
2.66.6.
+ Fix a silent integer truncation when calling
`g_byte_array_new_take()` for byte arrays bigger than
`G_MAXUINT`.
+ Disallow using currently-undefined D-Bus connection or server
flags to prevent forward-compatibility problems with new
security-sensitive flags likely to be released in GLib 2.68.
+ Bugs fixed: glgo#GNOME/GLib!1933, glgo#GNOME/GLib!1943,
glgo#GNOME/GLib!1944, glgo#GNOME/GLib!1945.
- disable irrelevant warnings
- use macros in spec file
- simplify trigger code
++++ kernel-default:
- btrfs: fix crash after non-aligned direct IO write with O_DSYNC
(bsc#1181605).
- commit 9e44573
- Update config files: Set ledtrig-default-on as builtin (bsc#1182128)
- commit 7800832
- Update config files. Enable DWC3 on x86_64
DWC3 is now needed on x86_64, too, with the added benefit
of making x86_64 and ARM64 closer (jsc#SLE-14042)
- commit ad4ea5b
++++ kernel-default-base:
- Add modules which got lost when migrating away from supported.conf
(bsc#1182110):
* am53c974 had a typo
* cls_bpf, iscsi_ibft, libahci, libata, openvswitch, sch_ingress
- Also add vport-* modules for Open vSwitch
++++ libapparmor:
- merge libapparmor.changes into apparmor.changes
++++ libdatrie:
- update to 0.2.13:
- Fix wrong key listing in byte trie
- Fix cross-compiling issue caused by AC_FUNC_MALLOC
- Fix isspace() arg problem on NetBSD.
- Fix some documentations.
- Really use TRIE_CHAR_TERM in TrieChar string termination.
Changing TRIE_CHAR_TERM definition now won't break the code.
- Fix Windows build issue by avoiding <unistd.h> include.
- [New APIs] Add serialization of the trie into memory buffer.
++++ pango:
- Update to version 1.48.2:
+ Fix memory leaks reported by asan
+ Avoid overflow in pango_attr_list_update
+ Add a valgrind suppression file
+ Make tests more robust
+ Fix pango_font_describe for Emoji fonts
++++ procps:
- Add /usr/share/man/uk dir to file list for lang sub package
++++ libvirt:
- qemu: Fix swtpm device with aarch64
7cf60006-qemu-swtpm-aarch64.patch,
afb823fc-qemu-validate-swtpm.patch
bsc#1181893
++++ perl-Bootloader:
- merge gh#openSUSE/perl-bootloader#133
- use shim on aarch64 (jsc#SLE-15823, jsc#SLE-15020)
- 0.933
++++ salt:
- virt: search for grub.xen path
- Xen spicevmc, DNS SRV records backports:
Fix virtual network generated DNS XML for SRV records
Don't add spicevmc channel to xen VMs
- virt UEFI fix: virt.update when efi=True
- Added:
* virt-uefi-fix-backport-312.patch
* 3002.2-xen-spicevmc-dns-srv-records-backports-314.patch
* open-suse-3002.2-xen-grub-316.patch
++++ sysuser-tools:
- Remove sysusers/nscd workaround
++++ u-boot-rpiarm64:
- Add Pinephone
------------------------------------------------------------------
------------------ 2021-2-10 - Feb 10 2021 -------------------
------------------------------------------------------------------
++++ btrfsmaintenance:
- Require libzypp plugin only if zypper is used (Required for e.g.
image based systems).
++++ docker:
- Fix incorrect cast in SUSE secrets patches causing warnings on SLES.
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
++++ filesystem:
- Add Ukrainian to the list of localized man directories.
++++ gnutls:
- Fix the test suite for tests/gnutls-cli-debug.sh [bsc#1171565]
* Don't unset system priority settings in gnutls-cli-debug.sh
* Upstream: gitlab.com/gnutls/gnutls/merge_requests/1387
- Add gnutls-gnutls-cli-debug.patch
- Fix: Test certificates in tests/testpkcs11-certs have expired
* Upstream bug: gitlab.com/gnutls/gnutls/issues/1135
- Add gnutls-test-fixes.patch
++++ kernel-default:
- Linux 5.10.15 (bsc#1012628).
- USB: serial: cp210x: add pid/vid for WSDA-200-USB (bsc#1012628).
- USB: serial: cp210x: add new VID/PID for supporting Teraoka
AD2000 (bsc#1012628).
- USB: serial: option: Adding support for Cinterion MV31
(bsc#1012628).
- usb: host: xhci: mvebu: make USB 3.0 PHY optional for Armada
3720 (bsc#1012628).
- USB: gadget: legacy: fix an error code in eth_bind()
(bsc#1012628).
- usb: gadget: aspeed: add missing of_node_put (bsc#1012628).
- USB: usblp: don't call usb_set_interface if there's a single
alt (bsc#1012628).
- usb: renesas_usbhs: Clear pipe running flag in usbhs_pkt_pop()
(bsc#1012628).
- usb: dwc2: Fix endpoint direction check in ep_from_windex
(bsc#1012628).
- usb: dwc3: fix clock issue during resume in OTG mode
(bsc#1012628).
- usb: xhci-mtk: fix unreleased bandwidth data (bsc#1012628).
- usb: xhci-mtk: skip dropping bandwidth of unchecked endpoints
(bsc#1012628).
- usb: xhci-mtk: break loop when find the endpoint to drop
(bsc#1012628).
- ARM: OMAP1: OSK: fix ohci-omap breakage (bsc#1012628).
- arm64: dts: qcom: c630: keep both touchpad devices enabled
(bsc#1012628).
- Input: i8042 - unbreak Pegatron C15B (bsc#1012628).
- arm64: dts: amlogic: meson-g12: Set FL-adj property value
(bsc#1012628).
- arm64: dts: rockchip: fix vopl iommu irq on px30 (bsc#1012628).
- arm64: dts: rockchip: Use only supported PCIe link speed on
Pinebook Pro (bsc#1012628).
- ARM: dts: stm32: Fix polarity of the DH DRC02 uSD card detect
(bsc#1012628).
- ARM: dts: stm32: Connect card-detect signal on DHCOM
(bsc#1012628).
- ARM: dts: stm32: Disable WP on DHCOM uSD slot (bsc#1012628).
- ARM: dts: stm32: Disable optional TSC2004 on DRC02 board
(bsc#1012628).
- ARM: dts: stm32: Fix GPIO hog flags on DHCOM DRC02
(bsc#1012628).
- vdpa/mlx5: Fix memory key MTT population (bsc#1012628).
- bpf, cgroup: Fix optlen WARN_ON_ONCE toctou (bsc#1012628).
- bpf, cgroup: Fix problematic bounds check (bsc#1012628).
- bpf, inode_storage: Put file handler if no storage was found
(bsc#1012628).
- um: virtio: free vu_dev only with the contained struct device
(bsc#1012628).
- bpf, preload: Fix build when $(O) points to a relative path
(bsc#1012628).
- arm64: dts: meson: switch TFLASH_VDD_EN pin to open drain on
Odroid-C4 (bsc#1012628).
- r8169: work around RTL8125 UDP hw bug (bsc#1012628).
- rxrpc: Fix deadlock around release of dst cached on udp tunnel
(bsc#1012628).
- arm64: dts: ls1046a: fix dcfg address range (bsc#1012628).
- SUNRPC: Fix NFS READs that start at non-page-aligned offsets
(bsc#1012628).
- igc: set the default return value to -IGC_ERR_NVM in
igc_write_nvm_srwr (bsc#1012628).
- igc: check return value of ret_val in
igc_config_fc_after_link_up (bsc#1012628).
- i40e: Revert "i40e: don't report link up for a VF who hasn't
enabled queues" (bsc#1012628).
- ibmvnic: device remove has higher precedence over reset
(bsc#1012628).
- net/mlx5: Fix leak upon failure of rule creation (bsc#1012628).
- net/mlx5e: Update max_opened_tc also when channels are closed
(bsc#1012628).
- net/mlx5e: Release skb in case of failure in tc update skb
(bsc#1012628).
- net: lapb: Copy the skb before sending a packet (bsc#1012628).
- net: mvpp2: TCAM entry enable should be written after SRAM data
(bsc#1012628).
- r8169: fix WoL on shutdown if CONFIG_DEBUG_SHIRQ is set
(bsc#1012628).
- net: ipa: pass correct dma_handle to dma_free_coherent()
(bsc#1012628).
- ARM: dts: sun7i: a20: bananapro: Fix ethernet phy-mode
(bsc#1012628).
- nvmet-tcp: fix out-of-bounds access when receiving multiple
h2cdata PDUs (bsc#1012628).
- vdpa/mlx5: Restore the hardware used index after change map
(bsc#1012628).
- memblock: do not start bottom-up allocations with kernel_end
(bsc#1012628).
- kbuild: fix duplicated flags in DEBUG_CFLAGS (bsc#1012628).
- thunderbolt: Fix possible NULL pointer dereference in
tb_acpi_add_link() (bsc#1012628).
- ovl: fix dentry leak in ovl_get_redirect (bsc#1012628).
- ovl: avoid deadlock on directory ioctl (bsc#1012628).
- ovl: implement volatile-specific fsync error behaviour
(bsc#1012628).
- mac80211: fix station rate table updates on assoc (bsc#1012628).
- gpiolib: free device name on error path to fix kmemleak
(bsc#1012628).
- fgraph: Initialize tracing_graph_pause at task creation
(bsc#1012628).
- tracing/kprobe: Fix to support kretprobe events on unloaded
modules (bsc#1012628).
- kretprobe: Avoid re-registration of the same kretprobe earlier
(bsc#1012628).
- tracing: Use pause-on-trace with the latency tracers
(bsc#1012628).
- tracepoint: Fix race between tracing and removing tracepoint
(bsc#1012628).
- libnvdimm/namespace: Fix visibility of namespace resource
attribute (bsc#1012628).
- libnvdimm/dimm: Avoid race between probe and
available_slots_show() (bsc#1012628).
- genirq: Prevent [devm_]irq_alloc_desc from returning irq 0
(bsc#1012628).
- genirq/msi: Activate Multi-MSI early when
MSI_FLAG_ACTIVATE_EARLY is set (bsc#1012628).
- scripts: use pkg-config to locate libcrypto (bsc#1012628).
- xhci: fix bounce buffer usage for non-sg list case
(bsc#1012628).
- RISC-V: Define MAXPHYSMEM_1GB only for RV32 (bsc#1012628).
- cifs: report error instead of invalid when revalidating a
dentry fails (bsc#1012628).
- iommu: Check dev->iommu in dev_iommu_priv_get() before
dereferencing it (bsc#1012628).
- smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1012628).
- smb3: fix crediting for compounding when only one request in
flight (bsc#1012628).
- mmc: sdhci-pltfm: Fix linking err for sdhci-brcmstb
(bsc#1012628).
- mmc: core: Limit retries when analyse of SDIO tuples fails
(bsc#1012628).
- Fix unsynchronized access to sev members through
svm_register_enc_region (bsc#1012628).
- drm/dp/mst: Export drm_dp_get_vc_payload_bw() (bsc#1012628).
- drm/i915: Fix the MST PBN divider calculation (bsc#1012628).
- drm/i915/gem: Drop lru bumping on display unpinning
(bsc#1012628).
- drm/i915/gt: Close race between enable_breadcrumbs and
cancel_breadcrumbs (bsc#1012628).
- drm/i915/display: Prevent double YUV range correction on HDR
planes (bsc#1012628).
- drm/i915: Extract intel_ddi_power_up_lanes() (bsc#1012628).
- drm/i915: Power up combo PHY lanes for for HDMI as well
(bsc#1012628).
- drm/amd/display: Revert "Fix EDID parsing after resume from
suspend" (bsc#1012628).
- io_uring: don't modify identity's files uncess identity is cowed
(bsc#1012628).
- nvme-pci: avoid the deepest sleep state on Kingston A2000 SSDs
(bsc#1012628).
- KVM: SVM: Treat SVM as unsupported when running as an SEV guest
(bsc#1012628).
- KVM: x86/mmu: Fix TDP MMU zap collapsible SPTEs (bsc#1012628).
- KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off
(bsc#1012628).
- KVM: x86: fix CPUID entries returned by KVM_GET_CPUID2 ioctl
(bsc#1012628).
- KVM: x86: Update emulator context mode if SYSENTER xfers to
64-bit mode (bsc#1012628).
- KVM: x86: Set so called 'reserved CR3 bits in LM mask' at vCPU
reset (bsc#1012628).
- DTS: ARM: gta04: remove legacy spi-cs-high to make display
work again (bsc#1012628).
- ARM: dts; gta04: SPI panel chip select is active low
(bsc#1012628).
- ARM: footbridge: fix dc21285 PCI configuration accessors
(bsc#1012628).
- ARM: 9043/1: tegra: Fix misplaced tegra_uart_config in
decompressor (bsc#1012628).
- mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page
(bsc#1012628).
- mm: hugetlb: fix a race between freeing and dissolving the page
(bsc#1012628).
- mm: hugetlb: fix a race between isolating and freeing page
(bsc#1012628).
- mm: hugetlb: remove VM_BUG_ON_PAGE from page_huge_active
(bsc#1012628).
- mm, compaction: move high_pfn to the for loop scope
(bsc#1012628).
- mm/vmalloc: separate put pages and flush VM flags (bsc#1012628).
- mm: thp: fix MADV_REMOVE deadlock on shmem THP (bsc#1012628).
- mm/filemap: add missing mem_cgroup_uncharge() to
__add_to_page_cache_locked() (bsc#1012628).
- x86/build: Disable CET instrumentation in the kernel
(bsc#1012628).
- x86/debug: Fix DR6 handling (bsc#1012628).
- x86/debug: Prevent data breakpoints on __per_cpu_offset
(bsc#1012628).
- x86/debug: Prevent data breakpoints on cpu_dr7 (bsc#1012628).
- x86/apic: Add extra serialization for non-serializing MSRs
(bsc#1012628).
- Input: goodix - add support for Goodix GT9286 chip
(bsc#1012628).
- Input: xpad - sync supported devices with fork on GitHub
(bsc#1012628).
- Input: ili210x - implement pressure reporting for ILI251x
(bsc#1012628).
- md: Set prev_flush_start and flush_bio in an atomic way
(bsc#1012628).
- igc: Report speed and duplex as unknown when device is runtime
suspended (bsc#1012628).
- neighbour: Prevent a dead entry from updating gc_list
(bsc#1012628).
- net: ip_tunnel: fix mtu calculation (bsc#1012628).
- udp: ipv4: manipulate network header of NATed UDP GRO fraglist
(bsc#1012628).
- net: dsa: mv88e6xxx: override existent unicast portvec in
port_fdb_add (bsc#1012628).
- net: sched: replaced invalid qdisc tree flush helper in
qdisc_replace (bsc#1012628).
- commit 24c2efe
++++ avahi:
- Drop configure --libexecdir variable as it does not appear
to be used by the source archive.
++++ util-linux:
- libmount: don't use "symfollow" for helpers on user mounts
(boo#1181750, util-linux-libmount-dont-use-symfollow.patch)
++++ rdma-core:
- Update to rdma-core v31.3
- No release notes available
- Fix patch to systemd-modules-load script (bsc#1178539)
- Drop srp_daemon-Fix-systemd-dependency.patch as it was merged upstream
++++ multipath-tools:
- Update to version 0.8.5+22+suse.e1e3c48:
* multipath-tools tests: fix stringop-overflow build errors with gcc 11
(bsc#1181877)
* README moved to README.md (has been converted to markdown upstream)
++++ procps:
- Fix directory for Ukrainian man pages translations.
- Move localized man pages to lang package.
- Remove obsolete conditionals.
- Remove obsolete --enable-oomem option.
- Run spec-cleaner.
- Update to procps-ng-3.3.17
* library: Incremented to 8:3:0
(no removals or additions, internal changes only)
* all: properly handle utf8 cmdline translations issue #176
* kill: Pass int to signalled process merge #32
* pgrep: Pass int to signalled process merge #32
* pgrep: Check sanity of SG_ARG_MAX issue #152
* pgrep: Add older than selection merge #79
* pidof: Quiet mode merge #83
* pidof: show worker threads Redhat #1803640
* ps.1: Mention stime alias issue #164
* ps: check also match on truncated 16 char comm names
* ps: Add exe output option Redhat #1399206
* ps: A lot more sorting available merge #99
* pwait: New command waits for a process merge #97
* sysctl: Match systemd directory order Debian #950788
* sysctl: Document directory order Debian #951550
* top: ensure config file backward compatibility Debian #951335
* top: add command line 'e' for symmetry with 'E' issue #165
* top: add '4' toggle for two abreast cpu display issue #172
* top: add '!' toggle for combining multiple cpus
* top: fix potential SEGV involving -p switch merge #114
* vmstat: Wide mode gives wider proc columns merge #48
* watch: Add environment variable for interval merge #62
* watch: Add no linewrap option issue #182
* watch: Support more colors merge #106,#109
* free,uptime,slabtop: complain about extra ops issue #181
- Remove now obsolete upstream patches
* procps-check-sanity-of-SC_ARG_MAX.patch
* procps-ng-3e1c00d0.patch
- Port patches
* procps-ng-3.3.10-integer-overflow.patch
* procps-ng-3.3.10-large_pcpu.patch
* procps-ng-3.3.8-accuracy.dif
* procps-ng-3.3.8-bnc634840.patch
* procps-ng-3.3.8-petabytes.patch
* procps-ng-3.3.8-tinfo.dif
* procps-ng-3.3.9-w-notruncate.diff
* procps-v3.3.3-read-sysctls-also-from-boot-sysctl.conf-kernelversion.diff
++++ util-linux-systemd:
- libmount: don't use "symfollow" for helpers on user mounts
(boo#1181750, util-linux-libmount-dont-use-symfollow.patch)
------------------------------------------------------------------
------------------ 2021-2-9 - Feb 9 2021 -------------------
------------------------------------------------------------------
++++ boost-base:
- Fix HPC build on ARM. It seems boost_serialization libraries
are no longer implicitly build with this setup.
++++ ca-certificates-mozilla:
- Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994)
- Added new root CAs:
- NAVER Global Root Certification Authority
- Removed old root CA:
- GeoTrust Global CA
- GeoTrust Primary Certification Authority
- GeoTrust Primary Certification Authority - G3
- GeoTrust Universal CA
- GeoTrust Universal CA 2
- thawte Primary Root CA
- thawte Primary Root CA - G2
- thawte Primary Root CA - G3
- VeriSign Class 3 Public Primary Certification Authority - G4
- VeriSign Class 3 Public Primary Certification Authority - G5
++++ crypto-policies:
- Use tar_scm service, not obs_scm: With crypto-policies entering
Ring0 (distro bootstrap) we want to be sure to keep the buildtime
deps as low as possible.
- Add python3-base BuildRequires: previously, OBS' tar service
pulled this in for us.
++++ transactional-update:
- Version 3.1.1
- Fix hang in tukit on aarch64 [bsc#1181844]
- Prevent deletion of snapshots when resuming a snapshot where no
transaction is open
- Make tukit work in non-dbus environments [boo#1181934]
++++ kernel-default:
- Update
patches.kernel.org/5.10.13-143-vsock-fix-the-race-conditions-in-multi-transp.patch
(bsc#1012628 bsc#1181806 CVE-2021-26708).
Add CVE number.
- commit bf327d1
++++ kernel-firmware:
- Update to version 20210208 (commit b79d2396bc63):
* Mellanox: Add new mlxsw_spectrum firmware xx.2008.2304
* linux-firmware: add firmware for MT7921
* rtw88: RTL8821C: Update firmware to v24.8
* linux-firmware: Update firmware file for Intel Bluetooth AX210
* linux-firmware: Update firmware file for Intel Bluetooth AX200
* linux-firmware: Update firmware file for Intel Bluetooth AX201
* i915: Add DMC v2.01 for ADL-S
* i915: Add HuC v7.7.1 for DG1
* i915: Add GuC v49.0.1 for DG1
* qcom: Add venus firmware files for VPU-1.0
* qcom: Add SM8250 Compute DSP firmware
* qcom: Add SM8250 Audio DSP firmware
* qcom: add firmware files for Adreno a650
++++ augeas:
- Add new directives and options supported in chrony since 3.3 up to 4.0.
* augeas-new_options_for_chrony.patch
* [bsc#1178470]
* sourced from https://github.com/hercules-team/augeas/pull/698
++++ util-linux:
- Override GTKDOCIZE with /bin/true so we can run autoreconf
without needing gtk-doc as a dependency.
++++ libcap:
- update to 2.48:
* More uniform use of $(MAKE) in Makefiles
* No longer include symlinks in the git tree
* Provide support for make GOLANG=no ...
* Provide support for pointing at a specific build of the go binary
* camelCase the contrib/seccomp/explore.go program
* A number of documentation fixes to man pages and source code comments
* Last use of GO major version 0
++++ libevent:
- Drop insserv_prereq and fillup_prereq macros: there are no
pre-scripts that would justify these dependencies.
++++ libisofs:
- update to 1.5.4:
* Bug fix: Large amounts of AAIP data or many long file names could cause
with zisofs an unreadable filesystem after the warning "Calculated and
written ECMA-119 tree end differ" Bug fix: Big-Endian MIPS Volume Header
boot file size was rounded up to full 2048.
* Bug fix: El Torito production failed if no catalog path is given and the
first boot image path contains no slash
* Bug fix: zisofs production was wrong on big-endian machines
* Bug fix: Apple Partition Map entries wrote uninitialized data
* Bug fix: Appended APM partitions without HFS+ production had start
and size 1
* Switched to usage of libjte-2.0.0
* Implemented production and reading of zisofs2 for files larger than
4 GiB - 1
* New struct iso_zisofs_ctrl version 2
* New API call iso_stream_get_zisofs_par()
* New API call iso_stream_zisofs_discard_bpt()
* New API call iso_image_zisofs_discard_bpt()
* New flag bits 8 to 15 in API call iso_node_zf_by_magic()
* New API call iso_zisofs_ctrl_susp_z2()
* New API call iso_read_opts_set_joliet_map(), new default
joliet_map=stripped
* New API calls iso_read_image_features_tree_loaded() and
iso_read_image_features_rr_loaded()
++++ json-glib:
- Update to version 1.6.2:
+ Fix build reproducibility.
+ Fix parsing of UTF-16 surrogate pairs.
+ Ignore UTF-8 BOM.
++++ ncurses:
- For (lib)pcre2 support the devel package has to require this
++++ python310-core:
- Add Obsoletes for python3-base when primary interpreter is set to
properly replace it during upgrades. (bsc#1181324)
++++ unbound:
- update to 1.13.1
Features
- Merge PR #375 by fhriley: Add rpz_enable and rpz_disable commands
to unbound-control.
- Merge PR #391 from fhriley: Add start_time to reply callbacks so
modules can compute the response time.
- Fix #397: [Feature request] add new type always_null to local-zone
similar to always_nxdomain.
- Support for RFC5001: DNS Name Server Identifier (NSID) Option
with the nsid: option in unbound.conf
- Padding of queries and responses with DNS over TLS as specified in
RFC7830 and RFC8467.
- Merge PR #275 from Roland van Rijswijk-Deij: Add feature to return the
original instead of a decrementing TTL ('serve-original-ttl')
Bug Fixes
- Fix #358: Squelch udp connect 'no route to host' errors on low
verbosity.
- Fix #360: for the additionally reported TCP Fast Open makes TCP
connections fail, in that case we print a hint that this is
happening with the error in the logs.
- Fix #356: deadlock when listening tcp.
- Fix unbound-dnstap-socket to not use log routine from interrupt
handler and not print so frequently when invoked in sequence.
- Fix on windows to ignore connection failure on UDP, unless verbose.
- make depend.
- Fix #371: unbound-control timeout when Unbound is not running.
- Fix to squelch permission denied and other errors from remote host,
they are logged at higher verbosity but not on low verbosity.
- Merge PR #335 from fobser: Sprinkle in some static to prevent
missing prototype warnings.
- Merge PR #373 from fobser: Warning: arithmetic on a pointer to void
is a GNU extension.
- Fix missing prototypes in the code.
- Fix error cases when udp-connect is set and send() returns an error
(modified patch from Xin Li @delphij).
- For #376: Fix that comm point event is not double removed or double
added to event map.
- iana portlist updated.
- Fix #385: autoconf 2.70 impacts unbound build
- Fix #379: zone loading over HTTP appears to have buffer issues.
- Merge PR #395 from mptre: add missing null check.
- Fix #387: client-subnet-always-forward seems to effectively bypass
any caching?
- For #391: use struct timeval* start_time for callback information.
- For #391: fix indentation.
- For #391: more double casts in python start time calculation.
- Add comment documentation.
- Fix clang analysis warning.
- Fix so local zone types always_nodata and always_deny can be used
from the config file.
- Merge #399 from xiangbao227: The lock of lruhash table should
unlocked after markdel entry.
- Fix for #93: dynlibmodule link fix for Windows.
- Fix for #93: dynlibmodule import library is named libunbound.dll.a.
- Merge #402 from fobser: Implement IPv4-Embedded addresses according
to RFC6052.
- Fix #404: DNS query with small edns bufsize fail.
- Fix declaration before statement and signed comparison warning in
dns64.
- Fix TTL of SOA record for negative answers (localzone and
authzone data) to be the minimum of the SOA TTL and the SOA.MINIMUM.
- Fix compile of unbound-dnstap-socket without dnstap installed.
- Merge PR #355 from noloader: Make ICANN Update CA and DS Trust Anchor
static data.
- Ignore cache blacklisting when trying to reply with expired data from
cache (#394).
- Merge PR #408 from fobser: Prevent a few more yacc clashes.
- Annotate that we ignore the return value of if_indextoname.
- Fix to use correct type for label count in rpz routine.
- Fix empty clause warning in config_file nsid parse.
- Fix to use correct type for label count in ipdnametoaddr rpz routine.
- Fix empty clause warning in edns pass for padding.
- Fix for doxygen 1.8.20 compatibility.
- Attempt to fix NULL keys in the reuse_tcp tree; relates to #411.
- Fix dynlibmod link on rhel8 for -ldl inclusion.
- Fix windows dependency on libssp.dll because of default stack
protector in mingw.
- Fix indentation of root anchor for use by windows install script.
++++ libvirt:
- build: Fix generation of virtproxyd socket files
e3d60f76-fix-socket-file-gen.patch
boo#1181838
++++ python310:
- Add Obsoletes for python3-base when primary interpreter is set to
properly replace it during upgrades. (bsc#1181324)
++++ python-Jinja2:
- update to 2.11.3
* Improve the speed of the urlize filter by reducing regex backtracking.
Email matching requires a word character at the start of the domain part
and only word characters in the TLD (CVE-2020-28493 bsc#1181944).
++++ python-charset-normalizer:
- Switch to PyPI source
- Add Suggests: python-unicodedata2
- Remove executable bit from charset_normalizer/assets/frequencies.json
- Update to v1.3.6
* Allow prettytable 2.0
- from v1.3.5
* Dependencies refactor and add support for py 3.9 and 3.10
* Fix version parsing
++++ util-linux-systemd:
- Override GTKDOCIZE with /bin/true so we can run autoreconf
without needing gtk-doc as a dependency.
------------------------------------------------------------------
------------------ 2021-2-8 - Feb 8 2021 -------------------
------------------------------------------------------------------
++++ apparmor:
- avoid file listed twice error
++++ crypto-policies:
- Add a BuildIgnore for crypto-policies
- Use gzip instead of xz in obscpio and sources
++++ dnsmasq:
- update to 2.84:
* Change HAVE_NETTLEHASH compile-time to HAVE_CRYPTOHASH
* Tidy initialisation in hash_questions.c
* Optimise sort_rrset for the case where the RR type
* Move fd into frec_src
++++ elfutils:
- Update to version 0.183:
debuginfod: New thread-busy metric and more detailed error metrics.
New --fdcache-mintmp and tracking of filesystem freespace.
New increased webapi concurrency while grooming.
debuginfod-client: DEBUGINFOD_SONAME macro added to debuginfod.h which
can be used to dlopen the libdebuginfod.so library.
New function debuginfod_set_verbose_fd and
DEBUGINFOD_VERBOSE environment variable.
config: profile.sh and profile.csh won't export DEBUGINFOD_URLS unless
configured --enable-debuginfod-urls[=URLS]
elflint, readelf: Recognize SHF_GNU_RETAIN.
Handle SHT_X86_64_UNWIND as valid relocation target.
- Remove config-do-not-define-DEBUGINFOD_URLS-environment-var.patch patch.
++++ filesystem:
- prepare usrmerge (boo#1029961):
* Decide at build time whether file lists for usrmerge or legacy
should be created.
* convert file system in %pre if needed
++++ gnutls:
- gnutls_x509_trust_list_verify_crt2: ignore duplicate certificates
* Upstream bug: https://gitlab.com/gnutls/gnutls/issues/1131
- Add gnutls-ignore-duplicate-certificates.patch
++++ kernel-default:
- config: arm64: Use y for CLK_RK3399
This is to fix booting on RK3399 systems (JeOS-rockpi4)
When compiled as 'm' there are lots of errors related to clk and no host mmc
controler initialized.
- commit 52fdc54
++++ libapparmor:
- avoid file listed twice error
++++ ncurses:
- Add ncurses patch 20210206
+ provide for wide-characters as background character in wbkgrnd
(report/testcase by Anton Vidovic)
+ add name for Fedora's pcre2 to configure check for "--with-pcre2"
option, from xterm #363 -TD
+ modify adjustment in PutCharLR to restore the cursor position before
writing to the lower-right corner, rather than decrementing the
cursor column, in case it was a double-width character (cf: 20210130).
++++ python310-core:
- Update to 3.9.1:
Security bugs:
- Prevented potential DoS attack via CPU and RAM exhaustion
when processing malformed Apple Property List files in binary
format.
- The plistlib module no longer accepts entity declarations in
XML plist files to avoid XML vulnerabilities. This should not
affect users as entity declarations are not used in regular
plist files.
- Add volatile to the accumulator variable in
hmac.compare_digest, making constant-time-defeating
optimizations less likely.
Core and Builtins
- Allow assignment expressions in set literals and set
comprehensions as per PEP 572. Patch by Pablo Galindo.
- Fix a regression introduced by the new parser, where an
unparenthesized walrus operator was not allowed within
generator expressions.
- types.GenericAlias objects can now be the targets of
weakrefs.
- Fixed a bug in the PEG parser that was causing crashes in
debug mode. Now errors are checked in left-recursive rules to
avoid cases where such errors do not get handled in time and
appear as long-distance crashes in other places.
- Fixed a possible crash in the PEG parser when checking for
the ‘!=’ token in the barry_as_flufl rule. Patch by Pablo
Galindo.
- Fix handling of errors during creation of PyFunctionObject,
which resulted in operations on uninitialized memory. Patch
by Yonatan Goldschmidt.
- Fix a bug in the parser, where a curly brace following
a primary didn’t fail immediately. This led to invalid
expressions like a {b} to throw a SyntaxError with a wrong
offset, or invalid expressions ending with a curly brace like
a { to not fail immediately in the REPL.
- Fix possible buffer overflow in the new parser when checking
for continuation lines. Patch by Pablo Galindo.
- Run the parser two times. On the first run, disable all the
rules that only generate better error messages to gain
performance. If there’s a parse failure, run the parser
a second time with those enabled.
- Document the default implementation of object.__eq__.
- Fix peephole optimizer misoptimize conditional jump
+ JUMP_IF_NOT_EXC_MATCH pair.
- The garbage collector now tracks all user-defined classes.
Patch by Brandt Bucher.
- Fixed potential issues with removing not completely
initialized module from sys.modules when import fails.
- Star-unpacking is now allowed for with item’s targets in the
PEG parser.
- Fixed stack overflow in issubclass() and isinstance() when
getting the __bases__ attribute leads to infinite recursion.
- When loading a native module and a load failure occurs,
prevent a possible UnicodeDecodeError when not running in
a UTF-8 locale by decoding the load error message using the
current locale’s encoding.
- Correctly count control blocks in ‘except’ in compiler.
Ensures that a syntax error, rather a fatal error, occurs for
deeply nested, named exception handlers.
Library
- types.GenericAlias will now raise a TypeError when attempting
to initialize with a keyword argument. Previously, this would
cause the interpreter to crash if the interpreter was
compiled with debug symbols. This does not affect
interpreters compiled for release. Patch by Ken Jin.
- CGIHTTPRequestHandler.run_cgi() HTTP_ACCEPT improperly
parsed. Replace the special purpose getallmatchingheaders
with generic get_all method and add relevant tests.
- inspect.findsource() now raises OSError instead of IndexError
when co_lineno of a code object is greater than the file
length. This can happen, for example, when a file is edited
after it was imported. PR by Irit Katriel.
- Fix handling of trailing comments by inspect.getsource().
- ChainMap.__iter__ no longer calls __getitem__ on underlying
maps
- TracebackException no longer holds a reference to the
exception’s traceback object. Consequently, instances of
TracebackException for equivalent but non-equal exceptions
now compare as equal.
- We fixed an issue in pickle.whichmodule in which importing
multiprocessing could change the how pickle identifies which
module an object belongs to, potentially breaking the
unpickling of those objects.
- Clarify the error message for asyncio.IncompleteReadError
when expected is None.
- Extracting a symlink from a tarball should succeed and
overwrite the symlink if it already exists. The fix is to
remove the existing file or symlink before extraction. Based
on patch by Chris AtLee, Jeffrey Kintscher, and Senthil
Kumaran.
- Fixed tkinter.ttk.Style.map(). The function accepts now the
representation of the default state as empty sequence (as
returned by Style.map()). The structure of the result is now
the same on all platform and does not depend on the value of
wantobjects.
- Fix various issues with typing.Literal parameter handling
(flatten, deduplicate, use type to cache key). Patch provided
by Yurii Karabas.
- Fix the threading.Thread class at fork: do nothing if the
thread is already stopped (ex: fork called at Python exit).
Previously, an error was logged in the child process.
- The onerror callback from shutil.rmtree now receives correct
function when os.open fails.
- Fix os.sendfile() on illumos.
- Fixed writing binary Plist files larger than 4 GiB.
- The repr() of typing types containing Generic Alias Types
previously did not show the parameterized types in the
GenericAlias. They have now been changed to do so.
- webbrowser: Ignore NotADirectoryError when calling
xdg-settings.
- binhex.binhex() consisently writes macOS 9 line endings.
- Fix a stack overflow error for asyncio Task or Future repr().
- The overflow occurs under some circumstances when a Task or
Future recursively returns itself.
- Fix memory leak in subprocess.Popen() in case an uid (gid)
specified in user (group, extra_groups) overflows uid_t
(gid_t).
- Improve asyncio.wait function to create the futures set just
one time.
- InvalidFileException and RecursionError are now the only
errors caused by loading malformed binary Plist file
(previously ValueError and TypeError could be raised in some
specific cases).
- Pickling heap types implemented in C with protocols 0 and
1 raises now an error instead of producing incorrect data.
- plistlib: fix parsing XML plists with hexadecimal integer
values
- Fix an incorrectly formatted error from
_codecs.charmap_decode() when called with a mapped value
outside the range of valid Unicode code points. PR by Max
Bernstein.
- Fix pickling pure Python datetime.time subclasses. Patch by
Dean Inwood.
- Fixed a bug that was causing ctypes.util.find_library() to
return None when triying to locate a library in an
environment when gcc>=9 is available and ldconfig is not.
Patch by Pablo Galindo
- C14N 2.0 serialisation in xml.etree.ElementTree failed for
unprefixed attributes when a default namespace was defined.
- Fix a bug in the symtable module that was causing
module-scope global variables to not be reported as both
local and global. Patch by Pablo Galindo.
- str() for the type attribute of the tkinter.Event object
always returns now the numeric code returned by Tk instead of
the name of the event type.
- fix tkinter.EventType Enum so all members are strings, and
none are tuples
- Fix SQLite3 segfault when backing up closed database. Patch
contributed by Peter David McCormick.
- Fix the tarfile module to write only basename of TAR file to
GZIP compression header.
- Allow ctypes.wintypes to be imported on non-Windows systems.
- shutil.which() now ignores empty entries in PATHEXT instead
of treating them as a match.
- Fix time-of-check/time-of-action issue in
subprocess.Popen.send_signal.
- Fix --outfile for cProfile / profile not writing the output
file in the original directory when the program being
profiled changes the working directory. PR by Anthony
Sottile.
- ZipFile truncates files to avoid corruption when a shorter
comment is provided in append (“aâ€) mode. Patch by Jan Mazur.
- Fixed KeyError exception when flattening an email to a string
attempts to replace a non-existent Content-Transfer-Encoding
header.
Documentation
- Fix the URL for the IMAP protocol documents.
- Document __format__ functionality for IP addresses.
- Clarify that subscription expressions are also valid for
certain classes and types in the standard library, and for
user-defined classes and types if the classmethod
__class_getitem__() is provided.
- Documented generic alias type and types.GenericAlias. Also
added an entry in glossary for generic types.
- In Programming FAQ “Sequences (Tuples/Lists)†section, add
“How do you remove multiple items from a listâ€.
- Fix RemovedInSphinx40Warning when building the documentation.
Patch by Dong-hee Na.
- Update the refcounts info of PyType_FromModuleAndSpec.
- Fix tarfile’s extractfile documentation
- Document some restrictions on the default string
representations of numeric classes.
Tests
- Reenable test_gdb on gdb 9.2 and newer:
https://bugzilla.redhat.com/show_bug.cgi?id=1866884 bug is
fixed in gdb 10.1.
- Fix test_asyncio.test_call_later() race condition: don’t
measure asyncio performance in the call_later() unit test.
The test failed randomly on the CI.
- Include _testinternalcapi module in Windows installer for
test suite
- Fix test_logging.test_race_between_set_target_and_flush():
the test now waits until all threads complete to avoid
leaking running threads.
- Avoid a test failure in test_lib2to3 if the module has
already imported at the time the test executes. Patch by
Pablo Galindo.
- Tests for CJK codecs no longer call eval() on content
received via HTTP.
- Fix test_site.test_license_exists_at_url(): call
urllib.request.urlcleanup() to reset the global
urllib.request._opener. Patch by Victor Stinner.
- test_ssl: skip test_min_max_version_mismatch when TLS 1.0 is
not available
- Add tests for SIGINT handling in the runpy module.
- Fixed a failure in test_tk.test_widgets.ScaleTest happening
when executing the test with Tk 8.6.10.
Build
- Fix a race condition in “make regen-all†when make -jN option
is used to run jobs in parallel. The clinic.py script now
only use atomic write to write files. Moveover, generated
files are now left unchanged if the content does not change,
to not change the file modification time.
- Update Py_UNREACHABLE to use __builtin_unreachable() if only
the compiler is able to use it. Patch by Dong-hee Na.
- Addressed three compiler warnings found by undefined behavior
sanitizer (ubsan).
IDLE
- Fix reporting offset of the RE error in searchengine.
- Get docstrings for IDLE calltips more often by using
inspect.getdoc.
- Mostly finish using ttk widgets, mainly for editor, settings,
and searches. Some patches by Mark Roseman.
- Use ‘IDLE Shell’ as shell title
- Rewrite the Calltips doc section.
- In calltips, stop reminding that ‘/’ marks the end of
positional-only arguments.
- Typing opening and closing parentheses inside the parentheses
of a function call will no longer cause unnecessary
“flashing†off and on of an existing open call-tip, e.g. when
typed in a string literal.
C API
- Fix potential crash in deallocating method objects when
dynamically allocated PyMethodDef’s lifetime is managed
through the self argument of a PyCFunction.
- Py_FileSystemDefaultEncodeErrors and Py_UTF8Mode are
available again in limited API.
- Readjustet and reapplied patches:
- CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch
- bpo-31046_ensurepip_honours_prefix.patch
- python-3.3.0b1-fix_date_time_compiler.patch
- skip_random_failing_tests.patch
- sphinx-update-removed-function.patch
++++ rpm:
- Use shipped config.sub/config.guess instead of stone-aged from libtool
- auto-config-update-aarch64-ppc64le.diff: update grep regex
++++ libsoup:
- Disable tls_interaction-test until resolved upstream
* See https://gitlab.gnome.org/GNOME/libsoup/issues/120
- Add libsoup-skip-tls_interaction-test.patch
- Fix tests: fix SSL test with glib-networking >= 2.65.90
* See https://gitlab.gnome.org/GNOME/libsoup/issues/201
- Add libsoup-fix-SSL-test.patch
- Remove patches:
* libsoup-disable-ssl-tests.patch
* libsoup-disable-hsts-tests.patch
++++ python310:
- Update to 3.9.1:
Security bugs:
- Prevented potential DoS attack via CPU and RAM exhaustion
when processing malformed Apple Property List files in binary
format.
- The plistlib module no longer accepts entity declarations in
XML plist files to avoid XML vulnerabilities. This should not
affect users as entity declarations are not used in regular
plist files.
- Add volatile to the accumulator variable in
hmac.compare_digest, making constant-time-defeating
optimizations less likely.
Core and Builtins
- Allow assignment expressions in set literals and set
comprehensions as per PEP 572. Patch by Pablo Galindo.
- Fix a regression introduced by the new parser, where an
unparenthesized walrus operator was not allowed within
generator expressions.
- types.GenericAlias objects can now be the targets of
weakrefs.
- Fixed a bug in the PEG parser that was causing crashes in
debug mode. Now errors are checked in left-recursive rules to
avoid cases where such errors do not get handled in time and
appear as long-distance crashes in other places.
- Fixed a possible crash in the PEG parser when checking for
the ‘!=’ token in the barry_as_flufl rule. Patch by Pablo
Galindo.
- Fix handling of errors during creation of PyFunctionObject,
which resulted in operations on uninitialized memory. Patch
by Yonatan Goldschmidt.
- Fix a bug in the parser, where a curly brace following
a primary didn’t fail immediately. This led to invalid
expressions like a {b} to throw a SyntaxError with a wrong
offset, or invalid expressions ending with a curly brace like
a { to not fail immediately in the REPL.
- Fix possible buffer overflow in the new parser when checking
for continuation lines. Patch by Pablo Galindo.
- Run the parser two times. On the first run, disable all the
rules that only generate better error messages to gain
performance. If there’s a parse failure, run the parser
a second time with those enabled.
- Document the default implementation of object.__eq__.
- Fix peephole optimizer misoptimize conditional jump
+ JUMP_IF_NOT_EXC_MATCH pair.
- The garbage collector now tracks all user-defined classes.
Patch by Brandt Bucher.
- Fixed potential issues with removing not completely
initialized module from sys.modules when import fails.
- Star-unpacking is now allowed for with item’s targets in the
PEG parser.
- Fixed stack overflow in issubclass() and isinstance() when
getting the __bases__ attribute leads to infinite recursion.
- When loading a native module and a load failure occurs,
prevent a possible UnicodeDecodeError when not running in
a UTF-8 locale by decoding the load error message using the
current locale’s encoding.
- Correctly count control blocks in ‘except’ in compiler.
Ensures that a syntax error, rather a fatal error, occurs for
deeply nested, named exception handlers.
Library
- types.GenericAlias will now raise a TypeError when attempting
to initialize with a keyword argument. Previously, this would
cause the interpreter to crash if the interpreter was
compiled with debug symbols. This does not affect
interpreters compiled for release. Patch by Ken Jin.
- CGIHTTPRequestHandler.run_cgi() HTTP_ACCEPT improperly
parsed. Replace the special purpose getallmatchingheaders
with generic get_all method and add relevant tests.
- inspect.findsource() now raises OSError instead of IndexError
when co_lineno of a code object is greater than the file
length. This can happen, for example, when a file is edited
after it was imported. PR by Irit Katriel.
- Fix handling of trailing comments by inspect.getsource().
- ChainMap.__iter__ no longer calls __getitem__ on underlying
maps
- TracebackException no longer holds a reference to the
exception’s traceback object. Consequently, instances of
TracebackException for equivalent but non-equal exceptions
now compare as equal.
- We fixed an issue in pickle.whichmodule in which importing
multiprocessing could change the how pickle identifies which
module an object belongs to, potentially breaking the
unpickling of those objects.
- Clarify the error message for asyncio.IncompleteReadError
when expected is None.
- Extracting a symlink from a tarball should succeed and
overwrite the symlink if it already exists. The fix is to
remove the existing file or symlink before extraction. Based
on patch by Chris AtLee, Jeffrey Kintscher, and Senthil
Kumaran.
- Fixed tkinter.ttk.Style.map(). The function accepts now the
representation of the default state as empty sequence (as
returned by Style.map()). The structure of the result is now
the same on all platform and does not depend on the value of
wantobjects.
- Fix various issues with typing.Literal parameter handling
(flatten, deduplicate, use type to cache key). Patch provided
by Yurii Karabas.
- Fix the threading.Thread class at fork: do nothing if the
thread is already stopped (ex: fork called at Python exit).
Previously, an error was logged in the child process.
- The onerror callback from shutil.rmtree now receives correct
function when os.open fails.
- Fix os.sendfile() on illumos.
- Fixed writing binary Plist files larger than 4 GiB.
- The repr() of typing types containing Generic Alias Types
previously did not show the parameterized types in the
GenericAlias. They have now been changed to do so.
- webbrowser: Ignore NotADirectoryError when calling
xdg-settings.
- binhex.binhex() consisently writes macOS 9 line endings.
- Fix a stack overflow error for asyncio Task or Future repr().
- The overflow occurs under some circumstances when a Task or
Future recursively returns itself.
- Fix memory leak in subprocess.Popen() in case an uid (gid)
specified in user (group, extra_groups) overflows uid_t
(gid_t).
- Improve asyncio.wait function to create the futures set just
one time.
- InvalidFileException and RecursionError are now the only
errors caused by loading malformed binary Plist file
(previously ValueError and TypeError could be raised in some
specific cases).
- Pickling heap types implemented in C with protocols 0 and
1 raises now an error instead of producing incorrect data.
- plistlib: fix parsing XML plists with hexadecimal integer
values
- Fix an incorrectly formatted error from
_codecs.charmap_decode() when called with a mapped value
outside the range of valid Unicode code points. PR by Max
Bernstein.
- Fix pickling pure Python datetime.time subclasses. Patch by
Dean Inwood.
- Fixed a bug that was causing ctypes.util.find_library() to
return None when triying to locate a library in an
environment when gcc>=9 is available and ldconfig is not.
Patch by Pablo Galindo
- C14N 2.0 serialisation in xml.etree.ElementTree failed for
unprefixed attributes when a default namespace was defined.
- Fix a bug in the symtable module that was causing
module-scope global variables to not be reported as both
local and global. Patch by Pablo Galindo.
- str() for the type attribute of the tkinter.Event object
always returns now the numeric code returned by Tk instead of
the name of the event type.
- fix tkinter.EventType Enum so all members are strings, and
none are tuples
- Fix SQLite3 segfault when backing up closed database. Patch
contributed by Peter David McCormick.
- Fix the tarfile module to write only basename of TAR file to
GZIP compression header.
- Allow ctypes.wintypes to be imported on non-Windows systems.
- shutil.which() now ignores empty entries in PATHEXT instead
of treating them as a match.
- Fix time-of-check/time-of-action issue in
subprocess.Popen.send_signal.
- Fix --outfile for cProfile / profile not writing the output
file in the original directory when the program being
profiled changes the working directory. PR by Anthony
Sottile.
- ZipFile truncates files to avoid corruption when a shorter
comment is provided in append (“aâ€) mode. Patch by Jan Mazur.
- Fixed KeyError exception when flattening an email to a string
attempts to replace a non-existent Content-Transfer-Encoding
header.
Documentation
- Fix the URL for the IMAP protocol documents.
- Document __format__ functionality for IP addresses.
- Clarify that subscription expressions are also valid for
certain classes and types in the standard library, and for
user-defined classes and types if the classmethod
__class_getitem__() is provided.
- Documented generic alias type and types.GenericAlias. Also
added an entry in glossary for generic types.
- In Programming FAQ “Sequences (Tuples/Lists)†section, add
“How do you remove multiple items from a listâ€.
- Fix RemovedInSphinx40Warning when building the documentation.
Patch by Dong-hee Na.
- Update the refcounts info of PyType_FromModuleAndSpec.
- Fix tarfile’s extractfile documentation
- Document some restrictions on the default string
representations of numeric classes.
Tests
- Reenable test_gdb on gdb 9.2 and newer:
https://bugzilla.redhat.com/show_bug.cgi?id=1866884 bug is
fixed in gdb 10.1.
- Fix test_asyncio.test_call_later() race condition: don’t
measure asyncio performance in the call_later() unit test.
The test failed randomly on the CI.
- Include _testinternalcapi module in Windows installer for
test suite
- Fix test_logging.test_race_between_set_target_and_flush():
the test now waits until all threads complete to avoid
leaking running threads.
- Avoid a test failure in test_lib2to3 if the module has
already imported at the time the test executes. Patch by
Pablo Galindo.
- Tests for CJK codecs no longer call eval() on content
received via HTTP.
- Fix test_site.test_license_exists_at_url(): call
urllib.request.urlcleanup() to reset the global
urllib.request._opener. Patch by Victor Stinner.
- test_ssl: skip test_min_max_version_mismatch when TLS 1.0 is
not available
- Add tests for SIGINT handling in the runpy module.
- Fixed a failure in test_tk.test_widgets.ScaleTest happening
when executing the test with Tk 8.6.10.
Build
- Fix a race condition in “make regen-all†when make -jN option
is used to run jobs in parallel. The clinic.py script now
only use atomic write to write files. Moveover, generated
files are now left unchanged if the content does not change,
to not change the file modification time.
- Update Py_UNREACHABLE to use __builtin_unreachable() if only
the compiler is able to use it. Patch by Dong-hee Na.
- Addressed three compiler warnings found by undefined behavior
sanitizer (ubsan).
IDLE
- Fix reporting offset of the RE error in searchengine.
- Get docstrings for IDLE calltips more often by using
inspect.getdoc.
- Mostly finish using ttk widgets, mainly for editor, settings,
and searches. Some patches by Mark Roseman.
- Use ‘IDLE Shell’ as shell title
- Rewrite the Calltips doc section.
- In calltips, stop reminding that ‘/’ marks the end of
positional-only arguments.
- Typing opening and closing parentheses inside the parentheses
of a function call will no longer cause unnecessary
“flashing†off and on of an existing open call-tip, e.g. when
typed in a string literal.
C API
- Fix potential crash in deallocating method objects when
dynamically allocated PyMethodDef’s lifetime is managed
through the self argument of a PyCFunction.
- Py_FileSystemDefaultEncodeErrors and Py_UTF8Mode are
available again in limited API.
- Readjustet and reapplied patches:
- CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch
- bpo-31046_ensurepip_honours_prefix.patch
- python-3.3.0b1-fix_date_time_compiler.patch
- skip_random_failing_tests.patch
- sphinx-update-removed-function.patch
++++ qemu:
- Switch the modules qemu-ui-display-gpu and qemu-ui-display-gpu-pci
from being an x86 only Recommends, to a Recommends for all arch's
except s390x (boo#1181350)
- Fix qemu-hw-usb-smartcard to not be a Recommends for s390x
- Minor spec file tweaks for compatibility with upcoming spec file
formatter
- Make note that this patch takes care of an OOB access in ARM
interrupt handling (CVE-2021-20221 bsc#1181933)
hw-intc-arm_gic-Fix-interrupt-ID-in-GICD.patch
++++ toolbox:
- Update to version 2.1+git20210208.a720b25:
* Alleviate the need for zypper in the user toolbox script
* Consolidate logging and help debugging of the user toolbox's script
* Export machine-id and IPC inside the toolbox (IPC, user only)
* Fix (more) formatting...
------------------------------------------------------------------
------------------ 2021-2-7 - Feb 7 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Update to 5.11-rc7
- refresh configs
- commit 68cabb0
- Linux 5.10.14 (bsc#1012628).
- workqueue: Restrict affinity change to rescuer (bsc#1012628).
- kthread: Extract KTHREAD_IS_PER_CPU (bsc#1012628).
- x86/cpu: Add another Alder Lake CPU to the Intel family
(bsc#1012628).
- objtool: Don't fail the kernel build on fatal errors
(bsc#1012628).
- habanalabs: disable FW events on device removal (bsc#1012628).
- habanalabs: fix backward compatibility of idle check
(bsc#1012628).
- habanalabs: zero pci counters packet before submit to FW
(bsc#1012628).
- drm/amd/display: Fixed corruptions on HPDRX link loss restore
(bsc#1012628).
- drm/amd/display: Use hardware sequencer functions for PG control
(bsc#1012628).
- drm/amd/display: Change function decide_dp_link_settings to
avoid infinite looping (bsc#1012628).
- drm/amd/display: Allow PSTATE chnage when no displays are
enabled (bsc#1012628).
- drm/amd/display: Update dram_clock_change_latency for DCN2.1
(bsc#1012628).
- selftests/powerpc: Only test lwm/stmw on big endian
(bsc#1012628).
- platform/x86: thinkpad_acpi: Add P53/73 firmware to
fan_quirk_table for dual fan control (bsc#1012628).
- nvmet: set right status on error in id-ns handler (bsc#1012628).
- nvme-pci: allow use of cmb on v1.4 controllers (bsc#1012628).
- nvme-tcp: avoid request double completion for concurrent
nvme_tcp_timeout (bsc#1012628).
- nvme-rdma: avoid request double completion for concurrent
nvme_rdma_timeout (bsc#1012628).
- nvme: check the PRINFO bit before deciding the host buffer
length (bsc#1012628).
- udf: fix the problem that the disc content is not displayed
(bsc#1012628).
- i2c: tegra: Create i2c_writesl_vi() to use with VI I2C for
filling TX FIFO (bsc#1012628).
- ALSA: hda: Add Cometlake-R PCI ID (bsc#1012628).
- scsi: ibmvfc: Set default timeout to avoid crash during
migration (bsc#1012628).
- mac80211: fix encryption key selection for 802.3 xmit
(bsc#1012628).
- mac80211: fix fast-rx encryption check (bsc#1012628).
- mac80211: fix incorrect strlen of .write in debugfs
(bsc#1012628).
- objtool: Don't add empty symbols to the rbtree (bsc#1012628).
- ALSA: hda: Add AlderLake-P PCI ID and HDMI codec vid
(bsc#1012628).
- ASoC: SOF: Intel: hda: Resume codec to do jack detection
(bsc#1012628).
- scsi: fnic: Fix memleak in vnic_dev_init_devcmd2 (bsc#1012628).
- scsi: libfc: Avoid invoking response handler twice if ep is
already completed (bsc#1012628).
- scsi: scsi_transport_srp: Don't block target in failfast state
(bsc#1012628).
- x86: __always_inline __{rd,wr}msr() (bsc#1012628).
- locking/lockdep: Avoid noinstr warning for DEBUG_LOCKDEP
(bsc#1012628).
- habanalabs: fix dma_addr passed to dma_mmap_coherent
(bsc#1012628).
- platform/x86: intel-vbtn: Support for tablet mode on Dell
Inspiron 7352 (bsc#1012628).
- platform/x86: touchscreen_dmi: Add swap-x-y quirk for Goodix
touchscreen on Estar Beauty HD tablet (bsc#1012628).
- tools/power/x86/intel-speed-select: Set higher of
cpuinfo_max_freq or base_frequency (bsc#1012628).
- tools/power/x86/intel-speed-select: Set scaling_max_freq to
base_frequency (bsc#1012628).
- phy: cpcap-usb: Fix warning for missing regulator_disable
(bsc#1012628).
- iommu/vt-d: Do not use flush-queue when caching-mode is on
(bsc#1012628).
- ARM: 9025/1: Kconfig: CPU_BIG_ENDIAN depends on !LD_IS_LLD
(bsc#1012628).
- Revert "x86/setup: don't remove E820_TYPE_RAM for pfn 0"
(bsc#1012628).
- arm64: Do not pass tagged addresses to __is_lm_address()
(bsc#1012628).
- arm64: Fix kernel address detection of __is_lm_address()
(bsc#1012628).
- arm64: dts: meson: Describe G12b GPU as coherent (bsc#1012628).
- drm/panfrost: Support cache-coherent integrations (bsc#1012628).
- iommu/io-pgtable-arm: Support coherency for Mali LPAE
(bsc#1012628).
- ibmvnic: Ensure that CRQ entry read are correctly ordered
(bsc#1012628).
- net: switchdev: don't set port_obj_info->handled true when
- EOPNOTSUPP (bsc#1012628).
- net: dsa: bcm_sf2: put device node before return (bsc#1012628).
- mlxsw: spectrum_span: Do not overwrite policer configuration
(bsc#1012628).
- stmmac: intel: Configure EHL PSE0 GbE and PSE1 GbE to 32 bits
DMA addressing (bsc#1012628).
- net: octeontx2: Make sure the buffer is 128 byte aligned
(bsc#1012628).
- net: fec: put child node on error path (bsc#1012628).
- net: stmmac: dwmac-intel-plat: remove config data on error
(bsc#1012628).
- net: dsa: microchip: Adjust reset release timing to match
reference reset circuit (bsc#1012628).
- commit 0a69f62
++++ pigz:
- update to 2.6:
* Add --huffman/-H and --rle/U strategy options
* Fix issue when compiling for no threads
* Fail silently on a broken pipe
* Add --alias/-A option to set .zip name for stdin input
* Add --comment/-C option to add comment in .gz or .zip
* Several bug and behavior fixes
- drop fortify.patch: obsolete
++++ python-cryptography:
- update to 3.3.2 (bsc#1182066, CVE-2020-36242, bsc#1198331):
* SECURITY ISSUE: Fixed a bug where certain sequences of update()
calls when symmetrically encrypting very large payloads (>2GB) could
result in an integer overflow, leading to buffer overflows.
CVE-2020-36242
- drops CVE-2020-36242-buffer-overflow.patch on older dists
------------------------------------------------------------------
------------------ 2021-2-6 - Feb 6 2021 -------------------
------------------------------------------------------------------
++++ boost-base:
- Add build support for gcc10 to HPC build (bsc#1174439).
- Add openmpi4 flavors (jsc#SLE-16462).
++++ docker:
[NOTE: This update was only ever released in SLES and Leap.]
- Update Docker to 19.03.15-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. This update includes fixes for
bsc#1181732 (CVE-2021-21284) and bsc#1181730 (CVE-2021-21285).
- Rebase patches:
* bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
- Only apply the boo#1178801 libnetwork patch to handle firewalld on openSUSE.
It appears that SLES doesn't like the patch. bsc#1180401
++++ openssl-1_1:
- Removed patch because it was causing problems with other servers.
* openssl-zero-pad-DHE-public-key.patch
* bsc#1181796
++++ libselinux:
- Add Recommends: selinux-autorelabel, which is very important
for healthy use of the SELinux on the system (/.autorelabel
mechanism) (bsc#1181837).
------------------------------------------------------------------
------------------ 2021-2-5 - Feb 5 2021 -------------------
------------------------------------------------------------------
++++ chrony:
- Enable syscallfilter unconditionally [boo#1181826].
++++ crypto-policies:
- Do not build the manpages to avoid build cycles
- Add crypto-policies-no-build-manpages.patch
++++ glib2:
- Update to version 2.66.6:
+ Fix various instances within GLib where `g_memdup()` was
vulnerable to a silent integer truncation and heap overflow
problem (glgo#GNOME/GLib#2319).
++++ kernel-default:
- Update
patches.kernel.org/5.10.13-143-vsock-fix-the-race-conditions-in-multi-transp.patch
(bsc#1012628 bsc#1181806).
Add bsc reference.
- commit 64ec974
++++ krb5:
- Update to 1.19
Administrator experience
* When a client keytab is present, the GSSAPI krb5 mech will refresh
credentials even if the current credentials were acquired manually.
* It is now harder to accidentally delete the K/M entry from a KDB.
Developer experience
* gss_acquire_cred_from() now supports the "password" and "verify"
options, allowing credentials to be acquired via password and
verified using a keytab key.
* When an application accepts a GSS security context, the new
GSS_C_CHANNEL_BOUND_FLAG will be set if the initiator and acceptor
both provided matching channel bindings.
* Added the GSS_KRB5_NT_X509_CERT name type, allowing S4U2Self requests
to identify the desired client principal by certificate.
* PKINIT certauth modules can now cause the hw-authent flag to be set
in issued tickets.
* The krb5_init_creds_step() API will now issue the same password
expiration warnings as krb5_get_init_creds_password().
Protocol evolution
* Added client and KDC support for Microsoft's Resource-Based Constrained
Delegation, which allows cross-realm S4U2Proxy requests. A third-party
database module is required for KDC support.
* kadmin/admin is now the preferred server principal name for kadmin
connections, and the host-based form is no longer created by default.
The client will still try the host-based form as a fallback.
* Added client and server support for Microsoft's KERB_AP_OPTIONS_CBT
extension, which causes channel bindings to be required for the
initiator if the acceptor provided them. The client will send this
option if the client_aware_gss_bindings profile option is set.
User experience
* kinit will now issue a warning if the des3-cbc-sha1 encryption type is
used in the reply. This encryption type will be deprecated and removed
in future releases.
* Added kvno flags --out-cache, --no-store, and --cached-only
(inspired by Heimdal's kgetcred).
++++ fuse3:
- Update to release 3.10.2
* Allow "nonempty" as a mount option, for backwards
compatibility with fusermount 2. The option has no effect
since mounting over non-empty directories is allowed by default.
* FUSE filesystems can now be mounted underneath EXFAT
mountpoints.
++++ systemd:
- systemd-sysv-convert: handle the case when services are migrated
from SysV scripts to systemd units and are renamed at the same
time (bsc#1181788)
The list of such services is hard coded and contains only the
'ntp->ntpd' translation.
++++ qemu:
- Include upstream patches designated as stable material and
reviewed for applicability to include here
block-Separate-blk_is_writable-and-blk_s.patch
hw-intc-arm_gic-Fix-interrupt-ID-in-GICD.patch
hw-net-lan9118-Fix-RX-Status-FIFO-PEEK-v.patch
hw-timer-slavio_timer-Allow-64-bit-acces.patch
net-Fix-handling-of-id-in-netdev_add-and.patch
target-arm-Don-t-decode-insns-in-the-XSc.patch
target-arm-Fix-MTE0_ACTIVE.patch
target-arm-Introduce-PREDDESC-field-defi.patch
target-arm-Update-PFIRST-PNEXT-for-pred_.patch
target-arm-Update-REV-PUNPK-for-pred_des.patch
target-arm-Update-ZIP-UZP-TRN-for-pred_d.patch
tcg-Use-memset-for-large-vector-byte-rep.patch
ui-vnc-Add-missing-lock-for-send_color_m.patch
virtio-move-use-disabled-flag-property-t.patch
------------------------------------------------------------------
------------------ 2021-2-4 - Feb 4 2021 -------------------
------------------------------------------------------------------
++++ cockpit:
- Rebuild from git leveraging local-npm-registry (needs
cockpit-redhatfont.diff)
++++ curl:
- Update to 7.75.0
* Changes:
- curl: add --create-file-mode [mode]
- curl: add new variables to --write-out
- dns: extend CURLOPT_RESOLVE syntax for adding non-permanent entries
- gopher: implement secure gopher protocol
- http: add Hyper as new optional HTTP backend
- http: introduce AWS HTTP v4 Signature support
* Bugfixes:
- cmake: Add an option to disable libidn2
- cmake: enable gophers correctly in curl-config
- cmake: expose CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG
- digest_sspi: Show InitializeSecurityContext errors in verbose mode
- getinfo: build with disabled HTTP support
- http: get CURLOPT_REQUEST_TARGET working with a HTTP proxy
- http_proxy: Fix CONNECT chunked encoding race condition
- httpauth: make multi-request auth work with custom port
- lib: pass in 'struct Curl_easy *' to most functions
- lib: remove Curl_ prefix from many static functions
- lib: save a bit of space with some structure packing
- libssh: avoid plain free() of libssh-memory
- mime: make sure setting MIMEPOST to NULL resets properly
- multi_runsingle: bail out early on data->conn == NULL
- ngtcp2: Fix http3 upload stall
- ngtcp2: Fix stack buffer overflow
- openssl: lowercase the hostname before using it for SNI
- socks: use the download buffer instead
- speedcheck: exclude paused transfers
- tooĺ_writeout: fix the -w time output units
- url: if IDNA conversion fails, fallback to Transitional
- Refresh libcurl-ocloexec.patch
++++ gawk:
- fix update-alternatives usage. Needs to be in %postun according to
https://en.opensuse.org/openSUSE:Packaging_Multiple_Version_guidelines#update-alternatives_mechanism
++++ kernel-default:
- net/mlx5: Fix function calculation for page trees (git-fixes).
- commit e976b88
- Linux 5.10.13 (bsc#1012628).
- iwlwifi: provide gso_type to GSO packets (bsc#1012628).
- nbd: freeze the queue while we're adding connections
(bsc#1012628).
- tty: avoid using vfs_iocb_iter_write() for redirected console
writes (bsc#1012628).
- ACPI: sysfs: Prefer "compatible" modalias (bsc#1012628).
- ACPI: thermal: Do not call acpi_thermal_check() directly
(bsc#1012628).
- kernel: kexec: remove the lock operation of
system_transition_mutex (bsc#1012628).
- ALSA: hda/realtek: Enable headset of ASUS B1400CEPE with ALC256
(bsc#1012628).
- parisc: Enable -mlong-calls gcc option by default when
!CONFIG_MODULES (bsc#1012628).
- media: cec: add stm32 driver (bsc#1012628).
- media: cedrus: Fix H264 decoding (bsc#1012628).
- media: hantro: Fix reset_raw_fmt initialization (bsc#1012628).
- media: rc: fix timeout handling after switch to microsecond
durations (bsc#1012628).
- media: rc: ite-cir: fix min_timeout calculation (bsc#1012628).
- media: rc: ensure that uevent can be read directly after rc
device register (bsc#1012628).
- ARM: dts: tbs2910: rename MMC node aliases (bsc#1012628).
- ARM: dts: ux500: Reserve memory carveouts (bsc#1012628).
- ARM: dts: imx6qdl-gw52xx: fix duplicate regulator naming
(bsc#1012628).
- wext: fix NULL-ptr-dereference with cfg80211's lack of commit()
(bsc#1012628).
- x86/xen: avoid warning in Xen pv guest with
CONFIG_AMD_MEM_ENCRYPT enabled (bsc#1012628).
- ASoC: AMD Renoir - refine DMI entries for some Lenovo products
(bsc#1012628).
- Revert "drm/amdgpu/swsmu: drop set_fan_speed_percent (v2)"
(bsc#1012628).
- drm/nouveau/kms/gk104-gp1xx: Fix > 64x64 cursors (bsc#1012628).
- drm/i915: Always flush the active worker before returning from
the wait (bsc#1012628).
- drm/i915/gt: Always try to reserve GGTT address 0x0
(bsc#1012628).
- drivers/nouveau/kms/nv50-: Reject format modifiers for cursor
planes (bsc#1012628).
- bcache: only check feature sets when sb->version >=
BCACHE_SB_VERSION_CDEV_WITH_FEATURES (bsc#1012628).
- net: usb: qmi_wwan: added support for Thales Cinterion PLSx3
modem family (bsc#1012628).
- s390: uv: Fix sysfs max number of VCPUs reporting (bsc#1012628).
- s390/vfio-ap: No need to disable IRQ after queue reset
(bsc#1012628).
- PM: hibernate: flush swap writer after marking (bsc#1012628).
- x86/entry: Emit a symbol for register restoring thunk
(bsc#1012628).
- efi/apple-properties: Reinstate support for boolean properties
(bsc#1012628).
- crypto: marvel/cesa - Fix tdma descriptor on 64-bit
(bsc#1012628).
- drivers: soc: atmel: Avoid calling at91_soc_init on non AT91
SoCs (bsc#1012628).
- drivers: soc: atmel: add null entry at the end of
at91_soc_allowed_list[] (bsc#1012628).
- btrfs: fix lockdep warning due to seqcount_mutex on 32bit arch
(bsc#1012628).
- btrfs: fix possible free space tree corruption with online
conversion (bsc#1012628).
- KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in
intel_arch_events[] (bsc#1012628).
- KVM: x86/pmu: Fix UBSAN shift-out-of-bounds warning in
intel_pmu_refresh() (bsc#1012628).
- KVM: arm64: Filter out v8.1+ events on v8.0 HW (bsc#1012628).
- KVM: nSVM: cancel KVM_REQ_GET_NESTED_STATE_PAGES on nested
vmexit (bsc#1012628).
- KVM: x86: allow KVM_REQ_GET_NESTED_STATE_PAGES outside guest
mode for VMX (bsc#1012628).
- KVM: nVMX: Sync unsync'd vmcs02 state to vmcs12 on migration
(bsc#1012628).
- KVM: x86: get smi pending status correctly (bsc#1012628).
- KVM: Forbid the use of tagged userspace addresses for memslots
(bsc#1012628).
- io_uring: fix wqe->lock/completion_lock deadlock (bsc#1012628).
- xen: Fix XenStore initialisation for XS_LOCAL (bsc#1012628).
- leds: trigger: fix potential deadlock with libata (bsc#1012628).
- arm64: dts: broadcom: Fix USB DMA address translation for
Stingray (bsc#1012628).
- mt7601u: fix kernel crash unplugging the device (bsc#1012628).
- mt76: mt7663s: fix rx buffer refcounting (bsc#1012628).
- mt7601u: fix rx buffer refcounting (bsc#1012628).
- iwlwifi: Fix IWL_SUBDEVICE_NO_160 macro to use the correct bit
(bsc#1012628).
- drm/i915/gt: Clear CACHE_MODE prior to clearing residuals
(bsc#1012628).
- drm/i915/pmu: Don't grab wakeref when enabling events
(bsc#1012628).
- net/mlx5e: Fix IPSEC stats (bsc#1012628).
- ARM: dts: imx6qdl-kontron-samx6i: fix pwms for lcd-backlight
(bsc#1012628).
- drm/nouveau/svm: fail NOUVEAU_SVM_INIT ioctl on unsupported
devices (bsc#1012628).
- drm/vc4: Correct lbm size and calculation (bsc#1012628).
- drm/vc4: Correct POS1_SCL for hvs5 (bsc#1012628).
- drm/i915: Check for all subplatform bits (bsc#1012628).
- drm/i915/selftest: Fix potential memory leak (bsc#1012628).
- uapi: fix big endian definition of ipv6_rpl_sr_hdr
(bsc#1012628).
- KVM: Documentation: Fix spec for KVM_CAP_ENABLE_CAP_VM
(bsc#1012628).
- tee: optee: replace might_sleep with cond_resched (bsc#1012628).
- xen-blkfront: allow discard-* nodes to be optional
(bsc#1012628).
- blk-mq: test QUEUE_FLAG_HCTX_ACTIVE for sbitmap_shared in
hctx_may_queue (bsc#1012628).
- clk: imx: fix Kconfig warning for i.MX SCU clk (bsc#1012628).
- clk: mmp2: fix build without CONFIG_PM (bsc#1012628).
- clk: qcom: gcc-sm250: Use floor ops for sdcc clks (bsc#1012628).
- ARM: imx: build suspend-imx6.S with arm instruction set
(bsc#1012628).
- ARM: zImage: atags_to_fdt: Fix node names on added root nodes
(bsc#1012628).
- netfilter: nft_dynset: add timeout extension to template
(bsc#1012628).
- Revert "RDMA/mlx5: Fix devlink deadlock on net namespace
deletion" (bsc#1012628).
- Revert "block: simplify set_init_blocksize" to regain lost
performance (bsc#1012628).
- xfrm: Fix oops in xfrm_replay_advance_bmp (bsc#1012628).
- xfrm: fix disable_xfrm sysctl when used on xfrm interfaces
(bsc#1012628).
- selftests: xfrm: fix test return value override issue in
xfrm_policy.sh (bsc#1012628).
- xfrm: Fix wraparound in xfrm_policy_addr_delta() (bsc#1012628).
- arm64: dts: ls1028a: fix the offset of the reset register
(bsc#1012628).
- ARM: imx: fix imx8m dependencies (bsc#1012628).
- ARM: dts: imx6qdl-kontron-samx6i: fix i2c_lcd/cam default status
(bsc#1012628).
- ARM: dts: imx6qdl-sr-som: fix some cubox-i platforms
(bsc#1012628).
- arm64: dts: imx8mp: Correct the gpio ranges of gpio3
(bsc#1012628).
- firmware: imx: select SOC_BUS to fix firmware build
(bsc#1012628).
- RDMA/cxgb4: Fix the reported max_recv_sge value (bsc#1012628).
- ASoC: dt-bindings: lpass: Fix and common up lpass dai ids
(bsc#1012628).
- ASoC: qcom: Fix incorrect volatile registers (bsc#1012628).
- ASoC: qcom: Fix broken support to MI2S TERTIARY and QUATERNARY
(bsc#1012628).
- ASoC: qcom: lpass-ipq806x: fix bitwidth regmap field
(bsc#1012628).
- spi: altera: Fix memory leak on error path (bsc#1012628).
- ASoC: Intel: Skylake: skl-topology: Fix OOPs ib
skl_tplg_complete (bsc#1012628).
- powerpc/64s: prevent recursive replay_soft_interrupts causing
superfluous interrupt (bsc#1012628).
- pNFS/NFSv4: Fix a layout segment leak in pnfs_layout_process()
(bsc#1012628).
- pNFS/NFSv4: Update the layout barrier when we schedule a
layoutreturn (bsc#1012628).
- ASoC: SOF: Intel: soundwire: fix select/depend unmet
dependencies (bsc#1012628).
- ASoC: qcom: lpass: Fix out-of-bounds DAI ID lookup
(bsc#1012628).
- iwlwifi: pcie: avoid potential PNVM leaks (bsc#1012628).
- iwlwifi: pnvm: don't skip everything when not reloading
(bsc#1012628).
- iwlwifi: pnvm: don't try to load after failures (bsc#1012628).
- iwlwifi: pcie: set LTR on more devices (bsc#1012628).
- iwlwifi: pcie: use jiffies for memory read spin time limit
(bsc#1012628).
- iwlwifi: pcie: reschedule in long-running memory reads
(bsc#1012628).
- mac80211: pause TX while changing interface type (bsc#1012628).
- ice: fix FDir IPv6 flexbyte (bsc#1012628).
- ice: Implement flow for IPv6 next header (extension header)
(bsc#1012628).
- ice: update dev_addr in ice_set_mac_address even if HW filter
exists (bsc#1012628).
- ice: Don't allow more channels than LAN MSI-X available
(bsc#1012628).
- ice: Fix MSI-X vector fallback logic (bsc#1012628).
- i40e: acquire VSI pointer only after VF is initialized
(bsc#1012628).
- igc: fix link speed advertising (bsc#1012628).
- net/mlx5: Fix memory leak on flow table creation error flow
(bsc#1012628).
- net/mlx5e: E-switch, Fix rate calculation for overflow
(bsc#1012628).
- net/mlx5e: free page before return (bsc#1012628).
- net/mlx5e: Reduce tc unsupported key print level (bsc#1012628).
- net/mlx5: Maintain separate page trees for ECPF and PF functions
(bsc#1012628).
- net/mlx5e: Disable hw-tc-offload when MLX5_CLS_ACT config is
disabled (bsc#1012628).
- net/mlx5e: Fix CT rule + encap slow path offload and deletion
(bsc#1012628).
- net/mlx5e: Correctly handle changing the number of queues when
the interface is down (bsc#1012628).
- net/mlx5e: Revert parameters on errors when changing trust
state without reset (bsc#1012628).
- net/mlx5e: Revert parameters on errors when changing MTU and
LRO state without reset (bsc#1012628).
- net/mlx5: CT: Fix incorrect removal of tuple_nat_node from
nat rhashtable (bsc#1012628).
- can: dev: prevent potential information leak in can_fill_info()
(bsc#1012628).
- ACPI/IORT: Do not blindly trust DMA masks from firmware
(bsc#1012628).
- of/device: Update dma_range_map only when dev has valid
dma-ranges (bsc#1012628).
- iommu/amd: Use IVHD EFR for early initialization of IOMMU
features (bsc#1012628).
- iommu/vt-d: Correctly check addr alignment in
qi_flush_dev_iotlb_pasid() (bsc#1012628).
- nvme-multipath: Early exit if no path is available
(bsc#1012628).
- selftests: forwarding: Specify interface when invoking mausezahn
(bsc#1012628).
- rxrpc: Fix memory leak in rxrpc_lookup_local (bsc#1012628).
- NFC: fix resource leak when target index is invalid
(bsc#1012628).
- NFC: fix possible resource leak (bsc#1012628).
- ASoC: mediatek: mt8183-da7219: ignore TDM DAI link by default
(bsc#1012628).
- ASoC: mediatek: mt8183-mt6358: ignore TDM DAI link by default
(bsc#1012628).
- ASoC: topology: Properly unregister DAI on removal
(bsc#1012628).
- ASoC: topology: Fix memory corruption in
soc_tplg_denum_create_values() (bsc#1012628).
- scsi: qla2xxx: Fix description for parameter
ql2xenforce_iocb_limit (bsc#1012628).
- team: protect features update by RCU to avoid deadlock
(bsc#1012628).
- tcp: make TCP_USER_TIMEOUT accurate for zero window probes
(bsc#1012628).
- tcp: fix TLP timer not set when CA_STATE changes from DISORDER
to OPEN (bsc#1012628).
- vsock: fix the race conditions in multi-transport support
(bsc#1012628).
- Update patches.suse/acpi_thermal_passive_blacklist.patch
(bsc#333043).
- commit 3527948
++++ kmod:
- Fix tests to not test disabled features. Disable zstd again.
* kmod-populate-modules-Use-more-bash-more-quotes.patch
* kmod-testsuite-compress-modules-if-feature-is-enabled.patch
* kmod-also-test-xz-compression.patch
++++ util-linux:
- Merge package with SLE15 SP3 and openSUSE Leap 15.3:
Obsoletes upstreamed patches:
- libblkid: Do not trigger CDROM autoclose (v2.35, bsc#1084671,
util-linux-libblkid-cdrom-autoclose-1.patch,
util-linux-libblkid-cdrom-autoclose-2.patch,
util-linux-libblkid-cdrom-autoclose-3.patch).
- lscpu: avoid segfault on PowerPC systems with valid hardware
configurations
(v2.36.1, bsc#1175623, bsc#1178554, bsc#1178825,
lscpu-avoid-segfault-on-PowerPC-systems-with-valid-h.patch)
- Fix for SG#57988, bsc#1174942 (v2.36):
libmount-fix-mount-a-EBUSY-for-cifs.patch: Fix warning on mounts
to CIFS with mount –a.
- blockdev: Do not fail --report on kpartx-style partitions on
multipath (v2.36,
bsc#1168235, util-linux-blockdev-report-dm.patch).
- nologin: Add support for -c to prevent error from su -c
(v2.35, bsc#1151708, util-linux-nologin-su-c.patch).
- Add libmount-Avoid-triggering-autofs-in-lookup_umount_fs.patch:
Avoid triggering autofs in lookup_umount_fs_by_statfs
(v2.36 boo#1168389)
- mount: fall back to device node name if /dev/mapper link not found
(v2.34, bsc#1149911)
* Add patch: util-linux-canonicalize-coverity-scan.patch
- De-duplicate fstrim -A properly (v2.34, bsc#1127701,
util-linux-fstrim-A-1.patch, util-linux-fstrim-A-3.patch,
util-linux-fstrim-A-4.patch).
- Do not trim read-only volumes
(v2.34, boo#1106214, util-linux-fstrim-A-2.patch,
util-linux-fstrim-A-4.patch).
- libmount: To prevent incorrect behavior, recognize more pseudofs
and netfs (v2.34, bsc#1122417,
util-linux-libmount-pseudofs.patch).
- agetty: Return previous response of agetty for special characters
(v2.34, bsc#1085196, bsc#1125886,
util-linux-agetty-smart-reload-13.patch,
util-linux-agetty-smart-reload-14.patch).
- Fix problems in reading of login.defs values (v2.34, bsc#1121197,
util-linux-login_defs-priority1.patch,
util-linux-login_defs-priority2.patch,
util-linux-login_defs-SYS_UID.patch).
- Build with libudev support to support non-root users
(boo#1169006).
- Move findmnt and lsblk to util-linux-systemd, as they use libudev
(bsc#1169006#c10).
++++ nghttp2:
- update to 1.43.0:
* doc: Make doc generation work with sphinx v3.3
* python: Require python3 for python bindings
* python: Require python3 for python scripts
* nghttpx: Make sure that Pool gets cleared when all buffers are returned
* nghttpx: Choose ECDSA cert if compatible signature algorithm available
* nghttpx: Add workaround to include ':' in backend pattern
++++ openssl-1_1:
- Zero pad the DHE public key in ClientKeyExchange for interoperability with
Windows Server 2019.
* openssl-zero-pad-DHE-public-key.patch
* bsc#1181796
* sourced from https://github.com/openssl/openssl/pull/12331/files
++++ python-requests:
- add 5711.patch from upstream instead to remove idna<3 pin
++++ qemu:
- binutils v2.36 has changed the handling of the assembler's
- mx86-used-note, resulting in a build failure. To compensate, we
now explicitly specify -mx86-used-note=no in the seabios Makefile
(boo#1181775)
build-be-explicit-about-mx86-used-note-n.patch
++++ util-linux-systemd:
- Merge package with SLE15 SP3 and openSUSE Leap 15.3:
Obsoletes upstreamed patches:
- libblkid: Do not trigger CDROM autoclose (v2.35, bsc#1084671,
util-linux-libblkid-cdrom-autoclose-1.patch,
util-linux-libblkid-cdrom-autoclose-2.patch,
util-linux-libblkid-cdrom-autoclose-3.patch).
- lscpu: avoid segfault on PowerPC systems with valid hardware
configurations
(v2.36.1, bsc#1175623, bsc#1178554, bsc#1178825,
lscpu-avoid-segfault-on-PowerPC-systems-with-valid-h.patch)
- Fix for SG#57988, bsc#1174942 (v2.36):
libmount-fix-mount-a-EBUSY-for-cifs.patch: Fix warning on mounts
to CIFS with mount –a.
- blockdev: Do not fail --report on kpartx-style partitions on
multipath (v2.36,
bsc#1168235, util-linux-blockdev-report-dm.patch).
- nologin: Add support for -c to prevent error from su -c
(v2.35, bsc#1151708, util-linux-nologin-su-c.patch).
- Add libmount-Avoid-triggering-autofs-in-lookup_umount_fs.patch:
Avoid triggering autofs in lookup_umount_fs_by_statfs
(v2.36 boo#1168389)
- mount: fall back to device node name if /dev/mapper link not found
(v2.34, bsc#1149911)
* Add patch: util-linux-canonicalize-coverity-scan.patch
- De-duplicate fstrim -A properly (v2.34, bsc#1127701,
util-linux-fstrim-A-1.patch, util-linux-fstrim-A-3.patch,
util-linux-fstrim-A-4.patch).
- Do not trim read-only volumes
(v2.34, boo#1106214, util-linux-fstrim-A-2.patch,
util-linux-fstrim-A-4.patch).
- libmount: To prevent incorrect behavior, recognize more pseudofs
and netfs (v2.34, bsc#1122417,
util-linux-libmount-pseudofs.patch).
- agetty: Return previous response of agetty for special characters
(v2.34, bsc#1085196, bsc#1125886,
util-linux-agetty-smart-reload-13.patch,
util-linux-agetty-smart-reload-14.patch).
- Fix problems in reading of login.defs values (v2.34, bsc#1121197,
util-linux-login_defs-priority1.patch,
util-linux-login_defs-priority2.patch,
util-linux-login_defs-SYS_UID.patch).
- Build with libudev support to support non-root users
(boo#1169006).
- Move findmnt and lsblk to util-linux-systemd, as they use libudev
(bsc#1169006#c10).
++++ wpa_supplicant:
- Add CVE-2021-0326.patch -- P2P group information processing vulnerability
(bsc#1181777)
------------------------------------------------------------------
------------------ 2021-2-3 - Feb 3 2021 -------------------
------------------------------------------------------------------
++++ glib2:
- Update to version 2.66.5:
+ Fix some issues with handling over-long (invalid) input when
parsing for `GDate`.
+ Don’t load GIO modules or parse other GIO environment variables
when `AT_SECURE` is set (i.e. in a setuid/setgid/setcap
process). GIO has always been documented as not being safe to
use in privileged processes, but people persist in using it
unsafely, so these changes should harden things against
potential attacks at least a little. Unfortunately they break a
couple of projects which were relying on reading
`DBUS_SESSION_BUS_ADDRESS`, so GIO continues to read that for
setgid/setcap (but not setuid) processes. This loophole will be
closed in GLib 2.70 (see issue #2316), which should give
modules 6 months to change their behaviour.
+ Fix `g_spawn()` searching `PATH` when it wasn’t meant to.
+ Bugs fixed: bgo#2168, bgo#2210, bgo#2305, glgo#GNOME/GLib!1820,
glgo#GNOME/GLib!1824, glgo#GNOME/GLib!1831,
glgo#GNOME/GLib!1836, glgo#GNOME/GLib!1864,
glgo#GNOME/GLib!1872, glgo#GNOME/GLib!1913,
glgo#GNOME/GLib!1922.
- Rebase/refresh patches:
+ glib2-dbus-socket-path.patch
+ glib2-fate300461-gettext-gkeyfile-suse.patch
+ glib2-gdbus-codegen-version.patch
+ glib2-suppress-schema-deprecated-path-warning.patch
+ glib2-bgo569829-gettext-gkeyfile.patch
++++ kernel-default:
- rpm/kernel-binary.spec.in: Correct Supplements in optional subpkg (jsc#SLE-11796)
The product string was changed from openSUSE to Leap.
- commit 3cb7943
++++ systemd:
- Import commit 134cf1c8bc3e361a2641161aa11ac2b5b990480b (merge of v246.10)
25f220eafb sysusers: flush nscd's caches whenever /etc/{passwd,group} are modified (bsc#1181121)
4a543f0257 journal: send journald logs to kmsg again
26df96473f busctl: add a timestamp to the output of the busctl monitor command (bsc#1180225)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/520e53b6d85087b05892ee637ae93f1b269e7e52...134cf1c8bc3e361a2641161aa11ac2b5b990480b
++++ logrotate:
- Update to 3.18.0:
* Allow UIDs and GIDs to be specified numerically
* Add support for Zstandard compressed files
* Make delaycompress not to fail with rotate 0
++++ python-requests:
- Don't pin idna<3 in the egg-info so that depending packages
can install the new idna dropping python2
++++ runc:
- Update to runc v1.0.0~rc93. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc93
bsc#1182451 bsc#1184962
* Cgroupv2 support is no longer considered experimental.
* Mountinfo parsing code has been reworked significantly.
* Special ENOSYS handling for seccomp profiles to avoid making new
syscalls unusable for glibc.
* Various rootless containers improvements.
* The "selinux" and "apparmor" buildtags have been removed, and now all runc
builds will have SELinux and AppArmor support enabled.
++++ toolbox:
- Update to version 2.1+git20210203.a669e3a:
* Fix formatting
* Enhance alternate UI docu
* Ignore podman runlabel error if no RUN label exist
* Enhance documentation
* Check existence of volume directories (#15)
------------------------------------------------------------------
------------------ 2021-2-2 - Feb 2 2021 -------------------
------------------------------------------------------------------
++++ apparmor:
- define %_pamdir for <= 15.x to fix the build on those releases
++++ containerd:
- Update to handle the docker-runc removal, and drop the -kubic flavour.
bsc#1181677 bsc#1181749
++++ crypto-policies:
- Convert to use a proper git source _service:
+ To update, one just needs to update the commit/revision in the
_service file and run `osc service dr`.
+ The version of the package is defined by the commit date of the
revision, followed by the abbreviated git hash (The same
revision used before results thus in a downgrade to 20210118,
but as this is a alltime new package, this is acceptable.
- Update to git version 20210127
* Bump Python requirement to 3.6
* Output sigalgs required by nss >=3.59
* Do not require bind during build
* Break build cycles with openssl and gnutls
++++ cups:
- CVE-2020-10001.patch fixes CVE-2020-10001 (bsc#1180520)
access to uninitialized buffer in ipp.c
++++ lvm2-device-mapper:
- lvm2 should use 'external_device_info_source="udev"' by default (bsc#1179691)
- add SUSE special patch to void issues in non udev env
+ bug-1179691_config-set-external_device_info_source-none.patch
++++ docker:
- Update to Docker 20.10.3-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. Fixes bsc#1181732
(CVE-2021-21284) and bsc#1181730 (CVE-2021-21285).
- Rebase patches on top of 20.10.3-ce.
- 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
+ 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
- 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
+ 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
- 0004-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
+ 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
- 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
+ 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- Drop docker-runc, docker-test and docker-libnetwork packages. We now just use
the upstream runc package (it's stable enough and Docker no longer pins git
versions). docker-libnetwork is so unstable that it doesn't have any
versioning scheme and so it really doesn't make sense to maintain the project
as a separate package. bsc#1181641 bsc#1181677
- Remove no-longer-needed patch for packaging now that we've dropped
docker-runc and docker-libnetwork.
- 0001-PACKAGING-revert-Remove-docker-prefix-for-containerd.patch
++++ dosfstools:
- update to 4.2:
* mkfs.fat: Allow to specify disk geometry via new -g option
* fsck.fat: Add code for fixing first FAT cluster
* fatlabel: Do not call parts of fsck repair procedure
* Update warning message about lowercase labels
* mkfs.fat: Read geom_start from sysfs
* Add missing files into distribution tarball
- BREAKING CHANGES (boo#1188401):
After fixing of bsc#1172863 in the last update, mkfs started to
create different images than before. Applications that depend on
exact FAT file format (e. g. embedded systems) may be broken in
two ways:
* The introduction of the alignment may create smaller images
than before, with a different positions of important image
elements. It can break existing software that expect images in
doststools <= 4.1 style.
To work around these problems, use "-a" command line argument.
* The new image may contain a different geometry values. Geometry
sensitive applications expecting doststools <= 4.1 style images
can fails to accept different geometry values.
There is no direct work around for this problem. But you can
take the old image, use "file -s $IMAGE", check its
"sectors/track" and "heads", and use them in the newly
introduced "-g" command line argument.
++++ dracut:
- Update to version 051+suse.85.g04886430:
* prepare usrmerge (boo#1029961)
++++ transactional-update:
- Version 3.1.0
- t-u: Support installing RPMs from the user's directory again
- Adapt selfupdate to new packaging
- Implement signal handling
- Remove empty text files
++++ glibc:
- Update to glibc 2.33
* The dynamic linker accepts the --list-tunables argument which prints
all the supported tunables.
* The dynamic linker accepts the --argv0 argument and provides opportunity
to change argv[0] string.
* The dynamic linker loads optimized implementations of shared objects
from subdirectories under the glibc-hwcaps directory on the library
search path if the system's capabilities meet the requirements for
that subdirectory.
* The new --help option of the dynamic linker provides usage and
information and library search path diagnostics.
* The mallinfo2 function is added to report statistics as per mallinfo,
but with larger field widths to accurately report values that are
larger than fit in an integer.
* Add <sys/platform/x86.h> to provide query macros for x86 CPU features.
* A new fortification level _FORTIFY_SOURCE=3 is available.
* The mallinfo function is marked deprecated.
* When dlopen is used in statically linked programs, alternative library
implementations from HWCAP subdirectories are no longer loaded.
* The deprecated <sys/vtimes.h> header and the function vtimes have been
removed.
* On s390(x), the type float_t is now derived from the macro
__FLT_EVAL_METHOD__ that is defined by the compiler, instead of being
hardcoded to double.
* A future version of glibc will stop loading shared objects from the
"tls" subdirectories on the library search path, the subdirectory that
corresponds to the AT_PLATFORM system name, and also stop employing
the legacy AT_HWCAP search mechanism.
* CVE-2021-3326: An assertion failure during conversion from the
ISO-20220-JP-3 character set using the iconv function has been fixed.
- Remove obsolete, unused /etc/default/nss
- aarch64-static-pie.patch, euc-kr-overrun.patch,
get-nprocs-cpu-online-parsing.patch, iconv-redundant-shift.patch,
iconv-ucs4-loop-bounds.patch, ifunc-fma4.patch,
intl-codeset-suffixes.patch, nscd-gc-cycle.patch,
printf-long-double-non-normal.patch, strerrorname-np.patch,
syslog-locking.patch, sysvipc.patch: Removed
++++ hwdata:
- Update to version 0.344:
+ Updated pci, usb and vendor ids.
++++ iputils:
- Update to version 20210202
https://github.com/iputils/iputils/releases/tag/20210202
- Version scheme change: dropped leading 's', update that change
++++ libapparmor:
- define %_pamdir for <= 15.x to fix the build on those releases
++++ libgcrypt:
- Update to 1.9.1
* *Fix exploitable bug* in hash functions introduced with
1.9.0. [bsc#1181632, CVE-2021-3345]
* Return an error if a negative MPI is used with sexp scan
functions.
* Check for operational FIPS in the random and KDF functions.
* Fix compile error on ARMv7 with NEON disabled.
* Fix self-test in KDF module.
* Improve assembler checks for better LTO support.
* Fix 32-bit cross build on x86.
* Fix non-NEON ARM assembly implementation for SHA512.
* Fix build problems with the cipher_bulk_ops_t typedef.
* Fix Ed25519 private key handling for preceding ZEROs.
* Fix overflow in modular inverse implementation.
* Fix register access for AVX/AVX2 implementations of Blake2.
* Add optimized cipher and hash functions for s390x/zSeries.
* Use hardware bit counting functionx when available.
* Update DSA functions to match FIPS 186-3.
* New self-tests for CMACs and KDFs.
* Add bulk cipher functions for OFB and GCM modes.
- Update libgpg-error required version
++++ lvm2:
- lvm2 should use 'external_device_info_source="udev"' by default (bsc#1179691)
- add SUSE special patch to void issues in non udev env
+ bug-1179691_config-set-external_device_info_source-none.patch
++++ procps:
- Package translations in procps-lang.
++++ python-idna:
- update to 3.1:
- Ensure license is included in package (Thanks, Julien Schueller)
- No longer mark wheel has universal (Thanks, Matthieu Darbois)
- Test on PowerPC using Travis CI
- Python 2 is no longer supported (the 2.x branch supports Python 2,
use "idna<3" in your requirements file if you need Python 2 support)
- Support for V2 UTS 46 test vectors.
++++ python310-packaging:
- update to 20.9:
* Run [isort](https://pypi.org/project/isort/) over the code base (:issue:`377`)
* Add support for the ``macosx_10_*_universal2`` platform tags (:issue:`379`)
* Introduce ``packaging.utils.parse_wheel_filename()`` and ``parse_sdist_filename()``
++++ runc:
- Update to handle the docker-runc removal. bsc#1181677
- Modernise go building for runc now that it has go.mod.
------------------------------------------------------------------
------------------ 2021-2-1 - Feb 1 2021 -------------------
------------------------------------------------------------------
++++ Mesa:
- update to 20.3.4
* fourth bugfix release for the 20.3 branch
++++ Mesa-drivers:
- update to 20.3.4
* fourth bugfix release for the 20.3 branch
++++ audit-secondary:
- Do not explicitly provide group(audit) in system-users-audit:
this is automatically handled by rpm/providers.
++++ transactional-update:
- Add libselinux build time dependency
- Remove RPM version check
- Fix libstdc++ filesystem ABI incompatibility by using newer gcc
version on old distributions. [boo#1181582]
++++ filesystem:
- add /usr/etc/skel/.cache with perm 0700 (boo#1181011)
++++ libgcrypt:
- Use the suffix variable correctly in get_hmac_path()
- Rebase libgcrypt-fips_selftest_trigger_file.patch
++++ ncurses:
- Add ncurses patch 20210130
+ correct an off-by-one in comparison in waddch_literal() which caused
scrolling when a double-cell character would not fit at the lower
right corner of the screen (report by Benno Schulenberg).
+ split-out att610+cvis, vt220+cvis, vt220+cvis8 -TD
+ add vt220-base, for terminal emulators which generally have not
supported att610's blinking cursor control -TD
+ use vt220+cvis in vt220, etc -TD
+ use att610+cvis, xterm+tmux and ansi+enq in kitty -TD
+ use vt220+cvis in st, terminology, termite since they ignore
blinking-cursor detail in att610+cvis -TD
- Port patch ncurses-6.2.dif
* Skip cvvis entries where vt220+cvis is used
* Skip function keys in rxvt-basic as rxvt+pcfkeys and use=vt220+keypadcw
is used
++++ open-isns:
- Update to version 0.101:
* Updated ChangeLog for version v0.101
* Preparing for version 0.101
* Fix parsing of GetNextRsp
* Added TODO to test "isnsd --init"
* Add man page for isnssetup.
* Fix broken server authentication initialization.
* Update version string to "0.100".
* Added a TODO: 'make depend' not worrking
* libisns: remove sighold and sigrelse
* fix compilation without deprecated OpenSSL APIs
* socket.c: include poll.h instead of sys/poll.h for POSIX compatibility
* Fix 586 compile issue and remove -Werror
* Do not ignore write() return value.
* Fix compiler issue when not in security mode
* Ignore common build files
This removed the need for open-isns-updates.diff.bz2 (for now), since
those commits are in version v0.101.
++++ python-pyOpenSSL:
- update to 20.0.1:
- Fixed compatibility with OpenSSL 1.1.0.
------------------------------------------------------------------
------------------ 2021-1-31 - Jan 31 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Update to 5.11-rc6
- eliminated 1 patch
- patches.suse/iwlwifi-dbg-Don-t-touch-the-tlv-data.patch
- refresh
- patches.suse/acpi_thermal_passive_blacklist.patch
- update configs
- LEDS_RT8515=m
- commit 8d79a70
++++ avahi:
- Build python bindings subpackages for all flavors
* use the python-rpm-macros singlespec system: The macro
%python_subpackages together with %python_subpackage_only
creates the pythonXY-avahi bindings package for all python
flavors on Tumbleweed (currently python36, python38)
* Put the avahi-bookmarks command under updates-alternatives
control to avoid package conflicts between flavors
* outside of build_core, the build continues to use but not
install everything in the primary python3 flavor.
* For distros without multiple python3 flavors and/or older
python-rpm-macros, the status quo is unchanged.
------------------------------------------------------------------
------------------ 2021-1-30 - Jan 30 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Linux 5.10.12 (bsc#1012628).
- gpio: mvebu: fix pwm .get_state period calculation
(bsc#1012628).
- Revert "mm/slub: fix a memory leak in sysfs_slab_add()"
(bsc#1012628).
- futex: Ensure the correct return value from futex_lock_pi()
(bsc#1012628).
- futex: Replace pointless printk in fixup_owner() (bsc#1012628).
- futex: Provide and use pi_state_update_owner() (bsc#1012628).
- rtmutex: Remove unused argument from rt_mutex_proxy_unlock()
(bsc#1012628).
- futex: Use pi_state_update_owner() in put_pi_state()
(bsc#1012628).
- futex: Simplify fixup_pi_state_owner() (bsc#1012628).
- futex: Handle faults correctly for PI futexes (bsc#1012628).
- HID: wacom: Correct NULL dereference on AES pen proximity
(bsc#1012628).
- HID: multitouch: Apply MT_QUIRK_CONFIDENCE quirk for multi-input
devices (bsc#1012628).
- media: Revert "media: videobuf2: Fix length check for single
plane dmabuf queueing" (bsc#1012628).
- media: v4l2-subdev.h: BIT() is not available in userspace
(bsc#1012628).
- RDMA/vmw_pvrdma: Fix network_hdr_type reported in WC
(bsc#1012628).
- kernel/io_uring: cancel io_uring before task works
(bsc#1012628).
- io_uring: inline io_uring_attempt_task_drop() (bsc#1012628).
- io_uring: add warn_once for io_uring_flush() (bsc#1012628).
- io_uring: stop SQPOLL submit on creator's death (bsc#1012628).
- io_uring: fix null-deref in io_disable_sqo_submit (bsc#1012628).
- io_uring: do sqo disable on install_fd error (bsc#1012628).
- io_uring: fix false positive sqo warning on flush (bsc#1012628).
- io_uring: fix uring_flush in exit_files() warning (bsc#1012628).
- io_uring: fix skipping disabling sqo on exec (bsc#1012628).
- io_uring: dont kill fasync under completion_lock (bsc#1012628).
- io_uring: fix sleeping under spin in __io_clean_op
(bsc#1012628).
- objtool: Don't fail on missing symbol table (bsc#1012628).
- mm/page_alloc: add a missing mm_page_alloc_zone_locked()
tracepoint (bsc#1012628).
- mm: fix a race on nr_swap_pages (bsc#1012628).
- tools: Factor HOSTCC, HOSTLD, HOSTAR definitions (bsc#1012628).
- printk: fix buffer overflow potential for print_text()
(bsc#1012628).
- printk: fix string termination for record_print_text()
(bsc#1012628).
- commit a3c8888
- config: arm64: Enable Arm SP805 hardware watchdog (boo#1181607)
The Ten64 board with NXP LS1088A SoC is documented to have Arm SP805 based
watchdogs, so let's enable the driver for it.
- commit a0c37a5
++++ patterns-base:
- Downgrade zypper to Recommends in the base pattern so buildroots
and appliance builds can go without it when desired
------------------------------------------------------------------
------------------ 2021-1-29 - Jan 29 2021 -------------------
------------------------------------------------------------------
++++ containerd:
- Update to containerd v1.4.3, which is needed for Docker v20.10.2-ce.
bsc#1181594
- Install the containerd-shim* binaries and stop creating
docker-containerd-shim because that isn't used by Docker anymore.
bsc#1183024
++++ docker:
- Update to Docker 20.10.2-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1181594
- Remove upstreamed patches:
- bsc1122469-0001-apparmor-allow-readby-and-tracedby.patch
- boo1178801-0001-Add-docker-interfaces-to-firewalld-docker-zone.patch
- Add patches to fix build:
+ cli-0001-Rename-bin-md2man-to-bin-go-md2man.patch
- Since upstream has changed their source repo (again) we have to rebase all of
our patches. While doing this, I've collapsed all patches into one branch
per-release and thus all the patches are now just one series:
- packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
+ 0001-PACKAGING-revert-Remove-docker-prefix-for-containerd.patch
- secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
+ 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
- secrets-0002-SUSE-implement-SUSE-container-secrets.patch
+ 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
- private-registry-0001-Add-private-registry-mirror-support.patch
+ 0004-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
- bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
+ 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- Re-apply secrets fix for bsc#1065609 which appears to have been lost after it
was fixed.
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
++++ filesystem:
- Set correct permissions when creating /proc and /sys
++++ kernel-default:
- series.conf: cleanup
- move to "almost mainline" section:
patches.suse/floppy-reintroduce-O_NDELAY-fix.patch
- commit 26dd464
++++ kmod:
- Supplement bash-completion subpackage against the main package
and bash-completion.
- Also require the main package plus bash-completion: the
completion package is useless without either of the two.
++++ util-linux:
- Do not require libeconf-devel on products without /usr/etc.
++++ python310-core:
- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
_ctypes/callproc.c, which may lead to remote code execution.
++++ libvirt:
- Revert "Add libvirtd dependency to virt-guest-shutdown.target"
32c5e432-revert-f035f53b.patch
bsc#1177902
- spec: Enable the libvirt firewalld zone in SLE >= 15 SP3
jsc#SLE-17336
++++ pinentry:
- add _multibuild to separate out gui client builds
++++ python310:
- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
_ctypes/callproc.c, which may lead to remote code execution.
++++ python-psutil:
- Do not install tests (and change the way they're run since they
were run from %{buildroot})
++++ qemu:
- Additional tweaks to ensure libvirt runs ok when
qemu-hw-display-virtio-gpu package is not installed
- Use '%service_del_postun_without_restart' instead of
'%service_del_postun' to avoid "Failed to try-restart
qemu-ga@.service" error while updating the qemu-guest-agent.
(bsc#1178565)
++++ sysuser-tools:
- Use systemd-sysusers only if /proc is mounted, don't require it
++++ util-linux-systemd:
- Do not require libeconf-devel on products without /usr/etc.
------------------------------------------------------------------
------------------ 2021-1-28 - Jan 28 2021 -------------------
------------------------------------------------------------------
++++ audit-secondary:
- Create new "audit" group for read access to logs (bsc#1178154)
* add change-default-log_group.patch
* update audit-secondary.spec
++++ transactional-update:
- Rework packaging based on Fedora packaging to separate all the
components to remove the intrinsic requirement for Zypper
++++ e2fsprogs:
- Fix usage of info macros on openSUSE, we use file triggers today
- Use file requires for post section
++++ librsvg:
- Update to version 2.50.3:
+ Compute correct bounds for objects with stroke-width=0.
+ Fix test suite on Rust 1.49.
++++ texinfo:
- Use file requires for gzip to be able to use alternate
implementations
++++ kernel-default:
- series.conf: Move performance-related tuning parameters to separate section
This is in preparation for syncing between SLE-specific tunable changes and
the master tunings.
- commit 1019feb
- floppy: reintroduce O_NDELAY fix (boo#1181018).
- commit fcfe481
++++ kmod:
- Update to v28
* Add Zstandard to the supported compression formats using libzstd
(tests only - cannot be disabled in tests)
* Ignore ill-formed kernel command line, e.g. with "ivrs_acpihid[00:14.5]=AMD0020:0"
option in it
* Fix some memory leaks
* Fix 0-length builtin.alias.bin: it needs at least the index header
- Backport upstream fix 0001-Fix-modinfo-F-always-shows-name-for-built-ins.patch
++++ graphene:
- Pass conditional Darm_neon=false instead of Darm-neon=true to
meson, fix build for armv7.
- Stop passing Dbenchmarks=true, no longer recognized nor used.
++++ shadow:
- Do not require libeconf-devel on products without /usr/etc.
++++ tpm2-0-tss:
- update to 3.0.3:
- changes in 3.0.3:
* Fix Regression in Fapi_List
* Fix memory leak in policy calculation
- changes in 3.0.2:
* FAPI: Fix setting of the system flag of NV objects
* This will let NV object metadata be created system-wide always instead of
* locally in the user. Existing metadata will remain in the user directory.
* It can be moved to the corresponding systemstore manually if needed.
* FAPI: Fix policy searching, when a policyRef was provided
* FAPI: Accept EK-Certs without CRL dist point
* FAPI: Fix return codes of Fapi_List
* FAPI: Fix memleak in policy execution
* FAPI: Fix coverity NULL-pointer check
* FAPI: Set the written flag of NV objects in FAPI PolicyNV commands
* FAPI: Fix deleting of policy files.
* FAPI: Fix wrong file loading during object search.
* Fapi: Fix memory leak
* Fapi: Fix potential NULL-Dereference
* Fapi: Remove superfluous NULL check
* Fix a memory leak in async keystore load.
++++ openSUSE-build-key:
- Add openSUSE Backports key to openSUSE Leap (bsc#1181344)
This is needed because most of Leap 15.3+ packages are in fact
build in openSUSE Backport (Closing The Leap Gap)
++++ python-psutil:
- Add patch to skip tests related to rlimit and zombie processes
that fail when building for python2 on i586:
* skip_rlimit_tests_on_python2.patch
++++ python-pycurl:
- update to 7.43.0.6:
* Fixed offset parameter usage in seek callback
* Added support for libcurl SSL backend detection via
`curl-config --ssl-backends`
* Added support for libcurl MultiSSL
* Added ability to unset CURLOPT_PROXY.
* Added support for CURLOPT_UPLOAD_BUFFERSIZE
* Added support for CURLOPT_MAXAGE_CONN
* Added support for sharing connection cache in libcurl
* Added support for CURLOPT_HAPROXYPROTOCOL
* CC and CFLAGS environment variables are now respected when building
* Fixed OpenSSL detection on CentOS 7 and 8
* surrogateescape error handler is used in multi_info_read to handle
invalid UTF-8.
- drop python-pycurl-7.43.0-tls-backend.patch (upstream)
- refresh remove_nose.patch to remove even more nose code
++++ python-urllib3:
- update to 1.26.3:
* Fixed bytes and string comparison issue with headers (Pull #2141)
* Changed ``ProxySchemeUnknown`` error message to be
more actionable if the user supplies a proxy URL without
a scheme. (Pull #2107)
++++ ovmf:
- Add ovmf-jscSLE-16075-SEV-ES-use-physical-address.patch as the
follow-up patch for SEV-ES to fix the flash writing
(jsc#SLE-16075)
- Update 50-xen-hvm-x86_64.json to add "nvram-template" and change
the firmware file to ovmf-x86_64-ms-4m.bin
(bsc#1180050, bsc#1181264)
- Refresh ovmf-bsc1180079-amd-sev-es-mitigation.patch
+ Use "git format-patch --no-renames" to generate the patch to
avoid confusing quilt with the renamed files
++++ tpm2.0-tools:
- add fix_warnings.patch: fixes a couple of build errors resulting from LTO
linking and -Werror.
- add fix_pie_linking.patch: fixes an error in the build system that causes
the tss2 binary to be linked without passed LDFLAGS (like -pie), which
causes the binary not to be position independent.
- update to major version 5.0:
- Non Backwards Compatible Changes
* Default hash algorithm is now sha256. Prior versions claimed sha1, but were
inconsistent in choice. Best practice is to specify the hash algorithm to
avoid surprises.
* tpm2_tools and tss2_tools are now a busybox style commandlet. Ie
tpm2_getrandom becomes tpm2 getrandom. make install will install symlinks
to the old tool names and the tpm2 commandlet will interrogate argv[0] for
the command to run. This will provide backwards compatibility if they are
installed. If you wish to use the old names not installed system wide, set
DESTDIR during install to a separate path and set the proper directory on
PATH.
* tpm2_eventlog's output changed to be YAML compliant. The output before
was intended to be YAML compliant but was never properly checked and
tested.
* umask set to 0117 for all tools.
* tpm2_getekcertificate now outputs the INTC EK certificates in PEM format
by default. In order to output the URL safe variant of base64 encoded
output of the INTC EK certificate use the added option --raw.
- Dependency update
* Update tpm2-tss dependency version to 3.0.1
* Update tpm2-abrmd dependency version to 2.3.3
- New tools and features
* tpm2_zgen2phase: Add new tool to support command TPM2_CC_ZGen_2Phase.
* tpm2_ecdhzgen: Add new tool to support command TPM2_CC_ECDH_ZGen.
* tpm2_ecdhkeygen: Add new tool to support command TPM2_CC_ECDH_KeyGen.
* tpm2_commit: Add new tool to support command TPM2_CC_Commit.
* tpm2_ecephemeral: Add new tool to support command TPM2_CC_EC_Ephemeral.
* tpm2_geteccparameters: Add new tool to support command TPM2_CC_ECC_Parameters.
* tpm2_setcommandauditstatus: Added new tool to support command TPM2_CC_SetCommandCodeAuditStatus.
* tpm2_getcommandauditstatus: Added new tool to support command TPM2_CC_GetCommandAuditDigest.
* tpm2_getsessionauditdigest: Added new tool to support command TPM2_CC_GetSessionAuditDigest.
* tpm2_certifyX509certutil: Added new tool for creating partial x509 certificates required to support
the TPM2_CC_CertifyX509 command.
* tpm2_policysigned:
Added option --cphash-input to specify the command parameter hash
(cpHashA), enforcing the TPM command to be authorized as well as its
handle and parameter values.
* tpm2_createprimary:
Added option to specify the unique data from the stdin by adding
provision for specifying the option value for unique file as -.
* tpm2_startauthsession:
Added new feature/option --audit-session to start an HMAC session to
be used as an audit session.
* tpm2_getrandom:
- Added new feature/option -S, --session to specify a HMAC session
to be used as an audit session. This adds support for auditing the
command using an audit session.
- Added new feature/option --rphash to specify file path to record the
hash of the response parameters. This is commonly termed as rpHash.
- Added new feature/option --cphash to specify a file path to record
the hash of the command parameters. This is commonly termed as cpHash.
NOTE: In absence of --rphash option, when this option is selected,
The tool will not actually execute the command, it simply returns a
cpHash.
* tpm2_getcap: tpm2_getcap was missing raw on a property TPM2_PT_REVISION,
and it should always be specified.
* tpm2_sign:
- Add option --commit-index to specify the commit index to use when
performing an ECDAA signature.
- Add support for ECDAA signature.
* tpm2_getekcertificate:
- Add option --raw to output EK certificate in URL safe variant base64
encoded format. By default it outputs a PEM formatted certificate.
- The tool can now output INTC and non INTC EK certificates from NV
indices specified by the TCG EK profile specification.
* tpm2_activatecredential:
- The secret data input can now be specified as stdin with -s option.
- The public key used for encryption can be specified as -u to make it
similar to rest of the tools specifying a public key. The old -e
option is retained for backwards compatibility.
- Add option to specify the key algorithm when the input public key is in
PEM format using the new option -G, --key-algorithm. Can specify
either RSA/ECC. When this option is used, input public key is expected
to be in PEM format and the default TCG EK template is used for the key
properties.
* tpm2_checkqoute:
- Add EC support.
- Support loading tss signatures.
- Support loading tpm2 pcrread PCR values by specifying the PCR
selection using the new option -l, --pcr-list.
- Added support for automatically detecting the signature format. With
this -F, --format option is retained for backwards compatibility but
it is deprecated.
* tpm2_createak: add option to output qualified name with new option
- q, --ak-qualified-name.
* tpm2_policypcr: Add option for specifying cumulative hash of PCR's as an argument.
* tpm2_readpublic: Add option to output qualified name using the new option
- q, --qualified-name.
* tpm2_print:
- Support printing TPM2B_PUBLIC data structures.
- Support printing TPMT_PUBLIC data structures.
* tpm2_send: Add support for handling sending and receiving command and
response buffer for multiple commands.
* tpm2_verifysignature: Added support for verifying RSA-PSS signatures.
* tpm2_eventlog:
- Add handling of sha1 log format.
- Add fixes for eventlog output to be proper YAML.
- Add support for sha384, sha512, sm3_256 PCR hash algorithms.
- Add support for computing PCR values based on the events.
* tpm2_tools (all):
- Set stdin/stdout to non-buffering.
- Added changes for FreeBSD portability.
- Bug fixes
* Fix printing short options when no ascii character is used.
* OpenSSL: Fix deprecated OpenSSL functions. ECC Functions with suffix
GFp will become deprecated (DEPRECATED_1_2_0).
* tpm2_eventlog: output EV_POST_CODE as string not firmware blob to be
compliant with TCG PC Client FPF section 2.3.4.1 and 9.4.12.3.4.1
* Fix missing handle maps for ESY3 handle breaks. See #1994.
* tpm2_rsaencrypt: fix OAEP RSA encryption failing to invalid hash selection.
* tpm2_rsadecrypt: fix OAEP RSA decryption failing to invalid hash selection.
* tpm2_sign: fix for signing failures with restricted signing keys when
input data to sign is not a digest, rather the full message. The
validation ticket creation process defaults to the owner hierarchy and
so in order to choose other hierarchies the tpm2_hash tool should be
used instead.
* tpm2_print: fix segfault when -t option is omitted by appropriately
warning of the required option.
* tpm2_nvdefine: fix for default size when size is not specified by
invoking TPM2_CC_GetCapability.
* Fix for an issue where the return code for unsupported algorithms was
tool_rc_general instead of tool_rc_unsupported in tpm2_create and
tpm2_createprimary tools.
* Fix for an issue where RSA_PSS signature verification caused failures.
* tpm2_nvreadpublic, tpm2_kdfa, tpm2_checkquote, tpm2_quote:
Fixes for issues with interoperability of the attestation tools between
big and little endian platforms.
* tss2_*:
- Fix bash-completion for tss2_pcrextend and tss2_verifysignature
- Add force option to tss2_list
- Make force option consistent in all fapi tools
- Do not decode non-TPM errors
- Enhance integration tests to test changes of optional/mandatory parameters
- Add --hex parameter to tss2_getrandom
- Fix autocompletion issue
- Switch tss2_* to with-"="-style
- Add size parameter to tss2_createseal
- References to the cryptographic profile (fapi-profile(5)) and config file
- (fapi-config(5)) man pages from all relevant tss2_* man pages.
- Fix policy branch selection menu item from 1 to 0.
- Documentation
* wiki pages have been removed and data has been migrated to
tpm2-software.github.io portal's tutorial section.
* Fix the problem with man and no-man help output for tools were not
correctly displayed.
* man:
- tpm2_create: Correct max seal data size from 256 bytes to 128 bytes.
- tpm2_nvread: Fix manpage example.
- tpm2_nvwrite: Added missing information on how to specify the NV index as
an argument.
- tpm2_unseal: Add end-to-end example.
- tpm2_nvincrement: Fix incorrect commands in example section.
- tpm2_hmac: Fix the example section.
------------------------------------------------------------------
------------------ 2021-1-27 - Jan 27 2021 -------------------
------------------------------------------------------------------
++++ Mesa:
- removed no longer needed buildfix-ppc64le.patch; build failed on
ppc64 due to this patch (bsc#1181439)
++++ Mesa-drivers:
- removed no longer needed buildfix-ppc64le.patch; build failed on
ppc64 due to this patch (bsc#1181439)
++++ dnsmasq:
- Fix building with lua54
++++ transactional-update:
- Version 3.0.0
- This release changes the internal structure, but should be
identical to the previous release feature wise.
- Major parts of the previous Bash only application have been
rewritten in C++ with the goal to provide an API around
transactions; the transactional-update script is using that
new interface internally already, however the API should
be considered experimental for now - if you are interested to
use it, please notify us in
https://github.com/openSUSE/transactional-update/issues/52
- A new tool called "tukit" provides a C++ tool that can be
wrapped by scripts to leverage the functionality. Please
consider it experimental for now, the commands may still change.
- Bugfixes:
- Implement support for system offline update [boo#1180808]
- Add statistics files to update environment [boo#1173282]
++++ gnutls:
- Update to 3.7.0
* Depend on nettle 3.6
* Added a new API that provides a callback function to retrieve
missing certificates from incomplete certificate chains
* Added a new API that provides a callback function to output the
complete path to the trusted root during certificate chain
verification
* OIDs exposed as gnutls_datum_t no longer account for the
terminating null bytes, while the data field is null terminated.
The affected API functions are: gnutls_ocsp_req_get_extension,
gnutls_ocsp_resp_get_response, and gnutls_ocsp_resp_get_extension
* Added a new set of API to enable QUIC implementation
* The crypto implementation override APIs deprecated in 3.6.9 are
now no-op
* Added MAGMA/KUZNYECHIK CTR-ACPKM and CMAC support
* Support for padlock has been fixed to make it work with Zhaoxin CPU
* The maximum PIN length for PKCS #11 has been increased from 31
bytes to 255 bytes
- Remove patch fixed upstream:
* gnutls-FIPS-use_2048_bit_prime_in_DH_selftest.patch
- Add version guards for the crypto-policies package
- Fix threading bug in libgnutls [bsc#1173434]
* Upstream bug: gitlab.com/gnutls/gnutls/issues/1044
++++ grub2:
- Complete Secure Boot support on aarch64 (jsc#SLE-15020)
* 0001-Add-support-for-Linux-EFI-stub-loading-on-aarch64.patch
* 0002-arm64-make-sure-fdt-has-address-cells-and-size-cells.patch
* 0003-Make-grub_error-more-verbose.patch
* 0004-arm-arm64-loader-Better-memory-allocation-and-error-.patch
* 0005-Make-linux_arm_kernel_header.hdr_offset-be-at-the-ri.patch
* 0006-efi-Set-image-base-address-before-jumping-to-the-PE-.patch
* 0007-linuxefi-fail-kernel-validation-without-shim-protoco.patch
* 0008-squash-Add-support-for-Linux-EFI-stub-loading-on-aar.patch
* 0009-squash-Add-support-for-linuxefi.patch
++++ gzip:
- add gzip-1.10-fix_count_of_lines_to_skip.patch to fix count
of lines to skip [bsc#1180713]
++++ iproute2:
- Update to release 5.10
* iplink: add support for protodown reason
* ss: add support to expose various inet sockopts
* ss: add support for XDP statistics
* bridge: mdb: add support for source address
++++ kernel-default:
- Update config files.
Only refresh after 5.10.11.
- commit 90db4e6
- Linux 5.10.11 (bsc#1012628).
- scsi: target: tcmu: Fix use-after-free of se_cmd->priv
(bsc#1012628).
- mtd: rawnand: gpmi: fix dst bit offset when extracting raw
payload (bsc#1012628).
- mtd: rawnand: nandsim: Fix the logic when selecting Hamming
soft ECC engine (bsc#1012628).
- i2c: tegra: Wait for config load atomically while in ISR
(bsc#1012628).
- i2c: bpmp-tegra: Ignore unknown I2C_M flags (bsc#1012628).
- platform/x86: i2c-multi-instantiate: Don't create platform
device for INT3515 ACPI nodes (bsc#1012628).
- platform/x86: ideapad-laptop: Disable touchpad_switch for
ELAN0634 (bsc#1012628).
- ALSA: seq: oss: Fix missing error check in
snd_seq_oss_synth_make_info() (bsc#1012628).
- ALSA: hda/realtek - Limit int mic boost on Acer Aspire E5-575T
(bsc#1012628).
- ALSA: hda/via: Add minimum mute flag (bsc#1012628).
- crypto: xor - Fix divide error in do_xor_speed() (bsc#1012628).
- dm crypt: fix copy and paste bug in crypt_alloc_req_aead
(bsc#1012628).
- ACPI: scan: Make acpi_bus_get_device() clear return pointer
on error (bsc#1012628).
- btrfs: don't get an EINTR during drop_snapshot for reloc
(bsc#1012628).
- btrfs: do not double free backref nodes on error (bsc#1012628).
- btrfs: fix lockdep splat in btrfs_recover_relocation
(bsc#1012628).
- btrfs: don't clear ret in btrfs_start_dirty_block_groups
(bsc#1012628).
- btrfs: send: fix invalid clone operations when cloning from
the same file and root (bsc#1012628).
- fs: fix lazytime expiration handling in
__writeback_single_inode() (bsc#1012628).
- pinctrl: ingenic: Fix JZ4760 support (bsc#1012628).
- mmc: core: don't initialize block size from ext_csd if not
present (bsc#1012628).
- mmc: sdhci-of-dwcmshc: fix rpmb access (bsc#1012628).
- mmc: sdhci-xenon: fix 1.8v regulator stabilization
(bsc#1012628).
- mmc: sdhci-brcmstb: Fix mmc timeout errors on S5 suspend
(bsc#1012628).
- dm: avoid filesystem lookup in dm_get_dev_t() (bsc#1012628).
- dm integrity: fix a crash if "recalculate" used without
"internal_hash" (bsc#1012628).
- dm integrity: conditionally disable "recalculate" feature
(bsc#1012628).
- drm/atomic: put state on error path (bsc#1012628).
- drm/syncobj: Fix use-after-free (bsc#1012628).
- drm/amdgpu: remove gpu info firmware of green sardine
(bsc#1012628).
- drm/amd/display: DCN2X Find Secondary Pipe properly in MPO +
ODM Case (bsc#1012628).
- drm/i915/gt: Prevent use of engine->wa_ctx after error
(bsc#1012628).
- drm/i915: Check for rq->hwsp validity after acquiring RCU lock
(bsc#1012628).
- ASoC: Intel: haswell: Add missing pm_ops (bsc#1012628).
- ASoC: rt711: mutex between calibration and power state changes
(bsc#1012628).
- SUNRPC: Handle TCP socket sends with kernel_sendpage() again
(bsc#1012628).
- HID: multitouch: Enable multi-input for Synaptics
pointstick/touchpad device (bsc#1012628).
- HID: sony: select CONFIG_CRC32 (bsc#1012628).
- dm integrity: select CRYPTO_SKCIPHER (bsc#1012628).
- x86/hyperv: Fix kexec panic/hang issues (bsc#1012628).
- scsi: ufs: Relax the condition of
UFSHCI_QUIRK_SKIP_MANUAL_WB_FLUSH_CTRL (bsc#1012628).
- scsi: ufs: Correct the LUN used in eh_device_reset_handler()
callback (bsc#1012628).
- scsi: qedi: Correct max length of CHAP secret (bsc#1012628).
- scsi: scsi_debug: Fix memleak in scsi_debug_init()
(bsc#1012628).
- scsi: sd: Suppress spurious errors when WRITE SAME is being
disabled (bsc#1012628).
- riscv: Fix kernel time_init() (bsc#1012628).
- riscv: Fix sifive serial driver (bsc#1012628).
- riscv: Enable interrupts during syscalls with M-Mode
(bsc#1012628).
- HID: logitech-dj: add the G602 receiver (bsc#1012628).
- HID: Ignore battery for Elan touchscreen on ASUS UX550
(bsc#1012628).
- clk: tegra30: Add hda clock default rates to clock driver
(bsc#1012628).
- ALSA: hda/tegra: fix tegra-hda on tegra30 soc (bsc#1012628).
- riscv: cacheinfo: Fix using smp_processor_id() in preemptible
(bsc#1012628).
- arm64: make atomic helpers __always_inline (bsc#1012628).
- xen: Fix event channel callback via INTX/GSI (bsc#1012628).
- x86/xen: Add xen_no_vector_callback option to test PCI INTX
delivery (bsc#1012628).
- x86/xen: Fix xen_hvm_smp_init() when vector callback not
available (bsc#1012628).
- dts: phy: fix missing mdio device and probe failure of
vsc8541-01 device (bsc#1012628).
- dts: phy: add GPIO number and active state used for phy reset
(bsc#1012628).
- riscv: defconfig: enable gpio support for HiFive Unleashed
(bsc#1012628).
- drm/amdgpu/psp: fix psp gfx ctrl cmds (bsc#1012628).
- drm/amd/display: disable dcn10 pipe split by default
(bsc#1012628).
- HID: logitech-hidpp: Add product ID for MX Ergo in Bluetooth
mode (bsc#1012628).
- drm/amd/display: Fix to be able to stop crc calculation
(bsc#1012628).
- drm/nouveau/bios: fix issue shadowing expansion ROMs
(bsc#1012628).
- drm/nouveau/privring: ack interrupts the same way as RM
(bsc#1012628).
- drm/nouveau/i2c/gm200: increase width of aux semaphore owner
fields (bsc#1012628).
- drm/nouveau/mmu: fix vram heap sizing (bsc#1012628).
- drm/nouveau/kms/nv50-: fix case where notifier buffer is at
offset 0 (bsc#1012628).
- io_uring: flush timeouts that should already have expired
(bsc#1012628).
- libperf tests: If a test fails return non-zero (bsc#1012628).
- libperf tests: Fail when failing to get a tracepoint id
(bsc#1012628).
- RISC-V: Set current memblock limit (bsc#1012628).
- RISC-V: Fix maximum allowed phsyical memory for RV32
(bsc#1012628).
- x86/xen: fix 'nopvspin' build error (bsc#1012628).
- nfsd: Fixes for nfsd4_encode_read_plus_data() (bsc#1012628).
- nfsd: Don't set eof on a truncated READ_PLUS (bsc#1012628).
- gpiolib: cdev: fix frame size warning in gpio_ioctl()
(bsc#1012628).
- pinctrl: aspeed: g6: Fix PWMG0 pinctrl setting (bsc#1012628).
- pinctrl: mediatek: Fix fallback call path (bsc#1012628).
- RDMA/ucma: Do not miss ctx destruction steps in some cases
(bsc#1012628).
- btrfs: print the actual offset in btrfs_root_name (bsc#1012628).
- scsi: megaraid_sas: Fix MEGASAS_IOC_FIRMWARE regression
(bsc#1012628).
- scsi: ufs: ufshcd-pltfrm depends on HAS_IOMEM (bsc#1012628).
- scsi: ufs: Fix tm request when non-fatal error happens
(bsc#1012628).
- crypto: omap-sham - Fix link error without crypto-engine
(bsc#1012628).
- bpf: Prevent double bpf_prog_put call from
bpf_tracing_prog_attach (bsc#1012628).
- powerpc: Use the common INIT_DATA_SECTION macro in vmlinux.lds.S
(bsc#1012628).
- powerpc: Fix alignment bug within the init sections
(bsc#1012628).
- arm64: entry: remove redundant IRQ flag tracing (bsc#1012628).
- bpf: Reject too big ctx_size_in for raw_tp test run
(bsc#1012628).
- drm/amdkfd: Fix out-of-bounds read in
kdf_create_vcrat_image_cpu() (bsc#1012628).
- RDMA/umem: Avoid undefined behavior of rounddown_pow_of_two()
(bsc#1012628).
- RDMA/cma: Fix error flow in default_roce_mode_store
(bsc#1012628).
- printk: ringbuffer: fix line counting (bsc#1012628).
- printk: fix kmsg_dump_get_buffer length calulations
(bsc#1012628).
- iov_iter: fix the uaccess area in copy_compat_iovec_from_user
(bsc#1012628).
- i2c: octeon: check correct size of maximum RECV_LEN packet
(bsc#1012628).
- drm/vc4: Unify PCM card's driver_name (bsc#1012628).
- platform/x86: intel-vbtn: Drop HP Stream x360 Convertible PC
11 from allow-list (bsc#1012628).
- platform/x86: hp-wmi: Don't log a warning on
HPWMI_RET_UNKNOWN_COMMAND errors (bsc#1012628).
- gpio: sifive: select IRQ_DOMAIN_HIERARCHY rather than depend
on it (bsc#1012628).
- ALSA: hda: Balance runtime/system PM if direct-complete is
disabled (bsc#1012628).
- xsk: Clear pool even for inactive queues (bsc#1012628).
- selftests: net: fib_tests: remove duplicate log test
(bsc#1012628).
- can: dev: can_restart: fix use after free bug (bsc#1012628).
- can: vxcan: vxcan_xmit: fix use after free bug (bsc#1012628).
- can: peak_usb: fix use after free bugs (bsc#1012628).
- perf evlist: Fix id index for heterogeneous systems
(bsc#1012628).
- i2c: sprd: depend on COMMON_CLK to fix compile tests
(bsc#1012628).
- iio: common: st_sensors: fix possible infinite loop in
st_sensors_irq_thread (bsc#1012628).
- iio: ad5504: Fix setting power-down state (bsc#1012628).
- drivers: iio: temperature: Add delay after the addressed reset
command in mlx90632.c (bsc#1012628).
- iio: adc: ti_am335x_adc: remove omitted iio_kfifo_free()
(bsc#1012628).
- counter:ti-eqep: remove floor (bsc#1012628).
- powerpc/64s: fix scv entry fallback flush vs interrupt
(bsc#1012628).
- cifs: do not fail __smb_send_rqst if non-fatal signals are
pending (bsc#1012628).
- irqchip/mips-cpu: Set IPI domain parent chip (bsc#1012628).
- x86/fpu: Add kernel_fpu_begin_mask() to selectively initialize
state (bsc#1012628).
- x86/topology: Make __max_die_per_package available
unconditionally (bsc#1012628).
- x86/mmx: Use KFPU_387 for MMX string operations (bsc#1012628).
- x86/setup: don't remove E820_TYPE_RAM for pfn 0 (bsc#1012628).
- proc_sysctl: fix oops caused by incorrect command parameters
(bsc#1012628).
- mm: memcg/slab: optimize objcg stock draining (bsc#1012628).
- mm: memcg: fix memcg file_dirty numa stat (bsc#1012628).
- mm: fix numa stats for thp migration (bsc#1012628).
- io_uring: iopoll requests should also wake task ->in_idle state
(bsc#1012628).
- io_uring: fix SQPOLL IORING_OP_CLOSE cancelation state
(bsc#1012628).
- io_uring: fix short read retries for non-reg files
(bsc#1012628).
- intel_th: pci: Add Alder Lake-P support (bsc#1012628).
- stm class: Fix module init return on allocation failure
(bsc#1012628).
- serial: mvebu-uart: fix tx lost characters at power off
(bsc#1012628).
- ehci: fix EHCI host controller initialization sequence
(bsc#1012628).
- USB: ehci: fix an interrupt calltrace error (bsc#1012628).
- usb: gadget: aspeed: fix stop dma register setting
(bsc#1012628).
- USB: gadget: dummy-hcd: Fix errors in port-reset handling
(bsc#1012628).
- usb: udc: core: Use lock when write to soft_connect
(bsc#1012628).
- usb: bdc: Make bdc pci driver depend on BROKEN (bsc#1012628).
- usb: cdns3: imx: fix writing read-only memory issue
(bsc#1012628).
- usb: cdns3: imx: fix can't create core device the second time
issue (bsc#1012628).
- xhci: make sure TRB is fully written before giving it to the
controller (bsc#1012628).
- xhci: tegra: Delay for disabling LFPS detector (bsc#1012628).
- drivers core: Free dma_range_map when driver probe failed
(bsc#1012628).
- driver core: Fix device link device name collision
(bsc#1012628).
- driver core: Extend device_is_dependent() (bsc#1012628).
- drm/i915: s/intel_dp_sink_dpms/intel_dp_set_power/
(bsc#1012628).
- drm/i915: Only enable DFP 4:4:4->4:2:0 conversion when
outputting YCbCr 4:4:4 (bsc#1012628).
- x86/entry: Fix noinstr fail (bsc#1012628).
- x86/cpu/amd: Set __max_die_per_package on AMD (bsc#1012628).
- cls_flower: call nla_ok() before nla_next() (bsc#1012628).
- netfilter: rpfilter: mask ecn bits before fib lookup
(bsc#1012628).
- tools: gpio: fix %llu warning in gpio-event-mon.c (bsc#1012628).
- tools: gpio: fix %llu warning in gpio-watch.c (bsc#1012628).
- drm/i915/hdcp: Update CP property in update_pipe (bsc#1012628).
- sh: dma: fix kconfig dependency for G2_DMA (bsc#1012628).
- sh: Remove unused HAVE_COPY_THREAD_TLS macro (bsc#1012628).
- locking/lockdep: Cure noinstr fail (bsc#1012628).
- ASoC: SOF: Intel: fix page fault at probe if i915 init fails
(bsc#1012628).
- octeontx2-af: Fix missing check bugs in rvu_cgx.c (bsc#1012628).
- net: dsa: mv88e6xxx: also read STU state in
mv88e6250_g1_vtu_getnext (bsc#1012628).
- selftests/powerpc: Fix exit status of pkey tests (bsc#1012628).
- sh_eth: Fix power down vs. is_opened flag ordering
(bsc#1012628).
- nvme-pci: refactor nvme_unmap_data (bsc#1012628).
- nvme-pci: fix error unwind in nvme_map_data (bsc#1012628).
- cachefiles: Drop superfluous readpages aops NULL check
(bsc#1012628 bsc#1175245).
- lightnvm: fix memory leak when submit fails (bsc#1012628).
- skbuff: back tiny skbs with kmalloc() in __netdev_alloc_skb()
too (bsc#1012628).
- kasan: fix unaligned address is unhandled in
kasan_remove_zero_shadow (bsc#1012628).
- kasan: fix incorrect arguments passing in kasan_add_zero_shadow
(bsc#1012628).
- tcp: fix TCP socket rehash stats mis-accounting (bsc#1012628).
- net_sched: gen_estimator: support large ewma log (bsc#1012628).
- udp: mask TOS bits in udp_v4_early_demux() (bsc#1012628).
- ipv6: create multicast route with RTPROT_KERNEL (bsc#1012628).
- net_sched: avoid shift-out-of-bounds in tcindex_set_parms()
(bsc#1012628).
- net_sched: reject silly cell_log in qdisc_get_rtab()
(bsc#1012628).
- ipv6: set multicast flag on the multicast route (bsc#1012628).
- net: mscc: ocelot: allow offloading of bridge on top of LAG
(bsc#1012628).
- net: Disable NETIF_F_HW_TLS_RX when RXCSUM is disabled
(bsc#1012628).
- net: dsa: b53: fix an off by one in checking "vlan->vid"
(bsc#1012628).
- tcp: do not mess with cloned skbs in tcp_add_backlog()
(bsc#1012628).
- tcp: fix TCP_USER_TIMEOUT with zero window (bsc#1012628).
- net: mscc: ocelot: Fix multicast to the CPU port (bsc#1012628).
- net: core: devlink: use right genl user_ptr when handling port
param get/set (bsc#1012628).
- pinctrl: qcom: Allow SoCs to specify a GPIO function that's
not 0 (bsc#1012628).
- pinctrl: qcom: No need to read-modify-write the interrupt status
(bsc#1012628).
- pinctrl: qcom: Properly clear "intr_ack_high" interrupts when
unmasking (bsc#1012628).
- pinctrl: qcom: Don't clear pending interrupts when enabling
(bsc#1012628).
- x86/sev: Fix nonistr violation (bsc#1012628).
- tty: implement write_iter (bsc#1012628).
- tty: fix up hung_up_tty_write() conversion (bsc#1012628).
- net: systemport: free dev before on error path (bsc#1012628).
- x86/sev-es: Handle string port IO to kernel memory properly
(bsc#1012628).
- tcp: Fix potential use-after-free due to double kfree()
(bsc#1012628).
- ASoC: SOF: Intel: hda: Avoid checking jack on system suspend
(bsc#1012628).
- drm/i915/hdcp: Get conn while content_type changed
(bsc#1012628).
- bpf: Local storage helpers should check nullness of owner ptr
passed (bsc#1012628).
- kernfs: implement ->read_iter (bsc#1012628).
- kernfs: implement ->write_iter (bsc#1012628).
- kernfs: wire up ->splice_read and ->splice_write (bsc#1012628).
- interconnect: imx8mq: Use icc_sync_state (bsc#1012628).
- fs/pipe: allow sendfile() to pipe again (bsc#1012628).
- Commit 9bb48c82aced ("tty: implement write_iter") converted
the tty layer to use write_iter. Fix the redirected_tty_write
declaration also in n_tty and change the comparisons to use
write_iter instead of write. also in n_tty and change the
comparisons to use write_iter instead of write (bsc#1012628).
- mm: fix initialization of struct page for holes in memory layout
(bsc#1012628).
- Revert "mm: fix initialization of struct page for holes in
memory layout" (bsc#1012628).
- Delete
patches.suse/fs-cachefs-Drop-superfluous-readpages-aops-NULL-chec.patch.
- commit 7d05541
++++ kernel-firmware:
- Update to version 20210119 (git commit 05789708b79b):
* brcm: Link RPi4's WiFi firmware with DMI machine name.
* brcm: Add NVRAM for Vamrs 96boards Rock960
* brcm: Update Raspberry Pi 3B+/4B NVRAM for downstream changes
* cypress: Fix link direction
* cypress: Link the new cypress firmware to the old brcm files
* brcm: remove old brcm firmwares that have newer cypress variants
* rtl_bt: Update RTL8822C BT(UART I/F) FW to 0x059A_25CB
* rtl_bt: Update RTL8822C BT(USB I/F) FW to 0x099a_7253
* rtl_bt: Add firmware and config files for RTL8852A BT USB chip
* rtl_bt: Update RTL8821C BT(USB I/F) FW to 0x829a_7644
- Fix install-split.sh to deal with the quoted spaces
- Update aliases
++++ libcap:
- update to 2.47:
* Restructured gowns to default to uid base of getuid().
* Augment NOPRIV libcap mode with the sticky NO_NEW_PRIVS prctl bit.
* Improve the usage and diagnostic message for setcap
* Documentation fixes, license declarations, example updates
++++ ceph:
- Update to 16.1.0-46-g571704f730
+ rebase on top of upstream v16.1.0 (Pacific release candidate)
+ drop obsolete downstream patches that were causing conflicts:
* cephadm: use registry.suse.com by default
* cephadm: add global flag --container-init
* mgr/cephadm: append --container-init to basecommand
* cephadm: remove container-init subparser from "deploy"
++++ wayland:
- Update to release 1.19
* This release mostly contains bug fixes and minor
protocol updates.
++++ openssh:
- Add support for /etc/ssh/ssh_config.d and /etc/ssh/sshd_config.d
(openssh-8.4p1-ssh_config_d.patch)
++++ pinentry:
- actually build efl based pinentry
- re-enable validation of upstream signing key
++++ raspberrypi-firmware:
- Use disable-v3d overlay, it isn't ready for users to use but soon good enough
for a technology preview. (jsc#SLE-15928)
++++ raspberrypi-firmware-config:
- Use disable-v3d overlay, it isn't ready for users to use but soon good enough
for a technology preview. (jsc#SLE-15928)
++++ raspberrypi-firmware-config-camera:
- Use disable-v3d overlay, it isn't ready for users to use but soon good enough
for a technology preview. (jsc#SLE-15928)
++++ raspberrypi-firmware-dt:
- Introduce disable-v3d-overlay.dts, in order to be able to selectively disable
v3d while using vc4 as the display controller (jsc#SLE-15928).
++++ sudo:
- Update to 1.9.5.p2
* When invoked as sudoedit, the same set of command line
options are now accepted as for sudo -e. The -H and -P
options are now rejected for sudoedit and sudo -e which
matches the sudo 1.7 behavior. This is part of the fix for
CVE-2021-3156.
* Fixed a potential buffer overflow when unescaping backslashes
in the command's arguments. Normally, sudo escapes special
characters when running a command via a shell (sudo -s or
sudo -i). However, it was also possible to run sudoedit with
the -s or -i flags in which case no escaping had actually
been done, making a buffer overflow possible.
This fixes CVE-2021-3156. (bsc#1181090)
* Fixed sudo's setprogname(3) emulation on systems that don't
provide it.
* Fixed a problem with the sudoers log server client where a
partial write to the server could result the sudo process
consuming large amounts of CPU time due to a cycle in the
buffer queue. Bug #954.
* Added a missing dependency on libsudo_util in libsudo_eventlog.
Fixes a link error when building sudo statically.
* The user's KRB5CCNAME environment variable is now preserved
when performing PAM authentication. This fixes GSSAPI
authentication when the user has a non-default ccache.
++++ sysuser-tools:
- Set --replace option for systemd-sysusers
++++ u-boot-rpiarm64:
- Fix documentation location
Update to v2021.01.
Patch queue updated from git://github.com/openSUSE/u-boot.git tumbleweed-2021.01
* Patches dropped:
0028-usb-xhci-xhci_bulk_tx-Don-t-BUG-whe.patch
0029-Revert-Fix-data-abort-caused-by-mis.patch
0030-usb-xhci-pci-Add-DM_FLAG_OS_PREPARE.patch
0031-pci-brcmstb-Cleanup-controller-stat.patch
* Patches added:
0028-usb-xhci-pci-Add-DM_FLAG_OS_PREPARE.patch
0029-pci-brcmstb-Cleanup-controller-stat.patch
0030-fs-btrfs-Select-SHA256-in-Kconfig.patch
------------------------------------------------------------------
------------------ 2021-1-26 - Jan 26 2021 -------------------
------------------------------------------------------------------
++++ acl:
- Replace system-user-{bin,daemon} with user({bin,daemon}): be
resilient to package name changes.
++++ kernel-default:
- ALSA: hda/via: Apply the workaround generically for Clevo
machines (bsc#1181330).
- commit 87d962b
++++ lzo:
- add lzo-2.08-rhbz1309225.patch to avoid aliasing issues
++++ open-iscsi:
- Update to latest upstream (no new tag yet). To fix
bsc#1181313. Changes since last update added to
open-iscsi-SUSE-latest.diff.bz2:
* Fix iscsiadm segfault when exiting
* iscsid: Add NO_SYSTEMD to CFLAGS
* Change mkdir permissions to 0770, adjust usmask
* Fix typo in util.py
* iscsid: Do not allow conflicting pid-file options
* iscsiadm: Fix memory leak in iscsiadm
* libopeniscsiusr: Fix memory leak in iscsi_sessions_get()
* libopeniscsiusr: Fix memory leak in iscsi_nodes_get()
* idbm: Fix memory leak and NULL pointer dereference in idbm_rec_update_param()
* Add etc/systemd/iscsi-init.service to SYSTEMDFILES Makefile variable
++++ patterns-base:
- bootloader pattern should not require a base pattern
++++ qemu:
- Fix two additional cases of qemu crashing due to qemu module
packages not being loaded.
qom-handle-case-of-chardev-spice-module-.patch
spice-app-avoid-crash-when-core-spice-mo.patch
++++ vim:
Updated to version 8.2.2411, fixes the following problems
* Debugging code included.
* Some test files may not be deleted.
* Not all ways Vim can be started are tested.
* Vim9: crash when using :trow in a not executed block.
* Vim9: wrong error when modifying dict declared with :final.
* Vim9: missing :endif not reported when using :windo.
* Vim9: warning for uninitialized variable. (Tony Mechelynck)
* Pascal-like filetypes not always detected.
* Vim9: "silent return" does not restore command modifiers.
* Vim9: it is not possible to extend a dictionary with different item types.
* Configure test for GTK only says "no". (Harm te Hennepe)
* Vim9: no error if using job_info() result wrongly.
* Cannot get the type of a value as a string.
* win_execute() unexpectedly returns number zero when failing.
* Expression command line completion shows variables but not functions after
"g:". (Gary Johnson)
* "char" functions return the wront column in Insert mode when the cursor
is beyond the end of the line.
* Vim9: return type of readfile() is any.
* Using inclusive index for slice is not always desired.
* No focus events in a terminal.
* Codecov reports every little coverage drop.
* Build failure without GUI.
* No check for modified files after focus gained. (Mathias Stearn)
* Vim9: cannot handle line break after parenthesis at line end.
* Using "void" for no reason.
* Vim9: error message for "throw" in function that was called with "silent!".
* If the focus lost/gained escape sequence is received twice it is not
ignored. (Christ van Willigen)
* Spartql files are not detected.
* Crash with a weird combination of autocommands.
* Stray test failure on Appveyor.
* Vim9: ":put =expr" does not handle a list properly.
* Vim9: crash when parsing function return type fails.
* Wrong #ifdef for use_xterm_like_mouse().
* Strange test failure with MS-Windows.
* Test leaves file behind.
* Vim9: no highlight for "s///gc" when using 'opfunc'.
* Vim9: check of builtin function argument type is incomplete.
* Vim9: line break in lambda accesses freed memory.
* Vim9: no check for map() changing item type at script level.
* When using ":sleep" the cursor is always displayed.
* Test failures on some less often used systems.
* Insufficient tests for setting options.
* Vim9: functions return true/false but can't be used as bool.
* Vim9: command fails in catch block.
* Vim9: crash when using types in :for with unpack.
* Confusing error message for wrong :let command.
* Vim9: list assignment only accepts a number index.
* Accessing uninitialized memory in test_undo.
* Test for RGB color skipped in the terminal.
* Vim9: crash when dividing by zero in compiled code using constants.
* Vim9: crash when using a range after another expression.
* Vim9: no error message for dividing by zero.
* Finding spell suggestions twice if 'spellsuggest' contains number.
* Vim9: occasional crash when using try/catch and a timer.
* Vim9: divide by zero does not abort expression execution.
* Build failure.
* Focus escape sequences are not named in ":set termcap" output.
* Turtle filetype not recognized.
* "gj" and "gk" do not work correctly when inside a fold.
* Vim9: crash when using ":silent! put".
* Runtime type check does not mention argument index.
* No easy way to get the maximum or mininum number value.
* Test failure on a few systems.
* Vim9: using positive offset is unexpected.
* Memory leak when creating a global function with closure.
* Fennel filetype not recognized.
* Vim9: error message when script line starts with "[{".
* Vim9: min() and max() return type is "any".
* Vim9: error for wrong type may report wrong line number.
* Vim9: no white space allowed before "->".
* Vim9: "%%" not seen as alternate file name for commands with a buffer
name argument.
* Method test fails.
* Fold test fails in wide terminal.
* Vim9: compiled functions are not profiled.
* Build fails without +profiling feature.
* Some filetypes not detected.
* Vim9: profiling if/elseif/endif not correct.
* Vim9: profiling try/catch not correct.
* Vim9: no need to allow white space before "(" for :def.
* Vim9: profiled :def function leaks memory.
* Old jumplist code is never used.
* MinGW: "--preprocessor" flag no longer supported.
* Vim9: profiling only works for one function.
* Build failure without the +profiling feature.
* Profile test fails on MS-Windows.
------------------------------------------------------------------
------------------ 2021-1-25 - Jan 25 2021 -------------------
------------------------------------------------------------------
++++ permissions:
- Update to version 20210125:
* usbauth: drop compatibility variable for libexec
* usbauth: Updated path for usbauth-npriv
* profiles: finish usage of variable for polkit-agent-helper-1
++++ kernel-default:
- Update to 5.11-rc5
- eliminated 3 patches
- patches.suse/fs-cachefs-Drop-superfluous-readpages-aops-NULL-chec.patch
- patches.suse/irq-export-irq_check_status_bit-symbol.patch
- patches.suse/x86-xen-fix-nopvspin-build-error.patch
- refresh configs
- commit 1a51baa
++++ util-linux:
- s/--enable-vendordir/--with-vendordir/
- remove pam_securetty line again. As long as there is no agreement
from pam side having it would fail openQA (boo#1033626)
++++ libgcrypt:
- Add the global config file /etc/gcrypt/random.conf
* This file can be used to globally change parameters of the random
generator with the options: only-urandom and disable-jent.
++++ libgpg-error:
- update to 1.41:
* Fixes another glitch in the "ignore" meta command.
* Fixes two typos in the German translation.
* New function gpgrt_access.
* Make "ignore" meta command work correctly in the option parser.
* Interface changes relative to the 1.39 release:
gpgrt_access NEW.
++++ ncurses:
- Add ncurses patch 20210123
+ modify package/config scripts to provide an explicit -L option for
cases when the loader search path has other directories preceding
the one in which ncurses is installed (report by Yuri Victorovich).
+ minor build-fixes in configure script and makefiles to work around
quirks of pmake.
++++ snapper:
- fixed testsuite for equal-date (gh#openSUSE/snapper#526)
++++ salt:
- Do not crash when unexpected cmd output at listing patches (bsc#1181290)
- Added:
* do-not-crash-when-unexpected-cmd-output-at-listing-p.patch
++++ python-psutil:
- update to 5.8.0:
* Enhancements:
- 1863: disk_partitions() exposes 2 extra fields: maxfile and
maxpath, which are the maximum file name and path name
length.
- 1872: [Windows] added support for PyPy 2.7.
- 1879: provide pre-compiled wheels for Linux and macOS.
- 1880: get rid of Travis and Cirrus CI services (they are no
longer free). CI testing is now done by GitHub Actions on
Linux, macOS and FreeBSD (yes). AppVeyor is still being used
for Windows CI.
* Bug fixes:
- 1708: [Linux] get rid of sensors_temperatures() duplicates.
(patch by Tim Schlueter).
- 1839: [Windows] always raise AccessDenied when failing to
query 64 processes from 32 bit ones (NtWoW64 APIs).
- 1866: [Windows] process exe(), cmdline(), environ() may raise
"invalid access to memory location" on Python 3.9.
- 1874: [Solaris] wrong swap output given when encrypted column
is present.
- 1875: [Windows] process username() may raise
ERROR_NONE_MAPPED if the SID has no corresponding account
name. In this case AccessDenied is now raised.
- 1877: [Windows] OpenProcess may fail with ERROR_SUCCESS.
Turn it into AccessDenied or NoSuchProcess depending on
whether the PID is alive.
- 1886: [macOS] EIO error may be raised on cmdline() and
environment(). Now it gets translated into AccessDenied.
- 1891: [macOS] get rid of deprecated getpagesize().
- Rebase patch and skip three other tests that fail on obs
* skip-obs.patch
++++ raspberrypi-firmware-dt:
- Update to 02dbfea28f (2021-01-22):
* Add reserved memory template to hold firmware configuration
- Drop upstream-blconfig-rmem.patch as it's now available upstream.
++++ timezone:
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
++++ toolbox:
- Update to version 2.0+git20210125.50611db:
* Document configuration files, add /usr/etc/toolboxrc
* Update README to include commands
* Update the README
* Be even more compatible with Silverblue Toolbox
* Introduce commands, for compatibility with Silverblue's toolbox
* Mount /run/media and and /tmp inside a user toolbox
* Export more env variables inside (user) toolboxes
++++ util-linux-systemd:
- s/--enable-vendordir/--with-vendordir/
- remove pam_securetty line again. As long as there is no agreement
from pam side having it would fail openQA (boo#1033626)
++++ virt-manager:
- bsc#1180897 - SLES15 SP2: VM does not boot after virt-install
installing from ISO image.
virtinst-keep-iso-for-xenpv.patch
- bsc#1181350 - [Build 20210122] openQA test fails in virt_install
on aarch64
virtman-show-no-firmware-for-xenpv.patch
------------------------------------------------------------------
------------------ 2021-1-24 - Jan 24 2021 -------------------
------------------------------------------------------------------
++++ libdrm:
- reenabled build of manual pages (switch from xsltproc to rst2man)
- update to 2.4.104:
* headers: drm: Sync with drm-next
* Remove outdated comments about stdint.h
* Remove definitions duplicated from drm_mode.h
* xf86drmMode.h use ANSI C99 arrays
* Document drmModeConnection
* man: convert to reSTructuredText
* testsuite fixes
++++ mozilla-nss:
- update to NSS 3.60.1
Notable changes in NSS 3.60:
* TLS 1.3 Encrypted Client Hello (draft-ietf-tls-esni-08) support
has been added, replacing the previous ESNI (draft-ietf-tls-esni-01)
implementation. See bmo#1654332 for more information.
* December 2020 batch of Root CA changes, builtins library updated
to version 2.46. See bmo#1678189, bmo#1678166, and bmo#1670769
for more information.
- removed obsolete ppc-old-abi-v3.patch
++++ libgudev:
- update to 234:
* Clarify that _get_sysfs_attr() functions are cached
* Add functions to get uncached sysfs attributes
++++ zeromq:
- update to 4.3.4:
* ZMQ_PRIORITY will set the SO_PRIORITY socket option on the underlying
sockets. Only supported on Linux.
* Fixed compilation errors on kFreeBSD and GNU/Hurd
* Fixed excessive amount of socket files left behind in Windows TMP
* Fixed regression that breaks using IPv6 link-local addresses on Linux
* Fixed compilation errors on Android
* Fixed compilation error with ulibc and libbsd
* Fixed stack overflow on Windows x64
* Fixed various compilation errors on Windows ARM 32bit
* Fixed various compilation warnings with XCode
* Fixed return value of zmq_ctx_get changed unintentionally
++++ pinentry:
- update to 1.1.1:
* A EFL-based pinentry has been contributed.
* Disable echoing in backspace key is pressed first
(GTK, Qt, TQt, and ncurses pinentries).
* Support line editing in TTY pinentry.
* Remove support for old GTK+2 (< 2.12.0).
* Various minor fixes.
- drop pinentry-qt-Fix-use-of-dangling-pointer.patch (upstream)
- drop pinentry-ncurses6.diff: obsolete
++++ python-PyYAML:
- update to 5.4.1 (bsc#1174514, CVE-2020-14343):
* Fix stub compat with older pyyaml versions that may unwittingly load it
* Build modernization, remove distutils, fix metadata, build wheels, CI to GHA
* Fix for CVE-2020-14343, moves arbitrary python tags to UnsafeLoader
* Fix memory leak in implicit resolver setup
* Fix py2 copy support for timezone objects
* Fix compatibility with Jython
------------------------------------------------------------------
------------------ 2021-1-23 - Jan 23 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Linux 5.10.10 (bsc#1012628).
- spi: cadence: cache reference clock rate during probe
(bsc#1012628).
- spi: fsl: Fix driver breakage when SPI_CS_HIGH is not set in
spi->mode (bsc#1012628).
- cxgb4/chtls: Fix tid stuck due to wrong update of qid
(bsc#1012628).
- net: dsa: unbind all switches from tree when DSA master unbinds
(bsc#1012628).
- mac80211: check if atf has been disabled in
__ieee80211_schedule_txq (bsc#1012628).
- mac80211: do not drop tx nulldata packets on encrypted links
(bsc#1012628).
- drm/panel: otm8009a: allow using non-continuous dsi clock
(bsc#1012628).
- can: mcp251xfd: mcp251xfd_handle_rxif_one(): fix wrong NULL
pointer check (bsc#1012628).
- net: stmmac: use __napi_schedule() for PREEMPT_RT (bsc#1012628).
- rxrpc: Fix handling of an unsupported token type in rxrpc_read()
(bsc#1012628).
- net: dsa: clear devlink port type before unregistering slave
netdevs (bsc#1012628).
- net: phy: smsc: fix clk error handling (bsc#1012628).
- dt-bindings: net: renesas,etheravb: RZ/G2H needs
tx-internal-delay-ps (bsc#1012628).
- net: avoid 32 x truesize under-estimation for tiny skbs
(bsc#1012628).
- net: stmmac: fix taprio configuration when base_time is in
the past (bsc#1012628).
- net: stmmac: fix taprio schedule configuration (bsc#1012628).
- net: sit: unregister_netdevice on newlink's error path
(bsc#1012628).
- net: stmmac: Fixed mtu channged by cache aligned (bsc#1012628).
- i40e: fix potential NULL pointer dereferencing (bsc#1012628).
- rxrpc: Call state should be read with READ_ONCE() under some
circumstances (bsc#1012628).
- net: dcb: Accept RTM_GETDCB messages carrying set-like DCB
commands (bsc#1012628).
- net: dcb: Validate netlink message in DCB handler (bsc#1012628).
- esp: avoid unneeded kmap_atomic call (bsc#1012628).
- rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM
request (bsc#1012628).
- net: mvpp2: Remove Pause and Asym_Pause support (bsc#1012628).
- mlxsw: core: Increase critical threshold for ASIC thermal zone
(bsc#1012628).
- mlxsw: core: Add validation of transceiver temperature
thresholds (bsc#1012628).
- tipc: fix NULL deref in tipc_link_xmit() (bsc#1012628).
- net: ipv6: Validate GSO SKB before finish IPv6 processing
(bsc#1012628).
- netxen_nic: fix MSI/MSI-x interrupts (bsc#1012628).
- udp: Prevent reuseport_select_sock from reading uninitialized
socks (bsc#1012628).
- net: fix use-after-free when UDP GRO with shared fraglist
(bsc#1012628).
- net: ipa: modem: add missing SET_NETDEV_DEV() for proper sysfs
links (bsc#1012628).
- bpf: Fix helper bpf_map_peek_elem_proto pointing to wrong
callback (bsc#1012628).
- bpf: Support PTR_TO_MEM{,_OR_NULL} register spilling
(bsc#1012628).
- bpf: Don't leak memory in bpf getsockopt when optlen == 0
(bsc#1012628).
- nfsd4: readdirplus shouldn't return parent of export
(bsc#1012628).
- X.509: Fix crash caused by NULL pointer (bsc#1012628).
- bpf: Fix signed_{sub,add32}_overflows type handling
(bsc#1012628).
- drm/amdgpu/display: drop DCN support for aarch64 (bsc#1012628).
- Update config files.
- x86/hyperv: Initialize clockevents after LAPIC is initialized
(bsc#1012628).
- bpf: Fix selftest compilation on clang 11 (bsc#1012628).
- Revert "kconfig: remove 'kvmconfig' and 'xenconfig' shorthands"
(bsc#1012628).
- commit 167b75d
++++ openssh:
- Add openssh-fix-ssh-copy-id.patch, which fixes breakage
introduced in 8.4p1 (bsc#1181311).
------------------------------------------------------------------
------------------ 2021-1-22 - Jan 22 2021 -------------------
------------------------------------------------------------------
++++ apparmor:
- add apache-extra-profile-include-if-exists.diff: make <apache2.d>
include in apache extra profile optional to avoid problems with empty
profile directory (boo#1178527)
++++ cockpit:
- new version 236
https://cockpit-project.org/blog/cockpit-236.html
- new version 235
https://cockpit-project.org/blog/cockpit-235.html
https://cockpit-project.org/blog/cockpit-234.html
https://cockpit-project.org/blog/cockpit-233.html
++++ cockpit-podman:
- new version 26
https://github.com/cockpit-project/cockpit-podman/releases/tag/26
++++ dmidecode:
2 recommended fixes from upstream:
- dmidecode-fix-the-condition-error-in-ascii_filter.patch:
dmidecode: Fix the condition error in ascii_filter.
- dmidecode-fix-crash-with-u-option.patch: dmidecode: Fix crash
with -u option.
++++ gettext-runtime:
- fixup libtextstyle autofoo with adding
use-acinit-for-libtextstyle.patch
++++ kernel-default:
- drm/gpu/nouveau/dispnv50: Restore pushing of all data
(boo#1181271).
- commit c3f7185
++++ libapparmor:
- add apache-extra-profile-include-if-exists.diff: make <apache2.d>
include in apache extra profile optional to avoid problems with empty
profile directory (boo#1178527)
++++ alsa:
- Yet more fixes for the crash with dmix plugin (bsc#1181194):
0045-pcm-direct-Fix-the-missing-appl_ptr-update.patch
0046-pcm-ioplug-Pass-appl_ptr-and-hw_ptr-in-snd_pcm_statu.patch
0047-pcm-null-Pass-appl_ptr-and-hw_ptr-in-snd_pcm_status.patch
0048-pcm-share-Pass-appl_ptr-and-hw_ptr-in-snd_pcm_status.patch
++++ rdma-core:
- Add srp_daemon-Fix-systemd-dependency.patch to make sure srp_daemon
is loaded at boot if enabled (bsc#1180196)
++++ lua54:
- Move tests to separate build
++++ openssl-1_1:
- Add version guards for the crypto-policies
++++ pango:
- Update to version 1.48.1:
+ Fix itemization of multi-paragraph layouts.
+ Fix a few memory leaks.
+ Fix glyph origins in vertical layout.
++++ zstd:
- Add libzstd-devel-32bit (boo#1181272)
++++ openssh:
- Improve robustness of sshd init detection when upgrading from
a pre-systemd distribution.
- Add openssh-reenable-dh-group14-sha1-default.patch, which adds
diffie-hellman-group14-sha1 key exchange back to the default
list (bsc#1180958). This is needed for backwards compatibility
with older platforms.
- Make sure sshd is enabled correctly when upgrading from a
pre-systemd distribution (bsc#1180083).
++++ salt:
- Fix behavior for "onlyif/unless" when multiple conditions (bsc#1180818)
- Added:
* fix-onlyif-unless-when-multiple-conditions-bsc-11808.patch
++++ python-setuptools:
- We cannot remove vendored packages when generating setuptools
wheel (bsc#1177127).
++++ qemu:
- Fix issue of qemu crashing (abort called) when virtio-gpu device
is asked for and the qemu-hw-display-virtio-gpu package isn't
installed. (bsc#1181103)
module-for-virtio-gpu-pre-load-module-to.patch
- Add additional inter-module package dependencies, to reflect the
current module dependencies (see qemu source file: util/module.c)
- As of v3.1.0 virt-manager, new VM's are created by default with
audio/sound enabled, so it's time to reflect the need, at least
in the spice case, by having spice-audio available when spice in
general is used (boo#1180210 boo#1181132)
- Further refine package Recommends/Suggests based on architecture
- Remove no longer needed dependency on pwdutils (boo#1181235)
++++ raspberrypi-firmware:
- Update to 051e5e1be8 (2021-01-21) (jsc#SLE-16616):
* firmware: Export bootloader config via device-tree
* firmware: ISP: Colour denoise
* firmware: platform: Define DVFS modes and change default to be fixed AVS voltage
* firmware: arm_loader: Auto-select 64-bit for kernel8.img
* firmware: hdmi: Throttle auto-i2c register writes to avoid PWM audio underrun
++++ raspberrypi-firmware-config:
- Update to 051e5e1be8 (2021-01-21) (jsc#SLE-16616):
* firmware: Export bootloader config via device-tree
* firmware: ISP: Colour denoise
* firmware: platform: Define DVFS modes and change default to be fixed AVS voltage
* firmware: arm_loader: Auto-select 64-bit for kernel8.img
* firmware: hdmi: Throttle auto-i2c register writes to avoid PWM audio underrun
++++ raspberrypi-firmware-config-camera:
- Update to 051e5e1be8 (2021-01-21) (jsc#SLE-16616):
* firmware: Export bootloader config via device-tree
* firmware: ISP: Colour denoise
* firmware: platform: Define DVFS modes and change default to be fixed AVS voltage
* firmware: arm_loader: Auto-select 64-bit for kernel8.img
* firmware: hdmi: Throttle auto-i2c register writes to avoid PWM audio underrun
++++ raspberrypi-firmware-dt:
- Introduce upstream-blconfig-rmem.patch for firmware to be able to define
firmware's configuration reserved memory (jsc#SLE-16616)
++++ shim:
- Update the SLE signature
- Exclude some patches from x86_64 to avoid breaking the signature
- Add shim-correct-license-in-headers.patch back for x86_64 to
match the SLE signature
- Add linker-version.pl to modify the EFI/PE header to match the
SLE signature
------------------------------------------------------------------
------------------ 2021-1-21 - Jan 21 2021 -------------------
------------------------------------------------------------------
++++ crypto-policies:
- Update to git version 20210118
* Output sigalgs required by nss >=3.59
* Bump Python requirement to 3.6
* Kerberos 5: Fix policy generator to account for macs
* Add AES-192 support (non-TLS scenarios)
* Add documentation of the --check option
- Fix the man pages generation
- Add crypto-policies-asciidoc.patch
- Test only supported modules
- Add crypto-policies-test_supported_modules_only.patch
++++ grub2:
- Fix rpmlint 2.0 error for having arch specific path in noarch package aiming
for compatibility with old package (bsc#1179044)
* grub2.spec
- Fix non POSIX sed argument which failed in sed from busybox (bsc#1181091)
* grub2-check-default.sh
++++ kernel-default:
- media: pwc: Fix the URB buffer allocation (bsc#1181133).
- commit a9c85b1
- media: dvb-usb: Fix use-after-free access (bsc#1181104).
- media: dvb-usb: Fix memory leak at error in
dvb_usb_device_init() (bsc#1181104).
- media: dvb-usb: Fix use-after-free access (bsc#1181104).
- media: dvb-usb: Fix memory leak at error in
dvb_usb_device_init() (bsc#1181104).
- commit 8c718c9
++++ alsa:
- Backport upstream fixes:
yet more PCM plugin fixes, topology fixes/cleanups, UAF fix in
UCM (bsc#1181194):
0004-topology-use-inclusive-language-for-bclk.patch
0005-topology-use-inclusive-language-for-fsync.patch
0006-topology-use-inclusive-language-in-documentation.patch
0034-ucm-fix-possible-memory-leak-in-parse_verb_file.patch
0035-topology-tplg_pprint_integer-fix-coverity-uninitaliz.patch
0036-topology-tplg_add_widget_object-do-not-use-invalid-e.patch
0037-topology-tplg_decode_pcm-add-missing-log-argument-co.patch
0038-topology-parse_tuple_set-remove-dead-condition-code.patch
0039-ucm-uc_mgr_substitute_tree-fix-use-after-free.patch
0040-topology-sort_config-cleanups-use-goto-for-the-error.patch
0041-conf-USB-add-Xonar-U7-MKII-to-USB-Audio.pcm.iec958_d.patch
0042-pcm_plugin-set-the-initial-hw_ptr-appl_ptr-from-the-.patch
0043-pcm-dmix-dshare-delay-calculation-fixes-and-cleanups.patch
0044-topology-fix-parse_tuple_set-remove-dead-condition-c.patch
++++ libgcrypt:
- Update to 1.9.0:
New stable branch of Libgcrypt with full API and ABI compatibility
to the 1.8 series. Release-info: https://dev.gnupg.org/T4294
* New and extended interfaces:
- New curves Ed448, X448, and SM2.
- New cipher mode EAX.
- New cipher algo SM4.
- New hash algo SM3.
- New hash algo variants SHA512/224 and SHA512/256.
- New MAC algos for Blake-2 algorithms, the new SHA512 variants,
SM3, SM4 and for a GOST variant.
- New convenience function gcry_mpi_get_ui.
- gcry_sexp_extract_param understands new format specifiers to
directly store to integers and strings.
- New function gcry_ecc_mul_point and curve constants for Curve448
and Curve25519.
- New function gcry_ecc_get_algo_keylen.
- New control code GCRYCTL_AUTO_EXPAND_SECMEM to allow growing the
secure memory area.
* Performance optimizations and bug fixes: See Release-info.
* Other features:
- Add OIDs from RFC-8410 as aliases for Ed25519 and Curve25519.
- Add mitigation against ECC timing attack CVE-2019-13627.
- Internal cleanup of the ECC implementation.
- Support reading EC point in compressed format for some curves.
- Rebase patches:
* libgcrypt-1.4.1-rijndael_no_strict_aliasing.patch
* libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff
* libgcrypt-1.6.1-use-fipscheck.patch
* drbg_test.patch
* libgcrypt-fipsdrv-enable-algo-for-dsa-sign.patch
* libgcrypt-FIPS-RSA-DSA-ECDSA-hashing-operation.patch
* libgcrypt-1.8.4-fips-keygen.patch
* libgcrypt-1.8.4-getrandom.patch
* libgcrypt-fix-tests-fipsmode.patch
* libgcrypt-global_init-constructor.patch
* libgcrypt-ecc-ecdsa-no-blinding.patch
* libgcrypt-PCT-RSA.patch
* libgcrypt-PCT-ECC.patch
- Remove patches:
* libgcrypt-unresolved-dladdr.patch
* libgcrypt-CVE-2019-12904-GCM-Prefetch.patch
* libgcrypt-CVE-2019-12904-GCM.patch
* libgcrypt-CVE-2019-12904-AES.patch
* libgcrypt-CMAC-AES-TDES-selftest.patch
* libgcrypt-1.6.1-fips-cfgrandom.patch
* libgcrypt-fips_rsa_no_enforced_mode.patch
++++ sqlite3:
- SQLite 3.34.1:
* Fix a potential use-after-free bug when processing a a subquery
with both a correlated WHERE clause and a "HAVING 0" clause and
where the parent query is an aggregate (boo#1181261)
* Fix documentation typos
* Fix minor problems in extensions
++++ shadow:
- Split login.defs configuration file into own sub-package, which
allows to install util-linux or pam on small embedded/edge
systems or container without the need to pull in the full shadow
suite.
------------------------------------------------------------------
------------------ 2021-1-20 - Jan 20 2021 -------------------
------------------------------------------------------------------
++++ elfutils:
- Enable LTO (boo#1138796) for elfutils.spec.
++++ kernel-default:
- Exclude Symbols.list again.
Removing the exclude builds vanilla/linux-next builds.
Fixes: 55877625c800 ("kernel-binary.spec.in: Package the obj_install_dir as explicit filelist.")
- commit a1728f2
- Linux 5.10.9 (bsc#1012628).
- btrfs: reloc: fix wrong file extent type check to avoid false
ENOENT (bsc#1012628).
- btrfs: prevent NULL pointer dereference in extent_io_tree_panic
(bsc#1012628).
- ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for
HP machines (bsc#1012628).
- ALSA: doc: Fix reference to mixart.rst (bsc#1012628).
- ASoC: AMD Renoir - add DMI entry for Lenovo ThinkPad X395
(bsc#1012628).
- ASoC: dapm: remove widget from dirty list on free (bsc#1012628).
- x86/hyperv: check cpu mask after interrupt has been disabled
(bsc#1012628).
- drm/amdgpu: add green_sardine device id (v2) (bsc#1012628).
- drm/amdgpu: fix DRM_INFO flood if display core is not supported
(bug 210921) (bsc#1012628).
- drm/amdgpu: add new device id for Renior (bsc#1012628).
- drm/i915: Allow the sysadmin to override security mitigations
(bsc#1012628).
- drm/i915/gt: Limit VFE threads based on GT (bsc#1012628).
- drm/i915/backlight: fix CPU mode backlight takeover on LPT
(bsc#1012628).
- drm/bridge: sii902x: Refactor init code into separate function
(bsc#1012628).
- dt-bindings: display: sii902x: Add supply bindings
(bsc#1012628).
- drm/bridge: sii902x: Enable I/O and core VCC supplies if present
(bsc#1012628).
- tracing/kprobes: Do the notrace functions check without kprobes
on ftrace (bsc#1012628).
- tools/bootconfig: Add tracing_on support to helper scripts
(bsc#1012628).
- ext4: use IS_ERR instead of IS_ERR_OR_NULL and set inode null
when IS_ERR (bsc#1012628).
- ext4: fix wrong list_splice in ext4_fc_cleanup (bsc#1012628).
- ext4: fix bug for rename with RENAME_WHITEOUT (bsc#1012628).
- cifs: check pointer before freeing (bsc#1012628).
- cifs: fix interrupted close commands (bsc#1012628).
- riscv: Drop a duplicated PAGE_KERNEL_EXEC (bsc#1012628).
- riscv: return -ENOSYS for syscall -1 (bsc#1012628).
- riscv: Fixup CONFIG_GENERIC_TIME_VSYSCALL (bsc#1012628).
- riscv: Fix KASAN memory mapping (bsc#1012628).
- mips: fix Section mismatch in reference (bsc#1012628).
- mips: lib: uncached: fix non-standard usage of variable 'sp'
(bsc#1012628).
- MIPS: boot: Fix unaligned access with
CONFIG_MIPS_RAW_APPENDED_DTB (bsc#1012628).
- MIPS: Fix malformed NT_FILE and NT_SIGINFO in 32bit coredumps
(bsc#1012628).
- MIPS: relocatable: fix possible boot hangup with KASLR enabled
(bsc#1012628).
- RDMA/ocrdma: Fix use after free in ocrdma_dealloc_ucontext_pd()
(bsc#1012628).
- ACPI: scan: Harden acpi_device_add() against device ID overflows
(bsc#1012628).
- xen/privcmd: allow fetching resource sizes (bsc#1012628).
- compiler.h: Raise minimum version of GCC to 5.1 for arm64
(bsc#1012628).
- mm/vmalloc.c: fix potential memory leak (bsc#1012628).
- mm/hugetlb: fix potential missing huge page size info
(bsc#1012628).
- mm/process_vm_access.c: include compat.h (bsc#1012628).
- dm raid: fix discard limits for raid1 (bsc#1012628).
- dm snapshot: flush merged data before committing metadata
(bsc#1012628).
- dm integrity: fix flush with external metadata device
(bsc#1012628).
- dm integrity: fix the maximum number of arguments (bsc#1012628).
- dm crypt: use GFP_ATOMIC when allocating crypto requests from
softirq (bsc#1012628).
- dm crypt: do not wait for backlogged crypto request completion
in softirq (bsc#1012628).
- dm crypt: do not call bio_endio() from the dm-crypt tasklet
(bsc#1012628).
- dm crypt: defer decryption to a tasklet if interrupts disabled
(bsc#1012628).
- stmmac: intel: change all EHL/TGL to auto detect phy addr
(bsc#1012628).
- r8152: Add Lenovo Powered USB-C Travel Hub (bsc#1012628).
- btrfs: tree-checker: check if chunk item end overflows
(bsc#1012628).
- ext4: don't leak old mountpoint samples (bsc#1012628).
- io_uring: don't take files/mm for a dead task (bsc#1012628).
- io_uring: drop mm and files after task_work_run (bsc#1012628).
- ARC: build: remove non-existing bootpImage from KBUILD_IMAGE
(bsc#1012628).
- ARC: build: add uImage.lzma to the top-level target
(bsc#1012628).
- ARC: build: add boot_targets to PHONY (bsc#1012628).
- ARC: build: move symlink creation to arch/arc/Makefile to
avoid race (bsc#1012628).
- ARM: omap2: pmic-cpcap: fix maximum voltage to be consistent
with defaults on xt875 (bsc#1012628).
- ath11k: fix crash caused by NULL rx_channel (bsc#1012628).
- netfilter: ipset: fixes possible oops in mtype_resize
(bsc#1012628).
- ath11k: qmi: try to allocate a big block of DMA memory first
(bsc#1012628).
- btrfs: fix async discard stall (bsc#1012628).
- btrfs: merge critical sections of discard lock in workfn
(bsc#1012628).
- btrfs: fix transaction leak and crash after RO remount caused
by qgroup rescan (bsc#1012628).
- regulator: bd718x7: Add enable times (bsc#1012628).
- ethernet: ucc_geth: fix definition and size of
ucc_geth_tx_global_pram (bsc#1012628).
- ARM: dts: ux500/golden: Set display max brightness
(bsc#1012628).
- habanalabs: adjust pci controller init to new firmware
(bsc#1012628).
- habanalabs/gaudi: retry loading TPC f/w on -EINTR (bsc#1012628).
- habanalabs: register to pci shutdown callback (bsc#1012628).
- staging: spmi: hisi-spmi-controller: Fix some error handling
paths (bsc#1012628).
- spi: altera: fix return value for altera_spi_txrx()
(bsc#1012628).
- habanalabs: Fix memleak in hl_device_reset (bsc#1012628).
- hwmon: (pwm-fan) Ensure that calculation doesn't discard big
period values (bsc#1012628).
- lib/raid6: Let $(UNROLL) rules work with macOS userland
(bsc#1012628).
- kconfig: remove 'kvmconfig' and 'xenconfig' shorthands
(bsc#1012628).
- spi: fix the divide by 0 error when calculating xfer waiting
time (bsc#1012628).
- io_uring: drop file refs after task cancel (bsc#1012628).
- bfq: Fix computation of shallow depth (bsc#1012628).
- arch/arc: add copy_user_page() to <asm/page.h> to fix build
error on ARC (bsc#1012628).
- misdn: dsp: select CONFIG_BITREVERSE (bsc#1012628).
- net: ethernet: fs_enet: Add missing MODULE_LICENSE
(bsc#1012628).
- selftests: fix the return value for UDP GRO test (bsc#1012628).
- nvme-pci: mark Samsung PM1725a as IGNORE_DEV_SUBNQN
(bsc#1012628).
- nvme: avoid possible double fetch in handling CQE (bsc#1012628).
- nvmet-rdma: Fix list_del corruption on queue establishment
failure (bsc#1012628).
- drm/amd/display: fix sysfs amdgpu_current_backlight_pwm NULL
pointer issue (bsc#1012628).
- drm/amdgpu: fix a GPU hang issue when remove device
(bsc#1012628).
- drm/amd/pm: fix the failure when change power profile for renoir
(bsc#1012628).
- drm/amdgpu: fix potential memory leak during navi12
deinitialization (bsc#1012628).
- usb: typec: Fix copy paste error for NVIDIA alt-mode description
(bsc#1012628).
- iommu/vt-d: Fix lockdep splat in sva bind()/unbind()
(bsc#1012628).
- ACPI: scan: add stub acpi_create_platform_device() for
!CONFIG_ACPI (bsc#1012628).
- drm/msm: Call msm_init_vram before binding the gpu
(bsc#1012628).
- ARM: picoxcell: fix missing interrupt-parent properties
(bsc#1012628).
- poll: fix performance regression due to out-of-line __put_user()
(bsc#1012628).
- rcu-tasks: Move RCU-tasks initialization to before
early_initcall() (bsc#1012628).
- bpf: Simplify task_file_seq_get_next() (bsc#1012628).
- bpf: Save correct stopping point in file seq iteration
(bsc#1012628).
- x86/sev-es: Fix SEV-ES OUT/IN immediate opcode vc handling
(bsc#1012628).
- cfg80211: select CONFIG_CRC32 (bsc#1012628).
- nvme-fc: avoid calling _nvme_fc_abort_outstanding_ios from
interrupt context (bsc#1012628).
- iommu/vt-d: Update domain geometry in iommu_ops.at(de)tach_dev
(bsc#1012628).
- net/mlx5e: CT: Use per flow counter when CT flow accounting
is enabled (bsc#1012628).
- net/mlx5: Fix passing zero to 'PTR_ERR' (bsc#1012628).
- net/mlx5: E-Switch, fix changing vf VLANID (bsc#1012628).
- blk-mq-debugfs: Add decode for BLK_MQ_F_TAG_HCTX_SHARED
(bsc#1012628).
- mm: fix clear_refs_write locking (bsc#1012628).
- mm: don't play games with pinned pages in clear_page_refs
(bsc#1012628).
- mm: don't put pinned pages into the swap cache (bsc#1012628).
- perf intel-pt: Fix 'CPU too large' error (bsc#1012628).
- dump_common_audit_data(): fix racy accesses to ->d_name
(bsc#1012628).
- ASoC: meson: axg-tdm-interface: fix loopback (bsc#1012628).
- ASoC: meson: axg-tdmin: fix axg skew offset (bsc#1012628).
- ASoC: Intel: fix error code cnl_set_dsp_D0() (bsc#1012628).
- nvmet-rdma: Fix NULL deref when setting pi_enable and traddr
INADDR_ANY (bsc#1012628).
- nvme: don't intialize hwmon for discovery controllers
(bsc#1012628).
- nvme-tcp: fix possible data corruption with bio merges
(bsc#1012628).
- nvme-tcp: Fix warning with CONFIG_DEBUG_PREEMPT (bsc#1012628).
- NFS4: Fix use-after-free in trace_event_raw_event_nfs4_set_lock
(bsc#1012628).
- pNFS: We want return-on-close to complete when evicting the
inode (bsc#1012628).
- pNFS: Mark layout for return if return-on-close was not sent
(bsc#1012628).
- pNFS: Stricter ordering of layoutget and layoutreturn
(bsc#1012628).
- NFS: Adjust fs_context error logging (bsc#1012628).
- NFS/pNFS: Don't call pnfs_free_bucket_lseg() before removing
the request (bsc#1012628).
- NFS/pNFS: Don't leak DS commits in pnfs_generic_retry_commit()
(bsc#1012628).
- NFS/pNFS: Fix a leak of the layout 'plh_outstanding' counter
(bsc#1012628).
- NFS: nfs_delegation_find_inode_server must first reference
the superblock (bsc#1012628).
- NFS: nfs_igrab_and_active must first reference the superblock
(bsc#1012628).
- scsi: ufs: Fix possible power drain during system suspend
(bsc#1012628).
- ext4: fix superblock checksum failure when setting password salt
(bsc#1012628).
- RDMA/restrack: Don't treat as an error allocation ID wrapping
(bsc#1012628).
- RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp
(bsc#1012628).
- bnxt_en: Improve stats context resource accounting with RDMA
driver loaded (bsc#1012628).
- RDMA/mlx5: Fix wrong free of blue flame register on error
(bsc#1012628).
- IB/mlx5: Fix error unwinding when set_has_smi_cap fails
(bsc#1012628).
- umount(2): move the flag validity checks first (bsc#1012628).
- dm zoned: select CONFIG_CRC32 (bsc#1012628).
- drm/i915/dsi: Use unconditional msleep for the panel_on_delay
when there is no reset-deassert MIPI-sequence (bsc#1012628).
- drm/i915/icl: Fix initing the DSI DSC power refcount during
HW readout (bsc#1012628).
- drm/i915/gt: Restore clear-residual mitigations for Ivybridge,
Baytrail (bsc#1012628).
- mm, slub: consider rest of partial list if acquire_slab()
fails (bsc#1012628).
- riscv: Trace irq on only interrupt is enabled (bsc#1012628).
- iommu/vt-d: Fix unaligned addresses for
intel_flush_svm_range_dev() (bsc#1012628).
- net: sunrpc: interpret the return value of kstrtou32 correctly
(bsc#1012628).
- selftests: netfilter: Pass family parameter "-f" to conntrack
tool (bsc#1012628).
- dm: eliminate potential source of excessive kernel log noise
(bsc#1012628).
- ALSA: fireface: Fix integer overflow in transmit_midi_msg()
(bsc#1012628).
- ALSA: firewire-tascam: Fix integer overflow in midi_port_work()
(bsc#1012628).
- netfilter: conntrack: fix reading nf_conntrack_buckets
(bsc#1012628).
- netfilter: nf_nat: Fix memleak in nf_nat_init (bsc#1012628).
- Update config files.
- commit b7732a5
++++ libfido2:
- Update to version 1.6.0:
* Fix OpenSSL 1.0 and Cygwin builds.
* hid_linux: fix build on 32-bit systems.
* hid_osx: allow reads from spawned threads.
* Documentation and reliability fixes.
* New API calls:
+ fido_cred_authdata_raw_len;
+ fido_cred_authdata_raw_ptr;
+ fido_cred_sigcount;
+ fido_dev_get_uv_retry_count;
+ fido_dev_supports_credman.
* Hardened Windows build.
* Native FreeBSD and NetBSD support.
* Use CTAP2 canonical CBOR when combining hmac-secret and credProtect.
- Drop 7a17a4e9127fb6df6278f19396760e7d60a5862c.patch
- Do not build examples as their build fails
++++ ncurses:
- Don't skip test for qemu builds
++++ openssl-1_1:
- Disable test_srp subsection from 90-test_sslapi.t test
- Use SECLEVEL 2 in 80-test_ssl_new.t
- Add patches:
* openssl-1_1-use-seclevel2-in-tests.patch
* openssl-1_1-disable-test_srp-sslapi.patch
++++ libxkbcommon:
- Fix dependency of libxkbregistry-devel: the devel package must
require the library libxkbregistry0.
++++ sysuser-tools:
- Ignore nscd return code
++++ toolbox:
- Add a group tag for SLE Micro
- Mark toolboxrc as %config and add it is Source
------------------------------------------------------------------
------------------ 2021-1-19 - Jan 19 2021 -------------------
------------------------------------------------------------------
++++ ansible:
- update to version 2.9.17 with minor changes and a few bug fixes
++++ dnsmasq:
- Update to 2.83:
* bsc#1177077: Fixed DNSpooq vulnerabilities
* Use the values of --min-port and --max-port in outgoing
TCP connections to upstream DNS servers.
* Fix a remote buffer overflow problem in the DNSSEC code.
Any dnsmasq with DNSSEC compiled in and enabled is vulnerable
to this, referenced by CVE-2020-25681, CVE-2020-25682,
CVE-2020-25683 CVE-2020-25687.
* Be sure to only accept UDP DNS query replies at the address
from which the query was originated. This keeps as much
entropy in the {query-ID, random-port} tuple as possible, to
help defeat cache poisoning attacks. Refer: CVE-2020-25684.
* Use the SHA-256 hash function to verify that DNS answers
received are for the questions originally asked. This replaces
the slightly insecure SHA-1 (when compiled with DNSSEC) or
the very insecure CRC32 (otherwise). Refer: CVE-2020-25685
* Handle multiple identical near simultaneous DNS queries better.
Previously, such queries would all be forwarded independently.
This is, in theory, inefficent but in practise not a problem,
_except_ that is means that an answer for any of the forwarded
queries will be accepted and cached.
An attacker can send a query multiple times, and for each
repeat, another {port, ID} becomes capable of accepting the
answer he is sending in the blind, to random IDs and ports.
The chance of a succesful attack is therefore multiplied by the
number of repeats of the query. The new behaviour detects
repeated queries and merely stores the clients sending repeats
so that when the first query completes, the answer can be sent
to all the clients who asked. Refer: CVE-2020-25686.
++++ glibc:
- Remove support for %optimize_power
- Move to power4 baseline on ppc
++++ libsolv:
- repo_write: fix handling of nested flexarray
- improve choicerule generation a bit more to cover more cases
- harden testcase parser against repos being added too late
- support python-3.10
- check %_dbpath macro in rpmdb code
- handle default/visible/langonly attributes in comps parser
- support multiple collections in updateinfo parser
- add '-D' option in rpmdb2solv to set the dbpath
- bump version to 0.7.17
++++ libunwind:
- update to 1.5.0:
* dwarf: clang doesn't respect the static alias
* Fixed a missing dependency in dwarf-eh.h
* x86_64: Fix tdep_init_done when built with libatomic_ops
* mips: make _step_n64 as a static function
* Added braces to suppress empty if/else warnings
* Delete hardcode of address size to support MIPS64.
* Fix format specifier for int64_t:29
* Add initial support for Solaris x86-64
* x86_64: Add fixup code if previous RIP was invalid
* x86-64: make `is_cached_valid_mem` functional
* arm: clear ip thumb/arm mode bit before move to previous instruction
* Fix compilation with -fno-common.
* Fix off-by-one error in x86_64 stack frames
* aarch64: Fix __sigset build issue on muslC
* Make SHF_COMPRESSED use contingent on its existence
- remove libunwind_U_dyn_info_list.patch (upstream)
++++ libvirt:
- Update to libvirt 7.0.0
- jsc#SLE-15860
- Many incremental improvements and bug fixes, see
https://libvirt.org/news.html
- Dropped patches:
0d05d51b-apparmor-lxc-fix.patch,
cf4e7e62-lxc-def-secmodel.patch,
0ddebdb4-qemu-snapshot-deletion.patch
++++ python-libvirt-python:
- Update to 7.0.0
- Add all new APIs and constants in libvirt 7.0.0
- jsc#SLE-15860
++++ sysuser-tools:
- If systemd-sysusers is used to create a new user/group, invalidate
the nscd passwd and group cache to make the new user/group
visible immediately as workaround [bsc#1181121].
Needs to be removed after sytemd-sysusers get's fixed, since we
invalidate the cache even if the user/group file wasn't changed.
++++ toolbox:
- Update to version 1.0+git20210119.b5acdcf:
* Dynamically set REGISTRY and IMAGE (#11)
++++ u-boot-rpiarm64:
Fix USB in RPi4 and RPi400 (jsc@OPENSUSE-13 bsc#1180336)
Patch queue updated from git://github.com/openSUSE/u-boot.git tumbleweed-2020.10
* Patches added:
0030-usb-xhci-pci-Add-DM_FLAG_OS_PREPARE.patch
0031-pci-brcmstb-Cleanup-controller-stat.patch
------------------------------------------------------------------
------------------ 2021-1-18 - Jan 18 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- update patch metadata
- update upstream reference:
patches.suse/iwlwifi-dbg-Don-t-touch-the-tlv-data.patch
- commit e7f6170
- x86/xen: fix 'nopvspin' build error.
(fix x86_64/debug and i586/debug builds)
- commit 813e08e
- Update to 5.11-rc4
- update configs
- KPROBE_EVENTS_ON_NOTRACE=n (new on arm*, ppc64)
- commit 41414a9
++++ openldap2:
- updated to 2.4.57
OpenLDAP 2.4.57 Release (2021/01/18)
Fixed ldapexop to use correct return code (ITS#9417)
Fixed slapd to remove asserts in UUIDNormalize (ITS#9391)
Fixed slapd to remove assert in csnValidate (ITS#9410)
Fixed slapd validity checks for issuerAndThisUpdateCheck (ITS#9411, ITS#9427)
Fixed slapd validity checks for serialNumberAndIssuerCheck (ITS#9404, ITS#9424)
Fixed slapd AVA sort with invalid RDN (ITS#9412)
Fixed slapd ldap_X509dn2bv to check for invalid BER after RDN count (ITS#9423, ITS#9425)
Fixed slapd saslauthz to remove asserts in validation (ITS#9406, ITS#9407)
Fixed slapd saslauthz to use slap_sl_free on normalized DN (ITS#9409)
Fixed slapd saslauthz SEGV in slap_parse_user (ITS#9413)
Fixed slapd modrdn memory leak (ITS#9420)
Fixed slapd double-free in vrfilter (ITS#9408)
Fixed slapd cancel operation to correctly terminate (ITS#9428)
Fixed slapd-ldap fix binds on retry with closed connection (ITS#9400)
Fixed slapo-syncprov to ignore duplicate sessionlog entries (ITS#9394)
++++ ncurses:
- Add ncurses patch 20210116
+ add comment for linux2.6 regarding CONFIG_CONSOLE_TRANSLATIONS
(report by Patrick McDermott) -TD
+ make opts extension for getcchar work as documented for ncurses 6.1,
adding "-g" flag to test/demo_new_pair to illustrate.
++++ openssh:
- sysusers-sshd.conf: use sysusers.d configuration file to create
sshd user (avoid hard dependency on shadow).
- update to 8.4p1:
Security
========
* ssh-agent(1): restrict ssh-agent from signing web challenges for
FIDO/U2F keys.
* ssh-keygen(1): Enable FIDO 2.1 credProtect extension when generating
a FIDO resident key.
* ssh(1), ssh-keygen(1): support for FIDO keys that require a PIN for
each use. These keys may be generated using ssh-keygen using a new
"verify-required" option. When a PIN-required key is used, the user
will be prompted for a PIN to complete the signature operation.
New Features
- -----------
* sshd(8): authorized_keys now supports a new "verify-required"
option to require FIDO signatures assert that the token verified
that the user was present before making the signature. The FIDO
protocol supports multiple methods for user-verification, but
currently OpenSSH only supports PIN verification.
* sshd(8), ssh-keygen(1): add support for verifying FIDO webauthn
signatures. Webauthn is a standard for using FIDO keys in web
browsers. These signatures are a slightly different format to plain
FIDO signatures and thus require explicit support.
* ssh(1): allow some keywords to expand shell-style ${ENV}
environment variables. The supported keywords are CertificateFile,
ControlPath, IdentityAgent and IdentityFile, plus LocalForward and
RemoteForward when used for Unix domain socket paths. bz#3140
* ssh(1), ssh-agent(1): allow some additional control over the use of
ssh-askpass via a new $SSH_ASKPASS_REQUIRE environment variable,
including forcibly enabling and disabling its use. bz#69
* ssh(1): allow ssh_config(5)'s AddKeysToAgent keyword accept a time
limit for keys in addition to its current flag options. Time-
limited keys will automatically be removed from ssh-agent after
their expiry time has passed.
* scp(1), sftp(1): allow the -A flag to explicitly enable agent
forwarding in scp and sftp. The default remains to not forward an
agent, even when ssh_config enables it.
* ssh(1): add a '%k' TOKEN that expands to the effective HostKey of
the destination. This allows, e.g., keeping host keys in individual
files using "UserKnownHostsFile ~/.ssh/known_hosts.d/%k". bz#1654
* ssh(1): add %-TOKEN, environment variable and tilde expansion to
the UserKnownHostsFile directive, allowing the path to be
completed by the configuration (e.g. bz#1654)
* ssh-keygen(1): allow "ssh-add -d -" to read keys to be deleted
from stdin. bz#3180
* sshd(8): improve logging for MaxStartups connection throttling.
sshd will now log when it starts and stops throttling and periodically
while in this state. bz#3055
Bugfixes
- -------
* ssh(1), ssh-keygen(1): better support for multiple attached FIDO
tokens. In cases where OpenSSH cannot unambiguously determine which
token to direct a request to, the user is now required to select a
token by touching it. In cases of operations that require a PIN to
be verified, this avoids sending the wrong PIN to the wrong token
and incrementing the token's PIN failure counter (tokens
effectively erase their keys after too many PIN failures).
* sshd(8): fix Include before Match in sshd_config; bz#3122
* ssh(1): close stdin/out/error when forking after authentication
completes ("ssh -f ...") bz#3137
* ssh(1), sshd(8): limit the amount of channel input data buffered,
avoiding peers that advertise large windows but are slow to read
from causing high memory consumption.
* ssh-agent(1): handle multiple requests sent in a single write() to
the agent.
* sshd(8): allow sshd_config longer than 256k
* sshd(8): avoid spurious "Unable to load host key" message when sshd
load a private key but no public counterpart
* ssh(1): prefer the default hostkey algorithm list whenever we have
a hostkey that matches its best-preference algorithm.
* sshd(1): when ordering the hostkey algorithms to request from a
server, prefer certificate types if the known_hosts files contain a key
marked as a @cert-authority; bz#3157
* ssh(1): perform host key fingerprint comparisons for the "Are you
sure you want to continue connecting (yes/no/[fingerprint])?"
prompt with case sensitivity.
* sshd(8): ensure that address/masklen mismatches in sshd_config
yield fatal errors at daemon start time rather than later when
they are evaluated.
* ssh-keygen(1): ensure that certificate extensions are lexically
sorted. Previously if the user specified a custom extension then
the everything would be in order except the custom ones. bz#3198
* ssh(1): also compare username when checking for JumpHost loops.
bz#3057
* ssh-keygen(1): preserve group/world read permission on known_hosts
files across runs of "ssh-keygen -Rf /path". The old behaviour was
to remove all rights for group/other. bz#3146
* ssh-keygen(1): Mention the [-a rounds] flag in the ssh-keygen
manual page and usage().
* sshd(8): explicitly construct path to ~/.ssh/rc rather than
relying on it being relative to the current directory, so that it
can still be found if the shell startup changes its directory.
bz#3185
* sshd(8): when redirecting sshd's log output to a file, undo this
redirection after the session child process is forked(). Fixes
missing log messages when using this feature under some
circumstances.
* sshd(8): start ClientAliveInterval bookkeeping before first pass
through select() loop; fixed theoretical case where busy sshd may
ignore timeouts from client.
* ssh(1): only reset the ServerAliveInterval check when we receive
traffic from the server and ignore traffic from a port forwarding
client, preventing a client from keeping a connection alive when
it should be terminated. bz#2265
* ssh-keygen(1): avoid spurious error message when ssh-keygen
creates files outside ~/.ssh
* sftp-client(1): fix off-by-one error that caused sftp downloads to
make one more concurrent request that desired. This prevented using
sftp(1) in unpipelined request/response mode, which is useful when
debugging. bz#3054
* ssh(1), sshd(8): handle EINTR in waitfd() and timeout_connect()
helpers. bz#3071
* ssh(1), ssh-keygen(1): defer creation of ~/.ssh until we attempt to
write to it so we don't leave an empty .ssh directory when it's not
needed. bz#3156
* ssh(1), sshd(8): fix multiplier when parsing time specifications
when handling seconds after other units. bz#3171
++++ qemu:
- Fix qemu-testsuite issue where white space processing gets
handled differently under bash 5.1 (boo#1181054)
iotests-Fix-_send_qemu_cmd-with-bash-5.1.patch
++++ u-boot-rpiarm64:
Patch queue updated from git://github.com/openSUSE/u-boot.git tumbleweed-2020.10
* Patches added:
0029-Revert-Fix-data-abort-caused-by-mis.patch - boo#1180728
------------------------------------------------------------------
------------------ 2021-1-17 - Jan 17 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Linux 5.10.8 (bsc#1012628).
- powerpc/32s: Fix RTAS machine check with VMAP stack
(bsc#1012628).
- io_uring: synchronise IOPOLL on task_submit fail (bsc#1012628).
- io_uring: limit {io|sq}poll submit locking scope (bsc#1012628).
- io_uring: patch up IOPOLL overflow_flush sync (bsc#1012628).
- iommu/arm-smmu-qcom: Initialize SCTLR of the bypass context
(bsc#1012628).
- io_uring: Fix return value from alloc_fixed_file_ref_node
(bsc#1012628).
- btrfs: skip unnecessary searches for xattrs when logging an
inode (bsc#1012628).
- btrfs: fix deadlock when cloning inline extent and low on free
metadata space (bsc#1012628).
- btrfs: shrink delalloc pages instead of full inodes
(bsc#1012628).
- net: cdc_ncm: correct overhead in delayed_ndp_size
(bsc#1012628).
- net: hns3: fix incorrect handling of sctp6 rss tuple
(bsc#1012628).
- net: hns3: fix the number of queues actually used by ARQ
(bsc#1012628).
- net: hns3: fix a phy loopback fail issue (bsc#1012628).
- net: stmmac: dwmac-sun8i: Fix probe error handling
(bsc#1012628).
- net: stmmac: dwmac-sun8i: Balance internal PHY resource
references (bsc#1012628).
- net: stmmac: dwmac-sun8i: Balance internal PHY power
(bsc#1012628).
- net: stmmac: dwmac-sun8i: Balance syscon (de)initialization
(bsc#1012628).
- net: vlan: avoid leaks on register_vlan_dev() failures
(bsc#1012628).
- net/sonic: Fix some resource leaks in error handling paths
(bsc#1012628).
- net: bareudp: add missing error handling for
bareudp_link_config() (bsc#1012628).
- ptp: ptp_ines: prevent build when HAS_IOMEM is not set
(bsc#1012628).
- net: ipv6: fib: flush exceptions when purging route
(bsc#1012628).
- tools: selftests: add test for changing routes with PTMU
exceptions (bsc#1012628).
- net: fix pmtu check in nopmtudisc mode (bsc#1012628).
- net: ip: always refragment ip defragmented packets
(bsc#1012628).
- chtls: Fix hardware tid leak (bsc#1012628).
- chtls: Remove invalid set_tcb call (bsc#1012628).
- chtls: Fix panic when route to peer not configured
(bsc#1012628).
- chtls: Avoid unnecessary freeing of oreq pointer (bsc#1012628).
- chtls: Replace skb_dequeue with skb_peek (bsc#1012628).
- chtls: Added a check to avoid NULL pointer dereference
(bsc#1012628).
- chtls: Fix chtls resources release sequence (bsc#1012628).
- octeontx2-af: fix memory leak of lmac and lmac->name
(bsc#1012628).
- nexthop: Fix off-by-one error in error path (bsc#1012628).
- nexthop: Unlink nexthop group entry in error path (bsc#1012628).
- nexthop: Bounce NHA_GATEWAY in FDB nexthop groups (bsc#1012628).
- s390/qeth: fix deadlock during recovery (bsc#1012628).
- s390/qeth: fix locking for discipline setup / removal
(bsc#1012628).
- s390/qeth: fix L2 header access in qeth_l3_osa_features_check()
(bsc#1012628).
- net: dsa: lantiq_gswip: Exclude RMII from modes that report
1 GbE (bsc#1012628).
- net/mlx5: Use port_num 1 instead of 0 when delete a RoCE address
(bsc#1012628).
- net/mlx5e: ethtool, Fix restriction of autoneg with 56G
(bsc#1012628).
- net/mlx5e: In skb build skip setting mark in switchdev mode
(bsc#1012628).
- net/mlx5: Check if lag is supported before creating one
(bsc#1012628).
- ionic: start queues before announcing link up (bsc#1012628).
- HID: wacom: Fix memory leakage caused by kfifo_alloc
(bsc#1012628).
- fanotify: Fix sys_fanotify_mark() on native x86-32
(bsc#1012628).
- ARM: OMAP2+: omap_device: fix idling of devices during probe
(bsc#1012628).
- i2c: sprd: use a specific timeout to avoid system hang up issue
(bsc#1012628).
- dmaengine: dw-edma: Fix use after free in dw_edma_alloc_chunk()
(bsc#1012628).
- selftests/bpf: Clarify build error if no vmlinux (bsc#1012628).
- can: tcan4x5x: fix bittiming const, use common bittiming from
m_can driver (bsc#1012628).
- can: m_can: m_can_class_unregister(): remove erroneous
m_can_clk_stop() (bsc#1012628).
- can: kvaser_pciefd: select CONFIG_CRC32 (bsc#1012628).
- spi: spi-geni-qcom: Fail new xfers if xfer/cancel/abort pending
(bsc#1012628).
- cpufreq: powernow-k8: pass policy rather than use
cpufreq_cpu_get() (bsc#1012628).
- spi: spi-geni-qcom: Fix geni_spi_isr() NULL dereference in
timeout case (bsc#1012628).
- spi: stm32: FIFO threshold level - fix align packet size
(bsc#1012628).
- i2c: i801: Fix the i2c-mux gpiod_lookup_table not being properly
terminated (bsc#1012628).
- i2c: mediatek: Fix apdma and i2c hand-shake timeout
(bsc#1012628).
- bcache: set bcache device into read-only mode for
BCH_FEATURE_INCOMPAT_OBSO_LARGE_BUCKET (bsc#1012628).
- interconnect: imx: Add a missing of_node_put after
of_device_is_available (bsc#1012628).
- interconnect: qcom: fix rpmh link failures (bsc#1012628).
- dmaengine: mediatek: mtk-hsdma: Fix a resource leak in the
error handling path of the probe function (bsc#1012628).
- dmaengine: milbeaut-xdmac: Fix a resource leak in the error
handling path of the probe function (bsc#1012628).
- dmaengine: xilinx_dma: check dma_async_device_register return
value (bsc#1012628).
- dmaengine: xilinx_dma: fix incompatible param warning in
_child_probe() (bsc#1012628).
- dmaengine: xilinx_dma: fix mixed_enum_type coverity warning
(bsc#1012628).
- arm64: mm: Fix ARCH_LOW_ADDRESS_LIMIT when !CONFIG_ZONE_DMA
(bsc#1012628).
- qed: select CONFIG_CRC32 (bsc#1012628).
- phy: dp83640: select CONFIG_CRC32 (bsc#1012628).
- wil6210: select CONFIG_CRC32 (bsc#1012628).
- block: rsxx: select CONFIG_CRC32 (bsc#1012628).
- lightnvm: select CONFIG_CRC32 (bsc#1012628).
- zonefs: select CONFIG_CRC32 (bsc#1012628).
- iommu/vt-d: Fix misuse of ALIGN in qi_flush_piotlb()
(bsc#1012628).
- iommu/intel: Fix memleak in intel_irq_remapping_alloc
(bsc#1012628).
- bpftool: Fix compilation failure for net.o with older glibc
(bsc#1012628).
- nvme-tcp: Fix possible race of io_work and direct send
(bsc#1012628).
- net/mlx5e: Fix memleak in mlx5e_create_l2_table_groups
(bsc#1012628).
- net/mlx5e: Fix two double free cases (bsc#1012628).
- regmap: debugfs: Fix a memory leak when calling
regmap_attach_dev (bsc#1012628).
- wan: ds26522: select CONFIG_BITREVERSE (bsc#1012628).
- arm64: cpufeature: remove non-exist CONFIG_KVM_ARM_HOST
(bsc#1012628).
- regulator: qcom-rpmh-regulator: correct hfsmps515 definition
(bsc#1012628).
- net: mvpp2: disable force link UP during port init procedure
(bsc#1012628).
- drm/i915/dp: Track pm_qos per connector (bsc#1012628).
- net: mvneta: fix error message when MTU too large for XDP
(bsc#1012628).
- selftests: fib_nexthops: Fix wrong mausezahn invocation
(bsc#1012628).
- KVM: arm64: Don't access PMCR_EL0 when no PMU is available
(bsc#1012628).
- xsk: Fix race in SKB mode transmit with shared cq (bsc#1012628).
- xsk: Rollback reservation at NETDEV_TX_BUSY (bsc#1012628).
- block/rnbd-clt: avoid module unload race with close confirmation
(bsc#1012628).
- can: isotp: isotp_getname(): fix kernel information leak
(bsc#1012628).
- block: fix use-after-free in disk_part_iter_next (bsc#1012628).
- net: drop bogus skb with CHECKSUM_PARTIAL and offset beyond
end of trimmed packet (bsc#1012628).
- regmap: debugfs: Fix a reversed if statement in
regmap_debugfs_init() (bsc#1012628).
- tools headers UAPI: Sync linux/fscrypt.h with the kernel sources
(bsc#1012628).
- Update config files.
- commit 8611168
++++ at-spi2-core:
- Update to version 2.39.1:
+ Don't use gdbus-broker if not running under systemd.
+ Unref bus at the end of cleanup.
+ Fix XML interfaces.
+ Use unix sockets instead of abstract sockets.
+ Added a device API to replace the old API for capturing key
grabs. This is needed for toolkits that do not report
keystrokes to atk, such as gtk 4.
++++ p11-kit:
- update to 0.23.22 (bsc#1180064, bsc#1180065, bsc#1180066, jsc#SLE-18495):
* Fix memory-safety issues that affect the RPC protocol
(CVE-2020-29361, CVE-2020-29362, and CVE-2020-29363), discovered
and fixed by David Cook
* anchor: Prefer persistent format when storing anchor [PR#329]
* common: Fix infloop in p11_path_build [PR#326, PR#327]
* proxy: C_CloseAllSessions: Make sure that calloc args are non-zero [PR#325]
* common: Check for a NULL locale before freeing it [PR#321]
* proxy: Do not assign duplicate slot IDs [PR#282]
* common: Get program name based on executable path if possible [PR#307]
* anchor: Exit with non-zero code, if any error occurs [PR#304]
* Build and test fixes
++++ libusb-1_0:
- Add 0001-fix-descriptor-parsing.patch to fix detection of some devices.
++++ sysuser-tools:
- An "u" in a sysusers.d file will create an user and a group.
Create provides for both, user and group.
------------------------------------------------------------------
------------------ 2021-1-16 - Jan 16 2021 -------------------
------------------------------------------------------------------
++++ gstreamer:
- Update to version 1.18.3:
+ Highlighted bugfixes:
- Fix ogg playback regression for ogg files that also have ID3
or APE tags
- compositor: fix artefacts and invalid memory access when
blending subsampled formats
- Exported mini object ref/unref/copy functions for use in
bindings such as gstreamer-sharp
- Add support for Apple silicon (M1) to cerbero package builder
- Ship RIST plugin in binary packages
- Various stability, performance and reliability improvements
- Memory leak fixes
- Build fixes
+ gstreamer:
- gst: Add non-inline ref/unref/copy/replace methods for
various mini objects (buffer, bufferlist, caps, context,
event, memory, message, promise, query, sample, taglist, uri)
for use in bindings such as gstreamer-sharp.
- harness: don't use GST_DEBUG_OBJECT with GstHarness which is
not a GObject.
++++ gstreamer-plugins-base:
- Update to version 1.18.3:
+ audiorate: Make buffer writable before changing its metadata
+ compositor: fix blending of subsampled components
+ decodebin3:
- When reconfiguring a slot make sure that the ghostpad is
unlinked
- Release selection lock when pushing EOS
+ encodebasebin: Ensure that parsers are compatible with selected
encoders
+ tagdemux: resize and trim buffer in place to fix interaction
with oggdemux
+ videoaggregator: Pop out old buffers on timeout
+ video-blend: fix blending 8-bit and 16-bit frames together
+ appsrc: fix signal documentation
+ gl: document some GL caps specifics
+ libvisual: workaround clang compiler warning
++++ util-linux:
- Update to version 2.36.1:
* chrt: use SCHED_FLAG_RESET_ON_FORK for sched_setattr()
* fallocate: fix --dig-holes at end of files
* fdisk: always report fdisk_create_disklabel() errors
* flock: keep -E exit status more restrictive
* fstrim: remove fstab condition from fstrim.timer
* hexdump: automatically use -C when called as hd
* hwclock: add fallback if SYS_settimeofday does not exist, fix
SYS_settimeofday fallback
* libblkid: allow a lot of mac partitions, fix Atari prober logic,
limit amount of parsed partitions
* more libfdisk improvements
* losetup: avoid infinite busy loop, increase limit of setup
attempts
* lsblk: fix -T optional argument, fix SCSI_IDENT_SERIAL, print
zero rather than empty SIZE, read ID_SCSI_IDENT_SERIAL if
available
* lscpu: Add FUJITSU aarch64 A64FX cpupart, Even more Arm part
numbers, avoid segfault on PowerPC systems with valid hardware
configurations (bsc#1175623)
* mount: Add support for "nosymfollow" mount option.
* pg: fix wcstombs()
* sfdisk: correct --json --dump false exclusive, fix backward
- -move-data
* vipw: fix short write handling in copyfile
* whereis: fix out of boundary read, support zst compressed man
pages
* minor code improvements and fixes
* minor licensing changes
* improve docs
- Require both group(uuidd) and user(uuidd).
++++ orc:
- Update to version 0.4.32:
+ Add support for JIT code generation in Universal Windows
Platform apps.
+ Minor Meson build system fixes and improvements.
++++ util-linux-systemd:
- Update to version 2.36.1:
* chrt: use SCHED_FLAG_RESET_ON_FORK for sched_setattr()
* fallocate: fix --dig-holes at end of files
* fdisk: always report fdisk_create_disklabel() errors
* flock: keep -E exit status more restrictive
* fstrim: remove fstab condition from fstrim.timer
* hexdump: automatically use -C when called as hd
* hwclock: add fallback if SYS_settimeofday does not exist, fix
SYS_settimeofday fallback
* libblkid: allow a lot of mac partitions, fix Atari prober logic,
limit amount of parsed partitions
* more libfdisk improvements
* losetup: avoid infinite busy loop, increase limit of setup
attempts
* lsblk: fix -T optional argument, fix SCSI_IDENT_SERIAL, print
zero rather than empty SIZE, read ID_SCSI_IDENT_SERIAL if
available
* lscpu: Add FUJITSU aarch64 A64FX cpupart, Even more Arm part
numbers, avoid segfault on PowerPC systems with valid hardware
configurations (bsc#1175623)
* mount: Add support for "nosymfollow" mount option.
* pg: fix wcstombs()
* sfdisk: correct --json --dump false exclusive, fix backward
- -move-data
* vipw: fix short write handling in copyfile
* whereis: fix out of boundary read, support zst compressed man
pages
* minor code improvements and fixes
* minor licensing changes
* improve docs
- Require both group(uuidd) and user(uuidd).
------------------------------------------------------------------
------------------ 2021-1-15 - Jan 15 2021 -------------------
------------------------------------------------------------------
++++ dosfstools:
- Update to version 4.1+git.1610658652.9443732 (bsc#1172863):
* testsuite: Add mkfs test for 600MB large 4K disk
* mkfs.fat: Do not show verbose messages not relevant to selected FAT size
* mkfs.fat: Fix text of verbose messages
* mkfs.fat: Fix limits for number of clusters
* mkfs.fat: Fix calculation of FAT32 cluster size on non 512 bytes sector disks
* mkfs.fat: Fix printing number of sectors
* mkfs.fat: Align total number of sectors to be multiple of sectors per track
* testsuite: Add referenceFAT32mbr test data to dist_check_DATA
* manpages: Escape dot in fsck.fat manpage at the beginning of the line
* fsck.fat: properly check for valid "." and ".." entries
++++ iptables:
- Update to release 1.8.7
* iptables-nft:
* Improved performance when matching on IP/MAC address prefixes
if the prefix is byte-aligned. In ideal cases, this doubles
packet processing performance.
* Dump user-defined chains in lexical order. This way ruleset
dumps become stable and easily comparable.
* Avoid pointless table/chain creation. For instance,
`iptables-nft -L` no longer creates missing base-chains.
++++ fuse3:
- prepare usrmerge (boo#1029961)
++++ libnftnl:
- Update to release 1.1.9
* Improve formatting of registers in bitwise dumps.
++++ raspberrypi-firmware:
- Update to c78f3ef4 (2021-01-15):
* firmware: isp: Fix handling of different YUV colour spaces
* firmware: poe_hat: Actually close the I2C handle
* Firmware: undo previous reverts
* firmware: Revert firmware: HAT/I2C updates
* firmware: firmware: MMAL/IL: Add support for the 16bpp Bayer/Grey raw 10/12/14 formats
* firmware: audioplus: Fix hang when switching destination
See: #1516
* firmware: HAT/I2C updates
* firmware: MMAL/IL: Add support for the 16bpp Bayer/Grey raw 10/12/14 format
* firmware: dmalib: Keep 40-bit DMA clear of L2 alias
* firmware: DSI interrupt fixes, and HDMI SM clock for deep colour
++++ raspberrypi-firmware-config:
- Update to c78f3ef4 (2021-01-15):
* firmware: isp: Fix handling of different YUV colour spaces
* firmware: poe_hat: Actually close the I2C handle
* Firmware: undo previous reverts
* firmware: Revert firmware: HAT/I2C updates
* firmware: firmware: MMAL/IL: Add support for the 16bpp Bayer/Grey raw 10/12/14 formats
* firmware: audioplus: Fix hang when switching destination
See: #1516
* firmware: HAT/I2C updates
* firmware: MMAL/IL: Add support for the 16bpp Bayer/Grey raw 10/12/14 format
* firmware: dmalib: Keep 40-bit DMA clear of L2 alias
* firmware: DSI interrupt fixes, and HDMI SM clock for deep colour
++++ raspberrypi-firmware-config-camera:
- Update to c78f3ef4 (2021-01-15):
* firmware: isp: Fix handling of different YUV colour spaces
* firmware: poe_hat: Actually close the I2C handle
* Firmware: undo previous reverts
* firmware: Revert firmware: HAT/I2C updates
* firmware: firmware: MMAL/IL: Add support for the 16bpp Bayer/Grey raw 10/12/14 formats
* firmware: audioplus: Fix hang when switching destination
See: #1516
* firmware: HAT/I2C updates
* firmware: MMAL/IL: Add support for the 16bpp Bayer/Grey raw 10/12/14 format
* firmware: dmalib: Keep 40-bit DMA clear of L2 alias
* firmware: DSI interrupt fixes, and HDMI SM clock for deep colour
++++ vim:
- remove forcing /usr/bin/vi -> vim symlink. Previous line linked to
/etc/alternatives already.
------------------------------------------------------------------
------------------ 2021-1-14 - Jan 14 2021 -------------------
------------------------------------------------------------------
++++ Mesa:
- update to 20.3.3
* third bugfix release for the 20.3 branch
++++ Mesa-drivers:
- update to 20.3.3
* third bugfix release for the 20.3 branch
++++ glib-networking:
- Update to version 2.68.alpha:
+ Download and validate missing intermediate certificates
(requires GnuTLS 3.7).
+ OpenSSL backend now uses system crypto policy.
+ Remove use of g_assert in testsuite.
+ Restore support for old versions of OpenSSL.
+ Implement TLS channel bindings API.
+ Implement PKCS#11 API.
+ Update testsuite for Fedora 33 crypto policy.
+ Fix NULL dereference in g_tls_connection_base_read_message.
+ Fix a couple code issues found by Coverity.
++++ kernel-default:
- arm*: config: Disable CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE (bsc#1180928)
We don't need those deprecated ciphers to be enabled, as nothing
should be using them
- commit 936fdc1
++++ colord:
- allow access to /usr/local/share/color in AppArmor profile (boo#1180898)
++++ rpm:
- Add explicit requirement on python-rpm-macros to avoid widespread
breakage by package mistakenly ignoring their requirement of
python-rpm-macros (bsc#1180125).
++++ psmisc:
- Now with 23.3 peekfd is build even for aarch64
- Rework 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch
and split off the patch psmisc-v23.3-selinux.patch
- Rework 0002-Use-new-statx-2-system-call-to-avoid-hangs-on-NFS.patch
- New patch psmisc-v23.3-selinux.patch
- Rename patch psmisc-v23.2.dif which is now psmisc-v23.3.dif
++++ sudo:
- Update to 1.9.5.p1
* Fixed a regression introduced in sudo 1.9.5 where the editor run
by sudoedit was set-user-ID root unless SELinux RBAC was in use.
The editor is now run with the user's real and effective user-IDs.
- News in 1.9.5
* Fixed a crash introduced in 1.9.4 when running "sudo -i" as an
unknown user. This is related to but distinct from Bug #948.
* If the "lecture_file" setting is enabled in sudoers, it must now
refer to a regular file or a symbolic link to a regular file.
* Fixed a potential use-after-free bug in sudo_logsrvd when the
server shuts down if there are existing connections from clients
that are only logging events and not session I/O data.
* Fixed a buffer size mismatch when serializing the list of IP
addresses for configured network interfaces. This bug is not
actually exploitable since the allocated buffer is large enough
to hold the list of addresses.
* If sudo is executed with a name other than "sudo" or "sudoedit",
it will now fall back to "sudo" as the program name. This affects
warning, help and usage messages as well as the matching of Debug
lines in the /etc/sudo.conf file. Previously, it was possible
for the invoking user to manipulate the program name by setting
argv[0] to an arbitrary value when executing sudo. (bsc#1180687)
* Sudo now checks for failure when setting the close-on-exec flag
on open file descriptors. This should never fail but, if it
were to, there is the possibility of a file descriptor leak to
a child process (such as the command sudo runs).
* Fixed CVE-2021-23239, a potential information leak in sudoedit
that could be used to test for the existence of directories not
normally accessible to the user in certain circumstances. When
creating a new file, sudoedit checks to make sure the parent
directory of the new file exists before running the editor.
However, a race condition exists if the invoking user can replace
(or create) the parent directory. If a symbolic link is created
in place of the parent directory, sudoedit will run the editor
as long as the target of the link exists. If the target of the
link does not exist, an error message will be displayed. The
race condition can be used to test for the existence of an
arbitrary directory. However, it _cannot_ be used to write to
an arbitrary location. (bsc#1180684)
* Fixed CVE-2021-23240, a flaw in the temporary file handling of
sudoedit's SELinux RBAC support. On systems where SELinux is
enabled, a user with sudoedit permissions may be able to set the
owner of an arbitrary file to the user-ID of the target user.
On Linux kernels that support "protected symlinks", setting
/proc/sys/fs/protected_symlinks to 1 will prevent the bug from
being exploited. For more information see
https://www.sudo.ws/alerts/sudoedit_selinux.html. (bsc#1180685)
* Added writability checks for sudoedit when SELinux RBAC is in use.
This makes sudoedit behavior consistent regardless of whether
or not SELinux RBAC is in use. Previously, the "sudoedit_checkdir"
setting had no effect for RBAC entries.
* A new sudoers option "selinux" can be used to disable sudo's
SELinux RBAC support.
* Quieted warnings from PVS Studio, clang analyzer, and cppcheck.
Added suppression annotations for PVS Studio false positives.
++++ system-users:
- system-user-tss.conf: Remove group entry, not needed and did
contain syntax errors (bsc#1190401).
- remove duplicate group entry:
- system-user-tftp.conf
- system-user-uuidd.conf
- system-user-uucp.conf
- system-user-uucp.conf
- system-user-ftp.conf
- system-user-games.conf
- system-user-news.conf
++++ sysuser-tools:
- Use systemd-sysusers as default to create and update the user
account. Fixes the problem that a modified sysusers config file
get's ignored by useradd and adduser [bsc#1180549].
++++ update-alternatives:
- don't remove slave links that turned into master. Happens on usrmerge
(boo#1180939, update-alternatives-slavetomaster.patch)
------------------------------------------------------------------
------------------ 2021-1-13 - Jan 13 2021 -------------------
------------------------------------------------------------------
++++ apparmor:
- prepare usrmerge (boo#1029961)
* use %_pamdir
++++ kernel-default:
- nvmem: Add driver to expose reserved memory as nvmem (jsc#SLE-SLE-16616).
- Update config files: Enable nvmem-rmem as module on arm64 & armv7+lpae, disable it otherwise
This is needed early to get boot-loader configuration working on RPi4;
an essential feature.
- commit c9a364d
- Update config files: Enable i2c_mux_pinctrl (jsc#SLE-15318)
- commit 709516b
- scsi: ufs: Fix -Wsometimes-uninitialized warning (git-fixes).
- commit 1c33a89
- Linux 5.10.7 (bsc#1012628).
- i40e: Fix Error I40E_AQ_RC_EINVAL when removing VFs
(bsc#1012628).
- iavf: fix double-release of rtnl_lock (bsc#1012628).
- net: mvpp2: Add TCAM entry to drop flow control pause frames
(bsc#1012628).
- net: mvpp2: prs: fix PPPoE with ipv6 packet parse (bsc#1012628).
- net: systemport: set dev->max_mtu to UMAC_MAX_MTU_SIZE
(bsc#1012628).
- ethernet: ucc_geth: fix use-after-free in ucc_geth_remove()
(bsc#1012628).
- ethernet: ucc_geth: set dev->max_mtu to 1518 (bsc#1012628).
- ionic: account for vlan tag len in rx buffer len (bsc#1012628).
- atm: idt77252: call pci_disable_device() on error path
(bsc#1012628).
- net: mvpp2: Fix GoP port 3 Networking Complex Control
configurations (bsc#1012628).
- net: stmmac: dwmac-meson8b: ignore the second clock input
(bsc#1012628).
- ibmvnic: fix login buffer memory leak (bsc#1012628).
- ibmvnic: continue fatal error reset after passive init
(bsc#1012628).
- net: ethernet: mvneta: Fix error handling in mvneta_probe
(bsc#1012628).
- qede: fix offload for IPIP tunnel packets (bsc#1012628).
- virtio_net: Fix recursive call to cpus_read_lock()
(bsc#1012628).
- net/ncsi: Use real net-device for response handler
(bsc#1012628).
- net: ethernet: Fix memleak in ethoc_probe (bsc#1012628).
- net-sysfs: take the rtnl lock when storing xps_cpus
(bsc#1012628).
- net-sysfs: take the rtnl lock when accessing xps_cpus_map and
num_tc (bsc#1012628).
- net-sysfs: take the rtnl lock when storing xps_rxqs
(bsc#1012628).
- net-sysfs: take the rtnl lock when accessing xps_rxqs_map and
num_tc (bsc#1012628).
- net: ethernet: ti: cpts: fix ethtool output when no ptp_clock
registered (bsc#1012628).
- tun: fix return value when the number of iovs exceeds
MAX_SKB_FRAGS (bsc#1012628).
- e1000e: Only run S0ix flows if shutdown succeeded (bsc#1012628).
- e1000e: bump up timeout to wait when ME un-configures ULP mode
(bsc#1012628).
- Revert "e1000e: disable s0ix entry and exit flows for ME
systems" (bsc#1012628).
- e1000e: Export S0ix flags to ethtool (bsc#1012628).
- bnxt_en: Check TQM rings for maximum supported value
(bsc#1012628).
- net: mvpp2: fix pkt coalescing int-threshold configuration
(bsc#1012628).
- bnxt_en: Fix AER recovery (bsc#1012628).
- ipv4: Ignore ECN bits for fib lookups in fib_compute_spec_dst()
(bsc#1012628).
- net: sched: prevent invalid Scell_log shift count (bsc#1012628).
- net: hns: fix return value check in __lb_other_process()
(bsc#1012628).
- erspan: fix version 1 check in gre_parse_header() (bsc#1012628).
- net: hdlc_ppp: Fix issues when mod_timer is called while timer
is running (bsc#1012628).
- bareudp: set NETIF_F_LLTX flag (bsc#1012628).
- bareudp: Fix use of incorrect min_headroom size (bsc#1012628).
- vhost_net: fix ubuf refcount incorrectly when sendmsg fails
(bsc#1012628).
- r8169: work around power-saving bug on some chip versions
(bsc#1012628).
- net: dsa: lantiq_gswip: Enable GSWIP_MII_CFG_EN also for
internal PHYs (bsc#1012628).
- net: dsa: lantiq_gswip: Fix GSWIP_MII_CFG(p) register access
(bsc#1012628).
- CDC-NCM: remove "connected" log message (bsc#1012628).
- ibmvnic: fix: NULL pointer dereference (bsc#1012628).
- net: usb: qmi_wwan: add Quectel EM160R-GL (bsc#1012628).
- selftests: mlxsw: Set headroom size of correct port
(bsc#1012628).
- stmmac: intel: Add PCI IDs for TGL-H platform (bsc#1012628).
- selftests/vm: fix building protection keys test (bsc#1012628).
- block: add debugfs stanza for QUEUE_FLAG_NOWAIT (bsc#1012628).
- workqueue: Kick a worker based on the actual activation of
delayed works (bsc#1012628).
- scsi: ufs: Fix wrong print message in dev_err() (bsc#1012628).
- scsi: ufs-pci: Fix restore from S4 for Intel controllers
(bsc#1012628).
- scsi: ufs-pci: Ensure UFS device is in PowerDown mode for
suspend-to-disk ->poweroff() (bsc#1012628).
- scsi: ufs-pci: Fix recovery from hibernate exit errors for
Intel controllers (bsc#1012628).
- scsi: ufs-pci: Enable UFSHCD_CAP_RPM_AUTOSUSPEND for Intel
controllers (bsc#1012628).
- scsi: block: Introduce BLK_MQ_REQ_PM (bsc#1012628).
- scsi: ide: Do not set the RQF_PREEMPT flag for sense requests
(bsc#1012628).
- scsi: ide: Mark power management requests with RQF_PM instead
of RQF_PREEMPT (bsc#1012628).
- scsi: scsi_transport_spi: Set RQF_PM for domain validation
commands (bsc#1012628).
- scsi: core: Only process PM requests if rpm_status != RPM_ACTIVE
(bsc#1012628).
- local64.h: make <asm/local64.h> mandatory (bsc#1012628).
- lib/genalloc: fix the overflow when size is too big
(bsc#1012628).
- depmod: handle the case of /sbin/depmod without /sbin in PATH
(bsc#1012628).
- scsi: ufs: Clear UAC for FFU and RPMB LUNs (bsc#1012628).
- kbuild: don't hardcode depmod path (bsc#1012628).
- Bluetooth: revert: hci_h5: close serdev device and free hu in
h5_close (bsc#1012628).
- scsi: block: Remove RQF_PREEMPT and BLK_MQ_REQ_PREEMPT
(bsc#1012628).
- scsi: block: Do not accept any requests while suspended
(bsc#1012628).
- crypto: ecdh - avoid buffer overflow in ecdh_set_secret()
(bsc#1012628).
- crypto: asym_tpm: correct zero out potential secrets
(bsc#1012628).
- powerpc: Handle .text.{hot,unlikely}.* in linker script
(bsc#1012628).
- Staging: comedi: Return -EFAULT if copy_to_user() fails
(bsc#1012628).
- staging: mt7621-dma: Fix a resource leak in an error handling
path (bsc#1012628).
- usb: gadget: enable super speed plus (bsc#1012628).
- USB: cdc-acm: blacklist another IR Droid device (bsc#1012628).
- USB: cdc-wdm: Fix use after free in
service_outstanding_interrupt() (bsc#1012628).
- usb: typec: intel_pmc_mux: Configure HPD first for HPD+IRQ
request (bsc#1012628).
- usb: dwc3: meson-g12a: disable clk on error handling path in
probe (bsc#1012628).
- usb: dwc3: gadget: Restart DWC3 gadget when enabling pullup
(bsc#1012628).
- usb: dwc3: gadget: Clear wait flag on dequeue (bsc#1012628).
- usb: dwc3: ulpi: Use VStsDone to detect PHY regs access
completion (bsc#1012628).
- usb: dwc3: ulpi: Replace CPU-based busyloop with Protocol-based
one (bsc#1012628).
- usb: dwc3: ulpi: Fix USB2.0 HS/FS/LS PHY suspend regression
(bsc#1012628).
- usb: chipidea: ci_hdrc_imx: add missing put_device() call in
usbmisc_get_init_data() (bsc#1012628).
- USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST
quirk set (bsc#1012628).
- usb: usbip: vhci_hcd: protect shift size (bsc#1012628).
- usb: uas: Add PNY USB Portable SSD to unusual_uas (bsc#1012628).
- USB: serial: iuu_phoenix: fix DMA from stack (bsc#1012628).
- USB: serial: option: add LongSung M5710 module support
(bsc#1012628).
- USB: serial: option: add Quectel EM160R-GL (bsc#1012628).
- USB: yurex: fix control-URB timeout handling (bsc#1012628).
- USB: usblp: fix DMA to stack (bsc#1012628).
- ALSA: usb-audio: Fix UBSAN warnings for MIDI jacks
(bsc#1012628).
- usb: gadget: select CONFIG_CRC32 (bsc#1012628).
- USB: Gadget: dummy-hcd: Fix shift-out-of-bounds bug
(bsc#1012628).
- usb: gadget: f_uac2: reset wMaxPacketSize (bsc#1012628).
- usb: gadget: function: printer: Fix a memory leak for interface
descriptor (bsc#1012628).
- usb: gadget: u_ether: Fix MTU size mismatch with RX packet size
(bsc#1012628).
- USB: gadget: legacy: fix return error code in acm_ms_bind()
(bsc#1012628).
- usb: gadget: Fix spinlock lockup on usb_function_deactivate
(bsc#1012628).
- usb: gadget: configfs: Preserve function ordering after bind
failure (bsc#1012628).
- usb: gadget: configfs: Fix use-after-free issue with udc_name
(bsc#1012628).
- USB: serial: keyspan_pda: remove unused variable (bsc#1012628).
- hwmon: (amd_energy) fix allocation of hwmon_channel_info config
(bsc#1012628).
- mm: make wait_on_page_writeback() wait for multiple pending
writebacks (bsc#1012628).
- x86/mm: Fix leak of pmd ptlock (bsc#1012628).
- KVM: x86/mmu: Use -1 to flag an undefined spte in
get_mmio_spte() (bsc#1012628).
- KVM: x86/mmu: Get root level from walkers when retrieving MMIO
SPTE (bsc#1012628).
- kvm: check tlbs_dirty directly (bsc#1012628).
- KVM: x86/mmu: Ensure TDP MMU roots are freed after yield
(bsc#1012628).
- x86/resctrl: Use an IPI instead of task_work_add() to update
PQR_ASSOC MSR (bsc#1012628).
- x86/resctrl: Don't move a task to the same resource group
(bsc#1012628).
- blk-iocost: fix NULL iocg deref from racing against
initialization (bsc#1012628).
- ALSA: hda/via: Fix runtime PM for Clevo W35xSS (bsc#1012628).
- ALSA: hda/conexant: add a new hda codec CX11970 (bsc#1012628).
- ALSA: hda/realtek - Fix speaker volume control on Lenovo C940
(bsc#1012628).
- ALSA: hda/realtek: Add mute LED quirk for more HP laptops
(bsc#1012628).
- ALSA: hda/realtek: Enable mute and micmute LED on HP EliteBook
850 G7 (bsc#1012628).
- ALSA: hda/realtek: Add two "Intel Reference board" SSID in
the ALC256 (bsc#1012628).
- iommu/vt-d: Move intel_iommu info from struct intel_svm to
struct intel_svm_dev (bsc#1012628).
- btrfs: qgroup: don't try to wait flushing if we're already
holding a transaction (bsc#1012628).
- btrfs: send: fix wrong file path when there is an inode with
a pending rmdir (bsc#1012628).
- Revert "device property: Keep secondary firmware node secondary
by type" (bsc#1012628).
- dmabuf: fix use-after-free of dmabuf's file->f_inode
(bsc#1012628).
- arm64: link with -z norelro for LLD or aarch64-elf
(bsc#1012628).
- drm/i915: clear the shadow batch (bsc#1012628).
- drm/i915: clear the gpu reloc batch (bsc#1012628).
- bcache: fix typo from SUUP to SUPP in features.h (bsc#1012628).
- bcache: check unsupported feature sets for bcache register
(bsc#1012628).
- bcache: introduce BCH_FEATURE_INCOMPAT_LOG_LARGE_BUCKET_SIZE
for large bucket (bsc#1012628).
- net/mlx5e: Fix SWP offsets when vlan inserted by driver
(bsc#1012628).
- ARM: dts: OMAP3: disable AES on N950/N9 (bsc#1012628).
- netfilter: x_tables: Update remaining dereference to RCU
(bsc#1012628).
- netfilter: ipset: fix shift-out-of-bounds in htable_bits()
(bsc#1012628).
- netfilter: xt_RATEEST: reject non-null terminated string from
userspace (bsc#1012628).
- netfilter: nft_dynset: report EOPNOTSUPP on missing set feature
(bsc#1012628).
- dmaengine: idxd: off by one in cleanup code (bsc#1012628).
- x86/mtrr: Correct the range check before performing MTRR type
lookups (bsc#1012628).
- KVM: x86: fix shift out of bounds reported by UBSAN
(bsc#1012628).
- xsk: Fix memory leak for failed bind (bsc#1012628).
- rtlwifi: rise completion at the last step of firmware callback
(bsc#1012628).
- scsi: target: Fix XCOPY NAA identifier lookup (bsc#1012628).
- commit 1ca962e
++++ libapparmor:
- prepare usrmerge (boo#1029961)
* use %_pamdir
++++ harfbuzz:
- Re-enable graphite2 support: TexLive relies on this to be
present:
+ Pass -Dgraphite=enabled to meson.
+ Add pkgconfig(graphite2) BuildRequires.
++++ systemd:
- prepare usrmerge (boo#1029961)
* don't install legacy symlinks to /
* use %_pamdir to install pam modules
* leave nss files in /usr/lib*, glibc loads them from there just
fine independent of usrmerge
++++ salt:
- Remove deprecated warning that breaks minion execution when "server_id_use_crc" opts is missing
- Added:
* remove-deprecated-warning-that-breaks-miniion-execut.patch
- Revert wrong zypper patch to support vendorchanges flags on pkg.install
- Added:
* revert-add-patch-support-for-allow-vendor-change-opt.patch
++++ python-M2Crypto:
- Dr. Strangelove or: How I Learned to Stop Worrying and Love pytest
++++ python-gobject:
- Recompile python cache files after removal of components, include
cache files in correct subpackage
- Fix supplements declarations, where possible. Disable for -gdk.
- Simplify the dependency exclusion from __init__.py to also match
with multiple python3-flavors.
- Remove exec bit from all *.py files in examples, also
subdirectories.
++++ qemu:
- Convert qemu-kvm from a script to a symlink. Using qemu-kvm to
invoke the QEMU emulator has been deprecated for some time,
but is still provided. It has as it's ancient origins a version
of QEMU which had KVM acceleration enabled by default, and then
recently, until now, it is a shell script which execs the QEMU
emulator, adding '-machine accel=kvm' to the beginning of the
list of command line options passed to the emulator.
This method collides with the now preferred method of specifying
acceleration options by using -accel. qemu-kvm is now changed to
simply be a symlink to the same QEMU binary which the prior
script exec'd. This new approach takes advantage of a built-in
QEMU feature where if QEMU is invoked using a program name ending
in 'kvm', KVM emulation is enabled. This approach is better in
that it is more compatible with any other command line option
that may be added for describing acceleration.
For those who have modified qemu-kvm to add additional command
line options, or take other actions in the context of the script
you will now need to create an alternate script "emulator" to
achieve the same result. Note that it's possible there may be
some very subtle behavioral difference in the switch from a
script to a symlink, but given that qemu-kvm is a deprecated
package, we're not going to worry about that.
------------------------------------------------------------------
------------------ 2021-1-12 - Jan 12 2021 -------------------
------------------------------------------------------------------
++++ conmon:
- Update to version 2.0.22:
* added man page
* attach: always chdir
* conn_sock: Explicitly free a heap-allocated string
* refactor I/O and add SD_NOTIFY proxy support
++++ gpg2:
- GnuPG 2.2.27:
* gpgconf: Fix case with neither local nor global gpg.conf
* gpgconf: Fix description of two new options
- includes changes from 2.2.26:
* gpg: New AKL method "ntds"
* gpg: Fix --trusted-key with fingerprint arg
* scd: Fix writing of ECC keys to an OpenPGP card
* scd: Make an USB error fix specific to SPR532 readers
* dirmngr: With new LDAP keyservers store the new attributes.
Never store the useless pgpSignerID. Fix a long standing
bug storing some keys on an ldap server.
* dirmngr: Support the new Active Direcory LDAP schema for
keyservers
* dirmngr: Allow LDAP OpenPGP searches via fingerprint
* dirmngr: Do not block other threads during keyserver LDAP calls
* Support global configuration files
* Fix the iconv fallback handling to UTF-8
++++ kmod:
- Update usr-lib-modprobe.patch to upstream submission (boo#1180821).
- Require libxslt-tools for xsltproc and use local stylesheet.
* no-stylesheet-download.patch
++++ libcontainers-common:
- Update common to 0.33.0:
v0.33:
seccomp: drop 'vmsplice' from the allowed list
Add new function to setup default environment
Implement secrets pkg: backend and filedriver
v0.32:
Do not retry on most syscall failures
Set http_proxy default to true
Add new completion functions for Arch and Os.
v0.31:
Switch default runtime from runc to crun
Add a volume plugins field to containers.conf
Remove libpod.conf
v0.30:
Add ability to set system wide options for slirp4netns
v0.29:
Remove stutter APIs from pkg/umask and pkg/subscriptions.
v0.28:
Add support for enabling/disabling kernel keyring in engines
We should not be setting a default infra command.
Print the error to log info
Move buildah/pkg/secrets to common/pkg/subscriptions
Move some volume and device parsing from buildah to common
v0.27:
fix: Set ping_group_range to 0 0 by default
Allow users to customer the --remote flag to be on by default.
v0.26:
Consolidate reporting functions from Buildah and Podman.
Update pkg/report to consolidate --format flag handling between Buildah and Podman and eventually Skopeo.
v0.25:
Common library now has pkg/formats pulled out of containers/buildah to make it easier to share with other tools.
Recommended containers.conf is also now available to be used by distros and CI/CD systems.
v0.24:
Bump github.com/sirupsen/logrus from 1.6.0 to 1.7.0
Add shared autocomplete functions for podman/buildah
v0.23:
Allow users to specify the default format for image builds
Shell Completion with cobra for login/logout flags
remove fchmodat2 from seccomp.json file
Add support for CONTAINER_CONNECTION environment variable
Bump github.com/containers/image/v5 from 5.5.2 to 5.6.0
Allow pidfd_getfd by default in seccomp.json
Fix problems found by codespell
v0.22:
Add new syscalls to allowed seccomp.json
ValidatePullPolicy case-insensitive
Update default seccomp rules to match fedora rules
Bump github.com/onsi/gomega from 1.10.1 to 1.10.2
Bump github.com/onsi/ginkgo from 1.14.0 to 1.14.1
Bump github.com/containers/storage from 1.23.3 to 1.23.5
Add seccomp validation unit test for failing BuildProfile()
v0.21:
Add BuildFilter() and ValidateProfile() API
Add FindAppArmorParserBinary() helper
Add mock'able unit tests and move package to `internal`
Add owners file
Bump github.com/containers/image/v5 from 5.5.1 to 5.5.2
Bump github.com/containers/storage from 1.23.2 to 1.23.3
Bump golang to 1.15
Change fmt.Errorf calls to be replaced by errors package
Enable retry EOF from http request
Fix all gocritic lints
Fix nested elseif
Migrate seccomp/containers-golang
RetryIfNecessary: add a field for setting the delay in RetryOptions
Update golangci-lint and add config
Update pkg/config/config_darwin.go
Update pkg/config/config_linux.go
Update pkg/config/config_windows.go
Update pkg/retry/retry.go
Validate that apparmor_parser is available on the system
begin migration off travis
containers.conf: Fix ulimits nofile example syntax
fix windows containers.conf path
getCustomConfigFile for windows and darwin
v0.20:
multi_image_archive: add option for `podman save`
Wrap AppArmor errors to provide more debug information
Omit apparmor_parser warnings when parsing the version
Support different zoneinfo locations
Do not mention libpod.conf if no files found
v0.19:
Vendor in containers/storage v1.23.0
Fix duplicated code found by codeverity.
Export NormalizeCapabilities function
Use homedir.GetConfigHome()
Respect XDG_CONFIG_HOME for policy.json and cni
Fix documentation
hooks_dir_path was in wrong location, should be under Enigine section
Fix deprecation warnings about libpod.conf and raise log level
v0.18:
Move retry code to pkg/retry
Bump github.com/containers/storage from 1.21.1 to 1.21.2
v0.17:
Add retry helper functions
Remove extra lock in Reload function
v0.16:
Add support for Umask
Fix config reload race
Add support for multiple service destinations
Bump github.com/containers/storage from 1.21.0 to 1.21.1
Add config reload
Bump github.com/opencontainers/selinux from 1.5.2 to 1.6.0
Bump github.com/onsi/ginkgo from 1.13.0 to 1.14.0
v0.15:
Add support for timezone
Specify container engine in comments of engine env
Add env to [engines] for engine to use
Fix location of stop_timeout in default containers.conf
Bump github.com/containers/image/v5 from 5.4.4 to 5.5.1
Fix testing to not race on containers.conf
pkg/version -> version
Move pkg/version to version to be consistent with other libraries in c/image.
Fixup handling of remote_uri for documentation
Add script to rebuild images on quay.io
Fix AppArmor profile prefix and name
Change AppArmor profile prefix and fix name-check
- Update image to 5.9.0:
v5.5.0:
* Add Security Policy
* Bump to v5.5.0-dev again
* Bump github.com/containers/storage from 1.19.1 to 1.19.2
* Add debug line to get Content-Type from manifests
* Add defaults for using the rootless policy path
* Bump github.com/opencontainers/go-digest from 1.0.0-rc1 to 1.0.0
* Bump github.com/klauspost/pgzip from 1.2.3 to 1.2.4
* pkg/docker/config/ModifyJSON: fix MkdirAll usage
* Bump github.com/vbauerster/mpb/v5 from 5.0.4 to 5.2.1
* Bump github.com/containers/storage from 1.19.2 to 1.20.1
* Bump github.com/klauspost/compress from 1.10.5 to 1.10.6
* Bump github.com/vbauerster/mpb/v5 from 5.2.1 to 5.2.2
* Go module noise
* Fix crash on inspecting an OCI image with no config
* Bump github.com/opencontainers/selinux from 1.5.1 to 1.5.2
* Add hardcode Authfile for windows and mac
* docker/config: initialize dockerConfigFile
* docker/config: add `GetAllCredentials`
* Bump github.com/stretchr/testify from 1.5.1 to 1.6.0
* Bump github.com/klauspost/compress from 1.10.6 to 1.10.7
* Bump github.com/containers/storage from 1.20.1 to 1.20.2
* Add documentation for credHelper
* Fix error messages on !canModifyManifest
* Add support for ProgressEventSkipped
* Bump github.com/stretchr/testify from 1.6.0 to 1.6.1
* Bump github.com/klauspost/compress from 1.10.7 to 1.10.8
* oci: don't overwrite tags pointing at the same manifest
* oci test: simplify length calculation
v5.5.1:
because the Go proxy caches an old version of the 5.5.0 tag, making
it difficult to use 5.5.0.
v5.5.2:
* backports pagination fix
v5.6.0:
* When we can't store signatures, point the user at the destination.
* Update for https://github.com/containers/skopeo/pull/932
* Refactor configPath API
* Load the rootless registries.conf.d for override
* docker config: clean up after test
* blobinfocache: clean up after test
* enable search using pagination
* pkg/docker/config: correct default file mode when create auth.json file
* Update to Go 1.13
* Coverity found potential nil dereference
* Look for normalized paths in tarfile.
* Move docker/tarfile.Destination to docker/internal/tarfile.Destination
* Use the docker/internal/tarfile.Destination from docker/daemon and docker/archive
* Remove deprecated non-SystemContext functions from docker/internal.tarfile
* Introduce Destination.configPath and Destination.physicalLayerPath
* Split docker/internal.tarfile.Writer from Destination
* Move createRepositoriesFile to a bit better place
* Split Writer.createManifest from Destination.PutManifest
* Reorganize docker/internal/tarfile.Writer.createManifest a bit
* Move the computation of layerPaths in docker-archive
* Implement writing multiple images in the modern format.
* Split createSingleLegacyLayer from writeLegacyLayerMetadata
* Move legacy layer ID computation to a bit later
* Merge writeLegacyMetadata and createRepositoriesFile
* Implement writing multiple images in the legacy format
* Separate tarfile.Writer creation from Destination creation
* Lock docker/internal/tarfile.Writer to support concurrent uses
* Split openArchiveForWriting from docker/archive/newImageDestination
* Finally, introduce docker/archive.Writer
* use container/storage/pkg/homedir
* Fix an error message on docker-archive:path:name@sha256:$digest
* Move docker/tarfile.Source to docker/internal/tarfile.Source
* Use the docker/internal/tarfile.Source from docker/daemon and docker/archive
* Remove deprecated non-SystemContext functions from docker/internal/tarfile
* Split docker/internal/tarfile.Reader from Source
* Separate tarfile.Reader creation from Source creation
* Read the tarfile manifest already when initializing tarfile.Reader
* Turn tarfile.Source.LoadTarManifest into a TarManifest
* Allow choosing an image from tarfile.Reader by reference
* Introduce docker-archive:path:@index syntax for reading untagged images
* Introduce docker/archive.Reader
* Finally, share a tarfile.Reader across archiveSource objects
* Add docker/archive.NewReaderForReference
* Add docker/archive.Reader.ManifestTagsForReference
* Support per user registries.d
* Move TestInvalidPolicyFormatError
* Reduce duplication in policy_config_test.go
* Eliminate more duplication in signature/policy_config_tests.go
* Return error body if UnexpectedHTTPResponseError
* Set NoLchown to true in untar opts
v5.7.0:
* add comment on CVE-2020-15157
* Bump github.com/containers/storage from 1.23.5 to 1.23.6
* Search credentials under XDG_CONFIG_HOME
* Bump github.com/klauspost/compress from 1.11.0 to 1.11.1
* Use $DOCKER_CONFIG/config.json to match the docker CLI.
* Bump github.com/sirupsen/logrus from 1.6.0 to 1.7.0
* Regenerate oci/layout fixture certificates
* Extend the lifetime of test certificates to 10 years
* Set default rootless sigstore
* Update copier/imagecopier to fix race
* Fix problems found by codespell
v5.8.0:
* pkg/shortnames
* Finally, split configuration loading and merging
* Reorder merging code in loadConfig to match field order in V2RegistriesConf
* Remove "TODO: separate upper format from internal data below:"
* Move shortNameMode from V2RegistriesConf to parsedConfig
* Behavior change: Move unqualifiedSearchRegistriesOrigin to parsedConfig
* Deprecate TryUpdatingCache return value, warn about parsedConfig.v2
* Some progress: Move aliasCache out of V2RegistriesConf to parsedConfig
* Add a parsedConfig return value to loadConfigFile
* Split shortNameAliasCache.updateWithConfigurationFrom from loadConfig
* Move the creation of shortNameAliasCache to loadConfigFile
* Rename shortNameAliasConf.parseAndValidate to newShortNameAliasCache
* Move the allocation of an empty alias map to editShortNameAlias
* Bump github.com/klauspost/compress from 1.11.1 to 1.11.2
* Split shortNameAliasCache from shortNameAliasConf
* Split the error and success return paths of shortNameAliasConf.parseAndValidate
* Sort Registries in V2RegistriesConf.postProcess
* Make it clearer that .postProcessRegistries() is called on the V2RegistriesConf data
* Make tomlConfig private
* Split loadConfigFile from loadConfig
* Make loadConfig a method on parsedConfig instead of tomlConfig
* Introduce sysregistriesv2.parsedConfig, use it for configCache
* Don't hard-code cache implementation details in tests
* Add a test for correctly merging unqualified-search-registries
* sysregistriesv2: short-name aliasing
* Add GetDigest method to retrieve digest from manifest HEAD request
* Fix misleading network error
* Bump github.com/containers/storage from 1.23.6 to 1.23.7
* docs: update reference to containers-registeries.d.md
v5.9.0:
* copy: check our assumptions about compression
* Add a signedIdentity choice "type": "remapIdentity"
* shortnames: error if there's no alias and no search registries
- Update podman to 2.2.1
v2.2.1
[#]## Changes
- Due to a conflict with a previously-removed field, we were forced to modify the way image volumes (mounting images into containers using `--mount type=image`) were handled in the database. As a result, containers created in Podman 2.2.0 with image volumes will not have them in v2.2.1, and these containers will need to be re-created.
[#]## Bugfixes
- Fixed a bug where rootless Podman would, on systems without the `XDG_RUNTIME_DIR` environment variable defined, use an incorrect path for the PID file of the Podman pause process, causing Podman to fail to start ([#8539](https://github.com/containers/podman/issues/8539)).
- Fixed a bug where containers created using Podman v1.7 and earlier were unusable in Podman due to JSON decode errors ([#8613](https://github.com/containers/podman/issues/8613)).
- Fixed a bug where Podman could retrieve invalid cgroup paths, instead of erroring, for containers that were not running.
- Fixed a bug where the `podman system reset` command would print a warning about a duplicate shutdown handler being registered.
- Fixed a bug where rootless Podman would attempt to mount `sysfs` in circumstances where it was not allowed; some OCI runtimes (notably `crun`) would fall back to alternatives and not fail, but others (notably `runc`) would fail to run containers.
- Fixed a bug where the `podman run` and `podman create` commands would fail to create containers from untagged images ([#8558](https://github.com/containers/podman/issues/8558)).
- Fixed a bug where remote Podman would prompt for a password even when the server did not support password authentication ([#8498](https://github.com/containers/podman/issues/8498)).
- Fixed a bug where the `podman exec` command did not move the Conmon process for the exec session into the correct cgroup.
- Fixed a bug where shell completion for the `ancestor` option to `podman ps --filter` did not work correctly.
- Fixed a bug where detached containers would not properly clean themselves up (or remove themselves if `--rm` was set) if the Podman command that created them was invoked with `--log-level=debug`.
[#]## API
- Fixed a bug where the Compat Create endpoint for Containers did not properly handle the `Binds` and `Mounts` parameters in `HostConfig`.
- Fixed a bug where the Compat Create endpoint for Containers ignored the `Name` query parameter.
- Fixed a bug where the Compat Create endpoint for Containers did not properly handle the "default" value for `NetworkMode` (this value is used extensively by `docker-compose`) ([#8544](https://github.com/containers/podman/issues/8544)).
- Fixed a bug where the Compat Build endpoint for Images would sometimes incorrectly use the `target` query parameter as the image's tag.
[#]## Misc
- Podman v2.2.0 vendored a non-released, custom version of the `github.com/spf13/cobra` package; this has been reverted to the latest upstream release to aid in packaging.
- Updated the containers/image library to v5.9.0
v2.2.0
[#]## Features
- Experimental support for shortname aliasing has been added. This is not enabled by default, but can be turned on by setting the environment variable `CONTAINERS_SHORT_NAME_ALIASING` to `on`. Documentation is [available here](https://github.com/containers/image/blob/master/docs/containers-registries.conf.5.md#short-name-aliasing) and [here](https://www.redhat.com/sysadmin/container-image-short-names).
- Initial support has been added for the `podman network connect` and `podman network disconnect` commands, which allow existing containers to modify what networks they are connected to. At present, these commands can only be used on running containers that did not specify `--network=none` when they were created.
- The `podman run` command now supports the `--network-alias` option to set network aliases (additional names the container can be accessed at from other containers via DNS if the `dnsname` CNI plugin is in use). Aliases can also be added and removed using the new `podman network connect` and `podman network disconnect` commands. Please note that this requires a new release (v1.1.0) of the `dnsname` plugin, and will only work on newly-created CNI networks.
- The `podman generate kube` command now features support for exporting container's memory and CPU limits ([#7855](https://github.com/containers/podman/issues/7855)).
- The `podman play kube` command now features support for setting CPU and Memory limits for containers ([#7742](https://github.com/containers/podman/issues/7742)).
- The `podman play kube` command now supports persistent volumes claims using Podman named volumes.
- The `podman play kube` command now supports Kubernetes configmaps via the `--configmap` option ([#7567](https://github.com/containers/podman/issues/7567)).
- The `podman play kube` command now supports a `--log-driver` option to set the log driver for created containers.
- The `podman play kube` command now supports a `--start` option, enabled by default, to start the pod after creating it. This allows for `podman play kube` to be more easily used in systemd unitfiles.
- The `podman network create` command now supports the `--ipv6` option to enable dual-stack IPv6 networking for created networks ([#7302](https://github.com/containers/podman/issues/7302)).
- The `podman inspect` command can now inspect pods, networks, and volumes, in addition to containers and images ([#6757](https://github.com/containers/podman/issues/6757)).
- The `--mount` option for `podman run` and `podman create` now supports a new type, `image`, to mount the contents of an image into the container at a given location.
- The Bash and ZSH completions have been completely reworked and have received significant enhancements! Additionally, support for Fish completions and completions for the `podman-remote` executable have been added.
- The `--log-opt` option for `podman create` and `podman run` now supports the `max-size` option to set the maximum size for a container's logs ([#7434](https://github.com/containers/podman/issues/7434)).
- The `--network` option to the `podman pod create` command now allows pods to be configured to use `slirp4netns` networking, even when run as root ([#6097](https://github.com/containers/podman/issues/6097)).
- The `podman pod stop`, `podman pod pause`, `podman pod unpause`, and `podman pod kill` commands now work on multiple containers in parallel and should be significantly faster.
- The `podman search` command now supports a `--list-tags` option to list all available tags for a single image in a single repository.
- The `podman search` command can now output JSON using the `--format=json` option.
- The `podman diff` and `podman mount` commands now work with all containers in the storage library, including those not created by Podman. This allows them to be used with Buildah and CRI-O containers.
- The `podman container exists` command now features a `--external` option to check if a container exists not just in Podman, but also in the storage library. This will allow Podman to identify Buildah and CRI-O containers.
- The `--tls-verify` and `--authfile` options have been enabled for use with remote Podman.
- The `/etc/hosts` file now includes the container's name and hostname (both pointing to localhost) when the container is run with `--net=none` ([#8095](https://github.com/containers/podman/issues/8095)).
- The `podman events` command now supports filtering events based on the labels of the container they occurred on using the `--filter label=key=value` option.
- The `podman volume ls` command now supports filtering volumes based on their labels using the `--filter label=key=value` option.
- The `--volume` and `--mount` options to `podman run` and `podman create` now support two new mount propagation options, `unbindable` and `runbindable`.
- The `name` and `id` filters for `podman pod ps` now match based on a regular expression, instead of requiring an exact match.
- The `podman pod ps` command now supports a new filter `status`, that matches pods in a certain state.
[#]## Changes
- The `podman network rm --force` command will now also remove pods that are using the network ([#7791](https://github.com/containers/podman/issues/7791)).
- The `podman volume rm`, `podman network rm`, and `podman pod rm` commands now return exit code 1 if the object specified for removal does not exist, and exit code 2 if the object is in use and the `--force` option was not given.
- If `/dev/fuse` is passed into Podman containers as a device, Podman will open it before starting the container to ensure that the kernel module is loaded on the host and the device is usable in the container.
- Global Podman options that were not supported with remote operation have been removed from `podman-remote` (e.g. `--cgroup-manager`, `--storage-driver`).
- Many errors have been changed to remove repetition and be more clear as to what has gone wrong.
- The `--storage` option to `podman rm` is now enabled by default, with slightly changed semantics. If the given container does not exist in Podman but does exist in the storage library, it will be removed even without the `--storage` option. If the container exists in Podman it will be removed normally. The `--storage` option for `podman rm` is now deprecated and will be removed in a future release.
- The `--storage` option to `podman ps` has been renamed to `--external`. An alias has been added so the old form of the option will continue to work.
- Podman now delays the SIGTERM and SIGINT signals during container creation to ensure that Podman is not stopped midway through creating a container resulting in potential resource leakage ([#7941](https://github.com/containers/podman/issues/7941)).
- The `podman save` command now strips signatures from images it is exporting, as the formats we export to do not support signatures ([#7659](https://github.com/containers/podman/issues/7659)).
- A new `Degraded` state has been added to pods. Pods that have some, but not all, of their containers running are now considered to be `Degraded` instead of `Running`.
- Podman will now print a warning when conflicting network options related to port forwarding (e.g. `--publish` and `--net=host`) are specified when creating a container.
- The `--restart on-failure` and `--rm` options for containers no longer conflict. When both are specified, the container will be restarted if it exits with a non-zero error code, and removed if it exits cleanly ([#7906](https://github.com/containers/podman/issues/7906)).
- Remote Podman will no longer use settings from the client's `containers.conf`; defaults will instead be provided by the server's `containers.conf` ([#7657](https://github.com/containers/podman/issues/7657)).
- The `podman network rm` command now has a new alias, `podman network remove` ([#8402](https://github.com/containers/podman/issues/8402)).
[#]## Bugfixes
- Fixed a bug where `podman load` on the remote client did not error when attempting to load a directory, which is not yet supported for remote use.
- Fixed a bug where rootless Podman could hang when the `newuidmap` binary was not installed ([#7776](https://github.com/containers/podman/issues/7776)).
- Fixed a bug where the `--pull` option to `podman run`, `podman create`, and `podman build` did not match Docker's behavior.
- Fixed a bug where sysctl settings from the `containers.conf` configuration file were applied, even if the container did not join the namespace associated with a sysctl.
- Fixed a bug where Podman would not return the text of errors encounted when trying to run a healthcheck for a container.
- Fixed a bug where Podman was accidentally setting the `containers` environment variable in addition to the expected `container` environment variable.
- Fixed a bug where rootless Podman using CNI networking did not properly clean up DNS entries for removed containers ([#7789](https://github.com/containers/podman/issues/7789)).
- Fixed a bug where the `podman untag --all` command was not supported with remote Podman.
- Fixed a bug where the `podman system service` command could time out even if active attach connections were present ([#7826](https://github.com/containers/podman/issues/7826)).
- Fixed a bug where the `podman system service` command would sometimes never time out despite no active connections being present.
- Fixed a bug where Podman's handling of capabilities, specifically inheritable, did not match Docker's.
- Fixed a bug where `podman run` would fail if the image specified was a manifest list and had already been pulled ([#7798](https://github.com/containers/podman/pull/7798)).
- Fixed a bug where Podman did not take search registries into account when looking up images locally ([#6381](https://github.com/containers/podman/issues/6381)).
- Fixed a bug where the `podman manifest inspect` command would fail for images that had already been pulled ([#7726](https://github.com/containers/podman/issues/7726)).
- Fixed a bug where rootless Podman would not add supplemental GIDs to containers when when a user, but not a group, was set via the `--user` option to `podman create` and `podman run` and sufficient GIDs were available to add the groups ([#7782](https://github.com/containers/podman/issues/7782)).
- Fixed a bug where remote Podman commands did not properly handle cases where the user gave a name that could also be a short ID for a pod or container ([#7837](https://github.com/containers/podman/issues/7837)).
- Fixed a bug where `podman image prune` could leave images ready to be pruned after `podman image prune` was run ([#7872](https://github.com/containers/podman/issues/7872)).
- Fixed a bug where the `podman logs` command with the `journald` log driver would not read all available logs ([#7476](https://github.com/containers/podman/issues/7476)).
- Fixed a bug where the `--rm` and `--restart` options to `podman create` and `podman run` did not conflict when a restart policy that is not `on-failure` was chosen ([#7878](https://github.com/containers/podman/issues/7878)).
- Fixed a bug where the `--format "table {{ .Field }}"` option to numerous Podman commands ceased to function on Podman v2.0 and up.
- Fixed a bug where pods did not properly share an SELinux label between their containers, resulting in containers being unable to see the processes of other containers when the pod shared a PID namespace ([#7886](https://github.com/containers/podman/issues/7886)).
- Fixed a bug where the `--namespace` option to `podman ps` did not work with the remote client ([#7903](https://github.com/containers/podman/issues/7903)).
- Fixed a bug where rootless Podman incorrectly calculated the number of UIDs available in the container if multiple different ranges of UIDs were specified.
- Fixed a bug where the `/etc/hosts` file would not be correctly populated for containers in a user namespace ([#7490](https://github.com/containers/podman/issues/7490)).
- Fixed a bug where the `podman network create` and `podman network remove` commands could race when run in parallel, with unpredictable results ([#7807](https://github.com/containers/podman/issues/7807)).
- Fixed a bug where the `-p` option to `podman run`, `podman create`, and `podman pod create` would, when given only a single number (e.g. `-p 80`), assign the same port for both host and container, instead of generating a random host port ([#7947](https://github.com/containers/podman/issues/7947)).
- Fixed a bug where Podman containers did not properly store the cgroup manager they were created with, causing them to stop functioning after the cgroup manager was changed in `containers.conf` or with the `--cgroup-manager` option ([#7830](https://github.com/containers/podman/issues/7830)).
- Fixed a bug where the `podman inspect` command did not include information on the CNI networks a container was connected to if it was not running.
- Fixed a bug where the `podman attach` command would not print a newline after detaching from the container ([#7751](https://github.com/containers/podman/issues/7751)).
- Fixed a bug where the `HOME` environment variable was not set properly in containers when the `--userns=keep-id` option was set ([#8004](https://github.com/containers/podman/issues/8004)).
- Fixed a bug where the `podman container restore` command could panic when the container in question was in a pod ([#8026](https://github.com/containers/podman/issues/8026)).
- Fixed a bug where the output of the `podman image trust show --raw` command was not properly formatted.
- Fixed a bug where the `podman runlabel` command could panic if a label to run was not given ([#8038](https://github.com/containers/podman/issues/8038)).
- Fixed a bug where the `podman run` and `podman start --attach` commands would exit with an error when the user detached manually using the detach keys on remote Podman ([#7979](https://github.com/containers/podman/issues/7979)).
- Fixed a bug where rootless CNI networking did not use the `dnsname` CNI plugin if it was not available on the host, despite it always being available in the container used for rootless networking ([#8040](https://github.com/containers/podman/issues/8040)).
- Fixed a bug where Podman did not properly handle cases where an OCI runtime is specified by its full path, and could revert to using another OCI runtime with the same binary path that existed in the system `$PATH` on subsequent invocations.
- Fixed a bug where the `--net=host` option to `podman create` and `podman run` would cause the `/etc/hosts` file to be incorrectly populated ([#8054](https://github.com/containers/podman/issues/8054)).
- Fixed a bug where the `podman inspect` command did not include container network information when the container shared its network namespace (IE, joined a pod or another container's network namespace via `--net=container:...`) ([#8073](https://github.com/containers/podman/issues/8073)).
- Fixed a bug where the `podman ps` command did not include information on all ports a container was publishing.
- Fixed a bug where the `podman build` command incorrectly forwarded `STDIN` into build containers from `RUN` instructions.
- Fixed a bug where the `podman wait` command's `--interval` option did not work when units were not specified for the duration ([#8088](https://github.com/containers/podman/issues/8088)).
- Fixed a bug where the `--detach-keys` and `--detach` options could be passed to `podman create` despite having no effect (and not making sense in that context).
- Fixed a bug where Podman could not start containers if running on a system without a `/etc/resolv.conf` file (which occurs on some WSL2 images) ([#8089](https://github.com/containers/podman/issues/8089)).
- Fixed a bug where the `--extract` option to `podman cp` was nonfunctional.
- Fixed a bug where the `--cidfile` option to `podman run` would, when the container was not run with `--detach`, only create the file after the container exited ([#8091](https://github.com/containers/podman/issues/8091)).
- Fixed a bug where the `podman images` and `podman images -a` commands could panic and not list any images when certain improperly-formatted images were present in storage ([#8148](https://github.com/containers/podman/issues/8148)).
- Fixed a bug where the `podman events` command could, when the `journald` events backend was in use, become nonfunctional when a badly-formatted event or a log message that container certain string was present in the journal ([#8125](https://github.com/containers/podman/issues/8125)).
- Fixed a bug where remote Podman would, when using SSH transport, not authenticate to the server using hostkeys when connecting on a port other than 22 ([#8139](https://github.com/containers/podman/issues/8139)).
- Fixed a bug where the `podman attach` command would not exit when containers stopped ([#8154](https://github.com/containers/podman/issues/8154)).
- Fixed a bug where Podman did not properly clean paths before verifying them, resulting in Podman refusing to start if the root or temporary directories were specified with extra trailing `/` characters ([#8160](https://github.com/containers/podman/issues/8160)).
- Fixed a bug where remote Podman did not support hashed hostnames in the `known_hosts` file on the host for establishing connections ([#8159](https://github.com/containers/podman/pull/8159)).
- Fixed a bug where the `podman image exists` command would return non-zero (false) when multiple potential matches for the given name existed.
- Fixed a bug where the `podman manifest inspect` command on images that are not manifest lists would error instead of inspecting the image ([#8023](https://github.com/containers/podman/issues/8023)).
- Fixed a bug where the `podman system service` command would fail if the directory the Unix socket was to be created inside did not exist ([#8184](https://github.com/containers/podman/issues/8184)).
- Fixed a bug where pods that shared the IPC namespace (which is done by default) did not share a `/dev/shm` filesystem between all containers in the pod ([#8181](https://github.com/containers/podman/issues/8181)).
- Fixed a bug where filters passed to `podman volume list` were not inclusive ([#6765](https://github.com/containers/podman/issues/6765)).
- Fixed a bug where the `podman volume create` command would fail when the volume's data directory already existed (as might occur when a volume was not completely removed) ([#8253](https://github.com/containers/podman/issues/8253)).
- Fixed a bug where the `podman run` and `podman create` commands would deadlock when trying to create a container that mounted the same named volume at multiple locations (e.g. `podman run -v testvol:/test1 -v testvol:/test2`) ([#8221](https://github.com/containers/podman/issues/8221)).
- Fixed a bug where the parsing of the `--net` option to `podman build` was incorrect ([#8322](https://github.com/containers/podman/issues/8322)).
- Fixed a bug where the `podman build` command would print the ID of the built image twice when using remote Podman ([#8332](https://github.com/containers/podman/issues/8332)).
- Fixed a bug where the `podman stats` command did not show memory limits for containers ([#8265](https://github.com/containers/podman/issues/8265)).
- Fixed a bug where the `podman pod inspect` command printed the static MAC address of the pod in a non-human-readable format ([#8386](https://github.com/containers/podman/pull/8386)).
- Fixed a bug where the `--tls-verify` option of the `podman play kube` command had its logic inverted (`false` would enforce the use of TLS, `true` would disable it).
- Fixed a bug where the `podman network rm` command would error when trying to remove `macvlan` networks and rootless CNI networks ([#8491](https://github.com/containers/podman/issues/8491)).
- Fixed a bug where Podman was not setting sane defaults for missing `XDG_` environment variables.
- Fixed a bug where remote Podman would check if volume paths to be mounted in the container existed on the host, not the server ([#8473](https://github.com/containers/podman/issues/8473)).
- Fixed a bug where the `podman manifest create` and `podman manifest add` commands on local images would drop any images in the manifest not pulled by the host.
- Fixed a bug where networks made by `podman network create` did not include the `tuning` plugin, and as such did not support setting custom MAC addresses ([#8385](https://github.com/containers/podman/issues/8385)).
- Fixed a bug where container healthchecks did not use `$PATH` when searching for the Podman executable to run the healthcheck.
- Fixed a bug where the `--ip-range` option to `podman network create` did not properly handle non-classful subnets when calculating the last usable IP for DHCP assignment ([#8448](https://github.com/containers/podman/issues/8448)).
- Fixed a bug where the `podman container ps` alias for `podman ps` was missing ([#8445](https://github.com/containers/podman/issues/8445)).
[#]## API
- The Compat Create endpoint for Container has received a major refactor to share more code with the Libpod Create endpoint, and should be significantly more stable.
- A Compat endpoint for exporting multiple images at once, `GET /images/get`, has been added ([#7950](https://github.com/containers/podman/issues/7950)).
- The Compat Network Connect and Network Disconnect endpoints have been added.
- Endpoints that deal with image registries now support a `X-Registry-Config` header to specify registry authentication configuration.
- The Compat Create endpoint for images now properly supports specifying images by digest.
- The Libpod Build endpoint for images now supports an `httpproxy` query parameter which, if set to true, will forward the server's HTTP proxy settings into the build container for `RUN` instructions.
- The Libpod Untag endpoint for images will now remove all tags for the given image if no repository and tag are specified for removal.
- Fixed a bug where the Ping endpoint misspelled a header name (`Libpod-Buildha-Version` instead of `Libpod-Buildah-Version`).
- Fixed a bug where the Ping endpoint sent an extra newline at the end of its response where Docker did not.
- Fixed a bug where the Compat Logs endpoint for containers did not send a newline character after each log line.
- Fixed a bug where the Compat Logs endpoint for containers would mangle line endings to change newline characters to add a preceding carriage return ([#7942](https://github.com/containers/podman/issues/7942)).
- Fixed a bug where the Compat Inspect endpoint for Containers did not properly list the container's stop signal ([#7917](https://github.com/containers/podman/issues/7917)).
- Fixed a bug where the Compat Inspect endpoint for Containers formatted the container's create time incorrectly ([#7860](https://github.com/containers/podman/issues/7860)).
- Fixed a bug where the Compat Inspect endpoint for Containers did not include the container's Path, Args, and Restart Count.
- Fixed a bug where the Compat Inspect endpoint for Containers prefixed added and dropped capabilities with `CAP_` (Docker does not do so).
- Fixed a bug where the Compat Info endpoint for the Engine did not include configured registries.
- Fixed a bug where the server could panic if a client closed a connection midway through an image pull ([#7896](https://github.com/containers/podman/issues/7896)).
- Fixed a bug where the Compat Create endpoint for volumes returned an error when a volume with the same name already existed, instead of succeeding with a 201 code ([#7740](https://github.com/containers/podman/issues/7740)).
- Fixed a bug where a client disconnecting from the Libpod or Compat events endpoints could result in the server using 100% CPU ([#7946](https://github.com/containers/podman/issues/7946)).
- Fixed a bug where the "no such image" error message sent by the Compat Inspect endpoint for Images returned a 404 status code with an error that was improperly formatted for Docker compatibility.
- Fixed a bug where the Compat Create endpoint for networks did not properly set a default for the `driver` parameter if it was not provided by the client.
- Fixed a bug where the Compat Inspect endpoint for images did not populate the `RootFS` field of the response.
- Fixed a bug where the Compat Inspect endpoint for images would omit the `ParentId` field if the image had no parent, and the `Created` field if the image did not have a creation time.
- Fixed a bug where the Compat Remove endpoint for Networks did not support the `Force` query parameter.
[#]## Misc
- Updated Buildah to v1.18.0
- Updated the containers/storage library to v1.24.1
- Updated the containers/image library to v5.8.1
- Updated the containers/common library to v0.27.0
v2.2.0-rc2
APIv2
* Fix Bugs and compatability
* Fix list of images - mandatory Created attribute
* Add network connect|disconnect compat endpoints
Missing Commands
* Add alias for podman network rm -> remove
* Add podman container ps command
Missing Options support
* Align the podman pod ps --filter behavior with podman ps
* Allow containers to --restart on-failure with --rm
* Allow multiple --network flags for podman run/create
Documentation:
* Containers.conf settings for remote connections
* Specify what the replace flag replaces in help text
* Clarify ps(1) fallback of `podman top`
Improve shell completions
Bugs
* Fix ip-range for classless subnet masks
* Make c.networks() list include the default network
* Make podman service log events
* Set PATH env in systemd timer.
* Fix container cgroup lookup
v2.2.0-RC1
This is the first release candidate for Podman v2.2.0. Preliminary release notes are below:
[#]# 2.2.0
[#]## Features
- Experimental support for shortname aliasing has been added. This is not enabled by default, but can be turned on by setting the environment variable `CONTAINERS_SHORT_NAME_ALIASING` to `on`. Documentation is [available here](https://github.com/containers/image/blob/master/docs/containers-registries.conf.5.md#short-name-aliasing).
- The `podman generate kube` command now features support for exporting container's memory and CPU limits ([#7855](https://github.com/containers/podman/issues/7855)).
- The `podman play kube` command now features support for setting CPU and Memory limits for containers ([#7742](https://github.com/containers/podman/issues/7742)).
- The `podman play kube` command now supports Kubernetes configmaps via the `--configmap` option ([#7567](https://github.com/containers/podman/issues/7567)).
- The `podman play kube` command now supports a `--log-driver` option to set the log driver for created containers.
- The `podman play kube` command now supports a `--start` option, enabled by default, to start the pod after creating it. This allows for `podman play kube` to be more easily used in systemd unitfiles.
- The `podman run` command now supports the `--network-alias` option to set network aliases (additional names the container can be accessed at from other containers via DNS if the `dnsname` CNI plugin is in use). Please note that this requires a new release (v1.1.0) of the `dnsname` plugin, and will only work on newly-created CNI networks.
- The `podman network create` command now supports the `--ipv6` option to enable dual-stack IPv6 networking for created networks ([#7302](https://github.com/containers/podman/issues/7302)).
- The `podman inspect` command can now inspect pods, networks, and volumes, in addition to containers and images ([#6757](https://github.com/containers/podman/issues/6757)).
- The `--mount` option for `podman run` and `podman create` now supports a new type, `image`, to mount the contents of an image into the container at a given location.
- The Bash and ZSH completions have been completely reworked and have received significant enhancements! Additionally, support for Fish completions and completions for the `podman-remote` executable have been added.
- The `--log-opt` option for `podman create` and `podman run` now supports the `max-size` option to set the maximum size for a container's logs ([#7434](https://github.com/containers/podman/issues/7434)).
- The `--network` option to the `podman pod create` command now allows pods to be configured to use `slirp4netns` networking, even when run as root ([#6097](https://github.com/containers/podman/issues/6097)).
- The `podman pod stop`, `podman pod pause`, `podman pod unpause`, and `podman pod kill` commands now work on multiple containers in parallel and should be significantly faster.
- The `podman search` command now supports a `--list-tags` option to list all available tags for a single image in a single repository.
- The `podman search` command can now output JSON using the `--format=json` option.
- The `podman diff` and `podman mount` commands now work with all containers in the storage library, including those not created by Podman. This allows them to be used with Buildah and CRI-O containers.
- The `podman container exists` command now features a `--external` option to check if a container exists not just in Podman, but also in the storage library. This will allow Podman to identify Buildah and CRI-O containers.
- The `--tls-verify` and `--authfile` options have been enabled for use with remote Podman.
- The `/etc/hosts` file now includes the container's name and hostname (both pointing to localhost) when the container is run with `--net=none` ([#8095](https://github.com/containers/podman/issues/8095)).
- The `podman events` command now supports filtering events based on the labels of the container they occurred on using the `--filter label=key=value` option.
- The `podman volume ls` command now supports filtering volumes based on their labels using the `--filter label=key=value` option.
- The `--volume` and `--mount` options to `podman run` and `podman create` now support two new mount propagation options, `unbindable` and `runbindable`.
- The `name` filter for `podman pod ps` now matches based on a regular expression, instead of requiring an exact match.
[#]## Changes
- The `podman network rm --force` command will now also remove pods that are using the network ([#7791](https://github.com/containers/podman/issues/7791)).
- The `podman volume rm`, `podman network rm`, and `podman pod rm` commands now return exit code 1 if the object specified for removal does not exist, and exit code 2 if the object is in use and the `--force` option was not given.
- If `/dev/fuse` is passed into Podman containers as a device, Podman will open it before starting the container to ensure that the kernel module is loaded on the host and the device is usable in the container.
- Global Podman options that were not supported with remote operation have been removed from `podman-remote` (e.g. `--cgroup-manager`, `--storage-driver`).
- Many errors have been changed to remove repetition and be more clear as to what has gone wrong.
- The `--storage` option to `podman rm` is now enabled by default, with slightly changed semantics. If the given container does not exist in Podman but does exist in the storage library, it will be removed even without the `--storage` option. If the container exists in Podman it will be removed normally. The `--storage` option for `podman rm` is now deprecated and will be removed in a future release.
- The `--storage` option to `podman ps` has been renamed to `--external`. An alias has been added so the old form of the option will continue to work.
- Podman now delays the SIGTERM and SIGINT signals during container creation to ensure that Podman is not stopped midway through creating a container resulting in potential resource leakage ([#7941](https://github.com/containers/podman/issues/7941)).
- The `podman save` command now strips signatures from images it is exporting, as the formats we export to do not support signatures ([#7659](https://github.com/containers/podman/issues/7659)).
- A new `Degraded` state has been added to pods. Pods that have some, but not all, of their containers running are now considered to be `Degraded` instead of `Running`.
[#]## Bugfixes
- Fixed a bug where `podman load` on the remote client did not error when attempting to load a directory, which is not yet supported for remote use.
- Fixed a bug where rootless Podman could hang when the `newuidmap` binary was not installed ([#7776](https://github.com/containers/podman/issues/7776)).
- Fixed a bug where the `--pull` option to `podman run`, `podman create`, and `podman build` did not match Docker's behavior.
- Fixed a bug where sysctl settings from the `containers.conf` configuration file were applied, even if the container did not join the namespace associated with a sysctl.
- Fixed a bug where Podman would not return the text of errors encounted when trying to run a healthcheck for a container.
- Fixed a bug where Podman was accidentally setting the `containers` environment variable in addition to the expected `container` environment variable.
- Fixed a bug where rootless Podman using CNI networking did not properly clean up DNS entries for removed containers ([#7789](https://github.com/containers/podman/issues/7789)).
- Fixed a bug where the `podman untag --all` command was not supported with remote Podman.
- Fixed a bug where the `podman system service` command could time out even if active attach connections were present ([#7826](https://github.com/containers/podman/issues/7826)).
- Fixed a bug where the `podman system service` command would sometimes never time out despite no active connections being present.
- Fixed a bug where Podman's handling of capabilities, specifically inheritable, did not match Docker's.
- Fixed a bug where `podman run` would fail if the image specified was a manifest list and had already been pulled ([#7798](https://github.com/containers/podman/pull/7798)).
- Fixed a bug where Podman did not take search registries into account when looking up images locally ([#6381](https://github.com/containers/podman/issues/6381)).
- Fixed a bug where the `podman manifest inspect` command would fail for images that had already been pulled ([#7726](https://github.com/containers/podman/issues/7726)).
- Fixed a bug where rootless Podman would not add supplemental GIDs to containers when when a user, but not a group, was set via the `--user` option to `podman create` and `podman run` and sufficient GIDs were available to add the groups ([#7782](https://github.com/containers/podman/issues/7782)).
- Fixed a bug where remote Podman commands did not properly handle cases where the user gave a name that could also be a short ID for a pod or container ([#7837](https://github.com/containers/podman/issues/7837)).
- Fixed a bug where `podman image prune` could leave images ready to be pruned after `podman image prune` was run ([#7872](https://github.com/containers/podman/issues/7872)).
- Fixed a bug where the `podman logs` command with the `journald` log driver would not read all available logs ([#7476](https://github.com/containers/podman/issues/7476)).
- Fixed a bug where the `--rm` and `--restart` options to `podman create` and `podman run` did not conflict when a restart policy that is not `on-failure` was chosen ([#7878](https://github.com/containers/podman/issues/7878)).
- Fixed a bug where the `--format "table {{ .Field }}"` option to numerous Podman commands ceased to function on Podman v2.0 and up.
- Fixed a bug where pods did not properly share an SELinux label between their containers, resulting in containers being unable to see the processes of other containers when the pod shared a PID namespace ([#7886](https://github.com/containers/podman/issues/7886)).
- Fixed a bug where the `--namespace` option to `podman ps` did not work with the remote client ([#7903](https://github.com/containers/podman/issues/7903)).
- Fixed a bug where rootless Podman incorrectly calculated the number of UIDs available in the container if multiple different ranges of UIDs were specified.
- Fixed a bug where the `/etc/hosts` file would not be correctly populated for containers in a user namespace ([#7490](https://github.com/containers/podman/issues/7490)).
- Fixed a bug where the `podman network create` and `podman network remove` commands could race when run in parallel, with unpredictable results ([#7807](https://github.com/containers/podman/issues/7807)).
- Fixed a bug where the `-p` option to `podman run`, `podman create`, and `podman pod create` would, when given only a single number (e.g. `-p 80`), assign the same port for both host and container, instead of generating a random host port ([#7947](https://github.com/containers/podman/issues/7947)).
- Fixed a bug where Podman containers did not properly store the cgroup manager they were created with, causing them to stop functioning after the cgroup manager was changed in `containers.conf` or with the `--cgroup-manager` option ([#7830](https://github.com/containers/podman/issues/7830)).
- Fixed a bug where the `podman inspect` command did not include information on the CNI networks a container was connected to if it was not running.
- Fixed a bug where the `podman attach` command would not print a newline after detaching from the container ([#7751](https://github.com/containers/podman/issues/7751)).
- Fixed a bug where the `HOME` environment variable was not set properly in containers when the `--userns=keep-id` option was set ([#8004](https://github.com/containers/podman/issues/8004)).
- Fixed a bug where the `podman container restore` command could panic when the container in question was in a pod ([#8026](https://github.com/containers/podman/issues/8026)).
- Fixed a bug where the output of the `podman image trust show --raw` command was not properly formatted.
- Fixed a bug where the `podman runlabel` command could panic if a label to run was not given ([#8038](https://github.com/containers/podman/issues/8038)).
- Fixed a bug where the `podman run` and `podman start --attach` commands would exit with an error when the user detached manually using the detach keys on remote Podman ([#7979](https://github.com/containers/podman/issues/7979)).
- Fixed a bug where rootless CNI networking did not use the `dnsname` CNI plugin if it was not available on the host, despite it always being available in the container used for rootless networking ([#8040](https://github.com/containers/podman/issues/8040)).
- Fixed a bug where Podman did not properly handle cases where an OCI runtime is specified by its full path, and could revert to using another OCI runtime with the same binary path that existed in the system `$PATH` on subsequent invocations.
- Fixed a bug where the `--net=host` option to `podman create` and `podman run` would cause the `/etc/hosts` file to be incorrectly populated ([#8054](https://github.com/containers/podman/issues/8054)).
- Fixed a bug where the `podman inspect` command did not include container network information when the container shared its network namespace (IE, joined a pod or another container's network namespace via `--net=container:...`) ([#8073](https://github.com/containers/podman/issues/8073)).
- Fixed a bug where the `podman ps` command did not include information on all ports a container was publishing.
- Fixed a bug where the `podman build` command incorrectly forwarded `STDIN` into build containers from `RUN` instructions.
- Fixed a bug where the `podman wait` command's `--interval` option did not work when units were not specified for the duration ([#8088](https://github.com/containers/podman/issues/8088)).
- Fixed a bug where the `--detach-keys` and `--detach` options could be passed to `podman create` despite having no effect (and not making sense in that context).
- Fixed a bug where Podman could not start containers if running on a system without a `/etc/resolv.conf` file (which occurs on some WSL2 images) ([#8089](https://github.com/containers/podman/issues/8089)).
- Fixed a bug where the `--extract` option to `podman cp` was nonfunctional.
- Fixed a bug where the `--cidfile` option to `podman run` would, when the container was not run with `--detach`, only create the file after the container exited ([#8091](https://github.com/containers/podman/issues/8091)).
- Fixed a bug where the `podman images` and `podman images -a` commands could panic and not list any images when certain improperly-formatted images were present in storage ([#8148](https://github.com/containers/podman/issues/8148)).
- Fixed a bug where the `podman events` command could, when the `journald` events backend was in use, become nonfunctional when a badly-formatted event or a log message that container certain string was present in the journal ([#8125](https://github.com/containers/podman/issues/8125)).
- Fixed a bug where remote Podman would, when using SSH transport, not authenticate to the server using hostkeys when connecting on a port other than 22 ([#8139](https://github.com/containers/podman/issues/8139)).
- Fixed a bug where the `podman attach` command would not exit when containers stopped ([#8154](https://github.com/containers/podman/issues/8154)).
- Fixed a bug where Podman did not properly clean paths before verifying them, resulting in Podman refusing to start if the root or temporary directories were specified with extra trailing `/` characters ([#8160](https://github.com/containers/podman/issues/8160)).
- Fixed a bug where remote Podman did not support hashed hostnames in the `known_hosts` file on the host for establishing connections ([#8159](https://github.com/containers/podman/pull/8159)).
- Fixed a bug where the `podman image exists` command would return non-zero (false) when multiple potential matches for the given name existed.
- Fixed a bug where the `podman manifest inspect` command on images that are not manifest lists would error instead of inspecting the image ([#8023](https://github.com/containers/podman/issues/8023)).
- Fixed a bug where the `podman system service` command would fail if the directory the Unix socket was to be created inside did not exist ([#8184](https://github.com/containers/podman/issues/8184)).
- Fixed a bug where pods that shared the IPC namespace (which is done by default) did not share a `/dev/shm` filesystem between all containers in the pod ([#8181](https://github.com/containers/podman/issues/8181)).
- Fixed a bug where filters passed to `podman volume list` were not inclusive ([#6765](https://github.com/containers/podman/issues/6765)).
- Fixed a bug where the `podman volume create` command would fail when the volume's data directory already existed (as might occur when a volume was not completely removed) ([#8253](https://github.com/containers/podman/issues/8253)).
- Fixed a bug where the `podman run` and `podman create` commands would deadlock when trying to create a container that mounted the same named volume at multiple locations (e.g. `podman run -v testvol:/test1 -v testvol:/test2`) ([#8221](https://github.com/containers/podman/issues/8221)).
- Fixed a bug where the parsing of the `--net` option to `podman build` was incorrect ([#8322](https://github.com/containers/podman/issues/8322)).
- Fixed a bug where the `podman build` command would print the ID of the built image twice when using remote Podman ([#8332](https://github.com/containers/podman/issues/8332)).
- Fixed a bug where the `podman stats` command did not show memory limits for containers ([#8265](https://github.com/containers/podman/issues/8265)).
- Fixed a bug where the `podman pod inspect` command printed the static MAC address of the pod in a non-human-readable format ([#8386](https://github.com/containers/podman/pull/8386)).
- Fixed a bug where the `--tls-verify` option of the `podman play kube` command had its logic inverted (`false` would enforce the use of TLS, `true` would disable it).
[#]## API
- The Compat Create endpoint for Container has received a major refactor to share more code with the Libpod Create endpoint, and should be significantly more stable.
- A Compat endpoint for exporting multiple images at once, `GET /images/get`, has been added ([#7950](https://github.com/containers/podman/issues/7950)).
- The Compat Network Connect and Network Disconnect endpoints have been added.
- Endpoints that deal with image registries now support a `X-Registry-Config` header to specify registry authentication configuration.
- The Compat Create endpoint for images now properly supports specifying images by digest.
- The Libpod Build endpoint for images now supports an `httpproxy` query parameter which, if set to true, will forward the server's HTTP proxy settings into the build container for `RUN` instructions.
- The Libpod Untag endpoint for images will now remove all tags for the given image if no repository and tag are specified for removal.
- Fixed a bug where the Compat Logs endpoint for containers did not send a newline character after each log line.
- Fixed a bug where the Compat Logs endpoint for containers would mangle line endings to change newline characters to add a preceding carriage return ([#7942](https://github.com/containers/podman/issues/7942)).
- Fixed a bug where the Compat Inspect endpoint for Containers did not properly list the container's stop signal ([#7917](https://github.com/containers/podman/issues/7917)).
- Fixed a bug where the Compat Inspect endpoint for Containers formatted the container's create time incorrectly ([#7860](https://github.com/containers/podman/issues/7860)).
- Fixed a bug where the Compat Inspect endpoint for Containers did not include complete network information on the container.
- Fixed a bug where the server could panic if a client closed a connection midway through an image pull ([#7896](https://github.com/containers/podman/issues/7896)).
- Fixed a bug where the Compat Create endpoint for volumes returned an error when a volume with the same name already existed, instead of succeeding with a 201 code ([#7740](https://github.com/containers/podman/issues/7740)).
- Fixed a bug where a client disconnecting from the Libpod or Compat events endpoints could result in the server using 100% CPU ([#7946](https://github.com/containers/podman/issues/7946)).
- Fixed a bug where the "no such image" error message sent by the Compat Inspect endpoint for Images returned a 404 status code with an error that was improperly formatted for Docker compatibility.
- Fixed a bug where the Compat Create endpoint for networks did not properly set a default for the `driver` parameter if it was not provided by the client.
- Fixed a bug where the Compat Inspect endpoint for images did not populate the `RootFS` field of the response.
[#]## Misc
- Updated Buildah to v1.18.0
- Updated the containers/storage library to v1.24.0
- Updated the containers/image library to v5.8.0
- Updated the containers/common library to v0.27.0
v2.1.1
[#]## Changes
- The `podman info` command now includes the cgroup manager Podman is using.
[#]## Bugfixes
- Fixed a bug where Podman would not build with the `varlink` build tag enabled.
- Fixed a bug where the `podman save` command could, when asked to save multiple images, write its progress bar to the archive instead of the terminal, producing a corrupted archive.
- Fixed a bug where the `json-file` log driver did not write logs.
- Fixed a bug where `podman-remote start --attach` did not properly handle detaching using the detach keys.
- Fixed a bug where `podman pod ps --filter label=...` did not work.
- Fixed a bug where the `podman build` command did not respect the `--runtime` flag.
[#]## API
- The REST API now includes a Server header in all responses.
- Fixed a bug where the Libpod and Compat Attach endpoints could terminate early, before sending all output from the container.
- Fixed a bug where the Compat Create endpoint for containers did not properly handle the Interactive parameter.
- Fixed a bug where the Compat Kill endpoint for containers could continue to run after a fatal error.
- Fixed a bug where the Limit parameter of the Compat List endpoint for Containers did not properly handle a limit of 0 (returning nothing, instead of all containers) ([#7722](https://github.com/containers/podman/issues/7722)).
- The Libpod Stats endpoint for containers is being deprecated and will be replaced by a similar endpoint with additional features in a future release.
v2.1.0
[#]## Features
- A new command, `podman image mount`, has been added. This allows for an image to be mounted, read-only, to inspect its contents without creating a container from it ([#1433](https://github.com/containers/podman/issues/1433)).
- The `podman save` and `podman load` commands can now create and load archives containing multiple images ([#2669](https://github.com/containers/podman/issues/2669)).
- Rootless Podman now supports all `podman network` commands, and rootless containers can now be joined to networks.
- The performance of `podman build` on `ADD` and `COPY` instructions has been greatly improved, especially when a `.dockerignore` is present.
- The `podman run` and `podman create` commands now support a new mode for the `--cgroups` option, `--cgroups=split`. Podman will create two cgroups under the cgroup it was launched in, one for the container and one for Conmon. This mode is useful for running Podman in a systemd unit, as it ensures that all processes are retained in systemd's cgroup hierarchy ([#6400](https://github.com/containers/podman/issues/6400)).
- The `podman run` and `podman create` commands can now specify options to slirp4netns by using the `--network` option as follows: `--net slirp4netns:opt1,opt2`. This allows for, among other things, switching the port forwarder used by slirp4netns away from rootlessport.
- The `podman ps` command now features a new option, `--storage`, to show containers from Buildah, CRI-O and other applications.
- The `podman run` and `podman create` commands now feature a `--sdnotify` option to control the behavior of systemd's sdnotify with containers, enabling improved support for Podman in `Type=notify` units.
- The `podman run` command now features a `--preserve-fds` opton to pass file descriptors from the host into the container ([#6458](https://github.com/containers/podman/issues/6458)).
- The `podman run` and `podman create` commands can now create overlay volume mounts, by adding the `:O` option to a bind mount (e.g. `-v /test:/test:O`). Overlay volume mounts will mount a directory into a container from the host and allow changes to it, but not write those changes back to the directory on the host.
- The `podman play kube` command now supports the Socket HostPath type ([#7112](https://github.com/containers/podman/issues/7112)).
- The `podman play kube` command now supports read-only mounts.
- The `podman play kube` command now supports setting labels on pods from Kubernetes metadata labels.
- The `podman play kube` command now supports setting container restart policy ([#7656](https://github.com/containers/podman/issues/7656)).
- The `podman play kube` command now properly handles `HostAlias` entries.
- The `podman generate kube` command now adds entries to `/etc/hosts` from `--host-add` generated YAML as `HostAlias` entries.
- The `podman play kube` and `podman generate kube` commands now properly support `shareProcessNamespace` to share the PID namespace in pods.
- The `podman volume ls` command now supports the `dangling` filter to identify volumes that are dangling (not attached to any container).
- The `podman run` and `podman create` commands now feature a `--umask` option to set the umask of the created container.
- The `podman create` and `podman run` commands now feature a `--tz` option to set the timezone within the container ([#5128](https://github.com/containers/podman/issues/5128)).
- Environment variables for Podman can now be added in the `containers.conf` configuration file.
- The `--mount` option of `podman run` and `podman create` now supports a new mount type, `type=devpts`, to add a `devpts` mount to the container. This is useful for containers that want to mount `/dev/` from the host into the container, but still create a terminal.
- The `--security-opt` flag to `podman run` and `podman create` now supports a new option, `proc-opts`, to specify options for the container's `/proc` filesystem.
- Podman with the `crun` OCI runtime now supports a new option to `podman run` and `podman create`, `--cgroup-conf`, which allows for advanced configuration of cgroups on cgroups v2 systems.
- The `podman create` and `podman run` commands now support a `--override-variant` option, to override the architecture variant of the image that will be pulled and ran.
- A new global option has been added to Podman, `--runtime-flags`, which allows for setting flags to use when the OCI runtime is called.
- The `podman manifest add` command now supports the `--cert-dir`, `--auth-file`, `--creds`, and `--tls-verify` options.
[#]## Security
- This release resolves CVE-2020-14370, in which environment variables could be leaked between containers created using the Varlink API.
[#]## Changes
- Podman will now retry pulling an image 3 times if a pull fails due to network errors.
- The `podman exec` command would previously print error messages (e.g. `exec session exited with non-zero exit code -1`) when the command run exited with a non-0 exit code. It no longer does this. The `podman exec` command will still exit with the same exit code as the command run in the container did.
- Error messages when creating a container or pod with a name that is already in use have been improved.
- For read-only containers running systemd init, Podman creates a tmpfs filesystem at `/run`. This was previously limited to 65k in size and mounted `noexec`, but is now unlimited size and mounted `exec`.
- The `podman system reset` command no longer removes configuration files for rootless Podman.
[#]## Bugfixes
- Fixed a bug where Podman would not add an entry to `/etc/hosts` for a container if it joined another container's network namespace ([#66782](https://github.com/containers/podman/issues/6678)).
- Fixed a bug where `podman save --format oci-dir` saved the image in an incorrect format ([#6544](https://github.com/containers/podman/issues/6544)).
- Fixed a bug where privileged containers would still configure an AppArmor profile.
- Fixed a bug where the `--format` option of `podman system df` was not properly interpreting format codes that included backslashes ([#7149](https://github.com/containers/podman/issues/7149)).
- Fixed a bug where rootless Podman would ignore errors from `newuidmap` and `newgidmap`, even if `/etc/subuid` and `/etc/subgid` contained valid mappings for the user running Podman.
- Fixed a bug where the `podman commit` command did not properly handle single-character image names ([#7114](https://github.com/containers/podman/issues/7114)).
- Fixed a bug where the output of `podman ps --format=json` did not include a `Status` field ([#6980](https://github.com/containers/podman/issues/6980)).
- Fixed a bug where input to the `--log-level` option was no longer case-insensitive.
- Fixed a bug where `podman images` could segfault when an image pull was aborted while incomplete, leaving an image without a manifest ([#7444](https://github.com/containers/podman/issues/7444)).
- Fixed a bug where rootless Podman would try to create the `~/.config` directory when it did not exist, despite not placing any configuration files inside the directory.
- Fixed a bug where the output of `podman system df` was inconsistent based on whether the `-v` option was specified ([#7405](https://github.com/containers/podman/issues/7405)).
- Fixed a bug where `--security-opt apparmor=unconfined` would error if Apparmor was not enabled on the system ([#7545](https://github.com/containers/podman/issues/7545)).
- Fixed a bug where running `podman stop` on multiple containers starting with `--rm` could sometimes cause `no such container` errors ([#7384](https://github.com/containers/podman/issues/7384)).
- Fixed a bug where `podman-remote` would still try to contact the server when displaying help information about subcommands.
- Fixed a bug where the `podman build --logfile` command would segfault.
- Fixed a bug where the `podman generate systemd` command did not properly handle containers which were created with a name given as `--name=$NAME` instead of `--name $NAME` ([#7157](https://github.com/containers/podman/issues/7157)).
- Fixed a bug where the `podman ps` was ignoring the `--latest` flag.
- Fixed a bug where the `podman-remote kill` command would hang when a signal that did not kill the container was specified ([#7135](https://github.com/containers/podman/issues/7135)).
- Fixed a bug where the `--oom-score-adj` option of `podman run` and `podman create` was nonfunctional.
- Fixed a bug where the `--display` option of `podman runlabel` was nonfunctional.
- Fixed a bug where the `podman runlabel` command would not pull images that did not exist locally on the system.
- Fixed a bug where `podman-remote run` would not exit with the correct code with the container was removed by a `podman-remote rm -f` while `podman-remote run` was still running ([#7117](https://github.com/containers/podman/issues/7117)).
- Fixed a bug where the `podman-remote run --rm` command would error attempting to remove containers that had already been removed (e.g. by `podman-remote rm --force`) ([#7340](https://github.com/containers/podman/issues/7340)).
- Fixed a bug where `podman --user` with a numeric user and `podman run --userns=keepid` could create users in `/etc/passwd` in the container that belong to groups without a corresponding entry in `/etc/group` ([#7389](https://github.com/containers/podman/issues/7389)).
- Fixed a bug where `podman run --userns=keepid` could create entries in `/etc/passwd` with a UID that was already in use by another user ([#7503](https://github.com/containers/podman/issues/7503)).
- Fixed a bug where `podman --user` with a numeric user and `podman run --userns=keepid` could create users that could not be logged into ([#7499](https://github.com/containers/podman/issues/7499)).
- Fixed a bug where trying to join another container's user namespace with `--userns container:$ID` would fail ([#7547](https://github.com/containers/podman/issues/7547)).
- Fixed a bug where the `podman play kube` command would trim underscores from container names ([#7020](https://github.com/containers/podman/issues/7020)).
- Fixed a bug where the `podman attach` command would not show output when attaching to a container with a terminal ([#6523](https://github.com/containers/podman/issues/6253)).
- Fixed a bug where the `podman system df` command could be extremely slow when large quantities of images were present ([#7406](https://github.com/containers/podman/issues/7406)).
- Fixed a bug where `podman images -a` would break if any image pulled by digest was present in the store ([#7651](https://github.com/containers/podman/issues/7651)).
- Fixed a bug where the `--mount` option to `podman run` and `podman create` required the `type=` parameter to be passed first ([#7628](https://github.com/containers/podman/issues/7628)).
- Fixed a bug where the `--infra-command` parameter to `podman pod create` was nonfunctional.
- Fixed a bug where `podman auto-update` would fail for any container started with `--pull=always` ([#7407](https://github.com/containers/podman/issues/7407)).
- Fixed a bug where the `podman wait` command would only accept a single argument.
- Fixed a bug where the parsing of the `--volumes-from` option to `podman run` and `podman create` was broken, making it impossible to use multiple mount options at the same time ([#7701](https://github.com/containers/podman/issues/7701)).
- Fixed a bug where the `podman exec` command would not join executed processes to the container's supplemental groups if the container was started with both the `--user` and `--group-add` options.
- Fixed a bug where the `--iidfile` option to `podman-remote build` was nonfunctional.
[#]## API
- The Libpod API version has been bumped to v2.0.0 due to a breaking change in the Image List API.
- Docker-compatible Volume Endpoints (Create, Inspect, List, Remove, Prune) are now available!
- Added an endpoint for generating systemd unit files for containers.
- The `last` parameter to the Libpod container list endpoint now has an alias, `limit` ([#6413](https://github.com/containers/podman/issues/6413)).
- The Libpod image list API new returns timestamps in Unix format, as integer, as opposed to as strings
- The Compat Inspect endpoint for containers now includes port information in NetworkSettings.
- The Compat List endpoint for images now features limited support for the (deprecated) `filter` query parameter ([#6797](https://github.com/containers/podman/issues/6797)).
- Fixed a bug where the Compat Create endpoint for containers was not correctly handling bind mounts.
- Fixed a bug where the Compat Create endpoint for containers would not return a 404 when the requested image was not present.
- Fixed a bug where the Compat Create endpoint for containers did not properly handle Entrypoint and Command from images.
- Fixed a bug where name history information was not properly added in the Libpod Image List endpoint.
- Fixed a bug where the Libpod image search endpoint improperly populated the Description field of responses.
- Added a `noTrunc` option to the Libpod image search endpoint.
- Fixed a bug where the Pod List API would return null, instead of an empty array, when no pods were present ([#7392](https://github.com/containers/podman/issues/7392)).
- Fixed a bug where endpoints that hijacked would do perform the hijack too early, before being ready to send and receive data ([#7195](https://github.com/containers/podman/issues/7195)).
- Fixed a bug where Pod endpoints that can operate on multiple containers at once (e.g. Kill, Pause, Unpause, Stop) would not forward errors from individual containers that failed.
- The Compat List endpoint for networks now supports filtering results ([#7462](https://github.com/containers/podman/issues/7462)).
- Fixed a bug where the Top endpoint for pods would return both a 500 and 404 when run on a non-existant pod.
- Fixed a bug where Pull endpoints did not stream progress back to the client.
- The Version endpoints (Libpod and Compat) now provide version in a format compatible with Docker.
- All non-hijacking responses to API requests should not include headers with the version of the server.
- Fixed a bug where Libpod and Compat Events endpoints did not send response headers until the first event occurred ([#7263](https://github.com/containers/podman/issues/7263)).
- Fixed a bug where the Build endpoints (Compat and Libpod) did not stream progress to the client.
- Fixed a bug where the Stats endpoints (Compat and Libpod) did not properly handle clients disconnecting.
- Fixed a bug where the Ignore parameter to the Libpod Stop endpoint was not performing properly.
- Fixed a bug where the Compat Logs endpoint for containers did not stream its output in the correct format ([#7196](https://github.com/containers/podman/issues/7196)).
[#]## Misc
- Updated Buildah to v1.16.1
- Updated the containers/storage library to v1.23.5
- Updated the containers/image library to v5.6.0
- Updated the containers/common library to v0.22.0
v2.1.0-RC2
This is the second release candidate for Podman v2.1.0.
v2.1.0-RC1
This is the first release candidate of Podman v2.1.0. Preliminary release notes are attached below:
[#]## Features
- A new command, `podman image mount`, has been added. This allows for an image to be mounted, read-only, to inspect its contents without creating a container from it ([#1433](https://github.com/containers/podman/issues/1433)).
- The `podman save` and `podman load` commands can now create and load archives containing multiple images ([#2669](https://github.com/containers/podman/issues/2669)).
- Rootless Podman now supports all `podman network` commands, and rootless containers can now be joined to networks.
- The performance of `podman build` on `ADD` and `COPY` instructions has been greatly improved, especially when a `.dockerignore` is present.
- The `podman run` and `podman create` commands now support a new mode for the `--cgroups` option, `--cgroups=split`. Podman will create two cgroups under the cgroup it was launched in, one for the container and one for Conmon. This mode is useful for running Podman in a systemd unit, as it ensures that all processes are retained in systemd's cgroup hierarchy ([#6400](https://github.com/containers/podman/issues/6400)).
- The `podman run` and `podman create` commands can now specify options to slirp4netns by using the `--network` option as follows: `--net slirp4netns:opt1,opt2`. This allows for, among other things, switching the port forwarder used by slirp4netns away from rootlessport.
- The `podman ps` command now features a new option, `--storage`, to show containers from Buildah, CRI-O and other applications.
- The `podman run` and `podman create` commands now feature a `--sdnotify` option to control the behavior of systemd's sdnotify with containers, enabling improved support for Podman in `Type=notify` units.
- The `podman run` command now features a `--preserve-fds` opton to pass file descriptors from the host into the container ([#6458](https://github.com/containers/podman/issues/6458)).
- The `podman run` and `podman create` commands can now create overlay volume mounts, by adding the `:O` option to a bind mount (e.g. `-v /test:/test:O`). Overlay volume mounts will mount a directory into a container from the host and allow changes to it, but not write those changes back to the directory on the host.
- The `podman play kube` command now supports the Socket HostPath type ([#7112](https://github.com/containers/podman/issues/7112)).
- The `podman play kube` command now supports read-only mounts.
- The `podman play kube` command now properly handles `HostAlias` entries.
- The `podman generate kube` command now adds entries to `/etc/hosts` from `--host-add` generated YAML as `HostAlias` entries.
- The `podman play kube` and `podman generate kube` commands now properly support `shareProcessNamespace` to share the PID namespace in pods.
- The `podman volume ls` command now supports the `dangling` filter to identify volumes that are dangling (not attached to any container).
- The `podman run` and `podman create` commands now feature a `--umask` option to set the umask of the created container.
- The `podman create` and `podman run` commands now feature a `--tz` option to set the timezone within the container ([#5128](https://github.com/containers/podman/issues/5128)).
- Environment variables for Podman can now be added in the `containers.conf` configuration file.
- The `--mount` option of `podman run` and `podman create` now supports a new mount type, `type=devpts`, to add a `devpts` mount to the container. This is useful for containers that want to mount `/dev/` from the host into the container, but still create a terminal.
- The `--security-opt` flag to `podman run` and `podman create` now supports a new option, `proc-opts`, to specify options for the container's `/proc` filesystem.
- Podman with the `crun` OCI runtime now supports a new option to `podman run` and `podman create`, `--cgroup-conf`, which allows for advanced configuration of cgroups on cgroups v2 systems.
- The `podman create` and `podman run` commands now support a `--override-variant` option, to override the architecture variant of the image that will be pulled and ran.
- A new global option has been added to Podman, `--runtime-flags`, which allows for setting flags to use when the OCI runtime is called.
- The `podman manifest add` command now supports the `--cert-dir`, `--auth-file`, `--creds`, and `--tls-verify` options.
[#]## Changes
- Podman will now retry pulling an image 3 times if a pull fails due to network errors.
- The `podman exec` command would previously print error messages (e.g. `exec session exited with non-zero exit code -1`) when the command run exited with a non-0 exit code. It no longer does this. The `podman exec` command will still exit with the same exit code as the command run in the container did.
- Error messages when creating a container or pod with a name that is already in use have been improved.
- For read-only containers running systemd init, Podman creates a tmpfs filesystem at `/run`. This was previously limited to 65k in size and mounted `noexec`, but is now unlimited size and mounted `exec`.
- The `podman system reset` command no longer removes configuration files for rootless Podman.
[#]## Bugfixes
- Fixed a bug where Podman would not add an entry to `/etc/hosts` for a container if it joined another container's network namespace ([#66782](https://github.com/containers/podman/issues/6678)).
- Fixed a bug where `podman save --format oci-dir` saved the image in an incorrect format ([#6544](https://github.com/containers/podman/issues/6544)).
- Fixed a bug where privileged containers would still configure an AppArmor profile.
- Fixed a bug where the `--format` option of `podman system df` was not properly interpreting format codes that included backslashes ([#7149](https://github.com/containers/podman/issues/7149)).
- Fixed a bug where rootless Podman would ignore errors from `newuidmap` and `newgidmap`, even if `/etc/subuid` and `/etc/subgid` contained valid mappings for the user running Podman.
- Fixed a bug where the `podman commit` command did not properly handle single-character image names ([#7114](https://github.com/containers/podman/issues/7114)).
- Fixed a bug where the output of `podman ps --format=json` did not include a `Status` field ([#6980](https://github.com/containers/podman/issues/6980)).
- Fixed a bug where input to the `--log-level` option was no longer case-insensitive.
- Fixed a bug where `podman images` could segfault when an image pull was aborted while incomplete, leaving an image without a manifest ([#7444](https://github.com/containers/podman/issues/7444)).
- Fixed a bug where rootless Podman would try to create the `~/.config` directory when it did not exist, despite not placing any configuration files inside the directory.
- Fixed a bug where the output of `podman system df` was inconsistent based on whether the `-v` option was specified ([#7405](https://github.com/containers/podman/issues/7405)).
- Fixed a bug where `--security-opt apparmor=unconfined` would error if Apparmor was not enabled on the system ([#7545](https://github.com/containers/podman/issues/7545)).
- Fixed a bug where running `podman stop` on multiple containers starting with `--rm` could sometimes cause `no such container` errors ([#7384](https://github.com/containers/podman/issues/7384)).
- Fixed a bug where `podman-remote` would still try to contact the server when displaying help information about subcommands.
- Fixed a bug where the `podman build --logfile` command would segfault.
- Fixed a bug where the `podman generate systemd` command did not properly handle containers which were created with a name given as `--name=$NAME` instead of `--name $NAME` ([#7157](https://github.com/containers/podman/issues/7157)).
- Fixed a bug where the `podman ps` was ignoring the `--latest` flag.
- Fixed a bug where the `podman-remote kill` command would hang when a signal that did not kill the container was specified ([#7135](https://github.com/containers/podman/issues/7135)).
- Fixed a bug where the `--oom-score-adj` option of `podman run` and `podman create` was nonfunctional.
- Fixed a bug where the `--display` option of `podman runlabel` was nonfunctional.
- Fixed a bug where the `podman runlabel` command would not pull images that did not exist locally on the system.
- Fixed a bug where `podman-remote run` would not exit with the correct code with the container was removed by a `podman-remote rm -f` while `podman-remote run` was still running ([#7117](https://github.com/containers/podman/issues/7117)).
- Fixed a bug where the `podman-remote run --rm` command would error attempting to remove containers that had already been removed (e.g. by `podman-remote rm --force`) ([#7340](https://github.com/containers/podman/issues/7340)).
- Fixed a bug where `podman --user` with a numeric user and `podman run --userns=keepid` could create users in `/etc/passwd` in the container that belong to groups without a corresponding entry in `/etc/group` ([#7389](https://github.com/containers/podman/issues/7389)).
- Fixed a bug where `podman run --userns=keepid` could create entries in `/etc/passwd` with a UID that was already in use by another user ([#7503](https://github.com/containers/podman/issues/7503)).
- Fixed a bug where `podman --user` with a numeric user and `podman run --userns=keepid` could create users that could not be logged into ([#7499](https://github.com/containers/podman/issues/7499)).
- Fixed a bug where trying to join another container's user namespace with `--userns container:$ID` would fail ([#7547](https://github.com/containers/podman/issues/7547)).
- Fixed a bug where the `podman play kube` command would trim underscores from container names ([#7020](https://github.com/containers/podman/issues/7020)).
- Fixed a bug where the `podman attach` command would not show output when attaching to a container with a terminal ([#6523](https://github.com/containers/podman/issues/6253)).
- Fixed a bug where the `podman system df` command could be extremely slow when large quantities of images were present ([#7406](https://github.com/containers/podman/issues/7406)).
[#]## API
- Docker-compatible Volume Endpoints (Create, Inspect, List, Remove, Prune) are now available!
- Added an endpoint for generating systemd unit files for containers.
- The `last` parameter to the Libpod container list endpoint now has an alias, `limit` ([#6413](https://github.com/containers/podman/issues/6413)).
- The Libpod image list API new returns timestamps in Unix format, as integer, as opposed to as strings
- The Compat Inspect endpoint for containers now includes port information in NetworkSettings.
- The Compat List endpoint for images now features limited support for the (deprecated) `filter` query parameter ([#6797](https://github.com/containers/podman/issues/6797)).
- Fixed a bug where the Compat Create endpoint for containers was not correctly handling bind mounts.
- Fixed a bug where the Compat Create endpoint for containers would not return a 404 when the requested image was not present.
- Fixed a bug where the Compat Create endpoint for containers did not properly handle Entrypoint and Command from images.
- Fixed a bug where name history information was not properly added in the Libpod Image List endpoint.
- Fixed a bug where the Libpod image search endpoint improperly populated the Description field of responses.
- Added a `noTrunc` option to the Libpod image search endpoint.
- Fixed a bug where the Pod List API would return null, instead of an empty array, when no pods were present ([#7392](https://github.com/containers/podman/issues/7392)).
- Fixed a bug where endpoints that hijacked would do perform the hijack too early, before being ready to send and receive data ([#7195](https://github.com/containers/podman/issues/7195)).
- Fixed a bug where Pod endpoints that can operate on multiple containers at once (e.g. Kill, Pause, Unpause, Stop) would not forward errors from individual containers that failed.
- The Compat List endpoint for networks now supports filtering results ([#7462](https://github.com/containers/podman/issues/7462)).
- Fixed a bug where the Top endpoint for pods would return both a 500 and 404 when run on a non-existant pod.
[#]## Misc
- Updated Buildah to v1.16.1
- Updated the containers/storage library to v1.23.5
- Updated the containers/common library to v0.22.0
v2.0.6
[#]## Bugfixes
- Fixed a bug where running systemd in a container on a cgroups v1 system would fail.
- Fixed a bug where `/etc/passwd` could be re-created every time a container is restarted if the container's `/etc/passwd` did not contain an entry for the user the container was started as.
- Fixed a bug where containers without an `/etc/passwd` file specifying a non-root user would not start.
- Fixed a bug where the `--remote` flag would sometimes not make remote connections and would instead attempt to run Podman locally.
[#]## Misc
- Updated the containers/common library to v0.14.10
v2.0.6-rc1
This is the first release candidate for Podman v2.0.6. It includes several small bugfixes for issues identified with v2.0.5.
v2.0.5
[#]## Features
- Rootless Podman will now add an entry to `/etc/passwd` for the user who ran Podman if run with `--userns=keep-id`.
- The `podman system connection` command has been reworked to support multiple connections, and reenabled for use!
- Podman now has a new global flag, `--connection`, to specify a connection to a remote Podman API instance.
[#]## Changes
- Podman's automatic systemd integration (activated by the `--systemd=true` flag, set by default) will now activate for containers using `/usr/local/sbin/init` as their command, instead of just `/usr/sbin/init` and `/sbin/init` (and any path ending in `systemd`).
- Seccomp profiles specified by the `--security-opt seccomp=...` flag to `podman create` and `podman run` will now be honored even if the container was created using `--privileged`.
[#]## Bugfixes
- Fixed a bug where the `podman play kube` would not honor the `hostIP` field for port forwarding ([#5964](https://github.com/containers/podman/issues/5964)).
- Fixed a bug where the `podman generate systemd` command would panic on an invalid restart policy being specified ([#7271](https://github.com/containers/podman/issues/7271)).
- Fixed a bug where the `podman images` command could take a very long time (several minutes) to complete when a large number of images were present.
- Fixed a bug where the `podman logs` command with the `--tail` flag would not work properly when a large amount of output would be printed ((#7230)[https://github.com/containers/podman/issues/7230]).
- Fixed a bug where the `podman exec` command with remote Podman would not return a non-zero exit code when the exec session failed to start (e.g. invoking a non-existent command) ([#6893](https://github.com/containers/podman/issues/6893)).
- Fixed a bug where the `podman load` command with remote Podman would did not honor user-specified tags ([#7124](https://github.com/containers/podman/issues/7124)).
- Fixed a bug where the `podman system service` command, when run as a non-root user by Systemd, did not properly handle the Podman pause process and would not restart properly as a result ([#7180](https://github.com/containers/podman/issues/7180)).
- Fixed a bug where the `--publish` flag to `podman create`, `podman run`, and `podman pod create` did not properly handle a host IP of 0.0.0.0 (attempting to bind to literal 0.0.0.0, instead of all IPs on the system) ([#7104](https://github.com/containers/podman/issues/7014)).
- Fixed a bug where the `podman start --attach` command would not print the container's exit code when the command exited due to the container exiting.
- Fixed a bug where the `podman rm` command with remote Podman would not remove volumes, even if the `--volumes` flag was specified ([#7128](https://github.com/containers/podman/issues/7128)).
- Fixed a bug where the `podman run` command with remote Podman and the `--rm` flag could exit before the container was fully removed.
- Fixed a bug where the `--pod new:...` flag to `podman run` and `podman create` would create a pod that did not share any namespaces.
- Fixed a bug where the `--preserve-fds` flag to `podman run` and `podman exec` could close the wrong file descriptors while trying to close user-provided descriptors after passing them into the container.
- Fixed a bug where default environment variables (`$PATH` and `$TERM`) were not set in containers when not provided by the image.
- Fixed a bug where pod infra containers were not properly unmounted after exiting.
- Fixed a bug where networks created with `podman network create` with an IPv6 subnet did not properly set an IPv6 default route.
- Fixed a bug where the `podman save` command would not work properly when its output was piped to another command ([#7017](https://github.com/containers/podman/issues/7017)).
- Fixed a bug where containers using a systemd init on a cgroups v1 system could leak mounts under `/sys/fs/cgroup/systemd` to the host.
- Fixed a bug where `podman build` would not generate an event on completion ([#7022](https://github.com/containers/podman/issues/7022)).
- Fixed a bug where the `podman history` command with remote Podman printed incorrect creation times for layers ([#7122](https://github.com/containers/podman/issues/7122)).
- Fixed a bug where Podman would not create working directories specified by the container image if they did not exist.
- Fixed a bug where Podman did not clear `CMD` from the container image if the user overrode `ENTRYPOINT` ([#7115](https://github.com/containers/podman/issues/7115)).
- Fixed a bug where error parsing image names were not fully reported (part of the error message containing the exact issue was dropped).
- Fixed a bug where the `podman images` command with remote Podman did not support printing image tags in Go templates supplied to the `--format` flag ([#7123](https://github.com/containers/podman/issues/7123)).
- Fixed a bug where the `podman rmi --force` command would not attempt to unmount containers it was removing, which could cause a failure to remove the image.
- Fixed a bug where the `podman generate systemd --new` command could incorrectly quote arguments to Podman that contained whitespace, leading to nonfunctional unit files ([#7285](https://github.com/containers/podman/issues/7285)).
- Fixed a bug where the `podman version` command did not properly include build time and Git commit.
- Fixed a bug where running systemd in a Podman container on a system that did not use the `systemd` cgroup manager would fail ([#6734](https://github.com/containers/podman/issues/6734)).
- Fixed a bug where capabilities from `--cap-add` were not properly added when a container was started as a non-root user via `--user`.
- Fixed a bug where Pod infra containers were not properly cleaned up when they stopped, causing networking issues ([#7103](https://github.com/containers/podman/issues/7103)).
[#]## API
- Fixed a bug where the libpod and compat Build endpoints did not accept the `application/tar` content type (instead only accepting `application/x-tar`) ([#7185](https://github.com/containers/podman/issues/7185)).
- Fixed a bug where the libpod Exists endpoint would attempt to write a second header in some error conditions ([#7197](https://github.com/containers/podman/issues/7197)).
- Fixed a bug where compat and libpod Network Inspect and Network Remove endpoints would return a 500 instead of 404 when the requested network was not found.
- Added a versioned `_ping` endpoint (e.g. `http://localhost/v1.40/_ping`).
- Fixed a bug where containers started through a systemd-managed instance of the REST API would be shut down when `podman system service` shut down due to its idle timeout ([#7294](https://github.com/containers/podman/issues/7294)).
- Added stronger parameter verification for the libpod Network Create endpoint to ensure subnet mask is a valid value.
- The `Pod` URL parameter to the Libpod Container List endpoint has been deprecated; the information previously gated by the `Pod` boolean will now be included in the response unconditionally.
[#]## Misc
- Updated Buildah to v1.15.1
- Updated containers/image library to v5.5.2
v2.0.4
[#]## Bugfixes
- Fixed a bug where the output of `podman image search` did not populate the Description field as it was mistakenly assigned to the ID field.
- Fixed a bug where `podman build -` and `podman build` on an HTTP target would fail.
- Fixed a bug where rootless Podman would improperly chown the copied-up contents of anonymous volumes ([#7130](https://github.com/containers/podman/issues/7130)).
- Fixed a bug where Podman would sometimes HTML-escape special characters in its CLI output.
- Fixed a bug where the `podman start --attach --interactive` command would print the container ID of the container attached to when exiting ([#7068](https://github.com/containers/podman/pull/7068)).
- Fixed a bug where `podman run --ipc=host --pid=host` would only set `--pid=host` and not `--ipc=host` ([#7100](https://github.com/containers/podman/issues/7100)).
- Fixed a bug where the `--publish` argument to `podman run`, `podman create` and `podman pod create` would not allow binding the same container port to more than one host port ([#7062](https://github.com/containers/podman/issues/7062)).
- Fixed a bug where incorrect arguments to `podman images --format` could cause Podman to segfault.
- Fixed a bug where `podman rmi --force` on an image ID with more than one name and at least one container using the image would not completely remove containers using the image ([#7153](https://github.com/containers/podman/issues/7153)).
- Fixed a bug where memory usage in bytes and memory use percentage were swapped in the output of `podman stats --format=json`.
[#]## API
- Fixed a bug where the libpod and compat events endpoints would fail if no filters were specified ([#7078](https://github.com/containers/podman/issues/7078)).
- Fixed a bug where the `CgroupVersion` field in responses from the compat Info endpoint was prefixed by "v" (instead of just being "1" or "2", as is documented).
- Update storage to 1.24.5
1.24.5:
Use STORAGE_DRIVER environment variable in rootless mode
Fix errors about undefined storage driver in vms
idtools: handle single user mapped as root
1.24.4:
Use /run instead of /var/run
archive: Skip FIFO creation in user namespace
1.24.3:
Revert returning storageOpts early in rootless mode.
Log message when graphdriver is not set
1.24.2:
Fix reading of ~/.config/containers/storage.conf
1.24.1:
Fix unshare.HomeDir to use entry in /etc/passwd
1.24.0:
Add support for force_mask field, which allows for sharing container image over NFS shares or between different users on the same system. (Experimental)
1.23.9:
Improve handling Get() in pkg/homedir, handling user namespaced homedirs correctly
Improve ID range selection for automatic user namespace range selection.
Restore usage of rootless_storage_path in user storage.conf
1.20.5:
Fix handling of Interrupts while changing file system attributes.
1.23.8:
Tighten permissions on created directory
Fix handling of EINTR when changing file permissions, being triggered by newer version of golang.
Fix resource leaks and improve error messages.
1.23.7:
Fix handling of SetDefaultConfigFilePath(path)
Switch to handling EINTR when chowning content.
1.23.6:
Lot's of bug fixes.
Drop some Warning messages down to Info level
Improve error messages for users
Improve imput parsing.
Maintain IMA Attributes in image creation
Fix usage of rootless_storage_path from system storage.conf file
Improve devmapper handling.
1.23.5:
For podman v2.0 we need to use use ignore_chown_errors field if set
utils_test.go: make test show mismatching items
Support the rootless storage path from the system file
build(deps): bump github.com/klauspost/compress from 1.10.11 to 1.11.0
1.20.4:
For podman v2.0 we need to use use ignore_chown_errors field if set
1.23.4:
build(deps): bump github.com/klauspost/pgzip from 1.2.4 to 1.2.5
fix goroutine leak with close tatLogger in a defer clause
1.23.3:
Switch to moby/sys/mountinfo
counter: check for external umounts
1.20.3:
counter: check for external umounts
1.23.2:
counter: check for external umounts
1.23.1:
recover use graphLock when mount a layer
build(deps): bump github.com/klauspost/compress from 1.10.10 to 1.10.11
Use `bash` binary from env instead of /bin/bash for scripts
build(deps): bump github.com/klauspost/compress from 1.10.10 to 1.10.11
Allow users to override imagestores
Remove dead code
1.23.0:
* Revert "build(deps): bump github.com/opencontainers/runc"
* Allow any env variable for graphroot, runroot, storagepath
* fileutils.Pattern.compile(): end the regex with the right path separator
* archive: preallocate a buffer for io.Copy
1.22.0:
Allow env variables in graphroot and runroot
userns: make sure host id is not always 0
store: support mapped layers deletion
Cirrus: Fix matrix filter
build(deps): bump github.com/opencontainers/runc
Cirrus: Add success-accumulator task
Cirrus: Note matrix filter resolution
store: support mapped layers deletion
userns: fix host id calculation when ranges overlap
userns: simplify function
Fix leaked fd
Coverity errors found
1.21.2:
archive: fix the bug of ReadSecurityXattrToTarHeader
unbreak build on mipsen harder
unshare: memoize HomeDir()
1.21.1:
userns: fix available range with explicit idmapping
layer mount: fix RO logic
When mounting images we have no lowers, but still need to mount
layerStore: clean residual resources in layerStore when remove an image
Allow mounting of Non Read Write images read/only
Always mount the layer via overlay.
1.21.0:
Remove whitelist and replace with allowed
build(deps): bump github.com/opencontainers/selinux from 1.5.2 to 1.6.0
new interface for MountImage added
Record security.ima in container images
build(deps): bump github.com/opencontainers/runc from 1.0.0-rc90 to 1.0.0-rc91
Store the pvcreate --metadatasize option in storage.conf
new interface Free for deleting Store object
Just uncommenting this line blew up on me
build(deps): bump github.com/hashicorp/go-multierror from 1.0.0 to 1.1.0
Use temp instead of run as fallback directory for rootless mode
Make lock files world readable
Lock files should be CLOEXEC
Stop using golang 1.12
build(deps): bump github.com/klauspost/compress from 1.10.8 to 1.10.10
devmapper: allow devmapper devices as directlvm device
build(deps): bump github.com/stretchr/testify from 1.6.0 to 1.6.1
1.20.2:
Add back skip_mount_home
Update git validation EPOCH
build(deps): bump github.com/opencontainers/runc from 1.0.0-rc9 to 1.0.0-rc90
build(deps): bump github.com/klauspost/compress from 1.10.5 to 1.10.7
build(deps): bump github.com/stretchr/testify from 1.5.1 to 1.6.0
unbreak build on mipsen
- Switch to seccomp profile provided by common instead of podman
- Update containers.conf to match latest version
++++ gpgme:
- gpgme 1.15.1:
* Fix a bug in the secret key export
* Make listing of signatures work if only secret keys are listed
* qt: Avoid empty "rem@gnupg.org" signature notations
* python: Fix key_export functions
- remove deprecated texinfo macros
++++ libzypp:
- Rephrase solver problem descriptions (jsc#SLE-8482)
- Adapt to changed gpg2/libgpgme behavior (bsc#1180721)
- Multicurl backend breaks with with unknown filesize (fixes #277)
- version 17.25.6 (22)
++++ osinfo-db:
- Update database to version 20201218
osinfo-db-20201218.tar.xz
++++ salt:
- Force zyppnotify to prefer Packages.db than Packages if it exists
- Allow vendor change option with zypper
- Add pkg.services_need_restart
- Fix for file.check_perms to work with numeric uid/gid
- Added:
* force-zyppnotify-to-prefer-packages.db-than-packages.patch
* fix-salt.utils.stringutils.to_str-calls-to-make-it-w.patch
* add-patch-support-for-allow-vendor-change-option-wit.patch
* add-pkg.services_need_restart-302.patch
- virt: more network support
Add more network and PCI/USB host devices passthrough support
to virt module and states
- Added:
* open-suse-3002.2-virt-network-311.patch
- Bigvm backports
virt consoles, CPU tuning and topology, and memory tuning.
- Added:
* open-suse-3002.2-bigvm-310.patch
++++ zypper:
- Fix source-download commnds help (bsc#1180663)
- man: Recommend to use the --non-interactive global option
rather than the command option -y (bsc#1179816)
- Extend apt packagemap (fixes #366)
- --quitet: Fix install summary to write nothing if there's
nothing todo (bsc#1180077)
- Prefer /run over /var/run.
- version 1.14.42
------------------------------------------------------------------
------------------ 2021-1-11 - Jan 11 2021 -------------------
------------------------------------------------------------------
++++ bash:
- Update to final bash 5.1
* Which is mainly the last rc3 veresion
- Add official patch bash51-001
There is a missing dependency on a constructed file, which can cause highly
parellel builds to fail.
- Add official patch bash51-002
If there are no jobs, and the `-n' and `-p' options are both supplied to
`wait', bash can assign a value to the variable name specified with `-p'
instead of leaving it unset.
- Add official patch bash51-003
Bash does not put a command substitution process that is started to perform an
expansion in a child process into the right process group where it can receive
keyboard-generated signals.
- Add official patch bash51-004
If a key-value compound array assignment to an associative array is supplied
as an assignment statement argument to the `declare' command that declares the
array, the assignment doesn't perform the correct word expansions.
This patch makes key-value assignment and subscript assignment perform the
same expansions when they're supplied as an argument to `declare'.
++++ ca-certificates:
- Update to version 2+git20210111.eeae41c:
* Make certbundle.run container friendly
++++ container-selinux:
- Update to version 2.154.0
- Allow confined user domains to run confined container domains.
- Allow all containers to use nfs shares, iff virt_use_nfs boolean
is enabled.
- Allow containers to read nsfs file systems.
- KVM Container need to use tunnel sockets created by runtime.
++++ gsettings-desktop-schemas:
- Update to version 40.alpha:
+ Add scroll button locking to trackballs.
+ Move mouse drag-threshold/double-click settings here.
+ Move antialiasing/hinting/rgba-order settings here.
+ Updated translations.
++++ kernel-default:
- Update to 5.11-rc3
- update configs
- NULL_TTY=m
- AQTION=m (also on other architectures than x86_64 and arm64)
- commit 840b25f
++++ hidapi:
- Update to version 0.10.1
* Add FreeBSD/macOS/MinGW/Alpine/Arch Linux/Windows CI
* Add hid_version/hid_version_str API (#192)
* Add podspec to support releases via cocoapods
* Add support for HID over I2C and uhid devices (#166)
* Fix small casting issue
* Fix race condition on device close (#189)
* Fix API prototype for gcc flag -Wstrict-prototypes (#207)
* Fix strict typecast (#206)
* Fix -Wall -Wextra -pedantic -Werror compilation (#214) …
* Drop workaround for kernel < 2.6.34
* Use pkg-config to find libusb on *freebsd
* Reattach kernel driver in hidapi-libusb
* Move local variable declaration to the beginning of the function
++++ libjpeg-turbo:
- Fix setting of FLOATTEST
++++ ncurses:
- Add ncurses patch 20210109
+ fix errata in man/ncurses.3x from recent updates.
+ improve quoting/escaping in configure script, uses some features of
autoconf 2.52.20210105
- Add ncurses patch 20210102
+ update man/curs_memleaks.3x, to include <term.h> which declares
exit_terminfo.
+ clarify man/curs_terminfo.3x, to mention why the macro setterm is
defined in <curses.h>, and remove it from the list of prototypes
(prompted by patch by Graeme McCutcheon).
+ amend man/curs_terminfo.3x, to note that <curses.h> is required
for certain functions, e.g., those using chtype or attr_t for
types, as well as mvcur (cf: 20201031).
+ use parameter-names in prototypes in curs_sp_funcs.3x, for
consistency with other manpages.
- Add ncurses patch 20201227
+ update terminology entry to 1.8.1 -TD
+ fix some compiler-warnings which gcc8 reports incorrectly.
- Add ncurses patch 20201219
+ suppress hyphenation in generated html for manpages, to address
regression in upgrade of groff 1.22.2 to 1.22.3.
+ fix inconsistent sort-order in see-also sections of manpages (report
by Chris Bennett).
- Port patch ncurses-6.2.dif
++++ readline:
- Update to final readline-8.1
which is mainly rc3
- Remove obsolate patches and the signatures
* readline80-001
* readline80-001.sig
* readline80-002
* readline80-002.sig
* readline80-003
* readline80-003.sig
* readline80-004
* readline80-004.sig
- Port patches
* readline-5.2-conf.patch
* readline-6.2-metamode.patch
* readline-6.3-destdir.patch
* readline-6.3-input.dif
* readline-6.3-rltrace.patch
* readline-7.0-screen.patch
- Port and rename patch readline-8.0.dif which is now readline-8.1.dif
++++ salt:
- Fix pkg states when DEB package has "all" arch
- Added:
* fix-aptpkg.normalize_name-when-package-arch-is-all.patch
++++ ovmf:
- Add ovmf-bsc1180079-amd-sev-es-mitigation.patch to mitigate the
potential AMD SEV-ES security issues (bsc#1180079)
- Add the json descriptor for xen-hvm (bsc#1180050)
++++ selinux-policy:
- Update to version 20210111
- Drop fix_policykit.patch (integrated upstream)
- Adjust fix_iptables.patch
- update container policy
++++ vim:
- Updated to version 8.2.2327, fixes the following problems
* Insert mode completion messages end up in message history.
* Vim9: crash when lambda uses same var as assignment.
* Padding not drawn properly for popup window with title.
* Vim9: checking for a non-empty string is too strict.
* Vim9: get E1099 when autocmd triggered in builtin function.
* Vim9: #{ still seen as start of dict in some places.
* Vim9: Using uninitialized variable.
* Vim9: :echo and :execute give error for empty argument.
* Vim9: "exit_cb" causes Vim to exit.
* Vim9: unreachable code in assignment.
* Build failure with tiny features.
* A user command with try/catch may not catch an expression error.
* Memory leak when heredoc is not terminated.
* Vim9: dead code in compiling :unlet.
* Vim9: some corner cases not tested.
* Vim9: concatenating lists does not adjust type of result.
* Vim9: automatic conversion of number to string for dict key.
* Quickfix window title not updated in all tab pages.
* Vim9: crash when user command doesn't match.
* Popupwin test for latin1 sometimes fails.
* Github actions CI isn't used for all available platforms.
* $dir not expanded when configure checks for moonjit.
* screenpos() does not include the WinBar offset.
* Popupwin test for latin1 still fails sometimes.
* Popupwin test for terminal buffer fails sometimes.
* Warning from Github actions for code analysis.
* Github actions run on pusing a tag.
* Vim9: can delete a Vim9 script variable from a function.
* CI on cirrus times out, coveralls doesn't always run.
* Vim9: when declaring a list it is not allocated yet, causing a following
extend() to fail.
* Various typos.
* Arguments -T and -x not tested yet.
* Vim9: Cannot load or store autoload variables.
* Crash when discarded exception is the current exception.
* Vim9: autoload function doesn't work in script that starts with an upper
case letter.
* Vim9: assignment to dict member does not work.
* Auto format doesn't work when deleting text.
* Vim9: assign test fails. (Elimar Riesebieter)
* Vim9: error for assigning to dict of dict.
* Vim9: test leaves file behind.
* Vim9: a global function defined in a :def function fails if it uses
the context.
* Valgrind warning for using uninitialized value.
* Vim9: number of arguments is not always checked. (Yegappan Lakshmanan)
* Vim9: get internal error when assigning to undefined variable.
* Mac version doesn't specify the CPU architecture.
* Github actions: clang-11 handling suboptimal.
* Crash with a sequence of fold commands.
* Pattern "^" does not match if the first character in the line is
combining. (Rene Kita)
* Python 3: non-utf8 character cannot be handled.
* Vim9: crash when indexing a dict with a number.
* Vim9: test for error after error is flaky.
* Valgrind warnings for using uninitialized value.
* Vim9: value of 'magic' is still relevant.
* Vim9: value of 'edcompatible' and 'gdefault' are used.
* Vim9: no error when using "2" for a line number.
* BufUnload is not triggered for the quickfix dummy buffer.
* Vim9: error when using 'opfunc'.
* Python 3 test fails sometimes. (Christian Brabandt)
* Vim9: crash when calling global function from :def function.
* Cannot repeat a command that uses the small delete register.
* Vim9: crash when compiled with EXITFREE.
* Vim9: using wrong name with lambda in nested function.
* Codecov on github actions fails.
* Vim9: can change constant in :def function.
* Vim9: cannot use :const or :final at the script level.
* Failing tests for :const.
* :version output has extra spaces in compile and link command.
* Assert arguments order reversed.
* ml_get error when resizing window and using text property.
* First write after setting 'eol' does not have NL added. (Tomáš Janoušek)
* Vim9: lambda without white space around -> is confusing.
* Write file test fails on MS-Windows.
* Write file test still fails on MS-Windows.
* Moodle gift files are not recognized.
* Vim9: using -> both for method and lambda is confusing.
* Vim9: memory leak when parsing lambda fails.
* :exe command line completion only works for first argument.
* Illegal memory access if popup menu items are changed while the menu is
visible. (Tomáš Janoušek)
* Vim9: after reloading a script variable index may be invalid.
* Vim9: return type of => lambda not parsed.
* Vim9: allocating a type to set TTFLAG_BOOL_OK.
* Vim9: lambda with => does not work at the script level.
* Checking white space around -> is not backwards compatible.
* ":e#" does not give a warning for missing white space.
* Vim9: `=expr` not recognized in global command.
* Vim9: range with missing colon can be hard to spot.
* Vim9: command modifiers not restored in catch block.
* Vim9: failure if passing more arguments to a lambda than expected.
* Vim9: method call with expression not supported.
* Vim9: memory leak when parsing nested parenthesis.
* If <Down> is mapped on the command line 'wildchar' is inserted.
* Vim9: cannot keep script variables when reloading.
* Vim9: Reloading marks a :def function as deleted.
* Vim9: crash if script reloaded with different variable type.
* Vim9: error when using :import in legacy script twice.
* Vim9: script test fails.
* Vim9: recognizing lambda is too complicated.
* Vim9: cannot use ":e #" because # starts a comment.
* build failure without the +eval feature.
* Vim9: insert completion runs into error.
* When "--remote file" is used "file" is not reloaded.
* Compiler error for falling through into next case.
* Cannot convert a byte index into a character index.
* Command line wildmenu test often fails with Unix GUI.
* Build failure with some Ruby versions.
* 'scroll' option can change when setting the statusline or tabline but
the option context is not updated.
* Vim9: cannot load a Vim9 script without the +eval feature.
* Vim9: concatenating lines with backslash is inconvenient.
* Clientserver test fails if full path is used.
* Build with Ruby and clang may fail.
* Vim9: line continuation with bar does not work at script level.
* Crash when popup mask contains zeroes.
* Crash when making the window width of the not-current window negative.
* Vim9: return value of winrestcmd() cannot be executed.
* Cursor keys not recognized at the hit-Enter prompt after executing an
external command.
* VMS: various smaller problems.
* ASAN error on exit with GUI.
* Termcodes test is flaky when used over ssh with X forwarding.
* Vim9: sublist is ambiguous.
* Test failures in legacy script.
* Vim9: crash when using lambda without return type in dict.
* Vim9: expr test fails.
* Vim9: bool option type is number.
* Tcl test fails.
* Vim9: cannot use function( after line break in :def function.
* Vim9: using -> for lambda is ambiguous.
* Not all OCaml related files are detected.
* Test_Executable() fails when using chroot.
* Window resize test fails in very wide terminal.
* Vim9: boolean option gets string type.
* Vim9: converting bool to string prefixes v:.
* Vim9: compilation error with try-catch in skipped block.
* Vim9: no error for mismatched :endfunc or :enddef.
* Error message for missing endfunc/enddef is last line.
* Vim9: it can be hard to see where white space is missing.
* Vim9: cannot use unlet for a dict member.
* Vim9: list unpack seen as declaration.
* Not all :hardcopy code covered by tests.
* Warning for size_t to int conversion. (Randall W. Morris)
* ml_get error when changing hidden buffer in Python.
* Vim9: extend() can violate the type of a variable.
* Build failure.
* badge for Travis is outdated.
* CTRL-C not recognized in Mintty.
* List of distributed files is outdated.
* Missing backslash.
* Falling back to old regexp engine can some patterns.
* Vim9: memory leak with catch in skipped block.
* Fuzzy matching doesn't give access to the scores.
* Vim9: compiled "wincmd" cannot be followed by bar.
* Length check mismatch with argument of strncmp(). (Christian Brabandt)
* Vim9: crash when lambda has fewer arguments than expected.
* Vim9: cannot set an option to a boolean value.
* Vim9: cannot set an option to a false.
* Sort test fails when locale is Canadian English. (Neil H Watson)
* Sort test fails when locale is French Canadian.
* Vim9: line break and comment not always skipped.
* Vim9: 'cpo' can become empty.
* Vim9: unlet of global variable cannot be compiled.
* Vim9: cannot use "null" for v:null.
* Vim: expr test fails.
* Build failure with Motif. (Tony Mechelynck)
* VMS: a few remaining problems.
* Incsearch does not detect empty pattern properly.
* Cannot use CTRL-N and CTRL-P in a popup menu.
* Vim9: cannot set 'number' to a boolean value.
* Vim9: comment right after "(" of function not recognized.
* Vim9: invalid memory access making error message flaky.
* Vim9: wrong order on type stack when using dict.
* Vim9: cannot unlet a dict or list item.
* Vim9: using an option value may use uninitialized memory.
* Vim9: backtick expansion doesn't work for :foldopen.
* Vim9: no test for unletting an imported variable.
* Vim9: "++var" and "--var" are silently accepted.
* Vim9: when using function reference type is not checked.
* A shell command in the vimrc causes terminal output.
* Vim9: no error when assigning lambda to funcref without return value.
* 0o777 not recognized as octal.
* Vim9: winsaveview() return type is too generic.
* Vim9: cannot assign to a variable that shadows a command modifier.
* Build failure with Ruby 3.0 and 32 bits.
* Vim9: using uninitialized field when parsing range. ":silent!" not
respected when parsing range fails.
* Vim9: returning zero takes two instructions.
* Vim9: "enddef" as dict key misintepreted as function end.
* Vim9: cannot list a lambda function.
* Vim9: command modifier before list unpack doesn't work.
* Vim9: string and list index work differently.
* "exptype_T" can be read as "expected type".
* Vim9: no error for comparing bool with string.
* Vim9: cannot nest closures.
* Vim9: closure nested limiting to one level.
* Vim9: error when inferring type from empty dict/list.
* Not easy to get mark en cursor posotion by character count.
* Vim9: crash if map() changes the item type.
* Build error with +eval feature but without +spell.
* Debugging code included.
------------------------------------------------------------------
------------------ 2021-1-10 - Jan 10 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Linux 5.10.6 (bsc#1012628).
- Revert "drm/amd/display: Fix memory leaks in S3 resume"
(bsc#1012628).
- Revert "mtd: spinand: Fix OOB read" (bsc#1012628).
- rtc: pcf2127: move watchdog initialisation to a separate
function (bsc#1012628).
- rtc: pcf2127: only use watchdog when explicitly available
(bsc#1012628).
- dt-bindings: rtc: add reset-source property (bsc#1012628).
- kdev_t: always inline major/minor helper functions
(bsc#1012628).
- Bluetooth: Fix attempting to set RPA timeout when unsupported
(bsc#1012628).
- ALSA: hda/realtek - Modify Dell platform name (bsc#1012628).
- drm/i915/tgl: Fix Combo PHY DPLL fractional divider for 38.4MHz
ref clock (bsc#1012628).
- scsi: ufs: Allow an error return value from ->device_reset()
(bsc#1012628).
- scsi: ufs: Re-enable WriteBooster after device reset
(bsc#1012628).
- RDMA/core: remove use of dma_virt_ops (bsc#1012628).
- RDMA/siw,rxe: Make emulated devices virtual in the device tree
(bsc#1012628).
- fuse: fix bad inode (bsc#1012628).
- perf: Break deadlock involving exec_update_mutex (bsc#1012628).
- rwsem: Implement down_read_killable_nested (bsc#1012628).
- rwsem: Implement down_read_interruptible (bsc#1012628).
- exec: Transform exec_update_mutex into a rw_semaphore
(bsc#1012628).
- mwifiex: Fix possible buffer overflows in
mwifiex_cmd_802_11_ad_hoc_start (bsc#1012628).
- commit 5bdc505
------------------------------------------------------------------
------------------ 2021-1-9 - Jan 9 2021 -------------------
------------------------------------------------------------------
++++ findutils:
- update upstream signing key
- remove deprecated texinfo packaging macros
- run spec-cleaner
- Update to 4.8.0.
Announcement: https://savannah.gnu.org/forum/forum.php?forum_id=9914
- findutils.spec:
- Source0: Fix download URL: remove "pub/".
- %check: Output the content of all test-suite files in case of errors.
- Remove now-upstream patches:
- disable-null-ptr-test.patch
- findutils-gnulib-disable-test-float.patch
- findutils-gnulib-test-avoid-FP-perror-strerror.patch
++++ kernel-default:
- regulator: mt6323: Add OF match table (bsc#1180731).
- regulator: mt6358: Add OF match table (bsc#1180731).
- regulator: mt6360: Add OF match table (bsc#1180731).
- commit a930122
- regulator: mt6323: Add OF match table (bsc#1180731).
- regulator: mt6358: Add OF match table (bsc#1180731).
- regulator: mt6360: Add OF match table (bsc#1180731).
- commit b8fd94e
++++ llvm15:
- Update to version 11.0.1.
* This release contains bug-fixes for the LLVM 11.0.0 release.
This release is API and ABI compatible with 11.0.0.
- Rebase llvm-do-not-install-static-libraries.patch.
- Drop obsolete compiler-rt-dont-compile-assembly-files-as-c.patch.
- Make documentation tarballs more reproducible.
++++ openssl-3:
- Update to 3.0.0 Alpha 10 (CVE-2020-1971)
* See full changelog: www.openssl.org/news/changelog.html
* Fixed NULL pointer deref in the GENERAL_NAME_cmp function
This function could crash if both GENERAL_NAMEs contain an
EDIPARTYNAME. If an attacker can control both items being
compared then this could lead to a possible denial of service
attack. OpenSSL itself uses the GENERAL_NAME_cmp function for
two purposes:
1) Comparing CRL distribution point names between an available
CRL and a CRL distribution point embedded in an X509 certificate
2) When verifying that a timestamp response token signer matches
the timestamp authority name (exposed via the API functions
TS_RESP_verify_response and TS_RESP_verify_token)
* The -cipher-commands and -digest-commands options of the
command line utility list has been deprecated. Instead use
the -cipher-algorithms and -digest-algorithms options.
* Additionally functions that read and write DH objects such as
d2i_DHparams, i2d_DHparams, PEM_read_DHparam, PEM_write_DHparams
and other similar functions have also been deprecated.
Applications should instead use the OSSL_DECODER and OSSL_ENCODER
APIs to read and write DH files.
++++ tar:
- GNU tar 1.33:
* POSIX extended format headers do not include PID by default
* --delay-directory-restore works for archives with reversed
member ordering
* Fix extraction of a symbolic link hardlinked to another
symbolic link
* Wildcards in exclude-vcs-ignore mode don't match slash
* Fix the --no-overwrite-dir option
* Fix handling of chained renames in incremental backups
* Link counting works for file names supplied with -T
* Accept only position-sensitive (file-selection) options in file
list files
- remove deprecated texinfo packaging macros
------------------------------------------------------------------
------------------ 2021-1-8 - Jan 8 2021 -------------------
------------------------------------------------------------------
++++ cni-plugins:
- Update to version 0.9.0:
* tuning: revert values on delete (#540)
* go mod tidy
* bump to go 1.15
* Add ability to trigger retests via comments
* pkg/ns: fix test case to tolerate pids going away.
* Add github build & test actions
* bridge: fix testcase to check addresses we care about
* Remove travis.
* vendor: bump ginkgo, gover
* portmap plugin should flush previous udp connections
* Updating plugin README.md files (#549)
* update netlink dependencies
* Xdhcp: fix example configuration
* VRF: extend supported version to 0.3.1 too.
* VRF CNI: Add an optional table parameter.
* Add more tests for the vrf cni plugin.
* Update github.com/vishvananda/netlink to v1.1.0
* Introduce a new VRF CNI meta plugin.
* Travis: run tests on arm64
* Replace nc with the local echo client.
* Add an echo client to be used instead of nc.
* Bump up the ubuntu version used in CI to bionic.
* flannel: allow input ipam parameters as basis for delegate
* ipvlan: make master config as optional
* Remove extraneous test file in Windows plugin
++++ cyrus-sasl:
- CVE-2020-8032: cyrus-sasl: Local privilege escalation to root
due to insecure tmp file usage. (bsc#1180669)
Use /var/adm/update-scripts/ instead of /tmp. Clean up temporary
files.
++++ kernel-default:
- drm: bail out of nouveau_channel_new if channel init fails
(CVE-2020-25639 bsc#1176846).
- commit c1cbbd6
++++ harfbuzz:
- Switch to meson buildsystem:
+ Add meson BuildRequires and macros.
+ Replace gcc-c++ for generic c++_compiler BuildRequires.
+ Add meson_test macro in check section, run tests during build.
+ Drop pkgconfig(graphite2) BuildRequires: No longer build
graphite2 support, following upstream that disables this by
default.
+ Stop packaging gtk-docs, pass -Ddocs=disabled to meson, this
way we might avoid a build-cycle and since we did not have a
explicit docs subpackage, just silently drop them.
++++ openssl-1_1:
- Allow SHA1 in SECLEVEL 2 in non-FIPS mode
- Add openssl-1_1-seclevel.patch
++++ libslirp:
- Update to version 4.4.0:
* Release v4.4.0
* socket: consume empty packets
* slirp: check pkt_len before reading protocol header
* Remove the QEMU-special make build-system
* Add DNS resolving for iOS
* meson: support compiling as subproject
* meson: remove meson-dist script
* Add G_GNUC_PRINTF to local function slirp_vsnprintf
* sosendoob: better document what urgc is used for
* .gitlab-ci: add a Coverity stage
* TCPIPHDR_DELTA: Fix potential negative value
* udp, udp6, icmp, icmp6: Enable forwarding errors on Linux
* icmp, icmp6: Add icmp_forward_error and icmp6_forward_error
* udp, udp6, icmp: handle TTL value
* ip_stripoptions use memmove
* changelog: post-release
++++ openSUSE-build-key:
- update openSUSE:Factory:zSystems signing key to current version:
pub rsa2048 2016-02-17 [SC] [expires: 2022-08-16]
F00C20EF1E1114C9B5F69B2276CA4244F6AB3975
openSUSE:Factory:zSystems OBS Project <openSUSE:Factory:zSystems@build.opensuse.org>
++++ openssh:
- Update openssh-8.1p1-audit.patch (bsc#1180501). This fixes
occasional crashes on connection termination caused by accessing
freed memory.
++++ slirp4netns:
- Update to version 1.1.8:
* v1.1.8
* CI: bump libslirp to v4.4.0
* tests: Avoid closing pipe grep in cidr test
* v1.1.7+dev
* v1.1.7
* test-slirp4netns-cidr.sh: avoid EPIPE
* CI: s/test-centos/test-centos7/ for clarity
* CI: Test with libslirp 4.3.1 on CentOS 7
* .gitignore: add .vagrant
* Vagrantfile: change VirtualBox itself's slirp CIDR
++++ system-users:
- Add system-user-ntp subpackage with ntp user and group and
/var/lib/ntp as home directory
------------------------------------------------------------------
------------------ 2021-1-7 - Jan 7 2021 -------------------
------------------------------------------------------------------
++++ gdk-pixbuf:
- Add gdk-pixbuf-bsc1180393-CVE-2020-29385.patch:
gif: Fix LZW decoder accepting invalid LZW code. (bsc#1180393)
++++ hwdata:
- Add merge-pciids.pl to fully duplicate behavior of pciutils-ids
* Resolves SLE issue bsc#1180422 bsc#1180482
++++ kernel-default:
- irq: export irq_check_status_bit symbol.
Fix aarch64 builds.
- commit 74f9771
- config: refresh arm configs
- now available: DEBUG_INFO_BTF_MODULES=y
- commit e9c4359
- iwlwifi: dbg: Don't touch the tlv data (bsc#1180344).
- commit cba8ab9
++++ colord:
- Update to version 1.4.5:
+ New Features:
- Add cd_icc_create_default_full
- Add cd_icc_utils_get_adaptation_matrix
- Add cd_mat33_is_finite
- Add support for datacolor SpyderX
+ Bugfixes:
- Check for errors from more sqlite calls
- Fix cd_icc_load_data() annotation for the data array
- Fix cd-sensor-dummy
- Fix more annotation for data arrays
- Fix owner and permissions on existing state files
- Fix segfault due to dereferencing NULL pointer
- Make the build reproductible
- Refactor opening of mapping database and try again if fails
- Drop add-spyderx.patch: Included upstream in new release.
++++ u-boot-rpiarm64:
- Rename sun50ia64 to sun50i_a64 and sun50ih6 to sun50i_h6 to
follow arm-trusted-firmware-* rename
++++ virt-manager:
- bsc#1180069 - L3: virsh edit Error: XML document failed to
validate against schema: Unable to validate doc.
virtinst-smbios-unsupported-for-xenpv.patch
------------------------------------------------------------------
------------------ 2021-1-6 - Jan 6 2021 -------------------
------------------------------------------------------------------
++++ branding-openSUSE:
- Update LibreOffice About image (boo#1180550)
++++ hwdata:
- Update to version 0.343:
+ Updated pci, usb and vendor ids.
++++ kernel-default:
- drm/docs: Fix todo.rst (git-fixes).
- net/sched: sch_taprio: ensure to reset/destroy all child qdiscs
(git-fixes).
- commit 19815f3
- Linux 5.10.5 (bsc#1012628).
- net/sched: sch_taprio: reset child qdiscs before freeing them
(bsc#1012628).
- mptcp: fix security context on server socket (bsc#1012628).
- ethtool: fix error paths in ethnl_set_channels() (bsc#1012628).
- ethtool: fix string set id check (bsc#1012628).
- md/raid10: initialize r10_bio->read_slot before use
(bsc#1012628).
- drm/amd/display: Add get_dig_frontend implementation for DCEx
(bsc#1012628).
- io_uring: close a small race gap for files cancel (bsc#1012628).
- jffs2: Allow setting rp_size to zero during remounting
(bsc#1012628).
- jffs2: Fix NULL pointer dereference in rp_size fs option parsing
(bsc#1012628).
- spi: dw-bt1: Fix undefined devm_mux_control_get symbol
(bsc#1012628).
- opp: fix memory leak in _allocate_opp_table (bsc#1012628).
- opp: Call the missing clk_put() on error (bsc#1012628).
- scsi: block: Fix a race in the runtime power management code
(bsc#1012628).
- mm/hugetlb: fix deadlock in hugetlb_cow error path
(bsc#1012628).
- mm: memmap defer init doesn't work as expected (bsc#1012628).
- lib/zlib: fix inflating zlib streams on s390 (bsc#1012628).
- io_uring: don't assume mm is constant across submits
(bsc#1012628).
- io_uring: use bottom half safe lock for fixed file data
(bsc#1012628).
- io_uring: add a helper for setting a ref node (bsc#1012628).
- io_uring: fix io_sqe_files_unregister() hangs (bsc#1012628).
- uapi: move constants from <linux/kernel.h> to <linux/const.h>
(bsc#1012628).
- tools headers UAPI: Sync linux/const.h with the kernel headers
(bsc#1012628).
- cgroup: Fix memory leak when parsing multiple source parameters
(bsc#1012628).
- zlib: move EXPORT_SYMBOL() and MODULE_LICENSE() out of
dfltcc_syms.c (bsc#1012628).
- scsi: cxgb4i: Fix TLS dependency (bsc#1012628).
- Bluetooth: hci_h5: close serdev device and free hu in h5_close
(bsc#1012628).
- fbcon: Disable accelerated scrolling (bsc#1012628).
- reiserfs: add check for an invalid ih_entry_count (bsc#1012628).
- misc: vmw_vmci: fix kernel info-leak by initializing dbells
in vmci_ctx_get_chkpt_doorbells() (bsc#1012628).
- media: gp8psk: initialize stats at power control logic
(bsc#1012628).
- f2fs: fix shift-out-of-bounds in sanity_check_raw_super()
(bsc#1012628).
- ALSA: seq: Use bool for snd_seq_queue internal flags
(bsc#1012628).
- ALSA: rawmidi: Access runtime->avail always in spinlock
(bsc#1012628).
- bfs: don't use WARNING: string when it's just info
(bsc#1012628).
- ext4: check for invalid block size early when mounting a file
system (bsc#1012628).
- fcntl: Fix potential deadlock in send_sig{io, urg}()
(bsc#1012628).
- io_uring: check kthread stopped flag when sq thread is unparked
(bsc#1012628).
- rtc: sun6i: Fix memleak in sun6i_rtc_clk_init (bsc#1012628).
- module: set MODULE_STATE_GOING state when a module fails to load
(bsc#1012628).
- quota: Don't overflow quota file offsets (bsc#1012628).
- rtc: pl031: fix resource leak in pl031_probe (bsc#1012628).
- powerpc: sysdev: add missing iounmap() on error in
mpic_msgr_probe() (bsc#1012628).
- i3c master: fix missing destroy_workqueue() on error in
i3c_master_register (bsc#1012628).
- NFSv4: Fix a pNFS layout related use-after-free race when
freeing the inode (bsc#1012628).
- f2fs: avoid race condition for shrinker count (bsc#1012628).
- f2fs: fix race of pending_pages in decompression (bsc#1012628).
- module: delay kobject uevent until after module init call
(bsc#1012628).
- powerpc/64: irq replay remove decrementer overflow check
(bsc#1012628).
- fs/namespace.c: WARN if mnt_count has become negative
(bsc#1012628).
- watchdog: rti-wdt: fix reference leak in rti_wdt_probe
(bsc#1012628).
- um: random: Register random as hwrng-core device (bsc#1012628).
- um: ubd: Submit all data segments atomically (bsc#1012628).
- NFSv4.2: Don't error when exiting early on a READ_PLUS buffer
overflow (bsc#1012628).
- ceph: fix inode refcount leak when ceph_fill_inode on non-I_NEW
inode fails (bsc#1012628).
- drm/amd/display: updated wm table for Renoir (bsc#1012628).
- tick/sched: Remove bogus boot "safety" check (bsc#1012628).
- s390: always clear kernel stack backchain before calling
functions (bsc#1012628).
- io_uring: remove racy overflow list fast checks (bsc#1012628).
- ALSA: pcm: Clear the full allocated memory at hw_params
(bsc#1012628).
- dm verity: skip verity work if I/O error when system is shutting
down (bsc#1012628).
- ext4: avoid s_mb_prefetch to be zero in individual scenarios
(bsc#1012628).
- device-dax: Fix range release (bsc#1012628).
- Refresh patches.suse/supported-flag.
- commit 3bb334e
- config.conf: Reenable armv6hl/armv7hl/arm64
- Update config files:
* Settings copied from x86_64 update
* arm specific options are =m except if debug or test, =y otherwise
- commit 1fc3034
++++ keyutils:
- adjust the library license to be LPGL-2.1+ only (the tools are GPL2+,
the library is just LGPL-2.1+) (bsc#1180603)
++++ llvm15:
- Increase required RAM for aarch64
++++ libdrm:
- update to 2.4.103:
* xf86drm.c: Use integer logarithm.
* amdgpu: only enable security tests on raven family
* amdgpu: sync up amdgpu_drm.h with latest from kernel
* amdgpu: add marketing names from 20.40
* intel: add INTEL_DG1_IDS to the pciids list
* amdgpu: add device IDs for Raven, Picasso and Renoir
* intel: sync i915_pciids.h with kernel
* amdgpu: Add Device IDs for Embedded Raven2 platforms
* intel: sync i915_pciids.h with kernel
* xf86drm.c: fix build failure
* core: use `O_RDONLY` instead of ambiguous `0` flag
* lots of tests/amdgpu updates
++++ nghttp2:
- update to 1.42.0:
* lib: fix ubsan errors (Patch from Asra Ali) (GH-1468)
* lib: Don't send RST_STREAM to idle stream (GH-1477)
* lib: nghttp2_map backed by nghttp2_ksl
* doc: Update sphinx_rtd_theme
* doc: nghttp2_session_send is also affected by max concurrent streams (Patch from Tomas Krizek) (GH-1489)
* doc: clarify flow control behaviour for nghttp2_session_send() (Patch from Tomas Krizek) (GH-1488)
* build: Add missing cmake/FindSystemd.cmake to dist (GH-1526)
* third-party: Bump llhttp to 2.2.0
* third-party: Bump mruby to 2.1.2
* nghttpx: Deal with the case when h2 backend is retired before it is initialized
* nghttpx: Add accesslog variables to record request path without query (GH-1511)
* nghttpx: Fix stall when TLS follows after proxy protocol
* nghttpx: Fix logging integer
++++ shared-mime-info:
- Update to version 2.1:
+ Adapt to xdgmime behaviour change: in case of multiple glob
matches, and the magic match is unrelated to all of them,
ignore the magic and pick one of the glob matches. xdgmime was
actually deviating from the spec on this.
+ Improve text/vnd.trolltech.linguist magic to reduce false
positives for MPEG TS files.
+ audio/mpeg: add layer 2, 2.5, and 1 protected magics.
+ Add many aliases for image/x-tga.
+ audio/x-mod: improve magic for 669 Composer files.
+ Add mime-type image/ktx2 (Khronos image texture format
version 2).
+ application/oxps: differentiate from /vnd.ms-xpsdocument.
+ Make image/g3fax the canonical name for image/fax-g3.
+ Make text/vnd.trolltech.linguist the canonical name for
text/vnd.qt.linguist.
+ Make application/vnd.smaf the canonical name for
application/x-smaf,
+ Make application/vnd.apple.keynote the canonical name for
application/x-iwork-keynote-sffkey.
+ Add mime-type image/astc (Adaptive Scalable Texture Compression
files).
+ Add mime-type for SageMath script files (*.sage).
+ Add mime-type for Kaitai Struct.
+ Remove application/x-dc-rom.
+ Add mime-type for MAME compressed hard disk image
(application/x-mame-chd).
+ Add mime-types application/nintendo-3ds-executable,
application/x-nintendo-3ds-rom.
+ Add mime-types application/x-dreamcast-rom,
application/x-gd-rom-cue, application/x-discjuggler-cd-image.
+ Add mime-type application/x-compressed-iso (*.cso).
+ Remove image/avif-sequence.
+ Fix application/x-sharedlib vs application/x-executable
confusion for PIE executables.
- Drop smi-Fix-pkg-config-installation-path.patch: fixed upstream.
------------------------------------------------------------------
------------------ 2021-1-5 - Jan 5 2021 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Revert "drm/amd/display: Fixed Intermittent blue screen on
OLED panel" (bsc#1180404).
- commit 086fc4c
- ALSA: hda/hdmi: Fix incorrect mutex unlock in
silent_stream_disable() (bsc#1180543).
- commit 010df91
++++ alsa:
- Backport upstream fixes:
a PCM plugin regression fix about snd_pcm_status() call, plugin
directory handling fixes, missing audio timestamp types,
use-after-free fix for conf parser, PCM plugin delay account fixes,
etc:
0001-dlmisc-the-snd_plugin_dir_set-snd_plugin_dir-must-be.patch
0002-dlmisc-fix-snd_plugin_dir-locking-for-not-DL_ORIGIN_.patch
0003-pcm-snd_pcm_mmap_readi-fix-typo-in-comment.patch
0007-pcm-set-the-snd_pcm_ioplug_status-tstamp-field.patch
0009-pcm-Add-snd_pcm_audio_tstamp_type_t-constants.patch
0010-test-audio_time-Make-use-of-SND_PCM_AUDIO_TSTAMP_TYP.patch
0011-pcm-Fix-a-typo-in-SND_PCM_AUDIO_TSTAMP_TYPE_LAST-def.patch
0012-conf-fix-use-after-free-in-_snd_config_load_with_inc.patch
0013-ucm-fix-bad-frees-in-get_list0-and-get_list20.patch
0014-rawmidi-fix-memory-leak-in-snd_rawmidi_virtual_open.patch
0015-timer-fix-sizeof-operator-mismatch-in-snd_timer_quer.patch
0016-pcm-remove-dead-assignments-from-snd_pcm_rate_-commi.patch
0017-pcm_multi-remove-dead-assignment-from-_snd_pcm_multi.patch
0018-conf-fix-get_hexachar-return-value.patch
0019-pcm-fix-__snd_pcm_state-return-value.patch
0020-confmisc-fix-memory-leak-in-snd_func_concat.patch
0021-conf-fix-return-code-in-_snd_config_load_with_includ.patch
0022-pcm-plugin-status-fix-the-return-value-regression.patch
0023-pcm-plugin-status-revert-the-recent-changes.patch
0024-pcm-plugin-tidy-snd_pcm_plugin_avail_update.patch
0025-pcm-plugin-optimize-sync-in-snd_pcm_plugin_status.patch
0026-Revert-pcm_plugin-fix-delay.patch
0027-pcm-ioplug-fix-the-delay-calculation-in-the-status-c.patch
0028-pcm-rate-tidy-up-snd_pcm_rate_avail_update.patch
0029-pcm-ioplug-fix-the-delay-calculation-for-old-plugins.patch
0030-pcm-rate-use-pcm_frame_diff-in-snd_pcm_rate_playback.patch
0031-pcm-plugin-fix-status-code-for-capture.patch
0032-pcm-rate-use-pcm_frame_diff-on-related-places.patch
0033-pcm-rate-fix-the-capture-delay-values.patch
++++ libpwquality:
- Do not use macro %make_build pre SLE-15
Use "make -O %{?_smp_mflags}" instead
[libpwquality.spec]
++++ python310-core:
- (bsc#1180125) We really don't Require python-rpm-macros package.
Unnecessary dependency.
++++ podman:
- Update to v2.2.1
* Changes
- Due to a conflict with a previously-removed field, we were forced to
modify the way image volumes (mounting images into containers using
- -mount type=image) were handled in the database.
As a result, containers created in Podman 2.2.0 with image volume
will not have them in v2.2.1, and these containers will need to be re-created.
* Bugfixes
- Fixed a bug where rootless Podman would, on systems without the
XDG_RUNTIME_DIR environment variable defined, use an incorrect path
for the PID file of the Podman pause process, causing Podman to fail
to start (#8539).
- Fixed a bug where containers created using Podman v1.7 and earlier were
unusable in Podman due to JSON decode errors (#8613).
- Fixed a bug where Podman could retrieve invalid cgroup paths, instead
of erroring, for containers that were not running.
- Fixed a bug where the podman system reset command would print a warning
about a duplicate shutdown handler being registered.
- Fixed a bug where rootless Podman would attempt to mount sysfs in
circumstances where it was not allowed; some OCI runtimes (notably
crun) would fall back to alternatives and not fail, but others
(notably runc) would fail to run containers.
- Fixed a bug where the podman run and podman create commands would fail
to create containers from untagged images (#8558).
- Fixed a bug where remote Podman would prompt for a password even when
the server did not support password authentication (#8498).
- Fixed a bug where the podman exec command did not move the Conmon
process for the exec session into the correct cgroup.
- Fixed a bug where shell completion for the ancestor option to
podman ps --filter did not work correctly.
- Fixed a bug where detached containers would not properly clean themselves
up (or remove themselves if --rm was set) if the Podman command that
created them was invoked with --log-level=debug.
* API
- Fixed a bug where the Compat Create endpoint for Containers did not
properly handle the Binds and Mounts parameters in HostConfig.
- Fixed a bug where the Compat Create endpoint for Containers
ignored the Name query parameter.
- Fixed a bug where the Compat Create endpoint for Containers did not
properly handle the "default" value for NetworkMode (this value is
used extensively by docker-compose) (#8544).
- Fixed a bug where the Compat Build endpoint for Images would sometimes
incorrectly use the target query parameter as the image's tag.
* Misc
- Podman v2.2.0 vendored a non-released, custom version of the
github.com/spf13/cobra package; this has been reverted to the latest
upstream release to aid in packaging.
- Updated the containers/image library to v5.9.0
++++ salt:
- Do not force beacons configuration to be a list.
Revert https://github.com/saltstack/salt/pull/58655
- Added:
* revert-fixing-a-use-case-when-multiple-inotify-beaco.patch
- Drop wrong virt capabilities code after rebasing patches
- Added:
* drop-wrong-virt-capabilities-code-after-rebasing-pat.patch
++++ python310:
- (bsc#1180125) We really don't Require python-rpm-macros package.
Unnecessary dependency.
++++ qemu:
- Fix crash when spice used and the qemu-audio-spice package isn't
installed (boo#1180210)
audio-add-sanity-check.patch
- Add some stable patches from upstream
block-Fix-deadlock-in-bdrv_co_yield_to_d.patch
block-Fix-locking-in-qmp_block_resize.patch
block-nfs-fix-int-overflow-in-nfs_client.patch
block-Simplify-qmp_block_resize-error-pa.patch
build-no-pie-is-no-functional-linker-fla.patch
++++ virt-manager:
- bsc#1180047 - [xen][virt-manger] Libvirt or Hyperisor does not
support UEFI for 15SP3 XENPV Guest
virtman-show-no-firmware-for-xenpv.patch
------------------------------------------------------------------
------------------ 2021-1-4 - Jan 4 2021 -------------------
------------------------------------------------------------------
++++ NetworkManager:
- Second attempt to exclude systemd.automount from nfs processing:
fix boo#1116625
++++ kernel-default:
- Update to 5.11-rc2
- commit b4a462c
++++ keyutils:
- update to 1.6.3:
* Revert the change notifications that were using /dev/watch_queue.
* Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE).
* Allow "keyctl supports" to retrieve raw capability data.
* Allow "keyctl id" to turn a symbolic key ID into a numeric ID.
* Allow "keyctl new_session" to name the keyring.
* Allow "keyctl add/padd/etc." to take hex-encoded data.
* Add "keyctl watch*" to expose kernel change notifications on keys.
* Add caps for namespacing and notifications.
* Set a default TTL on keys that upcall for name resolution.
* Explicitly clear memory after it's held sensitive information.
* Various manual page fixes.
* Fix C++-related errors.
* Add support for keyctl_move().
* Add support for keyctl_capabilities().
* Make key=val list optional for various public-key ops.
* Fix system call signature for KEYCTL_PKEY_QUERY.
* Fix 'keyctl pkey_query' argument passing.
* Use keyctl_read_alloc() in dump_key_tree_aux().
* Various manual page fixes.
- spec-cleaner run (fixup failing homepage url)
++++ libcap:
- update to 2.46:
* The bulk of this release concerns fixes and improvements to libpsx
* Fix the capsh == argument handling and add a test case
* Added build support for systems that do not support libpthread
* Added build support for not building shared libraries
++++ libnettle:
- GNU Nettle 3.7:
* add bcrypt password hashing
* add optimizations: PowerPC64 assembly
- remove deprecated texinfo packaing macros
++++ polkit:
move to libexec dir is still not complete:
- add polkit-adjust-libexec-path.patch: There is another hard coded reference
of lib/ in the code that this patch addresses.
- also adjust invocation of %set_permissions and %verify_permissions to new
libexec dir location.
++++ libvirt:
- Update libxl-set-migration-constraints.patch
Remove code which handled --max_factor. The total amount of
transferred data is no indicator to trigger the final stop+copy.
This should have been removed during upgrade to Xen 4.7.
Reduce default value of --max_iters from 5 to 2.
The workload within domU will continue to produce dirty pages.
It is unreasonable to expect any slowdown during migration.
Now there is one initial copy of all memory, one instead of four
iteration for dirty memory, and a final copy iteration prior move.
++++ zchunk:
- Add d2eae512bee09a4047cfe586de12f644d73b0736.patch: Fix build
with zstd 1.4.7+.
++++ u-boot-rpiarm64:
- Add rockpro64-rk3399
------------------------------------------------------------------
------------------ 2021-1-1 - Jan 1 2021 -------------------
------------------------------------------------------------------
++++ llvm15:
- Move BFD plugins to %{_libdir}
++++ python-urllib3:
- Skip test for RECENT_DATE. It is a test purely for developers.
To maintain reproducibility, keep upstreams possibly outdated
RECENT_DATE in the source code. (bsc#1181571)
------------------------------------------------------------------
------------------ 2020-12-31 - Dec 31 2020 -------------------
------------------------------------------------------------------
++++ Mesa:
- update to 20.3.2
* second bugfix release for the 20.3 branch
- drm and surfaceless are not specified as platforms anymore,
remove them from egl_platforms
++++ Mesa-drivers:
- update to 20.3.2
* second bugfix release for the 20.3 branch
- drm and surfaceless are not specified as platforms anymore,
remove them from egl_platforms
++++ open-iscsi:
- Updated to upstream version 2.1.3 as 2.1.3-suse, for bsc#1179908
(which addresses CVE-2020-17437, CVE-2020-17438, CVE-2020-13987,
and CVE-2020-13988), changes include:
* uip: check for TCP urgent pointer past end of frame
* uip: check for u8 overflow when processing TCP options
* uip: check for header length underflow during checksum calculation
* fwparam_ppc: Fix memory leak in fwparam_ppc.c
* iscsiuio: Remove unused macro IFNAMSIZ defined in iscsid_ipc.c
* fwparam_ppc: Fix illegal memory access in fwparam_ppc.c
* sysfs: Verify parameter of sysfs_device_get()
* fwparam_ppc: Fix NULL pointer dereference in find_devtree()
* open-iscsi: Clean user_param list when process exit
* iscsi_net_util: Fix NULL pointer dereference in find_vlan_dev()
* open-iscsi: Fix NULL pointer dereference in mgmt_ipc_read_req()
* open-iscsi: Fix invalid pointer deference in find_initiator()
* iscsiuio: Fix invalid parameter when call fstat()
* iscsi-iname: Verify open() return value before calling read()
* iscsi_sysfs: Fix NULL pointer deference in iscsi_sysfs_read_iface
++++ psmisc:
- Update to 23.3:
* killall: check also truncated 16 char comm names Debian
* fuser: Return early if have nulls
* peekfd: Add support for ARM64
* pstree: Add color by age
* fuser: Use larger inode sizes
- Rebase 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch
- Rebase 0002-Use-new-statx-2-system-call-to-avoid-hangs-on-NFS.patch
- Rebase psmisc-22.21-pstree.patch
------------------------------------------------------------------
------------------ 2020-12-30 - Dec 30 2020 -------------------
------------------------------------------------------------------
++++ gstreamer:
- Move gst-plugins-doc-cache-generator to devel subpackage
(remove python3 dependency on main gstreamer package).
++++ kernel-default:
- drm/panfrost: Remove unused variables in panfrost_job_close()
(git-fixes).
- commit 4169c1f
- drm/panfrost: Don't corrupt the queue mutex on open/close
(git-fixes).
- RDMA/hns: Avoid filling sl in high 3 bits of vlan_id
(git-fixes).
- scsi: lpfc: Fix variable 'vport' set but not used in
lpfc_sli4_abts_err_handler() (git-fixes).
- commit 77d98b1
- Linux 5.10.4 (bsc#1012628).
- hwmon: (k10temp) Remove support for displaying voltage and
current on Zen CPUs (bsc#1012628).
- drm/gma500: fix double free of gma_connector (bsc#1012628).
- iio: adc: at91_adc: add Kconfig dep on the OF symbol and remove
of_match_ptr() (bsc#1012628).
- drm/aspeed: Fix Kconfig warning & subsequent build errors
(bsc#1012628).
- drm/mcde: Fix handling of platform_get_irq() error
(bsc#1012628).
- drm/tve200: Fix handling of platform_get_irq() error
(bsc#1012628).
- arm64: dts: renesas: hihope-rzg2-ex: Drop rxc-skew-ps from
ethernet-phy node (bsc#1012628).
- arm64: dts: renesas: cat875: Remove rxc-skew-ps from
ethernet-phy node (bsc#1012628).
- soc: renesas: rmobile-sysc: Fix some leaks in
rmobile_init_pm_domains() (bsc#1012628).
- soc: mediatek: Check if power domains can be powered on at
boot time (bsc#1012628).
- arm64: dts: mediatek: mt8183: fix gce incorrect mbox-cells value
(bsc#1012628).
- arm64: dts: ipq6018: update the reserved-memory node
(bsc#1012628).
- arm64: dts: qcom: sc7180: Fix one forgotten interconnect
reference (bsc#1012628).
- soc: qcom: geni: More properly switch to DMA mode (bsc#1012628).
- Revert "i2c: i2c-qcom-geni: Fix DMA transfer race"
(bsc#1012628).
- RDMA/bnxt_re: Set queue pair state when being queried
(bsc#1012628).
- rtc: pcf2127: fix pcf2127_nvmem_read/write() returns
(bsc#1012628).
- RDMA/bnxt_re: Fix entry size during SRQ create (bsc#1012628).
- selinux: fix error initialization in inode_doinit_with_dentry()
(bsc#1012628).
- ARM: dts: aspeed-g6: Fix the GPIO memory size (bsc#1012628).
- ARM: dts: aspeed: s2600wf: Fix VGA memory region location
(bsc#1012628).
- RDMA/core: Fix error return in _ib_modify_qp() (bsc#1012628).
- RDMA/rxe: Compute PSN windows correctly (bsc#1012628).
- x86/mm/ident_map: Check for errors from ident_pud_init()
(bsc#1012628).
- ARM: p2v: fix handling of LPAE translation in BE mode
(bsc#1012628).
- RDMA/rtrs-clt: Remove destroy_con_cq_qp in case route resolving
failed (bsc#1012628).
- RDMA/rtrs-clt: Missing error from rtrs_rdma_conn_established
(bsc#1012628).
- RDMA/rtrs-srv: Don't guard the whole __alloc_srv with srv_mutex
(bsc#1012628).
- x86/apic: Fix x2apic enablement without interrupt remapping
(bsc#1012628).
- ASoC: qcom: fix unsigned int bitwidth compared to less than zero
(bsc#1012628).
- sched/deadline: Fix sched_dl_global_validate() (bsc#1012628).
- sched: Reenable interrupts in do_sched_yield() (bsc#1012628).
- drm/amdgpu: fix incorrect enum type (bsc#1012628).
- crypto: talitos - Endianess in current_desc_hdr() (bsc#1012628).
- crypto: talitos - Fix return type of current_desc_hdr()
(bsc#1012628).
- crypto: inside-secure - Fix sizeof() mismatch (bsc#1012628).
- ASoC: sun4i-i2s: Fix lrck_period computation for I2S justified
mode (bsc#1012628).
- drm/msm: Add missing stub definition (bsc#1012628).
- ARM: dts: aspeed: tiogapass: Remove vuart (bsc#1012628).
- drm/amdgpu: fix build_coefficients() argument (bsc#1012628).
- powerpc/64: Set up a kernel stack for secondaries before
cpu_restore() (bsc#1012628).
- spi: img-spfi: fix reference leak in img_spfi_resume
(bsc#1012628).
- f2fs: call f2fs_get_meta_page_retry for nat page (bsc#1012628).
- RDMA/mlx5: Fix corruption of reg_pages in
mlx5_ib_rereg_user_mr() (bsc#1012628).
- perf test: Use generic event for expand_libpfm_events()
(bsc#1012628).
- drm/msm/dp: DisplayPort PHY compliance tests fixup
(bsc#1012628).
- drm/msm/dsi_pll_7nm: restore VCO rate during restore_state
(bsc#1012628).
- drm/msm/dsi_pll_10nm: restore VCO rate during restore_state
(bsc#1012628).
- drm/msm/dpu: fix clock scaling on non-sc7180 board
(bsc#1012628).
- spi: spi-mem: fix reference leak in spi_mem_access_start
(bsc#1012628).
- scsi: aacraid: Improve compat_ioctl handlers (bsc#1012628).
- pinctrl: core: Add missing #ifdef CONFIG_GPIOLIB (bsc#1012628).
- ASoC: pcm: DRAIN support reactivation (bsc#1012628).
- drm/bridge: tpd12s015: Fix irq registering in tpd12s015_probe
(bsc#1012628).
- crypto: arm64/poly1305-neon - reorder PAC authentication with
SP update (bsc#1012628).
- crypto: arm/aes-neonbs - fix usage of cbc(aes) fallback
(bsc#1012628).
- crypto: caam - fix printing on xts fallback allocation error
path (bsc#1012628).
- selinux: fix inode_doinit_with_dentry() LABEL_INVALID error
handling (bsc#1012628).
- nl80211/cfg80211: fix potential infinite loop (bsc#1012628).
- spi: stm32: fix reference leak in stm32_spi_resume
(bsc#1012628).
- bpf: Fix tests for local_storage (bsc#1012628).
- x86/mce: Correct the detection of invalid notifier priorities
(bsc#1012628).
- drm/edid: Fix uninitialized variable in drm_cvt_modes()
(bsc#1012628).
- ath11k: Initialize complete alpha2 for regulatory change
(bsc#1012628).
- ath11k: Fix number of rules in filtered ETSI regdomain
(bsc#1012628).
- ath11k: fix wmi init configuration (bsc#1012628).
- brcmfmac: Fix memory leak for unpaired brcmf_{alloc/free}
(bsc#1012628).
- arm64: dts: exynos: Include common syscon restart/poweroff
for Exynos7 (bsc#1012628).
- arm64: dts: exynos: Correct psci compatible used on Exynos7
(bsc#1012628).
- drm/panel: simple: Add flags to boe_nv133fhm_n61 (bsc#1012628).
- Bluetooth: Fix null pointer dereference in hci_event_packet()
(bsc#1012628).
- Bluetooth: Fix: LL PRivacy BLE device fails to connect
(bsc#1012628).
- Bluetooth: hci_h5: fix memory leak in h5_close (bsc#1012628).
- spi: stm32-qspi: fix reference leak in stm32 qspi operations
(bsc#1012628).
- spi: spi-ti-qspi: fix reference leak in ti_qspi_setup
(bsc#1012628).
- spi: mt7621: fix missing clk_disable_unprepare() on error in
mt7621_spi_probe (bsc#1012628).
- spi: tegra20-slink: fix reference leak in slink ops of tegra20
(bsc#1012628).
- spi: tegra20-sflash: fix reference leak in tegra_sflash_resume
(bsc#1012628).
- spi: tegra114: fix reference leak in tegra spi ops
(bsc#1012628).
- spi: bcm63xx-hsspi: fix missing clk_disable_unprepare() on
error in bcm63xx_hsspi_resume (bsc#1012628).
- spi: imx: fix reference leak in two imx operations
(bsc#1012628).
- ASoC: qcom: common: Fix refcounting in qcom_snd_parse_of()
(bsc#1012628).
- ath11k: Handle errors if peer creation fails (bsc#1012628).
- mwifiex: fix mwifiex_shutdown_sw() causing sw reset failure
(bsc#1012628).
- drm/msm/a6xx: Clear shadow on suspend (bsc#1012628).
- drm/msm/a5xx: Clear shadow on suspend (bsc#1012628).
- firmware: tegra: fix strncpy()/strncat() confusion
(bsc#1012628).
- drm/msm/dp: return correct connection status after suspend
(bsc#1012628).
- drm/msm/dp: skip checking LINK_STATUS_UPDATED bit (bsc#1012628).
- drm/msm/dp: do not notify audio subsystem if sink doesn't
support audio (bsc#1012628).
- selftests/run_kselftest.sh: fix dry-run typo (bsc#1012628).
- selftest/bpf: Add missed ip6ip6 test back (bsc#1012628).
- ASoC: wm8994: Fix PM disable depth imbalance on error
(bsc#1012628).
- ASoC: wm8998: Fix PM disable depth imbalance on error
(bsc#1012628).
- spi: sprd: fix reference leak in sprd_spi_remove (bsc#1012628).
- virtiofs fix leak in setup (bsc#1012628).
- ASoC: arizona: Fix a wrong free in wm8997_probe (bsc#1012628).
- RDMa/mthca: Work around -Wenum-conversion warning (bsc#1012628).
- ASoC: SOF: Intel: fix Kconfig dependency for
SND_INTEL_DSP_CONFIG (bsc#1012628).
- arm64: dts: ti: k3-am65*/j721e*: Fix unit address format error
for dss node (bsc#1012628).
- MIPS: BCM47XX: fix kconfig dependency bug for BCM47XX_BCMA
(bsc#1012628).
- drm/amdgpu: fix compute queue priority if num_kcq is less than 4
(bsc#1012628).
- soc: ti: omap-prm: Do not check rstst bit on deassert if
already deasserted (bsc#1012628).
- crypto: Kconfig - CRYPTO_MANAGER_EXTRA_TESTS requires the
manager (bsc#1012628).
- crypto: qat - fix status check in qat_hal_put_rel_rd_xfer()
(bsc#1012628).
- firmware: arm_scmi: Fix missing destroy_workqueue()
(bsc#1012628).
- drm/udl: Fix missing error code in udl_handle_damage()
(bsc#1012628).
- staging: greybus: codecs: Fix reference counter leak in error
handling (bsc#1012628).
- staging: gasket: interrupt: fix the missed eventfd_ctx_put()
in gasket_interrupt.c (bsc#1012628).
- scripts: kernel-doc: Restore anonymous enum parsing
(bsc#1012628).
- drm/amdkfd: Put ACPI table after using it (bsc#1012628).
- ionic: use mc sync for multicast filters (bsc#1012628).
- ionic: flatten calls to ionic_lif_rx_mode (bsc#1012628).
- ionic: change set_rx_mode from_ndo to can_sleep (bsc#1012628).
- media: tm6000: Fix sizeof() mismatches (bsc#1012628).
- media: platform: add missing put_device() call in
mtk_jpeg_clk_init() (bsc#1012628).
- media: mtk-vcodec: add missing put_device() call in
mtk_vcodec_init_dec_pm() (bsc#1012628).
- media: mtk-vcodec: add missing put_device() call in
mtk_vcodec_release_dec_pm() (bsc#1012628).
- media: mtk-vcodec: add missing put_device() call in
mtk_vcodec_init_enc_pm() (bsc#1012628).
- media: v4l2-fwnode: Return -EINVAL for invalid bus-type
(bsc#1012628).
- media: v4l2-fwnode: v4l2_fwnode_endpoint_parse caller must
init vep argument (bsc#1012628).
- media: ov5640: fix support of BT656 bus mode (bsc#1012628).
- media: staging: rkisp1: cap: fix runtime PM imbalance on error
(bsc#1012628).
- media: cedrus: fix reference leak in cedrus_start_streaming
(bsc#1012628).
- media: platform: add missing put_device() call in
mtk_jpeg_probe() and mtk_jpeg_remove() (bsc#1012628).
- media: venus: core: change clk enable and disable order in
resume and suspend (bsc#1012628).
- media: venus: core: vote for video-mem path (bsc#1012628).
- media: venus: core: vote with average bandwidth and peak
bandwidth as zero (bsc#1012628).
- RDMA/cma: Add missing error handling of listen_id (bsc#1012628).
- ASoC: meson: fix COMPILE_TEST error (bsc#1012628).
- spi: dw: fix build error by selecting MULTIPLEXER (bsc#1012628).
- scsi: core: Fix VPD LUN ID designator priorities (bsc#1012628).
- media: venus: put dummy vote on video-mem path after last
session release (bsc#1012628).
- media: solo6x10: fix missing snd_card_free in error handling
case (bsc#1012628).
- video: fbdev: atmel_lcdfb: fix return error code in
atmel_lcdfb_of_init() (bsc#1012628).
- mmc: sdhci: tegra: fix wrong unit with busy_timeout
(bsc#1012628).
- drm/omap: dmm_tiler: fix return error code in omap_dmm_probe()
(bsc#1012628).
- drm/meson: Free RDMA resources after tearing down DRM
(bsc#1012628).
- drm/meson: Unbind all connectors on module removal
(bsc#1012628).
- drm/meson: dw-hdmi: Register a callback to disable the regulator
(bsc#1012628).
- drm/meson: dw-hdmi: Ensure that clocks are enabled before
touching the TOP registers (bsc#1012628).
- ASoC: intel: SND_SOC_INTEL_KEEMBAY should depend on ARCH_KEEMBAY
(bsc#1012628).
- iommu/vt-d: include conditionally on CONFIG_INTEL_IOMMU_SVM
(bsc#1012628).
- Input: ads7846 - fix race that causes missing releases
(bsc#1012628).
- Input: ads7846 - fix integer overflow on Rt calculation
(bsc#1012628).
- Input: ads7846 - fix unaligned access on 7845 (bsc#1012628).
- bus: mhi: core: Remove double locking from mhi_driver_remove()
(bsc#1012628).
- bus: mhi: core: Fix null pointer access when parsing MHI
configuration (bsc#1012628).
- usb/max3421: fix return error code in max3421_probe()
(bsc#1012628).
- spi: mxs: fix reference leak in mxs_spi_probe (bsc#1012628).
- selftests/bpf: Fix broken riscv build (bsc#1012628).
- powerpc: Avoid broken GCC __attribute__((optimize))
(bsc#1012628).
- powerpc/feature: Fix CPU_FTRS_ALWAYS by removing
CPU_FTRS_GENERIC_32 (bsc#1012628).
- ARM: dts: tacoma: Fix node vs reg mismatch for flash memory
(bsc#1012628).
- Revert "powerpc/pseries/hotplug-cpu: Remove double free in
error path" (bsc#1012628).
- powerpc/powernv/sriov: fix unsigned int win compared to less
than zero (bsc#1012628).
- mfd: htc-i2cpld: Add the missed i2c_put_adapter() in
htcpld_register_chip_i2c() (bsc#1012628).
- mfd: MFD_SL28CPLD should depend on ARCH_LAYERSCAPE
(bsc#1012628).
- mfd: stmfx: Fix dev_err_probe() call in stmfx_chip_init()
(bsc#1012628).
- mfd: cpcap: Fix interrupt regression with regmap clear_ack
(bsc#1012628).
- EDAC/mce_amd: Use struct cpuinfo_x86.cpu_die_id for AMD NodeId
(bsc#1012628).
- scsi: ufs: Avoid to call REQ_CLKS_OFF to CLKS_OFF (bsc#1012628).
- scsi: ufs: Fix clkgating on/off (bsc#1012628).
- rcu: Allow rcu_irq_enter_check_tick() from NMI (bsc#1012628).
- rcu,ftrace: Fix ftrace recursion (bsc#1012628).
- rcu/tree: Defer kvfree_rcu() allocation to a clean context
(bsc#1012628).
- crypto: crypto4xx - Replace bitwise OR with logical OR in
crypto4xx_build_pd (bsc#1012628).
- crypto: omap-aes - Fix PM disable depth imbalance in
omap_aes_probe (bsc#1012628).
- crypto: sun8i-ce - fix two error path's memory leak
(bsc#1012628).
- spi: fix resource leak for drivers without .remove callback
(bsc#1012628).
- drm/meson: dw-hdmi: Disable clocks on driver teardown
(bsc#1012628).
- drm/meson: dw-hdmi: Enable the iahb clock early enough
(bsc#1012628).
- PCI: Disable MSI for Pericom PCIe-USB adapter (bsc#1012628).
- PCI: brcmstb: Initialize "tmp" before use (bsc#1012628).
- soc: ti: knav_qmss: fix reference leak in knav_queue_probe
(bsc#1012628).
- soc: ti: Fix reference imbalance in knav_dma_probe
(bsc#1012628).
- drivers: soc: ti: knav_qmss_queue: Fix error return code in
knav_queue_probe (bsc#1012628).
- soc: qcom: initialize local variable (bsc#1012628).
- arm64: dts: qcom: sm8250: correct compatible for sm8250-mtp
(bsc#1012628).
- arm64: dts: qcom: msm8916-samsung-a2015: Disable muic i2c pin
bias (bsc#1012628).
- Input: omap4-keypad - fix runtime PM error handling
(bsc#1012628).
- clk: meson: Kconfig: fix dependency for G12A (bsc#1012628).
- staging: mfd: hi6421-spmi-pmic: fix error return code in
hi6421_spmi_pmic_probe() (bsc#1012628).
- ath11k: Fix the rx_filter flag setting for peer rssi stats
(bsc#1012628).
- RDMA/cxgb4: Validate the number of CQEs (bsc#1012628).
- soundwire: Fix DEBUG_LOCKS_WARN_ON for uninitialized attribute
(bsc#1012628).
- pinctrl: sunxi: fix irq bank map for the Allwinner A100 pin
controller (bsc#1012628).
- memstick: fix a double-free bug in memstick_check (bsc#1012628).
- ARM: dts: at91: sam9x60: add pincontrol for USB Host
(bsc#1012628).
- ARM: dts: at91: sama5d4_xplained: add pincontrol for USB Host
(bsc#1012628).
- ARM: dts: at91: sama5d3_xplained: add pincontrol for USB Host
(bsc#1012628).
- mmc: pxamci: Fix error return code in pxamci_probe
(bsc#1012628).
- brcmfmac: fix error return code in brcmf_cfg80211_connect()
(bsc#1012628).
- orinoco: Move context allocation after processing the skb
(bsc#1012628).
- qtnfmac: fix error return code in qtnf_pcie_probe()
(bsc#1012628).
- rsi: fix error return code in rsi_reset_card() (bsc#1012628).
- cw1200: fix missing destroy_workqueue() on error in
cw1200_init_common (bsc#1012628).
- dmaengine: mv_xor_v2: Fix error return code in mv_xor_v2_probe()
(bsc#1012628).
- arm64: dts: qcom: sdm845: Limit ipa iommu streams (bsc#1012628).
- leds: netxbig: add missing put_device() call in
netxbig_leds_get_of_pdata() (bsc#1012628).
- leds: lp50xx: Fix an error handling path in 'lp50xx_probe_dt()'
(bsc#1012628).
- leds: turris-omnia: check for LED_COLOR_ID_RGB instead
LED_COLOR_ID_MULTI (bsc#1012628).
- arm64: tegra: Fix DT binding for IO High Voltage entry
(bsc#1012628).
- RDMA/cma: Fix deadlock on &lock in rdma_cma_listen_on_all()
error unwind (bsc#1012628).
- soundwire: qcom: Fix build failure when slimbus is module
(bsc#1012628).
- drm/imx/dcss: fix rotations for Vivante tiled formats
(bsc#1012628).
- media: siano: fix memory leak of debugfs members in
smsdvb_hotplug (bsc#1012628).
- platform/x86: mlx-platform: Remove PSU EEPROM from default
platform configuration (bsc#1012628).
- platform/x86: mlx-platform: Remove PSU EEPROM from MSN274x
platform configuration (bsc#1012628).
- arm64: dts: qcom: sc7180: limit IPA iommu streams (bsc#1012628).
- RDMA/hns: Only record vlan info for HIP08 (bsc#1012628).
- RDMA/hns: Fix missing fields in address vector (bsc#1012628).
- RDMA/hns: Avoid setting loopback indicator when smac is same
as dmac (bsc#1012628).
- serial: 8250-mtk: Fix reference leak in mtk8250_probe
(bsc#1012628).
- samples: bpf: Fix lwt_len_hist reusing previous BPF map
(bsc#1012628).
- media: imx214: Fix stop streaming (bsc#1012628).
- mips: cdmm: fix use-after-free in mips_cdmm_bus_discover
(bsc#1012628).
- media: max2175: fix max2175_set_csm_mode() error code
(bsc#1012628).
- slimbus: qcom-ngd-ctrl: Avoid sending power requests without
QMI (bsc#1012628).
- RDMA/core: Track device memory MRs (bsc#1012628).
- drm/mediatek: Use correct aliases name for ovl (bsc#1012628).
- HSI: omap_ssi: Don't jump to free ID in ssi_add_controller()
(bsc#1012628).
- ARM: dts: Remove non-existent i2c1 from 98dx3236 (bsc#1012628).
- arm64: dts: armada-3720-turris-mox: update ethernet-phy handle
name (bsc#1012628).
- power: supply: bq25890: Use the correct range for IILIM register
(bsc#1012628).
- arm64: dts: rockchip: Set dr_mode to "host" for OTG on
rk3328-roc-cc (bsc#1012628).
- power: supply: max17042_battery: Fix current_{avg,now} hiding
with no current sense (bsc#1012628).
- power: supply: axp288_charger: Fix HP Pavilion x2 10 DMI
matching (bsc#1012628).
- power: supply: bq24190_charger: fix reference leak
(bsc#1012628).
- genirq/irqdomain: Don't try to free an interrupt that has no
mapping (bsc#1012628).
- arm64: dts: ls1028a: fix ENETC PTP clock input (bsc#1012628).
- arm64: dts: ls1028a: fix FlexSPI clock input (bsc#1012628).
- arm64: dts: freescale: sl28: combine SPI MTD partitions
(bsc#1012628).
- phy: tegra: xusb: Fix usb_phy device driver field (bsc#1012628).
- arm64: dts: qcom: c630: Polish i2c-hid devices (bsc#1012628).
- arm64: dts: qcom: c630: Fix pinctrl pins properties
(bsc#1012628).
- PCI: Bounds-check command-line resource alignment requests
(bsc#1012628).
- PCI: Fix overflow in command-line resource alignment requests
(bsc#1012628).
- PCI: iproc: Fix out-of-bound array accesses (bsc#1012628).
- PCI: iproc: Invalidate correct PAXB inbound windows
(bsc#1012628).
- arm64: dts: meson: fix spi-max-frequency on Khadas VIM2
(bsc#1012628).
- arm64: dts: meson-sm1: fix typo in opp table (bsc#1012628).
- soc: amlogic: canvas: add missing put_device() call in
meson_canvas_get() (bsc#1012628).
- scsi: hisi_sas: Fix up probe error handling for v3 hw
(bsc#1012628).
- scsi: pm80xx: Do not sleep in atomic context (bsc#1012628).
- spi: spi-fsl-dspi: Use max_native_cs instead of num_chipselect
to set SPI_MCR (bsc#1012628).
- ARM: dts: at91: at91sam9rl: fix ADC triggers (bsc#1012628).
- RDMA/hns: Fix 0-length sge calculation error (bsc#1012628).
- RDMA/hns: Bugfix for calculation of extended sge (bsc#1012628).
- mailbox: arm_mhu_db: Fix mhu_db_shutdown by replacing kfree
with devm_kfree (bsc#1012628).
- soundwire: master: use pm_runtime_set_active() on add
(bsc#1012628).
- platform/x86: dell-smbios-base: Fix error return code in
dell_smbios_init (bsc#1012628).
- ASoC: Intel: Boards: tgl_max98373: update TDM slot_width
(bsc#1012628).
- media: max9271: Fix GPIO enable/disable (bsc#1012628).
- media: rdacm20: Enable GPIO1 explicitly (bsc#1012628).
- media: i2c: imx219: Selection compliance fixes (bsc#1012628).
- ath11k: Don't cast ath11k_skb_cb to ieee80211_tx_info.control
(bsc#1012628).
- ath11k: Reset ath11k_skb_cb before setting new flags
(bsc#1012628).
- ath11k: Fix an error handling path (bsc#1012628).
- ath10k: Fix the parsing error in service available event
(bsc#1012628).
- ath10k: Fix an error handling path (bsc#1012628).
- ath10k: Release some resources in an error handling path
(bsc#1012628).
- SUNRPC: rpc_wake_up() should wake up tasks in the correct order
(bsc#1012628).
- NFSv4.2: condition READDIR's mask for security label based on
LSM state (bsc#1012628).
- SUNRPC: xprt_load_transport() needs to support the netid "rdma6"
(bsc#1012628).
- NFSv4: Fix the alignment of page data in the getdeviceinfo reply
(bsc#1012628).
- net: sunrpc: Fix 'snprintf' return value check in
'do_xprt_debugfs' (bsc#1012628).
- lockd: don't use interval-based rebinding over TCP
(bsc#1012628).
- NFS: switch nfsiod to be an UNBOUND workqueue (bsc#1012628).
- selftests/seccomp: Update kernel config (bsc#1012628).
- vfio-pci: Use io_remap_pfn_range() for PCI IO memory
(bsc#1012628).
- hwmon: (ina3221) Fix PM usage counter unbalance in
ina3221_write_enable (bsc#1012628).
- f2fs: fix double free of unicode map (bsc#1012628).
- media: tvp5150: Fix wrong return value of tvp5150_parse_dt()
(bsc#1012628).
- media: saa7146: fix array overflow in vidioc_s_audio()
(bsc#1012628).
- powerpc/perf: Fix crash with is_sier_available when pmu is
not set (bsc#1012628).
- powerpc/64: Fix an EMIT_BUG_ENTRY in head_64.S (bsc#1012628).
- powerpc/xmon: Fix build failure for 8xx (bsc#1012628).
- powerpc/perf: Fix to update radix_scope_qual in power10
(bsc#1012628).
- powerpc/perf: Update the PMU group constraints for l2l3 events
in power10 (bsc#1012628).
- powerpc/perf: Fix the PMU group constraints for threshold
events in power10 (bsc#1012628).
- clocksource/drivers/orion: Add missing clk_disable_unprepare()
on error path (bsc#1012628).
- clocksource/drivers/cadence_ttc: Fix memory leak in
ttc_setup_clockevent() (bsc#1012628).
- clocksource/drivers/ingenic: Fix section mismatch (bsc#1012628).
- clocksource/drivers/riscv: Make RISCV_TIMER depends on RISCV_SBI
(bsc#1012628).
- arm64: mte: fix prctl(PR_GET_TAGGED_ADDR_CTRL) if TCF0=NONE
(bsc#1012628).
- iio: hrtimer-trigger: Mark hrtimer to expire in hard interrupt
context (bsc#1012628).
- libbpf: Sanitise map names before pinning (bsc#1012628).
- ARM: dts: at91: sam9x60ek: remove bypass property (bsc#1012628).
- ARM: dts: at91: sama5d2: map securam as device (bsc#1012628).
- scripts: kernel-doc: fix parsing function-like typedefs
(bsc#1012628).
- bpf: Fix bpf_put_raw_tracepoint()'s use of __module_address()
(bsc#1012628).
- selftests/bpf: Fix invalid use of strncat in test_sockmap
(bsc#1012628).
- pinctrl: falcon: add missing put_device() call in
pinctrl_falcon_probe() (bsc#1012628).
- soc: rockchip: io-domain: Fix error return code in
rockchip_iodomain_probe() (bsc#1012628).
- arm64: dts: rockchip: Fix UART pull-ups on rk3328 (bsc#1012628).
- memstick: r592: Fix error return in r592_probe() (bsc#1012628).
- MIPS: Don't round up kernel sections size for memblock_add()
(bsc#1012628).
- mt76: mt7663s: fix a possible ple quota underflow (bsc#1012628).
- mt76: mt7915: set fops_sta_stats.owner to THIS_MODULE
(bsc#1012628).
- mt76: set fops_tx_stats.owner to THIS_MODULE (bsc#1012628).
- mt76: dma: fix possible deadlock running mt76_dma_cleanup
(bsc#1012628).
- net/mlx5: Properly convey driver version to firmware
(bsc#1012628).
- mt76: fix memory leak if device probing fails (bsc#1012628).
- mt76: fix tkip configuration for mt7615/7663 devices
(bsc#1012628).
- ASoC: jz4740-i2s: add missed checks for clk_get() (bsc#1012628).
- ASoC: q6afe-clocks: Add missing parent clock rate (bsc#1012628).
- dm ioctl: fix error return code in target_message (bsc#1012628).
- ASoC: cros_ec_codec: fix uninitialized memory read
(bsc#1012628).
- ASoC: atmel: mchp-spdifrx needs COMMON_CLK (bsc#1012628).
- ASoC: qcom: fix QDSP6 dependencies, attempt #3 (bsc#1012628).
- phy: mediatek: allow compile-testing the hdmi phy (bsc#1012628).
- phy: renesas: rcar-gen3-usb2: disable runtime pm in case of
failure (bsc#1012628).
- memory: ti-emif-sram: only build for ARMv7 (bsc#1012628).
- memory: jz4780_nemc: Fix potential NULL dereference in
jz4780_nemc_probe() (bsc#1012628).
- drm/msm: a5xx: Make preemption reset case reentrant
(bsc#1012628).
- drm/msm: add IOMMU_SUPPORT dependency (bsc#1012628).
- clocksource/drivers/arm_arch_timer: Use stable count reader
in erratum sne (bsc#1012628).
- clocksource/drivers/arm_arch_timer: Correct fault programming
of CNTKCTL_EL1.EVNTI (bsc#1012628).
- cpufreq: ap806: Add missing MODULE_DEVICE_TABLE (bsc#1012628).
- cpufreq: highbank: Add missing MODULE_DEVICE_TABLE
(bsc#1012628).
- cpufreq: mediatek: Add missing MODULE_DEVICE_TABLE
(bsc#1012628).
- cpufreq: qcom: Add missing MODULE_DEVICE_TABLE (bsc#1012628).
- cpufreq: st: Add missing MODULE_DEVICE_TABLE (bsc#1012628).
- cpufreq: sun50i: Add missing MODULE_DEVICE_TABLE (bsc#1012628).
- cpufreq: loongson1: Add missing MODULE_ALIAS (bsc#1012628).
- cpufreq: scpi: Add missing MODULE_ALIAS (bsc#1012628).
- cpufreq: vexpress-spc: Add missing MODULE_ALIAS (bsc#1012628).
- cpufreq: imx: fix NVMEM_IMX_OCOTP dependency (bsc#1012628).
- macintosh/adb-iop: Always wait for reply message from IOP
(bsc#1012628).
- macintosh/adb-iop: Send correct poll command (bsc#1012628).
- staging: bcm2835: fix vchiq_mmal dependencies (bsc#1012628).
- staging: greybus: audio: Fix possible leak free widgets in
gbaudio_dapm_free_controls (bsc#1012628).
- spi: dw: Fix error return code in dw_spi_bt1_probe()
(bsc#1012628).
- Bluetooth: btusb: Add the missed release_firmware() in
btusb_mtk_setup_firmware() (bsc#1012628).
- Bluetooth: btmtksdio: Add the missed release_firmware() in
mtk_setup_firmware() (bsc#1012628).
- Bluetooth: sco: Fix crash when using BT_SNDMTU/BT_RCVMTU option
(bsc#1012628).
- block/rnbd-clt: Dynamically alloc buffer for pathname &
blk_symlink_name (bsc#1012628).
- block/rnbd: fix a null pointer dereference on
dev->blk_symlink_name (bsc#1012628).
- Bluetooth: btusb: Fix detection of some fake CSR controllers
with a bcdDevice val of 0x0134 (bsc#1012628).
- platform/x86: intel-vbtn: Fix SW_TABLET_MODE always reporting
1 on some HP x360 models (bsc#1012628).
- adm8211: fix error return code in adm8211_probe() (bsc#1012628).
- mtd: spi-nor: sst: fix BPn bits for the SST25VF064C
(bsc#1012628).
- mtd: spi-nor: ignore errors in spi_nor_unlock_all()
(bsc#1012628).
- mtd: spi-nor: atmel: remove global protection flag
(bsc#1012628).
- mtd: spi-nor: atmel: fix unlock_all() for AT25FS010/040
(bsc#1012628).
- arm64: dts: meson: g12b: odroid-n2: fix PHY deassert timing
requirements (bsc#1012628).
- arm64: dts: meson: fix PHY deassert timing requirements
(bsc#1012628).
- ARM: dts: meson: fix PHY deassert timing requirements
(bsc#1012628).
- arm64: dts: meson: g12a: x96-max: fix PHY deassert timing
requirements (bsc#1012628).
- arm64: dts: meson: g12b: w400: fix PHY deassert timing
requirements (bsc#1012628).
- clk: fsl-sai: fix memory leak (bsc#1012628).
- scsi: qedi: Fix missing destroy_workqueue() on error in
__qedi_probe (bsc#1012628).
- scsi: pm80xx: Fix error return in pm8001_pci_probe()
(bsc#1012628).
- scsi: iscsi: Fix inappropriate use of put_device()
(bsc#1012628).
- seq_buf: Avoid type mismatch for seq_buf_init (bsc#1012628).
- scsi: fnic: Fix error return code in fnic_probe() (bsc#1012628).
- platform/x86: mlx-platform: Fix item counter assignment for
MSN2700, MSN24xx systems (bsc#1012628).
- platform/x86: mlx-platform: Fix item counter assignment for
MSN2700/ComEx system (bsc#1012628).
- ARM: 9030/1: entry: omit FP emulation for UND exceptions taken
in kernel mode (bsc#1012628).
- powerpc/pseries/hibernation: drop pseries_suspend_begin()
from suspend ops (bsc#1012628).
- powerpc/pseries/hibernation: remove redundant cacheinfo update
(bsc#1012628).
- powerpc/powermac: Fix low_sleep_handler with CONFIG_VMAP_STACK
(bsc#1012628).
- drm/mediatek: avoid dereferencing a null hdmi_phy on an error
message (bsc#1012628).
- ASoC: amd: change clk_get() to devm_clk_get() and add missed
checks (bsc#1012628).
- coresight: remove broken __exit annotations (bsc#1012628).
- ASoC: max98390: Fix error codes in max98390_dsm_init()
(bsc#1012628).
- powerpc/mm: sanity_check_fault() should work for all, not only
BOOK3S (bsc#1012628).
- usb: ehci-omap: Fix PM disable depth umbalance in
ehci_hcd_omap_probe (bsc#1012628).
- usb: oxu210hp-hcd: Fix memory leak in oxu_create (bsc#1012628).
- speakup: fix uninitialized flush_lock (bsc#1012628).
- nfsd: Fix message level for normal termination (bsc#1012628).
- NFSD: Fix 5 seconds delay when doing inter server copy
(bsc#1012628).
- nfs_common: need lock during iterate through the list
(bsc#1012628).
- x86/kprobes: Restore BTF if the single-stepping is cancelled
(bsc#1012628).
- scsi: qla2xxx: Fix FW initialization error on big endian
machines (bsc#1012628).
- scsi: qla2xxx: Fix N2N and NVMe connect retry failure
(bsc#1012628).
- platform/chrome: cros_ec_spi: Don't overwrite spi::mode
(bsc#1012628).
- misc: pci_endpoint_test: fix return value of error branch
(bsc#1012628).
- bus: fsl-mc: add back accidentally dropped error check
(bsc#1012628).
- bus: fsl-mc: fix error return code in fsl_mc_object_allocate()
(bsc#1012628).
- fsi: Aspeed: Add mutex to protect HW access (bsc#1012628).
- s390/cio: fix use-after-free in ccw_device_destroy_console
(bsc#1012628).
- iwlwifi: dbg-tlv: fix old length in is_trig_data_contained()
(bsc#1012628).
- iwlwifi: mvm: hook up missing RX handlers (bsc#1012628).
- erofs: avoid using generic_block_bmap (bsc#1012628).
- clk: renesas: r8a779a0: Fix R and OSC clocks (bsc#1012628).
- can: m_can: m_can_config_endisable(): remove double clearing
of clock stop request bit (bsc#1012628).
- powerpc/sstep: Emulate prefixed instructions only when
CPU_FTR_ARCH_31 is set (bsc#1012628).
- powerpc/sstep: Cover new VSX instructions under CONFIG_VSX
(bsc#1012628).
- slimbus: qcom: fix potential NULL dereference in
qcom_slim_prg_slew() (bsc#1012628).
- ALSA: hda/hdmi: fix silent stream for first playback to DP
(bsc#1012628).
- RDMA/core: Do not indicate device ready when device enablement
fails (bsc#1012628).
- RDMA/uverbs: Fix incorrect variable type (bsc#1012628).
- remoteproc/mediatek: change MT8192 CFG register base
(bsc#1012628).
- remoteproc/mtk_scp: surround DT device IDs with CONFIG_OF
(bsc#1012628).
- remoteproc: q6v5-mss: fix error handling in q6v5_pds_enable
(bsc#1012628).
- remoteproc: qcom: fix reference leak in adsp_start
(bsc#1012628).
- remoteproc: qcom: pas: fix error handling in adsp_pds_enable
(bsc#1012628).
- remoteproc: k3-dsp: Fix return value check in
k3_dsp_rproc_of_get_memories() (bsc#1012628).
- remoteproc: qcom: Fix potential NULL dereference in
adsp_init_mmio() (bsc#1012628).
- remoteproc/mediatek: unprepare clk if scp_before_load fails
(bsc#1012628).
- clk: qcom: gcc-sc7180: Use floor ops for sdcc clks
(bsc#1012628).
- clk: tegra: Fix duplicated SE clock entry (bsc#1012628).
- mtd: rawnand: gpmi: fix reference count leak in gpmi ops
(bsc#1012628).
- mtd: rawnand: meson: Fix a resource leak in init (bsc#1012628).
- mtd: rawnand: gpmi: Fix the random DMA timeout issue
(bsc#1012628).
- samples/bpf: Fix possible hang in xdpsock with multiple threads
(bsc#1012628).
- fs: Handle I_DONTCACHE in iput_final() instead of
generic_drop_inode() (bsc#1012628).
- extcon: max77693: Fix modalias string (bsc#1012628).
- crypto: atmel-i2c - select CONFIG_BITREVERSE (bsc#1012628).
- mac80211: don't set set TDLS STA bandwidth wider than possible
(bsc#1012628).
- mac80211: fix a mistake check for rx_stats update (bsc#1012628).
- ASoC: wm_adsp: remove "ctl" from list on error in
wm_adsp_create_control() (bsc#1012628).
- irqchip/alpine-msi: Fix freeing of interrupts on allocation
error path (bsc#1012628).
- irqchip/ti-sci-inta: Fix printing of inta id on probe success
(bsc#1012628).
- irqchip/ti-sci-intr: Fix freeing of irqs (bsc#1012628).
- dmaengine: ti: k3-udma: Correct normal channel offset when
uchan_cnt is not 0 (bsc#1012628).
- RDMA/hns: Limit the length of data copied between kernel and
userspace (bsc#1012628).
- RDMA/hns: Normalization the judgment of some features
(bsc#1012628).
- RDMA/hns: Do shift on traffic class when using RoCEv2
(bsc#1012628).
- gpiolib: irq hooks: fix recursion in gpiochip_irq_unmask
(bsc#1012628).
- ath11k: Fix incorrect tlvs in scan start command (bsc#1012628).
- irqchip/qcom-pdc: Fix phantom irq when changing between
rising/falling (bsc#1012628).
- watchdog: armada_37xx: Add missing dependency on HAS_IOMEM
(bsc#1012628).
- watchdog: sirfsoc: Add missing dependency on HAS_IOMEM
(bsc#1012628).
- watchdog: sprd: remove watchdog disable from resume fail path
(bsc#1012628).
- watchdog: sprd: check busy bit before new loading rather than
after that (bsc#1012628).
- watchdog: Fix potential dereferencing of null pointer
(bsc#1012628).
- ubifs: Fix error return code in ubifs_init_authentication()
(bsc#1012628).
- um: Monitor error events in IRQ controller (bsc#1012628).
- um: tty: Fix handling of close in tty lines (bsc#1012628).
- um: chan_xterm: Fix fd leak (bsc#1012628).
- sunrpc: fix xs_read_xdr_buf for partial pages receive
(bsc#1012628).
- RDMA/mlx5: Fix MR cache memory leak (bsc#1012628).
- RDMA/cma: Don't overwrite sgid_attr after device is released
(bsc#1012628).
- nfc: s3fwrn5: Release the nfc firmware (bsc#1012628).
- drm: mxsfb: Silence -EPROBE_DEFER while waiting for bridge
(bsc#1012628).
- powerpc/perf: Fix Threshold Event Counter Multiplier width
for P10 (bsc#1012628).
- powerpc/ps3: use dma_mapping_error() (bsc#1012628).
- perf test: Fix metric parsing test (bsc#1012628).
- drm/amdgpu: fix regression in vbios reservation handling on
headless (bsc#1012628).
- mm/gup: reorganize internal_get_user_pages_fast() (bsc#1012628).
- mm/gup: prevent gup_fast from racing with COW during fork
(bsc#1012628).
- mm/gup: combine put_compound_head() and unpin_user_page()
(bsc#1012628).
- mm: memcg/slab: fix return of child memcg objcg for root memcg
(bsc#1012628).
- mm: memcg/slab: fix use after free in obj_cgroup_charge
(bsc#1012628).
- mm/rmap: always do TTU_IGNORE_ACCESS (bsc#1012628).
- sparc: fix handling of page table constructor failure
(bsc#1012628).
- mm/vmalloc: Fix unlock order in s_stop() (bsc#1012628).
- mm/vmalloc.c: fix kasan shadow poisoning size (bsc#1012628).
- mm,memory_failure: always pin the page in madvise_inject_error
(bsc#1012628).
- hugetlb: fix an error code in hugetlb_reserve_pages()
(bsc#1012628).
- mm: don't wake kswapd prematurely when watermark boosting is
disabled (bsc#1012628).
- proc: fix lookup in /proc/net subdirectories after setns(2)
(bsc#1012628).
- checkpatch: fix unescaped left brace (bsc#1012628).
- s390/test_unwind: fix CALL_ON_STACK tests (bsc#1012628).
- lan743x: fix rx_napi_poll/interrupt ping-pong (bsc#1012628).
- ice, xsk: clear the status bits for the next_to_use descriptor
(bsc#1012628).
- i40e, xsk: clear the status bits for the next_to_use descriptor
(bsc#1012628).
- net: dsa: qca: ar9331: fix sleeping function called from
invalid context bug (bsc#1012628).
- dpaa2-eth: fix the size of the mapped SGT buffer (bsc#1012628).
- net: bcmgenet: Fix a resource leak in an error handling path
in the probe functin (bsc#1012628).
- net: mscc: ocelot: Fix a resource leak in the error handling
path of the probe function (bsc#1012628).
- net: allwinner: Fix some resources leak in the error handling
path of the probe and in the remove function (bsc#1012628).
- block/rnbd-clt: Get rid of warning regarding size argument in
strlcpy (bsc#1012628).
- block/rnbd-clt: Fix possible memleak (bsc#1012628).
- NFS/pNFS: Fix a typo in ff_layout_resend_pnfs_read()
(bsc#1012628).
- net: korina: fix return value (bsc#1012628).
- devlink: use _BITUL() macro instead of BIT() in the UAPI header
(bsc#1012628).
- libnvdimm/label: Return -ENXIO for no slot in __blk_label_update
(bsc#1012628).
- powerpc/32s: Fix cleanup_cpu_mmu_context() compile bug
(bsc#1012628).
- watchdog: qcom: Avoid context switch in restart handler
(bsc#1012628).
- watchdog: coh901327: add COMMON_CLK dependency (bsc#1012628).
- clk: ti: Fix memleak in ti_fapll_synth_setup (bsc#1012628).
- pwm: zx: Add missing cleanup in error path (bsc#1012628).
- pwm: lp3943: Dynamically allocate PWM chip base (bsc#1012628).
- pwm: imx27: Fix overflow for bigger periods (bsc#1012628).
- pwm: sun4i: Remove erroneous else branch (bsc#1012628).
- io_uring: cancel only requests of current task (bsc#1012628).
- tools build: Add missing libcap to test-all.bin target
(bsc#1012628).
- =?UTF-8?q?perf=20record:=20Fix=20memory=20leak=20when=20u?=
=?UTF-8?q?sing=20'--user-regs=3D=3F'=20to=20list=20registers?=
(bsc#1012628).
- qlcnic: Fix error code in probe (bsc#1012628).
- nfp: move indirect block cleanup to flower app stop callback
(bsc#1012628).
- vdpa/mlx5: Use write memory barrier after updating CQ index
(bsc#1012628).
- virtio_ring: Cut and paste bugs in
vring_create_virtqueue_packed() (bsc#1012628).
- virtio_net: Fix error code in probe() (bsc#1012628).
- virtio_ring: Fix two use after free bugs (bsc#1012628).
- vhost scsi: fix error return code in vhost_scsi_set_endpoint()
(bsc#1012628).
- epoll: check for events when removing a timed out thread from
the wait queue (bsc#1012628).
- clk: at91: sama7g5: fix compilation error (bsc#1012628).
- clk: at91: sam9x60: remove atmel,osc-bypass support
(bsc#1012628).
- clk: s2mps11: Fix a resource leak in error handling paths in
the probe function (bsc#1012628).
- clk: sunxi-ng: Make sure divider tables have sentinel
(bsc#1012628).
- clk: vc5: Use "idt,voltage-microvolt" instead of
"idt,voltage-microvolts" (bsc#1012628).
- kconfig: fix return value of do_error_if() (bsc#1012628).
- powerpc/boot: Fix build of dts/fsl (bsc#1012628).
- powerpc/smp: Add __init to init_big_cores() (bsc#1012628).
- ARM: 9044/1: vfp: use undef hook for VFP support detection
(bsc#1012628).
- ARM: 9036/1: uncompress: Fix dbgadtb size parameter name
(bsc#1012628).
- perf probe: Fix memory leak when synthesizing SDT probes
(bsc#1012628).
- io_uring: fix racy IOPOLL flush overflow (bsc#1012628).
- io_uring: cancel reqs shouldn't kill overflow list
(bsc#1012628).
- Smack: Handle io_uring kernel thread privileges (bsc#1012628).
- proc mountinfo: make splice available again (bsc#1012628).
- io_uring: fix io_cqring_events()'s noflush (bsc#1012628).
- io_uring: fix racy IOPOLL completions (bsc#1012628).
- io_uring: always let io_iopoll_complete() complete polled io
(bsc#1012628).
- vfio/pci: Move dummy_resources_list init in vfio_pci_probe()
(bsc#1012628).
- vfio/pci/nvlink2: Do not attempt NPU2 setup on POWER8NVL NPU
(bsc#1012628).
- media: gspca: Fix memory leak in probe (bsc#1012628).
- io_uring: fix io_wqe->work_list corruption (bsc#1012628).
- io_uring: fix 0-iov read buffer select (bsc#1012628).
- io_uring: hold uring_lock while completing failed polled io
in io_wq_submit_work() (bsc#1012628).
- io_uring: fix ignoring xa_store errors (bsc#1012628).
- io_uring: fix double io_uring free (bsc#1012628).
- io_uring: make ctx cancel on exit targeted to actual ctx
(bsc#1012628).
- media: sunxi-cir: ensure IR is handled when it is continuous
(bsc#1012628).
- media: netup_unidvb: Don't leak SPI master in probe error path
(bsc#1012628).
- media: ipu3-cio2: Remove traces of returned buffers
(bsc#1012628).
- media: ipu3-cio2: Return actual subdev format (bsc#1012628).
- media: ipu3-cio2: Serialise access to pad format (bsc#1012628).
- media: ipu3-cio2: Validate mbus format in setting subdev format
(bsc#1012628).
- media: ipu3-cio2: Make the field on subdev format
V4L2_FIELD_NONE (bsc#1012628).
- Input: cyapa_gen6 - fix out-of-bounds stack access
(bsc#1012628).
- ALSA: hda/ca0132 - Change Input Source enum strings
(bsc#1012628).
- ACPI: NFIT: Fix input validation of bus-family (bsc#1012628).
- PM: ACPI: PCI: Drop acpi_pm_set_bridge_wakeup() (bsc#1012628).
- Revert "ACPI / resources: Use AE_CTRL_TERMINATE to terminate
resources walks" (bsc#1012628).
- ACPI: PNP: compare the string length in the matching_id()
(bsc#1012628).
- ALSA: hda: Fix regressions on clear and reconfig sysfs
(bsc#1012628).
- ALSA: hda/ca0132 - Fix AE-5 rear headphone pincfg (bsc#1012628).
- ALSA: hda/realtek: make bass spk volume adjustable on a yoga
laptop (bsc#1012628).
- ALSA: hda/realtek - Enable headset mic of ASUS X430UN with
ALC256 (bsc#1012628).
- ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with
ALC255 (bsc#1012628).
- ALSA: hda/realtek - Add supported for more Lenovo ALC285
Headset Button (bsc#1012628).
- ALSA: pcm: oss: Fix a few more UBSAN fixes (bsc#1012628).
- ALSA/hda: apply jack fixup for the Acer Veriton
N4640G/N6640G/N2510G (bsc#1012628).
- ALSA: hda/realtek: Add quirk for MSI-GP73 (bsc#1012628).
- ALSA: hda/realtek: Apply jack fixup for Quanta NL3
(bsc#1012628).
- ALSA: hda/realtek: Remove dummy lineout on Acer TravelMate
P648/P658 (bsc#1012628).
- ALSA: hda/realtek - Supported Dell fixed type headset
(bsc#1012628).
- ALSA: usb-audio: Add VID to support native DSD reproduction
on FiiO devices (bsc#1012628).
- ALSA: usb-audio: Disable sample read check if firmware doesn't
give back (bsc#1012628).
- ALSA: usb-audio: Add alias entry for ASUS PRIME TRX40 PRO-S
(bsc#1012628).
- ALSA: core: memalloc: add page alignment for iram (bsc#1012628).
- s390/smp: perform initial CPU reset also for SMT siblings
(bsc#1012628).
- s390/kexec_file: fix diag308 subcode when loading crash kernel
(bsc#1012628).
- s390/idle: add missing mt_cycles calculation (bsc#1012628).
- s390/idle: fix accounting with machine checks (bsc#1012628).
- s390/dasd: fix hanging device offline processing (bsc#1012628).
- s390/dasd: prevent inconsistent LCU device data (bsc#1012628).
- s390/dasd: fix list corruption of pavgroup group list
(bsc#1012628).
- s390/dasd: fix list corruption of lcu list (bsc#1012628).
- binder: add flag to clear buffer on txn complete (bsc#1012628).
- ASoC: cx2072x: Fix doubly definitions of Playback and Capture
streams (bsc#1012628).
- ASoC: AMD Renoir - add DMI table to avoid the ACP mic probe
(broken BIOS) (bsc#1012628).
- ASoC: AMD Raven/Renoir - fix the PCI probe (PCI revision)
(bsc#1012628).
- staging: comedi: mf6x4: Fix AI end-of-conversion detection
(bsc#1012628).
- z3fold: simplify freeing slots (bsc#1012628).
- z3fold: stricter locking and more careful reclaim (bsc#1012628).
- perf/x86/intel: Add event constraint for
CYCLE_ACTIVITY.STALLS_MEM_ANY (bsc#1012628).
- perf/x86/intel: Fix rtm_abort_event encoding on Ice Lake
(bsc#1012628).
- perf/x86/intel/lbr: Fix the return type of get_lbr_cycles()
(bsc#1012628).
- powerpc/perf: Exclude kernel samples while counting events in
user space (bsc#1012628).
- cpufreq: intel_pstate: Use most recent guaranteed performance
values (bsc#1012628).
- crypto: ecdh - avoid unaligned accesses in ecdh_set_secret()
(bsc#1012628).
- crypto: arm/aes-ce - work around Cortex-A57/A72 silion errata
(bsc#1012628).
- m68k: Fix WARNING splat in pmac_zilog driver (bsc#1012628).
- Documentation: seqlock: s/LOCKTYPE/LOCKNAME/g (bsc#1012628).
- EDAC/i10nm: Use readl() to access MMIO registers (bsc#1012628).
- EDAC/amd64: Fix PCI component registration (bsc#1012628).
- cpuset: fix race between hotplug work and later CPU offline
(bsc#1012628).
- dyndbg: fix use before null check (bsc#1012628).
- USB: serial: mos7720: fix parallel-port state restore
(bsc#1012628).
- USB: serial: digi_acceleport: fix write-wakeup deadlocks
(bsc#1012628).
- USB: serial: keyspan_pda: fix dropped unthrottle interrupts
(bsc#1012628).
- USB: serial: keyspan_pda: fix write deadlock (bsc#1012628).
- USB: serial: keyspan_pda: fix stalled writes (bsc#1012628).
- USB: serial: keyspan_pda: fix write-wakeup use-after-free
(bsc#1012628).
- USB: serial: keyspan_pda: fix tx-unthrottle use-after-free
(bsc#1012628).
- USB: serial: keyspan_pda: fix write unthrottling (bsc#1012628).
- btrfs: do not shorten unpin len for caching block groups
(bsc#1012628).
- btrfs: update last_byte_to_unpin in switch_commit_roots
(bsc#1012628).
- btrfs: fix race when defragmenting leads to unnecessary IO
(bsc#1012628).
- ext4: fix an IS_ERR() vs NULL check (bsc#1012628).
- ext4: fix a memory leak of ext4_free_data (bsc#1012628).
- ext4: fix deadlock with fs freezing and EA inodes (bsc#1012628).
- ext4: don't remount read-only with errors=continue on reboot
(bsc#1012628).
- RISC-V: Fix usage of memblock_enforce_memory_limit
(bsc#1012628).
- arm64: dts: ti: k3-am65: mark dss as dma-coherent (bsc#1012628).
- arm64: dts: marvell: keep SMMU disabled by default for Armada
7040 and 8040 (bsc#1012628).
- KVM: arm64: Introduce handling of AArch32 TTBCR2 traps
(bsc#1012628).
- KVM: x86: reinstate vendor-agnostic check on SPEC_CTRL cpuid
bits (bsc#1012628).
- KVM: SVM: Remove the call to sev_platform_status() during setup
(bsc#1012628).
- iommu/arm-smmu: Allow implementation specific write_s2cr
(bsc#1012628).
- iommu/arm-smmu-qcom: Read back stream mappings (bsc#1012628).
- iommu/arm-smmu-qcom: Implement S2CR quirk (bsc#1012628).
- ARM: dts: pandaboard: fix pinmux for gpio user button of
Pandaboard ES (bsc#1012628).
- ARM: dts: at91: sama5d2: fix CAN message ram offset and size
(bsc#1012628).
- ARM: tegra: Populate OPP table for Tegra20 Ventana
(bsc#1012628).
- xprtrdma: Fix XDRBUF_SPARSE_PAGES support (bsc#1012628).
- powerpc/32: Fix vmap stack - Properly set r1 before activating
MMU on syscall too (bsc#1012628).
- powerpc: Fix incorrect stw{, ux, u, x} instructions in
__set_pte_at (bsc#1012628).
- powerpc/rtas: Fix typo of ibm,open-errinjct in RTAS filter
(bsc#1012628).
- powerpc/bitops: Fix possible undefined behaviour with fls()
and fls64() (bsc#1012628).
- powerpc/feature: Add CPU_FTR_NOEXECUTE to G2_LE (bsc#1012628).
- powerpc/xmon: Change printk() to pr_cont() (bsc#1012628).
- powerpc/8xx: Fix early debug when SMC1 is relocated
(bsc#1012628).
- powerpc/mm: Fix verification of MMU_FTR_TYPE_44x (bsc#1012628).
- powerpc/powernv/npu: Do not attempt NPU2 setup on POWER8NVL NPU
(bsc#1012628).
- powerpc/powernv/memtrace: Don't leak kernel memory to user space
(bsc#1012628).
- powerpc/powernv/memtrace: Fix crashing the kernel when enabling
concurrently (bsc#1012628).
- ovl: make ioctl() safe (bsc#1012628).
- ima: Don't modify file descriptor mode on the fly (bsc#1012628).
- um: Remove use of asprinf in umid.c (bsc#1012628).
- um: Fix time-travel mode (bsc#1012628).
- ceph: fix race in concurrent __ceph_remove_cap invocations
(bsc#1012628).
- SMB3: avoid confusing warning message on mount to Azure
(bsc#1012628).
- SMB3.1.1: remove confusing mount warning when no SPNEGO info
on negprot rsp (bsc#1012628).
- SMB3.1.1: do not log warning message if server doesn't populate
salt (bsc#1012628).
- ubifs: wbuf: Don't leak kernel memory to flash (bsc#1012628).
- jffs2: Fix GC exit abnormally (bsc#1012628).
- jffs2: Fix ignoring mounting options problem during remounting
(bsc#1012628).
- fsnotify: generalize handle_inode_event() (bsc#1012628).
- inotify: convert to handle_inode_event() interface
(bsc#1012628).
- fsnotify: fix events reported to watching parent and child
(bsc#1012628).
- jfs: Fix array index bounds check in dbAdjTree (bsc#1012628).
- drm/panfrost: Fix job timeout handling (bsc#1012628).
- drm/panfrost: Move the GPU reset bits outside the timeout
handler (bsc#1012628).
- platform/x86: mlx-platform: remove an unused variable
(bsc#1012628).
- drm/amd/display: Fix memory leaks in S3 resume (bsc#1012628).
- drm/dp_aux_dev: check aux_dev before use in
drm_dp_aux_dev_get_by_minor() (bsc#1012628).
- drm/i915: Fix mismatch between misplaced vma check and vma
insert (bsc#1012628).
- iio: ad_sigma_delta: Don't put SPI transfer buffer on the stack
(bsc#1012628).
- spi: pxa2xx: Fix use-after-free on unbind (bsc#1012628).
- spi: spi-sh: Fix use-after-free on unbind (bsc#1012628).
- spi: atmel-quadspi: Fix use-after-free on unbind (bsc#1012628).
- spi: spi-mtk-nor: Don't leak SPI master in probe error path
(bsc#1012628).
- spi: ar934x: Don't leak SPI master in probe error path
(bsc#1012628).
- spi: davinci: Fix use-after-free on unbind (bsc#1012628).
- spi: fsl: fix use of spisel_boot signal on MPC8309
(bsc#1012628).
- spi: gpio: Don't leak SPI master in probe error path
(bsc#1012628).
- spi: mxic: Don't leak SPI master in probe error path
(bsc#1012628).
- spi: npcm-fiu: Disable clock in probe error path (bsc#1012628).
- spi: pic32: Don't leak DMA channels in probe error path
(bsc#1012628).
- spi: rb4xx: Don't leak SPI master in probe error path
(bsc#1012628).
- spi: rpc-if: Fix use-after-free on unbind (bsc#1012628).
- spi: sc18is602: Don't leak SPI master in probe error path
(bsc#1012628).
- spi: spi-geni-qcom: Fix use-after-free on unbind (bsc#1012628).
- spi: spi-qcom-qspi: Fix use-after-free on unbind (bsc#1012628).
- spi: st-ssc4: Fix unbalanced pm_runtime_disable() in probe
error path (bsc#1012628).
- spi: synquacer: Disable clock in probe error path (bsc#1012628).
- spi: mt7621: Disable clock in probe error path (bsc#1012628).
- spi: mt7621: Don't leak SPI master in probe error path
(bsc#1012628).
- spi: atmel-quadspi: Disable clock in probe error path
(bsc#1012628).
- spi: atmel-quadspi: Fix AHB memory accesses (bsc#1012628).
- soc: qcom: smp2p: Safely acquire spinlock without IRQs
(bsc#1012628).
- mtd: spinand: Fix OOB read (bsc#1012628).
- mtd: parser: cmdline: Fix parsing of part-names with colons
(bsc#1012628).
- mtd: core: Fix refcounting for unpartitioned MTDs (bsc#1012628).
- mtd: rawnand: qcom: Fix DMA sync on FLASH_STATUS register read
(bsc#1012628).
- mtd: rawnand: meson: fix meson_nfc_dma_buffer_release()
arguments (bsc#1012628).
- scsi: qla2xxx: Fix crash during driver load on big endian
machines (bsc#1012628).
- scsi: lpfc: Fix invalid sleeping context in
lpfc_sli4_nvmet_alloc() (bsc#1012628).
- scsi: lpfc: Fix scheduling call while in softirq context in
lpfc_unreg_rpi (bsc#1012628).
- scsi: lpfc: Re-fix use after free in lpfc_rq_buf_free()
(bsc#1012628).
- openat2: reject RESOLVE_BENEATH|RESOLVE_IN_ROOT (bsc#1012628).
- iio: buffer: Fix demux update (bsc#1012628).
- iio: adc: rockchip_saradc: fix missing clk_disable_unprepare()
on error in rockchip_saradc_resume (bsc#1012628).
- iio: imu: st_lsm6dsx: fix edge-trigger interrupts (bsc#1012628).
- iio:light:rpr0521: Fix timestamp alignment and prevent data leak
(bsc#1012628).
- iio:light:st_uvis25: Fix timestamp alignment and prevent data
leak (bsc#1012628).
- iio:magnetometer:mag3110: Fix alignment and data leak issues
(bsc#1012628).
- iio:pressure:mpl3115: Force alignment of buffer (bsc#1012628).
- iio:imu:bmi160: Fix too large a buffer (bsc#1012628).
- iio:imu:bmi160: Fix alignment and data leak issues
(bsc#1012628).
- iio:adc:ti-ads124s08: Fix buffer being too long (bsc#1012628).
- iio:adc:ti-ads124s08: Fix alignment and data leak issues
(bsc#1012628).
- md/cluster: block reshape with remote resync job (bsc#1012628).
- md/cluster: fix deadlock when node is doing resync job
(bsc#1012628).
- pinctrl: sunxi: Always call chained_irq_{enter, exit} in
sunxi_pinctrl_irq_handler (bsc#1012628).
- clk: ingenic: Fix divider calculation with div tables
(bsc#1012628).
- clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9
(bsc#1012628).
- clk: tegra: Do not return 0 on failure (bsc#1012628).
- counter: microchip-tcb-capture: Fix CMR value check
(bsc#1012628).
- device-dax/core: Fix memory leak when rmmod dax.ko
(bsc#1012628).
- dma-buf/dma-resv: Respect num_fences when initializing the
shared fence list (bsc#1012628).
- driver: core: Fix list corruption after device_del()
(bsc#1012628).
- xen-blkback: set ring->xenblkd to NULL after kthread_stop()
(bsc#1012628).
- xen/xenbus: Allow watches discard events before queueing
(bsc#1012628).
- xen/xenbus: Add 'will_handle' callback support in
xenbus_watch_path() (bsc#1012628).
- xen/xenbus/xen_bus_type: Support will_handle watch callback
(bsc#1012628).
- xen/xenbus: Count pending messages for each watch (bsc#1012628).
- xenbus/xenbus_backend: Disallow pending watch messages
(bsc#1012628).
- memory: jz4780_nemc: Fix an error pointer vs NULL check in
probe() (bsc#1012628).
- memory: renesas-rpc-if: Fix a node reference leak in
rpcif_probe() (bsc#1012628).
- memory: renesas-rpc-if: Return correct value to the caller of
rpcif_manual_xfer() (bsc#1012628).
- memory: renesas-rpc-if: Fix unbalanced pm_runtime_enable in
rpcif_{enable,disable}_rpm (bsc#1012628).
- libnvdimm/namespace: Fix reaping of invalidated
block-window-namespace labels (bsc#1012628).
- platform/x86: intel-vbtn: Allow switch events on Acer Switch
Alpha 12 (bsc#1012628).
- tracing: Disable ftrace selftests when any tracer is running
(bsc#1012628).
- mt76: add back the SUPPORTS_REORDERING_BUFFER flag
(bsc#1012628).
- of: fix linker-section match-table corruption (bsc#1012628).
- PCI: Fix pci_slot_release() NULL pointer dereference
(bsc#1012628).
- regulator: axp20x: Fix DLDO2 voltage control register mask
for AXP22x (bsc#1012628).
- remoteproc: sysmon: Ensure remote notification ordering
(bsc#1012628).
- thermal/drivers/cpufreq_cooling: Update cpufreq_state only if
state has changed (bsc#1012628).
- rtc: ep93xx: Fix NULL pointer dereference in
ep93xx_rtc_read_time (bsc#1012628).
- Revert: "ring-buffer: Remove HAVE_64BIT_ALIGNED_ACCESS"
(bsc#1012628).
- null_blk: Fix zone size initialization (bsc#1012628).
- null_blk: Fail zone append to conventional zones (bsc#1012628).
- drm/edid: fix objtool warning in drm_cvt_modes() (bsc#1012628).
- x86/CPU/AMD: Save AMD NodeId as cpu_die_id (bsc#1012628).
- Update config files.
- commit 84f94bc
++++ patterns-base:
- Remove yast2-qt requires on x11 pattern, there is already
an equivalent recommends in the pattern.
------------------------------------------------------------------
------------------ 2020-12-29 - Dec 29 2020 -------------------
------------------------------------------------------------------
++++ polkit:
- also set libprivdir during build, otherwhise systemd and D-Bus service files
contain the wrong path and we'll get runtime errors.
++++ libproxy:
- Update to version 0.4.17:
+ python bindings: fix "TypeError: argtypes must be a sequence of
types".
- Drop 147.patch: fixed upstream.
++++ timezone:
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
------------------------------------------------------------------
------------------ 2020-12-28 - Dec 28 2020 -------------------
------------------------------------------------------------------
++++ boost-base:
- Log additional information during build
- Add missing dependencies in libboost_iostream-devel (bsc#1180359)
++++ kernel-default:
- Update to 5.11-rc1
- eliminated 63 patches (61 stable, 2 other)
- patches.kernel.org/*
- patches.suse/clk-bcm-dvp-add-module_device_table.patch
- patches.suse/drm-amdgpu-only-set-DP-subconnector-type-on-DP-and-e.patch
- disable ARM architectures (need config update)
- refresh
- patches.suse/btrfs-fs-super.c-add-new-super-block-devices-super_block_d.patch
- patches.suse/btrfs-btrfs-use-the-new-VFS-super_block_dev.patch
(renamed to patches.suse/btrfs-use-the-new-VFS-super_block_dev.patch
to ease frequent refreshes)
- patches.suse/kernel-add-product-identifying-information-to-kernel-build.patch
- patches.suse/supported-flag
- new config options:
- Processor type and features
- CONFIG_XEN_PVHVM_GUEST=y
- CONFIG_X86_SGX=n
- General architecture-dependent options
- CONFIG_SECCOMP_CACHE_DEBUG=n
- Memory Management options
- CONFIG_GUP_TEST=n
- Networking support
- CONFIG_NFT_REJECT_NETDEV=n
- CONFIG_BRIDGE_CFM=n
- CONFIG_NET_DSA_TAG_HELLCREEK=n
- CONFIG_CAN_M_CAN_PCI=n
- CONFIG_NFC_S3FWRN82_UART=n
- File systems
- CONFIG_PSTORE_DEFAULT_KMSG_BYTES=10240
- CONFIG_CIFS_SWN_UPCALL=n
- Cryptographic API
- CONFIG_CRYPTO_DEV_QAT_4XXX=n
- Library routines
- CONFIG_DMA_MAP_BENCHMARK=n
- Kernel hacking
- CONFIG_DEBUG_KMAP_LOCAL_FORCE_MAP=n
- CONFIG_FTRACE_RECORD_RECURSION=n
- CONFIG_RING_BUFFER_VALIDATE_TIME_DELTAS=n
- Memory Technology Device (MTD) support
- CONFIG_MTD_NAND_ECC_SW_HAMMING=y
- CONFIG_MTD_SPI_NOR_SWP_DISABLE=n
- CONFIG_MTD_SPI_NOR_SWP_DISABLE_ON_VOLATILE=y
- CONFIG_MTD_SPI_NOR_SWP_KEEP=n
- Block devices
- CONFIG_DM_MULTIPATH_IOA=n
- CONFIG_ZRAM_DEF_COMP_LZORLE=y
- Network device support
- CONFIG_MHI_NET=n
- CONFIG_NET_DSA_HIRSCHMANN_HELLCREEK=n
- CONFIG_USB_RTL8153_ECM=m
- Input device support
- CONFIG_INPUT_DA7280_HAPTICS=n
- CONFIG_AMD_SFH_HID=n
- Pin controllers
- CONFIG_PINCTRL_ALDERLAKE=n
- CONFIG_PINCTRL_ELKHARTLAKE=n
- CONFIG_PINCTRL_LAKEFIELD=n
- Hardware Monitoring support
- CONFIG_SENSORS_CORSAIR_PSU=n
- CONFIG_SENSORS_LTC2992=n
- CONFIG_SENSORS_MAX127=n
- CONFIG_SENSORS_PM6764TR=n
- CONFIG_SENSORS_Q54SJ108A2=n
- CONFIG_SENSORS_SBTSI=n
- Multimedia support
- CONFIG_VIDEO_OV02A10=n
- CONFIG_VIDEO_OV9734=n
- CONFIG_VIDEO_CCS=n
- Sound card support
- CONFIG_SND_SOC_ADI=n
- CONFIG_SND_SOC_FSL_XCVR=n
- CONFIG_SND_SOC_SOF_BAYTRAIL_SUPPORT=n
- CONFIG_SND_SOC_SOF_ALDERLAKE_SUPPORT=n
- CONFIG_SND_SOC_ADAU1372_I2C=n
- CONFIG_SND_SOC_ADAU1372_SPI=n
- CONFIG_SND_SOC_PCM5102A=n
- CONFIG_SND_SOC_SIMPLE_MUX=n
- CONFIG_SND_SOC_NAU8315=n
- CONFIG_SND_SOC_LPASS_WSA_MACRO=n
- CONFIG_SND_SOC_LPASS_VA_MACRO=n
- CONFIG_SND_SOC_ADI_AXI_I2S=m
- CONFIG_SND_SOC_ADI_AXI_SPDIF=m
- X86 Platform Specific Device Drivers
- CONFIG_UV_SYSFS=n
- CONFIG_AMD_PMC=n
- CONFIG_DELL_WMI_SYSMAN=n
- CONFIG_INTEL_PMT_CLASS=n
- CONFIG_INTEL_PMT_TELEMETRY=n
- CONFIG_INTEL_PMT_CRASHLOG=n
- Misc drivers
- CONFIG_MHI_BUS_PCI_GENERIC=n
- CONFIG_SERIAL_BCM63XX=n
- CONFIG_MIPI_I3C_HCI=n
- CONFIG_PTP_1588_CLOCK_OCP=n
- CONFIG_MFD_INTEL_PMT=n
- CONFIG_EDAC_IGEN6=n
- CONFIG_INTEL_IDXD_SVM=n
- CONFIG_LCD2S=n
- CONFIG_VDPA_SIM_NET=n
- CONFIG_EXTCON_USBC_TUSB320=n
- CONFIG_PWM_DWC=n
- CONFIG_USB4_DMA_TEST=n
- CONFIG_SURFACE_PLATFORMS=y
- CONFIG_SURFACE_GPE=n
- OF dependent drivers (i386, ppc64/ppc64le, riscv64)
- MTD_NAND_INTEL_LGM=m
- PINCTRL_MICROCHIP_SGPIO=n
- REGULATOR_DA9121=m
- REGULATOR_PF8X00=m
- DRM_PANEL_ABT_Y030XX067A=n
- DRM_PANEL_NOVATEK_NT36672A=n
- DRM_PANEL_SAMSUNG_SOFEF00=n
- DRM_PANEL_TDO_TL070WSH30=n
- DRM_LONTIUM_LT9611UXC=n
- DRM_ANALOGIX_ANX7625=n
- RTC_DRV_GOLDFISH=m
- LITEX_SOC_CONTROLLER=n
- PWM_ATMEL_TCB=m
- i386
- PWM_INTEL_LGM=m
- DEBUG_KMAP_LOCAL=n
- s390x
- DEBUG_USER_ASCE=n
- riscv64
- IRQ_TIME_ACCOUNTING
- POWER_RESET_REGULATOR=y
- commit acbbbf7
- rpm: drop /usr/bin/env in interpreter specification
OBS checks don't like /usr/bin/env in script interpreter lines but upstream
developers tend to use it. A proper solution would be fixing the depedency
extraction and drop the OBS check error but that's unlikely to happen so
that we have to work around the problem on our side and rewrite the
interpreter lines in scripts before collecting files for packages instead.
- commit 0ec5324
++++ kernel-firmware:
- Update to version 20201218 (git commit 646f159690e2):
* make AP6212 in bananpi m2 plus/zero work
* linux-firmware: Update firmware file for Intel Bluetooth AX210
* linux-firmware: Update firmware file for Intel Bluetooth AX200
* linux-firmware: Update firmware file for Intel Bluetooth AX201
* linux-firmware: Update firmware file for Intel Bluetooth 9560
* linux-firmware: Update firmware file for Intel Bluetooth 9260
* linux-firmware: add firmware for Lontium LT9611UXC DSI to HDMI bridge
* mediatek: update MT8173 VPU firmware to v1.1.6
* QCA : Updated firmware files for WCN3991
- Remove the already upstreamed extrawhence entry
- Update topic entry for lt9611uxc
- Update aliases from 5.10.x kernels
++++ gdbm:
- version update to 1.19
* Pre-read the memory mapped regions on systems that support it.
This speeds up operations on big databases.
* gdbmtool: tagged initialization of structured data
Initializers for structured data can be given in tagged form, e.g.:
store somekey { status=2, id={a,u,x}, name="foo" }
* Bugfixes:
* * Preserve locking type during database reorganization
- modified patches
% gdbm-no-build-date.patch (refreshed)
- deleted patches
- gdbm-no-common.patch (upstreamed)
++++ libiscsi:
- Update to version 1.19.0+git.20201217:
* Revert "specify number of blocks in write_same command"
* iser: fix segmentation fault when task management pdu is received
* iser: fix segmentation fault when async message pdu is received
++++ libjpeg-turbo:
- version update to 2.0.6
1. Fixed "using JNI after critical get" errors that occurred on Android
platforms when using any of the YUV encoding/compression/decompression/decoding
methods in the TurboJPEG Java API.
2. Fixed or worked around multiple issues with `jpeg_skip_scanlines()`:
- Fixed segfaults or "Corrupt JPEG data: premature end of data segment"
errors in `jpeg_skip_scanlines()` that occurred when decompressing 4:2:2 or
4:2:0 JPEG images using merged (non-fancy) upsampling/color conversion (that
is, when setting `cinfo.do_fancy_upsampling` to `FALSE`.) 2.0.0[6] was a
similar fix, but it did not cover all cases.
- `jpeg_skip_scanlines()` now throws an error if two-pass color
quantization is enabled. Two-pass color quantization never worked properly
with `jpeg_skip_scanlines()`, and the issues could not readily be fixed.
- Fixed an issue whereby `jpeg_skip_scanlines()` always returned 0 when
skipping past the end of an image.
3. The Arm 64-bit (Armv8) Neon SIMD extensions can now be built using MinGW
toolchains targetting Arm64 (AArch64) Windows binaries.
4. Fixed unexpected visual artifacts that occurred when using
`jpeg_crop_scanline()` and interblock smoothing while decompressing only the DC
scan of a progressive JPEG image.
5. Fixed an issue whereby libjpeg-turbo would not build if 12-bit-per-component
JPEG support (`WITH_12BIT`) was enabled along with libjpeg v7 or libjpeg v8
API/ABI emulation (`WITH_JPEG7` or `WITH_JPEG8`.)
- modified sources
% libjpeg-turbo.keyring
++++ polkit:
- Install private binaries into libexec instead of into lib. For this an
override of the custom libprivdir variable is necessary, because upstream
explicitly moved away from libexecdir via upstram commit
6fbcc6cd839680fcefd81c4a43676e7c031c9859.
++++ tiff:
- version update to 4.2.0
Major changes:
* Optional support for using libdeflate is added.
* Many of the tools now support a memory usage limit.
See http://www.simplesystems.org/libtiff/v4.2.0.html for more.
------------------------------------------------------------------
------------------ 2020-12-27 - Dec 27 2020 -------------------
------------------------------------------------------------------
++++ kernel-default:
- media: uvcvideo: Accept invalid bFormatIndex and bFrameIndex
values (bsc#1180117).
- commit 8684dfe
- iwlwifi: dbg: Don't touch the tlv data (bsc#1180344).
- commit cd8100a
++++ mozilla-nss:
- update to NSS 3.59.1
* bmo#1679290 - Fix potential deadlock with certain third-party
PKCS11 modules
++++ harfbuzz:
- Update to version 2.7.4:
+ Fix missing --enable-introspection configure option
- Changes from version 2.7.3:
+ Update USE shaper to 2020-08-13 specification, and other
improvements
+ Don’t disable liga feature in myanmar shaper, to match
Uniscribe
+ Improvements to language and script tags handling.
+ Update language system tag registry to OpenType 1.8.4
+ Support for serializing and deserializing Unicode buffers
+ Increase buffer work limits to handle fonts with many complex
lookups
+ Handle more shaping operations in trace output
+ Memory access fixes
+ More OOM fixes
+ Improved documentation.
++++ swtpm:
- Update to version 0.5.2
- swtpm:
- Fix potential buffer overflow related to largely unused data hashing
function in control channel
- swtpm: Unconditionally close fd if writing of pidfile fails (coverity)
- swtpm_setup:
- Increase timeout from 10s to 30s for slower machines
- Travis:
- Not building on OS X anymore due to additional costs
++++ system-users:
- Add system-user-vscan subpackage with vscan user and group and
/var/spool/amavis as home directory
------------------------------------------------------------------
------------------ 2020-12-26 - Dec 26 2020 -------------------
------------------------------------------------------------------
++++ kernel-default:
- Linux 5.10.3 (bsc#1012628).
- md: fix a warning caused by a race between concurrent
md_ioctl()s (bsc#1012628).
- nl80211: validate key indexes for cfg80211_registered_device
(bsc#1012628).
- crypto: af_alg - avoid undefined behavior accessing salg_name
(bsc#1012628).
- media: msi2500: assign SPI bus number dynamically (bsc#1012628).
- fs: quota: fix array-index-out-of-bounds bug by passing correct
argument to vfs_cleanup_quota_inode() (bsc#1012628).
- quota: Sanity-check quota file headers on load (bsc#1012628).
- Bluetooth: Fix slab-out-of-bounds read in
hci_le_direct_adv_report_evt() (bsc#1012628).
- f2fs: prevent creating duplicate encrypted filenames
(bsc#1012628).
- ext4: prevent creating duplicate encrypted filenames
(bsc#1012628).
- ubifs: prevent creating duplicate encrypted filenames
(bsc#1012628).
- fscrypt: add fscrypt_is_nokey_name() (bsc#1012628).
- fscrypt: remove kernel-internal constants from UAPI header
(bsc#1012628).
- serial_core: Check for port state when tty is in error state
(bsc#1012628).
- HID: i2c-hid: add Vero K147 to descriptor override
(bsc#1012628).
- scsi: megaraid_sas: Check user-provided offsets (bsc#1012628).
- f2fs: init dirty_secmap incorrectly (bsc#1012628).
- f2fs: fix to seek incorrect data offset in inline data file
(bsc#1012628).
- coresight: etm4x: Handle TRCVIPCSSCTLR accesses (bsc#1012628).
- coresight: etm4x: Fix accesses to TRCPROCSELR (bsc#1012628).
- coresight: etm4x: Fix accesses to TRCCIDCTLR1 (bsc#1012628).
- coresight: etm4x: Fix accesses to TRCVMIDCTLR1 (bsc#1012628).
- coresight: etm4x: Skip setting LPOVERRIDE bit for qcom,
skip-power-up (bsc#1012628).
- coresight: etb10: Fix possible NULL ptr dereference in
etb_enable_perf() (bsc#1012628).
- coresight: tmc-etr: Fix barrier packet insertion for perf buffer
(bsc#1012628).
- coresight: tmc-etr: Check if page is valid before dma_map_page()
(bsc#1012628).
- coresight: tmc-etf: Fix NULL ptr dereference in
tmc_enable_etf_sink_perf() (bsc#1012628).
- ARM: dts: exynos: fix USB 3.0 pins supply being turned off on
Odroid XU (bsc#1012628).
- ARM: dts: exynos: fix USB 3.0 VBUS control and over-current
pins on Exynos5410 (bsc#1012628).
- ARM: dts: exynos: fix roles of USB 3.0 ports on Odroid XU
(bsc#1012628).
- usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag
to imx6ul (bsc#1012628).
- USB: gadget: f_rndis: fix bitrate for SuperSpeed and above
(bsc#1012628).
- usb: gadget: f_fs: Re-use SS descriptors for SuperSpeedPlus
(bsc#1012628).
- USB: gadget: f_midi: setup SuperSpeed Plus descriptors
(bsc#1012628).
- USB: gadget: f_acm: add support for SuperSpeed Plus
(bsc#1012628).
- USB: serial: option: add interface-number sanity check to flag
handling (bsc#1012628).
- usb: mtu3: fix memory corruption in mtu3_debugfs_regset()
(bsc#1012628).
- soc/tegra: fuse: Fix index bug in get_process_id (bsc#1012628).
- exfat: Avoid allocating upcase table using kcalloc()
(bsc#1012628).
- x86/split-lock: Avoid returning with interrupts enabled
(bsc#1012628).
- net: ipconfig: Avoid spurious blank lines in boot log
(bsc#1012628).
- commit 246b3e0
------------------------------------------------------------------
------------------ 2020-12-24 - Dec 24 2020 -------------------
------------------------------------------------------------------
++++ kernel-default:
- reset: raspberrypi: Don't reset USB if already up (bsc#1180336).
- commit cbfc03c
++++ u-boot-rpiarm64:
Enable RPi 4 Compute Module (jsc#SLE-16895).
Fix problems with DMA offset after FW update (bsc#1180338)
Patch queue updated from git://github.com/openSUSE/u-boot.git tumbleweed-2020.10
* Patches added:
0015-rpi-Add-identifier-for-the-new-RPi4.patch
0016-rpi-Add-identifier-for-the-new-CM4.patch
0017-pci-pcie-brcmstb-Fix-inbound-window.patch
0018-dm-Introduce-xxx_get_dma_range.patch
0019-dm-test-Add-test-case-for-dev_get_d.patch
0020-dm-Introduce-DMA-constraints-into-t.patch
0021-dm-test-Add-test-case-for-dev-dma_o.patch
0022-dm-Introduce-dev_phys_to_bus-dev_bu.patch
0023-dm-test-Add-test-case-for-dev_phys_.patch
0024-xhci-translate-virtual-addresses-in.patch
0025-mmc-Introduce-mmc_phys_to_bus-mmc_b.patch
0026-configs-rpi4-Enable-DM_DMA-across-a.patch
0027-video-arm-rpi-Add-brcm-bcm2711-hdmi.patch
0028-usb-xhci-xhci_bulk_tx-Don-t-BUG-whe.patch
------------------------------------------------------------------
------------------ 2020-12-23 - Dec 23 2020 -------------------
------------------------------------------------------------------
++++ boost-base:
- libboost_nowide now uses same pattern of Provides/Conflicts
and version numbers as other Boost libraries
- Add missing conflicts for Boost 1.66
- Boost.Build (jam) implementation is now obsoletes older versions
++++ docker:
- Add Conflicts and Provides for kubic flavour of docker-fish-completion.
++++ libtirpc:
- Fix sed call to fixup libtirpc.pc.in: as we want our tirpc to be
a transparent drop-in-replacement for rpc, we move the files
from /usr/include/tirpc to /usr/include. Due to an upstream
change in libtirpc.pc.in, though, the existing sed call no longer
matched and no longer corrected the information according to our
package.
++++ timezone:
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
------------------------------------------------------------------
------------------ 2020-12-22 - Dec 22 2020 -------------------
------------------------------------------------------------------
++++ crypto-policies:
- Add crypto-policies-typos.patch to fix some typos
++++ kernel-default:
- series.conf: cleanup
- update upstream reference and move to "almost mainline" section:
patches.suse/clk-bcm-dvp-add-module_device_table.patch
- commit 24deb54
++++ libepoxy:
- Update to version 1.5.5:
+ Remove Python 2 support.
+ Remove Autotools support.
+ Use EGL_NO_X11 to disable X11 headers.
+ Use call convention for mock function.
+ Return correct version of GLSL on GLES2.
+ Rely on Meson's darwin_versions option.
- Drop Lower-the-minimum-required-version-of-Meson.patch: New
minimum meson is 0.48.
++++ python-pyOpenSSL:
- Adjust metadata for skip-networked-test.patch and refer to the proper
upstream ticket gh#pyca/pyopenssl#68.
++++ swtpm:
- Use "Requires user(tss)" for the "tss" user and group
- Create /var/lib/swtpm-localca to store the keys created by
swtpm-localca (bsc#1179811)
- Replace net-tools-deprecated with iproute2 since the scripts in
swtpm now can use 'ss' instead of 'netstat'
------------------------------------------------------------------
------------------ 2020-12-21 - Dec 21 2020 -------------------
------------------------------------------------------------------
++++ containerd:
- Update to containerd v1.3.9, which is needed for Docker v19.03.14-ce and
fixes CVE-2020-15257. bsc#1178969 bsc#1180243
++++ docker:
- Update to Docker 19.03.14-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. CVE-2020-15257 bsc#1180243
https://github.com/docker/docker-ce/releases/tag/v19.03.14
++++ kernel-default:
- config: refresh
- drop USB_SISUSBVGA_CON (no longer accessible)
- commit c403c88
- Linux 5.10.2 (bsc#1012628).
- serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access
(bsc#1012628).
- ALSA: pcm: oss: Fix potential out-of-bounds shift (bsc#1012628).
- USB: sisusbvga: Make console support depend on BROKEN
(bsc#1012628).
- USB: UAS: introduce a quirk to set no_write_same (bsc#1012628).
- xhci-pci: Allow host runtime PM as default for Intel Maple
Ridge xHCI (bsc#1012628).
- xhci-pci: Allow host runtime PM as default for Intel Alpine
Ridge LP (bsc#1012628).
- usb: xhci: Set quirk for XHCI_SG_TRB_CACHE_SIZE_QUIRK
(bsc#1012628).
- xhci: Give USB2 ports time to enter U3 in bus suspend
(bsc#1012628).
- ALSA: usb-audio: Fix control 'access overflow' errors from chmap
(bsc#1012628).
- ALSA: usb-audio: Fix potential out-of-bounds shift
(bsc#1012628).
- USB: add RESET_RESUME quirk for Snapscan 1212 (bsc#1012628).
- USB: dummy-hcd: Fix uninitialized array use in init()
(bsc#1012628).
- USB: legotower: fix logical error in recent commit
(bsc#1012628).
- ktest.pl: Fix the logic for truncating the size of the log
file for email (bsc#1012628).
- ktest.pl: If size of log is too big to email, email error
message (bsc#1012628).
- ptrace: Prevent kernel-infoleak in ptrace_get_syscall_info()
(bsc#1012628).
- commit 0c7d1c1
- clk: bcm: dvp: Add MODULE_DEVICE_TABLE() (bsc#1180260).
- commit fa7a177
++++ rpm:
- fix potential access of freed mem in ndb's glue code [bnc#1179416]
* new patch: ndbglue.diff
++++ sudo:
- Update to 1.9.4p2
* Fixed a bug introduced in sudo 1.9.4p1 which could lead to a crash
if the sudoers file contains a runas user-specific Defaults entry.
Bug #951.
- News in 1.9.4p1
* Fixed a regression introduced in version 1.9.4 where sudo would
not build when configured using the --without-sendmail option.
Bug #947.
* Fixed a problem where if I/O logging was disabled and sudo was
unable to connect to sudo_logsrvd, the command would still be
allowed to run even when the "ignore_logfile_errors" sudoers
option was enabled.
* Fixed a crash introduced in version 1.9.4 when attempting to run
a command as a non-existent user. Bug #948.
* The installed sudo.conf file now has the default sudoers Plugin
lines commented out. This fixes a potential conflict when there
is both a system-installed version of sudo and a user-installed
version. GitHub issue #75.
* Fixed a regression introduced in sudo 1.9.4 where sudo would run
the command as a child process even when a pseudo-terminal was
not in use and the "pam_session" and "pam_setcred" options were
disabled. GitHub issue #76.
* Fixed a regression introduced in sudo 1.8.9 where the "closefrom"
sudoers option could not be set to a value of 3. Bug #950.
------------------------------------------------------------------
------------------ 2020-12-20 - Dec 20 2020 -------------------
------------------------------------------------------------------
++++ libappindicator:
- Provide RH used libappindicator symbol, so third party rpms
like Mailspring won't complain about missing dependencies
++++ python-cryptography:
- update to 3.3.1:
* Re-added a legacy symbol causing problems for older ``pyOpenSSL`` use
++++ python-msgpack:
- update to 1.0.2:
* Python 3.9 support
* bugfixes
++++ python310-packaging:
- update to 20.8:
* Revert back to setuptools for compatibility purposes for some Linux distros (:issue:`363`)
* Do not insert an underscore in wheel tags when the interpreter version number
is more than 2 digits (:issue:`372`)
* Fix flit configuration, to include LICENSE files (:issue:`357`)
* Make `intel` a recognized CPU architecture for the `universal` macOS platform tag (:issue:`361`)
* Add some missing type hints to `packaging.requirements` (issue:`350`)
* Officially support Python 3.9 (:issue:`343`)
* Deprecate the ``LegacyVersion`` and ``LegacySpecifier`` classes (:issue:`321`)
* Handle ``OSError`` on non-dynamic executables when attempting to resolve
the glibc version string.
------------------------------------------------------------------
------------------ 2020-12-19 - Dec 19 2020 -------------------
------------------------------------------------------------------
++++ zstd:
- Update to version 1.4.8 to fix i586+s390x
++++ python-certifi:
- update to 2020.12.5
++++ python-cffi:
- update to 1.14.4:
* no upstream changelog provided
++++ python-pbr:
- Update to 5.5.1
* Run tempest-full for stable/train
* Remove use_2to3 backward compat for Setuptools
* More easy_install.ScriptWriter.get_header()
- Changes for 5.5.0
* Remove bdist_wininst support
* Increase integration test timeout
* Add Release Notes to documentation
* Cleanup old legacy devstack-gate jobs
* Begin work to modernize pbr’s integration testing
* Re-add ChangeLog
* Update some url to use opendev.org
* Support newer openstackdocstheme
* Use easy_install.ScriptWriter.get_header()
* Remove neutron-fwaas from the jobs’ required project
* Update python requires packaging metadata for package
* trivial: Improve logging of run commands
+ Map requires-python to python-requires
* Update hacking
* Add support for virtualenv 20.x
- Only test the primary python3 interpreter because some test
dependencies from OpenStack (which are not hard required by the
package itself) only provide that one.
gh#openSUSE/python-rpm-macros#66
- Add remove_mock.patch
https://review.opendev.org/c/openstack/pbr/+/767972
++++ python-requests:
- update to 2.25.1:
- Requests now treats `application/json` as `utf8` by default. Resolving
inconsistencies between `r.text` and `r.json` output. (#5673)
------------------------------------------------------------------
------------------ 2020-12-18 - Dec 18 2020 -------------------
------------------------------------------------------------------
++++ curl:
- Enable zstd and brotli support
++++ kbd:
- Update to version 2.4.0:
* po: Update cs and sr translations (from translationproject.org)
* libkfont: Use only KDFONTOP
* Added support for a few derivatives of neo
* Fix use-after-free of pipe_cmd
* Update solar24x32 font
* vlock's pam config added to destination directory
* Update sun12x22.psfu
* libkeymap: unify non/unicode accent_table generation
* libkeymap: note about --unicode use
* libkeymap: remove last ushort
* fi.map: use newly added deadkeys
* Do not install internal library
* Additional deadkeys
- Remove kbd-1.15.2-setfont-no-cruft.patch
The old ioctls were finally dropped.
++++ kernel-default:
- drm/amdgpu: only set DP subconnector type on DP and eDP
connectors (bsc#1180227).
- commit 74c3250
- Update config files.
Just to match my env.
- commit 588066a
++++ systemd:
- Import commit 520e53b6d85087b05892ee637ae93f1b269e7e52 (merge of v246.9)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/2401461e5f0e32922823d954c56106f96344070e...520e53b6d85087b05892ee637ae93f1b269e7e52
- Import commit 2401461e5f0e32922823d954c56106f96344070e
6131548b0f udev: link_update() should fail if the entry in symlink dir couldn't have been created
f6cb8c7d79 udev: make algorithm that selects highest priority devlink less susceptible to race conditions (bsc#1084748)
fc64e47291 basic/stat-util: make mtime check stricter and use entire timestamp
ae91d45d3d test/sys-script.py: add missing DEVNAME entries to uevents
09e3473a7a test/udev_test.pl: add "expected good" count
fc89379b5b test/udev-test.pl: suppress umount error message at startup
d9e114f10d test/sd-script.py: new helper script for udev testing
f2672eae66 test/udev-test.pl: generator for large list of block devices
42b68e43e2 test/udev-test.pl: add repeat count
eec8ec375a tests/udev-test.pl: add multiple device test
73b8f3cf93 test/udev-test.pl: count "good" results
ee04d70bb6 test/udev-test.pl: merge import parent tests into one
03942c8fbc test/udev-test.pl: merge "space and var with space" tests
ec95546189 test/udev-test.pl: remove bogus rules from magic subsys test
f704429217 test/udev-test.pl: Make some tests a little harder
ce1a877dc0 test/udev-test.pl: last_rule is unsupported
913c72ff2d test/udev-test.pl: fix wrong test descriptions
eeb25a1be6 test/udev-test.pl: allow checking multiple symlinks
00ab4292da test/udev-test.pl: test correctness of symlink targets
5b71ee2911 test/udev-test.pl: use computed devnode name
2e04bb9ae8 test/udev-test.pl: allow concurrent additions and removals
8816dd593c test/udev-test.pl: create rules only once
214418632d test/udev-test.pl: allow multiple devices per test
1eb6b23f27 udev-test: do not rely on "mail" group being defined
4a0a4dcf10 udev: Fix sound.target dependency (bsc#1179363)
++++ salt:
- Update to Salt release version 3002.2 (jsc#ECO-3212) (jsc#SLE-18033)
- See release notes: https://docs.saltstack.com/en/latest/topics/releases/3002.2.html
- Modified:
* add-environment-variable-to-know-if-yum-is-invoked-f.patch
* let-salt-ssh-use-platform-python-binary-in-rhel8-191.patch
* fix-__mount_device-wrapper-254.patch
* opensuse-3000.2-virt-backports-236-257.patch
* fixes-cve-2018-15750-cve-2018-15751.patch
* strip-trailing-from-repo.uri-when-comparing-repos-in.patch
* include-aliases-in-the-fqdns-grains.patch
* support-config-non-root-permission-issues-fixes-u-50.patch
* support-for-btrfs-and-xfs-in-parted-and-mkfs.patch
* fix-batch_async-obsolete-test.patch
* early-feature-support-config.patch
* changed-imports-to-vendored-tornado.patch
* avoid-excessive-syslogging-by-watchdog-cronjob-58.patch
* add-hold-unhold-functions.patch
* do-not-crash-when-there-are-ipv6-established-connect.patch
* add-docker-logout-237.patch
* add-saltssh-multi-version-support-across-python-inte.patch
* fix-a-test-and-some-variable-names-229.patch
* implement-network.fqdns-module-function-bsc-1134860-.patch
* debian-info_installed-compatibility-50453.patch
* fix-bsc-1065792.patch
* use-current-ioloop-for-the-localclient-instance-of-b.patch
* restore-default-behaviour-of-pkg-list-return.patch
* virt-adding-kernel-boot-parameters-to-libvirt-xml-55.patch
* use-threadpool-from-multiprocessing.pool-to-avoid-le.patch
* add-migrated-state-and-gpg-key-management-functions-.patch
* info_installed-works-without-status-attr-now.patch
* bsc-1176024-fix-file-directory-user-and-group-owners.patch
* opensuse-3000.3-spacewalk-runner-parse-command-250.patch
* fix-aptpkg-systemd-call-bsc-1143301.patch
* fix-memory-leak-produced-by-batch-async-find_jobs-me.patch
* ansiblegate-take-care-of-failed-skipped-and-unreacha.patch
* calculate-fqdns-in-parallel-to-avoid-blockings-bsc-1.patch
* add-cpe_name-for-osversion-grain-parsing-u-49946.patch
* python3.8-compatibility-pr-s-235.patch
* backport-virt-patches-from-3001-256.patch
* do-not-break-repo-files-with-multiple-line-values-on.patch
* enable-passing-a-unix_socket-for-mysql-returners-bsc.patch
* accumulated-changes-required-for-yomi-165.patch
* support-transactional-systems-microos-271.patch
* use-adler32-algorithm-to-compute-string-checksums.patch
* remove-vendored-backports-abc-from-requirements.patch
* fall-back-to-pymysql.patch
* xen-disk-fixes-264.patch
* fix-for-temp-folder-definition-in-loader-unit-test.patch
* batch.py-avoid-exception-when-minion-does-not-respon.patch
* move-server_id-deprecation-warning-to-reduce-log-spa.patch
* avoid-traceback-when-http.query-request-cannot-be-pe.patch
* fixed-bug-lvm-has-no-parttion-type.-the-scipt-later-.patch
* fix-zypper-pkg.list_pkgs-expectation-and-dpkg-mockin.patch
* grains-master-can-read-grains.patch
* remove-arch-from-name-when-pkg.list_pkgs-is-called-w.patch
* fix-wrong-test_mod_del_repo_multiline_values-test-af.patch
* accumulated-changes-from-yomi-167.patch
* allow-passing-kwargs-to-pkg.list_downloaded-bsc-1140.patch
* loosen-azure-sdk-dependencies-in-azurearm-cloud-driv.patch
* add-astra-linux-common-edition-to-the-os-family-list.patch
* fix-async-batch-race-conditions.patch
* batch-async-catch-exceptions-and-safety-unregister-a.patch
* activate-all-beacons-sources-config-pillar-grains.patch
* drop-wrong-mock-from-chroot-unit-test.patch
* fix-for-suse-expanded-support-detection.patch
* fix-novendorchange-option-284.patch
* fix-virt.update-with-cpu-defined-263.patch
* add-batch_presence_ping_timeout-and-batch_presence_p.patch
* fix-git_pillar-merging-across-multiple-__env__-repos.patch
* add-publish_batch-to-clearfuncs-exposed-methods.patch
* fix-unit-tests-for-batch-async-after-refactor.patch
* add-new-custom-suse-capability-for-saltutil-state-mo.patch
* prevent-test_mod_del_repo_multiline_values-to-fail.patch
* x509-fixes-111.patch
* adds-explicit-type-cast-for-port.patch
* run-salt-master-as-dedicated-salt-user.patch
* remove-msgpack-1.0.0-requirement-in-the-installed-me.patch
* switch-firewalld-state-to-use-change_interface.patch
* option-to-en-disable-force-refresh-in-zypper-215.patch
* fix-async-batch-multiple-done-events.patch
* make-setup.py-script-to-not-require-setuptools-9.1.patch
* add-custom-suse-capabilities-as-grains.patch
* don-t-call-zypper-with-more-than-one-no-refresh.patch
* transactional_update-unify-with-chroot.call.patch
* fix-ipv6-scope-bsc-1108557.patch
* temporary-fix-extend-the-whitelist-of-allowed-comman.patch
* opensuse-3000-libvirt-engine-fixes-251.patch
* fix-grains.test_core-unit-test-277.patch
* pkgrepo-support-python-2.7-function-call-295.patch
* prevent-import-errors-when-running-test_btrfs-unit-t.patch
* do-not-make-ansiblegate-to-crash-on-python3-minions.patch
* fix-issue-2068-test.patch
* ensure-virt.update-stop_on_reboot-is-updated-with-it.patch
* remove-deprecated-usage-of-no_mock-and-no_mock_reaso.patch
* read-repo-info-without-using-interpolation-bsc-11356.patch
* fix-zypper.list_pkgs-to-be-aligned-with-pkg-state.patch
* fixing-streamclosed-issue.patch
* virt._get_domain-don-t-raise-an-exception-if-there-i.patch
* loop-fix-variable-names-for-until_no_eval.patch
* improve-batch_async-to-release-consumed-memory-bsc-1.patch
* prevent-systemd-run-description-issue-when-running-a.patch
* integration-of-msi-authentication-with-azurearm-clou.patch
* add-all_versions-parameter-to-include-all-installed-.patch
* sanitize-grains-loaded-from-roster_grains.json.patch
* fix-failing-unit-tests-for-batch-async.patch
* reintroducing-reverted-changes.patch
* fix-for-log-checking-in-x509-test.patch
* do-not-load-pip-state-if-there-is-no-3rd-party-depen.patch
* opensuse-3000-virt-defined-states-222.patch
* add-virt.all_capabilities.patch
* prevent-logging-deadlock-on-salt-api-subprocesses-bs.patch
* fix-cve-2020-25592-and-add-tests-bsc-1178319.patch
* fix-unit-test-for-grains-core.patch
* async-batch-implementation.patch
* apply-patch-from-upstream-to-support-python-3.8.patch
* remove-unnecessary-yield-causing-badyielderror-bsc-1.patch
* re-adding-function-to-test-for-root.patch
* zypperpkg-filter-patterns-that-start-with-dot-244.patch
* fix-a-wrong-rebase-in-test_core.py-180.patch
* add-multi-file-support-and-globbing-to-the-filetree-.patch
* fix-the-removed-six.itermitems-and-six.-_type-262.patch
* zypperpkg-ignore-retcode-104-for-search-bsc-1176697-.patch
* add-standalone-configuration-file-for-enabling-packa.patch
* make-profiles-a-package.patch
* return-the-expected-powerpc-os-arch-bsc-1117995.patch
* batch_async-avoid-using-fnmatch-to-match-event-217.patch
* do-not-raise-streamclosederror-traceback-but-only-lo.patch
* provide-the-missing-features-required-for-yomi-yet-o.patch
* make-aptpkg.list_repos-compatible-on-enabled-disable.patch
* backport-a-few-virt-prs-272.patch
* add-supportconfig-module-for-remote-calls-and-saltss.patch
* run-salt-api-as-user-salt-bsc-1064520.patch
* path-replace-functools.wraps-with-six.wraps-bsc-1177.patch
* get-os_arch-also-without-rpm-package-installed.patch
* invalidate-file-list-cache-when-cache-file-modified-.patch
* xfs-do-not-fails-if-type-is-not-present.patch
* prevent-ansiblegate-unit-tests-to-fail-on-ubuntu.patch
- Removed:
* do-not-report-patches-as-installed-when-not-all-the-.patch
* add-pkg.services_need_restart-302.patch
* removes-unresolved-merge-conflict-in-yumpkg-module.patch
* add-missing-fun-for-returns-from-wfunc-executions.patch
* force-zyppnotify-to-prefer-packages.db-than-packages.patch
* decide-if-the-source-should-be-actually-skipped.patch
* make-lazyloader.__init__-call-to-_refresh_file_mappi.patch
* avoid-has_docker-true-if-import-messes-with-salt.uti.patch
* fix-for-bsc-1102248-psutil-is-broken-and-so-process-.patch
* set-passphrase-for-salt-ssh-keys-to-empty-string-293.patch
* fix-salt.utils.stringutils.to_str-calls-to-make-it-w.patch
* add-patch-support-for-allow-vendor-change-option-wit.patch
* opensuse-3000.3-bigvm-backports-303.patch
* msgpack-support-versions-1.0.0.patch
* fix-typo-on-msgpack-version-when-sanitizing-msgpack-.patch
* use-full-option-name-instead-of-undocumented-abbrevi.patch
* add-missing-_utils-at-loader-grains_func.patch
* loader-invalidate-the-import-cachefor-extra-modules.patch
* fix-for-return-value-ret-vs-return-in-batch-mode.patch
* make-salt.ext.tornado.gen-to-use-salt.ext.backports_.patch
++++ virt-manager:
- bsc#1180062 - virt-install uses isoinfo. Include mkisofs in the
spec file.
virt-manager.spec
------------------------------------------------------------------
------------------ 2020-12-17 - Dec 17 2020 -------------------
------------------------------------------------------------------
++++ boost-base:
- Replace hardcoded python3.8 path in the spec file
- Add Conflicts with Boost 1.66 version in SLE15 since that version
uses different Provides.
++++ glib2:
- Update to version 2.66.4:
+ Fix some issues in parsing floating point seconds in
`GDateTime`
+ Fix some issues in handling invalid UTF-8 when parsing for
`GDate`
+ Bugs fixed: glgo#GNOME/GLib#2264, glgo#GNOME/GLib!1774,
glgo#GNOME/GLib!1790, glgo#GNOME/GLib!1793,
glgo#GNOME/GLib!1799, glgo#GNOME/GLib!1805.
++++ gnutls:
- Require the crypto-policies package [bsc#1180051]
++++ openldap2:
- added openldap2.keyring and source signature file
++++ openssl-1_1:
- Require the crypto-policies package [bsc#1180051]
++++ openssl-3:
- Update to 3.0.0 Alpha 9
* See also https://www.openssl.org/news/changelog.html
* Deprecated all the libcrypto and libssl error string loading
functions. Calling these functions is not necessary since
OpenSSL 1.1.0, as OpenSSL now loads error strings automatically.
* The functions SSL_CTX_set_tmp_dh_callback and SSL_set_tmp_dh_callback, as
well as the macros SSL_CTX_set_tmp_dh() and SSL_set_tmp_dh() have been
deprecated. These are used to set the Diffie-Hellman (DH) parameters that
are to be used by servers requiring ephemeral DH keys. Instead applications
should consider using the built-in DH parameters that are available by
calling SSL_CTX_set_dh_auto() or SSL_set_dh_auto().
* The -crypt option to the passwd command line tool has been removed.
* The -C option to the x509, dhparam, dsaparam, and ecparam commands
has been removed.
* Added several checks to X509_verify_cert() according to requirements in
RFC 5280 in case 'X509_V_FLAG_X509_STRICT' is set (which may be done by
using the CLI option '-x509_strict'):
- The basicConstraints of CA certificates must be marked critical.
- CA certificates must explicitly include the keyUsage extension.
- If a pathlenConstraint is given the key usage keyCertSign must be allowed.
- The issuer name of any certificate must not be empty.
- The subject name of CA certs, certs with keyUsage crlSign,
and certs without subjectAlternativeName must not be empty.
- If a subjectAlternativeName extension is given it must not be empty.
- The signatureAlgorithm field and the cert signature must be consistent.
- Any given authorityKeyIdentifier and any given subjectKeyIdentifier
must not be marked critical.
- The authorityKeyIdentifier must be given for X.509v3 certs
unless they are self-signed.
- The subjectKeyIdentifier must be given for all X.509v3 CA certs.
* Certificate verification using X509_verify_cert() meanwhile rejects EC keys
with explicit curve parameters (specifiedCurve) as required by RFC 5480.
++++ snapper:
- added option to abbreviate columns in table (see
gh#openSUSE/snapper#268)
- version 0.8.15
++++ libvirt:
- qemu: Fix logic bug in inactive snapshot deletion
0ddebdb4-qemu-snapshot-deletion.patch
boo#1180049
++++ libxml2:
- Security fix: [bsc#1161521, CVE-2019-20388]
* Memory leak in xmlSchemaPreRun in xmlschemas.c
- Add libxml2-CVE-2019-20388.patch
++++ zstd:
- Update to version 1.4.7
* Improved --long mode
* --long now automatically enabled for any window size >= 128MB
* Faster decompression of small blocks
* CLI improvements
+ accept parameter through environment variable ZSTD_NBTHREADS
+ new command --output-dir-mirror
+ more accurate warning and error messages
* New experimental features
+ Shared Thread Pool
+ Faster Dictionary Compression
+ New Sequence Ingestion API
* Drop upstream fix-lib-build.patch
++++ libxml2-python:
- Security fix: [bsc#1161521, CVE-2019-20388]
* Memory leak in xmlSchemaPreRun in xmlschemas.c
- Add libxml2-CVE-2019-20388.patch
++++ python-urllib3:
- Add CI variable, which makes timeouts in the test suite longer
(gh#urllib3/urllib3#2109, bsc#1176389) and
test_timeout_errors_cause_retries should not fail.
------------------------------------------------------------------
------------------ 2020-12-16 - Dec 16 2020 -------------------
------------------------------------------------------------------
++++ multipath-tools:
- Update to version 0.8.5+12+suse.3b0e9ca
* libmultipath: force map reload if udev incomplete
(bsc#1178662, bsc#1172157, bsc#1175454, bsc#1176406)
- Fixes from upstream 0.8.5
* multipath-tools: add MacroSAN arrays to hwtable
* libmultipath: Allow discovery of USB devices
(add configuration option "allow_usb_devices")
++++ python310-core:
- Make python39-doc building again
- Add no-skipif-doctests.patch, because SLE-15 version of Sphinx
doesn't know about skipif directive in doctests.
++++ systemd:
- Enable support for zstd compression
systemd-journald will now use zstd for compressing large fields in
journal files. systemd-coredump will also use this algorithm to
compress coredump files.
Please note that systemd older than v246 won't be able to read new
journal files as zstd algorithm is not supported by these versions.
This incompatible change was actually not the only one introduced by
v246 since the hash tables in journal files have been hardened
against hash collisions too in an incompatible way with older
versions.
++++ python310:
- Make python39-doc building again
- Add no-skipif-doctests.patch, because SLE-15 version of Sphinx
doesn't know about skipif directive in doctests.
++++ raspberrypi-firmware:
- Update to 8a5549c (2020-12-15):
* firmware: dmalib: Allow sdcard to borrow channel 6
See: #1511
See: Hexxeh/rpi-firmware#251
See: https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=294932
++++ raspberrypi-firmware-config:
- Update to 8a5549c (2020-12-15):
* firmware: dmalib: Allow sdcard to borrow channel 6
See: #1511
See: Hexxeh/rpi-firmware#251
See: https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=294932
++++ raspberrypi-firmware-config-camera:
- Update to 8a5549c (2020-12-15):
* firmware: dmalib: Allow sdcard to borrow channel 6
See: #1511
See: Hexxeh/rpi-firmware#251
See: https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=294932