openSUSE Factory
Threads by month
- ----- 2025 -----
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
October 2021
- 94 participants
- 78 discussions
Hello,
I'm getting the following for the docker package on the latest snapshot
Warning: Digest verification failed for file 'docker-20.10.9_ce-1.1.x86_64.rpm'
[/var/adm/mount/AP_0xdam8Lp/x86_64/docker-20.10.9_ce-1.1.x86_64.rpm]
expected 1fce8b0241e4ef8cd6bd5ef249a4ff056cd68a9648cd6470b97a71514bf11080
but got 3f93388c88f976241d001115490c4e2eeb9ab6398491224431aac22bd4019466
Tried to force refresh the repos with no luck, retrying downloading
result to the same error.
Is it me or something else?
Thanks
5
4
Dear Package maintainers and hackers.
Below package(s) in openSUSE:Factory have been failing to build for at
least 4 weeks. We tried to send out notifications to the
configured bugowner/maintainers of the package(s), but so far no
fix has been submitted. This probably means that the
maintainer/bugowner did not yet find the time to look into the
matter and he/she would certainly appreciate help to get this
sorted.
- python-websockets
Unless somebody is stepping up and submitting fixes, the listed
package(s) are going to be removed from openSUSE:Factory.
Kind regards,
DimStar / Dominique Leuenberger <dimstar(a)opensuse.org>
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&versio…
Please do not reply to this email to report issues, rather file a bug
on bugzilla.opensuse.org. For more information on filing bugs please
see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
CoreFreq (1.87.1_k5.14.9_1 -> 1.87.4_k5.14.9_1)
ImageMagick (7.1.0.8 -> 7.1.0.9)
Mesa-drivers
apache2-mod_php7
bash-completion
checkmedia (5.4 -> 6.1)
codec2
firewalld (1.0.0 -> 1.0.1)
freerdp
gcr (3.40.0 -> 3.41.0)
git
glibc
hwdata (0.351 -> 0.352)
hwinfo (21.76 -> 21.77)
libHX (3.26 -> 4.0.1)
libqb (2.0.2+20201203.def947e -> 2.0.3+20210303.404adbc)
libreoffice (7.1.5.2 -> 7.2.2.1)
libvirt (7.7.0 -> 7.8.0)
libx86emu (3.2 -> 3.3)
libzypp (17.28.4 -> 17.28.5)
lirc
luajit
man
mariadb
mdadm
open-iscsi
openssh (8.4p1 -> 8.8p1)
openssh-askpass-gnome (8.4p1 -> 8.8p1)
patterns-gnome
pcsc-lite (1.9.3 -> 1.9.4)
php7
polkit-default-privs (1550+20210818.b0c41fd -> 1550+20211008.9751669)
publicsuffix (20210928 -> 20211006)
pulseaudio
python-libvirt-python (7.7.0 -> 7.8.0)
rubygem-bootsnap (1.7.7 -> 1.9.1)
rubygem-marcel (1.0.1 -> 1.0.2)
rubygem-puma (5.4.0 -> 5.5.0)
rubygem-rubocop (1.19.1 -> 1.22.1)
rubygem-rubocop-ast (1.11.0 -> 1.12.0)
rubygem-spring (2.1.1 -> 3.0.0)
rubygem-unicode-display_width (2.0.0 -> 2.1.0)
virt-manager
virtualbox
virtualbox-kmp
xwayland
yarn (1.22.11 -> 1.22.13)
yast2-trans (84.87.20210914.a5d6b81b64 -> 84.87.20210929.6d3a97ea50)
=== Details ===
==== CoreFreq ====
Version update (1.87.1_k5.14.9_1 -> 1.87.4_k5.14.9_1)
- Update to version 1.87.4
- fixed service hardening preventing daemon to start (boo#1191509)
- added modprobe_corefreqd.service.patch to load/unload kernel
module on service start/stop. Do not load module on boot anymore
- fixed leap15_3.patch including unnessary junk
==== ImageMagick ====
Version update (7.1.0.8 -> 7.1.0.9)
Subpackages: ImageMagick-config-7-SUSE ImageMagick-extra libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10
- previous version updates fixed also:
CVE-2018-10805,CVE-2018-11624,CVE-2018-11625,CVE-2018-12599,CVE-2018-12600,
CVE-2018-14434,CVE-2018-14435,CVE-2018-14436,CVE-2018-14437,CVE-2018-16323,
CVE-2018-16328,CVE-2018-16329,CVE-2018-16412,CVE-2018-16413,CVE-2018-16640,
CVE-2018-16641,CVE-2018-16642,CVE-2018-16643,CVE-2018-16644,CVE-2018-16645,
CVE-2018-17966,CVE-2018-18024,CVE-2018-18544,CVE-2018-20467,CVE-2019-10650,
CVE-2019-11007,CVE-2019-11008,CVE-2019-11470,CVE-2019-11472,CVE-2019-11505,
CVE-2019-11506,CVE-2019-11597,CVE-2019-11598,CVE-2019-12974,CVE-2019-12975,
CVE-2019-12976,CVE-2019-12977,CVE-2019-12978,CVE-2019-12979,CVE-2019-13133,
CVE-2019-13134,CVE-2019-13135,CVE-2019-13136,CVE-2019-13137,CVE-2019-13295,
CVE-2019-13296,CVE-2019-13297,CVE-2019-13298,CVE-2019-13299,CVE-2019-13300,
CVE-2019-13301,CVE-2019-13302,CVE-2019-13303,CVE-2019-13304,CVE-2019-13305,
CVE-2019-13306,CVE-2019-13307,CVE-2019-13308,CVE-2019-13309,CVE-2019-13310,
CVE-2019-13311,CVE-2019-13391,CVE-2019-13454,CVE-2019-14980,CVE-2019-14981,
CVE-2019-15139,CVE-2019-15140,CVE-2019-15141,CVE-2019-16708,CVE-2019-16709,
CVE-2019-16710,CVE-2019-16711,CVE-2019-16712,CVE-2019-16713,CVE-2019-19948,
CVE-2019-19949,CVE-2019-7175,CVE-2019-7395,CVE-2019-7396,CVE-2019-7397,
CVE-2019-7398,CVE-2019-9956,CVE-2020-19667,CVE-2020-25664,CVE-2020-25665,
CVE-2020-25666,CVE-2020-25674,CVE-2020-25675,CVE-2020-25676,CVE-2020-27560,
CVE-2020-27750,CVE-2020-27751,CVE-2020-27752,CVE-2020-27753,CVE-2020-27754,
CVE-2020-27755,CVE-2020-27756,CVE-2020-27757,CVE-2020-27758,CVE-2020-27759,
CVE-2020-27760,CVE-2020-27761,CVE-2020-27762,CVE-2020-27763,CVE-2020-27764,
CVE-2020-27765,CVE-2020-27766,CVE-2020-27767,CVE-2020-27768,CVE-2020-27769,
CVE-2020-27770,CVE-2020-27771,CVE-2020-27772,CVE-2020-27773,CVE-2020-27774,
CVE-2020-27775,CVE-2020-27776,CVE-2020-29599,CVE-2021-20241,CVE-2021-20311,
CVE-2021-20312,CVE-2021-20313,CVE-2021-20241,CVE-2021-20243,CVE-2021-20244,
CVE-2021-20246
(bsc#1094741,bsc#1094742,bsc#1094745,bsc#1095812,bsc#1096200,bsc#1096203,
bsc#1098545,bsc#1098546,bsc#1102003,bsc#1102004,bsc#1102005,bsc#1102007,
bsc#1106254,bsc#1106855,bsc#1106857,bsc#1106858,bsc#1106989,bsc#1106996,
bsc#1107604,bsc#1107609,bsc#1107612,bsc#1107616,bsc#1107618,bsc#1107619,
bsc#1110746,bsc#1111069,bsc#1111072,bsc#1113064,bsc#1120381,bsc#1124365,
bsc#1124366,bsc#1124367,bsc#1124368,bsc#1128649,bsc#1130330,bsc#1131317,
bsc#1132054,bsc#1132060,bsc#1133204,bsc#1133205,bsc#1133498,bsc#1133501,
bsc#1136732,bsc#1138464,bsc#1139884,bsc#1139885,bsc#1139886,bsc#1140100,
bsc#1140102,bsc#1140103,bsc#1140104,bsc#1140105,bsc#1140106,bsc#1140110,
bsc#1140111,bsc#1140501,bsc#1140513,bsc#1140520,bsc#1140534,bsc#1140538,
bsc#1140543,bsc#1140545,bsc#1140547,bsc#1140549,bsc#1140552,bsc#1140554,
bsc#1140664,bsc#1140665,bsc#1140666,bsc#1140667,bsc#1140668,bsc#1140669,
bsc#1140673,bsc#1141171,bsc#1146065,bsc#1146068,bsc#1146211,bsc#1146212,
bsc#1146213,bsc#1151781,bsc#1151782,bsc#1151783,bsc#1151784,bsc#1151785,
bsc#1151786,bsc#1159861,bsc#1160369,bsc#1161194,bsc#1178067,bsc#1179103,
bsc#1179202,bsc#1179208,bsc#1179212,bsc#1179221,bsc#1179223,bsc#1179240,
bsc#1179244,bsc#1179260,bsc#1179268,bsc#1179269,bsc#1179276,bsc#1179278,
bsc#1179281,bsc#1179285,bsc#1179311,bsc#1179312,bsc#1179313,bsc#1179315,
bsc#1179317,bsc#1179321,bsc#1179322,bsc#1179327,bsc#1179333,bsc#1179336,
bsc#1179338,bsc#1179339,bsc#1179343,bsc#1179345,bsc#1179346,bsc#1179347,
bsc#1179361,bsc#1179362,bsc#1179397,bsc#1179753,bsc#1182335,bsc#1184624,
bsc#1184626,bsc#1184627,bsc#1184628,bsc#1182335,bsc#1182336,bsc#1182325,
bsc#1182337)
- version update to 7.1.0.9:
* Squash a dump truck load of VisualStudio compiler warnings.
* improved algorithm for automatic calculation of word breaks and pointsize
for caption and labels.
* improve wrapping between words and within words (reference
https://github.com/ImageMagick/ImageMagick/discussions/4227)
- added patches
disable Contrast test for i586 on SLE 15
+ ImageMagick-filter.t-disable-Contrast.patch
==== Mesa-drivers ====
Subpackages: Mesa-dri Mesa-gallium Mesa-libva libvdpau_r300 libvdpau_r600 libvdpau_radeonsi libvulkan_intel libvulkan_radeon libxatracker2
- Fix build with LLVM 13:
* U_gallivm-add-new-wrapper-around-Module.patch
* U_gallivm-fix-FTBFS-on-i386-with-LLVM-13.patch
==== apache2-mod_php7 ====
- previous version updates fixes also:
CVE-2020-7068,CVE-2020-7069,CVE-2020-7070,CVE-2020-7071,
CVE-2021-21702,CVE-2021-21704,CVE-2021-21705
bsc#1175223,bsc#1177351,bsc#1177352,bsc#1180706,
bsc#1182049,bsc#1188035,bsc#1188037
==== bash-completion ====
- Add patch boo1190929-9af4afd0.patch for boo#1190929
add support for compeletion modinfo completion recognize .ko.zst
as well as .ko.bz2
==== checkmedia ====
Version update (5.4 -> 6.1)
- merge gh#openSUSE/checkmedia#16
- fix auto-detecting a suitable signature location for rh media
- 6.1
- merge gh#openSUSE/checkmedia#15
- add --version option to tagmedia
- use volume id if app id is missing for nice output
- add support for rh style meta data and digest calculation
- extend fragment calculation to suse style
- show signee if signature is ok
- add --create-signature option
- fix large file support
- updated unit tests
- enhance documentation
- add new and shiny README.adoc
- 6.0
==== codec2 ====
- Added a patch moved-freedv_callback_rx_sym-into-internal-header.patch
to fix building gnuradio (patch taken from upstream)
- Drop handcrafted generation of the pkgconfig file
- Remove "-Wno-dev"
==== firewalld ====
Version update (1.0.0 -> 1.0.1)
Subpackages: firewalld-bash-completion firewalld-lang firewalld-zsh-completion python3-firewall
- Update to 1.0.1:
* keep linux capability CAP_SYS_MODULE
* UPnP Client: actually allow SSDP traffic
* Fix RPM macros to test if firewall-cmd is executable
==== freerdp ====
Subpackages: libfreerdp2 libwinpr2
- Finally nailed it: CMAKE_INSTALL_LIBDIR is absolute on Leaps and
relative on TW, but freerdp requires the relative variant.
Fixes boo#1190919
- Remove freerdp-fix-plugin-path.patch again, the problem was
introduced/fixed by cmake changes
==== gcr ====
Version update (3.40.0 -> 3.41.0)
Subpackages: gcr-data gcr-lang gcr-prompter gcr-ssh-askpass gcr-viewer libgck-1-0 libgcr-3-1 typelib-1_0-Gck-1 typelib-1_0-Gcr-3
- Update to version 3.41.0:
+ Port ssh-agent from gnome-keyring.
+ build: Fix parallel build failure due to missing marshal
dependency.
+ Fix warnings by dropping `volatile` for g_once_init_inter
locations.
+ tests: More robust against GTask unref race condition.
+ Updated translations.
- Add pkgconfig(libsecret-1), pkgconfig(libsystemd),
pkgconfig(systemd) and openssh-clients BuildRequires: Build new
standalone ssh-agent, and split it out in own sub-package.
==== git ====
Subpackages: git-core git-cvs git-daemon git-email git-gui git-svn git-web gitk perl-Git
- Added hardening to systemd service(s) (bsc#1181400). Modified:
* git-daemon.service
==== glibc ====
Subpackages: glibc-32bit glibc-devel glibc-extra glibc-lang glibc-locale glibc-locale-base nscd
- ld-show-auxv-colon.patch: elf: Fix missing colon in LD_SHOW_AUXV output
(BZ #282539
- x86-string-control-test.patch: x86-64: Use testl to check
__x86_string_control
- pthread-kill-fail-after-exit.patch: nptl: pthread_kill, pthread_cancel
should not fail after exit (BZ #19193)
- pthread-kill-race-thread-exit.patch: nptl: Fix race between pthread_kill
and thread exit (BZ #12889)
- getcwd-attribute-access.patch: posix: Fix attribute access mode on
getcwd (BZ #27476)
- pthread-kill-return-esrch.patch: nptl: pthread_kill needs to return
ESRCH for old programs (BZ #19193)
- pthread-mutexattr-getrobust-np-type.patch: nptl: Fix type of
pthread_mutexattr_getrobust_np, pthread_mutexattr_setrobust_np (BZ
[#28036])
- setxid-deadlock-blocked-signals.patch: nptl: Avoid setxid deadlock with
blocked signals in thread exit (BZ #28361)
- pthread-kill-send-specific-thread.patch: nptl: pthread_kill must send
signals to a specific thread (BZ #28407)
- sysconf-nprocessors-affinity.patch: linux: Revert the use of
sched_getaffinity on get_nproc (BZ #28310)
- iconv-charmap-close-output.patch: renamed from
icon-charmap-close-output.patch
==== hwdata ====
Version update (0.351 -> 0.352)
- Update to version 0.352 (bsc#1191375:
+ Updated pci, usb and vendor ids.
==== hwinfo ====
Version update (21.76 -> 21.77)
- merge gh#openSUSE/hwinfo#105
- Use license file from gnu.org
- Fix spelling
- Add missing final newline
- Trim excess whitespace
- Simple maintenance improvements
- 21.77
==== libHX ====
Version update (3.26 -> 4.0.1)
Subpackages: libHX32 libHX32-32bit
- Update to release 4.0.1
* lib: add ``HX_slurp_fd``, ``HX_slurp_file``
* proc: add ``HXproc_switch_user``
* proc: add ``HXproc_top_fd``
* socket: add ``HX_socket_from_env``
* opt: add ``HXOPT_KEEP_ARGV`` flag
==== libqb ====
Version update (2.0.2+20201203.def947e -> 2.0.3+20210303.404adbc)
- Update to version 2.0.3+20210303.404adbc (v2.0.3):
- syslog: Add a message-id parameter for messages (gh#ClusterLabs/libqb#433)
- timers: Add some locking (gh#ClusterLabs/libqb#436)
- ipcc: Have a few goes at tidying up after a dead server (gh#ClusterLabs/libqb#434)
- strlcpy: Check for maxlen underflow (gh#ClusterLabs/libqb#432)
- doxygen2man: fix printing of lines starting with '.' (gh#ClusterLabs/libqb#431)
- doxygen2man: ignore all-whitespace brief descriptions (gh#ClusterLabs/libqb#430)
==== libreoffice ====
Version update (7.1.5.2 -> 7.2.2.1)
Subpackages: libreoffice-base libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-cs libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en libreoffice-l10n-en_GB libreoffice-l10n-es libreoffice-l10n-fr libreoffice-l10n-hu libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-pl libreoffice-l10n-pt_BR libreoffice-l10n-ru libreoffice-l10n-zh_CN libreoffice-l10n-zh_TW libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-writer libreofficekit
- Update to 7.2.2.1
- Refresh pld-skia-patches.patch
- Fix bsc#1189813: LO-L3: Shadow effect for tables in PPTX partly incorrect
* bsc1189813.patch
- Add vendored poppler to use for all codestreams except Tumbleweed.
- Use vendored boost for all codestreams except Tumbleweed.
Update boost vendored version.
- Update to 7.2.1.2:
* LO minor release
- Added patch:
* pld-skia-patches.patch
* skia-freetype2.11.patch
==== libvirt ====
Version update (7.7.0 -> 7.8.0)
Subpackages: libvirt-client libvirt-daemon libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-lxc libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lxc libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs
- lxc: controller: Fix container launch on cgroup v1
1b9ce05c-lxc-fix-cgroupV1.patch
boo#1183247
- tools: Fix virt-host-validate SEV detection
3f9c1a4b-fix-host-validate-sev.patch
boo#1188715
- Update to libvirt 7.8.0
- jsc#SLE-18260
- Many incremental improvements and bug fixes, see
https://libvirt.org/news.html
- Dropped patches:
b75a16ae-libxl-improve-die-id.patch,
65fab900-libxl-fix-driver-reload.patch,
51eb680b-libxl-dont-autostart-on-reload.patch
- spec: Fix hangs during package update
bsc#1177902, bsc#1190693
- spec: Don't add --timeout arg to /etc/sysconfig/libvirtd when
running in traditional mode without socket activation
bsc#1190695
==== libx86emu ====
Version update (3.2 -> 3.3)
- merge gh#wfeldt/libx86emu#34
- Migrate CI to GitHub Actions
- 3.3
==== libzypp ====
Version update (17.28.4 -> 17.28.5)
- Downloader does not respect checkExistsOnly flag (bsc#1190712)
A missing check causes zyppng::Downloader to always download full
files even if the checkExistsOnly flag is set. This patch adds
the missing logic.
- Fix kernel-*-livepatch removal in purge-kernels (bsc#1190815)
The kernel-*-livepatch packages are supposed to serve as a stable
handle for the ephemeral kernel livepatch packages. See
FATE#320268 for details. As part of the kernel live patching
ecosystem, kernel-*-livepatch packages should not block the
purge-kernels step.
- version 17.28.5 (22)
==== lirc ====
- Revert "Require typelib packages": better to have rpm auto-detect
them.
- Add gobject-introspection BuildRequires to have the typelib dep
scanner on board.
- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
* harden_irexec.service.patch
* harden_lircd-uinput.service.patch
* harden_lircd.service.patch
* harden_lircmd.service.patch
- Require typelib packages, otherwise lirc-setup fails to start.
==== luajit ====
- Exclude s390x for now. There is a not-yet-upstreamed port
available, but we would need to rebase it for our release.
==== man ====
- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
* harden_man-db.service.patch
Modified:
* man-db-create.service
==== mariadb ====
Subpackages: libmariadbd19 mariadb-client mariadb-errormessages
- Fix socket address in mariadb@.socket file
==== mdadm ====
- Install mdadm in _sbindir rather than /sbin. This is more
appropriate now that we have a merged-/usr.
(bsc#1191076)
==== open-iscsi ====
Subpackages: iscsiuio libopeniscsiusr0_2_0
- Fix possible systemd cycle by adding an "obsoletes" for
the old libopeniscsiusr for older versions.
==== openssh ====
Version update (8.4p1 -> 8.8p1)
Subpackages: openssh-clients openssh-common openssh-server
- Version update to 8.8p1:
= Security
* sshd(8) from OpenSSH 6.2 through 8.7 failed to correctly initialise
supplemental groups when executing an AuthorizedKeysCommand or
AuthorizedPrincipalsCommand, where a AuthorizedKeysCommandUser or
AuthorizedPrincipalsCommandUser directive has been set to run the
command as a different user. Instead these commands would inherit
the groups that sshd(8) was started with.
Depending on system configuration, inherited groups may allow
AuthorizedKeysCommand/AuthorizedPrincipalsCommand helper programs to
gain unintended privilege.
Neither AuthorizedKeysCommand nor AuthorizedPrincipalsCommand are
enabled by default in sshd_config(5).
= Potentially-incompatible changes
* This release disables RSA signatures using the SHA-1 hash algorithm
by default. This change has been made as the SHA-1 hash algorithm is
cryptographically broken, and it is possible to create chosen-prefix
hash collisions for <USD$50K.
For most users, this change should be invisible and there is
no need to replace ssh-rsa keys. OpenSSH has supported RFC8332
RSA/SHA-256/512 signatures since release 7.2 and existing ssh-rsa keys
will automatically use the stronger algorithm where possible.
Incompatibility is more likely when connecting to older SSH
implementations that have not been upgraded or have not closely tracked
improvements in the SSH protocol. For these cases, it may be necessary
to selectively re-enable RSA/SHA1 to allow connection and/or user
authentication via the HostkeyAlgorithms and PubkeyAcceptedAlgorithms
options.
= New features
* ssh(1): allow the ssh_config(5) CanonicalizePermittedCNAMEs
directive to accept a "none" argument to specify the default
behaviour.
= Bugfixes
* scp(1): when using the SFTP protocol, continue transferring files
after a transfer error occurs, better matching original scp/rcp
behaviour.
* ssh(1): fixed a number of memory leaks in multiplexing,
* ssh-keygen(1): avoid crash when using the -Y find-principals
command.
* A number of documentation and manual improvements, including
bz#3340, PR139, PR215, PR241, PR257
- Additional changes from 8.7p1 release:
= Potentially-incompatible changes
* scp(1): this release changes the behaviour of remote to remote
copies (e.g. "scp host-a:/path host-b:") to transfer through the
local host by default. This was previously available via the -3
flag. This mode avoids the need to expose credentials on the
origin hop, avoids triplicate interpretation of filenames by the
shell (by the local system, the copy origin and the destination)
and, in conjunction with the SFTP support for scp(1) mentioned
below, allows use of all authentication methods to the remote
hosts (previously, only non-interactive methods could be used).
A -R flag has been added to select the old behaviour.
* ssh(1)/sshd(8): both the client and server are now using a
stricter configuration file parser. The new parser uses more
shell-like rules for quotes, space and escape characters. It is
also more strict in rejecting configurations that include options
lacking arguments. Previously some options (e.g. DenyUsers) could
appear on a line with no subsequent arguments. This release will
reject such configurations. The new parser will also reject
configurations with unterminated quotes and multiple '='
characters after the option name.
* ssh(1): when using SSHFP DNS records for host key verification,
ssh(1) will verify all matching records instead of just those
with the specific signature type requested. This may cause host
key verification problems if stale SSHFP records of a different
or legacy signature type exist alongside other records for a
particular host. bz#3322
* ssh-keygen(1): when generating a FIDO key and specifying an
explicit attestation challenge (using -Ochallenge), the challenge
will now be hashed by the builtin security key middleware. This
removes the (undocumented) requirement that challenges be exactly
32 bytes in length and matches the expectations of libfido2.
* sshd(8): environment="..." directives in authorized_keys files are
now first-match-wins and limited to 1024 discrete environment
variable names.
= New features
* scp(1): experimental support for transfers using the SFTP protocol
as a replacement for the venerable SCP/RCP protocol that it has
traditionally used. SFTP offers more predictable filename handling
and does not require expansion of glob(3) patterns via the shell
on the remote side.
* sftp-server(8): add a protocol extension to support expansion of
~/ and ~user/ prefixed paths. This was added to support these
paths when used by scp(1) while in SFTP mode.
* ssh(1): add a ForkAfterAuthentication ssh_config(5) counterpart to
the ssh(1) -f flag. GHPR231
* ssh(1): add a StdinNull directive to ssh_config(5) that allows the
config file to do the same thing as -n does on the ssh(1) command-
line. GHPR231
* ssh(1): add a SessionType directive to ssh_config, allowing the
configuration file to offer equivalent control to the -N (no
session) and -s (subsystem) command-line flags. GHPR231
* ssh-keygen(1): allowed signers files used by ssh-keygen(1)
signatures now support listing key validity intervals alongside
they key, and ssh-keygen(1) can optionally check during signature
verification whether a specified time falls inside this interval.
This feature is intended for use by git to support signing and
verifying objects using ssh keys.
* ssh-keygen(8): support printing of the full public key in a sshsig
signature via a -Oprint-pubkey flag.
= Bugfixes
* ssh(1)/sshd(8): start time-based re-keying exactly on schedule in
the client and server mainloops. Previously the re-key timeout
could expire but re-keying would not start until a packet was sent
or received, causing a spin in select() if the connection was
quiescent.
* ssh-keygen(1): avoid Y2038 problem in printing certificate
validity lifetimes. Dates past 2^31-1 seconds since epoch were
displayed incorrectly on some platforms. bz#3329
* scp(1): allow spaces to appear in usernames for local to remote
and scp -3 remote to remote copies. bz#1164
* ssh(1)/sshd(8): remove references to ChallengeResponseAuthentication
in favour of KbdInteractiveAuthentication. The former is what was in
SSHv1, the latter is what is in SSHv2 (RFC4256) and they were
treated as somewhat but not entirely equivalent. We retain the old
name as a deprecated alias so configuration files continue to work
as well as a reference in the man page for people looking for it.
bz#3303
* ssh(1)/ssh-add(1)/ssh-keygen(1): fix decoding of X.509 subject name
when extracting a key from a PKCS#11 certificate. bz#3327
* ssh(1): restore blocking status on stdio fds before close. ssh(1)
needs file descriptors in non-blocking mode to operate but it was
not restoring the original state on exit. This could cause
problems with fds shared with other programs via the shell,
bz#3280 and GHPR246
* ssh(1)/sshd(8): switch both client and server mainloops from
select(3) to pselect(3). Avoids race conditions where a signal
may arrive immediately before select(3) and not be processed until
an event fires. bz#2158
* ssh(1): sessions started with ControlPersist were incorrectly
executing a shell when the -N (no shell) option was specified.
bz#3290
* ssh(1): check if IPQoS or TunnelDevice are already set before
overriding. Prevents values in config files from overriding values
supplied on the command line. bz#3319
* ssh(1): fix debug message when finding a private key to match a
certificate being attempted for user authentication. Previously it
would print the certificate's path, whereas it was supposed to be
showing the private key's path. GHPR247
* sshd(8): match host certificates against host public keys, not
private keys. Allows use of certificates with private keys held in
a ssh-agent. bz#3524
* ssh(1): add a workaround for a bug in OpenSSH 7.4 sshd(8), which
allows RSA/SHA2 signatures for public key authentication but fails
to advertise this correctly via SSH2_MSG_EXT_INFO. This causes
clients of these server to incorrectly match
PubkeyAcceptedAlgorithmse and potentially refuse to offer valid
keys. bz#3213
* sftp(1)/scp(1): degrade gracefully if a sftp-server offers the
limits(a)openssh.com extension but fails when the client tries to
invoke it. bz#3318
* ssh(1): allow ssh_config SetEnv to override $TERM, which is
otherwise handled specially by the protocol. Useful in ~/.ssh/config
to set TERM to something generic (e.g. "xterm" instead of
"xterm-256color") for destinations that lack terminfo entries.
* sftp-server(8): the limits(a)openssh.com extension was incorrectly
marked as an operation that writes to the filesystem, which made it
unavailable in sftp-server read-only mode. bz#3318
* ssh(1): fix SEGV in UpdateHostkeys debug() message, triggered when
the update removed more host keys than remain present.
* Many manual page fixes.
- Additional changes from 8.6p1 release:
= Security
* sshd(8): OpenSSH 8.5 introduced the LogVerbose keyword. When this
option was enabled with a set of patterns that activated logging
in code that runs in the low-privilege sandboxed sshd process, the
log messages were constructed in such a way that printf(3) format
strings could effectively be specified the low-privilege code.
= New features
* sftp-server(8): add a new limits(a)openssh.com protocol extension
that allows a client to discover various server limits, including
maximum packet size and maximum read/write length.
* sftp(1): use the new limits(a)openssh.com extension (when available)
to select better transfer lengths in the client.
* sshd(8): Add ModuliFile keyword to sshd_config to specify the
location of the "moduli" file containing the groups for DH-GEX.
* unit tests: Add a TEST_SSH_ELAPSED_TIMES environment variable to
enable printing of the elapsed time in seconds of each test.
= Bugfixes
* ssh_config(5), sshd_config(5): sync CASignatureAlgorithms lists in
manual pages with the current default. GHPR174
* ssh(1): ensure that pkcs11_del_provider() is called before exit.
GHPR234
* ssh(1), sshd(8): fix problems in string->argv conversion. Multiple
backslashes were not being dequoted correctly and quoted space in
the middle of a string was being incorrectly split. GHPR223
* ssh(1): return non-zero exit status when killed by signal; bz#3281
* sftp-server(8): increase maximum SSH2_FXP_READ to match the maximum
packet size. Also handle zero-length reads that are not explicitly
banned by the spec.
- Additional changes from 8.5p1 release:
= Security
* ssh-agent(1): fixed a double-free memory corruption that was
introduced in OpenSSH 8.2 . We treat all such memory faults as
potentially exploitable. This bug could be reached by an attacker
with access to the agent socket.
= Potentially-incompatible changes
* ssh(1), sshd(8): this release changes the first-preference signature
algorithm from ECDSA to ED25519.
* ssh(1), sshd(8): set the TOS/DSCP specified in the configuration
for interactive use prior to TCP connect. The connection phase of
the SSH session is time-sensitive and often explicitly interactive.
The ultimate interactive/bulk TOS/DSCP will be set after
authentication completes.
* ssh(1), sshd(8): remove the pre-standardization cipher
rijndael-cbc(a)lysator.liu.se. It is an alias for aes256-cbc before
it was standardized in RFC4253 (2006), has been deprecated and
disabled by default since OpenSSH 7.2 (2016) and was only briefly
documented in ssh.1 in 2001.
* ssh(1), sshd(8): update/replace the experimental post-quantum
hybrid key exchange method based on Streamlined NTRU Prime coupled
with X25519. The previous sntrup4591761x25519-sha512(a)tinyssh.org
method is replaced with sntrup761x25519-sha512(a)openssh.com.
* ssh(1): disable CheckHostIP by default. It provides insignificant
benefits while making key rotation significantly more difficult,
especially for hosts behind IP-based load-balancers.
= New features
* ssh(1): this release enables UpdateHostkeys by default subject to
some conservative preconditions:
- The key was matched in the UserKnownHostsFile (and not in the
GlobalKnownHostsFile).
- The same key does not exist under another name.
- A certificate host key is not in use.
- known_hosts contains no matching wildcard hostname pattern.
- VerifyHostKeyDNS is not enabled.
- The default UserKnownHostsFile is in use.
* ssh(1), sshd(8): add a new LogVerbose configuration directive for
that allows forcing maximum debug logging by file/function/line
pattern-lists.
* ssh(1): when prompting the user to accept a new hostkey, display
any other host names/addresses already associated with the key.
* ssh(1): allow UserKnownHostsFile=none to indicate that no
known_hosts file should be used to identify host keys.
* ssh(1): add a ssh_config KnownHostsCommand option that allows the
client to obtain known_hosts data from a command in addition to
the usual files.
* ssh(1): add a ssh_config PermitRemoteOpen option that allows the
client to restrict the destination when RemoteForward is used
with SOCKS.
* ssh(1): for FIDO keys, if a signature operation fails with a
"incorrect PIN" reason and no PIN was initially requested from the
user, then request a PIN and retry the operation. This supports
some biometric devices that fall back to requiring PIN when reading
of the biometric failed, and devices that require PINs for all
hosted credentials.
* sshd(8): implement client address-based rate-limiting via new
sshd_config(5) PerSourceMaxStartups and PerSourceNetBlockSize
directives that provide more fine-grained control on a per-origin
address basis than the global MaxStartups limit.
= Bugfixes
* ssh(1): Prefix keyboard interactive prompts with "(user@host)" to
make it easier to determine which connection they are associated
with in cases like scp -3, ProxyJump, etc. bz#3224
* sshd(8): fix sshd_config SetEnv directives located inside Match
blocks. GHPR201
* ssh(1): when requesting a FIDO token touch on stderr, inform the
user once the touch has been recorded.
* ssh(1): prevent integer overflow when ridiculously large
ConnectTimeout values are specified, capping the effective value
(for most platforms) at 24 days. bz#3229
* ssh(1): consider the ECDSA key subtype when ordering host key
algorithms in the client.
* ssh(1), sshd(8): rename the PubkeyAcceptedKeyTypes keyword to
PubkeyAcceptedAlgorithms. The previous name incorrectly suggested
that it control allowed key algorithms, when this option actually
specifies the signature algorithms that are accepted. The previous
name remains available as an alias. bz#3253
* ssh(1), sshd(8): similarly, rename HostbasedKeyTypes (ssh) and
HostbasedAcceptedKeyTypes (sshd) to HostbasedAcceptedAlgorithms.
* sftp-server(8): add missing lsetstat(a)openssh.com documentation
and advertisement in the server's SSH2_FXP_VERSION hello packet.
* ssh(1), sshd(8): more strictly enforce KEX state-machine by
banning packet types once they are received. Fixes memleak caused
by duplicate SSH2_MSG_KEX_DH_GEX_REQUEST (oss-fuzz #30078).
* sftp(1): allow the full range of UIDs/GIDs for chown/chgrp on 32bit
platforms instead of being limited by LONG_MAX. bz#3206
* Minor man page fixes (capitalization, commas, etc.) bz#3223
* sftp(1): when doing an sftp recursive upload or download of a
read-only directory, ensure that the directory is created with
write and execute permissions in the interim so that the transfer
can actually complete, then set the directory permission as the
final step. bz#3222
* ssh-keygen(1): document the -Z, check the validity of its argument
earlier and provide a better error message if it's not correct.
bz#2879
* ssh(1): ignore comments at the end of config lines in ssh_config,
similar to what we already do for sshd_config. bz#2320
* sshd_config(5): mention that DisableForwarding is valid in a
sshd_config Match block. bz3239
* sftp(1): fix incorrect sorting of "ls -ltr" under some
circumstances. bz3248.
* ssh(1), sshd(8): fix potential integer truncation of (unlikely)
timeout values. bz#3250
* ssh(1): make hostbased authentication send the signature algorithm
in its SSH2_MSG_USERAUTH_REQUEST packets instead of the key type.
This make HostbasedAcceptedAlgorithms do what it is supposed to -
filter on signature algorithm and not key type.
- Rebased patches:
* openssh-7.7p1-IPv6_X_forwarding.patch
* openssh-7.7p1-X11_trusted_forwarding.patch
* openssh-7.7p1-X_forward_with_disabled_ipv6.patch
* openssh-7.7p1-cavstest-ctr.patch
* openssh-7.7p1-cavstest-kdf.patch
* openssh-7.7p1-disable_openssl_abi_check.patch
* openssh-7.7p1-eal3.patch
* openssh-7.7p1-enable_PAM_by_default.patch
* openssh-7.7p1-fips.patch
* openssh-7.7p1-fips_checks.patch
* openssh-7.7p1-host_ident.patch
* openssh-7.7p1-hostname_changes_when_forwarding_X.patch
* openssh-7.7p1-ldap.patch
* openssh-7.7p1-no_fork-no_pid_file.patch
* openssh-7.7p1-pam_check_locks.patch
* openssh-7.7p1-pts_names_formatting.patch
* openssh-7.7p1-remove_xauth_cookies_on_exit.patch
* openssh-7.7p1-seccomp_ipc_flock.patch
* openssh-7.7p1-seccomp_stat.patch
* openssh-7.7p1-send_locale.patch
* openssh-7.7p1-sftp_force_permissions.patch
* openssh-7.7p1-sftp_print_diagnostic_messages.patch
* openssh-7.7p1-systemd-notify.patch
* openssh-7.9p1-keygen-preserve-perms.patch
* openssh-7.9p1-revert-new-qos-defaults.patch
* openssh-8.0p1-gssapi-keyex.patch
* openssh-8.1p1-audit.patch
* openssh-8.1p1-seccomp-clock_gettime64.patch
* openssh-8.1p1-seccomp-clock_nanosleep.patch
* openssh-8.1p1-seccomp-clock_nanosleep_time64.patch
* openssh-8.1p1-use-openssl-kdf.patch
* openssh-8.4p1-vendordir.patch
* openssh-fips-ensure-approved-moduli.patch
* openssh-link-with-sk.patch
* openssh-reenable-dh-group14-sha1-default.patch
* openssh-whitelist-syscalls.patch
- Removed openssh-fix-ssh-copy-id.patch (fixed upstream).
- openssh.keyring: rotated to new key from https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/RELEASE_KEY.asc
- sshd-gen-keys-start:
- only source sysconfig file if it exists.
- create /etc/ssh if it does not exists.
Required for image based installation/updates.
==== openssh-askpass-gnome ====
Version update (8.4p1 -> 8.8p1)
- Version upgrade to 8.8p1
* No changes for askpass, see main package changelog for
details
==== patterns-gnome ====
Subpackages: patterns-gnome-gnome patterns-gnome-gnome_basic patterns-gnome-gnome_basis patterns-gnome-gnome_basis_opt patterns-gnome-gnome_games patterns-gnome-gnome_imaging patterns-gnome-gnome_internet patterns-gnome-gnome_multimedia patterns-gnome-gnome_office patterns-gnome-gnome_utilities patterns-gnome-gnome_x11 patterns-gnome-gnome_yast patterns-gnome-sw_management_gnome
- Drop gnome-power-manager Recommends: Package is dormant upstream
and on its way to be replaced by new features inside of
gnome-control-center.
==== pcsc-lite ====
Version update (1.9.3 -> 1.9.4)
Subpackages: libpcsclite1
- version 1.9.4
* fix a memory leak when libusb is used for hotplug
(i.e. non-Linux systems)
==== php7 ====
Subpackages: php7-cli php7-ctype php7-dom php7-gd php7-gettext php7-iconv php7-json php7-mbstring php7-mysql php7-openssl php7-pdo php7-sqlite php7-tokenizer php7-xmlreader php7-xmlwriter
- previous version updates fixes also:
CVE-2020-7068,CVE-2020-7069,CVE-2020-7070,CVE-2020-7071,
CVE-2021-21702,CVE-2021-21704,CVE-2021-21705
bsc#1175223,bsc#1177351,bsc#1177352,bsc#1180706,
bsc#1182049,bsc#1188035,bsc#1188037
==== polkit-default-privs ====
Version update (1550+20210818.b0c41fd -> 1550+20211008.9751669)
- drop backward compatibility symlink in /etc/polkit-default-privs.standard.
rpmlint 2.0 is now in Factory and the check there directly uses the profile
in /usr/etc/polkit-default-privs/profiles/standard.
- drop polkit-whitelisting sub-package. This is now handled in rpmlint 2.0
internally.
- Update to version 1550+20211008.9751669:
* whitelist power-profiles-daemon actions (bsc#1189900)
* cleanup: remove polkit-rules-whitelist.json
==== publicsuffix ====
Version update (20210928 -> 20211006)
- Update to version 20211006:
* Update Pull Request Template to add clarity
* util: gTLD data autopull updates for 2021-10-01T15:13:10 UTC (#1445)
==== pulseaudio ====
Subpackages: libpulse-mainloop-glib0 libpulse0 pulseaudio-bash-completion pulseaudio-gdm-hooks pulseaudio-lang pulseaudio-module-bluetooth pulseaudio-module-gsettings pulseaudio-module-x11 pulseaudio-module-zeroconf pulseaudio-utils pulseaudio-zsh-completion
- Make system-user-pulse noarch
- Split sysusers.d file to separate package as needed by brltty
(bsc#1191465)
==== python-libvirt-python ====
Version update (7.7.0 -> 7.8.0)
- Update to 7.8.0
- Add all new APIs and constants in libvirt 7.8.0
- jsc#SLE-18260
==== rubygem-bootsnap ====
Version update (1.7.7 -> 1.9.1)
Subpackages: ruby2.7-rubygem-bootsnap ruby3.0-rubygem-bootsnap
- updated to version 1.9.1
* Removed a forgotten debug statement in JSON precompilation
==== rubygem-marcel ====
Version update (1.0.1 -> 1.0.2)
- updated to version 1.0.2
* Include Apache license in gem release. (a525d5b)
* Prefer audio/x-wav for WAV audio files. (#45)
* Prefer application/x-x509-ca-cert for Privacy-Enhanced Mail certificates. (#46)
* Prefer audio/flac for FLAC audio files. (#47)
* Prefer audio/aac for Advanced Audio Coding audio files. (#49)
* Prefer application/vnd.ms-access for Microsodt Access DB files. (#50)
* Support text/x-scss and text/x-sass stylesheets. (#52)
* Support encrypted Microsoft Access DB files. (#53)
* Prefer application/x-ole-storage for Microsoft Office files. (#54)
* Prefer text/markdown for Markdown files. (#55)
* Prefer audio/mpc for Musepack audio files. (#56)
* Support audio/webm audio files. (#58)
* Support image/avif images files. (#63)
==== rubygem-puma ====
Version update (5.4.0 -> 5.5.0)
- updated to version 5.5.0
* Features
* Automatic SSL certificate provisioning for localhost, via localhost gem ([#2610], [#2257])
* add support for the PROXY protocol (v1 only) ([#2654], [#2651])
* Add a semantic CLI option for no config file ([#2689])
* Bugfixes
* More elaborate exception handling - lets some dead pumas die. ([#2700], [#2699])
* allow multiple after_worker_fork hooks ([#2690])
* Preserve BUNDLE_APP_CONFIG on worker fork ([#2688], [#2687])
* Performance
* Fix performance of server-side SSL connection close. ([#2675])
==== rubygem-rubocop ====
Version update (1.19.1 -> 1.22.1)
- updated to version 1.22.1
[#]# 1.22.1 (2021-10-04)
[#]## Bug fixes
* [#10143](https://github.com/rubocop/rubocop/issues/10143): Fix an error for `Lint/RequireRelativeSelfPath` when using a variable as an argument of `require_relative`. ([@koic][])
* [#10140](https://github.com/rubocop/rubocop/issues/10140): Fix false positive for `Layout/DotPosition` when a heredoc receives a method on the same line as the start sigil in `trailing` style. ([@dvandersluis][])
* [#10148](https://github.com/rubocop/rubocop/issues/10148): Fix `Style/QuotedSymbols` handling escaped characters incorrectly. ([@dvandersluis][])
* [#10145](https://github.com/rubocop/rubocop/issues/10145): Update `Style/SelectByRegexp` to ignore cases where the receiver appears to be a hash. ([@dvandersluis][])
[#]# 1.22.0 (2021-09-29)
[#]## New features
* [#8431](https://github.com/rubocop/rubocop/issues/8431): Add `Safety` section to documentation for all cops that are `Safe: false` or `SafeAutoCorrect: false`. ([@dvandersluis][])
* [#10132](https://github.com/rubocop/rubocop/issues/10132): Reorganize output of `rubocop --help` for better clarity. ([@dvandersluis][])
* [#10111](https://github.com/rubocop/rubocop/pull/10111): Add new `Style/NumberedParametersLimit` cop. ([@dvandersluis][])
* [#10025](https://github.com/rubocop/rubocop/pull/10025): Changed cop `SpaceInsideParens` to include a `compact` style. ([@itay-grudev][])
* [#10084](https://github.com/rubocop/rubocop/issues/10084): Add new `Lint/RequireRelativeSelfPath` cop. ([@koic][])
* [#8327](https://github.com/rubocop/rubocop/issues/8327): Add new cop `Style/SelectByRegexp`. ([@dvandersluis][])
* [#10100](https://github.com/rubocop/rubocop/pull/10100): Add new `Style/NumberedParameters` cop. ([@Hugo-Hache][])
* [#10103](https://github.com/rubocop/rubocop/issues/10103): Add `AllowHttpProtocol` option to `Bundler/InsecureProtocolSource`. ([@koic][])
* [#10102](https://github.com/rubocop/rubocop/pull/10102): Add new `Security/IoMethods` cop. ([@koic][])
[#]## Bug fixes
* [#10110](https://github.com/rubocop/rubocop/issues/10110): Update `Layout/DotPosition` to be able to handle heredocs. ([@dvandersluis][])
* [#10134](https://github.com/rubocop/rubocop/issues/10134): Update `Style/MutableConstant` to not consider multiline uninterpolated strings as unfrozen in ruby 3.0. ([@dvandersluis][])
* [#10124](https://github.com/rubocop/rubocop/pull/10124): Fix `Layout/RedundantLineBreak` adding extra space within method chains. ([@dvandersluis][])
* [#10118](https://github.com/rubocop/rubocop/issues/10118): Fix crash with `Style/RedundantSort` when the block doesn't only contain a single `send` node. ([@dvandersluis][])
* [#10135](https://github.com/rubocop/rubocop/issues/10135): Fix `Style/WordArray` to exclude files in `--auto-gen-config` when `percent` style is given but brackets are required. ([@dvandersluis][])
* [#10090](https://github.com/rubocop/rubocop/issues/10090): Fix a false negative for `Style/ArgumentsForwarding` when using only kwrest arg. ([@koic][])
* [#10099](https://github.com/rubocop/rubocop/pull/10099): Update`Style/RedundantFreeze` to stop considering `ENV` values as immutable. ([@byroot][])
* [#10078](https://github.com/rubocop/rubocop/pull/10078): Fix `Layout/LineLength` reported length when ignoring directive comments. ([@dvandersluis][])
* [#9934](https://github.com/rubocop/rubocop/issues/9934): Fix configuration loading to not raise an error for an obsolete ruby version that is subsequently overridden. ([@dvandersluis][])
* [#10136](https://github.com/rubocop/rubocop/issues/10136): Update `Lint/AssignmentInCondition` to not consider assignments within blocks in conditions. ([@dvandersluis][])
* [#9588](https://github.com/rubocop/rubocop/issues/9588): Fix causing a variable to be shadowed from outside the rescue block in the logic of Naming/RescuedExceptionsVariableName. ([@lilisako][])
* [#10096](https://github.com/rubocop/rubocop/issues/10096): Fix `Lint/AmbiguousOperatorPrecedence` with `and`/`or` operators. ([@dvandersluis][])
* [#10106](https://github.com/rubocop/rubocop/issues/10106): Fix `Style/RedundantSelf` for pattern matching. ([@dvandersluis][])
* [#10066](https://github.com/rubocop/rubocop/issues/10066): Fix how `MinDigits` is calculated for `Style/NumericLiterals` when generating a configuration file. ([@dvandersluis][])
[#]## Changes
* [#10088](https://github.com/rubocop/rubocop/pull/10088): Update `Lint/BooleanSymbol` to be `SafeAutoCorrect: false` rather than `Safe: false`. ([@dvandersluis][])
* [#10122](https://github.com/rubocop/rubocop/pull/10122): Update `Style/RedundantSort` to be unsafe, and revert the special case for `size` from [#10061](https://github.com/rubocop/rubocop/pull/10061). ([@dvandersluis][])
* [#10130](https://github.com/rubocop/rubocop/issues/10130): Update `Lint/ElseLayout` to be able to handle an `else` with only a single line. ([@dvandersluis][])
[#]# 1.21.0 (2021-09-13)
[#]## New features
* [#7849](https://github.com/rubocop/rubocop/issues/7849): Add new `Lint/AmbiguousOperatorPrecedence` cop. ([@dvandersluis][])
* [#9061](https://github.com/rubocop/rubocop/issues/9061): Add new `Lint/IncompatibleIoSelectWithFiberScheduler` cop. ([@koic][])
[#]## Bug fixes
* [#10067](https://github.com/rubocop/rubocop/pull/10067): Fix an error for `Lint/NumberConversion` when using nested number conversion methods. ([@koic][])
* [#10054](https://github.com/rubocop/rubocop/pull/10054): Fix a false positive for `Layout/SpaceAroundOperators` when match operators between `<<` and `+=`. ([@koic][])
* [#10061](https://github.com/rubocop/rubocop/issues/10061): Fix a false positive for `Style/RedundantSort` when using `size` method in the block. ([@koic][])
* [#10063](https://github.com/rubocop/rubocop/pull/10063): Fix a false positive for `Layout/SingleLineBlockChain` when method call chained on a new line after a single line block with trailing dot. ([@koic][])
* [#10064](https://github.com/rubocop/rubocop/pull/10064): Fix `Style/ExplicitBlockArgument` corrector assuming any existing block argument was named `block`. ([@byroot][])
* [#10070](https://github.com/rubocop/rubocop/issues/10070): Fix a false positive for `Style/MutableConstant` when using non-interpolated heredoc in Ruby 3.0. ([@koic][])
[#]## Changes
* [#9674](https://github.com/rubocop/rubocop/issues/9674): Disable `Style/AsciiComments` by default. ([@dvandersluis][])
* [#10051](https://github.com/rubocop/rubocop/pull/10051): Improve the messaging for `Style/Documentation` to be more clear about what class/module needs documentation. ([@dvandersluis][])
* [#10074](https://github.com/rubocop/rubocop/pull/10074): Update `Naming/InclusiveLanguage` to be disabled by default. ([@dvandersluis][])
* [#10068](https://github.com/rubocop/rubocop/pull/10068): Mark `Style/AndOr` as unsafe auto-correction. ([@koic][])
[#]# 1.20.0 (2021-08-26)
[#]## New features
* [#10040](https://github.com/rubocop/rubocop/pull/10040): Make `Lint/Debugger` aware of debug.rb. ([@koic][])
* [#9580](https://github.com/rubocop/rubocop/issues/9580): Add a new cop that enforces which bundler gem file to use. ([@gregfletch][])
[#]## Bug fixes
* [#10033](https://github.com/rubocop/rubocop/issues/10033): Fix an incorrect auto-correct for `Style/BlockDelimiters` when there is a comment after the closing brace and using method chanin. ([@koic][])
* [#6630](https://github.com/rubocop/rubocop/issues/6630): Updated `Style/CommentAnnotation` to be able to handle multiword keyword phrases. ([@dvandersluis][])
* [#7836](https://github.com/rubocop/rubocop/issues/7836): Update `Style/BlockDelimeters` to add `begin`...`end` when converting a block containing `rescue` or `ensure` to braces. ([@dvandersluis][])
* [#10031](https://github.com/rubocop/rubocop/issues/10031): Fix a false positive for `Style/HashExcept` when comparing with hash value. ([@koic][])
[#]## Changes
* [#10034](https://github.com/rubocop/rubocop/pull/10034): Add `RubyJard` debugger calls to Lint/Debugger/DebuggerMethods. ([@DanielVartanov][])
* [#10006](https://github.com/rubocop/rubocop/pull/10006): Interpolated string literals are no longer frozen since Ruby 3.0. ([@splattael][])
* [#9328](https://github.com/rubocop/rubocop/issues/9328): Recognize shareable_constant_value magic comment. ([@thearjunmdas][], [@caalberts][])
* [#10036](https://github.com/rubocop/rubocop/issues/10036): Mark `Style/StructInheritance` as unsafe auto-correction. ([@koic][])
==== rubygem-rubocop-ast ====
Version update (1.11.0 -> 1.12.0)
- updated to version 1.12.0
[#]## Bug fixes
* [#208](https://github.com/rubocop/rubocop-ast/issues/208): Update `MethodDispatchNode#block_literal?` to return true for `numblock`s. ([@dvandersluis][])
==== rubygem-spring ====
Version update (2.1.1 -> 3.0.0)
Subpackages: ruby2.7-rubygem-spring ruby3.0-rubygem-spring
- updated to version 3.0.0
* Require applications to have reloading enabled in the managed environments.
* Require Ruby 2.5.
* Require Rails 5.2.
==== rubygem-unicode-display_width ====
Version update (2.0.0 -> 2.1.0)
- updated to version 2.1.0
* Unicode 14.0
==== virt-manager ====
Subpackages: virt-install virt-manager-common
- bsc#1191356 - virt-manager should not depend on gtk4
Modified files:
virt-manager.spec
virtman-dont-specify-gtksource-version.patch
virtman-dont-specify-vte-version.patch
- jsc#SLE-20856 Dev: KVM: Enable vfio-ccw and vfio-ap in virt-* tools
965480e8-virt-install-add-mediated-device.patch
==== virtualbox ====
Subpackages: virtualbox-guest-tools virtualbox-guest-x11
- Fix ldconfig invocation in scriptlets
- Remove vbox-fix-usb-rules.sh from qt package to avoid file conflict
- Fix build failures in Leap 15.1 and Leap 15.2 due to kmk_sed issues.
- Finish UsrMerge for VirtualBox components (boo#1191104).
==== virtualbox-kmp ====
- Fix ldconfig invocation in scriptlets
- Remove vbox-fix-usb-rules.sh from qt package to avoid file conflict
- Fix build failures in Leap 15.1 and Leap 15.2 due to kmk_sed issues.
- Finish UsrMerge for VirtualBox components (boo#1191104).
==== xwayland ====
- Specfile cleanup
==== yarn ====
Version update (1.22.11 -> 1.22.13)
- update to 1.22.13:
https://github.com/yarnpkg/yarn/releases/tag/v1.22.13
==== yast2-trans ====
Version update (84.87.20210914.a5d6b81b64 -> 84.87.20210929.6d3a97ea50)
Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu
- Update to version 84.87.20210929.6d3a97ea50:
* New POT for text domain 'nfs'.
* New POT for text domain 'network'.
* Translated using Weblate (Italian)
* Translated using Weblate (Italian)
* Translated using Weblate (Italian)
* New POT for text domain 'cluster'.
* Translated using Weblate (Turkish)
* Translated using Weblate (Turkish)
* Translated using Weblate (Turkish)
* Translated using Weblate (Turkish)
* New POT for text domain 'network'.
* Translated using Weblate (Greek)
* Translated using Weblate (Greek)
* New POT for text domain 'add-on'.
* Translated using Weblate (Czech)
* New POT for text domain 'base'.
* Translated using Weblate (Portuguese (Brazil))
* Translated using Weblate (Portuguese (Brazil))
* Translated using Weblate (Slovak)
* Translated using Weblate (Dutch)
* Translated using Weblate (Catalan)
* Translated using Weblate (Japanese)
* New POT for text domain 'packager'.
* New POT for text domain 'online-update'.
* New POT for text domain 'bootloader'.
* New POT for text domain 'base'.
* Translated using Weblate (Turkish)
* Translated using Weblate (Turkish)
* Translated using Weblate (Turkish)
* Translated using Weblate (Turkish)
* Translated using Weblate (Turkish)
* Translated using Weblate (Turkish)
* Translated using Weblate (Turkish)
* Translated using Weblate (Turkish)
* Translated using Weblate (Turkish)
* Translated using Weblate (Turkish)
* Translated using Weblate (Turkish)
1
0
Hi,
In Tumbleweed, we have libz-ng-compat1 which can be a drop-in replacement of libz1.
The problem is zypper drop the previous package, before installing the new one, but the lib is required to extract the new RPM.
Any idea how to solve this problem in the spec file?
Log:
********************************************************************************
sudo zypper in libz-ng-compat1
Loading repository data...
Reading installed packages...
Resolving package dependencies...
Problem: the to be installed libz-ng-compat1-2.0.5-1.1.aarch64 conflicts with 'libz1' provided by the installed libz1-1.2.11-18.10.aarch64
Solution 1: deinstallation of libz1-1.2.11-18.10.aarch64
Solution 2: do not install libz-ng-compat1-2.0.5-1.1.aarch64
Choose from above solutions by number or cancel [1/2/c/d/?] (c): 1
Resolving dependencies...
Resolving package dependencies...
The following NEW package is going to be installed:
libz-ng-compat1
The following package is going to be REMOVED:
libz1
1 new package to install, 1 to remove.
Overall download size: 67.9 KiB. Already cached: 0 B. After the operation, 5.7 KiB will be freed.
Continue? [y/n/v/...? shows all options] (y):
Retrieving package libz-ng-compat1-2.0.5-1.1.aarch64 (1/1), 67.9 KiB (142.4 KiB unpacked)
Retrieving: libz-ng-compat1-2.0.5-1.1.aarch64.rpm ......................................................................................................................................................................................................................[done]
Checking for file conflicts: ...........................................................................................................................................................................................................................................[done]
(1/2) Removing libz1-1.2.11-18.10.aarch64 ..............................................................................................................................................................................................................................[done]
(2/2) Installing: libz-ng-compat1-2.0.5-1.1.aarch64 ...................................................................................................................................................................................................................[error]
Installation of libz-ng-compat1-2.0.5-1.1.aarch64 failed:
Error: Subprocess failed. Error: RPM failed: rpm: error while loading shared libraries: libz.so.1: cannot open shared object file: No such file or directory
Abort, retry, ignore? [a/r/i] (a):
Problem occurred during or after installation or removal of packages:
Installation has been aborted as directed.
Please see the above error message for a hint.
********************************************************************************
Cheers,
Guillaume
2
2
3
3
Dear Package maintainers and hackers.
Below package(s) in openSUSE:Factory have been failing to build for at
least 4 weeks. We tried to send out notifications to the
configured bugowner/maintainers of the package(s), but so far no
fix has been submitted. This probably means that the
maintainer/bugowner did not yet find the time to look into the
matter and he/she would certainly appreciate help to get this
sorted.
- libraqm
- plasma-mycroft
- rabbitmq-server
Unless somebody is stepping up and submitting fixes, the listed
package(s) are going to be removed from openSUSE:Factory.
Kind regards,
DimStar / Dominique Leuenberger <dimstar(a)opensuse.org>
3
2
Dear Package maintainers and hackers.
Below package(s) in openSUSE:Factory have been failing to build for at
least 4 weeks. We tried to send out notifications to the
configured bugowner/maintainers of the package(s), but so far no
fix has been submitted. This probably means that the
maintainer/bugowner did not yet find the time to look into the
matter and he/she would certainly appreciate help to get this
sorted.
- soapy-remote
- soapy-uhd
Unless somebody is stepping up and submitting fixes, the listed
package(s) are going to be removed from openSUSE:Factory.
Kind regards,
DimStar / Dominique Leuenberger <dimstar(a)opensuse.org>
2
1
- mtpaint - Painting program for creating icons and pixel-based artwork.
It was dropped from Factory some time ago due to build failures. I fixed
it and submitted for inclusion again.
- ip2unix - Turn IP sockets into Unix domain sockets.
- bmap-tools - Tools to generate block map (AKA bmap) and flash images
using bmap.
Useful for users of Yocto Project.
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&versio…
Please do not reply to this email to report issues, rather file a bug
on bugzilla.opensuse.org. For more information on filing bugs please
see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
Mesa
apache2 (2.4.49 -> 2.4.51)
apache2-manual (2.4.49 -> 2.4.51)
apache2-prefork (2.4.49 -> 2.4.51)
apache2-utils (2.4.49 -> 2.4.51)
bash
bolt
ca-certificates-mozilla (2.50 -> 2.52)
cepces
cogl
e2fsprogs
elfutils
elfutils-debuginfod
filesystem
gawk
gtk4
hiredis (1.0.0 -> 1.0.2)
hxtools (20210803 -> 20210928)
k4dirstat (3.2.2 -> 3.3.0)
kernel-source (5.14.6 -> 5.14.9)
ldb (2.3.0 -> 2.4.0)
libcap (2.51 -> 2.59)
libjpeg-turbo
libsolv (0.7.19 -> 0.7.20)
libsoup2
libstorage-ng (4.4.41 -> 4.4.43)
llvm12
lz4
mhvtl (1.63_release+759.35ddb48e5262_k5.14.6_2 -> 1.63_release+759.35ddb48e5262_k5.14.9_1)
mozilla-nss (3.69.1 -> 3.70)
opensc (0.21.0 -> 0.22.0)
python-lazr.config (2.2.2 -> 2.2.3)
redis (6.2.5 -> 6.2.6)
rng-tools
rubygem-sassc-2.2
samba (4.14.6+git.182.2205d5224e3 -> 4.15.0+git.185.378416e547c)
squid (4.16 -> 5.2)
step (21.08.1 -> 21.08.2)
suse-module-tools (16.0.10+7 -> 16.0.11)
sweeper (21.08.1 -> 21.08.2)
tar
texinfo
timezone (2021a -> 2021c)
timezone-java (2021a -> 2021c)
transactional-update (3.5.5 -> 3.5.6)
trousers
umbrello (21.08.1 -> 21.08.2)
yakuake (21.08.1 -> 21.08.2)
=== Details ===
==== Mesa ====
Subpackages: Mesa-dri-devel Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1
- Fix build with LLVM 13:
* U_gallivm-add-new-wrapper-around-Module.patch
* U_gallivm-fix-FTBFS-on-i386-with-LLVM-13.patch
==== apache2 ====
Version update (2.4.49 -> 2.4.51)
- version update to 2.4.51
* ) SECURITY: CVE-2021-42013: Path Traversal and Remote Code
Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete
fix of CVE-2021-41773) (cve.mitre.org)
* ) core: Add ap_unescape_url_ex() for better decoding control, and deprecate
unused AP_NORMALIZE_DROP_PARAMETERS flag.
- version update to 2.4.50
* ) core: AP_NORMALIZE_DECODE_UNRESERVED should normalize the second dot in
the uri-path when it's preceded by a dot. [Yann Ylavic]
* ) mod_md: when MDMessageCmd for a 'challenge-setup:<type>:<dnsname>'
fails (!= 0 exit), the renewal process is aborted and an error is
reported for the MDomain. This provides scripts that distribute
information in a cluster to abort early with bothering an ACME
server to validate a dns name that will not work. The common
retry logic will make another attempt in the future, as with
other failures.
Fixed a bug when adding private key specs to an already working
MDomain, see <https://github.com/icing/mod_md/issues/260>.
[Stefan Eissing]
* ) mod_proxy: Handle UDS URIs with empty hostname ("unix:///...") as if they
had no hostname ("unix:/..."). [Yann Ylavic]
* ) mod_md: fixed a bug in handling multiple parallel OCSP requests. These could
run into an assertion which terminated (and restarted) the child process where
the task was running. Eventually, all OCSP responses were collected, but not
in the way that things are supposed to work.
See also <https://bz.apache.org/bugzilla/show_bug.cgi?id=65567>.
The bug was possibly triggered when more than one OCSP status needed updating
at the same time. For example for several renewed certificates after a server
reload.
* ) mod_rewrite: Fix UDS ("unix:") scheme for [P] rules. PR 57691 + 65590.
[Janne Peltonen <janne.peltonen sange.fi>]
* ) event mpm: Correctly count active child processes in parent process if
child process dies due to MaxConnectionsPerChild.
PR 65592 [Ruediger Pluem]
* ) mod_http2: when a server is restarted gracefully, any idle h2 worker
threads are shut down immediately.
Also, change OpenSSL API use for deprecations in OpenSSL 3.0.
Adds all other, never proposed code changes to make a clean
sync of http2 sources. [Stefan Eissing]
* ) mod_dav: Correctly handle errors returned by dav providers on REPORT
requests. [Ruediger Pluem]
* ) core: do not install core input/output filters on secondary
connections. [Stefan Eissing]
* ) core: Add ap_pre_connection() as a wrapper to ap_run_pre_connection()
and use it to prevent that failures in running the pre_connection
hook cause crashes afterwards. [Ruediger Pluem]
* ) mod_speling: Add CheckBasenameMatch PR 44221. [Christophe Jaillet]
==== apache2-manual ====
Version update (2.4.49 -> 2.4.51)
- version update to 2.4.51
* ) SECURITY: CVE-2021-42013: Path Traversal and Remote Code
Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete
fix of CVE-2021-41773) (cve.mitre.org)
* ) core: Add ap_unescape_url_ex() for better decoding control, and deprecate
unused AP_NORMALIZE_DROP_PARAMETERS flag.
- version update to 2.4.50
* ) core: AP_NORMALIZE_DECODE_UNRESERVED should normalize the second dot in
the uri-path when it's preceded by a dot. [Yann Ylavic]
* ) mod_md: when MDMessageCmd for a 'challenge-setup:<type>:<dnsname>'
fails (!= 0 exit), the renewal process is aborted and an error is
reported for the MDomain. This provides scripts that distribute
information in a cluster to abort early with bothering an ACME
server to validate a dns name that will not work. The common
retry logic will make another attempt in the future, as with
other failures.
Fixed a bug when adding private key specs to an already working
MDomain, see <https://github.com/icing/mod_md/issues/260>.
[Stefan Eissing]
* ) mod_proxy: Handle UDS URIs with empty hostname ("unix:///...") as if they
had no hostname ("unix:/..."). [Yann Ylavic]
* ) mod_md: fixed a bug in handling multiple parallel OCSP requests. These could
run into an assertion which terminated (and restarted) the child process where
the task was running. Eventually, all OCSP responses were collected, but not
in the way that things are supposed to work.
See also <https://bz.apache.org/bugzilla/show_bug.cgi?id=65567>.
The bug was possibly triggered when more than one OCSP status needed updating
at the same time. For example for several renewed certificates after a server
reload.
* ) mod_rewrite: Fix UDS ("unix:") scheme for [P] rules. PR 57691 + 65590.
[Janne Peltonen <janne.peltonen sange.fi>]
* ) event mpm: Correctly count active child processes in parent process if
child process dies due to MaxConnectionsPerChild.
PR 65592 [Ruediger Pluem]
* ) mod_http2: when a server is restarted gracefully, any idle h2 worker
threads are shut down immediately.
Also, change OpenSSL API use for deprecations in OpenSSL 3.0.
Adds all other, never proposed code changes to make a clean
sync of http2 sources. [Stefan Eissing]
* ) mod_dav: Correctly handle errors returned by dav providers on REPORT
requests. [Ruediger Pluem]
* ) core: do not install core input/output filters on secondary
connections. [Stefan Eissing]
* ) core: Add ap_pre_connection() as a wrapper to ap_run_pre_connection()
and use it to prevent that failures in running the pre_connection
hook cause crashes afterwards. [Ruediger Pluem]
* ) mod_speling: Add CheckBasenameMatch PR 44221. [Christophe Jaillet]
==== apache2-prefork ====
Version update (2.4.49 -> 2.4.51)
- version update to 2.4.51
* ) SECURITY: CVE-2021-42013: Path Traversal and Remote Code
Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete
fix of CVE-2021-41773) (cve.mitre.org)
* ) core: Add ap_unescape_url_ex() for better decoding control, and deprecate
unused AP_NORMALIZE_DROP_PARAMETERS flag.
- version update to 2.4.50
* ) core: AP_NORMALIZE_DECODE_UNRESERVED should normalize the second dot in
the uri-path when it's preceded by a dot. [Yann Ylavic]
* ) mod_md: when MDMessageCmd for a 'challenge-setup:<type>:<dnsname>'
fails (!= 0 exit), the renewal process is aborted and an error is
reported for the MDomain. This provides scripts that distribute
information in a cluster to abort early with bothering an ACME
server to validate a dns name that will not work. The common
retry logic will make another attempt in the future, as with
other failures.
Fixed a bug when adding private key specs to an already working
MDomain, see <https://github.com/icing/mod_md/issues/260>.
[Stefan Eissing]
* ) mod_proxy: Handle UDS URIs with empty hostname ("unix:///...") as if they
had no hostname ("unix:/..."). [Yann Ylavic]
* ) mod_md: fixed a bug in handling multiple parallel OCSP requests. These could
run into an assertion which terminated (and restarted) the child process where
the task was running. Eventually, all OCSP responses were collected, but not
in the way that things are supposed to work.
See also <https://bz.apache.org/bugzilla/show_bug.cgi?id=65567>.
The bug was possibly triggered when more than one OCSP status needed updating
at the same time. For example for several renewed certificates after a server
reload.
* ) mod_rewrite: Fix UDS ("unix:") scheme for [P] rules. PR 57691 + 65590.
[Janne Peltonen <janne.peltonen sange.fi>]
* ) event mpm: Correctly count active child processes in parent process if
child process dies due to MaxConnectionsPerChild.
PR 65592 [Ruediger Pluem]
* ) mod_http2: when a server is restarted gracefully, any idle h2 worker
threads are shut down immediately.
Also, change OpenSSL API use for deprecations in OpenSSL 3.0.
Adds all other, never proposed code changes to make a clean
sync of http2 sources. [Stefan Eissing]
* ) mod_dav: Correctly handle errors returned by dav providers on REPORT
requests. [Ruediger Pluem]
* ) core: do not install core input/output filters on secondary
connections. [Stefan Eissing]
* ) core: Add ap_pre_connection() as a wrapper to ap_run_pre_connection()
and use it to prevent that failures in running the pre_connection
hook cause crashes afterwards. [Ruediger Pluem]
* ) mod_speling: Add CheckBasenameMatch PR 44221. [Christophe Jaillet]
==== apache2-utils ====
Version update (2.4.49 -> 2.4.51)
- version update to 2.4.51
* ) SECURITY: CVE-2021-42013: Path Traversal and Remote Code
Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete
fix of CVE-2021-41773) (cve.mitre.org)
* ) core: Add ap_unescape_url_ex() for better decoding control, and deprecate
unused AP_NORMALIZE_DROP_PARAMETERS flag.
- version update to 2.4.50
* ) core: AP_NORMALIZE_DECODE_UNRESERVED should normalize the second dot in
the uri-path when it's preceded by a dot. [Yann Ylavic]
* ) mod_md: when MDMessageCmd for a 'challenge-setup:<type>:<dnsname>'
fails (!= 0 exit), the renewal process is aborted and an error is
reported for the MDomain. This provides scripts that distribute
information in a cluster to abort early with bothering an ACME
server to validate a dns name that will not work. The common
retry logic will make another attempt in the future, as with
other failures.
Fixed a bug when adding private key specs to an already working
MDomain, see <https://github.com/icing/mod_md/issues/260>.
[Stefan Eissing]
* ) mod_proxy: Handle UDS URIs with empty hostname ("unix:///...") as if they
had no hostname ("unix:/..."). [Yann Ylavic]
* ) mod_md: fixed a bug in handling multiple parallel OCSP requests. These could
run into an assertion which terminated (and restarted) the child process where
the task was running. Eventually, all OCSP responses were collected, but not
in the way that things are supposed to work.
See also <https://bz.apache.org/bugzilla/show_bug.cgi?id=65567>.
The bug was possibly triggered when more than one OCSP status needed updating
at the same time. For example for several renewed certificates after a server
reload.
* ) mod_rewrite: Fix UDS ("unix:") scheme for [P] rules. PR 57691 + 65590.
[Janne Peltonen <janne.peltonen sange.fi>]
* ) event mpm: Correctly count active child processes in parent process if
child process dies due to MaxConnectionsPerChild.
PR 65592 [Ruediger Pluem]
* ) mod_http2: when a server is restarted gracefully, any idle h2 worker
threads are shut down immediately.
Also, change OpenSSL API use for deprecations in OpenSSL 3.0.
Adds all other, never proposed code changes to make a clean
sync of http2 sources. [Stefan Eissing]
* ) mod_dav: Correctly handle errors returned by dav providers on REPORT
requests. [Ruediger Pluem]
* ) core: do not install core input/output filters on secondary
connections. [Stefan Eissing]
* ) core: Add ap_pre_connection() as a wrapper to ap_run_pre_connection()
and use it to prevent that failures in running the pre_connection
hook cause crashes afterwards. [Ruediger Pluem]
* ) mod_speling: Add CheckBasenameMatch PR 44221. [Christophe Jaillet]
==== bash ====
Subpackages: bash-doc bash-lang
- Install bash_builtins manpage under the correct name
==== bolt ====
- Need in SLE
* Support for working with adapters without ROMs is needed
(jsc#SLE-19359)
==== ca-certificates-mozilla ====
Version update (2.50 -> 2.52)
- updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006)
- Added CAs:
+ HARICA Client ECC Root CA 2021
+ HARICA Client RSA Root CA 2021
+ HARICA TLS ECC Root CA 2021
+ HARICA TLS RSA Root CA 2021
+ TunTrust Root CA
- remove the DST_Root_CA_X3.pem trust, as it expires september 30th 2021.
(bsc#1190858)
==== cepces ====
Subpackages: cepces-certmonger cepces-selinux python3-cepces
- Only install the selinux policy if necessary
- Add missing dependency on the main package to the certmonger
subpackage
- Use %license and move it to the common subpackage
- Avoid bashisms
- Fix file list for the python subpackage for 3.10+
- Also disable selinux in 15.4, since it is still not supported.
==== cogl ====
Subpackages: cogl-lang libcogl-pango20 libcogl20 typelib-1_0-Cogl-1_0 typelib-1_0-CoglPango-1_0
- Add 2bd3cbed45d633fb15625d58e6b7cb8721b0ba98.patch: cogl-gles2:
Fix undefined references. Following this, add libtool
BuildRequires and pass autoreconf call before configure as the
patch touches the buildsystem.
- Add patches from fedora that should have gone upstream:
+ 0001-egl-Use-eglGetPlatformDisplay-not-eglGetDisplay.patch:
egl: Use eglGetPlatformDisplay not eglGetDisplay.
+ 0002-add-GL_ARB_shader_texture_lod-support.patch: Add
GL_ARB_shader_texture_lod support.
+ 0003-texture-support-copy_sub_image.patch: texture: Support
copy_sub_image.
==== e2fsprogs ====
Subpackages: e2fsprogs-scrub libcom_err2 libcom_err2-32bit libext2fs2
- quota-Add-support-to-version-0-quota-format.patch: quota: Add support to
version 0 quota format (jsc#SLE-17360)
quota-Fold-quota_read_all_dquots-into-quota_update_l.patch: quota: Fold
quota_read_all_dquots() into quota_update_limits() (jsc#SLE-17360)
quota-Rename-quota_update_limits-to-quota_read_all_d.patch: quota: Rename
quota_update_limits() to quota_read_all_dquots() (jsc#SLE-17360)
tune2fs-Fix-conversion-of-quota-files.patch: tune2fs: Fix conversion of quota
files (jsc#SLE-17360)
e2fsck-Do-not-trash-user-limits-when-processing-orph.patch: e2fsck: Do not
trash user limits when processing orphan list (jsc#SLE-17360)
debugfs-Fix-headers-for-quota-commands.patch: debugfs: Fix headers for quota
commands (jsc#SLE-17360)
quota-Drop-dead-code.patch: quota: Drop dead code (jsc#SLE-17360)
- add these not yet released fixes to e2fsprogs package so that SLE15-SP4 ships
with them
==== elfutils ====
Subpackages: elfutils-lang libasm1 libdw1 libelf1
- Enhance license fields: all the libraries actually have a different
license to the tools. While the tools are GPL-3.0-or-later, the
libraries are (LGPL-3.0-or-later OR GPL-2.0-or-later)
SLE bug (for tracking the above) bsc#1191310
==== elfutils-debuginfod ====
- Enhance license fields: all the libraries actually have a different
license to the tools. While the tools are GPL-3.0-or-later, the
libraries are (LGPL-3.0-or-later OR GPL-2.0-or-later)
==== filesystem ====
- don't perform UsrMerge if ZYPP_SINGLE_RPMTRANS is set. Rely on
file trigger compat mode in that case and do it posttrans
(boo#1189788).
- generic %ghost handling instead of hardcoding
==== gawk ====
- remove update-alternatives support, as on linux systems GNU software
(i.e. gawk in this case) is usually considered the default implementation.
- use %make macros
==== gtk4 ====
Subpackages: gtk4-lang gtk4-schema libgtk-4-1 typelib-1_0-Gtk-4_0
- Fix a syntax error in the gtk4_immodule_postun RPM macro
==== hiredis ====
Version update (1.0.0 -> 1.0.2)
- hiredis 1.0.2
* Hiredis v1.0.2 is a security release with a fix for CVE-2021-32765.
v1.0.1 erroneously bumped the SONAME so should be skipped.
- hiredis 1.0.1:
* CVE-2021-32765: integer overflow if provided maliciously
crafted or corrupted RESP mult-bulk protocol data boo#1191331
==== hxtools ====
Version update (20210803 -> 20210928)
Subpackages: fd0ssh ofl
- Update to release 20210928
* vfontas: add recognition for BDF glyphs as produced by
fontforge from PCF
* kbd: map beta to eszett on cp437x
* vfontas: recognize "idem" lines in kbd unimaps
* vfontas: add -setbold, -setprop, -lgeu, -lgeuf commands
==== k4dirstat ====
Version update (3.2.2 -> 3.3.0)
Subpackages: k4dirstat-lang
- Update to 3.3.0
* Show free space in the status bar
* Refresh tree after deleting a file
* Fix a crash when clicking on the name column
* Quote %-escapes strings in the .desktop Exec key
* Fix all compilation warnings with Qt 5.15 and KDE 5.85
==== kernel-source ====
Version update (5.14.6 -> 5.14.9)
Subpackages: kernel-default kernel-docs
- ALSA: usb-audio: Restrict rates for the shared clocks
(bsc#1190418).
- commit d0ace7f
- Update
patches.kernel.org/5.14.9-147-Revert-drm-vc4-hdmi-runtime-PM-changes.patch
(bsc#1012628 bsc#1190469).
- Delete patches.suse/drm-vc4-hdmi-Fix-HPD-GPIO-detection.patch.
The former superseded the latter.
- commit 2bc4ba2
- Linux 5.14.9 (bsc#1012628).
- mm, hwpoison: add is_free_buddy_page() in HWPoisonHandlable()
(bsc#1012628).
- ocfs2: drop acl cache for directories too (bsc#1012628).
- mm/debug: sync up MR_CONTIG_RANGE and MR_LONGTERM_PIN
(bsc#1012628).
- mm: fix uninitialized use in overcommit_policy_handler
(bsc#1012628).
- usb: gadget: r8a66597: fix a loop in set_feature()
(bsc#1012628).
- usb: gadget: u_audio: EP-OUT bInterval in fback frequency
(bsc#1012628).
- usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave
(bsc#1012628).
- usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA
(bsc#1012628).
- usb: musb: tusb6010: uninitialized data in
tusb_fifo_write_unaligned() (bsc#1012628).
- cifs: Not to defer close on file when lock is set (bsc#1012628).
- cifs: Fix soft lockup during fsstress (bsc#1012628).
- cifs: fix incorrect check for null pointer in header_assemble
(bsc#1012628).
- xen/x86: fix PV trap handling on secondary processors
(bsc#1012628).
- usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c
(bsc#1012628).
- USB: serial: cp210x: add ID for GW Instek GDM-834x Digital
Multimeter (bsc#1012628).
- USB: cdc-acm: fix minor-number release (bsc#1012628).
- Revert "USB: bcma: Add a check for devm_gpiod_get"
(bsc#1012628).
- binder: make sure fd closes complete (bsc#1012628).
- binder: fix freeze race (bsc#1012628).
- staging: greybus: uart: fix tty use after free (bsc#1012628).
- usb: isp1760: do not sleep in field register poll (bsc#1012628).
- Re-enable UAS for LaCie Rugged USB3-FW with fk quirk
(bsc#1012628).
- usb: dwc3: core: balance phy init and exit (bsc#1012628).
- usb: cdns3: fix race condition before setting doorbell
(bsc#1012628).
- usb: core: hcd: Add support for deferring roothub registration
(bsc#1012628).
- USB: serial: mos7840: remove duplicated 0xac24 device ID
(bsc#1012628).
- USB: serial: option: add Telit LN920 compositions (bsc#1012628).
- USB: serial: option: remove duplicate USB device ID
(bsc#1012628).
- USB: serial: option: add device id for Foxconn T99W265
(bsc#1012628).
- misc: bcm-vk: fix tty registration race (bsc#1012628).
- misc: genwqe: Fixes DMA mask setting (bsc#1012628).
- mcb: fix error handling in mcb_alloc_bus() (bsc#1012628).
- KVM: rseq: Update rseq when processing NOTIFY_RESUME on xfer
to KVM guest (bsc#1012628).
- erofs: fix up erofs_lookup tracepoint (bsc#1012628).
- nexthop: Fix division by zero while replacing a resilient group
(bsc#1012628).
- btrfs: prevent __btrfs_dump_space_info() to underflow its free
space (bsc#1012628).
- xhci: Set HCD flag to defer primary roothub registration
(bsc#1012628).
- serial: 8250: 8250_omap: Fix RX_LVL register offset
(bsc#1012628).
- serial: mvebu-uart: fix driver's tx_empty callback
(bsc#1012628).
- scsi: sd_zbc: Ensure buffer size is aligned to SECTOR_SIZE
(bsc#1012628).
- drm/amd/pm: Update intermediate power state for SI
(bsc#1012628).
- net: hso: fix muxed tty registration (bsc#1012628).
- platform/x86: amd-pmc: Increase the response register timeout
(bsc#1012628).
- arm64: Restore forced disabling of KPTI on ThunderX
(bsc#1012628).
- arm64: Mitigate MTE issues with str{n}cmp() (bsc#1012628).
- comedi: Fix memory leak in compat_insnlist() (bsc#1012628).
- regulator: qcom-rpmh-regulator: fix pm8009-1 ldo7 resource name
(bsc#1012628).
- afs: Fix page leak (bsc#1012628).
- afs: Fix incorrect triggering of sillyrename on 3rd-party
invalidation (bsc#1012628).
- afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS
server (bsc#1012628).
- afs: Fix updating of i_blocks on file/dir extension
(bsc#1012628).
- platform/x86/intel: punit_ipc: Drop wrong use of ACPI_PTR()
(bsc#1012628).
- regulator: max14577: Revert "regulator: max14577: Add proper
module aliases strings" (bsc#1012628).
- NLM: Fix svcxdr_encode_owner() (bsc#1012628).
- virtio-net: fix pages leaking when building skb in big mode
(bsc#1012628).
- enetc: Fix illegal access when reading affinity_hint
(bsc#1012628).
- enetc: Fix uninitialized struct dim_sample field usage
(bsc#1012628).
- net: dsa: tear down devlink port regions when tearing down
the devlink port on error (bsc#1012628).
- net: bgmac-bcma: handle deferred probe error due to mac-address
(bsc#1012628).
- napi: fix race inside napi_enable (bsc#1012628).
- bnxt_en: Fix TX timeout when TX ring size is set to the smallest
(bsc#1012628).
- net: hns3: fix change RSS 'hfunc' ineffective issue
(bsc#1012628).
- net: hns3: fix inconsistent vf id print (bsc#1012628).
- net: hns3: fix misuse vf id and vport id in some logs
(bsc#1012628).
- net: hns3: check queue id range before using (bsc#1012628).
- net: hns3: check vlan id before using it (bsc#1012628).
- net: hns3: fix a return value error in hclge_get_reset_status()
(bsc#1012628).
- net/smc: add missing error check in smc_clc_prfx_set()
(bsc#1012628).
- net/smc: fix 'workqueue leaked lock' in smc_conn_abort_work
(bsc#1012628).
- net: dsa: fix dsa_tree_setup error path (bsc#1012628).
- net: dsa: don't allocate the slave_mii_bus using devres
(bsc#1012628).
- net: dsa: realtek: register the MDIO bus under devres
(bsc#1012628).
- platform/x86: dell: fix DELL_WMI_PRIVACY dependencies & build
error (bsc#1012628).
- kselftest/arm64: signal: Add SVE to the set of features we
can check for (bsc#1012628).
- kselftest/arm64: signal: Skip tests if required features are
missing (bsc#1012628).
- spi: Revert modalias changes (bsc#1012628).
- s390/qeth: fix NULL deref in qeth_clear_working_pool_list()
(bsc#1012628).
- gpiolib: acpi: Make set-debounce-timeout failures non fatal
(bsc#1012628).
- gpio: uniphier: Fix void functions to remove return value
(bsc#1012628).
- qed: rdma - don't wait for resources under hw error recovery
flow (bsc#1012628).
- mptcp: ensure tx skbs always have the MPTCP ext (bsc#1012628).
- nexthop: Fix memory leaks in nexthop notification chain
listeners (bsc#1012628).
- nfc: st-nci: Add SPI ID matching DT compatible (bsc#1012628).
- net: ethernet: mtk_eth_soc: avoid creating duplicate offload
entries (bsc#1012628).
- net: mscc: ocelot: fix forwarding from BLOCKING ports remaining
enabled (bsc#1012628).
- net/mlx4_en: Don't allow aRFS for encapsulated packets
(bsc#1012628).
- atlantic: Fix issue in the pm resume flow (bsc#1012628).
- drm/amdkfd: map SVM range with correct access permission
(bsc#1012628).
- drm/amdkfd: fix dma mapping leaking warning (bsc#1012628).
- scsi: iscsi: Adjust iface sysfs attr detection (bsc#1012628).
- scsi: target: Fix the pgr/alua_support_store functions
(bsc#1012628).
- tty: synclink_gt: rename a conflicting function name
(bsc#1012628).
- fpga: machxo2-spi: Return an error on failure (bsc#1012628).
- fpga: machxo2-spi: Fix missing error code in
machxo2_write_complete() (bsc#1012628).
- x86/fault: Fix wrong signal when vsyscall fails with pkey
(bsc#1012628).
- nvme-tcp: fix incorrect h2cdata pdu offset accounting
(bsc#1012628).
- nvme: keep ctrl->namespaces ordered (bsc#1012628).
- thermal/core: Potential buffer overflow in
thermal_build_list_of_policies() (bsc#1012628).
- cifs: fix a sign extension bug (bsc#1012628).
- scsi: sd_zbc: Support disks with more than 2**32 logical blocks
(bsc#1012628).
- scsi: ufs: Revert "Utilize Transfer Request List Completion
Notification Register" (bsc#1012628).
- scsi: ufs: Retry aborted SCSI commands instead of completing
these successfully (bsc#1012628).
- scsi: ufs: core: Unbreak the reset handler (bsc#1012628).
- scsi: qla2xxx: Restore initiator in dual mode (bsc#1012628).
- scsi: lpfc: Use correct scnprintf() limit (bsc#1012628).
- irqchip/goldfish-pic: Select GENERIC_IRQ_CHIP to fix build
(bsc#1012628).
- irqchip/gic-v3-its: Fix potential VPE leak on error
(bsc#1012628).
- md: fix a lock order reversal in md_alloc (bsc#1012628).
- x86/asm: Fix SETZ size enqcmds() build failure (bsc#1012628).
- io_uring: fix race between poll completion and cancel_hash
insertion (bsc#1012628).
- io_uring: fix missing set of EPOLLONESHOT for CQ ring overflow
(bsc#1012628).
- io_uring: put provided buffer meta data under memcg accounting
(bsc#1012628).
- io_uring: don't punt files update to io-wq unconditionally
(bsc#1012628).
- blktrace: Fix uaf in blk_trace access after removing by sysfs
(bsc#1012628).
- net: phylink: Update SFP selected interface on advertising
changes (bsc#1012628).
- net: macb: fix use after free on rmmod (bsc#1012628).
- net: stmmac: allow CSR clock of 300MHz (bsc#1012628).
- blk-mq: avoid to iterate over stale request (bsc#1012628).
- m68k: Double cast io functions to unsigned long (bsc#1012628).
- ipv6: delay fib6_sernum increase in fib6_add (bsc#1012628).
- dma-debug: prevent an error message from causing runtime
problems (bsc#1012628).
- cpufreq: intel_pstate: Override parameters if HWP forced by BIOS
(bsc#1012628).
- bpf: Add oversize check before call kvcalloc() (bsc#1012628).
- xen/balloon: use a kernel thread instead a workqueue
(bsc#1012628).
- nvme-multipath: fix ANA state updates when a namespace is not
present (bsc#1012628).
- nvme-rdma: destroy cm id before destroy qp to avoid use after
free (bsc#1012628).
- sparc32: page align size in arch_dma_alloc (bsc#1012628).
- amd/display: downgrade validation failure log level
(bsc#1012628).
- drm/ttm: fix type mismatch error on sparc64 (bsc#1012628).
- block: check if a profile is actually registered in
blk_integrity_unregister (bsc#1012628).
- block: flush the integrity workqueue in blk_integrity_unregister
(bsc#1012628).
- blk-cgroup: fix UAF by grabbing blkcg lock before destroying
blkg pd (bsc#1012628).
- compiler.h: Introduce absolute_pointer macro (bsc#1012628).
- net: i825xx: Use absolute_pointer for memcpy from fixed memory
location (bsc#1012628).
- sparc: avoid stringop-overread errors (bsc#1012628).
- qnx4: avoid stringop-overread errors (bsc#1012628).
- parisc: Use absolute_pointer() to define PAGE0 (bsc#1012628).
- drm/amdkfd: make needs_pcie_atomics FW-version dependent
(bsc#1012628).
- drm/amd/display: Fix unstable HPCP compliance on Chrome Barcelo
(bsc#1012628).
- drm/amd/display: Link training retry fix for abort case
(bsc#1012628).
- amd/display: enable panel orientation quirks (bsc#1012628).
- arm64: Mark __stack_chk_guard as __ro_after_init (bsc#1012628).
- alpha: Declare virt_to_phys and virt_to_bus parameter as
pointer to volatile (bsc#1012628).
- net: 6pack: Fix tx timeout and slot time (bsc#1012628).
- spi: Fix tegra20 build with CONFIG_PM=n (bsc#1012628).
- libperf evsel: Make use of FD robust (bsc#1012628).
- Revert drm/vc4 hdmi runtime PM changes (bsc#1012628).
- EDAC/synopsys: Fix wrong value type assignment for edac_mode
(bsc#1012628).
- EDAC/dmc520: Assign the proper type to dimm->edac_mode
(bsc#1012628).
- x86/setup: Call early_reserve_memory() earlier (bsc#1012628).
- thermal/drivers/int340x: Do not set a wrong tcc offset on resume
(bsc#1012628).
- irqchip/armada-370-xp: Fix ack/eoi breakage (bsc#1012628).
- arm64: add MTE supported check to thread switching and syscall
entry/exit (bsc#1012628).
- USB: serial: cp210x: fix dropped characters with CP2102
(bsc#1012628).
- software node: balance refcount for managed software nodes
(bsc#1012628).
- xen/balloon: fix balloon kthread freezing (bsc#1012628).
- qnx4: work around gcc false positive warning bug (bsc#1012628).
- usb: gadget: f_uac2: Add missing companion descriptor for
feedback EP (bsc#1012628).
- usb: gadget: f_uac2: Populate SS descriptors' wBytesPerInterval
(bsc#1012628).
- Refresh patches.suse/drm-vc4-hdmi-Fix-HPD-GPIO-detection.patch.
- commit 85f5318
- arm64: Update config files. (bsc#1185927)
Set PINCTRL_ZYNQMP as build-in.
- commit 4ae263c
- blacklist.conf: add idxd commit
- commit 06dbf6b
- nvmet: fix a width vs precision bug in
nvmet_subsys_attr_serial_show() (git-fixes).
- commit fef4ef0
- Linux 5.14.8 (bsc#1012628).
- drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (bsc#1012628).
- selinux,smack: fix subjective/objective credential use mixups
(bsc#1012628).
- io_uring: fix off-by-one in BUILD_BUG_ON check of
__REQ_F_LAST_BIT (bsc#1012628).
- cifs: properly invalidate cached root handle when closing it
(bsc#1012628).
- sched/idle: Make the idle timer expire in hard interrupt context
(bsc#1012628).
- rtc: rx8010: select REGMAP_I2C (bsc#1012628).
- blk-mq: allow 4x BLK_MAX_REQUEST_COUNT at blk_plug for
multiple_queues (bsc#1012628).
- blk-throttle: fix UAF by deleteing timer in blk_throtl_exit()
(bsc#1012628).
- block: genhd: don't call blkdev_show() with major_names_lock
held (bsc#1012628).
- nvmet: fixup buffer overrun in nvmet_subsys_attr_serial()
(bsc#1012628).
- pwm: stm32-lp: Don't modify HW state in .remove() callback
(bsc#1012628).
- pwm: rockchip: Don't modify HW state in .remove() callback
(bsc#1012628).
- pwm: img: Don't modify HW state in .remove() callback
(bsc#1012628).
- habanalabs: cannot sleep while holding spinlock (bsc#1012628).
- habanalabs: add "in device creation" status (bsc#1012628).
- habanalabs: fix mmu node address resolution in debugfs
(bsc#1012628).
- habanalabs: add validity check for event ID received from F/W
(bsc#1012628).
- drm/amdgpu: fix fdinfo race with process exit (bsc#1012628).
- drm/amd/display: Fix memory leak reported by coverity
(bsc#1012628).
- drm/amdgpu: Fixes to returning VBIOS RAS EEPROM address
(bsc#1012628).
- habanalabs: fix nullifying of destroyed mmu pgt pool
(bsc#1012628).
- thermal/drivers/rcar_gen3_thermal: Store TSC id as unsigned int
(bsc#1012628).
- nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group
(bsc#1012628).
- nilfs2: fix memory leak in nilfs_sysfs_create_snapshot_group
(bsc#1012628).
- nilfs2: fix memory leak in nilfs_sysfs_delete_##name##_group
(bsc#1012628).
- nilfs2: fix memory leak in nilfs_sysfs_create_##name##_group
(bsc#1012628).
- nilfs2: fix NULL pointer in nilfs_##name##_attr_release
(bsc#1012628).
- nilfs2: fix memory leak in nilfs_sysfs_create_device_group
(bsc#1012628).
- btrfs: fix lockdep warning while mounting sprout fs
(bsc#1012628).
- btrfs: delay blkdev_put until after the device remove
(bsc#1012628).
- btrfs: update the bdev time directly when closing (bsc#1012628).
- s390/unwind: use current_frame_address() to unwind current task
(bsc#1012628).
- ceph: lockdep annotations for try_nonblocking_invalidate
(bsc#1012628).
- ceph: remove the capsnaps when removing caps (bsc#1012628).
- ceph: request Fw caps before updating the mtime in
ceph_write_iter (bsc#1012628).
- ceph: fix memory leak on decode error in ceph_handle_caps
(bsc#1012628).
- ACPI: PM: s2idle: Run both AMD and Microsoft methods if both
are supported (bsc#1012628).
- ASoC: audio-graph: respawn Platform Support (bsc#1012628).
- s390: add kmemleak annotation in stack_alloc() (bsc#1012628).
- dmaengine: xilinx_dma: Set DMA mask for coherent APIs
(bsc#1012628).
- dmaengine: ioat: depends on !UML (bsc#1012628).
- cxl/pci: Introduce cdevm_file_operations (bsc#1012628).
- cxl: Move cxl_core to new directory (bsc#1012628).
- dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (bsc#1012628).
- dmaengine: idxd: depends on !UML (bsc#1012628).
- riscv: dts: microchip: mpfs-icicle: Fix serial console
(bsc#1012628).
- of: property: Disable fw_devlink DT support for X86
(bsc#1012628).
- drm/ttm: Fix a deadlock if the target BO is not idle during swap
(bsc#1012628).
- arm64: mm: limit linear region to 51 bits for KVM in nVHE mode
(bsc#1012628).
- iommu/vt-d: Fix a deadlock in intel_svm_drain_prq()
(bsc#1012628).
- iommu/vt-d: Fix PASID leak in intel_svm_unbind_mm()
(bsc#1012628).
- iommu/amd: Relocate GAMSup check to early_enable_iommus
(bsc#1012628).
- parisc: Move pci_dev_is_behind_card_dino to where it is used
(bsc#1012628).
- dma-buf: DMABUF_DEBUG should depend on DMA_SHARED_BUFFER
(bsc#1012628).
- Update config files.
- dma-buf: DMABUF_MOVE_NOTIFY should depend on DMA_SHARED_BUFFER
(bsc#1012628).
- Update config files.
- drivers: base: cacheinfo: Get rid of
DEFINE_SMP_CALL_CACHE_FUNCTION() (bsc#1012628).
- drm/amdgpu: Disable PCIE_DPM on Intel RKL Platform
(bsc#1012628).
- thermal/core: Fix thermal_cooling_device_register() prototype
(bsc#1012628).
- tracing/boot: Fix to loop on only subkeys (bsc#1012628).
- tools/bootconfig: Fix tracing_on option checking in
ftrace2bconf.sh (bsc#1012628).
- Kconfig.debug: drop selecting non-existing
HARDLOCKUP_DETECTOR_ARCH (bsc#1012628).
- init: move usermodehelper_enable() to populate_rootfs()
(bsc#1012628).
- math: RATIONAL_KUNIT_TEST should depend on RATIONAL instead
of selecting it (bsc#1012628).
- SUNRPC: don't pause on incomplete allocation (bsc#1012628).
- s390/entry: make oklabel within CHKSTG macro local
(bsc#1012628).
- platform/chrome: cros_ec_trace: Fix format warnings
(bsc#1012628).
- platform/chrome: sensorhub: Add trace events for sample
(bsc#1012628).
- dmaengine: idxd: clear block on fault flag when clear wq
(bsc#1012628).
- dmaengine: idxd: fix abort status check (bsc#1012628).
- dmaengine: idxd: fix wq slot allocation index check
(bsc#1012628).
- dmaengine: idxd: have command status always set (bsc#1012628).
- dmanegine: idxd: cleanup all device related bits after disabling
device (bsc#1012628).
- pwm: mxs: Don't modify HW state in .probe() after the PWM chip
was registered (bsc#1012628).
- pwm: lpc32xx: Don't modify HW state in .probe() after the PWM
chip was registered (bsc#1012628).
- ceph: cancel delayed work instead of flushing on mdsc teardown
(bsc#1012628).
- thermal/drivers/qcom/spmi-adc-tm5: Don't abort probing if a
sensor is not used (bsc#1012628).
- PM: sleep: core: Avoid setting power.must_resume to false
(bsc#1012628).
- profiling: fix shift-out-of-bounds bugs (bsc#1012628).
- nilfs2: use refcount_dec_and_lock() to fix potential UAF
(bsc#1012628).
- prctl: allow to setup brk for et_dyn executables (bsc#1012628).
- pwm: ab8500: Fix register offset calculation to not depend on
probe order (bsc#1012628).
- 9p/trans_virtio: Remove sysfs file on probe failure
(bsc#1012628).
- thermal/drivers/exynos: Fix an error code in exynos_tmu_probe()
(bsc#1012628).
- n64cart: fix return value check in n64cart_probe()
(bsc#1012628).
- staging: rtl8723bs: fix wpa_set_auth_algs() function
(bsc#1012628).
- perf tools: Allow build-id with trailing zeros (bsc#1012628).
- perf symbol: Look for ImageBase in PE file to compute .text
offset (bsc#1012628).
- perf test: Fix bpf test sample mismatch reporting (bsc#1012628).
- dmaengine: acpi: Avoid comparison GSI with Linux vIRQ
(bsc#1012628).
- RDMA/mlx5: Fix xlt_chunk_align calculation (bsc#1012628).
- RDMA/hns: Enable stash feature of HIP09 (bsc#1012628).
- um: virtio_uml: fix memory leak on init failures (bsc#1012628).
- coredump: fix memleak in dump_vma_snapshot() (bsc#1012628).
- um: fix stub location calculation (bsc#1012628).
- staging: rtl8192u: Fix bitwise vs logical operator in
TranslateRxSignalStuff819xUsb() (bsc#1012628).
- console: consume APC, DM, DCS (bsc#1012628).
- PCI: aardvark: Fix reporting CRS value (bsc#1012628).
- PCI: pci-bridge-emul: Add PCIe Root Capabilities Register
(bsc#1012628).
- commit 94242c6
- kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as
well.
Fixes: e98096d5cf85 ("rpm: Abolish scritplet templating (bsc#1189841).")
- commit e082fbf
- Linux 5.14.7 (bsc#1012628).
- net: stmmac: fix MAC not working when system resume back with
WoL active (bsc#1012628).
- io_uring: ensure symmetry in handling iter types in
loop_rw_iter() (bsc#1012628).
- swiotlb-xen: avoid double free (bsc#1012628).
- swiotlb-xen: fix late init retry (bsc#1012628).
- xen: reset legacy rtc flag for PV domU (bsc#1012628).
- xen: fix usage of pmd_populate in mremap for pv guests
(bsc#1012628).
- bnx2x: Fix enabling network interfaces without VFs
(bsc#1012628).
- arm64/sve: Use correct size when reinitialising SVE state
(bsc#1012628).
- PM: base: power: don't try to use non-existing RTC for storing
data (bsc#1012628).
- PCI: Add AMD GPU multi-function power dependencies
(bsc#1012628).
- drm/amd/display: Get backlight from PWM if DMCU is not
initialized (bsc#1012628).
- drm/amd/display: dsc mst 2 4K displays go dark with 2 lane HBR3
(bsc#1012628).
- drm/amd/display: Fix white screen page fault for gpuvm
(bsc#1012628).
- drm/amd/pm: fix runpm hang when amdgpu loaded prior to sound
driver (bsc#1012628).
- drm/amd/amdgpu: Increase HWIP_MAX_INSTANCE to 10 (bsc#1012628).
- drm/amdgpu: use IS_ERR for debugfs APIs (bsc#1012628).
- drm/amdgpu: fix use after free during BO move (bsc#1012628).
- drm/amdgpu: add amdgpu_amdkfd_resume_iommu (bsc#1012628).
- drm/amdgpu: move iommu_resume before ip init/resume
(bsc#1012628).
- drm/amd/pm: fix the issue of uploading powerplay table
(bsc#1012628).
- drm/amdkfd: separate kfd_iommu_resume from kfd_resume
(bsc#1012628).
- drm/radeon: pass drm dev radeon_agp_head_init directly
(bsc#1012628).
- io_uring: allow retry for O_NONBLOCK if async is supported
(bsc#1012628).
- drm/etnaviv: return context from etnaviv_iommu_context_get
(bsc#1012628).
- drm/etnaviv: put submit prev MMU context when it exists
(bsc#1012628).
- drm/etnaviv: stop abusing mmu_context as FE running marker
(bsc#1012628).
- drm/etnaviv: keep MMU context across runtime suspend/resume
(bsc#1012628).
- drm/etnaviv: exec and MMU state is lost when resetting the GPU
(bsc#1012628).
- drm/etnaviv: fix MMU context leak on GPU reset (bsc#1012628).
- drm/etnaviv: reference MMU context when setting up hardware
state (bsc#1012628).
- drm/etnaviv: add missing MMU context put when reaping MMU
mapping (bsc#1012628).
- s390/sclp: fix Secure-IPL facility detection (bsc#1012628).
- net: qrtr: revert check in qrtr_endpoint_post() (bsc#1012628).
- x86/pat: Pass valid address to sanitize_phys() (bsc#1012628).
- x86/mm: Fix kern_addr_valid() to cope with existing but not
present entries (bsc#1012628).
- x86/mce: Avoid infinite loop for copy from user recovery
(bsc#1012628).
- net: remove the unnecessary check in cipso_v4_doi_free
(bsc#1012628).
- net/{mlx5|nfp|bnxt}: Remove unnecessary RTNL lock assert
(bsc#1012628).
- net-caif: avoid user-triggerable WARN_ON(1) (bsc#1012628).
- ptp: dp83640: don't define PAGE0 (bsc#1012628).
- dccp: don't duplicate ccid when cloning dccp sock (bsc#1012628).
- net/l2tp: Fix reference count leak in l2tp_udp_recv_core
(bsc#1012628).
- r6040: Restore MDIO clock frequency after MAC reset
(bsc#1012628).
- tipc: increase timeout in tipc_sk_enqueue() (bsc#1012628).
- drm/rockchip: cdn-dp-core: Make cdn_dp_core_resume
__maybe_unused (bsc#1012628).
- rtc: cmos: Disable irq around direct invocation of
cmos_interrupt() (bsc#1012628).
- drm/i915/dp: return proper DPRX link training result
(bsc#1012628).
- perf machine: Initialize srcline string member in add_location
struct (bsc#1012628).
- net/mlx5: FWTrace, cancel work on alloc pd error flow
(bsc#1012628).
- net/mlx5: Fix potential sleeping in atomic context
(bsc#1012628).
- net: stmmac: fix system hang caused by eee_ctrl_timer during
suspend/resume (bsc#1012628).
- igc: fix tunnel offloading (bsc#1012628).
- nvme-tcp: fix io_work priority inversion (bsc#1012628).
- powerpc/64s: system call scv tabort fix for corrupt irq
soft-mask state (bsc#1012628).
- events: Reuse value read using READ_ONCE instead of re-reading
it (bsc#1012628).
- net: ipa: initialize all filter table slots (bsc#1012628).
- gen_compile_commands: fix missing 'sys' package (bsc#1012628).
- vhost_net: fix OoB on sendmsg() failure (bsc#1012628).
- net/af_unix: fix a data-race in unix_dgram_poll (bsc#1012628).
- net: dsa: destroy the phylink instance on any error in
dsa_slave_phy_setup (bsc#1012628).
- x86/uaccess: Fix 32-bit __get_user_asm_u64() when
CC_HAS_ASM_GOTO_OUTPUT=y (bsc#1012628).
- tcp: fix tp->undo_retrans accounting in tcp_sacktag_one()
(bsc#1012628).
- selftest: net: fix typo in altname test (bsc#1012628).
- qed: Handle management FW error (bsc#1012628).
- udp_tunnel: Fix udp_tunnel_nic work-queue type (bsc#1012628).
- dt-bindings: arm: Fix Toradex compatible typo (bsc#1012628).
- ibmvnic: check failover_pending in login response (bsc#1012628).
- KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode
changing registers (bsc#1012628).
- powerpc/64s: system call rfscv workaround for TM bugs
(bsc#1012628).
- powerpc/mce: Fix access error in mce handler (bsc#1012628).
- s390/pci_mmio: fully validate the VMA before calling
follow_pte() (bsc#1012628).
- bnxt_en: make bnxt_free_skbs() safe to call after
bnxt_free_mem() (bsc#1012628).
- net: hns3: pad the short tunnel frame before sending to hardware
(bsc#1012628).
- net: hns3: change affinity_mask to numa node range
(bsc#1012628).
- net: hns3: disable mac in flr process (bsc#1012628).
- net: hns3: fix the timing issue of VF clearing interrupt sources
(bsc#1012628).
- net: stmmac: platform: fix build warning when with
!CONFIG_PM_SLEEP (bsc#1012628).
- Drivers: hv: vmbus: Fix kernel crash upon unbinding a device
from uio_hv_generic driver (bsc#1012628).
- net/mlx5e: Fix mutual exclusion between CQE compression and
HW TS (bsc#1012628).
- ice: Correctly deal with PFs that do not support RDMA
(bsc#1012628).
- net: dsa: qca8k: fix kernel panic with legacy mdio mapping
(bsc#1012628).
- net: dsa: lantiq_gswip: Add 200ms assert delay (bsc#1012628).
- net: hns3: fix the exception when query imp info (bsc#1012628).
- nvme: avoid race in shutdown namespace removal (bsc#1012628).
- blkcg: fix memory leak in blk_iolatency_init (bsc#1012628).
- net: dsa: flush switchdev workqueue before tearing down CPU/DSA
ports (bsc#1012628).
- mlxbf_gige: clear valid_polarity upon open (bsc#1012628).
- dt-bindings: mtd: gpmc: Fix the ECC bytes vs. OOB bytes equation
(bsc#1012628).
- remoteproc: qcom: wcnss: Fix race with iris probe (bsc#1012628).
- mfd: db8500-prcmu: Adjust map to reality (bsc#1012628).
- PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms
(bsc#1012628).
- fuse: fix use after free in fuse_read_interrupt() (bsc#1012628).
- PCI: tegra194: Fix handling BME_CHGED event (bsc#1012628).
- PCI: tegra194: Fix MSI-X programming (bsc#1012628).
- PCI: tegra: Fix OF node reference leak (bsc#1012628).
- mfd: Don't use irq_create_mapping() to resolve a mapping
(bsc#1012628).
- PCI: rcar: Fix runtime PM imbalance in rcar_pcie_ep_probe()
(bsc#1012628).
- riscv: fix the global name pfn_base confliction error
(bsc#1012628).
- KVM: arm64: Make hyp_panic() more robust when protected mode
is enabled (bsc#1012628).
- tracing/probes: Reject events which have the same name of
existing one (bsc#1012628).
- PCI: cadence: Use bitfield for *quirk_retrain_flag* instead
of bool (bsc#1012628).
- PCI: cadence: Add quirk flag to set minimum delay in LTSSM
Detect.Quiet state (bsc#1012628).
- PCI: j721e: Add PCIe support for J7200 (bsc#1012628).
- PCI: j721e: Add PCIe support for AM64 (bsc#1012628).
- PCI: Add ACS quirks for Cavium multi-function devices
(bsc#1012628).
- watchdog: Start watchdog in watchdog_set_last_hw_keepalive
only if appropriate (bsc#1012628).
- octeontx2-af: Add additional register check to rvu_poll_reg()
(bsc#1012628).
- Set fc_nlinfo in nh_create_ipv4, nh_create_ipv6 (bsc#1012628).
- flow: fix object-size-mismatch warning in
flowi{4,6}_to_flowi_common() (bsc#1012628).
- net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920
(bsc#1012628).
- block, bfq: honor already-setup queue merges (bsc#1012628).
- PCI: ibmphp: Fix double unmap of io_mem (bsc#1012628).
- loop: reduce the loop_ctl_mutex scope (bsc#1012628).
- ethtool: Fix an error code in cxgb2.c (bsc#1012628).
- NTB: Fix an error code in ntb_msit_probe() (bsc#1012628).
- NTB: perf: Fix an error code in perf_setup_inbuf()
(bsc#1012628).
- stmmac: dwmac-loongson:Fix missing return value (bsc#1012628).
- net: phylink: add suspend/resume support (bsc#1012628).
- mfd: axp20x: Update AXP288 volatile ranges (bsc#1012628).
- backlight: ktd253: Stabilize backlight (bsc#1012628).
- PCI: controller: PCI_IXP4XX should depend on ARCH_IXP4XX
(bsc#1012628).
- PCI: of: Don't fail devm_pci_alloc_host_bridge() on missing
'ranges' (bsc#1012628).
- PCI: iproc: Fix BCMA probe resource handling (bsc#1012628).
- netfilter: nft_ct: protect nft_ct_pcpu_template_refcnt with
mutex (bsc#1012628).
- KVM: arm64: Restrict IPA size to maximum 48 bits on 4K and
16K page size (bsc#1012628).
- PCI: Fix pci_dev_str_match_path() alloc while atomic bug
(bsc#1012628).
- mfd: tqmx86: Clear GPIO IRQ resource when no IRQ is set
(bsc#1012628).
- tracing/boot: Fix a hist trigger dependency for boot time
tracing (bsc#1012628).
- mtd: mtdconcat: Judge callback existence based on the master
(bsc#1012628).
- mtd: mtdconcat: Check _read, _write callbacks existence before
assignment (bsc#1012628).
- KVM: arm64: Fix read-side race on updates to vcpu reset state
(bsc#1012628).
- KVM: arm64: Handle PSCI resets before userspace touches vCPU
state (bsc#1012628).
- PCI/PTM: Remove error message at boot (bsc#1012628).
- PCI: Sync __pci_register_driver() stub for CONFIG_PCI=n
(bsc#1012628).
- mtd: rawnand: cafe: Fix a resource leak in the error handling
path of 'cafe_nand_probe()' (bsc#1012628).
- ARC: export clear_user_page() for modules (bsc#1012628).
- perf config: Fix caching and memory leak in
perf_home_perfconfig() (bsc#1012628).
- perf unwind: Do not overwrite
FEATURE_CHECK_LDFLAGS-libunwind-{x86,aarch64} (bsc#1012628).
- perf bench inject-buildid: Handle writen() errors (bsc#1012628).
- gpio: mpc8xxx: Fix a resources leak in the error handling path
of 'mpc8xxx_probe()' (bsc#1012628).
- gpio: mpc8xxx: Fix a potential double iounmap call in
'mpc8xxx_probe()' (bsc#1012628).
- gpio: mpc8xxx: Use 'devm_gpiochip_add_data()' to simplify the
code and avoid a leak (bsc#1012628).
- io_uring: retry in case of short read on block device
(bsc#1012628).
- net: dsa: tag_rtl4_a: Fix egress tags (bsc#1012628).
- tools build: Fix feature detect clean for out of source builds
(bsc#1012628).
- mptcp: fix possible divide by zero (bsc#1012628).
- selftests: mptcp: clean tmp files in simult_flows (bsc#1012628).
- net: hso: add failure handler for add_net_device (bsc#1012628).
- net: dsa: b53: Fix calculating number of switch ports
(bsc#1012628).
- net: dsa: b53: Set correct number of ports in the DSA struct
(bsc#1012628).
- mptcp: Only send extra TCP acks in eligible socket states
(bsc#1012628).
- netfilter: socket: icmp6: fix use-after-scope (bsc#1012628).
- fq_codel: reject silly quantum parameters (bsc#1012628).
- qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom
(bsc#1012628).
- iwlwifi: move get pnvm file name to a separate function
(bsc#1012628).
- iwlwifi: pnvm: Fix a memory leak in 'iwl_pnvm_get_from_fs()'
(bsc#1012628).
- ip_gre: validate csum_start only on pull (bsc#1012628).
- net: dsa: b53: Fix IMP port setup on BCM5301x (bsc#1012628).
- bnxt_en: fix stored FW_PSID version masks (bsc#1012628).
- bnxt_en: Fix asic.rev in devlink dev info command (bsc#1012628).
- bnxt_en: Fix possible unintended driver initiated error recovery
(bsc#1012628).
- ip6_gre: Revert "ip6_gre: add validation for csum_start"
(bsc#1012628).
- mfd: lpc_sch: Rename GPIOBASE to prevent build error
(bsc#1012628).
- cxgb3: fix oops on module removal (bsc#1012628).
- net: renesas: sh_eth: Fix freeing wrong tx descriptor
(bsc#1012628).
- bnxt_en: Fix error recovery regression (bsc#1012628).
- net: dsa: bcm_sf2: Fix array overrun in
bcm_sf2_num_active_ports() (bsc#1012628).
- s390/bpf: Fix optimizing out zero-extensions (bsc#1012628).
- s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant
(bsc#1012628).
- s390/bpf: Fix branch shortening during codegen pass
(bsc#1012628).
- Update config files.
- commit aa9b3e1
- Revert "Revert "rpm: Abolish scritplet templating (bsc#1189841).""
This reverts commit f924054cc523527b52203e352adb073db0962f5f.
New suse-module-tools were accepted to factory:
https://build.opensuse.org/request/show/919089
- commit 6abad1e
==== ldb ====
Version update (2.3.0 -> 2.4.0)
Subpackages: libldb2 libldb2-32bit python3-ldb
- Update to version 2.4.0
+ Improve calculate_popt_array_length()
+ Use C99 initializers for builtin_popt_options[]
+ pyldb: Fix Message.items() for a message containing elements
+ pyldb: Add test for Message.items()
+ tests: Use ldbsearch '--scope instead of '-s'
+ pyldb: fix a typo
+ Change page size of guidindexpackv1.ldb
+ Use a 1MiB lmdb so the test also passes on aarch64 CentOS stream
+ attrib_handler casefold: simplify space dropping
+ fix ldb_comparison_fold off-by-one overrun
+ CVE-2020-27840: pytests: move Dn.validate test to ldb
+ CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode
+ CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds
+ CVE-2021-20277 ldb tests: ldb_match tests with extra spaces
+ improve comments for ldb_module_connect_backend()
+ test/ldb_tdb: correct introductory comments
+ ldb.h: remove undefined async_ctx function signatures
+ correct comments in attrib_handers val_to_int64
+ dn tests use cmocka print functions
+ ldb_match: remove redundant check
+ add tests for ldb_wildcard_compare
+ ldb_match: trailing chunk must match end of string
+ pyldb: catch potential overflow error in py_timestring
+ ldb: remove some 'if PY3's in tests
+ Add missing break in switch statement
==== libcap ====
Version update (2.51 -> 2.59)
Subpackages: libcap2 libcap2-32bit
- update to 2.59:
* Fixed a potential libcap memory leak by adding a destructor
* Major improvement is that there is a path for Linux-PAM compliant
applications to support setting Ambient vector Capabilities via pam_cap.so now
* Added libcap cap_proc_root() API function
* Added color support to captree
* Fixed contrib/sucap/su to correctly handle the Inheritable flag
* capsh enhancements
* getcap -r / now generates readable output
* The shared library objects: pam_cap.so, libcap.so and libpsx.so, are all now
runnable as standalone binaries
* The module pam_cap.so now contains support for a default=<IAB> module argument
* Enhanced capsh --suggest to also compare against the capability value names
and not just their descriptions
* Added capsh --current support
* Added a contrib/sucap/su.c pure-capabilities PAM implementation of su
* Fix for a corner case infinite loop handling long strings
* Added libcap cap_iab_compare() and cap_iab_get_pid() APIs
* Added a Go utility, captree, to display the process (and thread) graph along with
the POSIX.1e and IAB capabilities of each PID{TID} tree.
==== libjpeg-turbo ====
Subpackages: libjpeg8 libjpeg8-32bit libturbojpeg0
- previous version updates fixes following bugs:
CVE-2014-9092, CVE-2018-14498, CVE-2019-2201, CVE-2020-17541
(bsc#1128712, bsc#1186764, bsc#807183, bsc#906761)
==== libsolv ====
Version update (0.7.19 -> 0.7.20)
Subpackages: libsolv-tools python3-solv ruby-solv
- fix misparsing of '&' in attributes with libxml2
- choice rules: treat orphaned packages as newest [bsc#1190465]
- fix compatibility with Python 3.10
- new SOLVER_EXCLUDEFROMWEAK job type
- support for environments in comps parser
- bump version to 0.7.20
- Disable python2 usage on suse_version >= 1550 by default (still
possible to use osc build --with=python).
==== libsoup2 ====
Subpackages: libsoup-2_4-1 libsoup2-lang typelib-1_0-Soup-2_4
- Add libsoup2-extend-test-cert.patch to fix tests after 2027 (boo#1102840)
==== libstorage-ng ====
Version update (4.4.41 -> 4.4.43)
Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1
- merge gh#openSUSE/libstorage-ng#835
- generate pools with dasds
- extended testsuite
- 4.4.43
- merge gh#openSUSE/libstorage-ng#834
- added get_dasd_type_name() and get_dasd_format_name()
- 4.4.42
==== llvm12 ====
Subpackages: clang12 clang12-doc libLLVM12 libLTO12 libclang12
- Don't build clang-tools, libc++ and python3-clang anymore,
because they come from llvm13 now.
- Remove version requirement from clang-tools dependency.
==== lz4 ====
Subpackages: liblz4-1 liblz4-1-32bit
- version 1.9.3 fixes also CVE-2021-3520 [bsc#1185438]
==== mhvtl ====
Version update (1.63_release+759.35ddb48e5262_k5.14.6_2 -> 1.63_release+759.35ddb48e5262_k5.14.9_1)
- Remoed the "BuildRequires: lzo-devel" line from the SPEC file,
since this dependence was removed with upstream commit
c327afb77cff ("Remove dependency on external lzo packages").
==== mozilla-nss ====
Version update (3.69.1 -> 3.70)
Subpackages: libfreebl3 libfreebl3-hmac libsoftokn3 libsoftokn3-hmac mozilla-nss-certs mozilla-nss-tools
- update to NSS 3.70
* bmo#1726022 - Update test case to verify fix.
* bmo#1714579 - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max
* bmo#1714579 - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback
* bmo#1681975 - Avoid using a lookup table in nssb64d.
* bmo#1724629 - Use HW accelerated SHA2 on AArch64 Big Endian.
* bmo#1714579 - Change default value of enableHelloDowngradeCheck to true.
* bmo#1726022 - Cache additional PBE entries.
* bmo#1709750 - Read HPKE vectors from official JSON.
- required for Firefox 93
==== opensc ====
Version update (0.21.0 -> 0.22.0)
- Update to OpenSC 0.22.0:
* Removed changes in opensc-gcc11.patch already present in upstream.
- See https://github.com/OpenSC/OpenSC/pull/2241/commits/e549e9c62eb4fcd2260800e2…
* Removed some false positives from the openrc-rpmlintrc file.
* Use standard paths for file cache on Linux (#2148) and OSX (#2214)
* Various issues of memory/buffer handling in legacy drivers mostly reported by oss-fuzz and coverity (tcos, oberthur, isoapplet, iasecc, westcos, gpk, flex, dnie, mcrd, authentic, belpic)
* Add threading test to `pkcs11-tool` (#2067)
* Add support to generate generic secret keys (#2140)
* `opensc-explorer`: Print information about LCS (Life cycle status byte) (#2195)
* Add support for Apple's arm64 (M1) binaries, removed TokenD. A seperate installer with TokenD (and without arm64 binaries) will be available (#2179).
* Support for gcc11 and its new strict aliasing rules (#2241, #2260)
* Initial support for building with OpenSSL 3.0 (#2343)
* pkcs15-tool: Write data objects in binary mode (#2324)
* Avoid limited size of log messages (#2352)
* Support for ECDSA verification (#2211)
* Support for ECDSA with different SHA hashes (#2190)
* Prevent issues in p11-kit by not returning unexpected return codes (#2207)
* Add support for PKCS#11 3.0: The new interfaces, profile objects and functions (#2096, #2293)
* Standardize the version 2 on 2.20 in the code (#2096)
* Fix CKA_MODIFIABLE and CKA_EXTRACTABLE (#2176)
* Copy arguments of C_Initialize (#2350)
* Fix RSA-PSS signing (#2234)
* Fix DO deletion (#2215)
* Add support for (X)EdDSA keys (#1960)
* Add support for applet version 3 and fix RSA-PSS mechanisms (#2205)
* Add support for applet version 4 (#2332)
* New configuration option for opensc.conf to disable pkcs1_padding (#2193)
* Add support for ECDSA with different hashes (#2190)
* Enable more mechanisms (#2178)
* Fixed asking for a user pin when formatting a card (#1737)
* Added support for French CPx Healthcare cards (#2217)
* Added ATR for new CardOS 5.4 version (#2296)
==== python-lazr.config ====
Version update (2.2.2 -> 2.2.3)
- Update to 2.2.3:
- Fix tests with zope.interface >= 5.0.0.
- Fix deprecation warning on Python >= 3.2. (lp#1870199)
==== redis ====
Version update (6.2.5 -> 6.2.6)
- redis 6.2.6 with security fixes for
* Security fixes:
- CVE-2021-41099: Integer to heap buffer overflow handling certain string
commands and network payloads, when proto-max-bulk-len is manually configured
to a non-default, very large value (boo#1191299)
- CVE-2021-32762: Integer to heap buffer overflow issue in redis-cli and
redis-sentinel parsing large multi-bulk replies on some older and less common
platforms (boo#1191300)
- CVE-2021-32687: Integer to heap buffer overflow with intsets, when
set-max-intset-entries is manually configured to a non-default, very large
value (boo#1191302)
- CVE-2021-32675: Denial Of Service when processing RESP request payloads with
a large number of elements on many connections (boo#1191303)
- CVE-2021-32672: Random heap reading issue with Lua Debugger (boo#1191304)
- CVE-2021-32628: Integer to heap buffer overflow handling ziplist-encoded
data types, when configuring a large, non-default value for
hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries
or zset-max-ziplist-value (boo#1191305)
- CVE-2021-32627: Integer to heap buffer overflow issue with streams, when
configuring a non-default, large value for proto-max-bulk-len and
client-query-buffer-limit (boo#1191305)
- CVE-2021-32626: Specially crafted Lua scripts may result with Heap buffer
overflow (boo#1191306)
* Bug fixes that involve behavior changes:
- GEO* STORE with empty source key deletes the destination key and return 0
Previously it would have returned an empty array like the non-STORE variant.
- PUBSUB NUMPAT replies with number of patterns rather than number of subscriptions
This actually changed in 6.2.0 but was overlooked and omitted from the release notes.
* Bug fixes that are only applicable to previous releases of Redis 6.2:
- Fix CLIENT PAUSE, used an old timeout from previous PAUSE
- Fix CLIENT PAUSE in a replica would mess the replication offset
- Add some missing error statistics in INFO errorstats
* Other bug fixes:
- Fix incorrect reply of COMMAND command key positions for MIGRATE command
- Fix appendfsync to always guarantee fsync before reply, on MacOS and FreeBSD (kqueue)
- Fix the wrong misdetection of sync_file_range system call, affecting performance
* CLI tools:
- When redis-cli received ASK response, it didn't handle it
* Improvements:
- Add latency monitor sample when key is deleted via lazy expire
- Sanitize corrupt payload improvements
- Delete empty keys when loading RDB file or handling a RESTORE command
==== rng-tools ====
- disable nistbeacon support
==== rubygem-sassc-2.2 ====
- Rename rpmlintrc, cleanup dotfiles & cleanup spec file
==== samba ====
Version update (4.14.6+git.182.2205d5224e3 -> 4.15.0+git.185.378416e547c)
Subpackages: libdcerpc-binding0 libdcerpc-binding0-32bit libdcerpc0 libdcerpc0-32bit libndr-krb5pac0 libndr-krb5pac0-32bit libndr-nbt0 libndr-nbt0-32bit libndr-standard0 libndr-standard0-32bit libnetapi0 libnetapi0-32bit libsamba-credentials1 libsamba-credentials1-32bit libsamba-errors0 libsamba-errors0-32bit libsamba-hostconfig0 libsamba-hostconfig0-32bit libsamba-passdb0 libsamba-passdb0-32bit libsamba-policy0-python3 libsamba-util0 libsamba-util0-32bit libsamdb0 libsamdb0-32bit libsmbclient0 libsmbconf0 libsmbconf0-32bit libsmbldap2 libsmbldap2-32bit libtevent-util0 libtevent-util0-32bit libwbclient0 libwbclient0-32bit samba-client samba-client-32bit samba-doc samba-gpupdate samba-ldb-ldap samba-libs samba-libs-32bit samba-libs-python3 samba-python3 samba-winbind samba-winbind-32bit
- Adjust spec to use pam macros; (bsc#1191046).
- Adjust spec for size
* allow some Recommends instead Requires to be configured
for cifs-utils, samba-libs-python3 & samba-gpupdate;
(bsc#1182847).
* remove fam, undocumented and unneeded.
- Add missing build dependency on bison when building with the
embedded Heimdal Kerberos
- Update to 4.15.0
* Removed SMB development dialects SMB2_22, SMB2_24 and SMB3_10
* VFS layer modernized.
* Add the ability to set allow/deny lists for zone transfer clients
in Bind DLZ plugin
* Server multi-channel support no longer experimental
* Improved command line user experience, unifying the options in
different commands
* Winbindd no longer scans trusted domains on startup and will use
enterprise principals by default.
* The net utility is now able to support the offline domain join feature
* New options for 'samba-tool dns zoneoptions' for aging control
and to mark old records as static or dynamic
* DNS tombstones are now deleted as appropriate and use a consistent
timestamp format
* The 'samba-tool dns update' command validates and rejects now malformed
IPv4 and IPv6 addresses
* The 'samba-tool domain backup' command correctly takes out locks
against concurrent modification during backup when using the LMDB
backend
* TruACL support has been removed
* NIS support has been removed
- Update to 4.14.7
* smbd panic on force-close share during offload write; (bso#14769);
* smbd should support copy_file_range() for FSCTL_SRV_COPYCHUNK;
(bso#12033);
* Fix returned attributes on fake quota file handle and avoid hitting
the VFS; (bso#14731);
* vfs_shadow_copy2 fix inodes not correctly updating inode numbers;
(bso#14756);
* Fix build on Solaris; (bso#14774);
* Make dos attributes available for unreadable files; (bso#14654);
* Work around special SMB2 READ response behavior of NetApp Ontap
7.3.7; (bso#14607);
* Start the SMB encryption as soon as possible; (bso#14793);
==== squid ====
Version update (4.16 -> 5.2)
- transition to squid 5.x. This is a major release and for changes
and how to transition from 4.x, see the release notes,
http://www.squid-cache.org/Versions/v5/RELEASENOTES.html
- update to 5.2
* fixes issues with WCCP protocol that may lead to information
disclosure (bsc#1189403, CVE-2021-28116)
- drop unused BR: db-devel, ed, opensp-devel, pkgconfig(kdb)
- new BR: pkgconfig(tdb)
==== step ====
Version update (21.08.1 -> 21.08.2)
Subpackages: step-lang
- Update to 21.08.2
* New bugfix release
* For more details please see:
* https://kde.org/announcements/gear/21.08.2/
- No code change since 21.08.1
==== suse-module-tools ====
Version update (16.0.10+7 -> 16.0.11)
- Update to version 16.0.11:
* inkmp-script(postun): don't pass existing files to weak-modules2
(boo#1191200)
* kernel-scriptlets: skip cert scriptlet on non-UEFI systems
(boo#1191260)
==== sweeper ====
Version update (21.08.1 -> 21.08.2)
Subpackages: sweeper-lang
- Update to 21.08.2
* New bugfix release
* For more details please see:
* https://kde.org/announcements/gear/21.08.2/
- No code change since 21.08.1
==== tar ====
Subpackages: tar-lang tar-rmt
- The following issues have already been fixed in this package but
weren't previously mentioned in the changes file:
* bsc#1181131
* bsc#1120610
==== texinfo ====
Subpackages: info info-std
- Move to /usr for UsrMerge (boo#1191099)
==== timezone ====
Version update (2021a -> 2021c)
- timezone update 2021c:
* Revert almost all of 2021b's changes to the 'backward' file
* Fix a bug in 'zic -b fat' that caused old timestamps to be
mishandled in 32-bit-only readers
- timezone update 2021b:
* Jordan now starts DST on February's last Thursday.
* Samoa no longer observes DST.
* Move some backward-compatibility links to 'backward'.
* Rename Pacific/Enderbury to Pacific/Kanton.
* Correct many pre-1993 transitions in Malawi, Portugal, etc.
* zic now creates each output file or link atomically.
* zic -L no longer omits the POSIX TZ string in its output.
* zic fixes for truncation and leap second table expiration.
* zic now follows POSIX for TZ strings using all-year DST.
* Fix some localtime crashes and bugs in obscure cases.
* zdump -v now outputs more-useful boundary cases.
* tzfile.5 better matches a draft successor to RFC 8536.
==== timezone-java ====
Version update (2021a -> 2021c)
- timezone update 2021c:
* Revert almost all of 2021b's changes to the 'backward' file
* Fix a bug in 'zic -b fat' that caused old timestamps to be
mishandled in 32-bit-only readers
- timezone update 2021b:
* Jordan now starts DST on February's last Thursday.
* Samoa no longer observes DST.
* Move some backward-compatibility links to 'backward'.
* Rename Pacific/Enderbury to Pacific/Kanton.
* Correct many pre-1993 transitions in Malawi, Portugal, etc.
* zic now creates each output file or link atomically.
* zic -L no longer omits the POSIX TZ string in its output.
* zic fixes for truncation and leap second table expiration.
* zic now follows POSIX for TZ strings using all-year DST.
* Fix some localtime crashes and bugs in obscure cases.
* zdump -v now outputs more-useful boundary cases.
* tzfile.5 better matches a draft successor to RFC 8536.
==== transactional-update ====
Version update (3.5.5 -> 3.5.6)
Subpackages: dracut-transactional-update libtukit0 transactional-update-zypp-config tukit
- Version 3.5.6
- tukit: Add S/390 bootloader support [bsc#1189807]
- t-u: support purge-kernels with t-u patch [bsc#1190788]
==== trousers ====
- move libraries to /usr/lib (bsc#1191102)
==== umbrello ====
Version update (21.08.1 -> 21.08.2)
Subpackages: umbrello-lang
- Update to 21.08.2
* New bugfix release
* For more details please see:
* https://kde.org/announcements/gear/21.08.2/
- No code change since 21.08.1
==== yakuake ====
Version update (21.08.1 -> 21.08.2)
Subpackages: yakuake-lang
- Update to 21.08.2
* New bugfix release
* For more details please see:
* https://kde.org/announcements/gear/21.08.2/
- No code change since 21.08.1
2
1
Dear Package maintainers and hackers.
Below package(s) in openSUSE:Factory have been failing to build for at
least 4 weeks. We tried to send out notifications to the
configured bugowner/maintainers of the package(s), but so far no
fix has been submitted. This probably means that the
maintainer/bugowner did not yet find the time to look into the
matter and he/she would certainly appreciate help to get this
sorted.
- pink-pony
- python-hyper
- python-pyftpdlib
- python-thriftpy2
Unless somebody is stepping up and submitting fixes, the listed
package(s) are going to be removed from openSUSE:Factory.
Kind regards,
DimStar / Dominique Leuenberger <dimstar(a)opensuse.org>
3
2