Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&... Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: bcm20702a1-firmware grub2 irqbalance (1.7.0 -> 1.7.0+git20210222.9db8d5c) lua54 pipewire (0.3.22 -> 0.3.23) plasma5-disks (5.21.1 -> 5.21.2) plasma5-thunderbolt (5.21.1 -> 5.21.2) procps python-numexpr (2.7.2 -> 2.7.3) rubygem-puma (5.2.1 -> 5.2.2) rubygem-rspec-rails (4.0.2 -> 5.0.0) userspace-rcu (0.12.1 -> 0.12.2) wireshark (3.4.3 -> 3.4.4) === Details === ==== bcm20702a1-firmware ==== - fix boo#1175038 - remove unnecessary %postun scriptlet that is incorrectly deleting all package files on upgrade; all files are already listed in %files as %ghost so no scriptlet is needed. ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-xen - Fix chainloading windows on dual boot machine (bsc#1183073) * 0001-kern-efi-sb-Add-chainloaded-image-as-shim-s-verifiab.patch - VUL-0: grub2,shim: implement new SBAT method (bsc#1182057) * 0031-util-mkimage-Remove-unused-code-to-add-BSS-section.patch * 0032-util-mkimage-Use-grub_host_to_target32-instead-of-gr.patch * 0033-util-mkimage-Always-use-grub_host_to_target32-to-ini.patch * 0034-util-mkimage-Unify-more-of-the-PE32-and-PE32-header-.patch * 0035-util-mkimage-Reorder-PE-optional-header-fields-set-u.patch * 0036-util-mkimage-Improve-data_size-value-calculation.patch * 0037-util-mkimage-Refactor-section-setup-to-use-a-helper.patch * 0038-util-mkimage-Add-an-option-to-import-SBAT-metadata-i.patch * 0039-grub-install-common-Add-sbat-option.patch - Fix CVE-2021-20225 (bsc#1182262) * 0022-lib-arg-Block-repeated-short-options-that-require-an.patch - Fix CVE-2020-27749 (bsc#1179264) * 0024-kern-parser-Fix-resource-leak-if-argc-0.patch * 0025-kern-parser-Fix-a-memory-leak.patch * 0026-kern-parser-Introduce-process_char-helper.patch * 0027-kern-parser-Introduce-terminate_arg-helper.patch * 0028-kern-parser-Refactor-grub_parser_split_cmdline-clean.patch * 0029-kern-buffer-Add-variable-sized-heap-buffer.patch * 0030-kern-parser-Fix-a-stack-buffer-overflow.patch - Fix CVE-2021-20233 (bsc#1182263) * 0023-commands-menuentry-Fix-quoting-in-setparams_prefix.patch - Fix CVE-2020-25647 (bsc#1177883) * 0021-usb-Avoid-possible-out-of-bound-accesses-caused-by-m.patch - Fix CVE-2020-25632 (bsc#1176711) * 0020-dl-Only-allow-unloading-modules-that-are-not-depende.patch - Fix CVE-2020-27779, CVE-2020-14372 (bsc#1179265) (bsc#1175970) * 0001-include-grub-i386-linux.h-Include-missing-grub-types.patch * 0002-efi-Make-shim_lock-GUID-and-protocol-type-public.patch * 0003-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch * 0004-efi-Add-a-function-to-read-EFI-variables-with-attrib.patch * 0005-efi-Add-secure-boot-detection.patch * 0006-efi-Only-register-shim_lock-verifier-if-shim_lock-pr.patch * 0007-verifiers-Move-verifiers-API-to-kernel-image.patch * 0008-efi-Move-the-shim_lock-verifier-to-the-GRUB-core.patch * 0009-kern-Add-lockdown-support.patch * 0010-kern-lockdown-Set-a-variable-if-the-GRUB-is-locked-d.patch * 0011-efi-Lockdown-the-GRUB-when-the-UEFI-Secure-Boot-is-e.patch * 0012-efi-Use-grub_is_lockdown-instead-of-hardcoding-a-dis.patch * 0013-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch * 0014-mmap-Don-t-register-cutmem-and-badram-commands-when-.patch * 0015-commands-Restrict-commands-that-can-load-BIOS-or-DT-.patch * 0016-commands-setpci-Restrict-setpci-command-when-locked-.patch * 0017-commands-hdparm-Restrict-hdparm-command-when-locked-.patch * 0018-gdb-Restrict-GDB-access-when-locked-down.patch * 0019-loader-xnu-Don-t-allow-loading-extension-and-package.patch * 0040-shim_lock-Only-skip-loading-shim_lock-verifier-with-.patch * 0041-squash-Add-secureboot-support-on-efi-chainloader.patch * 0042-squash-grub2-efi-chainload-harder.patch * 0043-squash-Don-t-allow-insmod-when-secure-boot-is-enable.patch * 0044-squash-kern-Add-lockdown-support.patch * 0045-squash-Add-support-for-Linux-EFI-stub-loading-on-aar.patch * 0046-squash-verifiers-Move-verifiers-API-to-kernel-image.patch - Drop patch supersceded by the new backport * 0001-linuxefi-fail-kernel-validation-without-shim-protoco.patch * 0001-shim_lock-Disable-GRUB_VERIFY_FLAGS_DEFER_AUTH-if-se.patch * 0007-linuxefi-fail-kernel-validation-without-shim-protoco.patch - Add SBAT metadata section to grub.efi - Drop shim_lock module as it is part of core of grub.efi * grub2.spec ==== irqbalance ==== Version update (1.7.0 -> 1.7.0+git20210222.9db8d5c) Subpackages: irqbalance-ui - Update to version 1.7.0+git20210222.9db8d5c: * ui: fix cpu/irq menu off by one * fix uint64_t printf format (use PRIu64) * Also fetch node info for non-PCI devices * Add hot pull method for irqbalance * Add log for hotplug appropriately * add irq hotplug feature for irqbalance * Remove some unused constant macros in constants.h * Add a deprecation notice for IRQBALANCE_BANNED_CPUS * Add IRQBALANCE_BANNED_CPULIST to env file * log correctly for isolated and nohz_full cpus * Update README.md * Add some examples for IRQBALANCE_BANNED_CPUS * Adjust how we determine if a cpu is online * activate_mapping: activate only online CPUs * add env variable to ban cpus using cpulist syntax * put arg parsing detail into parse_command_line() * Updating configure script to version 1.7.0 * Add strlen checking for IRQBALANCE_BANNED_CPUS * remove redundant "/" in SOCKET_TMPFS * Fix typo in service unit file * arm64: Add irq aff change check For aarch64, the PPIs format in /proc/interrputs can be parsed and add to interrupt db, and next, the number of interrupts is counted and used to calculate the load. Finally these interrupts maybe scheduled between the NUMA domains. * Correct typos in irqbalance.c * free cpu_ban_string when the next request come * improve irq migrate rule to avoid high irq load * make the option 'V' closer to the option with no arg ==== lua54 ==== Subpackages: liblua5_4-5 - Add upstream-bugs.patch and upstream-bugs-test.patch to fix bugs 2,3,4 for build and tests respectively. ==== pipewire ==== Version update (0.3.22 -> 0.3.23) Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-modules pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Update to version 0.3.23: * Highlights + Fixes for some critical bugs in last release. + Fix bug where audio was not drained properly at the end of playback, causing repeating sound. + Profile and route switching was improved and should mimic more what pulseaudio did. + Various fixes for xruns in capture and playback. + Bluetooth now supports delay adjustment and various other improvements. + The pulseaudio server now correctly identifies AC3 and DTS streams and returns a not supported error instead of playing static. + Multichannel support was improved in the alsa plugin and the channel mixer. Channels should now play on the right speakers in all cases. * PipeWire improvements + Small fixes and improvements in JSON parsing and encoding. + Improvements to param handling in audioconverter. It would previously not always notify of changes. + Avoid updating some properties that we use internally such as the object id and the node.id. + log.level in the config files is now actually used. + the PIPEWIRE_LATENCY env variable should always override any application settings in filter/stream/jack. + The config file can now contain filer and stream properties to, for example, control the resampler, mixer and latency. + Add sandboxing to the systemd services + Various FreeBSD fixes. + Improve draining and a way to exit the drain state as well. + Many multichannel fixes. Channel remapping should now be correct. + Fix bug with repeating audio at the end of playback because the drain in the resampler was not draining all channels. + RTKit default rt.prio has been increased to 88. This will likely still be clamped to 20 until distros increase the max priority. * Session-manager + Don't try to switch to Pro Audio profile, this should be a user choice only. + Don't crash when metadata was disabled such as when not using the audio features of pipewire. + Rework the profile and route handling. + Add systemd unit files for the media-session + Device names should now also have sane names so that tab pactl completion works on them. * Device support + Fix ALSA format enumeration in more cases. Use the channels and rate as a filter. + Make sure the graph doesn't ever use buffers larger than the alsa device buffer size or we get xruns. + Tuning of the alsa device timeout handling and dynamic resampler. There should now not be any xruns when streams appear and disappear or when the quantum changes. + Fix bug in alsa device when reassigning to a new driver, in some cases the dynamic resampler was not activated and things would drift out of sync and fail. + Fixes in quantum changes for ALSA capture and how the resampler is drained and fed with the new samples. * Bluetooth + Delay adjustment has been implemented now. Bluetooth devices should now be more synchronized with video due to proper delay reporting. Because BT delays can be large, it can cause hickups in some players. + Fix volume in bluetooth devices. + Codec switch improvements. * PulseAudio server + Latency offset adjustment is now implemented and functional for bluetooth devices. It is not working for alsa devices yet. + Handle unsupported formats. Previously we would accept encoded formats and play noise. This fixes AC3 playback in vlc. + Move some of the configurable parameters to the config file. + Fix a fatal use after free when playing samples + Improve module handling. loaded modules now show up in the list of modules and can be unloaded. This also prepares the core for more module implementations later. * ALSA plugin + Fix drain with very large buffers, we need to manually start the stream before draining. + Fix the channel layout handling. + Improve compatibility with apps that expect the poll to only return when there is activity. + Fix drain for capture * JACK + Add a config option to shorten and filter client names + Increase the length of the client name size and make sure we don't exceed the allocated size. + We now include our own jack header files so we can build without depending on another jack-devel package. We don't yet install the headers or provide pkgconfig files. - Move alsa-card-profiles to modules subpackage, they are always needed. - Build/install the `pw-top` tool: + Add pkgconfig(ncurses) BuildRequires to satisfy the build deps of pw-top. ==== plasma5-disks ==== Version update (5.21.1 -> 5.21.2) Subpackages: plasma5-disks-lang - Update to 5.21.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.21.2 - No code changes since 5.21.1 ==== plasma5-thunderbolt ==== Version update (5.21.1 -> 5.21.2) Subpackages: plasma5-thunderbolt-lang - Update to 5.21.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.21.2 - No code changes since 5.21.1 ==== procps ==== Subpackages: libprocps8 procps-lang - Don't install translated man pages for non-installed binaries (uptime, kill). ==== python-numexpr ==== Version update (2.7.2 -> 2.7.3) - skip python3.6 build (no numpy) - update to version 2.7.3: * Pinned Numpy versions to minimum supported version in an effort to alleviate issues seen in Windows machines not having the same MSVC runtime installed as was used to build the wheels. * ARMv8 wheels are now available, thanks to odidev for the pull request. ==== rubygem-puma ==== Version update (5.2.1 -> 5.2.2) - updated to version 5.2.2 * Bugfixes * Add `#flush` and `#sync` methods to `Puma::NullIO` ([#2553]) * Restore `sync=true` on `STDOUT` and `STDERR` streams ([#2557]) ==== rubygem-rspec-rails ==== Version update (4.0.2 -> 5.0.0) - updated to version 5.0.0 [Full Changelog](https://github.com/rspec/rspec-rails/compare/v4.1.1...v5.0.0) Enhancements: * Support new #file_fixture_path and new fixture test support code. (Jon Rowe, #2398) * Support for Rails 6.1. (Benoit Tigeot, Jon Rowe, Phil Pirozhkov, and more #2398) Breaking Changes: * Drop support for Rails below 5.2. ==== userspace-rcu ==== Version update (0.12.1 -> 0.12.2) - update to 0.12.2: * fix: exclude clang from GCC version blacklists * aarch64: blacklist gcc prior to 5.1 * Fix: configure: support Autoconf 2.70 * fix: bump tests thread limit to 4096 * cleanup: Improve wording of CONFIG_RCU_DEBUG description * fix: explicitly include urcu/config.h in files using CONFIG_RCU_ defines * Fix typo in README.md * fix: add -lurcu-common to pkg-config libs for each flavor * call_rcu: Fix race between rcu_barrier() and call_rcu_data_free() ==== wireshark ==== Version update (3.4.3 -> 3.4.4) Subpackages: libwireshark14 libwiretap11 libwsutil12 wireshark-ui-qt - Wireshark 3.4.4: * CVE-2021-22191: Wireshark could open unsafe URLs (boo#1183353). - Further features, bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-3.4.4.html