openSUSE Kubic
Threads by month
- ----- 2024 -----
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
September 2019
- 2 participants
- 24 discussions
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=1&version=T…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
open-iscsi
=== Details ===
==== open-iscsi ====
Subpackages: iscsiuio libopeniscsiusr0_2_0
- Upgraded to upstream version 2.0.878, which becomes 2.0.878-suse
with our (few) SUSE-specific changes needed for our build system.
Changes include:
* general bug fixes in iscsid, iscsiadm, and libopeniscsiusr,
including better lock handling for multiple instances of iscsiadm
* iscsiuio/qedi updates
* systemd service-file updates/cleanups
This replaces open-iscsi-2.0.877-suse.tar.bz2 with
open-iscsi-2.0.878-suse.tar.bz2, and it resets
open-iscsi-SUSE-latest.diff.bz2 with fixes after 2.0.878.
--
To unsubscribe, e-mail: opensuse-kubic+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-kubic+owner(a)opensuse.org
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=1&version=T…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
python-cheroot (6.5.5 -> 6.5.8)
=== Details ===
==== python-cheroot ====
Version update (6.5.5 -> 6.5.8)
- update to 6.5.8:
- Fix socket.SO_PEERCRED constant fallback value under PowerPC.
- Fix race condition when toggling stats counting in the middle
of request processing.
- Improve post Python 3.9 compatibility checks.
- Fix support of abstract namespace sockets
- Fix HTTP parser to return 400 on invalid major-only HTTP version
in Request-Line.
- Drop cheroot_fix_so_peercred_ppc.patch . Applied upstream.
--
To unsubscribe, e-mail: opensuse-kubic+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-kubic+owner(a)opensuse.org
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
cloud-init
elfutils
findutils (4.6.0 -> 4.7.0)
gawk
glib2 (2.60.6 -> 2.60.7)
kernel-firmware (20190815 -> 20190827)
kernel-source (5.2.11 -> 5.2.14)
libxml2
makedumpfile (1.6.5 -> 1.6.6)
multipath-tools (0.8.2+26+suse.d884195 -> 0.8.2+27+suse.3ff280b)
patterns-containers
permissions (1550_20190711 -> 1550_20190830)
podman
rpm-config-SUSE (0.g32 -> 0.g35)
texinfo (6.5 -> 6.6)
util-linux
util-linux-systemd
xen
=== Details ===
==== cloud-init ====
- Add cloud-init-add-static-routes.diff (bsc#1141969)
+ Properly handle static routes. The EphemeralDHCP context manager did
not parse or handle rfc3442 classless static routes which prevented
reading datasource metadata in some clouds.
- Update cloud-init-trigger-udev.patch (bsc#1144363)
- The __str__ implementation no longer delivers the name of the interface,
use the "name" attribute instead to form a proper path in the
sysfs tree
- Update cloud-init-write-routes.patch (bsc#1144881)
+ If no routes are set for a subnet but the subnet has a gateway
specified, set the gateway as the default route for the interface
- Follow the ever changing inconsistencies of version definitions and
detection in the build service.
+ No more suse_version in SUSE internal instance for SLES 15 SP1
==== elfutils ====
Subpackages: libasm1 libdw1 libebl-plugins libelf1
- Modernize specfile and metadata.
==== findutils ====
Version update (4.6.0 -> 4.7.0)
- Upgrade to 4.7.0.
- findutils.spec:
- Change source compression from gzip to xz.
- Align comments about how to bump the version.
- Activate the signature checking via *.sig and keyring files.
- Remove downstream hack in %check section to make a test executable.
- Delete obsolete patches:
- disable-broken-tests.patch
- gnulib-libio.patch
- sv-bug-48030-find-exec-plus-does-not-pass-all-arguments.patch
- sysmacros.patch
- findutils-4.4.2-xautofs.patch: Refresh, and rename ...
- findutils-xautofs.patch: ... to this.
==== gawk ====
- Upgrade descriptions.
==== glib2 ====
Version update (2.60.6 -> 2.60.7)
Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0
- Update to version 2.60.7:
+ Bugs fixed: glgo#GNOME/GLib#1819, glgo#GNOME/GLib#1847,
glgo#GNOME/GLib!1012, glgo#GNOME/GLib!1013,
glgo#GNOME/GLib!1061, glgo#GNOME/GLib!1065,
glgo#GNOME/GLib!1081.
==== kernel-firmware ====
Version update (20190815 -> 20190827)
Subpackages: ucode-amd
- Update to version 20190827 (git-commit 7307a29961ad):
* brcm: Add 43455 based AP6255 NVRAM for the Minix Neo Z83-4 Mini PC
* brcm: Add 43340 based AP6234 NVRAM for the PoV TAB-P1006W-232 tablet
* iwlwifi: update FWs to core45-152 release
* check_whence: Add copy-firmware.sh to the list of ignored files
* rtl_bt: Update RTL8822C BT FW to V0x098A_94A4
* linux-firmware: Update firmware file for Intel Bluetooth AX200
* linux-firmware: Update firmware file for Intel Bluetooth AX201
* linux-firmware: Update firmware file for Intel Bluetooth 9560
* linux-firmware: Update firmware file for Intel Bluetooth 9260
* Mellanox: Add new mlxsw_spectrum firmware 13.2000.1886
==== kernel-source ====
Version update (5.2.11 -> 5.2.14)
Subpackages: kernel-debug kernel-default
- Linux 5.2.14 (bnc#1012628).
- Revert "mmc: core: do not retry CMD6 in __mmc_switch()"
(bnc#1012628).
- x86/boot: Preserve boot_params.secure_boot from sanitizing
(bnc#1012628).
- Revert "x86/apic: Include the LDR when clearing out APIC
registers" (bnc#1012628).
- libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer
(bnc#1012628).
- x86/boot/compressed/64: Fix missing initialization in
find_trampoline_placement() (bnc#1012628).
- KVM: arm/arm64: VGIC: Properly initialise private IRQ affinity
(bnc#1012628).
- gpio: Fix irqchip initialization order (bnc#1012628).
- RDMA/bnxt_re: Fix stack-out-of-bounds in
bnxt_qplib_rcfw_send_message (bnc#1012628).
- afs: use correct afs_call_type in yfs_fs_store_opaque_acl2
(bnc#1012628).
- afs: Fix possible oops in afs_lookup trace event (bnc#1012628).
- afs: Fix leak in afs_lookup_cell_rcu() (bnc#1012628).
- KVM: arm/arm64: Only skip MMIO insn once (bnc#1012628).
- ceph: fix buffer free while holding i_ceph_lock in fill_inode()
(bnc#1012628).
- ceph: fix buffer free while holding i_ceph_lock in
__ceph_build_xattrs_blob() (bnc#1012628).
- ceph: fix buffer free while holding i_ceph_lock in
__ceph_setxattr() (bnc#1012628).
- drm/amdgpu: prevent memory leaks in AMDGPU_CS ioctl
(bnc#1012628).
- selftests/kvm: make platform_info_test pass on AMD
(bnc#1012628).
- selftests: kvm: fix state save/load on processors without XSAVE
(bnc#1012628).
- infiniband: hfi1: fix memory leaks (bnc#1012628).
- infiniband: hfi1: fix a memory leak bug (bnc#1012628).
- IB/mlx4: Fix memory leaks (bnc#1012628).
- RDMA/cma: fix null-ptr-deref Read in cma_cleanup (bnc#1012628).
- nvme: Fix cntlid validation when not using NVMEoF (bnc#1012628).
- nvme-multipath: fix possible I/O hang when paths are updated
(bnc#1012628).
- Tools: hv: kvp: eliminate 'may be used uninitialized' warning
(bnc#1012628).
- Input: hyperv-keyboard: Use in-place iterator API in the
channel callback (bnc#1012628).
- scsi: lpfc: Mitigate high memory pre-allocation by SCSI-MQ
(bnc#1012628).
- x86/boot/compressed/64: Fix boot on machines with broken E820
table (bnc#1012628).
- HID: cp2112: prevent sleeping function called from invalid
context (bnc#1012628).
- HID: intel-ish-hid: ipc: add EHL device id (bnc#1012628).
- kprobes: Fix potential deadlock in kprobe_optimizer()
(bnc#1012628).
- sched/core: Schedule new worker even if PI-blocked
(bnc#1012628).
- ravb: Fix use-after-free ravb_tstamp_skb (bnc#1012628).
- wimax/i2400m: fix a memory leak bug (bnc#1012628).
- net: cavium: fix driver name (bnc#1012628).
- ibmvnic: Unmap DMA address of TX descriptor buffers after use
(bnc#1012628).
- net: kalmia: fix memory leaks (bnc#1012628).
- cx82310_eth: fix a memory leak bug (bnc#1012628).
- vfs: fix page locking deadlocks when deduping files
(bnc#1012628).
- lan78xx: Fix memory leaks (bnc#1012628).
- clk: Fix potential NULL dereference in clk_fetch_parent_index()
(bnc#1012628).
- clk: Fix falling back to legacy parent string matching
(bnc#1012628).
- net: myri10ge: fix memory leaks (bnc#1012628).
- liquidio: add cleanup in octeon_setup_iq() (bnc#1012628).
- selftests: kvm: fix vmx_set_nested_state_test (bnc#1012628).
- selftests: kvm: provide common function to enable eVMCS
(bnc#1012628).
- selftests: kvm: do not try running the VM in
vmx_set_nested_state_test (bnc#1012628).
- cxgb4: fix a memory leak bug (bnc#1012628).
- scsi: target: tcmu: avoid use-after-free after command timeout
(bnc#1012628).
- scsi: qla2xxx: Fix gnl.l memory leak on adapter init failure
(bnc#1012628).
- drm/mediatek: set DMA max segment size (bnc#1012628).
- drm/mediatek: use correct device to import PRIME buffers
(bnc#1012628).
- netfilter: nft_flow_offload: skip tcp rst and fin packets
(bnc#1012628).
- gpio: Fix build error of function redefinition (bnc#1012628).
- ibmveth: Convert multicast list size for little-endian system
(bnc#1012628).
- s390/qeth: serialize cmd reply with concurrent timeout
(bnc#1012628).
- Bluetooth: hci_qca: Send VS pre shutdown command (bnc#1012628).
- Bluetooth: btqca: Add a short delay before downloading the NVM
(bnc#1012628).
- net: tc35815: Explicitly check NET_IP_ALIGN is not zero in
tc35815_rx (bnc#1012628).
- hv_netvsc: Fix a warning of suspicious RCU usage (bnc#1012628).
- ixgbe: fix possible deadlock in ixgbe_service_task()
(bnc#1012628).
- tools: bpftool: fix error message (prog -> object)
(bnc#1012628).
- netfilter: nf_flow_table: teardown flow timeout race
(bnc#1012628).
- netfilter: nf_flow_table: conntrack picks up expired flows
(bnc#1012628).
- netfilter: nf_tables: use-after-free in failing rule with
bound set (bnc#1012628).
- net: tundra: tsi108: use spin_lock_irqsave instead of
spin_lock_irq in IRQ context (bnc#1012628).
- clk: samsung: exynos542x: Move MSCL subsystem clocks to its
sub-CMU (bnc#1012628).
- clk: samsung: exynos5800: Move MAU subsystem clocks to MAU
sub-CMU (bnc#1012628).
- clk: samsung: Change signature of exynos5_subcmus_init()
function (bnc#1012628).
- net/mlx5e: Fix error flow of CQE recovery on tx reporter
(bnc#1012628).
- netfilter: nf_flow_table: fix offload for flows that are
subject to xfrm (bnc#1012628).
- libbpf: set BTF FD for prog only when there is supported
.BTF.ext data (bnc#1012628).
- libbpf: fix erroneous multi-closing of BTF FD (bnc#1012628).
- batman-adv: Fix netlink dumping of all mcast_flags buckets
(bnc#1012628).
- net/rds: Fix info leak in rds6_inc_info_copy() (bnc#1012628).
- net/sched: pfifo_fast: fix wrong dereference when qdisc is reset
(bnc#1012628).
- net/sched: pfifo_fast: fix wrong dereference in
pfifo_fast_enqueue (bnc#1012628).
- net: dsa: tag_8021q: Future-proof the reserved fields in the
custom VID (bnc#1012628).
- Add genphy_c45_config_aneg() function to phy-c45.c
(bnc#1012628).
- net/sched: cbs: Set default link speed to 10 Mbps in
cbs_set_port_rate (bnc#1012628).
- taprio: Set default link speed to 10 Mbps in
taprio_set_picos_per_byte (bnc#1012628).
- taprio: Fix kernel panic in taprio_destroy (bnc#1012628).
- r8152: remove calling netif_napi_del (bnc#1012628).
- Revert "r8152: napi hangup fix after disconnect" (bnc#1012628).
- nfp: flower: handle neighbour events on internal ports
(bnc#1012628).
- nfp: flower: prevent ingress block binds on internal ports
(bnc#1012628).
- tcp: remove empty skb from write queue in error cases
(bnc#1012628).
- tcp: inherit timestamp on mtu probe (bnc#1012628).
- net: stmmac: dwmac-rk: Don't fail if phy regulator is absent
(bnc#1012628).
- net_sched: fix a NULL pointer deref in ipt action (bnc#1012628).
- net: sched: act_sample: fix psample group handling on overwrite
(bnc#1012628).
- net: fix skb use after free in netpoll (bnc#1012628).
- mld: fix memory leak in mld_del_delrec() (bnc#1012628).
- commit af75f09
- config: enable SLAB_FREELIST_HARDENED (bsc#1127808)
Enable SLAB_FREELIST_HARDENED on all architectures. This obscures the
free object pointer on a per-cache basis making it more difficult to
locate kernel objects via exploits probing the cache metadata.
This change was requested by the upstream openSUSE community to make
the kernel more resistent to slab freelist attacks. Tests conducted
by the kernel performance teams confirmed that the performance impact
is detectable but negligible.
- commit 94938f2
- rpm/constraints.in: lower disk space required for ARM
With a requirement of 35GB, only 2 slow workers are usable for ARM.
Current aarch64 build requires 27G and armv6/7 requires 14G.
Set requirements respectively to 30GB and 20GB.
- commit f84c163
- config: enable STACKPROTECTOR_STRONG also on armv6hl
Recently reenabled armv6hl architecture has STACKPROTECTOR_STRONG disabled,
enable it here as well.
- commit f434a32
- Linux 5.2.13 (bnc#1012628).
- Revert "Input: elantech - enable SMBus on new (2018+) systems"
(bnc#1012628).
- commit acd8e88
- Linux 5.2.12 (bnc#1012628).
- dmaengine: ste_dma40: fix unneeded variable warning
(bnc#1012628).
- nvme-multipath: revalidate nvme_ns_head gendisk in
nvme_validate_ns (bnc#1012628).
- afs: Fix the CB.ProbeUuid service handler to reply correctly
(bnc#1012628).
- afs: Fix loop index mixup in
afs_deliver_vl_get_entry_by_name_u() (bnc#1012628).
- fs: afs: Fix a possible null-pointer dereference in
afs_put_read() (bnc#1012628).
- afs: Fix off-by-one in afs_rename() expected data version
calculation (bnc#1012628).
- afs: Only update d_fsdata if different in afs_d_revalidate()
(bnc#1012628).
- afs: Fix missing dentry data version updating (bnc#1012628).
- nvmet: Fix use-after-free bug when a port is removed
(bnc#1012628).
- nvmet-loop: Flush nvme_delete_wq when removing the port
(bnc#1012628).
- nvmet-file: fix nvmet_file_flush() always returning an error
(bnc#1012628).
- nvme-core: Fix extra device_put() call on error path
(bnc#1012628).
- nvme: fix a possible deadlock when passthru commands sent to
a multipath device (bnc#1012628).
- nvme-rdma: fix possible use-after-free in connect error flow
(bnc#1012628).
- nvme: fix controller removal race with scan work (bnc#1012628).
- nvme-pci: Fix async probe remove race (bnc#1012628).
- soundwire: cadence_master: fix register definition for
SLAVE_STATE (bnc#1012628).
- soundwire: cadence_master: fix definitions for INTSTAT0/1
(bnc#1012628).
- auxdisplay: panel: need to delete scan_timer when misc_register
fails in panel_attach (bnc#1012628).
- btrfs: trim: Check the range passed into to prevent overflow
(bnc#1012628).
- IB/mlx5: Fix implicit MR release flow (bnc#1012628).
- dmaengine: stm32-mdma: Fix a possible null-pointer dereference
in stm32_mdma_irq_handler() (bnc#1012628).
- omap-dma/omap_vout_vrfb: fix off-by-one fi value (bnc#1012628).
- iommu/dma: Handle SG length overflow better (bnc#1012628).
- dma-direct: don't truncate dma_required_mask to bus addressing
capabilities (bnc#1012628).
- usb: gadget: composite: Clear "suspended" on reset/disconnect
(bnc#1012628).
- usb: gadget: mass_storage: Fix races between fsg_disable and
fsg_set_alt (bnc#1012628).
- habanalabs: fix DRAM usage accounting on context tear down
(bnc#1012628).
- habanalabs: fix endianness handling for packets from user
(bnc#1012628).
- habanalabs: fix completion queue handling when host is BE
(bnc#1012628).
- habanalabs: fix endianness handling for internal QMAN submission
(bnc#1012628).
- habanalabs: fix device IRQ unmasking for BE host (bnc#1012628).
- xen/blkback: fix memory leaks (bnc#1012628).
- arm64: cpufeature: Don't treat granule sizes as strict
(bnc#1012628).
- riscv: fix flush_tlb_range() end address for flush_tlb_page()
(bnc#1012628).
- i2c: rcar: avoid race when unregistering slave client
(bnc#1012628).
- i2c: emev2: avoid race when unregistering slave client
(bnc#1012628).
- drm/scheduler: use job count instead of peek (bnc#1012628).
- drm/ast: Fixed reboot test may cause system hanged
(bnc#1012628).
- usb: host: fotg2: restart hcd after port reset (bnc#1012628).
- tools: hv: fixed Python pep8/flake8 warnings for lsvmbus
(bnc#1012628).
- tools: hv: fix KVP and VSS daemons exit code (bnc#1012628).
- locking/rwsem: Add missing ACQUIRE to read_slowpath exit when
queue is empty (bnc#1012628).
- lcoking/rwsem: Add missing ACQUIRE to read_slowpath sleep loop
(bnc#1012628).
- watchdog: bcm2835_wdt: Fix module autoload (bnc#1012628).
- selftests/bpf: install files test_xdp_vlan.sh (bnc#1012628).
- drm/bridge: tfp410: fix memleak in get_modes() (bnc#1012628).
- mt76: usb: fix rx A-MSDU support (bnc#1012628).
- ipv6/addrconf: allow adding multicast addr if IFA_F_MCAUTOJOIN
is set (bnc#1012628).
- ipv6: Fix return value of ipv6_mc_may_pull() for malformed
packets (bnc#1012628).
- net: cpsw: fix NULL pointer exception in the probe error path
(bnc#1012628).
- net: fix __ip_mc_inc_group usage (bnc#1012628).
- net/smc: make sure EPOLLOUT is raised (bnc#1012628).
- tcp: make sure EPOLLOUT wont be missed (bnc#1012628).
- ipv4: mpls: fix mpls_xmit for iptunnel (bnc#1012628).
- openvswitch: Fix conntrack cache with timeout (bnc#1012628).
- ipv4/icmp: fix rt dst dev null pointer dereference
(bnc#1012628).
- xfrm/xfrm_policy: fix dst dev null pointer dereference in
collect_md mode (bnc#1012628).
- mm/zsmalloc.c: fix build when CONFIG_COMPACTION=n (bnc#1012628).
- ALSA: usb-audio: Check mixer unit bitmap yet more strictly
(bnc#1012628).
- ALSA: hda/ca0132 - Add new SBZ quirk (bnc#1012628).
- ALSA: line6: Fix memory leak at line6_init_pcm() error path
(bnc#1012628).
- ALSA: hda - Fixes inverted Conexant GPIO mic mute led
(bnc#1012628).
- ALSA: seq: Fix potential concurrent access to the deleted pool
(bnc#1012628).
- ALSA: usb-audio: Fix invalid NULL check in
snd_emuusb_set_samplerate() (bnc#1012628).
- ALSA: usb-audio: Add implicit fb quirk for Behringer UFX1604
(bnc#1012628).
- kvm: x86: skip populating logical dest map if apic is not sw
enabled (bnc#1012628).
- KVM: x86: hyper-v: don't crash on KVM_GET_SUPPORTED_HV_CPUID
when kvm_intel.nested is disabled (bnc#1012628).
- KVM: x86: Don't update RIP or do single-step on faulting
emulation (bnc#1012628).
- uprobes/x86: Fix detection of 32-bit user mode (bnc#1012628).
- x86/mm/cpa: Prevent large page split when ftrace flips RW on
kernel text (bnc#1012628).
- x86/apic: Do not initialize LDR and DFR for bigsmp
(bnc#1012628).
- x86/apic: Include the LDR when clearing out APIC registers
(bnc#1012628).
- HID: logitech-hidpp: remove support for the G700 over USB
(bnc#1012628).
- ftrace: Fix NULL pointer dereference in t_probe_next()
(bnc#1012628).
- ftrace: Check for successful allocation of hash (bnc#1012628).
- ftrace: Check for empty hash and comment the race with
registering probes (bnc#1012628).
- usbtmc: more sanity checking for packet size (bnc#1012628).
- usb-storage: Add new JMS567 revision to unusual_devs
(bnc#1012628).
- USB: cdc-wdm: fix race between write and disconnect due to
flag abuse (bnc#1012628).
- usb: hcd: use managed device resources (bnc#1012628).
- usb: chipidea: udc: don't do hardware access if gadget has
stopped (bnc#1012628).
- usb: host: ohci: fix a race condition between shutdown and irq
(bnc#1012628).
- usb: host: xhci: rcar: Fix typo in compatible string matching
(bnc#1012628).
- USB: storage: ums-realtek: Update module parameter description
for auto_delink_en (bnc#1012628).
- USB: storage: ums-realtek: Whitelist auto-delink support
(bnc#1012628).
- tools/power turbostat: Fix caller parameter of get_tdp_amd()
(bnc#1012628).
- KVM: PPC: Book3S: Fix incorrect guest-to-user-translation
error handling (bnc#1012628).
- KVM: arm/arm64: vgic: Fix potential deadlock when ap_list is
long (bnc#1012628).
- KVM: arm/arm64: vgic-v2: Handle SGI bits in GICD_I{S,C}PENDR0
as WI (bnc#1012628).
- mei: me: add Tiger Lake point LP device ID (bnc#1012628).
- Revert "mmc: sdhci-tegra: drop ->get_ro() implementation"
(bnc#1012628).
- mmc: sdhci-of-at91: add quirk for broken HS200 (bnc#1012628).
- mmc: sdhci-cadence: enable v4_mode to fix ADMA 64-bit addressing
(bnc#1012628).
- mmc: core: Fix init of SD cards reporting an invalid VDD range
(bnc#1012628).
- mmc: sdhci-sprd: fixed incorrect clock divider (bnc#1012628).
- mmc: sdhci-sprd: add SDHCI_QUIRK2_PRESET_VALUE_BROKEN
(bnc#1012628).
- stm class: Fix a double free of stm_source_device (bnc#1012628).
- intel_th: pci: Add support for another Lewisburg PCH
(bnc#1012628).
- intel_th: pci: Add Tiger Lake support (bnc#1012628).
- typec: tcpm: fix a typo in the comparison of pdo_max_voltage
(bnc#1012628).
- fsi: scom: Don't abort operations for minor errors
(bnc#1012628).
- lkdtm/bugs: fix build error in lkdtm_EXHAUST_STACK
(bnc#1012628).
- NFSv4/pnfs: Fix a page lock leak in nfs_pageio_resend()
(bnc#1012628).
- NFS: Ensure O_DIRECT reports an error if the bytes read/written
is 0 (bnc#1012628).
- Revert "NFSv4/flexfiles: Abort I/O early if the layout segment
was invalidated" (bnc#1012628).
- lib: logic_pio: Fix RCU usage (bnc#1012628).
- lib: logic_pio: Avoid possible overlap for unregistering regions
(bnc#1012628).
- lib: logic_pio: Add logic_pio_unregister_range() (bnc#1012628).
- drm/amdgpu: Add APTX quirk for Dell Latitude 5495 (bnc#1012628).
- drm/amdgpu: fix GFXOFF on Picasso and Raven2 (bnc#1012628).
- drm/i915: Don't deballoon unused ggtt drm_mm_node in linux guest
(bnc#1012628).
- drm/i915: Call dma_set_max_seg_size() in i915_driver_hw_probe()
(bnc#1012628).
- i2c: piix4: Fix port selection for AMD Family 16h Model 30h
(bnc#1012628).
- bus: hisi_lpc: Unregister logical PIO range to avoid potential
use-after-free (bnc#1012628).
- bus: hisi_lpc: Add .remove method to avoid driver unbind crash
(bnc#1012628).
- VMCI: Release resource if the work is already queued
(bnc#1012628).
- crypto: ccp - Ignore unconfigured CCP device on suspend/resume
(bnc#1012628).
- SUNRPC: Don't handle errors if the bind/connect succeeded
(bnc#1012628).
- mt76: mt76x0u: do not reset radio on resume (bnc#1012628).
- mms: sdhci-sprd: add SDHCI_QUIRK_BROKEN_CARD_DETECTION
(bnc#1012628).
- mm, memcg: partially revert "mm/memcontrol.c: keep local VM
counters in sync with the hierarchical ones" (bnc#1012628).
- mm: memcontrol: fix percpu vmstats and vmevents flush
(bnc#1012628).
- Revert "cfg80211: fix processing world regdomain when non
modular" (bnc#1012628).
- mac80211: fix possible sta leak (bnc#1012628).
- cfg80211: Fix Extended Key ID key install checks (bnc#1012628).
- mac80211: Don't memset RXCB prior to PAE intercept
(bnc#1012628).
- mac80211: Correctly set noencrypt for PAE frames (bnc#1012628).
- mmc: sdhci-sprd: clear the UHS-I modes read from registers
(bnc#1012628).
- mmc: sdhci-sprd: Implement the get_max_timeout_count() interface
(bnc#1012628).
- mmc: sdhci-sprd: add get_ro hook function (bnc#1012628).
- iwlwifi: add new cards for 22000 and fix struct name
(bnc#1012628).
- iwlwifi: add new cards for 22000 and change wrong structs
(bnc#1012628).
- iwlwifi: add new cards for 9000 and 20000 series (bnc#1012628).
- iwlwifi: change 0x02F0 fw from qu to quz (bnc#1012628).
- iwlwifi: pcie: add support for qu c-step devices (bnc#1012628).
- iwlwifi: pcie: don't switch FW to qnj when ax201 is detected
(bnc#1012628).
- iwlwifi: pcie: handle switching killer Qu B0 NICs to C0
(bnc#1012628).
- drm/i915: Do not create a new max_bpc prop for MST connectors
(bnc#1012628).
- drm/i915/dp: Fix DSC enable code to use cpu_transcoder instead
of encoder->type (bnc#1012628).
- bpf: fix use after free in prog symbol exposure (bnc#1012628).
- hsr: implement dellink to clean up resources (bnc#1012628).
- hsr: fix a NULL pointer deref in hsr_dev_xmit() (bnc#1012628).
- hsr: switch ->dellink() to ->ndo_uninit() (bnc#1012628).
- Revert "ASoC: Fail card instantiation if DAI format setup fails"
(bnc#1012628).
- commit bb4c31d
- powerpc/tm: Fix restoring FP/VMX facility incorrectly on
interrupts (CVE-2019-15031 bsc#1149713).
- powerpc/tm: Fix FP/VMX unavailable exceptions inside a
transaction (CVE-2019-15030 bsc#1149713).
- commit 76a34af
- x86/ptrace: fix up botched merge of spectrev1 fix (bnc#1149376
CVE-2019-15902).
- commit 77497b6
- config: enable STACKPROTECTOR_STRONG (jsc#SLE-9120 bsc#1130365)
Enable CONFIG_STACKPROTECTOR_STRONG on all architectures except s390x
(where the feature is not available). This extends the number of functions
which are protected by "stack canary" check to catch functions writing past
their stack frame.
This change was requested by SUSE security to make our kernels more
resistant to some types of stack overflow attacks. Tests performed by
kernel performance teams confirmed that performance impact is acceptable.
- commit d6e8aab
==== libxml2 ====
Subpackages: libxml2-2 libxml2-tools
- Do not depend on setuptools to keep the depgraph small and
avoid build cycles
- Use python[23]-libmxl2 as python names not python-libxml2-python
which is kinda confusing
- Do not ship libtool archive anymore
- Enable tests also in the python subpackages
- Added a new configurable variable XPATH_DEFAULT_MAX_NODESET_LENGTH
to avoid nodeset limit when processing large XML files [bsc#1135123]
* Added libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch
- Merge python-libxml2-python spec and changes files into the
libxml2 ones using _multibuild [bsc#1126499, bsc#1123919]
==== makedumpfile ====
Version update (1.6.5 -> 1.6.6)
- makedumpfile-Increase-SECTION_MAP_LAST_BIT-to-4.patch: Increase
SECTION_MAP_LAST_BIT to 4 (bsc#1144708).
- Update to 1.6.6
* Support for AMD Secure Memory Encryption
* Exclude pages that are logically offline
* Support kernels up to 5.1.9
- Drop makedumpfile-coptflags.diff.
==== multipath-tools ====
Version update (0.8.2+26+suse.d884195 -> 0.8.2+27+suse.3ff280b)
Subpackages: kpartx libmpath0
- Update to version 0.8.2+27+suse.3ff280b:
* Added upstream patch to fix premature path reinstantiation
with san_path_err_XX (boo#1149319)
==== patterns-containers ====
- Add reg to kubernetes utilities pattern
==== permissions ====
Version update (1550_20190711 -> 1550_20190830)
Subpackages: chkstat permissions-config
- Update to version 20190830:
* dumpcap: remove 'other' executable bit because of capabilities (boo#1148788, CVE-2019-3687)
- Update to version 20190829:
* add one more missing slash for icinga2
* fix more missing slashes for directories
- Update to version 20190820:
* cron directory permissions: add slashes
==== podman ====
Subpackages: podman-cni-config
- Add katacontainers as a recommended package, and include it as an
additional OCI runtime in the configuration.
==== rpm-config-SUSE ====
Version update (0.g32 -> 0.g35)
- Update to version 0.g35:
* Add _distconfdir as /usr/etc
* find-provides.ksyms, find-requires.ksyms: cleanup kernel version handling (bsc#1145601).
* find-requires.ksyms: fix matching of uninstalled files (bsc#1145601).
* add changes
==== texinfo ====
Version update (6.5 -> 6.6)
- Move texindex.awk to package texinfo as texindex(1) is part of
and use this awk script
- Port the texinfo-zlib.patch to new version 6.6 to solve build problems
- Update to version 6.6:
* Language:
. new commands @&, @ampchar{}
. @cropmarks command removed
. @ctrl is no longer recognised (it was a way to insert literal
control characters in Info files, but deprecated since the
time of Texinfo version 2)
. \usebracesinindexestrue is no longer recommended for using braces in
index entries, and has been a no-op for some time
* texi2any
. extension modules fixed to work with the "thread-safe locales" of
Perl 5.28 and newer
. some code changed to stop warnings being given by newer versions of Perl
. for HTML output, use `id' to define link targets instead of the `name'
attribute on <a>
. A native-code implementation of the Texinfo parser has been included
on an experimental basis, which makes texi2any a lot faster. Set the
`TEXINFO_XS_PARSER' environment variable to 1 to use.
. changes to HTML output:
. omit colon after node name in menus by default (use
`MENU_ENTRY_COLON' to add it back)
. no special CSS for commands like @smallexample
. new customization variable `SECTION_NAME_IN_TITLE' to use the
section name as the document <title>
. use section names instead of node names in generated menus
. pass on flags set with -D to TeX
. useless static libraries are not installed
. the newline after an @insertcopying is not output
. warning given for @multitable prototypes not in braces
. @indent and @noindent are not allowed inside the arguments to
commands where they are not meaningful
. @quote-arg and @allow-recursion are not recognised (these two used
to be recognised by makeinfo in macro definitions but were never
implemented in texinfo.tex)
. `FIX_TEXINFO' removed as a customization variable
. do not recognise or warn about obsolete customization variables
* info
. debugging output with -x is not diverted to a separate infodebug file
* Development:
. switch from Subversion to git
- https://savannah.gnu.org/git/?group=texinfo
. automake 1.16
- Drop no longer needed patch:
* perl-5.28-fixes.patch
==== util-linux ====
Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1
- lsblk: force to print PKNAME for partition with
e3bb9bfb76c17b1d05814436ced62c05c4011f48.patch
- Remove outdated buildignore for pwdutils, had no effect with
shadow anyways
==== util-linux-systemd ====
- lsblk: force to print PKNAME for partition with
e3bb9bfb76c17b1d05814436ced62c05c4011f48.patch
- Remove outdated buildignore for pwdutils, had no effect with
shadow anyways
==== xen ====
- Upstream bug fixes (bsc#1027519)
5d419d49-x86-spec-ctrl-report-proper-status.patch
5d43253c-x86-ucode-always-collect_cpu_info-at-boot.patch
5d4aa36f-x86-apic-enable-x2APIC-mode-earlier.patch
5d4afa7a-credit2-fix-memory-leak.patch
5d4d850a-introduce-bss-percpu-page-aligned.patch
5d516531-x86-xpti-dont-leak-TSS-adjacent-data.patch
5d5bf475-x86-PV-fix-handling-of-iommu-mappings.patch
5d6524ca-x86-mm-correctly-init-M2P-entries.patch
- Preserve modified files which used to be marked as %config,
rename file.rpmsave to file
--
To unsubscribe, e-mail: opensuse-kubic+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-kubic+owner(a)opensuse.org
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=1&version=T…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
cloud-init
cri-o (1.15.0 -> 1.15.1)
elfutils
findutils (4.6.0 -> 4.7.0)
gawk
glib2 (2.60.6 -> 2.60.7)
kernel-firmware (20190815 -> 20190827)
kernel-source (5.2.11 -> 5.2.14)
libxml2
makedumpfile (1.6.5 -> 1.6.6)
multipath-tools (0.8.2+26+suse.d884195 -> 0.8.2+27+suse.3ff280b)
patterns-base
patterns-containers
permissions (1550_20190711 -> 1550_20190830)
podman
rpm-config-SUSE (0.g32 -> 0.g35)
salt
texinfo (6.5 -> 6.6)
util-linux
util-linux-systemd
xen
=== Details ===
==== cloud-init ====
- Add cloud-init-add-static-routes.diff (bsc#1141969)
+ Properly handle static routes. The EphemeralDHCP context manager did
not parse or handle rfc3442 classless static routes which prevented
reading datasource metadata in some clouds.
- Update cloud-init-trigger-udev.patch (bsc#1144363)
- The __str__ implementation no longer delivers the name of the interface,
use the "name" attribute instead to form a proper path in the
sysfs tree
- Update cloud-init-write-routes.patch (bsc#1144881)
+ If no routes are set for a subnet but the subnet has a gateway
specified, set the gateway as the default route for the interface
- Follow the ever changing inconsistencies of version definitions and
detection in the build service.
+ No more suse_version in SUSE internal instance for SLES 15 SP1
==== cri-o ====
Version update (1.15.0 -> 1.15.1)
Subpackages: cri-o-kubeadm-criconfig
- Add katacontainers as a recommended package, and include it as an
additional OCI runtime in the configuration.
- Document the format of the [crio.runtime.runtimes] table entries,
and remove clutter from the current runc entry.
- Update to v1.15.1:
* Bump container storage to v1.12.6
* Allow building with go1.10
* Allow default IP route to not be present
* Update libpod to the latest version
* Require crio-wipe for crio service file
* Disable crio-wipe in systemd by default
* Change default apparmor profile to actually contain the version
==== elfutils ====
Subpackages: libasm1 libdw1 libebl-plugins libelf1
- Modernize specfile and metadata.
==== findutils ====
Version update (4.6.0 -> 4.7.0)
- Upgrade to 4.7.0.
- findutils.spec:
- Change source compression from gzip to xz.
- Align comments about how to bump the version.
- Activate the signature checking via *.sig and keyring files.
- Remove downstream hack in %check section to make a test executable.
- Delete obsolete patches:
- disable-broken-tests.patch
- gnulib-libio.patch
- sv-bug-48030-find-exec-plus-does-not-pass-all-arguments.patch
- sysmacros.patch
- findutils-4.4.2-xautofs.patch: Refresh, and rename ...
- findutils-xautofs.patch: ... to this.
==== gawk ====
- Upgrade descriptions.
==== glib2 ====
Version update (2.60.6 -> 2.60.7)
Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0
- Update to version 2.60.7:
+ Bugs fixed: glgo#GNOME/GLib#1819, glgo#GNOME/GLib#1847,
glgo#GNOME/GLib!1012, glgo#GNOME/GLib!1013,
glgo#GNOME/GLib!1061, glgo#GNOME/GLib!1065,
glgo#GNOME/GLib!1081.
==== kernel-firmware ====
Version update (20190815 -> 20190827)
Subpackages: ucode-amd
- Update to version 20190827 (git-commit 7307a29961ad):
* brcm: Add 43455 based AP6255 NVRAM for the Minix Neo Z83-4 Mini PC
* brcm: Add 43340 based AP6234 NVRAM for the PoV TAB-P1006W-232 tablet
* iwlwifi: update FWs to core45-152 release
* check_whence: Add copy-firmware.sh to the list of ignored files
* rtl_bt: Update RTL8822C BT FW to V0x098A_94A4
* linux-firmware: Update firmware file for Intel Bluetooth AX200
* linux-firmware: Update firmware file for Intel Bluetooth AX201
* linux-firmware: Update firmware file for Intel Bluetooth 9560
* linux-firmware: Update firmware file for Intel Bluetooth 9260
* Mellanox: Add new mlxsw_spectrum firmware 13.2000.1886
==== kernel-source ====
Version update (5.2.11 -> 5.2.14)
Subpackages: kernel-debug kernel-default
- Linux 5.2.14 (bnc#1012628).
- Revert "mmc: core: do not retry CMD6 in __mmc_switch()"
(bnc#1012628).
- x86/boot: Preserve boot_params.secure_boot from sanitizing
(bnc#1012628).
- Revert "x86/apic: Include the LDR when clearing out APIC
registers" (bnc#1012628).
- libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer
(bnc#1012628).
- x86/boot/compressed/64: Fix missing initialization in
find_trampoline_placement() (bnc#1012628).
- KVM: arm/arm64: VGIC: Properly initialise private IRQ affinity
(bnc#1012628).
- gpio: Fix irqchip initialization order (bnc#1012628).
- RDMA/bnxt_re: Fix stack-out-of-bounds in
bnxt_qplib_rcfw_send_message (bnc#1012628).
- afs: use correct afs_call_type in yfs_fs_store_opaque_acl2
(bnc#1012628).
- afs: Fix possible oops in afs_lookup trace event (bnc#1012628).
- afs: Fix leak in afs_lookup_cell_rcu() (bnc#1012628).
- KVM: arm/arm64: Only skip MMIO insn once (bnc#1012628).
- ceph: fix buffer free while holding i_ceph_lock in fill_inode()
(bnc#1012628).
- ceph: fix buffer free while holding i_ceph_lock in
__ceph_build_xattrs_blob() (bnc#1012628).
- ceph: fix buffer free while holding i_ceph_lock in
__ceph_setxattr() (bnc#1012628).
- drm/amdgpu: prevent memory leaks in AMDGPU_CS ioctl
(bnc#1012628).
- selftests/kvm: make platform_info_test pass on AMD
(bnc#1012628).
- selftests: kvm: fix state save/load on processors without XSAVE
(bnc#1012628).
- infiniband: hfi1: fix memory leaks (bnc#1012628).
- infiniband: hfi1: fix a memory leak bug (bnc#1012628).
- IB/mlx4: Fix memory leaks (bnc#1012628).
- RDMA/cma: fix null-ptr-deref Read in cma_cleanup (bnc#1012628).
- nvme: Fix cntlid validation when not using NVMEoF (bnc#1012628).
- nvme-multipath: fix possible I/O hang when paths are updated
(bnc#1012628).
- Tools: hv: kvp: eliminate 'may be used uninitialized' warning
(bnc#1012628).
- Input: hyperv-keyboard: Use in-place iterator API in the
channel callback (bnc#1012628).
- scsi: lpfc: Mitigate high memory pre-allocation by SCSI-MQ
(bnc#1012628).
- x86/boot/compressed/64: Fix boot on machines with broken E820
table (bnc#1012628).
- HID: cp2112: prevent sleeping function called from invalid
context (bnc#1012628).
- HID: intel-ish-hid: ipc: add EHL device id (bnc#1012628).
- kprobes: Fix potential deadlock in kprobe_optimizer()
(bnc#1012628).
- sched/core: Schedule new worker even if PI-blocked
(bnc#1012628).
- ravb: Fix use-after-free ravb_tstamp_skb (bnc#1012628).
- wimax/i2400m: fix a memory leak bug (bnc#1012628).
- net: cavium: fix driver name (bnc#1012628).
- ibmvnic: Unmap DMA address of TX descriptor buffers after use
(bnc#1012628).
- net: kalmia: fix memory leaks (bnc#1012628).
- cx82310_eth: fix a memory leak bug (bnc#1012628).
- vfs: fix page locking deadlocks when deduping files
(bnc#1012628).
- lan78xx: Fix memory leaks (bnc#1012628).
- clk: Fix potential NULL dereference in clk_fetch_parent_index()
(bnc#1012628).
- clk: Fix falling back to legacy parent string matching
(bnc#1012628).
- net: myri10ge: fix memory leaks (bnc#1012628).
- liquidio: add cleanup in octeon_setup_iq() (bnc#1012628).
- selftests: kvm: fix vmx_set_nested_state_test (bnc#1012628).
- selftests: kvm: provide common function to enable eVMCS
(bnc#1012628).
- selftests: kvm: do not try running the VM in
vmx_set_nested_state_test (bnc#1012628).
- cxgb4: fix a memory leak bug (bnc#1012628).
- scsi: target: tcmu: avoid use-after-free after command timeout
(bnc#1012628).
- scsi: qla2xxx: Fix gnl.l memory leak on adapter init failure
(bnc#1012628).
- drm/mediatek: set DMA max segment size (bnc#1012628).
- drm/mediatek: use correct device to import PRIME buffers
(bnc#1012628).
- netfilter: nft_flow_offload: skip tcp rst and fin packets
(bnc#1012628).
- gpio: Fix build error of function redefinition (bnc#1012628).
- ibmveth: Convert multicast list size for little-endian system
(bnc#1012628).
- s390/qeth: serialize cmd reply with concurrent timeout
(bnc#1012628).
- Bluetooth: hci_qca: Send VS pre shutdown command (bnc#1012628).
- Bluetooth: btqca: Add a short delay before downloading the NVM
(bnc#1012628).
- net: tc35815: Explicitly check NET_IP_ALIGN is not zero in
tc35815_rx (bnc#1012628).
- hv_netvsc: Fix a warning of suspicious RCU usage (bnc#1012628).
- ixgbe: fix possible deadlock in ixgbe_service_task()
(bnc#1012628).
- tools: bpftool: fix error message (prog -> object)
(bnc#1012628).
- netfilter: nf_flow_table: teardown flow timeout race
(bnc#1012628).
- netfilter: nf_flow_table: conntrack picks up expired flows
(bnc#1012628).
- netfilter: nf_tables: use-after-free in failing rule with
bound set (bnc#1012628).
- net: tundra: tsi108: use spin_lock_irqsave instead of
spin_lock_irq in IRQ context (bnc#1012628).
- clk: samsung: exynos542x: Move MSCL subsystem clocks to its
sub-CMU (bnc#1012628).
- clk: samsung: exynos5800: Move MAU subsystem clocks to MAU
sub-CMU (bnc#1012628).
- clk: samsung: Change signature of exynos5_subcmus_init()
function (bnc#1012628).
- net/mlx5e: Fix error flow of CQE recovery on tx reporter
(bnc#1012628).
- netfilter: nf_flow_table: fix offload for flows that are
subject to xfrm (bnc#1012628).
- libbpf: set BTF FD for prog only when there is supported
.BTF.ext data (bnc#1012628).
- libbpf: fix erroneous multi-closing of BTF FD (bnc#1012628).
- batman-adv: Fix netlink dumping of all mcast_flags buckets
(bnc#1012628).
- net/rds: Fix info leak in rds6_inc_info_copy() (bnc#1012628).
- net/sched: pfifo_fast: fix wrong dereference when qdisc is reset
(bnc#1012628).
- net/sched: pfifo_fast: fix wrong dereference in
pfifo_fast_enqueue (bnc#1012628).
- net: dsa: tag_8021q: Future-proof the reserved fields in the
custom VID (bnc#1012628).
- Add genphy_c45_config_aneg() function to phy-c45.c
(bnc#1012628).
- net/sched: cbs: Set default link speed to 10 Mbps in
cbs_set_port_rate (bnc#1012628).
- taprio: Set default link speed to 10 Mbps in
taprio_set_picos_per_byte (bnc#1012628).
- taprio: Fix kernel panic in taprio_destroy (bnc#1012628).
- r8152: remove calling netif_napi_del (bnc#1012628).
- Revert "r8152: napi hangup fix after disconnect" (bnc#1012628).
- nfp: flower: handle neighbour events on internal ports
(bnc#1012628).
- nfp: flower: prevent ingress block binds on internal ports
(bnc#1012628).
- tcp: remove empty skb from write queue in error cases
(bnc#1012628).
- tcp: inherit timestamp on mtu probe (bnc#1012628).
- net: stmmac: dwmac-rk: Don't fail if phy regulator is absent
(bnc#1012628).
- net_sched: fix a NULL pointer deref in ipt action (bnc#1012628).
- net: sched: act_sample: fix psample group handling on overwrite
(bnc#1012628).
- net: fix skb use after free in netpoll (bnc#1012628).
- mld: fix memory leak in mld_del_delrec() (bnc#1012628).
- commit af75f09
- config: enable SLAB_FREELIST_HARDENED (bsc#1127808)
Enable SLAB_FREELIST_HARDENED on all architectures. This obscures the
free object pointer on a per-cache basis making it more difficult to
locate kernel objects via exploits probing the cache metadata.
This change was requested by the upstream openSUSE community to make
the kernel more resistent to slab freelist attacks. Tests conducted
by the kernel performance teams confirmed that the performance impact
is detectable but negligible.
- commit 94938f2
- rpm/constraints.in: lower disk space required for ARM
With a requirement of 35GB, only 2 slow workers are usable for ARM.
Current aarch64 build requires 27G and armv6/7 requires 14G.
Set requirements respectively to 30GB and 20GB.
- commit f84c163
- config: enable STACKPROTECTOR_STRONG also on armv6hl
Recently reenabled armv6hl architecture has STACKPROTECTOR_STRONG disabled,
enable it here as well.
- commit f434a32
- Linux 5.2.13 (bnc#1012628).
- Revert "Input: elantech - enable SMBus on new (2018+) systems"
(bnc#1012628).
- commit acd8e88
- Linux 5.2.12 (bnc#1012628).
- dmaengine: ste_dma40: fix unneeded variable warning
(bnc#1012628).
- nvme-multipath: revalidate nvme_ns_head gendisk in
nvme_validate_ns (bnc#1012628).
- afs: Fix the CB.ProbeUuid service handler to reply correctly
(bnc#1012628).
- afs: Fix loop index mixup in
afs_deliver_vl_get_entry_by_name_u() (bnc#1012628).
- fs: afs: Fix a possible null-pointer dereference in
afs_put_read() (bnc#1012628).
- afs: Fix off-by-one in afs_rename() expected data version
calculation (bnc#1012628).
- afs: Only update d_fsdata if different in afs_d_revalidate()
(bnc#1012628).
- afs: Fix missing dentry data version updating (bnc#1012628).
- nvmet: Fix use-after-free bug when a port is removed
(bnc#1012628).
- nvmet-loop: Flush nvme_delete_wq when removing the port
(bnc#1012628).
- nvmet-file: fix nvmet_file_flush() always returning an error
(bnc#1012628).
- nvme-core: Fix extra device_put() call on error path
(bnc#1012628).
- nvme: fix a possible deadlock when passthru commands sent to
a multipath device (bnc#1012628).
- nvme-rdma: fix possible use-after-free in connect error flow
(bnc#1012628).
- nvme: fix controller removal race with scan work (bnc#1012628).
- nvme-pci: Fix async probe remove race (bnc#1012628).
- soundwire: cadence_master: fix register definition for
SLAVE_STATE (bnc#1012628).
- soundwire: cadence_master: fix definitions for INTSTAT0/1
(bnc#1012628).
- auxdisplay: panel: need to delete scan_timer when misc_register
fails in panel_attach (bnc#1012628).
- btrfs: trim: Check the range passed into to prevent overflow
(bnc#1012628).
- IB/mlx5: Fix implicit MR release flow (bnc#1012628).
- dmaengine: stm32-mdma: Fix a possible null-pointer dereference
in stm32_mdma_irq_handler() (bnc#1012628).
- omap-dma/omap_vout_vrfb: fix off-by-one fi value (bnc#1012628).
- iommu/dma: Handle SG length overflow better (bnc#1012628).
- dma-direct: don't truncate dma_required_mask to bus addressing
capabilities (bnc#1012628).
- usb: gadget: composite: Clear "suspended" on reset/disconnect
(bnc#1012628).
- usb: gadget: mass_storage: Fix races between fsg_disable and
fsg_set_alt (bnc#1012628).
- habanalabs: fix DRAM usage accounting on context tear down
(bnc#1012628).
- habanalabs: fix endianness handling for packets from user
(bnc#1012628).
- habanalabs: fix completion queue handling when host is BE
(bnc#1012628).
- habanalabs: fix endianness handling for internal QMAN submission
(bnc#1012628).
- habanalabs: fix device IRQ unmasking for BE host (bnc#1012628).
- xen/blkback: fix memory leaks (bnc#1012628).
- arm64: cpufeature: Don't treat granule sizes as strict
(bnc#1012628).
- riscv: fix flush_tlb_range() end address for flush_tlb_page()
(bnc#1012628).
- i2c: rcar: avoid race when unregistering slave client
(bnc#1012628).
- i2c: emev2: avoid race when unregistering slave client
(bnc#1012628).
- drm/scheduler: use job count instead of peek (bnc#1012628).
- drm/ast: Fixed reboot test may cause system hanged
(bnc#1012628).
- usb: host: fotg2: restart hcd after port reset (bnc#1012628).
- tools: hv: fixed Python pep8/flake8 warnings for lsvmbus
(bnc#1012628).
- tools: hv: fix KVP and VSS daemons exit code (bnc#1012628).
- locking/rwsem: Add missing ACQUIRE to read_slowpath exit when
queue is empty (bnc#1012628).
- lcoking/rwsem: Add missing ACQUIRE to read_slowpath sleep loop
(bnc#1012628).
- watchdog: bcm2835_wdt: Fix module autoload (bnc#1012628).
- selftests/bpf: install files test_xdp_vlan.sh (bnc#1012628).
- drm/bridge: tfp410: fix memleak in get_modes() (bnc#1012628).
- mt76: usb: fix rx A-MSDU support (bnc#1012628).
- ipv6/addrconf: allow adding multicast addr if IFA_F_MCAUTOJOIN
is set (bnc#1012628).
- ipv6: Fix return value of ipv6_mc_may_pull() for malformed
packets (bnc#1012628).
- net: cpsw: fix NULL pointer exception in the probe error path
(bnc#1012628).
- net: fix __ip_mc_inc_group usage (bnc#1012628).
- net/smc: make sure EPOLLOUT is raised (bnc#1012628).
- tcp: make sure EPOLLOUT wont be missed (bnc#1012628).
- ipv4: mpls: fix mpls_xmit for iptunnel (bnc#1012628).
- openvswitch: Fix conntrack cache with timeout (bnc#1012628).
- ipv4/icmp: fix rt dst dev null pointer dereference
(bnc#1012628).
- xfrm/xfrm_policy: fix dst dev null pointer dereference in
collect_md mode (bnc#1012628).
- mm/zsmalloc.c: fix build when CONFIG_COMPACTION=n (bnc#1012628).
- ALSA: usb-audio: Check mixer unit bitmap yet more strictly
(bnc#1012628).
- ALSA: hda/ca0132 - Add new SBZ quirk (bnc#1012628).
- ALSA: line6: Fix memory leak at line6_init_pcm() error path
(bnc#1012628).
- ALSA: hda - Fixes inverted Conexant GPIO mic mute led
(bnc#1012628).
- ALSA: seq: Fix potential concurrent access to the deleted pool
(bnc#1012628).
- ALSA: usb-audio: Fix invalid NULL check in
snd_emuusb_set_samplerate() (bnc#1012628).
- ALSA: usb-audio: Add implicit fb quirk for Behringer UFX1604
(bnc#1012628).
- kvm: x86: skip populating logical dest map if apic is not sw
enabled (bnc#1012628).
- KVM: x86: hyper-v: don't crash on KVM_GET_SUPPORTED_HV_CPUID
when kvm_intel.nested is disabled (bnc#1012628).
- KVM: x86: Don't update RIP or do single-step on faulting
emulation (bnc#1012628).
- uprobes/x86: Fix detection of 32-bit user mode (bnc#1012628).
- x86/mm/cpa: Prevent large page split when ftrace flips RW on
kernel text (bnc#1012628).
- x86/apic: Do not initialize LDR and DFR for bigsmp
(bnc#1012628).
- x86/apic: Include the LDR when clearing out APIC registers
(bnc#1012628).
- HID: logitech-hidpp: remove support for the G700 over USB
(bnc#1012628).
- ftrace: Fix NULL pointer dereference in t_probe_next()
(bnc#1012628).
- ftrace: Check for successful allocation of hash (bnc#1012628).
- ftrace: Check for empty hash and comment the race with
registering probes (bnc#1012628).
- usbtmc: more sanity checking for packet size (bnc#1012628).
- usb-storage: Add new JMS567 revision to unusual_devs
(bnc#1012628).
- USB: cdc-wdm: fix race between write and disconnect due to
flag abuse (bnc#1012628).
- usb: hcd: use managed device resources (bnc#1012628).
- usb: chipidea: udc: don't do hardware access if gadget has
stopped (bnc#1012628).
- usb: host: ohci: fix a race condition between shutdown and irq
(bnc#1012628).
- usb: host: xhci: rcar: Fix typo in compatible string matching
(bnc#1012628).
- USB: storage: ums-realtek: Update module parameter description
for auto_delink_en (bnc#1012628).
- USB: storage: ums-realtek: Whitelist auto-delink support
(bnc#1012628).
- tools/power turbostat: Fix caller parameter of get_tdp_amd()
(bnc#1012628).
- KVM: PPC: Book3S: Fix incorrect guest-to-user-translation
error handling (bnc#1012628).
- KVM: arm/arm64: vgic: Fix potential deadlock when ap_list is
long (bnc#1012628).
- KVM: arm/arm64: vgic-v2: Handle SGI bits in GICD_I{S,C}PENDR0
as WI (bnc#1012628).
- mei: me: add Tiger Lake point LP device ID (bnc#1012628).
- Revert "mmc: sdhci-tegra: drop ->get_ro() implementation"
(bnc#1012628).
- mmc: sdhci-of-at91: add quirk for broken HS200 (bnc#1012628).
- mmc: sdhci-cadence: enable v4_mode to fix ADMA 64-bit addressing
(bnc#1012628).
- mmc: core: Fix init of SD cards reporting an invalid VDD range
(bnc#1012628).
- mmc: sdhci-sprd: fixed incorrect clock divider (bnc#1012628).
- mmc: sdhci-sprd: add SDHCI_QUIRK2_PRESET_VALUE_BROKEN
(bnc#1012628).
- stm class: Fix a double free of stm_source_device (bnc#1012628).
- intel_th: pci: Add support for another Lewisburg PCH
(bnc#1012628).
- intel_th: pci: Add Tiger Lake support (bnc#1012628).
- typec: tcpm: fix a typo in the comparison of pdo_max_voltage
(bnc#1012628).
- fsi: scom: Don't abort operations for minor errors
(bnc#1012628).
- lkdtm/bugs: fix build error in lkdtm_EXHAUST_STACK
(bnc#1012628).
- NFSv4/pnfs: Fix a page lock leak in nfs_pageio_resend()
(bnc#1012628).
- NFS: Ensure O_DIRECT reports an error if the bytes read/written
is 0 (bnc#1012628).
- Revert "NFSv4/flexfiles: Abort I/O early if the layout segment
was invalidated" (bnc#1012628).
- lib: logic_pio: Fix RCU usage (bnc#1012628).
- lib: logic_pio: Avoid possible overlap for unregistering regions
(bnc#1012628).
- lib: logic_pio: Add logic_pio_unregister_range() (bnc#1012628).
- drm/amdgpu: Add APTX quirk for Dell Latitude 5495 (bnc#1012628).
- drm/amdgpu: fix GFXOFF on Picasso and Raven2 (bnc#1012628).
- drm/i915: Don't deballoon unused ggtt drm_mm_node in linux guest
(bnc#1012628).
- drm/i915: Call dma_set_max_seg_size() in i915_driver_hw_probe()
(bnc#1012628).
- i2c: piix4: Fix port selection for AMD Family 16h Model 30h
(bnc#1012628).
- bus: hisi_lpc: Unregister logical PIO range to avoid potential
use-after-free (bnc#1012628).
- bus: hisi_lpc: Add .remove method to avoid driver unbind crash
(bnc#1012628).
- VMCI: Release resource if the work is already queued
(bnc#1012628).
- crypto: ccp - Ignore unconfigured CCP device on suspend/resume
(bnc#1012628).
- SUNRPC: Don't handle errors if the bind/connect succeeded
(bnc#1012628).
- mt76: mt76x0u: do not reset radio on resume (bnc#1012628).
- mms: sdhci-sprd: add SDHCI_QUIRK_BROKEN_CARD_DETECTION
(bnc#1012628).
- mm, memcg: partially revert "mm/memcontrol.c: keep local VM
counters in sync with the hierarchical ones" (bnc#1012628).
- mm: memcontrol: fix percpu vmstats and vmevents flush
(bnc#1012628).
- Revert "cfg80211: fix processing world regdomain when non
modular" (bnc#1012628).
- mac80211: fix possible sta leak (bnc#1012628).
- cfg80211: Fix Extended Key ID key install checks (bnc#1012628).
- mac80211: Don't memset RXCB prior to PAE intercept
(bnc#1012628).
- mac80211: Correctly set noencrypt for PAE frames (bnc#1012628).
- mmc: sdhci-sprd: clear the UHS-I modes read from registers
(bnc#1012628).
- mmc: sdhci-sprd: Implement the get_max_timeout_count() interface
(bnc#1012628).
- mmc: sdhci-sprd: add get_ro hook function (bnc#1012628).
- iwlwifi: add new cards for 22000 and fix struct name
(bnc#1012628).
- iwlwifi: add new cards for 22000 and change wrong structs
(bnc#1012628).
- iwlwifi: add new cards for 9000 and 20000 series (bnc#1012628).
- iwlwifi: change 0x02F0 fw from qu to quz (bnc#1012628).
- iwlwifi: pcie: add support for qu c-step devices (bnc#1012628).
- iwlwifi: pcie: don't switch FW to qnj when ax201 is detected
(bnc#1012628).
- iwlwifi: pcie: handle switching killer Qu B0 NICs to C0
(bnc#1012628).
- drm/i915: Do not create a new max_bpc prop for MST connectors
(bnc#1012628).
- drm/i915/dp: Fix DSC enable code to use cpu_transcoder instead
of encoder->type (bnc#1012628).
- bpf: fix use after free in prog symbol exposure (bnc#1012628).
- hsr: implement dellink to clean up resources (bnc#1012628).
- hsr: fix a NULL pointer deref in hsr_dev_xmit() (bnc#1012628).
- hsr: switch ->dellink() to ->ndo_uninit() (bnc#1012628).
- Revert "ASoC: Fail card instantiation if DAI format setup fails"
(bnc#1012628).
- commit bb4c31d
- powerpc/tm: Fix restoring FP/VMX facility incorrectly on
interrupts (CVE-2019-15031 bsc#1149713).
- powerpc/tm: Fix FP/VMX unavailable exceptions inside a
transaction (CVE-2019-15030 bsc#1149713).
- commit 76a34af
- x86/ptrace: fix up botched merge of spectrev1 fix (bnc#1149376
CVE-2019-15902).
- commit 77497b6
- config: enable STACKPROTECTOR_STRONG (jsc#SLE-9120 bsc#1130365)
Enable CONFIG_STACKPROTECTOR_STRONG on all architectures except s390x
(where the feature is not available). This extends the number of functions
which are protected by "stack canary" check to catch functions writing past
their stack frame.
This change was requested by SUSE security to make our kernels more
resistant to some types of stack overflow attacks. Tests performed by
kernel performance teams confirmed that performance impact is acceptable.
- commit d6e8aab
==== libxml2 ====
Subpackages: libxml2-2 libxml2-tools
- Do not depend on setuptools to keep the depgraph small and
avoid build cycles
- Use python[23]-libmxl2 as python names not python-libxml2-python
which is kinda confusing
- Do not ship libtool archive anymore
- Enable tests also in the python subpackages
- Added a new configurable variable XPATH_DEFAULT_MAX_NODESET_LENGTH
to avoid nodeset limit when processing large XML files [bsc#1135123]
* Added libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch
- Merge python-libxml2-python spec and changes files into the
libxml2 ones using _multibuild [bsc#1126499, bsc#1123919]
==== makedumpfile ====
Version update (1.6.5 -> 1.6.6)
- makedumpfile-Increase-SECTION_MAP_LAST_BIT-to-4.patch: Increase
SECTION_MAP_LAST_BIT to 4 (bsc#1144708).
- Update to 1.6.6
* Support for AMD Secure Memory Encryption
* Exclude pages that are logically offline
* Support kernels up to 5.1.9
- Drop makedumpfile-coptflags.diff.
==== multipath-tools ====
Version update (0.8.2+26+suse.d884195 -> 0.8.2+27+suse.3ff280b)
Subpackages: kpartx libmpath0
- Update to version 0.8.2+27+suse.3ff280b:
* Added upstream patch to fix premature path reinstantiation
with san_path_err_XX (boo#1149319)
==== patterns-base ====
Subpackages: patterns-base-apparmor patterns-base-minimal_base
- minimal_base: remove dracut. Only useful when there is also a
kernel and the kernel requires it anyways.
- base:
* remove bootloader packages. They are only required on real
hardware or VMs. YaST will add them.
* remove btrfsprogs. Has supplemements on btrfs so will be auto
installed when on btrfs. Also yast installs it.
* remove snapper (supplements btrfsprogs)
* move openssh to enhanced_base
- enhanced_base:
* iproute2 already in minimal_base
* remove explicit grub and plymouth branding. They are pulled
via supplements
- documentation:
* remove info2html, old tool not useful today.
* susehelp and sled manuals no longer exist
* Use minimal_base as Basesystem is just an alias
- sw_management:
* require zypper also on TW
==== patterns-containers ====
Subpackages: patterns-containers-container_runtime patterns-containers-container_runtime_kubernetes patterns-containers-kubeadm patterns-containers-kubernetes_utilities patterns-containers-kubic_admin patterns-containers-kubic_loadbalancer patterns-containers-kubic_worker
- Add reg to kubernetes utilities pattern
==== permissions ====
Version update (1550_20190711 -> 1550_20190830)
Subpackages: chkstat permissions-config
- Update to version 20190830:
* dumpcap: remove 'other' executable bit because of capabilities (boo#1148788, CVE-2019-3687)
- Update to version 20190829:
* add one more missing slash for icinga2
* fix more missing slashes for directories
- Update to version 20190820:
* cron directory permissions: add slashes
==== podman ====
Subpackages: podman-cni-config
- Add katacontainers as a recommended package, and include it as an
additional OCI runtime in the configuration.
==== rpm-config-SUSE ====
Version update (0.g32 -> 0.g35)
- Update to version 0.g35:
* Add _distconfdir as /usr/etc
* find-provides.ksyms, find-requires.ksyms: cleanup kernel version handling (bsc#1145601).
* find-requires.ksyms: fix matching of uninstalled files (bsc#1145601).
* add changes
==== salt ====
Subpackages: python3-salt salt-master salt-minion salt-standalone-formulas-configuration
- Require shadow instead of old pwdutils (bsc#1130588)
- Conflict with tornado >= 5; for now we can only cope with Tornado 4.x (boo#1101780).
- Fix virt.full_info (bsc#1146382)
- virt.volume_infos: silence libvirt error message
- virt.volume_infos needs to ignore inactive pools
- Fix for various bugs in virt network and pool states
- Implement network.fqdns module function (bsc#1134860)
- Added:
* 2019.2.0-pr-54196-backport-173.patch
* virt.volume_infos-silence-libvirt-error-message-175.patch
* fix-virt.full_info-176.patch
* implement-network.fqdns-module-function-bsc-1134860-.patch
* virt.volume_infos-needs-to-ignore-inactive-pools-174.patch
- Restore default behaviour of pkg list return (bsc#1148714)
- Strip trailing "/" from repo.uri when comparing repos in apktpkg.mod_repo (bsc#1146192)
- Added:
* strip-trailing-from-repo.uri-when-comparing-repos-in.patch
* restore-default-behaviour-of-pkg-list-return.patch
- Use python3 to build package Salt for RHEL8
- Make python3 default for RHEL8
- Fix aptpkg systemd call (bsc#1143301)
- Added:
* fix-aptpkg-systemd-call-bsc-1143301.patch
==== texinfo ====
Version update (6.5 -> 6.6)
- Move texindex.awk to package texinfo as texindex(1) is part of
and use this awk script
- Port the texinfo-zlib.patch to new version 6.6 to solve build problems
- Update to version 6.6:
* Language:
. new commands @&, @ampchar{}
. @cropmarks command removed
. @ctrl is no longer recognised (it was a way to insert literal
control characters in Info files, but deprecated since the
time of Texinfo version 2)
. \usebracesinindexestrue is no longer recommended for using braces in
index entries, and has been a no-op for some time
* texi2any
. extension modules fixed to work with the "thread-safe locales" of
Perl 5.28 and newer
. some code changed to stop warnings being given by newer versions of Perl
. for HTML output, use `id' to define link targets instead of the `name'
attribute on <a>
. A native-code implementation of the Texinfo parser has been included
on an experimental basis, which makes texi2any a lot faster. Set the
`TEXINFO_XS_PARSER' environment variable to 1 to use.
. changes to HTML output:
. omit colon after node name in menus by default (use
`MENU_ENTRY_COLON' to add it back)
. no special CSS for commands like @smallexample
. new customization variable `SECTION_NAME_IN_TITLE' to use the
section name as the document <title>
. use section names instead of node names in generated menus
. pass on flags set with -D to TeX
. useless static libraries are not installed
. the newline after an @insertcopying is not output
. warning given for @multitable prototypes not in braces
. @indent and @noindent are not allowed inside the arguments to
commands where they are not meaningful
. @quote-arg and @allow-recursion are not recognised (these two used
to be recognised by makeinfo in macro definitions but were never
implemented in texinfo.tex)
. `FIX_TEXINFO' removed as a customization variable
. do not recognise or warn about obsolete customization variables
* info
. debugging output with -x is not diverted to a separate infodebug file
* Development:
. switch from Subversion to git
- https://savannah.gnu.org/git/?group=texinfo
. automake 1.16
- Drop no longer needed patch:
* perl-5.28-fixes.patch
==== util-linux ====
Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1
- lsblk: force to print PKNAME for partition with
e3bb9bfb76c17b1d05814436ced62c05c4011f48.patch
- Remove outdated buildignore for pwdutils, had no effect with
shadow anyways
==== util-linux-systemd ====
- lsblk: force to print PKNAME for partition with
e3bb9bfb76c17b1d05814436ced62c05c4011f48.patch
- Remove outdated buildignore for pwdutils, had no effect with
shadow anyways
==== xen ====
- Upstream bug fixes (bsc#1027519)
5d419d49-x86-spec-ctrl-report-proper-status.patch
5d43253c-x86-ucode-always-collect_cpu_info-at-boot.patch
5d4aa36f-x86-apic-enable-x2APIC-mode-earlier.patch
5d4afa7a-credit2-fix-memory-leak.patch
5d4d850a-introduce-bss-percpu-page-aligned.patch
5d516531-x86-xpti-dont-leak-TSS-adjacent-data.patch
5d5bf475-x86-PV-fix-handling-of-iommu-mappings.patch
5d6524ca-x86-mm-correctly-init-M2P-entries.patch
- Preserve modified files which used to be marked as %config,
rename file.rpmsave to file
--
To unsubscribe, e-mail: opensuse-kubic+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-kubic+owner(a)opensuse.org
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
pam (1.3.1 -> 1.3.1+git20190807.e31dd6c)
qrencode (4.0.0 -> 4.0.2)
=== Details ===
==== pam ====
Version update (1.3.1 -> 1.3.1+git20190807.e31dd6c)
- Replace old $RPM_* shell vars by macros.
- Avoid unnecessary invocation of subshells.
- Shorten recipe for constructing securetty contents on s390.
- usr-etc-support.patch: Add support for /usr/etc/pam.d
- encryption_method_nis.diff: obsolete, NIS clients shouldn't
require DES anymore.
- etc.environment: removed, the sources contain the same
- Update to version 1.3.1+git20190807.e31dd6c:
* pam_tty_audit: Manual page clarification about password logging
* pam_get_authtok_verify: Avoid duplicate password verification
* Mention that ./autogen.sh is needeed to be run if you check out the sources from git
* pam_unix: Correct MAXPASS define name in the previous two commits.
* Restrict password length when changing password
* Trim password at PAM_MAX_RESP_SIZE chars
* pam_succeed_if: Request user data only when needed
* pam_tally2: Remove unnecessary fsync()
* Fixed a grammer mistake
* Fix documentation for pam_wheel
* Fix a typo in the documentation
* pam_lastlog: Improve silent option documentation
* pam_lastlog: Respect PAM_SILENT flag
* Fix regressions from the last commits.
* Replace strndupa with strncpy
* build: ignore pam_lastlog when logwtmp is not available.
* build: ignore pam_rhosts if neither ruserok nor ruserok_af is available.
* pam_motd: Cleanup the code and avoid unnecessary logging
* pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs.
* Move the duplicated search_key function to pam_modutil.
* pam_unix: Use pam_syslog instead of helper_log_err.
* pam_unix: Report unusable hashes found by checksalt to syslog.
* Revert "pam_unix: Add crypt_default method, if supported."
* pam_unix: Add crypt_default method, if supported.
* Revert part of the commit 4da9febc
* pam_unix: Add support for (gost-)yescrypt hashing methods.
* pam_unix: Fix closing curly brace. (#77)
* pam_unix: Add support for crypt_checksalt, if libcrypt supports it.
* pam_unix: Prefer a gensalt function, that supports auto entropy.
* pam_motd: Fix segmentation fault when no motd_dir specified (#76)
* pam_motd: Support multiple motd paths specified, with filename overrides (#69)
* pam_unix: Use bcrypt b-variant for computing new hashes.
* pam_tally, pam_tally2: fix grammar and spelling (#54)
* Fix grammar of messages printed via pam_prompt
* pam_stress: do not mark messages for translation
* pam_unix: remove obsolete _UNIX_AUTHTOK, _UNIX_OLD_AUTHTOK, and _UNIX_NEW_AUTHTOK macros
* pam_unix: remove obsolete _unix_read_password prototype
==== qrencode ====
Version update (4.0.0 -> 4.0.2)
- Update to version 4.0.2
* Build script fixes. (Thanks to @mgorny)
version 4.0.1
* CMake support improved.
* New test scripts have been added.
* Some compile time warnings have been fixed.
- Refreshed qrencode-fix-installation.patch
--
To unsubscribe, e-mail: opensuse-kubic+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-kubic+owner(a)opensuse.org
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=1&version=T…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
nfs-utils (2.1.1 -> 2.3.3)
pam (1.3.1 -> 1.3.1+git20190807.e31dd6c)
qrencode (4.0.0 -> 4.0.2)
=== Details ===
==== nfs-utils ====
Version update (2.1.1 -> 2.3.3)
- 0005-nfs.conf-fail-to-disable-major-NFS-version-4-using-v.patch
Fix a bug that cause NFSv4 service to always be enabled, if
the server was enabled at all.
- removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by
firewalld, see [1].
[1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html
- remove libnfsidmap1 dependency for nfs-client.
It isn't needed.
- Remove service aliases - these files are deleted.
nfs.service
nfsserver.service
nfs-server.nfsserver.conf
nfs-client.nfs.conf
Now the upstream standard service names "nfs-client" and "nfs-server"
must be used.
- 0004-nfsidmap-honour-with-pluginpath-for-instalation.patch
Allow plugins to be installed properly
- nfs-utils.spec
Package shared library correctly
- 0001-nfs.conf-allow-empty-assignments.patch
Fix regression due to unnecessary "error" messages from nfs.conf
- 0002-Let-systemd-know-when-rpc.statd-is-needed.patch
0003-systemd-run-statd-notify-even-when-nfs-client-isn-t-.patch
Fixes for systemd integration
(bsc#1116221)
- New version: nfs-utils-2.3.3
The nfsidmap library source has been merged into
nfs-utils, so this source package now makes
nfsidmap and nfsidmap-devel packages.
New program "nfsconf" improves access to nfs config files.
Delete patches that have been included upstream:
0001-conffile-ignore-empty-environment-variables.patch
0002-mount-call-setgroups-before-setuid.patch
0003-nfs-server-generator-handle-noauto-mounts-correctly.patch
nsm-headers.patch
sysmacros.patch
==== pam ====
Version update (1.3.1 -> 1.3.1+git20190807.e31dd6c)
- Replace old $RPM_* shell vars by macros.
- Avoid unnecessary invocation of subshells.
- Shorten recipe for constructing securetty contents on s390.
- usr-etc-support.patch: Add support for /usr/etc/pam.d
- encryption_method_nis.diff: obsolete, NIS clients shouldn't
require DES anymore.
- etc.environment: removed, the sources contain the same
- Update to version 1.3.1+git20190807.e31dd6c:
* pam_tty_audit: Manual page clarification about password logging
* pam_get_authtok_verify: Avoid duplicate password verification
* Mention that ./autogen.sh is needeed to be run if you check out the sources from git
* pam_unix: Correct MAXPASS define name in the previous two commits.
* Restrict password length when changing password
* Trim password at PAM_MAX_RESP_SIZE chars
* pam_succeed_if: Request user data only when needed
* pam_tally2: Remove unnecessary fsync()
* Fixed a grammer mistake
* Fix documentation for pam_wheel
* Fix a typo in the documentation
* pam_lastlog: Improve silent option documentation
* pam_lastlog: Respect PAM_SILENT flag
* Fix regressions from the last commits.
* Replace strndupa with strncpy
* build: ignore pam_lastlog when logwtmp is not available.
* build: ignore pam_rhosts if neither ruserok nor ruserok_af is available.
* pam_motd: Cleanup the code and avoid unnecessary logging
* pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs.
* Move the duplicated search_key function to pam_modutil.
* pam_unix: Use pam_syslog instead of helper_log_err.
* pam_unix: Report unusable hashes found by checksalt to syslog.
* Revert "pam_unix: Add crypt_default method, if supported."
* pam_unix: Add crypt_default method, if supported.
* Revert part of the commit 4da9febc
* pam_unix: Add support for (gost-)yescrypt hashing methods.
* pam_unix: Fix closing curly brace. (#77)
* pam_unix: Add support for crypt_checksalt, if libcrypt supports it.
* pam_unix: Prefer a gensalt function, that supports auto entropy.
* pam_motd: Fix segmentation fault when no motd_dir specified (#76)
* pam_motd: Support multiple motd paths specified, with filename overrides (#69)
* pam_unix: Use bcrypt b-variant for computing new hashes.
* pam_tally, pam_tally2: fix grammar and spelling (#54)
* Fix grammar of messages printed via pam_prompt
* pam_stress: do not mark messages for translation
* pam_unix: remove obsolete _UNIX_AUTHTOK, _UNIX_OLD_AUTHTOK, and _UNIX_NEW_AUTHTOK macros
* pam_unix: remove obsolete _unix_read_password prototype
==== qrencode ====
Version update (4.0.0 -> 4.0.2)
- Update to version 4.0.2
* Build script fixes. (Thanks to @mgorny)
version 4.0.1
* CMake support improved.
* New test scripts have been added.
* Some compile time warnings have been fixed.
- Refreshed qrencode-fix-installation.patch
--
To unsubscribe, e-mail: opensuse-kubic+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-kubic+owner(a)opensuse.org
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
aaa_base (84.87+git20190718.ce933cb -> 84.87+git20190822.82a17f1)
bash
dmidecode
filesystem
gzip
ldb (1.5.4 -> 1.5.5)
libdb-4_8
libgcrypt (1.8.4 -> 1.8.5)
shadow
snapper
zstd (1.4.2 -> 1.4.3)
=== Details ===
==== aaa_base ====
Version update (84.87+git20190718.ce933cb -> 84.87+git20190822.82a17f1)
- Update to version 84.87+git20190822.82a17f1:
* add sysctl.d/51-network.conf to tighten network security a bit
see also (boo#1146866) (jira#SLE-9132)
==== bash ====
- Add official patch bash50-008
When HISTSIZE is set to 0, history expansion can leave the history length
set to an incorrect value, leading to subsequent attempts to access invalid
memory.
- Add official patch bash50-009
The history file reading code doesn't close the file descriptor open to
the history file when it encounters a zero-length file.
==== dmidecode ====
2 recommended fixes from upstream:
- dmidecode-only-scan-dev-mem-for-entry-point-on-x86.patch: Only
scan /dev/mem for entry point on x86 (fixes reboot on ARM64).
- dmidecode-fix-formatting-of-tpm-table-output.patch: Fix
formatting of TPM table output (missing newlines).
==== filesystem ====
- Move /etc.cron.* directories to cron package
- Add /usr/etc
==== gzip ====
- refresh gzip-1.10-ibm_dfltcc_support.patch to fix three data
corruption issues [bsc#1145276] [jsc#SLE-5818] [jsc#SLE-8914]
==== ldb ====
Version update (1.5.4 -> 1.5.5)
- Update to 1.5.5
+ LDAP_REFERRAL_SCHEME_OPAQUE was added to ldb_module.h; (bso#12478);
+ Skip @ records early in a search full scan; (bso#13893);
==== libdb-4_8 ====
- Add opd deadlock patch as found and documented by Red Hat.
(bsc#1148244)
* 0001-OPD-deadlock-RH-BZ-1349779.patch
- Remove the getpatches as it does not work at all, oracle
removed the pages
- Use spec-cleaner
- Fix stripped debuginfo to make sure we can debug with libdb
==== libgcrypt ====
Version update (1.8.4 -> 1.8.5)
- libgcrypt 1.8.5:
* CVE-2019-13627: mitigation against an ECDSA timing attack (boo#1148987)
* Improve ECDSA unblinding
* Provide a pkg-config file
==== shadow ====
- bsc#1144060: Add pam_keyinit.so to /etc/pam.d configuration files
to support kernel keyring feature
- Update pamd.tar.bz2 with pam configuration files accordingly
- encryption_method_nis.patch: drop, DES should really not be used
anymore anywhere, even with NIS
- shadow-login_defs-suse.patch: remove encryption NIS entry
==== snapper ====
Subpackages: libsnapper4
- reusing existing subvolumes on mksubvolume run
(bsc#1138725, bsc#1126900, gh#openSUSE/snapper#236)
==== zstd ====
Version update (1.4.2 -> 1.4.3)
- Update to version 1.4.3
* bug: Fix Dictionary Compression Ratio Regression (#1709)
* bug: Fix Buffer Overflow in v0.3 Decompression (#1722)
* build: Add support for IAR C/C++ Compiler for Arm (#1705)
* misc: Add NULL pointer check in util.c (#1706)
--
To unsubscribe, e-mail: opensuse-kubic+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-kubic+owner(a)opensuse.org
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=1&version=T…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
aaa_base (84.87+git20190718.ce933cb -> 84.87+git20190822.82a17f1)
bash
dmidecode
filesystem
gzip
haproxy (2.0.3+git14.0ff395c1 -> 2.0.5+git0.d905f49a)
ldb (1.5.4 -> 1.5.5)
libdb-4_8
libgcrypt (1.8.4 -> 1.8.5)
libsodium
python-cheroot
shadow
snapper
yomi-formula (0.0.1+git.1565868437.c6afdff -> 0.0.1+git.1566569312.4133e8e)
zstd (1.4.2 -> 1.4.3)
=== Details ===
==== aaa_base ====
Version update (84.87+git20190718.ce933cb -> 84.87+git20190822.82a17f1)
- Update to version 84.87+git20190822.82a17f1:
* add sysctl.d/51-network.conf to tighten network security a bit
see also (boo#1146866) (jira#SLE-9132)
==== bash ====
- Add official patch bash50-008
When HISTSIZE is set to 0, history expansion can leave the history length
set to an incorrect value, leading to subsequent attempts to access invalid
memory.
- Add official patch bash50-009
The history file reading code doesn't close the file descriptor open to
the history file when it encounters a zero-length file.
==== dmidecode ====
2 recommended fixes from upstream:
- dmidecode-only-scan-dev-mem-for-entry-point-on-x86.patch: Only
scan /dev/mem for entry point on x86 (fixes reboot on ARM64).
- dmidecode-fix-formatting-of-tpm-table-output.patch: Fix
formatting of TPM table output (missing newlines).
==== filesystem ====
- Move /etc.cron.* directories to cron package
- Add /usr/etc
==== gzip ====
- refresh gzip-1.10-ibm_dfltcc_support.patch to fix three data
corruption issues [bsc#1145276] [jsc#SLE-5818] [jsc#SLE-8914]
==== haproxy ====
Version update (2.0.3+git14.0ff395c1 -> 2.0.5+git0.d905f49a)
- enable prometheus exporter
- enable verbose make output
- Update to version 2.0.5+git0.d905f49a:
* [RELEASE] Released version 2.0.5
* BUG/MEDIUM: mux_pt: Don't call unsubscribe if we did not subscribe.
* MINOR: fd: make sure to mark the thread as not stuck in fd_update_events()
* BUG/MINOR: stats: Wait the body before processing POST requests
* BUG/MEDIUM: lua: Fix test on the direction to set the channel exp timeout
* BUG/MEDIUM: mux_h1: Don't bother subscribing in recv if we're not connected.
* BUG/MINOR: Fix prometheus '# TYPE' and '# HELP' headers
* BUG/MINOR: lua: fix setting netfilter mark
* BUG/MEDIUM: proxy: Don't use cs_destroy() when freeing the conn_stream.
* BUG/MEDIUM: proxy: Don't forget the SF_HTX flag when upgrading TCP=>H1+HTX.
* BUG/MINOR: buffers/threads: always clear a buffer's head before releasing it
* MINOR: ssl: ssl_fc_has_early should work for BoringSSL
* BUG/MINOR: ssl: fix 0-RTT for BoringSSL
* BUG/MEDIUM: stick-table: Wrong stick-table backends parsing.
* [RELEASE] Released version 2.0.4
* BUG/MEDIUM: checks: make sure to close nicely when we're the last to speak
* BUG/MINOR: mux-h2: always reset rcvd_s when switching to a new frame
* BUG/MINOR: mux-h2: always send stream window update before connection's
* BUG/MEDIUM: mux-h2: do not recheck a frame type after a state transition
* BUG/MINOR: mux-h2: do not send REFUSED_STREAM on aborted uploads
* BUG/MINOR: mux-h2: use CANCEL, not STREAM_CLOSED in h2c_frt_handle_data()
* BUG/MINOR: mux-h2: don't refrain from sending an RST_STREAM after another one
* BUG/MEDIUM: fd: Always reset the polled_mask bits in fd_dodelete().
* BUG/MEDIUM: proxy: Make sure to destroy the stream on upgrade from TCP to H2
* BUG/MEDIUM: mux-h2: split the stream's and connection's window sizes
* BUG/MEDIUM: mux-h2: unbreak receipt of large DATA frames
* BUG/MINOR: stream-int: also update analysers timeouts on activity
* BUG/MAJOR: http/sample: use a static buffer for raw -> htx conversion
* BUG/MEDIUM: lb-chash: Ensure the tree integrity when server weight is increased
* MINOR: wdt: also consider that waiting in the thread dumper is normal
* BUG/MINOR: debug: fix a small race in the thread dumping code
==== ldb ====
Version update (1.5.4 -> 1.5.5)
- Update to 1.5.5
+ LDAP_REFERRAL_SCHEME_OPAQUE was added to ldb_module.h; (bso#12478);
+ Skip @ records early in a search full scan; (bso#13893);
==== libdb-4_8 ====
- Add opd deadlock patch as found and documented by Red Hat.
(bsc#1148244)
* 0001-OPD-deadlock-RH-BZ-1349779.patch
- Remove the getpatches as it does not work at all, oracle
removed the pages
- Use spec-cleaner
- Fix stripped debuginfo to make sure we can debug with libdb
==== libgcrypt ====
Version update (1.8.4 -> 1.8.5)
- libgcrypt 1.8.5:
* CVE-2019-13627: mitigation against an ECDSA timing attack (boo#1148987)
* Improve ECDSA unblinding
* Provide a pkg-config file
==== libsodium ====
- Revert previous change about cpuid as previous change rejected
in https://build.opensuse.org/request/show/724809
- Disable LTO as bypass boo#1148184
- Add libsodium_configure_cpuid_chg.patch and call autoconf
to regenerate configure script with proper CPUID checking.
Required at least for PowerPC and ARM now that LTO enabled.
==== python-cheroot ====
- Add cheroot_fix_so_peercred_ppc.patch
to solve python 2.7 tests failures for PowerPC, boo#1147151
- Drop dependency on backports.functools_lru_cache for the python3 subpackage
This fixes bsc#1149124
==== shadow ====
- bsc#1144060: Add pam_keyinit.so to /etc/pam.d configuration files
to support kernel keyring feature
- Update pamd.tar.bz2 with pam configuration files accordingly
- encryption_method_nis.patch: drop, DES should really not be used
anymore anywhere, even with NIS
- shadow-login_defs-suse.patch: remove encryption NIS entry
==== snapper ====
Subpackages: libsnapper4
- reusing existing subvolumes on mksubvolume run
(bsc#1138725, bsc#1126900, gh#openSUSE/snapper#236)
==== yomi-formula ====
Version update (0.0.1+git.1565868437.c6afdff -> 0.0.1+git.1566569312.4133e8e)
- Lower the priority of /usr/share/yomi/pillar
- Update to version 0.0.1+git.1566569312.4133e8e:
* storage.wipe: state to wipe all devices
- Update to version 0.0.1+git.1566565353.86af2cb:
* devices.hwinfo: parse the hwinfo report
- Update to version 0.0.1+git.1565683297.a242917:
* pillar: make grub2_console persent in config
- Update to version 0.0.1+git.1565626987.fdda5d6:
* grub2_mkconfig: do not use gfxterm when in console mode
* docs: update links to Factory
* pillar: use better default pattern
- Update to version 0.0.1+git.1565607953.281fdae:
* bootloader: provides a default value to kernel
- Update to version 0.0.1+git.1565597137.7fbd398:
* devices.hwinfo provide a basic report module
* devices.wipe: remove GRUB signature
* bootloader: check for the second stage
* reboot: replace kexec config option with reboot
- Update to version 0.0.1+git.1565191883.64eabeb:
* devices.wipe: clean disk information
* pillar: add to MicroOS the new subvols
* pillar: fix services for MicroOS
* partitioned: ignore flags that contains type=
* partitioned: wipefs the new partition
- Update to version 0.0.1+git.1565017592.7207cea:
* documentation: add a note about the pillar top.sls
- Update to version 0.0.1+git.1564577012.3d7decf:
* _default_target: fix systemctl call
* documentation: add top.sls creation
- Change Requires to Requires(pre) for Salt packages, to guarantee
ordering of installation and the presence of the 'salt' group.
- Require salt-master for non SLE/Leap 15.1 nor Tumbleweed
- Remove the top.sls provided as an example from Yomi
- Update to version 0.0.1+git.1564144697.5bce6e9:
* pillar: add user certificate as example
- Update to version 0.0.1+git.1564140669.8074699:
* chroot: freeze and unfreeze packages
* salt-minion: fix unless condition
* users: support cerfificates
* pillar: parametrize the device type
* pillar: remove extra user
* pillar: set US as default keryboard layout
* pillar: add a Kubic pillar
* Split documentation about Kubic
* Document boot parameters master and minion_id
* _default_target: add config option to set target
* README: fix references to installer.sls
- Update to version 0.0.1+git.1560951712.33b7ae5:
* control_plane: use the first interface IP
* Fix macros.log call
* use-case-as-a-kubic-worker: fix monitor path
- Update to version 0.0.1+git.1560947494.0b6189a:
* network: fix dhcp config path
- Update to version 0.0.1+git.1560946703.1c4d880:
* Add use-case-deploying-kubic-from-scratch document
- Update to version 0.0.1+git.1560859479.b7d8fe1:
* network: configure network to accept hostanames
* Document --adv-addr in kubicctl
- Update to version 0.0.1+git.1560775166.35e3299:
* network: use the same ifcfg config file from YaST
* Add advanced configuration section
* Add use-case-as-a-kubic-worker documentation
- Update to version 0.0.1+git.1560526707.be4ae81:
* top: use generic glob
- Update to version 0.0.1+git.1560504884.48ef883:
* yomi: move all the states to a new ns
- Move to /usr/share/salt-formulas
- Add example configuration files
- Update to version 0.0.1+git.1560256453.82ef153:
* mark: mark successful installations
* firstboot: add systemd-firstboot support
* network: configure all interfaces
* fstab: use the not_change attribute
* Support salt-minion installation
* Unify YAML boolean syntax
* network: replace network detection algorithm
* README: document services section
* services: use systemctl to find service status
* microos: enable crio and kubelet services
* services: add enabled / disabled states
* microos: add Kubic patterns
* devices: deduce the net name in order
* network: add basic network configuration
* software: support minimal installation
* MicroOS: add extra bootloader data
* MicroOS: add RO option for root subvolume
* MicroOS: fix size typo
* software: support pattern detection
* fstab: support non-default options
* post_install: use the btrfs.properties state
* MicroOS: Add new patterns in software section
* bootloader: Call grub2-set-default
* bootloader: Run grub2_mkconfig after configuration change
* bootloader: Add kernel and disable_os_prober features
* software: do not jump into inner states
* post_install: do not jump into inner states
* Rename states to use underscore
* device.umount: fix variable name
* MicroOS: use patterns instead of packages
* MicroOS: Add a pillar to deploy MicroOS
* LVM: Refactor LVM definition
* pillar: parametrize all the pillars
* devices.filter: rename to filter_ and create an alias
- Update to version 0.0.1+git.1553705260.c137d0e:
* partmod: move partition logic to the module
* Extract unit parser from partitioned
* partition: introduce `id` attribute
* partitioned: move partitioned.devices to devices.filter
* partition: simplify fs_type look out
* partitioned: rename aligment to initial_gap
* README.md: Remove extra dot
* README.md: Comment about UEFI and secure boot.
* README.md: Add some notes about monitor.
* README.md: Add installation instructions.
- Add initial version of Salt Yomi formula
==== zstd ====
Version update (1.4.2 -> 1.4.3)
- Update to version 1.4.3
* bug: Fix Dictionary Compression Ratio Regression (#1709)
* bug: Fix Buffer Overflow in v0.3 Decompression (#1722)
* build: Add support for IAR C/C++ Compiler for Arm (#1705)
* misc: Add NULL pointer check in util.c (#1706)
--
To unsubscribe, e-mail: opensuse-kubic+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-kubic+owner(a)opensuse.org
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
attr
dhcp
hwinfo
iproute2 (5.1 -> 5.2)
libtool
libyajl
libzio
lua53
mozilla-nss (3.44.1 -> 3.45)
ncurses
openldap2
pcre
readline
tcpd
xz
=== Details ===
==== attr ====
Subpackages: libattr1
- Use FAT LTO objects in order to provide proper static library.
==== dhcp ====
Subpackages: dhcp-client
- dhclient-script: replace host(1) with getent, which is more
lightweight (part of glibc and does not pull in bind-utils)
- Use FAT LTO objects in order to provide proper static library.
==== hwinfo ====
- Use FAT LTO objects in order to provide proper static library.
==== iproute2 ====
Version update (5.1 -> 5.2)
- Use FAT LTO objects in order to provide proper static library.
- Use %make_build.
- Update to new upstream release 5.2
* devlink: increase column size for larger shared buffers
* ip: reset netns after each command in batch mode
* ip addr: do not set IPv6 specific options for IPv4 addresses
* ip fou: support binding FOU ports
* ip link: support bridge vlan_stats_per_port
* ip link: support vlan bridge binding flag
* ip macsec: supporet gcm-aes-256 cipher type
* ip monitor: display interfaces from all groups
* ip neigh: show neighbor offload indication
* rdma: add link add/delete
* rdma: update node type strings
* ss: add option for single line output
* ss: show raw numbers for data rates with --numeric
* tc: support for plug qdisc
* tc: taprio: support for changing schedules
* tc: taprio: support cycle_time and cycle_time_extensions
* tipc: support for link broadcast method and ratio
* update documentation
==== libtool ====
- Use FAT LTO objects in order to provide proper static library.
==== libyajl ====
- Use FAT LTO objects in order to provide proper static library.
==== libzio ====
- Use FAT LTO objects in order to provide proper static library
==== lua53 ====
- Use FAT LTO objects in order to provide proper static library.
==== mozilla-nss ====
Version update (3.44.1 -> 3.45)
- update to NSS 3.45 (bsc#1141322)
* required by Firefox 69.0
New functions
* PK11_FindRawCertsWithSubject - Finds all certificates on the
given slot with the given subject distinguished name and returns
them as DER bytes. If no such certificates can be found, returns
SECSuccess and sets *results to NULL. If a failure is encountered
while fetching any of the matching certificates, SECFailure is
returned and *results will be NULL.
Notable changes
* bmo#1540403 - Implement Delegated Credentials
* bmo#1550579 - Replace ARM32 Curve25519 implementation with one
from fiat-crypto
* bmo#1551129 - Support static linking on Windows
* bmo#1552262 - Expose a function PK11_FindRawCertsWithSubject for
finding certificates with a given subject on a given slot
* bmo#1546229 - Add IPSEC IKE support to softoken
* bmo#1554616 - Add support for the Elbrus lcc compiler (<=1.23)
* bmo#1543874 - Expose an external clock for SSL
* bmo#1546477 - Various changes in response to the ongoing FIPS review
Certificate Authority Changes
* The following CA certificates were Removed:
bmo#1552374 - CN = Certinomis - Root CA
Bugs fixed
* bmo#1540541 - Don't unnecessarily strip leading 0's from key material
during PKCS11 import (CVE-2019-11719)
* bmo#1515342 - More thorough input checking (CVE-2019-11729)
* bmo#1552208 - Prohibit use of RSASSA-PKCS1-v1_5 algorithms in
TLS 1.3 (CVE-2019-11727)
* bmo#1227090 - Fix a potential divide-by-zero in makePfromQandSeed
from lib/freebl/pqg.c (static analysis)
* bmo#1227096 - Fix a potential divide-by-zero in PQG_VerifyParams
from lib/freebl/pqg.c (static analysis)
* bmo#1509432 - De-duplicate code between mp_set_long and mp_set_ulong
* bmo#1515011 - Fix a mistake with ChaCha20-Poly1305 test code where
tags could be faked. Only relevant for clients that might have copied
the unit test code verbatim
* bmo#1550022 - Ensure nssutil3 gets built on Android
* bmo#1528174 - ChaCha20Poly1305 should no longer modify output
length on failure
* bmo#1549382 - Don't leak in PKCS#11 modules if C_GetSlotInfo()
returns error
* bmo#1551041 - Fix builds using GCC < 4.3 on big-endian architectures
* bmo#1554659 - Add versioning to OpenBSD builds to fix link time
errors using NSS
* bmo#1553443 - Send session ticket only after handshake is marked
as finished
* bmo#1550708 - Fix gyp scripts on Solaris SPARC so that libfreebl_64fpu_3.so
builds
* bmo#1554336 - Optimize away unneeded loop in mpi.c
* bmo#1559906 - fipstest: use CKM_TLS12_MASTER_KEY_DERIVE instead of vendor
specific mechanism
* bmo#1558126 - TLS_AES_256_GCM_SHA384 should be marked as FIPS compatible
* bmo#1555207 - HelloRetryRequestCallback return code for rejecting 0-RTT
* bmo#1556591 - Eliminate races in uses of PK11_SetWrapKey
* bmo#1558681 - Stop using a global for anti-replay of TLS 1.3 early data
* bmo#1561510 - Fix a bug where removing -arch XXX args from CC didn't work
* bmo#1561523 - Add a string for the new-ish error
SSL_ERROR_MISSING_POST_HANDSHAKE_AUTH_EXTENSION
- split hmac subpackages to match SLE's packaging
- Use -ffat-lto-objects in order to provide assembly for static libs.
==== ncurses ====
Subpackages: libncurses6 ncurses-utils terminfo terminfo-base
- Add ncurses patch 20190810
+ fix a few more coverity warnings.
- Add ncurses patch 20190803
+ improve loop limits in _nc_scroll_window() to handle a case where
the scrolled data is a pad which is taller than the window (patch
by Rob King).
+ amend the change to screen, because tmux relies upon that entry
and does not support that feature (Debian #933572) -TD
+ updated ms-terminal entry & notes -TD
+ updated kitty entry & notes -TD
+ updated alacritty+common entry & notes -TD
+ use xterm+sl-twm for consistency -TD
- Add ncurses patch 20190728
+ fix a few more coverity warnings.
+ more documentation updates based on tctest.
- Add ncurses patch 20190727
+ fix a few coverity warnings.
+ documentation updates based on tctest.
- Add ncurses patch 20190720
+ fix a few warnings for gcc 4.x
+ add some portability/historical details to the tic, toe and infocmp
manual pages.
+ correct fix for broken link from terminfo(5) to tabs(1) manpage
(report by Sven Joachim).
- Use FAT LTO objects in order to provide proper static library.
==== openldap2 ====
- Use FAT LTO objects in order to provide proper static library.
==== pcre ====
- Use FAT LTO objects in order to provide proper static library.
==== readline ====
- Rework patch readline-7.0-screen.patch again for bug boo#1143055
* Map all "screen(-xxx)?.yyy(-zzz)?" to "screen" as well as
map "konsole(-xxx)?" and "gnome(-xxx)?" to "xterm"
- Add official patch readline80-001
The history file reading code doesn't close the file descriptor open to
the history file when it encounters a zero-length file.
- Use FAT LTO objects in order to provide proper static library.
==== tcpd ====
- Use FAT LTO objects in order to provide proper static library.
==== xz ====
Subpackages: liblzma5
- Use FAT LTO objects in order to provide proper static library.
--
To unsubscribe, e-mail: opensuse-kubic+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-kubic+owner(a)opensuse.org
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=1&version=T…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
attr
dhcp
gperftools
hwinfo
iproute2 (5.1 -> 5.2)
leveldb
libtool
libyajl
libzio
lua53
mozilla-nspr
mozilla-nss (3.44.1 -> 3.45)
ncurses
openldap2
pcre
readline
tcpd
xz
=== Details ===
==== attr ====
Subpackages: libattr1
- Use FAT LTO objects in order to provide proper static library.
==== dhcp ====
Subpackages: dhcp-client
- dhclient-script: replace host(1) with getent, which is more
lightweight (part of glibc and does not pull in bind-utils)
- Use FAT LTO objects in order to provide proper static library.
==== gperftools ====
- Use FAT LTO objects in order to provide proper static library.
==== hwinfo ====
- Use FAT LTO objects in order to provide proper static library.
==== iproute2 ====
Version update (5.1 -> 5.2)
- Use FAT LTO objects in order to provide proper static library.
- Use %make_build.
- Update to new upstream release 5.2
* devlink: increase column size for larger shared buffers
* ip: reset netns after each command in batch mode
* ip addr: do not set IPv6 specific options for IPv4 addresses
* ip fou: support binding FOU ports
* ip link: support bridge vlan_stats_per_port
* ip link: support vlan bridge binding flag
* ip macsec: supporet gcm-aes-256 cipher type
* ip monitor: display interfaces from all groups
* ip neigh: show neighbor offload indication
* rdma: add link add/delete
* rdma: update node type strings
* ss: add option for single line output
* ss: show raw numbers for data rates with --numeric
* tc: support for plug qdisc
* tc: taprio: support for changing schedules
* tc: taprio: support cycle_time and cycle_time_extensions
* tipc: support for link broadcast method and ratio
* update documentation
==== leveldb ====
- Use FAT LTO objects in order to provide proper static library.
==== libtool ====
- Use FAT LTO objects in order to provide proper static library.
==== libyajl ====
- Use FAT LTO objects in order to provide proper static library.
==== libzio ====
- Use FAT LTO objects in order to provide proper static library
==== lua53 ====
- Use FAT LTO objects in order to provide proper static library.
==== mozilla-nspr ====
- Use FAT LTO objects in order to provide proper static library.
==== mozilla-nss ====
Version update (3.44.1 -> 3.45)
Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs
- update to NSS 3.45 (bsc#1141322)
* required by Firefox 69.0
New functions
* PK11_FindRawCertsWithSubject - Finds all certificates on the
given slot with the given subject distinguished name and returns
them as DER bytes. If no such certificates can be found, returns
SECSuccess and sets *results to NULL. If a failure is encountered
while fetching any of the matching certificates, SECFailure is
returned and *results will be NULL.
Notable changes
* bmo#1540403 - Implement Delegated Credentials
* bmo#1550579 - Replace ARM32 Curve25519 implementation with one
from fiat-crypto
* bmo#1551129 - Support static linking on Windows
* bmo#1552262 - Expose a function PK11_FindRawCertsWithSubject for
finding certificates with a given subject on a given slot
* bmo#1546229 - Add IPSEC IKE support to softoken
* bmo#1554616 - Add support for the Elbrus lcc compiler (<=1.23)
* bmo#1543874 - Expose an external clock for SSL
* bmo#1546477 - Various changes in response to the ongoing FIPS review
Certificate Authority Changes
* The following CA certificates were Removed:
bmo#1552374 - CN = Certinomis - Root CA
Bugs fixed
* bmo#1540541 - Don't unnecessarily strip leading 0's from key material
during PKCS11 import (CVE-2019-11719)
* bmo#1515342 - More thorough input checking (CVE-2019-11729)
* bmo#1552208 - Prohibit use of RSASSA-PKCS1-v1_5 algorithms in
TLS 1.3 (CVE-2019-11727)
* bmo#1227090 - Fix a potential divide-by-zero in makePfromQandSeed
from lib/freebl/pqg.c (static analysis)
* bmo#1227096 - Fix a potential divide-by-zero in PQG_VerifyParams
from lib/freebl/pqg.c (static analysis)
* bmo#1509432 - De-duplicate code between mp_set_long and mp_set_ulong
* bmo#1515011 - Fix a mistake with ChaCha20-Poly1305 test code where
tags could be faked. Only relevant for clients that might have copied
the unit test code verbatim
* bmo#1550022 - Ensure nssutil3 gets built on Android
* bmo#1528174 - ChaCha20Poly1305 should no longer modify output
length on failure
* bmo#1549382 - Don't leak in PKCS#11 modules if C_GetSlotInfo()
returns error
* bmo#1551041 - Fix builds using GCC < 4.3 on big-endian architectures
* bmo#1554659 - Add versioning to OpenBSD builds to fix link time
errors using NSS
* bmo#1553443 - Send session ticket only after handshake is marked
as finished
* bmo#1550708 - Fix gyp scripts on Solaris SPARC so that libfreebl_64fpu_3.so
builds
* bmo#1554336 - Optimize away unneeded loop in mpi.c
* bmo#1559906 - fipstest: use CKM_TLS12_MASTER_KEY_DERIVE instead of vendor
specific mechanism
* bmo#1558126 - TLS_AES_256_GCM_SHA384 should be marked as FIPS compatible
* bmo#1555207 - HelloRetryRequestCallback return code for rejecting 0-RTT
* bmo#1556591 - Eliminate races in uses of PK11_SetWrapKey
* bmo#1558681 - Stop using a global for anti-replay of TLS 1.3 early data
* bmo#1561510 - Fix a bug where removing -arch XXX args from CC didn't work
* bmo#1561523 - Add a string for the new-ish error
SSL_ERROR_MISSING_POST_HANDSHAKE_AUTH_EXTENSION
- split hmac subpackages to match SLE's packaging
- Use -ffat-lto-objects in order to provide assembly for static libs.
==== ncurses ====
Subpackages: libncurses6 ncurses-utils terminfo terminfo-base
- Add ncurses patch 20190810
+ fix a few more coverity warnings.
- Add ncurses patch 20190803
+ improve loop limits in _nc_scroll_window() to handle a case where
the scrolled data is a pad which is taller than the window (patch
by Rob King).
+ amend the change to screen, because tmux relies upon that entry
and does not support that feature (Debian #933572) -TD
+ updated ms-terminal entry & notes -TD
+ updated kitty entry & notes -TD
+ updated alacritty+common entry & notes -TD
+ use xterm+sl-twm for consistency -TD
- Add ncurses patch 20190728
+ fix a few more coverity warnings.
+ more documentation updates based on tctest.
- Add ncurses patch 20190727
+ fix a few coverity warnings.
+ documentation updates based on tctest.
- Add ncurses patch 20190720
+ fix a few warnings for gcc 4.x
+ add some portability/historical details to the tic, toe and infocmp
manual pages.
+ correct fix for broken link from terminfo(5) to tabs(1) manpage
(report by Sven Joachim).
- Use FAT LTO objects in order to provide proper static library.
==== openldap2 ====
- Use FAT LTO objects in order to provide proper static library.
==== pcre ====
- Use FAT LTO objects in order to provide proper static library.
==== readline ====
- Rework patch readline-7.0-screen.patch again for bug boo#1143055
* Map all "screen(-xxx)?.yyy(-zzz)?" to "screen" as well as
map "konsole(-xxx)?" and "gnome(-xxx)?" to "xterm"
- Add official patch readline80-001
The history file reading code doesn't close the file descriptor open to
the history file when it encounters a zero-length file.
- Use FAT LTO objects in order to provide proper static library.
==== tcpd ====
- Use FAT LTO objects in order to provide proper static library.
==== xz ====
Subpackages: liblzma5
- Use FAT LTO objects in order to provide proper static library.
--
To unsubscribe, e-mail: opensuse-kubic+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-kubic+owner(a)opensuse.org
1
0