December 2020 - openSUSE Kubic - openSUSE Mailing Lists

New ARM MicroOS snapshot 20201201 released!
by Guillaume Gardet 03 Dec '20

03 Dec '20

Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=microos&groupid=3&version… https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: kernel-source (5.9.10 -> 5.9.11) lvm2 lvm2-device-mapper zeromq (4.3.2 -> 4.3.3) === Details === ==== kernel-source ==== Version update (5.9.10 -> 5.9.11) - spi: bcm2835aux: Restore err assignment in bcm2835aux_spi_probe (git-fixes). - commit 91426ef - Linux 5.9.11 (bsc#1012628). - ah6: fix error return code in ah6_input() (bsc#1012628). - atm: nicstar: Unmap DMA on send error (bsc#1012628). - bnxt_en: read EEPROM A2h address using page 0 (bsc#1012628). - devlink: Add missing genlmsg_cancel() in devlink_nl_sb_port_pool_fill() (bsc#1012628). - enetc: Workaround for MDIO register access issue (bsc#1012628). - Exempt multicast addresses from five-second neighbor lifetime (bsc#1012628). - inet_diag: Fix error path to cancel the meseage in inet_req_diag_fill() (bsc#1012628). - ipv6: Fix error path to cancel the meseage (bsc#1012628). - lan743x: fix issue causing intermittent kernel log warnings (bsc#1012628). - lan743x: prevent entire kernel HANG on open, for some platforms (bsc#1012628). - mlxsw: core: Use variable timeout for EMAD retries (bsc#1012628). - net: b44: fix error return code in b44_init_one() (bsc#1012628). - net: bridge: add missing counters to ndo_get_stats64 callback (bsc#1012628). - netdevsim: set .owner to THIS_MODULE (bsc#1012628). - net: dsa: mv88e6xxx: Avoid VTU corruption on 6097 (bsc#1012628). - net: ethernet: mtk-star-emac: fix error return code in mtk_star_enable() (bsc#1012628). - net: ethernet: mtk-star-emac: return ok when xmit drops (bsc#1012628). - net: ethernet: ti: am65-cpts: update ret when ptp_clock is ERROR (bsc#1012628). - net: ethernet: ti: cpsw: fix cpts irq after suspend (bsc#1012628). - net: ethernet: ti: cpsw: fix error return code in cpsw_probe() (bsc#1012628). - net: ftgmac100: Fix crash when removing driver (bsc#1012628). - net: Have netpoll bring-up DSA management interface (bsc#1012628). - net: ipa: lock when freeing transaction (bsc#1012628). - netlabel: fix our progress tracking in netlbl_unlabel_staticlist() (bsc#1012628). - netlabel: fix an uninitialized warning in netlbl_unlabel_staticlist() (bsc#1012628). - net: lantiq: Wait for the GPHY firmware to be ready (bsc#1012628). - net/mlx4_core: Fix init_hca fields offset (bsc#1012628). - net/mlx5e: Fix refcount leak on kTLS RX resync (bsc#1012628). - net/ncsi: Fix netlink registration (bsc#1012628). - net: phy: mscc: remove non-MACSec compatible phy (bsc#1012628). - net: qualcomm: rmnet: Fix incorrect receive packet handling during cleanup (bsc#1012628). - net/smc: fix direct access to ib_gid_addr->ndev in smc_ib_determine_gid() (bsc#1012628). - net: stmmac: Use rtnl_lock/unlock on netif_set_real_num_rx_queues() call (bsc#1012628). - net/tls: fix corrupted data in recvmsg (bsc#1012628). - net: x25: Increase refcnt of "struct x25_neigh" in x25_rx_call_request (bsc#1012628). - page_frag: Recover from memory pressure (bsc#1012628). - qed: fix error return code in qed_iwarp_ll2_start() (bsc#1012628). - qed: fix ILT configuration of SRC block (bsc#1012628). - qlcnic: fix error return code in qlcnic_83xx_restart_hw() (bsc#1012628). - sctp: change to hold/put transport for proto_unreach_timer (bsc#1012628). - tcp: only postpone PROBE_RTT if RTT is < current min_rtt estimate (bsc#1012628). - vsock: forward all packets to the host when no H2G is registered (bsc#1012628). - net/mlx5e: Fix check if netdev is bond slave (bsc#1012628). - net/mlx5: Add handling of port type in rule deletion (bsc#1012628). - net/mlx5: Clear bw_share upon VF disable (bsc#1012628). - net/mlx5: Disable QoS when min_rates on all VFs are zero (bsc#1012628). - PM: runtime: Add pm_runtime_resume_and_get to deal with usage counter (bsc#1012628). - net: fec: Fix reference count leak in fec series ops (bsc#1012628). - bnxt_en: Fix counter overflow logic (bsc#1012628). - bnxt_en: Free port stats during firmware reset (bsc#1012628). - net: mvneta: fix possible memory leak in mvneta_swbm_add_rx_fragment (bsc#1012628). - net/tls: Fix wrong record sn in async mode of device resync (bsc#1012628). - net: usb: qmi_wwan: Set DTR quirk for MR400 (bsc#1012628). - Revert "Revert "gpio: omap: Fix lost edge wake-up interrupts"" (bsc#1012628). - tools, bpftool: Avoid array index warnings (bsc#1012628). - habanalabs/gaudi: mask WDT error in QMAN (bsc#1012628). - pinctrl: rockchip: enable gpio pclk for rockchip_gpio_to_irq (bsc#1012628). - scsi: ufs: Fix unbalanced scsi_block_reqs_cnt caused by ufshcd_hold() (bsc#1012628). - scsi: ufs: Try to save power mode change and UIC cmd completion timeout (bsc#1012628). - pinctrl: mcp23s08: Print error message when regmap init fails (bsc#1012628). - selftests: kvm: Fix the segment descriptor layout to match the actual layout (bsc#1012628). - ACPI: button: Add DMI quirk for Medion Akoya E2228T (bsc#1012628). - arm64: errata: Fix handling of 1418040 with late CPU onlining (bsc#1012628). - arm64: psci: Avoid printing in cpu_psci_cpu_die() (bsc#1012628). - arm64: smp: Tell RCU about CPUs that fail to come online (bsc#1012628). - um: Call pgtable_pmd_page_dtor() in __pmd_free_tlb() (bsc#1012628). - vfs: remove lockdep bogosity in __sb_start_write (bsc#1012628). - gfs2: fix possible reference leak in gfs2_check_blk_type (bsc#1012628). - hwmon: (pwm-fan) Fix RPM calculation (bsc#1012628). - gfs2: Fix case in which ail writes are done to jdata holes (bsc#1012628). - arm64: Add MIDR value for KRYO2XX gold/silver CPU cores (bsc#1012628). - arm64: kpti: Add KRYO2XX gold/silver CPU cores to kpti safelist (bsc#1012628). - arm64: cpu_errata: Apply Erratum 845719 to KRYO2XX Silver (bsc#1012628). - usb: dwc2: Avoid leaving the error_debugfs label unused (bsc#1012628). - arm64: dts: allwinner: beelink-gs1: Enable both RGMII RX/TX delay (bsc#1012628). - arm64: dts: allwinner: Pine H64: Enable both RGMII RX/TX delay (bsc#1012628). - arm64: dts: allwinner: a64: OrangePi Win: Fix ethernet node (bsc#1012628). - arm64: dts: allwinner: a64: Pine64 Plus: Fix ethernet node (bsc#1012628). - arm64: dts: allwinner: h5: OrangePi PC2: Fix ethernet node (bsc#1012628). - ARM: dts: sun8i: r40: bananapi-m2-ultra: Fix ethernet node (bsc#1012628). - Revert "arm: sun8i: orangepi-pc-plus: Set EMAC activity LEDs to active high" (bsc#1012628). - ARM: dts: sun6i: a31-hummingbird: Enable RGMII RX/TX delay on Ethernet PHY (bsc#1012628). - ARM: dts: sun7i: cubietruck: Enable RGMII RX/TX delay on Ethernet PHY (bsc#1012628). - ARM: dts: sun7i: bananapi-m1-plus: Enable RGMII RX/TX delay on Ethernet PHY (bsc#1012628). - ARM: dts: sun8i: h3: orangepi-plus2e: Enable RGMII RX/TX delay on Ethernet PHY (bsc#1012628). - ARM: dts: sun8i: a83t: Enable both RGMII RX/TX delay on Ethernet PHY (bsc#1012628). - ARM: dts: sun9i: Enable both RGMII RX/TX delay on Ethernet PHY (bsc#1012628). - ARM: dts: sunxi: bananapi-m2-plus: Enable RGMII RX/TX delay on Ethernet PHY (bsc#1012628). - arm64: dts: allwinner: h5: libretech-all-h5-cc: Enable RGMII RX/TX delay on PHY (bsc#1012628). - arm64: dts: allwinner: a64: bananapi-m64: Enable RGMII RX/TX delay on PHY (bsc#1012628). - Input: adxl34x - clean up a data type in adxl34x_probe() (bsc#1012628). - MIPS: export has_transparent_hugepage() for modules (bsc#1012628). - dmaengine: idxd: fix wq config registers offset programming (bsc#1012628). - arm64: dts: allwinner: h5: OrangePi Prime: Fix ethernet node (bsc#1012628). - arm64: dts: fsl: fix endianness issue of rcpm (bsc#1012628). - arm64: dts: imx8mm-beacon-som: Fix Choppy BT audio (bsc#1012628). - arm64: dts imx8mn: Remove non-existent USB OTG2 (bsc#1012628). - arm: dts: imx6qdl-udoo: fix rgmii phy-mode for ksz9031 phy (bsc#1012628). - ARM: dts: vf610-zii-dev-rev-b: Fix MDIO over clocking (bsc#1012628). - ARM: dts: imx6q-prti6q: fix PHY address (bsc#1012628). - swiotlb: using SIZE_MAX needs limits.h included (bsc#1012628). - tee: amdtee: fix memory leak due to reset of global shm list (bsc#1012628). - tee: amdtee: synchronize access to shm list (bsc#1012628). - dmaengine: xilinx_dma: Fix usage of xilinx_aximcdma_tx_segment (bsc#1012628). - dmaengine: xilinx_dma: Fix SG capability check for MCDMA (bsc#1012628). - ARM: dts: stm32: Fix TA3-GPIO-C key on STM32MP1 DHCOM PDK2 (bsc#1012628). - ARM: dts: stm32: Fix LED5 on STM32MP1 DHCOM PDK2 (bsc#1012628). - ARM: dts: stm32: Define VIO regulator supply on DHCOM (bsc#1012628). - ARM: dts: stm32: Enable thermal sensor support on stm32mp15xx-dhcor (bsc#1012628). - ARM: dts: stm32: Keep VDDA LDO1 always on on DHCOM (bsc#1012628). - arm64: dts: imx8mm: fix voltage for 1.6GHz CPU operating point (bsc#1012628). - ARM: dts: imx50-evk: Fix the chip select 1 IOMUX (bsc#1012628). - dmaengine: ti: omap-dma: Block PM if SDMA is busy to fix audio (bsc#1012628). - kunit: tool: unmark test_data as binary blobs (bsc#1012628). - rcu: Don't invoke try_invoke_on_locked_down_task() with irqs disabled (bsc#1012628). - spi: fix client driver breakages when using GPIO descriptors (bsc#1012628). - Input: resistive-adc-touch - fix kconfig dependency on IIO_BUFFER (bsc#1012628). - Input: elan_i2c - fix firmware update on newer ICs (bsc#1012628). - rfkill: Fix use-after-free in rfkill_resume() (bsc#1012628). - RDMA/pvrdma: Fix missing kfree() in pvrdma_register_device() (bsc#1012628). - RMDA/sw: Don't allow drivers using dma_virt_ops on highmem configs (bsc#1012628). - perf lock: Correct field name "flags" (bsc#1012628). - perf lock: Don't free "lock_seq_stat" if read_count isn't zero (bsc#1012628). - SUNRPC: Fix oops in the rpc_xdr_buf event class (bsc#1012628). - drm: bridge: dw-hdmi: Avoid resetting force in the detect function (bsc#1012628). - tools, bpftool: Add missing close before bpftool net attach exit (bsc#1012628). - IB/hfi1: Fix error return code in hfi1_init_dd() (bsc#1012628). - ip_tunnels: Set tunnel option flag when tunnel metadata is present (bsc#1012628). - can: af_can: prevent potential access of uninitialized member in can_rcv() (bsc#1012628). - can: af_can: prevent potential access of uninitialized member in canfd_rcv() (bsc#1012628). - can: dev: can_restart(): post buffer from the right context (bsc#1012628). - can: ti_hecc: Fix memleak in ti_hecc_probe (bsc#1012628). - can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb() (bsc#1012628). - can: peak_usb: fix potential integer overflow on shift of a int (bsc#1012628). - can: flexcan: fix failure handling of pm_runtime_get_sync() (bsc#1012628). - can: tcan4x5x: replace depends on REGMAP_SPI with depends on SPI (bsc#1012628). - can: tcan4x5x: tcan4x5x_can_probe(): add missing error checking for devm_regmap_init() (bsc#1012628). - can: tcan4x5x: tcan4x5x_can_remove(): fix order of deregistration (bsc#1012628). - can: m_can: m_can_handle_state_change(): fix state change (bsc#1012628). - can: m_can: m_can_class_free_dev(): introduce new function (bsc#1012628). - can: m_can: Fix freeing of can device from peripherials (bsc#1012628). - can: m_can: m_can_stop(): set device to software init mode before closing (bsc#1012628). - dmaengine: idxd: fix mapping of portal size (bsc#1012628). - ASoC: Intel: KMB: Fix S24_LE configuration (bsc#1012628). - ASoC: qcom: lpass-platform: Fix memory leak (bsc#1012628). - spi: cadence-quadspi: Fix error return code in cqspi_probe (bsc#1012628). - selftests/bpf: Fix error return code in run_getsockopt_test() (bsc#1012628). - MIPS: Alchemy: Fix memleak in alchemy_clk_setup_cpu (bsc#1012628). - drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind() (bsc#1012628). - net/mlx5: E-Switch, Fail mlx5_esw_modify_vport_rate if qos disabled (bsc#1012628). - bpf, sockmap: Fix partial copy_page_to_iter so progress can still be made (bsc#1012628). - bpf, sockmap: Ensure SO_RCVBUF memory is observed on ingress redirect (bsc#1012628). - can: kvaser_pciefd: Fix KCAN bittiming limits (bsc#1012628). - can: kvaser_usb: kvaser_usb_hydra: Fix KCAN bittiming limits (bsc#1012628). - dmaengine: fix error codes in channel_register() (bsc#1012628). - iommu/vt-d: Move intel_iommu_gfx_mapped to Intel IOMMU header (bsc#1012628). - iommu/vt-d: Avoid panic if iommu init fails in tboot system (bsc#1012628). - can: flexcan: flexcan_chip_start(): fix erroneous flexcan_transceiver_enable() during bus-off recovery (bsc#1012628). - can: m_can: process interrupt only when not runtime suspended (bsc#1012628). - xfs: fix the minrecs logic when dealing with inode root child blocks (bsc#1012628). - xfs: strengthen rmap record flags checking (bsc#1012628). - xfs: directory scrub should check the null bestfree entries too (bsc#1012628). - xfs: ensure inobt record walks always make forward progress (bsc#1012628). - xfs: return corresponding errcode if xfs_initialize_perag() fail (bsc#1012628). - ASOC: Intel: kbl_rt5663_rt5514_max98927: Do not try to disable disabled clock (bsc#1012628). - regulator: ti-abb: Fix array out of bound read access on the first transition (bsc#1012628). - libbpf: Fix VERSIONED_SYM_COUNT number parsing (bsc#1012628). - lib/strncpy_from_user.c: Mask out bytes after NUL terminator (bsc#1012628). - fail_function: Remove a redundant mutex unlock (bsc#1012628). - xfs: revert "xfs: fix rmap key and record comparison functions" (bsc#1012628). - selftests/seccomp: powerpc: Fix typo in macro variable name (bsc#1012628). - selftests/seccomp: sh: Fix register names (bsc#1012628). - bpf, sockmap: Skb verdict SK_PASS to self already checked rmem limits (bsc#1012628). - bpf, sockmap: On receive programs try to fast track SK_PASS ingress (bsc#1012628). - bpf, sockmap: Use truesize with sk_rmem_schedule() (bsc#1012628). - bpf, sockmap: Avoid returning unneeded EAGAIN when redirecting to self (bsc#1012628). - efi/arm: set HSCTLR Thumb2 bit correctly for HVC calls from HYP (bsc#1012628). - counter/ti-eqep: Fix regmap max_register (bsc#1012628). - efi/x86: Free efi_pgd with free_pages() (bsc#1012628). - sched/fair: Fix overutilized update in enqueue_task_fair() (bsc#1012628). - sched: Fix data-race in wakeup (bsc#1012628). - sched: Fix rq->nr_iowait ordering (bsc#1012628). - libfs: fix error cast of negative value in simple_attr_write() (bsc#1012628). - afs: Fix speculative status fetch going out of order wrt to modifications (bsc#1012628). - HID: logitech-hidpp: Add PID for MX Anywhere 2 (bsc#1012628). - HID: mcp2221: Fix GPIO output handling (bsc#1012628). - HID: logitech-dj: Handle quad/bluetooth keyboards with a builtin trackpad (bsc#1012628). - HID: logitech-dj: Fix Dinovo Mini when paired with a MX5x00 receiver (bsc#1012628). - speakup: Do not let the line discipline be used several times (bsc#1012628). - ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() (bsc#1012628). - ALSA: usb-audio: Add delay quirk for all Logitech USB devices (bsc#1012628). - ALSA: ctl: fix error path at adding user-defined element set (bsc#1012628). - ALSA: mixart: Fix mutex deadlock (bsc#1012628). - ALSA: hda/realtek - Add supported for Lenovo ThinkPad Headset Button (bsc#1012628). - ALSA: hda/realtek - Add supported mute Led for HP (bsc#1012628). - ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220) (bsc#1012628). - ALSA: hda/realtek - HP Headset Mic can't detect after boot (bsc#1012628). - tty: serial: imx: fix potential deadlock (bsc#1012628). - tty: serial: imx: keep console clocks always on (bsc#1012628). - HID: logitech-dj: Fix an error in mse_bluetooth_descriptor (bsc#1012628). - efivarfs: fix memory leak in efivarfs_create() (bsc#1012628). - staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (bsc#1012628). - staging: mt7621-pci: avoid to request pci bus resources (bsc#1012628). - iio: light: fix kconfig dependency bug for VCNL4035 (bsc#1012628). - ext4: fix bogus warning in ext4_update_dx_flag() (bsc#1012628). - xfs: fix forkoff miscalculation related to XFS_LITINO(mp) (bsc#1012628). - ACPI: fan: Initialize performance state sysfs attribute (bsc#1012628). - iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum (bsc#1012628). - iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (bsc#1012628). - iio: adc: mediatek: fix unset field (bsc#1012628). - iio: cros_ec: Use default frequencies when EC returns invalid information (bsc#1012628). - iio: imu: st_lsm6dsx: set 10ms as min shub slave timeout (bsc#1012628). - iio/adc: ingenic: Fix AUX/VBAT readings when touchscreen is used (bsc#1012628). - iio/adc: ingenic: Fix battery VREF for JZ4770 SoC (bsc#1012628). - iio: adc: stm32-adc: fix a regression when using dma and irq (bsc#1012628). - serial: ar933x_uart: disable clk on error handling path in probe (bsc#1012628). - arm64: dts: agilex/stratix10: Fix qspi node compatible (bsc#1012628). - spi: lpspi: Fix use-after-free on unbind (bsc#1012628). - spi: Introduce device-managed SPI controller allocation (bsc#1012628). - spi: npcm-fiu: Don't leak SPI master in probe error path (bsc#1012628). - spi: bcm2835aux: Fix use-after-free on unbind (bsc#1012628). - regulator: pfuze100: limit pfuze-support-disable-sw to pfuze{100,200} (bsc#1012628). - regulator: fix memory leak with repeated set_machine_constraints() (bsc#1012628). - regulator: avoid resolve_supply() infinite recursion (bsc#1012628). - regulator: workaround self-referent regulators (bsc#1012628). - gfs2: Fix regression in freeze_go_sync (bsc#1012628). - xtensa: fix TLBTEMP area placement (bsc#1012628). - xtensa: disable preemption around cache alias management calls (bsc#1012628). - mac80211: minstrel: remove deferred sampling code (bsc#1012628). - mac80211: minstrel: fix tx status processing corner case (bsc#1012628). - s390: fix system call exit path (bsc#1012628). - s390/cpum_sf.c: fix file permission for cpum_sfb_size (bsc#1012628). - s390/dasd: fix null pointer dereference for ERP requests (bsc#1012628). - Drivers: hv: vmbus: Allow cleanup of VMBUS_CONNECT_CPU if disconnected (bsc#1012628). - drm/amd/display: Add missing pflip irq for dcn2.0 (bsc#1012628). - drm/i915: Handle max_bpc==16 (bsc#1012628). - drm/i915/tgl: Fix Media power gate sequence (bsc#1012628). - io_uring: don't double complete failed reissue request (bsc#1012628). - mmc: sdhci-pci: Prefer SDR25 timing for High Speed mode for BYT-based Intel controllers (bsc#1012628). - mmc: sdhci-of-arasan: Allow configuring zero tap values (bsc#1012628). - mmc: sdhci-of-arasan: Use Mask writes for Tap delays (bsc#1012628). - mmc: sdhci-of-arasan: Issue DLL reset explicitly (bsc#1012628). - blk-cgroup: fix a hd_struct leak in blkcg_fill_root_iostats (bsc#1012628). - ptrace: Set PF_SUPERPRIV when checking capability (bsc#1012628). - seccomp: Set PF_SUPERPRIV when checking capability (bsc#1012628). - fanotify: fix logic of reporting name info with watched parent (bsc#1012628). - x86/microcode/intel: Check patch signature before saving microcode for early loading (bsc#1012628). - mm: never attempt async page lock if we've transferred data already (bsc#1012628). - mm: fix readahead_page_batch for retry entries (bsc#1012628). - mm: memcg/slab: fix root memcg vmstats (bsc#1012628). - mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault() (bsc#1012628). - Update config files. - commit 1b55838 - Update config files (bsc#1179102). Set AMIGA_PARTITION=y wherever AFFS_FS=m. The AMIGA_PARTITION's Kconfig help suggests: default y if (AMIGA || AFFS_FS=y). And we enable Amiga FS in some configs, but don't enable support for Amiga partitions. That is a bit pointless. So fix this. - commit cc720a5 ==== lvm2 ==== Subpackages: liblvm2cmd2_03 - Update lvm2.spec file (bsc#1177533) - in %postun, disable restart blk-availability.service & lvm2-monitor.service ==== lvm2-device-mapper ==== Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03 - Update lvm2.spec file (bsc#1177533) - in %postun, disable restart blk-availability.service & lvm2-monitor.service ==== zeromq ==== Version update (4.3.2 -> 4.3.3) - New upstream version 4.3.3: * Denial-of-Service on CURVE/ZAP-protected servers by unauthenticated clients. (CVE-2020-15166, bsc#1176116) If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able to exchange any message. Handshakes complete successfully, and messages are delivered to the library, but the server application never receives them. For more information see the security advisory: https://github.com/zeromq/libzmq/security/advisories/GHSA-25wp-cf8g-938m * Stack overflow on server running PUB/XPUB socket (CURVE disabled). The PUB/XPUB subscription store (mtrie) is traversed using recursive function calls. In the remove (unsubscription) case, the recursive calls are NOT tail calls, so even with optimizations the stack grows linearly with the length of a subscription topic. Topics are under the control of remote clients - they can send a subscription to arbitrary length topics. An attacker can thus cause a server to create an mtrie sufficiently large such that, when unsubscribing, traversal will cause a stack overflow. (bsc#1176258) For more information see the security advisory: https://github.com/zeromq/libzmq/security/advisories/GHSA-qq65-x72m-9wr8 * Memory leak in PUB server induced by malicious client(s) without CURVE/ZAP. Messages with metadata are never processed by PUB sockets, but the metadata is kept referenced in the PUB object and never freed. (bsc#1176257) For more information see the security advisory: https://github.com/zeromq/libzmq/security/advisories/GHSA-4p5v-h92w-6wxw * Memory leak in client induced by malicious server(s) without CURVE/ZAP. When a pipe processes a delimiter and is already not in active state but still has an unfinished message, the message is leaked. (bsc#1176259) For more information see the security advisory: https://github.com/zeromq/libzmq/security/advisories/GHSA-wfr2-29gj-5w87 * Heap overflow when receiving malformed ZMTP v1 packets (CURVE disabled). By crafting a packet which is not valid ZMTP v2/v3, and which has two messages larger than 8192 bytes, the decoder can be tricked into changing the recorded size of the 8192 bytes static buffer, which then gets overflown by the next message. The content that gets written in the overflown memory is entirely decided by the sender. (bsc#1176256) For more information see the security advisory: https://github.com/zeromq/libzmq/security/advisories/GHSA-fc3w-qxf5-7hp6 For complete list of changes, see https://github.com/zeromq/libzmq/releases/tag/v4.3.3

1 0

New ARM Kubic snapshot 20201201 released!
by Guillaume Gardet 03 Dec '20

03 Dec '20

Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=3&version=T… https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: kernel-source (5.9.10 -> 5.9.11) lvm2 lvm2-device-mapper python-pyzmq (19.0.2 -> 20.0.0) zeromq (4.3.2 -> 4.3.3) === Details === ==== kernel-source ==== Version update (5.9.10 -> 5.9.11) - spi: bcm2835aux: Restore err assignment in bcm2835aux_spi_probe (git-fixes). - commit 91426ef - Linux 5.9.11 (bsc#1012628). - ah6: fix error return code in ah6_input() (bsc#1012628). - atm: nicstar: Unmap DMA on send error (bsc#1012628). - bnxt_en: read EEPROM A2h address using page 0 (bsc#1012628). - devlink: Add missing genlmsg_cancel() in devlink_nl_sb_port_pool_fill() (bsc#1012628). - enetc: Workaround for MDIO register access issue (bsc#1012628). - Exempt multicast addresses from five-second neighbor lifetime (bsc#1012628). - inet_diag: Fix error path to cancel the meseage in inet_req_diag_fill() (bsc#1012628). - ipv6: Fix error path to cancel the meseage (bsc#1012628). - lan743x: fix issue causing intermittent kernel log warnings (bsc#1012628). - lan743x: prevent entire kernel HANG on open, for some platforms (bsc#1012628). - mlxsw: core: Use variable timeout for EMAD retries (bsc#1012628). - net: b44: fix error return code in b44_init_one() (bsc#1012628). - net: bridge: add missing counters to ndo_get_stats64 callback (bsc#1012628). - netdevsim: set .owner to THIS_MODULE (bsc#1012628). - net: dsa: mv88e6xxx: Avoid VTU corruption on 6097 (bsc#1012628). - net: ethernet: mtk-star-emac: fix error return code in mtk_star_enable() (bsc#1012628). - net: ethernet: mtk-star-emac: return ok when xmit drops (bsc#1012628). - net: ethernet: ti: am65-cpts: update ret when ptp_clock is ERROR (bsc#1012628). - net: ethernet: ti: cpsw: fix cpts irq after suspend (bsc#1012628). - net: ethernet: ti: cpsw: fix error return code in cpsw_probe() (bsc#1012628). - net: ftgmac100: Fix crash when removing driver (bsc#1012628). - net: Have netpoll bring-up DSA management interface (bsc#1012628). - net: ipa: lock when freeing transaction (bsc#1012628). - netlabel: fix our progress tracking in netlbl_unlabel_staticlist() (bsc#1012628). - netlabel: fix an uninitialized warning in netlbl_unlabel_staticlist() (bsc#1012628). - net: lantiq: Wait for the GPHY firmware to be ready (bsc#1012628). - net/mlx4_core: Fix init_hca fields offset (bsc#1012628). - net/mlx5e: Fix refcount leak on kTLS RX resync (bsc#1012628). - net/ncsi: Fix netlink registration (bsc#1012628). - net: phy: mscc: remove non-MACSec compatible phy (bsc#1012628). - net: qualcomm: rmnet: Fix incorrect receive packet handling during cleanup (bsc#1012628). - net/smc: fix direct access to ib_gid_addr->ndev in smc_ib_determine_gid() (bsc#1012628). - net: stmmac: Use rtnl_lock/unlock on netif_set_real_num_rx_queues() call (bsc#1012628). - net/tls: fix corrupted data in recvmsg (bsc#1012628). - net: x25: Increase refcnt of "struct x25_neigh" in x25_rx_call_request (bsc#1012628). - page_frag: Recover from memory pressure (bsc#1012628). - qed: fix error return code in qed_iwarp_ll2_start() (bsc#1012628). - qed: fix ILT configuration of SRC block (bsc#1012628). - qlcnic: fix error return code in qlcnic_83xx_restart_hw() (bsc#1012628). - sctp: change to hold/put transport for proto_unreach_timer (bsc#1012628). - tcp: only postpone PROBE_RTT if RTT is < current min_rtt estimate (bsc#1012628). - vsock: forward all packets to the host when no H2G is registered (bsc#1012628). - net/mlx5e: Fix check if netdev is bond slave (bsc#1012628). - net/mlx5: Add handling of port type in rule deletion (bsc#1012628). - net/mlx5: Clear bw_share upon VF disable (bsc#1012628). - net/mlx5: Disable QoS when min_rates on all VFs are zero (bsc#1012628). - PM: runtime: Add pm_runtime_resume_and_get to deal with usage counter (bsc#1012628). - net: fec: Fix reference count leak in fec series ops (bsc#1012628). - bnxt_en: Fix counter overflow logic (bsc#1012628). - bnxt_en: Free port stats during firmware reset (bsc#1012628). - net: mvneta: fix possible memory leak in mvneta_swbm_add_rx_fragment (bsc#1012628). - net/tls: Fix wrong record sn in async mode of device resync (bsc#1012628). - net: usb: qmi_wwan: Set DTR quirk for MR400 (bsc#1012628). - Revert "Revert "gpio: omap: Fix lost edge wake-up interrupts"" (bsc#1012628). - tools, bpftool: Avoid array index warnings (bsc#1012628). - habanalabs/gaudi: mask WDT error in QMAN (bsc#1012628). - pinctrl: rockchip: enable gpio pclk for rockchip_gpio_to_irq (bsc#1012628). - scsi: ufs: Fix unbalanced scsi_block_reqs_cnt caused by ufshcd_hold() (bsc#1012628). - scsi: ufs: Try to save power mode change and UIC cmd completion timeout (bsc#1012628). - pinctrl: mcp23s08: Print error message when regmap init fails (bsc#1012628). - selftests: kvm: Fix the segment descriptor layout to match the actual layout (bsc#1012628). - ACPI: button: Add DMI quirk for Medion Akoya E2228T (bsc#1012628). - arm64: errata: Fix handling of 1418040 with late CPU onlining (bsc#1012628). - arm64: psci: Avoid printing in cpu_psci_cpu_die() (bsc#1012628). - arm64: smp: Tell RCU about CPUs that fail to come online (bsc#1012628). - um: Call pgtable_pmd_page_dtor() in __pmd_free_tlb() (bsc#1012628). - vfs: remove lockdep bogosity in __sb_start_write (bsc#1012628). - gfs2: fix possible reference leak in gfs2_check_blk_type (bsc#1012628). - hwmon: (pwm-fan) Fix RPM calculation (bsc#1012628). - gfs2: Fix case in which ail writes are done to jdata holes (bsc#1012628). - arm64: Add MIDR value for KRYO2XX gold/silver CPU cores (bsc#1012628). - arm64: kpti: Add KRYO2XX gold/silver CPU cores to kpti safelist (bsc#1012628). - arm64: cpu_errata: Apply Erratum 845719 to KRYO2XX Silver (bsc#1012628). - usb: dwc2: Avoid leaving the error_debugfs label unused (bsc#1012628). - arm64: dts: allwinner: beelink-gs1: Enable both RGMII RX/TX delay (bsc#1012628). - arm64: dts: allwinner: Pine H64: Enable both RGMII RX/TX delay (bsc#1012628). - arm64: dts: allwinner: a64: OrangePi Win: Fix ethernet node (bsc#1012628). - arm64: dts: allwinner: a64: Pine64 Plus: Fix ethernet node (bsc#1012628). - arm64: dts: allwinner: h5: OrangePi PC2: Fix ethernet node (bsc#1012628). - ARM: dts: sun8i: r40: bananapi-m2-ultra: Fix ethernet node (bsc#1012628). - Revert "arm: sun8i: orangepi-pc-plus: Set EMAC activity LEDs to active high" (bsc#1012628). - ARM: dts: sun6i: a31-hummingbird: Enable RGMII RX/TX delay on Ethernet PHY (bsc#1012628). - ARM: dts: sun7i: cubietruck: Enable RGMII RX/TX delay on Ethernet PHY (bsc#1012628). - ARM: dts: sun7i: bananapi-m1-plus: Enable RGMII RX/TX delay on Ethernet PHY (bsc#1012628). - ARM: dts: sun8i: h3: orangepi-plus2e: Enable RGMII RX/TX delay on Ethernet PHY (bsc#1012628). - ARM: dts: sun8i: a83t: Enable both RGMII RX/TX delay on Ethernet PHY (bsc#1012628). - ARM: dts: sun9i: Enable both RGMII RX/TX delay on Ethernet PHY (bsc#1012628). - ARM: dts: sunxi: bananapi-m2-plus: Enable RGMII RX/TX delay on Ethernet PHY (bsc#1012628). - arm64: dts: allwinner: h5: libretech-all-h5-cc: Enable RGMII RX/TX delay on PHY (bsc#1012628). - arm64: dts: allwinner: a64: bananapi-m64: Enable RGMII RX/TX delay on PHY (bsc#1012628). - Input: adxl34x - clean up a data type in adxl34x_probe() (bsc#1012628). - MIPS: export has_transparent_hugepage() for modules (bsc#1012628). - dmaengine: idxd: fix wq config registers offset programming (bsc#1012628). - arm64: dts: allwinner: h5: OrangePi Prime: Fix ethernet node (bsc#1012628). - arm64: dts: fsl: fix endianness issue of rcpm (bsc#1012628). - arm64: dts: imx8mm-beacon-som: Fix Choppy BT audio (bsc#1012628). - arm64: dts imx8mn: Remove non-existent USB OTG2 (bsc#1012628). - arm: dts: imx6qdl-udoo: fix rgmii phy-mode for ksz9031 phy (bsc#1012628). - ARM: dts: vf610-zii-dev-rev-b: Fix MDIO over clocking (bsc#1012628). - ARM: dts: imx6q-prti6q: fix PHY address (bsc#1012628). - swiotlb: using SIZE_MAX needs limits.h included (bsc#1012628). - tee: amdtee: fix memory leak due to reset of global shm list (bsc#1012628). - tee: amdtee: synchronize access to shm list (bsc#1012628). - dmaengine: xilinx_dma: Fix usage of xilinx_aximcdma_tx_segment (bsc#1012628). - dmaengine: xilinx_dma: Fix SG capability check for MCDMA (bsc#1012628). - ARM: dts: stm32: Fix TA3-GPIO-C key on STM32MP1 DHCOM PDK2 (bsc#1012628). - ARM: dts: stm32: Fix LED5 on STM32MP1 DHCOM PDK2 (bsc#1012628). - ARM: dts: stm32: Define VIO regulator supply on DHCOM (bsc#1012628). - ARM: dts: stm32: Enable thermal sensor support on stm32mp15xx-dhcor (bsc#1012628). - ARM: dts: stm32: Keep VDDA LDO1 always on on DHCOM (bsc#1012628). - arm64: dts: imx8mm: fix voltage for 1.6GHz CPU operating point (bsc#1012628). - ARM: dts: imx50-evk: Fix the chip select 1 IOMUX (bsc#1012628). - dmaengine: ti: omap-dma: Block PM if SDMA is busy to fix audio (bsc#1012628). - kunit: tool: unmark test_data as binary blobs (bsc#1012628). - rcu: Don't invoke try_invoke_on_locked_down_task() with irqs disabled (bsc#1012628). - spi: fix client driver breakages when using GPIO descriptors (bsc#1012628). - Input: resistive-adc-touch - fix kconfig dependency on IIO_BUFFER (bsc#1012628). - Input: elan_i2c - fix firmware update on newer ICs (bsc#1012628). - rfkill: Fix use-after-free in rfkill_resume() (bsc#1012628). - RDMA/pvrdma: Fix missing kfree() in pvrdma_register_device() (bsc#1012628). - RMDA/sw: Don't allow drivers using dma_virt_ops on highmem configs (bsc#1012628). - perf lock: Correct field name "flags" (bsc#1012628). - perf lock: Don't free "lock_seq_stat" if read_count isn't zero (bsc#1012628). - SUNRPC: Fix oops in the rpc_xdr_buf event class (bsc#1012628). - drm: bridge: dw-hdmi: Avoid resetting force in the detect function (bsc#1012628). - tools, bpftool: Add missing close before bpftool net attach exit (bsc#1012628). - IB/hfi1: Fix error return code in hfi1_init_dd() (bsc#1012628). - ip_tunnels: Set tunnel option flag when tunnel metadata is present (bsc#1012628). - can: af_can: prevent potential access of uninitialized member in can_rcv() (bsc#1012628). - can: af_can: prevent potential access of uninitialized member in canfd_rcv() (bsc#1012628). - can: dev: can_restart(): post buffer from the right context (bsc#1012628). - can: ti_hecc: Fix memleak in ti_hecc_probe (bsc#1012628). - can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb() (bsc#1012628). - can: peak_usb: fix potential integer overflow on shift of a int (bsc#1012628). - can: flexcan: fix failure handling of pm_runtime_get_sync() (bsc#1012628). - can: tcan4x5x: replace depends on REGMAP_SPI with depends on SPI (bsc#1012628). - can: tcan4x5x: tcan4x5x_can_probe(): add missing error checking for devm_regmap_init() (bsc#1012628). - can: tcan4x5x: tcan4x5x_can_remove(): fix order of deregistration (bsc#1012628). - can: m_can: m_can_handle_state_change(): fix state change (bsc#1012628). - can: m_can: m_can_class_free_dev(): introduce new function (bsc#1012628). - can: m_can: Fix freeing of can device from peripherials (bsc#1012628). - can: m_can: m_can_stop(): set device to software init mode before closing (bsc#1012628). - dmaengine: idxd: fix mapping of portal size (bsc#1012628). - ASoC: Intel: KMB: Fix S24_LE configuration (bsc#1012628). - ASoC: qcom: lpass-platform: Fix memory leak (bsc#1012628). - spi: cadence-quadspi: Fix error return code in cqspi_probe (bsc#1012628). - selftests/bpf: Fix error return code in run_getsockopt_test() (bsc#1012628). - MIPS: Alchemy: Fix memleak in alchemy_clk_setup_cpu (bsc#1012628). - drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind() (bsc#1012628). - net/mlx5: E-Switch, Fail mlx5_esw_modify_vport_rate if qos disabled (bsc#1012628). - bpf, sockmap: Fix partial copy_page_to_iter so progress can still be made (bsc#1012628). - bpf, sockmap: Ensure SO_RCVBUF memory is observed on ingress redirect (bsc#1012628). - can: kvaser_pciefd: Fix KCAN bittiming limits (bsc#1012628). - can: kvaser_usb: kvaser_usb_hydra: Fix KCAN bittiming limits (bsc#1012628). - dmaengine: fix error codes in channel_register() (bsc#1012628). - iommu/vt-d: Move intel_iommu_gfx_mapped to Intel IOMMU header (bsc#1012628). - iommu/vt-d: Avoid panic if iommu init fails in tboot system (bsc#1012628). - can: flexcan: flexcan_chip_start(): fix erroneous flexcan_transceiver_enable() during bus-off recovery (bsc#1012628). - can: m_can: process interrupt only when not runtime suspended (bsc#1012628). - xfs: fix the minrecs logic when dealing with inode root child blocks (bsc#1012628). - xfs: strengthen rmap record flags checking (bsc#1012628). - xfs: directory scrub should check the null bestfree entries too (bsc#1012628). - xfs: ensure inobt record walks always make forward progress (bsc#1012628). - xfs: return corresponding errcode if xfs_initialize_perag() fail (bsc#1012628). - ASOC: Intel: kbl_rt5663_rt5514_max98927: Do not try to disable disabled clock (bsc#1012628). - regulator: ti-abb: Fix array out of bound read access on the first transition (bsc#1012628). - libbpf: Fix VERSIONED_SYM_COUNT number parsing (bsc#1012628). - lib/strncpy_from_user.c: Mask out bytes after NUL terminator (bsc#1012628). - fail_function: Remove a redundant mutex unlock (bsc#1012628). - xfs: revert "xfs: fix rmap key and record comparison functions" (bsc#1012628). - selftests/seccomp: powerpc: Fix typo in macro variable name (bsc#1012628). - selftests/seccomp: sh: Fix register names (bsc#1012628). - bpf, sockmap: Skb verdict SK_PASS to self already checked rmem limits (bsc#1012628). - bpf, sockmap: On receive programs try to fast track SK_PASS ingress (bsc#1012628). - bpf, sockmap: Use truesize with sk_rmem_schedule() (bsc#1012628). - bpf, sockmap: Avoid returning unneeded EAGAIN when redirecting to self (bsc#1012628). - efi/arm: set HSCTLR Thumb2 bit correctly for HVC calls from HYP (bsc#1012628). - counter/ti-eqep: Fix regmap max_register (bsc#1012628). - efi/x86: Free efi_pgd with free_pages() (bsc#1012628). - sched/fair: Fix overutilized update in enqueue_task_fair() (bsc#1012628). - sched: Fix data-race in wakeup (bsc#1012628). - sched: Fix rq->nr_iowait ordering (bsc#1012628). - libfs: fix error cast of negative value in simple_attr_write() (bsc#1012628). - afs: Fix speculative status fetch going out of order wrt to modifications (bsc#1012628). - HID: logitech-hidpp: Add PID for MX Anywhere 2 (bsc#1012628). - HID: mcp2221: Fix GPIO output handling (bsc#1012628). - HID: logitech-dj: Handle quad/bluetooth keyboards with a builtin trackpad (bsc#1012628). - HID: logitech-dj: Fix Dinovo Mini when paired with a MX5x00 receiver (bsc#1012628). - speakup: Do not let the line discipline be used several times (bsc#1012628). - ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() (bsc#1012628). - ALSA: usb-audio: Add delay quirk for all Logitech USB devices (bsc#1012628). - ALSA: ctl: fix error path at adding user-defined element set (bsc#1012628). - ALSA: mixart: Fix mutex deadlock (bsc#1012628). - ALSA: hda/realtek - Add supported for Lenovo ThinkPad Headset Button (bsc#1012628). - ALSA: hda/realtek - Add supported mute Led for HP (bsc#1012628). - ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220) (bsc#1012628). - ALSA: hda/realtek - HP Headset Mic can't detect after boot (bsc#1012628). - tty: serial: imx: fix potential deadlock (bsc#1012628). - tty: serial: imx: keep console clocks always on (bsc#1012628). - HID: logitech-dj: Fix an error in mse_bluetooth_descriptor (bsc#1012628). - efivarfs: fix memory leak in efivarfs_create() (bsc#1012628). - staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (bsc#1012628). - staging: mt7621-pci: avoid to request pci bus resources (bsc#1012628). - iio: light: fix kconfig dependency bug for VCNL4035 (bsc#1012628). - ext4: fix bogus warning in ext4_update_dx_flag() (bsc#1012628). - xfs: fix forkoff miscalculation related to XFS_LITINO(mp) (bsc#1012628). - ACPI: fan: Initialize performance state sysfs attribute (bsc#1012628). - iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum (bsc#1012628). - iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (bsc#1012628). - iio: adc: mediatek: fix unset field (bsc#1012628). - iio: cros_ec: Use default frequencies when EC returns invalid information (bsc#1012628). - iio: imu: st_lsm6dsx: set 10ms as min shub slave timeout (bsc#1012628). - iio/adc: ingenic: Fix AUX/VBAT readings when touchscreen is used (bsc#1012628). - iio/adc: ingenic: Fix battery VREF for JZ4770 SoC (bsc#1012628). - iio: adc: stm32-adc: fix a regression when using dma and irq (bsc#1012628). - serial: ar933x_uart: disable clk on error handling path in probe (bsc#1012628). - arm64: dts: agilex/stratix10: Fix qspi node compatible (bsc#1012628). - spi: lpspi: Fix use-after-free on unbind (bsc#1012628). - spi: Introduce device-managed SPI controller allocation (bsc#1012628). - spi: npcm-fiu: Don't leak SPI master in probe error path (bsc#1012628). - spi: bcm2835aux: Fix use-after-free on unbind (bsc#1012628). - regulator: pfuze100: limit pfuze-support-disable-sw to pfuze{100,200} (bsc#1012628). - regulator: fix memory leak with repeated set_machine_constraints() (bsc#1012628). - regulator: avoid resolve_supply() infinite recursion (bsc#1012628). - regulator: workaround self-referent regulators (bsc#1012628). - gfs2: Fix regression in freeze_go_sync (bsc#1012628). - xtensa: fix TLBTEMP area placement (bsc#1012628). - xtensa: disable preemption around cache alias management calls (bsc#1012628). - mac80211: minstrel: remove deferred sampling code (bsc#1012628). - mac80211: minstrel: fix tx status processing corner case (bsc#1012628). - s390: fix system call exit path (bsc#1012628). - s390/cpum_sf.c: fix file permission for cpum_sfb_size (bsc#1012628). - s390/dasd: fix null pointer dereference for ERP requests (bsc#1012628). - Drivers: hv: vmbus: Allow cleanup of VMBUS_CONNECT_CPU if disconnected (bsc#1012628). - drm/amd/display: Add missing pflip irq for dcn2.0 (bsc#1012628). - drm/i915: Handle max_bpc==16 (bsc#1012628). - drm/i915/tgl: Fix Media power gate sequence (bsc#1012628). - io_uring: don't double complete failed reissue request (bsc#1012628). - mmc: sdhci-pci: Prefer SDR25 timing for High Speed mode for BYT-based Intel controllers (bsc#1012628). - mmc: sdhci-of-arasan: Allow configuring zero tap values (bsc#1012628). - mmc: sdhci-of-arasan: Use Mask writes for Tap delays (bsc#1012628). - mmc: sdhci-of-arasan: Issue DLL reset explicitly (bsc#1012628). - blk-cgroup: fix a hd_struct leak in blkcg_fill_root_iostats (bsc#1012628). - ptrace: Set PF_SUPERPRIV when checking capability (bsc#1012628). - seccomp: Set PF_SUPERPRIV when checking capability (bsc#1012628). - fanotify: fix logic of reporting name info with watched parent (bsc#1012628). - x86/microcode/intel: Check patch signature before saving microcode for early loading (bsc#1012628). - mm: never attempt async page lock if we've transferred data already (bsc#1012628). - mm: fix readahead_page_batch for retry entries (bsc#1012628). - mm: memcg/slab: fix root memcg vmstats (bsc#1012628). - mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault() (bsc#1012628). - Update config files. - commit 1b55838 - Update config files (bsc#1179102). Set AMIGA_PARTITION=y wherever AFFS_FS=m. The AMIGA_PARTITION's Kconfig help suggests: default y if (AMIGA || AFFS_FS=y). And we enable Amiga FS in some configs, but don't enable support for Amiga partitions. That is a bit pointless. So fix this. - commit cc720a5 ==== lvm2 ==== Subpackages: liblvm2cmd2_03 - Update lvm2.spec file (bsc#1177533) - in %postun, disable restart blk-availability.service & lvm2-monitor.service ==== lvm2-device-mapper ==== Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03 - Update lvm2.spec file (bsc#1177533) - in %postun, disable restart blk-availability.service & lvm2-monitor.service ==== python-pyzmq ==== Version update (19.0.2 -> 20.0.0) - update to version 20.0.0: * fix build with ZeroMQ 4.3.3 * drops support for Python < 3.5 * Respect $PKG_CONFIG env for finding libzmq when building from source * :meth:`.Socket.bind` and :meth:`.Socket.connect` can now be used as context managers. * Hold GIL while calling ``zmq_curve_`` functions, which may fix apparent threadsafety issues. - skip_test_tracker.patch: refreshed ==== zeromq ==== Version update (4.3.2 -> 4.3.3) - New upstream version 4.3.3: * Denial-of-Service on CURVE/ZAP-protected servers by unauthenticated clients. (CVE-2020-15166, bsc#1176116) If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able to exchange any message. Handshakes complete successfully, and messages are delivered to the library, but the server application never receives them. For more information see the security advisory: https://github.com/zeromq/libzmq/security/advisories/GHSA-25wp-cf8g-938m * Stack overflow on server running PUB/XPUB socket (CURVE disabled). The PUB/XPUB subscription store (mtrie) is traversed using recursive function calls. In the remove (unsubscription) case, the recursive calls are NOT tail calls, so even with optimizations the stack grows linearly with the length of a subscription topic. Topics are under the control of remote clients - they can send a subscription to arbitrary length topics. An attacker can thus cause a server to create an mtrie sufficiently large such that, when unsubscribing, traversal will cause a stack overflow. (bsc#1176258) For more information see the security advisory: https://github.com/zeromq/libzmq/security/advisories/GHSA-qq65-x72m-9wr8 * Memory leak in PUB server induced by malicious client(s) without CURVE/ZAP. Messages with metadata are never processed by PUB sockets, but the metadata is kept referenced in the PUB object and never freed. (bsc#1176257) For more information see the security advisory: https://github.com/zeromq/libzmq/security/advisories/GHSA-4p5v-h92w-6wxw * Memory leak in client induced by malicious server(s) without CURVE/ZAP. When a pipe processes a delimiter and is already not in active state but still has an unfinished message, the message is leaked. (bsc#1176259) For more information see the security advisory: https://github.com/zeromq/libzmq/security/advisories/GHSA-wfr2-29gj-5w87 * Heap overflow when receiving malformed ZMTP v1 packets (CURVE disabled). By crafting a packet which is not valid ZMTP v2/v3, and which has two messages larger than 8192 bytes, the decoder can be tricked into changing the recorded size of the 8192 bytes static buffer, which then gets overflown by the next message. The content that gets written in the overflown memory is entirely decided by the sender. (bsc#1176256) For more information see the security advisory: https://github.com/zeromq/libzmq/security/advisories/GHSA-fc3w-qxf5-7hp6 For complete list of changes, see https://github.com/zeromq/libzmq/releases/tag/v4.3.3

1 0

[opensuse-kubic] MicroOS (Desktop) and PolicyKit stuff
by Dario Faggioli 02 Dec '20

02 Dec '20

Hello, I was having a look at that little issue that we have with MicroOS Desktop asking passwords every 3 seconds, and I think I bumped into something I'm not sure I understand. So, one operation for which it asks for the root password (when it shouldn't, e.g., Tumbleweed doesn't, for doing that) is when I plug an USB key. In order to understand what is going on, I added some logging to polkitd, and here's what I've found. On Tumbleweed: nov 26 11:57:27 Palanthas polkitd[14840]: <no filename>:2: action=[Action id='com.endlessm.ParentalControls.AppFilter.ReadOwn'] nov 26 11:57:27 Palanthas polkitd[14840]: <no filename>:3: subject=[Subject pid=2321 user='dario' groups=audio,bin,dialout,docker,kvm,lp,mail,tty,video,vnc,wheel,dario,users,libvirt,osc seat=null session=nul> nov 26 11:57:27 Palanthas polkitd[14840]: <no filename>:1027: com.endlessm.ParentalControls.AppFilter.ReadOwn => yes On MicroOS: nov 26 10:27:31 Wayrath polkitd[9619]: <no filename>:2: action=[Action id='org.freedesktop.udisks2.filesystem-mount' device='/dev/sdd1' polkit.message='Authentication is required to mount $(drive)' partition> nov 26 10:27:31 Wayrath polkitd[9619]: <no filename>:3: subject=[Subject pid=1754 user='dario' groups=users,wheel,dario seat=null session=null local=true active=true] nov 26 10:27:31 Wayrath polkitd[9619]: <no filename>:1026: org.freedesktop.udisks2.filesystem-mount => auth_admin So, why 'yes' on one hand and 'auth_admin' on the other? Well, the code is in /etc/polkit-1/rules.d/90-default-privs.rules (at the bottom). There's a big array with all the actions and, on Tumbleweed, I have this, for the action above: 'org.freedesktop.udisks2.filesystem-mount': [ 'auth_admin', 'auth_admin', 'yes' ], While on MicroOS: 'org.freedesktop.udisks2.filesystem-mount': [ 'auth_admin', 'auth_admin', 'auth_admin' ], So here's from where 'yes' and 'auth_admin' come from. Now, let's do the same dance again. Tumbleweed: $ rpm -qf /etc/polkit-1/rules.d/90-default-privs.rules polkit-default-privs-1550+20201119.2c1dce4-1.1.noarch MicroOS $ rpm -qf /etc/polkit-1/rules.d/90-default-privs.rules polkit-default-privs-1550+20201119.2c1dce4-1.1.noarch So, same package, different content. I'm sure there's a way to understand why that is, probably looking at: https://build.opensuse.org/package/view_file/openSUSE:Factory/polkit-defaul… And: https://github.com/openSUSE/polkit-default-privs And I plan to do so, but I haven't had the time yet. However, it's definitely not my field. So, if anyone more knowledgeable on these matters want to beat me at it, please, feel free :-) Thanks and Regards -- Dario Faggioli, Ph.D http://about.me/dario.faggioli Virtualization Software Engineer SUSE Labs, SUSE https://www.suse.com/ ------------------------------------------------------------------- <<This happens because _I_ choose it to happen!>> (Raistlin Majere)

5 13

New MicroOS snapshot 20201130 released!
by Richard Brown 01 Dec '20

01 Dec '20

Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version… https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: kernel-source (5.9.10 -> 5.9.11) lvm2 lvm2-device-mapper zeromq (4.3.2 -> 4.3.3) === Details === ==== kernel-source ==== Version update (5.9.10 -> 5.9.11) - spi: bcm2835aux: Restore err assignment in bcm2835aux_spi_probe (git-fixes). - commit 91426ef - Linux 5.9.11 (bsc#1012628). - ah6: fix error return code in ah6_input() (bsc#1012628). - atm: nicstar: Unmap DMA on send error (bsc#1012628). - bnxt_en: read EEPROM A2h address using page 0 (bsc#1012628). - devlink: Add missing genlmsg_cancel() in devlink_nl_sb_port_pool_fill() (bsc#1012628). - enetc: Workaround for MDIO register access issue (bsc#1012628). - Exempt multicast addresses from five-second neighbor lifetime (bsc#1012628). - inet_diag: Fix error path to cancel the meseage in inet_req_diag_fill() (bsc#1012628). - ipv6: Fix error path to cancel the meseage (bsc#1012628). - lan743x: fix issue causing intermittent kernel log warnings (bsc#1012628). - lan743x: prevent entire kernel HANG on open, for some platforms (bsc#1012628). - mlxsw: core: Use variable timeout for EMAD retries (bsc#1012628). - net: b44: fix error return code in b44_init_one() (bsc#1012628). - net: bridge: add missing counters to ndo_get_stats64 callback (bsc#1012628). - netdevsim: set .owner to THIS_MODULE (bsc#1012628). - net: dsa: mv88e6xxx: Avoid VTU corruption on 6097 (bsc#1012628). - net: ethernet: mtk-star-emac: fix error return code in mtk_star_enable() (bsc#1012628). - net: ethernet: mtk-star-emac: return ok when xmit drops (bsc#1012628). - net: ethernet: ti: am65-cpts: update ret when ptp_clock is ERROR (bsc#1012628). - net: ethernet: ti: cpsw: fix cpts irq after suspend (bsc#1012628). - net: ethernet: ti: cpsw: fix error return code in cpsw_probe() (bsc#1012628). - net: ftgmac100: Fix crash when removing driver (bsc#1012628). - net: Have netpoll bring-up DSA management interface (bsc#1012628). - net: ipa: lock when freeing transaction (bsc#1012628). - netlabel: fix our progress tracking in netlbl_unlabel_staticlist() (bsc#1012628). - netlabel: fix an uninitialized warning in netlbl_unlabel_staticlist() (bsc#1012628). - net: lantiq: Wait for the GPHY firmware to be ready (bsc#1012628). - net/mlx4_core: Fix init_hca fields offset (bsc#1012628). - net/mlx5e: Fix refcount leak on kTLS RX resync (bsc#1012628). - net/ncsi: Fix netlink registration (bsc#1012628). - net: phy: mscc: remove non-MACSec compatible phy (bsc#1012628). - net: qualcomm: rmnet: Fix incorrect receive packet handling during cleanup (bsc#1012628). - net/smc: fix direct access to ib_gid_addr->ndev in smc_ib_determine_gid() (bsc#1012628). - net: stmmac: Use rtnl_lock/unlock on netif_set_real_num_rx_queues() call (bsc#1012628). - net/tls: fix corrupted data in recvmsg (bsc#1012628). - net: x25: Increase refcnt of "struct x25_neigh" in x25_rx_call_request (bsc#1012628). - page_frag: Recover from memory pressure (bsc#1012628). - qed: fix error return code in qed_iwarp_ll2_start() (bsc#1012628). - qed: fix ILT configuration of SRC block (bsc#1012628). - qlcnic: fix error return code in qlcnic_83xx_restart_hw() (bsc#1012628). - sctp: change to hold/put transport for proto_unreach_timer (bsc#1012628). - tcp: only postpone PROBE_RTT if RTT is < current min_rtt estimate (bsc#1012628). - vsock: forward all packets to the host when no H2G is registered (bsc#1012628). - net/mlx5e: Fix check if netdev is bond slave (bsc#1012628). - net/mlx5: Add handling of port type in rule deletion (bsc#1012628). - net/mlx5: Clear bw_share upon VF disable (bsc#1012628). - net/mlx5: Disable QoS when min_rates on all VFs are zero (bsc#1012628). - PM: runtime: Add pm_runtime_resume_and_get to deal with usage counter (bsc#1012628). - net: fec: Fix reference count leak in fec series ops (bsc#1012628). - bnxt_en: Fix counter overflow logic (bsc#1012628). - bnxt_en: Free port stats during firmware reset (bsc#1012628). - net: mvneta: fix possible memory leak in mvneta_swbm_add_rx_fragment (bsc#1012628). - net/tls: Fix wrong record sn in async mode of device resync (bsc#1012628). - net: usb: qmi_wwan: Set DTR quirk for MR400 (bsc#1012628). - Revert "Revert "gpio: omap: Fix lost edge wake-up interrupts"" (bsc#1012628). - tools, bpftool: Avoid array index warnings (bsc#1012628). - habanalabs/gaudi: mask WDT error in QMAN (bsc#1012628). - pinctrl: rockchip: enable gpio pclk for rockchip_gpio_to_irq (bsc#1012628). - scsi: ufs: Fix unbalanced scsi_block_reqs_cnt caused by ufshcd_hold() (bsc#1012628). - scsi: ufs: Try to save power mode change and UIC cmd completion timeout (bsc#1012628). - pinctrl: mcp23s08: Print error message when regmap init fails (bsc#1012628). - selftests: kvm: Fix the segment descriptor layout to match the actual layout (bsc#1012628). - ACPI: button: Add DMI quirk for Medion Akoya E2228T (bsc#1012628). - arm64: errata: Fix handling of 1418040 with late CPU onlining (bsc#1012628). - arm64: psci: Avoid printing in cpu_psci_cpu_die() (bsc#1012628). - arm64: smp: Tell RCU about CPUs that fail to come online (bsc#1012628). - um: Call pgtable_pmd_page_dtor() in __pmd_free_tlb() (bsc#1012628). - vfs: remove lockdep bogosity in __sb_start_write (bsc#1012628). - gfs2: fix possible reference leak in gfs2_check_blk_type (bsc#1012628). - hwmon: (pwm-fan) Fix RPM calculation (bsc#1012628). - gfs2: Fix case in which ail writes are done to jdata holes (bsc#1012628). - arm64: Add MIDR value for KRYO2XX gold/silver CPU cores (bsc#1012628). - arm64: kpti: Add KRYO2XX gold/silver CPU cores to kpti safelist (bsc#1012628). - arm64: cpu_errata: Apply Erratum 845719 to KRYO2XX Silver (bsc#1012628). - usb: dwc2: Avoid leaving the error_debugfs label unused (bsc#1012628). - arm64: dts: allwinner: beelink-gs1: Enable both RGMII RX/TX delay (bsc#1012628). - arm64: dts: allwinner: Pine H64: Enable both RGMII RX/TX delay (bsc#1012628). - arm64: dts: allwinner: a64: OrangePi Win: Fix ethernet node (bsc#1012628). - arm64: dts: allwinner: a64: Pine64 Plus: Fix ethernet node (bsc#1012628). - arm64: dts: allwinner: h5: OrangePi PC2: Fix ethernet node (bsc#1012628). - ARM: dts: sun8i: r40: bananapi-m2-ultra: Fix ethernet node (bsc#1012628). - Revert "arm: sun8i: orangepi-pc-plus: Set EMAC activity LEDs to active high" (bsc#1012628). - ARM: dts: sun6i: a31-hummingbird: Enable RGMII RX/TX delay on Ethernet PHY (bsc#1012628). - ARM: dts: sun7i: cubietruck: Enable RGMII RX/TX delay on Ethernet PHY (bsc#1012628). - ARM: dts: sun7i: bananapi-m1-plus: Enable RGMII RX/TX delay on Ethernet PHY (bsc#1012628). - ARM: dts: sun8i: h3: orangepi-plus2e: Enable RGMII RX/TX delay on Ethernet PHY (bsc#1012628). - ARM: dts: sun8i: a83t: Enable both RGMII RX/TX delay on Ethernet PHY (bsc#1012628). - ARM: dts: sun9i: Enable both RGMII RX/TX delay on Ethernet PHY (bsc#1012628). - ARM: dts: sunxi: bananapi-m2-plus: Enable RGMII RX/TX delay on Ethernet PHY (bsc#1012628). - arm64: dts: allwinner: h5: libretech-all-h5-cc: Enable RGMII RX/TX delay on PHY (bsc#1012628). - arm64: dts: allwinner: a64: bananapi-m64: Enable RGMII RX/TX delay on PHY (bsc#1012628). - Input: adxl34x - clean up a data type in adxl34x_probe() (bsc#1012628). - MIPS: export has_transparent_hugepage() for modules (bsc#1012628). - dmaengine: idxd: fix wq config registers offset programming (bsc#1012628). - arm64: dts: allwinner: h5: OrangePi Prime: Fix ethernet node (bsc#1012628). - arm64: dts: fsl: fix endianness issue of rcpm (bsc#1012628). - arm64: dts: imx8mm-beacon-som: Fix Choppy BT audio (bsc#1012628). - arm64: dts imx8mn: Remove non-existent USB OTG2 (bsc#1012628). - arm: dts: imx6qdl-udoo: fix rgmii phy-mode for ksz9031 phy (bsc#1012628). - ARM: dts: vf610-zii-dev-rev-b: Fix MDIO over clocking (bsc#1012628). - ARM: dts: imx6q-prti6q: fix PHY address (bsc#1012628). - swiotlb: using SIZE_MAX needs limits.h included (bsc#1012628). - tee: amdtee: fix memory leak due to reset of global shm list (bsc#1012628). - tee: amdtee: synchronize access to shm list (bsc#1012628). - dmaengine: xilinx_dma: Fix usage of xilinx_aximcdma_tx_segment (bsc#1012628). - dmaengine: xilinx_dma: Fix SG capability check for MCDMA (bsc#1012628). - ARM: dts: stm32: Fix TA3-GPIO-C key on STM32MP1 DHCOM PDK2 (bsc#1012628). - ARM: dts: stm32: Fix LED5 on STM32MP1 DHCOM PDK2 (bsc#1012628). - ARM: dts: stm32: Define VIO regulator supply on DHCOM (bsc#1012628). - ARM: dts: stm32: Enable thermal sensor support on stm32mp15xx-dhcor (bsc#1012628). - ARM: dts: stm32: Keep VDDA LDO1 always on on DHCOM (bsc#1012628). - arm64: dts: imx8mm: fix voltage for 1.6GHz CPU operating point (bsc#1012628). - ARM: dts: imx50-evk: Fix the chip select 1 IOMUX (bsc#1012628). - dmaengine: ti: omap-dma: Block PM if SDMA is busy to fix audio (bsc#1012628). - kunit: tool: unmark test_data as binary blobs (bsc#1012628). - rcu: Don't invoke try_invoke_on_locked_down_task() with irqs disabled (bsc#1012628). - spi: fix client driver breakages when using GPIO descriptors (bsc#1012628). - Input: resistive-adc-touch - fix kconfig dependency on IIO_BUFFER (bsc#1012628). - Input: elan_i2c - fix firmware update on newer ICs (bsc#1012628). - rfkill: Fix use-after-free in rfkill_resume() (bsc#1012628). - RDMA/pvrdma: Fix missing kfree() in pvrdma_register_device() (bsc#1012628). - RMDA/sw: Don't allow drivers using dma_virt_ops on highmem configs (bsc#1012628). - perf lock: Correct field name "flags" (bsc#1012628). - perf lock: Don't free "lock_seq_stat" if read_count isn't zero (bsc#1012628). - SUNRPC: Fix oops in the rpc_xdr_buf event class (bsc#1012628). - drm: bridge: dw-hdmi: Avoid resetting force in the detect function (bsc#1012628). - tools, bpftool: Add missing close before bpftool net attach exit (bsc#1012628). - IB/hfi1: Fix error return code in hfi1_init_dd() (bsc#1012628). - ip_tunnels: Set tunnel option flag when tunnel metadata is present (bsc#1012628). - can: af_can: prevent potential access of uninitialized member in can_rcv() (bsc#1012628). - can: af_can: prevent potential access of uninitialized member in canfd_rcv() (bsc#1012628). - can: dev: can_restart(): post buffer from the right context (bsc#1012628). - can: ti_hecc: Fix memleak in ti_hecc_probe (bsc#1012628). - can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb() (bsc#1012628). - can: peak_usb: fix potential integer overflow on shift of a int (bsc#1012628). - can: flexcan: fix failure handling of pm_runtime_get_sync() (bsc#1012628). - can: tcan4x5x: replace depends on REGMAP_SPI with depends on SPI (bsc#1012628). - can: tcan4x5x: tcan4x5x_can_probe(): add missing error checking for devm_regmap_init() (bsc#1012628). - can: tcan4x5x: tcan4x5x_can_remove(): fix order of deregistration (bsc#1012628). - can: m_can: m_can_handle_state_change(): fix state change (bsc#1012628). - can: m_can: m_can_class_free_dev(): introduce new function (bsc#1012628). - can: m_can: Fix freeing of can device from peripherials (bsc#1012628). - can: m_can: m_can_stop(): set device to software init mode before closing (bsc#1012628). - dmaengine: idxd: fix mapping of portal size (bsc#1012628). - ASoC: Intel: KMB: Fix S24_LE configuration (bsc#1012628). - ASoC: qcom: lpass-platform: Fix memory leak (bsc#1012628). - spi: cadence-quadspi: Fix error return code in cqspi_probe (bsc#1012628). - selftests/bpf: Fix error return code in run_getsockopt_test() (bsc#1012628). - MIPS: Alchemy: Fix memleak in alchemy_clk_setup_cpu (bsc#1012628). - drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind() (bsc#1012628). - net/mlx5: E-Switch, Fail mlx5_esw_modify_vport_rate if qos disabled (bsc#1012628). - bpf, sockmap: Fix partial copy_page_to_iter so progress can still be made (bsc#1012628). - bpf, sockmap: Ensure SO_RCVBUF memory is observed on ingress redirect (bsc#1012628). - can: kvaser_pciefd: Fix KCAN bittiming limits (bsc#1012628). - can: kvaser_usb: kvaser_usb_hydra: Fix KCAN bittiming limits (bsc#1012628). - dmaengine: fix error codes in channel_register() (bsc#1012628). - iommu/vt-d: Move intel_iommu_gfx_mapped to Intel IOMMU header (bsc#1012628). - iommu/vt-d: Avoid panic if iommu init fails in tboot system (bsc#1012628). - can: flexcan: flexcan_chip_start(): fix erroneous flexcan_transceiver_enable() during bus-off recovery (bsc#1012628). - can: m_can: process interrupt only when not runtime suspended (bsc#1012628). - xfs: fix the minrecs logic when dealing with inode root child blocks (bsc#1012628). - xfs: strengthen rmap record flags checking (bsc#1012628). - xfs: directory scrub should check the null bestfree entries too (bsc#1012628). - xfs: ensure inobt record walks always make forward progress (bsc#1012628). - xfs: return corresponding errcode if xfs_initialize_perag() fail (bsc#1012628). - ASOC: Intel: kbl_rt5663_rt5514_max98927: Do not try to disable disabled clock (bsc#1012628). - regulator: ti-abb: Fix array out of bound read access on the first transition (bsc#1012628). - libbpf: Fix VERSIONED_SYM_COUNT number parsing (bsc#1012628). - lib/strncpy_from_user.c: Mask out bytes after NUL terminator (bsc#1012628). - fail_function: Remove a redundant mutex unlock (bsc#1012628). - xfs: revert "xfs: fix rmap key and record comparison functions" (bsc#1012628). - selftests/seccomp: powerpc: Fix typo in macro variable name (bsc#1012628). - selftests/seccomp: sh: Fix register names (bsc#1012628). - bpf, sockmap: Skb verdict SK_PASS to self already checked rmem limits (bsc#1012628). - bpf, sockmap: On receive programs try to fast track SK_PASS ingress (bsc#1012628). - bpf, sockmap: Use truesize with sk_rmem_schedule() (bsc#1012628). - bpf, sockmap: Avoid returning unneeded EAGAIN when redirecting to self (bsc#1012628). - efi/arm: set HSCTLR Thumb2 bit correctly for HVC calls from HYP (bsc#1012628). - counter/ti-eqep: Fix regmap max_register (bsc#1012628). - efi/x86: Free efi_pgd with free_pages() (bsc#1012628). - sched/fair: Fix overutilized update in enqueue_task_fair() (bsc#1012628). - sched: Fix data-race in wakeup (bsc#1012628). - sched: Fix rq->nr_iowait ordering (bsc#1012628). - libfs: fix error cast of negative value in simple_attr_write() (bsc#1012628). - afs: Fix speculative status fetch going out of order wrt to modifications (bsc#1012628). - HID: logitech-hidpp: Add PID for MX Anywhere 2 (bsc#1012628). - HID: mcp2221: Fix GPIO output handling (bsc#1012628). - HID: logitech-dj: Handle quad/bluetooth keyboards with a builtin trackpad (bsc#1012628). - HID: logitech-dj: Fix Dinovo Mini when paired with a MX5x00 receiver (bsc#1012628). - speakup: Do not let the line discipline be used several times (bsc#1012628). - ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() (bsc#1012628). - ALSA: usb-audio: Add delay quirk for all Logitech USB devices (bsc#1012628). - ALSA: ctl: fix error path at adding user-defined element set (bsc#1012628). - ALSA: mixart: Fix mutex deadlock (bsc#1012628). - ALSA: hda/realtek - Add supported for Lenovo ThinkPad Headset Button (bsc#1012628). - ALSA: hda/realtek - Add supported mute Led for HP (bsc#1012628). - ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220) (bsc#1012628). - ALSA: hda/realtek - HP Headset Mic can't detect after boot (bsc#1012628). - tty: serial: imx: fix potential deadlock (bsc#1012628). - tty: serial: imx: keep console clocks always on (bsc#1012628). - HID: logitech-dj: Fix an error in mse_bluetooth_descriptor (bsc#1012628). - efivarfs: fix memory leak in efivarfs_create() (bsc#1012628). - staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (bsc#1012628). - staging: mt7621-pci: avoid to request pci bus resources (bsc#1012628). - iio: light: fix kconfig dependency bug for VCNL4035 (bsc#1012628). - ext4: fix bogus warning in ext4_update_dx_flag() (bsc#1012628). - xfs: fix forkoff miscalculation related to XFS_LITINO(mp) (bsc#1012628). - ACPI: fan: Initialize performance state sysfs attribute (bsc#1012628). - iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum (bsc#1012628). - iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (bsc#1012628). - iio: adc: mediatek: fix unset field (bsc#1012628). - iio: cros_ec: Use default frequencies when EC returns invalid information (bsc#1012628). - iio: imu: st_lsm6dsx: set 10ms as min shub slave timeout (bsc#1012628). - iio/adc: ingenic: Fix AUX/VBAT readings when touchscreen is used (bsc#1012628). - iio/adc: ingenic: Fix battery VREF for JZ4770 SoC (bsc#1012628). - iio: adc: stm32-adc: fix a regression when using dma and irq (bsc#1012628). - serial: ar933x_uart: disable clk on error handling path in probe (bsc#1012628). - arm64: dts: agilex/stratix10: Fix qspi node compatible (bsc#1012628). - spi: lpspi: Fix use-after-free on unbind (bsc#1012628). - spi: Introduce device-managed SPI controller allocation (bsc#1012628). - spi: npcm-fiu: Don't leak SPI master in probe error path (bsc#1012628). - spi: bcm2835aux: Fix use-after-free on unbind (bsc#1012628). - regulator: pfuze100: limit pfuze-support-disable-sw to pfuze{100,200} (bsc#1012628). - regulator: fix memory leak with repeated set_machine_constraints() (bsc#1012628). - regulator: avoid resolve_supply() infinite recursion (bsc#1012628). - regulator: workaround self-referent regulators (bsc#1012628). - gfs2: Fix regression in freeze_go_sync (bsc#1012628). - xtensa: fix TLBTEMP area placement (bsc#1012628). - xtensa: disable preemption around cache alias management calls (bsc#1012628). - mac80211: minstrel: remove deferred sampling code (bsc#1012628). - mac80211: minstrel: fix tx status processing corner case (bsc#1012628). - s390: fix system call exit path (bsc#1012628). - s390/cpum_sf.c: fix file permission for cpum_sfb_size (bsc#1012628). - s390/dasd: fix null pointer dereference for ERP requests (bsc#1012628). - Drivers: hv: vmbus: Allow cleanup of VMBUS_CONNECT_CPU if disconnected (bsc#1012628). - drm/amd/display: Add missing pflip irq for dcn2.0 (bsc#1012628). - drm/i915: Handle max_bpc==16 (bsc#1012628). - drm/i915/tgl: Fix Media power gate sequence (bsc#1012628). - io_uring: don't double complete failed reissue request (bsc#1012628). - mmc: sdhci-pci: Prefer SDR25 timing for High Speed mode for BYT-based Intel controllers (bsc#1012628). - mmc: sdhci-of-arasan: Allow configuring zero tap values (bsc#1012628). - mmc: sdhci-of-arasan: Use Mask writes for Tap delays (bsc#1012628). - mmc: sdhci-of-arasan: Issue DLL reset explicitly (bsc#1012628). - blk-cgroup: fix a hd_struct leak in blkcg_fill_root_iostats (bsc#1012628). - ptrace: Set PF_SUPERPRIV when checking capability (bsc#1012628). - seccomp: Set PF_SUPERPRIV when checking capability (bsc#1012628). - fanotify: fix logic of reporting name info with watched parent (bsc#1012628). - x86/microcode/intel: Check patch signature before saving microcode for early loading (bsc#1012628). - mm: never attempt async page lock if we've transferred data already (bsc#1012628). - mm: fix readahead_page_batch for retry entries (bsc#1012628). - mm: memcg/slab: fix root memcg vmstats (bsc#1012628). - mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault() (bsc#1012628). - Update config files. - commit 1b55838 - Update config files (bsc#1179102). Set AMIGA_PARTITION=y wherever AFFS_FS=m. The AMIGA_PARTITION's Kconfig help suggests: default y if (AMIGA || AFFS_FS=y). And we enable Amiga FS in some configs, but don't enable support for Amiga partitions. That is a bit pointless. So fix this. - commit cc720a5 ==== lvm2 ==== Subpackages: liblvm2cmd2_03 - Update lvm2.spec file (bsc#1177533) - in %postun, disable restart blk-availability.service & lvm2-monitor.service ==== lvm2-device-mapper ==== Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03 - Update lvm2.spec file (bsc#1177533) - in %postun, disable restart blk-availability.service & lvm2-monitor.service ==== zeromq ==== Version update (4.3.2 -> 4.3.3) - New upstream version 4.3.3: * Denial-of-Service on CURVE/ZAP-protected servers by unauthenticated clients. (CVE-2020-15166, bsc#1176116) If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able to exchange any message. Handshakes complete successfully, and messages are delivered to the library, but the server application never receives them. For more information see the security advisory: https://github.com/zeromq/libzmq/security/advisories/GHSA-25wp-cf8g-938m * Stack overflow on server running PUB/XPUB socket (CURVE disabled). The PUB/XPUB subscription store (mtrie) is traversed using recursive function calls. In the remove (unsubscription) case, the recursive calls are NOT tail calls, so even with optimizations the stack grows linearly with the length of a subscription topic. Topics are under the control of remote clients - they can send a subscription to arbitrary length topics. An attacker can thus cause a server to create an mtrie sufficiently large such that, when unsubscribing, traversal will cause a stack overflow. (bsc#1176258) For more information see the security advisory: https://github.com/zeromq/libzmq/security/advisories/GHSA-qq65-x72m-9wr8 * Memory leak in PUB server induced by malicious client(s) without CURVE/ZAP. Messages with metadata are never processed by PUB sockets, but the metadata is kept referenced in the PUB object and never freed. (bsc#1176257) For more information see the security advisory: https://github.com/zeromq/libzmq/security/advisories/GHSA-4p5v-h92w-6wxw * Memory leak in client induced by malicious server(s) without CURVE/ZAP. When a pipe processes a delimiter and is already not in active state but still has an unfinished message, the message is leaked. (bsc#1176259) For more information see the security advisory: https://github.com/zeromq/libzmq/security/advisories/GHSA-wfr2-29gj-5w87 * Heap overflow when receiving malformed ZMTP v1 packets (CURVE disabled). By crafting a packet which is not valid ZMTP v2/v3, and which has two messages larger than 8192 bytes, the decoder can be tricked into changing the recorded size of the 8192 bytes static buffer, which then gets overflown by the next message. The content that gets written in the overflown memory is entirely decided by the sender. (bsc#1176256) For more information see the security advisory: https://github.com/zeromq/libzmq/security/advisories/GHSA-fc3w-qxf5-7hp6 For complete list of changes, see https://github.com/zeromq/libzmq/releases/tag/v4.3.3

1 0

New Kubic snapshot 20201130 released!
by Richard Brown 01 Dec '20

01 Dec '20

Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=1&version=T… https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: kernel-source (5.9.10 -> 5.9.11) lvm2 lvm2-device-mapper python-pyzmq (19.0.2 -> 20.0.0) zeromq (4.3.2 -> 4.3.3) === Details === ==== kernel-source ==== Version update (5.9.10 -> 5.9.11) - spi: bcm2835aux: Restore err assignment in bcm2835aux_spi_probe (git-fixes). - commit 91426ef - Linux 5.9.11 (bsc#1012628). - ah6: fix error return code in ah6_input() (bsc#1012628). - atm: nicstar: Unmap DMA on send error (bsc#1012628). - bnxt_en: read EEPROM A2h address using page 0 (bsc#1012628). - devlink: Add missing genlmsg_cancel() in devlink_nl_sb_port_pool_fill() (bsc#1012628). - enetc: Workaround for MDIO register access issue (bsc#1012628). - Exempt multicast addresses from five-second neighbor lifetime (bsc#1012628). - inet_diag: Fix error path to cancel the meseage in inet_req_diag_fill() (bsc#1012628). - ipv6: Fix error path to cancel the meseage (bsc#1012628). - lan743x: fix issue causing intermittent kernel log warnings (bsc#1012628). - lan743x: prevent entire kernel HANG on open, for some platforms (bsc#1012628). - mlxsw: core: Use variable timeout for EMAD retries (bsc#1012628). - net: b44: fix error return code in b44_init_one() (bsc#1012628). - net: bridge: add missing counters to ndo_get_stats64 callback (bsc#1012628). - netdevsim: set .owner to THIS_MODULE (bsc#1012628). - net: dsa: mv88e6xxx: Avoid VTU corruption on 6097 (bsc#1012628). - net: ethernet: mtk-star-emac: fix error return code in mtk_star_enable() (bsc#1012628). - net: ethernet: mtk-star-emac: return ok when xmit drops (bsc#1012628). - net: ethernet: ti: am65-cpts: update ret when ptp_clock is ERROR (bsc#1012628). - net: ethernet: ti: cpsw: fix cpts irq after suspend (bsc#1012628). - net: ethernet: ti: cpsw: fix error return code in cpsw_probe() (bsc#1012628). - net: ftgmac100: Fix crash when removing driver (bsc#1012628). - net: Have netpoll bring-up DSA management interface (bsc#1012628). - net: ipa: lock when freeing transaction (bsc#1012628). - netlabel: fix our progress tracking in netlbl_unlabel_staticlist() (bsc#1012628). - netlabel: fix an uninitialized warning in netlbl_unlabel_staticlist() (bsc#1012628). - net: lantiq: Wait for the GPHY firmware to be ready (bsc#1012628). - net/mlx4_core: Fix init_hca fields offset (bsc#1012628). - net/mlx5e: Fix refcount leak on kTLS RX resync (bsc#1012628). - net/ncsi: Fix netlink registration (bsc#1012628). - net: phy: mscc: remove non-MACSec compatible phy (bsc#1012628). - net: qualcomm: rmnet: Fix incorrect receive packet handling during cleanup (bsc#1012628). - net/smc: fix direct access to ib_gid_addr->ndev in smc_ib_determine_gid() (bsc#1012628). - net: stmmac: Use rtnl_lock/unlock on netif_set_real_num_rx_queues() call (bsc#1012628). - net/tls: fix corrupted data in recvmsg (bsc#1012628). - net: x25: Increase refcnt of "struct x25_neigh" in x25_rx_call_request (bsc#1012628). - page_frag: Recover from memory pressure (bsc#1012628). - qed: fix error return code in qed_iwarp_ll2_start() (bsc#1012628). - qed: fix ILT configuration of SRC block (bsc#1012628). - qlcnic: fix error return code in qlcnic_83xx_restart_hw() (bsc#1012628). - sctp: change to hold/put transport for proto_unreach_timer (bsc#1012628). - tcp: only postpone PROBE_RTT if RTT is < current min_rtt estimate (bsc#1012628). - vsock: forward all packets to the host when no H2G is registered (bsc#1012628). - net/mlx5e: Fix check if netdev is bond slave (bsc#1012628). - net/mlx5: Add handling of port type in rule deletion (bsc#1012628). - net/mlx5: Clear bw_share upon VF disable (bsc#1012628). - net/mlx5: Disable QoS when min_rates on all VFs are zero (bsc#1012628). - PM: runtime: Add pm_runtime_resume_and_get to deal with usage counter (bsc#1012628). - net: fec: Fix reference count leak in fec series ops (bsc#1012628). - bnxt_en: Fix counter overflow logic (bsc#1012628). - bnxt_en: Free port stats during firmware reset (bsc#1012628). - net: mvneta: fix possible memory leak in mvneta_swbm_add_rx_fragment (bsc#1012628). - net/tls: Fix wrong record sn in async mode of device resync (bsc#1012628). - net: usb: qmi_wwan: Set DTR quirk for MR400 (bsc#1012628). - Revert "Revert "gpio: omap: Fix lost edge wake-up interrupts"" (bsc#1012628). - tools, bpftool: Avoid array index warnings (bsc#1012628). - habanalabs/gaudi: mask WDT error in QMAN (bsc#1012628). - pinctrl: rockchip: enable gpio pclk for rockchip_gpio_to_irq (bsc#1012628). - scsi: ufs: Fix unbalanced scsi_block_reqs_cnt caused by ufshcd_hold() (bsc#1012628). - scsi: ufs: Try to save power mode change and UIC cmd completion timeout (bsc#1012628). - pinctrl: mcp23s08: Print error message when regmap init fails (bsc#1012628). - selftests: kvm: Fix the segment descriptor layout to match the actual layout (bsc#1012628). - ACPI: button: Add DMI quirk for Medion Akoya E2228T (bsc#1012628). - arm64: errata: Fix handling of 1418040 with late CPU onlining (bsc#1012628). - arm64: psci: Avoid printing in cpu_psci_cpu_die() (bsc#1012628). - arm64: smp: Tell RCU about CPUs that fail to come online (bsc#1012628). - um: Call pgtable_pmd_page_dtor() in __pmd_free_tlb() (bsc#1012628). - vfs: remove lockdep bogosity in __sb_start_write (bsc#1012628). - gfs2: fix possible reference leak in gfs2_check_blk_type (bsc#1012628). - hwmon: (pwm-fan) Fix RPM calculation (bsc#1012628). - gfs2: Fix case in which ail writes are done to jdata holes (bsc#1012628). - arm64: Add MIDR value for KRYO2XX gold/silver CPU cores (bsc#1012628). - arm64: kpti: Add KRYO2XX gold/silver CPU cores to kpti safelist (bsc#1012628). - arm64: cpu_errata: Apply Erratum 845719 to KRYO2XX Silver (bsc#1012628). - usb: dwc2: Avoid leaving the error_debugfs label unused (bsc#1012628). - arm64: dts: allwinner: beelink-gs1: Enable both RGMII RX/TX delay (bsc#1012628). - arm64: dts: allwinner: Pine H64: Enable both RGMII RX/TX delay (bsc#1012628). - arm64: dts: allwinner: a64: OrangePi Win: Fix ethernet node (bsc#1012628). - arm64: dts: allwinner: a64: Pine64 Plus: Fix ethernet node (bsc#1012628). - arm64: dts: allwinner: h5: OrangePi PC2: Fix ethernet node (bsc#1012628). - ARM: dts: sun8i: r40: bananapi-m2-ultra: Fix ethernet node (bsc#1012628). - Revert "arm: sun8i: orangepi-pc-plus: Set EMAC activity LEDs to active high" (bsc#1012628). - ARM: dts: sun6i: a31-hummingbird: Enable RGMII RX/TX delay on Ethernet PHY (bsc#1012628). - ARM: dts: sun7i: cubietruck: Enable RGMII RX/TX delay on Ethernet PHY (bsc#1012628). - ARM: dts: sun7i: bananapi-m1-plus: Enable RGMII RX/TX delay on Ethernet PHY (bsc#1012628). - ARM: dts: sun8i: h3: orangepi-plus2e: Enable RGMII RX/TX delay on Ethernet PHY (bsc#1012628). - ARM: dts: sun8i: a83t: Enable both RGMII RX/TX delay on Ethernet PHY (bsc#1012628). - ARM: dts: sun9i: Enable both RGMII RX/TX delay on Ethernet PHY (bsc#1012628). - ARM: dts: sunxi: bananapi-m2-plus: Enable RGMII RX/TX delay on Ethernet PHY (bsc#1012628). - arm64: dts: allwinner: h5: libretech-all-h5-cc: Enable RGMII RX/TX delay on PHY (bsc#1012628). - arm64: dts: allwinner: a64: bananapi-m64: Enable RGMII RX/TX delay on PHY (bsc#1012628). - Input: adxl34x - clean up a data type in adxl34x_probe() (bsc#1012628). - MIPS: export has_transparent_hugepage() for modules (bsc#1012628). - dmaengine: idxd: fix wq config registers offset programming (bsc#1012628). - arm64: dts: allwinner: h5: OrangePi Prime: Fix ethernet node (bsc#1012628). - arm64: dts: fsl: fix endianness issue of rcpm (bsc#1012628). - arm64: dts: imx8mm-beacon-som: Fix Choppy BT audio (bsc#1012628). - arm64: dts imx8mn: Remove non-existent USB OTG2 (bsc#1012628). - arm: dts: imx6qdl-udoo: fix rgmii phy-mode for ksz9031 phy (bsc#1012628). - ARM: dts: vf610-zii-dev-rev-b: Fix MDIO over clocking (bsc#1012628). - ARM: dts: imx6q-prti6q: fix PHY address (bsc#1012628). - swiotlb: using SIZE_MAX needs limits.h included (bsc#1012628). - tee: amdtee: fix memory leak due to reset of global shm list (bsc#1012628). - tee: amdtee: synchronize access to shm list (bsc#1012628). - dmaengine: xilinx_dma: Fix usage of xilinx_aximcdma_tx_segment (bsc#1012628). - dmaengine: xilinx_dma: Fix SG capability check for MCDMA (bsc#1012628). - ARM: dts: stm32: Fix TA3-GPIO-C key on STM32MP1 DHCOM PDK2 (bsc#1012628). - ARM: dts: stm32: Fix LED5 on STM32MP1 DHCOM PDK2 (bsc#1012628). - ARM: dts: stm32: Define VIO regulator supply on DHCOM (bsc#1012628). - ARM: dts: stm32: Enable thermal sensor support on stm32mp15xx-dhcor (bsc#1012628). - ARM: dts: stm32: Keep VDDA LDO1 always on on DHCOM (bsc#1012628). - arm64: dts: imx8mm: fix voltage for 1.6GHz CPU operating point (bsc#1012628). - ARM: dts: imx50-evk: Fix the chip select 1 IOMUX (bsc#1012628). - dmaengine: ti: omap-dma: Block PM if SDMA is busy to fix audio (bsc#1012628). - kunit: tool: unmark test_data as binary blobs (bsc#1012628). - rcu: Don't invoke try_invoke_on_locked_down_task() with irqs disabled (bsc#1012628). - spi: fix client driver breakages when using GPIO descriptors (bsc#1012628). - Input: resistive-adc-touch - fix kconfig dependency on IIO_BUFFER (bsc#1012628). - Input: elan_i2c - fix firmware update on newer ICs (bsc#1012628). - rfkill: Fix use-after-free in rfkill_resume() (bsc#1012628). - RDMA/pvrdma: Fix missing kfree() in pvrdma_register_device() (bsc#1012628). - RMDA/sw: Don't allow drivers using dma_virt_ops on highmem configs (bsc#1012628). - perf lock: Correct field name "flags" (bsc#1012628). - perf lock: Don't free "lock_seq_stat" if read_count isn't zero (bsc#1012628). - SUNRPC: Fix oops in the rpc_xdr_buf event class (bsc#1012628). - drm: bridge: dw-hdmi: Avoid resetting force in the detect function (bsc#1012628). - tools, bpftool: Add missing close before bpftool net attach exit (bsc#1012628). - IB/hfi1: Fix error return code in hfi1_init_dd() (bsc#1012628). - ip_tunnels: Set tunnel option flag when tunnel metadata is present (bsc#1012628). - can: af_can: prevent potential access of uninitialized member in can_rcv() (bsc#1012628). - can: af_can: prevent potential access of uninitialized member in canfd_rcv() (bsc#1012628). - can: dev: can_restart(): post buffer from the right context (bsc#1012628). - can: ti_hecc: Fix memleak in ti_hecc_probe (bsc#1012628). - can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb() (bsc#1012628). - can: peak_usb: fix potential integer overflow on shift of a int (bsc#1012628). - can: flexcan: fix failure handling of pm_runtime_get_sync() (bsc#1012628). - can: tcan4x5x: replace depends on REGMAP_SPI with depends on SPI (bsc#1012628). - can: tcan4x5x: tcan4x5x_can_probe(): add missing error checking for devm_regmap_init() (bsc#1012628). - can: tcan4x5x: tcan4x5x_can_remove(): fix order of deregistration (bsc#1012628). - can: m_can: m_can_handle_state_change(): fix state change (bsc#1012628). - can: m_can: m_can_class_free_dev(): introduce new function (bsc#1012628). - can: m_can: Fix freeing of can device from peripherials (bsc#1012628). - can: m_can: m_can_stop(): set device to software init mode before closing (bsc#1012628). - dmaengine: idxd: fix mapping of portal size (bsc#1012628). - ASoC: Intel: KMB: Fix S24_LE configuration (bsc#1012628). - ASoC: qcom: lpass-platform: Fix memory leak (bsc#1012628). - spi: cadence-quadspi: Fix error return code in cqspi_probe (bsc#1012628). - selftests/bpf: Fix error return code in run_getsockopt_test() (bsc#1012628). - MIPS: Alchemy: Fix memleak in alchemy_clk_setup_cpu (bsc#1012628). - drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind() (bsc#1012628). - net/mlx5: E-Switch, Fail mlx5_esw_modify_vport_rate if qos disabled (bsc#1012628). - bpf, sockmap: Fix partial copy_page_to_iter so progress can still be made (bsc#1012628). - bpf, sockmap: Ensure SO_RCVBUF memory is observed on ingress redirect (bsc#1012628). - can: kvaser_pciefd: Fix KCAN bittiming limits (bsc#1012628). - can: kvaser_usb: kvaser_usb_hydra: Fix KCAN bittiming limits (bsc#1012628). - dmaengine: fix error codes in channel_register() (bsc#1012628). - iommu/vt-d: Move intel_iommu_gfx_mapped to Intel IOMMU header (bsc#1012628). - iommu/vt-d: Avoid panic if iommu init fails in tboot system (bsc#1012628). - can: flexcan: flexcan_chip_start(): fix erroneous flexcan_transceiver_enable() during bus-off recovery (bsc#1012628). - can: m_can: process interrupt only when not runtime suspended (bsc#1012628). - xfs: fix the minrecs logic when dealing with inode root child blocks (bsc#1012628). - xfs: strengthen rmap record flags checking (bsc#1012628). - xfs: directory scrub should check the null bestfree entries too (bsc#1012628). - xfs: ensure inobt record walks always make forward progress (bsc#1012628). - xfs: return corresponding errcode if xfs_initialize_perag() fail (bsc#1012628). - ASOC: Intel: kbl_rt5663_rt5514_max98927: Do not try to disable disabled clock (bsc#1012628). - regulator: ti-abb: Fix array out of bound read access on the first transition (bsc#1012628). - libbpf: Fix VERSIONED_SYM_COUNT number parsing (bsc#1012628). - lib/strncpy_from_user.c: Mask out bytes after NUL terminator (bsc#1012628). - fail_function: Remove a redundant mutex unlock (bsc#1012628). - xfs: revert "xfs: fix rmap key and record comparison functions" (bsc#1012628). - selftests/seccomp: powerpc: Fix typo in macro variable name (bsc#1012628). - selftests/seccomp: sh: Fix register names (bsc#1012628). - bpf, sockmap: Skb verdict SK_PASS to self already checked rmem limits (bsc#1012628). - bpf, sockmap: On receive programs try to fast track SK_PASS ingress (bsc#1012628). - bpf, sockmap: Use truesize with sk_rmem_schedule() (bsc#1012628). - bpf, sockmap: Avoid returning unneeded EAGAIN when redirecting to self (bsc#1012628). - efi/arm: set HSCTLR Thumb2 bit correctly for HVC calls from HYP (bsc#1012628). - counter/ti-eqep: Fix regmap max_register (bsc#1012628). - efi/x86: Free efi_pgd with free_pages() (bsc#1012628). - sched/fair: Fix overutilized update in enqueue_task_fair() (bsc#1012628). - sched: Fix data-race in wakeup (bsc#1012628). - sched: Fix rq->nr_iowait ordering (bsc#1012628). - libfs: fix error cast of negative value in simple_attr_write() (bsc#1012628). - afs: Fix speculative status fetch going out of order wrt to modifications (bsc#1012628). - HID: logitech-hidpp: Add PID for MX Anywhere 2 (bsc#1012628). - HID: mcp2221: Fix GPIO output handling (bsc#1012628). - HID: logitech-dj: Handle quad/bluetooth keyboards with a builtin trackpad (bsc#1012628). - HID: logitech-dj: Fix Dinovo Mini when paired with a MX5x00 receiver (bsc#1012628). - speakup: Do not let the line discipline be used several times (bsc#1012628). - ALSA: firewire: Clean up a locking issue in copy_resp_to_buf() (bsc#1012628). - ALSA: usb-audio: Add delay quirk for all Logitech USB devices (bsc#1012628). - ALSA: ctl: fix error path at adding user-defined element set (bsc#1012628). - ALSA: mixart: Fix mutex deadlock (bsc#1012628). - ALSA: hda/realtek - Add supported for Lenovo ThinkPad Headset Button (bsc#1012628). - ALSA: hda/realtek - Add supported mute Led for HP (bsc#1012628). - ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220) (bsc#1012628). - ALSA: hda/realtek - HP Headset Mic can't detect after boot (bsc#1012628). - tty: serial: imx: fix potential deadlock (bsc#1012628). - tty: serial: imx: keep console clocks always on (bsc#1012628). - HID: logitech-dj: Fix an error in mse_bluetooth_descriptor (bsc#1012628). - efivarfs: fix memory leak in efivarfs_create() (bsc#1012628). - staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (bsc#1012628). - staging: mt7621-pci: avoid to request pci bus resources (bsc#1012628). - iio: light: fix kconfig dependency bug for VCNL4035 (bsc#1012628). - ext4: fix bogus warning in ext4_update_dx_flag() (bsc#1012628). - xfs: fix forkoff miscalculation related to XFS_LITINO(mp) (bsc#1012628). - ACPI: fan: Initialize performance state sysfs attribute (bsc#1012628). - iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum (bsc#1012628). - iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (bsc#1012628). - iio: adc: mediatek: fix unset field (bsc#1012628). - iio: cros_ec: Use default frequencies when EC returns invalid information (bsc#1012628). - iio: imu: st_lsm6dsx: set 10ms as min shub slave timeout (bsc#1012628). - iio/adc: ingenic: Fix AUX/VBAT readings when touchscreen is used (bsc#1012628). - iio/adc: ingenic: Fix battery VREF for JZ4770 SoC (bsc#1012628). - iio: adc: stm32-adc: fix a regression when using dma and irq (bsc#1012628). - serial: ar933x_uart: disable clk on error handling path in probe (bsc#1012628). - arm64: dts: agilex/stratix10: Fix qspi node compatible (bsc#1012628). - spi: lpspi: Fix use-after-free on unbind (bsc#1012628). - spi: Introduce device-managed SPI controller allocation (bsc#1012628). - spi: npcm-fiu: Don't leak SPI master in probe error path (bsc#1012628). - spi: bcm2835aux: Fix use-after-free on unbind (bsc#1012628). - regulator: pfuze100: limit pfuze-support-disable-sw to pfuze{100,200} (bsc#1012628). - regulator: fix memory leak with repeated set_machine_constraints() (bsc#1012628). - regulator: avoid resolve_supply() infinite recursion (bsc#1012628). - regulator: workaround self-referent regulators (bsc#1012628). - gfs2: Fix regression in freeze_go_sync (bsc#1012628). - xtensa: fix TLBTEMP area placement (bsc#1012628). - xtensa: disable preemption around cache alias management calls (bsc#1012628). - mac80211: minstrel: remove deferred sampling code (bsc#1012628). - mac80211: minstrel: fix tx status processing corner case (bsc#1012628). - s390: fix system call exit path (bsc#1012628). - s390/cpum_sf.c: fix file permission for cpum_sfb_size (bsc#1012628). - s390/dasd: fix null pointer dereference for ERP requests (bsc#1012628). - Drivers: hv: vmbus: Allow cleanup of VMBUS_CONNECT_CPU if disconnected (bsc#1012628). - drm/amd/display: Add missing pflip irq for dcn2.0 (bsc#1012628). - drm/i915: Handle max_bpc==16 (bsc#1012628). - drm/i915/tgl: Fix Media power gate sequence (bsc#1012628). - io_uring: don't double complete failed reissue request (bsc#1012628). - mmc: sdhci-pci: Prefer SDR25 timing for High Speed mode for BYT-based Intel controllers (bsc#1012628). - mmc: sdhci-of-arasan: Allow configuring zero tap values (bsc#1012628). - mmc: sdhci-of-arasan: Use Mask writes for Tap delays (bsc#1012628). - mmc: sdhci-of-arasan: Issue DLL reset explicitly (bsc#1012628). - blk-cgroup: fix a hd_struct leak in blkcg_fill_root_iostats (bsc#1012628). - ptrace: Set PF_SUPERPRIV when checking capability (bsc#1012628). - seccomp: Set PF_SUPERPRIV when checking capability (bsc#1012628). - fanotify: fix logic of reporting name info with watched parent (bsc#1012628). - x86/microcode/intel: Check patch signature before saving microcode for early loading (bsc#1012628). - mm: never attempt async page lock if we've transferred data already (bsc#1012628). - mm: fix readahead_page_batch for retry entries (bsc#1012628). - mm: memcg/slab: fix root memcg vmstats (bsc#1012628). - mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault() (bsc#1012628). - Update config files. - commit 1b55838 - Update config files (bsc#1179102). Set AMIGA_PARTITION=y wherever AFFS_FS=m. The AMIGA_PARTITION's Kconfig help suggests: default y if (AMIGA || AFFS_FS=y). And we enable Amiga FS in some configs, but don't enable support for Amiga partitions. That is a bit pointless. So fix this. - commit cc720a5 ==== lvm2 ==== Subpackages: liblvm2cmd2_03 - Update lvm2.spec file (bsc#1177533) - in %postun, disable restart blk-availability.service & lvm2-monitor.service ==== lvm2-device-mapper ==== Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03 - Update lvm2.spec file (bsc#1177533) - in %postun, disable restart blk-availability.service & lvm2-monitor.service ==== python-pyzmq ==== Version update (19.0.2 -> 20.0.0) - update to version 20.0.0: * fix build with ZeroMQ 4.3.3 * drops support for Python < 3.5 * Respect $PKG_CONFIG env for finding libzmq when building from source * :meth:`.Socket.bind` and :meth:`.Socket.connect` can now be used as context managers. * Hold GIL while calling ``zmq_curve_`` functions, which may fix apparent threadsafety issues. - skip_test_tracker.patch: refreshed ==== zeromq ==== Version update (4.3.2 -> 4.3.3) - New upstream version 4.3.3: * Denial-of-Service on CURVE/ZAP-protected servers by unauthenticated clients. (CVE-2020-15166, bsc#1176116) If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able to exchange any message. Handshakes complete successfully, and messages are delivered to the library, but the server application never receives them. For more information see the security advisory: https://github.com/zeromq/libzmq/security/advisories/GHSA-25wp-cf8g-938m * Stack overflow on server running PUB/XPUB socket (CURVE disabled). The PUB/XPUB subscription store (mtrie) is traversed using recursive function calls. In the remove (unsubscription) case, the recursive calls are NOT tail calls, so even with optimizations the stack grows linearly with the length of a subscription topic. Topics are under the control of remote clients - they can send a subscription to arbitrary length topics. An attacker can thus cause a server to create an mtrie sufficiently large such that, when unsubscribing, traversal will cause a stack overflow. (bsc#1176258) For more information see the security advisory: https://github.com/zeromq/libzmq/security/advisories/GHSA-qq65-x72m-9wr8 * Memory leak in PUB server induced by malicious client(s) without CURVE/ZAP. Messages with metadata are never processed by PUB sockets, but the metadata is kept referenced in the PUB object and never freed. (bsc#1176257) For more information see the security advisory: https://github.com/zeromq/libzmq/security/advisories/GHSA-4p5v-h92w-6wxw * Memory leak in client induced by malicious server(s) without CURVE/ZAP. When a pipe processes a delimiter and is already not in active state but still has an unfinished message, the message is leaked. (bsc#1176259) For more information see the security advisory: https://github.com/zeromq/libzmq/security/advisories/GHSA-wfr2-29gj-5w87 * Heap overflow when receiving malformed ZMTP v1 packets (CURVE disabled). By crafting a packet which is not valid ZMTP v2/v3, and which has two messages larger than 8192 bytes, the decoder can be tricked into changing the recorded size of the 8192 bytes static buffer, which then gets overflown by the next message. The content that gets written in the overflown memory is entirely decided by the sender. (bsc#1176256) For more information see the security advisory: https://github.com/zeromq/libzmq/security/advisories/GHSA-fc3w-qxf5-7hp6 For complete list of changes, see https://github.com/zeromq/libzmq/releases/tag/v4.3.3

1 0

New ARM MicroOS snapshot 20201129 released!
by Guillaume Gardet 01 Dec '20

01 Dec '20

Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=microos&groupid=3&version… https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: Mesa (20.2.2 -> 20.2.3) Mesa-drivers (20.2.2 -> 20.2.3) bcache-tools bluez-firmware c-ares (1.16.1 -> 1.17.0) cifs-utils coreutils cpio cryptsetup dbus-1 distribution-logos-openSUSE (20190414 -> 20201117) dosfstools e2fsprogs evolution-data-server (3.38.1 -> 3.38.2) filesystem fillup findutils flatpak (1.8.2 -> 1.8.3) fuse fuse3 fwupd gcc gcc10 (10.2.1+git872 -> 10.2.1+git958) glibmm2_4 (2.64.2 -> 2.64.4) gnome-calculator (3.38.1 -> 3.38.2) gnome-control-center (3.38.1 -> 3.38.2) gnome-desktop (3.38.1 -> 3.38.2) gnome-settings-daemon gnome-shell gnome-software gnome-user-docs (3.38.1 -> 3.38.2) gpg2 (2.2.23 -> 2.2.25) gpgme (1.14.0 -> 1.15.0) grep (3.5 -> 3.6) gtk3 (3.24.23 -> 3.24.23+118) gzip hwinfo (21.70 -> 21.71) ipset (7.6 -> 7.9) kbd kernel-default-base (5.9.8 -> 5.9.10) kernel-firmware (20201023 -> 20201120) kernel-source (5.9.8 -> 5.9.10) keyutils kglobalaccel libX11 (1.6.12 -> 1.7.0) libfido2 libical libical-glib libksba (1.4.0 -> 1.5.0) libostree (2020.3 -> 2020.8) libqt5-qtbase (5.15.1 -> 5.15.2) libqt5-qtdeclarative (5.15.1 -> 5.15.2) libqt5-qtgraphicaleffects (5.15.1 -> 5.15.2) libqt5-qtlocation (5.15.1 -> 5.15.2) libqt5-qtmultimedia (5.15.1 -> 5.15.2) libqt5-qtquickcontrols (5.15.1 -> 5.15.2) libqt5-qtquickcontrols2 (5.15.1 -> 5.15.2) libqt5-qtscript (5.15.1 -> 5.15.2) libqt5-qtsensors (5.15.1 -> 5.15.2) libqt5-qtspeech (5.15.1 -> 5.15.2) libqt5-qtsvg (5.15.1 -> 5.15.2) libqt5-qttools (5.15.1 -> 5.15.2) libqt5-qtwayland (5.15.1 -> 5.15.2) libqt5-qtwebchannel (5.15.1 -> 5.15.2) libqt5-qtwebengine (5.15.1 -> 5.15.2) libqt5-qtx11extras (5.15.1 -> 5.15.2) librsvg (2.50.1 -> 2.50.2) libselinux libsepol libsigc++2 (2.10.4 -> 2.10.6) libtirpc libxkbcommon (1.0.1 -> 1.0.3) libxml2 libyui (3.12.1 -> 3.12.2) libyui-qt (2.56.2 -> 2.56.3) libzip lz4 (1.9.2 -> 1.9.3) malcontent mozilla-nss (3.57 -> 3.58) nautilus (3.38.1 -> 3.38.2) nvme-cli openssh pam (1.4.0 -> 1.5.0) patterns-microos perl perl-HTTP-Cookies (6.08 -> 6.09) polkit-default-privs (1550+20201103.994a5ed -> 1550+20201119.2c1dce4) python-attrs (20.2.0 -> 20.3.0) python-certifi (2020.6.20 -> 2020.11.8) python38 python38-core qpdf (10.0.3 -> 10.0.4) raspberrypi-firmware-dt samba (4.13.0+git.138.ff2d5480c67 -> 4.13.2+git.176.0a5e55b510c) sudo (1.9.2 -> 1.9.3p1) system-users systemd-default-settings (0.4 -> 0.5) systemd-presets-branding-openSUSE tar toolbox (1.0+git20200831.d2d2e5d -> 1.0+git20201126.3d26283) tracker tracker-miners u-boot-rpiarm64 vim (8.2.1975 -> 8.2.2039) webkit2gtk3 (2.30.2 -> 2.30.3) xprop (1.2.4 -> 1.2.5) yast2 (4.3.41 -> 4.3.44) yelp (3.38.1 -> 3.38.2) yelp-xsl (3.38.1 -> 3.38.2) zbar (0.23 -> 0.23.1) zlib === Details === ==== Mesa ==== Version update (20.2.2 -> 20.2.3) Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - update to 20.2.3 * third bugfix release for the 20.2 branch ==== Mesa-drivers ==== Version update (20.2.2 -> 20.2.3) Subpackages: Mesa-dri Mesa-gallium - update to 20.2.3 * third bugfix release for the 20.2 branch ==== bcache-tools ==== - Makefile: install bcache-status (jsc#SLE-9807, bsc#1178725) 0018-Makefile-install-bcache-status.patch - bcache-tools.spec: add '_sbindir/bcache-status' for the new added bcache-status python script (jsc#SLE-9807, bsc#1178725) ==== bluez-firmware ==== - use %_firmwaredir ==== c-ares ==== Version update (1.16.1 -> 1.17.0) - add BR for pkg-config to get the provides in the devel package - ares_dns.h, missing_header.patch: re-add missing header in last release - Version update to 1.17.0 Security: * avoid read-heap-buffer-overflow in ares_parse_soa_reply found during fuzzing * Avoid theoretical buffer overflow in RC4 loop comparison * Empty hquery->name could lead to invalid memory access * ares_parse_{a,aaaa}_reply() could return a larger *naddrttls than was passed in (bsc#1178882, CVE-2020-8277) Changes: * Update help information for adig, acountry, and ahost * Test Suite now uses dynamic system-assigned ports rather than hardcoded ports to prevent failures in containers * Detect remote DNS server does not support EDNS using rules from RFC 6891 * Source tree has been reorganized to use a more modern layout * Allow parsing of CAA Resource Record Bug fixes: * readaddrinfo bad sizeof() * Test cases should honor HAVE_WRITEV flag, not depend on WIN32 * FQDN with trailing period should be queried first * ares_getaddrinfo() was returning members of the struct as garbage values if unset, and was not honoring ai_socktype and ai_protocol hints. * ares_gethostbyname() with AF_UNSPEC and an ip address would fail * Properly document ares_set_local_ip4() uses host byte order For details, see https://c-ares.haxx.se/changelog.html - add missing upstream sources, to be removed for next release - remove unnecessary BuildRequires - fix building on SLE12 systems ==== cifs-utils ==== - prepare usrmerge (boo#1029961) ==== coreutils ==== - prepare usrmerge (boo#1029961) ==== cpio ==== - prepare usrmerge (boo#1029961) ==== cryptsetup ==== Subpackages: libcryptsetup12 - prepare usrmerge (boo#1029961) ==== dbus-1 ==== Subpackages: libdbus-1-3 - prepare usrmerge (boo#1029961) ==== distribution-logos-openSUSE ==== Version update (20190414 -> 20201117) - Add favicon.ico format - Remove obsolete Groups tag (fate#326485) ==== dosfstools ==== - prepare usrmerge (boo#1029961) ==== e2fsprogs ==== Subpackages: libcom_err2 libext2fs2 - prepare usrmerge (boo#1029961) ==== evolution-data-server ==== Version update (3.38.1 -> 3.38.2) Subpackages: libcamel-1_2-62 libebackend-1_2-10 libebook-1_2-20 libebook-contacts-1_2-3 libecal-2_0-1 libedata-book-1_2-26 libedata-cal-2_0-1 libedataserver-1_2-25 libedataserverui-1_2-2 - Update to version 3.38.2: + Calendar: Fix a possible leak in e_cal_util_parse_ics_string() + ECalCache: Avoid runtime warning from ecc_update_timezones_table() + EReminderWatcher: Default alarm range should be from the day begin + EBufferTagger: Derive link color from the theme + EBook/CalBackend: Correct free function for the pending_operations queue + Bugs fixed: glgo#GNOME/evolution-data-server#81, glgo#GNOME/evolution-data-server#257, glgo#GNOME/evolution-data-server#260, glgo#GNOME/evolution-data-server#269, glgo#GNOME/evolution-data-server#272, glgo#GNOME/evolution-data-server#273, glgo#GNOME/evolution-data-server!46, glgo#GNOME/evolution-data-server!47, glgo#GNOME/evolution-data-server!50. + Updated translations. ==== filesystem ==== - /proc and /sys should be %ghost to allow filesystem package updates in rootless container environments (rh#1548403) ==== fillup ==== - prepare usrmerge (boo#1029961) ==== findutils ==== - prepare usrmerge (boo#1029961) ==== flatpak ==== Version update (1.8.2 -> 1.8.3) Subpackages: libflatpak0 system-user-flatpak typelib-1_0-Flatpak-1_0 - Update to version 1.8.3: + Fixed progress reporting for OCI and extra-data. + The in-memory summary cache is more efficient. + Fixed authentication getting stuck in a loop in some cases. + Fixed authentication error reporting. + We now extract OCI info for runtimes as well as apps. + Fixed crash if anonymous authentication fails and -y is specified. + flatpak info now only looks at the specified installation if one is specified. + Better error reporting for server HTTP errors during download. + Uninstall now removes applications before the runtime it depends on. + Fixed test-suite to pass with the latest OSTree version. + Fixed dbus environment variables in flatpak enter. + Avoid updating metadata from the remote when uninstalling. + Fixed error message handling in various places. + FlatpakTransaction now verifies all passed in refs to avoid. + potential issues with invalid names. + Updated translations. ==== fuse ==== Subpackages: libfuse2 - prepare usrmerge (boo#1029961) ==== fuse3 ==== Subpackages: libfuse3-3 - Drop /sbin links; they do not seem to be used from anywhere. - Package "permission" is required in %post, not %pre. - Update descriptions. ==== fwupd ==== Subpackages: libfwupd2 libfwupdplugin1 typelib-1_0-Fwupd-2_0 - Obsoletes and Provides dbxtool since fwupd 1.5.0+ now embeds dbxtool in the dbxtool plugin ==== gcc ==== - BuildRequire packages we build symlinks to. [bsc#1178675] ==== gcc10 ==== Version update (10.2.1+git872 -> 10.2.1+git958) Subpackages: cpp10 libgcc_s1 libgomp1 libstdc++6 - Add gcc10-amdgcn-llvm-as.patch to fix build of amdgcn offload compiler with llvm11. - Update to gcc-10 branch head (98ba03ffe0b9f37b4916ce6238), git958. * Includes fix for memcpy miscompilation on aarch64. [bsc#1178624, bsc#1178577] - Fix 32bit libgnat.so link. [bsc#1178675] ==== glibmm2_4 ==== Version update (2.64.2 -> 2.64.4) Subpackages: libgiomm-2_4-1 libglibmm-2_4-1 - Update to version 2.64.4: + Glib: PropertyProxyConnectionNode::connect_changed(): Fix using without property name. + gmmproc: - Add optional decl_prefix parameter to _WRAP_GERROR and _WRAP_ENUM. Used for adding GLIBMM_API or similar for MS Visual C++. - Allow decorating comparison operators (for Visual Studio builds). - _CLASS_BOXEDTYPE, _CLASS_OPAQUE_COPYABLE: Fix move assignment. - Decorate private generated classes with __declspec when building with Visual Studio. - generate_wrap_init.pl.in: Use g_type_ensure(SomeClass::get_type()) to ensure that get_type() is called. + Build: - Use __declspec(dllexport) consistently when building glibmm with Visual Studio. - Meson build: Set default value of the 'warnings' option to 'min'. - Improve NMake support. - Improve Visual Studio support. - docs/reference/: Update for Doxygen >= 1.8.16. - Meson build: Fix versioning on macOS. + Documentation: - Glib::BalancedTree docs: Recommend std::map or std::unordered_map. - Meson build: Add missing Glib::Value and Variant documentation. - Add meson BuildRequires and macros, following upstreams port. - Add doxygen, graphviz-devel and xsltproc BuildRequires: Needed for building documentation. ==== gnome-calculator ==== Version update (3.38.1 -> 3.38.2) - Update to version 3.38.2: + Fixed radians and degrees preference swapped. + Updated translations. ==== gnome-control-center ==== Version update (3.38.1 -> 3.38.2) Subpackages: gnome-control-center-goa - Update to version 3.38.2: + Applications: Fix NULL hash table being unreffed. + Keyboard: Fix gtk_widget_get_can_default assertion error. + Network: Correctly detect when ethernet devices are hotplugged. + Printers: - Make printers panel have a smaller minimum width. - Fix leak of printer name in callbacks. + Sharing: Disable Tracker 3. + Sound: Update libgvc to add support for recent UCM related changes in ALSA and PulseAudio. + Users: Fix free of const string. + Wacom: Fix a critical warning if loading a cursor fails. + Updated translations. ==== gnome-desktop ==== Version update (3.38.1 -> 3.38.2) Subpackages: gnome-version libgnome-desktop-3-19 libgnome-desktop-3_0-common typelib-1_0-GnomeDesktop-3_0 - Update to version 3.38.2: + Updated translations. ==== gnome-settings-daemon ==== - No longer pass - -libexecdir=%{_libexecdir}/gnome-settings-daemon-3.0 to meson, but revert back to the default. The generated files contain use libexecdir for own generated files (correct) but also to identify where to find gnome-session-ctl, which for obvious reasons is not in libexecdir/gnome-settings-daemon-3.0. ==== gnome-shell ==== Subpackages: gnome-shell-calendar - Fix crash which can be triggerd with steam or claws mail: https://gitlab.gnome.org/GNOME/gnome-shell/-/commit/98234acd5b48a58c2d112b5… ==== gnome-software ==== Subpackages: libgnomesoftware-3_38_0 - Added gnome-packagekit as recommended dependency: gnome-software-launch-gpk-update-viewer-for-updates.patch needs gnome-packagekit to work (SLE only). ==== gnome-user-docs ==== Version update (3.38.1 -> 3.38.2) - Update to version 3.38.2: + Improvements to docs for Contacts. + Improvements to docs for Files. + Updates to docs for background settings. + Updated translations. ==== gpg2 ==== Version update (2.2.23 -> 2.2.25) - GnuPG 2.2.25: * scd: Fix regression in 2.2.24 requiring gpg --card-status before signing or decrypting * gpgsm: Using Libksba 1.5.0 signatures with a rarely used combination of attributes can now be verified - GnuPG 2.2.24: * gpg: New command --quick-revoke-sig * gpg: Do not use weak digest algos if selected by recipient preference during sign+encrypt * gpg: Switch to AES256 for symmetric encryption in de-vs mode * gpg: Silence weak digest warnings with --quiet * gpg: Print new status line CANCELED_BY_USER for a cancel during symmetric encryption * gpg: Fix the encrypt+sign hash algo preference selection for ECDSA. This is in particular needed for keys created from existing smartcard based keys * agent: Fix secret key import of GnuPG 2.3 generated Ed25519 keys * agent: Keep some permissions of private-keys-v1.d * dirmngr: Align sks-keyservers.netCA.pem use between ntbtls and gnutls builds * dirmngr: Fix the pool keyserver case for a single host in the pool * scd: Fix the use case of verify_chv2 by CHECKPIN * scd: Various improvements to the ccid-driver * scd: Minor fixes for Yubikey * gpgconf: New option --show-versions * i18n: Complete overhaul and completion of the Italian translation ==== gpgme ==== Version update (1.14.0 -> 1.15.0) Subpackages: libgpgme11 libgpgmepp6 - gpgme 1.15.0: * New function gpgme_op_setexpire to make changing the expiration easier * New function gpgme_op_revsig to revoke key signatures * Support exporting secret keys * cpp: Support for set expire operations in the C++ bindings * cpp: Support for revoking key signatures in the C++ bindings * qt: Extended ChangeExpiryJob to support changing the expiry of subkeys * qt: Extended QuickJob to support revoking of key signatures * qt: Added QDebug stream operator for GpgME::Error. * Require libgpg-error 1.36 ==== grep ==== Version update (3.5 -> 3.6) - Update to grep 3.6 * The GREP_OPTIONS environment variable no longer affects grep's behavior. * grep's DFA matcher performed an invalid regex transformation that would convert an ERE like a+a+a+ to a+a+, which would make grep a+a+a+ mistakenly match "aa". * grep -P now reports the troublesome input filename upon PCRE execution failure. - werror-return-type.patch: work around gcc bug - prepare usrmerge (boo#1029961) ==== gtk3 ==== Version update (3.24.23 -> 3.24.23+118) Subpackages: gtk3-data gtk3-schema gtk3-tools libgtk-3-0 typelib-1_0-Gtk-3_0 - Update to version 3.24.23+118: + cssnode: Bail out nicely if there is no settings (#2780). + gdk/wayland: Add support for primary-selection-unstable-v1 (#2591). + wayland: Emit dummy configure event when resizing while fixed. + colorchooser: Backport the new color palette. + gdk: Fix parent relative background crash. + Updated translations. ==== gzip ==== - prepare usrmerge (boo#1029961) ==== hwinfo ==== Version update (21.70 -> 21.71) - merge gh#openSUSE/hwinfo#89 - rework network device detection on aarch64 (bsc#1177600, bsc#1177261) - 21.71 ==== ipset ==== Version update (7.6 -> 7.9) Subpackages: libipset13 - Update to release 7.9 * Enable memory accounting for ipset allocations * Expose the initval hash parameter to userspace * Add bucketsize parameter to all hash types * Support the -exist flag with the destroy command ==== kbd ==== Subpackages: kbd-legacy - prepare usrmerge (boo#1029961) ==== kernel-default-base ==== Version update (5.9.8 -> 5.9.10) - Add wireguard (boo#1179225) ==== kernel-firmware ==== Version update (20201023 -> 20201120) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Fix build with older distros due to missing _firmwaredir - Update to version 20201120 (bc9cd0b7b0e9): including AMDGPU update (bsc#1179062) and ath11k addition (bsc#1178274) * linux-firmware: Update AMD SEV firmware * amdgpu: add sienna cichlid firmware for 20.45 * amdgpu: update vega20 firmware for 20.45 * amdgpu: update vega12 firmware for 20.45 * amdgpu: update vega10 firmware for 20.45 * amdgpu: update renoir firmware for 20.45 * amdgpu: update navi14 firmware for 20.45 * amdgpu: update navi12 firmware for 20.45 * amdgpu: update navi10 firmware for 20.45 * amdgpu: update raven2 firmware for 20.45 * amdgpu: update raven firmware for 20.45 * rtlwifi: v88.2 firmware files for RTL8192CU * rtw88: RTL8822C: Update firmware to v9.9.4 * Revert "rtw88: RTL8822C: Update firmware to v9.9.4" * vpdma: Move firmware to ti directory * amdgpu: update picasso VCN firmware * amdgpu: update raven2 VCN firmware * amdgpu: update raven VCN firmware * rtw88: RTL8822C: Update firmware to v9.9.4 * rtl_bt: Update RTL8822C BT(USB I/F) FW to 0x099A_281A * QCA: Update Bluetooth firmware for QCA6390 * qcom : updated venus firmware files for v5.4 * QCA : Fixed BT SSR due to command timeout / IO fatal error * ath11k: QCA6390 hw2.0: add to WLAN.HST.1.0.1-01740-QCAHSTSWPLZ_V2_TO_X86-1 * ath11k: QCA6390 hw2.0: add board-2.bin * ath11k: IPQ8074 hw2.0: add to WLAN.HK.2.1.0.1-01238-QCAHKSWPL_SILICONZ-2 * ath11k: IPQ8074 hw2.0: add board-2.bin * ath11k: IPQ6018 hw1.0: add to WLAN.HK.2.1.0.1-01238-QCAHKSWPL_SILICONZ-2 * ath11k: IPQ6018 hw1.0: add board-2.bin * ath10k: QCA6174 hw3.0: add firmware-sdio-6.bin version WLAN.RMH.4.4.1-00077 * ath10k: QCA9984 hw1.0: update firmware-5.bin to 10.4-3.9.0.2-00131 * ath10k: QCA9888 hw2.0: update firmware-5.bin to 10.4-3.9.0.2-00131 * ath10k: QCA6174 hw3.0: update board-2.bin * ath10k: QCA6174 hw3.0: update firmware-6.bin to WLAN.RM.4.4.1-00157-QCARMSWPZ-1 - ath11k is split into its own subpackage due to its size - Update topics list and aliases accordingly ==== kernel-source ==== Version update (5.9.8 -> 5.9.10) - rpm/kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082) - commit b7c3768 - rpm/kernel-binary.spec.in: avoid using more barewords (bsc#1179014) %split_extra still contained two. - commit d9b4c40 - mac80211: free sta in sta_info_insert_finish() on errors (git-fixes). - commit f42c89a - Linux 5.9.10 (bsc#1012628). - ACPI: GED: fix -Wformat (bsc#1012628). - KVM: x86: clflushopt should be treated as a no-op by emulation (bsc#1012628). - perf/x86/intel/uncore: Fix Add BW copypasta (bsc#1012628). - powerpc/smp: Call rcu_cpu_starting() earlier (bsc#1012628). - selftests/harness: prettify SKIP message whitespace again (bsc#1012628). - can: proc: can_remove_proc(): silence remove_proc_entry warning (bsc#1012628). - mac80211: always wind down STA state (bsc#1012628). - Input: sunkbd - avoid use-after-free in teardown paths (bsc#1012628). - leds: lm3697: Fix out-of-bound access (bsc#1012628). - selftests/powerpc: entry flush test (bsc#1012628). - powerpc: Only include kup-radix.h for 64-bit Book3S (bsc#1012628). - powerpc/64s: flush L1D after user accesses (bsc#1012628). - powerpc/64s: flush L1D on kernel entry (bsc#1012628). - selftests/powerpc: rfi_flush: disable entry flush if present (bsc#1012628). - commit 18ece1c - kernel-source.spec: Fix build with rpm 4.16 (boo#1179015). RPM_BUILD_ROOT is cleared before %%install. Do the unpack into RPM_BUILD_ROOT in %%install - commit 13bd533 - rpm/kernel-binary.spec.in: avoid using barewords (bsc#1179014) Author: Dominique Leuenberger <dimstar(a)opensuse.org> - commit 21f8205 - rpm/mkspec: do not build kernel-obs-build on x86_32 We want to use 64bit kernel due to various bugs (bsc#1178762 to name one). There is: ExportFilter: ^kernel-obs-build.*\.x86_64.rpm$ . i586 in Factory's prjconf now. No other actively maintained distro (i.e. merging packaging branch) builds a x86_32 kernel, hence pushing to packaging directly. - commit 8099b4b - RDMA/srpt: Fix typo in srpt_unregister_mad_agent docstring (git-fixes). - arm64: kexec_file: Fix sparse warning (git-fixes). - commit f76e598 - Linux 5.9.9 (bsc#1012628). - drm/i915: Hold onto an explicit ref to i915_vma_work.pinned (bsc#1012628). - drm/i915/gem: Flush coherency domains on first set-domain-ioctl (bsc#1012628). - mm: memcg: link page counters to root if use_hierarchy is false (bsc#1012628). - nbd: don't update block size after device is started (bsc#1012628). - KVM: arm64: Force PTE mapping on fault resulting in a device mapping (bsc#1012628). - xfrm: interface: fix the priorities for ipip and ipv6 tunnels (bsc#1012628). - ASoC: Intel: kbl_rt5663_max98927: Fix kabylake_ssp_fixup function (bsc#1012628). - genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY (bsc#1012628). - hv_balloon: disable warning when floor reached (bsc#1012628). - net: xfrm: fix a race condition during allocing spi (bsc#1012628). - ASoC: codecs: wsa881x: add missing stream rates and format (bsc#1012628). - spi: imx: fix runtime pm support for !CONFIG_PM (bsc#1012628). - irqchip/sifive-plic: Fix broken irq_set_affinity() callback (bsc#1012628). - kunit: Fix kunit.py --raw_output option (bsc#1012628). - kunit: Don't fail test suites if one of them is empty (bsc#1012628). - usb: gadget: fsl: fix null pointer checking (bsc#1012628). - selftests: filter kselftest headers from command in lib.mk (bsc#1012628). - ASoC: codecs: wcd934x: Set digital gain range correctly (bsc#1012628). - ASoC: codecs: wcd9335: Set digital gain range correctly (bsc#1012628). - mtd: spi-nor: Fix address width on flash chips > 16MB (bsc#1012628). - xfs: set xefi_discard when creating a deferred agfl free log intent item (bsc#1012628). - mac80211: don't require VHT elements for HE on 2.4 GHz (bsc#1012628). - netfilter: nftables: fix netlink report logic in flowtable and genid (bsc#1012628). - netfilter: use actual socket sk rather than skb sk when routing harder (bsc#1012628). - netfilter: nf_tables: missing validation from the abort path (bsc#1012628). - netfilter: ipset: Update byte and packet counters regardless of whether they match (bsc#1012628). - irqchip/sifive-plic: Fix chip_data access within a hierarchy (bsc#1012628). - powerpc/eeh_cache: Fix a possible debugfs deadlock (bsc#1012628). - drm/vc4: bo: Add a managed action to cleanup the cache (bsc#1012628). - IB/srpt: Fix memory leak in srpt_add_one (bsc#1012628). - mm: memcontrol: correct the NR_ANON_THPS counter of hierarchical memcg (bsc#1012628). - drm/panfrost: rename error labels in device_init (bsc#1012628). - drm/panfrost: move devfreq_init()/fini() in device (bsc#1012628). - drm/panfrost: Fix module unload (bsc#1012628). - perf trace: Fix segfault when trying to trace events by cgroup (bsc#1012628). - perf tools: Add missing swap for ino_generation (bsc#1012628). - perf tools: Add missing swap for cgroup events (bsc#1012628). - ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link() (bsc#1012628). - iommu/vt-d: Fix sid not set issue in intel_svm_bind_gpasid() (bsc#1012628). - iommu/vt-d: Fix a bug for PDP check in prq_event_thread (bsc#1012628). - afs: Fix warning due to unadvanced marshalling pointer (bsc#1012628). - afs: Fix incorrect freeing of the ACL passed to the YFS ACL store op (bsc#1012628). - vfio/pci: Implement ioeventfd thread handler for contended memory lock (bsc#1012628). - can: rx-offload: don't call kfree_skb() from IRQ context (bsc#1012628). - can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context (bsc#1012628). - can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames (bsc#1012628). - can: can_create_echo_skb(): fix echo skb generation: always use skb_clone() (bsc#1012628). - can: j1939: swap addr and pgn in the send example (bsc#1012628). - can: j1939: j1939_sk_bind(): return failure if netdev is down (bsc#1012628). - can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in error path (bsc#1012628). - can: xilinx_can: handle failure cases of pm_runtime_get_sync (bsc#1012628). - can: peak_usb: add range checking in decode operations (bsc#1012628). - can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping (bsc#1012628). - can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on (bsc#1012628). - can: flexcan: remove FLEXCAN_QUIRK_DISABLE_MECR quirk for LS1021A (bsc#1012628). - can: flexcan: flexcan_remove(): disable wakeup completely (bsc#1012628). - xfs: flush new eof page on truncate to avoid post-eof corruption (bsc#1012628). - xfs: fix missing CoW blocks writeback conversion retry (bsc#1012628). - xfs: fix scrub flagging rtinherit even if there is no rt device (bsc#1012628). - io_uring: ensure consistent view of original task ->mm from SQPOLL (bsc#1012628). - spi: fsl-dspi: fix wrong pointer in suspend/resume (bsc#1012628). - PCI: mvebu: Fix duplicate resource requests (bsc#1012628). - ceph: check session state after bumping session->s_seq (bsc#1012628). - selftests: core: use SKIP instead of XFAIL in close_range_test.c (bsc#1012628). - selftests: clone3: use SKIP instead of XFAIL (bsc#1012628). - selftests: binderfs: use SKIP instead of XFAIL (bsc#1012628). - x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP (bsc#1012628). - kbuild: explicitly specify the build id style (bsc#1012628). - RISC-V: Fix the VDSO symbol generaton for binutils-2.35+ (bsc#1012628). - USB: apple-mfi-fastcharge: fix reference leak in apple_mfi_fc_set_property (bsc#1012628). - tpm: efi: Don't create binary_bios_measurements file for an empty log (bsc#1012628). - KVM: arm64: ARM_SMCCC_ARCH_WORKAROUND_1 doesn't return SMCCC_RET_NOT_REQUIRED (bsc#1012628). - ath9k_htc: Use appropriate rs_datalen type (bsc#1012628). - scsi: ufs: Fix missing brace warning for old compilers (bsc#1012628). - ASoC: mediatek: mt8183-da7219: fix DAPM paths for rt1015 (bsc#1012628). - ASoC: qcom: sdm845: set driver name correctly (bsc#1012628). - ASoC: cs42l51: manage mclk shutdown delay (bsc#1012628). - ASoC: SOF: loader: handle all SOF_IPC_EXT types (bsc#1012628). - usb: dwc3: pci: add support for the Intel Alder Lake-S (bsc#1012628). - opp: Reduce the size of critical section in _opp_table_kref_release() (bsc#1012628). - usb: gadget: goku_udc: fix potential crashes in probe (bsc#1012628). - usb: raw-gadget: fix memory leak in gadget_setup (bsc#1012628). - selftests/ftrace: check for do_sys_openat2 in user-memory test (bsc#1012628). - selftests: pidfd: fix compilation errors due to wait.h (bsc#1012628). - ALSA: hda: Separate runtime and system suspend (bsc#1012628). - ALSA: hda: Reinstate runtime_allow() for all hda controllers (bsc#1012628). - x86/boot/compressed/64: Introduce sev_status (bsc#1012628). - gfs2: Free rd_bits later in gfs2_clear_rgrpd to fix use-after-free (bsc#1012628). - gfs2: Add missing truncate_inode_pages_final for sd_aspace (bsc#1012628). - gfs2: check for live vs. read-only file system in gfs2_fitrim (bsc#1012628). - scsi: hpsa: Fix memory leak in hpsa_init_one() (bsc#1012628). - drm/amdgpu: perform srbm soft reset always on SDMA resume (bsc#1012628). - drm/amd/pm: correct the baco reset sequence for CI ASICs (bsc#1012628). - drm/amd/pm: perform SMC reset on suspend/hibernation (bsc#1012628). - drm/amd/pm: do not use ixFEATURE_STATUS for checking smc running (bsc#1012628). - mac80211: fix use of skb payload instead of header (bsc#1012628). - cfg80211: initialize wdev data earlier (bsc#1012628). - cfg80211: regulatory: Fix inconsistent format argument (bsc#1012628). - wireguard: selftests: check that route_me_harder packets use the right sk (bsc#1012628). - tracing: Fix the checking of stackidx in __ftrace_trace_stack (bsc#1012628). - Revert "nvme-pci: remove last_sq_tail" (bsc#1012628). - ARC: [plat-hsdk] Remap CCMs super early in asm boot trampoline (bsc#1012628). - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1012628). - scsi: mpt3sas: Fix timeouts observed while reenabling IRQ (bsc#1012628). - nvme: introduce nvme_sync_io_queues (bsc#1012628). - nvme-rdma: avoid race between time out and tear down (bsc#1012628). - nvme-tcp: avoid race between time out and tear down (bsc#1012628). - nvme-rdma: avoid repeated request completion (bsc#1012628). - nvme-tcp: avoid repeated request completion (bsc#1012628). - iommu/amd: Increase interrupt remapping table limit to 512 entries (bsc#1012628). - s390/smp: move rcu_cpu_starting() earlier (bsc#1012628). - vfio: platform: fix reference leak in vfio_platform_open (bsc#1012628). - vfio/pci: Bypass IGD init in case of -ENODEV (bsc#1012628). - i2c: mediatek: move dma reset before i2c reset (bsc#1012628). - amd/amdgpu: Disable VCN DPG mode for Picasso (bsc#1012628). - iomap: clean up writeback state logic on writepage error (bsc#1012628). - selftests: proc: fix warning: _GNU_SOURCE redefined (bsc#1012628). - arm64: kexec_file: try more regions if loading segments fails (bsc#1012628). - riscv: Set text_offset correctly for M-Mode (bsc#1012628). - i2c: sh_mobile: implement atomic transfers (bsc#1012628). - i2c: designware: call i2c_dw_read_clear_intrbits_slave() once (bsc#1012628). - i2c: designware: slave should do WRITE_REQUESTED before WRITE_RECEIVED (bsc#1012628). - tpm_tis: Disable interrupts on ThinkPad T490s (bsc#1012628). - mfd: sprd: Add wakeup capability for PMIC IRQ (bsc#1012628). - pinctrl: intel: Fix 2 kOhm bias which is 833 Ohm (bsc#1012628). - pinctrl: intel: Set default bias in case no particular value given (bsc#1012628). - gpio: aspeed: fix ast2600 bank properties (bsc#1012628). - ARM: 9019/1: kprobes: Avoid fortify_panic() when copying optprobe template (bsc#1012628). - bpf: Don't rely on GCC __attribute__((optimize)) to disable GCSE (bsc#1012628). - libbpf, hashmap: Fix undefined behavior in hash_bits (bsc#1012628). - pinctrl: mcp23s08: Use full chunk of memory for regmap configuration (bsc#1012628). - pinctrl: aspeed: Fix GPI only function problem (bsc#1012628). - net/mlx5e: Fix modify header actions memory leak (bsc#1012628). - net/mlx5e: Protect encap route dev from concurrent release (bsc#1012628). - net/mlx5e: Use spin_lock_bh for async_icosq_lock (bsc#1012628). - net/mlx5: Fix deletion of duplicate rules (bsc#1012628). - net/mlx5: E-switch, Avoid extack error log for disabled vport (bsc#1012628). - net/mlx5e: Fix VXLAN synchronization after function reload (bsc#1012628). - net/mlx5e: Fix incorrect access of RCU-protected xdp_prog (bsc#1012628). - SUNRPC: Fix general protection fault in trace_rpc_xdr_overflow() (bsc#1012628). - NFSD: Fix use-after-free warning when doing inter-server copy (bsc#1012628). - NFSD: fix missing refcount in nfsd4_copy by nfsd4_do_async_copy (bsc#1012628). - tools/bpftool: Fix attaching flow dissector (bsc#1012628). - bpf: Zero-fill re-used per-cpu map element (bsc#1012628). - r8169: fix potential skb double free in an error path (bsc#1012628). - r8169: disable hw csum for short packets on all chip versions (bsc#1012628). - pinctrl: qcom: Move clearing pending IRQ to .irq_request_resources callback (bsc#1012628). - pinctrl: qcom: sm8250: Specify PDC map (bsc#1012628). - nbd: fix a block_device refcount leak in nbd_release (bsc#1012628). - selftest: fix flower terse dump tests (bsc#1012628). - i40e: Fix MAC address setting for a VF via Host/VM (bsc#1012628). - igc: Fix returning wrong statistics (bsc#1012628). - lan743x: correctly handle chips with internal PHY (bsc#1012628). - net: phy: realtek: support paged operations on RTL8201CP (bsc#1012628). - xfs: fix flags argument to rmap lookup when converting shared file rmaps (bsc#1012628). - xfs: set the unwritten bit in rmap lookup flags in xchk_bmap_get_rmapextents (bsc#1012628). - xfs: fix rmap key and record comparison functions (bsc#1012628). - xfs: fix brainos in the refcount scrubber's rmap fragment processor (bsc#1012628). - lan743x: fix "BUG: invalid wait context" when setting rx mode (bsc#1012628). - xfs: fix a missing unlock on error in xfs_fs_map_blocks (bsc#1012628). - of/address: Fix of_node memory leak in of_dma_is_coherent (bsc#1012628). - ch_ktls: Update cheksum information (bsc#1012628). - ch_ktls: tcb update fails sometimes (bsc#1012628). - cosa: Add missing kfree in error path of cosa_write (bsc#1012628). - hwmon: (applesmc) Re-work SMC comms (bsc#1012628). - NFS: Fix listxattr receive buffer size (bsc#1012628). - vrf: Fix fast path output packet handling with async Netfilter rules (bsc#1012628). - lan743x: fix use of uninitialized variable (bsc#1012628). - arm64/mm: Validate hotplug range before creating linear mapping (bsc#1012628). - kernel/watchdog: fix watchdog_allowed_mask not used warning (bsc#1012628). - mm: memcontrol: fix missing wakeup polling thread (bsc#1012628). - afs: Fix afs_write_end() when called with copied == 0 [ver #3] (bsc#1012628). - perf: Fix get_recursion_context() (bsc#1012628). - nvme: factor out a nvme_configure_metadata helper (bsc#1012628). - nvme: freeze the queue over ->lba_shift updates (bsc#1012628). - nvme: fix incorrect behavior when BLKROSET is called by the user (bsc#1012628). - perf: Simplify group_sched_in() (bsc#1012628). - perf: Fix event multiplexing for exclusive groups (bsc#1012628). - firmware: xilinx: fix out-of-bounds access (bsc#1012628). - erofs: fix setting up pcluster for temporary pages (bsc#1012628). - erofs: derive atime instead of leaving it empty (bsc#1012628). - ext4: correctly report "not supported" for {usr,grp}jquota when !CONFIG_QUOTA (bsc#1012628). - ext4: unlock xattr_sem properly in ext4_inline_data_truncate() (bsc#1012628). - btrfs: fix potential overflow in cluster_pages_for_defrag on 32bit arch (bsc#1012628). - btrfs: ref-verify: fix memory leak in btrfs_ref_tree_mod (bsc#1012628). - btrfs: fix min reserved size calculation in merge_reloc_root (bsc#1012628). - btrfs: dev-replace: fail mount if we don't have replace item with target device (bsc#1012628). - KVM: arm64: Don't hide ID registers from userspace (bsc#1012628). - speakup: Fix var_id_t values and thus keymap (bsc#1012628). - speakup ttyio: Do not schedule() in ttyio_in_nowait (bsc#1012628). - speakup: Fix clearing selection in safe context (bsc#1012628). - thunderbolt: Fix memory leak if ida_simple_get() fails in enumerate_services() (bsc#1012628). - thunderbolt: Add the missed ida_simple_remove() in ring_request_msix() (bsc#1012628). - uio: Fix use-after-free in uio_unregister_device() (bsc#1012628). - Revert "usb: musb: convert to devm_platform_ioremap_resource_byname" (bsc#1012628). - usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (bsc#1012628). - usb: typec: ucsi: Report power supply changes (bsc#1012628). - xhci: hisilicon: fix refercence leak in xhci_histb_probe (bsc#1012628). - virtio: virtio_console: fix DMA memory allocation for rproc serial (bsc#1012628). - mei: protect mei_cl_mtu from null dereference (bsc#1012628). - futex: Don't enable IRQs unconditionally in put_pi_state() (bsc#1012628). - jbd2: fix up sparse warnings in checkpoint code (bsc#1012628). - bootconfig: Extend the magic check range to the preceding 3 bytes (bsc#1012628). - mm/compaction: count pages and stop correctly during page isolation (bsc#1012628). - mm/compaction: stop isolation if too many pages are isolated and we have pages to migrate (bsc#1012628). - mm/slub: fix panic in slab_alloc_node() (bsc#1012628). - mm/vmscan: fix NR_ISOLATED_FILE corruption on 64-bit (bsc#1012628). - mm/gup: use unpin_user_pages() in __gup_longterm_locked() (bsc#1012628). - Revert "kernel/reboot.c: convert simple_strtoul to kstrtoint" (bsc#1012628). - reboot: fix overflow parsing reboot cpu number (bsc#1012628). - hugetlbfs: fix anon huge page migration race (bsc#1012628). - ocfs2: initialize ip_next_orphan (bsc#1012628). - hwmon: (amd_energy) modify the visibility of the counters (bsc#1012628). - selinux: Fix error return code in sel_ib_pkey_sid_slow() (bsc#1012628). - io_uring: round-up cq size before comparing with rounded sq size (bsc#1012628). - gpio: sifive: Fix SiFive gpio probe (bsc#1012628). - gpio: pcie-idio-24: Fix irq mask when masking (bsc#1012628). - gpio: pcie-idio-24: Fix IRQ Enable Register value (bsc#1012628). - gpio: pcie-idio-24: Enable PEX8311 interrupts (bsc#1012628). - mmc: sdhci-of-esdhc: Handle pulse width detection erratum for more SoCs (bsc#1012628). - mmc: renesas_sdhi_core: Add missing tmio_mmc_host_free() at remove (bsc#1012628). - don't dump the threads that had been already exiting when zapped (bsc#1012628). - drm/amd/display: Add missing pflip irq (bsc#1012628). - drm/i915: Correctly set SFC capability for video engines (bsc#1012628). - drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[] (bsc#1012628). - NFSv4.2: fix failure to unregister shrinker (bsc#1012628). - pinctrl: amd: use higher precision for 512 RtcClk (bsc#1012628). - pinctrl: amd: fix incorrect way to disable debounce filter (bsc#1012628). - swiotlb: fix "x86: Don't panic if can not alloc buffer for swiotlb" (bsc#1012628). - cpufreq: Introduce governor flags (bsc#1012628). - cpufreq: Introduce CPUFREQ_GOV_STRICT_TARGET (bsc#1012628). - cpufreq: Add strict_target to struct cpufreq_policy (bsc#1012628). - cpufreq: intel_pstate: Take CPUFREQ_GOV_STRICT_TARGET into account (bsc#1012628). - ethtool: netlink: add missing netdev_features_change() call (bsc#1012628). - IPv6: Set SIT tunnel hard_header_len to zero (bsc#1012628). - net/af_iucv: fix null pointer dereference on shutdown (bsc#1012628). - net: udp: fix IP header access and skb lookup on Fast/frag0 UDP GRO (bsc#1012628). - net: udp: fix UDP header access on Fast/frag0 UDP GRO (bsc#1012628). - net: Update window_clamp if SOCK_RCVBUF is set (bsc#1012628). - net/x25: Fix null-ptr-deref in x25_connect (bsc#1012628). - tipc: fix memory leak in tipc_topsrv_start() (bsc#1012628). - devlink: Avoid overwriting port attributes of registered port (bsc#1012628). - mptcp: provide rmem[0] limit (bsc#1012628). - tunnels: Fix off-by-one in lower MTU bounds for ICMP/ICMPv6 replies (bsc#1012628). - powerpc/603: Always fault when _PAGE_ACCESSED is not set (bsc#1012628). - null_blk: Fix scheduling in atomic with zoned mode (bsc#1012628). - perf scripting python: Avoid declaring function pointers with a visibility attribute (bsc#1012628). - coresight: etm: perf: Sink selection using sysfs is deprecated (bsc#1012628). - coresight: Fix uninitialised pointer bug in etm_setup_aux() (bsc#1012628). - Convert trailing spaces and periods in path components (bsc#1012628). - commit 21e5163 - PCI: Always enable ACS even if no ACS Capability (bsc#1178211). - commit a40af1e - loop: Fix occasional uevent drop (bsc#1177900). - block: add a return value to set_capacity_revalidate_and_notify (bsc#1177900). - commit 98395e1 - btrfs: qgroup: don't commit transaction when we already hold the handle (bsc#1178634). Update upstream status and take the upstream version. - commit 60a737e ==== keyutils ==== Subpackages: libkeyutils1 - prepare usrmerge (boo#1029961) ==== kglobalaccel ==== Subpackages: kglobalaccel5 libKF5GlobalAccel5 libKF5GlobalAccelPrivate5 - Add patch to workaround kglobalaccel breaking persistently after unclean logout (kde#429415, boo#1179033) * 0001-Revert-systemd-dbus-activation.patch ==== libX11 ==== Version update (1.6.12 -> 1.7.0) Subpackages: libX11-6 libX11-data libX11-xcb1 - Update to version 1.7.0 * libX11 version 1.7.0 includes a new API, hence the change from the 1.6 series to 1.7: XSetIOErrorExitHandler which provides a mechanism for applications to recover from I/O error conditions instead of being forced to exit. Thanks to Carlos Garnacho for this. * This release includes a bunch of bug fixes, some which have been pending for over three years: + A bunch of nls cleanups to remove obsolete entries and clean up formatting of the ist. Thanks to Benno Schulenberg for these. + Warning fixes and other cleanups across a huge swath of the library. Thanks to Alan Coopersmith for these. + Memory allocation bugs, including leaks and use after free in the locale code. Thanks to Krzesimir Nowak, Jacek Caban and Vittorio Zecca for these. + Thread safety fixes in the locale code. Thanks to Jacek Caban for these. + poll_for_response race condition fix. Thanks to Frediano Ziglio for the bulk of this effort, and to Peter Hutterer for careful review and improvements. * Version 1.7.0 includes a couple of new locales: ia and ie locales. Thanks to Carmina16 for these. * There are also numerous compose entries added, including: + |^ or ^| for ?, |v or v| for ?, ~~ for ?. Thanks to Antti Savolainen for this. + Allowing use of 'v' for caron, in addition to 'c', so things like vC for ?, vc for ?. Thanks to Benno Schulenberg for this. + Compose sequences LT, lt for '<', and GT, gt for '>' for keyboards where those are difficult to access. Thanks to Jonathan Belsewir for this. - refreshed patches en-locales.diff, p_khmer-compose.diff and p_xlib_skip_ext_env.diff ==== libfido2 ==== Subpackages: libfido2-1 libfido2-udev - Add Conflicts: to supersede version 1.0.0. This is needed for a clean upgrade path on SLE. ==== libical ==== - Add libical-read-v2-v3-data.patch: correctly read slim timezone data (bsc#1178412). ==== libical-glib ==== - Add libical-read-v2-v3-data.patch: correctly read slim timezone data (bsc#1178412). ==== libksba ==== Version update (1.4.0 -> 1.5.0) - libksba 1.5.0: * ksba_cms_identify now identifies OpenPGP keyblock content * Supports TR-03111 plain format ECDSA signature verification * Fixes a CMS signed data parser bug exhibited by a somewhat strange CMS message - remove deprecated texinfo macros and update signing keyring ==== libostree ==== Version update (2020.3 -> 2020.8) Subpackages: libostree-1-1 - Update to version 2020.8: + This release mostly contains scalability improvements and bugfixes. + Caching-related HTTP headers are now supported on summaries and signatures, so that they do not have to be re-downloaded if not changed in the meanwhile. + Summaries and delta have been reworked to allow more fine-grained fetching. + Finally, this fixes several bugs related to atomic variables, HTTP timeouts, and 32-bit architectures. - Changes from version 2020.7: + Static deltas can now be signed to more easily support offline verification. + There's now support for multiple initramfs images; the idea here is that one can have a "main" initramfs image and a secondary one which represents local configuration. + The documentation is now moved to https://ostreedev.github.io/ostree/ + Lot of preparatory cleanups to the pull code landed for upcoming work on indexing deltas outside of the summary. + On the bugfix side, the biggest one is a fix for an assertion failure when upgrading from systems before ostree supported devicetree. + Also notable is that ostree no longer hardlinks zero sized files to avoid hitting filesystem maximum link counts. - Changes from version 2020.6: + One notable feature: ostree now supports / and /boot being on the same filesystem. + Other than that it's mostly bugfixes; there is one quite important one for anyone using the readonly=true for /sysroot (which is still just Fedora CoreOS I suspect). + There's some improvements to the GObject Introspection metadata, some (cosmetic) static analyzer fixes, a fix for the immutable bit on s390x, dropping a deprecated bit in the systemd unit file, etc. - Changes from version 2020.5: + This release primarily fixes a regression in 2020.4 where the "readonly sysroot" changes incorrectly left the sysroot read-only on systems that started out with a read-only / (most of them, e.g. Fedora Silverblue/IoT at least). + There's some additions to the pull API to aid flatpak. + There were a few fixes to the man pages, and ostree show now displays the parent commit. + The default dracut config now enables reproducibility. + On the "feature" side, there is a new ostree admin unlock - -transient. We expect this to be a foundation for further support for "live" updates. - Changes from version 2020.4: + By far the biggest change in this release is new ed25519 signing support, powered by libsodium. + stree commit gained a new --base argument, which significantly simplifies constructing "derived" commits, particularly for systems using SELinux. + Handling of the read-only sysroot was reimplemented to run in the initramfs and be more reliable. Enabling the readonly=true flag in the repo config is recommended. + Several bugs were fixed in locking for the temporary "staging" directories OSTree creates, particularly on NFS. + lib: Coerce flags enums to GIR bitfields changed some values to be (correctly) flags - this may show up as incompatible for GObject Introspection consumers (but not C). + A new timestamp-check-from-rev option was added for pulls, which makes downgrade protection more reliable and will be used by Fedora CoreOS. + Several fixes and enhancements were made for "collection" pulls including a new --mirror option. + The ostree commit command learned a new --mode-ro-executables which enforces W^R semantics on all executables. + A new commit metadata key (OSTREE_COMMIT_META_KEY_ARCHITECTURE) was added to help standardize the architecture of the OSTree commit. This could be used on the client side for example to sanity-check that the commit matches the architecture of the machine before deploying. ==== libqt5-qtbase ==== Version update (5.15.1 -> 5.15.2) Subpackages: libQt5Concurrent5 libQt5Core5 libQt5DBus5 libQt5Gui5 libQt5Network5 libQt5PrintSupport5 libQt5Sql5 libQt5Sql5-sqlite libQt5Test5 libQt5Widgets5 libQt5Xml5 - Update to 5.15.2: * New bugfix release * For more details please see: http://code.qt.io/cgit/qt/qtbase.git/plain/dist/changes-5.15.2/?h=5.15.2 - Drop patches, now upstream: * 0001-Revert-Emit-QScreen-availableG-g-eometryChanged-on-l.patch - Pass -confirm-license option, drop duplicates - BuildRequire xcb-util - Add patch to avoid coredumps with missing display: * 0001-Avoid-SIGABRT-on-platform-plugin-initialization-fail.patch ==== libqt5-qtdeclarative ==== Version update (5.15.1 -> 5.15.2) - Update to 5.15.2: * New bugfix release * For more details please see: http://code.qt.io/cgit/qt/qtdeclarative.git/plain/dist/changes-5.15.2/?h=5.… - Refresh qtdeclarative-5.15.0-FixMaxXMaxYExtent.patch ==== libqt5-qtgraphicaleffects ==== Version update (5.15.1 -> 5.15.2) - Update to 5.15.2: * New bugfix release * For more details please see: http://code.qt.io/cgit/qt/qtgraphicaleffects.git/plain/dist/changes-5.15.2/… ==== libqt5-qtlocation ==== Version update (5.15.1 -> 5.15.2) - Update to 5.15.2: * New bugfix release * For more details please see: http://code.qt.io/cgit/qt/qtlocation.git/plain/dist/changes-5.15.2/?h=5.15.2 ==== libqt5-qtmultimedia ==== Version update (5.15.1 -> 5.15.2) - Update to 5.15.2: * New bugfix release * For more details please see: http://code.qt.io/cgit/qt/qtmultimedia.git/plain/dist/changes-5.15.2/?h=5.1… ==== libqt5-qtquickcontrols ==== Version update (5.15.1 -> 5.15.2) - Update to 5.15.2: * New bugfix release * For more details please see: http://code.qt.io/cgit/qt/qtquickcontrols.git/plain/dist/changes-5.15.2/?h=… ==== libqt5-qtquickcontrols2 ==== Version update (5.15.1 -> 5.15.2) Subpackages: libQt5QuickControls2-5 libQt5QuickTemplates2-5 - Update to 5.15.2: * New bugfix release * For more details please see: http://code.qt.io/cgit/qt/qtquickcontrols2.git/plain/dist/changes-5.15.2/?h… ==== libqt5-qtscript ==== Version update (5.15.1 -> 5.15.2) - Update to 5.15.2: * New bugfix release * For more details please see: http://code.qt.io/cgit/qt/qtscript.git/plain/dist/changes-5.15.2/?h=5.15.2 ==== libqt5-qtsensors ==== Version update (5.15.1 -> 5.15.2) - Update to 5.15.2: * New bugfix release * For more details please see: http://code.qt.io/cgit/qt/qtsensors.git/plain/dist/changes-5.15.2/?h=5.15.2 ==== libqt5-qtspeech ==== Version update (5.15.1 -> 5.15.2) - Update to 5.15.2: * New bugfix release * For more details please see: http://code.qt.io/cgit/qt/qtspeech.git/plain/dist/changes-5.15.2/?h=5.15.2 ==== libqt5-qtsvg ==== Version update (5.15.1 -> 5.15.2) - Update to 5.15.2: * New bugfix release * For more details please see: http://code.qt.io/cgit/qt/qtsvg.git/plain/dist/changes-5.15.2/?h=5.15.2 ==== libqt5-qttools ==== Version update (5.15.1 -> 5.15.2) Subpackages: libqt5-qdbus libqt5-qtpaths - Update to 5.15.2: * New bugfix release * For more details please see: http://code.qt.io/cgit/qt/qttools.git/plain/dist/changes-5.15.2/?h=5.15.2 - Fix the clang requirement for Leap 15.2. The clang headers are also in the libclang<major version> package. - Use the %pkg_version macro available since Leap 15 ==== libqt5-qtwayland ==== Version update (5.15.1 -> 5.15.2) Subpackages: libQt5WaylandClient5 libQt5WaylandCompositor5 - Update to 5.15.2: * New bugfix release * For more details please see: http://code.qt.io/cgit/qt/qtwayland.git/plain/dist/changes-5.15.2/?h=5.15.2 ==== libqt5-qtwebchannel ==== Version update (5.15.1 -> 5.15.2) - Update to 5.15.2: * New bugfix release * For more details please see: http://code.qt.io/cgit/qt/qtwebchannel.git/plain/dist/changes-5.15.2/?h=5.1… ==== libqt5-qtwebengine ==== Version update (5.15.1 -> 5.15.2) - Update to 5.15.2: * New bugfix release * For more details please see: http://code.qt.io/cgit/qt/qtwebengine.git/plain/dist/changes-5.15.2/?h=5.15… ==== libqt5-qtx11extras ==== Version update (5.15.1 -> 5.15.2) - Update to 5.15.2: * New bugfix release * For more details please see: http://code.qt.io/cgit/qt/qtx11extras.git/plain/dist/changes-5.15.2/?h=5.15… ==== librsvg ==== Version update (2.50.1 -> 2.50.2) Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2 rsvg-thumbnailer typelib-1_0-Rsvg-2_0 - Update to version 2.50.2: + Fix dx/dy offsets in nested <tspan> elements. ==== libselinux ==== Subpackages: libselinux1 selinux-tools - install to /usr (boo#1029961) ==== libsepol ==== - install to /usr (boo#1029961) ==== libsigc++2 ==== Version update (2.10.4 -> 2.10.6) - Update to version 2.10.6: + Build: Meson build: Fix versioning on macOS. + Documentation: - sigc++/sigc++.h: Describe how to use libsigc++ with Meson. - Update links to the web page, now at libsigcplusplus.github.io/libsigcplusplus. ==== libtirpc ==== Subpackages: libtirpc-netconfig libtirpc3 - install libraries to %{_libdir} (boo#1029961) ==== libxkbcommon ==== Version update (1.0.1 -> 1.0.3) Subpackages: libxkbcommon-x11-0 libxkbcommon0 - Update to release 1.0.3 * Fix (hopefully) a segfault in xkb_x11_keymap_new_from_device() in some unclear situation (bug introduced in 1.0.2). * Fix keymaps created with xkb_x11_keymap_new_from_device() do not have level names (bug introduced in 0.8.0). - Update to release 1.0.2 * Fix a bug where a keysym that cannot be resolved in a keymap gets compiled to a garbage keysym. Now it is set to XKB_KEY_NoSymbol instead. * Improve the speed of xkb_x11_keymap_new_from_device() on repeated calls in the same xkb_context(). ==== libxml2 ==== Subpackages: libxml2-2 libxml2-tools - Avoid quadratic checking of identity-constraints: [bsc#1178823] * key/unique/keyref schema attributes currently use qudratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. - Add libxml2-Avoid-quadratic-checking-of-identity-constraints.patch ==== libyui ==== Version update (3.12.1 -> 3.12.2) - Higher priority for toplevel menu shortcuts (bsc#1175489) - Dropped support for openSUSE 13.2 (or earlier) builds in .spec file - 3.12.2 ==== libyui-qt ==== Version update (2.56.2 -> 2.56.3) - Honor menu bar toplevel menu enabled/disabled and visibility state (boo#1178394 again) - 2.56.3 ==== libzip ==== - Use full _libdir path in libzip.pc ==== lz4 ==== Version update (1.9.2 -> 1.9.3) - Update to release 1.9.3 * api: LZ4_decompress_safe_partial() now supports unknown compressed size * api: improved LZ4F_compressBound() with automatic flushing * cli: multiple files are compressed now using the legacy format ==== malcontent ==== Subpackages: libmalcontent-0-0 libmalcontent-ui-0-0 typelib-1_0-Malcontent-0 - Don't actually install com.endlessm.ParentalControls.rules: this just grants 'wheel'-group members access without password; as openSUSE does not support 'wheel' by default, we only ship the file as sample file (boo#1177974#c8). ==== mozilla-nss ==== Version update (3.57 -> 3.58) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs - update to NSS 3.58 Bugs fixed: * bmo#1641480 (CVE-2020-25648) Tighten CCS handling for middlebox compatibility mode. * bmo#1631890 - Add support for Hybrid Public Key Encryption (draft-irtf-cfrg-hpke) support for TLS Encrypted Client Hello (draft-ietf-tls-esni). * bmo#1657255 - Add CI tests that disable SHA1/SHA2 ARM crypto extensions. * bmo#1668328 - Handle spaces in the Python path name when using gyp on Windows. * bmo#1667153 - Add PK11_ImportDataKey for data object import. * bmo#1665715 - Pass the embedded SCT list extension (if present) to TrustDomain::CheckRevocation instead of the notBefore value. ==== nautilus ==== Version update (3.38.1 -> 3.38.2) Subpackages: libnautilus-extension1 - Update to version 3.38.2: + Search for tracker3 in PATH. + Fix batch rename dialog crashes. + Fix double-click row check. + Updated translations. ==== nvme-cli ==== - Drop '-f' option with %service_del_postun This option shouldn't be needed besides very few special cases. But this package doesn't seem to belong to this category. ==== openssh ==== Subpackages: openssh-clients openssh-common openssh-server - Fix build breakage caused by missing security key objects: + Modify openssh-7.7p1-cavstest-ctr.patch. + Modify openssh-7.7p1-cavstest-kdf.patch. + Add openssh-link-with-sk.patch. - Add openssh-fips-ensure-approved-moduli.patch (bsc#1177939). This ensures only approved DH parameters are used in FIPS mode. - Add openssh-8.1p1-ed25519-use-openssl-rng.patch (bsc#1173799). This uses OpenSSL's RAND_bytes() directly instead of the internal ChaCha20-based implementation to obtain random bytes for Ed25519 curve computations. This is required for FIPS compliance. ==== pam ==== Version update (1.4.0 -> 1.5.0) - Update to 1.5.0 - obsoletes pam-bsc1178727-initialize-daysleft.patch - Multiple minor bug fixes, portability fixes, and documentation improvements. - Extended libpam API with pam_modutil_check_user_in_passwd function. - pam_faillock: changed /run/faillock/$USER permissions from 0600 to 0660. - pam_motd: read motd files with target user credentials skipping unreadable ones. - pam_pwhistory: added a SELinux helper executable. - pam_unix, pam_usertype: implemented avoidance of certain timing attacks. - pam_wheel: implemented PAM_RUSER fallback for the case when getlogin fails. - pam_env: Reading of the user environment is deprecated and will be removed at some point in the future. - libpam: pam_modutil_drop_priv() now correctly sets the target user's supplementary groups, allowing pam_motd to filter messages accordingly - Refresh pam-xauth_ownership.patch - pam_tally2-removal.patch: Re-add pam_tally2 for deprecated sub-package - pam_cracklib-removal.patch: Re-add pam_cracklib for deprecated sub-package - pam_cracklib: added code to check whether the password contains a substring of of the user's name of at least <N> characters length in some form. This is enabled by the new parameter "usersubstr=<N>" See https://github.com/libpwquality/libpwquality/commit/bfef79dbe6aa525e9557bf4… [jsc#SLE-16719, jsc#SLE-16720, pam-pam_cracklib-add-usersubstr.patch] - pam_xauth.c: do not free() a string which has been (successfully) passed to putenv(). [bsc#1177858, pam-bsc1177858-dont-free-environment-string.patch] - Initialize pam_unix pam_sm_acct_mgmt() local variable "daysleft" to avoid spurious (and misleading) Warning: your password will expire in ... days. fixed upstream with commit db6b293046a [bsc#1178727, pam-bsc1178727-initialize-daysleft.patch] - Enable pam_faillock [bnc#1171562] - /usr/bin/xauth chokes on the old user's $HOME being on an NFS file system. Run /usr/bin/xauth using the old user's uid/gid Patch courtesy of Dr. Werner Fink. [bsc#1174593, pam-xauth_ownership.patch] - pam-login_defs-check.sh: Fix the regexp to get a real variable list (boo#1164274). - Revert the previous change [SR#815713]. The group is not necessary for PAM functionality but used only during testing. The test system should therefore create this group. [bsc#1171016, pam.spec] - Add requirement for group "wheel" to spec file. [bsc#1171016, pam.spec] ==== patterns-microos ==== Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-desktop-gnome patterns-microos-desktop-kde patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-selinux patterns-microos-sssd_ldap - Add udisks2 and upower to the Plasma desktop pattern - GNOME: encrypt/decript files from Nautilus * we need both the extension and the package providing /usr/bin/seahorse-daemon * Seahorse, the app, is _not_ installed as it's available on flathub - GNOME pattern package changes: * drop file roller RPM as there is org.gnome.FileRoller * add some packages that I've (as well as most users that have tried MicroOS desktop recently) found useful during initial setup * while there, update a comment about using Requires vs. Recommends ==== perl ==== Subpackages: perl-base - Correct perl license According to https://dev.perl.org/licenses/ perl is licensed under the artistic license or the GPL 1.0 or later ==== perl-HTTP-Cookies ==== Version update (6.08 -> 6.09) - updated to 6.09 see /usr/share/doc/packages/perl-HTTP-Cookies/Changes 6.09 2020-11-19 22:20:47Z - Allow HttpOnly cookies to be loaded by HTTP::Cookies::Netscape (GH#63) (Charlie Hothersall-Thomas) ==== polkit-default-privs ==== Version update (1550+20201103.994a5ed -> 1550+20201119.2c1dce4) - Update to version 1550+20201119.2c1dce4: - cleanup of dead and inconsistent polkit actions: * profiles: drop the now rather confusing comment from nwfilter-binding actions * profiles: harmonize and normalize profile syntax and style * profiles: harmonize spice-space.lowlevelusbaccess actions * profiles: remove dead pantheon actions * profiles: remove dead org.gnome.DejaDup.duplicity action * profiles: drop dead com.redhat.tuned.gui.run action * profiles: fix brltty action(s) * profiles: remove dead netvisix action * profiles: realmd.discover-realm action: fix restrictive any setting * profiles: remove dead com.redhat.lvm2.* actions * profiles: group together org.kde.powerdevil actions * profiles: remove dead org.kde.powerdevil.backlighthelper actions * profiles: fix FirewallD1.info action in standard profile * profiles: remove dead org.kde.baloo action * profiles: remove dead kwallet actions and fix kwallet5 restrictive setting * profiles: selinux actions: make restrictive profile no weaker than upstream * profiles: remove dead gufw pkexec action * profiles: adjust mate actions better to upstream defaults * profiles: remove dead org.libvirt.api.newfilter.bind-* actions * profiles: clear dead nepomuk.filewatch.raiselimit action * profiles: remove dead kcmlightdm actions * profiles: adjust gnome.controlcenter actions better to upstream defaults * profiles: remove dead org.kde.recorditnow helper * profiles: remove dead de.berlios.smb4k.mounthelper actions * profiles: adjust user-administration action better to upstream defaults * profiles: cleanup urfkill actions * profiles: adjust ModemManager1 actions better to upstream settings * profiles: cleanup ModemManager actions * profiles: sync hp.driveguard.* actions with upstream settings * profiles: gnome settings, xfce backlight-helper actions: sanitize settings * profiles: cleanup dead and sync existing org.gnome actions * profiles: sync timedate1 actions in restrictive profile with standard profile * profiles: remove dead sytemd1.bus-access action * profiles: remove dead org.kde actions * profiles: make org.kde settings no weaker than upstream settings * profiles: remove leftover dead yast actions * profiles: remove dead yast.modules.yapi actions * profiles: remove dead yast.modules.ysr actions * profiles: remove dead yast.modules actions * profiles: remove dead yast.module-manager and yast.scr actions * profiles: remove dead upower actions * profiles: add missing udisks2 actions in restrictive profile * profiles: remove dead udisks (1) actions * profiles: remove dead policykit.lockdown action, harmonize .exec setting * profiles: adjust RealtimeKit actions to upstream settings * profiles: remove dead SuSEfirewall2 zone switcher action * profiles: remove dead backupmanager action * profiles: remove dead smpppd action * profiles: remove dead consolekit actions * profiles: polkit example action run-frobnicate: adjust to upstream settings * profiles: remove dead org.gnome.policykit.examples.* actions * profiles: remove unused pulseaudio realtime actions * profiles: cleanup PackageKit actions * profiles: cleanup gnome-settings-daemon actions * profiles: cleanup network manager actions * profiles: cleanup outdated PolicyKit actions ==== python-attrs ==== Version update (20.2.0 -> 20.3.0) - update to 20.3.0: - ``attr.define()``, ``attr.frozen()``, ``attr.mutable()``, and ``attr.field()`` remain **provisional**. ==== python-certifi ==== Version update (2020.6.20 -> 2020.11.8) - update to 2020.11.8: * Python 3.8+ support - Add two-basic-unit-tests.patch which includes two at least simple test patches (gh#certifi/python-certifi#137). ==== python38 ==== - The Python stdlib >= does not provide importlib_metadata or importlib_resources but importlib.metadata and importlib.resources. If a package specifically asks for importlib_*, they actually require the dedicated package with extended API. ==== python38-core ==== Subpackages: libpython3_8-1_0 python38-base - The Python stdlib >= does not provide importlib_metadata or importlib_resources but importlib.metadata and importlib.resources. If a package specifically asks for importlib_*, they actually require the dedicated package with extended API. ==== qpdf ==== Version update (10.0.3 -> 10.0.4) - Update to version 10.0.4 * Fix a handful of integer overflows. ==== raspberrypi-firmware-dt ==== - Introduce upstream-overlay-rpi-poe.patch to adapt the overlay to our driver (jsc#SLE-16543) ==== samba ==== Version update (4.13.0+git.138.ff2d5480c67 -> 4.13.2+git.176.0a5e55b510c) Subpackages: libdcerpc-binding0 libdcerpc0 libndr-krb5pac0 libndr-nbt0 libndr-standard0 libndr1 libnetapi0 libsamba-credentials0 libsamba-errors0 libsamba-hostconfig0 libsamba-passdb0 libsamba-util0 libsamdb0 libsmbclient0 libsmbconf0 libsmbldap2 libtevent-util0 libwbclient0 samba-client samba-libs samba-libs-python3 - Update to 4.13.2 + s3: modules: vfs_glusterfs: Fix leak of char **lines onto mem_ctx on return; (bso#14486); + RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special; (bso#14471); + smb.conf.5: Add clarification how configuration changes reflected by Samba; (bso#14538); + daemons: Report status to systemd even when running in foreground; (bso#14552); + DNS Resolver: Support both dnspython before and after 2.0.0; (bso#14553); + s3-vfs_glusterfs: Refuse connection when write-behind xlator is present; (bso#14486); + provision: Add support for BIND 9.16.x; (bso#14487); + ctdb-common: Avoid aliasing errors during code optimization; (bso#14537); + libndr: Avoid assigning duplicate versions to symbols; (bso#14541); + docs: Fix default value of spoolss:architecture; (bso#14522); + winbind: Fix a memleak; (bso#14388); + s4:dsdb:acl_read: Implement "List Object" mode feature; (bso#14531); + docs-xml/manpages: Add warning about write-behind translator for vfs_glusterfs; (bso#14486); + nsswitch/nsstest.c: Avoid nss function conflicts with glibc nss.h. + vfs_shadow_copy2: Avoid closing snapsdir twice; (bso#14530); + third_party: Update resolv_wrapper to version 1.1.7; (bso#14547); + examples:auth: Do not install example plugin; (bso#14550); + ctdb-recoverd: Drop unnecessary and broken code; (bso#14513); + RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special; (bso#14471); - Adjust smbcacls '--propagate-inheritance' feature to align with upstream; (bsc#1178469). - Update to samba 4.13.1 + CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records; (bsc#1177613); (bso#14472); + CVE-2020-14323: Unprivileged user can crash winbind; (bsc#1173994); (bso#14436); + CVE-2020-14318: Missing handle permissions check in SMB1/2/3 ChangeNotify; (bsc#1173902); (bso#14434); - Adjust systemd tmpfiles.d configuration, use /run/samba instead of /var/run/samba; (bsc#1177355); - Fix vfs_ceph query_directory regression; (bso#14519) - Drop liburing-devel for SLE15-SP2; (bsc#1177245) - Register CTDB recovery lock holder with ceph-mgr - Add liburing-devel dependency ==== sudo ==== Version update (1.9.2 -> 1.9.3p1) - Update to 1.9.3p1 * Fixed a regression introduced in sudo 1.9.3 where the configure script would not detect the crypt(3) function if it was present in the C library, not an additional library. * Fixed a regression introduced in sudo 1.8.23 with shadow passwd file authentication on OpenBSD. BSD authentication was not affected. * Sudo now logs when a user-specified command-line option is rejected by a sudoers rule. Previously, these conditions were written to the audit log, but the default sudo log file. Affected command line arguments include -C (--close-from), -D (--chdir), - R (--chroot), -g (--group) and -u (--user). - News in 1.9.3 * Fixed building the Python plugin on systems with a compiler that doesn't support symbol hiding. * Sudo now uses a linker script to hide symbols even when the compiler has native symbol hiding support. This should make it easier to detect omissions in the symbol exports file, regardless of the platform. * Fixed the libssl dependency in Debian packages for older releases that use libssl1.0.0. * Sudo and visudo now provide more detailed messages when a syntax error is detected in sudoers. The offending line and token are now displayed. If the parser was generated by GNU bison, additional information about what token was expected is also displayed. Bug #841. * Sudoers rules must now end in either a newline or the end-of-file. Previously, it was possible to have multiple rules on a single line, separated by white space. The use of an end-of-line terminator makes it possible to display accurate error messages. * Sudo no longer refuses to run if a syntax error in the sudoers file is encountered. The entry with the syntax error will be discarded and sudo will continue to parse the file. This makes recovery from a syntax error less painful on systems where sudo is the primary method of superuser access. The historic behavior can be restored by add "error_recovery=false" to the sudoers plugin's optional arguments in sudo.conf. Bug #618. * Fixed the sample_approval plugin's symbol exports file for systems where the compiler doesn't support symbol hiding. * Fixed a regression introduced in sudo 1.9.1 where arguments to the "sudoers_policy" plugin in sudo.conf were not being applied. The sudoers file is now parsed by the "sudoers_audit" plugin, which is loaded implicitly when "sudoers_policy" is listed in sudo.conf. Starting with sudo 1.9.3, if there are plugin arguments for "sudoers_policy" but "sudoers_audit" is not listed, those arguments will be applied to "sudoers_audit" instead. * The user's resource limits are now passed to sudo plugins in the user_info[] list. A plugin cannot determine the limits itself because sudo changes the limits while it runs to prevent resource starvation. * It is now possible to set the working directory or change the root directory on a per-command basis using the CWD and CHROOT options. There are also new Defaults settings, runchroot and runcwd, that can be used to set the working directory or root directory on a more global basis. * New -D (--chdir) and -R (--chroot) command line options can be used to set the working directory or root directory if the sudoers file allows it. This functionality is not enabled by default and must be explicitly enabled in the sudoers file. - add sudo-1.9.3p1-pam_xauth.patch to stay setuid until just before executing the command. Fixes a problem with pam_xauth which checks effective and real uids to get the real identity of the user [bsc#1174593] ==== system-users ==== Subpackages: system-group-hardware system-user-lp system-user-nobody - Add qemu user to kvm group - Add system account and groups for kvm, qemu, and libvirt (jsc#SLE-11629) New files: system-group-kvm.conf, system-group-libvirt.conf, system-user-qemu.conf ==== systemd-default-settings ==== Version update (0.4 -> 0.5) Subpackages: systemd-default-settings-branding-SLE systemd-default-settings-branding-openSUSE - Issue a daemon-reload in %post of the main package - Import 0.5 0c5e241 SLE: turn off RemoveIPC by default for logind (fate#320125) cb6914f SLE: restore ProtectHostname=no for udevd (bsc#1178374) 7e332a6 Add a header in all each drop-ins 465e1c7 Makefile: simplify 'archive' target ==== systemd-presets-branding-openSUSE ==== - Fix package description mention of 'systemd-presets-common-SUSE' ==== tar ==== - prepare usrmerge (boo#1029961) ==== toolbox ==== Version update (1.0+git20200831.d2d2e5d -> 1.0+git20201126.3d26283) - Update to version 1.0+git20201126.3d26283: * Make it easier to use custom images (#10) * Update toolbox doc (#9) ==== tracker ==== - split out the datafiles that are required by the tracker-miners ==== tracker-miners ==== Subpackages: tracker-miner-files - require the newly split out tracker-data-files ==== u-boot-rpiarm64 ==== Subpackages: u-boot-rpiarm64-doc - Added u-boot tools binaries to tools package - Add pinebook-pro-rk3399 support ==== vim ==== Version update (8.2.1975 -> 8.2.2039) Subpackages: vim-data-common vim-small - Updated to version 8.2.2039, fixes the following problems * Cannot backspace in prompt buffer after using cursor-left. (Maxim Kim) * Vim9: error for using a string in a condition is confusing. * Making a mapping work in all modes is complicated. * "term_opencmd" option of term_start() is truncated. (Sergey Vlasov) * Vim9: some tests are not done at the script level. * MinGW: parallel compilation might fail. * Quickfix window not updated when adding invalid entries. * ml_get error when using <Cmd> to open a terminal. * Cannot use :vimgrep in omni completion, causing C completion to fail. * Crash when closing terminal popup with <Cmd> mapping. * Expression test is flaky on Appveyor. * Still in Insert mode when opening terminal popup with a <Cmd> mapping in Insert mode. * Info popup triggers WinEnter and WinLeave autocommands. * Cursor position wrong in terminal popup with finished job. * Coverity warns for not using the ga_grow() return value. * Build fails with small features. * Occasional failure of the netbeans test. * The popup menu can cause too much redrawing. * Vim9: invalid error for argument of extend(). * Window changes when using bufload() while in a terminal popup. * Terminal Cmd test sometimes fails to close popup. * Terminal popup test sometimes fails. * Vim9: dict.key assignment not implemented yet. * Vim9: :def function does not apply 'maxfuncdepth'. * Vim9: lambda argument shadowed by function name. * Build error with +conceal but without +popupwin. * Compiler warning for uninitialized variable. * Redoing a mapping with <Cmd> doesn't work properly. * .pbtxt files are not recognized. * Test for insert mode in popup is not reliable. * Vim9: compiling fails for unreachable return statement. * "syn sync" reports a very large number. * Vim9: confusing error message when using bool wrongly. * Vim9: not skipping white space after unary minus. * Using CTRL-O in a prompt buffer moves cursor to start of the line. * Vim9: literal dict #{} is not like any other language. * Swap file test is a little flaky. * Missing part of the dict change. * Vim9: script variable not found from lambda. * Swap file test fails on MS-Windows. * Some compilers do not like the "namespace" argument. * Vim9: get E1099 when autocommand resets did_emsg. * Vim9: star command recognized errornously. * Vim: memory leak when :execute fails. * Flicker when redrawing a popup with a title and border. * Amiga: Not all colors are used on OS4. * Coverity warns for possibly using not NUL terminated string. * Coverity warns for uninitialized field. * Coverity warns for using an uninitialized variable. * Coverity warns for not checking return value. * Some tests fail on Mac. * Some tests fail when run under valgrind. * Cabalconfig and cabalproject filetypes not recognized. * Vim9: :def without argument gives compilation error. * Vim9: list unpack in for statement not compiled yet. * Current buffer is messed up if creating a new buffer for the quickfix window fails. * Compiler test depends on list of compiler plugins. * Viminfo is not written when creating a new file. ==== webkit2gtk3 ==== Version update (2.30.2 -> 2.30.3) Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 webkit2gtk-4_0-injected-bundles - Update to version 2.30.3 (boo#1179122): + Add new build option USE(64KB_PAGE_BLOCK). + Fix backdrop filters with rounded borders. + Fix scrolling iframes when async scrolling is enabled. + Allow applications to handle drag and drop on the web view again. + Update Outlook user agent quirk. + Fix the build with video support disabled. + Fix several crashes and rendering issues. + Security fixes: CVE-2020-13584, CVE-2020-9983. - Drop webkit2gtk3-fdo-soname.patch: fixed upstream. - Rebase webkit-process.patch. ==== xprop ==== Version update (1.2.4 -> 1.2.5) - Update to version 1.2.5 * Add missing `-help` function * Make output with unknown width terminal the same as old code * Free string list returned from XmbTextPropertyToTextList * Correct icon buffer width computation for truecolor terminals * Check return value from ioctl(TIOCGWINSZ) * Don't display icons if they would line-wrap. * Break down memory allocation logic and fix overallocating for UTF8. * Fix aspect ratio for icon display by using two characters per icon pixel. * Support true color output for icons if the terminal advertises it. * Fix formatting of back-to-back not shown icons. ==== yast2 ==== Version update (4.3.41 -> 4.3.44) - prepare usrmerge: install legacy symlinks via spec file only (boo#1029961) - CWM ComboBox: an editable ComboBox will not alter the list of items when the current value is not part of the list as it uses the original list which could be already modified (bsc#1177137) - 4.3.43 - CWM ComboBox: reverted the addition of the current_items method (bsc#1177137) - 4.3.42 ==== yelp ==== Version update (3.38.1 -> 3.38.2) Subpackages: libyelp0 - Update to version 3.38.2: + Fix crash when reloading local document. ==== yelp-xsl ==== Version update (3.38.1 -> 3.38.2) - Update to version 3.38.2: + Updated translations. ==== zbar ==== Version update (0.23 -> 0.23.1) - Update to version 0.23.1 * Add i18n translation support and add a pt_BR translation * Change default to autodetect python and gtk versions * Some documentation updates * Add support for binary data extraction * Add support for raw decoding without charset conversions * Add one shot scanning mode * Fix help messages * Fix some makefile issues * Fix error detection in video4linux read * Fix pkgconfig for zbar-qt5 * Fix a double-free condition - Add 0002-get-rid-of-gettext_h.patch ==== zlib ==== Subpackages: libminizip1 libz1 - Fix hw compression on z15 bsc#1176201 - Add zlib-s390x-z15-fix-hw-compression.patch

1 0

New ARM Kubic snapshot 20201129 released!
by Guillaume Gardet 01 Dec '20

01 Dec '20

Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=3&version=T… https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: bcache-tools c-ares (1.16.1 -> 1.17.0) coreutils cpio cryptsetup dbus-1 dosfstools e2fsprogs filesystem fillup findutils fuse fuse3 gcc10 (10.2.1+git872 -> 10.2.1+git958) gpg2 (2.2.23 -> 2.2.25) gpgme (1.14.0 -> 1.15.0) grep (3.5 -> 3.6) gzip hwinfo (21.70 -> 21.71) ipset (7.6 -> 7.9) kbd kernel-default-base (5.9.8 -> 5.9.10) kernel-firmware (20201023 -> 20201120) kernel-source (5.9.8 -> 5.9.10) keyutils kubernetes1.18 kured (1.5.0 -> 1.5.1) libfido2 libksba (1.4.0 -> 1.5.0) libselinux libsepol libtirpc libxml2 lz4 (1.9.2 -> 1.9.3) mozilla-nss (3.57 -> 3.58) nvme-cli openssh pam (1.4.0 -> 1.5.0) patterns-microos perl python-attrs (20.2.0 -> 20.3.0) python-certifi (2020.6.20 -> 2020.11.8) python38 python38-core raspberrypi-firmware-dt salt sudo (1.9.2 -> 1.9.3p1) system-users systemd-default-settings (0.4 -> 0.5) tar toolbox (1.0+git20200831.d2d2e5d -> 1.0+git20201126.3d26283) u-boot-rpiarm64 vim (8.2.1975 -> 8.2.2039) yast2 (4.3.41 -> 4.3.44) zlib === Details === ==== bcache-tools ==== - Makefile: install bcache-status (jsc#SLE-9807, bsc#1178725) 0018-Makefile-install-bcache-status.patch - bcache-tools.spec: add '_sbindir/bcache-status' for the new added bcache-status python script (jsc#SLE-9807, bsc#1178725) ==== c-ares ==== Version update (1.16.1 -> 1.17.0) - add BR for pkg-config to get the provides in the devel package - ares_dns.h, missing_header.patch: re-add missing header in last release - Version update to 1.17.0 Security: * avoid read-heap-buffer-overflow in ares_parse_soa_reply found during fuzzing * Avoid theoretical buffer overflow in RC4 loop comparison * Empty hquery->name could lead to invalid memory access * ares_parse_{a,aaaa}_reply() could return a larger *naddrttls than was passed in (bsc#1178882, CVE-2020-8277) Changes: * Update help information for adig, acountry, and ahost * Test Suite now uses dynamic system-assigned ports rather than hardcoded ports to prevent failures in containers * Detect remote DNS server does not support EDNS using rules from RFC 6891 * Source tree has been reorganized to use a more modern layout * Allow parsing of CAA Resource Record Bug fixes: * readaddrinfo bad sizeof() * Test cases should honor HAVE_WRITEV flag, not depend on WIN32 * FQDN with trailing period should be queried first * ares_getaddrinfo() was returning members of the struct as garbage values if unset, and was not honoring ai_socktype and ai_protocol hints. * ares_gethostbyname() with AF_UNSPEC and an ip address would fail * Properly document ares_set_local_ip4() uses host byte order For details, see https://c-ares.haxx.se/changelog.html - add missing upstream sources, to be removed for next release - remove unnecessary BuildRequires - fix building on SLE12 systems ==== coreutils ==== - prepare usrmerge (boo#1029961) ==== cpio ==== - prepare usrmerge (boo#1029961) ==== cryptsetup ==== Subpackages: libcryptsetup12 - prepare usrmerge (boo#1029961) ==== dbus-1 ==== Subpackages: libdbus-1-3 - prepare usrmerge (boo#1029961) ==== dosfstools ==== - prepare usrmerge (boo#1029961) ==== e2fsprogs ==== Subpackages: libcom_err2 libext2fs2 - prepare usrmerge (boo#1029961) ==== filesystem ==== - /proc and /sys should be %ghost to allow filesystem package updates in rootless container environments (rh#1548403) ==== fillup ==== - prepare usrmerge (boo#1029961) ==== findutils ==== - prepare usrmerge (boo#1029961) ==== fuse ==== - prepare usrmerge (boo#1029961) ==== fuse3 ==== - Drop /sbin links; they do not seem to be used from anywhere. - Package "permission" is required in %post, not %pre. - Update descriptions. ==== gcc10 ==== Version update (10.2.1+git872 -> 10.2.1+git958) Subpackages: libgcc_s1 libgomp1 libstdc++6 - Add gcc10-amdgcn-llvm-as.patch to fix build of amdgcn offload compiler with llvm11. - Update to gcc-10 branch head (98ba03ffe0b9f37b4916ce6238), git958. * Includes fix for memcpy miscompilation on aarch64. [bsc#1178624, bsc#1178577] - Fix 32bit libgnat.so link. [bsc#1178675] ==== gpg2 ==== Version update (2.2.23 -> 2.2.25) - GnuPG 2.2.25: * scd: Fix regression in 2.2.24 requiring gpg --card-status before signing or decrypting * gpgsm: Using Libksba 1.5.0 signatures with a rarely used combination of attributes can now be verified - GnuPG 2.2.24: * gpg: New command --quick-revoke-sig * gpg: Do not use weak digest algos if selected by recipient preference during sign+encrypt * gpg: Switch to AES256 for symmetric encryption in de-vs mode * gpg: Silence weak digest warnings with --quiet * gpg: Print new status line CANCELED_BY_USER for a cancel during symmetric encryption * gpg: Fix the encrypt+sign hash algo preference selection for ECDSA. This is in particular needed for keys created from existing smartcard based keys * agent: Fix secret key import of GnuPG 2.3 generated Ed25519 keys * agent: Keep some permissions of private-keys-v1.d * dirmngr: Align sks-keyservers.netCA.pem use between ntbtls and gnutls builds * dirmngr: Fix the pool keyserver case for a single host in the pool * scd: Fix the use case of verify_chv2 by CHECKPIN * scd: Various improvements to the ccid-driver * scd: Minor fixes for Yubikey * gpgconf: New option --show-versions * i18n: Complete overhaul and completion of the Italian translation ==== gpgme ==== Version update (1.14.0 -> 1.15.0) - gpgme 1.15.0: * New function gpgme_op_setexpire to make changing the expiration easier * New function gpgme_op_revsig to revoke key signatures * Support exporting secret keys * cpp: Support for set expire operations in the C++ bindings * cpp: Support for revoking key signatures in the C++ bindings * qt: Extended ChangeExpiryJob to support changing the expiry of subkeys * qt: Extended QuickJob to support revoking of key signatures * qt: Added QDebug stream operator for GpgME::Error. * Require libgpg-error 1.36 ==== grep ==== Version update (3.5 -> 3.6) - Update to grep 3.6 * The GREP_OPTIONS environment variable no longer affects grep's behavior. * grep's DFA matcher performed an invalid regex transformation that would convert an ERE like a+a+a+ to a+a+, which would make grep a+a+a+ mistakenly match "aa". * grep -P now reports the troublesome input filename upon PCRE execution failure. - werror-return-type.patch: work around gcc bug - prepare usrmerge (boo#1029961) ==== gzip ==== - prepare usrmerge (boo#1029961) ==== hwinfo ==== Version update (21.70 -> 21.71) - merge gh#openSUSE/hwinfo#89 - rework network device detection on aarch64 (bsc#1177600, bsc#1177261) - 21.71 ==== ipset ==== Version update (7.6 -> 7.9) Subpackages: libipset13 - Update to release 7.9 * Enable memory accounting for ipset allocations * Expose the initval hash parameter to userspace * Add bucketsize parameter to all hash types * Support the -exist flag with the destroy command ==== kbd ==== Subpackages: kbd-legacy - prepare usrmerge (boo#1029961) ==== kernel-default-base ==== Version update (5.9.8 -> 5.9.10) - Add wireguard (boo#1179225) ==== kernel-firmware ==== Version update (20201023 -> 20201120) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Fix build with older distros due to missing _firmwaredir - Update to version 20201120 (bc9cd0b7b0e9): including AMDGPU update (bsc#1179062) and ath11k addition (bsc#1178274) * linux-firmware: Update AMD SEV firmware * amdgpu: add sienna cichlid firmware for 20.45 * amdgpu: update vega20 firmware for 20.45 * amdgpu: update vega12 firmware for 20.45 * amdgpu: update vega10 firmware for 20.45 * amdgpu: update renoir firmware for 20.45 * amdgpu: update navi14 firmware for 20.45 * amdgpu: update navi12 firmware for 20.45 * amdgpu: update navi10 firmware for 20.45 * amdgpu: update raven2 firmware for 20.45 * amdgpu: update raven firmware for 20.45 * rtlwifi: v88.2 firmware files for RTL8192CU * rtw88: RTL8822C: Update firmware to v9.9.4 * Revert "rtw88: RTL8822C: Update firmware to v9.9.4" * vpdma: Move firmware to ti directory * amdgpu: update picasso VCN firmware * amdgpu: update raven2 VCN firmware * amdgpu: update raven VCN firmware * rtw88: RTL8822C: Update firmware to v9.9.4 * rtl_bt: Update RTL8822C BT(USB I/F) FW to 0x099A_281A * QCA: Update Bluetooth firmware for QCA6390 * qcom : updated venus firmware files for v5.4 * QCA : Fixed BT SSR due to command timeout / IO fatal error * ath11k: QCA6390 hw2.0: add to WLAN.HST.1.0.1-01740-QCAHSTSWPLZ_V2_TO_X86-1 * ath11k: QCA6390 hw2.0: add board-2.bin * ath11k: IPQ8074 hw2.0: add to WLAN.HK.2.1.0.1-01238-QCAHKSWPL_SILICONZ-2 * ath11k: IPQ8074 hw2.0: add board-2.bin * ath11k: IPQ6018 hw1.0: add to WLAN.HK.2.1.0.1-01238-QCAHKSWPL_SILICONZ-2 * ath11k: IPQ6018 hw1.0: add board-2.bin * ath10k: QCA6174 hw3.0: add firmware-sdio-6.bin version WLAN.RMH.4.4.1-00077 * ath10k: QCA9984 hw1.0: update firmware-5.bin to 10.4-3.9.0.2-00131 * ath10k: QCA9888 hw2.0: update firmware-5.bin to 10.4-3.9.0.2-00131 * ath10k: QCA6174 hw3.0: update board-2.bin * ath10k: QCA6174 hw3.0: update firmware-6.bin to WLAN.RM.4.4.1-00157-QCARMSWPZ-1 - ath11k is split into its own subpackage due to its size - Update topics list and aliases accordingly ==== kernel-source ==== Version update (5.9.8 -> 5.9.10) - rpm/kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082) - commit b7c3768 - rpm/kernel-binary.spec.in: avoid using more barewords (bsc#1179014) %split_extra still contained two. - commit d9b4c40 - mac80211: free sta in sta_info_insert_finish() on errors (git-fixes). - commit f42c89a - Linux 5.9.10 (bsc#1012628). - ACPI: GED: fix -Wformat (bsc#1012628). - KVM: x86: clflushopt should be treated as a no-op by emulation (bsc#1012628). - perf/x86/intel/uncore: Fix Add BW copypasta (bsc#1012628). - powerpc/smp: Call rcu_cpu_starting() earlier (bsc#1012628). - selftests/harness: prettify SKIP message whitespace again (bsc#1012628). - can: proc: can_remove_proc(): silence remove_proc_entry warning (bsc#1012628). - mac80211: always wind down STA state (bsc#1012628). - Input: sunkbd - avoid use-after-free in teardown paths (bsc#1012628). - leds: lm3697: Fix out-of-bound access (bsc#1012628). - selftests/powerpc: entry flush test (bsc#1012628). - powerpc: Only include kup-radix.h for 64-bit Book3S (bsc#1012628). - powerpc/64s: flush L1D after user accesses (bsc#1012628). - powerpc/64s: flush L1D on kernel entry (bsc#1012628). - selftests/powerpc: rfi_flush: disable entry flush if present (bsc#1012628). - commit 18ece1c - kernel-source.spec: Fix build with rpm 4.16 (boo#1179015). RPM_BUILD_ROOT is cleared before %%install. Do the unpack into RPM_BUILD_ROOT in %%install - commit 13bd533 - rpm/kernel-binary.spec.in: avoid using barewords (bsc#1179014) Author: Dominique Leuenberger <dimstar(a)opensuse.org> - commit 21f8205 - rpm/mkspec: do not build kernel-obs-build on x86_32 We want to use 64bit kernel due to various bugs (bsc#1178762 to name one). There is: ExportFilter: ^kernel-obs-build.*\.x86_64.rpm$ . i586 in Factory's prjconf now. No other actively maintained distro (i.e. merging packaging branch) builds a x86_32 kernel, hence pushing to packaging directly. - commit 8099b4b - RDMA/srpt: Fix typo in srpt_unregister_mad_agent docstring (git-fixes). - arm64: kexec_file: Fix sparse warning (git-fixes). - commit f76e598 - Linux 5.9.9 (bsc#1012628). - drm/i915: Hold onto an explicit ref to i915_vma_work.pinned (bsc#1012628). - drm/i915/gem: Flush coherency domains on first set-domain-ioctl (bsc#1012628). - mm: memcg: link page counters to root if use_hierarchy is false (bsc#1012628). - nbd: don't update block size after device is started (bsc#1012628). - KVM: arm64: Force PTE mapping on fault resulting in a device mapping (bsc#1012628). - xfrm: interface: fix the priorities for ipip and ipv6 tunnels (bsc#1012628). - ASoC: Intel: kbl_rt5663_max98927: Fix kabylake_ssp_fixup function (bsc#1012628). - genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY (bsc#1012628). - hv_balloon: disable warning when floor reached (bsc#1012628). - net: xfrm: fix a race condition during allocing spi (bsc#1012628). - ASoC: codecs: wsa881x: add missing stream rates and format (bsc#1012628). - spi: imx: fix runtime pm support for !CONFIG_PM (bsc#1012628). - irqchip/sifive-plic: Fix broken irq_set_affinity() callback (bsc#1012628). - kunit: Fix kunit.py --raw_output option (bsc#1012628). - kunit: Don't fail test suites if one of them is empty (bsc#1012628). - usb: gadget: fsl: fix null pointer checking (bsc#1012628). - selftests: filter kselftest headers from command in lib.mk (bsc#1012628). - ASoC: codecs: wcd934x: Set digital gain range correctly (bsc#1012628). - ASoC: codecs: wcd9335: Set digital gain range correctly (bsc#1012628). - mtd: spi-nor: Fix address width on flash chips > 16MB (bsc#1012628). - xfs: set xefi_discard when creating a deferred agfl free log intent item (bsc#1012628). - mac80211: don't require VHT elements for HE on 2.4 GHz (bsc#1012628). - netfilter: nftables: fix netlink report logic in flowtable and genid (bsc#1012628). - netfilter: use actual socket sk rather than skb sk when routing harder (bsc#1012628). - netfilter: nf_tables: missing validation from the abort path (bsc#1012628). - netfilter: ipset: Update byte and packet counters regardless of whether they match (bsc#1012628). - irqchip/sifive-plic: Fix chip_data access within a hierarchy (bsc#1012628). - powerpc/eeh_cache: Fix a possible debugfs deadlock (bsc#1012628). - drm/vc4: bo: Add a managed action to cleanup the cache (bsc#1012628). - IB/srpt: Fix memory leak in srpt_add_one (bsc#1012628). - mm: memcontrol: correct the NR_ANON_THPS counter of hierarchical memcg (bsc#1012628). - drm/panfrost: rename error labels in device_init (bsc#1012628). - drm/panfrost: move devfreq_init()/fini() in device (bsc#1012628). - drm/panfrost: Fix module unload (bsc#1012628). - perf trace: Fix segfault when trying to trace events by cgroup (bsc#1012628). - perf tools: Add missing swap for ino_generation (bsc#1012628). - perf tools: Add missing swap for cgroup events (bsc#1012628). - ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link() (bsc#1012628). - iommu/vt-d: Fix sid not set issue in intel_svm_bind_gpasid() (bsc#1012628). - iommu/vt-d: Fix a bug for PDP check in prq_event_thread (bsc#1012628). - afs: Fix warning due to unadvanced marshalling pointer (bsc#1012628). - afs: Fix incorrect freeing of the ACL passed to the YFS ACL store op (bsc#1012628). - vfio/pci: Implement ioeventfd thread handler for contended memory lock (bsc#1012628). - can: rx-offload: don't call kfree_skb() from IRQ context (bsc#1012628). - can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context (bsc#1012628). - can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames (bsc#1012628). - can: can_create_echo_skb(): fix echo skb generation: always use skb_clone() (bsc#1012628). - can: j1939: swap addr and pgn in the send example (bsc#1012628). - can: j1939: j1939_sk_bind(): return failure if netdev is down (bsc#1012628). - can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in error path (bsc#1012628). - can: xilinx_can: handle failure cases of pm_runtime_get_sync (bsc#1012628). - can: peak_usb: add range checking in decode operations (bsc#1012628). - can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping (bsc#1012628). - can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on (bsc#1012628). - can: flexcan: remove FLEXCAN_QUIRK_DISABLE_MECR quirk for LS1021A (bsc#1012628). - can: flexcan: flexcan_remove(): disable wakeup completely (bsc#1012628). - xfs: flush new eof page on truncate to avoid post-eof corruption (bsc#1012628). - xfs: fix missing CoW blocks writeback conversion retry (bsc#1012628). - xfs: fix scrub flagging rtinherit even if there is no rt device (bsc#1012628). - io_uring: ensure consistent view of original task ->mm from SQPOLL (bsc#1012628). - spi: fsl-dspi: fix wrong pointer in suspend/resume (bsc#1012628). - PCI: mvebu: Fix duplicate resource requests (bsc#1012628). - ceph: check session state after bumping session->s_seq (bsc#1012628). - selftests: core: use SKIP instead of XFAIL in close_range_test.c (bsc#1012628). - selftests: clone3: use SKIP instead of XFAIL (bsc#1012628). - selftests: binderfs: use SKIP instead of XFAIL (bsc#1012628). - x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP (bsc#1012628). - kbuild: explicitly specify the build id style (bsc#1012628). - RISC-V: Fix the VDSO symbol generaton for binutils-2.35+ (bsc#1012628). - USB: apple-mfi-fastcharge: fix reference leak in apple_mfi_fc_set_property (bsc#1012628). - tpm: efi: Don't create binary_bios_measurements file for an empty log (bsc#1012628). - KVM: arm64: ARM_SMCCC_ARCH_WORKAROUND_1 doesn't return SMCCC_RET_NOT_REQUIRED (bsc#1012628). - ath9k_htc: Use appropriate rs_datalen type (bsc#1012628). - scsi: ufs: Fix missing brace warning for old compilers (bsc#1012628). - ASoC: mediatek: mt8183-da7219: fix DAPM paths for rt1015 (bsc#1012628). - ASoC: qcom: sdm845: set driver name correctly (bsc#1012628). - ASoC: cs42l51: manage mclk shutdown delay (bsc#1012628). - ASoC: SOF: loader: handle all SOF_IPC_EXT types (bsc#1012628). - usb: dwc3: pci: add support for the Intel Alder Lake-S (bsc#1012628). - opp: Reduce the size of critical section in _opp_table_kref_release() (bsc#1012628). - usb: gadget: goku_udc: fix potential crashes in probe (bsc#1012628). - usb: raw-gadget: fix memory leak in gadget_setup (bsc#1012628). - selftests/ftrace: check for do_sys_openat2 in user-memory test (bsc#1012628). - selftests: pidfd: fix compilation errors due to wait.h (bsc#1012628). - ALSA: hda: Separate runtime and system suspend (bsc#1012628). - ALSA: hda: Reinstate runtime_allow() for all hda controllers (bsc#1012628). - x86/boot/compressed/64: Introduce sev_status (bsc#1012628). - gfs2: Free rd_bits later in gfs2_clear_rgrpd to fix use-after-free (bsc#1012628). - gfs2: Add missing truncate_inode_pages_final for sd_aspace (bsc#1012628). - gfs2: check for live vs. read-only file system in gfs2_fitrim (bsc#1012628). - scsi: hpsa: Fix memory leak in hpsa_init_one() (bsc#1012628). - drm/amdgpu: perform srbm soft reset always on SDMA resume (bsc#1012628). - drm/amd/pm: correct the baco reset sequence for CI ASICs (bsc#1012628). - drm/amd/pm: perform SMC reset on suspend/hibernation (bsc#1012628). - drm/amd/pm: do not use ixFEATURE_STATUS for checking smc running (bsc#1012628). - mac80211: fix use of skb payload instead of header (bsc#1012628). - cfg80211: initialize wdev data earlier (bsc#1012628). - cfg80211: regulatory: Fix inconsistent format argument (bsc#1012628). - wireguard: selftests: check that route_me_harder packets use the right sk (bsc#1012628). - tracing: Fix the checking of stackidx in __ftrace_trace_stack (bsc#1012628). - Revert "nvme-pci: remove last_sq_tail" (bsc#1012628). - ARC: [plat-hsdk] Remap CCMs super early in asm boot trampoline (bsc#1012628). - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1012628). - scsi: mpt3sas: Fix timeouts observed while reenabling IRQ (bsc#1012628). - nvme: introduce nvme_sync_io_queues (bsc#1012628). - nvme-rdma: avoid race between time out and tear down (bsc#1012628). - nvme-tcp: avoid race between time out and tear down (bsc#1012628). - nvme-rdma: avoid repeated request completion (bsc#1012628). - nvme-tcp: avoid repeated request completion (bsc#1012628). - iommu/amd: Increase interrupt remapping table limit to 512 entries (bsc#1012628). - s390/smp: move rcu_cpu_starting() earlier (bsc#1012628). - vfio: platform: fix reference leak in vfio_platform_open (bsc#1012628). - vfio/pci: Bypass IGD init in case of -ENODEV (bsc#1012628). - i2c: mediatek: move dma reset before i2c reset (bsc#1012628). - amd/amdgpu: Disable VCN DPG mode for Picasso (bsc#1012628). - iomap: clean up writeback state logic on writepage error (bsc#1012628). - selftests: proc: fix warning: _GNU_SOURCE redefined (bsc#1012628). - arm64: kexec_file: try more regions if loading segments fails (bsc#1012628). - riscv: Set text_offset correctly for M-Mode (bsc#1012628). - i2c: sh_mobile: implement atomic transfers (bsc#1012628). - i2c: designware: call i2c_dw_read_clear_intrbits_slave() once (bsc#1012628). - i2c: designware: slave should do WRITE_REQUESTED before WRITE_RECEIVED (bsc#1012628). - tpm_tis: Disable interrupts on ThinkPad T490s (bsc#1012628). - mfd: sprd: Add wakeup capability for PMIC IRQ (bsc#1012628). - pinctrl: intel: Fix 2 kOhm bias which is 833 Ohm (bsc#1012628). - pinctrl: intel: Set default bias in case no particular value given (bsc#1012628). - gpio: aspeed: fix ast2600 bank properties (bsc#1012628). - ARM: 9019/1: kprobes: Avoid fortify_panic() when copying optprobe template (bsc#1012628). - bpf: Don't rely on GCC __attribute__((optimize)) to disable GCSE (bsc#1012628). - libbpf, hashmap: Fix undefined behavior in hash_bits (bsc#1012628). - pinctrl: mcp23s08: Use full chunk of memory for regmap configuration (bsc#1012628). - pinctrl: aspeed: Fix GPI only function problem (bsc#1012628). - net/mlx5e: Fix modify header actions memory leak (bsc#1012628). - net/mlx5e: Protect encap route dev from concurrent release (bsc#1012628). - net/mlx5e: Use spin_lock_bh for async_icosq_lock (bsc#1012628). - net/mlx5: Fix deletion of duplicate rules (bsc#1012628). - net/mlx5: E-switch, Avoid extack error log for disabled vport (bsc#1012628). - net/mlx5e: Fix VXLAN synchronization after function reload (bsc#1012628). - net/mlx5e: Fix incorrect access of RCU-protected xdp_prog (bsc#1012628). - SUNRPC: Fix general protection fault in trace_rpc_xdr_overflow() (bsc#1012628). - NFSD: Fix use-after-free warning when doing inter-server copy (bsc#1012628). - NFSD: fix missing refcount in nfsd4_copy by nfsd4_do_async_copy (bsc#1012628). - tools/bpftool: Fix attaching flow dissector (bsc#1012628). - bpf: Zero-fill re-used per-cpu map element (bsc#1012628). - r8169: fix potential skb double free in an error path (bsc#1012628). - r8169: disable hw csum for short packets on all chip versions (bsc#1012628). - pinctrl: qcom: Move clearing pending IRQ to .irq_request_resources callback (bsc#1012628). - pinctrl: qcom: sm8250: Specify PDC map (bsc#1012628). - nbd: fix a block_device refcount leak in nbd_release (bsc#1012628). - selftest: fix flower terse dump tests (bsc#1012628). - i40e: Fix MAC address setting for a VF via Host/VM (bsc#1012628). - igc: Fix returning wrong statistics (bsc#1012628). - lan743x: correctly handle chips with internal PHY (bsc#1012628). - net: phy: realtek: support paged operations on RTL8201CP (bsc#1012628). - xfs: fix flags argument to rmap lookup when converting shared file rmaps (bsc#1012628). - xfs: set the unwritten bit in rmap lookup flags in xchk_bmap_get_rmapextents (bsc#1012628). - xfs: fix rmap key and record comparison functions (bsc#1012628). - xfs: fix brainos in the refcount scrubber's rmap fragment processor (bsc#1012628). - lan743x: fix "BUG: invalid wait context" when setting rx mode (bsc#1012628). - xfs: fix a missing unlock on error in xfs_fs_map_blocks (bsc#1012628). - of/address: Fix of_node memory leak in of_dma_is_coherent (bsc#1012628). - ch_ktls: Update cheksum information (bsc#1012628). - ch_ktls: tcb update fails sometimes (bsc#1012628). - cosa: Add missing kfree in error path of cosa_write (bsc#1012628). - hwmon: (applesmc) Re-work SMC comms (bsc#1012628). - NFS: Fix listxattr receive buffer size (bsc#1012628). - vrf: Fix fast path output packet handling with async Netfilter rules (bsc#1012628). - lan743x: fix use of uninitialized variable (bsc#1012628). - arm64/mm: Validate hotplug range before creating linear mapping (bsc#1012628). - kernel/watchdog: fix watchdog_allowed_mask not used warning (bsc#1012628). - mm: memcontrol: fix missing wakeup polling thread (bsc#1012628). - afs: Fix afs_write_end() when called with copied == 0 [ver #3] (bsc#1012628). - perf: Fix get_recursion_context() (bsc#1012628). - nvme: factor out a nvme_configure_metadata helper (bsc#1012628). - nvme: freeze the queue over ->lba_shift updates (bsc#1012628). - nvme: fix incorrect behavior when BLKROSET is called by the user (bsc#1012628). - perf: Simplify group_sched_in() (bsc#1012628). - perf: Fix event multiplexing for exclusive groups (bsc#1012628). - firmware: xilinx: fix out-of-bounds access (bsc#1012628). - erofs: fix setting up pcluster for temporary pages (bsc#1012628). - erofs: derive atime instead of leaving it empty (bsc#1012628). - ext4: correctly report "not supported" for {usr,grp}jquota when !CONFIG_QUOTA (bsc#1012628). - ext4: unlock xattr_sem properly in ext4_inline_data_truncate() (bsc#1012628). - btrfs: fix potential overflow in cluster_pages_for_defrag on 32bit arch (bsc#1012628). - btrfs: ref-verify: fix memory leak in btrfs_ref_tree_mod (bsc#1012628). - btrfs: fix min reserved size calculation in merge_reloc_root (bsc#1012628). - btrfs: dev-replace: fail mount if we don't have replace item with target device (bsc#1012628). - KVM: arm64: Don't hide ID registers from userspace (bsc#1012628). - speakup: Fix var_id_t values and thus keymap (bsc#1012628). - speakup ttyio: Do not schedule() in ttyio_in_nowait (bsc#1012628). - speakup: Fix clearing selection in safe context (bsc#1012628). - thunderbolt: Fix memory leak if ida_simple_get() fails in enumerate_services() (bsc#1012628). - thunderbolt: Add the missed ida_simple_remove() in ring_request_msix() (bsc#1012628). - uio: Fix use-after-free in uio_unregister_device() (bsc#1012628). - Revert "usb: musb: convert to devm_platform_ioremap_resource_byname" (bsc#1012628). - usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (bsc#1012628). - usb: typec: ucsi: Report power supply changes (bsc#1012628). - xhci: hisilicon: fix refercence leak in xhci_histb_probe (bsc#1012628). - virtio: virtio_console: fix DMA memory allocation for rproc serial (bsc#1012628). - mei: protect mei_cl_mtu from null dereference (bsc#1012628). - futex: Don't enable IRQs unconditionally in put_pi_state() (bsc#1012628). - jbd2: fix up sparse warnings in checkpoint code (bsc#1012628). - bootconfig: Extend the magic check range to the preceding 3 bytes (bsc#1012628). - mm/compaction: count pages and stop correctly during page isolation (bsc#1012628). - mm/compaction: stop isolation if too many pages are isolated and we have pages to migrate (bsc#1012628). - mm/slub: fix panic in slab_alloc_node() (bsc#1012628). - mm/vmscan: fix NR_ISOLATED_FILE corruption on 64-bit (bsc#1012628). - mm/gup: use unpin_user_pages() in __gup_longterm_locked() (bsc#1012628). - Revert "kernel/reboot.c: convert simple_strtoul to kstrtoint" (bsc#1012628). - reboot: fix overflow parsing reboot cpu number (bsc#1012628). - hugetlbfs: fix anon huge page migration race (bsc#1012628). - ocfs2: initialize ip_next_orphan (bsc#1012628). - hwmon: (amd_energy) modify the visibility of the counters (bsc#1012628). - selinux: Fix error return code in sel_ib_pkey_sid_slow() (bsc#1012628). - io_uring: round-up cq size before comparing with rounded sq size (bsc#1012628). - gpio: sifive: Fix SiFive gpio probe (bsc#1012628). - gpio: pcie-idio-24: Fix irq mask when masking (bsc#1012628). - gpio: pcie-idio-24: Fix IRQ Enable Register value (bsc#1012628). - gpio: pcie-idio-24: Enable PEX8311 interrupts (bsc#1012628). - mmc: sdhci-of-esdhc: Handle pulse width detection erratum for more SoCs (bsc#1012628). - mmc: renesas_sdhi_core: Add missing tmio_mmc_host_free() at remove (bsc#1012628). - don't dump the threads that had been already exiting when zapped (bsc#1012628). - drm/amd/display: Add missing pflip irq (bsc#1012628). - drm/i915: Correctly set SFC capability for video engines (bsc#1012628). - drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[] (bsc#1012628). - NFSv4.2: fix failure to unregister shrinker (bsc#1012628). - pinctrl: amd: use higher precision for 512 RtcClk (bsc#1012628). - pinctrl: amd: fix incorrect way to disable debounce filter (bsc#1012628). - swiotlb: fix "x86: Don't panic if can not alloc buffer for swiotlb" (bsc#1012628). - cpufreq: Introduce governor flags (bsc#1012628). - cpufreq: Introduce CPUFREQ_GOV_STRICT_TARGET (bsc#1012628). - cpufreq: Add strict_target to struct cpufreq_policy (bsc#1012628). - cpufreq: intel_pstate: Take CPUFREQ_GOV_STRICT_TARGET into account (bsc#1012628). - ethtool: netlink: add missing netdev_features_change() call (bsc#1012628). - IPv6: Set SIT tunnel hard_header_len to zero (bsc#1012628). - net/af_iucv: fix null pointer dereference on shutdown (bsc#1012628). - net: udp: fix IP header access and skb lookup on Fast/frag0 UDP GRO (bsc#1012628). - net: udp: fix UDP header access on Fast/frag0 UDP GRO (bsc#1012628). - net: Update window_clamp if SOCK_RCVBUF is set (bsc#1012628). - net/x25: Fix null-ptr-deref in x25_connect (bsc#1012628). - tipc: fix memory leak in tipc_topsrv_start() (bsc#1012628). - devlink: Avoid overwriting port attributes of registered port (bsc#1012628). - mptcp: provide rmem[0] limit (bsc#1012628). - tunnels: Fix off-by-one in lower MTU bounds for ICMP/ICMPv6 replies (bsc#1012628). - powerpc/603: Always fault when _PAGE_ACCESSED is not set (bsc#1012628). - null_blk: Fix scheduling in atomic with zoned mode (bsc#1012628). - perf scripting python: Avoid declaring function pointers with a visibility attribute (bsc#1012628). - coresight: etm: perf: Sink selection using sysfs is deprecated (bsc#1012628). - coresight: Fix uninitialised pointer bug in etm_setup_aux() (bsc#1012628). - Convert trailing spaces and periods in path components (bsc#1012628). - commit 21e5163 - PCI: Always enable ACS even if no ACS Capability (bsc#1178211). - commit a40af1e - loop: Fix occasional uevent drop (bsc#1177900). - block: add a return value to set_capacity_revalidate_and_notify (bsc#1177900). - commit 98395e1 - btrfs: qgroup: don't commit transaction when we already hold the handle (bsc#1178634). Update upstream status and take the upstream version. - commit 60a737e ==== keyutils ==== Subpackages: libkeyutils1 - prepare usrmerge (boo#1029961) ==== kubernetes1.18 ==== - Adding a conflict on kubernetes client common to ensure there are no leftovers after migration from SP1 to SP2 on SLE15. ==== kured ==== Version update (1.5.0 -> 1.5.1) - Update to version 1.5.1: * rename annotation-ttl to lock-ttl in all places, follow-up to #213 * Drain: allow pods grace period to terminate * Prepare 1.5.1 release * Add lint job * Make lint happier in pkg folder * Make lint happier * Remove prom-active-alerts * update docs following #210 * run 'go mod tidy' * Replaced --annotationTTL with --lockTTL and made it work correctly * Refactor drain/uncordon * Remove kubectl exception in container scanning * Bump prometheus * Use kubectl as library instead of calling from cli * fix: Follow DKL-DI-0004 guideline * feat: Add security scanning into CI * add missing quote - thanks Karan Arora for reporting * Bump helm chart version * Remove quote for parameter alert-filter-regexp * Release helper ==== libfido2 ==== Subpackages: libfido2-1 libfido2-udev - Add Conflicts: to supersede version 1.0.0. This is needed for a clean upgrade path on SLE. ==== libksba ==== Version update (1.4.0 -> 1.5.0) - libksba 1.5.0: * ksba_cms_identify now identifies OpenPGP keyblock content * Supports TR-03111 plain format ECDSA signature verification * Fixes a CMS signed data parser bug exhibited by a somewhat strange CMS message - remove deprecated texinfo macros and update signing keyring ==== libselinux ==== Subpackages: libselinux1 selinux-tools - install to /usr (boo#1029961) ==== libsepol ==== - install to /usr (boo#1029961) ==== libtirpc ==== Subpackages: libtirpc-netconfig libtirpc3 - install libraries to %{_libdir} (boo#1029961) ==== libxml2 ==== Subpackages: libxml2-2 libxml2-tools - Avoid quadratic checking of identity-constraints: [bsc#1178823] * key/unique/keyref schema attributes currently use qudratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. - Add libxml2-Avoid-quadratic-checking-of-identity-constraints.patch ==== lz4 ==== Version update (1.9.2 -> 1.9.3) - Update to release 1.9.3 * api: LZ4_decompress_safe_partial() now supports unknown compressed size * api: improved LZ4F_compressBound() with automatic flushing * cli: multiple files are compressed now using the legacy format ==== mozilla-nss ==== Version update (3.57 -> 3.58) - update to NSS 3.58 Bugs fixed: * bmo#1641480 (CVE-2020-25648) Tighten CCS handling for middlebox compatibility mode. * bmo#1631890 - Add support for Hybrid Public Key Encryption (draft-irtf-cfrg-hpke) support for TLS Encrypted Client Hello (draft-ietf-tls-esni). * bmo#1657255 - Add CI tests that disable SHA1/SHA2 ARM crypto extensions. * bmo#1668328 - Handle spaces in the Python path name when using gyp on Windows. * bmo#1667153 - Add PK11_ImportDataKey for data object import. * bmo#1665715 - Pass the embedded SCT list extension (if present) to TrustDomain::CheckRevocation instead of the notBefore value. ==== nvme-cli ==== - Drop '-f' option with %service_del_postun This option shouldn't be needed besides very few special cases. But this package doesn't seem to belong to this category. ==== openssh ==== Subpackages: openssh-clients openssh-common openssh-server - Fix build breakage caused by missing security key objects: + Modify openssh-7.7p1-cavstest-ctr.patch. + Modify openssh-7.7p1-cavstest-kdf.patch. + Add openssh-link-with-sk.patch. - Add openssh-fips-ensure-approved-moduli.patch (bsc#1177939). This ensures only approved DH parameters are used in FIPS mode. - Add openssh-8.1p1-ed25519-use-openssl-rng.patch (bsc#1173799). This uses OpenSSL's RAND_bytes() directly instead of the internal ChaCha20-based implementation to obtain random bytes for Ed25519 curve computations. This is required for FIPS compliance. ==== pam ==== Version update (1.4.0 -> 1.5.0) - Update to 1.5.0 - obsoletes pam-bsc1178727-initialize-daysleft.patch - Multiple minor bug fixes, portability fixes, and documentation improvements. - Extended libpam API with pam_modutil_check_user_in_passwd function. - pam_faillock: changed /run/faillock/$USER permissions from 0600 to 0660. - pam_motd: read motd files with target user credentials skipping unreadable ones. - pam_pwhistory: added a SELinux helper executable. - pam_unix, pam_usertype: implemented avoidance of certain timing attacks. - pam_wheel: implemented PAM_RUSER fallback for the case when getlogin fails. - pam_env: Reading of the user environment is deprecated and will be removed at some point in the future. - libpam: pam_modutil_drop_priv() now correctly sets the target user's supplementary groups, allowing pam_motd to filter messages accordingly - Refresh pam-xauth_ownership.patch - pam_tally2-removal.patch: Re-add pam_tally2 for deprecated sub-package - pam_cracklib-removal.patch: Re-add pam_cracklib for deprecated sub-package - pam_cracklib: added code to check whether the password contains a substring of of the user's name of at least <N> characters length in some form. This is enabled by the new parameter "usersubstr=<N>" See https://github.com/libpwquality/libpwquality/commit/bfef79dbe6aa525e9557bf4… [jsc#SLE-16719, jsc#SLE-16720, pam-pam_cracklib-add-usersubstr.patch] - pam_xauth.c: do not free() a string which has been (successfully) passed to putenv(). [bsc#1177858, pam-bsc1177858-dont-free-environment-string.patch] - Initialize pam_unix pam_sm_acct_mgmt() local variable "daysleft" to avoid spurious (and misleading) Warning: your password will expire in ... days. fixed upstream with commit db6b293046a [bsc#1178727, pam-bsc1178727-initialize-daysleft.patch] - Enable pam_faillock [bnc#1171562] - /usr/bin/xauth chokes on the old user's $HOME being on an NFS file system. Run /usr/bin/xauth using the old user's uid/gid Patch courtesy of Dr. Werner Fink. [bsc#1174593, pam-xauth_ownership.patch] - pam-login_defs-check.sh: Fix the regexp to get a real variable list (boo#1164274). - Revert the previous change [SR#815713]. The group is not necessary for PAM functionality but used only during testing. The test system should therefore create this group. [bsc#1171016, pam.spec] - Add requirement for group "wheel" to spec file. [bsc#1171016, pam.spec] ==== patterns-microos ==== Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-selinux patterns-microos-sssd_ldap - Add udisks2 and upower to the Plasma desktop pattern - GNOME: encrypt/decript files from Nautilus * we need both the extension and the package providing /usr/bin/seahorse-daemon * Seahorse, the app, is _not_ installed as it's available on flathub - GNOME pattern package changes: * drop file roller RPM as there is org.gnome.FileRoller * add some packages that I've (as well as most users that have tried MicroOS desktop recently) found useful during initial setup * while there, update a comment about using Requires vs. Recommends ==== perl ==== - Correct perl license According to https://dev.perl.org/licenses/ perl is licensed under the artistic license or the GPL 1.0 or later ==== python-attrs ==== Version update (20.2.0 -> 20.3.0) - update to 20.3.0: - ``attr.define()``, ``attr.frozen()``, ``attr.mutable()``, and ``attr.field()`` remain **provisional**. ==== python-certifi ==== Version update (2020.6.20 -> 2020.11.8) - update to 2020.11.8: * Python 3.8+ support - Add two-basic-unit-tests.patch which includes two at least simple test patches (gh#certifi/python-certifi#137). ==== python38 ==== - The Python stdlib >= does not provide importlib_metadata or importlib_resources but importlib.metadata and importlib.resources. If a package specifically asks for importlib_*, they actually require the dedicated package with extended API. ==== python38-core ==== Subpackages: libpython3_8-1_0 python38-base - The Python stdlib >= does not provide importlib_metadata or importlib_resources but importlib.metadata and importlib.resources. If a package specifically asks for importlib_*, they actually require the dedicated package with extended API. ==== raspberrypi-firmware-dt ==== - Introduce upstream-overlay-rpi-poe.patch to adapt the overlay to our driver (jsc#SLE-16543) ==== salt ==== Subpackages: python3-salt salt-master salt-minion salt-standalone-formulas-configuration - Fix syntax error on pkgrepo state with Python 2.7 - transactional_update: unify with chroot.call - Added: * pkgrepo-support-python-2.7-function-call-295.patch * transactional_update-unify-with-chroot.call.patch - Add "migrated" state and GPG key management functions - Added: * add-migrated-state-and-gpg-key-management-functions-.patch - Master can read grains - Added: * grains-master-can-read-grains.patch - Fix for broken psutil (bsc#1102248) - Added: * fix-for-bsc-1102248-psutil-is-broken-and-so-process-.patch ==== sudo ==== Version update (1.9.2 -> 1.9.3p1) - Update to 1.9.3p1 * Fixed a regression introduced in sudo 1.9.3 where the configure script would not detect the crypt(3) function if it was present in the C library, not an additional library. * Fixed a regression introduced in sudo 1.8.23 with shadow passwd file authentication on OpenBSD. BSD authentication was not affected. * Sudo now logs when a user-specified command-line option is rejected by a sudoers rule. Previously, these conditions were written to the audit log, but the default sudo log file. Affected command line arguments include -C (--close-from), -D (--chdir), - R (--chroot), -g (--group) and -u (--user). - News in 1.9.3 * Fixed building the Python plugin on systems with a compiler that doesn't support symbol hiding. * Sudo now uses a linker script to hide symbols even when the compiler has native symbol hiding support. This should make it easier to detect omissions in the symbol exports file, regardless of the platform. * Fixed the libssl dependency in Debian packages for older releases that use libssl1.0.0. * Sudo and visudo now provide more detailed messages when a syntax error is detected in sudoers. The offending line and token are now displayed. If the parser was generated by GNU bison, additional information about what token was expected is also displayed. Bug #841. * Sudoers rules must now end in either a newline or the end-of-file. Previously, it was possible to have multiple rules on a single line, separated by white space. The use of an end-of-line terminator makes it possible to display accurate error messages. * Sudo no longer refuses to run if a syntax error in the sudoers file is encountered. The entry with the syntax error will be discarded and sudo will continue to parse the file. This makes recovery from a syntax error less painful on systems where sudo is the primary method of superuser access. The historic behavior can be restored by add "error_recovery=false" to the sudoers plugin's optional arguments in sudo.conf. Bug #618. * Fixed the sample_approval plugin's symbol exports file for systems where the compiler doesn't support symbol hiding. * Fixed a regression introduced in sudo 1.9.1 where arguments to the "sudoers_policy" plugin in sudo.conf were not being applied. The sudoers file is now parsed by the "sudoers_audit" plugin, which is loaded implicitly when "sudoers_policy" is listed in sudo.conf. Starting with sudo 1.9.3, if there are plugin arguments for "sudoers_policy" but "sudoers_audit" is not listed, those arguments will be applied to "sudoers_audit" instead. * The user's resource limits are now passed to sudo plugins in the user_info[] list. A plugin cannot determine the limits itself because sudo changes the limits while it runs to prevent resource starvation. * It is now possible to set the working directory or change the root directory on a per-command basis using the CWD and CHROOT options. There are also new Defaults settings, runchroot and runcwd, that can be used to set the working directory or root directory on a more global basis. * New -D (--chdir) and -R (--chroot) command line options can be used to set the working directory or root directory if the sudoers file allows it. This functionality is not enabled by default and must be explicitly enabled in the sudoers file. - add sudo-1.9.3p1-pam_xauth.patch to stay setuid until just before executing the command. Fixes a problem with pam_xauth which checks effective and real uids to get the real identity of the user [bsc#1174593] ==== system-users ==== Subpackages: system-group-hardware system-user-nobody - Add qemu user to kvm group - Add system account and groups for kvm, qemu, and libvirt (jsc#SLE-11629) New files: system-group-kvm.conf, system-group-libvirt.conf, system-user-qemu.conf ==== systemd-default-settings ==== Version update (0.4 -> 0.5) Subpackages: systemd-default-settings-branding-SLE systemd-default-settings-branding-openSUSE - Issue a daemon-reload in %post of the main package - Import 0.5 0c5e241 SLE: turn off RemoveIPC by default for logind (fate#320125) cb6914f SLE: restore ProtectHostname=no for udevd (bsc#1178374) 7e332a6 Add a header in all each drop-ins 465e1c7 Makefile: simplify 'archive' target ==== tar ==== - prepare usrmerge (boo#1029961) ==== toolbox ==== Version update (1.0+git20200831.d2d2e5d -> 1.0+git20201126.3d26283) - Update to version 1.0+git20201126.3d26283: * Make it easier to use custom images (#10) * Update toolbox doc (#9) ==== u-boot-rpiarm64 ==== Subpackages: u-boot-rpiarm64-doc - Added u-boot tools binaries to tools package - Add pinebook-pro-rk3399 support ==== vim ==== Version update (8.2.1975 -> 8.2.2039) Subpackages: vim-data-common vim-small - Updated to version 8.2.2039, fixes the following problems * Cannot backspace in prompt buffer after using cursor-left. (Maxim Kim) * Vim9: error for using a string in a condition is confusing. * Making a mapping work in all modes is complicated. * "term_opencmd" option of term_start() is truncated. (Sergey Vlasov) * Vim9: some tests are not done at the script level. * MinGW: parallel compilation might fail. * Quickfix window not updated when adding invalid entries. * ml_get error when using <Cmd> to open a terminal. * Cannot use :vimgrep in omni completion, causing C completion to fail. * Crash when closing terminal popup with <Cmd> mapping. * Expression test is flaky on Appveyor. * Still in Insert mode when opening terminal popup with a <Cmd> mapping in Insert mode. * Info popup triggers WinEnter and WinLeave autocommands. * Cursor position wrong in terminal popup with finished job. * Coverity warns for not using the ga_grow() return value. * Build fails with small features. * Occasional failure of the netbeans test. * The popup menu can cause too much redrawing. * Vim9: invalid error for argument of extend(). * Window changes when using bufload() while in a terminal popup. * Terminal Cmd test sometimes fails to close popup. * Terminal popup test sometimes fails. * Vim9: dict.key assignment not implemented yet. * Vim9: :def function does not apply 'maxfuncdepth'. * Vim9: lambda argument shadowed by function name. * Build error with +conceal but without +popupwin. * Compiler warning for uninitialized variable. * Redoing a mapping with <Cmd> doesn't work properly. * .pbtxt files are not recognized. * Test for insert mode in popup is not reliable. * Vim9: compiling fails for unreachable return statement. * "syn sync" reports a very large number. * Vim9: confusing error message when using bool wrongly. * Vim9: not skipping white space after unary minus. * Using CTRL-O in a prompt buffer moves cursor to start of the line. * Vim9: literal dict #{} is not like any other language. * Swap file test is a little flaky. * Missing part of the dict change. * Vim9: script variable not found from lambda. * Swap file test fails on MS-Windows. * Some compilers do not like the "namespace" argument. * Vim9: get E1099 when autocommand resets did_emsg. * Vim9: star command recognized errornously. * Vim: memory leak when :execute fails. * Flicker when redrawing a popup with a title and border. * Amiga: Not all colors are used on OS4. * Coverity warns for possibly using not NUL terminated string. * Coverity warns for uninitialized field. * Coverity warns for using an uninitialized variable. * Coverity warns for not checking return value. * Some tests fail on Mac. * Some tests fail when run under valgrind. * Cabalconfig and cabalproject filetypes not recognized. * Vim9: :def without argument gives compilation error. * Vim9: list unpack in for statement not compiled yet. * Current buffer is messed up if creating a new buffer for the quickfix window fails. * Compiler test depends on list of compiler plugins. * Viminfo is not written when creating a new file. ==== yast2 ==== Version update (4.3.41 -> 4.3.44) - prepare usrmerge: install legacy symlinks via spec file only (boo#1029961) - CWM ComboBox: an editable ComboBox will not alter the list of items when the current value is not part of the list as it uses the original list which could be already modified (bsc#1177137) - 4.3.43 - CWM ComboBox: reverted the addition of the current_items method (bsc#1177137) - 4.3.42 ==== zlib ==== - Fix hw compression on z15 bsc#1176201 - Add zlib-s390x-z15-fix-hw-compression.patch

1 0