New Kubic snapshot 20211016 released!
by Richard Brown
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=1&version=T…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
kernel-source (5.14.9 -> 5.14.11)
libwebp (1.2.0 -> 1.2.1)
ndctl
nvme-cli
salt
=== Details ===
==== kernel-source ====
Version update (5.14.9 -> 5.14.11)
- Linux 5.14.11 (bsc#1012628).
- Revert "ARM: imx6q: drop of_platform_default_populate() from
init_machine" (bsc#1012628).
- Revert "brcmfmac: use ISO3166 country code and 0 rev as
fallback" (bsc#1012628).
- libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870
SSD (bsc#1012628).
- perf/x86: Reset destroy callback on event init failure
(bsc#1012628).
- KVM: x86: nSVM: restore int_vector in svm_clear_vintr
(bsc#1012628).
- kvm: x86: Add AMD PMU MSRs to msrs_to_save_all[] (bsc#1012628).
- KVM: x86: reset pdptrs_from_userspace when exiting smm
(bsc#1012628).
- KVM: do not shrink halt_poll_ns below grow_start (bsc#1012628).
- selftests: KVM: Align SMCCC call with the spec in steal_time
(bsc#1012628).
- kasan: always respect CONFIG_KASAN_STACK (bsc#1012628).
- tools/vm/page-types: remove dependency on opt_file for idle
page tracking (bsc#1012628).
- block: don't call rq_qos_ops->done_bio if the bio isn't tracked
(bsc#1012628).
- io_uring: allow conditional reschedule for intensive iterators
(bsc#1012628).
- x86/insn, tools/x86: Fix undefined behavior due to potential
unaligned accesses (bsc#1012628).
- smb3: correct smb3 ACL security descriptor (bsc#1012628).
- irqchip/gic: Work around broken Renesas integration
(bsc#1012628).
- scsi: ses: Retry failed Send/Receive Diagnostic commands
(bsc#1012628).
- thermal/drivers/tsens: Fix wrong check for tzd in irq handlers
(bsc#1012628).
- nvme-fc: avoid race between time out and tear down
(bsc#1012628).
- nvme-fc: update hardware queues before using them (bsc#1012628).
- swiotlb-xen: ensure to issue well-formed XENMEM_exchange
requests (bsc#1012628).
- Xen/gntdev: don't ignore kernel unmapping error (bsc#1012628).
- selftests: kvm: fix get_run_delay() ignoring fscanf() return
warn (bsc#1012628).
- selftests: kvm: move get_run_delay() into lib/test_util
(bsc#1012628).
- selftests:kvm: fix get_trans_hugepagesz() ignoring fscanf()
return warn (bsc#1012628).
- selftests:kvm: fix get_warnings_count() ignoring fscanf()
return warn (bsc#1012628).
- selftests: be sure to make khdr before other targets
(bsc#1012628).
- habanalabs/gaudi: fix LBW RR configuration (bsc#1012628).
- habanalabs: fail collective wait when not supported
(bsc#1012628).
- habanalabs/gaudi: use direct MSI in single mode (bsc#1012628).
- usb: dwc2: check return value after calling
platform_get_resource() (bsc#1012628).
- usb: testusb: Fix for showing the connection speed
(bsc#1012628).
- scsi: elx: efct: Do not hold lock while calling
fc_vport_terminate() (bsc#1012628).
- scsi: sd: Free scsi_disk device via put_device() (bsc#1012628).
- drm/amdkfd: fix svm_migrate_fini warning (bsc#1012628).
- drm/amdkfd: handle svm migrate init error (bsc#1012628).
- ext2: fix sleeping in atomic bugs on error (bsc#1012628).
- platform/x86: gigabyte-wmi: add support for B550I Aorus Pro AX
(bsc#1012628).
- sparc64: fix pci_iounmap() when CONFIG_PCI is not set
(bsc#1012628).
- xen-netback: correct success/error reporting for the
SKB-with-fraglist case (bsc#1012628).
- net: mdio: introduce a shutdown method to mdio device drivers
(bsc#1012628).
- btrfs: fix mount failure due to past and transient device
flush error (bsc#1012628).
- btrfs: replace BUG_ON() in btrfs_csum_one_bio() with proper
error handling (bsc#1012628).
- nfsd: back channel stuck in SEQ4_STATUS_CB_PATH_DOWN
(bsc#1012628).
- platform/x86: touchscreen_dmi: Update info for the Chuwi Hi10
Plus (CWI527) tablet (bsc#1012628).
- platform/x86: touchscreen_dmi: Add info for the Chuwi HiBook
(CWI514) tablet (bsc#1012628).
- afs: Add missing vnode validation checks (bsc#1012628).
- spi: rockchip: handle zero length transfers without timing out
(bsc#1012628).
- commit 834dddd
- iwlwifi: Fix MODULE_FIRMWARE() for non-existing ucode version
(boo#1191417).
- commit 6597512
- Linux 5.14.10 (bsc#1012628).
- media: hantro: Fix check for single irq (bsc#1012628).
- media: cedrus: Fix SUNXI tile size calculation (bsc#1012628).
- media: s5p-jpeg: rename JPEG marker constants to prevent build
warnings (bsc#1012628).
- ASoC: fsl_sai: register platform component before registering
cpu dai (bsc#1012628).
- ASoC: fsl_esai: register platform component before registering
cpu dai (bsc#1012628).
- ASoC: fsl_micfil: register platform component before registering
cpu dai (bsc#1012628).
- ASoC: fsl_spdif: register platform component before registering
cpu dai (bsc#1012628).
- ASoC: fsl_xcvr: register platform component before registering
cpu dai (bsc#1012628).
- ASoC: mediatek: common: handle NULL case in suspend/resume
function (bsc#1012628).
- scsi: elx: efct: Fix void-pointer-to-enum-cast warning for
efc_nport_topology (bsc#1012628).
- ASoC: SOF: Fix DSP oops stack dump output contents
(bsc#1012628).
- ASoC: SOF: imx: imx8: Bar index is only valid for IRAM and
SRAM types (bsc#1012628).
- ASoC: SOF: imx: imx8m: Bar index is only valid for IRAM and
SRAM types (bsc#1012628).
- pinctrl: qcom: spmi-gpio: correct parent irqspec translation
(bsc#1012628).
- net/mlx4_en: Resolve bad operstate value (bsc#1012628).
- s390/qeth: Fix deadlock in remove_discipline (bsc#1012628).
- s390/qeth: fix deadlock during failing recovery (bsc#1012628).
- m68k: Update ->thread.esp0 before calling syscall_trace()
in ret_from_signal (bsc#1012628).
- NIOS2: fix kconfig unmet dependency warning for
SERIAL_CORE_CONSOLE (bsc#1012628).
- kasan: fix Kconfig check of CC_HAS_WORKING_NOSANITIZE_ADDRESS
(bsc#1012628).
- HID: amd_sfh: Fix potential NULL pointer dereference
(bsc#1012628).
- perf test: Fix DWARF unwind for optimized builds (bsc#1012628).
- perf iostat: Use system-wide mode if the target cpu_list is
unspecified (bsc#1012628).
- perf iostat: Fix Segmentation fault from NULL 'struct
perf_counts_values *' (bsc#1012628).
- watchdog/sb_watchdog: fix compilation problem due to
COMPILE_TEST (bsc#1012628).
- tty: Fix out-of-bound vmalloc access in imageblit (bsc#1012628).
- cpufreq: schedutil: Use kobject release() method to free
sugov_tunables (bsc#1012628).
- scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS
(bsc#1012628).
- drm/amdgpu: adjust fence driver enable sequence (bsc#1012628).
- drm/amdgpu: avoid over-handle of fence driver fini in s3 test
(v2) (bsc#1012628).
- drm/amdgpu: stop scheduler when calling hw_fini (v2)
(bsc#1012628).
- cpufreq: schedutil: Destroy mutex before kobject_put() frees
the memory (bsc#1012628).
- scsi: ufs: ufs-pci: Fix Intel LKF link stability (bsc#1012628).
- ALSA: rawmidi: introduce SNDRV_RAWMIDI_IOCTL_USER_PVERSION
(bsc#1012628).
- ALSA: firewire-motu: fix truncated bytes in message tracepoints
(bsc#1012628).
- ALSA: hda/realtek: Quirks to enable speaker output for Lenovo
Legion 7i 15IMHG05, Yoga 7i 14ITL5/15ITL5, and 13s Gen2 laptops
(bsc#1012628).
- ACPI: NFIT: Use fallback node id when numa info in NFIT table
is incorrect (bsc#1012628).
- fs-verity: fix signed integer overflow with i_size near S64_MAX
(bsc#1012628).
- hwmon: (tmp421) handle I2C errors (bsc#1012628).
- hwmon: (w83793) Fix NULL pointer dereference by removing
unnecessary structure field (bsc#1012628).
- hwmon: (w83792d) Fix NULL pointer dereference by removing
unnecessary structure field (bsc#1012628).
- hwmon: (w83791d) Fix NULL pointer dereference by removing
unnecessary structure field (bsc#1012628).
- gpio: pca953x: do not ignore i2c errors (bsc#1012628).
- scsi: ufs: Fix illegal offset in UPIU event trace (bsc#1012628).
- mac80211: fix use-after-free in CCMP/GCMP RX (bsc#1012628).
- platform/x86/intel: hid: Add DMI switches allow list
(bsc#1012628).
- x86/kvmclock: Move this_cpu_pvti into kvmclock.h (bsc#1012628).
- ptp: Fix ptp_kvm_getcrosststamp issue for x86 ptp_kvm
(bsc#1012628).
- KVM: x86: Fix stack-out-of-bounds memory access from
ioapic_write_indirect() (bsc#1012628).
- KVM: x86: nSVM: don't copy virt_ext from vmcb12 (bsc#1012628).
- KVM: x86: Clear KVM's cached guest CR3 at RESET/INIT
(bsc#1012628).
- KVM: x86: Swap order of CPUID entry "index" vs. "significant
flag" checks (bsc#1012628).
- KVM: nVMX: Filter out all unsupported controls when eVMCS was
activated (bsc#1012628).
- KVM: SEV: Update svm_vm_copy_asid_from for SEV-ES (bsc#1012628).
- KVM: SEV: Pin guest memory for write for RECEIVE_UPDATE_DATA
(bsc#1012628).
- KVM: SEV: Acquire vcpu mutex when updating VMSA (bsc#1012628).
- KVM: SEV: Allow some commands for mirror VM (bsc#1012628).
- KVM: SVM: fix missing sev_decommission in sev_receive_start
(bsc#1012628).
- KVM: nVMX: Fix nested bus lock VM exit (bsc#1012628).
- KVM: VMX: Fix a TSX_CTRL_CPUID_CLEAR field mask issue
(bsc#1012628).
- mmc: renesas_sdhi: fix regression with hard reset on old SDHIs
(bsc#1012628).
- media: ir_toy: prevent device from hanging during transmit
(bsc#1012628).
- RDMA/cma: Do not change route.addr.src_addr.ss_family
(bsc#1012628).
- RDMA/cma: Ensure rdma_addr_cancel() happens before issuing
more requests (bsc#1012628).
- nbd: use shifts rather than multiplies (bsc#1012628).
- drm/amd/display: initialize backlight_ramping_override to false
(bsc#1012628).
- drm/amd/display: Pass PCI deviceid into DC (bsc#1012628).
- drm/amd/display: Fix Display Flicker on embedded panels
(bsc#1012628).
- drm/amdgpu: force exit gfxoff on sdma resume for rmb s0ix
(bsc#1012628).
- drm/amdgpu: check tiling flags when creating FB on GFX8-
(bsc#1012628).
- drm/amdgpu: correct initial cp_hqd_quantum for gfx9
(bsc#1012628).
- interconnect: qcom: sdm660: Fix id of slv_cnoc_mnoc_cfg
(bsc#1012628).
- interconnect: qcom: sdm660: Correct NOC_QOS_PRIORITY shift
and mask (bsc#1012628).
- drm/i915/gvt: fix the usage of ww lock in gvt scheduler
(bsc#1012628).
- ipvs: check that ip_vs_conn_tab_bits is between 8 and 20
(bsc#1012628).
- bpf: Handle return value of BPF_PROG_TYPE_STRUCT_OPS prog
(bsc#1012628).
- IB/cma: Do not send IGMP leaves for sendonly Multicast groups
(bsc#1012628).
- RDMA/cma: Fix listener leak in rdma_cma_listen_on_all() failure
(bsc#1012628).
- bpf, mips: Validate conditional branch offsets (bsc#1012628).
- hwmon: (mlxreg-fan) Return non-zero value when fan current
state is enforced from sysfs (bsc#1012628).
- RDMA/irdma: Skip CQP ring during a reset (bsc#1012628).
- RDMA/irdma: Validate number of CQ entries on create CQ
(bsc#1012628).
- RDMA/irdma: Report correct WC error when transport retry
counter is exceeded (bsc#1012628).
- RDMA/irdma: Report correct WC error when there are MW bind
errors (bsc#1012628).
- netfilter: nf_tables: unlink table before deleting it
(bsc#1012628).
- netfilter: log: work around missing softdep backend module
(bsc#1012628).
- Revert "mac80211: do not use low data rates for data frames
with no ack flag" (bsc#1012628).
- mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug
(bsc#1012628).
- mac80211: limit injected vht mcs/nss in
ieee80211_parse_tx_radiotap (bsc#1012628).
- mac80211: mesh: fix potentially unaligned access (bsc#1012628).
- mac80211-hwsim: fix late beacon hrtimer handling (bsc#1012628).
- driver core: fw_devlink: Add support for
FWNODE_FLAG_NEEDS_CHILD_BOUND_ON_ADD (bsc#1012628).
- net: mdiobus: Set FWNODE_FLAG_NEEDS_CHILD_BOUND_ON_ADD for
mdiobus parents (bsc#1012628).
- sctp: break out if skb_header_pointer returns NULL in
sctp_rcv_ootb (bsc#1012628).
- mptcp: don't return sockets in foreign netns (bsc#1012628).
- mptcp: allow changing the 'backup' bit when no sockets are open
(bsc#1012628).
- RDMA/hns: Work around broken constant propagation in gcc 8
(bsc#1012628).
- hwmon: (tmp421) report /PVLD condition as fault (bsc#1012628).
- hwmon: (tmp421) fix rounding for negative values (bsc#1012628).
- net: enetc: fix the incorrect clearing of IF_MODE bits
(bsc#1012628).
- net: ipv4: Fix rtnexthop len when RTA_FLOW is present
(bsc#1012628).
- smsc95xx: fix stalled rx after link change (bsc#1012628).
- drm/i915/request: fix early tracepoints (bsc#1012628).
- drm/i915: Remove warning from the rps worker (bsc#1012628).
- dsa: mv88e6xxx: 6161: Use chip wide MAX MTU (bsc#1012628).
- dsa: mv88e6xxx: Fix MTU definition (bsc#1012628).
- dsa: mv88e6xxx: Include tagger overhead when setting MTU for
DSA and CPU ports (bsc#1012628).
- e100: fix length calculation in e100_get_regs_len (bsc#1012628).
- e100: fix buffer overrun in e100_get_regs (bsc#1012628).
- RDMA/hfi1: Fix kernel pointer leak (bsc#1012628).
- RDMA/hns: Fix the size setting error when copying CQE in
clean_cq() (bsc#1012628).
- RDMA/hns: Add the check of the CQE size of the user space
(bsc#1012628).
- bpf: Exempt CAP_BPF from checks against bpf_jit_limit
(bsc#1012628).
- libbpf: Fix segfault in static linker for objects without BTF
(bsc#1012628).
- selftests, bpf: Fix makefile dependencies on libbpf
(bsc#1012628).
- selftests, bpf: test_lwt_ip_encap: Really disable rp_filter
(bsc#1012628).
- bpf, x86: Fix bpf mapping of atomic fetch implementation
(bsc#1012628).
- net: ks8851: fix link error (bsc#1012628).
- ionic: fix gathering of debug stats (bsc#1012628).
- Revert "block, bfq: honor already-setup queue merges"
(bsc#1012628).
- scsi: csiostor: Add module softdep on cxgb4 (bsc#1012628).
- ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup
(bsc#1012628).
- net: hns3: do not allow call hns3_nic_net_open repeatedly
(bsc#1012628).
- net: hns3: remove tc enable checking (bsc#1012628).
- net: hns3: don't rollback when destroy mqprio fail
(bsc#1012628).
- net: hns3: fix mixed flag HCLGE_FLAG_MQPRIO_ENABLE and
HCLGE_FLAG_DCB_ENABLE (bsc#1012628).
- net: hns3: fix show wrong state when add existing uc mac address
(bsc#1012628).
- net: hns3: reconstruct function hns3_self_test (bsc#1012628).
- net: hns3: fix always enable rx vlan filter problem after
selftest (bsc#1012628).
- net: hns3: disable firmware compatible features when uninstall
PF (bsc#1012628).
- net: phy: bcm7xxx: Fixed indirect MMD operations (bsc#1012628).
- net: sched: flower: protect fl_walk() with rcu (bsc#1012628).
- net: stmmac: fix EEE init issue when paired with EEE capable
PHYs (bsc#1012628).
- af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
(bsc#1012628).
- objtool: Teach get_alt_entry() about more relocation types
(bsc#1012628).
- perf/x86/intel: Update event constraints for ICX (bsc#1012628).
- sched/fair: Add ancestors of unthrottled undecayed cfs_rq
(bsc#1012628).
- sched/fair: Null terminate buffer when updating tunable_scaling
(bsc#1012628).
- hwmon: (occ) Fix P10 VRM temp sensors (bsc#1012628).
- hwmon: (pmbus/mp2975) Add missed POUT attribute for page 1
mp2975 controller (bsc#1012628).
- kvm: fix objtool relocation warning (bsc#1012628).
- nvme: add command id quirk for apple controllers (bsc#1012628).
- elf: don't use MAP_FIXED_NOREPLACE for elf interpreter mappings
(bsc#1012628).
- driver core: fw_devlink: Improve handling of cyclic dependencies
(bsc#1012628).
- debugfs: debugfs_create_file_size(): use IS_ERR to check for
error (bsc#1012628).
- ipack: ipoctal: fix stack information leak (bsc#1012628).
- ipack: ipoctal: fix tty registration race (bsc#1012628).
- ipack: ipoctal: fix tty-registration error handling
(bsc#1012628).
- ipack: ipoctal: fix missing allocation-failure check
(bsc#1012628).
- ipack: ipoctal: fix module reference leak (bsc#1012628).
- ext4: fix loff_t overflow in ext4_max_bitmap_size()
(bsc#1012628).
- ext4: limit the number of blocks in one ADD_RANGE TLV
(bsc#1012628).
- ext4: fix reserved space counter leakage (bsc#1012628).
- ext4: add error checking to ext4_ext_replay_set_iblocks()
(bsc#1012628).
- ext4: fix potential infinite loop in ext4_dx_readdir()
(bsc#1012628).
- ext4: flush s_error_work before journal destroy in
ext4_fill_super (bsc#1012628).
- HID: u2fzero: ignore incomplete packets without data
(bsc#1012628).
- net: udp: annotate data race around udp_sk(sk)->corkflag
(bsc#1012628).
- NIOS2: setup.c: drop unused variable 'dram_start' (bsc#1012628).
- usb: hso: remove the bailout parameter (bsc#1012628).
- HID: betop: fix slab-out-of-bounds Write in betop_probe
(bsc#1012628).
- netfilter: ipset: Fix oversized kvmalloc() calls (bsc#1012628).
- mm: don't allow oversized kvmalloc() calls (bsc#1012628).
- HID: usbhid: free raw_report buffers in usbhid_stop
(bsc#1012628).
- crypto: aesni - xts_crypt() return if walk.nbytes is 0
(bsc#1012628).
- KVM: x86: Handle SRCU initialization failure during page track
init (bsc#1012628).
- netfilter: conntrack: serialize hash resizes and cleanups
(bsc#1012628).
- netfilter: nf_tables: Fix oversized kvmalloc() calls
(bsc#1012628).
- drivers: net: mhi: fix error path in mhi_net_newlink
(bsc#1012628).
- objtool: print out the symbol type when complaining about it
(bsc#1012628).
- HID: amd_sfh: Fix potential NULL pointer dereference - take 2
(bsc#1012628).
- commit 7c980ba
- ALSA: hda: intel: Allow repeatedly probing on codec
configuration errors (bsc#1190801).
- commit 924f4be
- rpm: use _rpmmacrodir (boo#1191384)
- commit e350c14
==== libwebp ====
Version update (1.2.0 -> 1.2.1)
Subpackages: libwebp7 libwebpdemux2 libwebpmux3
- update to 1.2.1:
* minor lossless encoder improvements and x86 color conversion
speed up
* further security related hardening in libwebp & examples
* toolchain updates and bug fixes
* use more inclusive language within the source
==== ndctl ====
- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
* harden_ndctl-monitor.service.patch
==== nvme-cli ====
- Drop ProtectClock hardening, can cause issues if other device acceess is needed
- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
* harden_nvmf-connect@.service.patch
==== salt ====
Subpackages: python3-salt salt-master salt-minion salt-standalone-formulas-configuration salt-transactional-update
- Fix issues with salt-ssh's extra-filerefs
- Added:
* fix-issues-with-salt-ssh-s-extra-filerefs.patch
- Fix crash when calling manage.not_alive runners
- Added:
* fix-crash-when-calling-manage.not_alive-runners.patch
- Do not consider skipped targets as failed for ansible.playbooks state (bsc#1190446)
- Added:
* 3003.3-do-not-consider-skipped-targets-as-failed-for.patch
8 months, 2 weeks
- 1
- 0
New MicroOS snapshot 20211012 released!
by Richard Brown
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
atkmm1_6
ca-certificates (2+git20210723.27a0476 -> 2+git20211004.3efbea9)
flatpak (1.11.3 -> 1.12.1)
fwupd (1.5.8 -> 1.6.2)
gjs
glibmm2_4 (2.66.1 -> 2.66.2)
gnome-branding-MicroOS
gnome-shell
gnome-shell-extensions
libaom (3.1.2 -> 3.1.3)
librsvg (2.52.0 -> 2.52.1)
libzypp-plugin-appdata
open-vm-tools (11.3.0 -> 11.3.5)
pam-config (1.4 -> 1.5)
pangomm1_4
xdg-desktop-portal (1.10.0 -> 1.10.1)
xfsprogs
=== Details ===
==== atkmm1_6 ====
- turn off doc build, it does not work with new doxygen
==== ca-certificates ====
Version update (2+git20210723.27a0476 -> 2+git20211004.3efbea9)
- Update to version 2+git20211004.3efbea9:
* Ensure --root option propagates prefix properly to other scripts
==== flatpak ====
Version update (1.11.3 -> 1.12.1)
Subpackages: libflatpak0 system-user-flatpak
- Update to version 1.12.1:
+ The security fix in the 1.12.0 release failed when used with
some older versions of libseccomp (that don't know about the
new syscalls).
- Update to version 1.12.0:
+ This is the first stable release in the 1.12.x series. The
major changes in this series is the support for better control
of sub-sandboxes, as used by the steam flatpak.
+ In addition, this release fixes a security vulnerability in the
portal support. Some recently added syscalls were not blocked
by the seccomp rules which allowed the application to create
sub-sandboxes which can confuse the sandboxing verification
mechanisms of the portal. This has been fixed by extending the
seccomp rules (boo#1191507, CVE-2021-41133)
+ Some test fixes
+ Support for specifying the flatpak binary to use during exports
+ Install translations for all languages in the locale, not just
the ones in LC_MESSAGES.
+ Fix progress reporting in flatpak fsck
+ Handle cases where /var/tmp is a symlink
+ Expose /etc/gai.conf to the sandbox
+ Fix the parental control checks for root
+ Handle missing /etc/ld.so.cache (musl)
+ Updated translations
==== fwupd ====
Version update (1.5.8 -> 1.6.2)
Subpackages: libfwupd2 typelib-1_0-Fwupd-2_0
- Update to version 1.6.2
- The fwupd efi program be separated to fwupd-efi package.
- Removed pesign-obs-integration, moved needssslcertforbuild
, SBAT and EFI signing stuff to fwupd-efi.
- Moved libfwupdplugin1 to libfwupdplugin2
- Change log from upstream:
https://github.com/fwupd/fwupd/blob/main/data/org.freedesktop.fwupd.metainf…
- This release adds the following features:
* Add a plugin to check Lenovo firmware settings
* Add initial support for the powerd daemon
* Add support for CapsuleOnDisk
* Add support for installing UEFI updates from GRUB
* Add support for soft-requirements that can be ignored with --force
* Allow devices to only accept version upgrades
* Allow discovery of Redfish BMCs specified by VID-PID or MAC
* Allow the daemon to request interactive action from the end user
* Automatically connect the BMC network interface at startup
* Show the build timestamp if set on the device
* Show the user how to switch out of Wacom tablet Android-mode
- This release fixes the following bugs:
* Add the alternate vendor name into the 8BitDo allowlist
* Allow multiple devices to set WAIT_FOR_REPLUG
* Allow the client to watch for more property changes
* Always ensure the SuperIO version string is NUL terminated
* Automatically clear the update error as required
* Disable all UX capsules for Lenovo hardware
* Do not assume the metainfo file is NUL-terminated
* Do not save invalid files on LVFS server error
* Fix a VLI regression in enumerating the PD device
* Fix a VLI regression when installing VL820Q7 firmware
* Fix enumeration of the Synaptics Prometheus config child
* Fix parsing Redfish USB/PCI network VID/PIDs
* Fix the fwupdmgr progressbar spinner to actually work
* Fix version number for legacy Wacom Bluetooth modules
* Ignore virtual M.2 ATA devices
* Preserve NEEDS_REBOOT on successful update
* Prevent a corrupt PHAT table from allocating lots of memory
* Read the Redfish SMBIOS table when required
* Remove the vendor string from the device name where required
* Save the update state to the database correctly all of the time
* Switch from sysctl to ioctl for ESRT on FreeBSD
* Try reading from /sys/class/dmi if SMBIOS direct access fails
* Watch for children added or removed after setup has been completed
* Work around a XCC-ism on Lenovo hardware
- This release adds support for the following hardware:
* ModemManager devices supporting Firehose or MBIM QDU
* More models of RTS54HUB
* More Poly DFU devices
* Parade LSPCON
* PixArt receiver and wireless hardware
* Realtek MST with RTD2142
* SuperIO IT5570
* USB4 Dell dock
==== gjs ====
Subpackages: libgjs0 typelib-1_0-GjsPrivate-1_0
- Add upstream crash fixer patches from stable branch:
+ b9e122044a7ccc1e2a3374c680b6ea82066bfa59.patch: arg: Replace
gsize with size_t
+ 62025d4a2738a36ea5f1a7cebef08b22b5eef613.patch: Handle optional
out parameters in callbacks
- Stop disabling lto: Following this, stop passing dtrace=true and
systemtap=true to meson, aswell as dropping systemtap-sdt-devel
BuildRequires, follow upstream default.
- Add optional pkgconfig(gtk4) BuildRequires: meson checks for it.
==== glibmm2_4 ====
Version update (2.66.1 -> 2.66.2)
Subpackages: libgiomm-2_4-1 libglibmm-2_4-1
- Update to version 2.66.2:
+ Glib, Gio: Replace all g_quark_from_static_string() by
g_quark_from_string()
+ Gio:
- FileEnumerator: Remove refreturn to avoid memory leak
- ListModel::get_object(): Make it work for interface classes
+ Build: MSVC build: Remove extraneous GLIBMM_API in
Glib::ustring
==== gnome-branding-MicroOS ====
- Use "Text Editor" instead of the less-supported "gEdit"
==== gnome-shell ====
Subpackages: gnome-shell-calendar
- Add 380d2db1d9047ecffcef7d78f00184963b403efc.patch: inputMethod:
Clear preeditStr before reset. Previously, these were performed
in a different order before GNOME 41. During some other changes
they were swapped.
However, this causes both GTK 3 and GTK 4 applications to scroll
to incorrect positions from the preedit change.
==== gnome-shell-extensions ====
Subpackages: gnome-shell-classic gnome-shell-extensions-common
- Update sle-classic to version 41
+ Update gse-sle-classic-ext.patch
+ Update sle-classic(a)suse.com.tar.gz
==== libaom ====
Version update (3.1.2 -> 3.1.3)
- Update to version 3.1.3:
* Update CHANGELOG for v3.1.3-rc2
* Detect chroma subsampling more directly
* Detect chroma subsampling more directly
* image2yuvconfig() should calculate uv_crop_width
* aom/aom_encoder.h: remove configure option reference
* aom_encoder.h: fix rc_overshoot_pct range
* Update AUTHORS,CHANGELOG,CMakeLists.txt for v3.1.3
* aom_install: don't exclude msvc from install
* aom_install: use relpath for install
* aom_install: Install lib dlls to bindir
==== librsvg ====
Version update (2.52.0 -> 2.52.1)
Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2 typelib-1_0-Rsvg-2_0
- Update to version 2.52.1:
+ Fix ordering of tspan inside text elements for right-to-left
languages.
+ Fix text-anchor positioning for right-to-left languages.
+ Fix regression in computing sizes when an SVG has only one of
width/height and a viewBox.
+ Spec compliance - the writing-mode property applies only to
text elements, no to individual tspan elements.
+ Fix build on big-endian platforms.
+ Clarify documentation for the rsvg_handle_write() /
rsvg_handle_close() deprecated APIs.
==== libzypp-plugin-appdata ====
- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
* harden_appstream-sync-cache.service.patch
==== open-vm-tools ====
Version update (11.3.0 -> 11.3.5)
Subpackages: libvmtools0
- Update to 11.3.5 (build 18557794) (boo#1190987)
+ New/Updated features:
- Added a configurable logging capability to the network script.
The network script has been updated to:
use vmware-toolbox-cmd to query any network logging configuration from
the tools.conf file. Use vmtoolsd --cmd "log ..." to log a message to
the vmx logfile when the logging handler is configured to "vmx" or when
the logfile is full or is not writeable.
- The hgfsmounter (mount.vmhgfs) command has been removed from
open-vm-tools.
The hgfsmounter (mount.vmhgfs) command is no longer used in
Linux open-vm-tools. It has been replaced by hgfs-fuse. Therefore,
removing all references to the hgfsmounter in Linux builds.
+ Resolved issues:
- Customization: Retry the Linux reboot if telinit is a soft link to
systemctl.
- Open-vm-tools commands would hang if configured with "--enable-valgrind".
+ Spec file updates for:
- rpmlint errors
- arg_xmlsec1 --enable-xmlsec1 for better xmlsec1/libxml2 handling.
==== pam-config ====
Version update (1.4 -> 1.5)
- Update to Version 1.5
- Don't print an error message if one of the systemd PAM modules
does not exist if creating the *-pc files [bsc#1191528]
- Drop pam_systemd_home again [bsc#1191528]
==== pangomm1_4 ====
- turn off doc build, it does not work with new doxygen
==== xdg-desktop-portal ====
Version update (1.10.0 -> 1.10.1)
- Update to version 1.10.1:
+ Revert a breaking change to the screencast and inhibit portal.
==== xfsprogs ====
- move fsck.xfs, mkfs.xfs and xfs_repair from /sbin to /usr/sbin
(bsc#1191105)
The default rpmbuild %configure macro passes --sbindir=/usr/sbin to
every configure script, but the xfsprogs configure script ignores it
when --exec-prefix is also set. Unset --exec-prefix since it is not
really required (all other paths are explicitly passed via the rpm
configure macro), so that the --sbindir is respected.
8 months, 2 weeks
- 1
- 0
New Kubic snapshot 20211012 released!
by Richard Brown
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=1&version=T…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
ca-certificates (2+git20210723.27a0476 -> 2+git20211004.3efbea9)
librsvg (2.52.0 -> 2.52.1)
open-vm-tools (11.3.0 -> 11.3.5)
pam-config (1.4 -> 1.5)
rbac-lookup (0.6.4 -> 0.7.1)
xfsprogs
=== Details ===
==== ca-certificates ====
Version update (2+git20210723.27a0476 -> 2+git20211004.3efbea9)
- Update to version 2+git20211004.3efbea9:
* Ensure --root option propagates prefix properly to other scripts
==== librsvg ====
Version update (2.52.0 -> 2.52.1)
Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2
- Update to version 2.52.1:
+ Fix ordering of tspan inside text elements for right-to-left
languages.
+ Fix text-anchor positioning for right-to-left languages.
+ Fix regression in computing sizes when an SVG has only one of
width/height and a viewBox.
+ Spec compliance - the writing-mode property applies only to
text elements, no to individual tspan elements.
+ Fix build on big-endian platforms.
+ Clarify documentation for the rsvg_handle_write() /
rsvg_handle_close() deprecated APIs.
==== open-vm-tools ====
Version update (11.3.0 -> 11.3.5)
Subpackages: libvmtools0
- Update to 11.3.5 (build 18557794) (boo#1190987)
+ New/Updated features:
- Added a configurable logging capability to the network script.
The network script has been updated to:
use vmware-toolbox-cmd to query any network logging configuration from
the tools.conf file. Use vmtoolsd --cmd "log ..." to log a message to
the vmx logfile when the logging handler is configured to "vmx" or when
the logfile is full or is not writeable.
- The hgfsmounter (mount.vmhgfs) command has been removed from
open-vm-tools.
The hgfsmounter (mount.vmhgfs) command is no longer used in
Linux open-vm-tools. It has been replaced by hgfs-fuse. Therefore,
removing all references to the hgfsmounter in Linux builds.
+ Resolved issues:
- Customization: Retry the Linux reboot if telinit is a soft link to
systemctl.
- Open-vm-tools commands would hang if configured with "--enable-valgrind".
+ Spec file updates for:
- rpmlint errors
- arg_xmlsec1 --enable-xmlsec1 for better xmlsec1/libxml2 handling.
==== pam-config ====
Version update (1.4 -> 1.5)
- Update to Version 1.5
- Don't print an error message if one of the systemd PAM modules
does not exist if creating the *-pc files [bsc#1191528]
- Drop pam_systemd_home again [bsc#1191528]
==== rbac-lookup ====
Version update (0.6.4 -> 0.7.1)
- Update to version 0.7.1:
* Mac M1 Support
* Update documentation from template
* Update README.md
==== xfsprogs ====
- move fsck.xfs, mkfs.xfs and xfs_repair from /sbin to /usr/sbin
(bsc#1191105)
The default rpmbuild %configure macro passes --sbindir=/usr/sbin to
every configure script, but the xfsprogs configure script ignores it
when --exec-prefix is also set. Unset --exec-prefix since it is not
really required (all other paths are explicitly passed via the rpm
configure macro), so that the --sbindir is respected.
8 months, 2 weeks
- 1
- 0
root login with Combustion on MicroOS - any platform and RPi
by jimmypierre.rouen.france@gmail.com
Greetings,
I have been struggling alone on a concept issue. The issue has a strong
adherence to Combustion. I have received some input from one of our members
here and wish if someone else could come forward please as he might not like
to be disturbed if I am not very good with Combustion.
I can ssh to GreenGeeks, AWS, Digital Ocean, OVH, stackcp, etc. with keys
created with PuTTYgen for years.
For the last weeks, I have been perusing many many wikis but I seem to miss
something because after creating the config file on the USB key (labelled
COMBUSTION & under combustion directory), I cannot get RPi nor x64_86 images
to accept the keys. My non admin user is NUI. If someone could kindly send
me a working config file with xxxxxxx where the PUB key is to be
added/completed, I think that it will just work!
Why time is of essence, it's because we've got our monthly meeting this
coming Saturday (16th October) and I would like to get into the matter and
prepare some slides as well.
With best wishes and thanks in anticipation,
Jimmy Pierre
8 months, 2 weeks
- 3
- 2
New MicroOS snapshot 20211011 released!
by Richard Brown
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
Mesa-drivers
bash-completion
codec2
gcr (3.40.0 -> 3.41.0)
glibc
hwdata (0.351 -> 0.352)
hwinfo (21.76 -> 21.77)
libx86emu (3.2 -> 3.3)
libzypp (17.28.4 -> 17.28.5)
mdadm
open-iscsi
openssh (8.4p1 -> 8.8p1)
patterns-gnome
patterns-microos
polkit-default-privs (1550+20210818.b0c41fd -> 1550+20211008.9751669)
pulseaudio
xwayland
=== Details ===
==== Mesa-drivers ====
Subpackages: Mesa-dri Mesa-gallium
- Fix build with LLVM 13:
* U_gallivm-add-new-wrapper-around-Module.patch
* U_gallivm-fix-FTBFS-on-i386-with-LLVM-13.patch
==== bash-completion ====
- Add patch boo1190929-9af4afd0.patch for boo#1190929
add support for compeletion modinfo completion recognize .ko.zst
as well as .ko.bz2
==== codec2 ====
- Added a patch moved-freedv_callback_rx_sym-into-internal-header.patch
to fix building gnuradio (patch taken from upstream)
- Drop handcrafted generation of the pkgconfig file
- Remove "-Wno-dev"
==== gcr ====
Version update (3.40.0 -> 3.41.0)
Subpackages: gcr-data gcr-prompter gcr-ssh-askpass libgck-1-0 libgcr-3-1 typelib-1_0-Gck-1 typelib-1_0-Gcr-3
- Update to version 3.41.0:
+ Port ssh-agent from gnome-keyring.
+ build: Fix parallel build failure due to missing marshal
dependency.
+ Fix warnings by dropping `volatile` for g_once_init_inter
locations.
+ tests: More robust against GTask unref race condition.
+ Updated translations.
- Add pkgconfig(libsecret-1), pkgconfig(libsystemd),
pkgconfig(systemd) and openssh-clients BuildRequires: Build new
standalone ssh-agent, and split it out in own sub-package.
==== glibc ====
Subpackages: glibc-locale glibc-locale-base
- ld-show-auxv-colon.patch: elf: Fix missing colon in LD_SHOW_AUXV output
(BZ #282539
- x86-string-control-test.patch: x86-64: Use testl to check
__x86_string_control
- pthread-kill-fail-after-exit.patch: nptl: pthread_kill, pthread_cancel
should not fail after exit (BZ #19193)
- pthread-kill-race-thread-exit.patch: nptl: Fix race between pthread_kill
and thread exit (BZ #12889)
- getcwd-attribute-access.patch: posix: Fix attribute access mode on
getcwd (BZ #27476)
- pthread-kill-return-esrch.patch: nptl: pthread_kill needs to return
ESRCH for old programs (BZ #19193)
- pthread-mutexattr-getrobust-np-type.patch: nptl: Fix type of
pthread_mutexattr_getrobust_np, pthread_mutexattr_setrobust_np (BZ
[#28036])
- setxid-deadlock-blocked-signals.patch: nptl: Avoid setxid deadlock with
blocked signals in thread exit (BZ #28361)
- pthread-kill-send-specific-thread.patch: nptl: pthread_kill must send
signals to a specific thread (BZ #28407)
- sysconf-nprocessors-affinity.patch: linux: Revert the use of
sched_getaffinity on get_nproc (BZ #28310)
- iconv-charmap-close-output.patch: renamed from
icon-charmap-close-output.patch
==== hwdata ====
Version update (0.351 -> 0.352)
- Update to version 0.352 (bsc#1191375:
+ Updated pci, usb and vendor ids.
==== hwinfo ====
Version update (21.76 -> 21.77)
- merge gh#openSUSE/hwinfo#105
- Use license file from gnu.org
- Fix spelling
- Add missing final newline
- Trim excess whitespace
- Simple maintenance improvements
- 21.77
==== libx86emu ====
Version update (3.2 -> 3.3)
- merge gh#wfeldt/libx86emu#34
- Migrate CI to GitHub Actions
- 3.3
==== libzypp ====
Version update (17.28.4 -> 17.28.5)
- Downloader does not respect checkExistsOnly flag (bsc#1190712)
A missing check causes zyppng::Downloader to always download full
files even if the checkExistsOnly flag is set. This patch adds
the missing logic.
- Fix kernel-*-livepatch removal in purge-kernels (bsc#1190815)
The kernel-*-livepatch packages are supposed to serve as a stable
handle for the ephemeral kernel livepatch packages. See
FATE#320268 for details. As part of the kernel live patching
ecosystem, kernel-*-livepatch packages should not block the
purge-kernels step.
- version 17.28.5 (22)
==== mdadm ====
- Install mdadm in _sbindir rather than /sbin. This is more
appropriate now that we have a merged-/usr.
(bsc#1191076)
==== open-iscsi ====
Subpackages: iscsiuio libopeniscsiusr0_2_0
- Fix possible systemd cycle by adding an "obsoletes" for
the old libopeniscsiusr for older versions.
==== openssh ====
Version update (8.4p1 -> 8.8p1)
Subpackages: openssh-clients openssh-common openssh-server
- Version update to 8.8p1:
= Security
* sshd(8) from OpenSSH 6.2 through 8.7 failed to correctly initialise
supplemental groups when executing an AuthorizedKeysCommand or
AuthorizedPrincipalsCommand, where a AuthorizedKeysCommandUser or
AuthorizedPrincipalsCommandUser directive has been set to run the
command as a different user. Instead these commands would inherit
the groups that sshd(8) was started with.
Depending on system configuration, inherited groups may allow
AuthorizedKeysCommand/AuthorizedPrincipalsCommand helper programs to
gain unintended privilege.
Neither AuthorizedKeysCommand nor AuthorizedPrincipalsCommand are
enabled by default in sshd_config(5).
= Potentially-incompatible changes
* This release disables RSA signatures using the SHA-1 hash algorithm
by default. This change has been made as the SHA-1 hash algorithm is
cryptographically broken, and it is possible to create chosen-prefix
hash collisions for <USD$50K.
For most users, this change should be invisible and there is
no need to replace ssh-rsa keys. OpenSSH has supported RFC8332
RSA/SHA-256/512 signatures since release 7.2 and existing ssh-rsa keys
will automatically use the stronger algorithm where possible.
Incompatibility is more likely when connecting to older SSH
implementations that have not been upgraded or have not closely tracked
improvements in the SSH protocol. For these cases, it may be necessary
to selectively re-enable RSA/SHA1 to allow connection and/or user
authentication via the HostkeyAlgorithms and PubkeyAcceptedAlgorithms
options.
= New features
* ssh(1): allow the ssh_config(5) CanonicalizePermittedCNAMEs
directive to accept a "none" argument to specify the default
behaviour.
= Bugfixes
* scp(1): when using the SFTP protocol, continue transferring files
after a transfer error occurs, better matching original scp/rcp
behaviour.
* ssh(1): fixed a number of memory leaks in multiplexing,
* ssh-keygen(1): avoid crash when using the -Y find-principals
command.
* A number of documentation and manual improvements, including
bz#3340, PR139, PR215, PR241, PR257
- Additional changes from 8.7p1 release:
= Potentially-incompatible changes
* scp(1): this release changes the behaviour of remote to remote
copies (e.g. "scp host-a:/path host-b:") to transfer through the
local host by default. This was previously available via the -3
flag. This mode avoids the need to expose credentials on the
origin hop, avoids triplicate interpretation of filenames by the
shell (by the local system, the copy origin and the destination)
and, in conjunction with the SFTP support for scp(1) mentioned
below, allows use of all authentication methods to the remote
hosts (previously, only non-interactive methods could be used).
A -R flag has been added to select the old behaviour.
* ssh(1)/sshd(8): both the client and server are now using a
stricter configuration file parser. The new parser uses more
shell-like rules for quotes, space and escape characters. It is
also more strict in rejecting configurations that include options
lacking arguments. Previously some options (e.g. DenyUsers) could
appear on a line with no subsequent arguments. This release will
reject such configurations. The new parser will also reject
configurations with unterminated quotes and multiple '='
characters after the option name.
* ssh(1): when using SSHFP DNS records for host key verification,
ssh(1) will verify all matching records instead of just those
with the specific signature type requested. This may cause host
key verification problems if stale SSHFP records of a different
or legacy signature type exist alongside other records for a
particular host. bz#3322
* ssh-keygen(1): when generating a FIDO key and specifying an
explicit attestation challenge (using -Ochallenge), the challenge
will now be hashed by the builtin security key middleware. This
removes the (undocumented) requirement that challenges be exactly
32 bytes in length and matches the expectations of libfido2.
* sshd(8): environment="..." directives in authorized_keys files are
now first-match-wins and limited to 1024 discrete environment
variable names.
= New features
* scp(1): experimental support for transfers using the SFTP protocol
as a replacement for the venerable SCP/RCP protocol that it has
traditionally used. SFTP offers more predictable filename handling
and does not require expansion of glob(3) patterns via the shell
on the remote side.
* sftp-server(8): add a protocol extension to support expansion of
~/ and ~user/ prefixed paths. This was added to support these
paths when used by scp(1) while in SFTP mode.
* ssh(1): add a ForkAfterAuthentication ssh_config(5) counterpart to
the ssh(1) -f flag. GHPR231
* ssh(1): add a StdinNull directive to ssh_config(5) that allows the
config file to do the same thing as -n does on the ssh(1) command-
line. GHPR231
* ssh(1): add a SessionType directive to ssh_config, allowing the
configuration file to offer equivalent control to the -N (no
session) and -s (subsystem) command-line flags. GHPR231
* ssh-keygen(1): allowed signers files used by ssh-keygen(1)
signatures now support listing key validity intervals alongside
they key, and ssh-keygen(1) can optionally check during signature
verification whether a specified time falls inside this interval.
This feature is intended for use by git to support signing and
verifying objects using ssh keys.
* ssh-keygen(8): support printing of the full public key in a sshsig
signature via a -Oprint-pubkey flag.
= Bugfixes
* ssh(1)/sshd(8): start time-based re-keying exactly on schedule in
the client and server mainloops. Previously the re-key timeout
could expire but re-keying would not start until a packet was sent
or received, causing a spin in select() if the connection was
quiescent.
* ssh-keygen(1): avoid Y2038 problem in printing certificate
validity lifetimes. Dates past 2^31-1 seconds since epoch were
displayed incorrectly on some platforms. bz#3329
* scp(1): allow spaces to appear in usernames for local to remote
and scp -3 remote to remote copies. bz#1164
* ssh(1)/sshd(8): remove references to ChallengeResponseAuthentication
in favour of KbdInteractiveAuthentication. The former is what was in
SSHv1, the latter is what is in SSHv2 (RFC4256) and they were
treated as somewhat but not entirely equivalent. We retain the old
name as a deprecated alias so configuration files continue to work
as well as a reference in the man page for people looking for it.
bz#3303
* ssh(1)/ssh-add(1)/ssh-keygen(1): fix decoding of X.509 subject name
when extracting a key from a PKCS#11 certificate. bz#3327
* ssh(1): restore blocking status on stdio fds before close. ssh(1)
needs file descriptors in non-blocking mode to operate but it was
not restoring the original state on exit. This could cause
problems with fds shared with other programs via the shell,
bz#3280 and GHPR246
* ssh(1)/sshd(8): switch both client and server mainloops from
select(3) to pselect(3). Avoids race conditions where a signal
may arrive immediately before select(3) and not be processed until
an event fires. bz#2158
* ssh(1): sessions started with ControlPersist were incorrectly
executing a shell when the -N (no shell) option was specified.
bz#3290
* ssh(1): check if IPQoS or TunnelDevice are already set before
overriding. Prevents values in config files from overriding values
supplied on the command line. bz#3319
* ssh(1): fix debug message when finding a private key to match a
certificate being attempted for user authentication. Previously it
would print the certificate's path, whereas it was supposed to be
showing the private key's path. GHPR247
* sshd(8): match host certificates against host public keys, not
private keys. Allows use of certificates with private keys held in
a ssh-agent. bz#3524
* ssh(1): add a workaround for a bug in OpenSSH 7.4 sshd(8), which
allows RSA/SHA2 signatures for public key authentication but fails
to advertise this correctly via SSH2_MSG_EXT_INFO. This causes
clients of these server to incorrectly match
PubkeyAcceptedAlgorithmse and potentially refuse to offer valid
keys. bz#3213
* sftp(1)/scp(1): degrade gracefully if a sftp-server offers the
limits(a)openssh.com extension but fails when the client tries to
invoke it. bz#3318
* ssh(1): allow ssh_config SetEnv to override $TERM, which is
otherwise handled specially by the protocol. Useful in ~/.ssh/config
to set TERM to something generic (e.g. "xterm" instead of
"xterm-256color") for destinations that lack terminfo entries.
* sftp-server(8): the limits(a)openssh.com extension was incorrectly
marked as an operation that writes to the filesystem, which made it
unavailable in sftp-server read-only mode. bz#3318
* ssh(1): fix SEGV in UpdateHostkeys debug() message, triggered when
the update removed more host keys than remain present.
* Many manual page fixes.
- Additional changes from 8.6p1 release:
= Security
* sshd(8): OpenSSH 8.5 introduced the LogVerbose keyword. When this
option was enabled with a set of patterns that activated logging
in code that runs in the low-privilege sandboxed sshd process, the
log messages were constructed in such a way that printf(3) format
strings could effectively be specified the low-privilege code.
= New features
* sftp-server(8): add a new limits(a)openssh.com protocol extension
that allows a client to discover various server limits, including
maximum packet size and maximum read/write length.
* sftp(1): use the new limits(a)openssh.com extension (when available)
to select better transfer lengths in the client.
* sshd(8): Add ModuliFile keyword to sshd_config to specify the
location of the "moduli" file containing the groups for DH-GEX.
* unit tests: Add a TEST_SSH_ELAPSED_TIMES environment variable to
enable printing of the elapsed time in seconds of each test.
= Bugfixes
* ssh_config(5), sshd_config(5): sync CASignatureAlgorithms lists in
manual pages with the current default. GHPR174
* ssh(1): ensure that pkcs11_del_provider() is called before exit.
GHPR234
* ssh(1), sshd(8): fix problems in string->argv conversion. Multiple
backslashes were not being dequoted correctly and quoted space in
the middle of a string was being incorrectly split. GHPR223
* ssh(1): return non-zero exit status when killed by signal; bz#3281
* sftp-server(8): increase maximum SSH2_FXP_READ to match the maximum
packet size. Also handle zero-length reads that are not explicitly
banned by the spec.
- Additional changes from 8.5p1 release:
= Security
* ssh-agent(1): fixed a double-free memory corruption that was
introduced in OpenSSH 8.2 . We treat all such memory faults as
potentially exploitable. This bug could be reached by an attacker
with access to the agent socket.
= Potentially-incompatible changes
* ssh(1), sshd(8): this release changes the first-preference signature
algorithm from ECDSA to ED25519.
* ssh(1), sshd(8): set the TOS/DSCP specified in the configuration
for interactive use prior to TCP connect. The connection phase of
the SSH session is time-sensitive and often explicitly interactive.
The ultimate interactive/bulk TOS/DSCP will be set after
authentication completes.
* ssh(1), sshd(8): remove the pre-standardization cipher
rijndael-cbc(a)lysator.liu.se. It is an alias for aes256-cbc before
it was standardized in RFC4253 (2006), has been deprecated and
disabled by default since OpenSSH 7.2 (2016) and was only briefly
documented in ssh.1 in 2001.
* ssh(1), sshd(8): update/replace the experimental post-quantum
hybrid key exchange method based on Streamlined NTRU Prime coupled
with X25519. The previous sntrup4591761x25519-sha512(a)tinyssh.org
method is replaced with sntrup761x25519-sha512(a)openssh.com.
* ssh(1): disable CheckHostIP by default. It provides insignificant
benefits while making key rotation significantly more difficult,
especially for hosts behind IP-based load-balancers.
= New features
* ssh(1): this release enables UpdateHostkeys by default subject to
some conservative preconditions:
- The key was matched in the UserKnownHostsFile (and not in the
GlobalKnownHostsFile).
- The same key does not exist under another name.
- A certificate host key is not in use.
- known_hosts contains no matching wildcard hostname pattern.
- VerifyHostKeyDNS is not enabled.
- The default UserKnownHostsFile is in use.
* ssh(1), sshd(8): add a new LogVerbose configuration directive for
that allows forcing maximum debug logging by file/function/line
pattern-lists.
* ssh(1): when prompting the user to accept a new hostkey, display
any other host names/addresses already associated with the key.
* ssh(1): allow UserKnownHostsFile=none to indicate that no
known_hosts file should be used to identify host keys.
* ssh(1): add a ssh_config KnownHostsCommand option that allows the
client to obtain known_hosts data from a command in addition to
the usual files.
* ssh(1): add a ssh_config PermitRemoteOpen option that allows the
client to restrict the destination when RemoteForward is used
with SOCKS.
* ssh(1): for FIDO keys, if a signature operation fails with a
"incorrect PIN" reason and no PIN was initially requested from the
user, then request a PIN and retry the operation. This supports
some biometric devices that fall back to requiring PIN when reading
of the biometric failed, and devices that require PINs for all
hosted credentials.
* sshd(8): implement client address-based rate-limiting via new
sshd_config(5) PerSourceMaxStartups and PerSourceNetBlockSize
directives that provide more fine-grained control on a per-origin
address basis than the global MaxStartups limit.
= Bugfixes
* ssh(1): Prefix keyboard interactive prompts with "(user@host)" to
make it easier to determine which connection they are associated
with in cases like scp -3, ProxyJump, etc. bz#3224
* sshd(8): fix sshd_config SetEnv directives located inside Match
blocks. GHPR201
* ssh(1): when requesting a FIDO token touch on stderr, inform the
user once the touch has been recorded.
* ssh(1): prevent integer overflow when ridiculously large
ConnectTimeout values are specified, capping the effective value
(for most platforms) at 24 days. bz#3229
* ssh(1): consider the ECDSA key subtype when ordering host key
algorithms in the client.
* ssh(1), sshd(8): rename the PubkeyAcceptedKeyTypes keyword to
PubkeyAcceptedAlgorithms. The previous name incorrectly suggested
that it control allowed key algorithms, when this option actually
specifies the signature algorithms that are accepted. The previous
name remains available as an alias. bz#3253
* ssh(1), sshd(8): similarly, rename HostbasedKeyTypes (ssh) and
HostbasedAcceptedKeyTypes (sshd) to HostbasedAcceptedAlgorithms.
* sftp-server(8): add missing lsetstat(a)openssh.com documentation
and advertisement in the server's SSH2_FXP_VERSION hello packet.
* ssh(1), sshd(8): more strictly enforce KEX state-machine by
banning packet types once they are received. Fixes memleak caused
by duplicate SSH2_MSG_KEX_DH_GEX_REQUEST (oss-fuzz #30078).
* sftp(1): allow the full range of UIDs/GIDs for chown/chgrp on 32bit
platforms instead of being limited by LONG_MAX. bz#3206
* Minor man page fixes (capitalization, commas, etc.) bz#3223
* sftp(1): when doing an sftp recursive upload or download of a
read-only directory, ensure that the directory is created with
write and execute permissions in the interim so that the transfer
can actually complete, then set the directory permission as the
final step. bz#3222
* ssh-keygen(1): document the -Z, check the validity of its argument
earlier and provide a better error message if it's not correct.
bz#2879
* ssh(1): ignore comments at the end of config lines in ssh_config,
similar to what we already do for sshd_config. bz#2320
* sshd_config(5): mention that DisableForwarding is valid in a
sshd_config Match block. bz3239
* sftp(1): fix incorrect sorting of "ls -ltr" under some
circumstances. bz3248.
* ssh(1), sshd(8): fix potential integer truncation of (unlikely)
timeout values. bz#3250
* ssh(1): make hostbased authentication send the signature algorithm
in its SSH2_MSG_USERAUTH_REQUEST packets instead of the key type.
This make HostbasedAcceptedAlgorithms do what it is supposed to -
filter on signature algorithm and not key type.
- Rebased patches:
* openssh-7.7p1-IPv6_X_forwarding.patch
* openssh-7.7p1-X11_trusted_forwarding.patch
* openssh-7.7p1-X_forward_with_disabled_ipv6.patch
* openssh-7.7p1-cavstest-ctr.patch
* openssh-7.7p1-cavstest-kdf.patch
* openssh-7.7p1-disable_openssl_abi_check.patch
* openssh-7.7p1-eal3.patch
* openssh-7.7p1-enable_PAM_by_default.patch
* openssh-7.7p1-fips.patch
* openssh-7.7p1-fips_checks.patch
* openssh-7.7p1-host_ident.patch
* openssh-7.7p1-hostname_changes_when_forwarding_X.patch
* openssh-7.7p1-ldap.patch
* openssh-7.7p1-no_fork-no_pid_file.patch
* openssh-7.7p1-pam_check_locks.patch
* openssh-7.7p1-pts_names_formatting.patch
* openssh-7.7p1-remove_xauth_cookies_on_exit.patch
* openssh-7.7p1-seccomp_ipc_flock.patch
* openssh-7.7p1-seccomp_stat.patch
* openssh-7.7p1-send_locale.patch
* openssh-7.7p1-sftp_force_permissions.patch
* openssh-7.7p1-sftp_print_diagnostic_messages.patch
* openssh-7.7p1-systemd-notify.patch
* openssh-7.9p1-keygen-preserve-perms.patch
* openssh-7.9p1-revert-new-qos-defaults.patch
* openssh-8.0p1-gssapi-keyex.patch
* openssh-8.1p1-audit.patch
* openssh-8.1p1-seccomp-clock_gettime64.patch
* openssh-8.1p1-seccomp-clock_nanosleep.patch
* openssh-8.1p1-seccomp-clock_nanosleep_time64.patch
* openssh-8.1p1-use-openssl-kdf.patch
* openssh-8.4p1-vendordir.patch
* openssh-fips-ensure-approved-moduli.patch
* openssh-link-with-sk.patch
* openssh-reenable-dh-group14-sha1-default.patch
* openssh-whitelist-syscalls.patch
- Removed openssh-fix-ssh-copy-id.patch (fixed upstream).
- openssh.keyring: rotated to new key from https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/RELEASE_KEY.asc
- sshd-gen-keys-start:
- only source sysconfig file if it exists.
- create /etc/ssh if it does not exists.
Required for image based installation/updates.
==== patterns-gnome ====
Subpackages: patterns-gnome-gnome_basic patterns-gnome-gnome_basis
- Drop gnome-power-manager Recommends: Package is dormant upstream
and on its way to be replaced by new features inside of
gnome-control-center.
==== patterns-microos ====
Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-base-microdnf patterns-microos-base-packagekit patterns-microos-base-zypper patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-desktop-common patterns-microos-desktop-gnome patterns-microos-desktop-kde patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-ra_agent patterns-microos-ra_verifier patterns-microos-selinux patterns-microos-sssd_ldap
- Add xdg-desktop-portal-gnome to gnome pattern
- Drop gnome-power-manager Requires: Package is dormant upstream
and on it's way to be replaced by new features inside of
gnome-control-center.
==== polkit-default-privs ====
Version update (1550+20210818.b0c41fd -> 1550+20211008.9751669)
- drop backward compatibility symlink in /etc/polkit-default-privs.standard.
rpmlint 2.0 is now in Factory and the check there directly uses the profile
in /usr/etc/polkit-default-privs/profiles/standard.
- drop polkit-whitelisting sub-package. This is now handled in rpmlint 2.0
internally.
- Update to version 1550+20211008.9751669:
* whitelist power-profiles-daemon actions (bsc#1189900)
* cleanup: remove polkit-rules-whitelist.json
==== pulseaudio ====
Subpackages: libpulse-mainloop-glib0 libpulse0
- Make system-user-pulse noarch
- Split sysusers.d file to separate package as needed by brltty
(bsc#1191465)
==== xwayland ====
- Specfile cleanup
8 months, 2 weeks
- 1
- 0
New Kubic snapshot 20211011 released!
by Richard Brown
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=1&version=T…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
glibc
haproxy (2.4.4+git0.acb1d0bea -> 2.4.7+git0.b5e51a5e2)
hwinfo (21.76 -> 21.77)
kubernetes1.21
libx86emu (3.2 -> 3.3)
libzypp (17.28.4 -> 17.28.5)
open-iscsi
openssh (8.4p1 -> 8.8p1)
patterns-microos
=== Details ===
==== glibc ====
Subpackages: glibc-locale-base
- ld-show-auxv-colon.patch: elf: Fix missing colon in LD_SHOW_AUXV output
(BZ #282539
- x86-string-control-test.patch: x86-64: Use testl to check
__x86_string_control
- pthread-kill-fail-after-exit.patch: nptl: pthread_kill, pthread_cancel
should not fail after exit (BZ #19193)
- pthread-kill-race-thread-exit.patch: nptl: Fix race between pthread_kill
and thread exit (BZ #12889)
- getcwd-attribute-access.patch: posix: Fix attribute access mode on
getcwd (BZ #27476)
- pthread-kill-return-esrch.patch: nptl: pthread_kill needs to return
ESRCH for old programs (BZ #19193)
- pthread-mutexattr-getrobust-np-type.patch: nptl: Fix type of
pthread_mutexattr_getrobust_np, pthread_mutexattr_setrobust_np (BZ
[#28036])
- setxid-deadlock-blocked-signals.patch: nptl: Avoid setxid deadlock with
blocked signals in thread exit (BZ #28361)
- pthread-kill-send-specific-thread.patch: nptl: pthread_kill must send
signals to a specific thread (BZ #28407)
- sysconf-nprocessors-affinity.patch: linux: Revert the use of
sched_getaffinity on get_nproc (BZ #28310)
- iconv-charmap-close-output.patch: renamed from
icon-charmap-close-output.patch
==== haproxy ====
Version update (2.4.4+git0.acb1d0bea -> 2.4.7+git0.b5e51a5e2)
- Update to version 2.4.7+git0.b5e51a5e2:
* [RELEASE] Released version 2.4.7
* BUG/MEDIUM: http-ana: Clear request analyzers when applying redirect rule
- Update to version 2.4.6+git0.d83fd76a1:
* [RELEASE] Released version 2.4.6
* BUG/MEDIUM: filters: Fix a typo when a filter is attached blocking the release
- Update to version 2.4.5+git0.e74a1b34b:
* [RELEASE] Released version 2.4.5
* MINOR: tasks: catch TICK_ETERNITY with BUG_ON() in __task_queue()
* BUG/MINOR: tcp-rules: Stop content rules eval on read error and end-of-input
* BUG/MINOR: tcpcheck: Don't use arg list for default proxies during parsing
* MINOR: arg: Be able to forbid unresolved args when building an argument list
* BUG/MAJOR: lua: use task_wakeup() to properly run a task once
* BUG/MEDIUM: lua: fix wakeup condition from sleep()
* MINOR: Makefile: add MEMORY_POOLS to the list of DEBUG_xxx options
* DOC: peers: fix doc "enable" statement on "peers" sections
* BUG/MINOR: mux-h1/mux-fcgi: Sanitize TE header to only send "trailers"
* MINOR: stream-int: Notify mux when the buffer is not stuck when calling rcv_buf
* BUG/MEDIUM: stream-int: Defrag HTX message in si_cs_recv() if necessary
* MINOR: htx: Add a function to know if the free space wraps
* MINOR: htx: Add an HTX flag to know when a message is fragmented
* MINOR: stream-int: Set CO_RFL transient/persistent flags apart in si_cs_rcv()
* BUG/MEDIUM: stream: Stop waiting for more data if SI is blocked on RXBLK_ROOM
* BUG/MEDIUM: stream-int: Notify stream that the mux wants more room to xfer data
* BUG/MEDIUM: mux-h1: Adjust conditions to ask more space in the channel buffer
* BUG/MINOR: stats: use refcount to protect dynamic server on dump
* MINOR: server: return the next srv instance on free_server
* BUG/MINOR: server: do not use refcount in free_server in stopping mode
* MINOR: global: define MODE_STOPPING
* MINOR: server: implement a refcount for dynamic servers
* BUG/MINOR: http-ana: increment internal_errors counter on response error
* BUG/MINOR: h1-htx: Fix a typo when request parser is reset
* BUG/MEDIUM: leastconn: fix rare possibility of divide by zero
* BUG/MINOR: server: allow 'enable health' only if check configured
* BUILD: threads: fix -Wundef for _POSIX_PRIORITY_SCHEDULING on libmusl
* BUILD: halog: fix a -Wundef warning on non-glibc systems
* BUILD: compiler: fixed a missing test on defined(__GNUC__)
* BUILD: fix dragonfly build again on __read_mostly
* BUG/MINOR: vars: do not talk about global section in CLI errors for set-var
* BUG/MINOR: vars: truncate the variable name in error reports about scope.
* BUG/MINOR: vars: properly set the argument parsing context in the expression
* MINOR: sample: add missing ARGC_ entries
* BUG/MINOR: vars: improve accuracy of the rules used to check expression validity
* BUILD: tools: properly guard __GLIBC__ with defined()
* BUILD: ssl: fix two remaining occurrences of #if USE_OPENSSL
* BUILD: ssl: next round of build warnings on LIBRESSL_VERSION_NUMBER
* BUILD/MINOR: regex: avoid a build warning on USE_PCRE2 with -Wundef
* IMPORT: slz: silence a build warning with -Wundef
* BUILD/MINOR: ssl: avoid a build warning on LIBRESSL_VERSION with -Wundef
* BUILD/MINOR: defaults: eliminate warning on MAXHOSTNAMELEN with -Wundef
* BUILD: activity: use #ifdef not #if on USE_MEMORY_PROFILING
* MINOR: proc: setting the process to produce a core dump on FreeBSD.
* MINOR: tools: add FreeBSD support to get_exec_path()
* BUILD: tools: get the absolute path of the current binary on NetBSD.
* BUG/MINOR: flt-trace: fix an infinite loop when random-parsing is set
* BUG/MINOR: cli/payload: do not search for args inside payload
* BUILD: ist: prevent gcc11 maybe-uninitialized warning on istalloc
* BUG/MINOR: connection: prevent null deref on mux cleanup task allocation
* DOC: management: certificate files must be sanitized before injection
* BUG/MINOR: tcpcheck: Improve LDAP response parsing to fix LDAP check
* BUG/MAJOR: mux-h1: Don't eval input data if an error was reported
* MINOR: pools: use mallinfo2() when available instead of mallinfo()
* MINOR: pools: automatically disable malloc_trim() with external allocators
* CLEANUP: pools: factor all malloc_trim() calls into trim_all_pools()
* BUG/MINOR: compat: make sure __WORDSIZE is always defined
* BUG/MEDIUM: stream-int: Don't block SI on a channel policy if EOI is reached
* CLEANUP: mux-h1: Remove condition rejecting upgrade requests with payload
* MINOR: htx: Skip headers with no value when adding a header list to a message
* BUG/MEDIUM: mux-h1: Remove "Upgrade:" header for requests with payload
* BUG/MINOR: systemd: ExecStartPre must use -Ws
* BUG/MINOR: filters: Set right FLT_END analyser depending on channel
* BUG/MINOR: filters: Always set FLT_END analyser when CF_FLT_ANALYZE flag is set
* BUG/MEDIUM: http-ana: Reset channels analysers when returning an error
* BUG/MINOR: stream: Don't release a stream if FLT_END is still registered
* BUG/MINOR: lua: Don't yield in channel.append() and channel.set()
* BUG/MINOR: lua: Yield in channel functions only if lua context can yield
* MINOR: lua: Add a flag on lua context to know the yield capability at run time
==== hwinfo ====
Version update (21.76 -> 21.77)
- merge gh#openSUSE/hwinfo#105
- Use license file from gnu.org
- Fix spelling
- Add missing final newline
- Trim excess whitespace
- Simple maintenance improvements
- 21.77
==== kubernetes1.21 ====
- Bump disk requirements in _constraints to 12GB. Data based on the
last successful build consumed storage.
==== libx86emu ====
Version update (3.2 -> 3.3)
- merge gh#wfeldt/libx86emu#34
- Migrate CI to GitHub Actions
- 3.3
==== libzypp ====
Version update (17.28.4 -> 17.28.5)
- Downloader does not respect checkExistsOnly flag (bsc#1190712)
A missing check causes zyppng::Downloader to always download full
files even if the checkExistsOnly flag is set. This patch adds
the missing logic.
- Fix kernel-*-livepatch removal in purge-kernels (bsc#1190815)
The kernel-*-livepatch packages are supposed to serve as a stable
handle for the ephemeral kernel livepatch packages. See
FATE#320268 for details. As part of the kernel live patching
ecosystem, kernel-*-livepatch packages should not block the
purge-kernels step.
- version 17.28.5 (22)
==== open-iscsi ====
Subpackages: iscsiuio libopeniscsiusr0_2_0
- Fix possible systemd cycle by adding an "obsoletes" for
the old libopeniscsiusr for older versions.
==== openssh ====
Version update (8.4p1 -> 8.8p1)
Subpackages: openssh-clients openssh-common openssh-server
- Version update to 8.8p1:
= Security
* sshd(8) from OpenSSH 6.2 through 8.7 failed to correctly initialise
supplemental groups when executing an AuthorizedKeysCommand or
AuthorizedPrincipalsCommand, where a AuthorizedKeysCommandUser or
AuthorizedPrincipalsCommandUser directive has been set to run the
command as a different user. Instead these commands would inherit
the groups that sshd(8) was started with.
Depending on system configuration, inherited groups may allow
AuthorizedKeysCommand/AuthorizedPrincipalsCommand helper programs to
gain unintended privilege.
Neither AuthorizedKeysCommand nor AuthorizedPrincipalsCommand are
enabled by default in sshd_config(5).
= Potentially-incompatible changes
* This release disables RSA signatures using the SHA-1 hash algorithm
by default. This change has been made as the SHA-1 hash algorithm is
cryptographically broken, and it is possible to create chosen-prefix
hash collisions for <USD$50K.
For most users, this change should be invisible and there is
no need to replace ssh-rsa keys. OpenSSH has supported RFC8332
RSA/SHA-256/512 signatures since release 7.2 and existing ssh-rsa keys
will automatically use the stronger algorithm where possible.
Incompatibility is more likely when connecting to older SSH
implementations that have not been upgraded or have not closely tracked
improvements in the SSH protocol. For these cases, it may be necessary
to selectively re-enable RSA/SHA1 to allow connection and/or user
authentication via the HostkeyAlgorithms and PubkeyAcceptedAlgorithms
options.
= New features
* ssh(1): allow the ssh_config(5) CanonicalizePermittedCNAMEs
directive to accept a "none" argument to specify the default
behaviour.
= Bugfixes
* scp(1): when using the SFTP protocol, continue transferring files
after a transfer error occurs, better matching original scp/rcp
behaviour.
* ssh(1): fixed a number of memory leaks in multiplexing,
* ssh-keygen(1): avoid crash when using the -Y find-principals
command.
* A number of documentation and manual improvements, including
bz#3340, PR139, PR215, PR241, PR257
- Additional changes from 8.7p1 release:
= Potentially-incompatible changes
* scp(1): this release changes the behaviour of remote to remote
copies (e.g. "scp host-a:/path host-b:") to transfer through the
local host by default. This was previously available via the -3
flag. This mode avoids the need to expose credentials on the
origin hop, avoids triplicate interpretation of filenames by the
shell (by the local system, the copy origin and the destination)
and, in conjunction with the SFTP support for scp(1) mentioned
below, allows use of all authentication methods to the remote
hosts (previously, only non-interactive methods could be used).
A -R flag has been added to select the old behaviour.
* ssh(1)/sshd(8): both the client and server are now using a
stricter configuration file parser. The new parser uses more
shell-like rules for quotes, space and escape characters. It is
also more strict in rejecting configurations that include options
lacking arguments. Previously some options (e.g. DenyUsers) could
appear on a line with no subsequent arguments. This release will
reject such configurations. The new parser will also reject
configurations with unterminated quotes and multiple '='
characters after the option name.
* ssh(1): when using SSHFP DNS records for host key verification,
ssh(1) will verify all matching records instead of just those
with the specific signature type requested. This may cause host
key verification problems if stale SSHFP records of a different
or legacy signature type exist alongside other records for a
particular host. bz#3322
* ssh-keygen(1): when generating a FIDO key and specifying an
explicit attestation challenge (using -Ochallenge), the challenge
will now be hashed by the builtin security key middleware. This
removes the (undocumented) requirement that challenges be exactly
32 bytes in length and matches the expectations of libfido2.
* sshd(8): environment="..." directives in authorized_keys files are
now first-match-wins and limited to 1024 discrete environment
variable names.
= New features
* scp(1): experimental support for transfers using the SFTP protocol
as a replacement for the venerable SCP/RCP protocol that it has
traditionally used. SFTP offers more predictable filename handling
and does not require expansion of glob(3) patterns via the shell
on the remote side.
* sftp-server(8): add a protocol extension to support expansion of
~/ and ~user/ prefixed paths. This was added to support these
paths when used by scp(1) while in SFTP mode.
* ssh(1): add a ForkAfterAuthentication ssh_config(5) counterpart to
the ssh(1) -f flag. GHPR231
* ssh(1): add a StdinNull directive to ssh_config(5) that allows the
config file to do the same thing as -n does on the ssh(1) command-
line. GHPR231
* ssh(1): add a SessionType directive to ssh_config, allowing the
configuration file to offer equivalent control to the -N (no
session) and -s (subsystem) command-line flags. GHPR231
* ssh-keygen(1): allowed signers files used by ssh-keygen(1)
signatures now support listing key validity intervals alongside
they key, and ssh-keygen(1) can optionally check during signature
verification whether a specified time falls inside this interval.
This feature is intended for use by git to support signing and
verifying objects using ssh keys.
* ssh-keygen(8): support printing of the full public key in a sshsig
signature via a -Oprint-pubkey flag.
= Bugfixes
* ssh(1)/sshd(8): start time-based re-keying exactly on schedule in
the client and server mainloops. Previously the re-key timeout
could expire but re-keying would not start until a packet was sent
or received, causing a spin in select() if the connection was
quiescent.
* ssh-keygen(1): avoid Y2038 problem in printing certificate
validity lifetimes. Dates past 2^31-1 seconds since epoch were
displayed incorrectly on some platforms. bz#3329
* scp(1): allow spaces to appear in usernames for local to remote
and scp -3 remote to remote copies. bz#1164
* ssh(1)/sshd(8): remove references to ChallengeResponseAuthentication
in favour of KbdInteractiveAuthentication. The former is what was in
SSHv1, the latter is what is in SSHv2 (RFC4256) and they were
treated as somewhat but not entirely equivalent. We retain the old
name as a deprecated alias so configuration files continue to work
as well as a reference in the man page for people looking for it.
bz#3303
* ssh(1)/ssh-add(1)/ssh-keygen(1): fix decoding of X.509 subject name
when extracting a key from a PKCS#11 certificate. bz#3327
* ssh(1): restore blocking status on stdio fds before close. ssh(1)
needs file descriptors in non-blocking mode to operate but it was
not restoring the original state on exit. This could cause
problems with fds shared with other programs via the shell,
bz#3280 and GHPR246
* ssh(1)/sshd(8): switch both client and server mainloops from
select(3) to pselect(3). Avoids race conditions where a signal
may arrive immediately before select(3) and not be processed until
an event fires. bz#2158
* ssh(1): sessions started with ControlPersist were incorrectly
executing a shell when the -N (no shell) option was specified.
bz#3290
* ssh(1): check if IPQoS or TunnelDevice are already set before
overriding. Prevents values in config files from overriding values
supplied on the command line. bz#3319
* ssh(1): fix debug message when finding a private key to match a
certificate being attempted for user authentication. Previously it
would print the certificate's path, whereas it was supposed to be
showing the private key's path. GHPR247
* sshd(8): match host certificates against host public keys, not
private keys. Allows use of certificates with private keys held in
a ssh-agent. bz#3524
* ssh(1): add a workaround for a bug in OpenSSH 7.4 sshd(8), which
allows RSA/SHA2 signatures for public key authentication but fails
to advertise this correctly via SSH2_MSG_EXT_INFO. This causes
clients of these server to incorrectly match
PubkeyAcceptedAlgorithmse and potentially refuse to offer valid
keys. bz#3213
* sftp(1)/scp(1): degrade gracefully if a sftp-server offers the
limits(a)openssh.com extension but fails when the client tries to
invoke it. bz#3318
* ssh(1): allow ssh_config SetEnv to override $TERM, which is
otherwise handled specially by the protocol. Useful in ~/.ssh/config
to set TERM to something generic (e.g. "xterm" instead of
"xterm-256color") for destinations that lack terminfo entries.
* sftp-server(8): the limits(a)openssh.com extension was incorrectly
marked as an operation that writes to the filesystem, which made it
unavailable in sftp-server read-only mode. bz#3318
* ssh(1): fix SEGV in UpdateHostkeys debug() message, triggered when
the update removed more host keys than remain present.
* Many manual page fixes.
- Additional changes from 8.6p1 release:
= Security
* sshd(8): OpenSSH 8.5 introduced the LogVerbose keyword. When this
option was enabled with a set of patterns that activated logging
in code that runs in the low-privilege sandboxed sshd process, the
log messages were constructed in such a way that printf(3) format
strings could effectively be specified the low-privilege code.
= New features
* sftp-server(8): add a new limits(a)openssh.com protocol extension
that allows a client to discover various server limits, including
maximum packet size and maximum read/write length.
* sftp(1): use the new limits(a)openssh.com extension (when available)
to select better transfer lengths in the client.
* sshd(8): Add ModuliFile keyword to sshd_config to specify the
location of the "moduli" file containing the groups for DH-GEX.
* unit tests: Add a TEST_SSH_ELAPSED_TIMES environment variable to
enable printing of the elapsed time in seconds of each test.
= Bugfixes
* ssh_config(5), sshd_config(5): sync CASignatureAlgorithms lists in
manual pages with the current default. GHPR174
* ssh(1): ensure that pkcs11_del_provider() is called before exit.
GHPR234
* ssh(1), sshd(8): fix problems in string->argv conversion. Multiple
backslashes were not being dequoted correctly and quoted space in
the middle of a string was being incorrectly split. GHPR223
* ssh(1): return non-zero exit status when killed by signal; bz#3281
* sftp-server(8): increase maximum SSH2_FXP_READ to match the maximum
packet size. Also handle zero-length reads that are not explicitly
banned by the spec.
- Additional changes from 8.5p1 release:
= Security
* ssh-agent(1): fixed a double-free memory corruption that was
introduced in OpenSSH 8.2 . We treat all such memory faults as
potentially exploitable. This bug could be reached by an attacker
with access to the agent socket.
= Potentially-incompatible changes
* ssh(1), sshd(8): this release changes the first-preference signature
algorithm from ECDSA to ED25519.
* ssh(1), sshd(8): set the TOS/DSCP specified in the configuration
for interactive use prior to TCP connect. The connection phase of
the SSH session is time-sensitive and often explicitly interactive.
The ultimate interactive/bulk TOS/DSCP will be set after
authentication completes.
* ssh(1), sshd(8): remove the pre-standardization cipher
rijndael-cbc(a)lysator.liu.se. It is an alias for aes256-cbc before
it was standardized in RFC4253 (2006), has been deprecated and
disabled by default since OpenSSH 7.2 (2016) and was only briefly
documented in ssh.1 in 2001.
* ssh(1), sshd(8): update/replace the experimental post-quantum
hybrid key exchange method based on Streamlined NTRU Prime coupled
with X25519. The previous sntrup4591761x25519-sha512(a)tinyssh.org
method is replaced with sntrup761x25519-sha512(a)openssh.com.
* ssh(1): disable CheckHostIP by default. It provides insignificant
benefits while making key rotation significantly more difficult,
especially for hosts behind IP-based load-balancers.
= New features
* ssh(1): this release enables UpdateHostkeys by default subject to
some conservative preconditions:
- The key was matched in the UserKnownHostsFile (and not in the
GlobalKnownHostsFile).
- The same key does not exist under another name.
- A certificate host key is not in use.
- known_hosts contains no matching wildcard hostname pattern.
- VerifyHostKeyDNS is not enabled.
- The default UserKnownHostsFile is in use.
* ssh(1), sshd(8): add a new LogVerbose configuration directive for
that allows forcing maximum debug logging by file/function/line
pattern-lists.
* ssh(1): when prompting the user to accept a new hostkey, display
any other host names/addresses already associated with the key.
* ssh(1): allow UserKnownHostsFile=none to indicate that no
known_hosts file should be used to identify host keys.
* ssh(1): add a ssh_config KnownHostsCommand option that allows the
client to obtain known_hosts data from a command in addition to
the usual files.
* ssh(1): add a ssh_config PermitRemoteOpen option that allows the
client to restrict the destination when RemoteForward is used
with SOCKS.
* ssh(1): for FIDO keys, if a signature operation fails with a
"incorrect PIN" reason and no PIN was initially requested from the
user, then request a PIN and retry the operation. This supports
some biometric devices that fall back to requiring PIN when reading
of the biometric failed, and devices that require PINs for all
hosted credentials.
* sshd(8): implement client address-based rate-limiting via new
sshd_config(5) PerSourceMaxStartups and PerSourceNetBlockSize
directives that provide more fine-grained control on a per-origin
address basis than the global MaxStartups limit.
= Bugfixes
* ssh(1): Prefix keyboard interactive prompts with "(user@host)" to
make it easier to determine which connection they are associated
with in cases like scp -3, ProxyJump, etc. bz#3224
* sshd(8): fix sshd_config SetEnv directives located inside Match
blocks. GHPR201
* ssh(1): when requesting a FIDO token touch on stderr, inform the
user once the touch has been recorded.
* ssh(1): prevent integer overflow when ridiculously large
ConnectTimeout values are specified, capping the effective value
(for most platforms) at 24 days. bz#3229
* ssh(1): consider the ECDSA key subtype when ordering host key
algorithms in the client.
* ssh(1), sshd(8): rename the PubkeyAcceptedKeyTypes keyword to
PubkeyAcceptedAlgorithms. The previous name incorrectly suggested
that it control allowed key algorithms, when this option actually
specifies the signature algorithms that are accepted. The previous
name remains available as an alias. bz#3253
* ssh(1), sshd(8): similarly, rename HostbasedKeyTypes (ssh) and
HostbasedAcceptedKeyTypes (sshd) to HostbasedAcceptedAlgorithms.
* sftp-server(8): add missing lsetstat(a)openssh.com documentation
and advertisement in the server's SSH2_FXP_VERSION hello packet.
* ssh(1), sshd(8): more strictly enforce KEX state-machine by
banning packet types once they are received. Fixes memleak caused
by duplicate SSH2_MSG_KEX_DH_GEX_REQUEST (oss-fuzz #30078).
* sftp(1): allow the full range of UIDs/GIDs for chown/chgrp on 32bit
platforms instead of being limited by LONG_MAX. bz#3206
* Minor man page fixes (capitalization, commas, etc.) bz#3223
* sftp(1): when doing an sftp recursive upload or download of a
read-only directory, ensure that the directory is created with
write and execute permissions in the interim so that the transfer
can actually complete, then set the directory permission as the
final step. bz#3222
* ssh-keygen(1): document the -Z, check the validity of its argument
earlier and provide a better error message if it's not correct.
bz#2879
* ssh(1): ignore comments at the end of config lines in ssh_config,
similar to what we already do for sshd_config. bz#2320
* sshd_config(5): mention that DisableForwarding is valid in a
sshd_config Match block. bz3239
* sftp(1): fix incorrect sorting of "ls -ltr" under some
circumstances. bz3248.
* ssh(1), sshd(8): fix potential integer truncation of (unlikely)
timeout values. bz#3250
* ssh(1): make hostbased authentication send the signature algorithm
in its SSH2_MSG_USERAUTH_REQUEST packets instead of the key type.
This make HostbasedAcceptedAlgorithms do what it is supposed to -
filter on signature algorithm and not key type.
- Rebased patches:
* openssh-7.7p1-IPv6_X_forwarding.patch
* openssh-7.7p1-X11_trusted_forwarding.patch
* openssh-7.7p1-X_forward_with_disabled_ipv6.patch
* openssh-7.7p1-cavstest-ctr.patch
* openssh-7.7p1-cavstest-kdf.patch
* openssh-7.7p1-disable_openssl_abi_check.patch
* openssh-7.7p1-eal3.patch
* openssh-7.7p1-enable_PAM_by_default.patch
* openssh-7.7p1-fips.patch
* openssh-7.7p1-fips_checks.patch
* openssh-7.7p1-host_ident.patch
* openssh-7.7p1-hostname_changes_when_forwarding_X.patch
* openssh-7.7p1-ldap.patch
* openssh-7.7p1-no_fork-no_pid_file.patch
* openssh-7.7p1-pam_check_locks.patch
* openssh-7.7p1-pts_names_formatting.patch
* openssh-7.7p1-remove_xauth_cookies_on_exit.patch
* openssh-7.7p1-seccomp_ipc_flock.patch
* openssh-7.7p1-seccomp_stat.patch
* openssh-7.7p1-send_locale.patch
* openssh-7.7p1-sftp_force_permissions.patch
* openssh-7.7p1-sftp_print_diagnostic_messages.patch
* openssh-7.7p1-systemd-notify.patch
* openssh-7.9p1-keygen-preserve-perms.patch
* openssh-7.9p1-revert-new-qos-defaults.patch
* openssh-8.0p1-gssapi-keyex.patch
* openssh-8.1p1-audit.patch
* openssh-8.1p1-seccomp-clock_gettime64.patch
* openssh-8.1p1-seccomp-clock_nanosleep.patch
* openssh-8.1p1-seccomp-clock_nanosleep_time64.patch
* openssh-8.1p1-use-openssl-kdf.patch
* openssh-8.4p1-vendordir.patch
* openssh-fips-ensure-approved-moduli.patch
* openssh-link-with-sk.patch
* openssh-reenable-dh-group14-sha1-default.patch
* openssh-whitelist-syscalls.patch
- Removed openssh-fix-ssh-copy-id.patch (fixed upstream).
- openssh.keyring: rotated to new key from https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/RELEASE_KEY.asc
- sshd-gen-keys-start:
- only source sysconfig file if it exists.
- create /etc/ssh if it does not exists.
Required for image based installation/updates.
==== patterns-microos ====
Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-base-microdnf patterns-microos-base-packagekit patterns-microos-base-zypper patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-ra_agent patterns-microos-ra_verifier patterns-microos-selinux patterns-microos-sssd_ldap
- Add xdg-desktop-portal-gnome to gnome pattern
- Drop gnome-power-manager Requires: Package is dormant upstream
and on it's way to be replaced by new features inside of
gnome-control-center.
8 months, 2 weeks
- 1
- 0
New ARM MicroOS snapshot 20211008 released!
by Guillaume Gardet
Please note that this mail was generated by a script.
The described changes are computed based on the aarch64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=3&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
Mesa
Mesa-drivers
bash
ca-certificates-mozilla (2.50 -> 2.52)
cogl
e2fsprogs
elfutils
filesystem
gawk
gtk4
ldb (2.3.0 -> 2.4.0)
libsolv (0.7.19 -> 0.7.20)
libsoup2
lz4
mozilla-nss (3.69.1 -> 3.70)
samba (4.14.6+git.182.2205d5224e3 -> 4.15.0+git.185.378416e547c)
tar
timezone (2021a -> 2021c)
transactional-update (3.5.5 -> 3.5.6)
u-boot-rpiarm64 (2021.07 -> 2021.10)
=== Details ===
==== Mesa ====
Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1
- Fix build with LLVM 13:
* U_gallivm-add-new-wrapper-around-Module.patch
* U_gallivm-fix-FTBFS-on-i386-with-LLVM-13.patch
==== Mesa-drivers ====
Subpackages: Mesa-dri Mesa-gallium
- Fix build with LLVM 13:
* U_gallivm-add-new-wrapper-around-Module.patch
* U_gallivm-fix-FTBFS-on-i386-with-LLVM-13.patch
==== bash ====
- Install bash_builtins manpage under the correct name
==== ca-certificates-mozilla ====
Version update (2.50 -> 2.52)
- updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006)
- Added CAs:
+ HARICA Client ECC Root CA 2021
+ HARICA Client RSA Root CA 2021
+ HARICA TLS ECC Root CA 2021
+ HARICA TLS RSA Root CA 2021
+ TunTrust Root CA
- remove the DST_Root_CA_X3.pem trust, as it expires september 30th 2021.
(bsc#1190858)
==== cogl ====
Subpackages: libcogl-pango20 libcogl20
- Add 2bd3cbed45d633fb15625d58e6b7cb8721b0ba98.patch: cogl-gles2:
Fix undefined references. Following this, add libtool
BuildRequires and pass autoreconf call before configure as the
patch touches the buildsystem.
- Add patches from fedora that should have gone upstream:
+ 0001-egl-Use-eglGetPlatformDisplay-not-eglGetDisplay.patch:
egl: Use eglGetPlatformDisplay not eglGetDisplay.
+ 0002-add-GL_ARB_shader_texture_lod-support.patch: Add
GL_ARB_shader_texture_lod support.
+ 0003-texture-support-copy_sub_image.patch: texture: Support
copy_sub_image.
==== e2fsprogs ====
Subpackages: libcom_err2 libext2fs2
- quota-Add-support-to-version-0-quota-format.patch: quota: Add support to
version 0 quota format (jsc#SLE-17360)
quota-Fold-quota_read_all_dquots-into-quota_update_l.patch: quota: Fold
quota_read_all_dquots() into quota_update_limits() (jsc#SLE-17360)
quota-Rename-quota_update_limits-to-quota_read_all_d.patch: quota: Rename
quota_update_limits() to quota_read_all_dquots() (jsc#SLE-17360)
tune2fs-Fix-conversion-of-quota-files.patch: tune2fs: Fix conversion of quota
files (jsc#SLE-17360)
e2fsck-Do-not-trash-user-limits-when-processing-orph.patch: e2fsck: Do not
trash user limits when processing orphan list (jsc#SLE-17360)
debugfs-Fix-headers-for-quota-commands.patch: debugfs: Fix headers for quota
commands (jsc#SLE-17360)
quota-Drop-dead-code.patch: quota: Drop dead code (jsc#SLE-17360)
- add these not yet released fixes to e2fsprogs package so that SLE15-SP4 ships
with them
==== elfutils ====
Subpackages: libasm1 libdw1 libelf1
- Enhance license fields: all the libraries actually have a different
license to the tools. While the tools are GPL-3.0-or-later, the
libraries are (LGPL-3.0-or-later OR GPL-2.0-or-later)
SLE bug (for tracking the above) bsc#1191310
==== filesystem ====
- don't perform UsrMerge if ZYPP_SINGLE_RPMTRANS is set. Rely on
file trigger compat mode in that case and do it posttrans
(boo#1189788).
- generic %ghost handling instead of hardcoding
==== gawk ====
- remove update-alternatives support, as on linux systems GNU software
(i.e. gawk in this case) is usually considered the default implementation.
- use %make macros
==== gtk4 ====
Subpackages: gtk4-schema libgtk-4-1 typelib-1_0-Gtk-4_0
- Fix a syntax error in the gtk4_immodule_postun RPM macro
==== ldb ====
Version update (2.3.0 -> 2.4.0)
- Update to version 2.4.0
+ Improve calculate_popt_array_length()
+ Use C99 initializers for builtin_popt_options[]
+ pyldb: Fix Message.items() for a message containing elements
+ pyldb: Add test for Message.items()
+ tests: Use ldbsearch '--scope instead of '-s'
+ pyldb: fix a typo
+ Change page size of guidindexpackv1.ldb
+ Use a 1MiB lmdb so the test also passes on aarch64 CentOS stream
+ attrib_handler casefold: simplify space dropping
+ fix ldb_comparison_fold off-by-one overrun
+ CVE-2020-27840: pytests: move Dn.validate test to ldb
+ CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode
+ CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds
+ CVE-2021-20277 ldb tests: ldb_match tests with extra spaces
+ improve comments for ldb_module_connect_backend()
+ test/ldb_tdb: correct introductory comments
+ ldb.h: remove undefined async_ctx function signatures
+ correct comments in attrib_handers val_to_int64
+ dn tests use cmocka print functions
+ ldb_match: remove redundant check
+ add tests for ldb_wildcard_compare
+ ldb_match: trailing chunk must match end of string
+ pyldb: catch potential overflow error in py_timestring
+ ldb: remove some 'if PY3's in tests
+ Add missing break in switch statement
==== libsolv ====
Version update (0.7.19 -> 0.7.20)
- fix misparsing of '&' in attributes with libxml2
- choice rules: treat orphaned packages as newest [bsc#1190465]
- fix compatibility with Python 3.10
- new SOLVER_EXCLUDEFROMWEAK job type
- support for environments in comps parser
- bump version to 0.7.20
- Disable python2 usage on suse_version >= 1550 by default (still
possible to use osc build --with=python).
==== libsoup2 ====
Subpackages: libsoup-2_4-1 typelib-1_0-Soup-2_4
- Add libsoup2-extend-test-cert.patch to fix tests after 2027 (boo#1102840)
==== lz4 ====
- version 1.9.3 fixes also CVE-2021-3520 [bsc#1185438]
==== mozilla-nss ====
Version update (3.69.1 -> 3.70)
Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs
- update to NSS 3.70
* bmo#1726022 - Update test case to verify fix.
* bmo#1714579 - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max
* bmo#1714579 - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback
* bmo#1681975 - Avoid using a lookup table in nssb64d.
* bmo#1724629 - Use HW accelerated SHA2 on AArch64 Big Endian.
* bmo#1714579 - Change default value of enableHelloDowngradeCheck to true.
* bmo#1726022 - Cache additional PBE entries.
* bmo#1709750 - Read HPKE vectors from official JSON.
- required for Firefox 93
==== samba ====
Version update (4.14.6+git.182.2205d5224e3 -> 4.15.0+git.185.378416e547c)
Subpackages: libdcerpc-binding0 libdcerpc0 libndr-krb5pac0 libndr-nbt0 libndr-standard0 libnetapi0 libsamba-credentials1 libsamba-errors0 libsamba-hostconfig0 libsamba-passdb0 libsamba-util0 libsamdb0 libsmbclient0 libsmbconf0 libsmbldap2 libtevent-util0 libwbclient0 samba-client samba-libs
- Adjust spec to use pam macros; (bsc#1191046).
- Adjust spec for size
* allow some Recommends instead Requires to be configured
for cifs-utils, samba-libs-python3 & samba-gpupdate;
(bsc#1182847).
* remove fam, undocumented and unneeded.
- Add missing build dependency on bison when building with the
embedded Heimdal Kerberos
- Update to 4.15.0
* Removed SMB development dialects SMB2_22, SMB2_24 and SMB3_10
* VFS layer modernized.
* Add the ability to set allow/deny lists for zone transfer clients
in Bind DLZ plugin
* Server multi-channel support no longer experimental
* Improved command line user experience, unifying the options in
different commands
* Winbindd no longer scans trusted domains on startup and will use
enterprise principals by default.
* The net utility is now able to support the offline domain join feature
* New options for 'samba-tool dns zoneoptions' for aging control
and to mark old records as static or dynamic
* DNS tombstones are now deleted as appropriate and use a consistent
timestamp format
* The 'samba-tool dns update' command validates and rejects now malformed
IPv4 and IPv6 addresses
* The 'samba-tool domain backup' command correctly takes out locks
against concurrent modification during backup when using the LMDB
backend
* TruACL support has been removed
* NIS support has been removed
- Update to 4.14.7
* smbd panic on force-close share during offload write; (bso#14769);
* smbd should support copy_file_range() for FSCTL_SRV_COPYCHUNK;
(bso#12033);
* Fix returned attributes on fake quota file handle and avoid hitting
the VFS; (bso#14731);
* vfs_shadow_copy2 fix inodes not correctly updating inode numbers;
(bso#14756);
* Fix build on Solaris; (bso#14774);
* Make dos attributes available for unreadable files; (bso#14654);
* Work around special SMB2 READ response behavior of NetApp Ontap
7.3.7; (bso#14607);
* Start the SMB encryption as soon as possible; (bso#14793);
==== tar ====
- The following issues have already been fixed in this package but
weren't previously mentioned in the changes file:
* bsc#1181131
* bsc#1120610
==== timezone ====
Version update (2021a -> 2021c)
- timezone update 2021c:
* Revert almost all of 2021b's changes to the 'backward' file
* Fix a bug in 'zic -b fat' that caused old timestamps to be
mishandled in 32-bit-only readers
- timezone update 2021b:
* Jordan now starts DST on February's last Thursday.
* Samoa no longer observes DST.
* Move some backward-compatibility links to 'backward'.
* Rename Pacific/Enderbury to Pacific/Kanton.
* Correct many pre-1993 transitions in Malawi, Portugal, etc.
* zic now creates each output file or link atomically.
* zic -L no longer omits the POSIX TZ string in its output.
* zic fixes for truncation and leap second table expiration.
* zic now follows POSIX for TZ strings using all-year DST.
* Fix some localtime crashes and bugs in obscure cases.
* zdump -v now outputs more-useful boundary cases.
* tzfile.5 better matches a draft successor to RFC 8536.
==== transactional-update ====
Version update (3.5.5 -> 3.5.6)
Subpackages: dracut-transactional-update libtukit0 transactional-update-zypp-config tukit
- Version 3.5.6
- tukit: Add S/390 bootloader support [bsc#1189807]
- t-u: support purge-kernels with t-u patch [bsc#1190788]
==== u-boot-rpiarm64 ====
Version update (2021.07 -> 2021.10)
Subpackages: u-boot-rpiarm64-doc
- Update to 2021.10
Fix Grub loading slowdown when connecting USB keyboard (bsc#1171222).
Enable BTRFS for Risc-V.
Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.10
* Patches added:
0013-riscv-enable-CMD_BTRFS.patch
0014-Disable-timer-check-in-file-loading.patch
- Update to 2021.10-rc5
- Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.10
* Patches dropped (upstreamed):
0013-configs-rpi-Enable-SMBIOS-sysinfo-d.patch
- Add hack to allow enabling CONFIG_CMD_BTRFS on riscv64
- Add sifiveunmatched flavor
- Update to 2021.10-rc4
- Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.10
* Patches dropped:
0014-btrfs-Use-default-subvolume-as-file.patch
8 months, 3 weeks
- 1
- 0
New ARM Kubic snapshot 20211008 released!
by Guillaume Gardet
Please note that this mail was generated by a script.
The described changes are computed based on the aarch64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=3&version=T…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
bash
ca-certificates-mozilla (2.50 -> 2.52)
e2fsprogs
elfutils
filesystem
gawk
ldb (2.3.0 -> 2.4.0)
libsolv (0.7.19 -> 0.7.20)
libsoup2
lz4
tar
timezone (2021a -> 2021c)
transactional-update (3.5.5 -> 3.5.6)
u-boot-rpiarm64 (2021.07 -> 2021.10)
=== Details ===
==== bash ====
- Install bash_builtins manpage under the correct name
==== ca-certificates-mozilla ====
Version update (2.50 -> 2.52)
- updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006)
- Added CAs:
+ HARICA Client ECC Root CA 2021
+ HARICA Client RSA Root CA 2021
+ HARICA TLS ECC Root CA 2021
+ HARICA TLS RSA Root CA 2021
+ TunTrust Root CA
- remove the DST_Root_CA_X3.pem trust, as it expires september 30th 2021.
(bsc#1190858)
==== e2fsprogs ====
Subpackages: libcom_err2 libext2fs2
- quota-Add-support-to-version-0-quota-format.patch: quota: Add support to
version 0 quota format (jsc#SLE-17360)
quota-Fold-quota_read_all_dquots-into-quota_update_l.patch: quota: Fold
quota_read_all_dquots() into quota_update_limits() (jsc#SLE-17360)
quota-Rename-quota_update_limits-to-quota_read_all_d.patch: quota: Rename
quota_update_limits() to quota_read_all_dquots() (jsc#SLE-17360)
tune2fs-Fix-conversion-of-quota-files.patch: tune2fs: Fix conversion of quota
files (jsc#SLE-17360)
e2fsck-Do-not-trash-user-limits-when-processing-orph.patch: e2fsck: Do not
trash user limits when processing orphan list (jsc#SLE-17360)
debugfs-Fix-headers-for-quota-commands.patch: debugfs: Fix headers for quota
commands (jsc#SLE-17360)
quota-Drop-dead-code.patch: quota: Drop dead code (jsc#SLE-17360)
- add these not yet released fixes to e2fsprogs package so that SLE15-SP4 ships
with them
==== elfutils ====
Subpackages: libasm1 libdw1 libelf1
- Enhance license fields: all the libraries actually have a different
license to the tools. While the tools are GPL-3.0-or-later, the
libraries are (LGPL-3.0-or-later OR GPL-2.0-or-later)
SLE bug (for tracking the above) bsc#1191310
==== filesystem ====
- don't perform UsrMerge if ZYPP_SINGLE_RPMTRANS is set. Rely on
file trigger compat mode in that case and do it posttrans
(boo#1189788).
- generic %ghost handling instead of hardcoding
==== gawk ====
- remove update-alternatives support, as on linux systems GNU software
(i.e. gawk in this case) is usually considered the default implementation.
- use %make macros
==== ldb ====
Version update (2.3.0 -> 2.4.0)
- Update to version 2.4.0
+ Improve calculate_popt_array_length()
+ Use C99 initializers for builtin_popt_options[]
+ pyldb: Fix Message.items() for a message containing elements
+ pyldb: Add test for Message.items()
+ tests: Use ldbsearch '--scope instead of '-s'
+ pyldb: fix a typo
+ Change page size of guidindexpackv1.ldb
+ Use a 1MiB lmdb so the test also passes on aarch64 CentOS stream
+ attrib_handler casefold: simplify space dropping
+ fix ldb_comparison_fold off-by-one overrun
+ CVE-2020-27840: pytests: move Dn.validate test to ldb
+ CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode
+ CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds
+ CVE-2021-20277 ldb tests: ldb_match tests with extra spaces
+ improve comments for ldb_module_connect_backend()
+ test/ldb_tdb: correct introductory comments
+ ldb.h: remove undefined async_ctx function signatures
+ correct comments in attrib_handers val_to_int64
+ dn tests use cmocka print functions
+ ldb_match: remove redundant check
+ add tests for ldb_wildcard_compare
+ ldb_match: trailing chunk must match end of string
+ pyldb: catch potential overflow error in py_timestring
+ ldb: remove some 'if PY3's in tests
+ Add missing break in switch statement
==== libsolv ====
Version update (0.7.19 -> 0.7.20)
- fix misparsing of '&' in attributes with libxml2
- choice rules: treat orphaned packages as newest [bsc#1190465]
- fix compatibility with Python 3.10
- new SOLVER_EXCLUDEFROMWEAK job type
- support for environments in comps parser
- bump version to 0.7.20
- Disable python2 usage on suse_version >= 1550 by default (still
possible to use osc build --with=python).
==== libsoup2 ====
- Add libsoup2-extend-test-cert.patch to fix tests after 2027 (boo#1102840)
==== lz4 ====
- version 1.9.3 fixes also CVE-2021-3520 [bsc#1185438]
==== tar ====
- The following issues have already been fixed in this package but
weren't previously mentioned in the changes file:
* bsc#1181131
* bsc#1120610
==== timezone ====
Version update (2021a -> 2021c)
- timezone update 2021c:
* Revert almost all of 2021b's changes to the 'backward' file
* Fix a bug in 'zic -b fat' that caused old timestamps to be
mishandled in 32-bit-only readers
- timezone update 2021b:
* Jordan now starts DST on February's last Thursday.
* Samoa no longer observes DST.
* Move some backward-compatibility links to 'backward'.
* Rename Pacific/Enderbury to Pacific/Kanton.
* Correct many pre-1993 transitions in Malawi, Portugal, etc.
* zic now creates each output file or link atomically.
* zic -L no longer omits the POSIX TZ string in its output.
* zic fixes for truncation and leap second table expiration.
* zic now follows POSIX for TZ strings using all-year DST.
* Fix some localtime crashes and bugs in obscure cases.
* zdump -v now outputs more-useful boundary cases.
* tzfile.5 better matches a draft successor to RFC 8536.
==== transactional-update ====
Version update (3.5.5 -> 3.5.6)
Subpackages: dracut-transactional-update libtukit0 transactional-update-zypp-config tukit
- Version 3.5.6
- tukit: Add S/390 bootloader support [bsc#1189807]
- t-u: support purge-kernels with t-u patch [bsc#1190788]
==== u-boot-rpiarm64 ====
Version update (2021.07 -> 2021.10)
Subpackages: u-boot-rpiarm64-doc
- Update to 2021.10
Fix Grub loading slowdown when connecting USB keyboard (bsc#1171222).
Enable BTRFS for Risc-V.
Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.10
* Patches added:
0013-riscv-enable-CMD_BTRFS.patch
0014-Disable-timer-check-in-file-loading.patch
- Update to 2021.10-rc5
- Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.10
* Patches dropped (upstreamed):
0013-configs-rpi-Enable-SMBIOS-sysinfo-d.patch
- Add hack to allow enabling CONFIG_CMD_BTRFS on riscv64
- Add sifiveunmatched flavor
- Update to 2021.10-rc4
- Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.10
* Patches dropped:
0014-btrfs-Use-default-subvolume-as-file.patch
8 months, 3 weeks
- 1
- 0
New MicroOS snapshot 20211008 released!
by Richard Brown
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
Mesa
bash
ca-certificates-mozilla (2.50 -> 2.52)
cogl
e2fsprogs
elfutils
filesystem
gawk
gtk4
kernel-default-base (5.14.6 -> 5.14.9)
kernel-source (5.14.6 -> 5.14.9)
ldb (2.3.0 -> 2.4.0)
libcap (2.51 -> 2.59)
libjpeg-turbo
libsolv (0.7.19 -> 0.7.20)
libsoup2
llvm12
lz4
mozilla-nss (3.69.1 -> 3.70)
samba (4.14.6+git.182.2205d5224e3 -> 4.15.0+git.185.378416e547c)
suse-module-tools (16.0.10+7 -> 16.0.11)
tar
timezone (2021a -> 2021c)
transactional-update (3.5.5 -> 3.5.6)
=== Details ===
==== Mesa ====
Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1
- Fix build with LLVM 13:
* U_gallivm-add-new-wrapper-around-Module.patch
* U_gallivm-fix-FTBFS-on-i386-with-LLVM-13.patch
==== bash ====
- Install bash_builtins manpage under the correct name
==== ca-certificates-mozilla ====
Version update (2.50 -> 2.52)
- updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006)
- Added CAs:
+ HARICA Client ECC Root CA 2021
+ HARICA Client RSA Root CA 2021
+ HARICA TLS ECC Root CA 2021
+ HARICA TLS RSA Root CA 2021
+ TunTrust Root CA
- remove the DST_Root_CA_X3.pem trust, as it expires september 30th 2021.
(bsc#1190858)
==== cogl ====
Subpackages: libcogl-pango20 libcogl20
- Add 2bd3cbed45d633fb15625d58e6b7cb8721b0ba98.patch: cogl-gles2:
Fix undefined references. Following this, add libtool
BuildRequires and pass autoreconf call before configure as the
patch touches the buildsystem.
- Add patches from fedora that should have gone upstream:
+ 0001-egl-Use-eglGetPlatformDisplay-not-eglGetDisplay.patch:
egl: Use eglGetPlatformDisplay not eglGetDisplay.
+ 0002-add-GL_ARB_shader_texture_lod-support.patch: Add
GL_ARB_shader_texture_lod support.
+ 0003-texture-support-copy_sub_image.patch: texture: Support
copy_sub_image.
==== e2fsprogs ====
Subpackages: libcom_err2 libext2fs2
- quota-Add-support-to-version-0-quota-format.patch: quota: Add support to
version 0 quota format (jsc#SLE-17360)
quota-Fold-quota_read_all_dquots-into-quota_update_l.patch: quota: Fold
quota_read_all_dquots() into quota_update_limits() (jsc#SLE-17360)
quota-Rename-quota_update_limits-to-quota_read_all_d.patch: quota: Rename
quota_update_limits() to quota_read_all_dquots() (jsc#SLE-17360)
tune2fs-Fix-conversion-of-quota-files.patch: tune2fs: Fix conversion of quota
files (jsc#SLE-17360)
e2fsck-Do-not-trash-user-limits-when-processing-orph.patch: e2fsck: Do not
trash user limits when processing orphan list (jsc#SLE-17360)
debugfs-Fix-headers-for-quota-commands.patch: debugfs: Fix headers for quota
commands (jsc#SLE-17360)
quota-Drop-dead-code.patch: quota: Drop dead code (jsc#SLE-17360)
- add these not yet released fixes to e2fsprogs package so that SLE15-SP4 ships
with them
==== elfutils ====
Subpackages: libasm1 libdw1 libelf1
- Enhance license fields: all the libraries actually have a different
license to the tools. While the tools are GPL-3.0-or-later, the
libraries are (LGPL-3.0-or-later OR GPL-2.0-or-later)
SLE bug (for tracking the above) bsc#1191310
==== filesystem ====
- don't perform UsrMerge if ZYPP_SINGLE_RPMTRANS is set. Rely on
file trigger compat mode in that case and do it posttrans
(boo#1189788).
- generic %ghost handling instead of hardcoding
==== gawk ====
- remove update-alternatives support, as on linux systems GNU software
(i.e. gawk in this case) is usually considered the default implementation.
- use %make macros
==== gtk4 ====
Subpackages: gtk4-schema libgtk-4-1 typelib-1_0-Gtk-4_0
- Fix a syntax error in the gtk4_immodule_postun RPM macro
==== kernel-default-base ====
Version update (5.14.6 -> 5.14.9)
- Add nls_utf8 module (boo#1190797)
==== kernel-source ====
Version update (5.14.6 -> 5.14.9)
- ALSA: usb-audio: Restrict rates for the shared clocks
(bsc#1190418).
- commit d0ace7f
- Update
patches.kernel.org/5.14.9-147-Revert-drm-vc4-hdmi-runtime-PM-changes.patch
(bsc#1012628 bsc#1190469).
- Delete patches.suse/drm-vc4-hdmi-Fix-HPD-GPIO-detection.patch.
The former superseded the latter.
- commit 2bc4ba2
- Linux 5.14.9 (bsc#1012628).
- mm, hwpoison: add is_free_buddy_page() in HWPoisonHandlable()
(bsc#1012628).
- ocfs2: drop acl cache for directories too (bsc#1012628).
- mm/debug: sync up MR_CONTIG_RANGE and MR_LONGTERM_PIN
(bsc#1012628).
- mm: fix uninitialized use in overcommit_policy_handler
(bsc#1012628).
- usb: gadget: r8a66597: fix a loop in set_feature()
(bsc#1012628).
- usb: gadget: u_audio: EP-OUT bInterval in fback frequency
(bsc#1012628).
- usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave
(bsc#1012628).
- usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA
(bsc#1012628).
- usb: musb: tusb6010: uninitialized data in
tusb_fifo_write_unaligned() (bsc#1012628).
- cifs: Not to defer close on file when lock is set (bsc#1012628).
- cifs: Fix soft lockup during fsstress (bsc#1012628).
- cifs: fix incorrect check for null pointer in header_assemble
(bsc#1012628).
- xen/x86: fix PV trap handling on secondary processors
(bsc#1012628).
- usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c
(bsc#1012628).
- USB: serial: cp210x: add ID for GW Instek GDM-834x Digital
Multimeter (bsc#1012628).
- USB: cdc-acm: fix minor-number release (bsc#1012628).
- Revert "USB: bcma: Add a check for devm_gpiod_get"
(bsc#1012628).
- binder: make sure fd closes complete (bsc#1012628).
- binder: fix freeze race (bsc#1012628).
- staging: greybus: uart: fix tty use after free (bsc#1012628).
- usb: isp1760: do not sleep in field register poll (bsc#1012628).
- Re-enable UAS for LaCie Rugged USB3-FW with fk quirk
(bsc#1012628).
- usb: dwc3: core: balance phy init and exit (bsc#1012628).
- usb: cdns3: fix race condition before setting doorbell
(bsc#1012628).
- usb: core: hcd: Add support for deferring roothub registration
(bsc#1012628).
- USB: serial: mos7840: remove duplicated 0xac24 device ID
(bsc#1012628).
- USB: serial: option: add Telit LN920 compositions (bsc#1012628).
- USB: serial: option: remove duplicate USB device ID
(bsc#1012628).
- USB: serial: option: add device id for Foxconn T99W265
(bsc#1012628).
- misc: bcm-vk: fix tty registration race (bsc#1012628).
- misc: genwqe: Fixes DMA mask setting (bsc#1012628).
- mcb: fix error handling in mcb_alloc_bus() (bsc#1012628).
- KVM: rseq: Update rseq when processing NOTIFY_RESUME on xfer
to KVM guest (bsc#1012628).
- erofs: fix up erofs_lookup tracepoint (bsc#1012628).
- nexthop: Fix division by zero while replacing a resilient group
(bsc#1012628).
- btrfs: prevent __btrfs_dump_space_info() to underflow its free
space (bsc#1012628).
- xhci: Set HCD flag to defer primary roothub registration
(bsc#1012628).
- serial: 8250: 8250_omap: Fix RX_LVL register offset
(bsc#1012628).
- serial: mvebu-uart: fix driver's tx_empty callback
(bsc#1012628).
- scsi: sd_zbc: Ensure buffer size is aligned to SECTOR_SIZE
(bsc#1012628).
- drm/amd/pm: Update intermediate power state for SI
(bsc#1012628).
- net: hso: fix muxed tty registration (bsc#1012628).
- platform/x86: amd-pmc: Increase the response register timeout
(bsc#1012628).
- arm64: Restore forced disabling of KPTI on ThunderX
(bsc#1012628).
- arm64: Mitigate MTE issues with str{n}cmp() (bsc#1012628).
- comedi: Fix memory leak in compat_insnlist() (bsc#1012628).
- regulator: qcom-rpmh-regulator: fix pm8009-1 ldo7 resource name
(bsc#1012628).
- afs: Fix page leak (bsc#1012628).
- afs: Fix incorrect triggering of sillyrename on 3rd-party
invalidation (bsc#1012628).
- afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS
server (bsc#1012628).
- afs: Fix updating of i_blocks on file/dir extension
(bsc#1012628).
- platform/x86/intel: punit_ipc: Drop wrong use of ACPI_PTR()
(bsc#1012628).
- regulator: max14577: Revert "regulator: max14577: Add proper
module aliases strings" (bsc#1012628).
- NLM: Fix svcxdr_encode_owner() (bsc#1012628).
- virtio-net: fix pages leaking when building skb in big mode
(bsc#1012628).
- enetc: Fix illegal access when reading affinity_hint
(bsc#1012628).
- enetc: Fix uninitialized struct dim_sample field usage
(bsc#1012628).
- net: dsa: tear down devlink port regions when tearing down
the devlink port on error (bsc#1012628).
- net: bgmac-bcma: handle deferred probe error due to mac-address
(bsc#1012628).
- napi: fix race inside napi_enable (bsc#1012628).
- bnxt_en: Fix TX timeout when TX ring size is set to the smallest
(bsc#1012628).
- net: hns3: fix change RSS 'hfunc' ineffective issue
(bsc#1012628).
- net: hns3: fix inconsistent vf id print (bsc#1012628).
- net: hns3: fix misuse vf id and vport id in some logs
(bsc#1012628).
- net: hns3: check queue id range before using (bsc#1012628).
- net: hns3: check vlan id before using it (bsc#1012628).
- net: hns3: fix a return value error in hclge_get_reset_status()
(bsc#1012628).
- net/smc: add missing error check in smc_clc_prfx_set()
(bsc#1012628).
- net/smc: fix 'workqueue leaked lock' in smc_conn_abort_work
(bsc#1012628).
- net: dsa: fix dsa_tree_setup error path (bsc#1012628).
- net: dsa: don't allocate the slave_mii_bus using devres
(bsc#1012628).
- net: dsa: realtek: register the MDIO bus under devres
(bsc#1012628).
- platform/x86: dell: fix DELL_WMI_PRIVACY dependencies & build
error (bsc#1012628).
- kselftest/arm64: signal: Add SVE to the set of features we
can check for (bsc#1012628).
- kselftest/arm64: signal: Skip tests if required features are
missing (bsc#1012628).
- spi: Revert modalias changes (bsc#1012628).
- s390/qeth: fix NULL deref in qeth_clear_working_pool_list()
(bsc#1012628).
- gpiolib: acpi: Make set-debounce-timeout failures non fatal
(bsc#1012628).
- gpio: uniphier: Fix void functions to remove return value
(bsc#1012628).
- qed: rdma - don't wait for resources under hw error recovery
flow (bsc#1012628).
- mptcp: ensure tx skbs always have the MPTCP ext (bsc#1012628).
- nexthop: Fix memory leaks in nexthop notification chain
listeners (bsc#1012628).
- nfc: st-nci: Add SPI ID matching DT compatible (bsc#1012628).
- net: ethernet: mtk_eth_soc: avoid creating duplicate offload
entries (bsc#1012628).
- net: mscc: ocelot: fix forwarding from BLOCKING ports remaining
enabled (bsc#1012628).
- net/mlx4_en: Don't allow aRFS for encapsulated packets
(bsc#1012628).
- atlantic: Fix issue in the pm resume flow (bsc#1012628).
- drm/amdkfd: map SVM range with correct access permission
(bsc#1012628).
- drm/amdkfd: fix dma mapping leaking warning (bsc#1012628).
- scsi: iscsi: Adjust iface sysfs attr detection (bsc#1012628).
- scsi: target: Fix the pgr/alua_support_store functions
(bsc#1012628).
- tty: synclink_gt: rename a conflicting function name
(bsc#1012628).
- fpga: machxo2-spi: Return an error on failure (bsc#1012628).
- fpga: machxo2-spi: Fix missing error code in
machxo2_write_complete() (bsc#1012628).
- x86/fault: Fix wrong signal when vsyscall fails with pkey
(bsc#1012628).
- nvme-tcp: fix incorrect h2cdata pdu offset accounting
(bsc#1012628).
- nvme: keep ctrl->namespaces ordered (bsc#1012628).
- thermal/core: Potential buffer overflow in
thermal_build_list_of_policies() (bsc#1012628).
- cifs: fix a sign extension bug (bsc#1012628).
- scsi: sd_zbc: Support disks with more than 2**32 logical blocks
(bsc#1012628).
- scsi: ufs: Revert "Utilize Transfer Request List Completion
Notification Register" (bsc#1012628).
- scsi: ufs: Retry aborted SCSI commands instead of completing
these successfully (bsc#1012628).
- scsi: ufs: core: Unbreak the reset handler (bsc#1012628).
- scsi: qla2xxx: Restore initiator in dual mode (bsc#1012628).
- scsi: lpfc: Use correct scnprintf() limit (bsc#1012628).
- irqchip/goldfish-pic: Select GENERIC_IRQ_CHIP to fix build
(bsc#1012628).
- irqchip/gic-v3-its: Fix potential VPE leak on error
(bsc#1012628).
- md: fix a lock order reversal in md_alloc (bsc#1012628).
- x86/asm: Fix SETZ size enqcmds() build failure (bsc#1012628).
- io_uring: fix race between poll completion and cancel_hash
insertion (bsc#1012628).
- io_uring: fix missing set of EPOLLONESHOT for CQ ring overflow
(bsc#1012628).
- io_uring: put provided buffer meta data under memcg accounting
(bsc#1012628).
- io_uring: don't punt files update to io-wq unconditionally
(bsc#1012628).
- blktrace: Fix uaf in blk_trace access after removing by sysfs
(bsc#1012628).
- net: phylink: Update SFP selected interface on advertising
changes (bsc#1012628).
- net: macb: fix use after free on rmmod (bsc#1012628).
- net: stmmac: allow CSR clock of 300MHz (bsc#1012628).
- blk-mq: avoid to iterate over stale request (bsc#1012628).
- m68k: Double cast io functions to unsigned long (bsc#1012628).
- ipv6: delay fib6_sernum increase in fib6_add (bsc#1012628).
- dma-debug: prevent an error message from causing runtime
problems (bsc#1012628).
- cpufreq: intel_pstate: Override parameters if HWP forced by BIOS
(bsc#1012628).
- bpf: Add oversize check before call kvcalloc() (bsc#1012628).
- xen/balloon: use a kernel thread instead a workqueue
(bsc#1012628).
- nvme-multipath: fix ANA state updates when a namespace is not
present (bsc#1012628).
- nvme-rdma: destroy cm id before destroy qp to avoid use after
free (bsc#1012628).
- sparc32: page align size in arch_dma_alloc (bsc#1012628).
- amd/display: downgrade validation failure log level
(bsc#1012628).
- drm/ttm: fix type mismatch error on sparc64 (bsc#1012628).
- block: check if a profile is actually registered in
blk_integrity_unregister (bsc#1012628).
- block: flush the integrity workqueue in blk_integrity_unregister
(bsc#1012628).
- blk-cgroup: fix UAF by grabbing blkcg lock before destroying
blkg pd (bsc#1012628).
- compiler.h: Introduce absolute_pointer macro (bsc#1012628).
- net: i825xx: Use absolute_pointer for memcpy from fixed memory
location (bsc#1012628).
- sparc: avoid stringop-overread errors (bsc#1012628).
- qnx4: avoid stringop-overread errors (bsc#1012628).
- parisc: Use absolute_pointer() to define PAGE0 (bsc#1012628).
- drm/amdkfd: make needs_pcie_atomics FW-version dependent
(bsc#1012628).
- drm/amd/display: Fix unstable HPCP compliance on Chrome Barcelo
(bsc#1012628).
- drm/amd/display: Link training retry fix for abort case
(bsc#1012628).
- amd/display: enable panel orientation quirks (bsc#1012628).
- arm64: Mark __stack_chk_guard as __ro_after_init (bsc#1012628).
- alpha: Declare virt_to_phys and virt_to_bus parameter as
pointer to volatile (bsc#1012628).
- net: 6pack: Fix tx timeout and slot time (bsc#1012628).
- spi: Fix tegra20 build with CONFIG_PM=n (bsc#1012628).
- libperf evsel: Make use of FD robust (bsc#1012628).
- Revert drm/vc4 hdmi runtime PM changes (bsc#1012628).
- EDAC/synopsys: Fix wrong value type assignment for edac_mode
(bsc#1012628).
- EDAC/dmc520: Assign the proper type to dimm->edac_mode
(bsc#1012628).
- x86/setup: Call early_reserve_memory() earlier (bsc#1012628).
- thermal/drivers/int340x: Do not set a wrong tcc offset on resume
(bsc#1012628).
- irqchip/armada-370-xp: Fix ack/eoi breakage (bsc#1012628).
- arm64: add MTE supported check to thread switching and syscall
entry/exit (bsc#1012628).
- USB: serial: cp210x: fix dropped characters with CP2102
(bsc#1012628).
- software node: balance refcount for managed software nodes
(bsc#1012628).
- xen/balloon: fix balloon kthread freezing (bsc#1012628).
- qnx4: work around gcc false positive warning bug (bsc#1012628).
- usb: gadget: f_uac2: Add missing companion descriptor for
feedback EP (bsc#1012628).
- usb: gadget: f_uac2: Populate SS descriptors' wBytesPerInterval
(bsc#1012628).
- Refresh patches.suse/drm-vc4-hdmi-Fix-HPD-GPIO-detection.patch.
- commit 85f5318
- arm64: Update config files. (bsc#1185927)
Set PINCTRL_ZYNQMP as build-in.
- commit 4ae263c
- blacklist.conf: add idxd commit
- commit 06dbf6b
- nvmet: fix a width vs precision bug in
nvmet_subsys_attr_serial_show() (git-fixes).
- commit fef4ef0
- Linux 5.14.8 (bsc#1012628).
- drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (bsc#1012628).
- selinux,smack: fix subjective/objective credential use mixups
(bsc#1012628).
- io_uring: fix off-by-one in BUILD_BUG_ON check of
__REQ_F_LAST_BIT (bsc#1012628).
- cifs: properly invalidate cached root handle when closing it
(bsc#1012628).
- sched/idle: Make the idle timer expire in hard interrupt context
(bsc#1012628).
- rtc: rx8010: select REGMAP_I2C (bsc#1012628).
- blk-mq: allow 4x BLK_MAX_REQUEST_COUNT at blk_plug for
multiple_queues (bsc#1012628).
- blk-throttle: fix UAF by deleteing timer in blk_throtl_exit()
(bsc#1012628).
- block: genhd: don't call blkdev_show() with major_names_lock
held (bsc#1012628).
- nvmet: fixup buffer overrun in nvmet_subsys_attr_serial()
(bsc#1012628).
- pwm: stm32-lp: Don't modify HW state in .remove() callback
(bsc#1012628).
- pwm: rockchip: Don't modify HW state in .remove() callback
(bsc#1012628).
- pwm: img: Don't modify HW state in .remove() callback
(bsc#1012628).
- habanalabs: cannot sleep while holding spinlock (bsc#1012628).
- habanalabs: add "in device creation" status (bsc#1012628).
- habanalabs: fix mmu node address resolution in debugfs
(bsc#1012628).
- habanalabs: add validity check for event ID received from F/W
(bsc#1012628).
- drm/amdgpu: fix fdinfo race with process exit (bsc#1012628).
- drm/amd/display: Fix memory leak reported by coverity
(bsc#1012628).
- drm/amdgpu: Fixes to returning VBIOS RAS EEPROM address
(bsc#1012628).
- habanalabs: fix nullifying of destroyed mmu pgt pool
(bsc#1012628).
- thermal/drivers/rcar_gen3_thermal: Store TSC id as unsigned int
(bsc#1012628).
- nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group
(bsc#1012628).
- nilfs2: fix memory leak in nilfs_sysfs_create_snapshot_group
(bsc#1012628).
- nilfs2: fix memory leak in nilfs_sysfs_delete_##name##_group
(bsc#1012628).
- nilfs2: fix memory leak in nilfs_sysfs_create_##name##_group
(bsc#1012628).
- nilfs2: fix NULL pointer in nilfs_##name##_attr_release
(bsc#1012628).
- nilfs2: fix memory leak in nilfs_sysfs_create_device_group
(bsc#1012628).
- btrfs: fix lockdep warning while mounting sprout fs
(bsc#1012628).
- btrfs: delay blkdev_put until after the device remove
(bsc#1012628).
- btrfs: update the bdev time directly when closing (bsc#1012628).
- s390/unwind: use current_frame_address() to unwind current task
(bsc#1012628).
- ceph: lockdep annotations for try_nonblocking_invalidate
(bsc#1012628).
- ceph: remove the capsnaps when removing caps (bsc#1012628).
- ceph: request Fw caps before updating the mtime in
ceph_write_iter (bsc#1012628).
- ceph: fix memory leak on decode error in ceph_handle_caps
(bsc#1012628).
- ACPI: PM: s2idle: Run both AMD and Microsoft methods if both
are supported (bsc#1012628).
- ASoC: audio-graph: respawn Platform Support (bsc#1012628).
- s390: add kmemleak annotation in stack_alloc() (bsc#1012628).
- dmaengine: xilinx_dma: Set DMA mask for coherent APIs
(bsc#1012628).
- dmaengine: ioat: depends on !UML (bsc#1012628).
- cxl/pci: Introduce cdevm_file_operations (bsc#1012628).
- cxl: Move cxl_core to new directory (bsc#1012628).
- dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (bsc#1012628).
- dmaengine: idxd: depends on !UML (bsc#1012628).
- riscv: dts: microchip: mpfs-icicle: Fix serial console
(bsc#1012628).
- of: property: Disable fw_devlink DT support for X86
(bsc#1012628).
- drm/ttm: Fix a deadlock if the target BO is not idle during swap
(bsc#1012628).
- arm64: mm: limit linear region to 51 bits for KVM in nVHE mode
(bsc#1012628).
- iommu/vt-d: Fix a deadlock in intel_svm_drain_prq()
(bsc#1012628).
- iommu/vt-d: Fix PASID leak in intel_svm_unbind_mm()
(bsc#1012628).
- iommu/amd: Relocate GAMSup check to early_enable_iommus
(bsc#1012628).
- parisc: Move pci_dev_is_behind_card_dino to where it is used
(bsc#1012628).
- dma-buf: DMABUF_DEBUG should depend on DMA_SHARED_BUFFER
(bsc#1012628).
- Update config files.
- dma-buf: DMABUF_MOVE_NOTIFY should depend on DMA_SHARED_BUFFER
(bsc#1012628).
- Update config files.
- drivers: base: cacheinfo: Get rid of
DEFINE_SMP_CALL_CACHE_FUNCTION() (bsc#1012628).
- drm/amdgpu: Disable PCIE_DPM on Intel RKL Platform
(bsc#1012628).
- thermal/core: Fix thermal_cooling_device_register() prototype
(bsc#1012628).
- tracing/boot: Fix to loop on only subkeys (bsc#1012628).
- tools/bootconfig: Fix tracing_on option checking in
ftrace2bconf.sh (bsc#1012628).
- Kconfig.debug: drop selecting non-existing
HARDLOCKUP_DETECTOR_ARCH (bsc#1012628).
- init: move usermodehelper_enable() to populate_rootfs()
(bsc#1012628).
- math: RATIONAL_KUNIT_TEST should depend on RATIONAL instead
of selecting it (bsc#1012628).
- SUNRPC: don't pause on incomplete allocation (bsc#1012628).
- s390/entry: make oklabel within CHKSTG macro local
(bsc#1012628).
- platform/chrome: cros_ec_trace: Fix format warnings
(bsc#1012628).
- platform/chrome: sensorhub: Add trace events for sample
(bsc#1012628).
- dmaengine: idxd: clear block on fault flag when clear wq
(bsc#1012628).
- dmaengine: idxd: fix abort status check (bsc#1012628).
- dmaengine: idxd: fix wq slot allocation index check
(bsc#1012628).
- dmaengine: idxd: have command status always set (bsc#1012628).
- dmanegine: idxd: cleanup all device related bits after disabling
device (bsc#1012628).
- pwm: mxs: Don't modify HW state in .probe() after the PWM chip
was registered (bsc#1012628).
- pwm: lpc32xx: Don't modify HW state in .probe() after the PWM
chip was registered (bsc#1012628).
- ceph: cancel delayed work instead of flushing on mdsc teardown
(bsc#1012628).
- thermal/drivers/qcom/spmi-adc-tm5: Don't abort probing if a
sensor is not used (bsc#1012628).
- PM: sleep: core: Avoid setting power.must_resume to false
(bsc#1012628).
- profiling: fix shift-out-of-bounds bugs (bsc#1012628).
- nilfs2: use refcount_dec_and_lock() to fix potential UAF
(bsc#1012628).
- prctl: allow to setup brk for et_dyn executables (bsc#1012628).
- pwm: ab8500: Fix register offset calculation to not depend on
probe order (bsc#1012628).
- 9p/trans_virtio: Remove sysfs file on probe failure
(bsc#1012628).
- thermal/drivers/exynos: Fix an error code in exynos_tmu_probe()
(bsc#1012628).
- n64cart: fix return value check in n64cart_probe()
(bsc#1012628).
- staging: rtl8723bs: fix wpa_set_auth_algs() function
(bsc#1012628).
- perf tools: Allow build-id with trailing zeros (bsc#1012628).
- perf symbol: Look for ImageBase in PE file to compute .text
offset (bsc#1012628).
- perf test: Fix bpf test sample mismatch reporting (bsc#1012628).
- dmaengine: acpi: Avoid comparison GSI with Linux vIRQ
(bsc#1012628).
- RDMA/mlx5: Fix xlt_chunk_align calculation (bsc#1012628).
- RDMA/hns: Enable stash feature of HIP09 (bsc#1012628).
- um: virtio_uml: fix memory leak on init failures (bsc#1012628).
- coredump: fix memleak in dump_vma_snapshot() (bsc#1012628).
- um: fix stub location calculation (bsc#1012628).
- staging: rtl8192u: Fix bitwise vs logical operator in
TranslateRxSignalStuff819xUsb() (bsc#1012628).
- console: consume APC, DM, DCS (bsc#1012628).
- PCI: aardvark: Fix reporting CRS value (bsc#1012628).
- PCI: pci-bridge-emul: Add PCIe Root Capabilities Register
(bsc#1012628).
- commit 94242c6
- kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as
well.
Fixes: e98096d5cf85 ("rpm: Abolish scritplet templating (bsc#1189841).")
- commit e082fbf
- Linux 5.14.7 (bsc#1012628).
- net: stmmac: fix MAC not working when system resume back with
WoL active (bsc#1012628).
- io_uring: ensure symmetry in handling iter types in
loop_rw_iter() (bsc#1012628).
- swiotlb-xen: avoid double free (bsc#1012628).
- swiotlb-xen: fix late init retry (bsc#1012628).
- xen: reset legacy rtc flag for PV domU (bsc#1012628).
- xen: fix usage of pmd_populate in mremap for pv guests
(bsc#1012628).
- bnx2x: Fix enabling network interfaces without VFs
(bsc#1012628).
- arm64/sve: Use correct size when reinitialising SVE state
(bsc#1012628).
- PM: base: power: don't try to use non-existing RTC for storing
data (bsc#1012628).
- PCI: Add AMD GPU multi-function power dependencies
(bsc#1012628).
- drm/amd/display: Get backlight from PWM if DMCU is not
initialized (bsc#1012628).
- drm/amd/display: dsc mst 2 4K displays go dark with 2 lane HBR3
(bsc#1012628).
- drm/amd/display: Fix white screen page fault for gpuvm
(bsc#1012628).
- drm/amd/pm: fix runpm hang when amdgpu loaded prior to sound
driver (bsc#1012628).
- drm/amd/amdgpu: Increase HWIP_MAX_INSTANCE to 10 (bsc#1012628).
- drm/amdgpu: use IS_ERR for debugfs APIs (bsc#1012628).
- drm/amdgpu: fix use after free during BO move (bsc#1012628).
- drm/amdgpu: add amdgpu_amdkfd_resume_iommu (bsc#1012628).
- drm/amdgpu: move iommu_resume before ip init/resume
(bsc#1012628).
- drm/amd/pm: fix the issue of uploading powerplay table
(bsc#1012628).
- drm/amdkfd: separate kfd_iommu_resume from kfd_resume
(bsc#1012628).
- drm/radeon: pass drm dev radeon_agp_head_init directly
(bsc#1012628).
- io_uring: allow retry for O_NONBLOCK if async is supported
(bsc#1012628).
- drm/etnaviv: return context from etnaviv_iommu_context_get
(bsc#1012628).
- drm/etnaviv: put submit prev MMU context when it exists
(bsc#1012628).
- drm/etnaviv: stop abusing mmu_context as FE running marker
(bsc#1012628).
- drm/etnaviv: keep MMU context across runtime suspend/resume
(bsc#1012628).
- drm/etnaviv: exec and MMU state is lost when resetting the GPU
(bsc#1012628).
- drm/etnaviv: fix MMU context leak on GPU reset (bsc#1012628).
- drm/etnaviv: reference MMU context when setting up hardware
state (bsc#1012628).
- drm/etnaviv: add missing MMU context put when reaping MMU
mapping (bsc#1012628).
- s390/sclp: fix Secure-IPL facility detection (bsc#1012628).
- net: qrtr: revert check in qrtr_endpoint_post() (bsc#1012628).
- x86/pat: Pass valid address to sanitize_phys() (bsc#1012628).
- x86/mm: Fix kern_addr_valid() to cope with existing but not
present entries (bsc#1012628).
- x86/mce: Avoid infinite loop for copy from user recovery
(bsc#1012628).
- net: remove the unnecessary check in cipso_v4_doi_free
(bsc#1012628).
- net/{mlx5|nfp|bnxt}: Remove unnecessary RTNL lock assert
(bsc#1012628).
- net-caif: avoid user-triggerable WARN_ON(1) (bsc#1012628).
- ptp: dp83640: don't define PAGE0 (bsc#1012628).
- dccp: don't duplicate ccid when cloning dccp sock (bsc#1012628).
- net/l2tp: Fix reference count leak in l2tp_udp_recv_core
(bsc#1012628).
- r6040: Restore MDIO clock frequency after MAC reset
(bsc#1012628).
- tipc: increase timeout in tipc_sk_enqueue() (bsc#1012628).
- drm/rockchip: cdn-dp-core: Make cdn_dp_core_resume
__maybe_unused (bsc#1012628).
- rtc: cmos: Disable irq around direct invocation of
cmos_interrupt() (bsc#1012628).
- drm/i915/dp: return proper DPRX link training result
(bsc#1012628).
- perf machine: Initialize srcline string member in add_location
struct (bsc#1012628).
- net/mlx5: FWTrace, cancel work on alloc pd error flow
(bsc#1012628).
- net/mlx5: Fix potential sleeping in atomic context
(bsc#1012628).
- net: stmmac: fix system hang caused by eee_ctrl_timer during
suspend/resume (bsc#1012628).
- igc: fix tunnel offloading (bsc#1012628).
- nvme-tcp: fix io_work priority inversion (bsc#1012628).
- powerpc/64s: system call scv tabort fix for corrupt irq
soft-mask state (bsc#1012628).
- events: Reuse value read using READ_ONCE instead of re-reading
it (bsc#1012628).
- net: ipa: initialize all filter table slots (bsc#1012628).
- gen_compile_commands: fix missing 'sys' package (bsc#1012628).
- vhost_net: fix OoB on sendmsg() failure (bsc#1012628).
- net/af_unix: fix a data-race in unix_dgram_poll (bsc#1012628).
- net: dsa: destroy the phylink instance on any error in
dsa_slave_phy_setup (bsc#1012628).
- x86/uaccess: Fix 32-bit __get_user_asm_u64() when
CC_HAS_ASM_GOTO_OUTPUT=y (bsc#1012628).
- tcp: fix tp->undo_retrans accounting in tcp_sacktag_one()
(bsc#1012628).
- selftest: net: fix typo in altname test (bsc#1012628).
- qed: Handle management FW error (bsc#1012628).
- udp_tunnel: Fix udp_tunnel_nic work-queue type (bsc#1012628).
- dt-bindings: arm: Fix Toradex compatible typo (bsc#1012628).
- ibmvnic: check failover_pending in login response (bsc#1012628).
- KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode
changing registers (bsc#1012628).
- powerpc/64s: system call rfscv workaround for TM bugs
(bsc#1012628).
- powerpc/mce: Fix access error in mce handler (bsc#1012628).
- s390/pci_mmio: fully validate the VMA before calling
follow_pte() (bsc#1012628).
- bnxt_en: make bnxt_free_skbs() safe to call after
bnxt_free_mem() (bsc#1012628).
- net: hns3: pad the short tunnel frame before sending to hardware
(bsc#1012628).
- net: hns3: change affinity_mask to numa node range
(bsc#1012628).
- net: hns3: disable mac in flr process (bsc#1012628).
- net: hns3: fix the timing issue of VF clearing interrupt sources
(bsc#1012628).
- net: stmmac: platform: fix build warning when with
!CONFIG_PM_SLEEP (bsc#1012628).
- Drivers: hv: vmbus: Fix kernel crash upon unbinding a device
from uio_hv_generic driver (bsc#1012628).
- net/mlx5e: Fix mutual exclusion between CQE compression and
HW TS (bsc#1012628).
- ice: Correctly deal with PFs that do not support RDMA
(bsc#1012628).
- net: dsa: qca8k: fix kernel panic with legacy mdio mapping
(bsc#1012628).
- net: dsa: lantiq_gswip: Add 200ms assert delay (bsc#1012628).
- net: hns3: fix the exception when query imp info (bsc#1012628).
- nvme: avoid race in shutdown namespace removal (bsc#1012628).
- blkcg: fix memory leak in blk_iolatency_init (bsc#1012628).
- net: dsa: flush switchdev workqueue before tearing down CPU/DSA
ports (bsc#1012628).
- mlxbf_gige: clear valid_polarity upon open (bsc#1012628).
- dt-bindings: mtd: gpmc: Fix the ECC bytes vs. OOB bytes equation
(bsc#1012628).
- remoteproc: qcom: wcnss: Fix race with iris probe (bsc#1012628).
- mfd: db8500-prcmu: Adjust map to reality (bsc#1012628).
- PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms
(bsc#1012628).
- fuse: fix use after free in fuse_read_interrupt() (bsc#1012628).
- PCI: tegra194: Fix handling BME_CHGED event (bsc#1012628).
- PCI: tegra194: Fix MSI-X programming (bsc#1012628).
- PCI: tegra: Fix OF node reference leak (bsc#1012628).
- mfd: Don't use irq_create_mapping() to resolve a mapping
(bsc#1012628).
- PCI: rcar: Fix runtime PM imbalance in rcar_pcie_ep_probe()
(bsc#1012628).
- riscv: fix the global name pfn_base confliction error
(bsc#1012628).
- KVM: arm64: Make hyp_panic() more robust when protected mode
is enabled (bsc#1012628).
- tracing/probes: Reject events which have the same name of
existing one (bsc#1012628).
- PCI: cadence: Use bitfield for *quirk_retrain_flag* instead
of bool (bsc#1012628).
- PCI: cadence: Add quirk flag to set minimum delay in LTSSM
Detect.Quiet state (bsc#1012628).
- PCI: j721e: Add PCIe support for J7200 (bsc#1012628).
- PCI: j721e: Add PCIe support for AM64 (bsc#1012628).
- PCI: Add ACS quirks for Cavium multi-function devices
(bsc#1012628).
- watchdog: Start watchdog in watchdog_set_last_hw_keepalive
only if appropriate (bsc#1012628).
- octeontx2-af: Add additional register check to rvu_poll_reg()
(bsc#1012628).
- Set fc_nlinfo in nh_create_ipv4, nh_create_ipv6 (bsc#1012628).
- flow: fix object-size-mismatch warning in
flowi{4,6}_to_flowi_common() (bsc#1012628).
- net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920
(bsc#1012628).
- block, bfq: honor already-setup queue merges (bsc#1012628).
- PCI: ibmphp: Fix double unmap of io_mem (bsc#1012628).
- loop: reduce the loop_ctl_mutex scope (bsc#1012628).
- ethtool: Fix an error code in cxgb2.c (bsc#1012628).
- NTB: Fix an error code in ntb_msit_probe() (bsc#1012628).
- NTB: perf: Fix an error code in perf_setup_inbuf()
(bsc#1012628).
- stmmac: dwmac-loongson:Fix missing return value (bsc#1012628).
- net: phylink: add suspend/resume support (bsc#1012628).
- mfd: axp20x: Update AXP288 volatile ranges (bsc#1012628).
- backlight: ktd253: Stabilize backlight (bsc#1012628).
- PCI: controller: PCI_IXP4XX should depend on ARCH_IXP4XX
(bsc#1012628).
- PCI: of: Don't fail devm_pci_alloc_host_bridge() on missing
'ranges' (bsc#1012628).
- PCI: iproc: Fix BCMA probe resource handling (bsc#1012628).
- netfilter: nft_ct: protect nft_ct_pcpu_template_refcnt with
mutex (bsc#1012628).
- KVM: arm64: Restrict IPA size to maximum 48 bits on 4K and
16K page size (bsc#1012628).
- PCI: Fix pci_dev_str_match_path() alloc while atomic bug
(bsc#1012628).
- mfd: tqmx86: Clear GPIO IRQ resource when no IRQ is set
(bsc#1012628).
- tracing/boot: Fix a hist trigger dependency for boot time
tracing (bsc#1012628).
- mtd: mtdconcat: Judge callback existence based on the master
(bsc#1012628).
- mtd: mtdconcat: Check _read, _write callbacks existence before
assignment (bsc#1012628).
- KVM: arm64: Fix read-side race on updates to vcpu reset state
(bsc#1012628).
- KVM: arm64: Handle PSCI resets before userspace touches vCPU
state (bsc#1012628).
- PCI/PTM: Remove error message at boot (bsc#1012628).
- PCI: Sync __pci_register_driver() stub for CONFIG_PCI=n
(bsc#1012628).
- mtd: rawnand: cafe: Fix a resource leak in the error handling
path of 'cafe_nand_probe()' (bsc#1012628).
- ARC: export clear_user_page() for modules (bsc#1012628).
- perf config: Fix caching and memory leak in
perf_home_perfconfig() (bsc#1012628).
- perf unwind: Do not overwrite
FEATURE_CHECK_LDFLAGS-libunwind-{x86,aarch64} (bsc#1012628).
- perf bench inject-buildid: Handle writen() errors (bsc#1012628).
- gpio: mpc8xxx: Fix a resources leak in the error handling path
of 'mpc8xxx_probe()' (bsc#1012628).
- gpio: mpc8xxx: Fix a potential double iounmap call in
'mpc8xxx_probe()' (bsc#1012628).
- gpio: mpc8xxx: Use 'devm_gpiochip_add_data()' to simplify the
code and avoid a leak (bsc#1012628).
- io_uring: retry in case of short read on block device
(bsc#1012628).
- net: dsa: tag_rtl4_a: Fix egress tags (bsc#1012628).
- tools build: Fix feature detect clean for out of source builds
(bsc#1012628).
- mptcp: fix possible divide by zero (bsc#1012628).
- selftests: mptcp: clean tmp files in simult_flows (bsc#1012628).
- net: hso: add failure handler for add_net_device (bsc#1012628).
- net: dsa: b53: Fix calculating number of switch ports
(bsc#1012628).
- net: dsa: b53: Set correct number of ports in the DSA struct
(bsc#1012628).
- mptcp: Only send extra TCP acks in eligible socket states
(bsc#1012628).
- netfilter: socket: icmp6: fix use-after-scope (bsc#1012628).
- fq_codel: reject silly quantum parameters (bsc#1012628).
- qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom
(bsc#1012628).
- iwlwifi: move get pnvm file name to a separate function
(bsc#1012628).
- iwlwifi: pnvm: Fix a memory leak in 'iwl_pnvm_get_from_fs()'
(bsc#1012628).
- ip_gre: validate csum_start only on pull (bsc#1012628).
- net: dsa: b53: Fix IMP port setup on BCM5301x (bsc#1012628).
- bnxt_en: fix stored FW_PSID version masks (bsc#1012628).
- bnxt_en: Fix asic.rev in devlink dev info command (bsc#1012628).
- bnxt_en: Fix possible unintended driver initiated error recovery
(bsc#1012628).
- ip6_gre: Revert "ip6_gre: add validation for csum_start"
(bsc#1012628).
- mfd: lpc_sch: Rename GPIOBASE to prevent build error
(bsc#1012628).
- cxgb3: fix oops on module removal (bsc#1012628).
- net: renesas: sh_eth: Fix freeing wrong tx descriptor
(bsc#1012628).
- bnxt_en: Fix error recovery regression (bsc#1012628).
- net: dsa: bcm_sf2: Fix array overrun in
bcm_sf2_num_active_ports() (bsc#1012628).
- s390/bpf: Fix optimizing out zero-extensions (bsc#1012628).
- s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant
(bsc#1012628).
- s390/bpf: Fix branch shortening during codegen pass
(bsc#1012628).
- Update config files.
- commit aa9b3e1
- Revert "Revert "rpm: Abolish scritplet templating (bsc#1189841).""
This reverts commit f924054cc523527b52203e352adb073db0962f5f.
New suse-module-tools were accepted to factory:
https://build.opensuse.org/request/show/919089
- commit 6abad1e
==== ldb ====
Version update (2.3.0 -> 2.4.0)
- Update to version 2.4.0
+ Improve calculate_popt_array_length()
+ Use C99 initializers for builtin_popt_options[]
+ pyldb: Fix Message.items() for a message containing elements
+ pyldb: Add test for Message.items()
+ tests: Use ldbsearch '--scope instead of '-s'
+ pyldb: fix a typo
+ Change page size of guidindexpackv1.ldb
+ Use a 1MiB lmdb so the test also passes on aarch64 CentOS stream
+ attrib_handler casefold: simplify space dropping
+ fix ldb_comparison_fold off-by-one overrun
+ CVE-2020-27840: pytests: move Dn.validate test to ldb
+ CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode
+ CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds
+ CVE-2021-20277 ldb tests: ldb_match tests with extra spaces
+ improve comments for ldb_module_connect_backend()
+ test/ldb_tdb: correct introductory comments
+ ldb.h: remove undefined async_ctx function signatures
+ correct comments in attrib_handers val_to_int64
+ dn tests use cmocka print functions
+ ldb_match: remove redundant check
+ add tests for ldb_wildcard_compare
+ ldb_match: trailing chunk must match end of string
+ pyldb: catch potential overflow error in py_timestring
+ ldb: remove some 'if PY3's in tests
+ Add missing break in switch statement
==== libcap ====
Version update (2.51 -> 2.59)
- update to 2.59:
* Fixed a potential libcap memory leak by adding a destructor
* Major improvement is that there is a path for Linux-PAM compliant
applications to support setting Ambient vector Capabilities via pam_cap.so now
* Added libcap cap_proc_root() API function
* Added color support to captree
* Fixed contrib/sucap/su to correctly handle the Inheritable flag
* capsh enhancements
* getcap -r / now generates readable output
* The shared library objects: pam_cap.so, libcap.so and libpsx.so, are all now
runnable as standalone binaries
* The module pam_cap.so now contains support for a default=<IAB> module argument
* Enhanced capsh --suggest to also compare against the capability value names
and not just their descriptions
* Added capsh --current support
* Added a contrib/sucap/su.c pure-capabilities PAM implementation of su
* Fix for a corner case infinite loop handling long strings
* Added libcap cap_iab_compare() and cap_iab_get_pid() APIs
* Added a Go utility, captree, to display the process (and thread) graph along with
the POSIX.1e and IAB capabilities of each PID{TID} tree.
==== libjpeg-turbo ====
- previous version updates fixes following bugs:
CVE-2014-9092, CVE-2018-14498, CVE-2019-2201, CVE-2020-17541
(bsc#1128712, bsc#1186764, bsc#807183, bsc#906761)
==== libsolv ====
Version update (0.7.19 -> 0.7.20)
- fix misparsing of '&' in attributes with libxml2
- choice rules: treat orphaned packages as newest [bsc#1190465]
- fix compatibility with Python 3.10
- new SOLVER_EXCLUDEFROMWEAK job type
- support for environments in comps parser
- bump version to 0.7.20
- Disable python2 usage on suse_version >= 1550 by default (still
possible to use osc build --with=python).
==== libsoup2 ====
Subpackages: libsoup-2_4-1 typelib-1_0-Soup-2_4
- Add libsoup2-extend-test-cert.patch to fix tests after 2027 (boo#1102840)
==== llvm12 ====
- Don't build clang-tools, libc++ and python3-clang anymore,
because they come from llvm13 now.
- Remove version requirement from clang-tools dependency.
==== lz4 ====
- version 1.9.3 fixes also CVE-2021-3520 [bsc#1185438]
==== mozilla-nss ====
Version update (3.69.1 -> 3.70)
Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs
- update to NSS 3.70
* bmo#1726022 - Update test case to verify fix.
* bmo#1714579 - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max
* bmo#1714579 - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback
* bmo#1681975 - Avoid using a lookup table in nssb64d.
* bmo#1724629 - Use HW accelerated SHA2 on AArch64 Big Endian.
* bmo#1714579 - Change default value of enableHelloDowngradeCheck to true.
* bmo#1726022 - Cache additional PBE entries.
* bmo#1709750 - Read HPKE vectors from official JSON.
- required for Firefox 93
==== samba ====
Version update (4.14.6+git.182.2205d5224e3 -> 4.15.0+git.185.378416e547c)
Subpackages: libdcerpc-binding0 libdcerpc0 libndr-krb5pac0 libndr-nbt0 libndr-standard0 libnetapi0 libsamba-credentials1 libsamba-errors0 libsamba-hostconfig0 libsamba-passdb0 libsamba-util0 libsamdb0 libsmbclient0 libsmbconf0 libsmbldap2 libtevent-util0 libwbclient0 samba-client samba-libs
- Adjust spec to use pam macros; (bsc#1191046).
- Adjust spec for size
* allow some Recommends instead Requires to be configured
for cifs-utils, samba-libs-python3 & samba-gpupdate;
(bsc#1182847).
* remove fam, undocumented and unneeded.
- Add missing build dependency on bison when building with the
embedded Heimdal Kerberos
- Update to 4.15.0
* Removed SMB development dialects SMB2_22, SMB2_24 and SMB3_10
* VFS layer modernized.
* Add the ability to set allow/deny lists for zone transfer clients
in Bind DLZ plugin
* Server multi-channel support no longer experimental
* Improved command line user experience, unifying the options in
different commands
* Winbindd no longer scans trusted domains on startup and will use
enterprise principals by default.
* The net utility is now able to support the offline domain join feature
* New options for 'samba-tool dns zoneoptions' for aging control
and to mark old records as static or dynamic
* DNS tombstones are now deleted as appropriate and use a consistent
timestamp format
* The 'samba-tool dns update' command validates and rejects now malformed
IPv4 and IPv6 addresses
* The 'samba-tool domain backup' command correctly takes out locks
against concurrent modification during backup when using the LMDB
backend
* TruACL support has been removed
* NIS support has been removed
- Update to 4.14.7
* smbd panic on force-close share during offload write; (bso#14769);
* smbd should support copy_file_range() for FSCTL_SRV_COPYCHUNK;
(bso#12033);
* Fix returned attributes on fake quota file handle and avoid hitting
the VFS; (bso#14731);
* vfs_shadow_copy2 fix inodes not correctly updating inode numbers;
(bso#14756);
* Fix build on Solaris; (bso#14774);
* Make dos attributes available for unreadable files; (bso#14654);
* Work around special SMB2 READ response behavior of NetApp Ontap
7.3.7; (bso#14607);
* Start the SMB encryption as soon as possible; (bso#14793);
==== suse-module-tools ====
Version update (16.0.10+7 -> 16.0.11)
- Update to version 16.0.11:
* inkmp-script(postun): don't pass existing files to weak-modules2
(boo#1191200)
* kernel-scriptlets: skip cert scriptlet on non-UEFI systems
(boo#1191260)
==== tar ====
- The following issues have already been fixed in this package but
weren't previously mentioned in the changes file:
* bsc#1181131
* bsc#1120610
==== timezone ====
Version update (2021a -> 2021c)
- timezone update 2021c:
* Revert almost all of 2021b's changes to the 'backward' file
* Fix a bug in 'zic -b fat' that caused old timestamps to be
mishandled in 32-bit-only readers
- timezone update 2021b:
* Jordan now starts DST on February's last Thursday.
* Samoa no longer observes DST.
* Move some backward-compatibility links to 'backward'.
* Rename Pacific/Enderbury to Pacific/Kanton.
* Correct many pre-1993 transitions in Malawi, Portugal, etc.
* zic now creates each output file or link atomically.
* zic -L no longer omits the POSIX TZ string in its output.
* zic fixes for truncation and leap second table expiration.
* zic now follows POSIX for TZ strings using all-year DST.
* Fix some localtime crashes and bugs in obscure cases.
* zdump -v now outputs more-useful boundary cases.
* tzfile.5 better matches a draft successor to RFC 8536.
==== transactional-update ====
Version update (3.5.5 -> 3.5.6)
Subpackages: dracut-transactional-update libtukit0 transactional-update-zypp-config tukit
- Version 3.5.6
- tukit: Add S/390 bootloader support [bsc#1189807]
- t-u: support purge-kernels with t-u patch [bsc#1190788]
8 months, 3 weeks
- 1
- 0
New Kubic snapshot 20211008 released!
by Richard Brown
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=1&version=T…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
bash
ca-certificates-mozilla (2.50 -> 2.52)
e2fsprogs
elfutils
filesystem
gawk
kernel-default-base (5.14.6 -> 5.14.9)
kernel-source (5.14.6 -> 5.14.9)
ldb (2.3.0 -> 2.4.0)
libcap (2.51 -> 2.59)
libjpeg-turbo
libsolv (0.7.19 -> 0.7.20)
libsoup2
lz4
suse-module-tools (16.0.10+7 -> 16.0.11)
tar
timezone (2021a -> 2021c)
transactional-update (3.5.5 -> 3.5.6)
=== Details ===
==== bash ====
- Install bash_builtins manpage under the correct name
==== ca-certificates-mozilla ====
Version update (2.50 -> 2.52)
- updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006)
- Added CAs:
+ HARICA Client ECC Root CA 2021
+ HARICA Client RSA Root CA 2021
+ HARICA TLS ECC Root CA 2021
+ HARICA TLS RSA Root CA 2021
+ TunTrust Root CA
- remove the DST_Root_CA_X3.pem trust, as it expires september 30th 2021.
(bsc#1190858)
==== e2fsprogs ====
Subpackages: libcom_err2 libext2fs2
- quota-Add-support-to-version-0-quota-format.patch: quota: Add support to
version 0 quota format (jsc#SLE-17360)
quota-Fold-quota_read_all_dquots-into-quota_update_l.patch: quota: Fold
quota_read_all_dquots() into quota_update_limits() (jsc#SLE-17360)
quota-Rename-quota_update_limits-to-quota_read_all_d.patch: quota: Rename
quota_update_limits() to quota_read_all_dquots() (jsc#SLE-17360)
tune2fs-Fix-conversion-of-quota-files.patch: tune2fs: Fix conversion of quota
files (jsc#SLE-17360)
e2fsck-Do-not-trash-user-limits-when-processing-orph.patch: e2fsck: Do not
trash user limits when processing orphan list (jsc#SLE-17360)
debugfs-Fix-headers-for-quota-commands.patch: debugfs: Fix headers for quota
commands (jsc#SLE-17360)
quota-Drop-dead-code.patch: quota: Drop dead code (jsc#SLE-17360)
- add these not yet released fixes to e2fsprogs package so that SLE15-SP4 ships
with them
==== elfutils ====
Subpackages: libasm1 libdw1 libelf1
- Enhance license fields: all the libraries actually have a different
license to the tools. While the tools are GPL-3.0-or-later, the
libraries are (LGPL-3.0-or-later OR GPL-2.0-or-later)
SLE bug (for tracking the above) bsc#1191310
==== filesystem ====
- don't perform UsrMerge if ZYPP_SINGLE_RPMTRANS is set. Rely on
file trigger compat mode in that case and do it posttrans
(boo#1189788).
- generic %ghost handling instead of hardcoding
==== gawk ====
- remove update-alternatives support, as on linux systems GNU software
(i.e. gawk in this case) is usually considered the default implementation.
- use %make macros
==== kernel-default-base ====
Version update (5.14.6 -> 5.14.9)
- Add nls_utf8 module (boo#1190797)
==== kernel-source ====
Version update (5.14.6 -> 5.14.9)
- ALSA: usb-audio: Restrict rates for the shared clocks
(bsc#1190418).
- commit d0ace7f
- Update
patches.kernel.org/5.14.9-147-Revert-drm-vc4-hdmi-runtime-PM-changes.patch
(bsc#1012628 bsc#1190469).
- Delete patches.suse/drm-vc4-hdmi-Fix-HPD-GPIO-detection.patch.
The former superseded the latter.
- commit 2bc4ba2
- Linux 5.14.9 (bsc#1012628).
- mm, hwpoison: add is_free_buddy_page() in HWPoisonHandlable()
(bsc#1012628).
- ocfs2: drop acl cache for directories too (bsc#1012628).
- mm/debug: sync up MR_CONTIG_RANGE and MR_LONGTERM_PIN
(bsc#1012628).
- mm: fix uninitialized use in overcommit_policy_handler
(bsc#1012628).
- usb: gadget: r8a66597: fix a loop in set_feature()
(bsc#1012628).
- usb: gadget: u_audio: EP-OUT bInterval in fback frequency
(bsc#1012628).
- usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave
(bsc#1012628).
- usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA
(bsc#1012628).
- usb: musb: tusb6010: uninitialized data in
tusb_fifo_write_unaligned() (bsc#1012628).
- cifs: Not to defer close on file when lock is set (bsc#1012628).
- cifs: Fix soft lockup during fsstress (bsc#1012628).
- cifs: fix incorrect check for null pointer in header_assemble
(bsc#1012628).
- xen/x86: fix PV trap handling on secondary processors
(bsc#1012628).
- usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c
(bsc#1012628).
- USB: serial: cp210x: add ID for GW Instek GDM-834x Digital
Multimeter (bsc#1012628).
- USB: cdc-acm: fix minor-number release (bsc#1012628).
- Revert "USB: bcma: Add a check for devm_gpiod_get"
(bsc#1012628).
- binder: make sure fd closes complete (bsc#1012628).
- binder: fix freeze race (bsc#1012628).
- staging: greybus: uart: fix tty use after free (bsc#1012628).
- usb: isp1760: do not sleep in field register poll (bsc#1012628).
- Re-enable UAS for LaCie Rugged USB3-FW with fk quirk
(bsc#1012628).
- usb: dwc3: core: balance phy init and exit (bsc#1012628).
- usb: cdns3: fix race condition before setting doorbell
(bsc#1012628).
- usb: core: hcd: Add support for deferring roothub registration
(bsc#1012628).
- USB: serial: mos7840: remove duplicated 0xac24 device ID
(bsc#1012628).
- USB: serial: option: add Telit LN920 compositions (bsc#1012628).
- USB: serial: option: remove duplicate USB device ID
(bsc#1012628).
- USB: serial: option: add device id for Foxconn T99W265
(bsc#1012628).
- misc: bcm-vk: fix tty registration race (bsc#1012628).
- misc: genwqe: Fixes DMA mask setting (bsc#1012628).
- mcb: fix error handling in mcb_alloc_bus() (bsc#1012628).
- KVM: rseq: Update rseq when processing NOTIFY_RESUME on xfer
to KVM guest (bsc#1012628).
- erofs: fix up erofs_lookup tracepoint (bsc#1012628).
- nexthop: Fix division by zero while replacing a resilient group
(bsc#1012628).
- btrfs: prevent __btrfs_dump_space_info() to underflow its free
space (bsc#1012628).
- xhci: Set HCD flag to defer primary roothub registration
(bsc#1012628).
- serial: 8250: 8250_omap: Fix RX_LVL register offset
(bsc#1012628).
- serial: mvebu-uart: fix driver's tx_empty callback
(bsc#1012628).
- scsi: sd_zbc: Ensure buffer size is aligned to SECTOR_SIZE
(bsc#1012628).
- drm/amd/pm: Update intermediate power state for SI
(bsc#1012628).
- net: hso: fix muxed tty registration (bsc#1012628).
- platform/x86: amd-pmc: Increase the response register timeout
(bsc#1012628).
- arm64: Restore forced disabling of KPTI on ThunderX
(bsc#1012628).
- arm64: Mitigate MTE issues with str{n}cmp() (bsc#1012628).
- comedi: Fix memory leak in compat_insnlist() (bsc#1012628).
- regulator: qcom-rpmh-regulator: fix pm8009-1 ldo7 resource name
(bsc#1012628).
- afs: Fix page leak (bsc#1012628).
- afs: Fix incorrect triggering of sillyrename on 3rd-party
invalidation (bsc#1012628).
- afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS
server (bsc#1012628).
- afs: Fix updating of i_blocks on file/dir extension
(bsc#1012628).
- platform/x86/intel: punit_ipc: Drop wrong use of ACPI_PTR()
(bsc#1012628).
- regulator: max14577: Revert "regulator: max14577: Add proper
module aliases strings" (bsc#1012628).
- NLM: Fix svcxdr_encode_owner() (bsc#1012628).
- virtio-net: fix pages leaking when building skb in big mode
(bsc#1012628).
- enetc: Fix illegal access when reading affinity_hint
(bsc#1012628).
- enetc: Fix uninitialized struct dim_sample field usage
(bsc#1012628).
- net: dsa: tear down devlink port regions when tearing down
the devlink port on error (bsc#1012628).
- net: bgmac-bcma: handle deferred probe error due to mac-address
(bsc#1012628).
- napi: fix race inside napi_enable (bsc#1012628).
- bnxt_en: Fix TX timeout when TX ring size is set to the smallest
(bsc#1012628).
- net: hns3: fix change RSS 'hfunc' ineffective issue
(bsc#1012628).
- net: hns3: fix inconsistent vf id print (bsc#1012628).
- net: hns3: fix misuse vf id and vport id in some logs
(bsc#1012628).
- net: hns3: check queue id range before using (bsc#1012628).
- net: hns3: check vlan id before using it (bsc#1012628).
- net: hns3: fix a return value error in hclge_get_reset_status()
(bsc#1012628).
- net/smc: add missing error check in smc_clc_prfx_set()
(bsc#1012628).
- net/smc: fix 'workqueue leaked lock' in smc_conn_abort_work
(bsc#1012628).
- net: dsa: fix dsa_tree_setup error path (bsc#1012628).
- net: dsa: don't allocate the slave_mii_bus using devres
(bsc#1012628).
- net: dsa: realtek: register the MDIO bus under devres
(bsc#1012628).
- platform/x86: dell: fix DELL_WMI_PRIVACY dependencies & build
error (bsc#1012628).
- kselftest/arm64: signal: Add SVE to the set of features we
can check for (bsc#1012628).
- kselftest/arm64: signal: Skip tests if required features are
missing (bsc#1012628).
- spi: Revert modalias changes (bsc#1012628).
- s390/qeth: fix NULL deref in qeth_clear_working_pool_list()
(bsc#1012628).
- gpiolib: acpi: Make set-debounce-timeout failures non fatal
(bsc#1012628).
- gpio: uniphier: Fix void functions to remove return value
(bsc#1012628).
- qed: rdma - don't wait for resources under hw error recovery
flow (bsc#1012628).
- mptcp: ensure tx skbs always have the MPTCP ext (bsc#1012628).
- nexthop: Fix memory leaks in nexthop notification chain
listeners (bsc#1012628).
- nfc: st-nci: Add SPI ID matching DT compatible (bsc#1012628).
- net: ethernet: mtk_eth_soc: avoid creating duplicate offload
entries (bsc#1012628).
- net: mscc: ocelot: fix forwarding from BLOCKING ports remaining
enabled (bsc#1012628).
- net/mlx4_en: Don't allow aRFS for encapsulated packets
(bsc#1012628).
- atlantic: Fix issue in the pm resume flow (bsc#1012628).
- drm/amdkfd: map SVM range with correct access permission
(bsc#1012628).
- drm/amdkfd: fix dma mapping leaking warning (bsc#1012628).
- scsi: iscsi: Adjust iface sysfs attr detection (bsc#1012628).
- scsi: target: Fix the pgr/alua_support_store functions
(bsc#1012628).
- tty: synclink_gt: rename a conflicting function name
(bsc#1012628).
- fpga: machxo2-spi: Return an error on failure (bsc#1012628).
- fpga: machxo2-spi: Fix missing error code in
machxo2_write_complete() (bsc#1012628).
- x86/fault: Fix wrong signal when vsyscall fails with pkey
(bsc#1012628).
- nvme-tcp: fix incorrect h2cdata pdu offset accounting
(bsc#1012628).
- nvme: keep ctrl->namespaces ordered (bsc#1012628).
- thermal/core: Potential buffer overflow in
thermal_build_list_of_policies() (bsc#1012628).
- cifs: fix a sign extension bug (bsc#1012628).
- scsi: sd_zbc: Support disks with more than 2**32 logical blocks
(bsc#1012628).
- scsi: ufs: Revert "Utilize Transfer Request List Completion
Notification Register" (bsc#1012628).
- scsi: ufs: Retry aborted SCSI commands instead of completing
these successfully (bsc#1012628).
- scsi: ufs: core: Unbreak the reset handler (bsc#1012628).
- scsi: qla2xxx: Restore initiator in dual mode (bsc#1012628).
- scsi: lpfc: Use correct scnprintf() limit (bsc#1012628).
- irqchip/goldfish-pic: Select GENERIC_IRQ_CHIP to fix build
(bsc#1012628).
- irqchip/gic-v3-its: Fix potential VPE leak on error
(bsc#1012628).
- md: fix a lock order reversal in md_alloc (bsc#1012628).
- x86/asm: Fix SETZ size enqcmds() build failure (bsc#1012628).
- io_uring: fix race between poll completion and cancel_hash
insertion (bsc#1012628).
- io_uring: fix missing set of EPOLLONESHOT for CQ ring overflow
(bsc#1012628).
- io_uring: put provided buffer meta data under memcg accounting
(bsc#1012628).
- io_uring: don't punt files update to io-wq unconditionally
(bsc#1012628).
- blktrace: Fix uaf in blk_trace access after removing by sysfs
(bsc#1012628).
- net: phylink: Update SFP selected interface on advertising
changes (bsc#1012628).
- net: macb: fix use after free on rmmod (bsc#1012628).
- net: stmmac: allow CSR clock of 300MHz (bsc#1012628).
- blk-mq: avoid to iterate over stale request (bsc#1012628).
- m68k: Double cast io functions to unsigned long (bsc#1012628).
- ipv6: delay fib6_sernum increase in fib6_add (bsc#1012628).
- dma-debug: prevent an error message from causing runtime
problems (bsc#1012628).
- cpufreq: intel_pstate: Override parameters if HWP forced by BIOS
(bsc#1012628).
- bpf: Add oversize check before call kvcalloc() (bsc#1012628).
- xen/balloon: use a kernel thread instead a workqueue
(bsc#1012628).
- nvme-multipath: fix ANA state updates when a namespace is not
present (bsc#1012628).
- nvme-rdma: destroy cm id before destroy qp to avoid use after
free (bsc#1012628).
- sparc32: page align size in arch_dma_alloc (bsc#1012628).
- amd/display: downgrade validation failure log level
(bsc#1012628).
- drm/ttm: fix type mismatch error on sparc64 (bsc#1012628).
- block: check if a profile is actually registered in
blk_integrity_unregister (bsc#1012628).
- block: flush the integrity workqueue in blk_integrity_unregister
(bsc#1012628).
- blk-cgroup: fix UAF by grabbing blkcg lock before destroying
blkg pd (bsc#1012628).
- compiler.h: Introduce absolute_pointer macro (bsc#1012628).
- net: i825xx: Use absolute_pointer for memcpy from fixed memory
location (bsc#1012628).
- sparc: avoid stringop-overread errors (bsc#1012628).
- qnx4: avoid stringop-overread errors (bsc#1012628).
- parisc: Use absolute_pointer() to define PAGE0 (bsc#1012628).
- drm/amdkfd: make needs_pcie_atomics FW-version dependent
(bsc#1012628).
- drm/amd/display: Fix unstable HPCP compliance on Chrome Barcelo
(bsc#1012628).
- drm/amd/display: Link training retry fix for abort case
(bsc#1012628).
- amd/display: enable panel orientation quirks (bsc#1012628).
- arm64: Mark __stack_chk_guard as __ro_after_init (bsc#1012628).
- alpha: Declare virt_to_phys and virt_to_bus parameter as
pointer to volatile (bsc#1012628).
- net: 6pack: Fix tx timeout and slot time (bsc#1012628).
- spi: Fix tegra20 build with CONFIG_PM=n (bsc#1012628).
- libperf evsel: Make use of FD robust (bsc#1012628).
- Revert drm/vc4 hdmi runtime PM changes (bsc#1012628).
- EDAC/synopsys: Fix wrong value type assignment for edac_mode
(bsc#1012628).
- EDAC/dmc520: Assign the proper type to dimm->edac_mode
(bsc#1012628).
- x86/setup: Call early_reserve_memory() earlier (bsc#1012628).
- thermal/drivers/int340x: Do not set a wrong tcc offset on resume
(bsc#1012628).
- irqchip/armada-370-xp: Fix ack/eoi breakage (bsc#1012628).
- arm64: add MTE supported check to thread switching and syscall
entry/exit (bsc#1012628).
- USB: serial: cp210x: fix dropped characters with CP2102
(bsc#1012628).
- software node: balance refcount for managed software nodes
(bsc#1012628).
- xen/balloon: fix balloon kthread freezing (bsc#1012628).
- qnx4: work around gcc false positive warning bug (bsc#1012628).
- usb: gadget: f_uac2: Add missing companion descriptor for
feedback EP (bsc#1012628).
- usb: gadget: f_uac2: Populate SS descriptors' wBytesPerInterval
(bsc#1012628).
- Refresh patches.suse/drm-vc4-hdmi-Fix-HPD-GPIO-detection.patch.
- commit 85f5318
- arm64: Update config files. (bsc#1185927)
Set PINCTRL_ZYNQMP as build-in.
- commit 4ae263c
- blacklist.conf: add idxd commit
- commit 06dbf6b
- nvmet: fix a width vs precision bug in
nvmet_subsys_attr_serial_show() (git-fixes).
- commit fef4ef0
- Linux 5.14.8 (bsc#1012628).
- drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (bsc#1012628).
- selinux,smack: fix subjective/objective credential use mixups
(bsc#1012628).
- io_uring: fix off-by-one in BUILD_BUG_ON check of
__REQ_F_LAST_BIT (bsc#1012628).
- cifs: properly invalidate cached root handle when closing it
(bsc#1012628).
- sched/idle: Make the idle timer expire in hard interrupt context
(bsc#1012628).
- rtc: rx8010: select REGMAP_I2C (bsc#1012628).
- blk-mq: allow 4x BLK_MAX_REQUEST_COUNT at blk_plug for
multiple_queues (bsc#1012628).
- blk-throttle: fix UAF by deleteing timer in blk_throtl_exit()
(bsc#1012628).
- block: genhd: don't call blkdev_show() with major_names_lock
held (bsc#1012628).
- nvmet: fixup buffer overrun in nvmet_subsys_attr_serial()
(bsc#1012628).
- pwm: stm32-lp: Don't modify HW state in .remove() callback
(bsc#1012628).
- pwm: rockchip: Don't modify HW state in .remove() callback
(bsc#1012628).
- pwm: img: Don't modify HW state in .remove() callback
(bsc#1012628).
- habanalabs: cannot sleep while holding spinlock (bsc#1012628).
- habanalabs: add "in device creation" status (bsc#1012628).
- habanalabs: fix mmu node address resolution in debugfs
(bsc#1012628).
- habanalabs: add validity check for event ID received from F/W
(bsc#1012628).
- drm/amdgpu: fix fdinfo race with process exit (bsc#1012628).
- drm/amd/display: Fix memory leak reported by coverity
(bsc#1012628).
- drm/amdgpu: Fixes to returning VBIOS RAS EEPROM address
(bsc#1012628).
- habanalabs: fix nullifying of destroyed mmu pgt pool
(bsc#1012628).
- thermal/drivers/rcar_gen3_thermal: Store TSC id as unsigned int
(bsc#1012628).
- nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group
(bsc#1012628).
- nilfs2: fix memory leak in nilfs_sysfs_create_snapshot_group
(bsc#1012628).
- nilfs2: fix memory leak in nilfs_sysfs_delete_##name##_group
(bsc#1012628).
- nilfs2: fix memory leak in nilfs_sysfs_create_##name##_group
(bsc#1012628).
- nilfs2: fix NULL pointer in nilfs_##name##_attr_release
(bsc#1012628).
- nilfs2: fix memory leak in nilfs_sysfs_create_device_group
(bsc#1012628).
- btrfs: fix lockdep warning while mounting sprout fs
(bsc#1012628).
- btrfs: delay blkdev_put until after the device remove
(bsc#1012628).
- btrfs: update the bdev time directly when closing (bsc#1012628).
- s390/unwind: use current_frame_address() to unwind current task
(bsc#1012628).
- ceph: lockdep annotations for try_nonblocking_invalidate
(bsc#1012628).
- ceph: remove the capsnaps when removing caps (bsc#1012628).
- ceph: request Fw caps before updating the mtime in
ceph_write_iter (bsc#1012628).
- ceph: fix memory leak on decode error in ceph_handle_caps
(bsc#1012628).
- ACPI: PM: s2idle: Run both AMD and Microsoft methods if both
are supported (bsc#1012628).
- ASoC: audio-graph: respawn Platform Support (bsc#1012628).
- s390: add kmemleak annotation in stack_alloc() (bsc#1012628).
- dmaengine: xilinx_dma: Set DMA mask for coherent APIs
(bsc#1012628).
- dmaengine: ioat: depends on !UML (bsc#1012628).
- cxl/pci: Introduce cdevm_file_operations (bsc#1012628).
- cxl: Move cxl_core to new directory (bsc#1012628).
- dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (bsc#1012628).
- dmaengine: idxd: depends on !UML (bsc#1012628).
- riscv: dts: microchip: mpfs-icicle: Fix serial console
(bsc#1012628).
- of: property: Disable fw_devlink DT support for X86
(bsc#1012628).
- drm/ttm: Fix a deadlock if the target BO is not idle during swap
(bsc#1012628).
- arm64: mm: limit linear region to 51 bits for KVM in nVHE mode
(bsc#1012628).
- iommu/vt-d: Fix a deadlock in intel_svm_drain_prq()
(bsc#1012628).
- iommu/vt-d: Fix PASID leak in intel_svm_unbind_mm()
(bsc#1012628).
- iommu/amd: Relocate GAMSup check to early_enable_iommus
(bsc#1012628).
- parisc: Move pci_dev_is_behind_card_dino to where it is used
(bsc#1012628).
- dma-buf: DMABUF_DEBUG should depend on DMA_SHARED_BUFFER
(bsc#1012628).
- Update config files.
- dma-buf: DMABUF_MOVE_NOTIFY should depend on DMA_SHARED_BUFFER
(bsc#1012628).
- Update config files.
- drivers: base: cacheinfo: Get rid of
DEFINE_SMP_CALL_CACHE_FUNCTION() (bsc#1012628).
- drm/amdgpu: Disable PCIE_DPM on Intel RKL Platform
(bsc#1012628).
- thermal/core: Fix thermal_cooling_device_register() prototype
(bsc#1012628).
- tracing/boot: Fix to loop on only subkeys (bsc#1012628).
- tools/bootconfig: Fix tracing_on option checking in
ftrace2bconf.sh (bsc#1012628).
- Kconfig.debug: drop selecting non-existing
HARDLOCKUP_DETECTOR_ARCH (bsc#1012628).
- init: move usermodehelper_enable() to populate_rootfs()
(bsc#1012628).
- math: RATIONAL_KUNIT_TEST should depend on RATIONAL instead
of selecting it (bsc#1012628).
- SUNRPC: don't pause on incomplete allocation (bsc#1012628).
- s390/entry: make oklabel within CHKSTG macro local
(bsc#1012628).
- platform/chrome: cros_ec_trace: Fix format warnings
(bsc#1012628).
- platform/chrome: sensorhub: Add trace events for sample
(bsc#1012628).
- dmaengine: idxd: clear block on fault flag when clear wq
(bsc#1012628).
- dmaengine: idxd: fix abort status check (bsc#1012628).
- dmaengine: idxd: fix wq slot allocation index check
(bsc#1012628).
- dmaengine: idxd: have command status always set (bsc#1012628).
- dmanegine: idxd: cleanup all device related bits after disabling
device (bsc#1012628).
- pwm: mxs: Don't modify HW state in .probe() after the PWM chip
was registered (bsc#1012628).
- pwm: lpc32xx: Don't modify HW state in .probe() after the PWM
chip was registered (bsc#1012628).
- ceph: cancel delayed work instead of flushing on mdsc teardown
(bsc#1012628).
- thermal/drivers/qcom/spmi-adc-tm5: Don't abort probing if a
sensor is not used (bsc#1012628).
- PM: sleep: core: Avoid setting power.must_resume to false
(bsc#1012628).
- profiling: fix shift-out-of-bounds bugs (bsc#1012628).
- nilfs2: use refcount_dec_and_lock() to fix potential UAF
(bsc#1012628).
- prctl: allow to setup brk for et_dyn executables (bsc#1012628).
- pwm: ab8500: Fix register offset calculation to not depend on
probe order (bsc#1012628).
- 9p/trans_virtio: Remove sysfs file on probe failure
(bsc#1012628).
- thermal/drivers/exynos: Fix an error code in exynos_tmu_probe()
(bsc#1012628).
- n64cart: fix return value check in n64cart_probe()
(bsc#1012628).
- staging: rtl8723bs: fix wpa_set_auth_algs() function
(bsc#1012628).
- perf tools: Allow build-id with trailing zeros (bsc#1012628).
- perf symbol: Look for ImageBase in PE file to compute .text
offset (bsc#1012628).
- perf test: Fix bpf test sample mismatch reporting (bsc#1012628).
- dmaengine: acpi: Avoid comparison GSI with Linux vIRQ
(bsc#1012628).
- RDMA/mlx5: Fix xlt_chunk_align calculation (bsc#1012628).
- RDMA/hns: Enable stash feature of HIP09 (bsc#1012628).
- um: virtio_uml: fix memory leak on init failures (bsc#1012628).
- coredump: fix memleak in dump_vma_snapshot() (bsc#1012628).
- um: fix stub location calculation (bsc#1012628).
- staging: rtl8192u: Fix bitwise vs logical operator in
TranslateRxSignalStuff819xUsb() (bsc#1012628).
- console: consume APC, DM, DCS (bsc#1012628).
- PCI: aardvark: Fix reporting CRS value (bsc#1012628).
- PCI: pci-bridge-emul: Add PCIe Root Capabilities Register
(bsc#1012628).
- commit 94242c6
- kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as
well.
Fixes: e98096d5cf85 ("rpm: Abolish scritplet templating (bsc#1189841).")
- commit e082fbf
- Linux 5.14.7 (bsc#1012628).
- net: stmmac: fix MAC not working when system resume back with
WoL active (bsc#1012628).
- io_uring: ensure symmetry in handling iter types in
loop_rw_iter() (bsc#1012628).
- swiotlb-xen: avoid double free (bsc#1012628).
- swiotlb-xen: fix late init retry (bsc#1012628).
- xen: reset legacy rtc flag for PV domU (bsc#1012628).
- xen: fix usage of pmd_populate in mremap for pv guests
(bsc#1012628).
- bnx2x: Fix enabling network interfaces without VFs
(bsc#1012628).
- arm64/sve: Use correct size when reinitialising SVE state
(bsc#1012628).
- PM: base: power: don't try to use non-existing RTC for storing
data (bsc#1012628).
- PCI: Add AMD GPU multi-function power dependencies
(bsc#1012628).
- drm/amd/display: Get backlight from PWM if DMCU is not
initialized (bsc#1012628).
- drm/amd/display: dsc mst 2 4K displays go dark with 2 lane HBR3
(bsc#1012628).
- drm/amd/display: Fix white screen page fault for gpuvm
(bsc#1012628).
- drm/amd/pm: fix runpm hang when amdgpu loaded prior to sound
driver (bsc#1012628).
- drm/amd/amdgpu: Increase HWIP_MAX_INSTANCE to 10 (bsc#1012628).
- drm/amdgpu: use IS_ERR for debugfs APIs (bsc#1012628).
- drm/amdgpu: fix use after free during BO move (bsc#1012628).
- drm/amdgpu: add amdgpu_amdkfd_resume_iommu (bsc#1012628).
- drm/amdgpu: move iommu_resume before ip init/resume
(bsc#1012628).
- drm/amd/pm: fix the issue of uploading powerplay table
(bsc#1012628).
- drm/amdkfd: separate kfd_iommu_resume from kfd_resume
(bsc#1012628).
- drm/radeon: pass drm dev radeon_agp_head_init directly
(bsc#1012628).
- io_uring: allow retry for O_NONBLOCK if async is supported
(bsc#1012628).
- drm/etnaviv: return context from etnaviv_iommu_context_get
(bsc#1012628).
- drm/etnaviv: put submit prev MMU context when it exists
(bsc#1012628).
- drm/etnaviv: stop abusing mmu_context as FE running marker
(bsc#1012628).
- drm/etnaviv: keep MMU context across runtime suspend/resume
(bsc#1012628).
- drm/etnaviv: exec and MMU state is lost when resetting the GPU
(bsc#1012628).
- drm/etnaviv: fix MMU context leak on GPU reset (bsc#1012628).
- drm/etnaviv: reference MMU context when setting up hardware
state (bsc#1012628).
- drm/etnaviv: add missing MMU context put when reaping MMU
mapping (bsc#1012628).
- s390/sclp: fix Secure-IPL facility detection (bsc#1012628).
- net: qrtr: revert check in qrtr_endpoint_post() (bsc#1012628).
- x86/pat: Pass valid address to sanitize_phys() (bsc#1012628).
- x86/mm: Fix kern_addr_valid() to cope with existing but not
present entries (bsc#1012628).
- x86/mce: Avoid infinite loop for copy from user recovery
(bsc#1012628).
- net: remove the unnecessary check in cipso_v4_doi_free
(bsc#1012628).
- net/{mlx5|nfp|bnxt}: Remove unnecessary RTNL lock assert
(bsc#1012628).
- net-caif: avoid user-triggerable WARN_ON(1) (bsc#1012628).
- ptp: dp83640: don't define PAGE0 (bsc#1012628).
- dccp: don't duplicate ccid when cloning dccp sock (bsc#1012628).
- net/l2tp: Fix reference count leak in l2tp_udp_recv_core
(bsc#1012628).
- r6040: Restore MDIO clock frequency after MAC reset
(bsc#1012628).
- tipc: increase timeout in tipc_sk_enqueue() (bsc#1012628).
- drm/rockchip: cdn-dp-core: Make cdn_dp_core_resume
__maybe_unused (bsc#1012628).
- rtc: cmos: Disable irq around direct invocation of
cmos_interrupt() (bsc#1012628).
- drm/i915/dp: return proper DPRX link training result
(bsc#1012628).
- perf machine: Initialize srcline string member in add_location
struct (bsc#1012628).
- net/mlx5: FWTrace, cancel work on alloc pd error flow
(bsc#1012628).
- net/mlx5: Fix potential sleeping in atomic context
(bsc#1012628).
- net: stmmac: fix system hang caused by eee_ctrl_timer during
suspend/resume (bsc#1012628).
- igc: fix tunnel offloading (bsc#1012628).
- nvme-tcp: fix io_work priority inversion (bsc#1012628).
- powerpc/64s: system call scv tabort fix for corrupt irq
soft-mask state (bsc#1012628).
- events: Reuse value read using READ_ONCE instead of re-reading
it (bsc#1012628).
- net: ipa: initialize all filter table slots (bsc#1012628).
- gen_compile_commands: fix missing 'sys' package (bsc#1012628).
- vhost_net: fix OoB on sendmsg() failure (bsc#1012628).
- net/af_unix: fix a data-race in unix_dgram_poll (bsc#1012628).
- net: dsa: destroy the phylink instance on any error in
dsa_slave_phy_setup (bsc#1012628).
- x86/uaccess: Fix 32-bit __get_user_asm_u64() when
CC_HAS_ASM_GOTO_OUTPUT=y (bsc#1012628).
- tcp: fix tp->undo_retrans accounting in tcp_sacktag_one()
(bsc#1012628).
- selftest: net: fix typo in altname test (bsc#1012628).
- qed: Handle management FW error (bsc#1012628).
- udp_tunnel: Fix udp_tunnel_nic work-queue type (bsc#1012628).
- dt-bindings: arm: Fix Toradex compatible typo (bsc#1012628).
- ibmvnic: check failover_pending in login response (bsc#1012628).
- KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode
changing registers (bsc#1012628).
- powerpc/64s: system call rfscv workaround for TM bugs
(bsc#1012628).
- powerpc/mce: Fix access error in mce handler (bsc#1012628).
- s390/pci_mmio: fully validate the VMA before calling
follow_pte() (bsc#1012628).
- bnxt_en: make bnxt_free_skbs() safe to call after
bnxt_free_mem() (bsc#1012628).
- net: hns3: pad the short tunnel frame before sending to hardware
(bsc#1012628).
- net: hns3: change affinity_mask to numa node range
(bsc#1012628).
- net: hns3: disable mac in flr process (bsc#1012628).
- net: hns3: fix the timing issue of VF clearing interrupt sources
(bsc#1012628).
- net: stmmac: platform: fix build warning when with
!CONFIG_PM_SLEEP (bsc#1012628).
- Drivers: hv: vmbus: Fix kernel crash upon unbinding a device
from uio_hv_generic driver (bsc#1012628).
- net/mlx5e: Fix mutual exclusion between CQE compression and
HW TS (bsc#1012628).
- ice: Correctly deal with PFs that do not support RDMA
(bsc#1012628).
- net: dsa: qca8k: fix kernel panic with legacy mdio mapping
(bsc#1012628).
- net: dsa: lantiq_gswip: Add 200ms assert delay (bsc#1012628).
- net: hns3: fix the exception when query imp info (bsc#1012628).
- nvme: avoid race in shutdown namespace removal (bsc#1012628).
- blkcg: fix memory leak in blk_iolatency_init (bsc#1012628).
- net: dsa: flush switchdev workqueue before tearing down CPU/DSA
ports (bsc#1012628).
- mlxbf_gige: clear valid_polarity upon open (bsc#1012628).
- dt-bindings: mtd: gpmc: Fix the ECC bytes vs. OOB bytes equation
(bsc#1012628).
- remoteproc: qcom: wcnss: Fix race with iris probe (bsc#1012628).
- mfd: db8500-prcmu: Adjust map to reality (bsc#1012628).
- PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms
(bsc#1012628).
- fuse: fix use after free in fuse_read_interrupt() (bsc#1012628).
- PCI: tegra194: Fix handling BME_CHGED event (bsc#1012628).
- PCI: tegra194: Fix MSI-X programming (bsc#1012628).
- PCI: tegra: Fix OF node reference leak (bsc#1012628).
- mfd: Don't use irq_create_mapping() to resolve a mapping
(bsc#1012628).
- PCI: rcar: Fix runtime PM imbalance in rcar_pcie_ep_probe()
(bsc#1012628).
- riscv: fix the global name pfn_base confliction error
(bsc#1012628).
- KVM: arm64: Make hyp_panic() more robust when protected mode
is enabled (bsc#1012628).
- tracing/probes: Reject events which have the same name of
existing one (bsc#1012628).
- PCI: cadence: Use bitfield for *quirk_retrain_flag* instead
of bool (bsc#1012628).
- PCI: cadence: Add quirk flag to set minimum delay in LTSSM
Detect.Quiet state (bsc#1012628).
- PCI: j721e: Add PCIe support for J7200 (bsc#1012628).
- PCI: j721e: Add PCIe support for AM64 (bsc#1012628).
- PCI: Add ACS quirks for Cavium multi-function devices
(bsc#1012628).
- watchdog: Start watchdog in watchdog_set_last_hw_keepalive
only if appropriate (bsc#1012628).
- octeontx2-af: Add additional register check to rvu_poll_reg()
(bsc#1012628).
- Set fc_nlinfo in nh_create_ipv4, nh_create_ipv6 (bsc#1012628).
- flow: fix object-size-mismatch warning in
flowi{4,6}_to_flowi_common() (bsc#1012628).
- net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920
(bsc#1012628).
- block, bfq: honor already-setup queue merges (bsc#1012628).
- PCI: ibmphp: Fix double unmap of io_mem (bsc#1012628).
- loop: reduce the loop_ctl_mutex scope (bsc#1012628).
- ethtool: Fix an error code in cxgb2.c (bsc#1012628).
- NTB: Fix an error code in ntb_msit_probe() (bsc#1012628).
- NTB: perf: Fix an error code in perf_setup_inbuf()
(bsc#1012628).
- stmmac: dwmac-loongson:Fix missing return value (bsc#1012628).
- net: phylink: add suspend/resume support (bsc#1012628).
- mfd: axp20x: Update AXP288 volatile ranges (bsc#1012628).
- backlight: ktd253: Stabilize backlight (bsc#1012628).
- PCI: controller: PCI_IXP4XX should depend on ARCH_IXP4XX
(bsc#1012628).
- PCI: of: Don't fail devm_pci_alloc_host_bridge() on missing
'ranges' (bsc#1012628).
- PCI: iproc: Fix BCMA probe resource handling (bsc#1012628).
- netfilter: nft_ct: protect nft_ct_pcpu_template_refcnt with
mutex (bsc#1012628).
- KVM: arm64: Restrict IPA size to maximum 48 bits on 4K and
16K page size (bsc#1012628).
- PCI: Fix pci_dev_str_match_path() alloc while atomic bug
(bsc#1012628).
- mfd: tqmx86: Clear GPIO IRQ resource when no IRQ is set
(bsc#1012628).
- tracing/boot: Fix a hist trigger dependency for boot time
tracing (bsc#1012628).
- mtd: mtdconcat: Judge callback existence based on the master
(bsc#1012628).
- mtd: mtdconcat: Check _read, _write callbacks existence before
assignment (bsc#1012628).
- KVM: arm64: Fix read-side race on updates to vcpu reset state
(bsc#1012628).
- KVM: arm64: Handle PSCI resets before userspace touches vCPU
state (bsc#1012628).
- PCI/PTM: Remove error message at boot (bsc#1012628).
- PCI: Sync __pci_register_driver() stub for CONFIG_PCI=n
(bsc#1012628).
- mtd: rawnand: cafe: Fix a resource leak in the error handling
path of 'cafe_nand_probe()' (bsc#1012628).
- ARC: export clear_user_page() for modules (bsc#1012628).
- perf config: Fix caching and memory leak in
perf_home_perfconfig() (bsc#1012628).
- perf unwind: Do not overwrite
FEATURE_CHECK_LDFLAGS-libunwind-{x86,aarch64} (bsc#1012628).
- perf bench inject-buildid: Handle writen() errors (bsc#1012628).
- gpio: mpc8xxx: Fix a resources leak in the error handling path
of 'mpc8xxx_probe()' (bsc#1012628).
- gpio: mpc8xxx: Fix a potential double iounmap call in
'mpc8xxx_probe()' (bsc#1012628).
- gpio: mpc8xxx: Use 'devm_gpiochip_add_data()' to simplify the
code and avoid a leak (bsc#1012628).
- io_uring: retry in case of short read on block device
(bsc#1012628).
- net: dsa: tag_rtl4_a: Fix egress tags (bsc#1012628).
- tools build: Fix feature detect clean for out of source builds
(bsc#1012628).
- mptcp: fix possible divide by zero (bsc#1012628).
- selftests: mptcp: clean tmp files in simult_flows (bsc#1012628).
- net: hso: add failure handler for add_net_device (bsc#1012628).
- net: dsa: b53: Fix calculating number of switch ports
(bsc#1012628).
- net: dsa: b53: Set correct number of ports in the DSA struct
(bsc#1012628).
- mptcp: Only send extra TCP acks in eligible socket states
(bsc#1012628).
- netfilter: socket: icmp6: fix use-after-scope (bsc#1012628).
- fq_codel: reject silly quantum parameters (bsc#1012628).
- qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom
(bsc#1012628).
- iwlwifi: move get pnvm file name to a separate function
(bsc#1012628).
- iwlwifi: pnvm: Fix a memory leak in 'iwl_pnvm_get_from_fs()'
(bsc#1012628).
- ip_gre: validate csum_start only on pull (bsc#1012628).
- net: dsa: b53: Fix IMP port setup on BCM5301x (bsc#1012628).
- bnxt_en: fix stored FW_PSID version masks (bsc#1012628).
- bnxt_en: Fix asic.rev in devlink dev info command (bsc#1012628).
- bnxt_en: Fix possible unintended driver initiated error recovery
(bsc#1012628).
- ip6_gre: Revert "ip6_gre: add validation for csum_start"
(bsc#1012628).
- mfd: lpc_sch: Rename GPIOBASE to prevent build error
(bsc#1012628).
- cxgb3: fix oops on module removal (bsc#1012628).
- net: renesas: sh_eth: Fix freeing wrong tx descriptor
(bsc#1012628).
- bnxt_en: Fix error recovery regression (bsc#1012628).
- net: dsa: bcm_sf2: Fix array overrun in
bcm_sf2_num_active_ports() (bsc#1012628).
- s390/bpf: Fix optimizing out zero-extensions (bsc#1012628).
- s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant
(bsc#1012628).
- s390/bpf: Fix branch shortening during codegen pass
(bsc#1012628).
- Update config files.
- commit aa9b3e1
- Revert "Revert "rpm: Abolish scritplet templating (bsc#1189841).""
This reverts commit f924054cc523527b52203e352adb073db0962f5f.
New suse-module-tools were accepted to factory:
https://build.opensuse.org/request/show/919089
- commit 6abad1e
==== ldb ====
Version update (2.3.0 -> 2.4.0)
- Update to version 2.4.0
+ Improve calculate_popt_array_length()
+ Use C99 initializers for builtin_popt_options[]
+ pyldb: Fix Message.items() for a message containing elements
+ pyldb: Add test for Message.items()
+ tests: Use ldbsearch '--scope instead of '-s'
+ pyldb: fix a typo
+ Change page size of guidindexpackv1.ldb
+ Use a 1MiB lmdb so the test also passes on aarch64 CentOS stream
+ attrib_handler casefold: simplify space dropping
+ fix ldb_comparison_fold off-by-one overrun
+ CVE-2020-27840: pytests: move Dn.validate test to ldb
+ CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode
+ CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds
+ CVE-2021-20277 ldb tests: ldb_match tests with extra spaces
+ improve comments for ldb_module_connect_backend()
+ test/ldb_tdb: correct introductory comments
+ ldb.h: remove undefined async_ctx function signatures
+ correct comments in attrib_handers val_to_int64
+ dn tests use cmocka print functions
+ ldb_match: remove redundant check
+ add tests for ldb_wildcard_compare
+ ldb_match: trailing chunk must match end of string
+ pyldb: catch potential overflow error in py_timestring
+ ldb: remove some 'if PY3's in tests
+ Add missing break in switch statement
==== libcap ====
Version update (2.51 -> 2.59)
- update to 2.59:
* Fixed a potential libcap memory leak by adding a destructor
* Major improvement is that there is a path for Linux-PAM compliant
applications to support setting Ambient vector Capabilities via pam_cap.so now
* Added libcap cap_proc_root() API function
* Added color support to captree
* Fixed contrib/sucap/su to correctly handle the Inheritable flag
* capsh enhancements
* getcap -r / now generates readable output
* The shared library objects: pam_cap.so, libcap.so and libpsx.so, are all now
runnable as standalone binaries
* The module pam_cap.so now contains support for a default=<IAB> module argument
* Enhanced capsh --suggest to also compare against the capability value names
and not just their descriptions
* Added capsh --current support
* Added a contrib/sucap/su.c pure-capabilities PAM implementation of su
* Fix for a corner case infinite loop handling long strings
* Added libcap cap_iab_compare() and cap_iab_get_pid() APIs
* Added a Go utility, captree, to display the process (and thread) graph along with
the POSIX.1e and IAB capabilities of each PID{TID} tree.
==== libjpeg-turbo ====
- previous version updates fixes following bugs:
CVE-2014-9092, CVE-2018-14498, CVE-2019-2201, CVE-2020-17541
(bsc#1128712, bsc#1186764, bsc#807183, bsc#906761)
==== libsolv ====
Version update (0.7.19 -> 0.7.20)
- fix misparsing of '&' in attributes with libxml2
- choice rules: treat orphaned packages as newest [bsc#1190465]
- fix compatibility with Python 3.10
- new SOLVER_EXCLUDEFROMWEAK job type
- support for environments in comps parser
- bump version to 0.7.20
- Disable python2 usage on suse_version >= 1550 by default (still
possible to use osc build --with=python).
==== libsoup2 ====
- Add libsoup2-extend-test-cert.patch to fix tests after 2027 (boo#1102840)
==== lz4 ====
- version 1.9.3 fixes also CVE-2021-3520 [bsc#1185438]
==== suse-module-tools ====
Version update (16.0.10+7 -> 16.0.11)
- Update to version 16.0.11:
* inkmp-script(postun): don't pass existing files to weak-modules2
(boo#1191200)
* kernel-scriptlets: skip cert scriptlet on non-UEFI systems
(boo#1191260)
==== tar ====
- The following issues have already been fixed in this package but
weren't previously mentioned in the changes file:
* bsc#1181131
* bsc#1120610
==== timezone ====
Version update (2021a -> 2021c)
- timezone update 2021c:
* Revert almost all of 2021b's changes to the 'backward' file
* Fix a bug in 'zic -b fat' that caused old timestamps to be
mishandled in 32-bit-only readers
- timezone update 2021b:
* Jordan now starts DST on February's last Thursday.
* Samoa no longer observes DST.
* Move some backward-compatibility links to 'backward'.
* Rename Pacific/Enderbury to Pacific/Kanton.
* Correct many pre-1993 transitions in Malawi, Portugal, etc.
* zic now creates each output file or link atomically.
* zic -L no longer omits the POSIX TZ string in its output.
* zic fixes for truncation and leap second table expiration.
* zic now follows POSIX for TZ strings using all-year DST.
* Fix some localtime crashes and bugs in obscure cases.
* zdump -v now outputs more-useful boundary cases.
* tzfile.5 better matches a draft successor to RFC 8536.
==== transactional-update ====
Version update (3.5.5 -> 3.5.6)
Subpackages: dracut-transactional-update libtukit0 transactional-update-zypp-config tukit
- Version 3.5.6
- tukit: Add S/390 bootloader support [bsc#1189807]
- t-u: support purge-kernels with t-u patch [bsc#1190788]
8 months, 3 weeks
- 1
- 0