openSUSE Kubic
Threads by month
- ----- 2024 -----
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
March 2022
- 12 participants
- 75 discussions
dhcp-client upgrade breaks automatic transactional-updates (due to manual intervention)
by Johannes Kastl 15 Mar '22
by Johannes Kastl 15 Mar '22
15 Mar '22
Hi everyone,
not sure if this was reported already, if not I can open a bugzilla if needed.
I just noticed that one of my openSUSE MicroOS machines was not updating
automatically anymore.
Seems like an update for dhcp-client-4.4.2.P1-7.3.x86_64 makes manual
intervention necessary:
> Problem: the to be installed dhcp-client-4.4.2.P1-7.3.x86_64 requires 'hostname', but this requirement cannot be provided
> not installable providers: hostname-3.23-2.10.i586[repo-oss]
> hostname-3.23-2.10.x86_64[repo-oss]
> Solution 1: deinstallation of busybox-hostname-1.35.0-21.2.noarch
> Solution 2: deinstallation of patterns-microos-base-5.0-44.1.x86_64
> Solution 3: keep obsolete patterns-microos-base-5.0-44.1.x86_64
> Solution 4: break dhcp-client-4.4.2.P1-7.3.x86_64 by ignoring some of its dependencies
>
> Choose from above solutions by number or cancel [1/2/3/4/c/d/?] (c):
Seems like it requires the "hostname" package, that is not installable as it
conflicts with "busybox-hostname":
> Problem: the installed busybox-hostname-1.35.0-21.2.noarch conflicts with 'hostname' provided by the to be installed hostname-3.23-2.10.x86_64
> Solution 1: deinstallation of busybox-hostname-1.35.0-21.2.noarch
> Solution 2: do not install hostname-3.23-2.10.x86_64
>
> Choose from above solutions by number or cancel [1/2/c/d/?] (c):
I replaced busybox-hostname with hostname, as it is on my other MicroOS
machines, and the "zypper dup" worked fine after that.
Not sure why this machine had it, but it was installed way after the other ones
and was installed with SELINUX enabled.
Kind Regards,
Johannes
--
Johannes Kastl
Linux Consultant & Trainer
Tel.: +49 (0) 151 2372 5802
Mail: kastl(a)b1-systems.de
B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg
http://www.b1-systems.de
GF: Ralph Dehner
Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537
5
5
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
curl (7.81.0 -> 7.82.0)
kernel-source (5.16.11 -> 5.16.14)
osinfo-db
pipewire (0.3.47 -> 0.3.48)
upower (0.99.16+4 -> 0.99.17)
=== Details ===
==== curl ====
Version update (7.81.0 -> 7.82.0)
Subpackages: libcurl4
- Fix: openssl: fix CN check error code
* Add curl-fix-verifyhost.patch
- Update to 7.82.0:
* curl: add --json command line option
* curl: make it so that sensitive command line arguments do not
show as easily in the output of ps(1)
* curl_multi_socket.3: remove callback and typical usage descriptions
* ftp: provide error message for control bytes in path
* ldap: return CURLE_URL_MALFORMAT for bad URL
* lib: remove support for CURL_DOES_CONVERSIONS
* mqtt: plug some memory leaks
* multi: allow user callbacks to call curl_multi_assign
* multi: remember connection_id before returning connection to pool
* multi: set in_callback for multi interface callbacks
* netware: remove support
* ngtcp2: adapt to changed end of headers callback proto
* openldap: implement SASL authentication
* openssl: return error if TLS 1.3 is requested when not supported
* sectransp: mark a 3DES cipher as weak
* smb: pass socket for writing and reading data instead of FIRSTSOCKET
* tool_getparam: DNS options that need c-ares now fail without it
* TPF: drop support
* url: given a user in the URL, find pwd for that user in netrc
* url: keep trailing dot in host name
* urlapi: handle "redirects" smarter
* urldata: CONN_IS_PROXIED replaces bits.proxy when proxy can be disabled
* urldata: remove conn->bits.user_passwd
==== kernel-source ====
Version update (5.16.11 -> 5.16.14)
- Linux 5.16.14 (bsc#1012628).
- Revert "ACPI: PM: s2idle: Cancel wakeup before dispatching EC
GPE" (bsc#1012628).
- xen/netfront: react properly to failing
gnttab_end_foreign_access_ref() (bsc#1012628).
- xen/gnttab: fix gnttab_end_foreign_access() without page
specified (bsc#1012628).
- xen/pvcalls: use alloc/free_pages_exact() (bsc#1012628).
- xen/9p: use alloc/free_pages_exact() (bsc#1012628).
- xen: remove gnttab_query_foreign_access() (bsc#1012628).
- xen/gntalloc: don't use gnttab_query_foreign_access()
(bsc#1012628).
- xen/scsifront: don't use gnttab_query_foreign_access() for
mapped status (bsc#1012628).
- xen/netfront: don't use gnttab_query_foreign_access() for
mapped status (bsc#1012628).
- xen/blkfront: don't use gnttab_query_foreign_access() for
mapped status (bsc#1012628).
- xen/grant-table: add gnttab_try_end_foreign_access()
(bsc#1012628).
- xen/xenbus: don't let xenbus_grant_ring() remove grants in
error case (bsc#1012628).
- ARM: fix build warning in proc-v7-bugs.c (bsc#1012628).
- arm64: Do not include __READ_ONCE() block in assembly files
(bsc#1012628).
- ARM: Do not use NOCROSSREFS directive with ld.lld (bsc#1012628).
- ARM: fix co-processor register typo (bsc#1012628).
- ARM: fix build error when BPF_SYSCALL is disabled (bsc#1012628).
- arm64: proton-pack: Include unprivileged eBPF status in Spectre
v2 mitigation reporting (bsc#1012628).
- arm64: Use the clearbhb instruction in mitigations
(bsc#1012628).
- KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered
and migrated (bsc#1012628).
- arm64: Mitigate spectre style branch history side channels
(bsc#1012628).
- Update config files.
- arm64: proton-pack: Report Spectre-BHB vulnerabilities as part
of Spectre-v2 (bsc#1012628).
- arm64: Add percpu vectors for EL1 (bsc#1012628).
- arm64: entry: Add macro for reading symbol addresses from the
trampoline (bsc#1012628).
- arm64: entry: Add vectors that have the bhb mitigation sequences
(bsc#1012628).
- arm64: entry: Add non-kpti __bp_harden_el1_vectors for
mitigations (bsc#1012628).
- arm64: entry: Allow the trampoline text to occupy multiple pages
(bsc#1012628).
- arm64: entry: Make the kpti trampoline's kpti sequence optional
(bsc#1012628).
- arm64: entry: Move trampoline macros out of ifdef'd section
(bsc#1012628).
- arm64: entry: Don't assume tramp_vectors is the start of the
vectors (bsc#1012628).
- arm64: entry: Allow tramp_alias to access symbols after the
4K boundary (bsc#1012628).
- arm64: entry: Move the trampoline data page before the text page
(bsc#1012628).
- arm64: entry: Free up another register on kpti's tramp_exit path
(bsc#1012628).
- arm64: entry: Make the trampoline cleanup optional
(bsc#1012628).
- KVM: arm64: Allow indirect vectors to be used without
SPECTRE_V3A (bsc#1012628).
- arm64: spectre: Rename spectre_v4_patch_fw_mitigation_conduit
(bsc#1012628).
- arm64: entry.S: Add ventry overflow sanity checks (bsc#1012628).
- arm64: cpufeature: add HWCAP for FEAT_RPRES (bsc#1012628).
- arm64: cpufeature: add HWCAP for FEAT_AFP (bsc#1012628).
- arm64: add ID_AA64ISAR2_EL1 sys register (bsc#1012628).
- ARM: include unprivileged BPF status in Spectre V2 reporting
(bsc#1012628).
- ARM: Spectre-BHB workaround (bsc#1012628).
- Update config files.
- ARM: use LOADADDR() to get load address of sections
(bsc#1012628).
- ARM: early traps initialisation (bsc#1012628).
- ARM: report Spectre v2 status through sysfs (bsc#1012628).
- Update config files.
- x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF +
SMT (bsc#1012628).
- x86/speculation: Warn about Spectre v2 LFENCE mitigation
(bsc#1012628).
- x86/speculation: Update link to AMD speculation whitepaper
(bsc#1012628).
- x86/speculation: Use generic retpoline by default on AMD
(bsc#1012628).
- x86/speculation: Include unprivileged eBPF status in Spectre
v2 mitigation reporting (bsc#1012628).
- Documentation/hw-vuln: Update spectre doc (bsc#1012628).
- x86/speculation: Add eIBRS + Retpoline options (bsc#1012628).
- x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
(bsc#1012628).
- commit 80acc65
- Bluetooth: btusb: Add missing Chicony device for Realtek
RTL8723BE (bsc#1196779).
- commit 714ef34
- Linux 5.16.13 (bsc#1012628).
- mac80211_hwsim: report NOACK frames in tx_status (bsc#1012628).
- mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work
(bsc#1012628).
- i2c: bcm2835: Avoid clock stretching timeouts (bsc#1012628).
- ASoC: rt5682s: do not block workqueue if card is unbound
(bsc#1012628).
- ASoC: rt5668: do not block workqueue if card is unbound
(bsc#1012628).
- ASoC: rt5682: do not block workqueue if card is unbound
(bsc#1012628).
- regulator: core: fix false positive in regulator_late_cleanup()
(bsc#1012628).
- Input: clear BTN_RIGHT/MIDDLE on buttonpads (bsc#1012628).
- btrfs: get rid of warning on transaction commit when using
flushoncommit (bsc#1012628).
- KVM: arm64: vgic: Read HW interrupt pending state from the HW
(bsc#1012628).
- block: loop:use kstatfs.f_bsize of backing file to set discard
granularity (bsc#1012628).
- tipc: fix a bit overflow in tipc_crypto_key_rcv() (bsc#1012628).
- cifs: do not use uninitialized data in the owner/group sid
(bsc#1012628).
- cifs: fix double free race when mount fails in cifs_get_root()
(bsc#1012628).
- HID: amd_sfh: Handle amd_sfh work buffer in PM ops
(bsc#1012628).
- HID: amd_sfh: Add functionality to clear interrupts
(bsc#1012628).
- HID: amd_sfh: Add interrupt handler to process interrupts
(bsc#1012628).
- cifs: modefromsids must add an ACE for authenticated users
(bsc#1012628).
- selftests/seccomp: Fix seccomp failure by adding missing headers
(bsc#1012628).
- drm/amd/pm: correct UMD pstate clocks for Dimgrey Cavefish
and Beige Goby (bsc#1012628).
- selftests/ftrace: Do not trace do_softirq because of PREEMPT_RT
(bsc#1012628).
- dmaengine: shdma: Fix runtime PM imbalance on error
(bsc#1012628).
- i2c: cadence: allow COMPILE_TEST (bsc#1012628).
- i2c: imx: allow COMPILE_TEST (bsc#1012628).
- i2c: qup: allow COMPILE_TEST (bsc#1012628).
- net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990
(bsc#1012628).
- block-map: add __GFP_ZERO flag for alloc_page in function
bio_copy_kern (bsc#1012628).
- exfat: reuse exfat_inode_info variable instead of calling
EXFAT_I() (bsc#1012628).
- exfat: fix i_blocks for files truncated over 4 GiB
(bsc#1012628).
- tracing: Add test for user space strings when filtering on
string pointers (bsc#1012628).
- arm64: Mark start_backtrace() notrace and NOKPROBE_SYMBOL
(bsc#1012628).
- serial: stm32: prevent TDR register overwrite when sending
x_char (bsc#1012628).
- KVM: arm64: Workaround Cortex-A510's single-step and PAC trap
errata (bsc#1012628).
- ext4: drop ineligible txn start stop APIs (bsc#1012628).
- ext4: simplify updating of fast commit stats (bsc#1012628).
- ext4: fast commit may not fallback for ineligible commit
(bsc#1012628).
- ext4: fast commit may miss file actions (bsc#1012628).
- sched/fair: Fix fault in reweight_entity (bsc#1012628).
- KVM: x86: Add KVM_CAP_ENABLE_CAP to x86 (bsc#1012628).
- ata: pata_hpt37x: fix PCI clock detection (bsc#1012628).
- drm/amdgpu: check vm ready by amdgpu_vm->evicting flag
(bsc#1012628).
- tracing: Add ustring operation to filtering string pointers
(bsc#1012628).
- ipv6: fix skb drops in igmp6_event_query() and
igmp6_event_report() (bsc#1012628).
- btrfs: defrag: bring back the old file extent search behavior
(bsc#1012628).
- btrfs: defrag: don't use merged extent map for their generation
check (bsc#1012628).
- ALSA: intel_hdmi: Fix reference to PCM buffer address
(bsc#1012628).
- ucounts: Fix systemd LimitNPROC with private users regression
(bsc#1012628).
- binfmt_elf: Avoid total_mapping_size for ET_EXEC (bsc#1012628).
- riscv/efi_stub: Fix get_boot_hartid_from_fdt() return value
(bsc#1012628).
- riscv: Fix config KASAN && SPARSEMEM && !SPARSE_VMEMMAP
(bsc#1012628).
- riscv: Fix config KASAN && DEBUG_VIRTUAL (bsc#1012628).
- iwlwifi: mvm: check debugfs_dir ptr before use (bsc#1012628).
- ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min
(bsc#1012628).
- iommu/vt-d: Fix double list_add when enabling VMD in scalable
mode (bsc#1012628).
- iommu/amd: Recover from event log overflow (bsc#1012628).
- drm/i915: s/JSP2/ICP2/ PCH (bsc#1012628).
- drm/amd/display: Reduce dmesg error to a debug print
(bsc#1012628).
- xen/netfront: destroy queues before real_num_tx_queues is zeroed
(bsc#1012628).
- thermal: core: Fix TZ_GET_TRIP NULL pointer dereference
(bsc#1012628).
- mac80211: fix EAPoL rekey fail in 802.3 rx path (bsc#1012628).
- blktrace: fix use after free for struct blk_trace (bsc#1012628).
- ntb: intel: fix port config status offset for SPR (bsc#1012628).
- mm: Consider __GFP_NOWARN flag for oversized kvmalloc() calls
(bsc#1012628).
- xfrm: fix MTU regression (bsc#1012628).
- netfilter: fix use-after-free in __nf_register_net_hook()
(bsc#1012628).
- bpf, sockmap: Do not ignore orig_len parameter (bsc#1012628).
- xfrm: fix the if_id check in changelink (bsc#1012628).
- xfrm: enforce validity of offload input flags (bsc#1012628).
- e1000e: Correct NVM checksum verification flow (bsc#1012628).
- net: fix up skbs delta_truesize in UDP GRO frag_list
(bsc#1012628).
- netfilter: nf_queue: don't assume sk is full socket
(bsc#1012628).
- netfilter: nf_queue: fix possible use-after-free (bsc#1012628).
- netfilter: nf_queue: handle socket prefetch (bsc#1012628).
- batman-adv: Request iflink once in batadv-on-batadv check
(bsc#1012628).
- batman-adv: Request iflink once in batadv_get_real_netdevice
(bsc#1012628).
- batman-adv: Don't expect inter-netns unique iflink indices
(bsc#1012628).
- net: ipv6: ensure we call ipv6_mc_down() at most once
(bsc#1012628).
- net: dcb: flush lingering app table entries for unregistered
devices (bsc#1012628).
- net: ipa: fix a build dependency (bsc#1012628).
- net: ipa: add an interconnect dependency (bsc#1012628).
- net/smc: fix connection leak (bsc#1012628).
- net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated
by client (bsc#1012628).
- net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause
by server (bsc#1012628).
- btrfs: fix ENOSPC failure when attempting direct IO write into
NOCOW range (bsc#1012628).
- platform/x86: amd-pmc: Set QOS during suspend on CZN w/ timer
wakeup (bsc#1012628).
- net: dsa: microchip: fix bridging with more than two member
ports (bsc#1012628).
- mac80211: fix forwarded mesh frames AC & queue selection
(bsc#1012628).
- net: stmmac: fix return value of __setup handler (bsc#1012628).
- mac80211: treat some SAE auth steps as final (bsc#1012628).
- iavf: Fix missing check for running netdev (bsc#1012628).
- net: sxgbe: fix return value of __setup handler (bsc#1012628).
- ibmvnic: register netdev after init of adapter (bsc#1012628).
- net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe()
(bsc#1012628).
- ixgbe: xsk: change !netif_carrier_ok() handling in
ixgbe_xmit_zc() (bsc#1012628).
- iavf: Fix deadlock in iavf_reset_task (bsc#1012628).
- efivars: Respect "block" flag in efivar_entry_set_safe()
(bsc#1012628).
- auxdisplay: lcd2s: Fix lcd2s_redefine_char() feature
(bsc#1012628).
- firmware: arm_scmi: Remove space in MODULE_ALIAS name
(bsc#1012628).
- ASoC: cs4265: Fix the duplicated control name (bsc#1012628).
- auxdisplay: lcd2s: Fix memory leak in ->remove() (bsc#1012628).
- auxdisplay: lcd2s: Use proper API to free the instance of
charlcd object (bsc#1012628).
- can: gs_usb: change active_channels's type from atomic_t to u8
(bsc#1012628).
- iommu/tegra-smmu: Fix missing put_device() call in
tegra_smmu_find (bsc#1012628).
- arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output
(bsc#1012628).
- igc: igc_read_phy_reg_gpy: drop premature return (bsc#1012628).
- ARM: Fix kgdb breakpoint for Thumb2 (bsc#1012628).
- mips: setup: fix setnocoherentio() boolean setting
(bsc#1012628).
- ARM: 9182/1: mmu: fix returns from early_param() and __setup()
functions (bsc#1012628).
- mptcp: Correctly set DATA_FIN timeout when number of retransmits
is large (bsc#1012628).
- selftests: mlxsw: tc_police_scale: Make test more robust
(bsc#1012628).
- pinctrl: sunxi: Use unique lockdep classes for IRQs
(bsc#1012628).
- igc: igc_write_phy_reg_gpy: drop premature return (bsc#1012628).
- ibmvnic: free reset-work-item when flushing (bsc#1012628).
- memfd: fix F_SEAL_WRITE after shmem huge page allocated
(bsc#1012628).
- s390/setup: preserve memory at OLDMEM_BASE and OLDMEM_SIZE
(bsc#1012628).
- s390/extable: fix exception table sorting (bsc#1012628).
- sched: Fix yet more sched_fork() races (bsc#1012628).
- arm64: dts: rockchip: drop pclk_xpcs from gmac0 on rk3568
(bsc#1012628).
- arm64: dts: juno: Remove GICv2m dma-range (bsc#1012628).
- arm64: dts: rockchip: fix Quartz64-A ddr regulator voltage
(bsc#1012628).
- arm64: dts: imx8mm: Fix VPU Hanging (bsc#1012628).
- iommu/amd: Fix I/O page table memory leak (bsc#1012628).
- MIPS: ralink: mt7621: do memory detection on KSEG1
(bsc#1012628).
- ARM: dts: switch timer config to common devkit8000 devicetree
(bsc#1012628).
- ARM: dts: Use 32KiHz oscillator on devkit8000 (bsc#1012628).
- soc: fsl: guts: Revert commit 3c0d64e867ed (bsc#1012628).
- soc: fsl: guts: Add a missing memory allocation failure check
(bsc#1012628).
- soc: fsl: qe: Check of ioremap return value (bsc#1012628).
- soc: imx: gpcv2: Fix clock disabling imbalance in error path
(bsc#1012628).
- netfilter: nf_tables: prefer kfree_rcu(ptr, rcu) variant
(bsc#1012628).
- ARM: tegra: Move panels to AUX bus (bsc#1012628).
- Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks
(bsc#1012628).
- can: etas_es58x: change opened_channel_cnt's type from atomic_t
to u8 (bsc#1012628).
- net: stmmac: enhance XDP ZC driver level switching performance
(bsc#1012628).
- net: stmmac: only enable DMA interrupts when ready
(bsc#1012628).
- ibmvnic: initialize rc before completing wait (bsc#1012628).
- ibmvnic: define flush_reset_queue helper (bsc#1012628).
- ibmvnic: complete init_done on transport events (bsc#1012628).
- ibmvnic: Update driver return codes (bsc#1012628).
- ibmvnic: init init_done_rc earlier (bsc#1012628).
- ibmvnic: clear fop when retrying probe (bsc#1012628).
- ibmvnic: Allow queueing resets during probe (bsc#1012628).
- net: chelsio: cxgb3: check the return value of
pci_find_capability() (bsc#1012628).
- net: sparx5: Fix add vlan when invalid operation (bsc#1012628).
- iavf: Add trace while removing device (bsc#1012628).
- iavf: Rework mutexes for better synchronisation (bsc#1012628).
- iavf: Add waiting so the port is initialized in remove
(bsc#1012628).
- iavf: Fix init state closure on remove (bsc#1012628).
- iavf: Fix locking for VIRTCHNL_OP_GET_OFFLOAD_VLAN_V2_CAPS
(bsc#1012628).
- iavf: Fix race in init state (bsc#1012628).
- iavf: Fix __IAVF_RESETTING state usage (bsc#1012628).
- drm/i915/guc/slpc: Correct the param count for unset param
(bsc#1012628).
- drm/bridge: ti-sn65dsi86: Properly undo autosuspend
(bsc#1012628).
- e1000e: Fix possible HW unit hang after an s0ix exit
(bsc#1012628).
- MIPS: ralink: mt7621: use bitwise NOT instead of logical
(bsc#1012628).
- nl80211: Handle nla_memdup failures in handle_nan_filter
(bsc#1012628).
- ptp: ocp: Add ptp_ocp_adjtime_coarse for large adjustments
(bsc#1012628).
- drm/amdgpu: fix suspend/resume hang regression (bsc#1012628).
- net: dcb: disable softirqs in dcbnl_flush_dev() (bsc#1012628).
- selftests: mlxsw: resource_scale: Fix return value
(bsc#1012628).
- net: stmmac: perserve TX and RX coalesce value during XDP setup
(bsc#1012628).
- Input: elan_i2c - move regulator_[en|dis]able() out of
elan_[en|dis]able_power() (bsc#1012628).
- Input: elan_i2c - fix regulator enable count imbalance after
suspend/resume (bsc#1012628).
- Input: samsung-keypad - properly state IOMEM dependency
(bsc#1012628).
- HID: add mapping for KEY_DICTATE (bsc#1012628).
- HID: add mapping for KEY_ALL_APPLICATIONS (bsc#1012628).
- tracing/histogram: Fix sorting on old "cpu" value (bsc#1012628).
- tracing: Fix return value of __setup handlers (bsc#1012628).
- btrfs: fix lost prealloc extents beyond eof after full fsync
(bsc#1012628).
- btrfs: fix relocation crash due to premature return from
btrfs_commit_transaction() (bsc#1012628).
- btrfs: subpage: fix a wrong check on subpage->writers
(bsc#1012628).
- btrfs: do not WARN_ON() if we have PageError set (bsc#1012628).
- btrfs: qgroup: fix deadlock between rescan worker and remove
qgroup (bsc#1012628).
- btrfs: add missing run of delayed items after unlink during
log replay (bsc#1012628).
- btrfs: fallback to blocking mode when doing async dio over
multiple extents (bsc#1012628).
- btrfs: do not start relocation until in progress drops are done
(bsc#1012628).
- Revert "xfrm: xfrm_state_mtu should return at least 1280 for
ipv6" (bsc#1012628).
- proc: fix documentation and description of pagemap
(bsc#1012628).
- x86/kvmclock: Fix Hyper-V Isolated VM's boot issue when vCPUs >
64 (bsc#1012628).
- s390/ftrace: fix arch_ftrace_get_regs implementation
(bsc#1012628).
- s390/ftrace: fix ftrace_caller/ftrace_regs_caller generation
(bsc#1012628).
- KVM: x86/mmu: Passing up the error state of
mmu_alloc_shadow_roots() (bsc#1012628).
- Update config files.
- commit bd40cb2
- Update
patches.kernel.org/5.16.11-207-lib-iov_iter-initialize-flags-in-new-pipe_bu…
(bsc#1012628 bsc#1196584 CVE-2022-0847).
Add references.
- commit 82f40a9
- nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION
(CVE-2022-26490 bsc#1196830).
- commit b002fe2
- config: ppc64{,le}: build vmx-crypto as module (bsc#1195768)
Building CONFIG_CRYPTO_DEV_VMX_ENCRYPT as module is the default in
mainline since v4.8, we use it in SLES and already in
config/ppc64/default. Thus unify it in the other configs.
There are build dependencies which has been fixed in mainline
647d41d3952d ("crypto: vmx - add missing dependencies")
(currently still at maintainer herbert/cryptodev-2.6 tree)
But instead of waiting commit to be accepted or backporting it we just
unify configs, which is useful anyway
- commit 70a0d71
- kernel-binary.spec: Also exclude the kernel signing key from devel package.
There is a check in OBS that fails when it is included. Also the key is
not reproducible.
Fixes: bb988d4625a3 ("kernel-binary: Do not include sourcedir in certificate path.")
- commit 68fa069
- rpm/check-for-config-changes: Ignore PAHOLE_VERSION.
- commit 88ba5ec
- Linux 5.16.12 (bsc#1012628).
- memblock: use kfree() to release kmalloced memblock regions
(bsc#1012628).
- gpio: tegra186: Fix chip_data type confusion (bsc#1012628).
- pinctrl: k210: Fix bias-pull-up (bsc#1012628).
- pinctrl: fix loop in k210_pinconf_get_drive() (bsc#1012628).
- tty: n_gsm: fix deadlock in gsmtty_open() (bsc#1012628).
- tty: n_gsm: fix wrong modem processing in convergence layer
type 2 (bsc#1012628).
- tty: n_gsm: fix wrong tty control line for flow control
(bsc#1012628).
- tty: n_gsm: fix NULL pointer access due to DLCI release
(bsc#1012628).
- tty: n_gsm: fix proper link termination after failed open
(bsc#1012628).
- tty: n_gsm: fix encoding of command/response bit (bsc#1012628).
- tty: n_gsm: fix encoding of control signal octet bit DV
(bsc#1012628).
- hugetlbfs: fix a truncation issue in hugepages parameter
(bsc#1012628).
- mm/hugetlb: fix kernel crash with hugetlb mremap (bsc#1012628).
- riscv: fix oops caused by irqsoff latency tracer (bsc#1012628).
- riscv: fix nommu_k210_sdcard_defconfig (bsc#1012628).
- IB/qib: Fix duplicate sysfs directory name (bsc#1012628).
- tps6598x: clear int mask on probe failure (bsc#1012628).
- staging: fbtft: fb_st7789v: reset display before initialization
(bsc#1012628).
- thermal: int340x: fix memory leak in int3400_notify()
(bsc#1012628).
- RDMA/cma: Do not change route.addr.src_addr outside state checks
(bsc#1012628).
- btrfs: reduce extent threshold for autodefrag (bsc#1012628).
- btrfs: autodefrag: only scan one inode once (bsc#1012628).
- btrfs: defrag: allow defrag_one_cluster() to skip large extent
which is not a target (bsc#1012628).
- btrfs: prevent copying too big compressed lzo segment
(bsc#1012628).
- btrfs: defrag: remove an ambiguous condition for rejection
(bsc#1012628).
- btrfs: defrag: don't defrag extents which are already at max
capacity (bsc#1012628).
- btrfs: defrag: don't try to merge regular extents with
preallocated extents (bsc#1012628).
- driver core: Free DMA range map when device is released
(bsc#1012628).
- mtd: core: Fix a conflict between MTD and NVMEM on wp-gpios
property (bsc#1012628).
- nvmem: core: Fix a conflict between MTD and NVMEM on wp-gpios
property (bsc#1012628).
- xhci: Prevent futile URB re-submissions due to incorrect return
value (bsc#1012628).
- xhci: re-initialize the HC during resume if HCE was set
(bsc#1012628).
- usb: dwc3: gadget: Let the interrupt handler disable bottom
halves (bsc#1012628).
- usb: dwc3: pci: Fix Bay Trail phy GPIO mappings (bsc#1012628).
- usb: dwc3: pci: Add "snps,dis_u2_susphy_quirk" for Intel Bay
Trail (bsc#1012628).
- usb: dwc2: drd: fix soft connect when gadget is unconfigured
(bsc#1012628).
- USB: serial: option: add Telit LE910R1 compositions
(bsc#1012628).
- USB: serial: option: add support for DW5829e (bsc#1012628).
- tracefs: Set the group ownership in apply_options() not
parse_options() (bsc#1012628).
- USB: gadget: validate endpoint index for xilinx udc
(bsc#1012628).
- usb: gadget: rndis: add spinlock for rndis response list
(bsc#1012628).
- Revert "USB: serial: ch341: add new Product ID for CH341A"
(bsc#1012628).
- ata: pata_hpt37x: disable primary channel on HPT371
(bsc#1012628).
- sc16is7xx: Fix for incorrect data being transmitted
(bsc#1012628).
- iio: Fix error handling for PM (bsc#1012628).
- iio: imu: st_lsm6dsx: wait for settling time in
st_lsm6dsx_read_oneshot (bsc#1012628).
- iio: accel: fxls8962af: add padding to regmap for SPI
(bsc#1012628).
- iio: adc: ad7124: fix mask used for setting AIN_BUFP & AIN_BUFM
bits (bsc#1012628).
- iio: adc: tsc2046: fix memory corruption by preventing array
overflow (bsc#1012628).
- iio: adc: men_z188_adc: Fix a resource leak in an error handling
path (bsc#1012628).
- iio:imu:adis16480: fix buffering for devices with no burst mode
(bsc#1012628).
- tracing: Have traceon and traceoff trigger honor the instance
(bsc#1012628).
- tracing: Dump stacktrace trigger to the corresponding instance
(bsc#1012628).
- bpf: Fix crash due to out of bounds access into reg2btf_ids
(bsc#1012628).
- bpf: Extend kfunc with PTR_TO_CTX, PTR_TO_MEM argument support
(bsc#1012628).
- RDMA/ib_srp: Fix a deadlock (bsc#1012628).
- configfs: fix a race in configfs_{,un}register_subsystem()
(bsc#1012628).
- bnxt_en: Increase firmware message response DMA wait time
(bsc#1012628).
- RDMA/rtrs-clt: Move free_permit from free_clt to rtrs_clt_close
(bsc#1012628).
- RDMA/rtrs-clt: Fix possible double free in error case
(bsc#1012628).
- net-timestamp: convert sk->sk_tskey to atomic_t (bsc#1012628).
- net: use sk_is_tcp() in more places (bsc#1012628).
- regmap-irq: Update interrupt clear register for proper reset
(bsc#1012628).
- gpio: rockchip: Reset int_bothedge when changing trigger
(bsc#1012628).
- PCI: mvebu: Fix device enumeration regression (bsc#1012628).
- spi: spi-zynq-qspi: Fix a NULL pointer dereference in
zynq_qspi_exec_mem_op() (bsc#1012628).
- net/mlx5e: Add missing increment of count (bsc#1012628).
- net/mlx5: Update log_max_qp value to be 17 at most
(bsc#1012628).
- net/mlx5: DR, Fix slab-out-of-bounds in mlx5_cmd_dr_create_fte
(bsc#1012628).
- net/mlx5e: kTLS, Use CHECKSUM_UNNECESSARY for device-offloaded
packets (bsc#1012628).
- net/mlx5e: MPLSoUDP decap, fix check for unsupported matches
(bsc#1012628).
- net/mlx5: DR, Fix the threshold that defines when pool sync
is initiated (bsc#1012628).
- net/mlx5: Fix wrong limitation of metadata match on ecpf
(bsc#1012628).
- net/mlx5: Fix possible deadlock on rule deletion (bsc#1012628).
- net/mlx5: DR, Don't allow match on IP w/o matching on full
ethertype/ip_version (bsc#1012628).
- ibmvnic: schedule failover only if vioctl fails (bsc#1012628).
- net/mlx5: DR, Cache STE shadow memory (bsc#1012628).
- udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister()
(bsc#1012628).
- surface: surface3_power: Fix battery readings on batteries
without a serial number (bsc#1012628).
- net/smc: Use a mutex for locking "struct smc_pnettable"
(bsc#1012628).
- netfilter: nf_tables: fix memory leak during stateful obj update
(bsc#1012628).
- net: mdio-ipq4019: add delay after clock enable (bsc#1012628).
- nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac()
(bsc#1012628).
- net: dsa: avoid call to __dev_set_promiscuity() while rtnl_mutex
isn't held (bsc#1012628).
- netfilter: nf_tables: unregister flowtable hooks on netns exit
(bsc#1012628).
- net: Force inlining of checksum functions in net/checksum.h
(bsc#1012628).
- net: ll_temac: check the return value of devm_kmalloc()
(bsc#1012628).
- net/sched: act_ct: Fix flow table lookup after ct clear or
switching zones (bsc#1012628).
- drm/amd/display: For vblank_disable_immediate, check PSR is
really used (bsc#1012628).
- drm/i915/dg2: Print PHY name properly on calibration error
(bsc#1012628).
- drm/vc4: crtc: Fix runtime_pm reference counting (bsc#1012628).
- block: clear iocb->private in blkdev_bio_end_io_async()
(bsc#1012628).
- net/mlx5e: TC, Reject rules with drop and modify hdr action
(bsc#1012628).
- net/mlx5e: TC, Reject rules with forward and drop actions
(bsc#1012628).
- net/mlx5e: Fix wrong return value on ioctl EEPROM query failure
(bsc#1012628).
- drm/edid: Always set RGB444 (bsc#1012628).
- openvswitch: Fix setting ipv6 fields causing hw csum failure
(bsc#1012628).
- net: mv643xx_eth: process retval from of_get_mac_address
(bsc#1012628).
- gso: do not skip outer ip header in case of ipip and
net_failover (bsc#1012628).
- clk: qcom: gcc-msm8994: Remove NoC clocks (bsc#1012628).
- tipc: Fix end of loop tests for list_for_each_entry()
(bsc#1012628).
- nvme: also mark passthrough-only namespaces ready in
nvme_update_ns_info (bsc#1012628).
- net: __pskb_pull_tail() & pskb_carve_frag_list() drop_monitor
friends (bsc#1012628).
- io_uring: add a schedule point in io_add_buffers()
(bsc#1012628).
- bpf: Add schedule points in batch ops (bsc#1012628).
- bpf: Fix a bpf_timer initialization issue (bsc#1012628).
- selftests: bpf: Check bpf_msg_push_data return value
(bsc#1012628).
- bpf: Do not try bpf_msg_push_data with len 0 (bsc#1012628).
- bpf: Fix crash due to incorrect copy_map_value (bsc#1012628).
- net/mlx5: Update the list of the PCI supported devices
(bsc#1012628).
- ice: initialize local variable 'tlv' (bsc#1012628).
- ice: check the return of ice_ptp_gettimex64 (bsc#1012628).
- ice: fix concurrent reset and removal of VFs (bsc#1012628).
- ice: fix setting l4 port flag when adding filter (bsc#1012628).
- net/mlx5: Fix tc max supported prio for nic mode (bsc#1012628).
- hwmon: Handle failure to register sensor with thermal zone
correctly (bsc#1012628).
- bnxt_en: Restore the resets_reliable flag in bnxt_open()
(bsc#1012628).
- bnxt_en: Fix incorrect multicast rx mask setting when not
requested (bsc#1012628).
- bnxt_en: Fix occasional ethtool -t loopback test failures
(bsc#1012628).
- bnxt_en: Fix offline ethtool selftest with RDMA enabled
(bsc#1012628).
- bnxt_en: Fix active FEC reporting to ethtool (bsc#1012628).
- bnxt_en: Fix devlink fw_activate (bsc#1012628).
- bnx2x: fix driver load from initrd (bsc#1012628).
- selftests: mptcp: be more conservative with cookie MPJ limits
(bsc#1012628).
- selftests: mptcp: fix diag instability (bsc#1012628).
- mptcp: add mibs counter for ignored incoming options
(bsc#1012628).
- mptcp: fix race in incoming ADD_ADDR option processing
(bsc#1012628).
- perf data: Fix double free in perf_session__delete()
(bsc#1012628).
- perf evlist: Fix failed to use cpu list for uncore events
(bsc#1012628).
- gpu: host1x: Always return syncpoint value when waiting
(bsc#1012628).
- Revert "i40e: Fix reset bw limit when DCB enabled with 1 TC"
(bsc#1012628).
- ping: remove pr_err from ping_lookup (bsc#1012628).
- netfilter: nf_tables_offload: incorrect flow offload action
array size (bsc#1012628).
- netfilter: xt_socket: missing ifdef CONFIG_IP6_NF_IPTABLES
dependency (bsc#1012628).
- netfilter: xt_socket: fix a typo in socket_mt_destroy()
(bsc#1012628).
- CDC-NCM: avoid overflow in sanity checking (bsc#1012628).
- USB: zaurus: support another broken Zaurus (bsc#1012628).
- sr9700: sanity check for packet length (bsc#1012628).
- drm/i915: Fix bw atomic check when switching between SAGV
vs. no SAGV (bsc#1012628).
- drm/i915: Correctly populate use_sagv_wm for all pipes
(bsc#1012628).
- drm/i915: Disconnect PHYs left connected by BIOS on disabled
ports (bsc#1012628).
- drm/i915: Widen the QGV point mask (bsc#1012628).
- drm/amdgpu: do not enable asic reset for raven2 (bsc#1012628).
- drm/amdgpu: disable MMHUB PG for Picasso (bsc#1012628).
- drm/amd: Check if ASPM is enabled from PCIe subsystem
(bsc#1012628).
- drm/amd/pm: fix some OEM SKU specific stability issues
(bsc#1012628).
- drm/amd/display: Protect update_bw_bounding_box FPU code
(bsc#1012628).
- drm/amd/display: Fix stream->link_enc unassigned during stream
removal (bsc#1012628).
- KVM: x86: nSVM: disallow userspace setting of
MSR_AMD64_TSC_RATIO to non default value when tsc scaling
disabled (bsc#1012628).
- KVM: x86/mmu: make apf token non-zero to fix bug (bsc#1012628).
- parisc/unaligned: Fix ldw() and stw() unalignment handlers
(bsc#1012628).
- parisc/unaligned: Fix fldd and fstd unaligned handlers on
32-bit kernel (bsc#1012628).
- vhost/vsock: don't check owner in vhost_vsock_stop() while
releasing (bsc#1012628).
- selinux: fix misuse of mutex_is_locked() (bsc#1012628).
- io_uring: disallow modification of rsrc_data during quiesce
(bsc#1012628).
- io_uring: don't convert to jiffies for waiting on timeouts
(bsc#1012628).
- clk: jz4725b: fix mmc0 clock gating (bsc#1012628).
- slab: remove __alloc_size attribute from __kmalloc_track_caller
(bsc#1012628).
- btrfs: tree-checker: check item_size for dev_item (bsc#1012628).
- btrfs: tree-checker: check item_size for inode_item
(bsc#1012628).
- cgroup-v1: Correct privileges check in release_agent writes
(bsc#1012628).
- cgroup/cpuset: Fix a race between cpuset_attach() and cpu
hotplug (bsc#1012628).
- mm/filemap: Fix handling of THPs in generic_file_buffered_read()
(bsc#1012628).
- commit 9b89dd3
==== osinfo-db ====
- bsc#1196965 - openSUSE Tumbleweed unattended installation with
libvirt fails
opensuse-autoyast-desktop.patch
==== pipewire ====
Version update (0.3.47 -> 0.3.48)
Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools
- Update to version 0.3.48:
* Highlights
- Fix IEC958 passthrough again.
- Fix pulse-server crashes when playing a sample.
- Support for more a more advanced upmixing algorithm.
- filter-chain now supports arbitrary many ports.
- Fix multichannel support in WINE (with new WirePlumber).
- Many bugfixes and improvements.
* PipeWire
- The work queue is now created in the context so we can fail
early and avoid further error checking in various places.
- Fix a potential use after free with threaded loops.
- The protocol now has a message footer. This is used to pass
around global state such as the last registered object
serial number. This can be used to detect when a client tries
to bind to old (but reused) object ids. This avoids some
races in the session manager but also when binding objects.
- The zero-denormals CPU flag is now not touched anymore unless
explicitly selected by the user. Denormals are avoided in
filter-chain now in software. If the zero-denormals are now
only configured in the data thread. This should fix issues
with luajit.
- Configuration parsing will not actually fail on errors.
- pw-top now correctly clips unicode characters.
- Many places now use a dynamic POD builder to support
arbitrary large property sets.
- pw-stream now support PropInfo parameters so that they can
announce custom properties.
- Serial number are now also set on metadata and
session-manager objects.
* SPA
- audioadapter is now smarter when trying to fixate the format.
It will use the PortConfig format to fill in any wildcards.
This results in the least amount of conversions when the
stream can handle it. It also is part of a fix (also requires
a session manager fix) for WINE multichannel support.
- Fix 5.1 to 2 channels mixing. It was using the volume of the
stereo pair on all channels.
- Fix some weird volume issues when a source is capturing and
channelmixing.
- Add stereo to 7.1 upmixing.
- The channelmix parameters can be changed at runtime now.
- Many improvements to the upmixing algorithms. Rear channels
are now constructed from the ambient sound and can have delay
and phase shift applied to them to improve spacialisation.
The stereo channels can be filtered so that the dialogue is
more concentrated in the centre channel.
* modules
- Module X11 bell received cleanups and improvements.
- The module now has a private method to schedule unload later.
This simplifies cleanup in many modules.
- module-filter-chain now handles arbitrary many ports and
control ports.
- Fix a bug in RAOP where it was reading from the wrong port.
* pulse-server
- Nodes with the DONT_MOVE property should fail with -EINVAL
when they are moved.
- Fix a segfault when playing a sample.
- The _FIX flags in pulse-server also now ignore the configured
sample format, just like pulseaudio does.
- Fix IEC958 passthrough again. It got accidentally broken
since 0.3.45 with a fix for another issue.
- Fix module-null-sink device.description.
* Bluetooth
- Don't try to connect HSP/HFP when no backend is available.
- Drop patches already included upstream:
* 0001-revert-loop-remove-destroy-list.patch
* 0002-pulse-server-free-pending-sample-reply.patch
- Rebase reduce-meson-dependency.patch.
- Enable pulseaudio-setup use on openSUSE Leap 15.4.
- Some spec clean-up.
==== upower ====
Version update (0.99.16+4 -> 0.99.17)
Subpackages: libupower-glib3 typelib-1_0-UpowerGlib-1_0
- Update to version 0.99.17:
+ Upstream release, no changes, versionbump only.
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=1&version=T…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
curl (7.81.0 -> 7.82.0)
etcd (3.4.16 -> 3.5.2)
kernel-source (5.16.11 -> 5.16.14)
rdma-core
=== Details ===
==== curl ====
Version update (7.81.0 -> 7.82.0)
Subpackages: libcurl4
- Fix: openssl: fix CN check error code
* Add curl-fix-verifyhost.patch
- Update to 7.82.0:
* curl: add --json command line option
* curl: make it so that sensitive command line arguments do not
show as easily in the output of ps(1)
* curl_multi_socket.3: remove callback and typical usage descriptions
* ftp: provide error message for control bytes in path
* ldap: return CURLE_URL_MALFORMAT for bad URL
* lib: remove support for CURL_DOES_CONVERSIONS
* mqtt: plug some memory leaks
* multi: allow user callbacks to call curl_multi_assign
* multi: remember connection_id before returning connection to pool
* multi: set in_callback for multi interface callbacks
* netware: remove support
* ngtcp2: adapt to changed end of headers callback proto
* openldap: implement SASL authentication
* openssl: return error if TLS 1.3 is requested when not supported
* sectransp: mark a 3DES cipher as weak
* smb: pass socket for writing and reading data instead of FIRSTSOCKET
* tool_getparam: DNS options that need c-ares now fail without it
* TPF: drop support
* url: given a user in the URL, find pwd for that user in netrc
* url: keep trailing dot in host name
* urlapi: handle "redirects" smarter
* urldata: CONN_IS_PROXIED replaces bits.proxy when proxy can be disabled
* urldata: remove conn->bits.user_passwd
==== etcd ====
Version update (3.4.16 -> 3.5.2)
- Add vendor-update.sh as a source to pass obs-service-source_validator
- Drop ETCD_UNSUPPORTED_ARCH=arm64 from sysconfig as ARM64 is now officially supported
- Update go version to 1.16
- Update etcd.conf variables
- Add the new etcdutl into separate subpackage
- Update vendor.tar.gz to include vendoring for server, etcdctl and etcdutl
* see ./vendor-update.sh
- Update to version 3.5.2:
* version: bump up to 3.5.2
* Update dep: require gopkg.in/yaml.v2 v2.2.8 -> v2.4.0 due to: CVE-2019-11254.
* fix runlock bug
* server: Require either cluster version v3.6 or --experimental-enable-lease-checkpoint-persist to persist lease remainingTTL
* etcdserver,integration: Store remaining TTL on checkpoint
* lease,integration: add checkpoint scheduling after leader change
* set the backend again after recovering v3 backend from snapshot
* *: implement a retry logic for auth old revision in the client
* client/v3: refresh the token when ErrUserEmpty is received while retrying
* server/etcdserver/api/etcdhttp: exclude the same alarm type activated by multiple peers
* storage/backend: Add a gauge to indicate if defrag is active (backport from 3.6)
- Update to version 3.5.1:
* version: 3.5.1
* Dockerfile: bump debian bullseye-20210927
* client: Use first endpoint as http2 authority header
* tests: Add grpc authority e2e tests
* client: Add grpc authority header integration tests
* tests: Allow configuring integration tests to use TCP
* test: Use unique number for grpc port
* tests: Cleanup member interface by exposing Bridge directly
* tests: Make using bridge optional
* tests: Rename grpcAddr to grpcURL to imply that it includes schema
* tests: Remove bridge dependency on unix
* Decouple prefixArgs from os.Env dependency
* server: Ensure that adding and removing members handle storev2 and backend out of sync
* Stop using tip golang version in CI
* fix self-signed-cert-validity parameter cannot be specified in the config file
* fix health endpoint not usable when authentication is enabled
* workflows: remove ARM64 job for maintenance
- Update to version 3.5.0:
* See link below, diff is too big
https://github.com/etcd-io/etcd/compare/v3.4.16...v3.5.0
==== kernel-source ====
Version update (5.16.11 -> 5.16.14)
- Linux 5.16.14 (bsc#1012628).
- Revert "ACPI: PM: s2idle: Cancel wakeup before dispatching EC
GPE" (bsc#1012628).
- xen/netfront: react properly to failing
gnttab_end_foreign_access_ref() (bsc#1012628).
- xen/gnttab: fix gnttab_end_foreign_access() without page
specified (bsc#1012628).
- xen/pvcalls: use alloc/free_pages_exact() (bsc#1012628).
- xen/9p: use alloc/free_pages_exact() (bsc#1012628).
- xen: remove gnttab_query_foreign_access() (bsc#1012628).
- xen/gntalloc: don't use gnttab_query_foreign_access()
(bsc#1012628).
- xen/scsifront: don't use gnttab_query_foreign_access() for
mapped status (bsc#1012628).
- xen/netfront: don't use gnttab_query_foreign_access() for
mapped status (bsc#1012628).
- xen/blkfront: don't use gnttab_query_foreign_access() for
mapped status (bsc#1012628).
- xen/grant-table: add gnttab_try_end_foreign_access()
(bsc#1012628).
- xen/xenbus: don't let xenbus_grant_ring() remove grants in
error case (bsc#1012628).
- ARM: fix build warning in proc-v7-bugs.c (bsc#1012628).
- arm64: Do not include __READ_ONCE() block in assembly files
(bsc#1012628).
- ARM: Do not use NOCROSSREFS directive with ld.lld (bsc#1012628).
- ARM: fix co-processor register typo (bsc#1012628).
- ARM: fix build error when BPF_SYSCALL is disabled (bsc#1012628).
- arm64: proton-pack: Include unprivileged eBPF status in Spectre
v2 mitigation reporting (bsc#1012628).
- arm64: Use the clearbhb instruction in mitigations
(bsc#1012628).
- KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered
and migrated (bsc#1012628).
- arm64: Mitigate spectre style branch history side channels
(bsc#1012628).
- Update config files.
- arm64: proton-pack: Report Spectre-BHB vulnerabilities as part
of Spectre-v2 (bsc#1012628).
- arm64: Add percpu vectors for EL1 (bsc#1012628).
- arm64: entry: Add macro for reading symbol addresses from the
trampoline (bsc#1012628).
- arm64: entry: Add vectors that have the bhb mitigation sequences
(bsc#1012628).
- arm64: entry: Add non-kpti __bp_harden_el1_vectors for
mitigations (bsc#1012628).
- arm64: entry: Allow the trampoline text to occupy multiple pages
(bsc#1012628).
- arm64: entry: Make the kpti trampoline's kpti sequence optional
(bsc#1012628).
- arm64: entry: Move trampoline macros out of ifdef'd section
(bsc#1012628).
- arm64: entry: Don't assume tramp_vectors is the start of the
vectors (bsc#1012628).
- arm64: entry: Allow tramp_alias to access symbols after the
4K boundary (bsc#1012628).
- arm64: entry: Move the trampoline data page before the text page
(bsc#1012628).
- arm64: entry: Free up another register on kpti's tramp_exit path
(bsc#1012628).
- arm64: entry: Make the trampoline cleanup optional
(bsc#1012628).
- KVM: arm64: Allow indirect vectors to be used without
SPECTRE_V3A (bsc#1012628).
- arm64: spectre: Rename spectre_v4_patch_fw_mitigation_conduit
(bsc#1012628).
- arm64: entry.S: Add ventry overflow sanity checks (bsc#1012628).
- arm64: cpufeature: add HWCAP for FEAT_RPRES (bsc#1012628).
- arm64: cpufeature: add HWCAP for FEAT_AFP (bsc#1012628).
- arm64: add ID_AA64ISAR2_EL1 sys register (bsc#1012628).
- ARM: include unprivileged BPF status in Spectre V2 reporting
(bsc#1012628).
- ARM: Spectre-BHB workaround (bsc#1012628).
- Update config files.
- ARM: use LOADADDR() to get load address of sections
(bsc#1012628).
- ARM: early traps initialisation (bsc#1012628).
- ARM: report Spectre v2 status through sysfs (bsc#1012628).
- Update config files.
- x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF +
SMT (bsc#1012628).
- x86/speculation: Warn about Spectre v2 LFENCE mitigation
(bsc#1012628).
- x86/speculation: Update link to AMD speculation whitepaper
(bsc#1012628).
- x86/speculation: Use generic retpoline by default on AMD
(bsc#1012628).
- x86/speculation: Include unprivileged eBPF status in Spectre
v2 mitigation reporting (bsc#1012628).
- Documentation/hw-vuln: Update spectre doc (bsc#1012628).
- x86/speculation: Add eIBRS + Retpoline options (bsc#1012628).
- x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
(bsc#1012628).
- commit 80acc65
- Bluetooth: btusb: Add missing Chicony device for Realtek
RTL8723BE (bsc#1196779).
- commit 714ef34
- Linux 5.16.13 (bsc#1012628).
- mac80211_hwsim: report NOACK frames in tx_status (bsc#1012628).
- mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work
(bsc#1012628).
- i2c: bcm2835: Avoid clock stretching timeouts (bsc#1012628).
- ASoC: rt5682s: do not block workqueue if card is unbound
(bsc#1012628).
- ASoC: rt5668: do not block workqueue if card is unbound
(bsc#1012628).
- ASoC: rt5682: do not block workqueue if card is unbound
(bsc#1012628).
- regulator: core: fix false positive in regulator_late_cleanup()
(bsc#1012628).
- Input: clear BTN_RIGHT/MIDDLE on buttonpads (bsc#1012628).
- btrfs: get rid of warning on transaction commit when using
flushoncommit (bsc#1012628).
- KVM: arm64: vgic: Read HW interrupt pending state from the HW
(bsc#1012628).
- block: loop:use kstatfs.f_bsize of backing file to set discard
granularity (bsc#1012628).
- tipc: fix a bit overflow in tipc_crypto_key_rcv() (bsc#1012628).
- cifs: do not use uninitialized data in the owner/group sid
(bsc#1012628).
- cifs: fix double free race when mount fails in cifs_get_root()
(bsc#1012628).
- HID: amd_sfh: Handle amd_sfh work buffer in PM ops
(bsc#1012628).
- HID: amd_sfh: Add functionality to clear interrupts
(bsc#1012628).
- HID: amd_sfh: Add interrupt handler to process interrupts
(bsc#1012628).
- cifs: modefromsids must add an ACE for authenticated users
(bsc#1012628).
- selftests/seccomp: Fix seccomp failure by adding missing headers
(bsc#1012628).
- drm/amd/pm: correct UMD pstate clocks for Dimgrey Cavefish
and Beige Goby (bsc#1012628).
- selftests/ftrace: Do not trace do_softirq because of PREEMPT_RT
(bsc#1012628).
- dmaengine: shdma: Fix runtime PM imbalance on error
(bsc#1012628).
- i2c: cadence: allow COMPILE_TEST (bsc#1012628).
- i2c: imx: allow COMPILE_TEST (bsc#1012628).
- i2c: qup: allow COMPILE_TEST (bsc#1012628).
- net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990
(bsc#1012628).
- block-map: add __GFP_ZERO flag for alloc_page in function
bio_copy_kern (bsc#1012628).
- exfat: reuse exfat_inode_info variable instead of calling
EXFAT_I() (bsc#1012628).
- exfat: fix i_blocks for files truncated over 4 GiB
(bsc#1012628).
- tracing: Add test for user space strings when filtering on
string pointers (bsc#1012628).
- arm64: Mark start_backtrace() notrace and NOKPROBE_SYMBOL
(bsc#1012628).
- serial: stm32: prevent TDR register overwrite when sending
x_char (bsc#1012628).
- KVM: arm64: Workaround Cortex-A510's single-step and PAC trap
errata (bsc#1012628).
- ext4: drop ineligible txn start stop APIs (bsc#1012628).
- ext4: simplify updating of fast commit stats (bsc#1012628).
- ext4: fast commit may not fallback for ineligible commit
(bsc#1012628).
- ext4: fast commit may miss file actions (bsc#1012628).
- sched/fair: Fix fault in reweight_entity (bsc#1012628).
- KVM: x86: Add KVM_CAP_ENABLE_CAP to x86 (bsc#1012628).
- ata: pata_hpt37x: fix PCI clock detection (bsc#1012628).
- drm/amdgpu: check vm ready by amdgpu_vm->evicting flag
(bsc#1012628).
- tracing: Add ustring operation to filtering string pointers
(bsc#1012628).
- ipv6: fix skb drops in igmp6_event_query() and
igmp6_event_report() (bsc#1012628).
- btrfs: defrag: bring back the old file extent search behavior
(bsc#1012628).
- btrfs: defrag: don't use merged extent map for their generation
check (bsc#1012628).
- ALSA: intel_hdmi: Fix reference to PCM buffer address
(bsc#1012628).
- ucounts: Fix systemd LimitNPROC with private users regression
(bsc#1012628).
- binfmt_elf: Avoid total_mapping_size for ET_EXEC (bsc#1012628).
- riscv/efi_stub: Fix get_boot_hartid_from_fdt() return value
(bsc#1012628).
- riscv: Fix config KASAN && SPARSEMEM && !SPARSE_VMEMMAP
(bsc#1012628).
- riscv: Fix config KASAN && DEBUG_VIRTUAL (bsc#1012628).
- iwlwifi: mvm: check debugfs_dir ptr before use (bsc#1012628).
- ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min
(bsc#1012628).
- iommu/vt-d: Fix double list_add when enabling VMD in scalable
mode (bsc#1012628).
- iommu/amd: Recover from event log overflow (bsc#1012628).
- drm/i915: s/JSP2/ICP2/ PCH (bsc#1012628).
- drm/amd/display: Reduce dmesg error to a debug print
(bsc#1012628).
- xen/netfront: destroy queues before real_num_tx_queues is zeroed
(bsc#1012628).
- thermal: core: Fix TZ_GET_TRIP NULL pointer dereference
(bsc#1012628).
- mac80211: fix EAPoL rekey fail in 802.3 rx path (bsc#1012628).
- blktrace: fix use after free for struct blk_trace (bsc#1012628).
- ntb: intel: fix port config status offset for SPR (bsc#1012628).
- mm: Consider __GFP_NOWARN flag for oversized kvmalloc() calls
(bsc#1012628).
- xfrm: fix MTU regression (bsc#1012628).
- netfilter: fix use-after-free in __nf_register_net_hook()
(bsc#1012628).
- bpf, sockmap: Do not ignore orig_len parameter (bsc#1012628).
- xfrm: fix the if_id check in changelink (bsc#1012628).
- xfrm: enforce validity of offload input flags (bsc#1012628).
- e1000e: Correct NVM checksum verification flow (bsc#1012628).
- net: fix up skbs delta_truesize in UDP GRO frag_list
(bsc#1012628).
- netfilter: nf_queue: don't assume sk is full socket
(bsc#1012628).
- netfilter: nf_queue: fix possible use-after-free (bsc#1012628).
- netfilter: nf_queue: handle socket prefetch (bsc#1012628).
- batman-adv: Request iflink once in batadv-on-batadv check
(bsc#1012628).
- batman-adv: Request iflink once in batadv_get_real_netdevice
(bsc#1012628).
- batman-adv: Don't expect inter-netns unique iflink indices
(bsc#1012628).
- net: ipv6: ensure we call ipv6_mc_down() at most once
(bsc#1012628).
- net: dcb: flush lingering app table entries for unregistered
devices (bsc#1012628).
- net: ipa: fix a build dependency (bsc#1012628).
- net: ipa: add an interconnect dependency (bsc#1012628).
- net/smc: fix connection leak (bsc#1012628).
- net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated
by client (bsc#1012628).
- net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause
by server (bsc#1012628).
- btrfs: fix ENOSPC failure when attempting direct IO write into
NOCOW range (bsc#1012628).
- platform/x86: amd-pmc: Set QOS during suspend on CZN w/ timer
wakeup (bsc#1012628).
- net: dsa: microchip: fix bridging with more than two member
ports (bsc#1012628).
- mac80211: fix forwarded mesh frames AC & queue selection
(bsc#1012628).
- net: stmmac: fix return value of __setup handler (bsc#1012628).
- mac80211: treat some SAE auth steps as final (bsc#1012628).
- iavf: Fix missing check for running netdev (bsc#1012628).
- net: sxgbe: fix return value of __setup handler (bsc#1012628).
- ibmvnic: register netdev after init of adapter (bsc#1012628).
- net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe()
(bsc#1012628).
- ixgbe: xsk: change !netif_carrier_ok() handling in
ixgbe_xmit_zc() (bsc#1012628).
- iavf: Fix deadlock in iavf_reset_task (bsc#1012628).
- efivars: Respect "block" flag in efivar_entry_set_safe()
(bsc#1012628).
- auxdisplay: lcd2s: Fix lcd2s_redefine_char() feature
(bsc#1012628).
- firmware: arm_scmi: Remove space in MODULE_ALIAS name
(bsc#1012628).
- ASoC: cs4265: Fix the duplicated control name (bsc#1012628).
- auxdisplay: lcd2s: Fix memory leak in ->remove() (bsc#1012628).
- auxdisplay: lcd2s: Use proper API to free the instance of
charlcd object (bsc#1012628).
- can: gs_usb: change active_channels's type from atomic_t to u8
(bsc#1012628).
- iommu/tegra-smmu: Fix missing put_device() call in
tegra_smmu_find (bsc#1012628).
- arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output
(bsc#1012628).
- igc: igc_read_phy_reg_gpy: drop premature return (bsc#1012628).
- ARM: Fix kgdb breakpoint for Thumb2 (bsc#1012628).
- mips: setup: fix setnocoherentio() boolean setting
(bsc#1012628).
- ARM: 9182/1: mmu: fix returns from early_param() and __setup()
functions (bsc#1012628).
- mptcp: Correctly set DATA_FIN timeout when number of retransmits
is large (bsc#1012628).
- selftests: mlxsw: tc_police_scale: Make test more robust
(bsc#1012628).
- pinctrl: sunxi: Use unique lockdep classes for IRQs
(bsc#1012628).
- igc: igc_write_phy_reg_gpy: drop premature return (bsc#1012628).
- ibmvnic: free reset-work-item when flushing (bsc#1012628).
- memfd: fix F_SEAL_WRITE after shmem huge page allocated
(bsc#1012628).
- s390/setup: preserve memory at OLDMEM_BASE and OLDMEM_SIZE
(bsc#1012628).
- s390/extable: fix exception table sorting (bsc#1012628).
- sched: Fix yet more sched_fork() races (bsc#1012628).
- arm64: dts: rockchip: drop pclk_xpcs from gmac0 on rk3568
(bsc#1012628).
- arm64: dts: juno: Remove GICv2m dma-range (bsc#1012628).
- arm64: dts: rockchip: fix Quartz64-A ddr regulator voltage
(bsc#1012628).
- arm64: dts: imx8mm: Fix VPU Hanging (bsc#1012628).
- iommu/amd: Fix I/O page table memory leak (bsc#1012628).
- MIPS: ralink: mt7621: do memory detection on KSEG1
(bsc#1012628).
- ARM: dts: switch timer config to common devkit8000 devicetree
(bsc#1012628).
- ARM: dts: Use 32KiHz oscillator on devkit8000 (bsc#1012628).
- soc: fsl: guts: Revert commit 3c0d64e867ed (bsc#1012628).
- soc: fsl: guts: Add a missing memory allocation failure check
(bsc#1012628).
- soc: fsl: qe: Check of ioremap return value (bsc#1012628).
- soc: imx: gpcv2: Fix clock disabling imbalance in error path
(bsc#1012628).
- netfilter: nf_tables: prefer kfree_rcu(ptr, rcu) variant
(bsc#1012628).
- ARM: tegra: Move panels to AUX bus (bsc#1012628).
- Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks
(bsc#1012628).
- can: etas_es58x: change opened_channel_cnt's type from atomic_t
to u8 (bsc#1012628).
- net: stmmac: enhance XDP ZC driver level switching performance
(bsc#1012628).
- net: stmmac: only enable DMA interrupts when ready
(bsc#1012628).
- ibmvnic: initialize rc before completing wait (bsc#1012628).
- ibmvnic: define flush_reset_queue helper (bsc#1012628).
- ibmvnic: complete init_done on transport events (bsc#1012628).
- ibmvnic: Update driver return codes (bsc#1012628).
- ibmvnic: init init_done_rc earlier (bsc#1012628).
- ibmvnic: clear fop when retrying probe (bsc#1012628).
- ibmvnic: Allow queueing resets during probe (bsc#1012628).
- net: chelsio: cxgb3: check the return value of
pci_find_capability() (bsc#1012628).
- net: sparx5: Fix add vlan when invalid operation (bsc#1012628).
- iavf: Add trace while removing device (bsc#1012628).
- iavf: Rework mutexes for better synchronisation (bsc#1012628).
- iavf: Add waiting so the port is initialized in remove
(bsc#1012628).
- iavf: Fix init state closure on remove (bsc#1012628).
- iavf: Fix locking for VIRTCHNL_OP_GET_OFFLOAD_VLAN_V2_CAPS
(bsc#1012628).
- iavf: Fix race in init state (bsc#1012628).
- iavf: Fix __IAVF_RESETTING state usage (bsc#1012628).
- drm/i915/guc/slpc: Correct the param count for unset param
(bsc#1012628).
- drm/bridge: ti-sn65dsi86: Properly undo autosuspend
(bsc#1012628).
- e1000e: Fix possible HW unit hang after an s0ix exit
(bsc#1012628).
- MIPS: ralink: mt7621: use bitwise NOT instead of logical
(bsc#1012628).
- nl80211: Handle nla_memdup failures in handle_nan_filter
(bsc#1012628).
- ptp: ocp: Add ptp_ocp_adjtime_coarse for large adjustments
(bsc#1012628).
- drm/amdgpu: fix suspend/resume hang regression (bsc#1012628).
- net: dcb: disable softirqs in dcbnl_flush_dev() (bsc#1012628).
- selftests: mlxsw: resource_scale: Fix return value
(bsc#1012628).
- net: stmmac: perserve TX and RX coalesce value during XDP setup
(bsc#1012628).
- Input: elan_i2c - move regulator_[en|dis]able() out of
elan_[en|dis]able_power() (bsc#1012628).
- Input: elan_i2c - fix regulator enable count imbalance after
suspend/resume (bsc#1012628).
- Input: samsung-keypad - properly state IOMEM dependency
(bsc#1012628).
- HID: add mapping for KEY_DICTATE (bsc#1012628).
- HID: add mapping for KEY_ALL_APPLICATIONS (bsc#1012628).
- tracing/histogram: Fix sorting on old "cpu" value (bsc#1012628).
- tracing: Fix return value of __setup handlers (bsc#1012628).
- btrfs: fix lost prealloc extents beyond eof after full fsync
(bsc#1012628).
- btrfs: fix relocation crash due to premature return from
btrfs_commit_transaction() (bsc#1012628).
- btrfs: subpage: fix a wrong check on subpage->writers
(bsc#1012628).
- btrfs: do not WARN_ON() if we have PageError set (bsc#1012628).
- btrfs: qgroup: fix deadlock between rescan worker and remove
qgroup (bsc#1012628).
- btrfs: add missing run of delayed items after unlink during
log replay (bsc#1012628).
- btrfs: fallback to blocking mode when doing async dio over
multiple extents (bsc#1012628).
- btrfs: do not start relocation until in progress drops are done
(bsc#1012628).
- Revert "xfrm: xfrm_state_mtu should return at least 1280 for
ipv6" (bsc#1012628).
- proc: fix documentation and description of pagemap
(bsc#1012628).
- x86/kvmclock: Fix Hyper-V Isolated VM's boot issue when vCPUs >
64 (bsc#1012628).
- s390/ftrace: fix arch_ftrace_get_regs implementation
(bsc#1012628).
- s390/ftrace: fix ftrace_caller/ftrace_regs_caller generation
(bsc#1012628).
- KVM: x86/mmu: Passing up the error state of
mmu_alloc_shadow_roots() (bsc#1012628).
- Update config files.
- commit bd40cb2
- Update
patches.kernel.org/5.16.11-207-lib-iov_iter-initialize-flags-in-new-pipe_bu…
(bsc#1012628 bsc#1196584 CVE-2022-0847).
Add references.
- commit 82f40a9
- nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION
(CVE-2022-26490 bsc#1196830).
- commit b002fe2
- config: ppc64{,le}: build vmx-crypto as module (bsc#1195768)
Building CONFIG_CRYPTO_DEV_VMX_ENCRYPT as module is the default in
mainline since v4.8, we use it in SLES and already in
config/ppc64/default. Thus unify it in the other configs.
There are build dependencies which has been fixed in mainline
647d41d3952d ("crypto: vmx - add missing dependencies")
(currently still at maintainer herbert/cryptodev-2.6 tree)
But instead of waiting commit to be accepted or backporting it we just
unify configs, which is useful anyway
- commit 70a0d71
- kernel-binary.spec: Also exclude the kernel signing key from devel package.
There is a check in OBS that fails when it is included. Also the key is
not reproducible.
Fixes: bb988d4625a3 ("kernel-binary: Do not include sourcedir in certificate path.")
- commit 68fa069
- rpm/check-for-config-changes: Ignore PAHOLE_VERSION.
- commit 88ba5ec
- Linux 5.16.12 (bsc#1012628).
- memblock: use kfree() to release kmalloced memblock regions
(bsc#1012628).
- gpio: tegra186: Fix chip_data type confusion (bsc#1012628).
- pinctrl: k210: Fix bias-pull-up (bsc#1012628).
- pinctrl: fix loop in k210_pinconf_get_drive() (bsc#1012628).
- tty: n_gsm: fix deadlock in gsmtty_open() (bsc#1012628).
- tty: n_gsm: fix wrong modem processing in convergence layer
type 2 (bsc#1012628).
- tty: n_gsm: fix wrong tty control line for flow control
(bsc#1012628).
- tty: n_gsm: fix NULL pointer access due to DLCI release
(bsc#1012628).
- tty: n_gsm: fix proper link termination after failed open
(bsc#1012628).
- tty: n_gsm: fix encoding of command/response bit (bsc#1012628).
- tty: n_gsm: fix encoding of control signal octet bit DV
(bsc#1012628).
- hugetlbfs: fix a truncation issue in hugepages parameter
(bsc#1012628).
- mm/hugetlb: fix kernel crash with hugetlb mremap (bsc#1012628).
- riscv: fix oops caused by irqsoff latency tracer (bsc#1012628).
- riscv: fix nommu_k210_sdcard_defconfig (bsc#1012628).
- IB/qib: Fix duplicate sysfs directory name (bsc#1012628).
- tps6598x: clear int mask on probe failure (bsc#1012628).
- staging: fbtft: fb_st7789v: reset display before initialization
(bsc#1012628).
- thermal: int340x: fix memory leak in int3400_notify()
(bsc#1012628).
- RDMA/cma: Do not change route.addr.src_addr outside state checks
(bsc#1012628).
- btrfs: reduce extent threshold for autodefrag (bsc#1012628).
- btrfs: autodefrag: only scan one inode once (bsc#1012628).
- btrfs: defrag: allow defrag_one_cluster() to skip large extent
which is not a target (bsc#1012628).
- btrfs: prevent copying too big compressed lzo segment
(bsc#1012628).
- btrfs: defrag: remove an ambiguous condition for rejection
(bsc#1012628).
- btrfs: defrag: don't defrag extents which are already at max
capacity (bsc#1012628).
- btrfs: defrag: don't try to merge regular extents with
preallocated extents (bsc#1012628).
- driver core: Free DMA range map when device is released
(bsc#1012628).
- mtd: core: Fix a conflict between MTD and NVMEM on wp-gpios
property (bsc#1012628).
- nvmem: core: Fix a conflict between MTD and NVMEM on wp-gpios
property (bsc#1012628).
- xhci: Prevent futile URB re-submissions due to incorrect return
value (bsc#1012628).
- xhci: re-initialize the HC during resume if HCE was set
(bsc#1012628).
- usb: dwc3: gadget: Let the interrupt handler disable bottom
halves (bsc#1012628).
- usb: dwc3: pci: Fix Bay Trail phy GPIO mappings (bsc#1012628).
- usb: dwc3: pci: Add "snps,dis_u2_susphy_quirk" for Intel Bay
Trail (bsc#1012628).
- usb: dwc2: drd: fix soft connect when gadget is unconfigured
(bsc#1012628).
- USB: serial: option: add Telit LE910R1 compositions
(bsc#1012628).
- USB: serial: option: add support for DW5829e (bsc#1012628).
- tracefs: Set the group ownership in apply_options() not
parse_options() (bsc#1012628).
- USB: gadget: validate endpoint index for xilinx udc
(bsc#1012628).
- usb: gadget: rndis: add spinlock for rndis response list
(bsc#1012628).
- Revert "USB: serial: ch341: add new Product ID for CH341A"
(bsc#1012628).
- ata: pata_hpt37x: disable primary channel on HPT371
(bsc#1012628).
- sc16is7xx: Fix for incorrect data being transmitted
(bsc#1012628).
- iio: Fix error handling for PM (bsc#1012628).
- iio: imu: st_lsm6dsx: wait for settling time in
st_lsm6dsx_read_oneshot (bsc#1012628).
- iio: accel: fxls8962af: add padding to regmap for SPI
(bsc#1012628).
- iio: adc: ad7124: fix mask used for setting AIN_BUFP & AIN_BUFM
bits (bsc#1012628).
- iio: adc: tsc2046: fix memory corruption by preventing array
overflow (bsc#1012628).
- iio: adc: men_z188_adc: Fix a resource leak in an error handling
path (bsc#1012628).
- iio:imu:adis16480: fix buffering for devices with no burst mode
(bsc#1012628).
- tracing: Have traceon and traceoff trigger honor the instance
(bsc#1012628).
- tracing: Dump stacktrace trigger to the corresponding instance
(bsc#1012628).
- bpf: Fix crash due to out of bounds access into reg2btf_ids
(bsc#1012628).
- bpf: Extend kfunc with PTR_TO_CTX, PTR_TO_MEM argument support
(bsc#1012628).
- RDMA/ib_srp: Fix a deadlock (bsc#1012628).
- configfs: fix a race in configfs_{,un}register_subsystem()
(bsc#1012628).
- bnxt_en: Increase firmware message response DMA wait time
(bsc#1012628).
- RDMA/rtrs-clt: Move free_permit from free_clt to rtrs_clt_close
(bsc#1012628).
- RDMA/rtrs-clt: Fix possible double free in error case
(bsc#1012628).
- net-timestamp: convert sk->sk_tskey to atomic_t (bsc#1012628).
- net: use sk_is_tcp() in more places (bsc#1012628).
- regmap-irq: Update interrupt clear register for proper reset
(bsc#1012628).
- gpio: rockchip: Reset int_bothedge when changing trigger
(bsc#1012628).
- PCI: mvebu: Fix device enumeration regression (bsc#1012628).
- spi: spi-zynq-qspi: Fix a NULL pointer dereference in
zynq_qspi_exec_mem_op() (bsc#1012628).
- net/mlx5e: Add missing increment of count (bsc#1012628).
- net/mlx5: Update log_max_qp value to be 17 at most
(bsc#1012628).
- net/mlx5: DR, Fix slab-out-of-bounds in mlx5_cmd_dr_create_fte
(bsc#1012628).
- net/mlx5e: kTLS, Use CHECKSUM_UNNECESSARY for device-offloaded
packets (bsc#1012628).
- net/mlx5e: MPLSoUDP decap, fix check for unsupported matches
(bsc#1012628).
- net/mlx5: DR, Fix the threshold that defines when pool sync
is initiated (bsc#1012628).
- net/mlx5: Fix wrong limitation of metadata match on ecpf
(bsc#1012628).
- net/mlx5: Fix possible deadlock on rule deletion (bsc#1012628).
- net/mlx5: DR, Don't allow match on IP w/o matching on full
ethertype/ip_version (bsc#1012628).
- ibmvnic: schedule failover only if vioctl fails (bsc#1012628).
- net/mlx5: DR, Cache STE shadow memory (bsc#1012628).
- udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister()
(bsc#1012628).
- surface: surface3_power: Fix battery readings on batteries
without a serial number (bsc#1012628).
- net/smc: Use a mutex for locking "struct smc_pnettable"
(bsc#1012628).
- netfilter: nf_tables: fix memory leak during stateful obj update
(bsc#1012628).
- net: mdio-ipq4019: add delay after clock enable (bsc#1012628).
- nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac()
(bsc#1012628).
- net: dsa: avoid call to __dev_set_promiscuity() while rtnl_mutex
isn't held (bsc#1012628).
- netfilter: nf_tables: unregister flowtable hooks on netns exit
(bsc#1012628).
- net: Force inlining of checksum functions in net/checksum.h
(bsc#1012628).
- net: ll_temac: check the return value of devm_kmalloc()
(bsc#1012628).
- net/sched: act_ct: Fix flow table lookup after ct clear or
switching zones (bsc#1012628).
- drm/amd/display: For vblank_disable_immediate, check PSR is
really used (bsc#1012628).
- drm/i915/dg2: Print PHY name properly on calibration error
(bsc#1012628).
- drm/vc4: crtc: Fix runtime_pm reference counting (bsc#1012628).
- block: clear iocb->private in blkdev_bio_end_io_async()
(bsc#1012628).
- net/mlx5e: TC, Reject rules with drop and modify hdr action
(bsc#1012628).
- net/mlx5e: TC, Reject rules with forward and drop actions
(bsc#1012628).
- net/mlx5e: Fix wrong return value on ioctl EEPROM query failure
(bsc#1012628).
- drm/edid: Always set RGB444 (bsc#1012628).
- openvswitch: Fix setting ipv6 fields causing hw csum failure
(bsc#1012628).
- net: mv643xx_eth: process retval from of_get_mac_address
(bsc#1012628).
- gso: do not skip outer ip header in case of ipip and
net_failover (bsc#1012628).
- clk: qcom: gcc-msm8994: Remove NoC clocks (bsc#1012628).
- tipc: Fix end of loop tests for list_for_each_entry()
(bsc#1012628).
- nvme: also mark passthrough-only namespaces ready in
nvme_update_ns_info (bsc#1012628).
- net: __pskb_pull_tail() & pskb_carve_frag_list() drop_monitor
friends (bsc#1012628).
- io_uring: add a schedule point in io_add_buffers()
(bsc#1012628).
- bpf: Add schedule points in batch ops (bsc#1012628).
- bpf: Fix a bpf_timer initialization issue (bsc#1012628).
- selftests: bpf: Check bpf_msg_push_data return value
(bsc#1012628).
- bpf: Do not try bpf_msg_push_data with len 0 (bsc#1012628).
- bpf: Fix crash due to incorrect copy_map_value (bsc#1012628).
- net/mlx5: Update the list of the PCI supported devices
(bsc#1012628).
- ice: initialize local variable 'tlv' (bsc#1012628).
- ice: check the return of ice_ptp_gettimex64 (bsc#1012628).
- ice: fix concurrent reset and removal of VFs (bsc#1012628).
- ice: fix setting l4 port flag when adding filter (bsc#1012628).
- net/mlx5: Fix tc max supported prio for nic mode (bsc#1012628).
- hwmon: Handle failure to register sensor with thermal zone
correctly (bsc#1012628).
- bnxt_en: Restore the resets_reliable flag in bnxt_open()
(bsc#1012628).
- bnxt_en: Fix incorrect multicast rx mask setting when not
requested (bsc#1012628).
- bnxt_en: Fix occasional ethtool -t loopback test failures
(bsc#1012628).
- bnxt_en: Fix offline ethtool selftest with RDMA enabled
(bsc#1012628).
- bnxt_en: Fix active FEC reporting to ethtool (bsc#1012628).
- bnxt_en: Fix devlink fw_activate (bsc#1012628).
- bnx2x: fix driver load from initrd (bsc#1012628).
- selftests: mptcp: be more conservative with cookie MPJ limits
(bsc#1012628).
- selftests: mptcp: fix diag instability (bsc#1012628).
- mptcp: add mibs counter for ignored incoming options
(bsc#1012628).
- mptcp: fix race in incoming ADD_ADDR option processing
(bsc#1012628).
- perf data: Fix double free in perf_session__delete()
(bsc#1012628).
- perf evlist: Fix failed to use cpu list for uncore events
(bsc#1012628).
- gpu: host1x: Always return syncpoint value when waiting
(bsc#1012628).
- Revert "i40e: Fix reset bw limit when DCB enabled with 1 TC"
(bsc#1012628).
- ping: remove pr_err from ping_lookup (bsc#1012628).
- netfilter: nf_tables_offload: incorrect flow offload action
array size (bsc#1012628).
- netfilter: xt_socket: missing ifdef CONFIG_IP6_NF_IPTABLES
dependency (bsc#1012628).
- netfilter: xt_socket: fix a typo in socket_mt_destroy()
(bsc#1012628).
- CDC-NCM: avoid overflow in sanity checking (bsc#1012628).
- USB: zaurus: support another broken Zaurus (bsc#1012628).
- sr9700: sanity check for packet length (bsc#1012628).
- drm/i915: Fix bw atomic check when switching between SAGV
vs. no SAGV (bsc#1012628).
- drm/i915: Correctly populate use_sagv_wm for all pipes
(bsc#1012628).
- drm/i915: Disconnect PHYs left connected by BIOS on disabled
ports (bsc#1012628).
- drm/i915: Widen the QGV point mask (bsc#1012628).
- drm/amdgpu: do not enable asic reset for raven2 (bsc#1012628).
- drm/amdgpu: disable MMHUB PG for Picasso (bsc#1012628).
- drm/amd: Check if ASPM is enabled from PCIe subsystem
(bsc#1012628).
- drm/amd/pm: fix some OEM SKU specific stability issues
(bsc#1012628).
- drm/amd/display: Protect update_bw_bounding_box FPU code
(bsc#1012628).
- drm/amd/display: Fix stream->link_enc unassigned during stream
removal (bsc#1012628).
- KVM: x86: nSVM: disallow userspace setting of
MSR_AMD64_TSC_RATIO to non default value when tsc scaling
disabled (bsc#1012628).
- KVM: x86/mmu: make apf token non-zero to fix bug (bsc#1012628).
- parisc/unaligned: Fix ldw() and stw() unalignment handlers
(bsc#1012628).
- parisc/unaligned: Fix fldd and fstd unaligned handlers on
32-bit kernel (bsc#1012628).
- vhost/vsock: don't check owner in vhost_vsock_stop() while
releasing (bsc#1012628).
- selinux: fix misuse of mutex_is_locked() (bsc#1012628).
- io_uring: disallow modification of rsrc_data during quiesce
(bsc#1012628).
- io_uring: don't convert to jiffies for waiting on timeouts
(bsc#1012628).
- clk: jz4725b: fix mmc0 clock gating (bsc#1012628).
- slab: remove __alloc_size attribute from __kmalloc_track_caller
(bsc#1012628).
- btrfs: tree-checker: check item_size for dev_item (bsc#1012628).
- btrfs: tree-checker: check item_size for inode_item
(bsc#1012628).
- cgroup-v1: Correct privileges check in release_agent writes
(bsc#1012628).
- cgroup/cpuset: Fix a race between cpuset_attach() and cpu
hotplug (bsc#1012628).
- mm/filemap: Fix handling of THPs in generic_file_buffered_read()
(bsc#1012628).
- commit 9b89dd3
==== rdma-core ====
Subpackages: libefa1 libibverbs libibverbs1 libmlx4-1 libmlx5-1 librdmacm1
- Update spec file from upstream
- install modprobe.conf files to %_modprobedir (bsc#1196275, jsc#SLE-20639)
- fix build support for riscv
- Added cmake-Make-modprobe.d-path-configurable.patch
- Backport from upstream to allow modprobe files to be installed in a
configurable directory
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the aarch64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=3&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
baloo5
discover
drkonqi5
filesystem
gcc11
gnome-tweaks (40.0 -> 40.10)
grub2
gtk3 (3.24.32 -> 3.24.33)
hwdata (0.356 -> 0.357)
jack (1.9.19 -> 1.9.20)
kactivitymanagerd
kauth
kde-gtk-config5
kdelibs4support
kscreenlocker
kwalletmanager5
kwayland
kwin5
libksysguard5
libnvme
libxklavier (5.3 -> 5.4)
ncurses (6.3.20220219 -> 6.3.20220226)
openssh (8.8p1 -> 8.9p1)
plasma5-desktop
plasma5-workspace
polkit-kde-agent-5
powerdevil5
raspberrypi-firmware
raspberrypi-firmware-config
sudo
systemd
tracker-miners (3.2.1 -> 3.2.2)
upower (0.99.16 -> 0.99.16+4)
wireless-regdb (20220108 -> 20220218)
xdg-desktop-portal
xdg-desktop-portal-kde
=== Details ===
==== baloo5 ====
Subpackages: baloo5-imports baloo5-kioslaves libKF5Baloo5 libKF5BalooEngine5
- Replace %_libdir/libexec with %_libexecdir (boo#1174075)
==== discover ====
Subpackages: discover-backend-flatpak discover-backend-packagekit discover-notifier
- Replace %_libdir/libexec with %_libexecdir (boo#1174075)
==== drkonqi5 ====
- Replace %_libdir/libexec with %_libexecdir (boo#1174075)
==== filesystem ====
- Create tmpfiles.d which creates /usr/local on the fly
==== gcc11 ====
Subpackages: cpp11 libgcc_s1 libgomp1 libstdc++6 libubsan1
- Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from
packages provided by older GCC work. Add a requires from that
package to the corresponding libstc++6 package to keep those
at the same version. [bsc#1196107]
==== gnome-tweaks ====
Version update (40.0 -> 40.10)
- Update to version 40.10:
+ Fix for the broken GNOME Extensions link.
+ Fix build with meson 0.60 and newer.
+ Updated translations.
- Drop 86.patch: Fixed upstream.
==== grub2 ====
Subpackages: grub2-arm64-efi grub2-snapper-plugin
- Support saving grub environment for POWER signed grub images (jsc#SLE-23854)
* 0001-Add-grub_envblk_buf-helper-function.patch
* 0002-Add-grub_disk_write_tail-helper-function.patch
* 0003-grub-install-support-prep-environment-block.patch
* 0004-Introduce-prep_load_env-command.patch
* 0005-export-environment-at-start-up.patch
- Use enviroment variable in early boot config to looking up root device
* grub2.spec
- Remove obsolete openSUSE 12.2 conditionals in spec file
- Clean up powerpc certificate handling.
==== gtk3 ====
Version update (3.24.32 -> 3.24.33)
Subpackages: gtk3-data gtk3-schema gtk3-tools libgtk-3-0 typelib-1_0-Gtk-3_0
- Update to version 3.24.33:
+ No changes.
==== hwdata ====
Version update (0.356 -> 0.357)
- Update to version 0.357:
+ Updated pci, usb and vendor ids.
==== jack ====
Version update (1.9.19 -> 1.9.20)
- Disable the build of example-tools which are now built in a
separate jack-example-tools package.
- update to 1.9.20:
* Add waf autooption --example-tools to allow optional build of
executables, libraries and man pages provided by
jack-example-tools (the files are built by default). Building
and installing the additional files can be disabled by using
- -example-tools=no or --no-example-tools.
* Fix 32-bit support in ALSA driver
* Fix incomplete ASIO support on Windows
* Fix metadata usage with multiple users
* Fix netsource tool missing on Windows
* Fix semaphore usage on macOS
* Official FreeBSD support
==== kactivitymanagerd ====
- Replace %_libdir/libexec with %_libexecdir (boo#1174075)
==== kauth ====
Subpackages: libKF5Auth5 libKF5AuthCore5
- Replace %_libdir/libexec with %_libexecdir (boo#1174075)
==== kde-gtk-config5 ====
Subpackages: kde-gtk-config5-gtk3
- Replace %_libdir/libexec with %_libexecdir (boo#1174075)
==== kdelibs4support ====
Subpackages: libKF5KDELibs4Support5
- Add patch to fix installation:
* 0001-Use-KDE_INSTALL_FULL_-variables-where-needed.patch
==== kscreenlocker ====
Subpackages: libKScreenLocker5
- Replace %_libdir/libexec with %_libexecdir (boo#1174075)
==== kwalletmanager5 ====
- Replace %_libdir/libexec with %_libexecdir (boo#1174075)
==== kwayland ====
- Replace %_libdir/libexec with %_libexecdir (boo#1174075)
==== kwin5 ====
- Replace %_libdir/libexec with %_libexecdir (boo#1174075)
==== libksysguard5 ====
Subpackages: ksysguardsystemstats-data libKSysGuardSystemStats1 libksysguard5-imports
- Replace %_libdir/libexec with %_libexecdir (boo#1174075)
==== libnvme ====
- Update License information. The library is released under
LGPL-2.1-or-later and not LGPL-2.1-only.
==== libxklavier ====
Version update (5.3 -> 5.4)
- Update to version 5.4:
+ A couple of introspection fixes.
- Update URL, this version was never released on download.gnome.org
- Add explicit libxklavier16 (shared library) Requires in devel
sub-package (we already pulled it in via virtual provides).
- Use modern macros.
==== ncurses ====
Version update (6.3.20220219 -> 6.3.20220226)
Subpackages: libncurses6 ncurses-utils terminfo-base
- Add ncurses patch 20220226
+ fix issues found with coverity:
+ rewrite canonical_name() function of infocmp to ensure buffer size
+ corrected use of original tty-modes in tput init/reset subcommands
+ modify tabs program to limit tab-stop values to max-columns
+ add limit-checks for palette rgb values in test/ncurses.c
+ add a few null-pointer checks to help with static-analysis.
+ enforce limit on number of soft-keys used in c++ binding.
+ adjust a buffer-limit in write_entry.c to quiet a bogus warning from
gcc 12.0.1
==== openssh ====
Version update (8.8p1 -> 8.9p1)
Subpackages: openssh-clients openssh-common openssh-server
- Version update to 8.9p1:
= Security
* sshd(8): fix an integer overflow in the user authentication path
that, in conjunction with other logic errors, could have yielded
unauthenticated access under difficult to exploit conditions.
This situation is not exploitable because of independent checks in
the privilege separation monitor. Privilege separation has been
enabled by default in since openssh-3.2.2 (released in 2002) and
has been mandatory since openssh-7.5 (released in 2017). Moreover,
portable OpenSSH has used toolchain features available in most
modern compilers to abort on signed integer overflow since
openssh-6.5 (released in 2014).
Thanks to Malcolm Stagg for finding and reporting this bug.
= Potentially-incompatible changes
* sshd(8), portable OpenSSH only: this release removes in-built
support for MD5-hashed passwords. If you require these on your
system then we recommend linking against libxcrypt or similar.
* This release modifies the FIDO security key middleware interface
and increments SSH_SK_VERSION_MAJOR.
= New features
* ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for
restricting forwarding and use of keys added to ssh-agent(1)
A detailed description of the feature is available at
https://www.openssh.com/agent-restrict.html and the protocol
extensions are documented in the PROTOCOL and PROTOCOL.agent
files in the source release.
* ssh(1), sshd(8): add the sntrup761x25519-sha512(a)openssh.com hybrid
ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the
default KEXAlgorithms list (after the ECDH methods but before the
prime-group DH ones). The next release of OpenSSH is likely to
make this key exchange the default method.
* ssh-keygen(1): when downloading resident keys from a FIDO token,
pass back the user ID that was used when the key was created and
append it to the filename the key is written to (if it is not the
default). Avoids keys being clobbered if the user created multiple
resident keys with the same application string but different user
IDs.
* ssh-keygen(1), ssh(1), ssh-agent(1): better handling for FIDO keys
on tokens that provide user verification (UV) on the device itself,
including biometric keys, avoiding unnecessary PIN prompts.
* ssh-keygen(1): add "ssh-keygen -Y match-principals" operation to
perform matching of principals names against an allowed signers
file. To be used towards a TOFU model for SSH signatures in git.
* ssh-add(1), ssh-agent(1): allow pin-required FIDO keys to be added
to ssh-agent(1). $SSH_ASKPASS will be used to request the PIN at
authentication time.
* ssh-keygen(1): allow selection of hash at sshsig signing time
(either sha512 (default) or sha256).
* ssh(1), sshd(8): read network data directly to the packet input
buffer instead of indirectly via a small stack buffer. Provides a
modest performance improvement.
* ssh(1), sshd(8): read data directly to the channel input buffer,
providing a similar modest performance improvement.
* ssh(1): extend the PubkeyAuthentication configuration directive to
accept yes|no|unbound|host-bound to allow control over one of the
protocol extensions used to implement agent-restricted keys.
= Bugfixes
* sshd(8): document that CASignatureAlgorithms, ExposeAuthInfo and
PubkeyAuthOptions can be used in a Match block. PR277.
* sshd(8): fix possible string truncation when constructing paths to
.rhosts/.shosts files with very long user home directory names.
* ssh-keysign(1): unbreak for KEX algorithms that use SHA384/512
exchange hashes
* ssh(1): don't put the TTY into raw mode when SessionType=none,
avoids ^C being unable to kill such a session. bz3360
* scp(1): fix some corner-case bugs in SFTP-mode handling of
~-prefixed paths.
* ssh(1): unbreak hostbased auth using RSA keys. Allow ssh(1) to
select RSA keys when only RSA/SHA2 signature algorithms are
configured (this is the default case). Previously RSA keys were
not being considered in the default case.
* ssh-keysign(1): make ssh-keysign use the requested signature
algorithm and not the default for the key type. Part of unbreaking
hostbased auth for RSA/SHA2 keys.
* ssh(1): stricter UpdateHostkey signature verification logic on
the client- side. Require RSA/SHA2 signatures for RSA hostkeys
except when RSA/SHA1 was explicitly negotiated during initial
KEX; bz3375
* ssh(1), sshd(8): fix signature algorithm selection logic for
UpdateHostkeys on the server side. The previous code tried to
prefer RSA/SHA2 for hostkey proofs of RSA keys, but missed some
cases. This will use RSA/SHA2 signatures for RSA keys if the
client proposed these algorithms in initial KEX. bz3375
* All: convert all uses of select(2)/pselect(2) to poll(2)/ppoll(2).
This includes the mainloops in ssh(1), ssh-agent(1), ssh-agent(1)
and sftp-server(8), as well as the sshd(8) listen loop and all
other FD read/writability checks. On platforms with missing or
broken poll(2)/ppoll(2) syscalls a select(2)-based compat shim is
available.
* ssh-keygen(1): the "-Y find-principals" command was verifying key
validity when using ca certs but not with simple key lifetimes
within the allowed signers file.
* ssh-keygen(1): make sshsig verify-time argument parsing optional
* sshd(8): fix truncation in rhosts/shosts path construction.
* ssh(1), ssh-agent(1): avoid xmalloc(0) for PKCS#11 keyid for ECDSA
keys (we already did this for RSA keys). Avoids fatal errors for
PKCS#11 libraries that return empty keyid, e.g. Microchip ATECC608B
"cryptoauthlib"; bz#3364
* ssh(1), ssh-agent(1): improve the testing of credentials against
inserted FIDO: ask the token whether a particular key belongs to
it in cases where the token supports on-token user-verification
(e.g. biometrics) rather than just assuming that it will accept it.
Will reduce spurious "Confirm user presence" notifications for key
handles that relate to FIDO keys that are not currently inserted in at
least some cases. bz3366
* ssh(1), sshd(8): correct value for IPTOS_DSCP_LE. It needs to
allow for the preceding two ECN bits. bz#3373
* ssh-keygen(1): add missing -O option to usage() for the "-Y sign"
option.
* ssh-keygen(1): fix a NULL deref when using the find-principals
function, when matching an allowed_signers line that contains a
namespace restriction, but no restriction specified on the
command-line
* ssh-agent(1): fix memleak in process_extension(); oss-fuzz
issue #42719
* ssh(1): suppress "Connection to xxx closed" messages when LogLevel
is set to "error" or above. bz3378
* ssh(1), sshd(8): use correct zlib flags when inflate(3)-ing
compressed packet data. bz3372
* scp(1): when recursively transferring files in SFTP mode, create the
destination directory if it doesn't already exist to match scp(1) in
legacy RCP mode behaviour.
* scp(1): many improvements in error message consistency between scp(1)
in SFTP mode vs legacy RCP mode.
* sshd(8): fix potential race in SIGTERM handling PR289
* ssh(1), ssh(8): since DSA keys are deprecated, move them to the
end of the default list of public keys so that they will be tried
last. PR295
* ssh-keygen(1): allow 'ssh-keygen -Y find-principals' to match
wildcard principals in allowed_signers files
= Portability
* ssh(1), sshd(8): don't trust closefrom(2) on Linux. glibc's
implementation does not work in a chroot when the kernel does not
have close_range(2). It tries to read from /proc/self/fd and when
that fails dies with an assertion of sorts. Instead, call
close_range(2) directly from our compat code and fall back if
that fails. bz#3349,
* OS X poll(2) is broken; use compat replacement. For character-
special devices like /dev/null, Darwin's poll(2) returns POLLNVAL
when polled with POLLIN. Apparently this is Apple bug 3710161 -
not public but a websearch will find other OSS projects
rediscovering it periodically since it was first identified in
2005.
* Correct handling of exceptfds/POLLPRI in our select(2)-based
poll(2)/ppoll(2) compat implementation.
* Cygwin: correct checking of mbstowcs() return value.
* Add a basic SECURITY.md that refers people to the openssh.com
website.
* Enable additional compiler warnings and toolchain hardening flags,
including -Wbitwise-instead-of-logical, -Wmisleading-indentation,
- fzero-call-used-regs and -ftrivial-auto-var-init.
* HP/UX. Use compat getline(3) on HP-UX 10.x, where the libc version
is not reliable.
- Rebased patches:
* openssh-7.7p1-ldap.patch
* openssh-8.0p1-gssapi-keyex.patch
* openssh-8.1p1-audit.patch
* openssh-8.4p1-vendordir.patch
* openssh-reenable-dh-group14-sha1-default.patch
==== plasma5-desktop ====
- Replace %_libdir/libexec with %_libexecdir (boo#1174075)
==== plasma5-workspace ====
Subpackages: gmenudbusmenuproxy plasma5-session plasma5-session-wayland plasma5-workspace-libs xembedsniproxy
- Replace %_libdir/libexec with %_libexecdir (boo#1174075)
==== polkit-kde-agent-5 ====
- Replace %_libdir/libexec with %_libexecdir (boo#1174075)
==== powerdevil5 ====
- Replace %_libdir/libexec with %_libexecdir (boo#1174075)
==== raspberrypi-firmware ====
- Install modprobe.conf files to %_modprobedir (bsc#1196275, jsc#SLE-20639)
==== raspberrypi-firmware-config ====
- Install modprobe.conf files to %_modprobedir (bsc#1196275, jsc#SLE-20639)
==== sudo ====
- Add sudo-1.9.9-honor-T_opt.patch
* the -T option of sudo does nothing even when
'Defaults user_command_timeouts' is present in the configuration.
* [bsc#1193446]
* Credit to Jaroslav Jindrak <dzejrou(a)gmail.com>
==== systemd ====
Subpackages: libsystemd0 libudev1 udev
- Fix the default target when it's been incorrectly set to one of the runlevel
targets (bsc#1196567)
The script 'upgrade-from-pre-210.sh' used to initialize the default target
during migration from sysvinit to systemd. However it created symlinks to
runlevel targets, which are deprecated and might be missing when
systemd-sysvcompat package is not installed. If such symlinks are found the
script now renames them to point to 'true' systemd target units.
- When migrating from sysvinit to systemd (it probably won't happen anymore),
let's use the default systemd target, which is the graphical.target one. In
most cases it will do the right thing anyway.
==== tracker-miners ====
Version update (3.2.1 -> 3.2.2)
Subpackages: tracker-miner-files
- Update to version 3.2.2:
+ Backport seccomp rules for rseq and mbind syscalls.
+ Updated translations.
- Drop patches fixed upstream:
+ tracker-miners-allow-mbind.patch
+ tracker-miners-allow-rseq.patch
==== upower ====
Version update (0.99.16 -> 0.99.16+4)
Subpackages: libupower-glib3 typelib-1_0-UpowerGlib-1_0
- Update to version 0.99.16+4:
+ meson.build: Output correct paths for sbindir and datadir.
+ daemon: Initialize FD to -1 to avoid incorrect close.
+ input: Fix FD handling and let input stream close it.
+ linux: Set FD to -1 rather than 0 when closing delay inhibitor.
==== wireless-regdb ====
Version update (20220108 -> 20220218)
- Update to version 20220218:
* wireless-regdb: update regulatory database based on preceding changes
* wireless-regdb: Update regulatory rules for the Netherlands (NL) on 6GHz
* wireless-regdb: Update regulatory rules for China (CN)
* wireless-regdb: Update regulatory rules for South Korea (KR)
* Revert "wireless-regdb: Update regulatory rules for South Korea (KR)"
* wireless-regdb: Update regulatory rules for Spain (ES) on 6GHz
* wireless-regdb: add 802.11ah bands to world regulatory domain
* wireless-regdb: add support for US S1G channels
* wireless-regdb: Update regulatory rules for France (FR) on 6 and 60 GHz
* wireless-regdb: Update regulatory rules for South Korea (KR)
==== xdg-desktop-portal ====
- Pass --docdir=%%{_defaultdocdir}/%%{name}/ to configure, install
docs in standard distro docs dir, and move to devel sub-package,
as it is developer documentation.
==== xdg-desktop-portal-kde ====
- Replace %_libdir/libexec with %_libexecdir (boo#1174075)
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the aarch64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=3&version=T…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
filesystem
gcc11
grub2
gtk3 (3.24.32 -> 3.24.33)
libnvme
ncurses (6.3.20220219 -> 6.3.20220226)
openssh (8.8p1 -> 8.9p1)
raspberrypi-firmware
raspberrypi-firmware-config
sudo
systemd
wireless-regdb (20220108 -> 20220218)
=== Details ===
==== filesystem ====
- Create tmpfiles.d which creates /usr/local on the fly
==== gcc11 ====
Subpackages: libgcc_s1 libgomp1 libstdc++6
- Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from
packages provided by older GCC work. Add a requires from that
package to the corresponding libstc++6 package to keep those
at the same version. [bsc#1196107]
==== grub2 ====
Subpackages: grub2-arm64-efi grub2-snapper-plugin
- Support saving grub environment for POWER signed grub images (jsc#SLE-23854)
* 0001-Add-grub_envblk_buf-helper-function.patch
* 0002-Add-grub_disk_write_tail-helper-function.patch
* 0003-grub-install-support-prep-environment-block.patch
* 0004-Introduce-prep_load_env-command.patch
* 0005-export-environment-at-start-up.patch
- Use enviroment variable in early boot config to looking up root device
* grub2.spec
- Remove obsolete openSUSE 12.2 conditionals in spec file
- Clean up powerpc certificate handling.
==== gtk3 ====
Version update (3.24.32 -> 3.24.33)
Subpackages: gtk3-data gtk3-schema gtk3-tools libgtk-3-0
- Update to version 3.24.33:
+ No changes.
==== libnvme ====
- Update License information. The library is released under
LGPL-2.1-or-later and not LGPL-2.1-only.
==== ncurses ====
Version update (6.3.20220219 -> 6.3.20220226)
Subpackages: libncurses6 ncurses-utils terminfo-base
- Add ncurses patch 20220226
+ fix issues found with coverity:
+ rewrite canonical_name() function of infocmp to ensure buffer size
+ corrected use of original tty-modes in tput init/reset subcommands
+ modify tabs program to limit tab-stop values to max-columns
+ add limit-checks for palette rgb values in test/ncurses.c
+ add a few null-pointer checks to help with static-analysis.
+ enforce limit on number of soft-keys used in c++ binding.
+ adjust a buffer-limit in write_entry.c to quiet a bogus warning from
gcc 12.0.1
==== openssh ====
Version update (8.8p1 -> 8.9p1)
Subpackages: openssh-clients openssh-common openssh-server
- Version update to 8.9p1:
= Security
* sshd(8): fix an integer overflow in the user authentication path
that, in conjunction with other logic errors, could have yielded
unauthenticated access under difficult to exploit conditions.
This situation is not exploitable because of independent checks in
the privilege separation monitor. Privilege separation has been
enabled by default in since openssh-3.2.2 (released in 2002) and
has been mandatory since openssh-7.5 (released in 2017). Moreover,
portable OpenSSH has used toolchain features available in most
modern compilers to abort on signed integer overflow since
openssh-6.5 (released in 2014).
Thanks to Malcolm Stagg for finding and reporting this bug.
= Potentially-incompatible changes
* sshd(8), portable OpenSSH only: this release removes in-built
support for MD5-hashed passwords. If you require these on your
system then we recommend linking against libxcrypt or similar.
* This release modifies the FIDO security key middleware interface
and increments SSH_SK_VERSION_MAJOR.
= New features
* ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for
restricting forwarding and use of keys added to ssh-agent(1)
A detailed description of the feature is available at
https://www.openssh.com/agent-restrict.html and the protocol
extensions are documented in the PROTOCOL and PROTOCOL.agent
files in the source release.
* ssh(1), sshd(8): add the sntrup761x25519-sha512(a)openssh.com hybrid
ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the
default KEXAlgorithms list (after the ECDH methods but before the
prime-group DH ones). The next release of OpenSSH is likely to
make this key exchange the default method.
* ssh-keygen(1): when downloading resident keys from a FIDO token,
pass back the user ID that was used when the key was created and
append it to the filename the key is written to (if it is not the
default). Avoids keys being clobbered if the user created multiple
resident keys with the same application string but different user
IDs.
* ssh-keygen(1), ssh(1), ssh-agent(1): better handling for FIDO keys
on tokens that provide user verification (UV) on the device itself,
including biometric keys, avoiding unnecessary PIN prompts.
* ssh-keygen(1): add "ssh-keygen -Y match-principals" operation to
perform matching of principals names against an allowed signers
file. To be used towards a TOFU model for SSH signatures in git.
* ssh-add(1), ssh-agent(1): allow pin-required FIDO keys to be added
to ssh-agent(1). $SSH_ASKPASS will be used to request the PIN at
authentication time.
* ssh-keygen(1): allow selection of hash at sshsig signing time
(either sha512 (default) or sha256).
* ssh(1), sshd(8): read network data directly to the packet input
buffer instead of indirectly via a small stack buffer. Provides a
modest performance improvement.
* ssh(1), sshd(8): read data directly to the channel input buffer,
providing a similar modest performance improvement.
* ssh(1): extend the PubkeyAuthentication configuration directive to
accept yes|no|unbound|host-bound to allow control over one of the
protocol extensions used to implement agent-restricted keys.
= Bugfixes
* sshd(8): document that CASignatureAlgorithms, ExposeAuthInfo and
PubkeyAuthOptions can be used in a Match block. PR277.
* sshd(8): fix possible string truncation when constructing paths to
.rhosts/.shosts files with very long user home directory names.
* ssh-keysign(1): unbreak for KEX algorithms that use SHA384/512
exchange hashes
* ssh(1): don't put the TTY into raw mode when SessionType=none,
avoids ^C being unable to kill such a session. bz3360
* scp(1): fix some corner-case bugs in SFTP-mode handling of
~-prefixed paths.
* ssh(1): unbreak hostbased auth using RSA keys. Allow ssh(1) to
select RSA keys when only RSA/SHA2 signature algorithms are
configured (this is the default case). Previously RSA keys were
not being considered in the default case.
* ssh-keysign(1): make ssh-keysign use the requested signature
algorithm and not the default for the key type. Part of unbreaking
hostbased auth for RSA/SHA2 keys.
* ssh(1): stricter UpdateHostkey signature verification logic on
the client- side. Require RSA/SHA2 signatures for RSA hostkeys
except when RSA/SHA1 was explicitly negotiated during initial
KEX; bz3375
* ssh(1), sshd(8): fix signature algorithm selection logic for
UpdateHostkeys on the server side. The previous code tried to
prefer RSA/SHA2 for hostkey proofs of RSA keys, but missed some
cases. This will use RSA/SHA2 signatures for RSA keys if the
client proposed these algorithms in initial KEX. bz3375
* All: convert all uses of select(2)/pselect(2) to poll(2)/ppoll(2).
This includes the mainloops in ssh(1), ssh-agent(1), ssh-agent(1)
and sftp-server(8), as well as the sshd(8) listen loop and all
other FD read/writability checks. On platforms with missing or
broken poll(2)/ppoll(2) syscalls a select(2)-based compat shim is
available.
* ssh-keygen(1): the "-Y find-principals" command was verifying key
validity when using ca certs but not with simple key lifetimes
within the allowed signers file.
* ssh-keygen(1): make sshsig verify-time argument parsing optional
* sshd(8): fix truncation in rhosts/shosts path construction.
* ssh(1), ssh-agent(1): avoid xmalloc(0) for PKCS#11 keyid for ECDSA
keys (we already did this for RSA keys). Avoids fatal errors for
PKCS#11 libraries that return empty keyid, e.g. Microchip ATECC608B
"cryptoauthlib"; bz#3364
* ssh(1), ssh-agent(1): improve the testing of credentials against
inserted FIDO: ask the token whether a particular key belongs to
it in cases where the token supports on-token user-verification
(e.g. biometrics) rather than just assuming that it will accept it.
Will reduce spurious "Confirm user presence" notifications for key
handles that relate to FIDO keys that are not currently inserted in at
least some cases. bz3366
* ssh(1), sshd(8): correct value for IPTOS_DSCP_LE. It needs to
allow for the preceding two ECN bits. bz#3373
* ssh-keygen(1): add missing -O option to usage() for the "-Y sign"
option.
* ssh-keygen(1): fix a NULL deref when using the find-principals
function, when matching an allowed_signers line that contains a
namespace restriction, but no restriction specified on the
command-line
* ssh-agent(1): fix memleak in process_extension(); oss-fuzz
issue #42719
* ssh(1): suppress "Connection to xxx closed" messages when LogLevel
is set to "error" or above. bz3378
* ssh(1), sshd(8): use correct zlib flags when inflate(3)-ing
compressed packet data. bz3372
* scp(1): when recursively transferring files in SFTP mode, create the
destination directory if it doesn't already exist to match scp(1) in
legacy RCP mode behaviour.
* scp(1): many improvements in error message consistency between scp(1)
in SFTP mode vs legacy RCP mode.
* sshd(8): fix potential race in SIGTERM handling PR289
* ssh(1), ssh(8): since DSA keys are deprecated, move them to the
end of the default list of public keys so that they will be tried
last. PR295
* ssh-keygen(1): allow 'ssh-keygen -Y find-principals' to match
wildcard principals in allowed_signers files
= Portability
* ssh(1), sshd(8): don't trust closefrom(2) on Linux. glibc's
implementation does not work in a chroot when the kernel does not
have close_range(2). It tries to read from /proc/self/fd and when
that fails dies with an assertion of sorts. Instead, call
close_range(2) directly from our compat code and fall back if
that fails. bz#3349,
* OS X poll(2) is broken; use compat replacement. For character-
special devices like /dev/null, Darwin's poll(2) returns POLLNVAL
when polled with POLLIN. Apparently this is Apple bug 3710161 -
not public but a websearch will find other OSS projects
rediscovering it periodically since it was first identified in
2005.
* Correct handling of exceptfds/POLLPRI in our select(2)-based
poll(2)/ppoll(2) compat implementation.
* Cygwin: correct checking of mbstowcs() return value.
* Add a basic SECURITY.md that refers people to the openssh.com
website.
* Enable additional compiler warnings and toolchain hardening flags,
including -Wbitwise-instead-of-logical, -Wmisleading-indentation,
- fzero-call-used-regs and -ftrivial-auto-var-init.
* HP/UX. Use compat getline(3) on HP-UX 10.x, where the libc version
is not reliable.
- Rebased patches:
* openssh-7.7p1-ldap.patch
* openssh-8.0p1-gssapi-keyex.patch
* openssh-8.1p1-audit.patch
* openssh-8.4p1-vendordir.patch
* openssh-reenable-dh-group14-sha1-default.patch
==== raspberrypi-firmware ====
- Install modprobe.conf files to %_modprobedir (bsc#1196275, jsc#SLE-20639)
==== raspberrypi-firmware-config ====
- Install modprobe.conf files to %_modprobedir (bsc#1196275, jsc#SLE-20639)
==== sudo ====
- Add sudo-1.9.9-honor-T_opt.patch
* the -T option of sudo does nothing even when
'Defaults user_command_timeouts' is present in the configuration.
* [bsc#1193446]
* Credit to Jaroslav Jindrak <dzejrou(a)gmail.com>
==== systemd ====
Subpackages: libsystemd0 libudev1 udev
- Fix the default target when it's been incorrectly set to one of the runlevel
targets (bsc#1196567)
The script 'upgrade-from-pre-210.sh' used to initialize the default target
during migration from sysvinit to systemd. However it created symlinks to
runlevel targets, which are deprecated and might be missing when
systemd-sysvcompat package is not installed. If such symlinks are found the
script now renames them to point to 'true' systemd target units.
- When migrating from sysvinit to systemd (it probably won't happen anymore),
let's use the default systemd target, which is the graphical.target one. In
most cases it will do the right thing anyway.
==== wireless-regdb ====
Version update (20220108 -> 20220218)
- Update to version 20220218:
* wireless-regdb: update regulatory database based on preceding changes
* wireless-regdb: Update regulatory rules for the Netherlands (NL) on 6GHz
* wireless-regdb: Update regulatory rules for China (CN)
* wireless-regdb: Update regulatory rules for South Korea (KR)
* Revert "wireless-regdb: Update regulatory rules for South Korea (KR)"
* wireless-regdb: Update regulatory rules for Spain (ES) on 6GHz
* wireless-regdb: add 802.11ah bands to world regulatory domain
* wireless-regdb: add support for US S1G channels
* wireless-regdb: Update regulatory rules for France (FR) on 6 and 60 GHz
* wireless-regdb: Update regulatory rules for South Korea (KR)
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
bluedevil5 (5.24.2 -> 5.24.3)
breeze (5.24.2 -> 5.24.3)
discover (5.24.2.1 -> 5.24.3)
drkonqi5 (5.24.2 -> 5.24.3)
kactivitymanagerd (5.24.2 -> 5.24.3)
kde-cli-tools5 (5.24.2 -> 5.24.3)
kde-gtk-config5 (5.24.2 -> 5.24.3)
kgamma5 (5.24.2 -> 5.24.3)
khotkeys5 (5.24.2 -> 5.24.3)
kinfocenter5 (5.24.2 -> 5.24.3)
kmenuedit5 (5.24.2 -> 5.24.3)
kscreen5 (5.24.2 -> 5.24.3)
kscreenlocker (5.24.2 -> 5.24.3)
ksystemstats5 (5.24.2 -> 5.24.3)
kwayland-integration (5.24.2 -> 5.24.3)
kwayland-server (5.24.2 -> 5.24.3)
kwin5 (5.24.2 -> 5.24.3)
kwrited5 (5.24.2 -> 5.24.3)
layer-shell-qt (5.24.2 -> 5.24.3)
libkdecoration2 (5.24.2 -> 5.24.3)
libkscreen2 (5.24.2 -> 5.24.3)
libksysguard5 (5.24.2 -> 5.24.3)
milou5 (5.24.2 -> 5.24.3)
plasma-browser-integration (5.24.2 -> 5.24.3)
plasma-nm5 (5.24.2 -> 5.24.3)
plasma5-addons (5.24.2 -> 5.24.3)
plasma5-desktop (5.24.2 -> 5.24.3)
plasma5-integration (5.24.2 -> 5.24.3)
plasma5-openSUSE
plasma5-pa (5.24.2 -> 5.24.3)
plasma5-workspace (5.24.2 -> 5.24.3)
polkit-kde-agent-5 (5.24.2 -> 5.24.3)
powerdevil5 (5.24.2 -> 5.24.3)
python-PyYAML
systemsettings5 (5.24.2 -> 5.24.3)
vim (8.2.4456 -> 8.2.4542)
wireplumber
xdg-desktop-portal-kde (5.24.2 -> 5.24.3)
=== Details ===
==== bluedevil5 ====
Version update (5.24.2 -> 5.24.3)
- Update to 5.24.3
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.24.3
- No code changes since 5.24.2
==== breeze ====
Version update (5.24.2 -> 5.24.3)
Subpackages: breeze5-cursors breeze5-decoration breeze5-style breeze5-wallpapers libbreezecommon5-5
- Update to 5.24.3
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.24.3
- Changes since 5.24.2:
* KStyle: center QTabBar custom tab buttons vertically in vertical tabs (kde#447315)
==== discover ====
Version update (5.24.2.1 -> 5.24.3)
Subpackages: discover-backend-flatpak discover-backend-packagekit discover-notifier
- Update to 5.24.3
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.24.3
- Changes since 5.24.2:
* flatpak: Do not emit about upgradeable packages that were just created
* flatpak: Use the sources map to check if a resource is already being used
* Set textFormat in Label to StyledText
* Fix build by explicitly creating a QUrl from QString
- Restore compatibility with older kf5-filesystem
==== drkonqi5 ====
Version update (5.24.2 -> 5.24.3)
- Update to 5.24.3
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.24.3
- Changes since 5.24.2:
* make sure to create the wallet folder before using it (kde#446925)
- Restore compatibility with older kf5-filesystem
==== kactivitymanagerd ====
Version update (5.24.2 -> 5.24.3)
- Update to 5.24.3
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.24.3
- No code changes since 5.24.2
- Restore compatibility with older kf5-filesystem
==== kde-cli-tools5 ====
Version update (5.24.2 -> 5.24.3)
- Update to 5.24.3
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.24.3
- No code changes since 5.24.2
==== kde-gtk-config5 ====
Version update (5.24.2 -> 5.24.3)
Subpackages: kde-gtk-config5-gtk3
- Update to 5.24.3
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.24.3
- No code changes since 5.24.2
- Restore compatibility with older kf5-filesystem
==== kgamma5 ====
Version update (5.24.2 -> 5.24.3)
- Update to 5.24.3
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.24.3
- No code changes since 5.24.2
==== khotkeys5 ====
Version update (5.24.2 -> 5.24.3)
- Update to 5.24.3
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.24.3
- No code changes since 5.24.2
==== kinfocenter5 ====
Version update (5.24.2 -> 5.24.3)
- Update to 5.24.3
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.24.3
- Changes since 5.24.2:
* fix up help paths (kde#450918)
==== kmenuedit5 ====
Version update (5.24.2 -> 5.24.3)
- Update to 5.24.3
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.24.3
- No code changes since 5.24.2
==== kscreen5 ====
Version update (5.24.2 -> 5.24.3)
- Update to 5.24.3
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.24.3
- Changes since 5.24.2:
* Revert "KCM: Workaround unknown Qt issue that causes the revert dialog to be invisible"
==== kscreenlocker ====
Version update (5.24.2 -> 5.24.3)
Subpackages: libKScreenLocker5
- Update to 5.24.3
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.24.3
- No code changes since 5.24.2
- Restore compatibility with older kf5-filesystem
==== ksystemstats5 ====
Version update (5.24.2 -> 5.24.3)
- Update to 5.24.3
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.24.3
- No code changes since 5.24.2
==== kwayland-integration ====
Version update (5.24.2 -> 5.24.3)
- Update to 5.24.3
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.24.3
- No code changes since 5.24.2
==== kwayland-server ====
Version update (5.24.2 -> 5.24.3)
- Update to 5.24.3
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.24.3
- Changes since 5.24.2:
* Fix kdebugsettings categories file
* linuxdmabuf: Add unistd.h include
==== kwin5 ====
Version update (5.24.2 -> 5.24.3)
- Update to 5.24.3
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.24.3
- Changes since 5.24.2:
* backends/drm: don't change the configuration while KWin is terminating
* backends/drm: wait for pending pageflips before doing a modeset
* output changes: handle to-be-enabled outputs first
* platform: check all outputs, not only enabled ones for the enabled flag
* backends/drm: fix recording with direct scanout (kde#450943)
* backends/drm: fix multi gpu (kde#450737)
* backends/drm: fix format choosing (kde#450779)
* inputmethod: fix placing the virtual keyboard at the bottom
* Revert "Remove mysterious s_cursorUpdateBlocking boolean flag in pointer_input.cpp" (kde#449273)
- Drop patches, now upstream:
* 0001-Revert-Remove-mysterious-s_cursorUpdateBlocking-bool.patch
- Restore compatibility with older kf5-filesystem
==== kwrited5 ====
Version update (5.24.2 -> 5.24.3)
- Update to 5.24.3
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.24.3
- No code changes since 5.24.2
==== layer-shell-qt ====
Version update (5.24.2 -> 5.24.3)
- Update to 5.24.3
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.24.3
- No code changes since 5.24.2
==== libkdecoration2 ====
Version update (5.24.2 -> 5.24.3)
Subpackages: libkdecorations2-5 libkdecorations2private9
- Update to 5.24.3
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.24.3
- No code changes since 5.24.2
==== libkscreen2 ====
Version update (5.24.2 -> 5.24.3)
Subpackages: libKF5Screen7 libkscreen2-plugin
- Update to 5.24.3
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.24.3
- No code changes since 5.24.2
==== libksysguard5 ====
Version update (5.24.2 -> 5.24.3)
Subpackages: ksysguardsystemstats-data libKSysGuardSystemStats1 libksysguard5-imports
- Update to 5.24.3
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.24.3
- Changes since 5.24.2:
* Fixed computational bug for bar chart spacing (kde#449868)
- Restore compatibility with older kf5-filesystem
==== milou5 ====
Version update (5.24.2 -> 5.24.3)
- Update to 5.24.3
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.24.3
- No code changes since 5.24.2
==== plasma-browser-integration ====
Version update (5.24.2 -> 5.24.3)
- Update to 5.24.3
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.24.3
- No code changes since 5.24.2
==== plasma-nm5 ====
Version update (5.24.2 -> 5.24.3)
- Update to 5.24.3
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.24.3
- No code changes since 5.24.2
==== plasma5-addons ====
Version update (5.24.2 -> 5.24.3)
- Update to 5.24.3
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.24.3
- No code changes since 5.24.2
==== plasma5-desktop ====
Version update (5.24.2 -> 5.24.3)
- Update to 5.24.3
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.24.3
- Changes since 5.24.2:
* kcms/touchpad: Remove weird Q_EMIT changed(false) in resizeEvent
- Drop patches, now upstream:
* 0001-kcms-touchpad-Remove-weird-Q_EMIT-changed-false-in-r.patch
- Restore compatibility with older kf5-filesystem
- Remove duplicate mention of kimpanel-ibus-panel
==== plasma5-integration ====
Version update (5.24.2 -> 5.24.3)
- Update to 5.24.3
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.24.3
- Changes since 5.24.2:
* [KDEPlatformFileDialog] Don't do stat if baseUrl didn't change
==== plasma5-openSUSE ====
Subpackages: plasma5-defaults-openSUSE plasma5-theme-openSUSE sddm-theme-openSUSE
- Update to 5.24.3
==== plasma5-pa ====
Version update (5.24.2 -> 5.24.3)
- Update to 5.24.3
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.24.3
- Changes since 5.24.2:
* [kcm] Update device combobox when current device changes externally
==== plasma5-workspace ====
Version update (5.24.2 -> 5.24.3)
Subpackages: gmenudbusmenuproxy plasma5-session plasma5-session-wayland plasma5-workspace-libs xembedsniproxy
- Update to 5.24.3
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.24.3
- Changes since 5.24.2:
* kcms/colors: Implement radio button layouts better
* kcms/colors: fix spacing between radio buttons and content
* [Battery Monitor] Only show charge threshold hint for power supply batteries (kde#451161)
* [Icons KCM] Give measure delegate a text
* wallpapers: Sort BackgroundListModel by title
* applets/digital-clock: Fix `Qt.formatDateTime` returns different date when minute changes (kde#436796)
* applets/systray: align applet labels with differing line counts in hidden view (kde#438347)
* Show panel config above other windows (kde#450794)
* Use current accent colour to set ColorDialog object in colour picker
* SystemDialog: Allow accepting the dialogs with the keyboard (kde#450223)
* applets/systemtray: Do not open context menu on mouse pressed for SNI (kde#409768)
* Revert "Fix overdraw on Wayland"
* startkde: Forward stdout/stderr of started processes
* SDDM theme: stop eliding people's names so aggressively (kde#450673)
* applets/digital-clock: Word-wrap date string for desktop representation (kde#450632)
* wrap completely the invariants timer in NDEBUG
* ScreenPool as the source of truth of QScreen info
* Always ensure there is an user selected (kde#450182)
* Prevent panel going out of screen boundaries
* applets/clipboard: Focus on text area when transition is done
* applets/clipboard: Fix highlight after exiting edit mode
- Drop patches, now upstream:
* 0001-startkde-Forward-stdout-stderr-of-started-processes.patch
- Restore compatibility with older kf5-filesystem
==== polkit-kde-agent-5 ====
Version update (5.24.2 -> 5.24.3)
- Update to 5.24.3
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.24.3
- No code changes since 5.24.2
- Restore compatibility with older kf5-filesystem
==== powerdevil5 ====
Version update (5.24.2 -> 5.24.3)
- Update to 5.24.3
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.24.3
- Changes since 5.24.2:
* Improved backlight devices selection (kde#399646)
- Restore compatibility with older kf5-filesystem
==== python-PyYAML ====
- do not use setup.py test construct
https://trello.com/c/me9Z4sIv/121-setuppy-test-leftovers
==== systemsettings5 ====
Version update (5.24.2 -> 5.24.3)
- Update to 5.24.3
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.24.3
- Changes since 5.24.2:
* app/SettingsBase: Fix systemsettings unable to start when missing plugin (kde#451054)
* ModuleView: Simplify and fix custom headers logic
==== vim ====
Version update (8.2.4456 -> 8.2.4542)
Subpackages: vim-data-common vim-small
- Updated to version 8.2.4542, fixes the following problems
* Terminal test may fail on some machines.
* The GPM library can only be linked statically.
* Vim9: compiling filter() call fails with funcref that has unknown
arguments.
* Vim9: compiling sort() call fails with a funcref that has unknown
arguments.
* Vim9: wrong error for defining dict function.
* Not enough testing for quickfix code.
* Completion only uses strict matching.
* Dtrace files are recognized as filetype D.
* Fuzzy completion does not order matches properly.
"create-directories" as the final argument.
* Running filetype test leaves file behind.
* Coverity warns for uninitialized struct member.
* Coverity warns for uninitialized variable.
* Coverity warns for use of a freed function name.
* Coverity warnds for not checking return value of ftell().
* Memory allocation failures not tested in quickfix code.
* Fuzzy cmdline completion does not work for lower case.
* Operator name spelled wrong.
* Crash when using fuzzy completion.
* No fuzzy completieon for maps and abbreviations.
* Suspending with CTRL-Z does not work on Android.
* Cmdline popup menu not removed when 'lazyredraw' is set.
* No fuzzy cmdline completion for user defined completion.
* Command completion makes two rounds to collect matches.
* Vim9: some error messages are not tested.
* Compiler warning for uninitialized variable.
* Vim9: cannot compare with v:null.
* Build error with +eval but without +channel or +job.
* Failing test for comparing v:null with number.
* Terminal focus reporting only works for xterm-like terminals. (Jonathan
Rascher)
* MS-Windows makefile dependencies are outdated.
* No error if an option is given an invalid value with ":let &opt = val".
* Options test fails in the GUI.
* The find_tags() function is much too long.
* Help test fails in 24 line terminal.
* Coverity gives warnings after tags code refactoring.
* Wrong color for half of wide character next to pum scrollbar.
* Using <Plug> with "noremap" does not work.
* Vim9: at the script level declarations leak from try block to catch and
finally block.
* Vim9: can declare a global variable on the command line.
* With 'showbreak' set and after the end of the line the cursor may be
displayed in the wrong position.
* In the GUI a modifier is not recognized for the key typed after CTRL-X,
which may result in a mapping to be used. (Daniel Steinberg)
* Vim9: there is no point in supporting :Print and :mode.
* When there is a partially matching map and modifyOtherKeys is active a
full map may not work.
* Vim9: outdated "autocmd nested" still works.
* "pattern not found" for :global is not an error message.
* Test fails because of new error message.
* Vim9: cannot assign to a global variable on the command line.
* Vim9: can declare a variable with ":va".
* Vim9: shortening commands leads to confusing script.
* Filetype test fails.
* The find_tags_in_file() function is much too long.
* Window-local directory is not applied if 'acd' fails.
* Vim9: some flow commands can be shortened.
* Old subsitute syntax is still supported.
* Build failure without the +eval feature.
* The binary tag search feature is always enabled.
* Vim9: Can still use ":fini" and ":finis" for ":finish".
* Using wrong highlight for cursor line number.
* Build failure without the +diff feature. (John Marriott)
* GUI test fails with Motif. (Dominique Pellé)
* When gvim is started maximized the 'window' option isn't set
properly. (Christian J. Robinson)
* Some GUI tests don't work on Athena.
* Vim9: cannot set variables to a null value.
* The Athena GUI is old and does not work well.
* Crash when using null_function for a partial.
* Vim9: comparing partial with function fails.
* Making comparison with null work changes legacy behavior.
* LGTM warnings for condition always true and buffer size too small.
* Suspending with CTRL-Z does not work on OpenBSD.
* Vim9: no test that after assigning null the type is still checked.
* Vim9: "is" operator with empty string and null returns true.
* Filename modifer ":8" removes the filename.
* Debugger test fails when breaking on expression.
* Output from linter and language server shows up in git.
* The find_tags_in_file() function is too long.
* When comparing special v:none and v:null are handled the same when
compiling.
* Line number for error is off by one.
* Crash in debugger when a variable is not available in the current block.
* Vim9: "break" inside try/catch not handled correctly.
==== wireplumber ====
Subpackages: libwireplumber-0_4-0 wireplumber-audio
- Add patch from upstream to fix a crash on tty switch
(glfo#pipewire/wireplumber#193):
* 0002-policy-bluetooth-fix-string.find-crash-with-nil-string.patch
- Add patch from upstream to fix issues with PulseAudio support with
PipeWire 0.3.48+ (glfo#pipewire/pipewire#2189):
* 0003-si-audio-adapter-relax-format-parsing.patch
- Some spec clean-up.
==== xdg-desktop-portal-kde ====
Version update (5.24.2 -> 5.24.3)
- Update to 5.24.3
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma/5/5.24.3
- No code changes since 5.24.2
- Restore compatibility with older kf5-filesystem
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=1&version=T…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
python-PyYAML
vim (8.2.4456 -> 8.2.4542)
=== Details ===
==== python-PyYAML ====
- do not use setup.py test construct
https://trello.com/c/me9Z4sIv/121-setuppy-test-leftovers
==== vim ====
Version update (8.2.4456 -> 8.2.4542)
Subpackages: vim-data-common vim-small
- Updated to version 8.2.4542, fixes the following problems
* Terminal test may fail on some machines.
* The GPM library can only be linked statically.
* Vim9: compiling filter() call fails with funcref that has unknown
arguments.
* Vim9: compiling sort() call fails with a funcref that has unknown
arguments.
* Vim9: wrong error for defining dict function.
* Not enough testing for quickfix code.
* Completion only uses strict matching.
* Dtrace files are recognized as filetype D.
* Fuzzy completion does not order matches properly.
"create-directories" as the final argument.
* Running filetype test leaves file behind.
* Coverity warns for uninitialized struct member.
* Coverity warns for uninitialized variable.
* Coverity warns for use of a freed function name.
* Coverity warnds for not checking return value of ftell().
* Memory allocation failures not tested in quickfix code.
* Fuzzy cmdline completion does not work for lower case.
* Operator name spelled wrong.
* Crash when using fuzzy completion.
* No fuzzy completieon for maps and abbreviations.
* Suspending with CTRL-Z does not work on Android.
* Cmdline popup menu not removed when 'lazyredraw' is set.
* No fuzzy cmdline completion for user defined completion.
* Command completion makes two rounds to collect matches.
* Vim9: some error messages are not tested.
* Compiler warning for uninitialized variable.
* Vim9: cannot compare with v:null.
* Build error with +eval but without +channel or +job.
* Failing test for comparing v:null with number.
* Terminal focus reporting only works for xterm-like terminals. (Jonathan
Rascher)
* MS-Windows makefile dependencies are outdated.
* No error if an option is given an invalid value with ":let &opt = val".
* Options test fails in the GUI.
* The find_tags() function is much too long.
* Help test fails in 24 line terminal.
* Coverity gives warnings after tags code refactoring.
* Wrong color for half of wide character next to pum scrollbar.
* Using <Plug> with "noremap" does not work.
* Vim9: at the script level declarations leak from try block to catch and
finally block.
* Vim9: can declare a global variable on the command line.
* With 'showbreak' set and after the end of the line the cursor may be
displayed in the wrong position.
* In the GUI a modifier is not recognized for the key typed after CTRL-X,
which may result in a mapping to be used. (Daniel Steinberg)
* Vim9: there is no point in supporting :Print and :mode.
* When there is a partially matching map and modifyOtherKeys is active a
full map may not work.
* Vim9: outdated "autocmd nested" still works.
* "pattern not found" for :global is not an error message.
* Test fails because of new error message.
* Vim9: cannot assign to a global variable on the command line.
* Vim9: can declare a variable with ":va".
* Vim9: shortening commands leads to confusing script.
* Filetype test fails.
* The find_tags_in_file() function is much too long.
* Window-local directory is not applied if 'acd' fails.
* Vim9: some flow commands can be shortened.
* Old subsitute syntax is still supported.
* Build failure without the +eval feature.
* The binary tag search feature is always enabled.
* Vim9: Can still use ":fini" and ":finis" for ":finish".
* Using wrong highlight for cursor line number.
* Build failure without the +diff feature. (John Marriott)
* GUI test fails with Motif. (Dominique Pellé)
* When gvim is started maximized the 'window' option isn't set
properly. (Christian J. Robinson)
* Some GUI tests don't work on Athena.
* Vim9: cannot set variables to a null value.
* The Athena GUI is old and does not work well.
* Crash when using null_function for a partial.
* Vim9: comparing partial with function fails.
* Making comparison with null work changes legacy behavior.
* LGTM warnings for condition always true and buffer size too small.
* Suspending with CTRL-Z does not work on OpenBSD.
* Vim9: no test that after assigning null the type is still checked.
* Vim9: "is" operator with empty string and null returns true.
* Filename modifer ":8" removes the filename.
* Debugger test fails when breaking on expression.
* Output from linter and language server shows up in git.
* The find_tags_in_file() function is too long.
* When comparing special v:none and v:null are handled the same when
compiling.
* Line number for error is off by one.
* Crash in debugger when a variable is not available in the current block.
* Vim9: "break" inside try/catch not handled correctly.
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
cockpit-podman
dbus-1 (1.12.22 -> 1.14.0)
dbus-1-x11 (1.12.22 -> 1.14.0)
gnutls
kbd
libvdpau (1.4 -> 1.5)
logrotate
lua54
mozilla-nss (3.74 -> 3.75)
openssl-1_1
qemu
yast2 (4.4.45 -> 4.4.47)
=== Details ===
==== cockpit-podman ====
- Add source-offest to _service to fix build error in Leap.
==== dbus-1 ====
Version update (1.12.22 -> 1.14.0)
Subpackages: libdbus-1-3
- Update to version 1.14.0:
+ Dependencies:
- dbus now requires at least a basic level of support for C99
variadic macros, as implemented in gcc >= 3, all versions of
Clang, and MSVC >= 2005. In practice this requirement has
existed since version 1.9.2, but it is now official.
- dbus now requires a C99-compatible va_copy() macro
(or a __va_copy() macro with the same behaviour), except when
building for Windows using MSVC and CMake.
- On Unix platforms, if getpwnam_r() and getgrnam_r() are
implemented, they must be POSIX-conformant. The non-POSIX
signature seen in ancient Solaris versions will no longer
work.
- GLib >= 2.38 is required if full test coverage is enabled
(reduced from 2.40 in dbus 1.12.x.)
- Building using CMake now requires CMake 3.4.
- Building documentation using CMake now requires xsltproc,
Docbook DTDs (for example docbook-xml on Debian derivatives),
and Docbook XSLT stylesheets (for example docbook-xsl on
Debian derivatives). Using KDE's meinproc4 documentation
processor is no longer supported.
+ Build-time configuration changes: Move CMake build system to
top level, matching normal practice for CMake projects
+ Deprecations:
- Third-party software should install default dbus policies for
the system bus into ${datadir}/dbus-1/system.d (this has been
supported since dbus 1.10, released in August 2015).
Installing default dbus policies in
${sysconfdir}/dbus-1/system.d is now considered to be
deprecated. Policy files in ${sysconfdir}/dbus-1/system.d
continue to be read, but this directory should only be used
by system administrators wishing to override the default
policies.
- The ${datadir} applicable to dbus is usually /usr/share and
the ${sysconfdir} is usually /etc.
- A similar pattern applies to the session bus policies in
session.d.
- The dbus-send(1) man page now documents --bus and --peer
instead of the old --address synonym for --peer, which has
been deprecated since the introduction of --bus and --peer in
1.7.6
- The dbus-daemon man page now has scarier warnings about
<allow_anonymous/> and non-local TCP, which are insecure and
should not be used, particularly for the standard system and
session buses.
- DBusServer (and hence the dbus-daemon) no longer accepts
usernames (login names) for the recommended EXTERNAL
authentication mechanism, only numeric user IDs or the empty
string. See 1.13.0 release notes for full details.
+ New features:
- On Linux 4.13 or later when built against a suitable glibc
version, GetConnectionCredentials() now includes
UnixGroupIDs, the effective group IDs of the initiator of the
connection, taken from SO_PEERGROUPS.
- On Linux 4.13 or later, <policy group="?"> now uses the
SO_PEERGROUPS credentials-passing socket option to get the
effective group IDs of the initiator of the connection. See
1.13.4 release notes for details.
- Add a --sender option to dbus-send, which requests a name and
holds it until the signal has been sent
- dbus-daemon <allow> and <deny> rules can now specify a
send_destination_prefix attribute, which is like a
combination of send_destination and the arg0namespace keyword
in match rules. See 1.13.12 release notes for more details.
- The dbus-daemon now filters the messages that it relays,
removing header fields that it does not understand. Clients
must not rely on this behaviour unless they have confirmed
that they are connected to a suitable message bus
implementation, for example by querying its Features
property.
- The dbus-daemon now emits a signal,
ActivatableServicesChanged, when the list of activatable
services may have changed. Support for this signal can be
discovered by querying the Features property.
- It is now possible to disable traditional (non-systemd)
service activation at build-time (Autotools:
- -disable-traditional-activation, CMake:
- DENABLE_TRADITIONAL_ACTIVATION=OFF). See 1.13.10 release
notes for details.
- The API reference manual can be built as a Qt compiled help
file if qhelpgenerator(-qt5) is available. See 1.13.16
release notes for details.
+ Miscellaneous behaviour changes:
- When using the "user bus" (--enable-user-session), put the
dbus-daemon in the session slice
- Several environment variables set by systemd are no longer
passed on to activated services
- If the dbus-daemon is compiled for Linux with systemd
support, it now informs systemd that it is ready for use via
the sd_notify() mechanism.
- Tarball releases no longer contain pre-2007 changelogs and
are now compressed with xz, making them around 35% smaller.
- Drop conditionals for old obsolete versions of openSUSE.
- Rebase patches with quilt.
- Use https for source and sig URL.
==== dbus-1-x11 ====
Version update (1.12.22 -> 1.14.0)
- Update to version 1.14.0:
+ Dependencies:
- dbus now requires at least a basic level of support for C99
variadic macros, as implemented in gcc >= 3, all versions of
Clang, and MSVC >= 2005. In practice this requirement has
existed since version 1.9.2, but it is now official.
- dbus now requires a C99-compatible va_copy() macro
(or a __va_copy() macro with the same behaviour), except when
building for Windows using MSVC and CMake.
- On Unix platforms, if getpwnam_r() and getgrnam_r() are
implemented, they must be POSIX-conformant. The non-POSIX
signature seen in ancient Solaris versions will no longer
work.
- GLib >= 2.38 is required if full test coverage is enabled
(reduced from 2.40 in dbus 1.12.x.)
- Building using CMake now requires CMake 3.4.
- Building documentation using CMake now requires xsltproc,
Docbook DTDs (for example docbook-xml on Debian derivatives),
and Docbook XSLT stylesheets (for example docbook-xsl on
Debian derivatives). Using KDE's meinproc4 documentation
processor is no longer supported.
+ Build-time configuration changes: Move CMake build system to
top level, matching normal practice for CMake projects
+ Deprecations:
- Third-party software should install default dbus policies for
the system bus into ${datadir}/dbus-1/system.d (this has been
supported since dbus 1.10, released in August 2015).
Installing default dbus policies in
${sysconfdir}/dbus-1/system.d is now considered to be
deprecated. Policy files in ${sysconfdir}/dbus-1/system.d
continue to be read, but this directory should only be used
by system administrators wishing to override the default
policies.
- The ${datadir} applicable to dbus is usually /usr/share and
the ${sysconfdir} is usually /etc.
- A similar pattern applies to the session bus policies in
session.d.
- The dbus-send(1) man page now documents --bus and --peer
instead of the old --address synonym for --peer, which has
been deprecated since the introduction of --bus and --peer in
1.7.6
- The dbus-daemon man page now has scarier warnings about
<allow_anonymous/> and non-local TCP, which are insecure and
should not be used, particularly for the standard system and
session buses.
- DBusServer (and hence the dbus-daemon) no longer accepts
usernames (login names) for the recommended EXTERNAL
authentication mechanism, only numeric user IDs or the empty
string. See 1.13.0 release notes for full details.
+ New features:
- On Linux 4.13 or later when built against a suitable glibc
version, GetConnectionCredentials() now includes
UnixGroupIDs, the effective group IDs of the initiator of the
connection, taken from SO_PEERGROUPS.
- On Linux 4.13 or later, <policy group="?"> now uses the
SO_PEERGROUPS credentials-passing socket option to get the
effective group IDs of the initiator of the connection. See
1.13.4 release notes for details.
- Add a --sender option to dbus-send, which requests a name and
holds it until the signal has been sent
- dbus-daemon <allow> and <deny> rules can now specify a
send_destination_prefix attribute, which is like a
combination of send_destination and the arg0namespace keyword
in match rules. See 1.13.12 release notes for more details.
- The dbus-daemon now filters the messages that it relays,
removing header fields that it does not understand. Clients
must not rely on this behaviour unless they have confirmed
that they are connected to a suitable message bus
implementation, for example by querying its Features
property.
- The dbus-daemon now emits a signal,
ActivatableServicesChanged, when the list of activatable
services may have changed. Support for this signal can be
discovered by querying the Features property.
- It is now possible to disable traditional (non-systemd)
service activation at build-time (Autotools:
- -disable-traditional-activation, CMake:
- DENABLE_TRADITIONAL_ACTIVATION=OFF). See 1.13.10 release
notes for details.
- The API reference manual can be built as a Qt compiled help
file if qhelpgenerator(-qt5) is available. See 1.13.16
release notes for details.
+ Miscellaneous behaviour changes:
- When using the "user bus" (--enable-user-session), put the
dbus-daemon in the session slice
- Several environment variables set by systemd are no longer
passed on to activated services
- If the dbus-daemon is compiled for Linux with systemd
support, it now informs systemd that it is ready for use via
the sd_notify() mechanism.
- Tarball releases no longer contain pre-2007 changelogs and
are now compressed with xz, making them around 35% smaller.
- Drop conditionals for old obsolete versions of openSUSE.
- Rebase patches with quilt.
- Use https for source and sig URL.
==== gnutls ====
- build with lto
- build with -Wl,-z,now -Wl,-z,relro
- build without -fanalyzer, which cuts build time in ~ half
==== kbd ====
Subpackages: kbd-legacy
- Refresh kbdsettings-nox86.patch to fix build on non-x86*
architectures
==== libvdpau ====
Version update (1.4 -> 1.5)
- Add U_Support-AV1.patch: Add support for AV1 in vdpauinfo.
- Minor tweaks to spec.
- Update to version 1.5:
* Add AV1 decode support in VDPAU API
* Addition of comma and removing the extra braces
* Add tracing for HEVCRangeExt picture info
* Add tracing for VP9 picture info
- Also update vdpauinfo to version 1.4
- Drop patches fixed upstream:
* c5a8e7c6c8b4b36a0e4c9a4369404519262a3256.patch
* e82dc4bdbb0db3ffa8c78275902738eb63aa5ca8.patch
==== logrotate ====
- Added own logrotate.service file in order to define a new order
of parsed config files:
/usr/etc/logrotate.conf Default configuration file defined by
the vendor.
/usr/etc/logrotate.d/* Directory for additional configuration
files defined by the vendor.
/etc/logrotate.conf Default configuration file defined by
the administrator. (optional)
/etc/logrotate.d/* Directory for additional configuration
files defined by the administrator.
(optional)
- drop logrotate-3.19.0-systemd_add_home_env.patch:
- included in new logrotate.service
- Adapted man page: logrotate-3.19.0-man_logrotate.patch
==== lua54 ====
- Added patches from upstream:
* luabugs1.patch
* luabugs2.patch
- Adjust buildsystem so that it matches upstream git (testes??)
- Drop the lua_docdir define, package docs in the standard
location. Instead just silently drop packaging the README with
the path that does not makes sense for a rpm package, but for a
source tarball install. Simpler solution to boo#1186233.
==== mozilla-nss ====
Version update (3.74 -> 3.75)
Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs
- update to NSS 3.75
* bmo#1749030 - This patch adds gcc-9 and gcc-10 to the CI.
* bmo#1749794 - Make DottedOIDToCode.py compatible with python3.
* bmo#1749475 - Avoid undefined shift in SSL_CERT_IS while fuzzing.
* bmo#1748386 - Remove redundant key type check.
* bmo#1749869 - Update ABI expectations to match ECH changes.
* bmo#1748386 - Enable CKM_CHACHA20.
* bmo#1747327 - check return on NSS_NoDB_Init and NSS_Shutdown.
* bmo#1747310 - real move assignment operator.
* bmo#1748245 - Run ECDSA test vectors from bltest as part of the CI tests.
* bmo#1743302 - Add ECDSA test vectors to the bltest command line tool.
* bmo#1747772 - Allow to build using clang's integrated assembler.
* bmo#1321398 - Allow to override python for the build.
* bmo#1747317 - test HKDF output rather than input.
* bmo#1747316 - Use ASSERT macros to end failed tests early.
* bmo#1747310 - move assignment operator for DataBuffer.
* bmo#1712879 - Add test cases for ECH compression and unexpected
extensions in SH.
* bmo#1725938 - Update tests for ECH-13.
* bmo#1725938 - Tidy up error handling.
* bmo#1728281 - Add tests for ECH HRR Changes.
* bmo#1728281 - Server only sends GREASE HRR extension if enabled
by preference.
* bmo#1725938 - Update generation of the Associated Data for ECH-13.
* bmo#1712879 - When ECH is accepted, reject extensions which were
only advertised in the Outer Client Hello.
* bmo#1712879 - Allow for compressed, non-contiguous, extensions.
* bmo#1712879 - Scramble the PSK extension in CHOuter.
* bmo#1712647 - Split custom extension handling for ECH.
* bmo#1728281 - Add ECH-13 HRR Handling.
* bmo#1677181 - Client side ECH padding.
* bmo#1725938 - Stricter ClientHelloInner Decompression.
* bmo#1725938 - Remove ECH_inner extension, use new enum format.
* bmo#1725938 - Update the version number for ECH-13 and adjust
the ECHConfig size.
==== openssl-1_1 ====
Subpackages: libopenssl1_1
- Security fix: [bsc#1192820, CVE-2002-20001]
* Fix DHEATER: The Diffie-Hellman Key Agreement Protocol allows
remote attackers (from the client side) to send arbitrary
numbers that are actually not public keys, and trigger
expensive server-side DHE calculation.
* Stop recommending the DHE in SSL_DEFAULT_SUSE_CIPHER_LIST
* Rebase openssl-DEFAULT_SUSE_cipher.patch
- Fix the engines section in /etc/ssl/openssl.cnf [bsc#1194187]
* In an INI-type file, the sections begin with a [section_name]
and they run until the next section begins.
* Rebase openssl-1_1-use-include-directive.patch
==== qemu ====
- Build PPC firmwares from sources on non-PPC builds as well
(bsc#1193545)
- Build RiscV firmwares on non-RiscV builds as well
- While there, refactor (and simplify!) the firmware building
logic and code
* Patches added:
Makefile-define-endianess-for-cross-buil.patch
Makefile-fix-build-with-binutils-2.38.patch
- qemu,kvm,xen: NULL pointer dereference issue in megasas-gen2 host
bus adapter (bsc#1180432, CVE-2020-35503)
* Patches added:
hw-scsi-megasas-check-for-NULL-frame-in-.patch
==== yast2 ====
Version update (4.4.45 -> 4.4.47)
- Extend the Package module to force using PackageSystem or
PackageAI without having the mode into account.
- AutoYaST: properly detect whether firewalld, bind and
yast2-dns-server packages are installed when cloning a system
(bsc#1196963).
- 4.4.47
- Reverted LD_PRELOAD change (GitHub PR#1236) (bsc#1196326)
- 4.4.46
- New doc: Invoking External Commands in YaST (in doc/)
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=1&version=T…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
ceph (16.2.6.463+g22e7612f9ad -> 16.2.7.596+g7d574789716)
cockpit-podman
dbus-1 (1.12.22 -> 1.14.0)
gnutls
helm
kbd
logrotate
lua54
mozilla-nss (3.74 -> 3.75)
nfs-utils
openssl-1_1
qemu
yast2 (4.4.45 -> 4.4.47)
=== Details ===
==== ceph ====
Version update (16.2.6.463+g22e7612f9ad -> 16.2.7.596+g7d574789716)
Subpackages: ceph-common libcephfs2 librados2 librbd1 librgw2 python3-ceph-argparse python3-ceph-common python3-cephfs python3-rados python3-rbd python3-rgw
- Update to 16.2.7-596-g7d574789716
+ Update Prometheus Container image paths (pr #459)
+ mgr/dashboard: Fix documentation URL (pr #456)
+ mgr/dashboard: Adapt downstream branded navigation page (pr #454)
- Update to 16.2.7-577-g3e3603b5dd1
+ Update prometheus-server version
- Update to 16.2.7-37-gb3be69440db:
+ (bsc#1194353) Downstream branding breaks dashboard npm build
==== cockpit-podman ====
- Add source-offest to _service to fix build error in Leap.
==== dbus-1 ====
Version update (1.12.22 -> 1.14.0)
Subpackages: libdbus-1-3
- Update to version 1.14.0:
+ Dependencies:
- dbus now requires at least a basic level of support for C99
variadic macros, as implemented in gcc >= 3, all versions of
Clang, and MSVC >= 2005. In practice this requirement has
existed since version 1.9.2, but it is now official.
- dbus now requires a C99-compatible va_copy() macro
(or a __va_copy() macro with the same behaviour), except when
building for Windows using MSVC and CMake.
- On Unix platforms, if getpwnam_r() and getgrnam_r() are
implemented, they must be POSIX-conformant. The non-POSIX
signature seen in ancient Solaris versions will no longer
work.
- GLib >= 2.38 is required if full test coverage is enabled
(reduced from 2.40 in dbus 1.12.x.)
- Building using CMake now requires CMake 3.4.
- Building documentation using CMake now requires xsltproc,
Docbook DTDs (for example docbook-xml on Debian derivatives),
and Docbook XSLT stylesheets (for example docbook-xsl on
Debian derivatives). Using KDE's meinproc4 documentation
processor is no longer supported.
+ Build-time configuration changes: Move CMake build system to
top level, matching normal practice for CMake projects
+ Deprecations:
- Third-party software should install default dbus policies for
the system bus into ${datadir}/dbus-1/system.d (this has been
supported since dbus 1.10, released in August 2015).
Installing default dbus policies in
${sysconfdir}/dbus-1/system.d is now considered to be
deprecated. Policy files in ${sysconfdir}/dbus-1/system.d
continue to be read, but this directory should only be used
by system administrators wishing to override the default
policies.
- The ${datadir} applicable to dbus is usually /usr/share and
the ${sysconfdir} is usually /etc.
- A similar pattern applies to the session bus policies in
session.d.
- The dbus-send(1) man page now documents --bus and --peer
instead of the old --address synonym for --peer, which has
been deprecated since the introduction of --bus and --peer in
1.7.6
- The dbus-daemon man page now has scarier warnings about
<allow_anonymous/> and non-local TCP, which are insecure and
should not be used, particularly for the standard system and
session buses.
- DBusServer (and hence the dbus-daemon) no longer accepts
usernames (login names) for the recommended EXTERNAL
authentication mechanism, only numeric user IDs or the empty
string. See 1.13.0 release notes for full details.
+ New features:
- On Linux 4.13 or later when built against a suitable glibc
version, GetConnectionCredentials() now includes
UnixGroupIDs, the effective group IDs of the initiator of the
connection, taken from SO_PEERGROUPS.
- On Linux 4.13 or later, <policy group="?"> now uses the
SO_PEERGROUPS credentials-passing socket option to get the
effective group IDs of the initiator of the connection. See
1.13.4 release notes for details.
- Add a --sender option to dbus-send, which requests a name and
holds it until the signal has been sent
- dbus-daemon <allow> and <deny> rules can now specify a
send_destination_prefix attribute, which is like a
combination of send_destination and the arg0namespace keyword
in match rules. See 1.13.12 release notes for more details.
- The dbus-daemon now filters the messages that it relays,
removing header fields that it does not understand. Clients
must not rely on this behaviour unless they have confirmed
that they are connected to a suitable message bus
implementation, for example by querying its Features
property.
- The dbus-daemon now emits a signal,
ActivatableServicesChanged, when the list of activatable
services may have changed. Support for this signal can be
discovered by querying the Features property.
- It is now possible to disable traditional (non-systemd)
service activation at build-time (Autotools:
- -disable-traditional-activation, CMake:
- DENABLE_TRADITIONAL_ACTIVATION=OFF). See 1.13.10 release
notes for details.
- The API reference manual can be built as a Qt compiled help
file if qhelpgenerator(-qt5) is available. See 1.13.16
release notes for details.
+ Miscellaneous behaviour changes:
- When using the "user bus" (--enable-user-session), put the
dbus-daemon in the session slice
- Several environment variables set by systemd are no longer
passed on to activated services
- If the dbus-daemon is compiled for Linux with systemd
support, it now informs systemd that it is ready for use via
the sd_notify() mechanism.
- Tarball releases no longer contain pre-2007 changelogs and
are now compressed with xz, making them around 35% smaller.
- Drop conditionals for old obsolete versions of openSUSE.
- Rebase patches with quilt.
- Use https for source and sig URL.
==== gnutls ====
- build with lto
- build with -Wl,-z,now -Wl,-z,relro
- build without -fanalyzer, which cuts build time in ~ half
==== helm ====
- avoid CGO to workaround missing gold dependency (bsc#1183043)
==== kbd ====
Subpackages: kbd-legacy
- Refresh kbdsettings-nox86.patch to fix build on non-x86*
architectures
==== logrotate ====
- Added own logrotate.service file in order to define a new order
of parsed config files:
/usr/etc/logrotate.conf Default configuration file defined by
the vendor.
/usr/etc/logrotate.d/* Directory for additional configuration
files defined by the vendor.
/etc/logrotate.conf Default configuration file defined by
the administrator. (optional)
/etc/logrotate.d/* Directory for additional configuration
files defined by the administrator.
(optional)
- drop logrotate-3.19.0-systemd_add_home_env.patch:
- included in new logrotate.service
- Adapted man page: logrotate-3.19.0-man_logrotate.patch
==== lua54 ====
- Added patches from upstream:
* luabugs1.patch
* luabugs2.patch
- Adjust buildsystem so that it matches upstream git (testes??)
- Drop the lua_docdir define, package docs in the standard
location. Instead just silently drop packaging the README with
the path that does not makes sense for a rpm package, but for a
source tarball install. Simpler solution to boo#1186233.
==== mozilla-nss ====
Version update (3.74 -> 3.75)
Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs
- update to NSS 3.75
* bmo#1749030 - This patch adds gcc-9 and gcc-10 to the CI.
* bmo#1749794 - Make DottedOIDToCode.py compatible with python3.
* bmo#1749475 - Avoid undefined shift in SSL_CERT_IS while fuzzing.
* bmo#1748386 - Remove redundant key type check.
* bmo#1749869 - Update ABI expectations to match ECH changes.
* bmo#1748386 - Enable CKM_CHACHA20.
* bmo#1747327 - check return on NSS_NoDB_Init and NSS_Shutdown.
* bmo#1747310 - real move assignment operator.
* bmo#1748245 - Run ECDSA test vectors from bltest as part of the CI tests.
* bmo#1743302 - Add ECDSA test vectors to the bltest command line tool.
* bmo#1747772 - Allow to build using clang's integrated assembler.
* bmo#1321398 - Allow to override python for the build.
* bmo#1747317 - test HKDF output rather than input.
* bmo#1747316 - Use ASSERT macros to end failed tests early.
* bmo#1747310 - move assignment operator for DataBuffer.
* bmo#1712879 - Add test cases for ECH compression and unexpected
extensions in SH.
* bmo#1725938 - Update tests for ECH-13.
* bmo#1725938 - Tidy up error handling.
* bmo#1728281 - Add tests for ECH HRR Changes.
* bmo#1728281 - Server only sends GREASE HRR extension if enabled
by preference.
* bmo#1725938 - Update generation of the Associated Data for ECH-13.
* bmo#1712879 - When ECH is accepted, reject extensions which were
only advertised in the Outer Client Hello.
* bmo#1712879 - Allow for compressed, non-contiguous, extensions.
* bmo#1712879 - Scramble the PSK extension in CHOuter.
* bmo#1712647 - Split custom extension handling for ECH.
* bmo#1728281 - Add ECH-13 HRR Handling.
* bmo#1677181 - Client side ECH padding.
* bmo#1725938 - Stricter ClientHelloInner Decompression.
* bmo#1725938 - Remove ECH_inner extension, use new enum format.
* bmo#1725938 - Update the version number for ECH-13 and adjust
the ECHConfig size.
==== nfs-utils ====
Subpackages: libnfsidmap1 nfs-client
- add reenable-nfsv2.patch for reverting nfsv2 deprecation until
test coverage is fixed (poo#106679)
- Add gcc12-fix.patch upstream fix for GCC 12 compiler.
- Update to version 2.6.1
- https://kernel.org/pub/linux/utils/nfs-utils/2.6.1/2.6.1-Changelog
- remove patches from this release:
- 0001-gssd-fix-crash-in-debug-message.patch,
- Add-disable-sbin-override-for-when-sbin-is-a-symlink.patch
==== openssl-1_1 ====
Subpackages: libopenssl1_1
- Security fix: [bsc#1192820, CVE-2002-20001]
* Fix DHEATER: The Diffie-Hellman Key Agreement Protocol allows
remote attackers (from the client side) to send arbitrary
numbers that are actually not public keys, and trigger
expensive server-side DHE calculation.
* Stop recommending the DHE in SSL_DEFAULT_SUSE_CIPHER_LIST
* Rebase openssl-DEFAULT_SUSE_cipher.patch
- Fix the engines section in /etc/ssl/openssl.cnf [bsc#1194187]
* In an INI-type file, the sections begin with a [section_name]
and they run until the next section begins.
* Rebase openssl-1_1-use-include-directive.patch
==== qemu ====
- Build PPC firmwares from sources on non-PPC builds as well
(bsc#1193545)
- Build RiscV firmwares on non-RiscV builds as well
- While there, refactor (and simplify!) the firmware building
logic and code
* Patches added:
Makefile-define-endianess-for-cross-buil.patch
Makefile-fix-build-with-binutils-2.38.patch
- qemu,kvm,xen: NULL pointer dereference issue in megasas-gen2 host
bus adapter (bsc#1180432, CVE-2020-35503)
* Patches added:
hw-scsi-megasas-check-for-NULL-frame-in-.patch
==== yast2 ====
Version update (4.4.45 -> 4.4.47)
- Extend the Package module to force using PackageSystem or
PackageAI without having the mode into account.
- AutoYaST: properly detect whether firewalld, bind and
yast2-dns-server packages are installed when cloning a system
(bsc#1196963).
- 4.4.47
- Reverted LD_PRELOAD change (GitHub PR#1236) (bsc#1196326)
- 4.4.46
- New doc: Invoking External Commands in YaST (in doc/)
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
baloo5
discover
drkonqi5
filesystem
gcc11
hwdata (0.356 -> 0.357)
kactivitymanagerd
kauth
kde-gtk-config5
kdelibs4support
kscreenlocker
kwalletmanager5
kwayland
kwin5
libksysguard5
libnvme
ncurses (6.3.20220219 -> 6.3.20220226)
openssh (8.8p1 -> 8.9p1)
plasma5-desktop
plasma5-workspace
polkit-kde-agent-5
powerdevil5
systemd
upower (0.99.16 -> 0.99.16+4)
wireless-regdb (20220108 -> 20220218)
xdg-desktop-portal-kde
=== Details ===
==== baloo5 ====
Subpackages: baloo5-imports baloo5-kioslaves libKF5Baloo5 libKF5BalooEngine5
- Replace %_libdir/libexec with %_libexecdir (boo#1174075)
==== discover ====
Subpackages: discover-backend-flatpak discover-backend-packagekit discover-notifier
- Replace %_libdir/libexec with %_libexecdir (boo#1174075)
==== drkonqi5 ====
- Replace %_libdir/libexec with %_libexecdir (boo#1174075)
==== filesystem ====
- Create tmpfiles.d which creates /usr/local on the fly
==== gcc11 ====
Subpackages: cpp11 libgcc_s1 libgomp1 libstdc++6 libubsan1
- Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from
packages provided by older GCC work. Add a requires from that
package to the corresponding libstc++6 package to keep those
at the same version. [bsc#1196107]
==== hwdata ====
Version update (0.356 -> 0.357)
- Update to version 0.357:
+ Updated pci, usb and vendor ids.
==== kactivitymanagerd ====
- Replace %_libdir/libexec with %_libexecdir (boo#1174075)
==== kauth ====
Subpackages: libKF5Auth5 libKF5AuthCore5
- Replace %_libdir/libexec with %_libexecdir (boo#1174075)
==== kde-gtk-config5 ====
Subpackages: kde-gtk-config5-gtk3
- Replace %_libdir/libexec with %_libexecdir (boo#1174075)
==== kdelibs4support ====
Subpackages: libKF5KDELibs4Support5
- Add patch to fix installation:
* 0001-Use-KDE_INSTALL_FULL_-variables-where-needed.patch
==== kscreenlocker ====
Subpackages: libKScreenLocker5
- Replace %_libdir/libexec with %_libexecdir (boo#1174075)
==== kwalletmanager5 ====
- Replace %_libdir/libexec with %_libexecdir (boo#1174075)
==== kwayland ====
- Replace %_libdir/libexec with %_libexecdir (boo#1174075)
==== kwin5 ====
- Replace %_libdir/libexec with %_libexecdir (boo#1174075)
==== libksysguard5 ====
Subpackages: ksysguardsystemstats-data libKSysGuardSystemStats1 libksysguard5-imports
- Replace %_libdir/libexec with %_libexecdir (boo#1174075)
==== libnvme ====
- Update License information. The library is released under
LGPL-2.1-or-later and not LGPL-2.1-only.
==== ncurses ====
Version update (6.3.20220219 -> 6.3.20220226)
Subpackages: libncurses6 ncurses-utils terminfo-base
- Add ncurses patch 20220226
+ fix issues found with coverity:
+ rewrite canonical_name() function of infocmp to ensure buffer size
+ corrected use of original tty-modes in tput init/reset subcommands
+ modify tabs program to limit tab-stop values to max-columns
+ add limit-checks for palette rgb values in test/ncurses.c
+ add a few null-pointer checks to help with static-analysis.
+ enforce limit on number of soft-keys used in c++ binding.
+ adjust a buffer-limit in write_entry.c to quiet a bogus warning from
gcc 12.0.1
==== openssh ====
Version update (8.8p1 -> 8.9p1)
Subpackages: openssh-clients openssh-common openssh-server
- Version update to 8.9p1:
= Security
* sshd(8): fix an integer overflow in the user authentication path
that, in conjunction with other logic errors, could have yielded
unauthenticated access under difficult to exploit conditions.
This situation is not exploitable because of independent checks in
the privilege separation monitor. Privilege separation has been
enabled by default in since openssh-3.2.2 (released in 2002) and
has been mandatory since openssh-7.5 (released in 2017). Moreover,
portable OpenSSH has used toolchain features available in most
modern compilers to abort on signed integer overflow since
openssh-6.5 (released in 2014).
Thanks to Malcolm Stagg for finding and reporting this bug.
= Potentially-incompatible changes
* sshd(8), portable OpenSSH only: this release removes in-built
support for MD5-hashed passwords. If you require these on your
system then we recommend linking against libxcrypt or similar.
* This release modifies the FIDO security key middleware interface
and increments SSH_SK_VERSION_MAJOR.
= New features
* ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for
restricting forwarding and use of keys added to ssh-agent(1)
A detailed description of the feature is available at
https://www.openssh.com/agent-restrict.html and the protocol
extensions are documented in the PROTOCOL and PROTOCOL.agent
files in the source release.
* ssh(1), sshd(8): add the sntrup761x25519-sha512(a)openssh.com hybrid
ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the
default KEXAlgorithms list (after the ECDH methods but before the
prime-group DH ones). The next release of OpenSSH is likely to
make this key exchange the default method.
* ssh-keygen(1): when downloading resident keys from a FIDO token,
pass back the user ID that was used when the key was created and
append it to the filename the key is written to (if it is not the
default). Avoids keys being clobbered if the user created multiple
resident keys with the same application string but different user
IDs.
* ssh-keygen(1), ssh(1), ssh-agent(1): better handling for FIDO keys
on tokens that provide user verification (UV) on the device itself,
including biometric keys, avoiding unnecessary PIN prompts.
* ssh-keygen(1): add "ssh-keygen -Y match-principals" operation to
perform matching of principals names against an allowed signers
file. To be used towards a TOFU model for SSH signatures in git.
* ssh-add(1), ssh-agent(1): allow pin-required FIDO keys to be added
to ssh-agent(1). $SSH_ASKPASS will be used to request the PIN at
authentication time.
* ssh-keygen(1): allow selection of hash at sshsig signing time
(either sha512 (default) or sha256).
* ssh(1), sshd(8): read network data directly to the packet input
buffer instead of indirectly via a small stack buffer. Provides a
modest performance improvement.
* ssh(1), sshd(8): read data directly to the channel input buffer,
providing a similar modest performance improvement.
* ssh(1): extend the PubkeyAuthentication configuration directive to
accept yes|no|unbound|host-bound to allow control over one of the
protocol extensions used to implement agent-restricted keys.
= Bugfixes
* sshd(8): document that CASignatureAlgorithms, ExposeAuthInfo and
PubkeyAuthOptions can be used in a Match block. PR277.
* sshd(8): fix possible string truncation when constructing paths to
.rhosts/.shosts files with very long user home directory names.
* ssh-keysign(1): unbreak for KEX algorithms that use SHA384/512
exchange hashes
* ssh(1): don't put the TTY into raw mode when SessionType=none,
avoids ^C being unable to kill such a session. bz3360
* scp(1): fix some corner-case bugs in SFTP-mode handling of
~-prefixed paths.
* ssh(1): unbreak hostbased auth using RSA keys. Allow ssh(1) to
select RSA keys when only RSA/SHA2 signature algorithms are
configured (this is the default case). Previously RSA keys were
not being considered in the default case.
* ssh-keysign(1): make ssh-keysign use the requested signature
algorithm and not the default for the key type. Part of unbreaking
hostbased auth for RSA/SHA2 keys.
* ssh(1): stricter UpdateHostkey signature verification logic on
the client- side. Require RSA/SHA2 signatures for RSA hostkeys
except when RSA/SHA1 was explicitly negotiated during initial
KEX; bz3375
* ssh(1), sshd(8): fix signature algorithm selection logic for
UpdateHostkeys on the server side. The previous code tried to
prefer RSA/SHA2 for hostkey proofs of RSA keys, but missed some
cases. This will use RSA/SHA2 signatures for RSA keys if the
client proposed these algorithms in initial KEX. bz3375
* All: convert all uses of select(2)/pselect(2) to poll(2)/ppoll(2).
This includes the mainloops in ssh(1), ssh-agent(1), ssh-agent(1)
and sftp-server(8), as well as the sshd(8) listen loop and all
other FD read/writability checks. On platforms with missing or
broken poll(2)/ppoll(2) syscalls a select(2)-based compat shim is
available.
* ssh-keygen(1): the "-Y find-principals" command was verifying key
validity when using ca certs but not with simple key lifetimes
within the allowed signers file.
* ssh-keygen(1): make sshsig verify-time argument parsing optional
* sshd(8): fix truncation in rhosts/shosts path construction.
* ssh(1), ssh-agent(1): avoid xmalloc(0) for PKCS#11 keyid for ECDSA
keys (we already did this for RSA keys). Avoids fatal errors for
PKCS#11 libraries that return empty keyid, e.g. Microchip ATECC608B
"cryptoauthlib"; bz#3364
* ssh(1), ssh-agent(1): improve the testing of credentials against
inserted FIDO: ask the token whether a particular key belongs to
it in cases where the token supports on-token user-verification
(e.g. biometrics) rather than just assuming that it will accept it.
Will reduce spurious "Confirm user presence" notifications for key
handles that relate to FIDO keys that are not currently inserted in at
least some cases. bz3366
* ssh(1), sshd(8): correct value for IPTOS_DSCP_LE. It needs to
allow for the preceding two ECN bits. bz#3373
* ssh-keygen(1): add missing -O option to usage() for the "-Y sign"
option.
* ssh-keygen(1): fix a NULL deref when using the find-principals
function, when matching an allowed_signers line that contains a
namespace restriction, but no restriction specified on the
command-line
* ssh-agent(1): fix memleak in process_extension(); oss-fuzz
issue #42719
* ssh(1): suppress "Connection to xxx closed" messages when LogLevel
is set to "error" or above. bz3378
* ssh(1), sshd(8): use correct zlib flags when inflate(3)-ing
compressed packet data. bz3372
* scp(1): when recursively transferring files in SFTP mode, create the
destination directory if it doesn't already exist to match scp(1) in
legacy RCP mode behaviour.
* scp(1): many improvements in error message consistency between scp(1)
in SFTP mode vs legacy RCP mode.
* sshd(8): fix potential race in SIGTERM handling PR289
* ssh(1), ssh(8): since DSA keys are deprecated, move them to the
end of the default list of public keys so that they will be tried
last. PR295
* ssh-keygen(1): allow 'ssh-keygen -Y find-principals' to match
wildcard principals in allowed_signers files
= Portability
* ssh(1), sshd(8): don't trust closefrom(2) on Linux. glibc's
implementation does not work in a chroot when the kernel does not
have close_range(2). It tries to read from /proc/self/fd and when
that fails dies with an assertion of sorts. Instead, call
close_range(2) directly from our compat code and fall back if
that fails. bz#3349,
* OS X poll(2) is broken; use compat replacement. For character-
special devices like /dev/null, Darwin's poll(2) returns POLLNVAL
when polled with POLLIN. Apparently this is Apple bug 3710161 -
not public but a websearch will find other OSS projects
rediscovering it periodically since it was first identified in
2005.
* Correct handling of exceptfds/POLLPRI in our select(2)-based
poll(2)/ppoll(2) compat implementation.
* Cygwin: correct checking of mbstowcs() return value.
* Add a basic SECURITY.md that refers people to the openssh.com
website.
* Enable additional compiler warnings and toolchain hardening flags,
including -Wbitwise-instead-of-logical, -Wmisleading-indentation,
- fzero-call-used-regs and -ftrivial-auto-var-init.
* HP/UX. Use compat getline(3) on HP-UX 10.x, where the libc version
is not reliable.
- Rebased patches:
* openssh-7.7p1-ldap.patch
* openssh-8.0p1-gssapi-keyex.patch
* openssh-8.1p1-audit.patch
* openssh-8.4p1-vendordir.patch
* openssh-reenable-dh-group14-sha1-default.patch
==== plasma5-desktop ====
- Replace %_libdir/libexec with %_libexecdir (boo#1174075)
==== plasma5-workspace ====
Subpackages: gmenudbusmenuproxy plasma5-session plasma5-session-wayland plasma5-workspace-libs xembedsniproxy
- Replace %_libdir/libexec with %_libexecdir (boo#1174075)
==== polkit-kde-agent-5 ====
- Replace %_libdir/libexec with %_libexecdir (boo#1174075)
==== powerdevil5 ====
- Replace %_libdir/libexec with %_libexecdir (boo#1174075)
==== systemd ====
Subpackages: libsystemd0 libudev1 udev
- Fix the default target when it's been incorrectly set to one of the runlevel
targets (bsc#1196567)
The script 'upgrade-from-pre-210.sh' used to initialize the default target
during migration from sysvinit to systemd. However it created symlinks to
runlevel targets, which are deprecated and might be missing when
systemd-sysvcompat package is not installed. If such symlinks are found the
script now renames them to point to 'true' systemd target units.
- When migrating from sysvinit to systemd (it probably won't happen anymore),
let's use the default systemd target, which is the graphical.target one. In
most cases it will do the right thing anyway.
==== upower ====
Version update (0.99.16 -> 0.99.16+4)
Subpackages: libupower-glib3 typelib-1_0-UpowerGlib-1_0
- Update to version 0.99.16+4:
+ meson.build: Output correct paths for sbindir and datadir.
+ daemon: Initialize FD to -1 to avoid incorrect close.
+ input: Fix FD handling and let input stream close it.
+ linux: Set FD to -1 rather than 0 when closing delay inhibitor.
==== wireless-regdb ====
Version update (20220108 -> 20220218)
- Update to version 20220218:
* wireless-regdb: update regulatory database based on preceding changes
* wireless-regdb: Update regulatory rules for the Netherlands (NL) on 6GHz
* wireless-regdb: Update regulatory rules for China (CN)
* wireless-regdb: Update regulatory rules for South Korea (KR)
* Revert "wireless-regdb: Update regulatory rules for South Korea (KR)"
* wireless-regdb: Update regulatory rules for Spain (ES) on 6GHz
* wireless-regdb: add 802.11ah bands to world regulatory domain
* wireless-regdb: add support for US S1G channels
* wireless-regdb: Update regulatory rules for France (FR) on 6 and 60 GHz
* wireless-regdb: Update regulatory rules for South Korea (KR)
==== xdg-desktop-portal-kde ====
- Replace %_libdir/libexec with %_libexecdir (boo#1174075)
1
0