Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version=Tumbleweed&build=20220718 https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&component=MicroOS&query_format=advanced&resolution=--- Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: busybox container-selinux (2.187.0 -> 2.188.0) kernel-source (5.18.9 -> 5.18.11) keylime (6.4.1 -> 6.4.2) konsole libselinux libstorage-ng (4.5.27 -> 4.5.28) patterns-base patterns-microos perl pipewire (0.3.54 -> 0.3.55) python-html5lib selinux-policy (20220624 -> 20220714) suse-module-tools (16.0.21 -> 16.0.22) sysconfig (0.85.8 -> 0.90.0) wireplumber yast2-services-manager (4.5.0 -> 4.5.1) === Details === ==== busybox ==== Subpackages: busybox-static - prepare spec file for rpmbuild --build-in-place --noprep - use bcond for static and ww3 subpackages - fix verbose flag ==== container-selinux ==== Version update (2.187.0 -> 2.188.0) - Update to version 2.188.0: * Allow confined containers to mount overlay filesystems Fixed bsc#1201348 ==== kernel-source ==== Version update (5.18.9 -> 5.18.11) - Refresh patches.suse/0001-drm-aperture-Run-fbdev-removal-before-internal-helpe.patch. Update upstream status. - commit 4fcb983 - x86/mm: Simplify RESERVE_BRK() (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit da1381f - x86/entry: Remove UNTRAIN_RET from native_irq_return_ldt (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit ce3ce6a - Refresh patches.suse/x86-kvm-fix-FASTOP_SIZE-when-return-thunks-are-enabl.patch. Update to upstream version. - commit 3f7e318 - x86/asm/32: Fix ANNOTATE_UNRET_SAFE use on 32-bit (bsc#1199657 CVE-2022-29900 CVE-2022-29901). Update upstream status. - commit eae54b1 - tty: use new tty_insert_flip_string_and_push_buffer() in pty_write() (bsc#1198829 CVE-2022-1462). - tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push() (bsc#1198829 CVE-2022-1462). - commit cec52d3 - x86/kvm: fix FASTOP_SIZE when return thunks are enabled (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 86ef7b4 - x86/asm/32: fix ANNOTATE_UNRET_SAFE use on 32bit (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/static_call: Serialize __static_call_fixup() properly (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/speculation: Disable RRSBA behavior (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/kexec: Disable RET on kexec (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/entry: Move PUSH_AND_CLEAR_REGS() back into error_entry (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bugs: Add Cannon lake to RETBleed affected CPU list (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 834606b - x86/retbleed: Add fine grained Kconfig knobs (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - Update config files. - commit 9dbc2f6 - x86/cpu/amd: Enumerate BTC_NO (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/common: Stamp out the stepping madness (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - KVM: VMX: Prevent RSB underflow before vmenter (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/speculation: Fill RSB on vmexit for IBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - KVM: VMX: Fix IBRS handling after vmexit (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - KVM: VMX: Convert launched argument to flags (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - KVM: VMX: Flatten __vmx_vcpu_run() (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - objtool: Re-add UNWIND_HINT_{SAVE_RESTORE} (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/speculation: Remove x86_spec_ctrl_mask (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/speculation: Fix SPEC_CTRL write on SMT state change (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/speculation: Fix firmware entry SPEC_CTRL handling (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/cpu/amd: Add Spectral Chicken (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - objtool: Add entry UNRET validation (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bugs: Do IBPB fallback check only once (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bugs: Add retbleed=ibpb (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/xen: Add UNTRAIN_RET (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/xen: Rename SYS* entry points (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - objtool: Update Retpoline validation (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - intel_idle: Disable IBRS during long idle (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bugs: Report Intel retbleed vulnerability (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bugs: Optimize SPEC_CTRL MSR writes (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/entry: Add kernel IBRS implementation (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bugs: Enable STIBP for JMP2RET (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 023a0b9 - x86/bugs: Add AMD retbleed= boot parameter (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - Update config files. - commit a4a04c4 - x86/bugs: Report AMD retbleed vulnerability (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86: Add magic AMD return-thunk (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - objtool: Treat .text.__x86.* as noinstr (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/entry: Avoid very early RET (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86: Use return-thunk in asm code (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/sev: Avoid using __x86_return_thunk (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/kvm: Fix SETcc emulation for return thunks (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bpf: Use alternative RET encoding (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/ftrace: Use alternative RET encoding (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86,static_call: Use alternative RET encoding (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - objtool: skip non-text sections when adding return-thunk sites (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86,objtool: Create .return_sites (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86: Undo return-thunk damage (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/retpoline: Use -mfunction-return (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/retpoline: Swizzle retpoline thunk (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/retpoline: Cleanup some #ifdefery (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/cpufeatures: Move RETPOLINE flags to word 11 (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/kvm/vmx: Make noinstr clean (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/entry: Remove skip_r11rcx (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/entry: Don't call error_entry() for XENPV (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry() (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/entry: Switch the stack after error_entry() returns (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/traps: Use pt_regs directly in fixup_bad_iret() (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit bc4fd7c - Linux 5.18.11 (bsc#1012628). - io_uring: fix provided buffer import (bsc#1012628). - ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD (bsc#1012628). - ALSA: hda/realtek: Add quirk for Clevo L140PU (bsc#1012628). - ALSA: cs46xx: Fix missing snd_card_free() call at probe error (bsc#1012628). - can: bcm: use call_rcu() instead of costly synchronize_rcu() (bsc#1012628). - can: grcan: grcan_probe(): remove extra of_node_get() (bsc#1012628). - can: gs_usb: gs_usb_open/close(): fix memory leak (bsc#1012628). - can: m_can: m_can_chip_config(): actually enable internal timestamping (bsc#1012628). - can: m_can: m_can_{read_fifo,echo_tx_event}(): shift timestamp to full 32 bits (bsc#1012628). - can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info (bsc#1012628). - can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression (bsc#1012628). - can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits (bsc#1012628). - can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround handling for mcp2517fd (bsc#1012628). - can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround broken CRC on TBC register (bsc#1012628). - can: mcp251xfd: mcp251xfd_stop(): add missing hrtimer_cancel() (bsc#1012628). - bpf: Fix incorrect verifier simulation around jmp32's jeq/jne (bsc#1012628). - bpf: Fix insufficient bounds propagation from adjust_scalar_min_max_vals (bsc#1012628). - usbnet: fix memory leak in error case (bsc#1012628). - net: rose: fix UAF bug caused by rose_t0timer_expiry (bsc#1012628). - net: lan966x: hardcode the number of external ports (bsc#1012628). - netfilter: nft_set_pipapo: release elements in clone from abort path (bsc#1012628). - selftests/net: fix section name when using xdp_dummy.o (bsc#1012628). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): use correct length to read dev_id (bsc#1012628). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix endianness conversion (bsc#1012628). - can: rcar_canfd: Fix data transmission failed on R-Car V3U (bsc#1012628). - ASoC: qdsp6: q6apm-dai: unprepare stream if its already prepared (bsc#1012628). - MAINTAINERS: Remove iommu@lists.linux-foundation.org (bsc#1012628). - iommu/vt-d: Fix PCI bus rescan device hot add (bsc#1012628). - iommu/vt-d: Fix RID2PASID setup/teardown failure (bsc#1012628). - cxl/mbox: Use __le32 in get,set_lsa mailbox structures (bsc#1012628). - cxl: Fix cleanup of port devices on failure to probe driver (bsc#1012628). - fbdev: fbmem: Fix logo center image dx issue (bsc#1012628). - fbmem: Check virtual screen sizes in fb_set_var() (bsc#1012628). - fbcon: Disallow setting font bigger than screen size (bsc#1012628). - fbcon: Prevent that screen size is smaller than font size (bsc#1012628). - PM: runtime: Redefine pm_runtime_release_supplier() (bsc#1012628). - PM: runtime: Fix supplier device management during consumer probe (bsc#1012628). - memregion: Fix memregion_free() fallback definition (bsc#1012628). - video: of_display_timing.h: include errno.h (bsc#1012628). - fscache: Fix invalidation/lookup race (bsc#1012628). - fscache: Fix if condition in fscache_wait_on_volume_collision() (bsc#1012628). - powerpc/powernv: delay rng platform device creation until later in boot (bsc#1012628). - net: dsa: qca8k: reset cpu port on MTU change (bsc#1012628). - ARM: meson: Fix refcount leak in meson_smp_prepare_cpus (bsc#1012628). - pinctrl: sunxi: a83t: Fix NAND function name for some pins (bsc#1012628). - srcu: Tighten cleanup_srcu_struct() GP checks (bsc#1012628). - ASoC: rt711: Add endianness flag in snd_soc_component_driver (bsc#1012628). - ASoC: rt711-sdca: Add endianness flag in snd_soc_component_driver (bsc#1012628). - ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in .set_jack_detect (bsc#1012628). - ASoC: SOF: ipc3-topology: Move and correct size checks in sof_ipc3_control_load_bytes() (bsc#1012628). - ASoC: SOF: Intel: hda: Fix compressed stream position tracking (bsc#1012628). - arm64: dts: qcom: sm8450: fix interconnects property of UFS node (bsc#1012628). - arm64: dts: qcom: msm8994: Fix CPU6/7 reg values (bsc#1012628). - arm64: dts: qcom: sdm845: use dispcc AHB clock for mdss node (bsc#1012628). - ARM: mxs_defconfig: Enable the framebuffer (bsc#1012628). - arm64: dts: imx8mp-evk: correct mmc pad settings (bsc#1012628). - arm64: dts: imx8mp-evk: correct the uart2 pinctl value (bsc#1012628). - arm64: dts: imx8mp-evk: correct gpio-led pad settings (bsc#1012628). - arm64: dts: imx8mp-evk: correct vbus pad settings (bsc#1012628). - arm64: dts: imx8mp-evk: correct eqos pad settings (bsc#1012628). - arm64: dts: imx8mp-evk: correct I2C5 pad settings (bsc#1012628). - arm64: dts: imx8mp-evk: correct I2C1 pad settings (bsc#1012628). - arm64: dts: imx8mp-evk: correct I2C3 pad settings (bsc#1012628). - arm64: dts: imx8mp-phyboard-pollux-rdk: correct uart pad settings (bsc#1012628). - arm64: dts: imx8mp-phyboard-pollux-rdk: correct eqos pad settings (bsc#1012628). - arm64: dts: imx8mp-phyboard-pollux-rdk: correct i2c2 & mmc settings (bsc#1012628). - pinctrl: sunxi: sunxi_pconf_set: use correct offset (bsc#1012628). - arm64: dts: qcom: msm8992-*: Fix vdd_lvs1_2-supply typo (bsc#1012628). - ARM: at91: pm: use proper compatible for sama5d2's rtc (bsc#1012628). - ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt (bsc#1012628). - ARM: at91: pm: use proper compatibles for sama7g5's rtc and rtt (bsc#1012628). - ARM: dts: at91: sam9x60ek: fix eeprom compatible and size (bsc#1012628). - ARM: dts: at91: sama5d2_icp: fix eeprom compatibles (bsc#1012628). - ARM: at91: fix soc detection for SAM9X60 SiPs (bsc#1012628). - xsk: Clear page contiguity bit when unmapping pool (bsc#1012628). - i2c: piix4: Fix a memory leak in the EFCH MMIO support (bsc#1012628). - i40e: Fix dropped jumbo frames statistics (bsc#1012628). - i40e: Fix VF's MAC Address change on VM (bsc#1012628). - ARM: dts: stm32: add missing usbh clock and fix clk order on stm32mp15 (bsc#1012628). - ibmvnic: Properly dispose of all skbs during a failover (bsc#1012628). - selftests: forwarding: fix flood_unicast_test when h2 supports IFF_UNICAST_FLT (bsc#1012628). - selftests: forwarding: fix learning_test when h1 supports IFF_UNICAST_FLT (bsc#1012628). - selftests: forwarding: fix error message in learning_test (bsc#1012628). - ACPI: CPPC: Check _OSC for flexible address space (bsc#1012628). - ACPI: bus: Set CPPC _OSC bits for all and when CPPC_LIB is supported (bsc#1012628). - ACPI: CPPC: Only probe for _CPC if CPPC v2 is acked (bsc#1012628). - ACPI: CPPC: Don't require _OSC if X86_FEATURE_CPPC is supported (bsc#1012628). - net/mlx5e: Fix matchall police parameters validation (bsc#1012628). - mptcp: Avoid acquiring PM lock for subflow priority changes (bsc#1012628). - mptcp: Acquire the subflow socket lock before modifying MP_PRIO flags (bsc#1012628). - mptcp: fix local endpoint accounting (bsc#1012628). - r8169: fix accessing unset transport header (bsc#1012628). - i2c: cadence: Unregister the clk notifier in error path (bsc#1012628). - net/sched: act_api: Add extack to offload_act_setup() callback (bsc#1012628). - net/sched: act_police: Add extack messages for offload failure (bsc#1012628). - net/sched: act_police: allow 'continue' action offload (bsc#1012628). - dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (bsc#1012628). - dmaengine: imx-sdma: only restart cyclic channel when enabled (bsc#1012628). - misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer (bsc#1012628). - misc: rtsx_usb: use separate command and response buffers (bsc#1012628). - misc: rtsx_usb: set return value in rsp_buf alloc err path (bsc#1012628). - dmaengine: dw-axi-dmac: Fix RMW on channel suspend register (bsc#1012628). - dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo (bsc#1012628). - ida: don't use BUG_ON() for debugging (bsc#1012628). - dmaengine: pl330: Fix lockdep warning about non-static key (bsc#1012628). - dmaengine: lgm: Fix an error handling path in intel_ldma_probe() (bsc#1012628). - dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (bsc#1012628). - dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (bsc#1012628). - dmaengine: qcom: bam_dma: fix runtime PM underflow (bsc#1012628). - dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (bsc#1012628). - dmaengine: idxd: force wq context cleanup on device disable path (bsc#1012628). - commit 0e7e901 - Linux 5.18.10 (bsc#1012628). - xen/arm: Fix race in RB-tree based P2M accounting (bsc#1012628). - xen-netfront: restore __skb_queue_tail() positioning in xennet_get_responses() (bsc#1012628). - xen/blkfront: force data bouncing when backend is untrusted (bsc#1012628). - xen/netfront: force data bouncing when backend is untrusted (bsc#1012628). - xen/netfront: fix leaking data in shared pages (bsc#1012628). - xen/blkfront: fix leaking data in shared pages (bsc#1012628). - hwmon: (ibmaem) don't call platform_device_del() if platform_device_add() fails (bsc#1012628). - net: sparx5: mdb add/del handle non-sparx5 devices (bsc#1012628). - net: sparx5: Add handling of host MDB entries (bsc#1012628). - drm/fourcc: fix integer type usage in uapi header (bsc#1012628). - platform/x86: panasonic-laptop: filter out duplicate volume up/down/mute keypresses (bsc#1012628). - platform/x86: panasonic-laptop: don't report duplicate brightness key-presses (bsc#1012628). - platform/x86: panasonic-laptop: revert "Resolve hotkey double trigger bug" (bsc#1012628). - platform/x86: panasonic-laptop: sort includes alphabetically (bsc#1012628). - platform/x86: panasonic-laptop: de-obfuscate button codes (bsc#1012628). - drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c (bsc#1012628). - drm/msm/gem: Fix error return on fence id alloc fail (bsc#1012628). - drm/i915/dgfx: Disable d3cold at gfx root port (bsc#1012628). - drm/i915/gem: add missing else (bsc#1012628). - platform/x86: ideapad-laptop: Add allow_v4_dytc module parameter (bsc#1012628). - drm/msm/dpu: Increment vsync_cnt before waking up userspace (bsc#1012628). - cifs: fix minor compile warning (bsc#1012628). - net: tun: avoid disabling NAPI twice (bsc#1012628). - mlxsw: spectrum_router: Fix rollback in tunnel next hop init (bsc#1012628). - ipv6: fix lockdep splat in in6_dump_addrs() (bsc#1012628). - ipv6/sit: fix ipip6_tunnel_get_prl return value (bsc#1012628). - nvmet: add a clear_ids attribute for passthru targets (bsc#1012628). - fanotify: refine the validation checks on non-dir inode mask (bsc#1012628). - tunnels: do not assume mac header is set in skb_tunnel_check_pmtu() (bsc#1012628). - ACPI: video: Change how we determine if brightness key-presses are handled (bsc#1012628). - nvmet-tcp: fix regression in data_digest calculation (bsc#1012628). - tcp: add a missing nf_reset_ct() in 3WHS handling (bsc#1012628). - cpufreq: qcom-hw: Don't do lmh things without a throttle interrupt (bsc#1012628). - epic100: fix use after free on rmmod (bsc#1012628). - tipc: move bc link creation back to tipc_node_create (bsc#1012628). - NFC: nxp-nci: Don't issue a zero length i2c_master_read() (bsc#1012628). - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (bsc#1012628). - platform/x86: ideapad-laptop: Add Ideapad 5 15ITL05 to ideapad_dytc_v4_allow_table[] (bsc#1012628). - platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource (bsc#1012628). - powerpc/memhotplug: Add add_pages override for PPC (bsc#1012628). - Update config files. - net: dsa: felix: fix race between reading PSFP stats and port stats (bsc#1012628). - net: bonding: fix use-after-free after 802.3ad slave unbind (bsc#1012628). - selftests net: fix kselftest net fatal error (bsc#1012628). - net: phy: ax88772a: fix lost pause advertisement configuration (bsc#1012628). - net: bonding: fix possible NULL deref in rlb code (bsc#1012628). - net: asix: fix "can't send until first packet is send" issue (bsc#1012628). - net/sched: act_api: Notify user space if any actions were flushed before error (bsc#1012628). - net/dsa/hirschmann: Add missing of_node_get() in hellcreek_led_setup() (bsc#1012628). - netfilter: nft_dynset: restore set element counter when failing to update (bsc#1012628). - s390: remove unneeded 'select BUILD_BIN2C' (bsc#1012628). - vdpa/mlx5: Update Control VQ callback information (bsc#1012628). - lib/sbitmap: Fix invalid loop in __sbitmap_queue_get_batch() (bsc#1012628). - PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events (bsc#1012628). - io_uring: ensure that send/sendmsg and recv/recvmsg check sqe->ioprio (bsc#1012628). - caif_virtio: fix race between virtio_device_ready() and ndo_open() (bsc#1012628). - vfs: fix copy_file_range() regression in cross-fs copies (bsc#1012628). - NFSv4: Add an fattr allocation to _nfs4_discover_trunking() (bsc#1012628). - NFSD: restore EINVAL error translation in nfsd_commit() (bsc#1012628). - NFS: restore module put when manager exits (bsc#1012628). - net: ipv6: unexport __init-annotated seg6_hmac_net_init() (bsc#1012628). - hwmon: (occ) Prevent power cap command overwriting poll response (bsc#1012628). - selftests: mptcp: Initialize variables to quiet gcc 12 warnings (bsc#1012628). - mptcp: fix conflict with <netinet/in.h> (bsc#1012628). - selftests: mptcp: more stable diag tests (bsc#1012628). - mptcp: fix race on unaccepted mptcp sockets (bsc#1012628). - usbnet: fix memory allocation in helpers (bsc#1012628). - net: usb: asix: do not force pause frames support (bsc#1012628). - linux/dim: Fix divide by 0 in RDMA DIM (bsc#1012628). - RDMA/cm: Fix memory leak in ib_cm_insert_listen (bsc#1012628). - RDMA/qedr: Fix reporting QP timeout attribute (bsc#1012628). - net: dp83822: disable rx error interrupt (bsc#1012628). - net: dp83822: disable false carrier interrupt (bsc#1012628). - net: fix IFF_TX_SKB_NO_LINEAR definition (bsc#1012628). - net: tun: stop NAPI when detaching queues (bsc#1012628). - net: tun: unlink NAPI from device on destruction (bsc#1012628). - net: dsa: bcm_sf2: force pause link settings (bsc#1012628). - selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test (bsc#1012628). - virtio-net: fix race between ndo_open() and virtio_device_ready() (bsc#1012628). - net: usb: ax88179_178a: Fix packet receiving (bsc#1012628). - net: rose: fix UAF bugs caused by timer handler (bsc#1012628). - SUNRPC: Fix READ_PLUS crasher (bsc#1012628). - dm raid: fix KASAN warning in raid5_add_disks (bsc#1012628). - dm raid: fix accesses beyond end of raid member array (bsc#1012628). - cpufreq: amd-pstate: Add resume and suspend callbacks (bsc#1012628). - powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1012628). - powerpc/book3e: Fix PUD allocation size in map_kernel_page() (bsc#1012628). - powerpc/prom_init: Fix kernel config grep (bsc#1012628). - parisc/unaligned: Fix emulate_ldw() breakage (bsc#1012628). - parisc: Fix vDSO signal breakage on 32-bit kernel (bsc#1012628). - ceph: wait on async create before checking caps for syncfs (bsc#1012628). - nvdimm: Fix badblocks clear off-by-one error (bsc#1012628). - nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA IM2P33F8ABR1 (bsc#1012628). - nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA XPG SX6000LNP (AKA SPECTRIX S40G) (bsc#1012628). - s390/archrandom: simplify back to earlier design and initialize earlier (bsc#1012628). - net: phy: Don't trigger state machine while in suspend (bsc#1012628). - ipv6: take care of disable_policy when restoring routes (bsc#1012628). - ksmbd: use vfs_llseek instead of dereferencing NULL (bsc#1012628). - ksmbd: check invalid FileOffset and BeyondFinalZero in FSCTL_ZERO_DATA (bsc#1012628). - ksmbd: set the range of bytes to zero without extending file size in FSCTL_ZERO_DATA (bsc#1012628). - drm/amdgpu: To flush tlb for MMHUB of RAVEN series (bsc#1012628). - Revert "drm/amdgpu/display: set vblank_disable_immediate for DC" (bsc#1012628). - drm/amdgpu: fix adev variable used in amdgpu_device_gpu_recover() (bsc#1012628). - commit 97c4fd2 ==== keylime ==== Version update (6.4.1 -> 6.4.2) Subpackages: keylime-agent keylime-config keylime-firewalld keylime-logrotate keylime-registrar keylime-tpm_cert_store keylime-verifier python310-keylime - Replace python-gpg requirement - Fix consolidation for _distconfdir and _sysconfdir macro - Update to version v6.4.2: * Bump version # to 6.4.2 * Use python3-gpg instead of python3-gnupg * Update Packit CI tests to test both agent and zeromq revocation notifiers * ima_ast: Make entry parsing stricter * ima_ast: Calculate length of "n" and "n-ng" in bytes * Fix broken URLs in README (Additional Reading) * Remove CFSSL leftovers * signing: move exception handing to verify_signature() * Set revocation_notifiers = agent as default in keylime.conf * cloud_verifier: Support /notifications/revocation REST API * keylime_agent: Support /notifications/revocation REST method * revocation_notifier: Factor out revocation message processing * keylime: initialize supplementary groups when dropping privileges * Refactor allowlist processing to enable verifier-side signature checks * Full removal of the tenant WebApp * update roadmap for 2022 and 2023 * docs: make Python requirements less strict * docs: update API documentation for 2.1, add missing fields for agent quote * Add python3-alembic to distros * Update fmf plans to run test with IMA policy * Drop SPDX-License-Identifier header * Adjust CI test name according to keylime-tests PR#125 * ci: Run lint with Python 3.6 as well * [trivial]: fix style of recently added docs files * Improve error handling when doing signature verification * Fix coverage file paths in submit-HEAD-coverage workflow * Adding files from keylime-docs into main repo - Fix keylime service home directory - Adjust the directory for the TPM certificates ==== konsole ==== Subpackages: konsole-part konsole-part-lang - Add patch to fix editing imported SSH hosts (kde#455290): * 0001-Fix-error-when-trying-to-edit-the-editable-parts-of-.patch ==== libselinux ==== Subpackages: libselinux1 selinux-tools - Fixed initrd check in selinux-ready (bnc#1186127) - Added restorecon_pin_file.patch. Fixes issus when running fixfiles/restorecon ==== libstorage-ng ==== Version update (4.5.27 -> 4.5.28) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#888 - handle rootprefix when combining information from /etc/fstab and /proc/mounts - added unit tests - avoid deprecated fuunctions - coding style - typo fix and documentation update - 4.5.28 ==== patterns-base ==== Subpackages: patterns-base-base patterns-base-bootloader patterns-base-documentation patterns-base-enhanced_base patterns-base-minimal_base patterns-base-sw_management patterns-base-x11 patterns-base-x11_enhanced - Have the base pattern recommend service(network) ==== patterns-microos ==== Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-base-microdnf patterns-microos-base-packagekit patterns-microos-base-zypper patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-desktop-common patterns-microos-desktop-gnome patterns-microos-desktop-kde patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-ra_agent patterns-microos-ra_verifier patterns-microos-selinux patterns-microos-sssd_ldap - Use gnome-initial-setup for configuring user on firstboot of MicroOS Desktop - Add firewalld to the DVD pattern as YaST can be used to configure it during installation (boo#1200741) ==== perl ==== Subpackages: perl-base - move builtin.pm to perl-base as File::Copy relies on it since last update. This fixes execution of builtime source services in OBS. ==== pipewire ==== Version update (0.3.54 -> 0.3.55) Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-lang pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Add patch to fix audio after tty switching (boo#1201349): * 0002-spa-alsa-udev-Check-accessibility-of-pcm-devices-as-well.patch - Update to version 0.3.55: * Highlights - Fix some more critical bugs in the new audioconvert and the queueing in pw-stream that causes stuttering and hickups. - HFP hardware volumes are now saved and restored. - Format conversions and mixing was improved. - Small bug fixes and improvements. * PipeWire - The queueing in pw-stream was improved with support for buffer prefetch in asynchronous mode. - Add a pw-filter unit test. * tools - pw-midiplay should now work again after improvements in pw-stream. * modules - The RAOP module was improved to support auth_setup. - The RAOP module should now handle timing packets better. - Add some more filter-chain examples. - The filter-chain now has a separate config file with the boilerplate settings. The examples are now just config snippets that can be dropped in .conf.d/ directories, such as the filter-chain.conf.d/ one. - Start suggesting to use target.object instead of node.target in docs and examples. * SPA - Use the cosh window again for the resampler. It should now give better resampler quality. - Rework the mixer functions. They were rewritten for higher precision and better performance. Add unit tests and benchmarks. - Improve format conversion for 32bits for avoid errors in clang because of undefined behaviour at extreme ranges. - Fix a bug in audioconvert where it would not consume the right amount of samples when the resampler was disabled. This could cause skipping and hickups. - Fix bug in audioconvert where it would try to convert the input samples multiple times, causing strange artefacts when upmixing. - Be more strict about valid JSON floats. - device.vendor.id and device.product.id should now always show up in 0xXXXX format and should not be converted to floats in pw-dump anymore. - Add triangular dither, add unit tests for noise generation, add some more optimisations. * Bluetooth - HFP and A2DP now expose different routes and thus can have different volumes. - HW Volumes for HFP are now synchronised better. Volume changes from HW buttons are now also saved. - Rebase reduce-meson-dependency.patch. - Add 0001-jack-only-mix-when-we-have-input-to-mix.patch: Fix an Ardour start-up crash. ==== python-html5lib ==== - Remove BuildRequires on mock. ==== selinux-policy ==== Version update (20220624 -> 20220714) Subpackages: selinux-policy-targeted - Update to version 20220714. Refreshed: * fix_init.patch * fix_systemd_watch.patch ==== suse-module-tools ==== Version update (16.0.21 -> 16.0.22) - Update to version 16.0.22: * weak-modules2: only use kernel version under /run/regenerate-initrd (boo#1201387) ==== sysconfig ==== Version update (0.85.8 -> 0.90.0) Subpackages: sysconfig-netconfig - version 0.90.0 - sysconfig: cleanup network and wicked dependencies - ppp: move /etc/ppp/ip-up to libexec directory - spec: move further executables/scripts to /usr - spec: revert to recommend wicked-service on <= 15.4 - spec: install scripts except of ip-up bellow of /usr - spec: drop (sle11) legacy migration and rpm-utils - ifuser: drop the artefact utility on >= 15.5 - netconfig/dns-resolver: remove search limit of 6 domains (bsc#1199093) - netconfig: cleanup /var/run leftovers (bsc#1194557) - netconfig: update ntp man page documentation, fix typos - netconfig: move scripts to a FHS conform libexec ==== wireplumber ==== Subpackages: libwireplumber-0_4-0 wireplumber-audio wireplumber-lang - Add patch to fix crash on session end: * 0001-dbus-fix-crash-when-trying-to-reconnect.patch ==== yast2-services-manager ==== Version update (4.5.0 -> 4.5.1) - Explicitly pull in systemctl for buildtime tests (jsc#SMO-84) - 4.5.1