Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=3&version=Tumbleweed&build=20200317 https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&component=Kubic&query_format=advanced&resolution=--- Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: apparmor (2.13.3 -> 2.13.4) boost-base curl (7.69.0 -> 7.69.1) dracut (049.1+git125.e2b2c9ef -> 049.1+git135.46dceb02) gpg2 installation-images-MicroOS (14.461 -> 14.462) kernel-64kb (5.5.8 -> 5.5.9) kernel-source (5.5.8 -> 5.5.9) kexec-tools kubernetes (1.17.2 -> 1.17.4) libapparmor (2.13.3 -> 2.13.4) libsemanage (2.9 -> 3.0) lvm2 lvm2-device-mapper nfs-utils patterns-microos podman (1.8.0 -> 1.8.1) supportutils (3.1.8 -> 3.1.9) transactional-update === Details === ==== apparmor ==== Version update (2.13.3 -> 2.13.4) Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils perl-apparmor python3-apparmor - update to AppArmor 2.13.4 - several abstraction updates (including boo#1153162) - disallow writing to fontconfig cache in abstractions/fonts - some bugfixes in the aa-* tools - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_2.13.4 for the detailed upstream changelog - drop upstreamed patches: - abstractions-ssl-certbot-paths.diff - apparmor-krb5-conf-d.diff - libapparmor-python3.8.diff - usr-etc-abstractions-authentification.diff - refresh usr-etc-abstractions-authentification.diff ==== boost-base ==== Subpackages: boost-license1_71_0 libboost_thread1_71_0 - Fix packaging errors in cases where python2 is disabled and unavailable. ==== curl ==== Version update (7.69.0 -> 7.69.1) Subpackages: libcurl4 - Update to 7.69.1 * Bugfixes: - ares: store dns parameters for duphandle - cirrus-ci: disable the FreeBSD 13 builds - curl_share_setopt.3: Note sharing cookies doesn't enable the engine - lib1564: reduce number of mid-wait wakeup calls - libssh: Fix matching user-specified MD5 hex key - MANUAL: update a dict-using command line - mime: do not perform more than one read in a row - mime: fix the binary encoder to handle large data properly - mime: latch last read callback status - multi: skip EINTR check on wakeup socket if it was closed - pause: bail out on bad input - pause: force a connection recheck after unpausing (take 2) - pause: return early for calls that don't change pause state - runtests.1: rephrase how to specify what tests to run - runtests: fix missing use of exe_ext helper function - seek: fix fall back for missing ftruncate on Windows - sftp: fix segfault regression introduced by #4747 in 7.69.0 - sha256: Added SecureTransport implementation - sha256: Added WinCrypt implementation - socks4: fix host resolve regression - socks5: host name resolv regression fix - tests/server: fix missing use of exe_ext helper function - tests: fix static ip:port instead of dynamic values being used - tests: make sleeping portable by avoiding select - unit1612: fix the inclusion and compilation of the HMAC unit test - urldata: remove the 'stream_was_rewound' connectdata struct member - version: make curl_version* thread-safe without using global context ==== dracut ==== Version update (049.1+git125.e2b2c9ef -> 049.1+git135.46dceb02) Subpackages: dracut-ima - Update to version 049.1+git135.46dceb02: * 40network: Do not require hostname binary * suse.spec: add new modules 90nvdimm and 99suse-initrd * 95fcoe: default rd.nofcoe to false (bsc#1163343) * Add module "99suse-initrd" for parsing "SUSE INITRD" lines (bsc#1161343) Dependent commits: * Add module "90nvdimm" for NVDIMM support * 90kernel-modules: remove nfit from static module list - Update to version 049.1+git129.0f19bbfd: * 35network-legacy: dhclient is optional (bsc#1166188) * suse.spec: Create -extra package (bsc#1166188) * suse.spec: Remove obsolete permission fixups * 00warpclock: Fix permissions in warpclock.sh ==== gpg2 ==== - Split dirmngr into a subpackage to avoid a hard dependency of gpg2 on libgnutls ==== installation-images-MicroOS ==== Version update (14.461 -> 14.462) - merge gh#openSUSE/installation-images#364 - use u-boot-rpiarm64 if available (bsc#1164080) - 14.462 ==== kernel-64kb ==== Version update (5.5.8 -> 5.5.9) - Linux 5.5.9 (bnc#1012628). - ASoC: intel/skl/hda - export number of digital microphones via control components (bnc#1012628). - block, bfq: get a ref to a group when adding it to a service tree (bnc#1012628). - block, bfq: get extra ref to prevent a queue from being freed during a group move (bnc#1012628). - block, bfq: do not insert oom queue into position tree (bnc#1012628). - dm thin metadata: fix lockdep complaint (bnc#1012628). - net: dsa: bcm_sf2: Forcibly configure IMP port for 1Gb/sec (bnc#1012628). - RDMA/core: Fix pkey and port assignment in get_new_pps (bnc#1012628). - RDMA/core: Fix use of logical OR in get_new_pps (bnc#1012628). - blktrace: fix dereference after null check (bnc#1012628). - netfilter: hashlimit: do not use indirect calls during gc (bnc#1012628). - ALSA: hda: do not override bus codec_mask in link_get() (bnc#1012628). - serial: ar933x_uart: set UART_CS_{RX,TX}_READY_ORIDE (bnc#1012628). - Kernel selftests: tpm2: check for tpm support (bnc#1012628). - selftests: fix too long argument (bnc#1012628). - usb: gadget: composite: Support more than 500mA MaxPower (bnc#1012628). - usb: gadget: ffs: ffs_aio_cancel(): Save/restore IRQ flags (bnc#1012628). - usb: gadget: serial: fix Tx stall after buffer overflow (bnc#1012628). - habanalabs: halt the engines before hard-reset (bnc#1012628). - habanalabs: do not halt CoreSight during hard reset (bnc#1012628). - habanalabs: patched cb equals user cb in device memset (bnc#1012628). - drm/msm/mdp5: rate limit pp done timeout warnings (bnc#1012628). - drm: msm: Fix return type of dsi_mgr_connector_mode_valid for kCFI (bnc#1012628). - drm/modes: Make sure to parse valid rotation value from cmdline (bnc#1012628). - drm/modes: Allow DRM_MODE_ROTATE_0 when applying video mode parameters (bnc#1012628). - scsi: megaraid_sas: silence a warning (bnc#1012628). - drm/msm/dsi: save pll state before dsi host is powered off (bnc#1012628). - drm/msm/dsi/pll: call vco set rate explicitly (bnc#1012628). - selftests: forwarding: use proto icmp for {gretap, ip6gretap}_mac testing (bnc#1012628). - selftests: forwarding: vxlan_bridge_1d: fix tos value (bnc#1012628). - net: atlantic: check rpc result and wait for rpc address (bnc#1012628). - net: atlantic: ptp gpio adjustments (bnc#1012628). - net: ks8851-ml: Remove 8-bit bus accessors (bnc#1012628). - net: ks8851-ml: Fix 16-bit data access (bnc#1012628). - net: ks8851-ml: Fix 16-bit IO operation (bnc#1012628). - net: ethernet: dm9000: Handle -EPROBE_DEFER in dm9000_parse_dt() (bnc#1012628). - watchdog: da9062: do not ping the hw during stop() (bnc#1012628). - s390/cio: cio_ignore_proc_seq_next should increase position index (bnc#1012628). - s390: make 'install' not depend on vmlinux (bnc#1012628). - efi: Only print errors about failing to get certs if EFI vars are found (bnc#1012628). - net/mlx5: DR, Fix matching on vport gvmi (bnc#1012628). - iommu/amd: Disable IOMMU on Stoney Ridge systems (bnc#1012628). - nvme/pci: Add sleep quirk for Samsung and Toshiba drives (bnc#1012628). - nvme-pci: Use single IRQ vector for old Apple models (bnc#1012628). - x86/boot/compressed: Don't declare __force_order in kaslr_64.c (bnc#1012628). - s390/qdio: fill SL with absolute addresses (bnc#1012628). - nvme: Fix uninitialized-variable warning (bnc#1012628). - ice: Don't tell the OS that link is going down (bnc#1012628). - x86/xen: Distribute switch variables for initialization (bnc#1012628). - net: thunderx: workaround BGX TX Underflow issue (bnc#1012628). - csky/mm: Fixup export invalid_pte_table symbol (bnc#1012628). - csky: Set regs->usp to kernel sp, when the exception is from kernel (bnc#1012628). - csky/smp: Fixup boot failed when CONFIG_SMP (bnc#1012628). - csky: Fixup ftrace modify panic (bnc#1012628). - csky: Fixup compile warning for three unimplemented syscalls (bnc#1012628). - arch/csky: fix some Kconfig typos (bnc#1012628). - selftests: forwarding: vxlan_bridge_1d: use more proper tos value (bnc#1012628). - firmware: imx: scu: Ensure sequential TX (bnc#1012628). - binder: prevent UAF for binderfs devices (bnc#1012628). - binder: prevent UAF for binderfs devices II (bnc#1012628). - ALSA: hda/realtek - Add Headset Mic supported (bnc#1012628). - ALSA: hda/realtek - Add Headset Button supported for ThinkPad X1 (bnc#1012628). - ALSA: hda/realtek - Fix a regression for mute led on Lenovo Carbon X1 (bnc#1012628). - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master (bnc#1012628). - ALSA: hda/realtek - Enable the headset of ASUS B9450FA with ALC294 (bnc#1012628). - driver core: Call sync_state() even if supplier has no consumers (bnc#1012628). - cifs: don't leak -EAGAIN for stat() during reconnect (bnc#1012628). - cifs: fix rename() by ensuring source handle opened with DELETE bit (bnc#1012628). - usb: storage: Add quirk for Samsung Fit flash (bnc#1012628). - usb: usb251xb: fix regulator probe and error handling (bnc#1012628). - usb: quirks: add NO_LPM quirk for Logitech Screen Share (bnc#1012628). - usb: dwc3: gadget: Update chain bit correctly when using sg list (bnc#1012628). - usb: cdns3: gadget: link trb should point to next request (bnc#1012628). - usb: cdns3: gadget: toggle cycle bit before reset endpoint (bnc#1012628). - usb: core: hub: fix unhandled return by employing a void function (bnc#1012628). - usb: core: hub: do error out if usb_autopm_get_interface() fails (bnc#1012628). - usb: core: port: do error out if usb_autopm_get_interface() fails (bnc#1012628). - vgacon: Fix a UAF in vgacon_invert_region (bnc#1012628). - mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa (bnc#1012628). - mm: fix possible PMD dirty bit lost in set_pmd_migration_entry() (bnc#1012628). - mm: avoid data corruption on CoW fault into PFN-mapped VMA (bnc#1012628). - mm, hotplug: fix page online with DEBUG_PAGEALLOC compiled but not enabled (bnc#1012628). - fat: fix uninit-memory access for partial initialized inode (bnc#1012628). - btrfs: fix RAID direct I/O reads with alternate csums (bnc#1012628). - arm64: dts: socfpga: agilex: Fix gmac compatible (bnc#1012628). - arm: dts: dra76x: Fix mmc3 max-frequency (bnc#1012628). - phy: allwinner: Fix GENMASK misuse (bnc#1012628). - tty:serial:mvebu-uart:fix a wrong return (bnc#1012628). - tty: serial: fsl_lpuart: free IDs allocated by IDA (bnc#1012628). - serial: 8250_exar: add support for ACCES cards (bnc#1012628). - serdev: Fix detection of UART devices on Apple machines (bnc#1012628). - media: hantro: Fix broken media controller links (bnc#1012628). - media: mc-entity.c: use & to check pad flags, not == (bnc#1012628). - media: vicodec: process all 4 components for RGB32 formats (bnc#1012628). - media: v4l2-mem2mem.c: fix broken links (bnc#1012628). - perf intel-pt: Fix endless record after being terminated (bnc#1012628). - perf intel-bts: Fix endless record after being terminated (bnc#1012628). - perf cs-etm: Fix endless record after being terminated (bnc#1012628). - perf arm-spe: Fix endless record after being terminated (bnc#1012628). - spi: spidev: Fix CS polarity if GPIO descriptors are used (bnc#1012628). - x86/ioperm: Add new paravirt function update_io_bitmap() (bnc#1012628). - x86/pkeys: Manually set X86_FEATURE_OSPKE to preserve existing changes (bnc#1012628). - s390/pci: Fix unexpected write combine on resource (bnc#1012628). - s390/mm: fix panic in gup_fast on large pud (bnc#1012628). - selftests: pidfd: Add pidfd_fdinfo_test in .gitignore (bnc#1012628). - powerpc/mm: Fix missing KUAP disable in flush_coherent_icache() (bnc#1012628). - drm/amdgpu: disable 3D pipe 1 on Navi1x (bnc#1012628). - drm/amd/powerplay: fix pre-check condition for setting clock range (bnc#1012628). - dmaengine: imx-sdma: fix context cache (bnc#1012628). - dmaengine: imx-sdma: Fix the event id check to include RX event for UART6 (bnc#1012628). - dmaengine: tegra-apb: Fix use-after-free (bnc#1012628). - dmaengine: tegra-apb: Prevent race conditions of tasklet vs free list (bnc#1012628). - dm integrity: fix recalculation when moving from journal mode to bitmap mode (bnc#1012628). - dm integrity: fix a deadlock due to offloading to an incorrect workqueue (bnc#1012628). - dm integrity: fix invalid table returned due to argument count mismatch (bnc#1012628). - dm cache: fix a crash due to incorrect work item cancelling (bnc#1012628). - dm: report suspended device during destroy (bnc#1012628). - dm writecache: verify watermark during resume (bnc#1012628). - dm zoned: Fix reference counter initial value of chunk works (bnc#1012628). - dm: fix congested_fn for request-based device (bnc#1012628). - arm64: dts: meson-sm1-sei610: add missing interrupt-names (bnc#1012628). - ARM: dts: ls1021a: Restore MDIO compatible to gianfar (bnc#1012628). - spi: bcm63xx-hsspi: Really keep pll clk enabled (bnc#1012628). - drm/virtio: fix resource id creation race (bnc#1012628). - ASoC: topology: Fix memleak in soc_tplg_link_elems_load() (bnc#1012628). - ASoC: topology: Fix memleak in soc_tplg_manifest_load() (bnc#1012628). - ASoC: SOF: Fix snd_sof_ipc_stream_posn() (bnc#1012628). - ASoC: intel: skl: Fix pin debug prints (bnc#1012628). - ASoC: intel: skl: Fix possible buffer overflow in debug outputs (bnc#1012628). - ASoC: pcm: Fix possible buffer overflow in dpcm state sysfs output (bnc#1012628). - ASoC: pcm512x: Fix unbalanced regulator enable call in probe error path (bnc#1012628). - ASoC: Intel: Skylake: Fix available clock counter incrementation (bnc#1012628). - ASoC: dapm: Correct DAPM handling of active widgets during shutdown (bnc#1012628). - ASoC: soc-component: tidyup snd_soc_pcm_component_sync_stop() (bnc#1012628). - spi: atmel-quadspi: fix possible MMIO window size overrun (bnc#1012628). - drm/panfrost: Don't try to map on error faults (bnc#1012628). - drm/mediatek: Handle component type MTK_DISP_OVL_2L correctly (bnc#1012628). - drm/ttm: fix leaking fences via ttm_buffer_object_transfer (bnc#1012628). - drm: kirin: Revert "Fix for hikey620 display offset problem" (bnc#1012628). - drm/sun4i: Add separate DE3 VI layer formats (bnc#1012628). - drm/sun4i: Fix DE2 VI layer format support (bnc#1012628). - drm/sun4i: de2/de3: Remove unsupported VI layer formats (bnc#1012628). - drm/i915: Program MBUS with rmw during initialization (bnc#1012628). - drm/i915/selftests: Fix return in assert_mmap_offset() (bnc#1012628). - drm/i915/perf: Reintroduce wait on OA configuration completion (bnc#1012628). - phy: mapphone-mdm6600: Fix timeouts by adding wake-up handling (bnc#1012628). - phy: mapphone-mdm6600: Fix write timeouts with shorter GPIO toggle interval (bnc#1012628). - ARM: dts: imx6: phycore-som: fix emmc supply (bnc#1012628). - arm64: dts: imx8qxp-mek: Remove unexisting Ethernet PHY (bnc#1012628). - firmware: imx: misc: Align imx sc msg structs to 4 (bnc#1012628). - firmware: imx: scu-pd: Align imx sc msg structs to 4 (bnc#1012628). - firmware: imx: Align imx_sc_msg_req_cpu_start to 4 (bnc#1012628). - soc: imx-scu: Align imx sc msg structs to 4 (bnc#1012628). - Revert "RDMA/cma: Simplify rdma_resolve_addr() error flow" (bnc#1012628). - RDMA/rw: Fix error flow during RDMA context initialization (bnc#1012628). - RDMA/odp: Ensure the mm is still alive before creating an implicit child (bnc#1012628). - RDMA/nldev: Fix crash when set a QP to a new counter but QPN is missing (bnc#1012628). - RDMA/siw: Fix failure handling during device creation (bnc#1012628). - RDMA/iwcm: Fix iwcm work deallocation (bnc#1012628). - RDMA/core: Fix protection fault in ib_mr_pool_destroy (bnc#1012628). - regulator: stm32-vrefbuf: fix a possible overshoot when re-enabling (bnc#1012628). - regulator: qcom_spmi: Fix docs for PM8004 (bnc#1012628). - RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen() (bnc#1012628). - IB/mlx5: Fix implicit ODP race (bnc#1012628). - IB/hfi1, qib: Ensure RCU is locked when accessing list (bnc#1012628). - ARM: imx: build v7_cpu_resume() unconditionally (bnc#1012628). - ARM: dts: imx7d: fix opp-supported-hw (bnc#1012628). - ARM: dts: am437x-idk-evm: Fix incorrect OPP node names (bnc#1012628). - ARM: dts: dra7xx-clocks: Fixup IPU1 mux clock parent source (bnc#1012628). - ARM: dts: imx7-colibri: Fix frequency for sd/mmc (bnc#1012628). - hwmon: (adt7462) Fix an error return in ADT7462_REG_VOLT() (bnc#1012628). - dma-buf: free dmabuf->name in dma_buf_release() (bnc#1012628). - dmaengine: coh901318: Fix a double lock bug in dma_tc_handle() (bnc#1012628). - sched/fair: Fix statistics for find_idlest_group() (bnc#1012628). - arm64: dts: meson: fix gxm-khadas-vim2 wifi (bnc#1012628). - bus: ti-sysc: Fix 1-wire reset quirk (bnc#1012628). - dt-bindings: arm: fsl: fix APF6Dev compatible (bnc#1012628). - EDAC/synopsys: Do not print an error with back-to-back snprintf() calls (bnc#1012628). - powerpc: fix hardware PMU exception bug on PowerVM compatibility mode systems (bnc#1012628). - efi/x86: Align GUIDs to their size in the mixed mode runtime wrapper (bnc#1012628). - efi/x86: Handle by-ref arguments covering multiple pages in mixed mode (bnc#1012628). - efi: READ_ONCE rng seed size before munmap (bnc#1012628). - net: stmmac: fix notifier registration (bnc#1012628). - block, bfq: remove ifdefs from around gets/puts of bfq groups (bnc#1012628). - csky: Implement copy_thread_tls (bnc#1012628). - commit 70a6377 - vt: selection, push sel_lock up (bnc#1162928 CVE-2020-8648). - vt: selection, push console lock down (bnc#1162928 CVE-2020-8648). - commit 1538c30 - Refresh patches.suse/vt-selection-close-sel_buffer-race.patch. Update upstream status. - commit e2b9350 ==== kernel-source ==== Version update (5.5.8 -> 5.5.9) - Linux 5.5.9 (bnc#1012628). - ASoC: intel/skl/hda - export number of digital microphones via control components (bnc#1012628). - block, bfq: get a ref to a group when adding it to a service tree (bnc#1012628). - block, bfq: get extra ref to prevent a queue from being freed during a group move (bnc#1012628). - block, bfq: do not insert oom queue into position tree (bnc#1012628). - dm thin metadata: fix lockdep complaint (bnc#1012628). - net: dsa: bcm_sf2: Forcibly configure IMP port for 1Gb/sec (bnc#1012628). - RDMA/core: Fix pkey and port assignment in get_new_pps (bnc#1012628). - RDMA/core: Fix use of logical OR in get_new_pps (bnc#1012628). - blktrace: fix dereference after null check (bnc#1012628). - netfilter: hashlimit: do not use indirect calls during gc (bnc#1012628). - ALSA: hda: do not override bus codec_mask in link_get() (bnc#1012628). - serial: ar933x_uart: set UART_CS_{RX,TX}_READY_ORIDE (bnc#1012628). - Kernel selftests: tpm2: check for tpm support (bnc#1012628). - selftests: fix too long argument (bnc#1012628). - usb: gadget: composite: Support more than 500mA MaxPower (bnc#1012628). - usb: gadget: ffs: ffs_aio_cancel(): Save/restore IRQ flags (bnc#1012628). - usb: gadget: serial: fix Tx stall after buffer overflow (bnc#1012628). - habanalabs: halt the engines before hard-reset (bnc#1012628). - habanalabs: do not halt CoreSight during hard reset (bnc#1012628). - habanalabs: patched cb equals user cb in device memset (bnc#1012628). - drm/msm/mdp5: rate limit pp done timeout warnings (bnc#1012628). - drm: msm: Fix return type of dsi_mgr_connector_mode_valid for kCFI (bnc#1012628). - drm/modes: Make sure to parse valid rotation value from cmdline (bnc#1012628). - drm/modes: Allow DRM_MODE_ROTATE_0 when applying video mode parameters (bnc#1012628). - scsi: megaraid_sas: silence a warning (bnc#1012628). - drm/msm/dsi: save pll state before dsi host is powered off (bnc#1012628). - drm/msm/dsi/pll: call vco set rate explicitly (bnc#1012628). - selftests: forwarding: use proto icmp for {gretap, ip6gretap}_mac testing (bnc#1012628). - selftests: forwarding: vxlan_bridge_1d: fix tos value (bnc#1012628). - net: atlantic: check rpc result and wait for rpc address (bnc#1012628). - net: atlantic: ptp gpio adjustments (bnc#1012628). - net: ks8851-ml: Remove 8-bit bus accessors (bnc#1012628). - net: ks8851-ml: Fix 16-bit data access (bnc#1012628). - net: ks8851-ml: Fix 16-bit IO operation (bnc#1012628). - net: ethernet: dm9000: Handle -EPROBE_DEFER in dm9000_parse_dt() (bnc#1012628). - watchdog: da9062: do not ping the hw during stop() (bnc#1012628). - s390/cio: cio_ignore_proc_seq_next should increase position index (bnc#1012628). - s390: make 'install' not depend on vmlinux (bnc#1012628). - efi: Only print errors about failing to get certs if EFI vars are found (bnc#1012628). - net/mlx5: DR, Fix matching on vport gvmi (bnc#1012628). - iommu/amd: Disable IOMMU on Stoney Ridge systems (bnc#1012628). - nvme/pci: Add sleep quirk for Samsung and Toshiba drives (bnc#1012628). - nvme-pci: Use single IRQ vector for old Apple models (bnc#1012628). - x86/boot/compressed: Don't declare __force_order in kaslr_64.c (bnc#1012628). - s390/qdio: fill SL with absolute addresses (bnc#1012628). - nvme: Fix uninitialized-variable warning (bnc#1012628). - ice: Don't tell the OS that link is going down (bnc#1012628). - x86/xen: Distribute switch variables for initialization (bnc#1012628). - net: thunderx: workaround BGX TX Underflow issue (bnc#1012628). - csky/mm: Fixup export invalid_pte_table symbol (bnc#1012628). - csky: Set regs->usp to kernel sp, when the exception is from kernel (bnc#1012628). - csky/smp: Fixup boot failed when CONFIG_SMP (bnc#1012628). - csky: Fixup ftrace modify panic (bnc#1012628). - csky: Fixup compile warning for three unimplemented syscalls (bnc#1012628). - arch/csky: fix some Kconfig typos (bnc#1012628). - selftests: forwarding: vxlan_bridge_1d: use more proper tos value (bnc#1012628). - firmware: imx: scu: Ensure sequential TX (bnc#1012628). - binder: prevent UAF for binderfs devices (bnc#1012628). - binder: prevent UAF for binderfs devices II (bnc#1012628). - ALSA: hda/realtek - Add Headset Mic supported (bnc#1012628). - ALSA: hda/realtek - Add Headset Button supported for ThinkPad X1 (bnc#1012628). - ALSA: hda/realtek - Fix a regression for mute led on Lenovo Carbon X1 (bnc#1012628). - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master (bnc#1012628). - ALSA: hda/realtek - Enable the headset of ASUS B9450FA with ALC294 (bnc#1012628). - driver core: Call sync_state() even if supplier has no consumers (bnc#1012628). - cifs: don't leak -EAGAIN for stat() during reconnect (bnc#1012628). - cifs: fix rename() by ensuring source handle opened with DELETE bit (bnc#1012628). - usb: storage: Add quirk for Samsung Fit flash (bnc#1012628). - usb: usb251xb: fix regulator probe and error handling (bnc#1012628). - usb: quirks: add NO_LPM quirk for Logitech Screen Share (bnc#1012628). - usb: dwc3: gadget: Update chain bit correctly when using sg list (bnc#1012628). - usb: cdns3: gadget: link trb should point to next request (bnc#1012628). - usb: cdns3: gadget: toggle cycle bit before reset endpoint (bnc#1012628). - usb: core: hub: fix unhandled return by employing a void function (bnc#1012628). - usb: core: hub: do error out if usb_autopm_get_interface() fails (bnc#1012628). - usb: core: port: do error out if usb_autopm_get_interface() fails (bnc#1012628). - vgacon: Fix a UAF in vgacon_invert_region (bnc#1012628). - mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa (bnc#1012628). - mm: fix possible PMD dirty bit lost in set_pmd_migration_entry() (bnc#1012628). - mm: avoid data corruption on CoW fault into PFN-mapped VMA (bnc#1012628). - mm, hotplug: fix page online with DEBUG_PAGEALLOC compiled but not enabled (bnc#1012628). - fat: fix uninit-memory access for partial initialized inode (bnc#1012628). - btrfs: fix RAID direct I/O reads with alternate csums (bnc#1012628). - arm64: dts: socfpga: agilex: Fix gmac compatible (bnc#1012628). - arm: dts: dra76x: Fix mmc3 max-frequency (bnc#1012628). - phy: allwinner: Fix GENMASK misuse (bnc#1012628). - tty:serial:mvebu-uart:fix a wrong return (bnc#1012628). - tty: serial: fsl_lpuart: free IDs allocated by IDA (bnc#1012628). - serial: 8250_exar: add support for ACCES cards (bnc#1012628). - serdev: Fix detection of UART devices on Apple machines (bnc#1012628). - media: hantro: Fix broken media controller links (bnc#1012628). - media: mc-entity.c: use & to check pad flags, not == (bnc#1012628). - media: vicodec: process all 4 components for RGB32 formats (bnc#1012628). - media: v4l2-mem2mem.c: fix broken links (bnc#1012628). - perf intel-pt: Fix endless record after being terminated (bnc#1012628). - perf intel-bts: Fix endless record after being terminated (bnc#1012628). - perf cs-etm: Fix endless record after being terminated (bnc#1012628). - perf arm-spe: Fix endless record after being terminated (bnc#1012628). - spi: spidev: Fix CS polarity if GPIO descriptors are used (bnc#1012628). - x86/ioperm: Add new paravirt function update_io_bitmap() (bnc#1012628). - x86/pkeys: Manually set X86_FEATURE_OSPKE to preserve existing changes (bnc#1012628). - s390/pci: Fix unexpected write combine on resource (bnc#1012628). - s390/mm: fix panic in gup_fast on large pud (bnc#1012628). - selftests: pidfd: Add pidfd_fdinfo_test in .gitignore (bnc#1012628). - powerpc/mm: Fix missing KUAP disable in flush_coherent_icache() (bnc#1012628). - drm/amdgpu: disable 3D pipe 1 on Navi1x (bnc#1012628). - drm/amd/powerplay: fix pre-check condition for setting clock range (bnc#1012628). - dmaengine: imx-sdma: fix context cache (bnc#1012628). - dmaengine: imx-sdma: Fix the event id check to include RX event for UART6 (bnc#1012628). - dmaengine: tegra-apb: Fix use-after-free (bnc#1012628). - dmaengine: tegra-apb: Prevent race conditions of tasklet vs free list (bnc#1012628). - dm integrity: fix recalculation when moving from journal mode to bitmap mode (bnc#1012628). - dm integrity: fix a deadlock due to offloading to an incorrect workqueue (bnc#1012628). - dm integrity: fix invalid table returned due to argument count mismatch (bnc#1012628). - dm cache: fix a crash due to incorrect work item cancelling (bnc#1012628). - dm: report suspended device during destroy (bnc#1012628). - dm writecache: verify watermark during resume (bnc#1012628). - dm zoned: Fix reference counter initial value of chunk works (bnc#1012628). - dm: fix congested_fn for request-based device (bnc#1012628). - arm64: dts: meson-sm1-sei610: add missing interrupt-names (bnc#1012628). - ARM: dts: ls1021a: Restore MDIO compatible to gianfar (bnc#1012628). - spi: bcm63xx-hsspi: Really keep pll clk enabled (bnc#1012628). - drm/virtio: fix resource id creation race (bnc#1012628). - ASoC: topology: Fix memleak in soc_tplg_link_elems_load() (bnc#1012628). - ASoC: topology: Fix memleak in soc_tplg_manifest_load() (bnc#1012628). - ASoC: SOF: Fix snd_sof_ipc_stream_posn() (bnc#1012628). - ASoC: intel: skl: Fix pin debug prints (bnc#1012628). - ASoC: intel: skl: Fix possible buffer overflow in debug outputs (bnc#1012628). - ASoC: pcm: Fix possible buffer overflow in dpcm state sysfs output (bnc#1012628). - ASoC: pcm512x: Fix unbalanced regulator enable call in probe error path (bnc#1012628). - ASoC: Intel: Skylake: Fix available clock counter incrementation (bnc#1012628). - ASoC: dapm: Correct DAPM handling of active widgets during shutdown (bnc#1012628). - ASoC: soc-component: tidyup snd_soc_pcm_component_sync_stop() (bnc#1012628). - spi: atmel-quadspi: fix possible MMIO window size overrun (bnc#1012628). - drm/panfrost: Don't try to map on error faults (bnc#1012628). - drm/mediatek: Handle component type MTK_DISP_OVL_2L correctly (bnc#1012628). - drm/ttm: fix leaking fences via ttm_buffer_object_transfer (bnc#1012628). - drm: kirin: Revert "Fix for hikey620 display offset problem" (bnc#1012628). - drm/sun4i: Add separate DE3 VI layer formats (bnc#1012628). - drm/sun4i: Fix DE2 VI layer format support (bnc#1012628). - drm/sun4i: de2/de3: Remove unsupported VI layer formats (bnc#1012628). - drm/i915: Program MBUS with rmw during initialization (bnc#1012628). - drm/i915/selftests: Fix return in assert_mmap_offset() (bnc#1012628). - drm/i915/perf: Reintroduce wait on OA configuration completion (bnc#1012628). - phy: mapphone-mdm6600: Fix timeouts by adding wake-up handling (bnc#1012628). - phy: mapphone-mdm6600: Fix write timeouts with shorter GPIO toggle interval (bnc#1012628). - ARM: dts: imx6: phycore-som: fix emmc supply (bnc#1012628). - arm64: dts: imx8qxp-mek: Remove unexisting Ethernet PHY (bnc#1012628). - firmware: imx: misc: Align imx sc msg structs to 4 (bnc#1012628). - firmware: imx: scu-pd: Align imx sc msg structs to 4 (bnc#1012628). - firmware: imx: Align imx_sc_msg_req_cpu_start to 4 (bnc#1012628). - soc: imx-scu: Align imx sc msg structs to 4 (bnc#1012628). - Revert "RDMA/cma: Simplify rdma_resolve_addr() error flow" (bnc#1012628). - RDMA/rw: Fix error flow during RDMA context initialization (bnc#1012628). - RDMA/odp: Ensure the mm is still alive before creating an implicit child (bnc#1012628). - RDMA/nldev: Fix crash when set a QP to a new counter but QPN is missing (bnc#1012628). - RDMA/siw: Fix failure handling during device creation (bnc#1012628). - RDMA/iwcm: Fix iwcm work deallocation (bnc#1012628). - RDMA/core: Fix protection fault in ib_mr_pool_destroy (bnc#1012628). - regulator: stm32-vrefbuf: fix a possible overshoot when re-enabling (bnc#1012628). - regulator: qcom_spmi: Fix docs for PM8004 (bnc#1012628). - RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen() (bnc#1012628). - IB/mlx5: Fix implicit ODP race (bnc#1012628). - IB/hfi1, qib: Ensure RCU is locked when accessing list (bnc#1012628). - ARM: imx: build v7_cpu_resume() unconditionally (bnc#1012628). - ARM: dts: imx7d: fix opp-supported-hw (bnc#1012628). - ARM: dts: am437x-idk-evm: Fix incorrect OPP node names (bnc#1012628). - ARM: dts: dra7xx-clocks: Fixup IPU1 mux clock parent source (bnc#1012628). - ARM: dts: imx7-colibri: Fix frequency for sd/mmc (bnc#1012628). - hwmon: (adt7462) Fix an error return in ADT7462_REG_VOLT() (bnc#1012628). - dma-buf: free dmabuf->name in dma_buf_release() (bnc#1012628). - dmaengine: coh901318: Fix a double lock bug in dma_tc_handle() (bnc#1012628). - sched/fair: Fix statistics for find_idlest_group() (bnc#1012628). - arm64: dts: meson: fix gxm-khadas-vim2 wifi (bnc#1012628). - bus: ti-sysc: Fix 1-wire reset quirk (bnc#1012628). - dt-bindings: arm: fsl: fix APF6Dev compatible (bnc#1012628). - EDAC/synopsys: Do not print an error with back-to-back snprintf() calls (bnc#1012628). - powerpc: fix hardware PMU exception bug on PowerVM compatibility mode systems (bnc#1012628). - efi/x86: Align GUIDs to their size in the mixed mode runtime wrapper (bnc#1012628). - efi/x86: Handle by-ref arguments covering multiple pages in mixed mode (bnc#1012628). - efi: READ_ONCE rng seed size before munmap (bnc#1012628). - net: stmmac: fix notifier registration (bnc#1012628). - block, bfq: remove ifdefs from around gets/puts of bfq groups (bnc#1012628). - csky: Implement copy_thread_tls (bnc#1012628). - commit 70a6377 - vt: selection, push sel_lock up (bnc#1162928 CVE-2020-8648). - vt: selection, push console lock down (bnc#1162928 CVE-2020-8648). - commit 1538c30 - Refresh patches.suse/vt-selection-close-sel_buffer-race.patch. Update upstream status. - commit e2b9350 ==== kexec-tools ==== - kexec-tools-reset-getopt-before-falling-back-to-legacy.patch: Reset getopt before falling back to legacy syscall (bsc#1166105). - kexec-tools-fix-kexec_file_load-error-handling.patch: Fix the error handling if kexec_file_load() fails (bsc#1166105). ==== kubernetes ==== Version update (1.17.2 -> 1.17.4) Subpackages: kubernetes-client kubernetes-kubeadm - Update to version 1.17.4: * Removing kubectl get output e2e test * Adding a temporary fix for kubectl get output e2e test * /readyz should start returning failure on shutdown initiation * test: don't use hardcoded pod count for memory limit test * Fixed in the GCE/PD in-tree volume logic to expose the max number of persistent-disks for each instance type correctly. * Honor status.podIP over status.podIPs, node.spec.podCIDR over node.spec.podCIDRs * fix: corrupted mount point in csi driver * fix: azure file mount timeout issue * fix behaviour of aws-load-balancer-security-groups annotation * fix: add remediation in azure disk attach/detach * Update to golang@1.13.8 * build: Enable kube-cross push/pull from K8s Infra GCR * build: Add justaugustus as reviewer * build: Add OWNERS on build-image/ * fix get-kube authorization headers * update golang.org/x/crypto * kube-proxy filter Load Balancer Status ingress * kube-proxy unit test FilterIncorrectIPVersion * add delays between goroutines for vm instance update * Updated test cos image to include runc-1.0.0-rc10 * Fix gce-cos-master-reboot test * Fix route conflicted operations when updating multiple routes together * fix: get azure disk lun timeout issue * Set up connection onClose prior to adding to connection map * fix: add azure disk migration support for CSINode * Add annotation annealing for migration for PVs and PVCs during syncVolume and syncClaim. This allows external-provisioners to pick up and delete volumes when they have been rolled up from previous kubernetes versions. * Update CHANGELOG/CHANGELOG-1.17.md for v1.17.3 * Limit number of instances in single update to GCE target pool * Enable selinux tags in make targets - Introduce new packaging structure for smoother rolling upgrades [boo#1161289] - kubelet.sh replaces /usr/bin/kubelet for selecting correct version of kubelet - sysconfig.kubelet-kubernetes adds new KUBELET_VER sysconfig variable for defining new version of kubelet - Update to version 1.17.3: * Add code to fix kubelet/metrics memory issue. * Remove Error log for nil StartTime * CHANGELOG: Move changelogs into a subdir to delegate releng approvals * Fix pending_pods, schedule_attempts_total was not recorded * Fixing Potential Race Condition in EndpointSlice Controller. * Restore statefulset conversion that populates apiVersion/kind in volume templates * Use standard default storage media type in local-up-cluster * changelog: clarify 1.17 upgrade requirements * Fix back off when scheduling cycle is delayed * blank out value for unbounded client label * update gopkg.in/yaml.v2 to v2.2.8 * set nil cache entry based on old cache * Revert "It fixes a bug where AAD token obtained by kubectl is incompatible with on-behalf-of flow and oidc." * Fix issue with GCE scripts assuming Python2. * Add/Update CHANGELOG-1.17.md for v1.17.2. * Update to golang@1.13.6 * Fix the bug PIP's DNS is deleted if no DNS label service annotation is set. * kubenet: replace gateway with cni result * Fixes unnecessary creation of default SG and trying to delete non-provisioned SG by k8s system when annotation [service.beta.kubernetes.io/aws-load-balancer-security-groups] is present * Ensure a provider ID is set on a node if expected * Bind metrics-server containers to linux nodes to avoid Windows scheduling on kubernetes cluster includes linux nodes and windows nodes ==== libapparmor ==== Version update (2.13.3 -> 2.13.4) - update to AppArmor 2.13.4 - fix log parsing for logs with an embedded newline - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_2.13.4 for the detailed upstream changelog ==== libsemanage ==== Version update (2.9 -> 3.0) - Update to version 3.0 * Add support for DCCP and SCTP protocols * include internal header to use the hidden function prototypes * mark all exported function "extern" * optionally optimize policy on rebuild Refreshed suse_path.patch ==== lvm2 ==== Subpackages: liblvm2cmd2_03 - fix patch name typo - bug-1158628-04-pvmove-correcting-read_ahead-setting.patch + bug-1158628_04-pvmove-correcting-read_ahead-setting.patch ==== lvm2-device-mapper ==== Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03 - fix patch name typo - bug-1158628-04-pvmove-correcting-read_ahead-setting.patch + bug-1158628_04-pvmove-correcting-read_ahead-setting.patch ==== nfs-utils ==== Subpackages: libnfsidmap1 nfs-client - statd-user.conf: create user via sysusers.d template - Use ordering for systemd instead of hard requires ==== patterns-microos ==== Subpackages: patterns-microos-apparmor patterns-microos-base patterns-microos-basesystem patterns-microos-cloud patterns-microos-defaults patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-sssd_ldap - Drop NetworkManager-applet Requires: We do not need this at all inside gnome-shell, we have had built-in tools for a long time. ==== podman ==== Version update (1.8.0 -> 1.8.1) Subpackages: podman-cni-config - Update podman to v1.8.1: * Features - Many networking-related flags have been added to podman pod create to enable customization of pod networks, including - -add-host, --dns, --dns-opt, --dns-search, --ip, - -mac-address, --network, and --no-hosts - The podman ps --format=json command now includes the ID of the image containers were created with - The podman run and podman create commands now feature an - -rmi flag to remove the image the container was using after it exits (if no other containers are using said image) ([#4628](https://github.com/containers/libpod/issues/4628)) - The podman create and podman run commands now support the - -device-cgroup-rule flag (#4876) - While the HTTP API remains in alpha, many fixes and additions have landed. These are documented in a separate subsection below - The podman create and podman run commands now feature a - -no-healthcheck flag to disable healthchecks for a container (#5299) - Containers now recognize the io.containers.capabilities label, which specifies a list of capabilities required by the image to run. These capabilities will be used as long as they are more restrictive than the default capabilities used - YAML produced by the podman generate kube command now includes SELinux configuration passed into the container via - -security-opt label=... (#4950) * Bugfixes - Fixed CVE-2020-1726, a security issue where volumes manually populated before first being mounted into a container could have those contents overwritten on first being mounted into a container - Fixed a bug where Podman containers with user namespaces in CNI networks with the DNS plugin enabled would not have the DNS plugin's nameserver added to their resolv.conf ([#5256](https://github.com/containers/libpod/issues/5256)) - Fixed a bug where trailing / characters in image volume definitions could cause them to not be overridden by a user-specified mount at the same location ([#5219](https://github.com/containers/libpod/issues/5219)) - Fixed a bug where the label option in libpod.conf, used to disable SELinux by default, was not being respected (#5087) - Fixed a bug where the podman login and podman logout commands required the registry to log into be specified (#5146) - Fixed a bug where detached rootless Podman containers could not forward ports (#5167) - Fixed a bug where rootless Podman could fail to run if the pause process had died - Fixed a bug where Podman ignored labels that were specified with only a key and no value (#3854) - Fixed a bug where Podman would fail to create named volumes when the backing filesystem did not support SELinux labelling (#5200) - Fixed a bug where --detach-keys="" would not disable detaching from a container (#5166) - Fixed a bug where the podman ps command was too aggressive when filtering containers and would force --all on in too many situations - Fixed a bug where the podman play kube command was ignoring image configuration, including volumes, working directory, labels, and stop signal (#5174) - Fixed a bug where the Created and CreatedTime fields in podman images --format=json were misnamed, which also broke Go template output for those fields ([#5110](https://github.com/containers/libpod/issues/5110)) - Fixed a bug where rootless Podman containers with ports forwarded could hang when started (#5182) - Fixed a bug where podman pull could fail to parse registry names including port numbers - Fixed a bug where Podman would incorrectly attempt to validate image OS and architecture when starting containers - Fixed a bug where Bash completion for podman build -f would not list available files that could be built (#3878) - Fixed a bug where podman commit --change would perform incorrect validation, resulting in valid changes being rejected (#5148) - Fixed a bug where podman logs --tail could take large amounts of memory when the log file for a container was large (#5131) - Fixed a bug where Podman would sometimes incorrectly generate firewall rules on systems using firewalld - Fixed a bug where the podman inspect command would not display network information for containers properly if a container joined multiple CNI networks ([#4907](https://github.com/containers/libpod/issues/4907)) - Fixed a bug where the --uts flag to podman create and podman run would only allow specifying containers by full ID (#5289) - Fixed a bug where rootless Podman could segfault when passed a large number of file descriptors - Fixed a bug where the podman port command was incorrectly interpreting additional arguments as container names, instead of port numbers - Fixed a bug where units created by podman generate systemd did not depend on network targets, and so could start before the system network was ready (#4130) - Fixed a bug where exec sessions in containers which did not specify a user would not inherit supplemental groups added to the container via --group-add - Fixed a bug where Podman would not respect the $TMPDIR environment variable for placing large temporary files during some operations (e.g. podman pull) ([#5411](https://github.com/containers/libpod/issues/5411)) * HTTP API - Initial support for secure connections to servers via SSH tunneling has been added - Initial support for the libpod create and logs endpoints for containers has been added - Added a /swagger/ endpoint to serve API documentation - The json endpoint for containers has received many fixes - Filtering images and containers has been greatly improved, with many bugs fixed and documentation improved - Image creation endpoints (commit, pull, etc) have seen many fixes - Server timeout has been fixed so that long operations will no longer trigger the timeout and shut the server down - The stats endpoint for containers has seen major fixes and now provides accurate output - Handling the HTTP 304 status code has been fixed for all endpoints - Many fixes have been made to API documentation to ensure it matches the code * Misc - Updated vendored Buildah to v1.14.2 - Updated vendored containers/storage to v1.16.2 - The Created field to podman images --format=json has been renamed to CreatedSince as part of the fix for (#5110). Go templates using the old name shou ld still work - The CreatedTime field to podman images --format=json has been renamed to CreatedAt as part of the fix for (#5110). Go templates using the old name should still work - The before filter to podman images has been renamed to since for Docker compatibility. Using before will still work, but documentation has been changed to use the new since filter - Using the --password flag to podman login now warns that passwords are being passed in plaintext - Some common cases where Podman would deadlock have been fixed to warn the user that podman system renumber must be run to resolve the deadlock ==== supportutils ==== Version update (3.1.8 -> 3.1.9) - Addition to version 3.1.9 + Changes affecting getappcore - Added core file validation (bsc#1166126) - Added -j <PID> to extract core from systemd journal - Capture coredumptctl info in getappcore.log + Changed filename prefixes from nts_ to scc_ (SLE-8702, SLE-6762) - The new prefix references SUSE Customer Center ==== transactional-update ==== Subpackages: transactional-update-zypp-config - Add dependencies to btrfsprogs, zypper and snapper - most of the functionality is not usable if those applications are not installed. [boo#1166502] -- To unsubscribe, e-mail: opensuse-kubic+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kubic+owner@opensuse.org