Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=3&version=Tu... https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&comp... Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: apparmor cockpit (250 -> 251.3) ethtool (5.15 -> 5.16) fcoe-utils fontconfig glib2 (2.70.2 -> 2.70.3) graphite2 installation-images-MicroOS (17.38 -> 17.39) iputils kernel-source (5.16.1 -> 5.16.2) keylime (6.2.1 -> 6.3.0) libapparmor polkit procps python-py (1.10.0 -> 1.11.0) qemu raspberrypi-firmware (2021.12.01 -> 2022.01.24) raspberrypi-firmware-config (2021.12.01 -> 2022.01.24) raspberrypi-firmware-dt (2021.11.19 -> 2022.01.19) salt (3003.3 -> 3004) selinux-policy (20211111 -> 20220124) snapper (0.9.0 -> 0.9.1) suse-module-tools (16.0.18 -> 16.0.19) toolbox u-boot-rpiarm64 userspace-rcu (0.13.0 -> 0.13.1) util-linux (2.37.2 -> 2.37.3) vim (8.2.4063 -> 8.2.4186) wpa_supplicant (2.9 -> 2.10) yast2 (4.4.39 -> 4.4.43) === Details === ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor - add ruby-3.1-build-fix.diff: fix build with ruby 3.1 (boo#1194221, MR 827) ==== cockpit ==== Version update (250 -> 251.3) Subpackages: cockpit-bridge cockpit-packagekit cockpit-system - new version 251.3 * https://cockpit-project.org/blog/cockpit-251.html with additional fixes * Fix "Administrative Access" prompt for "Duo" MFA ==== ethtool ==== Version update (5.15 -> 5.16) - update to upstream release 5.16 * Feature: use memory maps for module EEPROM parsing (-m) * Feature: show CMIS diagnostic information (-m) * Fix: fix dumping advertised FEC modes (--show-fec) * Fix: ignore cable test notifications from other devices (--cable-test) * Fix: do not show duplicate options in help text (--help) ==== fcoe-utils ==== - Added upstream commit to fix gcc12 warning/errors: * fcoe-utils-Fix-GCC-12-warning.patch ==== fontconfig ==== Subpackages: libfontconfig1 - adding bug reference to this changelog [bsc#1172301] ==== glib2 ==== Version update (2.70.2 -> 2.70.3) Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 - Update to version 2.70.3: + Several important fixes to FD handling in gspawn. + Several important fixes to GDBus message and GVariant parsing of invalid data. + Fix potential data loss due to missing fsync when saving files on btrfs. + Bugs fixed: glgo#GNOME/GLib#2503, glgo#GNOME/GLib#2506, glgo#GNOME/GLib#2557, glgo#GNOME/GLib#2572, glgo#GNOME/GLib#2580, glgo#GNOME/GLib!2394, glgo#GNOME/GLib!2415, glgo#GNOME/GLib!2437, glgo#GNOME/GLib!2444, glgo#GNOME/GLib!2455. + Updated translations. ==== graphite2 ==== - Fix license header so that it corresponds to SPDX abbreviation ==== installation-images-MicroOS ==== Version update (17.38 -> 17.39) - merge gh#openSUSE/installation-images#571 - use for build proper schema flavor (jsc#SLE-18820) - 17.39 ==== iputils ==== - temporarily reintroduce rarpd and rdisc tools to get them into 15sp4 [jsc#SLE-23521] ==== kernel-source ==== Version update (5.16.1 -> 5.16.2) - Update patches.kernel.org/5.16.2-005-vfs-fs_context-fix-up-param-length-parsing-in-.patch (bsc#1012628 CVE-2022-0185 bsc#1194517). Add CVE reference. - commit 0d710a8 - s390/mm: fix 2KB pgtable release race (bsc#1188896). - commit 6f62d73 - HID: wacom: Avoid using stale array indicies to read contact count (bsc#1194667). - HID: wacom: Ignore the confidence flag when a touch is removed (bsc#1194667). - HID: wacom: Reset expected and received contact counts at the same time (bsc#1194667). - commit 07a970c - Linux 5.16.2 (bsc#1012628). - ALSA: hda/realtek: Re-order quirk entries for Lenovo (bsc#1012628). - ALSA: hda/realtek: Add quirk for Legion Y9000X 2020 (bsc#1012628). - ALSA: hda/tegra: Fix Tegra194 HDA reset failure (bsc#1012628). - ALSA: hda: ALC287: Add Lenovo IdeaPad Slim 9i 14ITL5 speaker quirk (bsc#1012628). - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after reboot from Windows (bsc#1012628). - ALSA: hda/realtek: Use ALC285_FIXUP_HP_GPIO_LED on another HP laptop (bsc#1012628). - ALSA: hda/realtek: Add speaker fixup for some Yoga 15ITL5 devices (bsc#1012628). - perf annotate: Avoid TUI crash when navigating in the annotation of recursive functions (bsc#1012628). - firmware: qemu_fw_cfg: fix kobject leak in probe error path (bsc#1012628). - firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries (bsc#1012628). - firmware: qemu_fw_cfg: fix sysfs information leak (bsc#1012628). - rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled (bsc#1012628). - media: uvcvideo: fix division by zero at stream start (bsc#1012628). - video: vga16fb: Only probe for EGA and VGA 16 color graphic cards (bsc#1012628). - 9p: fix enodata when reading growing file (bsc#1012628). - 9p: only copy valid iattrs in 9P2000.L setattr implementation (bsc#1012628). - NFSD: Fix zero-length NFSv3 WRITEs (bsc#1012628). - remoteproc: qcom: pas: Add missing power-domain "mxc" for CDSP (bsc#1012628). - KVM: s390: Clarify SIGP orders versus STOP/RESTART (bsc#1012628). - KVM: x86: don't print when fail to read/write pv eoi memory (bsc#1012628). - KVM: x86: Register Processor Trace interrupt hook iff PT enabled in guest (bsc#1012628). - KVM: x86: Register perf callbacks after calling vendor's hardware_setup() (bsc#1012628). - perf: Protect perf_guest_cbs with RCU (bsc#1012628). - vfs: fs_context: fix up param length parsing in legacy_parse_param (bsc#1012628). - remoteproc: qcom: pil_info: Don't memcpy_toio more than is provided (bsc#1012628). - orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() (bsc#1012628). - drm/amd/display: explicitly set is_dsc_supported to false before use (bsc#1012628). - devtmpfs regression fix: reconfigure on each mount (bsc#1012628). - commit 6fa29ec - kernel-binary.spec: Do not use the default certificate path (bsc#1194943). Using the the default path is broken since Linux 5.17 - commit 68b36f0 - disable the Bluetooth patch again The kernel is currently tested whether the patch is needed at all. As 95655456e7ce in upstream might fix the issue too (but differently). - commit c3bbaae - series.conf: cleanup - move mainline patches into sorted section: - patches.suse/mwifiex-Fix-skb_over_panic-in-mwifiex_usb_recv.patch - patches.suse/0001-usb-Add-Xen-pvUSB-protocol-description.patch - patches.suse/0002-usb-Introduce-Xen-pvUSB-frontend-xen-hcd.patch - update upstream references and move into sorted section: - patches.suse/ALSA-usb-audio-Add-minimal-mute-notion-in-dB-mapping.patch - patches.suse/ALSA-usb-audio-Fix-dB-level-of-Bose-Revolve-SoundLin.patch - patches.suse/ALSA-usb-audio-Use-int-for-dB-map-values.patch No effect on expanded tree. - commit 607f978 - Refresh and reenable patches.suse/Bluetooth-Apply-initial-command-workaround-for-more-.patch. - commit a7b7c0d - series.conf: Add sorted section header/footer Even though we don't carry many patches in the stable or master branches, having the sorted section header/footer allows the automated tools to work. - commit 05f8150 ==== keylime ==== Version update (6.2.1 -> 6.3.0) Subpackages: keylime-agent keylime-config keylime-firewalld keylime-registrar keylime-tpm_cert_store keylime-verifier python38-keylime - Drop patches beacuse merged upstream: * 0001-Drop-dataclasses-module-usage.patch * 0001-config-support-merge-multiple-config-files.patch * 0001-ca-support-back-old-cyptography-API.patch - Update to version v6.3.0: * Coordinated update to fix: + bsc#1193997 (CVE-2022-23948) + bsc#1193998 (CVE-2021-43310) + bsc#1194000 (CVE-2022-23949) + bsc#1194002 (CVE-2022-23950) + bsc#1194004 (CVE-2022-23951) + bsc#1194005 (CVE-2022-23952) * secure_mount: add umount function * secure_mount: use /proc/self/mountinfo * Validate user ID in all public interfaces * validators: add uuid and agent_id validators * validators: create validators module * revocation_notifier: move zmq socket to /var/run/keylime * Update API version from 1.0 to 2.0 * tpm: do not compress quote with zlib by default * verifier: persist AK and mTLS certificate to DB * verifier: use "supported_version" for agent connections * tenant: add support for "supported_version" option for the verifier * api_version: add the option for basic validation * verifier: add supported_version field to DB and API * agent: add /version to REST API * verifier, tenant: allow agents to not use mTLS * tenant, verifier: allow manual configuration of agent mTLS * tests: migrate to mTLS * tenant: connect to the agent via mTLS * verifier: connect to the agent via mTLS * tornado_requests: handle SSLError * web_util: add mTLS context generation for agent * agent: Enable mTLS for agent REST API * crypto: add helper function for creating self signed certs * registrar: Allow the agent to registrar with a mTLS certificate * request_client: add workaround for handling certificates * request_client: add the option to ignore hostname validation * Better docs and errors about IMA hash mismatches * tests: use JSON instead Python string for IMA tests * verifier: use json.loads(..) instead of ast.literal_eval(..) * Adding Nuvoton certificate for a post 2020 TPM device. The EK cert of the device directs to the following download site: 'https://www.nuvoton.com/security/NTC-TPM-EK-Cert/Nuvoton TPM Root CA 1111.cer' (yes, including the spaces) * Improve revocation notifier IP description in keylime.conf * tornado_requests: set Content-Type header correctly for JSON * tenant: post U key to agent with correct Content-Type header * Explicitly set permissions on new keylime.conf files installed * tpm_main: close file descriptor for aik handle * verifier: do not call finish() twice * agent: fix payload execution * tests: add initial tests for web_util module * config, web_util: move get_restful_params(..) to web_util * verifier: Also retry on HTTP 500 status code * agent: improve startup and shutdown * registrar: cleanup start function * web_util: move echo_json_response(..) out of config.py * verifier: fix failure generation for V key * tornado_requests: cleanup TornadoResponse class * web_util, verifier: move mTLS SSLContext generation into separate module * ca: support back old cyptography API * Fix test branch reference in packit.yaml * ci: disable DeprecationWarning from pylint in tox * Enable new test in Packit CI * tenant: fix reactivate command * config: support merge multiple config files * ci: use only fedora-stable for packit * elchecking: harden example policy against event type manipulation * elchecking: add new tests * tests: fix stdout formatting for agent and verifier * Drop dataclasses module usage * revocation notifier: handle shutdown of process gracefully * verifier: handle SIGINT and SIGTERM correctly * ima_emulator: fix IMA hash validation and add more options * ima_ast: fix handling ToMToU errors * Remove leftovers of TPM 1.2 support * agent: improved validation for post function * agent: better validation for mask and nonce * config: add function to validate hex strings * agent: keys/verify check if challenge was provided * tpm_main: do not append /usr/local/{bin,lib} to default env * db: only set length on Text type if supported * json: do not make sqlalchemy a hard requirement * Enable functional testing with Packit CI * ima_emulator: specify sys.argv as the named parameter argv in main() * elchecking example policy: make it work with Fedora 34 * elchecking example policy: initrd* might be also called initramfs* * scripts: add mb_refstate generator for example policy * config: change tpm_hash_alg to SHA1 by default * parse_mb_bootlog: specify the used hash algorithm used for PCRs * agent: add warning that on kernels <5.10 IMA only works with SHA1 * tpm: explicitly pass hash alg to sim_extend(..) * ima emulator: use IMA AST and support multiple hash algorithms * tests: update IMA allowlist version number * ima: add option 'log_hash_alg' to IMA allowlist * ima: remove hard requirement for SHA1 PCR 10 * algorithms: extend Hash class to simplify computing hash values * config, tpm_main: explicitly handle YAML load errors * config: private_key must be set to -private.pem not -public.pem * agent: add UUID option environment * agent: drop openstack uuid option - Set /var/lib/keylime under the same permissions expected by the code ==== libapparmor ==== - add ruby-3.1-build-fix.diff: fix build with ruby 3.1 (boo#1194221, MR 827) ==== polkit ==== Subpackages: libpolkit-agent-1-0 libpolkit-gobject-1-0 - Switch from mozjs to duktape: * Add duktape-support.patch - Fixed pkexec Local Privilege Escalation aka pwnkit (CVE-2021-4034 bsc#1194568) CVE-2021-4034-pkexec-fix.patch ==== procps ==== Subpackages: libprocps8 - Correct used URLs ==== python-py ==== Version update (1.10.0 -> 1.11.0) - update to 1.11.0: * Support Python 3.11 * Support ``NO_COLOR`` environment variable * Update vendored apipkg: 1.5 => 2.0 ==== qemu ==== - Enable modules for testsuite * Patches added: meson-build-all-modules-by-default.patch ==== raspberrypi-firmware ==== Version update (2021.12.01 -> 2022.01.24) - Update to 9c04ed2c1a (2022-01-24): * firmware: platform: Limit max clock-id to CLOCK_VEC for now See: #1688 - Update to 827fdd0736 (2022-01-20): * firmware: dtoverlay: Don't mix non-fatal errors and offsets See: #1686 * firmware: arm_loader: Load vl805 overlay on CM4 See: https://forums.raspberrypi.com/viewtopic.php?t=326088 * firmware: gencmdserv: Add mailbox interface to gencmd * firmware: improve firmware camera detection * firmware: arm-loader: Fix kernel8.img selection on 2837 with arm_64bit=1 See: #1671 * firmware: ldconfig: Discard subsequent chunks from a truncated line See: #1669 * firmware: cec: Fail set_passive_mode when running with kms * firmware: Firmware: Remove PWM/audio traits for CM4 * firmware: usb: Fix non-BCM2711 MSD support See: raspberrypi/usbboot#102 ==== raspberrypi-firmware-config ==== Version update (2021.12.01 -> 2022.01.24) - Update to 9c04ed2c1a (2022-01-24): * firmware: platform: Limit max clock-id to CLOCK_VEC for now See: #1688 - Update to 827fdd0736 (2022-01-20): * firmware: dtoverlay: Don't mix non-fatal errors and offsets See: #1686 * firmware: arm_loader: Load vl805 overlay on CM4 See: https://forums.raspberrypi.com/viewtopic.php?t=326088 * firmware: gencmdserv: Add mailbox interface to gencmd * firmware: improve firmware camera detection * firmware: arm-loader: Fix kernel8.img selection on 2837 with arm_64bit=1 See: #1671 * firmware: ldconfig: Discard subsequent chunks from a truncated line See: #1669 * firmware: cec: Fail set_passive_mode when running with kms * firmware: Firmware: Remove PWM/audio traits for CM4 * firmware: usb: Fix non-BCM2711 MSD support See: raspberrypi/usbboot#102 ==== raspberrypi-firmware-dt ==== Version update (2021.11.19 -> 2022.01.19) - Switch to 5.16 branch - boo#1194423 - Update to ffd6c6dc4dbf (2022-01-19) ==== salt ==== Version update (3003.3 -> 3004) Subpackages: python3-salt salt-master salt-minion salt-standalone-formulas-configuration salt-transactional-update - Update to version 3004, see release notes: https://docs.saltproject.io/en/master/topics/releases/3004.html - Don't check for cached pillar errors on state.apply (bsc#1190781) - Added: * state.apply-don-t-check-for-cached-pillar-errors.patch - Modified: * add-migrated-state-and-gpg-key-management-functions-.patch * switch-firewalld-state-to-use-change_interface.patch * include-aliases-in-the-fqdns-grains.patch * debian-info_installed-compatibility-50453.patch * info_installed-works-without-status-attr-now.patch * fix-traceback.print_exc-calls-for-test_pip_state-432.patch * add-custom-suse-capabilities-as-grains.patch * add-rpm_vercmp-python-library-for-version-comparison.patch * 3003.3-do-not-consider-skipped-targets-as-failed-for.patch * support-transactional-systems-microos.patch * do-not-crash-when-unexpected-cmd-output-at-listing-p.patch * enable-passing-a-unix_socket-for-mysql-returners-bsc.patch * update-target-fix-for-salt-ssh-to-process-targets-li.patch * fix-exception-in-yumpkg.remove-for-not-installed-pac.patch * enhance-openscap-module-add-xccdf_eval-call-386.patch * add-environment-variable-to-know-if-yum-is-invoked-f.patch * zypperpkg-ignore-retcode-104-for-search-bsc-1176697-.patch * run-salt-master-as-dedicated-salt-user.patch * 3003.3-postgresql-json-support-in-pillar-423.patch * prevent-pkg-plugins-errors-on-missing-cookie-path-bs.patch * early-feature-support-config.patch * implementation-of-held-unheld-functions-for-state-pk.patch * x509-fixes-111.patch * fix-issues-with-salt-ssh-s-extra-filerefs.patch * mock-ip_addrs-in-utils-minions.py-unit-test-443.patch * use-adler32-algorithm-to-compute-string-checksums.patch * refactor-and-improvements-for-transactional-updates-.patch * improvements-on-ansiblegate-module-354.patch * revert-fixing-a-use-case-when-multiple-inotify-beaco.patch - Removed: * add-alibaba-cloud-linux-2-by-backporting-upstream-s-.patch * prevent-logging-deadlock-on-salt-api-subprocesses-bs.patch * do-not-break-master_tops-for-minion-with-version-low.patch * don-t-call-zypper-with-more-than-one-no-refresh.patch * do-not-monkey-patch-yaml-bsc-1177474.patch * add-missing-aarch64-to-rpm-package-architectures-405.patch * figure-out-python-interpreter-to-use-inside-containe.patch * parsing-epoch-out-of-version-provided-during-pkg-rem.patch * fix-a-test-and-some-variable-names-229.patch * add-astra-linux-common-edition-to-the-os-family-list.patch * better-handling-of-bad-public-keys-from-minions-bsc-.patch * templates-move-the-globals-up-to-the-environment-jin.patch * virt-enhancements.patch * fix-aptpkg.normalize_name-when-package-arch-is-all.patch * adding-preliminary-support-for-rocky.-59682-391.patch * fix-save-for-iptables-state-module-bsc-1185131-372.patch ==== selinux-policy ==== Version update (20211111 -> 20220124) Subpackages: selinux-policy-targeted - Update to version 20220124. Refreshed: * fix_hadoop.patch * fix_init.patch * fix_kernel_sysctl.patch * fix_systemd.patch * fix_systemd_watch.patch - Added fix_hypervkvp.patch to fix issues with hyperv labeling (bsc#1193987) ==== snapper ==== Version update (0.9.0 -> 0.9.1) Subpackages: libsnapper5 - added bash completion provided by community - look for most configuration files in /etc/snapper and /usr/share/snapper (bsc#1189601) - version 0.9.1 ==== suse-module-tools ==== Version update (16.0.18 -> 16.0.19) - Update to version 16.0.19: * Add /etc/modprobe.d/README on SLE/Leap (bsc#1195051) * rpm-script: force-copy kernel to /boot (boo#1194501) ==== toolbox ==== - Allow docker as an alternative to podman in the package Requires. This was supported since 2.2. ==== u-boot-rpiarm64 ==== Subpackages: u-boot-rpiarm64-doc Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2022.01 * Patches added: 0016-mx6qsabrelite-Enable-DM_ETH-to-re-e.patch 0017-rockchip-sdhci-Fix-RK3399-eMMC-PHY-.patch ==== userspace-rcu ==== Version update (0.13.0 -> 0.13.1) - update to 0.13.1: * fix: properly detect 'cmpxchg' on x86-32 * fix: use urcu-tls compat with c++ compiler * fix: remove autoconf features default value in help message * fix: add missing pkgconfig file for memb flavour lib * Make temporary variable in _rcu_dereference non-const * Fix: x86 and s390: uatomic __hp() macro C++ support * Fix: x86 and s390: uatomic __hp() macro clang support * Fix: x86 and s390 uatomic: __hp() macro warning with gcc 11 ==== util-linux ==== Version update (2.37.2 -> 2.37.3) Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1 - update to 2.37.3 (bsc#1194976): This release fixes two security mount(8) and umount(8) issues: * CVE-2021-3996 Improper UID check in libmount allows an unprivileged user to unmount FUSE filesystems of users with similar UID. * CVE-2021-3995 This issue is related to parsing the /proc/self/mountinfo file allows an unprivileged user to unmount other user's filesystems that are either world-writable themselves or mounted in a world-writable directory. ==== vim ==== Version update (8.2.4063 -> 8.2.4186) Subpackages: vim-data-common vim-small - Updated to version 8.2.4186, fixes the following problems * Vim9: exported function in autoload script not found. (Yegappan Lakshmanan) * Foam files are not detected. * Computation overflow with large count for :yank. * Vim9: imported autoload script loaded again. * Vim9: cannot call imported function with :call. (Drew Vogel) * Vim9: import test fails. * Vim9: import test fails on MS-Windows. * Using uninitialized memory when reading empty file. * Vim9: no detection of return in try/endtry. (Dominique Pellé) * Vim9: compiling function fails when autoload script is not loaded yet. * Coverity warns for using NULL pointer. * Going over the end of NameBuff. * Test failures. * Memory leak in autoload import. * Not all Libsensors files are recognized. * Terminal test for current directory not used on FreeBSD. * MS-Windows: "gvim --version" didn't work when build with VIMDLL. * Not sufficient test coverage for xxd. * CodeQL reports problem in if_cscope causing it to fail. * Check for autoload file name and prefix fails. (Christian J. Robinson) * Vim9: no test for "vim9script autoload' and using script variable in the same script. * Memory leak when looking for autoload prefixed variable. * Vim9: no test for using import in legacy script. * "cctx" argument of find_func_even_dead() is unused. * Cannot test items from an autoload script easily. * Xxd cannot output everything in one line. * Terminal test for current directory fails on FreeBSD. * After restoring a session buffer order can be quite different. * Virtcol is recomputed for statusline unnecessarily. * MacOS CI: unnecessarily doing "Install packages". * Cached breakindent values not initialized properly. * 'virtualedit' is window-local but using buffer-local enum. * Sed script not recognized by the first line. * Linux CI: unnecessarily installing packages * Wrong number in error message on 32 bit system. (John Paul Adrian Glaubitz) * Typing "interrupt" at debug prompt may keep exception around, causing function calls to fail. * Vim9: cannot use Vim9 syntax in mapping. * Early return when getting the 'formatlistpat' value. * Warning for unused argument in tiny version. * Vim9: import cannot be used after method. * Vim9: variable declared in for loop not initialzed. * Vim9: lower casing the autoload prefix causes problems. * Translation related comment in the wrong place. * Going over the end of the w_lines array. * Script context not restored after using <ScriptCmd>. * Going over the end of the w_lines array. * MS-Windows: high dpi support is outdated. * Coverity warns for using NULL pointer. * Potential proglem when map is deleted while executing. * Function not deleted at end of test. * Typo on DOCMD_RANGEOK results in not recognizing command. * Vim9: type checking for a funcref does not work for when it is used in a method. * Cannot use a method with a complex expression. * Vim9: cannot use a method with a complex expression in a :def function. * Vim9: wrong white space error after using imported item. * Using UNUSED for argument that is used. * Build failure when disabling the channel feature. * Block insert goes over the end of the line. * Visual test fails on MS-Windows. * ":command Cmd" does not show custom completion argument. * Complete function cannot be import.Name. * Vim9: method in compiled function may not see script item. * Completion tests fail. * Crash on exit when built with dynamic Tcl and EXITFREE is defined. (Dominique Pellé) * Build failure without the +eval feature. * Crash when method cannot be found. (Christian J. Robinson) * Building with +sound but without +eval fails. (Dominique Pellé) * MS-Windows: MSVC build may have libraries duplicated. * Vim9: calling function in autoload import does not work in a :def function. * Vim9: wrong error message when autoload script can't be found. * output of ":scriptnames" goes into the message history, while this des not happen for other commands, such as ":ls". * MS-Windows: test for import with absolute path fails. * Vim9: ":scriptnames" shows unloaded imported autoload script. * Vim9: the "autoload" argument of ":vim9script" is not useful. * Vim9: calling import with and without method is inconsistent. * Vim9: no error for return with argument when the function does not return anything. * Using freed memory if an expression abbreviation deletes the abbreviation. * maparg() does not indicate the type of script where it was defined. * Vim9 builtin functions test fails. * Build failure with normal features without persistent undo. * MS-Windows: IME support for Win9x is obsolete. * Cannot load libsodium dynamically. * Confusing error when using name of import for a function. * Vim9: shadowed function can be used in compiled function but not at script level. * E464 does not always include the offending command. * Deleting any mapping may cause <ScriptCmd> to not set the script context. * Test override not restored, autocommand left behind. * Coverity warns for using pointer after free. * Reading beyond the end of a line. * Block insert with double wide character fails. * MS-Windows: Global IME is no longer supported. * ml_get error when exchanging windows in Visual mode. * Translating strftime() argument results in check error. * Fileinfo message overwrites echo'ed message. * Terminal test fails because Windows sets the title. * MS-Windows: memory leak in :browse. * MS-Windows: _WndProc() is very long. * Cannot change the register used for Select mode delete. * Vim9: warning for missing white space after imported variable. * Vim9: no error for redefining function with export. * No error for omitting function name after autoload prefix. * Error in legacy code for function shadowing variable. * The nv_g_cmd() function is too long. * Undo synced when switching buffer in another window. * Vim9: error message for old style import. * Disallowing empty function name breaks existing plugins. * MS-Windows: unnessary casts and other minor things. * MS-Windows: still using old message API calls. * Cannot invoke option function using autoload import. * Filetype detection for BASIC is not optimal. * Cannot use an import in 'foldexpr'. * Vim9: can use an autoload name in normal script. * MS-Windows: runtime check for multi-line balloon is obsolete. * Vim9: cannot use imported function with call(). * Vim9: autoload script not loaded after "vim9script noclear". * Vim9: invalid error for return type of lambda when debugging. * 'foldtext' is evaluated in the current script context. * 'balloonexpr' is evaluated in the current script context. * Vim9: cannot use an import in 'diffexpr'. * Memory leak when evaluating 'diffexpr'. * Cannot use an import in 'formatexpr'. * Cannot use an import in 'includeexpr'. * Cannot use an import in 'indentexpr'. * Cannot use an import in 'patchexpr'. ==== wpa_supplicant ==== Version update (2.9 -> 2.10) - update to 2.10.0: * SAE changes - improved protection against side channel attacks [https://w1.fi/security/2022-1/] - added support for the hash-to-element mechanism (sae_pwe=1 or sae_pwe=2); this is currently disabled by default, but will likely get enabled by default in the future - fixed PMKSA caching with OKC - added support for SAE-PK * EAP-pwd changes - improved protection against side channel attacks [https://w1.fi/security/2022-1/] * fixed P2P provision discovery processing of a specially constructed invalid frame [https://w1.fi/security/2021-1/] * fixed P2P group information processing of a specially constructed invalid frame [https://w1.fi/security/2020-2/] * fixed PMF disconnection protection bypass in AP mode [https://w1.fi/security/2019-7/] * added support for using OpenSSL 3.0 * increased the maximum number of EAP message exchanges (mainly to support cases with very large certificates) * fixed various issues in experimental support for EAP-TEAP peer * added support for DPP release 2 (Wi-Fi Device Provisioning Protocol) * a number of MKA/MACsec fixes and extensions * added support for SAE (WPA3-Personal) AP mode configuration * added P2P support for EDMG (IEEE 802.11ay) channels * fixed EAP-FAST peer with TLS GCM/CCM ciphers * improved throughput estimation and BSS selection * dropped support for libnl 1.1 * added support for nl80211 control port for EAPOL frame TX/RX * fixed OWE key derivation with groups 20 and 21; this breaks backwards compatibility for these groups while the default group 19 remains backwards compatible * added support for Beacon protection * added support for Extended Key ID for pairwise keys * removed WEP support from the default build (CONFIG_WEP=y can be used to enable it, if really needed) * added a build option to remove TKIP support (CONFIG_NO_TKIP=y) * added support for Transition Disable mechanism to allow the AP to automatically disable transition mode to improve security * extended D-Bus interface * added support for PASN * added a file-based backend for external password storage to allow secret information to be moved away from the main configuration file without requiring external tools * added EAP-TLS peer support for TLS 1.3 (disabled by default for now) * added support for SCS, MSCS, DSCP policy * changed driver interface selection to default to automatic fallback to other compiled in options * a large number of other fixes, cleanup, and extensions - drop wpa_supplicant-p2p_iname_size.diff, CVE-2021-30004.patch, CVE-2021-27803.patch, CVE-2021-0326.patch, CVE-2019-16275.patch: upstream - refresh config from 2.10 defconfig, re-enable CONFIG_WEP ==== yast2 ==== Version update (4.4.39 -> 4.4.43) - ProductFeatures: add boot timeout option (jsc#SLE-22667) - 4.4.43 - Added Y2Packager::NewRepositorySetup to track new repositories (related to bsc#1194453) - 4.4.42 - Fix PackageAI call to PackagesProposal.GetResolvable. It prevents a crash when cloning a system (bsc#1195137). - 4.4.41 - Use Package module instead of PackageSystem (bsc#1194886). - 4.4.40