New ARM Kubic snapshot 20211023 released!
Please note that this mail was generated by a script.
The described changes are computed based on the aarch64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=3&version=Tumbleweed&build=20211023
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&component=Kubic&query_format=advanced&resolution=---
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
apparmor
audit-secondary
avahi
boost-base
busybox
ca-certificates (2+git20210723.27a0476 -> 2+git20211004.3efbea9)
chrony
compat-usrmerge
dracut (055+suse.119.g6c4187af -> 055+suse.129.g7d8c3ce3)
e2fsprogs
fcoe-utils
file (5.40 -> 5.41)
glibc
haproxy (2.4.4+git0.acb1d0bea -> 2.4.7+git0.b5e51a5e2)
helm
hwinfo (21.76 -> 21.77)
iputils
kbd
kernel-source (5.14.9 -> 5.14.11)
kubernetes1.21
libapparmor
libcap (2.51 -> 2.59)
libglvnd
librsvg (2.52.0 -> 2.52.2)
libwebp (1.2.0 -> 1.2.1)
libzypp (17.28.4 -> 17.28.6)
ncurses (6.2.20210911 -> 6.2.20211002)
ndctl
nvme-cli
open-iscsi
open-vm-tools (11.3.0 -> 11.3.5)
openssh (8.4p1 -> 8.8p1)
pam-config (1.4 -> 1.5)
patterns-microos
pmdk (1.11.0 -> 1.11.1)
python-Jinja2 (3.0.1 -> 3.0.2)
python-PrettyTable
python-alembic (1.6.5 -> 1.7.4)
python-apipkg (1.5 -> 2.1.0)
python-distro
python-greenlet (1.1.0 -> 1.1.2)
python-idna (3.2 -> 3.3)
python-more-itertools (8.8.0 -> 8.10.0)
python-networkx (2.6.1 -> 2.6.3)
python-pyrsistent (0.17.3 -> 0.18.0)
python-pytz (2021.1 -> 2021.3)
python-zipp (3.5.0 -> 3.6.0)
qemu
raspberrypi-firmware (2021.03.10 -> 2021.09.30)
raspberrypi-firmware-config (2021.03.10 -> 2021.09.30)
raspberrypi-firmware-dt (2021.03.15 -> 2021.09.17)
rbac-lookup (0.6.4 -> 0.7.1)
rdma-core (36.0 -> 37.1)
salt
systemd (249.4 -> 249.5)
systemd-presets-common-SUSE
timezone (2021c -> 2021d)
tpm2.0-tools (5.1.1 -> 5.2)
wireless-regdb (20210421 -> 20210828)
xfsprogs
xkeyboard-config (2.33 -> 2.34)
yomi-formula
zypper (1.14.49 -> 1.14.50)
=== Details ===
==== apparmor ====
Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor
- add add-samba-bgqd.diff: add profile for samba-bgqd (boo#1191532)
==== audit-secondary ====
Subpackages: audit python3-audit system-group-audit
- Add CONFIG parameter to %sysusers_generate_pre
- Create separate service for augenrules (bsc#1191614, bsc#1181400)
* add create-augenrules-service.patch
Remove ReadWritePaths=/etc/audit from auditd.service, also removes
augenrules call from ExecStartPost.
Create augenrules.service with the ReadWritePaths directive above.
This makes /etc/audit only accessible by augenrules.service and
let auditd.service (and daemon) to be sandboxed again.
- Update audit-secondary.spec to accomodate the new service file.
==== avahi ====
Subpackages: libavahi-client3 libavahi-common3
- Add rpmlintrc: Filter shlib-policy-name-error for libdns_sd
(boo#1191750).
- Remove obsolete translation-update-upstream support
(jsc#SLE-21105).
==== boost-base ====
Subpackages: boost-license1_77_0 libboost_thread1_77_0
- make boost-json-devel require boost-container-devel (bsc#1191822)
==== busybox ====
- Create separate 'Warewulf3' (https://github.com/warewulf/warewulf3)
flavor of busybox with the
additional setting:
CONFIG_REBOOT=y
CONFIG_SWITCH_ROOT=y
CONFIG_CTTYHACK=y
(bsc#1191514).
==== ca-certificates ====
Version update (2+git20210723.27a0476 -> 2+git20211004.3efbea9)
- Update to version 2+git20211004.3efbea9:
* Ensure --root option propagates prefix properly to other scripts
==== chrony ====
Subpackages: chrony-pool-openSUSE
- boo#1190926: PrivateDevices is too strict, we might need to
access the rtc and ptp devices.
- Add back support to build chrony on SLE12.
- Drop dependency on asciidoctor. It is only needed for building
the HTML documentation which we don't package anyway.
==== compat-usrmerge ====
- Fix logic for detecting conflicts with directories (boo#1191111)
==== dracut ====
Version update (055+suse.119.g6c4187af -> 055+suse.129.g7d8c3ce3)
Subpackages: dracut-ima dracut-mkinitrd-deprecated
- Update to version 055+suse.129.g7d8c3ce3:
* fix(kernel-modules): add blk_mq_alloc_disk and blk_cleanup_disk to blockfuncs (bsc#1190326)
* docs: update SUSE maintainers doc
* fix(suse): add 60-io-scheduler.rules (bsc#1188713)
* revert: remove /sbin/installkernel script from dracut package
* spec: modernize specfile constructs
==== e2fsprogs ====
Subpackages: libcom_err2 libext2fs2
- Drop ProtectClock hardening, can cause issues if other device acceess is needed
==== fcoe-utils ====
- Drop ProtectClock hardening, can cause issues if other device acceess is needed
==== file ====
Version update (5.40 -> 5.41)
Subpackages: file-magic libmagic1
- Remove file-5.38-allow-readlinkat.dif as already doen in latest
file 5.41
- Update to 5.41:
* Avinash Sonawane: Fix tzname detection
* Fix relationship tests with "search" magic, don't short circuit
logic
* Fix memory leak in compile mode
* PR/272: kiefermat: Only set returnval = 1 when we printed something
(in all cases print or !print). This simplifies the logic and fixes
the issue in the PR with -k and --mime-type there was no continuation
printed before the default case.
* PR/270: Don't translate unprintable characters in %s magic formats
when -r
* PR/269: Avoid undefined behavior with clang (adding offset to NULL)
* Add a new flag (f) that requires that the match is a full word,
not a partial word match.
* Add varint types (unused)
* PR/256: mutableVoid: If the file is less than 3 bytes, use the file
length to determine type
* PR/259: aleksandr.v.novichkov: mime printing through indirect magic
is not taken into account, use match directly so that it does.
- Remove patches now upstream
* file-5.40-1c677c04.patch
* file-5.40-3096f87f.patch
* file-5.40-4c5fe1ad.patch
* file-5.40-6b34436a.patch
* file-5.40-749e1ecf.patch
* file-5.40-9b0459af.patch
* file-5.40-9e2becec.patch
* file-5.40-ascii.patch
* file-5.40-f0601504.patch
* file-5.40-f7705dca.patch
- Port patches
* file-5.19-biorad.dif
* file-5.19-printf.dif
* file-5.19-zip2.0.dif
* file-5.23-endian.patch
* file-5.28-btrfs-image.dif
* file-5.38-allow-readlinkat.dif
* file-secure_getenv.patch
- Port and rename patch file-5.39.dif which is now file-5.41.dif
==== glibc ====
Subpackages: glibc-locale-base
- ld-show-auxv-colon.patch: elf: Fix missing colon in LD_SHOW_AUXV output
(BZ #282539
- x86-string-control-test.patch: x86-64: Use testl to check
__x86_string_control
- pthread-kill-fail-after-exit.patch: nptl: pthread_kill, pthread_cancel
should not fail after exit (BZ #19193)
- pthread-kill-race-thread-exit.patch: nptl: Fix race between pthread_kill
and thread exit (BZ #12889)
- getcwd-attribute-access.patch: posix: Fix attribute access mode on
getcwd (BZ #27476)
- pthread-kill-return-esrch.patch: nptl: pthread_kill needs to return
ESRCH for old programs (BZ #19193)
- pthread-mutexattr-getrobust-np-type.patch: nptl: Fix type of
pthread_mutexattr_getrobust_np, pthread_mutexattr_setrobust_np (BZ
[#28036])
- setxid-deadlock-blocked-signals.patch: nptl: Avoid setxid deadlock with
blocked signals in thread exit (BZ #28361)
- pthread-kill-send-specific-thread.patch: nptl: pthread_kill must send
signals to a specific thread (BZ #28407)
- sysconf-nprocessors-affinity.patch: linux: Revert the use of
sched_getaffinity on get_nproc (BZ #28310)
- iconv-charmap-close-output.patch: renamed from
icon-charmap-close-output.patch
==== haproxy ====
Version update (2.4.4+git0.acb1d0bea -> 2.4.7+git0.b5e51a5e2)
- Update to version 2.4.7+git0.b5e51a5e2:
* [RELEASE] Released version 2.4.7
* BUG/MEDIUM: http-ana: Clear request analyzers when applying redirect rule
- Update to version 2.4.6+git0.d83fd76a1:
* [RELEASE] Released version 2.4.6
* BUG/MEDIUM: filters: Fix a typo when a filter is attached blocking the release
- Update to version 2.4.5+git0.e74a1b34b:
* [RELEASE] Released version 2.4.5
* MINOR: tasks: catch TICK_ETERNITY with BUG_ON() in __task_queue()
* BUG/MINOR: tcp-rules: Stop content rules eval on read error and end-of-input
* BUG/MINOR: tcpcheck: Don't use arg list for default proxies during parsing
* MINOR: arg: Be able to forbid unresolved args when building an argument list
* BUG/MAJOR: lua: use task_wakeup() to properly run a task once
* BUG/MEDIUM: lua: fix wakeup condition from sleep()
* MINOR: Makefile: add MEMORY_POOLS to the list of DEBUG_xxx options
* DOC: peers: fix doc "enable" statement on "peers" sections
* BUG/MINOR: mux-h1/mux-fcgi: Sanitize TE header to only send "trailers"
* MINOR: stream-int: Notify mux when the buffer is not stuck when calling rcv_buf
* BUG/MEDIUM: stream-int: Defrag HTX message in si_cs_recv() if necessary
* MINOR: htx: Add a function to know if the free space wraps
* MINOR: htx: Add an HTX flag to know when a message is fragmented
* MINOR: stream-int: Set CO_RFL transient/persistent flags apart in si_cs_rcv()
* BUG/MEDIUM: stream: Stop waiting for more data if SI is blocked on RXBLK_ROOM
* BUG/MEDIUM: stream-int: Notify stream that the mux wants more room to xfer data
* BUG/MEDIUM: mux-h1: Adjust conditions to ask more space in the channel buffer
* BUG/MINOR: stats: use refcount to protect dynamic server on dump
* MINOR: server: return the next srv instance on free_server
* BUG/MINOR: server: do not use refcount in free_server in stopping mode
* MINOR: global: define MODE_STOPPING
* MINOR: server: implement a refcount for dynamic servers
* BUG/MINOR: http-ana: increment internal_errors counter on response error
* BUG/MINOR: h1-htx: Fix a typo when request parser is reset
* BUG/MEDIUM: leastconn: fix rare possibility of divide by zero
* BUG/MINOR: server: allow 'enable health' only if check configured
* BUILD: threads: fix -Wundef for _POSIX_PRIORITY_SCHEDULING on libmusl
* BUILD: halog: fix a -Wundef warning on non-glibc systems
* BUILD: compiler: fixed a missing test on defined(__GNUC__)
* BUILD: fix dragonfly build again on __read_mostly
* BUG/MINOR: vars: do not talk about global section in CLI errors for set-var
* BUG/MINOR: vars: truncate the variable name in error reports about scope.
* BUG/MINOR: vars: properly set the argument parsing context in the expression
* MINOR: sample: add missing ARGC_ entries
* BUG/MINOR: vars: improve accuracy of the rules used to check expression validity
* BUILD: tools: properly guard __GLIBC__ with defined()
* BUILD: ssl: fix two remaining occurrences of #if USE_OPENSSL
* BUILD: ssl: next round of build warnings on LIBRESSL_VERSION_NUMBER
* BUILD/MINOR: regex: avoid a build warning on USE_PCRE2 with -Wundef
* IMPORT: slz: silence a build warning with -Wundef
* BUILD/MINOR: ssl: avoid a build warning on LIBRESSL_VERSION with -Wundef
* BUILD/MINOR: defaults: eliminate warning on MAXHOSTNAMELEN with -Wundef
* BUILD: activity: use #ifdef not #if on USE_MEMORY_PROFILING
* MINOR: proc: setting the process to produce a core dump on FreeBSD.
* MINOR: tools: add FreeBSD support to get_exec_path()
* BUILD: tools: get the absolute path of the current binary on NetBSD.
* BUG/MINOR: flt-trace: fix an infinite loop when random-parsing is set
* BUG/MINOR: cli/payload: do not search for args inside payload
* BUILD: ist: prevent gcc11 maybe-uninitialized warning on istalloc
* BUG/MINOR: connection: prevent null deref on mux cleanup task allocation
* DOC: management: certificate files must be sanitized before injection
* BUG/MINOR: tcpcheck: Improve LDAP response parsing to fix LDAP check
* BUG/MAJOR: mux-h1: Don't eval input data if an error was reported
* MINOR: pools: use mallinfo2() when available instead of mallinfo()
* MINOR: pools: automatically disable malloc_trim() with external allocators
* CLEANUP: pools: factor all malloc_trim() calls into trim_all_pools()
* BUG/MINOR: compat: make sure __WORDSIZE is always defined
* BUG/MEDIUM: stream-int: Don't block SI on a channel policy if EOI is reached
* CLEANUP: mux-h1: Remove condition rejecting upgrade requests with payload
* MINOR: htx: Skip headers with no value when adding a header list to a message
* BUG/MEDIUM: mux-h1: Remove "Upgrade:" header for requests with payload
* BUG/MINOR: systemd: ExecStartPre must use -Ws
* BUG/MINOR: filters: Set right FLT_END analyser depending on channel
* BUG/MINOR: filters: Always set FLT_END analyser when CF_FLT_ANALYZE flag is set
* BUG/MEDIUM: http-ana: Reset channels analysers when returning an error
* BUG/MINOR: stream: Don't release a stream if FLT_END is still registered
* BUG/MINOR: lua: Don't yield in channel.append() and channel.set()
* BUG/MINOR: lua: Yield in channel functions only if lua context can yield
* MINOR: lua: Add a flag on lua context to know the yield capability at run time
==== helm ====
- use 'v' prefix for the version to match upstream builds
- package fish completions
==== hwinfo ====
Version update (21.76 -> 21.77)
- merge gh#openSUSE/hwinfo#105
- Use license file from gnu.org
- Fix spelling
- Add missing final newline
- Trim excess whitespace
- Simple maintenance improvements
- 21.77
==== iputils ====
- Drop ProtectClock hardening, can cause issues if other device acceess is needed
==== kbd ====
Subpackages: kbd-legacy
- regenerated cz-map.patch needed for xkeyboard-config 2.34 update
==== kernel-source ====
Version update (5.14.9 -> 5.14.11)
- Linux 5.14.11 (bsc#1012628).
- Revert "ARM: imx6q: drop of_platform_default_populate() from
init_machine" (bsc#1012628).
- Revert "brcmfmac: use ISO3166 country code and 0 rev as
fallback" (bsc#1012628).
- libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870
SSD (bsc#1012628).
- perf/x86: Reset destroy callback on event init failure
(bsc#1012628).
- KVM: x86: nSVM: restore int_vector in svm_clear_vintr
(bsc#1012628).
- kvm: x86: Add AMD PMU MSRs to msrs_to_save_all[] (bsc#1012628).
- KVM: x86: reset pdptrs_from_userspace when exiting smm
(bsc#1012628).
- KVM: do not shrink halt_poll_ns below grow_start (bsc#1012628).
- selftests: KVM: Align SMCCC call with the spec in steal_time
(bsc#1012628).
- kasan: always respect CONFIG_KASAN_STACK (bsc#1012628).
- tools/vm/page-types: remove dependency on opt_file for idle
page tracking (bsc#1012628).
- block: don't call rq_qos_ops->done_bio if the bio isn't tracked
(bsc#1012628).
- io_uring: allow conditional reschedule for intensive iterators
(bsc#1012628).
- x86/insn, tools/x86: Fix undefined behavior due to potential
unaligned accesses (bsc#1012628).
- smb3: correct smb3 ACL security descriptor (bsc#1012628).
- irqchip/gic: Work around broken Renesas integration
(bsc#1012628).
- scsi: ses: Retry failed Send/Receive Diagnostic commands
(bsc#1012628).
- thermal/drivers/tsens: Fix wrong check for tzd in irq handlers
(bsc#1012628).
- nvme-fc: avoid race between time out and tear down
(bsc#1012628).
- nvme-fc: update hardware queues before using them (bsc#1012628).
- swiotlb-xen: ensure to issue well-formed XENMEM_exchange
requests (bsc#1012628).
- Xen/gntdev: don't ignore kernel unmapping error (bsc#1012628).
- selftests: kvm: fix get_run_delay() ignoring fscanf() return
warn (bsc#1012628).
- selftests: kvm: move get_run_delay() into lib/test_util
(bsc#1012628).
- selftests:kvm: fix get_trans_hugepagesz() ignoring fscanf()
return warn (bsc#1012628).
- selftests:kvm: fix get_warnings_count() ignoring fscanf()
return warn (bsc#1012628).
- selftests: be sure to make khdr before other targets
(bsc#1012628).
- habanalabs/gaudi: fix LBW RR configuration (bsc#1012628).
- habanalabs: fail collective wait when not supported
(bsc#1012628).
- habanalabs/gaudi: use direct MSI in single mode (bsc#1012628).
- usb: dwc2: check return value after calling
platform_get_resource() (bsc#1012628).
- usb: testusb: Fix for showing the connection speed
(bsc#1012628).
- scsi: elx: efct: Do not hold lock while calling
fc_vport_terminate() (bsc#1012628).
- scsi: sd: Free scsi_disk device via put_device() (bsc#1012628).
- drm/amdkfd: fix svm_migrate_fini warning (bsc#1012628).
- drm/amdkfd: handle svm migrate init error (bsc#1012628).
- ext2: fix sleeping in atomic bugs on error (bsc#1012628).
- platform/x86: gigabyte-wmi: add support for B550I Aorus Pro AX
(bsc#1012628).
- sparc64: fix pci_iounmap() when CONFIG_PCI is not set
(bsc#1012628).
- xen-netback: correct success/error reporting for the
SKB-with-fraglist case (bsc#1012628).
- net: mdio: introduce a shutdown method to mdio device drivers
(bsc#1012628).
- btrfs: fix mount failure due to past and transient device
flush error (bsc#1012628).
- btrfs: replace BUG_ON() in btrfs_csum_one_bio() with proper
error handling (bsc#1012628).
- nfsd: back channel stuck in SEQ4_STATUS_CB_PATH_DOWN
(bsc#1012628).
- platform/x86: touchscreen_dmi: Update info for the Chuwi Hi10
Plus (CWI527) tablet (bsc#1012628).
- platform/x86: touchscreen_dmi: Add info for the Chuwi HiBook
(CWI514) tablet (bsc#1012628).
- afs: Add missing vnode validation checks (bsc#1012628).
- spi: rockchip: handle zero length transfers without timing out
(bsc#1012628).
- commit 834dddd
- iwlwifi: Fix MODULE_FIRMWARE() for non-existing ucode version
(boo#1191417).
- commit 6597512
- Linux 5.14.10 (bsc#1012628).
- media: hantro: Fix check for single irq (bsc#1012628).
- media: cedrus: Fix SUNXI tile size calculation (bsc#1012628).
- media: s5p-jpeg: rename JPEG marker constants to prevent build
warnings (bsc#1012628).
- ASoC: fsl_sai: register platform component before registering
cpu dai (bsc#1012628).
- ASoC: fsl_esai: register platform component before registering
cpu dai (bsc#1012628).
- ASoC: fsl_micfil: register platform component before registering
cpu dai (bsc#1012628).
- ASoC: fsl_spdif: register platform component before registering
cpu dai (bsc#1012628).
- ASoC: fsl_xcvr: register platform component before registering
cpu dai (bsc#1012628).
- ASoC: mediatek: common: handle NULL case in suspend/resume
function (bsc#1012628).
- scsi: elx: efct: Fix void-pointer-to-enum-cast warning for
efc_nport_topology (bsc#1012628).
- ASoC: SOF: Fix DSP oops stack dump output contents
(bsc#1012628).
- ASoC: SOF: imx: imx8: Bar index is only valid for IRAM and
SRAM types (bsc#1012628).
- ASoC: SOF: imx: imx8m: Bar index is only valid for IRAM and
SRAM types (bsc#1012628).
- pinctrl: qcom: spmi-gpio: correct parent irqspec translation
(bsc#1012628).
- net/mlx4_en: Resolve bad operstate value (bsc#1012628).
- s390/qeth: Fix deadlock in remove_discipline (bsc#1012628).
- s390/qeth: fix deadlock during failing recovery (bsc#1012628).
- m68k: Update ->thread.esp0 before calling syscall_trace()
in ret_from_signal (bsc#1012628).
- NIOS2: fix kconfig unmet dependency warning for
SERIAL_CORE_CONSOLE (bsc#1012628).
- kasan: fix Kconfig check of CC_HAS_WORKING_NOSANITIZE_ADDRESS
(bsc#1012628).
- HID: amd_sfh: Fix potential NULL pointer dereference
(bsc#1012628).
- perf test: Fix DWARF unwind for optimized builds (bsc#1012628).
- perf iostat: Use system-wide mode if the target cpu_list is
unspecified (bsc#1012628).
- perf iostat: Fix Segmentation fault from NULL 'struct
perf_counts_values *' (bsc#1012628).
- watchdog/sb_watchdog: fix compilation problem due to
COMPILE_TEST (bsc#1012628).
- tty: Fix out-of-bound vmalloc access in imageblit (bsc#1012628).
- cpufreq: schedutil: Use kobject release() method to free
sugov_tunables (bsc#1012628).
- scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS
(bsc#1012628).
- drm/amdgpu: adjust fence driver enable sequence (bsc#1012628).
- drm/amdgpu: avoid over-handle of fence driver fini in s3 test
(v2) (bsc#1012628).
- drm/amdgpu: stop scheduler when calling hw_fini (v2)
(bsc#1012628).
- cpufreq: schedutil: Destroy mutex before kobject_put() frees
the memory (bsc#1012628).
- scsi: ufs: ufs-pci: Fix Intel LKF link stability (bsc#1012628).
- ALSA: rawmidi: introduce SNDRV_RAWMIDI_IOCTL_USER_PVERSION
(bsc#1012628).
- ALSA: firewire-motu: fix truncated bytes in message tracepoints
(bsc#1012628).
- ALSA: hda/realtek: Quirks to enable speaker output for Lenovo
Legion 7i 15IMHG05, Yoga 7i 14ITL5/15ITL5, and 13s Gen2 laptops
(bsc#1012628).
- ACPI: NFIT: Use fallback node id when numa info in NFIT table
is incorrect (bsc#1012628).
- fs-verity: fix signed integer overflow with i_size near S64_MAX
(bsc#1012628).
- hwmon: (tmp421) handle I2C errors (bsc#1012628).
- hwmon: (w83793) Fix NULL pointer dereference by removing
unnecessary structure field (bsc#1012628).
- hwmon: (w83792d) Fix NULL pointer dereference by removing
unnecessary structure field (bsc#1012628).
- hwmon: (w83791d) Fix NULL pointer dereference by removing
unnecessary structure field (bsc#1012628).
- gpio: pca953x: do not ignore i2c errors (bsc#1012628).
- scsi: ufs: Fix illegal offset in UPIU event trace (bsc#1012628).
- mac80211: fix use-after-free in CCMP/GCMP RX (bsc#1012628).
- platform/x86/intel: hid: Add DMI switches allow list
(bsc#1012628).
- x86/kvmclock: Move this_cpu_pvti into kvmclock.h (bsc#1012628).
- ptp: Fix ptp_kvm_getcrosststamp issue for x86 ptp_kvm
(bsc#1012628).
- KVM: x86: Fix stack-out-of-bounds memory access from
ioapic_write_indirect() (bsc#1012628).
- KVM: x86: nSVM: don't copy virt_ext from vmcb12 (bsc#1012628).
- KVM: x86: Clear KVM's cached guest CR3 at RESET/INIT
(bsc#1012628).
- KVM: x86: Swap order of CPUID entry "index" vs. "significant
flag" checks (bsc#1012628).
- KVM: nVMX: Filter out all unsupported controls when eVMCS was
activated (bsc#1012628).
- KVM: SEV: Update svm_vm_copy_asid_from for SEV-ES (bsc#1012628).
- KVM: SEV: Pin guest memory for write for RECEIVE_UPDATE_DATA
(bsc#1012628).
- KVM: SEV: Acquire vcpu mutex when updating VMSA (bsc#1012628).
- KVM: SEV: Allow some commands for mirror VM (bsc#1012628).
- KVM: SVM: fix missing sev_decommission in sev_receive_start
(bsc#1012628).
- KVM: nVMX: Fix nested bus lock VM exit (bsc#1012628).
- KVM: VMX: Fix a TSX_CTRL_CPUID_CLEAR field mask issue
(bsc#1012628).
- mmc: renesas_sdhi: fix regression with hard reset on old SDHIs
(bsc#1012628).
- media: ir_toy: prevent device from hanging during transmit
(bsc#1012628).
- RDMA/cma: Do not change route.addr.src_addr.ss_family
(bsc#1012628).
- RDMA/cma: Ensure rdma_addr_cancel() happens before issuing
more requests (bsc#1012628).
- nbd: use shifts rather than multiplies (bsc#1012628).
- drm/amd/display: initialize backlight_ramping_override to false
(bsc#1012628).
- drm/amd/display: Pass PCI deviceid into DC (bsc#1012628).
- drm/amd/display: Fix Display Flicker on embedded panels
(bsc#1012628).
- drm/amdgpu: force exit gfxoff on sdma resume for rmb s0ix
(bsc#1012628).
- drm/amdgpu: check tiling flags when creating FB on GFX8-
(bsc#1012628).
- drm/amdgpu: correct initial cp_hqd_quantum for gfx9
(bsc#1012628).
- interconnect: qcom: sdm660: Fix id of slv_cnoc_mnoc_cfg
(bsc#1012628).
- interconnect: qcom: sdm660: Correct NOC_QOS_PRIORITY shift
and mask (bsc#1012628).
- drm/i915/gvt: fix the usage of ww lock in gvt scheduler
(bsc#1012628).
- ipvs: check that ip_vs_conn_tab_bits is between 8 and 20
(bsc#1012628).
- bpf: Handle return value of BPF_PROG_TYPE_STRUCT_OPS prog
(bsc#1012628).
- IB/cma: Do not send IGMP leaves for sendonly Multicast groups
(bsc#1012628).
- RDMA/cma: Fix listener leak in rdma_cma_listen_on_all() failure
(bsc#1012628).
- bpf, mips: Validate conditional branch offsets (bsc#1012628).
- hwmon: (mlxreg-fan) Return non-zero value when fan current
state is enforced from sysfs (bsc#1012628).
- RDMA/irdma: Skip CQP ring during a reset (bsc#1012628).
- RDMA/irdma: Validate number of CQ entries on create CQ
(bsc#1012628).
- RDMA/irdma: Report correct WC error when transport retry
counter is exceeded (bsc#1012628).
- RDMA/irdma: Report correct WC error when there are MW bind
errors (bsc#1012628).
- netfilter: nf_tables: unlink table before deleting it
(bsc#1012628).
- netfilter: log: work around missing softdep backend module
(bsc#1012628).
- Revert "mac80211: do not use low data rates for data frames
with no ack flag" (bsc#1012628).
- mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug
(bsc#1012628).
- mac80211: limit injected vht mcs/nss in
ieee80211_parse_tx_radiotap (bsc#1012628).
- mac80211: mesh: fix potentially unaligned access (bsc#1012628).
- mac80211-hwsim: fix late beacon hrtimer handling (bsc#1012628).
- driver core: fw_devlink: Add support for
FWNODE_FLAG_NEEDS_CHILD_BOUND_ON_ADD (bsc#1012628).
- net: mdiobus: Set FWNODE_FLAG_NEEDS_CHILD_BOUND_ON_ADD for
mdiobus parents (bsc#1012628).
- sctp: break out if skb_header_pointer returns NULL in
sctp_rcv_ootb (bsc#1012628).
- mptcp: don't return sockets in foreign netns (bsc#1012628).
- mptcp: allow changing the 'backup' bit when no sockets are open
(bsc#1012628).
- RDMA/hns: Work around broken constant propagation in gcc 8
(bsc#1012628).
- hwmon: (tmp421) report /PVLD condition as fault (bsc#1012628).
- hwmon: (tmp421) fix rounding for negative values (bsc#1012628).
- net: enetc: fix the incorrect clearing of IF_MODE bits
(bsc#1012628).
- net: ipv4: Fix rtnexthop len when RTA_FLOW is present
(bsc#1012628).
- smsc95xx: fix stalled rx after link change (bsc#1012628).
- drm/i915/request: fix early tracepoints (bsc#1012628).
- drm/i915: Remove warning from the rps worker (bsc#1012628).
- dsa: mv88e6xxx: 6161: Use chip wide MAX MTU (bsc#1012628).
- dsa: mv88e6xxx: Fix MTU definition (bsc#1012628).
- dsa: mv88e6xxx: Include tagger overhead when setting MTU for
DSA and CPU ports (bsc#1012628).
- e100: fix length calculation in e100_get_regs_len (bsc#1012628).
- e100: fix buffer overrun in e100_get_regs (bsc#1012628).
- RDMA/hfi1: Fix kernel pointer leak (bsc#1012628).
- RDMA/hns: Fix the size setting error when copying CQE in
clean_cq() (bsc#1012628).
- RDMA/hns: Add the check of the CQE size of the user space
(bsc#1012628).
- bpf: Exempt CAP_BPF from checks against bpf_jit_limit
(bsc#1012628).
- libbpf: Fix segfault in static linker for objects without BTF
(bsc#1012628).
- selftests, bpf: Fix makefile dependencies on libbpf
(bsc#1012628).
- selftests, bpf: test_lwt_ip_encap: Really disable rp_filter
(bsc#1012628).
- bpf, x86: Fix bpf mapping of atomic fetch implementation
(bsc#1012628).
- net: ks8851: fix link error (bsc#1012628).
- ionic: fix gathering of debug stats (bsc#1012628).
- Revert "block, bfq: honor already-setup queue merges"
(bsc#1012628).
- scsi: csiostor: Add module softdep on cxgb4 (bsc#1012628).
- ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup
(bsc#1012628).
- net: hns3: do not allow call hns3_nic_net_open repeatedly
(bsc#1012628).
- net: hns3: remove tc enable checking (bsc#1012628).
- net: hns3: don't rollback when destroy mqprio fail
(bsc#1012628).
- net: hns3: fix mixed flag HCLGE_FLAG_MQPRIO_ENABLE and
HCLGE_FLAG_DCB_ENABLE (bsc#1012628).
- net: hns3: fix show wrong state when add existing uc mac address
(bsc#1012628).
- net: hns3: reconstruct function hns3_self_test (bsc#1012628).
- net: hns3: fix always enable rx vlan filter problem after
selftest (bsc#1012628).
- net: hns3: disable firmware compatible features when uninstall
PF (bsc#1012628).
- net: phy: bcm7xxx: Fixed indirect MMD operations (bsc#1012628).
- net: sched: flower: protect fl_walk() with rcu (bsc#1012628).
- net: stmmac: fix EEE init issue when paired with EEE capable
PHYs (bsc#1012628).
- af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
(bsc#1012628).
- objtool: Teach get_alt_entry() about more relocation types
(bsc#1012628).
- perf/x86/intel: Update event constraints for ICX (bsc#1012628).
- sched/fair: Add ancestors of unthrottled undecayed cfs_rq
(bsc#1012628).
- sched/fair: Null terminate buffer when updating tunable_scaling
(bsc#1012628).
- hwmon: (occ) Fix P10 VRM temp sensors (bsc#1012628).
- hwmon: (pmbus/mp2975) Add missed POUT attribute for page 1
mp2975 controller (bsc#1012628).
- kvm: fix objtool relocation warning (bsc#1012628).
- nvme: add command id quirk for apple controllers (bsc#1012628).
- elf: don't use MAP_FIXED_NOREPLACE for elf interpreter mappings
(bsc#1012628).
- driver core: fw_devlink: Improve handling of cyclic dependencies
(bsc#1012628).
- debugfs: debugfs_create_file_size(): use IS_ERR to check for
error (bsc#1012628).
- ipack: ipoctal: fix stack information leak (bsc#1012628).
- ipack: ipoctal: fix tty registration race (bsc#1012628).
- ipack: ipoctal: fix tty-registration error handling
(bsc#1012628).
- ipack: ipoctal: fix missing allocation-failure check
(bsc#1012628).
- ipack: ipoctal: fix module reference leak (bsc#1012628).
- ext4: fix loff_t overflow in ext4_max_bitmap_size()
(bsc#1012628).
- ext4: limit the number of blocks in one ADD_RANGE TLV
(bsc#1012628).
- ext4: fix reserved space counter leakage (bsc#1012628).
- ext4: add error checking to ext4_ext_replay_set_iblocks()
(bsc#1012628).
- ext4: fix potential infinite loop in ext4_dx_readdir()
(bsc#1012628).
- ext4: flush s_error_work before journal destroy in
ext4_fill_super (bsc#1012628).
- HID: u2fzero: ignore incomplete packets without data
(bsc#1012628).
- net: udp: annotate data race around udp_sk(sk)->corkflag
(bsc#1012628).
- NIOS2: setup.c: drop unused variable 'dram_start' (bsc#1012628).
- usb: hso: remove the bailout parameter (bsc#1012628).
- HID: betop: fix slab-out-of-bounds Write in betop_probe
(bsc#1012628).
- netfilter: ipset: Fix oversized kvmalloc() calls (bsc#1012628).
- mm: don't allow oversized kvmalloc() calls (bsc#1012628).
- HID: usbhid: free raw_report buffers in usbhid_stop
(bsc#1012628).
- crypto: aesni - xts_crypt() return if walk.nbytes is 0
(bsc#1012628).
- KVM: x86: Handle SRCU initialization failure during page track
init (bsc#1012628).
- netfilter: conntrack: serialize hash resizes and cleanups
(bsc#1012628).
- netfilter: nf_tables: Fix oversized kvmalloc() calls
(bsc#1012628).
- drivers: net: mhi: fix error path in mhi_net_newlink
(bsc#1012628).
- objtool: print out the symbol type when complaining about it
(bsc#1012628).
- HID: amd_sfh: Fix potential NULL pointer dereference - take 2
(bsc#1012628).
- commit 7c980ba
- ALSA: hda: intel: Allow repeatedly probing on codec
configuration errors (bsc#1190801).
- commit 924f4be
- rpm: use _rpmmacrodir (boo#1191384)
- commit e350c14
==== kubernetes1.21 ====
- Bump disk requirements in _constraints to 12GB. Data based on the
last successful build consumed storage.
==== libapparmor ====
- add add-samba-bgqd.diff: add profile for samba-bgqd (boo#1191532)
==== libcap ====
Version update (2.51 -> 2.59)
- update to 2.59:
* Fixed a potential libcap memory leak by adding a destructor
* Major improvement is that there is a path for Linux-PAM compliant
applications to support setting Ambient vector Capabilities via pam_cap.so now
* Added libcap cap_proc_root() API function
* Added color support to captree
* Fixed contrib/sucap/su to correctly handle the Inheritable flag
* capsh enhancements
* getcap -r / now generates readable output
* The shared library objects: pam_cap.so, libcap.so and libpsx.so, are all now
runnable as standalone binaries
* The module pam_cap.so now contains support for a default=<IAB> module argument
* Enhanced capsh --suggest to also compare against the capability value names
and not just their descriptions
* Added capsh --current support
* Added a contrib/sucap/su.c pure-capabilities PAM implementation of su
* Fix for a corner case infinite loop handling long strings
* Added libcap cap_iab_compare() and cap_iab_get_pid() APIs
* Added a Go utility, captree, to display the process (and thread) graph along with
the POSIX.1e and IAB capabilities of each PID{TID} tree.
==== libglvnd ====
- libglvnd.rpmlintrc
* workaround for future buildcheck (boo#1191763)
==== librsvg ====
Version update (2.52.0 -> 2.52.2)
Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2
- Update to version 2.52.2:
+ New features:
- rsvg-convert now supports generating multi-page PDFs in a
sensible way.
- With one SVG document per page, each page with the SVG's
natural size:
- rsvg-convert --format=pdf -o out.pdf a.svg b.svg c.svg
- With all pages sized as portrait US Letter, and each SVG
scaled to fit so that there is a 1in margin around each page:
rsvg-convert --format=pdf -o out.pdf \
- -page-width=8.5in --page-height=11in \
- -width=6.5in --height=8.5in --keep-aspect-ratio \
- -top=1in --left=1in a.svg b.svg c.svg
Please see the man page for details.
- Support <a> elements inside <text>. Also, support the CSS
:link pseudo-class for matching against links.
- Support the CSS :lang() pseudo-class for matching against an
element's xml:lang attribute.
- Support the mask-type property from SVG2.
+ Bugs fixed:
- Don't panic when a shorthand property is set to inherit.
- Fix regression with the viewport size of interior <svg>
elements.
- Allow length units to be case-insensitive, per SVG2.
+ Documentation:
- There is now a FEATURES.md in the repository, where you can
see all the elements, attributes, and properties that librsvg
supports. We will be adding detail to this gradually.
- For developers, there is now devel-docs/adding-a-property.md
with a tutorial on how to add support for new CSS properties.
- Update to version 2.52.1:
+ Fix ordering of tspan inside text elements for right-to-left
languages.
+ Fix text-anchor positioning for right-to-left languages.
+ Fix regression in computing sizes when an SVG has only one of
width/height and a viewBox.
+ Spec compliance - the writing-mode property applies only to
text elements, no to individual tspan elements.
+ Fix build on big-endian platforms.
+ Clarify documentation for the rsvg_handle_write() /
rsvg_handle_close() deprecated APIs.
==== libwebp ====
Version update (1.2.0 -> 1.2.1)
Subpackages: libwebp7 libwebpdemux2 libwebpmux3
- update to 1.2.1:
* minor lossless encoder improvements and x86 color conversion
speed up
* further security related hardening in libwebp & examples
* toolchain updates and bug fixes
* use more inclusive language within the source
==== libzypp ====
Version update (17.28.4 -> 17.28.6)
- Zypper should keep cached files if transaction is aborted
(bsc#1190356)
Singletrans mode currently does not keep files around if the
transaction is aborted. This patch fixes the problem.
- Require a minimum number of mirrors for multicurl (bsc#1191609)
- Use procfs to detect nr of open fd's if rlimit is too high
(bsc#1191324)
Especially in a VM iterating over all possible fd's to close open
ones right before a exec() slows down zypper unnecessarily. This
patch uses /proc/self/fd to iterate over open fd's in case rlimit
is above 1024.
- po: Fix some lost '%' signs in positional args (bsc#1191370)
- RepoManager: Don't probe for plaindir repo if URL schema is
plugin: (bsc#1191286)
- version 17.28.6 (22)
- Downloader does not respect checkExistsOnly flag (bsc#1190712)
A missing check causes zyppng::Downloader to always download full
files even if the checkExistsOnly flag is set. This patch adds
the missing logic.
- Fix kernel-*-livepatch removal in purge-kernels (bsc#1190815)
The kernel-*-livepatch packages are supposed to serve as a stable
handle for the ephemeral kernel livepatch packages. See
FATE#320268 for details. As part of the kernel live patching
ecosystem, kernel-*-livepatch packages should not block the
purge-kernels step.
- version 17.28.5 (22)
==== ncurses ====
Version update (6.2.20210911 -> 6.2.20211002)
Subpackages: libncurses6 ncurses-utils terminfo-base
- Add ncurses patch 20211002
+ use return-value from vsnprintf to reallocate as needed to allow for
buffers larger than the screen size (report by "_RuRo_").
+ modify tset "-q" option to refrain from modifying terminal modes, to
match the documentation.
+ add section on margins to terminfo.5, adapted from X/Open Curses.
+ make tput/tset warning messages consistently using alias names when
those are used, rather than the underlying program's name.
+ improve tput usage message for aliases such as clear, by eliminating
tput-specific portions.
+ add a check in toe to ensure that a "termcap file" is text rather
than binary.
+ further build-fixes for OpenBSD 6.9, whose header files differ from
- Add ncurses patch 20210925
+ add kbeg to xterm+keypad to accommodate termcap applications -TD
+ add smglp and smgrp to vt420+lrmm, to provide useful data for the
"tabs" +m option -TD
+ build-fix for gcc 3.4.3 with Solaris10, which does not allow forward
reference of anonymous struct typedef.
+ modify tput to allow multiple commands per line.
+ minor fixes for tset manpage.
- Correct offsets of patch ncurses-6.2.dif
==== ndctl ====
- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
* harden_ndctl-monitor.service.patch
==== nvme-cli ====
- Drop ProtectClock hardening, can cause issues if other device acceess is needed
- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
* harden_nvmf-connect@.service.patch
==== open-iscsi ====
Subpackages: iscsiuio libopeniscsiusr0_2_0
- Fix possible systemd cycle by adding an "obsoletes" for
the old libopeniscsiusr for older versions.
==== open-vm-tools ====
Version update (11.3.0 -> 11.3.5)
Subpackages: libvmtools0
- Update to 11.3.5 (build 18557794) (boo#1190987)
+ New/Updated features:
- Added a configurable logging capability to the network script.
The network script has been updated to:
use vmware-toolbox-cmd to query any network logging configuration from
the tools.conf file. Use vmtoolsd --cmd "log ..." to log a message to
the vmx logfile when the logging handler is configured to "vmx" or when
the logfile is full or is not writeable.
- The hgfsmounter (mount.vmhgfs) command has been removed from
open-vm-tools.
The hgfsmounter (mount.vmhgfs) command is no longer used in
Linux open-vm-tools. It has been replaced by hgfs-fuse. Therefore,
removing all references to the hgfsmounter in Linux builds.
+ Resolved issues:
- Customization: Retry the Linux reboot if telinit is a soft link to
systemctl.
- Open-vm-tools commands would hang if configured with "--enable-valgrind".
+ Spec file updates for:
- rpmlint errors
- arg_xmlsec1 --enable-xmlsec1 for better xmlsec1/libxml2 handling.
==== openssh ====
Version update (8.4p1 -> 8.8p1)
Subpackages: openssh-clients openssh-common openssh-server
- Version update to 8.8p1:
= Security
* sshd(8) from OpenSSH 6.2 through 8.7 failed to correctly initialise
supplemental groups when executing an AuthorizedKeysCommand or
AuthorizedPrincipalsCommand, where a AuthorizedKeysCommandUser or
AuthorizedPrincipalsCommandUser directive has been set to run the
command as a different user. Instead these commands would inherit
the groups that sshd(8) was started with.
Depending on system configuration, inherited groups may allow
AuthorizedKeysCommand/AuthorizedPrincipalsCommand helper programs to
gain unintended privilege.
Neither AuthorizedKeysCommand nor AuthorizedPrincipalsCommand are
enabled by default in sshd_config(5).
= Potentially-incompatible changes
* This release disables RSA signatures using the SHA-1 hash algorithm
by default. This change has been made as the SHA-1 hash algorithm is
cryptographically broken, and it is possible to create chosen-prefix
hash collisions for
participants (1)
-
Guillaume Gardet