Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=1&ve... https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&... Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: cryptsetup (2.4.1 -> 2.4.3) dhcp kernel-source (5.16.0 -> 5.16.1) libfido2 openSUSE-build-key sqlite3 (3.37.1 -> 3.37.2) toolbox (2.2+git20211124.09791b1 -> 2.3+git20220117.bd53c7c) === Details === ==== cryptsetup ==== Version update (2.4.1 -> 2.4.3) Subpackages: libcryptsetup12 - cryptsetup 2.4.3: * Fix possible attacks against data confidentiality through LUKS2 online reencryption extension crash recovery CVE-2021-4122, boo#1194469 * Add configure option --disable-luks2-reencryption to completely disable LUKS2 reencryption code. * Improve internal metadata validation code for reencryption metadata * Add updated documentation for LUKS2 On-Disk Format Specification version 1.1.0 * Fix support for bitlk (BitLocker compatible) startup key with new metadata entry introduced in Windows 11 * Fix space restriction for LUKS2 reencryption with data shift - cryptsetup 2.4.2: * Fix possible large memory allocation if LUKS2 header size is invalid. * Fix memory corruption in debug message printing LUKS2 checksum. * veritysetup: remove link to the UUID library for the static build. * Remove link to pwquality library for integritysetup and veritysetup. These tools do not read passphrases. * OpenSSL3 backend: avoid remaining deprecated calls in API. Crypto backend no longer use API deprecated in OpenSSL 3.0 * Check if kernel device-mapper create device failed in an early phase. This happens when a concurrent creation of device-mapper devices meets in the very early state. * Do not set compiler optimization flag for Argon2 KDF if the memory wipe is implemented in libc. * Do not attempt to unload LUKS2 tokens if external tokens are disabled. This allows building a static binary with - -disable-external-tokens. * LUKS convert: also check sysfs for device activity. If udev symlink is missing, code fallbacks to sysfs scan to prevent data corruption for the active device. ==== dhcp ==== Subpackages: dhcp-client - Drop PrivateDevices and ProtectClock hardenings. They clash with the chroot logic (bsc#1194722) - Add now working CONFIG parameter to sysusers generator ==== kernel-source ==== Version update (5.16.0 -> 5.16.1) - Linux 5.16.1 (bsc#1012628). - workqueue: Fix unbind_workers() VS wq_worker_running() race (bsc#1012628). - workqueue: Fix unbind_workers() VS wq_worker_sleeping() race (bsc#1012628). - staging: r8188eu: switch the led off during deinit (bsc#1012628). - bpf: Fix out of bounds access from invalid *_or_null type verification (bsc#1012628). - Bluetooth: btusb: Add one more Bluetooth part for the Realtek RTL8852AE (bsc#1012628). - Bluetooth: btusb: Fix application of sizeof to pointer (bsc#1012628). - Bluetooth: btusb: fix memory leak in btusb_mtk_submit_wmt_recv_urb() (bsc#1012628). - Bluetooth: btusb: enable Mediatek to support AOSP extension (bsc#1012628). - Bluetooth: btusb: Add the new support IDs for WCN6855 (bsc#1012628). - Bluetooth: btusb: Add one more Bluetooth part for WCN6855 (bsc#1012628). - Bluetooth: btusb: Add two more Bluetooth parts for WCN6855 (bsc#1012628). - Bluetooth: btusb: Add support for Foxconn MT7922A (bsc#1012628). - Bluetooth: btintel: Fix broken LED quirk for legacy ROM devices (bsc#1012628). - Bluetooth: btusb: Add support for Foxconn QCA 0xe0d0 (bsc#1012628). - Bluetooth: bfusb: fix division by zero in send path (bsc#1012628). - ARM: dts: exynos: Fix BCM4330 Bluetooth reset polarity in I9100 (bsc#1012628). - USB: core: Fix bug in resuming hub's handling of wakeup requests (bsc#1012628). - USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status (bsc#1012628). - ath11k: Fix buffer overflow when scanning with extraie (bsc#1012628). - mmc: sdhci-pci: Add PCI ID for Intel ADL (bsc#1012628). - Bluetooth: add quirk disabling LE Read Transmit Power (bsc#1012628). - Bluetooth: btbcm: disable read tx power for some Macs with the T2 Security chip (bsc#1012628). - Bluetooth: btbcm: disable read tx power for MacBook Air 8,1 and 8,2 (bsc#1012628). - veth: Do not record rx queue hint in veth_xmit (bsc#1012628). - mfd: intel-lpss: Fix too early PM enablement in the ACPI - >probe() (bsc#1012628). - mfd: intel-lpss-pci: Fix clock speed for 38a8 UART (bsc#1012628). - can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data (bsc#1012628). - can: isotp: convert struct tpcon::{idx,len} to unsigned int (bsc#1012628). - can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} (bsc#1012628). - random: fix data race on crng_node_pool (bsc#1012628). - random: fix data race on crng init time (bsc#1012628). - platform/x86/intel: hid: add quirk to support Surface Go 3 (bsc#1012628). - drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() (bsc#1012628). - staging: greybus: fix stack size warning with UBSAN (bsc#1012628). - parisc: Fix pdc_toc_pim_11 and pdc_toc_pim_20 definitions (bsc#1012628). Disabled: patches.suse/Bluetooth-Apply-initial-command-workaround-for-more-.patch as it conflicts with 95655456e7ce. Asked in bsc#1193124. - commit 13f032a - Update patches.suse/vfs-add-super_operations-get_inode_dev Copy an updated version from SLE15-SP4 with one minor refresh. - commit c02e2ab - Refresh patches.suse/0001-usb-Add-Xen-pvUSB-protocol-description.patch. - Refresh patches.suse/0002-usb-Introduce-Xen-pvUSB-frontend-xen-hcd.patch. - commit 8950040 - update patches metadata - update upstream references - patches.suse/media-Revert-media-uvcvideo-Set-unique-vdev-name-bas.patch - patches.suse/mwifiex-Fix-skb_over_panic-in-mwifiex_usb_recv.patch - patches.suse/random-fix-crash-on-multiple-early-calls-to-add_bootloader_randomness.patch - commit 949bbaa ==== libfido2 ==== - Use BuildRequires: openssl-devel instead of forcing 1.1 since 3.x is now supported. ==== openSUSE-build-key ==== - refresh the openSUSE Backports key (bsc#1193092) - gpg-pubkey-65176565-59787af5.asc + gpg-pubkey-65176565-61a0ee8f.asc - removed old security key - updated security key to 2020 version ==== sqlite3 ==== Version update (3.37.1 -> 3.37.2) - update to 3.37.2: * Fix a bug introduced in version 3.35.0 (2021-03-12) that can cause database corruption if a SAVEPOINT is rolled back while in PRAGMA temp_store=MEMORY mode, and other changes are made, and then the outer transaction commits * Fix a long-standing problem with ON DELETE CASCADE and ON UPDATE CASCADE in which a cache of the bytecode used to implement the cascading change was not being reset following a local DDL change ==== toolbox ==== Version update (2.2+git20211124.09791b1 -> 2.3+git20220117.bd53c7c) - Update to version 2.3+git20220117.bd53c7c: - Fixes error where if custom image is used toolbox will download the default image before entering an existing container. (#40)