New ARM Kubic snapshot 20210818 released!
Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=3&version=Tumbleweed&build=20210818 https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&component=Kubic&query_format=advanced&resolution=--- Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: apparmor (3.0.1 -> 3.0.3) audit (3.0.2 -> 3.0.3) audit-secondary (3.0.2 -> 3.0.3) avahi busybox-links c-ares (1.17.1 -> 1.17.2) ceph (16.2.5.111+ga5b472dfcf8 -> 16.2.5.113+g8b5bda7684e) cloud-init container-selinux (2.160.1 -> 2.164.2) cri-tools (1.21.0 -> 1.22.0) dhcp diffutils (3.7 -> 3.8) dracut (055+suse.110.gbe35f166 -> 055+suse.115.gf65e559b) e2fsprogs (1.46.2 -> 1.46.3) etcd freetype2 (2.10.4 -> 2.11.0) gdbm (1.19 -> 1.20) glib2 gpgme grep grub2 gtk3 ipset (7.14 -> 7.15) irqbalance (1.8.0.8.gbd5aaf5 -> 1.8.0.14.ga7f8148) kernel-firmware (20210719 -> 20210812) kernel-source (5.13.6 -> 5.13.8) keyutils krb5 (1.19.1 -> 1.19.2) libXft (2.3.3 -> 2.3.4) libapparmor (3.0.1 -> 3.0.3) libesmtp lvm2 lvm2-device-mapper mozjs78 (78.11.0 -> 78.13.0) ncurses (6.2.20210718 -> 6.2.20210724) nfs-utils pam patterns-microos pcre (8.44 -> 8.45) python-distro (1.5.0 -> 1.6.0) python-gobject python-networkx (2.5.1 -> 2.6.1) python-python-gnupg (0.4.6 -> 0.4.7) python-pyzmq (22.1.0 -> 22.2.1) python-tornado6 python38 (3.8.10 -> 3.8.11) python38-core (3.8.10 -> 3.8.11) qemu rpcbind snappy (1.1.8 -> 1.1.9) systemd transactional-update (3.4.0 -> 3.5.1) u-boot-rpiarm64 === Details === ==== apparmor ==== Version update (3.0.1 -> 3.0.3) Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor - add profiles-python-3.10-mr783.diff: update abstractions/python and profiles for python 3.10 - update to AppArmor 3.0.3 - fix a failure in the parser tests - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.3 for the detailed upstream changelog - update to AppArmor 3.0.2 - add missing permissions to several profiles and abstractions (including boo#1188296) - bugfixes in utils and parser (including boo#1180766 and boo#1184779) - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.2 for the detailed upstream changelog - remove upstreamed patches: - apparmor-dovecot-stats-metrics.diff - abstractions-php8.diff - crypto-policies-mr720.diff ==== audit ==== Version update (3.0.2 -> 3.0.3) Subpackages: libaudit1 libauparse0 - Update to version 3.0.3: * Dont interpret audit netlink groups unless AUDIT_NLGRP_MAX is defined * Add support for AUDIT_RESP_ORIGIN_UNBLOCK_TIMED to ids * Change auparse_feed_has_data in auparse to include incomplete events * Auditd, stop linking against -lrt * Add ProtectHome and RestrictRealtime to auditd.service * In auditd, read up to 3 netlink packets in a row * In auditd, do not validate path to plugin unless active * In auparse, only emit config errors when AUPARSE_DEBUG env variable exists - use https source urls ==== audit-secondary ==== Version update (3.0.2 -> 3.0.3) Subpackages: audit python3-audit system-group-audit - Update to version 3.0.3: * Dont interpret audit netlink groups unless AUDIT_NLGRP_MAX is defined * Add support for AUDIT_RESP_ORIGIN_UNBLOCK_TIMED to ids * Change auparse_feed_has_data in auparse to include incomplete events * Auditd, stop linking against -lrt * Add ProtectHome and RestrictRealtime to auditd.service * In auditd, read up to 3 netlink packets in a row * In auditd, do not validate path to plugin unless active * In auparse, only emit config errors when AUPARSE_DEBUG env variable exists - use https source urls ==== avahi ==== Subpackages: libavahi-client3 libavahi-common3 - Obsolete the same version of mDNSResponder-lib and mDNSResponder in baselib.conf and spec. ==== busybox-links ==== Subpackages: busybox-coreutils busybox-gawk busybox-grep busybox-gzip busybox-hostname busybox-sed busybox-xz - Add shadow as BuildRequires ==== c-ares ==== Version update (1.17.1 -> 1.17.2) - update to 1.17.2: Security: * When building c-ares with CMake, the RANDOM_FILE would not be set and therefore downgrade to the less secure random number generator * If ares_getaddrinfo() was terminated by an ares_destroy(), it would cause a crash * Crash in sortaddrinfo() if the list size equals 0 due to an unexpected DNS response * Expand number of escaped characters in DNS replies as per RFC1035 5.1 to prevent spoofing follow-up (bsc#1188881, CVE-2021-3672) * Perform validation on hostnames to prevent possible XSS due to applications not performing valiation themselves Changes: * ares_malloc(0) is now defined behavior (returns NULL) rather than system-specific to catch edge cases Bug fixes: * Building tests should not force building of static libraries except on Windows * Relative headers must use double quotes to prevent pulling in a system library for details see, https://c-ares.haxx.se/changelog.html#1_17_2 ==== ceph ==== Version update (16.2.5.111+ga5b472dfcf8 -> 16.2.5.113+g8b5bda7684e) Subpackages: ceph-common libcephfs2 librados2 librbd1 librgw2 python3-ceph-argparse python3-ceph-common python3-cephfs python3-rados python3-rbd python3-rgw - Update to 16.2.5-113-g8b5bda7684e: + (bsc#1188741) compression/snappy: use uint32_t to be compatible with 1.1.9 improved version of patch that did not work as intended ==== cloud-init ==== - Add cloud-init-update-test-characters-in-substitution-unit-test.patch to fix unit test fail in TestGetPackageMirrorInfo::test_substitution. ==== container-selinux ==== Version update (2.160.1 -> 2.164.2) - Update to version 2.164.2 * Don't setup users for writing to pid_sockets * Allow container engines to be started from the staff user. * Allow spc_t domains to set bpf rules on any domain * Add support for k3s ==== cri-tools ==== Version update (1.21.0 -> 1.22.0) - Update to version 1.22.0: * Bump Kubernetes to v1.22.0 * Bump k8s.io/api from 0.21.3 to 0.22.0 * Bump k8s.io/cri-api from 0.21.3 to 0.22.0 * Bump k8s.io/kubectl from 0.21.3 to 0.22.0 * Bump k8s.io/apimachinery from 0.21.3 to 0.22.0 * Bump github.com/docker/docker * Bump github.com/opencontainers/selinux from 1.8.2 to 1.8.3 - Update to version 1.21.0: * Bump README versions to v1.21.0 * Update dependencies * Add dependabot config file * Simplify test image build process for user images * Move from gcr.io/cri-tools to gcr.io/k8s-staging-cri-tools * Fix UID/GID and username values for test images * Bump gcb-docker-gcloud image to v20210331-c732583 * Fix CRI-O master installation in GitHub actions ==== dhcp ==== Subpackages: dhcp-client - bsc#1186249: Remove remaining references to /etc/init.d from dhclient-script and if-up.d.dhcpd-restart-hook . - Use , instead of - or / as a separator in sed when dealing with path names. ==== diffutils ==== Version update (3.7 -> 3.8) - diffutils 3.8: * diff no longer treats a closed stdin as representing an absent file in usage like 'diff --new-file - foo <&-' * diff and related programs no longer get confused if stdin, stdout, or stderr are closed * cmp, diff and sdiff no longer treat negative command-line option-arguments as if they were large positive numbers - drop gnulib-test-avoid-FP-perror-strerror.patch, upstream - drop gnulib-c-stack.patch, equivalent change in c-stack - remove deprecated texinfo packaging macros ==== dracut ==== Version update (055+suse.110.gbe35f166 -> 055+suse.115.gf65e559b) Subpackages: dracut-ima dracut-mkinitrd-deprecated - Update to version 055+suse.115.gf65e559b: * fix(suse-initrd): find links of usrmerged kernels (boo#1184804) * fix(tpm2-tss): typo in depends() * fix(suse-initrd): inform on usage of obsolete -f parameter (bsc#1187470) - use manual mode in _service file ==== e2fsprogs ==== Version update (1.46.2 -> 1.46.3) Subpackages: libcom_err2 libext2fs2 - Update to 1.46.3: * Add -V and -VV options to filefrag * Fix fs corruption cause by resize2fs on filesystems with MMP blocks * Fast commit portability fixes * Fix direct IO support in Unix IO manager * Avoid calling EXT2_IOC_[GS]ETFLAGS for block devices * Fix mke2fs to not discard blocks beyond end of filesystem * Make e2fsck set filetype of '.' and '..' entries * Fix QCOW image generation in e2image for very large filesystems * Update translations ==== etcd ==== - Don't require systemd (works without, too) - Change to sysuser-tools to create system user ==== freetype2 ==== Version update (2.10.4 -> 2.11.0) - Update to version 2.11.0 * A new rendering module has been added to create 8-bit Signed Distance Field (SDF) bitmaps for both outline and bitmap glyphs. * A new, experimental API is now available for surfacing properties of 'COLR' v1 color fonts. * A new function `FT_Get_Transform` returns the values set by FT_Set_Transform. * The legacy Type 1 and CFF engines are further demoted due to lack of CFF2 charstring support. * The experimental 'warp' mode (AF_CONFIG_OPTION_USE_WARPER) for the auto-hinter has been removed. * The smooth rasterizer performance has been improved by >10%. * PCF bitmap fonts compressed with LZW (these are usually files with the extension .pcf.Z) are now handled correctly. ==== gdbm ==== Version update (1.19 -> 1.20) Subpackages: libgdbm6 libgdbm_compat4 - version update to 1.20 * New bucket cache The bucket cache support has been rewritten from scratch. The new bucket cache code provides for significant speed up of search operations. * Change mmap prereading strategy Pre-reading of the memory mapper regions, introduced in version 1.19 can be advantageous only when doing intensive look-ups on a read-only database. It degrades performance otherwise, especially if doing multiple inserts. Therefore, this version introduces a new flag to gdbm_open: GDBM_PREREAD. When given, it enables pre-reading of memory mapped regions. - modified patches % gdbm-no-build-date.patch (refreshed) ==== glib2 ==== Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 - Add 63e7864.patch: Fix build with glibc 2.34: use 3 parameters for close_range (boo#1189088). - Drop patches fixed upstream on SLE and Leap 15.4: + glib2-add-support-for-slim-timezone-format.patch + glib2-fix-6-days-until-the-end-of-the-month.patch + glib2-CVE-2021-27218.patch + glib2-CVE-2021-27219-add-g_memdup2.patch ==== gpgme ==== - Fix build with glibc 2.34: [bsc#1189089] * Use glibc's closefrom. * Add gpgme-use-glibc-closefrom.patch ==== grep ==== - gnulib-c-stack.patch: Fix AC_SYS_XSI_STACK_OVERFLOW_HEURISTIC configure check ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-snapper-plugin - Replace grub2-use-stat-instead-of-udevadm-for-partition-lookup.patch and fix-grub2-use-stat-instead-of-udevadm-for-partition-lookup-with-new-glibc.patch with upstream backport: 0001-osdep-Introduce-include-grub-osdep-major.h-and-use-i.patch and 0002-osdep-linux-hostdisk-Use-stat-instead-of-udevadm-for.patch. ==== gtk3 ==== Subpackages: gtk3-data gtk3-schema gtk3-tools libgtk-3-0 - Drop patch fixed upstream on SLE and Leap 15.4: gtk3-x11-fix-menu-touch-by-pointer-emulation.patch ==== ipset ==== Version update (7.14 -> 7.15) Subpackages: libipset13 - Update to release 7.15 * netfilter: ipset: Fix maximal range check in hash_ipportnet4_uadt() ==== irqbalance ==== Version update (1.8.0.8.gbd5aaf5 -> 1.8.0.14.ga7f8148) - Update to version 1.8.0.14.ga7f8148: * irqbalance: Check validity of numa_node * configure.ac: use pkg-config to find numa * Disable the communication socket when UI is disabled - Use %{?systemd_ordering} instead of %{?systemd_requires} ==== kernel-firmware ==== Version update (20210719 -> 20210812) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Update to version 20210812 (git commit 24c4a85d8514): * amdgpu: revert back to older raven2 sdma firmware * amdgpu: revert back to older raven sdma firmware * amdgpu: revert back to older picasso sdma firmware * amdgpu: add initial vangogh support * amdgpu: update vega20 firmware from 21.30 * amdgpu: update vega12 firmware from 21.30 * amdgpu: update vega10 firmware from 21.30 * amdgpu: update renoir firmware from 21.30 * amdgpu: update raven2 firmware from 21.30 * amdgpu: update raven firmware from 21.30 * amdgpu: update polaris12 firmware from 21.30 * amdgpu: update picasso firmware from 21.30 * amdgpu: update dimgrey cavefish firmware from 21.30 * amdgpu: update navy flounder firmware from 21.30 * amdgpu: update sienna cichlid firmware from 21.30 * amdgpu: update navi14 firmware from 21.30 * amdgpu: update navi12 firmware from 21.30 * amdgpu: update navi10 firmware from 21.30 * amdgpu: update green sardine firmware from 21.30 * amdgpu: update arcturus firmware from 21.30 * linux-firmware: Update firmware file for Intel Bluetooth AX210 * linux-firmware: update frimware for mediatek bluetooth chip (MT7921) * linux-firmware: add firmware for MT7922 * QCA : Updated firmware files for WCN3991 * i915: Add v2.03 DMC for RKL * i915: Add v2.12 DMC for TGL * qca: Add firmware files for BT chip WCN6750. ==== kernel-source ==== Version update (5.13.6 -> 5.13.8) - rpm/kernel-binary.spec.in: avoid high suse-release requirements Not provided in stagings. - commit 967c6a8 - net: usb: lan78xx: don't modify phy_device state concurrently (bsc#1188270). - commit 79524ad - Linux 5.13.8 (bsc#1012628). - octeontx2-af: Remove unnecessary devm_kfree (bsc#1012628). - perf pmu: Fix alias matching (bsc#1012628). - can: j1939: j1939_session_deactivate(): clarify lifetime of session object (bsc#1012628). - i40e: Add additional info to PHY type error (bsc#1012628). - io_uring: fix race in unified task_work running (bsc#1012628). - Revert "perf map: Fix dso->nsinfo refcounting" (bsc#1012628). - powerpc/pseries: Fix regression while building external modules (bsc#1012628). - powerpc/vdso: Don't use r30 to avoid breaking Go lang (bsc#1012628). - SMB3: fix readpage for large swap cache (bsc#1012628). - bpf: Fix pointer arithmetic mask tightening under state pruning (bsc#1012628). - bpf: verifier: Allocate idmap scratch in verifier env (bsc#1012628). - bpf: Remove superfluous aux sanitation on subprog rejection (bsc#1012628). - bpf: Fix leakage due to insufficient speculative store bypass mitigation (bsc#1012628). - bpf: Introduce BPF nospec instruction for mitigating Spectre v4 (bsc#1012628). - can: hi311x: fix a signedness bug in hi3110_cmd() (bsc#1012628). - sis900: Fix missing pci_disable_device() in probe and remove (bsc#1012628). - tulip: windbond-840: Fix missing pci_disable_device() in probe and remove (bsc#1012628). - sctp: fix return value check in __sctp_rcv_asconf_lookup (bsc#1012628). - block: delay freeing the gendisk (bsc#1012628). - net/mlx5: Fix mlx5_vport_tbl_attr chain from u16 to u32 (bsc#1012628). - net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (bsc#1012628). - net/mlx5: Unload device upon firmware fatal error (bsc#1012628). - net/mlx5e: Fix page allocation failure for ptp-RQ over SF (bsc#1012628). - net/mlx5e: Fix page allocation failure for trap-RQ over SF (bsc#1012628). - net/mlx5e: Add NETIF_F_HW_TC to hw_features when HTB offload is available (bsc#1012628). - net/mlx5e: RX, Avoid possible data corruption when relaxed ordering and LRO combined (bsc#1012628). - net/mlx5: E-Switch, handle devcom events only for ports on the same device (bsc#1012628). - net/mlx5: E-Switch, Set destination vport vhca id only when merged eswitch is supported (bsc#1012628). - net/mlx5e: Disable Rx ntuple offload for uplink representor (bsc#1012628). - net/mlx5: Fix flow table chaining (bsc#1012628). - bpf, sockmap: Zap ingress queues after stopping strparser (bsc#1012628). - KVM: selftests: Fix missing break in dirty_log_perf_test arg parsing (bsc#1012628). - drm/msm/dp: Initialize the INTF_CONFIG register (bsc#1012628). - drm/msm/dp: use dp_ctrl_off_link_stream during PHY compliance test run (bsc#1012628). - drm/msm/dpu: Fix sm8250_mdp register length (bsc#1012628). - net: llc: fix skb_over_panic (bsc#1012628). - KVM: x86: Check the right feature bit for MSR_KVM_ASYNC_PF_ACK access (bsc#1012628). - drm/i915/bios: Fix ports mask (bsc#1012628). - drm/panel: panel-simple: Fix proper bpc for ytc700tlag_05_201c (bsc#1012628). - mlx4: Fix missing error code in mlx4_load_one() (bsc#1012628). - net: phy: broadcom: re-add check for PHY_BRCM_DIS_TXCRXC_NOENRGY on the BCM54811 PHY (bsc#1012628). - octeontx2-pf: Dont enable backpressure on LBK links (bsc#1012628). - octeontx2-pf: Fix interface down flag on error (bsc#1012628). - tipc: do not write skb_shinfo frags when doing decrytion (bsc#1012628). - can: mcp251xfd: mcp251xfd_irq(): stop timestamping worker in case error in IRQ (bsc#1012628). - ionic: count csum_none when offload enabled (bsc#1012628). - ionic: fix up dim accounting for tx and rx (bsc#1012628). - ionic: remove intr coalesce update from napi (bsc#1012628). - ionic: catch no ptp support earlier (bsc#1012628). - ionic: make all rx_mode work threadsafe (bsc#1012628). - net: qrtr: fix memory leaks (bsc#1012628). - loop: reintroduce global lock for safe loop_validate_file() traversal (bsc#1012628). - net: dsa: mv88e6xxx: silently accept the deletion of VID 0 too (bsc#1012628). - net: Set true network header for ECN decapsulation (bsc#1012628). - tipc: fix sleeping in tipc accept routine (bsc#1012628). - tipc: fix implicit-connect for SYN+ (bsc#1012628). - i40e: Fix log TC creation failure when max num of queues is exceeded (bsc#1012628). - i40e: Fix queue-to-TC mapping on Tx (bsc#1012628). - i40e: Fix firmware LLDP agent related warning (bsc#1012628). - i40e: Fix logic of disabling queues (bsc#1012628). - netfilter: nft_nat: allow to specify layer 4 protocol NAT only (bsc#1012628). - netfilter: conntrack: adjust stop timestamp to real expiry value (bsc#1012628). - mac80211: fix enabling 4-address mode on a sta vif after assoc (bsc#1012628). - bpf: Fix OOB read when printing XDP link fdinfo (bsc#1012628). - netfilter: nf_tables: fix audit memory leak in nf_tables_commit (bsc#1012628). - RDMA/rxe: Fix memory leak in error path code (bsc#1012628). - platform/x86: amd-pmc: Fix missing unlock on error in amd_pmc_send_cmd() (bsc#1012628). - platform/x86: amd-pmc: Fix SMU firmware reporting mechanism (bsc#1012628). - platform/x86: amd-pmc: Fix command completion code (bsc#1012628). - RDMA/bnxt_re: Fix stats counters (bsc#1012628). - cfg80211: Fix possible memory leak in function cfg80211_bss_update (bsc#1012628). - io_uring: fix poll requests leaking second poll entries (bsc#1012628). - io_uring: don't block level reissue off completion path (bsc#1012628). - io_uring: fix io_prep_async_link locking (bsc#1012628). - nfc: nfcsim: fix use after free during module unload (bsc#1012628). - blk-iocost: fix operation ordering in iocg_wake_fn() (bsc#1012628). - drm/amdgpu: Fix resource leak on probe error path (bsc#1012628). - drm/amdgpu: Avoid printing of stack contents on firmware load error (bsc#1012628). - drm/amdgpu: Check pmops for desired suspend state (bsc#1012628). - drm/amd/display: ensure dentist display clock update finished in DCN20 (bsc#1012628). - NIU: fix incorrect error return, missed in previous revert (bsc#1012628). - net: stmmac: add est_irq_status callback function for GMAC 4.10 and 5.10 (bsc#1012628). - HID: wacom: Re-enable touch by default for Cintiq 24HDT / 27QHDT (bsc#1012628). - alpha: register early reserved memory in memblock (bsc#1012628). - can: esd_usb2: fix memory leak (bsc#1012628). - can: ems_usb: fix memory leak (bsc#1012628). - can: usb_8dev: fix memory leak (bsc#1012628). - can: mcba_usb_start(): add missing urb->transfer_dma initialization (bsc#1012628). - can: peak_usb: pcan_usb_handle_bus_evt(): fix reading rxerr/txerr values (bsc#1012628). - can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF (bsc#1012628). - can: j1939: j1939_xtp_rx_dat_one(): fix rxtimer value between consecutive TP.DT to 750ms (bsc#1012628). - mm/memcg: fix NULL pointer dereference in memcg_slab_free_hook() (bsc#1012628). - mm: memcontrol: fix blocking rstat function called from atomic cgroup1 thresholding code (bsc#1012628). - ocfs2: issue zeroout to EOF blocks (bsc#1012628). - ocfs2: fix zero out valid data (bsc#1012628). - KVM: add missing compat KVM_CLEAR_DIRTY_LOG (bsc#1012628). - x86/kvm: fix vcpu-id indexed array sizes (bsc#1012628). - ACPI: DPTF: Fix reading of attributes (bsc#1012628). - Revert "ACPI: resources: Add checks for ACPI IRQ override" (bsc#1012628). - btrfs: mark compressed range uptodate only if all bio succeed (bsc#1012628). - btrfs: fix rw device counting in __btrfs_free_extra_devids (bsc#1012628). - btrfs: fix lost inode on log replay after mix of fsync, rename and inode eviction (bsc#1012628). - fs/ext2: Avoid page_address on pages returned by ext2_get_page (bsc#1012628). - pipe: make pipe writes always wake up readers (bsc#1012628). - selftest: fix build error in tools/testing/selftests/vm/userfaultfd.c (bsc#1012628). - commit 14162fe - arm63: Update config files. (bsc#1188702) - commit c97411a - scsi: sr: Return correct event when media event code is 3 (bsc#1188767 bsc#1188728). - commit 5794a07 - Linux 5.13.7 (bsc#1012628). - ipv6: ip6_finish_output2: set sk into newly allocated nskb (bsc#1012628). - ARM: dts: versatile: Fix up interrupt controller node names (bsc#1012628). - iomap: remove the length variable in iomap_seek_hole (bsc#1012628). - iomap: remove the length variable in iomap_seek_data (bsc#1012628). - cifs: fix the out of range assignment to bit fields in parse_server_interfaces (bsc#1012628). - firmware: arm_scmi: Fix range check for the maximum number of pending messages (bsc#1012628). - firmware: arm_scmi: Fix possible scmi_linux_errmap buffer overflow (bsc#1012628). - hfs: add lock nesting notation to hfs_find_init (bsc#1012628). - hfs: fix high memory mapping in hfs_bnode_read (bsc#1012628). - hfs: add missing clean-up in hfs_fill_super (bsc#1012628). - drm/ttm: add a check against null pointer dereference (bsc#1012628). - nvme-pci: fix multiple races in nvme_setup_io_queues (bsc#1012628). - ipv6: allocate enough headroom in ip6_finish_output2() (bsc#1012628). - rcu-tasks: Don't delete holdouts within trc_wait_for_one_reader() (bsc#1012628). - rcu-tasks: Don't delete holdouts within trc_inspect_reader() (bsc#1012628). - sctp: move 198 addresses from unusable to private scope (bsc#1012628). - net: annotate data race around sk_ll_usec (bsc#1012628). - net/802/garp: fix memleak in garp_request_join() (bsc#1012628). - net/802/mrp: fix memleak in mrp_request_join() (bsc#1012628). - cgroup1: fix leaked context root causing sporadic NULL deref in LTP (bsc#1012628). - workqueue: fix UAF in pwq_unbound_release_workfn() (bsc#1012628). - af_unix: fix garbage collect vs MSG_PEEK (bsc#1012628). - commit b1bb2c4 ==== keyutils ==== Subpackages: libkeyutils1 - Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654) ==== krb5 ==== Version update (1.19.1 -> 1.19.2) - Update to 1.19.2 * Fix a denial of service attack against the KDC encrypted challenge code; (CVE-2021-36222); * Fix a memory leak when gss_inquire_cred() is called without a credential handle. ==== libXft ==== Version update (2.3.3 -> 2.3.4) - Update to version 2.3.4 * This release handles the deprecation of the FcNameRegisterObjectTypes API by fontconfig, and provides minor cleanups for compiler warnings and man pages. ==== libapparmor ==== Version update (3.0.1 -> 3.0.3) - add profiles-python-3.10-mr783.diff: update abstractions/python and profiles for python 3.10 - update to AppArmor 3.0.3 - fix a failure in the parser tests - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.3 for the detailed upstream changelog - update to AppArmor 3.0.2 - add missing permissions to several profiles and abstractions (including boo#1188296) - bugfixes in utils and parser (including boo#1180766 and boo#1184779) - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.2 for the detailed upstream changelog - remove upstreamed patches: - apparmor-dovecot-stats-metrics.diff - abstractions-php8.diff - crypto-policies-mr720.diff ==== libesmtp ==== - Add libesmtp-fix-cve-2019-19977.patch: Fix stack-based buffer over-read in ntlm/ntlmstruct.c (bsc#1160462 bsc#1189097). ==== lvm2 ==== Subpackages: liblvm2cmd2_03 - Add lvm2-rpmlintrc where we skip all rpmlint issue for lvm2-testsuite package (bsc#1179047). ==== lvm2-device-mapper ==== Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03 - Add lvm2-rpmlintrc where we skip all rpmlint issue for lvm2-testsuite package (bsc#1179047). ==== mozjs78 ==== Version update (78.11.0 -> 78.13.0) - Update to version 78.13.0esr. MFSA 2021-34 (bsc#1188891) * CVE-2021-29984 (bmo#1720031) Incorrect instruction reordering during JIT optimization ==== ncurses ==== Version update (6.2.20210718 -> 6.2.20210724) Subpackages: libncurses6 ncurses-utils terminfo-base - Add ncurses patch 20210724 + add workaround for Windows Terminal's problems with CR/LF mapping to ms-terminal (patch by Juergen Pfeifer). + review/update current Windows Terminal vs ms-terminal -TD - Correct offsets of patch ncurses-6.2.dif ==== nfs-utils ==== Subpackages: libnfsidmap1 nfs-client - Remove dependency on fedfs-utils-devel. fedfs-utils was only ever a "technology preview" and is now considered "end of life". nfs-utils is not even built to use it as --enable-junction isn't being passed to confgure and fedfs-utils doesn't build wth glibc 2.34. So remove the unnecessary dependency on fedfs-utils. (bsc#1189085) - Update to version 2.5.4 https://mirrors.edge.kernel.org/pub/linux/utils/nfs-utils/2.5.4/2.5.4-Change... Notable changes: * Handle failures in gssd better * handle 'sloppy' option to mount better * minor documentation improvements - Drop 2.5.4-rc4 patches: nfs-utils-2-5-4-rc1.patch, nfs-utils-2-5-4-rc2.patch, nfs-utils-2-5-4-rc3.patch, nfs-utils-2-5-4-rc4.patch. ==== pam ==== Subpackages: pam_unix - pam_umask-usergroups-login_defs.patch: Deprecate pam_umask explicit "usergroups" option and instead read it from login.def's "USERGROUP_ENAB" option if umask is only defined there. [bsc#1189139] - package man5/motd.5 as a man-pages link to man8/pam_motd.8 [bsc#1188724] ==== patterns-microos ==== Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-base-microdnf patterns-microos-base-packagekit patterns-microos-base-zypper patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-ra_agent patterns-microos-ra_verifier patterns-microos-selinux patterns-microos-sssd_ldap - Switch from PulseAudio to PipeWire ==== pcre ==== Version update (8.44 -> 8.45) - update to 8.45: * This is the final PCRE1 release. A very few small issues have been fixed. ==== python-distro ==== Version update (1.5.0 -> 1.6.0) - Update to version 1.6.0 * Deprecated the distro.linux_distribution() function. Use distro.id(), distro.version() and distro.name() instead [#296] * Deprecated Python 2.7, 3.4 and 3.5 support. Further releases will only support Python 3.6+ * Added type hints to distro module [#269] * Added __version__ for checking distro version [#292] * Added support for arbitrary rootfs via the root_dir parameter [#247] * Added the --root-dir option to CLI [#161] * Added fallback to /usr/lib/os-release when /etc/os-release isn't available [#262] * Fixed subprocess.CalledProcessError when running lsb_release [#261] * Ignore /etc/iredmail-release file while parsing distribution [#268] * Use a binary file for /dev/null to avoid TextIOWrapper overhead [#271] ==== python-gobject ==== - Adjust BuildRequires for python_module cairo to python-module pycairo: the module was renamed 2 years ago. - Skip build for python2: not supported anymore since 3.38.0. ==== python-networkx ==== Version update (2.5.1 -> 2.6.1) - require pandas - update to 2.6.2: * This release is the result of 11 months of work with over 363 pull requests by 91 contributors. Highlights include: * Dropped support for Python 3.6. * NumPy, SciPy, Matplotlib, and pandas are now default requirements. * NetworkX no longer depends on the library "decorator". * Improved example gallery * Removed code for supporting Jython/IronPython * The __str__ method for graph objects is more informative and concise. * Improved import time * Improved test coverage * New documentation theme * Add functionality for drawing self-loop edges * Add approximation algorithms for Traveling Salesman Problem - drop 0001-Replace-hash-function-for-test-of-weighted-astar.patch, yaml-loader.patch (merged upstream) ==== python-python-gnupg ==== Version update (0.4.6 -> 0.4.7) - update to 0.4.7: * Added support for no passphrase during key generation. * Improved permission-denied test. * Updated logging to only show partial results. * Allowed a passphrase to be passed to import_keys(). ==== python-pyzmq ==== Version update (22.1.0 -> 22.2.1) - Update to 22.2.1 * Nicer reprs of contexts and sockets * Memory allocated by recv(copy=False) is no longer read-only * asyncio: Always reference current loop instead of attaching to the current loop at instantiation time. This fixes e.g. contexts and/or sockets instantiated prior to a call to asyncio.run. ==== python-tornado6 ==== - Remove exec bits from demos: fix boo#1189066 - Add python-tornado6-rpmlintrc for empty JS resource in demo ==== python38 ==== Version update (3.8.10 -> 3.8.11) - Update to 3.8.11 * Security - bpo-44022 (boo#1189241): mod:http.client now avoids infinitely reading potential HTTP headers after a 100 Continue status response from the server. - bpo-43882: The presence of newline or tab characters in parts of a URL could allow some forms of attacks. Following the controlling specification for URLs defined by WHATWG urllib.parse() now removes ASCII newlines and tabs from URLs, preventing such attacks. - bpo-42800: Audit hooks are now fired for frame.f_code, traceback.tb_frame, and generator code/frame attribute access. * Core and Builtins - bpo-44070: No longer eagerly makes import filenames absolute, except for extension modules, which was introduced in 3.8.10. * Library - bpo-44061: Fix regression in previous release when calling pkgutil.iter_modules() with a list of pathlib.Path objects - Use versioned python-Sphinx to avoid dependency on other version of Python (bsc#1183858). ==== python38-core ==== Version update (3.8.10 -> 3.8.11) Subpackages: libpython3_8-1_0 python38-base - Update to 3.8.11 * Security - bpo-44022 (boo#1189241): mod:http.client now avoids infinitely reading potential HTTP headers after a 100 Continue status response from the server. - bpo-43882: The presence of newline or tab characters in parts of a URL could allow some forms of attacks. Following the controlling specification for URLs defined by WHATWG urllib.parse() now removes ASCII newlines and tabs from URLs, preventing such attacks. - bpo-42800: Audit hooks are now fired for frame.f_code, traceback.tb_frame, and generator code/frame attribute access. * Core and Builtins - bpo-44070: No longer eagerly makes import filenames absolute, except for extension modules, which was introduced in 3.8.10. * Library - bpo-44061: Fix regression in previous release when calling pkgutil.iter_modules() with a list of pathlib.Path objects - Use versioned python-Sphinx to avoid dependency on other version of Python (bsc#1183858). ==== qemu ==== - usb: unbounded stack allocation in usbredir (bsc#1186012, CVE-2021-3527) hw-usb-Do-not-build-USB-subsystem-if-not.patch hw-usb-host-stub-Remove-unused-header.patch usb-hid-avoid-dynamic-stack-allocation.patch usb-limit-combined-packets-to-1-MiB-CVE-.patch usb-mtp-avoid-dynamic-stack-allocation.patch - usbredir: free call on invalid pointer in bufp_alloc (bsc#1189145, CVE-2021-3682) usbredir-fix-free-call.patch - Add stable patches from upstream: block-nvme-Fix-VFIO_MAP_DMA-failed-No-sp.patch hw-net-can-sja1000-fix-buff2frame_bas-an.patch hw-pci-host-q35-Ignore-write-of-reserved.patch ==== rpcbind ==== - Add now working CONFIG parameter to sysusers generator - UsrMerge changes ==== snappy ==== Version update (1.1.8 -> 1.1.9) - Update to 1.1.9: * Performance improvements - Add fix-always-inline.patch - Add use-system-test-libs.patch - Add a hardcoded snappy.pc file ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-logger systemd-sysvinit udev - Avoid the error message when udev is updated due to udev being already active when the sockets are started again (bsc#1188291) ==== transactional-update ==== Version update (3.4.0 -> 3.5.1) Subpackages: dracut-transactional-update libtukit0 transactional-update-zypp-config tukit - Version 3.5.1 - t-u: Disable status file generation by default The new experimental `status` command requires the availability of /etc/YaST2/control.xml, which is not present on all systems. Hide the creation of the corresponding status file behind a new EXPERIMENTAL_STATUS option to try out this functionality. - Increase library version - Add tukit.conf to spec file - Version 3.5.0 - Add alias setDiscardIfUnchanged for setDiscard. The old method name wasn't really clear and will be removed if we should have an API break in the future - Replace mkinitrd with direct dracut call [boo#1186213] - tukit: Add configuration file support (/etc/tukit.conf) - Allow users to configure additional bind mounts (see /usr/etc/tukit.conf for an example and limitations) [bsc#1188322] - Add 'transactional-update status' call. This is a POC for obtaining a hash of a system to verify its integrity. The functionality is still experimental! - Internal bugfixes / optimizations ==== u-boot-rpiarm64 ==== Subpackages: u-boot-rpiarm64-doc - u-boot-bin.spl is used for UART or USB boot. Lets package it for convinience. Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.07 * Patches added: 0014-btrfs-Use-default-subvolume-as-file.patch - boo#1185656
participants (1)
-
Guillaume Gardet