Mailinglist Archive: opensuse-kubic (68 mails)

< Previous Next >
[opensuse-kubic] New MicroOS snapshot 20200318 released!
  • From: Richard Brown <rbrown@xxxxxxx>
  • Date: Sat, 21 Mar 2020 01:05:18 +0000
  • Message-id: <158475271818.29434.7617572652743264161@go-agent-stagingbot-3>

Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.

Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version=Tumbleweed&build=20200318
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&component=MicroOS&query_format=advanced&resolution=---

Please do not reply to this email to report issues, rather file a bug on
bugzilla.opensuse.org.
For more information on filing bugs please see
https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
MozillaFirefox (73.0.1 -> 74.0)
PackageKit
alsa (1.2.1.2 -> 1.2.2)
alsa-plugins (1.2.1 -> 1.2.2)
apparmor (2.13.3 -> 2.13.4)
boost-base
curl (7.69.0 -> 7.69.1)
dracut (049.1+git125.e2b2c9ef -> 049.1+git135.46dceb02)
gcc10 (10.0.1+git174776 -> 10.0.1+git175037)
gcc9 (9.2.1+git1022 -> 9.2.1+git1192)
glibc
gpg2
installation-images-MicroOS (14.461 -> 14.462)
kernel-source (5.5.7 -> 5.5.9)
kexec-tools
kwin5
libapparmor (2.13.3 -> 2.13.4)
libidn2
libva
lvm2-device-mapper
pam
patterns-microos
podman (1.8.0 -> 1.8.1)
supportutils (3.1.8 -> 3.1.9)
transactional-update
webkit2gtk3 (2.26.4 -> 2.28.0)
wpebackend-fdo (1.4.1 -> 1.4.2)
xfsprogs (5.4.0 -> 5.5.0)

=== Details ===

==== MozillaFirefox ====
Version update (73.0.1 -> 74.0)

- Mozilla Firefox 74.0
* https://www.mozilla.org/en-US/firefox/74.0/releasenotes/
MFSA 2020-08 (bsc#1166238)
* CVE-2020-6805 (bmo#1610880)
Use-after-free when removing data about origins
* CVE-2020-6806 (bmo#1612308)
BodyStream::OnInputStreamReady was missing protections against
state confusion
* CVE-2020-6807 (bmo#1614971)
Use-after-free in cubeb during stream destruction
* CVE-2020-6808 (bmo#1247968)
URL Spoofing via javascript: URL
* CVE-2020-6809 (bmo#1420296)
Web Extensions with the all-urls permission could access local
files
* CVE-2020-6810 (bmo#1432856)
Focusing a popup while in fullscreen could have obscured the
fullscreen notification
* CVE-2020-6811 (bmo#1607742)
Devtools' 'Copy as cURL' feature did not fully escape
website-controlled data, potentially leading to command injection
* CVE-2019-20503 (bmo#1613765)
Out of bounds reads in sctp_load_addresses_from_init
* CVE-2020-6812 (bmo#1616661)
The names of AirPods with personally identifiable information
were exposed to websites with camera or microphone permission
* CVE-2020-6813 (bmo#1605814)
@import statements in CSS could bypass the Content Security
Policy nonce feature
* CVE-2020-6814 (bmo#1592078,bmo#1604847,bmo#1608256,bmo#1612636,
bmo#1614339)
Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6
* CVE-2020-6815 (bmo#1181957,bmo#1557732,bmo#1557739,bmo#1611457,
bmo#1612431)
Memory and script safety bugs fixed in Firefox 74
- requires
* NSPR 4.25
* NSS 3.50
* rust-cbindgen 0.13.0
- removed obsolete patches
mozilla-bmo1610814.patch
mozilla-cubeb-noreturn.patch
- add mozilla-bmo1609538.patch to fix wayland issues with mutter 3.36
(bmo#1609538, boo#1166471)

==== PackageKit ====
Subpackages: PackageKit-backend-zypp libpackagekit-glib2-18

- Add PackageKit-zypp-ignore-already-installed-packages.patch,
remove PackageKit-zypp-revert-fail-on-already-installed.patch:
zypp: Ignore already installed package when installing
(bsc#1155624, gh#/hughsie/PackageKit/commit/d9233011).
- Fix source URL in the spec file.

==== alsa ====
Version update (1.2.1.2 -> 1.2.2)

- Update to alsa-lib 1.2.2:
including previous fixes
- Backport recent upstream fixes:
conf updates, PCM ordering fix, configure fix;
0001-conf-change-the-order-of-PCM-devices-in-alsa.conf.patch
0002-conf-namehint-add-omit_noargs-to-the-hint-section.patch
0003-Change-PCM-device-number-of-Asus-Xonar-U5.patch
0004-configure-add-embed-for-python3-config-python-3.8.patch
0005-conf-USB-Audio-Add-C-Media-USB-Headphone-Set-to-the-.patch
- Drop obsoleted patches:
0001-ucm-Use-strncmp-to-avoid-access-out-of-boundary.patch
0002-ucm-return-always-at-least-NULL-if-no-list-is-availa.patch
0003-ucm-add-_identifiers-list.patch
0004-namehint-correct-the-args-check.patch
0005-namehint-improve-the-previous-patch-check-the-return.patch
0006-ucm-docs-allow-spaces-in-device-names-for-JackHWMute.patch
0007-use-case-docs-add-PlaybackMixerCopy-and-CaptureMixer.patch
0008-ucm-docs-add-JackCTL-rearrange-JackControl-and-JackD.patch
0009-ucm-Do-not-fail-to-parse-configs-on-cards-with-an-em.patch
0010-src-ucm-main.c-fix-build-without-mixer.patch
0011-alsa.m4-another-try-to-fix-the-libatopology-detectio.patch
0012-ucm-docs-add-Mic-DigitalMic-and-multiple-devices-com.patch
0013-ucm-docs-remove-DigitalMic-it-does-not-have-sense.patch
0014-ucm-docs-change-the-Mic-description-to-simple-Microp.patch
0015-ucm-docs-add-note-about-the-sequences-and-device-spl.patch
0016-ucm-docs-remove-MixerCopy-values-add-Priority-for-ve.patch
0017-ucm-setup-conf_format-after-getting-ALSA_CONFIG_UCM_.patch
0018-alsa-lib-fix-the-array-parser-unique-compound-keys.patch
0019-topology-remove-vendor_fd-name-from-snd_tplg-structu.patch
0020-topology-file-position-and-size-cleanups.patch
0021-topology-use-an-array-describing-blocks-for-the-main.patch
0022-topology-use-size_t-for-calc_block_size.patch
0023-topology-merge-write_block-to-tplg_write_data.patch
0024-topology-make-vebose-output-more-nice.patch
0025-topology-use-list_insert-macro-in-tplg_elem_insert.patch
0026-topology-dapm-coding-fixes.patch
0027-topology-dapm-merge-identical-index-blocks-like-for-.patch
0028-topology-more-coding-fixes.patch
0029-Fix-alsa-sound-.h-for-external-programs.patch
0030-type_compat-Add-missing-__s64-and-__u64-definitions-.patch
0031-uapi-Move-typedefs-from-uapi-to-sound.patch
0032-Update-the-attributes.m4-macro-file-from-xine.patch
0033-topology-avoid-to-use-the-atoi-directly-when-expecte.patch
0034-topology-use-snd_config_get_bool-instead-own-impleme.patch
0035-topology-fix-tplg_get_integer-handle-errno-ERANGE.patch
0036-topology-add-tplg_get_unsigned-function.patch
0037-topology-convert-builder-to-use-the-mallocated-memor.patch
0038-topology-add-binary-output-from-the-builder.patch
0039-topology-parser-recode-tplg_parse_config.patch
0040-topology-add-snd_tplg_load-remove-snd_tplg_build_bin.patch
0041-topology-move-the-topology-element-table-from-builde.patch
0042-topology-add-parser-to-the-tplg_table.patch
0043-topology-add-snd_tplg_save.patch
0044-topology-add-snd_tplg_create-with-flags.patch
0045-topology-add-snd_tplg_version-function.patch
0046-topology-cleanup-the-SNDERR-calls.patch
0047-topology-dapm-fix-the-SNDERR-Undefined.patch
0048-topology-fix-the-unitialized-tuples.patch
0049-topology-implement-shorter-hexa-uuid-00-00-parser.patch
0050-topology-fix-the-TPLG_DEBUG-compilation.patch
0051-topology-fix-the-ops-parser-accept-integer-hexa-valu.patch
0052-topology-fix-the-wrong-memory-access-object-realloc.patch
0053-topology-implement-snd_tplg_decode.patch
0054-topology-move-the-elem-list-delete-to-tplg_elem_free.patch
0055-topology-unify-the-log-mechanism.patch
0056-topology-tplg_dbg-cleanups.patch
0057-topology-cosmetic-changes-functions.patch
0058-mixer-Fix-memory-leak-for-more-than-16-file-descript.patch
0059-Quote-strings-containing-or-when-saving-an-alsa-conf.patch
0060-ucm-fix-the-configuration-directory-longname-for-ucm.patch
0061-ucm-split-conf_file_name-and-conf_dir_name.patch
0062-ucm-remove-MAX_FILE-definition-and-use-correct-PATH_.patch
0063-topology-remove-MAX_FILE-definition-and-use-correct-.patch
0064-ucm-parser-cosmetic-fixes-in-the-comments.patch
0065-configure.ac-remove-an-unnecessary-libtool-fix.patch
0066-ucm-parser-use-correct-filename-in-parser_master_fil.patch
0067-ucm-the-ucm2-subdirectory-is-driver-name-based.patch
0068-ucm-implement-RenameDevice-and-RemoveDevice-verb-man.patch
0069-ucm-fill-missing-device-entries-conflicting-supporte.patch
0070-control-Remove-access-to-the-deprecated-dimen-fields.patch
0071-topology-Drop-SNDRV_CTL_ELEM_ACCESS_TIMESTAMP-access.patch
0072-uapi-Sync-with-5.6-kernel-ABI.patch
0073-ucm-parser-add-error-message-to-verb_dev_list_add.patch
0074-do-not-set-close-on-exec-flag-on-descriptor-if-it-wa.patch

==== alsa-plugins ====
Version update (1.2.1 -> 1.2.2)

- Update to alsa-plugins 1.2.2:
* upmix plugin code refactoring, m4 file update

==== apparmor ====
Version update (2.13.3 -> 2.13.4)
Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles
apparmor-utils perl-apparmor python3-apparmor

- update to AppArmor 2.13.4
- several abstraction updates (including boo#1153162)
- disallow writing to fontconfig cache in abstractions/fonts
- some bugfixes in the aa-* tools
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_2.13.4
for the detailed upstream changelog
- drop upstreamed patches:
- abstractions-ssl-certbot-paths.diff
- apparmor-krb5-conf-d.diff
- libapparmor-python3.8.diff
- usr-etc-abstractions-authentification.diff
- refresh usr-etc-abstractions-authentification.diff

==== boost-base ====
Subpackages: boost-license1_71_0 libboost_thread1_71_0

- Fix packaging errors in cases where python2 is disabled and
unavailable.

==== curl ====
Version update (7.69.0 -> 7.69.1)
Subpackages: libcurl4

- Update to 7.69.1
* Bugfixes:
- ares: store dns parameters for duphandle
- cirrus-ci: disable the FreeBSD 13 builds
- curl_share_setopt.3: Note sharing cookies doesn't enable the engine
- lib1564: reduce number of mid-wait wakeup calls
- libssh: Fix matching user-specified MD5 hex key
- MANUAL: update a dict-using command line
- mime: do not perform more than one read in a row
- mime: fix the binary encoder to handle large data properly
- mime: latch last read callback status
- multi: skip EINTR check on wakeup socket if it was closed
- pause: bail out on bad input
- pause: force a connection recheck after unpausing (take 2)
- pause: return early for calls that don't change pause state
- runtests.1: rephrase how to specify what tests to run
- runtests: fix missing use of exe_ext helper function
- seek: fix fall back for missing ftruncate on Windows
- sftp: fix segfault regression introduced by #4747 in 7.69.0
- sha256: Added SecureTransport implementation
- sha256: Added WinCrypt implementation
- socks4: fix host resolve regression
- socks5: host name resolv regression fix
- tests/server: fix missing use of exe_ext helper function
- tests: fix static ip:port instead of dynamic values being used
- tests: make sleeping portable by avoiding select
- unit1612: fix the inclusion and compilation of the HMAC unit test
- urldata: remove the 'stream_was_rewound' connectdata struct member
- version: make curl_version* thread-safe without using global context

==== dracut ====
Version update (049.1+git125.e2b2c9ef -> 049.1+git135.46dceb02)
Subpackages: dracut-ima

- Update to version 049.1+git135.46dceb02:
* 40network: Do not require hostname binary
* suse.spec: add new modules 90nvdimm and 99suse-initrd
* 95fcoe: default rd.nofcoe to false (bsc#1163343)
* Add module "99suse-initrd" for parsing "SUSE INITRD" lines (bsc#1161343)
Dependent commits:
* Add module "90nvdimm" for NVDIMM support
* 90kernel-modules: remove nfit from static module list
- Update to version 049.1+git129.0f19bbfd:
* 35network-legacy: dhclient is optional (bsc#1166188)
* suse.spec: Create -extra package (bsc#1166188)
* suse.spec: Remove obsolete permission fixups
* 00warpclock: Fix permissions in warpclock.sh

==== gcc10 ====
Version update (10.0.1+git174776 -> 10.0.1+git175037)
Subpackages: libgcc_s1 libgomp1 libstdc++6

- Update to master head (778a77357cad11e8dd4c810544330af0fbe843b1).
* Includes fix for binutils version parsing [gcc#93965]

==== gcc9 ====
Version update (9.2.1+git1022 -> 9.2.1+git1192)

- Update to releases/gcc-9 head (c5edde44f5b17b4891f17a63517f355b).
* Includes GCC 9.3.0 RC1
- Update to releases/gcc-9 head (eaaee438bf836c2c1ed3424ecbf85de3ed941e87).
* Includes fix for binutils version parsing [gcc#93965]

==== glibc ====
Subpackages: glibc-locale glibc-locale-base

- riscv-syscall-clobber.patch: riscv: Avoid clobbering register parameters
in syscall
- ldbl-96-rem-pio2l.patch: Avoid ldbl-96 stack corruption from range
reduction of pseudo-zero (CVE-2020-10029, bsc#1165784, BZ #25487)

==== gpg2 ====

- Split dirmngr into a subpackage to avoid a hard dependency of
gpg2 on libgnutls

==== installation-images-MicroOS ====
Version update (14.461 -> 14.462)

- merge gh#openSUSE/installation-images#364
- use u-boot-rpiarm64 if available (bsc#1164080)
- 14.462

==== kernel-source ====
Version update (5.5.7 -> 5.5.9)

- Linux 5.5.9 (bnc#1012628).
- ASoC: intel/skl/hda - export number of digital microphones
via control components (bnc#1012628).
- block, bfq: get a ref to a group when adding it to a service
tree (bnc#1012628).
- block, bfq: get extra ref to prevent a queue from being freed
during a group move (bnc#1012628).
- block, bfq: do not insert oom queue into position tree
(bnc#1012628).
- dm thin metadata: fix lockdep complaint (bnc#1012628).
- net: dsa: bcm_sf2: Forcibly configure IMP port for 1Gb/sec
(bnc#1012628).
- RDMA/core: Fix pkey and port assignment in get_new_pps
(bnc#1012628).
- RDMA/core: Fix use of logical OR in get_new_pps (bnc#1012628).
- blktrace: fix dereference after null check (bnc#1012628).
- netfilter: hashlimit: do not use indirect calls during gc
(bnc#1012628).
- ALSA: hda: do not override bus codec_mask in link_get()
(bnc#1012628).
- serial: ar933x_uart: set UART_CS_{RX,TX}_READY_ORIDE
(bnc#1012628).
- Kernel selftests: tpm2: check for tpm support (bnc#1012628).
- selftests: fix too long argument (bnc#1012628).
- usb: gadget: composite: Support more than 500mA MaxPower
(bnc#1012628).
- usb: gadget: ffs: ffs_aio_cancel(): Save/restore IRQ flags
(bnc#1012628).
- usb: gadget: serial: fix Tx stall after buffer overflow
(bnc#1012628).
- habanalabs: halt the engines before hard-reset (bnc#1012628).
- habanalabs: do not halt CoreSight during hard reset
(bnc#1012628).
- habanalabs: patched cb equals user cb in device memset
(bnc#1012628).
- drm/msm/mdp5: rate limit pp done timeout warnings (bnc#1012628).
- drm: msm: Fix return type of dsi_mgr_connector_mode_valid for
kCFI (bnc#1012628).
- drm/modes: Make sure to parse valid rotation value from cmdline
(bnc#1012628).
- drm/modes: Allow DRM_MODE_ROTATE_0 when applying video mode
parameters (bnc#1012628).
- scsi: megaraid_sas: silence a warning (bnc#1012628).
- drm/msm/dsi: save pll state before dsi host is powered off
(bnc#1012628).
- drm/msm/dsi/pll: call vco set rate explicitly (bnc#1012628).
- selftests: forwarding: use proto icmp for {gretap,
ip6gretap}_mac testing (bnc#1012628).
- selftests: forwarding: vxlan_bridge_1d: fix tos value
(bnc#1012628).
- net: atlantic: check rpc result and wait for rpc address
(bnc#1012628).
- net: atlantic: ptp gpio adjustments (bnc#1012628).
- net: ks8851-ml: Remove 8-bit bus accessors (bnc#1012628).
- net: ks8851-ml: Fix 16-bit data access (bnc#1012628).
- net: ks8851-ml: Fix 16-bit IO operation (bnc#1012628).
- net: ethernet: dm9000: Handle -EPROBE_DEFER in dm9000_parse_dt()
(bnc#1012628).
- watchdog: da9062: do not ping the hw during stop()
(bnc#1012628).
- s390/cio: cio_ignore_proc_seq_next should increase position
index (bnc#1012628).
- s390: make 'install' not depend on vmlinux (bnc#1012628).
- efi: Only print errors about failing to get certs if EFI vars
are found (bnc#1012628).
- net/mlx5: DR, Fix matching on vport gvmi (bnc#1012628).
- iommu/amd: Disable IOMMU on Stoney Ridge systems (bnc#1012628).
- nvme/pci: Add sleep quirk for Samsung and Toshiba drives
(bnc#1012628).
- nvme-pci: Use single IRQ vector for old Apple models
(bnc#1012628).
- x86/boot/compressed: Don't declare __force_order in kaslr_64.c
(bnc#1012628).
- s390/qdio: fill SL with absolute addresses (bnc#1012628).
- nvme: Fix uninitialized-variable warning (bnc#1012628).
- ice: Don't tell the OS that link is going down (bnc#1012628).
- x86/xen: Distribute switch variables for initialization
(bnc#1012628).
- net: thunderx: workaround BGX TX Underflow issue (bnc#1012628).
- csky/mm: Fixup export invalid_pte_table symbol (bnc#1012628).
- csky: Set regs->usp to kernel sp, when the exception is from
kernel (bnc#1012628).
- csky/smp: Fixup boot failed when CONFIG_SMP (bnc#1012628).
- csky: Fixup ftrace modify panic (bnc#1012628).
- csky: Fixup compile warning for three unimplemented syscalls
(bnc#1012628).
- arch/csky: fix some Kconfig typos (bnc#1012628).
- selftests: forwarding: vxlan_bridge_1d: use more proper tos
value (bnc#1012628).
- firmware: imx: scu: Ensure sequential TX (bnc#1012628).
- binder: prevent UAF for binderfs devices (bnc#1012628).
- binder: prevent UAF for binderfs devices II (bnc#1012628).
- ALSA: hda/realtek - Add Headset Mic supported (bnc#1012628).
- ALSA: hda/realtek - Add Headset Button supported for ThinkPad X1
(bnc#1012628).
- ALSA: hda/realtek - Fix a regression for mute led on Lenovo
Carbon X1 (bnc#1012628).
- ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus
Master (bnc#1012628).
- ALSA: hda/realtek - Enable the headset of ASUS B9450FA with
ALC294 (bnc#1012628).
- driver core: Call sync_state() even if supplier has no consumers
(bnc#1012628).
- cifs: don't leak -EAGAIN for stat() during reconnect
(bnc#1012628).
- cifs: fix rename() by ensuring source handle opened with DELETE
bit (bnc#1012628).
- usb: storage: Add quirk for Samsung Fit flash (bnc#1012628).
- usb: usb251xb: fix regulator probe and error handling
(bnc#1012628).
- usb: quirks: add NO_LPM quirk for Logitech Screen Share
(bnc#1012628).
- usb: dwc3: gadget: Update chain bit correctly when using sg list
(bnc#1012628).
- usb: cdns3: gadget: link trb should point to next request
(bnc#1012628).
- usb: cdns3: gadget: toggle cycle bit before reset endpoint
(bnc#1012628).
- usb: core: hub: fix unhandled return by employing a void
function (bnc#1012628).
- usb: core: hub: do error out if usb_autopm_get_interface()
fails (bnc#1012628).
- usb: core: port: do error out if usb_autopm_get_interface()
fails (bnc#1012628).
- vgacon: Fix a UAF in vgacon_invert_region (bnc#1012628).
- mm, numa: fix bad pmd by atomically check for pmd_trans_huge
when marking page tables prot_numa (bnc#1012628).
- mm: fix possible PMD dirty bit lost in set_pmd_migration_entry()
(bnc#1012628).
- mm: avoid data corruption on CoW fault into PFN-mapped VMA
(bnc#1012628).
- mm, hotplug: fix page online with DEBUG_PAGEALLOC compiled
but not enabled (bnc#1012628).
- fat: fix uninit-memory access for partial initialized inode
(bnc#1012628).
- btrfs: fix RAID direct I/O reads with alternate csums
(bnc#1012628).
- arm64: dts: socfpga: agilex: Fix gmac compatible (bnc#1012628).
- arm: dts: dra76x: Fix mmc3 max-frequency (bnc#1012628).
- phy: allwinner: Fix GENMASK misuse (bnc#1012628).
- tty:serial:mvebu-uart:fix a wrong return (bnc#1012628).
- tty: serial: fsl_lpuart: free IDs allocated by IDA
(bnc#1012628).
- serial: 8250_exar: add support for ACCES cards (bnc#1012628).
- serdev: Fix detection of UART devices on Apple machines
(bnc#1012628).
- media: hantro: Fix broken media controller links (bnc#1012628).
- media: mc-entity.c: use & to check pad flags, not ==
(bnc#1012628).
- media: vicodec: process all 4 components for RGB32 formats
(bnc#1012628).
- media: v4l2-mem2mem.c: fix broken links (bnc#1012628).
- perf intel-pt: Fix endless record after being terminated
(bnc#1012628).
- perf intel-bts: Fix endless record after being terminated
(bnc#1012628).
- perf cs-etm: Fix endless record after being terminated
(bnc#1012628).
- perf arm-spe: Fix endless record after being terminated
(bnc#1012628).
- spi: spidev: Fix CS polarity if GPIO descriptors are used
(bnc#1012628).
- x86/ioperm: Add new paravirt function update_io_bitmap()
(bnc#1012628).
- x86/pkeys: Manually set X86_FEATURE_OSPKE to preserve existing
changes (bnc#1012628).
- s390/pci: Fix unexpected write combine on resource
(bnc#1012628).
- s390/mm: fix panic in gup_fast on large pud (bnc#1012628).
- selftests: pidfd: Add pidfd_fdinfo_test in .gitignore
(bnc#1012628).
- powerpc/mm: Fix missing KUAP disable in flush_coherent_icache()
(bnc#1012628).
- drm/amdgpu: disable 3D pipe 1 on Navi1x (bnc#1012628).
- drm/amd/powerplay: fix pre-check condition for setting clock
range (bnc#1012628).
- dmaengine: imx-sdma: fix context cache (bnc#1012628).
- dmaengine: imx-sdma: Fix the event id check to include RX
event for UART6 (bnc#1012628).
- dmaengine: tegra-apb: Fix use-after-free (bnc#1012628).
- dmaengine: tegra-apb: Prevent race conditions of tasklet vs
free list (bnc#1012628).
- dm integrity: fix recalculation when moving from journal mode
to bitmap mode (bnc#1012628).
- dm integrity: fix a deadlock due to offloading to an incorrect
workqueue (bnc#1012628).
- dm integrity: fix invalid table returned due to argument count
mismatch (bnc#1012628).
- dm cache: fix a crash due to incorrect work item cancelling
(bnc#1012628).
- dm: report suspended device during destroy (bnc#1012628).
- dm writecache: verify watermark during resume (bnc#1012628).
- dm zoned: Fix reference counter initial value of chunk works
(bnc#1012628).
- dm: fix congested_fn for request-based device (bnc#1012628).
- arm64: dts: meson-sm1-sei610: add missing interrupt-names
(bnc#1012628).
- ARM: dts: ls1021a: Restore MDIO compatible to gianfar
(bnc#1012628).
- spi: bcm63xx-hsspi: Really keep pll clk enabled (bnc#1012628).
- drm/virtio: fix resource id creation race (bnc#1012628).
- ASoC: topology: Fix memleak in soc_tplg_link_elems_load()
(bnc#1012628).
- ASoC: topology: Fix memleak in soc_tplg_manifest_load()
(bnc#1012628).
- ASoC: SOF: Fix snd_sof_ipc_stream_posn() (bnc#1012628).
- ASoC: intel: skl: Fix pin debug prints (bnc#1012628).
- ASoC: intel: skl: Fix possible buffer overflow in debug outputs
(bnc#1012628).
- ASoC: pcm: Fix possible buffer overflow in dpcm state sysfs
output (bnc#1012628).
- ASoC: pcm512x: Fix unbalanced regulator enable call in probe
error path (bnc#1012628).
- ASoC: Intel: Skylake: Fix available clock counter incrementation
(bnc#1012628).
- ASoC: dapm: Correct DAPM handling of active widgets during
shutdown (bnc#1012628).
- ASoC: soc-component: tidyup snd_soc_pcm_component_sync_stop()
(bnc#1012628).
- spi: atmel-quadspi: fix possible MMIO window size overrun
(bnc#1012628).
- drm/panfrost: Don't try to map on error faults (bnc#1012628).
- drm/mediatek: Handle component type MTK_DISP_OVL_2L correctly
(bnc#1012628).
- drm/ttm: fix leaking fences via ttm_buffer_object_transfer
(bnc#1012628).
- drm: kirin: Revert "Fix for hikey620 display offset problem"
(bnc#1012628).
- drm/sun4i: Add separate DE3 VI layer formats (bnc#1012628).
- drm/sun4i: Fix DE2 VI layer format support (bnc#1012628).
- drm/sun4i: de2/de3: Remove unsupported VI layer formats
(bnc#1012628).
- drm/i915: Program MBUS with rmw during initialization
(bnc#1012628).
- drm/i915/selftests: Fix return in assert_mmap_offset()
(bnc#1012628).
- drm/i915/perf: Reintroduce wait on OA configuration completion
(bnc#1012628).
- phy: mapphone-mdm6600: Fix timeouts by adding wake-up handling
(bnc#1012628).
- phy: mapphone-mdm6600: Fix write timeouts with shorter GPIO
toggle interval (bnc#1012628).
- ARM: dts: imx6: phycore-som: fix emmc supply (bnc#1012628).
- arm64: dts: imx8qxp-mek: Remove unexisting Ethernet PHY
(bnc#1012628).
- firmware: imx: misc: Align imx sc msg structs to 4
(bnc#1012628).
- firmware: imx: scu-pd: Align imx sc msg structs to 4
(bnc#1012628).
- firmware: imx: Align imx_sc_msg_req_cpu_start to 4
(bnc#1012628).
- soc: imx-scu: Align imx sc msg structs to 4 (bnc#1012628).
- Revert "RDMA/cma: Simplify rdma_resolve_addr() error flow"
(bnc#1012628).
- RDMA/rw: Fix error flow during RDMA context initialization
(bnc#1012628).
- RDMA/odp: Ensure the mm is still alive before creating an
implicit child (bnc#1012628).
- RDMA/nldev: Fix crash when set a QP to a new counter but QPN
is missing (bnc#1012628).
- RDMA/siw: Fix failure handling during device creation
(bnc#1012628).
- RDMA/iwcm: Fix iwcm work deallocation (bnc#1012628).
- RDMA/core: Fix protection fault in ib_mr_pool_destroy
(bnc#1012628).
- regulator: stm32-vrefbuf: fix a possible overshoot when
re-enabling (bnc#1012628).
- regulator: qcom_spmi: Fix docs for PM8004 (bnc#1012628).
- RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen()
(bnc#1012628).
- IB/mlx5: Fix implicit ODP race (bnc#1012628).
- IB/hfi1, qib: Ensure RCU is locked when accessing list
(bnc#1012628).
- ARM: imx: build v7_cpu_resume() unconditionally (bnc#1012628).
- ARM: dts: imx7d: fix opp-supported-hw (bnc#1012628).
- ARM: dts: am437x-idk-evm: Fix incorrect OPP node names
(bnc#1012628).
- ARM: dts: dra7xx-clocks: Fixup IPU1 mux clock parent source
(bnc#1012628).
- ARM: dts: imx7-colibri: Fix frequency for sd/mmc (bnc#1012628).
- hwmon: (adt7462) Fix an error return in ADT7462_REG_VOLT()
(bnc#1012628).
- dma-buf: free dmabuf->name in dma_buf_release() (bnc#1012628).
- dmaengine: coh901318: Fix a double lock bug in dma_tc_handle()
(bnc#1012628).
- sched/fair: Fix statistics for find_idlest_group()
(bnc#1012628).
- arm64: dts: meson: fix gxm-khadas-vim2 wifi (bnc#1012628).
- bus: ti-sysc: Fix 1-wire reset quirk (bnc#1012628).
- dt-bindings: arm: fsl: fix APF6Dev compatible (bnc#1012628).
- EDAC/synopsys: Do not print an error with back-to-back
snprintf() calls (bnc#1012628).
- powerpc: fix hardware PMU exception bug on PowerVM compatibility
mode systems (bnc#1012628).
- efi/x86: Align GUIDs to their size in the mixed mode runtime
wrapper (bnc#1012628).
- efi/x86: Handle by-ref arguments covering multiple pages in
mixed mode (bnc#1012628).
- efi: READ_ONCE rng seed size before munmap (bnc#1012628).
- net: stmmac: fix notifier registration (bnc#1012628).
- block, bfq: remove ifdefs from around gets/puts of bfq groups
(bnc#1012628).
- csky: Implement copy_thread_tls (bnc#1012628).
- commit 70a6377
- vt: selection, push sel_lock up (bnc#1162928 CVE-2020-8648).
- vt: selection, push console lock down (bnc#1162928
CVE-2020-8648).
- commit 1538c30
- Refresh patches.suse/vt-selection-close-sel_buffer-race.patch.
Update upstream status.
- commit e2b9350
- drm/virtio: fix mmap page attributes (bsc#1163720).
- drm/shmem: add support for per object caching flags
(bsc#1163720).
- commit 1e5a090
- netfilter: xt_hashlimit: unregister proc file before releasing
mutex (git-fixes).
- commit fb4c60d
- Linux 5.5.8 (bnc#1012628).
- kvm: nVMX: VMWRITE checks unsupported field before read-only
field (bnc#1012628).
- kvm: nVMX: VMWRITE checks VMCS-link pointer before VMCS field
(bnc#1012628).
- mm, thp: fix defrag setting if newline is not used
(bnc#1012628).
- mm/huge_memory.c: use head to check huge zero page
(bnc#1012628).
- mm/gup: allow FOLL_FORCE for get_user_pages_fast()
(bnc#1012628).
- mm/debug.c: always print flags in dump_page() (bnc#1012628).
- locking/lockdep: Fix lockdep_stats indentation problem
(bnc#1012628).
- xfs: clear kernel only flags in XFS_IOC_ATTRMULTI_BY_HANDLE
(bnc#1012628).
- clk: qcom: rpmh: Sort OF match table (bnc#1012628).
- bus: tegra-aconnect: Remove PM_CLK dependency (bnc#1012628).
- netfilter: nf_flowtable: fix documentation (bnc#1012628).
- netfilter: nft_tunnel: no need to call htons() when dumping
ports (bnc#1012628).
- thermal: brcmstb_thermal: Do not use DT coefficients
(bnc#1012628).
- thermal: db8500: Depromote debug print (bnc#1012628).
- ubifs: Fix ino_t format warnings in orphan_delete()
(bnc#1012628).
- rcu: Allow only one expedited GP to run concurrently with
wakeups (bnc#1012628).
- KVM: x86: Remove spurious clearing of async #PF MSR
(bnc#1012628).
- KVM: x86: Remove spurious kvm_mmu_unload() from vcpu destruction
path (bnc#1012628).
- KVM: X86: Fix kvm_bitmap_or_dest_vcpus() to use irq shorthand
(bnc#1012628).
- x86/resctrl: Check monitoring static key in the MBM overflow
handler (bnc#1012628).
- perf maps: Add missing unlock to maps__insert() error case
(bnc#1012628).
- perf ui gtk: Add missing zalloc object (bnc#1012628).
- perf hists browser: Restore ESC as "Zoom out" of DSO/thread/etc
(bnc#1012628).
- pwm: omap-dmtimer: put_device() after of_find_device_by_node()
(bnc#1012628).
- lib/vdso: Update coarse timekeeper unconditionally
(bnc#1012628).
- lib/vdso: Make __arch_update_vdso_data() logic understandable
(bnc#1012628).
- kprobes: Set unoptimized flag after unoptimizing code
(bnc#1012628).
- ima: ima/lsm policy rule loading logic bug fixes (bnc#1012628).
- drivers: net: xgene: Fix the order of the arguments of
'alloc_etherdev_mqs()' (bnc#1012628).
- RDMA/hns: Bugfix for posting a wqe with sge (bnc#1012628).
- RDMA/hns: Simplify the calculation and usage of wqe idx for
post verbs (bnc#1012628).
- f2fs: fix to add swap extent correctly (bnc#1012628).
- sched/fair: Optimize select_idle_cpu (bnc#1012628).
- KVM: Check for a bad hva before dropping into the ghc slow path
(bnc#1012628).
- KVM: SVM: Override default MMIO mask if memory encryption is
enabled (bnc#1012628).
- perf report: Fix no libunwind compiled warning break s390 issue
(bnc#1012628).
- mwifiex: delete unused mwifiex_get_intf_num() (bnc#1012628).
- mwifiex: drop most magic numbers from
mwifiex_process_tdls_action_frame() (bnc#1012628).
- namei: only return -ECHILD from follow_dotdot_rcu()
(bnc#1012628).
- tipc: fix successful connect() but timed out (bnc#1012628).
- net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE
(bnc#1012628).
- net/smc: no peer ID in CLC decline for SMCD (bnc#1012628).
- selftests: Install settings files to fix TIMEOUT failures
(bnc#1012628).
- net: atlantic: fix out of range usage of active_vlans array
(bnc#1012628).
- net: atlantic: possible fault in transition to hibernation
(bnc#1012628).
- net: atlantic: fix potential error handling (bnc#1012628).
- net: atlantic: fix use after free kasan warn (bnc#1012628).
- net: atlantic: better loopback mode handling (bnc#1012628).
- net: atlantic: checksum compat issue (bnc#1012628).
- net: netlink: cap max groups which will be considered in
netlink_bind() (bnc#1012628).
- s390/qeth: fix off-by-one in RX copybreak check (bnc#1012628).
- s390/qeth: vnicc Fix EOPNOTSUPP precedence (bnc#1012628).
- nvme-pci: Hold cq_poll_lock while completing CQEs (bnc#1012628).
- usb: charger: assign specific number for enum value
(bnc#1012628).
- hv_netvsc: Fix unwanted wakeup in netvsc_attach() (bnc#1012628).
- kbuild: fix DT binding schema rule to detect command line
changes (bnc#1012628).
- mac80211: Remove a redundant mutex unlock (bnc#1012628).
- nl80211: fix potential leak in AP start (bnc#1012628).
- drm/i915/gvt: Separate display reset from ALL_ENGINES reset
(bnc#1012628).
- drm/i915: Avoid recursing onto active vma from the shrinker
(bnc#1012628).
- drm/i915/gvt: Fix orphan vgpu dmabuf_objs' lifetime
(bnc#1012628).
- MIPS: cavium_octeon: Fix syncw generation (bnc#1012628).
- i2c: jz4780: silence log flood on txabrt (bnc#1012628).
- i2c: altera: Fix potential integer overflow (bnc#1012628).
- MIPS: VPE: Fix a double free and a memory leak in
'release_vpe()' (bnc#1012628).
- RISC-V: Don't enable all interrupts in trap_init()
(bnc#1012628).
- HID: hiddev: Fix race in in hiddev_disconnect() (bnc#1012628).
- HID: alps: Fix an error handling path in
'alps_input_configured()' (bnc#1012628).
- netfilter: xt_hashlimit: reduce hashlimit_mutex scope for
htable_put() (bnc#1012628).
- netfilter: ipset: Fix forceadd evaluation path (bnc#1012628).
- vhost: Check docket sk_family instead of call getname
(bnc#1012628).
- net/smc: transfer fasync_list in case of fallback (bnc#1012628).
- netfilter: ipset: Fix "INFO: rcu detected stall in hash_xxx"
reports (bnc#1012628).
- io_uring: fix 32-bit compatability with sendmsg/recvmsg
(bnc#1012628).
- cpufreq: Fix policy initialization for internal governor drivers
(bnc#1012628).
- amdgpu/gmc_v9: save/restore sdpif regs during S3 (bnc#1012628).
- Revert "PM / devfreq: Modify the device name as devfreq(X)
for sysfs" (bnc#1012628).
- tracing: Disable trace_printk() on post poned tests
(bnc#1012628).
- blktrace: Protect q->blk_trace with RCU (bnc#1012628).
- macintosh: therm_windtunnel: fix regression when instantiating
devices (bnc#1012628).
- drm/radeon: Inline drm_get_pci_dev (bnc#1012628).
- drm/amdgpu: Drop DRIVER_USE_AGP (bnc#1012628).
- HID: core: increase HID report buffer size to 8KiB
(bnc#1012628).
- HID: core: fix off-by-one memset in hid_report_raw_event()
(bnc#1012628).
- HID: ite: Only bind to keyboard USB interface on Acer SW5-012
keyboard dock (bnc#1012628).
- KVM: VMX: check descriptor table exits on instruction emulation
(bnc#1012628).
- ACPI: watchdog: Fix gas->access_width usage (bnc#1012628).
- ACPICA: Introduce ACPI_ACCESS_BYTE_WIDTH() macro (bnc#1012628).
- audit: always check the netlink payload length in
audit_receive_msg() (bnc#1012628).
- audit: fix error handling in audit_data_to_entry()
(bnc#1012628).
- ext4: potential crash on allocation error in
ext4_alloc_flex_bg_array() (bnc#1012628).
- docs: Fix empty parallelism argument (bnc#1012628).
- scsi: zfcp: fix wrong data and display format of SFP+
temperature (bnc#1012628).
- scsi: sd_sbc: Fix sd_zbc_report_zones() (bnc#1012628).
- nvme/pci: move cqe check after device shutdown (bnc#1012628).
- nvme: prevent warning triggered by nvme_stop_keep_alive
(bnc#1012628).
- nvme/tcp: fix bug on double requeue when send fails
(bnc#1012628).
- net: hns3: fix a copying IPv6 address error in
hclge_fd_get_flow_tuples() (bnc#1012628).
- net: hns3: fix VF bandwidth does not take effect in some case
(bnc#1012628).
- net: hns3: add management table after IMP reset (bnc#1012628).
- mac80211: fix wrong 160/80+80 MHz setting (bnc#1012628).
- cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE
(bnc#1012628).
- cifs: Fix mode output in debugging statements (bnc#1012628).
- io-wq: don't call kXalloc_node() with non-online node
(bnc#1012628).
- ice: Use correct netif error function (bnc#1012628).
- ice: Use ice_pf_to_dev (bnc#1012628).
- ice: update Unit Load Status bitmask to check after reset
(bnc#1012628).
- ice: fix and consolidate logging of NVM/firmware version
information (bnc#1012628).
- ice: Don't allow same value for Rx tail to be written twice
(bnc#1012628).
- ice: Fix switch between FW and SW LLDP (bnc#1012628).
- net: ena: ena-com.c: prevent NULL pointer dereference
(bnc#1012628).
- net: ena: ethtool: use correct value for crc32 hash
(bnc#1012628).
- net: ena: fix corruption of dev_idx_to_host_tbl (bnc#1012628).
- net: ena: fix incorrectly saving queue numbers when setting
RSS indirection table (bnc#1012628).
- net: ena: rss: store hash function as values and not bits
(bnc#1012628).
- net: ena: rss: fix failure to get indirection table
(bnc#1012628).
- net: ena: rss: do not allocate key when not supported
(bnc#1012628).
- net: ena: fix incorrect default RSS key (bnc#1012628).
- net: ena: add missing ethtool TX timestamping indication
(bnc#1012628).
- net: ena: fix uses of round_jiffies() (bnc#1012628).
- net: ena: fix potential crash when rxfh key is NULL
(bnc#1012628).
- i40e: Fix the conditional for i40e_vc_validate_vqs_bitmaps
(bnc#1012628).
- soc/tegra: fuse: Fix build with Tegra194 configuration
(bnc#1012628).
- amdgpu: Prevent build errors regarding soft/hard-float FP ABI
tags (bnc#1012628).
- drm/amd/display: Add initialitions for PLL2 clock source
(bnc#1012628).
- drm/amd/display: Limit minimum DPPCLK to 100MHz (bnc#1012628).
- drm/amd/display: Check engine is not NULL before acquiring
(bnc#1012628).
- RDMA/siw: Remove unwanted WARN_ON in siw_cm_llp_data_ready()
(bnc#1012628).
- drm/amd/display: Do not set optimized_require to false after
plane disable (bnc#1012628).
- ARM: dts: sti: fixup sound frame-inversion for
stihxxx-b2120.dtsi (bnc#1012628).
- ceph: do not execute direct write in parallel if O_APPEND is
specified (bnc#1012628).
- perf/x86/msr: Add Tremont support (bnc#1012628).
- perf/x86/cstate: Add Tremont support (bnc#1012628).
- perf/x86/intel: Add Elkhart Lake support (bnc#1012628).
- perf/smmuv3: Use platform_get_irq_optional() for wired interrupt
(bnc#1012628).
- NFSv4: Fix races between open and dentry revalidation
(bnc#1012628).
- qmi_wwan: unconditionally reject 2 ep interfaces (bnc#1012628).
- qmi_wwan: re-add DW5821e pre-production variant (bnc#1012628).
- s390/zcrypt: fix card and queue total counter wrap
(bnc#1012628).
- io_uring: flush overflowed CQ events in the io_uring_poll()
(bnc#1012628).
- cfg80211: check wiphy driver existence for drvinfo report
(bnc#1012628).
- mac80211: consider more elements in parsing CRC (bnc#1012628).
- dax: pass NOWAIT flag to iomap_apply (bnc#1012628).
- sched/fair: Prevent unlimited runtime on throttled group
(bnc#1012628).
- timers/nohz: Update NOHZ load in remote tick (bnc#1012628).
- sched/core: Don't skip remote tick for idle CPUs (bnc#1012628).
- drm/msm: Set dma maximum segment size for mdss (bnc#1012628).
- ipmi:ssif: Handle a possible NULL pointer reference
(bnc#1012628).
- net: rtnetlink: fix bugs in rtnl_alt_ifname() (bnc#1012628).
- net: macb: Properly handle phylink on at91rm9200 (bnc#1012628).
- net: add strict checks in netdev_name_node_alt_destroy()
(bnc#1012628).
- ionic: fix fw_status read (bnc#1012628).
- ipv6: Fix nlmsg_flags when splitting a multipath route
(bnc#1012628).
- ipv6: Fix route replacement with dev-only route (bnc#1012628).
- bonding: fix lockdep warning in bond_get_stats() (bnc#1012628).
- net: export netdev_next_lower_dev_rcu() (bnc#1012628).
- bonding: add missing netdev_update_lockdep_key() (bnc#1012628).
- bnxt_en: Issue PCIe FLR in kdump kernel to cleanup pending DMAs
(bnc#1012628).
- bnxt_en: Improve device shutdown method (bnc#1012628).
- sctp: move the format error check out of __sctp_sf_do_9_1_abort
(bnc#1012628).
- udp: rehash on disconnect (bnc#1012628).
- Revert "net: dev: introduce support for sch BYPASS for lockless
qdisc" (bnc#1012628).
- qede: Fix race between rdma destroy workqueue and link change
event (bnc#1012628).
- nfc: pn544: Fix occasional HW initialization failure
(bnc#1012628).
- net/tls: Fix to avoid gettig invalid tls record (bnc#1012628).
- net: sched: correct flower port blocking (bnc#1012628).
- net: phy: restore mdio regs in the iproc mdio driver
(bnc#1012628).
- net: mscc: fix in frame extraction (bnc#1012628).
- net: macb: ensure interface is not suspended on at91rm9200
(bnc#1012628).
- net: fib_rules: Correctly set table field when table number
exceeds 8 bits (bnc#1012628).
- net: dsa: b53: Ensure the default VID is untagged (bnc#1012628).
- EDAC: skx_common: downgrade message importance on missing PCI
device (bnc#1012628).
- commit 3727848
- config: re-enable NLS_ISO8859_1 for kvmsmall
The EFI partition wants NLS_ISO8859_1 and will fail to mount without it.
- commit 666974e

==== kexec-tools ====

- kexec-tools-reset-getopt-before-falling-back-to-legacy.patch:
Reset getopt before falling back to legacy syscall (bsc#1166105).
- kexec-tools-fix-kexec_file_load-error-handling.patch: Fix the
error handling if kexec_file_load() fails (bsc#1166105).

==== kwin5 ====

- Replace the Requires: xorg-x11-server-wayland dependency with a
Recommends so we can install kwin5 in X11 only systems.

==== libapparmor ====
Version update (2.13.3 -> 2.13.4)

- update to AppArmor 2.13.4
- fix log parsing for logs with an embedded newline
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_2.13.4
for the detailed upstream changelog

==== libidn2 ====

- No longer recommend -lang: supplements are in use.

==== libva ====
Subpackages: libva-drm2 libva2

- cleanup in specfile: get rid of is_opensuse macro, which is no
longer needed at all since sle15/Leap15, where we always enable
wayland support (jira#PM-1623)

==== lvm2-device-mapper ====
Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03

- fix patch name typo
- bug-1158628-04-pvmove-correcting-read_ahead-setting.patch
+ bug-1158628_04-pvmove-correcting-read_ahead-setting.patch

==== pam ====

- Removed pam_userdb from this package and moved to pam-modules.
This removed the requirement for libdb.
Also made "xz" required for all releases.
Remove limits for nproc from /etc/security/limits.conf
[bsc#1164562, bsc#1166510, bsc#1110700, pam.spec]

==== patterns-microos ====
Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor
patterns-microos-base patterns-microos-basesystem patterns-microos-cloud
patterns-microos-defaults patterns-microos-desktop-gnome
patterns-microos-desktop-kde patterns-microos-hardware patterns-microos-ima_evm
patterns-microos-onlyDVD patterns-microos-selinux patterns-microos-sssd_ldap

- Drop NetworkManager-applet Requires: We do not need this at all
inside gnome-shell, we have had built-in tools for a long time.

==== podman ====
Version update (1.8.0 -> 1.8.1)
Subpackages: podman-cni-config

- Update podman to v1.8.1:
* Features
- Many networking-related flags have been added to podman pod
create to enable customization of pod networks, including
- -add-host, --dns, --dns-opt, --dns-search, --ip,
- -mac-address, --network, and --no-hosts
- The podman ps --format=json command now includes the ID of
the image containers were created with
- The podman run and podman create commands now feature an
- -rmi flag to remove the image the container was using after
it exits (if no other containers are using said image)
([#4628](https://github.com/containers/libpod/issues/4628))
- The podman create and podman run commands now support the
- -device-cgroup-rule flag (#4876)
- While the HTTP API remains in alpha, many fixes and additions
have landed. These are documented in a separate subsection
below
- The podman create and podman run commands now feature a
- -no-healthcheck flag to disable healthchecks for a container
(#5299)
- Containers now recognize the io.containers.capabilities
label, which specifies a list of capabilities required by the
image to run. These capabilities will be used as long as they
are more restrictive than the default capabilities used
- YAML produced by the podman generate kube command now
includes SELinux configuration passed into the container via
- -security-opt label=... (#4950)
* Bugfixes
- Fixed CVE-2020-1726, a security issue where volumes manually
populated before first being mounted into a container could
have those contents overwritten on first being mounted into a
container
- Fixed a bug where Podman containers with user namespaces in
CNI networks with the DNS plugin enabled would not have the
DNS plugin's nameserver added to their resolv.conf
([#5256](https://github.com/containers/libpod/issues/5256))
- Fixed a bug where trailing / characters in image volume
definitions could cause them to not be overridden by a
user-specified mount at the same location
([#5219](https://github.com/containers/libpod/issues/5219))
- Fixed a bug where the label option in libpod.conf, used to
disable SELinux by default, was not being respected (#5087)
- Fixed a bug where the podman login and podman logout commands
required the registry to log into be specified (#5146)
- Fixed a bug where detached rootless Podman containers could
not forward ports (#5167)
- Fixed a bug where rootless Podman could fail to run if the
pause process had died
- Fixed a bug where Podman ignored labels that were specified
with only a key and no value (#3854)
- Fixed a bug where Podman would fail to create named volumes
when the backing filesystem did not support SELinux labelling
(#5200)
- Fixed a bug where --detach-keys="" would not disable
detaching from a container (#5166)
- Fixed a bug where the podman ps command was too aggressive
when filtering containers and would force --all on in too
many situations
- Fixed a bug where the podman play kube command was ignoring
image configuration, including volumes, working directory,
labels, and stop signal (#5174)
- Fixed a bug where the Created and CreatedTime fields in
podman images --format=json were misnamed, which also broke
Go template output for those fields
([#5110](https://github.com/containers/libpod/issues/5110))
- Fixed a bug where rootless Podman containers with ports
forwarded could hang when started (#5182)
- Fixed a bug where podman pull could fail to parse registry
names including port numbers
- Fixed a bug where Podman would incorrectly attempt to
validate image OS and architecture when starting containers
- Fixed a bug where Bash completion for podman build -f would
not list available files that could be built (#3878)
- Fixed a bug where podman commit --change would perform
incorrect validation, resulting in valid changes being
rejected (#5148)
- Fixed a bug where podman logs --tail could take large amounts
of memory when the log file for a container was large (#5131)
- Fixed a bug where Podman would sometimes incorrectly generate
firewall rules on systems using firewalld
- Fixed a bug where the podman inspect command would not
display network information for containers properly if a
container joined multiple CNI networks
([#4907](https://github.com/containers/libpod/issues/4907))
- Fixed a bug where the --uts flag to podman create and podman
run would only allow specifying containers by full ID (#5289)
- Fixed a bug where rootless Podman could segfault when passed
a large number of file descriptors
- Fixed a bug where the podman port command was incorrectly
interpreting additional arguments as container names, instead
of port numbers
- Fixed a bug where units created by podman generate systemd
did not depend on network targets, and so could start before
the system network was ready (#4130)
- Fixed a bug where exec sessions in containers which did not
specify a user would not inherit supplemental groups added to
the container via --group-add
- Fixed a bug where Podman would not respect the $TMPDIR
environment variable for placing large temporary files during
some operations (e.g. podman pull)
([#5411](https://github.com/containers/libpod/issues/5411))
* HTTP API
- Initial support for secure connections to servers via SSH
tunneling has been added
- Initial support for the libpod create and logs endpoints for
containers has been added
- Added a /swagger/ endpoint to serve API documentation
- The json endpoint for containers has received many fixes
- Filtering images and containers has been greatly improved,
with many bugs fixed and documentation improved
- Image creation endpoints (commit, pull, etc) have seen many
fixes
- Server timeout has been fixed so that long operations will no
longer trigger the timeout and shut the server down
- The stats endpoint for containers has seen major fixes and
now provides accurate output
- Handling the HTTP 304 status code has been fixed for all
endpoints
- Many fixes have been made to API documentation to ensure it
matches the code
* Misc
- Updated vendored Buildah to v1.14.2
- Updated vendored containers/storage to v1.16.2
- The Created field to podman images --format=json has been
renamed to CreatedSince as part of the fix for (#5110). Go
templates using the old name shou ld still work
- The CreatedTime field to podman images --format=json has been
renamed to CreatedAt as part of the fix for (#5110). Go
templates using the old name should still work
- The before filter to podman images has been renamed to since
for Docker compatibility. Using before will still work, but
documentation has been changed to use the new since filter
- Using the --password flag to podman login now warns that
passwords are being passed in plaintext
- Some common cases where Podman would deadlock have been fixed
to warn the user that podman system renumber must be run to
resolve the deadlock

==== supportutils ====
Version update (3.1.8 -> 3.1.9)

- Addition to version 3.1.9
+ Changes affecting getappcore
- Added core file validation (bsc#1166126)
- Added -j <PID> to extract core from systemd journal
- Capture coredumptctl info in getappcore.log
+ Changed filename prefixes from nts_ to scc_ (SLE-8702, SLE-6762)
- The new prefix references SUSE Customer Center

==== transactional-update ====
Subpackages: transactional-update-zypp-config

- Add dependencies to btrfsprogs, zypper and snapper - most of the
functionality is not usable if those applications are not
installed. [boo#1166502]

==== webkit2gtk3 ====
Version update (2.26.4 -> 2.28.0)
Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37
webkit2gtk-4_0-injected-bundles

- Update to version 2.28.0:
+ Add API to enable Process Swap on (Cross-site) Navigation.
+ Add user messages API for the communication with the web
extension.
+ Add support for same-site cookies.
+ Service workers are enabled by default.
+ Add support for Pointer Lock API.
+ Add flatpak sandbox support.
+ Make ondemand hardware acceleration policy never leave
accelerated compositing mode.
+ Always use a light theme for rendering form controls.
+ Add about:gpu to show information about the graphics stack.
- Drop webkit2gtk3-ppc-build-fix.patch: Fixed upstream.
- Disable webkit-process.patch: Needs rebase, and furthermore it
should not be applied for Leap 15.2 as it is today.
- Update to version 2.27.91:
+ Update user agent quirks to fix the unsupported browser message
in several google services.
+ Fix several compile warnings with GCC 10.
+ Fix the build with GCC 10.
+ Fix several crashes and rendering issues.
+ Updated translations.

==== wpebackend-fdo ====
Version update (1.4.1 -> 1.4.2)

- Update to version 1.4.2:
+ Fix build failures with EGL implementations which do not
provide an EGL/eglmesaext.h header.

==== xfsprogs ====
Version update (5.4.0 -> 5.5.0)

- update to v5.5.0:
* xfsprogs: actually check that writes succeeded
* mkfs.xfs: check root inode location
* mkfs.xfs: efficient block zeroing
* xfs_repair: fix broken unit conv. in dir invalidation
* xfs_repair: fix bad next_unlinked field
* xfs_repair: don't corrupt attr fork clearing forw/back
* xfs_repair: check root dir pointer before trashing it
* xfs_repair: try to fix sb_unit value from secondaries
* libxfs changes merged from kernel 5.5


--
To unsubscribe, e-mail: opensuse-kubic+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-kubic+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages