[opensuse-kubic] New MicroOS snapshot 20200318 released!

21 Mar 2020


      Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.

Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version=Tumbleweed&build=20200318
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&component=MicroOS&query_format=advanced&resolution=---

Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
  MozillaFirefox (73.0.1 -> 74.0)
  PackageKit
  alsa (1.2.1.2 -> 1.2.2)
  alsa-plugins (1.2.1 -> 1.2.2)
  apparmor (2.13.3 -> 2.13.4)
  boost-base
  curl (7.69.0 -> 7.69.1)
  dracut (049.1+git125.e2b2c9ef -> 049.1+git135.46dceb02)
  gcc10 (10.0.1+git174776 -> 10.0.1+git175037)
  gcc9 (9.2.1+git1022 -> 9.2.1+git1192)
  glibc
  gpg2
  installation-images-MicroOS (14.461 -> 14.462)
  kernel-source (5.5.7 -> 5.5.9)
  kexec-tools
  kwin5
  libapparmor (2.13.3 -> 2.13.4)
  libidn2
  libva
  lvm2-device-mapper
  pam
  patterns-microos
  podman (1.8.0 -> 1.8.1)
  supportutils (3.1.8 -> 3.1.9)
  transactional-update
  webkit2gtk3 (2.26.4 -> 2.28.0)
  wpebackend-fdo (1.4.1 -> 1.4.2)
  xfsprogs (5.4.0 -> 5.5.0)

=== Details ===

==== MozillaFirefox ====
Version update (73.0.1 -> 74.0)

- Mozilla Firefox 74.0
  * https://www.mozilla.org/en-US/firefox/74.0/releasenotes/
  MFSA 2020-08 (bsc#1166238)
  * CVE-2020-6805 (bmo#1610880)
    Use-after-free when removing data about origins
  * CVE-2020-6806 (bmo#1612308)
    BodyStream::OnInputStreamReady was missing protections against
    state confusion
  * CVE-2020-6807 (bmo#1614971)
    Use-after-free in cubeb during stream destruction
  * CVE-2020-6808 (bmo#1247968)
    URL Spoofing via javascript: URL
  * CVE-2020-6809 (bmo#1420296)
    Web Extensions with the all-urls permission could access local
    files
  * CVE-2020-6810 (bmo#1432856)
    Focusing a popup while in fullscreen could have obscured the
    fullscreen notification
  * CVE-2020-6811 (bmo#1607742)
    Devtools' 'Copy as cURL' feature did not fully escape
    website-controlled data, potentially leading to command injection
  * CVE-2019-20503 (bmo#1613765)
    Out of bounds reads in sctp_load_addresses_from_init
  * CVE-2020-6812 (bmo#1616661)
    The names of AirPods with personally identifiable information
    were exposed to websites with camera or microphone permission
  * CVE-2020-6813 (bmo#1605814)
    @import statements in CSS could bypass the Content Security
    Policy nonce feature
  * CVE-2020-6814 (bmo#1592078,bmo#1604847,bmo#1608256,bmo#1612636,
    bmo#1614339)
    Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6
  * CVE-2020-6815 (bmo#1181957,bmo#1557732,bmo#1557739,bmo#1611457,
    bmo#1612431)
    Memory and script safety bugs fixed in Firefox 74
- requires
  * NSPR 4.25
  * NSS 3.50
  * rust-cbindgen 0.13.0
- removed obsolete patches
  mozilla-bmo1610814.patch
  mozilla-cubeb-noreturn.patch
- add mozilla-bmo1609538.patch to fix wayland issues with mutter 3.36
  (bmo#1609538, boo#1166471)

==== PackageKit ====
Subpackages: PackageKit-backend-zypp libpackagekit-glib2-18

- Add PackageKit-zypp-ignore-already-installed-packages.patch,
  remove PackageKit-zypp-revert-fail-on-already-installed.patch:
  zypp: Ignore already installed package when installing
  (bsc#1155624, gh#/hughsie/PackageKit/commit/d9233011).
- Fix source URL in the spec file.

==== alsa ====
Version update (1.2.1.2 -> 1.2.2)

- Update to alsa-lib 1.2.2:
  including previous fixes
- Backport recent upstream fixes:
  conf updates, PCM ordering fix, configure fix;
  0001-conf-change-the-order-of-PCM-devices-in-alsa.conf.patch
  0002-conf-namehint-add-omit_noargs-to-the-hint-section.patch
  0003-Change-PCM-device-number-of-Asus-Xonar-U5.patch
  0004-configure-add-embed-for-python3-config-python-3.8.patch
  0005-conf-USB-Audio-Add-C-Media-USB-Headphone-Set-to-the-.patch
- Drop obsoleted patches:
  0001-ucm-Use-strncmp-to-avoid-access-out-of-boundary.patch
  0002-ucm-return-always-at-least-NULL-if-no-list-is-availa.patch
  0003-ucm-add-_identifiers-list.patch
  0004-namehint-correct-the-args-check.patch
  0005-namehint-improve-the-previous-patch-check-the-return.patch
  0006-ucm-docs-allow-spaces-in-device-names-for-JackHWMute.patch
  0007-use-case-docs-add-PlaybackMixerCopy-and-CaptureMixer.patch
  0008-ucm-docs-add-JackCTL-rearrange-JackControl-and-JackD.patch
  0009-ucm-Do-not-fail-to-parse-configs-on-cards-with-an-em.patch
  0010-src-ucm-main.c-fix-build-without-mixer.patch
  0011-alsa.m4-another-try-to-fix-the-libatopology-detectio.patch
  0012-ucm-docs-add-Mic-DigitalMic-and-multiple-devices-com.patch
  0013-ucm-docs-remove-DigitalMic-it-does-not-have-sense.patch
  0014-ucm-docs-change-the-Mic-description-to-simple-Microp.patch
  0015-ucm-docs-add-note-about-the-sequences-and-device-spl.patch
  0016-ucm-docs-remove-MixerCopy-values-add-Priority-for-ve.patch
  0017-ucm-setup-conf_format-after-getting-ALSA_CONFIG_UCM_.patch
  0018-alsa-lib-fix-the-array-parser-unique-compound-keys.patch
  0019-topology-remove-vendor_fd-name-from-snd_tplg-structu.patch
  0020-topology-file-position-and-size-cleanups.patch
  0021-topology-use-an-array-describing-blocks-for-the-main.patch
  0022-topology-use-size_t-for-calc_block_size.patch
  0023-topology-merge-write_block-to-tplg_write_data.patch
  0024-topology-make-vebose-output-more-nice.patch
  0025-topology-use-list_insert-macro-in-tplg_elem_insert.patch
  0026-topology-dapm-coding-fixes.patch
  0027-topology-dapm-merge-identical-index-blocks-like-for-.patch
  0028-topology-more-coding-fixes.patch
  0029-Fix-alsa-sound-.h-for-external-programs.patch
  0030-type_compat-Add-missing-__s64-and-__u64-definitions-.patch
  0031-uapi-Move-typedefs-from-uapi-to-sound.patch
  0032-Update-the-attributes.m4-macro-file-from-xine.patch
  0033-topology-avoid-to-use-the-atoi-directly-when-expecte.patch
  0034-topology-use-snd_config_get_bool-instead-own-impleme.patch
  0035-topology-fix-tplg_get_integer-handle-errno-ERANGE.patch
  0036-topology-add-tplg_get_unsigned-function.patch
  0037-topology-convert-builder-to-use-the-mallocated-memor.patch
  0038-topology-add-binary-output-from-the-builder.patch
  0039-topology-parser-recode-tplg_parse_config.patch
  0040-topology-add-snd_tplg_load-remove-snd_tplg_build_bin.patch
  0041-topology-move-the-topology-element-table-from-builde.patch
  0042-topology-add-parser-to-the-tplg_table.patch
  0043-topology-add-snd_tplg_save.patch
  0044-topology-add-snd_tplg_create-with-flags.patch
  0045-topology-add-snd_tplg_version-function.patch
  0046-topology-cleanup-the-SNDERR-calls.patch
  0047-topology-dapm-fix-the-SNDERR-Undefined.patch
  0048-topology-fix-the-unitialized-tuples.patch
  0049-topology-implement-shorter-hexa-uuid-00-00-parser.patch
  0050-topology-fix-the-TPLG_DEBUG-compilation.patch
  0051-topology-fix-the-ops-parser-accept-integer-hexa-valu.patch
  0052-topology-fix-the-wrong-memory-access-object-realloc.patch
  0053-topology-implement-snd_tplg_decode.patch
  0054-topology-move-the-elem-list-delete-to-tplg_elem_free.patch
  0055-topology-unify-the-log-mechanism.patch
  0056-topology-tplg_dbg-cleanups.patch
  0057-topology-cosmetic-changes-functions.patch
  0058-mixer-Fix-memory-leak-for-more-than-16-file-descript.patch
  0059-Quote-strings-containing-or-when-saving-an-alsa-conf.patch
  0060-ucm-fix-the-configuration-directory-longname-for-ucm.patch
  0061-ucm-split-conf_file_name-and-conf_dir_name.patch
  0062-ucm-remove-MAX_FILE-definition-and-use-correct-PATH_.patch
  0063-topology-remove-MAX_FILE-definition-and-use-correct-.patch
  0064-ucm-parser-cosmetic-fixes-in-the-comments.patch
  0065-configure.ac-remove-an-unnecessary-libtool-fix.patch
  0066-ucm-parser-use-correct-filename-in-parser_master_fil.patch
  0067-ucm-the-ucm2-subdirectory-is-driver-name-based.patch
  0068-ucm-implement-RenameDevice-and-RemoveDevice-verb-man.patch
  0069-ucm-fill-missing-device-entries-conflicting-supporte.patch
  0070-control-Remove-access-to-the-deprecated-dimen-fields.patch
  0071-topology-Drop-SNDRV_CTL_ELEM_ACCESS_TIMESTAMP-access.patch
  0072-uapi-Sync-with-5.6-kernel-ABI.patch
  0073-ucm-parser-add-error-message-to-verb_dev_list_add.patch
  0074-do-not-set-close-on-exec-flag-on-descriptor-if-it-wa.patch

==== alsa-plugins ====
Version update (1.2.1 -> 1.2.2)

- Update to alsa-plugins 1.2.2:
  * upmix plugin code refactoring, m4 file update

==== apparmor ====
Version update (2.13.3 -> 2.13.4)
Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils perl-apparmor python3-apparmor

- update to AppArmor 2.13.4
  - several abstraction updates (including boo#1153162)
  - disallow writing to fontconfig cache in abstractions/fonts
  - some bugfixes in the aa-* tools
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_2.13.4
    for the detailed upstream changelog
- drop upstreamed patches:
  - abstractions-ssl-certbot-paths.diff
  - apparmor-krb5-conf-d.diff
  - libapparmor-python3.8.diff
  - usr-etc-abstractions-authentification.diff
- refresh usr-etc-abstractions-authentification.diff

==== boost-base ====
Subpackages: boost-license1_71_0 libboost_thread1_71_0

- Fix packaging errors in cases where python2 is disabled and
  unavailable.

==== curl ====
Version update (7.69.0 -> 7.69.1)
Subpackages: libcurl4

- Update to 7.69.1
  * Bugfixes:
  - ares: store dns parameters for duphandle
  - cirrus-ci: disable the FreeBSD 13 builds
  - curl_share_setopt.3: Note sharing cookies doesn't enable the engine
  - lib1564: reduce number of mid-wait wakeup calls
  - libssh: Fix matching user-specified MD5 hex key
  - MANUAL: update a dict-using command line
  - mime: do not perform more than one read in a row
  - mime: fix the binary encoder to handle large data properly
  - mime: latch last read callback status
  - multi: skip EINTR check on wakeup socket if it was closed
  - pause: bail out on bad input
  - pause: force a connection recheck after unpausing (take 2)
  - pause: return early for calls that don't change pause state
  - runtests.1: rephrase how to specify what tests to run
  - runtests: fix missing use of exe_ext helper function
  - seek: fix fall back for missing ftruncate on Windows
  - sftp: fix segfault regression introduced by #4747 in 7.69.0
  - sha256: Added SecureTransport implementation
  - sha256: Added WinCrypt implementation
  - socks4: fix host resolve regression
  - socks5: host name resolv regression fix
  - tests/server: fix missing use of exe_ext helper function
  - tests: fix static ip:port instead of dynamic values being used
  - tests: make sleeping portable by avoiding select
  - unit1612: fix the inclusion and compilation of the HMAC unit test
  - urldata: remove the 'stream_was_rewound' connectdata struct member
  - version: make curl_version* thread-safe without using global context

==== dracut ====
Version update (049.1+git125.e2b2c9ef -> 049.1+git135.46dceb02)
Subpackages: dracut-ima

- Update to version 049.1+git135.46dceb02:
  * 40network: Do not require hostname binary
  * suse.spec: add new modules 90nvdimm and 99suse-initrd
  * 95fcoe: default rd.nofcoe to false (bsc#1163343)
  * Add module "99suse-initrd" for parsing "SUSE INITRD" lines (bsc#1161343)
    Dependent commits:
  * Add module "90nvdimm" for NVDIMM support
  * 90kernel-modules: remove nfit from static module list
- Update to version 049.1+git129.0f19bbfd:
  * 35network-legacy: dhclient is optional (bsc#1166188)
  * suse.spec: Create -extra package (bsc#1166188)
  * suse.spec: Remove obsolete permission fixups
  * 00warpclock: Fix permissions in warpclock.sh

==== gcc10 ====
Version update (10.0.1+git174776 -> 10.0.1+git175037)
Subpackages: libgcc_s1 libgomp1 libstdc++6

- Update to master head (778a77357cad11e8dd4c810544330af0fbe843b1).
  * Includes fix for binutils version parsing [gcc#93965]

==== gcc9 ====
Version update (9.2.1+git1022 -> 9.2.1+git1192)

- Update to releases/gcc-9 head (c5edde44f5b17b4891f17a63517f355b).
  * Includes GCC 9.3.0 RC1
- Update to releases/gcc-9 head (eaaee438bf836c2c1ed3424ecbf85de3ed941e87).
  * Includes fix for binutils version parsing [gcc#93965]

==== glibc ====
Subpackages: glibc-locale glibc-locale-base

- riscv-syscall-clobber.patch: riscv: Avoid clobbering register parameters
  in syscall
- ldbl-96-rem-pio2l.patch: Avoid ldbl-96 stack corruption from range
  reduction of pseudo-zero (CVE-2020-10029, bsc#1165784, BZ #25487)

==== gpg2 ====

- Split dirmngr into a subpackage to avoid a hard dependency of
  gpg2 on libgnutls

==== installation-images-MicroOS ====
Version update (14.461 -> 14.462)

- merge gh#openSUSE/installation-images#364
- use u-boot-rpiarm64 if available (bsc#1164080)
- 14.462

==== kernel-source ====
Version update (5.5.7 -> 5.5.9)

- Linux 5.5.9 (bnc#1012628).
- ASoC: intel/skl/hda - export number of digital microphones
  via control components (bnc#1012628).
- block, bfq: get a ref to a group when adding it to a service
  tree (bnc#1012628).
- block, bfq: get extra ref to prevent a queue from being freed
  during a group move (bnc#1012628).
- block, bfq: do not insert oom queue into position tree
  (bnc#1012628).
- dm thin metadata: fix lockdep complaint (bnc#1012628).
- net: dsa: bcm_sf2: Forcibly configure IMP port for 1Gb/sec
  (bnc#1012628).
- RDMA/core: Fix pkey and port assignment in get_new_pps
  (bnc#1012628).
- RDMA/core: Fix use of logical OR in get_new_pps (bnc#1012628).
- blktrace: fix dereference after null check (bnc#1012628).
- netfilter: hashlimit: do not use indirect calls during gc
  (bnc#1012628).
- ALSA: hda: do not override bus codec_mask in link_get()
  (bnc#1012628).
- serial: ar933x_uart: set UART_CS_{RX,TX}_READY_ORIDE
  (bnc#1012628).
- Kernel selftests: tpm2: check for tpm support (bnc#1012628).
- selftests: fix too long argument (bnc#1012628).
- usb: gadget: composite: Support more than 500mA MaxPower
  (bnc#1012628).
- usb: gadget: ffs: ffs_aio_cancel(): Save/restore IRQ flags
  (bnc#1012628).
- usb: gadget: serial: fix Tx stall after buffer overflow
  (bnc#1012628).
- habanalabs: halt the engines before hard-reset (bnc#1012628).
- habanalabs: do not halt CoreSight during hard reset
  (bnc#1012628).
- habanalabs: patched cb equals user cb in device memset
  (bnc#1012628).
- drm/msm/mdp5: rate limit pp done timeout warnings (bnc#1012628).
- drm: msm: Fix return type of dsi_mgr_connector_mode_valid for
  kCFI (bnc#1012628).
- drm/modes: Make sure to parse valid rotation value from cmdline
  (bnc#1012628).
- drm/modes: Allow DRM_MODE_ROTATE_0 when applying video mode
  parameters (bnc#1012628).
- scsi: megaraid_sas: silence a warning (bnc#1012628).
- drm/msm/dsi: save pll state before dsi host is powered off
  (bnc#1012628).
- drm/msm/dsi/pll: call vco set rate explicitly (bnc#1012628).
- selftests: forwarding: use proto icmp for {gretap,
  ip6gretap}_mac testing (bnc#1012628).
- selftests: forwarding: vxlan_bridge_1d: fix tos value
  (bnc#1012628).
- net: atlantic: check rpc result and wait for rpc address
  (bnc#1012628).
- net: atlantic: ptp gpio adjustments (bnc#1012628).
- net: ks8851-ml: Remove 8-bit bus accessors (bnc#1012628).
- net: ks8851-ml: Fix 16-bit data access (bnc#1012628).
- net: ks8851-ml: Fix 16-bit IO operation (bnc#1012628).
- net: ethernet: dm9000: Handle -EPROBE_DEFER in dm9000_parse_dt()
  (bnc#1012628).
- watchdog: da9062: do not ping the hw during stop()
  (bnc#1012628).
- s390/cio: cio_ignore_proc_seq_next should increase position
  index (bnc#1012628).
- s390: make 'install' not depend on vmlinux (bnc#1012628).
- efi: Only print errors about failing to get certs if EFI vars
  are found (bnc#1012628).
- net/mlx5: DR, Fix matching on vport gvmi (bnc#1012628).
- iommu/amd: Disable IOMMU on Stoney Ridge systems (bnc#1012628).
- nvme/pci: Add sleep quirk for Samsung and Toshiba drives
  (bnc#1012628).
- nvme-pci: Use single IRQ vector for old Apple models
  (bnc#1012628).
- x86/boot/compressed: Don't declare __force_order in kaslr_64.c
  (bnc#1012628).
- s390/qdio: fill SL with absolute addresses (bnc#1012628).
- nvme: Fix uninitialized-variable warning (bnc#1012628).
- ice: Don't tell the OS that link is going down (bnc#1012628).
- x86/xen: Distribute switch variables for initialization
  (bnc#1012628).
- net: thunderx: workaround BGX TX Underflow issue (bnc#1012628).
- csky/mm: Fixup export invalid_pte_table symbol (bnc#1012628).
- csky: Set regs->usp to kernel sp, when the exception is from
  kernel (bnc#1012628).
- csky/smp: Fixup boot failed when CONFIG_SMP (bnc#1012628).
- csky: Fixup ftrace modify panic (bnc#1012628).
- csky: Fixup compile warning for three unimplemented syscalls
  (bnc#1012628).
- arch/csky: fix some Kconfig typos (bnc#1012628).
- selftests: forwarding: vxlan_bridge_1d: use more proper tos
  value (bnc#1012628).
- firmware: imx: scu: Ensure sequential TX (bnc#1012628).
- binder: prevent UAF for binderfs devices (bnc#1012628).
- binder: prevent UAF for binderfs devices II (bnc#1012628).
- ALSA: hda/realtek - Add Headset Mic supported (bnc#1012628).
- ALSA: hda/realtek - Add Headset Button supported for ThinkPad X1
  (bnc#1012628).
- ALSA: hda/realtek - Fix a regression for mute led on Lenovo
  Carbon X1 (bnc#1012628).
- ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus
  Master (bnc#1012628).
- ALSA: hda/realtek - Enable the headset of ASUS B9450FA with
  ALC294 (bnc#1012628).
- driver core: Call sync_state() even if supplier has no consumers
  (bnc#1012628).
- cifs: don't leak -EAGAIN for stat() during reconnect
  (bnc#1012628).
- cifs: fix rename() by ensuring source handle opened with DELETE
  bit (bnc#1012628).
- usb: storage: Add quirk for Samsung Fit flash (bnc#1012628).
- usb: usb251xb: fix regulator probe and error handling
  (bnc#1012628).
- usb: quirks: add NO_LPM quirk for Logitech Screen Share
  (bnc#1012628).
- usb: dwc3: gadget: Update chain bit correctly when using sg list
  (bnc#1012628).
- usb: cdns3: gadget: link trb should point to next request
  (bnc#1012628).
- usb: cdns3: gadget: toggle cycle bit before reset endpoint
  (bnc#1012628).
- usb: core: hub: fix unhandled return by employing a void
  function (bnc#1012628).
- usb: core: hub: do error out if usb_autopm_get_interface()
  fails (bnc#1012628).
- usb: core: port: do error out if usb_autopm_get_interface()
  fails (bnc#1012628).
- vgacon: Fix a UAF in vgacon_invert_region (bnc#1012628).
- mm, numa: fix bad pmd by atomically check for pmd_trans_huge
  when marking page tables prot_numa (bnc#1012628).
- mm: fix possible PMD dirty bit lost in set_pmd_migration_entry()
  (bnc#1012628).
- mm: avoid data corruption on CoW fault into PFN-mapped VMA
  (bnc#1012628).
- mm, hotplug: fix page online with DEBUG_PAGEALLOC compiled
  but not enabled (bnc#1012628).
- fat: fix uninit-memory access for partial initialized inode
  (bnc#1012628).
- btrfs: fix RAID direct I/O reads with alternate csums
  (bnc#1012628).
- arm64: dts: socfpga: agilex: Fix gmac compatible (bnc#1012628).
- arm: dts: dra76x: Fix mmc3 max-frequency (bnc#1012628).
- phy: allwinner: Fix GENMASK misuse (bnc#1012628).
- tty:serial:mvebu-uart:fix a wrong return (bnc#1012628).
- tty: serial: fsl_lpuart: free IDs allocated by IDA
  (bnc#1012628).
- serial: 8250_exar: add support for ACCES cards (bnc#1012628).
- serdev: Fix detection of UART devices on Apple machines
  (bnc#1012628).
- media: hantro: Fix broken media controller links (bnc#1012628).
- media: mc-entity.c: use & to check pad flags, not ==
  (bnc#1012628).
- media: vicodec: process all 4 components for RGB32 formats
  (bnc#1012628).
- media: v4l2-mem2mem.c: fix broken links (bnc#1012628).
- perf intel-pt: Fix endless record after being terminated
  (bnc#1012628).
- perf intel-bts: Fix endless record after being terminated
  (bnc#1012628).
- perf cs-etm: Fix endless record after being terminated
  (bnc#1012628).
- perf arm-spe: Fix endless record after being terminated
  (bnc#1012628).
- spi: spidev: Fix CS polarity if GPIO descriptors are used
  (bnc#1012628).
- x86/ioperm: Add new paravirt function update_io_bitmap()
  (bnc#1012628).
- x86/pkeys: Manually set X86_FEATURE_OSPKE to preserve existing
  changes (bnc#1012628).
- s390/pci: Fix unexpected write combine on resource
  (bnc#1012628).
- s390/mm: fix panic in gup_fast on large pud (bnc#1012628).
- selftests: pidfd: Add pidfd_fdinfo_test in .gitignore
  (bnc#1012628).
- powerpc/mm: Fix missing KUAP disable in flush_coherent_icache()
  (bnc#1012628).
- drm/amdgpu: disable 3D pipe 1 on Navi1x (bnc#1012628).
- drm/amd/powerplay: fix pre-check condition for setting clock
  range (bnc#1012628).
- dmaengine: imx-sdma: fix context cache (bnc#1012628).
- dmaengine: imx-sdma: Fix the event id check to include RX
  event for UART6 (bnc#1012628).
- dmaengine: tegra-apb: Fix use-after-free (bnc#1012628).
- dmaengine: tegra-apb: Prevent race conditions of tasklet vs
  free list (bnc#1012628).
- dm integrity: fix recalculation when moving from journal mode
  to bitmap mode (bnc#1012628).
- dm integrity: fix a deadlock due to offloading to an incorrect
  workqueue (bnc#1012628).
- dm integrity: fix invalid table returned due to argument count
  mismatch (bnc#1012628).
- dm cache: fix a crash due to incorrect work item cancelling
  (bnc#1012628).
- dm: report suspended device during destroy (bnc#1012628).
- dm writecache: verify watermark during resume (bnc#1012628).
- dm zoned: Fix reference counter initial value of chunk works
  (bnc#1012628).
- dm: fix congested_fn for request-based device (bnc#1012628).
- arm64: dts: meson-sm1-sei610: add missing interrupt-names
  (bnc#1012628).
- ARM: dts: ls1021a: Restore MDIO compatible to gianfar
  (bnc#1012628).
- spi: bcm63xx-hsspi: Really keep pll clk enabled (bnc#1012628).
- drm/virtio: fix resource id creation race (bnc#1012628).
- ASoC: topology: Fix memleak in soc_tplg_link_elems_load()
  (bnc#1012628).
- ASoC: topology: Fix memleak in soc_tplg_manifest_load()
  (bnc#1012628).
- ASoC: SOF: Fix snd_sof_ipc_stream_posn() (bnc#1012628).
- ASoC: intel: skl: Fix pin debug prints (bnc#1012628).
- ASoC: intel: skl: Fix possible buffer overflow in debug outputs
  (bnc#1012628).
- ASoC: pcm: Fix possible buffer overflow in dpcm state sysfs
  output (bnc#1012628).
- ASoC: pcm512x: Fix unbalanced regulator enable call in probe
  error path (bnc#1012628).
- ASoC: Intel: Skylake: Fix available clock counter incrementation
  (bnc#1012628).
- ASoC: dapm: Correct DAPM handling of active widgets during
  shutdown (bnc#1012628).
- ASoC: soc-component: tidyup snd_soc_pcm_component_sync_stop()
  (bnc#1012628).
- spi: atmel-quadspi: fix possible MMIO window size overrun
  (bnc#1012628).
- drm/panfrost: Don't try to map on error faults (bnc#1012628).
- drm/mediatek: Handle component type MTK_DISP_OVL_2L correctly
  (bnc#1012628).
- drm/ttm: fix leaking fences via ttm_buffer_object_transfer
  (bnc#1012628).
- drm: kirin: Revert "Fix for hikey620 display offset problem"
  (bnc#1012628).
- drm/sun4i: Add separate DE3 VI layer formats (bnc#1012628).
- drm/sun4i: Fix DE2 VI layer format support (bnc#1012628).
- drm/sun4i: de2/de3: Remove unsupported VI layer formats
  (bnc#1012628).
- drm/i915: Program MBUS with rmw during initialization
  (bnc#1012628).
- drm/i915/selftests: Fix return in assert_mmap_offset()
  (bnc#1012628).
- drm/i915/perf: Reintroduce wait on OA configuration completion
  (bnc#1012628).
- phy: mapphone-mdm6600: Fix timeouts by adding wake-up handling
  (bnc#1012628).
- phy: mapphone-mdm6600: Fix write timeouts with shorter GPIO
  toggle interval (bnc#1012628).
- ARM: dts: imx6: phycore-som: fix emmc supply (bnc#1012628).
- arm64: dts: imx8qxp-mek: Remove unexisting Ethernet PHY
  (bnc#1012628).
- firmware: imx: misc: Align imx sc msg structs to 4
  (bnc#1012628).
- firmware: imx: scu-pd: Align imx sc msg structs to 4
  (bnc#1012628).
- firmware: imx: Align imx_sc_msg_req_cpu_start to 4
  (bnc#1012628).
- soc: imx-scu: Align imx sc msg structs to 4 (bnc#1012628).
- Revert "RDMA/cma: Simplify rdma_resolve_addr() error flow"
  (bnc#1012628).
- RDMA/rw: Fix error flow during RDMA context initialization
  (bnc#1012628).
- RDMA/odp: Ensure the mm is still alive before creating an
  implicit child (bnc#1012628).
- RDMA/nldev: Fix crash when set a QP to a new counter but QPN
  is missing (bnc#1012628).
- RDMA/siw: Fix failure handling during device creation
  (bnc#1012628).
- RDMA/iwcm: Fix iwcm work deallocation (bnc#1012628).
- RDMA/core: Fix protection fault in ib_mr_pool_destroy
  (bnc#1012628).
- regulator: stm32-vrefbuf: fix a possible overshoot when
  re-enabling (bnc#1012628).
- regulator: qcom_spmi: Fix docs for PM8004 (bnc#1012628).
- RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen()
  (bnc#1012628).
- IB/mlx5: Fix implicit ODP race (bnc#1012628).
- IB/hfi1, qib: Ensure RCU is locked when accessing list
  (bnc#1012628).
- ARM: imx: build v7_cpu_resume() unconditionally (bnc#1012628).
- ARM: dts: imx7d: fix opp-supported-hw (bnc#1012628).
- ARM: dts: am437x-idk-evm: Fix incorrect OPP node names
  (bnc#1012628).
- ARM: dts: dra7xx-clocks: Fixup IPU1 mux clock parent source
  (bnc#1012628).
- ARM: dts: imx7-colibri: Fix frequency for sd/mmc (bnc#1012628).
- hwmon: (adt7462) Fix an error return in ADT7462_REG_VOLT()
  (bnc#1012628).
- dma-buf: free dmabuf->name in dma_buf_release() (bnc#1012628).
- dmaengine: coh901318: Fix a double lock bug in dma_tc_handle()
  (bnc#1012628).
- sched/fair: Fix statistics for find_idlest_group()
  (bnc#1012628).
- arm64: dts: meson: fix gxm-khadas-vim2 wifi (bnc#1012628).
- bus: ti-sysc: Fix 1-wire reset quirk (bnc#1012628).
- dt-bindings: arm: fsl: fix APF6Dev compatible (bnc#1012628).
- EDAC/synopsys: Do not print an error with back-to-back
  snprintf() calls (bnc#1012628).
- powerpc: fix hardware PMU exception bug on PowerVM compatibility
  mode systems (bnc#1012628).
- efi/x86: Align GUIDs to their size in the mixed mode runtime
  wrapper (bnc#1012628).
- efi/x86: Handle by-ref arguments covering multiple pages in
  mixed mode (bnc#1012628).
- efi: READ_ONCE rng seed size before munmap (bnc#1012628).
- net: stmmac: fix notifier registration (bnc#1012628).
- block, bfq: remove ifdefs from around gets/puts of bfq groups
  (bnc#1012628).
- csky: Implement copy_thread_tls (bnc#1012628).
- commit 70a6377
- vt: selection, push sel_lock up (bnc#1162928 CVE-2020-8648).
- vt: selection, push console lock down (bnc#1162928
  CVE-2020-8648).
- commit 1538c30
- Refresh patches.suse/vt-selection-close-sel_buffer-race.patch.
  Update upstream status.
- commit e2b9350
- drm/virtio: fix mmap page attributes (bsc#1163720).
- drm/shmem: add support for per object caching flags
  (bsc#1163720).
- commit 1e5a090
- netfilter: xt_hashlimit: unregister proc file before releasing
  mutex (git-fixes).
- commit fb4c60d
- Linux 5.5.8 (bnc#1012628).
- kvm: nVMX: VMWRITE checks unsupported field before read-only
  field (bnc#1012628).
- kvm: nVMX: VMWRITE checks VMCS-link pointer before VMCS field
  (bnc#1012628).
- mm, thp: fix defrag setting if newline is not used
  (bnc#1012628).
- mm/huge_memory.c: use head to check huge zero page
  (bnc#1012628).
- mm/gup: allow FOLL_FORCE for get_user_pages_fast()
  (bnc#1012628).
- mm/debug.c: always print flags in dump_page() (bnc#1012628).
- locking/lockdep: Fix lockdep_stats indentation problem
  (bnc#1012628).
- xfs: clear kernel only flags in XFS_IOC_ATTRMULTI_BY_HANDLE
  (bnc#1012628).
- clk: qcom: rpmh: Sort OF match table (bnc#1012628).
- bus: tegra-aconnect: Remove PM_CLK dependency (bnc#1012628).
- netfilter: nf_flowtable: fix documentation (bnc#1012628).
- netfilter: nft_tunnel: no need to call htons() when dumping
  ports (bnc#1012628).
- thermal: brcmstb_thermal: Do not use DT coefficients
  (bnc#1012628).
- thermal: db8500: Depromote debug print (bnc#1012628).
- ubifs: Fix ino_t format warnings in orphan_delete()
  (bnc#1012628).
- rcu: Allow only one expedited GP to run concurrently with
  wakeups (bnc#1012628).
- KVM: x86: Remove spurious clearing of async #PF MSR
  (bnc#1012628).
- KVM: x86: Remove spurious kvm_mmu_unload() from vcpu destruction
  path (bnc#1012628).
- KVM: X86: Fix kvm_bitmap_or_dest_vcpus() to use irq shorthand
  (bnc#1012628).
- x86/resctrl: Check monitoring static key in the MBM overflow
  handler (bnc#1012628).
- perf maps: Add missing unlock to maps__insert() error case
  (bnc#1012628).
- perf ui gtk: Add missing zalloc object (bnc#1012628).
- perf hists browser: Restore ESC as "Zoom out" of DSO/thread/etc
  (bnc#1012628).
- pwm: omap-dmtimer: put_device() after of_find_device_by_node()
  (bnc#1012628).
- lib/vdso: Update coarse timekeeper unconditionally
  (bnc#1012628).
- lib/vdso: Make __arch_update_vdso_data() logic understandable
  (bnc#1012628).
- kprobes: Set unoptimized flag after unoptimizing code
  (bnc#1012628).
- ima: ima/lsm policy rule loading logic bug fixes (bnc#1012628).
- drivers: net: xgene: Fix the order of the arguments of
  'alloc_etherdev_mqs()' (bnc#1012628).
- RDMA/hns: Bugfix for posting a wqe with sge (bnc#1012628).
- RDMA/hns: Simplify the calculation and usage of wqe idx for
  post verbs (bnc#1012628).
- f2fs: fix to add swap extent correctly (bnc#1012628).
- sched/fair: Optimize select_idle_cpu (bnc#1012628).
- KVM: Check for a bad hva before dropping into the ghc slow path
  (bnc#1012628).
- KVM: SVM: Override default MMIO mask if memory encryption is
  enabled (bnc#1012628).
- perf report: Fix no libunwind compiled warning break s390 issue
  (bnc#1012628).
- mwifiex: delete unused mwifiex_get_intf_num() (bnc#1012628).
- mwifiex: drop most magic numbers from
  mwifiex_process_tdls_action_frame() (bnc#1012628).
- namei: only return -ECHILD from follow_dotdot_rcu()
  (bnc#1012628).
- tipc: fix successful connect() but timed out (bnc#1012628).
- net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE
  (bnc#1012628).
- net/smc: no peer ID in CLC decline for SMCD (bnc#1012628).
- selftests: Install settings files to fix TIMEOUT failures
  (bnc#1012628).
- net: atlantic: fix out of range usage of active_vlans array
  (bnc#1012628).
- net: atlantic: possible fault in transition to hibernation
  (bnc#1012628).
- net: atlantic: fix potential error handling (bnc#1012628).
- net: atlantic: fix use after free kasan warn (bnc#1012628).
- net: atlantic: better loopback mode handling (bnc#1012628).
- net: atlantic: checksum compat issue (bnc#1012628).
- net: netlink: cap max groups which will be considered in
  netlink_bind() (bnc#1012628).
- s390/qeth: fix off-by-one in RX copybreak check (bnc#1012628).
- s390/qeth: vnicc Fix EOPNOTSUPP precedence (bnc#1012628).
- nvme-pci: Hold cq_poll_lock while completing CQEs (bnc#1012628).
- usb: charger: assign specific number for enum value
  (bnc#1012628).
- hv_netvsc: Fix unwanted wakeup in netvsc_attach() (bnc#1012628).
- kbuild: fix DT binding schema rule to detect command line
  changes (bnc#1012628).
- mac80211: Remove a redundant mutex unlock (bnc#1012628).
- nl80211: fix potential leak in AP start (bnc#1012628).
- drm/i915/gvt: Separate display reset from ALL_ENGINES reset
  (bnc#1012628).
- drm/i915: Avoid recursing onto active vma from the shrinker
  (bnc#1012628).
- drm/i915/gvt: Fix orphan vgpu dmabuf_objs' lifetime
  (bnc#1012628).
- MIPS: cavium_octeon: Fix syncw generation (bnc#1012628).
- i2c: jz4780: silence log flood on txabrt (bnc#1012628).
- i2c: altera: Fix potential integer overflow (bnc#1012628).
- MIPS: VPE: Fix a double free and a memory leak in
  'release_vpe()' (bnc#1012628).
- RISC-V: Don't enable all interrupts in trap_init()
  (bnc#1012628).
- HID: hiddev: Fix race in in hiddev_disconnect() (bnc#1012628).
- HID: alps: Fix an error handling path in
  'alps_input_configured()' (bnc#1012628).
- netfilter: xt_hashlimit: reduce hashlimit_mutex scope for
  htable_put() (bnc#1012628).
- netfilter: ipset: Fix forceadd evaluation path (bnc#1012628).
- vhost: Check docket sk_family instead of call getname
  (bnc#1012628).
- net/smc: transfer fasync_list in case of fallback (bnc#1012628).
- netfilter: ipset: Fix "INFO: rcu detected stall in hash_xxx"
  reports (bnc#1012628).
- io_uring: fix 32-bit compatability with sendmsg/recvmsg
  (bnc#1012628).
- cpufreq: Fix policy initialization for internal governor drivers
  (bnc#1012628).
- amdgpu/gmc_v9: save/restore sdpif regs during S3 (bnc#1012628).
- Revert "PM / devfreq: Modify the device name as devfreq(X)
  for sysfs" (bnc#1012628).
- tracing: Disable trace_printk() on post poned tests
  (bnc#1012628).
- blktrace: Protect q->blk_trace with RCU (bnc#1012628).
- macintosh: therm_windtunnel: fix regression when instantiating
  devices (bnc#1012628).
- drm/radeon: Inline drm_get_pci_dev (bnc#1012628).
- drm/amdgpu: Drop DRIVER_USE_AGP (bnc#1012628).
- HID: core: increase HID report buffer size to 8KiB
  (bnc#1012628).
- HID: core: fix off-by-one memset in hid_report_raw_event()
  (bnc#1012628).
- HID: ite: Only bind to keyboard USB interface on Acer SW5-012
  keyboard dock (bnc#1012628).
- KVM: VMX: check descriptor table exits on instruction emulation
  (bnc#1012628).
- ACPI: watchdog: Fix gas->access_width usage (bnc#1012628).
- ACPICA: Introduce ACPI_ACCESS_BYTE_WIDTH() macro (bnc#1012628).
- audit: always check the netlink payload length in
  audit_receive_msg() (bnc#1012628).
- audit: fix error handling in audit_data_to_entry()
  (bnc#1012628).
- ext4: potential crash on allocation error in
  ext4_alloc_flex_bg_array() (bnc#1012628).
- docs: Fix empty parallelism argument (bnc#1012628).
- scsi: zfcp: fix wrong data and display format of SFP+
  temperature (bnc#1012628).
- scsi: sd_sbc: Fix sd_zbc_report_zones() (bnc#1012628).
- nvme/pci: move cqe check after device shutdown (bnc#1012628).
- nvme: prevent warning triggered by nvme_stop_keep_alive
  (bnc#1012628).
- nvme/tcp: fix bug on double requeue when send fails
  (bnc#1012628).
- net: hns3: fix a copying IPv6 address error in
  hclge_fd_get_flow_tuples() (bnc#1012628).
- net: hns3: fix VF bandwidth does not take effect in some case
  (bnc#1012628).
- net: hns3: add management table after IMP reset (bnc#1012628).
- mac80211: fix wrong 160/80+80 MHz setting (bnc#1012628).
- cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE
  (bnc#1012628).
- cifs: Fix mode output in debugging statements (bnc#1012628).
- io-wq: don't call kXalloc_node() with non-online node
  (bnc#1012628).
- ice: Use correct netif error function (bnc#1012628).
- ice: Use ice_pf_to_dev (bnc#1012628).
- ice: update Unit Load Status bitmask to check after reset
  (bnc#1012628).
- ice: fix and consolidate logging of NVM/firmware version
  information (bnc#1012628).
- ice: Don't allow same value for Rx tail to be written twice
  (bnc#1012628).
- ice: Fix switch between FW and SW LLDP (bnc#1012628).
- net: ena: ena-com.c: prevent NULL pointer dereference
  (bnc#1012628).
- net: ena: ethtool: use correct value for crc32 hash
  (bnc#1012628).
- net: ena: fix corruption of dev_idx_to_host_tbl (bnc#1012628).
- net: ena: fix incorrectly saving queue numbers when setting
  RSS indirection table (bnc#1012628).
- net: ena: rss: store hash function as values and not bits
  (bnc#1012628).
- net: ena: rss: fix failure to get indirection table
  (bnc#1012628).
- net: ena: rss: do not allocate key when not supported
  (bnc#1012628).
- net: ena: fix incorrect default RSS key (bnc#1012628).
- net: ena: add missing ethtool TX timestamping indication
  (bnc#1012628).
- net: ena: fix uses of round_jiffies() (bnc#1012628).
- net: ena: fix potential crash when rxfh key is NULL
  (bnc#1012628).
- i40e: Fix the conditional for i40e_vc_validate_vqs_bitmaps
  (bnc#1012628).
- soc/tegra: fuse: Fix build with Tegra194 configuration
  (bnc#1012628).
- amdgpu: Prevent build errors regarding soft/hard-float FP ABI
  tags (bnc#1012628).
- drm/amd/display: Add initialitions for PLL2 clock source
  (bnc#1012628).
- drm/amd/display: Limit minimum DPPCLK to 100MHz (bnc#1012628).
- drm/amd/display: Check engine is not NULL before acquiring
  (bnc#1012628).
- RDMA/siw: Remove unwanted WARN_ON in siw_cm_llp_data_ready()
  (bnc#1012628).
- drm/amd/display: Do not set optimized_require to false after
  plane disable (bnc#1012628).
- ARM: dts: sti: fixup sound frame-inversion for
  stihxxx-b2120.dtsi (bnc#1012628).
- ceph: do not execute direct write in parallel if O_APPEND is
  specified (bnc#1012628).
- perf/x86/msr: Add Tremont support (bnc#1012628).
- perf/x86/cstate: Add Tremont support (bnc#1012628).
- perf/x86/intel: Add Elkhart Lake support (bnc#1012628).
- perf/smmuv3: Use platform_get_irq_optional() for wired interrupt
  (bnc#1012628).
- NFSv4: Fix races between open and dentry revalidation
  (bnc#1012628).
- qmi_wwan: unconditionally reject 2 ep interfaces (bnc#1012628).
- qmi_wwan: re-add DW5821e pre-production variant (bnc#1012628).
- s390/zcrypt: fix card and queue total counter wrap
  (bnc#1012628).
- io_uring: flush overflowed CQ events in the io_uring_poll()
  (bnc#1012628).
- cfg80211: check wiphy driver existence for drvinfo report
  (bnc#1012628).
- mac80211: consider more elements in parsing CRC (bnc#1012628).
- dax: pass NOWAIT flag to iomap_apply (bnc#1012628).
- sched/fair: Prevent unlimited runtime on throttled group
  (bnc#1012628).
- timers/nohz: Update NOHZ load in remote tick (bnc#1012628).
- sched/core: Don't skip remote tick for idle CPUs (bnc#1012628).
- drm/msm: Set dma maximum segment size for mdss (bnc#1012628).
- ipmi:ssif: Handle a possible NULL pointer reference
  (bnc#1012628).
- net: rtnetlink: fix bugs in rtnl_alt_ifname() (bnc#1012628).
- net: macb: Properly handle phylink on at91rm9200 (bnc#1012628).
- net: add strict checks in netdev_name_node_alt_destroy()
  (bnc#1012628).
- ionic: fix fw_status read (bnc#1012628).
- ipv6: Fix nlmsg_flags when splitting a multipath route
  (bnc#1012628).
- ipv6: Fix route replacement with dev-only route (bnc#1012628).
- bonding: fix lockdep warning in bond_get_stats() (bnc#1012628).
- net: export netdev_next_lower_dev_rcu() (bnc#1012628).
- bonding: add missing netdev_update_lockdep_key() (bnc#1012628).
- bnxt_en: Issue PCIe FLR in kdump kernel to cleanup pending DMAs
  (bnc#1012628).
- bnxt_en: Improve device shutdown method (bnc#1012628).
- sctp: move the format error check out of __sctp_sf_do_9_1_abort
  (bnc#1012628).
- udp: rehash on disconnect (bnc#1012628).
- Revert "net: dev: introduce support for sch BYPASS for lockless
  qdisc" (bnc#1012628).
- qede: Fix race between rdma destroy workqueue and link change
  event (bnc#1012628).
- nfc: pn544: Fix occasional HW initialization failure
  (bnc#1012628).
- net/tls: Fix to avoid gettig invalid tls record (bnc#1012628).
- net: sched: correct flower port blocking (bnc#1012628).
- net: phy: restore mdio regs in the iproc mdio driver
  (bnc#1012628).
- net: mscc: fix in frame extraction (bnc#1012628).
- net: macb: ensure interface is not suspended on at91rm9200
  (bnc#1012628).
- net: fib_rules: Correctly set table field when table number
  exceeds 8 bits (bnc#1012628).
- net: dsa: b53: Ensure the default VID is untagged (bnc#1012628).
- EDAC: skx_common: downgrade message importance on missing PCI
  device (bnc#1012628).
- commit 3727848
- config: re-enable NLS_ISO8859_1 for kvmsmall
  The EFI partition wants NLS_ISO8859_1 and will fail to mount without it.
- commit 666974e

==== kexec-tools ====

- kexec-tools-reset-getopt-before-falling-back-to-legacy.patch:
  Reset getopt before falling back to legacy syscall (bsc#1166105).
- kexec-tools-fix-kexec_file_load-error-handling.patch: Fix the
  error handling if kexec_file_load() fails (bsc#1166105).

==== kwin5 ====

- Replace the Requires: xorg-x11-server-wayland dependency with a
  Recommends so we can install kwin5 in X11 only systems.

==== libapparmor ====
Version update (2.13.3 -> 2.13.4)

- update to AppArmor 2.13.4
  - fix log parsing for logs with an embedded newline
  - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_2.13.4
    for the detailed upstream changelog

==== libidn2 ====

- No longer recommend -lang: supplements are in use.

==== libva ====
Subpackages: libva-drm2 libva2

- cleanup in specfile: get rid of is_opensuse macro, which is no
  longer needed at all since sle15/Leap15, where we always enable
  wayland support (jira#PM-1623)

==== lvm2-device-mapper ====
Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03

- fix patch name typo
  - bug-1158628-04-pvmove-correcting-read_ahead-setting.patch
  + bug-1158628_04-pvmove-correcting-read_ahead-setting.patch

==== pam ====

- Removed pam_userdb from this package and moved to pam-modules.
  This removed the requirement for libdb.
  Also made "xz" required for all releases.
  Remove limits for nproc from /etc/security/limits.conf
  [bsc#1164562, bsc#1166510, bsc#1110700, pam.spec]

==== patterns-microos ====
Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-basesystem patterns-microos-cloud patterns-microos-defaults patterns-microos-desktop-gnome patterns-microos-desktop-kde patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-selinux patterns-microos-sssd_ldap

- Drop NetworkManager-applet Requires: We do not need this at all
  inside gnome-shell, we have had built-in tools for a long time.

==== podman ====
Version update (1.8.0 -> 1.8.1)
Subpackages: podman-cni-config

- Update podman to v1.8.1:
  * Features
  - Many networking-related flags have been added to podman pod
    create to enable customization of pod networks, including
  - -add-host, --dns, --dns-opt, --dns-search, --ip,
  - -mac-address, --network, and --no-hosts
  - The podman ps --format=json command now includes the ID of
    the image containers were created with
  - The podman run and podman create commands now feature an
  - -rmi flag to remove the image the container was using after
    it exits (if no other containers are using said image)
    ([#4628](https://github.com/containers/libpod/issues/4628))
  - The podman create and podman run commands now support the
  - -device-cgroup-rule flag (#4876)
  - While the HTTP API remains in alpha, many fixes and additions
    have landed. These are documented in a separate subsection
    below
  - The podman create and podman run commands now feature a
  - -no-healthcheck flag to disable healthchecks for a container
    (#5299)
  - Containers now recognize the io.containers.capabilities
    label, which specifies a list of capabilities required by the
    image to run. These capabilities will be used as long as they
    are more restrictive than the default capabilities used
  - YAML produced by the podman generate kube command now
    includes SELinux configuration passed into the container via
  - -security-opt label=... (#4950)
  * Bugfixes
  - Fixed CVE-2020-1726, a security issue where volumes manually
    populated before first being mounted into a container could
    have those contents overwritten on first being mounted into a
    container
  - Fixed a bug where Podman containers with user namespaces in
    CNI networks with the DNS plugin enabled would not have the
    DNS plugin's nameserver added to their resolv.conf
    ([#5256](https://github.com/containers/libpod/issues/5256))
  - Fixed a bug where trailing / characters in image volume
    definitions could cause them to not be overridden by a
    user-specified mount at the same location
    ([#5219](https://github.com/containers/libpod/issues/5219))
  - Fixed a bug where the label option in libpod.conf, used to
    disable SELinux by default, was not being respected (#5087)
  - Fixed a bug where the podman login and podman logout commands
    required the registry to log into be specified (#5146)
  - Fixed a bug where detached rootless Podman containers could
    not forward ports (#5167)
  - Fixed a bug where rootless Podman could fail to run if the
    pause process had died
  - Fixed a bug where Podman ignored labels that were specified
    with only a key and no value (#3854)
  - Fixed a bug where Podman would fail to create named volumes
    when the backing filesystem did not support SELinux labelling
    (#5200)
  - Fixed a bug where --detach-keys="" would not disable
    detaching from a container (#5166)
  - Fixed a bug where the podman ps command was too aggressive
    when filtering containers and would force --all on in too
    many situations
  - Fixed a bug where the podman play kube command was ignoring
    image configuration, including volumes, working directory,
    labels, and stop signal (#5174)
  - Fixed a bug where the Created and CreatedTime fields in
    podman images --format=json were misnamed, which also broke
    Go template output for those fields
    ([#5110](https://github.com/containers/libpod/issues/5110))
  - Fixed a bug where rootless Podman containers with ports
    forwarded could hang when started (#5182)
  - Fixed a bug where podman pull could fail to parse registry
    names including port numbers
  - Fixed a bug where Podman would incorrectly attempt to
    validate image OS and architecture when starting containers
  - Fixed a bug where Bash completion for podman build -f would
    not list available files that could be built (#3878)
  - Fixed a bug where podman commit --change would perform
    incorrect validation, resulting in valid changes being
    rejected (#5148)
  - Fixed a bug where podman logs --tail could take large amounts
    of memory when the log file for a container was large (#5131)
  - Fixed a bug where Podman would sometimes incorrectly generate
    firewall rules on systems using firewalld
  - Fixed a bug where the podman inspect command would not
    display network information for containers properly if a
    container joined multiple CNI networks
    ([#4907](https://github.com/containers/libpod/issues/4907))
  - Fixed a bug where the --uts flag to podman create and podman
    run would only allow specifying containers by full ID (#5289)
  - Fixed a bug where rootless Podman could segfault when passed
    a large number of file descriptors
  - Fixed a bug where the podman port command was incorrectly
    interpreting additional arguments as container names, instead
    of port numbers
  - Fixed a bug where units created by podman generate systemd
    did not depend on network targets, and so could start before
    the system network was ready (#4130)
  - Fixed a bug where exec sessions in containers which did not
    specify a user would not inherit supplemental groups added to
    the container via --group-add
  - Fixed a bug where Podman would not respect the $TMPDIR
    environment variable for placing large temporary files during
    some operations (e.g. podman pull)
    ([#5411](https://github.com/containers/libpod/issues/5411))
  * HTTP API
  - Initial support for secure connections to servers via SSH
    tunneling has been added
  - Initial support for the libpod create and logs endpoints for
    containers has been added
  - Added a /swagger/ endpoint to serve API documentation
  - The json endpoint for containers has received many fixes
  - Filtering images and containers has been greatly improved,
    with many bugs fixed and documentation improved
  - Image creation endpoints (commit, pull, etc) have seen many
    fixes
  - Server timeout has been fixed so that long operations will no
    longer trigger the timeout and shut the server down
  - The stats endpoint for containers has seen major fixes and
    now provides accurate output
  - Handling the HTTP 304 status code has been fixed for all
    endpoints
  - Many fixes have been made to API documentation to ensure it
    matches the code
  * Misc
  - Updated vendored Buildah to v1.14.2
  - Updated vendored containers/storage to v1.16.2
  - The Created field to podman images --format=json has been
    renamed to CreatedSince as part of the fix for (#5110). Go
    templates using the old name shou ld still work
  - The CreatedTime field to podman images --format=json has been
    renamed to CreatedAt as part of the fix for (#5110). Go
    templates using the old name should still work
  - The before filter to podman images has been renamed to since
    for Docker compatibility. Using before will still work, but
    documentation has been changed to use the new since filter
  - Using the --password flag to podman login now warns that
    passwords are being passed in plaintext
  - Some common cases where Podman would deadlock have been fixed
    to warn the user that podman system renumber must be run to
    resolve the deadlock

==== supportutils ====
Version update (3.1.8 -> 3.1.9)

- Addition to version 3.1.9
  + Changes affecting getappcore
  - Added core file validation (bsc#1166126)
  - Added -j <PID> to extract core from systemd journal
  - Capture coredumptctl info in getappcore.log
  + Changed filename prefixes from nts_ to scc_ (SLE-8702, SLE-6762)
  - The new prefix references SUSE Customer Center

==== transactional-update ====
Subpackages: transactional-update-zypp-config

- Add dependencies to btrfsprogs, zypper and snapper - most of the
  functionality is not usable if those applications are not
  installed. [boo#1166502]

==== webkit2gtk3 ====
Version update (2.26.4 -> 2.28.0)
Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 webkit2gtk-4_0-injected-bundles

- Update to version 2.28.0:
  + Add API to enable Process Swap on (Cross-site) Navigation.
  + Add user messages API for the communication with the web
    extension.
  + Add support for same-site cookies.
  + Service workers are enabled by default.
  + Add support for Pointer Lock API.
  + Add flatpak sandbox support.
  + Make ondemand hardware acceleration policy never leave
    accelerated compositing mode.
  + Always use a light theme for rendering form controls.
  + Add about:gpu to show information about the graphics stack.
- Drop webkit2gtk3-ppc-build-fix.patch: Fixed upstream.
- Disable webkit-process.patch: Needs rebase, and furthermore it
  should not be applied for Leap 15.2 as it is today.
- Update to version 2.27.91:
  + Update user agent quirks to fix the unsupported browser message
    in several google services.
  + Fix several compile warnings with GCC 10.
  + Fix the build with GCC 10.
  + Fix several crashes and rendering issues.
  + Updated translations.

==== wpebackend-fdo ====
Version update (1.4.1 -> 1.4.2)

- Update to version 1.4.2:
  + Fix build failures with EGL implementations which do not
    provide an EGL/eglmesaext.h header.

==== xfsprogs ====
Version update (5.4.0 -> 5.5.0)

- update to v5.5.0:
  * xfsprogs: actually check that writes succeeded
  * mkfs.xfs: check root inode location
  * mkfs.xfs: efficient block zeroing
  * xfs_repair: fix broken unit conv. in dir invalidation
  * xfs_repair: fix bad next_unlinked field
  * xfs_repair: don't corrupt attr fork clearing forw/back
  * xfs_repair: check root dir pointer before trashing it
  * xfs_repair: try to fix sb_unit value from secondaries
  * libxfs changes merged from kernel 5.5


-- 
To unsubscribe, e-mail: opensuse-kubic+unsubscribe@opensuse.org
To contact the owner, e-mail: opensuse-kubic+owner@opensuse.org

[opensuse-kubic] New MicroOS snapshot 20200318 released!

Richard Brown