Mailinglist Archive: opensuse-kubic (54 mails)

< Previous Next >
[opensuse-kubic] New MicroOS snapshot 20201021 released!
  • From: Richard Brown <rbrown@xxxxxxx>
  • Date: Thu, 22 Oct 2020 12:04:40 +0000
  • Message-id: <160336828025.23878.7765741530408867947@go-agent-stagingbot-1>

Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.

Please check the known defects of this snapshot before upgrading:

Please do not reply to this email to report issues, rather file a bug on
For more information on filing bugs please see
Packages changed:
apparmor (2.13.4 -> 2.13.5)
container-selinux (2.143.0 -> 2.145.0)
kernel-source (5.8.14 -> 5.8.15)
libapparmor (2.13.4 -> 2.13.5)
systemsettings5 (5.20.0 ->

=== Details ===

==== apparmor ====
Version update (2.13.4 -> 2.13.5)
Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles
apparmor-utils perl-apparmor python3-apparmor

- update to AppArmor 2.13.5
- add missing permissions to several profiles and abstractions
- bugfixes in parser and tools
- see
for the detailed upstream changelog
- remove upstream(ed) patches
- changes-since-2.13.4.diff
- abstractions-X-xauth-mr582.diff
- sevdb-caps-mr589.diff
- libvirt-leaseshelper.patch
- cap_checkpoint_restore.diff
- add libapparmor-so-number.diff to fix libapparmor so version (!658)

==== cloud-init ====

- Update cloud-init-write-routes.patch (bsc#1177526)
+ Avoid exception if no gateway information is present and warning
is triggered for existing routing.

==== container-selinux ====
Version update (2.143.0 -> 2.145.0)

- Update to version 2.145.0
- Add support for kubernetes_file_t
- Allow container_t to open existing tun/tap

==== kernel-source ====
Version update (5.8.14 -> 5.8.15)

- x86/unwind/orc: Fix inactive tasks with stack pointer in %sp
on GCC 10 compiled kernels (bsc#1176907).
- commit c680e93
- Bluetooth: L2CAP: Fix calling sk_filter on non-socket based
channel (bsc#1177724 CVE-2020-12351).
- commit 8f9e7d2
- Bluetooth: A2MP: Fix not initializing all members
(CVE-2020-12352 bsc#1177725).
- commit c64c556
- Update config files: CONFIG_PINCTRL_AMD=y for fixing dependency (bsc#1177049)
- commit f9a8fb6
- platform/x86: intel-vbtn: Revert "Fix SW_TABLET_MODE always
reporting 1 on the HP Pavilion 11 x360" (git-fixes).
- net_sched: check error pointer in tcf_dump_walker() (git-fixes).
- net_sched: remove a redundant goto chain check (git-fixes).
- net: qrtr: ns: Fix the incorrect usage of rcu_read_lock()
- commit db08e19
- platform/x86: intel-vbtn: Switch to an allow-list for
SW_TABLET_MODE reporting (bsc#1012628 bsc#1175599)
- commit 4144623
- Linux 5.8.15 (bsc#1012628).
- net_sched: commit action insertions together (bsc#1012628).
- net_sched: defer tcf_idr_insert() in tcf_action_init_1()
- net: qrtr: ns: Protect radix_tree_deref_slot() using rcu read
locks (bsc#1012628).
- net: usb: rtl8150: set random MAC address when
set_ethernet_addr() fails (bsc#1012628).
- Input: ati_remote2 - add missing newlines when printing module
parameters (bsc#1012628).
- tty/vt: Do not warn when huge selection requested (bsc#1012628).
- net/mlx5e: Fix driver's declaration to support GRE offload
- net/tls: race causes kernel panic (bsc#1012628).
- net: bridge: fdb: don't flush ext_learn entries (bsc#1012628).
- net/core: check length before updating Ethertype in
skb_mpls_{push,pop} (bsc#1012628).
- netlink: fix policy dump leak (bsc#1012628).
- tcp: fix receive window update in tcp_add_backlog()
- mm: khugepaged: recalculate min_free_kbytes after memory
hotplug as expected by khugepaged (bsc#1012628).
- mm: validate inode in mapping_set_error() (bsc#1012628).
- mmc: core: don't set limits.discard_granularity as 0
- perf: Fix task_function_call() error handling (bsc#1012628).
- afs: Fix deadlock between writeback and truncate (bsc#1012628).
- net: mscc: ocelot: divide watermark value by 60 when writing
to SYS_ATOP (bsc#1012628).
- net: mscc: ocelot: extend watermark encoding function
- net: mscc: ocelot: split writes to pause frame enable bit and
to thresholds (bsc#1012628).
- net: mscc: ocelot: rename ocelot_board.c to ocelot_vsc7514.c
- rxrpc: Fix server keyring leak (bsc#1012628).
- rxrpc: The server keyring isn't network-namespaced
- rxrpc: Fix some missing _bh annotations on locking
conn->state_lock (bsc#1012628).
- rxrpc: Downgrade the BUG() for unsupported token type in
rxrpc_read() (bsc#1012628).
- rxrpc: Fix rxkad token xdr encoding (bsc#1012628).
- net: mvneta: fix double free of txq->buf (bsc#1012628).
- vhost-vdpa: fix page pinning leakage in error path
- vhost-vdpa: fix vhost_vdpa_map() on error condition
- net: hinic: fix DEVLINK build errors (bsc#1012628).
- net: stmmac: Modify configuration method of EEE timers
- net/mlx5e: Fix race condition on nhe->n pointer in neigh update
- net/mlx5e: Fix VLAN create flow (bsc#1012628).
- net/mlx5e: Fix VLAN cleanup flow (bsc#1012628).
- net/mlx5e: Fix return status when setting unsupported FEC mode
- net/mlx5e: Add resiliency in Striding RQ mode for packets
larger than MTU (bsc#1012628).
- net/mlx5: Fix request_irqs error flow (bsc#1012628).
- net/mlx5: Add retry mechanism to the command entry index
allocation (bsc#1012628).
- net/mlx5: poll cmd EQ in case of command timeout (bsc#1012628).
- net/mlx5: Avoid possible free of command entry while timeout
comp handler (bsc#1012628).
- net/mlx5: Fix a race when moving command interface to polling
mode (bsc#1012628).
- pipe: Fix memory leaks in create_pipe_files() (bsc#1012628).
- octeontx2-pf: Fix synchnorization issue in mbox (bsc#1012628).
- octeontx2-pf: Fix the device state on error (bsc#1012628).
- octeontx2-pf: Fix TCP/UDP checksum offload for IPv6 frames
- octeontx2-af: Fix enable/disable of default NPC entries
- net: phy: realtek: fix rtl8211e rx/tx delay config
- virtio-net: don't disable guest csum when disable LRO
- net: usb: ax88179_178a: fix missing stop entry in driver_info
- r8169: fix RTL8168f/RTL8411 EPHY config (bsc#1012628).
- mlxsw: spectrum_acl: Fix mlxsw_sp_acl_tcam_group_add()'s error
path (bsc#1012628).
- mdio: fix mdio-thunder.c dependency & build error (bsc#1012628).
- bonding: set dev->needed_headroom in bond_setup_by_slave()
- net: ethernet: cavium: octeon_mgmt: use phy_start and phy_stop
- net: stmmac: Fix clock handling on remove path (bsc#1012628).
- vmxnet3: fix cksum offload issues for non-udp tunnels
- ice: fix memory leak in ice_vsi_setup (bsc#1012628).
- ice: fix memory leak if register_netdev_fails (bsc#1012628).
- iavf: Fix incorrect adapter get in iavf_resume (bsc#1012628).
- iavf: use generic power management (bsc#1012628).
- xfrm: Use correct address family in xfrm_state_find
- net: dsa: felix: convert TAS link speed based on phylink speed
- hinic: fix wrong return value of mac-set cmd (bsc#1012628).
- hinic: add log in exception handling processes (bsc#1012628).
- platform/x86: fix kconfig dependency warning for FUJITSU_LAPTOP
- platform/x86: fix kconfig dependency warning for LG_LAPTOP
- net: stmmac: removed enabling eee in EEE set callback
- xsk: Do not discard packet when NETDEV_TX_BUSY (bsc#1012628).
- xfrm: clone whole liftime_cur structure in xfrm_do_migrate
- xfrm: clone XFRMA_SEC_CTX in xfrm_do_migrate (bsc#1012628).
- xfrm: clone XFRMA_REPLAY_ESN_VAL in xfrm_do_migrate
- xfrm: clone XFRMA_SET_MARK in xfrm_do_migrate (bsc#1012628).
- iommu/vt-d: Fix lockdep splat in iommu_flush_dev_iotlb()
- btrfs: move btrfs_rm_dev_replace_free_srcdev outside of all
locks (bsc#1012628).
- drm/amd/display: fix return value check for hdcp_work
- drm/amd/pm: Removed fixed clock in auto mode DPM (bsc#1012628).
- io_uring: fix potential ABBA deadlock in ->show_fdinfo()
- btrfs: move btrfs_scratch_superblocks into
btrfs_dev_replace_finishing (bsc#1012628).
- drm/amdgpu: prevent double kfree ttm->sg (bsc#1012628).
- openvswitch: handle DNAT tuple collision (bsc#1012628).
- net: team: fix memory leak in __team_options_register
- team: set dev->needed_headroom in team_setup_by_port()
- sctp: fix sctp_auth_init_hmacs() error path (bsc#1012628).
- i2c: owl: Clear NACK and BUS error bits (bsc#1012628).
- i2c: meson: fixup rate calculation with filter delay
- i2c: meson: keep peripheral clock enabled (bsc#1012628).
- i2c: meson: fix clock setting overwrite (bsc#1012628).
- cifs: Fix incomplete memory allocation on setxattr path
- espintcp: restore IP CB before handing the packet to xfrm
- xfrmi: drop ignore_df check before updating pmtu (bsc#1012628).
- nvme-tcp: check page by sendpage_ok() before calling
kernel_sendpage() (bsc#1012628).
- tcp: use sendpage_ok() to detect misused .sendpage
- net: introduce helper sendpage_ok() in include/linux/net.h
- mm/khugepaged: fix filemap page_to_pgoff(page) != offset
- gpiolib: Disable compat ->read() code in UML case (bsc#1012628).
- RISC-V: Make sure memblock reserves the memory containing DT
- macsec: avoid use-after-free in macsec_handle_frame()
- nvme-core: put ctrl ref when module ref get fail (bsc#1012628).
- platform/x86: thinkpad_acpi: re-initialize ACPI buffer size
when reuse (bsc#1012628).
- r8169: consider that PHY reset may still be in progress after
applying firmware (bsc#1012628).
- bpf: Prevent .BTF section elimination (bsc#1012628).
- bpf: Fix sysfs export of empty BTF section (bsc#1012628).
- platform/x86: asus-wmi: Fix SW_TABLET_MODE always reporting
1 on many different models (bsc#1012628).
- platform/x86: thinkpad_acpi: initialize tp_nvram_state variable
- platform/x86: intel-vbtn: Fix SW_TABLET_MODE always reporting
1 on the HP Pavilion 11 x360 (bsc#1012628).
- Platform: OLPC: Fix memleak in olpc_ec_probe (bsc#1012628).
- splice: teach splice pipe reading about empty pipe buffers
- usermodehelper: reset umask to default before executing user
process (bsc#1012628).
- vhost: Use vhost_get_used_size() in vhost_vring_set_addr()
- vhost: Don't call access_ok() when using IOTLB (bsc#1012628).
- block/scsi-ioctl: Fix kernel-infoleak in
scsi_put_cdrom_generic_arg() (bsc#1012628).
- partitions/ibm: fix non-DASD devices (bsc#1012628).
- drm/nouveau/mem: guard against NULL pointer access in mem_del
- drm/nouveau/device: return error for unknown chipsets
- net: wireless: nl80211: fix out-of-bounds access in
nl80211_del_key() (bsc#1012628).
- exfat: fix use of uninitialized spinlock on error path
- crypto: arm64: Use x16 with indirect branch to bti_c
- bpf: Fix scalar32_min_max_or bounds tracking (bsc#1012628).
- Revert "ravb: Fixed to be able to unload modules" (bsc#1012628).
- fbcon: Fix global-out-of-bounds read in fbcon_get_font()
- Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts
- fbdev, newport_con: Move FONT_EXTRA_WORDS macros into
linux/font.h (bsc#1012628).
- commit 1dc82dd

==== libapparmor ====
Version update (2.13.4 -> 2.13.5)

- update to AppArmor 2.13.5
- fix two potential build failures
- see
for the detailed upstream changelog
- add libapparmor-so-number.diff to fix libapparmor so version (!658)

==== mdadm ====

- Update to latest mdadm which is requested by jsc#SLE-13700 from
partners. Mostly the purpose is for latest Intel IMSM raid
support, while some other fixes are important too.
- imsm: Correct minimal device size (jsc#SLE-13700)
- Detail: show correct bitmap info for cluster raid device
- imsm: support the Array Creation Time field in metadata
- imsm: show Subarray and Volume ID in --examine output
- udev: Ignore change event for imsm (jsc#SLE-13700)
- Manage, imsm: Write metadata before add (jsc#SLE-13700)
- Assemble: print error message if mdadm fails assembling
with --uuid option (jsc#SLE-13700)
- clean up meaning of small typo (jsc#SLE-13700)
- Assemble.c: respect force flag (jsc#SLE-13700)
- mdcheck: Log when done (jsc#SLE-13700)
- Makefile: add EXTRAVERSION support (jsc#SLE-13700)
- uuid.c: split uuid stuffs from util.c (jsc#SLE-13700)
- Include count for \0 character when using strncpy to
implement strdup. (jsc#SLE-13700)
- restripe: fix ignoring return value of read and lseek
- Block overwriting existing links while manual assembly
- Detect too-small device: error rather than underflow/crash
- Use more secure HTTPS URLs (jsc#SLE-13700)
- Update link to Intel page for IMSM (jsc#SLE-13700)
- mdadm/Grow: prevent md's fd from being occupied during delayed time
- Specify nodes number when updating cluster nodes (jsc#SLE-13700)
- mdadm/md.4: update path to in-kernel-tree documentation
- manual: update --examine-badblocks (jsc#SLE-13700)
- mdadm: treat the Dell softraid array as local array (bsc#1175004)

==== patterns-kde ====

- Remove kdeconnect-kde recommends, as asked by the security team

==== systemsettings5 ====
Version update (5.20.0 ->

- Update to
* Fix users KCM string in default set of KCMs to show on home screen

To unsubscribe, e-mail: opensuse-kubic+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-kubic+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages