[opensuse-kubic] New ARM MicroOS snapshot 20201021 released!

Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=microos&groupid=3&version=Tumbleweed&build=20201021 https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&component=MicroOS&query_format=advanced&resolution=--- Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: apparmor (2.13.4 -> 2.13.5) cloud-init container-selinux (2.143.0 -> 2.145.0) kernel-source (5.8.14 -> 5.8.15) libapparmor (2.13.4 -> 2.13.5) mdadm patterns-kde systemsettings5 (5.20.0 -> 5.20.0.1) === Details === ==== apparmor ==== Version update (2.13.4 -> 2.13.5) Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils perl-apparmor python3-apparmor - update to AppArmor 2.13.5 - add missing permissions to several profiles and abstractions - bugfixes in parser and tools - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_2.13.5 for the detailed upstream changelog - remove upstream(ed) patches - changes-since-2.13.4.diff - abstractions-X-xauth-mr582.diff - sevdb-caps-mr589.diff - libvirt-leaseshelper.patch - cap_checkpoint_restore.diff - add libapparmor-so-number.diff to fix libapparmor so version (!658) ==== cloud-init ==== - Update cloud-init-write-routes.patch (bsc#1177526) + Avoid exception if no gateway information is present and warning is triggered for existing routing. ==== container-selinux ==== Version update (2.143.0 -> 2.145.0) - Update to version 2.145.0 - Add support for kubernetes_file_t - Allow container_t to open existing tun/tap ==== kernel-source ==== Version update (5.8.14 -> 5.8.15) - x86/unwind/orc: Fix inactive tasks with stack pointer in %sp on GCC 10 compiled kernels (bsc#1176907). - commit c680e93 - Bluetooth: L2CAP: Fix calling sk_filter on non-socket based channel (bsc#1177724 CVE-2020-12351). - commit 8f9e7d2 - Bluetooth: A2MP: Fix not initializing all members (CVE-2020-12352 bsc#1177725). - commit c64c556 - Update config files: CONFIG_PINCTRL_AMD=y for fixing dependency (bsc#1177049) - commit f9a8fb6 - platform/x86: intel-vbtn: Revert "Fix SW_TABLET_MODE always reporting 1 on the HP Pavilion 11 x360" (git-fixes). - net_sched: check error pointer in tcf_dump_walker() (git-fixes). - net_sched: remove a redundant goto chain check (git-fixes). - net: qrtr: ns: Fix the incorrect usage of rcu_read_lock() (git-fixes). - commit db08e19 - platform/x86: intel-vbtn: Switch to an allow-list for SW_TABLET_MODE reporting (bsc#1012628 bsc#1175599) - commit 4144623 - Linux 5.8.15 (bsc#1012628). - net_sched: commit action insertions together (bsc#1012628). - net_sched: defer tcf_idr_insert() in tcf_action_init_1() (bsc#1012628). - net: qrtr: ns: Protect radix_tree_deref_slot() using rcu read locks (bsc#1012628). - net: usb: rtl8150: set random MAC address when set_ethernet_addr() fails (bsc#1012628). - Input: ati_remote2 - add missing newlines when printing module parameters (bsc#1012628). - tty/vt: Do not warn when huge selection requested (bsc#1012628). - net/mlx5e: Fix driver's declaration to support GRE offload (bsc#1012628). - net/tls: race causes kernel panic (bsc#1012628). - net: bridge: fdb: don't flush ext_learn entries (bsc#1012628). - net/core: check length before updating Ethertype in skb_mpls_{push,pop} (bsc#1012628). - netlink: fix policy dump leak (bsc#1012628). - tcp: fix receive window update in tcp_add_backlog() (bsc#1012628). - mm: khugepaged: recalculate min_free_kbytes after memory hotplug as expected by khugepaged (bsc#1012628). - mm: validate inode in mapping_set_error() (bsc#1012628). - mmc: core: don't set limits.discard_granularity as 0 (bsc#1012628). - perf: Fix task_function_call() error handling (bsc#1012628). - afs: Fix deadlock between writeback and truncate (bsc#1012628). - net: mscc: ocelot: divide watermark value by 60 when writing to SYS_ATOP (bsc#1012628). - net: mscc: ocelot: extend watermark encoding function (bsc#1012628). - net: mscc: ocelot: split writes to pause frame enable bit and to thresholds (bsc#1012628). - net: mscc: ocelot: rename ocelot_board.c to ocelot_vsc7514.c (bsc#1012628). - rxrpc: Fix server keyring leak (bsc#1012628). - rxrpc: The server keyring isn't network-namespaced (bsc#1012628). - rxrpc: Fix some missing _bh annotations on locking conn->state_lock (bsc#1012628). - rxrpc: Downgrade the BUG() for unsupported token type in rxrpc_read() (bsc#1012628). - rxrpc: Fix rxkad token xdr encoding (bsc#1012628). - net: mvneta: fix double free of txq->buf (bsc#1012628). - vhost-vdpa: fix page pinning leakage in error path (bsc#1012628). - vhost-vdpa: fix vhost_vdpa_map() on error condition (bsc#1012628). - net: hinic: fix DEVLINK build errors (bsc#1012628). - net: stmmac: Modify configuration method of EEE timers (bsc#1012628). - net/mlx5e: Fix race condition on nhe->n pointer in neigh update (bsc#1012628). - net/mlx5e: Fix VLAN create flow (bsc#1012628). - net/mlx5e: Fix VLAN cleanup flow (bsc#1012628). - net/mlx5e: Fix return status when setting unsupported FEC mode (bsc#1012628). - net/mlx5e: Add resiliency in Striding RQ mode for packets larger than MTU (bsc#1012628). - net/mlx5: Fix request_irqs error flow (bsc#1012628). - net/mlx5: Add retry mechanism to the command entry index allocation (bsc#1012628). - net/mlx5: poll cmd EQ in case of command timeout (bsc#1012628). - net/mlx5: Avoid possible free of command entry while timeout comp handler (bsc#1012628). - net/mlx5: Fix a race when moving command interface to polling mode (bsc#1012628). - pipe: Fix memory leaks in create_pipe_files() (bsc#1012628). - octeontx2-pf: Fix synchnorization issue in mbox (bsc#1012628). - octeontx2-pf: Fix the device state on error (bsc#1012628). - octeontx2-pf: Fix TCP/UDP checksum offload for IPv6 frames (bsc#1012628). - octeontx2-af: Fix enable/disable of default NPC entries (bsc#1012628). - net: phy: realtek: fix rtl8211e rx/tx delay config (bsc#1012628). - virtio-net: don't disable guest csum when disable LRO (bsc#1012628). - net: usb: ax88179_178a: fix missing stop entry in driver_info (bsc#1012628). - r8169: fix RTL8168f/RTL8411 EPHY config (bsc#1012628). - mlxsw: spectrum_acl: Fix mlxsw_sp_acl_tcam_group_add()'s error path (bsc#1012628). - mdio: fix mdio-thunder.c dependency & build error (bsc#1012628). - bonding: set dev->needed_headroom in bond_setup_by_slave() (bsc#1012628). - net: ethernet: cavium: octeon_mgmt: use phy_start and phy_stop (bsc#1012628). - net: stmmac: Fix clock handling on remove path (bsc#1012628). - vmxnet3: fix cksum offload issues for non-udp tunnels (bsc#1012628). - ice: fix memory leak in ice_vsi_setup (bsc#1012628). - ice: fix memory leak if register_netdev_fails (bsc#1012628). - iavf: Fix incorrect adapter get in iavf_resume (bsc#1012628). - iavf: use generic power management (bsc#1012628). - xfrm: Use correct address family in xfrm_state_find (bsc#1012628). - net: dsa: felix: convert TAS link speed based on phylink speed (bsc#1012628). - hinic: fix wrong return value of mac-set cmd (bsc#1012628). - hinic: add log in exception handling processes (bsc#1012628). - platform/x86: fix kconfig dependency warning for FUJITSU_LAPTOP (bsc#1012628). - platform/x86: fix kconfig dependency warning for LG_LAPTOP (bsc#1012628). - net: stmmac: removed enabling eee in EEE set callback (bsc#1012628). - xsk: Do not discard packet when NETDEV_TX_BUSY (bsc#1012628). - xfrm: clone whole liftime_cur structure in xfrm_do_migrate (bsc#1012628). - xfrm: clone XFRMA_SEC_CTX in xfrm_do_migrate (bsc#1012628). - xfrm: clone XFRMA_REPLAY_ESN_VAL in xfrm_do_migrate (bsc#1012628). - xfrm: clone XFRMA_SET_MARK in xfrm_do_migrate (bsc#1012628). - iommu/vt-d: Fix lockdep splat in iommu_flush_dev_iotlb() (bsc#1012628). - btrfs: move btrfs_rm_dev_replace_free_srcdev outside of all locks (bsc#1012628). - drm/amd/display: fix return value check for hdcp_work (bsc#1012628). - drm/amd/pm: Removed fixed clock in auto mode DPM (bsc#1012628). - io_uring: fix potential ABBA deadlock in ->show_fdinfo() (bsc#1012628). - btrfs: move btrfs_scratch_superblocks into btrfs_dev_replace_finishing (bsc#1012628). - drm/amdgpu: prevent double kfree ttm->sg (bsc#1012628). - openvswitch: handle DNAT tuple collision (bsc#1012628). - net: team: fix memory leak in __team_options_register (bsc#1012628). - team: set dev->needed_headroom in team_setup_by_port() (bsc#1012628). - sctp: fix sctp_auth_init_hmacs() error path (bsc#1012628). - i2c: owl: Clear NACK and BUS error bits (bsc#1012628). - i2c: meson: fixup rate calculation with filter delay (bsc#1012628). - i2c: meson: keep peripheral clock enabled (bsc#1012628). - i2c: meson: fix clock setting overwrite (bsc#1012628). - cifs: Fix incomplete memory allocation on setxattr path (bsc#1012628). - espintcp: restore IP CB before handing the packet to xfrm (bsc#1012628). - xfrmi: drop ignore_df check before updating pmtu (bsc#1012628). - nvme-tcp: check page by sendpage_ok() before calling kernel_sendpage() (bsc#1012628). - tcp: use sendpage_ok() to detect misused .sendpage (bsc#1012628). - net: introduce helper sendpage_ok() in include/linux/net.h (bsc#1012628). - mm/khugepaged: fix filemap page_to_pgoff(page) != offset (bsc#1012628). - gpiolib: Disable compat ->read() code in UML case (bsc#1012628). - RISC-V: Make sure memblock reserves the memory containing DT (bsc#1012628). - macsec: avoid use-after-free in macsec_handle_frame() (bsc#1012628). - nvme-core: put ctrl ref when module ref get fail (bsc#1012628). - platform/x86: thinkpad_acpi: re-initialize ACPI buffer size when reuse (bsc#1012628). - r8169: consider that PHY reset may still be in progress after applying firmware (bsc#1012628). - bpf: Prevent .BTF section elimination (bsc#1012628). - bpf: Fix sysfs export of empty BTF section (bsc#1012628). - platform/x86: asus-wmi: Fix SW_TABLET_MODE always reporting 1 on many different models (bsc#1012628). - platform/x86: thinkpad_acpi: initialize tp_nvram_state variable (bsc#1012628). - platform/x86: intel-vbtn: Fix SW_TABLET_MODE always reporting 1 on the HP Pavilion 11 x360 (bsc#1012628). - Platform: OLPC: Fix memleak in olpc_ec_probe (bsc#1012628). - splice: teach splice pipe reading about empty pipe buffers (bsc#1012628). - usermodehelper: reset umask to default before executing user process (bsc#1012628). - vhost: Use vhost_get_used_size() in vhost_vring_set_addr() (bsc#1012628). - vhost: Don't call access_ok() when using IOTLB (bsc#1012628). - block/scsi-ioctl: Fix kernel-infoleak in scsi_put_cdrom_generic_arg() (bsc#1012628). - partitions/ibm: fix non-DASD devices (bsc#1012628). - drm/nouveau/mem: guard against NULL pointer access in mem_del (bsc#1012628). - drm/nouveau/device: return error for unknown chipsets (bsc#1012628). - net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key() (bsc#1012628). - exfat: fix use of uninitialized spinlock on error path (bsc#1012628). - crypto: arm64: Use x16 with indirect branch to bti_c (bsc#1012628). - bpf: Fix scalar32_min_max_or bounds tracking (bsc#1012628). - Revert "ravb: Fixed to be able to unload modules" (bsc#1012628). - fbcon: Fix global-out-of-bounds read in fbcon_get_font() (bsc#1012628). - Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts (bsc#1012628). - fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h (bsc#1012628). - commit 1dc82dd ==== libapparmor ==== Version update (2.13.4 -> 2.13.5) - update to AppArmor 2.13.5 - fix two potential build failures - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_2.13.5 for the detailed upstream changelog - add libapparmor-so-number.diff to fix libapparmor so version (!658) ==== mdadm ==== - Update to latest mdadm which is requested by jsc#SLE-13700 from partners. Mostly the purpose is for latest Intel IMSM raid support, while some other fixes are important too. - imsm: Correct minimal device size (jsc#SLE-13700) 0073-imsm-Correct-minimal-device-size.patch - Detail: show correct bitmap info for cluster raid device (jsc#SLE-13700) 0074-Detail-show-correct-bitmap-info-for-cluster-raid-dev.patch - imsm: support the Array Creation Time field in metadata (jsc#SLE-13700) 0075-imsm-support-the-Array-Creation-Time-field-in-metada.patch - imsm: show Subarray and Volume ID in --examine output (jsc#SLE-13700) 0076-imsm-show-Subarray-and-Volume-ID-in-examine-output.patch - udev: Ignore change event for imsm (jsc#SLE-13700) 0077-udev-Ignore-change-event-for-imsm.patch - Manage, imsm: Write metadata before add (jsc#SLE-13700) 0078-Manage-imsm-Write-metadata-before-add.patch - Assemble: print error message if mdadm fails assembling with --uuid option (jsc#SLE-13700) 0079-Assemble-print-error-message-if-mdadm-fails-assembli.patch - clean up meaning of small typo (jsc#SLE-13700) 0080-clean-up-meaning-of-small-typo.patch - Assemble.c: respect force flag (jsc#SLE-13700) 0081-Assemble.c-respect-force-flag.patch - mdcheck: Log when done (jsc#SLE-13700) 0082-mdcheck-Log-when-done.patch - Makefile: add EXTRAVERSION support (jsc#SLE-13700) 0083-Makefile-add-EXTRAVERSION-support.patch - uuid.c: split uuid stuffs from util.c (jsc#SLE-13700) 0084-uuid.c-split-uuid-stuffs-from-util.c.patch - Include count for \0 character when using strncpy to implement strdup. (jsc#SLE-13700) 0085-Include-count-for-0-character-when-using-strncpy-to-.patch - restripe: fix ignoring return value of read and lseek (jsc#SLE-13700) 0086-restripe-fix-ignoring-return-value-of-read-and-lseek.patch - Block overwriting existing links while manual assembly (jsc#SLE-13700) 0087-Block-overwriting-existing-links-while-manual-assemb.patch - Detect too-small device: error rather than underflow/crash (jsc#SLE-13700) 0088-Detect-too-small-device-error-rather-than-underflow-.patch - Use more secure HTTPS URLs (jsc#SLE-13700) 0089-Use-more-secure-HTTPS-URLs.patch - Update link to Intel page for IMSM (jsc#SLE-13700) 0090-Update-link-to-Intel-page-for-IMSM.patch - mdadm/Grow: prevent md's fd from being occupied during delayed time (jsc#SLE-13700) 0091-mdadm-Grow-prevent-md-s-fd-from-being-occupied-durin.patch - Specify nodes number when updating cluster nodes (jsc#SLE-13700) 0092-Specify-nodes-number-when-updating-cluster-nodes.patch - mdadm/md.4: update path to in-kernel-tree documentation (jsc#SLE-13700) 0093-mdadm-md.4-update-path-to-in-kernel-tree-documentati.patch - manual: update --examine-badblocks (jsc#SLE-13700) 0094-manual-update-examine-badblocks.patch - mdadm: treat the Dell softraid array as local array (bsc#1175004) 1003-mdadm-treat-the-Dell-softraid-array-as-local-array.patch ==== patterns-kde ==== - Remove kdeconnect-kde recommends, as asked by the security team (boo#1177628) ==== systemsettings5 ==== Version update (5.20.0 -> 5.20.0.1) - Update to 5.20.0.1 * Fix users KCM string in default set of KCMs to show on home screen -- To unsubscribe, e-mail: opensuse-kubic+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kubic+owner@opensuse.org